diff --git a/daemonconfig/config.go b/daemonconfig/config.go index 6cb3659e18..1abb6f8b89 100644 --- a/daemonconfig/config.go +++ b/daemonconfig/config.go @@ -1,10 +1,9 @@ package daemonconfig import ( - "net" - "github.com/dotcloud/docker/engine" "github.com/dotcloud/docker/runtime/networkdriver" + "net" ) const ( diff --git a/pkg/selinux/selinux.go b/pkg/selinux/selinux.go index 6453f37ea9..5362308617 100644 --- a/pkg/selinux/selinux.go +++ b/pkg/selinux/selinux.go @@ -312,7 +312,7 @@ func GetLxcContexts() (processLabel string, fileLabel string) { if !SelinuxEnabled() { return "", "" } - lxcPath := fmt.Sprintf("%s/content/lxc_contexts", GetSELinuxPolicyRoot()) + lxcPath := fmt.Sprintf("%s/contexts/lxc_contexts", GetSELinuxPolicyRoot()) in, err := os.Open(lxcPath) if err != nil { return "", "" diff --git a/runtime/execdriver/lxc/lxc_template.go b/runtime/execdriver/lxc/lxc_template.go index bad3249b31..e3582e2369 100644 --- a/runtime/execdriver/lxc/lxc_template.go +++ b/runtime/execdriver/lxc/lxc_template.go @@ -34,6 +34,7 @@ lxc.console = none lxc.se_context = {{ .ProcessLabel}} {{$MOUNTLABEL := .MountLabel}} {{end}} +{{$MOUNTLABEL := getMountLabel .Context}} # no controlling tty at all lxc.tty = 1 @@ -94,8 +95,8 @@ lxc.mount.entry = sysfs {{escapeFstabSpaces $ROOTFS}}/sys sysfs nosuid,nodev,noe lxc.mount.entry = {{.Console}} {{escapeFstabSpaces $ROOTFS}}/dev/console none bind,rw 0 0 {{end}} -lxc.mount.entry = devpts {{escapeFstabSpaces $ROOTFS}}/dev/pts devpts {{formatMountLabel "newinstance,ptmxmode=0666,nosuid,noexec" "$MOUNTLABEL"}} 0 0 -lxc.mount.entry = shm {{escapeFstabSpaces $ROOTFS}}/dev/shm tmpfs {{formatMountLabel "size=65536k,nosuid,nodev,noexec" "$MOUNTLABEL"}} 0 0 +lxc.mount.entry = devpts {{escapeFstabSpaces $ROOTFS}}/dev/pts devpts {{formatMountLabel "newinstance,ptmxmode=0666,nosuid,noexec" $MOUNTLABEL}} 0 0 +lxc.mount.entry = shm {{escapeFstabSpaces $ROOTFS}}/dev/shm tmpfs {{formatMountLabel "size=65536k,nosuid,nodev,noexec" $MOUNTLABEL}} 0 0 {{range $value := .Mounts}} {{if $value.Writable}}