We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
moby
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Fix relabel for SELinux

With the changes merged into runc/libcontainer, are now causing
SELinux to attempt a relabel always, even if the user did not
request the relabel.

If the user does not specify Z or z on the volume mount we should
not attempt a relabel.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
Dan Walsh 9 years ago
parent
e509fe604c
commit
d9011b3617
1 changed files with 4 additions and 3 deletions
Split View Show Diff Stats
  1. 4 3
      daemon/volumes.go

+ 4 - 3
daemon/volumes.go
View File 

@@ -135,9 +135,10 @@ func (daemon *Daemon) registerMountPoints(container *Container, hostConfig *runc
 
 			bind.Driver = v.DriverName()
 
 			bind = setBindModeIfNull(bind)
 
 		}
 
-		shared := label.IsShared(bind.Mode)
 
-		if err := label.Relabel(bind.Source, container.MountLabel, shared); err != nil {
 
-			return err
 
+		if label.RelabelNeeded(bind.Mode) {
 
+			if err := label.Relabel(bind.Source, container.MountLabel, label.IsShared(bind.Mode)); err != nil {
 
+				return err
 
+			}
 
 		}
 
 		binds[bind.Destination] = true
 
 		mountPoints[bind.Destination] = bind

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5