github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Support selinux options/label

Browse Source 
Support selinux optios/label

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
This commit is contained in:
Yanqiang Miao
2017-08-23 21:33:43 +08:00
parent c311f10a77
commit 0c3304e006
14 changed files with 1294 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
pkg/server/helpers.go
View File

@@ -33,6 +33,8 @@ import (
"github.com/opencontainers/image-spec/identity"
imagespec "github.com/opencontainers/image-spec/specs-go/v1"
specs "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/selinux/go-selinux"
"github.com/opencontainers/selinux/go-selinux/label"
"golang.org/x/net/context"
"k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1/runtime"
@@ -374,3 +376,16 @@ func getImageInfo(ctx context.Context, image containerd.Image, provider content.
config: ociimage.Config,
}, nil
}
func initSelinuxOpts(selinuxOpt *runtime.SELinuxOption) (string, string, error) {
if selinuxOpt == nil {
return "", "", nil
}
labelOpts := fmt.Sprintf("%s:%s:%s:%s",
selinuxOpt.GetUser(),
selinuxOpt.GetRole(),
selinuxOpt.GetRole(),
selinuxOpt.GetType())
return label.InitLabels(selinux.DupSecOpt(labelOpts))
}