github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Merge pull request #6372 from fidencio/wip/seutil-fix-container_kvm_t-type-detection

Browse Source 
seutil: Fix setting the "container_kvm_t" label
This commit is contained in:
Derek McGowan
2021-12-15 10:35:04 -08:00
committed by GitHub
parent 3c3486f91b f1c7993311
commit 2c9d80aba5
2 changed files with 1 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
pkg/cri/server/helpers_linux.go
View File

@@ -269,17 +269,10 @@ func modifyProcessLabel(runtimeType string, spec *specs.Spec) error {
if !isVMBasedRuntime(runtimeType) {
return nil
}
l, err := getKVMLabel(spec.Process.SelinuxLabel)
l, err := seutil.ChangeToKVM(spec.Process.SelinuxLabel)
if err != nil {
return errors.Wrap(err, "failed to get selinux kvm label")
}
spec.Process.SelinuxLabel = l
return nil
}
func getKVMLabel(l string) (string, error) {
if !seutil.HasType("container_kvm_t") {
return "", nil
}
return seutil.ChangeToKVM(l)
}