github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Use new SELinux APIs

Browse Source 
This moves most of the API calls off of the `labels` package onto the root
selinux package.  This is the newer API for most selinux operations.

Signed-off-by: Michael Crosby <michael@thepasture.io>
This commit is contained in:
Michael Crosby
2020-05-26 15:18:46 -04:00
parent 24209b91bf
commit 72edf3016d
4 changed files with 8 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/server/container_create_unix.go
View File

@@ -31,6 +31,7 @@ import (
"github.com/containerd/containerd/oci"
imagespec "github.com/opencontainers/image-spec/specs-go/v1"
runtimespec "github.com/opencontainers/runtime-spec/specs-go"
selinux "github.com/opencontainers/selinux/go-selinux"
"github.com/opencontainers/selinux/go-selinux/label"
"github.com/pkg/errors"
runtime "k8s.io/cri-api/pkg/apis/runtime/v1alpha2"
@@ -159,7 +160,7 @@ func (c *criService) containerSpec(id string, sandboxID string, sandboxPid uint3
if len(labelOptions) == 0 {
// Use pod level SELinux config
if sandbox, err := c.sandboxStore.Get(sandboxID); err == nil {
labelOptions, err = label.DupSecOpt(sandbox.ProcessLabel)
labelOptions, err = selinux.DupSecOpt(sandbox.ProcessLabel)
if err != nil {
return nil, err
}