github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Merge pull request #157 from miaoyq/apply-selinux-opt

Browse Source 
Support selinux options/label
This commit is contained in:
Lantao Liu
2017-08-31 16:30:30 -07:00
committed by GitHub
parent 66baf1312d 0c3304e006
commit 9c49624174
14 changed files with 1294 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/server/sandbox_run.go
View File

@@ -275,7 +275,13 @@ func (c *criContainerdService) generateSandboxContainerSpec(id string, config *r
g.RemoveLinuxNamespace(string(runtimespec.IPCNamespace)) // nolint: errcheck
}
// TODO(random-liu): [P1] Apply SeLinux options.
selinuxOpt := securityContext.GetSelinuxOptions()
processLabel, mountLabel, err := initSelinuxOpts(selinuxOpt)
if err != nil {
return nil, fmt.Errorf("failed to init selinux options %+v: %v", securityContext.GetSelinuxOptions(), err)
}
g.SetProcessSelinuxLabel(processLabel)
g.SetLinuxMountLabel(mountLabel)
supplementalGroups := securityContext.GetSupplementalGroups()
for _, group := range supplementalGroups {