github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Use spec's mountLabel when mounting the rootfs

Browse Source 
In NewContainer if a SnapshotKey is used and the spec has
a mountLabel specified, that mountLabel should be used to mount
the rootfs.

Signed-off-by: Darren Shepherd <darren@rancher.com>
This commit is contained in:
Darren Shepherd 2020-02-24 09:53:42 -07:00
parent 2c5279e820
commit c134a9befa
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
container.go
View File

@ -36,6 +36,7 @@ import (
prototypes "github.com/gogo/protobuf/types" prototypes "github.com/gogo/protobuf/types"
ver "github.com/opencontainers/image-spec/specs-go" ver "github.com/opencontainers/image-spec/specs-go"
ocispec "github.com/opencontainers/image-spec/specs-go/v1" ocispec "github.com/opencontainers/image-spec/specs-go/v1"
"github.com/opencontainers/selinux/go-selinux/label"
"github.com/pkg/errors" "github.com/pkg/errors"
) )
@ -242,7 +243,17 @@ func (c *container) NewTask(ctx context.Context, ioCreate cio.Creator, opts ...N
if err != nil { if err != nil {
return nil, err return nil, err
} }
spec, err := c.Spec(ctx)
if err != nil {
return nil, err
}
for _, m := range mounts { for _, m := range mounts {
if spec.Linux != nil && spec.Linux.MountLabel != "" {
context := label.FormatMountLabel("", spec.Linux.MountLabel)
if context != "" {
m.Options = append(m.Options, context)
}
}
request.Rootfs = append(request.Rootfs, &types.Mount{ request.Rootfs = append(request.Rootfs, &types.Mount{
Type: m.Type, Type: m.Type,
Source: m.Source, Source: m.Source,