opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-27 05:26:50 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2613 from rhatdan/selinux

Browse Source 
Fix SELinux on host shared systems in userns
This commit is contained in:
OpenShift Merge Robot
2019-03-11 12:59:46 -07:00
committed by GitHub
parent 7038cac53c de12f45688
commit 1466c8a2f8
1 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
pkg/spec/spec.go
View File

@ -454,10 +454,6 @@ func findMount(target string, mounts []*pmount.Info) (*pmount.Info, error) {
} }
func blockAccessToKernelFilesystems(config *CreateConfig, g *generate.Generator) { func blockAccessToKernelFilesystems(config *CreateConfig, g *generate.Generator) {
if config.PidMode.IsHost() && rootless.IsRootless() {
return
}
if !config.Privileged { if !config.Privileged {
for _, mp := range []string{ for _, mp := range []string{
"/proc/acpi", "/proc/acpi",
@ -469,10 +465,15 @@ func blockAccessToKernelFilesystems(config *CreateConfig, g *generate.Generator)
"/proc/sched_debug", "/proc/sched_debug",
"/proc/scsi", "/proc/scsi",
"/sys/firmware", "/sys/firmware",
"/sys/fs/selinux",
} { } {
g.AddLinuxMaskedPaths(mp) g.AddLinuxMaskedPaths(mp)
} }
if config.PidMode.IsHost() && rootless.IsRootless() {
return
}
for _, rp := range []string{ for _, rp := range []string{
"/proc/asound", "/proc/asound",
"/proc/bus", "/proc/bus",