opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-05-21 17:16:22 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10334 from mheon/add_relabel_vol_plugin

Browse Source 
Ensure that :Z/:z/:U can be used with named volumes
This commit is contained in:
OpenShift Merge Robot
2021-05-17 16:28:21 -04:00
committed by GitHub
parent 3aa4746fb6 6efca0bbac
commit a7fa0da4a5
2 changed files with 27 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
libpod/container_internal_linux.go
View File

@ -358,6 +358,25 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
return nil, err return nil, err
} }
// Add named volumes
for _, namedVol := range c.config.NamedVolumes {
volume, err := c.runtime.GetVolume(namedVol.Name)
if err != nil {
return nil, errors.Wrapf(err, "error retrieving volume %s to add to container %s", namedVol.Name, c.ID())
}
mountPoint, err := volume.MountPoint()
if err != nil {
return nil, err
}
volMount := spec.Mount{
Type: "bind",
Source: mountPoint,
Destination: namedVol.Dest,
Options: namedVol.Options,
}
g.AddMount(volMount)
}
// Check if the spec file mounts contain the options z, Z or U. // Check if the spec file mounts contain the options z, Z or U.
// If they have z or Z, relabel the source directory and then remove the option. // If they have z or Z, relabel the source directory and then remove the option.
// If they have U, chown the source directory and them remove the option. // If they have U, chown the source directory and them remove the option.
@ -391,25 +410,6 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
g.SetProcessSelinuxLabel(c.ProcessLabel()) g.SetProcessSelinuxLabel(c.ProcessLabel())
g.SetLinuxMountLabel(c.MountLabel()) g.SetLinuxMountLabel(c.MountLabel())
// Add named volumes
for _, namedVol := range c.config.NamedVolumes {
volume, err := c.runtime.GetVolume(namedVol.Name)
if err != nil {
return nil, errors.Wrapf(err, "error retrieving volume %s to add to container %s", namedVol.Name, c.ID())
}
mountPoint, err := volume.MountPoint()
if err != nil {
return nil, err
}
volMount := spec.Mount{
Type: "bind",
Source: mountPoint,
Destination: namedVol.Dest,
Options: namedVol.Options,
}
g.AddMount(volMount)
}
// Add bind mounts to container // Add bind mounts to container
for dstPath, srcPath := range c.state.BindMounts { for dstPath, srcPath := range c.state.BindMounts {
newMount := spec.Mount{ newMount := spec.Mount{

8
test/e2e/run_selinux_test.go
View File

@ -343,4 +343,12 @@ var _ = Describe("Podman run", func() {
session.WaitWithDefaultTimeout() session.WaitWithDefaultTimeout()
Expect(session.OutputToString()).To(ContainSubstring("container_init_t")) Expect(session.OutputToString()).To(ContainSubstring("container_init_t"))
}) })
It("podman relabels named volume with :Z", func() {
session := podmanTest.Podman([]string{"run", "-v", "testvol:/test1/test:Z", fedoraMinimal, "ls", "-alZ", "/test1"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
match, _ := session.GrepString(":s0:")
Expect(match).Should(BeTrue())
})
}) })