opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-07-02 08:47:43 +08:00
Code Issues Packages Projects Releases Wiki Activity

Allow containers/storage to handle on SELinux labeling

Browse Source 
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit is contained in:
Daniel J Walsh
2018-10-18 15:50:11 -04:00
parent 57b0b89d0c
commit a95d71f113
7 changed files with 424 additions and 409 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
libpod/storage.go
View File

@ -27,10 +27,13 @@ func getStorageService(store storage.Store) (*storageService, error) {
// of its nonvolatile and volatile per-container directories, along with a copy
// of the configuration blob from the image that was used to create the
// container, if the image had a configuration.
// It also returns the ProcessLabel and MountLabel selected for the container
type ContainerInfo struct {
Dir string
RunDir string
Config *v1.Image
Dir string
RunDir string
Config *v1.Image
ProcessLabel string
MountLabel string
}
// RuntimeContainerMetadata is the structure that we encode as JSON and store
@ -59,7 +62,7 @@ func (metadata *RuntimeContainerMetadata) SetMountLabel(mountLabel string) {
// CreateContainerStorage creates the storage end of things. We already have the container spec created
// TO-DO We should be passing in an Image object in the future.
func (r *storageService) CreateContainerStorage(ctx context.Context, systemContext *types.SystemContext, imageName, imageID, containerName, containerID, mountLabel string, options *storage.ContainerOptions) (cinfo ContainerInfo, err error) {
func (r *storageService) CreateContainerStorage(ctx context.Context, systemContext *types.SystemContext, imageName, imageID, containerName, containerID string, options storage.ContainerOptions) (cinfo ContainerInfo, err error) {
var imageConfig *v1.Image
if imageName != "" {
var ref types.ImageReference
@ -101,7 +104,6 @@ func (r *storageService) CreateContainerStorage(ctx context.Context, systemConte
ImageID: imageID,
ContainerName: containerName,
CreatedAt: time.Now().Unix(),
MountLabel: mountLabel,
}
mdata, err := json.Marshal(&metadata)
if err != nil {
@ -111,15 +113,7 @@ func (r *storageService) CreateContainerStorage(ctx context.Context, systemConte
// Build the container.
names := []string{containerName}
if options == nil {
options = &storage.ContainerOptions{
IDMappingOptions: storage.IDMappingOptions{
HostUIDMapping: true,
HostGIDMapping: true,
},
}
}
container, err := r.store.CreateContainer(containerID, names, imageID, "", string(mdata), options)
container, err := r.store.CreateContainer(containerID, names, imageID, "", string(mdata), &options)
if err != nil {
logrus.Debugf("failed to create container %s(%s): %v", metadata.ContainerName, containerID, err)
@ -167,9 +161,11 @@ func (r *storageService) CreateContainerStorage(ctx context.Context, systemConte
logrus.Debugf("container %q has run directory %q", container.ID, containerRunDir)
return ContainerInfo{
Dir: containerDir,
RunDir: containerRunDir,
Config: imageConfig,
Dir: containerDir,
RunDir: containerRunDir,
Config: imageConfig,
ProcessLabel: container.ProcessLabel(),
MountLabel: container.MountLabel(),
}, nil
}