Fix up SELinux labeling

SELinux label options processing fixes, should allow system tests to pass. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2025-08-06 19:44:14 +08:00 · 2020-04-14 16:44:37 -04:00
parent 195cb11276
commit ac94a96a74
6 changed files with 31 additions and 51 deletions
--- a/pkg/specgen/generate/container.go
+++ b/pkg/specgen/generate/container.go
@ -113,6 +113,14 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat
 	if err := finishThrottleDevices(s); err != nil {
 		return err
 	}
+	// Unless already set via the CLI, check if we need to disable process
+	// labels or set the defaults.
+	if len(s.SelinuxOpts) == 0 {
+		if err := s.SetLabelOpts(r, s.PidNS, s.IpcNS); err != nil {
+			return err
+		}
+	}
+
 	return nil
 }