opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-08-02 09:12:36 +08:00
Code Issues Packages Projects Releases Wiki Activity

play kube selinux label issue

Browse Source 
play kube function not respecting selinux options in kube yaml, all options were
being mapped to role.

fixes issue 8710

Signed-off-by: Steven Taylor <steven@taylormuff.co.uk>
This commit is contained in:
Steven Taylor
2021-02-02 18:13:13 +00:00
parent 735b16e347
commit c68b59f97f
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/specgen/generate/kube/kube.go
View File

@ -282,16 +282,16 @@ func setupSecurityContext(s *specgen.SpecGenerator, containerYAML v1.Container)
if seopt := containerYAML.SecurityContext.SELinuxOptions; seopt != nil { if seopt := containerYAML.SecurityContext.SELinuxOptions; seopt != nil {
if seopt.User != "" { if seopt.User != "" {
s.SelinuxOpts = append(s.SelinuxOpts, fmt.Sprintf("role:%s", seopt.User)) s.SelinuxOpts = append(s.SelinuxOpts, fmt.Sprintf("user:%s", seopt.User))
} }
if seopt.Role != "" { if seopt.Role != "" {
s.SelinuxOpts = append(s.SelinuxOpts, fmt.Sprintf("role:%s", seopt.Role)) s.SelinuxOpts = append(s.SelinuxOpts, fmt.Sprintf("role:%s", seopt.Role))
} }
if seopt.Type != "" { if seopt.Type != "" {
s.SelinuxOpts = append(s.SelinuxOpts, fmt.Sprintf("role:%s", seopt.Type)) s.SelinuxOpts = append(s.SelinuxOpts, fmt.Sprintf("type:%s", seopt.Type))
} }
if seopt.Level != "" { if seopt.Level != "" {
s.SelinuxOpts = append(s.SelinuxOpts, fmt.Sprintf("role:%s", seopt.Level)) s.SelinuxOpts = append(s.SelinuxOpts, fmt.Sprintf("level:%s", seopt.Level))
} }
} }
if caps := containerYAML.SecurityContext.Capabilities; caps != nil { if caps := containerYAML.SecurityContext.Capabilities; caps != nil {