opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-08-06 11:32:07 +08:00
Code Issues Packages Projects Releases Wiki Activity

label.Relabel third option is shared not recurse

Browse Source 
There is no option in Selinux labeling to only relabel the top level of
a directory. The option is to either label the path shared or not
shared. Changing to make sure future engineers do not assume that
recurse can work.

[NO NEW TESTS NEEDED]

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit is contained in:
Daniel J Walsh
2022-09-17 07:14:29 -04:00
parent 4e14fa05c9
commit dc8fdb46c5
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
libpod/container_internal_common.go
View File

@ -2659,7 +2659,7 @@ func (c *Container) fixVolumePermissions(v *ContainerNamedVolume) error {
return nil
}
func (c *Container) relabel(src, mountLabel string, recurse bool) error {
func (c *Container) relabel(src, mountLabel string, shared bool) error {
if !selinux.GetEnabled() || mountLabel == "" {
return nil
}
@ -2674,7 +2674,7 @@ func (c *Container) relabel(src, mountLabel string, recurse bool) error {
return nil
}
}
return label.Relabel(src, mountLabel, recurse)
return label.Relabel(src, mountLabel, shared)
}
func (c *Container) ChangeHostPathOwnership(src string, recurse bool, uid, gid int) error {