From 0896bd3b2905f3edbd365873ec289cfe90f8cb20 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Thu, 20 Nov 2014 17:20:26 -0500 Subject: [PATCH] Label content created for containers with the private label Currently this content gets a system label and is not writable based on SELinux controls. This patch will set the labels to the correct label. Docker-DCO-1.1-Signed-off-by: Dan Walsh (github: rhatdan) Upstream-commit: 61b2766e758f21b8b6bd32dc82ba624c2f0c5fd6 Component: engine --- components/engine/daemon/volumes.go | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/components/engine/daemon/volumes.go b/components/engine/daemon/volumes.go index a2cf3af33a..54cc0369dc 100644 --- a/components/engine/daemon/volumes.go +++ b/components/engine/daemon/volumes.go @@ -15,6 +15,7 @@ import ( "github.com/docker/docker/pkg/chrootarchive" "github.com/docker/docker/pkg/symlink" "github.com/docker/docker/volumes" + "github.com/docker/libcontainer/label" ) type Mount struct { @@ -235,15 +236,24 @@ func validMountMode(mode string) bool { } func (container *Container) setupMounts() error { + if err := label.SetFileLabel(container.ResolvConfPath, container.MountLabel); err != nil { + return err + } mounts := []execdriver.Mount{ {Source: container.ResolvConfPath, Destination: "/etc/resolv.conf", Writable: true, Private: true}, } if container.HostnamePath != "" { + if err := label.SetFileLabel(container.HostnamePath, container.MountLabel); err != nil { + return err + } mounts = append(mounts, execdriver.Mount{Source: container.HostnamePath, Destination: "/etc/hostname", Writable: true, Private: true}) } if container.HostsPath != "" { + if err := label.SetFileLabel(container.HostsPath, container.MountLabel); err != nil { + return err + } mounts = append(mounts, execdriver.Mount{Source: container.HostsPath, Destination: "/etc/hosts", Writable: true, Private: true}) }