github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-09 20:07:49 +00:00
Code Issues Projects Releases Wiki Activity

runtime-rs: handle disabled guest selinux in virtiofsd

Browse Source 
This is just a port of functionality existing in the golang runtime.

Signed-off-by: Pavel Mores <pmores@redhat.com>
This commit is contained in:
Pavel Mores 2024-08-30 18:33:16 +02:00 committed by Fabiano Fidêncio
parent 8c92f3bfec
commit 5e5eb9759f
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/runtime-rs/crates/resource/src/share_fs/share_virtio_fs_standalone.rs
View File

@ -71,7 +71,7 @@ impl ShareVirtioFsStandalone {
})
}
fn virtiofsd_args(&self, sock_path: &str) -> Result<Vec<String>> {
fn virtiofsd_args(&self, sock_path: &str, disable_guest_selinux: bool) -> Result<Vec<String>> {
let source_path = get_host_ro_shared_path(&self.config.id);
ensure_dir_exist(&source_path)?;
let shared_dir = source_path
@ -96,12 +96,19 @@ impl ShareVirtioFsStandalone {
args.append(&mut extra_args);
}
if !disable_guest_selinux {
args.push(String::from("--xattr"));
}
Ok(args)
}
async fn setup_virtiofsd(&self, h: &dyn Hypervisor) -> Result<()> {
let sock_path = generate_sock_path(&h.get_jailer_root().await?);
let args = self.virtiofsd_args(&sock_path).context("virtiofsd args")?;
let disable_guest_selinux = h.hypervisor_config().await.disable_guest_selinux;
let args = self
.virtiofsd_args(&sock_path, disable_guest_selinux)
.context("virtiofsd args")?;
let mut cmd = Command::new(&self.config.virtio_fs_daemon);
let child_cmd = cmd.args(&args).stderr(Stdio::piped());