From 5e5eb9759fd9d681042fc5a62ce4fd9c52e2344c Mon Sep 17 00:00:00 2001 From: Pavel Mores Date: Fri, 30 Aug 2024 18:33:16 +0200 Subject: [PATCH] runtime-rs: handle disabled guest selinux in virtiofsd This is just a port of functionality existing in the golang runtime. Signed-off-by: Pavel Mores --- .../src/share_fs/share_virtio_fs_standalone.rs | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/runtime-rs/crates/resource/src/share_fs/share_virtio_fs_standalone.rs b/src/runtime-rs/crates/resource/src/share_fs/share_virtio_fs_standalone.rs index d281403a79..486a882a5c 100644 --- a/src/runtime-rs/crates/resource/src/share_fs/share_virtio_fs_standalone.rs +++ b/src/runtime-rs/crates/resource/src/share_fs/share_virtio_fs_standalone.rs @@ -71,7 +71,7 @@ impl ShareVirtioFsStandalone { }) } - fn virtiofsd_args(&self, sock_path: &str) -> Result> { + fn virtiofsd_args(&self, sock_path: &str, disable_guest_selinux: bool) -> Result> { let source_path = get_host_ro_shared_path(&self.config.id); ensure_dir_exist(&source_path)?; let shared_dir = source_path @@ -96,12 +96,19 @@ impl ShareVirtioFsStandalone { args.append(&mut extra_args); } + if !disable_guest_selinux { + args.push(String::from("--xattr")); + } + Ok(args) } async fn setup_virtiofsd(&self, h: &dyn Hypervisor) -> Result<()> { let sock_path = generate_sock_path(&h.get_jailer_root().await?); - let args = self.virtiofsd_args(&sock_path).context("virtiofsd args")?; + let disable_guest_selinux = h.hypervisor_config().await.disable_guest_selinux; + let args = self + .virtiofsd_args(&sock_path, disable_guest_selinux) + .context("virtiofsd args")?; let mut cmd = Command::new(&self.config.virtio_fs_daemon); let child_cmd = cmd.args(&args).stderr(Stdio::piped());