rancher/rke
1
0
Fork 0
mirror of https://github.com/rancher/rke.git synced 2025-09-01 23:16:22 +00:00
Code Issues Releases Wiki Activity

Revert "Do not rewrite SELinux labels on volume mounts"

Browse Source
This commit is contained in:
Sebastiaan van Steenis
2021-07-29 08:59:54 +02:00
committed by GitHub
parent e0b892247f
commit 51a6b50a84
9 changed files with 42 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
cluster/file-deployer.go
View File

@@ -60,15 +60,9 @@ func doDeployFile(ctx context.Context, host *hosts.Host, fileName, fileContents,
}
hostCfg := &container.HostConfig{
Binds: []string{
fmt.Sprintf("%s:/etc/kubernetes", path.Join(host.PrefixPath, "/etc/kubernetes")),
fmt.Sprintf("%s:/etc/kubernetes:z", path.Join(host.PrefixPath, "/etc/kubernetes")),
},
}
if hosts.IsDockerSELinuxEnabled(host) {
// We apply the label because we do not rewrite SELinux labels anymore on volume mounts (no :z)
logrus.Debugf("Applying security opt label [%s] for [%s] container on host [%s]", SELinuxLabel, ContainerName, host.Address)
hostCfg.SecurityOpt = append(hostCfg.SecurityOpt, SELinuxLabel)
}
if err := docker.DoRunOnetimeContainer(ctx, host.DClient, imageCfg, hostCfg, ContainerName, host.Address, ServiceName, prsMap); err != nil {
return err
}