rancher/rke
1
0
Fork 0
mirror of https://github.com/rancher/rke.git synced 2025-09-11 03:49:33 +00:00
Code Issues Releases Wiki Activity

Revert "Do not rewrite SELinux labels on volume mounts"

Browse Source
This commit is contained in:
Sebastiaan van Steenis
2021-07-29 08:59:54 +02:00
committed by GitHub
parent e0b892247f
commit 51a6b50a84
9 changed files with 42 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
services/services.go
View File

@@ -52,7 +52,6 @@ const (
ContainerNameLabel = "io.rancher.rke.container.name"
MCSLabel = "label=level:s0:c1000,c1001"
SELinuxLabel = "label=type:rke_container_t"
)
type RestartFunc func(context.Context, *hosts.Host) error
@@ -143,10 +142,6 @@ func GetProcessConfig(process v3.Process, host *hosts.Host) (*container.Config,
hostCfg.SecurityOpt = []string{MCSLabel}
}
}
// We apply the label because we do not rewrite SELinux labels anymore on volume mounts (no :z)
logrus.Debugf("Applying security opt label [%s] for etcd container on host [%s]", SELinuxLabel, host.Address)
hostCfg.SecurityOpt = append(hostCfg.SecurityOpt, SELinuxLabel)
}
return imageCfg, hostCfg, process.HealthCheck.URL
}