rancher/rke
1
0
Fork 0
mirror of https://github.com/rancher/rke.git synced 2025-09-02 07:24:20 +00:00
Code Issues Releases Wiki Activity

Do not rewrite SELinux labels on volume mounts

Browse Source
This commit is contained in:
Sebastiaan van Steenis
2021-03-16 10:54:01 +01:00
parent 05f08baddb
commit 9757be753f
9 changed files with 91 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
cluster/file-deployer.go
View File

@@ -60,9 +60,15 @@ func doDeployFile(ctx context.Context, host *hosts.Host, fileName, fileContents,
}
hostCfg := &container.HostConfig{
Binds: []string{
fmt.Sprintf("%s:/etc/kubernetes:z", path.Join(host.PrefixPath, "/etc/kubernetes")),
fmt.Sprintf("%s:/etc/kubernetes", path.Join(host.PrefixPath, "/etc/kubernetes")),
},
}
if hosts.IsDockerSELinuxEnabled(host) {
// We apply the label because we do not rewrite SELinux labels anymore on volume mounts (no :z)
logrus.Debugf("Applying security opt label [%s] for [%s] container on host [%s]", SELinuxLabel, ContainerName, host.Address)
hostCfg.SecurityOpt = append(hostCfg.SecurityOpt, SELinuxLabel)
}
if err := docker.DoRunOnetimeContainer(ctx, host.DClient, imageCfg, hostCfg, ContainerName, host.Address, ServiceName, prsMap); err != nil {
return err
}