Currently if a user does a command like
docker: Error response from daemon: operation not supported.
With this fix they should see a much more informative error message.
docker run -ti -v /proc:/proc:Z fedora sh
docker: Error response from daemon: SELinux Relabeling of /proc is not allowed: operation not supported.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
No substantial code change.
Note that some style errors reported by `golint` are not fixed due to possible compatibility issues.
Signed-off-by: Akihiro Suda <suda.kyoto@gmail.com>
One of our volume plugins needs to get the label of the target mount point
so that it can set the content inside of the volume to match.
We need label.GetFileLabel() to make this work.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
Only valid options to --security-opt for label should be
disable, user, role, type, level.
Return error on invalid entry
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
- Check if Selinux is enabled before relabeling. This is a bug.
- Make exclusion detection constant time. Kinda buggy too, imo.
- Do not depend on a magic string to create a new Selinux context.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Dan Walsh
Bryan Boreham
Akihiro Suda
allencloud
Jessica Frazelle
rajasec
David Calavera
Michael Crosby