We need the ability when using --ipc container:ID to match the SELinux label of the
container that the new container is sharing a label with.
Also add the ability to get the option to disable SELinux labeling for a container.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
docker exec changes the mount namespace which fools selinux bindings
into thinking SELinux is disabled. Bindings should just check if
a label is passed in and attempt to use it. Docker will not call these
functions with a label if SELinux is disabled.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
We want to add this to libcontainer so that we can change docker so that
when you volume mount into a labeled container, we want to allow the
administrator/user the ability to tell docker to fix the labels on the mount.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Alexandr Morozov
Dan Walsh
Michael Crosby
Michael Crosby