containerd
/
containerd
mirror of https://github.com/containerd/containerd.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
containerd/pkg/cri/server
History
Jacob Blain Christen e8d8ae3b97 cri: selinux relabel /dev/shm 
Address an issue originally seen in the k3s 1.3 and 1.4 forks of containerd/cri, https://github.com/rancher/k3s/issues/2240

Even with updated container-selinux policy, container-local /dev/shm
will get mounted with container_runtime_tmpfs_t because it is a tmpfs
created by the runtime and not the container (thus, container_runtime_t
transition rules apply). The relabel mitigates such, allowing envoy
proxy to work correctly (and other programs that wish to write to their
/dev/shm) under selinux.

Tested locally with:
- SELINUX=Enforcing vagrant up --provision-with=shell,selinux,test-integration
- SELINUX=Enforcing CRITEST_ARGS=--ginkgo.skip='HostIpc is true' vagrant up --provision-with=shell,selinux,test-cri
- SELINUX=Permissive CRITEST_ARGS=--ginkgo.focus='HostIpc is true' vagrant up --provision-with=shell,selinux,test-cri

Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
 		2020-11-06 12:05:17 -07:00
..
bandwidth Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
testing Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
cni_conf_syncer.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
container_attach.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
container_create.go Filter snapshotter labels passed to WithNewSnapshot 2020-10-15 04:49:39 -07:00
container_create_linux.go cri: selinux relabel /dev/shm 2020-11-06 12:05:17 -07:00
container_create_linux_test.go Refactor pkg packages 2020-10-08 17:30:17 -07:00
container_create_other.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
container_create_other_test.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
container_create_test.go Refactor pkg packages 2020-10-08 17:30:17 -07:00
container_create_windows.go Refactor pkg packages 2020-10-08 17:30:17 -07:00
container_create_windows_test.go Refactor CRI packages 2020-10-07 14:45:57 -07:00
container_exec.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
container_execsync.go Refactor pkg packages 2020-10-08 17:30:17 -07:00
container_list.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
container_list_test.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
container_log_reopen.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
container_remove.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
container_remove_test.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
container_start.go Refactor pkg packages 2020-10-08 17:30:17 -07:00
container_start_test.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
container_stats.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
container_stats_list.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
container_stats_list_linux.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
container_stats_list_linux_test.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
container_stats_list_other.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
container_stats_list_windows.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
container_status.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
container_status_test.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
container_stop.go Refactor pkg packages 2020-10-08 17:30:17 -07:00
container_stop_test.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
container_update_resources_linux.go Refactor pkg packages 2020-10-08 17:30:17 -07:00
container_update_resources_linux_test.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
container_update_resources_other.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
container_update_resources_windows.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
events.go fix: always set unknown to false when handling exit event 2020-10-27 10:50:15 +08:00
events_test.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
helpers.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
helpers_linux.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
helpers_linux_test.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
helpers_other.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
helpers_selinux_test.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
helpers_test.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
helpers_windows.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
image_list.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
image_list_test.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
image_pull.go Add manifest digest annotation for snapshotters 2020-10-07 23:12:01 +00:00
image_pull_test.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
image_remove.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
image_status.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
image_status_test.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
imagefs_info.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
imagefs_info_test.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
instrumented_service.go Refactor pkg packages 2020-10-08 17:30:17 -07:00
opts.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
restart.go Refactor pkg packages 2020-10-08 17:30:17 -07:00
sandbox_list.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
sandbox_list_test.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
sandbox_portforward.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
sandbox_portforward_linux.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
sandbox_portforward_other.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
sandbox_portforward_windows.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
sandbox_remove.go Fix comment in RemovePodSandbox 2020-10-12 17:59:08 -07:00
sandbox_run.go Filter snapshotter labels passed to WithNewSnapshot 2020-10-15 04:49:39 -07:00
sandbox_run_linux.go fix no-pivot not working in io.containerd.runtime.v1.linux 2020-10-12 09:39:59 +08:00
sandbox_run_linux_test.go Refactor pkg packages 2020-10-08 17:30:17 -07:00
sandbox_run_other.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
sandbox_run_other_test.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
sandbox_run_test.go Refactor CRI packages 2020-10-07 14:45:57 -07:00
sandbox_run_windows.go Refactor pkg packages 2020-10-08 17:30:17 -07:00
sandbox_run_windows_test.go Refactor pkg packages 2020-10-08 17:30:17 -07:00
sandbox_status.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
sandbox_status_test.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
sandbox_stop.go Refactor pkg packages 2020-10-08 17:30:17 -07:00
sandbox_stop_test.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
service.go Refactor pkg packages 2020-10-08 17:30:17 -07:00
service_linux.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
service_other.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
service_test.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
service_windows.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
snapshots.go Refactor pkg packages 2020-10-08 17:30:17 -07:00
status.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
streaming.go Refactor pkg packages 2020-10-08 17:30:17 -07:00
streaming_test.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
update_runtime_config.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
update_runtime_config_test.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
version.go Refactor CRI packages 2020-10-07 14:45:57 -07:00