Processes execed into container should match container label

Processes execed into a container were not being run with the correct label.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit is contained in:
Daniel J Walsh 2019-10-29 16:04:21 -04:00
parent 5918f3a5f1
commit 0b9e07f7f2
No known key found for this signature in database
GPG Key ID: A2DF901DABE2C028
3 changed files with 14 additions and 1 deletions

View File

@ -1023,8 +1023,8 @@ func prepareProcessExec(c *Container, cmd, env []string, tty bool, cwd, user, se
if err != nil {
return nil, err
}
pspec := c.config.Spec.Process
pspec.SelinuxLabel = c.config.ProcessLabel
pspec.Args = cmd
// We need to default this to false else it will inherit terminal as true
// from the container.

View File

@ -243,4 +243,5 @@ var _ = Describe("Podman exec", func() {
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
})
})

View File

@ -165,4 +165,16 @@ var _ = Describe("Podman run", func() {
Expect(session.ExitCode()).To(Equal(126))
})
It("podman exec selinux check", func() {
setup := podmanTest.RunTopContainer("test1")
setup.WaitWithDefaultTimeout()
Expect(setup.ExitCode()).To(Equal(0))
session := podmanTest.Podman([]string{"exec", "test1", "cat", "/proc/self/attr/current"})
session.WaitWithDefaultTimeout()
session1 := podmanTest.Podman([]string{"exec", "test1", "cat", "/proc/self/attr/current"})
session1.WaitWithDefaultTimeout()
Expect(session.OutputToString()).To(Equal(session1.OutputToString()))
})
})