docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Do not return labels when in privileged mode 

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
This commit is contained in:
Michael Crosby 2014-04-29 01:08:19 -07:00
parent 64d0f7e39b
commit 1a5ffef6c6
2 changed files with 20 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
daemon/container.go
View File

@ -330,8 +330,8 @@ func populateCommand(c *Container, env []string) {
en *execdriver.Network en *execdriver.Network
context = make(map[string][]string) context = make(map[string][]string)
) )
context["process_label"] = []string{c.ProcessLabel} context["process_label"] = []string{c.GetProcessLabel()}
context["mount_label"] = []string{c.MountLabel} context["mount_label"] = []string{c.GetMountLabel()}
en = &execdriver.Network{ en = &execdriver.Network{
Mtu: c.daemon.config.Mtu, Mtu: c.daemon.config.Mtu,
@ -392,7 +392,6 @@ func (container *Container) Start() (err error) {
if err := container.setupContainerDns(); err != nil { if err := container.setupContainerDns(); err != nil {
return err return err
} }
if err := container.Mount(); err != nil { if err := container.Mount(); err != nil {
return err return err
} }
@ -1192,3 +1191,19 @@ func (container *Container) allocatePort(eng *engine.Engine, port nat.Port, bind
bindings[port] = binding bindings[port] = binding
return nil return nil
} }
func (container *Container) GetProcessLabel() string {
// even if we have a process label return "" if we are running
// in privileged mode
if container.hostConfig.Privileged {
return ""
}
return container.ProcessLabel
}
func (container *Container) GetMountLabel() string {
if container.hostConfig.Privileged {
return ""
}
return container.MountLabel
}

5
daemon/daemon.go
View File

@ -538,10 +538,9 @@ func (daemon *Daemon) newContainer(name string, config *runconfig.Config, img *i
} }
container.root = daemon.containerRoot(container.ID) container.root = daemon.containerRoot(container.ID)
if container.MountLabel, container.ProcessLabel, err = label.GenLabels(""); err != nil { if container.ProcessLabel, container.MountLabel, err = label.GenLabels(""); err != nil {
return nil, err return nil, err
} }
return container, nil return container, nil
} }
@ -848,7 +847,7 @@ func (daemon *Daemon) Close() error {
} }
func (daemon *Daemon) Mount(container *Container) error { func (daemon *Daemon) Mount(container *Container) error {
dir, err := daemon.driver.Get(container.ID, container.MountLabel) dir, err := daemon.driver.Get(container.ID, container.GetMountLabel())
if err != nil { if err != nil {
return fmt.Errorf("Error getting container %s from driver %s: %s", container.ID, daemon.driver, err) return fmt.Errorf("Error getting container %s from driver %s: %s", container.ID, daemon.driver, err)
} }