docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix lxc label handleing 

This also improves the logic around formatting the labels for selinux
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
This commit is contained in:
Michael Crosby 2014-04-02 16:52:49 +00:00
parent 6e7a93628b
commit 94233a204f
3 changed files with 17 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/label/label.go
View File

@ -6,7 +6,7 @@ func GenLabels(options string) (string, string, error) {
return "", "", nil return "", "", nil
} }
func FormatMountLabel(src string, MountLabel string) string { func FormatMountLabel(src string, mountLabel string) string {
return src return src
} }

30
pkg/label/label_selinux.go
View File

@ -10,12 +10,15 @@ import (
func GenLabels(options string) (string, string, error) { func GenLabels(options string) (string, string, error) {
processLabel, mountLabel := selinux.GetLxcContexts() processLabel, mountLabel := selinux.GetLxcContexts()
var err error
if processLabel == "" { // SELinux is disabled if processLabel == "" { // SELinux is disabled
return "", "", err return "", "", nil
} }
s := strings.Fields(options)
l := len(s) var (
err error
s = strings.Fields(options)
l = len(s)
)
if l > 0 { if l > 0 {
pcon := selinux.NewContext(processLabel) pcon := selinux.NewContext(processLabel)
for i := 0; i < l; i++ { for i := 0; i < l; i++ {
@ -28,19 +31,16 @@ func GenLabels(options string) (string, string, error) {
return processLabel, mountLabel, err return processLabel, mountLabel, err
} }
func FormatMountLabel(src string, MountLabel string) string { func FormatMountLabel(src string, mountLabel string) string {
var mountLabel string if mountLabel != "" {
if src != "" { switch src {
mountLabel = src case "":
if MountLabel != "" { src = fmt.Sprintf("%s,context=%s", src, mountLabel)
mountLabel = fmt.Sprintf("%s,context=\"%s\"", mountLabel, MountLabel) default:
} src = fmt.Sprintf("context=%s", mountLabel)
} else {
if MountLabel != "" {
mountLabel = fmt.Sprintf("context=\"%s\"", MountLabel)
} }
} }
return mountLabel return src
} }
func SetProcessLabel(processLabel string) error { func SetProcessLabel(processLabel string) error {

13
runtime/execdriver/lxc/lxc_template.go
View File

@ -32,9 +32,8 @@ lxc.pts = 1024
lxc.console = none lxc.console = none
{{if .ProcessLabel}} {{if .ProcessLabel}}
lxc.se_context = {{ .ProcessLabel}} lxc.se_context = {{ .ProcessLabel}}
{{$MOUNTLABEL := .MountLabel}}
{{end}} {{end}}
{{$MOUNTLABEL := getMountLabel .Context}} {{$MOUNTLABEL := .MountLabel}}
# no controlling tty at all # no controlling tty at all
lxc.tty = 1 lxc.tty = 1
@ -152,14 +151,6 @@ func getMemorySwap(v *execdriver.Resources) int64 {
return v.Memory * 2 return v.Memory * 2
} }
func getProcessLabel(c map[string][]string) string {
return getLabel(c, "process")
}
func getMountLabel(c map[string][]string) string {
return getLabel(c, "mount")
}
func getLabel(c map[string][]string, name string) string { func getLabel(c map[string][]string, name string) string {
label := c["label"] label := c["label"]
for _, l := range label { for _, l := range label {
@ -175,8 +166,6 @@ func init() {
var err error var err error
funcMap := template.FuncMap{ funcMap := template.FuncMap{
"getMemorySwap": getMemorySwap, "getMemorySwap": getMemorySwap,
"getProcessLabel": getProcessLabel,
"getMountLabel": getMountLabel,
"escapeFstabSpaces": escapeFstabSpaces, "escapeFstabSpaces": escapeFstabSpaces,
"formatMountLabel": label.FormatMountLabel, "formatMountLabel": label.FormatMountLabel,
} }