container/podman
container/podman
1
0
Fork 0
mirror of https://github.com/containers/podman synced 2024-10-22 02:03:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2613 from rhatdan/selinux

Browse source 
Fix SELinux on host shared systems in userns
This commit is contained in:
OpenShift Merge Robot 2019-03-11 12:59:46 -07:00 committed by GitHub
parent 7038cac53c de12f45688
commit 1466c8a2f8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
pkg/spec/spec.go
View file

@ -454,10 +454,6 @@ func findMount(target string, mounts []*pmount.Info) (*pmount.Info, error) {
}
func blockAccessToKernelFilesystems(config *CreateConfig, g *generate.Generator) {
if config.PidMode.IsHost() && rootless.IsRootless() {
return
}
if !config.Privileged {
for _, mp := range []string{
"/proc/acpi",
@ -469,10 +465,15 @@ func blockAccessToKernelFilesystems(config *CreateConfig, g *generate.Generator)
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware",
"/sys/fs/selinux",
} {
g.AddLinuxMaskedPaths(mp)
}
if config.PidMode.IsHost() && rootless.IsRootless() {
return
}
for _, rp := range []string{
"/proc/asound",
"/proc/bus",