zishuo/runc
1
0
Fork 0
mirror of https://github.com/opencontainers/runc.git synced 2026-04-22 23:17:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

Make label.Relabel safer.

Browse Source 
- Check if Selinux is enabled before relabeling. This is a bug.
- Make exclusion detection constant time. Kinda buggy too, imo.
- Do not depend on a magic string to create a new Selinux context.

Signed-off-by: David Calavera <david.calavera@gmail.com>
This commit is contained in:
David Calavera
2015-07-30 13:36:35 -07:00
parent 45cbce3e45
commit 4bd4d462af
4 changed files with 79 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files
libcontainer/rootfs_linux.go
+5 -1
View File
@@ -160,7 +160,11 @@ func mountToRootfs(m *configs.Mount, rootfs, mountLabel string) error {
}
}
if m.Relabel != "" {
if err := label.Relabel(m.Source, mountLabel, m.Relabel); err != nil {
if err := label.Validate(m.Relabel); err != nil {
return err
}
shared := label.IsShared(m.Relabel)
if err := label.Relabel(m.Source, mountLabel, shared); err != nil {
return err
}
}