Update lxc to use opts for selinux labels

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
This commit is contained in:
Michael Crosby 2014-03-27 08:57:01 +00:00
Родитель 2d270c4f06
Коммит bfa2141765
2 изменённых файлов: 25 добавлений и 9 удалений

Просмотреть файл

@ -3,6 +3,7 @@ package lxc
import (
"fmt"
"github.com/dotcloud/docker/pkg/cgroups"
"github.com/dotcloud/docker/pkg/label"
"github.com/dotcloud/docker/runtime/execdriver"
"github.com/dotcloud/docker/utils"
"io/ioutil"
@ -378,19 +379,34 @@ func rootIsShared() bool {
}
func (d *driver) generateLXCConfig(c *execdriver.Command) (string, error) {
root := path.Join(d.root, "containers", c.ID, "config.lxc")
var (
process, mount string
root = path.Join(d.root, "containers", c.ID, "config.lxc")
labels = c.Config["label"]
)
fo, err := os.Create(root)
if err != nil {
return "", err
}
defer fo.Close()
if len(labels) > 0 {
process, mount, err = label.GenLabels(labels[0])
if err != nil {
return "", err
}
}
if err := LxcTemplateCompiled.Execute(fo, struct {
*execdriver.Command
AppArmor bool
AppArmor bool
ProcessLabel string
MountLabel string
}{
Command: c,
AppArmor: d.apparmor,
Command: c,
AppArmor: d.apparmor,
ProcessLabel: process,
MountLabel: mount,
}); err != nil {
return "", err
}

Просмотреть файл

@ -30,9 +30,9 @@ lxc.pts = 1024
# disable the main console
lxc.console = none
{{if getProcessLabel .Config}}
lxc.se_context = {{ getProcessLabel .Config}}
{{$MOUNTLABEL := getMountLabel .Config}}
{{if .ProcessLabel}}
lxc.se_context = {{ .ProcessLabel}}
{{$MOUNTLABEL := .MountLabel}}
{{end}}
# no controlling tty at all
@ -159,8 +159,8 @@ func getLabel(c map[string][]string, name string) string {
label := c["label"]
for _, l := range label {
parts := strings.SplitN(l, "=", 2)
if parts[0] == name {
return parts[1]
if strings.TrimSpace(parts[0]) == name {
return strings.TrimSpace(parts[1])
}
}
return ""