Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Binding metadata directory in Z mode for selinux enabled docker #2273

Merged
merged 1 commit into from
Nov 14, 2019
Merged

Binding metadata directory in Z mode for selinux enabled docker #2273

merged 1 commit into from
Nov 14, 2019

Conversation

mythri-garaga
Copy link
Contributor

@mythri-garaga mythri-garaga commented Nov 11, 2019
edited

Summary

This change fixes the issue - #1113 by enabling read access to the metadata files from container processes.

Implementation details

  • Added Info API to DockerClient interface to obtain Docker's SecurityOptions information.
  • If the SecurityOptions contains selinux, we mount the metadata directory in Z mode.

Testing

New tests cover the changes: yes

Description for the changelog

Licensing

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@mythri-garaga mythri-garaga force-pushed the metadataFileAccess branch 4 times, most recently from 02f7ab2 to df588a4 Compare November 11, 2019 20:19
@shubham2892 shubham2892 requested a review from a team November 12, 2019 01:17
fenxiong
fenxiong reviewed Nov 12, 2019
View reviewed changes
agent/engine/interface.go Outdated Show resolved Hide resolved
@mythri-garaga mythri-garaga force-pushed the metadataFileAccess branch 2 times, most recently from b2ca091 to 79914d7 Compare November 13, 2019 05:53
fenxiong
fenxiong reviewed Nov 13, 2019
View reviewed changes
Copy link
Contributor

@fenxiong fenxiong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

code lgtm, some comments on testing/format

agent/engine/docker_task_engine_test.go Outdated Show resolved Hide resolved
agent/containermetadata/write_metadata_unix_test.go Outdated Show resolved Hide resolved
agent/stats/common_test.go Outdated Show resolved Hide resolved
agent/containermetadata/write_metadata_unix.go Outdated Show resolved Hide resolved
agent/containermetadata/write_metadata_unix_test.go Outdated Show resolved Hide resolved
shubham2892
shubham2892 approved these changes Nov 13, 2019
View reviewed changes
Copy link
Contributor

@shubham2892 shubham2892 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚢

@mythri-garaga mythri-garaga merged commit 221535f into aws:dev Nov 14, 2019
@mythri-garaga mythri-garaga mentioned this pull request Nov 14, 2019
Closed
@suneyz suneyz added this to the 1.34.0 milestone Nov 22, 2019
@suneyz suneyz mentioned this pull request Nov 24, 2019
Merged
@lisajluo lisajluo mentioned this pull request Dec 12, 2019
Merged
@mythri-garaga mythri-garaga deleted the metadataFileAccess branch April 16, 2020 20:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@petderek petderek petderek left review comments

@shubham2892 shubham2892 shubham2892 approved these changes

@sharanyad sharanyad sharanyad approved these changes

@fenxiong fenxiong fenxiong approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.34.0
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@mythri-garaga @petderek @shubham2892 @sharanyad @fenxiong @suneyz @amazon-ecs-bot