New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
label option, from libpod.conf, is not being respected. #5087
Labels
kind/bug
Categorizes issue or PR as related to a bug.
locked - please file new issue/PR
Assist humans wanting to comment on an old issue or PR with locked comments.
Comments
openshift-ci-robot
added
the
kind/bug
Categorizes issue or PR as related to a bug.
label
Feb 4, 2020
@rhatdan PTAL. I doubt containers.conf is going to fix this, that's just moving around where we source the config value from. |
Well we have an SELinux test right now, and it should be fixed in containers.conf. |
It's still a regression that should be fixed in libpod.conf. |
vrothberg
added a commit
to vrothberg/libpod
that referenced
this issue
Feb 17, 2020
When creating the security config, also check the setting in the libpod.conf (unless set via the CLI). Fixes: containers#5087 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
vrothberg
added a commit
to vrothberg/libpod
that referenced
this issue
Feb 17, 2020
When creating the security config, also check the setting in the libpod.conf (unless set via the CLI). Fixes: containers#5087 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
vrothberg
added a commit
to vrothberg/libpod
that referenced
this issue
Feb 18, 2020
Set the (default) process labels in `pkg/spec`. This way, we can also query libpod.conf and disable labeling if needed. Fixes: containers#5087 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
vrothberg
added a commit
to vrothberg/libpod
that referenced
this issue
Feb 19, 2020
Set the (default) process labels in `pkg/spec`. This way, we can also query libpod.conf and disable labeling if needed. Fixes: containers#5087 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
snj33v
pushed a commit
to snj33v/libpod
that referenced
this issue
May 31, 2020
Set the (default) process labels in `pkg/spec`. This way, we can also query libpod.conf and disable labeling if needed. Fixes: containers#5087 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
github-actions
bot
added
the
locked - please file new issue/PR
Assist humans wanting to comment on an old issue or PR with locked comments.
label
Sep 23, 2023
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
kind/bug
Categorizes issue or PR as related to a bug.
locked - please file new issue/PR
Assist humans wanting to comment on an old issue or PR with locked comments.
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind bug
Description
When playing with podman + kata, there's the need to always pass
--security-opt label=disable
topodman-run
. A similar way to achieve that, but for all the containers, would be settinglabel = false
in the libpod.conf. However, it doesn't seem to work.Steps to reproduce the issue:
On a Fedora 31 machine, using cgroups v1. do:
dnf install kata-runtime
label=false
in the libpod.conf filepodman --runtime /usr/bin/kata-runtime run -it fedora /bin/bash
Describe the results you received:
Error: rpc error: code = Unknown desc = selinux label is specified in config, but selinux is disabled or not supported: OCI runtime error
Describe the results you expected:
Container would be started in the same way as if started using the following command-line:
podman --runtime /usr/bin/kata-runtime run --security-opt label=disable fedora /bin/bash
Additional information you deem important (e.g. issue happens only occasionally):
Output of
podman version
:Output of
podman info --debug
:Package info (e.g. output of
rpm -q podman
orapt list podman
):Additional environment details (AWS, VirtualBox, physical, etc.):
Physical machine.
The text was updated successfully, but these errors were encountered: