Relabel config files.

Without relabel these files, SELinux-enabled containers will show "permission denied" errors for configuration files mounted with `docker server create ... --config ... ...`. Signed-off-by: Wenxuan Zhao <viz@linux.com>
moby · Sep 5, 2017 · 472c03a · 472c03a
1 parent 975675e
commit 472c03a
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/daemon/container_operations_unix.go b/daemon/container_operations_unix.go
@@ -307,6 +307,8 @@ func (daemon *Daemon) setupConfigDir(c *container.Container) (setupErr error) {
 		if err := os.Chown(fPath, rootIDs.UID+uid, rootIDs.GID+gid); err != nil {
 			return errors.Wrap(err, "error setting ownership for config")
 		}
+
+		label.Relabel(fPath, c.MountLabel, false)
 	}
 
 	return nil