Skip to content

Commit 0e42a1f

Browse files
openshift-merge-bot[bot]openshift-merge-bot[bot]
authored
Merge pull request cri-o#9666 from bitoku/systemd-selinux
OCPBUGS-69402: Ensure `InitLabel` only sets process label when unset
2 parents d738296 + 4e2f7db commit 0e42a1f

File tree

1 file changed

+8
-3
lines changed

1 file changed

+8
-3
lines changed

server/container_create.go

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1015,9 +1015,14 @@ func (s *Server) setupContainerMountsAndSystemd(ctr container.Container, sb *san
10151015
if ctr.WillRunSystemd() {
10161016
var err error
10171017

1018-
processLabel, err = InitLabel(processLabel)
1019-
if err != nil {
1020-
return "", err
1018+
// Don't override the process label if it was already set.
1019+
// Otherwise, it should be set container_init_t to run the init process
1020+
// in a container.
1021+
if processLabel == "" {
1022+
processLabel, err = InitLabel(processLabel)
1023+
if err != nil {
1024+
return "", err
1025+
}
10211026
}
10221027

10231028
setupSystemd(specgen.Mounts(), *specgen)

0 commit comments

Comments
 (0)