Skip to content

Commit 4e2f7db

Browse files
bitokubitoku
committed
Ensure InitLabel only sets process label when unset
Signed-off-by: Ayato Tokubi <[email protected]>
1 parent 2e590ab commit 4e2f7db

File tree

1 file changed

+8
-3
lines changed

1 file changed

+8
-3
lines changed

server/container_create.go

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1015,9 +1015,14 @@ func (s *Server) setupContainerMountsAndSystemd(ctr container.Container, sb *san
10151015
if ctr.WillRunSystemd() {
10161016
var err error
10171017

1018-
processLabel, err = InitLabel(processLabel)
1019-
if err != nil {
1020-
return "", err
1018+
// Don't override the process label if it was already set.
1019+
// Otherwise, it should be set container_init_t to run the init process
1020+
// in a container.
1021+
if processLabel == "" {
1022+
processLabel, err = InitLabel(processLabel)
1023+
if err != nil {
1024+
return "", err
1025+
}
10211026
}
10221027

10231028
setupSystemd(specgen.Mounts(), *specgen)

0 commit comments

Comments
 (0)