Merge pull request #2816 from rhatdan/selinux

/dev/console must be labeled with SELinux label in containers
author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2016-03-09 23:47:00 -0500
committer: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2016-03-09 23:47:00 -0500
commit: ef240bf0df222fd336b31bde9ac1472244cb3453 (patch)
tree: 1c00e204868150f48740502ca76289b761af6493
parent: 0551ec735567075c6cc181ffdc96904450c0ea6f (diff)
parent: 68b020494d1ff085281061413d9236b5865ef238 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 4851c439c9..be07625a03 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -87,6 +87,7 @@
 #ifdef HAVE_SECCOMP
 #include "seccomp-util.h"
 #endif
+#include "selinux-util.h"
 #include "signal-util.h"
 #include "socket-util.h"
 #include "stat-util.h"
@@ -3284,6 +3285,12 @@ int main(int argc, char *argv[]) {
                 goto finish;
         }
 
+        if (arg_selinux_apifs_context) {
+                r = mac_selinux_apply(console, arg_selinux_apifs_context);
+                if (r < 0)
+                        goto finish;
+        }
+
         if (unlockpt(master) < 0) {
                 r = log_error_errno(errno, "Failed to unlock tty: %m");
                 goto finish;
author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2016-03-09 23:47:00 -0500
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2016-03-09 23:47:00 -0500
commit	ef240bf0df222fd336b31bde9ac1472244cb3453 (patch)
tree	1c00e204868150f48740502ca76289b761af6493
parent	0551ec735567075c6cc181ffdc96904450c0ea6f (diff)
parent	68b020494d1ff085281061413d9236b5865ef238 (diff)