diff options
author | Antonio Murdaca <runcom@redhat.com> | 2017-04-11 17:43:23 +0200 |
---|---|---|
committer | Victor Vieux <victorvieux@gmail.com> | 2017-04-25 16:41:51 -0700 |
commit | df996a95810ff08f1f6594cb282b16806dcee97a (patch) | |
tree | f95736df3c591f5fcd88525fa87d0c170cca199e | |
parent | aea00bf675444ce9f1bace2999a5487be75b4a5c (diff) | |
download | docker-df996a95810ff08f1f6594cb282b16806dcee97a.tar.gz |
daemon: relabel secrets path
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
(cherry picked from commit b11af7b2f686fe3724d0cfce260000a3d2b8fbc1)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
-rw-r--r-- | daemon/container_operations_unix.go | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/daemon/container_operations_unix.go b/daemon/container_operations_unix.go index 67b3ee38c0..17d5a061dd 100644 --- a/daemon/container_operations_unix.go +++ b/daemon/container_operations_unix.go @@ -214,6 +214,8 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) { } } + label.Relabel(localMountPath, c.MountLabel, false) + // remount secrets ro if err := mount.Mount("tmpfs", localMountPath, "tmpfs", "remount,ro,"+tmpfsOwnership); err != nil { return errors.Wrap(err, "unable to remount secret dir as readonly") |