From b9b2969bb6e00d4e916f40e47ded55443ced52a2 Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Wed, 15 Jan 2025 10:20:06 -0500 Subject: [PATCH] pkg/overlay: add a MountLabel flag to Options Add a way to pass a "set the SELinux contexts" labels to MountWithOptions. Signed-off-by: Nalin Dahyabhai Signed-off-by: David Shea Signed-off-by: Vivek Naruka --- pkg/overlay/overlay.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pkg/overlay/overlay.go b/pkg/overlay/overlay.go index eddce3012..3dd717758 100644 --- a/pkg/overlay/overlay.go +++ b/pkg/overlay/overlay.go @@ -15,6 +15,8 @@ import ( "github.com/containers/storage/pkg/system" "github.com/containers/storage/pkg/unshare" "github.com/opencontainers/runtime-spec/specs-go" + "github.com/opencontainers/selinux/go-selinux/label" + "github.com/pkg/errors" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" ) @@ -55,6 +57,8 @@ type Options struct { // attempting to optimize by having the runtime actually mount and // manage the overlay filesystem. ForceMount bool + // MountLabel is a label to force for the overlay filesystem. + MountLabel string } // TempDir generates an overlay Temp directory in the container content @@ -198,6 +202,9 @@ func MountWithOptions(contentDir, source, dest string, opts *Options) (mount spe } overlayOptions = fmt.Sprintf("lowerdir=%s,upperdir=%s,workdir=%s,private", escapeColon(source), upperDir, workDir) } + if opts.MountLabel != "" { + overlayOptions = overlayOptions + "," + label.FormatMountLabel("", opts.MountLabel) + } mountProgram := findMountProgram(opts.GraphOpts) if mountProgram != "" {