Use the copier package to rework how we handle ADD and COPY.
When evaluating cache for content that's being copied/added in, switch
from (digest the data, check for a cache entry, then maybe copy the data
and create the new layer) to (copy the data and create the new layer,
digesting as we go, check for a cache entry, either commit or discard
the new layer).
Use the copier package for ADD, COPY, and for ensuring that a specified
directory exists in the working container's rootfs.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When we're built with support for SELinux, refrain from setting process
and mount labels if SELinux isn't detected as enabled at runtime.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1542
Approved by: rhatdan
When seccomp is not enabled, make sure to clear any default setting
which runtime-tools supplied for us. Likewise, if SELinux is not
enabled, don't set a process label or a mount label.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #988
Approved by: rhatdan
Nalin Dahyabhai