Merge pull request systemd#2816 from rhatdan/selinux

/dev/console must be labeled with SELinux label in containers
aroig · Mar 10, 2016 · ef240bf · ef240bf
2 parents 0551ec7 + 68b0204
commit ef240bf
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
@@ -87,6 +87,7 @@
 #ifdef HAVE_SECCOMP
 #include "seccomp-util.h"
 #endif
+#include "selinux-util.h"
 #include "signal-util.h"
 #include "socket-util.h"
 #include "stat-util.h"
@@ -3284,6 +3285,12 @@ int main(int argc, char *argv[]) {
                 goto finish;
         }
 
+        if (arg_selinux_apifs_context) {
+                r = mac_selinux_apply(console, arg_selinux_apifs_context);
+                if (r < 0)
+                        goto finish;
+        }
+
         if (unlockpt(master) < 0) {
                 r = log_error_errno(errno, "Failed to unlock tty: %m");
                 goto finish;