Revert "[cri] label etc files for selinux containers"

This reverts commit a731039.
dweomer · Nov 2, 2021 · f7f08f0 · f7f08f0
1 parent 1650b13
commit f7f08f0
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 25 deletions.
diff --git a/pkg/cri/opts/spec_linux.go b/pkg/cri/opts/spec_linux.go
@@ -225,30 +225,6 @@ func WithMounts(osi osinterface.OS, config *runtime.ContainerConfig, extra []*ru
  }
 }
 
-const (
- etcHosts = "/etc/hosts"
- etcHostname = "/etc/hostname"
- resolvConfPath = "/etc/resolv.conf"
-)
-
-// WithRelabeledContainerMounts relabels the default container mounts for files in /etc
-func WithRelabeledContainerMounts(mountLabel string) oci.SpecOpts {
- return func(ctx context.Context, client oci.Client, _ *containers.Container, s *runtimespec.Spec) (err error) {
- if mountLabel == "" {
- return nil
- }
- for _, m := range s.Mounts {
- switch m.Destination {
- case etcHosts, etcHostname, resolvConfPath:
- if err := label.Relabel(m.Source, mountLabel, false); err != nil {
- return err
- }
- }
- }
- return nil
- }
-}
-
 // Ensure mount point on which path is mounted, is shared.
 func ensureShared(path string, lookupMount func(string) (mount.Info, error)) error {
  mountInfo, err := lookupMount(path)

diff --git a/pkg/cri/server/container_create_linux.go b/pkg/cri/server/container_create_linux.go
@@ -192,7 +192,7 @@ func (c *criService) containerSpec(
  }
  }()
 
- specOpts = append(specOpts, customopts.WithMounts(c.os, config, extraMounts, mountLabel), customopts.WithRelabeledContainerMounts(mountLabel))
+ specOpts = append(specOpts, customopts.WithMounts(c.os, config, extraMounts, mountLabel))
 
  if !c.config.DisableProcMount {
  // Change the default masked/readonly paths to empty slices