picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

nspawn: rename --file-label to --apifs-label since it's really just about the API file systems, nothing else

This commit is contained in:
Lennart Poettering 2014-02-07 19:29:28 +01:00
parent 4e2f8d2778
commit ba978d7b32
3 changed files with 7 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
TODO
View File

@ -36,8 +36,6 @@ External:
Features: Features:
* nspawn: rename --file-label to --apifs-label
* hookup nspawn and PrivateNetwork=yes with "ip netns" * hookup nspawn and PrivateNetwork=yes with "ip netns"
* socket units: support creating sockets in different namespace, * socket units: support creating sockets in different namespace,

2
man/systemd-nspawn.xml
View File

@ -250,7 +250,7 @@
<varlistentry> <varlistentry>
<term><option>-L</option></term> <term><option>-L</option></term>
<term><option>--file-label=</option></term> <term><option>--apifs-label=</option></term>
<listitem><para>Sets the mandatory <listitem><para>Sets the mandatory
access control (MAC/SELinux) file access control (MAC/SELinux) file

12
src/nspawn/nspawn.c
View File

@ -81,7 +81,7 @@ static char *arg_user = NULL;
static sd_id128_t arg_uuid = {}; static sd_id128_t arg_uuid = {};
static char *arg_machine = NULL; static char *arg_machine = NULL;
static char *arg_process_label = NULL; static char *arg_process_label = NULL;
static char *arg_file_label = NULL; static char *arg_apifs_label = NULL;
static const char *arg_slice = NULL; static const char *arg_slice = NULL;
static bool arg_private_network = false; static bool arg_private_network = false;
static bool arg_read_only = false; static bool arg_read_only = false;
@ -131,7 +131,7 @@ static int help(void) {
" --uuid=UUID Set a specific machine UUID for the container\n" " --uuid=UUID Set a specific machine UUID for the container\n"
" -M --machine=NAME Set the machine name for the container\n" " -M --machine=NAME Set the machine name for the container\n"
" -S --slice=SLICE Place the container in the specified slice\n" " -S --slice=SLICE Place the container in the specified slice\n"
" -L --file-label=LABEL Set the MAC file label to be used by tmpfs file\n" " -L --apifs-label=LABEL Set the MAC file label to be used by API/tmpfs file\n"
" systems in the container\n" " systems in the container\n"
" -Z --process-label=LABEL Set the MAC label to be used by processes in\n" " -Z --process-label=LABEL Set the MAC label to be used by processes in\n"
" the container\n" " the container\n"
@ -185,7 +185,7 @@ static int parse_argv(int argc, char *argv[]) {
{ "slice", required_argument, NULL, 'S' }, { "slice", required_argument, NULL, 'S' },
{ "setenv", required_argument, NULL, ARG_SETENV }, { "setenv", required_argument, NULL, ARG_SETENV },
{ "process-label", required_argument, NULL, 'Z' }, { "process-label", required_argument, NULL, 'Z' },
{ "file-label", required_argument, NULL, 'L' }, { "apifs-label", required_argument, NULL, 'L' },
{ "quiet", no_argument, NULL, 'q' }, { "quiet", no_argument, NULL, 'q' },
{} {}
}; };
@ -262,7 +262,7 @@ static int parse_argv(int argc, char *argv[]) {
break; break;
case 'L': case 'L':
arg_file_label = optarg; arg_apifs_label = optarg;
break; break;
case 'Z': case 'Z':
@ -449,8 +449,8 @@ static int mount_all(const char *dest) {
mkdir_p(where, 0755); mkdir_p(where, 0755);
#ifdef HAVE_SELINUX #ifdef HAVE_SELINUX
if (arg_file_label && (streq_ptr(mount_table[k].what, "tmpfs") || streq_ptr(mount_table[k].what, "devpts"))) { if (arg_apifs_label && (streq_ptr(mount_table[k].what, "tmpfs") || streq_ptr(mount_table[k].what, "devpts"))) {
options = strjoin(mount_table[k].options, ",context=\"", arg_file_label, "\"", NULL); options = strjoin(mount_table[k].options, ",context=\"", arg_apifs_label, "\"", NULL);
if (!options) if (!options)
return log_oom(); return log_oom();