mirror of
https://github.com/ValveSoftware/Proton.git
synced 2025-07-06 17:25:02 +03:00
Add option to disable SELinux labeling for container volumes.
Adds --disable-labeling to configure.sh. Passing this option passes --security-opt label=disable to the container, which disables SELinux labeling.
This commit is contained in:
parent
962bbc4e74
commit
e4d042f465
@ -1150,6 +1150,10 @@ else
|
|||||||
override DOCKER_OPTS := $(CCACHE_ENV) -e CCACHE_DISABLE=1 $(DOCKER_OPTS)
|
override DOCKER_OPTS := $(CCACHE_ENV) -e CCACHE_DISABLE=1 $(DOCKER_OPTS)
|
||||||
endif
|
endif
|
||||||
|
|
||||||
|
ifeq ($(DISABLE_LABELING),1)
|
||||||
|
override DOCKER_OPTS := --security-opt label=disable $(DOCKER_OPTS)
|
||||||
|
endif
|
||||||
|
|
||||||
export CARGO_HOME := $(if $(CARGO_HOME),$(CARGO_HOME),$(HOME)/.cargo)
|
export CARGO_HOME := $(if $(CARGO_HOME),$(CARGO_HOME),$(HOME)/.cargo)
|
||||||
override DOCKER_OPTS := -v $(CARGO_HOME):$(CARGO_HOME)$(CONTAINER_MOUNT_OPTS) -e CARGO_HOME=$(CARGO_HOME) $(DOCKER_OPTS)
|
override DOCKER_OPTS := -v $(CARGO_HOME):$(CARGO_HOME)$(CONTAINER_MOUNT_OPTS) -e CARGO_HOME=$(CARGO_HOME) $(DOCKER_OPTS)
|
||||||
|
|
||||||
|
13
configure.sh
13
configure.sh
@ -55,14 +55,19 @@ check_container_engine() {
|
|||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
label_opt=""
|
||||||
|
if [[ -n $arg_disable_labeling ]]; then
|
||||||
|
label_opt="--security-opt label=disable"
|
||||||
|
fi
|
||||||
touch permission_check
|
touch permission_check
|
||||||
local inner_uid="$($1 run -v "$(pwd):/test$CONTAINER_MOUNT_OPTS" \
|
local inner_uid="$($1 run -v "$(pwd):/test$CONTAINER_MOUNT_OPTS" \
|
||||||
|
$label_opt \
|
||||||
--rm $2 \
|
--rm $2 \
|
||||||
stat --format "%u" /test/permission_check 2>&1)"
|
stat --format "%u" /test/permission_check 2>&1)"
|
||||||
rm permission_check
|
rm permission_check
|
||||||
|
|
||||||
if [[ $inner_uid == *"Permission denied"* ]]; then
|
if [[ $inner_uid == *"Permission denied"* ]]; then
|
||||||
err "The container cannot access files. Are you using SELinux?"
|
err "The container cannot access files. If you're using SELinux, try passing --disable-labeling or --relabel-volumes."
|
||||||
die "Please read README.md and check your $1 setup works."
|
die "Please read README.md and check your $1 setup works."
|
||||||
elif [ "$inner_uid" -eq 0 ]; then
|
elif [ "$inner_uid" -eq 0 ]; then
|
||||||
# namespace maps the user as root or the build is performed as host's root
|
# namespace maps the user as root or the build is performed as host's root
|
||||||
@ -164,6 +169,9 @@ function configure() {
|
|||||||
if [[ -n "$arg_docker_opts" ]]; then
|
if [[ -n "$arg_docker_opts" ]]; then
|
||||||
echo "DOCKER_OPTS := $arg_docker_opts"
|
echo "DOCKER_OPTS := $arg_docker_opts"
|
||||||
fi
|
fi
|
||||||
|
if [[ -n "$arg_disable_labeling" ]]; then
|
||||||
|
echo "DISABLE_LABELING := 1"
|
||||||
|
fi
|
||||||
if [[ -n "$CONTAINER_MOUNT_OPTS" ]]; then
|
if [[ -n "$CONTAINER_MOUNT_OPTS" ]]; then
|
||||||
echo "CONTAINER_MOUNT_OPTS := $CONTAINER_MOUNT_OPTS"
|
echo "CONTAINER_MOUNT_OPTS := $CONTAINER_MOUNT_OPTS"
|
||||||
fi
|
fi
|
||||||
@ -191,6 +199,7 @@ arg_protonsdk_image=""
|
|||||||
arg_build_name=""
|
arg_build_name=""
|
||||||
arg_container_engine=""
|
arg_container_engine=""
|
||||||
arg_docker_opts=""
|
arg_docker_opts=""
|
||||||
|
arg_disable_labeling=""
|
||||||
arg_relabel_volumes=""
|
arg_relabel_volumes=""
|
||||||
arg_enable_ccache=""
|
arg_enable_ccache=""
|
||||||
arg_enable_bear=""
|
arg_enable_bear=""
|
||||||
@ -238,6 +247,8 @@ function parse_args() {
|
|||||||
val_used=1
|
val_used=1
|
||||||
elif [[ $arg = --relabel-volumes ]]; then
|
elif [[ $arg = --relabel-volumes ]]; then
|
||||||
arg_relabel_volumes="1"
|
arg_relabel_volumes="1"
|
||||||
|
elif [[ $arg = --disable-labeling ]]; then
|
||||||
|
arg_disable_labeling="1"
|
||||||
elif [[ $arg = --enable-ccache ]]; then
|
elif [[ $arg = --enable-ccache ]]; then
|
||||||
arg_enable_ccache="1"
|
arg_enable_ccache="1"
|
||||||
elif [[ $arg = --enable-bear ]]; then
|
elif [[ $arg = --enable-bear ]]; then
|
||||||
|
Loading…
x
Reference in New Issue
Block a user