Blob Blame Raw
From 579ae49d1b76552d93301745009dd9cefd9e8054 Mon Sep 17 00:00:00 2001
From: Zygmunt Krynicki <me@zygoon.pl>
Date: Wed, 2 Nov 2016 12:37:37 +0200
Subject: [PATCH] Set a context on the mount units

---
 systemd/systemd.go | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/systemd/systemd.go b/systemd/systemd.go
index a3f6c9e..a2bd14a 100644
--- a/systemd/systemd.go
+++ b/systemd/systemd.go
@@ -437,15 +437,20 @@ func MountUnitPath(baseDir, ext string) string {
 }
 
 func (s *systemd) WriteMountUnitFile(name, what, where, fstype string) (string, error) {
-	extra := ""
+	var options []string
+	var extra string
 	if osutil.IsDirectory(what) {
-		extra = "Options=bind\n"
+		options = append(options, "bind")
 		fstype = "none"
 	}
 
+	options = append(options, `context="system_u:object_r:snappy_var_lib_t:s0"`)
 	if fstype == "squashfs" && useFuse() {
 		fstype = "fuse.squashfuse"
 	}
+	if len(options) > 0 {
+		extra = fmt.Sprintf("Options=%s\n", strings.Join(options, ","))
+	}
 
 	c := fmt.Sprintf(`[Unit]
 Description=Mount unit for %s
-- 
2.7.4