background

In this PR #2688, it was found that the implementation of linux mount label is different between runc and youki.

I have some question regarding the MountLabel implementation itself : As per the oci spec, the MountLabel field marks the selinux label to be used for that mount. Thus in runc https://github.com/opencontainers/runc/blob/d5e4c33001d74176222fe8f48a323f3e8ad89999/libcontainer/rootfs_linux.go#L536 , they use the selinux package and set the label using that. However in youki, we are passing that from https://github.com/containers/youki/blob/main/crates/libcontainer/src/rootfs/rootfs.rs#L90 to the syscall implementation, which finally reaches and then goes https://github.com/containers/youki/blob/main/crates/libcontainer/src/syscall/linux.rs#L471 . Where it finally calls nix::mount. I'm not sure how that is supposed to correspond to selinux. Can you check if there is some issue with out implementation , or am I doing some wrong code follow?

What we will do

Youki should follow runc's implementation.
Therefore, we will implement the crate like opencontainers/selinux in this issue.

@utam0k
I created a issue here, please correct me if I misunderstand.

Hey @Gekko0114 , do you need any help with this?

Thanks, but I don't have enough time to work on these days..
I plan to work on it when I have time. Sorry for inconvenience.
I thought it is not so urgent, but if it is urgent, please let me know.

Thanks, but I don't have enough time to work on these days..

I completely understand, no worries!

I plan to work on it when I have time. Sorry for inconvenience.
I thought it is not so urgent, but if it is urgent, please let me know.

This is not exactly urgent, but given that this is an incorrect implementation , I would prefer to have it fixed sooner than later. I was just wondering if you are still planning to work on this or not, so pinged you. Take your time 💜