Skip to content

Commit

Permalink
fix: disable selinux label when mounting a volume
Browse files Browse the repository at this point in the history
Fixes containers#130

Signed-off-by: Jeff MAURY <[email protected]>
  • Loading branch information
jeffmaury committed Mar 7, 2024
1 parent 6e0d539 commit df72802
Show file tree
Hide file tree
Showing 4 changed files with 12 additions and 5 deletions.
10 changes: 6 additions & 4 deletions packages/backend/src/managers/applicationManager.ts
Original file line number Diff line number Diff line change
Expand Up @@ -21,10 +21,11 @@ import type { GitCloneInfo, GitManager } from './gitManager';
import fs from 'fs';
import * as path from 'node:path';
import {
type PodCreatePortOptions,
containerEngine,
type TelemetryLogger,
type HostConfig,
type PodCreatePortOptions,
type PodInfo,
type TelemetryLogger,
type Webview,
} from '@podman-desktop/api';
import type { AIConfig, AIConfigFile, ContainerConfig } from '../models/AIConfig';
Expand All @@ -35,7 +36,7 @@ import type { ModelInfo } from '@shared/src/models/IModelInfo';
import type { ModelsManager } from './modelsManager';
import { getPortsInfo } from '../utils/ports';
import { goarch } from '../utils/arch';
import { getDurationSecondsSince, timeout } from '../utils/utils';
import { DISABLE_SELINUX_LABEL_SECURITY_OPTION, getDurationSecondsSince, timeout } from '../utils/utils';
import type { LocalRepositoryRegistry } from '../registries/LocalRepositoryRegistry';
import { LABEL_MODEL_ID, LABEL_MODEL_PORTS } from './playground';
import type { ApplicationState } from '@shared/src/models/IApplicationState';
Expand Down Expand Up @@ -257,7 +258,7 @@ export class ApplicationManager {
const containers: ContainerAttachedInfo[] = [];
await Promise.all(
images.map(async image => {
let hostConfig: unknown;
let hostConfig: HostConfig;
let envs: string[] = [];
// if it's a model service we mount the model as a volume
if (image.modelService) {
Expand All @@ -271,6 +272,7 @@ export class ApplicationManager {
Type: 'bind',
},
],
SecurityOpt: [DISABLE_SELINUX_LABEL_SECURITY_OPTION],
};
envs = [`MODEL_PATH=/${modelName}`];
} else {
Expand Down
2 changes: 2 additions & 0 deletions packages/backend/src/managers/playground.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ import type { ImageInfo, TelemetryLogger, Webview } from '@podman-desktop/api';
import type { ModelInfo } from '@shared/src/models/IModelInfo';
import OpenAI from 'openai';
import { Stream } from 'openai/streaming';
import { DISABLE_SELINUX_LABEL_SECURITY_OPTION } from '../utils/utils';

const mocks = vi.hoisted(() => ({
postMessage: vi.fn(),
Expand Down Expand Up @@ -138,6 +139,7 @@ test('startPlayground should download image if not present then create container
Type: 'bind',
},
],
SecurityOpt: [DISABLE_SELINUX_LABEL_SECURITY_OPTION],
PortBindings: {
'8000/tcp': [
{
Expand Down
3 changes: 2 additions & 1 deletion packages/backend/src/managers/playground.ts
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ import type { PlaygroundState, PlaygroundStatus } from '@shared/src/models/IPlay
import type { ContainerRegistry } from '../registries/ContainerRegistry';
import type { PodmanConnection } from './podmanConnection';
import OpenAI from 'openai';
import { getDurationSecondsSince, timeout } from '../utils/utils';
import { DISABLE_SELINUX_LABEL_SECURITY_OPTION, getDurationSecondsSince, timeout } from '../utils/utils';
import type { ModelInfo } from '@shared/src/models/IModelInfo';

export const LABEL_MODEL_ID = 'ai-studio-model-id';
Expand Down Expand Up @@ -212,6 +212,7 @@ export class PlayGroundManager {
Type: 'bind',
},
],
SecurityOpt: [DISABLE_SELINUX_LABEL_SECURITY_OPTION],
PortBindings: {
'8000/tcp': [
{
Expand Down
2 changes: 2 additions & 0 deletions packages/backend/src/utils/utils.ts
Original file line number Diff line number Diff line change
Expand Up @@ -49,3 +49,5 @@ export async function isEndpointAlive(endPoint: string): Promise<boolean> {
export function getDurationSecondsSince(startTimeMs: number) {
return Math.round((performance.now() - startTimeMs) / 1000);
}

export const DISABLE_SELINUX_LABEL_SECURITY_OPTION = 'label=disable';

0 comments on commit df72802

Please sign in to comment.