From 8b2b5e9492262f575b44f449795b25b1874320d5 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 5 Mar 2026 14:54:17 -0800 Subject: [PATCH] libct: remove relabeling dead code There is no way to set Mount.Relabel field via OCI spec (config.json), and so the relabeling code is never used. My guess it's a leftover from times when runc used to be part of Docker. Remove it, and mark Relabel field as deprecated. Signed-off-by: Kir Kolyshkin --- libcontainer/configs/mount_linux.go | 6 ++++-- libcontainer/rootfs_linux.go | 10 ---------- 2 files changed, 4 insertions(+), 12 deletions(-) diff --git a/libcontainer/configs/mount_linux.go b/libcontainer/configs/mount_linux.go index 87b18bac3d2..8417da316c0 100644 --- a/libcontainer/configs/mount_linux.go +++ b/libcontainer/configs/mount_linux.go @@ -43,8 +43,10 @@ type Mount struct { // Mount data applied to the mount. Data string `json:"data,omitempty"` - // Relabel source if set, "z" indicates shared, "Z" indicates unshared. - Relabel string `json:"relabel,omitempty"` + // Relabel field is ignored. + // + // Deprecated: do not use. This field will be removed in runc 1.7. + Relabel string // RecAttr represents mount properties to be applied recursively (AT_RECURSIVE), see mount_setattr(2). RecAttr *unix.MountAttr `json:"rec_attr,omitempty"` diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 1ba386ed015..be7719211c4 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -747,16 +747,6 @@ func mountToRootfs(c *mountConfig, m mountEntry) error { return fmt.Errorf("failed to set user-requested vfs flags on bind-mount: %w", err) } } - - if m.Relabel != "" { - if err := label.Validate(m.Relabel); err != nil { - return err - } - shared := label.IsShared(m.Relabel) - if err := label.Relabel(m.Source, mountLabel, shared); err != nil { - return err - } - } return setRecAttr(m) case "cgroup": if cgroups.IsCgroup2UnifiedMode() {