diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2019-02-26 14:26:48 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-02-26 14:26:48 +0100 |
commit | 02988f17f6664204fbd5ec711f82de2811678b80 (patch) | |
tree | a6ee4001ffd9e8e997f2dcfe2eff16095b709e20 | |
parent | 865fc27075cfcbf99b07567d85c0e3525c5ade17 (diff) | |
parent | 0a8a1deed1bae2fa2e4d3972fa01196e34fcab7f (diff) | |
download | podman-02988f17f6664204fbd5ec711f82de2811678b80.tar.gz podman-02988f17f6664204fbd5ec711f82de2811678b80.tar.bz2 podman-02988f17f6664204fbd5ec711f82de2811678b80.zip |
Merge pull request #2382 from adrianreber/selinux
Fix one (of two) SELinux denials during checkpointing
-rw-r--r-- | libpod/container_internal_linux.go | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index f182b6bdf..b074efa3a 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -481,6 +481,19 @@ func (c *Container) checkpoint(ctx context.Context, options ContainerCheckpointO if c.state.State != ContainerStateRunning { return errors.Wrapf(ErrCtrStateInvalid, "%q is not running, cannot checkpoint", c.state.State) } + + // Create the CRIU log file and label it + dumpLog := filepath.Join(c.bundlePath(), "dump.log") + + logFile, err := os.OpenFile(dumpLog, os.O_CREATE, 0600) + if err != nil { + return errors.Wrapf(err, "failed to create CRIU log file %q", dumpLog) + } + logFile.Close() + if err = label.SetFileLabel(dumpLog, c.MountLabel()); err != nil { + return errors.Wrapf(err, "failed to label CRIU log file %q", dumpLog) + } + if err := c.runtime.ociRuntime.checkpointContainer(c, options); err != nil { return err } |