summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2019-02-26 14:26:48 +0100
committerGitHub <noreply@github.com>2019-02-26 14:26:48 +0100
commit02988f17f6664204fbd5ec711f82de2811678b80 (patch)
treea6ee4001ffd9e8e997f2dcfe2eff16095b709e20
parent865fc27075cfcbf99b07567d85c0e3525c5ade17 (diff)
parent0a8a1deed1bae2fa2e4d3972fa01196e34fcab7f (diff)
downloadpodman-02988f17f6664204fbd5ec711f82de2811678b80.tar.gz
podman-02988f17f6664204fbd5ec711f82de2811678b80.tar.bz2
podman-02988f17f6664204fbd5ec711f82de2811678b80.zip
Merge pull request #2382 from adrianreber/selinux
Fix one (of two) SELinux denials during checkpointing
-rw-r--r--libpod/container_internal_linux.go13
1 files changed, 13 insertions, 0 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index f182b6bdf..b074efa3a 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -481,6 +481,19 @@ func (c *Container) checkpoint(ctx context.Context, options ContainerCheckpointO
if c.state.State != ContainerStateRunning {
return errors.Wrapf(ErrCtrStateInvalid, "%q is not running, cannot checkpoint", c.state.State)
}
+
+ // Create the CRIU log file and label it
+ dumpLog := filepath.Join(c.bundlePath(), "dump.log")
+
+ logFile, err := os.OpenFile(dumpLog, os.O_CREATE, 0600)
+ if err != nil {
+ return errors.Wrapf(err, "failed to create CRIU log file %q", dumpLog)
+ }
+ logFile.Close()
+ if err = label.SetFileLabel(dumpLog, c.MountLabel()); err != nil {
+ return errors.Wrapf(err, "failed to label CRIU log file %q", dumpLog)
+ }
+
if err := c.runtime.ociRuntime.checkpointContainer(c, options); err != nil {
return err
}