summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAdrian Reber <areber@redhat.com>2019-04-12 13:12:38 +0000
committerAdrian Reber <adrian@lisas.de>2019-04-12 15:17:03 +0200
commit86987b8038ddeb883048424884c908fb55a3e397 (patch)
treef5f08a44beee2a9e40006592ca09152991732e28
parent387d6012ba5ef0860df665132c1e3e3017405b8f (diff)
downloadpodman-86987b8038ddeb883048424884c908fb55a3e397.tar.gz
podman-86987b8038ddeb883048424884c908fb55a3e397.tar.bz2
podman-86987b8038ddeb883048424884c908fb55a3e397.zip
Use the same SELinux label for CRIU log files
The SELinux label for the CRIU dump.log was explicitly set in Podman. The label for the restore.log, however, not. This just moves the code to label the log file into a function and calls that functions during checkpoint and restore. Signed-off-by: Adrian Reber <areber@redhat.com>
-rw-r--r--libpod/container_internal_linux.go31
1 files changed, 21 insertions, 10 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index eeffa4705..f352b188e 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -504,17 +504,9 @@ func (c *Container) checkpointRestoreSupported() (err error) {
return nil
}
-func (c *Container) checkpoint(ctx context.Context, options ContainerCheckpointOptions) (err error) {
- if err := c.checkpointRestoreSupported(); err != nil {
- return err
- }
-
- if c.state.State != ContainerStateRunning {
- return errors.Wrapf(ErrCtrStateInvalid, "%q is not running, cannot checkpoint", c.state.State)
- }
-
+func (c *Container) checkpointRestoreLabelLog(fileName string) (err error) {
// Create the CRIU log file and label it
- dumpLog := filepath.Join(c.bundlePath(), "dump.log")
+ dumpLog := filepath.Join(c.bundlePath(), fileName)
logFile, err := os.OpenFile(dumpLog, os.O_CREATE, 0600)
if err != nil {
@@ -524,6 +516,21 @@ func (c *Container) checkpoint(ctx context.Context, options ContainerCheckpointO
if err = label.SetFileLabel(dumpLog, c.MountLabel()); err != nil {
return errors.Wrapf(err, "failed to label CRIU log file %q", dumpLog)
}
+ return nil
+}
+
+func (c *Container) checkpoint(ctx context.Context, options ContainerCheckpointOptions) (err error) {
+ if err := c.checkpointRestoreSupported(); err != nil {
+ return err
+ }
+
+ if c.state.State != ContainerStateRunning {
+ return errors.Wrapf(ErrCtrStateInvalid, "%q is not running, cannot checkpoint", c.state.State)
+ }
+
+ if err := c.checkpointRestoreLabelLog("dump.log"); err != nil {
+ return err
+ }
if err := c.runtime.ociRuntime.checkpointContainer(c, options); err != nil {
return err
@@ -577,6 +584,10 @@ func (c *Container) restore(ctx context.Context, options ContainerCheckpointOpti
return errors.Wrapf(err, "A complete checkpoint for this container cannot be found, cannot restore")
}
+ if err := c.checkpointRestoreLabelLog("restore.log"); err != nil {
+ return err
+ }
+
// Read network configuration from checkpoint
// Currently only one interface with one IP is supported.
networkStatusFile, err := os.Open(filepath.Join(c.bundlePath(), "network.status"))