diff options
| author | Adrian Reber <areber@redhat.com> | 2019-02-20 16:42:44 +0000 |
|---|---|---|
| committer | Adrian Reber <adrian@lisas.de> | 2019-02-26 11:28:54 +0100 |
| commit | 0a8a1deed1bae2fa2e4d3972fa01196e34fcab7f (patch) | |
| tree | 98bfa3221e6140fe6ee726184c1e31c4aa0596a0 /cmd/podman/runlabel.go | |
| parent | 05450f3162347b2d2b2f61559a6b8261f7dffec9 (diff) | |
| download | podman-0a8a1deed1bae2fa2e4d3972fa01196e34fcab7f.tar.gz podman-0a8a1deed1bae2fa2e4d3972fa01196e34fcab7f.tar.bz2 podman-0a8a1deed1bae2fa2e4d3972fa01196e34fcab7f.zip | |
Label CRIU log files correctly
CRIU creates a log file during checkpointing in .../userdata/dump.log.
The problem with this file is, is that CRIU injects a parasite code into
the container processes and this parasite code also writes to the same
log file. At this point a process from the inside of the container is
trying to access the log file on the outside of the container and
SELinux prohibits this. To enable writing to the log file from the
injected parasite code, this commit creates an empty log file and labels
the log file with c.MountLabel(). CRIU uses existing files when writing
it logs so the log file label persists and now, with the correct label,
SELinux no longer blocks access to the log file.
Signed-off-by: Adrian Reber <areber@redhat.com>
Diffstat (limited to 'cmd/podman/runlabel.go')
0 files changed, 0 insertions, 0 deletions