summaryrefslogtreecommitdiff
path: root/cmd/podman/trust.go
diff options
context:
space:
mode:
authorAdrian Reber <areber@redhat.com>2019-02-20 16:42:44 +0000
committerAdrian Reber <adrian@lisas.de>2019-02-26 11:28:54 +0100
commit0a8a1deed1bae2fa2e4d3972fa01196e34fcab7f (patch)
tree98bfa3221e6140fe6ee726184c1e31c4aa0596a0 /cmd/podman/trust.go
parent05450f3162347b2d2b2f61559a6b8261f7dffec9 (diff)
downloadpodman-0a8a1deed1bae2fa2e4d3972fa01196e34fcab7f.tar.gz
podman-0a8a1deed1bae2fa2e4d3972fa01196e34fcab7f.tar.bz2
podman-0a8a1deed1bae2fa2e4d3972fa01196e34fcab7f.zip
Label CRIU log files correctly
CRIU creates a log file during checkpointing in .../userdata/dump.log. The problem with this file is, is that CRIU injects a parasite code into the container processes and this parasite code also writes to the same log file. At this point a process from the inside of the container is trying to access the log file on the outside of the container and SELinux prohibits this. To enable writing to the log file from the injected parasite code, this commit creates an empty log file and labels the log file with c.MountLabel(). CRIU uses existing files when writing it logs so the log file label persists and now, with the correct label, SELinux no longer blocks access to the log file. Signed-off-by: Adrian Reber <areber@redhat.com>
Diffstat (limited to 'cmd/podman/trust.go')
0 files changed, 0 insertions, 0 deletions