diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2019-07-08 20:31:59 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-07-08 20:31:59 +0200 |
| commit | edc7f52c9577a22f7dcd5b98fbd0125fb8d2da79 (patch) | |
| tree | e11c01edb0d3d1d6471f27a2efc1b030566223b2 /libpod/container_internal.go | |
| parent | eae377d6e8875ab19d06189032a7c8f98e5d84dd (diff) | |
| parent | 95719b6d6b2cf7eae9b60e9a46161a2cbbe588b7 (diff) | |
| download | podman-edc7f52c9577a22f7dcd5b98fbd0125fb8d2da79.tar.gz podman-edc7f52c9577a22f7dcd5b98fbd0125fb8d2da79.tar.bz2 podman-edc7f52c9577a22f7dcd5b98fbd0125fb8d2da79.zip | |
Merge pull request #3425 from adrianreber/restore-mount-label
Set correct SELinux label on restored containers
Diffstat (limited to 'libpod/container_internal.go')
| -rw-r--r-- | libpod/container_internal.go | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/libpod/container_internal.go b/libpod/container_internal.go index 1cac7b003..c409da96a 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -352,6 +352,16 @@ func (c *Container) setupStorage(ctx context.Context) error { }, LabelOpts: c.config.LabelOpts, } + if c.restoreFromCheckpoint { + // If restoring from a checkpoint, the root file-system + // needs to be mounted with the same SELinux labels as + // it was mounted previously. + if options.Flags == nil { + options.Flags = make(map[string]interface{}) + } + options.Flags["ProcessLabel"] = c.config.ProcessLabel + options.Flags["MountLabel"] = c.config.MountLabel + } if c.config.Privileged { privOpt := func(opt string) bool { for _, privopt := range []string{"nodev", "nosuid", "noexec"} { |