diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2021-10-26 16:38:54 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-10-26 16:38:54 +0000 |
| commit | 420ac5d13d0f9756a67ddc29032af41cca9a6d64 (patch) | |
| tree | c9baccb3f73489a33004b12025a4955e711e2cad /libpod | |
| parent | b7639ab503a61c8e82eed84e795695bc1f2be0b2 (diff) | |
| parent | bf8fd943ef61941b7ffe10cd389615256b381e2f (diff) | |
| download | podman-420ac5d13d0f9756a67ddc29032af41cca9a6d64.tar.gz podman-420ac5d13d0f9756a67ddc29032af41cca9a6d64.tar.bz2 podman-420ac5d13d0f9756a67ddc29032af41cca9a6d64.zip | |
Merge pull request #12088 from adrianreber/2021-10-25-fix-label-ipc-host
Allow 'container restore' with '--ipc host'
Diffstat (limited to 'libpod')
| -rw-r--r-- | libpod/container_internal.go | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/libpod/container_internal.go b/libpod/container_internal.go index 994ffeec7..d4384b791 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -457,10 +457,12 @@ func (c *Container) setupStorage(ctx context.Context) error { options.StorageOpt[split2[0]] = split2[1] } } - if c.restoreFromCheckpoint && !c.config.Privileged { - // If restoring from a checkpoint, the root file-system - // needs to be mounted with the same SELinux labels as - // it was mounted previously. + if c.restoreFromCheckpoint && c.config.ProcessLabel != "" && c.config.MountLabel != "" { + // If restoring from a checkpoint, the root file-system needs + // to be mounted with the same SELinux labels as it was mounted + // previously. But only if both labels have been set. For + // privileged containers or '--ipc host' only ProcessLabel will + // be set and so we will skip it for cases like that. if options.Flags == nil { options.Flags = make(map[string]interface{}) } |