diff options
| author | Adrian Reber <areber@redhat.com> | 2019-04-12 13:12:38 +0000 |
|---|---|---|
| committer | Adrian Reber <adrian@lisas.de> | 2019-04-12 15:17:03 +0200 |
| commit | 86987b8038ddeb883048424884c908fb55a3e397 (patch) | |
| tree | f5f08a44beee2a9e40006592ca09152991732e28 /libpod | |
| parent | 387d6012ba5ef0860df665132c1e3e3017405b8f (diff) | |
| download | podman-86987b8038ddeb883048424884c908fb55a3e397.tar.gz podman-86987b8038ddeb883048424884c908fb55a3e397.tar.bz2 podman-86987b8038ddeb883048424884c908fb55a3e397.zip | |
Use the same SELinux label for CRIU log files
The SELinux label for the CRIU dump.log was explicitly set in Podman.
The label for the restore.log, however, not. This just moves the code
to label the log file into a function and calls that functions during
checkpoint and restore.
Signed-off-by: Adrian Reber <areber@redhat.com>
Diffstat (limited to 'libpod')
| -rw-r--r-- | libpod/container_internal_linux.go | 31 |
1 files changed, 21 insertions, 10 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index eeffa4705..f352b188e 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -504,17 +504,9 @@ func (c *Container) checkpointRestoreSupported() (err error) { return nil } -func (c *Container) checkpoint(ctx context.Context, options ContainerCheckpointOptions) (err error) { - if err := c.checkpointRestoreSupported(); err != nil { - return err - } - - if c.state.State != ContainerStateRunning { - return errors.Wrapf(ErrCtrStateInvalid, "%q is not running, cannot checkpoint", c.state.State) - } - +func (c *Container) checkpointRestoreLabelLog(fileName string) (err error) { // Create the CRIU log file and label it - dumpLog := filepath.Join(c.bundlePath(), "dump.log") + dumpLog := filepath.Join(c.bundlePath(), fileName) logFile, err := os.OpenFile(dumpLog, os.O_CREATE, 0600) if err != nil { @@ -524,6 +516,21 @@ func (c *Container) checkpoint(ctx context.Context, options ContainerCheckpointO if err = label.SetFileLabel(dumpLog, c.MountLabel()); err != nil { return errors.Wrapf(err, "failed to label CRIU log file %q", dumpLog) } + return nil +} + +func (c *Container) checkpoint(ctx context.Context, options ContainerCheckpointOptions) (err error) { + if err := c.checkpointRestoreSupported(); err != nil { + return err + } + + if c.state.State != ContainerStateRunning { + return errors.Wrapf(ErrCtrStateInvalid, "%q is not running, cannot checkpoint", c.state.State) + } + + if err := c.checkpointRestoreLabelLog("dump.log"); err != nil { + return err + } if err := c.runtime.ociRuntime.checkpointContainer(c, options); err != nil { return err @@ -577,6 +584,10 @@ func (c *Container) restore(ctx context.Context, options ContainerCheckpointOpti return errors.Wrapf(err, "A complete checkpoint for this container cannot be found, cannot restore") } + if err := c.checkpointRestoreLabelLog("restore.log"); err != nil { + return err + } + // Read network configuration from checkpoint // Currently only one interface with one IP is supported. networkStatusFile, err := os.Open(filepath.Join(c.bundlePath(), "network.status")) |