opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-26 12:56:45 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #12388 from rhatdan/test

Browse Source 
Unset SocketLabel after system finishes checkpointing
This commit is contained in:
OpenShift Merge Robot
2021-11-24 01:46:09 +01:00
committed by GitHub
parent 1be4c36e7e df6aa67302
commit 04be1e6485
2 changed files with 29 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
libpod/oci_conmon_linux.go
View File

@ -777,9 +777,6 @@ func (r *ConmonOCIRuntime) AttachResize(ctr *Container, newSize define.TerminalS
// CheckpointContainer checkpoints the given container. // CheckpointContainer checkpoints the given container.
func (r *ConmonOCIRuntime) CheckpointContainer(ctr *Container, options ContainerCheckpointOptions) (int64, error) { func (r *ConmonOCIRuntime) CheckpointContainer(ctr *Container, options ContainerCheckpointOptions) (int64, error) {
if err := label.SetSocketLabel(ctr.ProcessLabel()); err != nil {
return 0, err
}
// imagePath is used by CRIU to store the actual checkpoint files // imagePath is used by CRIU to store the actual checkpoint files
imagePath := ctr.CheckpointPath() imagePath := ctr.CheckpointPath()
if options.PreCheckPoint { if options.PreCheckPoint {
@ -823,14 +820,37 @@ func (r *ConmonOCIRuntime) CheckpointContainer(ctr *Container, options Container
if err != nil { if err != nil {
return 0, err return 0, err
} }
if err = os.Setenv("XDG_RUNTIME_DIR", runtimeDir); err != nil {
return 0, errors.Wrapf(err, "cannot set XDG_RUNTIME_DIR")
}
args = append(args, ctr.ID()) args = append(args, ctr.ID())
logrus.Debugf("the args to checkpoint: %s %s", r.path, strings.Join(args, " ")) logrus.Debugf("the args to checkpoint: %s %s", r.path, strings.Join(args, " "))
oldRuntimeDir, oldRuntimeDirSet := os.LookupEnv("XDG_RUNTIME_DIR")
if err = os.Setenv("XDG_RUNTIME_DIR", runtimeDir); err != nil {
return 0, errors.Wrapf(err, "cannot set XDG_RUNTIME_DIR")
}
runtime.LockOSThread()
if err := label.SetSocketLabel(ctr.ProcessLabel()); err != nil {
return 0, err
}
defer func() {
if oldRuntimeDirSet {
if err := os.Setenv("XDG_RUNTIME_DIR", oldRuntimeDir); err != nil {
logrus.Warnf("cannot resset XDG_RUNTIME_DIR: %v", err)
}
} else {
if err := os.Unsetenv("XDG_RUNTIME_DIR"); err != nil {
logrus.Warnf("cannot unset XDG_RUNTIME_DIR: %v", err)
}
}
}()
runtimeCheckpointStarted := time.Now() runtimeCheckpointStarted := time.Now()
err = utils.ExecCmdWithStdStreams(os.Stdin, os.Stdout, os.Stderr, nil, r.path, args...) err = utils.ExecCmdWithStdStreams(os.Stdin, os.Stdout, os.Stderr, nil, r.path, args...)
// Ignore error returned from SetSocketLabel("") call,
// can't recover.
if labelErr := label.SetSocketLabel(""); labelErr != nil {
logrus.Errorf("Unable to reset socket label: %q", labelErr)
}
runtime.UnlockOSThread()
runtimeCheckpointDuration := func() int64 { runtimeCheckpointDuration := func() int64 {
if options.PrintStats { if options.PrintStats {
@ -1445,7 +1465,7 @@ func startCommandGivenSelinux(cmd *exec.Cmd, ctr *Container) error {
// Ignore error returned from SetProcessLabel("") call, // Ignore error returned from SetProcessLabel("") call,
// can't recover. // can't recover.
if labelErr := label.SetProcessLabel(""); labelErr != nil { if labelErr := label.SetProcessLabel(""); labelErr != nil {
logrus.Errorf("Unable to set process label: %q", err) logrus.Errorf("Unable to set process label: %q", labelErr)
} }
runtime.UnlockOSThread() runtime.UnlockOSThread()
return err return err

4
test/system/600-completion.bats
View File

@ -258,10 +258,10 @@ function _check_completion_end() {
# create pods for each state # create pods for each state
run_podman pod create --name created-$random_pod_name run_podman pod create --name created-$random_pod_name
run_podman pod create --name running-$random_pod_name run_podman pod create --name running-$random_pod_name
run_podman run -d --name running-$random_pod_name-con --pod running-$random_pod_name $IMAGE top
run_podman pod create --name degraded-$random_pod_name run_podman pod create --name degraded-$random_pod_name
run_podman run -d --name degraded-$random_pod_name-con --pod degraded-$random_pod_name $IMAGE echo degraded
run_podman pod create --name exited-$random_pod_name run_podman pod create --name exited-$random_pod_name
run_podman run -d --name running-$random_pod_name-con --pod running-$random_pod_name $IMAGE top
run_podman run -d --name degraded-$random_pod_name-con --pod degraded-$random_pod_name $IMAGE echo degraded
run_podman run -d --name exited-$random_pod_name-con --pod exited-$random_pod_name $IMAGE echo exited run_podman run -d --name exited-$random_pod_name-con --pod exited-$random_pod_name $IMAGE echo exited
run_podman pod stop exited-$random_pod_name run_podman pod stop exited-$random_pod_name