opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-10-19 12:12:36 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2912 from adrianreber/label

Browse Source 
Use the same SELinux label for CRIU log files
This commit is contained in:
OpenShift Merge Robot
2019-04-14 02:02:40 -07:00
committed by GitHub
parent b9260053e9 86987b8038
commit 9acc9cd58c
1 changed files with 21 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
libpod/container_internal_linux.go
View File

@ -504,6 +504,21 @@ func (c *Container) checkpointRestoreSupported() (err error) {
return nil return nil
} }
func (c *Container) checkpointRestoreLabelLog(fileName string) (err error) {
// Create the CRIU log file and label it
dumpLog := filepath.Join(c.bundlePath(), fileName)
logFile, err := os.OpenFile(dumpLog, os.O_CREATE, 0600)
if err != nil {
return errors.Wrapf(err, "failed to create CRIU log file %q", dumpLog)
}
logFile.Close()
if err = label.SetFileLabel(dumpLog, c.MountLabel()); err != nil {
return errors.Wrapf(err, "failed to label CRIU log file %q", dumpLog)
}
return nil
}
func (c *Container) checkpoint(ctx context.Context, options ContainerCheckpointOptions) (err error) { func (c *Container) checkpoint(ctx context.Context, options ContainerCheckpointOptions) (err error) {
if err := c.checkpointRestoreSupported(); err != nil { if err := c.checkpointRestoreSupported(); err != nil {
return err return err
@ -513,16 +528,8 @@ func (c *Container) checkpoint(ctx context.Context, options ContainerCheckpointO
return errors.Wrapf(ErrCtrStateInvalid, "%q is not running, cannot checkpoint", c.state.State) return errors.Wrapf(ErrCtrStateInvalid, "%q is not running, cannot checkpoint", c.state.State)
} }
// Create the CRIU log file and label it if err := c.checkpointRestoreLabelLog("dump.log"); err != nil {
dumpLog := filepath.Join(c.bundlePath(), "dump.log") return err
logFile, err := os.OpenFile(dumpLog, os.O_CREATE, 0600)
if err != nil {
return errors.Wrapf(err, "failed to create CRIU log file %q", dumpLog)
}
logFile.Close()
if err = label.SetFileLabel(dumpLog, c.MountLabel()); err != nil {
return errors.Wrapf(err, "failed to label CRIU log file %q", dumpLog)
} }
if err := c.runtime.ociRuntime.checkpointContainer(c, options); err != nil { if err := c.runtime.ociRuntime.checkpointContainer(c, options); err != nil {
@ -577,6 +584,10 @@ func (c *Container) restore(ctx context.Context, options ContainerCheckpointOpti
return errors.Wrapf(err, "A complete checkpoint for this container cannot be found, cannot restore") return errors.Wrapf(err, "A complete checkpoint for this container cannot be found, cannot restore")
} }
if err := c.checkpointRestoreLabelLog("restore.log"); err != nil {
return err
}
// Read network configuration from checkpoint // Read network configuration from checkpoint
// Currently only one interface with one IP is supported. // Currently only one interface with one IP is supported.
networkStatusFile, err := os.Open(filepath.Join(c.bundlePath(), "network.status")) networkStatusFile, err := os.Open(filepath.Join(c.bundlePath(), "network.status"))