container/podman
container/podman
1
0
Fork 0
mirror of https://github.com/containers/podman synced 2024-10-20 01:03:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use the same SELinux label for CRIU log files

Browse source 
The SELinux label for the CRIU dump.log was explicitly set in Podman.
The label for the restore.log, however, not. This just moves the code
to label the log file into a function and calls that functions during
checkpoint and restore.

Signed-off-by: Adrian Reber <areber@redhat.com>
This commit is contained in:
Adrian Reber 2019-04-12 13:12:38 +00:00 committed by Adrian Reber
parent 387d6012ba
commit 86987b8038
1 changed files with 21 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
libpod/container_internal_linux.go
View file

@ -504,6 +504,21 @@ func (c *Container) checkpointRestoreSupported() (err error) {
return nil
}
func (c *Container) checkpointRestoreLabelLog(fileName string) (err error) {
// Create the CRIU log file and label it
dumpLog := filepath.Join(c.bundlePath(), fileName)
logFile, err := os.OpenFile(dumpLog, os.O_CREATE, 0600)
if err != nil {
return errors.Wrapf(err, "failed to create CRIU log file %q", dumpLog)
}
logFile.Close()
if err = label.SetFileLabel(dumpLog, c.MountLabel()); err != nil {
return errors.Wrapf(err, "failed to label CRIU log file %q", dumpLog)
}
return nil
}
func (c *Container) checkpoint(ctx context.Context, options ContainerCheckpointOptions) (err error) {
if err := c.checkpointRestoreSupported(); err != nil {
return err
@ -513,16 +528,8 @@ func (c *Container) checkpoint(ctx context.Context, options ContainerCheckpointO
return errors.Wrapf(ErrCtrStateInvalid, "%q is not running, cannot checkpoint", c.state.State)
}
// Create the CRIU log file and label it
dumpLog := filepath.Join(c.bundlePath(), "dump.log")
logFile, err := os.OpenFile(dumpLog, os.O_CREATE, 0600)
if err != nil {
return errors.Wrapf(err, "failed to create CRIU log file %q", dumpLog)
}
logFile.Close()
if err = label.SetFileLabel(dumpLog, c.MountLabel()); err != nil {
return errors.Wrapf(err, "failed to label CRIU log file %q", dumpLog)
if err := c.checkpointRestoreLabelLog("dump.log"); err != nil {
return err
}
if err := c.runtime.ociRuntime.checkpointContainer(c, options); err != nil {
@ -577,6 +584,10 @@ func (c *Container) restore(ctx context.Context, options ContainerCheckpointOpti
return errors.Wrapf(err, "A complete checkpoint for this container cannot be found, cannot restore")
}
if err := c.checkpointRestoreLabelLog("restore.log"); err != nil {
return err
}
// Read network configuration from checkpoint
// Currently only one interface with one IP is supported.
networkStatusFile, err := os.Open(filepath.Join(c.bundlePath(), "network.status"))