opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-08-06 11:32:07 +08:00
Code Issues Packages Projects Releases Wiki Activity

Containers in a pod can only join namespaces in that pod

Browse Source 
This solves some dependency problems in the state, and makes
sense from a design standpoint.

Containers not in a pod can still depend on the namespaces of
containers joined to a pod, which we might also want to change in
the future.

Signed-off-by: Matthew Heon <matthew.heon@gmail.com>

Closes: #184
Approved by: baude
This commit is contained in:
Matthew Heon
2018-02-10 15:11:32 -05:00
committed by Atomic Bot
parent 3962d10bd4
commit dc6a99df4c
6 changed files with 125 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
libpod/boltdb_state_internal.go
View File

@ -23,6 +23,7 @@ const (
dependenciesName = "dependencies"
netNSName = "netns"
containersName = "containers"
podIDName = "pod-id"
)
var (
@ -37,6 +38,7 @@ var (
dependenciesBkt = []byte(dependenciesName)
netNSKey = []byte(netNSName)
containersBkt = []byte(containersName)
podIDKey = []byte(podIDName)
)
// Check if the configuration of the database is compatible with the
@ -329,6 +331,11 @@ func (s *BoltState) addContainer(ctr *Container, pod *Pod) error {
if err := newCtrBkt.Put(stateKey, stateJSON); err != nil {
return errors.Wrapf(err, "error adding container %s state to DB", ctr.ID())
}
if pod != nil {
if err := newCtrBkt.Put(podIDKey, []byte(pod.ID())); err != nil {
return errors.Wrapf(err, "error adding container %s pod to DB", ctr.ID())
}
}
if netNSPath != "" {
if err := newCtrBkt.Put(netNSKey, []byte(netNSPath)); err != nil {
return errors.Wrapf(err, "error adding container %s netns path to DB", ctr.ID())
@ -346,6 +353,15 @@ func (s *BoltState) addContainer(ctr *Container, pod *Pod) error {
if depCtrBkt == nil {
return errors.Wrapf(ErrNoSuchCtr, "container %s depends on container %s, but it does not exist in the DB", ctr.ID(), dependsCtr)
}
// If we're part of a pod, make sure the dependency is part of the same pod
if pod != nil {
depCtrPod := depCtrBkt.Get(podIDKey)
if depCtrPod == nil {
return errors.Wrapf(ErrInvalidArg, "container %s depends on container%s which is not in pod %s", ctr.ID(), dependsCtr, pod.ID())
}
}
depCtrDependsBkt := depCtrBkt.Bucket(dependenciesBkt)
if depCtrDependsBkt == nil {
return errors.Wrapf(ErrInternal, "container %s does not have a dependencies bucket", dependsCtr)