aboutsummaryrefslogtreecommitdiff
path: root/libpod/sql_state_internal.go
diff options
context:
space:
mode:
authorMatthew Heon <matthew.heon@gmail.com>2018-02-10 15:11:32 -0500
committerAtomic Bot <atomic-devel@projectatomic.io>2018-02-12 14:28:07 +0000
commitdc6a99df4c5ea7facaca20129b2b6c5b53ddb3c1 (patch)
tree0f1915a7e7e296652b0c4aaabc765b5786cfa9ab /libpod/sql_state_internal.go
parent3962d10bd482d1c57707465e8f76e76b4abc9a9f (diff)
downloadpodman-dc6a99df4c5ea7facaca20129b2b6c5b53ddb3c1.tar.gz
podman-dc6a99df4c5ea7facaca20129b2b6c5b53ddb3c1.tar.bz2
podman-dc6a99df4c5ea7facaca20129b2b6c5b53ddb3c1.zip
Containers in a pod can only join namespaces in that pod
This solves some dependency problems in the state, and makes sense from a design standpoint. Containers not in a pod can still depend on the namespaces of containers joined to a pod, which we might also want to change in the future. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #184 Approved by: baude
Diffstat (limited to 'libpod/sql_state_internal.go')
-rw-r--r--libpod/sql_state_internal.go19
1 files changed, 18 insertions, 1 deletions
diff --git a/libpod/sql_state_internal.go b/libpod/sql_state_internal.go
index 3fb1ac64f..0bbdccc9f 100644
--- a/libpod/sql_state_internal.go
+++ b/libpod/sql_state_internal.go
@@ -752,13 +752,16 @@ func (s *SQLState) addContainer(ctr *Container, pod *Pod) (err error) {
?, ?, ?, ?, ?,
?, ?, ?
);`
- addRegistry = "INSERT INTO registry VALUES (?, ?);"
+ addRegistry = "INSERT INTO registry VALUES (?, ?);"
+ checkCtrInPod = "SELECT 1 FROM containers WHERE Id=? AND Pod=?;"
)
if !s.valid {
return ErrDBClosed
}
+ depCtrs := ctr.Dependencies()
+
mounts, err := json.Marshal(ctr.config.Mounts)
if err != nil {
return errors.Wrapf(err, "error marshaling container %s mounts to JSON", ctr.ID())
@@ -830,6 +833,20 @@ func (s *SQLState) addContainer(ctr *Container, pod *Pod) (err error) {
pod.valid = false
return errors.Wrapf(ErrNoSuchPod, "pod %s does not exist in state, cannot add container to it", pod.ID())
}
+
+ // We also need to check if our dependencies are in the pod
+ for _, depID := range depCtrs {
+ row := tx.QueryRow(checkCtrInPod, depID, pod.ID())
+ var check int
+ err := row.Scan(&check)
+ if err != nil {
+ if err == sql.ErrNoRows {
+ return errors.Wrapf(ErrInvalidArg, "container %s depends on container %s but it is not in pod %s", ctr.ID(), depID, pod.ID())
+ }
+ } else if check != 1 {
+ return errors.Wrapf(ErrInternal, "check digit for checkCtrInPod query incorrect")
+ }
+ }
}
// Add container to registry