diff options
author | Matthew Heon <matthew.heon@gmail.com> | 2018-02-27 13:54:48 -0500 |
---|---|---|
committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-03-01 21:17:51 +0000 |
commit | 70baafc1c756ba4ebc25c54ac92763bf0b8e91bb (patch) | |
tree | 211fdee5fdfae97ca3c809635c5da3cbf2e1b54e /libpod | |
parent | 8b87a17f569010d694a124848d1489f8c1430516 (diff) | |
download | podman-70baafc1c756ba4ebc25c54ac92763bf0b8e91bb.tar.gz podman-70baafc1c756ba4ebc25c54ac92763bf0b8e91bb.tar.bz2 podman-70baafc1c756ba4ebc25c54ac92763bf0b8e91bb.zip |
Ensure that Cleanup() will not run on active containers
This ensures that containers with active exec sessions will not
have storage unmounted under them or network namespaces destroyed
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #412
Approved by: baude
Diffstat (limited to 'libpod')
-rw-r--r-- | libpod/container_api.go | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/libpod/container_api.go b/libpod/container_api.go index c1c1689df..1e233109b 100644 --- a/libpod/container_api.go +++ b/libpod/container_api.go @@ -603,6 +603,16 @@ func (c *Container) Cleanup() error { } } + // Check if state is good + if c.state.State == ContainerStateRunning || c.state.State == ContainerStatePaused { + return errors.Wrapf(ErrCtrStateInvalid, "container %s is running or paused, refusing to clean up", c.ID()) + } + + // Check if we have active exec sessions + if len(c.state.ExecSessions) != 0 { + return errors.Wrapf(ErrCtrStateInvalid, "container %s has active exec sessions, refusing to clean up", c.ID()) + } + // Stop the container's network namespace (if it has one) if err := c.cleanupNetwork(); err != nil { logrus.Errorf("unable cleanup network for container %s: %q", c.ID(), err) |