aboutsummaryrefslogtreecommitdiff
path: root/libpod
diff options
context:
space:
mode:
authorMatthew Heon <matthew.heon@gmail.com>2018-02-27 13:54:48 -0500
committerAtomic Bot <atomic-devel@projectatomic.io>2018-03-01 21:17:51 +0000
commit70baafc1c756ba4ebc25c54ac92763bf0b8e91bb (patch)
tree211fdee5fdfae97ca3c809635c5da3cbf2e1b54e /libpod
parent8b87a17f569010d694a124848d1489f8c1430516 (diff)
downloadpodman-70baafc1c756ba4ebc25c54ac92763bf0b8e91bb.tar.gz
podman-70baafc1c756ba4ebc25c54ac92763bf0b8e91bb.tar.bz2
podman-70baafc1c756ba4ebc25c54ac92763bf0b8e91bb.zip
Ensure that Cleanup() will not run on active containers
This ensures that containers with active exec sessions will not have storage unmounted under them or network namespaces destroyed Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #412 Approved by: baude
Diffstat (limited to 'libpod')
-rw-r--r--libpod/container_api.go10
1 files changed, 10 insertions, 0 deletions
diff --git a/libpod/container_api.go b/libpod/container_api.go
index c1c1689df..1e233109b 100644
--- a/libpod/container_api.go
+++ b/libpod/container_api.go
@@ -603,6 +603,16 @@ func (c *Container) Cleanup() error {
}
}
+ // Check if state is good
+ if c.state.State == ContainerStateRunning || c.state.State == ContainerStatePaused {
+ return errors.Wrapf(ErrCtrStateInvalid, "container %s is running or paused, refusing to clean up", c.ID())
+ }
+
+ // Check if we have active exec sessions
+ if len(c.state.ExecSessions) != 0 {
+ return errors.Wrapf(ErrCtrStateInvalid, "container %s has active exec sessions, refusing to clean up", c.ID())
+ }
+
// Stop the container's network namespace (if it has one)
if err := c.cleanupNetwork(); err != nil {
logrus.Errorf("unable cleanup network for container %s: %q", c.ID(), err)