1 files changed, 54 insertions, 32 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 50a2e2d44..686a595de 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -20,8 +20,10 @@ import (
 	cnitypes "github.com/containernetworking/cni/pkg/types/current"
 	"github.com/containernetworking/plugins/pkg/ns"
 	"github.com/containers/buildah/pkg/secrets"
+	"github.com/containers/libpod/libpod/define"
 	crioAnnotations "github.com/containers/libpod/pkg/annotations"
 	"github.com/containers/libpod/pkg/apparmor"
+	"github.com/containers/libpod/pkg/cgroups"
 	"github.com/containers/libpod/pkg/criu"
 	"github.com/containers/libpod/pkg/lookup"
 	"github.com/containers/libpod/pkg/resolvconf"
@@ -183,9 +185,13 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
 	// If network namespace was requested, add it now
 	if c.config.CreateNetNS {
 		if c.config.PostConfigureNetNS {
-			g.AddOrReplaceLinuxNamespace(spec.NetworkNamespace, "")
+			if err := g.AddOrReplaceLinuxNamespace(spec.NetworkNamespace, ""); err != nil {
+				return nil, err
+			}
 		} else {
-			g.AddOrReplaceLinuxNamespace(spec.NetworkNamespace, c.state.NetNS.Path())
+			if err := g.AddOrReplaceLinuxNamespace(spec.NetworkNamespace, c.state.NetNS.Path()); err != nil {
+				return nil, err
+			}
 		}
 	}
 
@@ -349,7 +355,11 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
 		g.AddProcessEnv("container", "libpod")
 	}
 
-	if rootless.IsRootless() {
+	unified, err := cgroups.IsCgroup2UnifiedMode()
+	if err != nil {
+		return nil, err
+	}
+	if rootless.IsRootless() && !unified {
 		g.SetLinuxCgroupsPath("")
 	} else if c.runtime.config.CgroupManager == SystemdCgroupsManager {
 		// When runc is set to use Systemd as a cgroup manager, it
@@ -409,7 +419,9 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
 
 	if rootPropagation != "" {
 		logrus.Debugf("set root propagation to %q", rootPropagation)
-		g.SetLinuxRootPropagation(rootPropagation)
+		if err := g.SetLinuxRootPropagation(rootPropagation); err != nil {
+			return nil, err
+		}
 	}
 
 	// Warning: precreate hooks may alter g.Config in place.
@@ -555,7 +567,9 @@ func (c *Container) checkpointRestoreLabelLog(fileName string) (err error) {
 	if err != nil {
 		return errors.Wrapf(err, "failed to create CRIU log file %q", dumpLog)
 	}
-	logFile.Close()
+	if err := logFile.Close(); err != nil {
+		logrus.Errorf("unable to close log file: %q", err)
+	}
 	if err = label.SetFileLabel(dumpLog, c.MountLabel()); err != nil {
 		return errors.Wrapf(err, "failed to label CRIU log file %q", dumpLog)
 	}
@@ -567,8 +581,8 @@ func (c *Container) checkpoint(ctx context.Context, options ContainerCheckpointO
 		return err
 	}
 
-	if c.state.State != ContainerStateRunning {
-		return errors.Wrapf(ErrCtrStateInvalid, "%q is not running, cannot checkpoint", c.state.State)
+	if c.state.State != define.ContainerStateRunning {
+		return errors.Wrapf(define.ErrCtrStateInvalid, "%q is not running, cannot checkpoint", c.state.State)
 	}
 
 	if err := c.checkpointRestoreLabelLog("dump.log"); err != nil {
@@ -599,7 +613,7 @@ func (c *Container) checkpoint(ctx context.Context, options ContainerCheckpointO
 	logrus.Debugf("Checkpointed container %s", c.ID())
 
 	if !options.KeepRunning {
-		c.state.State = ContainerStateStopped
+		c.state.State = define.ContainerStateStopped
 
 		// Cleanup Storage and Network
 		if err := c.cleanup(ctx); err != nil {
@@ -614,9 +628,11 @@ func (c *Container) checkpoint(ctx context.Context, options ContainerCheckpointO
 			"config.dump",
 			"spec.dump",
 		}
-		for _, delete := range cleanup {
-			file := filepath.Join(c.bundlePath(), delete)
-			os.Remove(file)
+		for _, del := range cleanup {
+			file := filepath.Join(c.bundlePath(), del)
+			if err := os.Remove(file); err != nil {
+				logrus.Debugf("unable to remove file %s", file)
+			}
 		}
 	}
 
@@ -658,8 +674,8 @@ func (c *Container) restore(ctx context.Context, options ContainerCheckpointOpti
 		return err
 	}
 
-	if (c.state.State != ContainerStateConfigured) && (c.state.State != ContainerStateExited) {
-		return errors.Wrapf(ErrCtrStateInvalid, "container %s is running or paused, cannot restore", c.ID())
+	if (c.state.State != define.ContainerStateConfigured) && (c.state.State != define.ContainerStateExited) {
+		return errors.Wrapf(define.ErrCtrStateInvalid, "container %s is running or paused, cannot restore", c.ID())
 	}
 
 	if options.TargetFile != "" {
@@ -696,7 +712,9 @@ func (c *Container) restore(ctx context.Context, options ContainerCheckpointOpti
 		if err != nil {
 			return err
 		}
-		json.Unmarshal(networkJSON, &networkStatus)
+		if err := json.Unmarshal(networkJSON, &networkStatus); err != nil {
+			return err
+		}
 		// Take the first IP address
 		var IP net.IP
 		if len(networkStatus) > 0 {
@@ -738,7 +756,9 @@ func (c *Container) restore(ctx context.Context, options ContainerCheckpointOpti
 
 	// We want to have the same network namespace as before.
 	if c.config.CreateNetNS {
-		g.AddOrReplaceLinuxNamespace(spec.NetworkNamespace, c.state.NetNS.Path())
+		if err := g.AddOrReplaceLinuxNamespace(spec.NetworkNamespace, c.state.NetNS.Path()); err != nil {
+			return err
+		}
 	}
 
 	if err := c.makeBindMounts(); err != nil {
@@ -763,7 +783,9 @@ func (c *Container) restore(ctx context.Context, options ContainerCheckpointOpti
 	}
 
 	// Cleanup for a working restore.
-	c.removeConmonFiles()
+	if err := c.removeConmonFiles(); err != nil {
+		return err
+	}
 
 	// Save the OCI spec to disk
 	if err := c.saveSpec(g.Spec()); err != nil {
@@ -775,7 +797,7 @@ func (c *Container) restore(ctx context.Context, options ContainerCheckpointOpti
 
 	logrus.Debugf("Restored container %s", c.ID())
 
-	c.state.State = ContainerStateRunning
+	c.state.State = define.ContainerStateRunning
 
 	if !options.Keep {
 		// Delete all checkpoint related files. At this point, in theory, all files
@@ -787,8 +809,8 @@ func (c *Container) restore(ctx context.Context, options ContainerCheckpointOpti
 			logrus.Debugf("Non-fatal: removal of checkpoint directory (%s) failed: %v", c.CheckpointPath(), err)
 		}
 		cleanup := [...]string{"restore.log", "dump.log", "stats-dump", "stats-restore", "network.status"}
-		for _, delete := range cleanup {
-			file := filepath.Join(c.bundlePath(), delete)
+		for _, del := range cleanup {
+			file := filepath.Join(c.bundlePath(), del)
 			err = os.Remove(file)
 			if err != nil {
 				logrus.Debugf("Non-fatal: removal of checkpoint file (%s) failed: %v", file, err)
@@ -818,14 +840,14 @@ func (c *Container) makeBindMounts() error {
 		// will recreate. Only do this if we aren't sharing them with
 		// another container.
 		if c.config.NetNsCtr == "" {
-			if path, ok := c.state.BindMounts["/etc/resolv.conf"]; ok {
-				if err := os.Remove(path); err != nil && !os.IsNotExist(err) {
+			if resolvePath, ok := c.state.BindMounts["/etc/resolv.conf"]; ok {
+				if err := os.Remove(resolvePath); err != nil && !os.IsNotExist(err) {
 					return errors.Wrapf(err, "error removing container %s resolv.conf", c.ID())
 				}
 				delete(c.state.BindMounts, "/etc/resolv.conf")
 			}
-			if path, ok := c.state.BindMounts["/etc/hosts"]; ok {
-				if err := os.Remove(path); err != nil && !os.IsNotExist(err) {
+			if hostsPath, ok := c.state.BindMounts["/etc/hosts"]; ok {
+				if err := os.Remove(hostsPath); err != nil && !os.IsNotExist(err) {
 					return errors.Wrapf(err, "error removing container %s hosts", c.ID())
 				}
 				delete(c.state.BindMounts, "/etc/hosts")
@@ -962,10 +984,10 @@ func (c *Container) makeBindMounts() error {
 // generateResolvConf generates a containers resolv.conf
 func (c *Container) generateResolvConf() (string, error) {
 	resolvConf := "/etc/resolv.conf"
-	for _, ns := range c.config.Spec.Linux.Namespaces {
-		if ns.Type == spec.NetworkNamespace {
-			if ns.Path != "" && !strings.HasPrefix(ns.Path, "/proc/") {
-				definedPath := filepath.Join("/etc/netns", filepath.Base(ns.Path), "resolv.conf")
+	for _, namespace := range c.config.Spec.Linux.Namespaces {
+		if namespace.Type == spec.NetworkNamespace {
+			if namespace.Path != "" && !strings.HasPrefix(namespace.Path, "/proc/") {
+				definedPath := filepath.Join("/etc/netns", filepath.Base(namespace.Path), "resolv.conf")
 				_, err := os.Stat(definedPath)
 				if err == nil {
 					resolvConf = definedPath
@@ -1090,10 +1112,10 @@ func (c *Container) generatePasswd() (string, error) {
 	if c.config.User == "" {
 		return "", nil
 	}
-	spec := strings.SplitN(c.config.User, ":", 2)
-	userspec := spec[0]
-	if len(spec) > 1 {
-		groupspec = spec[1]
+	splitSpec := strings.SplitN(c.config.User, ":", 2)
+	userspec := splitSpec[0]
+	if len(splitSpec) > 1 {
+		groupspec = splitSpec[1]
 	}
 	// If a non numeric User, then don't generate passwd
 	uid, err := strconv.ParseUint(userspec, 10, 32)
@@ -1131,7 +1153,7 @@ func (c *Container) generatePasswd() (string, error) {
 	if err != nil {
 		return "", errors.Wrapf(err, "failed to create temporary passwd file")
 	}
-	if os.Chmod(passwdFile, 0644); err != nil {
+	if err := os.Chmod(passwdFile, 0644); err != nil {
 		return "", err
 	}
 	return passwdFile, nil