diff options
Diffstat (limited to 'libpod/runtime_ctr.go')
| -rw-r--r-- | libpod/runtime_ctr.go | 32 |
1 files changed, 31 insertions, 1 deletions
diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go index a0b576bcd..6c487e367 100644 --- a/libpod/runtime_ctr.go +++ b/libpod/runtime_ctr.go @@ -11,6 +11,7 @@ import ( "github.com/containers/storage" "github.com/containers/storage/pkg/stringid" spec "github.com/opencontainers/runtime-spec/specs-go" + "github.com/opencontainers/selinux/go-selinux/label" "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/ulule/deepcopier" @@ -77,6 +78,7 @@ func (r *Runtime) newContainer(ctx context.Context, rSpec *spec.Spec, options .. ctr.config.Namespace = r.config.Namespace } + ctr.runtime = r for _, option := range options { if err := option(ctr); err != nil { return nil, errors.Wrapf(err, "error running container create option") @@ -85,7 +87,6 @@ func (r *Runtime) newContainer(ctx context.Context, rSpec *spec.Spec, options .. ctr.valid = true ctr.state.State = ContainerStateConfigured - ctr.runtime = r var pod *Pod if ctr.config.Pod != "" { @@ -327,6 +328,10 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force bool) } } + if r.config.EnableLabeling { + label.ReleaseLabel(c.ProcessLabel()) + r.reserveLabels() + } // Delete the container // Only do this if we're not ContainerStateConfigured - if we are, // we haven't been created in the runtime yet @@ -460,3 +465,28 @@ func (r *Runtime) GetLatestContainer() (*Container, error) { } return ctrs[lastCreatedIndex], nil } + +// reserveLabels walks the list o fcontainers and reserves the label, so new containers will not +// get them. +// TODO Performance wise this should only run if the state has changed since the last time it was run. +func (r *Runtime) reserveLabels() error { + containers, err := r.state.AllContainers() + if err != nil { + return err + } + for _, ctr := range containers { + label.ReserveLabel(ctr.ProcessLabel()) + } + return nil +} + +// initLabels allocates an new label to return to the caller +func (r *Runtime) initLabels(labelOpts []string) (string, string, error) { + if !r.config.EnableLabeling { + return "", "", nil + } + if err := r.reserveLabels(); err != nil { + return "", "", errors.Wrapf(err, "unable to reserve labels") + } + return label.InitLabels(labelOpts) +} |