diff options
Diffstat (limited to 'libpod')
| -rw-r--r-- | libpod/container_internal_linux.go | 9 | ||||
| -rw-r--r-- | libpod/oci.go | 2 | ||||
| -rw-r--r-- | libpod/runtime.go | 2 |
3 files changed, 12 insertions, 1 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 9920efd55..b25645e5c 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -18,6 +18,7 @@ import ( cnitypes "github.com/containernetworking/cni/pkg/types/current" crioAnnotations "github.com/containers/libpod/pkg/annotations" "github.com/containers/libpod/pkg/chrootuser" + "github.com/containers/libpod/pkg/criu" "github.com/containers/libpod/pkg/rootless" "github.com/containers/storage/pkg/idtools" spec "github.com/opencontainers/runtime-spec/specs-go" @@ -368,6 +369,10 @@ func (c *Container) addNamespaceContainer(g *generate.Generator, ns LinuxNS, ctr func (c *Container) checkpoint(ctx context.Context, keep bool) (err error) { + if !criu.CheckForCriu() { + return errors.Errorf("checkpointing a container requires at least CRIU %d", criu.MinCriuVersion) + } + if c.state.State != ContainerStateRunning { return errors.Wrapf(ErrCtrStateInvalid, "%q is not running, cannot checkpoint", c.state.State) } @@ -407,6 +412,10 @@ func (c *Container) checkpoint(ctx context.Context, keep bool) (err error) { func (c *Container) restore(ctx context.Context, keep bool) (err error) { + if !criu.CheckForCriu() { + return errors.Errorf("restoring a container requires at least CRIU %d", criu.MinCriuVersion) + } + if (c.state.State != ContainerStateConfigured) && (c.state.State != ContainerStateExited) { return errors.Wrapf(ErrCtrStateInvalid, "container %s is running or paused, cannot restore", c.ID()) } diff --git a/libpod/oci.go b/libpod/oci.go index 6eaaa7a29..2257cd42f 100644 --- a/libpod/oci.go +++ b/libpod/oci.go @@ -378,6 +378,7 @@ func (r *OCIRuntime) createOCIContainer(ctr *Container, cgroupParent string, res childPipe.Close() return err } + defer cmd.Wait() // We don't need childPipe on the parent side childPipe.Close() @@ -478,6 +479,7 @@ func (r *OCIRuntime) updateContainerStatus(ctr *Container) error { } return errors.Wrapf(err, "error getting container %s state. stderr/out: %s", ctr.ID(), out) } + defer cmd.Wait() errPipe.Close() out, err := ioutil.ReadAll(outPipe) diff --git a/libpod/runtime.go b/libpod/runtime.go index f012d66c2..1b26f851f 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -508,7 +508,7 @@ func makeRuntime(runtime *Runtime) (err error) { // Set up a firewall backend backendType := "" - if os.Geteuid() != 0 { + if rootless.IsRootless() { backendType = "none" } fwBackend, err := firewall.GetBackend(backendType) |