From 70baafc1c756ba4ebc25c54ac92763bf0b8e91bb Mon Sep 17 00:00:00 2001
From: Matthew Heon <matthew.heon@gmail.com>
Date: Tue, 27 Feb 2018 13:54:48 -0500
Subject: Ensure that Cleanup() will not run on active containers

This ensures that containers with active exec sessions will not
have storage unmounted under them or network namespaces destroyed

Signed-off-by: Matthew Heon <matthew.heon@gmail.com>

Closes: #412
Approved by: baude
---
 libpod/container_api.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/libpod/container_api.go b/libpod/container_api.go
index c1c1689df..1e233109b 100644
--- a/libpod/container_api.go
+++ b/libpod/container_api.go
@@ -603,6 +603,16 @@ func (c *Container) Cleanup() error {
 		}
 	}
 
+	// Check if state is good
+	if c.state.State == ContainerStateRunning || c.state.State == ContainerStatePaused {
+		return errors.Wrapf(ErrCtrStateInvalid, "container %s is running or paused, refusing to clean up", c.ID())
+	}
+
+	// Check if we have active exec sessions
+	if len(c.state.ExecSessions) != 0 {
+		return errors.Wrapf(ErrCtrStateInvalid, "container %s has active exec sessions, refusing to clean up", c.ID())
+	}
+
 	// Stop the container's network namespace (if it has one)
 	if err := c.cleanupNetwork(); err != nil {
 		logrus.Errorf("unable cleanup network for container %s: %q", c.ID(), err)
-- 
cgit v1.2.3-54-g00ecf