From 2705344634a875c49a4c9028d3a2f7e334b4db1f Mon Sep 17 00:00:00 2001 From: Matthew Heon Date: Tue, 3 Jul 2018 11:12:00 -0400 Subject: Untested implementation of namespaced BoltDB access All BoltDB access and update functions now understand namespaces. Accessing containers outside of your namespace will produce errors, except for Lookup and All functions, which will perform their tasks only on containers within your namespace. The "" namespace remains a reserved, no-restrictions namespace. Signed-off-by: Matthew Heon --- libpod/boltdb_state_internal.go | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'libpod/boltdb_state_internal.go') diff --git a/libpod/boltdb_state_internal.go b/libpod/boltdb_state_internal.go index 718c43046..81c9f49f5 100644 --- a/libpod/boltdb_state_internal.go +++ b/libpod/boltdb_state_internal.go @@ -459,7 +459,7 @@ func (s *BoltState) addContainer(ctr *Container, pod *Pod) error { // Remove a container from the DB // If pod is not nil, the container is treated as belonging to a pod, and // will be removed from the pod as well -func removeContainer(ctr *Container, pod *Pod, tx *bolt.Tx, namespace string) error { +func (s *BoltState) removeContainer(ctr *Container, pod *Pod, tx *bolt.Tx) error { ctrID := []byte(ctr.ID()) ctrName := []byte(ctr.Name()) @@ -514,9 +514,12 @@ func removeContainer(ctr *Container, pod *Pod, tx *bolt.Tx, namespace string) er // Compare namespace // We can't remove containers not in our namespace - if namespace != "" { - if namespace != ctr.config.Namespace { - return errors.Wrapf(ErrNSMismatch, "container %s is in namespace %q, does not match our namespace %q", ctr.ID(), ctr.config.Namespace, namespace) + if s.namespace != "" { + if s.namespace != ctr.config.Namespace { + return errors.Wrapf(ErrNSMismatch, "container %s is in namespace %q, does not match our namespace %q", ctr.ID(), ctr.config.Namespace, s.namespace) + } + if pod != nil && s.namespace != pod.config.Namespace { + return errors.Wrapf(ErrNSMismatch, "pod %s is in namespace %q, does not match out namespace %q", pod.ID(), pod.config.Namespace, s.namespace) } } -- cgit v1.2.3-54-g00ecf