From dc6a99df4c5ea7facaca20129b2b6c5b53ddb3c1 Mon Sep 17 00:00:00 2001
From: Matthew Heon <matthew.heon@gmail.com>
Date: Sat, 10 Feb 2018 15:11:32 -0500
Subject: Containers in a pod can only join namespaces in that pod

This solves some dependency problems in the state, and makes
sense from a design standpoint.

Containers not in a pod can still depend on the namespaces of
containers joined to a pod, which we might also want to change in
the future.

Signed-off-by: Matthew Heon <matthew.heon@gmail.com>

Closes: #184
Approved by: baude
---
 libpod/in_memory_state.go | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'libpod/in_memory_state.go')

diff --git a/libpod/in_memory_state.go b/libpod/in_memory_state.go
index c99a34e7a..a38e080b7 100644
--- a/libpod/in_memory_state.go
+++ b/libpod/in_memory_state.go
@@ -511,6 +511,9 @@ func (s *InMemoryState) AddContainerToPod(pod *Pod, ctr *Container) error {
 		if _, ok = s.containers[depCtr]; !ok {
 			return errors.Wrapf(ErrNoSuchCtr, "cannot depend on nonexistent container %s", depCtr)
 		}
+		if _, ok = podCtrs[depCtr]; !ok {
+			return errors.Wrapf(ErrInvalidArg, "cannot depend on container %s as it is not in pod %s", depCtr, pod.ID())
+		}
 	}
 
 	// Add container to state
-- 
cgit v1.2.3-54-g00ecf