From e838dcb4bf7dc35b1bcf21edad6a1f6c59d969ab Mon Sep 17 00:00:00 2001
From: Matthew Heon <matthew.heon@gmail.com>
Date: Mon, 25 Jun 2018 23:39:11 -0400
Subject: Add constraint that dependencies must be in the same ns

Dependency containers must be in the same namespace, to ensure
there are never problems resolving a dependency.

Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
---
 libpod/in_memory_state.go | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

(limited to 'libpod/in_memory_state.go')

diff --git a/libpod/in_memory_state.go b/libpod/in_memory_state.go
index cf2f43477..4ea8740fb 100644
--- a/libpod/in_memory_state.go
+++ b/libpod/in_memory_state.go
@@ -20,6 +20,7 @@ type InMemoryState struct {
 	podContainers map[string]map[string]*Container
 	nameIndex     *registrar.Registrar
 	idIndex       *truncindex.TruncIndex
+	namespace     string
 }
 
 // NewInMemoryState initializes a new, empty in-memory state
@@ -36,6 +37,8 @@ func NewInMemoryState() (State, error) {
 	state.nameIndex = registrar.NewRegistrar()
 	state.idIndex = truncindex.NewTruncIndex([]string{})
 
+	state.namespace = ""
+
 	return state, nil
 }
 
@@ -51,6 +54,13 @@ func (s *InMemoryState) Refresh() error {
 	return nil
 }
 
+// SetNamespace sets the namespace for container and pod retrieval.
+func (s *InMemoryState) SetNamespace(ns string) error {
+	s.namespace = ns
+
+	return nil
+}
+
 // Container retrieves a container from its full ID
 func (s *InMemoryState) Container(id string) (*Container, error) {
 	if id == "" {
@@ -133,6 +143,9 @@ func (s *InMemoryState) AddContainer(ctr *Container) error {
 		} else if depCtr.config.Pod != "" {
 			return errors.Wrapf(ErrInvalidArg, "cannot depend on container in a pod if not part of same pod")
 		}
+		if depCtr.config.Namespace != ctr.config.Namespace {
+			return errors.Wrapf(ErrNSMismatch, "container %s is in namespace %s and cannot depend on container %s in namespace %s", ctr.ID(), ctr.config.Namespace, depID, depCtr.config.Namespace)
+		}
 	}
 
 	if err := s.nameIndex.Reserve(ctr.Name(), ctr.ID()); err != nil {
@@ -519,9 +532,13 @@ func (s *InMemoryState) AddContainerToPod(pod *Pod, ctr *Container) error {
 		if _, ok = s.containers[depCtr]; !ok {
 			return errors.Wrapf(ErrNoSuchCtr, "cannot depend on nonexistent container %s", depCtr)
 		}
-		if _, ok = podCtrs[depCtr]; !ok {
+		depCtrStruct, ok := podCtrs[depCtr]
+		if !ok {
 			return errors.Wrapf(ErrInvalidArg, "cannot depend on container %s as it is not in pod %s", depCtr, pod.ID())
 		}
+		if depCtrStruct.config.Namespace != ctr.config.Namespace {
+			return errors.Wrapf(ErrNSMismatch, "container %s is in namespace %s and cannot depend on container %s in namespace %s", ctr.ID(), ctr.config.Namespace, depCtr, depCtrStruct.config.Namespace)
+		}
 	}
 
 	// Add container to state
-- 
cgit v1.2.3-54-g00ecf