diff --git a/lib/container_server.go b/lib/container_server.go index 40031925..48415e4b 100644 --- a/lib/container_server.go +++ b/lib/container_server.go @@ -19,7 +19,6 @@ import ( "github.com/kubernetes-incubator/cri-o/pkg/storage" "github.com/opencontainers/runc/libcontainer" rspec "github.com/opencontainers/runtime-spec/specs-go" - "github.com/opencontainers/selinux/go-selinux" "github.com/opencontainers/selinux/go-selinux/label" "github.com/pkg/errors" "github.com/sirupsen/logrus" @@ -701,7 +700,7 @@ func (c *ContainerServer) AddSandbox(sb *sandbox.Sandbox) { c.state.sandboxes.Add(sb.ID(), sb) c.stateLock.Lock() - c.state.processLevels[selinux.NewContext(sb.ProcessLabel())["level"]]++ + c.addSandboxPlatform(sb) c.stateLock.Unlock() } @@ -724,18 +723,9 @@ func (c *ContainerServer) HasSandbox(id string) bool { // RemoveSandbox removes a sandbox from the state store func (c *ContainerServer) RemoveSandbox(id string) { sb := c.state.sandboxes.Get(id) - processLabel := sb.ProcessLabel() - level := selinux.NewContext(processLabel)["level"] c.stateLock.Lock() - pl, ok := c.state.processLevels[level] - if ok { - c.state.processLevels[level] = pl - 1 - if c.state.processLevels[level] == 0 { - label.ReleaseLabel(processLabel) - delete(c.state.processLevels, level) - } - } + c.removeSandboxPlatform(sb) c.stateLock.Unlock() c.state.sandboxes.Delete(id) diff --git a/lib/container_server_linux.go b/lib/container_server_linux.go new file mode 100644 index 00000000..ffc03d5f --- /dev/null +++ b/lib/container_server_linux.go @@ -0,0 +1,26 @@ +// +build linux + +package lib + +import ( + "github.com/kubernetes-incubator/cri-o/lib/sandbox" + selinux "github.com/opencontainers/selinux/go-selinux" + "github.com/opencontainers/selinux/go-selinux/label" +) + +func (c *ContainerServer) addSandboxPlatform(sb *sandbox.Sandbox) { + c.state.processLevels[selinux.NewContext(sb.ProcessLabel())["level"]]++ +} + +func (c *ContainerServer) removeSandboxPlatform(sb *sandbox.Sandbox) { + processLabel := sb.ProcessLabel() + level := selinux.NewContext(processLabel)["level"] + pl, ok := c.state.processLevels[level] + if ok { + c.state.processLevels[level] = pl - 1 + if c.state.processLevels[level] == 0 { + label.ReleaseLabel(processLabel) + delete(c.state.processLevels, level) + } + } +} diff --git a/lib/container_server_unsupported.go b/lib/container_server_unsupported.go new file mode 100644 index 00000000..370de43a --- /dev/null +++ b/lib/container_server_unsupported.go @@ -0,0 +1,13 @@ +// +build !linux + +package lib + +import "github.com/kubernetes-incubator/cri-o/lib/sandbox" + +func (c *ContainerServer) addSandboxPlatform(sb *sandbox.Sandbox) { + // nothin' doin' +} + +func (c *ContainerServer) removeSandboxPlatform(sb *sandbox.Sandbox) { + // nothin' doin' +}