lib: abstract out sandbox for platforms
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
This commit is contained in:
parent
8ea79e755f
commit
509890acc1
3 changed files with 41 additions and 12 deletions
26
lib/container_server_linux.go
Normal file
26
lib/container_server_linux.go
Normal file
|
@ -0,0 +1,26 @@
|
|||
// +build linux
|
||||
|
||||
package lib
|
||||
|
||||
import (
|
||||
"github.com/kubernetes-incubator/cri-o/lib/sandbox"
|
||||
selinux "github.com/opencontainers/selinux/go-selinux"
|
||||
"github.com/opencontainers/selinux/go-selinux/label"
|
||||
)
|
||||
|
||||
func (c *ContainerServer) addSandboxPlatform(sb *sandbox.Sandbox) {
|
||||
c.state.processLevels[selinux.NewContext(sb.ProcessLabel())["level"]]++
|
||||
}
|
||||
|
||||
func (c *ContainerServer) removeSandboxPlatform(sb *sandbox.Sandbox) {
|
||||
processLabel := sb.ProcessLabel()
|
||||
level := selinux.NewContext(processLabel)["level"]
|
||||
pl, ok := c.state.processLevels[level]
|
||||
if ok {
|
||||
c.state.processLevels[level] = pl - 1
|
||||
if c.state.processLevels[level] == 0 {
|
||||
label.ReleaseLabel(processLabel)
|
||||
delete(c.state.processLevels, level)
|
||||
}
|
||||
}
|
||||
}
|
Loading…
Add table
Add a link
Reference in a new issue