lib: abstract out sandbox for platforms

Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
This commit is contained in:
Vincent Batts 2018-01-23 08:57:36 -05:00
parent 8ea79e755f
commit 509890acc1
Signed by: vbatts
GPG key ID: 10937E57733F1362
3 changed files with 41 additions and 12 deletions

View file

@ -19,7 +19,6 @@ import (
"github.com/kubernetes-incubator/cri-o/pkg/storage" "github.com/kubernetes-incubator/cri-o/pkg/storage"
"github.com/opencontainers/runc/libcontainer" "github.com/opencontainers/runc/libcontainer"
rspec "github.com/opencontainers/runtime-spec/specs-go" rspec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/selinux/go-selinux"
"github.com/opencontainers/selinux/go-selinux/label" "github.com/opencontainers/selinux/go-selinux/label"
"github.com/pkg/errors" "github.com/pkg/errors"
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
@ -701,7 +700,7 @@ func (c *ContainerServer) AddSandbox(sb *sandbox.Sandbox) {
c.state.sandboxes.Add(sb.ID(), sb) c.state.sandboxes.Add(sb.ID(), sb)
c.stateLock.Lock() c.stateLock.Lock()
c.state.processLevels[selinux.NewContext(sb.ProcessLabel())["level"]]++ c.addSandboxPlatform(sb)
c.stateLock.Unlock() c.stateLock.Unlock()
} }
@ -724,18 +723,9 @@ func (c *ContainerServer) HasSandbox(id string) bool {
// RemoveSandbox removes a sandbox from the state store // RemoveSandbox removes a sandbox from the state store
func (c *ContainerServer) RemoveSandbox(id string) { func (c *ContainerServer) RemoveSandbox(id string) {
sb := c.state.sandboxes.Get(id) sb := c.state.sandboxes.Get(id)
processLabel := sb.ProcessLabel()
level := selinux.NewContext(processLabel)["level"]
c.stateLock.Lock() c.stateLock.Lock()
pl, ok := c.state.processLevels[level] c.removeSandboxPlatform(sb)
if ok {
c.state.processLevels[level] = pl - 1
if c.state.processLevels[level] == 0 {
label.ReleaseLabel(processLabel)
delete(c.state.processLevels, level)
}
}
c.stateLock.Unlock() c.stateLock.Unlock()
c.state.sandboxes.Delete(id) c.state.sandboxes.Delete(id)

View file

@ -0,0 +1,26 @@
// +build linux
package lib
import (
"github.com/kubernetes-incubator/cri-o/lib/sandbox"
selinux "github.com/opencontainers/selinux/go-selinux"
"github.com/opencontainers/selinux/go-selinux/label"
)
func (c *ContainerServer) addSandboxPlatform(sb *sandbox.Sandbox) {
c.state.processLevels[selinux.NewContext(sb.ProcessLabel())["level"]]++
}
func (c *ContainerServer) removeSandboxPlatform(sb *sandbox.Sandbox) {
processLabel := sb.ProcessLabel()
level := selinux.NewContext(processLabel)["level"]
pl, ok := c.state.processLevels[level]
if ok {
c.state.processLevels[level] = pl - 1
if c.state.processLevels[level] == 0 {
label.ReleaseLabel(processLabel)
delete(c.state.processLevels, level)
}
}
}

View file

@ -0,0 +1,13 @@
// +build !linux
package lib
import "github.com/kubernetes-incubator/cri-o/lib/sandbox"
func (c *ContainerServer) addSandboxPlatform(sb *sandbox.Sandbox) {
// nothin' doin'
}
func (c *ContainerServer) removeSandboxPlatform(sb *sandbox.Sandbox) {
// nothin' doin'
}