lib: abstract out sandbox for platforms
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
This commit is contained in:
parent
8ea79e755f
commit
509890acc1
3 changed files with 41 additions and 12 deletions
|
@ -19,7 +19,6 @@ import (
|
||||||
"github.com/kubernetes-incubator/cri-o/pkg/storage"
|
"github.com/kubernetes-incubator/cri-o/pkg/storage"
|
||||||
"github.com/opencontainers/runc/libcontainer"
|
"github.com/opencontainers/runc/libcontainer"
|
||||||
rspec "github.com/opencontainers/runtime-spec/specs-go"
|
rspec "github.com/opencontainers/runtime-spec/specs-go"
|
||||||
"github.com/opencontainers/selinux/go-selinux"
|
|
||||||
"github.com/opencontainers/selinux/go-selinux/label"
|
"github.com/opencontainers/selinux/go-selinux/label"
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
"github.com/sirupsen/logrus"
|
"github.com/sirupsen/logrus"
|
||||||
|
@ -701,7 +700,7 @@ func (c *ContainerServer) AddSandbox(sb *sandbox.Sandbox) {
|
||||||
c.state.sandboxes.Add(sb.ID(), sb)
|
c.state.sandboxes.Add(sb.ID(), sb)
|
||||||
|
|
||||||
c.stateLock.Lock()
|
c.stateLock.Lock()
|
||||||
c.state.processLevels[selinux.NewContext(sb.ProcessLabel())["level"]]++
|
c.addSandboxPlatform(sb)
|
||||||
c.stateLock.Unlock()
|
c.stateLock.Unlock()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -724,18 +723,9 @@ func (c *ContainerServer) HasSandbox(id string) bool {
|
||||||
// RemoveSandbox removes a sandbox from the state store
|
// RemoveSandbox removes a sandbox from the state store
|
||||||
func (c *ContainerServer) RemoveSandbox(id string) {
|
func (c *ContainerServer) RemoveSandbox(id string) {
|
||||||
sb := c.state.sandboxes.Get(id)
|
sb := c.state.sandboxes.Get(id)
|
||||||
processLabel := sb.ProcessLabel()
|
|
||||||
level := selinux.NewContext(processLabel)["level"]
|
|
||||||
|
|
||||||
c.stateLock.Lock()
|
c.stateLock.Lock()
|
||||||
pl, ok := c.state.processLevels[level]
|
c.removeSandboxPlatform(sb)
|
||||||
if ok {
|
|
||||||
c.state.processLevels[level] = pl - 1
|
|
||||||
if c.state.processLevels[level] == 0 {
|
|
||||||
label.ReleaseLabel(processLabel)
|
|
||||||
delete(c.state.processLevels, level)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
c.stateLock.Unlock()
|
c.stateLock.Unlock()
|
||||||
|
|
||||||
c.state.sandboxes.Delete(id)
|
c.state.sandboxes.Delete(id)
|
||||||
|
|
26
lib/container_server_linux.go
Normal file
26
lib/container_server_linux.go
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
// +build linux
|
||||||
|
|
||||||
|
package lib
|
||||||
|
|
||||||
|
import (
|
||||||
|
"github.com/kubernetes-incubator/cri-o/lib/sandbox"
|
||||||
|
selinux "github.com/opencontainers/selinux/go-selinux"
|
||||||
|
"github.com/opencontainers/selinux/go-selinux/label"
|
||||||
|
)
|
||||||
|
|
||||||
|
func (c *ContainerServer) addSandboxPlatform(sb *sandbox.Sandbox) {
|
||||||
|
c.state.processLevels[selinux.NewContext(sb.ProcessLabel())["level"]]++
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *ContainerServer) removeSandboxPlatform(sb *sandbox.Sandbox) {
|
||||||
|
processLabel := sb.ProcessLabel()
|
||||||
|
level := selinux.NewContext(processLabel)["level"]
|
||||||
|
pl, ok := c.state.processLevels[level]
|
||||||
|
if ok {
|
||||||
|
c.state.processLevels[level] = pl - 1
|
||||||
|
if c.state.processLevels[level] == 0 {
|
||||||
|
label.ReleaseLabel(processLabel)
|
||||||
|
delete(c.state.processLevels, level)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
13
lib/container_server_unsupported.go
Normal file
13
lib/container_server_unsupported.go
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
// +build !linux
|
||||||
|
|
||||||
|
package lib
|
||||||
|
|
||||||
|
import "github.com/kubernetes-incubator/cri-o/lib/sandbox"
|
||||||
|
|
||||||
|
func (c *ContainerServer) addSandboxPlatform(sb *sandbox.Sandbox) {
|
||||||
|
// nothin' doin'
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *ContainerServer) removeSandboxPlatform(sb *sandbox.Sandbox) {
|
||||||
|
// nothin' doin'
|
||||||
|
}
|
Loading…
Reference in a new issue