Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
runc delete: refuse to delete container with non-empty cgroup
When we delete the container, we no longer have any knowledge about it. In case when the container does not have own private PID namespace, this knowledge (in particular, container's cgroup path) might be crucial, because otherwise we won't be able to kill the leftover container processes. Therefore, let's error out when runc destroy called on a stopped container without private PID namespace and there are processes in its cgroup, suggesting to use runc delete -f or runc kill. Add a test case. Signed-off-by: Kir Kolyshkin <[email protected]>
- Loading branch information