From 0d7023d581612e1670ef36490a827e46968d6d08 Mon Sep 17 00:00:00 2001
From: Fabricio Voznika <fvoznika@google.com>
Date: Wed, 9 Jan 2019 09:17:04 -0800
Subject: Restore to original cgroup after sandbox and gofer processes are
 created

The original code assumed that it was safe to join and not restore cgroup,
but Container.Run will not exit after calling start, making cgroup cleanup
fail because there were still processes inside the cgroup.

PiperOrigin-RevId: 228529199
Change-Id: I12a48d9adab4bbb02f20d71ec99598c336cbfe51
---
 runsc/specutils/specutils.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'runsc/specutils/specutils.go')

diff --git a/runsc/specutils/specutils.go b/runsc/specutils/specutils.go
index 055076475..7b0dcf231 100644
--- a/runsc/specutils/specutils.go
+++ b/runsc/specutils/specutils.go
@@ -470,8 +470,7 @@ func ContainsStr(strs []string, str string) bool {
 // c.Release() // on success, aborts closing the file and return it.
 // return f
 type Cleanup struct {
-	clean    func()
-	released bool
+	clean func()
 }
 
 // MakeCleanup creates a new Cleanup object.
@@ -481,13 +480,14 @@ func MakeCleanup(f func()) Cleanup {
 
 // Clean calls the cleanup function.
 func (c *Cleanup) Clean() {
-	if !c.released {
+	if c.clean != nil {
 		c.clean()
+		c.clean = nil
 	}
 }
 
 // Release releases the cleanup from its duties, i.e. cleanup function is not
 // called after this point.
 func (c *Cleanup) Release() {
-	c.released = true
+	c.clean = nil
 }
-- 
cgit v1.2.3