Close the PolicyContext, as required by the API

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2025-06-19 03:22:22 +00:00 · 2023-07-18 20:24:57 +02:00 · 2023-07-18 20:24:57 +02:00 · c40f1485b0
commit c40f1485b0
parent e90ad8614b
1 changed files with 7 additions and 1 deletions
--- a/cmd/skopeo/proxy.go
+++ b/cmd/skopeo/proxy.go
@ -238,7 +238,7 @@ func isNotFoundImageError(err error) bool {
 		errors.Is(err, ocilayout.ImageNotFoundError{})
 }

-func (h *proxyHandler) openImageImpl(args []any, allowNotFound bool) (replyBuf, error) {
+func (h *proxyHandler) openImageImpl(args []any, allowNotFound bool) (retReplyBuf replyBuf, retErr error) {
 	h.lock.Lock()
 	defer h.lock.Unlock()
 	var ret replyBuf
@ -271,6 +271,12 @@ func (h *proxyHandler) openImageImpl(args []any, allowNotFound bool) (replyBuf,
 	if err != nil {
 		return ret, err
 	}
+	defer func() {
+		if err := policyContext.Destroy(); err != nil {
+			retErr = noteCloseFailure(retErr, "tearing down policy context", err)
+		}
+	}()
+
 	unparsedTopLevel := image.UnparsedInstance(imgsrc, nil)
 	allowed, err := policyContext.IsRunningImageAllowed(context.Background(), unparsedTopLevel)
 	if !allowed || err != nil {