diff options
author | Matthew Heon <matthew.heon@gmail.com> | 2018-06-14 16:25:36 -0400 |
---|---|---|
committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-06-15 09:15:58 +0000 |
commit | 8f1b7be275e74a7a3f9ecaad105846d603aabb1d (patch) | |
tree | 878e1a5709d6c353ced979aaaf56a3e25af4a652 | |
parent | 6bdf023aeace52d47eb59697bfc46a8d2278b86d (diff) | |
download | podman-8f1b7be275e74a7a3f9ecaad105846d603aabb1d.tar.gz podman-8f1b7be275e74a7a3f9ecaad105846d603aabb1d.tar.bz2 podman-8f1b7be275e74a7a3f9ecaad105846d603aabb1d.zip |
Fix cleaning up network namespaces on detached ctrs
The containernetworking/plugins ns package does not support
unmounting and removing namespaces that were opened by another
process. Work around this by doing it ourself.
Closes: #858
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #949
Approved by: rhatdan
-rw-r--r-- | libpod/container_internal.go | 2 | ||||
-rw-r--r-- | libpod/networking.go | 15 |
2 files changed, 16 insertions, 1 deletions
diff --git a/libpod/container_internal.go b/libpod/container_internal.go index f6d8fc32a..e25ffaa03 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -655,7 +655,7 @@ func (c *Container) stop(timeout uint) error { return err } - return c.cleanupStorage() + return c.cleanup() } // mountStorage sets up the container's root filesystem diff --git a/libpod/networking.go b/libpod/networking.go index 54a1c78de..092ce2a3f 100644 --- a/libpod/networking.go +++ b/libpod/networking.go @@ -7,6 +7,7 @@ import ( "os" "path/filepath" "strings" + "syscall" cnitypes "github.com/containernetworking/cni/pkg/types/current" "github.com/containernetworking/plugins/pkg/ns" @@ -184,10 +185,24 @@ func (r *Runtime) teardownNetNS(ctr *Container) error { logrus.Errorf("Failed to tear down network namespace for container %s: %v", ctr.ID(), err) } + nsPath := ctr.state.NetNS.Path() + if err := ctr.state.NetNS.Close(); err != nil { return errors.Wrapf(err, "error closing network namespace for container %s", ctr.ID()) } + // We need to unconditionally try to unmount/remove the namespace + // because we may be in a separate process from the one that created the + // namespace, and Close() will only do that if it is the same process. + if err := unix.Unmount(nsPath, unix.MNT_DETACH); err != nil { + if err != syscall.EINVAL && err != syscall.ENOENT { + return errors.Wrapf(err, "error unmounting network namespace %s for container %s", nsPath, ctr.ID()) + } + } + if err := os.RemoveAll(nsPath); err != nil && !os.IsNotExist(err) { + return errors.Wrapf(err, "error removing network namespace %s for container %s", nsPath, ctr.ID()) + } + ctr.state.NetNS = nil return nil |