Merge pull request #14720 from sstosh/rm-option

Fix: Prevent OCI runtime directory remain

5 files changed, 40 insertions, 1 deletions

diff --git a/libpod/container_api.go b/libpod/container_api.go
index c14fe95b0..f35cce772 100644
--- a/libpod/container_api.go
+++ b/libpod/container_api.go
@@ -666,6 +666,15 @@ func (c *Container) Cleanup(ctx context.Context) error {
 		defer c.lock.Unlock()
 
 		if err := c.syncContainer(); err != nil {
+			switch errors.Cause(err) {
+			// When the container has already been removed, the OCI runtime directory remain.
+			case define.ErrNoSuchCtr, define.ErrCtrRemoved:
+				if err := c.cleanupRuntime(ctx); err != nil {
+					return errors.Wrapf(err, "error cleaning up container %s from OCI runtime", c.ID())
+				}
+			default:
+				logrus.Errorf("Syncing container %s status: %v", c.ID(), err)
+			}
 			return err
 		}
 	}
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index 64696cc27..3b01ee6c8 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -1289,8 +1289,9 @@ func (c *Container) stop(timeout uint) error {
 		if err := c.syncContainer(); err != nil {
 			switch errors.Cause(err) {
 			// If the container has already been removed (e.g., via
-			// the cleanup process), there's nothing left to do.
+			// the cleanup process), set the container state to "stopped".
 			case define.ErrNoSuchCtr, define.ErrCtrRemoved:
+				c.state.State = define.ContainerStateStopped
 				return stopErr
 			default:
 				if stopErr != nil {
diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go
index fafec5e12..4d34c6a08 100644
--- a/libpod/runtime_ctr.go
+++ b/libpod/runtime_ctr.go
@@ -715,6 +715,10 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force, remo
 		// Do a quick ping of the database to check if the container
 		// still exists.
 		if ok, _ := r.state.HasContainer(c.ID()); !ok {
+			// When the container has already been removed, the OCI runtime directory remain.
+			if err := c.cleanupRuntime(ctx); err != nil {
+				return errors.Wrapf(err, "error cleaning up container %s from OCI runtime", c.ID())
+			}
 			return nil
 		}
 	}
diff --git a/test/system/050-stop.bats b/test/system/050-stop.bats
index c2dfba84d..39002512b 100644
--- a/test/system/050-stop.bats
+++ b/test/system/050-stop.bats
@@ -171,4 +171,19 @@ load helpers
     run_podman --noout stop -t 0 stopme
     is "$output" "" "output should be empty"
 }
+
+@test "podman stop, with --rm container" {
+    OCIDir=/run/$(podman_runtime)
+
+    if is_rootless; then
+        OCIDir=/run/user/$(id -u)/$(podman_runtime)
+    fi
+
+    run_podman run --rm -d --name rmstop $IMAGE sleep infinity
+    local cid="$output"
+    run_podman stop rmstop
+
+    # Check the OCI runtime directory has removed.
+    is "$(ls $OCIDir | grep $cid)" "" "The OCI runtime directory should have been removed"
+}
 # vim: filetype=sh
diff --git a/test/system/055-rm.bats b/test/system/055-rm.bats
index 69663fafa..0ef2216b8 100644
--- a/test/system/055-rm.bats
+++ b/test/system/055-rm.bats
@@ -52,10 +52,20 @@ load helpers
 }
 
 @test "podman rm <-> run --rm race" {
+    OCIDir=/run/$(podman_runtime)
+
+    if is_rootless; then
+        OCIDir=/run/user/$(id -u)/$(podman_runtime)
+    fi
+
     # A container's lock is released before attempting to stop it.  This opens
     # the window for race conditions that led to #9479.
     run_podman run --rm -d $IMAGE sleep infinity
+    local cid="$output"
     run_podman rm -af
+
+    # Check the OCI runtime directory has removed.
+    is "$(ls $OCIDir | grep $cid)" "" "The OCI runtime directory should have been removed"
 }
 
 @test "podman rm --depend" {