summaryrefslogtreecommitdiff
path: root/libpod
diff options
context:
space:
mode:
authorToshiki Sonoda <sonoda.toshiki@fujitsu.com>2022-06-24 09:29:24 +0900
committerToshiki Sonoda <sonoda.toshiki@fujitsu.com>2022-06-24 09:29:24 +0900
commit3619f0be9514cd7a2cbdddc6cfb8bc8b7a94485d (patch)
treeca432ac3c301c051a1cb72f84c92383d17076a07 /libpod
parent8e88abda85f7bf44b6857ad5d62c8ef58206fce5 (diff)
downloadpodman-3619f0be9514cd7a2cbdddc6cfb8bc8b7a94485d.tar.gz
podman-3619f0be9514cd7a2cbdddc6cfb8bc8b7a94485d.tar.bz2
podman-3619f0be9514cd7a2cbdddc6cfb8bc8b7a94485d.zip
Fix: Prevent OCI runtime directory remain
This bug was introduced in https://github.com/containers/podman/pull/8906. When we use 'podman rm/restart/stop/kill etc...' command to the container running with --rm, the OCI runtime directory remains at /run/<runtime name> (root user) or /run/user/<user id>/<runtime name> (rootless user). This bug could cause other bugs. For example, when we checkpoint the container running with --rm (podman checkpoint --export) and restore it (podman restore --import) with crun, error message "Error: OCI runtime error: crun: container `<container id>` already exists" is outputted. This error is caused by an attempt to restore the container with the same container ID as the remaining OCI runtime's container ID. Therefore, I fix that the cleanupRuntime() function runs to remove the OCI runtime directory, even if the container has already been removed by --rm option. Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
Diffstat (limited to 'libpod')
-rw-r--r--libpod/container_api.go9
-rw-r--r--libpod/container_internal.go3
-rw-r--r--libpod/runtime_ctr.go4
3 files changed, 15 insertions, 1 deletions
diff --git a/libpod/container_api.go b/libpod/container_api.go
index b064d3528..fcf3ba49c 100644
--- a/libpod/container_api.go
+++ b/libpod/container_api.go
@@ -621,6 +621,15 @@ func (c *Container) Cleanup(ctx context.Context) error {
defer c.lock.Unlock()
if err := c.syncContainer(); err != nil {
+ switch errors.Cause(err) {
+ // When the container has already been removed, the OCI runtime directory remain.
+ case define.ErrNoSuchCtr, define.ErrCtrRemoved:
+ if err := c.cleanupRuntime(ctx); err != nil {
+ return errors.Wrapf(err, "error cleaning up container %s from OCI runtime", c.ID())
+ }
+ default:
+ logrus.Errorf("Syncing container %s status: %v", c.ID(), err)
+ }
return err
}
}
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index ce48987f6..0861fbdba 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -1309,8 +1309,9 @@ func (c *Container) stop(timeout uint) error {
if err := c.syncContainer(); err != nil {
switch errors.Cause(err) {
// If the container has already been removed (e.g., via
- // the cleanup process), there's nothing left to do.
+ // the cleanup process), set the container state to "stopped".
case define.ErrNoSuchCtr, define.ErrCtrRemoved:
+ c.state.State = define.ContainerStateStopped
return stopErr
default:
if stopErr != nil {
diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go
index a9ae9d1db..14d75c21d 100644
--- a/libpod/runtime_ctr.go
+++ b/libpod/runtime_ctr.go
@@ -715,6 +715,10 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force, remo
// Do a quick ping of the database to check if the container
// still exists.
if ok, _ := r.state.HasContainer(c.ID()); !ok {
+ // When the container has already been removed, the OCI runtime directory remain.
+ if err := c.cleanupRuntime(ctx); err != nil {
+ return errors.Wrapf(err, "error cleaning up container %s from OCI runtime", c.ID())
+ }
return nil
}
}