summaryrefslogtreecommitdiff
path: root/libpod
diff options
context:
space:
mode:
authorPaul Holzinger <pholzing@redhat.com>2022-09-30 20:27:39 +0200
committerPaul Holzinger <pholzing@redhat.com>2022-09-30 20:38:20 +0200
commiteb7f54ef6f48745c5c0d4b17a32ce252349362a4 (patch)
tree91111071e049ad86d5a5cc3c85e24f3d496910e7 /libpod
parent0a394876bebca48b74f4bad6647ac5ec49187e85 (diff)
downloadpodman-eb7f54ef6f48745c5c0d4b17a32ce252349362a4.tar.gz
podman-eb7f54ef6f48745c5c0d4b17a32ce252349362a4.tar.bz2
podman-eb7f54ef6f48745c5c0d4b17a32ce252349362a4.zip
cleanup: always delete netns mount
We should not keep the netns if there was a cleanup problem. Deleting the netns will also delete the virtual links inside and thus make the IPs available again for the next use. context: https://github.com/containers/netavark/issues/302 [NO NEW TESTS NEEDED] This is very hard to trigger reliable and it would need to work with cni and netavark. This mostly happens because of specic bugs but those will be fixed and then this test would fail. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Diffstat (limited to 'libpod')
-rw-r--r--libpod/networking_linux.go16
1 files changed, 12 insertions, 4 deletions
diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go
index 6ea56ade5..5376ff8ad 100644
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@@ -695,23 +695,31 @@ func (r *Runtime) teardownNetNS(ctr *Container) error {
// do not return an error otherwise we would prevent network cleanup
logrus.Errorf("failed to free gvproxy machine ports: %v", err)
}
- if err := r.teardownCNI(ctr); err != nil {
- return err
- }
+
+ // Do not check the error here, we want to always umount the netns
+ // This will ensure that the container interface will be deleted
+ // even when there is a CNI or netavark bug.
+ prevErr := r.teardownCNI(ctr)
// First unmount the namespace
if err := netns.UnmountNS(ctr.state.NetNS); err != nil {
+ if prevErr != nil {
+ logrus.Error(prevErr)
+ }
return fmt.Errorf("unmounting network namespace for container %s: %w", ctr.ID(), err)
}
// Now close the open file descriptor
if err := ctr.state.NetNS.Close(); err != nil {
+ if prevErr != nil {
+ logrus.Error(prevErr)
+ }
return fmt.Errorf("closing network namespace for container %s: %w", ctr.ID(), err)
}
ctr.state.NetNS = nil
- return nil
+ return prevErr
}
func getContainerNetNS(ctr *Container) (string, *Container, error) {