Add `podman container cleanup` to CLI

When we run containers in detach mode, nothing cleans up the network stack or
the mount points.  This patch will tell conmon to execute the cleanup code when
the container exits.

It can also be called to attempt to cleanup previously running containers.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #942
Approved by: mheon

5 files changed, 36 insertions, 6 deletions

diff --git a/libpod/container.go b/libpod/container.go
index 37dabd80d..b7189ae0b 100644
--- a/libpod/container.go
+++ b/libpod/container.go
@@ -314,6 +314,10 @@ type ContainerConfig struct {
 	// TODO log options for log drivers
 
 	PostConfigureNetNS bool `json:"postConfigureNetNS"`
+
+	// ExitCommand is the container's exit command.
+	// This Command will be executed when the container exits
+	ExitCommand []string `json:"exitCommand,omitempty"`
 }
 
 // ContainerStatus returns a string representation for users
diff --git a/libpod/container_inspect.go b/libpod/container_inspect.go
index 7dc4d34b9..1381341c2 100644
--- a/libpod/container_inspect.go
+++ b/libpod/container_inspect.go
@@ -71,6 +71,7 @@ func (c *Container) getContainerInspectData(size bool, driverData *inspect.Data)
 		},
 		ImageID:         config.RootfsImageID,
 		ImageName:       config.RootfsImageName,
+		ExitCommand:     config.ExitCommand,
 		Rootfs:          config.Rootfs,
 		ResolvConfPath:  resolvPath,
 		HostnamePath:    hostnamePath,
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index ba6cbe5aa..5c5bf8062 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -695,7 +695,8 @@ func (c *Container) stop(timeout uint) error {
 		return err
 	}
 
-	return c.cleanup()
+	// Container should clean itself up
+	return nil
 }
 
 // Internal, non-locking function to pause a container
@@ -928,11 +929,17 @@ func (c *Container) cleanup() error {
 	}
 
 	if err := c.cleanupCgroups(); err != nil {
-		if lastError != nil {
-			logrus.Errorf("Error cleaning up container %s CGroups: %v", c.ID(), err)
-		} else {
-			lastError = err
-		}
+		/*
+			if lastError != nil {
+				logrus.Errorf("Error cleaning up container %s CGroups: %v", c.ID(), err)
+			} else {
+				lastError = err
+			}
+		*/
+		// For now we are going to only warn on failures to clean up cgroups
+		// We have a conflict with running podman containers cleanup in same cgroup as container
+		logrus.Warnf("Ignoring Error cleaning up container %s CGroups: %v", c.ID(), err)
+
 	}
 
 	// Unmount storage
diff --git a/libpod/oci.go b/libpod/oci.go
index 871069627..dfed3d6b8 100644
--- a/libpod/oci.go
+++ b/libpod/oci.go
@@ -268,6 +268,12 @@ func (r *OCIRuntime) createOCIContainer(ctr *Container, cgroupParent string) (er
 	if ctr.config.ConmonPidFile != "" {
 		args = append(args, "--conmon-pidfile", ctr.config.ConmonPidFile)
 	}
+	if len(ctr.config.ExitCommand) > 0 {
+		args = append(args, "--exit-command", ctr.config.ExitCommand[0])
+		for _, arg := range ctr.config.ExitCommand[1:] {
+			args = append(args, []string{"--exit-command-arg", arg}...)
+		}
+	}
 	args = append(args, "--socket-dir-path", r.socketsDir)
 	if ctr.config.Spec.Process.Terminal {
 		args = append(args, "-t")
diff --git a/libpod/options.go b/libpod/options.go
index 02bcb8628..9f07db7ed 100644
--- a/libpod/options.go
+++ b/libpod/options.go
@@ -485,6 +485,18 @@ func WithIDMappings(idmappings storage.IDMappingOptions) CtrCreateOption {
 	}
 }
 
+// WithExitCommand sets the ExitCommand for the container, appending on the ctr.ID() to the end
+func WithExitCommand(exitCommand []string) CtrCreateOption {
+	return func(ctr *Container) error {
+		if ctr.valid {
+			return ErrCtrFinalized
+		}
+
+		ctr.config.ExitCommand = append(exitCommand, ctr.ID())
+		return nil
+	}
+}
+
 // WithIPCNSFrom indicates the the container should join the IPC namespace of
 // the given container.
 // If the container has joined a pod, it can only join the namespaces of