cleanup: always delete netns mount

We should not keep the netns if there was a cleanup problem. Deleting
the netns will also delete the virtual links inside and thus make the IPs
available again for the next use.

context: https://github.com/containers/netavark/issues/302

[NO NEW TESTS NEEDED] This is very hard to trigger reliable and it would
need to work with cni and netavark. This mostly happens because of
specic bugs but those will be fixed and then this test would fail.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>

1 files changed, 12 insertions, 4 deletions

diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go
index 6ea56ade5..5376ff8ad 100644
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@@ -695,23 +695,31 @@ func (r *Runtime) teardownNetNS(ctr *Container) error {
 		// do not return an error otherwise we would prevent network cleanup
 		logrus.Errorf("failed to free gvproxy machine ports: %v", err)
 	}
-	if err := r.teardownCNI(ctr); err != nil {
-		return err
-	}
+
+	// Do not check the error here, we want to always umount the netns
+	// This will ensure that the container interface will be deleted
+	// even when there is a CNI or netavark bug.
+	prevErr := r.teardownCNI(ctr)
 
 	// First unmount the namespace
 	if err := netns.UnmountNS(ctr.state.NetNS); err != nil {
+		if prevErr != nil {
+			logrus.Error(prevErr)
+		}
 		return fmt.Errorf("unmounting network namespace for container %s: %w", ctr.ID(), err)
 	}
 
 	// Now close the open file descriptor
 	if err := ctr.state.NetNS.Close(); err != nil {
+		if prevErr != nil {
+			logrus.Error(prevErr)
+		}
 		return fmt.Errorf("closing network namespace for container %s: %w", ctr.ID(), err)
 	}
 
 	ctr.state.NetNS = nil
 
-	return nil
+	return prevErr
 }
 
 func getContainerNetNS(ctr *Container) (string, *Container, error) {