diff options
-rw-r--r-- | libpod/container_internal.go | 2 | ||||
-rw-r--r-- | libpod/networking.go | 15 |
2 files changed, 16 insertions, 1 deletions
diff --git a/libpod/container_internal.go b/libpod/container_internal.go index f6d8fc32a..e25ffaa03 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -655,7 +655,7 @@ func (c *Container) stop(timeout uint) error { return err } - return c.cleanupStorage() + return c.cleanup() } // mountStorage sets up the container's root filesystem diff --git a/libpod/networking.go b/libpod/networking.go index 54a1c78de..092ce2a3f 100644 --- a/libpod/networking.go +++ b/libpod/networking.go @@ -7,6 +7,7 @@ import ( "os" "path/filepath" "strings" + "syscall" cnitypes "github.com/containernetworking/cni/pkg/types/current" "github.com/containernetworking/plugins/pkg/ns" @@ -184,10 +185,24 @@ func (r *Runtime) teardownNetNS(ctr *Container) error { logrus.Errorf("Failed to tear down network namespace for container %s: %v", ctr.ID(), err) } + nsPath := ctr.state.NetNS.Path() + if err := ctr.state.NetNS.Close(); err != nil { return errors.Wrapf(err, "error closing network namespace for container %s", ctr.ID()) } + // We need to unconditionally try to unmount/remove the namespace + // because we may be in a separate process from the one that created the + // namespace, and Close() will only do that if it is the same process. + if err := unix.Unmount(nsPath, unix.MNT_DETACH); err != nil { + if err != syscall.EINVAL && err != syscall.ENOENT { + return errors.Wrapf(err, "error unmounting network namespace %s for container %s", nsPath, ctr.ID()) + } + } + if err := os.RemoveAll(nsPath); err != nil && !os.IsNotExist(err) { + return errors.Wrapf(err, "error removing network namespace %s for container %s", nsPath, ctr.ID()) + } + ctr.state.NetNS = nil return nil |