From eb7f54ef6f48745c5c0d4b17a32ce252349362a4 Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Fri, 30 Sep 2022 20:27:39 +0200 Subject: cleanup: always delete netns mount We should not keep the netns if there was a cleanup problem. Deleting the netns will also delete the virtual links inside and thus make the IPs available again for the next use. context: https://github.com/containers/netavark/issues/302 [NO NEW TESTS NEEDED] This is very hard to trigger reliable and it would need to work with cni and netavark. This mostly happens because of specic bugs but those will be fixed and then this test would fail. Signed-off-by: Paul Holzinger --- libpod/networking_linux.go | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go index 6ea56ade5..5376ff8ad 100644 --- a/libpod/networking_linux.go +++ b/libpod/networking_linux.go @@ -695,23 +695,31 @@ func (r *Runtime) teardownNetNS(ctr *Container) error { // do not return an error otherwise we would prevent network cleanup logrus.Errorf("failed to free gvproxy machine ports: %v", err) } - if err := r.teardownCNI(ctr); err != nil { - return err - } + + // Do not check the error here, we want to always umount the netns + // This will ensure that the container interface will be deleted + // even when there is a CNI or netavark bug. + prevErr := r.teardownCNI(ctr) // First unmount the namespace if err := netns.UnmountNS(ctr.state.NetNS); err != nil { + if prevErr != nil { + logrus.Error(prevErr) + } return fmt.Errorf("unmounting network namespace for container %s: %w", ctr.ID(), err) } // Now close the open file descriptor if err := ctr.state.NetNS.Close(); err != nil { + if prevErr != nil { + logrus.Error(prevErr) + } return fmt.Errorf("closing network namespace for container %s: %w", ctr.ID(), err) } ctr.state.NetNS = nil - return nil + return prevErr } func getContainerNetNS(ctr *Container) (string, *Container, error) { -- cgit v1.2.3-54-g00ecf