From a0719398931d59a422835b7e4cc7b6e28c18d031 Mon Sep 17 00:00:00 2001 From: Matthew Heon Date: Mon, 10 Aug 2020 15:00:42 -0400 Subject: Ensure pod infra containers have an exit command Most Libpod containers are made via `pkg/specgen/generate` which includes code to generate an appropriate exit command which will handle unmounting the container's storage, cleaning up the container's network, etc. There is one notable exception: pod infra containers, which are made entirely within Libpod and do not touch pkg/specgen. As such, no cleanup process, network never cleaned up, bad things can happen. There is good news, though - it's not that difficult to add this, and it's done in this PR. Generally speaking, we don't allow passing options directly to the infra container at create time, but we do (optionally) proxy a pre-approved set of options into it when we create it. Add ExitCommand to these options, and set it at time of pod creation using the same code we use to generate exit commands for normal containers. Fixes #7103 Signed-off-by: Matthew Heon --- libpod/container_config.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'libpod/container_config.go') diff --git a/libpod/container_config.go b/libpod/container_config.go index 5f89395c1..3fc058d52 100644 --- a/libpod/container_config.go +++ b/libpod/container_config.go @@ -310,7 +310,11 @@ type ContainerMiscConfig struct { // OCIRuntime used to create the container OCIRuntime string `json:"runtime,omitempty"` // ExitCommand is the container's exit command. - // This Command will be executed when the container exits + // This Command will be executed when the container exits by Conmon. + // It is usually used to invoke post-run cleanup - for example, in + // Podman, it invokes `podman container cleanup`, which in turn calls + // Libpod's Cleanup() API to unmount the container and clean up its + // network. ExitCommand []string `json:"exitCommand,omitempty"` // IsInfra is a bool indicating whether this container is an infra container used for // sharing kernel namespaces in a pod -- cgit v1.2.3-54-g00ecf