From a0719398931d59a422835b7e4cc7b6e28c18d031 Mon Sep 17 00:00:00 2001
From: Matthew Heon <mheon@redhat.com>
Date: Mon, 10 Aug 2020 15:00:42 -0400
Subject: Ensure pod infra containers have an exit command

Most Libpod containers are made via `pkg/specgen/generate` which
includes code to generate an appropriate exit command which will
handle unmounting the container's storage, cleaning up the
container's network, etc. There is one notable exception: pod
infra containers, which are made entirely within Libpod and do
not touch pkg/specgen. As such, no cleanup process, network never
cleaned up, bad things can happen.

There is good news, though - it's not that difficult to add this,
and it's done in this PR. Generally speaking, we don't allow
passing options directly to the infra container at create time,
but we do (optionally) proxy a pre-approved set of options into
it when we create it. Add ExitCommand to these options, and set
it at time of pod creation using the same code we use to generate
exit commands for normal containers.

Fixes #7103

Signed-off-by: Matthew Heon <mheon@redhat.com>
---
 pkg/specgen/generate/pod_create.go | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

(limited to 'pkg/specgen')

diff --git a/pkg/specgen/generate/pod_create.go b/pkg/specgen/generate/pod_create.go
index 0cbfca2db..0bd39d5a4 100644
--- a/pkg/specgen/generate/pod_create.go
+++ b/pkg/specgen/generate/pod_create.go
@@ -13,14 +13,14 @@ func MakePod(p *specgen.PodSpecGenerator, rt *libpod.Runtime) (*libpod.Pod, erro
 	if err := p.Validate(); err != nil {
 		return nil, err
 	}
-	options, err := createPodOptions(p)
+	options, err := createPodOptions(p, rt)
 	if err != nil {
 		return nil, err
 	}
 	return rt.NewPod(context.Background(), options...)
 }
 
-func createPodOptions(p *specgen.PodSpecGenerator) ([]libpod.PodCreateOption, error) {
+func createPodOptions(p *specgen.PodSpecGenerator, rt *libpod.Runtime) ([]libpod.PodCreateOption, error) {
 	var (
 		options []libpod.PodCreateOption
 	)
@@ -31,6 +31,18 @@ func createPodOptions(p *specgen.PodSpecGenerator) ([]libpod.PodCreateOption, er
 			return nil, err
 		}
 		options = append(options, nsOptions...)
+
+		// Make our exit command
+		storageConfig := rt.StorageConfig()
+		runtimeConfig, err := rt.GetConfig()
+		if err != nil {
+			return nil, err
+		}
+		exitCommand, err := CreateExitCommandArgs(storageConfig, runtimeConfig, logrus.IsLevelEnabled(logrus.DebugLevel), false, false)
+		if err != nil {
+			return nil, errors.Wrapf(err, "error creating infra container exit command")
+		}
+		options = append(options, libpod.WithPodInfraExitCommand(exitCommand))
 	}
 	if len(p.CgroupParent) > 0 {
 		options = append(options, libpod.WithPodCgroupParent(p.CgroupParent))
-- 
cgit v1.2.3-54-g00ecf