diff --git a/VERSION-openeuler b/VERSION-openeuler index 714d5db..cfadb55 100644 --- a/VERSION-openeuler +++ b/VERSION-openeuler @@ -1 +1 @@ -18.09.0.312 +18.09.0.313 diff --git a/docker.spec b/docker.spec index 86696cc..62dc0e2 100644 --- a/docker.spec +++ b/docker.spec @@ -1,6 +1,6 @@ Name: docker-engine Version: 18.09.0 -Release: 312 +Release: 313 Epoch: 2 Summary: The open-source application container engine Group: Tools/Docker @@ -22,7 +22,7 @@ URL: https://mobyproject.org # most are already in the container (see contrib/builder/rpm/ARCH/generate.sh) BuildRequires: pkgconfig(systemd) golang >= 1.8.3 btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel BuildRequires: libselinux-devel libtool-ltdl-devel pkgconfig selinux-policy selinux-policy-devel sqlite-devel systemd-devel -BuildRequires: tar containerd docker-runc docker-proxy +BuildRequires: tar containerd docker-runc docker-proxy git # required packages on install Requires: /bin/sh iptables libcgroup tar xz device-mapper-libs >= 1.02.90-1 systemd-units @@ -213,6 +213,12 @@ fi %endif %changelog +* Tue Nov 22 2022 chenjiankun - 18.09.0-313 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:cleanup netns file when stop docker daemon + * Mon Oct 17 2022 chenjiankun - 18.09.0-312 - Type:bugfix - CVE:NA diff --git a/git-commit b/git-commit index 731bbb9..0c5b2a5 100644 --- a/git-commit +++ b/git-commit @@ -1 +1 @@ -d1134d1492bbebbc6af9352ad33eb4543caf23d8 +f06d9b2e6b86090d87db5b8d20fc87243cbcd1c4 diff --git a/patch/0233-docker-cleanup-netns-file-when-close-docker-daemon.patch b/patch/0233-docker-cleanup-netns-file-when-close-docker-daemon.patch new file mode 100644 index 0000000..f704bf4 --- /dev/null +++ b/patch/0233-docker-cleanup-netns-file-when-close-docker-daemon.patch @@ -0,0 +1,38 @@ +From 26f9b14362ee9859e221e73e57b73abbe7f812f8 Mon Sep 17 00:00:00 2001 +From: chenjiankun +Date: Thu, 8 Sep 2022 20:41:30 +0800 +Subject: [PATCH] docker: cleanup netns file when close docker daemon + +When the docker daemon shutdown, if LiveRestoreEnabled is true and +there are containers still running, we will not call the netns GC +and will cause netns file leak. We need to call netns GC manually. +--- + components/engine/daemon/daemon.go | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go +index 5c6be8e45..6e3477bf5 100644 +--- a/components/engine/daemon/daemon.go ++++ b/components/engine/daemon/daemon.go +@@ -70,6 +70,7 @@ import ( + "github.com/docker/libnetwork" + "github.com/docker/libnetwork/cluster" + nwconfig "github.com/docker/libnetwork/config" ++ "github.com/docker/libnetwork/osl" + "github.com/opencontainers/runtime-spec/specs-go" + "github.com/pkg/errors" + ) +@@ -1295,6 +1296,10 @@ func (daemon *Daemon) ShutdownTimeout() int { + // Shutdown stops the daemon. + func (daemon *Daemon) Shutdown() error { + daemon.shutdown = true ++ ++ // netns file in GC need some cleanup first ++ osl.GC() ++ + // Keep mounts and networking running on daemon shutdown if + // we are to keep containers running and restore them. + +-- +2.23.0 + diff --git a/series.conf b/series.conf index 30ce8a5..af6afee 100644 --- a/series.conf +++ b/series.conf @@ -230,4 +230,5 @@ patch/0229-docker-fix-terminal-abnormal-after-docker-run.patch patch/0230-docker-Add-an-ExitPid-field-for-State-struct-to-reco.patch patch/0231-docker-AdditionalGids-must-include-effective-group-I.patch patch/0232-docker-ensure-layer-digest-folder-removed-if-ls.driv.patch +patch/0233-docker-cleanup-netns-file-when-close-docker-daemon.patch #end