!142 docker: cleanup netns file when stop docker daemon

From: @jackchan8 Reviewed-by: @zhangsong234, @duguhaotian Signed-off-by: @duguhaotian
2022-11-22 08:13:40 +00:00 · 2022-11-22 08:13:40 +00:00 · 8f09263541
commit 8f09263541
parent 05e1f1370a 6a3861c8c1
5 changed files with 49 additions and 4 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-18.09.0.312
+18.09.0.313
--- a/docker.spec
+++ b/docker.spec
@ -1,6 +1,6 @@
 Name: docker-engine
 Version: 18.09.0
-Release: 312
+Release: 313
 Epoch: 2
 Summary: The open-source application container engine
 Group: Tools/Docker
@ -22,7 +22,7 @@ URL: https://mobyproject.org
 # most are already in the container (see contrib/builder/rpm/ARCH/generate.sh)
 BuildRequires: pkgconfig(systemd) golang >= 1.8.3 btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel
 BuildRequires: libselinux-devel libtool-ltdl-devel pkgconfig selinux-policy selinux-policy-devel sqlite-devel systemd-devel
-BuildRequires: tar containerd docker-runc docker-proxy
+BuildRequires: tar containerd docker-runc docker-proxy git

 # required packages on install
 Requires: /bin/sh iptables libcgroup tar xz device-mapper-libs >= 1.02.90-1 systemd-units
@ -213,6 +213,12 @@ fi
 %endif

 %changelog
+* Tue Nov 22 2022 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-313
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:cleanup netns file when stop docker daemon
+
 * Mon Oct 17 2022 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-312
 - Type:bugfix
 - CVE:NA
--- a/2
+++ b/2
@ -1 +1 @@
-d1134d1492bbebbc6af9352ad33eb4543caf23d8
+f06d9b2e6b86090d87db5b8d20fc87243cbcd1c4
--- a/patch/0233-docker-cleanup-netns-file-when-close-docker-daemon.patch
+++ b/patch/0233-docker-cleanup-netns-file-when-close-docker-daemon.patch
@ -0,0 +1,38 @@
+From 26f9b14362ee9859e221e73e57b73abbe7f812f8 Mon Sep 17 00:00:00 2001
+From: chenjiankun <chenjiankun1@huawei.com>
+Date: Thu, 8 Sep 2022 20:41:30 +0800
+Subject: [PATCH] docker: cleanup netns file when close docker daemon
+
+When the docker daemon shutdown, if LiveRestoreEnabled is true and
+there are containers still running, we will not call the netns GC
+and will cause netns file leak. We need to call netns GC manually.
+---
+ components/engine/daemon/daemon.go | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
+index 5c6be8e45..6e3477bf5 100644
+--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
+@@ -70,6 +70,7 @@ import (
+ 	"github.com/docker/libnetwork"
+ 	"github.com/docker/libnetwork/cluster"
+ 	nwconfig "github.com/docker/libnetwork/config"
+	"github.com/docker/libnetwork/osl"
+ 	"github.com/opencontainers/runtime-spec/specs-go"
+ 	"github.com/pkg/errors"
+ )
+@@ -1295,6 +1296,10 @@ func (daemon *Daemon) ShutdownTimeout() int {
+ // Shutdown stops the daemon.
+ func (daemon *Daemon) Shutdown() error {
+ 	daemon.shutdown = true
+
+	// netns file in GC need some cleanup first
+	osl.GC()
+
+ 	// Keep mounts and networking running on daemon shutdown if
+ 	// we are to keep containers running and restore them.
+ 
+-- 
+2.23.0
+
--- a/series.conf
+++ b/series.conf
@ -230,4 +230,5 @@ patch/0229-docker-fix-terminal-abnormal-after-docker-run.patch
 patch/0230-docker-Add-an-ExitPid-field-for-State-struct-to-reco.patch
 patch/0231-docker-AdditionalGids-must-include-effective-group-I.patch
 patch/0232-docker-ensure-layer-digest-folder-removed-if-ls.driv.patch
+patch/0233-docker-cleanup-netns-file-when-close-docker-daemon.patch
 #end