packages/runc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!222 runc:runc delete don't proceed in case of errors

Browse Source 
From: @zhong-jiawei-1 
Reviewed-by: @zhangsong234 
Signed-off-by: @zhangsong234
This commit is contained in:
openeuler-ci-bot 2023-12-08 09:05:36 +00:00 committed by Gitee
commit 21080f1bc5
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
4 changed files with 67 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
git-commit
View File

@ -1 +1 @@
363b21566639cffe19f04d29381cde0c6b272f8e 1e39039974846638765620aa4f73d1e0c11e1dec

58
patch/0033-runc-libct-Destroy-don-t-proceed-in-case-of-errors.patch Normal file
View File

@ -0,0 +1,58 @@
From a5d5191301de25f26942c07ea4502a716755a32e Mon Sep 17 00:00:00 2001
From: Kir Kolyshkin <kolyshkin@gmail.com>
Date: Mon, 13 Nov 2023 15:39:21 -0800
Subject: [PATCH] libct: Destroy: don't proceed in case of errors
For some reason, container destroy operation removes container's state
directory even if cgroup removal fails (and then still returns an
error). It has been that way since commit 5c246d038fc47b, which added
cgroup removal.
This is problematic because once the container state dir is removed, we
no longer know container's cgroup and thus can't remove it.
Let's return the error early and fail if cgroup can't be removed.
Same for other operations: do not proceed if we fail.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
---
libcontainer/state_linux.go | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/libcontainer/state_linux.go b/libcontainer/state_linux.go
index aa6259b..81f1d85 100644
--- a/libcontainer/state_linux.go
+++ b/libcontainer/state_linux.go
@@ -42,19 +42,20 @@ func destroy(c *linuxContainer) error {
logrus.Warn(err)
}
}
- err := c.cgroupManager.Destroy()
+ if err := c.cgroupManager.Destroy(); err != nil {
+ return fmt.Errorf("unable to remove container's cgroup: %w", err)
+ }
if c.intelRdtManager != nil {
- if ierr := c.intelRdtManager.Destroy(); err == nil {
- err = ierr
+ if err := c.intelRdtManager.Destroy(); err != nil {
+ return fmt.Errorf("unable to remove container's IntelRDT group: %w", err)
}
}
- if rerr := os.RemoveAll(c.root); err == nil {
- err = rerr
+ if err := os.RemoveAll(c.root); err != nil {
+ return fmt.Errorf("unable to remove container state dir: %w", err)
}
c.initProcess = nil
- if herr := runPoststopHooks(c); err == nil {
- err = herr
- }
+ err := runPoststopHooks(c)
+
c.state = &stoppedState{c: c}
return err
}
--
2.33.0

8
runc.spec
View File

@ -3,7 +3,7 @@
Name: runc Name: runc
Version: 1.1.8 Version: 1.1.8
Release: 10 Release: 11
Summary: runc is a CLI tool for spawning and running containers according to the OCI specification. Summary: runc is a CLI tool for spawning and running containers according to the OCI specification.
License: ASL 2.0 License: ASL 2.0
@ -54,6 +54,12 @@ install -p -m 755 runc $RPM_BUILD_ROOT/%{_bindir}/runc
%{_bindir}/runc %{_bindir}/runc
%changelog %changelog
* Fri Dec 8 2023 zhongjiawei<zhongjiawei1@huawei.com> - 1.1.8-11
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:libct: Destroy: don't proceed in case of errors
* Mon Dec 4 2023 zhongjiawei<zhongjiawei1@huawei.com> - 1.1.8-10 * Mon Dec 4 2023 zhongjiawei<zhongjiawei1@huawei.com> - 1.1.8-10
- Type:bugfix - Type:bugfix
- CVE:NA - CVE:NA

1
series.conf
View File

@ -29,3 +29,4 @@ patch/0029-runc-libct-init-unify-init-fix-its-error-logic.patch
patch/0030-runc-Handle-kmem.limit_in_bytes-removal.patch patch/0030-runc-Handle-kmem.limit_in_bytes-removal.patch
patch/0031-runc-fix-update-rt-runtime-us-and-rt-period-us-faile.patch patch/0031-runc-fix-update-rt-runtime-us-and-rt-period-us-faile.patch
patch/0032-runc-delete-do-not-ignore-error-from-destroy.patch patch/0032-runc-delete-do-not-ignore-error-from-destroy.patch
patch/0033-runc-libct-Destroy-don-t-proceed-in-case-of-errors.patch