!60 clean up /run/syscontainer-tools/netns/container_id directory residues

From: @vegbir Reviewed-by: @zhangsong234, @jingwoo Signed-off-by: @jingwoo
2023-08-18 09:33:13 +00:00 · 2023-08-18 09:33:13 +00:00 · 6ded272f39
commit 6ded272f39
parent 67d724c7bb f20cd5bafe
2 changed files with 66 additions and 1 deletions
--- a/0009-clean-up-run-syscontainer-tools-netns-containerid-di.patch
+++ b/0009-clean-up-run-syscontainer-tools-netns-containerid-di.patch
@ -0,0 +1,58 @@
+From 7581283eb8e235ae0923e8c68677e059895a3c9b Mon Sep 17 00:00:00 2001
+From: yangjiaqi <yangjiaqi16@huawei.com>
+Date: Thu, 17 Aug 2023 20:12:49 +0800
+Subject: [PATCH] clean up run/syscontainer-tools/netns/containerid dir residue
+
+Signed-off-by: yangjiaqi <yangjiaqi16@huawei.com>
+---
+ hooks/syscontainer-hooks/prestart.go | 22 +++++++++++++++++++++-
+ 1 file changed, 21 insertions(+), 1 deletion(-)
+
+diff --git a/hooks/syscontainer-hooks/prestart.go b/hooks/syscontainer-hooks/prestart.go
+index a71d26b..8b5756e 100644
+--- a/hooks/syscontainer-hooks/prestart.go
+++ b/hooks/syscontainer-hooks/prestart.go
+@@ -23,11 +23,13 @@ import (
+ 	"strconv"
+ 	"strings"
+ 
+	"github.com/docker/docker/pkg/mount"
+ 	"github.com/opencontainers/runc/libcontainer/configs"
+ 	_ "github.com/opencontainers/runc/libcontainer/nsenter"
+ 	"github.com/opencontainers/runtime-spec/specs-go"
+ 	"github.com/sirupsen/logrus"
+ 	"golang.org/x/sys/unix"
+
+ 	hconfig "isula.org/syscontainer-tools/config"
+ 	"isula.org/syscontainer-tools/libdevice"
+ 	"isula.org/syscontainer-tools/libdevice/nsexec"
+@@ -251,7 +253,25 @@ func UpdateNetwork(state *configs.HookState, hookConfig *hconfig.ContainerHookCo
+ 		logrus.Errorf("[device-hook] Failed to Create netns dir %v", err)
+ 		return err
+ 	}
+-	file, err := os.Create(filepath.Join(hconfig.IsuladToolsDirNetns, state.ID))
+	/*
+		each container can only be in prestart, running or poststop at the same time,
+		so there is no lock protection for the file /run/syscontainer-tools/netns/containerid.
+	*/
+	netnsMountpoint := filepath.Join(hconfig.IsuladToolsDirNetns, state.ID)
+	// see if the current network namespace file is mounted
+	mounted, err := mount.Mounted(netnsMountpoint)
+	if err != nil {
+		logrus.Errorf("[device-hook] Failed to get mount info %v: %v", netnsMountpoint, err)
+	}
+	// has mounted
+	if mounted {
+		// maybe the previous poststop command was not executed or interrupted, resulting in residual
+		if removeErr := RemoveNetworkDevices(state, hookConfig, spec); removeErr != nil {
+			logrus.Errorf("[device-hook] Failed to remove network devices and umount netns file and %v is still mounted: %v",
+				netnsMountpoint, removeErr)
+		}
+	}
+	file, err := os.Create(netnsMountpoint)
+ 	if err != nil {
+ 		logrus.Errorf("[device-hook] Failed to Create netns file %v", err)
+ 		return err
+-- 
+2.30.0
+
--- a/syscontainer-tools.spec
+++ b/syscontainer-tools.spec
@ -1,7 +1,7 @@
 #Basic Information
 Name:           syscontainer-tools
 Version:        0.9
-Release:        56
+Release:        57
 Summary:        syscontainer tools for IT, work with iSulad
 License:        Mulan PSL v2
 URL:            https://gitee.com/openeuler/syscontainer-tools
@ -16,6 +16,7 @@ Patch5:      0005-add-riscv64-to-syscall-build.patch
 Patch6:      0006-syscontainer-tools-Add-sw64-architecture.patch
 Patch7:      0007-support-ipv6.patch
 Patch8:      0008-use-file-locks-to-avoid-remounting-the-sharepath-mas.patch
+Patch9:      0009-clean-up-run-syscontainer-tools-netns-containerid-di.patch

 #Dependency
 BuildRequires: glibc-static 
@ -117,6 +118,12 @@ chmod 0640 ${HOOK_SPEC}/hookspec.json
 rm -rfv %{buildroot}

 %changelog
+* Thu Aug 17 2023 yangjiaqi<yangjiaqi16@huawei.com> - 0.9-57
+- Type:bugfix
+- CVE:NA
+- SUG:restart
+- DESC:clean up run/syscontainer-tools/netns/container_id directory residues in the prestart phase
+
 * Tue Aug 15 2023 yangjiaqi<yangjiaqi16@huawei.com> - 0.9-56
 - Type:bugfix
 - CVE:NA