From f20cd5bafe853826ba1da70853ff19bf4713acc6 Mon Sep 17 00:00:00 2001
From: yangjiaqi <yangjiaqi16@huawei.com>
Date: Thu, 17 Aug 2023 20:21:04 +0800
Subject: [PATCH] clean up /run/syscontainer-tools/netns/container_id directory
 residues

reason:/run/syscontainer-tools/netns/container id and container network namespace mount propagation, however, umount may fail during poststop, resulting in mount failure in the second prestart stage, so if you find that there are still mounts, you need to execute poststop first Work in and umount.

Signed-off-by: yangjiaqi <yangjiaqi16@huawei.com>
---
 ...container-tools-netns-containerid-di.patch | 58 +++++++++++++++++++
 syscontainer-tools.spec                       |  9 ++-
 2 files changed, 66 insertions(+), 1 deletion(-)
 create mode 100644 0009-clean-up-run-syscontainer-tools-netns-containerid-di.patch

diff --git a/0009-clean-up-run-syscontainer-tools-netns-containerid-di.patch b/0009-clean-up-run-syscontainer-tools-netns-containerid-di.patch
new file mode 100644
index 0000000..f34b0f4
--- /dev/null
+++ b/0009-clean-up-run-syscontainer-tools-netns-containerid-di.patch
@@ -0,0 +1,58 @@
+From 7581283eb8e235ae0923e8c68677e059895a3c9b Mon Sep 17 00:00:00 2001
+From: yangjiaqi <yangjiaqi16@huawei.com>
+Date: Thu, 17 Aug 2023 20:12:49 +0800
+Subject: [PATCH] clean up run/syscontainer-tools/netns/containerid dir residue
+
+Signed-off-by: yangjiaqi <yangjiaqi16@huawei.com>
+---
+ hooks/syscontainer-hooks/prestart.go | 22 +++++++++++++++++++++-
+ 1 file changed, 21 insertions(+), 1 deletion(-)
+
+diff --git a/hooks/syscontainer-hooks/prestart.go b/hooks/syscontainer-hooks/prestart.go
+index a71d26b..8b5756e 100644
+--- a/hooks/syscontainer-hooks/prestart.go
++++ b/hooks/syscontainer-hooks/prestart.go
+@@ -23,11 +23,13 @@ import (
+ 	"strconv"
+ 	"strings"
+ 
++	"github.com/docker/docker/pkg/mount"
+ 	"github.com/opencontainers/runc/libcontainer/configs"
+ 	_ "github.com/opencontainers/runc/libcontainer/nsenter"
+ 	"github.com/opencontainers/runtime-spec/specs-go"
+ 	"github.com/sirupsen/logrus"
+ 	"golang.org/x/sys/unix"
++
+ 	hconfig "isula.org/syscontainer-tools/config"
+ 	"isula.org/syscontainer-tools/libdevice"
+ 	"isula.org/syscontainer-tools/libdevice/nsexec"
+@@ -251,7 +253,25 @@ func UpdateNetwork(state *configs.HookState, hookConfig *hconfig.ContainerHookCo
+ 		logrus.Errorf("[device-hook] Failed to Create netns dir %v", err)
+ 		return err
+ 	}
+-	file, err := os.Create(filepath.Join(hconfig.IsuladToolsDirNetns, state.ID))
++	/*
++		each container can only be in prestart, running or poststop at the same time,
++		so there is no lock protection for the file /run/syscontainer-tools/netns/containerid.
++	*/
++	netnsMountpoint := filepath.Join(hconfig.IsuladToolsDirNetns, state.ID)
++	// see if the current network namespace file is mounted
++	mounted, err := mount.Mounted(netnsMountpoint)
++	if err != nil {
++		logrus.Errorf("[device-hook] Failed to get mount info %v: %v", netnsMountpoint, err)
++	}
++	// has mounted
++	if mounted {
++		// maybe the previous poststop command was not executed or interrupted, resulting in residual
++		if removeErr := RemoveNetworkDevices(state, hookConfig, spec); removeErr != nil {
++			logrus.Errorf("[device-hook] Failed to remove network devices and umount netns file and %v is still mounted: %v",
++				netnsMountpoint, removeErr)
++		}
++	}
++	file, err := os.Create(netnsMountpoint)
+ 	if err != nil {
+ 		logrus.Errorf("[device-hook] Failed to Create netns file %v", err)
+ 		return err
+-- 
+2.30.0
+
diff --git a/syscontainer-tools.spec b/syscontainer-tools.spec
index c355861..80f9cab 100644
--- a/syscontainer-tools.spec
+++ b/syscontainer-tools.spec
@@ -1,7 +1,7 @@
 #Basic Information
 Name:           syscontainer-tools
 Version:        0.9
-Release:        56
+Release:        57
 Summary:        syscontainer tools for IT, work with iSulad
 License:        Mulan PSL v2
 URL:            https://gitee.com/openeuler/syscontainer-tools
@@ -16,6 +16,7 @@ Patch5:      0005-add-riscv64-to-syscall-build.patch
 Patch6:      0006-syscontainer-tools-Add-sw64-architecture.patch
 Patch7:      0007-support-ipv6.patch
 Patch8:      0008-use-file-locks-to-avoid-remounting-the-sharepath-mas.patch
+Patch9:      0009-clean-up-run-syscontainer-tools-netns-containerid-di.patch
 
 #Dependency
 BuildRequires: glibc-static 
@@ -117,6 +118,12 @@ chmod 0640 ${HOOK_SPEC}/hookspec.json
 rm -rfv %{buildroot}
 
 %changelog
+* Thu Aug 17 2023 yangjiaqi<yangjiaqi16@huawei.com> - 0.9-57
+- Type:bugfix
+- CVE:NA
+- SUG:restart
+- DESC:clean up run/syscontainer-tools/netns/container_id directory residues in the prestart phase
+
 * Tue Aug 15 2023 yangjiaqi<yangjiaqi16@huawei.com> - 0.9-56
 - Type:bugfix
 - CVE:NA