server: adhere to CRI for sandbox stop/remove

Signed-off-by: Antonio Murdaca <runcom@redhat.com>

server/container_remove.go

@@ -27,6 +27,9 @@ func (s *Server) RemoveContainer(ctx context.Context, req *pb.RemoveContainerReq
 		if err := s.runtime.StopContainer(c, -1); err != nil {
 			return nil, fmt.Errorf("failed to stop container %s: %v", c.ID(), err)
 		}
+		if err := s.storageRuntimeServer.StopContainer(c.ID()); err != nil {
+			return nil, fmt.Errorf("failed to unmount container %s: %v", c.ID(), err)
+		}
 	}
 
 	if err := s.runtime.DeleteContainer(c); err != nil {
@@ -35,10 +38,6 @@ func (s *Server) RemoveContainer(ctx context.Context, req *pb.RemoveContainerReq
 
 	s.removeContainer(c)
 
-	if err := s.storageRuntimeServer.StopContainer(c.ID()); err != nil {
-		return nil, fmt.Errorf("failed to unmount container %s: %v", c.ID(), err)
-	}
-
 	if err := s.storageRuntimeServer.DeleteContainer(c.ID()); err != nil {
 		return nil, fmt.Errorf("failed to delete storage for container %s: %v", c.ID(), err)
 	}

server/container_stop.go

@@ -25,6 +25,9 @@ func (s *Server) StopContainer(ctx context.Context, req *pb.StopContainerRequest
 		if err := s.runtime.StopContainer(c, req.Timeout); err != nil {
 			return nil, fmt.Errorf("failed to stop container %s: %v", c.ID(), err)
 		}
+		if err := s.storageRuntimeServer.StopContainer(c.ID()); err != nil {
+			return nil, fmt.Errorf("failed to unmount container %s: %v", c.ID(), err)
+		}
 	}
 
 	s.containerStateToDisk(c)

server/sandbox.go

@@ -10,7 +10,9 @@ import (
 
 	"github.com/Sirupsen/logrus"
 	"github.com/containernetworking/cni/pkg/ns"
+	"github.com/docker/docker/pkg/mount"
 	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/pkg/symlink"
 	"github.com/kubernetes-incubator/cri-o/oci"
 	"golang.org/x/sys/unix"
 	"k8s.io/apimachinery/pkg/fields"
@@ -238,9 +240,19 @@ func (s *sandbox) netNsRemove() error {
 	}
 
 	if s.netns.restored {
-		if err := unix.Unmount(s.netns.ns.Path(), unix.MNT_DETACH); err != nil {
+		// we got namespaces in the form of
+		// /var/run/netns/cni-0d08effa-06eb-a963-f51a-e2b0eceffc5d
+		// but /var/run on most system is symlinked to /run so we first resolve
+		// the symlink and then try and see if it's mounted
+		fp, err := symlink.FollowSymlinkInScope(s.netns.ns.Path(), "/")
+		if err != nil {
 			return err
 		}
+		if mounted, err := mount.Mounted(fp); err == nil && mounted {
+			if err := unix.Unmount(fp, unix.MNT_DETACH); err != nil {
+				return err
+			}
+		}
 
 		if err := os.RemoveAll(s.netns.ns.Path()); err != nil {
 			return err

server/sandbox_remove.go

@@ -2,14 +2,11 @@ package server
 
 import (
 	"fmt"
-	"syscall"
 
 	"github.com/Sirupsen/logrus"
 	"github.com/containers/storage"
-	"github.com/docker/docker/pkg/mount"
 	"github.com/kubernetes-incubator/cri-o/oci"
 	pkgstorage "github.com/kubernetes-incubator/cri-o/pkg/storage"
-	"github.com/opencontainers/selinux/go-selinux/label"
 	"golang.org/x/net/context"
 	pb "k8s.io/kubernetes/pkg/kubelet/api/v1alpha1/runtime"
 )
@@ -74,27 +71,10 @@ func (s *Server) RemovePodSandbox(ctx context.Context, req *pb.RemovePodSandboxR
 		}
 	}
 
-	if err := label.ReleaseLabel(sb.processLabel); err != nil {
-		return nil, err
-	}
-
-	// unmount the shm for the pod
-	if sb.shmPath != "/dev/shm" {
-		if mounted, err := mount.Mounted(sb.shmPath); err == nil && mounted {
-			if err := syscall.Unmount(sb.shmPath, syscall.MNT_DETACH); err != nil {
-				return nil, err
-			}
-		}
-	}
-
-	if err := sb.netNsRemove(); err != nil {
-		return nil, fmt.Errorf("failed to remove networking namespace for sandbox %s: %v", sb.id, err)
-	}
-
 	s.removeContainer(podInfraContainer)
 
 	// Remove the files related to the sandbox
-	if err := s.storageRuntimeServer.StopContainer(sb.id); err != nil {
+	if err := s.storageRuntimeServer.StopContainer(sb.id); err != nil && err != storage.ErrContainerUnknown {
 		logrus.Warnf("failed to stop sandbox container in pod sandbox %s: %v", sb.id, err)
 	}
 	if err := s.storageRuntimeServer.RemovePodSandbox(sb.id); err != nil && err != pkgstorage.ErrInvalidSandboxID {

server/sandbox_stop.go

@@ -5,8 +5,13 @@ import (
 	"os"
 
 	"github.com/Sirupsen/logrus"
+	"github.com/containers/storage"
+	"github.com/docker/docker/pkg/mount"
+	"github.com/docker/docker/pkg/symlink"
 	"github.com/kubernetes-incubator/cri-o/oci"
+	"github.com/opencontainers/selinux/go-selinux/label"
 	"golang.org/x/net/context"
+	"golang.org/x/sys/unix"
 	pb "k8s.io/kubernetes/pkg/kubelet/api/v1alpha1/runtime"
 )
 
@@ -61,10 +66,41 @@ func (s *Server) StopPodSandbox(ctx context.Context, req *pb.StopPodSandboxReque
 			if err := s.runtime.StopContainer(c, -1); err != nil {
 				return nil, fmt.Errorf("failed to stop container %s in pod sandbox %s: %v", c.Name(), sb.id, err)
 			}
+			if c.ID() == podInfraContainer.ID() {
+				continue
+			}
+			if err := s.storageRuntimeServer.StopContainer(c.ID()); err != nil && err != storage.ErrContainerUnknown {
+				// assume container already umounted
+				logrus.Warnf("failed to stop container %s in pod sandbox %s: %v", c.Name(), sb.id, err)
+			}
 		}
 		s.containerStateToDisk(c)
 	}
 
+	if err := label.ReleaseLabel(sb.processLabel); err != nil {
+		return nil, err
+	}
+
+	// unmount the shm for the pod
+	if sb.shmPath != "/dev/shm" {
+		// we got namespaces in the form of
+		// /var/run/containers/storage/overlay-containers/CID/userdata/shm
+		// but /var/run on most system is symlinked to /run so we first resolve
+		// the symlink and then try and see if it's mounted
+		fp, err := symlink.FollowSymlinkInScope(sb.shmPath, "/")
+		if err != nil {
+			return nil, err
+		}
+		if mounted, err := mount.Mounted(fp); err == nil && mounted {
+			if err := unix.Unmount(fp, unix.MNT_DETACH); err != nil {
+				return nil, err
+			}
+		}
+	}
+	if err := s.storageRuntimeServer.StopContainer(sb.id); err != nil && err != storage.ErrContainerUnknown {
+		logrus.Warnf("failed to stop sandbox container in pod sandbox %s: %v", sb.id, err)
+	}
+
 	resp := &pb.StopPodSandboxResponse{}
 	logrus.Debugf("StopPodSandboxResponse: %+v", resp)
 	return resp, nil