sandbox: Force netns unmount and removal when restoring
ns.Close() will not remove and unmount the networking namespace if it's not currently marked as mounted. When we restore a sandbox, we generate the sandbox netns from ns.GetNS() which does not mark the sandbox as mounted. There currently is a PR open to fix that in the ns package: https://github.com/containernetworking/cni/pull/342 but meanwhile this patch fixes a netns leak when restoring a pod. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
This commit is contained in:
parent
7b0c76219c
commit
ad6ac9391c
1 changed files with 16 additions and 4 deletions
|
@ -14,13 +14,15 @@ import (
|
|||
"github.com/containernetworking/cni/pkg/ns"
|
||||
"k8s.io/kubernetes/pkg/fields"
|
||||
pb "k8s.io/kubernetes/pkg/kubelet/api/v1alpha1/runtime"
|
||||
"golang.org/x/sys/unix"
|
||||
)
|
||||
|
||||
type sandboxNetNs struct {
|
||||
sync.Mutex
|
||||
ns ns.NetNS
|
||||
symlink *os.File
|
||||
closed bool
|
||||
ns ns.NetNS
|
||||
symlink *os.File
|
||||
closed bool
|
||||
restored bool
|
||||
}
|
||||
|
||||
func (ns *sandboxNetNs) symlinkCreate(name string) error {
|
||||
|
@ -94,7 +96,7 @@ func netNsGet(nspath, name string) (*sandboxNetNs, error) {
|
|||
return nil, err
|
||||
}
|
||||
|
||||
netNs := &sandboxNetNs{ns: netNS, closed: false,}
|
||||
netNs := &sandboxNetNs{ns: netNS, closed: false, restored: true}
|
||||
|
||||
if symlink {
|
||||
fd, err := os.Open(nspath)
|
||||
|
@ -228,6 +230,16 @@ func (s *sandbox) netNsRemove() error {
|
|||
return err
|
||||
}
|
||||
|
||||
if s.netns.restored {
|
||||
if err := unix.Unmount(s.netns.ns.Path(), unix.MNT_DETACH); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if err := os.RemoveAll(s.netns.ns.Path()); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
s.netns.closed = true
|
||||
return nil
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue