sandbox: Force netns unmount and removal when restoring

ns.Close() will not remove and unmount the networking namespace
if it's not currently marked as mounted.
When we restore a sandbox, we generate the sandbox netns from
ns.GetNS() which does not mark the sandbox as mounted.

There currently is a PR open to fix that in the ns package:
https://github.com/containernetworking/cni/pull/342

but meanwhile this patch fixes a netns leak when restoring a pod.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
This commit is contained in:
Samuel Ortiz 2016-12-14 19:47:05 +01:00
parent 7b0c76219c
commit ad6ac9391c
No known key found for this signature in database
GPG key ID: 8A803CDD4F566C4A

View file

@ -14,13 +14,15 @@ import (
"github.com/containernetworking/cni/pkg/ns"
"k8s.io/kubernetes/pkg/fields"
pb "k8s.io/kubernetes/pkg/kubelet/api/v1alpha1/runtime"
"golang.org/x/sys/unix"
)
type sandboxNetNs struct {
sync.Mutex
ns ns.NetNS
symlink *os.File
closed bool
ns ns.NetNS
symlink *os.File
closed bool
restored bool
}
func (ns *sandboxNetNs) symlinkCreate(name string) error {
@ -94,7 +96,7 @@ func netNsGet(nspath, name string) (*sandboxNetNs, error) {
return nil, err
}
netNs := &sandboxNetNs{ns: netNS, closed: false,}
netNs := &sandboxNetNs{ns: netNS, closed: false, restored: true}
if symlink {
fd, err := os.Open(nspath)
@ -228,6 +230,16 @@ func (s *sandbox) netNsRemove() error {
return err
}
if s.netns.restored {
if err := unix.Unmount(s.netns.ns.Path(), unix.MNT_DETACH); err != nil {
return err
}
if err := os.RemoveAll(s.netns.ns.Path()); err != nil {
return err
}
}
s.netns.closed = true
return nil
}