sandbox: Force netns unmount and removal when restoring
ns.Close() will not remove and unmount the networking namespace if it's not currently marked as mounted. When we restore a sandbox, we generate the sandbox netns from ns.GetNS() which does not mark the sandbox as mounted. There currently is a PR open to fix that in the ns package: https://github.com/containernetworking/cni/pull/342 but meanwhile this patch fixes a netns leak when restoring a pod. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
This commit is contained in:
parent
7b0c76219c
commit
ad6ac9391c
1 changed files with 16 additions and 4 deletions
|
@ -14,6 +14,7 @@ import (
|
||||||
"github.com/containernetworking/cni/pkg/ns"
|
"github.com/containernetworking/cni/pkg/ns"
|
||||||
"k8s.io/kubernetes/pkg/fields"
|
"k8s.io/kubernetes/pkg/fields"
|
||||||
pb "k8s.io/kubernetes/pkg/kubelet/api/v1alpha1/runtime"
|
pb "k8s.io/kubernetes/pkg/kubelet/api/v1alpha1/runtime"
|
||||||
|
"golang.org/x/sys/unix"
|
||||||
)
|
)
|
||||||
|
|
||||||
type sandboxNetNs struct {
|
type sandboxNetNs struct {
|
||||||
|
@ -21,6 +22,7 @@ type sandboxNetNs struct {
|
||||||
ns ns.NetNS
|
ns ns.NetNS
|
||||||
symlink *os.File
|
symlink *os.File
|
||||||
closed bool
|
closed bool
|
||||||
|
restored bool
|
||||||
}
|
}
|
||||||
|
|
||||||
func (ns *sandboxNetNs) symlinkCreate(name string) error {
|
func (ns *sandboxNetNs) symlinkCreate(name string) error {
|
||||||
|
@ -94,7 +96,7 @@ func netNsGet(nspath, name string) (*sandboxNetNs, error) {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
netNs := &sandboxNetNs{ns: netNS, closed: false,}
|
netNs := &sandboxNetNs{ns: netNS, closed: false, restored: true}
|
||||||
|
|
||||||
if symlink {
|
if symlink {
|
||||||
fd, err := os.Open(nspath)
|
fd, err := os.Open(nspath)
|
||||||
|
@ -228,6 +230,16 @@ func (s *sandbox) netNsRemove() error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if s.netns.restored {
|
||||||
|
if err := unix.Unmount(s.netns.ns.Path(), unix.MNT_DETACH); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := os.RemoveAll(s.netns.ns.Path()); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
s.netns.closed = true
|
s.netns.closed = true
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue