Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[1.0] Remove sub cgroup when container exits #3297

Merged
merged 1 commit into from
Dec 1, 2021
Merged

[1.0] Remove sub cgroup when container exits #3297

merged 1 commit into from
Dec 1, 2021

Conversation

kolyshkin
Copy link
Contributor

@kolyshkin kolyshkin commented Nov 29, 2021
edited
Loading

This is a backport of #3226 to release-1.0 branch, fixing issue #3225.

Note it's not a clean backport as 1.0 lacks fsMgr field, and we do not want to instantiate one, so the commit was changed:

-       err := m.fsMgr.Destroy()
-       // fsMgr.Destroy has handled ErrNotExist
+       err := cgroups.RemovePath(m.path)
+       // cgroups.RemovePath has handled ErrNotExist

Proposed changelog entry

Bugfixes:
* cgroup v2 systemd manager: delete sub-cgroups on cgroup delete

@kolyshkin kolyshkin added the backport/1.0-pr A backport PR to release-1.0 label Nov 29, 2021
@kolyshkin kolyshkin mentioned this pull request Nov 29, 2021
Merged
@kolyshkin kolyshkin added this to the 1.0.3 milestone Nov 29, 2021
@kolyshkin kolyshkin changed the base branch from master to release-1.0 November 29, 2021 23:53
@chenk008 @kolyshkin
libct/cg/sd/v2: Destroy: remove cgroups recursively
2c30069 
Currently, we can create subcgroup in a rootless container with systemd cgroupv2 on centos8.
But after the container exited, the container cgroup and its subcgroup will not be removed.

Fix this by removing all directories recursively.

Fixes: opencontainers#3225

Signed-off-by: Kang Chen <kongchen28@gmail.com>

[kolyshkin: cherry picked from commit 7758d3f,
 changing the code to use cgroups.RemovePath().]

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
@kolyshkin kolyshkin mentioned this pull request Nov 30, 2021
Closed
thaJeztah
thaJeztah approved these changes Nov 30, 2021
View reviewed changes
Copy link
Member

@thaJeztah thaJeztah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

libcontainer/cgroups/systemd/v2.go
// XXX this is probably not needed, systemd should handle it
err := os.Remove(m.path)
if err != nil && !os.IsNotExist(err) {
// systemd 239 do not remove sub-cgroups.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// systemd 239 do not remove sub-cgroups.
// systemd 239 does not remove sub-cgroups.

libcontainer/cgroups/systemd/v2.go
Comment on lines +310 to +312
err := cgroups.RemovePath(m.path)
// cgroups.RemovePath has handled ErrNotExist
if err != nil {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hm.. didn't notice this when reviewing #3226 but, given that this is the last code of the function, looks like we could just return cgroups.RemovePath(m.path) here.

No need to change, as this more closely matches what's in main (but we could clean that up)

@thaJeztah
Copy link
Member

(I see you also requested a review from @cyphar, but feel free to merge if that was just "one of you both" 😅)

@kolyshkin
Copy link
Contributor Author

Both suggestions from @thaJeztah are valid, I guess it makes sense to fix them in main branch. Here, not so much, as this is a release branch that will be hopefully be closed some time after we release 1.1.

@kolyshkin kolyshkin merged commit 18457d8 into opencontainers:release-1.0 Dec 1, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AkihiroSuda AkihiroSuda AkihiroSuda approved these changes

@thaJeztah thaJeztah thaJeztah approved these changes

@cyphar cyphar Awaiting requested review from cyphar

Assignees
No one assigned
Labels
backport/1.0-pr A backport PR to release-1.0
Projects
None yet
Milestone
1.0.3
Development

Successfully merging this pull request may close these issues.
4 participants
@kolyshkin @thaJeztah @AkihiroSuda @chenk008