Merge pull request #14720 from sstosh/rm-option

Fix: Prevent OCI runtime directory remain
2022-06-29 19:51:53 +00:00 · 2022-06-29 19:51:53 +00:00 · 2cc3f127f4
parent d6cdb996bc 3619f0be95
commit 2cc3f127f4
5 changed files with 40 additions and 1 deletions
--- a/libpod/container_api.go
+++ b/libpod/container_api.go
@ -666,6 +666,15 @@ func (c *Container) Cleanup(ctx context.Context) error {
 		defer c.lock.Unlock()

 		if err := c.syncContainer(); err != nil {
+			switch errors.Cause(err) {
+			// When the container has already been removed, the OCI runtime directory remain.
+			case define.ErrNoSuchCtr, define.ErrCtrRemoved:
+				if err := c.cleanupRuntime(ctx); err != nil {
+					return errors.Wrapf(err, "error cleaning up container %s from OCI runtime", c.ID())
+				}
+			default:
+				logrus.Errorf("Syncing container %s status: %v", c.ID(), err)
+			}
 			return err
 		}
 	}
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@ -1289,8 +1289,9 @@ func (c *Container) stop(timeout uint) error {
 		if err := c.syncContainer(); err != nil {
 			switch errors.Cause(err) {
 			// If the container has already been removed (e.g., via
-			// the cleanup process), there's nothing left to do.
+			// the cleanup process), set the container state to "stopped".
 			case define.ErrNoSuchCtr, define.ErrCtrRemoved:
+				c.state.State = define.ContainerStateStopped
 				return stopErr
 			default:
 				if stopErr != nil {
--- a/libpod/runtime_ctr.go
+++ b/libpod/runtime_ctr.go
@ -715,6 +715,10 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force, remo
 		// Do a quick ping of the database to check if the container
 		// still exists.
 		if ok, _ := r.state.HasContainer(c.ID()); !ok {
+			// When the container has already been removed, the OCI runtime directory remain.
+			if err := c.cleanupRuntime(ctx); err != nil {
+				return errors.Wrapf(err, "error cleaning up container %s from OCI runtime", c.ID())
+			}
 			return nil
 		}
 	}
--- a/test/system/050-stop.bats
+++ b/test/system/050-stop.bats
@ -171,4 +171,19 @@ load helpers
    run_podman --noout stop -t 0 stopme
    is "$output" "" "output should be empty"
 }
+
+@test "podman stop, with --rm container" {
+    OCIDir=/run/$(podman_runtime)
+
+    if is_rootless; then
+        OCIDir=/run/user/$(id -u)/$(podman_runtime)
+    fi
+
+    run_podman run --rm -d --name rmstop $IMAGE sleep infinity
+    local cid="$output"
+    run_podman stop rmstop
+
+    # Check the OCI runtime directory has removed.
+    is "$(ls $OCIDir | grep $cid)" "" "The OCI runtime directory should have been removed"
+}
 # vim: filetype=sh
--- a/test/system/055-rm.bats
+++ b/test/system/055-rm.bats
@ -52,10 +52,20 @@ load helpers
 }

@test "podman rm <-> run --rm race" {
+    OCIDir=/run/$(podman_runtime)
+
+    if is_rootless; then
+        OCIDir=/run/user/$(id -u)/$(podman_runtime)
+    fi
+
    # A container's lock is released before attempting to stop it.  This opens
    # the window for race conditions that led to #9479.
    run_podman run --rm -d $IMAGE sleep infinity
+    local cid="$output"
    run_podman rm -af
+
+    # Check the OCI runtime directory has removed.
+    is "$(ls $OCIDir | grep $cid)" "" "The OCI runtime directory should have been removed"
 }

@test "podman rm --depend" {