From c180f0a169b6fd511c9316c75550173f3a7bafe5 Mon Sep 17 00:00:00 2001 From: lfbzhm Date: Sun, 10 Nov 2024 02:08:18 +0000 Subject: [PATCH 1/3] libct/cg: fix an error of cgroup path removal When fall back to the traditional path walk removal after rmdir, there is an error if the path suddenly gone, we should ignore this ErrNotExist error when we open the cgroup path. Signed-off-by: lfbzhm --- libcontainer/cgroups/utils.go | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libcontainer/cgroups/utils.go b/libcontainer/cgroups/utils.go index a05945cba6c..dc6fab60c64 100644 --- a/libcontainer/cgroups/utils.go +++ b/libcontainer/cgroups/utils.go @@ -257,7 +257,13 @@ func RemovePath(path string) error { } infos, err := os.ReadDir(path) - if err != nil && !os.IsNotExist(err) { + if err != nil { + if os.IsNotExist(err) { + // Please keep this error eraser, or else it will return ErrNotExist + // for cgroupv2. + // Please see https://github.com/opencontainers/runc/issues/4518 + return nil + } return err } for _, info := range infos { From ae5e0be9de67827b540330cec379b4ed0244c4d3 Mon Sep 17 00:00:00 2001 From: lifubang Date: Tue, 12 Nov 2024 01:58:39 +0000 Subject: [PATCH 2/3] libct/cg: return early if remove subcgroup fail Co-authored-by: Sebastiaan van Stijn Signed-off-by: lifubang --- libcontainer/cgroups/utils.go | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/libcontainer/cgroups/utils.go b/libcontainer/cgroups/utils.go index dc6fab60c64..f6c5d210624 100644 --- a/libcontainer/cgroups/utils.go +++ b/libcontainer/cgroups/utils.go @@ -267,11 +267,12 @@ func RemovePath(path string) error { return err } for _, info := range infos { - if info.IsDir() { - // We should remove subcgroup first. - if err = RemovePath(filepath.Join(path, info.Name())); err != nil { - break - } + if !info.IsDir() { + continue + } + // We should remove subcgroup first. + if err = RemovePath(filepath.Join(path, info.Name())); err != nil { + return err } } if err == nil { From c8ce25e5bd6baefbb283fe1b7e46a9d7c8d755c8 Mon Sep 17 00:00:00 2001 From: lifubang Date: Tue, 12 Nov 2024 04:23:35 +0000 Subject: [PATCH 3/3] libct/cg: check the cgroup path exist or not before remove it MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If we remove a non-exist dir in a ro mount point, it will return EROFS in `unix.Rmdir`, so we need to check first. Test step: ```bash root@acmubuntu:/opt/bb# mkdir from to root@acmubuntu:/opt/bb# touch from/test root@acmubuntu:/opt/bb# mount -o bind,ro from to root@acmubuntu:/opt/bb# ls to test root@acmubuntu:/opt/bb# touch to/test1 touch: cannot touch 'to/test1': Read-only file system root@acmubuntu:/opt/bb# mkdir to/test1 mkdir: cannot create directory ‘to/test1’: Read-only file system root@acmubuntu:/opt/bb# ls to/test1 ls: cannot access 'to/test1': No such file or directory root@acmubuntu:/opt/bb# rmdir to/test1 rmdir: failed to remove 'to/test1': Read-only file system root@acmubuntu:/opt/bb# ``` Signed-off-by: lifubang --- libcontainer/cgroups/utils.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libcontainer/cgroups/utils.go b/libcontainer/cgroups/utils.go index f6c5d210624..421bf39e1a6 100644 --- a/libcontainer/cgroups/utils.go +++ b/libcontainer/cgroups/utils.go @@ -230,6 +230,11 @@ func rmdir(path string, retry bool) error { tries := 10 again: + // If we remove a non-exist dir in a ro mount point, it will + // return EROFS in `unix.Rmdir`, so we need to check first. + if _, err := os.Stat(path); os.IsNotExist(err) { + return nil + } err := unix.Rmdir(path) switch err { // nolint:errorlint // unix errors are bare case nil, unix.ENOENT: