From b4c2463268a8aaed3ceb34cdb429b543f9d67b8b Mon Sep 17 00:00:00 2001 From: Zhang Tianyang Date: Fri, 5 Apr 2024 15:55:31 +0800 Subject: [PATCH 1/2] network: fix private sandbox netns Signed-off-by: Zhang Tianyang --- vmm/common/src/lib.rs | 2 +- vmm/task/src/main.rs | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/vmm/common/src/lib.rs b/vmm/common/src/lib.rs index 90502af9..a3a909fb 100644 --- a/vmm/common/src/lib.rs +++ b/vmm/common/src/lib.rs @@ -35,7 +35,7 @@ pub const HOSTNAME_FILENAME: &str = "hostname"; pub const RESOLV_FILENAME: &str = "resolv.conf"; pub const SANDBOX_NS_PATH: &str = "/run/sandbox-ns"; -pub const NET_NAMESPACE: &str = "net"; +pub const NET_NAMESPACE: &str = "network"; pub const IPC_NAMESPACE: &str = "ipc"; pub const UTS_NAMESPACE: &str = "uts"; pub const CGROUP_NAMESPACE: &str = "cgroup"; diff --git a/vmm/task/src/main.rs b/vmm/task/src/main.rs index bd0a02fd..bce4fb9d 100644 --- a/vmm/task/src/main.rs +++ b/vmm/task/src/main.rs @@ -40,8 +40,7 @@ use signal_hook_tokio::Signals; use tokio::fs::File; use vmm_common::{ api::sandbox_ttrpc::create_sandbox_service, mount::mount, ETC_RESOLV, HOSTNAME_FILENAME, - IPC_NAMESPACE, KUASAR_STATE_DIR, NET_NAMESPACE, RESOLV_FILENAME, SANDBOX_NS_PATH, - UTS_NAMESPACE, + IPC_NAMESPACE, KUASAR_STATE_DIR, RESOLV_FILENAME, SANDBOX_NS_PATH, UTS_NAMESPACE, }; use crate::{ @@ -131,7 +130,6 @@ lazy_static! { options: vec!["relatime", "nodev", "sync", "dirsync",] },]; static ref CLONE_FLAG_TABLE: HashMap = HashMap::from([ - (String::from(NET_NAMESPACE), CloneFlags::CLONE_NEWNET), (String::from(IPC_NAMESPACE), CloneFlags::CLONE_NEWIPC), (String::from(UTS_NAMESPACE), CloneFlags::CLONE_NEWUTS), ]); From 7f3c891de77221c1ce265d206659cd6b4390adb3 Mon Sep 17 00:00:00 2001 From: Zhang Tianyang Date: Fri, 5 Apr 2024 15:58:57 +0800 Subject: [PATCH 2/2] sandbox: Ignore not found error in sandbox deletion Signed-off-by: Zhang Tianyang --- vmm/sandbox/src/cgroup.rs | 19 +++++++++++++++++-- vmm/sandbox/src/sandbox.rs | 7 ++++++- 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/vmm/sandbox/src/cgroup.rs b/vmm/sandbox/src/cgroup.rs index 22850bb8..a4576580 100644 --- a/vmm/sandbox/src/cgroup.rs +++ b/vmm/sandbox/src/cgroup.rs @@ -14,6 +14,8 @@ See the License for the specific language governing permissions and limitations under the License. */ +use std::error::Error; + use anyhow::{anyhow, Ok, Result}; use cgroups_rs::{ cgroup_builder::*, cpu::CpuController, cpuset::CpuSetController, hugetlb::HugeTlbController, @@ -186,10 +188,23 @@ fn remove_sandbox_cgroup(cgroup: &Cgroup) -> Result<()> { // get the tids in the current cgroup and then move the tids to parent cgroup let tids = cgroup.tasks(); for tid in tids { - cgroup.move_task_to_parent(tid)?; + cgroup.move_task_to_parent(tid).unwrap_or_default(); } - cgroup.delete()?; + // Should ignore the NotFound error of cgroup path as it may be already deleted. + if let Err(e) = cgroup.delete() { + if e.kind() == &cgroups_rs::error::ErrorKind::RemoveFailed { + if let Some(cause) = e.source() { + if let Some(ioe) = cause.downcast_ref::() { + if ioe.kind() == std::io::ErrorKind::NotFound { + return Ok(()); + } + } + } + } + + return Err(e.into()); + } Ok(()) } diff --git a/vmm/sandbox/src/sandbox.rs b/vmm/sandbox/src/sandbox.rs index 6492bb48..e38687c6 100644 --- a/vmm/sandbox/src/sandbox.rs +++ b/vmm/sandbox/src/sandbox.rs @@ -323,7 +323,12 @@ where } cleanup_mounts(&sb.base_dir).await?; - remove_dir_all(&sb.base_dir).await?; + // Should Ignore the NotFound error of base dir as it may be already deleted. + if let Err(e) = remove_dir_all(&sb.base_dir).await { + if e.kind() != ErrorKind::NotFound { + return Err(e.into()); + } + } } self.sandboxes.write().await.remove(id); Ok(())