stream: repeat copybuffer if it is blocked by policy

copyBuffer returns and the streams will be closed when error occurs. If the error contains "blocked by policy" it means the log output is disabled by policy with "ReadStreamRequest" and "WriteStreamRequest" set to false. But at this moment, we want the real stream still working (not be seen) because we might want to enable logging for debugging purpose, so we repeat copybuffer in this case to avoid streams being closed. Fixes: #8797 Signed-off-by: Linda Yu <linda.yu@intel.com>
2025-08-19 00:17:54 +00:00 · 2023-12-08 15:56:50 +08:00 · 2023-12-08 15:56:50 +08:00 · 1c5693be86
commit 1c5693be86
parent eda419cb03
1 changed files with 16 additions and 1 deletions
--- a/src/runtime/pkg/containerd-shim-v2/stream.go
+++ b/src/runtime/pkg/containerd-shim-v2/stream.go
@ -10,7 +10,9 @@ import (
 	"fmt"
 	"io"
 	"net/url"
+	"strings"
 	"sync"
+	"time"

 	"github.com/sirupsen/logrus"
 )
@ -125,7 +127,20 @@ func ioCopy(shimLog *logrus.Entry, exitch, stdinCloser chan struct{}, tty *ttyIO
 			shimLog.Debug("stdout io stream copy started")
 			p := bufPool.Get().(*[]byte)
 			defer bufPool.Put(p)
-			io.CopyBuffer(tty.io.Stdout(), stdoutPipe, *p)
+
+			for {
+				var _, err = io.CopyBuffer(tty.io.Stdout(), stdoutPipe, *p)
+				if err != nil {
+					shimLog.Debug("stdout io stream copy error happens: error = %w", err.Error())
+					if !strings.Contains(err.Error(), "blocked by policy") {
+						break
+					}
+					time.Sleep(1 * time.Second)
+				} else {
+					break
+				}
+			}
+
 			if tty.io.Stdin() != nil {
 				// close stdin to make the other routine stop
 				tty.io.Stdin().Close()