stream: repeat copybuffer if it is blocked by policy

copyBuffer returns and the streams will be closed when error occurs.
If the error contains "blocked by policy" it means the log output is
disabled by policy with "ReadStreamRequest" and "WriteStreamRequest" set
to false. But at this moment, we want the real stream still working (not
be seen) because we might want to enable logging for debugging purpose,
so we repeat copybuffer in this case to avoid streams being closed.

Fixes: #8797

Signed-off-by: Linda Yu <linda.yu@intel.com>
This commit is contained in:
Linda Yu 2023-12-08 15:56:50 +08:00
parent eda419cb03
commit 1c5693be86

View File

@ -10,7 +10,9 @@ import (
"fmt"
"io"
"net/url"
"strings"
"sync"
"time"
"github.com/sirupsen/logrus"
)
@ -125,7 +127,20 @@ func ioCopy(shimLog *logrus.Entry, exitch, stdinCloser chan struct{}, tty *ttyIO
shimLog.Debug("stdout io stream copy started")
p := bufPool.Get().(*[]byte)
defer bufPool.Put(p)
io.CopyBuffer(tty.io.Stdout(), stdoutPipe, *p)
for {
var _, err = io.CopyBuffer(tty.io.Stdout(), stdoutPipe, *p)
if err != nil {
shimLog.Debug("stdout io stream copy error happens: error = %w", err.Error())
if !strings.Contains(err.Error(), "blocked by policy") {
break
}
time.Sleep(1 * time.Second)
} else {
break
}
}
if tty.io.Stdin() != nil {
// close stdin to make the other routine stop
tty.io.Stdin().Close()