From 70e798ed35a8bff5b6649329aa78604c32b214a7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Julien=20Rop=C3=A9?= <jrope@redhat.com>
Date: Fri, 19 Apr 2024 10:25:02 +0200
Subject: [PATCH] runtime: Call CreateRuntime hooks at container creation time
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

CreateRuntime hooks are called at the CreateSandbox time,
but not after CreateContainer.

Fixes: #9523

Signed-off-by: Julien Ropé <jrope@redhat.com>
---
 src/runtime/pkg/katautils/create.go | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/src/runtime/pkg/katautils/create.go b/src/runtime/pkg/katautils/create.go
index 6be910bde9..f950c781b9 100644
--- a/src/runtime/pkg/katautils/create.go
+++ b/src/runtime/pkg/katautils/create.go
@@ -271,9 +271,18 @@ func CreateContainer(ctx context.Context, sandbox vc.VCSandbox, ociSpec specs.Sp
 	}
 	ctx = context.WithValue(ctx, vc.HypervisorPidKey{}, hid)
 
-	// Run pre-start OCI hooks.
 	err = EnterNetNS(sandbox.GetNetNs(), func() error {
-		return PreStartHooks(ctx, ociSpec, containerID, bundlePath)
+		// Run pre-start OCI hooks, in the runtime namespace.
+		if err := PreStartHooks(ctx, ociSpec, containerID, bundlePath); err != nil {
+			return err
+		}
+
+		// Run create runtime OCI hooks, in the runtime namespace.
+		if err := CreateRuntimeHooks(ctx, ociSpec, containerID, bundlePath); err != nil {
+			return err
+		}
+
+		return nil
 	})
 	if err != nil {
 		return vc.Process{}, err