runtime-rs: remove network entities and netns

remove network entities and netns

Fixes:#4693
Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com>

src/runtime-rs/Cargo.lock

@@ -2420,6 +2420,7 @@ dependencies = [
  "logging",
  "netlink-packet-route",
  "netlink-sys",
+ "netns-rs",
  "nix 0.24.3",
  "oci",
  "persist",

src/runtime-rs/crates/resource/Cargo.toml

@@ -19,6 +19,7 @@ futures = "0.3.11"
 hex = "0.4.3"
 lazy_static = "1.4.0"
 libc = ">=0.2.39"
+netns-rs = "0.1.0"
 netlink-sys = "0.8.3"
 netlink-packet-route = "0.13.0"
 nix = "0.24.2"

src/runtime-rs/crates/resource/src/network/mod.rs

@@ -38,6 +38,7 @@ pub trait Network: Send + Sync {
     async fn routes(&self) -> Result<Vec<agent::Route>>;
     async fn neighs(&self) -> Result<Vec<agent::ARPNeighbor>>;
     async fn save(&self) -> Option<Vec<EndpointState>>;
+    async fn remove(&self, h: &dyn Hypervisor) -> Result<()>;
 }
 
 pub async fn new(config: &NetworkConfig) -> Result<Arc<dyn Network>> {

src/runtime-rs/crates/resource/src/network/network_with_netns.rs

@@ -4,9 +4,12 @@
 // SPDX-License-Identifier: Apache-2.0
 //
 
-use std::sync::{
+use std::{
-    atomic::{AtomicU32, Ordering},
+    fs,
-    Arc,
+    sync::{
+        atomic::{AtomicU32, Ordering},
+        Arc,
+    },
 };
 
 use super::endpoint::endpoint_persist::EndpointState;
@@ -14,6 +17,7 @@ use anyhow::{anyhow, Context, Result};
 use async_trait::async_trait;
 use futures::stream::TryStreamExt;
 use hypervisor::Hypervisor;
+use netns_rs::get_from_path;
 use scopeguard::defer;
 use tokio::sync::RwLock;
 
@@ -39,6 +43,7 @@ pub struct NetworkWithNetNsConfig {
 struct NetworkWithNetnsInner {
     netns_path: String,
     entity_list: Vec<NetworkEntity>,
+    network_created: bool,
 }
 
 impl NetworkWithNetnsInner {
@@ -55,6 +60,7 @@ impl NetworkWithNetnsInner {
         Ok(Self {
             netns_path: config.netns_path.to_string(),
             entity_list,
+            network_created: config.network_created,
         })
     }
 }
@@ -121,6 +127,26 @@ impl Network for NetworkWithNetns {
         }
         Some(endpoint)
     }
+
+    async fn remove(&self, h: &dyn Hypervisor) -> Result<()> {
+        let inner = self.inner.read().await;
+        // The network namespace would have been deleted at this point
+        // if it has not been created by virtcontainers.
+        if !inner.network_created {
+            return Ok(());
+        }
+        {
+            let _netns_guard =
+                netns::NetnsGuard::new(&inner.netns_path).context("net netns guard")?;
+            for e in &inner.entity_list {
+                e.endpoint.detach(h).await.context("detach")?;
+            }
+        }
+        let netns = get_from_path(inner.netns_path.clone())?;
+        netns.remove()?;
+        fs::remove_dir_all(inner.netns_path.clone()).context("failed to remove netns path")?;
+        Ok(())
+    }
 }
 
 async fn get_entity_from_netns(config: &NetworkWithNetNsConfig) -> Result<Vec<NetworkEntity>> {