github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-06-25 15:02:45 +00:00
Code Issues Projects Releases Wiki Activity

runtime: fix two bugs in rootless hypervisor

Browse Source 
Update the sandbox dir clean up logic to be more appropriate
Add different seeds for randInt() method

Fixes #2770

Signed-off-by: Feng Wang <feng.wang@databricks.com>
This commit is contained in:
Feng Wang 2021-09-29 11:13:45 -07:00
parent 0300e91cd0
commit adc9e0baaf
3 changed files with 19 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/runtime/pkg/containerd-shim-v2/create.go
View File

@ -311,8 +311,14 @@ func configureNonRootHypervisor(runtimeConfig *oci.RuntimeConfig) error {
runtimeConfig.HypervisorConfig.Gid = uint32(gid) runtimeConfig.HypervisorConfig.Gid = uint32(gid)
userTmpDir := path.Join("/run/user/", fmt.Sprint(uid)) userTmpDir := path.Join("/run/user/", fmt.Sprint(uid))
dir, err := os.Stat(userTmpDir) _, err = os.Stat(userTmpDir)
if os.IsNotExist(err) { // Clean up the directory created by the previous run
if !os.IsNotExist(err) {
if err = os.RemoveAll(userTmpDir); err != nil {
return err
}
}
if err = os.Mkdir(userTmpDir, vc.DirMode); err != nil { if err = os.Mkdir(userTmpDir, vc.DirMode); err != nil {
return err return err
} }
@ -326,10 +332,6 @@ func configureNonRootHypervisor(runtimeConfig *oci.RuntimeConfig) error {
if err = syscall.Chown(userTmpDir, uid, gid); err != nil { if err = syscall.Chown(userTmpDir, uid, gid); err != nil {
return err return err
} }
}
if dir != nil && !dir.IsDir() {
return fmt.Errorf("%s is expected to be a directory", userTmpDir)
}
if err := os.Setenv("XDG_RUNTIME_DIR", userTmpDir); err != nil { if err := os.Setenv("XDG_RUNTIME_DIR", userTmpDir); err != nil {
return err return err

2
src/runtime/pkg/utils/utils.go
View File

@ -13,6 +13,7 @@ import (
"os/exec" "os/exec"
"path/filepath" "path/filepath"
"strings" "strings"
"time"
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
) )
@ -124,6 +125,7 @@ func CreateVmmUser() (string, error) {
// Add retries to mitigate temporary errors and race conditions. For example, the user already exists // Add retries to mitigate temporary errors and race conditions. For example, the user already exists
// or another instance of the runtime is also creating a user. // or another instance of the runtime is also creating a user.
maxAttempt := 5 maxAttempt := 5
rand.Seed(time.Now().UnixNano())
for i := 0; i < maxAttempt; i++ { for i := 0; i < maxAttempt; i++ {
userName = fmt.Sprintf("kata-%v", rand.Intn(100000)) userName = fmt.Sprintf("kata-%v", rand.Intn(100000))
_, err = RunCommand([]string{useraddPath, "-M", "-s", nologinPath, userName, "-c", "\"Kata Containers temporary hypervisor user\""}) _, err = RunCommand([]string{useraddPath, "-M", "-s", nologinPath, userName, "-c", "\"Kata Containers temporary hypervisor user\""})

6
src/runtime/virtcontainers/qemu.go
View File

@ -1016,12 +1016,6 @@ func (q *qemu) cleanupVM() error {
} }
if rootless.IsRootless() { if rootless.IsRootless() {
rootlessDir := os.Getenv("XDG_RUNTIME_DIR")
if err := os.RemoveAll(rootlessDir); err != nil {
q.Logger().WithError(err).WithField("root-path", rootlessDir).
Warnf("failed to remove vm run-as-user root path")
}
u, err := user.LookupId(strconv.Itoa(int(q.config.Uid))) u, err := user.LookupId(strconv.Itoa(int(q.config.Uid)))
if err != nil { if err != nil {
q.Logger().WithError(err).WithField("uid", q.config.Uid).Warn("failed to find the user") q.Logger().WithError(err).WithField("uid", q.config.Uid).Warn("failed to find the user")