Merge pull request #5377 from bergwolf/github/backport-3.0

stable-3.0: backport agent fixes

src/agent/Cargo.lock

@@ -1507,7 +1507,7 @@ dependencies = [
  "lazy_static",
  "libc",
  "libseccomp",
- "nix 0.23.1",
+ "nix 0.24.2",
  "oci",
  "path-absolutize",
  "protobuf",

src/agent/rustjail/Cargo.toml

@@ -12,7 +12,7 @@ serde_derive = "1.0.91"
 oci = { path = "../../libs/oci" }
 protocols = { path ="../../libs/protocols" }
 caps = "0.5.0"
-nix = "0.23.0"
+nix = "0.24.2"
 scopeguard = "1.0.0"
 capctl = "0.2.0"
 lazy_static = "1.3.0"

src/agent/rustjail/src/console.rs

@@ -6,8 +6,9 @@
 use anyhow::{anyhow, Result};
 use nix::errno::Errno;
 use nix::pty;
-use nix::sys::{socket, uio};
+use nix::sys::socket;
 use nix::unistd::{self, dup2};
+use std::io::IoSlice;
 use std::os::unix::io::{AsRawFd, RawFd};
 use std::path::Path;
 
@@ -23,10 +24,7 @@ pub fn setup_console_socket(csocket_path: &str) -> Result<Option<RawFd>> {
         None,
     )?;
 
-    match socket::connect(
-        socket_fd,
-        &socket::SockAddr::Unix(socket::UnixAddr::new(Path::new(csocket_path))?),
-    ) {
+    match socket::connect(socket_fd, &socket::UnixAddr::new(Path::new(csocket_path))?) {
         Ok(()) => Ok(Some(socket_fd)),
         Err(errno) => Err(anyhow!("failed to open console fd: {}", errno)),
     }
@@ -36,11 +34,11 @@ pub fn setup_master_console(socket_fd: RawFd) -> Result<()> {
     let pseudo = pty::openpty(None, None)?;
 
     let pty_name: &[u8] = b"/dev/ptmx";
-    let iov = [uio::IoVec::from_slice(pty_name)];
+    let iov = [IoSlice::new(pty_name)];
     let fds = [pseudo.master];
     let cmsg = socket::ControlMessage::ScmRights(&fds);
 
-    socket::sendmsg(socket_fd, &iov, &[cmsg], socket::MsgFlags::empty(), None)?;
+    socket::sendmsg::<()>(socket_fd, &iov, &[cmsg], socket::MsgFlags::empty(), None)?;
 
     unistd::setsid()?;
     let ret = unsafe { libc::ioctl(pseudo.slave, libc::TIOCSCTTY) };

src/agent/src/mount.rs

@@ -779,16 +779,20 @@ pub async fn add_storages(
             }
         };
 
-        // Todo need to rollback the mounted storage if err met.
-
-        if res.is_err() {
-            error!(
-                logger,
-                "add_storages failed, storage: {:?}, error: {:?} ", storage, res
-            );
-        }
-
-        let mount_point = res?;
+        let mount_point = match res {
+            Err(e) => {
+                error!(
+                    logger,
+                    "add_storages failed, storage: {:?}, error: {:?} ", storage, e
+                );
+                let mut sb = sandbox.lock().await;
+                sb.unset_sandbox_storage(&storage.mount_point)
+                    .map_err(|e| warn!(logger, "fail to unset sandbox storage {:?}", e))
+                    .ok();
+                return Err(e);
+            }
+            Ok(m) => m,
+        };
 
         if !mount_point.is_empty() {
             mount_list.push(mount_point);

src/agent/src/rpc.rs

@@ -390,8 +390,22 @@ impl AgentService {
             if p.init && sig == libc::SIGTERM && !is_signal_handled(&proc_status_file, sig as u32) {
                 sig = libc::SIGKILL;
             }
-            p.signal(sig)?;
-        }
+
+            match p.signal(sig) {
+                Err(Errno::ESRCH) => {
+                    info!(
+                        sl!(),
+                        "signal encounter ESRCH, continue";
+                        "container-id" => cid.clone(),
+                        "exec-id" => eid.clone(),
+                        "pid" => p.pid,
+                        "signal" => sig,
+                    );
+                }
+                Err(err) => return Err(anyhow!(err)),
+                Ok(()) => (),
+            }
+        };
 
         if eid.is_empty() {
             // eid is empty, signal all the remaining processes in the container cgroup