diff --git a/src/agent/Cargo.lock b/src/agent/Cargo.lock index 98be055b0f..4f6ccd9582 100644 --- a/src/agent/Cargo.lock +++ b/src/agent/Cargo.lock @@ -1507,7 +1507,7 @@ dependencies = [ "lazy_static", "libc", "libseccomp", - "nix 0.23.1", + "nix 0.24.2", "oci", "path-absolutize", "protobuf", diff --git a/src/agent/rustjail/Cargo.toml b/src/agent/rustjail/Cargo.toml index b8cdb90299..324f540e1d 100644 --- a/src/agent/rustjail/Cargo.toml +++ b/src/agent/rustjail/Cargo.toml @@ -12,7 +12,7 @@ serde_derive = "1.0.91" oci = { path = "../../libs/oci" } protocols = { path ="../../libs/protocols" } caps = "0.5.0" -nix = "0.23.0" +nix = "0.24.2" scopeguard = "1.0.0" capctl = "0.2.0" lazy_static = "1.3.0" diff --git a/src/agent/rustjail/src/console.rs b/src/agent/rustjail/src/console.rs index 52e33f3929..3ac351357e 100644 --- a/src/agent/rustjail/src/console.rs +++ b/src/agent/rustjail/src/console.rs @@ -6,8 +6,9 @@ use anyhow::{anyhow, Result}; use nix::errno::Errno; use nix::pty; -use nix::sys::{socket, uio}; +use nix::sys::socket; use nix::unistd::{self, dup2}; +use std::io::IoSlice; use std::os::unix::io::{AsRawFd, RawFd}; use std::path::Path; @@ -23,10 +24,7 @@ pub fn setup_console_socket(csocket_path: &str) -> Result> { None, )?; - match socket::connect( - socket_fd, - &socket::SockAddr::Unix(socket::UnixAddr::new(Path::new(csocket_path))?), - ) { + match socket::connect(socket_fd, &socket::UnixAddr::new(Path::new(csocket_path))?) { Ok(()) => Ok(Some(socket_fd)), Err(errno) => Err(anyhow!("failed to open console fd: {}", errno)), } @@ -36,11 +34,11 @@ pub fn setup_master_console(socket_fd: RawFd) -> Result<()> { let pseudo = pty::openpty(None, None)?; let pty_name: &[u8] = b"/dev/ptmx"; - let iov = [uio::IoVec::from_slice(pty_name)]; + let iov = [IoSlice::new(pty_name)]; let fds = [pseudo.master]; let cmsg = socket::ControlMessage::ScmRights(&fds); - socket::sendmsg(socket_fd, &iov, &[cmsg], socket::MsgFlags::empty(), None)?; + socket::sendmsg::<()>(socket_fd, &iov, &[cmsg], socket::MsgFlags::empty(), None)?; unistd::setsid()?; let ret = unsafe { libc::ioctl(pseudo.slave, libc::TIOCSCTTY) }; diff --git a/src/agent/src/mount.rs b/src/agent/src/mount.rs index 8a43179c13..1db16343ef 100644 --- a/src/agent/src/mount.rs +++ b/src/agent/src/mount.rs @@ -779,16 +779,20 @@ pub async fn add_storages( } }; - // Todo need to rollback the mounted storage if err met. - - if res.is_err() { - error!( - logger, - "add_storages failed, storage: {:?}, error: {:?} ", storage, res - ); - } - - let mount_point = res?; + let mount_point = match res { + Err(e) => { + error!( + logger, + "add_storages failed, storage: {:?}, error: {:?} ", storage, e + ); + let mut sb = sandbox.lock().await; + sb.unset_sandbox_storage(&storage.mount_point) + .map_err(|e| warn!(logger, "fail to unset sandbox storage {:?}", e)) + .ok(); + return Err(e); + } + Ok(m) => m, + }; if !mount_point.is_empty() { mount_list.push(mount_point); diff --git a/src/agent/src/rpc.rs b/src/agent/src/rpc.rs index be6f8a8f3b..bf6420e9b7 100644 --- a/src/agent/src/rpc.rs +++ b/src/agent/src/rpc.rs @@ -390,8 +390,22 @@ impl AgentService { if p.init && sig == libc::SIGTERM && !is_signal_handled(&proc_status_file, sig as u32) { sig = libc::SIGKILL; } - p.signal(sig)?; - } + + match p.signal(sig) { + Err(Errno::ESRCH) => { + info!( + sl!(), + "signal encounter ESRCH, continue"; + "container-id" => cid.clone(), + "exec-id" => eid.clone(), + "pid" => p.pid, + "signal" => sig, + ); + } + Err(err) => return Err(anyhow!(err)), + Ok(()) => (), + } + }; if eid.is_empty() { // eid is empty, signal all the remaining processes in the container cgroup