From db2cac34d8b743c18ff391d33a68ca6dca8ce031 Mon Sep 17 00:00:00 2001
From: Alexandru Matei <alexandru.matei@uipath.com>
Date: Thu, 6 Apr 2023 14:00:27 +0300
Subject: [PATCH] runtime: Don't create socket file in /run/kata

The socket file for shim management is created in /run/kata
and it isn't deleted after the container is stopped. After
running and stopping thousands of containers /run folder
will run out of space.

Fixes #6622
Signed-off-by: Alexandru Matei <alexandru.matei@uipath.com>
Co-authored-by: Greg Kurz <groug@kaod.org>
---
 .../pkg/containerd-shim-v2/shim_management.go | 34 ++++++++++++++++---
 src/runtime/pkg/kata-monitor/pprof.go         |  2 +-
 .../shimclient/shim_management_client.go      |  2 +-
 3 files changed, 31 insertions(+), 7 deletions(-)

diff --git a/src/runtime/pkg/containerd-shim-v2/shim_management.go b/src/runtime/pkg/containerd-shim-v2/shim_management.go
index f9c31b8b27..0c6d5c6e2c 100644
--- a/src/runtime/pkg/containerd-shim-v2/shim_management.go
+++ b/src/runtime/pkg/containerd-shim-v2/shim_management.go
@@ -243,7 +243,7 @@ func (s *service) genericIPTablesHandler(w http.ResponseWriter, r *http.Request,
 
 func (s *service) startManagementServer(ctx context.Context, ociSpec *specs.Spec) {
 	// metrics socket will under sandbox's bundle path
-	metricsAddress := SocketAddress(s.id)
+	metricsAddress := ServerSocketAddress(s.id)
 
 	listener, err := cdshim.NewSocket(metricsAddress)
 	if err != nil {
@@ -312,14 +312,38 @@ func GetSandboxesStoragePathRust() string {
 	return "/run/kata"
 }
 
-// SocketAddress returns the address of the unix domain socket for communicating with the
+// SocketPath returns the path of the socket using the given storagePath
+func SocketPath(id string, storagePath string) string {
+	return filepath.Join(string(filepath.Separator), storagePath, id, "shim-monitor.sock")
+}
+
+// SocketPathGo returns the path of the socket to be used with the go runtime
+func SocketPathGo(id string) string {
+	return SocketPath(id, GetSandboxesStoragePath())
+}
+
+// SocketPathRust returns the path of the socket to be used with the rust runtime
+func SocketPathRust(id string) string {
+	return SocketPath(id, GetSandboxesStoragePathRust())
+}
+
+// ServerSocketAddress returns the address of the unix domain socket the shim management endpoint
+// should listen.
+// NOTE: this code is only called by the go shim management implementation.
+func ServerSocketAddress(id string) string {
+	return fmt.Sprintf("unix://%s", SocketPathGo(id))
+}
+
+// ClientSocketAddress returns the address of the unix domain socket for communicating with the
 // shim management endpoint
-func SocketAddress(id string) string {
+// NOTE: this code allows various go clients, e.g. kata-runtime or kata-monitor commands, to
+// connect to the rust shim management implementation.
+func ClientSocketAddress(id string) string {
 	// get the go runtime uds path
-	socketPath := filepath.Join(string(filepath.Separator), GetSandboxesStoragePath(), id, "shim-monitor.sock")
+	socketPath := SocketPathGo(id)
 	// if the path not exist, use the rust runtime uds path instead
 	if _, err := os.Stat(socketPath); err != nil {
-		return fmt.Sprintf("unix://%s", filepath.Join(string(filepath.Separator), GetSandboxesStoragePathRust(), id, "shim-monitor.sock"))
+		socketPath = SocketPathRust(id)
 	}
 	return fmt.Sprintf("unix://%s", socketPath)
 }
diff --git a/src/runtime/pkg/kata-monitor/pprof.go b/src/runtime/pkg/kata-monitor/pprof.go
index 0d768e428d..afaae85567 100644
--- a/src/runtime/pkg/kata-monitor/pprof.go
+++ b/src/runtime/pkg/kata-monitor/pprof.go
@@ -32,7 +32,7 @@ func (km *KataMonitor) composeSocketAddress(r *http.Request) (string, error) {
 		return "", err
 	}
 
-	return shim.SocketAddress(sandbox), nil
+	return shim.ClientSocketAddress(sandbox), nil
 }
 
 func (km *KataMonitor) proxyRequest(w http.ResponseWriter, r *http.Request,
diff --git a/src/runtime/pkg/utils/shimclient/shim_management_client.go b/src/runtime/pkg/utils/shimclient/shim_management_client.go
index 1b9635c179..28ef3708de 100644
--- a/src/runtime/pkg/utils/shimclient/shim_management_client.go
+++ b/src/runtime/pkg/utils/shimclient/shim_management_client.go
@@ -19,7 +19,7 @@ import (
 
 // BuildShimClient builds and returns an http client for communicating with the provided sandbox
 func BuildShimClient(sandboxID string, timeout time.Duration) (*http.Client, error) {
-	return buildUnixSocketClient(shim.SocketAddress(sandboxID), timeout)
+	return buildUnixSocketClient(shim.ClientSocketAddress(sandboxID), timeout)
 }
 
 // buildUnixSocketClient build http client for Unix socket