From 8e0daf678093ca8a3c14550f792438db8a1b59dd Mon Sep 17 00:00:00 2001 From: "fupan.lfp" Date: Fri, 16 Jul 2021 11:33:12 +0800 Subject: [PATCH] shimv2: fix the issue of kata-runtime exec failed Commit 32c9ae1388385f10c75d9a76809f1d419e82b020 upgrade the containerd vendor, which used the socket path to replace the abstract socket address for socket listen and dial, and there's an bug in containerd's abstract socket dialing. Thus we should replace our monitor and exec socket server with the socket path to fix this issue. Fixes: #2238 Signed-off-by: fupan.lfp --- src/runtime/containerd-shim-v2/shim_management.go | 2 +- src/runtime/pkg/kata-monitor/pprof.go | 5 +++-- src/runtime/pkg/kata-monitor/shim_client.go | 3 ++- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/src/runtime/containerd-shim-v2/shim_management.go b/src/runtime/containerd-shim-v2/shim_management.go index ab7ebf204..3d7cc4c51 100644 --- a/src/runtime/containerd-shim-v2/shim_management.go +++ b/src/runtime/containerd-shim-v2/shim_management.go @@ -186,5 +186,5 @@ func (s *service) mountPprofHandle(m *http.ServeMux, ociSpec *specs.Spec) { // SocketAddress returns the address of the abstract domain socket for communicating with the // shim management endpoint func SocketAddress(id string) string { - return filepath.Join(string(filepath.Separator), "run", "vc", id, "shim-monitor") + return fmt.Sprintf("unix://%s", filepath.Join(string(filepath.Separator), "run", "vc", id, "shim-monitor")) } diff --git a/src/runtime/pkg/kata-monitor/pprof.go b/src/runtime/pkg/kata-monitor/pprof.go index 86f39c466..4943455ff 100644 --- a/src/runtime/pkg/kata-monitor/pprof.go +++ b/src/runtime/pkg/kata-monitor/pprof.go @@ -7,6 +7,7 @@ package katamonitor import ( "fmt" + cdshim "github.com/containerd/containerd/runtime/v2/shim" "io" "net" "net/http" @@ -37,7 +38,7 @@ func (km *KataMonitor) composeSocketAddress(r *http.Request) (string, error) { func (km *KataMonitor) proxyRequest(w http.ResponseWriter, r *http.Request) { w.Header().Set("X-Content-Type-Options", "nosniff") - socket, err := km.composeSocketAddress(r) + socketAddress, err := km.composeSocketAddress(r) if err != nil { monitorLog.WithError(err).Error("failed to get shim monitor address") serveError(w, http.StatusBadRequest, "sandbox may be stopped or deleted") @@ -47,7 +48,7 @@ func (km *KataMonitor) proxyRequest(w http.ResponseWriter, r *http.Request) { transport := &http.Transport{ DisableKeepAlives: true, Dial: func(proto, addr string) (conn net.Conn, err error) { - return net.Dial("unix", "\x00"+socket) + return cdshim.AnonDialer(socketAddress, defaultTimeout) }, } diff --git a/src/runtime/pkg/kata-monitor/shim_client.go b/src/runtime/pkg/kata-monitor/shim_client.go index ef4dc8a33..31d014e09 100644 --- a/src/runtime/pkg/kata-monitor/shim_client.go +++ b/src/runtime/pkg/kata-monitor/shim_client.go @@ -12,6 +12,7 @@ import ( "net/http" "time" + cdshim "github.com/containerd/containerd/runtime/v2/shim" shim "github.com/kata-containers/kata-containers/src/runtime/containerd-shim-v2" ) @@ -45,7 +46,7 @@ func buildUnixSocketClient(socketAddr string, timeout time.Duration) (*http.Clie transport := &http.Transport{ DisableKeepAlives: true, Dial: func(proto, addr string) (conn net.Conn, err error) { - return net.Dial("unix", "\x00"+socketAddr) + return cdshim.AnonDialer(socketAddr, timeout) }, }