From 094bc673ef0ccfe535564a153ce1997592bb8754 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Thu, 20 Jun 2024 11:37:19 +0200
Subject: [PATCH] libpod: unlock the thread if possible

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 libpod/oci_conmon_linux.go | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go
index e624894000..91090bba2f 100644
--- a/libpod/oci_conmon_linux.go
+++ b/libpod/oci_conmon_linux.go
@@ -45,8 +45,13 @@ func (r *ConmonOCIRuntime) createRootlessContainer(ctr *Container, restoreOption
 				return 0, err
 			}
 			defer func() {
-				if err := unix.Setns(int(fd.Fd()), unix.CLONE_NEWNS); err != nil {
-					logrus.Errorf("Unable to clone new namespace: %q", err)
+				err := unix.Setns(int(fd.Fd()), unix.CLONE_NEWNS)
+				if err == nil {
+					// If we are able to reset the previous mount namespace, unlock the thread and reuse it
+					runtime.UnlockOSThread()
+				} else {
+					// otherwise, leave the thread locked and the Go runtime will terminate it
+					logrus.Errorf("Unable to reset the previous mount namespace: %q", err)
 				}
 			}()