libpod: destroy pod cgroup on pod stop

When the pod is stopped, we need to destroy the pod cgroup, otherwise it is leaked. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2025-10-18 03:33:32 +08:00 · 2023-09-06 13:28:30 +02:00
parent 9a347619d8
commit 627ac1c96b
2 changed files with 23 additions and 0 deletions
--- a/libpod/runtime_pod_common.go
+++ b/libpod/runtime_pod_common.go
@ -7,6 +7,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"path"
 	"path/filepath"

 	"github.com/containers/common/pkg/cgroups"
@ -14,6 +15,7 @@ import (
 	"github.com/containers/podman/v4/libpod/define"
 	"github.com/containers/podman/v4/libpod/events"
 	"github.com/containers/podman/v4/pkg/specgen"
+	"github.com/containers/podman/v4/utils"
 	"github.com/hashicorp/go-multierror"
 	"github.com/sirupsen/logrus"
 )
@ -199,6 +201,20 @@ func (p *Pod) removePodCgroup() error {
 	}
 	logrus.Debugf("Removing pod cgroup %s", p.state.CgroupPath)

+	cgroup, err := utils.GetOwnCgroup()
+	if err != nil {
+		return err
+	}
+
+	// if we are trying to delete a cgroup that is our ancestor, we need to move the
+	// current process out of it before the cgroup is destroyed.
+	if isSubDir(cgroup, string(filepath.Separator)+p.state.CgroupPath) {
+		parent := path.Dir(p.state.CgroupPath)
+		if err := utils.MoveUnderCgroup(parent, "cleanup", nil); err != nil {
+			return err
+		}
+	}
+
 	switch p.runtime.config.Engine.CgroupManager {
 	case config.SystemdCgroupsManager:
 		if err := deleteSystemdCgroup(p.state.CgroupPath, p.ResourceLim()); err != nil {