libpod: first delete container then cidfile

I am seeing a weird flake in my parallel system test PR. The issue is that system units generated by podman systemd generate leave a container in the Removing state behind. As far as I can tell the porblems seems to be that the cleanup process is killed while it tries to remove the container from the db. Because the cidfile was removed before the ExecStopPost=podman rm ... process no longer had access to the cidfile and reported no error because it runs with --ignore. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2025-08-06 11:32:07 +08:00 · 2024-07-04 15:21:24 +02:00
parent 46840fa854
commit 62956ac192
1 changed files with 7 additions and 6 deletions
--- a/libpod/runtime_ctr.go
+++ b/libpod/runtime_ctr.go
@ -991,12 +991,6 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, opts ctrRmO
 		reportErrorf("cleaning up storage: %w", err)
 	}

-	// Remove the container's CID file on container removal.
-	if cidFile, ok := c.config.Spec.Annotations[define.InspectAnnotationCIDFile]; ok {
-		if err := os.Remove(cidFile); err != nil && !errors.Is(err, os.ErrNotExist) {
-			reportErrorf("cleaning up CID file: %w", err)
-		}
-	}
 	// Remove the container from the state
 	if c.config.Pod != "" {
 		// If we're removing the pod, the container will be evicted
@ -1011,6 +1005,13 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, opts ctrRmO
 	}
 	removedCtrs[c.ID()] = nil

+	// Remove the container's CID file on container removal.
+	if cidFile, ok := c.config.Spec.Annotations[define.InspectAnnotationCIDFile]; ok {
+		if err := os.Remove(cidFile); err != nil && !errors.Is(err, os.ErrNotExist) {
+			reportErrorf("cleaning up CID file: %w", err)
+		}
+	}
+
 	// Deallocate the container's lock
 	if err := c.lock.Free(); err != nil && !errors.Is(err, fs.ErrNotExist) {
 		reportErrorf("freeing lock for container %s: %w", c.ID(), err)