kube: notifyproxy: close once

Do not close a notifyproxy more than once. Also polish the backend a bit to reflect ealier changes from commit 4fa307f. Fixes: #19715 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
2025-06-20 09:03:43 +08:00 · 2023-08-23 16:44:43 +02:00
parent 4d5bef98f5
commit a5f6a4a3bf
3 changed files with 11 additions and 14 deletions
--- a/pkg/domain/infra/abi/play.go
+++ b/pkg/domain/infra/abi/play.go
@ -802,7 +802,8 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY
 		initContainers = append(initContainers, ctr)
 	}

-	var sdNotifyProxies []*notifyproxy.NotifyProxy // containers' sd-notify proxies
+	// Callers are expected to close the proxies
+	var sdNotifyProxies []*notifyproxy.NotifyProxy

 	for _, container := range podYAML.Spec.Containers {
 		// Error out if the same name is used for more than one container
@ -915,11 +916,6 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY
 		errors := make([]error, len(sdNotifyProxies))
 		for i := range sdNotifyProxies {
 			wg.Add(1)
-			defer func() {
-				if err := sdNotifyProxies[i].Close(); err != nil {
-					logrus.Errorf("Closing sdnotify proxy %q: %v", sdNotifyProxies[i].SocketPath(), err)
-				}
-			}()
 			go func(i int) {
 				err := sdNotifyProxies[i].Wait()
 				if err != nil {
--- a/pkg/systemd/notifyproxy/notifyproxy.go
+++ b/pkg/systemd/notifyproxy/notifyproxy.go
@ -103,18 +103,16 @@ func New(tmpDir string) (*NotifyProxy, error) {
 	// Start waiting for the READY message in the background.  This way,
 	// the proxy can be created prior to starting the container and
 	// circumvents a race condition on writing/reading on the socket.
-	proxy.waitForReady()
+	proxy.listen()

 	return proxy, nil
 }

-// waitForReady waits for the READY message in the background. The goroutine
-// returns on receiving READY or when the socket is closed.
-func (p *NotifyProxy) waitForReady() {
+// listen waits for the READY message in the background, and process file
+// descriptors and barriers send over the NOTIFY_SOCKET. The goroutine returns
+// when the socket is closed.
+func (p *NotifyProxy) listen() {
 	go func() {
-		// Read until the `READY` message is received or the connection
-		// is closed.
-
 		// See https://github.com/containers/podman/issues/16515 for a description of the protocol.
 		fdSize := unix.CmsgSpace(4)
 		buffer := make([]byte, _notifyBufferMax)
@ -128,6 +126,7 @@ func (p *NotifyProxy) waitForReady() {
 					return
 				}
 				logrus.Errorf("Error reading unix message on socket %q: %v", p.socketPath, err)
+				continue
 			}

 			if n > _notifyBufferMax || oobn > _notifyFdMax*fdSize {
@ -207,7 +206,7 @@ type Container interface {
 	ID() string
 }

-// WaitAndClose waits until receiving the `READY` notify message. Note that the
+// Wait waits until receiving the `READY` notify message. Note that the
 // this function must only be executed inside a systemd service which will kill
 // the process after a given timeout. If the (optional) container stopped
 // running before the `READY` is received, the waiting gets canceled and
--- a/test/system/260-sdnotify.bats
+++ b/test/system/260-sdnotify.bats
@ -489,6 +489,8 @@ none | false | false | 0
                 podman_exit=0
            fi
            run_podman $podman_exit kube play --service-exit-code-propagation="$exit_code_prop" --service-container $fname
+            # Make sure that there are no error logs (e.g., #19715)
+            assert "$output" !~ "error msg="
            run_podman container inspect --format '{{.KubeExitCodePropagation}}' $service_container
            is "$output" "$exit_code_prop" "service container has the expected policy set in its annotations"
            run_podman wait $service_container