Reap exec sessions on cleanup and removal

We currently rely on exec sessions being removed from the state by the Exec() API itself, on detecting the session stopping. This is not a reliable method, though. The Podman frontend for exec could be killed before the session ended, or another Podman process could be holding the lock and prevent update (most notable in `run --rm`, when a container with an active exec session is stopped). To resolve this, add a function to reap active exec sessions from the state, and use it on cleanup (to clear sessions after the container stops) and remove (to do the same when --rm is passed). This is a bit more complicated than it ought to be because Kata and company exist, and we can't guarantee the exec session has a PID on the host, so we have to plumb this through to the OCI runtime. Fixes #4666 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2025-05-21 00:56:36 +08:00 · 2019-12-12 16:19:36 -05:00
parent c2dab75f0e
commit bd44fd5c81
5 changed files with 76 additions and 4 deletions
--- a/libpod/container_api.go
+++ b/libpod/container_api.go
@ -594,7 +594,12 @@ func (c *Container) Cleanup(ctx context.Context) error {

 	// If we didn't restart, we perform a normal cleanup

-	// Check if we have active exec sessions
+	// Reap exec sessions first.
+	if err := c.reapExecSessions(); err != nil {
+		return err
+	}
+
+	// Check if we have active exec sessions after reaping.
 	if len(c.state.ExecSessions) != 0 {
 		return errors.Wrapf(define.ErrCtrStateInvalid, "container %s has active exec sessions, refusing to clean up", c.ID())
 	}