Merge pull request #3554 from giuseppe/fix-cgroupfs-cleanup

cgroups: fix a leak when using cgroupfs
2025-06-26 12:56:45 +08:00 · 2019-07-11 21:23:29 +02:00
parent 6db2745406 7b75796a60
commit e065612701
7 changed files with 62 additions and 9 deletions
--- a/pkg/cgroups/blkio.go
+++ b/pkg/cgroups/blkio.go
@ -37,7 +37,7 @@ func (c *blkioHandler) Create(ctr *CgroupControl) (bool, error) {
 // Destroy the cgroup
 func (c *blkioHandler) Destroy(ctr *CgroupControl) error {
-	return os.Remove(ctr.getCgroupv1Path(Blkio))
+	return rmDirRecursively(ctr.getCgroupv1Path(Blkio))
 }
 // Stat fills a metrics structure with usage stats for the controller
--- a/pkg/cgroups/cgroups.go
+++ b/pkg/cgroups/cgroups.go
@ -327,6 +327,13 @@ func Load(path string) (*CgroupControl, error) {
 		path:    path,
 		systemd: false,
 	}
 	if !cgroup2 {
 		controllers, err := getAvailableControllers(handlers, false)
 		if err != nil {
 			return nil, err
 		}
 		control.additionalControllers = controllers
 	}
 	if !cgroup2 {
 		for name := range handlers {
 			p := control.getCgroupv1Path(name)
@ -355,11 +362,40 @@ func (c *CgroupControl) Delete() error {
 	return c.DeleteByPath(c.path)
 }
 // rmDirRecursively delete recursively a cgroup directory.
 // It differs from os.RemoveAll as it doesn't attempt to unlink files.
 // On cgroupfs we are allowed only to rmdir empty directories.
 func rmDirRecursively(path string) error {
 	if err := os.Remove(path); err == nil || os.IsNotExist(err) {
 		return nil
 	}
 	entries, err := ioutil.ReadDir(path)
 	if err != nil {
 		return errors.Wrapf(err, "read %s", path)
 	}
 	for _, i := range entries {
 		if i.IsDir() {
 			if err := rmDirRecursively(filepath.Join(path, i.Name())); err != nil {
 				return err
 			}
 		}
 	}
 	if os.Remove(path); err != nil {
 		if !os.IsNotExist(err) {
 			return errors.Wrapf(err, "remove %s", path)
 		}
 	}
 	return nil
 }
 // DeleteByPath deletes the specified cgroup path
 func (c *CgroupControl) DeleteByPath(path string) error {
 	if c.systemd {
 		return systemdDestroy(path)
 	}
 	if c.cgroup2 {
 		return rmDirRecursively(filepath.Join(cgroupRoot, c.path))
 	}
 	var lastError error
 	for _, h := range handlers {
 		if err := h.Destroy(c); err != nil {
@ -368,8 +404,11 @@ func (c *CgroupControl) DeleteByPath(path string) error {
 	}
 	for _, ctr := range c.additionalControllers {
 		if ctr.symlink {
 			continue
 		}
 		p := c.getCgroupv1Path(ctr.name)
-		if err := os.Remove(p); err != nil {
+		if err := rmDirRecursively(p); err != nil {
 			lastError = errors.Wrapf(err, "remove %s", p)
 		}
 	}
--- a/pkg/cgroups/cpu.go
+++ b/pkg/cgroups/cpu.go
@ -68,7 +68,7 @@ func (c *cpuHandler) Create(ctr *CgroupControl) (bool, error) {
 // Destroy the cgroup
 func (c *cpuHandler) Destroy(ctr *CgroupControl) error {
-	return os.Remove(ctr.getCgroupv1Path(CPU))
+	return rmDirRecursively(ctr.getCgroupv1Path(CPU))
 }
 // Stat fills a metrics structure with usage stats for the controller
--- a/pkg/cgroups/cpuset.go
+++ b/pkg/cgroups/cpuset.go
@ -3,7 +3,6 @@ package cgroups
 import (
 	"fmt"
 	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strings"
@ -77,7 +76,7 @@ func (c *cpusetHandler) Create(ctr *CgroupControl) (bool, error) {
 // Destroy the cgroup
 func (c *cpusetHandler) Destroy(ctr *CgroupControl) error {
-	return os.Remove(ctr.getCgroupv1Path(CPUset))
+	return rmDirRecursively(ctr.getCgroupv1Path(CPUset))
 }
 // Stat fills a metrics structure with usage stats for the controller
--- a/pkg/cgroups/memory.go
+++ b/pkg/cgroups/memory.go
@ -2,7 +2,6 @@ package cgroups
 import (
 	"fmt"
 	"os"
 	"path/filepath"
 	spec "github.com/opencontainers/runtime-spec/specs-go"
@ -33,7 +32,7 @@ func (c *memHandler) Create(ctr *CgroupControl) (bool, error) {
 // Destroy the cgroup
 func (c *memHandler) Destroy(ctr *CgroupControl) error {
-	return os.Remove(ctr.getCgroupv1Path(Memory))
+	return rmDirRecursively(ctr.getCgroupv1Path(Memory))
 }
 // Stat fills a metrics structure with usage stats for the controller
--- a/pkg/cgroups/pids.go
+++ b/pkg/cgroups/pids.go
@ -3,7 +3,6 @@ package cgroups
 import (
 	"fmt"
 	"io/ioutil"
 	"os"
 	"path/filepath"
 	spec "github.com/opencontainers/runtime-spec/specs-go"
@ -40,7 +39,7 @@ func (c *pidHandler) Create(ctr *CgroupControl) (bool, error) {
 // Destroy the cgroup
 func (c *pidHandler) Destroy(ctr *CgroupControl) error {
-	return os.Remove(ctr.getCgroupv1Path(Pids))
+	return rmDirRecursively(ctr.getCgroupv1Path(Pids))
 }
 // Stat fills a metrics structure with usage stats for the controller
--- a/test/e2e/pod_rm_test.go
+++ b/test/e2e/pod_rm_test.go
@ -3,6 +3,8 @@ package integration
 import (
 	"fmt"
 	"os"
 	"path/filepath"
 	"strings"
 	. "github.com/containers/libpod/test/utils"
 	. "github.com/onsi/ginkgo"
@ -40,6 +42,21 @@ var _ = Describe("Podman pod rm", func() {
 		result := podmanTest.Podman([]string{"pod", "rm", podid})
 		result.WaitWithDefaultTimeout()
 		Expect(result.ExitCode()).To(Equal(0))
 		// Also check that we don't leak cgroups
 		err := filepath.Walk("/sys/fs/cgroup", func(path string, info os.FileInfo, err error) error {
 			if err != nil {
 				return err
 			}
 			if !info.IsDir() {
 				Expect(err).To(BeNil())
 			}
 			if strings.Contains(info.Name(), podid) {
 				return fmt.Errorf("leaking cgroup path %s", path)
 			}
 			return nil
 		})
 		Expect(err).To(BeNil())
 	})
 	It("podman pod rm latest pod", func() {