cleanup: always delete netns mount

We should not keep the netns if there was a cleanup problem. Deleting the netns will also delete the virtual links inside and thus make the IPs available again for the next use. context: https://github.com/containers/netavark/issues/302 [NO NEW TESTS NEEDED] This is very hard to trigger reliable and it would need to work with cni and netavark. This mostly happens because of specic bugs but those will be fixed and then this test would fail. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2025-05-17 15:18:43 +08:00 · 2022-09-30 20:27:39 +02:00
parent 0a394876be
commit eb7f54ef6f
1 changed files with 12 additions and 4 deletions
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@ -695,23 +695,31 @@ func (r *Runtime) teardownNetNS(ctr *Container) error {
 		// do not return an error otherwise we would prevent network cleanup
 		logrus.Errorf("failed to free gvproxy machine ports: %v", err)
 	}
-	if err := r.teardownCNI(ctr); err != nil {
-		return err
-	}
+
+	// Do not check the error here, we want to always umount the netns
+	// This will ensure that the container interface will be deleted
+	// even when there is a CNI or netavark bug.
+	prevErr := r.teardownCNI(ctr)

 	// First unmount the namespace
 	if err := netns.UnmountNS(ctr.state.NetNS); err != nil {
+		if prevErr != nil {
+			logrus.Error(prevErr)
+		}
 		return fmt.Errorf("unmounting network namespace for container %s: %w", ctr.ID(), err)
 	}

 	// Now close the open file descriptor
 	if err := ctr.state.NetNS.Close(); err != nil {
+		if prevErr != nil {
+			logrus.Error(prevErr)
+		}
 		return fmt.Errorf("closing network namespace for container %s: %w", ctr.ID(), err)
 	}

 	ctr.state.NetNS = nil

-	return nil
+	return prevErr
 }

 func getContainerNetNS(ctr *Container) (string, *Container, error) {