remote: exec: do not leak session IDs on errors

commit fa19e1baa27024f8e0078e27254a8cfb6586f9f4 partially introduced the fix, but was merged too quickly and didn't work with remote. Introduce a new binding to allow removing a session from the remote client. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2025-10-18 19:53:58 +08:00 · 2023-10-18 20:59:47 +02:00
parent 68636416d7
commit f48a706abc
7 changed files with 158 additions and 2 deletions
--- a/pkg/api/handlers/compat/exec.go
+++ b/pkg/api/handlers/compat/exec.go
@ -209,3 +209,30 @@ func ExecStartHandler(w http.ResponseWriter, r *http.Request) {
 	}
 	logrus.Debugf("Attach for container %s exec session %s completed successfully", sessionCtr.ID(), sessionID)
 }
+
+// ExecRemoveHandler removes a exec session.
+func ExecRemoveHandler(w http.ResponseWriter, r *http.Request) {
+	runtime := r.Context().Value(api.RuntimeKey).(*libpod.Runtime)
+
+	sessionID := mux.Vars(r)["id"]
+
+	bodyParams := new(handlers.ExecRemoveConfig)
+
+	if err := json.NewDecoder(r.Body).Decode(&bodyParams); err != nil {
+		utils.Error(w, http.StatusBadRequest, fmt.Errorf("failed to decode parameters for %s: %w", r.URL.String(), err))
+		return
+	}
+
+	sessionCtr, err := runtime.GetExecSessionContainer(sessionID)
+	if err != nil {
+		utils.Error(w, http.StatusNotFound, err)
+		return
+	}
+
+	logrus.Debugf("Removing exec session %s of container %s", sessionID, sessionCtr.ID())
+	if err := sessionCtr.ExecRemove(sessionID, bodyParams.Force); err != nil {
+		utils.InternalServerError(w, err)
+		return
+	}
+	logrus.Debugf("Removing exec session %s for container %s completed successfully", sessionID, sessionCtr.ID())
+}
--- a/pkg/api/handlers/types.go
+++ b/pkg/api/handlers/types.go
@ -161,3 +161,7 @@ type ExecStartConfig struct {
 	Height uint16 `json:"h"`
 	Width  uint16 `json:"w"`
 }
+
+type ExecRemoveConfig struct {
+	Force bool `json:"Force"`
+}
--- a/pkg/api/server/register_exec.go
+++ b/pkg/api/server/register_exec.go
@ -346,5 +346,39 @@ func (s *APIServer) registerExecHandlers(r *mux.Router) error {
 	//   500:
 	//     $ref: "#/responses/internalError"
 	r.Handle(VersionedPath("/libpod/exec/{id}/json"), s.APIHandler(compat.ExecInspectHandler)).Methods(http.MethodGet)
+	// ................. .... ........................ ...... ExecRemoveLibpod
+	// ---
+	// tags:
+	//   - exec
+	// summary: Remove an exec instance
+	// description: |
+	//   Remove a previously set up exec instance. If force is true, the exec session is killed if it is still running.
+	// parameters:
+	//  - in: path
+	//    name: id
+	//    type: string
+	//    required: true
+	//    description: Exec instance ID
+	//  - in: body
+	//    name: control
+	//    description: Attributes for removal
+	//    schema:
+	//      type: object
+	//      properties:
+	//        Force:
+	//          type: boolean
+	//          description: Force removal of the session.
+	// produces:
+	// - application/json
+	// responses:
+	//   200:
+	//     description: no error
+	//   404:
+	//     $ref: "#/responses/execSessionNotFound"
+	//   409:
+	//	   description: container is not running.
+	//   500:
+	//     $ref: "#/responses/internalError"
+	r.Handle(VersionedPath("/libpod/exec/{id}/remove"), s.APIHandler(compat.ExecRemoveHandler)).Methods(http.MethodPost)
 	return nil
 }