remote: exec: do not leak session IDs on errors

commit fa19e1baa2 partially introduced the fix, but was merged too quickly and didn't work with remote. Introduce a new binding to allow removing a session from the remote client. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2025-11-30 10:07:33 +08:00 · 2023-10-18 20:59:47 +02:00
parent 68636416d7
commit f48a706abc
7 changed files with 158 additions and 2 deletions
--- a/pkg/api/handlers/compat/exec.go
+++ b/pkg/api/handlers/compat/exec.go
@@ -209,3 +209,30 @@ func ExecStartHandler(w http.ResponseWriter, r *http.Request) {
 	}
 	logrus.Debugf("Attach for container %s exec session %s completed successfully", sessionCtr.ID(), sessionID)
 }
+
+// ExecRemoveHandler removes a exec session.
+func ExecRemoveHandler(w http.ResponseWriter, r *http.Request) {
+	runtime := r.Context().Value(api.RuntimeKey).(*libpod.Runtime)
+
+	sessionID := mux.Vars(r)["id"]
+
+	bodyParams := new(handlers.ExecRemoveConfig)
+
+	if err := json.NewDecoder(r.Body).Decode(&bodyParams); err != nil {
+		utils.Error(w, http.StatusBadRequest, fmt.Errorf("failed to decode parameters for %s: %w", r.URL.String(), err))
+		return
+	}
+
+	sessionCtr, err := runtime.GetExecSessionContainer(sessionID)
+	if err != nil {
+		utils.Error(w, http.StatusNotFound, err)
+		return
+	}
+
+	logrus.Debugf("Removing exec session %s of container %s", sessionID, sessionCtr.ID())
+	if err := sessionCtr.ExecRemove(sessionID, bodyParams.Force); err != nil {
+		utils.InternalServerError(w, err)
+		return
+	}
+	logrus.Debugf("Removing exec session %s for container %s completed successfully", sessionID, sessionCtr.ID())
+}