From 6357caaf6bcf413b58e587fe3df5c508275713ee Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Thu, 15 Aug 2024 19:21:19 +1400
Subject: [PATCH 120/121] get realpath before ns mountpoint verification

Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
 .../entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc   | 9 +++++++--
 .../entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc | 9 +++++++--
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
index 77faf48a..3ece885f 100644
--- a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
+++ b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
@@ -424,6 +424,7 @@ cleanup_sandbox:
 
 void PodSandboxManagerService::ClearCniNetwork(const std::shared_ptr<sandbox::Sandbox> sandbox, Errors &error)
 {
+    char real_path[PATH_MAX] = { 0 };
     std::string networkMode = sandbox->GetNetMode();
     if (!namespace_is_cni(networkMode.c_str()) || !sandbox->GetNetworkReady()) {
         return;
@@ -435,10 +436,14 @@ void PodSandboxManagerService::ClearCniNetwork(const std::shared_ptr<sandbox::Sa
         return;
     }
 
+    if (realpath(sandboxKey.c_str(), real_path) == NULL) {
+        ERROR("Failed to get %s realpath", sandboxKey.c_str());
+    }
+
     // If the network namespace is not mounted, the network has been cleaned up
     // and there is no need to call the cni plugin.
-    if (!util_detect_mounted(sandboxKey.c_str())) {
-        WARN("Network namespace %s not exist", sandboxKey.c_str());
+    if (strlen(real_path) != 0 && !util_detect_mounted(real_path)) {
+        ERROR("Network namespace %s not exist", real_path);
         return;
     }
 
diff --git a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
index 5590827e..1c343cda 100644
--- a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
+++ b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
@@ -826,6 +826,7 @@ auto PodSandboxManagerService::ClearCniNetwork(const std::string &realSandboxID,
                                                /*error*/) -> int
 {
     Errors networkErr;
+    char real_path[PATH_MAX] = { 0 };
 
     bool ready = GetNetworkReady(realSandboxID, networkErr);
     if (hostNetwork || (!ready && networkErr.Empty())) {
@@ -848,10 +849,14 @@ auto PodSandboxManagerService::ClearCniNetwork(const std::string &realSandboxID,
         goto cleanup;
     }
 
+    if (realpath(netnsPath.c_str(), real_path) == NULL) {
+        ERROR("Failed to get %s realpath", netnsPath.c_str());
+    }
+
     // If the network namespace is not mounted, the network has been cleaned up
     // and there is no need to call the cni plugin.
-    if (!util_detect_mounted(netnsPath.c_str())) {
-        WARN("Network namespace %s not exist", netnsPath.c_str());
+    if (strlen(real_path) != 0 && !util_detect_mounted(real_path)) {
+        ERROR("Network namespace %s not exist", real_path);
         goto cleanup;
     }
 
-- 
2.25.1