1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
|
From 6357caaf6bcf413b58e587fe3df5c508275713ee Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Thu, 15 Aug 2024 19:21:19 +1400
Subject: [PATCH 120/121] get realpath before ns mountpoint verification
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
.../entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc | 9 +++++++--
.../entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc | 9 +++++++--
2 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
index 77faf48a..3ece885f 100644
--- a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
+++ b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
@@ -424,6 +424,7 @@ cleanup_sandbox:
void PodSandboxManagerService::ClearCniNetwork(const std::shared_ptr<sandbox::Sandbox> sandbox, Errors &error)
{
+ char real_path[PATH_MAX] = { 0 };
std::string networkMode = sandbox->GetNetMode();
if (!namespace_is_cni(networkMode.c_str()) || !sandbox->GetNetworkReady()) {
return;
@@ -435,10 +436,14 @@ void PodSandboxManagerService::ClearCniNetwork(const std::shared_ptr<sandbox::Sa
return;
}
+ if (realpath(sandboxKey.c_str(), real_path) == NULL) {
+ ERROR("Failed to get %s realpath", sandboxKey.c_str());
+ }
+
// If the network namespace is not mounted, the network has been cleaned up
// and there is no need to call the cni plugin.
- if (!util_detect_mounted(sandboxKey.c_str())) {
- WARN("Network namespace %s not exist", sandboxKey.c_str());
+ if (strlen(real_path) != 0 && !util_detect_mounted(real_path)) {
+ ERROR("Network namespace %s not exist", real_path);
return;
}
diff --git a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
index 5590827e..1c343cda 100644
--- a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
+++ b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
@@ -826,6 +826,7 @@ auto PodSandboxManagerService::ClearCniNetwork(const std::string &realSandboxID,
/*error*/) -> int
{
Errors networkErr;
+ char real_path[PATH_MAX] = { 0 };
bool ready = GetNetworkReady(realSandboxID, networkErr);
if (hostNetwork || (!ready && networkErr.Empty())) {
@@ -848,10 +849,14 @@ auto PodSandboxManagerService::ClearCniNetwork(const std::string &realSandboxID,
goto cleanup;
}
+ if (realpath(netnsPath.c_str(), real_path) == NULL) {
+ ERROR("Failed to get %s realpath", netnsPath.c_str());
+ }
+
// If the network namespace is not mounted, the network has been cleaned up
// and there is no need to call the cni plugin.
- if (!util_detect_mounted(netnsPath.c_str())) {
- WARN("Network namespace %s not exist", netnsPath.c_str());
+ if (strlen(real_path) != 0 && !util_detect_mounted(real_path)) {
+ ERROR("Network namespace %s not exist", real_path);
goto cleanup;
}
--
2.25.1
|
