From a5ae485fa6b786ad7db63973d15f0fe12290d8e7 Mon Sep 17 00:00:00 2001 From: Gabriel Somlo Date: Mon, 9 Oct 2017 16:18:46 -0400 Subject: [PATCH 1/2] SimpleLxcNode: Don't umount directories before killing vnoded A node's private mounts are currently removed before killing vnoded, which makes them unavailable during container service shutdown. Any such service accessing the filesystem for atexit() cleanup (e.g., rsyslogd), will do so on the host filesystem instead, very likely causing unintended damage. For example, the default behavior of rsyslogd is to remove its listening socket (/dev/log, or /run/systemd/journal/dev-log) at shutdown from its atexit() handler. If the node's private '/dev' or '/run/systemd/journal' mount has already been removed, the host-side /dev/log or /run/systemd/journal/dev-log sockets will be removed instead! Since non-persistent (mount) namespaces are automatically destroyed by the kernel when the last process referencing them is killed, we should simply rely on that behavior instead of explicitly (and prematurely) unmounting a node's private directories during shutdown. Signed-off-by: Gabriel Somlo --- daemon/core/netns/vnode.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/daemon/core/netns/vnode.py b/daemon/core/netns/vnode.py index 3f50d028..e7819a83 100644 --- a/daemon/core/netns/vnode.py +++ b/daemon/core/netns/vnode.py @@ -120,7 +120,8 @@ class SimpleLxcNode(PyCoreNode): # unmount all targets while self._mounts: source, target = self._mounts.pop(-1) - self.umount(target) + # Mount namespaces automatically removed when last process exits! + #self.umount(target) # shutdown all interfaces for netif in self.netifs(): From 6d3d17f470be5a361ce14f9aab92920e9f057b09 Mon Sep 17 00:00:00 2001 From: Gabriel Somlo Date: Wed, 11 Oct 2017 14:54:27 -0400 Subject: [PATCH 2/2] SimpleLxcNode: Remove unused umount method The umount method was used to remove private mount points before tearing down a node. Since non-persistend mount namespaces are automatically cleaned up by he kernel, this method is now unused. Signed-off-by: Gabriel Somlo --- daemon/core/netns/vnode.py | 21 +++------------------ 1 file changed, 3 insertions(+), 18 deletions(-) diff --git a/daemon/core/netns/vnode.py b/daemon/core/netns/vnode.py index e7819a83..a50ebb07 100644 --- a/daemon/core/netns/vnode.py +++ b/daemon/core/netns/vnode.py @@ -117,11 +117,9 @@ class SimpleLxcNode(PyCoreNode): if not self.up: return - # unmount all targets - while self._mounts: - source, target = self._mounts.pop(-1) - # Mount namespaces automatically removed when last process exits! - #self.umount(target) + # unmount all targets (NOTE: non-persistent mount namespaces are + # removed by the kernel when last referencing process is killed) + self._mounts = [] # shutdown all interfaces for netif in self.netifs(): @@ -251,19 +249,6 @@ class SimpleLxcNode(PyCoreNode): except IOError: logger.exception("mounting failed for %s at %s", source, target) - def umount(self, target): - """ - Unmount a target directory. - - :param str target: target directory to unmount - :return: nothing - """ - logger.info("unmounting: %s", target) - try: - self.cmd([constants.UMOUNT_BIN, "-n", "-l", target]) - except IOError: - logger.exception("unmounting failed for %s" % target) - def newifindex(self): """ Retrieve a new interface index.