Zombie slirp4netns processes left on the system when using podman API service
#9777
Comments
henryhchchc
changed the title
slirp4netns processed left on the system when using podman API serviceslirp4netns processes left on the system when using podman API service
openshift-ci-robot
added
the
kind/bug
|
btw, the podman 3.0.0-rc2 mentioned is directly from CentOS Stream repos, not Kubic. @vrothberg @mheon @jnovy do you know what's the status of update on that one? |
No idea why Stream hasn't seen v3.0.1. |
|
@Luap99 do you know what's going on with the slirp processes? |
|
This looks pretty clear to me. The slirp process is terminated with a pipe file descriptor. One end is send to conmon the other to the slirp process. Once conmon exists slirp will exit as well. However the parent process (podman service) is still alive and thus linux is expecting it to read the process status with wait. I am not sure what a good solution is, maybe fork exec the slirp process? @giuseppe @AkihiroSuda WDYT? |
|
We could consider having |
|
(Well, everything that would cause this problem, I mean...) |
|
A friendly reminder that this issue had no activity for 30 days. |
|
I agree this needs to be fixed ASAP. @Luap99 any chance you can look at this? |
|
A friendly reminder that this issue had no activity for 30 days. |
|
@Luap99 were you ever able to look at this? |
|
@mheon do you have time to look at this? |
|
I will try and find some time this sprint |
|
I tried to use something like |
|
A friendly reminder that this issue had no activity for 30 days. |
|
@Luap99 @mheon @AkihiroSuda @giuseppe @vrothberg We still have this issue, Ideas on a solution? |
|
I take this. |
Add a new service reaper package. Podman currently does not reap all child processes. The slirp4netns and rootlesskit processes are not reaped. The is not a problem for local podman since the podman process dies before the other processes and then init will reap them for us. However with podman system service it is possible that the podman process is still alive after slirp died. In this case podman has to reap it or the slirp process will be a zombie until the service is stopped. The service reaper will listen in an extra goroutine on SIGCHLD. Once it receives this signal it will try to reap all pids that were added with `AddPID()`. While I would like to just reap all children this is not possible because many parts of the code use `os/exec` with `cmd.Wait()`. If we reap before `cmd.Wait()` things can break, so reaping everything is not an option. [NO TESTS NEEDED] Fixes containers#9777 Signed-off-by: Paul Holzinger <[email protected]>
github-actions
bot
added
the
locked - please file new issue/PR
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind bug
Description
podman REST API service will left zombie
slirp4netnsprocesses until it is stopped.I think the reason is that at Line 468 of libpod/networking_linux.go, the slirp4netns process is started but never waited by podman.
Steps to reproduce the issue:
Run
podman system service -t 0to start the API service and keep it runningStart and stop N containers via the podman REST API
Describe the results you received:
There will be N zombie
slirp4netnsprocesses left on the system until the API service is stopped.Describe the results you expected:
There is no zombie
slirp4netnsprocess.Additional information you deem important (e.g. issue happens only occasionally):
Output of
podman version:Output of
podman info --debug:Package info (e.g. output of
rpm -q podmanorapt list podman):Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide?
Yes
Additional environment details (AWS, VirtualBox, physical, etc.):
The text was updated successfully, but these errors were encountered: