Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

oci: terminate all container processes on cleanup #17025

Merged
merged 1 commit into from
Jan 8, 2023
Merged

oci: terminate all container processes on cleanup #17025

merged 1 commit into from
Jan 8, 2023

Conversation

giuseppe
Copy link
Member

@giuseppe giuseppe commented Jan 7, 2023

if the container has no pid namespace, they are not killed when the container process ends. In this case, attempt to kill them in the same way.

The problem was noticed with toolbox where the exec'ed sessions are not terminated when the container is stopped, blocking the system shutdown.

[NO NEW TESTS NEEDED]

Signed-off-by: Giuseppe Scrivano [email protected]

Does this PR introduce a user-facing change?

When a container that runs with --pid=host is terminated, Podman sends a SIGKILL to all the active exec sessions

@giuseppe
oci: terminate all container processes on cleanup
9fe86ec 
if the container has no pid namespace, they are not killed when the
container process ends.  In this case, attempt to kill them in the
same way.

The problem was noticed with toolbox where the exec'ed sessions are
not terminated when the container is stopped, blocking the system
shutdown.

[NO NEW TESTS NEEDED]

Signed-off-by: Giuseppe Scrivano <[email protected]>
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jan 7, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: giuseppe

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 7, 2023
@giuseppe
Copy link
Member Author

giuseppe commented Jan 7, 2023

@mheon PTAL

@rhatdan
Copy link
Member

rhatdan commented Jan 7, 2023

LGTM

@rhatdan
Copy link
Member

rhatdan commented Jan 7, 2023

This will clean --pid=host iff Podman is still running, I guess podman cleanup will also clean them up when conmon exits,

@giuseppe
Copy link
Member Author

giuseppe commented Jan 7, 2023

This will clean --pid=host iff Podman is still running, I guess podman cleanup will also clean them up when conmon exits,

this is used with "podman container cleanup"

@mheon
Copy link
Member

mheon commented Jan 7, 2023 via email

@rhatdan
Copy link
Member

rhatdan commented Jan 8, 2023

It would also need to be in podman kill and if a random process on the system like systemd comes in and kills conmon.
/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Jan 8, 2023
@openshift-merge-robot openshift-merge-robot merged commit 74a961a into containers:main Jan 8, 2023
@edsantiago edsantiago mentioned this pull request Jan 9, 2023
Closed
@debarshiray
Copy link
Member

Thanks for the fix, @giuseppe !

@debarshiray debarshiray mentioned this pull request Jan 18, 2023
Open
@lsm5
Copy link
Member

lsm5 commented Jan 26, 2023

this is included in the v4.4 branch so will land in v4.4.0 on fedora once released.

@debarshiray debarshiray mentioned this pull request Feb 1, 2023
Open
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 13, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 13, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees

@rhatdan rhatdan

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. release-note
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@giuseppe @rhatdan @mheon @debarshiray @lsm5 @openshift-merge-robot