Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use file-based locking to prevent concurrent DEL calls #41

Open
dcbw opened this issue Jun 26, 2019 · 1 comment
Open

Use file-based locking to prevent concurrent DEL calls #41

dcbw opened this issue Jun 26, 2019 · 1 comment

Comments

@dcbw
Copy link
Collaborator

dcbw commented Jun 26, 2019

For example, podman does not use a long-running process for handling container sandbox operations. This means that two 'podman stop' calls for the same container can run concurrently and call a CNI DEL concurrently, which is a violation of the CNI specification.

To handle this, ocicni should implement file-based locking with github.com/alexflint/go-filemutex (see CNI plugins' plugins/ipam/host-local/backend/disk/ for an examle) to ensure that multiple processes cannot call DEL on the same containerID concurrently.

@vrothberg
Copy link
Member

The issue just popped up in my mailbox. containers/storage exposed a filelock API which would prevent many users of ocicni from adding another dependency.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants