diff options
Diffstat (limited to 'runsc')
-rw-r--r-- | runsc/boot/loader.go | 9 | ||||
-rw-r--r-- | runsc/boot/loader_test.go | 1 | ||||
-rw-r--r-- | runsc/boot/vfs.go | 5 |
3 files changed, 12 insertions, 3 deletions
diff --git a/runsc/boot/loader.go b/runsc/boot/loader.go index dee2c4fbb..8ad000497 100644 --- a/runsc/boot/loader.go +++ b/runsc/boot/loader.go @@ -472,9 +472,13 @@ func (l *Loader) Destroy() { } l.watchdog.Stop() + // Release all kernel resources. This is only safe after we can no longer + // save/restore. + l.k.Release() + // In the success case, stdioFDs and goferFDs will only contain // released/closed FDs that ownership has been passed over to host FDs and - // gofer sessions. Close them here in case on failure. + // gofer sessions. Close them here in case of failure. for _, fd := range l.root.stdioFDs { _ = fd.Close() } @@ -899,7 +903,7 @@ func (l *Loader) executeAsync(args *control.ExecArgs) (kernel.ThreadID, error) { // Get the container MountNamespace from the Task. Try to acquire ref may fail // in case it raced with task exit. if kernel.VFS2Enabled { - // task.MountNamespace() does not take a ref, so we must do so ourselves. + // task.MountNamespaceVFS2() does not take a ref, so we must do so ourselves. args.MountNamespaceVFS2 = tg.Leader().MountNamespaceVFS2() if !args.MountNamespaceVFS2.TryIncRef() { return 0, fmt.Errorf("container %q has stopped", args.ContainerID) @@ -921,7 +925,6 @@ func (l *Loader) executeAsync(args *control.ExecArgs) (kernel.ThreadID, error) { root := args.MountNamespaceVFS2.Root() ctx := vfs.WithRoot(l.k.SupervisorContext(), root) defer args.MountNamespaceVFS2.DecRef(ctx) - defer root.DecRef(ctx) envv, err := user.MaybeAddExecUserHomeVFS2(ctx, args.MountNamespaceVFS2, args.KUID, args.Envv) if err != nil { return 0, err diff --git a/runsc/boot/loader_test.go b/runsc/boot/loader_test.go index 1f49431a2..e376f944b 100644 --- a/runsc/boot/loader_test.go +++ b/runsc/boot/loader_test.go @@ -491,6 +491,7 @@ func TestCreateMountNamespaceVFS2(t *testing.T) { } root := mns.Root() + root.IncRef() defer root.DecRef(ctx) for _, p := range tc.expectedPaths { target := &vfs.PathOperation{ diff --git a/runsc/boot/vfs.go b/runsc/boot/vfs.go index e36664938..82e459f46 100644 --- a/runsc/boot/vfs.go +++ b/runsc/boot/vfs.go @@ -170,6 +170,7 @@ func (c *containerMounter) mountAll(conf *config.Config, procArgs *kernel.Create rootProcArgs.MountNamespaceVFS2 = mns root := mns.Root() + root.IncRef() defer root.DecRef(rootCtx) if root.Mount().ReadOnly() { // Switch to ReadWrite while we setup submounts. @@ -377,6 +378,7 @@ func (c *containerMounter) mountSubmountVFS2(ctx context.Context, conf *config.C } root := mns.Root() + root.IncRef() defer root.DecRef(ctx) target := &vfs.PathOperation{ Root: root, @@ -474,6 +476,7 @@ func (c *containerMounter) mountTmpVFS2(ctx context.Context, conf *config.Config } root := mns.Root() + root.IncRef() defer root.DecRef(ctx) pop := vfs.PathOperation{ Root: root, @@ -597,6 +600,7 @@ func (c *containerMounter) mountSharedSubmountVFS2(ctx context.Context, conf *co defer newMnt.DecRef(ctx) root := mns.Root() + root.IncRef() defer root.DecRef(ctx) target := &vfs.PathOperation{ Root: root, @@ -617,6 +621,7 @@ func (c *containerMounter) mountSharedSubmountVFS2(ctx context.Context, conf *co func (c *containerMounter) makeMountPoint(ctx context.Context, creds *auth.Credentials, mns *vfs.MountNamespace, dest string) error { root := mns.Root() + root.IncRef() defer root.DecRef(ctx) target := &vfs.PathOperation{ Root: root, |