Merge pull request microsoft#1597 from katiewasnothere/kabaldau/cleanup_shared_scratch_root_dir

Kathryn Baldauf · web-flow · commit d6dd825d5545 · 2023-01-17T11:39:24.000-08:00
Add logic to cleanup the oci bundle root dir on container delete
diff --git a/internal/guest/runtime/hcsv2/container.go b/internal/guest/runtime/hcsv2/container.go
@@ -48,8 +48,9 @@ type Container struct {
 	id    string
 	vsock transport.Transport
 
-	spec      *oci.Spec
-	isSandbox bool
+	spec          *oci.Spec
+	ociBundlePath string
+	isSandbox     bool
 
 	container   runtime.Container
 	initProcess *containerProcess
@@ -211,6 +212,14 @@ func (c *Container) Delete(ctx context.Context) error {
 		}
 	}
 
+	if err := os.RemoveAll(c.ociBundlePath); err != nil {
+		if retErr != nil {
+			retErr = fmt.Errorf("errors deleting container oci bundle dir, %s & %s", retErr, err)
+		} else {
+			retErr = err
+		}
+	}
+
 	return retErr
 }
 
diff --git a/internal/guest/runtime/hcsv2/uvm.go b/internal/guest/runtime/hcsv2/uvm.go
@@ -232,6 +232,7 @@ func (h *Host) CreateContainer(ctx context.Context, id string, settings *prot.VM
 		id:             id,
 		vsock:          h.vsock,
 		spec:           settings.OCISpecification,
+		ociBundlePath:  settings.OCIBundlePath,
 		isSandbox:      criType == "sandbox",
 		exitType:       prot.NtUnexpectedExit,
 		processes:      make(map[uint32]*containerProcess),
@@ -269,7 +270,7 @@ func (h *Host) CreateContainer(ctx context.Context, id string, settings *prot.VM
 			}
 			defer func() {
 				if err != nil {
-					_ = os.RemoveAll(spec.SandboxRootDir(id))
+					_ = os.RemoveAll(settings.OCIBundlePath)
 				}
 			}()
 
@@ -295,7 +296,7 @@ func (h *Host) CreateContainer(ctx context.Context, id string, settings *prot.VM
 			}
 			defer func() {
 				if err != nil {
-					_ = os.RemoveAll(getWorkloadRootDir(id))
+					_ = os.RemoveAll(settings.OCIBundlePath)
 				}
 			}()
 			if err := policy.ExtendPolicyWithNetworkingMounts(sandboxID, h.securityPolicyEnforcer, settings.OCISpecification); err != nil {
@@ -312,7 +313,7 @@ func (h *Host) CreateContainer(ctx context.Context, id string, settings *prot.VM
 		}
 		defer func() {
 			if err != nil {
-				_ = os.RemoveAll(getStandaloneRootDir(id))
+				_ = os.RemoveAll(settings.OCIBundlePath)
 			}
 		}()
 	}
diff --git a/internal/guest/runtime/hcsv2/workload_container.go b/internal/guest/runtime/hcsv2/workload_container.go
@@ -21,10 +21,6 @@ import (
 	"github.com/Microsoft/hcsshim/pkg/annotations"
 )
 
-func getWorkloadRootDir(id string) string {
-	return filepath.Join(guestpath.LCOWRootPrefixInUVM, id)
-}
-
 // os.MkdirAll combines the given permissions with the running process's
 // umask. By default this causes 0777 to become 0755.
 // Temporarily set the umask of this process to 0 so that we can actually

Original file line number	Diff line number	Diff line change
`@@ -232,6 +232,7 @@ func (h Host) CreateContainer(ctx context.Context, id string, settings prot.VM`
`232`	`232`	`id: id,`
`233`	`233`	`vsock: h.vsock,`
`234`	`234`	`spec: settings.OCISpecification,`
	`235`	`+ ociBundlePath: settings.OCIBundlePath,`
`235`	`236`	`isSandbox: criType == "sandbox",`
`236`	`237`	`exitType: prot.NtUnexpectedExit,`
`237`	`238`	`processes: make(map[uint32]*containerProcess),`
`@@ -269,7 +270,7 @@ func (h Host) CreateContainer(ctx context.Context, id string, settings prot.VM`
`269`	`270`	`}`
`270`	`271`	`defer func() {`
`271`	`272`	`if err != nil {`
`272`		`- _ = os.RemoveAll(spec.SandboxRootDir(id))`
	`273`	`+ _ = os.RemoveAll(settings.OCIBundlePath)`
`273`	`274`	`}`
`274`	`275`	`}()`
`275`	`276`
`@@ -295,7 +296,7 @@ func (h Host) CreateContainer(ctx context.Context, id string, settings prot.VM`
`295`	`296`	`}`
`296`	`297`	`defer func() {`
`297`	`298`	`if err != nil {`
`298`		`- _ = os.RemoveAll(getWorkloadRootDir(id))`
	`299`	`+ _ = os.RemoveAll(settings.OCIBundlePath)`
`299`	`300`	`}`
`300`	`301`	`}()`
`301`	`302`	`if err := policy.ExtendPolicyWithNetworkingMounts(sandboxID, h.securityPolicyEnforcer, settings.OCISpecification); err != nil {`
`@@ -312,7 +313,7 @@ func (h Host) CreateContainer(ctx context.Context, id string, settings prot.VM`
`312`	`313`	`}`
`313`	`314`	`defer func() {`
`314`	`315`	`if err != nil {`
`315`		`- _ = os.RemoveAll(getStandaloneRootDir(id))`
	`316`	`+ _ = os.RemoveAll(settings.OCIBundlePath)`
`316`	`317`	`}`
`317`	`318`	`}()`
`318`	`319`	`}`