nerdctl is leaking host files when a container fails to start - Githubissues

containerd / nerdctl

contaiNERD CTL - Docker-compatible CLI for containerd, with support for Compose, Rootless, eStargz, OCIcrypt, IPFS, ...

Apache License 2.0

7.86k stars 585 forks source link

nerdctl is leaking host files when a container fails to start #2993

Open apostasie opened 3 months ago

apostasie commented 3 months ago

Description

While investigating #2992, I noticed that AllocHostsFile is called before we verify that the requested --name for the container to be started is actually available.

If the name is not free, we bail out, but we leave the allocated host file in place.

Steps to reproduce the issue

# Just repeatedly run containers with the exact same name
sudo ./nerdctl-patch run -d --name whatevername debian bash
sudo ./nerdctl-patch run -d --name whatevername debian bash
sudo ./nerdctl-patch run -d --name whatevername debian bash

Describe the results you received and expected

Now, /var/lib/nerdctl/XXXX/etchosts/default will start filling up with orphaned files.

This is also true for /var/lib/nerdctl/1935db59/containers/default.

Looking at create.go shows why.

What version of nerdctl are you using?

1.7.6

Are you using a variant of nerdctl? (e.g., Rancher Desktop)

None

Host information

No response

apostasie commented 3 months ago

Seems to me like the general issue here is that we just do not clean-up anything if the container fails to create. Solving this is likely more involved than just shuffling things around.