sandbox: Stop and clean up containers that fail to create

A container that is created and added to a sandbox can still fail the final creation steps. In this case, the container must be stopped and have its resources cleaned up to prevent leaking sandbox mounts. Forward port of kata-containers/runtime#2826 Fixes kata-containers#2816 Signed-off-by: Evan Foster <efoster@adobe.com>
evanfoster · Jul 20, 2020 · da588b5 · da588b5
1 parent c5c3f5c
commit da588b5
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/src/runtime/virtcontainers/sandbox.go b/src/runtime/virtcontainers/sandbox.go
@@ -1,4 +1,5 @@
 // Copyright (c) 2016 Intel Corporation
+// Copyright (c) 2020 Adobe Inc.
 //
 // SPDX-License-Identifier: Apache-2.0
 //
@@ -1201,6 +1202,16 @@ func (s *Sandbox) CreateContainer(contConfig ContainerConfig) (VCContainer, erro
 	defer func() {
 		// Rollback if error happens.
 		if err != nil {
+			logger := s.Logger().WithFields(logrus.Fields{"container-id": c.id, "sandox-id": s.id, "rollback": true})
+
+			logger.Warning("Cleaning up partially created container")
+
+			if err2 := c.stop(true); err2 != nil {
+				logger.WithError(err2).Warning("Could not delete container")
+			}
+
+			logger.Debug("Removing stopped container from sandbox store")
+
 			s.removeContainer(c.id)
 		}
 	}()