On Fri, Nov 06, 2020 at 02:30:13PM +0100, Michal Privoznik wrote:
If starting an container fails, the virLXCProcessStop() is
called. But since vm->def->id is not set until libvirt_lxc is
spawned (the domain's ID is PID of that process),
virLXCProcessStop() returns early as virDomainObjIsActive()
returns false. But doing so leaves behind resources reserved for
the containers during the startup process. Most notably, hostdevs
are not re-attached to the host, the domain's transient XML is
not removed, etc.
I'm not sure the virLXCProcessCleanup() function is prepared to be called under
such circumstances as its qemu counterpart. It looks virSecurity*RestoreLabel()
might be called when it ought not to be and that does not look safe to me. But
I'd be glad to be proved wrong.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/lxc/lxc_process.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c
index c5a710fc3f..08c82b0e9a 100644
--- a/src/lxc/lxc_process.c
+++ b/src/lxc/lxc_process.c
@@ -855,7 +855,7 @@ int virLXCProcessStop(virLXCDriverPtr driver,
vm->def->name, (int)vm->pid, (int)reason);
if (!virDomainObjIsActive(vm)) {
VIR_DEBUG("VM '%s' not active", vm->def->name);
- return 0;
+ goto cleanup;
}
priv = vm->privateData;
--
2.26.2