Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Request: add error handling in pkg/pwalk #199

Closed
zeroalphat opened this issue May 12, 2023 · 2 comments · Fixed by #204
Closed

Request: add error handling in pkg/pwalk #199

zeroalphat opened this issue May 12, 2023 · 2 comments · Fixed by #204

Comments

@zeroalphat
Copy link

When I tried to start a container with SELinux labeling for volume, I got the following error and could not start a container.

$ docker run --log-driver=journald -d --name=kubelet --read-only --network=host \
--uts=host --pid=host --privileged \
--tmpfs=/tmp --volume=/var/lib/kubelet:/var/lib/kubelet:rshared,z \
quay.io/cybozu/kubernetes:1.25.6.1 kubelet

docker: Error response from daemon: 
error setting label on mount source '/var/lib/kubelet': 
lstat /var/lib/kubelet/seccomp/2/pwalk-test-1270530707/d-2753637893/f-1857926114: no such file or directory.

I think this error was returned from pkg/pwalk in opencontainers/selinux.
I found that the error lstat no such file or direcotry is returned if a file is deleted while filepath.Walk of the pwalk function is retrieving the list of files in a directory.
In my environment, it is possible that files under the target directory are frequently deleted during the process of SELinux labeling.
I think it is undesirable behavior to return an error, even if it is a specific environment.
How about adding error handling to make it work in such environment?
https://github.com/opencontainers/selinux/blob/main/pkg/pwalk/pwalk.go#L88C2-L91

Environments.

  • docker version: v20.10.18
  • opencontainers/selinux version: v1.8.0

To Reproduce.

  1. Add a function for testing to pwalk_test.go
  2. Create a direcotry and files for testing using the prepareTest function
  3. Execute the Walk function on the created direcotry.
err = Walk(dir,
		func(p string, i os.FileInfo, e error) error {
			return nil
		})
  1. Deletes all files under a particular directory during execution of the pwalk.Walk function.
  2. Get an error lstat <directory/file name> no such file or directory
delete pwalk-test-2649712757/d-1782752606 directory
--- FAIL: TestRemoveFile (0.01s)
    pwalk_test.go:55: lstat pwalk-test-2649712757/d-1782752606/d-2791693006: no such file or directory
FAIL
exit status 1
FAIL    github.com/opencontainers/selinux/pkg/pwalk     0.011s
@rhatdan
Copy link
Collaborator

rhatdan commented May 16, 2023

@kolyshkin PTAL

@kolyshkin kolyshkin mentioned this issue Aug 26, 2023
Merged
@kolyshkin
Copy link
Collaborator

Should be addressed by #204. I was able to reproduce the issue and add a test case, which fails before the fix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

pwalk, pwalkdir: fix walk vs remove race kolyshkin/selinux
3 participants
@rhatdan @kolyshkin @zeroalphat