google
Don't error out when deleting parent cgroup dirs
The current logic says "if we created a cgroup directory, we remove it". But the flaw in that logic is that if you run in /sys/fs/cgroup/ns1/container1 you'll end up creating ns1 and container1. But if another container launches as /sys/fs/cgroup/ns1/container2, now while the first run created ns1, it can't delete it because container2 is in there.
The best fix I can think of, other than changing the logic full scale, is to just allow for a removal error on all but the top Own'd directory.
The current logic says "if we created a cgroup directory, we remove it". But the flaw in that logic is that if you run in /sys/fs/cgroup/ns1/container1 you'll end up creating ns1 and container1. But if another container launches as /sys/fs/cgroup/ns1/container2, now while the first run created ns1, it can't delete it because container2 is in there.
The best fix I can think of, other than changing the logic full scale, is to just allow for a removal error on all but the top Own'd directory.
I think we should only remove the container cgroup. All parent cgroups should remain untouched; otherwise, it could race with the creation of other containers.
-------------------------------------------------------------------------------------
ct2 | ct1
-------------------------------------------------------------------------------------
access(/sys/fs/cgroup/ns1) = 0 |
| rmdir(/sys/fs/cgroup/ns1)
mkdir(/sys/fs/cgroup/ns1/container2) |
-------------------------------------------------------------------------------------
