From 618722cf66495a566af39d6d0128e10a446ee946 Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Thu, 30 Jan 2025 13:52:04 +0100 Subject: [PATCH] rootlessnetns: fix setup error when file already exists It is possible that the netns file where we bind mount the netns already exists. This can happen if a previous setup process was killed between creating the file and mounting to it. Or likely more common as described in the podman issue if the runroot is not a tmpfs and not deleted after boot. Fixes containers/podman#25144 Signed-off-by: Paul Holzinger --- libnetwork/internal/rootlessnetns/netns_linux.go | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/libnetwork/internal/rootlessnetns/netns_linux.go b/libnetwork/internal/rootlessnetns/netns_linux.go index 7fac465a6..265558765 100644 --- a/libnetwork/internal/rootlessnetns/netns_linux.go +++ b/libnetwork/internal/rootlessnetns/netns_linux.go @@ -135,6 +135,15 @@ func (n *Netns) getOrCreateNetns() (ns.NetNS, bool, error) { } // In case of errors continue and setup the network cmd again. } else { + // Special case, the file might exist already but is not a valid netns. + // One reason could be that a previous setup was killed between creating + // the file and mounting it. Or if the file is not on tmpfs (deleted on boot) + // you might run into it as well: https://github.com/containers/podman/issues/25144 + // We have to do this because NewNSAtPath fails with EEXIST otherwise + if errors.As(err, &ns.NSPathNotNSErr{}) { + // We don't care if this fails, NewNSAtPath() should return the real error. + _ = os.Remove(nsPath) + } logrus.Debugf("Creating rootless network namespace at %q", nsPath) // We have to create the netns dir again here because it is possible // that cleanup() removed it.