diff --git a/pkg/cmd/container/kill.go b/pkg/cmd/container/kill.go index 172d6aa1e9a..20c9bd9efed 100644 --- a/pkg/cmd/container/kill.go +++ b/pkg/cmd/container/kill.go @@ -36,6 +36,7 @@ import ( "github.com/containerd/nerdctl/v2/pkg/netutil" "github.com/containerd/nerdctl/v2/pkg/netutil/nettype" "github.com/containerd/nerdctl/v2/pkg/portutil" + "github.com/containerd/nerdctl/v2/pkg/rootlessutil" "github.com/moby/sys/signal" ) @@ -118,72 +119,74 @@ func killContainer(ctx context.Context, container containerd.Container, signal s // cleanupNetwork removes cni network setup, specifically the forwards func cleanupNetwork(ctx context.Context, container containerd.Container, globalOpts types.GlobalCommandOptions) error { - // retrieve info to get current active port mappings - info, err := container.Info(ctx, containerd.WithoutRefreshedMetadata) - if err != nil { - return err - } - ports, portErr := portutil.ParsePortsLabel(info.Labels) - if portErr != nil { - return fmt.Errorf("no oci spec: %q", portErr) - } - portMappings := []gocni.NamespaceOpts{ - gocni.WithCapabilityPortMap(ports), - } - - // retrieve info to get cni instance - spec, err := container.Spec(ctx) - if err != nil { - return err - } - networksJSON := spec.Annotations[labels.Networks] - var networks []string - if err := json.Unmarshal([]byte(networksJSON), &networks); err != nil { - return err - } - netType, err := nettype.Detect(networks) - if err != nil { - return err - } - - switch netType { - case nettype.Host, nettype.None, nettype.Container: - // NOP - case nettype.CNI: - e, err := netutil.NewCNIEnv(globalOpts.CNIPath, globalOpts.CNINetConfPath, netutil.WithDefaultNetwork()) + return rootlessutil.WithDetachedNetNSIfAny(func() error { + // retrieve info to get current active port mappings + info, err := container.Info(ctx, containerd.WithoutRefreshedMetadata) if err != nil { return err } - cniOpts := []gocni.Opt{ - gocni.WithPluginDir([]string{globalOpts.CNIPath}), + ports, portErr := portutil.ParsePortsLabel(info.Labels) + if portErr != nil { + return fmt.Errorf("no oci spec: %q", portErr) + } + portMappings := []gocni.NamespaceOpts{ + gocni.WithCapabilityPortMap(ports), } - netMap, err := e.NetworkMap() + + // retrieve info to get cni instance + spec, err := container.Spec(ctx) if err != nil { return err } - for _, netstr := range networks { - net, ok := netMap[netstr] - if !ok { - return fmt.Errorf("no such network: %q", netstr) - } - cniOpts = append(cniOpts, gocni.WithConfListBytes(net.Bytes)) + networksJSON := spec.Annotations[labels.Networks] + var networks []string + if err := json.Unmarshal([]byte(networksJSON), &networks); err != nil { + return err } - cni, err := gocni.New(cniOpts...) + netType, err := nettype.Detect(networks) if err != nil { return err } - var namespaceOpts []gocni.NamespaceOpts - namespaceOpts = append(namespaceOpts, portMappings...) - namespace := spec.Annotations[labels.Namespace] - fullID := namespace + "-" + container.ID() - if err := cni.Remove(ctx, fullID, "", namespaceOpts...); err != nil { - log.L.WithError(err).Errorf("failed to call cni.Remove") - return err + switch netType { + case nettype.Host, nettype.None, nettype.Container: + // NOP + case nettype.CNI: + e, err := netutil.NewCNIEnv(globalOpts.CNIPath, globalOpts.CNINetConfPath, netutil.WithDefaultNetwork()) + if err != nil { + return err + } + cniOpts := []gocni.Opt{ + gocni.WithPluginDir([]string{globalOpts.CNIPath}), + } + netMap, err := e.NetworkMap() + if err != nil { + return err + } + for _, netstr := range networks { + net, ok := netMap[netstr] + if !ok { + return fmt.Errorf("no such network: %q", netstr) + } + cniOpts = append(cniOpts, gocni.WithConfListBytes(net.Bytes)) + } + cni, err := gocni.New(cniOpts...) + if err != nil { + return err + } + + var namespaceOpts []gocni.NamespaceOpts + namespaceOpts = append(namespaceOpts, portMappings...) + namespace := spec.Annotations[labels.Namespace] + fullID := namespace + "-" + container.ID() + if err := cni.Remove(ctx, fullID, "", namespaceOpts...); err != nil { + log.L.WithError(err).Errorf("failed to call cni.Remove") + return err + } + return nil + default: + return fmt.Errorf("unexpected network type %v", netType) } return nil - default: - return fmt.Errorf("unexpected network type %v", netType) - } - return nil + }) }