On Fri, Nov 06, 2020 at 02:30:13PM +0100, Michal Privoznik wrote:
>If starting an container fails, the virLXCProcessStop() is
>called. But since vm->def->id is not set until libvirt_lxc is
>spawned (the domain's ID is PID of that process),
>virLXCProcessStop() returns early as virDomainObjIsActive()
>returns false. But doing so leaves behind resources reserved for
>the containers during the startup process. Most notably, hostdevs
>are not re-attached to the host, the domain's transient XML is
>not removed, etc.
>
I'm not sure the virLXCProcessCleanup() function is prepared to be called under
such circumstances as its qemu counterpart. It looks virSecurity*RestoreLabel()
might be called when it ought not to be and that does not look safe to me. But
I'd be glad to be proved wrong.
>Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
>---
> src/lxc/lxc_process.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c
>index c5a710fc3f..08c82b0e9a 100644
>--- a/src/lxc/lxc_process.c
>+++ b/src/lxc/lxc_process.c
>@@ -855,7 +855,7 @@ int virLXCProcessStop(virLXCDriverPtr driver,
> vm->def->name, (int)vm->pid, (int)reason);
> if (!virDomainObjIsActive(vm)) {
> VIR_DEBUG("VM '%s' not active", vm->def->name);
>- return 0;
>+ goto cleanup;
> }
>
> priv = vm->privateData;
>--
>2.26.2
>