(c *Container)
| 37 | } |
| 38 | |
| 39 | func destroy(c *Container) error { |
| 40 | // Usually, when a container init is gone, all other processes in its |
| 41 | // cgroup are killed by the kernel. This is not the case for a shared |
| 42 | // PID namespace container, which may have some processes left after |
| 43 | // its init is killed or exited. |
| 44 | // |
| 45 | // As the container without init process running is considered stopped, |
| 46 | // and destroy is supposed to remove all the container resources, we need |
| 47 | // to kill those processes here. |
| 48 | if !c.config.Namespaces.IsPrivate(configs.NEWPID) { |
| 49 | // Likely to fail when c.config.RootlessCgroups is true |
| 50 | _ = signalAllProcesses(c.cgroupManager, unix.SIGKILL) |
| 51 | } |
| 52 | if err := c.cgroupManager.Destroy(); err != nil { |
| 53 | return fmt.Errorf("unable to remove container's cgroup: %w", err) |
| 54 | } |
| 55 | if c.intelRdtManager != nil { |
| 56 | if err := c.intelRdtManager.Destroy(); err != nil { |
| 57 | return fmt.Errorf("unable to remove container's IntelRDT group: %w", err) |
| 58 | } |
| 59 | } |
| 60 | if err := os.RemoveAll(c.stateDir); err != nil { |
| 61 | return fmt.Errorf("unable to remove container state dir: %w", err) |
| 62 | } |
| 63 | c.initProcess = nil |
| 64 | err := runPoststopHooks(c) |
| 65 | c.state = &stoppedState{c: c} |
| 66 | return err |
| 67 | } |
| 68 | |
| 69 | func runPoststopHooks(c *Container) error { |
| 70 | hooks := c.config.Hooks |
no test coverage detected
searching dependent graphs…