fix runc's poststart behaviour doesn't match the runtime-spec

[ningmingxiao]

fix:#4347

[cyphar]

The code should be moved to container.Exec (keep it inside libcontainer).

[kolyshkin]

Please write a more detailed commit message. "fix poststart error" is not a good one.

[ningmingxiao]

Please write a more detailed commit message. "fix poststart error" is not a good one.

done.thank you. please review my pr. @kolyshkin @cyphar

[lifubang]

Could you please add a test case to avoid the similar error in future.
You can see:
#4323 (comment)

[lifubang]

As the runtime-spec said:
The poststart hooks MUST be invoked by the runtime. If any poststart hook fails, the runtime MUST log a warning, but the remaining hooks and lifecycle continue as if the hook had succeeded.

So maybe this is another bug, we should write a new function to run poststart and poststop hooks.
@kolyshkin WDYT

[lifubang]

If yes, please help to open a new issue to track this bug, thanks.

[kolyshkin]

So, the current code logs a warning (like the spec says) but also terminates container's init and returns an error (unlike the spec says).

I'm not sure whether we should change the spec or runc behavior. In theory spec should be left as is, and runc should be changed to follow the spec. In practice, though, changing runc might result in backward incompatibilities and complexities in upper runtime. So yes, we have a choice to make here.

It's complicated 😿

[kolyshkin]

I researched the history a little bit.

1. The initial implementation of poststart hooks was done by @mrunalp in 2015 (commit 452e8a7, PR Add poststart hooks #392, merged Nov 2015). If a hook was returning an error, the start was terminated and the error was returned.
2. The "start must continue even if poststart hook failed" clause was added to runtime-spec by @RenaudWasTaken in Add create-runtime, create-container, start-container hooks runtime-spec#1008 (merged Dec 30 2019).
3. More hooks were added to runc by @RenaudWasTaken (commit ccdd757, PR Add CreateRuntime, CreateContainer and StartContainer Hooks #2229, merged Jun 2020). The same commit touched the poststart code but didn't change it to not return an error if a hook failed.

In my mind, this is the spec that needs to be changed. The reasons are:

• initial implementation predates the spec wording by a few years;
• the wording in the spec was never implemented in runc;
• returning an error (and stopping the container) seems like a more versatile approach (a hook can choose whether to return an error or not).

Opened opencontainers/runtime-spec#1262

[ningmingxiao]

how to stop container by using SIGTERM ,SIGKILL or both use?

[cyphar]

Probably SIGTERM followed by SIGKILL or just SIGKILL.

[ningmingxiao]

already backport #4351

[kolyshkin]

The commit description still doesn't say what it does and why.

[kolyshkin]

This PR removes the part where the container is killed when a hook fails. This should have been caught by an integration test, alas, it doesn't check that.

Opened #4352

[cyphar]

Moved the milestone to 1.3.0. Dealing with this is going to take a while, and we should just get 1.2.0 out (this is a pre-existing issue anyway).

[kolyshkin]

A draft until opencontainers/runtime-spec#1262 is decided on

[cyphar]

Damn, I missed this because it wasn't in the -rc.1 milestone. I guess we'll need to wait for 1.4.0-rc.1 before fixing this.

[rata]

The spec PR is not yet merged, moving to 1.4. Now to 1.4.0-rc.1, so hopefully you don't miss it @cyphar :)

[ningmingxiao]

Ok thanks