DevFW-CICD/runner
15
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

fix: remove LXC backend leftovers when the job completes (#1054)

Browse source 
- remove the root of the LXC container after destroying it, with sudo as it may contain files owned by root while the runner id is not root
- os.RemoveAll only for native host runs, it is no longer needed for the LXC backend
- remove the CleanUp function that is an indirection with no use

Resolves forgejo/runner#442

When running the test from a non-root user and without this fix, it fails as follow:

```
go test -v -count=1 -run='TestRunnerLXC' ./internal/app/run
=== RUN   TestRunnerLXC
...
time="2025-10-03T15:05:12+02:00" level=debug msg=stopHostEnvironment
time="2025-10-03T15:05:13+02:00" level=debug msg="HostEnvironment.Remove /tmp/TestRunnerLXC1841090130/001/d29c1256e2912892/hostexecutor"
time="2025-10-03T15:05:13+02:00" level=error msg="Error while stop job container FORGEJO-ACTIONS-TASK-0_WORKFLOW-3ede81fbc69d42e6db70bef5820490fc3e7dc4d9dcbfb64981f2d00f08a30d6e_JOB-job: unlinkat /tmp/TestRunnerLXC1841090130/001/d29c1256e2912892/hostexecutor/some/directory/owned/by/root: permission denied"
=== NAME  TestRunnerLXC
    runner_test.go:469:
        	Error Trace:	/home/earl-warren/software/runner/internal/app/run/runner_test.go:469
        	            				/home/earl-warren/software/runner/internal/app/run/runner_test.go:496
        	Error:      	Received unexpected error:
        	            	Error occurred running finally: unlinkat /tmp/TestRunnerLXC1841090130/001/d29c1256e2912892/hostexecutor/some/directory/owned/by/root: permission denied (original error: <nil>)
        	Test:       	TestRunnerLXC
        	Messages:   	OK
=== NAME  TestRunnerLXC/OK
    testing.go:1679: test executed panic(nil) or runtime.Goexit: subtest may have called FailNow on a parent test
=== NAME  TestRunnerLXC
    testing.go:1267: TempDir RemoveAll cleanup: unlinkat /tmp/TestRunnerLXC1841090130/001/d29c1256e2912892/hostexecutor/some/directory/owned/by/root: permission denied
--- FAIL: TestRunnerLXC (6.84s)
    --- FAIL: TestRunnerLXC/OK (6.84s)
FAIL
FAIL	code.forgejo.org/forgejo/runner/v11/internal/app/run	6.847s
FAIL
```

<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/forgejo/runner-->
- bug fixes
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1054): <!--number 1054 --><!--line 0 --><!--description Zml4OiByZW1vdmUgTFhDIGJhY2tlbmQgbGVmdG92ZXJzIHdoZW4gdGhlIGpvYiBjb21wbGV0ZXM=-->fix: remove LXC backend leftovers when the job completes<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/1054
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.code.forgejo.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
This commit is contained in:
Earl Warren 2025-10-03 16:14:08 +00:00 committed by earl-warren
parent a980acd936
commit 413a52605d
No known key found for this signature in database
GPG key ID: F128CBE6AB3A7201
3 changed files with 10 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

10
act/container/host_environment.go
View file

@ -34,7 +34,6 @@ type HostEnvironment struct {
Workdir string
ActPath string
Root string
CleanUp func()
StdOut io.Writer
LXC bool
}
@ -404,11 +403,12 @@ func (e *HostEnvironment) UpdateFromEnv(srcPath string, env *map[string]string)
func (e *HostEnvironment) Remove() common.Executor {
return func(ctx context.Context) error {
if e.CleanUp != nil {
e.CleanUp()
if e.GetLXC() {
// there may be files owned by root: removal
// is the responsibility of the LXC backend
return nil
}
common.Logger(ctx).Debugf("HostEnvironment.Remove %s", e.Path)
return os.RemoveAll(e.Path)
return os.RemoveAll(e.Root)
}
}

9
act/runner/run_context.go
View file

@ -248,6 +248,8 @@ var stopTemplate = template.Must(template.New("stop").Parse(`#!/bin/bash
source $(dirname $0)/lxc-helpers-lib.sh
lxc_container_destroy "{{.Name}}"
lxc_maybe_sudo
$LXC_SUDO rm -fr "{{ .Root }}"
`))
func (rc *RunContext) stopHostEnvironment(ctx context.Context) error {
@ -314,11 +316,8 @@ func (rc *RunContext) startHostEnvironment() common.Executor {
ToolCache: rc.getToolCache(ctx),
Workdir: rc.Config.Workdir,
ActPath: actPath,
CleanUp: func() {
os.RemoveAll(miscpath)
},
StdOut: logWriter,
LXC: rc.IsLXCHostEnv(ctx),
StdOut: logWriter,
LXC: rc.IsLXCHostEnv(ctx),
}
rc.cleanUpJobContainer = func(ctx context.Context) error {
if err := rc.stopHostEnvironment(ctx); err != nil {

2
internal/app/run/runner_test.go
View file

@ -491,7 +491,7 @@ jobs:
job:
runs-on: lxc
steps:
- run: echo OK
- run: mkdir -p some/directory/owned/by/root
`
runWorkflow(ctx, cancel, workflow, "push", "refs/heads/main", "OK")
})