From 43b272eae42ec1cf0f8b2da7e9727dded0af9171 Mon Sep 17 00:00:00 2001 From: WHOIM1205 Date: Tue, 16 Jun 2026 12:19:10 -0700 Subject: [PATCH] fix(shim): do not abort Create on guest rootfs choice failure Signed-off-by: WHOIM1205 --- pkg/containerd-shim/task_service.go | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/pkg/containerd-shim/task_service.go b/pkg/containerd-shim/task_service.go index fb126c3f..de539134 100644 --- a/pkg/containerd-shim/task_service.go +++ b/pkg/containerd-shim/task_service.go @@ -55,13 +55,21 @@ func (s *taskService) Create(ctx context.Context, r *taskAPI.CreateTaskRequest) // ChooseRootfs after inner task Create so bundle rootfs is mounted; // params are persisted in bundle config.json for runtime Exec. + // + // This is only a pre-computation/optimization: the runtime Exec recomputes + // ChooseRootfs when the annotation is absent. Therefore a failure here must + // not abort Create, otherwise we would report Create as failed while the + // inner task service has already created the task and spawned the container + // init, orphaning a running process and leaking resources. Instead, we log + // and continue, deferring any genuine rootfs error to the runtime, where it + // surfaces during start with proper, containerd-tracked cleanup. if err := chooseGuestRootfs(r); err != nil { if errors.Is(err, errGuestRootfsChoiceSkipped) { log.G(ctx).WithError(err).Debug("urunc(shim): guest rootfs choice skipped") - return resp, nil + } else { + log.G(ctx).WithError(err).Warn("urunc(shim): failed to choose guest rootfs; runtime will recompute at Exec") } - log.G(ctx).WithError(err).Warn("urunc(shim): failed to choose guest rootfs") - return nil, err + return resp, nil } return resp, nil