sandbox: Ignore not found error in sandbox deletion

vmm/common/src/lib.rs

@@ -35,7 +35,7 @@ pub const HOSTNAME_FILENAME: &str = "hostname";
 pub const RESOLV_FILENAME: &str = "resolv.conf";
 
 pub const SANDBOX_NS_PATH: &str = "/run/sandbox-ns";
-pub const NET_NAMESPACE: &str = "net";
+pub const NET_NAMESPACE: &str = "network";
 pub const IPC_NAMESPACE: &str = "ipc";
 pub const UTS_NAMESPACE: &str = "uts";
 pub const CGROUP_NAMESPACE: &str = "cgroup";

vmm/sandbox/src/cgroup.rs

@@ -14,6 +14,8 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
+use std::error::Error;
+
 use anyhow::{anyhow, Ok, Result};
 use cgroups_rs::{
     cgroup_builder::*, cpu::CpuController, cpuset::CpuSetController, hugetlb::HugeTlbController,
@@ -186,10 +188,23 @@ fn remove_sandbox_cgroup(cgroup: &Cgroup) -> Result<()> {
     // get the tids in the current cgroup and then move the tids to parent cgroup
     let tids = cgroup.tasks();
     for tid in tids {
-        cgroup.move_task_to_parent(tid)?;
+        cgroup.move_task_to_parent(tid).unwrap_or_default();
     }
 
-    cgroup.delete()?;
+    // Should ignore the NotFound error of cgroup path as it may be already deleted.
+    if let Err(e) = cgroup.delete() {
+        if e.kind() == &cgroups_rs::error::ErrorKind::RemoveFailed {
+            if let Some(cause) = e.source() {
+                if let Some(ioe) = cause.downcast_ref::<std::io::Error>() {
+                    if ioe.kind() == std::io::ErrorKind::NotFound {
+                        return Ok(());
+                    }
+                }
+            }
+        }
+
+        return Err(e.into());
+    }
     Ok(())
 }
 

vmm/sandbox/src/sandbox.rs

@@ -323,7 +323,12 @@ where
             }
 
             cleanup_mounts(&sb.base_dir).await?;
-            remove_dir_all(&sb.base_dir).await?;
+            // Should Ignore the NotFound error of base dir as it may be already deleted.
+            if let Err(e) = remove_dir_all(&sb.base_dir).await {
+                if e.kind() != ErrorKind::NotFound {
+                    return Err(e.into());
+                }
+            }
         }
         self.sandboxes.write().await.remove(id);
         Ok(())

vmm/task/src/main.rs

@@ -40,8 +40,7 @@ use signal_hook_tokio::Signals;
 use tokio::fs::File;
 use vmm_common::{
     api::sandbox_ttrpc::create_sandbox_service, mount::mount, ETC_RESOLV, HOSTNAME_FILENAME,
-    IPC_NAMESPACE, KUASAR_STATE_DIR, NET_NAMESPACE, RESOLV_FILENAME, SANDBOX_NS_PATH,
-    UTS_NAMESPACE,
+    IPC_NAMESPACE, KUASAR_STATE_DIR, RESOLV_FILENAME, SANDBOX_NS_PATH, UTS_NAMESPACE,
 };
 
 use crate::{
@@ -131,7 +130,6 @@ lazy_static! {
         options: vec!["relatime", "nodev", "sync", "dirsync",]
     },];
     static ref CLONE_FLAG_TABLE: HashMap<String, CloneFlags> = HashMap::from([
-        (String::from(NET_NAMESPACE), CloneFlags::CLONE_NEWNET),
         (String::from(IPC_NAMESPACE), CloneFlags::CLONE_NEWIPC),
         (String::from(UTS_NAMESPACE), CloneFlags::CLONE_NEWUTS),
     ]);