oci: fix segfault when cgroup cannot be configured

giuseppe · giuseppe · commit e1238050895f · 2019-04-05T16:49:08.000+02:00
avoid a segfault if the cgroup hierarchy could not be configured. It happens every time with rootless mode as we cannot configure cgroups, but it is not restricted to rootless. Closes: cri-o#2205 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
diff --git a/oci/oci_linux.go b/oci/oci_linux.go
@@ -36,14 +36,16 @@ func (r *runtimeOCI) createContainerPlatform(c *Container, cgroupParent string,
 		logrus.Warnf("Failed to add conmon to cgroupfs sandbox cgroup: %v", err)
 	}
 
-	// Here we should defer a crio-connmon- cgroup hierarchy deletion, but it will
-	// always fail as conmon's pid is still there.
-	// Fortunately, kubelet takes care of deleting this for us, so the leak will
-	// only happens in corner case where one does a manual deletion of the container
-	// through e.g. runc. This should be handled by implementing a conmon monitoring
-	// routine that does the cgroup cleanup once conmon is terminated.
-	if err := control.Add(cgroups.Process{Pid: pid}); err != nil {
-		logrus.Warnf("Failed to add conmon to cgroupfs sandbox cgroup: %v", err)
+	if control != nil {
+		// Here we should defer a crio-connmon- cgroup hierarchy deletion, but it will
+		// always fail as conmon's pid is still there.
+		// Fortunately, kubelet takes care of deleting this for us, so the leak will
+		// only happens in corner case where one does a manual deletion of the container
+		// through e.g. runc. This should be handled by implementing a conmon monitoring
+		// routine that does the cgroup cleanup once conmon is terminated.
+		if err := control.Add(cgroups.Process{Pid: pid}); err != nil {
+			logrus.Warnf("Failed to add conmon to cgroupfs sandbox cgroup: %v", err)
+		}
 	}
 }
 
