Skip to content

Missing deferred cleanup in Exec() function causes resource leaks on execution failure #730

Open
Open
Missing deferred cleanup in Exec() function causes resource leaks on execution failure#730
@shivansh-source

Description

@shivansh-source
shivansh-source
opened on May 30, 2026

Description

The Exec() function in pkg/unikontainers/unikontainers.go performs multiple setup operations in sequence:

  1. Network setup (TAP device creation)
  2. Rootfs preparation (preSetup)
  3. Monitor rootfs preparation (mount creation)
  4. Rootfs post-setup
  5. Shared filesystem setup (virtiofs/9pfs)
  6. Many other operations...

Currently, if any step fails after network setup (line 405), TAP devices are never cleaned up. Similar issues exist for rootfs and shared filesystem mounts.

  • Line 405: Network setup, no defer cleanup
  • Line 507-530: Rootfs setup, no rollback on failure
  • Line 522: prepareMonRootfs, no cleanup
  • Line 570: prepareVSockEnvironment, no cleanup

all setup steps should register cleanup functions that execute in reverse order if any error occurs.

Testing

  • Add tests that verify cleanup occurs when Exec fails at each setup stage
  • Verify TAP devices are cleaned up
  • Verify mounts are unmounted

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions