[pve-devel] [PATCH container v2] fix: cloning a locked container creates an empty config

Daniel Tschlatscher d.tschlatscher at proxmox.com
Fri Jun 17 12:40:01 CEST 2022 

When an attempt was made to clone a locked container the API would
correctly present the error 'CT is locked (disk)' but create the
config files for the new container anyway.

There was also a potential problem when the config of the new ct would
already be present and the creation of the container failed. In this
case the config of the new CT would be incorrectly removed.
The config locks for the new and the old configs should now be
correctly released depending on from which call a problem originates.

Futhermore, I moved some related function calls into the eval block to
avoid similar problems with leftover config files in the future.

Signed-off-by: Daniel Tschlatscher <d.tschlatscher at proxmox.com>
---
Changes from v1
Some problems which I was made aware of by Fabian (G) through a quick
chat off-list (thanks btw!):

* Added a dedicated check to conditionally remove the locks for the
  new and old config files depending on where a potential error
  originates.
* Moved some potentially failing function calls into the eval block

 src/PVE/API2/LXC.pm | 23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
index 64724cb..06f759e 100644
--- a/src/PVE/API2/LXC.pm
+++ b/src/PVE/API2/LXC.pm
@@ -1461,9 +1461,6 @@ __PACKAGE__->register_method({
 	my $vollist = [];
 	my $running;
 
-	PVE::LXC::Config->create_and_lock_config($newid, 0);
-	PVE::Firewall::clone_vmfw_conf($vmid, $newid);
-
 	my $lock_and_reload = sub {
 	    my ($vmid, $code) = @_;
 	    return PVE::LXC::Config->lock_config($vmid, sub {
@@ -1477,14 +1474,26 @@ __PACKAGE__->register_method({
 
 	my $src_conf = PVE::LXC::Config->set_lock($vmid, 'disk');
 
-	$running = PVE::LXC::check_running($vmid) || 0;
+	eval {
+	    PVE::LXC::Config->create_and_lock_config($newid, 0);
+	};
+	if (my $err = $@) {
+	    eval { PVE::LXC::Config->remove_lock($vmid, 'disk') };
+	    warn "Failed to remove source CT config lock - $@\n" if $@;
 
-	my $full = extract_param($param, 'full');
-	if (!defined($full)) {
-	    $full = !PVE::LXC::Config->is_template($src_conf);
+	    die $err;
 	}
 
 	eval {
+	    $running = PVE::LXC::check_running($vmid) || 0;
+
+	    my $full = extract_param($param, 'full');
+	    if (!defined($full)) {
+		$full = !PVE::LXC::Config->is_template($src_conf);
+	    }
+
+	    PVE::Firewall::clone_vmfw_conf($vmid, $newid);
+
 	    die "parameter 'storage' not allowed for linked clones\n"
 		if defined($storage) && !$full;
 
-- 
2.30.2

More information about the pve-devel mailing list