From 20716095b9043665938e51acd3a686aa3fd0387e Mon Sep 17 00:00:00 2001
From: Krisztian Litkey <krisztian.litkey@intel.com>
Date: Wed, 10 Jan 2024 10:35:01 +0200
Subject: [PATCH] resmgr: inject mount before container state update.

Inject our 'downward API' mount into containers before updating
their state to 'created'. Otherwise, if a policy doesn't make
any changes to a container during its creation, we incorrectly
consider the container as already created and fail to insert
the mount.

Signed-off-by: Krisztian Litkey <krisztian.litkey@intel.com>
---
 pkg/resmgr/nri.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pkg/resmgr/nri.go b/pkg/resmgr/nri.go
index 536b11283..59d1f44ee 100644
--- a/pkg/resmgr/nri.go
+++ b/pkg/resmgr/nri.go
@@ -333,7 +333,6 @@ func (p *nriPlugin) CreateContainer(ctx context.Context, podSandbox *api.PodSand
 		c.UpdateState(cache.ContainerStateStale)
 		return nil, nil, fmt.Errorf("failed to allocate resources: %w", err)
 	}
-	c.UpdateState(cache.ContainerStateCreated)
 
 	c.InsertMount(&cache.Mount{
 		Destination: "/.nri-resource-policy",
@@ -342,6 +341,8 @@ func (p *nriPlugin) CreateContainer(ctx context.Context, podSandbox *api.PodSand
 		Options:     []string{"bind", "ro", "rslave"},
 	})
 
+	c.UpdateState(cache.ContainerStateCreated)
+
 	if err := p.runPostAllocateHooks(event, c); err != nil {
 		m.Error("%s: failed to run post-allocate hooks for %s: %v",
 			event, container.GetName(), err)