packages/docker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

docker: ensure layer digest folder removed if ls.driver.Remove fails

Browse Source 
If image pull fails of context canceled, image layer will perform a
rollback operation. When image layer is released, the diff folder of layer
will be removed first, and then the digest folder will be removed.
If the diff folder fails to be removed, such as operation not permitted or
interrupted by others, both the digest folder and diff folder will remain
on the disk, this will cause image not be complete and not repairable.

So we should remove the digest folder first for image layers rollback
and ensure image can be re-pulled completely.

(cherry picked from commit 219f49ee216459dc50dcbddaade9828ad7fa31fb)
This commit is contained in:
chenjiankun 2022-09-15 17:36:20 +08:00 committed by openeuler-sync-bot
parent 55c13ee484
commit 9bb3a56c0e
4 changed files with 77 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
VERSION-openeuler
View File

@ -1 +1 @@
18.09.0.241
18.09.0.242

8
docker-engine-openeuler.spec
View File

@ -1,6 +1,6 @@
Name: docker-engine
Version: 18.09.0
Release: 241
Release: 242
Summary: The open-source application container engine
Group: Tools/Docker
@ -198,6 +198,12 @@ fi
%endif
%changelog
* Thu Sep 15 2022 chenjiankun <chenjiankun1@huawei.com> - 18.09.0-242
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:ensure layer digest folder removed if ls.driver.Remove fails
* Thu Sep 15 2022 chenjiankun <chenjiankun1@huawei.com> - 18.09.0-241
- Type:CVE
- CVE:CVE-2022-36109

68
patch/0231-docker-ensure-layer-digest-folder-removed-if-ls.driv.patch Normal file
View File

@ -0,0 +1,68 @@
From ef17936c73849e17039f0b1558f6a87f70a35890 Mon Sep 17 00:00:00 2001
From: zhangsong <zhangsong34@huawei.com>
Date: Mon, 29 Aug 2022 11:41:15 +0800
Subject: [PATCH] docker: ensure layer digest folder removed if
ls.driver.Remove fails
If image pull fails of context canceled, image layer will perform a
rollback operation. When image layer is released, the diff folder
of layer will be removed first, and then the digest folder will be
removed. If the diff folder fails to be removed, such as operation
not permitted or interrupted by others, both the digest folder and diff
folder will remain on the disk, this will cause image not be complete
and not repairable.
So we should remove the digest folder first for image layers rollback
and ensure image can be re-pulled completely.
Signed-off-by: zhangsong <zhangsong34@huawei.com>
---
components/engine/layer/layer_store.go | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/components/engine/layer/layer_store.go b/components/engine/layer/layer_store.go
index c514ed80..e3030c3c 100644
--- a/components/engine/layer/layer_store.go
+++ b/components/engine/layer/layer_store.go
@@ -311,6 +311,8 @@ func (ls *layerStore) registerWithDescriptor(ts io.Reader, parent ChainID, descr
// Release parent chain if error
defer func() {
if err != nil {
+ logrus.Errorf("Create layer cache id: %s, diff id: %s, chain id: %s, error: %v",
+ p.cacheID, p.diffID, p.chainID, err)
ls.layerL.Lock()
ls.releaseLayer(p)
ls.layerL.Unlock()
@@ -428,12 +430,18 @@ func (ls *layerStore) Map() map[ChainID]Layer {
}
func (ls *layerStore) deleteLayer(layer *roLayer, metadata *Metadata) error {
- err := ls.driver.Remove(layer.cacheID)
+ logrus.Debugf("Deleting layer cache id: %s, diff id: %s, chain id: %s",
+ layer.cacheID, layer.diffID, layer.chainID)
+ err := ls.store.Remove(layer.chainID)
if err != nil {
+ logrus.Errorf("Remove layer store: cache id: %s, diff id: %s, chain id: %s, error: %v",
+ layer.cacheID, layer.diffID, layer.chainID, err)
return err
}
- err = ls.store.Remove(layer.chainID)
+ err = ls.driver.Remove(layer.cacheID)
if err != nil {
+ logrus.Errorf("Remove driver store: cache id: %s, diff id: %s, chain id: %s, error: %v",
+ layer.cacheID, layer.diffID, layer.chainID, err)
return err
}
metadata.DiffID = layer.diffID
@@ -444,6 +452,8 @@ func (ls *layerStore) deleteLayer(layer *roLayer, metadata *Metadata) error {
}
metadata.DiffSize = layer.size
+ logrus.Debugf("Delete layer cache id: %s, diff id: %s, chain id: %s done",
+ layer.cacheID, layer.diffID, layer.chainID)
return nil
}
--
2.27.0

1
series.conf
View File

@ -224,4 +224,5 @@ patch/0227-docker-registry-ensure-default-auth-config-has-address.patch
patch/0228-docker-fix-terminal-abnormal-after-docker-run.patch
patch/0229-docker-Add-an-ExitPid-field-for-State-struct-to-reco.patch
patch/0230-docker-AdditionalGids-must-include-effective-group-I.patch
patch/0231-docker-ensure-layer-digest-folder-removed-if-ls.driv.patch
#end