From 68738aa0f1a2850ea483fb94be295bdbd0114883 Mon Sep 17 00:00:00 2001 From: zhangxiaoyu Date: Thu, 1 Jun 2023 11:07:06 +0800 Subject: [PATCH] upgrade from upstream Signed-off-by: zhangxiaoyu --- 0060-fix-security-warning.patch | 58 + 0061-add-testcase-for-hook-env.patch | 71 + 0062-fix-security-warning.patch | 371 ++++ ...nerate_exec_id-func-for-health-check.patch | 69 + 0064-split-remote-grpc-code-by-macro.patch | 992 ++++++++++ ...ine-and-g_log_fd-to-common-and-and-s.patch | 93 + 0066-add-ut-for-runc.patch | 914 ++++++++++ 0067-runc-add-ci-for-runc.patch | 1621 +++++++++++++++++ 0068-fix-ci-error.patch | 45 + 0069-restore-bind_special_dir.sh.patch | 53 + ...e-isulad_io-not-NULL-before-close-fd.patch | 62 + 0071-recheck-delete-command-exit-status.patch | 75 + 0072-restore-execSync-return-value.patch | 31 + ...y-leak-and-array-access-out-of-range.patch | 75 + 0074-fix-memory-leak-of-top_layer.patch | 143 ++ ...fine-in-local-and-use-correctly-type.patch | 33 + ...-t-cleanup-when-remote-ro-is-enabled.patch | 89 + ...x-layer-imcomplete-cause-isulad-core.patch | 32 + 0078-add-load-layer-testcase.patch | 92 + ...der-close-if-copy-to-container-faile.patch | 29 + iSulad.spec | 28 +- 21 files changed, 4975 insertions(+), 1 deletion(-) create mode 100644 0060-fix-security-warning.patch create mode 100644 0061-add-testcase-for-hook-env.patch create mode 100644 0062-fix-security-warning.patch create mode 100644 0063-add-try_generate_exec_id-func-for-health-check.patch create mode 100644 0064-split-remote-grpc-code-by-macro.patch create mode 100644 0065-move-signal_routine-and-g_log_fd-to-common-and-and-s.patch create mode 100644 0066-add-ut-for-runc.patch create mode 100644 0067-runc-add-ci-for-runc.patch create mode 100644 0068-fix-ci-error.patch create mode 100644 0069-restore-bind_special_dir.sh.patch create mode 100644 0070-ensure-isulad_io-not-NULL-before-close-fd.patch create mode 100644 0071-recheck-delete-command-exit-status.patch create mode 100644 0072-restore-execSync-return-value.patch create mode 100644 0073-fix-memory-leak-and-array-access-out-of-range.patch create mode 100644 0074-fix-memory-leak-of-top_layer.patch create mode 100644 0075-ensure-define-in-local-and-use-correctly-type.patch create mode 100644 0076-fix-don-t-cleanup-when-remote-ro-is-enabled.patch create mode 100644 0077-fix-layer-imcomplete-cause-isulad-core.patch create mode 100644 0078-add-load-layer-testcase.patch create mode 100644 0079-2037-archive-reader-close-if-copy-to-container-faile.patch diff --git a/0060-fix-security-warning.patch b/0060-fix-security-warning.patch new file mode 100644 index 0000000..45c465b --- /dev/null +++ b/0060-fix-security-warning.patch @@ -0,0 +1,58 @@ +From 3520955126742b1bc9e49ce2d1ec6e10ac04bd3c Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Mon, 8 May 2023 10:37:53 +0800 +Subject: [PATCH 60/79] fix security warning + +Signed-off-by: zhongtao +--- + src/cmd/isulad-shim/process.c | 6 +++--- + src/cmd/isulad-shim/process.h | 2 +- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c +index c31f8af6..f1391ecb 100644 +--- a/src/cmd/isulad-shim/process.c ++++ b/src/cmd/isulad-shim/process.c +@@ -1164,7 +1164,7 @@ static int try_wait_all_child(void) + return 1; + } + +-static int waitpid_with_timeout(int ctr_pid, int *status, const int64_t timeout) ++static int waitpid_with_timeout(int ctr_pid, int *status, const uint64_t timeout) + { + int nret = 0; + time_t start_time = time(NULL); +@@ -1210,7 +1210,7 @@ static int waitpid_with_timeout(int ctr_pid, int *status, const int64_t timeout + * If timeout <= 0, blocking wait in reap_container. + * If timeout > 0, non-blocking wait pid with timeout. + */ +-static int wait_container_process_with_timeout(process_t *p, const unsigned int timeout, int *status) ++static int wait_container_process_with_timeout(process_t *p, const uint64_t timeout, int *status) + { + int ret = SHIM_ERR; + +@@ -1248,7 +1248,7 @@ static int wait_container_process_with_timeout(process_t *p, const unsigned int + + } + +-int process_signal_handle_routine(process_t *p, const pthread_t tid_epoll, const unsigned int timeout) ++int process_signal_handle_routine(process_t *p, const pthread_t tid_epoll, const uint64_t timeout) + { + int nret = 0; + int ret = 0; +diff --git a/src/cmd/isulad-shim/process.h b/src/cmd/isulad-shim/process.h +index 4cb6462c..93e01e7b 100644 +--- a/src/cmd/isulad-shim/process.h ++++ b/src/cmd/isulad-shim/process.h +@@ -70,7 +70,7 @@ process_t* new_process(char *id, char *bundle, char *runtime); + + int process_io_start(process_t *p, pthread_t *tid_epoll); + int create_process(process_t *p); +-int process_signal_handle_routine(process_t *p, const pthread_t tid_epoll, const unsigned int timeout); ++int process_signal_handle_routine(process_t *p, const pthread_t tid_epoll, const uint64_t timeout); + + #ifdef __cplusplus + } +-- +2.25.1 + diff --git a/0061-add-testcase-for-hook-env.patch b/0061-add-testcase-for-hook-env.patch new file mode 100644 index 0000000..72409cc --- /dev/null +++ b/0061-add-testcase-for-hook-env.patch @@ -0,0 +1,71 @@ +From dd1e6907ec841d378699fdbbbf0033666b1b43c7 Mon Sep 17 00:00:00 2001 +From: zhangxiaoyu +Date: Mon, 8 May 2023 17:38:38 +0800 +Subject: [PATCH 61/79] add testcase for hook env + +Signed-off-by: zhangxiaoyu +--- + .../container_cases/hook_spec_test.sh | 30 +++++++++++++++++++ + .../test_data/env-hookspec.json | 9 ++++++ + 2 files changed, 39 insertions(+) + create mode 100644 CI/test_cases/container_cases/test_data/env-hookspec.json + +diff --git a/CI/test_cases/container_cases/hook_spec_test.sh b/CI/test_cases/container_cases/hook_spec_test.sh +index a0f70e37..c88ed340 100755 +--- a/CI/test_cases/container_cases/hook_spec_test.sh ++++ b/CI/test_cases/container_cases/hook_spec_test.sh +@@ -59,6 +59,36 @@ function test_hook_spec() + + rm -rf $runlog + ++ cat > /tmp/env.sh < /tmp/envfile ++EOF ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to generate env shell" && ((ret++)) ++ ++ chmod +x /tmp/env.sh ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to chmod env shell" && ((ret++)) ++ ++ CONT=`isula run -itd --hook-spec ${test_data_path}/env-hookspec.json ${image}` ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image: ${image}" && ((ret++)) ++ ++ isula stop -t 0 ${CONT} ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to stop ${CONT}" && ((ret++)) ++ ++ isula rm ${CONT} ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to rm ${CONT}" && ((ret++)) ++ ++ # debug ++ cat /tmp/envfile ++ cat /tmp/envfile | grep "PATH=/usr/local/bin:/usr/bin" ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - set ocihook PATH env failed" && ((ret++)) ++ ++ cat /tmp/envfile | grep "AAA=bbb" ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - set ocihook env failed" && ((ret++)) ++ ++ rm -rf /tmp/env.sh ++ rm -rf /tmp/envfile ++ + msg_info "${test} finished with return ${ret}..." + return ${ret} + } +diff --git a/CI/test_cases/container_cases/test_data/env-hookspec.json b/CI/test_cases/container_cases/test_data/env-hookspec.json +new file mode 100644 +index 00000000..2a63a355 +--- /dev/null ++++ b/CI/test_cases/container_cases/test_data/env-hookspec.json +@@ -0,0 +1,9 @@ ++{ ++ "prestart": [ ++ { ++ "args": ["/tmp/env.sh"], ++ "path": "/tmp/env.sh", ++ "env": ["PATH=/usr/local/bin:/usr/bin", "AAA=bbb"] ++ } ++ ] ++} +-- +2.25.1 + diff --git a/0062-fix-security-warning.patch b/0062-fix-security-warning.patch new file mode 100644 index 0000000..0f643f2 --- /dev/null +++ b/0062-fix-security-warning.patch @@ -0,0 +1,371 @@ +From 3f103151b1d54d76bb46179a3dac05e918983e79 Mon Sep 17 00:00:00 2001 +From: "Neil.wrz" +Date: Sun, 7 May 2023 02:37:30 -0700 +Subject: [PATCH 62/79] fix security warning + +Signed-off-by: Neil.wrz +--- + .../oci/storage/image_store/image_store.c | 2 +- + .../remote_layer_support/image_remote_impl.c | 36 +++++++++++++--- + .../remote_layer_support/layer_remote_impl.c | 41 +++++++++++++++---- + .../overlay_remote_impl.c | 38 ++++++++++++++--- + .../remote_layer_support/remote_support.c | 19 ++++++++- + .../ro_symlink_maintain.c | 2 - + .../modules/image/oci/storage/storage.c | 2 + + 7 files changed, 116 insertions(+), 24 deletions(-) + +diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c +index 7837f9db..d436eba2 100644 +--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c ++++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c +@@ -3647,7 +3647,7 @@ int image_store_init(struct storage_module_init_options *opts) + } + + #ifdef ENABLE_REMOTE_LAYER_STORE +- remote_image_init(g_image_store->dir); ++ ret = remote_image_init(g_image_store->dir); + #endif + + out: +diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/image_remote_impl.c b/src/daemon/modules/image/oci/storage/remote_layer_support/image_remote_impl.c +index a822ea81..1ac0139f 100644 +--- a/src/daemon/modules/image/oci/storage/remote_layer_support/image_remote_impl.c ++++ b/src/daemon/modules/image/oci/storage/remote_layer_support/image_remote_impl.c +@@ -36,10 +36,28 @@ struct remote_image_data *remote_image_create(const char *remote_home, const cha + ERROR("Out of memory"); + return NULL; + } ++ + data->image_home = remote_home; + image_byid_old = map_new(MAP_STR_BOOL, MAP_DEFAULT_CMP_FUNC, MAP_DEFAULT_FREE_FUNC); ++ if (image_byid_old == NULL) { ++ ERROR("Failed to cerate image_byid_old"); ++ goto free_out; ++ } ++ + image_byid_new = map_new(MAP_STR_BOOL, MAP_DEFAULT_CMP_FUNC, MAP_DEFAULT_FREE_FUNC); ++ if (image_byid_new == NULL) { ++ ERROR("Failed to cerate image_byid_new"); ++ goto free_out; ++ } ++ + return data; ++ ++free_out: ++ map_free(image_byid_old); ++ map_free(image_byid_new); ++ free(data); ++ ++ return NULL; + } + + void remote_image_destroy(struct remote_image_data *data) +@@ -97,7 +115,9 @@ static int remote_dir_scan(void *data) + // for refresh, we don't care v1 image, cause image should be handled by master isulad + // when master isulad pull images + if (!is_v1_image) { +- map_insert(image_byid_new, util_strdup_s(image_dirs[i]), (void *)&exist); ++ if (!map_insert(image_byid_new, image_dirs[i], (void *)&exist)) { ++ WARN("Failed to insert image %s to map", image_dirs[i]); ++ } + } + } + +@@ -113,7 +133,7 @@ static int remote_image_add(void *data) + char *top_layer = NULL; + map_t *tmp_map = NULL; + bool exist = true; +- int i = 0; ++ size_t i = 0; + int ret = 0; + + if (data == NULL) { +@@ -127,13 +147,17 @@ static int remote_image_add(void *data) + top_layer = remote_image_get_top_layer_from_json(array_added[i]); + if (top_layer != NULL && !remote_layer_layer_valid(top_layer)) { + WARN("Current not find valid under layer, remoet image:%s not added", array_added[i]); +- map_remove(image_byid_new, (void *)array_added[i]); ++ if (!map_remove(image_byid_new, (void *)array_added[i])) { ++ WARN("image %s will not be loaded from remote.", array_added[i]); ++ } + continue; + } + + if (remote_append_image_by_directory_with_lock(array_added[i]) != 0) { + ERROR("Failed to load image into memrory: %s", array_added[i]); +- map_remove(image_byid_new, (void *)array_added[i]); ++ if (!map_remove(image_byid_new, (void *)array_added[i])) { ++ WARN("image %s will not be loaded from remote", array_added[i]); ++ } + ret = -1; + } + } +@@ -141,7 +165,9 @@ static int remote_image_add(void *data) + for (i = 0; i < util_array_len((const char **)array_deleted); i++) { + if (remote_remove_image_from_memory_with_lock(array_deleted[i]) != 0) { + ERROR("Failed to remove remote memory store"); +- map_insert(image_byid_new, array_deleted[i], (void *)&exist); ++ if (!map_insert(image_byid_new, array_deleted[i], (void *)&exist)) { ++ WARN("image %s will not be removed from local", array_deleted[i]); ++ } + ret = -1; + } + } +diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/layer_remote_impl.c b/src/daemon/modules/image/oci/storage/remote_layer_support/layer_remote_impl.c +index 3e3afff6..b1a1e944 100644 +--- a/src/daemon/modules/image/oci/storage/remote_layer_support/layer_remote_impl.c ++++ b/src/daemon/modules/image/oci/storage/remote_layer_support/layer_remote_impl.c +@@ -36,13 +36,30 @@ struct remote_layer_data *remote_layer_create(const char *layer_home, const char + ERROR("Out of memory"); + return NULL; + } +- data->layer_home = util_strdup_s(layer_home); +- data->layer_ro = util_strdup_s(layer_ro); ++ data->layer_home = layer_home; ++ data->layer_ro = layer_ro; ++ + layer_byid_old = map_new(MAP_STR_BOOL, MAP_DEFAULT_CMP_FUNC, MAP_DEFAULT_FREE_FUNC); ++ if (layer_byid_old == NULL) { ++ ERROR("Failed to cerate layer_byid_old"); ++ goto free_out; ++ } ++ + layer_byid_new = map_new(MAP_STR_BOOL, MAP_DEFAULT_CMP_FUNC, MAP_DEFAULT_FREE_FUNC); ++ if (layer_byid_new == NULL) { ++ ERROR("Failed to cerate layer_byid_new"); ++ goto free_out; ++ } + + return data; +-}; ++ ++free_out: ++ map_free(layer_byid_old); ++ map_free(layer_byid_new); ++ free(data); ++ ++ return NULL; ++} + + void remote_layer_destroy(struct remote_layer_data *data) + { +@@ -59,7 +76,7 @@ static bool layer_walk_dir_cb(const char *path_name, const struct dirent *sub_di + { + bool exist = true; + +- if (!map_insert(layer_byid_new, util_strdup_s(sub_dir->d_name), (void *)&exist)) { ++ if (!map_insert(layer_byid_new, (void *)sub_dir->d_name, (void *)&exist)) { + ERROR("can't insert remote layer into map"); + return false; + } +@@ -165,7 +182,7 @@ static int remote_layer_add(struct remote_layer_data *data) + char **array_deleted = NULL; + map_t *tmp_map = NULL; + bool exist = true; +- int i = 0; ++ size_t i = 0; + + if (data == NULL) { + return -1; +@@ -175,15 +192,19 @@ static int remote_layer_add(struct remote_layer_data *data) + array_deleted = remote_deleted_layers(layer_byid_old, layer_byid_new); + + for (i = 0; i < util_array_len((const char **)array_added); i++) { +- if (!remote_overlay_layer_valid(array_added[i]) != 0) { ++ if (!remote_overlay_layer_valid(array_added[i])) { + WARN("remote overlay layer current not valid: %s", array_added[i]); +- map_remove(layer_byid_new, (void *)array_added[i]); ++ if (!map_remove(layer_byid_new, (void *)array_added[i])) { ++ WARN("layer %s will not be loaded from remote", array_added[i]); ++ } + continue; + } + + if (add_one_remote_layer(data, array_added[i]) != 0) { + ERROR("Failed to add remote layer: %s", array_added[i]); +- map_remove(layer_byid_new, (void *)array_added[i]); ++ if (!map_remove(layer_byid_new, (void *)array_added[i])) { ++ WARN("layer %s will not be loaded from remote", array_added[i]); ++ } + ret = -1; + } + } +@@ -191,7 +212,9 @@ static int remote_layer_add(struct remote_layer_data *data) + for (i = 0; i < util_array_len((const char **)array_deleted); i++) { + if (remove_one_remote_layer(data, array_deleted[i]) != 0) { + ERROR("Failed to delete remote overlay layer: %s", array_deleted[i]); +- map_insert(layer_byid_new, array_deleted[i], (void *)&exist); ++ if (!map_insert(layer_byid_new, array_deleted[i], (void *)&exist)) { ++ WARN("layer %s will not be removed from local", array_deleted[i]); ++ } + ret = -1; + } + } +diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c b/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c +index de2e583c..30caf175 100644 +--- a/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c ++++ b/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c +@@ -42,13 +42,37 @@ struct remote_overlay_data *remote_overlay_create(const char *remote_home, const + ERROR("Out of memory"); + return NULL; + } ++ + data->overlay_home = remote_home; + data->overlay_ro = remote_ro; ++ + overlay_byid_old = map_new(MAP_STR_BOOL, MAP_DEFAULT_CMP_FUNC, MAP_DEFAULT_FREE_FUNC); ++ if (overlay_byid_old == NULL) { ++ ERROR("Failed to cerate overlay_byid_old"); ++ goto free_out; ++ } ++ + overlay_byid_new = map_new(MAP_STR_BOOL, MAP_DEFAULT_CMP_FUNC, MAP_DEFAULT_FREE_FUNC); ++ if (overlay_byid_new == NULL) { ++ ERROR("Failed to cerate overlay_byid_new"); ++ goto free_out; ++ } ++ + overlay_id_link = map_new(MAP_STR_STR, MAP_DEFAULT_CMP_FUNC, MAP_DEFAULT_FREE_FUNC); ++ if (overlay_id_link == NULL) { ++ ERROR("Failed to cerate overlay_id_link"); ++ goto free_out; ++ } + + return data; ++ ++free_out: ++ map_free(overlay_byid_old); ++ map_free(overlay_byid_new); ++ map_free(overlay_id_link); ++ free(data); ++ ++ return NULL; + } + + void remote_overlay_destroy(struct remote_overlay_data *data) +@@ -66,7 +90,7 @@ void remote_overlay_destroy(struct remote_overlay_data *data) + static bool overlay_walk_dir_cb(const char *path_name, const struct dirent *sub_dir, void *context) + { + bool exist = true; +- if (!map_insert(overlay_byid_new, util_strdup_s(sub_dir->d_name), (void *)&exist)) { ++ if (!map_insert(overlay_byid_new, (void *)sub_dir->d_name, (void *)&exist)) { + ERROR("can't insert remote layer into map"); + return false; + } +@@ -254,7 +278,7 @@ static int add_one_remote_overlay_layer(struct remote_overlay_data *data, const + ret = -1; + } + +- if (!map_insert(overlay_id_link, util_strdup_s(overlay_id), (void *)diff_symlink)) { ++ if (!map_insert(overlay_id_link, (void *)overlay_id, (void *)diff_symlink)) { + ERROR("can't insert remote layer into map"); + ret = -1; + } +@@ -275,7 +299,7 @@ static int remote_image_add(struct remote_overlay_data *data) + char **array_deleted = NULL; + map_t *tmp_map = NULL; + bool exist = true; +- int i = 0; ++ size_t i = 0; + + if (data == NULL) { + return -1; +@@ -287,7 +311,9 @@ static int remote_image_add(struct remote_overlay_data *data) + for (i = 0; i < util_array_len((const char **)array_added); i++) { + if (add_one_remote_overlay_layer(data, array_added[i]) != 0) { + ERROR("Failed to add remote overlay layer: %s", array_added[i]); +- map_remove(overlay_byid_new, (void *)array_added[i]); ++ if (!map_remove(overlay_byid_new, (void *)array_added[i])) { ++ WARN("overlay layer %s will not be loaded from remote", array_added[i]); ++ } + ret = -1; + } + } +@@ -295,7 +321,9 @@ static int remote_image_add(struct remote_overlay_data *data) + for (i = 0; i < util_array_len((const char **)array_deleted); i++) { + if (remove_one_remote_overlay_layer(data, array_deleted[i]) != 0) { + ERROR("Failed to delete remote overlay layer: %s", array_deleted[i]); +- map_insert(overlay_byid_new, array_deleted[i], (void *)&exist); ++ if (!map_insert(overlay_byid_new, array_deleted[i], (void *)&exist)) { ++ WARN("overlay layer %s will be deleted from local", array_deleted[i]); ++ } + ret = -1; + } + } +diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c +index 7d457755..748298cb 100644 +--- a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c ++++ b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c +@@ -65,7 +65,10 @@ static void *remote_refresh_ro_symbol_link(void *arg) + util_usleep_nointerupt(5 * 1000 * 1000); + DEBUG("remote refresh start\n"); + +- remote_refresh_lock(supporters.remote_lock, true); ++ if (!remote_refresh_lock(supporters.remote_lock, true)) { ++ WARN("Failed to lock remote store failed, try to lock after 5 seconds"); ++ continue; ++ } + remote_overlay_refresh(refresh_supporters->overlay_data); + remote_layer_refresh(refresh_supporters->layer_data); + remote_image_refresh(refresh_supporters->image_data); +@@ -127,18 +130,30 @@ static char **map_diff(const map_t *map_a, const map_t *map_b) + char **array = NULL; + map_itor *itor = map_itor_new(map_a); + bool *found = NULL; ++ int ret = 0; + + // iter new_map, every item not in old, append them to new_layers + for (; map_itor_valid(itor); map_itor_next(itor)) { + char *id = map_itor_key(itor); + found = map_search(map_b, id); + if (found == NULL) { +- util_array_append(&array, util_strdup_s(id)); ++ ret = util_array_append(&array, id); ++ if (ret != 0) { ++ ERROR("Failed to add diff item %s to array", id); ++ break; ++ } + } + } + + map_itor_free(itor); + ++ // if array is null then return directly ++ // if array is not null, free array and return NULL ++ if (ret != 0 && array != NULL) { ++ util_free_array(array); ++ array = NULL; ++ } ++ + return array; + } + +diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c b/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c +index a3aa3aa4..0e2b671b 100644 +--- a/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c ++++ b/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c +@@ -27,8 +27,6 @@ + #include "utils.h" + #include "utils_file.h" + +-#define REMOTE_RO_LAYER_DIR "RO" +- + // overlay-layers and overlay-layers/RO + static char *image_home; + +diff --git a/src/daemon/modules/image/oci/storage/storage.c b/src/daemon/modules/image/oci/storage/storage.c +index 836ccf4d..07c3830b 100644 +--- a/src/daemon/modules/image/oci/storage/storage.c ++++ b/src/daemon/modules/image/oci/storage/storage.c +@@ -1876,6 +1876,8 @@ int storage_module_init(struct storage_module_init_options *opts) + #ifdef ENABLE_REMOTE_LAYER_STORE + if (opts->enable_remote_layer && remote_start_refresh_thread(opts->remote_lock) != 0) { + ERROR("Failed to start remote refresh thread"); ++ ret = -1; ++ goto out; + } + #endif + +-- +2.25.1 + diff --git a/0063-add-try_generate_exec_id-func-for-health-check.patch b/0063-add-try_generate_exec_id-func-for-health-check.patch new file mode 100644 index 0000000..c7c7f28 --- /dev/null +++ b/0063-add-try_generate_exec_id-func-for-health-check.patch @@ -0,0 +1,69 @@ +From 4abeb19ab3064725d1c84e80a33b16aca5f9d8ba Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Wed, 10 May 2023 21:04:25 +0800 +Subject: [PATCH 63/79] add try_generate_exec_id func for health check + +Signed-off-by: zhongtao +--- + .../modules/runtime/isula/isula_rt_ops.c | 31 +++++++++++++++++-- + 1 file changed, 29 insertions(+), 2 deletions(-) + +diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c +index ceaf464e..85a2fbc8 100644 +--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c ++++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c +@@ -1082,6 +1082,28 @@ static bool fg_exec(const rt_exec_params_t *params) + return false; + } + ++static char *try_generate_exec_id() ++{ ++ char *id = NULL; ++ ++ id = util_common_calloc_s(sizeof(char) * (CONTAINER_EXEC_ID_MAX_LEN + 1)); ++ if (id == NULL) { ++ ERROR("Out of memory"); ++ return NULL; ++ } ++ ++ if (util_generate_random_str(id, (size_t)CONTAINER_EXEC_ID_MAX_LEN) != 0) { ++ ERROR("Generate id failed"); ++ goto err_out; ++ } ++ ++ return id; ++ ++err_out: ++ free(id); ++ return NULL; ++} ++ + int rt_isula_exec(const char *id, const char *runtime, const rt_exec_params_t *params, int *exit_code) + { + char *exec_id = NULL; +@@ -1097,7 +1119,7 @@ int rt_isula_exec(const char *id, const char *runtime, const rt_exec_params_t *p + shim_client_process_state p = { 0 }; + char *timeout = NULL; + +- if (id == NULL || runtime == NULL || params == NULL || exit_code == NULL || params->suffix == NULL) { ++ if (id == NULL || runtime == NULL || params == NULL || exit_code == NULL) { + ERROR("nullptr arguments not allowed"); + return -1; + } +@@ -1110,7 +1132,12 @@ int rt_isula_exec(const char *id, const char *runtime, const rt_exec_params_t *p + return -1; + } + +- exec_id = util_strdup_s(params->suffix); ++ if (params->suffix != NULL) { ++ exec_id = util_strdup_s(params->suffix); ++ } else { ++ // in the health check scenario, suffix is empty ++ exec_id = try_generate_exec_id(); ++ } + if (exec_id == NULL) { + ERROR("Out of memory or generate exec id failed"); + return -1; +-- +2.25.1 + diff --git a/0064-split-remote-grpc-code-by-macro.patch b/0064-split-remote-grpc-code-by-macro.patch new file mode 100644 index 0000000..172d1ec --- /dev/null +++ b/0064-split-remote-grpc-code-by-macro.patch @@ -0,0 +1,992 @@ +From 84cc7186842b45844b017a5bc8afa16b28bac668 Mon Sep 17 00:00:00 2001 +From: zhangxiaoyu +Date: Thu, 11 May 2023 10:27:08 +0800 +Subject: [PATCH 64/79] split remote grpc code by macro + +Signed-off-by: zhangxiaoyu +--- + cmake/options.cmake | 6 ++ + src/client/connect/connect.h | 2 + + src/client/connect/grpc/client_base.h | 12 ++- + .../connect/grpc/grpc_containers_client.cc | 22 +++++- + src/cmd/isula/client_arguments.c | 10 +++ + src/cmd/isula/client_arguments.h | 15 +++- + src/cmd/isulad-shim/common.h | 4 +- + src/cmd/isulad/isulad_commands.c | 1 + + src/cmd/isulad/isulad_commands.h | 78 ++++++++++--------- + src/cmd/isulad/main.c | 31 +++++--- + src/common/constants.h | 2 + + src/daemon/config/daemon_arguments.c | 4 + + src/daemon/config/isulad_config.c | 4 + + .../connect/grpc/grpc_server_tls_auth.cc | 6 +- + src/daemon/entry/connect/grpc/grpc_service.cc | 11 +++ + .../cri/cri_container_manager_service_impl.cc | 6 +- + src/daemon/entry/cri/cri_helpers.cc | 2 +- + .../oci/storage/image_store/image_store.c | 14 ++-- + .../oci/storage/layer_store/layer_store.c | 14 ++-- + .../remote_layer_support/image_remote_impl.c | 3 +- + src/utils/cutils/utils_verify.c | 6 ++ + .../remote_layer_support/remote_layer_ut.cc | 2 +- + 22 files changed, 181 insertions(+), 74 deletions(-) + +diff --git a/cmake/options.cmake b/cmake/options.cmake +index 701082dd..d8b88dec 100644 +--- a/cmake/options.cmake ++++ b/cmake/options.cmake +@@ -90,6 +90,12 @@ if (ENABLE_SELINUX STREQUAL "ON") + message("${Green}-- Enable selinux${ColourReset}") + endif() + ++option(ENABLE_GRPC_REMOTE_CONNECT "enable gRPC remote connect" ON) ++if (ENABLE_GRPC_REMOTE_CONNECT STREQUAL "ON") ++ add_definitions(-DENABLE_GRPC_REMOTE_CONNECT=1) ++ set(ENABLE_GRPC_REMOTE_CONNECT 1) ++endif() ++ + option(ENABLE_SHIM_V2 "enable shim v2 runtime" OFF) + if (ENABLE_SHIM_V2 STREQUAL "ON") + add_definitions(-DENABLE_SHIM_V2=1) +diff --git a/src/client/connect/connect.h b/src/client/connect/connect.h +index 1b2ea5b3..68c6d57f 100644 +--- a/src/client/connect/connect.h ++++ b/src/client/connect/connect.h +@@ -24,12 +24,14 @@ extern "C" { + typedef struct { + unsigned int deadline; + char *socket; ++#ifdef ENABLE_GRPC_REMOTE_CONNECT + // gRPC tls config + bool tls; + bool tls_verify; + char *ca_file; + char *cert_file; + char *key_file; ++#endif + } client_connect_config_t; + + #ifdef __cplusplus +diff --git a/src/client/connect/grpc/client_base.h b/src/client/connect/grpc/client_base.h +index dbe130cd..4a29765a 100644 +--- a/src/client/connect/grpc/client_base.h ++++ b/src/client/connect/grpc/client_base.h +@@ -44,9 +44,10 @@ public: + auto *arguments = reinterpret_cast(args); + + std::string socket_address = arguments->socket; +- const std::string tcp_prefix = "tcp://"; + deadline = arguments->deadline; + ++#ifdef ENABLE_GRPC_REMOTE_CONNECT ++ const std::string tcp_prefix = "tcp://"; + if (socket_address.compare(0, tcp_prefix.length(), tcp_prefix) == 0) { + socket_address.erase(0, tcp_prefix.length()); + } +@@ -76,9 +77,12 @@ public: + // Connect to gRPC server with ssl/tls authentication mechanism. + stub_ = SV::NewStub(channel); + } else { ++#endif + // Connect to gRPC server without ssl/tls authentication mechanism. + stub_ = SV::NewStub(grpc::CreateChannel(socket_address, grpc::InsecureChannelCredentials())); ++#ifdef ENABLE_GRPC_REMOTE_CONNECT + } ++#endif + } + virtual ~ClientBase() = default; + +@@ -109,12 +113,14 @@ public: + context.set_deadline(tDeadline); + } + ++#ifdef ENABLE_GRPC_REMOTE_CONNECT + // Set metadata for authorization + if (SetMetadataInfo(context) != 0) { + ERROR("Failed to set metadata info for authorization"); + response->cc = ISULAD_ERR_INPUT; + return -1; + } ++#endif + + ret = request_to_grpc(request, &req); + if (ret != 0) { +@@ -187,6 +193,7 @@ protected: + return ss.str(); + } + ++#ifdef ENABLE_GRPC_REMOTE_CONNECT + auto SetMetadataInfo(ClientContext &context) -> int + { + // Set common name from cert.perm +@@ -204,10 +211,13 @@ protected: + + return 0; + } ++#endif + + std::unique_ptr stub_; ++#ifdef ENABLE_GRPC_REMOTE_CONNECT + std::string m_tlsMode { ClientBaseConstants::TLS_OFF }; + std::string m_certFile; ++#endif + + unsigned int deadline; + }; +diff --git a/src/client/connect/grpc/grpc_containers_client.cc b/src/client/connect/grpc/grpc_containers_client.cc +index 1528b2ee..301e172b 100644 +--- a/src/client/connect/grpc/grpc_containers_client.cc ++++ b/src/client/connect/grpc/grpc_containers_client.cc +@@ -298,6 +298,7 @@ public: + } + }; + ++#ifdef ENABLE_GRPC_REMOTE_CONNECT + class RemoteStartWriteToServerTask : public StoppableThread { + public: + explicit RemoteStartWriteToServerTask( +@@ -442,6 +443,8 @@ out: + return (response->cc == ISULAD_SUCCESS) ? 0 : -1; + } + }; ++#endif ++ + class ContainerTop : public ClientBase { + public: +@@ -868,6 +871,7 @@ public: + } + }; + ++#ifdef ENABLE_GRPC_REMOTE_CONNECT + class RemoteExecWriteToServerTask : public StoppableThread { + public: + explicit RemoteExecWriteToServerTask( +@@ -1035,6 +1039,7 @@ out: + return (response->cc == ISULAD_SUCCESS) ? 0 : -1; + } + }; ++#endif + + class ContainerInspect : public ClientBase { +@@ -1351,6 +1356,7 @@ public: + ERROR("Missing container id in the request"); + return -1; + } ++#ifdef ENABLE_GRPC_REMOTE_CONNECT + #ifdef OPENSSL_VERIFY + // Set common name from cert.perm + char common_name_value[ClientBaseConstants::COMMON_NAME_LEN] = { 0 }; +@@ -1362,6 +1368,7 @@ public: + } + context.AddMetadata("username", std::string(common_name_value, strlen(common_name_value))); + context.AddMetadata("tls_mode", m_tlsMode); ++#endif + #endif + context.AddMetadata("container-id", std::string(request->name)); + context.AddMetadata("attach-stdin", request->attach_stdin ? "true" : "false"); +@@ -1742,11 +1749,13 @@ public: + Status status; + container_events_format_t *isula_event = nullptr; + ++#ifdef ENABLE_GRPC_REMOTE_CONNECT + if (SetMetadataInfo(context) != 0) { + ERROR("Failed to set metadata info for authorization"); + response->cc = ISULAD_ERR_INPUT; + return -1; + } ++#endif + + ret = events_request_to_grpc(request, &req); + if (ret != 0) { +@@ -1926,6 +1935,7 @@ public: + return -1; + } + ++#ifdef ENABLE_GRPC_REMOTE_CONNECT + #ifdef OPENSSL_VERIFY + // Set common name from cert.perm + char common_name_value[ClientBaseConstants::COMMON_NAME_LEN] = { 0 }; +@@ -1938,6 +1948,7 @@ public: + } + ctx->context.AddMetadata("username", std::string(common_name_value, strlen(common_name_value))); + ctx->context.AddMetadata("tls_mode", m_tlsMode); ++#endif + #endif + auto reader = stub_->CopyFromContainer(&ctx->context, ctx->request); + reader->WaitForInitialMetadata(); +@@ -2073,6 +2084,7 @@ public: + goto out; + } + context.AddMetadata("isulad-copy-to-container", json); ++#ifdef ENABLE_GRPC_REMOTE_CONNECT + #ifdef OPENSSL_VERIFY + { + // Set common name from cert.perm +@@ -2088,6 +2100,7 @@ public: + context.AddMetadata("tls_mode", m_tlsMode); + } + #endif ++#endif + + out: + free(err); +@@ -2146,6 +2159,7 @@ public: + ClientContext context; + LogsRequest grequest; + ++#ifdef ENABLE_GRPC_REMOTE_CONNECT + #ifdef OPENSSL_VERIFY + // Set common name from cert.perm + char common_name_value[ClientBaseConstants::COMMON_NAME_LEN] = { 0 }; +@@ -2157,6 +2171,7 @@ public: + } + context.AddMetadata("username", std::string(common_name_value, strlen(common_name_value))); + context.AddMetadata("tls_mode", m_tlsMode); ++#endif + #endif + + if (logs_request_to_grpc(request, &grequest) != 0) { +@@ -2234,13 +2249,11 @@ auto grpc_containers_client_ops_init(isula_connect_ops *ops) -> int + ops->container.info = container_func; + ops->container.create = container_func; + ops->container.start = container_func; +- ops->container.remote_start = container_func; + ops->container.stop = container_func; + ops->container.restart = container_func; + ops->container.remove = container_func; + ops->container.list = container_func; + ops->container.exec = container_func; +- ops->container.remote_exec = container_func; + ops->container.attach = container_func; + ops->container.pause = container_func; + ops->container.resume = container_func; +@@ -2260,5 +2273,10 @@ auto grpc_containers_client_ops_init(isula_connect_ops *ops) -> int + ops->container.resize = container_func; + ops->container.logs = container_func; + ++#ifdef ENABLE_GRPC_REMOTE_CONNECT ++ ops->container.remote_start = container_func; ++ ops->container.remote_exec = container_func; ++#endif ++ + return 0; + } +diff --git a/src/cmd/isula/client_arguments.c b/src/cmd/isula/client_arguments.c +index 8f8c2657..2340beec 100644 +--- a/src/cmd/isula/client_arguments.c ++++ b/src/cmd/isula/client_arguments.c +@@ -31,6 +31,8 @@ client_connect_config_t get_connect_config(const struct client_arguments *args) + client_connect_config_t config = { 0 }; + + config.socket = args->socket; ++ ++#ifdef ENABLE_GRPC_REMOTE_CONNECT + // unix socket not support tls + if (strncmp(args->socket, "tcp://", strlen("tcp://"))) { + config.tls_verify = false; +@@ -49,9 +51,12 @@ client_connect_config_t get_connect_config(const struct client_arguments *args) + config.cert_file = args->cert_file; + config.key_file = args->key_file; + } ++#endif ++ + return config; + } + ++#ifdef ENABLE_GRPC_REMOTE_CONNECT + static int set_default_tls_options(struct client_arguments *args) + { + int ret = -1; +@@ -104,6 +109,7 @@ out: + free(cert_path); + return ret; + } ++#endif + + /* client arguments init */ + int client_arguments_init(struct client_arguments *args) +@@ -127,9 +133,11 @@ int client_arguments_init(struct client_arguments *args) + (void)memset(&args->custom_conf, 0, sizeof(struct custom_configs)); + (void)memset(&args->cr, 0, sizeof(struct args_cgroup_resources)); + ++#ifdef ENABLE_GRPC_REMOTE_CONNECT + if (set_default_tls_options(args) != 0) { + return -1; + } ++#endif + + // default swappiness should be set to -1 + args->cr.swappiness = -1; +@@ -241,6 +249,7 @@ void client_arguments_free(struct client_arguments *args) + util_free_array(custom_conf->security); + custom_conf->security = NULL; + ++#ifdef ENABLE_GRPC_REMOTE_CONNECT + free(args->ca_file); + args->ca_file = NULL; + +@@ -249,6 +258,7 @@ void client_arguments_free(struct client_arguments *args) + + free(args->key_file); + args->key_file = NULL; ++#endif + + util_free_array(custom_conf->blkio_throttle_read_bps_device); + custom_conf->blkio_throttle_read_bps_device = NULL; +diff --git a/src/cmd/isula/client_arguments.h b/src/cmd/isula/client_arguments.h +index 087ea056..0b08bcb2 100644 +--- a/src/cmd/isula/client_arguments.h ++++ b/src/cmd/isula/client_arguments.h +@@ -348,12 +348,14 @@ struct client_arguments { + + json_map_string_string *annotations; + ++#ifdef ENABLE_GRPC_REMOTE_CONNECT + // gRPC tls config + bool tls; + bool tls_verify; + char *ca_file; + char *cert_file; + char *key_file; ++#endif + + do_resize_call_back_t resize_cb; + struct winsize s_pre_wsz; +@@ -361,9 +363,10 @@ struct client_arguments { + + #define LOG_OPTIONS(log) { CMD_OPT_TYPE_BOOL_FALSE, false, "debug", 'D', &(log).quiet, "Enable debug mode", NULL }, + +-#define COMMON_OPTIONS(cmdargs) \ +- { CMD_OPT_TYPE_STRING_DUP, false, "host", 'H', &(cmdargs).socket, "Daemon socket(s) to connect to", \ +- command_valid_socket }, \ ++#ifdef ENABLE_GRPC_REMOTE_CONNECT ++#define COMMON_OPTIONS(cmdargs) \ ++ { CMD_OPT_TYPE_STRING_DUP, false, "host", 'H', &(cmdargs).socket, "Daemon socket(s) to connect to", \ ++ command_valid_socket }, \ + { CMD_OPT_TYPE_BOOL, false, "tls", 0, &(cmdargs).tls, "Use TLS; implied by --tlsverify", NULL }, \ + { CMD_OPT_TYPE_BOOL, false, "tlsverify", 0, &(cmdargs).tls_verify, "Use TLS and verify the remote", NULL }, \ + { CMD_OPT_TYPE_STRING_DUP, \ +@@ -388,6 +391,12 @@ struct client_arguments { + "Path to TLS key file (default \"/root/.iSulad/key.pem\")", \ + NULL }, \ + { CMD_OPT_TYPE_BOOL, false, "help", 0, &(cmdargs).help, "Print usage", NULL }, ++#else ++#define COMMON_OPTIONS(cmdargs) \ ++ { CMD_OPT_TYPE_STRING_DUP, false, "host", 'H', &(cmdargs).socket, "Daemon socket(s) to connect to", \ ++ command_valid_socket }, \ ++ { CMD_OPT_TYPE_BOOL, false, "help", 0, &(cmdargs).help, "Print usage", NULL }, ++#endif + + #define VERSION_OPTIONS(cmdargs) \ + { CMD_OPT_TYPE_BOOL, false, "version", 0, NULL, "Print version information and quit", NULL }, +diff --git a/src/cmd/isulad-shim/common.h b/src/cmd/isulad-shim/common.h +index d733823b..b3f52dc3 100644 +--- a/src/cmd/isulad-shim/common.h ++++ b/src/cmd/isulad-shim/common.h +@@ -35,8 +35,8 @@ extern "C" { + #define SHIM_ERR_TIMEOUT (-4) + + // common exit code is defined in stdlib.h +-// EXIT_FAILURE 1 : Failing exit status. +-// EXIT_SUCCESS 0 : Successful exit status. ++// EXIT_FAILURE 1 : Failing exit status. ++// EXIT_SUCCESS 0 : Successful exit status. + // custom shim exit code + // SHIM_EXIT_TIMEOUT 2: Container process timeout exit code + #define SHIM_EXIT_TIMEOUT 2 +diff --git a/src/cmd/isulad/isulad_commands.c b/src/cmd/isulad/isulad_commands.c +index 42d0bde6..e814109e 100644 +--- a/src/cmd/isulad/isulad_commands.c ++++ b/src/cmd/isulad/isulad_commands.c +@@ -225,6 +225,7 @@ int parse_args(struct service_arguments *args, int argc, const char **argv) + command_t cmd = { 0 }; + struct command_option options[] = { + ISULAD_OPTIONS(args) ++ ISULAD_TLS_OPTIONS(args) + }; + command_init_isulad(&cmd, options, sizeof(options) / sizeof(options[0]), argc, (const char **)argv, isulad_desc, + isulad_usage); +diff --git a/src/cmd/isulad/isulad_commands.h b/src/cmd/isulad/isulad_commands.h +index a89de5c1..e5bcb6c8 100644 +--- a/src/cmd/isulad/isulad_commands.h ++++ b/src/cmd/isulad/isulad_commands.h +@@ -65,6 +65,48 @@ int command_default_ulimit_append(command_option_t *option, const char *arg); + #define USERNS_REMAP_OPT(cmdargs) + #endif + ++#ifdef ENABLE_GRPC_REMOTE_CONNECT ++#define ISULAD_TLS_OPTIONS(cmdargs) \ ++ { CMD_OPT_TYPE_STRING_DUP, \ ++ false, \ ++ "authorization-plugin", \ ++ 0, \ ++ &(cmdargs)->json_confs->authorization_plugin, \ ++ "Use authorization plugin", \ ++ NULL }, \ ++ { CMD_OPT_TYPE_BOOL, false, "tls", 0, &(cmdargs)->json_confs->tls, "Use TLS; implied by --tlsverify", NULL }, \ ++ { CMD_OPT_TYPE_BOOL, \ ++ false, \ ++ "tlsverify", \ ++ 0, \ ++ &(cmdargs)->json_confs->tls_verify, \ ++ "Use TLS and verify the remote", \ ++ NULL }, \ ++ { CMD_OPT_TYPE_STRING_DUP, \ ++ false, \ ++ "tlscacert", \ ++ 0, \ ++ &(cmdargs)->json_confs->tls_config->ca_file, \ ++ "Trust certs signed only by this CA (default \"/root/.iSulad/ca.pem\")", \ ++ NULL }, \ ++ { CMD_OPT_TYPE_STRING_DUP, \ ++ false, \ ++ "tlscert", \ ++ 0, \ ++ &(cmdargs)->json_confs->tls_config->cert_file, \ ++ "Path to TLS certificate file (default \"/root/.iSulad/cert.pem\")", \ ++ NULL }, \ ++ { CMD_OPT_TYPE_STRING_DUP, \ ++ false, \ ++ "tlskey", \ ++ 0, \ ++ &(cmdargs)->json_confs->tls_config->key_file, \ ++ "Path to TLS key file (default \"/root/.iSulad/key.pem\")", \ ++ NULL }, ++#else ++#define ISULAD_TLS_OPTIONS(cmdargs) ++#endif ++ + #define ISULAD_OPTIONS(cmdargs) \ + { CMD_OPT_TYPE_CALLBACK, \ + false, \ +@@ -241,42 +283,6 @@ int command_default_ulimit_append(command_option_t *option, const char *arg); + (cmdargs)->json_confs->use_decrypted_key, \ + "Use decrypted private key by default (default true)", \ + NULL }, \ +- { CMD_OPT_TYPE_STRING_DUP, \ +- false, \ +- "authorization-plugin", \ +- 0, \ +- &(cmdargs)->json_confs->authorization_plugin, \ +- "Use authorization plugin", \ +- NULL }, \ +- { CMD_OPT_TYPE_BOOL, false, "tls", 0, &(cmdargs)->json_confs->tls, "Use TLS; implied by --tlsverify", NULL }, \ +- { CMD_OPT_TYPE_BOOL, \ +- false, \ +- "tlsverify", \ +- 0, \ +- &(cmdargs)->json_confs->tls_verify, \ +- "Use TLS and verify the remote", \ +- NULL }, \ +- { CMD_OPT_TYPE_STRING_DUP, \ +- false, \ +- "tlscacert", \ +- 0, \ +- &(cmdargs)->json_confs->tls_config->ca_file, \ +- "Trust certs signed only by this CA (default \"/root/.iSulad/ca.pem\")", \ +- NULL }, \ +- { CMD_OPT_TYPE_STRING_DUP, \ +- false, \ +- "tlscert", \ +- 0, \ +- &(cmdargs)->json_confs->tls_config->cert_file, \ +- "Path to TLS certificate file (default \"/root/.iSulad/cert.pem\")", \ +- NULL }, \ +- { CMD_OPT_TYPE_STRING_DUP, \ +- false, \ +- "tlskey", \ +- 0, \ +- &(cmdargs)->json_confs->tls_config->key_file, \ +- "Path to TLS key file (default \"/root/.iSulad/key.pem\")", \ +- NULL }, \ + { CMD_OPT_TYPE_CALLBACK, \ + false, \ + "default-ulimit", \ +diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c +index 6d121f33..f5ded220 100644 +--- a/src/cmd/isulad/main.c ++++ b/src/cmd/isulad/main.c +@@ -695,6 +695,7 @@ out: + } + #endif + ++#ifdef ENABLE_GRPC_REMOTE_CONNECT + // update values for options after flag parsing is complete + static int update_tls_options(struct service_arguments *args) + { +@@ -745,6 +746,7 @@ static int update_tls_options(struct service_arguments *args) + out: + return ret; + } ++#endif + + static int update_set_default_log_file(struct service_arguments *args) + { +@@ -946,9 +948,11 @@ static int update_server_args(struct service_arguments *args) + } + #endif + ++#ifdef ENABLE_GRPC_REMOTE_CONNECT + if (update_tls_options(args)) { + return -1; + } ++#endif + + if (update_set_default_log_file(args) != 0) { + return -1; +@@ -1284,17 +1288,20 @@ static char *parse_host(bool tls, const char *val) + char *host = NULL; + char *tmp = util_strdup_s(val); + tmp = util_trim_space(tmp); +- if (tmp == NULL) { +- if (tls) { +- host = util_strdup_s(DEFAULT_TLS_HOST); +- } else { +- host = util_strdup_s(DEFAULT_UNIX_SOCKET); +- } +- } else { ++ ++ if (tmp != NULL) { + host = util_strdup_s(val); ++ free(tmp); ++ return host; ++ } ++ ++#ifdef ENABLE_GRPC_REMOTE_CONNECT ++ if (tls) { ++ return util_strdup_s(DEFAULT_TLS_HOST); + } +- free(tmp); +- return host; ++#endif ++ ++ return util_strdup_s(DEFAULT_UNIX_SOCKET); + } + + static int listener_init(const char *proto, const char *addr, const char *socket_group) +@@ -1329,7 +1336,11 @@ static int load_listener(const struct service_arguments *args) + for (i = 0; i < args->hosts_len; i++) { + char *proto_addr = NULL; + ++#ifdef ENABLE_GRPC_REMOTE_CONNECT + proto_addr = parse_host(args->json_confs->tls, args->hosts[i]); ++#else ++ proto_addr = parse_host(false, args->hosts[i]); ++#endif + proto = strtok_r(proto_addr, delim, &addr); + if (proto == NULL) { + ERROR("Failed to get proto"); +@@ -1339,11 +1350,13 @@ static int load_listener(const struct service_arguments *args) + } + addr += strlen("://") - 1; + ++#ifdef ENABLE_GRPC_REMOTE_CONNECT + if (strncmp(proto, "tcp", strlen("tcp")) == 0 && + (args->json_confs->tls_config == NULL || !args->json_confs->tls_verify)) { + WARN("[!] DON'T BIND ON ANY IP ADDRESS WITHOUT setting" + " --tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING [!]"); + } ++#endif + + // note: If we're binding to a TCP port, make sure that a container doesn't try to use it. + ret = listener_init(proto, args->hosts[i], args->json_confs->group); +diff --git a/src/common/constants.h b/src/common/constants.h +index 1a4cb7c4..37854291 100644 +--- a/src/common/constants.h ++++ b/src/common/constants.h +@@ -121,8 +121,10 @@ extern "C" { + + #define OCI_IMAGE_GRAPH_ROOTPATH_NAME "storage" + ++#ifdef ENABLE_GRPC_REMOTE_CONNECT + #define DEFAULT_TCP_HOST "tcp://localhost:2375" + #define DEFAULT_TLS_HOST "tcp://localhost:2376" ++#endif + + #define AUTH_PLUGIN "authz-broker" + +diff --git a/src/daemon/config/daemon_arguments.c b/src/daemon/config/daemon_arguments.c +index 04173557..078fb4a1 100644 +--- a/src/daemon/config/daemon_arguments.c ++++ b/src/daemon/config/daemon_arguments.c +@@ -27,6 +27,7 @@ + #include "utils_array.h" + #include "utils_file.h" + ++#ifdef ENABLE_GRPC_REMOTE_CONNECT + static int set_daemon_default_tls_options(struct service_arguments *args) + { + int ret = -1; +@@ -87,6 +88,7 @@ out: + free(cert_path); + return ret; + } ++#endif + + int service_arguments_init(struct service_arguments *args) + { +@@ -156,9 +158,11 @@ int service_arguments_init(struct service_arguments *args) + *(args->json_confs->use_decrypted_key) = true; + args->json_confs->insecure_skip_verify_enforce = false; + ++#ifdef ENABLE_GRPC_REMOTE_CONNECT + if (set_daemon_default_tls_options(args) != 0) { + goto free_out; + } ++#endif + + args->default_ulimit = NULL; + args->default_ulimit_len = 0; +diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c +index 996917c4..d9644756 100644 +--- a/src/daemon/config/isulad_config.c ++++ b/src/daemon/config/isulad_config.c +@@ -1496,6 +1496,7 @@ static int merge_cri_runtimes_into_global(struct service_arguments *args, isulad + return 0; + } + ++#ifdef ENABLE_GRPC_REMOTE_CONNECT + static int merge_authorization_conf_into_global(struct service_arguments *args, isulad_daemon_configs *tmp_json_confs) + { + args->json_confs->tls = tmp_json_confs->tls; +@@ -1511,6 +1512,7 @@ static int merge_authorization_conf_into_global(struct service_arguments *args, + + return 0; + } ++#endif + + static int merge_storage_conf_into_global(struct service_arguments *args, isulad_daemon_configs *tmp_json_confs) + { +@@ -1651,10 +1653,12 @@ int merge_json_confs_into_global(struct service_arguments *args) + args->json_confs->insecure_skip_verify_enforce = tmp_json_confs->insecure_skip_verify_enforce; + } + ++#ifdef ENABLE_GRPC_REMOTE_CONNECT + if (merge_authorization_conf_into_global(args, tmp_json_confs)) { + ret = -1; + goto out; + } ++#endif + + if (merge_default_ulimits_conf_into_global(args, tmp_json_confs)) { + ret = -1; +diff --git a/src/daemon/entry/connect/grpc/grpc_server_tls_auth.cc b/src/daemon/entry/connect/grpc/grpc_server_tls_auth.cc +index 6e958e23..737bb129 100644 +--- a/src/daemon/entry/connect/grpc/grpc_server_tls_auth.cc ++++ b/src/daemon/entry/connect/grpc/grpc_server_tls_auth.cc +@@ -17,6 +17,7 @@ + #include + #include + #include "http.h" ++#include "constants.h" + + namespace AuthorizationPluginConfig { + std::string auth_plugin = ""; +@@ -25,6 +26,7 @@ std::string auth_plugin = ""; + namespace GrpcServerTlsAuth { + Status auth(ServerContext *context, std::string action) + { ++#ifdef ENABLE_GRPC_REMOTE_CONNECT + const std::multimap &init_metadata = context->client_metadata(); + auto tls_mode_kv = init_metadata.find("tls_mode"); + if (tls_mode_kv == init_metadata.end()) { +@@ -36,7 +38,7 @@ Status auth(ServerContext *context, std::string action) + } + if (AuthorizationPluginConfig::auth_plugin.empty()) { + return Status::OK; +- } else if (AuthorizationPluginConfig::auth_plugin == "authz-broker") { ++ } else if (AuthorizationPluginConfig::auth_plugin == AUTH_PLUGIN) { + auto username_kv = init_metadata.find("username"); + if (username_kv == init_metadata.end()) { + return Status(StatusCode::UNKNOWN, "unknown error"); +@@ -55,6 +57,8 @@ Status auth(ServerContext *context, std::string action) + } else { + return Status(StatusCode::UNIMPLEMENTED, "authorization plugin invalid"); + } ++#endif ++ + return Status::OK; + } + } // namespace GrpcServerTlsAuth +diff --git a/src/daemon/entry/connect/grpc/grpc_service.cc b/src/daemon/entry/connect/grpc/grpc_service.cc +index ab3e32ab..050a43f8 100644 +--- a/src/daemon/entry/connect/grpc/grpc_service.cc ++++ b/src/daemon/entry/connect/grpc/grpc_service.cc +@@ -54,13 +54,19 @@ public: + ERROR("Init runtime service failed: %s", err.GetCMessage()); + return -1; + } ++ ++ // hosts has been validate by util_validate_socket + auto hosts = std::vector(args->hosts, args->hosts + args->hosts_len); + for (auto host : hosts) { ++#ifdef ENABLE_GRPC_REMOTE_CONNECT + if (host.find("tcp://") == 0) { + m_tcpPath.push_back(host.erase(0, std::string("tcp://").length())); + } else { ++#endif + m_socketPath.push_back(host); ++#ifdef ENABLE_GRPC_REMOTE_CONNECT + } ++#endif + } + + if (ListeningPort(args, err)) { +@@ -109,6 +115,7 @@ public: + private: + int ListeningPort(const struct service_arguments *args, Errors &err) + { ++#ifdef ENABLE_GRPC_REMOTE_CONNECT + if (args->json_confs->tls) { + if (args->json_confs->authorization_plugin != nullptr) { + AuthorizationPluginConfig::auth_plugin = args->json_confs->authorization_plugin; +@@ -152,6 +159,8 @@ private: + INFO("Server listening on %s", address.c_str()); + } + } ++#endif ++ + // Listen on the given socket address without any authentication mechanism. + for (const auto &address : m_socketPath) { + m_builder.AddListeningPort(address, grpc::InsecureServerCredentials()); +@@ -187,7 +196,9 @@ private: + RuntimeRuntimeServiceImpl m_runtimeRuntimeService; + RuntimeImageServiceImpl m_runtimeImageService; + ServerBuilder m_builder; ++#ifdef ENABLE_GRPC_REMOTE_CONNECT + std::vector m_tcpPath; ++#endif + std::vector m_socketPath; + std::unique_ptr m_server; + }; +diff --git a/src/daemon/entry/cri/cri_container_manager_service_impl.cc b/src/daemon/entry/cri/cri_container_manager_service_impl.cc +index 5398c088..101824ae 100644 +--- a/src/daemon/entry/cri/cri_container_manager_service_impl.cc ++++ b/src/daemon/entry/cri/cri_container_manager_service_impl.cc +@@ -1228,14 +1228,14 @@ void ContainerManagerServiceImpl::UpdateContainerResources(const std::string &co + } + if (resources.hugepage_limits_size() != 0) { + hostconfig->hugetlbs = (host_config_hugetlbs_element **)util_smart_calloc_s( +- sizeof(host_config_hugetlbs_element *), resources.hugepage_limits_size()); ++ sizeof(host_config_hugetlbs_element *), resources.hugepage_limits_size()); + if (hostconfig->hugetlbs == nullptr) { + error.SetError("Out of memory"); + return; + } +- for (int i = 0; i < resources.hugepage_limits_size(); i++) { ++ for (int i = 0; i < resources.hugepage_limits_size(); i++) { + hostconfig->hugetlbs[i] = +- (host_config_hugetlbs_element *)util_common_calloc_s(sizeof(host_config_hugetlbs_element)); ++ (host_config_hugetlbs_element *)util_common_calloc_s(sizeof(host_config_hugetlbs_element)); + if (hostconfig->hugetlbs[i] == nullptr) { + error.SetError("Out of memory"); + goto cleanup; +diff --git a/src/daemon/entry/cri/cri_helpers.cc b/src/daemon/entry/cri/cri_helpers.cc +index e588b6c4..e2d00bc7 100644 +--- a/src/daemon/entry/cri/cri_helpers.cc ++++ b/src/daemon/entry/cri/cri_helpers.cc +@@ -457,7 +457,7 @@ void UpdateCreateConfig(container_config *createConfig, host_config *hc, + } + for (int i = 0; i < rOpts.hugepage_limits_size(); i++) { + hc->hugetlbs[i] = +- (host_config_hugetlbs_element *)util_common_calloc_s(sizeof(host_config_hugetlbs_element)); ++ (host_config_hugetlbs_element *)util_common_calloc_s(sizeof(host_config_hugetlbs_element)); + if (hc->hugetlbs[i] == nullptr) { + error.SetError("Out of memory"); + return; +diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c +index d436eba2..f6ddd03b 100644 +--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c ++++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c +@@ -133,7 +133,7 @@ static void free_image_store(image_store_t *store) + (void)map_free(store->bydigest); + store->bydigest = NULL; + +- linked_list_for_each_safe (item, &(store->images_list), next) { ++ linked_list_for_each_safe(item, &(store->images_list), next) { + linked_list_del(item); + image_ref_dec((image_t *)item->elem); + free(item); +@@ -165,7 +165,7 @@ static void image_store_digest_field_kvfree(void *key, void *value) + + free(key); + if (val != NULL) { +- linked_list_for_each_safe (item, &(val->images_list), next) { ++ linked_list_for_each_safe(item, &(val->images_list), next) { + linked_list_del(item); + free(item); + item = NULL; +@@ -501,7 +501,7 @@ static void digest_image_slice_without_value(digest_image_t *digest_filter_image + return; + } + +- linked_list_for_each_safe (item, &(digest_filter_images->images_list), next) { ++ linked_list_for_each_safe(item, &(digest_filter_images->images_list), next) { + tmp = (image_t *)item->elem; + if (strcmp(tmp->simage->id, img->simage->id) == 0) { + linked_list_del(item); +@@ -582,7 +582,7 @@ static int remove_image_from_memory(const char *id) + goto out; + } + +- linked_list_for_each_safe (item, &(g_image_store->images_list), next) { ++ linked_list_for_each_safe(item, &(g_image_store->images_list), next) { + image_t *tmp = (image_t *)item->elem; + if (strcmp(tmp->simage->id, id) != 0) { + continue; +@@ -681,7 +681,7 @@ static void free_digest_image(digest_image_t *ptr) + return; + } + +- linked_list_for_each_safe (item, &(ptr->images_list), next) { ++ linked_list_for_each_safe(item, &(ptr->images_list), next) { + linked_list_del(item); + free(item); + item = NULL; +@@ -2679,7 +2679,7 @@ int image_store_get_all_images(imagetool_images_list *images_list) + goto unlock; + } + +- linked_list_for_each_safe (item, &(g_image_store->images_list), next) { ++ linked_list_for_each_safe(item, &(g_image_store->images_list), next) { + imagetool_image_summary *imginfo = NULL; + image_t *img = (image_t *)item->elem; + imginfo = get_image_summary(img); +@@ -3546,7 +3546,7 @@ static void image_store_check_all_images() + return; + } + +- linked_list_for_each_safe (item, &(g_image_store->images_list), next) { ++ linked_list_for_each_safe(item, &(g_image_store->images_list), next) { + image_t *img = (image_t *)item->elem; + if (img->spec == NULL) { + ERROR("Failed to check spec info of image: %s, try to delete", img->simage->id); +diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c +index 12fca5ff..6024d734 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c +@@ -136,7 +136,7 @@ void layer_store_cleanup() + map_free(g_metadata.by_uncompress_digest); + g_metadata.by_uncompress_digest = NULL; + +- linked_list_for_each_safe (item, &(g_metadata.layers_list), next) { ++ linked_list_for_each_safe(item, &(g_metadata.layers_list), next) { + linked_list_del(item); + layer_ref_dec((layer_t *)item->elem); + free(item); +@@ -167,7 +167,7 @@ static void free_digest_layer_t(digest_layer_t *ptr) + return; + } + +- linked_list_for_each_safe (item, &(ptr->layer_list), next) { ++ linked_list_for_each_safe(item, &(ptr->layer_list), next) { + linked_list_del(item); + free(item->elem); + item->elem = NULL; +@@ -622,7 +622,7 @@ static int delete_digest_from_map(map_t *by_digest, const char *digest, const ch + return 0; + } + +- linked_list_for_each_safe (item, &(old_list->layer_list), next) { ++ linked_list_for_each_safe(item, &(old_list->layer_list), next) { + char *t_id = (char *)item->elem; + if (strcmp(t_id, id) == 0) { + linked_list_del(item); +@@ -735,7 +735,7 @@ static int remove_memory_stores(const char *id) + } + } + +- linked_list_for_each_safe (item, &(g_metadata.layers_list), next) { ++ linked_list_for_each_safe(item, &(g_metadata.layers_list), next) { + layer_t *tl = (layer_t *)item->elem; + if (strcmp(tl->slayer->id, id) != 0) { + continue; +@@ -1505,7 +1505,7 @@ int layer_store_list(struct layer_list *resp) + goto unlock; + } + +- linked_list_for_each_safe (item, &(g_metadata.layers_list), next) { ++ linked_list_for_each_safe(item, &(g_metadata.layers_list), next) { + layer_t *l = (layer_t *)item->elem; + resp->layers[i] = util_common_calloc_s(sizeof(struct layer)); + if (resp->layers[i] == NULL) { +@@ -1548,7 +1548,7 @@ static int layers_by_digest_map(map_t *m, const char *digest, struct layer_list + goto free_out; + } + +- linked_list_for_each_safe (item, &(id_list->layer_list), next) { ++ linked_list_for_each_safe(item, &(id_list->layer_list), next) { + layer_t *l = NULL; + resp->layers[i] = util_common_calloc_s(sizeof(struct layer)); + if (resp->layers[i] == NULL) { +@@ -1902,7 +1902,7 @@ static int load_layers_from_json_files() + goto unlock_out; + } + +- linked_list_for_each_safe (item, &(g_metadata.layers_list), next) { ++ linked_list_for_each_safe(item, &(g_metadata.layers_list), next) { + layer_t *tl = (layer_t *)item->elem; + size_t i = 0; + +diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/image_remote_impl.c b/src/daemon/modules/image/oci/storage/remote_layer_support/image_remote_impl.c +index 1ac0139f..92bf901d 100644 +--- a/src/daemon/modules/image/oci/storage/remote_layer_support/image_remote_impl.c ++++ b/src/daemon/modules/image/oci/storage/remote_layer_support/image_remote_impl.c +@@ -184,7 +184,8 @@ static int remote_image_add(void *data) + return ret; + } + +-void remote_image_refresh(struct remote_image_data *data) { ++void remote_image_refresh(struct remote_image_data *data) ++{ + if (remote_dir_scan(data) != 0) { + ERROR("remote overlay failed to scan dir, skip refresh"); + return; +diff --git a/src/utils/cutils/utils_verify.c b/src/utils/cutils/utils_verify.c +index ea43a40a..c2836ae3 100644 +--- a/src/utils/cutils/utils_verify.c ++++ b/src/utils/cutils/utils_verify.c +@@ -121,6 +121,7 @@ int util_validate_absolute_path(const char *path) + return nret; + } + ++#ifdef ENABLE_GRPC_REMOTE_CONNECT + static bool util_vaildate_tcp_socket(const char *socket) + { + if (socket == NULL) { +@@ -132,6 +133,7 @@ static bool util_vaildate_tcp_socket(const char *socket) + "|([1-5][0-9]{4})|([1-9][0-9]{0,3})|0))$", + socket) == 0; + } ++#endif + + bool util_validate_unix_socket(const char *socket) + { +@@ -162,7 +164,11 @@ bool util_validate_unix_socket(const char *socket) + + bool util_validate_socket(const char *socket) + { ++#ifdef ENABLE_GRPC_REMOTE_CONNECT + return util_validate_unix_socket(socket) || util_vaildate_tcp_socket(socket); ++#else ++ return util_validate_unix_socket(socket); ++#endif + } + + bool util_valid_device_mode(const char *mode) +diff --git a/test/image/oci/storage/remote_layer_support/remote_layer_ut.cc b/test/image/oci/storage/remote_layer_support/remote_layer_ut.cc +index 5f5e92fb..13e535c5 100644 +--- a/test/image/oci/storage/remote_layer_support/remote_layer_ut.cc ++++ b/test/image/oci/storage/remote_layer_support/remote_layer_ut.cc +@@ -74,7 +74,7 @@ void mockCommonAll(MockRemoteStore *mock) + + TEST(remote_Layer_ut, test_map_diff) + { +- // old: a b x ++ // old: a b x + // new: x b c + map_t *old_one = map_new(MAP_STR_BOOL, MAP_DEFAULT_CMP_FUNC, MAP_DEFAULT_FREE_FUNC); + map_t *new_one = map_new(MAP_STR_BOOL, MAP_DEFAULT_CMP_FUNC, MAP_DEFAULT_FREE_FUNC); +-- +2.25.1 + diff --git a/0065-move-signal_routine-and-g_log_fd-to-common-and-and-s.patch b/0065-move-signal_routine-and-g_log_fd-to-common-and-and-s.patch new file mode 100644 index 0000000..cbbf35f --- /dev/null +++ b/0065-move-signal_routine-and-g_log_fd-to-common-and-and-s.patch @@ -0,0 +1,93 @@ +From bf0cdaea061f27938551a2f89ab89eda7afee853 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Sat, 13 May 2023 09:58:35 +0800 +Subject: [PATCH 65/79] move signal_routine and g_log_fd to common and and some + incoming parameter verification + +Signed-off-by: zhongtao +--- + src/cmd/isulad-shim/common.c | 13 +++++++++++++ + src/cmd/isulad-shim/common.h | 1 + + src/cmd/isulad-shim/main.c | 13 +------------ + src/daemon/modules/runtime/isula/isula_rt_ops.c | 5 +++++ + 4 files changed, 20 insertions(+), 12 deletions(-) + +diff --git a/src/cmd/isulad-shim/common.c b/src/cmd/isulad-shim/common.c +index 18443385..3787cdfb 100644 +--- a/src/cmd/isulad-shim/common.c ++++ b/src/cmd/isulad-shim/common.c +@@ -29,6 +29,19 @@ + #include + #include + ++int g_log_fd = -1; ++ ++void signal_routine(int sig) ++{ ++ switch (sig) { ++ case SIGALRM: ++ write_message(g_log_fd, ERR_MSG, "runtime timeout"); ++ exit(EXIT_FAILURE); ++ default: ++ break; ++ } ++} ++ + int set_fd_no_inherited(int fd) + { + int ret = SHIM_ERR; +diff --git a/src/cmd/isulad-shim/common.h b/src/cmd/isulad-shim/common.h +index b3f52dc3..8cef5de2 100644 +--- a/src/cmd/isulad-shim/common.h ++++ b/src/cmd/isulad-shim/common.h +@@ -58,6 +58,7 @@ extern "C" { + #define CONTAINER_ACTION_REBOOT 129 + #define CONTAINER_ACTION_SHUTDOWN 130 + ++void signal_routine(int sig); + + void util_usleep_nointerupt(unsigned long usec); + /** +diff --git a/src/cmd/isulad-shim/main.c b/src/cmd/isulad-shim/main.c +index 0cccdf06..ed55805c 100644 +--- a/src/cmd/isulad-shim/main.c ++++ b/src/cmd/isulad-shim/main.c +@@ -26,18 +26,7 @@ + #include "common.h" + #include "process.h" + +-int g_log_fd = -1; +- +-void signal_routine(int sig) +-{ +- switch (sig) { +- case SIGALRM: +- write_message(g_log_fd, ERR_MSG, "runtime timeout"); +- exit(EXIT_FAILURE); +- default: +- break; +- } +-} ++extern int g_log_fd; + + static void set_timeout_exit(unsigned int timeout) + { +diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c +index 85a2fbc8..510bb17f 100644 +--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c ++++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c +@@ -1572,6 +1572,11 @@ out: + + int rt_isula_kill(const char *id, const char *runtime, const rt_kill_params_t *params) + { ++ if (id == NULL || runtime == NULL || params == NULL || params->pid < 0) { ++ ERROR("Invalid arguments not allowed"); ++ return -1; ++ } ++ + if (util_process_alive(params->pid, params->start_time) == false) { + if (params->signal == params->stop_signal || params->signal == SIGKILL) { + WARN("Process %d is not alive", params->pid); +-- +2.25.1 + diff --git a/0066-add-ut-for-runc.patch b/0066-add-ut-for-runc.patch new file mode 100644 index 0000000..c01f5af --- /dev/null +++ b/0066-add-ut-for-runc.patch @@ -0,0 +1,914 @@ +From 907826d6d53c0fa1e2aa2c2abd175a12009f5839 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Sat, 13 May 2023 10:00:28 +0800 +Subject: [PATCH 66/79] add ut for runc + +Signed-off-by: zhongtao +--- + test/cmd/CMakeLists.txt | 2 +- + test/cmd/isulad-shim/CMakeLists.txt | 22 +- + test/cmd/isulad-shim/common/CMakeLists.txt | 23 ++ + test/cmd/isulad-shim/common/common_ut.cc | 344 ++++++++++++++++++ + test/cmd/isulad-shim/isulad-shim_ut.cc | 123 ------- + test/cmd/isulad-shim/process/CMakeLists.txt | 22 ++ + test/cmd/isulad-shim/process/process_ut.cc | 49 +++ + .../isulad-shim/shim-mainloop/CMakeLists.txt | 20 + + .../shim-mainloop/shim_mainloop_ut.cc | 55 +++ + test/cutils/utils_utils/CMakeLists.txt | 2 + + test/cutils/utils_utils/utils_utils_ut.cc | 61 ++++ + test/runtime/isula/isula_rt_ops_ut.cc | 59 +++ + 12 files changed, 639 insertions(+), 143 deletions(-) + create mode 100644 test/cmd/isulad-shim/common/CMakeLists.txt + create mode 100644 test/cmd/isulad-shim/common/common_ut.cc + delete mode 100644 test/cmd/isulad-shim/isulad-shim_ut.cc + create mode 100644 test/cmd/isulad-shim/process/CMakeLists.txt + create mode 100644 test/cmd/isulad-shim/process/process_ut.cc + create mode 100644 test/cmd/isulad-shim/shim-mainloop/CMakeLists.txt + create mode 100644 test/cmd/isulad-shim/shim-mainloop/shim_mainloop_ut.cc + +diff --git a/test/cmd/CMakeLists.txt b/test/cmd/CMakeLists.txt +index 2d4cc751..cf0152ff 100644 +--- a/test/cmd/CMakeLists.txt ++++ b/test/cmd/CMakeLists.txt +@@ -1,4 +1,4 @@ + project(iSulad_UT) + + add_subdirectory(isula) +-add_subdirectory(isulad-shim) ++add_subdirectory(isulad-shim) +\ No newline at end of file +diff --git a/test/cmd/isulad-shim/CMakeLists.txt b/test/cmd/isulad-shim/CMakeLists.txt +index 122538ff..47d03350 100644 +--- a/test/cmd/isulad-shim/CMakeLists.txt ++++ b/test/cmd/isulad-shim/CMakeLists.txt +@@ -1,21 +1,5 @@ + project(iSulad_UT) + +-SET(EXE isulad-shim_ut) +- +-add_executable(${EXE} +- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/cmd/isulad-shim/process.c +- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/cmd/isulad-shim/common.c +- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/cmd/isulad-shim/terminal.c +- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/cmd/isulad-shim/mainloop.c +- isulad-shim_ut.cc) +- +-target_include_directories(${EXE} PUBLIC +- ${GTEST_INCLUDE_DIR} +- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/cmd/isulad-shim +- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/common +- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/sha256 +- ${CMAKE_BINARY_DIR}/conf +- ) +-target_link_libraries(${EXE} ${GTEST_BOTH_LIBRARIES} ${GMOCK_LIBRARY} ${GMOCK_MAIN_LIBRARY} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} -lcrypto -lyajl -lz) +-add_test(NAME ${EXE} COMMAND ${EXE} --gtest_output=xml:${EXE}-Results.xml) +-set_tests_properties(${EXE} PROPERTIES TIMEOUT 120) ++add_subdirectory(shim-mainloop) ++add_subdirectory(process) ++add_subdirectory(common) +\ No newline at end of file +diff --git a/test/cmd/isulad-shim/common/CMakeLists.txt b/test/cmd/isulad-shim/common/CMakeLists.txt +new file mode 100644 +index 00000000..94ec2703 +--- /dev/null ++++ b/test/cmd/isulad-shim/common/CMakeLists.txt +@@ -0,0 +1,23 @@ ++project(iSulad_UT) ++ ++SET(EXE common_ut) ++ ++add_executable(${EXE} ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/cmd/isulad-shim/process.c ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/cmd/isulad-shim/common.c ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/cmd/isulad-shim/terminal.c ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/cmd/isulad-shim/mainloop.c ++ common_ut.cc) ++ ++target_include_directories(${EXE} PUBLIC ++ ${GTEST_INCLUDE_DIR} ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/cmd/isulad-shim ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/common ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/utils/sha256 ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../include ++ ${CMAKE_BINARY_DIR}/conf ++ ) ++set_target_properties(${EXE} PROPERTIES LINK_FLAGS "-Wl,--wrap,calloc") ++target_link_libraries(${EXE} ${GTEST_BOTH_LIBRARIES} ${GMOCK_LIBRARY} ${GMOCK_MAIN_LIBRARY} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} -lcrypto -lyajl -lz) ++add_test(NAME ${EXE} COMMAND ${EXE} --gtest_output=xml:${EXE}-Results.xml) ++set_tests_properties(${EXE} PROPERTIES TIMEOUT 120) +\ No newline at end of file +diff --git a/test/cmd/isulad-shim/common/common_ut.cc b/test/cmd/isulad-shim/common/common_ut.cc +new file mode 100644 +index 00000000..cb790b21 +--- /dev/null ++++ b/test/cmd/isulad-shim/common/common_ut.cc +@@ -0,0 +1,344 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2020-2023. All rights reserved. ++ * iSulad licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ * Description: common unit test ++ * Author: leizhongkai ++ * Create: 2020-02-25 ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include "mock.h" ++ ++#include "mainloop.h" ++#include "process.h" ++#include "common.h" ++ ++using ::testing::Args; ++using ::testing::ByRef; ++using ::testing::SetArgPointee; ++using ::testing::DoAll; ++using ::testing::NiceMock; ++using ::testing::Return; ++using ::testing::NotNull; ++using ::testing::AtLeast; ++using ::testing::Invoke; ++using ::testing::_; ++ ++using namespace std; ++ ++extern "C" { ++ DECLARE_WRAPPER(calloc, void *, (size_t nmemb, size_t size)); ++ DEFINE_WRAPPER(calloc, void *, (size_t nmemb, size_t size), (nmemb, size)); ++} ++ ++class CommonUnitTest : public testing::Test { ++public: ++ void SetUp() override ++ { ++ } ++ void TearDown() override ++ { ++ } ++}; ++ ++TEST(shim, test_signal_routine) ++{ ++ signal_routine(SIGCONT); ++} ++ ++TEST_F(CommonUnitTest, test_open_no_inherit) ++{ ++ string exist_file = "/tmp/test_open_no_inherit_exist"; ++ string non_file = "/tmp/test_open_no_inherit_non"; ++ int fd_exist = -1; ++ ++ fd_exist = open_no_inherit(exist_file.c_str(), O_CREAT | O_WRONLY | O_APPEND | O_SYNC, 0640); ++ EXPECT_GT(fd_exist, 0); ++ EXPECT_EQ(open_no_inherit(non_file.c_str(), O_WRONLY, -1), -1); ++ ++ close(fd_exist); ++ unlink(exist_file.c_str()); ++} ++ ++TEST_F(CommonUnitTest, test_read_write_nointr) ++{ ++ char buf[32] = { 0 }; ++ string test_file = "/tmp/test_read_nointr"; ++ string test_string = "hello"; ++ int fd_wr = -1; ++ int fd_rd = -1; ++ int nwrite = -1; ++ int nread = -1; ++ ++ EXPECT_EQ(read_nointr(-1, nullptr, 32), -1); ++ EXPECT_EQ(read_nointr(0, nullptr, 32), -1); ++ EXPECT_EQ(read_nointr(1, nullptr, 32), -1); ++ ++ fd_wr = open_no_inherit(test_file.c_str(), O_CREAT | O_RDWR | O_APPEND | O_SYNC, 0640); ++ EXPECT_GT(fd_wr, 0); ++ nwrite = write_nointr_in_total(fd_wr, test_string.c_str(), 5); ++ EXPECT_EQ(nwrite, 5); ++ fd_rd = open(test_file.c_str(), O_RDONLY); ++ nread = read_nointr(fd_rd, buf, 32); ++ EXPECT_EQ(nread, 5); ++ ++ close(fd_wr); ++ close(fd_rd); ++ unlink(test_file.c_str()); ++} ++ ++TEST_F(CommonUnitTest, test_file_exist) ++{ ++ string exist_file = "/tmp/test_exist_exist"; ++ string non_file = "/tmp/test_exist_non"; ++ int fd_exist = -1; ++ ++ fd_exist = open_no_inherit(exist_file.c_str(), O_CREAT | O_WRONLY | O_APPEND | O_SYNC, 0640); ++ EXPECT_GT(fd_exist, 0); ++ EXPECT_TRUE(file_exists(exist_file.c_str())); ++ EXPECT_FALSE(file_exists(non_file.c_str())); ++ ++ close(fd_exist); ++ unlink(exist_file.c_str()); ++} ++ ++ ++TEST_F(CommonUnitTest, test_combined_output) ++{ ++ string exist_cmd = "ls"; ++ string non_cmd = "aaa"; ++ const char *params[MAX_RUNTIME_ARGS] = { nullptr }; ++ char output[BUFSIZ] = { 0 }; ++ int output_len = BUFSIZ; ++ ++ params[0] = exist_cmd.c_str(); ++ EXPECT_EQ(cmd_combined_output(exist_cmd.c_str(), params, output, &output_len), 0); ++ ++ params[0] = non_cmd.c_str(); ++ EXPECT_EQ(cmd_combined_output(non_cmd.c_str(), params, output, &output_len), -1); ++} ++ ++TEST_F(CommonUnitTest, test_util_array_len) ++{ ++ const char *array_long[] = { "abcd", "1234", "a1b", nullptr }; ++ ++ ASSERT_EQ(util_array_len(nullptr), 0); ++ ++ ASSERT_EQ(util_array_len(array_long), 3); ++} ++ ++TEST_F(CommonUnitTest, test_util_free_array) ++{ ++ char **array = nullptr; ++ ++ array = (char **)util_common_calloc_s(4 * sizeof(char *)); ++ ASSERT_NE(array, nullptr); ++ array[0] = util_strdup_s("test1"); ++ array[1] = util_strdup_s("test2"); ++ array[2] = util_strdup_s("test3"); ++ array[3] = nullptr; ++ ++ util_free_array(nullptr); ++ util_free_array(array); ++} ++ ++TEST(utils_array, test_util_grow_array) ++{ ++ char **array = nullptr; ++ size_t capacity = 0; ++ int ret; ++ ++ capacity = 1; ++ array = (char **)util_common_calloc_s(sizeof(char *)); ++ ASSERT_NE(array, nullptr); ++ ret = util_grow_array(&array, &capacity, 1, 1); ++ ASSERT_EQ(ret, 0); ++ ASSERT_NE(array, nullptr); ++ ASSERT_EQ(array[0], nullptr); ++ ASSERT_EQ(array[1], nullptr); ++ ASSERT_EQ(capacity, 2); ++ util_free_array(array); ++ array = nullptr; ++ capacity = 0; ++ ++ capacity = 1; ++ array = (char **)util_common_calloc_s(capacity * sizeof(char *)); ++ ASSERT_NE(array, nullptr); ++ ret = util_grow_array(&array, &capacity, 1, 2); ++ ASSERT_EQ(ret, 0); ++ ASSERT_NE(array, nullptr); ++ ASSERT_EQ(array[0], nullptr); ++ ASSERT_EQ(array[1], nullptr); ++ ASSERT_EQ(array[2], nullptr); ++ ASSERT_EQ(capacity, 3); ++ util_free_array(array); ++ array = nullptr; ++ capacity = 0; ++ ++ capacity = 1; ++ array = (char **)util_common_calloc_s(capacity * sizeof(char *)); ++ ASSERT_NE(array, nullptr); ++ ret = util_grow_array(&array, &capacity, 1, 4); ++ ASSERT_EQ(ret, 0); ++ ASSERT_NE(array, nullptr); ++ ASSERT_EQ(array[0], nullptr); ++ ASSERT_EQ(array[1], nullptr); ++ ASSERT_EQ(array[2], nullptr); ++ ASSERT_EQ(array[3], nullptr); ++ ASSERT_EQ(array[4], nullptr); ++ ASSERT_EQ(capacity, 5); ++ util_free_array(array); ++ array = nullptr; ++ capacity = 0; ++ ++ capacity = 1; ++ array = (char **)util_common_calloc_s(capacity * sizeof(char *)); ++ ASSERT_NE(array, nullptr); ++ ret = util_grow_array(&array, &capacity, 1, 0); ++ ASSERT_NE(ret, 0); ++ util_free_array(array); ++ array = nullptr; ++ capacity = 0; ++ ++ capacity = 1; ++ array = (char **)util_common_calloc_s(capacity * sizeof(char *)); ++ ASSERT_NE(array, nullptr); ++ ret = util_grow_array(&array, &capacity, 4, 1); ++ ASSERT_EQ(ret, 0); ++ ASSERT_NE(array, nullptr); ++ ASSERT_EQ(array[0], nullptr); ++ ASSERT_EQ(array[1], nullptr); ++ ASSERT_EQ(array[2], nullptr); ++ ASSERT_EQ(array[3], nullptr); ++ ASSERT_EQ(array[4], nullptr); ++ ASSERT_EQ(capacity, 5); ++ util_free_array(array); ++ array = nullptr; ++ capacity = 0; ++ ++ capacity = 1; ++ array = (char **)util_common_calloc_s(capacity * sizeof(char *)); ++ ASSERT_NE(array, nullptr); ++ ret = util_grow_array(&array, &capacity, 0, 1); ++ ASSERT_EQ(ret, 0); ++ ASSERT_NE(array, nullptr); ++ ASSERT_EQ(array[0], nullptr); ++ ASSERT_EQ(capacity, 1); ++ util_free_array(array); ++ array = nullptr; ++ capacity = 0; ++ ++ capacity = 1; ++ array = (char **)util_common_calloc_s(capacity * sizeof(char *)); ++ ASSERT_NE(array, nullptr); ++ ret = util_grow_array(&array, nullptr, 1, 1); ++ ASSERT_NE(ret, 0); ++ util_free_array(array); ++ array = nullptr; ++ capacity = 0; ++ ++ capacity = 1; ++ array = (char **)util_common_calloc_s(capacity * sizeof(char *)); ++ ASSERT_NE(array, nullptr); ++ ret = util_grow_array(nullptr, &capacity, 1, 1); ++ ASSERT_NE(ret, 0); ++ util_free_array(array); ++ array = nullptr; ++ capacity = 0; ++} ++ ++TEST(utils_string_ut, test_util_string_split_multi) ++{ ++ char **result = nullptr; ++ ++ result = util_string_split_multi("abcd,,,1234999999999", ','); ++ ASSERT_NE(result, nullptr); ++ ASSERT_STREQ(result[0], "abcd"); ++ free(result[0]); ++ ASSERT_STREQ(result[1], ""); ++ free(result[1]); ++ ASSERT_STREQ(result[2], ""); ++ free(result[2]); ++ ASSERT_STREQ(result[3], "1234999999999"); ++ free(result[3]); ++ ASSERT_STREQ(result[4], nullptr); ++ free(result); ++ ++ result = util_string_split_multi("abcd,1234,*&^(,defgz", ','); ++ ASSERT_NE(result, nullptr); ++ ASSERT_STREQ(result[0], "abcd"); ++ free(result[0]); ++ ASSERT_STREQ(result[1], "1234"); ++ free(result[1]); ++ ASSERT_STREQ(result[2], "*&^("); ++ free(result[2]); ++ ASSERT_STREQ(result[3], "defgz"); ++ free(result[3]); ++ ASSERT_STREQ(result[4], nullptr); ++ free(result); ++ ++ result = util_string_split_multi(",abcd,12340000000000", ','); ++ ASSERT_NE(result, nullptr); ++ ASSERT_STREQ(result[0], ""); ++ free(result[0]); ++ ASSERT_STREQ(result[1], "abcd"); ++ free(result[1]); ++ ASSERT_STREQ(result[2], "12340000000000"); ++ free(result[2]); ++ ASSERT_STREQ(result[3], nullptr); ++ free(result); ++ ++ result = util_string_split_multi("abcd,12340000000000,", ','); ++ ASSERT_NE(result, nullptr); ++ ASSERT_STREQ(result[0], "abcd"); ++ free(result[0]); ++ ASSERT_STREQ(result[1], "12340000000000"); ++ free(result[1]); ++ ASSERT_STREQ(result[2], ""); ++ free(result[2]); ++ ASSERT_STREQ(result[3], nullptr); ++ free(result); ++ ++ result = util_string_split_multi("abcd,1234,", 'x'); ++ ASSERT_NE(result, nullptr); ++ ASSERT_STREQ(result[0], "abcd,1234,"); ++ free(result[0]); ++ ASSERT_STREQ(result[1], nullptr); ++ free(result); ++ ++ result = util_string_split_multi(",", ','); ++ ASSERT_NE(result, nullptr); ++ ASSERT_STREQ(result[0], ""); ++ free(result[0]); ++ ASSERT_STREQ(result[1], ""); ++ free(result[1]); ++ ASSERT_STREQ(result[2], nullptr); ++ free(result); ++ ++ result = util_string_split_multi("", ','); ++ ASSERT_NE(result, nullptr); ++ ASSERT_STREQ(result[0], ""); ++ free(result[0]); ++ ASSERT_STREQ(result[1], nullptr); ++ free(result); ++ ++ result = util_string_split_multi(nullptr, ','); ++ ASSERT_EQ(result, nullptr); ++ ++ MOCK_SET(calloc, nullptr); ++ result = util_string_split_multi("abcd,12340000000000,", ','); ++ ASSERT_EQ(result, nullptr); ++ MOCK_CLEAR(calloc); ++} +\ No newline at end of file +diff --git a/test/cmd/isulad-shim/isulad-shim_ut.cc b/test/cmd/isulad-shim/isulad-shim_ut.cc +deleted file mode 100644 +index 8c116ac8..00000000 +--- a/test/cmd/isulad-shim/isulad-shim_ut.cc ++++ /dev/null +@@ -1,123 +0,0 @@ +-/* +- * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. +- * Description: isulad-shim unit test +- * Author: leizhongkai +- * Create: 2020-02-25 +- */ +-#include +-#include +-#include +-#include +-#include +-#include +- +-#include "mainloop.h" +-#include "process.h" +-#include "common.h" +- +-int g_log_fd = -1; +- +-using ::testing::Args; +-using ::testing::ByRef; +-using ::testing::SetArgPointee; +-using ::testing::DoAll; +-using ::testing::NiceMock; +-using ::testing::Return; +-using ::testing::NotNull; +-using ::testing::AtLeast; +-using ::testing::Invoke; +-using ::testing::_; +- +-using namespace std; +- +-class IsuladShimUnitTest : public testing::Test { +-public: +- void SetUp() override +- { +- } +- void TearDown() override +- { +- } +-}; +- +-TEST_F(IsuladShimUnitTest, test_new_process) +-{ +- string id = "aaaabbbbccccdddd"; +- string bundle = "/home/isulad/bundle"; +- string runtime = "kata-runtime"; +- +- process_t *p = new_process((char*)id.c_str(), (char*)bundle.c_str(), (char*)runtime.c_str()); +- ASSERT_TRUE(p == nullptr); +-} +- +-TEST_F(IsuladShimUnitTest, test_open_no_inherit) +-{ +- string exist_file = "/tmp/test_open_no_inherit_exist"; +- string non_file = "/tmp/test_open_no_inherit_non"; +- int fd_exist = -1; +- +- fd_exist = open_no_inherit(exist_file.c_str(), O_CREAT | O_WRONLY | O_APPEND | O_SYNC, 0640); +- EXPECT_GT(fd_exist, 0); +- EXPECT_EQ(open_no_inherit(non_file.c_str(), O_WRONLY, -1), -1); +- +- close(fd_exist); +- unlink(exist_file.c_str()); +-} +- +-TEST_F(IsuladShimUnitTest, test_read_write_nointr) +-{ +- char buf[32] = { 0 }; +- string test_file = "/tmp/test_read_nointr"; +- string test_string = "hello"; +- int fd_wr = -1; +- int fd_rd = -1; +- int nwrite = -1; +- int nread = -1; +- +- EXPECT_EQ(read_nointr(-1, nullptr, 32), -1); +- EXPECT_EQ(read_nointr(0, nullptr, 32), -1); +- EXPECT_EQ(read_nointr(1, nullptr, 32), -1); +- +- fd_wr = open_no_inherit(test_file.c_str(), O_CREAT | O_RDWR | O_APPEND | O_SYNC, 0640); +- EXPECT_GT(fd_wr, 0); +- nwrite = write_nointr_in_total(fd_wr, test_string.c_str(), 5); +- EXPECT_EQ(nwrite, 5); +- fd_rd = open(test_file.c_str(), O_RDONLY); +- nread = read_nointr(fd_rd, buf, 32); +- EXPECT_EQ(nread, 5); +- +- close(fd_wr); +- close(fd_rd); +- unlink(test_file.c_str()); +-} +- +-TEST_F(IsuladShimUnitTest, test_file_exist) +-{ +- string exist_file = "/tmp/test_exist_exist"; +- string non_file = "/tmp/test_exist_non"; +- int fd_exist = -1; +- +- fd_exist = open_no_inherit(exist_file.c_str(), O_CREAT | O_WRONLY | O_APPEND | O_SYNC, 0640); +- EXPECT_GT(fd_exist, 0); +- EXPECT_TRUE(file_exists(exist_file.c_str())); +- EXPECT_FALSE(file_exists(non_file.c_str())); +- +- close(fd_exist); +- unlink(exist_file.c_str()); +-} +- +- +-TEST_F(IsuladShimUnitTest, test_combined_output) +-{ +- string exist_cmd = "ls"; +- string non_cmd = "aaa"; +- const char *params[MAX_RUNTIME_ARGS] = { nullptr }; +- char output[BUFSIZ] = { 0 }; +- int output_len = BUFSIZ; +- +- params[0] = exist_cmd.c_str(); +- EXPECT_EQ(cmd_combined_output(exist_cmd.c_str(), params, output, &output_len), 0); +- +- params[0] = non_cmd.c_str(); +- EXPECT_EQ(cmd_combined_output(non_cmd.c_str(), params, output, &output_len), -1); +-} +diff --git a/test/cmd/isulad-shim/process/CMakeLists.txt b/test/cmd/isulad-shim/process/CMakeLists.txt +new file mode 100644 +index 00000000..dc96dc01 +--- /dev/null ++++ b/test/cmd/isulad-shim/process/CMakeLists.txt +@@ -0,0 +1,22 @@ ++project(iSulad_UT) ++ ++SET(EXE process_ut) ++ ++add_executable(${EXE} ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../test/mocks/mainloop_mock.cc ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/cmd/isulad-shim/mainloop.c ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/cmd/isulad-shim/common.c ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/cmd/isulad-shim/process.c ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/cmd/isulad-shim/terminal.c ++ process_ut.cc) ++ ++target_include_directories(${EXE} PUBLIC ++ ${GTEST_INCLUDE_DIR} ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/cmd/isulad-shim ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../include ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../test/mocks ++ ) ++ ++target_link_libraries(${EXE} ${GTEST_BOTH_LIBRARIES} ${GMOCK_LIBRARY} ${GMOCK_MAIN_LIBRARY} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} -lcrypto -lyajl -lz) ++add_test(NAME ${EXE} COMMAND ${EXE} --gtest_output=xml:${EXE}-Results.xml) ++set_tests_properties(${EXE} PROPERTIES TIMEOUT 120) +\ No newline at end of file +diff --git a/test/cmd/isulad-shim/process/process_ut.cc b/test/cmd/isulad-shim/process/process_ut.cc +new file mode 100644 +index 00000000..292d5b2c +--- /dev/null ++++ b/test/cmd/isulad-shim/process/process_ut.cc +@@ -0,0 +1,49 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2023. All rights reserved. ++ * iSulad licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ * Description: process unit test ++ * Author: leizhongkai ++ * Create: 2020-02-25 ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include "mainloop.h" ++#include "process.h" ++#include "common.h" ++ ++ ++using ::testing::Args; ++using ::testing::ByRef; ++using ::testing::SetArgPointee; ++using ::testing::DoAll; ++using ::testing::NiceMock; ++using ::testing::Return; ++using ::testing::NotNull; ++using ::testing::AtLeast; ++using ::testing::Invoke; ++using ::testing::_; ++ ++using namespace std; ++ ++TEST(process, test_new_process) ++{ ++ string id = "aaaabbbbccccdddd"; ++ string bundle = "/home/isulad/bundle"; ++ string runtime = "kata-runtime"; ++ ++ process_t *p = new_process((char*)id.c_str(), (char*)bundle.c_str(), (char*)runtime.c_str()); ++ ASSERT_TRUE(p == nullptr); ++} +\ No newline at end of file +diff --git a/test/cmd/isulad-shim/shim-mainloop/CMakeLists.txt b/test/cmd/isulad-shim/shim-mainloop/CMakeLists.txt +new file mode 100644 +index 00000000..457720ad +--- /dev/null ++++ b/test/cmd/isulad-shim/shim-mainloop/CMakeLists.txt +@@ -0,0 +1,20 @@ ++project(iSulad_UT) ++ ++SET(EXE shim_mainloop_ut) ++ ++add_executable(${EXE} ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../test/mocks/mainloop_mock.cc ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/cmd/isulad-shim/mainloop.c ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/cmd/isulad-shim/common.c ++ shim_mainloop_ut.cc) ++ ++target_include_directories(${EXE} PUBLIC ++ ${GTEST_INCLUDE_DIR} ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/cmd/isulad-shim ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../include ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../test/mocks ++ ) ++ ++target_link_libraries(${EXE} ${GTEST_BOTH_LIBRARIES} ${GMOCK_LIBRARY} ${GMOCK_MAIN_LIBRARY} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} -lcrypto -lyajl -lz) ++add_test(NAME ${EXE} COMMAND ${EXE} --gtest_output=xml:${EXE}-Results.xml) ++set_tests_properties(${EXE} PROPERTIES TIMEOUT 120) +\ No newline at end of file +diff --git a/test/cmd/isulad-shim/shim-mainloop/shim_mainloop_ut.cc b/test/cmd/isulad-shim/shim-mainloop/shim_mainloop_ut.cc +new file mode 100644 +index 00000000..ec3815c3 +--- /dev/null ++++ b/test/cmd/isulad-shim/shim-mainloop/shim_mainloop_ut.cc +@@ -0,0 +1,55 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2022. All rights reserved. ++ * iSulad licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ * Description: mainloop unit test ++ * Author: zhangxiaoyu ++ * Create: 2022-10-11 ++ */ ++ ++#include ++#include ++#include ++#include "mainloop.h" ++#include "mainloop_mock.h" ++ ++using ::testing::NiceMock; ++using ::testing::Invoke; ++using ::testing::Return; ++using ::testing::_; ++ ++class ShimMainloopUnitTest : public testing::Test { ++protected: ++ void SetUp() override ++ { ++ Mainloop_SetMock(&m_mainloop_mock); ++ EXPECT_CALL(m_mainloop_mock, Close(_)).WillRepeatedly(Return(0)); ++ EXPECT_CALL(m_mainloop_mock, EpollCreate1(_)).WillRepeatedly(Return(0)); ++ EXPECT_CALL(m_mainloop_mock, EpollCtl(_, _, _, _)).WillRepeatedly(Return(0)); ++ EXPECT_CALL(m_mainloop_mock, EpollWait(_, _, _, _)).WillRepeatedly(Return(0)); ++ } ++ ++ void TearDown() override ++ { ++ Mainloop_SetMock(nullptr); ++ } ++ ++ NiceMock m_mainloop_mock; ++}; ++ ++TEST_F(ShimMainloopUnitTest, test_mainloop) ++{ ++ struct epoll_descr descr = { 0 }; ++ ++ ASSERT_EQ(epoll_loop_open(&descr), 0); ++ ASSERT_EQ(epoll_loop_add_handler(&descr, 111, nullptr, nullptr), 0); ++ ASSERT_EQ(epoll_loop(&descr, -1), 0); ++ ASSERT_EQ(epoll_loop_del_handler(&descr, 111), 0); ++ ASSERT_EQ(epoll_loop_close(&descr), 0); ++} +diff --git a/test/cutils/utils_utils/CMakeLists.txt b/test/cutils/utils_utils/CMakeLists.txt +index 99a83e7a..6d276390 100644 +--- a/test/cutils/utils_utils/CMakeLists.txt ++++ b/test/cutils/utils_utils/CMakeLists.txt +@@ -12,6 +12,8 @@ target_include_directories(${EXE} PUBLIC + ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/map + ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils + ) ++ ++set_target_properties(${EXE} PROPERTIES LINK_FLAGS "-Wl,--wrap,waitpid") + target_link_libraries(${EXE} ${GTEST_BOTH_LIBRARIES} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} libutils_ut -lcrypto -lyajl -lz) + add_test(NAME ${EXE} COMMAND ${EXE} --gtest_output=xml:${EXE}-Results.xml) + set_tests_properties(${EXE} PROPERTIES TIMEOUT 120) +diff --git a/test/cutils/utils_utils/utils_utils_ut.cc b/test/cutils/utils_utils/utils_utils_ut.cc +index 6c7ece24..79583174 100644 +--- a/test/cutils/utils_utils/utils_utils_ut.cc ++++ b/test/cutils/utils_utils/utils_utils_ut.cc +@@ -15,6 +15,44 @@ + + #include + #include "utils.h" ++#include "mock.h" ++ ++static pid_t test_pid = -1; ++ ++extern "C" { ++ DECLARE_WRAPPER_V(waitpid, pid_t, (__pid_t pid, int *stat_loc, int options)); ++ DEFINE_WRAPPER_V(waitpid, pid_t, (__pid_t pid, int *stat_loc, int options),(pid, stat_loc, options)); ++} ++ ++static pid_t waitpid_none_zero(__pid_t pid, int *stat_loc, int options) ++{ ++ *stat_loc = 256; ++ return test_pid; ++} ++ ++static pid_t waitpid_zero(__pid_t pid, int *stat_loc, int options) ++{ ++ *stat_loc = 0; ++ return test_pid; ++} ++ ++#define ExitSignalOffset 128 ++static int status_to_exit_code(int status) ++{ ++ int exit_code = 0; ++ ++ if (WIFEXITED(status)) { ++ exit_code = WEXITSTATUS(status); ++ } else { ++ exit_code = -1; ++ } ++ if (WIFSIGNALED(status)) { ++ int signal; ++ signal = WTERMSIG(status); ++ exit_code = ExitSignalOffset + signal; ++ } ++ return exit_code; ++} + + TEST(utils_utils, test_util_mem_realloc) + { +@@ -297,4 +335,27 @@ TEST(utils_utils, test_do_retry_call) + DO_RETRY_CALL(10, 100, nret, retry_call_test, 11); + ASSERT_EQ(global_total, 10); + ASSERT_EQ(nret, -1); ++} ++ ++TEST(utils_utils, test_util_waitpid_with_timeout) ++{ ++ int64_t timeout = 2; ++ pid_t pid = getpid(); ++ int status = 0; ++ ++ test_pid = pid; ++ MOCK_SET_V(waitpid, waitpid_none_zero); ++ status = util_waitpid_with_timeout(test_pid, timeout, nullptr); ++ ASSERT_EQ(status, 256); ++ ASSERT_EQ(status_to_exit_code(status), 1); ++ MOCK_CLEAR(waitpid); ++ ++ MOCK_SET_V(waitpid, waitpid_zero); ++ status = util_waitpid_with_timeout(test_pid, timeout, nullptr); ++ ASSERT_EQ(status, 0); ++ ASSERT_EQ(status_to_exit_code(status), 0); ++ MOCK_CLEAR(waitpid); ++ ++ ASSERT_EQ(util_waitpid_with_timeout(pid, timeout, nullptr), -1); ++ + } +\ No newline at end of file +diff --git a/test/runtime/isula/isula_rt_ops_ut.cc b/test/runtime/isula/isula_rt_ops_ut.cc +index 03c213a5..9e014ac3 100644 +--- a/test/runtime/isula/isula_rt_ops_ut.cc ++++ b/test/runtime/isula/isula_rt_ops_ut.cc +@@ -163,3 +163,62 @@ TEST_F(IsulaRtOpsUnitTest, test_rt_isula_exec_resize) + close(fd); + ASSERT_EQ(system(rm_path.c_str()), 0); + } ++ ++TEST_F(IsulaRtOpsUnitTest, test_rt_isula_update) ++{ ++ rt_update_params_t params = {}; ++ ASSERT_EQ(rt_isula_update(nullptr, nullptr, nullptr), -1); ++ ++ ASSERT_EQ(rt_isula_update("123", nullptr, nullptr), -1); ++ ASSERT_EQ(rt_isula_update("123", "runtime", nullptr), -1); ++ ASSERT_EQ(rt_isula_update("123", "runtime", ¶ms), -1); ++} ++ ++TEST_F(IsulaRtOpsUnitTest, test_rt_isula_pause) ++{ ++ rt_pause_params_t params = {}; ++ ASSERT_EQ(rt_isula_pause(nullptr, nullptr, nullptr), -1); ++ ++ ASSERT_EQ(rt_isula_pause("123", nullptr, nullptr), -1); ++ ASSERT_EQ(rt_isula_pause("123", "runtime", nullptr), -1); ++ ASSERT_EQ(rt_isula_pause("123", "runtime", ¶ms), -1); ++} ++ ++TEST_F(IsulaRtOpsUnitTest, test_rt_isula_resume) ++{ ++ rt_resume_params_t params = {}; ++ ASSERT_EQ(rt_isula_resume(nullptr, nullptr, nullptr), -1); ++ ++ ASSERT_EQ(rt_isula_resume("123", nullptr, nullptr), -1); ++ ASSERT_EQ(rt_isula_resume("123", "runtime", nullptr), -1); ++ ASSERT_EQ(rt_isula_resume("123", "runtime", ¶ms), -1); ++} ++ ++TEST_F(IsulaRtOpsUnitTest, test_rt_isula_resources_stats) ++{ ++ rt_stats_params_t params = {}; ++ struct runtime_container_resources_stats_info stats = {}; ++ ++ ASSERT_EQ(rt_isula_resources_stats(nullptr, nullptr, nullptr, nullptr), -1); ++ ++ ASSERT_EQ(rt_isula_resources_stats("123", nullptr, nullptr, nullptr), -1); ++ ASSERT_EQ(rt_isula_resources_stats("123", "runtime", nullptr, nullptr), -1); ++ ASSERT_EQ(rt_isula_resources_stats("123", "runtime", ¶ms, nullptr), -1); ++ params.state = "/var/run/isulad/runtime"; ++ ASSERT_EQ(rt_isula_resources_stats("123", "runtime", ¶ms, &stats), -1); ++} ++ ++TEST_F(IsulaRtOpsUnitTest, test_rt_isula_kill) ++{ ++ rt_kill_params_t kill_params = { ++ .signal = SIGTERM, ++ .stop_signal = SIGKILL, ++ .pid = -1, ++ .start_time = 12345, ++ }; ++ ASSERT_EQ(rt_isula_kill(nullptr, nullptr, nullptr), -1); ++ ++ ASSERT_EQ(rt_isula_kill("123", nullptr, nullptr), -1); ++ ASSERT_EQ(rt_isula_kill("123", "runtime", nullptr), -1); ++ ASSERT_EQ(rt_isula_kill("123", "runtime", &kill_params), -1); ++} +\ No newline at end of file +-- +2.25.1 + diff --git a/0067-runc-add-ci-for-runc.patch b/0067-runc-add-ci-for-runc.patch new file mode 100644 index 0000000..ded6430 --- /dev/null +++ b/0067-runc-add-ci-for-runc.patch @@ -0,0 +1,1621 @@ +From 8a7abeec4620bd5c11098439e239081faa4f045e Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Sat, 13 May 2023 10:26:47 +0800 +Subject: [PATCH 67/79] =?UTF-8?q?=E3=80=90runc=E3=80=91add=20ci=20for=20ru?= + =?UTF-8?q?nc?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: zhongtao +--- + CI/test_cases/container_cases/annotaion.sh | 31 +++- + .../container_cases/bind_special_dir.sh | 15 +- + .../check_fd_leakage_of_isulad.sh | 31 +++- + CI/test_cases/container_cases/cpu_rt.sh | 88 ++++++---- + CI/test_cases/container_cases/create.sh | 41 +++-- + .../container_cases/cri_default_namespace.sh | 28 +-- + .../container_cases/cri_exec_sync.sh | 154 +++++++++++++++++ + CI/test_cases/container_cases/cri_stream.sh | 51 +++++- + CI/test_cases/container_cases/exec_runc.sh | 23 ++- + CI/test_cases/container_cases/kill.sh | 19 ++- + CI/test_cases/container_cases/log_test.sh | 160 +++++++++++------- + CI/test_cases/container_cases/rm.sh | 29 ++-- + CI/test_cases/container_cases/start.sh | 39 +++-- + CI/test_cases/container_cases/stats.sh | 16 +- + CI/test_cases/container_cases/ulimit.sh | 24 +-- + CI/test_cases/container_cases/update.sh | 51 ++++-- + CI/test_cases/helpers.sh | 5 +- + 17 files changed, 592 insertions(+), 213 deletions(-) + create mode 100755 CI/test_cases/container_cases/cri_exec_sync.sh + +diff --git a/CI/test_cases/container_cases/annotaion.sh b/CI/test_cases/container_cases/annotaion.sh +index 65c474e8..93b432e5 100755 +--- a/CI/test_cases/container_cases/annotaion.sh ++++ b/CI/test_cases/container_cases/annotaion.sh +@@ -21,13 +21,12 @@ + + declare -r curr_path=$(dirname $(readlink -f "$0")) + source ../helpers.sh +-test="annotation test => test_annotation" + + function test_label() + { + local ret=0 + +- isula run -tid --name annotation --label "test_long_label=111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111" busybox sh ++ isula run -tid --name annotation --runtime $1 --label "test_long_label=111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111" busybox sh + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container for long label" && ((ret++)) + + isula inspect annotation +@@ -52,7 +51,7 @@ function test_annotation() + { + local ret=0 + +- isula run -tid --name annotation --annotation "test_long_label=111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111" busybox sh ++ isula run -tid --name annotation --runtime $1 --annotation "test_long_label=111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111" busybox sh + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container for long label" && ((ret++)) + + isula inspect annotation +@@ -73,14 +72,28 @@ function test_annotation() + return ${ret} + } + +-declare -i ans=0 ++function do_test_t() ++{ ++ local ret=0 ++ local runtime=$1 ++ local test="annotation test => $runtime" ++ msg_info "${test} starting..." + +-msg_info "${test} starting..." +-[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++)) ++ test_label $runtime || ((ret++)) ++ test_annotation $runtime || ((ret++)) + +-test_label || ((ans++)) +-test_annotation || ((ans++)) ++ msg_info "${test} finished with return ${ret}..." ++ return $ret ++} ++ ++declare -i ans=0 + +-msg_info "${test} finished with return ${ans}..." ++for element in ${RUNTIME_LIST[@]}; ++do ++ do_test_t $element ++ if [ $? -ne 0 ];then ++ let "ans=$ans + 1" ++ fi ++done + + show_result ${ans} "${curr_path}/${0}" +diff --git a/CI/test_cases/container_cases/bind_special_dir.sh b/CI/test_cases/container_cases/bind_special_dir.sh +index e855404b..ee8cd0f5 100755 +--- a/CI/test_cases/container_cases/bind_special_dir.sh ++++ b/CI/test_cases/container_cases/bind_special_dir.sh +@@ -25,8 +25,9 @@ source ../helpers.sh + function test_bind_special_dir() + { + local ret=0 ++ local runtime=$1 + local image="busybox" +- local test="container bind special directory test => (${FUNCNAME[@]})" ++ local test="container bind special directory test with ($runtime) => (${FUNCNAME[@]})" + + msg_info "${test} starting..." + +@@ -36,7 +37,12 @@ function test_bind_special_dir() + isula images | grep busybox + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - missing list image: ${image}" && ((ret++)) + +- c_id=`isula run -itd -v -itd -v /sys/fs:/sys/fs:rw,rshared -v /proc:/proc -v /dev:/dev:ro -v /dev/pts:/dev/pts:rw busybox sh` ++ # when create container in container, runc not support to mount /dev ++ if [ $runtime == "runc" ]; then ++ c_id=`isula run -itd -v -itd --runtime=$runtime -v /sys/fs:/sys/fs:rw,rshared -v /proc:/proc -v /dev/pts:/dev/pts:rw busybox sh` ++ else ++ c_id=`isula run --runtime=$runtime -itd -v -itd -v /sys/fs:/sys/fs:rw,rshared -v /proc:/proc -v /dev:/dev:ro -v /dev/pts:/dev/pts:rw busybox sh` ++ fi + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image: ${image}" && ((ret++)) + + isula exec -it $c_id sh -c "ls -al /sys/fs" | grep "cgroup" +@@ -51,6 +57,9 @@ function test_bind_special_dir() + + declare -i ans=0 + +-test_bind_special_dir || ((ans++)) ++for element in ${RUNTIME_LIST[@]}; ++do ++ test_bind_special_dir $element || ((ans++)) ++done + + show_result ${ans} "${curr_path}/${0}" +diff --git a/CI/test_cases/container_cases/check_fd_leakage_of_isulad.sh b/CI/test_cases/container_cases/check_fd_leakage_of_isulad.sh +index 39c9f49f..1978b587 100755 +--- a/CI/test_cases/container_cases/check_fd_leakage_of_isulad.sh ++++ b/CI/test_cases/container_cases/check_fd_leakage_of_isulad.sh +@@ -26,6 +26,10 @@ connect="grpc" + + function do_test_t_grpc() + { ++ local runtime=$1 ++ local test="do_test_t_grpc test => $runtime" ++ msg_info "${test} starting..." ++ + if [ $connect != "grpc" ];then + echo "this test is designed for grpc version" + return 0 +@@ -34,7 +38,7 @@ function do_test_t_grpc() + containername=test_fds + isulad_pid=`cat /var/run/isulad.pid` + precount=`ls /proc/$isulad_pid/fd | wc -l` +- isula create -t --name $containername busybox ++ isula create -t --name $containername --runtime $runtime busybox + fn_check_eq "$?" "0" "create failed" + testcontainer $containername inited + +@@ -61,11 +65,15 @@ function do_test_t_grpc() + curcount=`ls /proc/$isulad_pid/fd | wc -l` + fn_check_eq "$precount" "$curcount" "test failed" + ++ msg_info "${test} finished with return ${TC_RET_T}..." + return $TC_RET_T + } + + function do_test_t_rest() + { ++ local runtime=$1 ++ local test="do_test_t_rest test => $runtime" ++ msg_info "${test} starting..." + if [ $connect != "rest" ];then + echo "this test is designed for rest version" + return 0 +@@ -76,7 +84,7 @@ function do_test_t_rest() + isulad_pid=`cat /var/run/isulad.pid` + precount=`ls /proc/$isulad_pid/fd | wc -l` + +- isula create -t --name $containername busybox ++ isula create -t --name $containername --runtime $runtime busybox + fn_check_eq "$?" "0" "create failed" + testcontainer $containername inited + +@@ -118,15 +126,24 @@ function do_test_t_rest() + TC_RET_T=$(($TC_RET_T+1)) + fi + ++ msg_info "${test} finished with return ${TC_RET_T}..." + return $TC_RET_T + } + + ret=0 + +-do_test_t_grpc +-do_test_t_rest +-if [ $? -ne 0 ];then +- let "ret=$ret + 1" +-fi ++for element in ${RUNTIME_LIST[@]}; ++do ++ do_test_t_grpc $element ++ if [ $? -ne 0 ];then ++ let "ret=$ret + 1" ++ fi ++ do_test_t_rest $element ++ if [ $? -ne 0 ];then ++ let "ret=$ret + 1" ++ fi ++done ++ ++ + + show_result $ret "basic check fd leak" +diff --git a/CI/test_cases/container_cases/cpu_rt.sh b/CI/test_cases/container_cases/cpu_rt.sh +index 3dcf4791..3b17aa75 100644 +--- a/CI/test_cases/container_cases/cpu_rt.sh ++++ b/CI/test_cases/container_cases/cpu_rt.sh +@@ -47,10 +47,9 @@ function test_isula_update_normal() + msg_info "${test} starting..." + + #start isulad with cpu_rt +- isulad --cpu-rt-period 1000000 --cpu-rt-runtime 950000 -l DEBUG > /dev/null 2>&1 & +- wait_isulad_running ++ start_isulad_without_valgrind --cpu-rt-period 1000000 --cpu-rt-runtime 950000 + +- c_id=`isula run -itd --cpu-rt-period 1000000 --cpu-rt-runtime 1000 ${image} sh` ++ c_id=`isula run -itd --cpu-rt-period 1000000 --cpu-rt-runtime 1000 --runtime $1 ${image} sh` + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image: ${image}" && ((ret++)) + + isula update --cpu-rt-period 900000 --cpu-rt-runtime 2000 $c_id +@@ -67,8 +66,7 @@ function test_isula_update_normal() + + stop_isulad_without_valgrind + #set cpu-rt to the initial state +- isulad --cpu-rt-period 1000000 --cpu-rt-runtime 0 -l DEBUG > /dev/null 2>&1 & +- wait_isulad_running ++ start_isulad_without_valgrind --cpu-rt-period 1000000 --cpu-rt-runtime 0 + + msg_info "${test} finished with return ${ret}..." + return ${ret} +@@ -84,23 +82,18 @@ function test_isula_update_abnormal() + isulad --cpu-rt-period 1000000 --cpu-rt-runtime 950000 -l DEBUG > /dev/null 2>&1 & + wait_isulad_running + +- c_id=`isula run -itd --cpu-rt-period 1000000 --cpu-rt-runtime 1000 ${image} sh` ++ c_id=`isula run -itd --cpu-rt-period 1000000 --cpu-rt-runtime 1000 --runtime $1 ${image} sh` + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image: ${image}" && ((ret++)) + + isula update --cpu-rt-period 800000 --cpu-rt-runtime 900000 $c_id 2>&1 | grep "Invalid --cpu-rt-runtime: rt runtime cannot be higher than rt period" + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to update container cpu-rt-runtime" && ((ret++)) + +- isula update --cpu-rt-runtime 1000000 $c_id 2>&1 | grep "updating cgroup cpu.rt_runtime_us to 1000000: Invalid argument" ++ isula update --cpu-rt-runtime 1000000 $c_id 2>&1 | grep -i "invalid argument" + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to update container cpu-rt-runtime" && ((ret++)) + + isula rm -f $c_id + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to rm container ${c_id}" && ((ret++)) + +- stop_isulad_without_valgrind +- #set cpu-rt to the initial state +- isulad --cpu-rt-period 1000000 --cpu-rt-runtime 0 -l DEBUG > /dev/null 2>&1 & +- wait_isulad_running +- + msg_info "${test} finished with return ${ret}..." + return ${ret} + } +@@ -113,8 +106,7 @@ function test_kernel_without_cpurt() + + msg_info "${test} starting..." + +- isulad --cpu-rt-period 1000000 --cpu-rt-runtime 950000 -l DEBUG > /dev/null 2>&1 & +- wait_isulad_running ++ start_isulad_without_valgrind --cpu-rt-period 1000000 --cpu-rt-runtime 950000 + + isula pull ${image} + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to pull image: ${image}" && return ${FAILURE} +@@ -122,7 +114,7 @@ function test_kernel_without_cpurt() + isula images | grep busybox + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - missing list image: ${image}" && ((ret++)) + +- isula run -itd --cpu-rt-period 1000000 --cpu-rt-runtime 900000 $image /bin/sh 2>&1 | grep "Your kernel does not support cgroup rt" ++ isula run -itd --cpu-rt-period 1000000 --cpu-rt-runtime 900000 --runtime $1 $image /bin/sh 2>&1 | grep "Your kernel does not support cgroup rt" + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - kernel does not support cpu-rt" && ((ret++)) + + msg_info "${test} finished with return ${ret}..." +@@ -137,9 +129,8 @@ function test_isula_run_abnormal() + + msg_info "${test} starting..." + +- #start isulad without cpu_rt +- isulad --cpu-rt-period 1000000 --cpu-rt-runtime 950000 -l DEBUG > /dev/null 2>&1 & +- wait_isulad_running ++ #start isulad with cpu_rt ++ start_isulad_without_valgrind --cpu-rt-period 1000000 --cpu-rt-runtime 950000 + + isula pull ${image} + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to pull image: ${image}" && return ${FAILURE} +@@ -147,25 +138,25 @@ function test_isula_run_abnormal() + isula images | grep busybox + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - missing list image: ${image}" && ((ret++)) + +- isula run -itd --cpu-rt-period 1000000 --cpu-rt-runtime -1 $image /bin/sh 2>&1 | grep "failed to write -1" | grep "cpu.rt_runtime_us: Invalid argument" ++ isula run -itd --cpu-rt-period 1000000 --cpu-rt-runtime -1 --runtime $1 $image /bin/sh 2>&1 | grep "failed to write" | grep -i "cpu.rt_runtime_us: Invalid argument" + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - Invalid argument for cpu-rt-runtime" && ((ret++)) + +- isula run -itd --cpu-rt-period xx --cpu-rt-runtime 10000 $image /bin/sh 2>&1 | grep 'Invalid value "xx" for flag --cpu-rt-period: Invalid argument' ++ isula run -itd --cpu-rt-period xx --cpu-rt-runtime 10000 --runtime $1 $image /bin/sh 2>&1 | grep 'Invalid value "xx" for flag --cpu-rt-period: Invalid argument' + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - Invalid argument for cpu-rt-period" && ((ret++)) + +- isula run -itd --cpu-rt-period 1000000 --cpu-rt-runtime xx $image /bin/sh 2>&1 | grep 'Invalid value "xx" for flag --cpu-rt-runtime: Invalid argument' ++ isula run -itd --cpu-rt-period 1000000 --cpu-rt-runtime xx --runtime $1 $image /bin/sh 2>&1 | grep 'Invalid value "xx" for flag --cpu-rt-runtime: Invalid argument' + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - Invalid argument for cpu-rt-runtime" && ((ret++)) + +- isula run -itd --cpu-rt-period xx --cpu-rt-runtime xx $image /bin/sh 2>&1 | grep 'Invalid value "xx" for flag --cpu-rt-period: Invalid argument' ++ isula run -itd --cpu-rt-period xx --cpu-rt-runtime xx --runtime $1 $image /bin/sh 2>&1 | grep 'Invalid value "xx" for flag --cpu-rt-period: Invalid argument' + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - Invalid argument for cpu-rt-period" && ((ret++)) + +- isula run -itd --cpu-rt-period -1 --cpu-rt-runtime 10000 $image /bin/sh 2>&1 | grep "Invalid --cpu-rt-runtime: rt runtime cannot be higher than rt period" ++ isula run -itd --cpu-rt-period -1 --cpu-rt-runtime 10000 --runtime $1 $image /bin/sh 2>&1 | grep "Invalid --cpu-rt-runtime: rt runtime cannot be higher than rt period" + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cpu-rt-runtime cannot be higher than cpu-rt-period" && ((ret++)) + +- isula run -itd --cpu-rt-period 100 --cpu-rt-runtime 10000 $image /bin/sh 2>&1 | grep "Invalid --cpu-rt-runtime: rt runtime cannot be higher than rt period" ++ isula run -itd --cpu-rt-period 100 --cpu-rt-runtime 10000 --runtime $1 $image /bin/sh 2>&1 | grep "Invalid --cpu-rt-runtime: rt runtime cannot be higher than rt period" + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cpu-rt-runtime cannot be higher than cpu-rt-period" && ((ret++)) + +- isula run -itd --cpu-rt-period 1000000 --cpu-rt-runtime 960000 $image /bin/sh 2>&1 | grep "failed to write 960000" | grep "cpu.rt_runtime_us: Invalid argument" ++ isula run -itd --cpu-rt-period 1000000 --cpu-rt-runtime 960000 --runtime $1 $image /bin/sh 2>&1 | grep "failed to write" | grep -i "cpu.rt_runtime_us: Invalid argument" + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - Invalid argument for cpu-rt-runtime" && ((ret++)) + + msg_info "${test} finished with return ${ret}..." +@@ -177,7 +168,7 @@ function test_isula_run_normal() + local ret=0 + local image="busybox" + +- isula run -itd -n box --cpu-rt-period 1000000 --cpu-rt-runtime 1000 $image /bin/sh 2>&1 ++ isula run -itd -n box --cpu-rt-period 1000000 --cpu-rt-runtime 1000 --runtime $1 $image /bin/sh 2>&1 + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container" && ((ret++)) + + isula rm -f box +@@ -187,18 +178,41 @@ function test_isula_run_normal() + return ${ret} + } + ++function do_test() ++{ ++ local ret=0 ++ local runtime=$1 ++ local test="cpu_rt_test => (${runtime})" ++ msg_info "${test} starting..." ++ ++ if [ -f "/sys/fs/cgroup/cpu/cpu.rt_runtime_us" ];then ++ test_isula_run_abnormal $runtime|| ((ret++)) ++ test_isula_run_normal $runtime || ((ret++)) ++ test_cpurt_isulad_abnormal $runtime || ((ret++)) ++ test_isula_update_normal $runtime || ((ret++)) ++ test_isula_update_abnormal $runtime || ((ret++)) ++ else ++ test_kernel_without_cpurt $runtime || ((ans++)) ++ fi ++ ++ msg_info "${test} finished with return ${ret}..." ++ ++ return ${ret} ++} ++ + declare -i ans=0 + +-if [ -f "/sys/fs/cgroup/cpu/cpu.rt_runtime_us" ];then +- test_isula_run_abnormal || ((ans++)) +- test_isula_run_normal || ((ans++)) +- test_cpurt_isulad_abnormal || ((ans++)) +- test_isula_update_normal || ((ans++)) +- test_isula_update_abnormal || ((ans++)) +-else +- test_kernel_without_cpurt || ((ans++)) +-fi +- +-isula rm -f $(isula ps -aq) ++for element in ${RUNTIME_LIST[@]}; ++do ++ check_valgrind_log ++ ++ do_test $element || ((ans++)) ++ ++ stop_isulad_without_valgrind ++ # set cpu-rt to the initial state ++ start_isulad_with_valgrind --cpu-rt-period 1000000 --cpu-rt-runtime 0 ++ ++ isula rm -f $(isula ps -aq) ++done + + show_result ${ans} "${curr_path}/${0}" +diff --git a/CI/test_cases/container_cases/create.sh b/CI/test_cases/container_cases/create.sh +index 2c28a4fa..868a9b22 100755 +--- a/CI/test_cases/container_cases/create.sh ++++ b/CI/test_cases/container_cases/create.sh +@@ -23,8 +23,12 @@ source ../helpers.sh + + function do_test_t() + { ++ local runtime=$1 ++ local test="create_test => (${runtime})" ++ msg_info "${test} starting..." ++ + containername=test_create +- isula run -itd --name $containername busybox ++ isula run -itd --name $containername --runtime $runtime busybox + fn_check_eq "$?" "0" "create failed" + testcontainer $containername running + +@@ -34,44 +38,44 @@ function do_test_t() + isula inspect $containername + fn_check_ne "$?" "0" "inspect should fail" + +- containerid=`isula run -itd --name $containername --cpu-shares 1024 busybox` ++ containerid=`isula run -itd --name $containername --cpu-shares 1024 --runtime $runtime busybox` + fn_check_eq "$?" "0" "create failed" + +- cat "$LCR_ROOT_PATH/$containerid/config" | grep "cpu.shares = 1024" ++ cat "$RUNTIME_ROOT_PATH/$runtime/$containerid/config.json" | grep "\"shares\": 1024" + fn_check_eq "$?" "0" "create failed" + + isula rm -f $containername + fn_check_eq "$?" "0" "rm failed" + +- containerid=`isula run -itd --name $containername --cpu-quota 50000 busybox` ++ containerid=`isula run -itd --name $containername --cpu-quota 50000 --runtime $runtime busybox` + fn_check_eq "$?" "0" "create failed" + +- cat "$LCR_ROOT_PATH/$containerid/config" | grep "cpu.cfs_quota_us = 50000" ++ cat "$RUNTIME_ROOT_PATH/$runtime/$containerid/config.json" | grep "\"quota\": 50000" + fn_check_eq "$?" "0" "create failed" + + isula rm -f $containername + fn_check_eq "$?" "0" "rm failed" + +- containerid=`isula run -itd --name $containername --cpuset-cpus 0-1 busybox` ++ containerid=`isula run -itd --name $containername --cpuset-cpus 0-1 --runtime $runtime busybox` + fn_check_eq "$?" "0" "create failed" + +- cat "$LCR_ROOT_PATH/$containerid/config" | grep "cpuset.cpus = 0-1" ++ cat "$RUNTIME_ROOT_PATH/$runtime/$containerid/config.json" | grep "\"cpus\": \"0-1\"" + fn_check_eq "$?" "0" "create failed" + + isula rm -f $containername + fn_check_eq "$?" "0" "rm failed" + +- containerid=`isula run -itd --name $containername --memory 1000000000 busybox` ++ containerid=`isula run -itd --name $containername --memory 1000000000 --runtime $runtime busybox` + fn_check_eq "$?" "0" "create failed" + +- cat "$LCR_ROOT_PATH/$containerid/config" | grep "memory.limit_in_bytes = 1000000000" ++ cat "$RUNTIME_ROOT_PATH/$runtime/$containerid/config.json" | grep "\"limit\": 1000000000" + fn_check_eq "$?" "0" "create failed" + + isula rm -f $containername + fn_check_eq "$?" "0" "rm failed" + + # validate --label +- containerid=`isula run -itd --name $containername --label "iSulad=lcrd" busybox` ++ containerid=`isula run -itd --name $containername --label "iSulad=lcrd" --runtime $runtime busybox` + fn_check_eq "$?" "0" "create failed" + + isula inspect -f "{{.Config.Labels}}" ${containerid} | grep iSulad | grep lcrd +@@ -82,7 +86,7 @@ function do_test_t() + + # validate --label-file + echo "iSulad=lcrd\n abc=kkk" > ./label_file +- containerid=`isula run -itd --name $containername --label-file ./label_file busybox` ++ containerid=`isula run -itd --name $containername --label-file ./label_file --runtime $runtime busybox` + fn_check_eq "$?" "0" "create failed" + + isula inspect -f "{{.Config.Labels}}" ${containerid} | grep iSulad | grep lcrd +@@ -97,7 +101,7 @@ function do_test_t() + fn_check_eq "$?" "0" "rm failed" + + # validate --dns --dns-search --dns-opt +- containerid=`isula run -itd --name $containername --dns 8.8.8.8 --dns-opt debug --dns-search example.com busybox` ++ containerid=`isula run -itd --name $containername --dns 8.8.8.8 --dns-opt debug --dns-search example.com --runtime $runtime busybox` + fn_check_eq "$?" "0" "create failed" + + isula exec -it ${containerid} cat /etc/resolv.conf | grep "nameserver 8.8.8.8" +@@ -112,14 +116,19 @@ function do_test_t() + isula rm -f $containername + fn_check_eq "$?" "0" "rm failed" + ++ msg_info "${test} finished with return ${TC_RET_T}..." ++ + return $TC_RET_T + } + + ret=0 + +-do_test_t +-if [ $? -ne 0 ];then +- let "ret=$ret + 1" +-fi ++for element in ${RUNTIME_LIST[@]}; ++do ++ do_test_t $element ++ if [ $? -ne 0 ];then ++ let "ret=$ret + 1" ++ fi ++done + + show_result $ret "basic create" +diff --git a/CI/test_cases/container_cases/cri_default_namespace.sh b/CI/test_cases/container_cases/cri_default_namespace.sh +index 6a17289b..d013c6fa 100755 +--- a/CI/test_cases/container_cases/cri_default_namespace.sh ++++ b/CI/test_cases/container_cases/cri_default_namespace.sh +@@ -43,10 +43,11 @@ function set_up() + function test_cri_default_namespace_in_pod_fun() + { + local ret=0 +- local test="test_cri_default_namespace_in_pod_fun => (${FUNCNAME[@]})" ++ local runtime=$1 ++ local test="test_cri_default_namespace_in_pod_fun => (${runtime})" + msg_info "${test} starting..." + +- sid=$(crictl runp ${data_path}/sandbox-config.json) ++ sid=$(crictl runp --runtime $runtime ${data_path}/sandbox-config.json) + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run sandbox" && ((ret++)) + + cid=$(crictl create $sid ${data_path}/container-config-default-namespace.json ${data_path}/sandbox-config.json) +@@ -73,14 +74,6 @@ function test_cri_default_namespace_in_pod_fun() + [[ x"$sandboxns" == x"$conatainerns" ]] && msg_err "${FUNCNAME[0]}:${LINENO} - $element namespace should be not shared in pod" && ((ret++)) + done + +- msg_info "${test} finished with return ${ret}..." +- return ${ret} +-} +- +-function tear_down() +-{ +- local ret=0 +- + crictl stop $cid + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to stop container" && ((ret++)) + +@@ -93,19 +86,26 @@ function tear_down() + crictl rmp $sid + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to rm sandbox" && ((ret++)) + ++ msg_info "${test} finished with return ${ret}..." ++ return ${ret} ++} ++ ++function tear_down() ++{ + cp -f /etc/isulad/daemon.bak /etc/isulad/daemon.json + check_valgrind_log + start_isulad_with_valgrind +- +- return ${ret} + } + + declare -i ans=0 + + set_up || ((ans++)) + +-test_cri_default_namespace_in_pod_fun || ((ans++)) ++for element in ${RUNTIME_LIST[@]}; ++do ++ test_cri_default_namespace_in_pod_fun $element || ((ans++)) ++done + +-tear_down || ((ans++)) ++tear_down + + show_result ${ans} "${curr_path}/${0}" +diff --git a/CI/test_cases/container_cases/cri_exec_sync.sh b/CI/test_cases/container_cases/cri_exec_sync.sh +new file mode 100755 +index 00000000..97ea01ca +--- /dev/null ++++ b/CI/test_cases/container_cases/cri_exec_sync.sh +@@ -0,0 +1,154 @@ ++#!/bin/bash ++# ++# attributes: cri exec sync test ++# concurrent: NA ++# spend time: 14 ++ ++####################################################################### ++##- Copyright (c) Huawei Technologies Co., Ltd. 2023. All rights reserved. ++# - iSulad licensed under the Mulan PSL v2. ++# - You can use this software according to the terms and conditions of the Mulan PSL v2. ++# - You may obtain a copy of Mulan PSL v2 at: ++# - http://license.coscl.org.cn/MulanPSL2 ++# - THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++# - IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++# - PURPOSE. ++# - See the Mulan PSL v2 for more details. ++##- @Description:CI ++##- @Author: zhongtao ++##- @Create: 2023-04-18 ++####################################################################### ++ ++curr_path=$(dirname $(readlink -f "$0")) ++data_path=$(realpath $curr_path/criconfigs) ++pause_img_path=$(realpath $curr_path/test_data) ++source ../helpers.sh ++ ++function do_pre() ++{ ++ local ret=0 ++ local image="busybox" ++ local podimage="mirrorgooglecontainers/pause-amd64" ++ local test="set_up => (${FUNCNAME[@]})" ++ ++ msg_info "${test} starting..." ++ ++ cp /etc/isulad/daemon.json /etc/isulad/daemon.bak ++ sed -i "s#\"pod-sandbox-image\": \"\"#\"pod-sandbox-image\": \"mirrorgooglecontainers/pause-amd64:3.0\"#g" /etc/isulad/daemon.json ++ ++ check_valgrind_log ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to stop isulad" && return ${FAILURE} ++ ++ start_isulad_with_valgrind ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to start isulad" && return ${FAILURE} ++ ++ isula load -i ${pause_img_path}/pause.tar ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to load pause image" && return ${FAILURE} ++ ++ crictl pull ${image} ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to pull image: ${image}" && return ${FAILURE} ++ ++ crictl images | grep ${podimage} ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - missing list image: ${podimage}" && ((ret++)) ++ ++ return ${ret} ++} ++ ++function set_up() ++{ ++ local ret=0 ++ sid=$(crictl runp --runtime $1 ${data_path}/sandbox-config.json) ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run sandbox" && ((ret++)) ++ ++ cid=$(crictl create $sid ${data_path}/container-config.json ${data_path}/sandbox-config.json) ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to create container" && ((ret++)) ++ ++ crictl start $cid ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to start container" && ((ret++)) ++ ++ msg_info "${test} finished with return ${ret}..." ++ return ${ret} ++} ++ ++function test_cri_exec_sync_fun() ++{ ++ local ret=0 ++ local test="test_cri_exec_sync_fun => (${FUNCNAME[@]})" ++ msg_info "${test} starting..." ++ ++ crictl exec -s ${cid} xxx 2>&1 ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to catch exec sync error msg" && ((ret++)) ++ ++ crictl exec -s ${cid} date ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to exec sync" && ((ret++)) ++ ++ crictl exec -s --timeout 2 ${cid} ls ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to exec sync with timeout" && ((ret++)) ++ ++ crictl exec -s --timeout 2 ${cid} sleep 898989 2>&1 | grep "timeout" ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to catch exec sync timeout error msg" && ((ret++)) ++ ++ crictl exec -s --timeout 2 ${cid} ps 2>&1 | grep "sleep 898989" ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - residual exec process" && ((ret++)) ++ ++ msg_info "${test} finished with return ${ret}..." ++ return ${ret} ++} ++ ++function tear_down() ++{ ++ local ret=0 ++ ++ crictl stop $cid ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to stop container" && ((ret++)) ++ ++ crictl rm $cid ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to rm container" && ((ret++)) ++ ++ crictl stopp $sid ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to stop sandbox" && ((ret++)) ++ ++ crictl rmp $sid ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to rm sandbox" && ((ret++)) ++ ++ return ${ret} ++} ++ ++function do_post() ++{ ++ cp -f /etc/isulad/daemon.bak /etc/isulad/daemon.json ++ ++ check_valgrind_log ++ start_isulad_with_valgrind ++} ++ ++function do_test_t() ++{ ++ local ret=0 ++ local runtime=$1 ++ local test="cri_exec_sync_test => (${runtime})" ++ msg_info "${test} starting..." ++ ++ set_up $runtime || ((ret++)) ++ ++ test_cri_exec_sync_fun || ((ret++)) ++ ++ tear_down || ((ret++)) ++ ++ msg_info "${test} finished with return ${ret}..." ++ ++ return $ret ++} ++ ++declare -i ans=0 ++ ++do_pre || ((ans++)) ++ ++for element in ${RUNTIME_LIST[@]}; ++do ++ do_test_t $element || ((ans++)) ++done ++ ++do_post ++ ++show_result ${ans} "${curr_path}/${0}" +diff --git a/CI/test_cases/container_cases/cri_stream.sh b/CI/test_cases/container_cases/cri_stream.sh +index 6c89ab38..8b5440d3 100755 +--- a/CI/test_cases/container_cases/cri_stream.sh ++++ b/CI/test_cases/container_cases/cri_stream.sh +@@ -9,7 +9,7 @@ data_path=$(realpath $curr_path/criconfigs) + pause_img_path=$(realpath $curr_path/test_data) + source ../helpers.sh + +-function set_up() ++function do_pre() + { + local ret=0 + local image="busybox" +@@ -36,7 +36,13 @@ function set_up() + crictl images | grep ${podimage} + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - missing list image: ${podimage}" && ((ret++)) + +- sid=$(crictl runp ${data_path}/sandbox-config.json) ++ return ${ret} ++} ++ ++function set_up() ++{ ++ local ret=0 ++ sid=$(crictl runp --runtime $1 ${data_path}/sandbox-config.json) + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run sandbox" && ((ret++)) + + cid=$(crictl create $sid ${data_path}/container-config.json ${data_path}/sandbox-config.json) +@@ -135,22 +141,49 @@ function tear_down() + crictl rmp $sid + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to rm sandbox" && ((ret++)) + ++ return ${ret} ++} ++ ++function do_post() ++{ + cp -f /etc/isulad/daemon.bak /etc/isulad/daemon.json ++ + stop_isulad_without_valgrind + start_isulad_with_valgrind ++} + +- return ${ret} ++function do_test_t() ++{ ++ local ret=0 ++ local runtime=$1 ++ local test="cri_stream_test => (${runtime})" ++ msg_info "${test} starting..." ++ ++ set_up $runtime || ((ret++)) ++ ++ test_cri_exec_fun || ((ret++)) ++ test_cri_exec_abn || ((ret++)) ++ ++ # runc attach not support ++ if [ $runtime == "lcr" ]; then ++ test_cri_attach || ((ret++)) ++ fi ++ tear_down || ((ret++)) ++ ++ msg_info "${test} finished with return ${ret}..." ++ ++ return $ret + } + + declare -i ans=0 + +-set_up || ((ans++)) +- +-test_cri_exec_fun || ((ans++)) +-test_cri_exec_abn || ((ans++)) ++do_pre || ((ans++)) + +-test_cri_attach || ((ans++)) ++for element in ${RUNTIME_LIST[@]}; ++do ++ do_test_t $element || ((ans++)) ++done + +-tear_down || ((ans++)) ++do_post + + show_result ${ans} "${curr_path}/${0}" +diff --git a/CI/test_cases/container_cases/exec_runc.sh b/CI/test_cases/container_cases/exec_runc.sh +index 74dc92e0..ab394735 100755 +--- a/CI/test_cases/container_cases/exec_runc.sh ++++ b/CI/test_cases/container_cases/exec_runc.sh +@@ -26,7 +26,7 @@ test="exec_runc_test => (${FUNCNAME[@]})" + function exec_runc_test() + { + local ret=0 +- local image="busybox" ++ local image="ubuntu" + local container_name="test_busybox" + + isula pull ${image} +@@ -42,7 +42,7 @@ function exec_runc_test() + [[ "x$ID" == "x" ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to get container ID" && ((ret++)) + + isula exec -it $container_name date +- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to exec" && ((ret++)) ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to exec date" && ((ret++)) + + ls /var/run/isulad/runc/${ID}/exec/ + ls /var/run/isulad/runc/${ID}/exec/ | wc -l | grep 0 +@@ -55,6 +55,25 @@ function exec_runc_test() + ls /var/run/isulad/runc/${ID}/exec/ | wc -l | grep 0 + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - residual dir after failed exec" && ((ret++)) + ++ isula exec -ti $container_name dd if=/dev/zero of=test2 bs=1GB count=2 ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to exec dd" && ((ret++)) ++ ++ isula exec $container_name cat test2 &> test_exec ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to exec cat" && ((ret++)) ++ ++ ls -l -h test_exec ++ ls -l -h test_exec 2>&1 | grep "1.9G" ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - exec data loss" && ((ret++)) ++ ++ isula exec $container_name bash -c "sleep 999 & exit" ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to exec backgrounder" && ((ret++)) ++ ++ isula exec -ti $container_name bash -c "sleep 999 & exit" ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - resize failed" && ((ret++)) ++ ++ rm test_exec ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to rm test_execs" && ((ret++)) ++ + isula rm -f ${container_name} + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - remove container ${container_name} failed" && ((ret++)) + +diff --git a/CI/test_cases/container_cases/kill.sh b/CI/test_cases/container_cases/kill.sh +index b31714a7..7b50b094 100755 +--- a/CI/test_cases/container_cases/kill.sh ++++ b/CI/test_cases/container_cases/kill.sh +@@ -25,8 +25,12 @@ source ../helpers.sh + + function do_test_t() + { ++ local runtime=$1 ++ local test="kill_test => (${runtime})" ++ msg_info "${test} starting..." ++ + containername=test_kill +- isula create -t --name $containername busybox ++ isula create -t --name $containername --runtime $runtime busybox + fn_check_eq "$?" "0" "create failed" + testcontainer $containername inited + +@@ -42,14 +46,19 @@ function do_test_t() + isula rm $containername + fn_check_eq "$?" "0" "rm failed" + ++ msg_info "${test} finished with return ${TC_RET_T}..." ++ + return $TC_RET_T + } + + ret=0 + +-do_test_t +-if [ $? -ne 0 ];then +- let "ret=$ret + 1" +-fi ++for element in ${RUNTIME_LIST[@]}; ++do ++ do_test_t $element ++ if [ $? -ne 0 ];then ++ let "ret=$ret + 1" ++ fi ++done + + show_result $ret "basic kill" +diff --git a/CI/test_cases/container_cases/log_test.sh b/CI/test_cases/container_cases/log_test.sh +index 119a005a..34bc3149 100755 +--- a/CI/test_cases/container_cases/log_test.sh ++++ b/CI/test_cases/container_cases/log_test.sh +@@ -24,10 +24,10 @@ function do_post() + + function do_check_item() + { +- cat ${ISULAD_ROOT_PATH}/engines/lcr/$1/config | grep console | grep "$2" ++ cat ${RUNTIME_ROOT_PATH}/$1/$2/config.json | grep console | grep "$3" + if [ $? -ne 0 ]; then +- cat ${ISULAD_ROOT_PATH}/engines/lcr/$1/config | grep console +- msg_err "expect $2" ++ cat ${RUNTIME_ROOT_PATH}/$1/$2/config.json | grep console ++ msg_err "expect $3" + TC_RET_T=$(($TC_RET_T+1)) + fi + } +@@ -42,16 +42,16 @@ function do_test_syslog_helper() + TC_RET_T=$(($TC_RET_T+1)) + fi + +- cid=`isula run -tid busybox sh` ++ cid=`isula run -tid --runtime $2 busybox sh` + if [ $? -ne 0 ]; then + msg_err "Failed to run container" + TC_RET_T=$(($TC_RET_T+1)) + fi + +- do_check_item ${cid} "logdriver = syslog" ++ do_check_item $2 ${cid} "driver\": \"syslog" + + if [ "x$1" != "x" ]; then +- do_check_item ${cid} "syslog_tag = $1" ++ do_check_item $2 ${cid} "tag\": \"$1" + fi + + isula rm -f ${cid} +@@ -74,91 +74,91 @@ function do_test_syslog_tag() + TC_RET_T=$(($TC_RET_T+1)) + fi + +- isula run -ti --log-opt="syslog-tag={{.xxx}}" busybox date ++ isula run -ti --log-opt="syslog-tag={{.xxx}}" --runtime $1 busybox date + if [ $? -eq 0 ]; then + msg_err "run container success with invalid syslog-tag" + TC_RET_T=$(($TC_RET_T+1)) + fi + +- isula run -ti --log-opt="syslog-tag={{" busybox date ++ isula run -ti --log-opt="syslog-tag={{" --runtime $1 busybox date + if [ $? -eq 0 ]; then + msg_err "run container success with invalid syslog-tag" + TC_RET_T=$(($TC_RET_T+1)) + fi + +- isula run -ti --log-opt="syslog-tag=aab{{cd" busybox date ++ isula run -ti --log-opt="syslog-tag=aab{{cd" --runtime $1 busybox date + if [ $? -eq 0 ]; then + msg_err "run container success with invalid syslog-tag" + TC_RET_T=$(($TC_RET_T+1)) + fi + +- cid=$(isula run -tid --log-opt="syslog-tag={{.DaemonName}}" busybox sh) ++ cid=$(isula run -tid --log-opt="syslog-tag={{.DaemonName}}" --runtime $1 busybox sh) + if [ $? -ne 0 ]; then + msg_err "Failed to run container" + TC_RET_T=$(($TC_RET_T+1)) + fi +- do_check_item ${cid} "logdriver = syslog" +- do_check_item ${cid} "syslog_tag = iSulad" ++ do_check_item $1 ${cid} "driver\": \"syslog" ++ do_check_item $1 ${cid} "tag\": \"iSulad" + +- cid=`isula run -tid --log-opt="syslog-tag={{.ID}}" busybox sh` ++ cid=`isula run -tid --log-opt="syslog-tag={{.ID}}" --runtime $1 busybox sh` + if [ $? -ne 0 ]; then + msg_err "Failed to run container" + TC_RET_T=$(($TC_RET_T+1)) + fi +- do_check_item ${cid} "logdriver = syslog" +- do_check_item ${cid} "syslog_tag = ${cid: 0: 12}" ++ do_check_item $1 ${cid} "driver\": \"syslog" ++ do_check_item $1 ${cid} "tag\": \"${cid: 0: 12}" + +- cid=`isula run -tid --name=haozi --log-opt="syslog-tag={{.ID}}xx{{.Name}}" busybox sh` ++ cid=`isula run -tid --name=haozi --log-opt="syslog-tag={{.ID}}xx{{.Name}}" --runtime $1 busybox sh` + if [ $? -ne 0 ]; then + msg_err "Failed to run container" + TC_RET_T=$(($TC_RET_T+1)) + fi +- do_check_item ${cid} "logdriver = syslog" +- do_check_item ${cid} "syslog_tag = ${cid: 0: 12}xxhaozi" ++ do_check_item $1 ${cid} "driver\": \"syslog" ++ do_check_item $1 ${cid} "tag\": \"${cid: 0: 12}xxhaozi" + isula rm -f haozi + +- cid=`isula run -tid --log-opt="syslog-tag={{.FullID}}" busybox sh` ++ cid=`isula run -tid --log-opt="syslog-tag={{.FullID}}" --runtime $1 busybox sh` + if [ $? -ne 0 ]; then + msg_err "Failed to run container" + TC_RET_T=$(($TC_RET_T+1)) + fi +- do_check_item ${cid} "logdriver = syslog" +- do_check_item ${cid} "syslog_tag = ${cid}" ++ do_check_item $1 ${cid} "driver\": \"syslog" ++ do_check_item $1 ${cid} "tag\": \"${cid}" + +- cid=`isula run -tid --name haozi --log-opt="syslog-tag={{.Name}}" busybox sh` ++ cid=`isula run -tid --name haozi --log-opt="syslog-tag={{.Name}}" --runtime $1 busybox sh` + if [ $? -ne 0 ]; then + msg_err "Failed to run container" + TC_RET_T=$(($TC_RET_T+1)) + fi +- do_check_item ${cid} "logdriver = syslog" +- do_check_item ${cid} "syslog_tag = haozi" ++ do_check_item $1 ${cid} "driver\": \"syslog" ++ do_check_item $1 ${cid} "tag\": \"haozi" + isula rm -f haozi + +- cid=`isula run -tid --name haozi --log-opt="syslog-tag=xx{{.Name}}yy" busybox sh` ++ cid=`isula run -tid --name haozi --log-opt="syslog-tag=xx{{.Name}}yy" --runtime $1 busybox sh` + if [ $? -ne 0 ]; then + msg_err "Failed to run container" + TC_RET_T=$(($TC_RET_T+1)) + fi +- do_check_item ${cid} "logdriver = syslog" +- do_check_item ${cid} "syslog_tag = xxhaoziyy" ++ do_check_item $1 ${cid} "driver\": \"syslog" ++ do_check_item $1 ${cid} "tag\": \"xxhaoziyy" + isula rm -f haozi + +- cid=`isula run -tid --log-opt="syslog-tag={{.ImageName}}" busybox sh` ++ cid=`isula run -tid --log-opt="syslog-tag={{.ImageName}}" --runtime $1 busybox sh` + if [ $? -ne 0 ]; then + msg_err "Failed to run container" + TC_RET_T=$(($TC_RET_T+1)) + fi +- do_check_item ${cid} "logdriver = syslog" +- do_check_item ${cid} "syslog_tag = busybox" ++ do_check_item $1 ${cid} "driver\": \"syslog" ++ do_check_item $1 ${cid} "tag\": \"busybox" + +- cid=`isula run -tid --log-opt="syslog-tag={{.ImageID}}" busybox sh` ++ cid=`isula run -tid --log-opt="syslog-tag={{.ImageID}}" --runtime $1 busybox sh` + if [ $? -ne 0 ]; then + msg_err "Failed to run container" + TC_RET_T=$(($TC_RET_T+1)) + fi + img_id=`isula inspect -f '{{.image.id}}' busybox` +- do_check_item ${cid} "logdriver = syslog" +- do_check_item ${cid} "syslog_tag = sha256:${img_id:0:5}" ++ do_check_item $1 ${cid} "driver\": \"syslog" ++ do_check_item $1 ${cid} "tag\": \"sha256:${img_id:0:5}" + + isula rm -f `isula ps -aq` + if [ $? -ne 0 ]; then +@@ -182,15 +182,15 @@ function do_test_json_file_helper() + file_size=$2 + fi + +- cid=`isula run -tid busybox sh` ++ cid=`isula run -tid --runtime $3 busybox sh` + if [ $? -ne 0 ]; then + msg_err "Failed to run container" + TC_RET_T=$(($TC_RET_T+1)) + fi + +- do_check_item ${cid} "logdriver = json-file" +- do_check_item ${cid} "rotate = $file_cnt" +- do_check_item ${cid} "size = $file_size" ++ do_check_item $3 ${cid} "driver\": \"json-file" ++ do_check_item $3 ${cid} "rotate\": \"$file_cnt" ++ do_check_item $3 ${cid} "size\": \"$file_size" + + isula rm -f ${cid} + if [ $? -ne 0 ]; then +@@ -207,75 +207,113 @@ function do_test_container_log() + cat /etc/isulad/daemon.json + ps aux | grep -i isulad + +- cid=`isula run -tid --log-driver=json-file busybox sh` ++ cid=`isula run -tid --log-driver=json-file --runtime $1 busybox sh` + if [ $? -ne 0 ]; then + msg_err "Failed to run container" + TC_RET_T=$(($TC_RET_T+1)) + fi +- do_check_item ${cid} "logdriver = json-file" +- do_check_item ${cid} "rotate = 7" +- do_check_item ${cid} "size = 1MB" ++ do_check_item $1 ${cid} "driver\": \"json-file" ++ do_check_item $1 ${cid} "rotate\": \"7" ++ do_check_item $1 ${cid} "size\": \"1MB" + +- cid=`isula run -tid --log-driver=json-file --log-opt="max-file=8" busybox sh` ++ cid=`isula run -tid --log-driver=json-file --log-opt="max-file=8" --runtime $1 busybox sh` + if [ $? -ne 0 ]; then + msg_err "Failed to run container" + TC_RET_T=$(($TC_RET_T+1)) + fi +- do_check_item ${cid} "logdriver = json-file" +- do_check_item ${cid} "rotate = 8" +- do_check_item ${cid} "size = 1MB" ++ do_check_item $1 ${cid} "driver\": \"json-file" ++ do_check_item $1 ${cid} "rotate\": \"8" ++ do_check_item $1 ${cid} "size\": \"1MB" + +- cid=`isula run -tid --log-driver=json-file --log-opt="max-size=128KB" busybox sh` ++ cid=`isula run -tid --log-driver=json-file --log-opt="max-size=128KB" --runtime $1 busybox sh` + if [ $? -ne 0 ]; then + msg_err "Failed to run container" + TC_RET_T=$(($TC_RET_T+1)) + fi +- do_check_item ${cid} "logdriver = json-file" +- do_check_item ${cid} "rotate = 7" +- do_check_item ${cid} "size = 128KB" ++ do_check_item $1 ${cid} "driver\": \"json-file" ++ do_check_item $1 ${cid} "rotate\": \"7" ++ do_check_item $1 ${cid} "size\": \"128KB" + +- cid=`isula run -tid --log-driver=json-file --log-opt="disable-log=true" busybox sh` ++ cid=`isula run -tid --log-driver=json-file --log-opt="disable-log=true" --runtime $1 busybox sh` + if [ $? -ne 0 ]; then + msg_err "Failed to run container" + TC_RET_T=$(($TC_RET_T+1)) + fi +- cat ${ISULAD_ROOT_PATH}/engines/lcr/${cid}/config | grep console | grep "logfile =" +- if [ $? -eq 0 ]; then ++ cat ${RUNTIME_ROOT_PATH}/$1/$cid/config.json | grep console | grep "\"log.console.file\": \"none\"" ++ if [ $? -ne 0 ]; then + msg_err "Failed to disable log" + TC_RET_T=$(($TC_RET_T+1)) + fi + ++ mkdir shim_sh ++ cat >> ./shim_sh/msg.sh << EOF ++#!/bin/bash ++dd if=/dev/zero of=/home/file bs=2M count=100 ++for i in {1..10} ++do ++ cat /home/file > /dev/stderr & ++ cat /home/file > /dev/stdout & ++ echo "cat done" ++ sleep 1 ++done ++echo "done" ++EOF ++ cat $curr_path/shim_sh/msg.sh ++ cid=`isula run -id --runtime $1 -v $curr_path/shim_sh:/home/shim --log-driver=json-file --log-opt="max-file=3" busybox:latest /bin/sh -x /home/shim/msg.sh` ++ ++ isula wait $cid ++ ++ logcount=`ls ${RUNTIME_ROOT_PATH}/$1/$cid/console.log* | wc -l` ++ [[ $logcount -ne 3 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - max-file didn't effective" && ((ret++)) ++ ++ rm -rf shim_sh + isula rm -f `isula ps -aq` + return $TC_RET_T + } + + function do_test_container_syslog() { +- do_test_syslog_helper "xxxx" ++ do_test_syslog_helper "xxxx" $1 + +- do_test_syslog_tag ++ do_test_syslog_tag $1 + } + + function do_test() { ++ local runtime=$1 ++ local test="log_test => (${runtime})" ++ msg_info "${test} starting..." ++ + check_valgrind_log + start_isulad_with_valgrind --container-log-opts="syslog-tag=xxxx" + +- do_test_container_syslog ++ do_test_container_syslog $runtime + + check_valgrind_log + start_isulad_with_valgrind --container-log-driver=json-file --container-log-opts="max-size=10MB" --container-log-opts="max-file=3" +- do_test_json_file_helper "3" "10MB" ++ ++ do_test_json_file_helper "3" "10MB" $runtime + + check_valgrind_log + start_isulad_with_valgrind +- do_test_container_log +-} + +-ret=0 ++ do_test_container_log $runtime ++ ++ msg_info "${test} finished with return ${TC_RET_T}..." ++ ++ return $TC_RET_T ++} + + do_pre + +-do_test ++ret=0 ++ ++for element in ${RUNTIME_LIST[@]}; ++do ++ do_test $element ++ if [ $? -ne 0 ];then ++ let "ret=$ret + 1" ++ fi ++done + + do_post + +-show_result $TC_RET_T "container log test" ++show_result $ret "container log test" +diff --git a/CI/test_cases/container_cases/rm.sh b/CI/test_cases/container_cases/rm.sh +index 2903edab..3deae453 100755 +--- a/CI/test_cases/container_cases/rm.sh ++++ b/CI/test_cases/container_cases/rm.sh +@@ -26,7 +26,7 @@ source ../helpers.sh + function rm_stopped_container() + { + containername=test_rm_stopped +- isula create -t --name $containername busybox ++ isula create -t --name $containername --runtime $1 busybox + fn_check_eq "$?" "0" "create failed" + testcontainer $containername inited + +@@ -40,7 +40,7 @@ function rm_stopped_container() + function rm_running_container() + { + containername=test_rm_running +- isula run -td --name $containername busybox ++ isula run -td --name $containername --runtime $1 busybox + fn_check_eq "$?" "0" "run failed" + testcontainer $containername running + +@@ -61,7 +61,7 @@ function rm_running_container() + function rm_running_container_force() + { + containername=test_rm_running_force +- conID=$(isula run -td --name $containername busybox) ++ conID=$(isula run -td --name $containername --runtime $1 busybox) + fn_check_eq "$?" "0" "run failed" + testcontainer $containername running + +@@ -83,18 +83,27 @@ function rm_running_container_force() + + function do_test_t() + { +- rm_stopped_container +- rm_running_container +- rm_running_container_force ++ local runtime=$1 ++ local test="rm_test => (${runtime})" ++ msg_info "${test} starting..." ++ ++ rm_stopped_container $runtime ++ rm_running_container $runtime ++ rm_running_container_force $runtime ++ ++ msg_info "${test} finished with return ${TC_RET_T}..." + + return $TC_RET_T + } + + ret=0 + +-do_test_t +-if [ $? -ne 0 ];then +- let "ret=$ret + 1" +-fi ++for element in ${RUNTIME_LIST[@]}; ++do ++ do_test_t $element ++ if [ $? -ne 0 ];then ++ let "ret=$ret + 1" ++ fi ++done + + show_result $ret "basic rm" +diff --git a/CI/test_cases/container_cases/start.sh b/CI/test_cases/container_cases/start.sh +index c3dc9c27..c2d0d02f 100755 +--- a/CI/test_cases/container_cases/start.sh ++++ b/CI/test_cases/container_cases/start.sh +@@ -26,7 +26,7 @@ source ../helpers.sh + function do_test_t() + { + containername=test_start +- isula create -t --name $containername busybox ++ isula create -t --name $containername --runtime $1 busybox + fn_check_eq "$?" "0" "create failed" + testcontainer $containername inited + +@@ -51,7 +51,7 @@ function do_attach_local_test_t() + local test="container start with --attach local test => (${FUNCNAME[@]})" + + containername=start_attach +- isula create -ti --name $containername busybox /bin/sh -c 'echo "hello"' ++ isula create -ti --name $containername --runtime $1 busybox /bin/sh -c 'echo "hello"' + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to create ${containername}" && ((ret++)) + testcontainer $containername inited + +@@ -62,7 +62,7 @@ function do_attach_local_test_t() + isula rm -f $containername + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to rm container" && ((ret++)) + +- id=`isula create -ti busybox /bin/sh -c 'ech "hello"'` ++ id=`isula create -ti --runtime $1 busybox /bin/sh -c 'ech "hello"'` + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to create container" && ((ret++)) + + isula start -a $id +@@ -88,19 +88,19 @@ function do_attach_remote_test_t() + start_isulad_with_valgrind -H "$config" + + containername=start_attach +- isula create -ti -H "$config" --name $containername busybox /bin/sh -c 'echo "hello"' ++ isula create -ti -H "$config" --name $containername --runtime $1 busybox /bin/sh -c 'echo "hello"' + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to create ${containername} remote" && ((ret++)) +- testcontainer $containername inited ++ testcontainer $containername inited "-H $config" + + result=`isula start -a -H "$config" $containername` + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to start -a ${containername} remote" && ((ret++)) +- testcontainer $containername exited ++ testcontainer $containername exited "-H $config" + + isula rm -f -H "$config" $containername + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to rm container remote" && ((ret++)) + + containername=start_exit +- isula run -it -H "$config" --name $containername busybox /bin/sh -c 'exit 5' ++ isula run -it -H "$config" --name $containername --runtime $1 busybox /bin/sh -c 'exit 5' + [[ $? -ne 5 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - invalid exit code with remote start" && ((ret++)) + + isula start -a -H "$config" $containername +@@ -119,12 +119,29 @@ function do_attach_remote_test_t() + return ${ret} + } + +-declare -i ans=0 ++function test_start() ++{ ++ local ret=0 ++ local runtime=$1 ++ local test="start_test => (${runtime})" ++ msg_info "${test} starting..." ++ ++ do_test_t $runtime || ((ret++)) + +-do_test_t || ((ans++)) ++ do_attach_local_test_t $runtime || ((ret++)) + +-do_attach_local_test_t || ((ans++)) ++ do_attach_remote_test_t $runtime || ((ret++)) ++ ++ msg_info "${test} finished with return ${ret}..." ++ ++ return $ret ++} ++ ++declare -i ans=0 + +-do_attach_remote_test_t || ((ans++)) ++for element in ${RUNTIME_LIST[@]}; ++do ++ test_start $element || ((ans++)) ++done + + show_result ${ans} "${curr_path}/${0}" +diff --git a/CI/test_cases/container_cases/stats.sh b/CI/test_cases/container_cases/stats.sh +index 705f7a7c..df241b90 100755 +--- a/CI/test_cases/container_cases/stats.sh ++++ b/CI/test_cases/container_cases/stats.sh +@@ -26,7 +26,8 @@ function test_stats_spec() + { + local ret=0 + local image="busybox" +- local test="container stats test => (${FUNCNAME[@]})" ++ local runtime=$1 ++ local test="container stats test with (${runtime}) => (${FUNCNAME[@]})" + statslog=/tmp/stats.log + + msg_info "${test} starting..." +@@ -44,11 +45,11 @@ function test_stats_spec() + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image: ${image}" && ((ret++)) + + container_name_init=stats_inited +- id_init=`isula create -t -n $container_name_init $image /bin/sh` ++ id_init=`isula create -t -n $container_name_init --runtime $runtime $image /bin/sh` + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image: ${image}" && ((ret++)) + + container_name_running=stats_running +- id_running=`isula run -td -n $container_name_running $image /bin/sh` ++ id_running=`isula run -td -n $container_name_running --runtime $runtime $image /bin/sh` + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image: ${image}" && ((ret++)) + + isula stats --no-stream > $statslog +@@ -73,14 +74,14 @@ function test_stats_spec() + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image: ${image}" && ((ret++)) + + container_name_pause=stats_paused +- id_pause=`isula run -td -n $container_name_pause $image /bin/sh` ++ id_pause=`isula run -td -n $container_name_pause --runtime $runtime $image /bin/sh` + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image: ${image}" && ((ret++)) + + isula pause $id_pause + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to pause running container" && ((ret++)) + + container_name_stop=stats_stopped +- id_stop=`isula run -td -n $container_name_stop $image /bin/sh` ++ id_stop=`isula run -td -n $container_name_stop --runtime $runtime $image /bin/sh` + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image: ${image}" && ((ret++)) + + isula stop -t 0 $id_stop +@@ -129,6 +130,9 @@ function test_stats_spec() + + declare -i ans=0 + +-test_stats_spec || ((ans++)) ++for element in ${RUNTIME_LIST[@]}; ++do ++ test_stats_spec $element || ((ans++)) ++done + + show_result ${ans} "${curr_path}/${0}" +diff --git a/CI/test_cases/container_cases/ulimit.sh b/CI/test_cases/container_cases/ulimit.sh +index c134a71a..29868041 100755 +--- a/CI/test_cases/container_cases/ulimit.sh ++++ b/CI/test_cases/container_cases/ulimit.sh +@@ -26,10 +26,11 @@ source ../helpers.sh + function test_ulimit() + { + local ret=0 ++ local runtime=$1 + local image="busybox" + ulimitlog=/tmp/ulimit.log + +- local test="ulimit test => (${FUNCNAME[@]})" ++ local test="ulimit test with (${runtime})=> (${FUNCNAME[@]})" + msg_info "${test} starting..." + + check_valgrind_log +@@ -38,37 +39,37 @@ function test_ulimit() + start_isulad_with_valgrind --default-ulimit nproc=2048:4096 --default-ulimit nproc=2048:8192 --default-ulimit nofile=1024:4096 + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++)) + +- isula run --ulimit nproc= $image /bin/sh > $ulimitlog 2>&1 ++ isula run --ulimit nproc= $image --runtime $runtime /bin/sh > $ulimitlog 2>&1 + cat $ulimitlog | grep "delimiter '=' can't be the first or the last character" + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check failed" && ((ret++)) + +- isula run --ulimit nproc=1024: $image /bin/sh > $ulimitlog 2>&1 ++ isula run --ulimit nproc=1024: --runtime $runtime $image /bin/sh > $ulimitlog 2>&1 + cat $ulimitlog | grep "delimiter ':' can't be the first or the last character" + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check failed" && ((ret++)) + +- isula run --ulimit npro=1024:2048 $image /bin/sh > $ulimitlog 2>&1 ++ isula run --ulimit npro=1024:2048 --runtime $runtime $image /bin/sh > $ulimitlog 2>&1 + cat $ulimitlog | grep "Invalid ulimit type" + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check failed" && ((ret++)) + +- isula run --ulimit nproc=4096:2048 $image /bin/sh > $ulimitlog 2>&1 ++ isula run --ulimit nproc=4096:2048 --runtime $runtime $image /bin/sh > $ulimitlog 2>&1 + cat $ulimitlog | grep "Ulimit soft limit must be less than or equal to hard limit" + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check failed" && ((ret++)) + +- isula run --ulimit nproc=2048:4096.5 $image /bin/sh > $ulimitlog 2>&1 ++ isula run --ulimit nproc=2048:4096.5 --runtime $runtime $image /bin/sh > $ulimitlog 2>&1 + cat $ulimitlog | grep "Invalid ulimit hard value" + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check failed" && ((ret++)) + +- isula run --ulimit nproc==2048:4096 $image /bin/sh > $ulimitlog 2>&1 ++ isula run --ulimit nproc==2048:4096 --runtime $runtime $image /bin/sh > $ulimitlog 2>&1 + cat $ulimitlog | grep "Invalid ulimit argument" + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check failed" && ((ret++)) + +- isula run --ulimit nproc=2048::4096 $image /bin/sh > $ulimitlog 2>&1 ++ isula run --ulimit nproc=2048::4096 --runtime $runtime $image /bin/sh > $ulimitlog 2>&1 + cat $ulimitlog | grep "Too many limit value arguments" + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check failed" && ((ret++)) + + container_name="ulimit_test" + +- isula run -td -n $container_name --ulimit nofile=20480:40960 --ulimit core=1024:2048 $image /bin/sh ++ isula run -td -n $container_name --ulimit nofile=20480:40960 --ulimit core=1024:2048 --runtime $runtime $image /bin/sh + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check failed" && ((ret++)) + + isula exec $container_name /bin/sh -c "cat /proc/self/limits" | grep "Max open files" |awk '{ print $(NF-1) }' |grep 40960 +@@ -106,6 +107,9 @@ function test_ulimit() + + declare -i ans=0 + +-test_ulimit || ((ans++)) ++for element in ${RUNTIME_LIST[@]}; ++do ++ test_ulimit $element || ((ans++)) ++done + + show_result ${ans} "${curr_path}/${0}" +diff --git a/CI/test_cases/container_cases/update.sh b/CI/test_cases/container_cases/update.sh +index f6ca95f9..39049b54 100755 +--- a/CI/test_cases/container_cases/update.sh ++++ b/CI/test_cases/container_cases/update.sh +@@ -26,7 +26,7 @@ source ../helpers.sh + function do_test_t() + { + containername=test_update +- containerid=`isula create -t --name $containername busybox` ++ containerid=`isula create -t --runtime $1 --name $containername busybox` + fn_check_eq "$?" "0" "create failed" + testcontainer $containername inited + +@@ -99,8 +99,28 @@ function do_test_t() + fn_check_eq "$?" "0" "stop failed" + testcontainer $containername exited + +- isula update --kernel-memory 2000000000 $containername +- fn_check_eq "$?" "0" "update failed" ++ main=$(uname -r | awk -F . '{print $1}') ++ minor=$(uname -r | awk -F . '{print $2}') ++ enable=1 ++ if [ $1 == "runc" ]; then ++ version=$(runc --version | grep runc) ++ # Runc does not support '--kernel-memory' options from v1.0.0-rc94 version ++ limit=(1 0 0 93) ++ array=`echo $version |egrep -o "[0-9]*"` ++ index=0 ++ for i in $(echo $array| awk '{print $1,$2}') ++ do ++ echo $i ++ if [[ $i -gt ${limit[index]} ]]; then ++ enable=0 ++ break ++ fi ++ let "index+=1" ++ done ++ fi ++ if [[ ${main} -lt 5 ]] || [[ ${main} -eq 5 ]] && [[ ${minor} -lt 11 ]] && [[ ${enable} -eq 1 ]]; then ++ isula update --kernel-memory 2000000000 $containername ++ fn_check_eq "$?" "0" "update failed" + + isula start $containername + fn_check_eq "$?" "0" "start failed" +@@ -120,7 +140,7 @@ function do_test_t() + function do_test_t1() + { + containername=test_update1 +- containerid=`isula run -itd --memory 500M --name $containername busybox` ++ containerid=`isula run -itd --runtime $1 --memory 500M --name $containername busybox` + fn_check_eq "$?" "0" "run failed" + + isula inspect $containerid | grep "MemorySwap" | grep "1048576000" +@@ -142,16 +162,23 @@ function do_test_t1() + + ret=0 + +-do_test_t +-if [ $? -ne 0 ];then +- let "ret=$ret + 1" +-fi ++for element in ${RUNTIME_LIST[@]}; ++do ++ test="update test => (${element})" ++ msg_info "${test} starting..." + +-if [ -f "/sys/fs/cgroup/memory/memory.memsw.usage_in_bytes" ];then +- do_test_t1 ++ do_test_t $element + if [ $? -ne 0 ];then +- let "ret=$ret + 1" ++ let "ret=$ret + 1" ++ fi ++ ++ if [ -f "/sys/fs/cgroup/memory/memory.memsw.usage_in_bytes" ];then ++ do_test_t1 $element ++ if [ $? -ne 0 ];then ++ let "ret=$ret + 1" ++ fi + fi +-fi ++ msg_info "${test} finished with return ${ret}..." ++done + + show_result $ret "basic update" +diff --git a/CI/test_cases/helpers.sh b/CI/test_cases/helpers.sh +index a11e676c..f7bb7c93 100755 +--- a/CI/test_cases/helpers.sh ++++ b/CI/test_cases/helpers.sh +@@ -21,11 +21,14 @@ declare -a lines + + # Root directory of integration tests. + LCR_ROOT_PATH="/var/lib/isulad/engines/lcr" ++RUNTIME_ROOT_PATH="/var/lib/isulad/engines" + valgrind_log="/tmp/valgrind.log" + ISUALD_LOG="/var/lib/isulad/isulad.log" + ISULAD_ROOT_PATH="/var/lib/isulad" + ISULAD_RUN_ROOT_PATH="/var/run/isulad" + ++RUNTIME_LIST=(lcr runc) ++ + declare -r -i FAILURE=1 + + function is_overlay_driver() { +@@ -58,7 +61,7 @@ function fn_check_ne() { + } + + function testcontainer() { +- st=`isula inspect -f '{{json .State.Status}}' "$1"` ++ st=`isula inspect -f '{{json .State.Status}}' $3 "$1"` + if ! [[ "${st}" =~ "$2" ]];then + echo "expect status $2, but get ${st}" + TC_RET_T=$(($TC_RET_T+1)) +-- +2.25.1 + diff --git a/0068-fix-ci-error.patch b/0068-fix-ci-error.patch new file mode 100644 index 0000000..698483b --- /dev/null +++ b/0068-fix-ci-error.patch @@ -0,0 +1,45 @@ +From 1894ea2f37e13a49acddc9dff0362a8286f8e73d Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Sat, 13 May 2023 14:13:17 +0800 +Subject: [PATCH 68/79] fix ci error + +Signed-off-by: zhongtao +--- + CI/test_cases/container_cases/update.sh | 21 +++++++++++---------- + 1 file changed, 11 insertions(+), 10 deletions(-) + +diff --git a/CI/test_cases/container_cases/update.sh b/CI/test_cases/container_cases/update.sh +index 39049b54..9147b9e0 100755 +--- a/CI/test_cases/container_cases/update.sh ++++ b/CI/test_cases/container_cases/update.sh +@@ -119,16 +119,17 @@ function do_test_t() + done + fi + if [[ ${main} -lt 5 ]] || [[ ${main} -eq 5 ]] && [[ ${minor} -lt 11 ]] && [[ ${enable} -eq 1 ]]; then +- isula update --kernel-memory 2000000000 $containername +- fn_check_eq "$?" "0" "update failed" +- +- isula start $containername +- fn_check_eq "$?" "0" "start failed" +- tmp=`isula exec $containername cat /sys/fs/cgroup/memory/memory.kmem.limit_in_bytes` +- value=$(($tmp - 2000000000)) +- if [[ $value -lt -10000 || $value -gt 10000 ]]; then +- echo "Failed to check running reservation memory" +- TC_RET_T=$(($TC_RET_T+1)) ++ isula update --kernel-memory 2000000000 $containername ++ fn_check_eq "$?" "0" "update failed" ++ ++ isula start $containername ++ fn_check_eq "$?" "0" "start failed" ++ tmp=`isula exec $containername cat /sys/fs/cgroup/memory/memory.kmem.limit_in_bytes` ++ value=$(($tmp - 2000000000)) ++ if [[ $value -lt -10000 || $value -gt 10000 ]]; then ++ echo "Failed to check running reservation memory" ++ TC_RET_T=$(($TC_RET_T+1)) ++ fi + fi + + isula rm -f $containername +-- +2.25.1 + diff --git a/0069-restore-bind_special_dir.sh.patch b/0069-restore-bind_special_dir.sh.patch new file mode 100644 index 0000000..edd4c23 --- /dev/null +++ b/0069-restore-bind_special_dir.sh.patch @@ -0,0 +1,53 @@ +From 455046d295cd9a5d02eb80c49437e1875496de40 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Sun, 14 May 2023 13:41:45 +0800 +Subject: [PATCH 69/79] restore bind_special_dir.sh + +Signed-off-by: zhongtao +--- + CI/test_cases/container_cases/bind_special_dir.sh | 15 +++------------ + 1 file changed, 3 insertions(+), 12 deletions(-) + +diff --git a/CI/test_cases/container_cases/bind_special_dir.sh b/CI/test_cases/container_cases/bind_special_dir.sh +index ee8cd0f5..e855404b 100755 +--- a/CI/test_cases/container_cases/bind_special_dir.sh ++++ b/CI/test_cases/container_cases/bind_special_dir.sh +@@ -25,9 +25,8 @@ source ../helpers.sh + function test_bind_special_dir() + { + local ret=0 +- local runtime=$1 + local image="busybox" +- local test="container bind special directory test with ($runtime) => (${FUNCNAME[@]})" ++ local test="container bind special directory test => (${FUNCNAME[@]})" + + msg_info "${test} starting..." + +@@ -37,12 +36,7 @@ function test_bind_special_dir() + isula images | grep busybox + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - missing list image: ${image}" && ((ret++)) + +- # when create container in container, runc not support to mount /dev +- if [ $runtime == "runc" ]; then +- c_id=`isula run -itd -v -itd --runtime=$runtime -v /sys/fs:/sys/fs:rw,rshared -v /proc:/proc -v /dev/pts:/dev/pts:rw busybox sh` +- else +- c_id=`isula run --runtime=$runtime -itd -v -itd -v /sys/fs:/sys/fs:rw,rshared -v /proc:/proc -v /dev:/dev:ro -v /dev/pts:/dev/pts:rw busybox sh` +- fi ++ c_id=`isula run -itd -v -itd -v /sys/fs:/sys/fs:rw,rshared -v /proc:/proc -v /dev:/dev:ro -v /dev/pts:/dev/pts:rw busybox sh` + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image: ${image}" && ((ret++)) + + isula exec -it $c_id sh -c "ls -al /sys/fs" | grep "cgroup" +@@ -57,9 +51,6 @@ function test_bind_special_dir() + + declare -i ans=0 + +-for element in ${RUNTIME_LIST[@]}; +-do +- test_bind_special_dir $element || ((ans++)) +-done ++test_bind_special_dir || ((ans++)) + + show_result ${ans} "${curr_path}/${0}" +-- +2.25.1 + diff --git a/0070-ensure-isulad_io-not-NULL-before-close-fd.patch b/0070-ensure-isulad_io-not-NULL-before-close-fd.patch new file mode 100644 index 0000000..cc0ce42 --- /dev/null +++ b/0070-ensure-isulad_io-not-NULL-before-close-fd.patch @@ -0,0 +1,62 @@ +From e485c54e69c42f1af056f47ac2e16d9cb2d03042 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Sun, 14 May 2023 14:25:22 +0800 +Subject: [PATCH 70/79] ensure isulad_io not NULL before close fd + +Signed-off-by: zhongtao +--- + src/cmd/isulad-shim/process.c | 28 ++++++++++++++++------------ + 1 file changed, 16 insertions(+), 12 deletions(-) + +diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c +index f1391ecb..aa3aa37c 100644 +--- a/src/cmd/isulad-shim/process.c ++++ b/src/cmd/isulad-shim/process.c +@@ -194,6 +194,10 @@ static int stdin_cb(int fd, uint32_t events, void *cbdata, struct epoll_descr *d + } else { + fd_to = &(p->shim_io->in); + } ++ ++ if (fd_to == NULL || *fd_to == -1) { ++ return EPOLL_LOOP_HANDLE_CONTINUE; ++ } + w_count = write_nointr_in_total(*fd_to, p->buf, r_count); + if (w_count < 0) { + /* When any error occurs, set the write fd -1 */ +@@ -797,21 +801,21 @@ static int init_isulad_stdio(process_t *p) + return SHIM_OK; + failure: + if (p->isulad_io != NULL) { ++ if (p->isulad_io->in > 0) { ++ close(p->isulad_io->in); ++ } ++ if (p->isulad_io->out > 0) { ++ close(p->isulad_io->out); ++ } ++ if (p->isulad_io->err > 0) { ++ close(p->isulad_io->err); ++ } ++ if (p->isulad_io->resize > 0) { ++ close(p->isulad_io->resize); ++ } + free(p->isulad_io); + p->isulad_io = NULL; + } +- if (p->isulad_io->in > 0) { +- close(p->isulad_io->in); +- } +- if (p->isulad_io->out > 0) { +- close(p->isulad_io->out); +- } +- if (p->isulad_io->err > 0) { +- close(p->isulad_io->err); +- } +- if (p->isulad_io->resize > 0) { +- close(p->isulad_io->resize); +- } + return SHIM_ERR; + } + +-- +2.25.1 + diff --git a/0071-recheck-delete-command-exit-status.patch b/0071-recheck-delete-command-exit-status.patch new file mode 100644 index 0000000..5eed424 --- /dev/null +++ b/0071-recheck-delete-command-exit-status.patch @@ -0,0 +1,75 @@ +From 7f9b6a7f3fed2244123a235388614eaeff8c8fe4 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Tue, 16 May 2023 15:16:13 +0800 +Subject: [PATCH 71/79] recheck delete command exit status + +Signed-off-by: zhongtao +--- + .../modules/runtime/isula/isula_rt_ops.c | 24 ++++++++++++------- + 1 file changed, 15 insertions(+), 9 deletions(-) + +diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c +index 510bb17f..fab0b657 100644 +--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c ++++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c +@@ -630,9 +630,9 @@ static int runtime_call_simple(const char *workdir, const char *runtime, const c + } + + // oci runtime return -1 if the container 'does not exist' +-// if output contains 'does not exist', means nothing to kill, return 0 +-// this will change the exit status of kill command +-static int kill_output_check(const char *output) ++// if output contains 'does not exist', means nothing to kill or delete, return 0 ++// this will change the exit status of kill or delete command ++static int non_existent_output_check(const char *output) + { + char *pattern = "does not exist"; + +@@ -640,24 +640,24 @@ static int kill_output_check(const char *output) + return -1; + } + +- // container not exist, kill success, return 0 ++ // container not exist, kill or delete success, return 0 + if (util_strings_contains_word(output, pattern)) { + return 0; + } + +- // kill failed, return -1 ++ // kill or delete failed, return -1 + return -1; + } + +-// kill success or kill_output_check succeed return 0, DO_RETRY_CALL will break; ++// kill success or non_existent_output_check succeed return 0, DO_RETRY_CALL will break; + // if kill failed, recheck on shim alive, if not alive, kill succeed, still return 0; + // else, return -1, DO_RETRY_CALL will call this again; + static int runtime_call_kill_and_check(const char *workdir, const char *runtime, const char *id) + { + int ret = -1; + +- // kill succeed, return 0; kill_output_check succeed, return 0; +- ret = runtime_call_simple(workdir, runtime, "kill", NULL, 0, id, kill_output_check); ++ // kill succeed, return 0; non_existent_output_check succeed, return 0; ++ ret = runtime_call_simple(workdir, runtime, "kill", NULL, 0, id, non_existent_output_check); + if (ret == 0) { + return 0; + } +@@ -672,7 +672,13 @@ static int runtime_call_kill_and_check(const char *workdir, const char *runtime, + static int runtime_call_delete_force(const char *workdir, const char *runtime, const char *id) + { + const char *opts[1] = { "--force" }; +- return runtime_call_simple(workdir, runtime, "delete", opts, 1, id, NULL); ++ // delete succeed, return 0; ++ // When the runc version is less than or equal to v1.0.0-rc3, ++ // if the container does not exist when force deleting it, ++ // runc will report an error and isulad does not need to retry the deletion again. ++ // related PR ID:d1a743674a98e23d348b29f52c43436356f56b79 ++ // non_existent_output_check succeed, return 0; ++ return runtime_call_simple(workdir, runtime, "delete", opts, 1, id, non_existent_output_check); + } + + #define ExitSignalOffset 128 +-- +2.25.1 + diff --git a/0072-restore-execSync-return-value.patch b/0072-restore-execSync-return-value.patch new file mode 100644 index 0000000..0269091 --- /dev/null +++ b/0072-restore-execSync-return-value.patch @@ -0,0 +1,31 @@ +From a337c4744539590b98c4e377b5b12334edff520e Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Thu, 18 May 2023 19:10:13 +0800 +Subject: [PATCH 72/79] restore execSync return value + +Signed-off-by: zhongtao +--- + src/daemon/entry/connect/grpc/runtime_runtime_service.cc | 7 ------- + 1 file changed, 7 deletions(-) + +diff --git a/src/daemon/entry/connect/grpc/runtime_runtime_service.cc b/src/daemon/entry/connect/grpc/runtime_runtime_service.cc +index 4cc5a4ee..451eeeef 100644 +--- a/src/daemon/entry/connect/grpc/runtime_runtime_service.cc ++++ b/src/daemon/entry/connect/grpc/runtime_runtime_service.cc +@@ -289,13 +289,6 @@ grpc::Status RuntimeRuntimeServiceImpl::ExecSync(grpc::ServerContext *context, + return grpc::Status(grpc::StatusCode::UNKNOWN, error.GetMessage()); + } + +- if (reply->exit_code() != 0) { +- ERROR("Object: CRI, Type: Sync exec in container: %s with exit code: %d", request->container_id().c_str(), +- reply->exit_code()); +- error.SetError(reply->stderr()); +- return grpc::Status(grpc::StatusCode::UNKNOWN, error.GetMessage()); +- } +- + WARN("Event: {Object: CRI, Type: sync execed Container: %s}", request->container_id().c_str()); + + return grpc::Status::OK; +-- +2.25.1 + diff --git a/0073-fix-memory-leak-and-array-access-out-of-range.patch b/0073-fix-memory-leak-and-array-access-out-of-range.patch new file mode 100644 index 0000000..595c0b8 --- /dev/null +++ b/0073-fix-memory-leak-and-array-access-out-of-range.patch @@ -0,0 +1,75 @@ +From 300e968a212ce13d8979fe42175a60f609f5e077 Mon Sep 17 00:00:00 2001 +From: "Neil.wrz" +Date: Tue, 23 May 2023 19:01:40 -0700 +Subject: [PATCH 73/79] fix memory leak and array access out of range + +Signed-off-by: Neil.wrz +--- + .../oci/storage/remote_layer_support/remote_support.c | 4 ++-- + .../storage/remote_layer_support/ro_symlink_maintain.c | 2 +- + src/utils/http/parser.c | 10 ++++++++++ + 3 files changed, 13 insertions(+), 3 deletions(-) + +diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c +index 748298cb..400678c4 100644 +--- a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c ++++ b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c +@@ -105,12 +105,12 @@ int remote_start_refresh_thread(pthread_rwlock_t *remote_lock) + res = pthread_create(&a_thread, NULL, remote_refresh_ro_symbol_link, (void *)&supporters); + if (res != 0) { + CRIT("Thread creation failed"); +- return -1; ++ goto free_out; + } + + if (pthread_detach(a_thread) != 0) { + SYSERROR("Failed to detach 0x%lx", a_thread); +- return -1; ++ goto free_out; + } + + return 0; +diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c b/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c +index 0e2b671b..2bcc43e6 100644 +--- a/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c ++++ b/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c +@@ -136,7 +136,7 @@ static int do_build_ro_dir(const char *home, const char *id) + nret = asprintf(&ro_layer_dir, "%s/%s/%s", home, REMOTE_RO_LAYER_DIR, id); + if (nret < 0 || nret > PATH_MAX) { + SYSERROR("Failed to create ro layer dir path"); +- return -1; ++ goto out; + } + + if (util_mkdir_p(ro_layer_dir, IMAGE_STORE_PATH_MODE) != 0) { +diff --git a/src/utils/http/parser.c b/src/utils/http/parser.c +index 12df2435..a79893ba 100644 +--- a/src/utils/http/parser.c ++++ b/src/utils/http/parser.c +@@ -88,6 +88,11 @@ static int parser_cb_header_field(http_parser *parser, const char *buf, + m->num_headers++; + } + ++ if (m->num_headers == 0) { ++ ERROR("Failed to parse header field because headers num is 0"); ++ return -1; ++ } ++ + strlncat(m->headers[m->num_headers - 1][0], sizeof(m->headers[m->num_headers - 1][0]), buf, len); + + m->last_header_element = FIELD; +@@ -100,6 +105,11 @@ static int parser_cb_header_value(http_parser *parser, const char *buf, + size_t len) + { + struct parsed_http_message *m = parser->data; ++ ++ if (m->num_headers == 0) { ++ ERROR("Failed to parse header value because headers num is 0"); ++ return -1; ++ } + + strlncat(m->headers[m->num_headers - 1][1], sizeof(m->headers[m->num_headers - 1][1]), buf, len); + m->last_header_element = VALUE; +-- +2.25.1 + diff --git a/0074-fix-memory-leak-of-top_layer.patch b/0074-fix-memory-leak-of-top_layer.patch new file mode 100644 index 0000000..4e4fd3f --- /dev/null +++ b/0074-fix-memory-leak-of-top_layer.patch @@ -0,0 +1,143 @@ +From d027738842ba071802e87a18857c79603cb12db8 Mon Sep 17 00:00:00 2001 +From: "Neil.wrz" +Date: Wed, 24 May 2023 18:35:33 -0700 +Subject: [PATCH 74/79] fix memory leak of top_layer + +Signed-off-by: Neil.wrz +--- + .../oci/storage/image_store/image_store.c | 3 +- + .../remote_layer_support/image_remote_impl.c | 50 +++++++++++++------ + .../overlay_remote_impl.c | 4 +- + .../ro_symlink_maintain.c | 1 + + 4 files changed, 39 insertions(+), 19 deletions(-) + +diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c +index f6ddd03b..d89c28f4 100644 +--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c ++++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c +@@ -3684,7 +3684,8 @@ int remote_append_image_by_directory_with_lock(const char *id) + nret = snprintf(image_path, sizeof(image_path), "%s/%s", g_image_store->dir, id); + if (nret < 0 || (size_t)nret >= sizeof(image_path)) { + ERROR("Failed to get image path"); +- return -1; ++ ret = -1; ++ goto out; + } + + ret = append_image_by_directory(image_path); +diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/image_remote_impl.c b/src/daemon/modules/image/oci/storage/remote_layer_support/image_remote_impl.c +index 92bf901d..b4a53ec1 100644 +--- a/src/daemon/modules/image/oci/storage/remote_layer_support/image_remote_impl.c ++++ b/src/daemon/modules/image/oci/storage/remote_layer_support/image_remote_impl.c +@@ -126,11 +126,43 @@ out: + return ret; + } + ++static int check_top_layer_and_add_image(const char *id) ++{ ++ char *top_layer = NULL; ++ int ret = 0; ++ ++ top_layer = remote_image_get_top_layer_from_json(id); ++ if (top_layer == NULL) { ++ WARN("Can't get top layer id for image: %s, image not add", id); ++ return 0; ++ } ++ ++ if (!remote_layer_layer_valid(top_layer)) { ++ WARN("Current not find valid under layer, remote image:%s not add", id); ++ if (!map_remove(image_byid_new, (void *)id)) { ++ WARN("image %s will not be loaded from remote.", id); ++ } ++ goto out; ++ } ++ ++ if (remote_append_image_by_directory_with_lock(id) != 0) { ++ ERROR("Failed to load image into memrory: %s", id); ++ if (!map_remove(image_byid_new, (void *)id)) { ++ WARN("image %s will not be loaded from remote", id); ++ } ++ ret = -1; ++ } ++ ++out: ++ free(top_layer); ++ ++ return ret; ++} ++ + static int remote_image_add(void *data) + { + char **array_added = NULL; + char **array_deleted = NULL; +- char *top_layer = NULL; + map_t *tmp_map = NULL; + bool exist = true; + size_t i = 0; +@@ -144,20 +176,7 @@ static int remote_image_add(void *data) + array_deleted = remote_deleted_layers(image_byid_old, image_byid_new); + + for (i = 0; i < util_array_len((const char **)array_added); i++) { +- top_layer = remote_image_get_top_layer_from_json(array_added[i]); +- if (top_layer != NULL && !remote_layer_layer_valid(top_layer)) { +- WARN("Current not find valid under layer, remoet image:%s not added", array_added[i]); +- if (!map_remove(image_byid_new, (void *)array_added[i])) { +- WARN("image %s will not be loaded from remote.", array_added[i]); +- } +- continue; +- } +- +- if (remote_append_image_by_directory_with_lock(array_added[i]) != 0) { +- ERROR("Failed to load image into memrory: %s", array_added[i]); +- if (!map_remove(image_byid_new, (void *)array_added[i])) { +- WARN("image %s will not be loaded from remote", array_added[i]); +- } ++ if (check_top_layer_and_add_image(array_added[i]) != 0) { + ret = -1; + } + } +@@ -179,7 +198,6 @@ static int remote_image_add(void *data) + + util_free_array(array_added); + util_free_array(array_deleted); +- free(top_layer); + + return ret; + } +diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c b/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c +index 30caf175..238506c2 100644 +--- a/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c ++++ b/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c +@@ -292,7 +292,7 @@ free_out: + return ret; + } + +-static int remote_image_add(struct remote_overlay_data *data) ++static int remote_overlay_add(struct remote_overlay_data *data) + { + int ret = 0; + char **array_added = NULL; +@@ -346,7 +346,7 @@ void remote_overlay_refresh(struct remote_overlay_data *data) + return; + } + +- if (remote_image_add(data) != 0) { ++ if (remote_overlay_add(data) != 0) { + ERROR("refresh overlay failed"); + } + } +diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c b/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c +index 2bcc43e6..4d234aab 100644 +--- a/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c ++++ b/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c +@@ -135,6 +135,7 @@ static int do_build_ro_dir(const char *home, const char *id) + + nret = asprintf(&ro_layer_dir, "%s/%s/%s", home, REMOTE_RO_LAYER_DIR, id); + if (nret < 0 || nret > PATH_MAX) { ++ ret = -1; + SYSERROR("Failed to create ro layer dir path"); + goto out; + } +-- +2.25.1 + diff --git a/0075-ensure-define-in-local-and-use-correctly-type.patch b/0075-ensure-define-in-local-and-use-correctly-type.patch new file mode 100644 index 0000000..e20131e --- /dev/null +++ b/0075-ensure-define-in-local-and-use-correctly-type.patch @@ -0,0 +1,33 @@ +From dd476a11320c3ab1cca088017fafe7925f5636e6 Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Sat, 27 May 2023 10:18:40 +0800 +Subject: [PATCH 75/79] ensure define in local and use correctly type + +Signed-off-by: haozi007 +--- + src/cmd/isula/volume/prune.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/cmd/isula/volume/prune.c b/src/cmd/isula/volume/prune.c +index 2a3bca3e..c8d632ed 100644 +--- a/src/cmd/isula/volume/prune.c ++++ b/src/cmd/isula/volume/prune.c +@@ -85,7 +85,6 @@ int cmd_volume_prune_main(int argc, const char **argv) + command_t cmd; + char **volumes = NULL; + size_t volumes_len = 0; +- char ch = 'n'; + struct command_option options[] = { LOG_OPTIONS(lconf) COMMON_OPTIONS(g_cmd_volume_prune_args) + PRUNE_OPTIONS(g_cmd_volume_prune_args) + }; +@@ -113,6 +112,7 @@ int cmd_volume_prune_main(int argc, const char **argv) + } + + if (!g_cmd_volume_prune_args.force) { ++ int ch; + printf("WARNING! This will remove all local volumes not used by at least one container.\n"); + printf("Are you sure you want to continue? [y/N]"); + ch = getchar(); +-- +2.25.1 + diff --git a/0076-fix-don-t-cleanup-when-remote-ro-is-enabled.patch b/0076-fix-don-t-cleanup-when-remote-ro-is-enabled.patch new file mode 100644 index 0000000..61d7f8c --- /dev/null +++ b/0076-fix-don-t-cleanup-when-remote-ro-is-enabled.patch @@ -0,0 +1,89 @@ +From ba7bca853f2b2ec1cdfabe37a464776745cbb0ab Mon Sep 17 00:00:00 2001 +From: "Neil.wrz" +Date: Sun, 28 May 2023 19:26:19 -0700 +Subject: [PATCH 76/79] fix don't cleanup when remote ro is enabled + +Signed-off-by: Neil.wrz +--- + src/cmd/isulad/main.c | 2 +- + src/daemon/modules/api/leftover_cleanup_api.h | 4 +++- + .../container/leftover_cleanup/leftover_cleanup_api.c | 9 ++++++++- + .../layer_store/graphdriver/overlay2/driver_overlay2.c | 6 ++++++ + 4 files changed, 18 insertions(+), 3 deletions(-) + +diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c +index f5ded220..0cb7b50e 100644 +--- a/src/cmd/isulad/main.c ++++ b/src/cmd/isulad/main.c +@@ -1249,7 +1249,7 @@ static int isulad_server_init_common() + + #ifndef DISABLE_CLEANUP + // to cleanup leftover, init clean module before other modules. +- if (clean_module_init() != 0) { ++ if (clean_module_init(args->json_confs) != 0) { + ERROR("Failed to init clean module"); + goto out; + } +diff --git a/src/daemon/modules/api/leftover_cleanup_api.h b/src/daemon/modules/api/leftover_cleanup_api.h +index 32a41258..26c4509b 100644 +--- a/src/daemon/modules/api/leftover_cleanup_api.h ++++ b/src/daemon/modules/api/leftover_cleanup_api.h +@@ -15,6 +15,8 @@ + #ifndef DAEMON_MODULES_API_LEFTOVER_CLEANUP_API_H + #define DAEMON_MODULES_API_LEFTOVER_CLEANUP_API_H + ++#include ++ + #if defined(__cplusplus) || defined(c_plusplus) + extern "C" { + #endif +@@ -23,7 +25,7 @@ typedef enum { + BROKEN_ROOTFS = 1 + } cleanup_ctx_data_t; + +-int clean_module_init(); ++int clean_module_init(const isulad_daemon_configs *args); + + void clean_module_fill_ctx(cleanup_ctx_data_t data_type, void *data); + +diff --git a/src/daemon/modules/container/leftover_cleanup/leftover_cleanup_api.c b/src/daemon/modules/container/leftover_cleanup/leftover_cleanup_api.c +index 7bdaef22..8f077916 100644 +--- a/src/daemon/modules/container/leftover_cleanup/leftover_cleanup_api.c ++++ b/src/daemon/modules/container/leftover_cleanup/leftover_cleanup_api.c +@@ -20,8 +20,15 @@ + struct clean_ctx *g_clean_ctx = NULL; + struct cleaners *g_clns = NULL; + +-int clean_module_init() ++int clean_module_init(const isulad_daemon_configs *args) + { ++ if (args->storage_enable_remote_layer) { ++ // need to disable cleanup ++ // cause cleanup may cleanup local broken RO layer ++ // while this RO layer is valid for remote ++ return 0; ++ } ++ + // create cleaners and clean_ctx + g_clns = cleaners_init(); + if (g_clns == NULL) { +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c +index eedbeef2..5ad487f9 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c +@@ -1204,6 +1204,12 @@ int overlay2_rm_layer(const char *id, const struct graphdriver *driver) + } + + #ifdef ENABLE_REMOTE_LAYER_STORE ++ if (!util_fileself_exists(layer_dir)) { ++ WARN("layer direcotry is already removed, can't remove twice"); ++ ret = 0; ++ goto out; ++ } ++ + if (lstat(layer_dir, &stat_buf) < 0) { + SYSERROR("Failed to lstat path: %s", layer_dir); + ret = -1; +-- +2.25.1 + diff --git a/0077-fix-layer-imcomplete-cause-isulad-core.patch b/0077-fix-layer-imcomplete-cause-isulad-core.patch new file mode 100644 index 0000000..037eaac --- /dev/null +++ b/0077-fix-layer-imcomplete-cause-isulad-core.patch @@ -0,0 +1,32 @@ +From 4a57a1eb29b3af344dbc833c067205cf36a9ecf1 Mon Sep 17 00:00:00 2001 +From: zhangxiaoyu +Date: Tue, 30 May 2023 18:59:14 +0800 +Subject: [PATCH 77/79] fix layer imcomplete cause isulad core + +Signed-off-by: zhangxiaoyu +--- + src/daemon/modules/image/oci/storage/layer_store/layer_store.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c +index 6024d734..800a1cd7 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c +@@ -1937,12 +1937,13 @@ static int load_layers_from_json_files() + + // check complete + if (tl->slayer->incompelte) { ++ // item and tl will free after this function + if (do_delete_layer(tl->slayer->id) != 0) { + ERROR("delete layer: %s failed", tl->slayer->id); + ret = -1; + goto unlock_out; + } +- should_save = true; ++ continue; + } + + if (should_save && save_layer(tl) != 0) { +-- +2.25.1 + diff --git a/0078-add-load-layer-testcase.patch b/0078-add-load-layer-testcase.patch new file mode 100644 index 0000000..82c4c56 --- /dev/null +++ b/0078-add-load-layer-testcase.patch @@ -0,0 +1,92 @@ +From f66a0071c916dd96535957acdbe94db658575ae6 Mon Sep 17 00:00:00 2001 +From: zhangxiaoyu +Date: Tue, 30 May 2023 19:00:02 +0800 +Subject: [PATCH 78/79] add load layer testcase + +Signed-off-by: zhangxiaoyu +--- + CI/test_cases/image_cases/load_layers.sh | 72 ++++++++++++++++++++++++ + 1 file changed, 72 insertions(+) + create mode 100755 CI/test_cases/image_cases/load_layers.sh + +diff --git a/CI/test_cases/image_cases/load_layers.sh b/CI/test_cases/image_cases/load_layers.sh +new file mode 100755 +index 00000000..af604064 +--- /dev/null ++++ b/CI/test_cases/image_cases/load_layers.sh +@@ -0,0 +1,72 @@ ++#!/bin/bash ++# ++# attributes: isulad basic load layers ++# concurrent: NA ++# spend time: 5 ++ ++####################################################################### ++##- Copyright (c) Huawei Technologies Co., Ltd. 2023. All rights reserved. ++# - iSulad licensed under the Mulan PSL v2. ++# - You can use this software according to the terms and conditions of the Mulan PSL v2. ++# - You may obtain a copy of Mulan PSL v2 at: ++# - http://license.coscl.org.cn/MulanPSL2 ++# - THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++# - IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++# - PURPOSE. ++# - See the Mulan PSL v2 for more details. ++##- @Description:CI ++##- @Author: zhangxiaoyu ++##- @Create: 2023-05-30 ++####################################################################### ++ ++declare -r curr_path=$(dirname $(readlink -f "$0")) ++source ../helpers.sh ++ ++function test_load_layers() ++{ ++ local ret=0 ++ local image="busybox" ++ local test="load layers test => (${FUNCNAME[@]})" ++ ++ msg_info "${test} starting..." ++ ++ isula pull ${image} ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to pull image: ${image}" && return ${FAILURE} ++ ++ isula images | grep busybox ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - missing list image: ${image}" && ((ret++)) ++ ++ CONT=$(isula run -itd busybox) ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image: ${image}" && ((ret++)) ++ ++ local json_file=/var/lib/isulad/storage/overlay-layers/${CONT}/layer.json ++ test -f ${json_file} ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - layer json not exist" && ((ret++)) ++ ++ check_valgrind_log ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++)) ++ ++ sed -i '2i \"incompelte\"\: true\,' ${json_file} ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to modify layer json" && ((ret++)) ++ ++ start_isulad_with_valgrind ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++)) ++ ++ test -f ${json_file} ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - layer json not exist" && ((ret++)) ++ ++ isula rm -f ${CONT} ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to remove ${CONT}" && ((ret++)) ++ ++ isula rmi ${image} ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to rmi image ${image}" && ((ret++)) ++ ++ msg_info "${test} finished with return ${ret}..." ++ return ${ret} ++} ++ ++declare -i ans=0 ++ ++test_load_layers || ((ans++)) ++ ++show_result ${ans} "${curr_path}/${0}" +-- +2.25.1 + diff --git a/0079-2037-archive-reader-close-if-copy-to-container-faile.patch b/0079-2037-archive-reader-close-if-copy-to-container-faile.patch new file mode 100644 index 0000000..464d371 --- /dev/null +++ b/0079-2037-archive-reader-close-if-copy-to-container-faile.patch @@ -0,0 +1,29 @@ +From bef050c8d5887f3bcf923dd5a275d9c67f47a6d4 Mon Sep 17 00:00:00 2001 +From: zhangxiaoyu +Date: Thu, 1 Jun 2023 02:46:35 +0000 +Subject: [PATCH 79/79] !2037 archive reader close if copy to container failed + * archive reader close if copy to container failed + +--- + src/cmd/isula/stream/cp.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/src/cmd/isula/stream/cp.c b/src/cmd/isula/stream/cp.c +index f85602ed..2b0a79c7 100644 +--- a/src/cmd/isula/stream/cp.c ++++ b/src/cmd/isula/stream/cp.c +@@ -214,10 +214,8 @@ static int client_copy_to_container(const struct client_arguments *args, const c + + config = get_connect_config(args); + ret = ops->container.copy_to_container(&request, response, &config); +- if (ret) { +- goto out; +- } + ++ // archive reader close if copy to container failed + nret = archive_reader.close(archive_reader.context, &archive_err); + if (nret < 0) { + ret = nret; +-- +2.25.1 + diff --git a/iSulad.spec b/iSulad.spec index 719629f..d4d8e93 100644 --- a/iSulad.spec +++ b/iSulad.spec @@ -1,5 +1,5 @@ %global _version 2.0.18 -%global _release 8 +%global _release 9 %global is_systemd 1 %global enable_shimv2 1 %global is_embedded 1 @@ -72,6 +72,26 @@ Patch0056: 0056-remove-unused-headers.patch Patch0057: 0057-change-isulad-shim-epoll-struct.patch Patch0058: 0058-fix-memrealloc-size-error.patch Patch0059: 0059-convert-struct-lcr-start-exec-request.patch +Patch0060: 0060-fix-security-warning.patch +Patch0061: 0061-add-testcase-for-hook-env.patch +Patch0062: 0062-fix-security-warning.patch +Patch0063: 0063-add-try_generate_exec_id-func-for-health-check.patch +Patch0064: 0064-split-remote-grpc-code-by-macro.patch +Patch0065: 0065-move-signal_routine-and-g_log_fd-to-common-and-and-s.patch +Patch0066: 0066-add-ut-for-runc.patch +Patch0067: 0067-runc-add-ci-for-runc.patch +Patch0068: 0068-fix-ci-error.patch +Patch0069: 0069-restore-bind_special_dir.sh.patch +Patch0070: 0070-ensure-isulad_io-not-NULL-before-close-fd.patch +Patch0071: 0071-recheck-delete-command-exit-status.patch +Patch0072: 0072-restore-execSync-return-value.patch +Patch0073: 0073-fix-memory-leak-and-array-access-out-of-range.patch +Patch0074: 0074-fix-memory-leak-of-top_layer.patch +Patch0075: 0075-ensure-define-in-local-and-use-correctly-type.patch +Patch0076: 0076-fix-don-t-cleanup-when-remote-ro-is-enabled.patch +Patch0077: 0077-fix-layer-imcomplete-cause-isulad-core.patch +Patch0078: 0078-add-load-layer-testcase.patch +Patch0079: 0079-2037-archive-reader-close-if-copy-to-container-faile.patch %ifarch x86_64 aarch64 Provides: libhttpclient.so()(64bit) @@ -316,6 +336,12 @@ fi %endif %changelog +* Thu Jun 01 2023 zhangxiaoyu - 2.0.18-9 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: upgrade from upstream + * Mon May 08 2023 penghaitao - 2.0.18-8 - Type: bugfix - ID: NA