packages/iSulad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!645 [sync] PR-641: upgrade from upstream

Browse Source 
* upgrade from upstream
This commit is contained in:
openeuler-sync-bot 2023-12-22 01:09:39 +00:00 committed by haozi007
parent bc22968026
commit 955d185c18
37 changed files with 5068 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
0146-2195-Add-retry-function-for-bigdata_stream_runc.patch Normal file
View File

@ -0,0 +1,58 @@
From c7497b9267e7d1a90302260768421d473e3d238d Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 18 Sep 2023 13:02:04 +0000
Subject: [PATCH 146/181] !2195 Add retry function for bigdata_stream_runc *
Add retry function for bigdata_stream_runc
---
.../container_cases/bigdata_stream_runc.sh | 20 +++++++++++++++++--
1 file changed, 18 insertions(+), 2 deletions(-)
diff --git a/CI/test_cases/container_cases/bigdata_stream_runc.sh b/CI/test_cases/container_cases/bigdata_stream_runc.sh
index 3a384cd8..dce9ccb4 100755
--- a/CI/test_cases/container_cases/bigdata_stream_runc.sh
+++ b/CI/test_cases/container_cases/bigdata_stream_runc.sh
@@ -21,6 +21,20 @@
declare -r curr_path=$(dirname $(readlink -f "$0"))
source ../helpers.sh
+# $1 : retry limit
+# $2 : retry_interval
+function do_retry_check_residual()
+{
+ for i in $(seq 1 "$1"); do
+ ps aux | grep "cat test_" | grep -v "grep"
+ if [ $? -ne 0 ]; then
+ return 0
+ fi
+ sleep $2
+ done
+ return 1
+}
+
function set_up()
{
local ret=0
@@ -65,6 +79,8 @@ function record_origin_status()
function check_last_status()
{
local ret=0
+ local retry_limit=20
+ local retry_interval=1
sleep 5
ps -T -p $(cat /var/run/isulad.pid) | grep IoCopy
[[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - IOCopy Thread residue" && ((ret++))
@@ -97,8 +113,8 @@ function check_last_status()
msg_err "${FUNCNAME[0]}:${LINENO} - client not exit!!" && ((ret++))
fi
- ps aux | grep "cat test_" | grep -v "grep"
- if [[ $? -eq 0 ]]; then
+ do_retry_check_residual ${retry_limit} ${retry_interval}
+ if [[ $? -ne 0 ]]; then
msg_err "${FUNCNAME[0]}:${LINENO} - business process residual" && ((ret++))
fi
--
2.42.0

26
0147-2213-bugfix-for-rt_isula_exec_resize.patch Normal file
View File

@ -0,0 +1,26 @@
From 17574fcb7be53ec31ca656b60909a0b76ca80068 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 18 Oct 2023 08:29:11 +0000
Subject: [PATCH 147/181] !2213 bugfix for rt_isula_exec_resize * bugfix for
rt_isula_exec_resize
---
src/daemon/modules/runtime/isula/isula_rt_ops.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index d35e2351..a0c7ac29 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -1688,6 +1688,8 @@ int rt_isula_exec_resize(const char *id, const char *runtime, const rt_exec_resi
goto out;
}
+ ret = 0;
+
out:
close(fd);
return ret;
--
2.42.0

97
0148-2214-imporove-isula_rt_opts-code.patch Normal file
View File

@ -0,0 +1,97 @@
From 79506b5bd26eeacd838701eeaf116831e3c19911 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Thu, 19 Oct 2023 06:53:15 +0000
Subject: [PATCH 148/181] !2214 imporove isula_rt_opts code * imporove
isula_rt_opts code
---
.../modules/runtime/isula/isula_rt_ops.c | 22 +++++++++----------
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index a0c7ac29..6c5d809e 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -1364,7 +1364,7 @@ int rt_isula_status(const char *id, const char *runtime, const rt_status_params_
ret = snprintf(workdir, sizeof(workdir), "%s/%s", params->state, id);
if (ret < 0 || (size_t)ret >= sizeof(workdir)) {
- ERROR("failed join full workdir %s/%s", params->rootpath, id);
+ ERROR("Failed join full workdir %s/%s", params->state, id);
goto out;
}
@@ -1600,7 +1600,7 @@ int rt_isula_resources_stats(const char *id, const char *runtime, const rt_stats
ret = snprintf(workdir, sizeof(workdir), "%s/%s", params->state, id);
if (ret < 0 || (size_t)ret >= sizeof(workdir)) {
- ERROR("failed join full workdir %s/%s", params->rootpath, id);
+ ERROR("Failed join full workdir %s/%s", params->state, id);
goto out;
}
@@ -1633,44 +1633,44 @@ int rt_isula_exec_resize(const char *id, const char *runtime, const rt_exec_resi
int ret = 0;
if (id == NULL || runtime == NULL || params == NULL) {
- ERROR("nullptr arguments not allowed");
+ ERROR("Nullptr arguments not allowed");
return -1;
}
/* crictl not suport exec auto resize */
if (params->suffix == NULL) {
- WARN("exec resize not support when isula not being used");
+ WARN("Exec resize not support when isula not being used");
return 0;
}
ret = snprintf(workdir, sizeof(workdir), "%s/%s/exec/%s", params->state, id, params->suffix);
if (ret < 0 || (size_t)ret >= sizeof(workdir)) {
- ERROR("failed join full workdir %s/%s", params->rootpath, id);
- goto out;
+ ERROR("Failed to join exec resize workdir path");
+ return -1;
}
ret = snprintf(resize_fifo_path, sizeof(resize_fifo_path), "%s/%s", workdir, RESIZE_FIFO_NAME);
if (ret < 0 || (size_t)ret >= sizeof(resize_fifo_path)) {
- ERROR("failed to join exec fifo path");
+ ERROR("Failed to join resize fifo path");
return -1;
}
ret = snprintf(data, sizeof(data), "%u %u", params->width, params->height);
if (ret < 0 || (size_t)ret >= sizeof(data)) {
- ERROR("failed to write resize data");
+ ERROR("Failed to write resize data");
return -1;
}
fd = util_open(resize_fifo_path, O_WRONLY | O_NONBLOCK, 0);
if (fd == -1) {
- ERROR("open exec resize fifo error");
+ ERROR("Open exec resize fifo error");
ret = -1;
goto out;
}
count = util_write_nointr(fd, data, strlen(data));
if (count < 0 || (size_t)count != strlen(data)) {
- ERROR("write exec resize data error");
+ ERROR("Write exec resize data error");
ret = -1;
goto out;
}
@@ -1683,7 +1683,7 @@ int rt_isula_exec_resize(const char *id, const char *runtime, const rt_exec_resi
}
if (kill(pid, SIGWINCH) < 0) {
- SYSERROR("can't kill process (pid=%d) with signal %u", pid, SIGWINCH);
+ SYSERROR("Can't kill process (pid=%d) with signal %u", pid, SIGWINCH);
ret = -1;
goto out;
}
--
2.42.0

675
0149-refactor-update-possible-changed-resources-for-oci-s.patch Normal file
View File

@ -0,0 +1,675 @@
From e62735943ed069ee0c3685c8bb8da3308ccd45ca Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Tue, 17 Oct 2023 15:52:11 +0800
Subject: [PATCH 149/181] [refactor] update possible changed resources for oci
spec
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
src/cmd/isulad/main.c | 13 +-
src/daemon/config/isulad_config.c | 6 +-
src/daemon/modules/api/specs_api.h | 11 +-
.../container/container_events_handler.c | 2 +-
.../modules/service/service_container.c | 68 +++++++--
src/daemon/modules/spec/specs.c | 115 +++++++++------
src/daemon/modules/spec/specs_mount.c | 133 +++++++++++++++---
src/daemon/modules/spec/specs_mount.h | 6 +-
.../image/oci/oci_config_merge/CMakeLists.txt | 4 +
9 files changed, 276 insertions(+), 82 deletions(-)
diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c
index e624cfdd..8d4d886b 100644
--- a/src/cmd/isulad/main.c
+++ b/src/cmd/isulad/main.c
@@ -1319,7 +1319,7 @@ static int ensure_isulad_tmpdir_security()
if (do_ensure_isulad_tmpdir_security("/tmp") != 0) {
WARN("Failed to ensure the /tmp directory is a safe directory");
}
-
+
return 0;
}
@@ -1371,12 +1371,17 @@ static int isulad_server_init_common()
goto out;
}
- if (containers_store_init()) {
+ if (spec_module_init() != 0) {
+ ERROR("Failed to init spec module");
+ goto out;
+ }
+
+ if (containers_store_init() != 0) {
ERROR("Failed to init containers store");
goto out;
}
- if (container_name_index_init()) {
+ if (container_name_index_init() != 0) {
ERROR("Failed to init name index");
goto out;
}
@@ -1782,7 +1787,7 @@ int main(int argc, char **argv)
msg = "Failed to init plugin_manager";
goto failure;
}
-#endif
+#endif
clock_gettime(CLOCK_MONOTONIC, &t_end);
use_time = (double)(t_end.tv_sec - t_start.tv_sec) * (double)1000000000 + (double)(t_end.tv_nsec - t_start.tv_nsec);
diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c
index 0e389dd1..ce2ae1c1 100644
--- a/src/daemon/config/isulad_config.c
+++ b/src/daemon/config/isulad_config.c
@@ -998,7 +998,7 @@ static defs_hook *hooks_elem_dup(const defs_hook *src)
dest = (defs_hook *)util_common_calloc_s(sizeof(defs_hook));
if (dest == NULL) {
ERROR("Out of memory");
- return NULL;
+ return NULL;
}
dest->path = util_strdup_s(src->path);
@@ -1046,7 +1046,7 @@ static int hooks_array_dup(const defs_hook **src, const size_t src_len, defs_hoo
return -1;
}
- for(i = 0; i < src_len; i++) {
+ for (i = 0; i < src_len; i++) {
tmp_dst[i] = hooks_elem_dup(src[i]);
if (tmp_dst[i] == NULL) {
ERROR("Failed to duplicate hooks element");
@@ -1060,7 +1060,7 @@ static int hooks_array_dup(const defs_hook **src, const size_t src_len, defs_hoo
return 0;
err_out:
- for(i = 0; i < tmp_len; i++) {
+ for (i = 0; i < tmp_len; i++) {
free_defs_hook(tmp_dst[i]);
}
free(tmp_dst);
diff --git a/src/daemon/modules/api/specs_api.h b/src/daemon/modules/api/specs_api.h
index 0a594d81..1a6af9ae 100644
--- a/src/daemon/modules/api/specs_api.h
+++ b/src/daemon/modules/api/specs_api.h
@@ -29,8 +29,7 @@ int merge_all_specs(host_config *host_spec, const char *real_rootfs, container_c
oci_runtime_spec *oci_spec);
char *merge_container_cgroups_path(const char *id, const host_config *host_spec);
int merge_global_config(oci_runtime_spec *oci_spec);
-oci_runtime_spec *load_oci_config(const char *rootpath, const char *name);
-oci_runtime_spec *default_spec(bool system_container);
+
int merge_conf_cgroup(oci_runtime_spec *oci_spec, const host_config *host_spec);
int save_oci_config(const char *id, const char *rootpath, const oci_runtime_spec *oci_spec);
@@ -40,6 +39,14 @@ int parse_security_opt(const host_config *host_spec, bool *no_new_privileges, ch
int merge_share_namespace(oci_runtime_spec *oci_spec, const host_config *host_spec,
const container_config_v2_common_config_network_settings *network_settings);
+oci_runtime_spec *load_oci_config(const char *rootpath, const char *name);
+
+oci_runtime_spec *default_spec(bool system_container);
+
+const oci_runtime_spec *get_readonly_default_oci_spec(bool system_container);
+
+int spec_module_init(void);
+
#ifdef __cplusplus
}
#endif
diff --git a/src/daemon/modules/container/container_events_handler.c b/src/daemon/modules/container/container_events_handler.c
index d56c2ee0..6a223bd2 100644
--- a/src/daemon/modules/container/container_events_handler.c
+++ b/src/daemon/modules/container/container_events_handler.c
@@ -157,7 +157,7 @@ static int container_state_changed(container_t *cont, const struct isulad_events
container_wait_stop_cond_broadcast(cont);
#ifdef ENABLE_PLUGIN
plugin_event_container_post_stop(cont);
-#endif
+#endif
}
auto_remove = !should_restart && cont->hostconfig != NULL && cont->hostconfig->auto_remove;
diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
index 58b27f90..a5c12862 100644
--- a/src/daemon/modules/service/service_container.c
+++ b/src/daemon/modules/service/service_container.c
@@ -13,19 +13,11 @@
* Description: provide container supervisor functions
******************************************************************************/
#define _GNU_SOURCE
-#include <sys/stat.h>
#include <unistd.h>
#include <sys/mount.h>
#include <sys/eventfd.h>
#include <errno.h>
#include <fcntl.h>
-#include <isula_libutils/container_config.h>
-#include <isula_libutils/container_config_v2.h>
-#include <isula_libutils/container_exec_request.h>
-#include <isula_libutils/container_exec_response.h>
-#include <isula_libutils/defs.h>
-#include <isula_libutils/host_config.h>
-#include <isula_libutils/oci_runtime_spec.h>
#include <limits.h>
#include <pthread.h>
#include <signal.h>
@@ -35,15 +27,28 @@
#include <stdlib.h>
#include <string.h>
#include <strings.h>
+#include <sys/stat.h>
+#include <sys/mount.h>
+#include <sys/eventfd.h>
+#include <sys/epoll.h>
+
+#include <isula_libutils/container_config.h>
+#include <isula_libutils/container_config_v2.h>
+#include <isula_libutils/container_exec_request.h>
+#include <isula_libutils/container_exec_response.h>
+#include <isula_libutils/defs.h>
+#include <isula_libutils/host_config.h>
+#include <isula_libutils/oci_runtime_spec.h>
+#include <isula_libutils/log.h>
#include "service_container_api.h"
-#include "isula_libutils/log.h"
#include "utils.h"
#include "err_msg.h"
#include "events_sender_api.h"
#include "image_api.h"
#include "specs_api.h"
#include "specs_mount.h"
+#include "specs_extend.h"
#include "isulad_config.h"
#include "verify.h"
#include "plugin_api.h"
@@ -678,6 +683,43 @@ out:
epoll_loop_close(&descr);
}
+static int do_oci_spec_update(const char *id, oci_runtime_spec *oci_spec, host_config *hostconfig)
+{
+ char *cgroup_parent = NULL;
+ int ret;
+
+ // If isulad daemon cgroup parent updated, we should update this config into oci spec
+ cgroup_parent = merge_container_cgroups_path(id, hostconfig);
+ if (cgroup_parent == NULL) {
+ return -1;
+ }
+ if (oci_spec->linux->cgroups_path != NULL && strcmp(oci_spec->linux->cgroups_path, cgroup_parent) != 0) {
+ free(oci_spec->linux->cgroups_path);
+ oci_spec->linux->cgroups_path = cgroup_parent;
+ cgroup_parent = NULL;
+ }
+ free(cgroup_parent);
+
+ // For Linux.Resources, isula update will save changes into oci spec;
+ // so we just skip it;
+
+ // Remove old devices and update all devices
+ ret = update_devcies_for_oci_spec(oci_spec, hostconfig);
+ if (ret != 0) {
+ ERROR("Failed to do update devices for oci spec");
+ return -1;
+ }
+
+ // If isulad daemon ulimit updated, we should update this config into oci spec.
+ if (merge_global_ulimit(oci_spec) != 0) {
+ return -1;
+ }
+
+ // renew_oci_config() will update process->user and share namespace after.
+
+ return 0;
+}
+
static int do_start_container(container_t *cont, const char *console_fifos[], bool reset_rm, pid_ppid_info_t *pid_info)
{
int ret = 0;
@@ -752,6 +794,14 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo
goto close_exit_fd;
}
+ // Update possible changes
+ nret = do_oci_spec_update(id, oci_spec, cont->hostconfig);
+ if (nret != 0) {
+ ERROR("Failed to update possible changes for oci spec");
+ ret = -1;
+ goto close_exit_fd;
+ }
+
nret = setup_ipc_dirs(cont->hostconfig, cont->common_config);
if (nret != 0) {
ERROR("Failed to setup ipc dirs");
diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c
index 0c7d58b3..a8912c96 100644
--- a/src/daemon/modules/spec/specs.c
+++ b/src/daemon/modules/spec/specs.c
@@ -17,6 +17,8 @@
#include <stdio.h>
#include <stdbool.h>
#include <errno.h>
+#include <limits.h>
+#include <stdint.h>
#include <isula_libutils/container_config.h>
#include <isula_libutils/container_config_v2.h>
#include <isula_libutils/defs.h>
@@ -76,6 +78,13 @@
#define CLONE_NEWCGROUP 0x02000000
#endif
+struct readonly_default_oci_spec {
+ oci_runtime_spec *cont;
+ oci_runtime_spec *system_cont;
+};
+
+static struct readonly_default_oci_spec g_rdspec;
+
static int make_sure_oci_spec_annotations(oci_runtime_spec *oci_spec)
{
if (oci_spec->annotations == NULL) {
@@ -377,29 +386,6 @@ out:
return ret;
}
-/* default_spec returns default oci spec used by isulad. */
-oci_runtime_spec *default_spec(bool system_container)
-{
- const char *oci_file = OCICONFIG_PATH;
- if (system_container) {
- oci_file = OCI_SYSTEM_CONTAINER_CONFIG_PATH;
- }
- oci_runtime_spec *oci_spec = NULL;
- parser_error err = NULL;
-
- /* parse the input oci file */
- oci_spec = oci_runtime_spec_parse_file(oci_file, NULL, &err);
- if (oci_spec == NULL) {
- ERROR("Failed to parse OCI specification file \"%s\", error message: %s", oci_file, err);
- isulad_set_error_message("Can not read the default /etc/default/isulad/config.json file: %s", err);
- goto out;
- }
-
-out:
- free(err);
- return oci_spec;
-}
-
static int make_sure_oci_spec_root(oci_runtime_spec *oci_spec)
{
if (oci_spec->root == NULL) {
@@ -1711,20 +1697,20 @@ static int merge_resources_conf(oci_runtime_spec *oci_spec, host_config *host_sp
ret = merge_conf_cgroup(oci_spec, host_spec);
if (ret != 0) {
- goto out;
+ return -1;
}
- ret = merge_conf_device(oci_spec, host_spec);
+ ret = merge_conf_blkio_device(oci_spec, host_spec);
if (ret != 0) {
- goto out;
+ return -1;
}
- ret = merge_conf_mounts(oci_spec, host_spec, v2_spec);
- if (ret) {
- goto out;
+ ret = merge_conf_devices(oci_spec, host_spec);
+ if (ret != 0) {
+ return -1;
}
-out:
- return ret;
+
+ return merge_conf_mounts(oci_spec, host_spec, v2_spec);
}
static int merge_terminal(oci_runtime_spec *oci_spec, bool terminal)
@@ -2279,7 +2265,7 @@ oci_runtime_spec *load_oci_config(const char *rootpath, const char *name)
nret = snprintf(filename, sizeof(filename), "%s/%s/%s", rootpath, name, OCI_CONFIG_JSON);
if (nret < 0 || (size_t)nret >= sizeof(filename)) {
ERROR("Failed to print string");
- goto out;
+ return NULL;
}
ociconfig = oci_runtime_spec_parse_file(filename, NULL, &err);
@@ -2288,6 +2274,7 @@ oci_runtime_spec *load_oci_config(const char *rootpath, const char *name)
isulad_set_error_message("Parse oci config file failed:%s", err);
goto out;
}
+
out:
free(err);
return ociconfig;
@@ -2295,36 +2282,80 @@ out:
int save_oci_config(const char *id, const char *rootpath, const oci_runtime_spec *oci_spec)
{
- int ret = 0;
int nret = 0;
- char *json_container = NULL;
char file_path[PATH_MAX] = { 0x0 };
struct parser_context ctx = { OPT_PARSE_STRICT, stderr };
+ char *json_container = NULL;
parser_error err = NULL;
+ int ret = 0;
nret = snprintf(file_path, PATH_MAX, "%s/%s/%s", rootpath, id, OCI_CONFIG_JSON);
if (nret < 0 || (size_t)nret >= PATH_MAX) {
ERROR("Failed to print string");
- ret = -1;
- goto out_free;
+ return -1;
}
json_container = oci_runtime_spec_generate_json(oci_spec, &ctx, &err);
if (json_container == NULL) {
ERROR("Failed to generate json: %s", err);
ret = -1;
- goto out_free;
+ goto out;
}
- if (util_atomic_write_file(file_path, json_container, strlen(json_container), DEFAULT_SECURE_FILE_MODE, false) !=
- 0) {
+ nret = util_atomic_write_file(file_path, json_container, strlen(json_container), DEFAULT_SECURE_FILE_MODE, false);
+ if (nret != 0) {
SYSERROR("write json container failed");
ret = -1;
- goto out_free;
+ goto out;
}
-out_free:
- free(err);
+out:
free(json_container);
+ free(err);
return ret;
}
+
+/* default_spec returns default oci spec used by isulad. */
+oci_runtime_spec *default_spec(bool system_container)
+{
+ const char *oci_file = OCICONFIG_PATH;
+ if (system_container) {
+ oci_file = OCI_SYSTEM_CONTAINER_CONFIG_PATH;
+ }
+ oci_runtime_spec *oci_spec = NULL;
+ parser_error err = NULL;
+
+ /* parse the input oci file */
+ oci_spec = oci_runtime_spec_parse_file(oci_file, NULL, &err);
+ if (oci_spec == NULL) {
+ ERROR("Failed to parse OCI specification file \"%s\", error message: %s", oci_file, err);
+ isulad_set_error_message("Can not read the default %s file: %s", oci_file, err);
+ goto out;
+ }
+
+out:
+ free(err);
+ return oci_spec;
+}
+
+const oci_runtime_spec *get_readonly_default_oci_spec(bool system_container)
+{
+ if (system_container) {
+ return g_rdspec.system_cont;
+ }
+
+ return g_rdspec.cont;
+}
+
+int spec_module_init(void)
+{
+ g_rdspec.cont = default_spec(false);
+ if (g_rdspec.cont == NULL) {
+ return -1;
+ }
+ g_rdspec.system_cont = default_spec(true);
+ if (g_rdspec.system_cont == NULL) {
+ return -1;
+ }
+ return 0;
+}
\ No newline at end of file
diff --git a/src/daemon/modules/spec/specs_mount.c b/src/daemon/modules/spec/specs_mount.c
index cd3a5c9d..bb2b200a 100644
--- a/src/daemon/modules/spec/specs_mount.c
+++ b/src/daemon/modules/spec/specs_mount.c
@@ -53,6 +53,7 @@
#include "image_api.h"
#include "volume_api.h"
#include "parse_volume.h"
+#include "specs_api.h"
enum update_rw {
update_rw_untouch,
@@ -2212,7 +2213,24 @@ out:
return ret;
}
-int merge_conf_device(oci_runtime_spec *oci_spec, host_config *host_spec)
+int merge_conf_devices(oci_runtime_spec *oci_spec, host_config *host_spec)
+{
+ /* devices which will be populated into container */
+ if (merge_conf_populate_device(oci_spec, host_spec)) {
+ ERROR("Merge user define devices failed");
+ return -1;
+ }
+
+ /* device cgroup rules which will be added into container */
+ if (merge_conf_device_cgroup_rule(oci_spec, host_spec)) {
+ ERROR("Merge user define device cgroup rules failed");
+ return -1;
+ }
+
+ return 0;
+}
+
+int merge_conf_blkio_device(oci_runtime_spec *oci_spec, host_config *host_spec)
{
int ret = 0;
@@ -2226,7 +2244,7 @@ int merge_conf_device(oci_runtime_spec *oci_spec, host_config *host_spec)
ret = merge_blkio_weight_device(oci_spec, host_spec->blkio_weight_device, host_spec->blkio_weight_device_len);
if (ret != 0) {
ERROR("Failed to merge blkio weight devices");
- goto out;
+ return -1;
}
}
@@ -2236,7 +2254,7 @@ int merge_conf_device(oci_runtime_spec *oci_spec, host_config *host_spec)
host_spec->blkio_device_read_bps_len);
if (ret != 0) {
ERROR("Failed to merge blkio read bps devices");
- goto out;
+ return -1;
}
}
@@ -2246,7 +2264,7 @@ int merge_conf_device(oci_runtime_spec *oci_spec, host_config *host_spec)
host_spec->blkio_device_write_bps_len);
if (ret != 0) {
ERROR("Failed to merge blkio write bps devices");
- goto out;
+ return -1;
}
}
@@ -2256,7 +2274,7 @@ int merge_conf_device(oci_runtime_spec *oci_spec, host_config *host_spec)
host_spec->blkio_device_read_iops_len);
if (ret != 0) {
ERROR("Failed to merge blkio read iops devices");
- goto out;
+ return -1;
}
}
@@ -2266,24 +2284,11 @@ int merge_conf_device(oci_runtime_spec *oci_spec, host_config *host_spec)
host_spec->blkio_device_write_iops_len);
if (ret != 0) {
ERROR("Failed to merge blkio write iops devices");
- goto out;
+ return -1;
}
}
- /* devices which will be populated into container */
- if (merge_conf_populate_device(oci_spec, host_spec)) {
- ret = -1;
- goto out;
- }
-
- /* device cgroup rules which will be added into container */
- if (merge_conf_device_cgroup_rule(oci_spec, host_spec)) {
- ret = -1;
- goto out;
- }
-
-out:
- return ret;
+ return 0;
}
static bool mounts_expand(defs_mount ***all_mounts, size_t *all_mounts_len, size_t add_len)
@@ -3488,3 +3493,91 @@ out:
free(mntparent);
return ret;
}
+
+int update_devcies_for_oci_spec(oci_runtime_spec *oci_spec, host_config *hostconfig)
+{
+ const oci_runtime_spec *readonly_spec = NULL;
+ size_t i;
+ int ret;
+
+ // Step1: get default oci spec config
+ readonly_spec = get_readonly_default_oci_spec(hostconfig->system_container);
+
+ // Step2: clear oci_spec devices items
+ for (i = 0; i < oci_spec->linux->devices_len; i++) {
+ free_defs_device(oci_spec->linux->devices[i]);
+ oci_spec->linux->devices[i] = NULL;
+ }
+ // Step3: if default devices length more than old spec, just realloc memory
+ if (readonly_spec->linux->devices_len > oci_spec->linux->devices_len) {
+ free(oci_spec->linux->devices);
+ oci_spec->linux->devices = util_smart_calloc_s(sizeof(defs_device *), readonly_spec->linux->devices_len);
+ if (oci_spec->linux->devices == NULL) {
+ oci_spec->linux->devices_len = 0;
+ ERROR("Out of memory");
+ return -1;
+ }
+ }
+ oci_spec->linux->devices_len = 0;
+ // Step4: copy default devices to oci spec
+ for (i = 0; i < readonly_spec->linux->devices_len; i++) {
+ defs_device *tmp_dev = util_common_calloc_s(sizeof(defs_device));
+ if (tmp_dev == NULL) {
+ ERROR("Out of memory");
+ return -1;
+ }
+ tmp_dev->type = util_strdup_s(readonly_spec->linux->devices[i]->type);
+ tmp_dev->path = util_strdup_s(readonly_spec->linux->devices[i]->path);
+ tmp_dev->file_mode = readonly_spec->linux->devices[i]->file_mode;
+ tmp_dev->major = readonly_spec->linux->devices[i]->major;
+ tmp_dev->minor = readonly_spec->linux->devices[i]->minor;
+ tmp_dev->uid = readonly_spec->linux->devices[i]->uid;
+ tmp_dev->gid = readonly_spec->linux->devices[i]->gid;
+ oci_spec->linux->devices[i] = tmp_dev;
+ oci_spec->linux->devices_len += 1;
+ }
+
+ // Step5: clear oci_spec device cgroup rules
+ for (i = 0; i < oci_spec->linux->resources->devices_len; i++) {
+ free_defs_device_cgroup(oci_spec->linux->resources->devices[i]);
+ oci_spec->linux->resources->devices[i] = NULL;
+ }
+ // Step6: if default devices lenght more than old spec, just realloc memory
+ if (readonly_spec->linux->resources->devices_len > oci_spec->linux->resources->devices_len) {
+ free(oci_spec->linux->resources->devices);
+ oci_spec->linux->resources->devices = util_smart_calloc_s(sizeof(defs_device_cgroup *),
+ readonly_spec->linux->resources->devices_len);
+ if (oci_spec->linux->resources->devices == NULL) {
+ oci_spec->linux->resources->devices_len = 0;
+ ERROR("Out of memory");
+ return -1;
+ }
+ }
+ oci_spec->linux->resources->devices_len = 0;
+ // Step7: copy default device cgroup rules to oci spec
+ for (i = 0; i < readonly_spec->linux->resources->devices_len; i++) {
+ defs_device_cgroup *tmp_dev_cg = util_common_calloc_s(sizeof(defs_device_cgroup));
+ if (tmp_dev_cg == NULL) {
+ ERROR("Out of memory");
+ return -1;
+ }
+ tmp_dev_cg->allow = readonly_spec->linux->resources->devices[i]->allow;
+ tmp_dev_cg->major = readonly_spec->linux->resources->devices[i]->major;
+ tmp_dev_cg->minor = readonly_spec->linux->resources->devices[i]->minor;
+ tmp_dev_cg->type = util_strdup_s(readonly_spec->linux->resources->devices[i]->type);
+ tmp_dev_cg->access = util_strdup_s(readonly_spec->linux->resources->devices[i]->access);
+ oci_spec->linux->resources->devices[i] = tmp_dev_cg;
+ oci_spec->linux->resources->devices_len += 1;
+ }
+
+ // Step8: do update devices and cgroup device rules at here
+ if (hostconfig->privileged) {
+ // Step8.1: for priviledged container, we should merge all devices under /dev
+ ret = merge_all_devices_and_all_permission(oci_spec);
+ } else {
+ // Step8.2: for common container, we should merge devices defined by user in hostconfig
+ ret = merge_conf_devices(oci_spec, hostconfig);
+ }
+
+ return ret;
+}
\ No newline at end of file
diff --git a/src/daemon/modules/spec/specs_mount.h b/src/daemon/modules/spec/specs_mount.h
index 8a28f0e2..b742ca35 100644
--- a/src/daemon/modules/spec/specs_mount.h
+++ b/src/daemon/modules/spec/specs_mount.h
@@ -41,10 +41,14 @@ int set_mounts_readwrite_option(const oci_runtime_spec *oci_spec);
int merge_all_devices_and_all_permission(oci_runtime_spec *oci_spec);
-int merge_conf_device(oci_runtime_spec *oci_spec, host_config *host_spec);
+int merge_conf_devices(oci_runtime_spec *oci_spec, host_config *host_spec);
+
+int merge_conf_blkio_device(oci_runtime_spec *oci_spec, host_config *host_spec);
int setup_ipc_dirs(host_config *host_spec, container_config_v2_common_config *v2_spec);
+int update_devcies_for_oci_spec(oci_runtime_spec *oci_spec, host_config *hostconfig);
+
#ifdef __cplusplus
}
#endif
diff --git a/test/image/oci/oci_config_merge/CMakeLists.txt b/test/image/oci/oci_config_merge/CMakeLists.txt
index 42cd2e78..d76de35d 100644
--- a/test/image/oci/oci_config_merge/CMakeLists.txt
+++ b/test/image/oci/oci_config_merge/CMakeLists.txt
@@ -31,7 +31,11 @@ add_executable(${EXE}
${CMAKE_CURRENT_SOURCE_DIR}/../../../../test/mocks/namespace_mock.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../../test/mocks/container_unix_mock.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/spec/parse_volume.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/spec/specs.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/spec/parse_volume.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/spec/specs_mount.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/spec/specs_extend.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/spec/specs_security.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/volume/volume.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/volume/local.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../test/mocks/selinux_label_mock.cc
--
2.42.0

119
0150-add-CI-testcase-for-update-oci-spec-in-start-op.patch Normal file
View File

@ -0,0 +1,119 @@
From 39361065ba79666a242df0349d6b8ae61bf44b1e Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Sat, 28 Oct 2023 10:57:13 +0800
Subject: [PATCH 150/181] add CI testcase for update oci spec in start op
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
.../container_cases/dev_cgroup_rule.sh | 50 ++++++++++++++++++-
CI/test_cases/container_cases/ulimit.sh | 13 +++++
2 files changed, 61 insertions(+), 2 deletions(-)
diff --git a/CI/test_cases/container_cases/dev_cgroup_rule.sh b/CI/test_cases/container_cases/dev_cgroup_rule.sh
index 651433c0..839a546c 100755
--- a/CI/test_cases/container_cases/dev_cgroup_rule.sh
+++ b/CI/test_cases/container_cases/dev_cgroup_rule.sh
@@ -25,8 +25,10 @@ source ../helpers.sh
function test_cpu_dev_cgoup_rule_spec()
{
local ret=0
+ local runtime=$1
local image="busybox"
- local test="container device cgroup rule test => (${FUNCNAME[@]})"
+ local test="container device cgroup rule test with (${runtime}) => (${FUNCNAME[@]})"
+ local test_dev="/dev/testA"
msg_info "${test} starting..."
@@ -36,6 +38,47 @@ function test_cpu_dev_cgoup_rule_spec()
isula images | grep busybox
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - missing list image: ${image}" && ((ret++))
+ rm -f $test_dev
+ priv_cid=$(isula run -tid --privileged --runtime $runtime $image /bin/sh)
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - run priviledged container failed" && ((ret++))
+ priv_major_88_cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$priv_cid/config.json | grep "major\": 88" | wc -l)
+ priv_minor_88_cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$priv_cid/config.json | grep "minor\": 88" | wc -l)
+
+ mknod $test_dev c 88 88
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - mknod failed" && ((ret++))
+ isula restart -t 0 $priv_cid
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - restart priviledge container failed" && ((ret++))
+ cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$priv_cid/config.json | grep "major\": 88" | wc -l)
+ [[ $? -ne 0 ]]&& [[ $cnt -le $priv_major_88_cnt ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device major failed" && ((ret++))
+ cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$priv_cid/config.json | grep "minor\": 88" | wc -l)
+ [[ $? -ne 0 ]] && [[ $cnt -le $priv_minor_88_cnt ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device minor failed" && ((ret++))
+ isula rm -f $priv_cid
+
+ cid=$(isula run -tid --device "$test_dev:$test_dev" --runtime $runtime $image /bin/sh)
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - run container failed" && ((ret++))
+ cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$cid/config.json | grep "major\": 88" | wc -l)
+ [[ $? -ne 0 ]]&& [[ $cnt -ne 2 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device major failed" && ((ret++))
+ cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$cid/config.json | grep "minor\": 88" | wc -l)
+ [[ $? -ne 0 ]] && [[ $cnt -ne 2 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device minor failed" && ((ret++))
+ isula exec -it $cid sh -c "cat /sys/fs/cgroup/devices/devices.list" | grep "c 88:88 rwm"
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to check c 88:88 rwm: ${image}" && ((ret++))
+ isula stop -t 0 $cid
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop container failed" && ((ret++))
+ rm -f $test_dev
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - rm device failed" && ((ret++))
+ mknod $test_dev c 99 99
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - mknod failed" && ((ret++))
+ isula start $cid
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start container failed" && ((ret++))
+ cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$cid/config.json | grep "major\": 99" | wc -l)
+ [[ $? -ne 0 ]]&& [[ $cnt -ne 2 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device major failed" && ((ret++))
+ cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$cid/config.json | grep "minor\": 99" | wc -l)
+ [[ $? -ne 0 ]] && [[ $cnt -ne 2 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device minor failed" && ((ret++))
+ isula exec -it $cid sh -c "cat /sys/fs/cgroup/devices/devices.list" | grep "c 99:99 rwm"
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to check c 99:99 rwm: ${image}" && ((ret++))
+ isula rm -f $cid
+ rm -f $test_dev
+
isula run -itd --device-cgroup-rule='b *:*' busybox 2>&1 | grep "Invalid value"
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - Invalid value" && ((ret++))
@@ -93,6 +136,9 @@ function test_cpu_dev_cgoup_rule_spec()
declare -i ans=0
-test_cpu_dev_cgoup_rule_spec || ((ans++))
+for element in ${RUNTIME_LIST[@]};
+do
+ test_cpu_dev_cgoup_rule_spec $element || ((ans++))
+done
show_result ${ans} "${curr_path}/${0}"
diff --git a/CI/test_cases/container_cases/ulimit.sh b/CI/test_cases/container_cases/ulimit.sh
index 29868041..f823dc1c 100755
--- a/CI/test_cases/container_cases/ulimit.sh
+++ b/CI/test_cases/container_cases/ulimit.sh
@@ -33,12 +33,25 @@ function test_ulimit()
local test="ulimit test with (${runtime})=> (${FUNCNAME[@]})"
msg_info "${test} starting..."
+ cid=$(isula run -tid --runtime $runtime $image /bin/sh)
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check failed" && ((ret++))
+ cat ${RUNTIME_ROOT_PATH}/${runtime}/$cid/config.json | grep "RLIMIT_"
+ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check rlimit failed" && ((ret++))
+
check_valgrind_log
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++))
start_isulad_with_valgrind --default-ulimit nproc=2048:4096 --default-ulimit nproc=2048:8192 --default-ulimit nofile=1024:4096
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++))
+ # if default ulimit of isulad changed, isula start should do update ulimit of oci spec
+ isula restart -t 0 $cid
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - restart failed" && ((ret++))
+ cat ${RUNTIME_ROOT_PATH}/${runtime}/$cid/config.json | grep "RLIMIT_"
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check rlimit failed after restart" && ((ret++))
+ isula rm -f $cid
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - rm container failed" && ((ret++))
+
isula run --ulimit nproc= $image --runtime $runtime /bin/sh > $ulimitlog 2>&1
cat $ulimitlog | grep "delimiter '=' can't be the first or the last character"
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check failed" && ((ret++))
--
2.42.0

25
0151-2239-delete-the-disabled-reload-configuration-in-isu.patch Normal file
View File

@ -0,0 +1,25 @@
From 40ca1ca0312e2168b2b7579f7e52d8c6a265b1e2 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 8 Nov 2023 03:11:01 +0000
Subject: [PATCH 151/181] !2239 delete the disabled reload configuration in
isulad.service * delete the disabled reload configuration in isulad.service
---
src/contrib/init/isulad.service | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/contrib/init/isulad.service b/src/contrib/init/isulad.service
index 3092980c..3356ba3b 100644
--- a/src/contrib/init/isulad.service
+++ b/src/contrib/init/isulad.service
@@ -6,7 +6,6 @@ After=network.target
Type=notify
EnvironmentFile=-/etc/sysconfig/iSulad
ExecStart=/usr/bin/isulad $OPTIONS
-ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=1048576
LimitNPROC=infinity
LimitCORE=infinity
--
2.42.0

27
0152-2240-modify-the-default-value-of-EANBLE_IMAGE_LIBARA.patch Normal file
View File

@ -0,0 +1,27 @@
From bbfd876397c3715419d327ca27102dae6122916d Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 8 Nov 2023 03:33:57 +0000
Subject: [PATCH 152/181] !2240 modify the default value of
EANBLE_IMAGE_LIBARAY to off * modify the default value of
EANBLE_IMAGE_LIBARAY to off
---
cmake/options.cmake | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cmake/options.cmake b/cmake/options.cmake
index 1b6caa2b..125cabb5 100644
--- a/cmake/options.cmake
+++ b/cmake/options.cmake
@@ -117,7 +117,7 @@ if (ENABLE_LOGIN_PASSWORD_OPTION STREQUAL "ON")
message("${Green}-- Enable login password option${ColourReset}")
endif()
-option(EANBLE_IMAGE_LIBARAY "create libisulad_image.so" ON)
+option(EANBLE_IMAGE_LIBARAY "create libisulad_image.so" OFF)
if (EANBLE_IMAGE_LIBARAY STREQUAL "ON")
add_definitions(-DEANBLE_IMAGE_LIBARAY)
set(EANBLE_IMAGE_LIBARAY 1)
--
2.42.0

124
0153-improve-event-logs.patch Normal file
View File

@ -0,0 +1,124 @@
From d5cd451ed1bf2e1b577d7d66bdb6e95cd7dcbe4b Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Tue, 14 Nov 2023 17:24:23 +0800
Subject: [PATCH 153/181] improve event logs
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
.../entry/connect/grpc/runtime_runtime_service.cc | 10 +++++++---
.../entry/cri/cri_pod_sandbox_manager_service_impl.cc | 1 +
src/daemon/entry/cri/network_plugin.cc | 11 ++++++++---
src/daemon/executor/volume_cb/volume_cb.c | 4 ++--
4 files changed, 18 insertions(+), 8 deletions(-)
diff --git a/src/daemon/entry/connect/grpc/runtime_runtime_service.cc b/src/daemon/entry/connect/grpc/runtime_runtime_service.cc
index 852d6791..5b4adc3f 100644
--- a/src/daemon/entry/connect/grpc/runtime_runtime_service.cc
+++ b/src/daemon/entry/connect/grpc/runtime_runtime_service.cc
@@ -118,7 +118,7 @@ grpc::Status RuntimeRuntimeServiceImpl::CreateContainer(grpc::ServerContext *con
return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments");
}
- EVENT("Event: {Object: CRI, Type: Creating Container}");
+ EVENT("Event: {Object: CRI, Type: Creating Container for sandbox: %s}", request->pod_sandbox_id().c_str());
std::string responseID =
rService->CreateContainer(request->pod_sandbox_id(), request->config(), request->sandbox_config(), error);
@@ -360,7 +360,11 @@ grpc::Status RuntimeRuntimeServiceImpl::RunPodSandbox(grpc::ServerContext *conte
return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments");
}
- EVENT("Event: {Object: CRI, Type: Running Pod}");
+ if (request->has_config() && request->config().has_metadata()) {
+ EVENT("Event: {Object: CRI, Type: Running Pod: %s}", request->config().metadata().name().c_str());
+ } else {
+ EVENT("Event: {Object: CRI, Type: Running Pod}");
+ }
std::string responseID = rService->RunPodSandbox(request->config(), request->runtime_handler(), error);
if (!error.Empty() || responseID.empty()) {
@@ -369,7 +373,7 @@ grpc::Status RuntimeRuntimeServiceImpl::RunPodSandbox(grpc::ServerContext *conte
}
reply->set_pod_sandbox_id(responseID);
- EVENT("Event: {Object: CRI, Type: Run Pod success}");
+ EVENT("Event: {Object: CRI, Type: Run Pod: %s success}", responseID.c_str());
return grpc::Status::OK;
}
diff --git a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc
index c9b5527c..edf4dc81 100644
--- a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc
+++ b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc
@@ -624,6 +624,7 @@ auto PodSandboxManagerServiceImpl::RunPodSandbox(const runtime::v1alpha2::PodSan
// Step 2: Create the sandbox container.
response_id = CreateSandboxContainer(config, image, jsonCheckpoint, runtimeHandler, error);
if (error.NotEmpty()) {
+ ERROR("Create sandbox failed: %s", error.GetCMessage());
goto cleanup;
}
diff --git a/src/daemon/entry/cri/network_plugin.cc b/src/daemon/entry/cri/network_plugin.cc
index 9933b584..9a14529e 100644
--- a/src/daemon/entry/cri/network_plugin.cc
+++ b/src/daemon/entry/cri/network_plugin.cc
@@ -460,13 +460,15 @@ void PluginManager::SetUpPod(const std::string &ns, const std::string &name, con
error.AppendError(tmpErr.GetCMessage());
return;
}
- INFO("Calling network plugin %s to set up pod %s", m_plugin->Name().c_str(), fullName.c_str());
+ EVENT("Setup network plugin %s for sandbox: %s", m_plugin->Name().c_str(), fullName.c_str());
m_plugin->SetUpPod(ns, name, interfaceName, podSandboxID, annotations, options, tmpErr);
if (tmpErr.NotEmpty()) {
- error.Errorf("NetworkPlugin %s failed to set up pod %s network: %s", m_plugin->Name().c_str(), fullName.c_str(),
+ ERROR("Setup network for sandbox: %s failed: %s", fullName.c_str(), tmpErr.GetCMessage());
+ error.Errorf("NetworkPlugin %s for sandbox %s network: %s", m_plugin->Name().c_str(), fullName.c_str(),
tmpErr.GetCMessage());
}
+ EVENT("Setuped network plugin %s for sandbox: %s", m_plugin->Name().c_str(), fullName.c_str());
tmpErr.Clear();
Unlock(fullName, tmpErr);
@@ -490,12 +492,15 @@ void PluginManager::TearDownPod(const std::string &ns, const std::string &name,
goto unlock;
}
- INFO("Calling network plugin %s to tear down pod %s", m_plugin->Name().c_str(), fullName.c_str());
+ EVENT("Teardown network %s for sandbox: %s", m_plugin->Name().c_str(), fullName.c_str());
m_plugin->TearDownPod(ns, name, Network::DEFAULT_NETWORK_INTERFACE_NAME, podSandboxID, annotations, tmpErr);
if (tmpErr.NotEmpty()) {
+ ERROR("Teardown network for sandbox: %s failed: %s", fullName.c_str(), tmpErr.GetCMessage());
error.Errorf("NetworkPlugin %s failed to teardown pod %s network: %s", m_plugin->Name().c_str(),
fullName.c_str(), tmpErr.GetCMessage());
}
+ EVENT("Teardowned network %s for sandbox: %s", m_plugin->Name().c_str(), fullName.c_str());
+
unlock:
tmpErr.Clear();
Unlock(fullName, tmpErr);
diff --git a/src/daemon/executor/volume_cb/volume_cb.c b/src/daemon/executor/volume_cb/volume_cb.c
index 13f99517..4ac5c301 100644
--- a/src/daemon/executor/volume_cb/volume_cb.c
+++ b/src/daemon/executor/volume_cb/volume_cb.c
@@ -58,7 +58,7 @@ static int volume_list_cb(const volume_list_volume_request *request, volume_list
goto err_out;
}
- EVENT("Volume Event: {Object: list volumes, Type: listing}");
+ INFO("Volume Event: {Object: list volumes, Type: listing}");
list = volume_list();
if (list == NULL) {
@@ -91,7 +91,7 @@ static int volume_list_cb(const volume_list_volume_request *request, volume_list
}
out:
- EVENT("Volume Event: {Object: list volumes, Type: listed");
+ INFO("Volume Event: {Object: list volumes, Type: listed");
err_out:
if (*response != NULL) {
--
2.42.0

46
0154-2257-disable-grpc-remote-connect-by-default.patch Normal file
View File

@ -0,0 +1,46 @@
From b4afaf867dac7408258318c9549d3c561ae37449 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 21 Nov 2023 01:33:29 +0000
Subject: [PATCH 154/181] !2257 disable grpc remote connect by default *
disable grpc remote connect by default
---
cmake/options.cmake | 2 +-
test/cutils/utils_verify/utils_verify_ut.cc | 2 ++
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/cmake/options.cmake b/cmake/options.cmake
index 125cabb5..bad12ea3 100644
--- a/cmake/options.cmake
+++ b/cmake/options.cmake
@@ -90,7 +90,7 @@ if (ENABLE_SELINUX STREQUAL "ON")
message("${Green}-- Enable selinux${ColourReset}")
endif()
-option(ENABLE_GRPC_REMOTE_CONNECT "enable gRPC remote connect" ON)
+option(ENABLE_GRPC_REMOTE_CONNECT "enable gRPC remote connect" OFF)
if (ENABLE_GRPC_REMOTE_CONNECT STREQUAL "ON")
add_definitions(-DENABLE_GRPC_REMOTE_CONNECT=1)
set(ENABLE_GRPC_REMOTE_CONNECT 1)
diff --git a/test/cutils/utils_verify/utils_verify_ut.cc b/test/cutils/utils_verify/utils_verify_ut.cc
index a68dfb66..b57b906d 100644
--- a/test/cutils/utils_verify/utils_verify_ut.cc
+++ b/test/cutils/utils_verify/utils_verify_ut.cc
@@ -70,12 +70,14 @@ TEST(utils_verify, test_util_validate_socket)
ASSERT_EQ(util_validate_socket("unix://./isulad"), false);
ASSERT_EQ(util_validate_socket("unix://isulad"), false);
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
ASSERT_EQ(util_validate_socket("tcp://localhost:2375"), true);
ASSERT_EQ(util_validate_socket("tcp://127.0.0.1:2375"), true);
ASSERT_EQ(util_validate_socket("tcp://"), false);
ASSERT_EQ(util_validate_socket("tcp://127.0.0.1"), false);
ASSERT_EQ(util_validate_socket("tcp://127.0.0.1,2375"), false);
+#endif
}
TEST(utils_verify, test_util_valid_device_mode)
--
2.42.0

782
0155-2258-rollback-commit-for-update-possible-changed-res.patch Normal file
View File

@ -0,0 +1,782 @@
From 131f59ea3175166143a56f92a018322548e73a44 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 21 Nov 2023 02:02:07 +0000
Subject: [PATCH 155/181] !2258 rollback commit for update possible changed
resources for oci spec * rollback commit for update possible changed
resources for oci spec
---
.../container_cases/dev_cgroup_rule.sh | 50 +------
CI/test_cases/container_cases/ulimit.sh | 13 --
src/cmd/isulad/main.c | 13 +-
src/daemon/config/isulad_config.c | 6 +-
src/daemon/modules/api/specs_api.h | 11 +-
.../container/container_events_handler.c | 2 +-
.../modules/service/service_container.c | 68 ++-------
src/daemon/modules/spec/specs.c | 115 ++++++---------
src/daemon/modules/spec/specs_mount.c | 133 +++---------------
src/daemon/modules/spec/specs_mount.h | 6 +-
.../image/oci/oci_config_merge/CMakeLists.txt | 4 -
11 files changed, 84 insertions(+), 337 deletions(-)
diff --git a/CI/test_cases/container_cases/dev_cgroup_rule.sh b/CI/test_cases/container_cases/dev_cgroup_rule.sh
index 839a546c..651433c0 100755
--- a/CI/test_cases/container_cases/dev_cgroup_rule.sh
+++ b/CI/test_cases/container_cases/dev_cgroup_rule.sh
@@ -25,10 +25,8 @@ source ../helpers.sh
function test_cpu_dev_cgoup_rule_spec()
{
local ret=0
- local runtime=$1
local image="busybox"
- local test="container device cgroup rule test with (${runtime}) => (${FUNCNAME[@]})"
- local test_dev="/dev/testA"
+ local test="container device cgroup rule test => (${FUNCNAME[@]})"
msg_info "${test} starting..."
@@ -38,47 +36,6 @@ function test_cpu_dev_cgoup_rule_spec()
isula images | grep busybox
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - missing list image: ${image}" && ((ret++))
- rm -f $test_dev
- priv_cid=$(isula run -tid --privileged --runtime $runtime $image /bin/sh)
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - run priviledged container failed" && ((ret++))
- priv_major_88_cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$priv_cid/config.json | grep "major\": 88" | wc -l)
- priv_minor_88_cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$priv_cid/config.json | grep "minor\": 88" | wc -l)
-
- mknod $test_dev c 88 88
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - mknod failed" && ((ret++))
- isula restart -t 0 $priv_cid
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - restart priviledge container failed" && ((ret++))
- cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$priv_cid/config.json | grep "major\": 88" | wc -l)
- [[ $? -ne 0 ]]&& [[ $cnt -le $priv_major_88_cnt ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device major failed" && ((ret++))
- cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$priv_cid/config.json | grep "minor\": 88" | wc -l)
- [[ $? -ne 0 ]] && [[ $cnt -le $priv_minor_88_cnt ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device minor failed" && ((ret++))
- isula rm -f $priv_cid
-
- cid=$(isula run -tid --device "$test_dev:$test_dev" --runtime $runtime $image /bin/sh)
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - run container failed" && ((ret++))
- cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$cid/config.json | grep "major\": 88" | wc -l)
- [[ $? -ne 0 ]]&& [[ $cnt -ne 2 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device major failed" && ((ret++))
- cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$cid/config.json | grep "minor\": 88" | wc -l)
- [[ $? -ne 0 ]] && [[ $cnt -ne 2 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device minor failed" && ((ret++))
- isula exec -it $cid sh -c "cat /sys/fs/cgroup/devices/devices.list" | grep "c 88:88 rwm"
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to check c 88:88 rwm: ${image}" && ((ret++))
- isula stop -t 0 $cid
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop container failed" && ((ret++))
- rm -f $test_dev
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - rm device failed" && ((ret++))
- mknod $test_dev c 99 99
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - mknod failed" && ((ret++))
- isula start $cid
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start container failed" && ((ret++))
- cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$cid/config.json | grep "major\": 99" | wc -l)
- [[ $? -ne 0 ]]&& [[ $cnt -ne 2 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device major failed" && ((ret++))
- cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$cid/config.json | grep "minor\": 99" | wc -l)
- [[ $? -ne 0 ]] && [[ $cnt -ne 2 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device minor failed" && ((ret++))
- isula exec -it $cid sh -c "cat /sys/fs/cgroup/devices/devices.list" | grep "c 99:99 rwm"
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to check c 99:99 rwm: ${image}" && ((ret++))
- isula rm -f $cid
- rm -f $test_dev
-
isula run -itd --device-cgroup-rule='b *:*' busybox 2>&1 | grep "Invalid value"
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - Invalid value" && ((ret++))
@@ -136,9 +93,6 @@ function test_cpu_dev_cgoup_rule_spec()
declare -i ans=0
-for element in ${RUNTIME_LIST[@]};
-do
- test_cpu_dev_cgoup_rule_spec $element || ((ans++))
-done
+test_cpu_dev_cgoup_rule_spec || ((ans++))
show_result ${ans} "${curr_path}/${0}"
diff --git a/CI/test_cases/container_cases/ulimit.sh b/CI/test_cases/container_cases/ulimit.sh
index f823dc1c..29868041 100755
--- a/CI/test_cases/container_cases/ulimit.sh
+++ b/CI/test_cases/container_cases/ulimit.sh
@@ -33,25 +33,12 @@ function test_ulimit()
local test="ulimit test with (${runtime})=> (${FUNCNAME[@]})"
msg_info "${test} starting..."
- cid=$(isula run -tid --runtime $runtime $image /bin/sh)
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check failed" && ((ret++))
- cat ${RUNTIME_ROOT_PATH}/${runtime}/$cid/config.json | grep "RLIMIT_"
- [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check rlimit failed" && ((ret++))
-
check_valgrind_log
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++))
start_isulad_with_valgrind --default-ulimit nproc=2048:4096 --default-ulimit nproc=2048:8192 --default-ulimit nofile=1024:4096
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++))
- # if default ulimit of isulad changed, isula start should do update ulimit of oci spec
- isula restart -t 0 $cid
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - restart failed" && ((ret++))
- cat ${RUNTIME_ROOT_PATH}/${runtime}/$cid/config.json | grep "RLIMIT_"
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check rlimit failed after restart" && ((ret++))
- isula rm -f $cid
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - rm container failed" && ((ret++))
-
isula run --ulimit nproc= $image --runtime $runtime /bin/sh > $ulimitlog 2>&1
cat $ulimitlog | grep "delimiter '=' can't be the first or the last character"
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check failed" && ((ret++))
diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c
index 8d4d886b..e624cfdd 100644
--- a/src/cmd/isulad/main.c
+++ b/src/cmd/isulad/main.c
@@ -1319,7 +1319,7 @@ static int ensure_isulad_tmpdir_security()
if (do_ensure_isulad_tmpdir_security("/tmp") != 0) {
WARN("Failed to ensure the /tmp directory is a safe directory");
}
-
+
return 0;
}
@@ -1371,17 +1371,12 @@ static int isulad_server_init_common()
goto out;
}
- if (spec_module_init() != 0) {
- ERROR("Failed to init spec module");
- goto out;
- }
-
- if (containers_store_init() != 0) {
+ if (containers_store_init()) {
ERROR("Failed to init containers store");
goto out;
}
- if (container_name_index_init() != 0) {
+ if (container_name_index_init()) {
ERROR("Failed to init name index");
goto out;
}
@@ -1787,7 +1782,7 @@ int main(int argc, char **argv)
msg = "Failed to init plugin_manager";
goto failure;
}
-#endif
+#endif
clock_gettime(CLOCK_MONOTONIC, &t_end);
use_time = (double)(t_end.tv_sec - t_start.tv_sec) * (double)1000000000 + (double)(t_end.tv_nsec - t_start.tv_nsec);
diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c
index ce2ae1c1..0e389dd1 100644
--- a/src/daemon/config/isulad_config.c
+++ b/src/daemon/config/isulad_config.c
@@ -998,7 +998,7 @@ static defs_hook *hooks_elem_dup(const defs_hook *src)
dest = (defs_hook *)util_common_calloc_s(sizeof(defs_hook));
if (dest == NULL) {
ERROR("Out of memory");
- return NULL;
+ return NULL;
}
dest->path = util_strdup_s(src->path);
@@ -1046,7 +1046,7 @@ static int hooks_array_dup(const defs_hook **src, const size_t src_len, defs_hoo
return -1;
}
- for (i = 0; i < src_len; i++) {
+ for(i = 0; i < src_len; i++) {
tmp_dst[i] = hooks_elem_dup(src[i]);
if (tmp_dst[i] == NULL) {
ERROR("Failed to duplicate hooks element");
@@ -1060,7 +1060,7 @@ static int hooks_array_dup(const defs_hook **src, const size_t src_len, defs_hoo
return 0;
err_out:
- for (i = 0; i < tmp_len; i++) {
+ for(i = 0; i < tmp_len; i++) {
free_defs_hook(tmp_dst[i]);
}
free(tmp_dst);
diff --git a/src/daemon/modules/api/specs_api.h b/src/daemon/modules/api/specs_api.h
index 1a6af9ae..0a594d81 100644
--- a/src/daemon/modules/api/specs_api.h
+++ b/src/daemon/modules/api/specs_api.h
@@ -29,7 +29,8 @@ int merge_all_specs(host_config *host_spec, const char *real_rootfs, container_c
oci_runtime_spec *oci_spec);
char *merge_container_cgroups_path(const char *id, const host_config *host_spec);
int merge_global_config(oci_runtime_spec *oci_spec);
-
+oci_runtime_spec *load_oci_config(const char *rootpath, const char *name);
+oci_runtime_spec *default_spec(bool system_container);
int merge_conf_cgroup(oci_runtime_spec *oci_spec, const host_config *host_spec);
int save_oci_config(const char *id, const char *rootpath, const oci_runtime_spec *oci_spec);
@@ -39,14 +40,6 @@ int parse_security_opt(const host_config *host_spec, bool *no_new_privileges, ch
int merge_share_namespace(oci_runtime_spec *oci_spec, const host_config *host_spec,
const container_config_v2_common_config_network_settings *network_settings);
-oci_runtime_spec *load_oci_config(const char *rootpath, const char *name);
-
-oci_runtime_spec *default_spec(bool system_container);
-
-const oci_runtime_spec *get_readonly_default_oci_spec(bool system_container);
-
-int spec_module_init(void);
-
#ifdef __cplusplus
}
#endif
diff --git a/src/daemon/modules/container/container_events_handler.c b/src/daemon/modules/container/container_events_handler.c
index 6a223bd2..d56c2ee0 100644
--- a/src/daemon/modules/container/container_events_handler.c
+++ b/src/daemon/modules/container/container_events_handler.c
@@ -157,7 +157,7 @@ static int container_state_changed(container_t *cont, const struct isulad_events
container_wait_stop_cond_broadcast(cont);
#ifdef ENABLE_PLUGIN
plugin_event_container_post_stop(cont);
-#endif
+#endif
}
auto_remove = !should_restart && cont->hostconfig != NULL && cont->hostconfig->auto_remove;
diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
index a5c12862..58b27f90 100644
--- a/src/daemon/modules/service/service_container.c
+++ b/src/daemon/modules/service/service_container.c
@@ -13,11 +13,19 @@
* Description: provide container supervisor functions
******************************************************************************/
#define _GNU_SOURCE
+#include <sys/stat.h>
#include <unistd.h>
#include <sys/mount.h>
#include <sys/eventfd.h>
#include <errno.h>
#include <fcntl.h>
+#include <isula_libutils/container_config.h>
+#include <isula_libutils/container_config_v2.h>
+#include <isula_libutils/container_exec_request.h>
+#include <isula_libutils/container_exec_response.h>
+#include <isula_libutils/defs.h>
+#include <isula_libutils/host_config.h>
+#include <isula_libutils/oci_runtime_spec.h>
#include <limits.h>
#include <pthread.h>
#include <signal.h>
@@ -27,28 +35,15 @@
#include <stdlib.h>
#include <string.h>
#include <strings.h>
-#include <sys/stat.h>
-#include <sys/mount.h>
-#include <sys/eventfd.h>
-#include <sys/epoll.h>
-
-#include <isula_libutils/container_config.h>
-#include <isula_libutils/container_config_v2.h>
-#include <isula_libutils/container_exec_request.h>
-#include <isula_libutils/container_exec_response.h>
-#include <isula_libutils/defs.h>
-#include <isula_libutils/host_config.h>
-#include <isula_libutils/oci_runtime_spec.h>
-#include <isula_libutils/log.h>
#include "service_container_api.h"
+#include "isula_libutils/log.h"
#include "utils.h"
#include "err_msg.h"
#include "events_sender_api.h"
#include "image_api.h"
#include "specs_api.h"
#include "specs_mount.h"
-#include "specs_extend.h"
#include "isulad_config.h"
#include "verify.h"
#include "plugin_api.h"
@@ -683,43 +678,6 @@ out:
epoll_loop_close(&descr);
}
-static int do_oci_spec_update(const char *id, oci_runtime_spec *oci_spec, host_config *hostconfig)
-{
- char *cgroup_parent = NULL;
- int ret;
-
- // If isulad daemon cgroup parent updated, we should update this config into oci spec
- cgroup_parent = merge_container_cgroups_path(id, hostconfig);
- if (cgroup_parent == NULL) {
- return -1;
- }
- if (oci_spec->linux->cgroups_path != NULL && strcmp(oci_spec->linux->cgroups_path, cgroup_parent) != 0) {
- free(oci_spec->linux->cgroups_path);
- oci_spec->linux->cgroups_path = cgroup_parent;
- cgroup_parent = NULL;
- }
- free(cgroup_parent);
-
- // For Linux.Resources, isula update will save changes into oci spec;
- // so we just skip it;
-
- // Remove old devices and update all devices
- ret = update_devcies_for_oci_spec(oci_spec, hostconfig);
- if (ret != 0) {
- ERROR("Failed to do update devices for oci spec");
- return -1;
- }
-
- // If isulad daemon ulimit updated, we should update this config into oci spec.
- if (merge_global_ulimit(oci_spec) != 0) {
- return -1;
- }
-
- // renew_oci_config() will update process->user and share namespace after.
-
- return 0;
-}
-
static int do_start_container(container_t *cont, const char *console_fifos[], bool reset_rm, pid_ppid_info_t *pid_info)
{
int ret = 0;
@@ -794,14 +752,6 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo
goto close_exit_fd;
}
- // Update possible changes
- nret = do_oci_spec_update(id, oci_spec, cont->hostconfig);
- if (nret != 0) {
- ERROR("Failed to update possible changes for oci spec");
- ret = -1;
- goto close_exit_fd;
- }
-
nret = setup_ipc_dirs(cont->hostconfig, cont->common_config);
if (nret != 0) {
ERROR("Failed to setup ipc dirs");
diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c
index a8912c96..0c7d58b3 100644
--- a/src/daemon/modules/spec/specs.c
+++ b/src/daemon/modules/spec/specs.c
@@ -17,8 +17,6 @@
#include <stdio.h>
#include <stdbool.h>
#include <errno.h>
-#include <limits.h>
-#include <stdint.h>
#include <isula_libutils/container_config.h>
#include <isula_libutils/container_config_v2.h>
#include <isula_libutils/defs.h>
@@ -78,13 +76,6 @@
#define CLONE_NEWCGROUP 0x02000000
#endif
-struct readonly_default_oci_spec {
- oci_runtime_spec *cont;
- oci_runtime_spec *system_cont;
-};
-
-static struct readonly_default_oci_spec g_rdspec;
-
static int make_sure_oci_spec_annotations(oci_runtime_spec *oci_spec)
{
if (oci_spec->annotations == NULL) {
@@ -386,6 +377,29 @@ out:
return ret;
}
+/* default_spec returns default oci spec used by isulad. */
+oci_runtime_spec *default_spec(bool system_container)
+{
+ const char *oci_file = OCICONFIG_PATH;
+ if (system_container) {
+ oci_file = OCI_SYSTEM_CONTAINER_CONFIG_PATH;
+ }
+ oci_runtime_spec *oci_spec = NULL;
+ parser_error err = NULL;
+
+ /* parse the input oci file */
+ oci_spec = oci_runtime_spec_parse_file(oci_file, NULL, &err);
+ if (oci_spec == NULL) {
+ ERROR("Failed to parse OCI specification file \"%s\", error message: %s", oci_file, err);
+ isulad_set_error_message("Can not read the default /etc/default/isulad/config.json file: %s", err);
+ goto out;
+ }
+
+out:
+ free(err);
+ return oci_spec;
+}
+
static int make_sure_oci_spec_root(oci_runtime_spec *oci_spec)
{
if (oci_spec->root == NULL) {
@@ -1697,20 +1711,20 @@ static int merge_resources_conf(oci_runtime_spec *oci_spec, host_config *host_sp
ret = merge_conf_cgroup(oci_spec, host_spec);
if (ret != 0) {
- return -1;
+ goto out;
}
- ret = merge_conf_blkio_device(oci_spec, host_spec);
+ ret = merge_conf_device(oci_spec, host_spec);
if (ret != 0) {
- return -1;
+ goto out;
}
- ret = merge_conf_devices(oci_spec, host_spec);
- if (ret != 0) {
- return -1;
+ ret = merge_conf_mounts(oci_spec, host_spec, v2_spec);
+ if (ret) {
+ goto out;
}
-
- return merge_conf_mounts(oci_spec, host_spec, v2_spec);
+out:
+ return ret;
}
static int merge_terminal(oci_runtime_spec *oci_spec, bool terminal)
@@ -2265,7 +2279,7 @@ oci_runtime_spec *load_oci_config(const char *rootpath, const char *name)
nret = snprintf(filename, sizeof(filename), "%s/%s/%s", rootpath, name, OCI_CONFIG_JSON);
if (nret < 0 || (size_t)nret >= sizeof(filename)) {
ERROR("Failed to print string");
- return NULL;
+ goto out;
}
ociconfig = oci_runtime_spec_parse_file(filename, NULL, &err);
@@ -2274,7 +2288,6 @@ oci_runtime_spec *load_oci_config(const char *rootpath, const char *name)
isulad_set_error_message("Parse oci config file failed:%s", err);
goto out;
}
-
out:
free(err);
return ociconfig;
@@ -2282,80 +2295,36 @@ out:
int save_oci_config(const char *id, const char *rootpath, const oci_runtime_spec *oci_spec)
{
+ int ret = 0;
int nret = 0;
+ char *json_container = NULL;
char file_path[PATH_MAX] = { 0x0 };
struct parser_context ctx = { OPT_PARSE_STRICT, stderr };
- char *json_container = NULL;
parser_error err = NULL;
- int ret = 0;
nret = snprintf(file_path, PATH_MAX, "%s/%s/%s", rootpath, id, OCI_CONFIG_JSON);
if (nret < 0 || (size_t)nret >= PATH_MAX) {
ERROR("Failed to print string");
- return -1;
+ ret = -1;
+ goto out_free;
}
json_container = oci_runtime_spec_generate_json(oci_spec, &ctx, &err);
if (json_container == NULL) {
ERROR("Failed to generate json: %s", err);
ret = -1;
- goto out;
+ goto out_free;
}
- nret = util_atomic_write_file(file_path, json_container, strlen(json_container), DEFAULT_SECURE_FILE_MODE, false);
- if (nret != 0) {
+ if (util_atomic_write_file(file_path, json_container, strlen(json_container), DEFAULT_SECURE_FILE_MODE, false) !=
+ 0) {
SYSERROR("write json container failed");
ret = -1;
- goto out;
+ goto out_free;
}
-out:
- free(json_container);
+out_free:
free(err);
+ free(json_container);
return ret;
}
-
-/* default_spec returns default oci spec used by isulad. */
-oci_runtime_spec *default_spec(bool system_container)
-{
- const char *oci_file = OCICONFIG_PATH;
- if (system_container) {
- oci_file = OCI_SYSTEM_CONTAINER_CONFIG_PATH;
- }
- oci_runtime_spec *oci_spec = NULL;
- parser_error err = NULL;
-
- /* parse the input oci file */
- oci_spec = oci_runtime_spec_parse_file(oci_file, NULL, &err);
- if (oci_spec == NULL) {
- ERROR("Failed to parse OCI specification file \"%s\", error message: %s", oci_file, err);
- isulad_set_error_message("Can not read the default %s file: %s", oci_file, err);
- goto out;
- }
-
-out:
- free(err);
- return oci_spec;
-}
-
-const oci_runtime_spec *get_readonly_default_oci_spec(bool system_container)
-{
- if (system_container) {
- return g_rdspec.system_cont;
- }
-
- return g_rdspec.cont;
-}
-
-int spec_module_init(void)
-{
- g_rdspec.cont = default_spec(false);
- if (g_rdspec.cont == NULL) {
- return -1;
- }
- g_rdspec.system_cont = default_spec(true);
- if (g_rdspec.system_cont == NULL) {
- return -1;
- }
- return 0;
-}
\ No newline at end of file
diff --git a/src/daemon/modules/spec/specs_mount.c b/src/daemon/modules/spec/specs_mount.c
index bb2b200a..cd3a5c9d 100644
--- a/src/daemon/modules/spec/specs_mount.c
+++ b/src/daemon/modules/spec/specs_mount.c
@@ -53,7 +53,6 @@
#include "image_api.h"
#include "volume_api.h"
#include "parse_volume.h"
-#include "specs_api.h"
enum update_rw {
update_rw_untouch,
@@ -2213,24 +2212,7 @@ out:
return ret;
}
-int merge_conf_devices(oci_runtime_spec *oci_spec, host_config *host_spec)
-{
- /* devices which will be populated into container */
- if (merge_conf_populate_device(oci_spec, host_spec)) {
- ERROR("Merge user define devices failed");
- return -1;
- }
-
- /* device cgroup rules which will be added into container */
- if (merge_conf_device_cgroup_rule(oci_spec, host_spec)) {
- ERROR("Merge user define device cgroup rules failed");
- return -1;
- }
-
- return 0;
-}
-
-int merge_conf_blkio_device(oci_runtime_spec *oci_spec, host_config *host_spec)
+int merge_conf_device(oci_runtime_spec *oci_spec, host_config *host_spec)
{
int ret = 0;
@@ -2244,7 +2226,7 @@ int merge_conf_blkio_device(oci_runtime_spec *oci_spec, host_config *host_spec)
ret = merge_blkio_weight_device(oci_spec, host_spec->blkio_weight_device, host_spec->blkio_weight_device_len);
if (ret != 0) {
ERROR("Failed to merge blkio weight devices");
- return -1;
+ goto out;
}
}
@@ -2254,7 +2236,7 @@ int merge_conf_blkio_device(oci_runtime_spec *oci_spec, host_config *host_spec)
host_spec->blkio_device_read_bps_len);
if (ret != 0) {
ERROR("Failed to merge blkio read bps devices");
- return -1;
+ goto out;
}
}
@@ -2264,7 +2246,7 @@ int merge_conf_blkio_device(oci_runtime_spec *oci_spec, host_config *host_spec)
host_spec->blkio_device_write_bps_len);
if (ret != 0) {
ERROR("Failed to merge blkio write bps devices");
- return -1;
+ goto out;
}
}
@@ -2274,7 +2256,7 @@ int merge_conf_blkio_device(oci_runtime_spec *oci_spec, host_config *host_spec)
host_spec->blkio_device_read_iops_len);
if (ret != 0) {
ERROR("Failed to merge blkio read iops devices");
- return -1;
+ goto out;
}
}
@@ -2284,11 +2266,24 @@ int merge_conf_blkio_device(oci_runtime_spec *oci_spec, host_config *host_spec)
host_spec->blkio_device_write_iops_len);
if (ret != 0) {
ERROR("Failed to merge blkio write iops devices");
- return -1;
+ goto out;
}
}
- return 0;
+ /* devices which will be populated into container */
+ if (merge_conf_populate_device(oci_spec, host_spec)) {
+ ret = -1;
+ goto out;
+ }
+
+ /* device cgroup rules which will be added into container */
+ if (merge_conf_device_cgroup_rule(oci_spec, host_spec)) {
+ ret = -1;
+ goto out;
+ }
+
+out:
+ return ret;
}
static bool mounts_expand(defs_mount ***all_mounts, size_t *all_mounts_len, size_t add_len)
@@ -3493,91 +3488,3 @@ out:
free(mntparent);
return ret;
}
-
-int update_devcies_for_oci_spec(oci_runtime_spec *oci_spec, host_config *hostconfig)
-{
- const oci_runtime_spec *readonly_spec = NULL;
- size_t i;
- int ret;
-
- // Step1: get default oci spec config
- readonly_spec = get_readonly_default_oci_spec(hostconfig->system_container);
-
- // Step2: clear oci_spec devices items
- for (i = 0; i < oci_spec->linux->devices_len; i++) {
- free_defs_device(oci_spec->linux->devices[i]);
- oci_spec->linux->devices[i] = NULL;
- }
- // Step3: if default devices length more than old spec, just realloc memory
- if (readonly_spec->linux->devices_len > oci_spec->linux->devices_len) {
- free(oci_spec->linux->devices);
- oci_spec->linux->devices = util_smart_calloc_s(sizeof(defs_device *), readonly_spec->linux->devices_len);
- if (oci_spec->linux->devices == NULL) {
- oci_spec->linux->devices_len = 0;
- ERROR("Out of memory");
- return -1;
- }
- }
- oci_spec->linux->devices_len = 0;
- // Step4: copy default devices to oci spec
- for (i = 0; i < readonly_spec->linux->devices_len; i++) {
- defs_device *tmp_dev = util_common_calloc_s(sizeof(defs_device));
- if (tmp_dev == NULL) {
- ERROR("Out of memory");
- return -1;
- }
- tmp_dev->type = util_strdup_s(readonly_spec->linux->devices[i]->type);
- tmp_dev->path = util_strdup_s(readonly_spec->linux->devices[i]->path);
- tmp_dev->file_mode = readonly_spec->linux->devices[i]->file_mode;
- tmp_dev->major = readonly_spec->linux->devices[i]->major;
- tmp_dev->minor = readonly_spec->linux->devices[i]->minor;
- tmp_dev->uid = readonly_spec->linux->devices[i]->uid;
- tmp_dev->gid = readonly_spec->linux->devices[i]->gid;
- oci_spec->linux->devices[i] = tmp_dev;
- oci_spec->linux->devices_len += 1;
- }
-
- // Step5: clear oci_spec device cgroup rules
- for (i = 0; i < oci_spec->linux->resources->devices_len; i++) {
- free_defs_device_cgroup(oci_spec->linux->resources->devices[i]);
- oci_spec->linux->resources->devices[i] = NULL;
- }
- // Step6: if default devices lenght more than old spec, just realloc memory
- if (readonly_spec->linux->resources->devices_len > oci_spec->linux->resources->devices_len) {
- free(oci_spec->linux->resources->devices);
- oci_spec->linux->resources->devices = util_smart_calloc_s(sizeof(defs_device_cgroup *),
- readonly_spec->linux->resources->devices_len);
- if (oci_spec->linux->resources->devices == NULL) {
- oci_spec->linux->resources->devices_len = 0;
- ERROR("Out of memory");
- return -1;
- }
- }
- oci_spec->linux->resources->devices_len = 0;
- // Step7: copy default device cgroup rules to oci spec
- for (i = 0; i < readonly_spec->linux->resources->devices_len; i++) {
- defs_device_cgroup *tmp_dev_cg = util_common_calloc_s(sizeof(defs_device_cgroup));
- if (tmp_dev_cg == NULL) {
- ERROR("Out of memory");
- return -1;
- }
- tmp_dev_cg->allow = readonly_spec->linux->resources->devices[i]->allow;
- tmp_dev_cg->major = readonly_spec->linux->resources->devices[i]->major;
- tmp_dev_cg->minor = readonly_spec->linux->resources->devices[i]->minor;
- tmp_dev_cg->type = util_strdup_s(readonly_spec->linux->resources->devices[i]->type);
- tmp_dev_cg->access = util_strdup_s(readonly_spec->linux->resources->devices[i]->access);
- oci_spec->linux->resources->devices[i] = tmp_dev_cg;
- oci_spec->linux->resources->devices_len += 1;
- }
-
- // Step8: do update devices and cgroup device rules at here
- if (hostconfig->privileged) {
- // Step8.1: for priviledged container, we should merge all devices under /dev
- ret = merge_all_devices_and_all_permission(oci_spec);
- } else {
- // Step8.2: for common container, we should merge devices defined by user in hostconfig
- ret = merge_conf_devices(oci_spec, hostconfig);
- }
-
- return ret;
-}
\ No newline at end of file
diff --git a/src/daemon/modules/spec/specs_mount.h b/src/daemon/modules/spec/specs_mount.h
index b742ca35..8a28f0e2 100644
--- a/src/daemon/modules/spec/specs_mount.h
+++ b/src/daemon/modules/spec/specs_mount.h
@@ -41,14 +41,10 @@ int set_mounts_readwrite_option(const oci_runtime_spec *oci_spec);
int merge_all_devices_and_all_permission(oci_runtime_spec *oci_spec);
-int merge_conf_devices(oci_runtime_spec *oci_spec, host_config *host_spec);
-
-int merge_conf_blkio_device(oci_runtime_spec *oci_spec, host_config *host_spec);
+int merge_conf_device(oci_runtime_spec *oci_spec, host_config *host_spec);
int setup_ipc_dirs(host_config *host_spec, container_config_v2_common_config *v2_spec);
-int update_devcies_for_oci_spec(oci_runtime_spec *oci_spec, host_config *hostconfig);
-
#ifdef __cplusplus
}
#endif
diff --git a/test/image/oci/oci_config_merge/CMakeLists.txt b/test/image/oci/oci_config_merge/CMakeLists.txt
index d76de35d..42cd2e78 100644
--- a/test/image/oci/oci_config_merge/CMakeLists.txt
+++ b/test/image/oci/oci_config_merge/CMakeLists.txt
@@ -31,11 +31,7 @@ add_executable(${EXE}
${CMAKE_CURRENT_SOURCE_DIR}/../../../../test/mocks/namespace_mock.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../../test/mocks/container_unix_mock.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/spec/parse_volume.c
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/spec/specs.c
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/spec/parse_volume.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/spec/specs_mount.c
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/spec/specs_extend.c
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/spec/specs_security.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/volume/volume.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/volume/local.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../test/mocks/selinux_label_mock.cc
--
2.42.0

381
0156-2259-lcr-container-with-a-damaged-config-file-will-r.patch Normal file
View File

@ -0,0 +1,381 @@
From 4aca7cb9609cfab18a48808d60bad96ddc996f22 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 21 Nov 2023 03:23:20 +0000
Subject: [PATCH 156/181] !2259 lcr container with a damaged config file will
rebuild the config during restore * lcr container with a damaged config file
will rebuild the config during restore
---
src/common/constants.h | 2 +
src/daemon/modules/api/runtime_api.h | 7 ++
.../modules/container/restore/restore.c | 27 +++--
.../modules/runtime/engines/lcr/lcr_rt_ops.c | 98 ++++++++++++++++++-
.../modules/runtime/engines/lcr/lcr_rt_ops.h | 1 +
.../modules/runtime/isula/isula_rt_ops.c | 6 ++
.../modules/runtime/isula/isula_rt_ops.h | 1 +
src/daemon/modules/runtime/runtime.c | 21 ++++
src/daemon/modules/runtime/shim/shim_rt_ops.c | 6 ++
src/daemon/modules/runtime/shim/shim_rt_ops.h | 2 +
10 files changed, 162 insertions(+), 9 deletions(-)
diff --git a/src/common/constants.h b/src/common/constants.h
index 94bc9886..a567ee9c 100644
--- a/src/common/constants.h
+++ b/src/common/constants.h
@@ -86,6 +86,8 @@ extern "C" {
#define LOG_MAX_RETRIES 10
+#define INVALID_CONFIG_ERR_CODE 2
+
#define MAX_MSG_BUFFER_SIZE (32 * 1024)
#define DEFAULT_WEBSOCKET_SERVER_LISTENING_PORT 10350
diff --git a/src/daemon/modules/api/runtime_api.h b/src/daemon/modules/api/runtime_api.h
index a8dfdeae..3fb40dae 100644
--- a/src/daemon/modules/api/runtime_api.h
+++ b/src/daemon/modules/api/runtime_api.h
@@ -41,6 +41,7 @@ typedef enum {
struct runtime_container_status_info {
bool has_pid;
uint32_t pid;
+ int error_code;
Runtime_Container_Status status;
};
@@ -190,6 +191,10 @@ typedef struct _rt_exec_resize_params_t {
unsigned int width;
} rt_exec_resize_params_t;
+typedef struct _rt_runtime_rebuild_config_params_t {
+ const char *rootpath;
+} rt_rebuild_config_params_t;
+
struct rt_ops {
/* detect whether runtime is of this runtime type */
bool (*detect)(const char *runtime);
@@ -226,6 +231,7 @@ struct rt_ops {
rt_listpids_out_t *out);
int (*rt_resize)(const char *name, const char *runtime, const rt_resize_params_t *params);
int (*rt_exec_resize)(const char *name, const char *runtime, const rt_exec_resize_params_t *params);
+ int (*rt_rebuild_config)(const char *name, const char *runtime, const rt_rebuild_config_params_t *params);
};
int runtime_create(const char *name, const char *runtime, const rt_create_params_t *params);
@@ -246,6 +252,7 @@ int runtime_attach(const char *name, const char *runtime, const rt_attach_params
int runtime_update(const char *name, const char *runtime, const rt_update_params_t *params);
int runtime_listpids(const char *name, const char *runtime, const rt_listpids_params_t *params, rt_listpids_out_t *out);
+int runtime_rebuild_config(const char *name, const char *runtime, const rt_rebuild_config_params_t *params);
void free_rt_listpids_out_t(rt_listpids_out_t *out);
int runtime_resize(const char *name, const char *runtime, const rt_resize_params_t *params);
int runtime_exec_resize(const char *name, const char *runtime, const rt_exec_resize_params_t *params);
diff --git a/src/daemon/modules/container/restore/restore.c b/src/daemon/modules/container/restore/restore.c
index aca17a15..5f8abc9f 100644
--- a/src/daemon/modules/container/restore/restore.c
+++ b/src/daemon/modules/container/restore/restore.c
@@ -16,15 +16,17 @@
#include <stdio.h>
#include <unistd.h>
#include <limits.h>
-#include <isula_libutils/container_config_v2.h>
-#include <isula_libutils/host_config.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
+#include <isula_libutils/container_config_v2.h>
+#include <isula_libutils/host_config.h>
+#include <isula_libutils/log.h>
+
#include "isulad_config.h"
-#include "isula_libutils/log.h"
+
#include "container_api.h"
#include "supervisor.h"
#include "containers_gc.h"
@@ -281,9 +283,22 @@ static void restore_state(container_t *cont)
params.state = cont->state_path;
nret = runtime_status(id, runtime, &params, &real_status);
if (nret != 0) {
- ERROR("Failed to restore container %s, make real status to STOPPED. Due to can not load container with status %d",
- id, status);
- real_status.status = RUNTIME_CONTAINER_STATUS_STOPPED;
+ bool rebuild_config = (real_status.error_code == INVALID_CONFIG_ERR_CODE);
+ int tempret = -1;
+ // only the lcr container with a damaged config file will rebuild the config
+ if (rebuild_config) {
+ rt_rebuild_config_params_t rebuild_params = { 0 };
+ rebuild_params.rootpath = cont->root_path;
+ nret = runtime_rebuild_config(id, runtime, &rebuild_params);
+ EVENT("Rebuild config for container: %s, result : %d", id, nret);
+ if (nret == 0) {
+ tempret = runtime_status(id, runtime, &params, &real_status);
+ }
+ }
+ if (tempret != 0) {
+ WARN("Failed to restore container %s, make real status to STOPPED. Due to cannot load container with status %d", id, status);
+ real_status.status = RUNTIME_CONTAINER_STATUS_STOPPED;
+ }
}
if (real_status.status == RUNTIME_CONTAINER_STATUS_STOPPED) {
diff --git a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
index f61316d0..2bd8e686 100644
--- a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
+++ b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
@@ -16,15 +16,17 @@
#include <stdio.h>
#include <limits.h>
#include <errno.h>
-#include <isula_libutils/defs.h>
-#include <isula_libutils/host_config.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include <strings.h>
+#include <isula_libutils/log.h>
+#include <isula_libutils/defs.h>
+#include <isula_libutils/host_config.h>
+#include <isula_libutils/oci_runtime_spec.h>
+
#include "lcr_rt_ops.h"
-#include "isula_libutils/log.h"
#include "engine.h"
#include "error.h"
#include "isulad_config.h"
@@ -32,6 +34,8 @@
#include "runtime_api.h"
#include "utils_file.h"
+#define LCR_CONFIG_FILE "config"
+
bool rt_lcr_detect(const char *runtime)
{
/* now we just support lcr engine */
@@ -276,6 +280,17 @@ int rt_lcr_status(const char *name, const char *runtime, const rt_status_params_
nret = engine_ops->engine_get_container_status_op(name, params->rootpath, status);
if (nret != 0) {
ret = -1;
+ const char *tmpmsg = NULL;
+ if (engine_ops->engine_get_errmsg_op != NULL) {
+ tmpmsg = engine_ops->engine_get_errmsg_op();
+ }
+ if (tmpmsg != NULL && strstr(tmpmsg, "Failed to load config") != NULL) {
+ status->error_code = INVALID_CONFIG_ERR_CODE;
+ }
+ isulad_set_error_message("Runtime state container error: %s",
+ (tmpmsg != NULL && strcmp(tmpmsg, DEF_SUCCESS_STR)) != 0 ? tmpmsg : DEF_ERR_RUNTIME_STR);
+ ERROR("Runtime state container error: %s",
+ (tmpmsg != NULL && strcmp(tmpmsg, DEF_SUCCESS_STR)) != 0 ? tmpmsg : DEF_ERR_RUNTIME_STR);
goto out;
}
@@ -756,3 +771,80 @@ int rt_lcr_kill(const char *id, const char *runtime, const rt_kill_params_t *par
return 0;
}
+
+int rt_lcr_rebuild_config(const char *name, const char *runtime, const rt_rebuild_config_params_t *params)
+{
+ int ret = -1;
+ int nret = 0;
+ char config_file[PATH_MAX] = { 0 };
+ char bak_config_file[PATH_MAX] = { 0 };
+ char oci_config_file[PATH_MAX] = { 0 };
+ struct engine_operation *engine_ops = NULL;
+ oci_runtime_spec *oci_spec = NULL;
+ parser_error err = NULL;
+
+ engine_ops = engines_get_handler(runtime);
+ if (engine_ops == NULL || engine_ops->engine_create_op == NULL) {
+ ERROR("Failed to get engine rebuild config operations");
+ return -1;
+ }
+
+ nret = snprintf(config_file, PATH_MAX, "%s/%s/%s", params->rootpath, name, LCR_CONFIG_FILE);
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
+ ERROR("Failed to snprintf config file for container %s", name);
+ return -1;
+ }
+
+ nret = snprintf(bak_config_file, PATH_MAX, "%s/%s/%s", params->rootpath, name, ".tmp_config_bak");
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
+ ERROR("Failed to snprintf bak config file for container %s", name);
+ return -1;
+ }
+
+ nret = snprintf(oci_config_file, sizeof(oci_config_file), "%s/%s/%s", params->rootpath, name, OCI_CONFIG_JSON);
+ if (nret < 0 || (size_t)nret >= sizeof(oci_config_file)) {
+ ERROR("Failed to snprintf for config json");
+ return -1;
+ }
+
+ oci_spec = oci_runtime_spec_parse_file(oci_config_file, NULL, &err);
+ if (oci_spec == NULL) {
+ ERROR("Failed to parse oci config file:%s", err);
+ free(err);
+ return -1;
+ }
+
+ // delete the bak config file to prevent the remnants of the previous bak file
+ if (util_fileself_exists(bak_config_file) && util_path_remove(bak_config_file) != 0) {
+ ERROR("Failed to remove bak_config_file for container: %s", name);
+ goto out;
+ }
+
+ if (util_fileself_exists(config_file) && rename(config_file, bak_config_file) != 0) {
+ ERROR("Failed to backup old config for container: %s", name);
+ goto out;
+ }
+
+ nret = engine_ops->engine_create_op(name, params->rootpath, (void *)oci_spec);
+ if (nret != 0) {
+ // delete the invalid config file to prevent rename failed
+ if (util_fileself_exists(config_file) && util_path_remove(config_file) != 0) {
+ WARN("Failed to remove bak_config_file for container %s", name);
+ }
+ if (util_fileself_exists(bak_config_file) && rename(bak_config_file, config_file) != 0) {
+ WARN("Failed to rename backup old config to config for container %s", name);
+ }
+ }
+ ret = nret != 0 ? -1 : 0;
+
+out:
+ if (engine_ops != NULL && engine_ops->engine_clear_errmsg_op != NULL) {
+ engine_ops->engine_clear_errmsg_op();
+ }
+ if (util_fileself_exists(bak_config_file) && util_path_remove(bak_config_file) != 0) {
+ WARN("Failed to remove bak_config_file for %s", name);
+ }
+ free_oci_runtime_spec(oci_spec);
+ free(err);
+ return ret;
+}
diff --git a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.h b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.h
index 5b74ad6c..7403544d 100644
--- a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.h
+++ b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.h
@@ -47,6 +47,7 @@ int rt_lcr_resources_stats(const char *name, const char *runtime, const rt_stats
int rt_lcr_resize(const char *id, const char *runtime, const rt_resize_params_t *params);
int rt_lcr_exec_resize(const char *id, const char *runtime, const rt_exec_resize_params_t *params);
int rt_lcr_kill(const char *id, const char *runtime, const rt_kill_params_t *params);
+int rt_lcr_rebuild_config(const char *name, const char *runtime, const rt_rebuild_config_params_t *params);
#ifdef __cplusplus
}
#endif
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index 6c5d809e..e88cb8bb 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -1718,5 +1718,11 @@ int rt_isula_kill(const char *id, const char *runtime, const rt_kill_params_t *p
}
}
+ return 0;
+}
+
+// the config file of oci runtime is config.json. If it is damaged, it cannot be rebuilt.
+int rt_isula_rebuild_config(const char *name, const char *runtime, const rt_rebuild_config_params_t *params)
+{
return 0;
}
\ No newline at end of file
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.h b/src/daemon/modules/runtime/isula/isula_rt_ops.h
index 41e438fc..b1fa6983 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.h
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.h
@@ -46,6 +46,7 @@ int rt_isula_resources_stats(const char *name, const char *runtime, const rt_sta
int rt_isula_resize(const char *id, const char *runtime, const rt_resize_params_t *params);
int rt_isula_exec_resize(const char *id, const char *runtime, const rt_exec_resize_params_t *params);
int rt_isula_kill(const char *id, const char *runtime, const rt_kill_params_t *params);
+int rt_isula_rebuild_config(const char *name, const char *runtime, const rt_rebuild_config_params_t *params);
#ifdef __cplusplus
}
diff --git a/src/daemon/modules/runtime/runtime.c b/src/daemon/modules/runtime/runtime.c
index f2222315..f44cb7e3 100644
--- a/src/daemon/modules/runtime/runtime.c
+++ b/src/daemon/modules/runtime/runtime.c
@@ -45,6 +45,7 @@ static const struct rt_ops g_lcr_rt_ops = {
.rt_resize = rt_lcr_resize,
.rt_exec_resize = rt_lcr_exec_resize,
.rt_kill = rt_lcr_kill,
+ .rt_rebuild_config = rt_lcr_rebuild_config,
};
static const struct rt_ops g_isula_rt_ops = {
@@ -65,6 +66,7 @@ static const struct rt_ops g_isula_rt_ops = {
.rt_resize = rt_isula_resize,
.rt_exec_resize = rt_isula_exec_resize,
.rt_kill = rt_isula_kill,
+ .rt_rebuild_config = rt_isula_rebuild_config,
};
#ifdef ENABLE_SHIM_V2
@@ -86,6 +88,7 @@ static const struct rt_ops g_shim_rt_ops = {
.rt_resize = rt_shim_resize,
.rt_exec_resize = rt_shim_exec_resize,
.rt_kill = rt_shim_kill,
+ .rt_rebuild_config = rt_shim_rebuild_config,
};
#endif
@@ -465,6 +468,24 @@ out:
return ret;
}
+int runtime_rebuild_config(const char *name, const char *runtime, const rt_rebuild_config_params_t *params)
+{
+ const struct rt_ops *ops = NULL;
+
+ if (name == NULL || runtime == NULL || params == NULL) {
+ ERROR("Invalid arguments for runtime rebuild config");
+ return -1;
+ }
+
+ ops = rt_ops_query(runtime);
+ if (ops == NULL) {
+ ERROR("Failed to get runtime ops");
+ return -1;
+ }
+
+ return ops->rt_rebuild_config(name, runtime, params);
+}
+
int runtime_resize(const char *name, const char *runtime, const rt_resize_params_t *params)
{
int ret = 0;
diff --git a/src/daemon/modules/runtime/shim/shim_rt_ops.c b/src/daemon/modules/runtime/shim/shim_rt_ops.c
index fccdf634..230c627a 100644
--- a/src/daemon/modules/runtime/shim/shim_rt_ops.c
+++ b/src/daemon/modules/runtime/shim/shim_rt_ops.c
@@ -668,3 +668,9 @@ int rt_shim_kill(const char *id, const char *runtime, const rt_kill_params_t *pa
return 0;
}
+
+// the config file of oci runtime is config.json. If it is damaged, it cannot be rebuilt.
+int rt_shim_rebuild_config(const char *name, const char *runtime, const rt_rebuild_config_params_t *params)
+{
+ return 0;
+}
\ No newline at end of file
diff --git a/src/daemon/modules/runtime/shim/shim_rt_ops.h b/src/daemon/modules/runtime/shim/shim_rt_ops.h
index 575210af..85e1e09e 100644
--- a/src/daemon/modules/runtime/shim/shim_rt_ops.h
+++ b/src/daemon/modules/runtime/shim/shim_rt_ops.h
@@ -60,6 +60,8 @@ int rt_shim_resize(const char *id, const char *runtime, const rt_resize_params_t
int rt_shim_exec_resize(const char *id, const char *runtime, const rt_exec_resize_params_t *params);
+int rt_shim_rebuild_config(const char *name, const char *runtime, const rt_rebuild_config_params_t *params);
+
#ifdef __cplusplus
}
#endif
--
2.42.0

54
0157-2263-use-dev-random-to-replace-dev-urandom.patch Normal file
View File

@ -0,0 +1,54 @@
From cb6c4fbd56f57b01773c8f8d39de5e434f218f87 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 21 Nov 2023 03:48:56 +0000
Subject: [PATCH 157/181] !2263 use /dev/random to replace /dev/urandom * use
/dev/random to replace /dev/urandom
---
src/cmd/isulad-shim/common.c | 2 +-
src/daemon/common/selinux_label.c | 2 +-
src/utils/cutils/utils.c | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/cmd/isulad-shim/common.c b/src/cmd/isulad-shim/common.c
index c88de736..72da932a 100644
--- a/src/cmd/isulad-shim/common.c
+++ b/src/cmd/isulad-shim/common.c
@@ -214,7 +214,7 @@ int generate_random_str(char *id, size_t len)
const int m = 256;
len = len / 2;
- fd = open("/dev/urandom", O_RDONLY);
+ fd = open("/dev/random", O_RDONLY);
if (fd == -1) {
return SHIM_ERR;
}
diff --git a/src/daemon/common/selinux_label.c b/src/daemon/common/selinux_label.c
index 7a295250..c1c52714 100644
--- a/src/daemon/common/selinux_label.c
+++ b/src/daemon/common/selinux_label.c
@@ -304,7 +304,7 @@ static int get_random_value(unsigned int range, unsigned int *val)
{
int ret = 0;
int num = 0;
- int fd = open("/dev/urandom", O_RDONLY);
+ int fd = open("/dev/random", O_RDONLY);
if (fd == -1) {
ERROR("Failed to open urandom device\n");
return -1;
diff --git a/src/utils/cutils/utils.c b/src/utils/cutils/utils.c
index a994731d..7615a94c 100644
--- a/src/utils/cutils/utils.c
+++ b/src/utils/cutils/utils.c
@@ -1284,7 +1284,7 @@ int util_generate_random_str(char *id, size_t len)
}
len = len / 2;
- fd = open("/dev/urandom", O_RDONLY);
+ fd = open("/dev/random", O_RDONLY);
if (fd == -1) {
ERROR("Failed to open /dev/urandom");
return -1;
--
2.42.0

39
0158-2264-bugfix-for-runc-container-exec.patch Normal file
View File

@ -0,0 +1,39 @@
From 7e09213651e3e93a84614198141317a2dda4094c Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 21 Nov 2023 03:49:35 +0000
Subject: [PATCH 158/181] !2264 bugfix for runc container exec * bugfix for
runc container exec
---
src/daemon/modules/runtime/isula/isula_rt_ops.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index e88cb8bb..f058ce84 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -1313,17 +1313,16 @@ int rt_isula_exec(const char *id, const char *runtime, const rt_exec_params_t *p
}
ret = shim_create(fg_exec(params), id, workdir, bundle, cmd, exit_code, timeout, &shim_exit_code);
- if (ret != 0) {
- ERROR("%s: failed create shim process for exec %s", id, exec_id);
- goto errlog_out;
- }
-
if (shim_exit_code == SHIM_EXIT_TIMEOUT) {
ret = -1;
isulad_set_error_message("Exec container error;exec timeout");
ERROR("isulad-shim %d exit for execing timeout", pid);
goto errlog_out;
}
+ if (ret != 0) {
+ ERROR("%s: failed create shim process for exec %s", id, exec_id);
+ goto errlog_out;
+ }
pid = get_container_process_pid(workdir);
if (pid < 0) {
--
2.42.0

103
0159-2262-bugfix-of-update-restart-policy-for-auto-remove.patch Normal file
View File

@ -0,0 +1,103 @@
From 851d68654e8025bbb1fe2380eddb24457addb4e5 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Tue, 21 Nov 2023 03:49:56 +0000
Subject: [PATCH 159/181] !2262 bugfix of update restart policy for auto remove
container * add update restart policy test * bugfix of update restart policy
for auto remove container
---
CI/test_cases/container_cases/update.sh | 26 +++++++++++++++++++
.../executor/container_cb/execution_extend.c | 18 ++++++++-----
2 files changed, 37 insertions(+), 7 deletions(-)
diff --git a/CI/test_cases/container_cases/update.sh b/CI/test_cases/container_cases/update.sh
index 9147b9e0..d180c195 100755
--- a/CI/test_cases/container_cases/update.sh
+++ b/CI/test_cases/container_cases/update.sh
@@ -138,6 +138,27 @@ function do_test_t()
return $TC_RET_T
}
+function test_autoremove_restartpolicy()
+{
+ containername=test_update2
+ containerid=`isula run -itd --runtime $1 --rm --name $containername busybox`
+ fn_check_eq "$?" "0" "run failed"
+
+ isula update --restart always $containerid
+ fn_check_ne "$?" "0" "update should fail"
+
+ isula update --restart nooooooooooo $containerid
+ fn_check_ne "$?" "0" "update should fail"
+
+ isula update --restart no $containerid
+ fn_check_eq "$?" "0" "update restart policy no failed"
+
+ isula rm -f $containername
+ fn_check_eq "$?" "0" "rm failed"
+
+ return $TC_RET_T
+}
+
function do_test_t1()
{
containername=test_update1
@@ -173,6 +194,11 @@ do
let "ret=$ret + 1"
fi
+ test_autoremove_restartpolicy $element
+ if [ $? -ne 0 ];then
+ let "ret=$ret + 1"
+ fi
+
if [ -f "/sys/fs/cgroup/memory/memory.memsw.usage_in_bytes" ];then
do_test_t1 $element
if [ $? -ne 0 ];then
diff --git a/src/daemon/executor/container_cb/execution_extend.c b/src/daemon/executor/container_cb/execution_extend.c
index 00d130ac..88569a4e 100644
--- a/src/daemon/executor/container_cb/execution_extend.c
+++ b/src/daemon/executor/container_cb/execution_extend.c
@@ -1023,15 +1023,14 @@ static int update_host_config_check(container_t *cont, host_config *hostconfig)
ret = verify_host_config_settings(hostconfig, true);
if (ret != 0) {
- goto out;
+ return -1;
}
if (container_is_removal_in_progress(cont->state) || container_is_dead(cont->state)) {
ERROR("Container is marked for removal and cannot be \"update\".");
isulad_set_error_message(
"Cannot update container %s: Container is marked for removal and cannot be \"update\".", id);
- ret = -1;
- goto out;
+ return -1;
}
if (container_is_running(cont->state) && hostconfig->kernel_memory) {
@@ -1039,12 +1038,17 @@ static int update_host_config_check(container_t *cont, host_config *hostconfig)
isulad_set_error_message("Cannot update container %s: Can not update kernel memory to a running container,"
" please stop it first.",
id);
- ret = -1;
- goto out;
+ return -1;
}
-out:
- return ret;
+ if (cont->hostconfig->auto_remove && hostconfig->restart_policy != NULL &&
+ hostconfig->restart_policy->name != NULL && strcmp("no", hostconfig->restart_policy->name) != 0) {
+ ERROR("Cannot update restart policy for the auto remove container %s", id);
+ isulad_set_error_message("Cannot update restart policy for the auto remove container %s", id);
+ return -1;
+ }
+
+ return 0;
}
static int do_update_resources(const container_update_request *request, container_t *cont)
--
2.42.0

54
0160-2265-use-dev-urandom-to-replace-dev-random.patch Normal file
View File

@ -0,0 +1,54 @@
From 3720938ccd86495bf8391e9d9cdd0ac597c57c14 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 21 Nov 2023 13:46:14 +0000
Subject: [PATCH 160/181] !2265 use /dev/urandom to replace /dev/random * use
/dev/urandom to replace /dev/random
---
src/cmd/isulad-shim/common.c | 2 +-
src/daemon/common/selinux_label.c | 2 +-
src/utils/cutils/utils.c | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/cmd/isulad-shim/common.c b/src/cmd/isulad-shim/common.c
index 72da932a..c88de736 100644
--- a/src/cmd/isulad-shim/common.c
+++ b/src/cmd/isulad-shim/common.c
@@ -214,7 +214,7 @@ int generate_random_str(char *id, size_t len)
const int m = 256;
len = len / 2;
- fd = open("/dev/random", O_RDONLY);
+ fd = open("/dev/urandom", O_RDONLY);
if (fd == -1) {
return SHIM_ERR;
}
diff --git a/src/daemon/common/selinux_label.c b/src/daemon/common/selinux_label.c
index c1c52714..7a295250 100644
--- a/src/daemon/common/selinux_label.c
+++ b/src/daemon/common/selinux_label.c
@@ -304,7 +304,7 @@ static int get_random_value(unsigned int range, unsigned int *val)
{
int ret = 0;
int num = 0;
- int fd = open("/dev/random", O_RDONLY);
+ int fd = open("/dev/urandom", O_RDONLY);
if (fd == -1) {
ERROR("Failed to open urandom device\n");
return -1;
diff --git a/src/utils/cutils/utils.c b/src/utils/cutils/utils.c
index 7615a94c..a994731d 100644
--- a/src/utils/cutils/utils.c
+++ b/src/utils/cutils/utils.c
@@ -1284,7 +1284,7 @@ int util_generate_random_str(char *id, size_t len)
}
len = len / 2;
- fd = open("/dev/random", O_RDONLY);
+ fd = open("/dev/urandom", O_RDONLY);
if (fd == -1) {
ERROR("Failed to open /dev/urandom");
return -1;
--
2.42.0

59
0161-open-ENABLE_GRPC_REMOTE_CONNECT-in-CI-and-bugfix-for.patch Normal file
View File

@ -0,0 +1,59 @@
From a27b67a513ad2068067707243d48ac629ef577cd Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 22 Nov 2023 09:27:09 +0800
Subject: [PATCH 161/181] open ENABLE_GRPC_REMOTE_CONNECT in CI and bugfix for
run.sh
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
CI/make-and-install.sh | 4 ++--
CI/pr-gateway.sh | 2 +-
CI/test_cases/container_cases/run.sh | 3 ++-
3 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/CI/make-and-install.sh b/CI/make-and-install.sh
index e714d206..08cc4520 100755
--- a/CI/make-and-install.sh
+++ b/CI/make-and-install.sh
@@ -106,9 +106,9 @@ rm -rf build
mkdir build
cd build
if [[ ${enable_gcov} -ne 0 ]]; then
- cmake -DLIB_INSTALL_DIR=${builddir}/lib -DCMAKE_INSTALL_PREFIX=${builddir} -DCMAKE_INSTALL_SYSCONFDIR=${builddir}/etc -DCMAKE_BUILD_TYPE=Debug -DGCOV=ON -DENABLE_EMBEDDED=ON -DENABLE_COVERAGE=ON -DENABLE_UT=ON -DENABLE_METRICS=ON -DENABLE_REMOTE_LAYER_STORE=ON ..
+ cmake -DLIB_INSTALL_DIR=${builddir}/lib -DCMAKE_INSTALL_PREFIX=${builddir} -DCMAKE_INSTALL_SYSCONFDIR=${builddir}/etc -DCMAKE_BUILD_TYPE=Debug -DGCOV=ON -DENABLE_EMBEDDED=ON -DENABLE_COVERAGE=ON -DENABLE_UT=ON -DENABLE_METRICS=ON -DENABLE_REMOTE_LAYER_STORE=ON -DENABLE_GRPC_REMOTE_CONNECT=ON ..
else
- cmake -DLIB_INSTALL_DIR=${builddir}/lib -DCMAKE_INSTALL_PREFIX=${builddir} -DCMAKE_INSTALL_SYSCONFDIR=${builddir}/etc -DENABLE_EMBEDDED=ON -DENABLE_METRICS=ON -DENABLE_REMOTE_LAYER_STORE=ON ..
+ cmake -DLIB_INSTALL_DIR=${builddir}/lib -DCMAKE_INSTALL_PREFIX=${builddir} -DCMAKE_INSTALL_SYSCONFDIR=${builddir}/etc -DENABLE_EMBEDDED=ON -DENABLE_METRICS=ON -DENABLE_REMOTE_LAYER_STORE=ON -DENABLE_GRPC_REMOTE_CONNECT=ON ..
fi
make -j $(nproc)
make install
diff --git a/CI/pr-gateway.sh b/CI/pr-gateway.sh
index 8223ddf5..3dbdd887 100755
--- a/CI/pr-gateway.sh
+++ b/CI/pr-gateway.sh
@@ -112,7 +112,7 @@ pushd iSulad
rm -rf build
mkdir build
pushd build
-cmake -DDEBUG=ON -DCMAKE_INSTALL_PREFIX=/usr -DENABLE_UT=ON -DENABLE_REMOTE_LAYER_STORE=ON -DENABLE_SHIM_V2=OFF ../ || exit 1
+cmake -DDEBUG=ON -DCMAKE_INSTALL_PREFIX=/usr -DENABLE_UT=ON -DENABLE_REMOTE_LAYER_STORE=ON -DENABLE_SHIM_V2=OFF -DENABLE_GRPC_REMOTE_CONNECT=ON ../ || exit 1
make -j $(nproc) || exit 1
ctest -V
popd
diff --git a/CI/test_cases/container_cases/run.sh b/CI/test_cases/container_cases/run.sh
index 1dea51ab..80485457 100755
--- a/CI/test_cases/container_cases/run.sh
+++ b/CI/test_cases/container_cases/run.sh
@@ -29,7 +29,8 @@ function do_test_t()
tid=$(isula run --name $containername -td busybox)
hostname=$(isula exec -it $containername hostname)
- fn_check_eq "${hostname}" "${tid:0:12}" "default hostname is not id of container"
+ clean_hostname=$(echo "$hostname" | sed 's/[\x01-\x1F\x7F]//g')
+ fn_check_eq "${clean_hostname}" "${tid:0:12}" "default hostname is not id of container"
isula exec -it $containername env | grep HOSTNAME
fn_check_eq "$?" "0" "check HOSTNAME env failed"
isula stop -t 0 $tid
--
2.42.0

45
0162-2274-bugfix-for-rt_lcr_rebuild_config.patch Normal file
View File

@ -0,0 +1,45 @@
From 12241c3a2bd69e6cf31c0ea686e97c0387031ced Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Fri, 24 Nov 2023 08:10:53 +0000
Subject: [PATCH 162/181] !2274 bugfix for rt_lcr_rebuild_config * bugfix for
rt_lcr_rebuild_config
---
src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
index 2bd8e686..a937e1b2 100644
--- a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
+++ b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
@@ -776,6 +776,7 @@ int rt_lcr_rebuild_config(const char *name, const char *runtime, const rt_rebuil
{
int ret = -1;
int nret = 0;
+ bool rebuild_success = false;
char config_file[PATH_MAX] = { 0 };
char bak_config_file[PATH_MAX] = { 0 };
char oci_config_file[PATH_MAX] = { 0 };
@@ -825,8 +826,8 @@ int rt_lcr_rebuild_config(const char *name, const char *runtime, const rt_rebuil
goto out;
}
- nret = engine_ops->engine_create_op(name, params->rootpath, (void *)oci_spec);
- if (nret != 0) {
+ rebuild_success = engine_ops->engine_create_op(name, params->rootpath, (void *)oci_spec);
+ if (!rebuild_success) {
// delete the invalid config file to prevent rename failed
if (util_fileself_exists(config_file) && util_path_remove(config_file) != 0) {
WARN("Failed to remove bak_config_file for container %s", name);
@@ -835,7 +836,7 @@ int rt_lcr_rebuild_config(const char *name, const char *runtime, const rt_rebuil
WARN("Failed to rename backup old config to config for container %s", name);
}
}
- ret = nret != 0 ? -1 : 0;
+ ret = rebuild_success ? 0 : -1;
out:
if (engine_ops != NULL && engine_ops->engine_clear_errmsg_op != NULL) {
--
2.42.0

85
0163-use-RAND_bytes-to-replace-dev-urandom.patch Normal file
View File

@ -0,0 +1,85 @@
From ba57a3d8c0c26b3792b2daa191a6e76fa546a25d Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sat, 25 Nov 2023 22:25:03 +1400
Subject: [PATCH 163/181] use RAND_bytes to replace /dev/urandom
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/utils/cutils/utils.c | 25 +++++++++----------------
src/utils/cutils/utils.h | 2 ++
2 files changed, 11 insertions(+), 16 deletions(-)
diff --git a/src/utils/cutils/utils.c b/src/utils/cutils/utils.c
index a994731d..46a478b6 100644
--- a/src/utils/cutils/utils.c
+++ b/src/utils/cutils/utils.c
@@ -37,6 +37,7 @@
#include <termios.h> // IWYU pragma: keep
#include <strings.h>
#include <time.h>
+#include <openssl/rand.h>
#include "isula_libutils/log.h"
#include "isula_libutils/json_common.h"
@@ -1274,37 +1275,29 @@ void util_usleep_nointerupt(unsigned long usec)
int util_generate_random_str(char *id, size_t len)
{
- int fd = -1;
- int num = 0;
+#define MAX_RANDOM_BYTES_LEN 100
size_t i;
- const int m = 256;
+ unsigned char random_bytes[MAX_RANDOM_BYTES_LEN] = { 0 };
+ len = len / 2;
- if (id == NULL) {
+ if (id == NULL || len > MAX_RANDOM_BYTES_LEN) {
+ ERROR("Invalid id or len");
return -1;
}
- len = len / 2;
- fd = open("/dev/urandom", O_RDONLY);
- if (fd == -1) {
- ERROR("Failed to open /dev/urandom");
+ if (RAND_bytes((unsigned char *)random_bytes, len) != 1) {
+ ERROR("Failed to get random bytes by RAND_bytes");
return -1;
}
for (i = 0; i < len; i++) {
int nret;
- if (util_read_nointr(fd, &num, sizeof(int)) < 0) {
- ERROR("Failed to read urandom value");
- close(fd);
- return -1;
- }
- unsigned char rs = (unsigned char)(num % m);
+ unsigned char rs = random_bytes[i];
nret = snprintf((id + i * 2), ((len - i) * 2 + 1), "%02x", (unsigned int)rs);
if (nret < 0 || (size_t)nret >= ((len - i) * 2 + 1)) {
ERROR("Failed to snprintf random string");
- close(fd);
return -1;
}
}
- close(fd);
id[i * 2] = '\0';
return 0;
}
diff --git a/src/utils/cutils/utils.h b/src/utils/cutils/utils.h
index bb510062..5a1592fd 100644
--- a/src/utils/cutils/utils.h
+++ b/src/utils/cutils/utils.h
@@ -375,6 +375,8 @@ int util_input_noecho(char *buf, size_t maxlen);
void util_usleep_nointerupt(unsigned long usec);
+// id : random string, notice: the length of id needs to be len + 1
+// len : the length of the random string that needs to be generated, notice: len needs to be an even number
int util_generate_random_str(char *id, size_t len);
int util_check_inherited_exclude_fds(bool closeall, int *fds_to_ignore, size_t len_fds);
--
2.42.0

153
0164-fix-the-problem-of-abnormal-branches-not-waiting-for.patch Normal file
View File

@ -0,0 +1,153 @@
From e22eda3552702f1984a3d0c79ba62673bf597e15 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 27 Nov 2023 14:52:43 +0800
Subject: [PATCH 164/181] fix the problem of abnormal branches not waiting for
child processes
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/cmd/isulad-shim/common.c | 6 +++---
src/cmd/isulad-shim/process.c | 14 ++++++++------
src/daemon/modules/runtime/isula/isula_rt_ops.c | 16 ++++++++++------
src/daemon/modules/runtime/shim/shim_rt_ops.c | 15 +++++++++------
4 files changed, 30 insertions(+), 21 deletions(-)
diff --git a/src/cmd/isulad-shim/common.c b/src/cmd/isulad-shim/common.c
index c88de736..4a84cf40 100644
--- a/src/cmd/isulad-shim/common.c
+++ b/src/cmd/isulad-shim/common.c
@@ -193,12 +193,12 @@ int cmd_combined_output(const char *binary, const char *params[], void *output,
}
*output_len = read_nointr(stdio[0], output, BUFSIZ - 1);
- close(stdio[0]);
- close(exec_fd[0]);
- wait(&status);
ret = SHIM_OK;
out:
+ close(stdio[0]);
+ close(exec_fd[0]);
+ wait(&status);
if (ret != SHIM_OK) {
kill(pid, 9);
}
diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c
index a91c3c16..df6b7599 100644
--- a/src/cmd/isulad-shim/process.c
+++ b/src/cmd/isulad-shim/process.c
@@ -1079,7 +1079,7 @@ static void exec_runtime_process(process_t *p, int exec_fd)
const char *params[MAX_RUNTIME_ARGS] = { 0 };
get_runtime_cmd(p, log_path, pid_path, process_desc, params);
execvp(p->runtime, (char * const *)params);
- (void)dprintf(exec_fd, "fork/exec error: %s", strerror(errno));
+ (void)dprintf(exec_fd, "run process: %s error: %s", p->runtime, strerror(errno));
_exit(EXIT_FAILURE);
}
@@ -1117,11 +1117,6 @@ int create_process(process_t *p)
close_fd(&p->stdio->resize);
}
nread = read_nointr(exec_fd[0], exec_buff, sizeof(exec_buff) - 1);
- if (nread > 0) {
- write_message(ERR_MSG, "runtime error");
- ret = SHIM_ERR;
- goto out;
- }
/* block to wait runtime pid exit */
ret = waitpid(pid, NULL, 0);
@@ -1131,6 +1126,13 @@ int create_process(process_t *p)
goto out;
}
+ // if an error occurs in exec_runtime_process, jump directly to the out branch after waitpid.
+ if (nread > 0) {
+ write_message(ERR_MSG, "%s", exec_buff);
+ ret = SHIM_ERR;
+ goto out;
+ }
+
/* save runtime pid */
data = read_text_file("pid");
if (data == NULL) {
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index f058ce84..c9e590b9 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -837,17 +837,13 @@ realexec:
}
execvp(SHIM_BINARY, (char * const *)params);
- (void)dprintf(shim_stderr_pipe[1], "exec failed: %s", strerror(errno));
+ (void)dprintf(shim_stderr_pipe[1], "run process: %s failed: %s", SHIM_BINARY, strerror(errno));
+ exit(EXIT_FAILURE);
}
close(shim_stderr_pipe[1]);
close(shim_stdout_pipe[1]);
num = util_read_nointr(shim_stderr_pipe[0], exec_buff, sizeof(exec_buff) - 1);
- if (num > 0) {
- ERROR("Exec failed: %s", exec_buff);
- ret = -1;
- goto out;
- }
status = util_wait_for_pid_status(pid);
if (status < 0) {
@@ -856,6 +852,14 @@ realexec:
goto out;
}
+ // if failed to exec, jump directly to the out branch after waitpid.
+ if (num > 0) {
+ ERROR("%s", exec_buff);
+ isulad_set_error_message("%s", exec_buff);
+ ret = -1;
+ goto out;
+ }
+
*shim_exit_code = status_to_exit_code(status);
if (*shim_exit_code != 0) {
ERROR("Isulad-shim exit error");
diff --git a/src/daemon/modules/runtime/shim/shim_rt_ops.c b/src/daemon/modules/runtime/shim/shim_rt_ops.c
index 230c627a..459a870d 100644
--- a/src/daemon/modules/runtime/shim/shim_rt_ops.c
+++ b/src/daemon/modules/runtime/shim/shim_rt_ops.c
@@ -183,17 +183,13 @@ static int shim_bin_v2_create(const char *runtime, const char *id, const char *w
}
execvp(binary, (char * const *)params);
- (void)dprintf(exec_fd[1], "exec failed: %s", strerror(errno));
+ (void)dprintf(exec_fd[1], "run process: %s failed: %s", binary, strerror(errno));
exit(EXIT_FAILURE);
}
close(exec_fd[1]);
exec_fd[1] = -1;
- if (util_read_nointr(exec_fd[0], exec_buff, sizeof(exec_buff) - 1) > 0) {
- ERROR("exec failed: %s", exec_buff);
- ret = -1;
- goto out;
- }
+ nret = util_read_nointr(exec_fd[0], exec_buff, sizeof(exec_buff) - 1);
close(exec_fd[0]);
exec_fd[0] = -1;
@@ -204,6 +200,13 @@ static int shim_bin_v2_create(const char *runtime, const char *id, const char *w
goto out;
}
+ // if failed to exec, jump directly to the out branch after waitpid.
+ if (nret > 0) {
+ ERROR("%s", exec_buff);
+ ret = -1;
+ goto out;
+ }
+
status = status_to_exit_code(status);
close(out_fd[1]);
--
2.42.0

86
0165-2286-bugfix-for-the-bliko-zero-value-exception-when-.patch Normal file
View File

@ -0,0 +1,86 @@
From ff812d0b1c2f87b873652c2b366ea4025ee2d15f Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 29 Nov 2023 09:33:32 +0000
Subject: [PATCH 165/181] =?UTF-8?q?!2286=20bugfix=20for=20the=20bliko=20ze?=
=?UTF-8?q?ro=20value=20exception=20when=20executing=20the=20stats=20comma?=
=?UTF-8?q?nd=20on=20the=20oci=20container=20*=20bugfix=20for=20the=20blik?=
=?UTF-8?q?o=20zero=20value=20exception=20when=20executing=20the=20stats?=
=?UTF-8?q?=20com=E2=80=A6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.../modules/runtime/isula/isula_rt_ops.c | 49 +++++++++++++------
1 file changed, 35 insertions(+), 14 deletions(-)
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index c9e590b9..753816f5 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -562,6 +562,40 @@ out:
return ret;
}
+static void transform_stats_info_from_runtime(shim_client_runtime_stats *stats, struct runtime_container_resources_stats_info *info)
+{
+ if (stats == NULL || stats->data == NULL) {
+ return;
+ }
+ if (stats->data->pids != NULL) {
+ info->pids_current = stats->data->pids->current;
+ }
+ if (stats->data->cpu != NULL && stats->data->cpu->usage != NULL) {
+ info->cpu_use_nanos = stats->data->cpu->usage->total;
+ info->cpu_system_use = stats->data->cpu->usage->kernel;
+ }
+ shim_client_runtime_stats_data_memory *memory = stats->data->memory;
+ if (memory != NULL && memory->usage != NULL) {
+ info->mem_used = memory->usage->usage;
+ info->mem_limit = memory->usage->limit;
+ }
+ if (memory != NULL && memory->raw != NULL) {
+ info->inactive_file_total = memory->raw->total_inactive_file;
+ }
+ shim_client_runtime_stats_data_blkio *blkio = stats->data->blkio;
+ if (blkio == NULL) {
+ return;
+ }
+ for (size_t i = 0; i < blkio->io_service_bytes_recursive_len; i++) {
+ if (strcasecmp(blkio->io_service_bytes_recursive[i]->op, "read") == 0) {
+ info->blkio_read += blkio->io_service_bytes_recursive[i]->value;
+ }
+ if (strcasecmp(blkio->io_service_bytes_recursive[i]->op, "write") == 0) {
+ info->blkio_write += blkio->io_service_bytes_recursive[i]->value;
+ }
+ }
+}
+
static int runtime_call_stats(const char *workdir, const char *runtime, const char *id,
struct runtime_container_resources_stats_info *info)
{
@@ -601,20 +635,7 @@ static int runtime_call_stats(const char *workdir, const char *runtime, const ch
goto out;
}
- if (stats != NULL && stats->data != NULL && stats->data->pids != NULL) {
- info->pids_current = stats->data->pids->current;
- }
- if (stats != NULL && stats->data != NULL && stats->data->cpu != NULL && stats->data->cpu->usage) {
- info->cpu_use_nanos = stats->data->cpu->usage->total;
- info->cpu_system_use = stats->data->cpu->usage->kernel;
- }
- if (stats != NULL && stats->data != NULL && stats->data->memory != NULL && stats->data->memory->usage) {
- info->mem_used = stats->data->memory->usage->usage;
- info->mem_limit = stats->data->memory->usage->limit;
- }
- if (stats != NULL && stats->data != NULL && stats->data->memory != NULL && stats->data->memory->raw) {
- info->inactive_file_total = stats->data->memory->raw->total_inactive_file;
- }
+ transform_stats_info_from_runtime(stats, info);
out:
free_shim_client_runtime_stats(stats);
--
2.42.0

34
0166-move-variable-declaration-out-of-loop.patch Normal file
View File

@ -0,0 +1,34 @@
From 1061fd5a54ef850aa1873eb128f4b1eb938d41d2 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Thu, 30 Nov 2023 16:02:44 +1400
Subject: [PATCH 166/181] move variable declaration out of loop
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/modules/runtime/isula/isula_rt_ops.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index 753816f5..6a5e0125 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -564,6 +564,7 @@ out:
static void transform_stats_info_from_runtime(shim_client_runtime_stats *stats, struct runtime_container_resources_stats_info *info)
{
+ size_t i;
if (stats == NULL || stats->data == NULL) {
return;
}
@@ -586,7 +587,7 @@ static void transform_stats_info_from_runtime(shim_client_runtime_stats *stats,
if (blkio == NULL) {
return;
}
- for (size_t i = 0; i < blkio->io_service_bytes_recursive_len; i++) {
+ for (i = 0; i < blkio->io_service_bytes_recursive_len; i++) {
if (strcasecmp(blkio->io_service_bytes_recursive[i]->op, "read") == 0) {
info->blkio_read += blkio->io_service_bytes_recursive[i]->value;
}
--
2.42.0

33
0167-fix-error-for-cat-bigdata-in-oci-runtime.patch Normal file
View File

@ -0,0 +1,33 @@
From a83cc7ff8abaec249054b18e86d5e0ade3825f77 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Mon, 6 Nov 2023 19:46:25 +0800
Subject: [PATCH 167/181] fix error for cat bigdata in oci runtime
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
src/cmd/isulad-shim/process.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c
index df6b7599..38b3a1a1 100644
--- a/src/cmd/isulad-shim/process.c
+++ b/src/cmd/isulad-shim/process.c
@@ -411,9 +411,12 @@ static stdio_t *initialize_io(process_t *p)
goto failure;
}
- /* don't open resize pipe */
- if ((pipe2(stdio_fd[0], O_CLOEXEC | O_NONBLOCK) != 0) || (pipe2(stdio_fd[1], O_CLOEXEC | O_NONBLOCK) != 0) ||
- (pipe2(stdio_fd[2], O_CLOEXEC | O_NONBLOCK) != 0)) {
+ /*
+ * don't open resize pipe;
+ * stdio pipes must not set to non-block, because 'cat big-file' will failed;
+ */
+ if ((pipe2(stdio_fd[0], O_CLOEXEC) != 0) || (pipe2(stdio_fd[1], O_CLOEXEC) != 0) ||
+ (pipe2(stdio_fd[2], O_CLOEXEC) != 0)) {
write_message(ERR_MSG, "open pipe failed when init io:%d", SHIM_SYS_ERR(errno));
goto failure;
}
--
2.42.0

221
0168-use-a-timeout-epoll-loop-to-ensure-complete-data-rec.patch Normal file
View File

@ -0,0 +1,221 @@
From 949dcd4fc3f09d44e102b3319917108879278baa Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Fri, 1 Dec 2023 22:30:06 +1400
Subject: [PATCH 168/181] use a timeout epoll loop to ensure complete data
reception
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/cmd/isulad-shim/process.c | 121 +++++++---------------------------
src/cmd/isulad-shim/process.h | 1 -
2 files changed, 24 insertions(+), 98 deletions(-)
diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c
index 38b3a1a1..c205302f 100644
--- a/src/cmd/isulad-shim/process.c
+++ b/src/cmd/isulad-shim/process.c
@@ -162,6 +162,7 @@ out:
static int sync_exit_cb(int fd, uint32_t events, void *cbdata, struct epoll_descr *descr)
{
+ epoll_loop_del_handler(descr, fd);
return EPOLL_LOOP_HANDLE_CLOSE;
}
@@ -213,23 +214,13 @@ static int stdout_cb(int fd, uint32_t events, void *cbdata, struct epoll_descr *
int r_count = 0;
int w_count = 0;
- if (events & EPOLLHUP) {
- return EPOLL_LOOP_HANDLE_CLOSE;
- }
-
- if (!(events & EPOLLIN)) {
- return EPOLL_LOOP_HANDLE_CONTINUE;
- }
-
(void)memset(p->buf, 0, DEFAULT_IO_COPY_BUF);
- if (p->block_read) {
- r_count = read_nointr(fd, p->buf, DEFAULT_IO_COPY_BUF);
- } else {
- r_count = read(fd, p->buf, DEFAULT_IO_COPY_BUF);
- }
- if (r_count <= 0) {
- return EPOLL_LOOP_HANDLE_CLOSE;
+ r_count = read_nointr(fd, p->buf, DEFAULT_IO_COPY_BUF);
+ if (r_count <= 0 ) {
+ epoll_loop_del_handler(descr, fd);
+ close(fd);
+ return EPOLL_LOOP_HANDLE_CONTINUE;
}
shim_write_container_log_file(p->terminal, STDID_OUT, p->buf, r_count);
@@ -255,23 +246,13 @@ static int stderr_cb(int fd, uint32_t events, void *cbdata, struct epoll_descr *
int r_count = 0;
int w_count = 0;
- if (events & EPOLLHUP) {
- return EPOLL_LOOP_HANDLE_CLOSE;
- }
-
- if (!(events & EPOLLIN)) {
- return EPOLL_LOOP_HANDLE_CONTINUE;
- }
-
(void)memset(p->buf, 0, DEFAULT_IO_COPY_BUF);
- if (p->block_read) {
- r_count = read_nointr(fd, p->buf, DEFAULT_IO_COPY_BUF);
- } else {
- r_count = read(fd, p->buf, DEFAULT_IO_COPY_BUF);
- }
- if (r_count <= 0) {
- return EPOLL_LOOP_HANDLE_CLOSE;
+ r_count = read_nointr(fd, p->buf, DEFAULT_IO_COPY_BUF);
+ if (r_count <= 0 ) {
+ epoll_loop_del_handler(descr, fd);
+ close(fd);
+ return EPOLL_LOOP_HANDLE_CONTINUE;
}
shim_write_container_log_file(p->terminal, STDID_ERR, p->buf, r_count);
@@ -297,18 +278,11 @@ static int resize_cb(int fd, uint32_t events, void *cbdata, struct epoll_descr *
int r_count = 0;
int resize_fd = -1;
- if (events & EPOLLHUP) {
- return EPOLL_LOOP_HANDLE_CLOSE;
- }
-
- if (!(events & EPOLLIN)) {
- return EPOLL_LOOP_HANDLE_CONTINUE;
- }
-
(void)memset(p->buf, 0, DEFAULT_IO_COPY_BUF);
r_count = read_nointr(fd, p->buf, DEFAULT_IO_COPY_BUF);
if (r_count <= 0) {
- return EPOLL_LOOP_HANDLE_CLOSE;
+ close(fd);
+ return EPOLL_LOOP_HANDLE_CONTINUE;
}
resize_fd = p->recv_fd;
@@ -565,24 +539,6 @@ static int open_generic_io(process_t *p, struct epoll_descr *descr)
return SHIM_OK;
}
-static int set_non_block(int fd)
-{
- int flag = -1;
- int ret = SHIM_ERR;
-
- flag = fcntl(fd, F_GETFL, 0);
- if (flag < 0) {
- return SHIM_ERR;
- }
-
- ret = fcntl(fd, F_SETFL, flag | O_NONBLOCK);
- if (ret != 0) {
- return SHIM_ERR;
- }
-
- return SHIM_OK;
-}
-
/*
std_id: channel type
isulad_stdio: one side of the isulad fifo file
@@ -602,8 +558,6 @@ static int set_non_block(int fd)
static void *io_epoll_loop(void *data)
{
int ret = 0;
- int fd_out = -1;
- int fd_err = -1;
process_t *p = (process_t *)data;
struct epoll_descr descr;
@@ -632,49 +586,23 @@ static void *io_epoll_loop(void *data)
(void)sem_post(&p->sem_mainloop);
+ // th frist epoll_loop will exit in the following scenarios:
+ // 1. Receive sync fd event
+ // 2. stdin fd receive EPOLLHUP event
+ // 3. stdin fd read failed
ret = epoll_loop(&descr, -1);
if (ret != 0) {
write_message(ERR_MSG, "epoll loop failed");
exit(EXIT_FAILURE);
}
- // in order to avoid data loss, set fd non-block and read it
- p->block_read = false;
- if (p->state->terminal) {
- fd_out = p->recv_fd;
- } else {
- fd_out = p->shim_io->out;
- fd_err = p->shim_io->err;
- }
-
- if (fd_out > 0) {
- ret = set_non_block(fd_out);
- if (ret != SHIM_OK) {
- write_message(ERR_MSG, "set fd %d non_block failed:%d", fd_out, SHIM_SYS_ERR(errno));
- exit(EXIT_FAILURE);
- }
-
- for (;;) {
- ret = stdout_cb(fd_out, EPOLLIN, p, &descr);
- if (ret == EPOLL_LOOP_HANDLE_CLOSE) {
- break;
- }
- }
- }
-
- if (fd_err > 0) {
- ret = set_non_block(fd_err);
- if (ret != SHIM_OK) {
- write_message(ERR_MSG, "set fd %d non_block failed:%d", fd_err, SHIM_SYS_ERR(errno));
- exit(EXIT_FAILURE);
- }
-
- for (;;) {
- ret = stderr_cb(fd_err, EPOLLIN, p, &descr);
- if (ret == EPOLL_LOOP_HANDLE_CLOSE) {
- break;
- }
- }
+ // use a timeout epoll loop to ensure complete data reception
+ // th second epoll_loop will exit in the following scenarios:
+ // 1. both stdout fd and stderr fd failed to read
+ // 2. no event received within 3000 milliseconds
+ ret = epoll_loop(&descr, 3000);
+ if (ret != 0) {
+ write_message(ERR_MSG, "Repeat the epoll loop to ensure that all data is transferred");
}
return NULL;
@@ -850,7 +778,6 @@ process_t *new_process(char *id, char *bundle, char *runtime)
p->bundle = bundle;
p->runtime = runtime;
p->state = p_state;
- p->block_read = true;
p->console_sock_path = NULL;
p->exit_fd = -1;
p->io_loop_fd = -1;
diff --git a/src/cmd/isulad-shim/process.h b/src/cmd/isulad-shim/process.h
index 93e01e7b..29e032b0 100644
--- a/src/cmd/isulad-shim/process.h
+++ b/src/cmd/isulad-shim/process.h
@@ -51,7 +51,6 @@ typedef struct process {
int sync_fd;
int listen_fd;
int recv_fd;
- bool block_read;
log_terminal *terminal;
stdio_t *stdio; // shim to on runtime side, in:r out/err: w
stdio_t *shim_io; // shim io on isulad side, in: w out/err: r
--
2.42.0

28
0169-2293-reduce-epoll-loop-timeout-time.patch Normal file
View File

@ -0,0 +1,28 @@
From 6c4bbe725a460cff7f08f2855ebdf393a6e69fa1 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 5 Dec 2023 03:35:51 +0000
Subject: [PATCH 169/181] !2293 reduce epoll loop timeout time * reduce epoll
loop timeout time
---
src/cmd/isulad-shim/process.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c
index c205302f..9cd40089 100644
--- a/src/cmd/isulad-shim/process.c
+++ b/src/cmd/isulad-shim/process.c
@@ -599,8 +599,8 @@ static void *io_epoll_loop(void *data)
// use a timeout epoll loop to ensure complete data reception
// th second epoll_loop will exit in the following scenarios:
// 1. both stdout fd and stderr fd failed to read
- // 2. no event received within 3000 milliseconds
- ret = epoll_loop(&descr, 3000);
+ // 2. no event received within 100 milliseconds
+ ret = epoll_loop(&descr, 100);
if (ret != 0) {
write_message(ERR_MSG, "Repeat the epoll loop to ensure that all data is transferred");
}
--
2.42.0

31
0170-2294-keep-the-service-status-unchanged-after-iSulad-.patch Normal file
View File

@ -0,0 +1,31 @@
From 95e3d13a39371bc6caea5ae34f32c9136b16f9fa Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 5 Dec 2023 11:48:18 +0000
Subject: [PATCH 170/181] !2294 keep the service status unchanged after iSulad
service upgrade * keep the service status unchanged after iSulad service
upgrade
---
iSulad.spec | 6 ------
1 file changed, 6 deletions(-)
diff --git a/iSulad.spec b/iSulad.spec
index 6f84273a..d3799784 100644
--- a/iSulad.spec
+++ b/iSulad.spec
@@ -167,12 +167,6 @@ if [ -e %{_unitdir}/lcrd.service.rpmsave ]; then
mv %{_unitdir}/lcrd.service.rpmsave %{_unitdir}/isulad.service
sed -i 's/lcrd/isulad/g' %{_unitdir}/isulad.service
fi
-systemctl status isulad | grep 'Active:' | grep 'running'
-if [ $? -eq 0 ]; then
- systemctl restart isulad
-else
- systemctl start isulad
-fi
%else
/sbin/service isulad status | grep 'Active:' | grep 'running'
if [ $? -eq 0 ]; then
--
2.42.0

33
0171-2299-remove-close-fd-from-stdout_cb-and-stderr_cb.patch Normal file
View File

@ -0,0 +1,33 @@
From 65be5e53266717bd39902462e937ec2a7947b503 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Fri, 8 Dec 2023 11:03:10 +0000
Subject: [PATCH 171/181] !2299 remove close fd from stdout_cb and stderr_cb *
remove close fd from stdout_cb and stderr_cb
---
src/cmd/isulad-shim/process.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c
index 9cd40089..d7127d0c 100644
--- a/src/cmd/isulad-shim/process.c
+++ b/src/cmd/isulad-shim/process.c
@@ -219,7 +219,6 @@ static int stdout_cb(int fd, uint32_t events, void *cbdata, struct epoll_descr *
r_count = read_nointr(fd, p->buf, DEFAULT_IO_COPY_BUF);
if (r_count <= 0 ) {
epoll_loop_del_handler(descr, fd);
- close(fd);
return EPOLL_LOOP_HANDLE_CONTINUE;
}
@@ -251,7 +250,6 @@ static int stderr_cb(int fd, uint32_t events, void *cbdata, struct epoll_descr *
r_count = read_nointr(fd, p->buf, DEFAULT_IO_COPY_BUF);
if (r_count <= 0 ) {
epoll_loop_del_handler(descr, fd);
- close(fd);
return EPOLL_LOOP_HANDLE_CONTINUE;
}
--
2.42.0

859
0172-add-ut-for-devicemapper.patch Normal file
View File

@ -0,0 +1,859 @@
From f986c26c22c5c23f34da4d5189221719fd13b220 Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Wed, 22 Nov 2023 22:05:04 +0800
Subject: [PATCH 172/181] add ut for devicemapper
Signed-off-by: jikai <jikai11@huawei.com>
---
test/image/oci/storage/layers/CMakeLists.txt | 2 +
.../storage/layers/devmapper/CMakeLists.txt | 75 ++++
...9702e4bd316dd50ae85467b0378a419b23b60ba73d | 6 +
...a9fb83febf6dc0b1548dfe896161533668281c9f4f | 6 +
...0a625721fdbea5c94ca6da897acdd814d710149770 | 6 +
.../devmapper/data/devicemapper/metadata/base | 7 +
.../devicemapper/metadata/deviceset-metadata | 5 +
.../metadata/transaction-metadata | 5 +
.../id | 1 +
.../layers/devmapper/driver_devmapper_ut.cc | 390 ++++++++++++++++++
test/mocks/libdevmapper_mock.cc | 191 +++++++++
test/mocks/libdevmapper_mock.h | 52 +++
12 files changed, 746 insertions(+)
create mode 100644 test/image/oci/storage/layers/devmapper/CMakeLists.txt
create mode 100644 test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/068615102be4457b22d40c9702e4bd316dd50ae85467b0378a419b23b60ba73d
create mode 100644 test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f
create mode 100644 test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/ba0dae6243cc9fa2890df40a625721fdbea5c94ca6da897acdd814d710149770
create mode 100644 test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/base
create mode 100644 test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/deviceset-metadata
create mode 100644 test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/transaction-metadata
create mode 100644 test/image/oci/storage/layers/devmapper/data/devicemapper/mnt/068615102be4457b22d40c9702e4bd316dd50ae85467b0378a419b23b60ba73d/id
create mode 100644 test/image/oci/storage/layers/devmapper/driver_devmapper_ut.cc
create mode 100644 test/mocks/libdevmapper_mock.cc
create mode 100644 test/mocks/libdevmapper_mock.h
diff --git a/test/image/oci/storage/layers/CMakeLists.txt b/test/image/oci/storage/layers/CMakeLists.txt
index 330a8306..df1ef7d3 100644
--- a/test/image/oci/storage/layers/CMakeLists.txt
+++ b/test/image/oci/storage/layers/CMakeLists.txt
@@ -1,5 +1,7 @@
project(iSulad_UT)
+add_subdirectory(devmapper)
+
# storage_driver_ut
SET(DRIVER_EXE storage_driver_ut)
diff --git a/test/image/oci/storage/layers/devmapper/CMakeLists.txt b/test/image/oci/storage/layers/devmapper/CMakeLists.txt
new file mode 100644
index 00000000..e6ba0307
--- /dev/null
+++ b/test/image/oci/storage/layers/devmapper/CMakeLists.txt
@@ -0,0 +1,75 @@
+project(iSulad_UT)
+
+# driver_devmapper_ut
+SET(DRIVER_DEVMAPPER_EXE driver_devmapper_ut)
+
+add_executable(${DRIVER_DEVMAPPER_EXE}
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/utils.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/utils_regex.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/utils_verify.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/utils_array.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/utils_string.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/utils_convert.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/utils_file.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/utils_fs.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/util_atomic.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/utils_base64.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/utils_timestamp.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/path.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/map/map.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/map/rb_tree.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/buffer/buffer.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/tar/util_archive.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/tar/util_gzip.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/sha256/sha256.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/config/daemon_arguments.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/common/err_msg.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/common/selinux_label.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/metadata_store.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../mocks/libdevmapper_mock.cc
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../mocks/isulad_config_mock.cc
+ driver_devmapper_ut.cc)
+
+target_include_directories(${DRIVER_DEVMAPPER_EXE} PUBLIC
+ ${GTEST_INCLUDE_DIR}
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../include
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/common
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/tar
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/map
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/sha256
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/console
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/buffer
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/config
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/common
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/api
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/remote_layer_support
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../mocks
+ )
+
+set_target_properties(${DRIVER_DEVMAPPER_EXE} PROPERTIES LINK_FLAGS "-Wl,--wrap,util_exec_cmd -Wl,--wrap,util_mount -Wl,--wrap,umount2 -Wl,--wrap,archive_unpack")
+
+target_link_libraries(${DRIVER_DEVMAPPER_EXE}
+ ${GTEST_BOTH_LIBRARIES}
+ ${GMOCK_LIBRARY}
+ ${GMOCK_MAIN_LIBRARY}
+ ${CMAKE_THREAD_LIBS_INIT}
+ ${ISULA_LIBUTILS_LIBRARY}
+ ${LIBTAR_LIBRARY}
+ -lcrypto -lyajl -larchive ${SELINUX_LIBRARY} -lz -lcap)
+
+add_test(NAME ${DRIVER_DEVMAPPER_EXE} COMMAND ${DRIVER_DEVMAPPER_EXE} --gtest_output=xml:${DRIVER_DEVMAPPER_EXE}-Results.xml)
+set_tests_properties(${DRIVER_DEVMAPPER_EXE} PROPERTIES TIMEOUT 120)
diff --git a/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/068615102be4457b22d40c9702e4bd316dd50ae85467b0378a419b23b60ba73d b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/068615102be4457b22d40c9702e4bd316dd50ae85467b0378a419b23b60ba73d
new file mode 100644
index 00000000..f51ae926
--- /dev/null
+++ b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/068615102be4457b22d40c9702e4bd316dd50ae85467b0378a419b23b60ba73d
@@ -0,0 +1,6 @@
+{
+ "hash": "068615102be4457b22d40c9702e4bd316dd50ae85467b0378a419b23b60ba73d",
+ "device_id": 6,
+ "size": 10737418240,
+ "transaction_id": 8
+}
diff --git a/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f
new file mode 100644
index 00000000..de727a79
--- /dev/null
+++ b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f
@@ -0,0 +1,6 @@
+{
+ "hash": "3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f",
+ "device_id": 4,
+ "size": 10737418240,
+ "transaction_id": 4
+}
diff --git a/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/ba0dae6243cc9fa2890df40a625721fdbea5c94ca6da897acdd814d710149770 b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/ba0dae6243cc9fa2890df40a625721fdbea5c94ca6da897acdd814d710149770
new file mode 100644
index 00000000..e1e8988e
--- /dev/null
+++ b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/ba0dae6243cc9fa2890df40a625721fdbea5c94ca6da897acdd814d710149770
@@ -0,0 +1,6 @@
+{
+ "hash": "ba0dae6243cc9fa2890df40a625721fdbea5c94ca6da897acdd814d710149770",
+ "device_id": 2,
+ "size": 10737418240,
+ "transaction_id": 2
+}
diff --git a/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/base b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/base
new file mode 100644
index 00000000..2412113d
--- /dev/null
+++ b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/base
@@ -0,0 +1,7 @@
+{
+ "hash": "base",
+ "device_id": 1,
+ "size": 10737418240,
+ "transaction_id": 1,
+ "initialized": true
+}
diff --git a/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/deviceset-metadata b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/deviceset-metadata
new file mode 100644
index 00000000..94f7a6a3
--- /dev/null
+++ b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/deviceset-metadata
@@ -0,0 +1,5 @@
+{
+ "next_device_id": 7,
+ "BaseDeviceFilesystem": "ext4",
+ "BaseDeviceUUID": "4fa22307-0c88-4fa4-8f16-a9459e9cbc4a"
+}
diff --git a/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/transaction-metadata b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/transaction-metadata
new file mode 100644
index 00000000..a011249a
--- /dev/null
+++ b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/transaction-metadata
@@ -0,0 +1,5 @@
+{
+ "open_transaction_id": 8,
+ "device_hash": "068615102be4457b22d40c9702e4bd316dd50ae85467b0378a419b23b60ba73d",
+ "device_id": 6
+}
diff --git a/test/image/oci/storage/layers/devmapper/data/devicemapper/mnt/068615102be4457b22d40c9702e4bd316dd50ae85467b0378a419b23b60ba73d/id b/test/image/oci/storage/layers/devmapper/data/devicemapper/mnt/068615102be4457b22d40c9702e4bd316dd50ae85467b0378a419b23b60ba73d/id
new file mode 100644
index 00000000..5e6b1b2a
--- /dev/null
+++ b/test/image/oci/storage/layers/devmapper/data/devicemapper/mnt/068615102be4457b22d40c9702e4bd316dd50ae85467b0378a419b23b60ba73d/id
@@ -0,0 +1 @@
+3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f
\ No newline at end of file
diff --git a/test/image/oci/storage/layers/devmapper/driver_devmapper_ut.cc b/test/image/oci/storage/layers/devmapper/driver_devmapper_ut.cc
new file mode 100644
index 00000000..088aa4d4
--- /dev/null
+++ b/test/image/oci/storage/layers/devmapper/driver_devmapper_ut.cc
@@ -0,0 +1,390 @@
+/******************************************************************************
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved.
+ * iSulad licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Author: jikai
+ * Create: 2023-11-22
+ * Description: provide oci storage driver unit test for devmapper
+ ******************************************************************************/
+
+#include <gtest/gtest.h>
+#include <gmock/gmock.h>
+
+#include "driver.h"
+#include "driver_devmapper.h"
+#include "driver_overlay2.h"
+#include "mock.h"
+#include "path.h"
+#include "utils.h"
+#include "util_archive.h"
+#include "libdevmapper_mock.h"
+#include "isulad_config_mock.h"
+#include "wrapper_devmapper.h"
+
+using ::testing::Invoke;
+using ::testing::NiceMock;
+using ::testing::Return;
+using ::testing::_;
+
+extern "C" {
+ DECLARE_WRAPPER_V(util_exec_cmd, bool, (exec_func_t cb_func, void *args, const char *stdin_msg, char **stdout_msg, char **stderr_msg));
+ DEFINE_WRAPPER_V(util_exec_cmd, bool, (exec_func_t cb_func, void *args, const char *stdin_msg, char **stdout_msg, char **stderr_msg),
+ (cb_func, args, stdin_msg, stdout_msg, stderr_msg));
+
+ DECLARE_WRAPPER(util_mount, int, (const char *src, const char *dst, const char *mtype, const char *mntopts));
+ DEFINE_WRAPPER(util_mount, int, (const char *src, const char *dst, const char *mtype, const char *mntopts), (src, dst, mtype, mntopts));
+
+ DECLARE_WRAPPER(umount2, int, (const char *__special_file, int __flags));
+ DEFINE_WRAPPER(umount2, int, (const char *__special_file, int __flags), (__special_file, __flags));
+
+ DECLARE_WRAPPER(archive_unpack, int, (const io_read_wrapper *content, const char *dstdir, const archive_options *options,
+ const char *root_dir, char **errmsg));
+ DEFINE_WRAPPER(archive_unpack, int, (const io_read_wrapper *content, const char *dstdir, const archive_options *options,
+ const char *root_dir, char **errmsg),
+ (content, dstdir, options, root_dir, errmsg));
+}
+
+static std::string GetDirectory()
+{
+ char abs_path[PATH_MAX] { 0x00 };
+ int ret = readlink("/proc/self/exe", abs_path, sizeof(abs_path));
+ if (ret < 0 || static_cast<size_t>(ret) >= sizeof(abs_path)) {
+ return "";
+ }
+
+ for (int i { ret }; i >= 0; --i) {
+ if (abs_path[i] == '/') {
+ abs_path[i + 1] = '\0';
+ break;
+ }
+ }
+
+ return static_cast<std::string>(abs_path) + "../../../../../../../test/image/oci/storage/layers/devmapper";
+}
+
+static bool invokeUtilExecCmd(exec_func_t cb_func, void *args, const char *stdin_msg, char **stdout_msg, char **stderr_msg)
+{
+ if (cb_func == nullptr || args == nullptr || stdout_msg == nullptr || stderr_msg == nullptr) {
+ return false;
+ }
+
+ char **tmp_args = static_cast<char **>(args);
+
+ if (util_array_len((const char **)tmp_args) < 1) {
+ return false;
+ }
+
+ if (strcmp(tmp_args[0], "blkid") == 0) {
+ *stdout_msg = util_strdup_s("4fa22307-0c88-4fa4-8f16-a9459e9cbc4a");
+ }
+ return true;
+}
+
+static struct dm_task *invokeDMTaskCreate(int type) {
+ return static_cast<struct dm_task *>(util_common_calloc_s(sizeof(0)));
+}
+
+static void invokeDMTaskDestroy(struct dm_task *task) {
+ free(task);
+ return;
+}
+
+static int invokeDMTaskGetDriverVersion(struct dm_task *task, char *version, size_t size) {
+ if (task == nullptr || version == nullptr || strncpy(version, "4.27.0", size) == NULL) {
+ return 0;
+ }
+
+ return 1;
+}
+
+static int invokeDMTaskGetInfo(struct dm_task *task, struct dm_info *dmi) {
+ if (task == nullptr || dmi == nullptr) {
+ return 0;
+ }
+
+ dmi->exists = 1;
+ return 1;
+}
+
+static void *invokeDMGetNextTarget(struct dm_task *task, void *next, uint64_t *start, uint64_t *length,
+ char **target_type, char **params) {
+ static char type[] = "thin-pool";
+ static char par[] = "0 0/1024 0/1024";
+ if (target_type) {
+ *target_type = type;
+ }
+ if (params) {
+ *params = par;
+ }
+ return nullptr;
+}
+
+class DriverDevmapperUnitTest : public testing::Test {
+protected:
+ void SetUp() override
+ {
+ MockLibdevmapper_SetMock(&m_libdevmapper_mock);
+ MockIsuladConf_SetMock(&m_isulad_conf_mock);
+ std::string isulad_dir { "/tmp/isulad/" };
+ mkdir(isulad_dir.c_str(), 0755);
+ std::string root_dir = isulad_dir + "data";
+ std::string run_dir = isulad_dir + "data/run";
+ std::string data_dir = GetDirectory() + "/data";
+ std::string driver_home = root_dir + "/devicemapper";
+
+ ASSERT_STRNE(util_clean_path(data_dir.c_str(), data_path, sizeof(data_path)), nullptr);
+ std::string cp_command = "cp -r " + std::string(data_path) + " " + isulad_dir;
+ ASSERT_EQ(system(cp_command.c_str()), 0);
+
+ opts = (struct storage_module_init_options *)util_common_calloc_s(sizeof(struct storage_module_init_options));
+ opts->storage_root = strdup(root_dir.c_str());
+ opts->storage_run_root = strdup(run_dir.c_str());
+ opts->driver_name = strdup("devicemapper");
+ opts->driver_opts = (char **)util_common_calloc_s(6 * sizeof(char *));
+ opts->driver_opts[0] = strdup("dm.thinpooldev=/dev/mapper/isulad0-thinpool");
+ opts->driver_opts[1] = strdup("dm.fs=ext4");
+ opts->driver_opts[2] = strdup("dm.min_free_space=10%");
+ opts->driver_opts[3] = strdup("dm.basesize=12G");
+ opts->driver_opts[4] = strdup("dm.mkfsarg=-q");
+ opts->driver_opts[5] = strdup("dm.mountopt=rw");
+ opts->driver_opts_len = 6;
+
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskCreate(_)).WillRepeatedly(Invoke(invokeDMTaskCreate));
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskSetMessage(_, _)).WillRepeatedly(Return(1));
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskSetSector(_, _)).WillRepeatedly(Return(1));
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskSetAddNode(_, _)).WillRepeatedly(Return(1));
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskAddTarget(_, _, _, _, _)).WillRepeatedly(Return(1));
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskSetName(_, _)).WillRepeatedly(Return(1));
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskRun(_)).WillRepeatedly(Return(1));
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskDestroy(_)).WillRepeatedly(Invoke(invokeDMTaskDestroy));
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskGetInfo(_, _)).WillRepeatedly(Invoke(invokeDMTaskGetInfo));
+ EXPECT_CALL(m_libdevmapper_mock, DMGetNextTarget(_, _, _, _, _, _)).WillRepeatedly(Invoke(invokeDMGetNextTarget));
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskSetCookie(_, _, _)).WillRepeatedly(Return(1));
+ EXPECT_CALL(m_libdevmapper_mock, DMUdevWait(_)).WillRepeatedly(Return(1));
+ EXPECT_CALL(m_libdevmapper_mock, DMUdevComplete(_)).WillRepeatedly(Return(1));
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskDeferredRemove(_)).WillRepeatedly(Return(1));
+
+ char *names = static_cast<char *>(util_common_calloc_s(sizeof(struct dm_names) + strlen("isulad0-pool") + 1));
+ struct dm_names *dname = (struct dm_names *)names;
+ dname->dev = 1;
+ dname->next = 0;
+ strcpy(names + sizeof(struct dm_names), "isulad0-pool");
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskGetNames(_)).WillOnce(Return(dname));
+ EXPECT_CALL(m_libdevmapper_mock, DMSetDevDir(_)).WillOnce(Return(1));
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskGetDriverVersion(_, _, _)).WillOnce(Invoke(invokeDMTaskGetDriverVersion));
+ EXPECT_CALL(m_libdevmapper_mock, DMUdevGetSyncSupport()).WillOnce(Return(1));
+
+ MOCK_SET_V(util_exec_cmd, invokeUtilExecCmd);
+ MOCK_SET(util_mount, 0);
+ MOCK_SET(umount2, 0);
+ ASSERT_EQ(graphdriver_init(opts), 0);
+ MOCK_CLEAR(util_exec_cmd);
+ MOCK_CLEAR(util_mount);
+ MOCK_CLEAR(umount2);
+ }
+
+ void TearDown() override
+ {
+ MOCK_SET(umount2, 0);
+ ASSERT_EQ(graphdriver_cleanup(), 0);
+ MOCK_CLEAR(umount2);
+
+ MockLibdevmapper_SetMock(nullptr);
+ MockIsuladConf_SetMock(nullptr);
+ std::string rm_command = "rm -rf /tmp/isulad/";
+ ASSERT_EQ(system(rm_command.c_str()), 0);
+
+ if (opts != NULL) {
+ free(opts->storage_root);
+ free(opts->storage_run_root);
+ free(opts->driver_name);
+ util_free_array_by_len(opts->driver_opts, opts->driver_opts_len);
+ free(opts);
+ }
+ }
+
+ NiceMock<MockLibdevmapper> m_libdevmapper_mock;
+ NiceMock<MockIsuladConf> m_isulad_conf_mock;
+ char data_path[PATH_MAX] = { 0x00 };
+ struct storage_module_init_options *opts = NULL;
+};
+
+TEST_F(DriverDevmapperUnitTest, test_devmapper_init)
+{
+ // cleanup before
+ MOCK_SET(umount2, 0);
+ ASSERT_EQ(graphdriver_cleanup(), 0);
+ MOCK_CLEAR(umount2);
+
+ std::string rm_command = "rm -rf /tmp/isulad/";
+ ASSERT_EQ(system(rm_command.c_str()), 0);
+ std::string mk_command = "mkdir -p /tmp/isulad/data/devicemapper/mnt";
+ ASSERT_EQ(system(mk_command.c_str()), 0);
+ char *names = static_cast<char *>(util_common_calloc_s(sizeof(struct dm_names) + strlen("isulad0-pool") + 1));
+ struct dm_names *dname = (struct dm_names *)names;
+ dname->dev = 1;
+ dname->next = 0;
+ strcpy(names + sizeof(struct dm_names), "isulad0-pool");
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskGetNames(_)).WillOnce(Return(dname));
+ EXPECT_CALL(m_libdevmapper_mock, DMSetDevDir(_)).WillOnce(Return(1));
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskGetDriverVersion(_, _, _)).WillOnce(Invoke(invokeDMTaskGetDriverVersion));
+ EXPECT_CALL(m_libdevmapper_mock, DMUdevGetSyncSupport()).WillOnce(Return(1));
+
+ MOCK_SET_V(util_exec_cmd, invokeUtilExecCmd);
+ MOCK_SET(util_mount, 0);
+ MOCK_SET(umount2, 0);
+ ASSERT_EQ(graphdriver_init(opts), 0);
+ MOCK_CLEAR(util_exec_cmd);
+ MOCK_CLEAR(util_mount);
+ MOCK_CLEAR(umount2);
+}
+
+TEST_F(DriverDevmapperUnitTest, test_devmapper_layer_exists)
+{
+ std::string id { "3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f" };
+ std::string incorrectId { "eb29745b8228e1e97c01b1d5c2554a319c00a94d8dd5746a3904222ad65a13f8" };
+ ASSERT_TRUE(graphdriver_layer_exists(id.c_str()));
+ ASSERT_FALSE(graphdriver_layer_exists(incorrectId.c_str()));
+}
+
+TEST_F(DriverDevmapperUnitTest, test_devmapper_create_rw)
+{
+ std::string id { "eb29745b8228e1e97c01b1d5c2554a319c00a94d8dd5746a3904222ad65a13f8" };
+ struct driver_create_opts *create_opts;
+
+ create_opts = (struct driver_create_opts *)util_common_calloc_s(sizeof(struct driver_create_opts));
+ ASSERT_NE(create_opts, nullptr);
+
+ create_opts->storage_opt = static_cast<json_map_string_string *>(util_common_calloc_s(sizeof(json_map_string_string)));
+ ASSERT_NE(create_opts->storage_opt, nullptr);
+ create_opts->storage_opt->keys = static_cast<char **>(util_common_calloc_s(sizeof(char *)));
+ create_opts->storage_opt->values = static_cast<char **>(util_common_calloc_s(sizeof(char *)));
+ create_opts->storage_opt->keys[0] = strdup("size");
+ create_opts->storage_opt->values[0] = strdup("12G");
+ create_opts->storage_opt->len = 1;
+
+ ASSERT_EQ(graphdriver_create_rw(id.c_str(), nullptr, create_opts), 0);
+ ASSERT_TRUE(graphdriver_layer_exists(id.c_str()));
+ free_driver_create_opts(create_opts);
+}
+
+TEST_F(DriverDevmapperUnitTest, test_devmapper_create_ro)
+{
+ std::string id { "eb29745b8228e1e97c01b1d5c2554a319c00a94d8dd5746a3904222ad65a13f8" };
+ struct driver_create_opts *create_opts;
+
+ create_opts = (struct driver_create_opts *)util_common_calloc_s(sizeof(struct driver_create_opts));
+ ASSERT_NE(create_opts, nullptr);
+
+ create_opts->storage_opt = static_cast<json_map_string_string *>(util_common_calloc_s(sizeof(json_map_string_string)));
+ ASSERT_NE(create_opts->storage_opt, nullptr);
+ create_opts->storage_opt->keys = static_cast<char **>(util_common_calloc_s(sizeof(char *)));
+ create_opts->storage_opt->values = static_cast<char **>(util_common_calloc_s(sizeof(char *)));
+ create_opts->storage_opt->keys[0] = strdup("size");
+ create_opts->storage_opt->values[0] = strdup("12G");
+ create_opts->storage_opt->len = 1;
+
+ ASSERT_EQ(graphdriver_create_ro(id.c_str(), nullptr, create_opts), 0);
+ ASSERT_TRUE(graphdriver_layer_exists(id.c_str()));
+ free_driver_create_opts(create_opts);
+}
+
+TEST_F(DriverDevmapperUnitTest, test_devmapper_rm_layer)
+{
+ std::string existed_id { "3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f" };
+ std::string not_existed_id { "eb29745b8228e1e97c01b1d5c2554a319c00a94d8dd5746a3904222ad65a13f8" };
+
+ ASSERT_EQ(graphdriver_rm_layer(existed_id.c_str()), 0);
+ ASSERT_EQ(graphdriver_rm_layer(not_existed_id.c_str()), 0);
+}
+
+TEST_F(DriverDevmapperUnitTest, test_devmapper_mount_layer)
+{
+ std::string id { "3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f" };
+ std::string merged_dir = "/tmp/isulad/data/devicemapper/mnt/" + id + "/rootfs";
+ struct driver_mount_opts *mount_opts = nullptr;
+ char* mount_dir = nullptr;
+
+ MOCK_SET(util_mount, 0);
+ mount_dir = graphdriver_mount_layer(id.c_str(), mount_opts);
+ ASSERT_STREQ(mount_dir, merged_dir.c_str());
+ MOCK_CLEAR(util_mount);
+
+ MOCK_SET(umount2, 0);
+ ASSERT_EQ(graphdriver_umount_layer(id.c_str()), 0);
+ MOCK_CLEAR(umount2);
+ free(mount_dir);
+ mount_dir = nullptr;
+
+ mount_opts = static_cast<struct driver_mount_opts *>(util_common_calloc_s(sizeof(struct driver_mount_opts)));
+ ASSERT_NE(mount_opts, nullptr);
+ mount_opts->options = static_cast<char **>(util_common_calloc_s(1 * sizeof(char *)));
+ mount_opts->options[0] = strdup("ro");
+ mount_opts->options_len = 1;
+
+ MOCK_SET(util_mount, 0);
+ mount_dir = graphdriver_mount_layer(id.c_str(), mount_opts);
+ ASSERT_STREQ(mount_dir, merged_dir.c_str());
+ MOCK_CLEAR(util_mount);
+
+ MOCK_SET(umount2, 0);
+ ASSERT_EQ(graphdriver_umount_layer(id.c_str()), 0);
+ MOCK_CLEAR(umount2);
+ free_driver_mount_opts(mount_opts);
+}
+
+TEST_F(DriverDevmapperUnitTest, test_devmapper_get_data)
+{
+ std::string id { "3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f" };
+
+ container_inspect_graph_driver *inspect = graphdriver_get_metadata(id.c_str());
+ ASSERT_NE(inspect, nullptr);
+ ASSERT_STREQ(inspect->data->device_id, "4");
+ ASSERT_STREQ(inspect->data->device_size, "10737418240");
+ ASSERT_STREQ(inspect->data->merged_dir, "/tmp/isulad/data/devicemapper/mnt/3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f/rootfs");
+ free_container_inspect_graph_driver(inspect);
+
+ EXPECT_CALL(m_libdevmapper_mock, DMUdevGetSyncSupport()).WillOnce(Return(1));
+
+ struct graphdriver_status *status = graphdriver_get_status();
+ ASSERT_NE(status, nullptr);
+ ASSERT_STREQ(status->driver_name, "devicemapper");
+ free_graphdriver_status(status);
+
+ ASSERT_EQ(devmapper_repair_lowers(nullptr, nullptr, nullptr), 0);
+ ASSERT_EQ(devmapper_get_layer_fs_info(nullptr, nullptr, nullptr), 0);
+}
+
+TEST_F(DriverDevmapperUnitTest, test_devmapper_apply_diff)
+{
+ struct io_read_wrapper reader = {0};
+ std::string id { "3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f" };
+ MOCK_SET(util_mount, 0);
+ MOCK_SET(archive_unpack, 0);
+ MOCK_SET(umount2, 0);
+ EXPECT_CALL(m_isulad_conf_mock, ConfGetISuladRootDir()).WillOnce(Return(util_strdup_s("/tmp/isulad")));
+ ASSERT_EQ(graphdriver_apply_diff(id.c_str(), &reader), 0);
+ MOCK_CLEAR(archive_unpack);
+ MOCK_CLEAR(util_mount);
+ MOCK_CLEAR(umount2);
+}
+
+TEST_F(DriverDevmapperUnitTest, test_wrapper_devmapper)
+{
+ ASSERT_STREQ(dev_strerror(ERR_TASK_RUN), "Task run error");
+ ASSERT_STREQ(dev_strerror(ERR_TASK_SET_COOKIE), "Task set cookie error");
+ ASSERT_STREQ(dev_strerror(ERR_NIL_COOKIE), "cookie ptr can't be nil");
+ ASSERT_STREQ(dev_strerror(ERR_TASK_SET_ADD_NODE), "Task add dm node failed");
+ ASSERT_STREQ(dev_strerror(ERR_BUSY), "Device busy");
+ ASSERT_STREQ(dev_strerror(ERR_DEVICE_ID_EXISTS), "Device exists already");
+ ASSERT_STREQ(dev_strerror(ERR_ENXIO), "No such device of address");
+ ASSERT_STREQ(dev_strerror(ERR_TASK_ADD_TARGET), "Task add target device error");
+ ASSERT_STREQ(dev_strerror(ERR_TASK_DEFERRED_REMOVE), "dm_task_deferred_remove failed");
+ ASSERT_STREQ(dev_strerror(100), "Unknown error");
+}
\ No newline at end of file
diff --git a/test/mocks/libdevmapper_mock.cc b/test/mocks/libdevmapper_mock.cc
new file mode 100644
index 00000000..7d6c8024
--- /dev/null
+++ b/test/mocks/libdevmapper_mock.cc
@@ -0,0 +1,191 @@
+/******************************************************************************
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+ * iSulad licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Author: jikai
+ * Create: 2023-11-22
+ * Description: provide lib device mapper mock
+ ******************************************************************************/
+
+#include "libdevmapper_mock.h"
+
+namespace {
+MockLibdevmapper *g_libdevmapper_mock = nullptr;
+}
+
+void MockLibdevmapper_SetMock(MockLibdevmapper* mock)
+{
+ g_libdevmapper_mock = mock;
+}
+
+struct dm_task *dm_task_create(int type)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMTaskCreate(type);
+ }
+ return nullptr;
+}
+
+int dm_task_set_message(struct dm_task *dmt, const char *msg)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMTaskSetMessage(dmt, msg);
+ }
+ return 0;
+}
+
+int dm_task_set_sector(struct dm_task *dmt, uint64_t sector)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMTaskSetSector(dmt, sector);
+ }
+ return 0;
+}
+
+int dm_task_set_add_node(struct dm_task *dmt, dm_add_node_t add_node)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMTaskSetAddNode(dmt, add_node);
+ }
+ return 0;
+}
+
+int dm_task_add_target(struct dm_task *dmt, uint64_t start, uint64_t size, const char *ttype, const char *params)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMTaskAddTarget(dmt, start, size, ttype, params);
+ }
+ return 0;
+}
+
+int dm_set_dev_dir(const char *dir)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMSetDevDir(dir);
+ }
+ return 0;
+}
+
+int dm_task_set_name(struct dm_task *dmt, const char *name)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMTaskSetName(dmt, name);
+ }
+ return 0;
+}
+
+int dm_task_run(struct dm_task *dmt)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMTaskRun(dmt);
+ }
+ return 0;
+}
+
+int dm_task_get_driver_version(struct dm_task *dmt, char *version, size_t size)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMTaskGetDriverVersion(dmt, version, size);
+ }
+ return 0;
+}
+
+void dm_task_destroy(struct dm_task *dmt)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ g_libdevmapper_mock->DMTaskDestroy(dmt);
+ }
+}
+
+int dm_get_library_version(char *version, size_t size)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMGetLibraryVersion(version, size);
+ }
+ return 0;
+}
+
+int dm_task_get_info(struct dm_task *dmt, struct dm_info *info)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMTaskGetInfo(dmt, info);
+ }
+ return 0;
+}
+
+void *dm_get_next_target(struct dm_task *dmt, void *next, uint64_t *start, uint64_t *length,
+ char **target_type, char **params)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMGetNextTarget(dmt, next, start, length, target_type, params);
+ }
+ return nullptr;
+}
+
+int dm_task_set_cookie(struct dm_task *dmt, uint32_t *cookie, uint16_t flags)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMTaskSetCookie(dmt, cookie, flags);
+ }
+ return 0;
+}
+
+int dm_udev_wait(uint32_t cookie)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMUdevWait(cookie);
+ }
+ return 0;
+}
+
+int dm_udev_complete(uint32_t cookie)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMUdevComplete(cookie);
+ }
+ return 0;
+}
+
+int dm_task_deferred_remove(struct dm_task *dmt)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMTaskDeferredRemove(dmt);
+ }
+ return 0;
+}
+
+struct dm_names *dm_task_get_names(struct dm_task *dmt)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMTaskGetNames(dmt);
+ }
+ return nullptr;
+}
+
+int dm_udev_get_sync_support(void)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMUdevGetSyncSupport();
+ }
+ return 0;
+}
+
+void dm_udev_set_sync_support(int sync_with_udev)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ g_libdevmapper_mock->DMUdevSetSyncSupport(sync_with_udev);
+ }
+}
+
+void dm_log_with_errno_init(void log_cb(int level, const char *file, int line, int dm_errno_or_class, const char *f, ...))
+{
+ if (g_libdevmapper_mock != nullptr) {
+ g_libdevmapper_mock->DMLogWithErrnoInit(log_cb);
+ }
+}
diff --git a/test/mocks/libdevmapper_mock.h b/test/mocks/libdevmapper_mock.h
new file mode 100644
index 00000000..53c5ad4b
--- /dev/null
+++ b/test/mocks/libdevmapper_mock.h
@@ -0,0 +1,52 @@
+/******************************************************************************
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+ * iSulad licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Author: jikai
+ * Create: 2023-11-22
+ * Description: provide lib device mapper mock
+ ******************************************************************************/
+
+#ifndef _ISULAD_TEST_MOCKS_DEVMAPPER_MOCK_H
+#define _ISULAD_TEST_MOCKS_DEVMAPPER_MOCK_H
+
+#include <gmock/gmock.h>
+
+#include <libdevmapper.h>
+
+class MockLibdevmapper {
+public:
+ virtual ~MockLibdevmapper() = default;
+ MOCK_METHOD1(DMTaskCreate, struct dm_task*(int type));
+ MOCK_METHOD2(DMTaskSetMessage, int(struct dm_task *dmt, const char *msg));
+ MOCK_METHOD2(DMTaskSetSector, int(struct dm_task *dmt, uint64_t sector));
+ MOCK_METHOD2(DMTaskSetAddNode, int(struct dm_task *dmt, dm_add_node_t add_node));
+ MOCK_METHOD5(DMTaskAddTarget, int(struct dm_task *dmt, uint64_t start, uint64_t size, const char *ttype, const char *params));
+ MOCK_METHOD1(DMSetDevDir, int(const char *dir));
+ MOCK_METHOD2(DMTaskSetName, int(struct dm_task *dmt, const char *name));
+ MOCK_METHOD1(DMTaskRun, int(struct dm_task *dmt));
+ MOCK_METHOD3(DMTaskGetDriverVersion, int(struct dm_task *dmt, char *version, size_t size));
+ MOCK_METHOD1(DMTaskDestroy, void(struct dm_task *dmt));
+ MOCK_METHOD2(DMGetLibraryVersion, int(char *version, size_t size));
+ MOCK_METHOD2(DMTaskGetInfo, int(struct dm_task *dmt, struct dm_info *info));
+ MOCK_METHOD6(DMGetNextTarget, void*(struct dm_task *dmt, void *next, uint64_t *start, uint64_t *length,
+ char **target_type, char **params));
+ MOCK_METHOD3(DMTaskSetCookie, int(struct dm_task *dmt, uint32_t *cookie, uint16_t flags));
+ MOCK_METHOD1(DMUdevWait, int(uint32_t cookie));
+ MOCK_METHOD1(DMUdevComplete, int(uint32_t cookie));
+ MOCK_METHOD1(DMTaskDeferredRemove, int(struct dm_task *dmt));
+ MOCK_METHOD1(DMTaskGetNames, struct dm_names *(struct dm_task *dmt));
+ MOCK_METHOD0(DMUdevGetSyncSupport, int(void));
+ MOCK_METHOD1(DMUdevSetSyncSupport, void(int sync_with_udev));
+ MOCK_METHOD1(DMLogWithErrnoInit, void(void log_cb(int level, const char *file, int line, int dm_errno_or_class, const char *f, ...)));
+};
+
+void MockLibdevmapper_SetMock(MockLibdevmapper* mock);
+
+#endif
--
2.42.0

28
0173-remove-build-and-test-in-coverage.patch Normal file
View File

@ -0,0 +1,28 @@
From bd77fa1cf6c7afe90fa0a0e344d18640753e225a Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Tue, 12 Dec 2023 14:47:40 +0800
Subject: [PATCH 173/181] remove build and test in coverage
Signed-off-by: jikai <jikai11@huawei.com>
---
CI/generate_gcov.sh | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/CI/generate_gcov.sh b/CI/generate_gcov.sh
index 364af65c..2f3228df 100755
--- a/CI/generate_gcov.sh
+++ b/CI/generate_gcov.sh
@@ -31,8 +31,8 @@ ctest
lcov --directory . --capture --output-file coverage.info
# Remove std/build files
lcov --remove coverage.info '/usr/*' -o coverage.info
-lcov --remove coverage.info 'build/*' -o coverage.info
-lcov --remove coverage.info 'test/*' -o coverage.info
+lcov --remove coverage.info "$ISULAD_SRC_PATH/build/*"
+lcov --remove coverage.info "$ISULAD_SRC_PATH/test/*"
# Generate html
genhtml --ignore-errors source -o $GCOV_RESULT_PATH/coverage coverage.info
--
2.42.0

167
0174-modify-the-default-value-of-ISULAD_TMPDIR-to-var-lib.patch Normal file
View File

@ -0,0 +1,167 @@
From 5792109521978b335984901aee60a76d978d560e Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 12 Dec 2023 20:24:57 +0800
Subject: [PATCH 174/181] modify the default value of ISULAD_TMPDIR to
/var/lib/isulad
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/cmd/isulad/main.c | 13 +++++++------
src/common/constants.h | 2 ++
src/contrib/config/iSulad.sysconfig | 4 ++--
.../modules/container/leftover_cleanup/cleanup.c | 6 +++---
src/daemon/modules/image/oci/utils_images.c | 2 +-
src/utils/cutils/utils_verify.c | 5 +++++
src/utils/cutils/utils_verify.h | 2 ++
src/utils/tar/util_archive.c | 9 +++++----
8 files changed, 27 insertions(+), 16 deletions(-)
diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c
index e624cfdd..05e899f6 100644
--- a/src/cmd/isulad/main.c
+++ b/src/cmd/isulad/main.c
@@ -1301,8 +1301,8 @@ static int ensure_isulad_tmpdir_security()
char *isulad_tmp_dir = NULL;
isulad_tmp_dir = getenv("ISULAD_TMPDIR");
- if (!util_valid_str(isulad_tmp_dir)) {
- isulad_tmp_dir = "/tmp";
+ if (!util_valid_isulad_tmpdir(isulad_tmp_dir)) {
+ isulad_tmp_dir = DEFAULT_ISULAD_TMPDIR;
}
if (do_ensure_isulad_tmpdir_security(isulad_tmp_dir) != 0) {
@@ -1310,14 +1310,15 @@ static int ensure_isulad_tmpdir_security()
return -1;
}
- if (strcmp(isulad_tmp_dir, "/tmp") == 0) {
+ if (strcmp(isulad_tmp_dir, DEFAULT_ISULAD_TMPDIR) == 0) {
return 0;
}
// No matter whether ISULAD_TMPDIR is set or not,
- // ensure the "/tmp" directory is a safe directory
- if (do_ensure_isulad_tmpdir_security("/tmp") != 0) {
- WARN("Failed to ensure the /tmp directory is a safe directory");
+ // ensure the DEFAULT_ISULAD_TMPDIR directory is a safe directory
+ // TODO: if isula is no longer tarred in the future, we can delete it.
+ if (do_ensure_isulad_tmpdir_security(DEFAULT_ISULAD_TMPDIR) != 0) {
+ WARN("Failed to ensure the default ISULAD_TMPDIR : %s directory is a safe directory", DEFAULT_ISULAD_TMPDIR);
}
return 0;
diff --git a/src/common/constants.h b/src/common/constants.h
index a567ee9c..9ea3def7 100644
--- a/src/common/constants.h
+++ b/src/common/constants.h
@@ -129,6 +129,8 @@ extern "C" {
#define OCI_IMAGE_GRAPH_ROOTPATH_NAME "storage"
+#define DEFAULT_ISULAD_TMPDIR "/var/lib/isulad"
+
#ifdef ENABLE_GRPC_REMOTE_CONNECT
#define DEFAULT_TCP_HOST "tcp://localhost:2375"
#define DEFAULT_TLS_HOST "tcp://localhost:2376"
diff --git a/src/contrib/config/iSulad.sysconfig b/src/contrib/config/iSulad.sysconfig
index 43ba7cbd..25099480 100644
--- a/src/contrib/config/iSulad.sysconfig
+++ b/src/contrib/config/iSulad.sysconfig
@@ -22,5 +22,5 @@
#SYSMONITOR_OPTIONS='-H tcp://127.0.0.1:2375 --tlsverify --tlscacert=/root/.iSulad/ca.pem --tlscert=/root/.iSulad/cert.pem --tlskey=/root/.iSulad/key.pem'
# Location used for temporary files, such as those created by isula load and pull operations.
-# Default is /var/tmp. Can be overridden by setting the following env variable.
-# ISULAD_TMPDIR=/var/tmp
+# Default is /var/lib/isulad. Can be overridden by setting the following env variable.
+# ISULAD_TMPDIR=/var/lib/isulad
diff --git a/src/daemon/modules/container/leftover_cleanup/cleanup.c b/src/daemon/modules/container/leftover_cleanup/cleanup.c
index 9a38ffc2..af5f0eee 100644
--- a/src/daemon/modules/container/leftover_cleanup/cleanup.c
+++ b/src/daemon/modules/container/leftover_cleanup/cleanup.c
@@ -203,12 +203,12 @@ void do_isulad_tmpdir_cleaner(void)
char *isula_tmp_dir = NULL;
isula_tmp_dir = getenv("ISULAD_TMPDIR");
- if (util_valid_str(isula_tmp_dir)) {
+ if (util_valid_isulad_tmpdir(isula_tmp_dir)) {
cleanup_path(isula_tmp_dir);
}
// No matter whether ISULAD_TMPDIR is set or not,
- // clean up the "/tmp" directory to prevent the mount point from remaining
- cleanup_path("/tmp");
+ // clean up the DEFAULT_ISULAD_TMPDIR directory to prevent the mount point from remaining
+ cleanup_path(DEFAULT_ISULAD_TMPDIR);
return;
}
diff --git a/src/daemon/modules/image/oci/utils_images.c b/src/daemon/modules/image/oci/utils_images.c
index 736bbf0e..f87644d2 100644
--- a/src/daemon/modules/image/oci/utils_images.c
+++ b/src/daemon/modules/image/oci/utils_images.c
@@ -595,7 +595,7 @@ char *oci_get_isulad_tmpdir(const char *root_dir)
}
env_dir = getenv("ISULAD_TMPDIR");
- if (util_valid_str(env_dir)) {
+ if (util_valid_isulad_tmpdir(env_dir)) {
isulad_tmpdir = util_path_join(env_dir, "isulad_tmpdir");
} else {
isulad_tmpdir = util_path_join(root_dir, "isulad_tmpdir");
diff --git a/src/utils/cutils/utils_verify.c b/src/utils/cutils/utils_verify.c
index d4c46199..4ed4ed5f 100644
--- a/src/utils/cutils/utils_verify.c
+++ b/src/utils/cutils/utils_verify.c
@@ -815,3 +815,8 @@ bool util_valid_volume_name(const char *name)
return util_reg_match(patten, name) == 0;
}
+
+bool util_valid_isulad_tmpdir(const char *dir)
+{
+ return util_valid_str(dir) && strcmp(dir, "/tmp") != 0;
+}
diff --git a/src/utils/cutils/utils_verify.h b/src/utils/cutils/utils_verify.h
index 7d954475..c4677203 100644
--- a/src/utils/cutils/utils_verify.h
+++ b/src/utils/cutils/utils_verify.h
@@ -128,6 +128,8 @@ bool util_valid_sysctl(const char *sysctl_key);
bool util_valid_volume_name(const char *name);
+bool util_valid_isulad_tmpdir(const char *dir);
+
#ifdef __cplusplus
}
#endif
diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c
index 4653bc98..55fdf997 100644
--- a/src/utils/tar/util_archive.c
+++ b/src/utils/tar/util_archive.c
@@ -128,7 +128,7 @@ static void do_disable_unneccessary_caps()
// Add flock when bind mount and make it private.
// Because bind mount usually makes safedir shared mount point,
// and sometimes it will cause "mount point explosion".
-// E.g. concurrently execute isula cp /tmp/<XXX-File> <CONTAINER-ID>:<CONTAINER-PAT>
+// E.g. concurrently execute isula cp DEFAULT_ISULAD_TMPDIR/<XXX-File> <CONTAINER-ID>:<CONTAINER-PAT>
static int bind_mount_with_flock(const char *flock_path, const char *dstdir, const char *tmp_dir)
{
int fd = -1;
@@ -189,9 +189,10 @@ static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, ch
int nret;
isulad_tmpdir_env = getenv("ISULAD_TMPDIR");
- if (!util_valid_str(isulad_tmpdir_env)) {
- // if not setted isulad tmpdir, just use /tmp
- isulad_tmpdir_env = "/tmp";
+ if (!util_valid_isulad_tmpdir(isulad_tmpdir_env)) {
+ INFO("if not setted isulad tmpdir or setted unvalid dir, use DEFAULT_ISULAD_TMPDIR");
+ // if not setted isulad tmpdir, just use DEFAULT_ISULAD_TMPDIR
+ isulad_tmpdir_env = DEFAULT_ISULAD_TMPDIR;
}
nret = snprintf(isula_tmpdir, PATH_MAX, "%s/isulad_tmpdir", isulad_tmpdir_env);
--
2.42.0

58
0175-prevent-the-parent-dir-from-being-bind-mounted-to-th.patch Normal file
View File

@ -0,0 +1,58 @@
From 5a32a77539d00b6dc484a5200eae86842ca4ab18 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 12 Dec 2023 20:26:30 +0800
Subject: [PATCH 175/181] prevent the parent dir from being bind mounted to the
subdir
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/utils/tar/util_archive.c | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c
index 55fdf997..e122a40f 100644
--- a/src/utils/tar/util_archive.c
+++ b/src/utils/tar/util_archive.c
@@ -179,6 +179,26 @@ out:
return ret;
}
+static int is_parent_directory(const char *parent_path, const char *child_path)
+{
+ size_t parent_len = strlen(parent_path);
+ size_t child_len = strlen(child_path);
+
+ if (parent_len == 0 || child_len == 0 || parent_len >= child_len) {
+ return -1;
+ }
+
+ if (strncmp(parent_path, child_path, parent_len) != 0) {
+ return -1;
+ }
+
+ if (child_path[parent_len] != '/') {
+ return -1;
+ }
+
+ return 0;
+}
+
static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, char **safe_dir)
{
struct stat buf;
@@ -232,6 +252,12 @@ static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, ch
return -1;
}
+ // prevent the parent directory from being bind mounted to the subdirectory
+ if (is_parent_directory(dstdir, tmp_dir) == 0) {
+ ERROR("Cannot bind mount the parent directory: %s to its subdirectory: %s", dstdir, tmp_dir);
+ return -1;
+ }
+
if (bind_mount_with_flock(flock_path, dstdir, tmp_dir) != 0) {
ERROR("Failed to bind mount from %s to %s with flock", dstdir, tmp_dir);
if (util_path_remove(tmp_dir) != 0) {
--
2.42.0

43
0176-verify-the-mount-dir-first-and-then-create-tmpdir.patch Normal file
View File

@ -0,0 +1,43 @@
From b1ec0cf109624fb193b7660e461e9887d5814a19 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 13 Dec 2023 15:13:12 +0800
Subject: [PATCH 176/181] verify the mount dir first and then create tmpdir
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/utils/tar/util_archive.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c
index e122a40f..19cfdd12 100644
--- a/src/utils/tar/util_archive.c
+++ b/src/utils/tar/util_archive.c
@@ -232,6 +232,12 @@ static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, ch
return -1;
}
+ // prevent the parent directory from being bind mounted to the subdirectory
+ if (is_parent_directory(dstdir, tmp_dir) == 0) {
+ ERROR("Cannot bind mount the parent directory: %s to its subdirectory: %s", dstdir, tmp_dir);
+ return -1;
+ }
+
if (stat(dstdir, &buf) < 0) {
SYSERROR("Check chroot dir failed");
return -1;
@@ -252,12 +258,6 @@ static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, ch
return -1;
}
- // prevent the parent directory from being bind mounted to the subdirectory
- if (is_parent_directory(dstdir, tmp_dir) == 0) {
- ERROR("Cannot bind mount the parent directory: %s to its subdirectory: %s", dstdir, tmp_dir);
- return -1;
- }
-
if (bind_mount_with_flock(flock_path, dstdir, tmp_dir) != 0) {
ERROR("Failed to bind mount from %s to %s with flock", dstdir, tmp_dir);
if (util_path_remove(tmp_dir) != 0) {
--
2.42.0

26
0177-bugfix-del-redundant-code.patch Normal file
View File

@ -0,0 +1,26 @@
From 27d7a270f4bb489e5487d1833e90f5fa5e95d878 Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Wed, 13 Dec 2023 17:06:37 +0800
Subject: [PATCH 177/181] bugfix:del redundant code
---
src/daemon/modules/image/image.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/src/daemon/modules/image/image.c b/src/daemon/modules/image/image.c
index e1b309b6..01d20190 100644
--- a/src/daemon/modules/image/image.c
+++ b/src/daemon/modules/image/image.c
@@ -586,9 +586,6 @@ void free_im_prepare_request(im_prepare_request *request)
free(request->mount_label);
request->mount_label = NULL;
- free(request->mount_label);
- request->mount_label = NULL;
-
free_json_map_string_string(request->storage_opt);
request->storage_opt = NULL;
--
2.42.0

30
0178-remove-var-in-coverage-and-fix-build-test-remove.patch Normal file
View File

@ -0,0 +1,30 @@
From 74ee05e13fe4a6a653311656c16664cf142d9a20 Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Thu, 14 Dec 2023 10:54:27 +0800
Subject: [PATCH 178/181] remove /var/* in coverage and fix build/test remove
Signed-off-by: jikai <jikai11@huawei.com>
---
CI/generate_gcov.sh | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/CI/generate_gcov.sh b/CI/generate_gcov.sh
index 2f3228df..8d0b5d21 100755
--- a/CI/generate_gcov.sh
+++ b/CI/generate_gcov.sh
@@ -29,10 +29,8 @@ cp -r ~/build $ISULAD_COPY_PATH
cd $ISULAD_COPY_PATH/build
ctest
lcov --directory . --capture --output-file coverage.info
-# Remove std/build files
-lcov --remove coverage.info '/usr/*' -o coverage.info
-lcov --remove coverage.info "$ISULAD_SRC_PATH/build/*"
-lcov --remove coverage.info "$ISULAD_SRC_PATH/test/*"
+# extract src only files
+lcov --extract coverage.info '*/iSulad/src/*' -o coverage.info
# Generate html
genhtml --ignore-errors source -o $GCOV_RESULT_PATH/coverage coverage.info
--
2.42.0

47
0179-code-improve-for-oci_rmi.patch Normal file
View File

@ -0,0 +1,47 @@
From 5ce82824916d910ba2fc666d2b1d2f15537c5d0c Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 18 Dec 2023 16:07:57 +0800
Subject: [PATCH 179/181] code improve for oci_rmi
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/modules/image/oci/oci_image.c | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/src/daemon/modules/image/oci/oci_image.c b/src/daemon/modules/image/oci/oci_image.c
index abca4ed7..f525f621 100644
--- a/src/daemon/modules/image/oci/oci_image.c
+++ b/src/daemon/modules/image/oci/oci_image.c
@@ -538,6 +538,17 @@ int oci_rmi(const im_rmi_request *request)
goto out;
}
+ for (i = 0; i < image_names_len; i++) {
+ if (strcmp(real_image_name, image_names[i]) == 0) {
+ break;
+ }
+ }
+ if (i == image_names_len) {
+ ERROR("Invalid real_image_name");
+ ret = -1;
+ goto out;
+ }
+
reduced_image_names = (char **)util_smart_calloc_s(sizeof(char *), image_names_len - 1);
if (reduced_image_names == NULL) {
ERROR("Out of memory");
@@ -548,11 +559,6 @@ int oci_rmi(const im_rmi_request *request)
for (i = 0; i < image_names_len; i++) {
if (strcmp(image_names[i], real_image_name) != 0) {
reduced_image_names[reduced_image_names_len] = util_strdup_s(image_names[i]);
- if (reduced_image_names[reduced_image_names_len] == NULL) {
- ERROR("Out of memory");
- ret = -1;
- goto out;
- }
reduced_image_names_len++;
}
}
--
2.42.0

321
0180-verify-name-and-digest-consistency.patch Normal file
View File

@ -0,0 +1,321 @@
From 7956dc0285bda663cfb8d369e0d85fbafc406902 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 19 Dec 2023 16:31:34 +1400
Subject: [PATCH 180/181] verify name and digest consistency
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
.../oci/storage/image_store/image_store.c | 274 +++++++++++-------
1 file changed, 171 insertions(+), 103 deletions(-)
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c
index 99640b59..cd827a2d 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c
+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c
@@ -445,11 +445,171 @@ out:
return value;
}
+static int resort_image_names(const char **names, size_t names_len, char **first_name, char ***image_tags,
+ char ***image_digests)
+{
+ int ret = 0;
+ size_t i;
+ char *prefix = NULL;
+
+ for (i = 0; i < names_len; i++) {
+ size_t len = strlen(names[i]);
+ if (strlen(names[i]) > MAX_IMAGE_NAME_LENGTH) {
+ prefix = util_sub_string(names[i], len - MAX_IMAGE_NAME_LENGTH,
+ MAX_IMAGE_NAME_LENGTH - MAX_IMAGE_DIGEST_LENGTH);
+ }
+
+ // TODO: maybe should support other digest
+ if (prefix != NULL && strcmp(prefix, DIGEST_PREFIX) == 0) {
+ if (util_array_append(image_digests, names[i]) != 0) {
+ ERROR("Failed to append image to digest: %s", names[i]);
+ ret = -1;
+ goto out;
+ }
+ } else {
+ if (util_array_append(image_tags, names[i]) != 0) {
+ ERROR("Failed to append image to tags: %s", names[i]);
+ ret = -1;
+ goto out;
+ }
+ }
+ }
+
+ if (first_name == NULL) {
+ goto out;
+ }
+
+ if (util_array_len((const char **)(*image_digests)) > 0) {
+ free(*first_name);
+ *first_name = util_strdup_s((*image_digests)[0]);
+ }
+
+ if (util_array_len((const char **)(*image_tags)) > 0) {
+ free(*first_name);
+ *first_name = util_strdup_s((*image_tags)[0]);
+ }
+
+out:
+ if (ret != 0) {
+ util_free_array(*image_digests);
+ util_free_array(*image_tags);
+ free(*first_name);
+ }
+ free(prefix);
+ return ret;
+}
+
+// Validate checks that the contents is a valid digest
+static bool validate_digest(const char *digest)
+{
+ bool ret = true;
+ const char *sha256_encode_patten = "^[a-f0-9]{64}$";
+ char *value = util_strdup_s(digest);
+ char *index = strchr(value, ':');
+ char *alg = NULL;
+ char *encode = NULL;
+
+ // contains ':' and is not the last character
+ if (index == NULL || index - value + 1 == strlen(value)) {
+ INFO("Invalid checksum digest format");
+ ret = false;
+ goto out;
+ }
+
+ *index++ = '\0';
+
+ alg = value;
+ encode = index;
+ // Currently only support SHA256 algorithm
+ if (strcmp(alg, "sha256") != 0) {
+ DEBUG("Unsupported digest algorithm: %s", alg);
+ ret = false;
+ goto out;
+ }
+
+ ret = util_reg_match(sha256_encode_patten, encode) == 0;
+
+out:
+ free(value);
+ return ret;
+}
+
+// Parsing a reference string as a possible identifier, full digest, or familiar name.
+static char *parse_digest_reference(const char *ref)
+{
+ char *indentfier_patten = "^[a-f0-9]{64}$";
+
+ if (util_reg_match(indentfier_patten, ref) == 0) {
+ return util_string_append(ref, "sha256:");
+ }
+
+ if (validate_digest(ref)) {
+ return util_strdup_s(ref);
+ }
+
+ return oci_normalize_image_name(ref);
+}
+
+static int is_name_digest_consistent(const char *name, char **names, size_t names_len, const char *digest)
+{
+ size_t i;
+ int ret = -1;
+ int nret = 0;
+ char *tag_pos = NULL;
+ char **tags = NULL;
+ char **digests = NULL;
+ char *ref = NULL;
+ char *tmp_repo_digests = NULL;
+
+ if (resort_image_names((const char **)names, names_len, NULL, &tags, &digests) != 0) {
+ ERROR("Failed to resort image names");
+ goto out;
+ }
+
+ for (i = 0; i < util_array_len((const char **)tags); i++) {
+ ref = parse_digest_reference(tags[i]);
+ if (ref == NULL) {
+ free(ref);
+ ref = NULL;
+ continue;
+ }
+ tag_pos = util_tag_pos(ref);
+ if (tag_pos == NULL) {
+ ERROR("invalid ref %s", ref);
+ free(ref);
+ ref = NULL;
+ continue;
+ }
+ *tag_pos = '\0';
+
+ nret = asprintf(&tmp_repo_digests, "%s@%s", ref, digest);
+ if (nret < 0) {
+ ERROR("Failed to receive repo digest");
+ goto out;
+ }
+ if (strcmp(name, tmp_repo_digests) == 0) {
+ ret = 0;
+ goto out;
+ }
+ free(ref);
+ ref = NULL;
+ free(tmp_repo_digests);
+ tmp_repo_digests = NULL;
+ }
+out:
+ free(ref);
+ free(tmp_repo_digests);
+ util_free_array(tags);
+ util_free_array(digests);
+ return ret;
+}
+
// by_digest returns the image which matches the specified name.
static image_t *by_digest(const char *name)
{
digest_image_t *digest_filter_images = NULL;
char *digest = NULL;
+ image_t *tmp_ret = NULL;
// split digest for image name with digest
digest = strrchr(name, '@');
@@ -458,12 +618,21 @@ static image_t *by_digest(const char *name)
}
digest++;
digest_filter_images = (digest_image_t *)map_search(g_image_store->bydigest, (void *)digest);
- if (digest_filter_images == NULL) {
+ if (digest_filter_images == NULL || linked_list_empty(&(digest_filter_images->images_list))) {
return NULL;
}
// currently, a digest corresponds to an image, directly returning the first element
- return linked_list_first_elem(&(digest_filter_images->images_list));
+ tmp_ret = linked_list_first_elem(&(digest_filter_images->images_list));
+
+ // verify name and digest consistency to ensure we are not matching images to different repositories,
+ // even if the digests match.
+ // For example, ubuntu@sha256:abc......, shouldn't match test@sha256:abc......
+ if (is_name_digest_consistent(name, tmp_ret->simage->names, tmp_ret->simage->names_len, digest) != 0) {
+ return NULL;
+ }
+
+ return tmp_ret;
}
static image_t *lookup(const char *id)
@@ -2002,107 +2171,6 @@ out:
return ret;
}
-static int resort_image_names(const char **names, size_t names_len, char **first_name, char ***image_tags,
- char ***image_digests)
-{
- int ret = 0;
- size_t i;
- char *prefix = NULL;
-
- for (i = 0; i < names_len; i++) {
- size_t len = strlen(names[i]);
- if (strlen(names[i]) > MAX_IMAGE_NAME_LENGTH) {
- prefix = util_sub_string(names[i], len - MAX_IMAGE_NAME_LENGTH,
- MAX_IMAGE_NAME_LENGTH - MAX_IMAGE_DIGEST_LENGTH);
- }
-
- // maybe should support other digest
- if (prefix != NULL && strcmp(prefix, DIGEST_PREFIX) == 0) {
- if (util_array_append(image_digests, names[i]) != 0) {
- ERROR("Failed to append image to digest: %s", names[i]);
- ret = -1;
- goto out;
- }
- } else {
- if (util_array_append(image_tags, names[i]) != 0) {
- ERROR("Failed to append image to tags: %s", names[i]);
- ret = -1;
- goto out;
- }
- }
- }
-
- if (util_array_len((const char **)(*image_digests)) > 0) {
- free(*first_name);
- *first_name = util_strdup_s((*image_digests)[0]);
- }
-
- if (util_array_len((const char **)(*image_tags)) > 0) {
- free(*first_name);
- *first_name = util_strdup_s((*image_tags)[0]);
- }
-
-out:
- if (ret != 0) {
- util_free_array(*image_digests);
- util_free_array(*image_tags);
- free(*first_name);
- }
- free(prefix);
- return ret;
-}
-
-// Validate checks that the contents is a valid digest
-static bool validate_digest(const char *digest)
-{
- bool ret = true;
- const char *sha256_encode_patten = "^[a-f0-9]{64}$";
- char *value = util_strdup_s(digest);
- char *index = strchr(value, ':');
- char *alg = NULL;
- char *encode = NULL;
-
- // contains ':' and is not the last character
- if (index == NULL || index - value + 1 == strlen(value)) {
- INFO("Invalid checksum digest format");
- ret = false;
- goto out;
- }
-
- *index++ = '\0';
-
- alg = value;
- encode = index;
- // Currently only support SHA256 algorithm
- if (strcmp(alg, "sha256") != 0) {
- DEBUG("Unsupported digest algorithm: %s", alg);
- ret = false;
- goto out;
- }
-
- ret = util_reg_match(sha256_encode_patten, encode) == 0;
-
-out:
- free(value);
- return ret;
-}
-
-// Parsing a reference string as a possible identifier, full digest, or familiar name.
-static char *parse_digest_reference(const char *ref)
-{
- char *indentfier_patten = "^[a-f0-9]{64}$";
-
- if (util_reg_match(indentfier_patten, ref) == 0) {
- return util_string_append(ref, "sha256:");
- }
-
- if (validate_digest(ref)) {
- return util_strdup_s(ref);
- }
-
- return oci_normalize_image_name(ref);
-}
-
static int pack_repo_digest(char ***old_repo_digests, const char **image_tags, const char *digest, char ***repo_digests)
{
int ret = 0;
--
2.42.0

26
0181-bugfix-for-resort_image_names.patch Normal file
View File

@ -0,0 +1,26 @@
From 975ddeeb65836da31222c8c4da82e408c741a33f Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 18 Dec 2023 20:59:46 +0800
Subject: [PATCH 181/181] bugfix for resort_image_names
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/modules/image/oci/storage/image_store/image_store.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c
index cd827a2d..41587f6e 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c
+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c
@@ -473,6 +473,8 @@ static int resort_image_names(const char **names, size_t names_len, char **first
goto out;
}
}
+ free(prefix);
+ prefix = NULL;
}
if (first_name == NULL) {
--
2.42.0

52
iSulad.spec
View File

@ -1,5 +1,5 @@
%global _version 2.0.18
%global _release 13
%global _release 14
%global is_systemd 1
%global enable_shimv2 1
%global is_embedded 1
@ -158,11 +158,46 @@ Patch0142: 0142-improve-report-error-message-of-client.patch
Patch0143: 0143-adapt-new-error-message-for-isula-cp.patch
Patch0144: 0144-2178-clean-path-for-fpath-and-verify-chain-id.patch
Patch0145: 0145-2179-modify-the-permissions-of-tmpdir-and-file-lock-.patch
Patch0146: 0146-2195-Add-retry-function-for-bigdata_stream_runc.patch
Patch0147: 0147-2213-bugfix-for-rt_isula_exec_resize.patch
Patch0148: 0148-2214-imporove-isula_rt_opts-code.patch
Patch0149: 0149-refactor-update-possible-changed-resources-for-oci-s.patch
Patch0150: 0150-add-CI-testcase-for-update-oci-spec-in-start-op.patch
Patch0151: 0151-2239-delete-the-disabled-reload-configuration-in-isu.patch
Patch0152: 0152-2240-modify-the-default-value-of-EANBLE_IMAGE_LIBARA.patch
Patch0153: 0153-improve-event-logs.patch
Patch0154: 0154-2257-disable-grpc-remote-connect-by-default.patch
Patch0155: 0155-2258-rollback-commit-for-update-possible-changed-res.patch
Patch0156: 0156-2259-lcr-container-with-a-damaged-config-file-will-r.patch
Patch0157: 0157-2263-use-dev-random-to-replace-dev-urandom.patch
Patch0158: 0158-2264-bugfix-for-runc-container-exec.patch
Patch0159: 0159-2262-bugfix-of-update-restart-policy-for-auto-remove.patch
Patch0160: 0160-2265-use-dev-urandom-to-replace-dev-random.patch
Patch0161: 0161-open-ENABLE_GRPC_REMOTE_CONNECT-in-CI-and-bugfix-for.patch
Patch0162: 0162-2274-bugfix-for-rt_lcr_rebuild_config.patch
Patch0163: 0163-use-RAND_bytes-to-replace-dev-urandom.patch
Patch0164: 0164-fix-the-problem-of-abnormal-branches-not-waiting-for.patch
Patch0165: 0165-2286-bugfix-for-the-bliko-zero-value-exception-when-.patch
Patch0166: 0166-move-variable-declaration-out-of-loop.patch
Patch0167: 0167-fix-error-for-cat-bigdata-in-oci-runtime.patch
Patch0168: 0168-use-a-timeout-epoll-loop-to-ensure-complete-data-rec.patch
Patch0169: 0169-2293-reduce-epoll-loop-timeout-time.patch
Patch0170: 0170-2294-keep-the-service-status-unchanged-after-iSulad-.patch
Patch0171: 0171-2299-remove-close-fd-from-stdout_cb-and-stderr_cb.patch
Patch0172: 0172-add-ut-for-devicemapper.patch
Patch0173: 0173-remove-build-and-test-in-coverage.patch
Patch0174: 0174-modify-the-default-value-of-ISULAD_TMPDIR-to-var-lib.patch
Patch0175: 0175-prevent-the-parent-dir-from-being-bind-mounted-to-th.patch
Patch0176: 0176-verify-the-mount-dir-first-and-then-create-tmpdir.patch
Patch0177: 0177-bugfix-del-redundant-code.patch
Patch0178: 0178-remove-var-in-coverage-and-fix-build-test-remove.patch
Patch0179: 0179-code-improve-for-oci_rmi.patch
Patch0180: 0180-verify-name-and-digest-consistency.patch
Patch0181: 0181-bugfix-for-resort_image_names.patch
%ifarch x86_64 aarch64
Provides: libhttpclient.so()(64bit)
Provides: libisula.so()(64bit)
Provides: libisulad_img.so()(64bit)
Provides: libisulad_tools.so()(64bit)
%endif
@ -243,8 +278,8 @@ cd build
%check
%if %{defined openeuler}
cd build
# registry_images_ut and volume_ut must run with root user
ctest -E "registry_images_ut|volume_ut"
# registry_images_ut ,volume_ut and driver_devmapper_ut must run with root user
ctest -E "registry_images_ut|volume_ut|driver_devmapper_ut"
%endif
%install
@ -254,7 +289,6 @@ install -d $RPM_BUILD_ROOT/%{_libdir}
install -m 0755 ./src/libisula.so %{buildroot}/%{_libdir}/libisula.so
install -m 0755 ./src/utils/http/libhttpclient.so %{buildroot}/%{_libdir}/libhttpclient.so
install -m 0755 ./src/libisulad_tools.so %{buildroot}/%{_libdir}/libisulad_tools.so
install -m 0755 ./src/daemon/modules/image/libisulad_img.so %{buildroot}/%{_libdir}/libisulad_img.so
install -d $RPM_BUILD_ROOT/%{_libdir}/pkgconfig
install -m 0640 ./conf/isulad.pc %{buildroot}/%{_libdir}/pkgconfig/isulad.pc
@ -267,7 +301,6 @@ install -m 0755 ./src/isulad-shim %{buildroot}/%{_bindir}/isulad-shim
install -m 0755 ./src/isulad %{buildroot}/%{_bindir}/isulad
install -d $RPM_BUILD_ROOT/%{_includedir}/isulad
install -m 0644 ../src/daemon/modules/api/image_api.h %{buildroot}/%{_includedir}/isulad/image_api.h
install -d $RPM_BUILD_ROOT/%{_sysconfdir}/isulad
install -m 0640 ../src/contrib/config/daemon.json %{buildroot}/%{_sysconfdir}/isulad/daemon.json
@ -384,7 +417,6 @@ fi
%{_initddir}/isulad.init
%attr(0640,root,root) %{_initddir}/isulad.init
%endif
%{_includedir}/isulad/*
%attr(0755,root,root) %{_libdir}/pkgconfig
%attr(0640,root,root) %{_libdir}/pkgconfig/isulad.pc
%defattr(0755,root,root,0755)
@ -402,6 +434,12 @@ fi
%endif
%changelog
* Thu Dec 21 2023 zhongtao <zhongtao17@huawei.com> - 2.0.18-13
- Type: bugfix
- ID: NA
- SUG: NA
- DESC: upgrade from upstream
* Mon Sep 18 2023 zhongtao <zhongtao17@huawei.com> - 2.0.18-13
- Type: bugfix
- ID: NA