packages/iSulad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!624 [sync] PR-623: upgrade from upstream

Browse Source 
* upgrade from upstream
This commit is contained in:
openeuler-sync-bot 2023-09-19 02:54:09 +00:00 committed by haozi007
parent ac7f14ac9b
commit bc22968026
30 changed files with 12250 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
0117-improve-use-return-error-to-replace-abort.patch Normal file
View File

@ -0,0 +1,71 @@
From 6707c14e8c34c977bd44478004f857baf2cb1f51 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Thu, 24 Aug 2023 15:06:17 +0800
Subject: [PATCH 117/145] [improve] use return error to replace abort
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
src/utils/http/parser.c | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/src/utils/http/parser.c b/src/utils/http/parser.c
index 5f61d336..d625182c 100644
--- a/src/utils/http/parser.c
+++ b/src/utils/http/parser.c
@@ -117,7 +117,7 @@ static int parser_cb_header_value(http_parser *parser, const char *buf,
}
/* parser check body is final */
-static void parser_check_body_is_final(const http_parser *parser)
+static int parser_check_body_is_final(const http_parser *parser)
{
struct parsed_http_message *m = parser->data;
@@ -125,9 +125,10 @@ static void parser_check_body_is_final(const http_parser *parser)
fprintf(stderr, "\n\n *** Error http_body_is_final() should return 1 "
"on last on_body callback call "
"but it doesn't! ***\n\n");
- abort();
+ return -1;
}
m->body_is_final = http_body_is_final(parser);
+ return 0;
}
/* parser body cb */
@@ -155,8 +156,7 @@ static int parser_body_cb(http_parser *parser, const char *buf, size_t len)
strlncat(m->body, newsize, buf, len);
m->body_size += len;
- parser_check_body_is_final(parser);
- return 0;
+ return parser_check_body_is_final(parser);
}
/* parser message begin cb */
@@ -189,7 +189,7 @@ static int parser_message_complete_cb(http_parser *p)
fprintf(stderr, "\n\n *** Error http_should_keep_alive() should have same "
"value in both on_message_complete and on_headers_complete "
"but it doesn't! ***\n\n");
- abort();
+ return -1;
}
if (m->body_size &&
@@ -198,12 +198,11 @@ static int parser_message_complete_cb(http_parser *p)
fprintf(stderr, "\n\n *** Error http_body_is_final() should return 1 "
"on last on_body callback call "
"but it doesn't! ***\n\n");
- abort();
+ return -1;
}
m->message_complete_cb_called = TRUE;
-
return 0;
}
--
2.40.1

544
0118-2137-do-clean-code.patch Normal file
View File

@ -0,0 +1,544 @@
From e29e6c1a51464a384b3317d4aad56aeef3221217 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Sat, 26 Aug 2023 10:14:46 +0000
Subject: [PATCH 118/145] !2137 do clean code * do clean code
---
src/cmd/isulad-shim/terminal.c | 6 +++--
src/daemon/common/sysinfo.c | 27 ++++++++++++-------
src/daemon/config/isulad_config.c | 8 +++---
src/daemon/entry/cri/checkpoint_handler.cc | 2 +-
src/daemon/entry/cri/checkpoint_handler.h | 1 +
src/daemon/entry/cri/naming.cc | 2 +-
.../entry/cri/websocket/service/ws_server.cc | 12 ++++-----
.../entry/cri/websocket/service/ws_server.h | 2 +-
.../executor/container_cb/execution_extend.c | 1 -
src/daemon/modules/container/container_unix.c | 4 +--
src/daemon/modules/image/oci/oci_load.c | 2 +-
.../graphdriver/devmapper/deviceset.c | 2 ++
.../graphdriver/overlay2/driver_overlay2.c | 3 +--
src/utils/cpputils/url.cc | 3 +++
src/utils/cpputils/url.h | 2 --
src/utils/cutils/utils_mount_spec.c | 2 +-
src/utils/cutils/utils_timestamp.c | 15 +++++++----
src/utils/http/http.c | 4 +--
src/utils/http/parser.c | 10 +++----
src/utils/sha256/sha256.c | 16 +++++------
20 files changed, 69 insertions(+), 55 deletions(-)
diff --git a/src/cmd/isulad-shim/terminal.c b/src/cmd/isulad-shim/terminal.c
index 23783244..43fb476f 100644
--- a/src/cmd/isulad-shim/terminal.c
+++ b/src/cmd/isulad-shim/terminal.c
@@ -186,10 +186,12 @@ static bool util_get_time_buffer(struct timespec *timestamp, char *timebuffer, s
seconds = (time_t)timestamp->tv_sec;
gmtime_r(&seconds, &tm_utc);
- strftime(timebuffer, maxsize, "%Y-%m-%dT%H:%M:%S", &tm_utc);
+ len = strftime(timebuffer, maxsize, "%Y-%m-%dT%H:%M:%S", &tm_utc);
+ if (len == 0) {
+ return false;
+ }
nanos = (int32_t)timestamp->tv_nsec;
- len = strlen(timebuffer);
ret = snprintf(timebuffer + len, (maxsize - len), ".%09dZ", nanos);
if (ret < 0 || (size_t)ret >= (maxsize - len)) {
return false;
diff --git a/src/daemon/common/sysinfo.c b/src/daemon/common/sysinfo.c
index cb02bee3..d0927f58 100644
--- a/src/daemon/common/sysinfo.c
+++ b/src/daemon/common/sysinfo.c
@@ -142,6 +142,7 @@ static int add_null_to_list(void ***list)
}
}
+ // add 2 size for element and NULL
if (index > SIZE_MAX / sizeof(void **) - 2) {
ERROR("Out of range");
return -1;
@@ -179,7 +180,7 @@ static int append_subsystem_to_list(char ***klist, char ***nlist, const char *pt
{
int ret = 0;
- if (strncmp(ptoken, "name=", 5) == 0) {
+ if (strncmp(ptoken, "name=", strlen("name=")) == 0) {
ret = append_string(nlist, ptoken);
if (ret != 0) {
ERROR("Failed to append string");
@@ -271,26 +272,26 @@ static bool list_contain_string(const char **a_list, const char *str)
static char *cgroup_legacy_must_prefix_named(const char *entry)
{
- size_t len;
+ size_t entry_len;
char *prefixed = NULL;
const char *prefix = "name=";
+ const size_t prefix_len = strlen(prefix);
- len = strlen(entry);
-
- if (((SIZE_MAX - len) - 1) < strlen(prefix)) {
+ entry_len = strlen(entry);
+ if ((SIZE_MAX - entry_len) < (prefix_len + 1)) {
ERROR("Out of memory");
return NULL;
}
- prefixed = util_common_calloc_s(len + strlen(prefix) + 1);
+ prefixed = util_common_calloc_s(entry_len + prefix_len + 1);
if (prefixed == NULL) {
ERROR("Out of memory");
return NULL;
}
- (void)memcpy(prefixed, prefix, strlen(prefix));
- (void)memcpy(prefixed + strlen(prefix), entry, len);
+ (void)memcpy(prefixed, prefix, prefix_len);
+ (void)memcpy(prefixed + prefix_len, entry, entry_len);
- prefixed[len + strlen(prefix)] = '\0';
+ prefixed[entry_len + prefix_len] = '\0';
return prefixed;
}
@@ -310,7 +311,7 @@ static int append_controller(const char **klist, const char **nlist, char ***cli
return -1;
}
- if (strncmp(entry, "name=", 5) == 0) {
+ if (strncmp(entry, "name=", strlen("name=")) == 0) {
dup_entry = util_strdup_s(entry);
} else if (list_contain_string(klist, entry)) {
dup_entry = util_strdup_s(entry);
@@ -345,6 +346,8 @@ static char **cgroup_get_controllers(const char **klist, const char **nlist, con
char *sep = ",";
char **pret = NULL;
+ // line example
+ // 108 99 0:55 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755
for (index = 0; index < 4; index++) {
pos = strchr(pos, ' ');
if (pos == NULL) {
@@ -413,6 +416,8 @@ int cgroup_get_mountpoint_and_root(char *pline, char **mountpoint, char **root)
char *pos = pline;
// find root
+ // line example
+ // 108 99 0:55 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755
for (index = 0; index < 3; index++) {
pos = strchr(pos, ' ');
if (pos == NULL) {
@@ -1509,6 +1514,8 @@ void free_mount_info(mountinfo_t *info)
free(info);
}
+// line example
+// 108 99 0:55 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755
mountinfo_t *get_mount_info(const char *pline)
{
size_t length;
diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c
index 17c9d3b5..6db4e2a4 100644
--- a/src/daemon/config/isulad_config.c
+++ b/src/daemon/config/isulad_config.c
@@ -297,6 +297,7 @@ char *conf_get_routine_rootdir(const char *runtime)
char *path = NULL;
struct service_arguments *conf = NULL;
size_t len = 0;
+ size_t graph_len = 0;
if (runtime == NULL) {
ERROR("Runtime is NULL");
@@ -314,11 +315,12 @@ char *conf_get_routine_rootdir(const char *runtime)
}
/* path = conf->rootpath + / + engines + / + runtime + /0 */
- if (strlen(conf->json_confs->graph) > (SIZE_MAX - strlen(ENGINE_ROOTPATH_NAME) - strlen(runtime)) - 3) {
+ graph_len = strlen(conf->json_confs->graph);
+ if (graph_len > (SIZE_MAX - strlen(ENGINE_ROOTPATH_NAME) - strlen(runtime)) - 3) {
ERROR("Graph path is too long");
goto out;
}
- len = strlen(conf->json_confs->graph) + 1 + strlen(ENGINE_ROOTPATH_NAME) + 1 + strlen(runtime) + 1;
+ len = graph_len + 1 + strlen(ENGINE_ROOTPATH_NAME) + 1 + strlen(runtime) + 1;
if (len > PATH_MAX / sizeof(char)) {
ERROR("The size of path exceeds the limit");
goto out;
@@ -1685,13 +1687,13 @@ out:
static bool valid_isulad_daemon_constants(isulad_daemon_constants *config)
{
json_map_string_string *registry_transformation = NULL;
- size_t i = 0;
if (config == NULL) {
return false;
}
if (config->registry_transformation != NULL) {
+ size_t i;
registry_transformation = config->registry_transformation;
for (i = 0; i < registry_transformation->len; i++) {
if (!util_valid_host_name(registry_transformation->keys[i]) ||
diff --git a/src/daemon/entry/cri/checkpoint_handler.cc b/src/daemon/entry/cri/checkpoint_handler.cc
index d5eab7a7..7b5f49cc 100644
--- a/src/daemon/entry/cri/checkpoint_handler.cc
+++ b/src/daemon/entry/cri/checkpoint_handler.cc
@@ -15,7 +15,7 @@
#include "checkpoint_handler.h"
#include <cstring>
-#include <errno.h>
+#include <cerrno>
#include <linux/limits.h>
#include <memory>
#include <string>
diff --git a/src/daemon/entry/cri/checkpoint_handler.h b/src/daemon/entry/cri/checkpoint_handler.h
index b526df0c..7510265f 100644
--- a/src/daemon/entry/cri/checkpoint_handler.h
+++ b/src/daemon/entry/cri/checkpoint_handler.h
@@ -48,6 +48,7 @@ private:
class CheckpointData {
public:
+ CheckpointData() = default;
void CheckpointDataToCStruct(cri_checkpoint_data **data, Errors &error);
void CStructToCheckpointData(const cri_checkpoint_data *data, Errors &error);
diff --git a/src/daemon/entry/cri/naming.cc b/src/daemon/entry/cri/naming.cc
index 54a14a81..1526f044 100644
--- a/src/daemon/entry/cri/naming.cc
+++ b/src/daemon/entry/cri/naming.cc
@@ -18,7 +18,7 @@
#include <vector>
#include <sstream>
#include <string>
-#include <errno.h>
+#include <cerrno>
#include "cri_constants.h"
#include "cri_helpers.h"
diff --git a/src/daemon/entry/cri/websocket/service/ws_server.cc b/src/daemon/entry/cri/websocket/service/ws_server.cc
index ea320ff4..078c856c 100644
--- a/src/daemon/entry/cri/websocket/service/ws_server.cc
+++ b/src/daemon/entry/cri/websocket/service/ws_server.cc
@@ -326,7 +326,7 @@ void WebsocketServer::CloseWsSession(int socketID)
}).detach();
}
-int WebsocketServer::GenerateSessionData(SessionData *session, const std::string containerID) noexcept
+int WebsocketServer::GenerateSessionData(SessionData *session, const std::string &containerID) noexcept
{
char *suffix = nullptr;
int readPipeFd[2] = { -1, -1 };
@@ -467,7 +467,7 @@ void WebsocketServer::DumpHandshakeInfo(struct lws *wsi) noexcept
lws_hdr_copy(wsi, buf, sizeof(buf), (lws_token_indexes)n);
buf[sizeof(buf) - 1] = '\0';
- DEBUG(" %s = %s", (char *)c, buf);
+ DEBUG(" %s = %s", reinterpret_cast<char *>(const_cast<unsigned char *>(c)), buf);
n++;
} while (c != nullptr);
}
@@ -562,14 +562,14 @@ void WebsocketServer::Receive(int socketID, void *in, size_t len, bool complete)
if (!it->second->IsStdinComplete()) {
DEBUG("Receive remaning stdin data with length %zu", len);
// Too much data may cause error 'resource temporarily unavaliable' by using 'write'
- if (util_write_nointr_in_total(m_wsis[socketID]->pipes.at(1), (char *)in, len) < 0) {
+ if (util_write_nointr_in_total(m_wsis[socketID]->pipes.at(1), static_cast<char *>(in), len) < 0) {
ERROR("Sub write over! err msg: %s", strerror(errno));
}
goto out;
}
if (*static_cast<char *>(in) == WebsocketChannel::RESIZECHANNEL) {
- if (ResizeTerminal(socketID, (char *)in + 1, len, it->second->containerID, it->second->suffix) != 0) {
+ if (ResizeTerminal(socketID, static_cast<char *>(in) + 1, len, it->second->containerID, it->second->suffix) != 0) {
ERROR("Failed to resize terminal tty");
}
if (!complete) {
@@ -579,13 +579,13 @@ void WebsocketServer::Receive(int socketID, void *in, size_t len, bool complete)
}
if (*static_cast<char *>(in) == WebsocketChannel::STDINCHANNEL) {
- if (util_write_nointr_in_total(m_wsis[socketID]->pipes.at(1), (char *)in + 1, len - 1) < 0) {
+ if (util_write_nointr_in_total(m_wsis[socketID]->pipes.at(1), static_cast<char *>(in) + 1, len - 1) < 0) {
ERROR("Sub write over! err msg: %s", strerror(errno));
}
goto out;
}
- ERROR("Invalid data: %s", (char *)in);
+ ERROR("Invalid data: %s", static_cast<char *>(in));
out:
it->second->SetStdinComplete(complete);
diff --git a/src/daemon/entry/cri/websocket/service/ws_server.h b/src/daemon/entry/cri/websocket/service/ws_server.h
index 7da56818..f0e6dc02 100644
--- a/src/daemon/entry/cri/websocket/service/ws_server.h
+++ b/src/daemon/entry/cri/websocket/service/ws_server.h
@@ -79,7 +79,7 @@ private:
int Wswrite(struct lws *wsi, const unsigned char *message);
inline void DumpHandshakeInfo(struct lws *wsi) noexcept;
int RegisterStreamTask(struct lws *wsi) noexcept;
- int GenerateSessionData(SessionData *session, const std::string containerID) noexcept;
+ int GenerateSessionData(SessionData *session, const std::string &containerID) noexcept;
void ServiceWorkThread(int threadid);
void CloseWsSession(int socketID);
void CloseAllWsSession();
diff --git a/src/daemon/executor/container_cb/execution_extend.c b/src/daemon/executor/container_cb/execution_extend.c
index 58303f80..00d130ac 100644
--- a/src/daemon/executor/container_cb/execution_extend.c
+++ b/src/daemon/executor/container_cb/execution_extend.c
@@ -69,7 +69,6 @@ static int service_events_handler(const struct isulad_events_request *request, c
container_t *container = NULL;
name = util_strdup_s(request->id);
-
/* check whether specified container exists */
if (name != NULL) {
container = containers_store_get(name);
diff --git a/src/daemon/modules/container/container_unix.c b/src/daemon/modules/container/container_unix.c
index d9706f08..224be958 100644
--- a/src/daemon/modules/container/container_unix.c
+++ b/src/daemon/modules/container/container_unix.c
@@ -1073,15 +1073,13 @@ bool container_reset_restart_manager(container_t *cont, bool reset_count)
/* get restart manager */
restart_manager_t *get_restart_manager(container_t *cont)
{
- int failue_count = 0;
-
if (cont == NULL) {
ERROR("Invalid input arguments");
return NULL;
}
if (cont->rm == NULL) {
- failue_count = container_state_get_restart_count(cont->state);
+ int failue_count = container_state_get_restart_count(cont->state);
cont->rm = restart_manager_new(cont->hostconfig->restart_policy, failue_count);
if (cont->rm == NULL) {
return NULL;
diff --git a/src/daemon/modules/image/oci/oci_load.c b/src/daemon/modules/image/oci/oci_load.c
index 01b9ef6e..d1fbeafb 100644
--- a/src/daemon/modules/image/oci/oci_load.c
+++ b/src/daemon/modules/image/oci/oci_load.c
@@ -1,5 +1,5 @@
/******************************************************************************
-* Copyright (c) Huawei Technologies Co., Ltd. 2019. All rights reserved.
+* Copyright (c) Huawei Technologies Co., Ltd. 2020-2023. All rights reserved.
* iSulad licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
index 97919603..e8bc32ea 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
@@ -96,6 +96,7 @@ static int handle_dm_thinpooldev(char *val, struct device_set *devset)
return -1;
}
tmp_val = util_trim_prefice_string(val, "/dev/mapper/");
+ free(devset->thin_pool_device);
devset->thin_pool_device = util_strdup_s(tmp_val);
return 0;
@@ -160,6 +161,7 @@ static int handle_dm_mountopt(char *val, struct device_set *devset)
isulad_set_error_message("Invalid dm.mountopt or devicemapper.mountopt value");
return -1;
}
+ free(devset->mount_options);
devset->mount_options = util_strdup_s(val);
return 0;
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
index 7e851a26..c5864c90 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
@@ -1,5 +1,5 @@
/******************************************************************************
- * Copyright (c) Huawei Technologies Co., Ltd. 2019. All rights reserved.
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020-2023. All rights reserved.
* iSulad licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
@@ -1948,7 +1948,6 @@ static int get_lower_dirs(const char *layer_dir, const struct graphdriver *drive
lowers_str = read_layer_lower_file(layer_dir);
lowers = util_string_split(lowers_str, ':');
lowers_size = util_array_len((const char **)lowers);
-
if (lowers_size == 0) {
ret = 0;
goto out;
diff --git a/src/utils/cpputils/url.cc b/src/utils/cpputils/url.cc
index c75a17aa..49843644 100644
--- a/src/utils/cpputils/url.cc
+++ b/src/utils/cpputils/url.cc
@@ -105,8 +105,10 @@ std::string QueryUnescape(const std::string &s)
int UnescapeDealWithPercentSign(size_t &i, std::string &s, const EncodeMode &mode)
{
std::string percent_sign = "%25";
+ // URL encoding replaces unsafe ASCII characters with a "%" followed by two hexadecimal digits
if ((size_t)(i + 2) >= s.length() || !IsHex(s[i + 1]) || !IsHex(s[i + 2])) {
s.erase(s.begin(), s.begin() + (long)i);
+ // Remaining "%" with two hexadecimal digits
if (s.length() > 3) {
s.erase(s.begin() + 3, s.end());
}
@@ -172,6 +174,7 @@ void DoUnescape(std::string &t, const std::string &s, const EncodeMode &mode)
switch (s[i]) {
case '%': {
char s1, s2;
+ // the "%" is followed by two hexadecimal digits
if (!GetHexDigit(s[i + 1], s1) || !GetHexDigit(s[i + 2], s2)) {
return;
}
diff --git a/src/utils/cpputils/url.h b/src/utils/cpputils/url.h
index 9b124c79..abbf20f4 100644
--- a/src/utils/cpputils/url.h
+++ b/src/utils/cpputils/url.h
@@ -183,5 +183,3 @@ bool ValidUserinfo(const std::string &s);
} // namespace url
#endif
-
-
diff --git a/src/utils/cutils/utils_mount_spec.c b/src/utils/cutils/utils_mount_spec.c
index 5386c115..e267c5a2 100644
--- a/src/utils/cutils/utils_mount_spec.c
+++ b/src/utils/cutils/utils_mount_spec.c
@@ -1,5 +1,5 @@
/******************************************************************************
- * Copyright (c) Huawei Technologies Co., Ltd. 2018-2019. All rights reserved.
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020-2023. All rights reserved.
* iSulad licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
diff --git a/src/utils/cutils/utils_timestamp.c b/src/utils/cutils/utils_timestamp.c
index 7435e2fa..fee66ea8 100644
--- a/src/utils/cutils/utils_timestamp.c
+++ b/src/utils/cutils/utils_timestamp.c
@@ -155,6 +155,7 @@ static bool get_time_buffer_help(const types_timestamp_t *timestamp, char *timeb
int32_t nanos;
struct tm tm_local = { 0 };
size_t tmp_size = 0;
+ size_t timebuffer_len = 0;
time_t seconds;
bool west_timezone = false;
long int tm_gmtoff = 0;
@@ -167,7 +168,11 @@ static bool get_time_buffer_help(const types_timestamp_t *timestamp, char *timeb
seconds = (time_t)timestamp->seconds;
localtime_r(&seconds, &tm_local);
- strftime(timebuffer, maxsize, "%Y-%m-%dT%H:%M:%S", &tm_local);
+ timebuffer_len = strftime(timebuffer, maxsize, "%Y-%m-%dT%H:%M:%S", &tm_local);
+ if (timebuffer_len == 0) {
+ ERROR("Failed to strftime");
+ return false;
+ }
if (timestamp->has_nanos) {
nanos = timestamp->nanos;
@@ -175,10 +180,10 @@ static bool get_time_buffer_help(const types_timestamp_t *timestamp, char *timeb
nanos = 0;
}
- tmp_size = maxsize - strlen(timebuffer);
+ tmp_size = maxsize - timebuffer_len;
if (local_utc) {
- nret = snprintf(timebuffer + strlen(timebuffer), tmp_size, ".%09dZ", nanos);
+ nret = snprintf(timebuffer + timebuffer_len, tmp_size, ".%09dZ", nanos);
goto out;
}
@@ -197,9 +202,9 @@ static bool get_time_buffer_help(const types_timestamp_t *timestamp, char *timeb
tm_zone_min = (tm_gmtoff - tm_zone_hour * seconds_per_hour) / seconds_per_minutes;
if (!west_timezone) {
- nret = snprintf(timebuffer + strlen(timebuffer), tmp_size, ".%09d+%02d:%02d", nanos, tm_zone_hour, tm_zone_min);
+ nret = snprintf(timebuffer + timebuffer_len, tmp_size, ".%09d+%02d:%02d", nanos, tm_zone_hour, tm_zone_min);
} else {
- nret = snprintf(timebuffer + strlen(timebuffer), tmp_size, ".%09d-%02d:%02d", nanos, tm_zone_hour, tm_zone_min);
+ nret = snprintf(timebuffer + timebuffer_len, tmp_size, ".%09d-%02d:%02d", nanos, tm_zone_hour, tm_zone_min);
}
out:
diff --git a/src/utils/http/http.c b/src/utils/http/http.c
index 47d17455..1b0ba5be 100644
--- a/src/utils/http/http.c
+++ b/src/utils/http/http.c
@@ -362,7 +362,8 @@ static size_t calc_replaced_url_len(const char *url)
max++;
continue;
}
- max += 3; /* ' ' to %20 so size should add 3 */
+ /* ' ' to %20 so size should add 3 */
+ max += 3;
}
return max + 1; /* +1 for terminator */
@@ -486,7 +487,6 @@ int http_request(const char *url, struct http_get_options *options, long *respon
/* get it! */
curl_result = curl_easy_perform(curl_handle);
-
if (curl_result != CURLE_OK) {
check_buf_len(options, errbuf, curl_result);
ret = -1;
diff --git a/src/utils/http/parser.c b/src/utils/http/parser.c
index d625182c..cf8425e4 100644
--- a/src/utils/http/parser.c
+++ b/src/utils/http/parser.c
@@ -47,15 +47,15 @@
#include "utils.h"
#include "isula_libutils/log.h"
-size_t strlncat(char *dststr, size_t size, const char *srcstr, size_t nsize)
+size_t strlncat(char *dststr, size_t dststr_size, const char *srcstr, size_t srcstr_size)
{
size_t ssize, dsize;
- ssize = (size_t)strnlen(srcstr, nsize);
- dsize = (size_t)strnlen(dststr, size);
+ ssize = (size_t)strnlen(srcstr, srcstr_size);
+ dsize = (size_t)strnlen(dststr, dststr_size);
- if (dsize < size) {
- size_t rsize = size - dsize;
+ if (dsize < dststr_size) {
+ size_t rsize = dststr_size - dsize;
size_t ncpy = ssize < rsize ? ssize : (rsize - 1);
(void)memcpy(dststr + dsize, srcstr, ncpy);
dststr[dsize + ncpy] = '\0';
diff --git a/src/utils/sha256/sha256.c b/src/utils/sha256/sha256.c
index 81375111..674c3289 100644
--- a/src/utils/sha256/sha256.c
+++ b/src/utils/sha256/sha256.c
@@ -173,18 +173,16 @@ char *sha256_digest_file(const char *filename, bool isgzip)
break;
}
- if (n > 0) {
#if OPENSSL_VERSION_MAJOR >= 3
- if (!EVP_DigestUpdate(ctx, (unsigned char *)buffer, n)) {
- ERROR("Failed to pass the message to be digested");
- ERR_print_errors_fp(stderr);
- ret = -1;
- goto out;
- }
+ if (!EVP_DigestUpdate(ctx, (unsigned char *)buffer, n)) {
+ ERROR("Failed to pass the message to be digested");
+ ERR_print_errors_fp(stderr);
+ ret = -1;
+ goto out;
+ }
#else
- SHA256_Update(&ctx, buffer, n);
+ SHA256_Update(&ctx, buffer, n);
#endif
- }
if (stream_check_eof(stream, isgzip)) {
break;
--
2.40.1

200
0119-2135-modify-incorrect-variable-type.patch Normal file
View File

@ -0,0 +1,200 @@
From cf1abd80174035c5561e7f64bdee7e99b9cab1ac Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 28 Aug 2023 06:46:10 +0000
Subject: [PATCH 119/145] !2135 modify incorrect variable type * modify
incorrect variable type
---
src/client/connect/protocol_type.h | 2 +-
src/daemon/modules/image/oci/oci_load.c | 4 ++--
src/daemon/modules/image/oci/registry/registry.c | 12 +++++++-----
.../oci/storage/layer_store/graphdriver/driver.c | 2 +-
.../image/oci/storage/layer_store/layer_store.c | 15 +++++++++------
src/daemon/modules/image/oci/storage/storage.c | 2 +-
src/daemon/modules/image/oci/utils_images.c | 4 ++--
src/daemon/modules/service/service_container.c | 2 +-
8 files changed, 24 insertions(+), 19 deletions(-)
diff --git a/src/client/connect/protocol_type.h b/src/client/connect/protocol_type.h
index 814d32f0..47c5c6d1 100644
--- a/src/client/connect/protocol_type.h
+++ b/src/client/connect/protocol_type.h
@@ -239,7 +239,7 @@ typedef struct container_events_format {
char *opt;
char *id;
char **annotations;
- char annotations_len;
+ size_t annotations_len;
} container_events_format_t;
typedef void (*container_events_callback_t)(const container_events_format_t *event);
diff --git a/src/daemon/modules/image/oci/oci_load.c b/src/daemon/modules/image/oci/oci_load.c
index d1fbeafb..fad69418 100644
--- a/src/daemon/modules/image/oci/oci_load.c
+++ b/src/daemon/modules/image/oci/oci_load.c
@@ -159,7 +159,7 @@ static void oci_load_free_layer(load_layer_blob_t *l)
static void oci_load_free_image(load_image_t *im)
{
- int i = 0;
+ size_t i = 0;
if (im == NULL) {
return;
@@ -391,7 +391,7 @@ out:
static int check_time_valid(oci_image_spec *conf)
{
- int i = 0;
+ size_t i = 0;
if (!oci_valid_time(conf->created)) {
ERROR("Invalid created time %s", conf->created);
diff --git a/src/daemon/modules/image/oci/registry/registry.c b/src/daemon/modules/image/oci/registry/registry.c
index 402863a0..717f48b5 100644
--- a/src/daemon/modules/image/oci/registry/registry.c
+++ b/src/daemon/modules/image/oci/registry/registry.c
@@ -649,18 +649,20 @@ static int register_layer(pull_descriptor *desc, size_t i)
static int get_top_layer_index(pull_descriptor *desc, size_t *top_layer_index)
{
- int i = 0;
+ size_t i;
if (desc == NULL || top_layer_index == NULL) {
ERROR("Invalid NULL pointer");
return -1;
}
-
- for (i = desc->layers_len - 1; i >= 0; i--) {
- if (desc->layers[i].empty_layer) {
+ // iterate over the layers array in reverse order, starting from the last layer
+ // since i is an unsigned number, i traverses from layers_len to 1
+ for (i = desc->layers_len; i > 0; i--) {
+ // the corresponding array index is [i - 1]: layers_len - 1 -> 0
+ if (desc->layers[i - 1].empty_layer) {
continue;
}
- *top_layer_index = i;
+ *top_layer_index = i - 1;
return 0;
}
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c
index b83c63b1..29223700 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c
@@ -342,7 +342,7 @@ int graphdriver_apply_diff(const char *id, const struct io_read_wrapper *content
container_inspect_graph_driver *graphdriver_get_metadata(const char *id)
{
int ret = -1;
- int i = 0;
+ size_t i = 0;
container_inspect_graph_driver *inspect_driver = NULL;
json_map_string_string *metadata = NULL;
diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
index 4751f020..057ffaa3 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
@@ -752,7 +752,7 @@ out:
static int insert_memory_stores(const char *id, const struct layer_opts *opts, layer_t *l)
{
int ret = 0;
- int i = 0;
+ size_t i = 0;
if (!append_layer_into_list(l)) {
ret = -1;
@@ -793,9 +793,12 @@ clear_compress_digest:
(void)delete_digest_from_map(g_metadata.by_compress_digest, l->slayer->compressed_diff_digest, id);
}
clear_by_name:
- for (i = i - 1; i >= 0; i--) {
- if (!map_remove(g_metadata.by_name, (void *)opts->names[i])) {
- WARN("Remove name: %s failed", opts->names[i]);
+ // iterate over the names in reverse order, starting from the last name
+ // since i is an unsigned number, i traverses from inserted name len to 1
+ for (; i > 0; i--) {
+ // the corresponding array index is [i - 1]: inserted name len - 1 -> 0
+ if (!map_remove(g_metadata.by_name, (void *)opts->names[i - 1])) {
+ WARN("Remove name: %s failed", opts->names[i - 1]);
}
}
if (!map_remove(g_metadata.by_id, (void *)id)) {
@@ -2032,7 +2035,7 @@ void layer_store_exit()
static uint64_t payload_to_crc(char *payload)
{
int ret = 0;
- int i = 0;
+ size_t i = 0;
uint64_t crc = 0;
uint8_t *crc_sums = NULL;
size_t crc_sums_len = 0;
@@ -2452,7 +2455,7 @@ int remote_load_one_layer(const char *id)
{
int ret = 0;
layer_t *tl = NULL;
- int i = 0;
+ size_t i = 0;
if (!layer_store_lock(true)) {
return -1;
diff --git a/src/daemon/modules/image/oci/storage/storage.c b/src/daemon/modules/image/oci/storage/storage.c
index 07c3830b..cece9e90 100644
--- a/src/daemon/modules/image/oci/storage/storage.c
+++ b/src/daemon/modules/image/oci/storage/storage.c
@@ -1536,7 +1536,7 @@ out:
static bool is_rootfs_layer(const char *layer_id, const struct rootfs_list *all_rootfs)
{
- int j;
+ size_t j;
if (all_rootfs == NULL || layer_id == NULL) {
return false;
diff --git a/src/daemon/modules/image/oci/utils_images.c b/src/daemon/modules/image/oci/utils_images.c
index 6acbbb12..d06ba058 100644
--- a/src/daemon/modules/image/oci/utils_images.c
+++ b/src/daemon/modules/image/oci/utils_images.c
@@ -450,7 +450,7 @@ static char *convert_created_by(image_manifest_v1_compatibility *config)
int add_rootfs_and_history(const layer_blob *layers, size_t layers_len, const registry_manifest_schema1 *manifest,
docker_image_config_v2 *config)
{
- int i = 0;
+ size_t i = 0;
int ret = 0;
size_t history_index = 0;
parser_error err = NULL;
@@ -511,7 +511,7 @@ int add_rootfs_and_history(const layer_blob *layers, size_t layers_len, const re
ret = util_array_append(&config->rootfs->diff_ids, layers[i].diff_id);
if (ret != 0) {
- ERROR("append diff id of layer %u to rootfs failed, diff id is %s", i, layers[i].diff_id);
+ ERROR("append diff id of layer %zu to rootfs failed, diff id is %s", i, layers[i].diff_id);
ret = -1;
goto out;
}
diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
index 43968c63..5d6cabf7 100644
--- a/src/daemon/modules/service/service_container.c
+++ b/src/daemon/modules/service/service_container.c
@@ -310,7 +310,6 @@ static int write_env_content(const char *env_path, const char **env, size_t env_
int fd = -1;
size_t i = 0;
ssize_t nret = 0;
- int env_max = 4096;
ret = create_env_path_dir(env_path);
if (ret < 0) {
@@ -325,6 +324,7 @@ static int write_env_content(const char *env_path, const char **env, size_t env_
}
if (env != NULL) {
for (i = 0; i < env_len; i++) {
+ size_t env_max = 4096;
if (strlen(env[i]) > env_max) {
ERROR("Env is too long");
ret = -1;
--
2.40.1

465
0120-Fix-null-ptr-and-buffer-overflow-issues.patch Normal file
View File

@ -0,0 +1,465 @@
From 15938534b7a3fba2b39c3f7942834adf55d2a6a6 Mon Sep 17 00:00:00 2001
From: xuxuepeng <xuxuepeng1@huawei.com>
Date: Mon, 28 Aug 2023 16:38:02 +0800
Subject: [PATCH 120/145] Fix null-ptr and buffer overflow issues
Signed-off-by: xuxuepeng <xuxuepeng1@huawei.com>
---
.../connect/grpc/grpc_containers_service.cc | 5 +--
.../grpc/grpc_containers_service_private.cc | 2 +-
.../connect/grpc/grpc_server_tls_auth.cc | 2 +-
.../entry/connect/grpc/grpc_server_tls_auth.h | 2 +-
.../connect/rest/rest_containers_service.c | 2 +-
src/daemon/entry/cri/cni_network_plugin.h | 6 ++--
.../cri/cri_image_manager_service_impl.cc | 2 +-
.../cri/cri_image_manager_service_impl.h | 4 +--
.../entry/cri/websocket/service/ws_server.cc | 5 +++
src/daemon/modules/runtime/shim/shim_rt_ops.c | 6 ++++
.../modules/service/service_container.c | 4 +--
src/daemon/modules/spec/parse_volume.c | 5 +++
src/daemon/modules/spec/specs_extend.c | 12 +++++++
src/daemon/modules/spec/specs_mount.c | 34 ++++++++++++++++---
src/daemon/modules/spec/specs_mount.h | 2 --
src/daemon/modules/spec/specs_namespace.c | 6 ++--
src/daemon/modules/spec/specs_security.c | 11 +-----
src/daemon/modules/volume/local.c | 3 +-
src/daemon/modules/volume/volume.c | 2 +-
19 files changed, 81 insertions(+), 34 deletions(-)
diff --git a/src/daemon/entry/connect/grpc/grpc_containers_service.cc b/src/daemon/entry/connect/grpc/grpc_containers_service.cc
index f69613ce..ab762853 100644
--- a/src/daemon/entry/connect/grpc/grpc_containers_service.cc
+++ b/src/daemon/entry/connect/grpc/grpc_containers_service.cc
@@ -18,14 +18,15 @@
#include <string>
#include <thread>
#include <unistd.h>
-#include "isula_libutils/log.h"
+#include <isula_libutils/log.h>
+#include <isula_libutils/logger_json_file.h>
+
#include "utils.h"
#include "error.h"
#include "cxxutils.h"
#include "stoppable_thread.h"
#include "grpc_server_tls_auth.h"
#include "container_api.h"
-#include "isula_libutils/logger_json_file.h"
void protobuf_timestamp_to_grpc(const types_timestamp_t *timestamp, Timestamp *gtimestamp)
{
diff --git a/src/daemon/entry/connect/grpc/grpc_containers_service_private.cc b/src/daemon/entry/connect/grpc/grpc_containers_service_private.cc
index 853336fe..8cf9ae78 100644
--- a/src/daemon/entry/connect/grpc/grpc_containers_service_private.cc
+++ b/src/daemon/entry/connect/grpc/grpc_containers_service_private.cc
@@ -13,7 +13,7 @@
* Description: provide grpc container service private functions
******************************************************************************/
#include "grpc_containers_service.h"
-#include "isula_libutils/log.h"
+#include <isula_libutils/log.h>
#include "utils.h"
#include "error.h"
diff --git a/src/daemon/entry/connect/grpc/grpc_server_tls_auth.cc b/src/daemon/entry/connect/grpc/grpc_server_tls_auth.cc
index 737bb129..968a6dfe 100644
--- a/src/daemon/entry/connect/grpc/grpc_server_tls_auth.cc
+++ b/src/daemon/entry/connect/grpc/grpc_server_tls_auth.cc
@@ -24,7 +24,7 @@ std::string auth_plugin = "";
} // namespace AuthorizationPluginConfig
namespace GrpcServerTlsAuth {
-Status auth(ServerContext *context, std::string action)
+Status auth(ServerContext *context, const std::string &action)
{
#ifdef ENABLE_GRPC_REMOTE_CONNECT
const std::multimap<grpc::string_ref, grpc::string_ref> &init_metadata = context->client_metadata();
diff --git a/src/daemon/entry/connect/grpc/grpc_server_tls_auth.h b/src/daemon/entry/connect/grpc/grpc_server_tls_auth.h
index ee66529f..f429a02d 100644
--- a/src/daemon/entry/connect/grpc/grpc_server_tls_auth.h
+++ b/src/daemon/entry/connect/grpc/grpc_server_tls_auth.h
@@ -27,7 +27,7 @@ extern std::string auth_plugin;
}; // namespace AuthorizationPluginConfig
namespace GrpcServerTlsAuth {
-Status auth(ServerContext *context, std::string action);
+Status auth(ServerContext *context, const std::string &action);
}; // namespace GrpcServerTlsAuth
#endif // DAEMON_ENTRY_CONNECT_GRPC_GRPC_SERVER_TLS_AUTH_H
diff --git a/src/daemon/entry/connect/rest/rest_containers_service.c b/src/daemon/entry/connect/rest/rest_containers_service.c
index 397660e2..73eda508 100644
--- a/src/daemon/entry/connect/rest/rest_containers_service.c
+++ b/src/daemon/entry/connect/rest/rest_containers_service.c
@@ -15,8 +15,8 @@
#include "rest_containers_service.h"
#include <unistd.h>
#include <string.h>
+#include <isula_libutils/log.h>
-#include "isula_libutils/log.h"
#include "utils.h"
#include "error.h"
#include "callback.h"
diff --git a/src/daemon/entry/cri/cni_network_plugin.h b/src/daemon/entry/cri/cni_network_plugin.h
index 434222b5..1518c5f4 100644
--- a/src/daemon/entry/cri/cni_network_plugin.h
+++ b/src/daemon/entry/cri/cni_network_plugin.h
@@ -32,9 +32,9 @@
namespace Network {
#define UNUSED(x) ((void)(x))
-static const std::string CNI_PLUGIN_NAME { "cni" };
-static const std::string DEFAULT_NET_DIR { "/etc/cni/net.d" };
-static const std::string DEFAULT_CNI_DIR { "/opt/cni/bin" };
+const std::string CNI_PLUGIN_NAME { "cni" };
+const std::string DEFAULT_NET_DIR { "/etc/cni/net.d" };
+const std::string DEFAULT_CNI_DIR { "/opt/cni/bin" };
class CNINetwork {
public:
diff --git a/src/daemon/entry/cri/cri_image_manager_service_impl.cc b/src/daemon/entry/cri/cri_image_manager_service_impl.cc
index 69573a70..ad9e8ef1 100644
--- a/src/daemon/entry/cri/cri_image_manager_service_impl.cc
+++ b/src/daemon/entry/cri/cri_image_manager_service_impl.cc
@@ -1,5 +1,5 @@
/******************************************************************************
- * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+ * Copyright (c) Huawei Technologies Co., Ltd. 2017-2020. All rights reserved.
* iSulad licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
diff --git a/src/daemon/entry/cri/cri_image_manager_service_impl.h b/src/daemon/entry/cri/cri_image_manager_service_impl.h
index 4c317c1f..b94f8908 100644
--- a/src/daemon/entry/cri/cri_image_manager_service_impl.h
+++ b/src/daemon/entry/cri/cri_image_manager_service_impl.h
@@ -1,5 +1,5 @@
/******************************************************************************
- * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+ * Copyright (c) Huawei Technologies Co., Ltd. 2017-2020. All rights reserved.
* iSulad licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
@@ -19,7 +19,7 @@
#include <string>
#include <vector>
#include <memory>
-// #include "cri_services.h"
+
#include "image_api.h"
#include "cri_image_manager_service.h"
diff --git a/src/daemon/entry/cri/websocket/service/ws_server.cc b/src/daemon/entry/cri/websocket/service/ws_server.cc
index 078c856c..6c379d9d 100644
--- a/src/daemon/entry/cri/websocket/service/ws_server.cc
+++ b/src/daemon/entry/cri/websocket/service/ws_server.cc
@@ -712,6 +712,11 @@ void DoWriteToClient(SessionData *session, const void *data, size_t len, Websock
ERROR("Out of memory");
return;
}
+ if (len > MAX_BUFFER_SIZE) {
+ ERROR("Message exceeds maximum length %d, len = %zu", MAX_BUFFER_SIZE, len);
+ free(buf);
+ return;
+ }
// Determine if it is standard output channel or error channel
buf[LWS_PRE] = static_cast<int>(channel);
diff --git a/src/daemon/modules/runtime/shim/shim_rt_ops.c b/src/daemon/modules/runtime/shim/shim_rt_ops.c
index a437399d..d86418b0 100644
--- a/src/daemon/modules/runtime/shim/shim_rt_ops.c
+++ b/src/daemon/modules/runtime/shim/shim_rt_ops.c
@@ -495,6 +495,12 @@ static int file_read_address(const char *fname, char *addr)
goto out;
}
+ if (strlen(buf) >= PATH_MAX) {
+ ERROR("address in file %s is too long", fname);
+ ret = -1;
+ goto out;
+ }
+
(void)stpcpy(addr, buf);
out:
diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
index 5d6cabf7..f278d8ab 100644
--- a/src/daemon/modules/service/service_container.c
+++ b/src/daemon/modules/service/service_container.c
@@ -1374,7 +1374,7 @@ static int force_kill(container_t *cont)
{
int ret = 0;
const char *id = cont->common_config->id;
- int stop_signal = container_stop_signal(cont);
+ uint32_t stop_signal = container_stop_signal(cont);
ret = kill_with_signal(cont, SIGKILL);
if (ret != 0) {
@@ -1401,7 +1401,7 @@ int stop_container(container_t *cont, int timeout, bool force, bool restart)
{
int ret = 0;
char *id = NULL;
- int stop_signal = 0;
+ uint32_t stop_signal = 0;
if (cont == NULL) {
ERROR("Invalid input arguments");
diff --git a/src/daemon/modules/spec/parse_volume.c b/src/daemon/modules/spec/parse_volume.c
index 40c4cecb..3d416a05 100644
--- a/src/daemon/modules/spec/parse_volume.c
+++ b/src/daemon/modules/spec/parse_volume.c
@@ -112,6 +112,11 @@ static int check_mount_source(const defs_mount *m)
int append_default_tmpfs_options(defs_mount *m)
{
+
+ if (m == NULL) {
+ return -1;
+ }
+
if (util_array_append(&m->options, "noexec") != 0) {
ERROR("append default tmpfs options noexec failed");
return -1;
diff --git a/src/daemon/modules/spec/specs_extend.c b/src/daemon/modules/spec/specs_extend.c
index c8faa102..5ede7936 100644
--- a/src/daemon/modules/spec/specs_extend.c
+++ b/src/daemon/modules/spec/specs_extend.c
@@ -384,6 +384,10 @@ int merge_env_target_file(oci_runtime_spec *oci_spec, const char *env_target_fil
char *env_path = NULL;
json_map_string_string *env_map = NULL;
+ if (oci_spec == NULL) {
+ return -1;
+ }
+
if (env_target_file == NULL) {
return 0;
}
@@ -484,6 +488,10 @@ char *oci_container_get_env(const oci_runtime_spec *oci_spec, const char *key)
int make_sure_oci_spec_linux(oci_runtime_spec *oci_spec)
{
+ if (oci_spec == NULL) {
+ return -1;
+ }
+
if (oci_spec->linux == NULL) {
oci_spec->linux = util_common_calloc_s(sizeof(oci_runtime_config_linux));
if (oci_spec->linux == NULL) {
@@ -495,6 +503,10 @@ int make_sure_oci_spec_linux(oci_runtime_spec *oci_spec)
int make_sure_oci_spec_process(oci_runtime_spec *oci_spec)
{
+ if (oci_spec == NULL) {
+ return -1;
+ }
+
if (oci_spec->process == NULL) {
oci_spec->process = util_common_calloc_s(sizeof(defs_process));
if (oci_spec->process == NULL) {
diff --git a/src/daemon/modules/spec/specs_mount.c b/src/daemon/modules/spec/specs_mount.c
index 7ee4c5f9..3b26e091 100644
--- a/src/daemon/modules/spec/specs_mount.c
+++ b/src/daemon/modules/spec/specs_mount.c
@@ -144,7 +144,7 @@ int adapt_settings_for_mounts(oci_runtime_spec *oci_spec, container_config *cont
int ret = 0;
char **array_str = NULL;
- if (container_spec == NULL) {
+ if (oci_spec == NULL || container_spec == NULL) {
return -1;
}
@@ -1235,6 +1235,10 @@ int merge_all_devices_and_all_permission(oci_runtime_spec *oci_spec)
defs_resources *ptr = NULL;
defs_device_cgroup *spec_dev_cgroup = NULL;
+ if (oci_spec == NULL) {
+ return -1;
+ }
+
ret = merge_all_devices_in_dir("/dev", NULL, NULL, oci_spec);
if (ret != 0) {
ERROR("Failed to merge all devices in /dev");
@@ -2212,6 +2216,11 @@ int merge_conf_device(oci_runtime_spec *oci_spec, host_config *host_spec)
{
int ret = 0;
+ if (oci_spec == NULL || host_spec == NULL) {
+ ERROR("Invalid input arguments");
+ return -1;
+ }
+
/* blkio weight devices */
if (host_spec->blkio_weight_device != NULL && host_spec->blkio_weight_device_len != 0) {
ret = merge_blkio_weight_device(oci_spec, host_spec->blkio_weight_device, host_spec->blkio_weight_device_len);
@@ -2909,7 +2918,7 @@ static int calc_volumes_from_len(host_config *host_spec, size_t *len)
char *mode = NULL;
container_t *cont = NULL;
int ret = 0;
- int i = 0;
+ size_t i = 0;
*len = 0;
for (i = 0; i < host_spec->volumes_from_len; i++) {
@@ -3347,11 +3356,18 @@ out:
int merge_conf_mounts(oci_runtime_spec *oci_spec, host_config *host_spec, container_config_v2_common_config *v2_spec)
{
int ret = 0;
- container_config *container_spec = v2_spec->config;
+ container_config *container_spec = NULL;
defs_mount **all_fs_mounts = NULL;
size_t all_fs_mounts_len = 0;
bool mounted = false;
+ if (oci_spec == NULL || host_spec == NULL || v2_spec == NULL) {
+ ERROR("Invalid arguments");
+ return -1;
+ }
+
+ container_spec = v2_spec->config;
+
ret = im_mount_container_rootfs(v2_spec->image_type, v2_spec->image, v2_spec->id);
if (ret != 0) {
ERROR("Mount container %s failed when merge mounts", v2_spec->id);
@@ -3379,6 +3395,7 @@ int merge_conf_mounts(oci_runtime_spec *oci_spec, host_config *host_spec, contai
if (host_spec->host_channel != NULL) {
if (!add_host_channel_mount(&all_fs_mounts, &all_fs_mounts_len, host_spec->host_channel)) {
ERROR("Failed to merge host channel mount");
+ ret = -1;
goto out;
}
}
@@ -3402,7 +3419,11 @@ int merge_conf_mounts(oci_runtime_spec *oci_spec, host_config *host_spec, contai
/* add ipc mount */
if (v2_spec->shm_path != NULL) {
// check whether duplication
- add_shm_mount(&all_fs_mounts, &all_fs_mounts_len, v2_spec->shm_path);
+ if (!add_shm_mount(&all_fs_mounts, &all_fs_mounts_len, v2_spec->shm_path)) {
+ ERROR("Failed to add shm mount");
+ ret = -1;
+ goto out;
+ }
}
if (!host_spec->system_container) {
@@ -3446,6 +3467,11 @@ int add_rootfs_mount(const container_config *container_spec)
int ret = 0;
char *mntparent = NULL;
+ if (container_spec == NULL) {
+ ERROR("Invalid arguments");
+ return -1;
+ }
+
mntparent = conf_get_isulad_mount_rootfs();
if (mntparent == NULL) {
ERROR("Failed to get mount parent directory");
diff --git a/src/daemon/modules/spec/specs_mount.h b/src/daemon/modules/spec/specs_mount.h
index 3283d92b..8a28f0e2 100644
--- a/src/daemon/modules/spec/specs_mount.h
+++ b/src/daemon/modules/spec/specs_mount.h
@@ -41,8 +41,6 @@ int set_mounts_readwrite_option(const oci_runtime_spec *oci_spec);
int merge_all_devices_and_all_permission(oci_runtime_spec *oci_spec);
-bool mount_run_tmpfs(oci_runtime_spec *container, const host_config *host_spec, const char *path);
-
int merge_conf_device(oci_runtime_spec *oci_spec, host_config *host_spec);
int setup_ipc_dirs(host_config *host_spec, container_config_v2_common_config *v2_spec);
diff --git a/src/daemon/modules/spec/specs_namespace.c b/src/daemon/modules/spec/specs_namespace.c
index 2bf4cc36..3c54911a 100644
--- a/src/daemon/modules/spec/specs_namespace.c
+++ b/src/daemon/modules/spec/specs_namespace.c
@@ -200,13 +200,15 @@ int get_network_namespace_path(const host_config *host_spec,
{ SHARE_NAMESPACE_FILE, handle_get_path_from_file },
};
size_t jump_table_size = sizeof(handler_jump_table) / sizeof(handler_jump_table[0]);
- const char *network_mode = host_spec->network_mode;
+ const char *network_mode = NULL;
- if (network_mode == NULL || dest_path == NULL) {
+ if (host_spec == NULL || host_spec->network_mode == NULL || dest_path == NULL) {
ERROR("Invalid input");
return -1;
}
+ network_mode = host_spec->network_mode;
+
for (index = 0; index < jump_table_size; ++index) {
if (strncmp(network_mode, handler_jump_table[index].mode, strlen(handler_jump_table[index].mode)) == 0) {
ret = handler_jump_table[index].handle(host_spec, network_settings, type, dest_path);
diff --git a/src/daemon/modules/spec/specs_security.c b/src/daemon/modules/spec/specs_security.c
index d4884097..432339b0 100644
--- a/src/daemon/modules/spec/specs_security.c
+++ b/src/daemon/modules/spec/specs_security.c
@@ -501,11 +501,6 @@ static size_t docker_seccomp_arches_count(const char *seccomp_architecture, cons
size_t count = 0;
size_t i = 0;
- if (seccomp_architecture == NULL) {
- ERROR("Invalid input seccomp architecture");
- return -1;
- }
-
for (i = 0; i < docker_seccomp_spec->arch_map_len; ++i) {
if (docker_seccomp_spec->arch_map[i] == NULL || docker_seccomp_spec->arch_map[i]->architecture == NULL) {
continue;
@@ -532,10 +527,6 @@ static int dup_architectures_to_oci_spec(const char *seccomp_architecture, const
}
arch_size = docker_seccomp_arches_count(seccomp_architecture, docker_seccomp_spec);
- if (arch_size < 0) {
- ERROR("Failed to get arches count from docker seccomp spec");
- return -1;
- }
if (arch_size == 0) {
WARN("arch map is not provided in specified seccomp profile");
@@ -743,7 +734,7 @@ int merge_default_seccomp_spec(oci_runtime_spec *oci_spec, const defs_process_ca
oci_runtime_config_linux_seccomp *oci_seccomp_spec = NULL;
docker_seccomp *docker_seccomp_spec = NULL;
- if (oci_spec->process == NULL || oci_spec->process->capabilities == NULL) {
+ if (oci_spec == NULL || oci_spec->process == NULL || oci_spec->process->capabilities == NULL) {
return 0;
}
diff --git a/src/daemon/modules/volume/local.c b/src/daemon/modules/volume/local.c
index 87b90317..c46d4de0 100644
--- a/src/daemon/modules/volume/local.c
+++ b/src/daemon/modules/volume/local.c
@@ -403,6 +403,7 @@ static struct volume *volume_create_nolock(char *name)
if (!map_insert(g_volumes->vols_by_name, v->name, v)) {
ERROR("failed to insert volume %s", v->name);
+ ret = -1;
goto out;
}
@@ -630,7 +631,7 @@ int register_local_volume(char *root_dir)
}
local_volume_root_dir = util_path_join(root_dir, LOCAL_VOLUME_ROOT_DIR_NAME);
- if (root_dir == NULL) {
+ if (local_volume_root_dir == NULL) {
ERROR("out of memory");
ret = -1;
goto out;
diff --git a/src/daemon/modules/volume/volume.c b/src/daemon/modules/volume/volume.c
index 8255aff9..0d348bb4 100644
--- a/src/daemon/modules/volume/volume.c
+++ b/src/daemon/modules/volume/volume.c
@@ -130,7 +130,7 @@ static int insert_driver(char *name, volume_driver *driver)
}
if (!map_insert(g_vs.drivers, name, d)) {
- ERROR("out of memory");
+ ERROR("Failed to insert volume driver %s", name);
ret = -1;
goto out;
}
--
2.40.1

1585
0121-make-sure-the-input-parameter-is-not-empty-and-optim.patch Normal file
View File

File diff suppressed because it is too large Load Diff

76
0122-2149-archive-fork-process-set-pdeathsig.patch Normal file
View File

@ -0,0 +1,76 @@
From f43397d5c5a730e8beb14b19f934efbc7b13d493 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Tue, 29 Aug 2023 03:56:30 +0000
Subject: [PATCH 122/145] !2149 archive fork process set pdeathsig * archive
fork process set pdeathsig
---
src/utils/tar/util_archive.c | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c
index a6946413..19e6a6b1 100644
--- a/src/utils/tar/util_archive.c
+++ b/src/utils/tar/util_archive.c
@@ -598,7 +598,7 @@ int archive_unpack_handler(const struct io_read_wrapper *content, const struct a
ret = archive_read_open(a, mydata, NULL, read_content, NULL);
if (ret != 0) {
- SYSERROR("Failed to open archive");
+ ERROR("Failed to open archive: %s", archive_error_string(a));
fprintf(stderr, "Failed to open archive: %s", strerror(errno));
ret = -1;
goto out;
@@ -709,6 +709,13 @@ static void close_archive_pipes_fd(int *pipes, size_t pipe_size)
}
}
+static void set_child_process_pdeathsig(void)
+{
+ if (prctl(PR_SET_PDEATHSIG, SIGKILL) < 0) {
+ SYSERROR("Failed to set child process pdeathsig");
+ }
+}
+
int archive_unpack(const struct io_read_wrapper *content, const char *dstdir, const struct archive_options *options,
char **errmsg)
{
@@ -737,6 +744,8 @@ int archive_unpack(const struct io_read_wrapper *content, const char *dstdir, co
}
if (pid == (pid_t)0) {
+ set_child_process_pdeathsig();
+
keepfds[0] = isula_libutils_get_log_fd();
keepfds[1] = *(int *)(content->context);
keepfds[2] = pipe_stderr[1];
@@ -1141,6 +1150,8 @@ int archive_chroot_tar(char *path, char *file, char **errmsg)
}
if (pid == (pid_t)0) {
+ set_child_process_pdeathsig();
+
keepfds[0] = isula_libutils_get_log_fd();
keepfds[1] = pipe_for_read[1];
ret = util_check_inherited_exclude_fds(true, keepfds, 2);
@@ -1375,6 +1386,8 @@ int archive_chroot_untar_stream(const struct io_read_wrapper *context, const cha
}
if (pid == (pid_t)0) {
+ set_child_process_pdeathsig();
+
keepfds[0] = isula_libutils_get_log_fd();
keepfds[1] = pipe_stderr[1];
keepfds[2] = pipe_stream[0];
@@ -1504,6 +1517,8 @@ int archive_chroot_tar_stream(const char *chroot_dir, const char *tar_path, cons
char *tar_dir_name = NULL;
char *tar_base_name = NULL;
+ set_child_process_pdeathsig();
+
keepfds[0] = isula_libutils_get_log_fd();
keepfds[1] = pipe_stderr[1];
keepfds[2] = pipe_stream[1];
--
2.40.1

329
0123-improve-by-code-check-of-cpp.patch Normal file
View File

@ -0,0 +1,329 @@
From b01d0518d63cca451e2f0e88dc0d1cee2474fa7b Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Mon, 28 Aug 2023 20:10:13 +0800
Subject: [PATCH 123/145] improve by code check of cpp
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
src/daemon/entry/cri/errors.cc | 1 +
src/daemon/entry/cri/errors.h | 2 +-
src/utils/cpputils/cxxutils.cc | 10 ++++----
src/utils/cpputils/read_write_lock.h | 2 --
src/utils/cpputils/stoppable_thread.h | 1 -
src/utils/cpputils/url.cc | 37 +++++++++++++++------------
src/utils/cutils/utils_file.h | 2 --
src/utils/cutils/utils_timestamp.h | 2 --
src/utils/http/rest_common.h | 2 --
src/utils/tar/isulad_tar.c | 3 ++-
src/utils/tar/isulad_tar.h | 2 --
src/utils/tar/util_archive.c | 9 ++++---
src/utils/tar/util_archive.h | 2 --
13 files changed, 35 insertions(+), 40 deletions(-)
diff --git a/src/daemon/entry/cri/errors.cc b/src/daemon/entry/cri/errors.cc
index 3dc3bba6..e0fdc7f7 100644
--- a/src/daemon/entry/cri/errors.cc
+++ b/src/daemon/entry/cri/errors.cc
@@ -50,6 +50,7 @@ std::string &Errors::GetMessage()
return m_message;
}
+// never save return pointer, we just use for printf of logging
const char *Errors::GetCMessage() const
{
return m_message.empty() ? "" : m_message.c_str();
diff --git a/src/daemon/entry/cri/errors.h b/src/daemon/entry/cri/errors.h
index 193a9523..33be6d77 100644
--- a/src/daemon/entry/cri/errors.h
+++ b/src/daemon/entry/cri/errors.h
@@ -25,7 +25,7 @@ public:
: m_message(copy.m_message), m_code(copy.m_code)
{
}
- Errors &operator=(const Errors &);
+ Errors &operator=(const Errors &other);
virtual ~Errors();
void Clear();
diff --git a/src/utils/cpputils/cxxutils.cc b/src/utils/cpputils/cxxutils.cc
index 777c52e7..b4fb3c3f 100644
--- a/src/utils/cpputils/cxxutils.cc
+++ b/src/utils/cpputils/cxxutils.cc
@@ -19,13 +19,13 @@
namespace CXXUtils {
std::vector<std::string> Split(const std::string &str, char delimiter)
{
- std::vector<std::string> ret_vec;
- std::string tmpstr;
+ std::vector<std::string> retVec;
+ std::string tmpStr;
std::istringstream istream(str);
- while (std::getline(istream, tmpstr, delimiter)) {
- ret_vec.push_back(tmpstr);
+ while (std::getline(istream, tmpStr, delimiter)) {
+ retVec.push_back(tmpStr);
}
- return ret_vec;
+ return retVec;
}
// Join concatenates the elements of a to create a single string. The separator string
diff --git a/src/utils/cpputils/read_write_lock.h b/src/utils/cpputils/read_write_lock.h
index 0149e3a5..047d459f 100644
--- a/src/utils/cpputils/read_write_lock.h
+++ b/src/utils/cpputils/read_write_lock.h
@@ -15,10 +15,8 @@
#ifndef UTILS_CPPUTILS_READ_WRITE_LOCK_H
#define UTILS_CPPUTILS_READ_WRITE_LOCK_H
-#include <iostream>
#include <mutex>
#include <condition_variable>
-#include <thread>
class RWMutex {
public:
diff --git a/src/utils/cpputils/stoppable_thread.h b/src/utils/cpputils/stoppable_thread.h
index f5f4fb3f..dada6b50 100644
--- a/src/utils/cpputils/stoppable_thread.h
+++ b/src/utils/cpputils/stoppable_thread.h
@@ -16,7 +16,6 @@
#define UTILS_CPPUTILS_STOPPABLE_THREAD_H
#include <iostream>
-#include <chrono>
#include <future>
#include <mutex>
#include <utility>
diff --git a/src/utils/cpputils/url.cc b/src/utils/cpputils/url.cc
index 49843644..03ff2653 100644
--- a/src/utils/cpputils/url.cc
+++ b/src/utils/cpputils/url.cc
@@ -31,6 +31,7 @@ bool GetHexDigit(char c, char &d)
if (c >= '0' && c <= '9') {
d = c - '0';
} else if (c >= 'a' && c <= 'f') {
+ // 10 equal to a in hex
d = c - 'a' + 10;
} else {
d = c - 'A' + 10;
@@ -104,7 +105,7 @@ std::string QueryUnescape(const std::string &s)
int UnescapeDealWithPercentSign(size_t &i, std::string &s, const EncodeMode &mode)
{
- std::string percent_sign = "%25";
+ std::string percentSign = "%25";
// URL encoding replaces unsafe ASCII characters with a "%" followed by two hexadecimal digits
if ((size_t)(i + 2) >= s.length() || !IsHex(s[i + 1]) || !IsHex(s[i + 2])) {
s.erase(s.begin(), s.begin() + (long)i);
@@ -119,15 +120,16 @@ int UnescapeDealWithPercentSign(size_t &i, std::string &s, const EncodeMode &mod
if (!GetHexDigit(s[i + 1], s1) || !GetHexDigit(s[i + 2], s2)) {
return -1;
}
+ // for 3 bit hex, max value is 8
if (mode == EncodeMode::ENCODE_HOST && s1 < 8 &&
- std::string(s.begin() + (long)i, s.begin() + (long)i + 3) != percent_sign) {
- ERROR("invalid URL escape %s", std::string(s.begin() + (long)i, s.begin() + (long)i + 3).c_str());
+ std::string(s.begin() + static_cast<long>(i), s.begin() + static_cast<long>(i+3)) != percentSign) {
+ ERROR("invalid URL escape %s", std::string(s.begin() + static_cast<long>(i), s.begin() + static_cast<long>(i + 3)).c_str());
return -1;
}
if (mode == EncodeMode::ENCODE_ZONE) {
char v = static_cast<char>((static_cast<unsigned char>(s1) << 4) | static_cast<unsigned char>(s2));
- if (std::string(s.begin() + static_cast<long>(i), s.begin() + static_cast<long>(i) + 3) != percent_sign && v != ' ' &&
- ShouldEscape(v, EncodeMode::ENCODE_HOST)) {
+ if (std::string(s.begin() + static_cast<long>(i), s.begin() + static_cast<long>(i) + 3) != percentSign &&
+ v != ' ' && ShouldEscape(v, EncodeMode::ENCODE_HOST)) {
ERROR("invalid URL escape %s",
std::string(s.begin() + static_cast<long>(i), s.begin() + static_cast<long>(i) + 3).c_str());
return -1;
@@ -178,7 +180,8 @@ void DoUnescape(std::string &t, const std::string &s, const EncodeMode &mode)
if (!GetHexDigit(s[i + 1], s1) || !GetHexDigit(s[i + 2], s2)) {
return;
}
- t[j++] = (char)(((unsigned char)s1 << 4) | (unsigned char)s2);
+ // we use 4 high bit of 1 + 4 low bit of s2 to create new char
+ t[j++] = (char)((static_cast<unsigned char>(s1) << 4) | static_cast<unsigned char>(s2));
i += 3;
}
break;
@@ -249,7 +252,9 @@ std::string Escape(const std::string &s, const EncodeMode &mode)
t[j++] = '+';
} else if (ShouldEscape(c, mode)) {
t[j] = '%';
- t[j + 1] = "0123456789ABCDEF"[(unsigned char)c >> 4];
+ // get 4 high bit of c
+ t[j + 1] = "0123456789ABCDEF"[static_cast<unsigned char>(c) >> 4];
+ // get 4 low bit of c
t[j + 2] = "0123456789ABCDEF"[c & 15];
j += 3;
} else {
@@ -288,8 +293,8 @@ int Getscheme(const std::string &rawurl, std::string &scheme, std::string &path)
ERROR("missing protocol scheme");
return -1;
}
- scheme = std::string(rawurl.begin(), rawurl.begin() + (long)i);
- path = std::string(rawurl.begin() + (long)i + 1, rawurl.end());
+ scheme = std::string(rawurl.begin(), rawurl.begin() + static_cast<long>(i));
+ path = std::string(rawurl.begin() + static_cast<long>(i + 1), rawurl.end());
return 0;
} else {
scheme = "";
@@ -355,25 +360,25 @@ int SplitOffPossibleLeading(std::string &scheme, const std::string &rawurl, URLD
}
URLDatum *HandleNonBackslashPrefix(URLDatum *url, const std::string &scheme, const std::string &rest, bool viaRequest,
- bool &should_ret)
+ bool &shouldRet)
{
if (rest.at(0) == '/') {
return nullptr;
}
if (!scheme.empty()) {
- should_ret = true;
+ shouldRet = true;
url->SetOpaque(rest);
return url;
}
if (viaRequest) {
- should_ret = true;
+ shouldRet = true;
ERROR("invalid URI for request");
return nullptr;
}
size_t colon = rest.find(":");
size_t slash = rest.find("/");
if (colon != std::string::npos && (slash == std::string::npos || colon < slash)) {
- should_ret = true;
+ shouldRet = true;
ERROR("first path segment in URL cannot contain colon");
return nullptr;
}
@@ -420,9 +425,9 @@ URLDatum *Parse(const std::string &rawurl, bool viaRequest)
if (SplitOffPossibleLeading(scheme, rawurl, url, rest) != 0) {
return nullptr;
}
- bool should_ret = false;
- auto *tmpret = HandleNonBackslashPrefix(url, scheme, rest, viaRequest, should_ret);
- if (should_ret) {
+ bool shouldRet = false;
+ auto *tmpret = HandleNonBackslashPrefix(url, scheme, rest, viaRequest, shouldRet);
+ if (shouldRet) {
return tmpret;
}
if (SetURLDatumInfo(url, scheme, viaRequest, rest) != 0) {
diff --git a/src/utils/cutils/utils_file.h b/src/utils/cutils/utils_file.h
index 9bf60c6c..aca066ab 100644
--- a/src/utils/cutils/utils_file.h
+++ b/src/utils/cutils/utils_file.h
@@ -22,8 +22,6 @@
#include <stdio.h>
#include <sys/types.h>
-struct dirent;
-
#ifdef __cplusplus
extern "C" {
#endif
diff --git a/src/utils/cutils/utils_timestamp.h b/src/utils/cutils/utils_timestamp.h
index 2e93a215..4bfe796d 100644
--- a/src/utils/cutils/utils_timestamp.h
+++ b/src/utils/cutils/utils_timestamp.h
@@ -20,8 +20,6 @@
#include <sys/types.h>
#include <time.h>
-struct tm;
-
#ifdef __cplusplus
extern "C" {
#endif
diff --git a/src/utils/http/rest_common.h b/src/utils/http/rest_common.h
index aebc48c0..6363e67d 100644
--- a/src/utils/http/rest_common.h
+++ b/src/utils/http/rest_common.h
@@ -21,8 +21,6 @@
#include "http/http.h"
#include "parser.h"
-struct parsed_http_message;
-
#ifdef __cplusplus
extern "C" {
#endif
diff --git a/src/utils/tar/isulad_tar.c b/src/utils/tar/isulad_tar.c
index 48ac96da..709dfdd9 100644
--- a/src/utils/tar/isulad_tar.c
+++ b/src/utils/tar/isulad_tar.c
@@ -23,10 +23,11 @@
#include <sys/stat.h>
#include <errno.h>
+#include <isula_libutils/log.h>
+
#include "stdbool.h"
#include "utils.h"
#include "path.h"
-#include "isula_libutils/log.h"
#include "error.h"
#include "isula_libutils/json_common.h"
#include "util_archive.h"
diff --git a/src/utils/tar/isulad_tar.h b/src/utils/tar/isulad_tar.h
index ec085c25..b620fd02 100644
--- a/src/utils/tar/isulad_tar.h
+++ b/src/utils/tar/isulad_tar.h
@@ -25,8 +25,6 @@
#include "io_wrapper.h"
-struct io_read_wrapper;
-
#ifdef __cplusplus
extern "C" {
#endif
diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c
index 19e6a6b1..a9d0025b 100644
--- a/src/utils/tar/util_archive.c
+++ b/src/utils/tar/util_archive.c
@@ -21,20 +21,21 @@
#include <sys/types.h>
#include <sys/xattr.h>
#include <sys/stat.h>
+#include <sys/mount.h>
+#include <sys/capability.h>
#include <archive.h>
#include <archive_entry.h>
#include <errno.h>
#include <stdarg.h>
+#include <stdbool.h>
#include <stdint.h>
#include <libgen.h>
#include <pwd.h>
#include <netdb.h>
-#include <sys/mount.h>
-#include <sys/capability.h>
-#include "stdbool.h"
+#include <isula_libutils/log.h>
+
#include "utils.h"
-#include "isula_libutils/log.h"
#include "io_wrapper.h"
#include "utils_file.h"
#include "map.h"
diff --git a/src/utils/tar/util_archive.h b/src/utils/tar/util_archive.h
index 30f35e19..9312235d 100644
--- a/src/utils/tar/util_archive.h
+++ b/src/utils/tar/util_archive.h
@@ -26,8 +26,6 @@
#define ARCHIVE_BLOCK_SIZE (32 * 1024)
-struct io_read_wrapper;
-
#ifdef __cplusplus
extern "C" {
#endif
--
2.40.1

332
0124-remove-password-in-url-module-and-clean-sensitive-in.patch Normal file
View File

@ -0,0 +1,332 @@
From e00bfcc07038b2da85811a0750725e4fb96a52b1 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 29 Aug 2023 11:41:26 +0800
Subject: [PATCH 124/145] remove password in url module and clean sensitive
info in struct passwd
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
.../modules/image/image_rootfs_handler.c | 13 +-
src/utils/cpputils/url.cc | 144 +-----------------
src/utils/cpputils/url.h | 19 +--
3 files changed, 15 insertions(+), 161 deletions(-)
diff --git a/src/daemon/modules/image/image_rootfs_handler.c b/src/daemon/modules/image/image_rootfs_handler.c
index 1275658e..990c2720 100644
--- a/src/daemon/modules/image/image_rootfs_handler.c
+++ b/src/daemon/modules/image/image_rootfs_handler.c
@@ -85,6 +85,7 @@ static int proc_by_fpasswd(FILE *f_passwd, const char *user, defs_process_user *
char buf[BUFSIZ] = { 0 };
struct passwd pw;
struct passwd *pwbufp = NULL;
+ int ret = -1;
if (f_passwd != NULL) {
#if defined (__ANDROID__) || defined(__MUSL__)
@@ -116,7 +117,7 @@ static int proc_by_fpasswd(FILE *f_passwd, const char *user, defs_process_user *
if (errval != 0 && errval != ENOENT) {
ERROR("Failed to parse passwd file: Insufficient buffer space supplied");
isulad_set_error_message("Failed to parse passwd file: Insufficient buffer space supplied");
- return -1;
+ goto out;
}
if (!userfound && user != NULL) {
int uret = util_safe_llong(user, &n_user);
@@ -124,16 +125,20 @@ static int proc_by_fpasswd(FILE *f_passwd, const char *user, defs_process_user *
if (uret != 0) {
ERROR("Unable to find user '%s'", user);
isulad_set_error_message("Unable to find user '%s': no matching entries in passwd file", user);
- return -1;
+ goto out;
}
if (n_user < MINUID || n_user > MAXUID) {
uids_gids_range_err_log();
- return -1;
+ goto out;
}
puser->uid = (uid_t)n_user;
}
+ ret = 0;
- return 0;
+out:
+ memset(buf, 0, sizeof(buf));
+ memset(pwbufp, 0, sizeof(struct passwd));
+ return ret;
}
static int append_additional_gids(gid_t gid, gid_t **additional_gids, size_t *len)
diff --git a/src/utils/cpputils/url.cc b/src/utils/cpputils/url.cc
index 03ff2653..dfc9fc14 100644
--- a/src/utils/cpputils/url.cc
+++ b/src/utils/cpputils/url.cc
@@ -266,12 +266,7 @@ std::string Escape(const std::string &s, const EncodeMode &mode)
UserInfo *User(const std::string &username) noexcept
{
- return new UserInfo { username, "", false };
-}
-
-UserInfo *UserPassword(const std::string &username, const std::string &password) noexcept
-{
- return new UserInfo { username, password, true };
+ return new UserInfo { username };
}
int Getscheme(const std::string &rawurl, std::string &scheme, std::string &path)
@@ -324,24 +319,6 @@ void Split(const std::string &s, const std::string &c, bool cutc, std::string &t
u = s.substr(i, s.size());
}
-URLDatum *Parse(const std::string &rawurl)
-{
- std::string u, frag;
- Split(rawurl, "#", true, u, frag);
- auto *url = Parse(u, false);
- if (url == nullptr) {
- return nullptr;
- }
- if (frag.empty()) {
- return url;
- }
- url->SetFragment(Unescape(frag, EncodeMode::ENCODE_FRAGMENT));
- if (url->GetFragment().empty()) {
- return nullptr;
- }
- return url;
-}
-
int SplitOffPossibleLeading(std::string &scheme, const std::string &rawurl, URLDatum *url, std::string &rest)
{
if (Getscheme(rawurl, scheme, rest) != 0) {
@@ -385,108 +362,6 @@ URLDatum *HandleNonBackslashPrefix(URLDatum *url, const std::string &scheme, con
return nullptr;
}
-int SetURLDatumInfo(URLDatum *url, const std::string &scheme, bool viaRequest, std::string &rest)
-{
- if ((!scheme.empty() || (!viaRequest && rest.substr(0, 3) == "///")) && rest.substr(0, 2) == "//") {
- std::string authority;
- Split(rest.substr(2, rest.size()), "/", false, authority, rest);
- std::string host = url->GetHost();
- UserInfo *user = url->GetUser();
- if (ParseAuthority(authority, &user, host)) {
- return -1;
- }
- url->SetHost(host);
- url->SetUser(user);
- }
- if (url->SetPath(rest)) {
- return -1;
- }
- url->SetScheme(scheme);
- return 0;
-}
-
-URLDatum *Parse(const std::string &rawurl, bool viaRequest)
-{
- if (rawurl.empty() && viaRequest) {
- ERROR("empty url!");
- return nullptr;
- }
- auto *url = new (std::nothrow) URLDatum;
- if (url == nullptr) {
- ERROR("Out of memory");
- return nullptr;
- }
- if (rawurl == "*") {
- url->SetPathWithoutEscape("*");
- return url;
- }
- std::string scheme = url->GetScheme();
- std::string rest;
- if (SplitOffPossibleLeading(scheme, rawurl, url, rest) != 0) {
- return nullptr;
- }
- bool shouldRet = false;
- auto *tmpret = HandleNonBackslashPrefix(url, scheme, rest, viaRequest, shouldRet);
- if (shouldRet) {
- return tmpret;
- }
- if (SetURLDatumInfo(url, scheme, viaRequest, rest) != 0) {
- return nullptr;
- }
- return url;
-}
-
-int ParseAuthority(const std::string &authority, UserInfo **user, std::string &host)
-{
- size_t i = authority.find("@");
- if (i == std::string::npos) {
- if (ParseHost(authority, host) != 0) {
- *user = nullptr;
- host = "";
- return -1;
- }
- } else {
- if (ParseHost(authority.substr(i + 1, authority.size()), host) != 0) {
- *user = nullptr;
- host = "";
- return -1;
- }
- }
- if (i == std::string::npos) {
- *user = nullptr;
- return 0;
- }
-
- std::string userinfo = authority.substr(0, i);
- if (!ValidUserinfo(userinfo)) {
- *user = nullptr;
- host = "";
- ERROR("net/url: invalid userinfo");
- return -1;
- }
- if (userinfo.find(":") == std::string::npos) {
- userinfo = Unescape(userinfo, EncodeMode::ENCODE_USER_PASSWORD);
- if (userinfo.empty()) {
- *user = nullptr;
- host = "";
- return -1;
- }
- *user = User(userinfo);
- } else {
- std::string servername, serverword;
- Split(userinfo, ":", true, servername, serverword);
- servername = Unescape(servername, EncodeMode::ENCODE_USER_PASSWORD);
- serverword = Unescape(serverword, EncodeMode::ENCODE_USER_PASSWORD);
- if (servername.empty() || serverword.empty()) {
- *user = nullptr;
- host = "";
- return -1;
- }
- *user = UserPassword(servername, serverword);
- }
- return 0;
-}
-
int ParseHost(std::string host, std::string &out)
{
if (host.at(0) == '[') {
@@ -756,9 +631,6 @@ std::string UserInfo::String() const
std::string s;
if (!m_username.empty()) {
s = Escape(m_username, EncodeMode::ENCODE_USER_PASSWORD);
- if (m_passwordSet) {
- s += ":" + Escape(m_password, EncodeMode::ENCODE_USER_PASSWORD);
- }
}
return s;
}
@@ -766,11 +638,6 @@ std::string UserInfo::Username() const
{
return m_username;
}
-std::string UserInfo::Password(bool &set) const
-{
- set = m_passwordSet;
- return m_password;
-}
URLDatum::~URLDatum()
{
@@ -860,15 +727,6 @@ bool URLDatum::IsAbs() const
return (m_scheme != "");
}
-std::unique_ptr<URLDatum> URLDatum::UrlParse(const std::string &ref)
-{
- auto *refurl = Parse(ref);
- if (refurl == nullptr) {
- return nullptr;
- }
- return ResolveReference(refurl);
-}
-
std::unique_ptr<URLDatum> URLDatum::ResolveReference(URLDatum *ref)
{
std::unique_ptr<URLDatum> url(new (std::nothrow) URLDatum(*ref));
diff --git a/src/utils/cpputils/url.h b/src/utils/cpputils/url.h
index abbf20f4..3dd40079 100644
--- a/src/utils/cpputils/url.h
+++ b/src/utils/cpputils/url.h
@@ -49,17 +49,13 @@ private:
class UserInfo {
public:
- UserInfo(const std::string &u, const std::string &p, bool b) : m_username(u), m_password(p),
- m_passwordSet(b) {}
+ UserInfo(const std::string &u) : m_username(u) {}
~UserInfo() = default;
std::string String() const;
std::string Username() const;
- std::string Password(bool &set) const;
private:
std::string m_username;
- std::string m_password;
- bool m_passwordSet;
};
class URLDatum {
@@ -69,7 +65,6 @@ public:
std::string EscapedPath();
std::string String();
bool IsAbs() const;
- std::unique_ptr<URLDatum> UrlParse(const std::string &ref);
std::unique_ptr<URLDatum> ResolveReference(URLDatum *ref);
auto Query()->std::map<std::string, std::vector<std::string>>;
std::string RequestURI();
@@ -88,7 +83,7 @@ public:
{
m_opaque = value;
}
- std::string GetOpaque() const
+ std::string GetOpaque() const
{
return m_opaque;
}
@@ -96,7 +91,7 @@ public:
{
m_user = value;
}
- UserInfo *GetUser() const
+ UserInfo *GetUser() const
{
return m_user;
}
@@ -128,7 +123,7 @@ public:
{
m_rawQuery = value;
}
- std::string GetRawQuery() const
+ std::string GetRawQuery() const
{
return m_rawQuery;
}
@@ -136,7 +131,7 @@ public:
{
m_fragment = value;
}
- std::string GetFragment() const
+ std::string GetFragment() const
{
return m_fragment;
}
@@ -163,13 +158,9 @@ std::string QueryUnescape(const std::string &s);
std::string Unescape(std::string s, const EncodeMode &mode);
std::string QueryEscape(const std::string &s);
std::string Escape(const std::string &s, const EncodeMode &mode);
-UserInfo *UserPassword(const std::string &username, const std::string &password) noexcept;
UserInfo *User(const std::string &username) noexcept;
int Getscheme(const std::string &rawurl, std::string &scheme, std::string &path);
void Split(const std::string &s, const std::string &c, bool cutc, std::string &t, std::string &u);
-URLDatum *Parse(const std::string &rawurl);
-URLDatum *Parse(const std::string &rawurl, bool viaRequest);
-int ParseAuthority(const std::string &authority, UserInfo **user, std::string &host);
int ParseHost(std::string host, std::string &out);
bool ValidEncodedPath(const std::string &s);
bool ValidOptionalPort(const std::string &port);
--
2.40.1

460
0125-2153-fix-codecheck.patch Normal file
View File

@ -0,0 +1,460 @@
From e8ad7f46602cd79f44d1c212c86c900859cb88c9 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 29 Aug 2023 09:38:53 +0000
Subject: [PATCH 125/145] !2153 fix codecheck * fix codecheck
---
src/daemon/modules/image/embedded/load.c | 2 +-
src/daemon/modules/image/image.c | 4 +-
src/daemon/modules/image/oci/oci_login.h | 2 -
src/daemon/modules/image/oci/oci_logout.h | 2 -
.../oci/storage/image_store/image_store.c | 1 -
.../oci/storage/image_store/image_store.h | 2 -
.../graphdriver/devmapper/deviceset.c | 9 ++-
.../graphdriver/devmapper/deviceset.h | 5 +-
.../graphdriver/devmapper/driver_devmapper.h | 16 ++---
.../graphdriver/devmapper/wrapper_devmapper.h | 2 -
.../storage/layer_store/graphdriver/driver.c | 2 +-
.../storage/layer_store/graphdriver/driver.h | 59 ++++++++-----------
.../graphdriver/overlay2/driver_overlay2.c | 3 -
.../graphdriver/overlay2/driver_overlay2.h | 8 +--
.../graphdriver/quota/project_quota.h | 1 -
.../oci/storage/layer_store/layer_store.c | 1 -
.../oci/storage/layer_store/layer_store.h | 4 --
.../overlay_remote_impl.c | 1 -
.../remote_layer_support/remote_support.c | 2 +-
.../remote_layer_support/remote_support.h | 2 +-
.../oci/storage/rootfs_store/rootfs_store.h | 4 --
21 files changed, 46 insertions(+), 86 deletions(-)
diff --git a/src/daemon/modules/image/embedded/load.c b/src/daemon/modules/image/embedded/load.c
index dc2aeba2..92ac42ad 100644
--- a/src/daemon/modules/image/embedded/load.c
+++ b/src/daemon/modules/image/embedded/load.c
@@ -36,7 +36,7 @@ static char *replace_suffix_to_sgn(const char *file)
ERROR("invalid NULL param");
return NULL;
}
- if (sizeof(".sgn") > SIZE_MAX - strlen(file)) {
+ if (strlen(file) > SIZE_MAX - sizeof(".sgn")) {
return NULL;
}
len = strlen(file) + sizeof(".sgn");
diff --git a/src/daemon/modules/image/image.c b/src/daemon/modules/image/image.c
index 4b0e2c07..e1b309b6 100644
--- a/src/daemon/modules/image/image.c
+++ b/src/daemon/modules/image/image.c
@@ -768,7 +768,9 @@ int im_merge_image_config(const char *image_type, const char *image_name, contai
int ret = 0;
struct bim *bim = NULL;
- if (container_spec == NULL || image_name == NULL || image_type == NULL) {
+ // there is no need to judge the image name as empty,
+ // because the image name of external type allows it to be empty.
+ if (container_spec == NULL || image_type == NULL) {
ERROR("Invalid input arguments");
ret = -1;
goto out;
diff --git a/src/daemon/modules/image/oci/oci_login.h b/src/daemon/modules/image/oci/oci_login.h
index ab261ebd..acf6eeb6 100644
--- a/src/daemon/modules/image/oci/oci_login.h
+++ b/src/daemon/modules/image/oci/oci_login.h
@@ -15,8 +15,6 @@
#ifndef DAEMON_MODULES_IMAGE_OCI_OCI_LOGIN_H
#define DAEMON_MODULES_IMAGE_OCI_OCI_LOGIN_H
-#include <stdbool.h>
-
#ifdef __cplusplus
extern "C" {
#endif
diff --git a/src/daemon/modules/image/oci/oci_logout.h b/src/daemon/modules/image/oci/oci_logout.h
index 81f0196c..c0a9bb8b 100644
--- a/src/daemon/modules/image/oci/oci_logout.h
+++ b/src/daemon/modules/image/oci/oci_logout.h
@@ -15,8 +15,6 @@
#ifndef DAEMON_MODULES_IMAGE_OCI_OCI_LOGOUT_H
#define DAEMON_MODULES_IMAGE_OCI_OCI_LOGOUT_H
-#include <stdbool.h>
-
#ifdef __cplusplus
extern "C" {
#endif
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c
index 6908ccc2..abd625f7 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c
+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c
@@ -2122,7 +2122,6 @@ static int pack_repo_digest(char ***old_repo_digests, const char **image_tags, c
}
for (i = 0; i < util_array_len((const char **)*repo_digests); i++) {
- bool value = true;
if (!map_replace(digest_map, (void *)(*repo_digests)[i], &value)) {
ERROR("Failed to insert pair to digest map: %s", (*repo_digests)[i]);
ret = -1;
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.h b/src/daemon/modules/image/oci/storage/image_store/image_store.h
index 019a2881..4544f84b 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_store.h
+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.h
@@ -29,8 +29,6 @@
#include "isula_libutils/imagetool_images_list.h"
#include "isula_libutils/imagetool_image_summary.h"
-struct storage_module_init_options;
-
#ifdef __cplusplus
extern "C" {
#endif
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
index 5f8d6c56..046dd333 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
@@ -106,7 +106,6 @@ static int handle_dm_min_free_space(char *val, struct device_set *devset)
{
long converted = 0;
int ret = util_parse_percent_string(val, &converted);
-
if (ret != 0 || converted >= 100) {
ERROR("Invalid min free space: '%s': %s", val, strerror(-ret));
isulad_set_error_message("Invalid min free space: '%s': %s", val, strerror(-ret));
@@ -292,7 +291,8 @@ static char *deviceset_meta_file(const struct device_set *devset)
return file;
}
-// get_dm_name return value format:container-253:0-409697-401641a00390ccd2b21eb464f5eb5a7b735c3731b717e7bffafe65971f4cb498
+// get_dm_name return value format:
+// container-253:0-409697-401641a00390ccd2b21eb464f5eb5a7b735c3731b717e7bffafe65971f4cb498
static char *get_dm_name(const struct device_set *devset, const char *hash)
{
int nret = 0;
@@ -311,7 +311,8 @@ static char *get_dm_name(const struct device_set *devset, const char *hash)
return util_strdup_s(buff);
}
-// get_dev_name return value fromat:/dev/mapper/container-253:0-409697-401641a00390ccd2b21eb464f5eb5a7b735c3731b717e7bffafe65971f4cb498
+// get_dev_name return value fromat:
+// /dev/mapper/container-253:0-409697-401641a00390ccd2b21eb464f5eb5a7b735c3731b717e7bffafe65971f4cb498
static char *get_dev_name(const char *name)
{
return util_string_append(name, DEVMAPPER_DECICE_DIRECTORY);
@@ -2350,7 +2351,6 @@ static int setup_base_image(struct device_set *devset)
devmapper_device_info_t *device_info = NULL;
device_info = lookup_device(devset, "base");
-
// base image already exists. If it is initialized properly, do UUID
// verification and return. Otherwise remove image and set it up
// fresh.
@@ -2503,7 +2503,6 @@ static void cleanup_deleted_devices(struct graphdriver *driver)
goto unlock_driver;
}
-
if (driver->devset->nr_deleted_devices == 0) {
DEBUG("devmapper: no devices to delete");
goto unlock_devset;
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.h b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.h
index ec985e40..d7f7d184 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.h
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.h
@@ -23,10 +23,7 @@
#include "driver.h"
#include "metadata_store.h"
-
-struct device_set;
-struct driver_mount_opts;
-struct graphdriver;
+#include "devices_constants.h"
#ifdef __cplusplus
extern "C" {
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.h b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.h
index 9ee020de..dca2d614 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.h
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.h
@@ -16,22 +16,18 @@
#define DAEMON_MODULES_IMAGE_OCI_STORAGE_LAYER_STORE_GRAPHDRIVER_DEVMAPPER_DRIVER_DEVMAPPER_H
#include <pthread.h>
-#include <isula_libutils/imagetool_fs_info.h>
-#include <isula_libutils/json_common.h>
#include <stdbool.h>
#include <stddef.h>
#include <stdint.h>
+#include <isula_libutils/imagetool_fs_info.h>
+#include <isula_libutils/json_common.h>
+#include <isula_libutils/image_devmapper_transaction.h>
+#include <isula_libutils/image_devmapper_deviceset_metadata.h>
#include "driver.h"
#include "map.h"
-#include "isula_libutils/image_devmapper_transaction.h"
-#include "isula_libutils/image_devmapper_deviceset_metadata.h"
-
-struct driver_create_opts;
-struct driver_mount_opts;
-struct graphdriver;
-struct graphdriver_status;
-struct io_read_wrapper;
+#include "image_api.h"
+#include "io_wrapper.h"
#ifdef __cplusplus
extern "C" {
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.h b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.h
index 01771a3b..4b2ae82b 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.h
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.h
@@ -24,8 +24,6 @@
#include "driver.h"
-struct dm_task;
-
#ifdef __cplusplus
extern "C" {
#endif
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c
index 29223700..71cbbe1c 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c
@@ -1,5 +1,5 @@
/******************************************************************************
- * Copyright (c) Huawei Technologies Co., Ltd. 2017-2019. All rights reserved.
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
* iSulad licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.h b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.h
index acd847cc..2fcfa12b 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.h
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.h
@@ -1,5 +1,5 @@
/******************************************************************************
- * Copyright (c) Huawei Technologies Co., Ltd. 2019. All rights reserved.
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
* iSulad licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
@@ -20,25 +20,42 @@
#include <stddef.h>
#include <pthread.h>
#include <isula_libutils/imagetool_fs_info.h>
+#include <isula_libutils/container_inspect.h>
+#include <isula_libutils/json_common.h>
-#include "isula_libutils/container_inspect.h"
-#include "isula_libutils/json_common.h"
#include "io_wrapper.h"
#include "driver_overlay2_types.h"
#include "devices_constants.h"
#include "storage.h"
#include "image_api.h"
-#include "isula_libutils/container_inspect.h"
-
-struct graphdriver_status;
-struct io_read_wrapper;
-struct storage_module_init_options;
#ifdef __cplusplus
extern "C" {
#endif
-struct graphdriver;
+struct graphdriver {
+ // common implement
+ const struct graphdriver_ops *ops;
+ const char *name;
+ const char *home;
+ char *backing_fs;
+ bool support_dtype;
+
+ bool support_quota;
+#ifdef ENABLE_REMOTE_LAYER_STORE
+ bool enable_remote_layer;
+#endif
+ struct pquota_control *quota_ctrl;
+
+ // options for overlay2
+ struct overlay_options *overlay_opts;
+
+ // options for device mapper
+ struct device_set *devset;
+
+ // lock to protect graphdriver between cleanup and other operations
+ pthread_rwlock_t rwlock;
+};
struct driver_create_opts {
char *mount_label;
@@ -81,30 +98,6 @@ struct graphdriver_ops {
int (*get_layer_fs_info)(const char *id, const struct graphdriver *driver, imagetool_fs_info *fs_info);
};
-struct graphdriver {
- // common implement
- const struct graphdriver_ops *ops;
- const char *name;
- const char *home;
- char *backing_fs;
- bool support_dtype;
-
- bool support_quota;
-#ifdef ENABLE_REMOTE_LAYER_STORE
- bool enable_remote_layer;
-#endif
- struct pquota_control *quota_ctrl;
-
- // options for overlay2
- struct overlay_options *overlay_opts;
-
- // options for device mapper
- struct device_set *devset;
-
- // lock to protect graphdriver between cleanup and other operations
- pthread_rwlock_t rwlock;
-};
-
int graphdriver_init(const struct storage_module_init_options *opts);
int graphdriver_create_rw(const char *id, const char *parent, struct driver_create_opts *create_opts);
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
index 2a209626..469a2367 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
@@ -643,7 +643,6 @@ const static int check_lower_depth(const char *lowers_str)
lowers_arr = util_string_split(lowers_str, ':');
lowers_size = util_array_len((const char **)lowers_arr);
-
if (lowers_size > OVERLAY_LAYER_MAX_DEPTH) {
ERROR("Max depth exceeded %s", lowers_str);
ret = -1;
@@ -1268,7 +1267,6 @@ static int append_rel_empty_path(const char *id, char ***rel_lowers)
char *rel_path = NULL;
rel_path = util_string_append("/empty", id);
-
if (util_array_append(rel_lowers, rel_path) != 0) {
SYSERROR("Can't append relative layer:%s", rel_path);
ret = -1;
@@ -2166,7 +2164,6 @@ int overlay2_repair_lowers(const char *id, const char *parent, const struct grap
lowers_str = read_layer_lower_file(layer_dir);
lowers_arr = util_string_split(lowers_str, ':');
lowers_size = util_array_len((const char **)lowers_arr);
-
if (lowers_size != 0) {
if (check_lower_valid(driver->home, lowers_arr[0]) == 0) {
DEBUG("Try to repair layer %s, success check", id);
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.h b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.h
index 438c508e..444c0670 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.h
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.h
@@ -22,12 +22,8 @@
#include <stdint.h>
#include "driver.h"
-
-struct driver_create_opts;
-struct driver_mount_opts;
-struct graphdriver;
-struct graphdriver_status;
-struct io_read_wrapper;
+#include "image_api.h"
+#include "io_wrapper.h"
#ifdef __cplusplus
extern "C" {
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.h b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.h
index 94230faa..6cda7456 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.h
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.h
@@ -33,7 +33,6 @@
#include <fcntl.h>
#include <stdlib.h>
#include <inttypes.h>
-#include <linux/magic.h>
#include <linux/dqblk_xfs.h>
#include <errno.h>
#include <libgen.h>
diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
index 6db590e3..87df8160 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
@@ -886,7 +886,6 @@ static int caculate_playload(struct archive *ar, char **result)
bool empty = true;
ctab = new_isula_crc_table(ISO_POLY);
-
if (ctab == NULL) {
return -1;
}
diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.h b/src/daemon/modules/image/oci/storage/layer_store/layer_store.h
index 20287119..eba406d4 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.h
+++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.h
@@ -24,10 +24,6 @@
#include "storage.h"
#include "io_wrapper.h"
-struct io_read_wrapper;
-struct layer_list;
-struct storage_module_init_options;
-
#ifdef __cplusplus
extern "C" {
#endif
diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c b/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c
index 38d9b0ce..86e05ac2 100644
--- a/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c
+++ b/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c
@@ -185,7 +185,6 @@ static int remove_one_remote_overlay_layer(struct remote_overlay_data *data, con
}
link_id = (char *)map_search(overlay_id_link, (void *)overlay_id);
-
if (link_id == NULL) {
ERROR("Failed to find link id for overlay layer: %s", overlay_id);
ret = -1;
diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c
index b1ac2156..69022073 100644
--- a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c
+++ b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c
@@ -1,5 +1,5 @@
/******************************************************************************
- * Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved.
+ * Copyright (c) Huawei Technologies Co., Ltd. 2023. All rights reserved.
* iSulad licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.h b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.h
index 30e3ebb0..545cbe49 100644
--- a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.h
+++ b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.h
@@ -1,5 +1,5 @@
/******************************************************************************
- * Copyright (c) Huawei Technologies Co., Ltd. 2020-2023. All rights reserved.
+ * Copyright (c) Huawei Technologies Co., Ltd. 2023. All rights reserved.
* iSulad licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
diff --git a/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.h b/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.h
index 63f3294b..d618c401 100644
--- a/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.h
+++ b/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.h
@@ -24,10 +24,6 @@
#include "storage.h"
#include "rootfs.h"
-struct rootfs_list;
-struct storage_module_init_options;
-struct storage_rootfs_options;
-
#ifdef __cplusplus
extern "C" {
#endif
--
2.40.1

1084
0126-2154-fix-code-bug.patch Normal file
View File

File diff suppressed because it is too large Load Diff

25
0127-2157-bugfix-for-memset.patch Normal file
View File

@ -0,0 +1,25 @@
From 306604b3a93e95b6146bf0cd75cf8c826d9ebd1c Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 29 Aug 2023 13:18:34 +0000
Subject: [PATCH 127/145] !2157 bugfix for memset * bugfix for memset
---
src/daemon/modules/image/image_rootfs_handler.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/daemon/modules/image/image_rootfs_handler.c b/src/daemon/modules/image/image_rootfs_handler.c
index 990c2720..915c8a33 100644
--- a/src/daemon/modules/image/image_rootfs_handler.c
+++ b/src/daemon/modules/image/image_rootfs_handler.c
@@ -137,7 +137,7 @@ static int proc_by_fpasswd(FILE *f_passwd, const char *user, defs_process_user *
out:
memset(buf, 0, sizeof(buf));
- memset(pwbufp, 0, sizeof(struct passwd));
+ memset(&pw, 0, sizeof(struct passwd));
return ret;
}
--
2.40.1

223
0128-2159-use-macros-to-isolate-the-password-option-of-lo.patch Normal file
View File

@ -0,0 +1,223 @@
From d9429fd11a6da29fec87e927360521059bd5728c Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 30 Aug 2023 09:56:29 +0000
Subject: [PATCH 128/145] !2159 use macros to isolate the password option of
login and the plugin module * use macros to isolate the password option of
login and the plugin module
---
cmake/options.cmake | 14 ++++++++++
src/cmd/isula/images/login.h | 28 +++++++++++++------
src/cmd/isulad/main.c | 2 ++
.../executor/container_cb/execution_create.c | 2 ++
src/daemon/modules/CMakeLists.txt | 13 +++++++--
src/daemon/modules/api/CMakeLists.txt | 3 ++
.../container/container_events_handler.c | 2 ++
.../modules/service/service_container.c | 4 +++
8 files changed, 57 insertions(+), 11 deletions(-)
diff --git a/cmake/options.cmake b/cmake/options.cmake
index d8b88dec..1b6caa2b 100644
--- a/cmake/options.cmake
+++ b/cmake/options.cmake
@@ -103,6 +103,20 @@ if (ENABLE_SHIM_V2 STREQUAL "ON")
message("${Green}-- Enable shim v2 runtime${ColourReset}")
endif()
+option(ENABLE_PLUGIN "enable plugin module" OFF)
+if (ENABLE_PLUGIN STREQUAL "ON")
+ add_definitions(-DENABLE_PLUGIN=1)
+ set(ENABLE_PLUGIN 1)
+ message("${Green}-- Enable plugin module${ColourReset}")
+endif()
+
+option(ENABLE_LOGIN_PASSWORD_OPTION "enable login password option" ON)
+if (ENABLE_LOGIN_PASSWORD_OPTION STREQUAL "ON")
+ add_definitions(-DENABLE_LOGIN_PASSWORD_OPTION=1)
+ set(ENABLE_LOGIN_PASSWORD_OPTION 1)
+ message("${Green}-- Enable login password option${ColourReset}")
+endif()
+
option(EANBLE_IMAGE_LIBARAY "create libisulad_image.so" ON)
if (EANBLE_IMAGE_LIBARAY STREQUAL "ON")
add_definitions(-DEANBLE_IMAGE_LIBARAY)
diff --git a/src/cmd/isula/images/login.h b/src/cmd/isula/images/login.h
index 5f9a676c..38829cba 100644
--- a/src/cmd/isula/images/login.h
+++ b/src/cmd/isula/images/login.h
@@ -24,16 +24,28 @@
extern "C" {
#endif
+#ifdef ENABLE_LOGIN_PASSWORD_OPTION
#define LOGIN_OPTIONS(cmdargs) \
- { CMD_OPT_TYPE_STRING_DUP, false, "username", 'u', &(cmdargs).username, "Username", NULL }, \
- { CMD_OPT_TYPE_STRING_DUP, false, "password", 'p', &(cmdargs).password, "Password", NULL }, \
- { CMD_OPT_TYPE_BOOL, \
- false, \
- "password-stdin", \
- 0, \
- &(cmdargs).password_stdin, \
- "Take the password from stdin", \
+ { CMD_OPT_TYPE_STRING_DUP, false, "username", 'u', &(cmdargs).username, "Username", NULL }, \
+ { CMD_OPT_TYPE_STRING_DUP, false, "password", 'p', &(cmdargs).password, "Password", NULL }, \
+ { CMD_OPT_TYPE_BOOL, \
+ false, \
+ "password-stdin", \
+ 0, \
+ &(cmdargs).password_stdin, \
+ "Take the password from stdin", \
NULL },
+#else
+#define LOGIN_OPTIONS(cmdargs) \
+ { CMD_OPT_TYPE_STRING_DUP, false, "username", 'u', &(cmdargs).username, "Username", NULL }, \
+ { CMD_OPT_TYPE_BOOL, \
+ false, \
+ "password-stdin", \
+ 0, \
+ &(cmdargs).password_stdin, \
+ "Take the password from stdin", \
+ NULL },
+#endif
extern const char g_cmd_login_desc[];
extern const char g_cmd_login_usage[];
diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c
index 8c8fcc40..7b337358 100644
--- a/src/cmd/isulad/main.c
+++ b/src/cmd/isulad/main.c
@@ -1623,10 +1623,12 @@ int main(int argc, char **argv)
goto failure;
}
+#ifdef ENABLE_PLUGIN
if (start_plugin_manager()) {
msg = "Failed to init plugin_manager";
goto failure;
}
+#endif
clock_gettime(CLOCK_MONOTONIC, &t_end);
use_time = (double)(t_end.tv_sec - t_start.tv_sec) * (double)1000000000 + (double)(t_end.tv_nsec - t_start.tv_nsec);
diff --git a/src/daemon/executor/container_cb/execution_create.c b/src/daemon/executor/container_cb/execution_create.c
index 7e0d681c..d5e54aaf 100644
--- a/src/daemon/executor/container_cb/execution_create.c
+++ b/src/daemon/executor/container_cb/execution_create.c
@@ -1487,6 +1487,7 @@ int container_create_cb(const container_create_request *request, container_creat
goto clean_netns;
}
+#ifdef ENABLE_PLUGIN
/* modify oci_spec by plugin. */
if (plugin_event_container_pre_create(id, oci_spec) != 0) {
ERROR("Plugin event pre create failed");
@@ -1494,6 +1495,7 @@ int container_create_cb(const container_create_request *request, container_creat
cc = ISULAD_ERR_EXEC;
goto clean_netns;
}
+#endif
host_channel = dup_host_channel(host_spec->host_channel);
if (prepare_host_channel(host_channel, host_spec->user_remap)) {
diff --git a/src/daemon/modules/CMakeLists.txt b/src/daemon/modules/CMakeLists.txt
index c5b6987c..35a5886d 100644
--- a/src/daemon/modules/CMakeLists.txt
+++ b/src/daemon/modules/CMakeLists.txt
@@ -3,7 +3,6 @@
aux_source_directory(${CMAKE_CURRENT_SOURCE_DIR} modules_top_srcs)
add_subdirectory(runtime)
add_subdirectory(image)
-add_subdirectory(plugin)
add_subdirectory(spec)
add_subdirectory(container)
add_subdirectory(log)
@@ -17,7 +16,6 @@ set(local_modules_srcs
${modules_top_srcs}
${RUNTIME_SRCS}
${IMAGE_SRCS}
- ${PLUGIN_SRCS}
${SPEC_SRCS}
${MANAGER_SRCS}
${LOG_GATHER_SRCS}
@@ -31,7 +29,6 @@ set(local_modules_incs
${CMAKE_CURRENT_SOURCE_DIR}
${RUNTIME_INCS}
${IMAGE_INCS}
- ${PLUGIN_INCS}
${SPEC_INCS}
${MANAGER_INCS}
${LOG_GATHER_INCS}
@@ -42,6 +39,16 @@ set(local_modules_incs
${VOLUME_INCS}
)
+if (ENABLE_PLUGIN)
+ add_subdirectory(plugin)
+ list(APPEND local_modules_srcs
+ ${PLUGIN_SRCS}
+ )
+ list(APPEND local_modules_incs
+ ${PLUGIN_INCS}
+ )
+endif()
+
set(MODULES_SRCS
${local_modules_srcs}
PARENT_SCOPE
diff --git a/src/daemon/modules/api/CMakeLists.txt b/src/daemon/modules/api/CMakeLists.txt
index f577c45f..0735b25a 100644
--- a/src/daemon/modules/api/CMakeLists.txt
+++ b/src/daemon/modules/api/CMakeLists.txt
@@ -9,3 +9,6 @@ set(MODULES_API_INCS
PARENT_SCOPE
)
+if (NOT ENABLE_PLUGIN)
+ list(REMOVE_ITEM MODULES_API_INCS "${CMAKE_CURRENT_SOURCE_DIR}/plugin_api.h")
+endif()
diff --git a/src/daemon/modules/container/container_events_handler.c b/src/daemon/modules/container/container_events_handler.c
index d78e6fc1..d56c2ee0 100644
--- a/src/daemon/modules/container/container_events_handler.c
+++ b/src/daemon/modules/container/container_events_handler.c
@@ -155,7 +155,9 @@ static int container_state_changed(container_t *cont, const struct isulad_events
} else {
container_state_set_stopped(cont->state, (int)events->exit_status);
container_wait_stop_cond_broadcast(cont);
+#ifdef ENABLE_PLUGIN
plugin_event_container_post_stop(cont);
+#endif
}
auto_remove = !should_restart && cont->hostconfig != NULL && cont->hostconfig->auto_remove;
diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
index f278d8ab..5d8fdf6c 100644
--- a/src/daemon/modules/service/service_container.c
+++ b/src/daemon/modules/service/service_container.c
@@ -798,12 +798,14 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo
open_stdin = cont->common_config->config->open_stdin;
}
+#ifdef ENABLE_PLUGIN
if (plugin_event_container_pre_start(cont)) {
ERROR("Plugin event pre start failed ");
plugin_event_container_post_stop(cont); /* ignore error */
ret = -1;
goto close_exit_fd;
}
+#endif
create_params.bundle = bundle;
create_params.state = cont->state_path;
@@ -1257,7 +1259,9 @@ int delete_container(container_t *cont, bool force)
}
}
+#ifdef ENABLE_PLUGIN
plugin_event_container_post_remove(cont);
+#endif
ret = do_delete_container(cont);
if (ret != 0) {
--
2.40.1

1184
0129-2160-Fix-nullptr-in-src-daemon-entry.patch Normal file
View File

File diff suppressed because it is too large Load Diff

25
0130-2161-bugfix-for-api-cmakelist.patch Normal file
View File

@ -0,0 +1,25 @@
From c7faa6e8a0c26662f8f52a24af9e73725214569f Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Thu, 31 Aug 2023 01:55:41 +0000
Subject: [PATCH 130/145] !2161 bugfix for api cmakelist * bugfix for api
cmakelist
---
src/daemon/modules/api/CMakeLists.txt | 4 ----
1 file changed, 4 deletions(-)
diff --git a/src/daemon/modules/api/CMakeLists.txt b/src/daemon/modules/api/CMakeLists.txt
index 0735b25a..357566fa 100644
--- a/src/daemon/modules/api/CMakeLists.txt
+++ b/src/daemon/modules/api/CMakeLists.txt
@@ -8,7 +8,3 @@ set(MODULES_API_INCS
${CMAKE_CURRENT_SOURCE_DIR}
PARENT_SCOPE
)
-
-if (NOT ENABLE_PLUGIN)
- list(REMOVE_ITEM MODULES_API_INCS "${CMAKE_CURRENT_SOURCE_DIR}/plugin_api.h")
-endif()
--
2.40.1

927
0131-2164-add-bind-mount-file-lock.patch Normal file
View File

@ -0,0 +1,927 @@
From e5ebe1c840eacd84816a02a2dd3f35ab892ddf58 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Thu, 31 Aug 2023 13:10:12 +0000
Subject: [PATCH 131/145] !2164 add bind mount file lock * add bind mount file
lock
---
src/cmd/isula/stream/cp.c | 66 ++++++-
src/cmd/isulad/main.c | 51 ++++++
src/common/constants.h | 4 +
.../executor/container_cb/execution_stream.c | 23 ++-
src/daemon/modules/image/oci/oci_export.c | 13 +-
src/daemon/modules/image/oci/oci_load.c | 13 +-
.../graphdriver/devmapper/driver_devmapper.c | 12 +-
.../graphdriver/overlay2/driver_overlay2.c | 12 +-
src/utils/tar/isulad_tar.c | 16 +-
src/utils/tar/isulad_tar.h | 4 +-
src/utils/tar/util_archive.c | 163 +++++++++++++++---
src/utils/tar/util_archive.h | 8 +-
12 files changed, 333 insertions(+), 52 deletions(-)
diff --git a/src/cmd/isula/stream/cp.c b/src/cmd/isula/stream/cp.c
index f0cd99c9..b1e3bbd6 100644
--- a/src/cmd/isula/stream/cp.c
+++ b/src/cmd/isula/stream/cp.c
@@ -73,6 +73,44 @@ static void print_copy_from_container_error(const char *ops_err, const char *arc
}
}
+static int client_get_root_dir(const isula_connect_ops *ops, const client_connect_config_t *config, char **root_dir)
+{
+ int ret = 0;
+ struct isula_info_request request = { 0 };
+ struct isula_info_response *response = NULL;
+
+ response = util_common_calloc_s(sizeof(struct isula_info_response));
+ if (response == NULL) {
+ COMMAND_ERROR("Info: Out of memory");
+ return -1;
+ }
+
+ if (!ops->container.info) {
+ COMMAND_ERROR("Unimplemented info op");
+ ret = -1;
+ goto out;
+ }
+
+ ret = ops->container.info(&request, response, (void *)config);
+ if (ret != 0) {
+ client_print_error(response->cc, response->server_errono, response->errmsg);
+ ret = -1;
+ goto out;
+ }
+
+ if (response->isulad_root_dir == NULL) {
+ COMMAND_ERROR("None root dir");
+ ret = -1;
+ goto out;
+ }
+
+ *root_dir = util_strdup_s(response->isulad_root_dir);
+
+out:
+ isula_info_response_free(response);
+ return ret;
+}
+
static int client_copy_from_container(const struct client_arguments *args, const char *id, const char *srcpath,
const char *destpath)
{
@@ -84,6 +122,7 @@ static int client_copy_from_container(const struct client_arguments *args, const
char *archive_err = NULL;
char *ops_err = NULL;
char *resolved = NULL;
+ char *root_dir = NULL;
struct archive_copy_info *srcinfo = NULL;
client_connect_config_t config;
@@ -92,18 +131,24 @@ static int client_copy_from_container(const struct client_arguments *args, const
COMMAND_ERROR("Unimplemented copy from container operation");
return -1;
}
+ config = get_connect_config(args);
+
+ ret = client_get_root_dir(ops, &config, &root_dir);
+ if (ret != 0) {
+ return -1;
+ }
response = util_common_calloc_s(sizeof(struct isula_copy_from_container_response));
if (response == NULL) {
ERROR("Event: Out of memory");
- return -1;
+ ret = -1;
+ goto out;
}
request.id = (char *)id;
request.runtime = args->runtime;
request.srcpath = (char *)srcpath;
- config = get_connect_config(args);
ret = ops->container.copy_from_container(&request, response, &config);
if (ret) {
ops_err = (response->errmsg != NULL) ? util_strdup_s(response->errmsg) : NULL;
@@ -125,7 +170,7 @@ static int client_copy_from_container(const struct client_arguments *args, const
srcinfo->path = util_strdup_s(srcpath);
srcinfo->isdir = S_ISDIR(response->stat->mode);
- nret = archive_copy_to(&response->reader, srcinfo, resolved, &archive_err);
+ nret = archive_copy_to(&response->reader, srcinfo, resolved, root_dir, &archive_err);
if (nret != 0) {
ret = nret;
}
@@ -137,6 +182,7 @@ static int client_copy_from_container(const struct client_arguments *args, const
out:
print_copy_from_container_error(ops_err, archive_err, ret, args);
+ free(root_dir);
free(resolved);
free(archive_err);
free(ops_err);
@@ -167,6 +213,7 @@ static int client_copy_to_container(const struct client_arguments *args, const c
int nret = 0;
char *archive_err = NULL;
char *resolved = NULL;
+ char *root_dir = NULL;
struct archive_copy_info *srcinfo = NULL;
struct io_read_wrapper archive_reader = { 0 };
client_connect_config_t config = { 0 };
@@ -176,11 +223,18 @@ static int client_copy_to_container(const struct client_arguments *args, const c
COMMAND_ERROR("Unimplemented copy to container operation");
return -1;
}
+ config = get_connect_config(args);
+
+ ret = client_get_root_dir(ops, &config, &root_dir);
+ if (ret != 0) {
+ return -1;
+ }
response = util_common_calloc_s(sizeof(struct isula_copy_to_container_response));
if (response == NULL) {
ERROR("Event: Out of memory");
- return -1;
+ ret = -1;
+ goto out;
}
request.id = (char *)id;
@@ -199,7 +253,7 @@ static int client_copy_to_container(const struct client_arguments *args, const c
goto out;
}
- nret = tar_resource(srcinfo, &archive_reader, &archive_err);
+ nret = tar_resource(srcinfo, root_dir, &archive_reader, &archive_err);
if (nret != 0) {
ret = -1;
goto out;
@@ -212,7 +266,6 @@ static int client_copy_to_container(const struct client_arguments *args, const c
request.reader.read = archive_reader.read;
request.reader.close = archive_reader.close;
- config = get_connect_config(args);
ret = ops->container.copy_to_container(&request, response, &config);
// archive reader close if copy to container failed
@@ -223,6 +276,7 @@ static int client_copy_to_container(const struct client_arguments *args, const c
out:
print_copy_to_container_error(response, archive_err, ret, args);
+ free(root_dir);
free(resolved);
free(archive_err);
free_archive_copy_info(srcinfo);
diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c
index 7b337358..4c057065 100644
--- a/src/cmd/isulad/main.c
+++ b/src/cmd/isulad/main.c
@@ -72,6 +72,7 @@
#include "utils_file.h"
#include "utils_string.h"
#include "utils_verify.h"
+#include "path.h"
#include "volume_api.h"
#ifndef DISABLE_CLEANUP
#include "leftover_cleanup_api.h"
@@ -1374,6 +1375,50 @@ out:
return ret;
}
+static int create_mount_flock_file(const struct service_arguments *args)
+{
+ int nret = 0;
+ int fd = -1;
+ char path[PATH_MAX] = { 0 };
+ char cleanpath[PATH_MAX] = { 0 };
+
+ nret = snprintf(path, PATH_MAX, "%s/%s", args->json_confs->graph, MOUNT_FLOCK_FILE_PATH);
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
+ ERROR("Failed to snprintf");
+ return -1;
+ }
+
+ if (util_clean_path(path, cleanpath, sizeof(cleanpath)) == NULL) {
+ ERROR("clean path for %s failed", path);
+ return -1;
+ }
+
+ if (util_fileself_exists(cleanpath)) {
+ int err = 0;
+ // recreate mount flock file
+ // and make file uid/gid and permission correct
+ if (!util_force_remove_file(cleanpath, &err)) {
+ ERROR("Failed to delete %s, error: %s. Please delete %s manually.", path, strerror(err), path);
+ return -1;
+ }
+ }
+
+ fd = util_open(cleanpath, O_RDWR | O_CREAT, MOUNT_FLOCK_FILE_MODE);
+ if (fd < 0) {
+ ERROR("Failed to create file %s", cleanpath);
+ return -1;
+ }
+ close(fd);
+
+ nret = util_set_file_group(cleanpath, args->json_confs->group);
+ if (nret < 0) {
+ ERROR("set group of the path %s failed", cleanpath);
+ return -1;
+ }
+
+ return 0;
+}
+
static int isulad_server_init_service()
{
int ret = -1;
@@ -1404,6 +1449,12 @@ static int isulad_server_init_service()
goto unlock_out;
}
+ ret = create_mount_flock_file(args);
+ if (ret != 0) {
+ ERROR("Failed to create mount flock file");
+ goto unlock_out;
+ }
+
unlock_out:
if (isulad_server_conf_unlock()) {
ret = -1;
diff --git a/src/common/constants.h b/src/common/constants.h
index e968d8cd..6988e25b 100644
--- a/src/common/constants.h
+++ b/src/common/constants.h
@@ -68,6 +68,8 @@ extern "C" {
#define DEFAULT_HIGHEST_DIRECTORY_MODE 0755
+#define MOUNT_FLOCK_FILE_MODE 0660
+
#define ISULAD_CONFIG SYSCONFDIR_PREFIX"/etc/isulad"
#define ISULAD_DAEMON_CONTAINER_CONTEXTS ISULAD_CONFIG "/container_contexts"
@@ -119,6 +121,8 @@ extern "C" {
#define OCI_VERSION "1.0.1"
#endif
+#define MOUNT_FLOCK_FILE_PATH "isulad-chroot-mount.flock"
+
#define OCI_IMAGE_GRAPH_ROOTPATH_NAME "storage"
#ifdef ENABLE_GRPC_REMOTE_CONNECT
diff --git a/src/daemon/executor/container_cb/execution_stream.c b/src/daemon/executor/container_cb/execution_stream.c
index 32721e68..244ec6a0 100644
--- a/src/daemon/executor/container_cb/execution_stream.c
+++ b/src/daemon/executor/container_cb/execution_stream.c
@@ -62,6 +62,7 @@
#include "utils.h"
#include "utils_file.h"
#include "utils_verify.h"
+#include "isulad_config.h"
#if defined (__ANDROID__) || defined(__MUSL__)
#define SIG_CANCEL_SIGNAL SIGUSR1
@@ -442,6 +443,7 @@ static int archive_and_send_copy_data(const stream_func_wrapper *stream,
char *absbase = NULL;
char *err = NULL;
char *buf = NULL;
+ char *root_dir = NULL;
char cleaned[PATH_MAX + 2] = { 0 };
struct io_read_wrapper reader = { 0 };
char *tar_path = NULL;
@@ -474,9 +476,15 @@ static int archive_and_send_copy_data(const stream_func_wrapper *stream,
goto cleanup;
}
+ root_dir = conf_get_isulad_rootdir();
+ if (root_dir == NULL) {
+ ERROR("Failed to get isulad rootdir");
+ goto cleanup;
+ }
+
DEBUG("archive chroot tar stream container_fs(%s) srcdir(%s) relative(%s) srcbase(%s) absbase(%s)",
container_fs, srcdir, tar_path, srcbase, absbase);
- nret = archive_chroot_tar_stream(container_fs, tar_path, srcbase, absbase, &reader);
+ nret = archive_chroot_tar_stream(container_fs, tar_path, srcbase, absbase, root_dir, &reader);
if (nret != 0) {
ERROR("Archive %s failed", resolvedpath);
goto cleanup;
@@ -504,6 +512,7 @@ cleanup:
free(srcdir);
free(srcbase);
free(absbase);
+ free(root_dir);
if (reader.close != NULL) {
int cret = reader.close(reader.context, &err);
if (err != NULL) {
@@ -776,15 +785,25 @@ static int read_and_extract_archive(stream_func_wrapper *stream, const char *con
{
int ret = -1;
char *err = NULL;
+ char *root_dir = NULL;
struct io_read_wrapper content = { 0 };
content.context = stream;
content.read = extract_stream_to_io_read;
- ret = archive_chroot_untar_stream(&content, container_fs, dstdir_in_container, src_rebase, dst_rebase, &err);
+
+ root_dir = conf_get_isulad_rootdir();
+ if (root_dir == NULL) {
+ ERROR("Failed to get isulad rootdir");
+ isulad_set_error_message("Failed to get isulad rootdir");
+ return -1;
+ }
+
+ ret = archive_chroot_untar_stream(&content, container_fs, dstdir_in_container, src_rebase, dst_rebase, root_dir, &err);
if (ret != 0) {
ERROR("Can not untar to container: %s", (err != NULL) ? err : "unknown");
isulad_set_error_message("Can not untar to container: %s", (err != NULL) ? err : "unknown");
}
free(err);
+ free(root_dir);
return ret;
}
diff --git a/src/daemon/modules/image/oci/oci_export.c b/src/daemon/modules/image/oci/oci_export.c
index e27ed6d8..6bfcf4d5 100644
--- a/src/daemon/modules/image/oci/oci_export.c
+++ b/src/daemon/modules/image/oci/oci_export.c
@@ -23,6 +23,7 @@
#include "util_archive.h"
#include "path.h"
#include "utils_file.h"
+#include "isulad_config.h"
int oci_do_export(char *id, char *file)
{
@@ -30,6 +31,7 @@ int oci_do_export(char *id, char *file)
int ret2 = 0;
char *mount_point = NULL;
char *errmsg = NULL;
+ char *root_dir = NULL;
char cleanpath[PATH_MAX] = { 0 };
if (id == NULL || file == NULL) {
@@ -56,7 +58,15 @@ int oci_do_export(char *id, char *file)
return -1;
}
- ret = archive_chroot_tar(mount_point, cleanpath, &errmsg);
+ root_dir = conf_get_isulad_rootdir();
+ if (root_dir == NULL) {
+ ERROR("Failed to get isulad rootdir");
+ isulad_set_error_message("Failed to get isulad rootdir");
+ ret = -1;
+ goto out;
+ }
+
+ ret = archive_chroot_tar(mount_point, cleanpath, root_dir, &errmsg);
if (ret != 0) {
ERROR("failed to export container %s to file %s: %s", id, cleanpath, errmsg);
isulad_set_error_message("Failed to export rootfs with error: %s", errmsg);
@@ -68,6 +78,7 @@ out:
mount_point = NULL;
free(errmsg);
errmsg = NULL;
+ free(root_dir);
ret2 = storage_rootfs_umount(id, false);
if (ret2 != 0) {
diff --git a/src/daemon/modules/image/oci/oci_load.c b/src/daemon/modules/image/oci/oci_load.c
index a5b669cd..0d450bb6 100644
--- a/src/daemon/modules/image/oci/oci_load.c
+++ b/src/daemon/modules/image/oci/oci_load.c
@@ -42,6 +42,7 @@
#include "utils_file.h"
#include "utils_verify.h"
#include "oci_image.h"
+#include "isulad_config.h"
#define MANIFEST_BIG_DATA_KEY "manifest"
#define OCI_SCHEMA_VERSION 2
@@ -1051,6 +1052,7 @@ int oci_do_load(const im_load_request *request)
char *digest = NULL;
char *dstdir = NULL;
char *err = NULL;
+ char *root_dir = NULL;
if (request == NULL || request->file == NULL) {
ERROR("Invalid input arguments, cannot load image");
@@ -1071,8 +1073,16 @@ int oci_do_load(const im_load_request *request)
goto out;
}
+ root_dir = conf_get_isulad_rootdir();
+ if (root_dir == NULL) {
+ ERROR("Failed to get isulad rootdir");
+ isulad_try_set_error_message("Failed to get isulad rootdir");
+ ret = -1;
+ goto out;
+ }
+
options.whiteout_format = NONE_WHITEOUT_FORMATE;
- if (archive_unpack(&reader, dstdir, &options, &err) != 0) {
+ if (archive_unpack(&reader, dstdir, &options, root_dir, &err) != 0) {
ERROR("Failed to unpack to %s: %s", dstdir, err);
isulad_try_set_error_message("Failed to unpack to %s: %s", dstdir, err);
ret = -1;
@@ -1158,5 +1168,6 @@ out:
}
free(dstdir);
free(err);
+ free(root_dir);
return ret;
}
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c
index ca1b49df..0215fa6e 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c
@@ -33,6 +33,7 @@
#include "utils_file.h"
#include "utils_fs.h"
#include "utils_string.h"
+#include "isulad_config.h"
struct io_read_wrapper;
@@ -347,6 +348,7 @@ int devmapper_apply_diff(const char *id, const struct graphdriver *driver, const
int ret = 0;
struct archive_options options = { 0 };
char *err = NULL;
+ char *root_dir = NULL;
if (!util_valid_str(id) || driver == NULL || content == NULL) {
ERROR("invalid argument to apply diff with id(%s)", id);
@@ -367,8 +369,15 @@ int devmapper_apply_diff(const char *id, const struct graphdriver *driver, const
goto out;
}
+ root_dir = conf_get_isulad_rootdir();
+ if (root_dir == NULL) {
+ ERROR("Failed to get isulad rootdir");
+ ret = -1;
+ goto umount_out;
+ }
+
options.whiteout_format = REMOVE_WHITEOUT_FORMATE;
- if (archive_unpack(content, layer_fs, &options, &err) != 0) {
+ if (archive_unpack(content, layer_fs, &options, root_dir, &err) != 0) {
ERROR("devmapper: failed to unpack to %s: %s", layer_fs, err);
ret = -1;
goto umount_out;
@@ -385,6 +394,7 @@ out:
free_driver_mount_opts(mount_opts);
free(layer_fs);
free(err);
+ free(root_dir);
return ret;
}
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
index 469a2367..510bd079 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
@@ -45,6 +45,7 @@
#include "utils_timestamp.h"
#include "selinux_label.h"
#include "err_msg.h"
+#include "isulad_config.h"
#ifdef ENABLE_REMOTE_LAYER_STORE
#include "ro_symlink_maintain.h"
#endif
@@ -1883,6 +1884,7 @@ int overlay2_apply_diff(const char *id, const struct graphdriver *driver, const
char *layer_diff = NULL;
struct archive_options options = { 0 };
char *err = NULL;
+ char *root_dir = NULL;
if (id == NULL || driver == NULL || content == NULL) {
ERROR("invalid argument");
@@ -1916,7 +1918,14 @@ int overlay2_apply_diff(const char *id, const struct graphdriver *driver, const
}
#endif
- ret = archive_unpack(content, layer_diff, &options, &err);
+ root_dir = conf_get_isulad_rootdir();
+ if (root_dir == NULL) {
+ ERROR("Failed to get isulad rootdir");
+ ret = -1;
+ goto out;
+ }
+
+ ret = archive_unpack(content, layer_diff, &options, root_dir ,&err);
if (ret != 0) {
ERROR("Failed to unpack to %s: %s", layer_diff, err);
ret = -1;
@@ -1925,6 +1934,7 @@ int overlay2_apply_diff(const char *id, const struct graphdriver *driver, const
out:
free(err);
+ free(root_dir);
free(layer_dir);
free(layer_diff);
#ifdef ENABLE_USERNS_REMAP
diff --git a/src/utils/tar/isulad_tar.c b/src/utils/tar/isulad_tar.c
index 709dfdd9..751616e7 100644
--- a/src/utils/tar/isulad_tar.c
+++ b/src/utils/tar/isulad_tar.c
@@ -386,7 +386,7 @@ cleanup:
}
int archive_copy_to(const struct io_read_wrapper *content, const struct archive_copy_info *srcinfo,
- const char *dstpath, char **err)
+ const char *dstpath, const char *root_dir, char **err)
{
int ret = -1;
struct archive_copy_info *dstinfo = NULL;
@@ -394,7 +394,7 @@ int archive_copy_to(const struct io_read_wrapper *content, const struct archive_
char *src_base = NULL;
char *dst_base = NULL;
- if (err == NULL || dstpath == NULL || srcinfo == NULL || content == NULL) {
+ if (err == NULL || dstpath == NULL || srcinfo == NULL || content == NULL || root_dir == NULL) {
return -1;
}
@@ -410,7 +410,7 @@ int archive_copy_to(const struct io_read_wrapper *content, const struct archive_
goto cleanup;
}
- ret = archive_chroot_untar_stream(content, dstdir, ".", src_base, dst_base, err);
+ ret = archive_chroot_untar_stream(content, dstdir, ".", src_base, dst_base, root_dir, err);
cleanup:
free_archive_copy_info(dstinfo);
@@ -420,7 +420,7 @@ cleanup:
return ret;
}
-static int tar_resource_rebase(const char *path, const char *rebase, struct io_read_wrapper *archive_reader, char **err)
+static int tar_resource_rebase(const char *path, const char *rebase, const char *root_dir, struct io_read_wrapper *archive_reader, char **err)
{
int ret = -1;
int nret;
@@ -439,7 +439,7 @@ static int tar_resource_rebase(const char *path, const char *rebase, struct io_r
}
DEBUG("chroot tar stream srcdir(%s) srcbase(%s) rebase(%s)", srcdir, srcbase, rebase);
- nret = archive_chroot_tar_stream(srcdir, srcbase, srcbase, rebase, archive_reader);
+ nret = archive_chroot_tar_stream(srcdir, srcbase, srcbase, rebase, root_dir, archive_reader);
if (nret < 0) {
ERROR("Can not archive path: %s", path);
goto cleanup;
@@ -451,11 +451,11 @@ cleanup:
return ret;
}
-int tar_resource(const struct archive_copy_info *info, struct io_read_wrapper *archive_reader, char **err)
+int tar_resource(const struct archive_copy_info *info, const char *root_dir, struct io_read_wrapper *archive_reader, char **err)
{
- if (info == NULL || archive_reader == NULL || err == NULL) {
+ if (info == NULL || root_dir == NULL || archive_reader == NULL || err == NULL) {
return -1;
}
- return tar_resource_rebase(info->path, info->rebase_name, archive_reader, err);
+ return tar_resource_rebase(info->path, info->rebase_name, root_dir, archive_reader, err);
}
diff --git a/src/utils/tar/isulad_tar.h b/src/utils/tar/isulad_tar.h
index b620fd02..61edeaae 100644
--- a/src/utils/tar/isulad_tar.h
+++ b/src/utils/tar/isulad_tar.h
@@ -48,10 +48,10 @@ struct archive_copy_info *copy_info_source_path(const char *path, bool follow_li
char *prepare_archive_copy(const struct archive_copy_info *srcinfo, const struct archive_copy_info *dstinfo,
char **src_base, char **dst_base, char **err);
-int tar_resource(const struct archive_copy_info *info, struct io_read_wrapper *archive_reader, char **err);
+int tar_resource(const struct archive_copy_info *info, const char *root_dir, struct io_read_wrapper *archive_reader, char **err);
int archive_copy_to(const struct io_read_wrapper *content, const struct archive_copy_info *srcinfo,
- const char *dstpath, char **err);
+ const char *dstpath, const char *root_dir, char **err);
#ifdef __cplusplus
}
diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c
index a9d0025b..d5dabda9 100644
--- a/src/utils/tar/util_archive.c
+++ b/src/utils/tar/util_archive.c
@@ -23,6 +23,7 @@
#include <sys/stat.h>
#include <sys/mount.h>
#include <sys/capability.h>
+#include <sys/file.h>
#include <archive.h>
#include <archive_entry.h>
#include <errno.h>
@@ -78,6 +79,31 @@ static ssize_t read_content(struct archive *a, void *client_data, const void **b
return mydata->content->read(mydata->content->context, mydata->buff, sizeof(mydata->buff));
}
+static char *generate_flock_path(const char *root_dir)
+{
+ int nret = 0;
+ char path[PATH_MAX] = { 0 };
+ char cleanpath[PATH_MAX] = { 0 };
+
+ nret = snprintf(path, PATH_MAX, "%s/%s", root_dir, MOUNT_FLOCK_FILE_PATH);
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
+ ERROR("Failed to snprintf");
+ return NULL;
+ }
+
+ if (util_clean_path(path, cleanpath, sizeof(cleanpath)) == NULL) {
+ ERROR("clean path for %s failed", path);
+ return NULL;
+ }
+
+ if (!util_file_exists(cleanpath)) {
+ ERROR("flock file %s doesn't exist", cleanpath);
+ return NULL;
+ }
+
+ return util_strdup_s(cleanpath);
+}
+
static void do_disable_unneccessary_caps()
{
cap_t caps;
@@ -99,7 +125,61 @@ static void do_disable_unneccessary_caps()
cap_free(caps);
}
-static int make_safedir_is_noexec(const char *dstdir, char **safe_dir)
+// Add flock when bind mount and make it private.
+// Because bind mount usually makes safedir shared mount point,
+// and sometimes it will cause "mount point explosion".
+// E.g. concurrently execute isula cp /tmp/<XXX-File> <CONTAINER-ID>:<CONTAINER-PAT>
+static int bind_mount_with_flock(const char *flock_path, const char *dstdir, const char *tmp_dir)
+{
+ int fd = -1;
+ int ret = -1;
+
+ fd = open(flock_path, O_RDWR | O_CLOEXEC);
+ if (fd < 0) {
+ SYSERROR("Failed to open file %s", flock_path);
+ return -1;
+ }
+
+ if (flock(fd, LOCK_EX) != 0) {
+ SYSERROR("Failed to lock file %s", flock_path);
+ goto out;
+ }
+
+ if (mount(dstdir, tmp_dir, "none", MS_BIND, NULL) != 0) {
+ SYSERROR("Mount safe dir failed");
+ goto unlock_out;
+ }
+
+ if (mount(tmp_dir, tmp_dir, "none", MS_BIND | MS_REMOUNT | MS_NOEXEC, NULL) != 0) {
+ SYSERROR("Mount safe dir failed");
+ if (umount(tmp_dir) != 0) {
+ SYSERROR("Failed to umount target %s", tmp_dir);
+ }
+ goto unlock_out;
+ }
+
+ // Change the propagation type.
+ if (mount("", tmp_dir, "", MS_PRIVATE, "") != 0) {
+ SYSERROR("Failed to change the propagation type");
+ if (umount(tmp_dir) != 0) {
+ SYSERROR("Failed to umount target %s", tmp_dir);
+ }
+ goto unlock_out;
+ }
+
+ ret = 0;
+
+unlock_out:
+ if (flock(fd, LOCK_UN) != 0) {
+ SYSERROR("Failed to unlock file %s", flock_path);
+ }
+
+out:
+ close(fd);
+ return ret;
+}
+
+static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, char **safe_dir)
{
struct stat buf;
char *isulad_tmpdir_env = NULL;
@@ -151,19 +231,8 @@ static int make_safedir_is_noexec(const char *dstdir, char **safe_dir)
return -1;
}
- if (mount(dstdir, tmp_dir, "none", MS_BIND, NULL) != 0) {
- SYSERROR("Mount safe dir failed");
- if (util_path_remove(tmp_dir) != 0) {
- ERROR("Failed to remove path %s", tmp_dir);
- }
- return -1;
- }
-
- if (mount(tmp_dir, tmp_dir, "none", MS_BIND | MS_REMOUNT | MS_NOEXEC, NULL) != 0) {
- SYSERROR("Mount safe dir failed");
- if (umount(tmp_dir) != 0) {
- ERROR("Failed to umount target %s", tmp_dir);
- }
+ if (bind_mount_with_flock(flock_path, dstdir, tmp_dir) != 0) {
+ ERROR("Failed to bind mount from %s to %s with flock", dstdir, tmp_dir);
if (util_path_remove(tmp_dir) != 0) {
ERROR("Failed to remove path %s", tmp_dir);
}
@@ -718,7 +787,7 @@ static void set_child_process_pdeathsig(void)
}
int archive_unpack(const struct io_read_wrapper *content, const char *dstdir, const struct archive_options *options,
- char **errmsg)
+ const char *root_dir, char **errmsg)
{
int ret = 0;
pid_t pid = -1;
@@ -726,12 +795,24 @@ int archive_unpack(const struct io_read_wrapper *content, const char *dstdir, co
int pipe_stderr[2] = { -1, -1 };
char errbuf[BUFSIZ + 1] = { 0 };
char *safe_dir = NULL;
+ char *flock_path = NULL;
- if (make_safedir_is_noexec(dstdir, &safe_dir) != 0) {
- ERROR("Prepare safe dir failed");
+ if (content == NULL || dstdir == NULL || options == NULL || root_dir == NULL) {
return -1;
}
+ flock_path = generate_flock_path(root_dir);
+ if (flock_path == NULL) {
+ ERROR("Failed to generate flock path");
+ return -1;
+ }
+
+ if (make_safedir_is_noexec(flock_path, dstdir, &safe_dir) != 0) {
+ ERROR("Prepare safe dir failed");
+ ret = -1;
+ goto cleanup;
+ }
+
if (pipe2(pipe_stderr, O_CLOEXEC) != 0) {
ERROR("Failed to create pipe");
ret = -1;
@@ -811,6 +892,7 @@ cleanup:
ERROR("Failed to remove path %s", safe_dir);
}
free(safe_dir);
+ free(flock_path);
return ret;
}
@@ -1121,7 +1203,7 @@ static ssize_t fd_write(void *context, const void *data, size_t len)
return util_write_nointr(*(int *)context, data, len);
}
-int archive_chroot_tar(char *path, char *file, char **errmsg)
+int archive_chroot_tar(const char *path, const char *file, const char *root_dir, char **errmsg)
{
struct io_write_wrapper pipe_context = { 0 };
int ret = 0;
@@ -1131,12 +1213,24 @@ int archive_chroot_tar(char *path, char *file, char **errmsg)
char errbuf[BUFSIZ + 1] = { 0 };
int fd = 0;
char *safe_dir = NULL;
+ char *flock_path = NULL;
- if (make_safedir_is_noexec(path, &safe_dir) != 0) {
- ERROR("Prepare safe dir failed");
+ if (path == NULL || file == NULL || root_dir == NULL) {
return -1;
}
+ flock_path = generate_flock_path(root_dir);
+ if (flock_path == NULL) {
+ ERROR("Failed to generate flock path");
+ return -1;
+ }
+
+ if (make_safedir_is_noexec(flock_path, path, &safe_dir) != 0) {
+ ERROR("Prepare safe dir failed");
+ ret = -1;
+ goto cleanup;
+ }
+
if (pipe2(pipe_for_read, O_CLOEXEC) != 0) {
ERROR("Failed to create pipe");
ret = -1;
@@ -1227,6 +1321,7 @@ cleanup:
ERROR("Failed to remove path %s", safe_dir);
}
free(safe_dir);
+ free(flock_path);
return ret;
}
@@ -1347,7 +1442,7 @@ static int archive_context_close(void *context, char **err)
}
int archive_chroot_untar_stream(const struct io_read_wrapper *context, const char *chroot_dir, const char *untar_dir,
- const char *src_base, const char *dst_base, char **errmsg)
+ const char *src_base, const char *dst_base, const char *root_dir, char **errmsg)
{
struct io_read_wrapper pipe_context = { 0 };
int pipe_stream[2] = { -1, -1 };
@@ -1365,12 +1460,19 @@ int archive_chroot_untar_stream(const struct io_read_wrapper *context, const cha
.dst_base = dst_base
};
char *safe_dir = NULL;
+ char *flock_path = NULL;
- if (make_safedir_is_noexec(chroot_dir, &safe_dir) != 0) {
- ERROR("Prepare safe dir failed");
+ flock_path = generate_flock_path(root_dir);
+ if (flock_path == NULL) {
+ ERROR("Failed to generate flock path");
return -1;
}
+ if (make_safedir_is_noexec(flock_path, chroot_dir, &safe_dir) != 0) {
+ ERROR("Prepare safe dir failed");
+ goto cleanup;
+ }
+
if (pipe(pipe_stderr) != 0) {
ERROR("Failed to create pipe: %s", strerror(errno));
goto cleanup;
@@ -1478,12 +1580,13 @@ cleanup:
ERROR("Failed to remove path %s", safe_dir);
}
free(safe_dir);
+ free(flock_path);
return ret;
}
int archive_chroot_tar_stream(const char *chroot_dir, const char *tar_path, const char *src_base, const char *dst_base,
- struct io_read_wrapper *reader)
+ const char *root_dir, struct io_read_wrapper *reader)
{
struct io_write_wrapper pipe_context = { 0 };
int keepfds[] = { -1, -1, -1 };
@@ -1493,12 +1596,19 @@ int archive_chroot_tar_stream(const char *chroot_dir, const char *tar_path, cons
pid_t pid;
struct archive_context *ctx = NULL;
char *safe_dir = NULL;
+ char *flock_path = NULL;
- if (make_safedir_is_noexec(chroot_dir, &safe_dir) != 0) {
- ERROR("Prepare safe dir failed");
+ flock_path = generate_flock_path(root_dir);
+ if (flock_path == NULL) {
+ ERROR("Failed to generate flock path");
return -1;
}
+ if (make_safedir_is_noexec(flock_path, chroot_dir, &safe_dir) != 0) {
+ ERROR("Prepare safe dir failed");
+ goto free_out;
+ }
+
if (pipe(pipe_stderr) != 0) {
ERROR("Failed to create pipe: %s", strerror(errno));
goto free_out;
@@ -1602,6 +1712,7 @@ free_out:
close_archive_pipes_fd(pipe_stderr, 2);
close_archive_pipes_fd(pipe_stream, 2);
free(ctx);
+ free(flock_path);
if (safe_dir != NULL) {
if (umount(safe_dir) != 0) {
ERROR("Failed to umount target %s", safe_dir);
diff --git a/src/utils/tar/util_archive.h b/src/utils/tar/util_archive.h
index 9312235d..be1f2cc7 100644
--- a/src/utils/tar/util_archive.h
+++ b/src/utils/tar/util_archive.h
@@ -49,17 +49,17 @@ struct archive_options {
};
int archive_unpack(const struct io_read_wrapper *content, const char *dstdir, const struct archive_options *options,
- char **errmsg);
+ const char *root_dir, char **errmsg);
bool valid_archive_format(const char *file);
-int archive_chroot_tar(char *path, char *file, char **errmsg);
+int archive_chroot_tar(const char *path, const char *file, const char *root_dir, char **errmsg);
int archive_chroot_tar_stream(const char *chroot_dir, const char *tar_path, const char *src_base,
- const char *dst_base, struct io_read_wrapper *content);
+ const char *dst_base, const char *root_dir, struct io_read_wrapper *content);
int archive_chroot_untar_stream(const struct io_read_wrapper *content, const char *chroot_dir,
const char *untar_dir, const char *src_base, const char *dst_base,
- char **errmsg);
+ const char *root_dir, char **errmsg);
#ifdef __cplusplus
}
--
2.40.1

140
0132-2165-preventing-the-use-of-insecure-isulad-tmpdir-di.patch Normal file
View File

@ -0,0 +1,140 @@
From ea8bab0c0397b24648e437c0c54de40656d82432 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sat, 2 Sep 2023 08:56:38 +0000
Subject: [PATCH 132/145] !2165 preventing the use of insecure isulad tmpdir
directory * preventing the use of insecure isulad tmpdir directory
---
src/common/constants.h | 2 +
.../container/leftover_cleanup/cleanup.c | 66 ++++++++++++++++++-
src/daemon/modules/image/oci/utils_images.c | 10 +++
3 files changed, 77 insertions(+), 1 deletion(-)
diff --git a/src/common/constants.h b/src/common/constants.h
index 6988e25b..7460e169 100644
--- a/src/common/constants.h
+++ b/src/common/constants.h
@@ -50,6 +50,8 @@ extern "C" {
#define TEMP_DIRECTORY_MODE 0700
+#define ISULAD_TEMP_DIRECTORY_MODE 0660
+
#define CONSOLE_FIFO_DIRECTORY_MODE 0770
#define SOCKET_GROUP_DIRECTORY_MODE 0660
diff --git a/src/daemon/modules/container/leftover_cleanup/cleanup.c b/src/daemon/modules/container/leftover_cleanup/cleanup.c
index c86e3db9..e17b73c1 100644
--- a/src/daemon/modules/container/leftover_cleanup/cleanup.c
+++ b/src/daemon/modules/container/leftover_cleanup/cleanup.c
@@ -13,6 +13,8 @@
* Description: provide cleanup functions
*********************************************************************************/
#include <sys/mount.h>
+#include <sys/stat.h>
+#include <unistd.h>
#include "utils.h"
#include "utils_fs.h"
@@ -169,6 +171,67 @@ static bool walk_isulad_tmpdir_cb(const char *path_name, const struct dirent *su
return true;
}
+static int isulad_tmpdir_security_check(const char *tmpdir)
+{
+ struct stat st = { 0 };
+
+ if (lstat(tmpdir, &st) != 0) {
+ SYSERROR("Failed to lstat %s", tmpdir);
+ return -1;
+ }
+
+ if (!S_ISDIR(st.st_mode)) {
+ return -1;
+ }
+
+ if ((st.st_mode & 0777) != ISULAD_TEMP_DIRECTORY_MODE) {
+ return -1;
+ }
+
+ if (st.st_uid != 0) {
+ return -1;
+ }
+
+ if (S_ISLNK(st.st_mode)) {
+ return -1;
+ }
+
+ return 0;
+}
+
+static int recreate_tmpdir(const char *tmpdir)
+{
+ int ret;
+ struct stat st = { 0 };
+
+ if (util_recursive_rmdir(tmpdir, 0)) {
+ ERROR("Failed to remove directory %s", tmpdir);
+ return -1;
+ }
+
+ if (util_mkdir_p(tmpdir, ISULAD_TEMP_DIRECTORY_MODE)) {
+ ERROR("Failed to create directory %s", tmpdir);
+ return -1;
+ }
+
+ if (lstat(tmpdir, &st) != 0) {
+ SYSERROR("Failed to lstat %s", tmpdir);
+ return -1;
+ }
+
+ return ret;
+}
+
+static int ensure_isulad_tmpdir_security(const char *tmpdir)
+{
+ if (isulad_tmpdir_security_check(tmpdir) == 0) {
+ return 0;
+ }
+
+ INFO("iSulad tmpdir does not meet security requirements, recreate it");
+ return recreate_tmpdir(tmpdir);
+}
+
static void cleanup_path(char *dir)
{
int nret;
@@ -186,7 +249,8 @@ static void cleanup_path(char *dir)
return;
}
- if (!util_dir_exists(cleanpath)) {
+ // preventing the use of insecure isulad tmpdir directory
+ if (ensure_isulad_tmpdir_security(cleanpath) != 0) {
return;
}
diff --git a/src/daemon/modules/image/oci/utils_images.c b/src/daemon/modules/image/oci/utils_images.c
index 22ec72df..e7131351 100644
--- a/src/daemon/modules/image/oci/utils_images.c
+++ b/src/daemon/modules/image/oci/utils_images.c
@@ -630,6 +630,16 @@ int makesure_isulad_tmpdir_perm_right(const char *root_dir)
goto out;
}
+ if ((st.st_mode & 0777) != TEMP_DIRECTORY_MODE) {
+ ret = -1;
+ goto out;
+ }
+
+ if (S_ISLNK(st.st_mode)) {
+ ret = -1;
+ goto out;
+ }
+
// chown to root
ret = lchown(isulad_tmpdir, 0, 0);
if (ret == 0 || (ret == EPERM && st.st_uid == 0 && st.st_gid == 0)) {
--
2.40.1

238
0133-2166-move-ensure_isulad_tmpdir_security-function-to-.patch Normal file
View File

@ -0,0 +1,238 @@
From 130fc2908f915328485082ce4903f06023627b36 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sat, 2 Sep 2023 10:38:29 +0000
Subject: [PATCH 133/145] !2166 move ensure_isulad_tmpdir_security function to
main.c * move ensure_isulad_tmpdir_security function to main.c
---
src/cmd/isulad/main.c | 101 ++++++++++++++++++
.../container/leftover_cleanup/cleanup.c | 66 +-----------
src/utils/tar/util_archive.c | 2 +-
3 files changed, 103 insertions(+), 66 deletions(-)
diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c
index 4c057065..961a3912 100644
--- a/src/cmd/isulad/main.c
+++ b/src/cmd/isulad/main.c
@@ -1227,6 +1227,101 @@ out:
return ret;
}
+static int isulad_tmpdir_security_check(const char *tmp_dir)
+{
+ struct stat st = { 0 };
+
+ if (lstat(tmp_dir, &st) != 0) {
+ SYSERROR("Failed to lstat %s", tmp_dir);
+ return -1;
+ }
+
+ if (!S_ISDIR(st.st_mode)) {
+ return -1;
+ }
+
+ if ((st.st_mode & 0777) != ISULAD_TEMP_DIRECTORY_MODE) {
+ return -1;
+ }
+
+ if (st.st_uid != 0) {
+ return -1;
+ }
+
+ if (S_ISLNK(st.st_mode)) {
+ return -1;
+ }
+
+ return 0;
+}
+
+static int recreate_tmpdir(const char *tmp_dir)
+{
+ if (util_recursive_rmdir(tmp_dir, 0) != 0) {
+ ERROR("Failed to remove directory %s", tmp_dir);
+ return -1;
+ }
+
+ if (util_mkdir_p(tmp_dir, ISULAD_TEMP_DIRECTORY_MODE) != 0) {
+ ERROR("Failed to create directory %s", tmp_dir);
+ return -1;
+ }
+
+ return 0;
+}
+
+static int do_ensure_isulad_tmpdir_security(const char *isulad_tmp_dir)
+{
+ int nret;
+ char tmp_dir[PATH_MAX] = { 0 };
+ char cleanpath[PATH_MAX] = { 0 };
+
+ nret = snprintf(tmp_dir, PATH_MAX, "%s/isulad_tmpdir", isulad_tmp_dir);
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
+ ERROR("Failed to snprintf");
+ return -1;
+ }
+
+ if (util_clean_path(tmp_dir, cleanpath, sizeof(cleanpath)) == NULL) {
+ ERROR("Failed to clean path for %s", tmp_dir);
+ return -1;
+ }
+
+ if (isulad_tmpdir_security_check(cleanpath) == 0) {
+ return 0;
+ }
+
+ INFO("iSulad tmpdir: %s does not meet security requirements, recreate it", isulad_tmp_dir);
+ return recreate_tmpdir(cleanpath);
+}
+
+static int ensure_isulad_tmpdir_security()
+{
+ char *isulad_tmp_dir = NULL;
+
+ isulad_tmp_dir = getenv("ISULAD_TMPDIR");
+ if (!util_valid_str(isulad_tmp_dir)) {
+ isulad_tmp_dir = "/tmp";
+ }
+
+ if (do_ensure_isulad_tmpdir_security(isulad_tmp_dir) != 0) {
+ ERROR("Failed to ensure the %s directory is a safe directory", isulad_tmp_dir);
+ return -1;
+ }
+
+ if (strcmp(isulad_tmp_dir, "/tmp") == 0) {
+ return 0;
+ }
+
+ // No matter whether ISULAD_TMPDIR is set or not,
+ // ensure the "/tmp" directory is a safe directory
+ if (do_ensure_isulad_tmpdir_security("/tmp") != 0) {
+ WARN("Failed to ensure the /tmp directory is a safe directory");
+ }
+
+ return 0;
+}
+
static int isulad_server_init_common()
{
int ret = -1;
@@ -1259,6 +1354,12 @@ static int isulad_server_init_common()
// because tmpdir will remove failed if chroot mount point exist under tmpdir
isulad_tmpdir_cleaner();
+ // preventing the use of insecure isulad tmpdir directory
+ if (ensure_isulad_tmpdir_security() != 0) {
+ ERROR("Failed to ensure isulad tmpdir security");
+ goto out;
+ }
+
if (volume_init(args->json_confs->graph) != 0) {
ERROR("Failed to init volume");
goto out;
diff --git a/src/daemon/modules/container/leftover_cleanup/cleanup.c b/src/daemon/modules/container/leftover_cleanup/cleanup.c
index e17b73c1..c86e3db9 100644
--- a/src/daemon/modules/container/leftover_cleanup/cleanup.c
+++ b/src/daemon/modules/container/leftover_cleanup/cleanup.c
@@ -13,8 +13,6 @@
* Description: provide cleanup functions
*********************************************************************************/
#include <sys/mount.h>
-#include <sys/stat.h>
-#include <unistd.h>
#include "utils.h"
#include "utils_fs.h"
@@ -171,67 +169,6 @@ static bool walk_isulad_tmpdir_cb(const char *path_name, const struct dirent *su
return true;
}
-static int isulad_tmpdir_security_check(const char *tmpdir)
-{
- struct stat st = { 0 };
-
- if (lstat(tmpdir, &st) != 0) {
- SYSERROR("Failed to lstat %s", tmpdir);
- return -1;
- }
-
- if (!S_ISDIR(st.st_mode)) {
- return -1;
- }
-
- if ((st.st_mode & 0777) != ISULAD_TEMP_DIRECTORY_MODE) {
- return -1;
- }
-
- if (st.st_uid != 0) {
- return -1;
- }
-
- if (S_ISLNK(st.st_mode)) {
- return -1;
- }
-
- return 0;
-}
-
-static int recreate_tmpdir(const char *tmpdir)
-{
- int ret;
- struct stat st = { 0 };
-
- if (util_recursive_rmdir(tmpdir, 0)) {
- ERROR("Failed to remove directory %s", tmpdir);
- return -1;
- }
-
- if (util_mkdir_p(tmpdir, ISULAD_TEMP_DIRECTORY_MODE)) {
- ERROR("Failed to create directory %s", tmpdir);
- return -1;
- }
-
- if (lstat(tmpdir, &st) != 0) {
- SYSERROR("Failed to lstat %s", tmpdir);
- return -1;
- }
-
- return ret;
-}
-
-static int ensure_isulad_tmpdir_security(const char *tmpdir)
-{
- if (isulad_tmpdir_security_check(tmpdir) == 0) {
- return 0;
- }
-
- INFO("iSulad tmpdir does not meet security requirements, recreate it");
- return recreate_tmpdir(tmpdir);
-}
-
static void cleanup_path(char *dir)
{
int nret;
@@ -249,8 +186,7 @@ static void cleanup_path(char *dir)
return;
}
- // preventing the use of insecure isulad tmpdir directory
- if (ensure_isulad_tmpdir_security(cleanpath) != 0) {
+ if (!util_dir_exists(cleanpath)) {
return;
}
diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c
index d5dabda9..46621cc1 100644
--- a/src/utils/tar/util_archive.c
+++ b/src/utils/tar/util_archive.c
@@ -217,7 +217,7 @@ static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, ch
}
// ensure parent dir is exist
- if (util_mkdir_p(cleanpath, buf.st_mode) != 0) {
+ if (util_mkdir_p(cleanpath, ISULAD_TEMP_DIRECTORY_MODE) != 0) {
return -1;
}
--
2.40.1

110
0134-2169-using-macros-to-isolate-isulad-s-enable_plugin-.patch Normal file
View File

@ -0,0 +1,110 @@
From 80ac71264c5f388f2d181f17ab1f14c7062aec8f Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 4 Sep 2023 08:45:55 +0000
Subject: [PATCH 134/145] !2169 using macros to isolate isulad's enable_plugin
configuration option * using macros to isolate isulad's enable_plugin
configuration option
---
src/cmd/isulad/isulad_commands.h | 15 +++++++++++----
src/common/constants.h | 2 ++
src/daemon/config/isulad_config.c | 4 ++++
src/daemon/config/isulad_config.h | 2 ++
4 files changed, 19 insertions(+), 4 deletions(-)
diff --git a/src/cmd/isulad/isulad_commands.h b/src/cmd/isulad/isulad_commands.h
index e5bcb6c8..3b12fa3e 100644
--- a/src/cmd/isulad/isulad_commands.h
+++ b/src/cmd/isulad/isulad_commands.h
@@ -65,6 +65,16 @@ int command_default_ulimit_append(command_option_t *option, const char *arg);
#define USERNS_REMAP_OPT(cmdargs)
#endif
+#ifdef ENABLE_PLUGIN
+#define PLUGINS_OPT(cmdargs) \
+ { CMD_OPT_TYPE_STRING_DUP, \
+ false, "enable-plugins", 0, &(cmdargs)->json_confs->enable_plugins, \
+ "Enable plugins for all containers", NULL \
+ },
+#else
+#define PLUGINS_OPT(cmdargs)
+#endif
+
#ifdef ENABLE_GRPC_REMOTE_CONNECT
#define ISULAD_TLS_OPTIONS(cmdargs) \
{ CMD_OPT_TYPE_STRING_DUP, \
@@ -314,10 +324,7 @@ int command_default_ulimit_append(command_option_t *option, const char *arg);
false, "cpu-rt-runtime", 0, &(cmdargs)->json_confs->cpu_rt_runtime, \
"Limit CPU real-time runtime in microseconds for all containers", command_convert_llong \
}, \
- { CMD_OPT_TYPE_STRING_DUP, \
- false, "enable-plugins", 0, &(cmdargs)->json_confs->enable_plugins, \
- "Enable plugins for all containers", NULL \
- }, \
+ PLUGINS_OPT(cmdargs) \
{ CMD_OPT_TYPE_CALLBACK, \
false, "cri-runtime", 0, (cmdargs), \
"CRI runtime class transform", server_callback_cri_runtime \
diff --git a/src/common/constants.h b/src/common/constants.h
index 7460e169..efb2951a 100644
--- a/src/common/constants.h
+++ b/src/common/constants.h
@@ -134,9 +134,11 @@ extern "C" {
#define AUTH_PLUGIN "authz-broker"
+#ifdef ENABLE_PLUGIN
#define ISULAD_ENABLE_PLUGINS "ISULAD_ENABLE_PLUGINS"
#define ISULAD_ENABLE_PLUGINS_SEPERATOR ","
#define ISULAD_ENABLE_PLUGINS_SEPERATOR_CHAR ','
+#endif
#ifdef ENABLE_SHIM_V2
#define SHIM_V2_LOG "/log"
diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c
index c9e64617..0e389dd1 100644
--- a/src/daemon/config/isulad_config.c
+++ b/src/daemon/config/isulad_config.c
@@ -1209,6 +1209,7 @@ out:
return result;
}
+#ifdef ENABLE_PLUGIN
char *conf_get_enable_plugins(void)
{
struct service_arguments *conf = NULL;
@@ -1230,6 +1231,7 @@ out:
(void)isulad_server_conf_unlock();
return plugins;
}
+#endif
#ifdef ENABLE_USERNS_REMAP
char *conf_get_isulad_userns_remap(void)
@@ -1634,7 +1636,9 @@ int merge_json_confs_into_global(struct service_arguments *args)
// iSulad runtime execution options
override_string_value(&args->json_confs->engine, &tmp_json_confs->engine);
override_string_value(&args->json_confs->hook_spec, &tmp_json_confs->hook_spec);
+#ifdef ENABLE_PLUGIN
override_string_value(&args->json_confs->enable_plugins, &tmp_json_confs->enable_plugins);
+#endif
#ifdef ENABLE_USERNS_REMAP
override_string_value(&args->json_confs->userns_remap, &tmp_json_confs->userns_remap);
#endif
diff --git a/src/daemon/config/isulad_config.h b/src/daemon/config/isulad_config.h
index cf0cd2a4..397da8a4 100644
--- a/src/daemon/config/isulad_config.h
+++ b/src/daemon/config/isulad_config.h
@@ -55,7 +55,9 @@ int conf_get_container_log_opts(isulad_daemon_configs_container_log **opts);
char *conf_get_isulad_log_file(void);
char *conf_get_engine_log_file(void);
+#ifdef ENABLE_PLUGIN
char *conf_get_enable_plugins(void);
+#endif
#ifdef ENABLE_USERNS_REMAP
char *conf_get_isulad_userns_remap(void);
#endif
--
2.40.1

123
0135-mask-proxy-informations.patch Normal file
View File

@ -0,0 +1,123 @@
From fe0a25f97571b6f568a80c554a0f678fd866d9f5 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Mon, 4 Sep 2023 15:19:36 +0800
Subject: [PATCH 135/145] mask proxy informations
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
.../container_cb/execution_information.c | 86 ++++++++++++++++---
1 file changed, 74 insertions(+), 12 deletions(-)
diff --git a/src/daemon/executor/container_cb/execution_information.c b/src/daemon/executor/container_cb/execution_information.c
index 144daebf..6d9521ec 100644
--- a/src/daemon/executor/container_cb/execution_information.c
+++ b/src/daemon/executor/container_cb/execution_information.c
@@ -181,24 +181,83 @@ out:
static int get_proxy_env(char **proxy, const char *type)
{
int ret = 0;
- char *tmp = NULL;
-
- *proxy = getenv(type);
- if (*proxy == NULL) {
- tmp = util_strings_to_upper(type);
+ int nret;
+ char *tmp_proxy = NULL;
+ char *col_pos = NULL;
+ char *at_pos = NULL;
+ size_t proxy_len;
+ const char *mask_str = "//xxxx:xxxx";
+
+ tmp_proxy = getenv(type);
+ if (tmp_proxy == NULL) {
+ char *tmp = util_strings_to_upper(type);
if (tmp == NULL) {
ERROR("Failed to upper string!");
- ret = -1;
- goto out;
- }
- *proxy = getenv(tmp);
- if (*proxy == NULL) {
- *proxy = "";
+ return -1;
}
+ tmp_proxy = getenv(tmp);
+ free(tmp);
+ }
+
+ if (tmp_proxy == NULL) {
+ return 0;
+ }
+
+ if (strlen(tmp_proxy) >= PATH_MAX) {
+ ERROR("Too long proxy string.");
+ return -1;
+ }
+ tmp_proxy = util_strdup_s(tmp_proxy);
+
+ if (strcmp(NO_PROXY, type) == 0) {
+ *proxy = tmp_proxy;
+ return 0;
+ }
+
+ // mask username and password of proxy
+ col_pos = strchr(tmp_proxy, ':');
+ if (col_pos == NULL) {
+ ERROR("Invalid proxy.");
+ ret = -1;
+ goto out;
+ }
+ at_pos = strrchr(tmp_proxy, '@');
+ if (at_pos == NULL) {
+ // no '@', represent no user information in proxy,
+ // just return original proxy
+ *proxy = tmp_proxy;
+ return 0;
+ }
+
+ // first colon position must before than at position
+ if ((at_pos - col_pos) < 0) {
+ ret = -1;
+ goto out;
}
+ // proxy with userinfo format like: 'http://xxx:xxx@xxxx.com'
+ // so masked proxy length = len(proxy) - (pos(@) - pos(:) + 1) + len(mask-str) + '\0'
+ proxy_len = strlen(tmp_proxy);
+ proxy_len -= (at_pos - tmp_proxy);
+ proxy_len += (col_pos - tmp_proxy) + 1;
+ proxy_len += strlen(mask_str) + 1;
+ *proxy = util_common_calloc_s(proxy_len);
+ if (*proxy == NULL) {
+ ERROR("Out of memory");
+ ret = -1;
+ goto out;
+ }
+ *col_pos = '\0';
+ nret = snprintf(*proxy, proxy_len, "%s:%s%s", tmp_proxy, mask_str, at_pos);
+ if (nret < 0 || nret >= proxy_len) {
+ ret = -1;
+ free(*proxy);
+ *proxy = NULL;
+ goto out;
+ }
+
out:
- free(tmp);
+ util_free_sensitive_string(tmp_proxy);
return ret;
}
@@ -345,6 +404,9 @@ static int isulad_info_cb(const host_info_request *request, host_info_response *
#endif
pack_response:
+ free(http_proxy);
+ free(https_proxy);
+ free(no_proxy);
if (*response != NULL) {
(*response)->cc = cc;
}
--
2.40.1

115
0136-add-testcase-for-isula-info.patch Normal file
View File

@ -0,0 +1,115 @@
From b02b5b173f326ae9052b7e26e042c6c0c3a8e9ae Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Mon, 4 Sep 2023 17:13:13 +0800
Subject: [PATCH 136/145] add testcase for isula info
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
CI/test_cases/container_cases/info.sh | 95 +++++++++++++++++++++++++++
1 file changed, 95 insertions(+)
create mode 100755 CI/test_cases/container_cases/info.sh
diff --git a/CI/test_cases/container_cases/info.sh b/CI/test_cases/container_cases/info.sh
new file mode 100755
index 00000000..e6c03a49
--- /dev/null
+++ b/CI/test_cases/container_cases/info.sh
@@ -0,0 +1,95 @@
+#!/bin/bash
+#
+# attributes: isula info operator
+# concurrent: YES
+# spend time: 1
+
+#######################################################################
+##- Copyright (c) Huawei Technologies Co., Ltd. 2023. All rights reserved.
+# - iSulad licensed under the Mulan PSL v2.
+# - You can use this software according to the terms and conditions of the Mulan PSL v2.
+# - You may obtain a copy of Mulan PSL v2 at:
+# - http://license.coscl.org.cn/MulanPSL2
+# - THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+# - IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+# - PURPOSE.
+# - See the Mulan PSL v2 for more details.
+##- @Description:CI
+##- @Author: haozi007
+##- @Create: 2023-09-04
+#######################################################################
+
+curr_path=$(dirname $(readlink -f "$0"))
+data_path=$(realpath $curr_path/../data)
+source ../helpers.sh
+
+function do_test_t()
+{
+ check_valgrind_log
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++))
+ export http_proxy="http://test:123456@testproxy.com"
+ export https_proxy="http://test:123456@testproxy.com"
+ export no_proxy="127.0.0.1"
+ start_isulad_with_valgrind
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++))
+ isula info | grep "Http Proxy" | grep "http://xxxx:xxxx@testproxy.com"
+ fn_check_eq "$?" "0" "check http proxy failed"
+ isula info | grep "Https Proxy" | grep "http://xxxx:xxxx@testproxy.com"
+ fn_check_eq "$?" "0" "check https proxy failed"
+ isula info | grep "No Proxy" | grep "127.0.0.1"
+ fn_check_eq "$?" "0" "check no proxy failed"
+
+ check_valgrind_log
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++))
+ export http_proxy="https://example.com"
+ export no_proxy="127.0.0.1"
+ start_isulad_with_valgrind
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++))
+ isula info | grep "Http Proxy" | grep "https://example.com"
+ fn_check_eq "$?" "0" "check http proxy failed"
+ isula info | grep "No Proxy" | grep "127.0.0.1"
+ fn_check_eq "$?" "0" "check no proxy failed"
+
+ check_valgrind_log
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++))
+ export http_proxy="http//abc.com"
+ export no_proxy="127.0.0.1:localhost"
+ start_isulad_with_valgrind
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++))
+ isula info | grep "Http Proxy"
+ fn_check_ne "$?" "0" "check http proxy failed"
+ isula info | grep "No Proxy"
+ fn_check_ne "$?" "0" "check no proxy failed"
+
+ check_valgrind_log
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++))
+ export http_proxy="http//xxxx@abc:abc.com"
+ export no_proxy="127.0.0.1"
+ start_isulad_with_valgrind
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++))
+ isula info | grep "Http Proxy"
+ fn_check_ne "$?" "0" "check http proxy failed"
+ isula info | grep "No Proxy"
+ fn_check_ne "$?" "0" "check no proxy failed"
+
+ check_valgrind_log
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++))
+ unset https_proxy http_proxy no_proxy
+ start_isulad_with_valgrind
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++))
+ isula info | grep "Http Proxy"
+ fn_check_ne "$?" "0" "check http proxy failed"
+ isula info | grep "No Proxy"
+ fn_check_ne "$?" "0" "check no proxy failed"
+
+ return $TC_RET_T
+}
+
+ret=0
+
+do_test_t
+if [ $? -ne 0 ];then
+ let "ret=$ret + 1"
+fi
+
+show_result $ret "basic info"
--
2.40.1

2374
0137-2172-remove-unneccessary-strerror.patch Normal file
View File

File diff suppressed because it is too large Load Diff

229
0138-replace-COMMAND_ERROR-to-CMD_SYSERROR.patch Normal file
View File

@ -0,0 +1,229 @@
From 9c97c74fe3e384e5fe87c80037f94544a4b45081 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Wed, 6 Sep 2023 10:26:25 +0800
Subject: [PATCH 138/145] replace COMMAND_ERROR to CMD_SYSERROR
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
src/cmd/isula/base/create.c | 4 ++--
src/cmd/isula/extend/export.c | 2 +-
src/cmd/isula/images/import.c | 2 +-
src/cmd/isula/images/load.c | 2 +-
src/cmd/isula/images/login.c | 6 +++---
src/cmd/isula/stream/attach.c | 2 +-
src/cmd/isulad/main.c | 2 +-
.../executor/container_cb/execution_information.c | 2 +-
src/daemon/modules/log/log_gather.c | 14 +++++++-------
src/utils/console/console.c | 2 +-
10 files changed, 19 insertions(+), 19 deletions(-)
diff --git a/src/cmd/isula/base/create.c b/src/cmd/isula/base/create.c
index 8cef5d17..02838a56 100644
--- a/src/cmd/isula/base/create.c
+++ b/src/cmd/isula/base/create.c
@@ -1758,7 +1758,7 @@ static int check_hook_spec_file(const char *hook_spec)
return -1;
}
if (stat(hook_spec, &hookstat)) {
- COMMAND_ERROR("Stat hook spec file failed: %s", strerror(errno));
+ CMD_SYSERROR("Stat hook spec file failed");
return -1;
}
if ((hookstat.st_mode & S_IFMT) != S_IFREG) {
@@ -1800,7 +1800,7 @@ static int create_check_rootfs(struct client_arguments *args)
if (args->create_rootfs != NULL) {
char real_path[PATH_MAX] = { 0 };
if (realpath(args->create_rootfs, real_path) == NULL) {
- COMMAND_ERROR("Failed to get rootfs '%s': %s", args->create_rootfs, strerror(errno));
+ CMD_SYSERROR("Failed to get rootfs '%s'.", args->create_rootfs);
ret = -1;
goto out;
}
diff --git a/src/cmd/isula/extend/export.c b/src/cmd/isula/extend/export.c
index 68d17c82..34ab1885 100644
--- a/src/cmd/isula/extend/export.c
+++ b/src/cmd/isula/extend/export.c
@@ -114,7 +114,7 @@ int cmd_export_main(int argc, const char **argv)
int sret;
char cwd[PATH_MAX] = { 0 };
if (!getcwd(cwd, sizeof(cwd))) {
- COMMAND_ERROR("get cwd failed:%s", strerror(errno));
+ CMD_SYSERROR("get cwd failed.");
exit(ECOMMON);
}
sret = snprintf(file, sizeof(file), "%s/%s", cwd, g_cmd_export_args.file);
diff --git a/src/cmd/isula/images/import.c b/src/cmd/isula/images/import.c
index 7b6eb2a9..98805c95 100644
--- a/src/cmd/isula/images/import.c
+++ b/src/cmd/isula/images/import.c
@@ -126,7 +126,7 @@ int cmd_import_main(int argc, const char **argv)
int len = 0;
if (!getcwd(cwd, sizeof(cwd))) {
- COMMAND_ERROR("get cwd failed:%s", strerror(errno));
+ CMD_SYSERROR("get cwd failed.");
exit(exit_code);
}
diff --git a/src/cmd/isula/images/load.c b/src/cmd/isula/images/load.c
index 688edd02..48422438 100644
--- a/src/cmd/isula/images/load.c
+++ b/src/cmd/isula/images/load.c
@@ -150,7 +150,7 @@ int cmd_load_main(int argc, const char **argv)
int len;
if (!getcwd(cwd, sizeof(cwd))) {
- COMMAND_ERROR("get cwd failed:%s", strerror(errno));
+ CMD_SYSERROR("get cwd failed.");
exit(exit_code);
}
diff --git a/src/cmd/isula/images/login.c b/src/cmd/isula/images/login.c
index c35cb579..1c3b06ea 100644
--- a/src/cmd/isula/images/login.c
+++ b/src/cmd/isula/images/login.c
@@ -99,7 +99,7 @@ static int get_password_from_notty(struct client_arguments *args)
return -1;
}
if (n < 0) {
- COMMAND_ERROR("Get password from notty stdin failed: %s", strerror(errno));
+ CMD_SYSERROR("Get password from notty stdin failed");
return -1;
}
args->password = util_strdup_s(password);
@@ -126,7 +126,7 @@ static int get_auth_from_terminal(struct client_arguments *args)
COMMAND_ERROR("Error: Cannot perform an interactive login from a non TTY device");
return -1;
}
- COMMAND_ERROR("Get username failed: %s", strerror(errno));
+ CMD_SYSERROR("Get username failed");
return -1;
}
args->username = util_strdup_s(username);
@@ -145,7 +145,7 @@ static int get_auth_from_terminal(struct client_arguments *args)
COMMAND_ERROR("Error: Cannot perform an interactive login from a non TTY device");
return -1;
}
- COMMAND_ERROR("Get password failed: %s", strerror(errno));
+ CMD_SYSERROR("Get password failed");
return -1;
}
args->password = util_strdup_s(password);
diff --git a/src/cmd/isula/stream/attach.c b/src/cmd/isula/stream/attach.c
index 02c67e30..ff49af92 100644
--- a/src/cmd/isula/stream/attach.c
+++ b/src/cmd/isula/stream/attach.c
@@ -376,7 +376,7 @@ static int client_attach(struct client_arguments *args, uint32_t *exit_code)
if (errno == ETIMEDOUT) {
COMMAND_ERROR("Wait container status timeout.");
} else {
- COMMAND_ERROR("Failed to wait sem: %s", strerror(errno));
+ CMD_SYSERROR("Failed to wait sem");
}
ret = ECOMMON;
goto out;
diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c
index f2a25a84..1906feaf 100644
--- a/src/cmd/isulad/main.c
+++ b/src/cmd/isulad/main.c
@@ -1712,7 +1712,7 @@ static int set_locale()
/* Change from the standard (C) to en_US.UTF-8 locale, so libarchive can handle filename conversions.*/
if (setlocale(LC_CTYPE, "en_US.UTF-8") == NULL) {
- COMMAND_ERROR("Could not set locale to en_US.UTF-8:%s", strerror(errno));
+ CMD_SYSERROR("Could not set locale to en_US.UTF-8");
ret = -1;
goto out;
}
diff --git a/src/daemon/executor/container_cb/execution_information.c b/src/daemon/executor/container_cb/execution_information.c
index 6d9521ec..ba33bdfa 100644
--- a/src/daemon/executor/container_cb/execution_information.c
+++ b/src/daemon/executor/container_cb/execution_information.c
@@ -589,7 +589,7 @@ void execute_ps_command(char **args, const char *pid_args, size_t args_len)
execvp("ps", params);
- COMMAND_ERROR("Cannot get ps info with '%s':%s", pid_args, strerror(errno));
+ CMD_SYSERROR("Cannot get ps info with '%s'.", pid_args);
out:
exit(EXIT_FAILURE);
diff --git a/src/daemon/modules/log/log_gather.c b/src/daemon/modules/log/log_gather.c
index 780034ee..41c02758 100644
--- a/src/daemon/modules/log/log_gather.c
+++ b/src/daemon/modules/log/log_gather.c
@@ -142,7 +142,7 @@ static int create_fifo()
ret = mknod(g_fifo_path, S_IFIFO | S_IRUSR | S_IWUSR, (dev_t)0);
if (ret != 0 && errno != EEXIST) {
- COMMAND_ERROR("mknod failed: %s", strerror(errno));
+ CMD_SYSERROR("mknod failed.");
} else {
ret = 0;
}
@@ -157,12 +157,12 @@ static int open_log(bool change_size)
fd = util_open(g_fifo_path, O_RDWR | O_CLOEXEC, 0);
if (fd == -1) {
- COMMAND_ERROR("open fifo %s failed: %s", g_fifo_path, strerror(errno));
+ CMD_SYSERROR("open fifo %s failed", g_fifo_path);
return fd;
}
if (change_size && fcntl(fd, F_SETPIPE_SZ, LOG_FIFO_SIZE) == -1) {
- COMMAND_ERROR("set fifo buffer size failed: %s", strerror(errno));
+ CMD_SYSERROR("set fifo buffer size failed");
close(fd);
return -1;
}
@@ -262,7 +262,7 @@ void main_loop()
int len = (int)util_read_nointr(g_fifo_fd, rev_buf, REV_BUF_SIZE);
if (len < 0) {
if (ecount < 2) {
- COMMAND_ERROR("%d: Read message failed: %s", ecount++, strerror(errno));
+ CMD_SYSERROR("%d: Read message failed", ecount++);
}
continue;
}
@@ -270,7 +270,7 @@ void main_loop()
rev_buf[len] = '\0';
if (g_save_log_op(rev_buf, (size_t)len) < 0) {
- COMMAND_ERROR("write message failed: %s", strerror(errno));
+ CMD_SYSERROR("write message failed");
}
}
}
@@ -289,14 +289,14 @@ static int log_file_open()
}
fd = util_open(g_log_file, O_CREAT | O_WRONLY | O_APPEND, g_log_mode);
if (fd == -1) {
- COMMAND_ERROR("Open %s failed: %s", g_log_file, strerror(errno));
+ CMD_SYSERROR("Open %s failed", g_log_file);
ret = -1;
goto out;
}
/* change log file mode to config, if log file exist and with different mode */
if (fchmod(fd, g_log_mode) != 0) {
- COMMAND_ERROR("Change mode of log file: %s failed: %s", g_log_file, strerror(errno));
+ CMD_SYSERROR("Change mode of log file: %s failed", g_log_file);
close(fd);
ret = -1;
goto out;
diff --git a/src/utils/console/console.c b/src/utils/console/console.c
index 3ef88564..568832e8 100644
--- a/src/utils/console/console.c
+++ b/src/utils/console/console.c
@@ -187,7 +187,7 @@ int console_fifo_name(const char *rundir, const char *subpath, const char *stdfl
if (do_mkdirp) {
ret = util_mkdir_p(fifo_path, CONSOLE_FIFO_DIRECTORY_MODE);
if (ret < 0) {
- COMMAND_ERROR("Unable to create console fifo directory %s: %s.", fifo_path, strerror(errno));
+ CMD_SYSERROR("Unable to create console fifo directory %s.", fifo_path);
goto out;
}
}
--
2.40.1

373
0139-do-not-report-low-level-error-to-user.patch Normal file
View File

@ -0,0 +1,373 @@
From 602675912f09a37c71c376dd16904f85e10c5338 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Wed, 6 Sep 2023 10:45:37 +0800
Subject: [PATCH 139/145] do not report low level error to user
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
.../cri/cri_container_manager_service_impl.cc | 3 ++-
src/daemon/entry/cri/cri_helpers.cc | 4 ++--
src/daemon/entry/cri/naming.cc | 3 ++-
src/daemon/executor/container_cb/execution.c | 4 ++--
.../executor/container_cb/execution_network.c | 17 ++++++++---------
.../executor/container_cb/execution_stream.c | 4 ++--
src/daemon/modules/container/container_unix.c | 2 +-
src/daemon/modules/image/external/ext_image.c | 4 ++--
src/daemon/modules/image/oci/oci_load.c | 2 +-
.../modules/runtime/engines/lcr/lcr_rt_ops.c | 3 +--
src/daemon/modules/service/service_container.c | 2 +-
src/daemon/modules/spec/verify.c | 2 +-
src/daemon/modules/volume/local.c | 8 ++++----
src/utils/tar/isulad_tar.c | 16 ++++++++--------
src/utils/tar/util_archive.c | 12 ++++++------
15 files changed, 43 insertions(+), 43 deletions(-)
diff --git a/src/daemon/entry/cri/cri_container_manager_service_impl.cc b/src/daemon/entry/cri/cri_container_manager_service_impl.cc
index c358c934..743c7159 100644
--- a/src/daemon/entry/cri/cri_container_manager_service_impl.cc
+++ b/src/daemon/entry/cri/cri_container_manager_service_impl.cc
@@ -543,8 +543,9 @@ void ContainerManagerServiceImpl::CreateContainerLogSymlink(const std::string &c
WARN("Deleted previously existing symlink file: %s", path);
}
if (symlink(realPath, path) != 0) {
+ SYSERROR("failed to create symbolic link %s to the container log file %s for container %s", path, realPath, containerID.c_str());
error.Errorf("failed to create symbolic link %s to the container log file %s for container %s: %s", path,
- realPath, containerID.c_str(), strerror(errno));
+ realPath, containerID.c_str());
goto cleanup;
}
} else {
diff --git a/src/daemon/entry/cri/cri_helpers.cc b/src/daemon/entry/cri/cri_helpers.cc
index e2d00bc7..276fe9dd 100644
--- a/src/daemon/entry/cri/cri_helpers.cc
+++ b/src/daemon/entry/cri/cri_helpers.cc
@@ -916,8 +916,8 @@ void RemoveContainerLogSymlink(const std::string &containerID, Errors &error)
if (path != nullptr) {
// Only remove the symlink when container log path is specified.
if (util_path_remove(path) != 0 && errno != ENOENT) {
- error.Errorf("Failed to remove container %s log symlink %s: %s", containerID.c_str(), path,
- strerror(errno));
+ SYSERROR("Failed to remove container %s log symlink %s.", containerID.c_str(), path);
+ error.Errorf("Failed to remove container %s log symlink %s.", containerID.c_str(), path);
goto cleanup;
}
}
diff --git a/src/daemon/entry/cri/naming.cc b/src/daemon/entry/cri/naming.cc
index 1526f044..ce4c4359 100644
--- a/src/daemon/entry/cri/naming.cc
+++ b/src/daemon/entry/cri/naming.cc
@@ -46,7 +46,8 @@ static int parseName(const std::string &name, std::vector<std::string> &items, u
}
if (util_safe_uint(items[5].c_str(), &attempt)) {
- err.Errorf("failed to parse the sandbox name %s: %s", name.c_str(), strerror(errno));
+ SYSERROR("failed to parse the sandbox name %s.", name.c_str());
+ err.Errorf("failed to parse the sandbox name %s.", name.c_str());
return -1;
}
diff --git a/src/daemon/executor/container_cb/execution.c b/src/daemon/executor/container_cb/execution.c
index c5f7a853..9aa8b334 100644
--- a/src/daemon/executor/container_cb/execution.c
+++ b/src/daemon/executor/container_cb/execution.c
@@ -339,13 +339,13 @@ static int maybe_create_cpu_realtime_file(int64_t value, const char *file, const
fd = util_open(fpath, O_WRONLY | O_TRUNC | O_CREAT | O_CLOEXEC, 0700);
if (fd < 0) {
SYSERROR("Failed to open file: %s.", fpath);
- isulad_set_error_message("Failed to open file: %s: %s", fpath, strerror(errno));
+ isulad_set_error_message("Failed to open file: %s.", fpath);
return -1;
}
nwrite = util_write_nointr(fd, buf, strlen(buf));
if (nwrite < 0 || (size_t)nwrite != strlen(buf)) {
SYSERROR("Failed to write %s to %s.", buf, fpath);
- isulad_set_error_message("Failed to write '%s' to '%s': %s", buf, fpath, strerror(errno));
+ isulad_set_error_message("Failed to write '%s' to '%s'.", buf, fpath);
close(fd);
return -1;
}
diff --git a/src/daemon/executor/container_cb/execution_network.c b/src/daemon/executor/container_cb/execution_network.c
index 597c3d6e..6ea40611 100644
--- a/src/daemon/executor/container_cb/execution_network.c
+++ b/src/daemon/executor/container_cb/execution_network.c
@@ -67,8 +67,8 @@ static int write_hostname_to_file(const char *rootfs, const char *hostname)
ret = util_write_file(file_path, hostname, strlen(hostname), NETWORK_MOUNT_FILE_MODE);
if (ret) {
- SYSERROR("Failed to write %s", file_path);
- isulad_set_error_message("Failed to write %s: %s", file_path, strerror(errno));
+ SYSERROR("Failed to write %s.", file_path);
+ isulad_set_error_message("Failed to write %s.", file_path);
goto out;
}
@@ -96,8 +96,8 @@ static int fopen_network(FILE **fp, char **file_path, const char *rootfs, const
*fp = util_fopen(*file_path, "a+");
if (*fp == NULL) {
- SYSERROR("Failed to open %s", *file_path);
- isulad_set_error_message("Failed to open %s: %s", *file_path, strerror(errno));
+ SYSERROR("Failed to open %s.", *file_path);
+ isulad_set_error_message("Failed to open %s.", *file_path);
return -1;
}
return 0;
@@ -168,8 +168,8 @@ static int write_content_to_file(const char *file_path, const char *content)
if (content != NULL) {
ret = util_write_file(file_path, content, strlen(content), NETWORK_MOUNT_FILE_MODE);
if (ret != 0) {
- SYSERROR("Failed to write file %s", file_path);
- isulad_set_error_message("Failed to write file %s: %s", file_path, strerror(errno));
+ SYSERROR("Failed to write file %s.", file_path);
+ isulad_set_error_message("Failed to write file %s.", file_path);
return ret;
}
}
@@ -701,9 +701,8 @@ static int chown_network(const char *user_remap, const char *rootfs, const char
goto out;
}
if (chown(file_path, host_uid, host_gid) != 0) {
- SYSERROR("Failed to chown network file '%s' to %u:%u", filename, host_uid, host_gid);
- isulad_set_error_message("Failed to chown network file '%s' to %u:%u: %s", filename, host_uid, host_gid,
- strerror(errno));
+ SYSERROR("Failed to chown network file '%s' to %u:%u.", filename, host_uid, host_gid);
+ isulad_set_error_message("Failed to chown network file '%s' to %u:%u.", filename, host_uid, host_gid);
ret = -1;
goto out;
}
diff --git a/src/daemon/executor/container_cb/execution_stream.c b/src/daemon/executor/container_cb/execution_stream.c
index 7e84cca3..aae9c234 100644
--- a/src/daemon/executor/container_cb/execution_stream.c
+++ b/src/daemon/executor/container_cb/execution_stream.c
@@ -536,7 +536,7 @@ static container_path_stat *do_container_stat_path(const char *rootpath, const c
nret = lstat(resolvedpath, &st);
if (nret < 0) {
SYSERROR("lstat %s failed.", resolvedpath);
- isulad_set_error_message("lstat %s: %s", resolvedpath, strerror(errno));
+ isulad_set_error_message("lstat %s failed.", resolvedpath);
goto cleanup;
}
@@ -922,7 +922,7 @@ static int copy_to_container_check_path_valid(const container_t *cont, const cha
nret = lstat(resolvedpath, &st);
if (nret < 0) {
SYSERROR("lstat %s failed", resolvedpath);
- isulad_set_error_message("lstat %s: %s", resolvedpath, strerror(errno));
+ isulad_set_error_message("lstat %s failed", resolvedpath);
goto cleanup;
}
diff --git a/src/daemon/modules/container/container_unix.c b/src/daemon/modules/container/container_unix.c
index f85e8237..4ca7c87e 100644
--- a/src/daemon/modules/container/container_unix.c
+++ b/src/daemon/modules/container/container_unix.c
@@ -480,7 +480,7 @@ static int save_json_config_file(const char *id, const char *rootpath, const cha
nret = util_atomic_write_file(filename, json_data, strlen(json_data), CONFIG_FILE_MODE, false);
if (nret != 0) {
SYSERROR("Write file %s failed.", filename);
- isulad_set_error_message("Write file '%s' failed: %s", filename, strerror(errno));
+ isulad_set_error_message("Write file '%s' failed.", filename);
ret = -1;
}
diff --git a/src/daemon/modules/image/external/ext_image.c b/src/daemon/modules/image/external/ext_image.c
index 598299ea..5b6b7298 100644
--- a/src/daemon/modules/image/external/ext_image.c
+++ b/src/daemon/modules/image/external/ext_image.c
@@ -65,8 +65,8 @@ int ext_prepare_rf(const im_prepare_request *request, char **real_rootfs)
return -1;
}
if (realpath(request->rootfs, real_path) == NULL) {
- SYSERROR("Failed to clean rootfs path '%s'", request->rootfs);
- isulad_set_error_message("Failed to clean rootfs path '%s': %s", request->rootfs, strerror(errno));
+ SYSERROR("Failed to clean rootfs path '%s'.", request->rootfs);
+ isulad_set_error_message("Failed to clean rootfs path '%s'.", request->rootfs);
return -1;
}
*real_rootfs = util_strdup_s(real_path);
diff --git a/src/daemon/modules/image/oci/oci_load.c b/src/daemon/modules/image/oci/oci_load.c
index 2a920c22..7dfc5cb6 100644
--- a/src/daemon/modules/image/oci/oci_load.c
+++ b/src/daemon/modules/image/oci/oci_load.c
@@ -1029,7 +1029,7 @@ static char *oci_load_path_create()
if (mkdtemp(tmp_dir) == NULL) {
SYSERROR("make temporary dir failed");
- isulad_try_set_error_message("make temporary dir failed: %s", strerror(errno));
+ isulad_try_set_error_message("make temporary dir failed");
ret = -1;
goto out;
}
diff --git a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
index e985cfc1..f61316d0 100644
--- a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
+++ b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
@@ -209,9 +209,8 @@ static int remove_container_rootpath(const char *id, const char *root_path)
}
ret = util_recursive_rmdir(cont_root_path, 0);
if (ret != 0) {
- const char *tmp_err = (errno != 0) ? strerror(errno) : "error";
SYSERROR("Failed to delete container's root directory %s.", cont_root_path);
- isulad_set_error_message("Failed to delete container's root directory %s: %s", cont_root_path, tmp_err);
+ isulad_set_error_message("Failed to delete container's root directory %s.", cont_root_path);
ret = -1;
goto out;
}
diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
index c776e53f..b2ef4644 100644
--- a/src/daemon/modules/service/service_container.c
+++ b/src/daemon/modules/service/service_container.c
@@ -586,7 +586,7 @@ static int valid_mount_point(container_config_v2_common_config_mount_points_elem
if (lstat(mp->source, &st) != 0) {
SYSERROR("lstat %s failed", mp->source);
- isulad_set_error_message("lstat %s: %s", mp->source, strerror(errno));
+ isulad_set_error_message("lstat %s failed", mp->source);
return -1;
}
diff --git a/src/daemon/modules/spec/verify.c b/src/daemon/modules/spec/verify.c
index 5b6f298f..2f2d3925 100644
--- a/src/daemon/modules/spec/verify.c
+++ b/src/daemon/modules/spec/verify.c
@@ -1510,7 +1510,7 @@ static int verify_custom_mount(defs_mount **mounts, size_t len)
if (!util_file_exists(iter->source) && util_mkdir_p(iter->source, mode)) {
#endif
SYSERROR("Failed to create directory '%s'", iter->source);
- isulad_try_set_error_message("Failed to create directory '%s': %s", iter->source, strerror(errno));
+ isulad_try_set_error_message("Failed to create directory '%s'", iter->source);
ret = -1;
goto out;
}
diff --git a/src/daemon/modules/volume/local.c b/src/daemon/modules/volume/local.c
index f14025e4..e128c942 100644
--- a/src/daemon/modules/volume/local.c
+++ b/src/daemon/modules/volume/local.c
@@ -556,15 +556,15 @@ static int remove_volume_dir(char *path)
// remain untouched if we remove the data directory failed.
ret = util_recursive_rmdir(path, 0);
if (ret != 0) {
- SYSERROR("failed to remove volume data dir %s", path);
- isulad_try_set_error_message("failed to remove volume data dir %s: %s", path, strerror(errno));
+ SYSERROR("failed to remove volume data dir %s.", path);
+ isulad_try_set_error_message("failed to remove volume data dir %s.", path);
goto out;
}
ret = util_recursive_rmdir(vol_dir, 0);
if (ret != 0) {
- SYSERROR("failed to remove volume dir %s", vol_dir);
- isulad_try_set_error_message("failed to remove volume dir %s: %s", vol_dir, strerror(errno));
+ SYSERROR("failed to remove volume dir %s.", vol_dir);
+ isulad_try_set_error_message("failed to remove volume dir %s.", vol_dir);
goto out;
}
diff --git a/src/utils/tar/isulad_tar.c b/src/utils/tar/isulad_tar.c
index fa844919..bb82e477 100644
--- a/src/utils/tar/isulad_tar.c
+++ b/src/utils/tar/isulad_tar.c
@@ -115,7 +115,7 @@ static int resolve_host_source_path(const char *path, bool follow_link, char **r
if (follow_link) {
if (realpath(path, real_path) == NULL) {
SYSERROR("Can not get real path of %s.", real_path);
- format_errorf(err, "Can not get real path of %s: %s", real_path, strerror(errno));
+ format_errorf(err, "Can not get real path of %s.", real_path);
return -1;
}
nret = get_rebase_name(path, real_path, resolved_path, rebase_name);
@@ -132,7 +132,7 @@ static int resolve_host_source_path(const char *path, bool follow_link, char **r
}
if (realpath(dirpath, real_path) == NULL) {
SYSERROR("Can not get real path of %s.", dirpath);
- format_errorf(err, "Can not get real path of %s: %s", dirpath, strerror(errno));
+ format_errorf(err, "Can not get real path of %s.", dirpath);
goto cleanup;
}
nret = snprintf(resolved, sizeof(resolved), "%s/%s", real_path, basepath);
@@ -193,7 +193,7 @@ struct archive_copy_info *copy_info_source_path(const char *path, bool follow_li
nret = lstat(resolved_path, &st);
if (nret < 0) {
SYSERROR("lstat %s failed", resolved_path);
- format_errorf(err, "lstat %s: %s", resolved_path, strerror(errno));
+ format_errorf(err, "lstat %s failed", resolved_path);
goto cleanup;
}
@@ -226,8 +226,8 @@ static int copy_info_destination_path_ret(struct archive_copy_info *info, struct
ret = (int)readlink(iter_path, target, PATH_MAX);
if (ret < 0) {
- SYSERROR("Failed to read link of %s", iter_path);
- format_errorf(err, "Failed to read link of %s: %s", iter_path, strerror(errno));
+ SYSERROR("Failed to read link of %s.", iter_path);
+ format_errorf(err, "Failed to read link of %s.", iter_path);
goto cleanup;
}
// is not absolutely path
@@ -259,8 +259,8 @@ static int copy_info_destination_path_ret(struct archive_copy_info *info, struct
if (ret != 0) {
char *dst_parent = NULL;
if (errno != ENOENT) {
- SYSERROR("Can not stat %s", iter_path);
- format_errorf(err, "Can not stat %s: %s", iter_path, strerror(errno));
+ SYSERROR("Can not stat %s.", iter_path);
+ format_errorf(err, "Can not stat %s.", iter_path);
goto cleanup;
}
@@ -430,7 +430,7 @@ static int tar_resource_rebase(const char *path, const char *rebase, const char
if (lstat(path, &st) < 0) {
SYSERROR("lstat %s failed", path);
- format_errorf(err, "lstat %s: %s", path, strerror(errno));
+ format_errorf(err, "lstat %s failed", path);
return -1;
}
if (util_split_path_dir_entry(path, &srcdir, &srcbase) < 0) {
diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c
index 89b075d3..4653bc98 100644
--- a/src/utils/tar/util_archive.c
+++ b/src/utils/tar/util_archive.c
@@ -254,8 +254,8 @@ static int do_safe_chroot(const char *dstdir)
prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
if (chroot(dstdir) != 0) {
- SYSERROR("Failed to chroot to %s", dstdir);
- fprintf(stderr, "Failed to chroot to %s: %s", dstdir, strerror(errno));
+ SYSERROR("Failed to chroot to %s.", dstdir);
+ fprintf(stderr, "Failed to chroot to %s.", dstdir);
return -1;
}
@@ -843,15 +843,15 @@ int archive_unpack(const struct io_read_wrapper *content, const char *dstdir, co
}
if (do_safe_chroot(safe_dir) != 0) {
- SYSERROR("Failed to chroot to %s", safe_dir);
- fprintf(stderr, "Failed to chroot to %s: %s", safe_dir, strerror(errno));
+ SYSERROR("Failed to chroot to %s.", safe_dir);
+ fprintf(stderr, "Failed to chroot to %s.", safe_dir);
ret = -1;
goto child_out;
}
if (chdir("/") != 0) {
SYSERROR("Failed to chroot to /");
- fprintf(stderr, "Failed to chroot to /: %s", strerror(errno));
+ fprintf(stderr, "Failed to chroot to /");
ret = -1;
goto child_out;
}
@@ -1250,7 +1250,7 @@ int archive_chroot_tar(const char *path, const char *file, const char *root_dir,
fd = open(file, TAR_DEFAULT_FLAG, TAR_DEFAULT_MODE);
if (fd < 0) {
SYSERROR("Failed to open file %s for export", file);
- fprintf(stderr, "Failed to open file %s for export: %s\n", file, strerror(errno));
+ fprintf(stderr, "Failed to open file %s for export\n", file);
ret = -1;
goto child_out;
}
--
2.40.1

673
0140-remove-usage-of-strerror-with-user-defined-errno.patch Normal file
View File

@ -0,0 +1,673 @@
From fe267afe95a7c1e1a261c78cd5c79dbc3b7f4426 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Wed, 6 Sep 2023 15:05:29 +0800
Subject: [PATCH 140/145] remove usage of strerror with user defined errno
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
src/cmd/command_parser.c | 12 ++++++----
src/cmd/isula/base/create.c | 3 ++-
src/cmd/isula/isula_host_spec.c | 9 ++++---
src/cmd/isulad/main.c | 8 ++++---
src/cmd/options/opt_ulimit.c | 6 +++--
src/daemon/entry/cri/cni_network_plugin.cc | 9 ++++---
src/daemon/entry/cri/sysctl_tools.c | 14 +++++++----
src/daemon/modules/image/oci/oci_image.c | 6 +++--
.../oci/storage/image_store/image_store.c | 6 +++--
.../graphdriver/devmapper/deviceset.c | 19 +++++++++------
.../storage/layer_store/graphdriver/driver.c | 9 ++++---
.../graphdriver/overlay2/driver_overlay2.c | 17 ++++++++-----
.../oci/storage/layer_store/layer_store.c | 6 +++--
.../remote_layer_support/remote_support.c | 6 +++--
.../oci/storage/rootfs_store/rootfs_store.c | 6 +++--
.../modules/image/oci/storage/storage.c | 6 +++--
src/daemon/modules/plugin/plugin.c | 24 ++++++++++++-------
.../modules/service/network_namespace_api.c | 6 +++--
src/utils/cutils/utils_file.c | 4 +++-
19 files changed, 117 insertions(+), 59 deletions(-)
diff --git a/src/cmd/command_parser.c b/src/cmd/command_parser.c
index 7c322a44..2b87d321 100644
--- a/src/cmd/command_parser.c
+++ b/src/cmd/command_parser.c
@@ -546,7 +546,8 @@ int command_convert_u16(command_option_t *option, const char *arg)
}
ret = util_safe_u16(arg, option->data);
if (ret != 0) {
- COMMAND_ERROR("Invalid value \"%s\" for flag --%s: %s", arg, option->large, strerror(-ret));
+ errno = -ret;
+ CMD_SYSERROR("Invalid value \"%s\" for flag --%s", arg, option->large);
return EINVALIDARGS;
}
return 0;
@@ -561,7 +562,8 @@ int command_convert_llong(command_option_t *opt, const char *arg)
}
ret = util_safe_llong(arg, opt->data);
if (ret != 0) {
- COMMAND_ERROR("Invalid value \"%s\" for flag --%s: %s", arg, opt->large, strerror(-ret));
+ errno = -ret;
+ CMD_SYSERROR("Invalid value \"%s\" for flag --%s", arg, opt->large);
return EINVALIDARGS;
}
return 0;
@@ -575,7 +577,8 @@ int command_convert_uint(command_option_t *opt, const char *arg)
}
ret = util_safe_uint(arg, opt->data);
if (ret != 0) {
- COMMAND_ERROR("Invalid value \"%s\" for flag --%s: %s", arg, opt->large, strerror(-ret));
+ errno = -ret;
+ CMD_SYSERROR("Invalid value \"%s\" for flag --%s", arg, opt->large);
return EINVALIDARGS;
}
return 0;
@@ -590,7 +593,8 @@ int command_convert_int(command_option_t *option, const char *arg)
}
ret = util_safe_int(arg, option->data);
if (ret != 0) {
- COMMAND_ERROR("Invalid value \"%s\" for flag --%s: %s", arg, option->large, strerror(-ret));
+ errno = -ret;
+ CMD_SYSERROR("Invalid value \"%s\" for flag --%s", arg, option->large);
return EINVALIDARGS;
}
return 0;
diff --git a/src/cmd/isula/base/create.c b/src/cmd/isula/base/create.c
index 02838a56..5756e6ad 100644
--- a/src/cmd/isula/base/create.c
+++ b/src/cmd/isula/base/create.c
@@ -1845,7 +1845,8 @@ static int create_check_hugetlbs(const struct client_arguments *args)
}
ret = util_parse_byte_size_string(limit, &limitvalue);
if (ret != 0) {
- COMMAND_ERROR("Invalid hugetlb limit:%s:%s", limit, strerror(-ret));
+ errno = -ret;
+ CMD_SYSERROR("Invalid hugetlb limit:%s", limit);
free(dup);
ret = -1;
goto out;
diff --git a/src/cmd/isula/isula_host_spec.c b/src/cmd/isula/isula_host_spec.c
index bbcf50de..5a41c55c 100644
--- a/src/cmd/isula/isula_host_spec.c
+++ b/src/cmd/isula/isula_host_spec.c
@@ -66,7 +66,8 @@ static bool parse_restart_policy(const char *policy, host_config_restart_policy
}
nret = util_safe_int(dotpos, &(*rp)->maximum_retry_count);
if (nret != 0) {
- COMMAND_ERROR("Maximum retry count must be an integer: %s", strerror(-nret));
+ errno = -nret;
+ CMD_SYSERROR("Maximum retry count must be an integer");
goto cleanup;
}
}
@@ -706,7 +707,8 @@ static host_config_hugetlbs_element *pase_hugetlb_limit(const char *input)
ret = util_parse_byte_size_string(limit_value, &tconverted);
if (ret != 0 || tconverted < 0) {
- COMMAND_ERROR("Parse limit value: %s failed:%s", limit_value, strerror(-ret));
+ errno = -ret;
+ CMD_SYSERROR("Parse limit value: %s failed", limit_value);
goto free_out;
}
limit = (uint64_t)tconverted;
@@ -715,7 +717,8 @@ static host_config_hugetlbs_element *pase_hugetlb_limit(const char *input)
tconverted = 0;
ret = util_parse_byte_size_string(pagesize, &tconverted);
if (ret != 0 || tconverted < 0) {
- COMMAND_ERROR("Parse pagesize error.Invalid hugepage size: %s: %s", pagesize, strerror(-ret));
+ errno = -ret;
+ CMD_SYSERROR("Parse pagesize error.Invalid hugepage size: %s", pagesize);
goto free_out;
}
page = (uint64_t)tconverted;
diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c
index 1906feaf..e624cfdd 100644
--- a/src/cmd/isulad/main.c
+++ b/src/cmd/isulad/main.c
@@ -627,8 +627,9 @@ static int parse_time_duration(const char *value, unsigned int *seconds)
*(num_str + len - 1) = '\0';
ret = util_safe_uint(num_str, &tmp);
if (ret < 0) {
- ERROR("Illegal unsigned integer: %s", num_str);
- COMMAND_ERROR("Illegal unsigned integer:%s:%s", num_str, strerror(-ret));
+ errno = -ret;
+ SYSERROR("Illegal unsigned integer: %s", num_str);
+ COMMAND_ERROR("Illegal unsigned integer:%s", num_str);
ret = -1;
goto out;
}
@@ -1499,7 +1500,8 @@ static int create_mount_flock_file(const struct service_arguments *args)
// recreate mount flock file
// and make file uid/gid and permission correct
if (!util_force_remove_file(cleanpath, &err)) {
- ERROR("Failed to delete %s, error: %s. Please delete %s manually.", path, strerror(err), path);
+ errno = err;
+ SYSERROR("Failed to delete %s. Please delete %s manually.", path, path);
return -1;
}
}
diff --git a/src/cmd/options/opt_ulimit.c b/src/cmd/options/opt_ulimit.c
index 55912a16..6853c0d9 100644
--- a/src/cmd/options/opt_ulimit.c
+++ b/src/cmd/options/opt_ulimit.c
@@ -63,7 +63,8 @@ static int parse_soft_hard_ulimit(const char *val, char **limitvals, size_t limi
// parse soft
ret = util_safe_llong(limitvals[0], &converted);
if (ret < 0) {
- COMMAND_ERROR("Invalid ulimit soft value: \"%s\", parse int64 failed: %s", val, strerror(-ret));
+ errno = -ret;
+ CMD_SYSERROR("Invalid ulimit soft value: \"%s\", parse int64 failed", val);
ret = -1;
goto out;
}
@@ -74,7 +75,8 @@ static int parse_soft_hard_ulimit(const char *val, char **limitvals, size_t limi
converted = 0;
ret = util_safe_llong(limitvals[1], &converted);
if (ret < 0) {
- COMMAND_ERROR("Invalid ulimit hard value: \"%s\", parse int64 failed: %s", val, strerror(-ret));
+ errno = -ret;
+ CMD_SYSERROR("Invalid ulimit hard value: \"%s\", parse int64 failed", val);
ret = -1;
goto out;
}
diff --git a/src/daemon/entry/cri/cni_network_plugin.cc b/src/daemon/entry/cri/cni_network_plugin.cc
index 8cad0126..8aaf7390 100644
--- a/src/daemon/entry/cri/cni_network_plugin.cc
+++ b/src/daemon/entry/cri/cni_network_plugin.cc
@@ -1003,7 +1003,8 @@ void CniNetworkPlugin::RLockNetworkMap(Errors &error)
int ret = pthread_rwlock_rdlock(&m_netsLock);
if (ret != 0) {
error.Errorf("Failed to get read lock");
- ERROR("Get read lock failed: %s", strerror(ret));
+ errno = ret;
+ SYSERROR("Get read lock failed");
}
}
@@ -1012,7 +1013,8 @@ void CniNetworkPlugin::WLockNetworkMap(Errors &error)
int ret = pthread_rwlock_wrlock(&m_netsLock);
if (ret != 0) {
error.Errorf("Failed to get write lock");
- ERROR("Get write lock failed: %s", strerror(ret));
+ errno = ret;
+ SYSERROR("Get write lock failed");
}
}
@@ -1021,7 +1023,8 @@ void CniNetworkPlugin::UnlockNetworkMap(Errors &error)
int ret = pthread_rwlock_unlock(&m_netsLock);
if (ret != 0) {
error.Errorf("Failed to unlock");
- ERROR("Unlock failed: %s", strerror(ret));
+ errno = ret;
+ SYSERROR("Unlock failed");
}
}
diff --git a/src/daemon/entry/cri/sysctl_tools.c b/src/daemon/entry/cri/sysctl_tools.c
index 847c36e9..ac4fb226 100644
--- a/src/daemon/entry/cri/sysctl_tools.c
+++ b/src/daemon/entry/cri/sysctl_tools.c
@@ -22,6 +22,8 @@
#include <unistd.h>
#include <limits.h>
+#include <isula_libutils/log.h>
+
#include "utils.h"
int get_sysctl(const char *sysctl, char **err)
@@ -41,14 +43,16 @@ int get_sysctl(const char *sysctl, char **err)
ret = -1;
fd = util_open(fullpath, O_RDONLY, 0);
if (fd < 0) {
- if (asprintf(err, "Open %s failed: %s", sysctl, strerror(errno)) < 0) {
+ SYSWARN("Open %s failed", sysctl);
+ if (asprintf(err, "Open %s failed", sysctl) < 0) {
*err = util_strdup_s("Out of memory");
}
goto free_out;
}
rsize = util_read_nointr(fd, buff, sizeof(buff) - 1);
if (rsize <= 0) {
- if (asprintf(err, "Read file failed: %s", strerror(errno)) < 0) {
+ SYSWARN("Read file: %s failed", sysctl);
+ if (asprintf(err, "Read file: %s failed", sysctl) < 0) {
*err = util_strdup_s("Out of memory");
}
goto free_out;
@@ -93,14 +97,16 @@ int set_sysctl(const char *sysctl, int new_value, char **err)
ret = -1;
fd = util_open(fullpath, O_WRONLY, 0);
if (fd < 0) {
- if (asprintf(err, "Open %s failed: %s", sysctl, strerror(errno)) < 0) {
+ SYSWARN("Open %s failed", sysctl);
+ if (asprintf(err, "Open %s failed", sysctl) < 0) {
*err = util_strdup_s("Out of memory");
}
goto free_out;
}
rsize = util_write_nointr(fd, buff, strlen(buff));
if (rsize < 0 || (size_t)rsize != strlen(buff)) {
- if (asprintf(err, "Write new value failed: %s", strerror(errno)) < 0) {
+ SYSWARN("Write new value to %s failed", sysctl);
+ if (asprintf(err, "Write new value to %s failed", sysctl) < 0) {
*err = util_strdup_s("Out of memory");
}
goto free_out;
diff --git a/src/daemon/modules/image/oci/oci_image.c b/src/daemon/modules/image/oci/oci_image.c
index ae260c7d..abca4ed7 100644
--- a/src/daemon/modules/image/oci/oci_image.c
+++ b/src/daemon/modules/image/oci/oci_image.c
@@ -56,7 +56,8 @@ static inline bool oci_remote_lock(pthread_rwlock_t *remote_lock, bool writable)
nret = pthread_rwlock_rdlock(remote_lock);
}
if (nret != 0) {
- ERROR("Lock memory store failed: %s", strerror(nret));
+ errno = nret;
+ SYSERROR("Lock memory store failed");
return false;
}
@@ -69,7 +70,8 @@ static inline void oci_remote_unlock(pthread_rwlock_t *remote_lock)
nret = pthread_rwlock_unlock(remote_lock);
if (nret != 0) {
- FATAL("Unlock memory store failed: %s", strerror(nret));
+ errno = nret;
+ SYSERROR("Unlock memory store failed");
}
}
#endif
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c
index abd625f7..99640b59 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c
+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c
@@ -95,7 +95,8 @@ static inline bool image_store_lock(enum lock_type type)
nret = pthread_rwlock_wrlock(&g_image_store->rwlock);
}
if (nret != 0) {
- ERROR("Lock memory store failed: %s", strerror(nret));
+ errno = nret;
+ SYSERROR("Lock memory store failed");
return false;
}
@@ -108,7 +109,8 @@ static inline void image_store_unlock()
nret = pthread_rwlock_unlock(&g_image_store->rwlock);
if (nret != 0) {
- FATAL("Unlock memory store failed: %s", strerror(nret));
+ errno = nret;
+ SYSERROR("Unlock memory store failed");
}
}
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
index ee82e32c..76ec09d6 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
@@ -107,8 +107,9 @@ static int handle_dm_min_free_space(char *val, struct device_set *devset)
long converted = 0;
int ret = util_parse_percent_string(val, &converted);
if (ret != 0 || converted >= 100) {
- ERROR("Invalid min free space: '%s': %s", val, strerror(-ret));
- isulad_set_error_message("Invalid min free space: '%s': %s", val, strerror(-ret));
+ errno = -ret;
+ SYSERROR("Invalid min free space: '%s'", val);
+ isulad_set_error_message("Invalid min free space: '%s'", val);
return -1;
}
devset->min_free_space_percent = (uint32_t)converted;
@@ -122,8 +123,9 @@ static int handle_dm_basesize(char *val, struct device_set *devset)
int ret = util_parse_byte_size_string(val, &converted);
if (ret != 0) {
- ERROR("Invalid size: '%s': %s", val, strerror(-ret));
- isulad_set_error_message("Invalid size: '%s': %s", val, strerror(-ret));
+ errno = -ret;
+ SYSERROR("Invalid size: '%s'", val);
+ isulad_set_error_message("Invalid size: '%s'", val);
return -1;
}
if (converted <= 0) {
@@ -2722,7 +2724,8 @@ static int determine_driver_capabilities(const char *version, struct device_set
ret = util_parse_byte_size_string(tmp_str[0], &major);
if (ret != 0) {
- ERROR("devmapper: invalid size: '%s': %s", tmp_str[0], strerror(-ret));
+ errno = -ret;
+ SYSERROR("devmapper: invalid size: '%s'", tmp_str[0]);
ret = -1;
goto out;
}
@@ -2742,7 +2745,8 @@ static int determine_driver_capabilities(const char *version, struct device_set
ret = util_parse_byte_size_string(tmp_str[1], &minor);
if (ret != 0) {
- ERROR("devmapper: invalid size: '%s': %s", tmp_str[1], strerror(-ret));
+ errno = -ret;
+ SYSERROR("devmapper: invalid size: '%s'", tmp_str[1]);
ret = -1;
goto out;
}
@@ -2915,7 +2919,8 @@ static int parse_storage_opt(const json_map_string_string *opts, uint64_t *size)
ret = util_parse_byte_size_string(opts->values[i], &converted);
if (ret != 0) {
- ERROR("Invalid size: '%s': %s", opts->values[i], strerror(-ret));
+ errno = -ret;
+ SYSERROR("Invalid size: '%s'", opts->values[i]);
ret = -1;
goto out;
}
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c
index 71cbbe1c..fb549bae 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c
@@ -86,7 +86,8 @@ static inline bool driver_rd_lock()
nret = pthread_rwlock_rdlock(&g_graphdriver->rwlock);
if (nret != 0) {
- ERROR("Lock driver memory store failed: %s", strerror(nret));
+ errno = nret;
+ SYSERROR("Lock driver memory store failed");
return false;
}
@@ -99,7 +100,8 @@ static inline bool driver_wr_lock()
nret = pthread_rwlock_wrlock(&g_graphdriver->rwlock);
if (nret != 0) {
- ERROR("Lock driver memory store failed: %s", strerror(nret));
+ errno = nret;
+ SYSERROR("Lock driver memory store failed");
return false;
}
@@ -112,7 +114,8 @@ static inline void driver_unlock()
nret = pthread_rwlock_unlock(&g_graphdriver->rwlock);
if (nret != 0) {
- FATAL("Unlock driver memory store failed: %s", strerror(nret));
+ errno = nret;
+ SYSERROR("Unlock driver memory store failed");
}
}
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
index 510bd079..7517dd43 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
@@ -134,7 +134,8 @@ static int overlay2_parse_options(struct graphdriver *driver, const char **optio
int64_t converted = 0;
ret = util_parse_byte_size_string(val, &converted);
if (ret != 0) {
- ERROR("Invalid size: '%s': %s", val, strerror(-ret));
+ errno = -ret;
+ SYSERROR("Invalid size: '%s'", val);
ret = -1;
goto out;
}
@@ -143,7 +144,8 @@ static int overlay2_parse_options(struct graphdriver *driver, const char **optio
int64_t converted = 0;
ret = util_parse_byte_size_string(val, &converted);
if (ret != 0) {
- ERROR("Invalid size: '%s': %s", val, strerror(-ret));
+ errno = -ret;
+ SYSERROR("Invalid size: '%s'", val);
ret = -1;
goto out;
}
@@ -152,7 +154,8 @@ static int overlay2_parse_options(struct graphdriver *driver, const char **optio
bool converted_bool = 0;
ret = util_str_to_bool(val, &converted_bool);
if (ret != 0) {
- ERROR("Invalid bool: '%s': %s", val, strerror(-ret));
+ errno = -ret;
+ SYSERROR("Invalid bool: '%s'", val);
ret = -1;
goto out;
}
@@ -161,7 +164,8 @@ static int overlay2_parse_options(struct graphdriver *driver, const char **optio
bool converted_bool = 0;
ret = util_str_to_bool(val, &converted_bool);
if (ret != 0) {
- ERROR("Invalid bool: '%s': %s", val, strerror(-ret));
+ errno = -ret;
+ SYSERROR("Invalid bool: '%s'", val);
ret = -1;
goto out;
}
@@ -823,8 +827,9 @@ static int set_layer_quota(const char *dir, const json_map_string_string *opts,
int64_t converted = 0;
ret = util_parse_byte_size_string(opts->values[i], &converted);
if (ret != 0) {
- ERROR("Invalid size: '%s': %s", opts->values[i], strerror(-ret));
- isulad_set_error_message("Invalid quota size: '%s': %s", opts->values[i], strerror(-ret));
+ errno = -ret;
+ SYSERROR("Invalid size: '%s'", opts->values[i]);
+ isulad_set_error_message("Invalid quota size: '%s'", opts->values[i]);
ret = -1;
goto out;
}
diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
index 64022d89..b8916c76 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
@@ -105,7 +105,8 @@ static inline bool layer_store_lock(bool writable)
nret = pthread_rwlock_rdlock(&g_metadata.rwlock);
}
if (nret != 0) {
- ERROR("Lock memory store failed: %s", strerror(nret));
+ errno = nret;
+ SYSERROR("Lock memory store failed");
return false;
}
@@ -118,7 +119,8 @@ static inline void layer_store_unlock()
nret = pthread_rwlock_unlock(&g_metadata.rwlock);
if (nret != 0) {
- FATAL("Unlock memory store failed: %s", strerror(nret));
+ errno = nret;
+ SYSERROR("Unlock memory store failed");
}
}
diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c
index 69022073..eb919321 100644
--- a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c
+++ b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c
@@ -39,7 +39,8 @@ static inline bool remote_refresh_lock(pthread_rwlock_t *remote_lock, bool writa
nret = pthread_rwlock_rdlock(remote_lock);
}
if (nret != 0) {
- ERROR("Lock memory store failed: %s", strerror(nret));
+ errno = nret;
+ SYSERROR("Lock memory store failed");
return false;
}
@@ -52,7 +53,8 @@ static inline void remote_refresh_unlock(pthread_rwlock_t *remote_lock)
nret = pthread_rwlock_unlock(remote_lock);
if (nret != 0) {
- FATAL("Unlock memory store failed: %s", strerror(nret));
+ errno = nret;
+ SYSERROR("Unlock memory store failed");
}
}
diff --git a/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.c b/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.c
index c0a2a400..271158e7 100644
--- a/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.c
+++ b/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.c
@@ -71,7 +71,8 @@ static inline bool rootfs_store_lock(enum lock_type type)
}
if (nret != 0) {
- ERROR("Lock memory store failed: %s", strerror(nret));
+ errno = nret;
+ SYSERROR("Lock memory store failed");
return false;
}
@@ -84,7 +85,8 @@ static inline void rootfs_store_unlock()
nret = pthread_rwlock_unlock(&g_rootfs_store->rwlock);
if (nret != 0) {
- FATAL("Unlock memory store failed: %s", strerror(nret));
+ errno = nret;
+ SYSERROR("Unlock memory store failed");
}
}
diff --git a/src/daemon/modules/image/oci/storage/storage.c b/src/daemon/modules/image/oci/storage/storage.c
index fbaae3fc..255ec89c 100644
--- a/src/daemon/modules/image/oci/storage/storage.c
+++ b/src/daemon/modules/image/oci/storage/storage.c
@@ -61,7 +61,8 @@ static inline bool storage_lock(pthread_rwlock_t *store_lock, bool writable)
nret = pthread_rwlock_rdlock(store_lock);
}
if (nret != 0) {
- ERROR("Lock memory store failed: %s", strerror(nret));
+ errno = nret;
+ SYSERROR("Lock memory store failed");
return false;
}
@@ -74,7 +75,8 @@ static inline void storage_unlock(pthread_rwlock_t *store_lock)
nret = pthread_rwlock_unlock(store_lock);
if (nret != 0) {
- FATAL("Unlock memory store failed: %s", strerror(nret));
+ errno = nret;
+ SYSERROR("Unlock memory store failed");
}
}
diff --git a/src/daemon/modules/plugin/plugin.c b/src/daemon/modules/plugin/plugin.c
index b4d78dc9..c42cfd21 100644
--- a/src/daemon/modules/plugin/plugin.c
+++ b/src/daemon/modules/plugin/plugin.c
@@ -409,7 +409,8 @@ static void pm_rdlock(void)
errcode = pthread_rwlock_rdlock(&g_plugin_manager->pm_rwlock);
if (errcode != 0) {
- ERROR("Read lock failed: %s", strerror(errcode));
+ errno = errcode;
+ SYSERROR("Read lock failed");
}
}
@@ -419,7 +420,8 @@ static void pm_wrlock(void)
errcode = pthread_rwlock_wrlock(&g_plugin_manager->pm_rwlock);
if (errcode != 0) {
- ERROR("Write lock failed: %s", strerror(errcode));
+ errno = errcode;
+ SYSERROR("Write lock failed");
}
}
@@ -429,7 +431,8 @@ static void pm_unlock(void)
errcode = pthread_rwlock_unlock(&g_plugin_manager->pm_rwlock);
if (errcode != 0) {
- ERROR("Unlock failed: %s", strerror(errcode));
+ errno = errcode;
+ SYSERROR("Unlock failed");
}
}
@@ -659,7 +662,8 @@ static void *plugin_manager_routine(void *arg)
errcode = pthread_detach(pthread_self());
if (errcode != 0) {
- ERROR("Detach thread failed: %s", strerror(errcode));
+ errno = errcode;
+ SYSERROR("Detach thread failed");
return NULL;
}
if (pm_init() < 0) {
@@ -716,7 +720,8 @@ static void plugin_rdlock(plugin_t *plugin)
errcode = pthread_rwlock_rdlock(&plugin->lock);
if (errcode != 0) {
- ERROR("Plugin read lock failed: %s", strerror(errcode));
+ errno = errcode;
+ SYSERROR("Plugin read lock failed");
}
}
@@ -726,7 +731,8 @@ static void plugin_wrlock(plugin_t *plugin)
errcode = pthread_rwlock_wrlock(&plugin->lock);
if (errcode != 0) {
- ERROR("Plugin write lock failed: %s", strerror(errcode));
+ errno = errcode;
+ SYSERROR("Plugin write lock failed");
}
}
@@ -736,7 +742,8 @@ static void plugin_unlock(plugin_t *plugin)
errcode = pthread_rwlock_unlock(&plugin->lock);
if (errcode != 0) {
- ERROR("Plugin unlock failed: %s", strerror(errcode));
+ errno = errcode;
+ SYSERROR("Plugin unlock failed");
}
}
@@ -758,7 +765,8 @@ plugin_t *plugin_new(const char *name, const char *addr)
errcode = pthread_rwlock_init(&plugin->lock, NULL);
if (errcode != 0) {
- ERROR("Plugin init lock failed: %s", strerror(errcode));
+ errno = errcode;
+ SYSERROR("Plugin init lock failed");
goto bad;
}
plugin->name = util_strdup_s(name);
diff --git a/src/daemon/modules/service/network_namespace_api.c b/src/daemon/modules/service/network_namespace_api.c
index 11246ffb..236940fe 100644
--- a/src/daemon/modules/service/network_namespace_api.c
+++ b/src/daemon/modules/service/network_namespace_api.c
@@ -55,7 +55,8 @@ int remove_network_namespace(const char *netns_path)
}
if (!util_force_remove_file(netns_path, &get_err)) {
- ERROR("Failed to remove file %s, error: %s", netns_path, strerror(get_err));
+ errno = get_err;
+ SYSERROR("Failed to remove file %s", netns_path);
return -1;
}
@@ -77,7 +78,8 @@ int remove_network_namespace_file(const char *netns_path)
}
if (!util_force_remove_file(netns_path, &get_err)) {
- ERROR("Failed to remove file %s, error: %s", netns_path, strerror(get_err));
+ errno = get_err;
+ SYSERROR("Failed to remove file %s", netns_path);
return -1;
}
diff --git a/src/utils/cutils/utils_file.c b/src/utils/cutils/utils_file.c
index 749cdb16..f5b645ca 100644
--- a/src/utils/cutils/utils_file.c
+++ b/src/utils/cutils/utils_file.c
@@ -1071,7 +1071,9 @@ char *look_path(const char *file, char **err)
if (en == 0) {
return util_strdup_s(file);
}
- if (asprintf(err, "find exec %s : %s", file, strerror(en)) < 0) {
+ errno = en;
+ SYSERROR("find exec %s failed", file);
+ if (asprintf(err, "find exec %s failed", file) < 0) {
*err = util_strdup_s("Out of memory");
}
return NULL;
--
2.40.1

71
0141-use-gmtime_r-to-replace-gmtime.patch Normal file
View File

@ -0,0 +1,71 @@
From 4813c204f7a622ec050c1b0b56d5bc16e82fdf83 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Wed, 6 Sep 2023 16:31:19 +0800
Subject: [PATCH 141/145] use gmtime_r to replace gmtime
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
src/utils/cutils/utils_timestamp.c | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
diff --git a/src/utils/cutils/utils_timestamp.c b/src/utils/cutils/utils_timestamp.c
index fee66ea8..8ae9e42a 100644
--- a/src/utils/cutils/utils_timestamp.c
+++ b/src/utils/cutils/utils_timestamp.c
@@ -652,9 +652,9 @@ int64_t util_time_seconds_since(const char *in)
int32_t nanos = 0;
int64_t result = 0;
struct tm tm = { 0 };
- struct tm *currentm = NULL;
struct types_timezone tz = { 0 };
time_t currentime;
+ struct tm result_time = { 0 };
if (in == NULL || !strcmp(in, defaultContainerTime) || !strcmp(in, "-")) {
return 0;
@@ -666,13 +666,12 @@ int64_t util_time_seconds_since(const char *in)
}
time(&currentime);
- currentm = gmtime(&currentime);
- if (currentm == NULL) {
+ if (gmtime_r(&currentime, &result_time) == NULL) {
ERROR("Get time error");
return 0;
}
- result = get_minmus_time(currentm, &tm);
+ result = get_minmus_time(&result_time, &tm);
result = result + (int64_t)tz.hour * 3600 + (int64_t)tz.min * 60;
if (result > 0) {
@@ -871,9 +870,9 @@ int util_time_format_duration(const char *in, char *out, size_t len)
int32_t nanos = 0;
int64_t result = 0;
struct tm tm = { 0 };
- struct tm *currentm = NULL;
struct types_timezone tz = { 0 };
time_t currentime = { 0 };
+ struct tm result_time = { 0 };
if (out == NULL) {
return -1;
@@ -888,13 +887,12 @@ int util_time_format_duration(const char *in, char *out, size_t len)
}
time(&currentime);
- currentm = gmtime(&currentime);
- if (currentm == NULL) {
+ if (gmtime_r(&currentime, &result_time) == NULL) {
ERROR("Get time error");
return -1;
}
- result = get_minmus_time(currentm, &tm);
+ result = get_minmus_time(&result_time, &tm);
result = result + (int64_t)tz.hour * 3600 + (int64_t)tz.min * 60;
if (result < 0 || !time_human_duration(result, out, len)) {
--
2.40.1

72
0142-improve-report-error-message-of-client.patch Normal file
View File

@ -0,0 +1,72 @@
From 0b5836ac52ec4bd012c15babb8981d1eaadc5a2e Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Thu, 7 Sep 2023 14:34:01 +0800
Subject: [PATCH 142/145] improve report error message of client
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
src/daemon/executor/container_cb/execution_stream.c | 4 ++--
src/daemon/modules/service/service_container.c | 2 +-
src/utils/tar/isulad_tar.c | 4 ++--
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/daemon/executor/container_cb/execution_stream.c b/src/daemon/executor/container_cb/execution_stream.c
index aae9c234..7db96b19 100644
--- a/src/daemon/executor/container_cb/execution_stream.c
+++ b/src/daemon/executor/container_cb/execution_stream.c
@@ -536,7 +536,7 @@ static container_path_stat *do_container_stat_path(const char *rootpath, const c
nret = lstat(resolvedpath, &st);
if (nret < 0) {
SYSERROR("lstat %s failed.", resolvedpath);
- isulad_set_error_message("lstat %s failed.", resolvedpath);
+ isulad_set_error_message("Check %s failed, get more information from log.", resolvedpath);
goto cleanup;
}
@@ -922,7 +922,7 @@ static int copy_to_container_check_path_valid(const container_t *cont, const cha
nret = lstat(resolvedpath, &st);
if (nret < 0) {
SYSERROR("lstat %s failed", resolvedpath);
- isulad_set_error_message("lstat %s failed", resolvedpath);
+ isulad_set_error_message("Check %s failed, get more information from log.", resolvedpath);
goto cleanup;
}
diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
index b2ef4644..58b27f90 100644
--- a/src/daemon/modules/service/service_container.c
+++ b/src/daemon/modules/service/service_container.c
@@ -586,7 +586,7 @@ static int valid_mount_point(container_config_v2_common_config_mount_points_elem
if (lstat(mp->source, &st) != 0) {
SYSERROR("lstat %s failed", mp->source);
- isulad_set_error_message("lstat %s failed", mp->source);
+ isulad_set_error_message("Check %s failed, get more information from log.", mp->source);
return -1;
}
diff --git a/src/utils/tar/isulad_tar.c b/src/utils/tar/isulad_tar.c
index bb82e477..27b4ce73 100644
--- a/src/utils/tar/isulad_tar.c
+++ b/src/utils/tar/isulad_tar.c
@@ -193,7 +193,7 @@ struct archive_copy_info *copy_info_source_path(const char *path, bool follow_li
nret = lstat(resolved_path, &st);
if (nret < 0) {
SYSERROR("lstat %s failed", resolved_path);
- format_errorf(err, "lstat %s failed", resolved_path);
+ format_errorf(err, "Check %s failed, get more information from log.", resolved_path);
goto cleanup;
}
@@ -430,7 +430,7 @@ static int tar_resource_rebase(const char *path, const char *rebase, const char
if (lstat(path, &st) < 0) {
SYSERROR("lstat %s failed", path);
- format_errorf(err, "lstat %s failed", path);
+ format_errorf(err, "Check %s failed, get more information from log.", path);
return -1;
}
if (util_split_path_dir_entry(path, &srcdir, &srcbase) < 0) {
--
2.40.1

43
0143-adapt-new-error-message-for-isula-cp.patch Normal file
View File

@ -0,0 +1,43 @@
From dcac86b9fa3eff838ea7c5e2252419a5dea7d907 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Thu, 7 Sep 2023 14:41:48 +0800
Subject: [PATCH 143/145] adapt new error message for isula cp
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
CI/test_cases/container_cases/cp.sh | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/CI/test_cases/container_cases/cp.sh b/CI/test_cases/container_cases/cp.sh
index 668ce09b..1b5d7a48 100755
--- a/CI/test_cases/container_cases/cp.sh
+++ b/CI/test_cases/container_cases/cp.sh
@@ -57,10 +57,10 @@ test_cp_file_from_container()
fi
rm -rf $dstfile
- isula cp $containername:/etc/../etc/passwd/ $cpfiles 2>&1 | grep "Not a directory"
+ isula cp $containername:/etc/../etc/passwd/ $cpfiles 2>&1 | grep "get more information from log"
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to do copy" && ((ret++))
- isula cp $containername:/etc/nonexists $cpfiles 2>&1 | grep "No such file or directory"
+ isula cp $containername:/etc/nonexists $cpfiles 2>&1 | grep "get more information from log"
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to do copy" && ((ret++))
dstfile=$cpfiles/etc
@@ -146,10 +146,10 @@ test_cp_file_to_container()
isula cp /etc/passwd $containername:$cpfiles/nonexists/ 2>&1 | grep "no such directory"
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to do copy" && ((ret++))
- isula cp /etc/passwd $containername:$cpfiles/nonexists/nonexists 2>&1 | grep "No such file or directory"
+ isula cp /etc/passwd $containername:$cpfiles/nonexists/nonexists 2>&1 | grep "get more information from log"
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to do copy" && ((ret++))
- isula cp /etc/nonexists $containername:$cpfiles 2>&1 | grep "No such file or directory"
+ isula cp /etc/nonexists $containername:$cpfiles 2>&1 | grep "get more information from log"
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to do copy" && ((ret++))
rm -rf $dstfile
--
2.40.1

87
0144-2178-clean-path-for-fpath-and-verify-chain-id.patch Normal file
View File

@ -0,0 +1,87 @@
From 9701f8e27ac8d70f616930f977ee40b309911288 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sat, 9 Sep 2023 06:48:39 +0000
Subject: [PATCH 144/145] !2178 clean path for fpath and verify chain id Merge
pull request !2178 from zhongtao/image
---
src/daemon/modules/image/oci/oci_load.c | 30 +++++++++++++++++--
.../modules/image/oci/registry/registry.c | 2 +-
2 files changed, 28 insertions(+), 4 deletions(-)
diff --git a/src/daemon/modules/image/oci/oci_load.c b/src/daemon/modules/image/oci/oci_load.c
index 7dfc5cb6..3fc8cfb8 100644
--- a/src/daemon/modules/image/oci/oci_load.c
+++ b/src/daemon/modules/image/oci/oci_load.c
@@ -27,8 +27,10 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
+#include <linux/limits.h>
#include "utils.h"
+#include "path.h"
#include "isula_libutils/log.h"
#include "util_archive.h"
#include "storage.h"
@@ -703,6 +705,9 @@ static int oci_load_set_layers_info(load_image_t *im, const image_manifest_items
}
for (; i < conf->rootfs->diff_ids_len; i++) {
+ char *fpath = NULL;
+ char cleanpath[PATH_MAX] = { 0 };
+
im->layers[i] = util_common_calloc_s(sizeof(load_layer_blob_t));
if (im->layers[i] == NULL) {
ERROR("Out of memory");
@@ -710,12 +715,31 @@ static int oci_load_set_layers_info(load_image_t *im, const image_manifest_items
goto out;
}
- im->layers[i]->fpath = util_path_join(dstdir, manifest->layers[i]);
- if (im->layers[i]->fpath == NULL) {
- ERROR("Path join failed");
+ fpath = util_path_join(dstdir, manifest->layers[i]);
+ if (fpath == NULL) {
+ ERROR("Failed to join path");
+ ret = -1;
+ goto out;
+ }
+
+ if (util_clean_path(fpath, cleanpath, sizeof(cleanpath)) == NULL) {
+ ERROR("Failed to clean path for %s", fpath);
+ free(fpath);
+ ret = -1;
+ goto out;
+ }
+
+ free(fpath);
+
+ // verify whether the prefix of the path is dstdir to prevent illegal directories
+ if (strncmp(cleanpath, dstdir, strlen(dstdir)) != 0) {
+ ERROR("Illegal directory: %s", cleanpath);
ret = -1;
goto out;
}
+
+ im->layers[i]->fpath = util_strdup_s(cleanpath);
+
// The format is sha256:xxx
im->layers[i]->chain_id = oci_load_calc_chain_id(parent_chain_id_sha256, conf->rootfs->diff_ids[i]);
if (im->layers[i]->chain_id == NULL) {
diff --git a/src/daemon/modules/image/oci/registry/registry.c b/src/daemon/modules/image/oci/registry/registry.c
index 2cf79fb9..d586d1c7 100644
--- a/src/daemon/modules/image/oci/registry/registry.c
+++ b/src/daemon/modules/image/oci/registry/registry.c
@@ -594,7 +594,7 @@ static int register_layer(pull_descriptor *desc, size_t i)
return 0;
}
- id = util_without_sha256_prefix(desc->layers[i].chain_id);
+ id = oci_image_id_from_digest(desc->layers[i].chain_id);
if (id == NULL) {
ERROR("layer %zu have NULL digest for image %s", i, desc->image_name);
return -1;
--
2.40.1

35
0145-2179-modify-the-permissions-of-tmpdir-and-file-lock-.patch Normal file
View File

@ -0,0 +1,35 @@
From 247c30d6dfe10bb9fbbaf8a21f13c67aea9b2acf Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sat, 9 Sep 2023 08:11:06 +0000
Subject: [PATCH 145/145] !2179 modify the permissions of tmpdir and file lock
to 600 Merge pull request !2179 from zhongtao/mode
---
src/common/constants.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/common/constants.h b/src/common/constants.h
index efb2951a..94bc9886 100644
--- a/src/common/constants.h
+++ b/src/common/constants.h
@@ -50,7 +50,7 @@ extern "C" {
#define TEMP_DIRECTORY_MODE 0700
-#define ISULAD_TEMP_DIRECTORY_MODE 0660
+#define ISULAD_TEMP_DIRECTORY_MODE 0600
#define CONSOLE_FIFO_DIRECTORY_MODE 0770
@@ -70,7 +70,7 @@ extern "C" {
#define DEFAULT_HIGHEST_DIRECTORY_MODE 0755
-#define MOUNT_FLOCK_FILE_MODE 0660
+#define MOUNT_FLOCK_FILE_MODE 0600
#define ISULAD_CONFIG SYSCONFDIR_PREFIX"/etc/isulad"
--
2.40.1

39
iSulad.spec
View File

@ -1,5 +1,5 @@
%global _version 2.0.18
%global _release 12
%global _release 13
%global is_systemd 1
%global enable_shimv2 1
%global is_embedded 1
@ -129,6 +129,35 @@ Patch0113: 0113-clear-author-msg-in-isulad-check.sh-and-use-EANBLE_I.patch
Patch0114: 0114-2126-do-not-judge-the-snprintf-result-of-hostname.patch
Patch0115: 0115-image-ensure-id-of-loaded-and-pulled-image-is-valid.patch
Patch0116: 0116-2129-Limit-the-response-size-of-ExecSync.patch
Patch0117: 0117-improve-use-return-error-to-replace-abort.patch
Patch0118: 0118-2137-do-clean-code.patch
Patch0119: 0119-2135-modify-incorrect-variable-type.patch
Patch0120: 0120-Fix-null-ptr-and-buffer-overflow-issues.patch
Patch0121: 0121-make-sure-the-input-parameter-is-not-empty-and-optim.patch
Patch0122: 0122-2149-archive-fork-process-set-pdeathsig.patch
Patch0123: 0123-improve-by-code-check-of-cpp.patch
Patch0124: 0124-remove-password-in-url-module-and-clean-sensitive-in.patch
Patch0125: 0125-2153-fix-codecheck.patch
Patch0126: 0126-2154-fix-code-bug.patch
Patch0127: 0127-2157-bugfix-for-memset.patch
Patch0128: 0128-2159-use-macros-to-isolate-the-password-option-of-lo.patch
Patch0129: 0129-2160-Fix-nullptr-in-src-daemon-entry.patch
Patch0130: 0130-2161-bugfix-for-api-cmakelist.patch
Patch0131: 0131-2164-add-bind-mount-file-lock.patch
Patch0132: 0132-2165-preventing-the-use-of-insecure-isulad-tmpdir-di.patch
Patch0133: 0133-2166-move-ensure_isulad_tmpdir_security-function-to-.patch
Patch0134: 0134-2169-using-macros-to-isolate-isulad-s-enable_plugin-.patch
Patch0135: 0135-mask-proxy-informations.patch
Patch0136: 0136-add-testcase-for-isula-info.patch
Patch0137: 0137-2172-remove-unneccessary-strerror.patch
Patch0138: 0138-replace-COMMAND_ERROR-to-CMD_SYSERROR.patch
Patch0139: 0139-do-not-report-low-level-error-to-user.patch
Patch0140: 0140-remove-usage-of-strerror-with-user-defined-errno.patch
Patch0141: 0141-use-gmtime_r-to-replace-gmtime.patch
Patch0142: 0142-improve-report-error-message-of-client.patch
Patch0143: 0143-adapt-new-error-message-for-isula-cp.patch
Patch0144: 0144-2178-clean-path-for-fpath-and-verify-chain-id.patch
Patch0145: 0145-2179-modify-the-permissions-of-tmpdir-and-file-lock-.patch
%ifarch x86_64 aarch64
Provides: libhttpclient.so()(64bit)
@ -373,7 +402,13 @@ fi
%endif
%changelog
* THU Aug 24 2023 zhongtao <zhongtao17@huawei.com> - 2.0.18-12
* Mon Sep 18 2023 zhongtao <zhongtao17@huawei.com> - 2.0.18-13
- Type: bugfix
- ID: NA
- SUG: NA
- DESC: upgrade from upstream
* Thu Aug 24 2023 zhongtao <zhongtao17@huawei.com> - 2.0.18-12
- Type: bugfix
- ID: NA
- SUG: NA