diff --git a/0117-improve-use-return-error-to-replace-abort.patch b/0117-improve-use-return-error-to-replace-abort.patch new file mode 100644 index 0000000..4316ba3 --- /dev/null +++ b/0117-improve-use-return-error-to-replace-abort.patch @@ -0,0 +1,71 @@ +From 6707c14e8c34c977bd44478004f857baf2cb1f51 Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Thu, 24 Aug 2023 15:06:17 +0800 +Subject: [PATCH 117/145] [improve] use return error to replace abort + +Signed-off-by: haozi007 +--- + src/utils/http/parser.c | 13 ++++++------- + 1 file changed, 6 insertions(+), 7 deletions(-) + +diff --git a/src/utils/http/parser.c b/src/utils/http/parser.c +index 5f61d336..d625182c 100644 +--- a/src/utils/http/parser.c ++++ b/src/utils/http/parser.c +@@ -117,7 +117,7 @@ static int parser_cb_header_value(http_parser *parser, const char *buf, + } + + /* parser check body is final */ +-static void parser_check_body_is_final(const http_parser *parser) ++static int parser_check_body_is_final(const http_parser *parser) + { + struct parsed_http_message *m = parser->data; + +@@ -125,9 +125,10 @@ static void parser_check_body_is_final(const http_parser *parser) + fprintf(stderr, "\n\n *** Error http_body_is_final() should return 1 " + "on last on_body callback call " + "but it doesn't! ***\n\n"); +- abort(); ++ return -1; + } + m->body_is_final = http_body_is_final(parser); ++ return 0; + } + + /* parser body cb */ +@@ -155,8 +156,7 @@ static int parser_body_cb(http_parser *parser, const char *buf, size_t len) + + strlncat(m->body, newsize, buf, len); + m->body_size += len; +- parser_check_body_is_final(parser); +- return 0; ++ return parser_check_body_is_final(parser); + } + + /* parser message begin cb */ +@@ -189,7 +189,7 @@ static int parser_message_complete_cb(http_parser *p) + fprintf(stderr, "\n\n *** Error http_should_keep_alive() should have same " + "value in both on_message_complete and on_headers_complete " + "but it doesn't! ***\n\n"); +- abort(); ++ return -1; + } + + if (m->body_size && +@@ -198,12 +198,11 @@ static int parser_message_complete_cb(http_parser *p) + fprintf(stderr, "\n\n *** Error http_body_is_final() should return 1 " + "on last on_body callback call " + "but it doesn't! ***\n\n"); +- abort(); ++ return -1; + } + + m->message_complete_cb_called = TRUE; + +- + return 0; + } + +-- +2.40.1 + diff --git a/0118-2137-do-clean-code.patch b/0118-2137-do-clean-code.patch new file mode 100644 index 0000000..70ead05 --- /dev/null +++ b/0118-2137-do-clean-code.patch @@ -0,0 +1,544 @@ +From e29e6c1a51464a384b3317d4aad56aeef3221217 Mon Sep 17 00:00:00 2001 +From: zhangxiaoyu +Date: Sat, 26 Aug 2023 10:14:46 +0000 +Subject: [PATCH 118/145] !2137 do clean code * do clean code + +--- + src/cmd/isulad-shim/terminal.c | 6 +++-- + src/daemon/common/sysinfo.c | 27 ++++++++++++------- + src/daemon/config/isulad_config.c | 8 +++--- + src/daemon/entry/cri/checkpoint_handler.cc | 2 +- + src/daemon/entry/cri/checkpoint_handler.h | 1 + + src/daemon/entry/cri/naming.cc | 2 +- + .../entry/cri/websocket/service/ws_server.cc | 12 ++++----- + .../entry/cri/websocket/service/ws_server.h | 2 +- + .../executor/container_cb/execution_extend.c | 1 - + src/daemon/modules/container/container_unix.c | 4 +-- + src/daemon/modules/image/oci/oci_load.c | 2 +- + .../graphdriver/devmapper/deviceset.c | 2 ++ + .../graphdriver/overlay2/driver_overlay2.c | 3 +-- + src/utils/cpputils/url.cc | 3 +++ + src/utils/cpputils/url.h | 2 -- + src/utils/cutils/utils_mount_spec.c | 2 +- + src/utils/cutils/utils_timestamp.c | 15 +++++++---- + src/utils/http/http.c | 4 +-- + src/utils/http/parser.c | 10 +++---- + src/utils/sha256/sha256.c | 16 +++++------ + 20 files changed, 69 insertions(+), 55 deletions(-) + +diff --git a/src/cmd/isulad-shim/terminal.c b/src/cmd/isulad-shim/terminal.c +index 23783244..43fb476f 100644 +--- a/src/cmd/isulad-shim/terminal.c ++++ b/src/cmd/isulad-shim/terminal.c +@@ -186,10 +186,12 @@ static bool util_get_time_buffer(struct timespec *timestamp, char *timebuffer, s + + seconds = (time_t)timestamp->tv_sec; + gmtime_r(&seconds, &tm_utc); +- strftime(timebuffer, maxsize, "%Y-%m-%dT%H:%M:%S", &tm_utc); ++ len = strftime(timebuffer, maxsize, "%Y-%m-%dT%H:%M:%S", &tm_utc); ++ if (len == 0) { ++ return false; ++ } + + nanos = (int32_t)timestamp->tv_nsec; +- len = strlen(timebuffer); + ret = snprintf(timebuffer + len, (maxsize - len), ".%09dZ", nanos); + if (ret < 0 || (size_t)ret >= (maxsize - len)) { + return false; +diff --git a/src/daemon/common/sysinfo.c b/src/daemon/common/sysinfo.c +index cb02bee3..d0927f58 100644 +--- a/src/daemon/common/sysinfo.c ++++ b/src/daemon/common/sysinfo.c +@@ -142,6 +142,7 @@ static int add_null_to_list(void ***list) + } + } + ++ // add 2 size for element and NULL + if (index > SIZE_MAX / sizeof(void **) - 2) { + ERROR("Out of range"); + return -1; +@@ -179,7 +180,7 @@ static int append_subsystem_to_list(char ***klist, char ***nlist, const char *pt + { + int ret = 0; + +- if (strncmp(ptoken, "name=", 5) == 0) { ++ if (strncmp(ptoken, "name=", strlen("name=")) == 0) { + ret = append_string(nlist, ptoken); + if (ret != 0) { + ERROR("Failed to append string"); +@@ -271,26 +272,26 @@ static bool list_contain_string(const char **a_list, const char *str) + + static char *cgroup_legacy_must_prefix_named(const char *entry) + { +- size_t len; ++ size_t entry_len; + char *prefixed = NULL; + const char *prefix = "name="; ++ const size_t prefix_len = strlen(prefix); + +- len = strlen(entry); +- +- if (((SIZE_MAX - len) - 1) < strlen(prefix)) { ++ entry_len = strlen(entry); ++ if ((SIZE_MAX - entry_len) < (prefix_len + 1)) { + ERROR("Out of memory"); + return NULL; + } + +- prefixed = util_common_calloc_s(len + strlen(prefix) + 1); ++ prefixed = util_common_calloc_s(entry_len + prefix_len + 1); + if (prefixed == NULL) { + ERROR("Out of memory"); + return NULL; + } +- (void)memcpy(prefixed, prefix, strlen(prefix)); +- (void)memcpy(prefixed + strlen(prefix), entry, len); ++ (void)memcpy(prefixed, prefix, prefix_len); ++ (void)memcpy(prefixed + prefix_len, entry, entry_len); + +- prefixed[len + strlen(prefix)] = '\0'; ++ prefixed[entry_len + prefix_len] = '\0'; + return prefixed; + } + +@@ -310,7 +311,7 @@ static int append_controller(const char **klist, const char **nlist, char ***cli + return -1; + } + +- if (strncmp(entry, "name=", 5) == 0) { ++ if (strncmp(entry, "name=", strlen("name=")) == 0) { + dup_entry = util_strdup_s(entry); + } else if (list_contain_string(klist, entry)) { + dup_entry = util_strdup_s(entry); +@@ -345,6 +346,8 @@ static char **cgroup_get_controllers(const char **klist, const char **nlist, con + char *sep = ","; + char **pret = NULL; + ++ // line example ++ // 108 99 0:55 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755 + for (index = 0; index < 4; index++) { + pos = strchr(pos, ' '); + if (pos == NULL) { +@@ -413,6 +416,8 @@ int cgroup_get_mountpoint_and_root(char *pline, char **mountpoint, char **root) + char *pos = pline; + + // find root ++ // line example ++ // 108 99 0:55 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755 + for (index = 0; index < 3; index++) { + pos = strchr(pos, ' '); + if (pos == NULL) { +@@ -1509,6 +1514,8 @@ void free_mount_info(mountinfo_t *info) + free(info); + } + ++// line example ++// 108 99 0:55 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755 + mountinfo_t *get_mount_info(const char *pline) + { + size_t length; +diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c +index 17c9d3b5..6db4e2a4 100644 +--- a/src/daemon/config/isulad_config.c ++++ b/src/daemon/config/isulad_config.c +@@ -297,6 +297,7 @@ char *conf_get_routine_rootdir(const char *runtime) + char *path = NULL; + struct service_arguments *conf = NULL; + size_t len = 0; ++ size_t graph_len = 0; + + if (runtime == NULL) { + ERROR("Runtime is NULL"); +@@ -314,11 +315,12 @@ char *conf_get_routine_rootdir(const char *runtime) + } + + /* path = conf->rootpath + / + engines + / + runtime + /0 */ +- if (strlen(conf->json_confs->graph) > (SIZE_MAX - strlen(ENGINE_ROOTPATH_NAME) - strlen(runtime)) - 3) { ++ graph_len = strlen(conf->json_confs->graph); ++ if (graph_len > (SIZE_MAX - strlen(ENGINE_ROOTPATH_NAME) - strlen(runtime)) - 3) { + ERROR("Graph path is too long"); + goto out; + } +- len = strlen(conf->json_confs->graph) + 1 + strlen(ENGINE_ROOTPATH_NAME) + 1 + strlen(runtime) + 1; ++ len = graph_len + 1 + strlen(ENGINE_ROOTPATH_NAME) + 1 + strlen(runtime) + 1; + if (len > PATH_MAX / sizeof(char)) { + ERROR("The size of path exceeds the limit"); + goto out; +@@ -1685,13 +1687,13 @@ out: + static bool valid_isulad_daemon_constants(isulad_daemon_constants *config) + { + json_map_string_string *registry_transformation = NULL; +- size_t i = 0; + + if (config == NULL) { + return false; + } + + if (config->registry_transformation != NULL) { ++ size_t i; + registry_transformation = config->registry_transformation; + for (i = 0; i < registry_transformation->len; i++) { + if (!util_valid_host_name(registry_transformation->keys[i]) || +diff --git a/src/daemon/entry/cri/checkpoint_handler.cc b/src/daemon/entry/cri/checkpoint_handler.cc +index d5eab7a7..7b5f49cc 100644 +--- a/src/daemon/entry/cri/checkpoint_handler.cc ++++ b/src/daemon/entry/cri/checkpoint_handler.cc +@@ -15,7 +15,7 @@ + #include "checkpoint_handler.h" + + #include +-#include ++#include + #include + #include + #include +diff --git a/src/daemon/entry/cri/checkpoint_handler.h b/src/daemon/entry/cri/checkpoint_handler.h +index b526df0c..7510265f 100644 +--- a/src/daemon/entry/cri/checkpoint_handler.h ++++ b/src/daemon/entry/cri/checkpoint_handler.h +@@ -48,6 +48,7 @@ private: + + class CheckpointData { + public: ++ CheckpointData() = default; + void CheckpointDataToCStruct(cri_checkpoint_data **data, Errors &error); + void CStructToCheckpointData(const cri_checkpoint_data *data, Errors &error); + +diff --git a/src/daemon/entry/cri/naming.cc b/src/daemon/entry/cri/naming.cc +index 54a14a81..1526f044 100644 +--- a/src/daemon/entry/cri/naming.cc ++++ b/src/daemon/entry/cri/naming.cc +@@ -18,7 +18,7 @@ + #include + #include + #include +-#include ++#include + + #include "cri_constants.h" + #include "cri_helpers.h" +diff --git a/src/daemon/entry/cri/websocket/service/ws_server.cc b/src/daemon/entry/cri/websocket/service/ws_server.cc +index ea320ff4..078c856c 100644 +--- a/src/daemon/entry/cri/websocket/service/ws_server.cc ++++ b/src/daemon/entry/cri/websocket/service/ws_server.cc +@@ -326,7 +326,7 @@ void WebsocketServer::CloseWsSession(int socketID) + }).detach(); + } + +-int WebsocketServer::GenerateSessionData(SessionData *session, const std::string containerID) noexcept ++int WebsocketServer::GenerateSessionData(SessionData *session, const std::string &containerID) noexcept + { + char *suffix = nullptr; + int readPipeFd[2] = { -1, -1 }; +@@ -467,7 +467,7 @@ void WebsocketServer::DumpHandshakeInfo(struct lws *wsi) noexcept + + lws_hdr_copy(wsi, buf, sizeof(buf), (lws_token_indexes)n); + buf[sizeof(buf) - 1] = '\0'; +- DEBUG(" %s = %s", (char *)c, buf); ++ DEBUG(" %s = %s", reinterpret_cast(const_cast(c)), buf); + n++; + } while (c != nullptr); + } +@@ -562,14 +562,14 @@ void WebsocketServer::Receive(int socketID, void *in, size_t len, bool complete) + if (!it->second->IsStdinComplete()) { + DEBUG("Receive remaning stdin data with length %zu", len); + // Too much data may cause error 'resource temporarily unavaliable' by using 'write' +- if (util_write_nointr_in_total(m_wsis[socketID]->pipes.at(1), (char *)in, len) < 0) { ++ if (util_write_nointr_in_total(m_wsis[socketID]->pipes.at(1), static_cast(in), len) < 0) { + ERROR("Sub write over! err msg: %s", strerror(errno)); + } + goto out; + } + + if (*static_cast(in) == WebsocketChannel::RESIZECHANNEL) { +- if (ResizeTerminal(socketID, (char *)in + 1, len, it->second->containerID, it->second->suffix) != 0) { ++ if (ResizeTerminal(socketID, static_cast(in) + 1, len, it->second->containerID, it->second->suffix) != 0) { + ERROR("Failed to resize terminal tty"); + } + if (!complete) { +@@ -579,13 +579,13 @@ void WebsocketServer::Receive(int socketID, void *in, size_t len, bool complete) + } + + if (*static_cast(in) == WebsocketChannel::STDINCHANNEL) { +- if (util_write_nointr_in_total(m_wsis[socketID]->pipes.at(1), (char *)in + 1, len - 1) < 0) { ++ if (util_write_nointr_in_total(m_wsis[socketID]->pipes.at(1), static_cast(in) + 1, len - 1) < 0) { + ERROR("Sub write over! err msg: %s", strerror(errno)); + } + goto out; + } + +- ERROR("Invalid data: %s", (char *)in); ++ ERROR("Invalid data: %s", static_cast(in)); + + out: + it->second->SetStdinComplete(complete); +diff --git a/src/daemon/entry/cri/websocket/service/ws_server.h b/src/daemon/entry/cri/websocket/service/ws_server.h +index 7da56818..f0e6dc02 100644 +--- a/src/daemon/entry/cri/websocket/service/ws_server.h ++++ b/src/daemon/entry/cri/websocket/service/ws_server.h +@@ -79,7 +79,7 @@ private: + int Wswrite(struct lws *wsi, const unsigned char *message); + inline void DumpHandshakeInfo(struct lws *wsi) noexcept; + int RegisterStreamTask(struct lws *wsi) noexcept; +- int GenerateSessionData(SessionData *session, const std::string containerID) noexcept; ++ int GenerateSessionData(SessionData *session, const std::string &containerID) noexcept; + void ServiceWorkThread(int threadid); + void CloseWsSession(int socketID); + void CloseAllWsSession(); +diff --git a/src/daemon/executor/container_cb/execution_extend.c b/src/daemon/executor/container_cb/execution_extend.c +index 58303f80..00d130ac 100644 +--- a/src/daemon/executor/container_cb/execution_extend.c ++++ b/src/daemon/executor/container_cb/execution_extend.c +@@ -69,7 +69,6 @@ static int service_events_handler(const struct isulad_events_request *request, c + container_t *container = NULL; + + name = util_strdup_s(request->id); +- + /* check whether specified container exists */ + if (name != NULL) { + container = containers_store_get(name); +diff --git a/src/daemon/modules/container/container_unix.c b/src/daemon/modules/container/container_unix.c +index d9706f08..224be958 100644 +--- a/src/daemon/modules/container/container_unix.c ++++ b/src/daemon/modules/container/container_unix.c +@@ -1073,15 +1073,13 @@ bool container_reset_restart_manager(container_t *cont, bool reset_count) + /* get restart manager */ + restart_manager_t *get_restart_manager(container_t *cont) + { +- int failue_count = 0; +- + if (cont == NULL) { + ERROR("Invalid input arguments"); + return NULL; + } + + if (cont->rm == NULL) { +- failue_count = container_state_get_restart_count(cont->state); ++ int failue_count = container_state_get_restart_count(cont->state); + cont->rm = restart_manager_new(cont->hostconfig->restart_policy, failue_count); + if (cont->rm == NULL) { + return NULL; +diff --git a/src/daemon/modules/image/oci/oci_load.c b/src/daemon/modules/image/oci/oci_load.c +index 01b9ef6e..d1fbeafb 100644 +--- a/src/daemon/modules/image/oci/oci_load.c ++++ b/src/daemon/modules/image/oci/oci_load.c +@@ -1,5 +1,5 @@ + /****************************************************************************** +-* Copyright (c) Huawei Technologies Co., Ltd. 2019. All rights reserved. ++* Copyright (c) Huawei Technologies Co., Ltd. 2020-2023. All rights reserved. + * iSulad licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c +index 97919603..e8bc32ea 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c +@@ -96,6 +96,7 @@ static int handle_dm_thinpooldev(char *val, struct device_set *devset) + return -1; + } + tmp_val = util_trim_prefice_string(val, "/dev/mapper/"); ++ free(devset->thin_pool_device); + devset->thin_pool_device = util_strdup_s(tmp_val); + + return 0; +@@ -160,6 +161,7 @@ static int handle_dm_mountopt(char *val, struct device_set *devset) + isulad_set_error_message("Invalid dm.mountopt or devicemapper.mountopt value"); + return -1; + } ++ free(devset->mount_options); + devset->mount_options = util_strdup_s(val); + + return 0; +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c +index 7e851a26..c5864c90 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c +@@ -1,5 +1,5 @@ + /****************************************************************************** +- * Copyright (c) Huawei Technologies Co., Ltd. 2019. All rights reserved. ++ * Copyright (c) Huawei Technologies Co., Ltd. 2020-2023. All rights reserved. + * iSulad licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: +@@ -1948,7 +1948,6 @@ static int get_lower_dirs(const char *layer_dir, const struct graphdriver *drive + lowers_str = read_layer_lower_file(layer_dir); + lowers = util_string_split(lowers_str, ':'); + lowers_size = util_array_len((const char **)lowers); +- + if (lowers_size == 0) { + ret = 0; + goto out; +diff --git a/src/utils/cpputils/url.cc b/src/utils/cpputils/url.cc +index c75a17aa..49843644 100644 +--- a/src/utils/cpputils/url.cc ++++ b/src/utils/cpputils/url.cc +@@ -105,8 +105,10 @@ std::string QueryUnescape(const std::string &s) + int UnescapeDealWithPercentSign(size_t &i, std::string &s, const EncodeMode &mode) + { + std::string percent_sign = "%25"; ++ // URL encoding replaces unsafe ASCII characters with a "%" followed by two hexadecimal digits + if ((size_t)(i + 2) >= s.length() || !IsHex(s[i + 1]) || !IsHex(s[i + 2])) { + s.erase(s.begin(), s.begin() + (long)i); ++ // Remaining "%" with two hexadecimal digits + if (s.length() > 3) { + s.erase(s.begin() + 3, s.end()); + } +@@ -172,6 +174,7 @@ void DoUnescape(std::string &t, const std::string &s, const EncodeMode &mode) + switch (s[i]) { + case '%': { + char s1, s2; ++ // the "%" is followed by two hexadecimal digits + if (!GetHexDigit(s[i + 1], s1) || !GetHexDigit(s[i + 2], s2)) { + return; + } +diff --git a/src/utils/cpputils/url.h b/src/utils/cpputils/url.h +index 9b124c79..abbf20f4 100644 +--- a/src/utils/cpputils/url.h ++++ b/src/utils/cpputils/url.h +@@ -183,5 +183,3 @@ bool ValidUserinfo(const std::string &s); + } // namespace url + + #endif +- +- +diff --git a/src/utils/cutils/utils_mount_spec.c b/src/utils/cutils/utils_mount_spec.c +index 5386c115..e267c5a2 100644 +--- a/src/utils/cutils/utils_mount_spec.c ++++ b/src/utils/cutils/utils_mount_spec.c +@@ -1,5 +1,5 @@ + /****************************************************************************** +- * Copyright (c) Huawei Technologies Co., Ltd. 2018-2019. All rights reserved. ++ * Copyright (c) Huawei Technologies Co., Ltd. 2020-2023. All rights reserved. + * iSulad licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: +diff --git a/src/utils/cutils/utils_timestamp.c b/src/utils/cutils/utils_timestamp.c +index 7435e2fa..fee66ea8 100644 +--- a/src/utils/cutils/utils_timestamp.c ++++ b/src/utils/cutils/utils_timestamp.c +@@ -155,6 +155,7 @@ static bool get_time_buffer_help(const types_timestamp_t *timestamp, char *timeb + int32_t nanos; + struct tm tm_local = { 0 }; + size_t tmp_size = 0; ++ size_t timebuffer_len = 0; + time_t seconds; + bool west_timezone = false; + long int tm_gmtoff = 0; +@@ -167,7 +168,11 @@ static bool get_time_buffer_help(const types_timestamp_t *timestamp, char *timeb + + seconds = (time_t)timestamp->seconds; + localtime_r(&seconds, &tm_local); +- strftime(timebuffer, maxsize, "%Y-%m-%dT%H:%M:%S", &tm_local); ++ timebuffer_len = strftime(timebuffer, maxsize, "%Y-%m-%dT%H:%M:%S", &tm_local); ++ if (timebuffer_len == 0) { ++ ERROR("Failed to strftime"); ++ return false; ++ } + + if (timestamp->has_nanos) { + nanos = timestamp->nanos; +@@ -175,10 +180,10 @@ static bool get_time_buffer_help(const types_timestamp_t *timestamp, char *timeb + nanos = 0; + } + +- tmp_size = maxsize - strlen(timebuffer); ++ tmp_size = maxsize - timebuffer_len; + + if (local_utc) { +- nret = snprintf(timebuffer + strlen(timebuffer), tmp_size, ".%09dZ", nanos); ++ nret = snprintf(timebuffer + timebuffer_len, tmp_size, ".%09dZ", nanos); + goto out; + } + +@@ -197,9 +202,9 @@ static bool get_time_buffer_help(const types_timestamp_t *timestamp, char *timeb + tm_zone_min = (tm_gmtoff - tm_zone_hour * seconds_per_hour) / seconds_per_minutes; + + if (!west_timezone) { +- nret = snprintf(timebuffer + strlen(timebuffer), tmp_size, ".%09d+%02d:%02d", nanos, tm_zone_hour, tm_zone_min); ++ nret = snprintf(timebuffer + timebuffer_len, tmp_size, ".%09d+%02d:%02d", nanos, tm_zone_hour, tm_zone_min); + } else { +- nret = snprintf(timebuffer + strlen(timebuffer), tmp_size, ".%09d-%02d:%02d", nanos, tm_zone_hour, tm_zone_min); ++ nret = snprintf(timebuffer + timebuffer_len, tmp_size, ".%09d-%02d:%02d", nanos, tm_zone_hour, tm_zone_min); + } + + out: +diff --git a/src/utils/http/http.c b/src/utils/http/http.c +index 47d17455..1b0ba5be 100644 +--- a/src/utils/http/http.c ++++ b/src/utils/http/http.c +@@ -362,7 +362,8 @@ static size_t calc_replaced_url_len(const char *url) + max++; + continue; + } +- max += 3; /* ' ' to %20 so size should add 3 */ ++ /* ' ' to %20 so size should add 3 */ ++ max += 3; + } + + return max + 1; /* +1 for terminator */ +@@ -486,7 +487,6 @@ int http_request(const char *url, struct http_get_options *options, long *respon + + /* get it! */ + curl_result = curl_easy_perform(curl_handle); +- + if (curl_result != CURLE_OK) { + check_buf_len(options, errbuf, curl_result); + ret = -1; +diff --git a/src/utils/http/parser.c b/src/utils/http/parser.c +index d625182c..cf8425e4 100644 +--- a/src/utils/http/parser.c ++++ b/src/utils/http/parser.c +@@ -47,15 +47,15 @@ + #include "utils.h" + #include "isula_libutils/log.h" + +-size_t strlncat(char *dststr, size_t size, const char *srcstr, size_t nsize) ++size_t strlncat(char *dststr, size_t dststr_size, const char *srcstr, size_t srcstr_size) + { + size_t ssize, dsize; + +- ssize = (size_t)strnlen(srcstr, nsize); +- dsize = (size_t)strnlen(dststr, size); ++ ssize = (size_t)strnlen(srcstr, srcstr_size); ++ dsize = (size_t)strnlen(dststr, dststr_size); + +- if (dsize < size) { +- size_t rsize = size - dsize; ++ if (dsize < dststr_size) { ++ size_t rsize = dststr_size - dsize; + size_t ncpy = ssize < rsize ? ssize : (rsize - 1); + (void)memcpy(dststr + dsize, srcstr, ncpy); + dststr[dsize + ncpy] = '\0'; +diff --git a/src/utils/sha256/sha256.c b/src/utils/sha256/sha256.c +index 81375111..674c3289 100644 +--- a/src/utils/sha256/sha256.c ++++ b/src/utils/sha256/sha256.c +@@ -173,18 +173,16 @@ char *sha256_digest_file(const char *filename, bool isgzip) + break; + } + +- if (n > 0) { + #if OPENSSL_VERSION_MAJOR >= 3 +- if (!EVP_DigestUpdate(ctx, (unsigned char *)buffer, n)) { +- ERROR("Failed to pass the message to be digested"); +- ERR_print_errors_fp(stderr); +- ret = -1; +- goto out; +- } ++ if (!EVP_DigestUpdate(ctx, (unsigned char *)buffer, n)) { ++ ERROR("Failed to pass the message to be digested"); ++ ERR_print_errors_fp(stderr); ++ ret = -1; ++ goto out; ++ } + #else +- SHA256_Update(&ctx, buffer, n); ++ SHA256_Update(&ctx, buffer, n); + #endif +- } + + if (stream_check_eof(stream, isgzip)) { + break; +-- +2.40.1 + diff --git a/0119-2135-modify-incorrect-variable-type.patch b/0119-2135-modify-incorrect-variable-type.patch new file mode 100644 index 0000000..269f146 --- /dev/null +++ b/0119-2135-modify-incorrect-variable-type.patch @@ -0,0 +1,200 @@ +From cf1abd80174035c5561e7f64bdee7e99b9cab1ac Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Mon, 28 Aug 2023 06:46:10 +0000 +Subject: [PATCH 119/145] !2135 modify incorrect variable type * modify + incorrect variable type + +--- + src/client/connect/protocol_type.h | 2 +- + src/daemon/modules/image/oci/oci_load.c | 4 ++-- + src/daemon/modules/image/oci/registry/registry.c | 12 +++++++----- + .../oci/storage/layer_store/graphdriver/driver.c | 2 +- + .../image/oci/storage/layer_store/layer_store.c | 15 +++++++++------ + src/daemon/modules/image/oci/storage/storage.c | 2 +- + src/daemon/modules/image/oci/utils_images.c | 4 ++-- + src/daemon/modules/service/service_container.c | 2 +- + 8 files changed, 24 insertions(+), 19 deletions(-) + +diff --git a/src/client/connect/protocol_type.h b/src/client/connect/protocol_type.h +index 814d32f0..47c5c6d1 100644 +--- a/src/client/connect/protocol_type.h ++++ b/src/client/connect/protocol_type.h +@@ -239,7 +239,7 @@ typedef struct container_events_format { + char *opt; + char *id; + char **annotations; +- char annotations_len; ++ size_t annotations_len; + } container_events_format_t; + + typedef void (*container_events_callback_t)(const container_events_format_t *event); +diff --git a/src/daemon/modules/image/oci/oci_load.c b/src/daemon/modules/image/oci/oci_load.c +index d1fbeafb..fad69418 100644 +--- a/src/daemon/modules/image/oci/oci_load.c ++++ b/src/daemon/modules/image/oci/oci_load.c +@@ -159,7 +159,7 @@ static void oci_load_free_layer(load_layer_blob_t *l) + + static void oci_load_free_image(load_image_t *im) + { +- int i = 0; ++ size_t i = 0; + + if (im == NULL) { + return; +@@ -391,7 +391,7 @@ out: + + static int check_time_valid(oci_image_spec *conf) + { +- int i = 0; ++ size_t i = 0; + + if (!oci_valid_time(conf->created)) { + ERROR("Invalid created time %s", conf->created); +diff --git a/src/daemon/modules/image/oci/registry/registry.c b/src/daemon/modules/image/oci/registry/registry.c +index 402863a0..717f48b5 100644 +--- a/src/daemon/modules/image/oci/registry/registry.c ++++ b/src/daemon/modules/image/oci/registry/registry.c +@@ -649,18 +649,20 @@ static int register_layer(pull_descriptor *desc, size_t i) + + static int get_top_layer_index(pull_descriptor *desc, size_t *top_layer_index) + { +- int i = 0; ++ size_t i; + + if (desc == NULL || top_layer_index == NULL) { + ERROR("Invalid NULL pointer"); + return -1; + } +- +- for (i = desc->layers_len - 1; i >= 0; i--) { +- if (desc->layers[i].empty_layer) { ++ // iterate over the layers array in reverse order, starting from the last layer ++ // since i is an unsigned number, i traverses from layers_len to 1 ++ for (i = desc->layers_len; i > 0; i--) { ++ // the corresponding array index is [i - 1]: layers_len - 1 -> 0 ++ if (desc->layers[i - 1].empty_layer) { + continue; + } +- *top_layer_index = i; ++ *top_layer_index = i - 1; + return 0; + } + +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c +index b83c63b1..29223700 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c +@@ -342,7 +342,7 @@ int graphdriver_apply_diff(const char *id, const struct io_read_wrapper *content + container_inspect_graph_driver *graphdriver_get_metadata(const char *id) + { + int ret = -1; +- int i = 0; ++ size_t i = 0; + container_inspect_graph_driver *inspect_driver = NULL; + json_map_string_string *metadata = NULL; + +diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c +index 4751f020..057ffaa3 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c +@@ -752,7 +752,7 @@ out: + static int insert_memory_stores(const char *id, const struct layer_opts *opts, layer_t *l) + { + int ret = 0; +- int i = 0; ++ size_t i = 0; + + if (!append_layer_into_list(l)) { + ret = -1; +@@ -793,9 +793,12 @@ clear_compress_digest: + (void)delete_digest_from_map(g_metadata.by_compress_digest, l->slayer->compressed_diff_digest, id); + } + clear_by_name: +- for (i = i - 1; i >= 0; i--) { +- if (!map_remove(g_metadata.by_name, (void *)opts->names[i])) { +- WARN("Remove name: %s failed", opts->names[i]); ++ // iterate over the names in reverse order, starting from the last name ++ // since i is an unsigned number, i traverses from inserted name len to 1 ++ for (; i > 0; i--) { ++ // the corresponding array index is [i - 1]: inserted name len - 1 -> 0 ++ if (!map_remove(g_metadata.by_name, (void *)opts->names[i - 1])) { ++ WARN("Remove name: %s failed", opts->names[i - 1]); + } + } + if (!map_remove(g_metadata.by_id, (void *)id)) { +@@ -2032,7 +2035,7 @@ void layer_store_exit() + static uint64_t payload_to_crc(char *payload) + { + int ret = 0; +- int i = 0; ++ size_t i = 0; + uint64_t crc = 0; + uint8_t *crc_sums = NULL; + size_t crc_sums_len = 0; +@@ -2452,7 +2455,7 @@ int remote_load_one_layer(const char *id) + { + int ret = 0; + layer_t *tl = NULL; +- int i = 0; ++ size_t i = 0; + + if (!layer_store_lock(true)) { + return -1; +diff --git a/src/daemon/modules/image/oci/storage/storage.c b/src/daemon/modules/image/oci/storage/storage.c +index 07c3830b..cece9e90 100644 +--- a/src/daemon/modules/image/oci/storage/storage.c ++++ b/src/daemon/modules/image/oci/storage/storage.c +@@ -1536,7 +1536,7 @@ out: + + static bool is_rootfs_layer(const char *layer_id, const struct rootfs_list *all_rootfs) + { +- int j; ++ size_t j; + + if (all_rootfs == NULL || layer_id == NULL) { + return false; +diff --git a/src/daemon/modules/image/oci/utils_images.c b/src/daemon/modules/image/oci/utils_images.c +index 6acbbb12..d06ba058 100644 +--- a/src/daemon/modules/image/oci/utils_images.c ++++ b/src/daemon/modules/image/oci/utils_images.c +@@ -450,7 +450,7 @@ static char *convert_created_by(image_manifest_v1_compatibility *config) + int add_rootfs_and_history(const layer_blob *layers, size_t layers_len, const registry_manifest_schema1 *manifest, + docker_image_config_v2 *config) + { +- int i = 0; ++ size_t i = 0; + int ret = 0; + size_t history_index = 0; + parser_error err = NULL; +@@ -511,7 +511,7 @@ int add_rootfs_and_history(const layer_blob *layers, size_t layers_len, const re + + ret = util_array_append(&config->rootfs->diff_ids, layers[i].diff_id); + if (ret != 0) { +- ERROR("append diff id of layer %u to rootfs failed, diff id is %s", i, layers[i].diff_id); ++ ERROR("append diff id of layer %zu to rootfs failed, diff id is %s", i, layers[i].diff_id); + ret = -1; + goto out; + } +diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c +index 43968c63..5d6cabf7 100644 +--- a/src/daemon/modules/service/service_container.c ++++ b/src/daemon/modules/service/service_container.c +@@ -310,7 +310,6 @@ static int write_env_content(const char *env_path, const char **env, size_t env_ + int fd = -1; + size_t i = 0; + ssize_t nret = 0; +- int env_max = 4096; + + ret = create_env_path_dir(env_path); + if (ret < 0) { +@@ -325,6 +324,7 @@ static int write_env_content(const char *env_path, const char **env, size_t env_ + } + if (env != NULL) { + for (i = 0; i < env_len; i++) { ++ size_t env_max = 4096; + if (strlen(env[i]) > env_max) { + ERROR("Env is too long"); + ret = -1; +-- +2.40.1 + diff --git a/0120-Fix-null-ptr-and-buffer-overflow-issues.patch b/0120-Fix-null-ptr-and-buffer-overflow-issues.patch new file mode 100644 index 0000000..1be18bb --- /dev/null +++ b/0120-Fix-null-ptr-and-buffer-overflow-issues.patch @@ -0,0 +1,465 @@ +From 15938534b7a3fba2b39c3f7942834adf55d2a6a6 Mon Sep 17 00:00:00 2001 +From: xuxuepeng +Date: Mon, 28 Aug 2023 16:38:02 +0800 +Subject: [PATCH 120/145] Fix null-ptr and buffer overflow issues + +Signed-off-by: xuxuepeng +--- + .../connect/grpc/grpc_containers_service.cc | 5 +-- + .../grpc/grpc_containers_service_private.cc | 2 +- + .../connect/grpc/grpc_server_tls_auth.cc | 2 +- + .../entry/connect/grpc/grpc_server_tls_auth.h | 2 +- + .../connect/rest/rest_containers_service.c | 2 +- + src/daemon/entry/cri/cni_network_plugin.h | 6 ++-- + .../cri/cri_image_manager_service_impl.cc | 2 +- + .../cri/cri_image_manager_service_impl.h | 4 +-- + .../entry/cri/websocket/service/ws_server.cc | 5 +++ + src/daemon/modules/runtime/shim/shim_rt_ops.c | 6 ++++ + .../modules/service/service_container.c | 4 +-- + src/daemon/modules/spec/parse_volume.c | 5 +++ + src/daemon/modules/spec/specs_extend.c | 12 +++++++ + src/daemon/modules/spec/specs_mount.c | 34 ++++++++++++++++--- + src/daemon/modules/spec/specs_mount.h | 2 -- + src/daemon/modules/spec/specs_namespace.c | 6 ++-- + src/daemon/modules/spec/specs_security.c | 11 +----- + src/daemon/modules/volume/local.c | 3 +- + src/daemon/modules/volume/volume.c | 2 +- + 19 files changed, 81 insertions(+), 34 deletions(-) + +diff --git a/src/daemon/entry/connect/grpc/grpc_containers_service.cc b/src/daemon/entry/connect/grpc/grpc_containers_service.cc +index f69613ce..ab762853 100644 +--- a/src/daemon/entry/connect/grpc/grpc_containers_service.cc ++++ b/src/daemon/entry/connect/grpc/grpc_containers_service.cc +@@ -18,14 +18,15 @@ + #include + #include + #include +-#include "isula_libutils/log.h" ++#include ++#include ++ + #include "utils.h" + #include "error.h" + #include "cxxutils.h" + #include "stoppable_thread.h" + #include "grpc_server_tls_auth.h" + #include "container_api.h" +-#include "isula_libutils/logger_json_file.h" + + void protobuf_timestamp_to_grpc(const types_timestamp_t *timestamp, Timestamp *gtimestamp) + { +diff --git a/src/daemon/entry/connect/grpc/grpc_containers_service_private.cc b/src/daemon/entry/connect/grpc/grpc_containers_service_private.cc +index 853336fe..8cf9ae78 100644 +--- a/src/daemon/entry/connect/grpc/grpc_containers_service_private.cc ++++ b/src/daemon/entry/connect/grpc/grpc_containers_service_private.cc +@@ -13,7 +13,7 @@ + * Description: provide grpc container service private functions + ******************************************************************************/ + #include "grpc_containers_service.h" +-#include "isula_libutils/log.h" ++#include + #include "utils.h" + #include "error.h" + +diff --git a/src/daemon/entry/connect/grpc/grpc_server_tls_auth.cc b/src/daemon/entry/connect/grpc/grpc_server_tls_auth.cc +index 737bb129..968a6dfe 100644 +--- a/src/daemon/entry/connect/grpc/grpc_server_tls_auth.cc ++++ b/src/daemon/entry/connect/grpc/grpc_server_tls_auth.cc +@@ -24,7 +24,7 @@ std::string auth_plugin = ""; + } // namespace AuthorizationPluginConfig + + namespace GrpcServerTlsAuth { +-Status auth(ServerContext *context, std::string action) ++Status auth(ServerContext *context, const std::string &action) + { + #ifdef ENABLE_GRPC_REMOTE_CONNECT + const std::multimap &init_metadata = context->client_metadata(); +diff --git a/src/daemon/entry/connect/grpc/grpc_server_tls_auth.h b/src/daemon/entry/connect/grpc/grpc_server_tls_auth.h +index ee66529f..f429a02d 100644 +--- a/src/daemon/entry/connect/grpc/grpc_server_tls_auth.h ++++ b/src/daemon/entry/connect/grpc/grpc_server_tls_auth.h +@@ -27,7 +27,7 @@ extern std::string auth_plugin; + }; // namespace AuthorizationPluginConfig + + namespace GrpcServerTlsAuth { +-Status auth(ServerContext *context, std::string action); ++Status auth(ServerContext *context, const std::string &action); + }; // namespace GrpcServerTlsAuth + + #endif // DAEMON_ENTRY_CONNECT_GRPC_GRPC_SERVER_TLS_AUTH_H +diff --git a/src/daemon/entry/connect/rest/rest_containers_service.c b/src/daemon/entry/connect/rest/rest_containers_service.c +index 397660e2..73eda508 100644 +--- a/src/daemon/entry/connect/rest/rest_containers_service.c ++++ b/src/daemon/entry/connect/rest/rest_containers_service.c +@@ -15,8 +15,8 @@ + #include "rest_containers_service.h" + #include + #include ++#include + +-#include "isula_libutils/log.h" + #include "utils.h" + #include "error.h" + #include "callback.h" +diff --git a/src/daemon/entry/cri/cni_network_plugin.h b/src/daemon/entry/cri/cni_network_plugin.h +index 434222b5..1518c5f4 100644 +--- a/src/daemon/entry/cri/cni_network_plugin.h ++++ b/src/daemon/entry/cri/cni_network_plugin.h +@@ -32,9 +32,9 @@ + + namespace Network { + #define UNUSED(x) ((void)(x)) +-static const std::string CNI_PLUGIN_NAME { "cni" }; +-static const std::string DEFAULT_NET_DIR { "/etc/cni/net.d" }; +-static const std::string DEFAULT_CNI_DIR { "/opt/cni/bin" }; ++const std::string CNI_PLUGIN_NAME { "cni" }; ++const std::string DEFAULT_NET_DIR { "/etc/cni/net.d" }; ++const std::string DEFAULT_CNI_DIR { "/opt/cni/bin" }; + + class CNINetwork { + public: +diff --git a/src/daemon/entry/cri/cri_image_manager_service_impl.cc b/src/daemon/entry/cri/cri_image_manager_service_impl.cc +index 69573a70..ad9e8ef1 100644 +--- a/src/daemon/entry/cri/cri_image_manager_service_impl.cc ++++ b/src/daemon/entry/cri/cri_image_manager_service_impl.cc +@@ -1,5 +1,5 @@ + /****************************************************************************** +- * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. ++ * Copyright (c) Huawei Technologies Co., Ltd. 2017-2020. All rights reserved. + * iSulad licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: +diff --git a/src/daemon/entry/cri/cri_image_manager_service_impl.h b/src/daemon/entry/cri/cri_image_manager_service_impl.h +index 4c317c1f..b94f8908 100644 +--- a/src/daemon/entry/cri/cri_image_manager_service_impl.h ++++ b/src/daemon/entry/cri/cri_image_manager_service_impl.h +@@ -1,5 +1,5 @@ + /****************************************************************************** +- * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. ++ * Copyright (c) Huawei Technologies Co., Ltd. 2017-2020. All rights reserved. + * iSulad licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: +@@ -19,7 +19,7 @@ + #include + #include + #include +-// #include "cri_services.h" ++ + #include "image_api.h" + #include "cri_image_manager_service.h" + +diff --git a/src/daemon/entry/cri/websocket/service/ws_server.cc b/src/daemon/entry/cri/websocket/service/ws_server.cc +index 078c856c..6c379d9d 100644 +--- a/src/daemon/entry/cri/websocket/service/ws_server.cc ++++ b/src/daemon/entry/cri/websocket/service/ws_server.cc +@@ -712,6 +712,11 @@ void DoWriteToClient(SessionData *session, const void *data, size_t len, Websock + ERROR("Out of memory"); + return; + } ++ if (len > MAX_BUFFER_SIZE) { ++ ERROR("Message exceeds maximum length %d, len = %zu", MAX_BUFFER_SIZE, len); ++ free(buf); ++ return; ++ } + // Determine if it is standard output channel or error channel + buf[LWS_PRE] = static_cast(channel); + +diff --git a/src/daemon/modules/runtime/shim/shim_rt_ops.c b/src/daemon/modules/runtime/shim/shim_rt_ops.c +index a437399d..d86418b0 100644 +--- a/src/daemon/modules/runtime/shim/shim_rt_ops.c ++++ b/src/daemon/modules/runtime/shim/shim_rt_ops.c +@@ -495,6 +495,12 @@ static int file_read_address(const char *fname, char *addr) + goto out; + } + ++ if (strlen(buf) >= PATH_MAX) { ++ ERROR("address in file %s is too long", fname); ++ ret = -1; ++ goto out; ++ } ++ + (void)stpcpy(addr, buf); + + out: +diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c +index 5d6cabf7..f278d8ab 100644 +--- a/src/daemon/modules/service/service_container.c ++++ b/src/daemon/modules/service/service_container.c +@@ -1374,7 +1374,7 @@ static int force_kill(container_t *cont) + { + int ret = 0; + const char *id = cont->common_config->id; +- int stop_signal = container_stop_signal(cont); ++ uint32_t stop_signal = container_stop_signal(cont); + + ret = kill_with_signal(cont, SIGKILL); + if (ret != 0) { +@@ -1401,7 +1401,7 @@ int stop_container(container_t *cont, int timeout, bool force, bool restart) + { + int ret = 0; + char *id = NULL; +- int stop_signal = 0; ++ uint32_t stop_signal = 0; + + if (cont == NULL) { + ERROR("Invalid input arguments"); +diff --git a/src/daemon/modules/spec/parse_volume.c b/src/daemon/modules/spec/parse_volume.c +index 40c4cecb..3d416a05 100644 +--- a/src/daemon/modules/spec/parse_volume.c ++++ b/src/daemon/modules/spec/parse_volume.c +@@ -112,6 +112,11 @@ static int check_mount_source(const defs_mount *m) + + int append_default_tmpfs_options(defs_mount *m) + { ++ ++ if (m == NULL) { ++ return -1; ++ } ++ + if (util_array_append(&m->options, "noexec") != 0) { + ERROR("append default tmpfs options noexec failed"); + return -1; +diff --git a/src/daemon/modules/spec/specs_extend.c b/src/daemon/modules/spec/specs_extend.c +index c8faa102..5ede7936 100644 +--- a/src/daemon/modules/spec/specs_extend.c ++++ b/src/daemon/modules/spec/specs_extend.c +@@ -384,6 +384,10 @@ int merge_env_target_file(oci_runtime_spec *oci_spec, const char *env_target_fil + char *env_path = NULL; + json_map_string_string *env_map = NULL; + ++ if (oci_spec == NULL) { ++ return -1; ++ } ++ + if (env_target_file == NULL) { + return 0; + } +@@ -484,6 +488,10 @@ char *oci_container_get_env(const oci_runtime_spec *oci_spec, const char *key) + + int make_sure_oci_spec_linux(oci_runtime_spec *oci_spec) + { ++ if (oci_spec == NULL) { ++ return -1; ++ } ++ + if (oci_spec->linux == NULL) { + oci_spec->linux = util_common_calloc_s(sizeof(oci_runtime_config_linux)); + if (oci_spec->linux == NULL) { +@@ -495,6 +503,10 @@ int make_sure_oci_spec_linux(oci_runtime_spec *oci_spec) + + int make_sure_oci_spec_process(oci_runtime_spec *oci_spec) + { ++ if (oci_spec == NULL) { ++ return -1; ++ } ++ + if (oci_spec->process == NULL) { + oci_spec->process = util_common_calloc_s(sizeof(defs_process)); + if (oci_spec->process == NULL) { +diff --git a/src/daemon/modules/spec/specs_mount.c b/src/daemon/modules/spec/specs_mount.c +index 7ee4c5f9..3b26e091 100644 +--- a/src/daemon/modules/spec/specs_mount.c ++++ b/src/daemon/modules/spec/specs_mount.c +@@ -144,7 +144,7 @@ int adapt_settings_for_mounts(oci_runtime_spec *oci_spec, container_config *cont + int ret = 0; + char **array_str = NULL; + +- if (container_spec == NULL) { ++ if (oci_spec == NULL || container_spec == NULL) { + return -1; + } + +@@ -1235,6 +1235,10 @@ int merge_all_devices_and_all_permission(oci_runtime_spec *oci_spec) + defs_resources *ptr = NULL; + defs_device_cgroup *spec_dev_cgroup = NULL; + ++ if (oci_spec == NULL) { ++ return -1; ++ } ++ + ret = merge_all_devices_in_dir("/dev", NULL, NULL, oci_spec); + if (ret != 0) { + ERROR("Failed to merge all devices in /dev"); +@@ -2212,6 +2216,11 @@ int merge_conf_device(oci_runtime_spec *oci_spec, host_config *host_spec) + { + int ret = 0; + ++ if (oci_spec == NULL || host_spec == NULL) { ++ ERROR("Invalid input arguments"); ++ return -1; ++ } ++ + /* blkio weight devices */ + if (host_spec->blkio_weight_device != NULL && host_spec->blkio_weight_device_len != 0) { + ret = merge_blkio_weight_device(oci_spec, host_spec->blkio_weight_device, host_spec->blkio_weight_device_len); +@@ -2909,7 +2918,7 @@ static int calc_volumes_from_len(host_config *host_spec, size_t *len) + char *mode = NULL; + container_t *cont = NULL; + int ret = 0; +- int i = 0; ++ size_t i = 0; + + *len = 0; + for (i = 0; i < host_spec->volumes_from_len; i++) { +@@ -3347,11 +3356,18 @@ out: + int merge_conf_mounts(oci_runtime_spec *oci_spec, host_config *host_spec, container_config_v2_common_config *v2_spec) + { + int ret = 0; +- container_config *container_spec = v2_spec->config; ++ container_config *container_spec = NULL; + defs_mount **all_fs_mounts = NULL; + size_t all_fs_mounts_len = 0; + bool mounted = false; + ++ if (oci_spec == NULL || host_spec == NULL || v2_spec == NULL) { ++ ERROR("Invalid arguments"); ++ return -1; ++ } ++ ++ container_spec = v2_spec->config; ++ + ret = im_mount_container_rootfs(v2_spec->image_type, v2_spec->image, v2_spec->id); + if (ret != 0) { + ERROR("Mount container %s failed when merge mounts", v2_spec->id); +@@ -3379,6 +3395,7 @@ int merge_conf_mounts(oci_runtime_spec *oci_spec, host_config *host_spec, contai + if (host_spec->host_channel != NULL) { + if (!add_host_channel_mount(&all_fs_mounts, &all_fs_mounts_len, host_spec->host_channel)) { + ERROR("Failed to merge host channel mount"); ++ ret = -1; + goto out; + } + } +@@ -3402,7 +3419,11 @@ int merge_conf_mounts(oci_runtime_spec *oci_spec, host_config *host_spec, contai + /* add ipc mount */ + if (v2_spec->shm_path != NULL) { + // check whether duplication +- add_shm_mount(&all_fs_mounts, &all_fs_mounts_len, v2_spec->shm_path); ++ if (!add_shm_mount(&all_fs_mounts, &all_fs_mounts_len, v2_spec->shm_path)) { ++ ERROR("Failed to add shm mount"); ++ ret = -1; ++ goto out; ++ } + } + + if (!host_spec->system_container) { +@@ -3446,6 +3467,11 @@ int add_rootfs_mount(const container_config *container_spec) + int ret = 0; + char *mntparent = NULL; + ++ if (container_spec == NULL) { ++ ERROR("Invalid arguments"); ++ return -1; ++ } ++ + mntparent = conf_get_isulad_mount_rootfs(); + if (mntparent == NULL) { + ERROR("Failed to get mount parent directory"); +diff --git a/src/daemon/modules/spec/specs_mount.h b/src/daemon/modules/spec/specs_mount.h +index 3283d92b..8a28f0e2 100644 +--- a/src/daemon/modules/spec/specs_mount.h ++++ b/src/daemon/modules/spec/specs_mount.h +@@ -41,8 +41,6 @@ int set_mounts_readwrite_option(const oci_runtime_spec *oci_spec); + + int merge_all_devices_and_all_permission(oci_runtime_spec *oci_spec); + +-bool mount_run_tmpfs(oci_runtime_spec *container, const host_config *host_spec, const char *path); +- + int merge_conf_device(oci_runtime_spec *oci_spec, host_config *host_spec); + + int setup_ipc_dirs(host_config *host_spec, container_config_v2_common_config *v2_spec); +diff --git a/src/daemon/modules/spec/specs_namespace.c b/src/daemon/modules/spec/specs_namespace.c +index 2bf4cc36..3c54911a 100644 +--- a/src/daemon/modules/spec/specs_namespace.c ++++ b/src/daemon/modules/spec/specs_namespace.c +@@ -200,13 +200,15 @@ int get_network_namespace_path(const host_config *host_spec, + { SHARE_NAMESPACE_FILE, handle_get_path_from_file }, + }; + size_t jump_table_size = sizeof(handler_jump_table) / sizeof(handler_jump_table[0]); +- const char *network_mode = host_spec->network_mode; ++ const char *network_mode = NULL; + +- if (network_mode == NULL || dest_path == NULL) { ++ if (host_spec == NULL || host_spec->network_mode == NULL || dest_path == NULL) { + ERROR("Invalid input"); + return -1; + } + ++ network_mode = host_spec->network_mode; ++ + for (index = 0; index < jump_table_size; ++index) { + if (strncmp(network_mode, handler_jump_table[index].mode, strlen(handler_jump_table[index].mode)) == 0) { + ret = handler_jump_table[index].handle(host_spec, network_settings, type, dest_path); +diff --git a/src/daemon/modules/spec/specs_security.c b/src/daemon/modules/spec/specs_security.c +index d4884097..432339b0 100644 +--- a/src/daemon/modules/spec/specs_security.c ++++ b/src/daemon/modules/spec/specs_security.c +@@ -501,11 +501,6 @@ static size_t docker_seccomp_arches_count(const char *seccomp_architecture, cons + size_t count = 0; + size_t i = 0; + +- if (seccomp_architecture == NULL) { +- ERROR("Invalid input seccomp architecture"); +- return -1; +- } +- + for (i = 0; i < docker_seccomp_spec->arch_map_len; ++i) { + if (docker_seccomp_spec->arch_map[i] == NULL || docker_seccomp_spec->arch_map[i]->architecture == NULL) { + continue; +@@ -532,10 +527,6 @@ static int dup_architectures_to_oci_spec(const char *seccomp_architecture, const + } + + arch_size = docker_seccomp_arches_count(seccomp_architecture, docker_seccomp_spec); +- if (arch_size < 0) { +- ERROR("Failed to get arches count from docker seccomp spec"); +- return -1; +- } + + if (arch_size == 0) { + WARN("arch map is not provided in specified seccomp profile"); +@@ -743,7 +734,7 @@ int merge_default_seccomp_spec(oci_runtime_spec *oci_spec, const defs_process_ca + oci_runtime_config_linux_seccomp *oci_seccomp_spec = NULL; + docker_seccomp *docker_seccomp_spec = NULL; + +- if (oci_spec->process == NULL || oci_spec->process->capabilities == NULL) { ++ if (oci_spec == NULL || oci_spec->process == NULL || oci_spec->process->capabilities == NULL) { + return 0; + } + +diff --git a/src/daemon/modules/volume/local.c b/src/daemon/modules/volume/local.c +index 87b90317..c46d4de0 100644 +--- a/src/daemon/modules/volume/local.c ++++ b/src/daemon/modules/volume/local.c +@@ -403,6 +403,7 @@ static struct volume *volume_create_nolock(char *name) + + if (!map_insert(g_volumes->vols_by_name, v->name, v)) { + ERROR("failed to insert volume %s", v->name); ++ ret = -1; + goto out; + } + +@@ -630,7 +631,7 @@ int register_local_volume(char *root_dir) + } + + local_volume_root_dir = util_path_join(root_dir, LOCAL_VOLUME_ROOT_DIR_NAME); +- if (root_dir == NULL) { ++ if (local_volume_root_dir == NULL) { + ERROR("out of memory"); + ret = -1; + goto out; +diff --git a/src/daemon/modules/volume/volume.c b/src/daemon/modules/volume/volume.c +index 8255aff9..0d348bb4 100644 +--- a/src/daemon/modules/volume/volume.c ++++ b/src/daemon/modules/volume/volume.c +@@ -130,7 +130,7 @@ static int insert_driver(char *name, volume_driver *driver) + } + + if (!map_insert(g_vs.drivers, name, d)) { +- ERROR("out of memory"); ++ ERROR("Failed to insert volume driver %s", name); + ret = -1; + goto out; + } +-- +2.40.1 + diff --git a/0121-make-sure-the-input-parameter-is-not-empty-and-optim.patch b/0121-make-sure-the-input-parameter-is-not-empty-and-optim.patch new file mode 100644 index 0000000..28429d0 --- /dev/null +++ b/0121-make-sure-the-input-parameter-is-not-empty-and-optim.patch @@ -0,0 +1,1585 @@ +From 9b6623fa0d1d46de6e2990a5076d0730563f5523 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Fri, 25 Aug 2023 17:34:12 +0800 +Subject: [PATCH 121/145] make sure the input parameter is not empty and + optimize the code + +Signed-off-by: zhongtao +--- + src/daemon/modules/api/image_api.h | 2 +- + src/daemon/modules/image/external/ext_image.c | 8 ++- + src/daemon/modules/image/image.c | 50 ++++++++++++----- + src/daemon/modules/image/image_spec_merge.c | 2 +- + .../modules/image/oci/oci_common_operators.c | 9 ++- + src/daemon/modules/image/oci/oci_image.c | 8 +-- + src/daemon/modules/image/oci/oci_image.h | 2 +- + src/daemon/modules/image/oci/oci_image_type.h | 42 -------------- + src/daemon/modules/image/oci/oci_import.c | 1 + + src/daemon/modules/image/oci/oci_load.c | 10 +--- + src/daemon/modules/image/oci/oci_load.h | 2 +- + src/daemon/modules/image/oci/oci_login.c | 2 +- + src/daemon/modules/image/oci/oci_logout.c | 2 +- + src/daemon/modules/image/oci/oci_pull.c | 4 +- + .../image/oci/registry/registry_apiv2.c | 2 +- + .../oci/storage/image_store/image_store.c | 45 ++++++++++++--- + .../oci/storage/image_store/image_store.h | 4 +- + .../graphdriver/devmapper/deviceset.c | 10 ++-- + .../graphdriver/devmapper/driver_devmapper.c | 4 +- + .../graphdriver/devmapper/wrapper_devmapper.c | 14 +++-- + .../graphdriver/devmapper/wrapper_devmapper.h | 8 +-- + .../graphdriver/overlay2/driver_overlay2.c | 17 +++--- + .../graphdriver/overlay2/driver_overlay2.h | 2 - + .../image/oci/storage/layer_store/layer.c | 2 +- + .../image/oci/storage/layer_store/layer.h | 2 +- + .../oci/storage/layer_store/layer_store.c | 55 ++++++++----------- + .../oci/storage/layer_store/layer_store.h | 8 +-- + .../remote_layer_support/image_remote_impl.c | 12 +++- + .../remote_layer_support/layer_remote_impl.c | 10 ++++ + .../overlay_remote_impl.c | 10 ++++ + .../remote_layer_support/remote_support.c | 5 ++ + .../ro_symlink_maintain.c | 11 +++- + .../oci/storage/rootfs_store/rootfs_store.c | 8 +-- + .../oci/storage/rootfs_store/rootfs_store.h | 6 +- + .../modules/image/oci/storage/storage.c | 35 ++++++++++-- + .../modules/image/oci/storage/storage.h | 6 +- + src/daemon/modules/image/oci/utils_images.c | 7 ++- + src/daemon/modules/image/oci/utils_images.h | 2 +- + src/utils/http/http.h | 2 + + .../oci/storage/layers/storage_driver_ut.cc | 10 +--- + .../oci/storage/layers/storage_layers_ut.cc | 34 ------------ + test/mocks/driver_overlay2_mock.cc | 8 --- + test/mocks/driver_overlay2_mock.h | 1 - + 43 files changed, 254 insertions(+), 230 deletions(-) + delete mode 100644 src/daemon/modules/image/oci/oci_image_type.h + +diff --git a/src/daemon/modules/api/image_api.h b/src/daemon/modules/api/image_api.h +index b8d7fd5b..f45ae467 100644 +--- a/src/daemon/modules/api/image_api.h ++++ b/src/daemon/modules/api/image_api.h +@@ -222,7 +222,7 @@ struct graphdriver_status { + + int image_module_init(const isulad_daemon_configs *args); + +-void image_module_exit(); ++void image_module_exit(void); + + int im_get_container_filesystem_usage(const char *image_type, const char *id, imagetool_fs_info **fs_usage); + +diff --git a/src/daemon/modules/image/external/ext_image.c b/src/daemon/modules/image/external/ext_image.c +index d918f4ce..0d34d5d1 100644 +--- a/src/daemon/modules/image/external/ext_image.c ++++ b/src/daemon/modules/image/external/ext_image.c +@@ -138,13 +138,17 @@ int ext_list_images(const im_list_request *request, imagetool_images_list **list + { + int ret = 0; + ++ if (request == NULL || list == NULL) { ++ ERROR("Empty request or list"); ++ return -1; ++ } ++ + *list = util_common_calloc_s(sizeof(imagetool_images_list)); + if (*list == NULL) { + ERROR("Memory out"); + ret = -1; +- goto out; + } +-out: ++ + return ret; + } + +diff --git a/src/daemon/modules/image/image.c b/src/daemon/modules/image/image.c +index 923e72b2..4b0e2c07 100644 +--- a/src/daemon/modules/image/image.c ++++ b/src/daemon/modules/image/image.c +@@ -358,8 +358,8 @@ int im_resolv_image_name(const char *image_type, const char *image_name, char ** + int ret = -1; + const struct bim_type *q = NULL; + +- if (image_type == NULL) { +- ERROR("Image type is required"); ++ if (image_type == NULL || image_name == NULL || resolved_name == NULL) { ++ ERROR("Image type image_name and resolved_name is required"); + goto out; + } + q = get_bim_by_type(image_type); +@@ -386,8 +386,8 @@ int im_get_filesystem_info(const char *image_type, im_fs_info_response **respons + int ret = -1; + const struct bim_type *q = NULL; + +- if (image_type == NULL) { +- ERROR("Image type is required"); ++ if (image_type == NULL || response == NULL) { ++ ERROR("Image type and response is required"); + goto out; + } + +@@ -403,7 +403,7 @@ int im_get_filesystem_info(const char *image_type, im_fs_info_response **respons + INFO("Event: {Object: get image filesystem info, Type: inspecting}"); + ret = q->ops->get_filesystem_info(response); + if (ret != 0) { +- if (response != NULL && *response != NULL) { ++ if (*response != NULL && (*response)->errmsg != NULL) { + ERROR("Get filesystem info failed: %s", (*response)->errmsg); + } else { + ERROR("Get filesystem info failed"); +@@ -423,7 +423,7 @@ int im_get_container_filesystem_usage(const char *image_type, const char *id, im + const struct bim_type *q = NULL; + im_container_fs_usage_request *request = NULL; + +- if (image_type == NULL || id == NULL) { ++ if (image_type == NULL || id == NULL || fs_usage == NULL) { + ERROR("Invalid input arguments"); + ret = -1; + goto out; +@@ -747,6 +747,12 @@ bool im_config_image_exist(const char *image_name) + { + const struct bim_type *bim_type = NULL; + ++ if (image_name == NULL) { ++ ERROR("Invalid input arguments"); ++ isulad_set_error_message("Invalid input arguments"); ++ return false; ++ } ++ + bim_type = bim_query(image_name); + if (bim_type == NULL) { + ERROR("Config image %s not exist", image_name); +@@ -762,7 +768,7 @@ int im_merge_image_config(const char *image_type, const char *image_name, contai + int ret = 0; + struct bim *bim = NULL; + +- if (container_spec == NULL || image_type == NULL) { ++ if (container_spec == NULL || image_name == NULL || image_type == NULL) { + ERROR("Invalid input arguments"); + ret = -1; + goto out; +@@ -889,7 +895,7 @@ int im_list_images(const im_list_request *ctx, im_list_response **response) + size_t i; + imagetool_images_list *images_tmp = NULL; + +- if (response == NULL) { ++ if (ctx == NULL || response == NULL) { + ERROR("Empty arguments"); + return -1; + } +@@ -966,6 +972,12 @@ static bool check_im_pull_args(const im_pull_request *req, im_pull_response * co + isulad_set_error_message("Empty image required"); + return false; + } ++ ++ if (req->type == NULL) { ++ ERROR("Empty type required"); ++ isulad_set_error_message("Empty type required"); ++ return false; ++ } + return true; + } + +@@ -1063,7 +1075,7 @@ int im_import_image(const im_import_request *request, char **id) + return -1; + } + +- if (request->file == NULL) { ++ if (request->file == NULL || request->tag == NULL) { + ERROR("Import image requires image tarball file path"); + isulad_set_error_message("Import image requires image tarball file path"); + goto pack_response; +@@ -1169,7 +1181,8 @@ int im_load_image(const im_load_request *request, im_load_response **response) + + ret = bim->ops->load_image(request); + if (ret != 0) { +- ERROR("Failed to load image from %s with tag %s and type %s", request->file, request->tag, request->type); ++ // request->tag may be empty ++ ERROR("Failed to load image from %s with type %s", request->file, request->type); + ret = -1; + goto pack_response; + } +@@ -1352,11 +1365,16 @@ int im_logout(const im_logout_request *request, im_logout_response **response) + int ret = -1; + struct bim *bim = NULL; + +- if (response == NULL) { ++ if (request == NULL || response == NULL) { + ERROR("Empty response"); + return -1; + } + ++ if (request->type == NULL || request->server == NULL) { ++ ERROR("Empty type or server"); ++ return -1; ++ } ++ + *response = util_common_calloc_s(sizeof(im_logout_response)); + if (*response == NULL) { + ERROR("Out of memory"); +@@ -1826,13 +1844,12 @@ char *im_get_rootfs_dir(const im_get_rf_dir_request *request) + char *dir = NULL; + struct bim *bim = NULL; + +- if (request->type == NULL) { ++ if (request == NULL || request->type == NULL) { + ERROR("Missing image type"); + return NULL; + } + + bim = bim_get(request->type, NULL, NULL, NULL); +- + if (bim == NULL) { + ERROR("Failed to init bim, image type:%s", request->type); + return NULL; +@@ -1900,7 +1917,7 @@ int image_module_init(const isulad_daemon_configs *args) + return bims_init(args); + } + +-void image_module_exit() ++void image_module_exit(void) + { + size_t i; + +@@ -1999,6 +2016,9 @@ struct graphdriver_status *im_graphdriver_get_status(void) + + bool im_oci_image_exist(const char *image_or_id) + { ++ if (image_or_id == NULL) { ++ return false; ++ } + #ifdef ENABLE_OCI_IMAGE + return storage_image_exist(image_or_id); + #else +@@ -2019,7 +2039,7 @@ int im_prepare_container_rootfs(const im_prepare_request *request, char **real_r + int nret = 0; + struct bim *bim = NULL; + +- if (request == NULL) { ++ if (request == NULL || real_rootfs == NULL) { + ERROR("Invalid input arguments"); + return -1; + } +diff --git a/src/daemon/modules/image/image_spec_merge.c b/src/daemon/modules/image/image_spec_merge.c +index e8cdae28..1e857bb7 100644 +--- a/src/daemon/modules/image/image_spec_merge.c ++++ b/src/daemon/modules/image/image_spec_merge.c +@@ -29,7 +29,7 @@ int image_spec_merge_env(const char **env, size_t env_len, container_config *con + char **im_kv = NULL; + char **custom_kv = NULL; + +- if (env == NULL || env_len == 0) { ++ if (env == NULL || env_len == 0 || container_spec == NULL) { + return 0; + } + +diff --git a/src/daemon/modules/image/oci/oci_common_operators.c b/src/daemon/modules/image/oci/oci_common_operators.c +index d33c3585..7ff25534 100644 +--- a/src/daemon/modules/image/oci/oci_common_operators.c ++++ b/src/daemon/modules/image/oci/oci_common_operators.c +@@ -59,7 +59,7 @@ char *oci_resolve_image_name(const char *name) + + int oci_get_user_conf(const char *basefs, host_config *hc, const char *userstr, defs_process_user *puser) + { +- if (basefs == NULL || puser == NULL) { ++ if (basefs == NULL || puser == NULL || hc == NULL) { + ERROR("Empty basefs or puser"); + return -1; + } +@@ -373,6 +373,11 @@ int oci_list_images(const im_list_request *request, imagetool_images_list **imag + int ret = 0; + struct filters_args *image_filters = NULL; + ++ if (request == NULL || images == NULL) { ++ ERROR("Empty request or images"); ++ return -1; ++ } ++ + if (request != NULL && request->image_filters != NULL) { + image_filters = request->image_filters; + } +@@ -410,7 +415,7 @@ int oci_summary_image(im_summary_request *request, im_summary_response *response + char *image_ref = NULL; + char *resolved_name = NULL; + +- if (response == NULL) { ++ if (request == NULL || response == NULL) { + ERROR("Invalid arguments"); + return -1; + } +diff --git a/src/daemon/modules/image/oci/oci_image.c b/src/daemon/modules/image/oci/oci_image.c +index 06a0c6ac..ae260c7d 100644 +--- a/src/daemon/modules/image/oci/oci_image.c ++++ b/src/daemon/modules/image/oci/oci_image.c +@@ -347,7 +347,7 @@ out: + return ret; + } + +-void oci_exit() ++void oci_exit(void) + { + storage_module_exit(); + free_oci_image_data(); +@@ -390,7 +390,7 @@ int oci_prepare_rf(const im_prepare_request *request, char **real_rootfs) + { + int ret = 0; + +- if (request == NULL) { ++ if (request == NULL || request->container_id == NULL) { + ERROR("Bim is NULL"); + return -1; + } +@@ -451,7 +451,7 @@ int oci_mount_rf(const im_mount_request *request) + { + char *mount_point = NULL; + +- if (request == NULL) { ++ if (request == NULL || request->name_id == NULL) { + ERROR("Invalid arguments"); + return -1; + } +@@ -790,7 +790,7 @@ int oci_export_rf(const im_export_request *request) + { + int ret = 0; + +- if (request == NULL) { ++ if (request == NULL || request->name_id == NULL) { + ERROR("Invalid input arguments"); + return -1; + } +diff --git a/src/daemon/modules/image/oci/oci_image.h b/src/daemon/modules/image/oci/oci_image.h +index cd7da336..3f0a87b7 100644 +--- a/src/daemon/modules/image/oci/oci_image.h ++++ b/src/daemon/modules/image/oci/oci_image.h +@@ -41,7 +41,7 @@ struct oci_image_module_data { + struct oci_image_module_data *get_oci_image_data(void); + + int oci_init(const isulad_daemon_configs *args); +-void oci_exit(); ++void oci_exit(void); + + int oci_pull_rf(const im_pull_request *request, im_pull_response *response); + int oci_rmi(const im_rmi_request *request); +diff --git a/src/daemon/modules/image/oci/oci_image_type.h b/src/daemon/modules/image/oci/oci_image_type.h +deleted file mode 100644 +index f436a453..00000000 +--- a/src/daemon/modules/image/oci/oci_image_type.h ++++ /dev/null +@@ -1,42 +0,0 @@ +-/****************************************************************************** +- * Copyright (c) Huawei Technologies Co., Ltd. 2018-2019. All rights reserved. +- * iSulad licensed under the Mulan PSL v2. +- * You can use this software according to the terms and conditions of the Mulan PSL v2. +- * You may obtain a copy of Mulan PSL v2 at: +- * http://license.coscl.org.cn/MulanPSL2 +- * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR +- * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR +- * PURPOSE. +- * See the Mulan PSL v2 for more details. +- * Author: lifeng +- * Create: 2018-11-08 +- * Description: provide image type definition +- ******************************************************************************/ +- +-#ifndef DAEMON_MODULES_IMAGE_OCI_OCI_IMAGE_TYPE_H +-#define DAEMON_MODULES_IMAGE_OCI_OCI_IMAGE_TYPE_H +- +-#ifdef __cplusplus +-extern "C" { +-#endif +- +-/* AuthConfig contains authorization information for connecting to a registry */ +-typedef struct { +- char *username; +- char *password; +- char *auth; +- char *server_address; +- +- // IdentityToken is used to authenticate the user and get +- // an access token for the registry. +- char *identity_token; +- +- // RegistryToken is a bearer token to be sent to a registry +- char *registry_token; +-} auth_config; +- +-#ifdef __cplusplus +-} +-#endif +- +-#endif +diff --git a/src/daemon/modules/image/oci/oci_import.c b/src/daemon/modules/image/oci/oci_import.c +index b261188d..61c0b65d 100644 +--- a/src/daemon/modules/image/oci/oci_import.c ++++ b/src/daemon/modules/image/oci/oci_import.c +@@ -272,6 +272,7 @@ static int create_manifest(import_desc *desc) + manifest->layers[0]->size = desc->compressed_size; + manifest->layers[0]->digest = util_strdup_s(desc->compressed_digest); + ++ // the image manifest schema version is v2 + manifest->schema_version = 2; + manifest->media_type = util_strdup_s(DOCKER_MANIFEST_SCHEMA2_JSON); + +diff --git a/src/daemon/modules/image/oci/oci_load.c b/src/daemon/modules/image/oci/oci_load.c +index fad69418..a5b669cd 100644 +--- a/src/daemon/modules/image/oci/oci_load.c ++++ b/src/daemon/modules/image/oci/oci_load.c +@@ -837,20 +837,17 @@ static int64_t get_layer_size_from_storage(char *chain_id_pre) + id = oci_image_id_from_digest(chain_id_pre); + if (id == NULL) { + ERROR("Get chain id failed from value:%s", chain_id_pre); +- size = -1; +- goto out; ++ return -1; + } + + l = storage_layer_get(id); + if (l == NULL) { + ERROR("Layer with chain id:%s is not exist in store", id); +- size = -1; +- goto out; ++ return -1; + } + + size = l->compress_size; + +-out: + free_layer(l); + return size; + } +@@ -869,8 +866,7 @@ static int oci_load_set_manifest_info(load_image_t *im) + im->manifest = util_common_calloc_s(sizeof(oci_image_manifest)); + if (im->manifest == NULL) { + ERROR("Out of memory"); +- ret = -1; +- goto out; ++ return -1; + } + + im->manifest->schema_version = OCI_SCHEMA_VERSION; +diff --git a/src/daemon/modules/image/oci/oci_load.h b/src/daemon/modules/image/oci/oci_load.h +index e1e09067..53ca87d2 100644 +--- a/src/daemon/modules/image/oci/oci_load.h ++++ b/src/daemon/modules/image/oci/oci_load.h +@@ -1,5 +1,5 @@ + /****************************************************************************** +-* Copyright (c) Huawei Technologies Co., Ltd. 2019. All rights reserved. ++* Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * iSulad licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: +diff --git a/src/daemon/modules/image/oci/oci_login.c b/src/daemon/modules/image/oci/oci_login.c +index 547bfc69..c810b066 100644 +--- a/src/daemon/modules/image/oci/oci_login.c ++++ b/src/daemon/modules/image/oci/oci_login.c +@@ -1,5 +1,5 @@ + /****************************************************************************** +-* Copyright (c) Huawei Technologies Co., Ltd. 2019. All rights reserved. ++* Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * iSulad licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: +diff --git a/src/daemon/modules/image/oci/oci_logout.c b/src/daemon/modules/image/oci/oci_logout.c +index 02fdb126..f8a63220 100644 +--- a/src/daemon/modules/image/oci/oci_logout.c ++++ b/src/daemon/modules/image/oci/oci_logout.c +@@ -1,5 +1,5 @@ + /****************************************************************************** +-* Copyright (c) Huawei Technologies Co., Ltd. 2019. All rights reserved. ++* Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * iSulad licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: +diff --git a/src/daemon/modules/image/oci/oci_pull.c b/src/daemon/modules/image/oci/oci_pull.c +index c39cab22..5b1e1aa9 100644 +--- a/src/daemon/modules/image/oci/oci_pull.c ++++ b/src/daemon/modules/image/oci/oci_pull.c +@@ -1,5 +1,5 @@ + /****************************************************************************** +-* Copyright (c) Huawei Technologies Co., Ltd. 2019. All rights reserved. ++* Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * iSulad licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: +@@ -72,7 +72,7 @@ out: + return ret; + } + +-static void update_option_insecure_registry(registry_pull_options *options, char **insecure_registries, char *host) ++static void update_option_insecure_registry(registry_pull_options *options, char **insecure_registries, const char *host) + { + char **registry = NULL; + +diff --git a/src/daemon/modules/image/oci/registry/registry_apiv2.c b/src/daemon/modules/image/oci/registry/registry_apiv2.c +index 885302cb..39f0e203 100644 +--- a/src/daemon/modules/image/oci/registry/registry_apiv2.c ++++ b/src/daemon/modules/image/oci/registry/registry_apiv2.c +@@ -632,7 +632,7 @@ static int split_head_body(char *file, char **http_head) + } + body += strlen(deli); + +- ret = util_write_file(file, body, strlen(body), 0600); ++ ret = util_write_file(file, body, strlen(body), BODY_FILE_MODE); + if (ret != 0) { + ERROR("rewrite body to file failed"); + ret = -1; +diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c +index d1b7e402..6908ccc2 100644 +--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c ++++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c +@@ -145,7 +145,7 @@ static void free_image_store(image_store_t *store) + free(store); + } + +-void image_store_free() ++void image_store_free(void) + { + free_image_store(g_image_store); + g_image_store = NULL; +@@ -1184,6 +1184,11 @@ int image_store_set_big_data(const char *id, const char *key, const char *data) + return -1; + } + ++ if (id == NULL || data == NULL) { ++ ERROR("Empty id or data"); ++ return -1; ++ } ++ + if (g_image_store == NULL) { + ERROR("Image store is not ready"); + return -1; +@@ -1286,7 +1291,7 @@ int image_store_add_name(const char *id, const char *name) + size_t i; + + if (id == NULL || name == NULL) { +- ERROR("Invalid input paratemer: id(%s), name(%s)", id, name); ++ ERROR("Invalid input paratemer"); + return -1; + } + +@@ -1514,7 +1519,7 @@ int image_store_set_metadata(const char *id, const char *metadata) + image_t *img = NULL; + + if (id == NULL || metadata == NULL) { +- ERROR("Invalid paratemer: id(%s), metadata(%s)", id, metadata); ++ ERROR("Invalid paratemer"); + return -1; + } + +@@ -1663,7 +1668,6 @@ char *image_store_big_data(const char *id, const char *key) + } + + ret = get_data_path(img->simage->id, key, filename, sizeof(filename)); +- + if (ret != 0) { + ERROR("Failed to get big data file path: %s.", key); + goto out; +@@ -1808,7 +1812,7 @@ char *image_store_big_data_digest(const char *id, const char *key) + image_t *img = NULL; + char *digest = NULL; + +- if (key == NULL || strlen(key) == 0) { ++ if (key == NULL || strlen(key) == 0 || id == NULL) { + ERROR("Not a valid name for a big data item, can't retrieve image big data value for empty name"); + return NULL; + } +@@ -1853,8 +1857,8 @@ int image_store_big_data_names(const char *id, char ***names, size_t *names_len) + int ret = 0; + image_t *img = NULL; + +- if (id == NULL) { +- ERROR("Invalid parameter, id is NULL"); ++ if (id == NULL || names == NULL || names_len == NULL) { ++ ERROR("Invalid parameter"); + return -1; + } + +@@ -2723,7 +2727,7 @@ unlock: + return ret; + } + +-size_t image_store_get_images_number() ++size_t image_store_get_images_number(void) + { + size_t number = 0; + +@@ -3141,6 +3145,11 @@ int image_store_validate_manifest_schema_version_1(const char *path, bool *valid + char manifest_path[PATH_MAX] = { 0x00 }; + bool valid_v2_config = false; + ++ if (path == NULL || valid == NULL) { ++ ERROR("Empty path or valid"); ++ return -1; ++ } ++ + *valid = false; + nret = snprintf(manifest_path, sizeof(manifest_path), "%s/%s", path, IMAGE_DIGEST_BIG_DATA_KEY); + if (nret < 0 || (size_t)nret >= sizeof(manifest_path)) { +@@ -3699,6 +3708,11 @@ int remote_append_image_by_directory_with_lock(const char *id) + return -1; + } + ++ if (g_image_store == NULL) { ++ ERROR("Image store is not ready"); ++ return -1; ++ } ++ + if (!image_store_lock(EXCLUSIVE)) { + ERROR("Failed to lock remote image store when handle: %s", id); + return -1; +@@ -3733,6 +3747,11 @@ int remote_remove_image_from_memory_with_lock(const char *id) + return -1; + } + ++ if (g_image_store == NULL) { ++ ERROR("Image store is not ready"); ++ return -1; ++ } ++ + if (!image_store_lock(EXCLUSIVE)) { + ERROR("Failed to lock remote image store when handle: %s", id); + return -1; +@@ -3759,6 +3778,16 @@ char *remote_image_get_top_layer_from_json(const char *img_id) + storage_image *im = NULL; + parser_error err = NULL; + ++ if (img_id == NULL) { ++ ERROR("Empty img id"); ++ return NULL; ++ } ++ ++ if (g_image_store == NULL) { ++ ERROR("Image store is not ready"); ++ return NULL; ++ } ++ + nret = snprintf(image_path, sizeof(image_path), "%s/%s/%s", g_image_store->dir, img_id, IMAGE_JSON); + if (nret < 0 || (size_t)nret >= sizeof(image_path)) { + ERROR("Failed to get image path"); +diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.h b/src/daemon/modules/image/oci/storage/image_store/image_store.h +index 5164cc73..019a2881 100644 +--- a/src/daemon/modules/image/oci/storage/image_store/image_store.h ++++ b/src/daemon/modules/image/oci/storage/image_store/image_store.h +@@ -98,13 +98,13 @@ int image_store_set_image_size(const char *id, uint64_t size); + int image_store_get_all_images(imagetool_images_list *images_list); + + // On success, the number of the known images is returned. On failure, (size_t)-1 is returned +-size_t image_store_get_images_number(); ++size_t image_store_get_images_number(void); + + // Retrieves image file system info + int image_store_get_fs_info(imagetool_fs_info *fs_info); + + // Free memory of image store, but will not delete the persisted files +-void image_store_free(); ++void image_store_free(void); + + imagetool_image_summary *image_store_get_image_summary(const char *id); + +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c +index e8bc32ea..5f8d6c56 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c +@@ -498,14 +498,14 @@ bool has_metadata(const char *hash, struct device_set *devset) + bool ret = true; + int nret = 0; + +- if (hash == NULL) { ++ if (hash == NULL || devset == NULL) { + return true; + } + + metadata_path = metadata_dir(devset); + if (metadata_path == NULL) { + ERROR("Failed to get meta data directory"); +- goto out; ++ return false; + } + + nret = snprintf(metadata_file, sizeof(metadata_file), "%s/%s", metadata_path, util_valid_str(hash) ? hash : "base"); +@@ -540,7 +540,7 @@ static image_devmapper_device_info *load_metadata(const struct device_set *devse + metadata_path = metadata_dir(devset); + if (metadata_path == NULL) { + ERROR("Failed to get meta data directory"); +- goto out; ++ return NULL; + } + + nret = snprintf(metadata_file, sizeof(metadata_file), "%s/%s", metadata_path, util_valid_str(hash) ? hash : "base"); +@@ -3072,7 +3072,7 @@ int mount_device(const char *hash, const char *path, const struct driver_mount_o + char *dev_fname = NULL; + char *options = NULL; + +- if (hash == NULL || path == NULL) { ++ if (hash == NULL || path == NULL || devset == NULL) { + ERROR("devmapper: invalid input params to mount device"); + return -1; + } +@@ -3232,7 +3232,7 @@ int export_device_metadata(struct device_metadata *dev_metadata, const char *has + char *dm_name = NULL; + devmapper_device_info_t *device_info = NULL; + +- if (hash == NULL || dev_metadata == NULL) { ++ if (hash == NULL || dev_metadata == NULL || devset == NULL) { + ERROR("Invalid input params"); + return -1; + } +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c +index c8e78e48..ca1b49df 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c +@@ -198,7 +198,7 @@ int devmapper_rm_layer(const char *id, const struct graphdriver *driver) + } + + if (delete_device(id, false, driver->devset) != 0) { +- ERROR("failed to remove device %s", id); ++ ERROR("Failed to remove device %s", id); + return -1; + } + +@@ -615,7 +615,7 @@ int devmapper_clean_up(struct graphdriver *driver) + { + int ret = 0; + +- if (driver == NULL) { ++ if (driver == NULL || driver->devset == NULL || driver->home == NULL) { + ERROR("Invalid input param to cleanup devicemapper"); + return -1; + } +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c +index c8f3d6d8..9b7e6b17 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c +@@ -194,7 +194,7 @@ cleanup: + return NULL; + } + +-char *dev_get_driver_version() ++char *dev_get_driver_version(void) + { + struct dm_task *dmt = NULL; + char *version = NULL; +@@ -236,7 +236,7 @@ cleanup: + } + + // dev_get_library_version return the device mapper library version +-char *dev_get_library_version() ++char *dev_get_library_version(void) + { + char version[128] = { 0 }; + +@@ -681,7 +681,7 @@ cleanup: + return ret; + } + +-bool udev_sync_supported() ++bool udev_sync_supported(void) + { + return dm_udev_get_sync_support() != 0; + } +@@ -707,7 +707,8 @@ int dev_create_device(const char *pool_fname, int device_id) + int ret = 0; + int nret = 0; + uint64_t sector = 0; +- char message[PATH_MAX] = { 0 }; // 临时字符缓冲区上限 ++ // temporary character buffer limit ++ char message[PATH_MAX] = { 0 }; + struct dm_task *dmt = NULL; + + if (pool_fname == NULL) { +@@ -1068,7 +1069,7 @@ static void log_cb(int level, const char *file, int line, int dm_errno_or_class, + free(buffer); + } + +-void log_with_errno_init() ++void log_with_errno_init(void) + { + dm_log_with_errno_init(log_cb); + } +@@ -1138,7 +1139,8 @@ int dev_set_transaction_id(const char *pool_name, uint64_t old_id, uint64_t new_ + int ret = 0; + int nret = 0; + uint64_t sector = 0; +- char message[PATH_MAX] = { 0 }; // 临时字符缓冲区上限 ++ // temporary character buffer limit ++ char message[PATH_MAX] = { 0 }; + struct dm_task *dmt = NULL; + + if (pool_name == NULL) { +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.h b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.h +index e8acebc0..01771a3b 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.h ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.h +@@ -96,11 +96,11 @@ int set_dev_dir(const char *dir); + + struct dm_task* task_create_named(int type, const char *name); + +-void log_with_errno_init(); ++void log_with_errno_init(void); + +-char *dev_get_driver_version(); ++char *dev_get_driver_version(void); + +-char *dev_get_library_version(); ++char *dev_get_library_version(void); + + int dev_get_status(uint64_t *start, uint64_t *length, char **target_type, char **params, const char *name); + +@@ -112,7 +112,7 @@ int dev_remove_device_deferred(const char *name); + + int dev_get_device_list(char ***list, size_t *length); + +-bool udev_sync_supported(); ++bool udev_sync_supported(void); + + bool udev_set_sync_support(bool enable); + +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c +index c5864c90..2a209626 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c +@@ -400,12 +400,6 @@ out: + return ret; + } + +-bool overlay2_is_quota_options(struct graphdriver *driver, const char *option) +-{ +- return strncmp(option, QUOTA_SIZE_OPTION, strlen(QUOTA_SIZE_OPTION)) == 0 || +- strncmp(option, QUOTA_BASESIZE_OPTIONS, strlen(QUOTA_BASESIZE_OPTIONS)) == 0; +-} +- + static int check_parent_valid(const char *parent, const struct graphdriver *driver) + { + int ret = 0; +@@ -1152,7 +1146,7 @@ int overlay2_rm_layer(const char *id, const struct graphdriver *driver) + struct stat stat_buf; + #endif + +- if (id == NULL || driver == NULL) { ++ if (id == NULL || driver == NULL || driver->home == NULL) { + ERROR("Invalid input arguments"); + return -1; + } +@@ -1838,6 +1832,11 @@ bool overlay2_layer_exists(const char *id, const struct graphdriver *driver) + char *layer_dir = NULL; + char *link_id = NULL; + ++ if (id == NULL || driver == NULL || driver->home == NULL) { ++ ERROR("Failed to verify overlay2 layer exists for empty id or driver"); ++ return false; ++ } ++ + layer_dir = util_path_join(driver->home, id); + if (layer_dir == NULL) { + ERROR("Failed to join layer dir:%s", id); +@@ -2060,7 +2059,7 @@ int overlay2_get_driver_status(const struct graphdriver *driver, struct graphdri + int nret = 0; + char tmp[MAX_INFO_LENGTH] = { 0 }; + +- if (driver == NULL || status == NULL) { ++ if (driver == NULL || status == NULL || driver->backing_fs == NULL) { + ERROR("Invalid input arguments"); + return -1; + } +@@ -2102,7 +2101,7 @@ int overlay2_clean_up(struct graphdriver *driver) + { + int ret = 0; + +- if (driver == NULL) { ++ if (driver == NULL || driver->home == NULL) { + ERROR("Invalid input arguments"); + ret = -1; + goto out; +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.h b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.h +index e14271b1..438c508e 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.h ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.h +@@ -35,8 +35,6 @@ extern "C" { + + int overlay2_init(struct graphdriver *driver, const char *driver_home, const char **options, size_t len); + +-bool overlay2_is_quota_options(struct graphdriver *driver, const char *option); +- + int overlay2_create_rw(const char *id, const char *parent, const struct graphdriver *driver, + struct driver_create_opts *create_opts); + +diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer.c b/src/daemon/modules/image/oci/storage/layer_store/layer.c +index 2fad8310..fbe0317a 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/layer.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/layer.c +@@ -46,7 +46,7 @@ void free_layer_t(layer_t *ptr) + free(ptr); + } + +-layer_t *create_empty_layer() ++layer_t *create_empty_layer(void) + { + layer_t *result = NULL; + int nret = 0; +diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer.h b/src/daemon/modules/image/oci/storage/layer_store/layer.h +index f2dad648..9387efe0 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/layer.h ++++ b/src/daemon/modules/image/oci/storage/layer_store/layer.h +@@ -43,7 +43,7 @@ typedef struct _layer_t_ { + uint64_t refcnt; + } layer_t; + +-layer_t *create_empty_layer(); ++layer_t *create_empty_layer(void); + + void free_layer_t(layer_t *ptr); + void layer_ref_inc(layer_t *layer); +diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c +index 057ffaa3..6db590e3 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c +@@ -122,7 +122,7 @@ static inline void layer_store_unlock() + } + } + +-void layer_store_cleanup() ++void layer_store_cleanup(void) + { + struct linked_list *item = NULL; + struct linked_list *next = NULL; +@@ -235,7 +235,7 @@ static inline void delete_g_layer_list_item(struct linked_list *item, bool rm_va + g_metadata.layers_list_len -= 1; + } + +-void remove_layer_list_tail() ++void remove_layer_list_tail(void) + { + struct linked_list *item = NULL; + +@@ -1451,18 +1451,6 @@ int layer_store_delete(const char *id) + return ret; + } + +-bool layer_store_exists(const char *id) +-{ +- layer_t *l = lookup_with_lock(id); +- +- if (l == NULL) { +- return false; +- } +- +- layer_ref_dec(l); +- return true; +-} +- + static void copy_json_to_layer(const layer_t *jl, struct layer *l) + { + if (jl->slayer == NULL) { +@@ -1574,7 +1562,7 @@ int layer_store_by_compress_digest(const char *digest, struct layer_list *resp) + { + int ret = 0; + +- if (resp == NULL) { ++ if (digest == NULL || resp == NULL) { + return -1; + } + +@@ -1587,22 +1575,6 @@ int layer_store_by_compress_digest(const char *digest, struct layer_list *resp) + return ret; + } + +-int layer_store_by_uncompress_digest(const char *digest, struct layer_list *resp) +-{ +- int ret = 0; +- +- if (resp == NULL) { +- return -1; +- } +- if (!layer_store_lock(false)) { +- return -1; +- } +- +- ret = layers_by_digest_map(g_metadata.by_uncompress_digest, digest, resp); +- layer_store_unlock(); +- return ret; +-} +- + struct layer *layer_store_lookup(const char *name) + { + struct layer *ret = NULL; +@@ -1712,6 +1684,10 @@ int layer_store_try_repair_lowers(const char *id) + layer_t *l = NULL; + int ret = 0; + ++ if (id == NULL) { ++ return -1; ++ } ++ + l = lookup_with_lock(id); + if (l == NULL) { + return -1; +@@ -2027,7 +2003,7 @@ free_out: + return -1; + } + +-void layer_store_exit() ++void layer_store_exit(void) + { + graphdriver_cleanup(); + } +@@ -2336,6 +2312,11 @@ int layer_store_check(const char *id) + int ret = 0; + char *rootfs = NULL; + ++ if (id == NULL) { ++ ERROR("Failed to do layer store check for Empty id"); ++ return -1; ++ } ++ + layer_t *l = lookup_with_lock(id); + if (l == NULL || l->slayer == NULL) { + ERROR("layer %s not found when checking integration", id); +@@ -2377,6 +2358,11 @@ int remote_layer_remove_memory_stores_with_lock(const char *id) + { + int ret = 0; + ++ if (id == NULL) { ++ ERROR("Failed to lock layer store for empty id"); ++ return -1; ++ } ++ + if (!layer_store_lock(true)) { + ERROR("Failed to lock layer store when handle: %s", id); + return -1; +@@ -2457,6 +2443,11 @@ int remote_load_one_layer(const char *id) + layer_t *tl = NULL; + size_t i = 0; + ++ if (id == NULL) { ++ ERROR("Failed to do remote load one layer for empty id"); ++ return -1; ++ } ++ + if (!layer_store_lock(true)) { + return -1; + } +diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.h b/src/daemon/modules/image/oci/storage/layer_store/layer_store.h +index be8c52dc..20287119 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.h ++++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.h +@@ -51,20 +51,18 @@ struct layer_opts { + }; + + int layer_store_init(const struct storage_module_init_options *conf); +-void layer_store_exit(); +-void layer_store_cleanup(); ++void layer_store_exit(void); ++void layer_store_cleanup(void); + +-void remove_layer_list_tail(); ++void remove_layer_list_tail(void); + int layer_store_create(const char *id, const struct layer_opts *opts, const struct io_read_wrapper *content, + char **new_id); + int layer_inc_hold_refs(const char *layer_id); + int layer_dec_hold_refs(const char *layer_id); + int layer_get_hold_refs(const char *layer_id, int *ref_num); + int layer_store_delete(const char *id); +-bool layer_store_exists(const char *id); + int layer_store_list(struct layer_list *resp); + int layer_store_by_compress_digest(const char *digest, struct layer_list *resp); +-int layer_store_by_uncompress_digest(const char *digest, struct layer_list *resp); + struct layer *layer_store_lookup(const char *name); + char *layer_store_mount(const char *id); + int layer_store_umount(const char *id, bool force); +diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/image_remote_impl.c b/src/daemon/modules/image/oci/storage/remote_layer_support/image_remote_impl.c +index b4a53ec1..07c4a5cc 100644 +--- a/src/daemon/modules/image/oci/storage/remote_layer_support/image_remote_impl.c ++++ b/src/daemon/modules/image/oci/storage/remote_layer_support/image_remote_impl.c +@@ -1,5 +1,5 @@ + /****************************************************************************** +- * Copyright (c) Huawei Technologies Co., Ltd. 2020-2023. All rights reserved. ++ * Copyright (c) Huawei Technologies Co., Ltd. 2023. All rights reserved. + * iSulad licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: +@@ -31,6 +31,11 @@ static map_t *image_byid_new = NULL; + + struct remote_image_data *remote_image_create(const char *remote_home, const char *remote_ro) + { ++ if (remote_home == NULL) { ++ ERROR("Empty remote home"); ++ return NULL; ++ } ++ + struct remote_image_data *data = util_common_calloc_s(sizeof(struct remote_image_data)); + if (data == NULL) { + ERROR("Out of memory"); +@@ -204,6 +209,11 @@ static int remote_image_add(void *data) + + void remote_image_refresh(struct remote_image_data *data) + { ++ if (data == NULL) { ++ ERROR("Skip refresh remote image for empty data"); ++ return; ++ } ++ + if (remote_dir_scan(data) != 0) { + ERROR("remote overlay failed to scan dir, skip refresh"); + return; +diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/layer_remote_impl.c b/src/daemon/modules/image/oci/storage/remote_layer_support/layer_remote_impl.c +index b1a1e944..7527f1e4 100644 +--- a/src/daemon/modules/image/oci/storage/remote_layer_support/layer_remote_impl.c ++++ b/src/daemon/modules/image/oci/storage/remote_layer_support/layer_remote_impl.c +@@ -31,6 +31,11 @@ static map_t *layer_byid_new = NULL; + + struct remote_layer_data *remote_layer_create(const char *layer_home, const char *layer_ro) + { ++ if (layer_home == NULL || layer_ro == NULL) { ++ ERROR("Empty layer home or layer ro"); ++ return NULL; ++ } ++ + struct remote_layer_data *data = util_common_calloc_s(sizeof(struct remote_layer_data)); + if (data == NULL) { + ERROR("Out of memory"); +@@ -232,6 +237,11 @@ static int remote_layer_add(struct remote_layer_data *data) + + void remote_layer_refresh(struct remote_layer_data *data) + { ++ if (data == NULL) { ++ ERROR("Skip refresh remote layer for empty data"); ++ return; ++ } ++ + if (remote_dir_scan(data) != 0) { + ERROR("remote layer failed to scan dir, skip refresh"); + return; +diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c b/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c +index e44c64ef..38d9b0ce 100644 +--- a/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c ++++ b/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c +@@ -37,6 +37,11 @@ static map_t *overlay_id_link = NULL; + + struct remote_overlay_data *remote_overlay_create(const char *remote_home, const char *remote_ro) + { ++ if (remote_home == NULL || remote_ro == NULL) { ++ ERROR("Empty remote home or remote ro"); ++ return NULL; ++ } ++ + struct remote_overlay_data *data = util_common_calloc_s(sizeof(struct remote_overlay_data)); + if (data == NULL) { + ERROR("Out of memory"); +@@ -341,6 +346,11 @@ static int remote_overlay_add(struct remote_overlay_data *data) + + void remote_overlay_refresh(struct remote_overlay_data *data) + { ++ if (data == NULL) { ++ ERROR("Skip refresh remote overlay for empty data"); ++ return; ++ } ++ + if (remote_dir_scan(data) != 0) { + ERROR("remote overlay failed to scan dir, skip refresh"); + return; +diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c +index 400678c4..b1ac2156 100644 +--- a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c ++++ b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c +@@ -85,6 +85,11 @@ int remote_start_refresh_thread(pthread_rwlock_t *remote_lock) + pthread_t a_thread; + maintain_context ctx = get_maintain_context(); + ++ if (remote_lock == NULL) { ++ ERROR("Invalid remote lock"); ++ return -1; ++ } ++ + supporters.image_data = remote_image_create(ctx.image_home, NULL); + if (supporters.image_data == NULL) { + goto free_out; +diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c b/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c +index 4d234aab..ea40ae45 100644 +--- a/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c ++++ b/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c +@@ -37,6 +37,8 @@ static char *layer_home; + static char *overlay_ro_dir; + static char *overlay_home; + ++#define LAYER_RO_DIR_MODE 0700 ++ + int remote_image_init(const char *root_dir) + { + if (root_dir == NULL) { +@@ -67,7 +69,7 @@ int remote_layer_init(const char *root_dir) + ERROR("Failed join path when init remote layer maintainer"); + goto out; + } +- if (!util_file_exists(layer_ro_dir) && util_mkdir_p(layer_ro_dir, 0700) != 0) { ++ if (!util_file_exists(layer_ro_dir) && util_mkdir_p(layer_ro_dir, LAYER_RO_DIR_MODE) != 0) { + ERROR("Failed to create RO dir under overlay"); + goto out; + } +@@ -127,6 +129,11 @@ static int do_build_ro_dir(const char *home, const char *id) + int nret = 0; + int ret = 0; + ++ if (home == NULL || id == NULL) { ++ ERROR("Empty home or id"); ++ return -1; ++ } ++ + nret = asprintf(&ro_symlink, "%s/%s", home, id); + if (nret < 0 || nret > PATH_MAX) { + SYSERROR("Failed create ro layer dir sym link path"); +@@ -183,7 +190,7 @@ int do_remove_ro_dir(const char *home, const char *id) + int ret = 0; + int nret = 0; + +- if (id == NULL) { ++ if (home == NULL || id == NULL) { + return 0; + } + +diff --git a/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.c b/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.c +index 9ec5cc74..c0a2a400 100644 +--- a/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.c ++++ b/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.c +@@ -121,7 +121,7 @@ static void free_rootfs_store(rootfs_store_t *store) + free(store); + } + +-void rootfs_store_free() ++void rootfs_store_free(void) + { + free_rootfs_store(g_rootfs_store); + g_rootfs_store = NULL; +@@ -1085,7 +1085,7 @@ out: + return ret; + } + +-int rootfs_store_wipe() ++int rootfs_store_wipe(void) + { + int ret = 0; + char *id = NULL; +@@ -1125,7 +1125,7 @@ int rootfs_store_set_metadata(const char *id, const char *metadata) + cntrootfs_t *cntr = NULL; + + if (id == NULL || metadata == NULL) { +- ERROR("Invalid paratemer: id(%s), metadata(%s)", id, metadata); ++ ERROR("Invalid paratemer"); + return -1; + } + +@@ -1331,7 +1331,7 @@ out: + return ret; + } + +-char *rootfs_store_get_data_dir() ++char *rootfs_store_get_data_dir(void) + { + return util_strdup_s(g_rootfs_store->dir); + } +\ No newline at end of file +diff --git a/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.h b/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.h +index c23af091..63f3294b 100644 +--- a/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.h ++++ b/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.h +@@ -48,7 +48,7 @@ char *rootfs_store_lookup(const char *id); + int rootfs_store_delete(const char *id); + + // Remove records of all containers +-int rootfs_store_wipe(); ++int rootfs_store_wipe(void); + + // Updates the metadata associated with the item with the specified ID. + int rootfs_store_set_metadata(const char *id, const char *metadata); +@@ -66,10 +66,10 @@ storage_rootfs *rootfs_store_get_rootfs(const char *id); + int rootfs_store_get_all_rootfs(struct rootfs_list *all_rootfs); + + // Return rootfs store data dir +-char *rootfs_store_get_data_dir(); ++char *rootfs_store_get_data_dir(void); + + // Free memory of container store, but will not delete the persisted files +-void rootfs_store_free(); ++void rootfs_store_free(void); + + #ifdef __cplusplus + } +diff --git a/src/daemon/modules/image/oci/storage/storage.c b/src/daemon/modules/image/oci/storage/storage.c +index cece9e90..5f9dea51 100644 +--- a/src/daemon/modules/image/oci/storage/storage.c ++++ b/src/daemon/modules/image/oci/storage/storage.c +@@ -192,6 +192,11 @@ int storage_inc_hold_refs(const char *layer_id) + { + int ret = 0; + ++ if (layer_id == NULL) { ++ ERROR("Empty layer id"); ++ return -1; ++ } ++ + if (!storage_lock(&g_storage_rwlock, true)) { + ERROR("Failed to lock image store when increase hold refs number for layer %s", layer_id); + return -1; +@@ -207,6 +212,11 @@ int storage_inc_hold_refs(const char *layer_id) + int storage_dec_hold_refs(const char *layer_id) + { + int ret = 0; ++ ++ if (layer_id == NULL) { ++ ERROR("Empty layer id"); ++ return -1; ++ } + + if (!storage_lock(&g_storage_rwlock, true)) { + ERROR("Failed to lock image store when decrease hold refs number for layer %s", layer_id); +@@ -282,6 +292,11 @@ struct layer_list *storage_layers_get_by_compress_digest(const char *digest) + int ret = 0; + struct layer_list *layers = NULL; + ++ if (digest == NULL) { ++ ERROR("Empty digest"); ++ return NULL; ++ } ++ + layers = util_common_calloc_s(sizeof(struct layer_list)); + if (layers == NULL) { + ERROR("Out of memory"); +@@ -537,7 +552,7 @@ char *storage_img_get_image_id(const char *img_name) + return image_store_lookup(img_name); + } + +-bool is_top_layer_of_other_image(const char *img_id, const imagetool_images_list *all_images, const char *layer_id) ++static bool is_top_layer_of_other_image(const char *img_id, const imagetool_images_list *all_images, const char *layer_id) + { + size_t i = 0; + +@@ -911,6 +926,11 @@ int storage_img_set_image_size(const char *image_id) + int ret = 0; + int64_t image_size = 0; + ++ if (image_id == NULL) { ++ ERROR("Empty image id"); ++ return -1; ++ } ++ + image_size = storage_img_cal_image_size(image_id); + if (image_size < 0) { + ERROR("Failed to get image %s size", image_id); +@@ -959,7 +979,7 @@ bool storage_image_exist(const char *image_or_id) + return image_store_exists(image_or_id); + } + +-size_t storage_get_img_count() ++size_t storage_get_img_count(void) + { + return image_store_get_images_number(); + } +@@ -1248,8 +1268,8 @@ int storage_rootfs_fs_usgae(const char *container_id, imagetool_fs_info *fs_info + } + + rootfs_info = rootfs_store_get_rootfs(container_id); +- if (rootfs_info == NULL) { +- ERROR("Failed to get rootfs %s info", container_id); ++ if (rootfs_info == NULL || rootfs_info->layer == NULL) { ++ ERROR("Failed to get valid rootfs %s info", container_id); + ret = -1; + goto out; + } +@@ -1276,7 +1296,7 @@ char *storage_rootfs_mount(const char *container_id) + } + + rootfs_info = rootfs_store_get_rootfs(container_id); +- if (rootfs_info == NULL) { ++ if (rootfs_info == NULL || rootfs_info->layer == NULL) { + ERROR("Failed to get rootfs %s info", container_id); + goto out; + } +@@ -1724,6 +1744,11 @@ container_inspect_graph_driver *storage_get_metadata_by_container_id(const char + storage_rootfs *rootfs_info = NULL; + container_inspect_graph_driver *container_metadata = NULL; + ++ if (id == NULL) { ++ ERROR("Empty id"); ++ return NULL; ++ } ++ + rootfs_info = rootfs_store_get_rootfs(id); + if (rootfs_info == NULL) { + ERROR("Failed to get rootfs %s info", id); +diff --git a/src/daemon/modules/image/oci/storage/storage.h b/src/daemon/modules/image/oci/storage/storage.h +index a761938c..718f7eff 100644 +--- a/src/daemon/modules/image/oci/storage/storage.h ++++ b/src/daemon/modules/image/oci/storage/storage.h +@@ -119,7 +119,7 @@ typedef struct storage_layer_create_opts { + + int storage_module_init(struct storage_module_init_options *opts); + +-void storage_module_exit(); ++void storage_module_exit(void); + + void free_storage_module_init_options(struct storage_module_init_options *opts); + +@@ -153,7 +153,7 @@ int storage_img_set_image_size(const char *image_id); + + char *storage_get_img_top_layer(const char *id); + +-size_t storage_get_img_count(); ++size_t storage_get_img_count(void); + + char *storage_img_get_image_id(const char *img_name); + +@@ -191,7 +191,7 @@ char *storage_rootfs_mount(const char *container_id); + + int storage_rootfs_umount(const char *container_id, bool force); + +-char *storage_rootfs_get_dir(); ++char *storage_rootfs_get_dir(void); + + container_inspect_graph_driver *storage_get_metadata_by_container_id(const char *id); + +diff --git a/src/daemon/modules/image/oci/utils_images.c b/src/daemon/modules/image/oci/utils_images.c +index d06ba058..22ec72df 100644 +--- a/src/daemon/modules/image/oci/utils_images.c ++++ b/src/daemon/modules/image/oci/utils_images.c +@@ -247,7 +247,7 @@ int oci_split_image_name(const char *image_name, char **host, char **name, char + return 0; + } + +-char *get_hostname_to_strip() ++char *get_hostname_to_strip(void) + { + char *name = NULL; + +@@ -320,6 +320,11 @@ char *make_big_data_base_name(const char *key) + char *base_name = NULL; + size_t name_size; + ++ if (key == NULL) { ++ ERROR("Empty key"); ++ return NULL; ++ } ++ + if (should_use_origin_name(key)) { + return util_strdup_s(key); + } +diff --git a/src/daemon/modules/image/oci/utils_images.h b/src/daemon/modules/image/oci/utils_images.h +index 86c1b2a7..7181ddd6 100644 +--- a/src/daemon/modules/image/oci/utils_images.h ++++ b/src/daemon/modules/image/oci/utils_images.h +@@ -54,7 +54,7 @@ bool oci_valid_time(char *time); + + char *oci_get_isulad_tmpdir(const char *root_dir); + int makesure_isulad_tmpdir_perm_right(const char *root_dir); +-char *get_hostname_to_strip(); ++char *get_hostname_to_strip(void); + + char *oci_image_digest_pos(const char *name); + +diff --git a/src/utils/http/http.h b/src/utils/http/http.h +index 343d92c3..cc64c857 100644 +--- a/src/utils/http/http.h ++++ b/src/utils/http/http.h +@@ -100,6 +100,8 @@ struct http_get_options { + #define AUTHZ_UNIX_SOCK "/run/isulad/plugins/authz-broker.sock" + #define AUTHZ_REQUEST_URL "http://localhost/isulad.auth" + ++#define BODY_FILE_MODE 0600 ++ + /* http response code */ + enum http_response_code { + StatusContinue = 100, // RFC 7231, 6.2.1 +diff --git a/test/image/oci/storage/layers/storage_driver_ut.cc b/test/image/oci/storage/layers/storage_driver_ut.cc +index ae9f4df1..943fa073 100644 +--- a/test/image/oci/storage/layers/storage_driver_ut.cc ++++ b/test/image/oci/storage/layers/storage_driver_ut.cc +@@ -269,12 +269,4 @@ TEST_F(StorageDriverUnitTest, test_graphdriver_try_repair_lowers) + + std::string id { "1be74353c3d0fd55fb5638a52953e6f1bc441e5b1710921db9ec2aa202725569" }; + ASSERT_EQ(graphdriver_try_repair_lowers(id.c_str(), nullptr), 0); +-} +- +-TEST(StorageOverlay2QuotaOptionsTest, test_overlay2_is_quota_options) +-{ +- std::vector options { "overlay2.size", "overlay2.basesize" }; +- for (auto option : options) { +- ASSERT_TRUE(overlay2_is_quota_options(nullptr, option.c_str())); +- } +-} ++} +\ No newline at end of file +diff --git a/test/image/oci/storage/layers/storage_layers_ut.cc b/test/image/oci/storage/layers/storage_layers_ut.cc +index fca37e83..73611fdc 100644 +--- a/test/image/oci/storage/layers/storage_layers_ut.cc ++++ b/test/image/oci/storage/layers/storage_layers_ut.cc +@@ -278,19 +278,6 @@ TEST_F(StorageLayersUnitTest, test_layers_load) + free_layer_list(layer_list); + } + +-TEST_F(StorageLayersUnitTest, test_layer_store_exists) +-{ +- if (!support_overlay) { +- return; +- } +- +- std::string id { "7db8f44a0a8e12ea4283e3180e98880007efbd5de2e7c98b67de9cdd4dfffb0b" }; +- std::string incorrectId { "50551ff67da98ab8540d7132" }; +- +- ASSERT_TRUE(layer_store_exists(id.c_str())); +- ASSERT_FALSE(layer_store_exists(incorrectId.c_str())); +-} +- + TEST_F(StorageLayersUnitTest, test_layer_store_create) + { + if (!support_overlay) { +@@ -337,24 +324,3 @@ TEST_F(StorageLayersUnitTest, test_layer_store_by_compress_digest) + + free_layer_list(layer_list); + } +- +-TEST_F(StorageLayersUnitTest, test_layer_store_by_uncompress_digest) +-{ +- if (!support_overlay) { +- return; +- } +- +- std::string uncompress { "sha256:9c27e219663c25e0f28493790cc0b88bc973ba3b1686355f221c38a36978ac63" }; +- std::string id { "9c27e219663c25e0f28493790cc0b88bc973ba3b1686355f221c38a36978ac63" }; +- struct layer_list *layer_list = (struct layer_list *)util_common_calloc_s(sizeof(struct layer_list)); +- +- ASSERT_EQ(layer_store_by_uncompress_digest(uncompress.c_str(), layer_list), 0); +- ASSERT_EQ(layer_list->layers_len, 1); +- +- struct layer **layers = layer_list->layers; +- ASSERT_STREQ(layers[0]->id, id.c_str()); +- ASSERT_STREQ(layers[0]->uncompressed_digest, uncompress.c_str()); +- ASSERT_EQ(layers[0]->uncompress_size, 1672256); +- +- free_layer_list(layer_list); +-} +diff --git a/test/mocks/driver_overlay2_mock.cc b/test/mocks/driver_overlay2_mock.cc +index 6f24dbcf..6892539d 100644 +--- a/test/mocks/driver_overlay2_mock.cc ++++ b/test/mocks/driver_overlay2_mock.cc +@@ -39,11 +39,3 @@ int overlay2_parse_options(struct graphdriver *driver, const char **options, siz + } + return -1; + } +- +-bool overlay2_is_quota_options(struct graphdriver *driver, const char *option) +-{ +- if (g_driver_overlay2_mock != nullptr) { +- return g_driver_overlay2_mock->Overlay2IsQuotaOptions(driver, option); +- } +- return false; +-} +diff --git a/test/mocks/driver_overlay2_mock.h b/test/mocks/driver_overlay2_mock.h +index 071e6287..f09b715a 100644 +--- a/test/mocks/driver_overlay2_mock.h ++++ b/test/mocks/driver_overlay2_mock.h +@@ -24,7 +24,6 @@ public: + virtual ~MockDriverOverlay2() = default; + MOCK_METHOD1(Overlay2Init, int(struct graphdriver *)); + MOCK_METHOD3(Overlay2ParseOptions, int(struct graphdriver *, const char **, size_t)); +- MOCK_METHOD2(Overlay2IsQuotaOptions, bool(struct graphdriver *, const char *)); + }; + + void MockDriverOverlay2_SetMock(MockDriverOverlay2* mock); +-- +2.40.1 + diff --git a/0122-2149-archive-fork-process-set-pdeathsig.patch b/0122-2149-archive-fork-process-set-pdeathsig.patch new file mode 100644 index 0000000..3c61088 --- /dev/null +++ b/0122-2149-archive-fork-process-set-pdeathsig.patch @@ -0,0 +1,76 @@ +From f43397d5c5a730e8beb14b19f934efbc7b13d493 Mon Sep 17 00:00:00 2001 +From: zhangxiaoyu +Date: Tue, 29 Aug 2023 03:56:30 +0000 +Subject: [PATCH 122/145] !2149 archive fork process set pdeathsig * archive + fork process set pdeathsig + +--- + src/utils/tar/util_archive.c | 17 ++++++++++++++++- + 1 file changed, 16 insertions(+), 1 deletion(-) + +diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c +index a6946413..19e6a6b1 100644 +--- a/src/utils/tar/util_archive.c ++++ b/src/utils/tar/util_archive.c +@@ -598,7 +598,7 @@ int archive_unpack_handler(const struct io_read_wrapper *content, const struct a + + ret = archive_read_open(a, mydata, NULL, read_content, NULL); + if (ret != 0) { +- SYSERROR("Failed to open archive"); ++ ERROR("Failed to open archive: %s", archive_error_string(a)); + fprintf(stderr, "Failed to open archive: %s", strerror(errno)); + ret = -1; + goto out; +@@ -709,6 +709,13 @@ static void close_archive_pipes_fd(int *pipes, size_t pipe_size) + } + } + ++static void set_child_process_pdeathsig(void) ++{ ++ if (prctl(PR_SET_PDEATHSIG, SIGKILL) < 0) { ++ SYSERROR("Failed to set child process pdeathsig"); ++ } ++} ++ + int archive_unpack(const struct io_read_wrapper *content, const char *dstdir, const struct archive_options *options, + char **errmsg) + { +@@ -737,6 +744,8 @@ int archive_unpack(const struct io_read_wrapper *content, const char *dstdir, co + } + + if (pid == (pid_t)0) { ++ set_child_process_pdeathsig(); ++ + keepfds[0] = isula_libutils_get_log_fd(); + keepfds[1] = *(int *)(content->context); + keepfds[2] = pipe_stderr[1]; +@@ -1141,6 +1150,8 @@ int archive_chroot_tar(char *path, char *file, char **errmsg) + } + + if (pid == (pid_t)0) { ++ set_child_process_pdeathsig(); ++ + keepfds[0] = isula_libutils_get_log_fd(); + keepfds[1] = pipe_for_read[1]; + ret = util_check_inherited_exclude_fds(true, keepfds, 2); +@@ -1375,6 +1386,8 @@ int archive_chroot_untar_stream(const struct io_read_wrapper *context, const cha + } + + if (pid == (pid_t)0) { ++ set_child_process_pdeathsig(); ++ + keepfds[0] = isula_libutils_get_log_fd(); + keepfds[1] = pipe_stderr[1]; + keepfds[2] = pipe_stream[0]; +@@ -1504,6 +1517,8 @@ int archive_chroot_tar_stream(const char *chroot_dir, const char *tar_path, cons + char *tar_dir_name = NULL; + char *tar_base_name = NULL; + ++ set_child_process_pdeathsig(); ++ + keepfds[0] = isula_libutils_get_log_fd(); + keepfds[1] = pipe_stderr[1]; + keepfds[2] = pipe_stream[1]; +-- +2.40.1 + diff --git a/0123-improve-by-code-check-of-cpp.patch b/0123-improve-by-code-check-of-cpp.patch new file mode 100644 index 0000000..4581f0d --- /dev/null +++ b/0123-improve-by-code-check-of-cpp.patch @@ -0,0 +1,329 @@ +From b01d0518d63cca451e2f0e88dc0d1cee2474fa7b Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Mon, 28 Aug 2023 20:10:13 +0800 +Subject: [PATCH 123/145] improve by code check of cpp + +Signed-off-by: haozi007 +--- + src/daemon/entry/cri/errors.cc | 1 + + src/daemon/entry/cri/errors.h | 2 +- + src/utils/cpputils/cxxutils.cc | 10 ++++---- + src/utils/cpputils/read_write_lock.h | 2 -- + src/utils/cpputils/stoppable_thread.h | 1 - + src/utils/cpputils/url.cc | 37 +++++++++++++++------------ + src/utils/cutils/utils_file.h | 2 -- + src/utils/cutils/utils_timestamp.h | 2 -- + src/utils/http/rest_common.h | 2 -- + src/utils/tar/isulad_tar.c | 3 ++- + src/utils/tar/isulad_tar.h | 2 -- + src/utils/tar/util_archive.c | 9 ++++--- + src/utils/tar/util_archive.h | 2 -- + 13 files changed, 35 insertions(+), 40 deletions(-) + +diff --git a/src/daemon/entry/cri/errors.cc b/src/daemon/entry/cri/errors.cc +index 3dc3bba6..e0fdc7f7 100644 +--- a/src/daemon/entry/cri/errors.cc ++++ b/src/daemon/entry/cri/errors.cc +@@ -50,6 +50,7 @@ std::string &Errors::GetMessage() + return m_message; + } + ++// never save return pointer, we just use for printf of logging + const char *Errors::GetCMessage() const + { + return m_message.empty() ? "" : m_message.c_str(); +diff --git a/src/daemon/entry/cri/errors.h b/src/daemon/entry/cri/errors.h +index 193a9523..33be6d77 100644 +--- a/src/daemon/entry/cri/errors.h ++++ b/src/daemon/entry/cri/errors.h +@@ -25,7 +25,7 @@ public: + : m_message(copy.m_message), m_code(copy.m_code) + { + } +- Errors &operator=(const Errors &); ++ Errors &operator=(const Errors &other); + virtual ~Errors(); + + void Clear(); +diff --git a/src/utils/cpputils/cxxutils.cc b/src/utils/cpputils/cxxutils.cc +index 777c52e7..b4fb3c3f 100644 +--- a/src/utils/cpputils/cxxutils.cc ++++ b/src/utils/cpputils/cxxutils.cc +@@ -19,13 +19,13 @@ + namespace CXXUtils { + std::vector Split(const std::string &str, char delimiter) + { +- std::vector ret_vec; +- std::string tmpstr; ++ std::vector retVec; ++ std::string tmpStr; + std::istringstream istream(str); +- while (std::getline(istream, tmpstr, delimiter)) { +- ret_vec.push_back(tmpstr); ++ while (std::getline(istream, tmpStr, delimiter)) { ++ retVec.push_back(tmpStr); + } +- return ret_vec; ++ return retVec; + } + + // Join concatenates the elements of a to create a single string. The separator string +diff --git a/src/utils/cpputils/read_write_lock.h b/src/utils/cpputils/read_write_lock.h +index 0149e3a5..047d459f 100644 +--- a/src/utils/cpputils/read_write_lock.h ++++ b/src/utils/cpputils/read_write_lock.h +@@ -15,10 +15,8 @@ + #ifndef UTILS_CPPUTILS_READ_WRITE_LOCK_H + #define UTILS_CPPUTILS_READ_WRITE_LOCK_H + +-#include + #include + #include +-#include + + class RWMutex { + public: +diff --git a/src/utils/cpputils/stoppable_thread.h b/src/utils/cpputils/stoppable_thread.h +index f5f4fb3f..dada6b50 100644 +--- a/src/utils/cpputils/stoppable_thread.h ++++ b/src/utils/cpputils/stoppable_thread.h +@@ -16,7 +16,6 @@ + #define UTILS_CPPUTILS_STOPPABLE_THREAD_H + + #include +-#include + #include + #include + #include +diff --git a/src/utils/cpputils/url.cc b/src/utils/cpputils/url.cc +index 49843644..03ff2653 100644 +--- a/src/utils/cpputils/url.cc ++++ b/src/utils/cpputils/url.cc +@@ -31,6 +31,7 @@ bool GetHexDigit(char c, char &d) + if (c >= '0' && c <= '9') { + d = c - '0'; + } else if (c >= 'a' && c <= 'f') { ++ // 10 equal to a in hex + d = c - 'a' + 10; + } else { + d = c - 'A' + 10; +@@ -104,7 +105,7 @@ std::string QueryUnescape(const std::string &s) + + int UnescapeDealWithPercentSign(size_t &i, std::string &s, const EncodeMode &mode) + { +- std::string percent_sign = "%25"; ++ std::string percentSign = "%25"; + // URL encoding replaces unsafe ASCII characters with a "%" followed by two hexadecimal digits + if ((size_t)(i + 2) >= s.length() || !IsHex(s[i + 1]) || !IsHex(s[i + 2])) { + s.erase(s.begin(), s.begin() + (long)i); +@@ -119,15 +120,16 @@ int UnescapeDealWithPercentSign(size_t &i, std::string &s, const EncodeMode &mod + if (!GetHexDigit(s[i + 1], s1) || !GetHexDigit(s[i + 2], s2)) { + return -1; + } ++ // for 3 bit hex, max value is 8 + if (mode == EncodeMode::ENCODE_HOST && s1 < 8 && +- std::string(s.begin() + (long)i, s.begin() + (long)i + 3) != percent_sign) { +- ERROR("invalid URL escape %s", std::string(s.begin() + (long)i, s.begin() + (long)i + 3).c_str()); ++ std::string(s.begin() + static_cast(i), s.begin() + static_cast(i+3)) != percentSign) { ++ ERROR("invalid URL escape %s", std::string(s.begin() + static_cast(i), s.begin() + static_cast(i + 3)).c_str()); + return -1; + } + if (mode == EncodeMode::ENCODE_ZONE) { + char v = static_cast((static_cast(s1) << 4) | static_cast(s2)); +- if (std::string(s.begin() + static_cast(i), s.begin() + static_cast(i) + 3) != percent_sign && v != ' ' && +- ShouldEscape(v, EncodeMode::ENCODE_HOST)) { ++ if (std::string(s.begin() + static_cast(i), s.begin() + static_cast(i) + 3) != percentSign && ++ v != ' ' && ShouldEscape(v, EncodeMode::ENCODE_HOST)) { + ERROR("invalid URL escape %s", + std::string(s.begin() + static_cast(i), s.begin() + static_cast(i) + 3).c_str()); + return -1; +@@ -178,7 +180,8 @@ void DoUnescape(std::string &t, const std::string &s, const EncodeMode &mode) + if (!GetHexDigit(s[i + 1], s1) || !GetHexDigit(s[i + 2], s2)) { + return; + } +- t[j++] = (char)(((unsigned char)s1 << 4) | (unsigned char)s2); ++ // we use 4 high bit of 1 + 4 low bit of s2 to create new char ++ t[j++] = (char)((static_cast(s1) << 4) | static_cast(s2)); + i += 3; + } + break; +@@ -249,7 +252,9 @@ std::string Escape(const std::string &s, const EncodeMode &mode) + t[j++] = '+'; + } else if (ShouldEscape(c, mode)) { + t[j] = '%'; +- t[j + 1] = "0123456789ABCDEF"[(unsigned char)c >> 4]; ++ // get 4 high bit of c ++ t[j + 1] = "0123456789ABCDEF"[static_cast(c) >> 4]; ++ // get 4 low bit of c + t[j + 2] = "0123456789ABCDEF"[c & 15]; + j += 3; + } else { +@@ -288,8 +293,8 @@ int Getscheme(const std::string &rawurl, std::string &scheme, std::string &path) + ERROR("missing protocol scheme"); + return -1; + } +- scheme = std::string(rawurl.begin(), rawurl.begin() + (long)i); +- path = std::string(rawurl.begin() + (long)i + 1, rawurl.end()); ++ scheme = std::string(rawurl.begin(), rawurl.begin() + static_cast(i)); ++ path = std::string(rawurl.begin() + static_cast(i + 1), rawurl.end()); + return 0; + } else { + scheme = ""; +@@ -355,25 +360,25 @@ int SplitOffPossibleLeading(std::string &scheme, const std::string &rawurl, URLD + } + + URLDatum *HandleNonBackslashPrefix(URLDatum *url, const std::string &scheme, const std::string &rest, bool viaRequest, +- bool &should_ret) ++ bool &shouldRet) + { + if (rest.at(0) == '/') { + return nullptr; + } + if (!scheme.empty()) { +- should_ret = true; ++ shouldRet = true; + url->SetOpaque(rest); + return url; + } + if (viaRequest) { +- should_ret = true; ++ shouldRet = true; + ERROR("invalid URI for request"); + return nullptr; + } + size_t colon = rest.find(":"); + size_t slash = rest.find("/"); + if (colon != std::string::npos && (slash == std::string::npos || colon < slash)) { +- should_ret = true; ++ shouldRet = true; + ERROR("first path segment in URL cannot contain colon"); + return nullptr; + } +@@ -420,9 +425,9 @@ URLDatum *Parse(const std::string &rawurl, bool viaRequest) + if (SplitOffPossibleLeading(scheme, rawurl, url, rest) != 0) { + return nullptr; + } +- bool should_ret = false; +- auto *tmpret = HandleNonBackslashPrefix(url, scheme, rest, viaRequest, should_ret); +- if (should_ret) { ++ bool shouldRet = false; ++ auto *tmpret = HandleNonBackslashPrefix(url, scheme, rest, viaRequest, shouldRet); ++ if (shouldRet) { + return tmpret; + } + if (SetURLDatumInfo(url, scheme, viaRequest, rest) != 0) { +diff --git a/src/utils/cutils/utils_file.h b/src/utils/cutils/utils_file.h +index 9bf60c6c..aca066ab 100644 +--- a/src/utils/cutils/utils_file.h ++++ b/src/utils/cutils/utils_file.h +@@ -22,8 +22,6 @@ + #include + #include + +-struct dirent; +- + #ifdef __cplusplus + extern "C" { + #endif +diff --git a/src/utils/cutils/utils_timestamp.h b/src/utils/cutils/utils_timestamp.h +index 2e93a215..4bfe796d 100644 +--- a/src/utils/cutils/utils_timestamp.h ++++ b/src/utils/cutils/utils_timestamp.h +@@ -20,8 +20,6 @@ + #include + #include + +-struct tm; +- + #ifdef __cplusplus + extern "C" { + #endif +diff --git a/src/utils/http/rest_common.h b/src/utils/http/rest_common.h +index aebc48c0..6363e67d 100644 +--- a/src/utils/http/rest_common.h ++++ b/src/utils/http/rest_common.h +@@ -21,8 +21,6 @@ + #include "http/http.h" + #include "parser.h" + +-struct parsed_http_message; +- + #ifdef __cplusplus + extern "C" { + #endif +diff --git a/src/utils/tar/isulad_tar.c b/src/utils/tar/isulad_tar.c +index 48ac96da..709dfdd9 100644 +--- a/src/utils/tar/isulad_tar.c ++++ b/src/utils/tar/isulad_tar.c +@@ -23,10 +23,11 @@ + #include + #include + ++#include ++ + #include "stdbool.h" + #include "utils.h" + #include "path.h" +-#include "isula_libutils/log.h" + #include "error.h" + #include "isula_libutils/json_common.h" + #include "util_archive.h" +diff --git a/src/utils/tar/isulad_tar.h b/src/utils/tar/isulad_tar.h +index ec085c25..b620fd02 100644 +--- a/src/utils/tar/isulad_tar.h ++++ b/src/utils/tar/isulad_tar.h +@@ -25,8 +25,6 @@ + + #include "io_wrapper.h" + +-struct io_read_wrapper; +- + #ifdef __cplusplus + extern "C" { + #endif +diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c +index 19e6a6b1..a9d0025b 100644 +--- a/src/utils/tar/util_archive.c ++++ b/src/utils/tar/util_archive.c +@@ -21,20 +21,21 @@ + #include + #include + #include ++#include ++#include + #include + #include + #include + #include ++#include + #include + #include + #include + #include +-#include +-#include + +-#include "stdbool.h" ++#include ++ + #include "utils.h" +-#include "isula_libutils/log.h" + #include "io_wrapper.h" + #include "utils_file.h" + #include "map.h" +diff --git a/src/utils/tar/util_archive.h b/src/utils/tar/util_archive.h +index 30f35e19..9312235d 100644 +--- a/src/utils/tar/util_archive.h ++++ b/src/utils/tar/util_archive.h +@@ -26,8 +26,6 @@ + + #define ARCHIVE_BLOCK_SIZE (32 * 1024) + +-struct io_read_wrapper; +- + #ifdef __cplusplus + extern "C" { + #endif +-- +2.40.1 + diff --git a/0124-remove-password-in-url-module-and-clean-sensitive-in.patch b/0124-remove-password-in-url-module-and-clean-sensitive-in.patch new file mode 100644 index 0000000..2fbc62b --- /dev/null +++ b/0124-remove-password-in-url-module-and-clean-sensitive-in.patch @@ -0,0 +1,332 @@ +From e00bfcc07038b2da85811a0750725e4fb96a52b1 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Tue, 29 Aug 2023 11:41:26 +0800 +Subject: [PATCH 124/145] remove password in url module and clean sensitive + info in struct passwd + +Signed-off-by: zhongtao +--- + .../modules/image/image_rootfs_handler.c | 13 +- + src/utils/cpputils/url.cc | 144 +----------------- + src/utils/cpputils/url.h | 19 +-- + 3 files changed, 15 insertions(+), 161 deletions(-) + +diff --git a/src/daemon/modules/image/image_rootfs_handler.c b/src/daemon/modules/image/image_rootfs_handler.c +index 1275658e..990c2720 100644 +--- a/src/daemon/modules/image/image_rootfs_handler.c ++++ b/src/daemon/modules/image/image_rootfs_handler.c +@@ -85,6 +85,7 @@ static int proc_by_fpasswd(FILE *f_passwd, const char *user, defs_process_user * + char buf[BUFSIZ] = { 0 }; + struct passwd pw; + struct passwd *pwbufp = NULL; ++ int ret = -1; + + if (f_passwd != NULL) { + #if defined (__ANDROID__) || defined(__MUSL__) +@@ -116,7 +117,7 @@ static int proc_by_fpasswd(FILE *f_passwd, const char *user, defs_process_user * + if (errval != 0 && errval != ENOENT) { + ERROR("Failed to parse passwd file: Insufficient buffer space supplied"); + isulad_set_error_message("Failed to parse passwd file: Insufficient buffer space supplied"); +- return -1; ++ goto out; + } + if (!userfound && user != NULL) { + int uret = util_safe_llong(user, &n_user); +@@ -124,16 +125,20 @@ static int proc_by_fpasswd(FILE *f_passwd, const char *user, defs_process_user * + if (uret != 0) { + ERROR("Unable to find user '%s'", user); + isulad_set_error_message("Unable to find user '%s': no matching entries in passwd file", user); +- return -1; ++ goto out; + } + if (n_user < MINUID || n_user > MAXUID) { + uids_gids_range_err_log(); +- return -1; ++ goto out; + } + puser->uid = (uid_t)n_user; + } ++ ret = 0; + +- return 0; ++out: ++ memset(buf, 0, sizeof(buf)); ++ memset(pwbufp, 0, sizeof(struct passwd)); ++ return ret; + } + + static int append_additional_gids(gid_t gid, gid_t **additional_gids, size_t *len) +diff --git a/src/utils/cpputils/url.cc b/src/utils/cpputils/url.cc +index 03ff2653..dfc9fc14 100644 +--- a/src/utils/cpputils/url.cc ++++ b/src/utils/cpputils/url.cc +@@ -266,12 +266,7 @@ std::string Escape(const std::string &s, const EncodeMode &mode) + + UserInfo *User(const std::string &username) noexcept + { +- return new UserInfo { username, "", false }; +-} +- +-UserInfo *UserPassword(const std::string &username, const std::string &password) noexcept +-{ +- return new UserInfo { username, password, true }; ++ return new UserInfo { username }; + } + + int Getscheme(const std::string &rawurl, std::string &scheme, std::string &path) +@@ -324,24 +319,6 @@ void Split(const std::string &s, const std::string &c, bool cutc, std::string &t + u = s.substr(i, s.size()); + } + +-URLDatum *Parse(const std::string &rawurl) +-{ +- std::string u, frag; +- Split(rawurl, "#", true, u, frag); +- auto *url = Parse(u, false); +- if (url == nullptr) { +- return nullptr; +- } +- if (frag.empty()) { +- return url; +- } +- url->SetFragment(Unescape(frag, EncodeMode::ENCODE_FRAGMENT)); +- if (url->GetFragment().empty()) { +- return nullptr; +- } +- return url; +-} +- + int SplitOffPossibleLeading(std::string &scheme, const std::string &rawurl, URLDatum *url, std::string &rest) + { + if (Getscheme(rawurl, scheme, rest) != 0) { +@@ -385,108 +362,6 @@ URLDatum *HandleNonBackslashPrefix(URLDatum *url, const std::string &scheme, con + return nullptr; + } + +-int SetURLDatumInfo(URLDatum *url, const std::string &scheme, bool viaRequest, std::string &rest) +-{ +- if ((!scheme.empty() || (!viaRequest && rest.substr(0, 3) == "///")) && rest.substr(0, 2) == "//") { +- std::string authority; +- Split(rest.substr(2, rest.size()), "/", false, authority, rest); +- std::string host = url->GetHost(); +- UserInfo *user = url->GetUser(); +- if (ParseAuthority(authority, &user, host)) { +- return -1; +- } +- url->SetHost(host); +- url->SetUser(user); +- } +- if (url->SetPath(rest)) { +- return -1; +- } +- url->SetScheme(scheme); +- return 0; +-} +- +-URLDatum *Parse(const std::string &rawurl, bool viaRequest) +-{ +- if (rawurl.empty() && viaRequest) { +- ERROR("empty url!"); +- return nullptr; +- } +- auto *url = new (std::nothrow) URLDatum; +- if (url == nullptr) { +- ERROR("Out of memory"); +- return nullptr; +- } +- if (rawurl == "*") { +- url->SetPathWithoutEscape("*"); +- return url; +- } +- std::string scheme = url->GetScheme(); +- std::string rest; +- if (SplitOffPossibleLeading(scheme, rawurl, url, rest) != 0) { +- return nullptr; +- } +- bool shouldRet = false; +- auto *tmpret = HandleNonBackslashPrefix(url, scheme, rest, viaRequest, shouldRet); +- if (shouldRet) { +- return tmpret; +- } +- if (SetURLDatumInfo(url, scheme, viaRequest, rest) != 0) { +- return nullptr; +- } +- return url; +-} +- +-int ParseAuthority(const std::string &authority, UserInfo **user, std::string &host) +-{ +- size_t i = authority.find("@"); +- if (i == std::string::npos) { +- if (ParseHost(authority, host) != 0) { +- *user = nullptr; +- host = ""; +- return -1; +- } +- } else { +- if (ParseHost(authority.substr(i + 1, authority.size()), host) != 0) { +- *user = nullptr; +- host = ""; +- return -1; +- } +- } +- if (i == std::string::npos) { +- *user = nullptr; +- return 0; +- } +- +- std::string userinfo = authority.substr(0, i); +- if (!ValidUserinfo(userinfo)) { +- *user = nullptr; +- host = ""; +- ERROR("net/url: invalid userinfo"); +- return -1; +- } +- if (userinfo.find(":") == std::string::npos) { +- userinfo = Unescape(userinfo, EncodeMode::ENCODE_USER_PASSWORD); +- if (userinfo.empty()) { +- *user = nullptr; +- host = ""; +- return -1; +- } +- *user = User(userinfo); +- } else { +- std::string servername, serverword; +- Split(userinfo, ":", true, servername, serverword); +- servername = Unescape(servername, EncodeMode::ENCODE_USER_PASSWORD); +- serverword = Unescape(serverword, EncodeMode::ENCODE_USER_PASSWORD); +- if (servername.empty() || serverword.empty()) { +- *user = nullptr; +- host = ""; +- return -1; +- } +- *user = UserPassword(servername, serverword); +- } +- return 0; +-} +- + int ParseHost(std::string host, std::string &out) + { + if (host.at(0) == '[') { +@@ -756,9 +631,6 @@ std::string UserInfo::String() const + std::string s; + if (!m_username.empty()) { + s = Escape(m_username, EncodeMode::ENCODE_USER_PASSWORD); +- if (m_passwordSet) { +- s += ":" + Escape(m_password, EncodeMode::ENCODE_USER_PASSWORD); +- } + } + return s; + } +@@ -766,11 +638,6 @@ std::string UserInfo::Username() const + { + return m_username; + } +-std::string UserInfo::Password(bool &set) const +-{ +- set = m_passwordSet; +- return m_password; +-} + + URLDatum::~URLDatum() + { +@@ -860,15 +727,6 @@ bool URLDatum::IsAbs() const + return (m_scheme != ""); + } + +-std::unique_ptr URLDatum::UrlParse(const std::string &ref) +-{ +- auto *refurl = Parse(ref); +- if (refurl == nullptr) { +- return nullptr; +- } +- return ResolveReference(refurl); +-} +- + std::unique_ptr URLDatum::ResolveReference(URLDatum *ref) + { + std::unique_ptr url(new (std::nothrow) URLDatum(*ref)); +diff --git a/src/utils/cpputils/url.h b/src/utils/cpputils/url.h +index abbf20f4..3dd40079 100644 +--- a/src/utils/cpputils/url.h ++++ b/src/utils/cpputils/url.h +@@ -49,17 +49,13 @@ private: + + class UserInfo { + public: +- UserInfo(const std::string &u, const std::string &p, bool b) : m_username(u), m_password(p), +- m_passwordSet(b) {} ++ UserInfo(const std::string &u) : m_username(u) {} + ~UserInfo() = default; + std::string String() const; + std::string Username() const; +- std::string Password(bool &set) const; + + private: + std::string m_username; +- std::string m_password; +- bool m_passwordSet; + }; + + class URLDatum { +@@ -69,7 +65,6 @@ public: + std::string EscapedPath(); + std::string String(); + bool IsAbs() const; +- std::unique_ptr UrlParse(const std::string &ref); + std::unique_ptr ResolveReference(URLDatum *ref); + auto Query()->std::map>; + std::string RequestURI(); +@@ -88,7 +83,7 @@ public: + { + m_opaque = value; + } +- std::string GetOpaque() const ++ std::string GetOpaque() const + { + return m_opaque; + } +@@ -96,7 +91,7 @@ public: + { + m_user = value; + } +- UserInfo *GetUser() const ++ UserInfo *GetUser() const + { + return m_user; + } +@@ -128,7 +123,7 @@ public: + { + m_rawQuery = value; + } +- std::string GetRawQuery() const ++ std::string GetRawQuery() const + { + return m_rawQuery; + } +@@ -136,7 +131,7 @@ public: + { + m_fragment = value; + } +- std::string GetFragment() const ++ std::string GetFragment() const + { + return m_fragment; + } +@@ -163,13 +158,9 @@ std::string QueryUnescape(const std::string &s); + std::string Unescape(std::string s, const EncodeMode &mode); + std::string QueryEscape(const std::string &s); + std::string Escape(const std::string &s, const EncodeMode &mode); +-UserInfo *UserPassword(const std::string &username, const std::string &password) noexcept; + UserInfo *User(const std::string &username) noexcept; + int Getscheme(const std::string &rawurl, std::string &scheme, std::string &path); + void Split(const std::string &s, const std::string &c, bool cutc, std::string &t, std::string &u); +-URLDatum *Parse(const std::string &rawurl); +-URLDatum *Parse(const std::string &rawurl, bool viaRequest); +-int ParseAuthority(const std::string &authority, UserInfo **user, std::string &host); + int ParseHost(std::string host, std::string &out); + bool ValidEncodedPath(const std::string &s); + bool ValidOptionalPort(const std::string &port); +-- +2.40.1 + diff --git a/0125-2153-fix-codecheck.patch b/0125-2153-fix-codecheck.patch new file mode 100644 index 0000000..00833f8 --- /dev/null +++ b/0125-2153-fix-codecheck.patch @@ -0,0 +1,460 @@ +From e8ad7f46602cd79f44d1c212c86c900859cb88c9 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Tue, 29 Aug 2023 09:38:53 +0000 +Subject: [PATCH 125/145] !2153 fix codecheck * fix codecheck + +--- + src/daemon/modules/image/embedded/load.c | 2 +- + src/daemon/modules/image/image.c | 4 +- + src/daemon/modules/image/oci/oci_login.h | 2 - + src/daemon/modules/image/oci/oci_logout.h | 2 - + .../oci/storage/image_store/image_store.c | 1 - + .../oci/storage/image_store/image_store.h | 2 - + .../graphdriver/devmapper/deviceset.c | 9 ++- + .../graphdriver/devmapper/deviceset.h | 5 +- + .../graphdriver/devmapper/driver_devmapper.h | 16 ++--- + .../graphdriver/devmapper/wrapper_devmapper.h | 2 - + .../storage/layer_store/graphdriver/driver.c | 2 +- + .../storage/layer_store/graphdriver/driver.h | 59 ++++++++----------- + .../graphdriver/overlay2/driver_overlay2.c | 3 - + .../graphdriver/overlay2/driver_overlay2.h | 8 +-- + .../graphdriver/quota/project_quota.h | 1 - + .../oci/storage/layer_store/layer_store.c | 1 - + .../oci/storage/layer_store/layer_store.h | 4 -- + .../overlay_remote_impl.c | 1 - + .../remote_layer_support/remote_support.c | 2 +- + .../remote_layer_support/remote_support.h | 2 +- + .../oci/storage/rootfs_store/rootfs_store.h | 4 -- + 21 files changed, 46 insertions(+), 86 deletions(-) + +diff --git a/src/daemon/modules/image/embedded/load.c b/src/daemon/modules/image/embedded/load.c +index dc2aeba2..92ac42ad 100644 +--- a/src/daemon/modules/image/embedded/load.c ++++ b/src/daemon/modules/image/embedded/load.c +@@ -36,7 +36,7 @@ static char *replace_suffix_to_sgn(const char *file) + ERROR("invalid NULL param"); + return NULL; + } +- if (sizeof(".sgn") > SIZE_MAX - strlen(file)) { ++ if (strlen(file) > SIZE_MAX - sizeof(".sgn")) { + return NULL; + } + len = strlen(file) + sizeof(".sgn"); +diff --git a/src/daemon/modules/image/image.c b/src/daemon/modules/image/image.c +index 4b0e2c07..e1b309b6 100644 +--- a/src/daemon/modules/image/image.c ++++ b/src/daemon/modules/image/image.c +@@ -768,7 +768,9 @@ int im_merge_image_config(const char *image_type, const char *image_name, contai + int ret = 0; + struct bim *bim = NULL; + +- if (container_spec == NULL || image_name == NULL || image_type == NULL) { ++ // there is no need to judge the image name as empty, ++ // because the image name of external type allows it to be empty. ++ if (container_spec == NULL || image_type == NULL) { + ERROR("Invalid input arguments"); + ret = -1; + goto out; +diff --git a/src/daemon/modules/image/oci/oci_login.h b/src/daemon/modules/image/oci/oci_login.h +index ab261ebd..acf6eeb6 100644 +--- a/src/daemon/modules/image/oci/oci_login.h ++++ b/src/daemon/modules/image/oci/oci_login.h +@@ -15,8 +15,6 @@ + #ifndef DAEMON_MODULES_IMAGE_OCI_OCI_LOGIN_H + #define DAEMON_MODULES_IMAGE_OCI_OCI_LOGIN_H + +-#include +- + #ifdef __cplusplus + extern "C" { + #endif +diff --git a/src/daemon/modules/image/oci/oci_logout.h b/src/daemon/modules/image/oci/oci_logout.h +index 81f0196c..c0a9bb8b 100644 +--- a/src/daemon/modules/image/oci/oci_logout.h ++++ b/src/daemon/modules/image/oci/oci_logout.h +@@ -15,8 +15,6 @@ + #ifndef DAEMON_MODULES_IMAGE_OCI_OCI_LOGOUT_H + #define DAEMON_MODULES_IMAGE_OCI_OCI_LOGOUT_H + +-#include +- + #ifdef __cplusplus + extern "C" { + #endif +diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c +index 6908ccc2..abd625f7 100644 +--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c ++++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c +@@ -2122,7 +2122,6 @@ static int pack_repo_digest(char ***old_repo_digests, const char **image_tags, c + } + + for (i = 0; i < util_array_len((const char **)*repo_digests); i++) { +- bool value = true; + if (!map_replace(digest_map, (void *)(*repo_digests)[i], &value)) { + ERROR("Failed to insert pair to digest map: %s", (*repo_digests)[i]); + ret = -1; +diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.h b/src/daemon/modules/image/oci/storage/image_store/image_store.h +index 019a2881..4544f84b 100644 +--- a/src/daemon/modules/image/oci/storage/image_store/image_store.h ++++ b/src/daemon/modules/image/oci/storage/image_store/image_store.h +@@ -29,8 +29,6 @@ + #include "isula_libutils/imagetool_images_list.h" + #include "isula_libutils/imagetool_image_summary.h" + +-struct storage_module_init_options; +- + #ifdef __cplusplus + extern "C" { + #endif +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c +index 5f8d6c56..046dd333 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c +@@ -106,7 +106,6 @@ static int handle_dm_min_free_space(char *val, struct device_set *devset) + { + long converted = 0; + int ret = util_parse_percent_string(val, &converted); +- + if (ret != 0 || converted >= 100) { + ERROR("Invalid min free space: '%s': %s", val, strerror(-ret)); + isulad_set_error_message("Invalid min free space: '%s': %s", val, strerror(-ret)); +@@ -292,7 +291,8 @@ static char *deviceset_meta_file(const struct device_set *devset) + return file; + } + +-// get_dm_name return value format:container-253:0-409697-401641a00390ccd2b21eb464f5eb5a7b735c3731b717e7bffafe65971f4cb498 ++// get_dm_name return value format: ++// container-253:0-409697-401641a00390ccd2b21eb464f5eb5a7b735c3731b717e7bffafe65971f4cb498 + static char *get_dm_name(const struct device_set *devset, const char *hash) + { + int nret = 0; +@@ -311,7 +311,8 @@ static char *get_dm_name(const struct device_set *devset, const char *hash) + return util_strdup_s(buff); + } + +-// get_dev_name return value fromat:/dev/mapper/container-253:0-409697-401641a00390ccd2b21eb464f5eb5a7b735c3731b717e7bffafe65971f4cb498 ++// get_dev_name return value fromat: ++// /dev/mapper/container-253:0-409697-401641a00390ccd2b21eb464f5eb5a7b735c3731b717e7bffafe65971f4cb498 + static char *get_dev_name(const char *name) + { + return util_string_append(name, DEVMAPPER_DECICE_DIRECTORY); +@@ -2350,7 +2351,6 @@ static int setup_base_image(struct device_set *devset) + devmapper_device_info_t *device_info = NULL; + + device_info = lookup_device(devset, "base"); +- + // base image already exists. If it is initialized properly, do UUID + // verification and return. Otherwise remove image and set it up + // fresh. +@@ -2503,7 +2503,6 @@ static void cleanup_deleted_devices(struct graphdriver *driver) + goto unlock_driver; + } + +- + if (driver->devset->nr_deleted_devices == 0) { + DEBUG("devmapper: no devices to delete"); + goto unlock_devset; +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.h b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.h +index ec985e40..d7f7d184 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.h ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.h +@@ -23,10 +23,7 @@ + + #include "driver.h" + #include "metadata_store.h" +- +-struct device_set; +-struct driver_mount_opts; +-struct graphdriver; ++#include "devices_constants.h" + + #ifdef __cplusplus + extern "C" { +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.h b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.h +index 9ee020de..dca2d614 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.h ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.h +@@ -16,22 +16,18 @@ + #define DAEMON_MODULES_IMAGE_OCI_STORAGE_LAYER_STORE_GRAPHDRIVER_DEVMAPPER_DRIVER_DEVMAPPER_H + + #include +-#include +-#include + #include + #include + #include ++#include ++#include ++#include ++#include + + #include "driver.h" + #include "map.h" +-#include "isula_libutils/image_devmapper_transaction.h" +-#include "isula_libutils/image_devmapper_deviceset_metadata.h" +- +-struct driver_create_opts; +-struct driver_mount_opts; +-struct graphdriver; +-struct graphdriver_status; +-struct io_read_wrapper; ++#include "image_api.h" ++#include "io_wrapper.h" + + #ifdef __cplusplus + extern "C" { +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.h b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.h +index 01771a3b..4b2ae82b 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.h ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.h +@@ -24,8 +24,6 @@ + + #include "driver.h" + +-struct dm_task; +- + #ifdef __cplusplus + extern "C" { + #endif +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c +index 29223700..71cbbe1c 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c +@@ -1,5 +1,5 @@ + /****************************************************************************** +- * Copyright (c) Huawei Technologies Co., Ltd. 2017-2019. All rights reserved. ++ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * iSulad licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.h b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.h +index acd847cc..2fcfa12b 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.h ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.h +@@ -1,5 +1,5 @@ + /****************************************************************************** +- * Copyright (c) Huawei Technologies Co., Ltd. 2019. All rights reserved. ++ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * iSulad licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: +@@ -20,25 +20,42 @@ + #include + #include + #include ++#include ++#include + +-#include "isula_libutils/container_inspect.h" +-#include "isula_libutils/json_common.h" + #include "io_wrapper.h" + #include "driver_overlay2_types.h" + #include "devices_constants.h" + #include "storage.h" + #include "image_api.h" +-#include "isula_libutils/container_inspect.h" +- +-struct graphdriver_status; +-struct io_read_wrapper; +-struct storage_module_init_options; + + #ifdef __cplusplus + extern "C" { + #endif + +-struct graphdriver; ++struct graphdriver { ++ // common implement ++ const struct graphdriver_ops *ops; ++ const char *name; ++ const char *home; ++ char *backing_fs; ++ bool support_dtype; ++ ++ bool support_quota; ++#ifdef ENABLE_REMOTE_LAYER_STORE ++ bool enable_remote_layer; ++#endif ++ struct pquota_control *quota_ctrl; ++ ++ // options for overlay2 ++ struct overlay_options *overlay_opts; ++ ++ // options for device mapper ++ struct device_set *devset; ++ ++ // lock to protect graphdriver between cleanup and other operations ++ pthread_rwlock_t rwlock; ++}; + + struct driver_create_opts { + char *mount_label; +@@ -81,30 +98,6 @@ struct graphdriver_ops { + int (*get_layer_fs_info)(const char *id, const struct graphdriver *driver, imagetool_fs_info *fs_info); + }; + +-struct graphdriver { +- // common implement +- const struct graphdriver_ops *ops; +- const char *name; +- const char *home; +- char *backing_fs; +- bool support_dtype; +- +- bool support_quota; +-#ifdef ENABLE_REMOTE_LAYER_STORE +- bool enable_remote_layer; +-#endif +- struct pquota_control *quota_ctrl; +- +- // options for overlay2 +- struct overlay_options *overlay_opts; +- +- // options for device mapper +- struct device_set *devset; +- +- // lock to protect graphdriver between cleanup and other operations +- pthread_rwlock_t rwlock; +-}; +- + int graphdriver_init(const struct storage_module_init_options *opts); + + int graphdriver_create_rw(const char *id, const char *parent, struct driver_create_opts *create_opts); +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c +index 2a209626..469a2367 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c +@@ -643,7 +643,6 @@ const static int check_lower_depth(const char *lowers_str) + + lowers_arr = util_string_split(lowers_str, ':'); + lowers_size = util_array_len((const char **)lowers_arr); +- + if (lowers_size > OVERLAY_LAYER_MAX_DEPTH) { + ERROR("Max depth exceeded %s", lowers_str); + ret = -1; +@@ -1268,7 +1267,6 @@ static int append_rel_empty_path(const char *id, char ***rel_lowers) + char *rel_path = NULL; + + rel_path = util_string_append("/empty", id); +- + if (util_array_append(rel_lowers, rel_path) != 0) { + SYSERROR("Can't append relative layer:%s", rel_path); + ret = -1; +@@ -2166,7 +2164,6 @@ int overlay2_repair_lowers(const char *id, const char *parent, const struct grap + lowers_str = read_layer_lower_file(layer_dir); + lowers_arr = util_string_split(lowers_str, ':'); + lowers_size = util_array_len((const char **)lowers_arr); +- + if (lowers_size != 0) { + if (check_lower_valid(driver->home, lowers_arr[0]) == 0) { + DEBUG("Try to repair layer %s, success check", id); +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.h b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.h +index 438c508e..444c0670 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.h ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.h +@@ -22,12 +22,8 @@ + #include + + #include "driver.h" +- +-struct driver_create_opts; +-struct driver_mount_opts; +-struct graphdriver; +-struct graphdriver_status; +-struct io_read_wrapper; ++#include "image_api.h" ++#include "io_wrapper.h" + + #ifdef __cplusplus + extern "C" { +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.h b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.h +index 94230faa..6cda7456 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.h ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.h +@@ -33,7 +33,6 @@ + #include + #include + #include +-#include + #include + #include + #include +diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c +index 6db590e3..87df8160 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c +@@ -886,7 +886,6 @@ static int caculate_playload(struct archive *ar, char **result) + bool empty = true; + + ctab = new_isula_crc_table(ISO_POLY); +- + if (ctab == NULL) { + return -1; + } +diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.h b/src/daemon/modules/image/oci/storage/layer_store/layer_store.h +index 20287119..eba406d4 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.h ++++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.h +@@ -24,10 +24,6 @@ + #include "storage.h" + #include "io_wrapper.h" + +-struct io_read_wrapper; +-struct layer_list; +-struct storage_module_init_options; +- + #ifdef __cplusplus + extern "C" { + #endif +diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c b/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c +index 38d9b0ce..86e05ac2 100644 +--- a/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c ++++ b/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c +@@ -185,7 +185,6 @@ static int remove_one_remote_overlay_layer(struct remote_overlay_data *data, con + } + + link_id = (char *)map_search(overlay_id_link, (void *)overlay_id); +- + if (link_id == NULL) { + ERROR("Failed to find link id for overlay layer: %s", overlay_id); + ret = -1; +diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c +index b1ac2156..69022073 100644 +--- a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c ++++ b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c +@@ -1,5 +1,5 @@ + /****************************************************************************** +- * Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved. ++ * Copyright (c) Huawei Technologies Co., Ltd. 2023. All rights reserved. + * iSulad licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: +diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.h b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.h +index 30e3ebb0..545cbe49 100644 +--- a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.h ++++ b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.h +@@ -1,5 +1,5 @@ + /****************************************************************************** +- * Copyright (c) Huawei Technologies Co., Ltd. 2020-2023. All rights reserved. ++ * Copyright (c) Huawei Technologies Co., Ltd. 2023. All rights reserved. + * iSulad licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: +diff --git a/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.h b/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.h +index 63f3294b..d618c401 100644 +--- a/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.h ++++ b/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.h +@@ -24,10 +24,6 @@ + #include "storage.h" + #include "rootfs.h" + +-struct rootfs_list; +-struct storage_module_init_options; +-struct storage_rootfs_options; +- + #ifdef __cplusplus + extern "C" { + #endif +-- +2.40.1 + diff --git a/0126-2154-fix-code-bug.patch b/0126-2154-fix-code-bug.patch new file mode 100644 index 0000000..f979459 --- /dev/null +++ b/0126-2154-fix-code-bug.patch @@ -0,0 +1,1084 @@ +From e904e2d75963262032ae5f78c83849b754427fa9 Mon Sep 17 00:00:00 2001 +From: zhangxiaoyu +Date: Tue, 29 Aug 2023 12:37:07 +0000 +Subject: [PATCH 126/145] !2154 fix code bug * fix code bug + +--- + src/daemon/common/events_format.c | 6 +- + src/daemon/common/selinux_label.c | 22 +- + src/daemon/common/selinux_label.h | 8 +- + src/daemon/common/sysinfo.c | 1 - + src/daemon/config/isulad_config.c | 280 ++++++++++-------- + src/daemon/config/isulad_config.h | 62 ++-- + src/daemon/executor/container_cb/execution.c | 4 +- + .../executor/container_cb/execution_create.c | 2 +- + .../executor/container_cb/execution_network.c | 9 + + .../executor/container_cb/execution_stream.h | 6 +- + src/daemon/executor/container_cb/list.c | 4 +- + src/daemon/executor/image_cb/image_cb.c | 18 +- + 12 files changed, 235 insertions(+), 187 deletions(-) + +diff --git a/src/daemon/common/events_format.c b/src/daemon/common/events_format.c +index e5ceab92..514b060e 100644 +--- a/src/daemon/common/events_format.c ++++ b/src/daemon/common/events_format.c +@@ -83,7 +83,11 @@ struct isulad_events_format *dup_event(const struct isulad_events_format *event) + return NULL; + } + +- event_copy(event, out); ++ if (event_copy(event, out) != 0) { ++ ERROR("Failed to copy event"); ++ isulad_events_format_free(out); ++ return NULL; ++ } + + return out; + } +diff --git a/src/daemon/common/selinux_label.c b/src/daemon/common/selinux_label.c +index d8bc1e08..7a295250 100644 +--- a/src/daemon/common/selinux_label.c ++++ b/src/daemon/common/selinux_label.c +@@ -247,7 +247,7 @@ static int get_current_label(char **content) + return read_con(path, content); + } + +-bool selinux_get_enable() ++bool selinux_get_enable(void) + { + bool enabled_set = false; + bool enabled = false; +@@ -295,7 +295,7 @@ bool selinux_get_enable() + } + + // just disable selinux support for iSulad +-void selinux_set_disabled() ++void selinux_set_disabled(void) + { + (void)set_state_enable(false); + } +@@ -376,9 +376,10 @@ int selinux_state_init(void) + return 0; + } + +-void selinux_state_free() ++void selinux_state_free(void) + { + do_selinux_state_free(g_selinux_state); ++ g_selinux_state = NULL; + } + + /* MCS already exists */ +@@ -987,6 +988,11 @@ int relabel(const char *path, const char *file_label, bool shared) + return 0; + } + ++ if (path == NULL) { ++ ERROR("Empty arguments"); ++ return -1; ++ } ++ + tmp_file_label = util_strdup_s(file_label); + if (is_exclude_relabel_path(path)) { + ERROR("SELinux relabeling of %s is not allowed", path); +@@ -1060,6 +1066,11 @@ int dup_security_opt(const char *src, char ***dst, size_t *len) + return 0; + } + ++ if (dst == NULL || len == NULL) { ++ ERROR("Empty arguments"); ++ return -1; ++ } ++ + context_t con = context_new(src); + if (con == NULL) { + ERROR("context new failed"); +@@ -1108,6 +1119,11 @@ out: + + int get_disable_security_opt(char ***labels, size_t *labels_len) + { ++ if (labels == NULL || labels_len == NULL) { ++ ERROR("Empty arguments"); ++ return -1; ++ } ++ + if (util_array_append(labels, "disable") != 0) { + ERROR("Failed to append label"); + return -1; +diff --git a/src/daemon/common/selinux_label.h b/src/daemon/common/selinux_label.h +index 625e94c3..4a3c03d4 100644 +--- a/src/daemon/common/selinux_label.h ++++ b/src/daemon/common/selinux_label.h +@@ -24,14 +24,14 @@ extern "C" { + #endif + + int selinux_state_init(void); +-void selinux_set_disabled(); +-bool selinux_get_enable(); +-int init_label(const char **label_opts, size_t label_opts_len, char **process_label, char **mount_label); ++void selinux_set_disabled(void); ++bool selinux_get_enable(void); ++int init_label(const char **label_opts, size_t label_opts_len, char **dst_process_label, char **dst_mount_label); + int relabel(const char *path, const char *file_label, bool shared); + int get_disable_security_opt(char ***labels, size_t *labels_len); + int dup_security_opt(const char *src, char ***dst, size_t *len); + char *selinux_format_mountlabel(const char *src, const char *mount_label); +-void selinux_state_free(); ++void selinux_state_free(void); + #ifdef __cplusplus + } + #endif +diff --git a/src/daemon/common/sysinfo.c b/src/daemon/common/sysinfo.c +index d0927f58..fbdea4e8 100644 +--- a/src/daemon/common/sysinfo.c ++++ b/src/daemon/common/sysinfo.c +@@ -46,7 +46,6 @@ + #define CGROUP_CPU_RT_RUNTIME "cpu.rt_runtime_us" + #define CGROUP_CPUSET_CPUS "cpuset.cpus" + #define CGROUP_CPUSET_MEMS "cpuset.mems" +-#define CGROUP_MEMORY_LIMIT "memory.limit_in_bytes" + #define CGROUP_MEMORY_SWAP "memory.memsw.limit_in_bytes" + #define CGROUP_MEMORY_SWAPPINESS "memory.swappiness" + #define CGROUP_MEMORY_RESERVATION "memory.soft_limit_in_bytes" +diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c +index 6db4e2a4..c9e64617 100644 +--- a/src/daemon/config/isulad_config.c ++++ b/src/daemon/config/isulad_config.c +@@ -119,7 +119,7 @@ out: + } + + /* isulad server conf wrlock */ +-int isulad_server_conf_wrlock() ++int isulad_server_conf_wrlock(void) + { + int ret = 0; + +@@ -132,7 +132,7 @@ int isulad_server_conf_wrlock() + } + + /* isulad server conf rdlock */ +-int isulad_server_conf_rdlock() ++int isulad_server_conf_rdlock(void) + { + int ret = 0; + +@@ -145,7 +145,7 @@ int isulad_server_conf_rdlock() + } + + /* isulad server conf unlock */ +-int isulad_server_conf_unlock() ++int isulad_server_conf_unlock(void) + { + int ret = 0; + +@@ -157,13 +157,13 @@ int isulad_server_conf_unlock() + return ret; + } + +-struct service_arguments *conf_get_server_conf() ++struct service_arguments *conf_get_server_conf(void) + { + return g_isulad_conf.server_conf; + } + + /* conf get isulad pidfile */ +-char *conf_get_isulad_pidfile() ++char *conf_get_isulad_pidfile(void) + { + char *filename = NULL; + struct service_arguments *conf = NULL; +@@ -185,7 +185,7 @@ out: + } + + /* conf get engine rootpath */ +-char *conf_get_engine_rootpath() ++char *conf_get_engine_rootpath(void) + { + char *epath = NULL; + char *rootpath = NULL; +@@ -236,7 +236,7 @@ int conf_get_cgroup_cpu_rt(int64_t *cpu_rt_period, int64_t *cpu_rt_runtime) + } + + conf = conf_get_server_conf(); +- if (conf == NULL) { ++ if (conf == NULL || conf->json_confs == NULL) { + (void)isulad_server_conf_unlock(); + return -1; + } +@@ -252,7 +252,7 @@ int conf_get_cgroup_cpu_rt(int64_t *cpu_rt_period, int64_t *cpu_rt_runtime) + } + + /* conf get graph checked flag file path */ +-char *conf_get_graph_check_flag_file() ++char *conf_get_graph_check_flag_file(void) + { + char *epath = NULL; + char *rootpath = NULL; +@@ -309,7 +309,7 @@ char *conf_get_routine_rootdir(const char *runtime) + } + + conf = conf_get_server_conf(); +- if (conf == NULL || conf->json_confs->graph == NULL) { ++ if (conf == NULL || conf->json_confs == NULL || conf->json_confs->graph == NULL) { + ERROR("Server conf is NULL or rootpath is NULL"); + goto out; + } +@@ -359,7 +359,7 @@ char *conf_get_routine_statedir(const char *runtime) + } + + conf = conf_get_server_conf(); +- if (conf == NULL || conf->json_confs->state == NULL) { ++ if (conf == NULL || conf->json_confs == NULL || conf->json_confs->state == NULL) { + goto out; + } + +@@ -390,7 +390,7 @@ out: + } + + /* conf get isulad rootdir */ +-char *conf_get_isulad_rootdir() ++char *conf_get_isulad_rootdir(void) + { + char *path = NULL; + struct service_arguments *conf = NULL; +@@ -400,7 +400,7 @@ char *conf_get_isulad_rootdir() + } + + conf = conf_get_server_conf(); +- if (conf == NULL || conf->json_confs->graph == NULL) { ++ if (conf == NULL || conf->json_confs == NULL || conf->json_confs->graph == NULL) { + goto out; + } + +@@ -412,7 +412,7 @@ out: + } + + /* conf get registry */ +-char **conf_get_registry_list() ++char **conf_get_registry_list(void) + { + int nret = 0; + size_t i; +@@ -425,7 +425,7 @@ char **conf_get_registry_list() + } + + conf = conf_get_server_conf(); +- if (conf == NULL || conf->json_confs->registry_mirrors_len == 0) { ++ if (conf == NULL || conf->json_confs == NULL || conf->json_confs->registry_mirrors_len == 0) { + goto out; + } + +@@ -448,7 +448,7 @@ out: + } + + /* conf get insecure registry */ +-char **conf_get_insecure_registry_list() ++char **conf_get_insecure_registry_list(void) + { + int nret = 0; + size_t i; +@@ -461,7 +461,7 @@ char **conf_get_insecure_registry_list() + } + + conf = conf_get_server_conf(); +- if (conf == NULL || conf->json_confs->insecure_registries_len == 0) { ++ if (conf == NULL || conf->json_confs == NULL || conf->json_confs->insecure_registries_len == 0) { + goto out; + } + +@@ -484,7 +484,7 @@ out: + } + + /* conf get isulad statedir */ +-char *conf_get_isulad_statedir() ++char *conf_get_isulad_statedir(void) + { + char *path = NULL; + struct service_arguments *conf = NULL; +@@ -494,7 +494,7 @@ char *conf_get_isulad_statedir() + } + + conf = conf_get_server_conf(); +- if (conf == NULL || conf->json_confs->state == NULL) { ++ if (conf == NULL || conf->json_confs == NULL || conf->json_confs->state == NULL) { + goto out; + } + +@@ -506,7 +506,7 @@ out: + } + + /* isulad monitor fifo name */ +-char *conf_get_isulad_monitor_fifo_path() ++char *conf_get_isulad_monitor_fifo_path(void) + { + int ret; + char fifo_file_path[PATH_MAX] = { 0 }; +@@ -561,7 +561,7 @@ static char *get_parent_mount_dir(char *graph) + } + + /* conf get isulad mount rootfs */ +-char *conf_get_isulad_mount_rootfs() ++char *conf_get_isulad_mount_rootfs(void) + { + char *path = NULL; + struct service_arguments *conf = NULL; +@@ -583,7 +583,7 @@ out: + } + + /* conf get isulad umask for containers */ +-char *conf_get_isulad_native_umask() ++char *conf_get_isulad_native_umask(void) + { + char *umask = NULL; + struct service_arguments *conf = NULL; +@@ -593,7 +593,7 @@ char *conf_get_isulad_native_umask() + } + + conf = conf_get_server_conf(); +- if (conf == NULL || conf->json_confs->native_umask == NULL) { ++ if (conf == NULL || conf->json_confs == NULL || conf->json_confs->native_umask == NULL) { + goto out; + } + +@@ -605,7 +605,7 @@ out: + } + + /* conf get isulad cgroup parent for containers */ +-char *conf_get_isulad_cgroup_parent() ++char *conf_get_isulad_cgroup_parent(void) + { + char *cgroup_parent = NULL; + struct service_arguments *conf = NULL; +@@ -615,7 +615,7 @@ char *conf_get_isulad_cgroup_parent() + } + + conf = conf_get_server_conf(); +- if (conf == NULL || conf->json_confs->cgroup_parent == NULL) { ++ if (conf == NULL || conf->json_confs == NULL || conf->json_confs->cgroup_parent == NULL) { + goto out; + } + +@@ -627,7 +627,7 @@ out: + } + + /* conf get isulad engine */ +-char *conf_get_isulad_engine() ++char *conf_get_isulad_engine(void) + { + char *engine = NULL; + struct service_arguments *conf = NULL; +@@ -637,7 +637,7 @@ char *conf_get_isulad_engine() + } + + conf = conf_get_server_conf(); +- if (conf == NULL || conf->json_confs->engine == NULL) { ++ if (conf == NULL || conf->json_confs == NULL || conf->json_confs->engine == NULL) { + goto out; + } + +@@ -649,7 +649,7 @@ out: + } + + /* conf get isulad loglevel */ +-char *conf_get_isulad_loglevel() ++char *conf_get_isulad_loglevel(void) + { + char *loglevel = NULL; + struct service_arguments *conf = NULL; +@@ -659,7 +659,7 @@ char *conf_get_isulad_loglevel() + } + + conf = conf_get_server_conf(); +- if (conf == NULL || conf->json_confs->log_level == NULL) { ++ if (conf == NULL || conf->json_confs == NULL || conf->json_confs->log_level == NULL) { + goto out; + } + +@@ -677,7 +677,7 @@ char *get_log_file_helper(const struct service_arguments *conf, const char *suff + size_t len = 0; + int nret = 0; + +- if (suffix == NULL) { ++ if (conf == NULL || suffix == NULL) { + return NULL; + } + +@@ -709,7 +709,7 @@ out: + } + + /* conf get isulad log gather fifo path */ +-char *conf_get_isulad_log_gather_fifo_path() ++char *conf_get_isulad_log_gather_fifo_path(void) + { + #define LOG_GATHER_FIFO_NAME "/isulad_log_gather_fifo" + char *logfile = NULL; +@@ -752,7 +752,7 @@ out: + } + + /* conf get isulad log file */ +-char *conf_get_isulad_log_file() ++char *conf_get_isulad_log_file(void) + { + char *logfile = NULL; + struct service_arguments *conf = NULL; +@@ -774,7 +774,7 @@ out: + } + + /* conf get engine log file */ +-char *conf_get_engine_log_file() ++char *conf_get_engine_log_file(void) + { + char *logfile = NULL; + char *full_path = NULL; +@@ -841,7 +841,7 @@ int conf_get_daemon_log_config(char **loglevel, char **logdriver, char **engine_ + } + + /* conf get isulad logdriver */ +-char *conf_get_isulad_logdriver() ++char *conf_get_isulad_logdriver(void) + { + char *logdriver = NULL; + struct service_arguments *conf = NULL; +@@ -851,7 +851,7 @@ char *conf_get_isulad_logdriver() + } + + conf = conf_get_server_conf(); +- if (conf == NULL || conf->json_confs->log_driver == NULL) { ++ if (conf == NULL || conf->json_confs == NULL || conf->json_confs->log_driver == NULL) { + goto out; + } + +@@ -871,12 +871,17 @@ int conf_get_container_log_opts(isulad_daemon_configs_container_log **opts) + size_t i; + int ret = 0; + ++ if (opts == NULL) { ++ ERROR("Empty arguments"); ++ return -1; ++ } ++ + if (isulad_server_conf_rdlock() != 0) { + return -1; + } + + conf = conf_get_server_conf(); +- if (conf == NULL || conf->json_confs->container_log == NULL) { ++ if (conf == NULL || conf->json_confs == NULL || conf->json_confs->container_log == NULL) { + goto out; + } + work = conf->json_confs->container_log; +@@ -918,7 +923,7 @@ out: + } + + /* conf get image layer check flag */ +-bool conf_get_image_layer_check_flag() ++bool conf_get_image_layer_check_flag(void) + { + bool check_flag = false; + struct service_arguments *conf = NULL; +@@ -928,7 +933,7 @@ bool conf_get_image_layer_check_flag() + } + + conf = conf_get_server_conf(); +- if (conf == NULL) { ++ if (conf == NULL || conf->json_confs == NULL) { + goto out; + } + +@@ -940,7 +945,7 @@ out: + } + + /* conf get flag of use decrypted key to pull image */ +-bool conf_get_use_decrypted_key_flag() ++bool conf_get_use_decrypted_key_flag(void) + { + bool check_flag = true; + struct service_arguments *conf = NULL; +@@ -950,7 +955,7 @@ bool conf_get_use_decrypted_key_flag() + } + + conf = conf_get_server_conf(); +- if (conf == NULL || conf->json_confs->use_decrypted_key == NULL) { ++ if (conf == NULL || conf->json_confs == NULL || conf->json_confs->use_decrypted_key == NULL) { + goto out; + } + +@@ -961,7 +966,7 @@ out: + return check_flag; + } + +-bool conf_get_skip_insecure_verify_flag() ++bool conf_get_skip_insecure_verify_flag(void) + { + bool check_flag = false; + struct service_arguments *conf = NULL; +@@ -971,7 +976,7 @@ bool conf_get_skip_insecure_verify_flag() + } + + conf = conf_get_server_conf(); +- if (conf == NULL) { ++ if (conf == NULL || conf->json_confs == NULL) { + goto out; + } + +@@ -982,69 +987,86 @@ out: + return check_flag; + } + +-#define OCI_STR_ARRAY_DUP(src, dest, srclen, destlen, ret) \ +- do { \ +- if ((src) != NULL) { \ +- (dest) = util_str_array_dup((const char **)(src), (srclen)); \ +- if ((dest) == NULL) { \ +- (ret) = -1; \ +- goto out; \ +- } \ +- (destlen) = (srclen); \ +- } \ +- } while (0) +- +-#define HOOKS_ELEM_DUP_DEF(item) \ +- defs_hook *hooks_##item##_elem_dup(const defs_hook *src) \ +- { \ +- int ret = 0; \ +- defs_hook *dest = NULL; \ +- if (src == NULL) \ +- return NULL; \ +- dest = util_common_calloc_s(sizeof(defs_hook)); \ +- if (dest == NULL) \ +- return NULL; \ +- dest->path = util_strdup_s(src->path); \ +- OCI_STR_ARRAY_DUP(src->args, dest->args, src->args_len, dest->args_len, ret); \ +- OCI_STR_ARRAY_DUP(src->env, dest->env, src->env_len, dest->env_len, ret); \ +- dest->timeout = src->timeout; \ +- out: \ +- if (ret != 0 && dest != NULL) { \ +- free_defs_hook(dest); \ +- dest = NULL; \ +- } \ +- return dest; \ +- } +- +-/* HOOKS ELEM DUP DEF */ +-HOOKS_ELEM_DUP_DEF(prestart) +-/* HOOKS ELEM DUP DEF */ +-HOOKS_ELEM_DUP_DEF(poststart) +-/* HOOKS ELEM DUP DEF */ +-HOOKS_ELEM_DUP_DEF(poststop) +- +-#define HOOKS_ITEM_DUP_DEF(item) \ +- int hooks_##item##_dup(oci_runtime_spec_hooks *dest, const oci_runtime_spec_hooks *src) \ +- { \ +- int i = 0; \ +- dest->item = util_smart_calloc_s(sizeof(defs_hook *), (src->item##_len + 1)); \ +- if (dest->item == NULL) \ +- return -1; \ +- dest->item##_len = src->item##_len; \ +- for (; (size_t)i < src->item##_len; ++i) { \ +- dest->item[i] = hooks_##item##_elem_dup(src->item[i]); \ +- if (dest->item[i] == NULL) \ +- return -1; \ +- } \ +- return 0; \ +- } +- +-/* HOOKS ITEM DUP DEF */ +-HOOKS_ITEM_DUP_DEF(prestart) +-/* HOOKS ITEM DUP DEF */ +-HOOKS_ITEM_DUP_DEF(poststart) +-/* HOOKS ITEM DUP DEF */ +-HOOKS_ITEM_DUP_DEF(poststop) ++static defs_hook *hooks_elem_dup(const defs_hook *src) ++{ ++ defs_hook *dest = NULL; ++ ++ if (src == NULL) { ++ return NULL; ++ } ++ ++ dest = (defs_hook *)util_common_calloc_s(sizeof(defs_hook)); ++ if (dest == NULL) { ++ ERROR("Out of memory"); ++ return NULL; ++ } ++ ++ dest->path = util_strdup_s(src->path); ++ dest->timeout = src->timeout; ++ ++ if (src->args_len != 0) { ++ dest->args = util_str_array_dup((const char **)(src->args), src->args_len); ++ if (dest->args == NULL) { ++ ERROR("Failed to duplicate string array"); ++ goto err_out; ++ } ++ dest->args_len = src->args_len; ++ } ++ ++ if (src->env_len != 0) { ++ dest->env = util_str_array_dup((const char **)(src->env), src->env_len); ++ if (dest->env == NULL) { ++ ERROR("Failed to duplicate string array"); ++ goto err_out; ++ } ++ dest->env_len = src->env_len; ++ } ++ ++ return dest; ++ ++err_out: ++ free_defs_hook(dest); ++ return NULL; ++} ++ ++static int hooks_array_dup(const defs_hook **src, const size_t src_len, defs_hook ***dst, size_t *dst_len) ++{ ++ size_t i; ++ size_t tmp_len = 0; ++ defs_hook **tmp_dst = NULL; ++ ++ if (src_len > SIZE_MAX - 1) { ++ ERROR("Invalid hooks array length"); ++ return -1; ++ } ++ ++ tmp_dst = (defs_hook **)util_smart_calloc_s(sizeof(defs_hook *), src_len + 1); ++ if (tmp_dst == NULL) { ++ ERROR("Out of memory"); ++ return -1; ++ } ++ ++ for(i = 0; i < src_len; i++) { ++ tmp_dst[i] = hooks_elem_dup(src[i]); ++ if (tmp_dst[i] == NULL) { ++ ERROR("Failed to duplicate hooks element"); ++ goto err_out; ++ } ++ tmp_len++; ++ } ++ ++ *dst = tmp_dst; ++ *dst_len = tmp_len; ++ return 0; ++ ++err_out: ++ for(i = 0; i < tmp_len; i++) { ++ free_defs_hook(tmp_dst[i]); ++ } ++ free(tmp_dst); ++ ++ return -1; ++} + + /* hooks_dup */ + oci_runtime_spec_hooks *hooks_dup(const oci_runtime_spec_hooks *src) +@@ -1060,17 +1082,17 @@ oci_runtime_spec_hooks *hooks_dup(const oci_runtime_spec_hooks *src) + return NULL; + } + +- ret = hooks_prestart_dup(dest, src); ++ ret = hooks_array_dup((const defs_hook **)src->prestart, src->prestart_len, &dest->prestart, &dest->prestart_len); + if (ret != 0) { + goto out; + } + +- ret = hooks_poststart_dup(dest, src); ++ ret = hooks_array_dup((const defs_hook **)src->poststart, src->poststart_len, &dest->poststart, &dest->poststart_len); + if (ret != 0) { + goto out; + } + +- ret = hooks_poststop_dup(dest, src); ++ ret = hooks_array_dup((const defs_hook **)src->poststop, src->poststop_len, &dest->poststop, &dest->poststop_len); + + out: + if (ret != 0) { +@@ -1086,6 +1108,11 @@ int conf_get_isulad_hooks(oci_runtime_spec_hooks **phooks) + int ret = 0; + struct service_arguments *conf = NULL; + ++ if (phooks == NULL) { ++ ERROR("Empty arguments"); ++ return -1; ++ } ++ + if (isulad_server_conf_rdlock() != 0) { + return -1; + } +@@ -1140,7 +1167,7 @@ out: + } + + /* conf get start timeout */ +-unsigned int conf_get_start_timeout() ++unsigned int conf_get_start_timeout(void) + { + struct service_arguments *conf = NULL; + unsigned int ret = 0; +@@ -1160,7 +1187,7 @@ out: + return ret; + } + +-char *conf_get_default_runtime() ++char *conf_get_default_runtime(void) + { + struct service_arguments *conf = NULL; + char *result = NULL; +@@ -1182,7 +1209,7 @@ out: + return result; + } + +-char *conf_get_enable_plugins() ++char *conf_get_enable_plugins(void) + { + struct service_arguments *conf = NULL; + char *plugins = NULL; +@@ -1205,7 +1232,7 @@ out: + } + + #ifdef ENABLE_USERNS_REMAP +-char *conf_get_isulad_userns_remap() ++char *conf_get_isulad_userns_remap(void) + { + struct service_arguments *conf = NULL; + char *userns_remap = NULL; +@@ -1229,7 +1256,7 @@ out: + #endif + + /* conf get websocket server listening port */ +-int32_t conf_get_websocket_server_listening_port() ++int32_t conf_get_websocket_server_listening_port(void) + { + int32_t port = 0; + struct service_arguments *conf = NULL; +@@ -1239,7 +1266,7 @@ int32_t conf_get_websocket_server_listening_port() + } + + conf = conf_get_server_conf(); +- if (conf == NULL) { ++ if (conf == NULL || conf->json_confs == NULL) { + goto out; + } + +@@ -1295,6 +1322,10 @@ int set_unix_socket_group(const char *socket, const char *group) + return -1; + } + ++ if (!util_has_prefix(socket, UNIX_SOCKET_PREFIX)) { ++ ERROR("Invalid unix socket: %s", socket); ++ return -1; ++ } + path = socket + strlen(UNIX_SOCKET_PREFIX); + + if (strlen(path) > PATH_MAX || realpath(path, rpath) == NULL) { +@@ -1324,15 +1355,6 @@ out: + return ret; + } + +-#define OVERRIDE_STRING_VALUE(dst, src) \ +- do { \ +- if ((src) != NULL && strlen((src)) != 0) { \ +- free((dst)); \ +- (dst) = (src); \ +- (src) = NULL; \ +- } \ +- } while (0) +- + static int string_array_append(char **suffix, size_t suffix_len, size_t *curr_len, char ***result) + { + if (suffix_len > 0) { +@@ -1357,6 +1379,11 @@ int parse_log_opts(struct service_arguments *args, const char *key, const char * + { + int ret = -1; + ++ if (args == NULL) { ++ ERROR("Empty arguments"); ++ return -1; ++ } ++ + if (key == NULL || value == NULL) { + return 0; + } +@@ -1576,6 +1603,11 @@ int merge_json_confs_into_global(struct service_arguments *args) + parser_error err = NULL; + int ret = 0; + ++ if (args == NULL) { ++ ERROR("Empty arguments"); ++ return -1; ++ } ++ + tmp_json_confs = isulad_daemon_configs_parse_file(ISULAD_DAEMON_JSON_CONF_FILE, NULL, &err); + if (tmp_json_confs == NULL) { + COMMAND_ERROR("Load isulad json config failed: %s", err != NULL ? err : ""); +@@ -1715,7 +1747,7 @@ static bool valid_isulad_daemon_constants(isulad_daemon_constants *config) + return true; + } + +-int init_isulad_daemon_constants() ++int init_isulad_daemon_constants(void) + { + parser_error err = NULL; + int ret = 0; +@@ -1742,7 +1774,7 @@ out: + return ret; + } + +-isulad_daemon_constants *get_isulad_daemon_constants() ++isulad_daemon_constants *get_isulad_daemon_constants(void) + { + return g_isulad_daemon_constants; + } +diff --git a/src/daemon/config/isulad_config.h b/src/daemon/config/isulad_config.h +index e3ae17ca..cf0cd2a4 100644 +--- a/src/daemon/config/isulad_config.h ++++ b/src/daemon/config/isulad_config.h +@@ -36,42 +36,42 @@ struct isulad_conf { + struct service_arguments *server_conf; + }; + +-char *conf_get_isulad_pidfile(); +-char *conf_get_engine_rootpath(); ++char *conf_get_isulad_pidfile(void); ++char *conf_get_engine_rootpath(void); + char *conf_get_routine_rootdir(const char *runtime); + char *conf_get_routine_statedir(const char *runtime); +-char *conf_get_isulad_rootdir(); +-char *conf_get_isulad_statedir(); +-char *conf_get_isulad_mount_rootfs(); +-char *conf_get_isulad_engine(); +-char *conf_get_isulad_loglevel(); +-char *conf_get_isulad_logdriver(); ++char *conf_get_isulad_rootdir(void); ++char *conf_get_isulad_statedir(void); ++char *conf_get_isulad_mount_rootfs(void); ++char *conf_get_isulad_engine(void); ++char *conf_get_isulad_loglevel(void); ++char *conf_get_isulad_logdriver(void); + int conf_get_daemon_log_config(char **loglevel, char **logdriver, char **engine_log_path); +-char *conf_get_isulad_log_gather_fifo_path(); ++char *conf_get_isulad_log_gather_fifo_path(void); + + int conf_get_cgroup_cpu_rt(int64_t *cpu_rt_period, int64_t *cpu_rt_runtime); + + int conf_get_container_log_opts(isulad_daemon_configs_container_log **opts); + +-char *conf_get_isulad_log_file(); +-char *conf_get_engine_log_file(); +-char *conf_get_enable_plugins(); ++char *conf_get_isulad_log_file(void); ++char *conf_get_engine_log_file(void); ++char *conf_get_enable_plugins(void); + #ifdef ENABLE_USERNS_REMAP +-char *conf_get_isulad_userns_remap(); ++char *conf_get_isulad_userns_remap(void); + #endif +-int32_t conf_get_websocket_server_listening_port(); ++int32_t conf_get_websocket_server_listening_port(void); + + int save_args_to_conf(struct service_arguments *args); + + int set_unix_socket_group(const char *socket, const char *group); + +-int isulad_server_conf_wrlock(); ++int isulad_server_conf_wrlock(void); + +-int isulad_server_conf_rdlock(); ++int isulad_server_conf_rdlock(void); + +-int isulad_server_conf_unlock(); ++int isulad_server_conf_unlock(void); + +-struct service_arguments *conf_get_server_conf(); ++struct service_arguments *conf_get_server_conf(void); + + int get_system_cpu_usage(uint64_t *val); + +@@ -79,31 +79,31 @@ int conf_get_isulad_hooks(oci_runtime_spec_hooks **phooks); + + int conf_get_isulad_default_ulimit(host_config_ulimits_element ***ulimit); + +-unsigned int conf_get_start_timeout(); ++unsigned int conf_get_start_timeout(void); + +-char **conf_get_insecure_registry_list(); ++char **conf_get_insecure_registry_list(void); + +-char **conf_get_registry_list(); +-char *conf_get_isulad_native_umask(); ++char **conf_get_registry_list(void); ++char *conf_get_isulad_native_umask(void); + +-char *conf_get_isulad_cgroup_parent(); ++char *conf_get_isulad_cgroup_parent(void); + +-char *conf_get_default_runtime(); ++char *conf_get_default_runtime(void); + +-char *conf_get_graph_check_flag_file(); ++char *conf_get_graph_check_flag_file(void); + +-bool conf_get_image_layer_check_flag(); ++bool conf_get_image_layer_check_flag(void); + + int merge_json_confs_into_global(struct service_arguments *args); + +-bool conf_get_use_decrypted_key_flag(); +-bool conf_get_skip_insecure_verify_flag(); ++bool conf_get_use_decrypted_key_flag(void); ++bool conf_get_skip_insecure_verify_flag(void); + int parse_log_opts(struct service_arguments *args, const char *key, const char *value); + +-char *conf_get_isulad_monitor_fifo_path(); ++char *conf_get_isulad_monitor_fifo_path(void); + +-int init_isulad_daemon_constants(); +-isulad_daemon_constants *get_isulad_daemon_constants(); ++int init_isulad_daemon_constants(void); ++isulad_daemon_constants *get_isulad_daemon_constants(void); + + #ifdef __cplusplus + } +diff --git a/src/daemon/executor/container_cb/execution.c b/src/daemon/executor/container_cb/execution.c +index fe9d7aaa..f78965df 100644 +--- a/src/daemon/executor/container_cb/execution.c ++++ b/src/daemon/executor/container_cb/execution.c +@@ -915,8 +915,8 @@ static int container_kill_cb(const container_kill_request *request, container_ki + } + + if (!util_valid_signal((int)signal)) { +- isulad_set_error_message("Not supported signal %d", signal); +- ERROR("Not supported signal %d", signal); ++ isulad_set_error_message("Not supported signal %u", signal); ++ ERROR("Not supported signal %u", signal); + cc = ISULAD_ERR_EXEC; + goto pack_response; + } +diff --git a/src/daemon/executor/container_cb/execution_create.c b/src/daemon/executor/container_cb/execution_create.c +index 6097dd7e..7e0d681c 100644 +--- a/src/daemon/executor/container_cb/execution_create.c ++++ b/src/daemon/executor/container_cb/execution_create.c +@@ -739,7 +739,7 @@ out: + free(runtime_root); + free(runtime_stat); + if (ret != 0) { +- /* fail, do not use the input v2 spec and host spec, the memeory will be free by caller*/ ++ /* fail, do not use the input v2 spec and host spec, the memeory will be free by caller */ + if (cont != NULL) { + cont->common_config = NULL; + cont->hostconfig = NULL; +diff --git a/src/daemon/executor/container_cb/execution_network.c b/src/daemon/executor/container_cb/execution_network.c +index 95cfcce3..597c3d6e 100644 +--- a/src/daemon/executor/container_cb/execution_network.c ++++ b/src/daemon/executor/container_cb/execution_network.c +@@ -80,11 +80,20 @@ out: + + static int fopen_network(FILE **fp, char **file_path, const char *rootfs, const char *filename) + { ++ int64_t size = 0; ++ + if (util_realpath_in_scope(rootfs, filename, file_path) < 0) { + SYSERROR("Failed to get real path '%s' under rootfs '%s'", filename, rootfs); + isulad_set_error_message("Failed to get real path '%s' under rootfs '%s'", filename, rootfs); + return -1; + } ++ ++ size = util_file_size(*file_path); ++ if (size > REGULAR_FILE_SIZE) { ++ ERROR("Target file '%s', size exceed limit: %lld", *file_path, REGULAR_FILE_SIZE); ++ return -1; ++ } ++ + *fp = util_fopen(*file_path, "a+"); + if (*fp == NULL) { + SYSERROR("Failed to open %s", *file_path); +diff --git a/src/daemon/executor/container_cb/execution_stream.h b/src/daemon/executor/container_cb/execution_stream.h +index 227cc2c3..c0dba7d0 100644 +--- a/src/daemon/executor/container_cb/execution_stream.h ++++ b/src/daemon/executor/container_cb/execution_stream.h +@@ -1,6 +1,3 @@ +-#ifndef DAEMON_EXECUTOR_CONTAINER_CB_EXECUTION_STREAM_H +-#define DAEMON_EXECUTOR_CONTAINER_CB_EXECUTION_STREAM_H +- + /****************************************************************************** + * Copyright (c) Huawei Technologies Co., Ltd. 2017-2019. All rights reserved. + * iSulad licensed under the Mulan PSL v2. +@@ -16,6 +13,9 @@ + * Description: provide container list callback function definition + *********************************************************************************/ + ++#ifndef DAEMON_EXECUTOR_CONTAINER_CB_EXECUTION_STREAM_H ++#define DAEMON_EXECUTOR_CONTAINER_CB_EXECUTION_STREAM_H ++ + #include "callback.h" + + #ifdef __cplusplus +diff --git a/src/daemon/executor/container_cb/list.c b/src/daemon/executor/container_cb/list.c +index 026f1efb..754241fc 100644 +--- a/src/daemon/executor/container_cb/list.c ++++ b/src/daemon/executor/container_cb/list.c +@@ -166,14 +166,14 @@ static int append_ids(const map_t *matches, char ***filtered_ids) + return 0; + } + +-static int insert_matched_id(char **ids, map_t *matches, void *value, size_t ids_len) ++static int insert_matched_id(char **ids, map_t *matches, bool *value, size_t ids_len) + { + size_t i; + + for (i = 0; i < ids_len; i++) { + container_t *cont = containers_store_get_by_prefix(ids[i]); + if (cont != NULL) { +- bool inserted = map_insert(matches, cont->common_config->id, value); ++ bool inserted = map_insert(matches, (void *)cont->common_config->id, (void *)value); + container_unref(cont); + if (!inserted) { + ERROR("Insert map failed: %s", ids[i]); +diff --git a/src/daemon/executor/image_cb/image_cb.c b/src/daemon/executor/image_cb/image_cb.c +index c087a679..396e8a6e 100644 +--- a/src/daemon/executor/image_cb/image_cb.c ++++ b/src/daemon/executor/image_cb/image_cb.c +@@ -592,7 +592,7 @@ static int trans_one_image(image_list_images_response *response, size_t image_in + goto out; + } + +- if (!unix_nanos_to_timestamp(created_nanos, ×tamp) != 0) { ++ if (!unix_nanos_to_timestamp(created_nanos, ×tamp)) { + ERROR("Failed to translate nanos to timestamp"); + ret = -1; + goto out; +@@ -668,19 +668,6 @@ out: + return ret; + } + +-static im_list_request *image_list_context_new(const image_list_images_request *request) +-{ +- im_list_request *ctx = NULL; +- +- ctx = util_common_calloc_s(sizeof(im_list_request)); +- if (ctx == NULL) { +- ERROR("Out of memory"); +- return NULL; +- } +- +- return ctx; +-} +- + #ifdef ENABLE_OCI_IMAGE + struct image_list_context { + struct filters_args *image_filters; +@@ -769,11 +756,12 @@ static im_list_request *fold_filter(const image_list_images_request *request) + { + im_list_request *ctx = NULL; + +- ctx = image_list_context_new(request); ++ ctx = (im_list_request *)util_common_calloc_s(sizeof(im_list_request)); + if (ctx == NULL) { + ERROR("Out of memory"); + goto error_out; + } ++ + #ifdef ENABLE_OCI_IMAGE + size_t i; + if (request->filters == NULL) { +-- +2.40.1 + diff --git a/0127-2157-bugfix-for-memset.patch b/0127-2157-bugfix-for-memset.patch new file mode 100644 index 0000000..e37044e --- /dev/null +++ b/0127-2157-bugfix-for-memset.patch @@ -0,0 +1,25 @@ +From 306604b3a93e95b6146bf0cd75cf8c826d9ebd1c Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Tue, 29 Aug 2023 13:18:34 +0000 +Subject: [PATCH 127/145] !2157 bugfix for memset * bugfix for memset + +--- + src/daemon/modules/image/image_rootfs_handler.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/daemon/modules/image/image_rootfs_handler.c b/src/daemon/modules/image/image_rootfs_handler.c +index 990c2720..915c8a33 100644 +--- a/src/daemon/modules/image/image_rootfs_handler.c ++++ b/src/daemon/modules/image/image_rootfs_handler.c +@@ -137,7 +137,7 @@ static int proc_by_fpasswd(FILE *f_passwd, const char *user, defs_process_user * + + out: + memset(buf, 0, sizeof(buf)); +- memset(pwbufp, 0, sizeof(struct passwd)); ++ memset(&pw, 0, sizeof(struct passwd)); + return ret; + } + +-- +2.40.1 + diff --git a/0128-2159-use-macros-to-isolate-the-password-option-of-lo.patch b/0128-2159-use-macros-to-isolate-the-password-option-of-lo.patch new file mode 100644 index 0000000..0638668 --- /dev/null +++ b/0128-2159-use-macros-to-isolate-the-password-option-of-lo.patch @@ -0,0 +1,223 @@ +From d9429fd11a6da29fec87e927360521059bd5728c Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Wed, 30 Aug 2023 09:56:29 +0000 +Subject: [PATCH 128/145] !2159 use macros to isolate the password option of + login and the plugin module * use macros to isolate the password option of + login and the plugin module + +--- + cmake/options.cmake | 14 ++++++++++ + src/cmd/isula/images/login.h | 28 +++++++++++++------ + src/cmd/isulad/main.c | 2 ++ + .../executor/container_cb/execution_create.c | 2 ++ + src/daemon/modules/CMakeLists.txt | 13 +++++++-- + src/daemon/modules/api/CMakeLists.txt | 3 ++ + .../container/container_events_handler.c | 2 ++ + .../modules/service/service_container.c | 4 +++ + 8 files changed, 57 insertions(+), 11 deletions(-) + +diff --git a/cmake/options.cmake b/cmake/options.cmake +index d8b88dec..1b6caa2b 100644 +--- a/cmake/options.cmake ++++ b/cmake/options.cmake +@@ -103,6 +103,20 @@ if (ENABLE_SHIM_V2 STREQUAL "ON") + message("${Green}-- Enable shim v2 runtime${ColourReset}") + endif() + ++option(ENABLE_PLUGIN "enable plugin module" OFF) ++if (ENABLE_PLUGIN STREQUAL "ON") ++ add_definitions(-DENABLE_PLUGIN=1) ++ set(ENABLE_PLUGIN 1) ++ message("${Green}-- Enable plugin module${ColourReset}") ++endif() ++ ++option(ENABLE_LOGIN_PASSWORD_OPTION "enable login password option" ON) ++if (ENABLE_LOGIN_PASSWORD_OPTION STREQUAL "ON") ++ add_definitions(-DENABLE_LOGIN_PASSWORD_OPTION=1) ++ set(ENABLE_LOGIN_PASSWORD_OPTION 1) ++ message("${Green}-- Enable login password option${ColourReset}") ++endif() ++ + option(EANBLE_IMAGE_LIBARAY "create libisulad_image.so" ON) + if (EANBLE_IMAGE_LIBARAY STREQUAL "ON") + add_definitions(-DEANBLE_IMAGE_LIBARAY) +diff --git a/src/cmd/isula/images/login.h b/src/cmd/isula/images/login.h +index 5f9a676c..38829cba 100644 +--- a/src/cmd/isula/images/login.h ++++ b/src/cmd/isula/images/login.h +@@ -24,16 +24,28 @@ + extern "C" { + #endif + ++#ifdef ENABLE_LOGIN_PASSWORD_OPTION + #define LOGIN_OPTIONS(cmdargs) \ +- { CMD_OPT_TYPE_STRING_DUP, false, "username", 'u', &(cmdargs).username, "Username", NULL }, \ +- { CMD_OPT_TYPE_STRING_DUP, false, "password", 'p', &(cmdargs).password, "Password", NULL }, \ +- { CMD_OPT_TYPE_BOOL, \ +- false, \ +- "password-stdin", \ +- 0, \ +- &(cmdargs).password_stdin, \ +- "Take the password from stdin", \ ++ { CMD_OPT_TYPE_STRING_DUP, false, "username", 'u', &(cmdargs).username, "Username", NULL }, \ ++ { CMD_OPT_TYPE_STRING_DUP, false, "password", 'p', &(cmdargs).password, "Password", NULL }, \ ++ { CMD_OPT_TYPE_BOOL, \ ++ false, \ ++ "password-stdin", \ ++ 0, \ ++ &(cmdargs).password_stdin, \ ++ "Take the password from stdin", \ + NULL }, ++#else ++#define LOGIN_OPTIONS(cmdargs) \ ++ { CMD_OPT_TYPE_STRING_DUP, false, "username", 'u', &(cmdargs).username, "Username", NULL }, \ ++ { CMD_OPT_TYPE_BOOL, \ ++ false, \ ++ "password-stdin", \ ++ 0, \ ++ &(cmdargs).password_stdin, \ ++ "Take the password from stdin", \ ++ NULL }, ++#endif + + extern const char g_cmd_login_desc[]; + extern const char g_cmd_login_usage[]; +diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c +index 8c8fcc40..7b337358 100644 +--- a/src/cmd/isulad/main.c ++++ b/src/cmd/isulad/main.c +@@ -1623,10 +1623,12 @@ int main(int argc, char **argv) + goto failure; + } + ++#ifdef ENABLE_PLUGIN + if (start_plugin_manager()) { + msg = "Failed to init plugin_manager"; + goto failure; + } ++#endif + + clock_gettime(CLOCK_MONOTONIC, &t_end); + use_time = (double)(t_end.tv_sec - t_start.tv_sec) * (double)1000000000 + (double)(t_end.tv_nsec - t_start.tv_nsec); +diff --git a/src/daemon/executor/container_cb/execution_create.c b/src/daemon/executor/container_cb/execution_create.c +index 7e0d681c..d5e54aaf 100644 +--- a/src/daemon/executor/container_cb/execution_create.c ++++ b/src/daemon/executor/container_cb/execution_create.c +@@ -1487,6 +1487,7 @@ int container_create_cb(const container_create_request *request, container_creat + goto clean_netns; + } + ++#ifdef ENABLE_PLUGIN + /* modify oci_spec by plugin. */ + if (plugin_event_container_pre_create(id, oci_spec) != 0) { + ERROR("Plugin event pre create failed"); +@@ -1494,6 +1495,7 @@ int container_create_cb(const container_create_request *request, container_creat + cc = ISULAD_ERR_EXEC; + goto clean_netns; + } ++#endif + + host_channel = dup_host_channel(host_spec->host_channel); + if (prepare_host_channel(host_channel, host_spec->user_remap)) { +diff --git a/src/daemon/modules/CMakeLists.txt b/src/daemon/modules/CMakeLists.txt +index c5b6987c..35a5886d 100644 +--- a/src/daemon/modules/CMakeLists.txt ++++ b/src/daemon/modules/CMakeLists.txt +@@ -3,7 +3,6 @@ + aux_source_directory(${CMAKE_CURRENT_SOURCE_DIR} modules_top_srcs) + add_subdirectory(runtime) + add_subdirectory(image) +-add_subdirectory(plugin) + add_subdirectory(spec) + add_subdirectory(container) + add_subdirectory(log) +@@ -17,7 +16,6 @@ set(local_modules_srcs + ${modules_top_srcs} + ${RUNTIME_SRCS} + ${IMAGE_SRCS} +- ${PLUGIN_SRCS} + ${SPEC_SRCS} + ${MANAGER_SRCS} + ${LOG_GATHER_SRCS} +@@ -31,7 +29,6 @@ set(local_modules_incs + ${CMAKE_CURRENT_SOURCE_DIR} + ${RUNTIME_INCS} + ${IMAGE_INCS} +- ${PLUGIN_INCS} + ${SPEC_INCS} + ${MANAGER_INCS} + ${LOG_GATHER_INCS} +@@ -42,6 +39,16 @@ set(local_modules_incs + ${VOLUME_INCS} + ) + ++if (ENABLE_PLUGIN) ++ add_subdirectory(plugin) ++ list(APPEND local_modules_srcs ++ ${PLUGIN_SRCS} ++ ) ++ list(APPEND local_modules_incs ++ ${PLUGIN_INCS} ++ ) ++endif() ++ + set(MODULES_SRCS + ${local_modules_srcs} + PARENT_SCOPE +diff --git a/src/daemon/modules/api/CMakeLists.txt b/src/daemon/modules/api/CMakeLists.txt +index f577c45f..0735b25a 100644 +--- a/src/daemon/modules/api/CMakeLists.txt ++++ b/src/daemon/modules/api/CMakeLists.txt +@@ -9,3 +9,6 @@ set(MODULES_API_INCS + PARENT_SCOPE + ) + ++if (NOT ENABLE_PLUGIN) ++ list(REMOVE_ITEM MODULES_API_INCS "${CMAKE_CURRENT_SOURCE_DIR}/plugin_api.h") ++endif() +diff --git a/src/daemon/modules/container/container_events_handler.c b/src/daemon/modules/container/container_events_handler.c +index d78e6fc1..d56c2ee0 100644 +--- a/src/daemon/modules/container/container_events_handler.c ++++ b/src/daemon/modules/container/container_events_handler.c +@@ -155,7 +155,9 @@ static int container_state_changed(container_t *cont, const struct isulad_events + } else { + container_state_set_stopped(cont->state, (int)events->exit_status); + container_wait_stop_cond_broadcast(cont); ++#ifdef ENABLE_PLUGIN + plugin_event_container_post_stop(cont); ++#endif + } + + auto_remove = !should_restart && cont->hostconfig != NULL && cont->hostconfig->auto_remove; +diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c +index f278d8ab..5d8fdf6c 100644 +--- a/src/daemon/modules/service/service_container.c ++++ b/src/daemon/modules/service/service_container.c +@@ -798,12 +798,14 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo + open_stdin = cont->common_config->config->open_stdin; + } + ++#ifdef ENABLE_PLUGIN + if (plugin_event_container_pre_start(cont)) { + ERROR("Plugin event pre start failed "); + plugin_event_container_post_stop(cont); /* ignore error */ + ret = -1; + goto close_exit_fd; + } ++#endif + + create_params.bundle = bundle; + create_params.state = cont->state_path; +@@ -1257,7 +1259,9 @@ int delete_container(container_t *cont, bool force) + } + } + ++#ifdef ENABLE_PLUGIN + plugin_event_container_post_remove(cont); ++#endif + + ret = do_delete_container(cont); + if (ret != 0) { +-- +2.40.1 + diff --git a/0129-2160-Fix-nullptr-in-src-daemon-entry.patch b/0129-2160-Fix-nullptr-in-src-daemon-entry.patch new file mode 100644 index 0000000..dbc5a0a --- /dev/null +++ b/0129-2160-Fix-nullptr-in-src-daemon-entry.patch @@ -0,0 +1,1184 @@ +From bc194a04b5ae40ef900e167d19b9ae0860bcc096 Mon Sep 17 00:00:00 2001 +From: xuxuepeng +Date: Wed, 30 Aug 2023 10:05:52 +0000 +Subject: [PATCH 129/145] !2160 Fix nullptr in src/daemon/entry * Fix nullptr + in src/daemon/entry + +--- + .../connect/grpc/grpc_containers_service.cc | 130 ++++++++++++++++++ + .../entry/connect/grpc/grpc_images_service.cc | 40 ++++++ + .../connect/grpc/grpc_server_tls_auth.cc | 4 + + .../connect/grpc/grpc_volumes_service.cc | 15 ++ + .../connect/grpc/runtime_image_service.cc | 29 +++- + .../connect/grpc/runtime_runtime_service.cc | 109 ++++++++++++++- + .../entry/connect/rest/rest_service_common.c | 12 +- + .../entry/cri/cri_container_manager_service.h | 4 +- + .../cri/cri_container_manager_service_impl.cc | 18 +-- + .../cri/cri_container_manager_service_impl.h | 8 +- + .../entry/cri/cri_image_manager_service.h | 4 +- + .../cri/cri_image_manager_service_impl.cc | 12 +- + .../cri/cri_image_manager_service_impl.h | 8 +- + src/daemon/entry/cri/cri_runtime_service.h | 4 +- + .../entry/cri/cri_runtime_service_impl.cc | 4 +- + .../entry/cri/cri_runtime_service_impl.h | 4 +- + src/daemon/entry/cri/network_plugin.h | 10 +- + 17 files changed, 370 insertions(+), 45 deletions(-) + +diff --git a/src/daemon/entry/connect/grpc/grpc_containers_service.cc b/src/daemon/entry/connect/grpc/grpc_containers_service.cc +index ab762853..c31137bf 100644 +--- a/src/daemon/entry/connect/grpc/grpc_containers_service.cc ++++ b/src/daemon/entry/connect/grpc/grpc_containers_service.cc +@@ -154,6 +154,11 @@ Status ContainerServiceImpl::Version(ServerContext *context, const VersionReques + container_version_request *container_req = nullptr; + container_version_response *container_res = nullptr; + ++ if (context == nullptr || request == nullptr || reply == nullptr) { ++ ERROR("Invalid arguments"); ++ return Status(StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + prctl(PR_SET_NAME, "VersionOp"); + + auto status = GrpcServerTlsAuth::auth(context, "docker_version"); +@@ -188,6 +193,11 @@ Status ContainerServiceImpl::Info(ServerContext *context, const InfoRequest *req + host_info_request *container_req = nullptr; + host_info_response *container_res = nullptr; + ++ if (context == nullptr || request == nullptr || reply == nullptr) { ++ ERROR("Invalid arguments"); ++ return Status(StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + prctl(PR_SET_NAME, "InfoOp"); + + auto status = GrpcServerTlsAuth::auth(context, "docker_info"); +@@ -222,6 +232,11 @@ Status ContainerServiceImpl::Create(ServerContext *context, const CreateRequest + container_create_response *container_res = nullptr; + container_create_request *container_req = nullptr; + ++ if (context == nullptr || request == nullptr || reply == nullptr) { ++ ERROR("Invalid arguments"); ++ return Status(StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + prctl(PR_SET_NAME, "ContCreate"); + + auto status = GrpcServerTlsAuth::auth(context, "container_create"); +@@ -256,6 +271,11 @@ Status ContainerServiceImpl::Start(ServerContext *context, const StartRequest *r + container_start_request *req = nullptr; + container_start_response *res = nullptr; + ++ if (context == nullptr || request == nullptr || reply == nullptr) { ++ ERROR("Invalid arguments"); ++ return Status(StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + prctl(PR_SET_NAME, "ContStart"); + + auto status = GrpcServerTlsAuth::auth(context, "container_start"); +@@ -414,6 +434,11 @@ Status ContainerServiceImpl::Top(ServerContext *context, const TopRequest *reque + container_top_request *req = nullptr; + container_top_response *res = nullptr; + ++ if (context == nullptr || request == nullptr || reply == nullptr) { ++ ERROR("Invalid arguments"); ++ return Status(StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + prctl(PR_SET_NAME, "ContTop"); + + auto status = GrpcServerTlsAuth::auth(context, "container_top"); +@@ -448,6 +473,11 @@ Status ContainerServiceImpl::Stop(ServerContext *context, const StopRequest *req + container_stop_request *container_req = nullptr; + container_stop_response *container_res = nullptr; + ++ if (context == nullptr || request == nullptr || reply == nullptr) { ++ ERROR("Invalid arguments"); ++ return Status(StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + prctl(PR_SET_NAME, "ContStop"); + + auto status = GrpcServerTlsAuth::auth(context, "container_stop"); +@@ -483,6 +513,11 @@ Status ContainerServiceImpl::Restart(ServerContext *context, const RestartReques + container_restart_request *container_req = nullptr; + container_restart_response *container_res = nullptr; + ++ if (context == nullptr || request == nullptr || reply == nullptr) { ++ ERROR("Invalid arguments"); ++ return Status(StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + prctl(PR_SET_NAME, "ContRestart"); + + auto status = GrpcServerTlsAuth::auth(context, "container_restart"); +@@ -517,6 +552,11 @@ Status ContainerServiceImpl::Kill(ServerContext *context, const KillRequest *req + container_kill_request *container_req = nullptr; + container_kill_response *container_res = nullptr; + ++ if (context == nullptr || request == nullptr || reply == nullptr) { ++ ERROR("Invalid arguments"); ++ return Status(StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + prctl(PR_SET_NAME, "ContKill"); + + auto status = GrpcServerTlsAuth::auth(context, "container_kill"); +@@ -551,6 +591,11 @@ Status ContainerServiceImpl::Delete(ServerContext *context, const DeleteRequest + container_delete_request *container_req = nullptr; + container_delete_response *container_res = nullptr; + ++ if (context == nullptr || request == nullptr || reply == nullptr) { ++ ERROR("Invalid arguments"); ++ return Status(StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + prctl(PR_SET_NAME, "ContDelete"); + + auto status = GrpcServerTlsAuth::auth(context, "container_delete"); +@@ -585,6 +630,11 @@ Status ContainerServiceImpl::Exec(ServerContext *context, const ExecRequest *req + container_exec_request *container_req = nullptr; + container_exec_response *container_res = nullptr; + ++ if (context == nullptr || request == nullptr || reply == nullptr) { ++ ERROR("Invalid arguments"); ++ return Status(StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + prctl(PR_SET_NAME, "ContExec"); + + auto status = GrpcServerTlsAuth::auth(context, "container_exec_create"); +@@ -691,6 +741,11 @@ Status ContainerServiceImpl::RemoteExec(ServerContext *context, + container_exec_request *container_req = nullptr; + container_exec_response *container_res = nullptr; + ++ if (context == nullptr || stream == nullptr) { ++ ERROR("Invalid arguments"); ++ return Status(StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + prctl(PR_SET_NAME, "ContRExec"); + + auto status = GrpcServerTlsAuth::auth(context, "container_exec_create"); +@@ -767,6 +822,11 @@ Status ContainerServiceImpl::Inspect(ServerContext *context, const InspectContai + container_inspect_request *container_req = nullptr; + container_inspect_response *container_res = nullptr; + ++ if (context == nullptr || request == nullptr || reply == nullptr) { ++ ERROR("Invalid arguments"); ++ return Status(StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + prctl(PR_SET_NAME, "ContInspect"); + + Status status = GrpcServerTlsAuth::auth(context, "container_inspect"); +@@ -802,6 +862,11 @@ Status ContainerServiceImpl::List(ServerContext *context, const ListRequest *req + container_list_request *container_req = nullptr; + container_list_response *container_res = nullptr; + ++ if (context == nullptr || request == nullptr || reply == nullptr) { ++ ERROR("Invalid arguments"); ++ return Status(StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + prctl(PR_SET_NAME, "ContList"); + + auto status = GrpcServerTlsAuth::auth(context, "container_list"); +@@ -916,6 +981,11 @@ Status ContainerServiceImpl::Attach(ServerContext *context, ServerReaderWriter &init_metadata = context->client_metadata(); + auto tls_mode_kv = init_metadata.find("tls_mode"); + if (tls_mode_kv == init_metadata.end()) { +diff --git a/src/daemon/entry/connect/grpc/grpc_volumes_service.cc b/src/daemon/entry/connect/grpc/grpc_volumes_service.cc +index 8b090486..004b57b2 100644 +--- a/src/daemon/entry/connect/grpc/grpc_volumes_service.cc ++++ b/src/daemon/entry/connect/grpc/grpc_volumes_service.cc +@@ -118,6 +118,11 @@ int VolumeServiceImpl::volume_prune_response_to_grpc(volume_prune_volume_respons + + Status VolumeServiceImpl::List(ServerContext *context, const ListVolumeRequest *request, ListVolumeResponse *reply) + { ++ if (context == nullptr || request == nullptr || reply == nullptr) { ++ ERROR("Invalid arguments"); ++ return Status(StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + auto status = GrpcServerTlsAuth::auth(context, "volume_list"); + if (!status.ok()) { + return status; +@@ -152,6 +157,11 @@ Status VolumeServiceImpl::List(ServerContext *context, const ListVolumeRequest * + Status VolumeServiceImpl::Remove(ServerContext *context, const RemoveVolumeRequest *request, + RemoveVolumeResponse *reply) + { ++ if (context == nullptr || request == nullptr || reply == nullptr) { ++ ERROR("Invalid arguments"); ++ return Status(StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + auto status = GrpcServerTlsAuth::auth(context, "volume_remove"); + if (!status.ok()) { + return status; +@@ -185,6 +195,11 @@ Status VolumeServiceImpl::Remove(ServerContext *context, const RemoveVolumeReque + + Status VolumeServiceImpl::Prune(ServerContext *context, const PruneVolumeRequest *request, PruneVolumeResponse *reply) + { ++ if (context == nullptr || request == nullptr || reply == nullptr) { ++ ERROR("Invalid arguments"); ++ return Status(StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + auto status = GrpcServerTlsAuth::auth(context, "volume_prune"); + if (!status.ok()) { + return status; +diff --git a/src/daemon/entry/connect/grpc/runtime_image_service.cc b/src/daemon/entry/connect/grpc/runtime_image_service.cc +index e593a9c6..602e46fd 100644 +--- a/src/daemon/entry/connect/grpc/runtime_image_service.cc ++++ b/src/daemon/entry/connect/grpc/runtime_image_service.cc +@@ -33,6 +33,11 @@ grpc::Status RuntimeImageServiceImpl::PullImage(grpc::ServerContext *context, + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + EVENT("Event: {Object: CRI, Type: Pulling image %s}", request->image().image().c_str()); + + std::string imageRef = rService->PullImage(request->image(), request->auth(), error); +@@ -54,9 +59,14 @@ grpc::Status RuntimeImageServiceImpl::ListImages(grpc::ServerContext *context, + std::vector> images; + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + INFO("Event: {Object: CRI, Type: Listing all images}"); + +- rService->ListImages(request->filter(), &images, error); ++ rService->ListImages(request->filter(), images, error); + if (!error.Empty()) { + ERROR("{Object: CRI, Type: Failed to list all images: %s}", error.GetMessage().c_str()); + return grpc::Status(grpc::StatusCode::UNKNOWN, error.GetMessage()); +@@ -82,6 +92,11 @@ grpc::Status RuntimeImageServiceImpl::ImageStatus(grpc::ServerContext *context, + std::unique_ptr image_info = nullptr; + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + INFO("Event: {Object: CRI, Type: Statusing image %s}", request->image().image().c_str()); + + image_info = rService->ImageStatus(request->image(), error); +@@ -108,9 +123,14 @@ grpc::Status RuntimeImageServiceImpl::ImageFsInfo(grpc::ServerContext *context, + std::vector> usages; + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + INFO("Event: {Object: CRI, Type: Statusing image fs info}"); + +- rService->ImageFsInfo(&usages, error); ++ rService->ImageFsInfo(usages, error); + if (!error.Empty()) { + ERROR("{Object: CRI, Type: Failed to status image fs info: %s}", error.GetMessage().c_str()); + return grpc::Status(grpc::StatusCode::UNKNOWN, error.GetMessage()); +@@ -135,6 +155,11 @@ grpc::Status RuntimeImageServiceImpl::RemoveImage(grpc::ServerContext *context, + { + Errors error; + ++ if (request == nullptr) { ++ ERROR("Invalid arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + EVENT("Event: {Object: CRI, Type: Removing image %s}", request->image().image().c_str()); + + rService->RemoveImage(request->image(), error); +diff --git a/src/daemon/entry/connect/grpc/runtime_runtime_service.cc b/src/daemon/entry/connect/grpc/runtime_runtime_service.cc +index 451eeeef..852d6791 100644 +--- a/src/daemon/entry/connect/grpc/runtime_runtime_service.cc ++++ b/src/daemon/entry/connect/grpc/runtime_runtime_service.cc +@@ -31,6 +31,11 @@ using namespace CRI; + void RuntimeRuntimeServiceImpl::Init(Network::NetworkPluginConf mConf, isulad_daemon_configs *config, Errors &err) + { + std::string podSandboxImage; ++ if (config == nullptr) { ++ err.SetError("Invalid input arguments"); ++ ERROR("Invalid input arguments"); ++ return; ++ } + if (config->pod_sandbox_image != nullptr) { + podSandboxImage = config->pod_sandbox_image; + } else { +@@ -89,6 +94,11 @@ grpc::Status RuntimeRuntimeServiceImpl::Version(grpc::ServerContext *context, + runtime::v1alpha2::VersionResponse *reply) + { + Errors error; ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + rService->Version(request->version(), reply, error); + if (!error.Empty()) { + return grpc::Status(grpc::StatusCode::UNKNOWN, error.GetMessage()); +@@ -103,6 +113,11 @@ grpc::Status RuntimeRuntimeServiceImpl::CreateContainer(grpc::ServerContext *con + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + EVENT("Event: {Object: CRI, Type: Creating Container}"); + + std::string responseID = +@@ -124,6 +139,11 @@ grpc::Status RuntimeRuntimeServiceImpl::StartContainer(grpc::ServerContext *cont + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + EVENT("Event: {Object: CRI, Type: Starting Container: %s}", request->container_id().c_str()); + + rService->StartContainer(request->container_id(), error); +@@ -143,6 +163,11 @@ grpc::Status RuntimeRuntimeServiceImpl::StopContainer(grpc::ServerContext *conte + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + EVENT("Event: {Object: CRI, Type: Stopping Container: %s}", request->container_id().c_str()); + + rService->StopContainer(request->container_id(), (int64_t)request->timeout(), error); +@@ -162,6 +187,11 @@ grpc::Status RuntimeRuntimeServiceImpl::RemoveContainer(grpc::ServerContext *con + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + EVENT("Event: {Object: CRI, Type: Removing Container: %s}", request->container_id().c_str()); + + rService->RemoveContainer(request->container_id(), error); +@@ -181,10 +211,15 @@ grpc::Status RuntimeRuntimeServiceImpl::ListContainers(grpc::ServerContext *cont + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + INFO("Event: {Object: CRI, Type: Listing all Container}"); + + std::vector> containers; +- rService->ListContainers(request->has_filter() ? &request->filter() : nullptr, &containers, error); ++ rService->ListContainers(request->has_filter() ? &request->filter() : nullptr, containers, error); + if (!error.Empty()) { + ERROR("Object: CRI, Type: Failed to list all containers %s", error.GetMessage().c_str()); + return grpc::Status(grpc::StatusCode::UNKNOWN, error.GetMessage()); +@@ -210,10 +245,15 @@ grpc::Status RuntimeRuntimeServiceImpl::ListContainerStats(grpc::ServerContext * + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + INFO("Event: {Object: CRI, Type: Listing all Container stats}"); + + std::vector> containers; +- rService->ListContainerStats(request->has_filter() ? &request->filter() : nullptr, &containers, error); ++ rService->ListContainerStats(request->has_filter() ? &request->filter() : nullptr, containers, error); + if (!error.Empty()) { + ERROR("Object: CRI, Type: Failed to list all containers stat %s", error.GetMessage().c_str()); + return grpc::Status(grpc::StatusCode::UNKNOWN, error.GetMessage()); +@@ -239,6 +279,11 @@ grpc::Status RuntimeRuntimeServiceImpl::ContainerStats(grpc::ServerContext *cont + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + INFO("Event: {Object: CRI, Type: Getting Container Stats: %s}", request->container_id().c_str()); + + std::unique_ptr contStats = +@@ -260,6 +305,11 @@ grpc::Status RuntimeRuntimeServiceImpl::ContainerStatus(grpc::ServerContext *con + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + INFO("Event: {Object: CRI, Type: Statusing Container: %s}", request->container_id().c_str()); + + std::unique_ptr contStatus = +@@ -281,6 +331,11 @@ grpc::Status RuntimeRuntimeServiceImpl::ExecSync(grpc::ServerContext *context, + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + WARN("Event: {Object: CRI, Type: sync execing Container: %s}", request->container_id().c_str()); + + rService->ExecSync(request->container_id(), request->cmd(), request->timeout(), reply, error); +@@ -300,6 +355,11 @@ grpc::Status RuntimeRuntimeServiceImpl::RunPodSandbox(grpc::ServerContext *conte + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + EVENT("Event: {Object: CRI, Type: Running Pod}"); + + std::string responseID = rService->RunPodSandbox(request->config(), request->runtime_handler(), error); +@@ -320,6 +380,11 @@ grpc::Status RuntimeRuntimeServiceImpl::StopPodSandbox(grpc::ServerContext *cont + { + Errors error; + ++ if (request == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + EVENT("Event: {Object: CRI, Type: Stopping Pod: %s}", request->pod_sandbox_id().c_str()); + + rService->StopPodSandbox(request->pod_sandbox_id(), error); +@@ -340,6 +405,11 @@ grpc::Status RuntimeRuntimeServiceImpl::RemovePodSandbox(grpc::ServerContext *co + { + Errors error; + ++ if (request == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + EVENT("Event: {Object: CRI, Type: Removing Pod: %s}", request->pod_sandbox_id().c_str()); + + rService->RemovePodSandbox(request->pod_sandbox_id(), error); +@@ -360,6 +430,11 @@ grpc::Status RuntimeRuntimeServiceImpl::PodSandboxStatus(grpc::ServerContext *co + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + INFO("Event: {Object: CRI, Type: Status Pod: %s}", request->pod_sandbox_id().c_str()); + + std::unique_ptr podStatus; +@@ -382,6 +457,11 @@ grpc::Status RuntimeRuntimeServiceImpl::ListPodSandbox(grpc::ServerContext *cont + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + INFO("Event: {Object: CRI, Type: Listing all Pods}"); + + std::vector> pods; +@@ -411,6 +491,11 @@ RuntimeRuntimeServiceImpl::UpdateContainerResources(grpc::ServerContext *context + { + Errors error; + ++ if (request == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + WARN("Event: {Object: CRI, Type: Updating container resources: %s}", request->container_id().c_str()); + + rService->UpdateContainerResources(request->container_id(), request->linux(), error); +@@ -431,6 +516,11 @@ grpc::Status RuntimeRuntimeServiceImpl::Exec(grpc::ServerContext *context, + { + Errors error; + ++ if (request == nullptr || response == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + EVENT("Event: {Object: CRI, Type: execing Container: %s}", request->container_id().c_str()); + + rService->Exec(*request, response, error); +@@ -451,6 +541,11 @@ grpc::Status RuntimeRuntimeServiceImpl::Attach(grpc::ServerContext *context, + { + Errors error; + ++ if (request == nullptr || response == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + EVENT("Event: {Object: CRI, Type: attaching Container: %s}", request->container_id().c_str()); + + rService->Attach(*request, response, error); +@@ -472,6 +567,11 @@ RuntimeRuntimeServiceImpl::UpdateRuntimeConfig(grpc::ServerContext *context, + { + Errors error; + ++ if (request == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + EVENT("Event: {Object: CRI, Type: Updating Runtime Config}"); + + rService->UpdateRuntimeConfig(request->runtime_config(), error); +@@ -491,6 +591,11 @@ grpc::Status RuntimeRuntimeServiceImpl::Status(grpc::ServerContext *context, + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + INFO("Event: {Object: CRI, Type: Statusing daemon}"); + + std::unique_ptr status = rService->Status(error); +diff --git a/src/daemon/entry/connect/rest/rest_service_common.c b/src/daemon/entry/connect/rest/rest_service_common.c +index 54ac5c95..c4161d02 100644 +--- a/src/daemon/entry/connect/rest/rest_service_common.c ++++ b/src/daemon/entry/connect/rest/rest_service_common.c +@@ -26,7 +26,7 @@ + /* get body */ + int get_body(const evhtp_request_t *req, size_t *size_out, char **record_out) + { +- evbuf_t *buf = req->buffer_in; ++ evbuf_t *buf = NULL; + size_t read_count = 0; + size_t total = 0; + size_t content_len = 0; +@@ -34,6 +34,12 @@ int get_body(const evhtp_request_t *req, size_t *size_out, char **record_out) + char *body_p = NULL; + int ret = 0; + ++ if (req == NULL || size_out == NULL || record_out == NULL) { ++ ERROR("Invalid input arguments"); ++ return -1; ++ } ++ ++ buf = req->buffer_in; + content_len = (size_t)evbuffer_get_length(buf); + + if (content_len >= MAX_BODY_SIZE) { +@@ -81,6 +87,10 @@ empty: + /* evhtp send repsponse */ + void evhtp_send_response(evhtp_request_t *req, const char *responsedata, int rescode) + { ++ if (req == NULL || responsedata == NULL) { ++ ERROR("Invalid input arguments"); ++ return; ++ } + evhtp_headers_add_header(req->headers_out, evhtp_header_new("Content-Type", "application/json", 0, 0)); + evbuffer_add(req->buffer_out, responsedata, strlen(responsedata)); + evhtp_send_reply(req, rescode); +diff --git a/src/daemon/entry/cri/cri_container_manager_service.h b/src/daemon/entry/cri/cri_container_manager_service.h +index f362f798..b235913b 100644 +--- a/src/daemon/entry/cri/cri_container_manager_service.h ++++ b/src/daemon/entry/cri/cri_container_manager_service.h +@@ -39,11 +39,11 @@ public: + virtual void RemoveContainer(const std::string &containerID, Errors &error) = 0; + + virtual void ListContainers(const runtime::v1alpha2::ContainerFilter *filter, +- std::vector> *containers, ++ std::vector> &containers, + Errors &error) = 0; + + virtual void ListContainerStats(const runtime::v1alpha2::ContainerStatsFilter *filter, +- std::vector> *containerstats, ++ std::vector> &containerstats, + Errors &error) = 0; + + virtual auto ContainerStats(const std::string &containerID, +diff --git a/src/daemon/entry/cri/cri_container_manager_service_impl.cc b/src/daemon/entry/cri/cri_container_manager_service_impl.cc +index ed9e8e72..c358c934 100644 +--- a/src/daemon/entry/cri/cri_container_manager_service_impl.cc ++++ b/src/daemon/entry/cri/cri_container_manager_service_impl.cc +@@ -667,7 +667,7 @@ void ContainerManagerServiceImpl::ListContainersFromGRPC(const runtime::v1alpha2 + } + + void ContainerManagerServiceImpl::ListContainersToGRPC(container_list_response *response, +- std::vector> *pods, ++ std::vector> &pods, + Errors &error) + { + for (size_t i {}; i < response->containers_len; i++) { +@@ -714,12 +714,12 @@ void ContainerManagerServiceImpl::ListContainersToGRPC(container_list_response * + CRIHelpers::ContainerStatusToRuntime(Container_Status(response->containers[i]->status)); + container->set_state(state); + +- pods->push_back(move(container)); ++ pods.push_back(move(container)); + } + } + + void ContainerManagerServiceImpl::ListContainers(const runtime::v1alpha2::ContainerFilter *filter, +- std::vector> *containers, ++ std::vector> &containers, + Errors &error) + { + if (m_cb == nullptr || m_cb->container.list == nullptr) { +@@ -870,7 +870,7 @@ void ContainerManagerServiceImpl::PackContainerStatsFilesystemUsage( + + void ContainerManagerServiceImpl::ContainerStatsToGRPC( + container_stats_response *response, +- std::vector> *containerstats, Errors &error) ++ std::vector> &containerstats, Errors &error) + { + if (response == nullptr) { + return; +@@ -907,22 +907,18 @@ void ContainerManagerServiceImpl::ContainerStatsToGRPC( + container->mutable_cpu()->set_timestamp(timestamp); + } + +- containerstats->push_back(move(container)); ++ containerstats.push_back(move(container)); + } + } + + void ContainerManagerServiceImpl::ListContainerStats( + const runtime::v1alpha2::ContainerStatsFilter *filter, +- std::vector> *containerstats, Errors &error) ++ std::vector> &containerstats, Errors &error) + { + if (m_cb == nullptr || m_cb->container.stats == nullptr) { + error.SetError("Unimplemented callback"); + return; + } +- if (containerstats == nullptr) { +- error.SetError("Invalid arguments"); +- return; +- } + + container_stats_response *response { nullptr }; + container_stats_request *request = (container_stats_request *)util_common_calloc_s(sizeof(container_stats_request)); +@@ -999,7 +995,7 @@ auto ContainerManagerServiceImpl::ContainerStats(const std::string &containerID, + goto cleanup; + } + +- ContainerStatsToGRPC(response, &contStatsVec, error); ++ ContainerStatsToGRPC(response, contStatsVec, error); + if (error.NotEmpty()) { + goto cleanup; + } +diff --git a/src/daemon/entry/cri/cri_container_manager_service_impl.h b/src/daemon/entry/cri/cri_container_manager_service_impl.h +index ad53a65f..32f07456 100644 +--- a/src/daemon/entry/cri/cri_container_manager_service_impl.h ++++ b/src/daemon/entry/cri/cri_container_manager_service_impl.h +@@ -49,11 +49,11 @@ public: + void RemoveContainer(const std::string &containerID, Errors &error) override; + + void ListContainers(const runtime::v1alpha2::ContainerFilter *filter, +- std::vector> *containers, ++ std::vector> &containers, + Errors &error) override; + + void ListContainerStats(const runtime::v1alpha2::ContainerStatsFilter *filter, +- std::vector> *containerstats, ++ std::vector> &containerstats, + Errors &error) override; + + auto ContainerStats(const std::string &containerID, +@@ -102,11 +102,11 @@ private: + void ListContainersFromGRPC(const runtime::v1alpha2::ContainerFilter *filter, container_list_request **request, + Errors &error); + void ListContainersToGRPC(container_list_response *response, +- std::vector> *pods, Errors &error); ++ std::vector> &pods, Errors &error); + auto PackContainerStatsFilter(const runtime::v1alpha2::ContainerStatsFilter *filter, + container_stats_request *request, Errors &error) -> int; + void ContainerStatsToGRPC(container_stats_response *response, +- std::vector> *containerstats, ++ std::vector> &containerstats, + Errors &error); + void PackContainerStatsAttributes(const char *id, std::unique_ptr &container, + Errors &error); +diff --git a/src/daemon/entry/cri/cri_image_manager_service.h b/src/daemon/entry/cri/cri_image_manager_service.h +index b6e506d5..9b2530ab 100644 +--- a/src/daemon/entry/cri/cri_image_manager_service.h ++++ b/src/daemon/entry/cri/cri_image_manager_service.h +@@ -28,7 +28,7 @@ public: + virtual ~ImageManagerService() = default; + + virtual void ListImages(const runtime::v1alpha2::ImageFilter &filter, +- std::vector> *images, Errors &error) = 0; ++ std::vector> &images, Errors &error) = 0; + + virtual auto ImageStatus(const runtime::v1alpha2::ImageSpec &image, + Errors &error) -> std::unique_ptr = 0; +@@ -38,7 +38,7 @@ public: + + virtual void RemoveImage(const runtime::v1alpha2::ImageSpec &image, Errors &error) = 0; + +- virtual void ImageFsInfo(std::vector> *usages, ++ virtual void ImageFsInfo(std::vector> &usages, + Errors &error) = 0; + }; + } // namespace CRI +diff --git a/src/daemon/entry/cri/cri_image_manager_service_impl.cc b/src/daemon/entry/cri/cri_image_manager_service_impl.cc +index ad9e8ef1..3ff79ffc 100644 +--- a/src/daemon/entry/cri/cri_image_manager_service_impl.cc ++++ b/src/daemon/entry/cri/cri_image_manager_service_impl.cc +@@ -133,7 +133,7 @@ auto ImageManagerServiceImpl::list_request_from_grpc(const runtime::v1alpha2::Im + } + + void ImageManagerServiceImpl::list_images_to_grpc(im_list_response *response, +- std::vector> *images, ++ std::vector> &images, + Errors &error) + { + imagetool_images_list *list_images = response->images; +@@ -150,12 +150,12 @@ void ImageManagerServiceImpl::list_images_to_grpc(im_list_response *response, + + imagetool_image_summary *element = list_images->images[i]; + conv_image_to_grpc(element, image); +- images->push_back(move(image)); ++ images.push_back(move(image)); + } + } + + void ImageManagerServiceImpl::ListImages(const runtime::v1alpha2::ImageFilter &filter, +- std::vector> *images, Errors &error) ++ std::vector> &images, Errors &error) + { + im_list_request *request { nullptr }; + im_list_response *response { nullptr }; +@@ -331,7 +331,7 @@ cleanup: + } + + void ImageManagerServiceImpl::fs_info_to_grpc(im_fs_info_response *response, +- std::vector> *fs_infos, ++ std::vector> &fs_infos, + Errors & /*error*/) + { + imagetool_fs_info *got_fs_info = response->fs_info; +@@ -381,11 +381,11 @@ void ImageManagerServiceImpl::fs_info_to_grpc(im_fs_info_response *response, + fs_info->set_allocated_inodes_used(inodes_used); + } + +- fs_infos->push_back(std::move(fs_info)); ++ fs_infos.push_back(std::move(fs_info)); + } + } + +-void ImageManagerServiceImpl::ImageFsInfo(std::vector> *usages, ++void ImageManagerServiceImpl::ImageFsInfo(std::vector> &usages, + Errors &error) + { + im_fs_info_response *response { nullptr }; +diff --git a/src/daemon/entry/cri/cri_image_manager_service_impl.h b/src/daemon/entry/cri/cri_image_manager_service_impl.h +index b94f8908..edf482c9 100644 +--- a/src/daemon/entry/cri/cri_image_manager_service_impl.h ++++ b/src/daemon/entry/cri/cri_image_manager_service_impl.h +@@ -30,7 +30,7 @@ public: + virtual ~ImageManagerServiceImpl() = default; + + void ListImages(const runtime::v1alpha2::ImageFilter &filter, +- std::vector> *images, Errors &error) override; ++ std::vector> &images, Errors &error) override; + + std::unique_ptr ImageStatus(const runtime::v1alpha2::ImageSpec &image, + Errors &error) override; +@@ -40,7 +40,7 @@ public: + + void RemoveImage(const runtime::v1alpha2::ImageSpec &image, Errors &error) override; + +- void ImageFsInfo(std::vector> *usages, Errors &error) override; ++ void ImageFsInfo(std::vector> &usages, Errors &error) override; + + private: + int pull_request_from_grpc(const runtime::v1alpha2::ImageSpec *image, const runtime::v1alpha2::AuthConfig *auth, +@@ -48,7 +48,7 @@ private: + + int list_request_from_grpc(const runtime::v1alpha2::ImageFilter *filter, im_list_request **request, Errors &error); + +- void list_images_to_grpc(im_list_response *response, std::vector> *images, ++ void list_images_to_grpc(im_list_response *response, std::vector> &images, + Errors &error); + + int status_request_from_grpc(const runtime::v1alpha2::ImageSpec *image, im_summary_request **request, +@@ -57,7 +57,7 @@ private: + std::unique_ptr status_image_to_grpc(im_summary_response *response, Errors &error); + + void fs_info_to_grpc(im_fs_info_response *response, +- std::vector> *fs_infos, Errors &error); ++ std::vector> &fs_infos, Errors &error); + + int remove_request_from_grpc(const runtime::v1alpha2::ImageSpec *image, im_rmi_request **request, Errors &error); + }; +diff --git a/src/daemon/entry/cri/cri_runtime_service.h b/src/daemon/entry/cri/cri_runtime_service.h +index 5e4740cb..06674a3f 100644 +--- a/src/daemon/entry/cri/cri_runtime_service.h ++++ b/src/daemon/entry/cri/cri_runtime_service.h +@@ -43,10 +43,10 @@ public: + virtual void RemoveContainer(const std::string &containerID, Errors &error) = 0; + + virtual void ListContainers(const runtime::v1alpha2::ContainerFilter *filter, +- std::vector> *containers, Errors &error) = 0; ++ std::vector> &containers, Errors &error) = 0; + + virtual void ListContainerStats(const runtime::v1alpha2::ContainerStatsFilter *filter, +- std::vector> *containerstats, ++ std::vector> &containerstats, + Errors &error) = 0; + + virtual auto ContainerStats(const std::string &containerID, +diff --git a/src/daemon/entry/cri/cri_runtime_service_impl.cc b/src/daemon/entry/cri/cri_runtime_service_impl.cc +index e00bc6e2..3da46168 100644 +--- a/src/daemon/entry/cri/cri_runtime_service_impl.cc ++++ b/src/daemon/entry/cri/cri_runtime_service_impl.cc +@@ -48,13 +48,13 @@ void CRIRuntimeServiceImpl::RemoveContainer(const std::string &containerID, Erro + } + + void CRIRuntimeServiceImpl::ListContainers(const runtime::v1alpha2::ContainerFilter *filter, +- std::vector> *containers, Errors &error) ++ std::vector> &containers, Errors &error) + { + m_containerManager->ListContainers(filter, containers, error); + } + + void CRIRuntimeServiceImpl::ListContainerStats(const runtime::v1alpha2::ContainerStatsFilter *filter, +- std::vector> *containerstats, ++ std::vector> &containerstats, + Errors &error) + { + m_containerManager->ListContainerStats(filter, containerstats, error); +diff --git a/src/daemon/entry/cri/cri_runtime_service_impl.h b/src/daemon/entry/cri/cri_runtime_service_impl.h +index 95f1424f..0247c094 100644 +--- a/src/daemon/entry/cri/cri_runtime_service_impl.h ++++ b/src/daemon/entry/cri/cri_runtime_service_impl.h +@@ -52,10 +52,10 @@ public: + void RemoveContainer(const std::string &containerID, Errors &error) override; + + void ListContainers(const runtime::v1alpha2::ContainerFilter *filter, +- std::vector> *containers, Errors &error) override; ++ std::vector> &containers, Errors &error) override; + + void ListContainerStats(const runtime::v1alpha2::ContainerStatsFilter *filter, +- std::vector> *containerstats, ++ std::vector> &containerstats, + Errors &error) override; + + auto ContainerStats(const std::string &containerID, +diff --git a/src/daemon/entry/cri/network_plugin.h b/src/daemon/entry/cri/network_plugin.h +index 1b06ca73..c29bf248 100644 +--- a/src/daemon/entry/cri/network_plugin.h ++++ b/src/daemon/entry/cri/network_plugin.h +@@ -30,11 +30,11 @@ const std::string POD_DISABLE_DEFAULT_NET_ANNOTATION_KEY = "network.alpha.kubern + class NetworkPluginConf { + public: + /* settings for net plugin */ +- NetworkPluginConf(const std::string &dockershimRootDirectory = "/var/lib/isulad/shim", +- const std::string &pluginConfDir = "/etc/cni/net.d/", +- const std::string &pluginBinDir = "/opt/cni/bin", const std::string &pluginName = "", +- const std::string &hairpinMode = "hairpin-veth", const std::string &nonMasqueradeCIDR = "", +- int32_t mtu = 1460) ++ explicit NetworkPluginConf(const std::string &dockershimRootDirectory = "/var/lib/isulad/shim", ++ const std::string &pluginConfDir = "/etc/cni/net.d/", ++ const std::string &pluginBinDir = "/opt/cni/bin", const std::string &pluginName = "", ++ const std::string &hairpinMode = "hairpin-veth", const std::string &nonMasqueradeCIDR = "", ++ int32_t mtu = 1460) + : m_dockershimRootDirectory(dockershimRootDirectory), + m_pluginConfDir(pluginConfDir), + m_pluginBinDir(pluginBinDir), +-- +2.40.1 + diff --git a/0130-2161-bugfix-for-api-cmakelist.patch b/0130-2161-bugfix-for-api-cmakelist.patch new file mode 100644 index 0000000..4c4a165 --- /dev/null +++ b/0130-2161-bugfix-for-api-cmakelist.patch @@ -0,0 +1,25 @@ +From c7faa6e8a0c26662f8f52a24af9e73725214569f Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Thu, 31 Aug 2023 01:55:41 +0000 +Subject: [PATCH 130/145] !2161 bugfix for api cmakelist * bugfix for api + cmakelist + +--- + src/daemon/modules/api/CMakeLists.txt | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/src/daemon/modules/api/CMakeLists.txt b/src/daemon/modules/api/CMakeLists.txt +index 0735b25a..357566fa 100644 +--- a/src/daemon/modules/api/CMakeLists.txt ++++ b/src/daemon/modules/api/CMakeLists.txt +@@ -8,7 +8,3 @@ set(MODULES_API_INCS + ${CMAKE_CURRENT_SOURCE_DIR} + PARENT_SCOPE + ) +- +-if (NOT ENABLE_PLUGIN) +- list(REMOVE_ITEM MODULES_API_INCS "${CMAKE_CURRENT_SOURCE_DIR}/plugin_api.h") +-endif() +-- +2.40.1 + diff --git a/0131-2164-add-bind-mount-file-lock.patch b/0131-2164-add-bind-mount-file-lock.patch new file mode 100644 index 0000000..d6aa9ca --- /dev/null +++ b/0131-2164-add-bind-mount-file-lock.patch @@ -0,0 +1,927 @@ +From e5ebe1c840eacd84816a02a2dd3f35ab892ddf58 Mon Sep 17 00:00:00 2001 +From: zhangxiaoyu +Date: Thu, 31 Aug 2023 13:10:12 +0000 +Subject: [PATCH 131/145] !2164 add bind mount file lock * add bind mount file + lock + +--- + src/cmd/isula/stream/cp.c | 66 ++++++- + src/cmd/isulad/main.c | 51 ++++++ + src/common/constants.h | 4 + + .../executor/container_cb/execution_stream.c | 23 ++- + src/daemon/modules/image/oci/oci_export.c | 13 +- + src/daemon/modules/image/oci/oci_load.c | 13 +- + .../graphdriver/devmapper/driver_devmapper.c | 12 +- + .../graphdriver/overlay2/driver_overlay2.c | 12 +- + src/utils/tar/isulad_tar.c | 16 +- + src/utils/tar/isulad_tar.h | 4 +- + src/utils/tar/util_archive.c | 163 +++++++++++++++--- + src/utils/tar/util_archive.h | 8 +- + 12 files changed, 333 insertions(+), 52 deletions(-) + +diff --git a/src/cmd/isula/stream/cp.c b/src/cmd/isula/stream/cp.c +index f0cd99c9..b1e3bbd6 100644 +--- a/src/cmd/isula/stream/cp.c ++++ b/src/cmd/isula/stream/cp.c +@@ -73,6 +73,44 @@ static void print_copy_from_container_error(const char *ops_err, const char *arc + } + } + ++static int client_get_root_dir(const isula_connect_ops *ops, const client_connect_config_t *config, char **root_dir) ++{ ++ int ret = 0; ++ struct isula_info_request request = { 0 }; ++ struct isula_info_response *response = NULL; ++ ++ response = util_common_calloc_s(sizeof(struct isula_info_response)); ++ if (response == NULL) { ++ COMMAND_ERROR("Info: Out of memory"); ++ return -1; ++ } ++ ++ if (!ops->container.info) { ++ COMMAND_ERROR("Unimplemented info op"); ++ ret = -1; ++ goto out; ++ } ++ ++ ret = ops->container.info(&request, response, (void *)config); ++ if (ret != 0) { ++ client_print_error(response->cc, response->server_errono, response->errmsg); ++ ret = -1; ++ goto out; ++ } ++ ++ if (response->isulad_root_dir == NULL) { ++ COMMAND_ERROR("None root dir"); ++ ret = -1; ++ goto out; ++ } ++ ++ *root_dir = util_strdup_s(response->isulad_root_dir); ++ ++out: ++ isula_info_response_free(response); ++ return ret; ++} ++ + static int client_copy_from_container(const struct client_arguments *args, const char *id, const char *srcpath, + const char *destpath) + { +@@ -84,6 +122,7 @@ static int client_copy_from_container(const struct client_arguments *args, const + char *archive_err = NULL; + char *ops_err = NULL; + char *resolved = NULL; ++ char *root_dir = NULL; + struct archive_copy_info *srcinfo = NULL; + client_connect_config_t config; + +@@ -92,18 +131,24 @@ static int client_copy_from_container(const struct client_arguments *args, const + COMMAND_ERROR("Unimplemented copy from container operation"); + return -1; + } ++ config = get_connect_config(args); ++ ++ ret = client_get_root_dir(ops, &config, &root_dir); ++ if (ret != 0) { ++ return -1; ++ } + + response = util_common_calloc_s(sizeof(struct isula_copy_from_container_response)); + if (response == NULL) { + ERROR("Event: Out of memory"); +- return -1; ++ ret = -1; ++ goto out; + } + + request.id = (char *)id; + request.runtime = args->runtime; + request.srcpath = (char *)srcpath; + +- config = get_connect_config(args); + ret = ops->container.copy_from_container(&request, response, &config); + if (ret) { + ops_err = (response->errmsg != NULL) ? util_strdup_s(response->errmsg) : NULL; +@@ -125,7 +170,7 @@ static int client_copy_from_container(const struct client_arguments *args, const + srcinfo->path = util_strdup_s(srcpath); + srcinfo->isdir = S_ISDIR(response->stat->mode); + +- nret = archive_copy_to(&response->reader, srcinfo, resolved, &archive_err); ++ nret = archive_copy_to(&response->reader, srcinfo, resolved, root_dir, &archive_err); + if (nret != 0) { + ret = nret; + } +@@ -137,6 +182,7 @@ static int client_copy_from_container(const struct client_arguments *args, const + + out: + print_copy_from_container_error(ops_err, archive_err, ret, args); ++ free(root_dir); + free(resolved); + free(archive_err); + free(ops_err); +@@ -167,6 +213,7 @@ static int client_copy_to_container(const struct client_arguments *args, const c + int nret = 0; + char *archive_err = NULL; + char *resolved = NULL; ++ char *root_dir = NULL; + struct archive_copy_info *srcinfo = NULL; + struct io_read_wrapper archive_reader = { 0 }; + client_connect_config_t config = { 0 }; +@@ -176,11 +223,18 @@ static int client_copy_to_container(const struct client_arguments *args, const c + COMMAND_ERROR("Unimplemented copy to container operation"); + return -1; + } ++ config = get_connect_config(args); ++ ++ ret = client_get_root_dir(ops, &config, &root_dir); ++ if (ret != 0) { ++ return -1; ++ } + + response = util_common_calloc_s(sizeof(struct isula_copy_to_container_response)); + if (response == NULL) { + ERROR("Event: Out of memory"); +- return -1; ++ ret = -1; ++ goto out; + } + + request.id = (char *)id; +@@ -199,7 +253,7 @@ static int client_copy_to_container(const struct client_arguments *args, const c + goto out; + } + +- nret = tar_resource(srcinfo, &archive_reader, &archive_err); ++ nret = tar_resource(srcinfo, root_dir, &archive_reader, &archive_err); + if (nret != 0) { + ret = -1; + goto out; +@@ -212,7 +266,6 @@ static int client_copy_to_container(const struct client_arguments *args, const c + request.reader.read = archive_reader.read; + request.reader.close = archive_reader.close; + +- config = get_connect_config(args); + ret = ops->container.copy_to_container(&request, response, &config); + + // archive reader close if copy to container failed +@@ -223,6 +276,7 @@ static int client_copy_to_container(const struct client_arguments *args, const c + + out: + print_copy_to_container_error(response, archive_err, ret, args); ++ free(root_dir); + free(resolved); + free(archive_err); + free_archive_copy_info(srcinfo); +diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c +index 7b337358..4c057065 100644 +--- a/src/cmd/isulad/main.c ++++ b/src/cmd/isulad/main.c +@@ -72,6 +72,7 @@ + #include "utils_file.h" + #include "utils_string.h" + #include "utils_verify.h" ++#include "path.h" + #include "volume_api.h" + #ifndef DISABLE_CLEANUP + #include "leftover_cleanup_api.h" +@@ -1374,6 +1375,50 @@ out: + return ret; + } + ++static int create_mount_flock_file(const struct service_arguments *args) ++{ ++ int nret = 0; ++ int fd = -1; ++ char path[PATH_MAX] = { 0 }; ++ char cleanpath[PATH_MAX] = { 0 }; ++ ++ nret = snprintf(path, PATH_MAX, "%s/%s", args->json_confs->graph, MOUNT_FLOCK_FILE_PATH); ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { ++ ERROR("Failed to snprintf"); ++ return -1; ++ } ++ ++ if (util_clean_path(path, cleanpath, sizeof(cleanpath)) == NULL) { ++ ERROR("clean path for %s failed", path); ++ return -1; ++ } ++ ++ if (util_fileself_exists(cleanpath)) { ++ int err = 0; ++ // recreate mount flock file ++ // and make file uid/gid and permission correct ++ if (!util_force_remove_file(cleanpath, &err)) { ++ ERROR("Failed to delete %s, error: %s. Please delete %s manually.", path, strerror(err), path); ++ return -1; ++ } ++ } ++ ++ fd = util_open(cleanpath, O_RDWR | O_CREAT, MOUNT_FLOCK_FILE_MODE); ++ if (fd < 0) { ++ ERROR("Failed to create file %s", cleanpath); ++ return -1; ++ } ++ close(fd); ++ ++ nret = util_set_file_group(cleanpath, args->json_confs->group); ++ if (nret < 0) { ++ ERROR("set group of the path %s failed", cleanpath); ++ return -1; ++ } ++ ++ return 0; ++} ++ + static int isulad_server_init_service() + { + int ret = -1; +@@ -1404,6 +1449,12 @@ static int isulad_server_init_service() + goto unlock_out; + } + ++ ret = create_mount_flock_file(args); ++ if (ret != 0) { ++ ERROR("Failed to create mount flock file"); ++ goto unlock_out; ++ } ++ + unlock_out: + if (isulad_server_conf_unlock()) { + ret = -1; +diff --git a/src/common/constants.h b/src/common/constants.h +index e968d8cd..6988e25b 100644 +--- a/src/common/constants.h ++++ b/src/common/constants.h +@@ -68,6 +68,8 @@ extern "C" { + + #define DEFAULT_HIGHEST_DIRECTORY_MODE 0755 + ++#define MOUNT_FLOCK_FILE_MODE 0660 ++ + #define ISULAD_CONFIG SYSCONFDIR_PREFIX"/etc/isulad" + + #define ISULAD_DAEMON_CONTAINER_CONTEXTS ISULAD_CONFIG "/container_contexts" +@@ -119,6 +121,8 @@ extern "C" { + #define OCI_VERSION "1.0.1" + #endif + ++#define MOUNT_FLOCK_FILE_PATH "isulad-chroot-mount.flock" ++ + #define OCI_IMAGE_GRAPH_ROOTPATH_NAME "storage" + + #ifdef ENABLE_GRPC_REMOTE_CONNECT +diff --git a/src/daemon/executor/container_cb/execution_stream.c b/src/daemon/executor/container_cb/execution_stream.c +index 32721e68..244ec6a0 100644 +--- a/src/daemon/executor/container_cb/execution_stream.c ++++ b/src/daemon/executor/container_cb/execution_stream.c +@@ -62,6 +62,7 @@ + #include "utils.h" + #include "utils_file.h" + #include "utils_verify.h" ++#include "isulad_config.h" + + #if defined (__ANDROID__) || defined(__MUSL__) + #define SIG_CANCEL_SIGNAL SIGUSR1 +@@ -442,6 +443,7 @@ static int archive_and_send_copy_data(const stream_func_wrapper *stream, + char *absbase = NULL; + char *err = NULL; + char *buf = NULL; ++ char *root_dir = NULL; + char cleaned[PATH_MAX + 2] = { 0 }; + struct io_read_wrapper reader = { 0 }; + char *tar_path = NULL; +@@ -474,9 +476,15 @@ static int archive_and_send_copy_data(const stream_func_wrapper *stream, + goto cleanup; + } + ++ root_dir = conf_get_isulad_rootdir(); ++ if (root_dir == NULL) { ++ ERROR("Failed to get isulad rootdir"); ++ goto cleanup; ++ } ++ + DEBUG("archive chroot tar stream container_fs(%s) srcdir(%s) relative(%s) srcbase(%s) absbase(%s)", + container_fs, srcdir, tar_path, srcbase, absbase); +- nret = archive_chroot_tar_stream(container_fs, tar_path, srcbase, absbase, &reader); ++ nret = archive_chroot_tar_stream(container_fs, tar_path, srcbase, absbase, root_dir, &reader); + if (nret != 0) { + ERROR("Archive %s failed", resolvedpath); + goto cleanup; +@@ -504,6 +512,7 @@ cleanup: + free(srcdir); + free(srcbase); + free(absbase); ++ free(root_dir); + if (reader.close != NULL) { + int cret = reader.close(reader.context, &err); + if (err != NULL) { +@@ -776,15 +785,25 @@ static int read_and_extract_archive(stream_func_wrapper *stream, const char *con + { + int ret = -1; + char *err = NULL; ++ char *root_dir = NULL; + struct io_read_wrapper content = { 0 }; + content.context = stream; + content.read = extract_stream_to_io_read; +- ret = archive_chroot_untar_stream(&content, container_fs, dstdir_in_container, src_rebase, dst_rebase, &err); ++ ++ root_dir = conf_get_isulad_rootdir(); ++ if (root_dir == NULL) { ++ ERROR("Failed to get isulad rootdir"); ++ isulad_set_error_message("Failed to get isulad rootdir"); ++ return -1; ++ } ++ ++ ret = archive_chroot_untar_stream(&content, container_fs, dstdir_in_container, src_rebase, dst_rebase, root_dir, &err); + if (ret != 0) { + ERROR("Can not untar to container: %s", (err != NULL) ? err : "unknown"); + isulad_set_error_message("Can not untar to container: %s", (err != NULL) ? err : "unknown"); + } + free(err); ++ free(root_dir); + return ret; + } + +diff --git a/src/daemon/modules/image/oci/oci_export.c b/src/daemon/modules/image/oci/oci_export.c +index e27ed6d8..6bfcf4d5 100644 +--- a/src/daemon/modules/image/oci/oci_export.c ++++ b/src/daemon/modules/image/oci/oci_export.c +@@ -23,6 +23,7 @@ + #include "util_archive.h" + #include "path.h" + #include "utils_file.h" ++#include "isulad_config.h" + + int oci_do_export(char *id, char *file) + { +@@ -30,6 +31,7 @@ int oci_do_export(char *id, char *file) + int ret2 = 0; + char *mount_point = NULL; + char *errmsg = NULL; ++ char *root_dir = NULL; + char cleanpath[PATH_MAX] = { 0 }; + + if (id == NULL || file == NULL) { +@@ -56,7 +58,15 @@ int oci_do_export(char *id, char *file) + return -1; + } + +- ret = archive_chroot_tar(mount_point, cleanpath, &errmsg); ++ root_dir = conf_get_isulad_rootdir(); ++ if (root_dir == NULL) { ++ ERROR("Failed to get isulad rootdir"); ++ isulad_set_error_message("Failed to get isulad rootdir"); ++ ret = -1; ++ goto out; ++ } ++ ++ ret = archive_chroot_tar(mount_point, cleanpath, root_dir, &errmsg); + if (ret != 0) { + ERROR("failed to export container %s to file %s: %s", id, cleanpath, errmsg); + isulad_set_error_message("Failed to export rootfs with error: %s", errmsg); +@@ -68,6 +78,7 @@ out: + mount_point = NULL; + free(errmsg); + errmsg = NULL; ++ free(root_dir); + + ret2 = storage_rootfs_umount(id, false); + if (ret2 != 0) { +diff --git a/src/daemon/modules/image/oci/oci_load.c b/src/daemon/modules/image/oci/oci_load.c +index a5b669cd..0d450bb6 100644 +--- a/src/daemon/modules/image/oci/oci_load.c ++++ b/src/daemon/modules/image/oci/oci_load.c +@@ -42,6 +42,7 @@ + #include "utils_file.h" + #include "utils_verify.h" + #include "oci_image.h" ++#include "isulad_config.h" + + #define MANIFEST_BIG_DATA_KEY "manifest" + #define OCI_SCHEMA_VERSION 2 +@@ -1051,6 +1052,7 @@ int oci_do_load(const im_load_request *request) + char *digest = NULL; + char *dstdir = NULL; + char *err = NULL; ++ char *root_dir = NULL; + + if (request == NULL || request->file == NULL) { + ERROR("Invalid input arguments, cannot load image"); +@@ -1071,8 +1073,16 @@ int oci_do_load(const im_load_request *request) + goto out; + } + ++ root_dir = conf_get_isulad_rootdir(); ++ if (root_dir == NULL) { ++ ERROR("Failed to get isulad rootdir"); ++ isulad_try_set_error_message("Failed to get isulad rootdir"); ++ ret = -1; ++ goto out; ++ } ++ + options.whiteout_format = NONE_WHITEOUT_FORMATE; +- if (archive_unpack(&reader, dstdir, &options, &err) != 0) { ++ if (archive_unpack(&reader, dstdir, &options, root_dir, &err) != 0) { + ERROR("Failed to unpack to %s: %s", dstdir, err); + isulad_try_set_error_message("Failed to unpack to %s: %s", dstdir, err); + ret = -1; +@@ -1158,5 +1168,6 @@ out: + } + free(dstdir); + free(err); ++ free(root_dir); + return ret; + } +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c +index ca1b49df..0215fa6e 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c +@@ -33,6 +33,7 @@ + #include "utils_file.h" + #include "utils_fs.h" + #include "utils_string.h" ++#include "isulad_config.h" + + struct io_read_wrapper; + +@@ -347,6 +348,7 @@ int devmapper_apply_diff(const char *id, const struct graphdriver *driver, const + int ret = 0; + struct archive_options options = { 0 }; + char *err = NULL; ++ char *root_dir = NULL; + + if (!util_valid_str(id) || driver == NULL || content == NULL) { + ERROR("invalid argument to apply diff with id(%s)", id); +@@ -367,8 +369,15 @@ int devmapper_apply_diff(const char *id, const struct graphdriver *driver, const + goto out; + } + ++ root_dir = conf_get_isulad_rootdir(); ++ if (root_dir == NULL) { ++ ERROR("Failed to get isulad rootdir"); ++ ret = -1; ++ goto umount_out; ++ } ++ + options.whiteout_format = REMOVE_WHITEOUT_FORMATE; +- if (archive_unpack(content, layer_fs, &options, &err) != 0) { ++ if (archive_unpack(content, layer_fs, &options, root_dir, &err) != 0) { + ERROR("devmapper: failed to unpack to %s: %s", layer_fs, err); + ret = -1; + goto umount_out; +@@ -385,6 +394,7 @@ out: + free_driver_mount_opts(mount_opts); + free(layer_fs); + free(err); ++ free(root_dir); + return ret; + } + +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c +index 469a2367..510bd079 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c +@@ -45,6 +45,7 @@ + #include "utils_timestamp.h" + #include "selinux_label.h" + #include "err_msg.h" ++#include "isulad_config.h" + #ifdef ENABLE_REMOTE_LAYER_STORE + #include "ro_symlink_maintain.h" + #endif +@@ -1883,6 +1884,7 @@ int overlay2_apply_diff(const char *id, const struct graphdriver *driver, const + char *layer_diff = NULL; + struct archive_options options = { 0 }; + char *err = NULL; ++ char *root_dir = NULL; + + if (id == NULL || driver == NULL || content == NULL) { + ERROR("invalid argument"); +@@ -1916,7 +1918,14 @@ int overlay2_apply_diff(const char *id, const struct graphdriver *driver, const + } + #endif + +- ret = archive_unpack(content, layer_diff, &options, &err); ++ root_dir = conf_get_isulad_rootdir(); ++ if (root_dir == NULL) { ++ ERROR("Failed to get isulad rootdir"); ++ ret = -1; ++ goto out; ++ } ++ ++ ret = archive_unpack(content, layer_diff, &options, root_dir ,&err); + if (ret != 0) { + ERROR("Failed to unpack to %s: %s", layer_diff, err); + ret = -1; +@@ -1925,6 +1934,7 @@ int overlay2_apply_diff(const char *id, const struct graphdriver *driver, const + + out: + free(err); ++ free(root_dir); + free(layer_dir); + free(layer_diff); + #ifdef ENABLE_USERNS_REMAP +diff --git a/src/utils/tar/isulad_tar.c b/src/utils/tar/isulad_tar.c +index 709dfdd9..751616e7 100644 +--- a/src/utils/tar/isulad_tar.c ++++ b/src/utils/tar/isulad_tar.c +@@ -386,7 +386,7 @@ cleanup: + } + + int archive_copy_to(const struct io_read_wrapper *content, const struct archive_copy_info *srcinfo, +- const char *dstpath, char **err) ++ const char *dstpath, const char *root_dir, char **err) + { + int ret = -1; + struct archive_copy_info *dstinfo = NULL; +@@ -394,7 +394,7 @@ int archive_copy_to(const struct io_read_wrapper *content, const struct archive_ + char *src_base = NULL; + char *dst_base = NULL; + +- if (err == NULL || dstpath == NULL || srcinfo == NULL || content == NULL) { ++ if (err == NULL || dstpath == NULL || srcinfo == NULL || content == NULL || root_dir == NULL) { + return -1; + } + +@@ -410,7 +410,7 @@ int archive_copy_to(const struct io_read_wrapper *content, const struct archive_ + goto cleanup; + } + +- ret = archive_chroot_untar_stream(content, dstdir, ".", src_base, dst_base, err); ++ ret = archive_chroot_untar_stream(content, dstdir, ".", src_base, dst_base, root_dir, err); + + cleanup: + free_archive_copy_info(dstinfo); +@@ -420,7 +420,7 @@ cleanup: + return ret; + } + +-static int tar_resource_rebase(const char *path, const char *rebase, struct io_read_wrapper *archive_reader, char **err) ++static int tar_resource_rebase(const char *path, const char *rebase, const char *root_dir, struct io_read_wrapper *archive_reader, char **err) + { + int ret = -1; + int nret; +@@ -439,7 +439,7 @@ static int tar_resource_rebase(const char *path, const char *rebase, struct io_r + } + + DEBUG("chroot tar stream srcdir(%s) srcbase(%s) rebase(%s)", srcdir, srcbase, rebase); +- nret = archive_chroot_tar_stream(srcdir, srcbase, srcbase, rebase, archive_reader); ++ nret = archive_chroot_tar_stream(srcdir, srcbase, srcbase, rebase, root_dir, archive_reader); + if (nret < 0) { + ERROR("Can not archive path: %s", path); + goto cleanup; +@@ -451,11 +451,11 @@ cleanup: + return ret; + } + +-int tar_resource(const struct archive_copy_info *info, struct io_read_wrapper *archive_reader, char **err) ++int tar_resource(const struct archive_copy_info *info, const char *root_dir, struct io_read_wrapper *archive_reader, char **err) + { +- if (info == NULL || archive_reader == NULL || err == NULL) { ++ if (info == NULL || root_dir == NULL || archive_reader == NULL || err == NULL) { + return -1; + } + +- return tar_resource_rebase(info->path, info->rebase_name, archive_reader, err); ++ return tar_resource_rebase(info->path, info->rebase_name, root_dir, archive_reader, err); + } +diff --git a/src/utils/tar/isulad_tar.h b/src/utils/tar/isulad_tar.h +index b620fd02..61edeaae 100644 +--- a/src/utils/tar/isulad_tar.h ++++ b/src/utils/tar/isulad_tar.h +@@ -48,10 +48,10 @@ struct archive_copy_info *copy_info_source_path(const char *path, bool follow_li + char *prepare_archive_copy(const struct archive_copy_info *srcinfo, const struct archive_copy_info *dstinfo, + char **src_base, char **dst_base, char **err); + +-int tar_resource(const struct archive_copy_info *info, struct io_read_wrapper *archive_reader, char **err); ++int tar_resource(const struct archive_copy_info *info, const char *root_dir, struct io_read_wrapper *archive_reader, char **err); + + int archive_copy_to(const struct io_read_wrapper *content, const struct archive_copy_info *srcinfo, +- const char *dstpath, char **err); ++ const char *dstpath, const char *root_dir, char **err); + + #ifdef __cplusplus + } +diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c +index a9d0025b..d5dabda9 100644 +--- a/src/utils/tar/util_archive.c ++++ b/src/utils/tar/util_archive.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -78,6 +79,31 @@ static ssize_t read_content(struct archive *a, void *client_data, const void **b + return mydata->content->read(mydata->content->context, mydata->buff, sizeof(mydata->buff)); + } + ++static char *generate_flock_path(const char *root_dir) ++{ ++ int nret = 0; ++ char path[PATH_MAX] = { 0 }; ++ char cleanpath[PATH_MAX] = { 0 }; ++ ++ nret = snprintf(path, PATH_MAX, "%s/%s", root_dir, MOUNT_FLOCK_FILE_PATH); ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { ++ ERROR("Failed to snprintf"); ++ return NULL; ++ } ++ ++ if (util_clean_path(path, cleanpath, sizeof(cleanpath)) == NULL) { ++ ERROR("clean path for %s failed", path); ++ return NULL; ++ } ++ ++ if (!util_file_exists(cleanpath)) { ++ ERROR("flock file %s doesn't exist", cleanpath); ++ return NULL; ++ } ++ ++ return util_strdup_s(cleanpath); ++} ++ + static void do_disable_unneccessary_caps() + { + cap_t caps; +@@ -99,7 +125,61 @@ static void do_disable_unneccessary_caps() + cap_free(caps); + } + +-static int make_safedir_is_noexec(const char *dstdir, char **safe_dir) ++// Add flock when bind mount and make it private. ++// Because bind mount usually makes safedir shared mount point, ++// and sometimes it will cause "mount point explosion". ++// E.g. concurrently execute isula cp /tmp/ : ++static int bind_mount_with_flock(const char *flock_path, const char *dstdir, const char *tmp_dir) ++{ ++ int fd = -1; ++ int ret = -1; ++ ++ fd = open(flock_path, O_RDWR | O_CLOEXEC); ++ if (fd < 0) { ++ SYSERROR("Failed to open file %s", flock_path); ++ return -1; ++ } ++ ++ if (flock(fd, LOCK_EX) != 0) { ++ SYSERROR("Failed to lock file %s", flock_path); ++ goto out; ++ } ++ ++ if (mount(dstdir, tmp_dir, "none", MS_BIND, NULL) != 0) { ++ SYSERROR("Mount safe dir failed"); ++ goto unlock_out; ++ } ++ ++ if (mount(tmp_dir, tmp_dir, "none", MS_BIND | MS_REMOUNT | MS_NOEXEC, NULL) != 0) { ++ SYSERROR("Mount safe dir failed"); ++ if (umount(tmp_dir) != 0) { ++ SYSERROR("Failed to umount target %s", tmp_dir); ++ } ++ goto unlock_out; ++ } ++ ++ // Change the propagation type. ++ if (mount("", tmp_dir, "", MS_PRIVATE, "") != 0) { ++ SYSERROR("Failed to change the propagation type"); ++ if (umount(tmp_dir) != 0) { ++ SYSERROR("Failed to umount target %s", tmp_dir); ++ } ++ goto unlock_out; ++ } ++ ++ ret = 0; ++ ++unlock_out: ++ if (flock(fd, LOCK_UN) != 0) { ++ SYSERROR("Failed to unlock file %s", flock_path); ++ } ++ ++out: ++ close(fd); ++ return ret; ++} ++ ++static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, char **safe_dir) + { + struct stat buf; + char *isulad_tmpdir_env = NULL; +@@ -151,19 +231,8 @@ static int make_safedir_is_noexec(const char *dstdir, char **safe_dir) + return -1; + } + +- if (mount(dstdir, tmp_dir, "none", MS_BIND, NULL) != 0) { +- SYSERROR("Mount safe dir failed"); +- if (util_path_remove(tmp_dir) != 0) { +- ERROR("Failed to remove path %s", tmp_dir); +- } +- return -1; +- } +- +- if (mount(tmp_dir, tmp_dir, "none", MS_BIND | MS_REMOUNT | MS_NOEXEC, NULL) != 0) { +- SYSERROR("Mount safe dir failed"); +- if (umount(tmp_dir) != 0) { +- ERROR("Failed to umount target %s", tmp_dir); +- } ++ if (bind_mount_with_flock(flock_path, dstdir, tmp_dir) != 0) { ++ ERROR("Failed to bind mount from %s to %s with flock", dstdir, tmp_dir); + if (util_path_remove(tmp_dir) != 0) { + ERROR("Failed to remove path %s", tmp_dir); + } +@@ -718,7 +787,7 @@ static void set_child_process_pdeathsig(void) + } + + int archive_unpack(const struct io_read_wrapper *content, const char *dstdir, const struct archive_options *options, +- char **errmsg) ++ const char *root_dir, char **errmsg) + { + int ret = 0; + pid_t pid = -1; +@@ -726,12 +795,24 @@ int archive_unpack(const struct io_read_wrapper *content, const char *dstdir, co + int pipe_stderr[2] = { -1, -1 }; + char errbuf[BUFSIZ + 1] = { 0 }; + char *safe_dir = NULL; ++ char *flock_path = NULL; + +- if (make_safedir_is_noexec(dstdir, &safe_dir) != 0) { +- ERROR("Prepare safe dir failed"); ++ if (content == NULL || dstdir == NULL || options == NULL || root_dir == NULL) { + return -1; + } + ++ flock_path = generate_flock_path(root_dir); ++ if (flock_path == NULL) { ++ ERROR("Failed to generate flock path"); ++ return -1; ++ } ++ ++ if (make_safedir_is_noexec(flock_path, dstdir, &safe_dir) != 0) { ++ ERROR("Prepare safe dir failed"); ++ ret = -1; ++ goto cleanup; ++ } ++ + if (pipe2(pipe_stderr, O_CLOEXEC) != 0) { + ERROR("Failed to create pipe"); + ret = -1; +@@ -811,6 +892,7 @@ cleanup: + ERROR("Failed to remove path %s", safe_dir); + } + free(safe_dir); ++ free(flock_path); + return ret; + } + +@@ -1121,7 +1203,7 @@ static ssize_t fd_write(void *context, const void *data, size_t len) + return util_write_nointr(*(int *)context, data, len); + } + +-int archive_chroot_tar(char *path, char *file, char **errmsg) ++int archive_chroot_tar(const char *path, const char *file, const char *root_dir, char **errmsg) + { + struct io_write_wrapper pipe_context = { 0 }; + int ret = 0; +@@ -1131,12 +1213,24 @@ int archive_chroot_tar(char *path, char *file, char **errmsg) + char errbuf[BUFSIZ + 1] = { 0 }; + int fd = 0; + char *safe_dir = NULL; ++ char *flock_path = NULL; + +- if (make_safedir_is_noexec(path, &safe_dir) != 0) { +- ERROR("Prepare safe dir failed"); ++ if (path == NULL || file == NULL || root_dir == NULL) { + return -1; + } + ++ flock_path = generate_flock_path(root_dir); ++ if (flock_path == NULL) { ++ ERROR("Failed to generate flock path"); ++ return -1; ++ } ++ ++ if (make_safedir_is_noexec(flock_path, path, &safe_dir) != 0) { ++ ERROR("Prepare safe dir failed"); ++ ret = -1; ++ goto cleanup; ++ } ++ + if (pipe2(pipe_for_read, O_CLOEXEC) != 0) { + ERROR("Failed to create pipe"); + ret = -1; +@@ -1227,6 +1321,7 @@ cleanup: + ERROR("Failed to remove path %s", safe_dir); + } + free(safe_dir); ++ free(flock_path); + return ret; + } + +@@ -1347,7 +1442,7 @@ static int archive_context_close(void *context, char **err) + } + + int archive_chroot_untar_stream(const struct io_read_wrapper *context, const char *chroot_dir, const char *untar_dir, +- const char *src_base, const char *dst_base, char **errmsg) ++ const char *src_base, const char *dst_base, const char *root_dir, char **errmsg) + { + struct io_read_wrapper pipe_context = { 0 }; + int pipe_stream[2] = { -1, -1 }; +@@ -1365,12 +1460,19 @@ int archive_chroot_untar_stream(const struct io_read_wrapper *context, const cha + .dst_base = dst_base + }; + char *safe_dir = NULL; ++ char *flock_path = NULL; + +- if (make_safedir_is_noexec(chroot_dir, &safe_dir) != 0) { +- ERROR("Prepare safe dir failed"); ++ flock_path = generate_flock_path(root_dir); ++ if (flock_path == NULL) { ++ ERROR("Failed to generate flock path"); + return -1; + } + ++ if (make_safedir_is_noexec(flock_path, chroot_dir, &safe_dir) != 0) { ++ ERROR("Prepare safe dir failed"); ++ goto cleanup; ++ } ++ + if (pipe(pipe_stderr) != 0) { + ERROR("Failed to create pipe: %s", strerror(errno)); + goto cleanup; +@@ -1478,12 +1580,13 @@ cleanup: + ERROR("Failed to remove path %s", safe_dir); + } + free(safe_dir); ++ free(flock_path); + + return ret; + } + + int archive_chroot_tar_stream(const char *chroot_dir, const char *tar_path, const char *src_base, const char *dst_base, +- struct io_read_wrapper *reader) ++ const char *root_dir, struct io_read_wrapper *reader) + { + struct io_write_wrapper pipe_context = { 0 }; + int keepfds[] = { -1, -1, -1 }; +@@ -1493,12 +1596,19 @@ int archive_chroot_tar_stream(const char *chroot_dir, const char *tar_path, cons + pid_t pid; + struct archive_context *ctx = NULL; + char *safe_dir = NULL; ++ char *flock_path = NULL; + +- if (make_safedir_is_noexec(chroot_dir, &safe_dir) != 0) { +- ERROR("Prepare safe dir failed"); ++ flock_path = generate_flock_path(root_dir); ++ if (flock_path == NULL) { ++ ERROR("Failed to generate flock path"); + return -1; + } + ++ if (make_safedir_is_noexec(flock_path, chroot_dir, &safe_dir) != 0) { ++ ERROR("Prepare safe dir failed"); ++ goto free_out; ++ } ++ + if (pipe(pipe_stderr) != 0) { + ERROR("Failed to create pipe: %s", strerror(errno)); + goto free_out; +@@ -1602,6 +1712,7 @@ free_out: + close_archive_pipes_fd(pipe_stderr, 2); + close_archive_pipes_fd(pipe_stream, 2); + free(ctx); ++ free(flock_path); + if (safe_dir != NULL) { + if (umount(safe_dir) != 0) { + ERROR("Failed to umount target %s", safe_dir); +diff --git a/src/utils/tar/util_archive.h b/src/utils/tar/util_archive.h +index 9312235d..be1f2cc7 100644 +--- a/src/utils/tar/util_archive.h ++++ b/src/utils/tar/util_archive.h +@@ -49,17 +49,17 @@ struct archive_options { + }; + + int archive_unpack(const struct io_read_wrapper *content, const char *dstdir, const struct archive_options *options, +- char **errmsg); ++ const char *root_dir, char **errmsg); + + bool valid_archive_format(const char *file); + +-int archive_chroot_tar(char *path, char *file, char **errmsg); ++int archive_chroot_tar(const char *path, const char *file, const char *root_dir, char **errmsg); + + int archive_chroot_tar_stream(const char *chroot_dir, const char *tar_path, const char *src_base, +- const char *dst_base, struct io_read_wrapper *content); ++ const char *dst_base, const char *root_dir, struct io_read_wrapper *content); + int archive_chroot_untar_stream(const struct io_read_wrapper *content, const char *chroot_dir, + const char *untar_dir, const char *src_base, const char *dst_base, +- char **errmsg); ++ const char *root_dir, char **errmsg); + + #ifdef __cplusplus + } +-- +2.40.1 + diff --git a/0132-2165-preventing-the-use-of-insecure-isulad-tmpdir-di.patch b/0132-2165-preventing-the-use-of-insecure-isulad-tmpdir-di.patch new file mode 100644 index 0000000..898b483 --- /dev/null +++ b/0132-2165-preventing-the-use-of-insecure-isulad-tmpdir-di.patch @@ -0,0 +1,140 @@ +From ea8bab0c0397b24648e437c0c54de40656d82432 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Sat, 2 Sep 2023 08:56:38 +0000 +Subject: [PATCH 132/145] !2165 preventing the use of insecure isulad tmpdir + directory * preventing the use of insecure isulad tmpdir directory + +--- + src/common/constants.h | 2 + + .../container/leftover_cleanup/cleanup.c | 66 ++++++++++++++++++- + src/daemon/modules/image/oci/utils_images.c | 10 +++ + 3 files changed, 77 insertions(+), 1 deletion(-) + +diff --git a/src/common/constants.h b/src/common/constants.h +index 6988e25b..7460e169 100644 +--- a/src/common/constants.h ++++ b/src/common/constants.h +@@ -50,6 +50,8 @@ extern "C" { + + #define TEMP_DIRECTORY_MODE 0700 + ++#define ISULAD_TEMP_DIRECTORY_MODE 0660 ++ + #define CONSOLE_FIFO_DIRECTORY_MODE 0770 + + #define SOCKET_GROUP_DIRECTORY_MODE 0660 +diff --git a/src/daemon/modules/container/leftover_cleanup/cleanup.c b/src/daemon/modules/container/leftover_cleanup/cleanup.c +index c86e3db9..e17b73c1 100644 +--- a/src/daemon/modules/container/leftover_cleanup/cleanup.c ++++ b/src/daemon/modules/container/leftover_cleanup/cleanup.c +@@ -13,6 +13,8 @@ + * Description: provide cleanup functions + *********************************************************************************/ + #include ++#include ++#include + + #include "utils.h" + #include "utils_fs.h" +@@ -169,6 +171,67 @@ static bool walk_isulad_tmpdir_cb(const char *path_name, const struct dirent *su + return true; + } + ++static int isulad_tmpdir_security_check(const char *tmpdir) ++{ ++ struct stat st = { 0 }; ++ ++ if (lstat(tmpdir, &st) != 0) { ++ SYSERROR("Failed to lstat %s", tmpdir); ++ return -1; ++ } ++ ++ if (!S_ISDIR(st.st_mode)) { ++ return -1; ++ } ++ ++ if ((st.st_mode & 0777) != ISULAD_TEMP_DIRECTORY_MODE) { ++ return -1; ++ } ++ ++ if (st.st_uid != 0) { ++ return -1; ++ } ++ ++ if (S_ISLNK(st.st_mode)) { ++ return -1; ++ } ++ ++ return 0; ++} ++ ++static int recreate_tmpdir(const char *tmpdir) ++{ ++ int ret; ++ struct stat st = { 0 }; ++ ++ if (util_recursive_rmdir(tmpdir, 0)) { ++ ERROR("Failed to remove directory %s", tmpdir); ++ return -1; ++ } ++ ++ if (util_mkdir_p(tmpdir, ISULAD_TEMP_DIRECTORY_MODE)) { ++ ERROR("Failed to create directory %s", tmpdir); ++ return -1; ++ } ++ ++ if (lstat(tmpdir, &st) != 0) { ++ SYSERROR("Failed to lstat %s", tmpdir); ++ return -1; ++ } ++ ++ return ret; ++} ++ ++static int ensure_isulad_tmpdir_security(const char *tmpdir) ++{ ++ if (isulad_tmpdir_security_check(tmpdir) == 0) { ++ return 0; ++ } ++ ++ INFO("iSulad tmpdir does not meet security requirements, recreate it"); ++ return recreate_tmpdir(tmpdir); ++} ++ + static void cleanup_path(char *dir) + { + int nret; +@@ -186,7 +249,8 @@ static void cleanup_path(char *dir) + return; + } + +- if (!util_dir_exists(cleanpath)) { ++ // preventing the use of insecure isulad tmpdir directory ++ if (ensure_isulad_tmpdir_security(cleanpath) != 0) { + return; + } + +diff --git a/src/daemon/modules/image/oci/utils_images.c b/src/daemon/modules/image/oci/utils_images.c +index 22ec72df..e7131351 100644 +--- a/src/daemon/modules/image/oci/utils_images.c ++++ b/src/daemon/modules/image/oci/utils_images.c +@@ -630,6 +630,16 @@ int makesure_isulad_tmpdir_perm_right(const char *root_dir) + goto out; + } + ++ if ((st.st_mode & 0777) != TEMP_DIRECTORY_MODE) { ++ ret = -1; ++ goto out; ++ } ++ ++ if (S_ISLNK(st.st_mode)) { ++ ret = -1; ++ goto out; ++ } ++ + // chown to root + ret = lchown(isulad_tmpdir, 0, 0); + if (ret == 0 || (ret == EPERM && st.st_uid == 0 && st.st_gid == 0)) { +-- +2.40.1 + diff --git a/0133-2166-move-ensure_isulad_tmpdir_security-function-to-.patch b/0133-2166-move-ensure_isulad_tmpdir_security-function-to-.patch new file mode 100644 index 0000000..3c1d94a --- /dev/null +++ b/0133-2166-move-ensure_isulad_tmpdir_security-function-to-.patch @@ -0,0 +1,238 @@ +From 130fc2908f915328485082ce4903f06023627b36 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Sat, 2 Sep 2023 10:38:29 +0000 +Subject: [PATCH 133/145] !2166 move ensure_isulad_tmpdir_security function to + main.c * move ensure_isulad_tmpdir_security function to main.c + +--- + src/cmd/isulad/main.c | 101 ++++++++++++++++++ + .../container/leftover_cleanup/cleanup.c | 66 +----------- + src/utils/tar/util_archive.c | 2 +- + 3 files changed, 103 insertions(+), 66 deletions(-) + +diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c +index 4c057065..961a3912 100644 +--- a/src/cmd/isulad/main.c ++++ b/src/cmd/isulad/main.c +@@ -1227,6 +1227,101 @@ out: + return ret; + } + ++static int isulad_tmpdir_security_check(const char *tmp_dir) ++{ ++ struct stat st = { 0 }; ++ ++ if (lstat(tmp_dir, &st) != 0) { ++ SYSERROR("Failed to lstat %s", tmp_dir); ++ return -1; ++ } ++ ++ if (!S_ISDIR(st.st_mode)) { ++ return -1; ++ } ++ ++ if ((st.st_mode & 0777) != ISULAD_TEMP_DIRECTORY_MODE) { ++ return -1; ++ } ++ ++ if (st.st_uid != 0) { ++ return -1; ++ } ++ ++ if (S_ISLNK(st.st_mode)) { ++ return -1; ++ } ++ ++ return 0; ++} ++ ++static int recreate_tmpdir(const char *tmp_dir) ++{ ++ if (util_recursive_rmdir(tmp_dir, 0) != 0) { ++ ERROR("Failed to remove directory %s", tmp_dir); ++ return -1; ++ } ++ ++ if (util_mkdir_p(tmp_dir, ISULAD_TEMP_DIRECTORY_MODE) != 0) { ++ ERROR("Failed to create directory %s", tmp_dir); ++ return -1; ++ } ++ ++ return 0; ++} ++ ++static int do_ensure_isulad_tmpdir_security(const char *isulad_tmp_dir) ++{ ++ int nret; ++ char tmp_dir[PATH_MAX] = { 0 }; ++ char cleanpath[PATH_MAX] = { 0 }; ++ ++ nret = snprintf(tmp_dir, PATH_MAX, "%s/isulad_tmpdir", isulad_tmp_dir); ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { ++ ERROR("Failed to snprintf"); ++ return -1; ++ } ++ ++ if (util_clean_path(tmp_dir, cleanpath, sizeof(cleanpath)) == NULL) { ++ ERROR("Failed to clean path for %s", tmp_dir); ++ return -1; ++ } ++ ++ if (isulad_tmpdir_security_check(cleanpath) == 0) { ++ return 0; ++ } ++ ++ INFO("iSulad tmpdir: %s does not meet security requirements, recreate it", isulad_tmp_dir); ++ return recreate_tmpdir(cleanpath); ++} ++ ++static int ensure_isulad_tmpdir_security() ++{ ++ char *isulad_tmp_dir = NULL; ++ ++ isulad_tmp_dir = getenv("ISULAD_TMPDIR"); ++ if (!util_valid_str(isulad_tmp_dir)) { ++ isulad_tmp_dir = "/tmp"; ++ } ++ ++ if (do_ensure_isulad_tmpdir_security(isulad_tmp_dir) != 0) { ++ ERROR("Failed to ensure the %s directory is a safe directory", isulad_tmp_dir); ++ return -1; ++ } ++ ++ if (strcmp(isulad_tmp_dir, "/tmp") == 0) { ++ return 0; ++ } ++ ++ // No matter whether ISULAD_TMPDIR is set or not, ++ // ensure the "/tmp" directory is a safe directory ++ if (do_ensure_isulad_tmpdir_security("/tmp") != 0) { ++ WARN("Failed to ensure the /tmp directory is a safe directory"); ++ } ++ ++ return 0; ++} ++ + static int isulad_server_init_common() + { + int ret = -1; +@@ -1259,6 +1354,12 @@ static int isulad_server_init_common() + // because tmpdir will remove failed if chroot mount point exist under tmpdir + isulad_tmpdir_cleaner(); + ++ // preventing the use of insecure isulad tmpdir directory ++ if (ensure_isulad_tmpdir_security() != 0) { ++ ERROR("Failed to ensure isulad tmpdir security"); ++ goto out; ++ } ++ + if (volume_init(args->json_confs->graph) != 0) { + ERROR("Failed to init volume"); + goto out; +diff --git a/src/daemon/modules/container/leftover_cleanup/cleanup.c b/src/daemon/modules/container/leftover_cleanup/cleanup.c +index e17b73c1..c86e3db9 100644 +--- a/src/daemon/modules/container/leftover_cleanup/cleanup.c ++++ b/src/daemon/modules/container/leftover_cleanup/cleanup.c +@@ -13,8 +13,6 @@ + * Description: provide cleanup functions + *********************************************************************************/ + #include +-#include +-#include + + #include "utils.h" + #include "utils_fs.h" +@@ -171,67 +169,6 @@ static bool walk_isulad_tmpdir_cb(const char *path_name, const struct dirent *su + return true; + } + +-static int isulad_tmpdir_security_check(const char *tmpdir) +-{ +- struct stat st = { 0 }; +- +- if (lstat(tmpdir, &st) != 0) { +- SYSERROR("Failed to lstat %s", tmpdir); +- return -1; +- } +- +- if (!S_ISDIR(st.st_mode)) { +- return -1; +- } +- +- if ((st.st_mode & 0777) != ISULAD_TEMP_DIRECTORY_MODE) { +- return -1; +- } +- +- if (st.st_uid != 0) { +- return -1; +- } +- +- if (S_ISLNK(st.st_mode)) { +- return -1; +- } +- +- return 0; +-} +- +-static int recreate_tmpdir(const char *tmpdir) +-{ +- int ret; +- struct stat st = { 0 }; +- +- if (util_recursive_rmdir(tmpdir, 0)) { +- ERROR("Failed to remove directory %s", tmpdir); +- return -1; +- } +- +- if (util_mkdir_p(tmpdir, ISULAD_TEMP_DIRECTORY_MODE)) { +- ERROR("Failed to create directory %s", tmpdir); +- return -1; +- } +- +- if (lstat(tmpdir, &st) != 0) { +- SYSERROR("Failed to lstat %s", tmpdir); +- return -1; +- } +- +- return ret; +-} +- +-static int ensure_isulad_tmpdir_security(const char *tmpdir) +-{ +- if (isulad_tmpdir_security_check(tmpdir) == 0) { +- return 0; +- } +- +- INFO("iSulad tmpdir does not meet security requirements, recreate it"); +- return recreate_tmpdir(tmpdir); +-} +- + static void cleanup_path(char *dir) + { + int nret; +@@ -249,8 +186,7 @@ static void cleanup_path(char *dir) + return; + } + +- // preventing the use of insecure isulad tmpdir directory +- if (ensure_isulad_tmpdir_security(cleanpath) != 0) { ++ if (!util_dir_exists(cleanpath)) { + return; + } + +diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c +index d5dabda9..46621cc1 100644 +--- a/src/utils/tar/util_archive.c ++++ b/src/utils/tar/util_archive.c +@@ -217,7 +217,7 @@ static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, ch + } + + // ensure parent dir is exist +- if (util_mkdir_p(cleanpath, buf.st_mode) != 0) { ++ if (util_mkdir_p(cleanpath, ISULAD_TEMP_DIRECTORY_MODE) != 0) { + return -1; + } + +-- +2.40.1 + diff --git a/0134-2169-using-macros-to-isolate-isulad-s-enable_plugin-.patch b/0134-2169-using-macros-to-isolate-isulad-s-enable_plugin-.patch new file mode 100644 index 0000000..3d6f812 --- /dev/null +++ b/0134-2169-using-macros-to-isolate-isulad-s-enable_plugin-.patch @@ -0,0 +1,110 @@ +From 80ac71264c5f388f2d181f17ab1f14c7062aec8f Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Mon, 4 Sep 2023 08:45:55 +0000 +Subject: [PATCH 134/145] !2169 using macros to isolate isulad's enable_plugin + configuration option * using macros to isolate isulad's enable_plugin + configuration option + +--- + src/cmd/isulad/isulad_commands.h | 15 +++++++++++---- + src/common/constants.h | 2 ++ + src/daemon/config/isulad_config.c | 4 ++++ + src/daemon/config/isulad_config.h | 2 ++ + 4 files changed, 19 insertions(+), 4 deletions(-) + +diff --git a/src/cmd/isulad/isulad_commands.h b/src/cmd/isulad/isulad_commands.h +index e5bcb6c8..3b12fa3e 100644 +--- a/src/cmd/isulad/isulad_commands.h ++++ b/src/cmd/isulad/isulad_commands.h +@@ -65,6 +65,16 @@ int command_default_ulimit_append(command_option_t *option, const char *arg); + #define USERNS_REMAP_OPT(cmdargs) + #endif + ++#ifdef ENABLE_PLUGIN ++#define PLUGINS_OPT(cmdargs) \ ++ { CMD_OPT_TYPE_STRING_DUP, \ ++ false, "enable-plugins", 0, &(cmdargs)->json_confs->enable_plugins, \ ++ "Enable plugins for all containers", NULL \ ++ }, ++#else ++#define PLUGINS_OPT(cmdargs) ++#endif ++ + #ifdef ENABLE_GRPC_REMOTE_CONNECT + #define ISULAD_TLS_OPTIONS(cmdargs) \ + { CMD_OPT_TYPE_STRING_DUP, \ +@@ -314,10 +324,7 @@ int command_default_ulimit_append(command_option_t *option, const char *arg); + false, "cpu-rt-runtime", 0, &(cmdargs)->json_confs->cpu_rt_runtime, \ + "Limit CPU real-time runtime in microseconds for all containers", command_convert_llong \ + }, \ +- { CMD_OPT_TYPE_STRING_DUP, \ +- false, "enable-plugins", 0, &(cmdargs)->json_confs->enable_plugins, \ +- "Enable plugins for all containers", NULL \ +- }, \ ++ PLUGINS_OPT(cmdargs) \ + { CMD_OPT_TYPE_CALLBACK, \ + false, "cri-runtime", 0, (cmdargs), \ + "CRI runtime class transform", server_callback_cri_runtime \ +diff --git a/src/common/constants.h b/src/common/constants.h +index 7460e169..efb2951a 100644 +--- a/src/common/constants.h ++++ b/src/common/constants.h +@@ -134,9 +134,11 @@ extern "C" { + + #define AUTH_PLUGIN "authz-broker" + ++#ifdef ENABLE_PLUGIN + #define ISULAD_ENABLE_PLUGINS "ISULAD_ENABLE_PLUGINS" + #define ISULAD_ENABLE_PLUGINS_SEPERATOR "," + #define ISULAD_ENABLE_PLUGINS_SEPERATOR_CHAR ',' ++#endif + + #ifdef ENABLE_SHIM_V2 + #define SHIM_V2_LOG "/log" +diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c +index c9e64617..0e389dd1 100644 +--- a/src/daemon/config/isulad_config.c ++++ b/src/daemon/config/isulad_config.c +@@ -1209,6 +1209,7 @@ out: + return result; + } + ++#ifdef ENABLE_PLUGIN + char *conf_get_enable_plugins(void) + { + struct service_arguments *conf = NULL; +@@ -1230,6 +1231,7 @@ out: + (void)isulad_server_conf_unlock(); + return plugins; + } ++#endif + + #ifdef ENABLE_USERNS_REMAP + char *conf_get_isulad_userns_remap(void) +@@ -1634,7 +1636,9 @@ int merge_json_confs_into_global(struct service_arguments *args) + // iSulad runtime execution options + override_string_value(&args->json_confs->engine, &tmp_json_confs->engine); + override_string_value(&args->json_confs->hook_spec, &tmp_json_confs->hook_spec); ++#ifdef ENABLE_PLUGIN + override_string_value(&args->json_confs->enable_plugins, &tmp_json_confs->enable_plugins); ++#endif + #ifdef ENABLE_USERNS_REMAP + override_string_value(&args->json_confs->userns_remap, &tmp_json_confs->userns_remap); + #endif +diff --git a/src/daemon/config/isulad_config.h b/src/daemon/config/isulad_config.h +index cf0cd2a4..397da8a4 100644 +--- a/src/daemon/config/isulad_config.h ++++ b/src/daemon/config/isulad_config.h +@@ -55,7 +55,9 @@ int conf_get_container_log_opts(isulad_daemon_configs_container_log **opts); + + char *conf_get_isulad_log_file(void); + char *conf_get_engine_log_file(void); ++#ifdef ENABLE_PLUGIN + char *conf_get_enable_plugins(void); ++#endif + #ifdef ENABLE_USERNS_REMAP + char *conf_get_isulad_userns_remap(void); + #endif +-- +2.40.1 + diff --git a/0135-mask-proxy-informations.patch b/0135-mask-proxy-informations.patch new file mode 100644 index 0000000..70ad449 --- /dev/null +++ b/0135-mask-proxy-informations.patch @@ -0,0 +1,123 @@ +From fe0a25f97571b6f568a80c554a0f678fd866d9f5 Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Mon, 4 Sep 2023 15:19:36 +0800 +Subject: [PATCH 135/145] mask proxy informations + +Signed-off-by: haozi007 +--- + .../container_cb/execution_information.c | 86 ++++++++++++++++--- + 1 file changed, 74 insertions(+), 12 deletions(-) + +diff --git a/src/daemon/executor/container_cb/execution_information.c b/src/daemon/executor/container_cb/execution_information.c +index 144daebf..6d9521ec 100644 +--- a/src/daemon/executor/container_cb/execution_information.c ++++ b/src/daemon/executor/container_cb/execution_information.c +@@ -181,24 +181,83 @@ out: + static int get_proxy_env(char **proxy, const char *type) + { + int ret = 0; +- char *tmp = NULL; +- +- *proxy = getenv(type); +- if (*proxy == NULL) { +- tmp = util_strings_to_upper(type); ++ int nret; ++ char *tmp_proxy = NULL; ++ char *col_pos = NULL; ++ char *at_pos = NULL; ++ size_t proxy_len; ++ const char *mask_str = "//xxxx:xxxx"; ++ ++ tmp_proxy = getenv(type); ++ if (tmp_proxy == NULL) { ++ char *tmp = util_strings_to_upper(type); + if (tmp == NULL) { + ERROR("Failed to upper string!"); +- ret = -1; +- goto out; +- } +- *proxy = getenv(tmp); +- if (*proxy == NULL) { +- *proxy = ""; ++ return -1; + } ++ tmp_proxy = getenv(tmp); ++ free(tmp); ++ } ++ ++ if (tmp_proxy == NULL) { ++ return 0; ++ } ++ ++ if (strlen(tmp_proxy) >= PATH_MAX) { ++ ERROR("Too long proxy string."); ++ return -1; ++ } ++ tmp_proxy = util_strdup_s(tmp_proxy); ++ ++ if (strcmp(NO_PROXY, type) == 0) { ++ *proxy = tmp_proxy; ++ return 0; ++ } ++ ++ // mask username and password of proxy ++ col_pos = strchr(tmp_proxy, ':'); ++ if (col_pos == NULL) { ++ ERROR("Invalid proxy."); ++ ret = -1; ++ goto out; ++ } ++ at_pos = strrchr(tmp_proxy, '@'); ++ if (at_pos == NULL) { ++ // no '@', represent no user information in proxy, ++ // just return original proxy ++ *proxy = tmp_proxy; ++ return 0; ++ } ++ ++ // first colon position must before than at position ++ if ((at_pos - col_pos) < 0) { ++ ret = -1; ++ goto out; + } + ++ // proxy with userinfo format like: 'http://xxx:xxx@xxxx.com' ++ // so masked proxy length = len(proxy) - (pos(@) - pos(:) + 1) + len(mask-str) + '\0' ++ proxy_len = strlen(tmp_proxy); ++ proxy_len -= (at_pos - tmp_proxy); ++ proxy_len += (col_pos - tmp_proxy) + 1; ++ proxy_len += strlen(mask_str) + 1; ++ *proxy = util_common_calloc_s(proxy_len); ++ if (*proxy == NULL) { ++ ERROR("Out of memory"); ++ ret = -1; ++ goto out; ++ } ++ *col_pos = '\0'; ++ nret = snprintf(*proxy, proxy_len, "%s:%s%s", tmp_proxy, mask_str, at_pos); ++ if (nret < 0 || nret >= proxy_len) { ++ ret = -1; ++ free(*proxy); ++ *proxy = NULL; ++ goto out; ++ } ++ + out: +- free(tmp); ++ util_free_sensitive_string(tmp_proxy); + return ret; + } + +@@ -345,6 +404,9 @@ static int isulad_info_cb(const host_info_request *request, host_info_response * + #endif + + pack_response: ++ free(http_proxy); ++ free(https_proxy); ++ free(no_proxy); + if (*response != NULL) { + (*response)->cc = cc; + } +-- +2.40.1 + diff --git a/0136-add-testcase-for-isula-info.patch b/0136-add-testcase-for-isula-info.patch new file mode 100644 index 0000000..e095c99 --- /dev/null +++ b/0136-add-testcase-for-isula-info.patch @@ -0,0 +1,115 @@ +From b02b5b173f326ae9052b7e26e042c6c0c3a8e9ae Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Mon, 4 Sep 2023 17:13:13 +0800 +Subject: [PATCH 136/145] add testcase for isula info + +Signed-off-by: haozi007 +--- + CI/test_cases/container_cases/info.sh | 95 +++++++++++++++++++++++++++ + 1 file changed, 95 insertions(+) + create mode 100755 CI/test_cases/container_cases/info.sh + +diff --git a/CI/test_cases/container_cases/info.sh b/CI/test_cases/container_cases/info.sh +new file mode 100755 +index 00000000..e6c03a49 +--- /dev/null ++++ b/CI/test_cases/container_cases/info.sh +@@ -0,0 +1,95 @@ ++#!/bin/bash ++# ++# attributes: isula info operator ++# concurrent: YES ++# spend time: 1 ++ ++####################################################################### ++##- Copyright (c) Huawei Technologies Co., Ltd. 2023. All rights reserved. ++# - iSulad licensed under the Mulan PSL v2. ++# - You can use this software according to the terms and conditions of the Mulan PSL v2. ++# - You may obtain a copy of Mulan PSL v2 at: ++# - http://license.coscl.org.cn/MulanPSL2 ++# - THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++# - IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++# - PURPOSE. ++# - See the Mulan PSL v2 for more details. ++##- @Description:CI ++##- @Author: haozi007 ++##- @Create: 2023-09-04 ++####################################################################### ++ ++curr_path=$(dirname $(readlink -f "$0")) ++data_path=$(realpath $curr_path/../data) ++source ../helpers.sh ++ ++function do_test_t() ++{ ++ check_valgrind_log ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++)) ++ export http_proxy="http://test:123456@testproxy.com" ++ export https_proxy="http://test:123456@testproxy.com" ++ export no_proxy="127.0.0.1" ++ start_isulad_with_valgrind ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++)) ++ isula info | grep "Http Proxy" | grep "http://xxxx:xxxx@testproxy.com" ++ fn_check_eq "$?" "0" "check http proxy failed" ++ isula info | grep "Https Proxy" | grep "http://xxxx:xxxx@testproxy.com" ++ fn_check_eq "$?" "0" "check https proxy failed" ++ isula info | grep "No Proxy" | grep "127.0.0.1" ++ fn_check_eq "$?" "0" "check no proxy failed" ++ ++ check_valgrind_log ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++)) ++ export http_proxy="https://example.com" ++ export no_proxy="127.0.0.1" ++ start_isulad_with_valgrind ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++)) ++ isula info | grep "Http Proxy" | grep "https://example.com" ++ fn_check_eq "$?" "0" "check http proxy failed" ++ isula info | grep "No Proxy" | grep "127.0.0.1" ++ fn_check_eq "$?" "0" "check no proxy failed" ++ ++ check_valgrind_log ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++)) ++ export http_proxy="http//abc.com" ++ export no_proxy="127.0.0.1:localhost" ++ start_isulad_with_valgrind ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++)) ++ isula info | grep "Http Proxy" ++ fn_check_ne "$?" "0" "check http proxy failed" ++ isula info | grep "No Proxy" ++ fn_check_ne "$?" "0" "check no proxy failed" ++ ++ check_valgrind_log ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++)) ++ export http_proxy="http//xxxx@abc:abc.com" ++ export no_proxy="127.0.0.1" ++ start_isulad_with_valgrind ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++)) ++ isula info | grep "Http Proxy" ++ fn_check_ne "$?" "0" "check http proxy failed" ++ isula info | grep "No Proxy" ++ fn_check_ne "$?" "0" "check no proxy failed" ++ ++ check_valgrind_log ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++)) ++ unset https_proxy http_proxy no_proxy ++ start_isulad_with_valgrind ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++)) ++ isula info | grep "Http Proxy" ++ fn_check_ne "$?" "0" "check http proxy failed" ++ isula info | grep "No Proxy" ++ fn_check_ne "$?" "0" "check no proxy failed" ++ ++ return $TC_RET_T ++} ++ ++ret=0 ++ ++do_test_t ++if [ $? -ne 0 ];then ++ let "ret=$ret + 1" ++fi ++ ++show_result $ret "basic info" +-- +2.40.1 + diff --git a/0137-2172-remove-unneccessary-strerror.patch b/0137-2172-remove-unneccessary-strerror.patch new file mode 100644 index 0000000..27ba8e2 --- /dev/null +++ b/0137-2172-remove-unneccessary-strerror.patch @@ -0,0 +1,2374 @@ +From 4cf70f7ceba532c7b8ad9142744fdb21baf390f2 Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Tue, 5 Sep 2023 11:38:58 +0000 +Subject: [PATCH 137/145] !2172 remove unneccessary strerror * remove + unneccessary strerror + +--- + src/cmd/isula/base/start.c | 2 +- + src/cmd/isula/images/images.c | 2 +- + src/cmd/isula/isula_host_spec.c | 2 +- + src/cmd/isula/stream/exec.c | 4 +- + src/cmd/isulad/main.c | 22 ++-- + src/daemon/common/sysinfo.c | 10 +- + src/daemon/entry/connect/grpc/grpc_service.cc | 2 +- + src/daemon/entry/connect/rest/rest_service.c | 4 +- + .../cri_pod_sandbox_manager_service_impl.cc | 2 +- + .../entry/cri/websocket/service/ws_server.cc | 8 +- + src/daemon/executor/container_cb/execution.c | 8 +- + .../executor/container_cb/execution_stream.c | 20 +-- + .../container/container_gc/containers_gc.c | 4 +- + src/daemon/modules/container/container_unix.c | 2 +- + .../container/leftover_cleanup/cleanup.c | 2 +- + .../modules/container/supervisor/supervisor.c | 6 +- + src/daemon/modules/events/monitord.c | 8 +- + .../modules/events_sender/event_sender.c | 2 +- + .../modules/image/embedded/db/sqlite_common.c | 2 +- + src/daemon/modules/image/external/ext_image.c | 2 +- + .../modules/image/image_rootfs_handler.c | 4 +- + src/daemon/modules/image/oci/oci_load.c | 2 +- + .../modules/image/oci/registry/registry.c | 11 +- + .../graphdriver/devmapper/deviceset.c | 10 +- + .../graphdriver/devmapper/wrapper_devmapper.c | 4 +- + .../oci/storage/layer_store/layer_store.c | 10 +- + .../modules/image/oci/storage/storage.c | 2 +- + src/daemon/modules/image/oci/utils_images.c | 6 +- + src/daemon/modules/log/log_gather.c | 4 +- + .../modules/runtime/engines/lcr/lcr_rt_ops.c | 6 +- + .../modules/runtime/isula/isula_rt_ops.c | 10 +- + src/daemon/modules/runtime/shim/shim_rt_ops.c | 4 +- + src/daemon/modules/service/io_handler.c | 4 +- + .../modules/service/network_namespace_api.c | 2 +- + .../modules/service/service_container.c | 15 ++- + src/daemon/modules/spec/specs.c | 2 +- + src/daemon/modules/spec/specs_mount.c | 4 +- + src/daemon/modules/spec/verify.c | 6 +- + src/daemon/modules/volume/local.c | 12 +- + src/utils/console/console.c | 14 +-- + src/utils/cutils/path.c | 4 +- + src/utils/cutils/utils.c | 10 +- + src/utils/cutils/utils_aes.c | 16 +-- + src/utils/cutils/utils_base64.c | 4 +- + src/utils/cutils/utils_file.c | 84 ++++++------- + src/utils/cutils/utils_fs.c | 12 +- + src/utils/cutils/utils_verify.c | 2 +- + src/utils/http/http.c | 2 +- + src/utils/sha256/sha256.c | 8 +- + src/utils/tar/isulad_tar.c | 12 +- + src/utils/tar/util_archive.c | 118 ++++++++---------- + src/utils/tar/util_gzip.c | 12 +- + 52 files changed, 256 insertions(+), 274 deletions(-) + +diff --git a/src/cmd/isula/base/start.c b/src/cmd/isula/base/start.c +index ca3634e1..1d0f1256 100644 +--- a/src/cmd/isula/base/start.c ++++ b/src/cmd/isula/base/start.c +@@ -200,7 +200,7 @@ void client_wait_fifo_exit(const struct client_arguments *args) + void client_restore_console(bool reset_tty, const struct termios *oldtios, struct command_fifo_config *console_fifos) + { + if (reset_tty && tcsetattr(0, TCSAFLUSH, oldtios) < 0) { +- WARN("Failed to reset terminal properties: %s.", strerror(errno)); ++ SYSWARN("Failed to reset terminal properties."); + } + free_command_fifo_config(console_fifos); + sem_destroy(&g_console_waitopen_sem); +diff --git a/src/cmd/isula/images/images.c b/src/cmd/isula/images/images.c +index bff07f76..bd9dc18b 100644 +--- a/src/cmd/isula/images/images.c ++++ b/src/cmd/isula/images/images.c +@@ -65,7 +65,7 @@ static char *trans_time(int64_t created) + time_t created_time = (time_t)created; + + if (!localtime_r(&created_time, &t)) { +- ERROR("translate time for created failed: %s", strerror(errno)); ++ SYSERROR("translate time for created failed."); + return NULL; + } + +diff --git a/src/cmd/isula/isula_host_spec.c b/src/cmd/isula/isula_host_spec.c +index 7304130d..bbcf50de 100644 +--- a/src/cmd/isula/isula_host_spec.c ++++ b/src/cmd/isula/isula_host_spec.c +@@ -753,7 +753,7 @@ uint64_t get_proc_mem_size(const char *item) + + fp = util_fopen("/proc/meminfo", "r"); + if (fp == NULL) { +- ERROR("Failed to open /proc/meminfo: %s", strerror(errno)); ++ SYSERROR("Failed to open /proc/meminfo"); + return sysmem_limit; + } + +diff --git a/src/cmd/isula/stream/exec.c b/src/cmd/isula/stream/exec.c +index bd8bd49a..209610be 100644 +--- a/src/cmd/isula/stream/exec.c ++++ b/src/cmd/isula/stream/exec.c +@@ -356,7 +356,7 @@ static int remote_cmd_exec(const struct client_arguments *args, uint32_t *exit_c + + out: + if (reset_tty && tcsetattr(0, TCSAFLUSH, &oldtios) < 0) { +- WARN("Failed to reset terminal properties: %s.", strerror(errno)); ++ SYSWARN("Failed to reset terminal properties."); + } + if (response->exit_code != 0) { + *exit_code = response->exit_code; +@@ -387,7 +387,7 @@ out: + sem_destroy(&g_command_waitopen_sem); + sem_destroy(&g_command_waitexit_sem); + if (reset_tty && tcsetattr(0, TCSAFLUSH, &oldtios) < 0) { +- WARN("Failed to reset terminal properties: %s.", strerror(errno)); ++ SYSWARN("Failed to reset terminal properties."); + } + return ret; + } +diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c +index 961a3912..f2a25a84 100644 +--- a/src/cmd/isulad/main.c ++++ b/src/cmd/isulad/main.c +@@ -179,7 +179,7 @@ static int mount_rootfs_mnt_dir(const char *mountdir) + if (info == NULL) { + ret = mount(rootfsdir, rootfsdir, "bind", MS_BIND | MS_REC, NULL); + if (ret < 0) { +- ERROR("Failed to mount parent directory %s:%s", rootfsdir, strerror(errno)); ++ SYSERROR("Failed to mount parent directory %s.", rootfsdir); + goto out; + } + } +@@ -212,7 +212,7 @@ static int umount_rootfs_mnt_dir(const char *mntdir) + + ret = umount(dir); + if (ret < 0 && errno != EINVAL) { +- WARN("Failed to umount parent directory %s:%s", dir, strerror(errno)); ++ SYSWARN("Failed to umount parent directory %s.", dir); + goto out; + } + +@@ -252,7 +252,7 @@ static void clean_residual_files() + if (checked_flag == NULL) { + ERROR("Failed to get image checked flag file path"); + } else if (unlink_ignore_enoent(checked_flag)) { +- ERROR("Unlink file: %s error: %s", checked_flag, strerror(errno)); ++ SYSERROR("Unlink file: %s.", checked_flag); + } + free(checked_flag); + +@@ -261,7 +261,7 @@ static void clean_residual_files() + if (fname == NULL) { + ERROR("Failed to get isulad pid file path"); + } else if (unlink(fname) && errno != ENOENT) { +- WARN("Unlink file: %s error: %s", fname, strerror(errno)); ++ SYSWARN("Unlink file: %s.", fname); + } + free(fname); + } +@@ -467,7 +467,7 @@ int check_and_save_pid(const char *fn) + + ret = ftruncate(fd, 0); + if (ret != 0) { +- ERROR("Failed to truncate pid file:%s to 0: %s", fn, strerror(errno)); ++ SYSERROR("Failed to truncate pid file:%s to 0.", fn); + ret = -1; + goto out; + } +@@ -481,7 +481,7 @@ int check_and_save_pid(const char *fn) + + len = util_write_nointr(fd, pidbuf, strlen(pidbuf)); + if (len < 0 || (size_t)len != strlen(pidbuf)) { +- ERROR("Failed to write pid to file:%s: %s", fn, strerror(errno)); ++ SYSERROR("Failed to write pid to file:%s.", fn); + ret = -1; + } + out: +@@ -522,7 +522,7 @@ static int check_hook_spec_file(const char *hook_spec) + return -1; + } + if (stat(hook_spec, &hookstat)) { +- ERROR("Stat hook spec file failed: %s", strerror(errno)); ++ SYSERROR("Stat hook spec file failed."); + return -1; + } + if ((hookstat.st_mode & S_IFMT) != S_IFREG) { +@@ -575,16 +575,16 @@ static void update_isulad_rlimits() + limit.rlim_cur = __ULIMIT_CONFIG_VAL_; + limit.rlim_max = __ULIMIT_CONFIG_VAL_; + if (setrlimit(RLIMIT_NOFILE, &limit)) { +- WARN("Can not set ulimit of RLIMIT_NOFILE: %s", strerror(errno)); ++ SYSWARN("Can not set ulimit of RLIMIT_NOFILE."); + } + + if (setrlimit(RLIMIT_NPROC, &limit)) { +- WARN("Can not set ulimit of RLIMIT_NPROC: %s", strerror(errno)); ++ SYSWARN("Can not set ulimit of RLIMIT_NPROC."); + } + limit.rlim_cur = RLIM_INFINITY; + limit.rlim_max = RLIM_INFINITY; + if (setrlimit(RLIMIT_CORE, &limit)) { +- WARN("Can not set ulimit of RLIMIT_CORE: %s", strerror(errno)); ++ SYSWARN("Can not set ulimit of RLIMIT_CORE."); + } + } + +@@ -808,7 +808,7 @@ static int overlay_supports_selinux(bool *supported) + *supported = false; + fp = fopen("/proc/kallsyms", "re"); + if (fp == NULL) { +- ERROR("Failed to open /proc/kallsyms: %s", strerror(errno)); ++ SYSERROR("Failed to open /proc/kallsyms."); + return -1; + } + __fsetlocking(fp, FSETLOCKING_BYCALLER); +diff --git a/src/daemon/common/sysinfo.c b/src/daemon/common/sysinfo.c +index fbdea4e8..0e3c31e1 100644 +--- a/src/daemon/common/sysinfo.c ++++ b/src/daemon/common/sysinfo.c +@@ -644,7 +644,7 @@ uint64_t get_default_total_mem_size(void) + + fp = util_fopen("/proc/meminfo", "r"); + if (fp == NULL) { +- ERROR("Failed to open /proc/meminfo: %s", strerror(errno)); ++ SYSERROR("Failed to open /proc/meminfo."); + return sysmem_limit; + } + +@@ -684,10 +684,10 @@ char *get_operating_system(void) + + fp = fopen(etcOsRelease, "r"); + if (fp == NULL) { +- INFO("Failed to open %s :%s", etcOsRelease, strerror(errno)); ++ SYSINFO("Failed to open %s.", etcOsRelease); + fp = fopen(altOsRelease, "r"); + if (fp == NULL) { +- ERROR("Failed to open %s :%s", altOsRelease, strerror(errno)); ++ SYSERROR("Failed to open %s.", altOsRelease); + goto out; + } + } +@@ -1021,7 +1021,7 @@ static int get_cgroup_version() + struct statfs fs = { 0 }; + + if (statfs(CGROUP_MOUNTPOINT, &fs) != 0) { +- ERROR("failed to statfs %s: %s", CGROUP_MOUNTPOINT, strerror(errno)); ++ SYSERROR("failed to statfs %s.", CGROUP_MOUNTPOINT); + return -1; + } + +@@ -1299,7 +1299,7 @@ static int cgroup2_enable_all() + ret = util_write_file(CGROUP2_SUBTREE_CONTROLLER_PATH, enable_controllers, strlen(enable_controllers), + DEFAULT_CGROUP_FILE_MODE); + if (ret != 0) { +- ERROR("write %s to %s failed: %s", enable_controllers, CGROUP2_SUBTREE_CONTROLLER_PATH, strerror(errno)); ++ SYSERROR("write %s to %s failed.", enable_controllers, CGROUP2_SUBTREE_CONTROLLER_PATH); + goto out; + } + +diff --git a/src/daemon/entry/connect/grpc/grpc_service.cc b/src/daemon/entry/connect/grpc/grpc_service.cc +index 050a43f8..e37117ae 100644 +--- a/src/daemon/entry/connect/grpc/grpc_service.cc ++++ b/src/daemon/entry/connect/grpc/grpc_service.cc +@@ -106,7 +106,7 @@ public: + for (const auto &address : m_socketPath) { + if (address.find(UNIX_SOCKET_PREFIX) == 0) { + if (unlink(address.c_str() + strlen(UNIX_SOCKET_PREFIX)) < 0 && errno != ENOENT) { +- WARN("Failed to remove '%s':%s", address.c_str(), strerror(errno)); ++ SYSWARN("Failed to remove '%s'.", address.c_str()); + } + } + } +diff --git a/src/daemon/entry/connect/rest/rest_service.c b/src/daemon/entry/connect/rest/rest_service.c +index 77dee8aa..956932db 100644 +--- a/src/daemon/entry/connect/rest/rest_service.c ++++ b/src/daemon/entry/connect/rest/rest_service.c +@@ -98,7 +98,7 @@ int rest_server_init(const char *socket) + } + + if (unlink(g_socketpath + strlen(UNIX_SOCKET_PREFIX)) < 0 && errno != ENOENT) { +- ERROR("Failed to remove '%s':%s, abort", strerror(errno), g_socketpath); ++ SYSERROR("Failed to remove '%s', abort", g_socketpath); + goto error_out; + } + +@@ -139,7 +139,7 @@ void rest_server_shutdown(void) + + if (g_socketpath != NULL) { + if (unlink(g_socketpath + strlen(UNIX_SOCKET_PREFIX)) < 0 && errno != ENOENT) { +- ERROR("Failed to remove '%s':%s", g_socketpath, strerror(errno)); ++ SYSERROR("Failed to remove '%s'.", g_socketpath); + } + } + } +diff --git a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc +index 91ca2735..c9b5527c 100644 +--- a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc ++++ b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc +@@ -824,7 +824,7 @@ auto PodSandboxManagerServiceImpl::ClearCniNetwork(const std::string &realSandbo + // umount netns when cni removed network successfully + if (inspect_data != nullptr && namespace_is_file(inspect_data->host_config->network_mode) && + util_umount_namespace(netnsPath) != 0) { +- ERROR("Failed to umount directory %s:%s", netnsPath, strerror(errno)); ++ SYSERROR("Failed to umount directory %s.", netnsPath); + } + + out: +diff --git a/src/daemon/entry/cri/websocket/service/ws_server.cc b/src/daemon/entry/cri/websocket/service/ws_server.cc +index 6c379d9d..d439dd96 100644 +--- a/src/daemon/entry/cri/websocket/service/ws_server.cc ++++ b/src/daemon/entry/cri/websocket/service/ws_server.cc +@@ -255,7 +255,7 @@ int WebsocketServer::CreateContext() + newLimit.rlim_max = WS_ULIMIT_FDS; + int limited = prlimit(0, RLIMIT_NOFILE, &newLimit, &oldLimit); + if (limited != 0) { +- WARN("Can not set ulimit of RLIMIT_NOFILE: %s", strerror(errno)); ++ SYSWARN("Can not set ulimit of RLIMIT_NOFILE"); + } + m_context = lws_create_context(&info); + if (m_context == nullptr) { +@@ -264,7 +264,7 @@ int WebsocketServer::CreateContext() + } + if (limited == 0) { + if (setrlimit(static_cast(RLIMIT_NOFILE), &oldLimit) != 0) { +- WARN("Can not set ulimit of RLIMIT_NOFILE: %s", strerror(errno)); ++ SYSWARN("Can not set ulimit of RLIMIT_NOFILE"); + } + } + +@@ -563,7 +563,7 @@ void WebsocketServer::Receive(int socketID, void *in, size_t len, bool complete) + DEBUG("Receive remaning stdin data with length %zu", len); + // Too much data may cause error 'resource temporarily unavaliable' by using 'write' + if (util_write_nointr_in_total(m_wsis[socketID]->pipes.at(1), static_cast(in), len) < 0) { +- ERROR("Sub write over! err msg: %s", strerror(errno)); ++ SYSERROR("Sub write over!"); + } + goto out; + } +@@ -580,7 +580,7 @@ void WebsocketServer::Receive(int socketID, void *in, size_t len, bool complete) + + if (*static_cast(in) == WebsocketChannel::STDINCHANNEL) { + if (util_write_nointr_in_total(m_wsis[socketID]->pipes.at(1), static_cast(in) + 1, len - 1) < 0) { +- ERROR("Sub write over! err msg: %s", strerror(errno)); ++ SYSERROR("Sub write over!"); + } + goto out; + } +diff --git a/src/daemon/executor/container_cb/execution.c b/src/daemon/executor/container_cb/execution.c +index f78965df..c5f7a853 100644 +--- a/src/daemon/executor/container_cb/execution.c ++++ b/src/daemon/executor/container_cb/execution.c +@@ -271,7 +271,7 @@ static int prepare_start_io(container_t *cont, const container_start_request *re + + *sync_fd = eventfd(0, EFD_CLOEXEC); + if (*sync_fd < 0) { +- ERROR("Failed to create eventfd: %s", strerror(errno)); ++ SYSERROR("Failed to create eventfd."); + ret = -1; + goto out; + } +@@ -338,13 +338,13 @@ static int maybe_create_cpu_realtime_file(int64_t value, const char *file, const + + fd = util_open(fpath, O_WRONLY | O_TRUNC | O_CREAT | O_CLOEXEC, 0700); + if (fd < 0) { +- ERROR("Failed to open file: %s: %s", fpath, strerror(errno)); ++ SYSERROR("Failed to open file: %s.", fpath); + isulad_set_error_message("Failed to open file: %s: %s", fpath, strerror(errno)); + return -1; + } + nwrite = util_write_nointr(fd, buf, strlen(buf)); + if (nwrite < 0 || (size_t)nwrite != strlen(buf)) { +- ERROR("Failed to write %s to %s: %s", buf, fpath, strerror(errno)); ++ SYSERROR("Failed to write %s to %s.", buf, fpath); + isulad_set_error_message("Failed to write '%s' to '%s': %s", buf, fpath, strerror(errno)); + close(fd); + return -1; +@@ -499,7 +499,7 @@ static void handle_start_io_thread_by_cc(uint32_t cc, int sync_fd, pthread_t thr + } else { + if (sync_fd >= 0) { + if (eventfd_write(sync_fd, 1) < 0) { +- ERROR("Failed to write eventfd: %s", strerror(errno)); ++ SYSERROR("Failed to write eventfd."); + } + } + if (thread_id > 0) { +diff --git a/src/daemon/executor/container_cb/execution_stream.c b/src/daemon/executor/container_cb/execution_stream.c +index 244ec6a0..7e84cca3 100644 +--- a/src/daemon/executor/container_cb/execution_stream.c ++++ b/src/daemon/executor/container_cb/execution_stream.c +@@ -265,7 +265,7 @@ static int attach_prepare_console(const container_t *cont, const container_attac + + *sync_fd = eventfd(0, EFD_CLOEXEC); + if (*sync_fd < 0) { +- ERROR("Failed to create eventfd: %s", strerror(errno)); ++ SYSERROR("Failed to create eventfd."); + ret = -1; + goto out; + } +@@ -295,7 +295,7 @@ static void handle_attach_io_thread_by_cc(uint32_t cc, int sync_fd, pthread_t th + } else { + if (sync_fd >= 0) { + if (eventfd_write(sync_fd, 1) < 0) { +- ERROR("Failed to write eventfd: %s", strerror(errno)); ++ SYSERROR("Failed to write eventfd."); + } + } + if (thread_id > 0) { +@@ -535,7 +535,7 @@ static container_path_stat *do_container_stat_path(const char *rootpath, const c + + nret = lstat(resolvedpath, &st); + if (nret < 0) { +- ERROR("lstat %s: %s", resolvedpath, strerror(errno)); ++ SYSERROR("lstat %s failed.", resolvedpath); + isulad_set_error_message("lstat %s: %s", resolvedpath, strerror(errno)); + goto cleanup; + } +@@ -921,7 +921,7 @@ static int copy_to_container_check_path_valid(const container_t *cont, const cha + + nret = lstat(resolvedpath, &st); + if (nret < 0) { +- ERROR("lstat %s: %s", resolvedpath, strerror(errno)); ++ SYSERROR("lstat %s failed", resolvedpath); + isulad_set_error_message("lstat %s: %s", resolvedpath, strerror(errno)); + goto cleanup; + } +@@ -1092,11 +1092,11 @@ static int64_t do_read_log_file(const char *path, int64_t require_line, long pos + util_usleep_nointerupt(1000); + } + if (fp == NULL) { +- ERROR("open file: %s failed: %s", path, strerror(errno)); ++ SYSERROR("open file: %s failed.", path); + return -1; + } + if (pos > 0 && fseek(fp, pos, SEEK_SET) != 0) { +- ERROR("fseek to %ld failed: %s", pos, strerror(errno)); ++ SYSERROR("fseek to %ld failed.", pos); + read_lines = -1; + goto out; + } +@@ -1211,12 +1211,12 @@ static int do_tail_find(FILE *fp, int64_t require_line, int64_t *get_line, long + int ret = -1; + + if (fseek(fp, 0L, SEEK_END) != 0) { +- ERROR("Fseek failed: %s", strerror(errno)); ++ SYSERROR("Fseek failed"); + goto out; + } + len = ftell(fp); + if (len < 0) { +- ERROR("Ftell failed: %s", strerror(errno)); ++ SYSERROR("Ftell failed"); + goto out; + } + if (len < SECTION_SIZE) { +@@ -1228,7 +1228,7 @@ static int do_tail_find(FILE *fp, int64_t require_line, int64_t *get_line, long + } + while (true) { + if (fseek(fp, pos, SEEK_SET) != 0) { +- ERROR("Fseek failed: %s", strerror(errno)); ++ SYSERROR("Fseek failed"); + goto out; + } + read_size = fread(buffer, sizeof(char), (size_t)step_size, fp); +@@ -1275,7 +1275,7 @@ static int util_find_tail_position(const char *file_name, int64_t require_line, + + fp = util_fopen(file_name, "rb"); + if (fp == NULL) { +- ERROR("open file: %s failed: %s", file_name, strerror(errno)); ++ SYSERROR("open file: %s failed.", file_name); + return -1; + } + +diff --git a/src/daemon/modules/container/container_gc/containers_gc.c b/src/daemon/modules/container/container_gc/containers_gc.c +index 9feb6d3c..8d0647ab 100644 +--- a/src/daemon/modules/container/container_gc/containers_gc.c ++++ b/src/daemon/modules/container/container_gc/containers_gc.c +@@ -83,14 +83,14 @@ static int save_gc_config(const char *json_gc_config) + + fd = util_open(filename, O_CREAT | O_TRUNC | O_CLOEXEC | O_WRONLY, CONFIG_FILE_MODE); + if (fd == -1) { +- ERROR("Create file %s failed: %s", filename, strerror(errno)); ++ SYSERROR("Create file %s failed.", filename); + ret = -1; + goto out; + } + + nret = util_write_nointr(fd, json_gc_config, strlen(json_gc_config)); + if (nret < 0 || (size_t)nret != strlen(json_gc_config)) { +- ERROR("write %s failed: %s", filename, strerror(errno)); ++ SYSERROR("write %s failed.", filename); + ret = -1; + } + close(fd); +diff --git a/src/daemon/modules/container/container_unix.c b/src/daemon/modules/container/container_unix.c +index 224be958..f85e8237 100644 +--- a/src/daemon/modules/container/container_unix.c ++++ b/src/daemon/modules/container/container_unix.c +@@ -479,7 +479,7 @@ static int save_json_config_file(const char *id, const char *rootpath, const cha + + nret = util_atomic_write_file(filename, json_data, strlen(json_data), CONFIG_FILE_MODE, false); + if (nret != 0) { +- ERROR("Write file %s failed: %s", filename, strerror(errno)); ++ SYSERROR("Write file %s failed.", filename); + isulad_set_error_message("Write file '%s' failed: %s", filename, strerror(errno)); + ret = -1; + } +diff --git a/src/daemon/modules/container/leftover_cleanup/cleanup.c b/src/daemon/modules/container/leftover_cleanup/cleanup.c +index c86e3db9..9a38ffc2 100644 +--- a/src/daemon/modules/container/leftover_cleanup/cleanup.c ++++ b/src/daemon/modules/container/leftover_cleanup/cleanup.c +@@ -158,7 +158,7 @@ static bool walk_isulad_tmpdir_cb(const char *path_name, const struct dirent *su + + if (util_detect_mounted(tmpdir)) { + if (umount(tmpdir) != 0) { +- ERROR("Failed to umount target %s, error: %s", tmpdir, strerror(errno)); ++ SYSERROR("Failed to umount target %s", tmpdir); + } + } + +diff --git a/src/daemon/modules/container/supervisor/supervisor.c b/src/daemon/modules/container/supervisor/supervisor.c +index 3ce4ec1e..829e48b1 100644 +--- a/src/daemon/modules/container/supervisor/supervisor.c ++++ b/src/daemon/modules/container/supervisor/supervisor.c +@@ -104,7 +104,7 @@ char *container_exit_fifo_create(const char *cont_state_path) + + ret = mknod(fifo_path, S_IFIFO | S_IRUSR | S_IWUSR, (dev_t)0); + if (ret < 0 && errno != EEXIST) { +- ERROR("Failed to mknod exit monitor fifo %s: %s.", fifo_path, strerror(errno)); ++ SYSERROR("Failed to mknod exit monitor fifo %s.", fifo_path); + return NULL; + } + +@@ -128,7 +128,7 @@ int container_exit_fifo_open(const char *cont_exit_fifo) + + ret = util_open(cont_exit_fifo, O_RDONLY | O_NONBLOCK, 0); + if (ret < 0) { +- ERROR("Failed to open exit monitor FIFO %s: %s.", cont_exit_fifo, strerror(errno)); ++ SYSERROR("Failed to open exit monitor FIFO %s.", cont_exit_fifo); + ret = -1; + goto out; + } +@@ -324,7 +324,7 @@ restart: + if (ret == 0) { + goto restart; + } +- ERROR("Mainloop returned an error: %s", strerror(errno)); ++ SYSERROR("Mainloop returned an error"); + + epoll_loop_close(&g_supervisor_descr); + +diff --git a/src/daemon/modules/events/monitord.c b/src/daemon/modules/events/monitord.c +index 775fb9ab..9edded7a 100644 +--- a/src/daemon/modules/events/monitord.c ++++ b/src/daemon/modules/events/monitord.c +@@ -113,18 +113,18 @@ static void *monitored(void *arg) + mhandler.fifo_path = fifo_file_path; + + if (mknod(fifo_file_path, S_IFIFO | S_IRUSR | S_IWUSR, (dev_t)0) && errno != EEXIST) { +- ERROR("Create monitored fifo file failed: %s", strerror(errno)); ++ SYSERROR("Create monitored fifo file failed"); + goto err; + } + + mhandler.fifo_fd = util_open(fifo_file_path, O_RDWR | O_NONBLOCK | O_CLOEXEC, 0); + if (mhandler.fifo_fd == -1) { +- ERROR("Open monitored fifo file failed: %s", strerror(errno)); ++ SYSERROR("Open monitored fifo file failed"); + goto err; + } + + if (fcntl(mhandler.fifo_fd, F_SETPIPE_SZ, EVENTS_FIFO_SIZE) == -1) { +- ERROR("Set events fifo buffer size failed: %s\n", strerror(errno)); ++ SYSERROR("Set events fifo buffer size failed"); + goto err; + } + +@@ -150,7 +150,7 @@ static void *monitored(void *arg) + ret = epoll_loop(&descr, -1); + } while (ret == 0); + +- ERROR("Mainloop returned an error: %s", strerror(errno)); ++ SYSERROR("Mainloop returned an error"); + goto err2; + + err: +diff --git a/src/daemon/modules/events_sender/event_sender.c b/src/daemon/modules/events_sender/event_sender.c +index a3903f3e..13f3c3e3 100644 +--- a/src/daemon/modules/events_sender/event_sender.c ++++ b/src/daemon/modules/events_sender/event_sender.c +@@ -52,7 +52,7 @@ static void isulad_monitor_fifo_send(const struct monitord_msg *msg) + goto out; + } + +- ERROR("Failed to open fifo to send message: %s.", strerror(errno)); ++ SYSERROR("Failed to open fifo to send message."); + goto out; + } + +diff --git a/src/daemon/modules/image/embedded/db/sqlite_common.c b/src/daemon/modules/image/embedded/db/sqlite_common.c +index 42fdf6d9..89f834a0 100644 +--- a/src/daemon/modules/image/embedded/db/sqlite_common.c ++++ b/src/daemon/modules/image/embedded/db/sqlite_common.c +@@ -49,7 +49,7 @@ int db_sqlite_init(const char *dbpath) + goto cleanup; + } + if (chmod(dbpath, DEFAULT_SECURE_FILE_MODE) != 0) { +- ERROR("Change mode of db file failed: %s", strerror(errno)); ++ SYSERROR("Change mode of db file failed."); + goto cleanup; + } + return 0; +diff --git a/src/daemon/modules/image/external/ext_image.c b/src/daemon/modules/image/external/ext_image.c +index 0d34d5d1..598299ea 100644 +--- a/src/daemon/modules/image/external/ext_image.c ++++ b/src/daemon/modules/image/external/ext_image.c +@@ -65,7 +65,7 @@ int ext_prepare_rf(const im_prepare_request *request, char **real_rootfs) + return -1; + } + if (realpath(request->rootfs, real_path) == NULL) { +- ERROR("Failed to clean rootfs path '%s': %s", request->rootfs, strerror(errno)); ++ SYSERROR("Failed to clean rootfs path '%s'", request->rootfs); + isulad_set_error_message("Failed to clean rootfs path '%s': %s", request->rootfs, strerror(errno)); + return -1; + } +diff --git a/src/daemon/modules/image/image_rootfs_handler.c b/src/daemon/modules/image/image_rootfs_handler.c +index 915c8a33..ceea4f5b 100644 +--- a/src/daemon/modules/image/image_rootfs_handler.c ++++ b/src/daemon/modules/image/image_rootfs_handler.c +@@ -439,7 +439,7 @@ static int read_user_file(const char *basefs, const char *user_path, FILE **stre + + *stream = util_fopen(real_path, "r"); + if (*stream == NULL) { +- WARN("Failed to open %s: %s", real_path, strerror(errno)); ++ SYSWARN("Failed to open %s.", real_path); + ret = 0; + goto out; + } +@@ -460,7 +460,7 @@ static int resolve_basefs(const char *basefs, char **resolved_basefs) + } + + if (stat(real_path, &s) < 0) { +- ERROR("stat failed, error: %s", strerror(errno)); ++ SYSERROR("stat failed."); + return -1; + } + +diff --git a/src/daemon/modules/image/oci/oci_load.c b/src/daemon/modules/image/oci/oci_load.c +index 0d450bb6..2a920c22 100644 +--- a/src/daemon/modules/image/oci/oci_load.c ++++ b/src/daemon/modules/image/oci/oci_load.c +@@ -1028,7 +1028,7 @@ static char *oci_load_path_create() + } + + if (mkdtemp(tmp_dir) == NULL) { +- ERROR("make temporary dir failed: %s", strerror(errno)); ++ SYSERROR("make temporary dir failed"); + isulad_try_set_error_message("make temporary dir failed: %s", strerror(errno)); + ret = -1; + goto out; +diff --git a/src/daemon/modules/image/oci/registry/registry.c b/src/daemon/modules/image/oci/registry/registry.c +index 717f48b5..2cf79fb9 100644 +--- a/src/daemon/modules/image/oci/registry/registry.c ++++ b/src/daemon/modules/image/oci/registry/registry.c +@@ -439,7 +439,7 @@ static int add_cached_layer(char *blob_digest, char *file, thread_fetch_info *in + } + + if (link(src_file, file) != 0) { +- ERROR("link %s to %s failed: %s", src_file, file, strerror(errno)); ++ SYSERROR("link %s to %s failed", src_file, file); + ret = -1; + goto out; + } +@@ -1149,7 +1149,7 @@ static void set_cached_layers_info(char *blob_digest, char *diffid, int result, + continue; + } + if (link(src_file, elem->file) != 0) { +- ERROR("link %s to %s failed: %s", src_file, elem->file, strerror(errno)); ++ SYSERROR("link %s to %s failed", src_file, elem->file); + info->desc->cancel = true; + continue; + } +@@ -1431,8 +1431,7 @@ static void *register_layers_in_thread(void *arg) + // here we can't just break and cleanup resources because threads are running. + // desc is freed if we break and then isulad crash. sleep some time + // instead to avoid cpu full running and then retry. +- ERROR("condition wait for layer %zu to complete failed, ret %d, error: %s", i, cond_ret, +- strerror(errno)); ++ SYSERROR("condition wait for layer %zu to complete failed, ret %d", i, cond_ret); + sleep(10); + continue; + } +@@ -1617,7 +1616,7 @@ static int fetch_all(pull_descriptor *desc) + // here we can't just break and cleanup resources because threads are running. + // desc is freed if we break and then isulad crash. sleep some time + // instead to avoid cpu full running and then retry. +- ERROR("condition wait for all layers to complete failed, ret %d, error: %s", cond_ret, strerror(errno)); ++ SYSERROR("condition wait for all layers to complete failed, ret %d", cond_ret); + sleep(10); + continue; + } +@@ -1911,7 +1910,7 @@ static int prepare_pull_desc(pull_descriptor *desc, registry_pull_options *optio + } + + if (mkdtemp(blobpath) == NULL) { +- ERROR("make temporary direcory failed: %s", strerror(errno)); ++ SYSERROR("make temporary direcory failed"); + ret = -1; + goto out; + } +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c +index 046dd333..ee82e32c 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c +@@ -782,7 +782,7 @@ static int device_file_walk(struct device_set *devset) + } + + if (stat(fname, &st) != 0) { +- ERROR("devmapper: get %s stat error:%s", fname, strerror(errno)); ++ SYSERROR("devmapper: get %s stat failed", fname); + ret = -1; + goto out; + } +@@ -2204,7 +2204,7 @@ static int grow_fs(struct device_set *devset, image_devmapper_device_info *info) + + clean_mount: + if (umount2(FS_MOUNT_POINT, MNT_DETACH) < 0 && errno != EINVAL) { +- WARN("Failed to umount directory %s:%s", FS_MOUNT_POINT, strerror(errno)); ++ SYSWARN("Failed to umount directory %s", FS_MOUNT_POINT); + } + + out: +@@ -3148,7 +3148,7 @@ int unmount_device(const char *hash, const char *mount_path, struct device_set * + } + + if (umount2(mount_path, MNT_DETACH) < 0 && errno != EINVAL) { +- ERROR("Failed to umount directory %s:%s", mount_path, strerror(errno)); ++ SYSERROR("Failed to umount directory %s", mount_path); + ret = -1; + goto free_out; + } +@@ -3405,7 +3405,7 @@ static int umount_deactivate_dev_all(const struct device_set *devset) + } + + if (stat(fname, &st) != 0) { +- ERROR("devmapper: get %s stat error:%s", fname, strerror(errno)); ++ SYSERROR("devmapper: get %s stat failed", fname); + continue; + } + +@@ -3415,7 +3415,7 @@ static int umount_deactivate_dev_all(const struct device_set *devset) + } + + if (umount2(fname, MNT_DETACH) < 0 && errno != EINVAL) { +- ERROR("Failed to umount directory %s:%s", fname, strerror(errno)); ++ SYSERROR("Failed to umount directory %s", fname); + } + + device_info = lookup_device(devset, entry->d_name); +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c +index 9b7e6b17..3a4e1a69 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c +@@ -450,7 +450,7 @@ void dev_udev_wait(uint32_t cookie) + } + + if (pthread_create(&tid, NULL, udev_wait_process, uwait) != 0) { +- ERROR("devmapper: create udev wait process thread error:%s", strerror(errno)); ++ SYSERROR("devmapper: create udev wait process thread error"); + free_udev_wait_pth_t(uwait); + return; + } +@@ -1195,7 +1195,7 @@ void dev_check_sem_set_stat(int *semusz, int *semmni) + } + + if (semctl(0, 0, SEM_INFO, &sinfo) != 0) { +- WARN("Get devmapper library version err:%s", strerror(errno)); ++ SYSWARN("Get devmapper library version err"); + return; + } + +diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c +index 87df8160..64022d89 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c +@@ -2044,7 +2044,7 @@ static int file_crc64(char *file, uint64_t *crc, uint64_t policy) + + fd = util_open(file, O_RDONLY, 0); + if (fd < 0) { +- ERROR("Open file: %s, failed: %s", file, strerror(errno)); ++ SYSERROR("Open file: %s, failed", file); + return -1; + } + +@@ -2066,7 +2066,7 @@ static int file_crc64(char *file, uint64_t *crc, uint64_t policy) + while (true) { + size = util_read_nointr(fd, buffer, BLKSIZE); + if (size < 0) { +- ERROR("read file %s failed: %s", file, strerror(errno)); ++ SYSERROR("read file %s failed", file); + ret = -1; + break; + } else if (size == 0) { +@@ -2114,7 +2114,7 @@ static int valid_crc64(storage_entry *entry, char *rootfs) + if (fname != NULL && util_has_prefix(fname, ".wh.")) { + goto out; + } +- ERROR("stat file or dir: %s, failed: %s", file, strerror(errno)); ++ SYSERROR("stat file or dir: %s, failed", file); + ret = -1; + } else { + if (strlen(entry->payload) != PAYLOAD_CRC_LEN) { +@@ -2181,7 +2181,7 @@ static tar_split *new_tar_split(layer_t *l, const char *tspath) + + ts->tmp_file = fopen(path, "w+"); + if (ts->tmp_file == NULL) { +- ERROR("create tmpfile failed: %s", strerror(errno)); ++ SYSERROR("create tmpfile failed"); + ret = -1; + goto out; + } +@@ -2219,7 +2219,7 @@ static int next_tar_split_entry(tar_split *ts, storage_entry **entry) + if (errno == 0) { + *entry = NULL; + } else { +- ERROR("error read line from tar split: %s", strerror(errno)); ++ SYSERROR("error read line from tar split"); + ret = -1; + } + goto out; +diff --git a/src/daemon/modules/image/oci/storage/storage.c b/src/daemon/modules/image/oci/storage/storage.c +index 5f9dea51..fbaae3fc 100644 +--- a/src/daemon/modules/image/oci/storage/storage.c ++++ b/src/daemon/modules/image/oci/storage/storage.c +@@ -1464,7 +1464,7 @@ static int do_add_checked_layer(const char *lid, int fd, map_t *checked_layers) + // save checked layer ids into file + nret = util_write_nointr(fd, buf, strlen(lid) + 1); + if (nret < 0 || (size_t)nret != strlen(lid) + 1) { +- ERROR("Write checked layer data failed: %s", strerror(errno)); ++ SYSERROR("Write checked layer data failed"); + ret = -1; + goto out; + } +diff --git a/src/daemon/modules/image/oci/utils_images.c b/src/daemon/modules/image/oci/utils_images.c +index e7131351..736bbf0e 100644 +--- a/src/daemon/modules/image/oci/utils_images.c ++++ b/src/daemon/modules/image/oci/utils_images.c +@@ -565,7 +565,7 @@ static int makesure_path_is_dir(char *path) + if (errno == ENOENT) { + return util_mkdir_p(path, TEMP_DIRECTORY_MODE); + } +- ERROR("lstat %s failed: %s", path, strerror(errno)); ++ SYSERROR("lstat %s failed.", path); + return -1; + } + +@@ -625,7 +625,7 @@ int makesure_isulad_tmpdir_perm_right(const char *root_dir) + } + + if (lstat(isulad_tmpdir, &st) != 0) { +- ERROR("lstat %s failed: %s", isulad_tmpdir, strerror(errno)); ++ SYSERROR("lstat %s failed.", isulad_tmpdir); + ret = -1; + goto out; + } +@@ -646,7 +646,7 @@ int makesure_isulad_tmpdir_perm_right(const char *root_dir) + ret = 0; + goto out; + } else { +- ERROR("lchown %s failed: %s", isulad_tmpdir, strerror(errno)); ++ SYSERROR("lchown %s failed", isulad_tmpdir); + } + + out: +diff --git a/src/daemon/modules/log/log_gather.c b/src/daemon/modules/log/log_gather.c +index 9b400f00..780034ee 100644 +--- a/src/daemon/modules/log/log_gather.c ++++ b/src/daemon/modules/log/log_gather.c +@@ -66,7 +66,7 @@ static int file_rotate_gz(const char *file_name, int i) + } + + if (rename(from_path, to_path) < 0 && errno != ENOENT) { +- WARN("Rename file: %s error: %s", from_path, strerror(errno)); ++ SYSWARN("Rename file: %s failed", from_path); + return -1; + } + +@@ -85,7 +85,7 @@ static int file_rotate_me(const char *file_name) + } + + if (rename(file_name, tmp_path) < 0 && errno != ENOENT) { +- WARN("Rename file: %s error: %s", file_name, strerror(errno)); ++ SYSWARN("Rename file: %s failed", file_name); + return -1; + } + +diff --git a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c +index 2b9cf39c..e985cfc1 100644 +--- a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c ++++ b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c +@@ -88,7 +88,7 @@ static int parse_container_pid(const char *S, pid_ppid_info_t *pid_info) + + num = sscanf(S, "%d %Lu %d %Lu", &pid_info->pid, &pid_info->start_time, &pid_info->ppid, &pid_info->pstart_time); + if (num != 4) { // args num to read is 4 +- ERROR("Call sscanf error: %s", errno ? strerror(errno) : ""); ++ SYSERROR("Call sscanf failed."); + return -1; + } + +@@ -210,7 +210,7 @@ static int remove_container_rootpath(const char *id, const char *root_path) + ret = util_recursive_rmdir(cont_root_path, 0); + if (ret != 0) { + const char *tmp_err = (errno != 0) ? strerror(errno) : "error"; +- ERROR("Failed to delete container's root directory %s: %s", cont_root_path, tmp_err); ++ SYSERROR("Failed to delete container's root directory %s.", cont_root_path); + isulad_set_error_message("Failed to delete container's root directory %s: %s", cont_root_path, tmp_err); + ret = -1; + goto out; +@@ -750,7 +750,7 @@ int rt_lcr_kill(const char *id, const char *runtime, const rt_kill_params_t *par + } else { + int ret = kill(params->pid, (int)params->signal); + if (ret < 0) { +- ERROR("Can not kill process (pid=%d) with signal %u: %s", params->pid, params->signal, strerror(errno)); ++ SYSERROR("Can not kill process (pid=%d) with signal %u.", params->pid, params->signal); + return -1; + } + } +diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c +index a218519a..d35e2351 100644 +--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c ++++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c +@@ -388,7 +388,7 @@ static bool shim_alive(const char *workdir) + + ret = kill(pid, 0); + if (ret != 0) { +- INFO("kill 0 shim-pid with error: %s", strerror(errno)); ++ SYSINFO("kill 0 shim-pid with error."); + } + return ret == 0; + } +@@ -775,7 +775,7 @@ static int shim_create(bool fg, const char *id, const char *workdir, const char + + pid = fork(); + if (pid < 0) { +- ERROR("Failed fork for shim parent %s", strerror(errno)); ++ SYSERROR("Failed fork for shim parent"); + close(shim_stderr_pipe[0]); + close(shim_stderr_pipe[1]); + close(shim_stdout_pipe[0]); +@@ -851,7 +851,7 @@ realexec: + + status = util_wait_for_pid_status(pid); + if (status < 0) { +- ERROR("Failed wait shim-parent %d exit %s", pid, strerror(errno)); ++ SYSERROR("Failed wait shim-parent %d exit", pid); + ret = -1; + goto out; + } +@@ -1683,7 +1683,7 @@ int rt_isula_exec_resize(const char *id, const char *runtime, const rt_exec_resi + } + + if (kill(pid, SIGWINCH) < 0) { +- ERROR("can't kill process (pid=%d) with signal %u: %s", pid, SIGWINCH, strerror(errno)); ++ SYSERROR("can't kill process (pid=%d) with signal %u", pid, SIGWINCH); + ret = -1; + goto out; + } +@@ -1711,7 +1711,7 @@ int rt_isula_kill(const char *id, const char *runtime, const rt_kill_params_t *p + } else { + int ret = kill(params->pid, (int)params->signal); + if (ret < 0) { +- ERROR("Can not kill process (pid=%d) with signal %u: %s", params->pid, params->signal, strerror(errno)); ++ SYSERROR("Can not kill process (pid=%d) with signal %u", params->pid, params->signal); + return -1; + } + } +diff --git a/src/daemon/modules/runtime/shim/shim_rt_ops.c b/src/daemon/modules/runtime/shim/shim_rt_ops.c +index d86418b0..fccdf634 100644 +--- a/src/daemon/modules/runtime/shim/shim_rt_ops.c ++++ b/src/daemon/modules/runtime/shim/shim_rt_ops.c +@@ -145,7 +145,7 @@ static int shim_bin_v2_create(const char *runtime, const char *id, const char *w + + pid = fork(); + if (pid < 0) { +- ERROR("Failed to fork for shim parent %s", strerror(errno)); ++ SYSERROR("Failed to fork for shim parent"); + ret = -1; + goto out; + } +@@ -199,7 +199,7 @@ static int shim_bin_v2_create(const char *runtime, const char *id, const char *w + + status = util_wait_for_pid_status(pid); + if (status < 0) { +- ERROR("failed to wait shim-parent %d exit %s", pid, strerror(errno)); ++ SYSERROR("failed to wait shim-parent %d exit", pid); + ret = -1; + goto out; + } +diff --git a/src/daemon/modules/service/io_handler.c b/src/daemon/modules/service/io_handler.c +index 0cb9fda9..474fa650 100644 +--- a/src/daemon/modules/service/io_handler.c ++++ b/src/daemon/modules/service/io_handler.c +@@ -330,7 +330,7 @@ static ssize_t write_to_fifo(void *context, const void *data, size_t len) + fd = *(int *)context; + ret = util_write_nointr_in_total(fd, data, len); + if ((ret <= 0) || (ret != (ssize_t)len)) { +- ERROR("Failed to write %d: %s", fd, strerror(errno)); ++ SYSERROR("Failed to write %d", fd); + return -1; + } + return ret; +@@ -341,7 +341,7 @@ static ssize_t write_to_fd(void *context, const void *data, size_t len) + ssize_t ret; + ret = util_write_nointr(*(int *)context, data, len); + if (ret < 0 || (size_t)ret != len) { +- ERROR("Failed to write: %s", strerror(errno)); ++ SYSERROR("Failed to write"); + return -1; + } + return ret; +diff --git a/src/daemon/modules/service/network_namespace_api.c b/src/daemon/modules/service/network_namespace_api.c +index 4cf44b6a..11246ffb 100644 +--- a/src/daemon/modules/service/network_namespace_api.c ++++ b/src/daemon/modules/service/network_namespace_api.c +@@ -50,7 +50,7 @@ int remove_network_namespace(const char *netns_path) + } + + if (umount2(netns_path, MNT_DETACH) != 0 && errno != EINVAL) { +- ERROR("Failed to umount directory %s:%s", netns_path, strerror(errno)); ++ SYSERROR("Failed to umount directory %s", netns_path); + return -1; + } + +diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c +index 5d8fdf6c..c776e53f 100644 +--- a/src/daemon/modules/service/service_container.c ++++ b/src/daemon/modules/service/service_container.c +@@ -565,7 +565,7 @@ static int umount_dev_tmpfs_for_system_container(const container_t *cont) + return -1; + } + if (umount(rootfs_dev_path) < 0 && errno != ENOENT) { +- WARN("Failed to umount dev tmpfs: %s, error: %s", rootfs_dev_path, strerror(errno)); ++ SYSWARN("Failed to umount dev tmpfs: %s", rootfs_dev_path); + } + } + return 0; +@@ -585,7 +585,7 @@ static int valid_mount_point(container_config_v2_common_config_mount_points_elem + } + + if (lstat(mp->source, &st) != 0) { +- ERROR("lstat %s: %s", mp->source, strerror(errno)); ++ SYSERROR("lstat %s failed", mp->source); + isulad_set_error_message("lstat %s: %s", mp->source, strerror(errno)); + return -1; + } +@@ -669,8 +669,7 @@ static void wait_exit_fifo(const char *id, const int exit_fifo_fd) + descr.timeout_cbdata = container_id; + nret = epoll_loop(&descr, WAIT_TIMEOUT); + if (nret != 0) { +- ERROR("Wait container %s 's monitor on fd %d error: %s", id, exit_fifo_fd, +- errno ? strerror(errno) : ""); ++ SYSERROR("Wait container %s 's monitor on fd %d failed", id, exit_fifo_fd); + goto out; + } + +@@ -1160,7 +1159,7 @@ static int do_delete_container(container_t *cont) + } + ret = util_recursive_rmdir(container_state, 0); + if (ret != 0) { +- ERROR("Failed to delete container's state directory %s: %s", container_state, strerror(errno)); ++ SYSERROR("Failed to delete container's state directory %s", container_state); + ret = -1; + goto out; + } +@@ -1289,7 +1288,7 @@ static int send_signal_to_process(pid_t pid, unsigned long long start_time, uint + } else { + int ret = kill(pid, (int)signal); + if (ret < 0) { +- ERROR("Can not kill process (pid=%d) with signal %u: %s", pid, signal, strerror(errno)); ++ SYSERROR("Can not kill process (pid=%d) with signal %u", pid, signal); + return -1; + } + } +@@ -1957,7 +1956,7 @@ static int exec_prepare_console(const container_t *cont, const container_exec_re + + *sync_fd = eventfd(0, EFD_CLOEXEC); + if (*sync_fd < 0) { +- ERROR("Failed to create eventfd: %s", strerror(errno)); ++ SYSERROR("Failed to create eventfd"); + ret = -1; + goto out; + } +@@ -1984,7 +1983,7 @@ static void exec_container_end(container_exec_response *response, uint32_t cc, i + } + if (sync_fd >= 0 && cc != ISULAD_SUCCESS) { + if (eventfd_write(sync_fd, 1) < 0) { +- ERROR("Failed to write eventfd: %s", strerror(errno)); ++ SYSERROR("Failed to write eventfd"); + } + } + if (thread_id > 0) { +diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c +index 9fec586e..0c7d58b3 100644 +--- a/src/daemon/modules/spec/specs.c ++++ b/src/daemon/modules/spec/specs.c +@@ -2318,7 +2318,7 @@ int save_oci_config(const char *id, const char *rootpath, const oci_runtime_spec + + if (util_atomic_write_file(file_path, json_container, strlen(json_container), DEFAULT_SECURE_FILE_MODE, false) != + 0) { +- ERROR("write json container failed: %s", strerror(errno)); ++ SYSERROR("write json container failed"); + ret = -1; + goto out_free; + } +diff --git a/src/daemon/modules/spec/specs_mount.c b/src/daemon/modules/spec/specs_mount.c +index 3b26e091..cd3a5c9d 100644 +--- a/src/daemon/modules/spec/specs_mount.c ++++ b/src/daemon/modules/spec/specs_mount.c +@@ -1430,7 +1430,7 @@ static int copy_data_to_volume(char *base_fs, defs_mount *mnt) + if (errno == ENOENT) { + goto out; + } +- ERROR("stat for copy data to volume failed: %s", strerror(errno)); ++ SYSERROR("stat for copy data to volume failed"); + ret = -1; + goto out; + } +@@ -2727,7 +2727,7 @@ static int create_shm_path(const char *spath, const int64_t shm_size) + + nret = mount("shm", spath, "tmpfs", MS_NOEXEC | MS_NODEV | MS_NOSUID, shmproperty); + if (nret < 0) { +- ERROR("Mount %s failed: %s", spath, strerror(errno)); ++ SYSERROR("Mount %s failed", spath); + return -1; + } + +diff --git a/src/daemon/modules/spec/verify.c b/src/daemon/modules/spec/verify.c +index 64cf7f18..5b6f298f 100644 +--- a/src/daemon/modules/spec/verify.c ++++ b/src/daemon/modules/spec/verify.c +@@ -248,7 +248,7 @@ static bool check_kernel_version_ge4() + + ret = uname(&uts); + if (ret < 0) { +- WARN("Can not get kernel version: %s", strerror(errno)); ++ SYSWARN("Can not get kernel version"); + } else { + /* greater or equal than 4.0.0, check first part is enough */ + return atoi(uts.release) >= 4; +@@ -1306,7 +1306,7 @@ static int get_source_mount(const char *src, char **srcpath, char **optional) + char *dname = NULL; + + if (realpath(src, real_path) == NULL) { +- ERROR("Failed to get real path for %s : %s", src, strerror(errno)); ++ SYSERROR("Failed to get real path for %s", src); + return -1; + } + +@@ -1509,7 +1509,7 @@ static int verify_custom_mount(defs_mount **mounts, size_t len) + #else + if (!util_file_exists(iter->source) && util_mkdir_p(iter->source, mode)) { + #endif +- ERROR("Failed to create directory '%s': %s", iter->source, strerror(errno)); ++ SYSERROR("Failed to create directory '%s'", iter->source); + isulad_try_set_error_message("Failed to create directory '%s': %s", iter->source, strerror(errno)); + ret = -1; + goto out; +diff --git a/src/daemon/modules/volume/local.c b/src/daemon/modules/volume/local.c +index c46d4de0..f14025e4 100644 +--- a/src/daemon/modules/volume/local.c ++++ b/src/daemon/modules/volume/local.c +@@ -165,7 +165,7 @@ static int init_volume_root_dir(struct volumes_info *vols_info, char *root_dir) + + ret = util_mkdir_p(root_dir, LOCAL_VOLUME_ROOT_DIR_MODE); + if (ret != 0) { +- ERROR("create volume directory %s failed: %s", root_dir, strerror(errno)); ++ SYSERROR("create volume directory %s failed", root_dir); + goto out; + } + +@@ -229,7 +229,7 @@ static char *build_and_valid_data_dir(const char *root_dir, const char *name) + } + + if (lstat(tmp_dir, &st) != 0) { +- ERROR("lstat %s: %s", tmp_dir, strerror(errno)); ++ SYSERROR("lstat %s failed", tmp_dir); + ret = -1; + goto out; + } +@@ -388,7 +388,7 @@ static struct volume *volume_create_nolock(char *name) + + ret = util_mkdir_p(v->path, LOCAL_VOLUME_DIR_MODE); + if (ret != 0) { +- ERROR("failed to create %s for volume %s: %s", v->path, v->name, strerror(errno)); ++ SYSERROR("failed to create %s for volume %s", v->path, v->name); + goto out; + } + +@@ -556,14 +556,14 @@ static int remove_volume_dir(char *path) + // remain untouched if we remove the data directory failed. + ret = util_recursive_rmdir(path, 0); + if (ret != 0) { +- ERROR("failed to remove volume data dir %s: %s", path, strerror(errno)); ++ SYSERROR("failed to remove volume data dir %s", path); + isulad_try_set_error_message("failed to remove volume data dir %s: %s", path, strerror(errno)); + goto out; + } + + ret = util_recursive_rmdir(vol_dir, 0); + if (ret != 0) { +- ERROR("failed to remove volume dir %s: %s", vol_dir, strerror(errno)); ++ SYSERROR("failed to remove volume dir %s", vol_dir); + isulad_try_set_error_message("failed to remove volume dir %s: %s", vol_dir, strerror(errno)); + goto out; + } +@@ -586,7 +586,7 @@ static int volume_remove_nolock(char *name) + } + + if (remove_volume_dir(v->path) != 0) { +- ERROR("failed to remove volume dir %s: %s", v->path, strerror(errno)); ++ SYSERROR("failed to remove volume dir %s", v->path); + return -1; + } + +diff --git a/src/utils/console/console.c b/src/utils/console/console.c +index a160d685..3ef88564 100644 +--- a/src/utils/console/console.c ++++ b/src/utils/console/console.c +@@ -36,7 +36,7 @@ static ssize_t fd_write_function(void *context, const void *data, size_t len) + + ret = util_write_nointr_in_total(*(int *)context, data, len); + if ((ret <= 0) || (ret != (ssize_t)len)) { +- ERROR("Failed to write: %s", strerror(errno)); ++ SYSERROR("Failed to write"); + return -1; + } + return ret; +@@ -100,7 +100,7 @@ static int console_writer_write_data(const struct io_write_wrapper *writer, cons + } + ret = writer->write_func(writer->context, buf, (size_t)len); + if (ret <= 0 || ret != len) { +- ERROR("Failed to write, type: %d, expect: %zd, wrote: %zd, error: %s!", writer->io_type, len, ret, strerror(errno)); ++ SYSERROR("Failed to write, type: %d, expect: %zd, wrote: %zd!", writer->io_type, len, ret); + return -1; + } + return 0; +@@ -215,7 +215,7 @@ int console_fifo_create(const char *fifo_path) + + ret = mknod(fifo_path, S_IFIFO | S_IRUSR | S_IWUSR, (dev_t)0); + if (ret < 0 && errno != EEXIST) { +- ERROR("Failed to mknod monitor fifo %s: %s.", fifo_path, strerror(errno)); ++ SYSERROR("Failed to mknod monitor fifo %s.", fifo_path); + return -1; + } + +@@ -265,7 +265,7 @@ int console_fifo_open(const char *fifo_path, int *fdout, int flags) + + fd = util_open(fifo_path, flags, (mode_t)0); + if (fd < 0) { +- ERROR("Failed to open fifo %s to send message: %s.", fifo_path, strerror(errno)); ++ SYSERROR("Failed to open fifo %s to send message.", fifo_path); + return -1; + } + +@@ -281,7 +281,7 @@ int console_fifo_open_withlock(const char *fifo_path, int *fdout, int flags) + + fd = util_open(fifo_path, flags, 0); + if (fd < 0) { +- WARN("Failed to open fifo %s to send message: %s.", fifo_path, strerror(errno)); ++ SYSWARN("Failed to open fifo %s to send message.", fifo_path); + return -1; + } + +@@ -411,12 +411,12 @@ int console_loop_with_std_fd(int stdinfd, int stdoutfd, int stderrfd, int fifoin + if (tty) { + ret = epoll_loop_add_handler(&descr, ts.stdin_reader, console_cb_tty_stdin_with_escape, &ts); + if (ret) { +- INFO("Add handler for stdinfd faied. with error %s", strerror(errno)); ++ SYSINFO("Add handler for stdinfd faied."); + } + } else { + ret = epoll_loop_add_handler(&descr, ts.stdin_reader, console_cb_stdio_copy, &ts); + if (ret) { +- INFO("Add handler for stdinfd faied. with error %s", strerror(errno)); ++ SYSINFO("Add handler for stdinfd faied."); + } + } + } +diff --git a/src/utils/cutils/path.c b/src/utils/cutils/path.c +index d586e981..51d73445 100644 +--- a/src/utils/cutils/path.c ++++ b/src/utils/cutils/path.c +@@ -698,7 +698,7 @@ static char *find_realpath(const char *path) + + ret = (int)readlink(iter_path, target, PATH_MAX - 1); + if (ret < 0) { +- ERROR("Failed to read link of %s: %s", iter_path, strerror(errno)); ++ SYSERROR("Failed to read link of %s.", iter_path); + goto out; + } + // is not absolutely path +@@ -745,7 +745,7 @@ int util_realpath_in_scope(const char *rootfs, const char *path, char **real_pat + + int nret = snprintf(full_path, sizeof(full_path), "%s%s", rootfs, path); + if (nret < 0 || (size_t)nret >= sizeof(full_path)) { +- ERROR("sprintf error: %s", strerror(errno)); ++ SYSERROR("sprintf failed"); + ret = -1; + goto out; + } +diff --git a/src/utils/cutils/utils.c b/src/utils/cutils/utils.c +index d628e1f6..a994731d 100644 +--- a/src/utils/cutils/utils.c ++++ b/src/utils/cutils/utils.c +@@ -474,7 +474,7 @@ proc_t *util_stat2proc(const char *s, size_t len) + num = sscanf(s, "%d (%15c", &p->pid, p->cmd); + #endif + if (num != 2) { +- ERROR("Call sscanf error: %s", errno ? strerror(errno) : ""); ++ SYSERROR("Call sscanf error"); + free(p); + return NULL; + } +@@ -489,7 +489,7 @@ proc_t *util_stat2proc(const char *s, size_t len) + &p->maj_flt, &p->cmaj_flt, &p->utime, &p->stime, &p->cutime, &p->cstime, &p->priority, &p->nice, + &p->timeout, &p->it_real_value, &p->start_time); + if (num != 20) { // max arg to read +- ERROR("Call sscanf error: %s", errno ? strerror(errno) : ""); ++ SYSERROR("Call sscanf error"); + free(p); + return NULL; + } +@@ -1137,7 +1137,7 @@ static int set_echo_back(bool echo_back) + struct termios old, new; + + if (tcgetattr(STDIN_FILENO, &old)) { +- ERROR("get tc attribute failed: %s\n", strerror(errno)); ++ SYSERROR("get tc attribute failed"); + return -1; + } + +@@ -1150,7 +1150,7 @@ static int set_echo_back(bool echo_back) + } + + if (tcsetattr(STDIN_FILENO, TCSANOW, &new)) { +- ERROR("set tc attribute failed: %s\n", strerror(errno)); ++ SYSERROR("set tc attribute failed"); + return -1; + } + +@@ -1413,7 +1413,7 @@ int util_normalized_host_os_arch(char **host_os, char **host_arch, char **host_v + } + + if (uname(&uts) < 0) { +- ERROR("Failed to read host arch and os: %s", strerror(errno)); ++ SYSERROR("Failed to read host arch and os"); + ret = -1; + goto out; + } +diff --git a/src/utils/cutils/utils_aes.c b/src/utils/cutils/utils_aes.c +index 055a9538..2eecf2d6 100644 +--- a/src/utils/cutils/utils_aes.c ++++ b/src/utils/cutils/utils_aes.c +@@ -72,13 +72,13 @@ int util_aes_key(const char *key_file, bool create, unsigned char *aeskey) + } else { + fd = open(key_file, O_RDONLY); + if (fd < 0) { +- ERROR("open key file %s failed: %s", key_file, strerror(errno)); ++ SYSERROR("open key file %s failed", key_file); + ret = -1; + goto out; + } + + if (util_read_nointr(fd, aeskey, AES_256_CFB_KEY_LEN) != AES_256_CFB_KEY_LEN) { +- ERROR("read key file %s failed: %s", key_file, strerror(errno)); ++ SYSERROR("read key file %s failed", key_file); + ret = -1; + goto out; + } +@@ -163,14 +163,14 @@ int util_aes_encode(unsigned char *aeskey, unsigned char *bytes, size_t len, uns + evp_ret = EVP_EncryptInit(ctx, cipher, aeskey, iv); + #endif + if (evp_ret != 1) { +- ERROR("init evp decrypt failed, result %d: %s", evp_ret, strerror(errno)); ++ SYSERROR("init evp decrypt failed, result %d", evp_ret); + ret = -1; + goto out; + } + + evp_ret = EVP_EncryptUpdate(ctx, (*out) + AES_256_CFB_IV_LEN, &tmp_out_len, bytes, len); + if (evp_ret != 1) { +- ERROR("evp encrypt update failed, result %d: %s", evp_ret, strerror(errno)); ++ SYSERROR("evp encrypt update failed, result %d", evp_ret); + ret = -1; + goto out; + } +@@ -182,7 +182,7 @@ int util_aes_encode(unsigned char *aeskey, unsigned char *bytes, size_t len, uns + evp_ret = EVP_EncryptFinal(ctx, (*out) + AES_256_CFB_IV_LEN + tmp_out_len, &tmp_out_len); + #endif + if (evp_ret != 1) { +- ERROR("evp encrypt final failed, result %d: %s", evp_ret, strerror(errno)); ++ SYSERROR("evp encrypt final failed, result %d", evp_ret); + ret = -1; + goto out; + } +@@ -256,7 +256,7 @@ int util_aes_decode(unsigned char *aeskey, unsigned char *bytes, size_t len, uns + evp_ret = EVP_DecryptInit(ctx, cipher, aeskey, iv); + #endif + if (evp_ret != 1) { +- ERROR("init evp decrypt failed, result %d: %s", evp_ret, strerror(errno)); ++ SYSERROR("init evp decrypt failed, result %d", evp_ret); + ret = -1; + goto out; + } +@@ -264,7 +264,7 @@ int util_aes_decode(unsigned char *aeskey, unsigned char *bytes, size_t len, uns + expected_size = len - AES_256_CFB_IV_LEN; + evp_ret = EVP_DecryptUpdate(ctx, *out, &tmp_out_len, bytes + AES_256_CFB_IV_LEN, expected_size); + if (evp_ret != 1) { +- ERROR("evp decrypt update failed, result %d: %s", evp_ret, strerror(errno)); ++ SYSERROR("evp decrypt update failed, result %d", evp_ret); + ret = -1; + goto out; + } +@@ -276,7 +276,7 @@ int util_aes_decode(unsigned char *aeskey, unsigned char *bytes, size_t len, uns + evp_ret = EVP_DecryptFinal(ctx, (*out) + tmp_out_len, &tmp_out_len); + #endif + if (evp_ret != 1) { +- ERROR("evp decrypt final failed, result %d: %s", evp_ret, strerror(errno)); ++ SYSERROR("evp decrypt final failed, result %d", evp_ret); + ret = -1; + goto out; + } +diff --git a/src/utils/cutils/utils_base64.c b/src/utils/cutils/utils_base64.c +index 3871140e..78e5ae0d 100644 +--- a/src/utils/cutils/utils_base64.c ++++ b/src/utils/cutils/utils_base64.c +@@ -47,7 +47,7 @@ int util_base64_encode(unsigned char *bytes, size_t len, char **out) + } + + if (EVP_EncodeBlock((uint8_t *)(*out), (const uint8_t *)bytes, len) == 0) { +- ERROR("Encode base64 failed: %s", strerror(errno)); ++ SYSERROR("Encode base64 failed"); + free(encoded); + return -1; + } +@@ -78,7 +78,7 @@ int util_base64_decode(const char *input, size_t len, unsigned char **out, size_ + } + + if (EVP_DecodeBase64((uint8_t *)decoded, &decoded_size, decoded_size, (const uint8_t *)input, len) == 0) { +- ERROR("Decode base64 failed: %s", strerror(errno)); ++ SYSERROR("Decode base64 failed"); + free(decoded); + return -1; + } +diff --git a/src/utils/cutils/utils_file.c b/src/utils/cutils/utils_file.c +index 0b73e652..749cdb16 100644 +--- a/src/utils/cutils/utils_file.c ++++ b/src/utils/cutils/utils_file.c +@@ -227,7 +227,7 @@ int util_mkdir_p_userns_remap(const char *dir, mode_t mode, const char *userns_r + if (*cur_dir) { + ret = mkdir(cur_dir, mode); + if (ret != 0 && (errno != EEXIST || !util_dir_exists(cur_dir))) { +- ERROR("failed to create directory '%s': %s", cur_dir, strerror(errno)); ++ SYSERROR("failed to create directory '%s'", cur_dir); + goto err_out; + } + if (ret == 0 && userns_remap != NULL && chown(cur_dir, host_uid, host_gid) != 0) { +@@ -314,14 +314,14 @@ bool util_force_remove_file(const char *fname, int *saved_errno) + if (saved_errno != NULL && *saved_errno == 0) { + *saved_errno = errno; + } +- WARN("Failed to delete %s: %s", fname, strerror(errno)); ++ SYSWARN("Failed to delete %s", fname); + + if (mark_file_mutable(fname) != 0) { + WARN("Failed to mark file mutable"); + } + + if (unlink(fname) != 0) { +- ERROR("Failed to delete \"%s\": %s", fname, strerror(errno)); ++ SYSERROR("Failed to delete \"%s\"", fname); + return false; + } + +@@ -337,7 +337,7 @@ static int recursive_rmdir_next_depth(struct stat fstat, const char *fname, int + } + } else { + if (unlink(fname) < 0) { +- ERROR("Failed to delete %s: %s", fname, strerror(errno)); ++ SYSERROR("Failed to delete %s", fname); + if (*saved_errno == 0) { + *saved_errno = errno; + } +@@ -347,7 +347,7 @@ static int recursive_rmdir_next_depth(struct stat fstat, const char *fname, int + } + + if (unlink(fname) < 0) { +- ERROR("Failed to delete \"%s\": %s", fname, strerror(errno)); ++ SYSERROR("Failed to delete \"%s\"", fname); + failure = 1; + } + } +@@ -721,7 +721,7 @@ int util_gzip_compressed(const char *filename, bool *gzip) + + f = fopen(filename, "rb"); + if (f == NULL) { +- ERROR("Failed to open file %s: %s", filename, strerror(errno)); ++ SYSERROR("Failed to open file %s", filename); + return -1; + } + +@@ -897,7 +897,7 @@ char *util_read_text_file(const char *path) + + readlen = fread(buf, 1, (size_t)len, filp); + if (((readlen < (size_t)len) && (!feof(filp))) || (readlen > (size_t)len)) { +- ERROR("Failed to read file %s, error: %s\n", path, strerror(errno)); ++ SYSERROR("Failed to read file %s.", path); + UTIL_FREE_AND_SET_NULL(buf); + goto err_out; + } +@@ -923,7 +923,7 @@ int64_t util_file_size(const char *filename) + } + + if (stat(filename, &st)) { +- WARN("stat file %s failed: %s", filename, strerror(errno)); ++ SYSWARN("stat file %s failed", filename); + return -1; + } + +@@ -942,7 +942,7 @@ int util_scan_subdirs(const char *directory, subdir_callback_t cb, void *context + + dir = opendir(directory); + if (dir == NULL) { +- ERROR("Failed to open directory: %s error:%s", directory, strerror(errno)); ++ SYSERROR("Failed to open directory: %s", directory); + return -1; + } + +@@ -977,7 +977,7 @@ int util_list_all_subdir(const char *directory, char ***out) + + dir = opendir(directory); + if (dir == NULL) { +- ERROR("Failed to open directory: %s error:%s", directory, strerror(errno)); ++ SYSERROR("Failed to open directory: %s", directory); + return -1; + } + direntp = readdir(dir); +@@ -1125,14 +1125,14 @@ int util_write_file(const char *fname, const char *content, size_t content_len, + } + dst_fd = util_open(fname, O_WRONLY | O_CREAT | O_TRUNC, mode); + if (dst_fd < 0) { +- ERROR("Creat file: %s, failed: %s", fname, strerror(errno)); ++ SYSERROR("Creat file: %s, failed", fname); + ret = -1; + goto free_out; + } + len = util_write_nointr(dst_fd, content, content_len); + if (len < 0 || ((size_t)len) != content_len) { + ret = -1; +- ERROR("Write file failed: %s", strerror(errno)); ++ SYSERROR("Write file failed"); + goto free_out; + } + free_out: +@@ -1151,7 +1151,7 @@ char *verify_file_and_get_real_path(const char *file) + return NULL; + } + if (realpath(file, resolved_path) == NULL) { +- ERROR("Failed to get realpath: %s , %s", resolved_path, strerror(errno)); ++ SYSERROR("Failed to get realpath: %s.", resolved_path); + return NULL; + } + +@@ -1181,33 +1181,33 @@ int util_copy_file(const char *src_file, const char *dst_file, mode_t mode) + } + nret = realpath(src_file, real_src_file); + if (nret == NULL) { +- ERROR("real path: %s, return: %s", src_file, strerror(errno)); ++ SYSERROR("real path: %s failed.", src_file); + ret = -1; + return ret; + } + src_fd = util_open(real_src_file, O_RDONLY, CONFIG_FILE_MODE); + if (src_fd < 0) { +- ERROR("Open src file: %s, failed: %s", real_src_file, strerror(errno)); ++ SYSERROR("Open src file: %s, failed", real_src_file); + ret = -1; + goto free_out; + } + dst_fd = util_open(dst_file, O_WRONLY | O_CREAT | O_TRUNC, mode); + if (dst_fd < 0) { +- ERROR("Creat file: %s, failed: %s", dst_file, strerror(errno)); ++ SYSERROR("Creat file: %s, failed", dst_file); + ret = -1; + goto free_out; + } + while (true) { + ssize_t len = util_read_nointr(src_fd, buf, BUFSIZE); + if (len < 0) { +- ERROR("Read src file failed: %s", strerror(errno)); ++ SYSERROR("Read src file failed"); + ret = -1; + goto free_out; + } else if (len == 0) { + break; + } + if (util_write_nointr(dst_fd, buf, (size_t)len) != len) { +- ERROR("Write file failed: %s", strerror(errno)); ++ SYSERROR("Write file failed"); + ret = -1; + goto free_out; + } +@@ -1499,7 +1499,7 @@ static int do_atomic_write_file(const char *fname, const char *content, size_t c + + dst_fd = util_open(fname, O_WRONLY | O_CREAT | O_TRUNC, mode); + if (dst_fd < 0) { +- ERROR("Creat file: %s, failed: %s", fname, strerror(errno)); ++ SYSERROR("Creat file: %s, failed", fname); + ret = -1; + goto free_out; + } +@@ -1507,7 +1507,7 @@ static int do_atomic_write_file(const char *fname, const char *content, size_t c + len = util_write_nointr(dst_fd, content, content_len); + if (len < 0 || ((size_t)len) != content_len) { + ret = -1; +- ERROR("Write file failed: %s", strerror(errno)); ++ SYSERROR("Write file failed"); + goto free_out; + } + +@@ -1683,7 +1683,7 @@ int util_proc_file_line_by_line(FILE *fp, read_line_callback_t cb, void *context + // end of file + if (errno != 0) { + ret = -1; +- ERROR("read line failed: %s", strerror(errno)); ++ SYSERROR("read line failed"); + } + goto out; + } +@@ -1771,7 +1771,7 @@ static int copy_own(char *copy_dst, struct stat *src_stat) + struct stat dst_stat = { 0 }; + + if (lstat(copy_dst, &dst_stat) != 0) { +- ERROR("lstat %s failed: %s", copy_dst, strerror(errno)); ++ SYSERROR("lstat %s failed", copy_dst); + return -1; + } + +@@ -1780,7 +1780,7 @@ static int copy_own(char *copy_dst, struct stat *src_stat) + return 0; + } + +- ERROR("lchown %s failed: %s", copy_dst, strerror(errno)); ++ SYSERROR("lchown %s failed", copy_dst); + + return ret; + } +@@ -1792,7 +1792,7 @@ static int copy_mode(char *copy_dst, struct stat *src_stat) + } + + if (chmod(copy_dst, src_stat->st_mode) != 0) { +- ERROR("chmod %s failed: %s", copy_dst, strerror(errno)); ++ SYSERROR("chmod %s failed", copy_dst); + return -1; + } + +@@ -1805,7 +1805,7 @@ static int copy_time(char *copy_dst, struct stat *src_stat) + + // copy_dst is absolute path, so first argment is ignored. + if (utimensat(0, copy_dst, tm, AT_SYMLINK_NOFOLLOW) != 0) { +- ERROR("failed to set time of %s: %s", copy_dst, strerror(errno)); ++ SYSERROR("failed to set time of %s", copy_dst); + return -1; + } + +@@ -1816,10 +1816,10 @@ static int set_one_xattr(char *copy_dst, char *key, char *value, ssize_t size) + { + if (lsetxattr(copy_dst, key, value, size, 0) != 0) { + if (errno == ENOTSUP) { +- DEBUG("ignore copy xattr %s of %s: %s", key, copy_dst, strerror(errno)); ++ SYSDEBUG("ignore copy xattr %s of %s", key, copy_dst); + return 0; + } +- ERROR("failed to set xattr %s of %s: %s", key, copy_dst, strerror(errno)); ++ SYSERROR("failed to set xattr %s of %s", key, copy_dst); + return -1; + } + +@@ -1841,10 +1841,10 @@ static int do_copy_xattrs(char *copy_dst, char *copy_src, char *xattrs, ssize_t + size = lgetxattr(copy_src, key, NULL, 0); + if (size < 0) { + if (errno == ENOTSUP) { +- DEBUG("ignore copy xattr %s of %s: %s", key, copy_src, strerror(errno)); ++ SYSDEBUG("ignore copy xattr %s of %s", key, copy_src); + continue; + } +- ERROR("failed to get xattr %s of %s: %s", key, copy_src, strerror(errno)); ++ SYSERROR("failed to get xattr %s of %s", key, copy_src); + ret = -1; + goto out; + } +@@ -1865,10 +1865,10 @@ static int do_copy_xattrs(char *copy_dst, char *copy_src, char *xattrs, ssize_t + + if (lgetxattr(copy_src, key, value, size) < 0) { + if (errno == ENOTSUP) { +- DEBUG("ignore copy xattr %s of %s: %s", key, copy_src, strerror(errno)); ++ SYSDEBUG("ignore copy xattr %s of %s", key, copy_src); + continue; + } +- ERROR("failed to get xattr %s of %s: %s", key, copy_src, strerror(errno)); ++ SYSERROR("failed to get xattr %s of %s", key, copy_src); + ret = -1; + goto out; + } +@@ -1894,10 +1894,10 @@ static int copy_xattrs(char *copy_dst, char *copy_src) + xattrs_len = llistxattr(copy_src, NULL, 0); + if (xattrs_len < 0) { + if (errno == ENOTSUP) { +- DEBUG("ignore copy xattrs of %s: %s", copy_src, strerror(errno)); ++ SYSDEBUG("ignore copy xattrs of %s", copy_src); + return 0; + } +- ERROR("failed to get xattrs length of %s: %s", copy_src, strerror(errno)); ++ SYSERROR("failed to get xattrs length of %s", copy_src); + return -1; + } + +@@ -1914,10 +1914,10 @@ static int copy_xattrs(char *copy_dst, char *copy_src) + + if (llistxattr(copy_src, xattrs, xattrs_len) < 0) { + if (errno == ENOTSUP) { +- DEBUG("ignore copy xattrs of %s: %s", copy_src, strerror(errno)); ++ SYSDEBUG("ignore copy xattrs of %s", copy_src); + goto out; + } +- ERROR("failed to list xattrs of %s: %s", copy_src, strerror(errno)); ++ SYSERROR("failed to list xattrs of %s", copy_src); + ret = -1; + goto out; + } +@@ -1963,7 +1963,7 @@ static int copy_folder(char *copy_dst, char *copy_src) + struct stat dst_stat = { 0 }; + + if (lstat(copy_src, &src_stat) != 0) { +- ERROR("stat %s failed: %s", copy_src, strerror(errno)); ++ SYSERROR("stat %s failed", copy_src); + return -1; + } + if (!S_ISDIR(src_stat.st_mode)) { +@@ -1973,7 +1973,7 @@ static int copy_folder(char *copy_dst, char *copy_src) + + if (lstat(copy_dst, &dst_stat) != 0) { + if (mkdir(copy_dst, src_stat.st_mode) != 0) { +- ERROR("failed to mkdir %s: %s", copy_dst, strerror(errno)); ++ SYSERROR("failed to mkdir %s", copy_dst); + return -1; + } + } else if (!S_ISDIR(dst_stat.st_mode)) { +@@ -1981,7 +1981,7 @@ static int copy_folder(char *copy_dst, char *copy_src) + return -1; + } else { + if (chmod(copy_dst, src_stat.st_mode) != 0) { +- ERROR("failed to chmod %s: %s", copy_dst, strerror(errno)); ++ SYSERROR("failed to chmod %s.", copy_dst); + return -1; + } + } +@@ -1998,7 +1998,7 @@ static int copy_regular(char *copy_dst, char *copy_src, struct stat *src_stat, m + target = map_search(inodes, (void *)(&(src_stat->st_ino))); + if (target != NULL) { + if (link(target, copy_dst) != 0) { +- ERROR("failed to link %s to %s: %s", target, copy_dst, strerror(errno)); ++ SYSERROR("failed to link %s to %s", target, copy_dst); + return -1; + } + return 0; +@@ -2018,12 +2018,12 @@ static int copy_symbolic(char *copy_dst, char *copy_src) + char link[PATH_MAX] = { 0 }; + + if (readlink(copy_src, link, sizeof(link)) < 0) { +- ERROR("readlink of %s failed: %s", copy_src, strerror(errno)); ++ SYSERROR("readlink of %s failed", copy_src); + return -1; + } + + if (symlink(link, copy_dst) != 0) { +- ERROR("create symbolic %s failed: %s", copy_dst, strerror(errno)); ++ SYSERROR("create symbolic %s failed", copy_dst); + return -1; + } + +@@ -2033,7 +2033,7 @@ static int copy_symbolic(char *copy_dst, char *copy_src) + static int copy_device(char *copy_dst, char *copy_src, struct stat *src_stat) + { + if (mknod(copy_dst, src_stat->st_mode, src_stat->st_dev) != 0) { +- ERROR("mknod %s failed: %s", copy_dst, strerror(errno)); ++ SYSERROR("mknod %s failed", copy_dst); + return -1; + } + return 0; +diff --git a/src/utils/cutils/utils_fs.c b/src/utils/cutils/utils_fs.c +index ae71f3ba..63f6d2aa 100644 +--- a/src/utils/cutils/utils_fs.c ++++ b/src/utils/cutils/utils_fs.c +@@ -449,7 +449,7 @@ static int do_real_mount(const char *src, const char *dst, const char *mtype, un + if (!is_remount(src, mntflags) || (mntdata != NULL && strcmp(mntdata, "") != 0)) { + ret = mount(src, dst, mtype, oflags, mntdata); + if (ret < 0) { +- ERROR("Failed to mount from %s to %s:%s", src, dst, strerror(errno)); ++ SYSERROR("Failed to mount from %s to %s", src, dst); + goto out; + } + } +@@ -458,7 +458,7 @@ static int do_real_mount(const char *src, const char *dst, const char *mtype, un + // Change the propagation type. + ret = mount("", dst, "", mntflags & PROPAGATION_FLAGS, ""); + if (ret < 0) { +- ERROR("Failed to change the propagation type of dst %s:%s", dst, strerror(errno)); ++ SYSERROR("Failed to change the propagation type of dst %s.", dst); + goto out; + } + } +@@ -467,7 +467,7 @@ static int do_real_mount(const char *src, const char *dst, const char *mtype, un + // Remount the bind to apply read only. + ret = mount("", dst, "", oflags | MS_REMOUNT, ""); + if (ret < 0) { +- ERROR("Failed to remount the bind to apply read only of dst %s:%s", dst, strerror(errno)); ++ SYSERROR("Failed to remount the bind to apply read only of dst %s.", dst); + goto out; + } + } +@@ -576,7 +576,7 @@ static int util_mount_from_handler(const char *src, const char *dst, const char + + ret = mount(src, dst, mtype, mntflags, mntdata); + if (ret < 0) { +- ERROR("Failed to mount from %s to %s:%s", src, dst, strerror(errno)); ++ SYSERROR("Failed to mount from %s to %s.", src, dst); + goto out; + } + out: +@@ -596,7 +596,7 @@ int util_mount_from(const char *base, const char *src, const char *dst, const ch + + pid = fork(); + if (pid == (pid_t) -1) { +- ERROR("Failed to fork: %s", strerror(errno)); ++ SYSERROR("Failed to fork"); + goto cleanup; + } + +@@ -652,7 +652,7 @@ bool util_check_readonly_fs(const char *path) + continue; + } + +- ERROR("Stat fs failed: %s", strerror(errno)); ++ SYSERROR("Stat fs failed"); + return false; + } + +diff --git a/src/utils/cutils/utils_verify.c b/src/utils/cutils/utils_verify.c +index 6fec2c9a..d4c46199 100644 +--- a/src/utils/cutils/utils_verify.c ++++ b/src/utils/cutils/utils_verify.c +@@ -474,7 +474,7 @@ bool util_valid_file(const char *path, uint32_t fmod) + + nret = stat(path, &s); + if (nret < 0) { +- ERROR("stat failed, error: %s", strerror(errno)); ++ SYSERROR("stat failed"); + return false; + } + +diff --git a/src/utils/http/http.c b/src/utils/http/http.c +index 1b0ba5be..52b05fa3 100644 +--- a/src/utils/http/http.c ++++ b/src/utils/http/http.c +@@ -323,7 +323,7 @@ static int ensure_path_file(char **rpath, void *output, bool resume, FILE **page + if (resume) { + mode = "a"; + if (stat(*rpath, &st) < 0) { +- ERROR("stat %s failed: %s", *rpath, strerror(errno)); ++ SYSERROR("stat %s failed", *rpath); + return -1; + } + *fsize = (size_t)st.st_size; +diff --git a/src/utils/sha256/sha256.c b/src/utils/sha256/sha256.c +index 674c3289..4e692355 100644 +--- a/src/utils/sha256/sha256.c ++++ b/src/utils/sha256/sha256.c +@@ -124,7 +124,7 @@ char *sha256_digest_file(const char *filename, bool isgzip) + stream = (void *)fopen(filename, "r"); + } + if (stream == NULL) { +- ERROR("open file %s failed: %s", filename, strerror(errno)); ++ SYSERROR("open file %s failed", filename); + return NULL; + } + +@@ -259,13 +259,13 @@ static char *cal_file_digest(const char *filename) + + fp = util_fopen(filename, "r"); + if (fp == NULL) { +- ERROR("failed to open file %s: %s", filename, strerror(errno)); ++ SYSERROR("failed to open file %s.", filename); + return NULL; + } + + digest = sha256_digest_file(filename, false); + if (digest == NULL) { +- ERROR("calc digest for file %s failed: %s", filename, strerror(errno)); ++ SYSERROR("calc digest for file %s failed", filename); + goto err_out; + } + +@@ -299,7 +299,7 @@ static char *cal_gzip_digest(const char *filename) + + digest = sha256_digest_file(filename, true); + if (digest == NULL) { +- ERROR("calc digest for file %s failed: %s", filename, strerror(errno)); ++ SYSERROR("calc digest for file %s failed", filename); + goto err_out; + } + +diff --git a/src/utils/tar/isulad_tar.c b/src/utils/tar/isulad_tar.c +index 751616e7..fa844919 100644 +--- a/src/utils/tar/isulad_tar.c ++++ b/src/utils/tar/isulad_tar.c +@@ -114,7 +114,7 @@ static int resolve_host_source_path(const char *path, bool follow_link, char **r + + if (follow_link) { + if (realpath(path, real_path) == NULL) { +- ERROR("Can not get real path of %s: %s", real_path, strerror(errno)); ++ SYSERROR("Can not get real path of %s.", real_path); + format_errorf(err, "Can not get real path of %s: %s", real_path, strerror(errno)); + return -1; + } +@@ -131,7 +131,7 @@ static int resolve_host_source_path(const char *path, bool follow_link, char **r + goto cleanup; + } + if (realpath(dirpath, real_path) == NULL) { +- ERROR("Can not get real path of %s: %s", dirpath, strerror(errno)); ++ SYSERROR("Can not get real path of %s.", dirpath); + format_errorf(err, "Can not get real path of %s: %s", dirpath, strerror(errno)); + goto cleanup; + } +@@ -192,7 +192,7 @@ struct archive_copy_info *copy_info_source_path(const char *path, bool follow_li + + nret = lstat(resolved_path, &st); + if (nret < 0) { +- ERROR("lstat %s: %s", resolved_path, strerror(errno)); ++ SYSERROR("lstat %s failed", resolved_path); + format_errorf(err, "lstat %s: %s", resolved_path, strerror(errno)); + goto cleanup; + } +@@ -226,7 +226,7 @@ static int copy_info_destination_path_ret(struct archive_copy_info *info, struct + + ret = (int)readlink(iter_path, target, PATH_MAX); + if (ret < 0) { +- ERROR("Failed to read link of %s: %s", iter_path, strerror(errno)); ++ SYSERROR("Failed to read link of %s", iter_path); + format_errorf(err, "Failed to read link of %s: %s", iter_path, strerror(errno)); + goto cleanup; + } +@@ -259,7 +259,7 @@ static int copy_info_destination_path_ret(struct archive_copy_info *info, struct + if (ret != 0) { + char *dst_parent = NULL; + if (errno != ENOENT) { +- ERROR("Can not stat %s: %s", iter_path, strerror(errno)); ++ SYSERROR("Can not stat %s", iter_path); + format_errorf(err, "Can not stat %s: %s", iter_path, strerror(errno)); + goto cleanup; + } +@@ -429,7 +429,7 @@ static int tar_resource_rebase(const char *path, const char *rebase, const char + char *srcbase = NULL; + + if (lstat(path, &st) < 0) { +- ERROR("lstat %s: %s", path, strerror(errno)); ++ SYSERROR("lstat %s failed", path); + format_errorf(err, "lstat %s: %s", path, strerror(errno)); + return -1; + } +diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c +index 46621cc1..89b075d3 100644 +--- a/src/utils/tar/util_archive.c ++++ b/src/utils/tar/util_archive.c +@@ -340,7 +340,7 @@ static int copy_data(struct archive *ar, struct archive *aw) + } + r = archive_write_data_block(aw, buff, size, offset); + if (r < ARCHIVE_OK) { +- ERROR("tar extraction error: %s, %s", archive_error_string(aw), strerror(archive_errno(aw))); ++ ERROR("tar extraction error: %s", archive_error_string(aw)); + return r; + } + } +@@ -669,7 +669,7 @@ int archive_unpack_handler(const struct io_read_wrapper *content, const struct a + ret = archive_read_open(a, mydata, NULL, read_content, NULL); + if (ret != 0) { + ERROR("Failed to open archive: %s", archive_error_string(a)); +- fprintf(stderr, "Failed to open archive: %s", strerror(errno)); ++ fprintf(stderr, "Failed to open archive: %s", archive_error_string(a)); + ret = -1; + goto out; + } +@@ -685,9 +685,8 @@ int archive_unpack_handler(const struct io_read_wrapper *content, const struct a + } + + if (ret != ARCHIVE_OK) { +- ERROR("Warning reading tar header: %s, %s", archive_error_string(a), strerror(archive_errno(a))); +- (void)fprintf(stderr, "Warning reading tar header: %s, %s", archive_error_string(a), +- strerror(archive_errno(a))); ++ ERROR("Warning reading tar header: %s", archive_error_string(a)); ++ (void)fprintf(stderr, "Warning reading tar header: %s", archive_error_string(a)); + ret = -1; + goto out; + } +@@ -721,26 +720,23 @@ int archive_unpack_handler(const struct io_read_wrapper *content, const struct a + + ret = archive_write_header(ext, entry); + if (ret != ARCHIVE_OK) { +- ERROR("Fail to handle tar header: %s, %s", archive_error_string(ext), strerror(archive_errno(ext))); +- (void)fprintf(stderr, "Fail to handle tar header: %s, %s", archive_error_string(ext), +- strerror(archive_errno(ext))); ++ ERROR("Fail to handle tar header: %s", archive_error_string(ext)); ++ (void)fprintf(stderr, "Fail to handle tar header: %s", archive_error_string(ext)); + ret = -1; + goto out; + } else if (archive_entry_size(entry) > 0) { + ret = copy_data(a, ext); + if (ret != ARCHIVE_OK) { +- ERROR("Failed to do copy tar data: %s, %s", archive_error_string(ext), strerror(archive_errno(ext))); +- (void)fprintf(stderr, "Failed to do copy tar data: %s, %s", archive_error_string(ext), +- strerror(archive_errno(ext))); ++ ERROR("Failed to do copy tar data: %s", archive_error_string(ext)); ++ (void)fprintf(stderr, "Failed to do copy tar data: %s", archive_error_string(ext)); + ret = -1; + goto out; + } + } + ret = archive_write_finish_entry(ext); + if (ret != ARCHIVE_OK) { +- ERROR("Failed to freeing archive entry: %s, %s", archive_error_string(ext), strerror(archive_errno(ext))); +- (void)fprintf(stderr, "Failed to freeing archive entry: %s, %s", archive_error_string(ext), +- strerror(archive_errno(ext))); ++ ERROR("Failed to freeing archive entry: %s", archive_error_string(ext)); ++ (void)fprintf(stderr, "Failed to freeing archive entry: %s", archive_error_string(ext)); + ret = -1; + goto out; + } +@@ -821,7 +817,7 @@ int archive_unpack(const struct io_read_wrapper *content, const char *dstdir, co + + pid = fork(); + if (pid == (pid_t) -1) { +- ERROR("Failed to fork: %s", strerror(errno)); ++ SYSERROR("Failed to fork"); + goto cleanup; + } + +@@ -841,7 +837,7 @@ int archive_unpack(const struct io_read_wrapper *content, const char *dstdir, co + + // child process, dup2 pipe_for_read[1] to stderr, + if (dup2(pipe_stderr[1], 2) < 0) { +- ERROR("Dup fd error: %s", strerror(errno)); ++ SYSERROR("Dup fd error"); + ret = -1; + goto child_out; + } +@@ -873,7 +869,7 @@ child_out: + + ret = util_wait_for_pid(pid); + if (ret != 0) { +- ERROR("Wait archive_untar_handler failed with error:%s", strerror(errno)); ++ SYSERROR("Wait archive_untar_handler failed"); + fcntl(pipe_stderr[0], F_SETFL, O_NONBLOCK); + if (util_read_nointr(pipe_stderr[0], errbuf, BUFSIZ) < 0) { + ERROR("read error message from child failed"); +@@ -915,22 +911,21 @@ bool valid_archive_format(const char *file) + + ret = archive_read_support_filter_all(read_archive); + if (ret != ARCHIVE_OK) { +- ERROR("Failed to set archive read support filter all, result is %d, errmsg: %s, %s", ret, +- archive_error_string(read_archive), strerror(archive_errno(read_archive))); ++ ERROR("Failed to set archive read support filter all, result is %d, errmsg: %s", ret, ++ archive_error_string(read_archive)); + goto out; + } + + ret = archive_read_support_format_all(read_archive); + if (ret != ARCHIVE_OK) { +- ERROR("Failed to set archive read support format all, result is %d, errmsg: %s, %s", ret, +- archive_error_string(read_archive), strerror(archive_errno(read_archive))); ++ ERROR("Failed to set archive read support format all, result is %d, errmsg: %s", ret, ++ archive_error_string(read_archive)); + goto out; + } + + ret = archive_read_open_filename(read_archive, file, ARCHIVE_READ_BUFFER_SIZE); + if (ret != ARCHIVE_OK) { +- ERROR("Failed to open archive %s: %s, %s", file, archive_error_string(read_archive), +- strerror(archive_errno(read_archive))); ++ ERROR("Failed to open archive %s: %s", file, archive_error_string(read_archive)); + goto out; + } + +@@ -941,15 +936,13 @@ bool valid_archive_format(const char *file) + goto out; + } + if (ret != ARCHIVE_OK) { +- ERROR("Failed to read next header for file %s: %s, %s", file, archive_error_string(read_archive), +- strerror(archive_errno(read_archive))); ++ ERROR("Failed to read next header for file %s: %s", file, archive_error_string(read_archive)); + goto out; + } + + out: + if (archive_read_free(read_archive) != ARCHIVE_OK) { +- ERROR("Failed to free archive %s: %s, %s", file, archive_error_string(read_archive), +- strerror(archive_errno(read_archive))); ++ ERROR("Failed to free archive %s: %s", file, archive_error_string(read_archive)); + } + read_archive = NULL; + +@@ -976,19 +969,15 @@ static int copy_data_between_archives(struct archive *ar, struct archive *aw) + goto out; + } + if (size < 0) { +- ERROR("tar archive read result %d, error: %s, %s", ret, archive_error_string(ar), +- strerror(archive_errno(ar))); +- (void)fprintf(stderr, "tar archive read result %d, error: %s, %s", ret, archive_error_string(ar), +- strerror(archive_errno(ar))); ++ ERROR("tar archive read result %d, error: %s", ret, archive_error_string(ar)); ++ (void)fprintf(stderr, "tar archive read result %d, error: %s", ret, archive_error_string(ar)); + ret = ARCHIVE_FAILED; + goto out; + } + ret = archive_write_data(aw, buff, size); + if (ret < ARCHIVE_OK) { +- ERROR("tar archive write result %d, error: %s, %s", ret, archive_error_string(aw), +- strerror(archive_errno(aw))); +- (void)fprintf(stderr, "tar archive write result %d, error: %s, %s", ret, archive_error_string(aw), +- strerror(archive_errno(aw))); ++ ERROR("tar archive write result %d, error: %s", ret, archive_error_string(aw)); ++ (void)fprintf(stderr, "tar archive write result %d, error: %s", ret, archive_error_string(aw)); + goto out; + } + } +@@ -1061,8 +1050,8 @@ int tar_handler(struct archive *r, struct archive *w, const char *src_base, cons + } + + if (ret != ARCHIVE_OK) { +- ERROR("read from disk failed: %s, %s", archive_error_string(r), strerror(archive_errno(r))); +- (void)fprintf(stderr, "read from disk failed: %s, %s", archive_error_string(r), strerror(archive_errno(r))); ++ ERROR("read from disk failed: %s", archive_error_string(r)); ++ (void)fprintf(stderr, "read from disk failed: %s", archive_error_string(r)); + break; + } + +@@ -1080,37 +1069,34 @@ int tar_handler(struct archive *r, struct archive *w, const char *src_base, cons + } + ret = archive_write_header(w, entry); + if (ret != ARCHIVE_OK) { +- ERROR("Fail to write tar header: %s, %s\nlink:%s target:%s", archive_error_string(w), +- strerror(archive_errno(w)), archive_entry_pathname(entry), archive_entry_hardlink(entry)); +- (void)fprintf(stderr, "Fail to write tar header: %s, %s\nlink:%s target:%s\n", archive_error_string(w), +- strerror(archive_errno(w)), archive_entry_pathname(entry), archive_entry_hardlink(entry)); ++ ERROR("Fail to write tar header: %s.\nlink:%s target:%s", archive_error_string(w), ++ archive_entry_pathname(entry), archive_entry_hardlink(entry)); ++ (void)fprintf(stderr, "Fail to write tar header: %s.\nlink:%s target:%s\n", archive_error_string(w), ++ archive_entry_pathname(entry), archive_entry_hardlink(entry)); + break; + } + + if (archive_entry_size(entry) > 0) { + ret = copy_data_between_archives(r, w); + if (ret != ARCHIVE_OK) { +- ERROR("Failed to do copy data: %s, %s", archive_error_string(w), strerror(archive_errno(w))); +- (void)fprintf(stderr, "Failed to do copy data: %s, %s\n", archive_error_string(w), +- strerror(archive_errno(w))); ++ ERROR("Failed to do copy data: %s", archive_error_string(w)); ++ (void)fprintf(stderr, "Failed to do copy data: %s\n", archive_error_string(w)); + break; + } + } + + ret = archive_write_finish_entry(w); + if (ret != ARCHIVE_OK) { +- ERROR("Failed to freeing archive entry: %s, %s", archive_error_string(w), strerror(archive_errno(w))); +- (void)fprintf(stderr, "Failed to freeing archive entry: %s, %s\n", archive_error_string(w), +- strerror(archive_errno(w))); ++ ERROR("Failed to freeing archive entry: %s", archive_error_string(w)); ++ (void)fprintf(stderr, "Failed to freeing archive entry: %s\n", archive_error_string(w)); + break; + } + + if (archive_entry_filetype(entry) == AE_IFDIR) { + ret = archive_read_disk_descend(r); + if (ret != ARCHIVE_OK) { +- ERROR("read disk descend failed: %s, %s", archive_error_string(w), strerror(archive_errno(w))); +- (void)fprintf(stderr, "read disk descend failed: %s, %s\n", archive_error_string(w), +- strerror(archive_errno(w))); ++ ERROR("read disk descend failed: %s", archive_error_string(w)); ++ (void)fprintf(stderr, "read disk descend failed: %s\n", archive_error_string(w)); + break; + } + } +@@ -1166,9 +1152,8 @@ static int tar_all(const struct io_write_wrapper *writer, const char *tar_dir, c + archive_read_disk_set_behavior(r, ARCHIVE_READDISK_NO_TRAVERSE_MOUNTS); + ret = archive_read_disk_open(r, tar_dir); + if (ret != ARCHIVE_OK) { +- ERROR("open archive read failed: %s, %s", archive_error_string(r), strerror(archive_errno(r))); +- (void)fprintf(stderr, "open archive read failed: %s, %s\n", archive_error_string(r), +- strerror(archive_errno(r))); ++ ERROR("open archive read failed: %s", archive_error_string(r)); ++ (void)fprintf(stderr, "open archive read failed: %s\n", archive_error_string(r)); + goto out; + } + +@@ -1183,9 +1168,8 @@ static int tar_all(const struct io_write_wrapper *writer, const char *tar_dir, c + archive_write_set_options(w, "xattrheader=SCHILY"); + ret = archive_write_open(w, (void *)writer, NULL, stream_write_data, NULL); + if (ret != ARCHIVE_OK) { +- ERROR("open archive write failed: %s, %s", archive_error_string(w), strerror(archive_errno(w))); +- (void)fprintf(stderr, "open archive write failed: %s, %s\n", archive_error_string(w), +- strerror(archive_errno(w))); ++ ERROR("open archive write failed: %s", archive_error_string(w)); ++ (void)fprintf(stderr, "open archive write failed: %s\n", archive_error_string(w)); + goto out; + } + +@@ -1258,14 +1242,14 @@ int archive_chroot_tar(const char *path, const char *file, const char *root_dir, + + // child process, dup2 pipe_for_read[1] to stderr, + if (dup2(pipe_for_read[1], 2) < 0) { +- ERROR("Dup fd error: %s", strerror(errno)); ++ SYSERROR("Dup fd failed"); + ret = -1; + goto child_out; + } + + fd = open(file, TAR_DEFAULT_FLAG, TAR_DEFAULT_MODE); + if (fd < 0) { +- ERROR("Failed to open file %s for export: %s", file, strerror(errno)); ++ SYSERROR("Failed to open file %s for export", file); + fprintf(stderr, "Failed to open file %s for export: %s\n", file, strerror(errno)); + ret = -1; + goto child_out; +@@ -1474,17 +1458,17 @@ int archive_chroot_untar_stream(const struct io_read_wrapper *context, const cha + } + + if (pipe(pipe_stderr) != 0) { +- ERROR("Failed to create pipe: %s", strerror(errno)); ++ SYSERROR("Failed to create pipe"); + goto cleanup; + } + if (pipe(pipe_stream) != 0) { +- ERROR("Failed to create pipe: %s", strerror(errno)); ++ SYSERROR("Failed to create pipe"); + goto cleanup; + } + + pid = fork(); + if (pid == (pid_t) -1) { +- ERROR("Failed to fork: %s", strerror(errno)); ++ SYSERROR("Failed to fork"); + goto cleanup; + } + +@@ -1503,7 +1487,7 @@ int archive_chroot_untar_stream(const struct io_read_wrapper *context, const cha + + // child process, dup2 pipe_stderr[1] to stderr, + if (dup2(pipe_stderr[1], 2) < 0) { +- ERROR("Dup fd error: %s", strerror(errno)); ++ SYSERROR("Dup fd error"); + ret = -1; + goto child_out; + } +@@ -1559,7 +1543,7 @@ child_out: + while (read_len > 0) { + ssize_t writed_len = archive_context_write(ctx, buf, (size_t)read_len); + if (writed_len < 0) { +- DEBUG("Tar may exited: %s", strerror(errno)); ++ SYSDEBUG("Tar may exited"); + break; + } + read_len = context->read(context->context, buf, buf_len); +@@ -1610,17 +1594,17 @@ int archive_chroot_tar_stream(const char *chroot_dir, const char *tar_path, cons + } + + if (pipe(pipe_stderr) != 0) { +- ERROR("Failed to create pipe: %s", strerror(errno)); ++ SYSERROR("Failed to create pipe"); + goto free_out; + } + if (pipe(pipe_stream) != 0) { +- ERROR("Failed to create pipe: %s", strerror(errno)); ++ SYSERROR("Failed to create pipe"); + goto free_out; + } + + pid = fork(); + if (pid == (pid_t) -1) { +- ERROR("Failed to fork: %s", strerror(errno)); ++ SYSERROR("Failed to fork"); + goto free_out; + } + +@@ -1642,7 +1626,7 @@ int archive_chroot_tar_stream(const char *chroot_dir, const char *tar_path, cons + + // child process, dup2 pipe_stderr[1] to stderr, + if (dup2(pipe_stderr[1], 2) < 0) { +- ERROR("Dup fd error: %s", strerror(errno)); ++ SYSERROR("Dup fd error"); + ret = -1; + goto child_out; + } +diff --git a/src/utils/tar/util_gzip.c b/src/utils/tar/util_gzip.c +index bf649300..0c8c8372 100644 +--- a/src/utils/tar/util_gzip.c ++++ b/src/utils/tar/util_gzip.c +@@ -42,13 +42,13 @@ int util_gzip_z(const char *srcfile, const char *dstfile, const mode_t mode) + + srcfd = util_open(srcfile, O_RDONLY, SECURE_CONFIG_FILE_MODE); + if (srcfd < 0) { +- ERROR("Open src file: %s, failed: %s", srcfile, strerror(errno)); ++ SYSERROR("Open src file: %s, failed", srcfile); + return -1; + } + + stream = gzopen(dstfile, "w"); + if (stream == NULL) { +- ERROR("gzopen %s error: %s", dstfile, strerror(errno)); ++ SYSERROR("gzopen %s failed", dstfile); + close(srcfd); + return -1; + } +@@ -64,7 +64,7 @@ int util_gzip_z(const char *srcfile, const char *dstfile, const mode_t mode) + int n; + size = util_read_nointr(srcfd, buffer, BLKSIZE); + if (size < 0) { +- ERROR("read file %s failed: %s", srcfile, strerror(errno)); ++ SYSERROR("read file %s failed", srcfile); + ret = -1; + break; + } else if (size == 0) { +@@ -92,7 +92,7 @@ out: + free(buffer); + if (ret != 0) { + if (util_path_remove(dstfile) != 0) { +- ERROR("Remove file %s failed: %s", dstfile, strerror(errno)); ++ SYSERROR("Remove file %s failed", dstfile); + } + } + +@@ -115,7 +115,7 @@ int util_gzip_d(const char *srcfile, const FILE *dstfp) + + stream = gzopen(srcfile, "r"); + if (stream == NULL) { +- ERROR("gzopen %s failed: %s", srcfile, strerror(errno)); ++ SYSERROR("gzopen %s failed", srcfile); + return -1; + } + +@@ -142,7 +142,7 @@ int util_gzip_d(const char *srcfile, const FILE *dstfp) + size = fwrite(buffer, 1, n, (FILE *)dstfp); + if (size != n) { + ret = -1; +- ERROR("Write file failed: %s", strerror(errno)); ++ SYSERROR("Write file failed"); + break; + } + } +-- +2.40.1 + diff --git a/0138-replace-COMMAND_ERROR-to-CMD_SYSERROR.patch b/0138-replace-COMMAND_ERROR-to-CMD_SYSERROR.patch new file mode 100644 index 0000000..b91a84a --- /dev/null +++ b/0138-replace-COMMAND_ERROR-to-CMD_SYSERROR.patch @@ -0,0 +1,229 @@ +From 9c97c74fe3e384e5fe87c80037f94544a4b45081 Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Wed, 6 Sep 2023 10:26:25 +0800 +Subject: [PATCH 138/145] replace COMMAND_ERROR to CMD_SYSERROR + +Signed-off-by: haozi007 +--- + src/cmd/isula/base/create.c | 4 ++-- + src/cmd/isula/extend/export.c | 2 +- + src/cmd/isula/images/import.c | 2 +- + src/cmd/isula/images/load.c | 2 +- + src/cmd/isula/images/login.c | 6 +++--- + src/cmd/isula/stream/attach.c | 2 +- + src/cmd/isulad/main.c | 2 +- + .../executor/container_cb/execution_information.c | 2 +- + src/daemon/modules/log/log_gather.c | 14 +++++++------- + src/utils/console/console.c | 2 +- + 10 files changed, 19 insertions(+), 19 deletions(-) + +diff --git a/src/cmd/isula/base/create.c b/src/cmd/isula/base/create.c +index 8cef5d17..02838a56 100644 +--- a/src/cmd/isula/base/create.c ++++ b/src/cmd/isula/base/create.c +@@ -1758,7 +1758,7 @@ static int check_hook_spec_file(const char *hook_spec) + return -1; + } + if (stat(hook_spec, &hookstat)) { +- COMMAND_ERROR("Stat hook spec file failed: %s", strerror(errno)); ++ CMD_SYSERROR("Stat hook spec file failed"); + return -1; + } + if ((hookstat.st_mode & S_IFMT) != S_IFREG) { +@@ -1800,7 +1800,7 @@ static int create_check_rootfs(struct client_arguments *args) + if (args->create_rootfs != NULL) { + char real_path[PATH_MAX] = { 0 }; + if (realpath(args->create_rootfs, real_path) == NULL) { +- COMMAND_ERROR("Failed to get rootfs '%s': %s", args->create_rootfs, strerror(errno)); ++ CMD_SYSERROR("Failed to get rootfs '%s'.", args->create_rootfs); + ret = -1; + goto out; + } +diff --git a/src/cmd/isula/extend/export.c b/src/cmd/isula/extend/export.c +index 68d17c82..34ab1885 100644 +--- a/src/cmd/isula/extend/export.c ++++ b/src/cmd/isula/extend/export.c +@@ -114,7 +114,7 @@ int cmd_export_main(int argc, const char **argv) + int sret; + char cwd[PATH_MAX] = { 0 }; + if (!getcwd(cwd, sizeof(cwd))) { +- COMMAND_ERROR("get cwd failed:%s", strerror(errno)); ++ CMD_SYSERROR("get cwd failed."); + exit(ECOMMON); + } + sret = snprintf(file, sizeof(file), "%s/%s", cwd, g_cmd_export_args.file); +diff --git a/src/cmd/isula/images/import.c b/src/cmd/isula/images/import.c +index 7b6eb2a9..98805c95 100644 +--- a/src/cmd/isula/images/import.c ++++ b/src/cmd/isula/images/import.c +@@ -126,7 +126,7 @@ int cmd_import_main(int argc, const char **argv) + int len = 0; + + if (!getcwd(cwd, sizeof(cwd))) { +- COMMAND_ERROR("get cwd failed:%s", strerror(errno)); ++ CMD_SYSERROR("get cwd failed."); + exit(exit_code); + } + +diff --git a/src/cmd/isula/images/load.c b/src/cmd/isula/images/load.c +index 688edd02..48422438 100644 +--- a/src/cmd/isula/images/load.c ++++ b/src/cmd/isula/images/load.c +@@ -150,7 +150,7 @@ int cmd_load_main(int argc, const char **argv) + int len; + + if (!getcwd(cwd, sizeof(cwd))) { +- COMMAND_ERROR("get cwd failed:%s", strerror(errno)); ++ CMD_SYSERROR("get cwd failed."); + exit(exit_code); + } + +diff --git a/src/cmd/isula/images/login.c b/src/cmd/isula/images/login.c +index c35cb579..1c3b06ea 100644 +--- a/src/cmd/isula/images/login.c ++++ b/src/cmd/isula/images/login.c +@@ -99,7 +99,7 @@ static int get_password_from_notty(struct client_arguments *args) + return -1; + } + if (n < 0) { +- COMMAND_ERROR("Get password from notty stdin failed: %s", strerror(errno)); ++ CMD_SYSERROR("Get password from notty stdin failed"); + return -1; + } + args->password = util_strdup_s(password); +@@ -126,7 +126,7 @@ static int get_auth_from_terminal(struct client_arguments *args) + COMMAND_ERROR("Error: Cannot perform an interactive login from a non TTY device"); + return -1; + } +- COMMAND_ERROR("Get username failed: %s", strerror(errno)); ++ CMD_SYSERROR("Get username failed"); + return -1; + } + args->username = util_strdup_s(username); +@@ -145,7 +145,7 @@ static int get_auth_from_terminal(struct client_arguments *args) + COMMAND_ERROR("Error: Cannot perform an interactive login from a non TTY device"); + return -1; + } +- COMMAND_ERROR("Get password failed: %s", strerror(errno)); ++ CMD_SYSERROR("Get password failed"); + return -1; + } + args->password = util_strdup_s(password); +diff --git a/src/cmd/isula/stream/attach.c b/src/cmd/isula/stream/attach.c +index 02c67e30..ff49af92 100644 +--- a/src/cmd/isula/stream/attach.c ++++ b/src/cmd/isula/stream/attach.c +@@ -376,7 +376,7 @@ static int client_attach(struct client_arguments *args, uint32_t *exit_code) + if (errno == ETIMEDOUT) { + COMMAND_ERROR("Wait container status timeout."); + } else { +- COMMAND_ERROR("Failed to wait sem: %s", strerror(errno)); ++ CMD_SYSERROR("Failed to wait sem"); + } + ret = ECOMMON; + goto out; +diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c +index f2a25a84..1906feaf 100644 +--- a/src/cmd/isulad/main.c ++++ b/src/cmd/isulad/main.c +@@ -1712,7 +1712,7 @@ static int set_locale() + + /* Change from the standard (C) to en_US.UTF-8 locale, so libarchive can handle filename conversions.*/ + if (setlocale(LC_CTYPE, "en_US.UTF-8") == NULL) { +- COMMAND_ERROR("Could not set locale to en_US.UTF-8:%s", strerror(errno)); ++ CMD_SYSERROR("Could not set locale to en_US.UTF-8"); + ret = -1; + goto out; + } +diff --git a/src/daemon/executor/container_cb/execution_information.c b/src/daemon/executor/container_cb/execution_information.c +index 6d9521ec..ba33bdfa 100644 +--- a/src/daemon/executor/container_cb/execution_information.c ++++ b/src/daemon/executor/container_cb/execution_information.c +@@ -589,7 +589,7 @@ void execute_ps_command(char **args, const char *pid_args, size_t args_len) + + execvp("ps", params); + +- COMMAND_ERROR("Cannot get ps info with '%s':%s", pid_args, strerror(errno)); ++ CMD_SYSERROR("Cannot get ps info with '%s'.", pid_args); + + out: + exit(EXIT_FAILURE); +diff --git a/src/daemon/modules/log/log_gather.c b/src/daemon/modules/log/log_gather.c +index 780034ee..41c02758 100644 +--- a/src/daemon/modules/log/log_gather.c ++++ b/src/daemon/modules/log/log_gather.c +@@ -142,7 +142,7 @@ static int create_fifo() + + ret = mknod(g_fifo_path, S_IFIFO | S_IRUSR | S_IWUSR, (dev_t)0); + if (ret != 0 && errno != EEXIST) { +- COMMAND_ERROR("mknod failed: %s", strerror(errno)); ++ CMD_SYSERROR("mknod failed."); + } else { + ret = 0; + } +@@ -157,12 +157,12 @@ static int open_log(bool change_size) + + fd = util_open(g_fifo_path, O_RDWR | O_CLOEXEC, 0); + if (fd == -1) { +- COMMAND_ERROR("open fifo %s failed: %s", g_fifo_path, strerror(errno)); ++ CMD_SYSERROR("open fifo %s failed", g_fifo_path); + return fd; + } + + if (change_size && fcntl(fd, F_SETPIPE_SZ, LOG_FIFO_SIZE) == -1) { +- COMMAND_ERROR("set fifo buffer size failed: %s", strerror(errno)); ++ CMD_SYSERROR("set fifo buffer size failed"); + close(fd); + return -1; + } +@@ -262,7 +262,7 @@ void main_loop() + int len = (int)util_read_nointr(g_fifo_fd, rev_buf, REV_BUF_SIZE); + if (len < 0) { + if (ecount < 2) { +- COMMAND_ERROR("%d: Read message failed: %s", ecount++, strerror(errno)); ++ CMD_SYSERROR("%d: Read message failed", ecount++); + } + continue; + } +@@ -270,7 +270,7 @@ void main_loop() + + rev_buf[len] = '\0'; + if (g_save_log_op(rev_buf, (size_t)len) < 0) { +- COMMAND_ERROR("write message failed: %s", strerror(errno)); ++ CMD_SYSERROR("write message failed"); + } + } + } +@@ -289,14 +289,14 @@ static int log_file_open() + } + fd = util_open(g_log_file, O_CREAT | O_WRONLY | O_APPEND, g_log_mode); + if (fd == -1) { +- COMMAND_ERROR("Open %s failed: %s", g_log_file, strerror(errno)); ++ CMD_SYSERROR("Open %s failed", g_log_file); + ret = -1; + goto out; + } + + /* change log file mode to config, if log file exist and with different mode */ + if (fchmod(fd, g_log_mode) != 0) { +- COMMAND_ERROR("Change mode of log file: %s failed: %s", g_log_file, strerror(errno)); ++ CMD_SYSERROR("Change mode of log file: %s failed", g_log_file); + close(fd); + ret = -1; + goto out; +diff --git a/src/utils/console/console.c b/src/utils/console/console.c +index 3ef88564..568832e8 100644 +--- a/src/utils/console/console.c ++++ b/src/utils/console/console.c +@@ -187,7 +187,7 @@ int console_fifo_name(const char *rundir, const char *subpath, const char *stdfl + if (do_mkdirp) { + ret = util_mkdir_p(fifo_path, CONSOLE_FIFO_DIRECTORY_MODE); + if (ret < 0) { +- COMMAND_ERROR("Unable to create console fifo directory %s: %s.", fifo_path, strerror(errno)); ++ CMD_SYSERROR("Unable to create console fifo directory %s.", fifo_path); + goto out; + } + } +-- +2.40.1 + diff --git a/0139-do-not-report-low-level-error-to-user.patch b/0139-do-not-report-low-level-error-to-user.patch new file mode 100644 index 0000000..265e084 --- /dev/null +++ b/0139-do-not-report-low-level-error-to-user.patch @@ -0,0 +1,373 @@ +From 602675912f09a37c71c376dd16904f85e10c5338 Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Wed, 6 Sep 2023 10:45:37 +0800 +Subject: [PATCH 139/145] do not report low level error to user + +Signed-off-by: haozi007 +--- + .../cri/cri_container_manager_service_impl.cc | 3 ++- + src/daemon/entry/cri/cri_helpers.cc | 4 ++-- + src/daemon/entry/cri/naming.cc | 3 ++- + src/daemon/executor/container_cb/execution.c | 4 ++-- + .../executor/container_cb/execution_network.c | 17 ++++++++--------- + .../executor/container_cb/execution_stream.c | 4 ++-- + src/daemon/modules/container/container_unix.c | 2 +- + src/daemon/modules/image/external/ext_image.c | 4 ++-- + src/daemon/modules/image/oci/oci_load.c | 2 +- + .../modules/runtime/engines/lcr/lcr_rt_ops.c | 3 +-- + src/daemon/modules/service/service_container.c | 2 +- + src/daemon/modules/spec/verify.c | 2 +- + src/daemon/modules/volume/local.c | 8 ++++---- + src/utils/tar/isulad_tar.c | 16 ++++++++-------- + src/utils/tar/util_archive.c | 12 ++++++------ + 15 files changed, 43 insertions(+), 43 deletions(-) + +diff --git a/src/daemon/entry/cri/cri_container_manager_service_impl.cc b/src/daemon/entry/cri/cri_container_manager_service_impl.cc +index c358c934..743c7159 100644 +--- a/src/daemon/entry/cri/cri_container_manager_service_impl.cc ++++ b/src/daemon/entry/cri/cri_container_manager_service_impl.cc +@@ -543,8 +543,9 @@ void ContainerManagerServiceImpl::CreateContainerLogSymlink(const std::string &c + WARN("Deleted previously existing symlink file: %s", path); + } + if (symlink(realPath, path) != 0) { ++ SYSERROR("failed to create symbolic link %s to the container log file %s for container %s", path, realPath, containerID.c_str()); + error.Errorf("failed to create symbolic link %s to the container log file %s for container %s: %s", path, +- realPath, containerID.c_str(), strerror(errno)); ++ realPath, containerID.c_str()); + goto cleanup; + } + } else { +diff --git a/src/daemon/entry/cri/cri_helpers.cc b/src/daemon/entry/cri/cri_helpers.cc +index e2d00bc7..276fe9dd 100644 +--- a/src/daemon/entry/cri/cri_helpers.cc ++++ b/src/daemon/entry/cri/cri_helpers.cc +@@ -916,8 +916,8 @@ void RemoveContainerLogSymlink(const std::string &containerID, Errors &error) + if (path != nullptr) { + // Only remove the symlink when container log path is specified. + if (util_path_remove(path) != 0 && errno != ENOENT) { +- error.Errorf("Failed to remove container %s log symlink %s: %s", containerID.c_str(), path, +- strerror(errno)); ++ SYSERROR("Failed to remove container %s log symlink %s.", containerID.c_str(), path); ++ error.Errorf("Failed to remove container %s log symlink %s.", containerID.c_str(), path); + goto cleanup; + } + } +diff --git a/src/daemon/entry/cri/naming.cc b/src/daemon/entry/cri/naming.cc +index 1526f044..ce4c4359 100644 +--- a/src/daemon/entry/cri/naming.cc ++++ b/src/daemon/entry/cri/naming.cc +@@ -46,7 +46,8 @@ static int parseName(const std::string &name, std::vector &items, u + } + + if (util_safe_uint(items[5].c_str(), &attempt)) { +- err.Errorf("failed to parse the sandbox name %s: %s", name.c_str(), strerror(errno)); ++ SYSERROR("failed to parse the sandbox name %s.", name.c_str()); ++ err.Errorf("failed to parse the sandbox name %s.", name.c_str()); + return -1; + } + +diff --git a/src/daemon/executor/container_cb/execution.c b/src/daemon/executor/container_cb/execution.c +index c5f7a853..9aa8b334 100644 +--- a/src/daemon/executor/container_cb/execution.c ++++ b/src/daemon/executor/container_cb/execution.c +@@ -339,13 +339,13 @@ static int maybe_create_cpu_realtime_file(int64_t value, const char *file, const + fd = util_open(fpath, O_WRONLY | O_TRUNC | O_CREAT | O_CLOEXEC, 0700); + if (fd < 0) { + SYSERROR("Failed to open file: %s.", fpath); +- isulad_set_error_message("Failed to open file: %s: %s", fpath, strerror(errno)); ++ isulad_set_error_message("Failed to open file: %s.", fpath); + return -1; + } + nwrite = util_write_nointr(fd, buf, strlen(buf)); + if (nwrite < 0 || (size_t)nwrite != strlen(buf)) { + SYSERROR("Failed to write %s to %s.", buf, fpath); +- isulad_set_error_message("Failed to write '%s' to '%s': %s", buf, fpath, strerror(errno)); ++ isulad_set_error_message("Failed to write '%s' to '%s'.", buf, fpath); + close(fd); + return -1; + } +diff --git a/src/daemon/executor/container_cb/execution_network.c b/src/daemon/executor/container_cb/execution_network.c +index 597c3d6e..6ea40611 100644 +--- a/src/daemon/executor/container_cb/execution_network.c ++++ b/src/daemon/executor/container_cb/execution_network.c +@@ -67,8 +67,8 @@ static int write_hostname_to_file(const char *rootfs, const char *hostname) + + ret = util_write_file(file_path, hostname, strlen(hostname), NETWORK_MOUNT_FILE_MODE); + if (ret) { +- SYSERROR("Failed to write %s", file_path); +- isulad_set_error_message("Failed to write %s: %s", file_path, strerror(errno)); ++ SYSERROR("Failed to write %s.", file_path); ++ isulad_set_error_message("Failed to write %s.", file_path); + goto out; + } + +@@ -96,8 +96,8 @@ static int fopen_network(FILE **fp, char **file_path, const char *rootfs, const + + *fp = util_fopen(*file_path, "a+"); + if (*fp == NULL) { +- SYSERROR("Failed to open %s", *file_path); +- isulad_set_error_message("Failed to open %s: %s", *file_path, strerror(errno)); ++ SYSERROR("Failed to open %s.", *file_path); ++ isulad_set_error_message("Failed to open %s.", *file_path); + return -1; + } + return 0; +@@ -168,8 +168,8 @@ static int write_content_to_file(const char *file_path, const char *content) + if (content != NULL) { + ret = util_write_file(file_path, content, strlen(content), NETWORK_MOUNT_FILE_MODE); + if (ret != 0) { +- SYSERROR("Failed to write file %s", file_path); +- isulad_set_error_message("Failed to write file %s: %s", file_path, strerror(errno)); ++ SYSERROR("Failed to write file %s.", file_path); ++ isulad_set_error_message("Failed to write file %s.", file_path); + return ret; + } + } +@@ -701,9 +701,8 @@ static int chown_network(const char *user_remap, const char *rootfs, const char + goto out; + } + if (chown(file_path, host_uid, host_gid) != 0) { +- SYSERROR("Failed to chown network file '%s' to %u:%u", filename, host_uid, host_gid); +- isulad_set_error_message("Failed to chown network file '%s' to %u:%u: %s", filename, host_uid, host_gid, +- strerror(errno)); ++ SYSERROR("Failed to chown network file '%s' to %u:%u.", filename, host_uid, host_gid); ++ isulad_set_error_message("Failed to chown network file '%s' to %u:%u.", filename, host_uid, host_gid); + ret = -1; + goto out; + } +diff --git a/src/daemon/executor/container_cb/execution_stream.c b/src/daemon/executor/container_cb/execution_stream.c +index 7e84cca3..aae9c234 100644 +--- a/src/daemon/executor/container_cb/execution_stream.c ++++ b/src/daemon/executor/container_cb/execution_stream.c +@@ -536,7 +536,7 @@ static container_path_stat *do_container_stat_path(const char *rootpath, const c + nret = lstat(resolvedpath, &st); + if (nret < 0) { + SYSERROR("lstat %s failed.", resolvedpath); +- isulad_set_error_message("lstat %s: %s", resolvedpath, strerror(errno)); ++ isulad_set_error_message("lstat %s failed.", resolvedpath); + goto cleanup; + } + +@@ -922,7 +922,7 @@ static int copy_to_container_check_path_valid(const container_t *cont, const cha + nret = lstat(resolvedpath, &st); + if (nret < 0) { + SYSERROR("lstat %s failed", resolvedpath); +- isulad_set_error_message("lstat %s: %s", resolvedpath, strerror(errno)); ++ isulad_set_error_message("lstat %s failed", resolvedpath); + goto cleanup; + } + +diff --git a/src/daemon/modules/container/container_unix.c b/src/daemon/modules/container/container_unix.c +index f85e8237..4ca7c87e 100644 +--- a/src/daemon/modules/container/container_unix.c ++++ b/src/daemon/modules/container/container_unix.c +@@ -480,7 +480,7 @@ static int save_json_config_file(const char *id, const char *rootpath, const cha + nret = util_atomic_write_file(filename, json_data, strlen(json_data), CONFIG_FILE_MODE, false); + if (nret != 0) { + SYSERROR("Write file %s failed.", filename); +- isulad_set_error_message("Write file '%s' failed: %s", filename, strerror(errno)); ++ isulad_set_error_message("Write file '%s' failed.", filename); + ret = -1; + } + +diff --git a/src/daemon/modules/image/external/ext_image.c b/src/daemon/modules/image/external/ext_image.c +index 598299ea..5b6b7298 100644 +--- a/src/daemon/modules/image/external/ext_image.c ++++ b/src/daemon/modules/image/external/ext_image.c +@@ -65,8 +65,8 @@ int ext_prepare_rf(const im_prepare_request *request, char **real_rootfs) + return -1; + } + if (realpath(request->rootfs, real_path) == NULL) { +- SYSERROR("Failed to clean rootfs path '%s'", request->rootfs); +- isulad_set_error_message("Failed to clean rootfs path '%s': %s", request->rootfs, strerror(errno)); ++ SYSERROR("Failed to clean rootfs path '%s'.", request->rootfs); ++ isulad_set_error_message("Failed to clean rootfs path '%s'.", request->rootfs); + return -1; + } + *real_rootfs = util_strdup_s(real_path); +diff --git a/src/daemon/modules/image/oci/oci_load.c b/src/daemon/modules/image/oci/oci_load.c +index 2a920c22..7dfc5cb6 100644 +--- a/src/daemon/modules/image/oci/oci_load.c ++++ b/src/daemon/modules/image/oci/oci_load.c +@@ -1029,7 +1029,7 @@ static char *oci_load_path_create() + + if (mkdtemp(tmp_dir) == NULL) { + SYSERROR("make temporary dir failed"); +- isulad_try_set_error_message("make temporary dir failed: %s", strerror(errno)); ++ isulad_try_set_error_message("make temporary dir failed"); + ret = -1; + goto out; + } +diff --git a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c +index e985cfc1..f61316d0 100644 +--- a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c ++++ b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c +@@ -209,9 +209,8 @@ static int remove_container_rootpath(const char *id, const char *root_path) + } + ret = util_recursive_rmdir(cont_root_path, 0); + if (ret != 0) { +- const char *tmp_err = (errno != 0) ? strerror(errno) : "error"; + SYSERROR("Failed to delete container's root directory %s.", cont_root_path); +- isulad_set_error_message("Failed to delete container's root directory %s: %s", cont_root_path, tmp_err); ++ isulad_set_error_message("Failed to delete container's root directory %s.", cont_root_path); + ret = -1; + goto out; + } +diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c +index c776e53f..b2ef4644 100644 +--- a/src/daemon/modules/service/service_container.c ++++ b/src/daemon/modules/service/service_container.c +@@ -586,7 +586,7 @@ static int valid_mount_point(container_config_v2_common_config_mount_points_elem + + if (lstat(mp->source, &st) != 0) { + SYSERROR("lstat %s failed", mp->source); +- isulad_set_error_message("lstat %s: %s", mp->source, strerror(errno)); ++ isulad_set_error_message("lstat %s failed", mp->source); + return -1; + } + +diff --git a/src/daemon/modules/spec/verify.c b/src/daemon/modules/spec/verify.c +index 5b6f298f..2f2d3925 100644 +--- a/src/daemon/modules/spec/verify.c ++++ b/src/daemon/modules/spec/verify.c +@@ -1510,7 +1510,7 @@ static int verify_custom_mount(defs_mount **mounts, size_t len) + if (!util_file_exists(iter->source) && util_mkdir_p(iter->source, mode)) { + #endif + SYSERROR("Failed to create directory '%s'", iter->source); +- isulad_try_set_error_message("Failed to create directory '%s': %s", iter->source, strerror(errno)); ++ isulad_try_set_error_message("Failed to create directory '%s'", iter->source); + ret = -1; + goto out; + } +diff --git a/src/daemon/modules/volume/local.c b/src/daemon/modules/volume/local.c +index f14025e4..e128c942 100644 +--- a/src/daemon/modules/volume/local.c ++++ b/src/daemon/modules/volume/local.c +@@ -556,15 +556,15 @@ static int remove_volume_dir(char *path) + // remain untouched if we remove the data directory failed. + ret = util_recursive_rmdir(path, 0); + if (ret != 0) { +- SYSERROR("failed to remove volume data dir %s", path); +- isulad_try_set_error_message("failed to remove volume data dir %s: %s", path, strerror(errno)); ++ SYSERROR("failed to remove volume data dir %s.", path); ++ isulad_try_set_error_message("failed to remove volume data dir %s.", path); + goto out; + } + + ret = util_recursive_rmdir(vol_dir, 0); + if (ret != 0) { +- SYSERROR("failed to remove volume dir %s", vol_dir); +- isulad_try_set_error_message("failed to remove volume dir %s: %s", vol_dir, strerror(errno)); ++ SYSERROR("failed to remove volume dir %s.", vol_dir); ++ isulad_try_set_error_message("failed to remove volume dir %s.", vol_dir); + goto out; + } + +diff --git a/src/utils/tar/isulad_tar.c b/src/utils/tar/isulad_tar.c +index fa844919..bb82e477 100644 +--- a/src/utils/tar/isulad_tar.c ++++ b/src/utils/tar/isulad_tar.c +@@ -115,7 +115,7 @@ static int resolve_host_source_path(const char *path, bool follow_link, char **r + if (follow_link) { + if (realpath(path, real_path) == NULL) { + SYSERROR("Can not get real path of %s.", real_path); +- format_errorf(err, "Can not get real path of %s: %s", real_path, strerror(errno)); ++ format_errorf(err, "Can not get real path of %s.", real_path); + return -1; + } + nret = get_rebase_name(path, real_path, resolved_path, rebase_name); +@@ -132,7 +132,7 @@ static int resolve_host_source_path(const char *path, bool follow_link, char **r + } + if (realpath(dirpath, real_path) == NULL) { + SYSERROR("Can not get real path of %s.", dirpath); +- format_errorf(err, "Can not get real path of %s: %s", dirpath, strerror(errno)); ++ format_errorf(err, "Can not get real path of %s.", dirpath); + goto cleanup; + } + nret = snprintf(resolved, sizeof(resolved), "%s/%s", real_path, basepath); +@@ -193,7 +193,7 @@ struct archive_copy_info *copy_info_source_path(const char *path, bool follow_li + nret = lstat(resolved_path, &st); + if (nret < 0) { + SYSERROR("lstat %s failed", resolved_path); +- format_errorf(err, "lstat %s: %s", resolved_path, strerror(errno)); ++ format_errorf(err, "lstat %s failed", resolved_path); + goto cleanup; + } + +@@ -226,8 +226,8 @@ static int copy_info_destination_path_ret(struct archive_copy_info *info, struct + + ret = (int)readlink(iter_path, target, PATH_MAX); + if (ret < 0) { +- SYSERROR("Failed to read link of %s", iter_path); +- format_errorf(err, "Failed to read link of %s: %s", iter_path, strerror(errno)); ++ SYSERROR("Failed to read link of %s.", iter_path); ++ format_errorf(err, "Failed to read link of %s.", iter_path); + goto cleanup; + } + // is not absolutely path +@@ -259,8 +259,8 @@ static int copy_info_destination_path_ret(struct archive_copy_info *info, struct + if (ret != 0) { + char *dst_parent = NULL; + if (errno != ENOENT) { +- SYSERROR("Can not stat %s", iter_path); +- format_errorf(err, "Can not stat %s: %s", iter_path, strerror(errno)); ++ SYSERROR("Can not stat %s.", iter_path); ++ format_errorf(err, "Can not stat %s.", iter_path); + goto cleanup; + } + +@@ -430,7 +430,7 @@ static int tar_resource_rebase(const char *path, const char *rebase, const char + + if (lstat(path, &st) < 0) { + SYSERROR("lstat %s failed", path); +- format_errorf(err, "lstat %s: %s", path, strerror(errno)); ++ format_errorf(err, "lstat %s failed", path); + return -1; + } + if (util_split_path_dir_entry(path, &srcdir, &srcbase) < 0) { +diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c +index 89b075d3..4653bc98 100644 +--- a/src/utils/tar/util_archive.c ++++ b/src/utils/tar/util_archive.c +@@ -254,8 +254,8 @@ static int do_safe_chroot(const char *dstdir) + prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); + + if (chroot(dstdir) != 0) { +- SYSERROR("Failed to chroot to %s", dstdir); +- fprintf(stderr, "Failed to chroot to %s: %s", dstdir, strerror(errno)); ++ SYSERROR("Failed to chroot to %s.", dstdir); ++ fprintf(stderr, "Failed to chroot to %s.", dstdir); + return -1; + } + +@@ -843,15 +843,15 @@ int archive_unpack(const struct io_read_wrapper *content, const char *dstdir, co + } + + if (do_safe_chroot(safe_dir) != 0) { +- SYSERROR("Failed to chroot to %s", safe_dir); +- fprintf(stderr, "Failed to chroot to %s: %s", safe_dir, strerror(errno)); ++ SYSERROR("Failed to chroot to %s.", safe_dir); ++ fprintf(stderr, "Failed to chroot to %s.", safe_dir); + ret = -1; + goto child_out; + } + + if (chdir("/") != 0) { + SYSERROR("Failed to chroot to /"); +- fprintf(stderr, "Failed to chroot to /: %s", strerror(errno)); ++ fprintf(stderr, "Failed to chroot to /"); + ret = -1; + goto child_out; + } +@@ -1250,7 +1250,7 @@ int archive_chroot_tar(const char *path, const char *file, const char *root_dir, + fd = open(file, TAR_DEFAULT_FLAG, TAR_DEFAULT_MODE); + if (fd < 0) { + SYSERROR("Failed to open file %s for export", file); +- fprintf(stderr, "Failed to open file %s for export: %s\n", file, strerror(errno)); ++ fprintf(stderr, "Failed to open file %s for export\n", file); + ret = -1; + goto child_out; + } +-- +2.40.1 + diff --git a/0140-remove-usage-of-strerror-with-user-defined-errno.patch b/0140-remove-usage-of-strerror-with-user-defined-errno.patch new file mode 100644 index 0000000..34daba4 --- /dev/null +++ b/0140-remove-usage-of-strerror-with-user-defined-errno.patch @@ -0,0 +1,673 @@ +From fe267afe95a7c1e1a261c78cd5c79dbc3b7f4426 Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Wed, 6 Sep 2023 15:05:29 +0800 +Subject: [PATCH 140/145] remove usage of strerror with user defined errno + +Signed-off-by: haozi007 +--- + src/cmd/command_parser.c | 12 ++++++---- + src/cmd/isula/base/create.c | 3 ++- + src/cmd/isula/isula_host_spec.c | 9 ++++--- + src/cmd/isulad/main.c | 8 ++++--- + src/cmd/options/opt_ulimit.c | 6 +++-- + src/daemon/entry/cri/cni_network_plugin.cc | 9 ++++--- + src/daemon/entry/cri/sysctl_tools.c | 14 +++++++---- + src/daemon/modules/image/oci/oci_image.c | 6 +++-- + .../oci/storage/image_store/image_store.c | 6 +++-- + .../graphdriver/devmapper/deviceset.c | 19 +++++++++------ + .../storage/layer_store/graphdriver/driver.c | 9 ++++--- + .../graphdriver/overlay2/driver_overlay2.c | 17 ++++++++----- + .../oci/storage/layer_store/layer_store.c | 6 +++-- + .../remote_layer_support/remote_support.c | 6 +++-- + .../oci/storage/rootfs_store/rootfs_store.c | 6 +++-- + .../modules/image/oci/storage/storage.c | 6 +++-- + src/daemon/modules/plugin/plugin.c | 24 ++++++++++++------- + .../modules/service/network_namespace_api.c | 6 +++-- + src/utils/cutils/utils_file.c | 4 +++- + 19 files changed, 117 insertions(+), 59 deletions(-) + +diff --git a/src/cmd/command_parser.c b/src/cmd/command_parser.c +index 7c322a44..2b87d321 100644 +--- a/src/cmd/command_parser.c ++++ b/src/cmd/command_parser.c +@@ -546,7 +546,8 @@ int command_convert_u16(command_option_t *option, const char *arg) + } + ret = util_safe_u16(arg, option->data); + if (ret != 0) { +- COMMAND_ERROR("Invalid value \"%s\" for flag --%s: %s", arg, option->large, strerror(-ret)); ++ errno = -ret; ++ CMD_SYSERROR("Invalid value \"%s\" for flag --%s", arg, option->large); + return EINVALIDARGS; + } + return 0; +@@ -561,7 +562,8 @@ int command_convert_llong(command_option_t *opt, const char *arg) + } + ret = util_safe_llong(arg, opt->data); + if (ret != 0) { +- COMMAND_ERROR("Invalid value \"%s\" for flag --%s: %s", arg, opt->large, strerror(-ret)); ++ errno = -ret; ++ CMD_SYSERROR("Invalid value \"%s\" for flag --%s", arg, opt->large); + return EINVALIDARGS; + } + return 0; +@@ -575,7 +577,8 @@ int command_convert_uint(command_option_t *opt, const char *arg) + } + ret = util_safe_uint(arg, opt->data); + if (ret != 0) { +- COMMAND_ERROR("Invalid value \"%s\" for flag --%s: %s", arg, opt->large, strerror(-ret)); ++ errno = -ret; ++ CMD_SYSERROR("Invalid value \"%s\" for flag --%s", arg, opt->large); + return EINVALIDARGS; + } + return 0; +@@ -590,7 +593,8 @@ int command_convert_int(command_option_t *option, const char *arg) + } + ret = util_safe_int(arg, option->data); + if (ret != 0) { +- COMMAND_ERROR("Invalid value \"%s\" for flag --%s: %s", arg, option->large, strerror(-ret)); ++ errno = -ret; ++ CMD_SYSERROR("Invalid value \"%s\" for flag --%s", arg, option->large); + return EINVALIDARGS; + } + return 0; +diff --git a/src/cmd/isula/base/create.c b/src/cmd/isula/base/create.c +index 02838a56..5756e6ad 100644 +--- a/src/cmd/isula/base/create.c ++++ b/src/cmd/isula/base/create.c +@@ -1845,7 +1845,8 @@ static int create_check_hugetlbs(const struct client_arguments *args) + } + ret = util_parse_byte_size_string(limit, &limitvalue); + if (ret != 0) { +- COMMAND_ERROR("Invalid hugetlb limit:%s:%s", limit, strerror(-ret)); ++ errno = -ret; ++ CMD_SYSERROR("Invalid hugetlb limit:%s", limit); + free(dup); + ret = -1; + goto out; +diff --git a/src/cmd/isula/isula_host_spec.c b/src/cmd/isula/isula_host_spec.c +index bbcf50de..5a41c55c 100644 +--- a/src/cmd/isula/isula_host_spec.c ++++ b/src/cmd/isula/isula_host_spec.c +@@ -66,7 +66,8 @@ static bool parse_restart_policy(const char *policy, host_config_restart_policy + } + nret = util_safe_int(dotpos, &(*rp)->maximum_retry_count); + if (nret != 0) { +- COMMAND_ERROR("Maximum retry count must be an integer: %s", strerror(-nret)); ++ errno = -nret; ++ CMD_SYSERROR("Maximum retry count must be an integer"); + goto cleanup; + } + } +@@ -706,7 +707,8 @@ static host_config_hugetlbs_element *pase_hugetlb_limit(const char *input) + + ret = util_parse_byte_size_string(limit_value, &tconverted); + if (ret != 0 || tconverted < 0) { +- COMMAND_ERROR("Parse limit value: %s failed:%s", limit_value, strerror(-ret)); ++ errno = -ret; ++ CMD_SYSERROR("Parse limit value: %s failed", limit_value); + goto free_out; + } + limit = (uint64_t)tconverted; +@@ -715,7 +717,8 @@ static host_config_hugetlbs_element *pase_hugetlb_limit(const char *input) + tconverted = 0; + ret = util_parse_byte_size_string(pagesize, &tconverted); + if (ret != 0 || tconverted < 0) { +- COMMAND_ERROR("Parse pagesize error.Invalid hugepage size: %s: %s", pagesize, strerror(-ret)); ++ errno = -ret; ++ CMD_SYSERROR("Parse pagesize error.Invalid hugepage size: %s", pagesize); + goto free_out; + } + page = (uint64_t)tconverted; +diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c +index 1906feaf..e624cfdd 100644 +--- a/src/cmd/isulad/main.c ++++ b/src/cmd/isulad/main.c +@@ -627,8 +627,9 @@ static int parse_time_duration(const char *value, unsigned int *seconds) + *(num_str + len - 1) = '\0'; + ret = util_safe_uint(num_str, &tmp); + if (ret < 0) { +- ERROR("Illegal unsigned integer: %s", num_str); +- COMMAND_ERROR("Illegal unsigned integer:%s:%s", num_str, strerror(-ret)); ++ errno = -ret; ++ SYSERROR("Illegal unsigned integer: %s", num_str); ++ COMMAND_ERROR("Illegal unsigned integer:%s", num_str); + ret = -1; + goto out; + } +@@ -1499,7 +1500,8 @@ static int create_mount_flock_file(const struct service_arguments *args) + // recreate mount flock file + // and make file uid/gid and permission correct + if (!util_force_remove_file(cleanpath, &err)) { +- ERROR("Failed to delete %s, error: %s. Please delete %s manually.", path, strerror(err), path); ++ errno = err; ++ SYSERROR("Failed to delete %s. Please delete %s manually.", path, path); + return -1; + } + } +diff --git a/src/cmd/options/opt_ulimit.c b/src/cmd/options/opt_ulimit.c +index 55912a16..6853c0d9 100644 +--- a/src/cmd/options/opt_ulimit.c ++++ b/src/cmd/options/opt_ulimit.c +@@ -63,7 +63,8 @@ static int parse_soft_hard_ulimit(const char *val, char **limitvals, size_t limi + // parse soft + ret = util_safe_llong(limitvals[0], &converted); + if (ret < 0) { +- COMMAND_ERROR("Invalid ulimit soft value: \"%s\", parse int64 failed: %s", val, strerror(-ret)); ++ errno = -ret; ++ CMD_SYSERROR("Invalid ulimit soft value: \"%s\", parse int64 failed", val); + ret = -1; + goto out; + } +@@ -74,7 +75,8 @@ static int parse_soft_hard_ulimit(const char *val, char **limitvals, size_t limi + converted = 0; + ret = util_safe_llong(limitvals[1], &converted); + if (ret < 0) { +- COMMAND_ERROR("Invalid ulimit hard value: \"%s\", parse int64 failed: %s", val, strerror(-ret)); ++ errno = -ret; ++ CMD_SYSERROR("Invalid ulimit hard value: \"%s\", parse int64 failed", val); + ret = -1; + goto out; + } +diff --git a/src/daemon/entry/cri/cni_network_plugin.cc b/src/daemon/entry/cri/cni_network_plugin.cc +index 8cad0126..8aaf7390 100644 +--- a/src/daemon/entry/cri/cni_network_plugin.cc ++++ b/src/daemon/entry/cri/cni_network_plugin.cc +@@ -1003,7 +1003,8 @@ void CniNetworkPlugin::RLockNetworkMap(Errors &error) + int ret = pthread_rwlock_rdlock(&m_netsLock); + if (ret != 0) { + error.Errorf("Failed to get read lock"); +- ERROR("Get read lock failed: %s", strerror(ret)); ++ errno = ret; ++ SYSERROR("Get read lock failed"); + } + } + +@@ -1012,7 +1013,8 @@ void CniNetworkPlugin::WLockNetworkMap(Errors &error) + int ret = pthread_rwlock_wrlock(&m_netsLock); + if (ret != 0) { + error.Errorf("Failed to get write lock"); +- ERROR("Get write lock failed: %s", strerror(ret)); ++ errno = ret; ++ SYSERROR("Get write lock failed"); + } + } + +@@ -1021,7 +1023,8 @@ void CniNetworkPlugin::UnlockNetworkMap(Errors &error) + int ret = pthread_rwlock_unlock(&m_netsLock); + if (ret != 0) { + error.Errorf("Failed to unlock"); +- ERROR("Unlock failed: %s", strerror(ret)); ++ errno = ret; ++ SYSERROR("Unlock failed"); + } + } + +diff --git a/src/daemon/entry/cri/sysctl_tools.c b/src/daemon/entry/cri/sysctl_tools.c +index 847c36e9..ac4fb226 100644 +--- a/src/daemon/entry/cri/sysctl_tools.c ++++ b/src/daemon/entry/cri/sysctl_tools.c +@@ -22,6 +22,8 @@ + #include + #include + ++#include ++ + #include "utils.h" + + int get_sysctl(const char *sysctl, char **err) +@@ -41,14 +43,16 @@ int get_sysctl(const char *sysctl, char **err) + ret = -1; + fd = util_open(fullpath, O_RDONLY, 0); + if (fd < 0) { +- if (asprintf(err, "Open %s failed: %s", sysctl, strerror(errno)) < 0) { ++ SYSWARN("Open %s failed", sysctl); ++ if (asprintf(err, "Open %s failed", sysctl) < 0) { + *err = util_strdup_s("Out of memory"); + } + goto free_out; + } + rsize = util_read_nointr(fd, buff, sizeof(buff) - 1); + if (rsize <= 0) { +- if (asprintf(err, "Read file failed: %s", strerror(errno)) < 0) { ++ SYSWARN("Read file: %s failed", sysctl); ++ if (asprintf(err, "Read file: %s failed", sysctl) < 0) { + *err = util_strdup_s("Out of memory"); + } + goto free_out; +@@ -93,14 +97,16 @@ int set_sysctl(const char *sysctl, int new_value, char **err) + ret = -1; + fd = util_open(fullpath, O_WRONLY, 0); + if (fd < 0) { +- if (asprintf(err, "Open %s failed: %s", sysctl, strerror(errno)) < 0) { ++ SYSWARN("Open %s failed", sysctl); ++ if (asprintf(err, "Open %s failed", sysctl) < 0) { + *err = util_strdup_s("Out of memory"); + } + goto free_out; + } + rsize = util_write_nointr(fd, buff, strlen(buff)); + if (rsize < 0 || (size_t)rsize != strlen(buff)) { +- if (asprintf(err, "Write new value failed: %s", strerror(errno)) < 0) { ++ SYSWARN("Write new value to %s failed", sysctl); ++ if (asprintf(err, "Write new value to %s failed", sysctl) < 0) { + *err = util_strdup_s("Out of memory"); + } + goto free_out; +diff --git a/src/daemon/modules/image/oci/oci_image.c b/src/daemon/modules/image/oci/oci_image.c +index ae260c7d..abca4ed7 100644 +--- a/src/daemon/modules/image/oci/oci_image.c ++++ b/src/daemon/modules/image/oci/oci_image.c +@@ -56,7 +56,8 @@ static inline bool oci_remote_lock(pthread_rwlock_t *remote_lock, bool writable) + nret = pthread_rwlock_rdlock(remote_lock); + } + if (nret != 0) { +- ERROR("Lock memory store failed: %s", strerror(nret)); ++ errno = nret; ++ SYSERROR("Lock memory store failed"); + return false; + } + +@@ -69,7 +70,8 @@ static inline void oci_remote_unlock(pthread_rwlock_t *remote_lock) + + nret = pthread_rwlock_unlock(remote_lock); + if (nret != 0) { +- FATAL("Unlock memory store failed: %s", strerror(nret)); ++ errno = nret; ++ SYSERROR("Unlock memory store failed"); + } + } + #endif +diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c +index abd625f7..99640b59 100644 +--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c ++++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c +@@ -95,7 +95,8 @@ static inline bool image_store_lock(enum lock_type type) + nret = pthread_rwlock_wrlock(&g_image_store->rwlock); + } + if (nret != 0) { +- ERROR("Lock memory store failed: %s", strerror(nret)); ++ errno = nret; ++ SYSERROR("Lock memory store failed"); + return false; + } + +@@ -108,7 +109,8 @@ static inline void image_store_unlock() + + nret = pthread_rwlock_unlock(&g_image_store->rwlock); + if (nret != 0) { +- FATAL("Unlock memory store failed: %s", strerror(nret)); ++ errno = nret; ++ SYSERROR("Unlock memory store failed"); + } + } + +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c +index ee82e32c..76ec09d6 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c +@@ -107,8 +107,9 @@ static int handle_dm_min_free_space(char *val, struct device_set *devset) + long converted = 0; + int ret = util_parse_percent_string(val, &converted); + if (ret != 0 || converted >= 100) { +- ERROR("Invalid min free space: '%s': %s", val, strerror(-ret)); +- isulad_set_error_message("Invalid min free space: '%s': %s", val, strerror(-ret)); ++ errno = -ret; ++ SYSERROR("Invalid min free space: '%s'", val); ++ isulad_set_error_message("Invalid min free space: '%s'", val); + return -1; + } + devset->min_free_space_percent = (uint32_t)converted; +@@ -122,8 +123,9 @@ static int handle_dm_basesize(char *val, struct device_set *devset) + int ret = util_parse_byte_size_string(val, &converted); + + if (ret != 0) { +- ERROR("Invalid size: '%s': %s", val, strerror(-ret)); +- isulad_set_error_message("Invalid size: '%s': %s", val, strerror(-ret)); ++ errno = -ret; ++ SYSERROR("Invalid size: '%s'", val); ++ isulad_set_error_message("Invalid size: '%s'", val); + return -1; + } + if (converted <= 0) { +@@ -2722,7 +2724,8 @@ static int determine_driver_capabilities(const char *version, struct device_set + + ret = util_parse_byte_size_string(tmp_str[0], &major); + if (ret != 0) { +- ERROR("devmapper: invalid size: '%s': %s", tmp_str[0], strerror(-ret)); ++ errno = -ret; ++ SYSERROR("devmapper: invalid size: '%s'", tmp_str[0]); + ret = -1; + goto out; + } +@@ -2742,7 +2745,8 @@ static int determine_driver_capabilities(const char *version, struct device_set + + ret = util_parse_byte_size_string(tmp_str[1], &minor); + if (ret != 0) { +- ERROR("devmapper: invalid size: '%s': %s", tmp_str[1], strerror(-ret)); ++ errno = -ret; ++ SYSERROR("devmapper: invalid size: '%s'", tmp_str[1]); + ret = -1; + goto out; + } +@@ -2915,7 +2919,8 @@ static int parse_storage_opt(const json_map_string_string *opts, uint64_t *size) + + ret = util_parse_byte_size_string(opts->values[i], &converted); + if (ret != 0) { +- ERROR("Invalid size: '%s': %s", opts->values[i], strerror(-ret)); ++ errno = -ret; ++ SYSERROR("Invalid size: '%s'", opts->values[i]); + ret = -1; + goto out; + } +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c +index 71cbbe1c..fb549bae 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c +@@ -86,7 +86,8 @@ static inline bool driver_rd_lock() + + nret = pthread_rwlock_rdlock(&g_graphdriver->rwlock); + if (nret != 0) { +- ERROR("Lock driver memory store failed: %s", strerror(nret)); ++ errno = nret; ++ SYSERROR("Lock driver memory store failed"); + return false; + } + +@@ -99,7 +100,8 @@ static inline bool driver_wr_lock() + + nret = pthread_rwlock_wrlock(&g_graphdriver->rwlock); + if (nret != 0) { +- ERROR("Lock driver memory store failed: %s", strerror(nret)); ++ errno = nret; ++ SYSERROR("Lock driver memory store failed"); + return false; + } + +@@ -112,7 +114,8 @@ static inline void driver_unlock() + + nret = pthread_rwlock_unlock(&g_graphdriver->rwlock); + if (nret != 0) { +- FATAL("Unlock driver memory store failed: %s", strerror(nret)); ++ errno = nret; ++ SYSERROR("Unlock driver memory store failed"); + } + } + +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c +index 510bd079..7517dd43 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c +@@ -134,7 +134,8 @@ static int overlay2_parse_options(struct graphdriver *driver, const char **optio + int64_t converted = 0; + ret = util_parse_byte_size_string(val, &converted); + if (ret != 0) { +- ERROR("Invalid size: '%s': %s", val, strerror(-ret)); ++ errno = -ret; ++ SYSERROR("Invalid size: '%s'", val); + ret = -1; + goto out; + } +@@ -143,7 +144,8 @@ static int overlay2_parse_options(struct graphdriver *driver, const char **optio + int64_t converted = 0; + ret = util_parse_byte_size_string(val, &converted); + if (ret != 0) { +- ERROR("Invalid size: '%s': %s", val, strerror(-ret)); ++ errno = -ret; ++ SYSERROR("Invalid size: '%s'", val); + ret = -1; + goto out; + } +@@ -152,7 +154,8 @@ static int overlay2_parse_options(struct graphdriver *driver, const char **optio + bool converted_bool = 0; + ret = util_str_to_bool(val, &converted_bool); + if (ret != 0) { +- ERROR("Invalid bool: '%s': %s", val, strerror(-ret)); ++ errno = -ret; ++ SYSERROR("Invalid bool: '%s'", val); + ret = -1; + goto out; + } +@@ -161,7 +164,8 @@ static int overlay2_parse_options(struct graphdriver *driver, const char **optio + bool converted_bool = 0; + ret = util_str_to_bool(val, &converted_bool); + if (ret != 0) { +- ERROR("Invalid bool: '%s': %s", val, strerror(-ret)); ++ errno = -ret; ++ SYSERROR("Invalid bool: '%s'", val); + ret = -1; + goto out; + } +@@ -823,8 +827,9 @@ static int set_layer_quota(const char *dir, const json_map_string_string *opts, + int64_t converted = 0; + ret = util_parse_byte_size_string(opts->values[i], &converted); + if (ret != 0) { +- ERROR("Invalid size: '%s': %s", opts->values[i], strerror(-ret)); +- isulad_set_error_message("Invalid quota size: '%s': %s", opts->values[i], strerror(-ret)); ++ errno = -ret; ++ SYSERROR("Invalid size: '%s'", opts->values[i]); ++ isulad_set_error_message("Invalid quota size: '%s'", opts->values[i]); + ret = -1; + goto out; + } +diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c +index 64022d89..b8916c76 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c +@@ -105,7 +105,8 @@ static inline bool layer_store_lock(bool writable) + nret = pthread_rwlock_rdlock(&g_metadata.rwlock); + } + if (nret != 0) { +- ERROR("Lock memory store failed: %s", strerror(nret)); ++ errno = nret; ++ SYSERROR("Lock memory store failed"); + return false; + } + +@@ -118,7 +119,8 @@ static inline void layer_store_unlock() + + nret = pthread_rwlock_unlock(&g_metadata.rwlock); + if (nret != 0) { +- FATAL("Unlock memory store failed: %s", strerror(nret)); ++ errno = nret; ++ SYSERROR("Unlock memory store failed"); + } + } + +diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c +index 69022073..eb919321 100644 +--- a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c ++++ b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c +@@ -39,7 +39,8 @@ static inline bool remote_refresh_lock(pthread_rwlock_t *remote_lock, bool writa + nret = pthread_rwlock_rdlock(remote_lock); + } + if (nret != 0) { +- ERROR("Lock memory store failed: %s", strerror(nret)); ++ errno = nret; ++ SYSERROR("Lock memory store failed"); + return false; + } + +@@ -52,7 +53,8 @@ static inline void remote_refresh_unlock(pthread_rwlock_t *remote_lock) + + nret = pthread_rwlock_unlock(remote_lock); + if (nret != 0) { +- FATAL("Unlock memory store failed: %s", strerror(nret)); ++ errno = nret; ++ SYSERROR("Unlock memory store failed"); + } + } + +diff --git a/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.c b/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.c +index c0a2a400..271158e7 100644 +--- a/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.c ++++ b/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.c +@@ -71,7 +71,8 @@ static inline bool rootfs_store_lock(enum lock_type type) + } + + if (nret != 0) { +- ERROR("Lock memory store failed: %s", strerror(nret)); ++ errno = nret; ++ SYSERROR("Lock memory store failed"); + return false; + } + +@@ -84,7 +85,8 @@ static inline void rootfs_store_unlock() + + nret = pthread_rwlock_unlock(&g_rootfs_store->rwlock); + if (nret != 0) { +- FATAL("Unlock memory store failed: %s", strerror(nret)); ++ errno = nret; ++ SYSERROR("Unlock memory store failed"); + } + } + +diff --git a/src/daemon/modules/image/oci/storage/storage.c b/src/daemon/modules/image/oci/storage/storage.c +index fbaae3fc..255ec89c 100644 +--- a/src/daemon/modules/image/oci/storage/storage.c ++++ b/src/daemon/modules/image/oci/storage/storage.c +@@ -61,7 +61,8 @@ static inline bool storage_lock(pthread_rwlock_t *store_lock, bool writable) + nret = pthread_rwlock_rdlock(store_lock); + } + if (nret != 0) { +- ERROR("Lock memory store failed: %s", strerror(nret)); ++ errno = nret; ++ SYSERROR("Lock memory store failed"); + return false; + } + +@@ -74,7 +75,8 @@ static inline void storage_unlock(pthread_rwlock_t *store_lock) + + nret = pthread_rwlock_unlock(store_lock); + if (nret != 0) { +- FATAL("Unlock memory store failed: %s", strerror(nret)); ++ errno = nret; ++ SYSERROR("Unlock memory store failed"); + } + } + +diff --git a/src/daemon/modules/plugin/plugin.c b/src/daemon/modules/plugin/plugin.c +index b4d78dc9..c42cfd21 100644 +--- a/src/daemon/modules/plugin/plugin.c ++++ b/src/daemon/modules/plugin/plugin.c +@@ -409,7 +409,8 @@ static void pm_rdlock(void) + + errcode = pthread_rwlock_rdlock(&g_plugin_manager->pm_rwlock); + if (errcode != 0) { +- ERROR("Read lock failed: %s", strerror(errcode)); ++ errno = errcode; ++ SYSERROR("Read lock failed"); + } + } + +@@ -419,7 +420,8 @@ static void pm_wrlock(void) + + errcode = pthread_rwlock_wrlock(&g_plugin_manager->pm_rwlock); + if (errcode != 0) { +- ERROR("Write lock failed: %s", strerror(errcode)); ++ errno = errcode; ++ SYSERROR("Write lock failed"); + } + } + +@@ -429,7 +431,8 @@ static void pm_unlock(void) + + errcode = pthread_rwlock_unlock(&g_plugin_manager->pm_rwlock); + if (errcode != 0) { +- ERROR("Unlock failed: %s", strerror(errcode)); ++ errno = errcode; ++ SYSERROR("Unlock failed"); + } + } + +@@ -659,7 +662,8 @@ static void *plugin_manager_routine(void *arg) + + errcode = pthread_detach(pthread_self()); + if (errcode != 0) { +- ERROR("Detach thread failed: %s", strerror(errcode)); ++ errno = errcode; ++ SYSERROR("Detach thread failed"); + return NULL; + } + if (pm_init() < 0) { +@@ -716,7 +720,8 @@ static void plugin_rdlock(plugin_t *plugin) + + errcode = pthread_rwlock_rdlock(&plugin->lock); + if (errcode != 0) { +- ERROR("Plugin read lock failed: %s", strerror(errcode)); ++ errno = errcode; ++ SYSERROR("Plugin read lock failed"); + } + } + +@@ -726,7 +731,8 @@ static void plugin_wrlock(plugin_t *plugin) + + errcode = pthread_rwlock_wrlock(&plugin->lock); + if (errcode != 0) { +- ERROR("Plugin write lock failed: %s", strerror(errcode)); ++ errno = errcode; ++ SYSERROR("Plugin write lock failed"); + } + } + +@@ -736,7 +742,8 @@ static void plugin_unlock(plugin_t *plugin) + + errcode = pthread_rwlock_unlock(&plugin->lock); + if (errcode != 0) { +- ERROR("Plugin unlock failed: %s", strerror(errcode)); ++ errno = errcode; ++ SYSERROR("Plugin unlock failed"); + } + } + +@@ -758,7 +765,8 @@ plugin_t *plugin_new(const char *name, const char *addr) + + errcode = pthread_rwlock_init(&plugin->lock, NULL); + if (errcode != 0) { +- ERROR("Plugin init lock failed: %s", strerror(errcode)); ++ errno = errcode; ++ SYSERROR("Plugin init lock failed"); + goto bad; + } + plugin->name = util_strdup_s(name); +diff --git a/src/daemon/modules/service/network_namespace_api.c b/src/daemon/modules/service/network_namespace_api.c +index 11246ffb..236940fe 100644 +--- a/src/daemon/modules/service/network_namespace_api.c ++++ b/src/daemon/modules/service/network_namespace_api.c +@@ -55,7 +55,8 @@ int remove_network_namespace(const char *netns_path) + } + + if (!util_force_remove_file(netns_path, &get_err)) { +- ERROR("Failed to remove file %s, error: %s", netns_path, strerror(get_err)); ++ errno = get_err; ++ SYSERROR("Failed to remove file %s", netns_path); + return -1; + } + +@@ -77,7 +78,8 @@ int remove_network_namespace_file(const char *netns_path) + } + + if (!util_force_remove_file(netns_path, &get_err)) { +- ERROR("Failed to remove file %s, error: %s", netns_path, strerror(get_err)); ++ errno = get_err; ++ SYSERROR("Failed to remove file %s", netns_path); + return -1; + } + +diff --git a/src/utils/cutils/utils_file.c b/src/utils/cutils/utils_file.c +index 749cdb16..f5b645ca 100644 +--- a/src/utils/cutils/utils_file.c ++++ b/src/utils/cutils/utils_file.c +@@ -1071,7 +1071,9 @@ char *look_path(const char *file, char **err) + if (en == 0) { + return util_strdup_s(file); + } +- if (asprintf(err, "find exec %s : %s", file, strerror(en)) < 0) { ++ errno = en; ++ SYSERROR("find exec %s failed", file); ++ if (asprintf(err, "find exec %s failed", file) < 0) { + *err = util_strdup_s("Out of memory"); + } + return NULL; +-- +2.40.1 + diff --git a/0141-use-gmtime_r-to-replace-gmtime.patch b/0141-use-gmtime_r-to-replace-gmtime.patch new file mode 100644 index 0000000..ad6f765 --- /dev/null +++ b/0141-use-gmtime_r-to-replace-gmtime.patch @@ -0,0 +1,71 @@ +From 4813c204f7a622ec050c1b0b56d5bc16e82fdf83 Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Wed, 6 Sep 2023 16:31:19 +0800 +Subject: [PATCH 141/145] use gmtime_r to replace gmtime + +Signed-off-by: haozi007 +--- + src/utils/cutils/utils_timestamp.c | 14 ++++++-------- + 1 file changed, 6 insertions(+), 8 deletions(-) + +diff --git a/src/utils/cutils/utils_timestamp.c b/src/utils/cutils/utils_timestamp.c +index fee66ea8..8ae9e42a 100644 +--- a/src/utils/cutils/utils_timestamp.c ++++ b/src/utils/cutils/utils_timestamp.c +@@ -652,9 +652,9 @@ int64_t util_time_seconds_since(const char *in) + int32_t nanos = 0; + int64_t result = 0; + struct tm tm = { 0 }; +- struct tm *currentm = NULL; + struct types_timezone tz = { 0 }; + time_t currentime; ++ struct tm result_time = { 0 }; + + if (in == NULL || !strcmp(in, defaultContainerTime) || !strcmp(in, "-")) { + return 0; +@@ -666,13 +666,12 @@ int64_t util_time_seconds_since(const char *in) + } + + time(¤time); +- currentm = gmtime(¤time); +- if (currentm == NULL) { ++ if (gmtime_r(¤time, &result_time) == NULL) { + ERROR("Get time error"); + return 0; + } + +- result = get_minmus_time(currentm, &tm); ++ result = get_minmus_time(&result_time, &tm); + result = result + (int64_t)tz.hour * 3600 + (int64_t)tz.min * 60; + + if (result > 0) { +@@ -871,9 +870,9 @@ int util_time_format_duration(const char *in, char *out, size_t len) + int32_t nanos = 0; + int64_t result = 0; + struct tm tm = { 0 }; +- struct tm *currentm = NULL; + struct types_timezone tz = { 0 }; + time_t currentime = { 0 }; ++ struct tm result_time = { 0 }; + + if (out == NULL) { + return -1; +@@ -888,13 +887,12 @@ int util_time_format_duration(const char *in, char *out, size_t len) + } + + time(¤time); +- currentm = gmtime(¤time); +- if (currentm == NULL) { ++ if (gmtime_r(¤time, &result_time) == NULL) { + ERROR("Get time error"); + return -1; + } + +- result = get_minmus_time(currentm, &tm); ++ result = get_minmus_time(&result_time, &tm); + result = result + (int64_t)tz.hour * 3600 + (int64_t)tz.min * 60; + + if (result < 0 || !time_human_duration(result, out, len)) { +-- +2.40.1 + diff --git a/0142-improve-report-error-message-of-client.patch b/0142-improve-report-error-message-of-client.patch new file mode 100644 index 0000000..4dcaa2f --- /dev/null +++ b/0142-improve-report-error-message-of-client.patch @@ -0,0 +1,72 @@ +From 0b5836ac52ec4bd012c15babb8981d1eaadc5a2e Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Thu, 7 Sep 2023 14:34:01 +0800 +Subject: [PATCH 142/145] improve report error message of client + +Signed-off-by: haozi007 +--- + src/daemon/executor/container_cb/execution_stream.c | 4 ++-- + src/daemon/modules/service/service_container.c | 2 +- + src/utils/tar/isulad_tar.c | 4 ++-- + 3 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/src/daemon/executor/container_cb/execution_stream.c b/src/daemon/executor/container_cb/execution_stream.c +index aae9c234..7db96b19 100644 +--- a/src/daemon/executor/container_cb/execution_stream.c ++++ b/src/daemon/executor/container_cb/execution_stream.c +@@ -536,7 +536,7 @@ static container_path_stat *do_container_stat_path(const char *rootpath, const c + nret = lstat(resolvedpath, &st); + if (nret < 0) { + SYSERROR("lstat %s failed.", resolvedpath); +- isulad_set_error_message("lstat %s failed.", resolvedpath); ++ isulad_set_error_message("Check %s failed, get more information from log.", resolvedpath); + goto cleanup; + } + +@@ -922,7 +922,7 @@ static int copy_to_container_check_path_valid(const container_t *cont, const cha + nret = lstat(resolvedpath, &st); + if (nret < 0) { + SYSERROR("lstat %s failed", resolvedpath); +- isulad_set_error_message("lstat %s failed", resolvedpath); ++ isulad_set_error_message("Check %s failed, get more information from log.", resolvedpath); + goto cleanup; + } + +diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c +index b2ef4644..58b27f90 100644 +--- a/src/daemon/modules/service/service_container.c ++++ b/src/daemon/modules/service/service_container.c +@@ -586,7 +586,7 @@ static int valid_mount_point(container_config_v2_common_config_mount_points_elem + + if (lstat(mp->source, &st) != 0) { + SYSERROR("lstat %s failed", mp->source); +- isulad_set_error_message("lstat %s failed", mp->source); ++ isulad_set_error_message("Check %s failed, get more information from log.", mp->source); + return -1; + } + +diff --git a/src/utils/tar/isulad_tar.c b/src/utils/tar/isulad_tar.c +index bb82e477..27b4ce73 100644 +--- a/src/utils/tar/isulad_tar.c ++++ b/src/utils/tar/isulad_tar.c +@@ -193,7 +193,7 @@ struct archive_copy_info *copy_info_source_path(const char *path, bool follow_li + nret = lstat(resolved_path, &st); + if (nret < 0) { + SYSERROR("lstat %s failed", resolved_path); +- format_errorf(err, "lstat %s failed", resolved_path); ++ format_errorf(err, "Check %s failed, get more information from log.", resolved_path); + goto cleanup; + } + +@@ -430,7 +430,7 @@ static int tar_resource_rebase(const char *path, const char *rebase, const char + + if (lstat(path, &st) < 0) { + SYSERROR("lstat %s failed", path); +- format_errorf(err, "lstat %s failed", path); ++ format_errorf(err, "Check %s failed, get more information from log.", path); + return -1; + } + if (util_split_path_dir_entry(path, &srcdir, &srcbase) < 0) { +-- +2.40.1 + diff --git a/0143-adapt-new-error-message-for-isula-cp.patch b/0143-adapt-new-error-message-for-isula-cp.patch new file mode 100644 index 0000000..4f5efe2 --- /dev/null +++ b/0143-adapt-new-error-message-for-isula-cp.patch @@ -0,0 +1,43 @@ +From dcac86b9fa3eff838ea7c5e2252419a5dea7d907 Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Thu, 7 Sep 2023 14:41:48 +0800 +Subject: [PATCH 143/145] adapt new error message for isula cp + +Signed-off-by: haozi007 +--- + CI/test_cases/container_cases/cp.sh | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/CI/test_cases/container_cases/cp.sh b/CI/test_cases/container_cases/cp.sh +index 668ce09b..1b5d7a48 100755 +--- a/CI/test_cases/container_cases/cp.sh ++++ b/CI/test_cases/container_cases/cp.sh +@@ -57,10 +57,10 @@ test_cp_file_from_container() + fi + rm -rf $dstfile + +- isula cp $containername:/etc/../etc/passwd/ $cpfiles 2>&1 | grep "Not a directory" ++ isula cp $containername:/etc/../etc/passwd/ $cpfiles 2>&1 | grep "get more information from log" + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to do copy" && ((ret++)) + +- isula cp $containername:/etc/nonexists $cpfiles 2>&1 | grep "No such file or directory" ++ isula cp $containername:/etc/nonexists $cpfiles 2>&1 | grep "get more information from log" + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to do copy" && ((ret++)) + + dstfile=$cpfiles/etc +@@ -146,10 +146,10 @@ test_cp_file_to_container() + isula cp /etc/passwd $containername:$cpfiles/nonexists/ 2>&1 | grep "no such directory" + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to do copy" && ((ret++)) + +- isula cp /etc/passwd $containername:$cpfiles/nonexists/nonexists 2>&1 | grep "No such file or directory" ++ isula cp /etc/passwd $containername:$cpfiles/nonexists/nonexists 2>&1 | grep "get more information from log" + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to do copy" && ((ret++)) + +- isula cp /etc/nonexists $containername:$cpfiles 2>&1 | grep "No such file or directory" ++ isula cp /etc/nonexists $containername:$cpfiles 2>&1 | grep "get more information from log" + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to do copy" && ((ret++)) + rm -rf $dstfile + +-- +2.40.1 + diff --git a/0144-2178-clean-path-for-fpath-and-verify-chain-id.patch b/0144-2178-clean-path-for-fpath-and-verify-chain-id.patch new file mode 100644 index 0000000..937c937 --- /dev/null +++ b/0144-2178-clean-path-for-fpath-and-verify-chain-id.patch @@ -0,0 +1,87 @@ +From 9701f8e27ac8d70f616930f977ee40b309911288 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Sat, 9 Sep 2023 06:48:39 +0000 +Subject: [PATCH 144/145] !2178 clean path for fpath and verify chain id Merge + pull request !2178 from zhongtao/image + +--- + src/daemon/modules/image/oci/oci_load.c | 30 +++++++++++++++++-- + .../modules/image/oci/registry/registry.c | 2 +- + 2 files changed, 28 insertions(+), 4 deletions(-) + +diff --git a/src/daemon/modules/image/oci/oci_load.c b/src/daemon/modules/image/oci/oci_load.c +index 7dfc5cb6..3fc8cfb8 100644 +--- a/src/daemon/modules/image/oci/oci_load.c ++++ b/src/daemon/modules/image/oci/oci_load.c +@@ -27,8 +27,10 @@ + #include + #include + #include ++#include + + #include "utils.h" ++#include "path.h" + #include "isula_libutils/log.h" + #include "util_archive.h" + #include "storage.h" +@@ -703,6 +705,9 @@ static int oci_load_set_layers_info(load_image_t *im, const image_manifest_items + } + + for (; i < conf->rootfs->diff_ids_len; i++) { ++ char *fpath = NULL; ++ char cleanpath[PATH_MAX] = { 0 }; ++ + im->layers[i] = util_common_calloc_s(sizeof(load_layer_blob_t)); + if (im->layers[i] == NULL) { + ERROR("Out of memory"); +@@ -710,12 +715,31 @@ static int oci_load_set_layers_info(load_image_t *im, const image_manifest_items + goto out; + } + +- im->layers[i]->fpath = util_path_join(dstdir, manifest->layers[i]); +- if (im->layers[i]->fpath == NULL) { +- ERROR("Path join failed"); ++ fpath = util_path_join(dstdir, manifest->layers[i]); ++ if (fpath == NULL) { ++ ERROR("Failed to join path"); ++ ret = -1; ++ goto out; ++ } ++ ++ if (util_clean_path(fpath, cleanpath, sizeof(cleanpath)) == NULL) { ++ ERROR("Failed to clean path for %s", fpath); ++ free(fpath); ++ ret = -1; ++ goto out; ++ } ++ ++ free(fpath); ++ ++ // verify whether the prefix of the path is dstdir to prevent illegal directories ++ if (strncmp(cleanpath, dstdir, strlen(dstdir)) != 0) { ++ ERROR("Illegal directory: %s", cleanpath); + ret = -1; + goto out; + } ++ ++ im->layers[i]->fpath = util_strdup_s(cleanpath); ++ + // The format is sha256:xxx + im->layers[i]->chain_id = oci_load_calc_chain_id(parent_chain_id_sha256, conf->rootfs->diff_ids[i]); + if (im->layers[i]->chain_id == NULL) { +diff --git a/src/daemon/modules/image/oci/registry/registry.c b/src/daemon/modules/image/oci/registry/registry.c +index 2cf79fb9..d586d1c7 100644 +--- a/src/daemon/modules/image/oci/registry/registry.c ++++ b/src/daemon/modules/image/oci/registry/registry.c +@@ -594,7 +594,7 @@ static int register_layer(pull_descriptor *desc, size_t i) + return 0; + } + +- id = util_without_sha256_prefix(desc->layers[i].chain_id); ++ id = oci_image_id_from_digest(desc->layers[i].chain_id); + if (id == NULL) { + ERROR("layer %zu have NULL digest for image %s", i, desc->image_name); + return -1; +-- +2.40.1 + diff --git a/0145-2179-modify-the-permissions-of-tmpdir-and-file-lock-.patch b/0145-2179-modify-the-permissions-of-tmpdir-and-file-lock-.patch new file mode 100644 index 0000000..75d7028 --- /dev/null +++ b/0145-2179-modify-the-permissions-of-tmpdir-and-file-lock-.patch @@ -0,0 +1,35 @@ +From 247c30d6dfe10bb9fbbaf8a21f13c67aea9b2acf Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Sat, 9 Sep 2023 08:11:06 +0000 +Subject: [PATCH 145/145] !2179 modify the permissions of tmpdir and file lock + to 600 Merge pull request !2179 from zhongtao/mode + +--- + src/common/constants.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/common/constants.h b/src/common/constants.h +index efb2951a..94bc9886 100644 +--- a/src/common/constants.h ++++ b/src/common/constants.h +@@ -50,7 +50,7 @@ extern "C" { + + #define TEMP_DIRECTORY_MODE 0700 + +-#define ISULAD_TEMP_DIRECTORY_MODE 0660 ++#define ISULAD_TEMP_DIRECTORY_MODE 0600 + + #define CONSOLE_FIFO_DIRECTORY_MODE 0770 + +@@ -70,7 +70,7 @@ extern "C" { + + #define DEFAULT_HIGHEST_DIRECTORY_MODE 0755 + +-#define MOUNT_FLOCK_FILE_MODE 0660 ++#define MOUNT_FLOCK_FILE_MODE 0600 + + #define ISULAD_CONFIG SYSCONFDIR_PREFIX"/etc/isulad" + +-- +2.40.1 + diff --git a/iSulad.spec b/iSulad.spec index e562c40..27f318c 100644 --- a/iSulad.spec +++ b/iSulad.spec @@ -1,5 +1,5 @@ %global _version 2.0.18 -%global _release 12 +%global _release 13 %global is_systemd 1 %global enable_shimv2 1 %global is_embedded 1 @@ -129,6 +129,35 @@ Patch0113: 0113-clear-author-msg-in-isulad-check.sh-and-use-EANBLE_I.patch Patch0114: 0114-2126-do-not-judge-the-snprintf-result-of-hostname.patch Patch0115: 0115-image-ensure-id-of-loaded-and-pulled-image-is-valid.patch Patch0116: 0116-2129-Limit-the-response-size-of-ExecSync.patch +Patch0117: 0117-improve-use-return-error-to-replace-abort.patch +Patch0118: 0118-2137-do-clean-code.patch +Patch0119: 0119-2135-modify-incorrect-variable-type.patch +Patch0120: 0120-Fix-null-ptr-and-buffer-overflow-issues.patch +Patch0121: 0121-make-sure-the-input-parameter-is-not-empty-and-optim.patch +Patch0122: 0122-2149-archive-fork-process-set-pdeathsig.patch +Patch0123: 0123-improve-by-code-check-of-cpp.patch +Patch0124: 0124-remove-password-in-url-module-and-clean-sensitive-in.patch +Patch0125: 0125-2153-fix-codecheck.patch +Patch0126: 0126-2154-fix-code-bug.patch +Patch0127: 0127-2157-bugfix-for-memset.patch +Patch0128: 0128-2159-use-macros-to-isolate-the-password-option-of-lo.patch +Patch0129: 0129-2160-Fix-nullptr-in-src-daemon-entry.patch +Patch0130: 0130-2161-bugfix-for-api-cmakelist.patch +Patch0131: 0131-2164-add-bind-mount-file-lock.patch +Patch0132: 0132-2165-preventing-the-use-of-insecure-isulad-tmpdir-di.patch +Patch0133: 0133-2166-move-ensure_isulad_tmpdir_security-function-to-.patch +Patch0134: 0134-2169-using-macros-to-isolate-isulad-s-enable_plugin-.patch +Patch0135: 0135-mask-proxy-informations.patch +Patch0136: 0136-add-testcase-for-isula-info.patch +Patch0137: 0137-2172-remove-unneccessary-strerror.patch +Patch0138: 0138-replace-COMMAND_ERROR-to-CMD_SYSERROR.patch +Patch0139: 0139-do-not-report-low-level-error-to-user.patch +Patch0140: 0140-remove-usage-of-strerror-with-user-defined-errno.patch +Patch0141: 0141-use-gmtime_r-to-replace-gmtime.patch +Patch0142: 0142-improve-report-error-message-of-client.patch +Patch0143: 0143-adapt-new-error-message-for-isula-cp.patch +Patch0144: 0144-2178-clean-path-for-fpath-and-verify-chain-id.patch +Patch0145: 0145-2179-modify-the-permissions-of-tmpdir-and-file-lock-.patch %ifarch x86_64 aarch64 Provides: libhttpclient.so()(64bit) @@ -373,7 +402,13 @@ fi %endif %changelog -* THU Aug 24 2023 zhongtao - 2.0.18-12 +* Mon Sep 18 2023 zhongtao - 2.0.18-13 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: upgrade from upstream + +* Thu Aug 24 2023 zhongtao - 2.0.18-12 - Type: bugfix - ID: NA - SUG: NA