packages/iSulad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!587 [sync] PR-586: upgrade from upstream

Browse Source 
* upgrade from upstream
This commit is contained in:
openeuler-sync-bot 2023-07-19 09:11:19 +00:00 committed by haozi007
parent 306526da91
commit fcbe0495eb
17 changed files with 2694 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

217
0080-RO-refactor-remote-ro-code.patch Normal file
View File

@ -0,0 +1,217 @@
From 72a02695064384dc8565a22fb786fbd639770afa Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Mon, 5 Jun 2023 07:56:41 +0000
Subject: [PATCH 01/15] [RO] refactor remote ro code
---
CI/pr-gateway.sh | 2 +-
.../leftover_cleanup/leftover_cleanup_api.c | 2 +-
.../graphdriver/overlay2/driver_overlay2.c | 36 +++++--------------
.../oci/storage/layer_store/layer_store.c | 21 ++++-------
src/utils/http/parser.c | 2 +-
5 files changed, 17 insertions(+), 46 deletions(-)
diff --git a/CI/pr-gateway.sh b/CI/pr-gateway.sh
index 93b07c44..b3da52d0 100755
--- a/CI/pr-gateway.sh
+++ b/CI/pr-gateway.sh
@@ -111,7 +111,7 @@ pushd iSulad
rm -rf build
mkdir build
pushd build
-cmake -DDEBUG=ON -DCMAKE_INSTALL_PREFIX=/usr -DENABLE_UT=ON -DENABLE_SHIM_V2=OFF ../ || exit 1
+cmake -DDEBUG=ON -DCMAKE_INSTALL_PREFIX=/usr -DENABLE_UT=ON -DENABLE_REMOTE_LAYER_STORE=ON -DENABLE_SHIM_V2=OFF ../ || exit 1
make -j $(nproc) || exit 1
ctest -V
popd
diff --git a/src/daemon/modules/container/leftover_cleanup/leftover_cleanup_api.c b/src/daemon/modules/container/leftover_cleanup/leftover_cleanup_api.c
index 8f077916..a20dbc3a 100644
--- a/src/daemon/modules/container/leftover_cleanup/leftover_cleanup_api.c
+++ b/src/daemon/modules/container/leftover_cleanup/leftover_cleanup_api.c
@@ -25,7 +25,7 @@ int clean_module_init(const isulad_daemon_configs *args)
if (args->storage_enable_remote_layer) {
// need to disable cleanup
// cause cleanup may cleanup local broken RO layer
- // while this RO layer is valid for remote
+ // while this RO layer is valid for remote
return 0;
}
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
index 5ad487f9..4f7be30d 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
@@ -867,7 +867,7 @@ out:
static int do_create_remote_ro(const char *id, const char *parent, const struct graphdriver *driver,
const struct driver_create_opts *create_opts)
{
- int ret = 0;
+ int ret = -1;
int get_err = 0;
char *ro_symlink = NULL;
char *ro_home = NULL;
@@ -879,69 +879,51 @@ static int do_create_remote_ro(const char *id, const char *parent, const struct
ro_home = util_path_join(driver->home, OVERLAY_RO_DIR);
if (ro_home == NULL) {
ERROR("Failed to join ro_home");
- ret = -1;
- goto out;
+ return -1;
}
layer_dir = util_path_join(ro_home, id);
if (layer_dir == NULL) {
- ERROR("Failed to join layer_dir");
- ret = -1;
+ ERROR("Failed to join layer dir: %s", id);
goto out;
}
ro_symlink = util_path_join(driver->home, id);
if (ro_symlink == NULL) {
ERROR("Failed to join ro_symlink");
- ret = -1;
- goto out;
- }
-
- if (layer_dir == NULL) {
- ERROR("Failed to join layer dir:%s", id);
- ret = -1;
goto out;
}
if (check_parent_valid(parent, driver) != 0) {
- ret = -1;
goto out;
}
if (util_mkdir_p(layer_dir, 0700) != 0) {
ERROR("Unable to create layer directory %s.", layer_dir);
- ret = -1;
goto out;
}
// mk symbol link
if (symlink(layer_dir, ro_symlink) != 0) {
SYSERROR("Unable to create symbol link to layer directory %s", layer_dir);
- ret = -1;
goto err_out;
}
#ifdef ENABLE_USERNS_REMAP
if (set_file_owner_for_userns_remap(layer_dir, userns_remap) != 0) {
ERROR("Unable to change directory %s owner for user remap.", layer_dir);
- ret = -1;
goto out;
}
#endif
- if (create_opts->storage_opt != NULL && create_opts->storage_opt->len != 0) {
- if (set_layer_quota(layer_dir, create_opts->storage_opt, driver) != 0) {
- ERROR("Unable to set layer quota %s", layer_dir);
- ret = -1;
- goto err_out;
- }
- }
+ // quota opts only setting on rw layer
if (mk_sub_directories(id, parent, layer_dir, driver->home) != 0) {
- ret = -1;
+ ERROR("Create layer: %s sub dir failed", id);
goto err_out;
}
+ ret = 0;
goto out;
err_out:
@@ -1118,12 +1100,10 @@ int overlay2_create_ro(const char *id, const char *parent, const struct graphdri
#ifdef ENABLE_REMOTE_LAYER_STORE
if (driver->enable_remote_layer) {
return do_create_remote_ro(id, parent, driver, create_opts);
- } else {
- return do_create(id, parent, driver, create_opts);
}
-#else
- return do_create(id, parent, driver, create_opts);
#endif
+
+ return do_create(id, parent, driver, create_opts);
}
static char *read_layer_link_file(const char *layer_dir)
diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
index 800a1cd7..08c7e4a6 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
@@ -1329,7 +1329,7 @@ driver_remove:
if (ret != 0) {
(void)graphdriver_rm_layer(lid);
#ifdef ENABLE_REMOTE_LAYER_STORE
- if (g_enable_remote_layer) {
+ if (g_enable_remote_layer && !opts->writable) {
(void)remote_layer_remove_ro_dir(lid);
} else {
(void)layer_store_remove_layer(lid);
@@ -1412,14 +1412,10 @@ static int do_delete_layer(const char *id)
}
#ifdef ENABLE_REMOTE_LAYER_STORE
- if (!g_enable_remote_layer) {
- ret = layer_store_remove_layer(l->slayer->id);
+ if (g_enable_remote_layer && !(l->slayer->writable)) {
+ ret = remote_layer_remove_ro_dir(l->slayer->id);
} else {
- if (l->slayer->writable) {
- ret = layer_store_remove_layer(l->slayer->id);
- } else {
- ret = remote_layer_remove_ro_dir(l->slayer->id);
- }
+ ret = layer_store_remove_layer(l->slayer->id);
}
#else
ret = layer_store_remove_layer(l->slayer->id);
@@ -2387,11 +2383,6 @@ int remote_layer_remove_memory_stores_with_lock(const char *id)
goto unlock_out;
}
- if (map_search(g_metadata.by_id, (void *)id) == NULL) {
- DEBUG("remote layer already removed, don't delete: %s", id);
- goto unlock_out;
- }
-
ret = remove_memory_stores(id);
unlock_out:
@@ -2412,13 +2403,13 @@ static layer_t *load_one_layer_from_json(const char *id)
nret = snprintf(tmpdir, PATH_MAX, "%s/%s", g_root_dir, id);
if (nret < 0 || nret >= PATH_MAX) {
ERROR("Sprintf: %s failed", id);
- goto free_out;
+ return NULL;
}
mount_point_path = mountpoint_json_path(id);
if (mount_point_path == NULL) {
ERROR("Out of Memory");
- goto free_out;
+ return NULL;
}
rpath = layer_json_path(id);
diff --git a/src/utils/http/parser.c b/src/utils/http/parser.c
index a79893ba..30b26a00 100644
--- a/src/utils/http/parser.c
+++ b/src/utils/http/parser.c
@@ -105,7 +105,7 @@ static int parser_cb_header_value(http_parser *parser, const char *buf,
size_t len)
{
struct parsed_http_message *m = parser->data;
-
+
if (m->num_headers == 0) {
ERROR("Failed to parse header value because headers num is 0");
return -1;
--
2.25.1

45
0081-fix-lose-ipc-shm-mount-point.patch Normal file
View File

@ -0,0 +1,45 @@
From 9ebe9443ec6c2f6891beb508df81aa9d42685a4e Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Mon, 5 Jun 2023 17:08:20 +0800
Subject: [PATCH 02/15] fix lose ipc shm mount point
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
src/daemon/modules/spec/specs_mount.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/daemon/modules/spec/specs_mount.c b/src/daemon/modules/spec/specs_mount.c
index c39fce36..c312e08e 100644
--- a/src/daemon/modules/spec/specs_mount.c
+++ b/src/daemon/modules/spec/specs_mount.c
@@ -2761,21 +2761,21 @@ int setup_ipc_dirs(host_config *host_spec, container_config_v2_common_config *v2
ret = chown_for_shm(spath, host_spec->user_remap);
if (ret != 0) {
- ret = -1;
- goto out;
+ goto err_out;
}
#ifdef ENABLE_USERNS_REMAP
if (change_shm_parent_dirs_owner_for_userns_remap(host_spec, spath) != 0) {
ERROR("Failed to change shm directory owner for user remap.");
- ret = -1;
- goto out;
+ goto err_out;
}
#endif
-out:
+ return 0;
+
+err_out:
(void)umount(spath);
- return ret;
+ return -1;
}
static bool add_shm_mount(defs_mount ***all_mounts, size_t *all_mounts_len, const char *shm_path)
--
2.25.1

66
0082-CI-add-testcase-for-ipc-ns.patch Normal file
View File

@ -0,0 +1,66 @@
From c5834dc917e0bd4ad569ee3857f4719e77bcd6c5 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Mon, 5 Jun 2023 17:08:28 +0800
Subject: [PATCH 03/15] [CI] add testcase for ipc ns
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
CI/test_cases/container_cases/ipc_ns.sh | 46 +++++++++++++++++++++++++
1 file changed, 46 insertions(+)
create mode 100755 CI/test_cases/container_cases/ipc_ns.sh
diff --git a/CI/test_cases/container_cases/ipc_ns.sh b/CI/test_cases/container_cases/ipc_ns.sh
new file mode 100755
index 00000000..f8a77f0a
--- /dev/null
+++ b/CI/test_cases/container_cases/ipc_ns.sh
@@ -0,0 +1,46 @@
+#!/bin/bash
+#
+# attributes: isulad ipc namespace usage
+# concurrent: NO
+# spend time: 29
+
+#######################################################################
+##- Copyright (c) Huawei Technologies Co., Ltd. 2023. All rights reserved.
+# - iSulad licensed under the Mulan PSL v2.
+# - You can use this software according to the terms and conditions of the Mulan PSL v2.
+# - You may obtain a copy of Mulan PSL v2 at:
+# - http://license.coscl.org.cn/MulanPSL2
+# - THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+# - IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+# - PURPOSE.
+# - See the Mulan PSL v2 for more details.
+##- @Description:CI
+##- @Author: haozi007
+##- @Create: 2023-06-05
+#######################################################################
+
+curr_path=$(dirname $(readlink -f "$0"))
+source ../helpers.sh
+
+function do_test_t()
+{
+ cid=$(isula create --name test1 -ti --ipc=shareable busybox /bin/sh)
+
+ cat /proc/1/mountinfo | grep "$cid/mounts/shm"
+ fn_check_eq "$?" "0" "shareable ipc lose shm mount point"
+
+ isula rm -f test1
+ cat /proc/1/mountinfo | grep "$cid/mounts/shm"
+ fn_check_ne "$?" "0" "residual shm mount poit"
+
+ return $TC_RET_T
+}
+
+ret=0
+
+do_test_t
+if [ $? -ne 0 ];then
+ let "ret=$ret + 1"
+fi
+
+show_result $ret "basic ipc namespace usage test"
--
2.25.1

58
0083-fix-inspect-image-by-digest.patch Normal file
View File

@ -0,0 +1,58 @@
From 51db6c626feef86435960c1be5510d31398fabfe Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Fri, 2 Jun 2023 17:20:04 +0800
Subject: [PATCH 04/15] fix inspect image by digest
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
.../oci/storage/image_store/image_store.c | 27 +++++++++++++++++++
1 file changed, 27 insertions(+)
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c
index d89c28f4..aad8329e 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c
+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c
@@ -443,6 +443,27 @@ out:
return value;
}
+// by_digest returns the image which matches the specified name.
+static image_t *by_digest(const char *name)
+{
+ digest_image_t *digest_filter_images = NULL;
+ char *digest = NULL;
+
+ // split digest for image name with digest
+ digest = strrchr(name, '@');
+ if (digest == NULL || util_reg_match(__DIGESTPattern, digest)) {
+ return NULL;
+ }
+ digest++;
+ digest_filter_images = (digest_image_t *)map_search(g_image_store->bydigest, (void *)digest);
+ if (digest_filter_images == NULL) {
+ return NULL;
+ }
+
+ // currently, a digest corresponds to an image, directly returning the first element
+ return linked_list_first_elem(&(digest_filter_images->images_list));
+}
+
static image_t *lookup(const char *id)
{
image_t *value = NULL;
@@ -467,6 +488,12 @@ static image_t *lookup(const char *id)
goto found;
}
+ // get image by digest
+ value = by_digest(id);
+ if (value != NULL) {
+ goto found;
+ }
+
return NULL;
found:
--
2.25.1

102
0084-add-isulad-basic-image-test-with-digest.patch Normal file
View File

@ -0,0 +1,102 @@
From 4139b392b9044cffcfbfff54519adb02ae790591 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Fri, 2 Jun 2023 17:36:17 +0800
Subject: [PATCH 05/15] add isulad basic image test with digest
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
CI/test_cases/image_cases/image_digest.sh | 82 +++++++++++++++++++++++
1 file changed, 82 insertions(+)
create mode 100755 CI/test_cases/image_cases/image_digest.sh
diff --git a/CI/test_cases/image_cases/image_digest.sh b/CI/test_cases/image_cases/image_digest.sh
new file mode 100755
index 00000000..a7cb594a
--- /dev/null
+++ b/CI/test_cases/image_cases/image_digest.sh
@@ -0,0 +1,82 @@
+#!/bin/bash
+#
+# attributes: isulad basic image with digest
+# concurrent: NA
+# spend time: 4
+
+#######################################################################
+##- Copyright (c) Huawei Technologies Co., Ltd. 2023. All rights reserved.
+# - iSulad licensed under the Mulan PSL v2.
+# - You can use this software according to the terms and conditions of the Mulan PSL v2.
+# - You may obtain a copy of Mulan PSL v2 at:
+# - http://license.coscl.org.cn/MulanPSL2
+# - THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+# - IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+# - PURPOSE.
+# - See the Mulan PSL v2 for more details.
+##- @Description:CI
+##- @Author: zhongtao
+##- @Create: 2023-06-02
+#######################################################################
+
+declare -r curr_path=$(dirname $(readlink -f "$0"))
+source ../helpers.sh
+
+function test_image_with_digest()
+{
+ local ret=0
+ local image="busybox"
+ local image_digest="busybox@sha256:5cd3db04b8be5773388576a83177aff4f40a03457a63855f4b9cbe30542b9a43"
+ local test="pull && inspect && tag image with digest test => (${FUNCNAME[@]})"
+
+ msg_info "${test} starting..."
+
+ isula pull docker.io/library/${image_digest}
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to pull image: ${image}" && return ${FAILURE}
+
+ isula tag ${image_digest} ${image}:digest_test
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to tag image: ${image}" && return ${FAILURE}
+
+ isula images | grep busybox
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - missing list image: ${image}" && ((ret++))
+
+ isula inspect -f '{{.image.id}}' ${image}:digest_test | grep -E '^[0-9a-f]{64}$'
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - invalid image id: ${image}" && ((ret++))
+
+ isula inspect -f '{{.image.repo_digests}}' ${image}:digest_test | grep -E "[\s\D]*${image}@sha256:[0-9a-f]{64}[\s\D]*"
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - invalid image repo digests: ${image}" && ((ret++))
+
+ isula inspect -f '{{.image.repo_tags}}' ${image_digest} | grep "${image}:digest_test"
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - invalid image digest: ${image_digest}" && ((ret++))
+
+ isula run -tid --name test ${image_digest} sh
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image digest: ${image_digest}" && ((ret++))
+
+ isula rm -f test
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to rm container" && ((ret++))
+
+ isula run -tid --name test ${image}:digest_test sh
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image tag: ${image}:latest" && ((ret++))
+
+ isula rm -f test
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to rm container" && ((ret++))
+
+ isula inspect -f '{{.image.repo_tags}}' ${image} | grep "${image}:latest"
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - invalid image repo tags: ${image}" && ((ret++))
+
+ isula rmi ${image_digest}
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to remove image ${image_digest}" && ((ret++))
+
+ isula rmi ${image}:digest_test
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to remove image ${image}:digest_test" && ((ret++))
+
+ msg_info "${test} finished with return ${ret}..."
+ return ${ret}
+}
+
+declare -i ans=0
+
+test_image_with_digest || ((ans++))
+
+show_result ${ans} "${curr_path}/${0}"
+
--
2.25.1

29
0085-return-non-zero-if-copy-invalid.patch Normal file
View File

@ -0,0 +1,29 @@
From 20558212d7ca0476fe21879c8773fdff83807b59 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Tue, 6 Jun 2023 15:30:31 +0800
Subject: [PATCH 06/15] return non-zero if copy invalid
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
src/cmd/isula/stream/cp.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/cmd/isula/stream/cp.c b/src/cmd/isula/stream/cp.c
index 2b0a79c7..f0cd99c9 100644
--- a/src/cmd/isula/stream/cp.c
+++ b/src/cmd/isula/stream/cp.c
@@ -302,9 +302,11 @@ static int client_run_copy(const struct client_arguments *args, const char *sour
if (direction == AcrossContainers) {
COMMAND_ERROR("copying between containers is not supported");
+ ret = -1;
goto cleanup;
}
+ ret = -1;
COMMAND_ERROR("must specify at least one container source");
cleanup:
--
2.25.1

51
0086-add-invalid-copy-testcase.patch Normal file
View File

@ -0,0 +1,51 @@
From ea08b3c9b7c2c8cd49e707ecf0418246fbe53206 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Tue, 6 Jun 2023 15:41:30 +0800
Subject: [PATCH 07/15] add invalid copy testcase
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
CI/test_cases/container_cases/cp.sh | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/CI/test_cases/container_cases/cp.sh b/CI/test_cases/container_cases/cp.sh
index 35e9168c..668ce09b 100755
--- a/CI/test_cases/container_cases/cp.sh
+++ b/CI/test_cases/container_cases/cp.sh
@@ -320,6 +320,25 @@ test_cp_symlink_from_container()
return ${ret}
}
+test_cp_invalid()
+{
+ local ret=0
+
+ isula cp nonexists1:/111 nonexists2:/222 2>&1 | grep "copying between containers is not supported"
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to check output" && ((ret++))
+
+ isula cp nonexists1:/111 nonexists2:/222
+ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - copy from container to container return success" && ((ret++))
+
+ isula cp 111 222 2>&1 | grep "must specify at least one container source"
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to check output" && ((ret++))
+
+ isula cp 111 222 2>&1
+ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - copy from host to host return success" && ((ret++))
+
+ return ${ret}
+}
+
function cp_test_t()
{
local ret=0
@@ -360,6 +379,7 @@ function cp_test_t()
test_cp_dir_to_container $containername || ((ret++))
test_cp_symlink_to_container $containername || ((ret++))
test_cp_symlink_from_container $containername || ((ret++))
+ test_cp_invalid || ((ret++))
isula rm -f $containername
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to rm container: ${containername}" && ((ret++))
--
2.25.1

178
0087-2048-fix-some-code-check-error.patch Normal file
View File

@ -0,0 +1,178 @@
From 4b5849ad6a04bd00733e6c96dd4ffa0d3febc159 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 6 Jun 2023 08:53:14 +0000
Subject: [PATCH 08/15] !2048 fix some code check error * fix some code check
error
---
src/daemon/modules/image/oci/registry/auths.c | 4 +-
.../graphdriver/devmapper/wrapper_devmapper.h | 2 +-
.../modules/runtime/isula/isula_rt_ops.c | 52 +++++++++----------
3 files changed, 29 insertions(+), 29 deletions(-)
diff --git a/src/daemon/modules/image/oci/registry/auths.c b/src/daemon/modules/image/oci/registry/auths.c
index a95127f2..ce67d51b 100644
--- a/src/daemon/modules/image/oci/registry/auths.c
+++ b/src/daemon/modules/image/oci/registry/auths.c
@@ -265,9 +265,9 @@ out:
if (ret != 0) {
free(element);
- element = 0;
+ element = NULL;
free(values);
- values = 0;
+ values = NULL;
}
return ret;
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.h b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.h
index 5a692980..e8acebc0 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.h
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.h
@@ -30,7 +30,7 @@ struct dm_task;
extern "C" {
#endif
-#define DEV_ERR -1
+#define DEV_ERR (-1)
#define DEV_OK 0
#define DEV_INIT 1
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index fab0b657..9fe3ac4b 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -498,8 +498,8 @@ static int status_string_to_int(const char *status)
static int runtime_call_status(const char *workdir, const char *runtime, const char *id,
struct runtime_container_status_info *ecsi)
{
- char *stdout = NULL;
- char *stderr = NULL;
+ char *stdout_msg = NULL;
+ char *stderr_msg = NULL;
oci_runtime_state *state = NULL;
struct parser_context ctx = { OPT_GEN_SIMPLIFY, 0 };
parser_error perr = NULL;
@@ -509,19 +509,19 @@ static int runtime_call_status(const char *workdir, const char *runtime, const c
runtime_exec_info_init(&rei, workdir, runtime, "state", NULL, 0, id, params, PARAM_NUM);
- if (!util_exec_cmd(runtime_exec_func, &rei, NULL, &stdout, &stderr)) {
- ERROR("call runtime status failed: %s", stderr);
+ if (!util_exec_cmd(runtime_exec_func, &rei, NULL, &stdout_msg, &stderr_msg)) {
+ ERROR("call runtime status failed: %s", stderr_msg);
ret = -1;
goto out;
}
- if (stdout == NULL) {
- ERROR("call runtime status no stdout");
+ if (stdout_msg == NULL) {
+ ERROR("call runtime status no stdout_msg");
ret = -1;
goto out;
}
- state = oci_runtime_state_parse_data(stdout, &ctx, &perr);
+ state = oci_runtime_state_parse_data(stdout_msg, &ctx, &perr);
if (state == NULL) {
ERROR("call runtime status parse json failed");
ret = -1;
@@ -538,8 +538,8 @@ static int runtime_call_status(const char *workdir, const char *runtime, const c
out:
free_oci_runtime_state(state);
- UTIL_FREE_AND_SET_NULL(stdout);
- UTIL_FREE_AND_SET_NULL(stderr);
+ UTIL_FREE_AND_SET_NULL(stdout_msg);
+ UTIL_FREE_AND_SET_NULL(stderr_msg);
UTIL_FREE_AND_SET_NULL(perr);
return ret;
}
@@ -547,8 +547,8 @@ out:
static int runtime_call_stats(const char *workdir, const char *runtime, const char *id,
struct runtime_container_resources_stats_info *info)
{
- char *stdout = NULL;
- char *stderr = NULL;
+ char *stdout_msg = NULL;
+ char *stderr_msg = NULL;
shim_client_runtime_stats *stats = NULL;
struct parser_context ctx = { OPT_GEN_SIMPLIFY, 0 };
parser_error perr = NULL;
@@ -559,19 +559,19 @@ static int runtime_call_stats(const char *workdir, const char *runtime, const ch
runtime_exec_info_init(&rei, workdir, runtime, "events", opts, 1, id, params, PARAM_NUM);
- if (!util_exec_cmd(runtime_exec_func, &rei, NULL, &stdout, &stderr)) {
- ERROR("call runtime events --stats failed: %s", stderr);
+ if (!util_exec_cmd(runtime_exec_func, &rei, NULL, &stdout_msg, &stderr_msg)) {
+ ERROR("call runtime events --stats failed: %s", stderr_msg);
ret = -1;
goto out;
}
- if (stdout == NULL) {
- ERROR("call runtime events --stats no stdout");
+ if (stdout_msg == NULL) {
+ ERROR("call runtime events --stats no stdout_msg");
ret = -1;
goto out;
}
- stats = shim_client_runtime_stats_parse_data(stdout, &ctx, &perr);
+ stats = shim_client_runtime_stats_parse_data(stdout_msg, &ctx, &perr);
if (stats == NULL) {
ERROR("call runtime events --stats parse json failed");
ret = -1;
@@ -595,8 +595,8 @@ static int runtime_call_stats(const char *workdir, const char *runtime, const ch
out:
free_shim_client_runtime_stats(stats);
- UTIL_FREE_AND_SET_NULL(stdout);
- UTIL_FREE_AND_SET_NULL(stderr);
+ UTIL_FREE_AND_SET_NULL(stdout_msg);
+ UTIL_FREE_AND_SET_NULL(stderr_msg);
UTIL_FREE_AND_SET_NULL(perr);
return ret;
}
@@ -605,27 +605,27 @@ static int runtime_call_simple(const char *workdir, const char *runtime, const c
size_t opts_len, const char *id, handle_output_callback_t cb)
{
runtime_exec_info rei = { 0 };
- char *stdout = NULL;
- char *stderr = NULL;
+ char *stdout_msg = NULL;
+ char *stderr_msg = NULL;
int ret = 0;
char *params[PARAM_NUM] = { 0 };
runtime_exec_info_init(&rei, workdir, runtime, subcmd, opts, opts_len, id, params, PARAM_NUM);
- if (!util_exec_cmd(runtime_exec_func, &rei, NULL, &stdout, &stderr)) {
- ERROR("call runtime %s failed stderr %s", subcmd, stderr);
+ if (!util_exec_cmd(runtime_exec_func, &rei, NULL, &stdout_msg, &stderr_msg)) {
+ ERROR("call runtime %s failed stderr %s", subcmd, stderr_msg);
ret = -1;
// additional handler for the stderr,
// this intend to change the ret val of this function
// for example, if output string contains some specific content,
// we consider the runtime call simple succeeded,
// even if the process exit with failure.
- if (stderr != NULL && cb != NULL) {
- ret = cb(stderr);
+ if (stderr_msg != NULL && cb != NULL) {
+ ret = cb(stderr_msg);
}
}
- UTIL_FREE_AND_SET_NULL(stdout);
- UTIL_FREE_AND_SET_NULL(stderr);
+ UTIL_FREE_AND_SET_NULL(stdout_msg);
+ UTIL_FREE_AND_SET_NULL(stderr_msg);
return ret;
}
--
2.25.1

297
0088-2046-reinforce-cri_stream.sh-and-health_check.sh.patch Normal file
View File

@ -0,0 +1,297 @@
From c70e4aaaf5b1748432fd325856e07770a267336e Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 6 Jun 2023 11:50:26 +0000
Subject: [PATCH 09/15] !2046 reinforce cri_stream.sh and health_check.sh *
reinforce cri_stream.sh and health_check.sh
---
CI/test_cases/container_cases/cri_stream.sh | 35 +++++-
CI/test_cases/container_cases/health_check.sh | 103 +++++++++++++-----
2 files changed, 103 insertions(+), 35 deletions(-)
diff --git a/CI/test_cases/container_cases/cri_stream.sh b/CI/test_cases/container_cases/cri_stream.sh
index 8b5440d3..2360e240 100755
--- a/CI/test_cases/container_cases/cri_stream.sh
+++ b/CI/test_cases/container_cases/cri_stream.sh
@@ -9,6 +9,27 @@ data_path=$(realpath $curr_path/criconfigs)
pause_img_path=$(realpath $curr_path/test_data)
source ../helpers.sh
+# $1 : retry limit
+# $2 : retry_interval
+# $3 : retry function
+function do_retry()
+{
+ for i in $(seq 1 "$1"); do
+ $3
+ if [ $? -ne 0 ]; then
+ return 0
+ fi
+ sleep $2
+ done
+ return 1
+}
+
+function get_ioCopy()
+{
+ ps -T -p $(cat /var/run/isulad.pid) | grep IoCopy
+ return $?
+}
+
function do_pre()
{
local ret=0
@@ -58,6 +79,8 @@ function set_up()
function test_cri_exec_fun()
{
local ret=0
+ local retry_limit=20
+ local retry_interval=1
local test="test_cri_exec_fun => (${FUNCNAME[@]})"
msg_info "${test} starting..."
declare -a fun_pids
@@ -74,9 +97,8 @@ function test_cri_exec_fun()
done
wait ${abn_pids[*]// /|}
- sleep 2
- ps -T -p $(cat /var/run/isulad.pid) | grep IoCopy
- [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - residual IO copy thread in CRI exec operation" && ((ret++))
+ do_retry ${retry_limit} ${retry_interval} get_ioCopy
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - residual IO copy thread in CRI exec operation" && ((ret++))
msg_info "${test} finished with return ${ret}..."
return ${ret}
@@ -85,6 +107,8 @@ function test_cri_exec_fun()
function test_cri_exec_abn
{
local ret=0
+ local retry_limit=20
+ local retry_interval=1
local test="test_cri_exec_abn => (${FUNCNAME[@]})"
msg_info "${test} starting..."
@@ -92,10 +116,9 @@ function test_cri_exec_abn
pid=$!
sleep 3
kill -9 $pid
- sleep 2
- ps -T -p $(cat /var/run/isulad.pid) | grep IoCopy
- [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - residual IO copy thread in CRI exec operation" && ((ret++))
+ do_retry ${retry_limit} ${retry_interval} get_ioCopy
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - residual IO copy thread in CRI exec operation" && ((ret++))
msg_info "${test} finished with return ${ret}..."
return ${ret}
diff --git a/CI/test_cases/container_cases/health_check.sh b/CI/test_cases/container_cases/health_check.sh
index b8256087..efb357e0 100755
--- a/CI/test_cases/container_cases/health_check.sh
+++ b/CI/test_cases/container_cases/health_check.sh
@@ -26,9 +26,40 @@ image="busybox"
isula pull ${image}
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to pull image: ${image}" && exit ${FAILURE}
+# $1 : retry limit
+# $2 : retry_interval
+# $3 : retry function
+# $4 : retry function parms 1
+# $5 : retry function parms 2
+function do_retry()
+{
+ for i in $(seq 1 "$1"); do
+ $3 $4 $5
+ if [ $? -eq 0 ]; then
+ return 0
+ fi
+ sleep $2
+ done
+ return 1
+}
+
+function inspect_container_status()
+{
+ [[ $(isula inspect -f '{{.State.Health.Status}}' ${1}) == "${2}" ]]
+ return $?
+}
+
+function inspect_container_exitcode()
+{
+ [[ $(isula inspect -f '{{.State.ExitCode}}' ${1}) == "${2}" ]]
+ return $?
+}
+
function test_health_check_paraments()
{
local ret=0
+ local retry_limit=10
+ local retry_interval=1
local test="list && inspect image info test => (${FUNCNAME[@]})"
msg_info "${test} starting..."
@@ -37,7 +68,7 @@ function test_health_check_paraments()
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - missing list image: ${image}" && ((ret++))
container_name="health_check_para"
- isula run -itd -n ${container_name} --health-cmd 'echo "iSulad" ; exit 1' \
+ isula run -itd --runtime $1 -n ${container_name} --health-cmd 'echo "iSulad" ; exit 1' \
--health-interval 5s --health-retries 2 --health-start-period 8s --health-exit-on-unhealthy ${image} /bin/sh
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image: ${image}" && ((ret++))
@@ -45,15 +76,16 @@ function test_health_check_paraments()
[[ $(isula inspect -f '{{.State.Status}}' ${container_name}) == "running" ]]
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container status: not running" && ((ret++))
- sleep 13 # finish first health check
-
+ # finish first health check
+ sleep 10
+ do_retry ${retry_limit} ${retry_interval} inspect_container_status ${container_name} starting
# keep starting status with health check return non-zero at always until status change to unhealthy
- [[ $(isula inspect -f '{{.State.Health.Status}}' ${container_name}) == "starting" ]]
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not starting" && ((ret++))
sleep 6 # finish second health check
- [[ $(isula inspect -f '{{.State.Health.Status}}' ${container_name}) == "unhealthy" ]]
+ success=1
+ do_retry ${retry_limit} ${retry_interval} inspect_container_status ${container_name} unhealthy
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not unhealthy" && ((ret++))
# validate --health-retries option
@@ -77,6 +109,8 @@ function test_health_check_normally()
{
local ret=0
local image="busybox"
+ local retry_limit=10
+ local retry_interval=1
local test="list && inspect image info test => (${FUNCNAME[@]})"
msg_info "${test} starting..."
@@ -85,31 +119,32 @@ function test_health_check_normally()
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - missing list image: ${image}" && ((ret++))
container_name="health_check_normally"
- isula run -itd -n ${container_name} --health-cmd 'date' --health-interval 5s ${image} /bin/sh
+ isula run -itd --runtime $1 -n ${container_name} --health-cmd 'date' --health-interval 5s ${image} /bin/sh
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image: ${image}" && ((ret++))
# start period : 0s => interval: 2s => do health check => interval: 2s => do health check => ...
[[ $(isula inspect -f '{{.State.Status}}' ${container_name}) == "running" ]]
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container status: not running" && ((ret++))
- sleep 2 # Health check has been performed yet
-
+ # Health check has been performed yet
+ do_retry ${retry_limit} ${retry_interval} inspect_container_status ${container_name} starting
# Initial status when the container is still starting
- [[ $(isula inspect -f '{{.State.Health.Status}}' ${container_name}) == "starting" ]]
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not starting" && ((ret++))
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not starting" && ((ret++))
sleep 8 # finish first health check
+
+ do_retry ${retry_limit} ${retry_interval} inspect_container_status ${container_name} healthy
# When the health check returns successfully, status immediately becomes healthy
- [[ $(isula inspect -f '{{.State.Health.Status}}' ${container_name}) == "healthy" ]]
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not healthy" && ((ret++))
-
- kill -9 $(isula inspect -f '{{.State.Pid}}' ${container_name}) && sleep 1 # Wait for the container to be killed
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not healthy" && ((ret++))
+ kill -9 $(isula inspect -f '{{.State.Pid}}' ${container_name})
+
+ # Wait for the container to be killed
+ do_retry ${retry_limit} ${retry_interval} inspect_container_status ${container_name} unhealthy
# The container process exits abnormally and the health check status becomes unhealthy
- [[ $(isula inspect -f '{{.State.Health.Status}}' ${container_name}) == "unhealthy" ]]
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not unhealthy" && ((ret++))
- [[ $(isula inspect -f '{{.State.ExitCode}}' ${container_name}) == "137" ]]
+ do_retry ${retry_limit} ${retry_interval} inspect_container_exitcode ${container_name} 137
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container exit code: not 137" && ((ret++))
isula rm -f ${container_name}
@@ -123,6 +158,9 @@ function test_health_check_timeout()
{
local ret=0
local image="busybox"
+ local retry_limit=10
+ local retry_interval=1
+ local success=1
local test="list && inspect image info test => (${FUNCNAME[@]})"
msg_info "${test} starting..."
@@ -131,7 +169,7 @@ function test_health_check_timeout()
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - missing list image: ${image}" && ((ret++))
container_name="health_check_timeout"
- isula run -itd -n ${container_name} --health-cmd 'sleep 5' --health-interval 5s --health-timeout 1s \
+ isula run -itd --runtime $1 -n ${container_name} --health-cmd 'sleep 5' --health-interval 5s --health-timeout 1s \
--health-retries 1 --health-exit-on-unhealthy ${image} /bin/sh
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image: ${image}" && ((ret++))
@@ -139,19 +177,19 @@ function test_health_check_timeout()
[[ $(isula inspect -f '{{.State.Status}}' ${container_name}) == "running" ]]
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container status: not running" && ((ret++))
- sleep 1 # Health check has been performed yet
-
+ # Health check has been performed yet
+ do_retry ${retry_limit} ${retry_interval} inspect_container_status ${container_name} starting
# Initial status when the container is still starting
- [[ $(isula inspect -f '{{.State.Health.Status}}' ${container_name}) == "starting" ]]
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not starting" && ((ret++))
sleep 7 # finish first health check
+
+ do_retry ${retry_limit} ${retry_interval} inspect_container_status ${container_name} unhealthy
# The container process exits and the health check status becomes unhealthy
- [[ $(isula inspect -f '{{.State.Health.Status}}' ${container_name}) == "unhealthy" ]]
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not unhealthy" && ((ret++))
- [[ $(isula inspect -f '{{.State.ExitCode}}' ${container_name}) == "137" ]]
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container exit code: not 137" && ((ret++))
+ do_retry ${retry_limit} ${retry_interval} inspect_container_exitcode ${container_name} 137
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container exit code: not 137" && ((ret++))
isula rm -f ${container_name}
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to remove container: ${container_name}" && ((ret++))
@@ -174,7 +212,7 @@ function test_health_check_monitor()
isula rm -f $(isula ps -qa)
container_name="health_check_monitor"
- isula run -itd -n ${container_name} --health-cmd="sleep 3" --health-interval 3s busybox
+ isula run -itd --runtime $1 -n ${container_name} --health-cmd="sleep 3" --health-interval 3s busybox
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image: ${image}" && ((ret++))
isula stop -t 0 ${container_name} && isula start ${container_name} && \
@@ -193,13 +231,20 @@ function test_health_check_monitor()
declare -i ans=0
-test_health_check_paraments || ((ans++))
+for element in ${RUNTIME_LIST[@]};
+do
+ test="health check test => (${element})"
+ msg_info "${test} starting..."
-test_health_check_normally || ((ans++))
+ test_health_check_paraments $element || ((ans++))
-test_health_check_timeout || ((ans++))
+ test_health_check_normally $element || ((ans++))
-test_health_check_monitor || ((ans++))
+ test_health_check_timeout $element || ((ans++))
-show_result ${ans} "${curr_path}/${0}"
+ test_health_check_monitor $element || ((ans++))
+ msg_info "${test} finished with return ${ans}..."
+done
+
+show_result ${ans} "${curr_path}/${0}"
--
2.25.1

226
0089-2047-distinguishing-exit-codes-between-shim-and-cont.patch Normal file
View File

@ -0,0 +1,226 @@
From e671d01c7ab6183a602c9c3e4b7f30d619831719 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 6 Jun 2023 11:55:16 +0000
Subject: [PATCH 10/15] !2047 distinguishing exit codes between shim and
container processes * distinguishing exit codes between shim and container
processes
---
src/cmd/isulad-shim/main.c | 10 ++-
src/cmd/isulad-shim/process.c | 8 ++-
.../modules/runtime/isula/isula_rt_ops.c | 65 +++++++++++++++----
3 files changed, 65 insertions(+), 18 deletions(-)
diff --git a/src/cmd/isulad-shim/main.c b/src/cmd/isulad-shim/main.c
index ed55805c..e2625aac 100644
--- a/src/cmd/isulad-shim/main.c
+++ b/src/cmd/isulad-shim/main.c
@@ -160,5 +160,13 @@ int main(int argc, char **argv)
released_timeout_exit();
- return process_signal_handle_routine(p, tid_epoll, timeout);
+ ret = process_signal_handle_routine(p, tid_epoll, timeout);
+ if (ret == SHIM_ERR) {
+ exit(EXIT_FAILURE);
+ }
+ if (ret == SHIM_ERR_TIMEOUT) {
+ exit(SHIM_EXIT_TIMEOUT);
+ }
+
+ exit(EXIT_SUCCESS);
}
diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c
index aa3aa37c..138a71fb 100644
--- a/src/cmd/isulad-shim/process.c
+++ b/src/cmd/isulad-shim/process.c
@@ -1264,7 +1264,7 @@ int process_signal_handle_routine(process_t *p, const pthread_t tid_epoll, const
nret = kill(p->ctr_pid, SIGKILL);
if (nret < 0 && errno != ESRCH) {
write_message(g_log_fd, ERR_MSG, "Can not kill process (pid=%d) with SIGKILL", p->ctr_pid);
- exit(EXIT_FAILURE);
+ return SHIM_ERR;
}
}
@@ -1302,8 +1302,10 @@ int process_signal_handle_routine(process_t *p, const pthread_t tid_epoll, const
if (ret == SHIM_ERR_TIMEOUT) {
write_message(g_log_fd, INFO_MSG, "Wait %d timeout", p->ctr_pid);
- exit(SHIM_EXIT_TIMEOUT);
+ return SHIM_ERR_TIMEOUT;
}
- return status;
+ // write container process exit_code in stdout
+ (void)write_nointr(STDOUT_FILENO, &status, sizeof(int));
+ return SHIM_OK;
}
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index 9fe3ac4b..3fe895f8 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -672,9 +672,9 @@ static int runtime_call_kill_and_check(const char *workdir, const char *runtime,
static int runtime_call_delete_force(const char *workdir, const char *runtime, const char *id)
{
const char *opts[1] = { "--force" };
- // delete succeed, return 0;
- // When the runc version is less than or equal to v1.0.0-rc3,
- // if the container does not exist when force deleting it,
+ // delete succeed, return 0;
+ // When the runc version is less than or equal to v1.0.0-rc3,
+ // if the container does not exist when force deleting it,
// runc will report an error and isulad does not need to retry the deletion again.
// related PR ID:d1a743674a98e23d348b29f52c43436356f56b79
// non_existent_output_check succeed, return 0;
@@ -699,11 +699,16 @@ static int status_to_exit_code(int status)
return exit_code;
}
+/*
+ exit_code records the exit code of the container, obtained by reading the stdout of isulad-shim;
+ shim_exit_code records the exit code of isulad-shim, obtained through waitpid;
+*/
static int shim_create(bool fg, const char *id, const char *workdir, const char *bundle, const char *runtime_cmd,
- int *exit_code, const char* timeout)
+ int *exit_code, const char* timeout, int* shim_exit_code)
{
pid_t pid = 0;
int exec_fd[2] = { -1, -1 };
+ int shim_stdout_pipe[2] = { -1, -1 };
int num = 0;
int ret = 0;
char exec_buff[BUFSIZ + 1] = { 0 };
@@ -733,11 +738,18 @@ static int shim_create(bool fg, const char *id, const char *workdir, const char
return -1;
}
+ if (pipe2(shim_stdout_pipe, O_CLOEXEC) != 0) {
+ ERROR("Failed to create pipe for shim exit code");
+ return -1;
+ }
+
pid = fork();
if (pid < 0) {
ERROR("Failed fork for shim parent %s", strerror(errno));
close(exec_fd[0]);
close(exec_fd[1]);
+ close(shim_stdout_pipe[0]);
+ close(shim_stdout_pipe[1]);
return -1;
}
@@ -772,12 +784,21 @@ static int shim_create(bool fg, const char *id, const char *workdir, const char
realexec:
/* real shim process. */
close(exec_fd[0]);
+ close(shim_stdout_pipe[0]);
+ // child process, dup2 shim_stdout_pipe[1] to STDOUT
+ if (dup2(shim_stdout_pipe[1], STDOUT_FILENO) < 0) {
+ (void)dprintf(exec_fd[1], "Dup fd error: %s", strerror(errno));
+ exit(EXIT_FAILURE);
+ }
+
if (setsid() < 0) {
(void)dprintf(exec_fd[1], "%s: failed setsid for process %d", id, getpid());
exit(EXIT_FAILURE);
}
-
- if (util_check_inherited(true, exec_fd[1]) != 0) {
+ int ignore_fd[2] = {-1, -1};
+ ignore_fd[0] = exec_fd[1];
+ ignore_fd[1] = shim_stdout_pipe[1];
+ if (util_check_inherited_exclude_fds(true, ignore_fd, 2) != 0) {
(void)dprintf(exec_fd[1], "close inherited fds failed");
}
@@ -786,26 +807,40 @@ realexec:
}
close(exec_fd[1]);
+ close(shim_stdout_pipe[1]);
num = util_read_nointr(exec_fd[0], exec_buff, sizeof(exec_buff) - 1);
- close(exec_fd[0]);
if (num > 0) {
- ERROR("exec failed: %s", exec_buff);
+ ERROR("Exec failed: %s", exec_buff);
ret = -1;
goto out;
}
status = util_wait_for_pid_status(pid);
if (status < 0) {
- ERROR("failed wait shim-parent %d exit %s", pid, strerror(errno));
+ ERROR("Failed wait shim-parent %d exit %s", pid, strerror(errno));
ret = -1;
goto out;
}
- if (exit_code != NULL) {
- *exit_code = status_to_exit_code(status);
+ *shim_exit_code = status_to_exit_code(status);
+ if (*shim_exit_code != 0) {
+ ERROR("Isulad-shim exit error");
+ ret = -1;
+ goto out;
}
+ if (exit_code == NULL) {
+ goto out;
+ }
+ ret = util_read_nointr(shim_stdout_pipe[0], exit_code, sizeof(int));
+ if (ret <= 0) {
+ *exit_code = 137;
+ }
+ ret = 0;
+
out:
+ close(exec_fd[0]);
+ close(shim_stdout_pipe[0]);
if (ret != 0) {
show_shim_runtime_errlog(workdir);
if (timeout <= 0) {
@@ -887,6 +922,7 @@ int rt_isula_create(const char *id, const char *runtime, const rt_create_params_
int ret = 0;
char workdir[PATH_MAX] = { 0 };
shim_client_process_state p = { 0 };
+ int shim_exit_code = 0;
if (id == NULL || runtime == NULL || params == NULL) {
ERROR("nullptr arguments not allowed");
@@ -919,7 +955,7 @@ int rt_isula_create(const char *id, const char *runtime, const rt_create_params_
}
get_runtime_cmd(runtime, &cmd);
- ret = shim_create(false, id, workdir, params->bundle, cmd, NULL, NULL);
+ ret = shim_create(false, id, workdir, params->bundle, cmd, NULL, NULL, &shim_exit_code);
if (ret != 0) {
runtime_call_delete_force(workdir, runtime, id);
ERROR("%s: failed create shim process", id);
@@ -1124,6 +1160,7 @@ int rt_isula_exec(const char *id, const char *runtime, const rt_exec_params_t *p
int pid = 0;
shim_client_process_state p = { 0 };
char *timeout = NULL;
+ int shim_exit_code = 0;
if (id == NULL || runtime == NULL || params == NULL || exit_code == NULL) {
ERROR("nullptr arguments not allowed");
@@ -1199,13 +1236,13 @@ int rt_isula_exec(const char *id, const char *runtime, const rt_exec_params_t *p
}
}
- ret = shim_create(fg_exec(params), id, workdir, bundle, cmd, exit_code, timeout);
+ ret = shim_create(fg_exec(params), id, workdir, bundle, cmd, exit_code, timeout, &shim_exit_code);
if (ret != 0) {
ERROR("%s: failed create shim process for exec %s", id, exec_id);
goto errlog_out;
}
- if (*exit_code == SHIM_EXIT_TIMEOUT) {
+ if (shim_exit_code == SHIM_EXIT_TIMEOUT) {
ret = -1;
isulad_set_error_message("Exec container error;exec timeout");
ERROR("isulad-shim %d exit for execing timeout", pid);
--
2.25.1

114
0090-2052-fix-some-codecheck.patch Normal file
View File

@ -0,0 +1,114 @@
From 1945e7e1f4bf5bf72ea50db9d62dc6c538d00b70 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 6 Jun 2023 12:44:43 +0000
Subject: [PATCH 11/15] !2052 fix some codecheck * fix some codecheck
---
src/cmd/isulad-shim/main.c | 3 +--
src/cmd/isulad-shim/process.c | 10 +++-------
src/daemon/modules/runtime/isula/isula_rt_ops.c | 9 +++------
3 files changed, 7 insertions(+), 15 deletions(-)
diff --git a/src/cmd/isulad-shim/main.c b/src/cmd/isulad-shim/main.c
index e2625aac..ff06a633 100644
--- a/src/cmd/isulad-shim/main.c
+++ b/src/cmd/isulad-shim/main.c
@@ -92,7 +92,6 @@ int main(int argc, char **argv)
char *rt_name = NULL;
char *log_level = NULL;
int ret = SHIM_ERR;
- int efd = -1;
process_t *p = NULL;
// execSync timeout
uint64_t timeout = 0;
@@ -134,7 +133,7 @@ int main(int argc, char **argv)
*/
if (!p->state->exec) {
if (p->state->exit_fifo != NULL) {
- efd = open_no_inherit("exit_fifo", O_WRONLY, -1);
+ int efd = open_no_inherit("exit_fifo", O_WRONLY, -1);
if (efd < 0) {
write_message(g_log_fd, ERR_MSG, "open exit pipe failed:%d", SHIM_SYS_ERR(errno));
exit(EXIT_FAILURE);
diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c
index 138a71fb..11889cce 100644
--- a/src/cmd/isulad-shim/process.c
+++ b/src/cmd/isulad-shim/process.c
@@ -1172,8 +1172,6 @@ static int waitpid_with_timeout(int ctr_pid, int *status, const uint64_t timeou
{
int nret = 0;
time_t start_time = time(NULL);
- time_t end_time;
- double interval;
int st;
for (;;) {
@@ -1181,8 +1179,8 @@ static int waitpid_with_timeout(int ctr_pid, int *status, const uint64_t timeou
if (nret == ctr_pid) {
break;
}
- end_time = time(NULL);
- interval = difftime(end_time, start_time);
+ time_t end_time = time(NULL);
+ double interval = difftime(end_time, start_time);
if (nret == 0 && interval >= timeout) {
return SHIM_ERR_TIMEOUT;
}
@@ -1216,14 +1214,12 @@ static int waitpid_with_timeout(int ctr_pid, int *status, const uint64_t timeou
*/
static int wait_container_process_with_timeout(process_t *p, const uint64_t timeout, int *status)
{
- int ret = SHIM_ERR;
-
if (timeout > 0) {
return waitpid_with_timeout(p->ctr_pid, status, timeout);
}
for (;;) {
- ret = reap_container(p->ctr_pid, status);
+ int ret = reap_container(p->ctr_pid, status);
if (ret == SHIM_OK) {
if (*status == CONTAINER_ACTION_REBOOT) {
ret = setenv("CONTAINER_ACTION", "reboot", 1);
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index 3fe895f8..dcc1d8ac 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -843,7 +843,7 @@ out:
close(shim_stdout_pipe[0]);
if (ret != 0) {
show_shim_runtime_errlog(workdir);
- if (timeout <= 0) {
+ if (timeout != NULL) {
kill(pid, SIGKILL); /* can kill other process? */
}
}
@@ -1313,9 +1313,6 @@ int rt_isula_attach(const char *id, const char *runtime, const rt_attach_params_
static int to_engine_resources(const host_config *hostconfig, shim_client_cgroup_resources *cr)
{
- uint64_t period = 0;
- int64_t quota = 0;
-
if (hostconfig == NULL || cr == NULL) {
return -1;
}
@@ -1354,13 +1351,13 @@ static int to_engine_resources(const host_config *hostconfig, shim_client_cgroup
// when --cpus=n is set, nano_cpus = n * 1e9.
if (hostconfig->nano_cpus > 0) {
// in the case, period will be set to the default value of 100000(0.1s).
- period = (uint64_t)(100 * Time_Milli / Time_Micro);
+ uint64_t period = (uint64_t)(100 * Time_Milli / Time_Micro);
// set quota = period * n, in order to let container process fully occupy n cpus.
if ((hostconfig->nano_cpus / 1e9) > (INT64_MAX / (int64_t)period)) {
ERROR("Overflow of quota");
return -1;
}
- quota = hostconfig->nano_cpus / 1e9 * (int64_t)period;
+ int64_t quota = hostconfig->nano_cpus / 1e9 * (int64_t)period;
cr->cpu->period = period;
cr->cpu->quota = quota;
}
--
2.25.1

27
0091-disable-the-exec-timeout-function-for-kata-runtime.patch Normal file
View File

@ -0,0 +1,27 @@
From c530f83fb28347c57bb5b1ed58a9b1770b7c2677 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 21 Jun 2023 01:20:27 +1400
Subject: [PATCH 12/15] disable the exec timeout function for kata runtime
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/cmd/isulad-shim/process.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c
index 11889cce..2e76574d 100644
--- a/src/cmd/isulad-shim/process.c
+++ b/src/cmd/isulad-shim/process.c
@@ -1214,7 +1214,8 @@ static int waitpid_with_timeout(int ctr_pid, int *status, const uint64_t timeou
*/
static int wait_container_process_with_timeout(process_t *p, const uint64_t timeout, int *status)
{
- if (timeout > 0) {
+ // currently, kata runtime does not support setting timeout during exec
+ if (strcasecmp(p->runtime, "kata-runtime") != 0 && timeout > 0) {
return waitpid_with_timeout(p->ctr_pid, status, timeout);
}
--
2.25.1

32
0092-debug-improve-debug-message-for-gc-containers.patch Normal file
View File

@ -0,0 +1,32 @@
From 8fe8f8bfbe53ad28e7c509f8f5afca1890d4dd1c Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Wed, 5 Jul 2023 11:41:20 +0800
Subject: [PATCH 13/15] [debug] improve debug message for gc containers
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
src/daemon/modules/container/supervisor/supervisor.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/daemon/modules/container/supervisor/supervisor.c b/src/daemon/modules/container/supervisor/supervisor.c
index 87b623f9..d5997b63 100644
--- a/src/daemon/modules/container/supervisor/supervisor.c
+++ b/src/daemon/modules/container/supervisor/supervisor.c
@@ -194,6 +194,14 @@ retry:
goto retry;
}
+ // get info of init process in container for debug problem of container
+ proc_t *c_proc = util_get_process_proc_info(pid);
+ if (c_proc != NULL) {
+ ERROR("Container %s into GC with process state: {cmd: %s, state: %c, pid: %d}", name, c_proc->cmd, c_proc->state,
+ (int)pid);
+ free(c_proc);
+ }
+
ret = gc_add_container(name, runtime, &data->pid_info);
if (ret != 0) {
ERROR("Failed to send container %s to garbage handler", name);
--
2.25.1

839
0093-refactor-rt_isula_exec-and-shim-log.patch Normal file
View File

@ -0,0 +1,839 @@
From e92856fe6768d4f09553d6b032fbe2ebcca83bfc Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Thu, 1 Jun 2023 15:33:58 +0800
Subject: [PATCH 14/15] refactor rt_isula_exec and shim log
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/cmd/isulad-shim/common.c | 17 +-
src/cmd/isulad-shim/common.h | 4 +-
src/cmd/isulad-shim/main.c | 19 +--
src/cmd/isulad-shim/process.c | 98 ++++++-----
.../modules/runtime/isula/isula_rt_ops.c | 153 ++++++++++--------
5 files changed, 164 insertions(+), 127 deletions(-)
diff --git a/src/cmd/isulad-shim/common.c b/src/cmd/isulad-shim/common.c
index 3787cdfb..27836a8c 100644
--- a/src/cmd/isulad-shim/common.c
+++ b/src/cmd/isulad-shim/common.c
@@ -31,11 +31,20 @@
int g_log_fd = -1;
+int init_shim_log(void)
+{
+ g_log_fd = open_no_inherit(SHIM_LOG_NAME, O_CREAT | O_WRONLY | O_APPEND | O_SYNC, 0640);
+ if (g_log_fd < 0) {
+ return SHIM_ERR;
+ }
+ return SHIM_OK;
+}
+
void signal_routine(int sig)
{
switch (sig) {
case SIGALRM:
- write_message(g_log_fd, ERR_MSG, "runtime timeout");
+ write_message(ERR_MSG, "runtime timeout");
exit(EXIT_FAILURE);
default:
break;
@@ -228,12 +237,12 @@ int generate_random_str(char *id, size_t len)
return SHIM_OK;
}
-void write_message(int fd, const char *level, const char *fmt, ...)
+void write_message(const char *level, const char *fmt, ...)
{
#define MAX_MSG_JSON_TEMPLATE 32
#define MAX_MESSAGE_CONTENT_LEN 128
#define MAX_MESSAGE_LEN (MAX_MSG_JSON_TEMPLATE + MAX_MESSAGE_CONTENT_LEN)
- if (fd < 0) {
+ if (g_log_fd < 0) {
return;
}
@@ -247,7 +256,7 @@ void write_message(int fd, const char *level, const char *fmt, ...)
va_end(arg_list);
snprintf(msg, MAX_MESSAGE_LEN - 1, "{\"level\": \"%s\", \"msg\": \"%s\"}\n", level, buf);
- nwrite = write_nointr_in_total(fd, msg, strlen(msg));
+ nwrite = write_nointr_in_total(g_log_fd, msg, strlen(msg));
if (nwrite < 0 || (size_t)nwrite != strlen(msg)) {
return;
}
diff --git a/src/cmd/isulad-shim/common.h b/src/cmd/isulad-shim/common.h
index 8cef5de2..a5991cc3 100644
--- a/src/cmd/isulad-shim/common.h
+++ b/src/cmd/isulad-shim/common.h
@@ -58,6 +58,8 @@ extern "C" {
#define CONTAINER_ACTION_REBOOT 129
#define CONTAINER_ACTION_SHUTDOWN 130
+int init_shim_log(void);
+
void signal_routine(int sig);
void util_usleep_nointerupt(unsigned long usec);
@@ -107,7 +109,7 @@ bool file_exists(const char *f);
int cmd_combined_output(const char *binary, const char *params[], void *output, int *output_len);
-void write_message(int fd, const char *level, const char *fmt, ...);
+void write_message(const char *level, const char *fmt, ...);
int generate_random_str(char *id, size_t len);
diff --git a/src/cmd/isulad-shim/main.c b/src/cmd/isulad-shim/main.c
index ff06a633..22db251e 100644
--- a/src/cmd/isulad-shim/main.c
+++ b/src/cmd/isulad-shim/main.c
@@ -26,8 +26,6 @@
#include "common.h"
#include "process.h"
-extern int g_log_fd;
-
static void set_timeout_exit(unsigned int timeout)
{
signal(SIGALRM, signal_routine);
@@ -97,8 +95,11 @@ int main(int argc, char **argv)
uint64_t timeout = 0;
pthread_t tid_epoll;
- g_log_fd = open_no_inherit(SHIM_LOG_NAME, O_CREAT | O_WRONLY | O_APPEND | O_SYNC, 0640);
- if (g_log_fd < 0) {
+ ret = init_shim_log();
+ if (ret != SHIM_OK) {
+ // because shim log init error, print error msg to stderr.
+ // isulad can obtain the reason why shim exits.
+ dprintf(STDERR_FILENO, "failed to init shim log");
_exit(EXIT_FAILURE);
}
@@ -110,19 +111,19 @@ int main(int argc, char **argv)
ret = set_subreaper();
if (ret != SHIM_OK) {
- write_message(g_log_fd, ERR_MSG, "set subreaper failed:%d", ret);
+ write_message(ERR_MSG, "set subreaper failed:%d", ret);
exit(EXIT_FAILURE);
}
ret = parse_args(argc, argv, &container_id, &bundle, &rt_name, &log_level, &timeout);
if (ret != SHIM_OK) {
- write_message(g_log_fd, ERR_MSG, "parse args failed:%d", ret);
+ write_message(ERR_MSG, "parse args failed:%d", ret);
exit(EXIT_FAILURE);
}
p = new_process(container_id, bundle, rt_name);
if (p == NULL) {
- write_message(g_log_fd, ERR_MSG, "new process failed");
+ write_message(ERR_MSG, "new process failed");
exit(EXIT_FAILURE);
}
@@ -135,7 +136,7 @@ int main(int argc, char **argv)
if (p->state->exit_fifo != NULL) {
int efd = open_no_inherit("exit_fifo", O_WRONLY, -1);
if (efd < 0) {
- write_message(g_log_fd, ERR_MSG, "open exit pipe failed:%d", SHIM_SYS_ERR(errno));
+ write_message(ERR_MSG, "open exit pipe failed:%d", SHIM_SYS_ERR(errno));
exit(EXIT_FAILURE);
}
p->exit_fd = efd;
@@ -145,7 +146,7 @@ int main(int argc, char **argv)
/* start epoll for io copy */
ret = process_io_start(p, &tid_epoll);
if (ret != SHIM_OK) {
- write_message(g_log_fd, ERR_MSG, "process io init failed:%d", ret);
+ write_message(ERR_MSG, "process io init failed:%d", ret);
exit(EXIT_FAILURE);
}
diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c
index 2e76574d..a9e65fcb 100644
--- a/src/cmd/isulad-shim/process.c
+++ b/src/cmd/isulad-shim/process.c
@@ -44,8 +44,6 @@
#define DEFAULT_IO_COPY_BUF (16 * 1024)
#define DEFAULT_LOG_FILE_SIZE (4 * 1024)
-extern int g_log_fd;
-
static shim_client_process_state *load_process()
{
parser_error err = NULL;
@@ -53,7 +51,7 @@ static shim_client_process_state *load_process()
p_state = shim_client_process_state_parse_file("process.json", NULL, &err);
if (p_state == NULL) {
- write_message(g_log_fd, ERR_MSG, "parse process state failed");
+ write_message(ERR_MSG, "parse process state failed");
}
/* "err" will definitely be allocated memory in the function above */
free(err);
@@ -68,7 +66,7 @@ static int open_fifo_noblock(const char *path, mode_t mode)
/* By default, We consider that the file has been created by isulad */
fd = open_no_inherit(path, mode | O_NONBLOCK, -1);
if (fd < 0) {
- write_message(g_log_fd, ERR_MSG, "open fifo file failed:%d", SHIM_SYS_ERR(errno));
+ write_message(ERR_MSG, "open fifo file failed:%d", SHIM_SYS_ERR(errno));
return -1;
}
@@ -107,7 +105,7 @@ static int receive_fd(int sock)
*/
int ret = recvmsg(sock, &msg, 0);
if (ret <= 0) {
- write_message(g_log_fd, ERR_MSG, "get console fd failed:%d", SHIM_SYS_ERR(errno));
+ write_message(ERR_MSG, "get console fd failed:%d", SHIM_SYS_ERR(errno));
free(cmptr);
return -1;
}
@@ -201,7 +199,7 @@ static int stdin_cb(int fd, uint32_t events, void *cbdata, struct epoll_descr *d
w_count = write_nointr_in_total(*fd_to, p->buf, r_count);
if (w_count < 0) {
/* When any error occurs, set the write fd -1 */
- write_message(g_log_fd, WARN_MSG, "write in_fd %d error:%d", *fd_to, SHIM_SYS_ERR(errno));
+ write_message(WARN_MSG, "write in_fd %d error:%d", *fd_to, SHIM_SYS_ERR(errno));
close(*fd_to);
*fd_to = -1;
}
@@ -243,7 +241,7 @@ static int stdout_cb(int fd, uint32_t events, void *cbdata, struct epoll_descr *
w_count = write_nointr_in_total(p->isulad_io->out, p->buf, r_count);
if (w_count < 0) {
/* When any error occurs, set the write fd -1 */
- write_message(g_log_fd, WARN_MSG, "write out_fd %d error:%d", p->isulad_io->out, SHIM_SYS_ERR(errno));
+ write_message(WARN_MSG, "write out_fd %d error:%d", p->isulad_io->out, SHIM_SYS_ERR(errno));
close(p->isulad_io->out);
p->isulad_io->out = -1;
}
@@ -285,7 +283,7 @@ static int stderr_cb(int fd, uint32_t events, void *cbdata, struct epoll_descr *
w_count = write_nointr_in_total(p->isulad_io->err, p->buf, r_count);
if (w_count < 0) {
/* When any error occurs, set the write fd -1 */
- write_message(g_log_fd, WARN_MSG, "write err_fd %d error:%d", p->isulad_io->err, SHIM_SYS_ERR(errno));
+ write_message(WARN_MSG, "write err_fd %d error:%d", p->isulad_io->err, SHIM_SYS_ERR(errno));
close(p->isulad_io->err);
p->isulad_io->err = -1;
}
@@ -333,13 +331,13 @@ static int task_console_accept(int fd, uint32_t events, void *cbdata, struct epo
conn_fd = accept(p->listen_fd, NULL, NULL);
if (conn_fd < 0) {
- write_message(g_log_fd, ERR_MSG, "accept from fd %d failed:%d", p->listen_fd, SHIM_SYS_ERR(errno));
+ write_message(ERR_MSG, "accept from fd %d failed:%d", p->listen_fd, SHIM_SYS_ERR(errno));
goto out;
}
p->recv_fd = receive_fd(conn_fd);
if (check_fd(p->recv_fd) != true) {
- write_message(g_log_fd, ERR_MSG, "check console fd failed");
+ write_message(ERR_MSG, "check console fd failed");
goto out;
}
@@ -348,19 +346,19 @@ static int task_console_accept(int fd, uint32_t events, void *cbdata, struct epo
// p->isulad_io->in ----> p->recv_fd
ret = epoll_loop_add_handler(descr, p->isulad_io->in, stdin_cb, p);
if (ret != SHIM_OK) {
- write_message(g_log_fd, ERR_MSG, "add in fd %d to epoll loop failed:%d", p->isulad_io->in, SHIM_SYS_ERR(errno));
+ write_message(ERR_MSG, "add in fd %d to epoll loop failed:%d", p->isulad_io->in, SHIM_SYS_ERR(errno));
goto out;
}
// p->recv_fd ----> p->isulad_io->out
ret = epoll_loop_add_handler(descr, p->recv_fd, stdout_cb, p);
if (ret != SHIM_OK) {
- write_message(g_log_fd, ERR_MSG, "add recv_fd fd %d to epoll loop failed:%d", p->recv_fd, SHIM_SYS_ERR(errno));
+ write_message(ERR_MSG, "add recv_fd fd %d to epoll loop failed:%d", p->recv_fd, SHIM_SYS_ERR(errno));
goto out;
}
// p->isulad_io->resize ----> p->recv_fd
ret = epoll_loop_add_handler(descr, p->isulad_io->resize, resize_cb, p);
if (ret != SHIM_OK) {
- write_message(g_log_fd, ERR_MSG, "add resize fd %d to epoll loop failed:%d", p->isulad_io->resize, SHIM_SYS_ERR(errno));
+ write_message(ERR_MSG, "add resize fd %d to epoll loop failed:%d", p->isulad_io->resize, SHIM_SYS_ERR(errno));
goto out;
}
@@ -416,7 +414,7 @@ static stdio_t *initialize_io(process_t *p)
/* don't open resize pipe */
if ((pipe2(stdio_fd[0], O_CLOEXEC | O_NONBLOCK) != 0) || (pipe2(stdio_fd[1], O_CLOEXEC | O_NONBLOCK) != 0) ||
(pipe2(stdio_fd[2], O_CLOEXEC | O_NONBLOCK) != 0)) {
- write_message(g_log_fd, ERR_MSG, "open pipe failed when init io:%d", SHIM_SYS_ERR(errno));
+ write_message(ERR_MSG, "open pipe failed when init io:%d", SHIM_SYS_ERR(errno));
goto failure;
}
@@ -481,7 +479,7 @@ static int console_init(process_t *p, struct epoll_descr *descr)
fd = socket(AF_UNIX, SOCK_STREAM, 0);
if (fd < 0) {
- write_message(g_log_fd, ERR_MSG, "create socket failed:%d", SHIM_SYS_ERR(errno));
+ write_message(ERR_MSG, "create socket failed:%d", SHIM_SYS_ERR(errno));
goto failure;
}
@@ -491,13 +489,13 @@ static int console_init(process_t *p, struct epoll_descr *descr)
ret = bind(fd, (struct sockaddr *)&addr, sizeof(addr));
if (ret < 0) {
- write_message(g_log_fd, ERR_MSG, "bind console fd failed:%d", SHIM_SYS_ERR(errno));
+ write_message(ERR_MSG, "bind console fd failed:%d", SHIM_SYS_ERR(errno));
goto failure;
}
ret = listen(fd, 2);
if (ret < 0) {
- write_message(g_log_fd, ERR_MSG, "listen console fd failed:%d", SHIM_SYS_ERR(errno));
+ write_message(ERR_MSG, "listen console fd failed:%d", SHIM_SYS_ERR(errno));
goto failure;
}
@@ -505,7 +503,7 @@ static int console_init(process_t *p, struct epoll_descr *descr)
ret = epoll_loop_add_handler(descr, p->listen_fd, task_console_accept, p);
if (ret != SHIM_OK) {
- write_message(g_log_fd, ERR_MSG, "add listen_fd fd %d to epoll loop failed:%d", p->listen_fd, SHIM_SYS_ERR(errno));
+ write_message(ERR_MSG, "add listen_fd fd %d to epoll loop failed:%d", p->listen_fd, SHIM_SYS_ERR(errno));
goto failure;
}
@@ -523,7 +521,7 @@ static int open_terminal_io(process_t *p, struct epoll_descr *descr)
ret = new_temp_console_path(p);
if (ret != SHIM_OK) {
- write_message(g_log_fd, ERR_MSG, "get temp console sock path failed");
+ write_message(ERR_MSG, "get temp console sock path failed");
return SHIM_ERR;
}
@@ -545,19 +543,19 @@ static int open_generic_io(process_t *p, struct epoll_descr *descr)
// p->isulad_io->in ----> p->shim_io->in
ret = epoll_loop_add_handler(descr, p->isulad_io->in, stdin_cb, p);
if (ret != SHIM_OK) {
- write_message(g_log_fd, ERR_MSG, "add in fd %d to epoll loop failed:%d", p->isulad_io->in, SHIM_SYS_ERR(errno));
+ write_message(ERR_MSG, "add in fd %d to epoll loop failed:%d", p->isulad_io->in, SHIM_SYS_ERR(errno));
return SHIM_ERR;
}
// p->shim_io->out ----> p->isulad_io->out
ret = epoll_loop_add_handler(descr, p->shim_io->out, stdout_cb, p);
if (ret != SHIM_OK) {
- write_message(g_log_fd, ERR_MSG, "add out fd %d to epoll loop failed:%d", p->shim_io->out, SHIM_SYS_ERR(errno));
+ write_message(ERR_MSG, "add out fd %d to epoll loop failed:%d", p->shim_io->out, SHIM_SYS_ERR(errno));
return SHIM_ERR;
}
// p->shim_io->err ----> p->isulad_io->err
ret = epoll_loop_add_handler(descr, p->shim_io->err, stderr_cb, p);
if (ret != SHIM_OK) {
- write_message(g_log_fd, ERR_MSG, "add err fd %d to epoll loop failed:%d", p->shim_io->err, SHIM_SYS_ERR(errno));
+ write_message(ERR_MSG, "add err fd %d to epoll loop failed:%d", p->shim_io->err, SHIM_SYS_ERR(errno));
return SHIM_ERR;
}
@@ -608,14 +606,14 @@ static void *io_epoll_loop(void *data)
ret = epoll_loop_open(&descr);
if (ret != 0) {
- write_message(g_log_fd, ERR_MSG, "epoll loop open failed:%d", SHIM_SYS_ERR(errno));
+ write_message(ERR_MSG, "epoll loop open failed:%d", SHIM_SYS_ERR(errno));
exit(EXIT_FAILURE);
}
// sync fd: epoll loop will exit when recive sync fd event.
ret = epoll_loop_add_handler(&descr, p->sync_fd, sync_exit_cb, p);
if (ret != 0) {
- write_message(g_log_fd, ERR_MSG, "add sync_fd %d to epoll loop failed:%d", p->sync_fd, SHIM_SYS_ERR(errno));
+ write_message(ERR_MSG, "add sync_fd %d to epoll loop failed:%d", p->sync_fd, SHIM_SYS_ERR(errno));
exit(EXIT_FAILURE);
}
@@ -625,7 +623,7 @@ static void *io_epoll_loop(void *data)
ret = open_generic_io(p, &descr);
}
if (ret != SHIM_OK) {
- write_message(g_log_fd, ERR_MSG, "open io failed:%d", SHIM_SYS_ERR(errno));
+ write_message(ERR_MSG, "open io failed:%d", SHIM_SYS_ERR(errno));
exit(EXIT_FAILURE);
}
@@ -633,7 +631,7 @@ static void *io_epoll_loop(void *data)
ret = epoll_loop(&descr, -1);
if (ret != 0) {
- write_message(g_log_fd, ERR_MSG, "epoll loop failed");
+ write_message(ERR_MSG, "epoll loop failed");
exit(EXIT_FAILURE);
}
@@ -649,7 +647,7 @@ static void *io_epoll_loop(void *data)
if (fd_out > 0) {
ret = set_non_block(fd_out);
if (ret != SHIM_OK) {
- write_message(g_log_fd, ERR_MSG, "set fd %d non_block failed:%d", fd_out, SHIM_SYS_ERR(errno));
+ write_message(ERR_MSG, "set fd %d non_block failed:%d", fd_out, SHIM_SYS_ERR(errno));
exit(EXIT_FAILURE);
}
@@ -664,7 +662,7 @@ static void *io_epoll_loop(void *data)
if (fd_err > 0) {
ret = set_non_block(fd_err);
if (ret != SHIM_OK) {
- write_message(g_log_fd, ERR_MSG, "set fd %d non_block failed:%d", fd_err, SHIM_SYS_ERR(errno));
+ write_message(ERR_MSG, "set fd %d non_block failed:%d", fd_err, SHIM_SYS_ERR(errno));
exit(EXIT_FAILURE);
}
@@ -696,12 +694,12 @@ static int terminal_init(log_terminal **terminal, shim_client_process_state *p_s
log_term = util_common_calloc_s(sizeof(log_terminal));
if (log_term == NULL) {
- write_message(g_log_fd, ERR_MSG, "Failed to calloc log_terminal");
+ write_message(ERR_MSG, "Failed to calloc log_terminal");
goto clean_out;
}
if (pthread_rwlock_init(&log_term->log_terminal_rwlock, NULL) != 0) {
- write_message(g_log_fd, ERR_MSG, "Failed to init isulad conf rwlock");
+ write_message(ERR_MSG, "Failed to init isulad conf rwlock");
goto clean_out;
}
@@ -777,25 +775,25 @@ static int init_isulad_stdio(process_t *p)
ret = open_isulad_fd(STDID_IN, p->state->isulad_stdin, &p->isulad_io->in);
if (ret != SHIM_OK) {
- write_message(g_log_fd, ERR_MSG, "Failed to open in isulad fd: %s", p->state->isulad_stdin);
+ write_message(ERR_MSG, "Failed to open in isulad fd: %s", p->state->isulad_stdin);
goto failure;
}
ret = open_isulad_fd(STDID_OUT, p->state->isulad_stdout, &p->isulad_io->out);
if (ret != SHIM_OK) {
- write_message(g_log_fd, ERR_MSG, "Failed to open out isulad fd: %s", p->state->isulad_stdout);
+ write_message(ERR_MSG, "Failed to open out isulad fd: %s", p->state->isulad_stdout);
goto failure;
}
ret = open_isulad_fd(STDID_ERR, p->state->isulad_stderr, &p->isulad_io->err);
if (ret != SHIM_OK) {
- write_message(g_log_fd, ERR_MSG, "Failed to open err isulad fd: %s", p->state->isulad_stderr);
+ write_message(ERR_MSG, "Failed to open err isulad fd: %s", p->state->isulad_stderr);
goto failure;
}
ret = open_isulad_fd(EXEC_RESIZE, p->state->resize_fifo, &p->isulad_io->resize);
if (ret != SHIM_OK) {
- write_message(g_log_fd, ERR_MSG, "Failed to open resize isulad fd: %s", p->state->resize_fifo);
+ write_message(ERR_MSG, "Failed to open resize isulad fd: %s", p->state->resize_fifo);
goto failure;
}
return SHIM_OK;
@@ -862,7 +860,7 @@ process_t *new_process(char *id, char *bundle, char *runtime)
p->sync_fd = eventfd(0, EFD_CLOEXEC);
if (p->sync_fd < 0) {
- write_message(g_log_fd, ERR_MSG, "Failed to create eventfd: %s", strerror(errno));
+ write_message(ERR_MSG, "Failed to create eventfd: %s", strerror(errno));
goto failure;
}
@@ -996,7 +994,7 @@ static void process_delete(process_t *p)
cwd = getcwd(NULL, 0);
if (cwd == NULL) {
- write_message(g_log_fd, ERR_MSG, "get cwd failed when do process delete");
+ write_message(ERR_MSG, "get cwd failed when do process delete");
return;
}
int nret = snprintf(log_path, PATH_MAX, "%s/log.json", cwd);
@@ -1094,13 +1092,13 @@ int create_process(process_t *p)
int nread = -1;
if (pipe2(exec_fd, O_CLOEXEC) != 0) {
- write_message(g_log_fd, ERR_MSG, "create pipe failed when create process:%d", SHIM_SYS_ERR(errno));
+ write_message(ERR_MSG, "create pipe failed when create process:%d", SHIM_SYS_ERR(errno));
return SHIM_ERR;
}
pid_t pid = fork();
if (pid == (pid_t) -1) {
- write_message(g_log_fd, ERR_MSG, "fork failed when create process:%d", SHIM_SYS_ERR(errno));
+ write_message(ERR_MSG, "fork failed when create process:%d", SHIM_SYS_ERR(errno));
return SHIM_ERR;
}
@@ -1120,7 +1118,7 @@ int create_process(process_t *p)
}
nread = read_nointr(exec_fd[0], exec_buff, sizeof(exec_buff) - 1);
if (nread > 0) {
- write_message(g_log_fd, ERR_MSG, "runtime error");
+ write_message(ERR_MSG, "runtime error");
ret = SHIM_ERR;
goto out;
}
@@ -1128,7 +1126,7 @@ int create_process(process_t *p)
/* block to wait runtime pid exit */
ret = waitpid(pid, NULL, 0);
if (ret != pid) {
- write_message(g_log_fd, ERR_MSG, "wait runtime failed:%d", SHIM_SYS_ERR(errno));
+ write_message(ERR_MSG, "wait runtime failed:%d", SHIM_SYS_ERR(errno));
ret = SHIM_ERR;
goto out;
}
@@ -1136,7 +1134,7 @@ int create_process(process_t *p)
/* save runtime pid */
data = read_text_file("pid");
if (data == NULL) {
- write_message(g_log_fd, ERR_MSG, "read pid of runtime failed");
+ write_message(ERR_MSG, "read pid of runtime failed");
goto out;
}
int ctr_pid = atoi(data);
@@ -1197,12 +1195,12 @@ static int waitpid_with_timeout(int ctr_pid, int *status, const uint64_t timeou
if (*status == CONTAINER_ACTION_REBOOT) {
nret = setenv("CONTAINER_ACTION", "reboot", 1);
if (nret != SHIM_OK) {
- write_message(g_log_fd, WARN_MSG, "set reboot action failed:%d", SHIM_SYS_ERR(errno));
+ write_message(WARN_MSG, "set reboot action failed:%d", SHIM_SYS_ERR(errno));
}
} else if (*status == CONTAINER_ACTION_SHUTDOWN) {
nret = setenv("CONTAINER_ACTION", "shutdown", 1);
if (nret != SHIM_OK) {
- write_message(g_log_fd, WARN_MSG, "set shutdown action failed:%d", SHIM_SYS_ERR(errno));
+ write_message(WARN_MSG, "set shutdown action failed:%d", SHIM_SYS_ERR(errno));
}
}
return SHIM_OK;
@@ -1225,12 +1223,12 @@ static int wait_container_process_with_timeout(process_t *p, const uint64_t time
if (*status == CONTAINER_ACTION_REBOOT) {
ret = setenv("CONTAINER_ACTION", "reboot", 1);
if (ret != SHIM_OK) {
- write_message(g_log_fd, WARN_MSG, "set reboot action failed:%d", SHIM_SYS_ERR(errno));
+ write_message(WARN_MSG, "set reboot action failed:%d", SHIM_SYS_ERR(errno));
}
} else if (*status == CONTAINER_ACTION_SHUTDOWN) {
ret = setenv("CONTAINER_ACTION", "shutdown", 1);
if (ret != SHIM_OK) {
- write_message(g_log_fd, WARN_MSG, "set shutdown action failed:%d", SHIM_SYS_ERR(errno));
+ write_message(WARN_MSG, "set shutdown action failed:%d", SHIM_SYS_ERR(errno));
}
}
return SHIM_OK;
@@ -1260,7 +1258,7 @@ int process_signal_handle_routine(process_t *p, const pthread_t tid_epoll, const
// kill container process to ensure process_kill_all effective
nret = kill(p->ctr_pid, SIGKILL);
if (nret < 0 && errno != ESRCH) {
- write_message(g_log_fd, ERR_MSG, "Can not kill process (pid=%d) with SIGKILL", p->ctr_pid);
+ write_message(ERR_MSG, "Can not kill process (pid=%d) with SIGKILL", p->ctr_pid);
return SHIM_ERR;
}
}
@@ -1270,7 +1268,7 @@ int process_signal_handle_routine(process_t *p, const pthread_t tid_epoll, const
// wait atmost 120 seconds
DO_RETRY_CALL(120, 1000000, nret, try_wait_all_child);
if (nret != 0) {
- write_message(g_log_fd, ERR_MSG, "Failed to wait all child after 120 seconds");
+ write_message(ERR_MSG, "Failed to wait all child after 120 seconds");
}
process_delete(p);
@@ -1280,13 +1278,13 @@ int process_signal_handle_routine(process_t *p, const pthread_t tid_epoll, const
if (p->sync_fd > 0) {
if (eventfd_write(p->sync_fd, 1)) {
- write_message(g_log_fd, ERR_MSG, "Failed to write sync fd");
+ write_message(ERR_MSG, "Failed to write sync fd");
}
}
nret = pthread_join(tid_epoll, NULL);
if (nret != 0) {
- write_message(g_log_fd, ERR_MSG, "Failed to join epoll loop thread");
+ write_message(ERR_MSG, "Failed to join epoll loop thread");
}
close(p->sync_fd);
@@ -1298,7 +1296,7 @@ int process_signal_handle_routine(process_t *p, const pthread_t tid_epoll, const
}
if (ret == SHIM_ERR_TIMEOUT) {
- write_message(g_log_fd, INFO_MSG, "Wait %d timeout", p->ctr_pid);
+ write_message(INFO_MSG, "Wait %d timeout", p->ctr_pid);
return SHIM_ERR_TIMEOUT;
}
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index dcc1d8ac..9adaf613 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -707,7 +707,7 @@ static int shim_create(bool fg, const char *id, const char *workdir, const char
int *exit_code, const char* timeout, int* shim_exit_code)
{
pid_t pid = 0;
- int exec_fd[2] = { -1, -1 };
+ int shim_stderr_pipe[2] = { -1, -1 };
int shim_stdout_pipe[2] = { -1, -1 };
int num = 0;
int ret = 0;
@@ -733,21 +733,21 @@ static int shim_create(bool fg, const char *id, const char *workdir, const char
return -1;
}
- if (pipe2(exec_fd, O_CLOEXEC) != 0) {
- ERROR("Failed to create pipe for shim create");
+ if (pipe2(shim_stderr_pipe, O_CLOEXEC) != 0) {
+ ERROR("Failed to create pipe for shim stderr");
return -1;
}
if (pipe2(shim_stdout_pipe, O_CLOEXEC) != 0) {
- ERROR("Failed to create pipe for shim exit code");
+ ERROR("Failed to create pipe for shim stdout");
return -1;
}
pid = fork();
if (pid < 0) {
ERROR("Failed fork for shim parent %s", strerror(errno));
- close(exec_fd[0]);
- close(exec_fd[1]);
+ close(shim_stderr_pipe[0]);
+ close(shim_stderr_pipe[1]);
close(shim_stdout_pipe[0]);
close(shim_stdout_pipe[1]);
return -1;
@@ -755,60 +755,64 @@ static int shim_create(bool fg, const char *id, const char *workdir, const char
if (pid == (pid_t)0) {
if (chdir(workdir) < 0) {
- (void)dprintf(exec_fd[1], "%s: failed chdir to %s", id, workdir);
+ (void)dprintf(shim_stderr_pipe[1], "%s: failed chdir to %s", id, workdir);
exit(EXIT_FAILURE);
}
if (fg) {
+ // child process, dup2 shim_stdout_pipe[1] to STDOUT
+ if (dup2(shim_stdout_pipe[1], STDOUT_FILENO) < 0) {
+ (void)dprintf(shim_stderr_pipe[1], "Dup stdout fd error: %s", strerror(errno));
+ exit(EXIT_FAILURE);
+ }
+ // child process, dup2 shim_stderr_pipe[1] to STDERR
+ if (dup2(shim_stderr_pipe[1], STDERR_FILENO) < 0) {
+ (void)dprintf(shim_stderr_pipe[1], "Dup stderr fd error: %s", strerror(errno));
+ exit(EXIT_FAILURE);
+ }
goto realexec;
}
// clear NOTIFY_SOCKET from the env to adapt runc create
if (unsetenv("NOTIFY_SOCKET") != 0) {
- (void)dprintf(exec_fd[1], "%s: unset env NOTIFY_SOCKET failed %s", id, strerror(errno));
+ (void)dprintf(shim_stderr_pipe[1], "%s: unset env NOTIFY_SOCKET failed %s", id, strerror(errno));
exit(EXIT_FAILURE);
}
pid = fork();
if (pid < 0) {
- (void)dprintf(exec_fd[1], "%s: fork shim-process failed %s", id, strerror(errno));
+ (void)dprintf(shim_stderr_pipe[1], "%s: fork shim-process failed %s", id, strerror(errno));
_exit(EXIT_FAILURE);
}
if (pid != 0) {
if (file_write_int(fpid, pid) != 0) {
- (void)dprintf(exec_fd[1], "%s: write %s with %d failed", id, fpid, pid);
+ (void)dprintf(shim_stderr_pipe[1], "%s: write %s with %d failed", id, fpid, pid);
}
_exit(EXIT_SUCCESS);
}
realexec:
/* real shim process. */
- close(exec_fd[0]);
+ close(shim_stderr_pipe[0]);
close(shim_stdout_pipe[0]);
- // child process, dup2 shim_stdout_pipe[1] to STDOUT
- if (dup2(shim_stdout_pipe[1], STDOUT_FILENO) < 0) {
- (void)dprintf(exec_fd[1], "Dup fd error: %s", strerror(errno));
- exit(EXIT_FAILURE);
- }
if (setsid() < 0) {
- (void)dprintf(exec_fd[1], "%s: failed setsid for process %d", id, getpid());
+ (void)dprintf(shim_stderr_pipe[1], "%s: failed setsid for process %d", id, getpid());
exit(EXIT_FAILURE);
}
- int ignore_fd[2] = {-1, -1};
- ignore_fd[0] = exec_fd[1];
- ignore_fd[1] = shim_stdout_pipe[1];
- if (util_check_inherited_exclude_fds(true, ignore_fd, 2) != 0) {
- (void)dprintf(exec_fd[1], "close inherited fds failed");
+
+ if (util_check_inherited(true, shim_stderr_pipe[1]) != 0) {
+ (void)dprintf(shim_stderr_pipe[1], "close inherited fds failed");
+ exit(EXIT_FAILURE);
}
execvp(SHIM_BINARY, (char * const *)params);
- (void)dprintf(exec_fd[1], "exec failed: %s", strerror(errno));
+ (void)dprintf(shim_stderr_pipe[1], "exec failed: %s", strerror(errno));
}
- close(exec_fd[1]);
+ close(shim_stderr_pipe[1]);
close(shim_stdout_pipe[1]);
- num = util_read_nointr(exec_fd[0], exec_buff, sizeof(exec_buff) - 1);
+ num = util_read_nointr(shim_stderr_pipe[0], exec_buff, sizeof(exec_buff) - 1);
if (num > 0) {
ERROR("Exec failed: %s", exec_buff);
ret = -1;
@@ -829,9 +833,16 @@ realexec:
goto out;
}
+ // exit_code is NULL when command is create.
if (exit_code == NULL) {
goto out;
}
+
+ // when exec in background, exit code is shim exit code
+ if (!fg) {
+ *exit_code = *shim_exit_code;
+ goto out;
+ }
ret = util_read_nointr(shim_stdout_pipe[0], exit_code, sizeof(int));
if (ret <= 0) {
*exit_code = 137;
@@ -839,7 +850,7 @@ realexec:
ret = 0;
out:
- close(exec_fd[0]);
+ close(shim_stderr_pipe[0]);
close(shim_stdout_pipe[0]);
if (ret != 0) {
show_shim_runtime_errlog(workdir);
@@ -1146,19 +1157,63 @@ err_out:
return NULL;
}
-int rt_isula_exec(const char *id, const char *runtime, const rt_exec_params_t *params, int *exit_code)
+static int preparation_exec(const char *id, const char *runtime, const char *workdir, const char *exec_id,
+ const rt_exec_params_t *params)
{
- char *exec_id = NULL;
- defs_process *process = NULL;
- const char **runtime_args = NULL;
+ int ret = 0;
size_t runtime_args_len = 0;
- char workdir[PATH_MAX] = { 0 };
char resize_fifo_dir[PATH_MAX] = { 0 };
+ const char **runtime_args = NULL;
+ shim_client_process_state p = { 0 };
+ defs_process *process = NULL;
+
+ ret = util_mkdir_p(workdir, DEFAULT_SECURE_DIRECTORY_MODE);
+ if (ret < 0) {
+ ERROR("failed mkdir exec workdir %s", workdir);
+ return -1;
+ }
+
+ ret = snprintf(resize_fifo_dir, sizeof(resize_fifo_dir), "%s/%s", workdir, RESIZE_FIFO_NAME);
+ if (ret < 0) {
+ ERROR("failed join resize fifo full path");
+ return -1;
+ }
+
+ ret = console_fifo_create(resize_fifo_dir);
+ if (ret < 0) {
+ ERROR("failed create resize fifo file");
+ return -1;
+ }
+
+ process = params->spec;
+ runtime_args_len = get_runtime_args(runtime, &runtime_args);
+
+ p.exec = true;
+ p.isulad_stdin = (char *)params->console_fifos[0];
+ p.isulad_stdout = (char *)params->console_fifos[1];
+ p.isulad_stderr = (char *)params->console_fifos[2];
+ p.resize_fifo = resize_fifo_dir;
+ p.runtime_args = (char **)runtime_args;
+ p.runtime_args_len = runtime_args_len;
+ copy_process(&p, process);
+
+ ret = create_process_json_file(workdir, &p);
+ if (ret != 0) {
+ ERROR("%s: failed create exec json file", id);
+ return -1;
+ }
+
+ return 0;
+}
+
+int rt_isula_exec(const char *id, const char *runtime, const rt_exec_params_t *params, int *exit_code)
+{
const char *cmd = NULL;
+ char *exec_id = NULL;
int ret = 0;
- char bundle[PATH_MAX] = { 0 };
int pid = 0;
- shim_client_process_state p = { 0 };
+ char bundle[PATH_MAX] = { 0 };
+ char workdir[PATH_MAX] = { 0 };
char *timeout = NULL;
int shim_exit_code = 0;
@@ -1166,8 +1221,6 @@ int rt_isula_exec(const char *id, const char *runtime, const rt_exec_params_t *p
ERROR("nullptr arguments not allowed");
return -1;
}
- process = params->spec;
- runtime_args_len = get_runtime_args(runtime, &runtime_args);
ret = snprintf(bundle, sizeof(bundle), "%s/%s", params->rootpath, id);
if (ret < 0) {
@@ -1191,36 +1244,10 @@ int rt_isula_exec(const char *id, const char *runtime, const rt_exec_params_t *p
ERROR("failed join exec full path");
goto out;
}
- ret = util_mkdir_p(workdir, DEFAULT_SECURE_DIRECTORY_MODE);
- if (ret < 0) {
- ERROR("failed mkdir exec workdir %s", workdir);
- goto out;
- }
- ret = snprintf(resize_fifo_dir, sizeof(resize_fifo_dir), "%s/%s", workdir, RESIZE_FIFO_NAME);
- if (ret < 0) {
- ERROR("failed join resize fifo full path");
- goto del_out;
- }
-
- ret = console_fifo_create(resize_fifo_dir);
- if (ret < 0) {
- ERROR("failed create resize fifo file");
- goto del_out;
- }
-
- p.exec = true;
- p.isulad_stdin = (char *)params->console_fifos[0];
- p.isulad_stdout = (char *)params->console_fifos[1];
- p.isulad_stderr = (char *)params->console_fifos[2];
- p.resize_fifo = resize_fifo_dir;
- p.runtime_args = (char **)runtime_args;
- p.runtime_args_len = runtime_args_len;
- copy_process(&p, process);
-
- ret = create_process_json_file(workdir, &p);
+ ret = preparation_exec(id, runtime, workdir, exec_id, params);
if (ret != 0) {
- ERROR("%s: failed create exec json file", id);
+ ERROR("%s: failed to preparation for exec %s", id, exec_id);
goto del_out;
}
--
2.25.1

57
0094-add-some-exec-test.patch Normal file
View File

@ -0,0 +1,57 @@
From a3d7fc99204f65e63b1686c5e78714627805e239 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Thu, 1 Jun 2023 16:40:23 +0800
Subject: [PATCH 15/15] add some exec test
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
CI/test_cases/container_cases/exec.sh | 12 ++++++++++++
CI/test_cases/container_cases/exec_runc.sh | 9 +++++++++
2 files changed, 21 insertions(+)
diff --git a/CI/test_cases/container_cases/exec.sh b/CI/test_cases/container_cases/exec.sh
index 50a262b6..96ceb884 100755
--- a/CI/test_cases/container_cases/exec.sh
+++ b/CI/test_cases/container_cases/exec.sh
@@ -36,6 +36,18 @@ function exec_workdir()
isula exec -ti --workdir /workdir cont_workdir pwd | grep "/workdir"
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - workdir is not /workdir failed" && ((ret++))
+ isula exec -ti cont_workdir sh -c "echo $HOME | grep '/root'"
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - HOME env is not /root failed" && ((ret++))
+
+ isula exec -ti cont_workdir /bin/sh -c 'exit 1'
+ [[ $? -ne 1 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - exit code should be 1" && ((ret++))
+
+ isula exec -ti cont_workdir /bin/sh -c 'exit 2'
+ [[ $? -ne 2 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - exit code should be 2" && ((ret++))
+
+ isula exec -tid cont_workdir /bin/sh -c 'exit 2'
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - exit code should be 0" && ((ret++))
+
isula rm -f `isula ps -a -q`
return ${ret}
diff --git a/CI/test_cases/container_cases/exec_runc.sh b/CI/test_cases/container_cases/exec_runc.sh
index ab394735..f963724e 100755
--- a/CI/test_cases/container_cases/exec_runc.sh
+++ b/CI/test_cases/container_cases/exec_runc.sh
@@ -44,6 +44,15 @@ function exec_runc_test()
isula exec -it $container_name date
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to exec date" && ((ret++))
+ isula exec -ti $container_name /bin/sh -c 'exit 1'
+ [[ $? -ne 1 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - exit code should be 1" && ((ret++))
+
+ isula exec -ti $container_name /bin/sh -c 'exit 2'
+ [[ $? -ne 2 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - exit code should be 2" && ((ret++))
+
+ isula exec -tid $container_name /bin/sh -c 'exit 2'
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - exit code should be 0" && ((ret++))
+
ls /var/run/isulad/runc/${ID}/exec/
ls /var/run/isulad/runc/${ID}/exec/ | wc -l | grep 0
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - residual dir after success exec" && ((ret++))
--
2.25.1

333
0095-2079-clean-network-reosurces-if-runpodsandbox-failed.patch Normal file
View File

@ -0,0 +1,333 @@
From bafac55f6981d7d602e27277baf7b24ecad09306 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Wed, 19 Jul 2023 07:36:00 +0000
Subject: [PATCH] !2079 clean network reosurces if runpodsandbox failed * clean
network reosurces if runpodsandbox failed
---
.../cri_pod_sandbox_manager_service_impl.cc | 122 +++++++++++-------
.../cri_pod_sandbox_manager_service_impl.h | 9 +-
.../executor/container_cb/execution_create.c | 12 +-
.../modules/api/network_namespace_api.h | 1 +
.../oci/storage/image_store/image_store.c | 2 +-
.../modules/runtime/isula/isula_rt_ops.c | 2 +-
.../modules/service/network_namespace_api.c | 22 ++++
test/cutils/utils_utils/utils_utils_ut.cc | 2 +-
8 files changed, 120 insertions(+), 52 deletions(-)
diff --git a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc
index 1cb3254d..91ca2735 100644
--- a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc
+++ b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc
@@ -485,10 +485,9 @@ cleanup:
}
void PodSandboxManagerServiceImpl::SetupSandboxNetwork(const runtime::v1alpha2::PodSandboxConfig &config,
- const std::string &response_id,
- const std::string &jsonCheckpoint, const container_inspect *inspect_data, Errors &error)
+ const std::string &response_id, const std::string &jsonCheckpoint,
+ const container_inspect *inspect_data, std::map<std::string, std::string> &stdAnnos, Errors &error)
{
- std::map<std::string, std::string> stdAnnos;
std::map<std::string, std::string> networkOptions;
// Setup sandbox files
@@ -525,9 +524,81 @@ void PodSandboxManagerServiceImpl::SetupSandboxNetwork(const runtime::v1alpha2::
Network::DEFAULT_NETWORK_INTERFACE_NAME, response_id, stdAnnos, networkOptions, error);
if (error.NotEmpty()) {
ERROR("SetupPod failed: %s", error.GetCMessage());
+ return;
+ }
+
+ SetNetworkReady(response_id, true, error);
+ DEBUG("set %s network ready", response_id.c_str());
+}
+
+void PodSandboxManagerServiceImpl::SetupNetowrkAndStartPodSandbox(const runtime::v1alpha2::PodSandboxConfig &config,
+ const container_inspect *inspect_data,
+ std::string &response_id, std::string &jsonCheckpoint,
+ Errors &error)
+{
+ std::map<std::string, std::string> stdAnnos;
+ char *netnsPath = nullptr;
+
+ netnsPath = get_sandbox_key(inspect_data);
+ if (netnsPath == nullptr || !util_file_exists(netnsPath)) {
+ error.Errorf("Network namespace not exist");
+ ERROR("Network namespace not exist for %s", response_id.c_str());
+ goto cleanup;
+ }
+
+ if (util_mount_namespace(netnsPath) != 0) {
+ error.Errorf("Failed to mount network namespace");
+ ERROR("Failed to mount network namespace for %s", response_id.c_str());
+ goto cleanup;
+ }
+
+ // Step 5: Setup networking for the sandbox.
+ SetupSandboxNetwork(config, response_id, jsonCheckpoint, inspect_data, stdAnnos, error);
+ if (error.NotEmpty()) {
+ util_umount_namespace(netnsPath);
+ goto cleanup;
+ }
+
+ // Step 6: Start the sandbox container.
+ StartSandboxContainer(response_id, error);
+ if (error.NotEmpty()) {
+ std::vector<std::string> errlist;
+ if (ClearCniNetwork(response_id, config.linux().security_context().namespace_options().network() ==
+ runtime::v1alpha2::NamespaceMode::NODE, config.metadata().namespace_(),
+ config.metadata().name(), errlist, stdAnnos, error) != 0) {
+ Errors tmpErr;
+ tmpErr.SetAggregate(errlist);
+ ERROR("Failed to clear cni network: %s", tmpErr.GetCMessage());
+ }
+ // network namespace is umount in ClearCniNetwork
+ goto cleanup;
+ }
+
+cleanup:
+ free(netnsPath);
+}
+
+void PodSandboxManagerServiceImpl::StartPodSandboxAndSetupNetowrk(const runtime::v1alpha2::PodSandboxConfig &config,
+ const container_inspect *inspect_data,
+ std::string &response_id, std::string &jsonCheckpoint,
+ Errors &error)
+{
+ std::map<std::string, std::string> stdAnnos;
+
+ // Step 5: Start the sandbox container.
+ StartSandboxContainer(response_id, error);
+ if (error.NotEmpty()) {
+ return;
}
- return;
+ SetupSandboxNetwork(config, response_id, jsonCheckpoint, inspect_data, stdAnnos, error);
+ if (error.NotEmpty()) {
+ Errors tmpErr;
+ StopContainerHelper(response_id, tmpErr);
+ if (tmpErr.NotEmpty()) {
+ ERROR("Failed to stop container: %s", tmpErr.GetCMessage());
+ }
+ }
}
auto PodSandboxManagerServiceImpl::RunPodSandbox(const runtime::v1alpha2::PodSandboxConfig &config,
@@ -536,7 +607,6 @@ auto PodSandboxManagerServiceImpl::RunPodSandbox(const runtime::v1alpha2::PodSan
std::string response_id;
std::string jsonCheckpoint;
container_inspect *inspect_data = nullptr;
- char *netnsPath = nullptr;
if (m_cb == nullptr || m_cb->container.create == nullptr || m_cb->container.start == nullptr) {
error.SetError("Unimplemented callback");
@@ -576,49 +646,13 @@ auto PodSandboxManagerServiceImpl::RunPodSandbox(const runtime::v1alpha2::PodSan
}
if (namespace_is_file(inspect_data->host_config->network_mode)) {
- netnsPath = get_sandbox_key(inspect_data);
- if (!util_file_exists(netnsPath) || util_mount_namespace(netnsPath) != 0) {
- error.Errorf("Failed to mount network namespace");
- ERROR("Failed to mount network namespace");
- goto cleanup;
- }
- }
-
- // Step 5: Setup networking for the sandbox.
- if (namespace_is_file(inspect_data->host_config->network_mode)) {
- SetupSandboxNetwork(config, response_id, jsonCheckpoint, inspect_data, error);
- if (error.NotEmpty()) {
- goto cleanup;
- }
- }
-
- // Step 6: Start the sandbox container.
- StartSandboxContainer(response_id, error);
- if (error.NotEmpty()) {
- goto cleanup;
- }
-
- // If netns mode is not file, setup network after start sandbox container
- if (!namespace_is_file(inspect_data->host_config->network_mode)) {
- SetupSandboxNetwork(config, response_id, jsonCheckpoint, inspect_data, error);
- if (error.NotEmpty()) {
- StopContainerHelper(response_id, error);
- goto cleanup;
- }
+ SetupNetowrkAndStartPodSandbox(config, inspect_data, response_id, jsonCheckpoint, error);
+ } else {
+ StartPodSandboxAndSetupNetowrk(config, inspect_data, response_id, jsonCheckpoint, error);
}
cleanup:
- if (error.Empty()) {
- SetNetworkReady(response_id, true, error);
- DEBUG("set %s ready", response_id.c_str());
- error.Clear();
- } else {
- if (netnsPath != nullptr && remove_network_namespace(netnsPath) != 0) {
- ERROR("Failed to remove network namespace");
- }
- }
free_container_inspect(inspect_data);
- free(netnsPath);
return response_id;
}
diff --git a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.h b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.h
index f7c0aa00..6b98641e 100644
--- a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.h
+++ b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.h
@@ -83,7 +83,14 @@ private:
void SetNetworkReady(const std::string &podSandboxID, bool ready, Errors &error);
void StartSandboxContainer(const std::string &response_id, Errors &error);
void SetupSandboxNetwork(const runtime::v1alpha2::PodSandboxConfig &config, const std::string &response_id,
- const std::string &jsonCheckpoint, const container_inspect *inspect_data, Errors &error);
+ const std::string &jsonCheckpoint, const container_inspect *inspect_data,
+ std::map<std::string, std::string> &stdAnnos, Errors &error);
+ void SetupNetowrkAndStartPodSandbox(const runtime::v1alpha2::PodSandboxConfig &config,
+ const container_inspect *inspect_data, std::string &response_id,
+ std::string &jsonCheckpoint, Errors &error);
+ void StartPodSandboxAndSetupNetowrk(const runtime::v1alpha2::PodSandboxConfig &config,
+ const container_inspect *inspect_data, std::string &response_id,
+ std::string &jsonCheckpoint, Errors &error);
void SetupSandboxFiles(const std::string &resolvPath, const runtime::v1alpha2::PodSandboxConfig &config,
Errors &error);
void StopContainerHelper(const std::string &containerID, Errors &error);
diff --git a/src/daemon/executor/container_cb/execution_create.c b/src/daemon/executor/container_cb/execution_create.c
index a039ba6b..29b5fc5e 100644
--- a/src/daemon/executor/container_cb/execution_create.c
+++ b/src/daemon/executor/container_cb/execution_create.c
@@ -1477,13 +1477,13 @@ int container_create_cb(const container_create_request *request, container_creat
if (merge_config_for_syscontainer(request, host_spec, v2_spec->config, oci_spec) != 0) {
ERROR("Failed to merge config for syscontainer");
cc = ISULAD_ERR_EXEC;
- goto umount_shm;
+ goto clean_netns;
}
if (merge_network(host_spec, request->rootfs, runtime_root, id, container_spec->hostname) != 0) {
ERROR("Failed to merge network config");
cc = ISULAD_ERR_EXEC;
- goto umount_shm;
+ goto clean_netns;
}
/* modify oci_spec by plugin. */
@@ -1491,14 +1491,14 @@ int container_create_cb(const container_create_request *request, container_creat
ERROR("Plugin event pre create failed");
(void)plugin_event_container_post_remove2(id, oci_spec); /* ignore error */
cc = ISULAD_ERR_EXEC;
- goto umount_shm;
+ goto clean_netns;
}
host_channel = dup_host_channel(host_spec->host_channel);
if (prepare_host_channel(host_channel, host_spec->user_remap)) {
ERROR("Failed to prepare host channel");
cc = ISULAD_ERR_EXEC;
- goto umount_shm;
+ goto clean_netns;
}
if (verify_container_settings(oci_spec) != 0) {
@@ -1533,6 +1533,10 @@ int container_create_cb(const container_create_request *request, container_creat
umount_channel:
umount_host_channel(host_channel);
+clean_netns:
+ if (namespace_is_file(host_spec->network_mode) && v2_spec->network_settings != NULL) {
+ (void)remove_network_namespace_file(v2_spec->network_settings->sandbox_key);
+ }
umount_shm:
umount_shm_by_configs(host_spec, v2_spec);
diff --git a/src/daemon/modules/api/network_namespace_api.h b/src/daemon/modules/api/network_namespace_api.h
index 9a18b1c0..f6201771 100644
--- a/src/daemon/modules/api/network_namespace_api.h
+++ b/src/daemon/modules/api/network_namespace_api.h
@@ -26,6 +26,7 @@ extern "C" {
int prepare_network_namespace(const char *netns_path);
int remove_network_namespace(const char *netns);
+int remove_network_namespace_file(const char *netns_path);
char *get_sandbox_key(const container_inspect *inspect_data);
#ifdef __cplusplus
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c
index aad8329e..daf08c85 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c
+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c
@@ -448,7 +448,7 @@ static image_t *by_digest(const char *name)
{
digest_image_t *digest_filter_images = NULL;
char *digest = NULL;
-
+
// split digest for image name with digest
digest = strrchr(name, '@');
if (digest == NULL || util_reg_match(__DIGESTPattern, digest)) {
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index 9adaf613..0f18926a 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -795,7 +795,7 @@ realexec:
/* real shim process. */
close(shim_stderr_pipe[0]);
close(shim_stdout_pipe[0]);
-
+
if (setsid() < 0) {
(void)dprintf(shim_stderr_pipe[1], "%s: failed setsid for process %d", id, getpid());
exit(EXIT_FAILURE);
diff --git a/src/daemon/modules/service/network_namespace_api.c b/src/daemon/modules/service/network_namespace_api.c
index e28e6f74..4cf44b6a 100644
--- a/src/daemon/modules/service/network_namespace_api.c
+++ b/src/daemon/modules/service/network_namespace_api.c
@@ -62,6 +62,28 @@ int remove_network_namespace(const char *netns_path)
return 0;
}
+int remove_network_namespace_file(const char *netns_path)
+{
+ int get_err = 0;
+
+ if (netns_path == NULL) {
+ ERROR("Invalid netns path");
+ return -1;
+ }
+
+ if (!util_file_exists(netns_path)) {
+ WARN("Namespace file does not exist");
+ return 0;
+ }
+
+ if (!util_force_remove_file(netns_path, &get_err)) {
+ ERROR("Failed to remove file %s, error: %s", netns_path, strerror(get_err));
+ return -1;
+ }
+
+ return 0;
+}
+
char *get_sandbox_key(const container_inspect *inspect_data)
{
char *sandbox_key = NULL;
diff --git a/test/cutils/utils_utils/utils_utils_ut.cc b/test/cutils/utils_utils/utils_utils_ut.cc
index 79583174..0d77820a 100644
--- a/test/cutils/utils_utils/utils_utils_ut.cc
+++ b/test/cutils/utils_utils/utils_utils_ut.cc
@@ -21,7 +21,7 @@ static pid_t test_pid = -1;
extern "C" {
DECLARE_WRAPPER_V(waitpid, pid_t, (__pid_t pid, int *stat_loc, int options));
- DEFINE_WRAPPER_V(waitpid, pid_t, (__pid_t pid, int *stat_loc, int options),(pid, stat_loc, options));
+ DEFINE_WRAPPER_V(waitpid, pid_t, (__pid_t pid, int *stat_loc, int options), (pid, stat_loc, options));
}
static pid_t waitpid_none_zero(__pid_t pid, int *stat_loc, int options)
--
2.25.1

24
iSulad.spec
View File

@ -1,5 +1,5 @@
%global _version 2.0.18
%global _release 9
%global _release 10
%global is_systemd 1
%global enable_shimv2 1
%global is_embedded 1
@ -92,6 +92,22 @@ Patch0076: 0076-fix-don-t-cleanup-when-remote-ro-is-enabled.patch
Patch0077: 0077-fix-layer-imcomplete-cause-isulad-core.patch
Patch0078: 0078-add-load-layer-testcase.patch
Patch0079: 0079-2037-archive-reader-close-if-copy-to-container-faile.patch
Patch0080: 0080-RO-refactor-remote-ro-code.patch
Patch0081: 0081-fix-lose-ipc-shm-mount-point.patch
Patch0082: 0082-CI-add-testcase-for-ipc-ns.patch
Patch0083: 0083-fix-inspect-image-by-digest.patch
Patch0084: 0084-add-isulad-basic-image-test-with-digest.patch
Patch0085: 0085-return-non-zero-if-copy-invalid.patch
Patch0086: 0086-add-invalid-copy-testcase.patch
Patch0087: 0087-2048-fix-some-code-check-error.patch
Patch0088: 0088-2046-reinforce-cri_stream.sh-and-health_check.sh.patch
Patch0089: 0089-2047-distinguishing-exit-codes-between-shim-and-cont.patch
Patch0090: 0090-2052-fix-some-codecheck.patch
Patch0091: 0091-disable-the-exec-timeout-function-for-kata-runtime.patch
Patch0092: 0092-debug-improve-debug-message-for-gc-containers.patch
Patch0093: 0093-refactor-rt_isula_exec-and-shim-log.patch
Patch0094: 0094-add-some-exec-test.patch
Patch0095: 0095-2079-clean-network-reosurces-if-runpodsandbox-failed.patch
%ifarch x86_64 aarch64
Provides: libhttpclient.so()(64bit)
@ -336,6 +352,12 @@ fi
%endif
%changelog
* Wed Jul 19 2023 zhongtao <zhongtao17@huawei.com> - 2.0.18-10
- Type: bugfix
- ID: NA
- SUG: NA
- DESC: upgrade from upstream
* Thu Jun 01 2023 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.18-9
- Type: bugfix
- ID: NA