diff --git a/0080-RO-refactor-remote-ro-code.patch b/0080-RO-refactor-remote-ro-code.patch new file mode 100644 index 0000000..81c8eb1 --- /dev/null +++ b/0080-RO-refactor-remote-ro-code.patch @@ -0,0 +1,217 @@ +From 72a02695064384dc8565a22fb786fbd639770afa Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Mon, 5 Jun 2023 07:56:41 +0000 +Subject: [PATCH 01/15] [RO] refactor remote ro code + +--- + CI/pr-gateway.sh | 2 +- + .../leftover_cleanup/leftover_cleanup_api.c | 2 +- + .../graphdriver/overlay2/driver_overlay2.c | 36 +++++-------------- + .../oci/storage/layer_store/layer_store.c | 21 ++++------- + src/utils/http/parser.c | 2 +- + 5 files changed, 17 insertions(+), 46 deletions(-) + +diff --git a/CI/pr-gateway.sh b/CI/pr-gateway.sh +index 93b07c44..b3da52d0 100755 +--- a/CI/pr-gateway.sh ++++ b/CI/pr-gateway.sh +@@ -111,7 +111,7 @@ pushd iSulad + rm -rf build + mkdir build + pushd build +-cmake -DDEBUG=ON -DCMAKE_INSTALL_PREFIX=/usr -DENABLE_UT=ON -DENABLE_SHIM_V2=OFF ../ || exit 1 ++cmake -DDEBUG=ON -DCMAKE_INSTALL_PREFIX=/usr -DENABLE_UT=ON -DENABLE_REMOTE_LAYER_STORE=ON -DENABLE_SHIM_V2=OFF ../ || exit 1 + make -j $(nproc) || exit 1 + ctest -V + popd +diff --git a/src/daemon/modules/container/leftover_cleanup/leftover_cleanup_api.c b/src/daemon/modules/container/leftover_cleanup/leftover_cleanup_api.c +index 8f077916..a20dbc3a 100644 +--- a/src/daemon/modules/container/leftover_cleanup/leftover_cleanup_api.c ++++ b/src/daemon/modules/container/leftover_cleanup/leftover_cleanup_api.c +@@ -25,7 +25,7 @@ int clean_module_init(const isulad_daemon_configs *args) + if (args->storage_enable_remote_layer) { + // need to disable cleanup + // cause cleanup may cleanup local broken RO layer +- // while this RO layer is valid for remote ++ // while this RO layer is valid for remote + return 0; + } + +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c +index 5ad487f9..4f7be30d 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c +@@ -867,7 +867,7 @@ out: + static int do_create_remote_ro(const char *id, const char *parent, const struct graphdriver *driver, + const struct driver_create_opts *create_opts) + { +- int ret = 0; ++ int ret = -1; + int get_err = 0; + char *ro_symlink = NULL; + char *ro_home = NULL; +@@ -879,69 +879,51 @@ static int do_create_remote_ro(const char *id, const char *parent, const struct + ro_home = util_path_join(driver->home, OVERLAY_RO_DIR); + if (ro_home == NULL) { + ERROR("Failed to join ro_home"); +- ret = -1; +- goto out; ++ return -1; + } + + layer_dir = util_path_join(ro_home, id); + if (layer_dir == NULL) { +- ERROR("Failed to join layer_dir"); +- ret = -1; ++ ERROR("Failed to join layer dir: %s", id); + goto out; + } + + ro_symlink = util_path_join(driver->home, id); + if (ro_symlink == NULL) { + ERROR("Failed to join ro_symlink"); +- ret = -1; +- goto out; +- } +- +- if (layer_dir == NULL) { +- ERROR("Failed to join layer dir:%s", id); +- ret = -1; + goto out; + } + + if (check_parent_valid(parent, driver) != 0) { +- ret = -1; + goto out; + } + + if (util_mkdir_p(layer_dir, 0700) != 0) { + ERROR("Unable to create layer directory %s.", layer_dir); +- ret = -1; + goto out; + } + + // mk symbol link + if (symlink(layer_dir, ro_symlink) != 0) { + SYSERROR("Unable to create symbol link to layer directory %s", layer_dir); +- ret = -1; + goto err_out; + } + + #ifdef ENABLE_USERNS_REMAP + if (set_file_owner_for_userns_remap(layer_dir, userns_remap) != 0) { + ERROR("Unable to change directory %s owner for user remap.", layer_dir); +- ret = -1; + goto out; + } + #endif + +- if (create_opts->storage_opt != NULL && create_opts->storage_opt->len != 0) { +- if (set_layer_quota(layer_dir, create_opts->storage_opt, driver) != 0) { +- ERROR("Unable to set layer quota %s", layer_dir); +- ret = -1; +- goto err_out; +- } +- } ++ // quota opts only setting on rw layer + + if (mk_sub_directories(id, parent, layer_dir, driver->home) != 0) { +- ret = -1; ++ ERROR("Create layer: %s sub dir failed", id); + goto err_out; + } + ++ ret = 0; + goto out; + + err_out: +@@ -1118,12 +1100,10 @@ int overlay2_create_ro(const char *id, const char *parent, const struct graphdri + #ifdef ENABLE_REMOTE_LAYER_STORE + if (driver->enable_remote_layer) { + return do_create_remote_ro(id, parent, driver, create_opts); +- } else { +- return do_create(id, parent, driver, create_opts); + } +-#else +- return do_create(id, parent, driver, create_opts); + #endif ++ ++ return do_create(id, parent, driver, create_opts); + } + + static char *read_layer_link_file(const char *layer_dir) +diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c +index 800a1cd7..08c7e4a6 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c +@@ -1329,7 +1329,7 @@ driver_remove: + if (ret != 0) { + (void)graphdriver_rm_layer(lid); + #ifdef ENABLE_REMOTE_LAYER_STORE +- if (g_enable_remote_layer) { ++ if (g_enable_remote_layer && !opts->writable) { + (void)remote_layer_remove_ro_dir(lid); + } else { + (void)layer_store_remove_layer(lid); +@@ -1412,14 +1412,10 @@ static int do_delete_layer(const char *id) + } + + #ifdef ENABLE_REMOTE_LAYER_STORE +- if (!g_enable_remote_layer) { +- ret = layer_store_remove_layer(l->slayer->id); ++ if (g_enable_remote_layer && !(l->slayer->writable)) { ++ ret = remote_layer_remove_ro_dir(l->slayer->id); + } else { +- if (l->slayer->writable) { +- ret = layer_store_remove_layer(l->slayer->id); +- } else { +- ret = remote_layer_remove_ro_dir(l->slayer->id); +- } ++ ret = layer_store_remove_layer(l->slayer->id); + } + #else + ret = layer_store_remove_layer(l->slayer->id); +@@ -2387,11 +2383,6 @@ int remote_layer_remove_memory_stores_with_lock(const char *id) + goto unlock_out; + } + +- if (map_search(g_metadata.by_id, (void *)id) == NULL) { +- DEBUG("remote layer already removed, don't delete: %s", id); +- goto unlock_out; +- } +- + ret = remove_memory_stores(id); + + unlock_out: +@@ -2412,13 +2403,13 @@ static layer_t *load_one_layer_from_json(const char *id) + nret = snprintf(tmpdir, PATH_MAX, "%s/%s", g_root_dir, id); + if (nret < 0 || nret >= PATH_MAX) { + ERROR("Sprintf: %s failed", id); +- goto free_out; ++ return NULL; + } + + mount_point_path = mountpoint_json_path(id); + if (mount_point_path == NULL) { + ERROR("Out of Memory"); +- goto free_out; ++ return NULL; + } + + rpath = layer_json_path(id); +diff --git a/src/utils/http/parser.c b/src/utils/http/parser.c +index a79893ba..30b26a00 100644 +--- a/src/utils/http/parser.c ++++ b/src/utils/http/parser.c +@@ -105,7 +105,7 @@ static int parser_cb_header_value(http_parser *parser, const char *buf, + size_t len) + { + struct parsed_http_message *m = parser->data; +- ++ + if (m->num_headers == 0) { + ERROR("Failed to parse header value because headers num is 0"); + return -1; +-- +2.25.1 + diff --git a/0081-fix-lose-ipc-shm-mount-point.patch b/0081-fix-lose-ipc-shm-mount-point.patch new file mode 100644 index 0000000..459cf31 --- /dev/null +++ b/0081-fix-lose-ipc-shm-mount-point.patch @@ -0,0 +1,45 @@ +From 9ebe9443ec6c2f6891beb508df81aa9d42685a4e Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Mon, 5 Jun 2023 17:08:20 +0800 +Subject: [PATCH 02/15] fix lose ipc shm mount point + +Signed-off-by: haozi007 +--- + src/daemon/modules/spec/specs_mount.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/src/daemon/modules/spec/specs_mount.c b/src/daemon/modules/spec/specs_mount.c +index c39fce36..c312e08e 100644 +--- a/src/daemon/modules/spec/specs_mount.c ++++ b/src/daemon/modules/spec/specs_mount.c +@@ -2761,21 +2761,21 @@ int setup_ipc_dirs(host_config *host_spec, container_config_v2_common_config *v2 + + ret = chown_for_shm(spath, host_spec->user_remap); + if (ret != 0) { +- ret = -1; +- goto out; ++ goto err_out; + } + + #ifdef ENABLE_USERNS_REMAP + if (change_shm_parent_dirs_owner_for_userns_remap(host_spec, spath) != 0) { + ERROR("Failed to change shm directory owner for user remap."); +- ret = -1; +- goto out; ++ goto err_out; + } + #endif + +-out: ++ return 0; ++ ++err_out: + (void)umount(spath); +- return ret; ++ return -1; + } + + static bool add_shm_mount(defs_mount ***all_mounts, size_t *all_mounts_len, const char *shm_path) +-- +2.25.1 + diff --git a/0082-CI-add-testcase-for-ipc-ns.patch b/0082-CI-add-testcase-for-ipc-ns.patch new file mode 100644 index 0000000..bf0f65c --- /dev/null +++ b/0082-CI-add-testcase-for-ipc-ns.patch @@ -0,0 +1,66 @@ +From c5834dc917e0bd4ad569ee3857f4719e77bcd6c5 Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Mon, 5 Jun 2023 17:08:28 +0800 +Subject: [PATCH 03/15] [CI] add testcase for ipc ns + +Signed-off-by: haozi007 +--- + CI/test_cases/container_cases/ipc_ns.sh | 46 +++++++++++++++++++++++++ + 1 file changed, 46 insertions(+) + create mode 100755 CI/test_cases/container_cases/ipc_ns.sh + +diff --git a/CI/test_cases/container_cases/ipc_ns.sh b/CI/test_cases/container_cases/ipc_ns.sh +new file mode 100755 +index 00000000..f8a77f0a +--- /dev/null ++++ b/CI/test_cases/container_cases/ipc_ns.sh +@@ -0,0 +1,46 @@ ++#!/bin/bash ++# ++# attributes: isulad ipc namespace usage ++# concurrent: NO ++# spend time: 29 ++ ++####################################################################### ++##- Copyright (c) Huawei Technologies Co., Ltd. 2023. All rights reserved. ++# - iSulad licensed under the Mulan PSL v2. ++# - You can use this software according to the terms and conditions of the Mulan PSL v2. ++# - You may obtain a copy of Mulan PSL v2 at: ++# - http://license.coscl.org.cn/MulanPSL2 ++# - THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++# - IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++# - PURPOSE. ++# - See the Mulan PSL v2 for more details. ++##- @Description:CI ++##- @Author: haozi007 ++##- @Create: 2023-06-05 ++####################################################################### ++ ++curr_path=$(dirname $(readlink -f "$0")) ++source ../helpers.sh ++ ++function do_test_t() ++{ ++ cid=$(isula create --name test1 -ti --ipc=shareable busybox /bin/sh) ++ ++ cat /proc/1/mountinfo | grep "$cid/mounts/shm" ++ fn_check_eq "$?" "0" "shareable ipc lose shm mount point" ++ ++ isula rm -f test1 ++ cat /proc/1/mountinfo | grep "$cid/mounts/shm" ++ fn_check_ne "$?" "0" "residual shm mount poit" ++ ++ return $TC_RET_T ++} ++ ++ret=0 ++ ++do_test_t ++if [ $? -ne 0 ];then ++ let "ret=$ret + 1" ++fi ++ ++show_result $ret "basic ipc namespace usage test" +-- +2.25.1 + diff --git a/0083-fix-inspect-image-by-digest.patch b/0083-fix-inspect-image-by-digest.patch new file mode 100644 index 0000000..8c03c11 --- /dev/null +++ b/0083-fix-inspect-image-by-digest.patch @@ -0,0 +1,58 @@ +From 51db6c626feef86435960c1be5510d31398fabfe Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Fri, 2 Jun 2023 17:20:04 +0800 +Subject: [PATCH 04/15] fix inspect image by digest + +Signed-off-by: zhongtao +--- + .../oci/storage/image_store/image_store.c | 27 +++++++++++++++++++ + 1 file changed, 27 insertions(+) + +diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c +index d89c28f4..aad8329e 100644 +--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c ++++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c +@@ -443,6 +443,27 @@ out: + return value; + } + ++// by_digest returns the image which matches the specified name. ++static image_t *by_digest(const char *name) ++{ ++ digest_image_t *digest_filter_images = NULL; ++ char *digest = NULL; ++ ++ // split digest for image name with digest ++ digest = strrchr(name, '@'); ++ if (digest == NULL || util_reg_match(__DIGESTPattern, digest)) { ++ return NULL; ++ } ++ digest++; ++ digest_filter_images = (digest_image_t *)map_search(g_image_store->bydigest, (void *)digest); ++ if (digest_filter_images == NULL) { ++ return NULL; ++ } ++ ++ // currently, a digest corresponds to an image, directly returning the first element ++ return linked_list_first_elem(&(digest_filter_images->images_list)); ++} ++ + static image_t *lookup(const char *id) + { + image_t *value = NULL; +@@ -467,6 +488,12 @@ static image_t *lookup(const char *id) + goto found; + } + ++ // get image by digest ++ value = by_digest(id); ++ if (value != NULL) { ++ goto found; ++ } ++ + return NULL; + + found: +-- +2.25.1 + diff --git a/0084-add-isulad-basic-image-test-with-digest.patch b/0084-add-isulad-basic-image-test-with-digest.patch new file mode 100644 index 0000000..50be77a --- /dev/null +++ b/0084-add-isulad-basic-image-test-with-digest.patch @@ -0,0 +1,102 @@ +From 4139b392b9044cffcfbfff54519adb02ae790591 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Fri, 2 Jun 2023 17:36:17 +0800 +Subject: [PATCH 05/15] add isulad basic image test with digest + +Signed-off-by: zhongtao +--- + CI/test_cases/image_cases/image_digest.sh | 82 +++++++++++++++++++++++ + 1 file changed, 82 insertions(+) + create mode 100755 CI/test_cases/image_cases/image_digest.sh + +diff --git a/CI/test_cases/image_cases/image_digest.sh b/CI/test_cases/image_cases/image_digest.sh +new file mode 100755 +index 00000000..a7cb594a +--- /dev/null ++++ b/CI/test_cases/image_cases/image_digest.sh +@@ -0,0 +1,82 @@ ++#!/bin/bash ++# ++# attributes: isulad basic image with digest ++# concurrent: NA ++# spend time: 4 ++ ++####################################################################### ++##- Copyright (c) Huawei Technologies Co., Ltd. 2023. All rights reserved. ++# - iSulad licensed under the Mulan PSL v2. ++# - You can use this software according to the terms and conditions of the Mulan PSL v2. ++# - You may obtain a copy of Mulan PSL v2 at: ++# - http://license.coscl.org.cn/MulanPSL2 ++# - THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++# - IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++# - PURPOSE. ++# - See the Mulan PSL v2 for more details. ++##- @Description:CI ++##- @Author: zhongtao ++##- @Create: 2023-06-02 ++####################################################################### ++ ++declare -r curr_path=$(dirname $(readlink -f "$0")) ++source ../helpers.sh ++ ++function test_image_with_digest() ++{ ++ local ret=0 ++ local image="busybox" ++ local image_digest="busybox@sha256:5cd3db04b8be5773388576a83177aff4f40a03457a63855f4b9cbe30542b9a43" ++ local test="pull && inspect && tag image with digest test => (${FUNCNAME[@]})" ++ ++ msg_info "${test} starting..." ++ ++ isula pull docker.io/library/${image_digest} ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to pull image: ${image}" && return ${FAILURE} ++ ++ isula tag ${image_digest} ${image}:digest_test ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to tag image: ${image}" && return ${FAILURE} ++ ++ isula images | grep busybox ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - missing list image: ${image}" && ((ret++)) ++ ++ isula inspect -f '{{.image.id}}' ${image}:digest_test | grep -E '^[0-9a-f]{64}$' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - invalid image id: ${image}" && ((ret++)) ++ ++ isula inspect -f '{{.image.repo_digests}}' ${image}:digest_test | grep -E "[\s\D]*${image}@sha256:[0-9a-f]{64}[\s\D]*" ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - invalid image repo digests: ${image}" && ((ret++)) ++ ++ isula inspect -f '{{.image.repo_tags}}' ${image_digest} | grep "${image}:digest_test" ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - invalid image digest: ${image_digest}" && ((ret++)) ++ ++ isula run -tid --name test ${image_digest} sh ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image digest: ${image_digest}" && ((ret++)) ++ ++ isula rm -f test ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to rm container" && ((ret++)) ++ ++ isula run -tid --name test ${image}:digest_test sh ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image tag: ${image}:latest" && ((ret++)) ++ ++ isula rm -f test ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to rm container" && ((ret++)) ++ ++ isula inspect -f '{{.image.repo_tags}}' ${image} | grep "${image}:latest" ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - invalid image repo tags: ${image}" && ((ret++)) ++ ++ isula rmi ${image_digest} ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to remove image ${image_digest}" && ((ret++)) ++ ++ isula rmi ${image}:digest_test ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to remove image ${image}:digest_test" && ((ret++)) ++ ++ msg_info "${test} finished with return ${ret}..." ++ return ${ret} ++} ++ ++declare -i ans=0 ++ ++test_image_with_digest || ((ans++)) ++ ++show_result ${ans} "${curr_path}/${0}" ++ +-- +2.25.1 + diff --git a/0085-return-non-zero-if-copy-invalid.patch b/0085-return-non-zero-if-copy-invalid.patch new file mode 100644 index 0000000..16b2b12 --- /dev/null +++ b/0085-return-non-zero-if-copy-invalid.patch @@ -0,0 +1,29 @@ +From 20558212d7ca0476fe21879c8773fdff83807b59 Mon Sep 17 00:00:00 2001 +From: zhangxiaoyu +Date: Tue, 6 Jun 2023 15:30:31 +0800 +Subject: [PATCH 06/15] return non-zero if copy invalid + +Signed-off-by: zhangxiaoyu +--- + src/cmd/isula/stream/cp.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/cmd/isula/stream/cp.c b/src/cmd/isula/stream/cp.c +index 2b0a79c7..f0cd99c9 100644 +--- a/src/cmd/isula/stream/cp.c ++++ b/src/cmd/isula/stream/cp.c +@@ -302,9 +302,11 @@ static int client_run_copy(const struct client_arguments *args, const char *sour + + if (direction == AcrossContainers) { + COMMAND_ERROR("copying between containers is not supported"); ++ ret = -1; + goto cleanup; + } + ++ ret = -1; + COMMAND_ERROR("must specify at least one container source"); + + cleanup: +-- +2.25.1 + diff --git a/0086-add-invalid-copy-testcase.patch b/0086-add-invalid-copy-testcase.patch new file mode 100644 index 0000000..cddb142 --- /dev/null +++ b/0086-add-invalid-copy-testcase.patch @@ -0,0 +1,51 @@ +From ea08b3c9b7c2c8cd49e707ecf0418246fbe53206 Mon Sep 17 00:00:00 2001 +From: zhangxiaoyu +Date: Tue, 6 Jun 2023 15:41:30 +0800 +Subject: [PATCH 07/15] add invalid copy testcase + +Signed-off-by: zhangxiaoyu +--- + CI/test_cases/container_cases/cp.sh | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +diff --git a/CI/test_cases/container_cases/cp.sh b/CI/test_cases/container_cases/cp.sh +index 35e9168c..668ce09b 100755 +--- a/CI/test_cases/container_cases/cp.sh ++++ b/CI/test_cases/container_cases/cp.sh +@@ -320,6 +320,25 @@ test_cp_symlink_from_container() + return ${ret} + } + ++test_cp_invalid() ++{ ++ local ret=0 ++ ++ isula cp nonexists1:/111 nonexists2:/222 2>&1 | grep "copying between containers is not supported" ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to check output" && ((ret++)) ++ ++ isula cp nonexists1:/111 nonexists2:/222 ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - copy from container to container return success" && ((ret++)) ++ ++ isula cp 111 222 2>&1 | grep "must specify at least one container source" ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to check output" && ((ret++)) ++ ++ isula cp 111 222 2>&1 ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - copy from host to host return success" && ((ret++)) ++ ++ return ${ret} ++} ++ + function cp_test_t() + { + local ret=0 +@@ -360,6 +379,7 @@ function cp_test_t() + test_cp_dir_to_container $containername || ((ret++)) + test_cp_symlink_to_container $containername || ((ret++)) + test_cp_symlink_from_container $containername || ((ret++)) ++ test_cp_invalid || ((ret++)) + + isula rm -f $containername + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to rm container: ${containername}" && ((ret++)) +-- +2.25.1 + diff --git a/0087-2048-fix-some-code-check-error.patch b/0087-2048-fix-some-code-check-error.patch new file mode 100644 index 0000000..85aabd2 --- /dev/null +++ b/0087-2048-fix-some-code-check-error.patch @@ -0,0 +1,178 @@ +From 4b5849ad6a04bd00733e6c96dd4ffa0d3febc159 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Tue, 6 Jun 2023 08:53:14 +0000 +Subject: [PATCH 08/15] !2048 fix some code check error * fix some code check + error + +--- + src/daemon/modules/image/oci/registry/auths.c | 4 +- + .../graphdriver/devmapper/wrapper_devmapper.h | 2 +- + .../modules/runtime/isula/isula_rt_ops.c | 52 +++++++++---------- + 3 files changed, 29 insertions(+), 29 deletions(-) + +diff --git a/src/daemon/modules/image/oci/registry/auths.c b/src/daemon/modules/image/oci/registry/auths.c +index a95127f2..ce67d51b 100644 +--- a/src/daemon/modules/image/oci/registry/auths.c ++++ b/src/daemon/modules/image/oci/registry/auths.c +@@ -265,9 +265,9 @@ out: + + if (ret != 0) { + free(element); +- element = 0; ++ element = NULL; + free(values); +- values = 0; ++ values = NULL; + } + + return ret; +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.h b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.h +index 5a692980..e8acebc0 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.h ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.h +@@ -30,7 +30,7 @@ struct dm_task; + extern "C" { + #endif + +-#define DEV_ERR -1 ++#define DEV_ERR (-1) + #define DEV_OK 0 + #define DEV_INIT 1 + +diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c +index fab0b657..9fe3ac4b 100644 +--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c ++++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c +@@ -498,8 +498,8 @@ static int status_string_to_int(const char *status) + static int runtime_call_status(const char *workdir, const char *runtime, const char *id, + struct runtime_container_status_info *ecsi) + { +- char *stdout = NULL; +- char *stderr = NULL; ++ char *stdout_msg = NULL; ++ char *stderr_msg = NULL; + oci_runtime_state *state = NULL; + struct parser_context ctx = { OPT_GEN_SIMPLIFY, 0 }; + parser_error perr = NULL; +@@ -509,19 +509,19 @@ static int runtime_call_status(const char *workdir, const char *runtime, const c + + runtime_exec_info_init(&rei, workdir, runtime, "state", NULL, 0, id, params, PARAM_NUM); + +- if (!util_exec_cmd(runtime_exec_func, &rei, NULL, &stdout, &stderr)) { +- ERROR("call runtime status failed: %s", stderr); ++ if (!util_exec_cmd(runtime_exec_func, &rei, NULL, &stdout_msg, &stderr_msg)) { ++ ERROR("call runtime status failed: %s", stderr_msg); + ret = -1; + goto out; + } + +- if (stdout == NULL) { +- ERROR("call runtime status no stdout"); ++ if (stdout_msg == NULL) { ++ ERROR("call runtime status no stdout_msg"); + ret = -1; + goto out; + } + +- state = oci_runtime_state_parse_data(stdout, &ctx, &perr); ++ state = oci_runtime_state_parse_data(stdout_msg, &ctx, &perr); + if (state == NULL) { + ERROR("call runtime status parse json failed"); + ret = -1; +@@ -538,8 +538,8 @@ static int runtime_call_status(const char *workdir, const char *runtime, const c + + out: + free_oci_runtime_state(state); +- UTIL_FREE_AND_SET_NULL(stdout); +- UTIL_FREE_AND_SET_NULL(stderr); ++ UTIL_FREE_AND_SET_NULL(stdout_msg); ++ UTIL_FREE_AND_SET_NULL(stderr_msg); + UTIL_FREE_AND_SET_NULL(perr); + return ret; + } +@@ -547,8 +547,8 @@ out: + static int runtime_call_stats(const char *workdir, const char *runtime, const char *id, + struct runtime_container_resources_stats_info *info) + { +- char *stdout = NULL; +- char *stderr = NULL; ++ char *stdout_msg = NULL; ++ char *stderr_msg = NULL; + shim_client_runtime_stats *stats = NULL; + struct parser_context ctx = { OPT_GEN_SIMPLIFY, 0 }; + parser_error perr = NULL; +@@ -559,19 +559,19 @@ static int runtime_call_stats(const char *workdir, const char *runtime, const ch + + runtime_exec_info_init(&rei, workdir, runtime, "events", opts, 1, id, params, PARAM_NUM); + +- if (!util_exec_cmd(runtime_exec_func, &rei, NULL, &stdout, &stderr)) { +- ERROR("call runtime events --stats failed: %s", stderr); ++ if (!util_exec_cmd(runtime_exec_func, &rei, NULL, &stdout_msg, &stderr_msg)) { ++ ERROR("call runtime events --stats failed: %s", stderr_msg); + ret = -1; + goto out; + } + +- if (stdout == NULL) { +- ERROR("call runtime events --stats no stdout"); ++ if (stdout_msg == NULL) { ++ ERROR("call runtime events --stats no stdout_msg"); + ret = -1; + goto out; + } + +- stats = shim_client_runtime_stats_parse_data(stdout, &ctx, &perr); ++ stats = shim_client_runtime_stats_parse_data(stdout_msg, &ctx, &perr); + if (stats == NULL) { + ERROR("call runtime events --stats parse json failed"); + ret = -1; +@@ -595,8 +595,8 @@ static int runtime_call_stats(const char *workdir, const char *runtime, const ch + + out: + free_shim_client_runtime_stats(stats); +- UTIL_FREE_AND_SET_NULL(stdout); +- UTIL_FREE_AND_SET_NULL(stderr); ++ UTIL_FREE_AND_SET_NULL(stdout_msg); ++ UTIL_FREE_AND_SET_NULL(stderr_msg); + UTIL_FREE_AND_SET_NULL(perr); + return ret; + } +@@ -605,27 +605,27 @@ static int runtime_call_simple(const char *workdir, const char *runtime, const c + size_t opts_len, const char *id, handle_output_callback_t cb) + { + runtime_exec_info rei = { 0 }; +- char *stdout = NULL; +- char *stderr = NULL; ++ char *stdout_msg = NULL; ++ char *stderr_msg = NULL; + int ret = 0; + char *params[PARAM_NUM] = { 0 }; + + runtime_exec_info_init(&rei, workdir, runtime, subcmd, opts, opts_len, id, params, PARAM_NUM); +- if (!util_exec_cmd(runtime_exec_func, &rei, NULL, &stdout, &stderr)) { +- ERROR("call runtime %s failed stderr %s", subcmd, stderr); ++ if (!util_exec_cmd(runtime_exec_func, &rei, NULL, &stdout_msg, &stderr_msg)) { ++ ERROR("call runtime %s failed stderr %s", subcmd, stderr_msg); + ret = -1; + // additional handler for the stderr, + // this intend to change the ret val of this function + // for example, if output string contains some specific content, + // we consider the runtime call simple succeeded, + // even if the process exit with failure. +- if (stderr != NULL && cb != NULL) { +- ret = cb(stderr); ++ if (stderr_msg != NULL && cb != NULL) { ++ ret = cb(stderr_msg); + } + } + +- UTIL_FREE_AND_SET_NULL(stdout); +- UTIL_FREE_AND_SET_NULL(stderr); ++ UTIL_FREE_AND_SET_NULL(stdout_msg); ++ UTIL_FREE_AND_SET_NULL(stderr_msg); + return ret; + } + +-- +2.25.1 + diff --git a/0088-2046-reinforce-cri_stream.sh-and-health_check.sh.patch b/0088-2046-reinforce-cri_stream.sh-and-health_check.sh.patch new file mode 100644 index 0000000..2ffd666 --- /dev/null +++ b/0088-2046-reinforce-cri_stream.sh-and-health_check.sh.patch @@ -0,0 +1,297 @@ +From c70e4aaaf5b1748432fd325856e07770a267336e Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Tue, 6 Jun 2023 11:50:26 +0000 +Subject: [PATCH 09/15] !2046 reinforce cri_stream.sh and health_check.sh * + reinforce cri_stream.sh and health_check.sh + +--- + CI/test_cases/container_cases/cri_stream.sh | 35 +++++- + CI/test_cases/container_cases/health_check.sh | 103 +++++++++++++----- + 2 files changed, 103 insertions(+), 35 deletions(-) + +diff --git a/CI/test_cases/container_cases/cri_stream.sh b/CI/test_cases/container_cases/cri_stream.sh +index 8b5440d3..2360e240 100755 +--- a/CI/test_cases/container_cases/cri_stream.sh ++++ b/CI/test_cases/container_cases/cri_stream.sh +@@ -9,6 +9,27 @@ data_path=$(realpath $curr_path/criconfigs) + pause_img_path=$(realpath $curr_path/test_data) + source ../helpers.sh + ++# $1 : retry limit ++# $2 : retry_interval ++# $3 : retry function ++function do_retry() ++{ ++ for i in $(seq 1 "$1"); do ++ $3 ++ if [ $? -ne 0 ]; then ++ return 0 ++ fi ++ sleep $2 ++ done ++ return 1 ++} ++ ++function get_ioCopy() ++{ ++ ps -T -p $(cat /var/run/isulad.pid) | grep IoCopy ++ return $? ++} ++ + function do_pre() + { + local ret=0 +@@ -58,6 +79,8 @@ function set_up() + function test_cri_exec_fun() + { + local ret=0 ++ local retry_limit=20 ++ local retry_interval=1 + local test="test_cri_exec_fun => (${FUNCNAME[@]})" + msg_info "${test} starting..." + declare -a fun_pids +@@ -74,9 +97,8 @@ function test_cri_exec_fun() + done + wait ${abn_pids[*]// /|} + +- sleep 2 +- ps -T -p $(cat /var/run/isulad.pid) | grep IoCopy +- [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - residual IO copy thread in CRI exec operation" && ((ret++)) ++ do_retry ${retry_limit} ${retry_interval} get_ioCopy ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - residual IO copy thread in CRI exec operation" && ((ret++)) + + msg_info "${test} finished with return ${ret}..." + return ${ret} +@@ -85,6 +107,8 @@ function test_cri_exec_fun() + function test_cri_exec_abn + { + local ret=0 ++ local retry_limit=20 ++ local retry_interval=1 + local test="test_cri_exec_abn => (${FUNCNAME[@]})" + msg_info "${test} starting..." + +@@ -92,10 +116,9 @@ function test_cri_exec_abn + pid=$! + sleep 3 + kill -9 $pid +- sleep 2 + +- ps -T -p $(cat /var/run/isulad.pid) | grep IoCopy +- [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - residual IO copy thread in CRI exec operation" && ((ret++)) ++ do_retry ${retry_limit} ${retry_interval} get_ioCopy ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - residual IO copy thread in CRI exec operation" && ((ret++)) + + msg_info "${test} finished with return ${ret}..." + return ${ret} +diff --git a/CI/test_cases/container_cases/health_check.sh b/CI/test_cases/container_cases/health_check.sh +index b8256087..efb357e0 100755 +--- a/CI/test_cases/container_cases/health_check.sh ++++ b/CI/test_cases/container_cases/health_check.sh +@@ -26,9 +26,40 @@ image="busybox" + isula pull ${image} + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to pull image: ${image}" && exit ${FAILURE} + ++# $1 : retry limit ++# $2 : retry_interval ++# $3 : retry function ++# $4 : retry function parms 1 ++# $5 : retry function parms 2 ++function do_retry() ++{ ++ for i in $(seq 1 "$1"); do ++ $3 $4 $5 ++ if [ $? -eq 0 ]; then ++ return 0 ++ fi ++ sleep $2 ++ done ++ return 1 ++} ++ ++function inspect_container_status() ++{ ++ [[ $(isula inspect -f '{{.State.Health.Status}}' ${1}) == "${2}" ]] ++ return $? ++} ++ ++function inspect_container_exitcode() ++{ ++ [[ $(isula inspect -f '{{.State.ExitCode}}' ${1}) == "${2}" ]] ++ return $? ++} ++ + function test_health_check_paraments() + { + local ret=0 ++ local retry_limit=10 ++ local retry_interval=1 + local test="list && inspect image info test => (${FUNCNAME[@]})" + + msg_info "${test} starting..." +@@ -37,7 +68,7 @@ function test_health_check_paraments() + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - missing list image: ${image}" && ((ret++)) + + container_name="health_check_para" +- isula run -itd -n ${container_name} --health-cmd 'echo "iSulad" ; exit 1' \ ++ isula run -itd --runtime $1 -n ${container_name} --health-cmd 'echo "iSulad" ; exit 1' \ + --health-interval 5s --health-retries 2 --health-start-period 8s --health-exit-on-unhealthy ${image} /bin/sh + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image: ${image}" && ((ret++)) + +@@ -45,15 +76,16 @@ function test_health_check_paraments() + [[ $(isula inspect -f '{{.State.Status}}' ${container_name}) == "running" ]] + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container status: not running" && ((ret++)) + +- sleep 13 # finish first health check +- ++ # finish first health check ++ sleep 10 ++ do_retry ${retry_limit} ${retry_interval} inspect_container_status ${container_name} starting + # keep starting status with health check return non-zero at always until status change to unhealthy +- [[ $(isula inspect -f '{{.State.Health.Status}}' ${container_name}) == "starting" ]] + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not starting" && ((ret++)) + + sleep 6 # finish second health check + +- [[ $(isula inspect -f '{{.State.Health.Status}}' ${container_name}) == "unhealthy" ]] ++ success=1 ++ do_retry ${retry_limit} ${retry_interval} inspect_container_status ${container_name} unhealthy + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not unhealthy" && ((ret++)) + + # validate --health-retries option +@@ -77,6 +109,8 @@ function test_health_check_normally() + { + local ret=0 + local image="busybox" ++ local retry_limit=10 ++ local retry_interval=1 + local test="list && inspect image info test => (${FUNCNAME[@]})" + + msg_info "${test} starting..." +@@ -85,31 +119,32 @@ function test_health_check_normally() + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - missing list image: ${image}" && ((ret++)) + + container_name="health_check_normally" +- isula run -itd -n ${container_name} --health-cmd 'date' --health-interval 5s ${image} /bin/sh ++ isula run -itd --runtime $1 -n ${container_name} --health-cmd 'date' --health-interval 5s ${image} /bin/sh + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image: ${image}" && ((ret++)) + + # start period : 0s => interval: 2s => do health check => interval: 2s => do health check => ... + [[ $(isula inspect -f '{{.State.Status}}' ${container_name}) == "running" ]] + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container status: not running" && ((ret++)) + +- sleep 2 # Health check has been performed yet +- ++ # Health check has been performed yet ++ do_retry ${retry_limit} ${retry_interval} inspect_container_status ${container_name} starting + # Initial status when the container is still starting +- [[ $(isula inspect -f '{{.State.Health.Status}}' ${container_name}) == "starting" ]] +- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not starting" && ((ret++)) ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not starting" && ((ret++)) + + sleep 8 # finish first health check ++ ++ do_retry ${retry_limit} ${retry_interval} inspect_container_status ${container_name} healthy + # When the health check returns successfully, status immediately becomes healthy +- [[ $(isula inspect -f '{{.State.Health.Status}}' ${container_name}) == "healthy" ]] +- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not healthy" && ((ret++)) +- +- kill -9 $(isula inspect -f '{{.State.Pid}}' ${container_name}) && sleep 1 # Wait for the container to be killed ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not healthy" && ((ret++)) + ++ kill -9 $(isula inspect -f '{{.State.Pid}}' ${container_name}) ++ ++ # Wait for the container to be killed ++ do_retry ${retry_limit} ${retry_interval} inspect_container_status ${container_name} unhealthy + # The container process exits abnormally and the health check status becomes unhealthy +- [[ $(isula inspect -f '{{.State.Health.Status}}' ${container_name}) == "unhealthy" ]] + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not unhealthy" && ((ret++)) + +- [[ $(isula inspect -f '{{.State.ExitCode}}' ${container_name}) == "137" ]] ++ do_retry ${retry_limit} ${retry_interval} inspect_container_exitcode ${container_name} 137 + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container exit code: not 137" && ((ret++)) + + isula rm -f ${container_name} +@@ -123,6 +158,9 @@ function test_health_check_timeout() + { + local ret=0 + local image="busybox" ++ local retry_limit=10 ++ local retry_interval=1 ++ local success=1 + local test="list && inspect image info test => (${FUNCNAME[@]})" + + msg_info "${test} starting..." +@@ -131,7 +169,7 @@ function test_health_check_timeout() + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - missing list image: ${image}" && ((ret++)) + + container_name="health_check_timeout" +- isula run -itd -n ${container_name} --health-cmd 'sleep 5' --health-interval 5s --health-timeout 1s \ ++ isula run -itd --runtime $1 -n ${container_name} --health-cmd 'sleep 5' --health-interval 5s --health-timeout 1s \ + --health-retries 1 --health-exit-on-unhealthy ${image} /bin/sh + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image: ${image}" && ((ret++)) + +@@ -139,19 +177,19 @@ function test_health_check_timeout() + [[ $(isula inspect -f '{{.State.Status}}' ${container_name}) == "running" ]] + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container status: not running" && ((ret++)) + +- sleep 1 # Health check has been performed yet +- ++ # Health check has been performed yet ++ do_retry ${retry_limit} ${retry_interval} inspect_container_status ${container_name} starting + # Initial status when the container is still starting +- [[ $(isula inspect -f '{{.State.Health.Status}}' ${container_name}) == "starting" ]] + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not starting" && ((ret++)) + + sleep 7 # finish first health check ++ ++ do_retry ${retry_limit} ${retry_interval} inspect_container_status ${container_name} unhealthy + # The container process exits and the health check status becomes unhealthy +- [[ $(isula inspect -f '{{.State.Health.Status}}' ${container_name}) == "unhealthy" ]] + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not unhealthy" && ((ret++)) + +- [[ $(isula inspect -f '{{.State.ExitCode}}' ${container_name}) == "137" ]] +- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container exit code: not 137" && ((ret++)) ++ do_retry ${retry_limit} ${retry_interval} inspect_container_exitcode ${container_name} 137 ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container exit code: not 137" && ((ret++)) + + isula rm -f ${container_name} + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to remove container: ${container_name}" && ((ret++)) +@@ -174,7 +212,7 @@ function test_health_check_monitor() + isula rm -f $(isula ps -qa) + + container_name="health_check_monitor" +- isula run -itd -n ${container_name} --health-cmd="sleep 3" --health-interval 3s busybox ++ isula run -itd --runtime $1 -n ${container_name} --health-cmd="sleep 3" --health-interval 3s busybox + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image: ${image}" && ((ret++)) + + isula stop -t 0 ${container_name} && isula start ${container_name} && \ +@@ -193,13 +231,20 @@ function test_health_check_monitor() + + declare -i ans=0 + +-test_health_check_paraments || ((ans++)) ++for element in ${RUNTIME_LIST[@]}; ++do ++ test="health check test => (${element})" ++ msg_info "${test} starting..." + +-test_health_check_normally || ((ans++)) ++ test_health_check_paraments $element || ((ans++)) + +-test_health_check_timeout || ((ans++)) ++ test_health_check_normally $element || ((ans++)) + +-test_health_check_monitor || ((ans++)) ++ test_health_check_timeout $element || ((ans++)) + +-show_result ${ans} "${curr_path}/${0}" ++ test_health_check_monitor $element || ((ans++)) + ++ msg_info "${test} finished with return ${ans}..." ++done ++ ++show_result ${ans} "${curr_path}/${0}" +-- +2.25.1 + diff --git a/0089-2047-distinguishing-exit-codes-between-shim-and-cont.patch b/0089-2047-distinguishing-exit-codes-between-shim-and-cont.patch new file mode 100644 index 0000000..7a376c7 --- /dev/null +++ b/0089-2047-distinguishing-exit-codes-between-shim-and-cont.patch @@ -0,0 +1,226 @@ +From e671d01c7ab6183a602c9c3e4b7f30d619831719 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Tue, 6 Jun 2023 11:55:16 +0000 +Subject: [PATCH 10/15] !2047 distinguishing exit codes between shim and + container processes * distinguishing exit codes between shim and container + processes + +--- + src/cmd/isulad-shim/main.c | 10 ++- + src/cmd/isulad-shim/process.c | 8 ++- + .../modules/runtime/isula/isula_rt_ops.c | 65 +++++++++++++++---- + 3 files changed, 65 insertions(+), 18 deletions(-) + +diff --git a/src/cmd/isulad-shim/main.c b/src/cmd/isulad-shim/main.c +index ed55805c..e2625aac 100644 +--- a/src/cmd/isulad-shim/main.c ++++ b/src/cmd/isulad-shim/main.c +@@ -160,5 +160,13 @@ int main(int argc, char **argv) + + released_timeout_exit(); + +- return process_signal_handle_routine(p, tid_epoll, timeout); ++ ret = process_signal_handle_routine(p, tid_epoll, timeout); ++ if (ret == SHIM_ERR) { ++ exit(EXIT_FAILURE); ++ } ++ if (ret == SHIM_ERR_TIMEOUT) { ++ exit(SHIM_EXIT_TIMEOUT); ++ } ++ ++ exit(EXIT_SUCCESS); + } +diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c +index aa3aa37c..138a71fb 100644 +--- a/src/cmd/isulad-shim/process.c ++++ b/src/cmd/isulad-shim/process.c +@@ -1264,7 +1264,7 @@ int process_signal_handle_routine(process_t *p, const pthread_t tid_epoll, const + nret = kill(p->ctr_pid, SIGKILL); + if (nret < 0 && errno != ESRCH) { + write_message(g_log_fd, ERR_MSG, "Can not kill process (pid=%d) with SIGKILL", p->ctr_pid); +- exit(EXIT_FAILURE); ++ return SHIM_ERR; + } + } + +@@ -1302,8 +1302,10 @@ int process_signal_handle_routine(process_t *p, const pthread_t tid_epoll, const + + if (ret == SHIM_ERR_TIMEOUT) { + write_message(g_log_fd, INFO_MSG, "Wait %d timeout", p->ctr_pid); +- exit(SHIM_EXIT_TIMEOUT); ++ return SHIM_ERR_TIMEOUT; + } +- return status; + ++ // write container process exit_code in stdout ++ (void)write_nointr(STDOUT_FILENO, &status, sizeof(int)); ++ return SHIM_OK; + } +diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c +index 9fe3ac4b..3fe895f8 100644 +--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c ++++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c +@@ -672,9 +672,9 @@ static int runtime_call_kill_and_check(const char *workdir, const char *runtime, + static int runtime_call_delete_force(const char *workdir, const char *runtime, const char *id) + { + const char *opts[1] = { "--force" }; +- // delete succeed, return 0; +- // When the runc version is less than or equal to v1.0.0-rc3, +- // if the container does not exist when force deleting it, ++ // delete succeed, return 0; ++ // When the runc version is less than or equal to v1.0.0-rc3, ++ // if the container does not exist when force deleting it, + // runc will report an error and isulad does not need to retry the deletion again. + // related PR ID:d1a743674a98e23d348b29f52c43436356f56b79 + // non_existent_output_check succeed, return 0; +@@ -699,11 +699,16 @@ static int status_to_exit_code(int status) + return exit_code; + } + ++/* ++ exit_code records the exit code of the container, obtained by reading the stdout of isulad-shim; ++ shim_exit_code records the exit code of isulad-shim, obtained through waitpid; ++*/ + static int shim_create(bool fg, const char *id, const char *workdir, const char *bundle, const char *runtime_cmd, +- int *exit_code, const char* timeout) ++ int *exit_code, const char* timeout, int* shim_exit_code) + { + pid_t pid = 0; + int exec_fd[2] = { -1, -1 }; ++ int shim_stdout_pipe[2] = { -1, -1 }; + int num = 0; + int ret = 0; + char exec_buff[BUFSIZ + 1] = { 0 }; +@@ -733,11 +738,18 @@ static int shim_create(bool fg, const char *id, const char *workdir, const char + return -1; + } + ++ if (pipe2(shim_stdout_pipe, O_CLOEXEC) != 0) { ++ ERROR("Failed to create pipe for shim exit code"); ++ return -1; ++ } ++ + pid = fork(); + if (pid < 0) { + ERROR("Failed fork for shim parent %s", strerror(errno)); + close(exec_fd[0]); + close(exec_fd[1]); ++ close(shim_stdout_pipe[0]); ++ close(shim_stdout_pipe[1]); + return -1; + } + +@@ -772,12 +784,21 @@ static int shim_create(bool fg, const char *id, const char *workdir, const char + realexec: + /* real shim process. */ + close(exec_fd[0]); ++ close(shim_stdout_pipe[0]); ++ // child process, dup2 shim_stdout_pipe[1] to STDOUT ++ if (dup2(shim_stdout_pipe[1], STDOUT_FILENO) < 0) { ++ (void)dprintf(exec_fd[1], "Dup fd error: %s", strerror(errno)); ++ exit(EXIT_FAILURE); ++ } ++ + if (setsid() < 0) { + (void)dprintf(exec_fd[1], "%s: failed setsid for process %d", id, getpid()); + exit(EXIT_FAILURE); + } +- +- if (util_check_inherited(true, exec_fd[1]) != 0) { ++ int ignore_fd[2] = {-1, -1}; ++ ignore_fd[0] = exec_fd[1]; ++ ignore_fd[1] = shim_stdout_pipe[1]; ++ if (util_check_inherited_exclude_fds(true, ignore_fd, 2) != 0) { + (void)dprintf(exec_fd[1], "close inherited fds failed"); + } + +@@ -786,26 +807,40 @@ realexec: + } + + close(exec_fd[1]); ++ close(shim_stdout_pipe[1]); + num = util_read_nointr(exec_fd[0], exec_buff, sizeof(exec_buff) - 1); +- close(exec_fd[0]); + if (num > 0) { +- ERROR("exec failed: %s", exec_buff); ++ ERROR("Exec failed: %s", exec_buff); + ret = -1; + goto out; + } + + status = util_wait_for_pid_status(pid); + if (status < 0) { +- ERROR("failed wait shim-parent %d exit %s", pid, strerror(errno)); ++ ERROR("Failed wait shim-parent %d exit %s", pid, strerror(errno)); + ret = -1; + goto out; + } + +- if (exit_code != NULL) { +- *exit_code = status_to_exit_code(status); ++ *shim_exit_code = status_to_exit_code(status); ++ if (*shim_exit_code != 0) { ++ ERROR("Isulad-shim exit error"); ++ ret = -1; ++ goto out; + } + ++ if (exit_code == NULL) { ++ goto out; ++ } ++ ret = util_read_nointr(shim_stdout_pipe[0], exit_code, sizeof(int)); ++ if (ret <= 0) { ++ *exit_code = 137; ++ } ++ ret = 0; ++ + out: ++ close(exec_fd[0]); ++ close(shim_stdout_pipe[0]); + if (ret != 0) { + show_shim_runtime_errlog(workdir); + if (timeout <= 0) { +@@ -887,6 +922,7 @@ int rt_isula_create(const char *id, const char *runtime, const rt_create_params_ + int ret = 0; + char workdir[PATH_MAX] = { 0 }; + shim_client_process_state p = { 0 }; ++ int shim_exit_code = 0; + + if (id == NULL || runtime == NULL || params == NULL) { + ERROR("nullptr arguments not allowed"); +@@ -919,7 +955,7 @@ int rt_isula_create(const char *id, const char *runtime, const rt_create_params_ + } + + get_runtime_cmd(runtime, &cmd); +- ret = shim_create(false, id, workdir, params->bundle, cmd, NULL, NULL); ++ ret = shim_create(false, id, workdir, params->bundle, cmd, NULL, NULL, &shim_exit_code); + if (ret != 0) { + runtime_call_delete_force(workdir, runtime, id); + ERROR("%s: failed create shim process", id); +@@ -1124,6 +1160,7 @@ int rt_isula_exec(const char *id, const char *runtime, const rt_exec_params_t *p + int pid = 0; + shim_client_process_state p = { 0 }; + char *timeout = NULL; ++ int shim_exit_code = 0; + + if (id == NULL || runtime == NULL || params == NULL || exit_code == NULL) { + ERROR("nullptr arguments not allowed"); +@@ -1199,13 +1236,13 @@ int rt_isula_exec(const char *id, const char *runtime, const rt_exec_params_t *p + } + } + +- ret = shim_create(fg_exec(params), id, workdir, bundle, cmd, exit_code, timeout); ++ ret = shim_create(fg_exec(params), id, workdir, bundle, cmd, exit_code, timeout, &shim_exit_code); + if (ret != 0) { + ERROR("%s: failed create shim process for exec %s", id, exec_id); + goto errlog_out; + } + +- if (*exit_code == SHIM_EXIT_TIMEOUT) { ++ if (shim_exit_code == SHIM_EXIT_TIMEOUT) { + ret = -1; + isulad_set_error_message("Exec container error;exec timeout"); + ERROR("isulad-shim %d exit for execing timeout", pid); +-- +2.25.1 + diff --git a/0090-2052-fix-some-codecheck.patch b/0090-2052-fix-some-codecheck.patch new file mode 100644 index 0000000..46b99ef --- /dev/null +++ b/0090-2052-fix-some-codecheck.patch @@ -0,0 +1,114 @@ +From 1945e7e1f4bf5bf72ea50db9d62dc6c538d00b70 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Tue, 6 Jun 2023 12:44:43 +0000 +Subject: [PATCH 11/15] !2052 fix some codecheck * fix some codecheck + +--- + src/cmd/isulad-shim/main.c | 3 +-- + src/cmd/isulad-shim/process.c | 10 +++------- + src/daemon/modules/runtime/isula/isula_rt_ops.c | 9 +++------ + 3 files changed, 7 insertions(+), 15 deletions(-) + +diff --git a/src/cmd/isulad-shim/main.c b/src/cmd/isulad-shim/main.c +index e2625aac..ff06a633 100644 +--- a/src/cmd/isulad-shim/main.c ++++ b/src/cmd/isulad-shim/main.c +@@ -92,7 +92,6 @@ int main(int argc, char **argv) + char *rt_name = NULL; + char *log_level = NULL; + int ret = SHIM_ERR; +- int efd = -1; + process_t *p = NULL; + // execSync timeout + uint64_t timeout = 0; +@@ -134,7 +133,7 @@ int main(int argc, char **argv) + */ + if (!p->state->exec) { + if (p->state->exit_fifo != NULL) { +- efd = open_no_inherit("exit_fifo", O_WRONLY, -1); ++ int efd = open_no_inherit("exit_fifo", O_WRONLY, -1); + if (efd < 0) { + write_message(g_log_fd, ERR_MSG, "open exit pipe failed:%d", SHIM_SYS_ERR(errno)); + exit(EXIT_FAILURE); +diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c +index 138a71fb..11889cce 100644 +--- a/src/cmd/isulad-shim/process.c ++++ b/src/cmd/isulad-shim/process.c +@@ -1172,8 +1172,6 @@ static int waitpid_with_timeout(int ctr_pid, int *status, const uint64_t timeou + { + int nret = 0; + time_t start_time = time(NULL); +- time_t end_time; +- double interval; + int st; + + for (;;) { +@@ -1181,8 +1179,8 @@ static int waitpid_with_timeout(int ctr_pid, int *status, const uint64_t timeou + if (nret == ctr_pid) { + break; + } +- end_time = time(NULL); +- interval = difftime(end_time, start_time); ++ time_t end_time = time(NULL); ++ double interval = difftime(end_time, start_time); + if (nret == 0 && interval >= timeout) { + return SHIM_ERR_TIMEOUT; + } +@@ -1216,14 +1214,12 @@ static int waitpid_with_timeout(int ctr_pid, int *status, const uint64_t timeou + */ + static int wait_container_process_with_timeout(process_t *p, const uint64_t timeout, int *status) + { +- int ret = SHIM_ERR; +- + if (timeout > 0) { + return waitpid_with_timeout(p->ctr_pid, status, timeout); + } + + for (;;) { +- ret = reap_container(p->ctr_pid, status); ++ int ret = reap_container(p->ctr_pid, status); + if (ret == SHIM_OK) { + if (*status == CONTAINER_ACTION_REBOOT) { + ret = setenv("CONTAINER_ACTION", "reboot", 1); +diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c +index 3fe895f8..dcc1d8ac 100644 +--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c ++++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c +@@ -843,7 +843,7 @@ out: + close(shim_stdout_pipe[0]); + if (ret != 0) { + show_shim_runtime_errlog(workdir); +- if (timeout <= 0) { ++ if (timeout != NULL) { + kill(pid, SIGKILL); /* can kill other process? */ + } + } +@@ -1313,9 +1313,6 @@ int rt_isula_attach(const char *id, const char *runtime, const rt_attach_params_ + + static int to_engine_resources(const host_config *hostconfig, shim_client_cgroup_resources *cr) + { +- uint64_t period = 0; +- int64_t quota = 0; +- + if (hostconfig == NULL || cr == NULL) { + return -1; + } +@@ -1354,13 +1351,13 @@ static int to_engine_resources(const host_config *hostconfig, shim_client_cgroup + // when --cpus=n is set, nano_cpus = n * 1e9. + if (hostconfig->nano_cpus > 0) { + // in the case, period will be set to the default value of 100000(0.1s). +- period = (uint64_t)(100 * Time_Milli / Time_Micro); ++ uint64_t period = (uint64_t)(100 * Time_Milli / Time_Micro); + // set quota = period * n, in order to let container process fully occupy n cpus. + if ((hostconfig->nano_cpus / 1e9) > (INT64_MAX / (int64_t)period)) { + ERROR("Overflow of quota"); + return -1; + } +- quota = hostconfig->nano_cpus / 1e9 * (int64_t)period; ++ int64_t quota = hostconfig->nano_cpus / 1e9 * (int64_t)period; + cr->cpu->period = period; + cr->cpu->quota = quota; + } +-- +2.25.1 + diff --git a/0091-disable-the-exec-timeout-function-for-kata-runtime.patch b/0091-disable-the-exec-timeout-function-for-kata-runtime.patch new file mode 100644 index 0000000..4a14d4c --- /dev/null +++ b/0091-disable-the-exec-timeout-function-for-kata-runtime.patch @@ -0,0 +1,27 @@ +From c530f83fb28347c57bb5b1ed58a9b1770b7c2677 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Wed, 21 Jun 2023 01:20:27 +1400 +Subject: [PATCH 12/15] disable the exec timeout function for kata runtime + +Signed-off-by: zhongtao +--- + src/cmd/isulad-shim/process.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c +index 11889cce..2e76574d 100644 +--- a/src/cmd/isulad-shim/process.c ++++ b/src/cmd/isulad-shim/process.c +@@ -1214,7 +1214,8 @@ static int waitpid_with_timeout(int ctr_pid, int *status, const uint64_t timeou + */ + static int wait_container_process_with_timeout(process_t *p, const uint64_t timeout, int *status) + { +- if (timeout > 0) { ++ // currently, kata runtime does not support setting timeout during exec ++ if (strcasecmp(p->runtime, "kata-runtime") != 0 && timeout > 0) { + return waitpid_with_timeout(p->ctr_pid, status, timeout); + } + +-- +2.25.1 + diff --git a/0092-debug-improve-debug-message-for-gc-containers.patch b/0092-debug-improve-debug-message-for-gc-containers.patch new file mode 100644 index 0000000..105cbbf --- /dev/null +++ b/0092-debug-improve-debug-message-for-gc-containers.patch @@ -0,0 +1,32 @@ +From 8fe8f8bfbe53ad28e7c509f8f5afca1890d4dd1c Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Wed, 5 Jul 2023 11:41:20 +0800 +Subject: [PATCH 13/15] [debug] improve debug message for gc containers + +Signed-off-by: haozi007 +--- + src/daemon/modules/container/supervisor/supervisor.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/src/daemon/modules/container/supervisor/supervisor.c b/src/daemon/modules/container/supervisor/supervisor.c +index 87b623f9..d5997b63 100644 +--- a/src/daemon/modules/container/supervisor/supervisor.c ++++ b/src/daemon/modules/container/supervisor/supervisor.c +@@ -194,6 +194,14 @@ retry: + goto retry; + } + ++ // get info of init process in container for debug problem of container ++ proc_t *c_proc = util_get_process_proc_info(pid); ++ if (c_proc != NULL) { ++ ERROR("Container %s into GC with process state: {cmd: %s, state: %c, pid: %d}", name, c_proc->cmd, c_proc->state, ++ (int)pid); ++ free(c_proc); ++ } ++ + ret = gc_add_container(name, runtime, &data->pid_info); + if (ret != 0) { + ERROR("Failed to send container %s to garbage handler", name); +-- +2.25.1 + diff --git a/0093-refactor-rt_isula_exec-and-shim-log.patch b/0093-refactor-rt_isula_exec-and-shim-log.patch new file mode 100644 index 0000000..b04971f --- /dev/null +++ b/0093-refactor-rt_isula_exec-and-shim-log.patch @@ -0,0 +1,839 @@ +From e92856fe6768d4f09553d6b032fbe2ebcca83bfc Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Thu, 1 Jun 2023 15:33:58 +0800 +Subject: [PATCH 14/15] refactor rt_isula_exec and shim log + +Signed-off-by: zhongtao +--- + src/cmd/isulad-shim/common.c | 17 +- + src/cmd/isulad-shim/common.h | 4 +- + src/cmd/isulad-shim/main.c | 19 +-- + src/cmd/isulad-shim/process.c | 98 ++++++----- + .../modules/runtime/isula/isula_rt_ops.c | 153 ++++++++++-------- + 5 files changed, 164 insertions(+), 127 deletions(-) + +diff --git a/src/cmd/isulad-shim/common.c b/src/cmd/isulad-shim/common.c +index 3787cdfb..27836a8c 100644 +--- a/src/cmd/isulad-shim/common.c ++++ b/src/cmd/isulad-shim/common.c +@@ -31,11 +31,20 @@ + + int g_log_fd = -1; + ++int init_shim_log(void) ++{ ++ g_log_fd = open_no_inherit(SHIM_LOG_NAME, O_CREAT | O_WRONLY | O_APPEND | O_SYNC, 0640); ++ if (g_log_fd < 0) { ++ return SHIM_ERR; ++ } ++ return SHIM_OK; ++} ++ + void signal_routine(int sig) + { + switch (sig) { + case SIGALRM: +- write_message(g_log_fd, ERR_MSG, "runtime timeout"); ++ write_message(ERR_MSG, "runtime timeout"); + exit(EXIT_FAILURE); + default: + break; +@@ -228,12 +237,12 @@ int generate_random_str(char *id, size_t len) + return SHIM_OK; + } + +-void write_message(int fd, const char *level, const char *fmt, ...) ++void write_message(const char *level, const char *fmt, ...) + { + #define MAX_MSG_JSON_TEMPLATE 32 + #define MAX_MESSAGE_CONTENT_LEN 128 + #define MAX_MESSAGE_LEN (MAX_MSG_JSON_TEMPLATE + MAX_MESSAGE_CONTENT_LEN) +- if (fd < 0) { ++ if (g_log_fd < 0) { + return; + } + +@@ -247,7 +256,7 @@ void write_message(int fd, const char *level, const char *fmt, ...) + va_end(arg_list); + + snprintf(msg, MAX_MESSAGE_LEN - 1, "{\"level\": \"%s\", \"msg\": \"%s\"}\n", level, buf); +- nwrite = write_nointr_in_total(fd, msg, strlen(msg)); ++ nwrite = write_nointr_in_total(g_log_fd, msg, strlen(msg)); + if (nwrite < 0 || (size_t)nwrite != strlen(msg)) { + return; + } +diff --git a/src/cmd/isulad-shim/common.h b/src/cmd/isulad-shim/common.h +index 8cef5de2..a5991cc3 100644 +--- a/src/cmd/isulad-shim/common.h ++++ b/src/cmd/isulad-shim/common.h +@@ -58,6 +58,8 @@ extern "C" { + #define CONTAINER_ACTION_REBOOT 129 + #define CONTAINER_ACTION_SHUTDOWN 130 + ++int init_shim_log(void); ++ + void signal_routine(int sig); + + void util_usleep_nointerupt(unsigned long usec); +@@ -107,7 +109,7 @@ bool file_exists(const char *f); + + int cmd_combined_output(const char *binary, const char *params[], void *output, int *output_len); + +-void write_message(int fd, const char *level, const char *fmt, ...); ++void write_message(const char *level, const char *fmt, ...); + + int generate_random_str(char *id, size_t len); + +diff --git a/src/cmd/isulad-shim/main.c b/src/cmd/isulad-shim/main.c +index ff06a633..22db251e 100644 +--- a/src/cmd/isulad-shim/main.c ++++ b/src/cmd/isulad-shim/main.c +@@ -26,8 +26,6 @@ + #include "common.h" + #include "process.h" + +-extern int g_log_fd; +- + static void set_timeout_exit(unsigned int timeout) + { + signal(SIGALRM, signal_routine); +@@ -97,8 +95,11 @@ int main(int argc, char **argv) + uint64_t timeout = 0; + pthread_t tid_epoll; + +- g_log_fd = open_no_inherit(SHIM_LOG_NAME, O_CREAT | O_WRONLY | O_APPEND | O_SYNC, 0640); +- if (g_log_fd < 0) { ++ ret = init_shim_log(); ++ if (ret != SHIM_OK) { ++ // because shim log init error, print error msg to stderr. ++ // isulad can obtain the reason why shim exits. ++ dprintf(STDERR_FILENO, "failed to init shim log"); + _exit(EXIT_FAILURE); + } + +@@ -110,19 +111,19 @@ int main(int argc, char **argv) + + ret = set_subreaper(); + if (ret != SHIM_OK) { +- write_message(g_log_fd, ERR_MSG, "set subreaper failed:%d", ret); ++ write_message(ERR_MSG, "set subreaper failed:%d", ret); + exit(EXIT_FAILURE); + } + + ret = parse_args(argc, argv, &container_id, &bundle, &rt_name, &log_level, &timeout); + if (ret != SHIM_OK) { +- write_message(g_log_fd, ERR_MSG, "parse args failed:%d", ret); ++ write_message(ERR_MSG, "parse args failed:%d", ret); + exit(EXIT_FAILURE); + } + + p = new_process(container_id, bundle, rt_name); + if (p == NULL) { +- write_message(g_log_fd, ERR_MSG, "new process failed"); ++ write_message(ERR_MSG, "new process failed"); + exit(EXIT_FAILURE); + } + +@@ -135,7 +136,7 @@ int main(int argc, char **argv) + if (p->state->exit_fifo != NULL) { + int efd = open_no_inherit("exit_fifo", O_WRONLY, -1); + if (efd < 0) { +- write_message(g_log_fd, ERR_MSG, "open exit pipe failed:%d", SHIM_SYS_ERR(errno)); ++ write_message(ERR_MSG, "open exit pipe failed:%d", SHIM_SYS_ERR(errno)); + exit(EXIT_FAILURE); + } + p->exit_fd = efd; +@@ -145,7 +146,7 @@ int main(int argc, char **argv) + /* start epoll for io copy */ + ret = process_io_start(p, &tid_epoll); + if (ret != SHIM_OK) { +- write_message(g_log_fd, ERR_MSG, "process io init failed:%d", ret); ++ write_message(ERR_MSG, "process io init failed:%d", ret); + exit(EXIT_FAILURE); + } + +diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c +index 2e76574d..a9e65fcb 100644 +--- a/src/cmd/isulad-shim/process.c ++++ b/src/cmd/isulad-shim/process.c +@@ -44,8 +44,6 @@ + #define DEFAULT_IO_COPY_BUF (16 * 1024) + #define DEFAULT_LOG_FILE_SIZE (4 * 1024) + +-extern int g_log_fd; +- + static shim_client_process_state *load_process() + { + parser_error err = NULL; +@@ -53,7 +51,7 @@ static shim_client_process_state *load_process() + + p_state = shim_client_process_state_parse_file("process.json", NULL, &err); + if (p_state == NULL) { +- write_message(g_log_fd, ERR_MSG, "parse process state failed"); ++ write_message(ERR_MSG, "parse process state failed"); + } + /* "err" will definitely be allocated memory in the function above */ + free(err); +@@ -68,7 +66,7 @@ static int open_fifo_noblock(const char *path, mode_t mode) + /* By default, We consider that the file has been created by isulad */ + fd = open_no_inherit(path, mode | O_NONBLOCK, -1); + if (fd < 0) { +- write_message(g_log_fd, ERR_MSG, "open fifo file failed:%d", SHIM_SYS_ERR(errno)); ++ write_message(ERR_MSG, "open fifo file failed:%d", SHIM_SYS_ERR(errno)); + return -1; + } + +@@ -107,7 +105,7 @@ static int receive_fd(int sock) + */ + int ret = recvmsg(sock, &msg, 0); + if (ret <= 0) { +- write_message(g_log_fd, ERR_MSG, "get console fd failed:%d", SHIM_SYS_ERR(errno)); ++ write_message(ERR_MSG, "get console fd failed:%d", SHIM_SYS_ERR(errno)); + free(cmptr); + return -1; + } +@@ -201,7 +199,7 @@ static int stdin_cb(int fd, uint32_t events, void *cbdata, struct epoll_descr *d + w_count = write_nointr_in_total(*fd_to, p->buf, r_count); + if (w_count < 0) { + /* When any error occurs, set the write fd -1 */ +- write_message(g_log_fd, WARN_MSG, "write in_fd %d error:%d", *fd_to, SHIM_SYS_ERR(errno)); ++ write_message(WARN_MSG, "write in_fd %d error:%d", *fd_to, SHIM_SYS_ERR(errno)); + close(*fd_to); + *fd_to = -1; + } +@@ -243,7 +241,7 @@ static int stdout_cb(int fd, uint32_t events, void *cbdata, struct epoll_descr * + w_count = write_nointr_in_total(p->isulad_io->out, p->buf, r_count); + if (w_count < 0) { + /* When any error occurs, set the write fd -1 */ +- write_message(g_log_fd, WARN_MSG, "write out_fd %d error:%d", p->isulad_io->out, SHIM_SYS_ERR(errno)); ++ write_message(WARN_MSG, "write out_fd %d error:%d", p->isulad_io->out, SHIM_SYS_ERR(errno)); + close(p->isulad_io->out); + p->isulad_io->out = -1; + } +@@ -285,7 +283,7 @@ static int stderr_cb(int fd, uint32_t events, void *cbdata, struct epoll_descr * + w_count = write_nointr_in_total(p->isulad_io->err, p->buf, r_count); + if (w_count < 0) { + /* When any error occurs, set the write fd -1 */ +- write_message(g_log_fd, WARN_MSG, "write err_fd %d error:%d", p->isulad_io->err, SHIM_SYS_ERR(errno)); ++ write_message(WARN_MSG, "write err_fd %d error:%d", p->isulad_io->err, SHIM_SYS_ERR(errno)); + close(p->isulad_io->err); + p->isulad_io->err = -1; + } +@@ -333,13 +331,13 @@ static int task_console_accept(int fd, uint32_t events, void *cbdata, struct epo + + conn_fd = accept(p->listen_fd, NULL, NULL); + if (conn_fd < 0) { +- write_message(g_log_fd, ERR_MSG, "accept from fd %d failed:%d", p->listen_fd, SHIM_SYS_ERR(errno)); ++ write_message(ERR_MSG, "accept from fd %d failed:%d", p->listen_fd, SHIM_SYS_ERR(errno)); + goto out; + } + + p->recv_fd = receive_fd(conn_fd); + if (check_fd(p->recv_fd) != true) { +- write_message(g_log_fd, ERR_MSG, "check console fd failed"); ++ write_message(ERR_MSG, "check console fd failed"); + goto out; + } + +@@ -348,19 +346,19 @@ static int task_console_accept(int fd, uint32_t events, void *cbdata, struct epo + // p->isulad_io->in ----> p->recv_fd + ret = epoll_loop_add_handler(descr, p->isulad_io->in, stdin_cb, p); + if (ret != SHIM_OK) { +- write_message(g_log_fd, ERR_MSG, "add in fd %d to epoll loop failed:%d", p->isulad_io->in, SHIM_SYS_ERR(errno)); ++ write_message(ERR_MSG, "add in fd %d to epoll loop failed:%d", p->isulad_io->in, SHIM_SYS_ERR(errno)); + goto out; + } + // p->recv_fd ----> p->isulad_io->out + ret = epoll_loop_add_handler(descr, p->recv_fd, stdout_cb, p); + if (ret != SHIM_OK) { +- write_message(g_log_fd, ERR_MSG, "add recv_fd fd %d to epoll loop failed:%d", p->recv_fd, SHIM_SYS_ERR(errno)); ++ write_message(ERR_MSG, "add recv_fd fd %d to epoll loop failed:%d", p->recv_fd, SHIM_SYS_ERR(errno)); + goto out; + } + // p->isulad_io->resize ----> p->recv_fd + ret = epoll_loop_add_handler(descr, p->isulad_io->resize, resize_cb, p); + if (ret != SHIM_OK) { +- write_message(g_log_fd, ERR_MSG, "add resize fd %d to epoll loop failed:%d", p->isulad_io->resize, SHIM_SYS_ERR(errno)); ++ write_message(ERR_MSG, "add resize fd %d to epoll loop failed:%d", p->isulad_io->resize, SHIM_SYS_ERR(errno)); + goto out; + } + +@@ -416,7 +414,7 @@ static stdio_t *initialize_io(process_t *p) + /* don't open resize pipe */ + if ((pipe2(stdio_fd[0], O_CLOEXEC | O_NONBLOCK) != 0) || (pipe2(stdio_fd[1], O_CLOEXEC | O_NONBLOCK) != 0) || + (pipe2(stdio_fd[2], O_CLOEXEC | O_NONBLOCK) != 0)) { +- write_message(g_log_fd, ERR_MSG, "open pipe failed when init io:%d", SHIM_SYS_ERR(errno)); ++ write_message(ERR_MSG, "open pipe failed when init io:%d", SHIM_SYS_ERR(errno)); + goto failure; + } + +@@ -481,7 +479,7 @@ static int console_init(process_t *p, struct epoll_descr *descr) + + fd = socket(AF_UNIX, SOCK_STREAM, 0); + if (fd < 0) { +- write_message(g_log_fd, ERR_MSG, "create socket failed:%d", SHIM_SYS_ERR(errno)); ++ write_message(ERR_MSG, "create socket failed:%d", SHIM_SYS_ERR(errno)); + goto failure; + } + +@@ -491,13 +489,13 @@ static int console_init(process_t *p, struct epoll_descr *descr) + + ret = bind(fd, (struct sockaddr *)&addr, sizeof(addr)); + if (ret < 0) { +- write_message(g_log_fd, ERR_MSG, "bind console fd failed:%d", SHIM_SYS_ERR(errno)); ++ write_message(ERR_MSG, "bind console fd failed:%d", SHIM_SYS_ERR(errno)); + goto failure; + } + + ret = listen(fd, 2); + if (ret < 0) { +- write_message(g_log_fd, ERR_MSG, "listen console fd failed:%d", SHIM_SYS_ERR(errno)); ++ write_message(ERR_MSG, "listen console fd failed:%d", SHIM_SYS_ERR(errno)); + goto failure; + } + +@@ -505,7 +503,7 @@ static int console_init(process_t *p, struct epoll_descr *descr) + + ret = epoll_loop_add_handler(descr, p->listen_fd, task_console_accept, p); + if (ret != SHIM_OK) { +- write_message(g_log_fd, ERR_MSG, "add listen_fd fd %d to epoll loop failed:%d", p->listen_fd, SHIM_SYS_ERR(errno)); ++ write_message(ERR_MSG, "add listen_fd fd %d to epoll loop failed:%d", p->listen_fd, SHIM_SYS_ERR(errno)); + goto failure; + } + +@@ -523,7 +521,7 @@ static int open_terminal_io(process_t *p, struct epoll_descr *descr) + + ret = new_temp_console_path(p); + if (ret != SHIM_OK) { +- write_message(g_log_fd, ERR_MSG, "get temp console sock path failed"); ++ write_message(ERR_MSG, "get temp console sock path failed"); + return SHIM_ERR; + } + +@@ -545,19 +543,19 @@ static int open_generic_io(process_t *p, struct epoll_descr *descr) + // p->isulad_io->in ----> p->shim_io->in + ret = epoll_loop_add_handler(descr, p->isulad_io->in, stdin_cb, p); + if (ret != SHIM_OK) { +- write_message(g_log_fd, ERR_MSG, "add in fd %d to epoll loop failed:%d", p->isulad_io->in, SHIM_SYS_ERR(errno)); ++ write_message(ERR_MSG, "add in fd %d to epoll loop failed:%d", p->isulad_io->in, SHIM_SYS_ERR(errno)); + return SHIM_ERR; + } + // p->shim_io->out ----> p->isulad_io->out + ret = epoll_loop_add_handler(descr, p->shim_io->out, stdout_cb, p); + if (ret != SHIM_OK) { +- write_message(g_log_fd, ERR_MSG, "add out fd %d to epoll loop failed:%d", p->shim_io->out, SHIM_SYS_ERR(errno)); ++ write_message(ERR_MSG, "add out fd %d to epoll loop failed:%d", p->shim_io->out, SHIM_SYS_ERR(errno)); + return SHIM_ERR; + } + // p->shim_io->err ----> p->isulad_io->err + ret = epoll_loop_add_handler(descr, p->shim_io->err, stderr_cb, p); + if (ret != SHIM_OK) { +- write_message(g_log_fd, ERR_MSG, "add err fd %d to epoll loop failed:%d", p->shim_io->err, SHIM_SYS_ERR(errno)); ++ write_message(ERR_MSG, "add err fd %d to epoll loop failed:%d", p->shim_io->err, SHIM_SYS_ERR(errno)); + return SHIM_ERR; + } + +@@ -608,14 +606,14 @@ static void *io_epoll_loop(void *data) + + ret = epoll_loop_open(&descr); + if (ret != 0) { +- write_message(g_log_fd, ERR_MSG, "epoll loop open failed:%d", SHIM_SYS_ERR(errno)); ++ write_message(ERR_MSG, "epoll loop open failed:%d", SHIM_SYS_ERR(errno)); + exit(EXIT_FAILURE); + } + + // sync fd: epoll loop will exit when recive sync fd event. + ret = epoll_loop_add_handler(&descr, p->sync_fd, sync_exit_cb, p); + if (ret != 0) { +- write_message(g_log_fd, ERR_MSG, "add sync_fd %d to epoll loop failed:%d", p->sync_fd, SHIM_SYS_ERR(errno)); ++ write_message(ERR_MSG, "add sync_fd %d to epoll loop failed:%d", p->sync_fd, SHIM_SYS_ERR(errno)); + exit(EXIT_FAILURE); + } + +@@ -625,7 +623,7 @@ static void *io_epoll_loop(void *data) + ret = open_generic_io(p, &descr); + } + if (ret != SHIM_OK) { +- write_message(g_log_fd, ERR_MSG, "open io failed:%d", SHIM_SYS_ERR(errno)); ++ write_message(ERR_MSG, "open io failed:%d", SHIM_SYS_ERR(errno)); + exit(EXIT_FAILURE); + } + +@@ -633,7 +631,7 @@ static void *io_epoll_loop(void *data) + + ret = epoll_loop(&descr, -1); + if (ret != 0) { +- write_message(g_log_fd, ERR_MSG, "epoll loop failed"); ++ write_message(ERR_MSG, "epoll loop failed"); + exit(EXIT_FAILURE); + } + +@@ -649,7 +647,7 @@ static void *io_epoll_loop(void *data) + if (fd_out > 0) { + ret = set_non_block(fd_out); + if (ret != SHIM_OK) { +- write_message(g_log_fd, ERR_MSG, "set fd %d non_block failed:%d", fd_out, SHIM_SYS_ERR(errno)); ++ write_message(ERR_MSG, "set fd %d non_block failed:%d", fd_out, SHIM_SYS_ERR(errno)); + exit(EXIT_FAILURE); + } + +@@ -664,7 +662,7 @@ static void *io_epoll_loop(void *data) + if (fd_err > 0) { + ret = set_non_block(fd_err); + if (ret != SHIM_OK) { +- write_message(g_log_fd, ERR_MSG, "set fd %d non_block failed:%d", fd_err, SHIM_SYS_ERR(errno)); ++ write_message(ERR_MSG, "set fd %d non_block failed:%d", fd_err, SHIM_SYS_ERR(errno)); + exit(EXIT_FAILURE); + } + +@@ -696,12 +694,12 @@ static int terminal_init(log_terminal **terminal, shim_client_process_state *p_s + + log_term = util_common_calloc_s(sizeof(log_terminal)); + if (log_term == NULL) { +- write_message(g_log_fd, ERR_MSG, "Failed to calloc log_terminal"); ++ write_message(ERR_MSG, "Failed to calloc log_terminal"); + goto clean_out; + } + + if (pthread_rwlock_init(&log_term->log_terminal_rwlock, NULL) != 0) { +- write_message(g_log_fd, ERR_MSG, "Failed to init isulad conf rwlock"); ++ write_message(ERR_MSG, "Failed to init isulad conf rwlock"); + goto clean_out; + } + +@@ -777,25 +775,25 @@ static int init_isulad_stdio(process_t *p) + + ret = open_isulad_fd(STDID_IN, p->state->isulad_stdin, &p->isulad_io->in); + if (ret != SHIM_OK) { +- write_message(g_log_fd, ERR_MSG, "Failed to open in isulad fd: %s", p->state->isulad_stdin); ++ write_message(ERR_MSG, "Failed to open in isulad fd: %s", p->state->isulad_stdin); + goto failure; + } + + ret = open_isulad_fd(STDID_OUT, p->state->isulad_stdout, &p->isulad_io->out); + if (ret != SHIM_OK) { +- write_message(g_log_fd, ERR_MSG, "Failed to open out isulad fd: %s", p->state->isulad_stdout); ++ write_message(ERR_MSG, "Failed to open out isulad fd: %s", p->state->isulad_stdout); + goto failure; + } + + ret = open_isulad_fd(STDID_ERR, p->state->isulad_stderr, &p->isulad_io->err); + if (ret != SHIM_OK) { +- write_message(g_log_fd, ERR_MSG, "Failed to open err isulad fd: %s", p->state->isulad_stderr); ++ write_message(ERR_MSG, "Failed to open err isulad fd: %s", p->state->isulad_stderr); + goto failure; + } + + ret = open_isulad_fd(EXEC_RESIZE, p->state->resize_fifo, &p->isulad_io->resize); + if (ret != SHIM_OK) { +- write_message(g_log_fd, ERR_MSG, "Failed to open resize isulad fd: %s", p->state->resize_fifo); ++ write_message(ERR_MSG, "Failed to open resize isulad fd: %s", p->state->resize_fifo); + goto failure; + } + return SHIM_OK; +@@ -862,7 +860,7 @@ process_t *new_process(char *id, char *bundle, char *runtime) + + p->sync_fd = eventfd(0, EFD_CLOEXEC); + if (p->sync_fd < 0) { +- write_message(g_log_fd, ERR_MSG, "Failed to create eventfd: %s", strerror(errno)); ++ write_message(ERR_MSG, "Failed to create eventfd: %s", strerror(errno)); + goto failure; + } + +@@ -996,7 +994,7 @@ static void process_delete(process_t *p) + + cwd = getcwd(NULL, 0); + if (cwd == NULL) { +- write_message(g_log_fd, ERR_MSG, "get cwd failed when do process delete"); ++ write_message(ERR_MSG, "get cwd failed when do process delete"); + return; + } + int nret = snprintf(log_path, PATH_MAX, "%s/log.json", cwd); +@@ -1094,13 +1092,13 @@ int create_process(process_t *p) + int nread = -1; + + if (pipe2(exec_fd, O_CLOEXEC) != 0) { +- write_message(g_log_fd, ERR_MSG, "create pipe failed when create process:%d", SHIM_SYS_ERR(errno)); ++ write_message(ERR_MSG, "create pipe failed when create process:%d", SHIM_SYS_ERR(errno)); + return SHIM_ERR; + } + + pid_t pid = fork(); + if (pid == (pid_t) -1) { +- write_message(g_log_fd, ERR_MSG, "fork failed when create process:%d", SHIM_SYS_ERR(errno)); ++ write_message(ERR_MSG, "fork failed when create process:%d", SHIM_SYS_ERR(errno)); + return SHIM_ERR; + } + +@@ -1120,7 +1118,7 @@ int create_process(process_t *p) + } + nread = read_nointr(exec_fd[0], exec_buff, sizeof(exec_buff) - 1); + if (nread > 0) { +- write_message(g_log_fd, ERR_MSG, "runtime error"); ++ write_message(ERR_MSG, "runtime error"); + ret = SHIM_ERR; + goto out; + } +@@ -1128,7 +1126,7 @@ int create_process(process_t *p) + /* block to wait runtime pid exit */ + ret = waitpid(pid, NULL, 0); + if (ret != pid) { +- write_message(g_log_fd, ERR_MSG, "wait runtime failed:%d", SHIM_SYS_ERR(errno)); ++ write_message(ERR_MSG, "wait runtime failed:%d", SHIM_SYS_ERR(errno)); + ret = SHIM_ERR; + goto out; + } +@@ -1136,7 +1134,7 @@ int create_process(process_t *p) + /* save runtime pid */ + data = read_text_file("pid"); + if (data == NULL) { +- write_message(g_log_fd, ERR_MSG, "read pid of runtime failed"); ++ write_message(ERR_MSG, "read pid of runtime failed"); + goto out; + } + int ctr_pid = atoi(data); +@@ -1197,12 +1195,12 @@ static int waitpid_with_timeout(int ctr_pid, int *status, const uint64_t timeou + if (*status == CONTAINER_ACTION_REBOOT) { + nret = setenv("CONTAINER_ACTION", "reboot", 1); + if (nret != SHIM_OK) { +- write_message(g_log_fd, WARN_MSG, "set reboot action failed:%d", SHIM_SYS_ERR(errno)); ++ write_message(WARN_MSG, "set reboot action failed:%d", SHIM_SYS_ERR(errno)); + } + } else if (*status == CONTAINER_ACTION_SHUTDOWN) { + nret = setenv("CONTAINER_ACTION", "shutdown", 1); + if (nret != SHIM_OK) { +- write_message(g_log_fd, WARN_MSG, "set shutdown action failed:%d", SHIM_SYS_ERR(errno)); ++ write_message(WARN_MSG, "set shutdown action failed:%d", SHIM_SYS_ERR(errno)); + } + } + return SHIM_OK; +@@ -1225,12 +1223,12 @@ static int wait_container_process_with_timeout(process_t *p, const uint64_t time + if (*status == CONTAINER_ACTION_REBOOT) { + ret = setenv("CONTAINER_ACTION", "reboot", 1); + if (ret != SHIM_OK) { +- write_message(g_log_fd, WARN_MSG, "set reboot action failed:%d", SHIM_SYS_ERR(errno)); ++ write_message(WARN_MSG, "set reboot action failed:%d", SHIM_SYS_ERR(errno)); + } + } else if (*status == CONTAINER_ACTION_SHUTDOWN) { + ret = setenv("CONTAINER_ACTION", "shutdown", 1); + if (ret != SHIM_OK) { +- write_message(g_log_fd, WARN_MSG, "set shutdown action failed:%d", SHIM_SYS_ERR(errno)); ++ write_message(WARN_MSG, "set shutdown action failed:%d", SHIM_SYS_ERR(errno)); + } + } + return SHIM_OK; +@@ -1260,7 +1258,7 @@ int process_signal_handle_routine(process_t *p, const pthread_t tid_epoll, const + // kill container process to ensure process_kill_all effective + nret = kill(p->ctr_pid, SIGKILL); + if (nret < 0 && errno != ESRCH) { +- write_message(g_log_fd, ERR_MSG, "Can not kill process (pid=%d) with SIGKILL", p->ctr_pid); ++ write_message(ERR_MSG, "Can not kill process (pid=%d) with SIGKILL", p->ctr_pid); + return SHIM_ERR; + } + } +@@ -1270,7 +1268,7 @@ int process_signal_handle_routine(process_t *p, const pthread_t tid_epoll, const + // wait atmost 120 seconds + DO_RETRY_CALL(120, 1000000, nret, try_wait_all_child); + if (nret != 0) { +- write_message(g_log_fd, ERR_MSG, "Failed to wait all child after 120 seconds"); ++ write_message(ERR_MSG, "Failed to wait all child after 120 seconds"); + } + + process_delete(p); +@@ -1280,13 +1278,13 @@ int process_signal_handle_routine(process_t *p, const pthread_t tid_epoll, const + + if (p->sync_fd > 0) { + if (eventfd_write(p->sync_fd, 1)) { +- write_message(g_log_fd, ERR_MSG, "Failed to write sync fd"); ++ write_message(ERR_MSG, "Failed to write sync fd"); + } + } + + nret = pthread_join(tid_epoll, NULL); + if (nret != 0) { +- write_message(g_log_fd, ERR_MSG, "Failed to join epoll loop thread"); ++ write_message(ERR_MSG, "Failed to join epoll loop thread"); + } + + close(p->sync_fd); +@@ -1298,7 +1296,7 @@ int process_signal_handle_routine(process_t *p, const pthread_t tid_epoll, const + } + + if (ret == SHIM_ERR_TIMEOUT) { +- write_message(g_log_fd, INFO_MSG, "Wait %d timeout", p->ctr_pid); ++ write_message(INFO_MSG, "Wait %d timeout", p->ctr_pid); + return SHIM_ERR_TIMEOUT; + } + +diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c +index dcc1d8ac..9adaf613 100644 +--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c ++++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c +@@ -707,7 +707,7 @@ static int shim_create(bool fg, const char *id, const char *workdir, const char + int *exit_code, const char* timeout, int* shim_exit_code) + { + pid_t pid = 0; +- int exec_fd[2] = { -1, -1 }; ++ int shim_stderr_pipe[2] = { -1, -1 }; + int shim_stdout_pipe[2] = { -1, -1 }; + int num = 0; + int ret = 0; +@@ -733,21 +733,21 @@ static int shim_create(bool fg, const char *id, const char *workdir, const char + return -1; + } + +- if (pipe2(exec_fd, O_CLOEXEC) != 0) { +- ERROR("Failed to create pipe for shim create"); ++ if (pipe2(shim_stderr_pipe, O_CLOEXEC) != 0) { ++ ERROR("Failed to create pipe for shim stderr"); + return -1; + } + + if (pipe2(shim_stdout_pipe, O_CLOEXEC) != 0) { +- ERROR("Failed to create pipe for shim exit code"); ++ ERROR("Failed to create pipe for shim stdout"); + return -1; + } + + pid = fork(); + if (pid < 0) { + ERROR("Failed fork for shim parent %s", strerror(errno)); +- close(exec_fd[0]); +- close(exec_fd[1]); ++ close(shim_stderr_pipe[0]); ++ close(shim_stderr_pipe[1]); + close(shim_stdout_pipe[0]); + close(shim_stdout_pipe[1]); + return -1; +@@ -755,60 +755,64 @@ static int shim_create(bool fg, const char *id, const char *workdir, const char + + if (pid == (pid_t)0) { + if (chdir(workdir) < 0) { +- (void)dprintf(exec_fd[1], "%s: failed chdir to %s", id, workdir); ++ (void)dprintf(shim_stderr_pipe[1], "%s: failed chdir to %s", id, workdir); + exit(EXIT_FAILURE); + } + + if (fg) { ++ // child process, dup2 shim_stdout_pipe[1] to STDOUT ++ if (dup2(shim_stdout_pipe[1], STDOUT_FILENO) < 0) { ++ (void)dprintf(shim_stderr_pipe[1], "Dup stdout fd error: %s", strerror(errno)); ++ exit(EXIT_FAILURE); ++ } ++ // child process, dup2 shim_stderr_pipe[1] to STDERR ++ if (dup2(shim_stderr_pipe[1], STDERR_FILENO) < 0) { ++ (void)dprintf(shim_stderr_pipe[1], "Dup stderr fd error: %s", strerror(errno)); ++ exit(EXIT_FAILURE); ++ } + goto realexec; + } + + // clear NOTIFY_SOCKET from the env to adapt runc create + if (unsetenv("NOTIFY_SOCKET") != 0) { +- (void)dprintf(exec_fd[1], "%s: unset env NOTIFY_SOCKET failed %s", id, strerror(errno)); ++ (void)dprintf(shim_stderr_pipe[1], "%s: unset env NOTIFY_SOCKET failed %s", id, strerror(errno)); + exit(EXIT_FAILURE); + } + + pid = fork(); + if (pid < 0) { +- (void)dprintf(exec_fd[1], "%s: fork shim-process failed %s", id, strerror(errno)); ++ (void)dprintf(shim_stderr_pipe[1], "%s: fork shim-process failed %s", id, strerror(errno)); + _exit(EXIT_FAILURE); + } + if (pid != 0) { + if (file_write_int(fpid, pid) != 0) { +- (void)dprintf(exec_fd[1], "%s: write %s with %d failed", id, fpid, pid); ++ (void)dprintf(shim_stderr_pipe[1], "%s: write %s with %d failed", id, fpid, pid); + } + _exit(EXIT_SUCCESS); + } + + realexec: + /* real shim process. */ +- close(exec_fd[0]); ++ close(shim_stderr_pipe[0]); + close(shim_stdout_pipe[0]); +- // child process, dup2 shim_stdout_pipe[1] to STDOUT +- if (dup2(shim_stdout_pipe[1], STDOUT_FILENO) < 0) { +- (void)dprintf(exec_fd[1], "Dup fd error: %s", strerror(errno)); +- exit(EXIT_FAILURE); +- } + + if (setsid() < 0) { +- (void)dprintf(exec_fd[1], "%s: failed setsid for process %d", id, getpid()); ++ (void)dprintf(shim_stderr_pipe[1], "%s: failed setsid for process %d", id, getpid()); + exit(EXIT_FAILURE); + } +- int ignore_fd[2] = {-1, -1}; +- ignore_fd[0] = exec_fd[1]; +- ignore_fd[1] = shim_stdout_pipe[1]; +- if (util_check_inherited_exclude_fds(true, ignore_fd, 2) != 0) { +- (void)dprintf(exec_fd[1], "close inherited fds failed"); ++ ++ if (util_check_inherited(true, shim_stderr_pipe[1]) != 0) { ++ (void)dprintf(shim_stderr_pipe[1], "close inherited fds failed"); ++ exit(EXIT_FAILURE); + } + + execvp(SHIM_BINARY, (char * const *)params); +- (void)dprintf(exec_fd[1], "exec failed: %s", strerror(errno)); ++ (void)dprintf(shim_stderr_pipe[1], "exec failed: %s", strerror(errno)); + } + +- close(exec_fd[1]); ++ close(shim_stderr_pipe[1]); + close(shim_stdout_pipe[1]); +- num = util_read_nointr(exec_fd[0], exec_buff, sizeof(exec_buff) - 1); ++ num = util_read_nointr(shim_stderr_pipe[0], exec_buff, sizeof(exec_buff) - 1); + if (num > 0) { + ERROR("Exec failed: %s", exec_buff); + ret = -1; +@@ -829,9 +833,16 @@ realexec: + goto out; + } + ++ // exit_code is NULL when command is create. + if (exit_code == NULL) { + goto out; + } ++ ++ // when exec in background, exit code is shim exit code ++ if (!fg) { ++ *exit_code = *shim_exit_code; ++ goto out; ++ } + ret = util_read_nointr(shim_stdout_pipe[0], exit_code, sizeof(int)); + if (ret <= 0) { + *exit_code = 137; +@@ -839,7 +850,7 @@ realexec: + ret = 0; + + out: +- close(exec_fd[0]); ++ close(shim_stderr_pipe[0]); + close(shim_stdout_pipe[0]); + if (ret != 0) { + show_shim_runtime_errlog(workdir); +@@ -1146,19 +1157,63 @@ err_out: + return NULL; + } + +-int rt_isula_exec(const char *id, const char *runtime, const rt_exec_params_t *params, int *exit_code) ++static int preparation_exec(const char *id, const char *runtime, const char *workdir, const char *exec_id, ++ const rt_exec_params_t *params) + { +- char *exec_id = NULL; +- defs_process *process = NULL; +- const char **runtime_args = NULL; ++ int ret = 0; + size_t runtime_args_len = 0; +- char workdir[PATH_MAX] = { 0 }; + char resize_fifo_dir[PATH_MAX] = { 0 }; ++ const char **runtime_args = NULL; ++ shim_client_process_state p = { 0 }; ++ defs_process *process = NULL; ++ ++ ret = util_mkdir_p(workdir, DEFAULT_SECURE_DIRECTORY_MODE); ++ if (ret < 0) { ++ ERROR("failed mkdir exec workdir %s", workdir); ++ return -1; ++ } ++ ++ ret = snprintf(resize_fifo_dir, sizeof(resize_fifo_dir), "%s/%s", workdir, RESIZE_FIFO_NAME); ++ if (ret < 0) { ++ ERROR("failed join resize fifo full path"); ++ return -1; ++ } ++ ++ ret = console_fifo_create(resize_fifo_dir); ++ if (ret < 0) { ++ ERROR("failed create resize fifo file"); ++ return -1; ++ } ++ ++ process = params->spec; ++ runtime_args_len = get_runtime_args(runtime, &runtime_args); ++ ++ p.exec = true; ++ p.isulad_stdin = (char *)params->console_fifos[0]; ++ p.isulad_stdout = (char *)params->console_fifos[1]; ++ p.isulad_stderr = (char *)params->console_fifos[2]; ++ p.resize_fifo = resize_fifo_dir; ++ p.runtime_args = (char **)runtime_args; ++ p.runtime_args_len = runtime_args_len; ++ copy_process(&p, process); ++ ++ ret = create_process_json_file(workdir, &p); ++ if (ret != 0) { ++ ERROR("%s: failed create exec json file", id); ++ return -1; ++ } ++ ++ return 0; ++} ++ ++int rt_isula_exec(const char *id, const char *runtime, const rt_exec_params_t *params, int *exit_code) ++{ + const char *cmd = NULL; ++ char *exec_id = NULL; + int ret = 0; +- char bundle[PATH_MAX] = { 0 }; + int pid = 0; +- shim_client_process_state p = { 0 }; ++ char bundle[PATH_MAX] = { 0 }; ++ char workdir[PATH_MAX] = { 0 }; + char *timeout = NULL; + int shim_exit_code = 0; + +@@ -1166,8 +1221,6 @@ int rt_isula_exec(const char *id, const char *runtime, const rt_exec_params_t *p + ERROR("nullptr arguments not allowed"); + return -1; + } +- process = params->spec; +- runtime_args_len = get_runtime_args(runtime, &runtime_args); + + ret = snprintf(bundle, sizeof(bundle), "%s/%s", params->rootpath, id); + if (ret < 0) { +@@ -1191,36 +1244,10 @@ int rt_isula_exec(const char *id, const char *runtime, const rt_exec_params_t *p + ERROR("failed join exec full path"); + goto out; + } +- ret = util_mkdir_p(workdir, DEFAULT_SECURE_DIRECTORY_MODE); +- if (ret < 0) { +- ERROR("failed mkdir exec workdir %s", workdir); +- goto out; +- } + +- ret = snprintf(resize_fifo_dir, sizeof(resize_fifo_dir), "%s/%s", workdir, RESIZE_FIFO_NAME); +- if (ret < 0) { +- ERROR("failed join resize fifo full path"); +- goto del_out; +- } +- +- ret = console_fifo_create(resize_fifo_dir); +- if (ret < 0) { +- ERROR("failed create resize fifo file"); +- goto del_out; +- } +- +- p.exec = true; +- p.isulad_stdin = (char *)params->console_fifos[0]; +- p.isulad_stdout = (char *)params->console_fifos[1]; +- p.isulad_stderr = (char *)params->console_fifos[2]; +- p.resize_fifo = resize_fifo_dir; +- p.runtime_args = (char **)runtime_args; +- p.runtime_args_len = runtime_args_len; +- copy_process(&p, process); +- +- ret = create_process_json_file(workdir, &p); ++ ret = preparation_exec(id, runtime, workdir, exec_id, params); + if (ret != 0) { +- ERROR("%s: failed create exec json file", id); ++ ERROR("%s: failed to preparation for exec %s", id, exec_id); + goto del_out; + } + +-- +2.25.1 + diff --git a/0094-add-some-exec-test.patch b/0094-add-some-exec-test.patch new file mode 100644 index 0000000..fb9f707 --- /dev/null +++ b/0094-add-some-exec-test.patch @@ -0,0 +1,57 @@ +From a3d7fc99204f65e63b1686c5e78714627805e239 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Thu, 1 Jun 2023 16:40:23 +0800 +Subject: [PATCH 15/15] add some exec test + +Signed-off-by: zhongtao +--- + CI/test_cases/container_cases/exec.sh | 12 ++++++++++++ + CI/test_cases/container_cases/exec_runc.sh | 9 +++++++++ + 2 files changed, 21 insertions(+) + +diff --git a/CI/test_cases/container_cases/exec.sh b/CI/test_cases/container_cases/exec.sh +index 50a262b6..96ceb884 100755 +--- a/CI/test_cases/container_cases/exec.sh ++++ b/CI/test_cases/container_cases/exec.sh +@@ -36,6 +36,18 @@ function exec_workdir() + isula exec -ti --workdir /workdir cont_workdir pwd | grep "/workdir" + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - workdir is not /workdir failed" && ((ret++)) + ++ isula exec -ti cont_workdir sh -c "echo $HOME | grep '/root'" ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - HOME env is not /root failed" && ((ret++)) ++ ++ isula exec -ti cont_workdir /bin/sh -c 'exit 1' ++ [[ $? -ne 1 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - exit code should be 1" && ((ret++)) ++ ++ isula exec -ti cont_workdir /bin/sh -c 'exit 2' ++ [[ $? -ne 2 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - exit code should be 2" && ((ret++)) ++ ++ isula exec -tid cont_workdir /bin/sh -c 'exit 2' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - exit code should be 0" && ((ret++)) ++ + isula rm -f `isula ps -a -q` + + return ${ret} +diff --git a/CI/test_cases/container_cases/exec_runc.sh b/CI/test_cases/container_cases/exec_runc.sh +index ab394735..f963724e 100755 +--- a/CI/test_cases/container_cases/exec_runc.sh ++++ b/CI/test_cases/container_cases/exec_runc.sh +@@ -44,6 +44,15 @@ function exec_runc_test() + isula exec -it $container_name date + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to exec date" && ((ret++)) + ++ isula exec -ti $container_name /bin/sh -c 'exit 1' ++ [[ $? -ne 1 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - exit code should be 1" && ((ret++)) ++ ++ isula exec -ti $container_name /bin/sh -c 'exit 2' ++ [[ $? -ne 2 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - exit code should be 2" && ((ret++)) ++ ++ isula exec -tid $container_name /bin/sh -c 'exit 2' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - exit code should be 0" && ((ret++)) ++ + ls /var/run/isulad/runc/${ID}/exec/ + ls /var/run/isulad/runc/${ID}/exec/ | wc -l | grep 0 + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - residual dir after success exec" && ((ret++)) +-- +2.25.1 + diff --git a/0095-2079-clean-network-reosurces-if-runpodsandbox-failed.patch b/0095-2079-clean-network-reosurces-if-runpodsandbox-failed.patch new file mode 100644 index 0000000..bd1e658 --- /dev/null +++ b/0095-2079-clean-network-reosurces-if-runpodsandbox-failed.patch @@ -0,0 +1,333 @@ +From bafac55f6981d7d602e27277baf7b24ecad09306 Mon Sep 17 00:00:00 2001 +From: zhangxiaoyu +Date: Wed, 19 Jul 2023 07:36:00 +0000 +Subject: [PATCH] !2079 clean network reosurces if runpodsandbox failed * clean + network reosurces if runpodsandbox failed + +--- + .../cri_pod_sandbox_manager_service_impl.cc | 122 +++++++++++------- + .../cri_pod_sandbox_manager_service_impl.h | 9 +- + .../executor/container_cb/execution_create.c | 12 +- + .../modules/api/network_namespace_api.h | 1 + + .../oci/storage/image_store/image_store.c | 2 +- + .../modules/runtime/isula/isula_rt_ops.c | 2 +- + .../modules/service/network_namespace_api.c | 22 ++++ + test/cutils/utils_utils/utils_utils_ut.cc | 2 +- + 8 files changed, 120 insertions(+), 52 deletions(-) + +diff --git a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc +index 1cb3254d..91ca2735 100644 +--- a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc ++++ b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc +@@ -485,10 +485,9 @@ cleanup: + } + + void PodSandboxManagerServiceImpl::SetupSandboxNetwork(const runtime::v1alpha2::PodSandboxConfig &config, +- const std::string &response_id, +- const std::string &jsonCheckpoint, const container_inspect *inspect_data, Errors &error) ++ const std::string &response_id, const std::string &jsonCheckpoint, ++ const container_inspect *inspect_data, std::map &stdAnnos, Errors &error) + { +- std::map stdAnnos; + std::map networkOptions; + + // Setup sandbox files +@@ -525,9 +524,81 @@ void PodSandboxManagerServiceImpl::SetupSandboxNetwork(const runtime::v1alpha2:: + Network::DEFAULT_NETWORK_INTERFACE_NAME, response_id, stdAnnos, networkOptions, error); + if (error.NotEmpty()) { + ERROR("SetupPod failed: %s", error.GetCMessage()); ++ return; ++ } ++ ++ SetNetworkReady(response_id, true, error); ++ DEBUG("set %s network ready", response_id.c_str()); ++} ++ ++void PodSandboxManagerServiceImpl::SetupNetowrkAndStartPodSandbox(const runtime::v1alpha2::PodSandboxConfig &config, ++ const container_inspect *inspect_data, ++ std::string &response_id, std::string &jsonCheckpoint, ++ Errors &error) ++{ ++ std::map stdAnnos; ++ char *netnsPath = nullptr; ++ ++ netnsPath = get_sandbox_key(inspect_data); ++ if (netnsPath == nullptr || !util_file_exists(netnsPath)) { ++ error.Errorf("Network namespace not exist"); ++ ERROR("Network namespace not exist for %s", response_id.c_str()); ++ goto cleanup; ++ } ++ ++ if (util_mount_namespace(netnsPath) != 0) { ++ error.Errorf("Failed to mount network namespace"); ++ ERROR("Failed to mount network namespace for %s", response_id.c_str()); ++ goto cleanup; ++ } ++ ++ // Step 5: Setup networking for the sandbox. ++ SetupSandboxNetwork(config, response_id, jsonCheckpoint, inspect_data, stdAnnos, error); ++ if (error.NotEmpty()) { ++ util_umount_namespace(netnsPath); ++ goto cleanup; ++ } ++ ++ // Step 6: Start the sandbox container. ++ StartSandboxContainer(response_id, error); ++ if (error.NotEmpty()) { ++ std::vector errlist; ++ if (ClearCniNetwork(response_id, config.linux().security_context().namespace_options().network() == ++ runtime::v1alpha2::NamespaceMode::NODE, config.metadata().namespace_(), ++ config.metadata().name(), errlist, stdAnnos, error) != 0) { ++ Errors tmpErr; ++ tmpErr.SetAggregate(errlist); ++ ERROR("Failed to clear cni network: %s", tmpErr.GetCMessage()); ++ } ++ // network namespace is umount in ClearCniNetwork ++ goto cleanup; ++ } ++ ++cleanup: ++ free(netnsPath); ++} ++ ++void PodSandboxManagerServiceImpl::StartPodSandboxAndSetupNetowrk(const runtime::v1alpha2::PodSandboxConfig &config, ++ const container_inspect *inspect_data, ++ std::string &response_id, std::string &jsonCheckpoint, ++ Errors &error) ++{ ++ std::map stdAnnos; ++ ++ // Step 5: Start the sandbox container. ++ StartSandboxContainer(response_id, error); ++ if (error.NotEmpty()) { ++ return; + } + +- return; ++ SetupSandboxNetwork(config, response_id, jsonCheckpoint, inspect_data, stdAnnos, error); ++ if (error.NotEmpty()) { ++ Errors tmpErr; ++ StopContainerHelper(response_id, tmpErr); ++ if (tmpErr.NotEmpty()) { ++ ERROR("Failed to stop container: %s", tmpErr.GetCMessage()); ++ } ++ } + } + + auto PodSandboxManagerServiceImpl::RunPodSandbox(const runtime::v1alpha2::PodSandboxConfig &config, +@@ -536,7 +607,6 @@ auto PodSandboxManagerServiceImpl::RunPodSandbox(const runtime::v1alpha2::PodSan + std::string response_id; + std::string jsonCheckpoint; + container_inspect *inspect_data = nullptr; +- char *netnsPath = nullptr; + + if (m_cb == nullptr || m_cb->container.create == nullptr || m_cb->container.start == nullptr) { + error.SetError("Unimplemented callback"); +@@ -576,49 +646,13 @@ auto PodSandboxManagerServiceImpl::RunPodSandbox(const runtime::v1alpha2::PodSan + } + + if (namespace_is_file(inspect_data->host_config->network_mode)) { +- netnsPath = get_sandbox_key(inspect_data); +- if (!util_file_exists(netnsPath) || util_mount_namespace(netnsPath) != 0) { +- error.Errorf("Failed to mount network namespace"); +- ERROR("Failed to mount network namespace"); +- goto cleanup; +- } +- } +- +- // Step 5: Setup networking for the sandbox. +- if (namespace_is_file(inspect_data->host_config->network_mode)) { +- SetupSandboxNetwork(config, response_id, jsonCheckpoint, inspect_data, error); +- if (error.NotEmpty()) { +- goto cleanup; +- } +- } +- +- // Step 6: Start the sandbox container. +- StartSandboxContainer(response_id, error); +- if (error.NotEmpty()) { +- goto cleanup; +- } +- +- // If netns mode is not file, setup network after start sandbox container +- if (!namespace_is_file(inspect_data->host_config->network_mode)) { +- SetupSandboxNetwork(config, response_id, jsonCheckpoint, inspect_data, error); +- if (error.NotEmpty()) { +- StopContainerHelper(response_id, error); +- goto cleanup; +- } ++ SetupNetowrkAndStartPodSandbox(config, inspect_data, response_id, jsonCheckpoint, error); ++ } else { ++ StartPodSandboxAndSetupNetowrk(config, inspect_data, response_id, jsonCheckpoint, error); + } + + cleanup: +- if (error.Empty()) { +- SetNetworkReady(response_id, true, error); +- DEBUG("set %s ready", response_id.c_str()); +- error.Clear(); +- } else { +- if (netnsPath != nullptr && remove_network_namespace(netnsPath) != 0) { +- ERROR("Failed to remove network namespace"); +- } +- } + free_container_inspect(inspect_data); +- free(netnsPath); + return response_id; + } + +diff --git a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.h b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.h +index f7c0aa00..6b98641e 100644 +--- a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.h ++++ b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.h +@@ -83,7 +83,14 @@ private: + void SetNetworkReady(const std::string &podSandboxID, bool ready, Errors &error); + void StartSandboxContainer(const std::string &response_id, Errors &error); + void SetupSandboxNetwork(const runtime::v1alpha2::PodSandboxConfig &config, const std::string &response_id, +- const std::string &jsonCheckpoint, const container_inspect *inspect_data, Errors &error); ++ const std::string &jsonCheckpoint, const container_inspect *inspect_data, ++ std::map &stdAnnos, Errors &error); ++ void SetupNetowrkAndStartPodSandbox(const runtime::v1alpha2::PodSandboxConfig &config, ++ const container_inspect *inspect_data, std::string &response_id, ++ std::string &jsonCheckpoint, Errors &error); ++ void StartPodSandboxAndSetupNetowrk(const runtime::v1alpha2::PodSandboxConfig &config, ++ const container_inspect *inspect_data, std::string &response_id, ++ std::string &jsonCheckpoint, Errors &error); + void SetupSandboxFiles(const std::string &resolvPath, const runtime::v1alpha2::PodSandboxConfig &config, + Errors &error); + void StopContainerHelper(const std::string &containerID, Errors &error); +diff --git a/src/daemon/executor/container_cb/execution_create.c b/src/daemon/executor/container_cb/execution_create.c +index a039ba6b..29b5fc5e 100644 +--- a/src/daemon/executor/container_cb/execution_create.c ++++ b/src/daemon/executor/container_cb/execution_create.c +@@ -1477,13 +1477,13 @@ int container_create_cb(const container_create_request *request, container_creat + if (merge_config_for_syscontainer(request, host_spec, v2_spec->config, oci_spec) != 0) { + ERROR("Failed to merge config for syscontainer"); + cc = ISULAD_ERR_EXEC; +- goto umount_shm; ++ goto clean_netns; + } + + if (merge_network(host_spec, request->rootfs, runtime_root, id, container_spec->hostname) != 0) { + ERROR("Failed to merge network config"); + cc = ISULAD_ERR_EXEC; +- goto umount_shm; ++ goto clean_netns; + } + + /* modify oci_spec by plugin. */ +@@ -1491,14 +1491,14 @@ int container_create_cb(const container_create_request *request, container_creat + ERROR("Plugin event pre create failed"); + (void)plugin_event_container_post_remove2(id, oci_spec); /* ignore error */ + cc = ISULAD_ERR_EXEC; +- goto umount_shm; ++ goto clean_netns; + } + + host_channel = dup_host_channel(host_spec->host_channel); + if (prepare_host_channel(host_channel, host_spec->user_remap)) { + ERROR("Failed to prepare host channel"); + cc = ISULAD_ERR_EXEC; +- goto umount_shm; ++ goto clean_netns; + } + + if (verify_container_settings(oci_spec) != 0) { +@@ -1533,6 +1533,10 @@ int container_create_cb(const container_create_request *request, container_creat + + umount_channel: + umount_host_channel(host_channel); ++clean_netns: ++ if (namespace_is_file(host_spec->network_mode) && v2_spec->network_settings != NULL) { ++ (void)remove_network_namespace_file(v2_spec->network_settings->sandbox_key); ++ } + umount_shm: + umount_shm_by_configs(host_spec, v2_spec); + +diff --git a/src/daemon/modules/api/network_namespace_api.h b/src/daemon/modules/api/network_namespace_api.h +index 9a18b1c0..f6201771 100644 +--- a/src/daemon/modules/api/network_namespace_api.h ++++ b/src/daemon/modules/api/network_namespace_api.h +@@ -26,6 +26,7 @@ extern "C" { + + int prepare_network_namespace(const char *netns_path); + int remove_network_namespace(const char *netns); ++int remove_network_namespace_file(const char *netns_path); + char *get_sandbox_key(const container_inspect *inspect_data); + + #ifdef __cplusplus +diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c +index aad8329e..daf08c85 100644 +--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c ++++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c +@@ -448,7 +448,7 @@ static image_t *by_digest(const char *name) + { + digest_image_t *digest_filter_images = NULL; + char *digest = NULL; +- ++ + // split digest for image name with digest + digest = strrchr(name, '@'); + if (digest == NULL || util_reg_match(__DIGESTPattern, digest)) { +diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c +index 9adaf613..0f18926a 100644 +--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c ++++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c +@@ -795,7 +795,7 @@ realexec: + /* real shim process. */ + close(shim_stderr_pipe[0]); + close(shim_stdout_pipe[0]); +- ++ + if (setsid() < 0) { + (void)dprintf(shim_stderr_pipe[1], "%s: failed setsid for process %d", id, getpid()); + exit(EXIT_FAILURE); +diff --git a/src/daemon/modules/service/network_namespace_api.c b/src/daemon/modules/service/network_namespace_api.c +index e28e6f74..4cf44b6a 100644 +--- a/src/daemon/modules/service/network_namespace_api.c ++++ b/src/daemon/modules/service/network_namespace_api.c +@@ -62,6 +62,28 @@ int remove_network_namespace(const char *netns_path) + return 0; + } + ++int remove_network_namespace_file(const char *netns_path) ++{ ++ int get_err = 0; ++ ++ if (netns_path == NULL) { ++ ERROR("Invalid netns path"); ++ return -1; ++ } ++ ++ if (!util_file_exists(netns_path)) { ++ WARN("Namespace file does not exist"); ++ return 0; ++ } ++ ++ if (!util_force_remove_file(netns_path, &get_err)) { ++ ERROR("Failed to remove file %s, error: %s", netns_path, strerror(get_err)); ++ return -1; ++ } ++ ++ return 0; ++} ++ + char *get_sandbox_key(const container_inspect *inspect_data) + { + char *sandbox_key = NULL; +diff --git a/test/cutils/utils_utils/utils_utils_ut.cc b/test/cutils/utils_utils/utils_utils_ut.cc +index 79583174..0d77820a 100644 +--- a/test/cutils/utils_utils/utils_utils_ut.cc ++++ b/test/cutils/utils_utils/utils_utils_ut.cc +@@ -21,7 +21,7 @@ static pid_t test_pid = -1; + + extern "C" { + DECLARE_WRAPPER_V(waitpid, pid_t, (__pid_t pid, int *stat_loc, int options)); +- DEFINE_WRAPPER_V(waitpid, pid_t, (__pid_t pid, int *stat_loc, int options),(pid, stat_loc, options)); ++ DEFINE_WRAPPER_V(waitpid, pid_t, (__pid_t pid, int *stat_loc, int options), (pid, stat_loc, options)); + } + + static pid_t waitpid_none_zero(__pid_t pid, int *stat_loc, int options) +-- +2.25.1 + diff --git a/iSulad.spec b/iSulad.spec index d4d8e93..04cfe1c 100644 --- a/iSulad.spec +++ b/iSulad.spec @@ -1,5 +1,5 @@ %global _version 2.0.18 -%global _release 9 +%global _release 10 %global is_systemd 1 %global enable_shimv2 1 %global is_embedded 1 @@ -92,6 +92,22 @@ Patch0076: 0076-fix-don-t-cleanup-when-remote-ro-is-enabled.patch Patch0077: 0077-fix-layer-imcomplete-cause-isulad-core.patch Patch0078: 0078-add-load-layer-testcase.patch Patch0079: 0079-2037-archive-reader-close-if-copy-to-container-faile.patch +Patch0080: 0080-RO-refactor-remote-ro-code.patch +Patch0081: 0081-fix-lose-ipc-shm-mount-point.patch +Patch0082: 0082-CI-add-testcase-for-ipc-ns.patch +Patch0083: 0083-fix-inspect-image-by-digest.patch +Patch0084: 0084-add-isulad-basic-image-test-with-digest.patch +Patch0085: 0085-return-non-zero-if-copy-invalid.patch +Patch0086: 0086-add-invalid-copy-testcase.patch +Patch0087: 0087-2048-fix-some-code-check-error.patch +Patch0088: 0088-2046-reinforce-cri_stream.sh-and-health_check.sh.patch +Patch0089: 0089-2047-distinguishing-exit-codes-between-shim-and-cont.patch +Patch0090: 0090-2052-fix-some-codecheck.patch +Patch0091: 0091-disable-the-exec-timeout-function-for-kata-runtime.patch +Patch0092: 0092-debug-improve-debug-message-for-gc-containers.patch +Patch0093: 0093-refactor-rt_isula_exec-and-shim-log.patch +Patch0094: 0094-add-some-exec-test.patch +Patch0095: 0095-2079-clean-network-reosurces-if-runpodsandbox-failed.patch %ifarch x86_64 aarch64 Provides: libhttpclient.so()(64bit) @@ -336,6 +352,12 @@ fi %endif %changelog +* Wed Jul 19 2023 zhongtao - 2.0.18-10 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: upgrade from upstream + * Thu Jun 01 2023 zhangxiaoyu - 2.0.18-9 - Type: bugfix - ID: NA