From b3373e04e420d448bb638407f9d36c5033f85f14 Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Sat, 20 Jan 2024 13:32:22 +0800
Subject: [PATCH 188/198] update annotations and add ci cases

Signed-off-by: jikai <jikai11@huawei.com>
---
 .../container_cases/dev_cgroup_rule.sh        | 24 ++++++++++++
 src/daemon/modules/api/specs_api.h            |  2 +
 .../modules/service/service_container.c       | 18 ++++++++-
 src/daemon/modules/spec/specs.c               | 38 +++++++++++++++++++
 4 files changed, 80 insertions(+), 2 deletions(-)

diff --git a/CI/test_cases/container_cases/dev_cgroup_rule.sh b/CI/test_cases/container_cases/dev_cgroup_rule.sh
index 839a546c..5616d37a 100755
--- a/CI/test_cases/container_cases/dev_cgroup_rule.sh
+++ b/CI/test_cases/container_cases/dev_cgroup_rule.sh
@@ -29,6 +29,9 @@ function test_cpu_dev_cgoup_rule_spec()
     local image="busybox"
     local test="container device cgroup rule test with (${runtime}) => (${FUNCNAME[@]})"
     local test_dev="/dev/testA"
+    local default_config="/etc/default/isulad/config.json"
+    local default_config_bak="/etc/default/isulad/config.json.bak"
+    local test_cgroup_parent="/testABC"
 
     msg_info "${test} starting..."
 
@@ -54,6 +57,27 @@ function test_cpu_dev_cgoup_rule_spec()
     [[ $? -ne 0 ]] && [[ $cnt -le $priv_minor_88_cnt ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device minor failed" && ((ret++))
     isula rm -f $priv_cid
 
+    def_cid=$(isula run -tid --runtime $runtime -m 10m $image /bin/sh)
+    [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - run container failed" && ((ret++))
+    cp $default_config $default_config_bak
+    sed -i '/"linux": {/a \ \t\t"devices": [\n\t\t{\n\t\t\t"type": "c",\n\t\t\t"path": "\/dev\/testABC",\n\t\t\t"major": 88,\n\t\t\t"minor": 88\n\t\t}\n\t\t],' $default_config
+    stop_isulad_without_valgrind
+    start_isulad_with_valgrind --cgroup-parent $test_cgroup_parent
+    [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++))
+    isula restart -t 0 $def_cid
+    [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - restart container failed" && ((ret++))
+    cat /sys/fs/cgroup/memory/$test_cgroup_parent/$def_cid/memory.limit_in_bytes | grep ^10485760$
+    [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - --cgroup-parent cannot work" && ((ret++))
+    cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$def_cid/config.json | grep "major\": 88" | wc -l)
+    [[ $? -ne 0 ]]&& [[ $cnt -ne 2 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device major failed" && ((ret++))
+    cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$def_cid/config.json | grep "minor\": 88" | wc -l)
+    [[ $? -ne 0 ]] && [[ $cnt -ne 2 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device minor failed" && ((ret++))
+    isula rm -f $def_cid
+    cp $default_config_bak $default_config
+    stop_isulad_without_valgrind
+    start_isulad_with_valgrind
+    [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++))
+
     cid=$(isula run -tid --device "$test_dev:$test_dev" --runtime $runtime $image /bin/sh)
     [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - run container failed" && ((ret++))
     cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$cid/config.json | grep "major\": 88" | wc -l)
diff --git a/src/daemon/modules/api/specs_api.h b/src/daemon/modules/api/specs_api.h
index f48f0bda..1a5a6ecc 100644
--- a/src/daemon/modules/api/specs_api.h
+++ b/src/daemon/modules/api/specs_api.h
@@ -40,6 +40,8 @@ int parse_security_opt(const host_config *host_spec, bool *no_new_privileges, ch
 int merge_share_namespace(oci_runtime_spec *oci_spec, const host_config *host_spec,
                           const container_config_v2_common_config_network_settings *network_settings);
 
+int update_spec_annotations(oci_runtime_spec *oci_spec, container_config *container_spec, host_config *host_spec);
+
 const oci_runtime_spec *get_readonly_default_oci_spec(bool system_container);
 
 int spec_module_init(void);
diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
index a5c12862..99e94e81 100644
--- a/src/daemon/modules/service/service_container.c
+++ b/src/daemon/modules/service/service_container.c
@@ -683,11 +683,18 @@ out:
     epoll_loop_close(&descr);
 }
 
-static int do_oci_spec_update(const char *id, oci_runtime_spec *oci_spec, host_config *hostconfig)
+static int do_oci_spec_update(const char *id, oci_runtime_spec *oci_spec, container_config *container_spec, host_config *hostconfig)
 {
     char *cgroup_parent = NULL;
     int ret;
 
+    // First renew annotations for oci spec, cgroup path, rootfs.mount, native.mask
+    // for iSulad daemon might get updated
+    ret = update_spec_annotations(oci_spec, container_spec, hostconfig);
+    if (ret < 0) {
+        return -1;
+    }
+
     // If isulad daemon cgroup parent updated, we should update this config into oci spec
     cgroup_parent = merge_container_cgroups_path(id, hostconfig);
     if (cgroup_parent == NULL) {
@@ -795,13 +802,20 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo
     }
 
     // Update possible changes
-    nret = do_oci_spec_update(id, oci_spec, cont->hostconfig);
+    nret = do_oci_spec_update(id, oci_spec, cont->common_config->config, cont->hostconfig);
     if (nret != 0) {
         ERROR("Failed to update possible changes for oci spec");
         ret = -1;
         goto close_exit_fd;
     }
 
+    nret = container_to_disk(cont);
+    if (nret != 0) {
+        ERROR("Failed to save container info to disk");
+        ret = -1;
+        goto close_exit_fd;
+    }
+
     nret = setup_ipc_dirs(cont->hostconfig, cont->common_config);
     if (nret != 0) {
         ERROR("Failed to setup ipc dirs");
diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c
index 316e9c92..8a112496 100644
--- a/src/daemon/modules/spec/specs.c
+++ b/src/daemon/modules/spec/specs.c
@@ -386,6 +386,44 @@ out:
     return ret;
 }
 
+int update_spec_annotations(oci_runtime_spec *oci_spec, container_config *container_spec, host_config *host_spec)
+{
+    int ret = 0;
+    if (oci_spec == NULL || container_spec == NULL || host_spec == NULL) {
+        return -1;
+    }
+
+    ret = make_sure_container_spec_annotations(container_spec);
+    if (ret < 0) {
+        return -1;
+    }
+
+    ret = make_annotations_cgroup_dir(container_spec, host_spec);
+    if (ret != 0) {
+        return -1;
+    }
+
+    /* add rootfs.mount */
+    ret = add_rootfs_mount(container_spec);
+    if (ret != 0) {
+        ERROR("Failed to add rootfs mount");
+        return -1;
+    }
+
+    /* add native.umask */
+    ret = add_native_umask(container_spec);
+    if (ret != 0) {
+        ERROR("Failed to add native umask");
+        return -1;
+    }
+
+    if (merge_annotations(oci_spec, container_spec)) {
+        return -1;
+    }
+
+    return 0;
+}
+
 /* default_spec returns default oci spec used by isulad. */
 oci_runtime_spec *default_spec(bool system_container)
 {
-- 
2.25.1