From 3b4b08f18af53795b618718d62a6908f62e4338b Mon Sep 17 00:00:00 2001 From: jikai Date: Tue, 11 Jun 2024 08:21:07 +0000 Subject: [PATCH] sync from upstream Signed-off-by: jikai (cherry picked from commit 0a5748543c47e895a44afbc57de2d1ad6f9063d9) --- 0001-fix-update-cpu-rt-period-failed.patch | 4 +- 0002-fix-layer-size-type-as-int64.patch | 4 +- ...apt-to-repo-of-openeuler-url-changed.patch | 4 +- ...sources-json-schema-for-isula-update.patch | 4 +- ...-add-field-for-isulad-daemon-configs.patch | 4 +- 0006-add-files_limit-to-oci-spec.patch | 4 +- 0007-Fix-empty-pointer-and-overflow.patch | 4 +- 0008-CI-checkout-branch-of-lxc.patch | 4 +- ...ck-symbols-and-compile-code-in-cmake.patch | 4 +- 0010-remove-unnecessary-strerror.patch | 4 +- ...-258-improve-code-of-function-in-log.patch | 4 +- ...-to-avoid-invoke-lxc-binary-directly.patch | 4 +- 0013-improve-error-of-lcr-apis.patch | 4 +- ...rite-for-config-secomp-oci_hook-file.patch | 4 +- ...close-fd-if-fdopen-failed-and-add-ut.patch | 4 +- 0016-290-fix-seccomp-write-error.patch | 4 +- 0017-291-restore-using-dev-urandom.patch | 4 +- ...e-fixed-tmp-file-to-write-config-etc.patch | 4 +- ...300-add-blkio-info-for-runtime-stats.patch | 4 +- ...c-config-write-for-partial-file-does.patch | 4 +- ...r-created-spec-only-if-create-failed.patch | 104 ++++++++++++ ...ntial-config-seccomp-ocihook-write-e.patch | 148 ++++++++++++++++++ lcr.spec | 10 +- 23 files changed, 301 insertions(+), 41 deletions(-) create mode 100644 0021-remove-lcr-created-spec-only-if-create-failed.patch create mode 100644 0022-fix-bug-for-potential-config-seccomp-ocihook-write-e.patch diff --git a/0001-fix-update-cpu-rt-period-failed.patch b/0001-fix-update-cpu-rt-period-failed.patch index a810321..36a7456 100644 --- a/0001-fix-update-cpu-rt-period-failed.patch +++ b/0001-fix-update-cpu-rt-period-failed.patch @@ -1,7 +1,7 @@ From 42cf57e75e50457c1a4ee28d286aa4644c9c266a Mon Sep 17 00:00:00 2001 From: songbuhuang <544824346@qq.com> Date: Wed, 8 Feb 2023 10:40:20 +0800 -Subject: [PATCH 01/20] fix update cpu-rt period failed +Subject: [PATCH 01/22] fix update cpu-rt period failed Signed-off-by: songbuhuang <544824346@qq.com> --- @@ -33,5 +33,5 @@ index ac49c50..4c49a28 100644 err_out: return ret; -- -2.33.0 +2.34.1 diff --git a/0002-fix-layer-size-type-as-int64.patch b/0002-fix-layer-size-type-as-int64.patch index 1d20177..3e38db6 100644 --- a/0002-fix-layer-size-type-as-int64.patch +++ b/0002-fix-layer-size-type-as-int64.patch @@ -1,7 +1,7 @@ From 9e9fbc213ce485a53b8dee07ad923369096ae899 Mon Sep 17 00:00:00 2001 From: "Neil.wrz" Date: Mon, 20 Feb 2023 22:24:30 -0800 -Subject: [PATCH 02/20] fix layer size type as int64 +Subject: [PATCH 02/22] fix layer size type as int64 Signed-off-by: Neil.wrz --- @@ -22,5 +22,5 @@ index 44f31db..78cc68c 100644 "digest": { "$ref": "../defs.json#/definitions/digest" -- -2.33.0 +2.34.1 diff --git a/0003-adapt-to-repo-of-openeuler-url-changed.patch b/0003-adapt-to-repo-of-openeuler-url-changed.patch index 24fe261..40e4493 100644 --- a/0003-adapt-to-repo-of-openeuler-url-changed.patch +++ b/0003-adapt-to-repo-of-openeuler-url-changed.patch @@ -1,7 +1,7 @@ From 2e6991000d0e1e42db9f054400949543a1a44520 Mon Sep 17 00:00:00 2001 From: zhongtao Date: Mon, 6 Mar 2023 15:24:59 +0800 -Subject: [PATCH 03/20] adapt to repo of openeuler url changed +Subject: [PATCH 03/22] adapt to repo of openeuler url changed Signed-off-by: zhongtao --- @@ -29,5 +29,5 @@ index ae1e8ef..1a15461 100755 cd ~ -- -2.33.0 +2.34.1 diff --git a/0004-add-cgroup-resources-json-schema-for-isula-update.patch b/0004-add-cgroup-resources-json-schema-for-isula-update.patch index 50e505b..8a5105c 100644 --- a/0004-add-cgroup-resources-json-schema-for-isula-update.patch +++ b/0004-add-cgroup-resources-json-schema-for-isula-update.patch @@ -1,7 +1,7 @@ From 3f1ef0eeb7fe469bfc42e1ea6726ec91a97e165d Mon Sep 17 00:00:00 2001 From: zhongtao Date: Wed, 15 Feb 2023 16:05:39 +0800 -Subject: [PATCH 04/20] add cgroup resources json schema for isula update +Subject: [PATCH 04/22] add cgroup resources json schema for isula update Signed-off-by: zhongtao --- @@ -96,5 +96,5 @@ index 6ed9473..ae77e9d 100644 "type": "object", "properties": { -- -2.33.0 +2.34.1 diff --git a/0005-add-field-for-isulad-daemon-configs.patch b/0005-add-field-for-isulad-daemon-configs.patch index dbf9676..324a463 100644 --- a/0005-add-field-for-isulad-daemon-configs.patch +++ b/0005-add-field-for-isulad-daemon-configs.patch @@ -1,7 +1,7 @@ From 558723cf5f1506538822e716b5b9ae7ee84736f6 Mon Sep 17 00:00:00 2001 From: "Neil.wrz" Date: Wed, 15 Feb 2023 19:11:45 -0800 -Subject: [PATCH 05/20] add field for isulad daemon configs +Subject: [PATCH 05/22] add field for isulad daemon configs Signed-off-by: Neil.wrz --- @@ -23,5 +23,5 @@ index 1332a73..b75e929 100644 "type": "string" }, -- -2.33.0 +2.34.1 diff --git a/0006-add-files_limit-to-oci-spec.patch b/0006-add-files_limit-to-oci-spec.patch index 6ed0ef0..65f9389 100644 --- a/0006-add-files_limit-to-oci-spec.patch +++ b/0006-add-files_limit-to-oci-spec.patch @@ -1,7 +1,7 @@ From fe5de86ac3df1ba26f50f0eacdfb525e52f33573 Mon Sep 17 00:00:00 2001 From: zhongtao Date: Sat, 8 Apr 2023 11:38:50 +0800 -Subject: [PATCH 06/20] add files_limit to oci spec +Subject: [PATCH 06/22] add files_limit to oci spec Signed-off-by: zhongtao --- @@ -33,5 +33,5 @@ index 317cab4..27b2de2 100644 "id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO", "type": "object", -- -2.33.0 +2.34.1 diff --git a/0007-Fix-empty-pointer-and-overflow.patch b/0007-Fix-empty-pointer-and-overflow.patch index 54a2302..45f2c6d 100644 --- a/0007-Fix-empty-pointer-and-overflow.patch +++ b/0007-Fix-empty-pointer-and-overflow.patch @@ -1,7 +1,7 @@ From 2df5066a9741e9534d13bc422dad69bb6a2c12ce Mon Sep 17 00:00:00 2001 From: jikai Date: Mon, 28 Aug 2023 12:59:08 +0000 -Subject: [PATCH 07/20] Fix empty pointer and overflow +Subject: [PATCH 07/22] Fix empty pointer and overflow Signed-off-by: jikai --- @@ -997,5 +997,5 @@ index 88f83d5..56b594b 100644 json_buf[gen_len] = '\\0'; -- -2.33.0 +2.34.1 diff --git a/0008-CI-checkout-branch-of-lxc.patch b/0008-CI-checkout-branch-of-lxc.patch index 31b3958..00a59c9 100644 --- a/0008-CI-checkout-branch-of-lxc.patch +++ b/0008-CI-checkout-branch-of-lxc.patch @@ -1,7 +1,7 @@ From 3ddbf5130eb24e7a2e9f70c3e6c494afa0015e92 Mon Sep 17 00:00:00 2001 From: jikai Date: Tue, 29 Aug 2023 02:38:14 +0000 -Subject: [PATCH 08/20] CI: checkout branch of lxc +Subject: [PATCH 08/22] CI: checkout branch of lxc Signed-off-by: jikai --- @@ -21,5 +21,5 @@ index 1a15461..6595c77 100755 ./apply-patches || exit 1 pushd lxc-4.0.3 -- -2.33.0 +2.34.1 diff --git a/0009-support-check-symbols-and-compile-code-in-cmake.patch b/0009-support-check-symbols-and-compile-code-in-cmake.patch index b89cf6b..b0890e8 100644 --- a/0009-support-check-symbols-and-compile-code-in-cmake.patch +++ b/0009-support-check-symbols-and-compile-code-in-cmake.patch @@ -1,7 +1,7 @@ From 2f0562d56032a563672ae105b7b3ca1b71878526 Mon Sep 17 00:00:00 2001 From: haozi007 Date: Sat, 26 Aug 2023 10:54:02 +0800 -Subject: [PATCH 09/20] support check symbols and compile code in cmake +Subject: [PATCH 09/22] support check symbols and compile code in cmake Signed-off-by: haozi007 --- @@ -33,5 +33,5 @@ index 13c1cdb..27a83d1 100644 + STRERROR_R_CHAR_P +) -- -2.33.0 +2.34.1 diff --git a/0010-remove-unnecessary-strerror.patch b/0010-remove-unnecessary-strerror.patch index e0a997d..52f3b2f 100644 --- a/0010-remove-unnecessary-strerror.patch +++ b/0010-remove-unnecessary-strerror.patch @@ -1,7 +1,7 @@ From 41aa94a5859755ed4ca181043dd442401fd068ea Mon Sep 17 00:00:00 2001 From: haozi007 Date: Tue, 5 Sep 2023 19:35:37 +0800 -Subject: [PATCH 10/20] remove unnecessary strerror +Subject: [PATCH 10/22] remove unnecessary strerror Signed-off-by: haozi007 --- @@ -151,5 +151,5 @@ index c3c1981..9c8a873 100644 return -1; } -- -2.33.0 +2.34.1 diff --git a/0011-258-improve-code-of-function-in-log.patch b/0011-258-improve-code-of-function-in-log.patch index 6537fa4..93f302b 100644 --- a/0011-258-improve-code-of-function-in-log.patch +++ b/0011-258-improve-code-of-function-in-log.patch @@ -1,7 +1,7 @@ From 67db677060c70aa23e6927e99cc2078e219b9d2d Mon Sep 17 00:00:00 2001 From: haozi007 Date: Wed, 6 Sep 2023 11:01:47 +0000 -Subject: [PATCH 11/20] !258 improve code of function in log Merge pull request +Subject: [PATCH 11/22] !258 improve code of function in log Merge pull request !258 from haozi007/stablefix --- @@ -29,5 +29,5 @@ index 2db0d98..43c1d5d 100644 #define COMMAND_ERROR(fmt, args...) \ -- -2.33.0 +2.34.1 diff --git a/0012-265-set-env-to-avoid-invoke-lxc-binary-directly.patch b/0012-265-set-env-to-avoid-invoke-lxc-binary-directly.patch index a06a1b6..f750930 100644 --- a/0012-265-set-env-to-avoid-invoke-lxc-binary-directly.patch +++ b/0012-265-set-env-to-avoid-invoke-lxc-binary-directly.patch @@ -1,7 +1,7 @@ From 235048833fbd12ddb19dee74df5a13a26bfe5e6b Mon Sep 17 00:00:00 2001 From: jake Date: Mon, 18 Sep 2023 11:07:42 +0000 -Subject: [PATCH 12/20] !265 set env to avoid invoke lxc binary directly * set +Subject: [PATCH 12/22] !265 set env to avoid invoke lxc binary directly * set env to avoid invoke lxc binary directly --- @@ -26,5 +26,5 @@ index f65f570..5c69c8e 100644 } -- -2.33.0 +2.34.1 diff --git a/0013-improve-error-of-lcr-apis.patch b/0013-improve-error-of-lcr-apis.patch index a8487a0..3827be3 100644 --- a/0013-improve-error-of-lcr-apis.patch +++ b/0013-improve-error-of-lcr-apis.patch @@ -1,7 +1,7 @@ From ffd58bff069d0d1bde6a6ad14f4c2b81fac237c8 Mon Sep 17 00:00:00 2001 From: haozi007 Date: Thu, 16 Nov 2023 10:58:52 +0800 -Subject: [PATCH 13/20] improve error of lcr apis +Subject: [PATCH 13/22] improve error of lcr apis Signed-off-by: haozi007 --- @@ -165,5 +165,5 @@ index 5c69c8e..4256799 100644 } -- -2.33.0 +2.34.1 diff --git a/0014-288-use-atomic-write-for-config-secomp-oci_hook-file.patch b/0014-288-use-atomic-write-for-config-secomp-oci_hook-file.patch index 2a33d82..4441ec9 100644 --- a/0014-288-use-atomic-write-for-config-secomp-oci_hook-file.patch +++ b/0014-288-use-atomic-write-for-config-secomp-oci_hook-file.patch @@ -1,7 +1,7 @@ From 713d31dfeb4425cfb40f565436504f4056ebe548 Mon Sep 17 00:00:00 2001 From: jake Date: Tue, 21 Nov 2023 02:45:37 +0000 -Subject: [PATCH 14/20] !288 use atomic write for config, secomp, oci_hook +Subject: [PATCH 14/22] !288 use atomic write for config, secomp, oci_hook files * use atomic write for config, secomp, oci_hook files --- @@ -623,5 +623,5 @@ index 6a3764b..51e0dea 100644 int lcr_util_get_real_swap(int64_t memory, int64_t memory_swap, int64_t *swap); int lcr_util_trans_cpushare_to_cpuweight(int64_t cpu_share); -- -2.33.0 +2.34.1 diff --git a/0015-289-close-fd-if-fdopen-failed-and-add-ut.patch b/0015-289-close-fd-if-fdopen-failed-and-add-ut.patch index 5ea125f..9b82125 100644 --- a/0015-289-close-fd-if-fdopen-failed-and-add-ut.patch +++ b/0015-289-close-fd-if-fdopen-failed-and-add-ut.patch @@ -1,7 +1,7 @@ From a83ebe1639b4fa33177254883477ed025fc024c2 Mon Sep 17 00:00:00 2001 From: jake Date: Tue, 21 Nov 2023 07:17:51 +0000 -Subject: [PATCH 15/20] !289 close fd if fdopen failed and add ut * close fd if +Subject: [PATCH 15/22] !289 close fd if fdopen failed and add ut * close fd if fdopen failed * add ut for atomic write --- @@ -208,5 +208,5 @@ index 0000000..8acba29 + ASSERT_EQ(lcr_util_recursive_rmdir("/tmp/lcr-test/", 1), 0); +} -- -2.33.0 +2.34.1 diff --git a/0016-290-fix-seccomp-write-error.patch b/0016-290-fix-seccomp-write-error.patch index 3edf8a5..2fcd1e8 100644 --- a/0016-290-fix-seccomp-write-error.patch +++ b/0016-290-fix-seccomp-write-error.patch @@ -1,7 +1,7 @@ From 6eeab992e06fa74b027d922057cc6d5900d438be Mon Sep 17 00:00:00 2001 From: jake Date: Tue, 21 Nov 2023 12:54:50 +0000 -Subject: [PATCH 16/20] !290 fix seccomp write error * fix seccomp write error +Subject: [PATCH 16/22] !290 fix seccomp write error * fix seccomp write error --- src/lcrcontainer_extend.c | 2 +- @@ -21,5 +21,5 @@ index 9136613..e3c081a 100644 goto cleanup; } -- -2.33.0 +2.34.1 diff --git a/0017-291-restore-using-dev-urandom.patch b/0017-291-restore-using-dev-urandom.patch index 228fbbc..ae11c1d 100644 --- a/0017-291-restore-using-dev-urandom.patch +++ b/0017-291-restore-using-dev-urandom.patch @@ -1,7 +1,7 @@ From a28a87c9dbbc567eebc0eebcd1e7e34db2e68817 Mon Sep 17 00:00:00 2001 From: jake Date: Tue, 21 Nov 2023 13:46:30 +0000 -Subject: [PATCH 17/20] !291 restore using /dev/urandom * restore using +Subject: [PATCH 17/22] !291 restore using /dev/urandom * restore using /dev/urandom --- @@ -25,5 +25,5 @@ index 59d0cea..68e9bc4 100644 } for (i = 0; i < len; i++) { -- -2.33.0 +2.34.1 diff --git a/0018-use-fixed-tmp-file-to-write-config-etc.patch b/0018-use-fixed-tmp-file-to-write-config-etc.patch index 0ea7628..e54c2cd 100644 --- a/0018-use-fixed-tmp-file-to-write-config-etc.patch +++ b/0018-use-fixed-tmp-file-to-write-config-etc.patch @@ -1,7 +1,7 @@ From 4c18c29522fc35f94cae6f1e34e28bbbedef2520 Mon Sep 17 00:00:00 2001 From: jikai Date: Tue, 28 Nov 2023 15:59:48 +0800 -Subject: [PATCH 18/20] use fixed tmp file to write config etc +Subject: [PATCH 18/22] use fixed tmp file to write config etc Signed-off-by: jikai --- @@ -318,5 +318,5 @@ index 8acba29..17f60ed 100644 ASSERT_NE(readcontent, nullptr); ASSERT_STREQ(readcontent, new_content); -- -2.33.0 +2.34.1 diff --git a/0019-300-add-blkio-info-for-runtime-stats.patch b/0019-300-add-blkio-info-for-runtime-stats.patch index 82bb3c4..f7615ab 100644 --- a/0019-300-add-blkio-info-for-runtime-stats.patch +++ b/0019-300-add-blkio-info-for-runtime-stats.patch @@ -1,7 +1,7 @@ From 2bd09ffdb41844387685368497ff6ce8a9100102 Mon Sep 17 00:00:00 2001 From: zhongtao Date: Wed, 29 Nov 2023 09:32:54 +0000 -Subject: [PATCH 19/20] !300 add blkio info for runtime-stats * add blkio info +Subject: [PATCH 19/22] !300 add blkio info for runtime-stats * add blkio info for runtime-stats --- @@ -60,5 +60,5 @@ index ae77e9d..18b34f1 100644 } } -- -2.33.0 +2.34.1 diff --git a/0020-drop-atomic-config-write-for-partial-file-does.patch b/0020-drop-atomic-config-write-for-partial-file-does.patch index 4c20b5d..15184b2 100644 --- a/0020-drop-atomic-config-write-for-partial-file-does.patch +++ b/0020-drop-atomic-config-write-for-partial-file-does.patch @@ -1,7 +1,7 @@ From f1f938732403003206a83a641a0a02a7f82125f7 Mon Sep 17 00:00:00 2001 From: jikai Date: Thu, 30 Nov 2023 19:17:37 +0800 -Subject: [PATCH 20/20] drop atomic config write for partial file does +Subject: [PATCH 20/22] drop atomic config write for partial file does Signed-off-by: jikai --- @@ -654,5 +654,5 @@ index 17f60ed..0000000 - ASSERT_EQ(lcr_util_recursive_rmdir("/tmp/lcr-test/", 1), 0); -} -- -2.33.0 +2.34.1 diff --git a/0021-remove-lcr-created-spec-only-if-create-failed.patch b/0021-remove-lcr-created-spec-only-if-create-failed.patch new file mode 100644 index 0000000..e45142d --- /dev/null +++ b/0021-remove-lcr-created-spec-only-if-create-failed.patch @@ -0,0 +1,104 @@ +From 0b73a6c5d4a3674f24d6c3e0e6bd1bd0c8f5eab2 Mon Sep 17 00:00:00 2001 +From: jikai +Date: Thu, 25 Apr 2024 09:51:14 +0000 +Subject: [PATCH 21/22] remove lcr-created spec only if create failed + +Signed-off-by: jikai +--- + src/lcrcontainer.c | 8 +++---- + src/lcrcontainer_extend.c | 45 +++++++++++++++++++++++++++++++++++++++ + src/lcrcontainer_extend.h | 2 ++ + 3 files changed, 50 insertions(+), 5 deletions(-) + +diff --git a/src/lcrcontainer.c b/src/lcrcontainer.c +index 4256799..71dfe61 100644 +--- a/src/lcrcontainer.c ++++ b/src/lcrcontainer.c +@@ -184,15 +184,13 @@ bool lcr_create(const char *name, const char *lcrpath, void *oci_config) + + bret = true; + out_unlock: ++ if (!bret) { ++ lcr_delete_spec(c, oci_spec); ++ } + if (partial_fd >= 0) { + close(partial_fd); + remove_partial(c); + } +- if (!bret) { +- if (!c->destroy(c)) { +- WARN("Unable to clean lxc resources"); +- } +- } + lxc_container_put(c); + isula_libutils_free_log_prefix(); + return bret; +diff --git a/src/lcrcontainer_extend.c b/src/lcrcontainer_extend.c +index 321be8c..d70f5a6 100644 +--- a/src/lcrcontainer_extend.c ++++ b/src/lcrcontainer_extend.c +@@ -986,3 +986,48 @@ out_free_conf: + return ret; + } + ++ ++static void delete_specific_spec(const char *bundle, const char *name) ++{ ++ char filepath[PATH_MAX] = { 0 }; ++ int nret = snprintf(filepath, sizeof(filepath), "%s/%s", bundle, name); ++ if (nret < 0 || (size_t)nret >= sizeof(filepath)) { ++ ERROR("Failed to print string"); ++ return; ++ } ++ ++ if (unlink(filepath) != 0) { ++ SYSERROR("Failed to delete %s", filepath); ++ return; ++ } ++} ++ ++void lcr_delete_spec(const struct lxc_container *c, oci_runtime_spec *container) ++{ ++ const char *path = NULL; ++ const char *name = NULL; ++ char *bundle = NULL; ++ ++ if (c == NULL || c->name == NULL || container == NULL) { ++ ERROR("Invalid arguments"); ++ return; ++ } ++ ++ path = c->config_path ? c->config_path : LCRPATH; ++ name = c->name; ++ bundle = lcr_get_bundle(path, name); ++ if (bundle == NULL) { ++ return; ++ } ++ ++ if (container->hooks != NULL) { ++ delete_specific_spec(bundle, OCIHOOKSFILE); ++ } ++ ++ delete_specific_spec(bundle, "config"); ++ ++ // There might not exist seccomp file, try to delete anyway ++ delete_specific_spec(bundle, "seccomp"); ++ ++ free(bundle); ++} +diff --git a/src/lcrcontainer_extend.h b/src/lcrcontainer_extend.h +index f524a4a..5a55b10 100644 +--- a/src/lcrcontainer_extend.h ++++ b/src/lcrcontainer_extend.h +@@ -78,6 +78,8 @@ bool lcr_save_spec(const char *name, const char *lcrpath, const struct lcr_list + + bool translate_spec(const struct lxc_container *c, oci_runtime_spec *container); + ++void lcr_delete_spec(const struct lxc_container *c, oci_runtime_spec *container); ++ + #ifdef __cplusplus + } + #endif +-- +2.34.1 + diff --git a/0022-fix-bug-for-potential-config-seccomp-ocihook-write-e.patch b/0022-fix-bug-for-potential-config-seccomp-ocihook-write-e.patch new file mode 100644 index 0000000..9a93514 --- /dev/null +++ b/0022-fix-bug-for-potential-config-seccomp-ocihook-write-e.patch @@ -0,0 +1,148 @@ +From ade392429a7682b918777ba7eb210f3789c98b4a Mon Sep 17 00:00:00 2001 +From: jikai +Date: Mon, 29 Apr 2024 16:43:51 +0800 +Subject: [PATCH 22/22] fix bug for potential config/seccomp/ocihook write + error + +Signed-off-by: jikai +--- + src/lcrcontainer_extend.c | 18 ++++++++++++------ + src/utils.c | 30 ++++++++++++++++++++++++++++++ + src/utils.h | 1 + + 3 files changed, 43 insertions(+), 6 deletions(-) + +diff --git a/src/lcrcontainer_extend.c b/src/lcrcontainer_extend.c +index d70f5a6..261cf1d 100644 +--- a/src/lcrcontainer_extend.c ++++ b/src/lcrcontainer_extend.c +@@ -352,6 +352,7 @@ static int lcr_spec_write_seccomp_line(int fd, const char *seccomp) + char *line = NULL; + int ret = -1; + int nret; ++ ssize_t nwritten = -1; + + if (strlen(seccomp) > SIZE_MAX - strlen("lxc.seccomp.profile") - 3 - 1) { + ERROR("the length of lxc.seccomp is too long!"); +@@ -375,7 +376,8 @@ static int lcr_spec_write_seccomp_line(int fd, const char *seccomp) + nret = (int)(len - 1); + } + line[nret] = '\n'; +- if (write(fd, line, len) == -1) { ++ nwritten = lcr_util_write_nointr_in_total(fd, line, len); ++ if (nwritten < 0 || (size_t)nwritten != len) { + SYSERROR("Write file failed"); + goto cleanup; + } +@@ -391,7 +393,7 @@ static char *lcr_save_seccomp_file(const char *bundle, const char *seccomp_conf) + char *real_seccomp = NULL; + int fd = -1; + int nret; +- ssize_t written_cnt; ++ ssize_t nwritten = -1; + + nret = snprintf(seccomp, sizeof(seccomp), "%s/seccomp", bundle); + if (nret < 0 || (size_t)nret >= sizeof(seccomp)) { +@@ -410,9 +412,9 @@ static char *lcr_save_seccomp_file(const char *bundle, const char *seccomp_conf) + goto cleanup; + } + +- written_cnt = write(fd, seccomp_conf, strlen(seccomp_conf)); ++ nwritten = lcr_util_write_nointr(fd, seccomp_conf, strlen(seccomp_conf)); + close(fd); +- if (written_cnt == -1) { ++ if (nwritten < 0 || (size_t)nwritten != strlen(seccomp_conf)) { + SYSERROR("write seccomp_conf failed"); + goto cleanup; + } +@@ -710,6 +712,7 @@ static int lcr_spec_write_config(int fd, const struct lcr_list *lcr_conf) + lcr_config_item_t *item = it->elem; + int nret; + size_t encode_len; ++ ssize_t nwritten = -1; + if (item != NULL) { + if (strlen(item->value) > ((SIZE_MAX - strlen(item->name)) - 4)) { + goto cleanup; +@@ -737,7 +740,8 @@ static int lcr_spec_write_config(int fd, const struct lcr_list *lcr_conf) + encode_len = strlen(line_encode); + + line_encode[encode_len] = '\n'; +- if (write(fd, line_encode, encode_len + 1) == -1) { ++ nwritten = lcr_util_write_nointr_in_total(fd, line_encode, encode_len + 1); ++ if (nwritten < 0 || (size_t)nwritten != encode_len + 1) { + SYSERROR("Write file failed"); + goto cleanup; + } +@@ -862,6 +866,7 @@ static int lcr_write_file(const char *path, const char *data, size_t len) + char *real_path = NULL; + int fd = -1; + int ret = -1; ++ ssize_t nwritten = -1; + + if (path == NULL || strlen(path) == 0 || data == NULL || len == 0) { + return -1; +@@ -879,7 +884,8 @@ static int lcr_write_file(const char *path, const char *data, size_t len) + goto out_free; + } + +- if (write(fd, data, len) == -1) { ++ nwritten = lcr_util_write_nointr_in_total(fd, data, len); ++ if (nwritten < 0 || (size_t)nwritten != len) { + SYSERROR("write data to %s failed", real_path); + goto out_free; + } +diff --git a/src/utils.c b/src/utils.c +index b999509..1279f8a 100644 +--- a/src/utils.c ++++ b/src/utils.c +@@ -1040,6 +1040,36 @@ int lcr_util_build_dir(const char *name) + return 0; + } + ++ssize_t lcr_util_write_nointr_in_total(int fd, const char *buf, size_t count) ++{ ++ size_t nwritten; ++ ++ if (buf == NULL) { ++ return -1; ++ } ++ ++ if (count > SSIZE_MAX) { ++ ERROR("Too large data to write"); ++ return -1; ++ } ++ ++ for (nwritten = 0; nwritten < count;) { ++ ssize_t nret; ++ nret = write(fd, buf + nwritten, count - nwritten); ++ if (nret < 0) { ++ if (errno == EINTR || errno == EAGAIN) { ++ continue; ++ } else { ++ return nret; ++ } ++ } else { ++ nwritten += nret; ++ } ++ } ++ ++ return (ssize_t)nwritten; ++} ++ + /* util write nointr */ + ssize_t lcr_util_write_nointr(int fd, const void *buf, size_t count) + { +diff --git a/src/utils.h b/src/utils.h +index 2fe4f1e..d248c39 100644 +--- a/src/utils.h ++++ b/src/utils.h +@@ -206,6 +206,7 @@ char *lcr_util_string_append(const char *post, const char *pre); + char *lcr_util_string_split_prefix(size_t prefix_len, const char *file); + + int lcr_util_build_dir(const char *name); ++ssize_t lcr_util_write_nointr_in_total(int fd, const char *buf, size_t count); + ssize_t lcr_util_write_nointr(int fd, const void *buf, size_t count); + ssize_t lcr_util_read_nointr(int fd, void *buf, size_t count); + +-- +2.34.1 + diff --git a/lcr.spec b/lcr.spec index 85eb67a..a1169ab 100644 --- a/lcr.spec +++ b/lcr.spec @@ -1,5 +1,5 @@ %global _version 2.0.9 -%global _release 9 +%global _release 10 %global _inner_name isula_libutils Name: lcr @@ -32,6 +32,8 @@ Patch0017: 0017-291-restore-using-dev-urandom.patch Patch0018: 0018-use-fixed-tmp-file-to-write-config-etc.patch Patch0019: 0019-300-add-blkio-info-for-runtime-stats.patch Patch0020: 0020-drop-atomic-config-write-for-partial-file-does.patch +Patch0021: 0021-remove-lcr-created-spec-only-if-create-failed.patch +Patch0022: 0022-fix-bug-for-potential-config-seccomp-ocihook-write-e.patch %define lxcver_lower 4.0.3-2022102400 %define lxcver_upper 4.0.3-2022102500 @@ -115,6 +117,12 @@ rm -rf %{buildroot} %{_includedir}/%{_inner_name}/*.h %changelog +* Tue Jun 11 2024 jikai - 2.0.9-10 +- Type:enhancement +- CVE:NA +- SUG:NA +- DESC:sync from upstream + * Fri Feb 2 2024 peng.zou - 2.0.9-9 - Type:enhancement - CVE:NA