runc: fix the bug when runc failed to update fat container memory value

(cherry picked from commit 60f4c86d10a6abe0ff9af1da3313b11ff4a19a5d)
2023-11-21 13:56:08 +08:00 · 2023-11-21 13:56:08 +08:00 · c42c72d0fe
commit c42c72d0fe
parent cdd1fdd721
3 changed files with 59 additions and 1 deletions
--- a/patch/0144-runc-update-skip-devices.patch
+++ b/patch/0144-runc-update-skip-devices.patch
@ -0,0 +1,51 @@
+From 7b96ad2cf26044827cd0da53d5a0735a31aeab0a Mon Sep 17 00:00:00 2001
+From: TDnorthgarden <tdnorthgarden@gmail.com>
+Date: Sat, 7 Oct 2023 15:29:43 +0800
+Subject: [PATCH] runc update: skip devices
+
+---
+ libcontainer/cgroups/fs/devices.go  | 2 +-
+ libcontainer/configs/cgroup_unix.go | 2 ++
+ update.go                           | 2 ++
+ 3 files changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/libcontainer/cgroups/fs/devices.go b/libcontainer/cgroups/fs/devices.go
+index 478b5db..799f062 100644
+--- a/libcontainer/cgroups/fs/devices.go
+++ b/libcontainer/cgroups/fs/devices.go
+@@ -52,7 +52,7 @@ func readCgroupDeviceMap(dir string) (map[string]bool, error) {
+ }
+ 
+ func (s *DevicesGroup) Set(path string, cgroup *configs.Cgroup) error {
+-	if system.RunningInUserNS() {
+	if system.RunningInUserNS() || cgroup.Resources.SkipDevices {
+ 		return nil
+ 	}
+ 
+diff --git a/libcontainer/configs/cgroup_unix.go b/libcontainer/configs/cgroup_unix.go
+index acf0562..618a43d 100644
+--- a/libcontainer/configs/cgroup_unix.go
+++ b/libcontainer/configs/cgroup_unix.go
+@@ -130,4 +130,6 @@ type Resources struct {
+ 
+ 	// Set class identifier for container's network packets
+ 	NetClsClassid uint32 `json:"net_cls_classid_u"`
+
+	SkipDevices bool `json:"-"`
+ }
+diff --git a/update.go b/update.go
+index 226a18a..c929f8f 100644
+--- a/update.go
+++ b/update.go
+@@ -254,6 +254,8 @@ other options are ignored.
+ 		config.Cgroups.Resources.MemorySwap = *r.Memory.Swap
+ 		config.Cgroups.Resources.PidsLimit = r.Pids.Limit
+ 
+		config.Cgroups.Resources.SkipDevices = true
+
+ 		return container.Set(config)
+ 	},
+ }
+-- 
+2.27.0
+
--- a/runc.spec
+++ b/runc.spec
@ -2,7 +2,7 @@

 Name: docker-runc
 Version: 1.0.0.rc3
-Release: 218
+Release: 219
 Summary: runc is a CLI tool for spawning and running containers according to the OCI specification.

 License: ASL 2.0
@ -41,6 +41,12 @@ install -p -m 755 runc $RPM_BUILD_ROOT/%{_bindir}/runc
 %{_bindir}/runc

 %changelog
+* Tue Nov 21 2023 zhangbowei<zhangbowei@kylinos.cn> - 1.0.0.rc3-219
+- Type: bugfix
+- CVE:  NA
+- SUG:  NA
+- DESC: fix the bug when runc failed to update fat container memory value
+ 
 * Thu Oct 26 2023 zhongjiawei<zhongjiawei1@huawei.com> - 1.0.0.rc3-218
 - Type:bugfix
 - CVE:NA
--- a/series.conf
+++ b/series.conf
@ -135,3 +135,4 @@
 0141-runc-libct-init-unify-init-fix-its-error-logic.patch
 0142-runc-freezer-add-delay-after-freeze.patch
 0143-runc-fix-update-rt-runtime-us-and-rt-period-us-.patch
+0144-runc-update-skip-devices.patch