packages/runc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!135 [sync] PR-134: runc:fix tmpfs mount bug and blkio do not set bug

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @Vanient, @duguhaotian 
Signed-off-by: @duguhaotian
This commit is contained in:
openeuler-ci-bot 2023-03-30 06:10:05 +00:00 committed by Gitee
commit fb41c6084e
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
4 changed files with 101 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
patch/0135-runc-libct-cg-fs-blkio-do-not-set-weight-0.patch Normal file
View File

@ -0,0 +1,50 @@
From 535863ca83bef6f294780c02633fa50dc563672a Mon Sep 17 00:00:00 2001
From: Kir Kolyshkin <kolyshkin@gmail.com>
Date: Sun, 13 Jun 2021 18:03:22 -0700
Subject: [PATCH] libct/cg/fs/blkio: do not set weight == 0
For per-device weight, you can set weight and/or leaf weight.
The problem is, with the recent fix to use BFQ on cgroup v1,
if per-device weights are set, the code tries to set device
weight to blkio.bfq.weight, and the leaf weight to
blkio.leaf_weight_device. The latter file does not exist on
kernels v5.0, meaning one can not set any per-device weights
at all.
The fix is to only set weights if they are non-zero (i.e. set).
The test case will come in a following commit.
Fixes: 6339d8a0dd7a72
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
---
libcontainer/cgroups/fs/blkio.go | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/libcontainer/cgroups/fs/blkio.go b/libcontainer/cgroups/fs/blkio.go
index a142cb99..ea2cf647 100644
--- a/libcontainer/cgroups/fs/blkio.go
+++ b/libcontainer/cgroups/fs/blkio.go
@@ -42,11 +42,15 @@ func (s *BlkioGroup) Set(path string, cgroup *configs.Cgroup) error {
}
}
for _, wd := range cgroup.Resources.BlkioWeightDevice {
- if err := writeFile(path, "blkio.weight_device", wd.WeightString()); err != nil {
- return err
+ if wd.Weight != 0 {
+ if err := writeFile(path, "blkio.weight_device", wd.WeightString()); err != nil {
+ return err
+ }
}
- if err := writeFile(path, "blkio.leaf_weight_device", wd.LeafWeightString()); err != nil {
- return err
+ if wd.LeafWeight != 0 {
+ if err := writeFile(path, "blkio.leaf_weight_device", wd.LeafWeightString()); err != nil {
+ return err
+ }
}
}
for _, td := range cgroup.Resources.BlkioThrottleReadBpsDevice {
--
2.33.0

42
patch/0136-runc-run-resolve-tmpfs-mount-dest-in-container-scope.patch Normal file
View File

@ -0,0 +1,42 @@
From c9e5582c822aca7d6ec2e1d6c494ab2370aac82f Mon Sep 17 00:00:00 2001
From: Kir Kolyshkin <kolyshkin@gmail.com>
Date: Mon, 4 Jan 2021 20:17:35 -0800
Subject: [PATCH] runc run: resolve tmpfs mount dest in container scope
In case a tmpfs mount path contains absolute symlinks, runc errors out
because those symlinks are resolved in the host (rather than container)
filesystem scope.
The fix is similar to that for bind mounts -- resolve the destination
in container rootfs scope using securejoin, and use the resolved path.
A simple integration test case is added to prevent future regressions.
Fixes https://github.com/opencontainers/runc/issues/2683.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
---
libcontainer/rootfs_linux.go | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go
index b005429b..dc66d8a9 100644
--- a/libcontainer/rootfs_linux.go
+++ b/libcontainer/rootfs_linux.go
@@ -208,6 +208,13 @@ func mountToRootfs(m *configs.Mount, rootfs, mountLabel string) error {
case "tmpfs":
copyUp := m.Extensions&configs.EXT_COPYUP == configs.EXT_COPYUP
tmpDir := ""
+ // dest might be an absolute symlink, so it needs
+ // to be resolved under rootfs.
+ dest, err := securejoin.SecureJoin(rootfs, m.Destination)
+ if err != nil {
+ return err
+ }
+ m.Destination = dest
stat, err := os.Stat(dest)
if err != nil {
if err := os.MkdirAll(dest, 0755); err != nil {
--
2.33.0

8
runc.spec
View File

@ -2,7 +2,7 @@
Name: docker-runc Name: docker-runc
Version: 1.0.0.rc3 Version: 1.0.0.rc3
Release: 210 Release: 211
Summary: runc is a CLI tool for spawning and running containers according to the OCI specification. Summary: runc is a CLI tool for spawning and running containers according to the OCI specification.
License: ASL 2.0 License: ASL 2.0
@ -41,6 +41,12 @@ install -p -m 755 runc $RPM_BUILD_ROOT/%{_bindir}/runc
%{_bindir}/runc %{_bindir}/runc
%changelog %changelog
* Wed Mar 29 2023 zhongjiawei<zhongjiawei1@huawei.com> - 1.0.0.rc3-211
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:fix tmpfs mount bug and blkio do not set bug
* Mon Feb 13 2023 zhongjiawei<zhongjiawei1@huawei.com> - 1.0.0.rc3-210 * Mon Feb 13 2023 zhongjiawei<zhongjiawei1@huawei.com> - 1.0.0.rc3-210
- Type:bugfix - Type:bugfix
- ID:NA - ID:NA

2
series.conf
View File

@ -126,3 +126,5 @@
0132-Make-sure-signalAllProcesses-is-invoked-in-the-funct.patch 0132-Make-sure-signalAllProcesses-is-invoked-in-the-funct.patch
0133-runc-seccomp-prepend-ENOSYS-stub-to-all-filters.patch 0133-runc-seccomp-prepend-ENOSYS-stub-to-all-filters.patch
0134-runc-fix-seccomp-add-rule-failed.patch 0134-runc-fix-seccomp-add-rule-failed.patch
0135-runc-libct-cg-fs-blkio-do-not-set-weight-0.patch
0136-runc-run-resolve-tmpfs-mount-dest-in-container-scope.patch