From 766149516feed031fb6dd7bab891d4362e70badf Mon Sep 17 00:00:00 2001 From: zhongtao Date: Thu, 21 Dec 2023 10:46:43 +0800 Subject: [PATCH] upgrade from upstream Signed-off-by: zhongtao (cherry picked from commit f79cae6253fac45ab75e753eaabd4de90aa69eb0) --- ...try-function-for-bigdata_stream_runc.patch | 58 ++ ...2213-bugfix-for-rt_isula_exec_resize.patch | 26 + 0148-2214-imporove-isula_rt_opts-code.patch | 97 ++ ...possible-changed-resources-for-oci-s.patch | 675 ++++++++++++++ ...case-for-update-oci-spec-in-start-op.patch | 119 +++ ...disabled-reload-configuration-in-isu.patch | 25 + ...default-value-of-EANBLE_IMAGE_LIBARA.patch | 27 + 0153-improve-event-logs.patch | 124 +++ ...sable-grpc-remote-connect-by-default.patch | 46 + ...mmit-for-update-possible-changed-res.patch | 782 ++++++++++++++++ ...er-with-a-damaged-config-file-will-r.patch | 381 ++++++++ ...se-dev-random-to-replace-dev-urandom.patch | 54 ++ ...-2264-bugfix-for-runc-container-exec.patch | 39 + ...pdate-restart-policy-for-auto-remove.patch | 103 +++ ...se-dev-urandom-to-replace-dev-random.patch | 54 ++ ..._REMOTE_CONNECT-in-CI-and-bugfix-for.patch | 59 ++ ...274-bugfix-for-rt_lcr_rebuild_config.patch | 45 + ...se-RAND_bytes-to-replace-dev-urandom.patch | 85 ++ ...of-abnormal-branches-not-waiting-for.patch | 153 ++++ ...the-bliko-zero-value-exception-when-.patch | 86 ++ ...ove-variable-declaration-out-of-loop.patch | 34 + ...error-for-cat-bigdata-in-oci-runtime.patch | 33 + ...oll-loop-to-ensure-complete-data-rec.patch | 221 +++++ ...-2293-reduce-epoll-loop-timeout-time.patch | 28 + ...rvice-status-unchanged-after-iSulad-.patch | 31 + ...lose-fd-from-stdout_cb-and-stderr_cb.patch | 33 + 0172-add-ut-for-devicemapper.patch | 859 ++++++++++++++++++ 0173-remove-build-and-test-in-coverage.patch | 28 + ...lt-value-of-ISULAD_TMPDIR-to-var-lib.patch | 167 ++++ ...nt-dir-from-being-bind-mounted-to-th.patch | 58 ++ ...unt-dir-first-and-then-create-tmpdir.patch | 43 + 0177-bugfix-del-redundant-code.patch | 26 + ...n-coverage-and-fix-build-test-remove.patch | 30 + 0179-code-improve-for-oci_rmi.patch | 47 + 0180-verify-name-and-digest-consistency.patch | 321 +++++++ 0181-bugfix-for-resort_image_names.patch | 26 + iSulad.spec | 52 +- 37 files changed, 5068 insertions(+), 7 deletions(-) create mode 100644 0146-2195-Add-retry-function-for-bigdata_stream_runc.patch create mode 100644 0147-2213-bugfix-for-rt_isula_exec_resize.patch create mode 100644 0148-2214-imporove-isula_rt_opts-code.patch create mode 100644 0149-refactor-update-possible-changed-resources-for-oci-s.patch create mode 100644 0150-add-CI-testcase-for-update-oci-spec-in-start-op.patch create mode 100644 0151-2239-delete-the-disabled-reload-configuration-in-isu.patch create mode 100644 0152-2240-modify-the-default-value-of-EANBLE_IMAGE_LIBARA.patch create mode 100644 0153-improve-event-logs.patch create mode 100644 0154-2257-disable-grpc-remote-connect-by-default.patch create mode 100644 0155-2258-rollback-commit-for-update-possible-changed-res.patch create mode 100644 0156-2259-lcr-container-with-a-damaged-config-file-will-r.patch create mode 100644 0157-2263-use-dev-random-to-replace-dev-urandom.patch create mode 100644 0158-2264-bugfix-for-runc-container-exec.patch create mode 100644 0159-2262-bugfix-of-update-restart-policy-for-auto-remove.patch create mode 100644 0160-2265-use-dev-urandom-to-replace-dev-random.patch create mode 100644 0161-open-ENABLE_GRPC_REMOTE_CONNECT-in-CI-and-bugfix-for.patch create mode 100644 0162-2274-bugfix-for-rt_lcr_rebuild_config.patch create mode 100644 0163-use-RAND_bytes-to-replace-dev-urandom.patch create mode 100644 0164-fix-the-problem-of-abnormal-branches-not-waiting-for.patch create mode 100644 0165-2286-bugfix-for-the-bliko-zero-value-exception-when-.patch create mode 100644 0166-move-variable-declaration-out-of-loop.patch create mode 100644 0167-fix-error-for-cat-bigdata-in-oci-runtime.patch create mode 100644 0168-use-a-timeout-epoll-loop-to-ensure-complete-data-rec.patch create mode 100644 0169-2293-reduce-epoll-loop-timeout-time.patch create mode 100644 0170-2294-keep-the-service-status-unchanged-after-iSulad-.patch create mode 100644 0171-2299-remove-close-fd-from-stdout_cb-and-stderr_cb.patch create mode 100644 0172-add-ut-for-devicemapper.patch create mode 100644 0173-remove-build-and-test-in-coverage.patch create mode 100644 0174-modify-the-default-value-of-ISULAD_TMPDIR-to-var-lib.patch create mode 100644 0175-prevent-the-parent-dir-from-being-bind-mounted-to-th.patch create mode 100644 0176-verify-the-mount-dir-first-and-then-create-tmpdir.patch create mode 100644 0177-bugfix-del-redundant-code.patch create mode 100644 0178-remove-var-in-coverage-and-fix-build-test-remove.patch create mode 100644 0179-code-improve-for-oci_rmi.patch create mode 100644 0180-verify-name-and-digest-consistency.patch create mode 100644 0181-bugfix-for-resort_image_names.patch diff --git a/0146-2195-Add-retry-function-for-bigdata_stream_runc.patch b/0146-2195-Add-retry-function-for-bigdata_stream_runc.patch new file mode 100644 index 0000000..d434123 --- /dev/null +++ b/0146-2195-Add-retry-function-for-bigdata_stream_runc.patch @@ -0,0 +1,58 @@ +From c7497b9267e7d1a90302260768421d473e3d238d Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Mon, 18 Sep 2023 13:02:04 +0000 +Subject: [PATCH 146/181] !2195 Add retry function for bigdata_stream_runc * + Add retry function for bigdata_stream_runc + +--- + .../container_cases/bigdata_stream_runc.sh | 20 +++++++++++++++++-- + 1 file changed, 18 insertions(+), 2 deletions(-) + +diff --git a/CI/test_cases/container_cases/bigdata_stream_runc.sh b/CI/test_cases/container_cases/bigdata_stream_runc.sh +index 3a384cd8..dce9ccb4 100755 +--- a/CI/test_cases/container_cases/bigdata_stream_runc.sh ++++ b/CI/test_cases/container_cases/bigdata_stream_runc.sh +@@ -21,6 +21,20 @@ + declare -r curr_path=$(dirname $(readlink -f "$0")) + source ../helpers.sh + ++# $1 : retry limit ++# $2 : retry_interval ++function do_retry_check_residual() ++{ ++ for i in $(seq 1 "$1"); do ++ ps aux | grep "cat test_" | grep -v "grep" ++ if [ $? -ne 0 ]; then ++ return 0 ++ fi ++ sleep $2 ++ done ++ return 1 ++} ++ + function set_up() + { + local ret=0 +@@ -65,6 +79,8 @@ function record_origin_status() + function check_last_status() + { + local ret=0 ++ local retry_limit=20 ++ local retry_interval=1 + sleep 5 + ps -T -p $(cat /var/run/isulad.pid) | grep IoCopy + [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - IOCopy Thread residue" && ((ret++)) +@@ -97,8 +113,8 @@ function check_last_status() + msg_err "${FUNCNAME[0]}:${LINENO} - client not exit!!" && ((ret++)) + fi + +- ps aux | grep "cat test_" | grep -v "grep" +- if [[ $? -eq 0 ]]; then ++ do_retry_check_residual ${retry_limit} ${retry_interval} ++ if [[ $? -ne 0 ]]; then + msg_err "${FUNCNAME[0]}:${LINENO} - business process residual" && ((ret++)) + fi + +-- +2.42.0 + diff --git a/0147-2213-bugfix-for-rt_isula_exec_resize.patch b/0147-2213-bugfix-for-rt_isula_exec_resize.patch new file mode 100644 index 0000000..b22381f --- /dev/null +++ b/0147-2213-bugfix-for-rt_isula_exec_resize.patch @@ -0,0 +1,26 @@ +From 17574fcb7be53ec31ca656b60909a0b76ca80068 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Wed, 18 Oct 2023 08:29:11 +0000 +Subject: [PATCH 147/181] !2213 bugfix for rt_isula_exec_resize * bugfix for + rt_isula_exec_resize + +--- + src/daemon/modules/runtime/isula/isula_rt_ops.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c +index d35e2351..a0c7ac29 100644 +--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c ++++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c +@@ -1688,6 +1688,8 @@ int rt_isula_exec_resize(const char *id, const char *runtime, const rt_exec_resi + goto out; + } + ++ ret = 0; ++ + out: + close(fd); + return ret; +-- +2.42.0 + diff --git a/0148-2214-imporove-isula_rt_opts-code.patch b/0148-2214-imporove-isula_rt_opts-code.patch new file mode 100644 index 0000000..4cc23ae --- /dev/null +++ b/0148-2214-imporove-isula_rt_opts-code.patch @@ -0,0 +1,97 @@ +From 79506b5bd26eeacd838701eeaf116831e3c19911 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Thu, 19 Oct 2023 06:53:15 +0000 +Subject: [PATCH 148/181] !2214 imporove isula_rt_opts code * imporove + isula_rt_opts code + +--- + .../modules/runtime/isula/isula_rt_ops.c | 22 +++++++++---------- + 1 file changed, 11 insertions(+), 11 deletions(-) + +diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c +index a0c7ac29..6c5d809e 100644 +--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c ++++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c +@@ -1364,7 +1364,7 @@ int rt_isula_status(const char *id, const char *runtime, const rt_status_params_ + + ret = snprintf(workdir, sizeof(workdir), "%s/%s", params->state, id); + if (ret < 0 || (size_t)ret >= sizeof(workdir)) { +- ERROR("failed join full workdir %s/%s", params->rootpath, id); ++ ERROR("Failed join full workdir %s/%s", params->state, id); + goto out; + } + +@@ -1600,7 +1600,7 @@ int rt_isula_resources_stats(const char *id, const char *runtime, const rt_stats + + ret = snprintf(workdir, sizeof(workdir), "%s/%s", params->state, id); + if (ret < 0 || (size_t)ret >= sizeof(workdir)) { +- ERROR("failed join full workdir %s/%s", params->rootpath, id); ++ ERROR("Failed join full workdir %s/%s", params->state, id); + goto out; + } + +@@ -1633,44 +1633,44 @@ int rt_isula_exec_resize(const char *id, const char *runtime, const rt_exec_resi + int ret = 0; + + if (id == NULL || runtime == NULL || params == NULL) { +- ERROR("nullptr arguments not allowed"); ++ ERROR("Nullptr arguments not allowed"); + return -1; + } + + /* crictl not suport exec auto resize */ + if (params->suffix == NULL) { +- WARN("exec resize not support when isula not being used"); ++ WARN("Exec resize not support when isula not being used"); + return 0; + } + + ret = snprintf(workdir, sizeof(workdir), "%s/%s/exec/%s", params->state, id, params->suffix); + if (ret < 0 || (size_t)ret >= sizeof(workdir)) { +- ERROR("failed join full workdir %s/%s", params->rootpath, id); +- goto out; ++ ERROR("Failed to join exec resize workdir path"); ++ return -1; + } + + ret = snprintf(resize_fifo_path, sizeof(resize_fifo_path), "%s/%s", workdir, RESIZE_FIFO_NAME); + if (ret < 0 || (size_t)ret >= sizeof(resize_fifo_path)) { +- ERROR("failed to join exec fifo path"); ++ ERROR("Failed to join resize fifo path"); + return -1; + } + + ret = snprintf(data, sizeof(data), "%u %u", params->width, params->height); + if (ret < 0 || (size_t)ret >= sizeof(data)) { +- ERROR("failed to write resize data"); ++ ERROR("Failed to write resize data"); + return -1; + } + + fd = util_open(resize_fifo_path, O_WRONLY | O_NONBLOCK, 0); + if (fd == -1) { +- ERROR("open exec resize fifo error"); ++ ERROR("Open exec resize fifo error"); + ret = -1; + goto out; + } + + count = util_write_nointr(fd, data, strlen(data)); + if (count < 0 || (size_t)count != strlen(data)) { +- ERROR("write exec resize data error"); ++ ERROR("Write exec resize data error"); + ret = -1; + goto out; + } +@@ -1683,7 +1683,7 @@ int rt_isula_exec_resize(const char *id, const char *runtime, const rt_exec_resi + } + + if (kill(pid, SIGWINCH) < 0) { +- SYSERROR("can't kill process (pid=%d) with signal %u", pid, SIGWINCH); ++ SYSERROR("Can't kill process (pid=%d) with signal %u", pid, SIGWINCH); + ret = -1; + goto out; + } +-- +2.42.0 + diff --git a/0149-refactor-update-possible-changed-resources-for-oci-s.patch b/0149-refactor-update-possible-changed-resources-for-oci-s.patch new file mode 100644 index 0000000..5a6d9f9 --- /dev/null +++ b/0149-refactor-update-possible-changed-resources-for-oci-s.patch @@ -0,0 +1,675 @@ +From e62735943ed069ee0c3685c8bb8da3308ccd45ca Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Tue, 17 Oct 2023 15:52:11 +0800 +Subject: [PATCH 149/181] [refactor] update possible changed resources for oci + spec + +Signed-off-by: haozi007 +--- + src/cmd/isulad/main.c | 13 +- + src/daemon/config/isulad_config.c | 6 +- + src/daemon/modules/api/specs_api.h | 11 +- + .../container/container_events_handler.c | 2 +- + .../modules/service/service_container.c | 68 +++++++-- + src/daemon/modules/spec/specs.c | 115 +++++++++------ + src/daemon/modules/spec/specs_mount.c | 133 +++++++++++++++--- + src/daemon/modules/spec/specs_mount.h | 6 +- + .../image/oci/oci_config_merge/CMakeLists.txt | 4 + + 9 files changed, 276 insertions(+), 82 deletions(-) + +diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c +index e624cfdd..8d4d886b 100644 +--- a/src/cmd/isulad/main.c ++++ b/src/cmd/isulad/main.c +@@ -1319,7 +1319,7 @@ static int ensure_isulad_tmpdir_security() + if (do_ensure_isulad_tmpdir_security("/tmp") != 0) { + WARN("Failed to ensure the /tmp directory is a safe directory"); + } +- ++ + return 0; + } + +@@ -1371,12 +1371,17 @@ static int isulad_server_init_common() + goto out; + } + +- if (containers_store_init()) { ++ if (spec_module_init() != 0) { ++ ERROR("Failed to init spec module"); ++ goto out; ++ } ++ ++ if (containers_store_init() != 0) { + ERROR("Failed to init containers store"); + goto out; + } + +- if (container_name_index_init()) { ++ if (container_name_index_init() != 0) { + ERROR("Failed to init name index"); + goto out; + } +@@ -1782,7 +1787,7 @@ int main(int argc, char **argv) + msg = "Failed to init plugin_manager"; + goto failure; + } +-#endif ++#endif + + clock_gettime(CLOCK_MONOTONIC, &t_end); + use_time = (double)(t_end.tv_sec - t_start.tv_sec) * (double)1000000000 + (double)(t_end.tv_nsec - t_start.tv_nsec); +diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c +index 0e389dd1..ce2ae1c1 100644 +--- a/src/daemon/config/isulad_config.c ++++ b/src/daemon/config/isulad_config.c +@@ -998,7 +998,7 @@ static defs_hook *hooks_elem_dup(const defs_hook *src) + dest = (defs_hook *)util_common_calloc_s(sizeof(defs_hook)); + if (dest == NULL) { + ERROR("Out of memory"); +- return NULL; ++ return NULL; + } + + dest->path = util_strdup_s(src->path); +@@ -1046,7 +1046,7 @@ static int hooks_array_dup(const defs_hook **src, const size_t src_len, defs_hoo + return -1; + } + +- for(i = 0; i < src_len; i++) { ++ for (i = 0; i < src_len; i++) { + tmp_dst[i] = hooks_elem_dup(src[i]); + if (tmp_dst[i] == NULL) { + ERROR("Failed to duplicate hooks element"); +@@ -1060,7 +1060,7 @@ static int hooks_array_dup(const defs_hook **src, const size_t src_len, defs_hoo + return 0; + + err_out: +- for(i = 0; i < tmp_len; i++) { ++ for (i = 0; i < tmp_len; i++) { + free_defs_hook(tmp_dst[i]); + } + free(tmp_dst); +diff --git a/src/daemon/modules/api/specs_api.h b/src/daemon/modules/api/specs_api.h +index 0a594d81..1a6af9ae 100644 +--- a/src/daemon/modules/api/specs_api.h ++++ b/src/daemon/modules/api/specs_api.h +@@ -29,8 +29,7 @@ int merge_all_specs(host_config *host_spec, const char *real_rootfs, container_c + oci_runtime_spec *oci_spec); + char *merge_container_cgroups_path(const char *id, const host_config *host_spec); + int merge_global_config(oci_runtime_spec *oci_spec); +-oci_runtime_spec *load_oci_config(const char *rootpath, const char *name); +-oci_runtime_spec *default_spec(bool system_container); ++ + int merge_conf_cgroup(oci_runtime_spec *oci_spec, const host_config *host_spec); + int save_oci_config(const char *id, const char *rootpath, const oci_runtime_spec *oci_spec); + +@@ -40,6 +39,14 @@ int parse_security_opt(const host_config *host_spec, bool *no_new_privileges, ch + int merge_share_namespace(oci_runtime_spec *oci_spec, const host_config *host_spec, + const container_config_v2_common_config_network_settings *network_settings); + ++oci_runtime_spec *load_oci_config(const char *rootpath, const char *name); ++ ++oci_runtime_spec *default_spec(bool system_container); ++ ++const oci_runtime_spec *get_readonly_default_oci_spec(bool system_container); ++ ++int spec_module_init(void); ++ + #ifdef __cplusplus + } + #endif +diff --git a/src/daemon/modules/container/container_events_handler.c b/src/daemon/modules/container/container_events_handler.c +index d56c2ee0..6a223bd2 100644 +--- a/src/daemon/modules/container/container_events_handler.c ++++ b/src/daemon/modules/container/container_events_handler.c +@@ -157,7 +157,7 @@ static int container_state_changed(container_t *cont, const struct isulad_events + container_wait_stop_cond_broadcast(cont); + #ifdef ENABLE_PLUGIN + plugin_event_container_post_stop(cont); +-#endif ++#endif + } + + auto_remove = !should_restart && cont->hostconfig != NULL && cont->hostconfig->auto_remove; +diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c +index 58b27f90..a5c12862 100644 +--- a/src/daemon/modules/service/service_container.c ++++ b/src/daemon/modules/service/service_container.c +@@ -13,19 +13,11 @@ + * Description: provide container supervisor functions + ******************************************************************************/ + #define _GNU_SOURCE +-#include + #include + #include + #include + #include + #include +-#include +-#include +-#include +-#include +-#include +-#include +-#include + #include + #include + #include +@@ -35,15 +27,28 @@ + #include + #include + #include ++#include ++#include ++#include ++#include ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include + + #include "service_container_api.h" +-#include "isula_libutils/log.h" + #include "utils.h" + #include "err_msg.h" + #include "events_sender_api.h" + #include "image_api.h" + #include "specs_api.h" + #include "specs_mount.h" ++#include "specs_extend.h" + #include "isulad_config.h" + #include "verify.h" + #include "plugin_api.h" +@@ -678,6 +683,43 @@ out: + epoll_loop_close(&descr); + } + ++static int do_oci_spec_update(const char *id, oci_runtime_spec *oci_spec, host_config *hostconfig) ++{ ++ char *cgroup_parent = NULL; ++ int ret; ++ ++ // If isulad daemon cgroup parent updated, we should update this config into oci spec ++ cgroup_parent = merge_container_cgroups_path(id, hostconfig); ++ if (cgroup_parent == NULL) { ++ return -1; ++ } ++ if (oci_spec->linux->cgroups_path != NULL && strcmp(oci_spec->linux->cgroups_path, cgroup_parent) != 0) { ++ free(oci_spec->linux->cgroups_path); ++ oci_spec->linux->cgroups_path = cgroup_parent; ++ cgroup_parent = NULL; ++ } ++ free(cgroup_parent); ++ ++ // For Linux.Resources, isula update will save changes into oci spec; ++ // so we just skip it; ++ ++ // Remove old devices and update all devices ++ ret = update_devcies_for_oci_spec(oci_spec, hostconfig); ++ if (ret != 0) { ++ ERROR("Failed to do update devices for oci spec"); ++ return -1; ++ } ++ ++ // If isulad daemon ulimit updated, we should update this config into oci spec. ++ if (merge_global_ulimit(oci_spec) != 0) { ++ return -1; ++ } ++ ++ // renew_oci_config() will update process->user and share namespace after. ++ ++ return 0; ++} ++ + static int do_start_container(container_t *cont, const char *console_fifos[], bool reset_rm, pid_ppid_info_t *pid_info) + { + int ret = 0; +@@ -752,6 +794,14 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo + goto close_exit_fd; + } + ++ // Update possible changes ++ nret = do_oci_spec_update(id, oci_spec, cont->hostconfig); ++ if (nret != 0) { ++ ERROR("Failed to update possible changes for oci spec"); ++ ret = -1; ++ goto close_exit_fd; ++ } ++ + nret = setup_ipc_dirs(cont->hostconfig, cont->common_config); + if (nret != 0) { + ERROR("Failed to setup ipc dirs"); +diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c +index 0c7d58b3..a8912c96 100644 +--- a/src/daemon/modules/spec/specs.c ++++ b/src/daemon/modules/spec/specs.c +@@ -17,6 +17,8 @@ + #include + #include + #include ++#include ++#include + #include + #include + #include +@@ -76,6 +78,13 @@ + #define CLONE_NEWCGROUP 0x02000000 + #endif + ++struct readonly_default_oci_spec { ++ oci_runtime_spec *cont; ++ oci_runtime_spec *system_cont; ++}; ++ ++static struct readonly_default_oci_spec g_rdspec; ++ + static int make_sure_oci_spec_annotations(oci_runtime_spec *oci_spec) + { + if (oci_spec->annotations == NULL) { +@@ -377,29 +386,6 @@ out: + return ret; + } + +-/* default_spec returns default oci spec used by isulad. */ +-oci_runtime_spec *default_spec(bool system_container) +-{ +- const char *oci_file = OCICONFIG_PATH; +- if (system_container) { +- oci_file = OCI_SYSTEM_CONTAINER_CONFIG_PATH; +- } +- oci_runtime_spec *oci_spec = NULL; +- parser_error err = NULL; +- +- /* parse the input oci file */ +- oci_spec = oci_runtime_spec_parse_file(oci_file, NULL, &err); +- if (oci_spec == NULL) { +- ERROR("Failed to parse OCI specification file \"%s\", error message: %s", oci_file, err); +- isulad_set_error_message("Can not read the default /etc/default/isulad/config.json file: %s", err); +- goto out; +- } +- +-out: +- free(err); +- return oci_spec; +-} +- + static int make_sure_oci_spec_root(oci_runtime_spec *oci_spec) + { + if (oci_spec->root == NULL) { +@@ -1711,20 +1697,20 @@ static int merge_resources_conf(oci_runtime_spec *oci_spec, host_config *host_sp + + ret = merge_conf_cgroup(oci_spec, host_spec); + if (ret != 0) { +- goto out; ++ return -1; + } + +- ret = merge_conf_device(oci_spec, host_spec); ++ ret = merge_conf_blkio_device(oci_spec, host_spec); + if (ret != 0) { +- goto out; ++ return -1; + } + +- ret = merge_conf_mounts(oci_spec, host_spec, v2_spec); +- if (ret) { +- goto out; ++ ret = merge_conf_devices(oci_spec, host_spec); ++ if (ret != 0) { ++ return -1; + } +-out: +- return ret; ++ ++ return merge_conf_mounts(oci_spec, host_spec, v2_spec); + } + + static int merge_terminal(oci_runtime_spec *oci_spec, bool terminal) +@@ -2279,7 +2265,7 @@ oci_runtime_spec *load_oci_config(const char *rootpath, const char *name) + nret = snprintf(filename, sizeof(filename), "%s/%s/%s", rootpath, name, OCI_CONFIG_JSON); + if (nret < 0 || (size_t)nret >= sizeof(filename)) { + ERROR("Failed to print string"); +- goto out; ++ return NULL; + } + + ociconfig = oci_runtime_spec_parse_file(filename, NULL, &err); +@@ -2288,6 +2274,7 @@ oci_runtime_spec *load_oci_config(const char *rootpath, const char *name) + isulad_set_error_message("Parse oci config file failed:%s", err); + goto out; + } ++ + out: + free(err); + return ociconfig; +@@ -2295,36 +2282,80 @@ out: + + int save_oci_config(const char *id, const char *rootpath, const oci_runtime_spec *oci_spec) + { +- int ret = 0; + int nret = 0; +- char *json_container = NULL; + char file_path[PATH_MAX] = { 0x0 }; + struct parser_context ctx = { OPT_PARSE_STRICT, stderr }; ++ char *json_container = NULL; + parser_error err = NULL; ++ int ret = 0; + + nret = snprintf(file_path, PATH_MAX, "%s/%s/%s", rootpath, id, OCI_CONFIG_JSON); + if (nret < 0 || (size_t)nret >= PATH_MAX) { + ERROR("Failed to print string"); +- ret = -1; +- goto out_free; ++ return -1; + } + + json_container = oci_runtime_spec_generate_json(oci_spec, &ctx, &err); + if (json_container == NULL) { + ERROR("Failed to generate json: %s", err); + ret = -1; +- goto out_free; ++ goto out; + } + +- if (util_atomic_write_file(file_path, json_container, strlen(json_container), DEFAULT_SECURE_FILE_MODE, false) != +- 0) { ++ nret = util_atomic_write_file(file_path, json_container, strlen(json_container), DEFAULT_SECURE_FILE_MODE, false); ++ if (nret != 0) { + SYSERROR("write json container failed"); + ret = -1; +- goto out_free; ++ goto out; + } + +-out_free: +- free(err); ++out: + free(json_container); ++ free(err); + return ret; + } ++ ++/* default_spec returns default oci spec used by isulad. */ ++oci_runtime_spec *default_spec(bool system_container) ++{ ++ const char *oci_file = OCICONFIG_PATH; ++ if (system_container) { ++ oci_file = OCI_SYSTEM_CONTAINER_CONFIG_PATH; ++ } ++ oci_runtime_spec *oci_spec = NULL; ++ parser_error err = NULL; ++ ++ /* parse the input oci file */ ++ oci_spec = oci_runtime_spec_parse_file(oci_file, NULL, &err); ++ if (oci_spec == NULL) { ++ ERROR("Failed to parse OCI specification file \"%s\", error message: %s", oci_file, err); ++ isulad_set_error_message("Can not read the default %s file: %s", oci_file, err); ++ goto out; ++ } ++ ++out: ++ free(err); ++ return oci_spec; ++} ++ ++const oci_runtime_spec *get_readonly_default_oci_spec(bool system_container) ++{ ++ if (system_container) { ++ return g_rdspec.system_cont; ++ } ++ ++ return g_rdspec.cont; ++} ++ ++int spec_module_init(void) ++{ ++ g_rdspec.cont = default_spec(false); ++ if (g_rdspec.cont == NULL) { ++ return -1; ++ } ++ g_rdspec.system_cont = default_spec(true); ++ if (g_rdspec.system_cont == NULL) { ++ return -1; ++ } ++ return 0; ++} +\ No newline at end of file +diff --git a/src/daemon/modules/spec/specs_mount.c b/src/daemon/modules/spec/specs_mount.c +index cd3a5c9d..bb2b200a 100644 +--- a/src/daemon/modules/spec/specs_mount.c ++++ b/src/daemon/modules/spec/specs_mount.c +@@ -53,6 +53,7 @@ + #include "image_api.h" + #include "volume_api.h" + #include "parse_volume.h" ++#include "specs_api.h" + + enum update_rw { + update_rw_untouch, +@@ -2212,7 +2213,24 @@ out: + return ret; + } + +-int merge_conf_device(oci_runtime_spec *oci_spec, host_config *host_spec) ++int merge_conf_devices(oci_runtime_spec *oci_spec, host_config *host_spec) ++{ ++ /* devices which will be populated into container */ ++ if (merge_conf_populate_device(oci_spec, host_spec)) { ++ ERROR("Merge user define devices failed"); ++ return -1; ++ } ++ ++ /* device cgroup rules which will be added into container */ ++ if (merge_conf_device_cgroup_rule(oci_spec, host_spec)) { ++ ERROR("Merge user define device cgroup rules failed"); ++ return -1; ++ } ++ ++ return 0; ++} ++ ++int merge_conf_blkio_device(oci_runtime_spec *oci_spec, host_config *host_spec) + { + int ret = 0; + +@@ -2226,7 +2244,7 @@ int merge_conf_device(oci_runtime_spec *oci_spec, host_config *host_spec) + ret = merge_blkio_weight_device(oci_spec, host_spec->blkio_weight_device, host_spec->blkio_weight_device_len); + if (ret != 0) { + ERROR("Failed to merge blkio weight devices"); +- goto out; ++ return -1; + } + } + +@@ -2236,7 +2254,7 @@ int merge_conf_device(oci_runtime_spec *oci_spec, host_config *host_spec) + host_spec->blkio_device_read_bps_len); + if (ret != 0) { + ERROR("Failed to merge blkio read bps devices"); +- goto out; ++ return -1; + } + } + +@@ -2246,7 +2264,7 @@ int merge_conf_device(oci_runtime_spec *oci_spec, host_config *host_spec) + host_spec->blkio_device_write_bps_len); + if (ret != 0) { + ERROR("Failed to merge blkio write bps devices"); +- goto out; ++ return -1; + } + } + +@@ -2256,7 +2274,7 @@ int merge_conf_device(oci_runtime_spec *oci_spec, host_config *host_spec) + host_spec->blkio_device_read_iops_len); + if (ret != 0) { + ERROR("Failed to merge blkio read iops devices"); +- goto out; ++ return -1; + } + } + +@@ -2266,24 +2284,11 @@ int merge_conf_device(oci_runtime_spec *oci_spec, host_config *host_spec) + host_spec->blkio_device_write_iops_len); + if (ret != 0) { + ERROR("Failed to merge blkio write iops devices"); +- goto out; ++ return -1; + } + } + +- /* devices which will be populated into container */ +- if (merge_conf_populate_device(oci_spec, host_spec)) { +- ret = -1; +- goto out; +- } +- +- /* device cgroup rules which will be added into container */ +- if (merge_conf_device_cgroup_rule(oci_spec, host_spec)) { +- ret = -1; +- goto out; +- } +- +-out: +- return ret; ++ return 0; + } + + static bool mounts_expand(defs_mount ***all_mounts, size_t *all_mounts_len, size_t add_len) +@@ -3488,3 +3493,91 @@ out: + free(mntparent); + return ret; + } ++ ++int update_devcies_for_oci_spec(oci_runtime_spec *oci_spec, host_config *hostconfig) ++{ ++ const oci_runtime_spec *readonly_spec = NULL; ++ size_t i; ++ int ret; ++ ++ // Step1: get default oci spec config ++ readonly_spec = get_readonly_default_oci_spec(hostconfig->system_container); ++ ++ // Step2: clear oci_spec devices items ++ for (i = 0; i < oci_spec->linux->devices_len; i++) { ++ free_defs_device(oci_spec->linux->devices[i]); ++ oci_spec->linux->devices[i] = NULL; ++ } ++ // Step3: if default devices length more than old spec, just realloc memory ++ if (readonly_spec->linux->devices_len > oci_spec->linux->devices_len) { ++ free(oci_spec->linux->devices); ++ oci_spec->linux->devices = util_smart_calloc_s(sizeof(defs_device *), readonly_spec->linux->devices_len); ++ if (oci_spec->linux->devices == NULL) { ++ oci_spec->linux->devices_len = 0; ++ ERROR("Out of memory"); ++ return -1; ++ } ++ } ++ oci_spec->linux->devices_len = 0; ++ // Step4: copy default devices to oci spec ++ for (i = 0; i < readonly_spec->linux->devices_len; i++) { ++ defs_device *tmp_dev = util_common_calloc_s(sizeof(defs_device)); ++ if (tmp_dev == NULL) { ++ ERROR("Out of memory"); ++ return -1; ++ } ++ tmp_dev->type = util_strdup_s(readonly_spec->linux->devices[i]->type); ++ tmp_dev->path = util_strdup_s(readonly_spec->linux->devices[i]->path); ++ tmp_dev->file_mode = readonly_spec->linux->devices[i]->file_mode; ++ tmp_dev->major = readonly_spec->linux->devices[i]->major; ++ tmp_dev->minor = readonly_spec->linux->devices[i]->minor; ++ tmp_dev->uid = readonly_spec->linux->devices[i]->uid; ++ tmp_dev->gid = readonly_spec->linux->devices[i]->gid; ++ oci_spec->linux->devices[i] = tmp_dev; ++ oci_spec->linux->devices_len += 1; ++ } ++ ++ // Step5: clear oci_spec device cgroup rules ++ for (i = 0; i < oci_spec->linux->resources->devices_len; i++) { ++ free_defs_device_cgroup(oci_spec->linux->resources->devices[i]); ++ oci_spec->linux->resources->devices[i] = NULL; ++ } ++ // Step6: if default devices lenght more than old spec, just realloc memory ++ if (readonly_spec->linux->resources->devices_len > oci_spec->linux->resources->devices_len) { ++ free(oci_spec->linux->resources->devices); ++ oci_spec->linux->resources->devices = util_smart_calloc_s(sizeof(defs_device_cgroup *), ++ readonly_spec->linux->resources->devices_len); ++ if (oci_spec->linux->resources->devices == NULL) { ++ oci_spec->linux->resources->devices_len = 0; ++ ERROR("Out of memory"); ++ return -1; ++ } ++ } ++ oci_spec->linux->resources->devices_len = 0; ++ // Step7: copy default device cgroup rules to oci spec ++ for (i = 0; i < readonly_spec->linux->resources->devices_len; i++) { ++ defs_device_cgroup *tmp_dev_cg = util_common_calloc_s(sizeof(defs_device_cgroup)); ++ if (tmp_dev_cg == NULL) { ++ ERROR("Out of memory"); ++ return -1; ++ } ++ tmp_dev_cg->allow = readonly_spec->linux->resources->devices[i]->allow; ++ tmp_dev_cg->major = readonly_spec->linux->resources->devices[i]->major; ++ tmp_dev_cg->minor = readonly_spec->linux->resources->devices[i]->minor; ++ tmp_dev_cg->type = util_strdup_s(readonly_spec->linux->resources->devices[i]->type); ++ tmp_dev_cg->access = util_strdup_s(readonly_spec->linux->resources->devices[i]->access); ++ oci_spec->linux->resources->devices[i] = tmp_dev_cg; ++ oci_spec->linux->resources->devices_len += 1; ++ } ++ ++ // Step8: do update devices and cgroup device rules at here ++ if (hostconfig->privileged) { ++ // Step8.1: for priviledged container, we should merge all devices under /dev ++ ret = merge_all_devices_and_all_permission(oci_spec); ++ } else { ++ // Step8.2: for common container, we should merge devices defined by user in hostconfig ++ ret = merge_conf_devices(oci_spec, hostconfig); ++ } ++ ++ return ret; ++} +\ No newline at end of file +diff --git a/src/daemon/modules/spec/specs_mount.h b/src/daemon/modules/spec/specs_mount.h +index 8a28f0e2..b742ca35 100644 +--- a/src/daemon/modules/spec/specs_mount.h ++++ b/src/daemon/modules/spec/specs_mount.h +@@ -41,10 +41,14 @@ int set_mounts_readwrite_option(const oci_runtime_spec *oci_spec); + + int merge_all_devices_and_all_permission(oci_runtime_spec *oci_spec); + +-int merge_conf_device(oci_runtime_spec *oci_spec, host_config *host_spec); ++int merge_conf_devices(oci_runtime_spec *oci_spec, host_config *host_spec); ++ ++int merge_conf_blkio_device(oci_runtime_spec *oci_spec, host_config *host_spec); + + int setup_ipc_dirs(host_config *host_spec, container_config_v2_common_config *v2_spec); + ++int update_devcies_for_oci_spec(oci_runtime_spec *oci_spec, host_config *hostconfig); ++ + #ifdef __cplusplus + } + #endif +diff --git a/test/image/oci/oci_config_merge/CMakeLists.txt b/test/image/oci/oci_config_merge/CMakeLists.txt +index 42cd2e78..d76de35d 100644 +--- a/test/image/oci/oci_config_merge/CMakeLists.txt ++++ b/test/image/oci/oci_config_merge/CMakeLists.txt +@@ -31,7 +31,11 @@ add_executable(${EXE} + ${CMAKE_CURRENT_SOURCE_DIR}/../../../../test/mocks/namespace_mock.cc + ${CMAKE_CURRENT_SOURCE_DIR}/../../../../test/mocks/container_unix_mock.cc + ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/spec/parse_volume.c ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/spec/specs.c ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/spec/parse_volume.c + ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/spec/specs_mount.c ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/spec/specs_extend.c ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/spec/specs_security.c + ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/volume/volume.c + ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/volume/local.c + ${CMAKE_CURRENT_SOURCE_DIR}/../../../../test/mocks/selinux_label_mock.cc +-- +2.42.0 + diff --git a/0150-add-CI-testcase-for-update-oci-spec-in-start-op.patch b/0150-add-CI-testcase-for-update-oci-spec-in-start-op.patch new file mode 100644 index 0000000..18923a7 --- /dev/null +++ b/0150-add-CI-testcase-for-update-oci-spec-in-start-op.patch @@ -0,0 +1,119 @@ +From 39361065ba79666a242df0349d6b8ae61bf44b1e Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Sat, 28 Oct 2023 10:57:13 +0800 +Subject: [PATCH 150/181] add CI testcase for update oci spec in start op + +Signed-off-by: haozi007 +--- + .../container_cases/dev_cgroup_rule.sh | 50 ++++++++++++++++++- + CI/test_cases/container_cases/ulimit.sh | 13 +++++ + 2 files changed, 61 insertions(+), 2 deletions(-) + +diff --git a/CI/test_cases/container_cases/dev_cgroup_rule.sh b/CI/test_cases/container_cases/dev_cgroup_rule.sh +index 651433c0..839a546c 100755 +--- a/CI/test_cases/container_cases/dev_cgroup_rule.sh ++++ b/CI/test_cases/container_cases/dev_cgroup_rule.sh +@@ -25,8 +25,10 @@ source ../helpers.sh + function test_cpu_dev_cgoup_rule_spec() + { + local ret=0 ++ local runtime=$1 + local image="busybox" +- local test="container device cgroup rule test => (${FUNCNAME[@]})" ++ local test="container device cgroup rule test with (${runtime}) => (${FUNCNAME[@]})" ++ local test_dev="/dev/testA" + + msg_info "${test} starting..." + +@@ -36,6 +38,47 @@ function test_cpu_dev_cgoup_rule_spec() + isula images | grep busybox + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - missing list image: ${image}" && ((ret++)) + ++ rm -f $test_dev ++ priv_cid=$(isula run -tid --privileged --runtime $runtime $image /bin/sh) ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - run priviledged container failed" && ((ret++)) ++ priv_major_88_cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$priv_cid/config.json | grep "major\": 88" | wc -l) ++ priv_minor_88_cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$priv_cid/config.json | grep "minor\": 88" | wc -l) ++ ++ mknod $test_dev c 88 88 ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - mknod failed" && ((ret++)) ++ isula restart -t 0 $priv_cid ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - restart priviledge container failed" && ((ret++)) ++ cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$priv_cid/config.json | grep "major\": 88" | wc -l) ++ [[ $? -ne 0 ]]&& [[ $cnt -le $priv_major_88_cnt ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device major failed" && ((ret++)) ++ cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$priv_cid/config.json | grep "minor\": 88" | wc -l) ++ [[ $? -ne 0 ]] && [[ $cnt -le $priv_minor_88_cnt ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device minor failed" && ((ret++)) ++ isula rm -f $priv_cid ++ ++ cid=$(isula run -tid --device "$test_dev:$test_dev" --runtime $runtime $image /bin/sh) ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - run container failed" && ((ret++)) ++ cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$cid/config.json | grep "major\": 88" | wc -l) ++ [[ $? -ne 0 ]]&& [[ $cnt -ne 2 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device major failed" && ((ret++)) ++ cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$cid/config.json | grep "minor\": 88" | wc -l) ++ [[ $? -ne 0 ]] && [[ $cnt -ne 2 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device minor failed" && ((ret++)) ++ isula exec -it $cid sh -c "cat /sys/fs/cgroup/devices/devices.list" | grep "c 88:88 rwm" ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to check c 88:88 rwm: ${image}" && ((ret++)) ++ isula stop -t 0 $cid ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop container failed" && ((ret++)) ++ rm -f $test_dev ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - rm device failed" && ((ret++)) ++ mknod $test_dev c 99 99 ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - mknod failed" && ((ret++)) ++ isula start $cid ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start container failed" && ((ret++)) ++ cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$cid/config.json | grep "major\": 99" | wc -l) ++ [[ $? -ne 0 ]]&& [[ $cnt -ne 2 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device major failed" && ((ret++)) ++ cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$cid/config.json | grep "minor\": 99" | wc -l) ++ [[ $? -ne 0 ]] && [[ $cnt -ne 2 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device minor failed" && ((ret++)) ++ isula exec -it $cid sh -c "cat /sys/fs/cgroup/devices/devices.list" | grep "c 99:99 rwm" ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to check c 99:99 rwm: ${image}" && ((ret++)) ++ isula rm -f $cid ++ rm -f $test_dev ++ + isula run -itd --device-cgroup-rule='b *:*' busybox 2>&1 | grep "Invalid value" + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - Invalid value" && ((ret++)) + +@@ -93,6 +136,9 @@ function test_cpu_dev_cgoup_rule_spec() + + declare -i ans=0 + +-test_cpu_dev_cgoup_rule_spec || ((ans++)) ++for element in ${RUNTIME_LIST[@]}; ++do ++ test_cpu_dev_cgoup_rule_spec $element || ((ans++)) ++done + + show_result ${ans} "${curr_path}/${0}" +diff --git a/CI/test_cases/container_cases/ulimit.sh b/CI/test_cases/container_cases/ulimit.sh +index 29868041..f823dc1c 100755 +--- a/CI/test_cases/container_cases/ulimit.sh ++++ b/CI/test_cases/container_cases/ulimit.sh +@@ -33,12 +33,25 @@ function test_ulimit() + local test="ulimit test with (${runtime})=> (${FUNCNAME[@]})" + msg_info "${test} starting..." + ++ cid=$(isula run -tid --runtime $runtime $image /bin/sh) ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check failed" && ((ret++)) ++ cat ${RUNTIME_ROOT_PATH}/${runtime}/$cid/config.json | grep "RLIMIT_" ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check rlimit failed" && ((ret++)) ++ + check_valgrind_log + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++)) + + start_isulad_with_valgrind --default-ulimit nproc=2048:4096 --default-ulimit nproc=2048:8192 --default-ulimit nofile=1024:4096 + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++)) + ++ # if default ulimit of isulad changed, isula start should do update ulimit of oci spec ++ isula restart -t 0 $cid ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - restart failed" && ((ret++)) ++ cat ${RUNTIME_ROOT_PATH}/${runtime}/$cid/config.json | grep "RLIMIT_" ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check rlimit failed after restart" && ((ret++)) ++ isula rm -f $cid ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - rm container failed" && ((ret++)) ++ + isula run --ulimit nproc= $image --runtime $runtime /bin/sh > $ulimitlog 2>&1 + cat $ulimitlog | grep "delimiter '=' can't be the first or the last character" + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check failed" && ((ret++)) +-- +2.42.0 + diff --git a/0151-2239-delete-the-disabled-reload-configuration-in-isu.patch b/0151-2239-delete-the-disabled-reload-configuration-in-isu.patch new file mode 100644 index 0000000..8ecfa6e --- /dev/null +++ b/0151-2239-delete-the-disabled-reload-configuration-in-isu.patch @@ -0,0 +1,25 @@ +From 40ca1ca0312e2168b2b7579f7e52d8c6a265b1e2 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Wed, 8 Nov 2023 03:11:01 +0000 +Subject: [PATCH 151/181] !2239 delete the disabled reload configuration in + isulad.service * delete the disabled reload configuration in isulad.service + +--- + src/contrib/init/isulad.service | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/src/contrib/init/isulad.service b/src/contrib/init/isulad.service +index 3092980c..3356ba3b 100644 +--- a/src/contrib/init/isulad.service ++++ b/src/contrib/init/isulad.service +@@ -6,7 +6,6 @@ After=network.target + Type=notify + EnvironmentFile=-/etc/sysconfig/iSulad + ExecStart=/usr/bin/isulad $OPTIONS +-ExecReload=/bin/kill -s HUP $MAINPID + LimitNOFILE=1048576 + LimitNPROC=infinity + LimitCORE=infinity +-- +2.42.0 + diff --git a/0152-2240-modify-the-default-value-of-EANBLE_IMAGE_LIBARA.patch b/0152-2240-modify-the-default-value-of-EANBLE_IMAGE_LIBARA.patch new file mode 100644 index 0000000..a78535b --- /dev/null +++ b/0152-2240-modify-the-default-value-of-EANBLE_IMAGE_LIBARA.patch @@ -0,0 +1,27 @@ +From bbfd876397c3715419d327ca27102dae6122916d Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Wed, 8 Nov 2023 03:33:57 +0000 +Subject: [PATCH 152/181] !2240 modify the default value of + EANBLE_IMAGE_LIBARAY to off * modify the default value of + EANBLE_IMAGE_LIBARAY to off + +--- + cmake/options.cmake | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/cmake/options.cmake b/cmake/options.cmake +index 1b6caa2b..125cabb5 100644 +--- a/cmake/options.cmake ++++ b/cmake/options.cmake +@@ -117,7 +117,7 @@ if (ENABLE_LOGIN_PASSWORD_OPTION STREQUAL "ON") + message("${Green}-- Enable login password option${ColourReset}") + endif() + +-option(EANBLE_IMAGE_LIBARAY "create libisulad_image.so" ON) ++option(EANBLE_IMAGE_LIBARAY "create libisulad_image.so" OFF) + if (EANBLE_IMAGE_LIBARAY STREQUAL "ON") + add_definitions(-DEANBLE_IMAGE_LIBARAY) + set(EANBLE_IMAGE_LIBARAY 1) +-- +2.42.0 + diff --git a/0153-improve-event-logs.patch b/0153-improve-event-logs.patch new file mode 100644 index 0000000..8167add --- /dev/null +++ b/0153-improve-event-logs.patch @@ -0,0 +1,124 @@ +From d5cd451ed1bf2e1b577d7d66bdb6e95cd7dcbe4b Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Tue, 14 Nov 2023 17:24:23 +0800 +Subject: [PATCH 153/181] improve event logs + +Signed-off-by: haozi007 +--- + .../entry/connect/grpc/runtime_runtime_service.cc | 10 +++++++--- + .../entry/cri/cri_pod_sandbox_manager_service_impl.cc | 1 + + src/daemon/entry/cri/network_plugin.cc | 11 ++++++++--- + src/daemon/executor/volume_cb/volume_cb.c | 4 ++-- + 4 files changed, 18 insertions(+), 8 deletions(-) + +diff --git a/src/daemon/entry/connect/grpc/runtime_runtime_service.cc b/src/daemon/entry/connect/grpc/runtime_runtime_service.cc +index 852d6791..5b4adc3f 100644 +--- a/src/daemon/entry/connect/grpc/runtime_runtime_service.cc ++++ b/src/daemon/entry/connect/grpc/runtime_runtime_service.cc +@@ -118,7 +118,7 @@ grpc::Status RuntimeRuntimeServiceImpl::CreateContainer(grpc::ServerContext *con + return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); + } + +- EVENT("Event: {Object: CRI, Type: Creating Container}"); ++ EVENT("Event: {Object: CRI, Type: Creating Container for sandbox: %s}", request->pod_sandbox_id().c_str()); + + std::string responseID = + rService->CreateContainer(request->pod_sandbox_id(), request->config(), request->sandbox_config(), error); +@@ -360,7 +360,11 @@ grpc::Status RuntimeRuntimeServiceImpl::RunPodSandbox(grpc::ServerContext *conte + return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); + } + +- EVENT("Event: {Object: CRI, Type: Running Pod}"); ++ if (request->has_config() && request->config().has_metadata()) { ++ EVENT("Event: {Object: CRI, Type: Running Pod: %s}", request->config().metadata().name().c_str()); ++ } else { ++ EVENT("Event: {Object: CRI, Type: Running Pod}"); ++ } + + std::string responseID = rService->RunPodSandbox(request->config(), request->runtime_handler(), error); + if (!error.Empty() || responseID.empty()) { +@@ -369,7 +373,7 @@ grpc::Status RuntimeRuntimeServiceImpl::RunPodSandbox(grpc::ServerContext *conte + } + reply->set_pod_sandbox_id(responseID); + +- EVENT("Event: {Object: CRI, Type: Run Pod success}"); ++ EVENT("Event: {Object: CRI, Type: Run Pod: %s success}", responseID.c_str()); + + return grpc::Status::OK; + } +diff --git a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc +index c9b5527c..edf4dc81 100644 +--- a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc ++++ b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc +@@ -624,6 +624,7 @@ auto PodSandboxManagerServiceImpl::RunPodSandbox(const runtime::v1alpha2::PodSan + // Step 2: Create the sandbox container. + response_id = CreateSandboxContainer(config, image, jsonCheckpoint, runtimeHandler, error); + if (error.NotEmpty()) { ++ ERROR("Create sandbox failed: %s", error.GetCMessage()); + goto cleanup; + } + +diff --git a/src/daemon/entry/cri/network_plugin.cc b/src/daemon/entry/cri/network_plugin.cc +index 9933b584..9a14529e 100644 +--- a/src/daemon/entry/cri/network_plugin.cc ++++ b/src/daemon/entry/cri/network_plugin.cc +@@ -460,13 +460,15 @@ void PluginManager::SetUpPod(const std::string &ns, const std::string &name, con + error.AppendError(tmpErr.GetCMessage()); + return; + } +- INFO("Calling network plugin %s to set up pod %s", m_plugin->Name().c_str(), fullName.c_str()); ++ EVENT("Setup network plugin %s for sandbox: %s", m_plugin->Name().c_str(), fullName.c_str()); + + m_plugin->SetUpPod(ns, name, interfaceName, podSandboxID, annotations, options, tmpErr); + if (tmpErr.NotEmpty()) { +- error.Errorf("NetworkPlugin %s failed to set up pod %s network: %s", m_plugin->Name().c_str(), fullName.c_str(), ++ ERROR("Setup network for sandbox: %s failed: %s", fullName.c_str(), tmpErr.GetCMessage()); ++ error.Errorf("NetworkPlugin %s for sandbox %s network: %s", m_plugin->Name().c_str(), fullName.c_str(), + tmpErr.GetCMessage()); + } ++ EVENT("Setuped network plugin %s for sandbox: %s", m_plugin->Name().c_str(), fullName.c_str()); + + tmpErr.Clear(); + Unlock(fullName, tmpErr); +@@ -490,12 +492,15 @@ void PluginManager::TearDownPod(const std::string &ns, const std::string &name, + goto unlock; + } + +- INFO("Calling network plugin %s to tear down pod %s", m_plugin->Name().c_str(), fullName.c_str()); ++ EVENT("Teardown network %s for sandbox: %s", m_plugin->Name().c_str(), fullName.c_str()); + m_plugin->TearDownPod(ns, name, Network::DEFAULT_NETWORK_INTERFACE_NAME, podSandboxID, annotations, tmpErr); + if (tmpErr.NotEmpty()) { ++ ERROR("Teardown network for sandbox: %s failed: %s", fullName.c_str(), tmpErr.GetCMessage()); + error.Errorf("NetworkPlugin %s failed to teardown pod %s network: %s", m_plugin->Name().c_str(), + fullName.c_str(), tmpErr.GetCMessage()); + } ++ EVENT("Teardowned network %s for sandbox: %s", m_plugin->Name().c_str(), fullName.c_str()); ++ + unlock: + tmpErr.Clear(); + Unlock(fullName, tmpErr); +diff --git a/src/daemon/executor/volume_cb/volume_cb.c b/src/daemon/executor/volume_cb/volume_cb.c +index 13f99517..4ac5c301 100644 +--- a/src/daemon/executor/volume_cb/volume_cb.c ++++ b/src/daemon/executor/volume_cb/volume_cb.c +@@ -58,7 +58,7 @@ static int volume_list_cb(const volume_list_volume_request *request, volume_list + goto err_out; + } + +- EVENT("Volume Event: {Object: list volumes, Type: listing}"); ++ INFO("Volume Event: {Object: list volumes, Type: listing}"); + + list = volume_list(); + if (list == NULL) { +@@ -91,7 +91,7 @@ static int volume_list_cb(const volume_list_volume_request *request, volume_list + } + + out: +- EVENT("Volume Event: {Object: list volumes, Type: listed"); ++ INFO("Volume Event: {Object: list volumes, Type: listed"); + + err_out: + if (*response != NULL) { +-- +2.42.0 + diff --git a/0154-2257-disable-grpc-remote-connect-by-default.patch b/0154-2257-disable-grpc-remote-connect-by-default.patch new file mode 100644 index 0000000..7e5418c --- /dev/null +++ b/0154-2257-disable-grpc-remote-connect-by-default.patch @@ -0,0 +1,46 @@ +From b4afaf867dac7408258318c9549d3c561ae37449 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Tue, 21 Nov 2023 01:33:29 +0000 +Subject: [PATCH 154/181] !2257 disable grpc remote connect by default * + disable grpc remote connect by default + +--- + cmake/options.cmake | 2 +- + test/cutils/utils_verify/utils_verify_ut.cc | 2 ++ + 2 files changed, 3 insertions(+), 1 deletion(-) + +diff --git a/cmake/options.cmake b/cmake/options.cmake +index 125cabb5..bad12ea3 100644 +--- a/cmake/options.cmake ++++ b/cmake/options.cmake +@@ -90,7 +90,7 @@ if (ENABLE_SELINUX STREQUAL "ON") + message("${Green}-- Enable selinux${ColourReset}") + endif() + +-option(ENABLE_GRPC_REMOTE_CONNECT "enable gRPC remote connect" ON) ++option(ENABLE_GRPC_REMOTE_CONNECT "enable gRPC remote connect" OFF) + if (ENABLE_GRPC_REMOTE_CONNECT STREQUAL "ON") + add_definitions(-DENABLE_GRPC_REMOTE_CONNECT=1) + set(ENABLE_GRPC_REMOTE_CONNECT 1) +diff --git a/test/cutils/utils_verify/utils_verify_ut.cc b/test/cutils/utils_verify/utils_verify_ut.cc +index a68dfb66..b57b906d 100644 +--- a/test/cutils/utils_verify/utils_verify_ut.cc ++++ b/test/cutils/utils_verify/utils_verify_ut.cc +@@ -70,12 +70,14 @@ TEST(utils_verify, test_util_validate_socket) + ASSERT_EQ(util_validate_socket("unix://./isulad"), false); + ASSERT_EQ(util_validate_socket("unix://isulad"), false); + ++#ifdef ENABLE_GRPC_REMOTE_CONNECT + ASSERT_EQ(util_validate_socket("tcp://localhost:2375"), true); + ASSERT_EQ(util_validate_socket("tcp://127.0.0.1:2375"), true); + + ASSERT_EQ(util_validate_socket("tcp://"), false); + ASSERT_EQ(util_validate_socket("tcp://127.0.0.1"), false); + ASSERT_EQ(util_validate_socket("tcp://127.0.0.1,2375"), false); ++#endif + } + + TEST(utils_verify, test_util_valid_device_mode) +-- +2.42.0 + diff --git a/0155-2258-rollback-commit-for-update-possible-changed-res.patch b/0155-2258-rollback-commit-for-update-possible-changed-res.patch new file mode 100644 index 0000000..dc2ed49 --- /dev/null +++ b/0155-2258-rollback-commit-for-update-possible-changed-res.patch @@ -0,0 +1,782 @@ +From 131f59ea3175166143a56f92a018322548e73a44 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Tue, 21 Nov 2023 02:02:07 +0000 +Subject: [PATCH 155/181] !2258 rollback commit for update possible changed + resources for oci spec * rollback commit for update possible changed + resources for oci spec + +--- + .../container_cases/dev_cgroup_rule.sh | 50 +------ + CI/test_cases/container_cases/ulimit.sh | 13 -- + src/cmd/isulad/main.c | 13 +- + src/daemon/config/isulad_config.c | 6 +- + src/daemon/modules/api/specs_api.h | 11 +- + .../container/container_events_handler.c | 2 +- + .../modules/service/service_container.c | 68 ++------- + src/daemon/modules/spec/specs.c | 115 ++++++--------- + src/daemon/modules/spec/specs_mount.c | 133 +++--------------- + src/daemon/modules/spec/specs_mount.h | 6 +- + .../image/oci/oci_config_merge/CMakeLists.txt | 4 - + 11 files changed, 84 insertions(+), 337 deletions(-) + +diff --git a/CI/test_cases/container_cases/dev_cgroup_rule.sh b/CI/test_cases/container_cases/dev_cgroup_rule.sh +index 839a546c..651433c0 100755 +--- a/CI/test_cases/container_cases/dev_cgroup_rule.sh ++++ b/CI/test_cases/container_cases/dev_cgroup_rule.sh +@@ -25,10 +25,8 @@ source ../helpers.sh + function test_cpu_dev_cgoup_rule_spec() + { + local ret=0 +- local runtime=$1 + local image="busybox" +- local test="container device cgroup rule test with (${runtime}) => (${FUNCNAME[@]})" +- local test_dev="/dev/testA" ++ local test="container device cgroup rule test => (${FUNCNAME[@]})" + + msg_info "${test} starting..." + +@@ -38,47 +36,6 @@ function test_cpu_dev_cgoup_rule_spec() + isula images | grep busybox + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - missing list image: ${image}" && ((ret++)) + +- rm -f $test_dev +- priv_cid=$(isula run -tid --privileged --runtime $runtime $image /bin/sh) +- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - run priviledged container failed" && ((ret++)) +- priv_major_88_cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$priv_cid/config.json | grep "major\": 88" | wc -l) +- priv_minor_88_cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$priv_cid/config.json | grep "minor\": 88" | wc -l) +- +- mknod $test_dev c 88 88 +- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - mknod failed" && ((ret++)) +- isula restart -t 0 $priv_cid +- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - restart priviledge container failed" && ((ret++)) +- cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$priv_cid/config.json | grep "major\": 88" | wc -l) +- [[ $? -ne 0 ]]&& [[ $cnt -le $priv_major_88_cnt ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device major failed" && ((ret++)) +- cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$priv_cid/config.json | grep "minor\": 88" | wc -l) +- [[ $? -ne 0 ]] && [[ $cnt -le $priv_minor_88_cnt ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device minor failed" && ((ret++)) +- isula rm -f $priv_cid +- +- cid=$(isula run -tid --device "$test_dev:$test_dev" --runtime $runtime $image /bin/sh) +- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - run container failed" && ((ret++)) +- cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$cid/config.json | grep "major\": 88" | wc -l) +- [[ $? -ne 0 ]]&& [[ $cnt -ne 2 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device major failed" && ((ret++)) +- cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$cid/config.json | grep "minor\": 88" | wc -l) +- [[ $? -ne 0 ]] && [[ $cnt -ne 2 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device minor failed" && ((ret++)) +- isula exec -it $cid sh -c "cat /sys/fs/cgroup/devices/devices.list" | grep "c 88:88 rwm" +- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to check c 88:88 rwm: ${image}" && ((ret++)) +- isula stop -t 0 $cid +- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop container failed" && ((ret++)) +- rm -f $test_dev +- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - rm device failed" && ((ret++)) +- mknod $test_dev c 99 99 +- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - mknod failed" && ((ret++)) +- isula start $cid +- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start container failed" && ((ret++)) +- cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$cid/config.json | grep "major\": 99" | wc -l) +- [[ $? -ne 0 ]]&& [[ $cnt -ne 2 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device major failed" && ((ret++)) +- cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$cid/config.json | grep "minor\": 99" | wc -l) +- [[ $? -ne 0 ]] && [[ $cnt -ne 2 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device minor failed" && ((ret++)) +- isula exec -it $cid sh -c "cat /sys/fs/cgroup/devices/devices.list" | grep "c 99:99 rwm" +- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to check c 99:99 rwm: ${image}" && ((ret++)) +- isula rm -f $cid +- rm -f $test_dev +- + isula run -itd --device-cgroup-rule='b *:*' busybox 2>&1 | grep "Invalid value" + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - Invalid value" && ((ret++)) + +@@ -136,9 +93,6 @@ function test_cpu_dev_cgoup_rule_spec() + + declare -i ans=0 + +-for element in ${RUNTIME_LIST[@]}; +-do +- test_cpu_dev_cgoup_rule_spec $element || ((ans++)) +-done ++test_cpu_dev_cgoup_rule_spec || ((ans++)) + + show_result ${ans} "${curr_path}/${0}" +diff --git a/CI/test_cases/container_cases/ulimit.sh b/CI/test_cases/container_cases/ulimit.sh +index f823dc1c..29868041 100755 +--- a/CI/test_cases/container_cases/ulimit.sh ++++ b/CI/test_cases/container_cases/ulimit.sh +@@ -33,25 +33,12 @@ function test_ulimit() + local test="ulimit test with (${runtime})=> (${FUNCNAME[@]})" + msg_info "${test} starting..." + +- cid=$(isula run -tid --runtime $runtime $image /bin/sh) +- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check failed" && ((ret++)) +- cat ${RUNTIME_ROOT_PATH}/${runtime}/$cid/config.json | grep "RLIMIT_" +- [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check rlimit failed" && ((ret++)) +- + check_valgrind_log + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++)) + + start_isulad_with_valgrind --default-ulimit nproc=2048:4096 --default-ulimit nproc=2048:8192 --default-ulimit nofile=1024:4096 + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++)) + +- # if default ulimit of isulad changed, isula start should do update ulimit of oci spec +- isula restart -t 0 $cid +- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - restart failed" && ((ret++)) +- cat ${RUNTIME_ROOT_PATH}/${runtime}/$cid/config.json | grep "RLIMIT_" +- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check rlimit failed after restart" && ((ret++)) +- isula rm -f $cid +- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - rm container failed" && ((ret++)) +- + isula run --ulimit nproc= $image --runtime $runtime /bin/sh > $ulimitlog 2>&1 + cat $ulimitlog | grep "delimiter '=' can't be the first or the last character" + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check failed" && ((ret++)) +diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c +index 8d4d886b..e624cfdd 100644 +--- a/src/cmd/isulad/main.c ++++ b/src/cmd/isulad/main.c +@@ -1319,7 +1319,7 @@ static int ensure_isulad_tmpdir_security() + if (do_ensure_isulad_tmpdir_security("/tmp") != 0) { + WARN("Failed to ensure the /tmp directory is a safe directory"); + } +- ++ + return 0; + } + +@@ -1371,17 +1371,12 @@ static int isulad_server_init_common() + goto out; + } + +- if (spec_module_init() != 0) { +- ERROR("Failed to init spec module"); +- goto out; +- } +- +- if (containers_store_init() != 0) { ++ if (containers_store_init()) { + ERROR("Failed to init containers store"); + goto out; + } + +- if (container_name_index_init() != 0) { ++ if (container_name_index_init()) { + ERROR("Failed to init name index"); + goto out; + } +@@ -1787,7 +1782,7 @@ int main(int argc, char **argv) + msg = "Failed to init plugin_manager"; + goto failure; + } +-#endif ++#endif + + clock_gettime(CLOCK_MONOTONIC, &t_end); + use_time = (double)(t_end.tv_sec - t_start.tv_sec) * (double)1000000000 + (double)(t_end.tv_nsec - t_start.tv_nsec); +diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c +index ce2ae1c1..0e389dd1 100644 +--- a/src/daemon/config/isulad_config.c ++++ b/src/daemon/config/isulad_config.c +@@ -998,7 +998,7 @@ static defs_hook *hooks_elem_dup(const defs_hook *src) + dest = (defs_hook *)util_common_calloc_s(sizeof(defs_hook)); + if (dest == NULL) { + ERROR("Out of memory"); +- return NULL; ++ return NULL; + } + + dest->path = util_strdup_s(src->path); +@@ -1046,7 +1046,7 @@ static int hooks_array_dup(const defs_hook **src, const size_t src_len, defs_hoo + return -1; + } + +- for (i = 0; i < src_len; i++) { ++ for(i = 0; i < src_len; i++) { + tmp_dst[i] = hooks_elem_dup(src[i]); + if (tmp_dst[i] == NULL) { + ERROR("Failed to duplicate hooks element"); +@@ -1060,7 +1060,7 @@ static int hooks_array_dup(const defs_hook **src, const size_t src_len, defs_hoo + return 0; + + err_out: +- for (i = 0; i < tmp_len; i++) { ++ for(i = 0; i < tmp_len; i++) { + free_defs_hook(tmp_dst[i]); + } + free(tmp_dst); +diff --git a/src/daemon/modules/api/specs_api.h b/src/daemon/modules/api/specs_api.h +index 1a6af9ae..0a594d81 100644 +--- a/src/daemon/modules/api/specs_api.h ++++ b/src/daemon/modules/api/specs_api.h +@@ -29,7 +29,8 @@ int merge_all_specs(host_config *host_spec, const char *real_rootfs, container_c + oci_runtime_spec *oci_spec); + char *merge_container_cgroups_path(const char *id, const host_config *host_spec); + int merge_global_config(oci_runtime_spec *oci_spec); +- ++oci_runtime_spec *load_oci_config(const char *rootpath, const char *name); ++oci_runtime_spec *default_spec(bool system_container); + int merge_conf_cgroup(oci_runtime_spec *oci_spec, const host_config *host_spec); + int save_oci_config(const char *id, const char *rootpath, const oci_runtime_spec *oci_spec); + +@@ -39,14 +40,6 @@ int parse_security_opt(const host_config *host_spec, bool *no_new_privileges, ch + int merge_share_namespace(oci_runtime_spec *oci_spec, const host_config *host_spec, + const container_config_v2_common_config_network_settings *network_settings); + +-oci_runtime_spec *load_oci_config(const char *rootpath, const char *name); +- +-oci_runtime_spec *default_spec(bool system_container); +- +-const oci_runtime_spec *get_readonly_default_oci_spec(bool system_container); +- +-int spec_module_init(void); +- + #ifdef __cplusplus + } + #endif +diff --git a/src/daemon/modules/container/container_events_handler.c b/src/daemon/modules/container/container_events_handler.c +index 6a223bd2..d56c2ee0 100644 +--- a/src/daemon/modules/container/container_events_handler.c ++++ b/src/daemon/modules/container/container_events_handler.c +@@ -157,7 +157,7 @@ static int container_state_changed(container_t *cont, const struct isulad_events + container_wait_stop_cond_broadcast(cont); + #ifdef ENABLE_PLUGIN + plugin_event_container_post_stop(cont); +-#endif ++#endif + } + + auto_remove = !should_restart && cont->hostconfig != NULL && cont->hostconfig->auto_remove; +diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c +index a5c12862..58b27f90 100644 +--- a/src/daemon/modules/service/service_container.c ++++ b/src/daemon/modules/service/service_container.c +@@ -13,11 +13,19 @@ + * Description: provide container supervisor functions + ******************************************************************************/ + #define _GNU_SOURCE ++#include + #include + #include + #include + #include + #include ++#include ++#include ++#include ++#include ++#include ++#include ++#include + #include + #include + #include +@@ -27,28 +35,15 @@ + #include + #include + #include +-#include +-#include +-#include +-#include +- +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include + + #include "service_container_api.h" ++#include "isula_libutils/log.h" + #include "utils.h" + #include "err_msg.h" + #include "events_sender_api.h" + #include "image_api.h" + #include "specs_api.h" + #include "specs_mount.h" +-#include "specs_extend.h" + #include "isulad_config.h" + #include "verify.h" + #include "plugin_api.h" +@@ -683,43 +678,6 @@ out: + epoll_loop_close(&descr); + } + +-static int do_oci_spec_update(const char *id, oci_runtime_spec *oci_spec, host_config *hostconfig) +-{ +- char *cgroup_parent = NULL; +- int ret; +- +- // If isulad daemon cgroup parent updated, we should update this config into oci spec +- cgroup_parent = merge_container_cgroups_path(id, hostconfig); +- if (cgroup_parent == NULL) { +- return -1; +- } +- if (oci_spec->linux->cgroups_path != NULL && strcmp(oci_spec->linux->cgroups_path, cgroup_parent) != 0) { +- free(oci_spec->linux->cgroups_path); +- oci_spec->linux->cgroups_path = cgroup_parent; +- cgroup_parent = NULL; +- } +- free(cgroup_parent); +- +- // For Linux.Resources, isula update will save changes into oci spec; +- // so we just skip it; +- +- // Remove old devices and update all devices +- ret = update_devcies_for_oci_spec(oci_spec, hostconfig); +- if (ret != 0) { +- ERROR("Failed to do update devices for oci spec"); +- return -1; +- } +- +- // If isulad daemon ulimit updated, we should update this config into oci spec. +- if (merge_global_ulimit(oci_spec) != 0) { +- return -1; +- } +- +- // renew_oci_config() will update process->user and share namespace after. +- +- return 0; +-} +- + static int do_start_container(container_t *cont, const char *console_fifos[], bool reset_rm, pid_ppid_info_t *pid_info) + { + int ret = 0; +@@ -794,14 +752,6 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo + goto close_exit_fd; + } + +- // Update possible changes +- nret = do_oci_spec_update(id, oci_spec, cont->hostconfig); +- if (nret != 0) { +- ERROR("Failed to update possible changes for oci spec"); +- ret = -1; +- goto close_exit_fd; +- } +- + nret = setup_ipc_dirs(cont->hostconfig, cont->common_config); + if (nret != 0) { + ERROR("Failed to setup ipc dirs"); +diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c +index a8912c96..0c7d58b3 100644 +--- a/src/daemon/modules/spec/specs.c ++++ b/src/daemon/modules/spec/specs.c +@@ -17,8 +17,6 @@ + #include + #include + #include +-#include +-#include + #include + #include + #include +@@ -78,13 +76,6 @@ + #define CLONE_NEWCGROUP 0x02000000 + #endif + +-struct readonly_default_oci_spec { +- oci_runtime_spec *cont; +- oci_runtime_spec *system_cont; +-}; +- +-static struct readonly_default_oci_spec g_rdspec; +- + static int make_sure_oci_spec_annotations(oci_runtime_spec *oci_spec) + { + if (oci_spec->annotations == NULL) { +@@ -386,6 +377,29 @@ out: + return ret; + } + ++/* default_spec returns default oci spec used by isulad. */ ++oci_runtime_spec *default_spec(bool system_container) ++{ ++ const char *oci_file = OCICONFIG_PATH; ++ if (system_container) { ++ oci_file = OCI_SYSTEM_CONTAINER_CONFIG_PATH; ++ } ++ oci_runtime_spec *oci_spec = NULL; ++ parser_error err = NULL; ++ ++ /* parse the input oci file */ ++ oci_spec = oci_runtime_spec_parse_file(oci_file, NULL, &err); ++ if (oci_spec == NULL) { ++ ERROR("Failed to parse OCI specification file \"%s\", error message: %s", oci_file, err); ++ isulad_set_error_message("Can not read the default /etc/default/isulad/config.json file: %s", err); ++ goto out; ++ } ++ ++out: ++ free(err); ++ return oci_spec; ++} ++ + static int make_sure_oci_spec_root(oci_runtime_spec *oci_spec) + { + if (oci_spec->root == NULL) { +@@ -1697,20 +1711,20 @@ static int merge_resources_conf(oci_runtime_spec *oci_spec, host_config *host_sp + + ret = merge_conf_cgroup(oci_spec, host_spec); + if (ret != 0) { +- return -1; ++ goto out; + } + +- ret = merge_conf_blkio_device(oci_spec, host_spec); ++ ret = merge_conf_device(oci_spec, host_spec); + if (ret != 0) { +- return -1; ++ goto out; + } + +- ret = merge_conf_devices(oci_spec, host_spec); +- if (ret != 0) { +- return -1; ++ ret = merge_conf_mounts(oci_spec, host_spec, v2_spec); ++ if (ret) { ++ goto out; + } +- +- return merge_conf_mounts(oci_spec, host_spec, v2_spec); ++out: ++ return ret; + } + + static int merge_terminal(oci_runtime_spec *oci_spec, bool terminal) +@@ -2265,7 +2279,7 @@ oci_runtime_spec *load_oci_config(const char *rootpath, const char *name) + nret = snprintf(filename, sizeof(filename), "%s/%s/%s", rootpath, name, OCI_CONFIG_JSON); + if (nret < 0 || (size_t)nret >= sizeof(filename)) { + ERROR("Failed to print string"); +- return NULL; ++ goto out; + } + + ociconfig = oci_runtime_spec_parse_file(filename, NULL, &err); +@@ -2274,7 +2288,6 @@ oci_runtime_spec *load_oci_config(const char *rootpath, const char *name) + isulad_set_error_message("Parse oci config file failed:%s", err); + goto out; + } +- + out: + free(err); + return ociconfig; +@@ -2282,80 +2295,36 @@ out: + + int save_oci_config(const char *id, const char *rootpath, const oci_runtime_spec *oci_spec) + { ++ int ret = 0; + int nret = 0; ++ char *json_container = NULL; + char file_path[PATH_MAX] = { 0x0 }; + struct parser_context ctx = { OPT_PARSE_STRICT, stderr }; +- char *json_container = NULL; + parser_error err = NULL; +- int ret = 0; + + nret = snprintf(file_path, PATH_MAX, "%s/%s/%s", rootpath, id, OCI_CONFIG_JSON); + if (nret < 0 || (size_t)nret >= PATH_MAX) { + ERROR("Failed to print string"); +- return -1; ++ ret = -1; ++ goto out_free; + } + + json_container = oci_runtime_spec_generate_json(oci_spec, &ctx, &err); + if (json_container == NULL) { + ERROR("Failed to generate json: %s", err); + ret = -1; +- goto out; ++ goto out_free; + } + +- nret = util_atomic_write_file(file_path, json_container, strlen(json_container), DEFAULT_SECURE_FILE_MODE, false); +- if (nret != 0) { ++ if (util_atomic_write_file(file_path, json_container, strlen(json_container), DEFAULT_SECURE_FILE_MODE, false) != ++ 0) { + SYSERROR("write json container failed"); + ret = -1; +- goto out; ++ goto out_free; + } + +-out: +- free(json_container); ++out_free: + free(err); ++ free(json_container); + return ret; + } +- +-/* default_spec returns default oci spec used by isulad. */ +-oci_runtime_spec *default_spec(bool system_container) +-{ +- const char *oci_file = OCICONFIG_PATH; +- if (system_container) { +- oci_file = OCI_SYSTEM_CONTAINER_CONFIG_PATH; +- } +- oci_runtime_spec *oci_spec = NULL; +- parser_error err = NULL; +- +- /* parse the input oci file */ +- oci_spec = oci_runtime_spec_parse_file(oci_file, NULL, &err); +- if (oci_spec == NULL) { +- ERROR("Failed to parse OCI specification file \"%s\", error message: %s", oci_file, err); +- isulad_set_error_message("Can not read the default %s file: %s", oci_file, err); +- goto out; +- } +- +-out: +- free(err); +- return oci_spec; +-} +- +-const oci_runtime_spec *get_readonly_default_oci_spec(bool system_container) +-{ +- if (system_container) { +- return g_rdspec.system_cont; +- } +- +- return g_rdspec.cont; +-} +- +-int spec_module_init(void) +-{ +- g_rdspec.cont = default_spec(false); +- if (g_rdspec.cont == NULL) { +- return -1; +- } +- g_rdspec.system_cont = default_spec(true); +- if (g_rdspec.system_cont == NULL) { +- return -1; +- } +- return 0; +-} +\ No newline at end of file +diff --git a/src/daemon/modules/spec/specs_mount.c b/src/daemon/modules/spec/specs_mount.c +index bb2b200a..cd3a5c9d 100644 +--- a/src/daemon/modules/spec/specs_mount.c ++++ b/src/daemon/modules/spec/specs_mount.c +@@ -53,7 +53,6 @@ + #include "image_api.h" + #include "volume_api.h" + #include "parse_volume.h" +-#include "specs_api.h" + + enum update_rw { + update_rw_untouch, +@@ -2213,24 +2212,7 @@ out: + return ret; + } + +-int merge_conf_devices(oci_runtime_spec *oci_spec, host_config *host_spec) +-{ +- /* devices which will be populated into container */ +- if (merge_conf_populate_device(oci_spec, host_spec)) { +- ERROR("Merge user define devices failed"); +- return -1; +- } +- +- /* device cgroup rules which will be added into container */ +- if (merge_conf_device_cgroup_rule(oci_spec, host_spec)) { +- ERROR("Merge user define device cgroup rules failed"); +- return -1; +- } +- +- return 0; +-} +- +-int merge_conf_blkio_device(oci_runtime_spec *oci_spec, host_config *host_spec) ++int merge_conf_device(oci_runtime_spec *oci_spec, host_config *host_spec) + { + int ret = 0; + +@@ -2244,7 +2226,7 @@ int merge_conf_blkio_device(oci_runtime_spec *oci_spec, host_config *host_spec) + ret = merge_blkio_weight_device(oci_spec, host_spec->blkio_weight_device, host_spec->blkio_weight_device_len); + if (ret != 0) { + ERROR("Failed to merge blkio weight devices"); +- return -1; ++ goto out; + } + } + +@@ -2254,7 +2236,7 @@ int merge_conf_blkio_device(oci_runtime_spec *oci_spec, host_config *host_spec) + host_spec->blkio_device_read_bps_len); + if (ret != 0) { + ERROR("Failed to merge blkio read bps devices"); +- return -1; ++ goto out; + } + } + +@@ -2264,7 +2246,7 @@ int merge_conf_blkio_device(oci_runtime_spec *oci_spec, host_config *host_spec) + host_spec->blkio_device_write_bps_len); + if (ret != 0) { + ERROR("Failed to merge blkio write bps devices"); +- return -1; ++ goto out; + } + } + +@@ -2274,7 +2256,7 @@ int merge_conf_blkio_device(oci_runtime_spec *oci_spec, host_config *host_spec) + host_spec->blkio_device_read_iops_len); + if (ret != 0) { + ERROR("Failed to merge blkio read iops devices"); +- return -1; ++ goto out; + } + } + +@@ -2284,11 +2266,24 @@ int merge_conf_blkio_device(oci_runtime_spec *oci_spec, host_config *host_spec) + host_spec->blkio_device_write_iops_len); + if (ret != 0) { + ERROR("Failed to merge blkio write iops devices"); +- return -1; ++ goto out; + } + } + +- return 0; ++ /* devices which will be populated into container */ ++ if (merge_conf_populate_device(oci_spec, host_spec)) { ++ ret = -1; ++ goto out; ++ } ++ ++ /* device cgroup rules which will be added into container */ ++ if (merge_conf_device_cgroup_rule(oci_spec, host_spec)) { ++ ret = -1; ++ goto out; ++ } ++ ++out: ++ return ret; + } + + static bool mounts_expand(defs_mount ***all_mounts, size_t *all_mounts_len, size_t add_len) +@@ -3493,91 +3488,3 @@ out: + free(mntparent); + return ret; + } +- +-int update_devcies_for_oci_spec(oci_runtime_spec *oci_spec, host_config *hostconfig) +-{ +- const oci_runtime_spec *readonly_spec = NULL; +- size_t i; +- int ret; +- +- // Step1: get default oci spec config +- readonly_spec = get_readonly_default_oci_spec(hostconfig->system_container); +- +- // Step2: clear oci_spec devices items +- for (i = 0; i < oci_spec->linux->devices_len; i++) { +- free_defs_device(oci_spec->linux->devices[i]); +- oci_spec->linux->devices[i] = NULL; +- } +- // Step3: if default devices length more than old spec, just realloc memory +- if (readonly_spec->linux->devices_len > oci_spec->linux->devices_len) { +- free(oci_spec->linux->devices); +- oci_spec->linux->devices = util_smart_calloc_s(sizeof(defs_device *), readonly_spec->linux->devices_len); +- if (oci_spec->linux->devices == NULL) { +- oci_spec->linux->devices_len = 0; +- ERROR("Out of memory"); +- return -1; +- } +- } +- oci_spec->linux->devices_len = 0; +- // Step4: copy default devices to oci spec +- for (i = 0; i < readonly_spec->linux->devices_len; i++) { +- defs_device *tmp_dev = util_common_calloc_s(sizeof(defs_device)); +- if (tmp_dev == NULL) { +- ERROR("Out of memory"); +- return -1; +- } +- tmp_dev->type = util_strdup_s(readonly_spec->linux->devices[i]->type); +- tmp_dev->path = util_strdup_s(readonly_spec->linux->devices[i]->path); +- tmp_dev->file_mode = readonly_spec->linux->devices[i]->file_mode; +- tmp_dev->major = readonly_spec->linux->devices[i]->major; +- tmp_dev->minor = readonly_spec->linux->devices[i]->minor; +- tmp_dev->uid = readonly_spec->linux->devices[i]->uid; +- tmp_dev->gid = readonly_spec->linux->devices[i]->gid; +- oci_spec->linux->devices[i] = tmp_dev; +- oci_spec->linux->devices_len += 1; +- } +- +- // Step5: clear oci_spec device cgroup rules +- for (i = 0; i < oci_spec->linux->resources->devices_len; i++) { +- free_defs_device_cgroup(oci_spec->linux->resources->devices[i]); +- oci_spec->linux->resources->devices[i] = NULL; +- } +- // Step6: if default devices lenght more than old spec, just realloc memory +- if (readonly_spec->linux->resources->devices_len > oci_spec->linux->resources->devices_len) { +- free(oci_spec->linux->resources->devices); +- oci_spec->linux->resources->devices = util_smart_calloc_s(sizeof(defs_device_cgroup *), +- readonly_spec->linux->resources->devices_len); +- if (oci_spec->linux->resources->devices == NULL) { +- oci_spec->linux->resources->devices_len = 0; +- ERROR("Out of memory"); +- return -1; +- } +- } +- oci_spec->linux->resources->devices_len = 0; +- // Step7: copy default device cgroup rules to oci spec +- for (i = 0; i < readonly_spec->linux->resources->devices_len; i++) { +- defs_device_cgroup *tmp_dev_cg = util_common_calloc_s(sizeof(defs_device_cgroup)); +- if (tmp_dev_cg == NULL) { +- ERROR("Out of memory"); +- return -1; +- } +- tmp_dev_cg->allow = readonly_spec->linux->resources->devices[i]->allow; +- tmp_dev_cg->major = readonly_spec->linux->resources->devices[i]->major; +- tmp_dev_cg->minor = readonly_spec->linux->resources->devices[i]->minor; +- tmp_dev_cg->type = util_strdup_s(readonly_spec->linux->resources->devices[i]->type); +- tmp_dev_cg->access = util_strdup_s(readonly_spec->linux->resources->devices[i]->access); +- oci_spec->linux->resources->devices[i] = tmp_dev_cg; +- oci_spec->linux->resources->devices_len += 1; +- } +- +- // Step8: do update devices and cgroup device rules at here +- if (hostconfig->privileged) { +- // Step8.1: for priviledged container, we should merge all devices under /dev +- ret = merge_all_devices_and_all_permission(oci_spec); +- } else { +- // Step8.2: for common container, we should merge devices defined by user in hostconfig +- ret = merge_conf_devices(oci_spec, hostconfig); +- } +- +- return ret; +-} +\ No newline at end of file +diff --git a/src/daemon/modules/spec/specs_mount.h b/src/daemon/modules/spec/specs_mount.h +index b742ca35..8a28f0e2 100644 +--- a/src/daemon/modules/spec/specs_mount.h ++++ b/src/daemon/modules/spec/specs_mount.h +@@ -41,14 +41,10 @@ int set_mounts_readwrite_option(const oci_runtime_spec *oci_spec); + + int merge_all_devices_and_all_permission(oci_runtime_spec *oci_spec); + +-int merge_conf_devices(oci_runtime_spec *oci_spec, host_config *host_spec); +- +-int merge_conf_blkio_device(oci_runtime_spec *oci_spec, host_config *host_spec); ++int merge_conf_device(oci_runtime_spec *oci_spec, host_config *host_spec); + + int setup_ipc_dirs(host_config *host_spec, container_config_v2_common_config *v2_spec); + +-int update_devcies_for_oci_spec(oci_runtime_spec *oci_spec, host_config *hostconfig); +- + #ifdef __cplusplus + } + #endif +diff --git a/test/image/oci/oci_config_merge/CMakeLists.txt b/test/image/oci/oci_config_merge/CMakeLists.txt +index d76de35d..42cd2e78 100644 +--- a/test/image/oci/oci_config_merge/CMakeLists.txt ++++ b/test/image/oci/oci_config_merge/CMakeLists.txt +@@ -31,11 +31,7 @@ add_executable(${EXE} + ${CMAKE_CURRENT_SOURCE_DIR}/../../../../test/mocks/namespace_mock.cc + ${CMAKE_CURRENT_SOURCE_DIR}/../../../../test/mocks/container_unix_mock.cc + ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/spec/parse_volume.c +- ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/spec/specs.c +- ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/spec/parse_volume.c + ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/spec/specs_mount.c +- ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/spec/specs_extend.c +- ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/spec/specs_security.c + ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/volume/volume.c + ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/volume/local.c + ${CMAKE_CURRENT_SOURCE_DIR}/../../../../test/mocks/selinux_label_mock.cc +-- +2.42.0 + diff --git a/0156-2259-lcr-container-with-a-damaged-config-file-will-r.patch b/0156-2259-lcr-container-with-a-damaged-config-file-will-r.patch new file mode 100644 index 0000000..5c45bf4 --- /dev/null +++ b/0156-2259-lcr-container-with-a-damaged-config-file-will-r.patch @@ -0,0 +1,381 @@ +From 4aca7cb9609cfab18a48808d60bad96ddc996f22 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Tue, 21 Nov 2023 03:23:20 +0000 +Subject: [PATCH 156/181] !2259 lcr container with a damaged config file will + rebuild the config during restore * lcr container with a damaged config file + will rebuild the config during restore + +--- + src/common/constants.h | 2 + + src/daemon/modules/api/runtime_api.h | 7 ++ + .../modules/container/restore/restore.c | 27 +++-- + .../modules/runtime/engines/lcr/lcr_rt_ops.c | 98 ++++++++++++++++++- + .../modules/runtime/engines/lcr/lcr_rt_ops.h | 1 + + .../modules/runtime/isula/isula_rt_ops.c | 6 ++ + .../modules/runtime/isula/isula_rt_ops.h | 1 + + src/daemon/modules/runtime/runtime.c | 21 ++++ + src/daemon/modules/runtime/shim/shim_rt_ops.c | 6 ++ + src/daemon/modules/runtime/shim/shim_rt_ops.h | 2 + + 10 files changed, 162 insertions(+), 9 deletions(-) + +diff --git a/src/common/constants.h b/src/common/constants.h +index 94bc9886..a567ee9c 100644 +--- a/src/common/constants.h ++++ b/src/common/constants.h +@@ -86,6 +86,8 @@ extern "C" { + + #define LOG_MAX_RETRIES 10 + ++#define INVALID_CONFIG_ERR_CODE 2 ++ + #define MAX_MSG_BUFFER_SIZE (32 * 1024) + + #define DEFAULT_WEBSOCKET_SERVER_LISTENING_PORT 10350 +diff --git a/src/daemon/modules/api/runtime_api.h b/src/daemon/modules/api/runtime_api.h +index a8dfdeae..3fb40dae 100644 +--- a/src/daemon/modules/api/runtime_api.h ++++ b/src/daemon/modules/api/runtime_api.h +@@ -41,6 +41,7 @@ typedef enum { + struct runtime_container_status_info { + bool has_pid; + uint32_t pid; ++ int error_code; + Runtime_Container_Status status; + }; + +@@ -190,6 +191,10 @@ typedef struct _rt_exec_resize_params_t { + unsigned int width; + } rt_exec_resize_params_t; + ++typedef struct _rt_runtime_rebuild_config_params_t { ++ const char *rootpath; ++} rt_rebuild_config_params_t; ++ + struct rt_ops { + /* detect whether runtime is of this runtime type */ + bool (*detect)(const char *runtime); +@@ -226,6 +231,7 @@ struct rt_ops { + rt_listpids_out_t *out); + int (*rt_resize)(const char *name, const char *runtime, const rt_resize_params_t *params); + int (*rt_exec_resize)(const char *name, const char *runtime, const rt_exec_resize_params_t *params); ++ int (*rt_rebuild_config)(const char *name, const char *runtime, const rt_rebuild_config_params_t *params); + }; + + int runtime_create(const char *name, const char *runtime, const rt_create_params_t *params); +@@ -246,6 +252,7 @@ int runtime_attach(const char *name, const char *runtime, const rt_attach_params + int runtime_update(const char *name, const char *runtime, const rt_update_params_t *params); + + int runtime_listpids(const char *name, const char *runtime, const rt_listpids_params_t *params, rt_listpids_out_t *out); ++int runtime_rebuild_config(const char *name, const char *runtime, const rt_rebuild_config_params_t *params); + void free_rt_listpids_out_t(rt_listpids_out_t *out); + int runtime_resize(const char *name, const char *runtime, const rt_resize_params_t *params); + int runtime_exec_resize(const char *name, const char *runtime, const rt_exec_resize_params_t *params); +diff --git a/src/daemon/modules/container/restore/restore.c b/src/daemon/modules/container/restore/restore.c +index aca17a15..5f8abc9f 100644 +--- a/src/daemon/modules/container/restore/restore.c ++++ b/src/daemon/modules/container/restore/restore.c +@@ -16,15 +16,17 @@ + #include + #include + #include +-#include +-#include + #include + #include + #include + #include + ++#include ++#include ++#include ++ + #include "isulad_config.h" +-#include "isula_libutils/log.h" ++ + #include "container_api.h" + #include "supervisor.h" + #include "containers_gc.h" +@@ -281,9 +283,22 @@ static void restore_state(container_t *cont) + params.state = cont->state_path; + nret = runtime_status(id, runtime, ¶ms, &real_status); + if (nret != 0) { +- ERROR("Failed to restore container %s, make real status to STOPPED. Due to can not load container with status %d", +- id, status); +- real_status.status = RUNTIME_CONTAINER_STATUS_STOPPED; ++ bool rebuild_config = (real_status.error_code == INVALID_CONFIG_ERR_CODE); ++ int tempret = -1; ++ // only the lcr container with a damaged config file will rebuild the config ++ if (rebuild_config) { ++ rt_rebuild_config_params_t rebuild_params = { 0 }; ++ rebuild_params.rootpath = cont->root_path; ++ nret = runtime_rebuild_config(id, runtime, &rebuild_params); ++ EVENT("Rebuild config for container: %s, result : %d", id, nret); ++ if (nret == 0) { ++ tempret = runtime_status(id, runtime, ¶ms, &real_status); ++ } ++ } ++ if (tempret != 0) { ++ WARN("Failed to restore container %s, make real status to STOPPED. Due to cannot load container with status %d", id, status); ++ real_status.status = RUNTIME_CONTAINER_STATUS_STOPPED; ++ } + } + + if (real_status.status == RUNTIME_CONTAINER_STATUS_STOPPED) { +diff --git a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c +index f61316d0..2bd8e686 100644 +--- a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c ++++ b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c +@@ -16,15 +16,17 @@ + #include + #include + #include +-#include +-#include + #include + #include + #include + #include + ++#include ++#include ++#include ++#include ++ + #include "lcr_rt_ops.h" +-#include "isula_libutils/log.h" + #include "engine.h" + #include "error.h" + #include "isulad_config.h" +@@ -32,6 +34,8 @@ + #include "runtime_api.h" + #include "utils_file.h" + ++#define LCR_CONFIG_FILE "config" ++ + bool rt_lcr_detect(const char *runtime) + { + /* now we just support lcr engine */ +@@ -276,6 +280,17 @@ int rt_lcr_status(const char *name, const char *runtime, const rt_status_params_ + nret = engine_ops->engine_get_container_status_op(name, params->rootpath, status); + if (nret != 0) { + ret = -1; ++ const char *tmpmsg = NULL; ++ if (engine_ops->engine_get_errmsg_op != NULL) { ++ tmpmsg = engine_ops->engine_get_errmsg_op(); ++ } ++ if (tmpmsg != NULL && strstr(tmpmsg, "Failed to load config") != NULL) { ++ status->error_code = INVALID_CONFIG_ERR_CODE; ++ } ++ isulad_set_error_message("Runtime state container error: %s", ++ (tmpmsg != NULL && strcmp(tmpmsg, DEF_SUCCESS_STR)) != 0 ? tmpmsg : DEF_ERR_RUNTIME_STR); ++ ERROR("Runtime state container error: %s", ++ (tmpmsg != NULL && strcmp(tmpmsg, DEF_SUCCESS_STR)) != 0 ? tmpmsg : DEF_ERR_RUNTIME_STR); + goto out; + } + +@@ -756,3 +771,80 @@ int rt_lcr_kill(const char *id, const char *runtime, const rt_kill_params_t *par + + return 0; + } ++ ++int rt_lcr_rebuild_config(const char *name, const char *runtime, const rt_rebuild_config_params_t *params) ++{ ++ int ret = -1; ++ int nret = 0; ++ char config_file[PATH_MAX] = { 0 }; ++ char bak_config_file[PATH_MAX] = { 0 }; ++ char oci_config_file[PATH_MAX] = { 0 }; ++ struct engine_operation *engine_ops = NULL; ++ oci_runtime_spec *oci_spec = NULL; ++ parser_error err = NULL; ++ ++ engine_ops = engines_get_handler(runtime); ++ if (engine_ops == NULL || engine_ops->engine_create_op == NULL) { ++ ERROR("Failed to get engine rebuild config operations"); ++ return -1; ++ } ++ ++ nret = snprintf(config_file, PATH_MAX, "%s/%s/%s", params->rootpath, name, LCR_CONFIG_FILE); ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { ++ ERROR("Failed to snprintf config file for container %s", name); ++ return -1; ++ } ++ ++ nret = snprintf(bak_config_file, PATH_MAX, "%s/%s/%s", params->rootpath, name, ".tmp_config_bak"); ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { ++ ERROR("Failed to snprintf bak config file for container %s", name); ++ return -1; ++ } ++ ++ nret = snprintf(oci_config_file, sizeof(oci_config_file), "%s/%s/%s", params->rootpath, name, OCI_CONFIG_JSON); ++ if (nret < 0 || (size_t)nret >= sizeof(oci_config_file)) { ++ ERROR("Failed to snprintf for config json"); ++ return -1; ++ } ++ ++ oci_spec = oci_runtime_spec_parse_file(oci_config_file, NULL, &err); ++ if (oci_spec == NULL) { ++ ERROR("Failed to parse oci config file:%s", err); ++ free(err); ++ return -1; ++ } ++ ++ // delete the bak config file to prevent the remnants of the previous bak file ++ if (util_fileself_exists(bak_config_file) && util_path_remove(bak_config_file) != 0) { ++ ERROR("Failed to remove bak_config_file for container: %s", name); ++ goto out; ++ } ++ ++ if (util_fileself_exists(config_file) && rename(config_file, bak_config_file) != 0) { ++ ERROR("Failed to backup old config for container: %s", name); ++ goto out; ++ } ++ ++ nret = engine_ops->engine_create_op(name, params->rootpath, (void *)oci_spec); ++ if (nret != 0) { ++ // delete the invalid config file to prevent rename failed ++ if (util_fileself_exists(config_file) && util_path_remove(config_file) != 0) { ++ WARN("Failed to remove bak_config_file for container %s", name); ++ } ++ if (util_fileself_exists(bak_config_file) && rename(bak_config_file, config_file) != 0) { ++ WARN("Failed to rename backup old config to config for container %s", name); ++ } ++ } ++ ret = nret != 0 ? -1 : 0; ++ ++out: ++ if (engine_ops != NULL && engine_ops->engine_clear_errmsg_op != NULL) { ++ engine_ops->engine_clear_errmsg_op(); ++ } ++ if (util_fileself_exists(bak_config_file) && util_path_remove(bak_config_file) != 0) { ++ WARN("Failed to remove bak_config_file for %s", name); ++ } ++ free_oci_runtime_spec(oci_spec); ++ free(err); ++ return ret; ++} +diff --git a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.h b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.h +index 5b74ad6c..7403544d 100644 +--- a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.h ++++ b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.h +@@ -47,6 +47,7 @@ int rt_lcr_resources_stats(const char *name, const char *runtime, const rt_stats + int rt_lcr_resize(const char *id, const char *runtime, const rt_resize_params_t *params); + int rt_lcr_exec_resize(const char *id, const char *runtime, const rt_exec_resize_params_t *params); + int rt_lcr_kill(const char *id, const char *runtime, const rt_kill_params_t *params); ++int rt_lcr_rebuild_config(const char *name, const char *runtime, const rt_rebuild_config_params_t *params); + #ifdef __cplusplus + } + #endif +diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c +index 6c5d809e..e88cb8bb 100644 +--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c ++++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c +@@ -1718,5 +1718,11 @@ int rt_isula_kill(const char *id, const char *runtime, const rt_kill_params_t *p + } + } + ++ return 0; ++} ++ ++// the config file of oci runtime is config.json. If it is damaged, it cannot be rebuilt. ++int rt_isula_rebuild_config(const char *name, const char *runtime, const rt_rebuild_config_params_t *params) ++{ + return 0; + } +\ No newline at end of file +diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.h b/src/daemon/modules/runtime/isula/isula_rt_ops.h +index 41e438fc..b1fa6983 100644 +--- a/src/daemon/modules/runtime/isula/isula_rt_ops.h ++++ b/src/daemon/modules/runtime/isula/isula_rt_ops.h +@@ -46,6 +46,7 @@ int rt_isula_resources_stats(const char *name, const char *runtime, const rt_sta + int rt_isula_resize(const char *id, const char *runtime, const rt_resize_params_t *params); + int rt_isula_exec_resize(const char *id, const char *runtime, const rt_exec_resize_params_t *params); + int rt_isula_kill(const char *id, const char *runtime, const rt_kill_params_t *params); ++int rt_isula_rebuild_config(const char *name, const char *runtime, const rt_rebuild_config_params_t *params); + + #ifdef __cplusplus + } +diff --git a/src/daemon/modules/runtime/runtime.c b/src/daemon/modules/runtime/runtime.c +index f2222315..f44cb7e3 100644 +--- a/src/daemon/modules/runtime/runtime.c ++++ b/src/daemon/modules/runtime/runtime.c +@@ -45,6 +45,7 @@ static const struct rt_ops g_lcr_rt_ops = { + .rt_resize = rt_lcr_resize, + .rt_exec_resize = rt_lcr_exec_resize, + .rt_kill = rt_lcr_kill, ++ .rt_rebuild_config = rt_lcr_rebuild_config, + }; + + static const struct rt_ops g_isula_rt_ops = { +@@ -65,6 +66,7 @@ static const struct rt_ops g_isula_rt_ops = { + .rt_resize = rt_isula_resize, + .rt_exec_resize = rt_isula_exec_resize, + .rt_kill = rt_isula_kill, ++ .rt_rebuild_config = rt_isula_rebuild_config, + }; + + #ifdef ENABLE_SHIM_V2 +@@ -86,6 +88,7 @@ static const struct rt_ops g_shim_rt_ops = { + .rt_resize = rt_shim_resize, + .rt_exec_resize = rt_shim_exec_resize, + .rt_kill = rt_shim_kill, ++ .rt_rebuild_config = rt_shim_rebuild_config, + }; + #endif + +@@ -465,6 +468,24 @@ out: + return ret; + } + ++int runtime_rebuild_config(const char *name, const char *runtime, const rt_rebuild_config_params_t *params) ++{ ++ const struct rt_ops *ops = NULL; ++ ++ if (name == NULL || runtime == NULL || params == NULL) { ++ ERROR("Invalid arguments for runtime rebuild config"); ++ return -1; ++ } ++ ++ ops = rt_ops_query(runtime); ++ if (ops == NULL) { ++ ERROR("Failed to get runtime ops"); ++ return -1; ++ } ++ ++ return ops->rt_rebuild_config(name, runtime, params); ++} ++ + int runtime_resize(const char *name, const char *runtime, const rt_resize_params_t *params) + { + int ret = 0; +diff --git a/src/daemon/modules/runtime/shim/shim_rt_ops.c b/src/daemon/modules/runtime/shim/shim_rt_ops.c +index fccdf634..230c627a 100644 +--- a/src/daemon/modules/runtime/shim/shim_rt_ops.c ++++ b/src/daemon/modules/runtime/shim/shim_rt_ops.c +@@ -668,3 +668,9 @@ int rt_shim_kill(const char *id, const char *runtime, const rt_kill_params_t *pa + + return 0; + } ++ ++// the config file of oci runtime is config.json. If it is damaged, it cannot be rebuilt. ++int rt_shim_rebuild_config(const char *name, const char *runtime, const rt_rebuild_config_params_t *params) ++{ ++ return 0; ++} +\ No newline at end of file +diff --git a/src/daemon/modules/runtime/shim/shim_rt_ops.h b/src/daemon/modules/runtime/shim/shim_rt_ops.h +index 575210af..85e1e09e 100644 +--- a/src/daemon/modules/runtime/shim/shim_rt_ops.h ++++ b/src/daemon/modules/runtime/shim/shim_rt_ops.h +@@ -60,6 +60,8 @@ int rt_shim_resize(const char *id, const char *runtime, const rt_resize_params_t + + int rt_shim_exec_resize(const char *id, const char *runtime, const rt_exec_resize_params_t *params); + ++int rt_shim_rebuild_config(const char *name, const char *runtime, const rt_rebuild_config_params_t *params); ++ + #ifdef __cplusplus + } + #endif +-- +2.42.0 + diff --git a/0157-2263-use-dev-random-to-replace-dev-urandom.patch b/0157-2263-use-dev-random-to-replace-dev-urandom.patch new file mode 100644 index 0000000..286fd01 --- /dev/null +++ b/0157-2263-use-dev-random-to-replace-dev-urandom.patch @@ -0,0 +1,54 @@ +From cb6c4fbd56f57b01773c8f8d39de5e434f218f87 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Tue, 21 Nov 2023 03:48:56 +0000 +Subject: [PATCH 157/181] !2263 use /dev/random to replace /dev/urandom * use + /dev/random to replace /dev/urandom + +--- + src/cmd/isulad-shim/common.c | 2 +- + src/daemon/common/selinux_label.c | 2 +- + src/utils/cutils/utils.c | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/cmd/isulad-shim/common.c b/src/cmd/isulad-shim/common.c +index c88de736..72da932a 100644 +--- a/src/cmd/isulad-shim/common.c ++++ b/src/cmd/isulad-shim/common.c +@@ -214,7 +214,7 @@ int generate_random_str(char *id, size_t len) + const int m = 256; + + len = len / 2; +- fd = open("/dev/urandom", O_RDONLY); ++ fd = open("/dev/random", O_RDONLY); + if (fd == -1) { + return SHIM_ERR; + } +diff --git a/src/daemon/common/selinux_label.c b/src/daemon/common/selinux_label.c +index 7a295250..c1c52714 100644 +--- a/src/daemon/common/selinux_label.c ++++ b/src/daemon/common/selinux_label.c +@@ -304,7 +304,7 @@ static int get_random_value(unsigned int range, unsigned int *val) + { + int ret = 0; + int num = 0; +- int fd = open("/dev/urandom", O_RDONLY); ++ int fd = open("/dev/random", O_RDONLY); + if (fd == -1) { + ERROR("Failed to open urandom device\n"); + return -1; +diff --git a/src/utils/cutils/utils.c b/src/utils/cutils/utils.c +index a994731d..7615a94c 100644 +--- a/src/utils/cutils/utils.c ++++ b/src/utils/cutils/utils.c +@@ -1284,7 +1284,7 @@ int util_generate_random_str(char *id, size_t len) + } + + len = len / 2; +- fd = open("/dev/urandom", O_RDONLY); ++ fd = open("/dev/random", O_RDONLY); + if (fd == -1) { + ERROR("Failed to open /dev/urandom"); + return -1; +-- +2.42.0 + diff --git a/0158-2264-bugfix-for-runc-container-exec.patch b/0158-2264-bugfix-for-runc-container-exec.patch new file mode 100644 index 0000000..7f94422 --- /dev/null +++ b/0158-2264-bugfix-for-runc-container-exec.patch @@ -0,0 +1,39 @@ +From 7e09213651e3e93a84614198141317a2dda4094c Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Tue, 21 Nov 2023 03:49:35 +0000 +Subject: [PATCH 158/181] !2264 bugfix for runc container exec * bugfix for + runc container exec + +--- + src/daemon/modules/runtime/isula/isula_rt_ops.c | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c +index e88cb8bb..f058ce84 100644 +--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c ++++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c +@@ -1313,17 +1313,16 @@ int rt_isula_exec(const char *id, const char *runtime, const rt_exec_params_t *p + } + + ret = shim_create(fg_exec(params), id, workdir, bundle, cmd, exit_code, timeout, &shim_exit_code); +- if (ret != 0) { +- ERROR("%s: failed create shim process for exec %s", id, exec_id); +- goto errlog_out; +- } +- + if (shim_exit_code == SHIM_EXIT_TIMEOUT) { + ret = -1; + isulad_set_error_message("Exec container error;exec timeout"); + ERROR("isulad-shim %d exit for execing timeout", pid); + goto errlog_out; + } ++ if (ret != 0) { ++ ERROR("%s: failed create shim process for exec %s", id, exec_id); ++ goto errlog_out; ++ } + + pid = get_container_process_pid(workdir); + if (pid < 0) { +-- +2.42.0 + diff --git a/0159-2262-bugfix-of-update-restart-policy-for-auto-remove.patch b/0159-2262-bugfix-of-update-restart-policy-for-auto-remove.patch new file mode 100644 index 0000000..5ad3715 --- /dev/null +++ b/0159-2262-bugfix-of-update-restart-policy-for-auto-remove.patch @@ -0,0 +1,103 @@ +From 851d68654e8025bbb1fe2380eddb24457addb4e5 Mon Sep 17 00:00:00 2001 +From: zhangxiaoyu +Date: Tue, 21 Nov 2023 03:49:56 +0000 +Subject: [PATCH 159/181] !2262 bugfix of update restart policy for auto remove + container * add update restart policy test * bugfix of update restart policy + for auto remove container + +--- + CI/test_cases/container_cases/update.sh | 26 +++++++++++++++++++ + .../executor/container_cb/execution_extend.c | 18 ++++++++----- + 2 files changed, 37 insertions(+), 7 deletions(-) + +diff --git a/CI/test_cases/container_cases/update.sh b/CI/test_cases/container_cases/update.sh +index 9147b9e0..d180c195 100755 +--- a/CI/test_cases/container_cases/update.sh ++++ b/CI/test_cases/container_cases/update.sh +@@ -138,6 +138,27 @@ function do_test_t() + return $TC_RET_T + } + ++function test_autoremove_restartpolicy() ++{ ++ containername=test_update2 ++ containerid=`isula run -itd --runtime $1 --rm --name $containername busybox` ++ fn_check_eq "$?" "0" "run failed" ++ ++ isula update --restart always $containerid ++ fn_check_ne "$?" "0" "update should fail" ++ ++ isula update --restart nooooooooooo $containerid ++ fn_check_ne "$?" "0" "update should fail" ++ ++ isula update --restart no $containerid ++ fn_check_eq "$?" "0" "update restart policy no failed" ++ ++ isula rm -f $containername ++ fn_check_eq "$?" "0" "rm failed" ++ ++ return $TC_RET_T ++} ++ + function do_test_t1() + { + containername=test_update1 +@@ -173,6 +194,11 @@ do + let "ret=$ret + 1" + fi + ++ test_autoremove_restartpolicy $element ++ if [ $? -ne 0 ];then ++ let "ret=$ret + 1" ++ fi ++ + if [ -f "/sys/fs/cgroup/memory/memory.memsw.usage_in_bytes" ];then + do_test_t1 $element + if [ $? -ne 0 ];then +diff --git a/src/daemon/executor/container_cb/execution_extend.c b/src/daemon/executor/container_cb/execution_extend.c +index 00d130ac..88569a4e 100644 +--- a/src/daemon/executor/container_cb/execution_extend.c ++++ b/src/daemon/executor/container_cb/execution_extend.c +@@ -1023,15 +1023,14 @@ static int update_host_config_check(container_t *cont, host_config *hostconfig) + + ret = verify_host_config_settings(hostconfig, true); + if (ret != 0) { +- goto out; ++ return -1; + } + + if (container_is_removal_in_progress(cont->state) || container_is_dead(cont->state)) { + ERROR("Container is marked for removal and cannot be \"update\"."); + isulad_set_error_message( + "Cannot update container %s: Container is marked for removal and cannot be \"update\".", id); +- ret = -1; +- goto out; ++ return -1; + } + + if (container_is_running(cont->state) && hostconfig->kernel_memory) { +@@ -1039,12 +1038,17 @@ static int update_host_config_check(container_t *cont, host_config *hostconfig) + isulad_set_error_message("Cannot update container %s: Can not update kernel memory to a running container," + " please stop it first.", + id); +- ret = -1; +- goto out; ++ return -1; + } + +-out: +- return ret; ++ if (cont->hostconfig->auto_remove && hostconfig->restart_policy != NULL && ++ hostconfig->restart_policy->name != NULL && strcmp("no", hostconfig->restart_policy->name) != 0) { ++ ERROR("Cannot update restart policy for the auto remove container %s", id); ++ isulad_set_error_message("Cannot update restart policy for the auto remove container %s", id); ++ return -1; ++ } ++ ++ return 0; + } + + static int do_update_resources(const container_update_request *request, container_t *cont) +-- +2.42.0 + diff --git a/0160-2265-use-dev-urandom-to-replace-dev-random.patch b/0160-2265-use-dev-urandom-to-replace-dev-random.patch new file mode 100644 index 0000000..3b3608e --- /dev/null +++ b/0160-2265-use-dev-urandom-to-replace-dev-random.patch @@ -0,0 +1,54 @@ +From 3720938ccd86495bf8391e9d9cdd0ac597c57c14 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Tue, 21 Nov 2023 13:46:14 +0000 +Subject: [PATCH 160/181] !2265 use /dev/urandom to replace /dev/random * use + /dev/urandom to replace /dev/random + +--- + src/cmd/isulad-shim/common.c | 2 +- + src/daemon/common/selinux_label.c | 2 +- + src/utils/cutils/utils.c | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/cmd/isulad-shim/common.c b/src/cmd/isulad-shim/common.c +index 72da932a..c88de736 100644 +--- a/src/cmd/isulad-shim/common.c ++++ b/src/cmd/isulad-shim/common.c +@@ -214,7 +214,7 @@ int generate_random_str(char *id, size_t len) + const int m = 256; + + len = len / 2; +- fd = open("/dev/random", O_RDONLY); ++ fd = open("/dev/urandom", O_RDONLY); + if (fd == -1) { + return SHIM_ERR; + } +diff --git a/src/daemon/common/selinux_label.c b/src/daemon/common/selinux_label.c +index c1c52714..7a295250 100644 +--- a/src/daemon/common/selinux_label.c ++++ b/src/daemon/common/selinux_label.c +@@ -304,7 +304,7 @@ static int get_random_value(unsigned int range, unsigned int *val) + { + int ret = 0; + int num = 0; +- int fd = open("/dev/random", O_RDONLY); ++ int fd = open("/dev/urandom", O_RDONLY); + if (fd == -1) { + ERROR("Failed to open urandom device\n"); + return -1; +diff --git a/src/utils/cutils/utils.c b/src/utils/cutils/utils.c +index 7615a94c..a994731d 100644 +--- a/src/utils/cutils/utils.c ++++ b/src/utils/cutils/utils.c +@@ -1284,7 +1284,7 @@ int util_generate_random_str(char *id, size_t len) + } + + len = len / 2; +- fd = open("/dev/random", O_RDONLY); ++ fd = open("/dev/urandom", O_RDONLY); + if (fd == -1) { + ERROR("Failed to open /dev/urandom"); + return -1; +-- +2.42.0 + diff --git a/0161-open-ENABLE_GRPC_REMOTE_CONNECT-in-CI-and-bugfix-for.patch b/0161-open-ENABLE_GRPC_REMOTE_CONNECT-in-CI-and-bugfix-for.patch new file mode 100644 index 0000000..3392735 --- /dev/null +++ b/0161-open-ENABLE_GRPC_REMOTE_CONNECT-in-CI-and-bugfix-for.patch @@ -0,0 +1,59 @@ +From a27b67a513ad2068067707243d48ac629ef577cd Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Wed, 22 Nov 2023 09:27:09 +0800 +Subject: [PATCH 161/181] open ENABLE_GRPC_REMOTE_CONNECT in CI and bugfix for + run.sh + +Signed-off-by: zhongtao +--- + CI/make-and-install.sh | 4 ++-- + CI/pr-gateway.sh | 2 +- + CI/test_cases/container_cases/run.sh | 3 ++- + 3 files changed, 5 insertions(+), 4 deletions(-) + +diff --git a/CI/make-and-install.sh b/CI/make-and-install.sh +index e714d206..08cc4520 100755 +--- a/CI/make-and-install.sh ++++ b/CI/make-and-install.sh +@@ -106,9 +106,9 @@ rm -rf build + mkdir build + cd build + if [[ ${enable_gcov} -ne 0 ]]; then +- cmake -DLIB_INSTALL_DIR=${builddir}/lib -DCMAKE_INSTALL_PREFIX=${builddir} -DCMAKE_INSTALL_SYSCONFDIR=${builddir}/etc -DCMAKE_BUILD_TYPE=Debug -DGCOV=ON -DENABLE_EMBEDDED=ON -DENABLE_COVERAGE=ON -DENABLE_UT=ON -DENABLE_METRICS=ON -DENABLE_REMOTE_LAYER_STORE=ON .. ++ cmake -DLIB_INSTALL_DIR=${builddir}/lib -DCMAKE_INSTALL_PREFIX=${builddir} -DCMAKE_INSTALL_SYSCONFDIR=${builddir}/etc -DCMAKE_BUILD_TYPE=Debug -DGCOV=ON -DENABLE_EMBEDDED=ON -DENABLE_COVERAGE=ON -DENABLE_UT=ON -DENABLE_METRICS=ON -DENABLE_REMOTE_LAYER_STORE=ON -DENABLE_GRPC_REMOTE_CONNECT=ON .. + else +- cmake -DLIB_INSTALL_DIR=${builddir}/lib -DCMAKE_INSTALL_PREFIX=${builddir} -DCMAKE_INSTALL_SYSCONFDIR=${builddir}/etc -DENABLE_EMBEDDED=ON -DENABLE_METRICS=ON -DENABLE_REMOTE_LAYER_STORE=ON .. ++ cmake -DLIB_INSTALL_DIR=${builddir}/lib -DCMAKE_INSTALL_PREFIX=${builddir} -DCMAKE_INSTALL_SYSCONFDIR=${builddir}/etc -DENABLE_EMBEDDED=ON -DENABLE_METRICS=ON -DENABLE_REMOTE_LAYER_STORE=ON -DENABLE_GRPC_REMOTE_CONNECT=ON .. + fi + make -j $(nproc) + make install +diff --git a/CI/pr-gateway.sh b/CI/pr-gateway.sh +index 8223ddf5..3dbdd887 100755 +--- a/CI/pr-gateway.sh ++++ b/CI/pr-gateway.sh +@@ -112,7 +112,7 @@ pushd iSulad + rm -rf build + mkdir build + pushd build +-cmake -DDEBUG=ON -DCMAKE_INSTALL_PREFIX=/usr -DENABLE_UT=ON -DENABLE_REMOTE_LAYER_STORE=ON -DENABLE_SHIM_V2=OFF ../ || exit 1 ++cmake -DDEBUG=ON -DCMAKE_INSTALL_PREFIX=/usr -DENABLE_UT=ON -DENABLE_REMOTE_LAYER_STORE=ON -DENABLE_SHIM_V2=OFF -DENABLE_GRPC_REMOTE_CONNECT=ON ../ || exit 1 + make -j $(nproc) || exit 1 + ctest -V + popd +diff --git a/CI/test_cases/container_cases/run.sh b/CI/test_cases/container_cases/run.sh +index 1dea51ab..80485457 100755 +--- a/CI/test_cases/container_cases/run.sh ++++ b/CI/test_cases/container_cases/run.sh +@@ -29,7 +29,8 @@ function do_test_t() + + tid=$(isula run --name $containername -td busybox) + hostname=$(isula exec -it $containername hostname) +- fn_check_eq "${hostname}" "${tid:0:12}" "default hostname is not id of container" ++ clean_hostname=$(echo "$hostname" | sed 's/[\x01-\x1F\x7F]//g') ++ fn_check_eq "${clean_hostname}" "${tid:0:12}" "default hostname is not id of container" + isula exec -it $containername env | grep HOSTNAME + fn_check_eq "$?" "0" "check HOSTNAME env failed" + isula stop -t 0 $tid +-- +2.42.0 + diff --git a/0162-2274-bugfix-for-rt_lcr_rebuild_config.patch b/0162-2274-bugfix-for-rt_lcr_rebuild_config.patch new file mode 100644 index 0000000..25851fc --- /dev/null +++ b/0162-2274-bugfix-for-rt_lcr_rebuild_config.patch @@ -0,0 +1,45 @@ +From 12241c3a2bd69e6cf31c0ea686e97c0387031ced Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Fri, 24 Nov 2023 08:10:53 +0000 +Subject: [PATCH 162/181] !2274 bugfix for rt_lcr_rebuild_config * bugfix for + rt_lcr_rebuild_config + +--- + src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c +index 2bd8e686..a937e1b2 100644 +--- a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c ++++ b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c +@@ -776,6 +776,7 @@ int rt_lcr_rebuild_config(const char *name, const char *runtime, const rt_rebuil + { + int ret = -1; + int nret = 0; ++ bool rebuild_success = false; + char config_file[PATH_MAX] = { 0 }; + char bak_config_file[PATH_MAX] = { 0 }; + char oci_config_file[PATH_MAX] = { 0 }; +@@ -825,8 +826,8 @@ int rt_lcr_rebuild_config(const char *name, const char *runtime, const rt_rebuil + goto out; + } + +- nret = engine_ops->engine_create_op(name, params->rootpath, (void *)oci_spec); +- if (nret != 0) { ++ rebuild_success = engine_ops->engine_create_op(name, params->rootpath, (void *)oci_spec); ++ if (!rebuild_success) { + // delete the invalid config file to prevent rename failed + if (util_fileself_exists(config_file) && util_path_remove(config_file) != 0) { + WARN("Failed to remove bak_config_file for container %s", name); +@@ -835,7 +836,7 @@ int rt_lcr_rebuild_config(const char *name, const char *runtime, const rt_rebuil + WARN("Failed to rename backup old config to config for container %s", name); + } + } +- ret = nret != 0 ? -1 : 0; ++ ret = rebuild_success ? 0 : -1; + + out: + if (engine_ops != NULL && engine_ops->engine_clear_errmsg_op != NULL) { +-- +2.42.0 + diff --git a/0163-use-RAND_bytes-to-replace-dev-urandom.patch b/0163-use-RAND_bytes-to-replace-dev-urandom.patch new file mode 100644 index 0000000..0f356ac --- /dev/null +++ b/0163-use-RAND_bytes-to-replace-dev-urandom.patch @@ -0,0 +1,85 @@ +From ba57a3d8c0c26b3792b2daa191a6e76fa546a25d Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Sat, 25 Nov 2023 22:25:03 +1400 +Subject: [PATCH 163/181] use RAND_bytes to replace /dev/urandom + +Signed-off-by: zhongtao +--- + src/utils/cutils/utils.c | 25 +++++++++---------------- + src/utils/cutils/utils.h | 2 ++ + 2 files changed, 11 insertions(+), 16 deletions(-) + +diff --git a/src/utils/cutils/utils.c b/src/utils/cutils/utils.c +index a994731d..46a478b6 100644 +--- a/src/utils/cutils/utils.c ++++ b/src/utils/cutils/utils.c +@@ -37,6 +37,7 @@ + #include // IWYU pragma: keep + #include + #include ++#include + + #include "isula_libutils/log.h" + #include "isula_libutils/json_common.h" +@@ -1274,37 +1275,29 @@ void util_usleep_nointerupt(unsigned long usec) + + int util_generate_random_str(char *id, size_t len) + { +- int fd = -1; +- int num = 0; ++#define MAX_RANDOM_BYTES_LEN 100 + size_t i; +- const int m = 256; ++ unsigned char random_bytes[MAX_RANDOM_BYTES_LEN] = { 0 }; ++ len = len / 2; + +- if (id == NULL) { ++ if (id == NULL || len > MAX_RANDOM_BYTES_LEN) { ++ ERROR("Invalid id or len"); + return -1; + } + +- len = len / 2; +- fd = open("/dev/urandom", O_RDONLY); +- if (fd == -1) { +- ERROR("Failed to open /dev/urandom"); ++ if (RAND_bytes((unsigned char *)random_bytes, len) != 1) { ++ ERROR("Failed to get random bytes by RAND_bytes"); + return -1; + } + for (i = 0; i < len; i++) { + int nret; +- if (util_read_nointr(fd, &num, sizeof(int)) < 0) { +- ERROR("Failed to read urandom value"); +- close(fd); +- return -1; +- } +- unsigned char rs = (unsigned char)(num % m); ++ unsigned char rs = random_bytes[i]; + nret = snprintf((id + i * 2), ((len - i) * 2 + 1), "%02x", (unsigned int)rs); + if (nret < 0 || (size_t)nret >= ((len - i) * 2 + 1)) { + ERROR("Failed to snprintf random string"); +- close(fd); + return -1; + } + } +- close(fd); + id[i * 2] = '\0'; + return 0; + } +diff --git a/src/utils/cutils/utils.h b/src/utils/cutils/utils.h +index bb510062..5a1592fd 100644 +--- a/src/utils/cutils/utils.h ++++ b/src/utils/cutils/utils.h +@@ -375,6 +375,8 @@ int util_input_noecho(char *buf, size_t maxlen); + + void util_usleep_nointerupt(unsigned long usec); + ++// id : random string, notice: the length of id needs to be len + 1 ++// len : the length of the random string that needs to be generated, notice: len needs to be an even number + int util_generate_random_str(char *id, size_t len); + + int util_check_inherited_exclude_fds(bool closeall, int *fds_to_ignore, size_t len_fds); +-- +2.42.0 + diff --git a/0164-fix-the-problem-of-abnormal-branches-not-waiting-for.patch b/0164-fix-the-problem-of-abnormal-branches-not-waiting-for.patch new file mode 100644 index 0000000..4c55892 --- /dev/null +++ b/0164-fix-the-problem-of-abnormal-branches-not-waiting-for.patch @@ -0,0 +1,153 @@ +From e22eda3552702f1984a3d0c79ba62673bf597e15 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Mon, 27 Nov 2023 14:52:43 +0800 +Subject: [PATCH 164/181] fix the problem of abnormal branches not waiting for + child processes + +Signed-off-by: zhongtao +--- + src/cmd/isulad-shim/common.c | 6 +++--- + src/cmd/isulad-shim/process.c | 14 ++++++++------ + src/daemon/modules/runtime/isula/isula_rt_ops.c | 16 ++++++++++------ + src/daemon/modules/runtime/shim/shim_rt_ops.c | 15 +++++++++------ + 4 files changed, 30 insertions(+), 21 deletions(-) + +diff --git a/src/cmd/isulad-shim/common.c b/src/cmd/isulad-shim/common.c +index c88de736..4a84cf40 100644 +--- a/src/cmd/isulad-shim/common.c ++++ b/src/cmd/isulad-shim/common.c +@@ -193,12 +193,12 @@ int cmd_combined_output(const char *binary, const char *params[], void *output, + } + *output_len = read_nointr(stdio[0], output, BUFSIZ - 1); + +- close(stdio[0]); +- close(exec_fd[0]); +- wait(&status); + ret = SHIM_OK; + + out: ++ close(stdio[0]); ++ close(exec_fd[0]); ++ wait(&status); + if (ret != SHIM_OK) { + kill(pid, 9); + } +diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c +index a91c3c16..df6b7599 100644 +--- a/src/cmd/isulad-shim/process.c ++++ b/src/cmd/isulad-shim/process.c +@@ -1079,7 +1079,7 @@ static void exec_runtime_process(process_t *p, int exec_fd) + const char *params[MAX_RUNTIME_ARGS] = { 0 }; + get_runtime_cmd(p, log_path, pid_path, process_desc, params); + execvp(p->runtime, (char * const *)params); +- (void)dprintf(exec_fd, "fork/exec error: %s", strerror(errno)); ++ (void)dprintf(exec_fd, "run process: %s error: %s", p->runtime, strerror(errno)); + _exit(EXIT_FAILURE); + } + +@@ -1117,11 +1117,6 @@ int create_process(process_t *p) + close_fd(&p->stdio->resize); + } + nread = read_nointr(exec_fd[0], exec_buff, sizeof(exec_buff) - 1); +- if (nread > 0) { +- write_message(ERR_MSG, "runtime error"); +- ret = SHIM_ERR; +- goto out; +- } + + /* block to wait runtime pid exit */ + ret = waitpid(pid, NULL, 0); +@@ -1131,6 +1126,13 @@ int create_process(process_t *p) + goto out; + } + ++ // if an error occurs in exec_runtime_process, jump directly to the out branch after waitpid. ++ if (nread > 0) { ++ write_message(ERR_MSG, "%s", exec_buff); ++ ret = SHIM_ERR; ++ goto out; ++ } ++ + /* save runtime pid */ + data = read_text_file("pid"); + if (data == NULL) { +diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c +index f058ce84..c9e590b9 100644 +--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c ++++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c +@@ -837,17 +837,13 @@ realexec: + } + + execvp(SHIM_BINARY, (char * const *)params); +- (void)dprintf(shim_stderr_pipe[1], "exec failed: %s", strerror(errno)); ++ (void)dprintf(shim_stderr_pipe[1], "run process: %s failed: %s", SHIM_BINARY, strerror(errno)); ++ exit(EXIT_FAILURE); + } + + close(shim_stderr_pipe[1]); + close(shim_stdout_pipe[1]); + num = util_read_nointr(shim_stderr_pipe[0], exec_buff, sizeof(exec_buff) - 1); +- if (num > 0) { +- ERROR("Exec failed: %s", exec_buff); +- ret = -1; +- goto out; +- } + + status = util_wait_for_pid_status(pid); + if (status < 0) { +@@ -856,6 +852,14 @@ realexec: + goto out; + } + ++ // if failed to exec, jump directly to the out branch after waitpid. ++ if (num > 0) { ++ ERROR("%s", exec_buff); ++ isulad_set_error_message("%s", exec_buff); ++ ret = -1; ++ goto out; ++ } ++ + *shim_exit_code = status_to_exit_code(status); + if (*shim_exit_code != 0) { + ERROR("Isulad-shim exit error"); +diff --git a/src/daemon/modules/runtime/shim/shim_rt_ops.c b/src/daemon/modules/runtime/shim/shim_rt_ops.c +index 230c627a..459a870d 100644 +--- a/src/daemon/modules/runtime/shim/shim_rt_ops.c ++++ b/src/daemon/modules/runtime/shim/shim_rt_ops.c +@@ -183,17 +183,13 @@ static int shim_bin_v2_create(const char *runtime, const char *id, const char *w + } + + execvp(binary, (char * const *)params); +- (void)dprintf(exec_fd[1], "exec failed: %s", strerror(errno)); ++ (void)dprintf(exec_fd[1], "run process: %s failed: %s", binary, strerror(errno)); + exit(EXIT_FAILURE); + } + + close(exec_fd[1]); + exec_fd[1] = -1; +- if (util_read_nointr(exec_fd[0], exec_buff, sizeof(exec_buff) - 1) > 0) { +- ERROR("exec failed: %s", exec_buff); +- ret = -1; +- goto out; +- } ++ nret = util_read_nointr(exec_fd[0], exec_buff, sizeof(exec_buff) - 1); + close(exec_fd[0]); + exec_fd[0] = -1; + +@@ -204,6 +200,13 @@ static int shim_bin_v2_create(const char *runtime, const char *id, const char *w + goto out; + } + ++ // if failed to exec, jump directly to the out branch after waitpid. ++ if (nret > 0) { ++ ERROR("%s", exec_buff); ++ ret = -1; ++ goto out; ++ } ++ + status = status_to_exit_code(status); + + close(out_fd[1]); +-- +2.42.0 + diff --git a/0165-2286-bugfix-for-the-bliko-zero-value-exception-when-.patch b/0165-2286-bugfix-for-the-bliko-zero-value-exception-when-.patch new file mode 100644 index 0000000..a659871 --- /dev/null +++ b/0165-2286-bugfix-for-the-bliko-zero-value-exception-when-.patch @@ -0,0 +1,86 @@ +From ff812d0b1c2f87b873652c2b366ea4025ee2d15f Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Wed, 29 Nov 2023 09:33:32 +0000 +Subject: [PATCH 165/181] =?UTF-8?q?!2286=20bugfix=20for=20the=20bliko=20ze?= + =?UTF-8?q?ro=20value=20exception=20when=20executing=20the=20stats=20comma?= + =?UTF-8?q?nd=20on=20the=20oci=20container=20*=20bugfix=20for=20the=20blik?= + =?UTF-8?q?o=20zero=20value=20exception=20when=20executing=20the=20stats?= + =?UTF-8?q?=20com=E2=80=A6?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +--- + .../modules/runtime/isula/isula_rt_ops.c | 49 +++++++++++++------ + 1 file changed, 35 insertions(+), 14 deletions(-) + +diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c +index c9e590b9..753816f5 100644 +--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c ++++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c +@@ -562,6 +562,40 @@ out: + return ret; + } + ++static void transform_stats_info_from_runtime(shim_client_runtime_stats *stats, struct runtime_container_resources_stats_info *info) ++{ ++ if (stats == NULL || stats->data == NULL) { ++ return; ++ } ++ if (stats->data->pids != NULL) { ++ info->pids_current = stats->data->pids->current; ++ } ++ if (stats->data->cpu != NULL && stats->data->cpu->usage != NULL) { ++ info->cpu_use_nanos = stats->data->cpu->usage->total; ++ info->cpu_system_use = stats->data->cpu->usage->kernel; ++ } ++ shim_client_runtime_stats_data_memory *memory = stats->data->memory; ++ if (memory != NULL && memory->usage != NULL) { ++ info->mem_used = memory->usage->usage; ++ info->mem_limit = memory->usage->limit; ++ } ++ if (memory != NULL && memory->raw != NULL) { ++ info->inactive_file_total = memory->raw->total_inactive_file; ++ } ++ shim_client_runtime_stats_data_blkio *blkio = stats->data->blkio; ++ if (blkio == NULL) { ++ return; ++ } ++ for (size_t i = 0; i < blkio->io_service_bytes_recursive_len; i++) { ++ if (strcasecmp(blkio->io_service_bytes_recursive[i]->op, "read") == 0) { ++ info->blkio_read += blkio->io_service_bytes_recursive[i]->value; ++ } ++ if (strcasecmp(blkio->io_service_bytes_recursive[i]->op, "write") == 0) { ++ info->blkio_write += blkio->io_service_bytes_recursive[i]->value; ++ } ++ } ++} ++ + static int runtime_call_stats(const char *workdir, const char *runtime, const char *id, + struct runtime_container_resources_stats_info *info) + { +@@ -601,20 +635,7 @@ static int runtime_call_stats(const char *workdir, const char *runtime, const ch + goto out; + } + +- if (stats != NULL && stats->data != NULL && stats->data->pids != NULL) { +- info->pids_current = stats->data->pids->current; +- } +- if (stats != NULL && stats->data != NULL && stats->data->cpu != NULL && stats->data->cpu->usage) { +- info->cpu_use_nanos = stats->data->cpu->usage->total; +- info->cpu_system_use = stats->data->cpu->usage->kernel; +- } +- if (stats != NULL && stats->data != NULL && stats->data->memory != NULL && stats->data->memory->usage) { +- info->mem_used = stats->data->memory->usage->usage; +- info->mem_limit = stats->data->memory->usage->limit; +- } +- if (stats != NULL && stats->data != NULL && stats->data->memory != NULL && stats->data->memory->raw) { +- info->inactive_file_total = stats->data->memory->raw->total_inactive_file; +- } ++ transform_stats_info_from_runtime(stats, info); + + out: + free_shim_client_runtime_stats(stats); +-- +2.42.0 + diff --git a/0166-move-variable-declaration-out-of-loop.patch b/0166-move-variable-declaration-out-of-loop.patch new file mode 100644 index 0000000..1780cbf --- /dev/null +++ b/0166-move-variable-declaration-out-of-loop.patch @@ -0,0 +1,34 @@ +From 1061fd5a54ef850aa1873eb128f4b1eb938d41d2 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Thu, 30 Nov 2023 16:02:44 +1400 +Subject: [PATCH 166/181] move variable declaration out of loop + +Signed-off-by: zhongtao +--- + src/daemon/modules/runtime/isula/isula_rt_ops.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c +index 753816f5..6a5e0125 100644 +--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c ++++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c +@@ -564,6 +564,7 @@ out: + + static void transform_stats_info_from_runtime(shim_client_runtime_stats *stats, struct runtime_container_resources_stats_info *info) + { ++ size_t i; + if (stats == NULL || stats->data == NULL) { + return; + } +@@ -586,7 +587,7 @@ static void transform_stats_info_from_runtime(shim_client_runtime_stats *stats, + if (blkio == NULL) { + return; + } +- for (size_t i = 0; i < blkio->io_service_bytes_recursive_len; i++) { ++ for (i = 0; i < blkio->io_service_bytes_recursive_len; i++) { + if (strcasecmp(blkio->io_service_bytes_recursive[i]->op, "read") == 0) { + info->blkio_read += blkio->io_service_bytes_recursive[i]->value; + } +-- +2.42.0 + diff --git a/0167-fix-error-for-cat-bigdata-in-oci-runtime.patch b/0167-fix-error-for-cat-bigdata-in-oci-runtime.patch new file mode 100644 index 0000000..9cc0940 --- /dev/null +++ b/0167-fix-error-for-cat-bigdata-in-oci-runtime.patch @@ -0,0 +1,33 @@ +From a83cc7ff8abaec249054b18e86d5e0ade3825f77 Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Mon, 6 Nov 2023 19:46:25 +0800 +Subject: [PATCH 167/181] fix error for cat bigdata in oci runtime + +Signed-off-by: haozi007 +--- + src/cmd/isulad-shim/process.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c +index df6b7599..38b3a1a1 100644 +--- a/src/cmd/isulad-shim/process.c ++++ b/src/cmd/isulad-shim/process.c +@@ -411,9 +411,12 @@ static stdio_t *initialize_io(process_t *p) + goto failure; + } + +- /* don't open resize pipe */ +- if ((pipe2(stdio_fd[0], O_CLOEXEC | O_NONBLOCK) != 0) || (pipe2(stdio_fd[1], O_CLOEXEC | O_NONBLOCK) != 0) || +- (pipe2(stdio_fd[2], O_CLOEXEC | O_NONBLOCK) != 0)) { ++ /* ++ * don't open resize pipe; ++ * stdio pipes must not set to non-block, because 'cat big-file' will failed; ++ */ ++ if ((pipe2(stdio_fd[0], O_CLOEXEC) != 0) || (pipe2(stdio_fd[1], O_CLOEXEC) != 0) || ++ (pipe2(stdio_fd[2], O_CLOEXEC) != 0)) { + write_message(ERR_MSG, "open pipe failed when init io:%d", SHIM_SYS_ERR(errno)); + goto failure; + } +-- +2.42.0 + diff --git a/0168-use-a-timeout-epoll-loop-to-ensure-complete-data-rec.patch b/0168-use-a-timeout-epoll-loop-to-ensure-complete-data-rec.patch new file mode 100644 index 0000000..6443e88 --- /dev/null +++ b/0168-use-a-timeout-epoll-loop-to-ensure-complete-data-rec.patch @@ -0,0 +1,221 @@ +From 949dcd4fc3f09d44e102b3319917108879278baa Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Fri, 1 Dec 2023 22:30:06 +1400 +Subject: [PATCH 168/181] use a timeout epoll loop to ensure complete data + reception + +Signed-off-by: zhongtao +--- + src/cmd/isulad-shim/process.c | 121 +++++++--------------------------- + src/cmd/isulad-shim/process.h | 1 - + 2 files changed, 24 insertions(+), 98 deletions(-) + +diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c +index 38b3a1a1..c205302f 100644 +--- a/src/cmd/isulad-shim/process.c ++++ b/src/cmd/isulad-shim/process.c +@@ -162,6 +162,7 @@ out: + + static int sync_exit_cb(int fd, uint32_t events, void *cbdata, struct epoll_descr *descr) + { ++ epoll_loop_del_handler(descr, fd); + return EPOLL_LOOP_HANDLE_CLOSE; + } + +@@ -213,23 +214,13 @@ static int stdout_cb(int fd, uint32_t events, void *cbdata, struct epoll_descr * + int r_count = 0; + int w_count = 0; + +- if (events & EPOLLHUP) { +- return EPOLL_LOOP_HANDLE_CLOSE; +- } +- +- if (!(events & EPOLLIN)) { +- return EPOLL_LOOP_HANDLE_CONTINUE; +- } +- + (void)memset(p->buf, 0, DEFAULT_IO_COPY_BUF); + +- if (p->block_read) { +- r_count = read_nointr(fd, p->buf, DEFAULT_IO_COPY_BUF); +- } else { +- r_count = read(fd, p->buf, DEFAULT_IO_COPY_BUF); +- } +- if (r_count <= 0) { +- return EPOLL_LOOP_HANDLE_CLOSE; ++ r_count = read_nointr(fd, p->buf, DEFAULT_IO_COPY_BUF); ++ if (r_count <= 0 ) { ++ epoll_loop_del_handler(descr, fd); ++ close(fd); ++ return EPOLL_LOOP_HANDLE_CONTINUE; + } + + shim_write_container_log_file(p->terminal, STDID_OUT, p->buf, r_count); +@@ -255,23 +246,13 @@ static int stderr_cb(int fd, uint32_t events, void *cbdata, struct epoll_descr * + int r_count = 0; + int w_count = 0; + +- if (events & EPOLLHUP) { +- return EPOLL_LOOP_HANDLE_CLOSE; +- } +- +- if (!(events & EPOLLIN)) { +- return EPOLL_LOOP_HANDLE_CONTINUE; +- } +- + (void)memset(p->buf, 0, DEFAULT_IO_COPY_BUF); + +- if (p->block_read) { +- r_count = read_nointr(fd, p->buf, DEFAULT_IO_COPY_BUF); +- } else { +- r_count = read(fd, p->buf, DEFAULT_IO_COPY_BUF); +- } +- if (r_count <= 0) { +- return EPOLL_LOOP_HANDLE_CLOSE; ++ r_count = read_nointr(fd, p->buf, DEFAULT_IO_COPY_BUF); ++ if (r_count <= 0 ) { ++ epoll_loop_del_handler(descr, fd); ++ close(fd); ++ return EPOLL_LOOP_HANDLE_CONTINUE; + } + + shim_write_container_log_file(p->terminal, STDID_ERR, p->buf, r_count); +@@ -297,18 +278,11 @@ static int resize_cb(int fd, uint32_t events, void *cbdata, struct epoll_descr * + int r_count = 0; + int resize_fd = -1; + +- if (events & EPOLLHUP) { +- return EPOLL_LOOP_HANDLE_CLOSE; +- } +- +- if (!(events & EPOLLIN)) { +- return EPOLL_LOOP_HANDLE_CONTINUE; +- } +- + (void)memset(p->buf, 0, DEFAULT_IO_COPY_BUF); + r_count = read_nointr(fd, p->buf, DEFAULT_IO_COPY_BUF); + if (r_count <= 0) { +- return EPOLL_LOOP_HANDLE_CLOSE; ++ close(fd); ++ return EPOLL_LOOP_HANDLE_CONTINUE; + } + + resize_fd = p->recv_fd; +@@ -565,24 +539,6 @@ static int open_generic_io(process_t *p, struct epoll_descr *descr) + return SHIM_OK; + } + +-static int set_non_block(int fd) +-{ +- int flag = -1; +- int ret = SHIM_ERR; +- +- flag = fcntl(fd, F_GETFL, 0); +- if (flag < 0) { +- return SHIM_ERR; +- } +- +- ret = fcntl(fd, F_SETFL, flag | O_NONBLOCK); +- if (ret != 0) { +- return SHIM_ERR; +- } +- +- return SHIM_OK; +-} +- + /* + std_id: channel type + isulad_stdio: one side of the isulad fifo file +@@ -602,8 +558,6 @@ static int set_non_block(int fd) + static void *io_epoll_loop(void *data) + { + int ret = 0; +- int fd_out = -1; +- int fd_err = -1; + process_t *p = (process_t *)data; + struct epoll_descr descr; + +@@ -632,49 +586,23 @@ static void *io_epoll_loop(void *data) + + (void)sem_post(&p->sem_mainloop); + ++ // th frist epoll_loop will exit in the following scenarios: ++ // 1. Receive sync fd event ++ // 2. stdin fd receive EPOLLHUP event ++ // 3. stdin fd read failed + ret = epoll_loop(&descr, -1); + if (ret != 0) { + write_message(ERR_MSG, "epoll loop failed"); + exit(EXIT_FAILURE); + } + +- // in order to avoid data loss, set fd non-block and read it +- p->block_read = false; +- if (p->state->terminal) { +- fd_out = p->recv_fd; +- } else { +- fd_out = p->shim_io->out; +- fd_err = p->shim_io->err; +- } +- +- if (fd_out > 0) { +- ret = set_non_block(fd_out); +- if (ret != SHIM_OK) { +- write_message(ERR_MSG, "set fd %d non_block failed:%d", fd_out, SHIM_SYS_ERR(errno)); +- exit(EXIT_FAILURE); +- } +- +- for (;;) { +- ret = stdout_cb(fd_out, EPOLLIN, p, &descr); +- if (ret == EPOLL_LOOP_HANDLE_CLOSE) { +- break; +- } +- } +- } +- +- if (fd_err > 0) { +- ret = set_non_block(fd_err); +- if (ret != SHIM_OK) { +- write_message(ERR_MSG, "set fd %d non_block failed:%d", fd_err, SHIM_SYS_ERR(errno)); +- exit(EXIT_FAILURE); +- } +- +- for (;;) { +- ret = stderr_cb(fd_err, EPOLLIN, p, &descr); +- if (ret == EPOLL_LOOP_HANDLE_CLOSE) { +- break; +- } +- } ++ // use a timeout epoll loop to ensure complete data reception ++ // th second epoll_loop will exit in the following scenarios: ++ // 1. both stdout fd and stderr fd failed to read ++ // 2. no event received within 3000 milliseconds ++ ret = epoll_loop(&descr, 3000); ++ if (ret != 0) { ++ write_message(ERR_MSG, "Repeat the epoll loop to ensure that all data is transferred"); + } + + return NULL; +@@ -850,7 +778,6 @@ process_t *new_process(char *id, char *bundle, char *runtime) + p->bundle = bundle; + p->runtime = runtime; + p->state = p_state; +- p->block_read = true; + p->console_sock_path = NULL; + p->exit_fd = -1; + p->io_loop_fd = -1; +diff --git a/src/cmd/isulad-shim/process.h b/src/cmd/isulad-shim/process.h +index 93e01e7b..29e032b0 100644 +--- a/src/cmd/isulad-shim/process.h ++++ b/src/cmd/isulad-shim/process.h +@@ -51,7 +51,6 @@ typedef struct process { + int sync_fd; + int listen_fd; + int recv_fd; +- bool block_read; + log_terminal *terminal; + stdio_t *stdio; // shim to on runtime side, in:r out/err: w + stdio_t *shim_io; // shim io on isulad side, in: w out/err: r +-- +2.42.0 + diff --git a/0169-2293-reduce-epoll-loop-timeout-time.patch b/0169-2293-reduce-epoll-loop-timeout-time.patch new file mode 100644 index 0000000..af46225 --- /dev/null +++ b/0169-2293-reduce-epoll-loop-timeout-time.patch @@ -0,0 +1,28 @@ +From 6c4bbe725a460cff7f08f2855ebdf393a6e69fa1 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Tue, 5 Dec 2023 03:35:51 +0000 +Subject: [PATCH 169/181] !2293 reduce epoll loop timeout time * reduce epoll + loop timeout time + +--- + src/cmd/isulad-shim/process.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c +index c205302f..9cd40089 100644 +--- a/src/cmd/isulad-shim/process.c ++++ b/src/cmd/isulad-shim/process.c +@@ -599,8 +599,8 @@ static void *io_epoll_loop(void *data) + // use a timeout epoll loop to ensure complete data reception + // th second epoll_loop will exit in the following scenarios: + // 1. both stdout fd and stderr fd failed to read +- // 2. no event received within 3000 milliseconds +- ret = epoll_loop(&descr, 3000); ++ // 2. no event received within 100 milliseconds ++ ret = epoll_loop(&descr, 100); + if (ret != 0) { + write_message(ERR_MSG, "Repeat the epoll loop to ensure that all data is transferred"); + } +-- +2.42.0 + diff --git a/0170-2294-keep-the-service-status-unchanged-after-iSulad-.patch b/0170-2294-keep-the-service-status-unchanged-after-iSulad-.patch new file mode 100644 index 0000000..85beda1 --- /dev/null +++ b/0170-2294-keep-the-service-status-unchanged-after-iSulad-.patch @@ -0,0 +1,31 @@ +From 95e3d13a39371bc6caea5ae34f32c9136b16f9fa Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Tue, 5 Dec 2023 11:48:18 +0000 +Subject: [PATCH 170/181] !2294 keep the service status unchanged after iSulad + service upgrade * keep the service status unchanged after iSulad service + upgrade + +--- + iSulad.spec | 6 ------ + 1 file changed, 6 deletions(-) + +diff --git a/iSulad.spec b/iSulad.spec +index 6f84273a..d3799784 100644 +--- a/iSulad.spec ++++ b/iSulad.spec +@@ -167,12 +167,6 @@ if [ -e %{_unitdir}/lcrd.service.rpmsave ]; then + mv %{_unitdir}/lcrd.service.rpmsave %{_unitdir}/isulad.service + sed -i 's/lcrd/isulad/g' %{_unitdir}/isulad.service + fi +-systemctl status isulad | grep 'Active:' | grep 'running' +-if [ $? -eq 0 ]; then +- systemctl restart isulad +-else +- systemctl start isulad +-fi + %else + /sbin/service isulad status | grep 'Active:' | grep 'running' + if [ $? -eq 0 ]; then +-- +2.42.0 + diff --git a/0171-2299-remove-close-fd-from-stdout_cb-and-stderr_cb.patch b/0171-2299-remove-close-fd-from-stdout_cb-and-stderr_cb.patch new file mode 100644 index 0000000..f33639c --- /dev/null +++ b/0171-2299-remove-close-fd-from-stdout_cb-and-stderr_cb.patch @@ -0,0 +1,33 @@ +From 65be5e53266717bd39902462e937ec2a7947b503 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Fri, 8 Dec 2023 11:03:10 +0000 +Subject: [PATCH 171/181] !2299 remove close fd from stdout_cb and stderr_cb * + remove close fd from stdout_cb and stderr_cb + +--- + src/cmd/isulad-shim/process.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c +index 9cd40089..d7127d0c 100644 +--- a/src/cmd/isulad-shim/process.c ++++ b/src/cmd/isulad-shim/process.c +@@ -219,7 +219,6 @@ static int stdout_cb(int fd, uint32_t events, void *cbdata, struct epoll_descr * + r_count = read_nointr(fd, p->buf, DEFAULT_IO_COPY_BUF); + if (r_count <= 0 ) { + epoll_loop_del_handler(descr, fd); +- close(fd); + return EPOLL_LOOP_HANDLE_CONTINUE; + } + +@@ -251,7 +250,6 @@ static int stderr_cb(int fd, uint32_t events, void *cbdata, struct epoll_descr * + r_count = read_nointr(fd, p->buf, DEFAULT_IO_COPY_BUF); + if (r_count <= 0 ) { + epoll_loop_del_handler(descr, fd); +- close(fd); + return EPOLL_LOOP_HANDLE_CONTINUE; + } + +-- +2.42.0 + diff --git a/0172-add-ut-for-devicemapper.patch b/0172-add-ut-for-devicemapper.patch new file mode 100644 index 0000000..7c3dc9c --- /dev/null +++ b/0172-add-ut-for-devicemapper.patch @@ -0,0 +1,859 @@ +From f986c26c22c5c23f34da4d5189221719fd13b220 Mon Sep 17 00:00:00 2001 +From: jikai +Date: Wed, 22 Nov 2023 22:05:04 +0800 +Subject: [PATCH 172/181] add ut for devicemapper + +Signed-off-by: jikai +--- + test/image/oci/storage/layers/CMakeLists.txt | 2 + + .../storage/layers/devmapper/CMakeLists.txt | 75 ++++ + ...9702e4bd316dd50ae85467b0378a419b23b60ba73d | 6 + + ...a9fb83febf6dc0b1548dfe896161533668281c9f4f | 6 + + ...0a625721fdbea5c94ca6da897acdd814d710149770 | 6 + + .../devmapper/data/devicemapper/metadata/base | 7 + + .../devicemapper/metadata/deviceset-metadata | 5 + + .../metadata/transaction-metadata | 5 + + .../id | 1 + + .../layers/devmapper/driver_devmapper_ut.cc | 390 ++++++++++++++++++ + test/mocks/libdevmapper_mock.cc | 191 +++++++++ + test/mocks/libdevmapper_mock.h | 52 +++ + 12 files changed, 746 insertions(+) + create mode 100644 test/image/oci/storage/layers/devmapper/CMakeLists.txt + create mode 100644 test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/068615102be4457b22d40c9702e4bd316dd50ae85467b0378a419b23b60ba73d + create mode 100644 test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f + create mode 100644 test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/ba0dae6243cc9fa2890df40a625721fdbea5c94ca6da897acdd814d710149770 + create mode 100644 test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/base + create mode 100644 test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/deviceset-metadata + create mode 100644 test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/transaction-metadata + create mode 100644 test/image/oci/storage/layers/devmapper/data/devicemapper/mnt/068615102be4457b22d40c9702e4bd316dd50ae85467b0378a419b23b60ba73d/id + create mode 100644 test/image/oci/storage/layers/devmapper/driver_devmapper_ut.cc + create mode 100644 test/mocks/libdevmapper_mock.cc + create mode 100644 test/mocks/libdevmapper_mock.h + +diff --git a/test/image/oci/storage/layers/CMakeLists.txt b/test/image/oci/storage/layers/CMakeLists.txt +index 330a8306..df1ef7d3 100644 +--- a/test/image/oci/storage/layers/CMakeLists.txt ++++ b/test/image/oci/storage/layers/CMakeLists.txt +@@ -1,5 +1,7 @@ + project(iSulad_UT) + ++add_subdirectory(devmapper) ++ + # storage_driver_ut + SET(DRIVER_EXE storage_driver_ut) + +diff --git a/test/image/oci/storage/layers/devmapper/CMakeLists.txt b/test/image/oci/storage/layers/devmapper/CMakeLists.txt +new file mode 100644 +index 00000000..e6ba0307 +--- /dev/null ++++ b/test/image/oci/storage/layers/devmapper/CMakeLists.txt +@@ -0,0 +1,75 @@ ++project(iSulad_UT) ++ ++# driver_devmapper_ut ++SET(DRIVER_DEVMAPPER_EXE driver_devmapper_ut) ++ ++add_executable(${DRIVER_DEVMAPPER_EXE} ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/utils.c ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/utils_regex.c ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/utils_verify.c ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/utils_array.c ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/utils_string.c ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/utils_convert.c ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/utils_file.c ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/utils_fs.c ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/util_atomic.c ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/utils_base64.c ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/utils_timestamp.c ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/path.c ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/map/map.c ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/map/rb_tree.c ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/buffer/buffer.c ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/tar/util_archive.c ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/tar/util_gzip.c ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/sha256/sha256.c ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/config/daemon_arguments.c ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/common/err_msg.c ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/common/selinux_label.c ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/metadata_store.c ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.c ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../mocks/libdevmapper_mock.cc ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../mocks/isulad_config_mock.cc ++ driver_devmapper_ut.cc) ++ ++target_include_directories(${DRIVER_DEVMAPPER_EXE} PUBLIC ++ ${GTEST_INCLUDE_DIR} ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../include ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/common ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/tar ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/map ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/sha256 ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/console ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/buffer ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/config ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/common ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/api ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2 ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/remote_layer_support ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../mocks ++ ) ++ ++set_target_properties(${DRIVER_DEVMAPPER_EXE} PROPERTIES LINK_FLAGS "-Wl,--wrap,util_exec_cmd -Wl,--wrap,util_mount -Wl,--wrap,umount2 -Wl,--wrap,archive_unpack") ++ ++target_link_libraries(${DRIVER_DEVMAPPER_EXE} ++ ${GTEST_BOTH_LIBRARIES} ++ ${GMOCK_LIBRARY} ++ ${GMOCK_MAIN_LIBRARY} ++ ${CMAKE_THREAD_LIBS_INIT} ++ ${ISULA_LIBUTILS_LIBRARY} ++ ${LIBTAR_LIBRARY} ++ -lcrypto -lyajl -larchive ${SELINUX_LIBRARY} -lz -lcap) ++ ++add_test(NAME ${DRIVER_DEVMAPPER_EXE} COMMAND ${DRIVER_DEVMAPPER_EXE} --gtest_output=xml:${DRIVER_DEVMAPPER_EXE}-Results.xml) ++set_tests_properties(${DRIVER_DEVMAPPER_EXE} PROPERTIES TIMEOUT 120) +diff --git a/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/068615102be4457b22d40c9702e4bd316dd50ae85467b0378a419b23b60ba73d b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/068615102be4457b22d40c9702e4bd316dd50ae85467b0378a419b23b60ba73d +new file mode 100644 +index 00000000..f51ae926 +--- /dev/null ++++ b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/068615102be4457b22d40c9702e4bd316dd50ae85467b0378a419b23b60ba73d +@@ -0,0 +1,6 @@ ++{ ++ "hash": "068615102be4457b22d40c9702e4bd316dd50ae85467b0378a419b23b60ba73d", ++ "device_id": 6, ++ "size": 10737418240, ++ "transaction_id": 8 ++} +diff --git a/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f +new file mode 100644 +index 00000000..de727a79 +--- /dev/null ++++ b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f +@@ -0,0 +1,6 @@ ++{ ++ "hash": "3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f", ++ "device_id": 4, ++ "size": 10737418240, ++ "transaction_id": 4 ++} +diff --git a/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/ba0dae6243cc9fa2890df40a625721fdbea5c94ca6da897acdd814d710149770 b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/ba0dae6243cc9fa2890df40a625721fdbea5c94ca6da897acdd814d710149770 +new file mode 100644 +index 00000000..e1e8988e +--- /dev/null ++++ b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/ba0dae6243cc9fa2890df40a625721fdbea5c94ca6da897acdd814d710149770 +@@ -0,0 +1,6 @@ ++{ ++ "hash": "ba0dae6243cc9fa2890df40a625721fdbea5c94ca6da897acdd814d710149770", ++ "device_id": 2, ++ "size": 10737418240, ++ "transaction_id": 2 ++} +diff --git a/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/base b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/base +new file mode 100644 +index 00000000..2412113d +--- /dev/null ++++ b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/base +@@ -0,0 +1,7 @@ ++{ ++ "hash": "base", ++ "device_id": 1, ++ "size": 10737418240, ++ "transaction_id": 1, ++ "initialized": true ++} +diff --git a/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/deviceset-metadata b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/deviceset-metadata +new file mode 100644 +index 00000000..94f7a6a3 +--- /dev/null ++++ b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/deviceset-metadata +@@ -0,0 +1,5 @@ ++{ ++ "next_device_id": 7, ++ "BaseDeviceFilesystem": "ext4", ++ "BaseDeviceUUID": "4fa22307-0c88-4fa4-8f16-a9459e9cbc4a" ++} +diff --git a/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/transaction-metadata b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/transaction-metadata +new file mode 100644 +index 00000000..a011249a +--- /dev/null ++++ b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/transaction-metadata +@@ -0,0 +1,5 @@ ++{ ++ "open_transaction_id": 8, ++ "device_hash": "068615102be4457b22d40c9702e4bd316dd50ae85467b0378a419b23b60ba73d", ++ "device_id": 6 ++} +diff --git a/test/image/oci/storage/layers/devmapper/data/devicemapper/mnt/068615102be4457b22d40c9702e4bd316dd50ae85467b0378a419b23b60ba73d/id b/test/image/oci/storage/layers/devmapper/data/devicemapper/mnt/068615102be4457b22d40c9702e4bd316dd50ae85467b0378a419b23b60ba73d/id +new file mode 100644 +index 00000000..5e6b1b2a +--- /dev/null ++++ b/test/image/oci/storage/layers/devmapper/data/devicemapper/mnt/068615102be4457b22d40c9702e4bd316dd50ae85467b0378a419b23b60ba73d/id +@@ -0,0 +1 @@ ++3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f +\ No newline at end of file +diff --git a/test/image/oci/storage/layers/devmapper/driver_devmapper_ut.cc b/test/image/oci/storage/layers/devmapper/driver_devmapper_ut.cc +new file mode 100644 +index 00000000..088aa4d4 +--- /dev/null ++++ b/test/image/oci/storage/layers/devmapper/driver_devmapper_ut.cc +@@ -0,0 +1,390 @@ ++/****************************************************************************** ++ * Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved. ++ * iSulad licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ * Author: jikai ++ * Create: 2023-11-22 ++ * Description: provide oci storage driver unit test for devmapper ++ ******************************************************************************/ ++ ++#include ++#include ++ ++#include "driver.h" ++#include "driver_devmapper.h" ++#include "driver_overlay2.h" ++#include "mock.h" ++#include "path.h" ++#include "utils.h" ++#include "util_archive.h" ++#include "libdevmapper_mock.h" ++#include "isulad_config_mock.h" ++#include "wrapper_devmapper.h" ++ ++using ::testing::Invoke; ++using ::testing::NiceMock; ++using ::testing::Return; ++using ::testing::_; ++ ++extern "C" { ++ DECLARE_WRAPPER_V(util_exec_cmd, bool, (exec_func_t cb_func, void *args, const char *stdin_msg, char **stdout_msg, char **stderr_msg)); ++ DEFINE_WRAPPER_V(util_exec_cmd, bool, (exec_func_t cb_func, void *args, const char *stdin_msg, char **stdout_msg, char **stderr_msg), ++ (cb_func, args, stdin_msg, stdout_msg, stderr_msg)); ++ ++ DECLARE_WRAPPER(util_mount, int, (const char *src, const char *dst, const char *mtype, const char *mntopts)); ++ DEFINE_WRAPPER(util_mount, int, (const char *src, const char *dst, const char *mtype, const char *mntopts), (src, dst, mtype, mntopts)); ++ ++ DECLARE_WRAPPER(umount2, int, (const char *__special_file, int __flags)); ++ DEFINE_WRAPPER(umount2, int, (const char *__special_file, int __flags), (__special_file, __flags)); ++ ++ DECLARE_WRAPPER(archive_unpack, int, (const io_read_wrapper *content, const char *dstdir, const archive_options *options, ++ const char *root_dir, char **errmsg)); ++ DEFINE_WRAPPER(archive_unpack, int, (const io_read_wrapper *content, const char *dstdir, const archive_options *options, ++ const char *root_dir, char **errmsg), ++ (content, dstdir, options, root_dir, errmsg)); ++} ++ ++static std::string GetDirectory() ++{ ++ char abs_path[PATH_MAX] { 0x00 }; ++ int ret = readlink("/proc/self/exe", abs_path, sizeof(abs_path)); ++ if (ret < 0 || static_cast(ret) >= sizeof(abs_path)) { ++ return ""; ++ } ++ ++ for (int i { ret }; i >= 0; --i) { ++ if (abs_path[i] == '/') { ++ abs_path[i + 1] = '\0'; ++ break; ++ } ++ } ++ ++ return static_cast(abs_path) + "../../../../../../../test/image/oci/storage/layers/devmapper"; ++} ++ ++static bool invokeUtilExecCmd(exec_func_t cb_func, void *args, const char *stdin_msg, char **stdout_msg, char **stderr_msg) ++{ ++ if (cb_func == nullptr || args == nullptr || stdout_msg == nullptr || stderr_msg == nullptr) { ++ return false; ++ } ++ ++ char **tmp_args = static_cast(args); ++ ++ if (util_array_len((const char **)tmp_args) < 1) { ++ return false; ++ } ++ ++ if (strcmp(tmp_args[0], "blkid") == 0) { ++ *stdout_msg = util_strdup_s("4fa22307-0c88-4fa4-8f16-a9459e9cbc4a"); ++ } ++ return true; ++} ++ ++static struct dm_task *invokeDMTaskCreate(int type) { ++ return static_cast(util_common_calloc_s(sizeof(0))); ++} ++ ++static void invokeDMTaskDestroy(struct dm_task *task) { ++ free(task); ++ return; ++} ++ ++static int invokeDMTaskGetDriverVersion(struct dm_task *task, char *version, size_t size) { ++ if (task == nullptr || version == nullptr || strncpy(version, "4.27.0", size) == NULL) { ++ return 0; ++ } ++ ++ return 1; ++} ++ ++static int invokeDMTaskGetInfo(struct dm_task *task, struct dm_info *dmi) { ++ if (task == nullptr || dmi == nullptr) { ++ return 0; ++ } ++ ++ dmi->exists = 1; ++ return 1; ++} ++ ++static void *invokeDMGetNextTarget(struct dm_task *task, void *next, uint64_t *start, uint64_t *length, ++ char **target_type, char **params) { ++ static char type[] = "thin-pool"; ++ static char par[] = "0 0/1024 0/1024"; ++ if (target_type) { ++ *target_type = type; ++ } ++ if (params) { ++ *params = par; ++ } ++ return nullptr; ++} ++ ++class DriverDevmapperUnitTest : public testing::Test { ++protected: ++ void SetUp() override ++ { ++ MockLibdevmapper_SetMock(&m_libdevmapper_mock); ++ MockIsuladConf_SetMock(&m_isulad_conf_mock); ++ std::string isulad_dir { "/tmp/isulad/" }; ++ mkdir(isulad_dir.c_str(), 0755); ++ std::string root_dir = isulad_dir + "data"; ++ std::string run_dir = isulad_dir + "data/run"; ++ std::string data_dir = GetDirectory() + "/data"; ++ std::string driver_home = root_dir + "/devicemapper"; ++ ++ ASSERT_STRNE(util_clean_path(data_dir.c_str(), data_path, sizeof(data_path)), nullptr); ++ std::string cp_command = "cp -r " + std::string(data_path) + " " + isulad_dir; ++ ASSERT_EQ(system(cp_command.c_str()), 0); ++ ++ opts = (struct storage_module_init_options *)util_common_calloc_s(sizeof(struct storage_module_init_options)); ++ opts->storage_root = strdup(root_dir.c_str()); ++ opts->storage_run_root = strdup(run_dir.c_str()); ++ opts->driver_name = strdup("devicemapper"); ++ opts->driver_opts = (char **)util_common_calloc_s(6 * sizeof(char *)); ++ opts->driver_opts[0] = strdup("dm.thinpooldev=/dev/mapper/isulad0-thinpool"); ++ opts->driver_opts[1] = strdup("dm.fs=ext4"); ++ opts->driver_opts[2] = strdup("dm.min_free_space=10%"); ++ opts->driver_opts[3] = strdup("dm.basesize=12G"); ++ opts->driver_opts[4] = strdup("dm.mkfsarg=-q"); ++ opts->driver_opts[5] = strdup("dm.mountopt=rw"); ++ opts->driver_opts_len = 6; ++ ++ EXPECT_CALL(m_libdevmapper_mock, DMTaskCreate(_)).WillRepeatedly(Invoke(invokeDMTaskCreate)); ++ EXPECT_CALL(m_libdevmapper_mock, DMTaskSetMessage(_, _)).WillRepeatedly(Return(1)); ++ EXPECT_CALL(m_libdevmapper_mock, DMTaskSetSector(_, _)).WillRepeatedly(Return(1)); ++ EXPECT_CALL(m_libdevmapper_mock, DMTaskSetAddNode(_, _)).WillRepeatedly(Return(1)); ++ EXPECT_CALL(m_libdevmapper_mock, DMTaskAddTarget(_, _, _, _, _)).WillRepeatedly(Return(1)); ++ EXPECT_CALL(m_libdevmapper_mock, DMTaskSetName(_, _)).WillRepeatedly(Return(1)); ++ EXPECT_CALL(m_libdevmapper_mock, DMTaskRun(_)).WillRepeatedly(Return(1)); ++ EXPECT_CALL(m_libdevmapper_mock, DMTaskDestroy(_)).WillRepeatedly(Invoke(invokeDMTaskDestroy)); ++ EXPECT_CALL(m_libdevmapper_mock, DMTaskGetInfo(_, _)).WillRepeatedly(Invoke(invokeDMTaskGetInfo)); ++ EXPECT_CALL(m_libdevmapper_mock, DMGetNextTarget(_, _, _, _, _, _)).WillRepeatedly(Invoke(invokeDMGetNextTarget)); ++ EXPECT_CALL(m_libdevmapper_mock, DMTaskSetCookie(_, _, _)).WillRepeatedly(Return(1)); ++ EXPECT_CALL(m_libdevmapper_mock, DMUdevWait(_)).WillRepeatedly(Return(1)); ++ EXPECT_CALL(m_libdevmapper_mock, DMUdevComplete(_)).WillRepeatedly(Return(1)); ++ EXPECT_CALL(m_libdevmapper_mock, DMTaskDeferredRemove(_)).WillRepeatedly(Return(1)); ++ ++ char *names = static_cast(util_common_calloc_s(sizeof(struct dm_names) + strlen("isulad0-pool") + 1)); ++ struct dm_names *dname = (struct dm_names *)names; ++ dname->dev = 1; ++ dname->next = 0; ++ strcpy(names + sizeof(struct dm_names), "isulad0-pool"); ++ EXPECT_CALL(m_libdevmapper_mock, DMTaskGetNames(_)).WillOnce(Return(dname)); ++ EXPECT_CALL(m_libdevmapper_mock, DMSetDevDir(_)).WillOnce(Return(1)); ++ EXPECT_CALL(m_libdevmapper_mock, DMTaskGetDriverVersion(_, _, _)).WillOnce(Invoke(invokeDMTaskGetDriverVersion)); ++ EXPECT_CALL(m_libdevmapper_mock, DMUdevGetSyncSupport()).WillOnce(Return(1)); ++ ++ MOCK_SET_V(util_exec_cmd, invokeUtilExecCmd); ++ MOCK_SET(util_mount, 0); ++ MOCK_SET(umount2, 0); ++ ASSERT_EQ(graphdriver_init(opts), 0); ++ MOCK_CLEAR(util_exec_cmd); ++ MOCK_CLEAR(util_mount); ++ MOCK_CLEAR(umount2); ++ } ++ ++ void TearDown() override ++ { ++ MOCK_SET(umount2, 0); ++ ASSERT_EQ(graphdriver_cleanup(), 0); ++ MOCK_CLEAR(umount2); ++ ++ MockLibdevmapper_SetMock(nullptr); ++ MockIsuladConf_SetMock(nullptr); ++ std::string rm_command = "rm -rf /tmp/isulad/"; ++ ASSERT_EQ(system(rm_command.c_str()), 0); ++ ++ if (opts != NULL) { ++ free(opts->storage_root); ++ free(opts->storage_run_root); ++ free(opts->driver_name); ++ util_free_array_by_len(opts->driver_opts, opts->driver_opts_len); ++ free(opts); ++ } ++ } ++ ++ NiceMock m_libdevmapper_mock; ++ NiceMock m_isulad_conf_mock; ++ char data_path[PATH_MAX] = { 0x00 }; ++ struct storage_module_init_options *opts = NULL; ++}; ++ ++TEST_F(DriverDevmapperUnitTest, test_devmapper_init) ++{ ++ // cleanup before ++ MOCK_SET(umount2, 0); ++ ASSERT_EQ(graphdriver_cleanup(), 0); ++ MOCK_CLEAR(umount2); ++ ++ std::string rm_command = "rm -rf /tmp/isulad/"; ++ ASSERT_EQ(system(rm_command.c_str()), 0); ++ std::string mk_command = "mkdir -p /tmp/isulad/data/devicemapper/mnt"; ++ ASSERT_EQ(system(mk_command.c_str()), 0); ++ char *names = static_cast(util_common_calloc_s(sizeof(struct dm_names) + strlen("isulad0-pool") + 1)); ++ struct dm_names *dname = (struct dm_names *)names; ++ dname->dev = 1; ++ dname->next = 0; ++ strcpy(names + sizeof(struct dm_names), "isulad0-pool"); ++ EXPECT_CALL(m_libdevmapper_mock, DMTaskGetNames(_)).WillOnce(Return(dname)); ++ EXPECT_CALL(m_libdevmapper_mock, DMSetDevDir(_)).WillOnce(Return(1)); ++ EXPECT_CALL(m_libdevmapper_mock, DMTaskGetDriverVersion(_, _, _)).WillOnce(Invoke(invokeDMTaskGetDriverVersion)); ++ EXPECT_CALL(m_libdevmapper_mock, DMUdevGetSyncSupport()).WillOnce(Return(1)); ++ ++ MOCK_SET_V(util_exec_cmd, invokeUtilExecCmd); ++ MOCK_SET(util_mount, 0); ++ MOCK_SET(umount2, 0); ++ ASSERT_EQ(graphdriver_init(opts), 0); ++ MOCK_CLEAR(util_exec_cmd); ++ MOCK_CLEAR(util_mount); ++ MOCK_CLEAR(umount2); ++} ++ ++TEST_F(DriverDevmapperUnitTest, test_devmapper_layer_exists) ++{ ++ std::string id { "3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f" }; ++ std::string incorrectId { "eb29745b8228e1e97c01b1d5c2554a319c00a94d8dd5746a3904222ad65a13f8" }; ++ ASSERT_TRUE(graphdriver_layer_exists(id.c_str())); ++ ASSERT_FALSE(graphdriver_layer_exists(incorrectId.c_str())); ++} ++ ++TEST_F(DriverDevmapperUnitTest, test_devmapper_create_rw) ++{ ++ std::string id { "eb29745b8228e1e97c01b1d5c2554a319c00a94d8dd5746a3904222ad65a13f8" }; ++ struct driver_create_opts *create_opts; ++ ++ create_opts = (struct driver_create_opts *)util_common_calloc_s(sizeof(struct driver_create_opts)); ++ ASSERT_NE(create_opts, nullptr); ++ ++ create_opts->storage_opt = static_cast(util_common_calloc_s(sizeof(json_map_string_string))); ++ ASSERT_NE(create_opts->storage_opt, nullptr); ++ create_opts->storage_opt->keys = static_cast(util_common_calloc_s(sizeof(char *))); ++ create_opts->storage_opt->values = static_cast(util_common_calloc_s(sizeof(char *))); ++ create_opts->storage_opt->keys[0] = strdup("size"); ++ create_opts->storage_opt->values[0] = strdup("12G"); ++ create_opts->storage_opt->len = 1; ++ ++ ASSERT_EQ(graphdriver_create_rw(id.c_str(), nullptr, create_opts), 0); ++ ASSERT_TRUE(graphdriver_layer_exists(id.c_str())); ++ free_driver_create_opts(create_opts); ++} ++ ++TEST_F(DriverDevmapperUnitTest, test_devmapper_create_ro) ++{ ++ std::string id { "eb29745b8228e1e97c01b1d5c2554a319c00a94d8dd5746a3904222ad65a13f8" }; ++ struct driver_create_opts *create_opts; ++ ++ create_opts = (struct driver_create_opts *)util_common_calloc_s(sizeof(struct driver_create_opts)); ++ ASSERT_NE(create_opts, nullptr); ++ ++ create_opts->storage_opt = static_cast(util_common_calloc_s(sizeof(json_map_string_string))); ++ ASSERT_NE(create_opts->storage_opt, nullptr); ++ create_opts->storage_opt->keys = static_cast(util_common_calloc_s(sizeof(char *))); ++ create_opts->storage_opt->values = static_cast(util_common_calloc_s(sizeof(char *))); ++ create_opts->storage_opt->keys[0] = strdup("size"); ++ create_opts->storage_opt->values[0] = strdup("12G"); ++ create_opts->storage_opt->len = 1; ++ ++ ASSERT_EQ(graphdriver_create_ro(id.c_str(), nullptr, create_opts), 0); ++ ASSERT_TRUE(graphdriver_layer_exists(id.c_str())); ++ free_driver_create_opts(create_opts); ++} ++ ++TEST_F(DriverDevmapperUnitTest, test_devmapper_rm_layer) ++{ ++ std::string existed_id { "3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f" }; ++ std::string not_existed_id { "eb29745b8228e1e97c01b1d5c2554a319c00a94d8dd5746a3904222ad65a13f8" }; ++ ++ ASSERT_EQ(graphdriver_rm_layer(existed_id.c_str()), 0); ++ ASSERT_EQ(graphdriver_rm_layer(not_existed_id.c_str()), 0); ++} ++ ++TEST_F(DriverDevmapperUnitTest, test_devmapper_mount_layer) ++{ ++ std::string id { "3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f" }; ++ std::string merged_dir = "/tmp/isulad/data/devicemapper/mnt/" + id + "/rootfs"; ++ struct driver_mount_opts *mount_opts = nullptr; ++ char* mount_dir = nullptr; ++ ++ MOCK_SET(util_mount, 0); ++ mount_dir = graphdriver_mount_layer(id.c_str(), mount_opts); ++ ASSERT_STREQ(mount_dir, merged_dir.c_str()); ++ MOCK_CLEAR(util_mount); ++ ++ MOCK_SET(umount2, 0); ++ ASSERT_EQ(graphdriver_umount_layer(id.c_str()), 0); ++ MOCK_CLEAR(umount2); ++ free(mount_dir); ++ mount_dir = nullptr; ++ ++ mount_opts = static_cast(util_common_calloc_s(sizeof(struct driver_mount_opts))); ++ ASSERT_NE(mount_opts, nullptr); ++ mount_opts->options = static_cast(util_common_calloc_s(1 * sizeof(char *))); ++ mount_opts->options[0] = strdup("ro"); ++ mount_opts->options_len = 1; ++ ++ MOCK_SET(util_mount, 0); ++ mount_dir = graphdriver_mount_layer(id.c_str(), mount_opts); ++ ASSERT_STREQ(mount_dir, merged_dir.c_str()); ++ MOCK_CLEAR(util_mount); ++ ++ MOCK_SET(umount2, 0); ++ ASSERT_EQ(graphdriver_umount_layer(id.c_str()), 0); ++ MOCK_CLEAR(umount2); ++ free_driver_mount_opts(mount_opts); ++} ++ ++TEST_F(DriverDevmapperUnitTest, test_devmapper_get_data) ++{ ++ std::string id { "3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f" }; ++ ++ container_inspect_graph_driver *inspect = graphdriver_get_metadata(id.c_str()); ++ ASSERT_NE(inspect, nullptr); ++ ASSERT_STREQ(inspect->data->device_id, "4"); ++ ASSERT_STREQ(inspect->data->device_size, "10737418240"); ++ ASSERT_STREQ(inspect->data->merged_dir, "/tmp/isulad/data/devicemapper/mnt/3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f/rootfs"); ++ free_container_inspect_graph_driver(inspect); ++ ++ EXPECT_CALL(m_libdevmapper_mock, DMUdevGetSyncSupport()).WillOnce(Return(1)); ++ ++ struct graphdriver_status *status = graphdriver_get_status(); ++ ASSERT_NE(status, nullptr); ++ ASSERT_STREQ(status->driver_name, "devicemapper"); ++ free_graphdriver_status(status); ++ ++ ASSERT_EQ(devmapper_repair_lowers(nullptr, nullptr, nullptr), 0); ++ ASSERT_EQ(devmapper_get_layer_fs_info(nullptr, nullptr, nullptr), 0); ++} ++ ++TEST_F(DriverDevmapperUnitTest, test_devmapper_apply_diff) ++{ ++ struct io_read_wrapper reader = {0}; ++ std::string id { "3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f" }; ++ MOCK_SET(util_mount, 0); ++ MOCK_SET(archive_unpack, 0); ++ MOCK_SET(umount2, 0); ++ EXPECT_CALL(m_isulad_conf_mock, ConfGetISuladRootDir()).WillOnce(Return(util_strdup_s("/tmp/isulad"))); ++ ASSERT_EQ(graphdriver_apply_diff(id.c_str(), &reader), 0); ++ MOCK_CLEAR(archive_unpack); ++ MOCK_CLEAR(util_mount); ++ MOCK_CLEAR(umount2); ++} ++ ++TEST_F(DriverDevmapperUnitTest, test_wrapper_devmapper) ++{ ++ ASSERT_STREQ(dev_strerror(ERR_TASK_RUN), "Task run error"); ++ ASSERT_STREQ(dev_strerror(ERR_TASK_SET_COOKIE), "Task set cookie error"); ++ ASSERT_STREQ(dev_strerror(ERR_NIL_COOKIE), "cookie ptr can't be nil"); ++ ASSERT_STREQ(dev_strerror(ERR_TASK_SET_ADD_NODE), "Task add dm node failed"); ++ ASSERT_STREQ(dev_strerror(ERR_BUSY), "Device busy"); ++ ASSERT_STREQ(dev_strerror(ERR_DEVICE_ID_EXISTS), "Device exists already"); ++ ASSERT_STREQ(dev_strerror(ERR_ENXIO), "No such device of address"); ++ ASSERT_STREQ(dev_strerror(ERR_TASK_ADD_TARGET), "Task add target device error"); ++ ASSERT_STREQ(dev_strerror(ERR_TASK_DEFERRED_REMOVE), "dm_task_deferred_remove failed"); ++ ASSERT_STREQ(dev_strerror(100), "Unknown error"); ++} +\ No newline at end of file +diff --git a/test/mocks/libdevmapper_mock.cc b/test/mocks/libdevmapper_mock.cc +new file mode 100644 +index 00000000..7d6c8024 +--- /dev/null ++++ b/test/mocks/libdevmapper_mock.cc +@@ -0,0 +1,191 @@ ++/****************************************************************************** ++ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. ++ * iSulad licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ * Author: jikai ++ * Create: 2023-11-22 ++ * Description: provide lib device mapper mock ++ ******************************************************************************/ ++ ++#include "libdevmapper_mock.h" ++ ++namespace { ++MockLibdevmapper *g_libdevmapper_mock = nullptr; ++} ++ ++void MockLibdevmapper_SetMock(MockLibdevmapper* mock) ++{ ++ g_libdevmapper_mock = mock; ++} ++ ++struct dm_task *dm_task_create(int type) ++{ ++ if (g_libdevmapper_mock != nullptr) { ++ return g_libdevmapper_mock->DMTaskCreate(type); ++ } ++ return nullptr; ++} ++ ++int dm_task_set_message(struct dm_task *dmt, const char *msg) ++{ ++ if (g_libdevmapper_mock != nullptr) { ++ return g_libdevmapper_mock->DMTaskSetMessage(dmt, msg); ++ } ++ return 0; ++} ++ ++int dm_task_set_sector(struct dm_task *dmt, uint64_t sector) ++{ ++ if (g_libdevmapper_mock != nullptr) { ++ return g_libdevmapper_mock->DMTaskSetSector(dmt, sector); ++ } ++ return 0; ++} ++ ++int dm_task_set_add_node(struct dm_task *dmt, dm_add_node_t add_node) ++{ ++ if (g_libdevmapper_mock != nullptr) { ++ return g_libdevmapper_mock->DMTaskSetAddNode(dmt, add_node); ++ } ++ return 0; ++} ++ ++int dm_task_add_target(struct dm_task *dmt, uint64_t start, uint64_t size, const char *ttype, const char *params) ++{ ++ if (g_libdevmapper_mock != nullptr) { ++ return g_libdevmapper_mock->DMTaskAddTarget(dmt, start, size, ttype, params); ++ } ++ return 0; ++} ++ ++int dm_set_dev_dir(const char *dir) ++{ ++ if (g_libdevmapper_mock != nullptr) { ++ return g_libdevmapper_mock->DMSetDevDir(dir); ++ } ++ return 0; ++} ++ ++int dm_task_set_name(struct dm_task *dmt, const char *name) ++{ ++ if (g_libdevmapper_mock != nullptr) { ++ return g_libdevmapper_mock->DMTaskSetName(dmt, name); ++ } ++ return 0; ++} ++ ++int dm_task_run(struct dm_task *dmt) ++{ ++ if (g_libdevmapper_mock != nullptr) { ++ return g_libdevmapper_mock->DMTaskRun(dmt); ++ } ++ return 0; ++} ++ ++int dm_task_get_driver_version(struct dm_task *dmt, char *version, size_t size) ++{ ++ if (g_libdevmapper_mock != nullptr) { ++ return g_libdevmapper_mock->DMTaskGetDriverVersion(dmt, version, size); ++ } ++ return 0; ++} ++ ++void dm_task_destroy(struct dm_task *dmt) ++{ ++ if (g_libdevmapper_mock != nullptr) { ++ g_libdevmapper_mock->DMTaskDestroy(dmt); ++ } ++} ++ ++int dm_get_library_version(char *version, size_t size) ++{ ++ if (g_libdevmapper_mock != nullptr) { ++ return g_libdevmapper_mock->DMGetLibraryVersion(version, size); ++ } ++ return 0; ++} ++ ++int dm_task_get_info(struct dm_task *dmt, struct dm_info *info) ++{ ++ if (g_libdevmapper_mock != nullptr) { ++ return g_libdevmapper_mock->DMTaskGetInfo(dmt, info); ++ } ++ return 0; ++} ++ ++void *dm_get_next_target(struct dm_task *dmt, void *next, uint64_t *start, uint64_t *length, ++ char **target_type, char **params) ++{ ++ if (g_libdevmapper_mock != nullptr) { ++ return g_libdevmapper_mock->DMGetNextTarget(dmt, next, start, length, target_type, params); ++ } ++ return nullptr; ++} ++ ++int dm_task_set_cookie(struct dm_task *dmt, uint32_t *cookie, uint16_t flags) ++{ ++ if (g_libdevmapper_mock != nullptr) { ++ return g_libdevmapper_mock->DMTaskSetCookie(dmt, cookie, flags); ++ } ++ return 0; ++} ++ ++int dm_udev_wait(uint32_t cookie) ++{ ++ if (g_libdevmapper_mock != nullptr) { ++ return g_libdevmapper_mock->DMUdevWait(cookie); ++ } ++ return 0; ++} ++ ++int dm_udev_complete(uint32_t cookie) ++{ ++ if (g_libdevmapper_mock != nullptr) { ++ return g_libdevmapper_mock->DMUdevComplete(cookie); ++ } ++ return 0; ++} ++ ++int dm_task_deferred_remove(struct dm_task *dmt) ++{ ++ if (g_libdevmapper_mock != nullptr) { ++ return g_libdevmapper_mock->DMTaskDeferredRemove(dmt); ++ } ++ return 0; ++} ++ ++struct dm_names *dm_task_get_names(struct dm_task *dmt) ++{ ++ if (g_libdevmapper_mock != nullptr) { ++ return g_libdevmapper_mock->DMTaskGetNames(dmt); ++ } ++ return nullptr; ++} ++ ++int dm_udev_get_sync_support(void) ++{ ++ if (g_libdevmapper_mock != nullptr) { ++ return g_libdevmapper_mock->DMUdevGetSyncSupport(); ++ } ++ return 0; ++} ++ ++void dm_udev_set_sync_support(int sync_with_udev) ++{ ++ if (g_libdevmapper_mock != nullptr) { ++ g_libdevmapper_mock->DMUdevSetSyncSupport(sync_with_udev); ++ } ++} ++ ++void dm_log_with_errno_init(void log_cb(int level, const char *file, int line, int dm_errno_or_class, const char *f, ...)) ++{ ++ if (g_libdevmapper_mock != nullptr) { ++ g_libdevmapper_mock->DMLogWithErrnoInit(log_cb); ++ } ++} +diff --git a/test/mocks/libdevmapper_mock.h b/test/mocks/libdevmapper_mock.h +new file mode 100644 +index 00000000..53c5ad4b +--- /dev/null ++++ b/test/mocks/libdevmapper_mock.h +@@ -0,0 +1,52 @@ ++/****************************************************************************** ++ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. ++ * iSulad licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ * Author: jikai ++ * Create: 2023-11-22 ++ * Description: provide lib device mapper mock ++ ******************************************************************************/ ++ ++#ifndef _ISULAD_TEST_MOCKS_DEVMAPPER_MOCK_H ++#define _ISULAD_TEST_MOCKS_DEVMAPPER_MOCK_H ++ ++#include ++ ++#include ++ ++class MockLibdevmapper { ++public: ++ virtual ~MockLibdevmapper() = default; ++ MOCK_METHOD1(DMTaskCreate, struct dm_task*(int type)); ++ MOCK_METHOD2(DMTaskSetMessage, int(struct dm_task *dmt, const char *msg)); ++ MOCK_METHOD2(DMTaskSetSector, int(struct dm_task *dmt, uint64_t sector)); ++ MOCK_METHOD2(DMTaskSetAddNode, int(struct dm_task *dmt, dm_add_node_t add_node)); ++ MOCK_METHOD5(DMTaskAddTarget, int(struct dm_task *dmt, uint64_t start, uint64_t size, const char *ttype, const char *params)); ++ MOCK_METHOD1(DMSetDevDir, int(const char *dir)); ++ MOCK_METHOD2(DMTaskSetName, int(struct dm_task *dmt, const char *name)); ++ MOCK_METHOD1(DMTaskRun, int(struct dm_task *dmt)); ++ MOCK_METHOD3(DMTaskGetDriverVersion, int(struct dm_task *dmt, char *version, size_t size)); ++ MOCK_METHOD1(DMTaskDestroy, void(struct dm_task *dmt)); ++ MOCK_METHOD2(DMGetLibraryVersion, int(char *version, size_t size)); ++ MOCK_METHOD2(DMTaskGetInfo, int(struct dm_task *dmt, struct dm_info *info)); ++ MOCK_METHOD6(DMGetNextTarget, void*(struct dm_task *dmt, void *next, uint64_t *start, uint64_t *length, ++ char **target_type, char **params)); ++ MOCK_METHOD3(DMTaskSetCookie, int(struct dm_task *dmt, uint32_t *cookie, uint16_t flags)); ++ MOCK_METHOD1(DMUdevWait, int(uint32_t cookie)); ++ MOCK_METHOD1(DMUdevComplete, int(uint32_t cookie)); ++ MOCK_METHOD1(DMTaskDeferredRemove, int(struct dm_task *dmt)); ++ MOCK_METHOD1(DMTaskGetNames, struct dm_names *(struct dm_task *dmt)); ++ MOCK_METHOD0(DMUdevGetSyncSupport, int(void)); ++ MOCK_METHOD1(DMUdevSetSyncSupport, void(int sync_with_udev)); ++ MOCK_METHOD1(DMLogWithErrnoInit, void(void log_cb(int level, const char *file, int line, int dm_errno_or_class, const char *f, ...))); ++}; ++ ++void MockLibdevmapper_SetMock(MockLibdevmapper* mock); ++ ++#endif +-- +2.42.0 + diff --git a/0173-remove-build-and-test-in-coverage.patch b/0173-remove-build-and-test-in-coverage.patch new file mode 100644 index 0000000..d07b50f --- /dev/null +++ b/0173-remove-build-and-test-in-coverage.patch @@ -0,0 +1,28 @@ +From bd77fa1cf6c7afe90fa0a0e344d18640753e225a Mon Sep 17 00:00:00 2001 +From: jikai +Date: Tue, 12 Dec 2023 14:47:40 +0800 +Subject: [PATCH 173/181] remove build and test in coverage + +Signed-off-by: jikai +--- + CI/generate_gcov.sh | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/CI/generate_gcov.sh b/CI/generate_gcov.sh +index 364af65c..2f3228df 100755 +--- a/CI/generate_gcov.sh ++++ b/CI/generate_gcov.sh +@@ -31,8 +31,8 @@ ctest + lcov --directory . --capture --output-file coverage.info + # Remove std/build files + lcov --remove coverage.info '/usr/*' -o coverage.info +-lcov --remove coverage.info 'build/*' -o coverage.info +-lcov --remove coverage.info 'test/*' -o coverage.info ++lcov --remove coverage.info "$ISULAD_SRC_PATH/build/*" ++lcov --remove coverage.info "$ISULAD_SRC_PATH/test/*" + + # Generate html + genhtml --ignore-errors source -o $GCOV_RESULT_PATH/coverage coverage.info +-- +2.42.0 + diff --git a/0174-modify-the-default-value-of-ISULAD_TMPDIR-to-var-lib.patch b/0174-modify-the-default-value-of-ISULAD_TMPDIR-to-var-lib.patch new file mode 100644 index 0000000..1ea5f12 --- /dev/null +++ b/0174-modify-the-default-value-of-ISULAD_TMPDIR-to-var-lib.patch @@ -0,0 +1,167 @@ +From 5792109521978b335984901aee60a76d978d560e Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Tue, 12 Dec 2023 20:24:57 +0800 +Subject: [PATCH 174/181] modify the default value of ISULAD_TMPDIR to + /var/lib/isulad + +Signed-off-by: zhongtao +--- + src/cmd/isulad/main.c | 13 +++++++------ + src/common/constants.h | 2 ++ + src/contrib/config/iSulad.sysconfig | 4 ++-- + .../modules/container/leftover_cleanup/cleanup.c | 6 +++--- + src/daemon/modules/image/oci/utils_images.c | 2 +- + src/utils/cutils/utils_verify.c | 5 +++++ + src/utils/cutils/utils_verify.h | 2 ++ + src/utils/tar/util_archive.c | 9 +++++---- + 8 files changed, 27 insertions(+), 16 deletions(-) + +diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c +index e624cfdd..05e899f6 100644 +--- a/src/cmd/isulad/main.c ++++ b/src/cmd/isulad/main.c +@@ -1301,8 +1301,8 @@ static int ensure_isulad_tmpdir_security() + char *isulad_tmp_dir = NULL; + + isulad_tmp_dir = getenv("ISULAD_TMPDIR"); +- if (!util_valid_str(isulad_tmp_dir)) { +- isulad_tmp_dir = "/tmp"; ++ if (!util_valid_isulad_tmpdir(isulad_tmp_dir)) { ++ isulad_tmp_dir = DEFAULT_ISULAD_TMPDIR; + } + + if (do_ensure_isulad_tmpdir_security(isulad_tmp_dir) != 0) { +@@ -1310,14 +1310,15 @@ static int ensure_isulad_tmpdir_security() + return -1; + } + +- if (strcmp(isulad_tmp_dir, "/tmp") == 0) { ++ if (strcmp(isulad_tmp_dir, DEFAULT_ISULAD_TMPDIR) == 0) { + return 0; + } + + // No matter whether ISULAD_TMPDIR is set or not, +- // ensure the "/tmp" directory is a safe directory +- if (do_ensure_isulad_tmpdir_security("/tmp") != 0) { +- WARN("Failed to ensure the /tmp directory is a safe directory"); ++ // ensure the DEFAULT_ISULAD_TMPDIR directory is a safe directory ++ // TODO: if isula is no longer tarred in the future, we can delete it. ++ if (do_ensure_isulad_tmpdir_security(DEFAULT_ISULAD_TMPDIR) != 0) { ++ WARN("Failed to ensure the default ISULAD_TMPDIR : %s directory is a safe directory", DEFAULT_ISULAD_TMPDIR); + } + + return 0; +diff --git a/src/common/constants.h b/src/common/constants.h +index a567ee9c..9ea3def7 100644 +--- a/src/common/constants.h ++++ b/src/common/constants.h +@@ -129,6 +129,8 @@ extern "C" { + + #define OCI_IMAGE_GRAPH_ROOTPATH_NAME "storage" + ++#define DEFAULT_ISULAD_TMPDIR "/var/lib/isulad" ++ + #ifdef ENABLE_GRPC_REMOTE_CONNECT + #define DEFAULT_TCP_HOST "tcp://localhost:2375" + #define DEFAULT_TLS_HOST "tcp://localhost:2376" +diff --git a/src/contrib/config/iSulad.sysconfig b/src/contrib/config/iSulad.sysconfig +index 43ba7cbd..25099480 100644 +--- a/src/contrib/config/iSulad.sysconfig ++++ b/src/contrib/config/iSulad.sysconfig +@@ -22,5 +22,5 @@ + #SYSMONITOR_OPTIONS='-H tcp://127.0.0.1:2375 --tlsverify --tlscacert=/root/.iSulad/ca.pem --tlscert=/root/.iSulad/cert.pem --tlskey=/root/.iSulad/key.pem' + + # Location used for temporary files, such as those created by isula load and pull operations. +-# Default is /var/tmp. Can be overridden by setting the following env variable. +-# ISULAD_TMPDIR=/var/tmp ++# Default is /var/lib/isulad. Can be overridden by setting the following env variable. ++# ISULAD_TMPDIR=/var/lib/isulad +diff --git a/src/daemon/modules/container/leftover_cleanup/cleanup.c b/src/daemon/modules/container/leftover_cleanup/cleanup.c +index 9a38ffc2..af5f0eee 100644 +--- a/src/daemon/modules/container/leftover_cleanup/cleanup.c ++++ b/src/daemon/modules/container/leftover_cleanup/cleanup.c +@@ -203,12 +203,12 @@ void do_isulad_tmpdir_cleaner(void) + char *isula_tmp_dir = NULL; + + isula_tmp_dir = getenv("ISULAD_TMPDIR"); +- if (util_valid_str(isula_tmp_dir)) { ++ if (util_valid_isulad_tmpdir(isula_tmp_dir)) { + cleanup_path(isula_tmp_dir); + } + // No matter whether ISULAD_TMPDIR is set or not, +- // clean up the "/tmp" directory to prevent the mount point from remaining +- cleanup_path("/tmp"); ++ // clean up the DEFAULT_ISULAD_TMPDIR directory to prevent the mount point from remaining ++ cleanup_path(DEFAULT_ISULAD_TMPDIR); + + return; + } +diff --git a/src/daemon/modules/image/oci/utils_images.c b/src/daemon/modules/image/oci/utils_images.c +index 736bbf0e..f87644d2 100644 +--- a/src/daemon/modules/image/oci/utils_images.c ++++ b/src/daemon/modules/image/oci/utils_images.c +@@ -595,7 +595,7 @@ char *oci_get_isulad_tmpdir(const char *root_dir) + } + + env_dir = getenv("ISULAD_TMPDIR"); +- if (util_valid_str(env_dir)) { ++ if (util_valid_isulad_tmpdir(env_dir)) { + isulad_tmpdir = util_path_join(env_dir, "isulad_tmpdir"); + } else { + isulad_tmpdir = util_path_join(root_dir, "isulad_tmpdir"); +diff --git a/src/utils/cutils/utils_verify.c b/src/utils/cutils/utils_verify.c +index d4c46199..4ed4ed5f 100644 +--- a/src/utils/cutils/utils_verify.c ++++ b/src/utils/cutils/utils_verify.c +@@ -815,3 +815,8 @@ bool util_valid_volume_name(const char *name) + + return util_reg_match(patten, name) == 0; + } ++ ++bool util_valid_isulad_tmpdir(const char *dir) ++{ ++ return util_valid_str(dir) && strcmp(dir, "/tmp") != 0; ++} +diff --git a/src/utils/cutils/utils_verify.h b/src/utils/cutils/utils_verify.h +index 7d954475..c4677203 100644 +--- a/src/utils/cutils/utils_verify.h ++++ b/src/utils/cutils/utils_verify.h +@@ -128,6 +128,8 @@ bool util_valid_sysctl(const char *sysctl_key); + + bool util_valid_volume_name(const char *name); + ++bool util_valid_isulad_tmpdir(const char *dir); ++ + #ifdef __cplusplus + } + #endif +diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c +index 4653bc98..55fdf997 100644 +--- a/src/utils/tar/util_archive.c ++++ b/src/utils/tar/util_archive.c +@@ -128,7 +128,7 @@ static void do_disable_unneccessary_caps() + // Add flock when bind mount and make it private. + // Because bind mount usually makes safedir shared mount point, + // and sometimes it will cause "mount point explosion". +-// E.g. concurrently execute isula cp /tmp/ : ++// E.g. concurrently execute isula cp DEFAULT_ISULAD_TMPDIR/ : + static int bind_mount_with_flock(const char *flock_path, const char *dstdir, const char *tmp_dir) + { + int fd = -1; +@@ -189,9 +189,10 @@ static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, ch + int nret; + + isulad_tmpdir_env = getenv("ISULAD_TMPDIR"); +- if (!util_valid_str(isulad_tmpdir_env)) { +- // if not setted isulad tmpdir, just use /tmp +- isulad_tmpdir_env = "/tmp"; ++ if (!util_valid_isulad_tmpdir(isulad_tmpdir_env)) { ++ INFO("if not setted isulad tmpdir or setted unvalid dir, use DEFAULT_ISULAD_TMPDIR"); ++ // if not setted isulad tmpdir, just use DEFAULT_ISULAD_TMPDIR ++ isulad_tmpdir_env = DEFAULT_ISULAD_TMPDIR; + } + + nret = snprintf(isula_tmpdir, PATH_MAX, "%s/isulad_tmpdir", isulad_tmpdir_env); +-- +2.42.0 + diff --git a/0175-prevent-the-parent-dir-from-being-bind-mounted-to-th.patch b/0175-prevent-the-parent-dir-from-being-bind-mounted-to-th.patch new file mode 100644 index 0000000..a22cf1a --- /dev/null +++ b/0175-prevent-the-parent-dir-from-being-bind-mounted-to-th.patch @@ -0,0 +1,58 @@ +From 5a32a77539d00b6dc484a5200eae86842ca4ab18 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Tue, 12 Dec 2023 20:26:30 +0800 +Subject: [PATCH 175/181] prevent the parent dir from being bind mounted to the + subdir + +Signed-off-by: zhongtao +--- + src/utils/tar/util_archive.c | 26 ++++++++++++++++++++++++++ + 1 file changed, 26 insertions(+) + +diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c +index 55fdf997..e122a40f 100644 +--- a/src/utils/tar/util_archive.c ++++ b/src/utils/tar/util_archive.c +@@ -179,6 +179,26 @@ out: + return ret; + } + ++static int is_parent_directory(const char *parent_path, const char *child_path) ++{ ++ size_t parent_len = strlen(parent_path); ++ size_t child_len = strlen(child_path); ++ ++ if (parent_len == 0 || child_len == 0 || parent_len >= child_len) { ++ return -1; ++ } ++ ++ if (strncmp(parent_path, child_path, parent_len) != 0) { ++ return -1; ++ } ++ ++ if (child_path[parent_len] != '/') { ++ return -1; ++ } ++ ++ return 0; ++} ++ + static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, char **safe_dir) + { + struct stat buf; +@@ -232,6 +252,12 @@ static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, ch + return -1; + } + ++ // prevent the parent directory from being bind mounted to the subdirectory ++ if (is_parent_directory(dstdir, tmp_dir) == 0) { ++ ERROR("Cannot bind mount the parent directory: %s to its subdirectory: %s", dstdir, tmp_dir); ++ return -1; ++ } ++ + if (bind_mount_with_flock(flock_path, dstdir, tmp_dir) != 0) { + ERROR("Failed to bind mount from %s to %s with flock", dstdir, tmp_dir); + if (util_path_remove(tmp_dir) != 0) { +-- +2.42.0 + diff --git a/0176-verify-the-mount-dir-first-and-then-create-tmpdir.patch b/0176-verify-the-mount-dir-first-and-then-create-tmpdir.patch new file mode 100644 index 0000000..adff3b6 --- /dev/null +++ b/0176-verify-the-mount-dir-first-and-then-create-tmpdir.patch @@ -0,0 +1,43 @@ +From b1ec0cf109624fb193b7660e461e9887d5814a19 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Wed, 13 Dec 2023 15:13:12 +0800 +Subject: [PATCH 176/181] verify the mount dir first and then create tmpdir + +Signed-off-by: zhongtao +--- + src/utils/tar/util_archive.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c +index e122a40f..19cfdd12 100644 +--- a/src/utils/tar/util_archive.c ++++ b/src/utils/tar/util_archive.c +@@ -232,6 +232,12 @@ static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, ch + return -1; + } + ++ // prevent the parent directory from being bind mounted to the subdirectory ++ if (is_parent_directory(dstdir, tmp_dir) == 0) { ++ ERROR("Cannot bind mount the parent directory: %s to its subdirectory: %s", dstdir, tmp_dir); ++ return -1; ++ } ++ + if (stat(dstdir, &buf) < 0) { + SYSERROR("Check chroot dir failed"); + return -1; +@@ -252,12 +258,6 @@ static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, ch + return -1; + } + +- // prevent the parent directory from being bind mounted to the subdirectory +- if (is_parent_directory(dstdir, tmp_dir) == 0) { +- ERROR("Cannot bind mount the parent directory: %s to its subdirectory: %s", dstdir, tmp_dir); +- return -1; +- } +- + if (bind_mount_with_flock(flock_path, dstdir, tmp_dir) != 0) { + ERROR("Failed to bind mount from %s to %s with flock", dstdir, tmp_dir); + if (util_path_remove(tmp_dir) != 0) { +-- +2.42.0 + diff --git a/0177-bugfix-del-redundant-code.patch b/0177-bugfix-del-redundant-code.patch new file mode 100644 index 0000000..2a79650 --- /dev/null +++ b/0177-bugfix-del-redundant-code.patch @@ -0,0 +1,26 @@ +From 27d7a270f4bb489e5487d1833e90f5fa5e95d878 Mon Sep 17 00:00:00 2001 +From: liuxu +Date: Wed, 13 Dec 2023 17:06:37 +0800 +Subject: [PATCH 177/181] bugfix:del redundant code + +--- + src/daemon/modules/image/image.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/src/daemon/modules/image/image.c b/src/daemon/modules/image/image.c +index e1b309b6..01d20190 100644 +--- a/src/daemon/modules/image/image.c ++++ b/src/daemon/modules/image/image.c +@@ -586,9 +586,6 @@ void free_im_prepare_request(im_prepare_request *request) + free(request->mount_label); + request->mount_label = NULL; + +- free(request->mount_label); +- request->mount_label = NULL; +- + free_json_map_string_string(request->storage_opt); + request->storage_opt = NULL; + +-- +2.42.0 + diff --git a/0178-remove-var-in-coverage-and-fix-build-test-remove.patch b/0178-remove-var-in-coverage-and-fix-build-test-remove.patch new file mode 100644 index 0000000..833d714 --- /dev/null +++ b/0178-remove-var-in-coverage-and-fix-build-test-remove.patch @@ -0,0 +1,30 @@ +From 74ee05e13fe4a6a653311656c16664cf142d9a20 Mon Sep 17 00:00:00 2001 +From: jikai +Date: Thu, 14 Dec 2023 10:54:27 +0800 +Subject: [PATCH 178/181] remove /var/* in coverage and fix build/test remove + +Signed-off-by: jikai +--- + CI/generate_gcov.sh | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/CI/generate_gcov.sh b/CI/generate_gcov.sh +index 2f3228df..8d0b5d21 100755 +--- a/CI/generate_gcov.sh ++++ b/CI/generate_gcov.sh +@@ -29,10 +29,8 @@ cp -r ~/build $ISULAD_COPY_PATH + cd $ISULAD_COPY_PATH/build + ctest + lcov --directory . --capture --output-file coverage.info +-# Remove std/build files +-lcov --remove coverage.info '/usr/*' -o coverage.info +-lcov --remove coverage.info "$ISULAD_SRC_PATH/build/*" +-lcov --remove coverage.info "$ISULAD_SRC_PATH/test/*" ++# extract src only files ++lcov --extract coverage.info '*/iSulad/src/*' -o coverage.info + + # Generate html + genhtml --ignore-errors source -o $GCOV_RESULT_PATH/coverage coverage.info +-- +2.42.0 + diff --git a/0179-code-improve-for-oci_rmi.patch b/0179-code-improve-for-oci_rmi.patch new file mode 100644 index 0000000..cea6097 --- /dev/null +++ b/0179-code-improve-for-oci_rmi.patch @@ -0,0 +1,47 @@ +From 5ce82824916d910ba2fc666d2b1d2f15537c5d0c Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Mon, 18 Dec 2023 16:07:57 +0800 +Subject: [PATCH 179/181] code improve for oci_rmi + +Signed-off-by: zhongtao +--- + src/daemon/modules/image/oci/oci_image.c | 16 +++++++++++----- + 1 file changed, 11 insertions(+), 5 deletions(-) + +diff --git a/src/daemon/modules/image/oci/oci_image.c b/src/daemon/modules/image/oci/oci_image.c +index abca4ed7..f525f621 100644 +--- a/src/daemon/modules/image/oci/oci_image.c ++++ b/src/daemon/modules/image/oci/oci_image.c +@@ -538,6 +538,17 @@ int oci_rmi(const im_rmi_request *request) + goto out; + } + ++ for (i = 0; i < image_names_len; i++) { ++ if (strcmp(real_image_name, image_names[i]) == 0) { ++ break; ++ } ++ } ++ if (i == image_names_len) { ++ ERROR("Invalid real_image_name"); ++ ret = -1; ++ goto out; ++ } ++ + reduced_image_names = (char **)util_smart_calloc_s(sizeof(char *), image_names_len - 1); + if (reduced_image_names == NULL) { + ERROR("Out of memory"); +@@ -548,11 +559,6 @@ int oci_rmi(const im_rmi_request *request) + for (i = 0; i < image_names_len; i++) { + if (strcmp(image_names[i], real_image_name) != 0) { + reduced_image_names[reduced_image_names_len] = util_strdup_s(image_names[i]); +- if (reduced_image_names[reduced_image_names_len] == NULL) { +- ERROR("Out of memory"); +- ret = -1; +- goto out; +- } + reduced_image_names_len++; + } + } +-- +2.42.0 + diff --git a/0180-verify-name-and-digest-consistency.patch b/0180-verify-name-and-digest-consistency.patch new file mode 100644 index 0000000..136bcf2 --- /dev/null +++ b/0180-verify-name-and-digest-consistency.patch @@ -0,0 +1,321 @@ +From 7956dc0285bda663cfb8d369e0d85fbafc406902 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Tue, 19 Dec 2023 16:31:34 +1400 +Subject: [PATCH 180/181] verify name and digest consistency + +Signed-off-by: zhongtao +--- + .../oci/storage/image_store/image_store.c | 274 +++++++++++------- + 1 file changed, 171 insertions(+), 103 deletions(-) + +diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c +index 99640b59..cd827a2d 100644 +--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c ++++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c +@@ -445,11 +445,171 @@ out: + return value; + } + ++static int resort_image_names(const char **names, size_t names_len, char **first_name, char ***image_tags, ++ char ***image_digests) ++{ ++ int ret = 0; ++ size_t i; ++ char *prefix = NULL; ++ ++ for (i = 0; i < names_len; i++) { ++ size_t len = strlen(names[i]); ++ if (strlen(names[i]) > MAX_IMAGE_NAME_LENGTH) { ++ prefix = util_sub_string(names[i], len - MAX_IMAGE_NAME_LENGTH, ++ MAX_IMAGE_NAME_LENGTH - MAX_IMAGE_DIGEST_LENGTH); ++ } ++ ++ // TODO: maybe should support other digest ++ if (prefix != NULL && strcmp(prefix, DIGEST_PREFIX) == 0) { ++ if (util_array_append(image_digests, names[i]) != 0) { ++ ERROR("Failed to append image to digest: %s", names[i]); ++ ret = -1; ++ goto out; ++ } ++ } else { ++ if (util_array_append(image_tags, names[i]) != 0) { ++ ERROR("Failed to append image to tags: %s", names[i]); ++ ret = -1; ++ goto out; ++ } ++ } ++ } ++ ++ if (first_name == NULL) { ++ goto out; ++ } ++ ++ if (util_array_len((const char **)(*image_digests)) > 0) { ++ free(*first_name); ++ *first_name = util_strdup_s((*image_digests)[0]); ++ } ++ ++ if (util_array_len((const char **)(*image_tags)) > 0) { ++ free(*first_name); ++ *first_name = util_strdup_s((*image_tags)[0]); ++ } ++ ++out: ++ if (ret != 0) { ++ util_free_array(*image_digests); ++ util_free_array(*image_tags); ++ free(*first_name); ++ } ++ free(prefix); ++ return ret; ++} ++ ++// Validate checks that the contents is a valid digest ++static bool validate_digest(const char *digest) ++{ ++ bool ret = true; ++ const char *sha256_encode_patten = "^[a-f0-9]{64}$"; ++ char *value = util_strdup_s(digest); ++ char *index = strchr(value, ':'); ++ char *alg = NULL; ++ char *encode = NULL; ++ ++ // contains ':' and is not the last character ++ if (index == NULL || index - value + 1 == strlen(value)) { ++ INFO("Invalid checksum digest format"); ++ ret = false; ++ goto out; ++ } ++ ++ *index++ = '\0'; ++ ++ alg = value; ++ encode = index; ++ // Currently only support SHA256 algorithm ++ if (strcmp(alg, "sha256") != 0) { ++ DEBUG("Unsupported digest algorithm: %s", alg); ++ ret = false; ++ goto out; ++ } ++ ++ ret = util_reg_match(sha256_encode_patten, encode) == 0; ++ ++out: ++ free(value); ++ return ret; ++} ++ ++// Parsing a reference string as a possible identifier, full digest, or familiar name. ++static char *parse_digest_reference(const char *ref) ++{ ++ char *indentfier_patten = "^[a-f0-9]{64}$"; ++ ++ if (util_reg_match(indentfier_patten, ref) == 0) { ++ return util_string_append(ref, "sha256:"); ++ } ++ ++ if (validate_digest(ref)) { ++ return util_strdup_s(ref); ++ } ++ ++ return oci_normalize_image_name(ref); ++} ++ ++static int is_name_digest_consistent(const char *name, char **names, size_t names_len, const char *digest) ++{ ++ size_t i; ++ int ret = -1; ++ int nret = 0; ++ char *tag_pos = NULL; ++ char **tags = NULL; ++ char **digests = NULL; ++ char *ref = NULL; ++ char *tmp_repo_digests = NULL; ++ ++ if (resort_image_names((const char **)names, names_len, NULL, &tags, &digests) != 0) { ++ ERROR("Failed to resort image names"); ++ goto out; ++ } ++ ++ for (i = 0; i < util_array_len((const char **)tags); i++) { ++ ref = parse_digest_reference(tags[i]); ++ if (ref == NULL) { ++ free(ref); ++ ref = NULL; ++ continue; ++ } ++ tag_pos = util_tag_pos(ref); ++ if (tag_pos == NULL) { ++ ERROR("invalid ref %s", ref); ++ free(ref); ++ ref = NULL; ++ continue; ++ } ++ *tag_pos = '\0'; ++ ++ nret = asprintf(&tmp_repo_digests, "%s@%s", ref, digest); ++ if (nret < 0) { ++ ERROR("Failed to receive repo digest"); ++ goto out; ++ } ++ if (strcmp(name, tmp_repo_digests) == 0) { ++ ret = 0; ++ goto out; ++ } ++ free(ref); ++ ref = NULL; ++ free(tmp_repo_digests); ++ tmp_repo_digests = NULL; ++ } ++out: ++ free(ref); ++ free(tmp_repo_digests); ++ util_free_array(tags); ++ util_free_array(digests); ++ return ret; ++} ++ + // by_digest returns the image which matches the specified name. + static image_t *by_digest(const char *name) + { + digest_image_t *digest_filter_images = NULL; + char *digest = NULL; ++ image_t *tmp_ret = NULL; + + // split digest for image name with digest + digest = strrchr(name, '@'); +@@ -458,12 +618,21 @@ static image_t *by_digest(const char *name) + } + digest++; + digest_filter_images = (digest_image_t *)map_search(g_image_store->bydigest, (void *)digest); +- if (digest_filter_images == NULL) { ++ if (digest_filter_images == NULL || linked_list_empty(&(digest_filter_images->images_list))) { + return NULL; + } + + // currently, a digest corresponds to an image, directly returning the first element +- return linked_list_first_elem(&(digest_filter_images->images_list)); ++ tmp_ret = linked_list_first_elem(&(digest_filter_images->images_list)); ++ ++ // verify name and digest consistency to ensure we are not matching images to different repositories, ++ // even if the digests match. ++ // For example, ubuntu@sha256:abc......, shouldn't match test@sha256:abc...... ++ if (is_name_digest_consistent(name, tmp_ret->simage->names, tmp_ret->simage->names_len, digest) != 0) { ++ return NULL; ++ } ++ ++ return tmp_ret; + } + + static image_t *lookup(const char *id) +@@ -2002,107 +2171,6 @@ out: + return ret; + } + +-static int resort_image_names(const char **names, size_t names_len, char **first_name, char ***image_tags, +- char ***image_digests) +-{ +- int ret = 0; +- size_t i; +- char *prefix = NULL; +- +- for (i = 0; i < names_len; i++) { +- size_t len = strlen(names[i]); +- if (strlen(names[i]) > MAX_IMAGE_NAME_LENGTH) { +- prefix = util_sub_string(names[i], len - MAX_IMAGE_NAME_LENGTH, +- MAX_IMAGE_NAME_LENGTH - MAX_IMAGE_DIGEST_LENGTH); +- } +- +- // maybe should support other digest +- if (prefix != NULL && strcmp(prefix, DIGEST_PREFIX) == 0) { +- if (util_array_append(image_digests, names[i]) != 0) { +- ERROR("Failed to append image to digest: %s", names[i]); +- ret = -1; +- goto out; +- } +- } else { +- if (util_array_append(image_tags, names[i]) != 0) { +- ERROR("Failed to append image to tags: %s", names[i]); +- ret = -1; +- goto out; +- } +- } +- } +- +- if (util_array_len((const char **)(*image_digests)) > 0) { +- free(*first_name); +- *first_name = util_strdup_s((*image_digests)[0]); +- } +- +- if (util_array_len((const char **)(*image_tags)) > 0) { +- free(*first_name); +- *first_name = util_strdup_s((*image_tags)[0]); +- } +- +-out: +- if (ret != 0) { +- util_free_array(*image_digests); +- util_free_array(*image_tags); +- free(*first_name); +- } +- free(prefix); +- return ret; +-} +- +-// Validate checks that the contents is a valid digest +-static bool validate_digest(const char *digest) +-{ +- bool ret = true; +- const char *sha256_encode_patten = "^[a-f0-9]{64}$"; +- char *value = util_strdup_s(digest); +- char *index = strchr(value, ':'); +- char *alg = NULL; +- char *encode = NULL; +- +- // contains ':' and is not the last character +- if (index == NULL || index - value + 1 == strlen(value)) { +- INFO("Invalid checksum digest format"); +- ret = false; +- goto out; +- } +- +- *index++ = '\0'; +- +- alg = value; +- encode = index; +- // Currently only support SHA256 algorithm +- if (strcmp(alg, "sha256") != 0) { +- DEBUG("Unsupported digest algorithm: %s", alg); +- ret = false; +- goto out; +- } +- +- ret = util_reg_match(sha256_encode_patten, encode) == 0; +- +-out: +- free(value); +- return ret; +-} +- +-// Parsing a reference string as a possible identifier, full digest, or familiar name. +-static char *parse_digest_reference(const char *ref) +-{ +- char *indentfier_patten = "^[a-f0-9]{64}$"; +- +- if (util_reg_match(indentfier_patten, ref) == 0) { +- return util_string_append(ref, "sha256:"); +- } +- +- if (validate_digest(ref)) { +- return util_strdup_s(ref); +- } +- +- return oci_normalize_image_name(ref); +-} +- + static int pack_repo_digest(char ***old_repo_digests, const char **image_tags, const char *digest, char ***repo_digests) + { + int ret = 0; +-- +2.42.0 + diff --git a/0181-bugfix-for-resort_image_names.patch b/0181-bugfix-for-resort_image_names.patch new file mode 100644 index 0000000..b95e04d --- /dev/null +++ b/0181-bugfix-for-resort_image_names.patch @@ -0,0 +1,26 @@ +From 975ddeeb65836da31222c8c4da82e408c741a33f Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Mon, 18 Dec 2023 20:59:46 +0800 +Subject: [PATCH 181/181] bugfix for resort_image_names + +Signed-off-by: zhongtao +--- + src/daemon/modules/image/oci/storage/image_store/image_store.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c +index cd827a2d..41587f6e 100644 +--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c ++++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c +@@ -473,6 +473,8 @@ static int resort_image_names(const char **names, size_t names_len, char **first + goto out; + } + } ++ free(prefix); ++ prefix = NULL; + } + + if (first_name == NULL) { +-- +2.42.0 + diff --git a/iSulad.spec b/iSulad.spec index 27f318c..cc7b311 100644 --- a/iSulad.spec +++ b/iSulad.spec @@ -1,5 +1,5 @@ %global _version 2.0.18 -%global _release 13 +%global _release 14 %global is_systemd 1 %global enable_shimv2 1 %global is_embedded 1 @@ -158,11 +158,46 @@ Patch0142: 0142-improve-report-error-message-of-client.patch Patch0143: 0143-adapt-new-error-message-for-isula-cp.patch Patch0144: 0144-2178-clean-path-for-fpath-and-verify-chain-id.patch Patch0145: 0145-2179-modify-the-permissions-of-tmpdir-and-file-lock-.patch +Patch0146: 0146-2195-Add-retry-function-for-bigdata_stream_runc.patch +Patch0147: 0147-2213-bugfix-for-rt_isula_exec_resize.patch +Patch0148: 0148-2214-imporove-isula_rt_opts-code.patch +Patch0149: 0149-refactor-update-possible-changed-resources-for-oci-s.patch +Patch0150: 0150-add-CI-testcase-for-update-oci-spec-in-start-op.patch +Patch0151: 0151-2239-delete-the-disabled-reload-configuration-in-isu.patch +Patch0152: 0152-2240-modify-the-default-value-of-EANBLE_IMAGE_LIBARA.patch +Patch0153: 0153-improve-event-logs.patch +Patch0154: 0154-2257-disable-grpc-remote-connect-by-default.patch +Patch0155: 0155-2258-rollback-commit-for-update-possible-changed-res.patch +Patch0156: 0156-2259-lcr-container-with-a-damaged-config-file-will-r.patch +Patch0157: 0157-2263-use-dev-random-to-replace-dev-urandom.patch +Patch0158: 0158-2264-bugfix-for-runc-container-exec.patch +Patch0159: 0159-2262-bugfix-of-update-restart-policy-for-auto-remove.patch +Patch0160: 0160-2265-use-dev-urandom-to-replace-dev-random.patch +Patch0161: 0161-open-ENABLE_GRPC_REMOTE_CONNECT-in-CI-and-bugfix-for.patch +Patch0162: 0162-2274-bugfix-for-rt_lcr_rebuild_config.patch +Patch0163: 0163-use-RAND_bytes-to-replace-dev-urandom.patch +Patch0164: 0164-fix-the-problem-of-abnormal-branches-not-waiting-for.patch +Patch0165: 0165-2286-bugfix-for-the-bliko-zero-value-exception-when-.patch +Patch0166: 0166-move-variable-declaration-out-of-loop.patch +Patch0167: 0167-fix-error-for-cat-bigdata-in-oci-runtime.patch +Patch0168: 0168-use-a-timeout-epoll-loop-to-ensure-complete-data-rec.patch +Patch0169: 0169-2293-reduce-epoll-loop-timeout-time.patch +Patch0170: 0170-2294-keep-the-service-status-unchanged-after-iSulad-.patch +Patch0171: 0171-2299-remove-close-fd-from-stdout_cb-and-stderr_cb.patch +Patch0172: 0172-add-ut-for-devicemapper.patch +Patch0173: 0173-remove-build-and-test-in-coverage.patch +Patch0174: 0174-modify-the-default-value-of-ISULAD_TMPDIR-to-var-lib.patch +Patch0175: 0175-prevent-the-parent-dir-from-being-bind-mounted-to-th.patch +Patch0176: 0176-verify-the-mount-dir-first-and-then-create-tmpdir.patch +Patch0177: 0177-bugfix-del-redundant-code.patch +Patch0178: 0178-remove-var-in-coverage-and-fix-build-test-remove.patch +Patch0179: 0179-code-improve-for-oci_rmi.patch +Patch0180: 0180-verify-name-and-digest-consistency.patch +Patch0181: 0181-bugfix-for-resort_image_names.patch %ifarch x86_64 aarch64 Provides: libhttpclient.so()(64bit) Provides: libisula.so()(64bit) -Provides: libisulad_img.so()(64bit) Provides: libisulad_tools.so()(64bit) %endif @@ -243,8 +278,8 @@ cd build %check %if %{defined openeuler} cd build -# registry_images_ut and volume_ut must run with root user -ctest -E "registry_images_ut|volume_ut" +# registry_images_ut ,volume_ut and driver_devmapper_ut must run with root user +ctest -E "registry_images_ut|volume_ut|driver_devmapper_ut" %endif %install @@ -254,7 +289,6 @@ install -d $RPM_BUILD_ROOT/%{_libdir} install -m 0755 ./src/libisula.so %{buildroot}/%{_libdir}/libisula.so install -m 0755 ./src/utils/http/libhttpclient.so %{buildroot}/%{_libdir}/libhttpclient.so install -m 0755 ./src/libisulad_tools.so %{buildroot}/%{_libdir}/libisulad_tools.so -install -m 0755 ./src/daemon/modules/image/libisulad_img.so %{buildroot}/%{_libdir}/libisulad_img.so install -d $RPM_BUILD_ROOT/%{_libdir}/pkgconfig install -m 0640 ./conf/isulad.pc %{buildroot}/%{_libdir}/pkgconfig/isulad.pc @@ -267,7 +301,6 @@ install -m 0755 ./src/isulad-shim %{buildroot}/%{_bindir}/isulad-shim install -m 0755 ./src/isulad %{buildroot}/%{_bindir}/isulad install -d $RPM_BUILD_ROOT/%{_includedir}/isulad -install -m 0644 ../src/daemon/modules/api/image_api.h %{buildroot}/%{_includedir}/isulad/image_api.h install -d $RPM_BUILD_ROOT/%{_sysconfdir}/isulad install -m 0640 ../src/contrib/config/daemon.json %{buildroot}/%{_sysconfdir}/isulad/daemon.json @@ -384,7 +417,6 @@ fi %{_initddir}/isulad.init %attr(0640,root,root) %{_initddir}/isulad.init %endif -%{_includedir}/isulad/* %attr(0755,root,root) %{_libdir}/pkgconfig %attr(0640,root,root) %{_libdir}/pkgconfig/isulad.pc %defattr(0755,root,root,0755) @@ -402,6 +434,12 @@ fi %endif %changelog +* Thu Dec 21 2023 zhongtao - 2.0.18-13 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: upgrade from upstream + * Mon Sep 18 2023 zhongtao - 2.0.18-13 - Type: bugfix - ID: NA -- Gitee