diff --git a/0015-fix-invalid-args-len-set-in-execute_lxc_attach.patch b/0015-fix-invalid-args-len-set-in-execute_lxc_attach.patch new file mode 100644 index 0000000000000000000000000000000000000000..51af9cc6891561205496cc8b3267ae7d8bc7144d --- /dev/null +++ b/0015-fix-invalid-args-len-set-in-execute_lxc_attach.patch @@ -0,0 +1,32 @@ +From 402f757eb53038d17c4b5ec48dbdd86df7006957 Mon Sep 17 00:00:00 2001 +From: jikai +Date: Mon, 8 Jul 2024 12:05:46 +0000 +Subject: [PATCH 16/18] fix invalid args len set in execute_lxc_attach + +Signed-off-by: jikai +--- + src/runtime/lcrcontainer_execute.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/src/runtime/lcrcontainer_execute.c b/src/runtime/lcrcontainer_execute.c +index 251fb85..e4cdcc1 100644 +--- a/src/runtime/lcrcontainer_execute.c ++++ b/src/runtime/lcrcontainer_execute.c +@@ -836,7 +836,13 @@ static void execute_lxc_attach(const char *name, const char *path, const struct + exit(EXIT_FAILURE); + } + +- args_len = args_len + request->args_len + request->env_len; ++ if (args_len > SIZE_MAX - request->args_len || request->env_len > SIZE_MAX / 2 ++ || args_len + request->args_len > SIZE_MAX - request->env_len * 2) { ++ COMMAND_ERROR("Too many arguments"); ++ exit(EXIT_FAILURE); ++ } ++ ++ args_len = args_len + request->args_len + request->env_len * 2; + + params = isula_smart_calloc_s(sizeof(char *), args_len); + if (params == NULL) { +-- +2.25.1 + diff --git a/0016-add-nri-definitions.patch b/0016-add-nri-definitions.patch new file mode 100644 index 0000000000000000000000000000000000000000..e691e0ca4f36ad2bd8d59bc099e2b9809593ec8e --- /dev/null +++ b/0016-add-nri-definitions.patch @@ -0,0 +1,985 @@ +From 2560ee5a4765d7e378eb906da2e84dc1d3202e30 Mon Sep 17 00:00:00 2001 +From: jikai +Date: Sat, 6 Jul 2024 03:14:43 +0000 +Subject: [PATCH 17/18] add nri definitions + +Signed-off-by: jikai +--- + src/json/schema/nri/configure-request.json | 15 ++++++ + src/json/schema/nri/configure-response.json | 9 ++++ + src/json/schema/nri/container-adjustment.json | 33 ++++++++++++ + src/json/schema/nri/container-eviction.json | 12 +++++ + src/json/schema/nri/container-update.json | 15 ++++++ + src/json/schema/nri/container.json | 51 +++++++++++++++++++ + .../schema/nri/create-container-request.json | 12 +++++ + .../schema/nri/create-container-response.json | 21 ++++++++ + src/json/schema/nri/hook.json | 18 +++++++ + src/json/schema/nri/hooks.json | 42 +++++++++++++++ + src/json/schema/nri/hugepage-limit.json | 12 +++++ + src/json/schema/nri/key-value.json | 12 +++++ + .../nri/linux-container-adjustment.json | 18 +++++++ + .../schema/nri/linux-container-update.json | 9 ++++ + src/json/schema/nri/linux-container.json | 27 ++++++++++ + src/json/schema/nri/linux-cpu.json | 27 ++++++++++ + src/json/schema/nri/linux-device-cgroup.json | 21 ++++++++ + src/json/schema/nri/linux-device.json | 27 ++++++++++ + src/json/schema/nri/linux-memory.json | 30 +++++++++++ + src/json/schema/nri/linux-namespace.json | 12 +++++ + src/json/schema/nri/linux-pod-sandbox.json | 27 ++++++++++ + src/json/schema/nri/linux-resources.json | 33 ++++++++++++ + src/json/schema/nri/mount.json | 18 +++++++ + src/json/schema/nri/pod-sandbox.json | 33 ++++++++++++ + src/json/schema/nri/posix-rlimit.json | 15 ++++++ + .../schema/nri/register-plugin-request.json | 12 +++++ + src/json/schema/nri/state-change-event.json | 15 ++++++ + .../schema/nri/stop-container-request.json | 12 +++++ + .../schema/nri/stop-container-response.json | 12 +++++ + src/json/schema/nri/synchronize-request.json | 18 +++++++ + src/json/schema/nri/synchronize-response.json | 12 +++++ + .../schema/nri/update-container-request.json | 15 ++++++ + .../schema/nri/update-container-response.json | 18 +++++++ + .../schema/nri/update-containers-request.json | 18 +++++++ + .../nri/update-containers-response.json | 12 +++++ + 35 files changed, 693 insertions(+) + create mode 100644 src/json/schema/nri/configure-request.json + create mode 100644 src/json/schema/nri/configure-response.json + create mode 100644 src/json/schema/nri/container-adjustment.json + create mode 100644 src/json/schema/nri/container-eviction.json + create mode 100644 src/json/schema/nri/container-update.json + create mode 100644 src/json/schema/nri/container.json + create mode 100644 src/json/schema/nri/create-container-request.json + create mode 100644 src/json/schema/nri/create-container-response.json + create mode 100644 src/json/schema/nri/hook.json + create mode 100644 src/json/schema/nri/hooks.json + create mode 100644 src/json/schema/nri/hugepage-limit.json + create mode 100644 src/json/schema/nri/key-value.json + create mode 100644 src/json/schema/nri/linux-container-adjustment.json + create mode 100644 src/json/schema/nri/linux-container-update.json + create mode 100644 src/json/schema/nri/linux-container.json + create mode 100644 src/json/schema/nri/linux-cpu.json + create mode 100644 src/json/schema/nri/linux-device-cgroup.json + create mode 100644 src/json/schema/nri/linux-device.json + create mode 100644 src/json/schema/nri/linux-memory.json + create mode 100644 src/json/schema/nri/linux-namespace.json + create mode 100644 src/json/schema/nri/linux-pod-sandbox.json + create mode 100644 src/json/schema/nri/linux-resources.json + create mode 100644 src/json/schema/nri/mount.json + create mode 100644 src/json/schema/nri/pod-sandbox.json + create mode 100644 src/json/schema/nri/posix-rlimit.json + create mode 100644 src/json/schema/nri/register-plugin-request.json + create mode 100644 src/json/schema/nri/state-change-event.json + create mode 100644 src/json/schema/nri/stop-container-request.json + create mode 100644 src/json/schema/nri/stop-container-response.json + create mode 100644 src/json/schema/nri/synchronize-request.json + create mode 100644 src/json/schema/nri/synchronize-response.json + create mode 100644 src/json/schema/nri/update-container-request.json + create mode 100644 src/json/schema/nri/update-container-response.json + create mode 100644 src/json/schema/nri/update-containers-request.json + create mode 100644 src/json/schema/nri/update-containers-response.json + +diff --git a/src/json/schema/nri/configure-request.json b/src/json/schema/nri/configure-request.json +new file mode 100644 +index 0000000..895d565 +--- /dev/null ++++ b/src/json/schema/nri/configure-request.json +@@ -0,0 +1,15 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "config": { ++ "type": "string" ++ }, ++ "runtime_name": { ++ "type": "string" ++ }, ++ "runtime_version": { ++ "type": "string" ++ } ++ } ++} +diff --git a/src/json/schema/nri/configure-response.json b/src/json/schema/nri/configure-response.json +new file mode 100644 +index 0000000..e18ef06 +--- /dev/null ++++ b/src/json/schema/nri/configure-response.json +@@ -0,0 +1,9 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "events": { ++ "$ref": "../defs.json#/definitions/int32" ++ } ++ } ++} +diff --git a/src/json/schema/nri/container-adjustment.json b/src/json/schema/nri/container-adjustment.json +new file mode 100644 +index 0000000..e656e66 +--- /dev/null ++++ b/src/json/schema/nri/container-adjustment.json +@@ -0,0 +1,33 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "annotations": { ++ "$ref": "../defs.json#/definitions/mapStringString" ++ }, ++ "mounts": { ++ "type": "array", ++ "items": { ++ "$ref": "mount.json" ++ } ++ }, ++ "env": { ++ "type": "array", ++ "items": { ++ "$ref": "key-value.json" ++ } ++ }, ++ "hooks": { ++ "$ref": "hooks.json" ++ }, ++ "linux": { ++ "$ref": "linux-container-adjustment.json" ++ }, ++ "rlimits": { ++ "type": "array", ++ "items": { ++ "$ref": "posix-rlimit.json" ++ } ++ } ++ } ++} +diff --git a/src/json/schema/nri/container-eviction.json b/src/json/schema/nri/container-eviction.json +new file mode 100644 +index 0000000..c7530c3 +--- /dev/null ++++ b/src/json/schema/nri/container-eviction.json +@@ -0,0 +1,12 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "container_id": { ++ "type": "string" ++ }, ++ "reason": { ++ "type": "string" ++ } ++ } ++} +diff --git a/src/json/schema/nri/container-update.json b/src/json/schema/nri/container-update.json +new file mode 100644 +index 0000000..b1fb034 +--- /dev/null ++++ b/src/json/schema/nri/container-update.json +@@ -0,0 +1,15 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "container_id": { ++ "type": "string" ++ }, ++ "linux": { ++ "$ref": "linux-container-update.json" ++ }, ++ "ignore_failure": { ++ "$ref": "../defs.json#/definitions/uint8" ++ } ++ } ++} +diff --git a/src/json/schema/nri/container.json b/src/json/schema/nri/container.json +new file mode 100644 +index 0000000..9a48765 +--- /dev/null ++++ b/src/json/schema/nri/container.json +@@ -0,0 +1,51 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "id": { ++ "type": "string" ++ }, ++ "pod_sandbox_id": { ++ "type": "string" ++ }, ++ "name": { ++ "type": "string" ++ }, ++ "state": { ++ "$ref": "../defs.json#/definitions/int32" ++ }, ++ "labels": { ++ "$ref": "../defs.json#/definitions/mapStringString" ++ }, ++ "annotations": { ++ "$ref": "../defs.json#/definitions/mapStringString" ++ }, ++ "args": { ++ "$ref": "../defs.json#/definitions/ArrayOfStrings" ++ }, ++ "env": { ++ "$ref": "../defs.json#/definitions/ArrayOfStrings" ++ }, ++ "mounts": { ++ "type": "array", ++ "items": { ++ "$ref": "mount.json" ++ } ++ }, ++ "hooks": { ++ "$ref": "hooks.json" ++ }, ++ "linux": { ++ "$ref": "linux-container.json" ++ }, ++ "pid": { ++ "$ref": "../defs.json#/definitions/uint32" ++ }, ++ "rlimits": { ++ "type": "array", ++ "items": { ++ "$ref": "posix-rlimit.json" ++ } ++ } ++ } ++} +diff --git a/src/json/schema/nri/create-container-request.json b/src/json/schema/nri/create-container-request.json +new file mode 100644 +index 0000000..1a9d17c +--- /dev/null ++++ b/src/json/schema/nri/create-container-request.json +@@ -0,0 +1,12 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "pod": { ++ "$ref": "pod-sandbox.json" ++ }, ++ "container": { ++ "$ref": "container.json" ++ } ++ } ++} +diff --git a/src/json/schema/nri/create-container-response.json b/src/json/schema/nri/create-container-response.json +new file mode 100644 +index 0000000..5f82ae5 +--- /dev/null ++++ b/src/json/schema/nri/create-container-response.json +@@ -0,0 +1,21 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "adjust": { ++ "$ref": "container-adjustment.json" ++ }, ++ "update": { ++ "type": "array", ++ "items": { ++ "$ref": "container-update.json" ++ } ++ }, ++ "evict": { ++ "type": "array", ++ "items": { ++ "$ref": "container-eviction.json" ++ } ++ } ++ } ++} +diff --git a/src/json/schema/nri/hook.json b/src/json/schema/nri/hook.json +new file mode 100644 +index 0000000..b7bb093 +--- /dev/null ++++ b/src/json/schema/nri/hook.json +@@ -0,0 +1,18 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "path": { ++ "type": "string" ++ }, ++ "args": { ++ "$ref": "../defs.json#/definitions/ArrayOfStrings" ++ }, ++ "env": { ++ "$ref": "../defs.json#/definitions/ArrayOfStrings" ++ }, ++ "timeout": { ++ "$ref": "../defs.json#/definitions/int64Pointer" ++ } ++ } ++} +diff --git a/src/json/schema/nri/hooks.json b/src/json/schema/nri/hooks.json +new file mode 100644 +index 0000000..c2a42a9 +--- /dev/null ++++ b/src/json/schema/nri/hooks.json +@@ -0,0 +1,42 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "prestart": { ++ "type": "array", ++ "items": { ++ "$ref": "hook.json" ++ } ++ }, ++ "create_runtime": { ++ "type": "array", ++ "items": { ++ "$ref": "hook.json" ++ } ++ }, ++ "create_container": { ++ "type": "array", ++ "items": { ++ "$ref": "hook.json" ++ } ++ }, ++ "start_container": { ++ "type": "array", ++ "items": { ++ "$ref": "hook.json" ++ } ++ }, ++ "poststart": { ++ "type": "array", ++ "items": { ++ "$ref": "hook.json" ++ } ++ }, ++ "poststop": { ++ "type": "array", ++ "items": { ++ "$ref": "hook.json" ++ } ++ } ++ } ++} +diff --git a/src/json/schema/nri/hugepage-limit.json b/src/json/schema/nri/hugepage-limit.json +new file mode 100644 +index 0000000..ce909ef +--- /dev/null ++++ b/src/json/schema/nri/hugepage-limit.json +@@ -0,0 +1,12 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "page_size": { ++ "type": "string" ++ }, ++ "limit": { ++ "$ref": "../defs.json#/definitions/uint64" ++ } ++ } ++} +diff --git a/src/json/schema/nri/key-value.json b/src/json/schema/nri/key-value.json +new file mode 100644 +index 0000000..f6eedc6 +--- /dev/null ++++ b/src/json/schema/nri/key-value.json +@@ -0,0 +1,12 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "key": { ++ "type": "string" ++ }, ++ "value": { ++ "type": "string" ++ } ++ } ++} +diff --git a/src/json/schema/nri/linux-container-adjustment.json b/src/json/schema/nri/linux-container-adjustment.json +new file mode 100644 +index 0000000..54d16e7 +--- /dev/null ++++ b/src/json/schema/nri/linux-container-adjustment.json +@@ -0,0 +1,18 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "devices": { ++ "type": "array", ++ "items": { ++ "$ref": "linux-device.json" ++ } ++ }, ++ "resources": { ++ "$ref": "linux-resources.json" ++ }, ++ "cgroups-path": { ++ "type": "string" ++ } ++ } ++} +diff --git a/src/json/schema/nri/linux-container-update.json b/src/json/schema/nri/linux-container-update.json +new file mode 100644 +index 0000000..ddc627d +--- /dev/null ++++ b/src/json/schema/nri/linux-container-update.json +@@ -0,0 +1,9 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "resources": { ++ "$ref": "linux-resources.json" ++ } ++ } ++} +diff --git a/src/json/schema/nri/linux-container.json b/src/json/schema/nri/linux-container.json +new file mode 100644 +index 0000000..72978db +--- /dev/null ++++ b/src/json/schema/nri/linux-container.json +@@ -0,0 +1,27 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "namespaces": { ++ "type": "array", ++ "items": { ++ "$ref": "linux-namespace.json" ++ } ++ }, ++ "devices": { ++ "type": "array", ++ "items": { ++ "$ref": "linux-device.json" ++ } ++ }, ++ "resources": { ++ "$ref": "linux-resources.json" ++ }, ++ "oom_score_adj": { ++ "$ref": "../defs.json#/definitions/int64Pointer" ++ }, ++ "cgroups_path": { ++ "type": "string" ++ } ++ } ++} +diff --git a/src/json/schema/nri/linux-cpu.json b/src/json/schema/nri/linux-cpu.json +new file mode 100644 +index 0000000..c8cdf95 +--- /dev/null ++++ b/src/json/schema/nri/linux-cpu.json +@@ -0,0 +1,27 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "shares": { ++ "$ref": "../defs.json#/definitions/uint64Pointer" ++ }, ++ "quota": { ++ "$ref": "../defs.json#/definitions/int64Pointer" ++ }, ++ "period": { ++ "$ref": "../defs.json#/definitions/uint64Pointer" ++ }, ++ "realtime_runtime": { ++ "$ref": "../defs.json#/definitions/int64Pointer" ++ }, ++ "realtime_period": { ++ "$ref": "../defs.json#/definitions/uint64Pointer" ++ }, ++ "cpus": { ++ "type": "string" ++ }, ++ "mems": { ++ "type": "string" ++ } ++ } ++} +diff --git a/src/json/schema/nri/linux-device-cgroup.json b/src/json/schema/nri/linux-device-cgroup.json +new file mode 100644 +index 0000000..feac3c8 +--- /dev/null ++++ b/src/json/schema/nri/linux-device-cgroup.json +@@ -0,0 +1,21 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "allow": { ++ "$ref": "../defs.json#/definitions/uint8" ++ }, ++ "type": { ++ "type": "string" ++ }, ++ "major": { ++ "$ref": "../defs.json#/definitions/int64Pointer" ++ }, ++ "minor": { ++ "$ref": "../defs.json#/definitions/int64Pointer" ++ }, ++ "access": { ++ "type": "string" ++ } ++ } ++} +diff --git a/src/json/schema/nri/linux-device.json b/src/json/schema/nri/linux-device.json +new file mode 100644 +index 0000000..a7db26e +--- /dev/null ++++ b/src/json/schema/nri/linux-device.json +@@ -0,0 +1,27 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "path": { ++ "type": "string" ++ }, ++ "type": { ++ "type": "string" ++ }, ++ "major": { ++ "$ref": "../defs.json#/definitions/int64" ++ }, ++ "minor": { ++ "$ref": "../defs.json#/definitions/int64" ++ }, ++ "file_mode": { ++ "$ref": "../defs.json#/definitions/uint32Pointer" ++ }, ++ "uid": { ++ "$ref": "../defs.json#/definitions/uint32Pointer" ++ }, ++ "gid": { ++ "$ref": "../defs.json#/definitions/uint32Pointer" ++ } ++ } ++} +diff --git a/src/json/schema/nri/linux-memory.json b/src/json/schema/nri/linux-memory.json +new file mode 100644 +index 0000000..a5a841f +--- /dev/null ++++ b/src/json/schema/nri/linux-memory.json +@@ -0,0 +1,30 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "limit": { ++ "$ref": "../defs.json#/definitions/int64Pointer" ++ }, ++ "reservation": { ++ "$ref": "../defs.json#/definitions/int64Pointer" ++ }, ++ "swap": { ++ "$ref": "../defs.json#/definitions/int64Pointer" ++ }, ++ "kernel": { ++ "$ref": "../defs.json#/definitions/int64Pointer" ++ }, ++ "kernel_tcp": { ++ "$ref": "../defs.json#/definitions/int64Pointer" ++ }, ++ "swappiness": { ++ "$ref": "../defs.json#/definitions/uint64Pointer" ++ }, ++ "disable_oom_killer": { ++ "$ref": "../defs.json#/definitions/uint8Pointer" ++ }, ++ "use_hierarchy": { ++ "$ref": "../defs.json#/definitions/uint8Pointer" ++ } ++ } ++} +diff --git a/src/json/schema/nri/linux-namespace.json b/src/json/schema/nri/linux-namespace.json +new file mode 100644 +index 0000000..9e1e386 +--- /dev/null ++++ b/src/json/schema/nri/linux-namespace.json +@@ -0,0 +1,12 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "type": { ++ "type": "string" ++ }, ++ "path": { ++ "type": "string" ++ } ++ } ++} +diff --git a/src/json/schema/nri/linux-pod-sandbox.json b/src/json/schema/nri/linux-pod-sandbox.json +new file mode 100644 +index 0000000..0c963be +--- /dev/null ++++ b/src/json/schema/nri/linux-pod-sandbox.json +@@ -0,0 +1,27 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "pod_overhead": { ++ "$ref": "linux-resources.json" ++ }, ++ "pod_resources": { ++ "$ref": "linux-resources.json" ++ }, ++ "cgroup_parent": { ++ "type": "string" ++ }, ++ "cgroups_path": { ++ "type": "string" ++ }, ++ "namespaces": { ++ "type": "array", ++ "items": { ++ "$ref": "linux-namespace.json" ++ } ++ }, ++ "resources": { ++ "$ref": "linux-resources.json" ++ } ++ } ++} +diff --git a/src/json/schema/nri/linux-resources.json b/src/json/schema/nri/linux-resources.json +new file mode 100644 +index 0000000..1d16960 +--- /dev/null ++++ b/src/json/schema/nri/linux-resources.json +@@ -0,0 +1,33 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "memory": { ++ "$ref": "linux-memory.json" ++ }, ++ "cpu": { ++ "$ref": "linux-cpu.json" ++ }, ++ "hugepage_limits": { ++ "type": "array", ++ "items": { ++ "$ref": "hugepage-limit.json" ++ } ++ }, ++ "blockio_class": { ++ "type": "string" ++ }, ++ "rdt_class": { ++ "type": "string" ++ }, ++ "unified": { ++ "$ref": "../defs.json#/definitions/mapStringString" ++ }, ++ "devices": { ++ "type": "array", ++ "items": { ++ "$ref": "linux-device-cgroup.json" ++ } ++ } ++ } ++} +diff --git a/src/json/schema/nri/mount.json b/src/json/schema/nri/mount.json +new file mode 100644 +index 0000000..ae9c666 +--- /dev/null ++++ b/src/json/schema/nri/mount.json +@@ -0,0 +1,18 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "destination": { ++ "type": "string" ++ }, ++ "type": { ++ "type": "string" ++ }, ++ "source": { ++ "type": "string" ++ }, ++ "options": { ++ "$ref": "../defs.json#/definitions/ArrayOfStrings" ++ } ++ } ++} +diff --git a/src/json/schema/nri/pod-sandbox.json b/src/json/schema/nri/pod-sandbox.json +new file mode 100644 +index 0000000..85a1284 +--- /dev/null ++++ b/src/json/schema/nri/pod-sandbox.json +@@ -0,0 +1,33 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "id": { ++ "type": "string" ++ }, ++ "name": { ++ "type": "string" ++ }, ++ "uid": { ++ "type": "string" ++ }, ++ "_namespace": { ++ "type": "string" ++ }, ++ "labels": { ++ "$ref": "../defs.json#/definitions/mapStringString" ++ }, ++ "annotations": { ++ "$ref": "../defs.json#/definitions/mapStringString" ++ }, ++ "runtime_handler": { ++ "type": "string" ++ }, ++ "linux": { ++ "$ref": "linux-pod-sandbox.json" ++ }, ++ "pid": { ++ "$ref": "../defs.json#/definitions/uint32" ++ } ++ } ++} +diff --git a/src/json/schema/nri/posix-rlimit.json b/src/json/schema/nri/posix-rlimit.json +new file mode 100644 +index 0000000..1ba8e20 +--- /dev/null ++++ b/src/json/schema/nri/posix-rlimit.json +@@ -0,0 +1,15 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "type": { ++ "type": "string" ++ }, ++ "hard": { ++ "$ref": "../defs.json#/definitions/uint64" ++ }, ++ "soft": { ++ "$ref": "../defs.json#/definitions/uint64" ++ } ++ } ++} +diff --git a/src/json/schema/nri/register-plugin-request.json b/src/json/schema/nri/register-plugin-request.json +new file mode 100644 +index 0000000..436264a +--- /dev/null ++++ b/src/json/schema/nri/register-plugin-request.json +@@ -0,0 +1,12 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "plugin_name": { ++ "type": "string" ++ }, ++ "plugin_idx": { ++ "type": "string" ++ } ++ } ++} +diff --git a/src/json/schema/nri/state-change-event.json b/src/json/schema/nri/state-change-event.json +new file mode 100644 +index 0000000..0131aeb +--- /dev/null ++++ b/src/json/schema/nri/state-change-event.json +@@ -0,0 +1,15 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "event": { ++ "$ref": "../defs.json#/definitions/int32" ++ }, ++ "pod": { ++ "$ref": "pod-sandbox.json" ++ }, ++ "container": { ++ "$ref": "container.json" ++ } ++ } ++} +diff --git a/src/json/schema/nri/stop-container-request.json b/src/json/schema/nri/stop-container-request.json +new file mode 100644 +index 0000000..1a9d17c +--- /dev/null ++++ b/src/json/schema/nri/stop-container-request.json +@@ -0,0 +1,12 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "pod": { ++ "$ref": "pod-sandbox.json" ++ }, ++ "container": { ++ "$ref": "container.json" ++ } ++ } ++} +diff --git a/src/json/schema/nri/stop-container-response.json b/src/json/schema/nri/stop-container-response.json +new file mode 100644 +index 0000000..bf535f6 +--- /dev/null ++++ b/src/json/schema/nri/stop-container-response.json +@@ -0,0 +1,12 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "update": { ++ "type": "array", ++ "items": { ++ "$ref": "container-update.json" ++ } ++ } ++ } ++} +diff --git a/src/json/schema/nri/synchronize-request.json b/src/json/schema/nri/synchronize-request.json +new file mode 100644 +index 0000000..689baff +--- /dev/null ++++ b/src/json/schema/nri/synchronize-request.json +@@ -0,0 +1,18 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "pods": { ++ "type": "array", ++ "items": { ++ "$ref": "pod-sandbox.json" ++ } ++ }, ++ "containers": { ++ "type": "array", ++ "items": { ++ "$ref": "container.json" ++ } ++ } ++ } ++} +diff --git a/src/json/schema/nri/synchronize-response.json b/src/json/schema/nri/synchronize-response.json +new file mode 100644 +index 0000000..bf535f6 +--- /dev/null ++++ b/src/json/schema/nri/synchronize-response.json +@@ -0,0 +1,12 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "update": { ++ "type": "array", ++ "items": { ++ "$ref": "container-update.json" ++ } ++ } ++ } ++} +diff --git a/src/json/schema/nri/update-container-request.json b/src/json/schema/nri/update-container-request.json +new file mode 100644 +index 0000000..782481c +--- /dev/null ++++ b/src/json/schema/nri/update-container-request.json +@@ -0,0 +1,15 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "pod": { ++ "$ref": "pod-sandbox.json" ++ }, ++ "container": { ++ "$ref": "container.json" ++ }, ++ "linux_resources": { ++ "$ref": "linux-resources.json" ++ } ++ } ++} +diff --git a/src/json/schema/nri/update-container-response.json b/src/json/schema/nri/update-container-response.json +new file mode 100644 +index 0000000..affee62 +--- /dev/null ++++ b/src/json/schema/nri/update-container-response.json +@@ -0,0 +1,18 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "update": { ++ "type": "array", ++ "items": { ++ "$ref": "container-update.json" ++ } ++ }, ++ "evict": { ++ "type": "array", ++ "items": { ++ "$ref": "container-eviction.json" ++ } ++ } ++ } ++} +diff --git a/src/json/schema/nri/update-containers-request.json b/src/json/schema/nri/update-containers-request.json +new file mode 100644 +index 0000000..affee62 +--- /dev/null ++++ b/src/json/schema/nri/update-containers-request.json +@@ -0,0 +1,18 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "update": { ++ "type": "array", ++ "items": { ++ "$ref": "container-update.json" ++ } ++ }, ++ "evict": { ++ "type": "array", ++ "items": { ++ "$ref": "container-eviction.json" ++ } ++ } ++ } ++} +diff --git a/src/json/schema/nri/update-containers-response.json b/src/json/schema/nri/update-containers-response.json +new file mode 100644 +index 0000000..361e134 +--- /dev/null ++++ b/src/json/schema/nri/update-containers-response.json +@@ -0,0 +1,12 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "failed": { ++ "type": "array", ++ "items": { ++ "$ref": "container-update.json" ++ } ++ } ++ } ++} +-- +2.25.1 + diff --git a/0017-add-struct-for-nri.patch b/0017-add-struct-for-nri.patch new file mode 100644 index 0000000000000000000000000000000000000000..e57309fdf5784bb07fbe26ea4aa8430200d7f396 --- /dev/null +++ b/0017-add-struct-for-nri.patch @@ -0,0 +1,60 @@ +From 0f032f9748bdf676355520fdd4d2e89f7a1c4c2f Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Fri, 14 Jun 2024 15:47:08 +0800 +Subject: [PATCH 18/18] add struct for nri + +Signed-off-by: zhongtao +--- + src/json/schema/container/create-request.json | 3 +++ + src/json/schema/isulad-daemon-configs.json | 21 +++++++++++++++++++ + 2 files changed, 24 insertions(+) + +diff --git a/src/json/schema/container/create-request.json b/src/json/schema/container/create-request.json +index 4d9d1ff..e19394d 100644 +--- a/src/json/schema/container/create-request.json ++++ b/src/json/schema/container/create-request.json +@@ -20,6 +20,9 @@ + "sandbox": { + "$ref": "sandbox-info.json" + }, ++ "adjust": { ++ "$ref": "../nri/container-adjustment.json" ++ }, + "hostconfig": { + "type": "string" + }, +diff --git a/src/json/schema/isulad-daemon-configs.json b/src/json/schema/isulad-daemon-configs.json +index cd8948a..7b148bd 100644 +--- a/src/json/schema/isulad-daemon-configs.json ++++ b/src/json/schema/isulad-daemon-configs.json +@@ -100,6 +100,27 @@ + "cni-conf-dir": { + "type": "string" + }, ++ "nri-support" : { ++ "type": "boolean" ++ }, ++ "disable-connections" : { ++ "type": "boolean" ++ }, ++ "plugin_config_path": { ++ "type": "string" ++ }, ++ "plugin_path": { ++ "type": "string" ++ }, ++ "nri_socket_path": { ++ "type": "string" ++ }, ++ "plugin_registration_timeout": { ++ "type": "uint64" ++ }, ++ "plugin_requst_timeout": { ++ "type": "uint64" ++ }, + "image-layer-check": { + "type": "boolean" + }, +-- +2.25.1 + diff --git a/lcr.spec b/lcr.spec index 03c3c5642638d5addbc9c23a335f6d31fe17a307..7583367ac93c2fb786a31583a32f852bc05b5f7c 100644 --- a/lcr.spec +++ b/lcr.spec @@ -1,5 +1,5 @@ %global _version 2.1.4 -%global _release 8 +%global _release 9 %global _inner_name isula_libutils %global enable_lxc 1 @@ -27,6 +27,9 @@ Patch0011: 0011-remove-lcr-created-spec-only-if-create-failed.patch Patch0012: 0012-Fix-info-inproper-data-type-for-timestamp.patch Patch0013: 0013-fix-bug-for-potential-config-seccomp-ocihook-write-e.patch Patch0014: 0014-add-codecheck-fix.patch +Patch0015: 0015-fix-invalid-args-len-set-in-execute_lxc_attach.patch +Patch0016: 0016-add-nri-definitions.patch +Patch0017: 0017-add-struct-for-nri.patch %define lxcver_lower 4.0.3-2022102400 %define lxcver_upper 4.0.3-2022102500 @@ -147,6 +150,12 @@ rm -rf %{buildroot} %{_includedir}/lcr/utils_compile.h %changelog +* Fri Aug 16 2024 zhongtao - 2.1.4-9 +- Type:enhancement +- CVE:NA +- SUG:NA +- DESC:add nri struct definitions + * Tue June 11 2024 jikai - 2.1.4-8 - Type:enhancement - CVE:NA