packages/iSulad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!629 [sync] PR-628: Synchronize branch with 23.09

Browse Source 
* Synchronize branch with 23.09
This commit is contained in:
openeuler-sync-bot 2023-09-22 01:11:11 +00:00 committed by haozi007
parent 69dfcec502
commit f7df931b52
50 changed files with 13359 additions and 3122 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
0001-2155-Use-reference-in-loop-in-listpodsandbox.patch Normal file
View File

@ -0,0 +1,26 @@
From 8dacc4a2740ed3ba99fab88324c50fa37274297d Mon Sep 17 00:00:00 2001
From: xuxuepeng <xuxuepeng1@huawei.com>
Date: Tue, 29 Aug 2023 11:50:52 +0000
Subject: [PATCH 01/32] !2155 Use reference in loop in listpodsandbox * Use
reference in loop in listpodsandbox
---
src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
index 33b700f3..687f4e6d 100644
--- a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
+++ b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
@@ -739,7 +739,7 @@ void PodSandboxManagerService::ListPodSandbox(const runtime::v1::PodSandboxFilte
sandbox::SandboxManager::GetInstance()->ListAllSandboxes(filter, sandboxes);
- for (const auto sandbox : sandboxes) {
+ for (const auto &sandbox : sandboxes) {
std::unique_ptr<runtime::v1::PodSandbox> pod(new runtime::v1::PodSandbox);
pod->set_id(sandbox->GetId());
--
2.25.1

1942
0001-convert-files-from-CRLF-to-LF.patch
View File

File diff suppressed because it is too large Load Diff

28
0002-2156-Fix-sandbox-error-logging.patch Normal file
View File

@ -0,0 +1,28 @@
From cc6302549b722a5c309c90794afe27b2e7e7b29e Mon Sep 17 00:00:00 2001
From: xuxuepeng <xuxuepeng1@huawei.com>
Date: Tue, 29 Aug 2023 13:18:13 +0000
Subject: [PATCH 02/32] !2156 Fix sandbox error logging * Fix sandbox error
logging
---
src/daemon/sandbox/sandbox.cc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/daemon/sandbox/sandbox.cc b/src/daemon/sandbox/sandbox.cc
index 2433e11b..968dae24 100644
--- a/src/daemon/sandbox/sandbox.cc
+++ b/src/daemon/sandbox/sandbox.cc
@@ -581,8 +581,8 @@ auto Sandbox::Create(Errors &error) -> bool
nret = util_mkdir_p(m_rootdir.c_str(), CONFIG_DIRECTORY_MODE);
if (nret != 0 && errno != EEXIST) {
- error.Errorf("Failed to create sandbox path %s", m_rootdir);
- SYSERROR("Failed to create sandbox path %s", m_rootdir);
+ error.Errorf("Failed to create sandbox path %s", m_rootdir.c_str());
+ SYSERROR("Failed to create sandbox path %s", m_rootdir.c_str());
return false;
}
#ifdef ENABLE_USERNS_REMAP
--
2.25.1

26
0002-restore-ping-head.patch
View File

@ -1,26 +0,0 @@
From b20af14432e3befcae1c40de91a4dfb579ccd03b Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sat, 13 May 2023 11:05:35 +0800
Subject: [PATCH 2/9] restore ping head
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
test/image/oci/registry/data/v2/ping_head | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/test/image/oci/registry/data/v2/ping_head b/test/image/oci/registry/data/v2/ping_head
index d9456e50..93742901 100644
--- a/test/image/oci/registry/data/v2/ping_head
+++ b/test/image/oci/registry/data/v2/ping_head
@@ -4,6 +4,6 @@ Date: Thu, 02 Jul 2020 09:14:14 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 2
Connection: keep-alive
-Docker-Distribution-Api-Version: registry/2.0
-
+Docker-Distribution-Api-Version: registry/2.0
+
{"errors":[{"code":"UNAUTHORIZED","message":"Unauthorized access."}]}
--
2.40.1

26
0003-2158-Use-crictl-v1.22.0-for-ci.patch Normal file
View File

@ -0,0 +1,26 @@
From 384940dee7ed5bcc01014520b94917f5782f996e Mon Sep 17 00:00:00 2001
From: xuxuepeng <xuxuepeng1@huawei.com>
Date: Wed, 30 Aug 2023 03:36:45 +0000
Subject: [PATCH 03/32] !2158 Use crictl v1.22.0 for ci * Use crictl v1.22.0
for ci
---
CI/install_depends.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/CI/install_depends.sh b/CI/install_depends.sh
index ff919afe..bff825a8 100755
--- a/CI/install_depends.sh
+++ b/CI/install_depends.sh
@@ -46,7 +46,7 @@ function make_crictl()
cd cri-tools
# crictl v1.18 cannot recognise the SecurityProfile seccomp of LinuxSandboxSecurityContext
# and the LinuxContainerSecurityContext.has_seccomp() always false
- git checkout v1.24.2
+ git checkout v1.22.0
make -j $nproc
echo "make cri-tools: $?"
cp ./build/bin/crictl ${builddir}/bin/
--
2.25.1

42
0003-fix-health_check.sh.patch
View File

@ -1,42 +0,0 @@
From 5bfde56d1130572e9bf76dd0fc40a5f0a34923d2 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sun, 14 May 2023 14:02:48 +0800
Subject: [PATCH 3/9] fix health_check.sh
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
CI/test_cases/container_cases/health_check.sh | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/CI/test_cases/container_cases/health_check.sh b/CI/test_cases/container_cases/health_check.sh
index 621574cd..1542bd09 100755
--- a/CI/test_cases/container_cases/health_check.sh
+++ b/CI/test_cases/container_cases/health_check.sh
@@ -103,7 +103,7 @@ function test_health_check_normally()
[[ $(isula inspect -f '{{.State.Health.Status}}' ${container_name}) == "healthy" ]]
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not healthy" && ((ret++))
- kill -9 $(isula inspect -f '{{.State.Pid}}' ${container_name}) && sleep 1 # Wait for the container to be killed
+ kill -9 $(isula inspect -f '{{.State.Pid}}' ${container_name}) && sleep 2 # Wait for the container to be killed
# The container process exits abnormally and the health check status becomes unhealthy
[[ $(isula inspect -f '{{.State.Health.Status}}' ${container_name}) == "unhealthy" ]]
@@ -139,13 +139,13 @@ function test_health_check_timeout()
[[ $(isula inspect -f '{{.State.Status}}' ${container_name}) == "running" ]]
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container status: not running" && ((ret++))
- sleep 1 # Health check has been performed yet
+ sleep 2 # Health check has been performed yet
# Initial status when the container is still starting
[[ $(isula inspect -f '{{.State.Health.Status}}' ${container_name}) == "starting" ]]
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not starting" && ((ret++))
- sleep 7 # finish first health check
+ sleep 10 # finish first health check
# The container process exits and the health check status becomes unhealthy
[[ $(isula inspect -f '{{.State.Health.Status}}' ${container_name}) == "unhealthy" ]]
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not unhealthy" && ((ret++))
--
2.40.1

113
0004-2162-Fix-rename-issue-for-id-manager.patch Normal file
View File

@ -0,0 +1,113 @@
From 0dbf21e22d51721e43fa2c1abecf30da271501c5 Mon Sep 17 00:00:00 2001
From: xuxuepeng <xuxuepeng1@huawei.com>
Date: Thu, 31 Aug 2023 04:11:22 +0000
Subject: [PATCH 04/32] !2162 Fix rename issue for id manager Merge pull
request !2162 from xuxuepeng/master
---
src/daemon/common/id_name_manager.c | 21 ++++++++++++++++++-
src/daemon/common/id_name_manager.h | 1 +
.../container_cb/execution_information.c | 12 +++++++++++
src/daemon/sandbox/sandbox_manager.cc | 6 ++++--
4 files changed, 37 insertions(+), 3 deletions(-)
diff --git a/src/daemon/common/id_name_manager.c b/src/daemon/common/id_name_manager.c
index e6b24798..3fc1c443 100644
--- a/src/daemon/common/id_name_manager.c
+++ b/src/daemon/common/id_name_manager.c
@@ -382,4 +382,23 @@ bool id_name_manager_remove_entry(const char *id, const char *name)
}
return ret;
-}
\ No newline at end of file
+}
+
+bool id_name_manager_rename(const char *new_name, const char *old_name)
+{
+ if (old_name == NULL || new_name == NULL) {
+ ERROR("Failed to rename empty name");
+ return false;
+ }
+
+ if (!try_add_name(new_name)) {
+ ERROR("Failed to add %s to name map", new_name);
+ return false;
+ }
+
+ if (!try_remove_name(old_name)) {
+ WARN("Failed to remove %s from name map", old_name);
+ }
+
+ return true;
+}
diff --git a/src/daemon/common/id_name_manager.h b/src/daemon/common/id_name_manager.h
index 3c9f6d45..09f0867e 100644
--- a/src/daemon/common/id_name_manager.h
+++ b/src/daemon/common/id_name_manager.h
@@ -27,6 +27,7 @@ bool id_name_manager_add_entry_with_existing_id(const char *id, const char *name
bool id_name_manager_add_entry_with_new_id(const char *name, char **id);
bool id_name_manager_add_entry_with_new_id_and_name(char **id, char **name);
bool id_name_manager_remove_entry(const char *id, const char *name);
+bool id_name_manager_rename(const char *new_name, const char *old_name);
#ifdef __cplusplus
}
diff --git a/src/daemon/executor/container_cb/execution_information.c b/src/daemon/executor/container_cb/execution_information.c
index 28480224..93e5032e 100644
--- a/src/daemon/executor/container_cb/execution_information.c
+++ b/src/daemon/executor/container_cb/execution_information.c
@@ -60,6 +60,7 @@
#include "utils_convert.h"
#include "utils_string.h"
#include "utils_verify.h"
+#include "id_name_manager.h"
static int container_version_cb(const container_version_request *request, container_version_response **response)
{
@@ -1075,11 +1076,22 @@ static int container_rename(container_t *cont, const char *new_name)
goto out;
}
+ if (!id_name_manager_rename(new_name, old_name)) {
+ ERROR("Failed to rename %s to %s in id-name manager", old_name, new_name);
+ isulad_set_error_message("Failed to rename %s to %s in id-name manager", old_name, new_name);
+ ret = -1;
+ goto out;
+ }
+
if (!container_name_index_rename(new_name, old_name, id)) {
ERROR("Name %s is in use", new_name);
isulad_set_error_message("Conflict. The name \"%s\" is already in use by container %s. "
"You have to remove (or rename) that container to be able to reuse that name.",
new_name, new_name);
+ // restore name in id-name manager
+ if (!id_name_manager_rename(old_name, new_name)) {
+ ERROR("Failed to restore name from \"%s\" to \"%s\" in id-name manager", new_name, old_name);
+ }
ret = -1;
goto out;
}
diff --git a/src/daemon/sandbox/sandbox_manager.cc b/src/daemon/sandbox/sandbox_manager.cc
index 527a9aec..e258320a 100644
--- a/src/daemon/sandbox/sandbox_manager.cc
+++ b/src/daemon/sandbox/sandbox_manager.cc
@@ -210,11 +210,13 @@ bool SandboxManager::IDNameManagerRemoveEntry(const std::string &id, const std::
// Save the id and name of the sandbox to the map of the id_name_manager module
bool SandboxManager::IDNameManagerNewEntry(std::string &id, const std::string &name)
{
- __isula_auto_free char *tmpId = NULL;
bool ret = false;
if (id.empty()) {
+ __isula_auto_free char *tmpId = NULL;
ret = id_name_manager_add_entry_with_new_id(name.c_str(), &tmpId);
- id = tmpId;
+ if (tmpId != NULL) {
+ id = tmpId;
+ }
} else {
ret = id_name_manager_add_entry_with_existing_id(id.c_str(), name.c_str());
}
--
2.25.1

62
0004-ensure-isulad_io-not-NULL-before-close-fd.patch
View File

@ -1,62 +0,0 @@
From 2c651d3ed5e7d7d78338ce542e66ee9fb36a9275 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sun, 14 May 2023 14:25:22 +0800
Subject: [PATCH 4/9] ensure isulad_io not NULL before close fd
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/cmd/isulad-shim/process.c | 28 ++++++++++++++++------------
1 file changed, 16 insertions(+), 12 deletions(-)
diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c
index 7716c288..6ad50c53 100644
--- a/src/cmd/isulad-shim/process.c
+++ b/src/cmd/isulad-shim/process.c
@@ -194,6 +194,10 @@ static int stdin_cb(int fd, uint32_t events, void *cbdata, struct epoll_descr *d
} else {
fd_to = &(p->shim_io->in);
}
+
+ if (fd_to == NULL || *fd_to == -1) {
+ return EPOLL_LOOP_HANDLE_CONTINUE;
+ }
w_count = write_nointr_in_total(*fd_to, p->buf, r_count);
if (w_count < 0) {
/* When any error occurs, set the write fd -1 */
@@ -797,21 +801,21 @@ static int init_isulad_stdio(process_t *p)
return SHIM_OK;
failure:
if (p->isulad_io != NULL) {
+ if (p->isulad_io->in > 0) {
+ close(p->isulad_io->in);
+ }
+ if (p->isulad_io->out > 0) {
+ close(p->isulad_io->out);
+ }
+ if (p->isulad_io->err > 0) {
+ close(p->isulad_io->err);
+ }
+ if (p->isulad_io->resize > 0) {
+ close(p->isulad_io->resize);
+ }
free(p->isulad_io);
p->isulad_io = NULL;
}
- if (p->isulad_io->in > 0) {
- close(p->isulad_io->in);
- }
- if (p->isulad_io->out > 0) {
- close(p->isulad_io->out);
- }
- if (p->isulad_io->err > 0) {
- close(p->isulad_io->err);
- }
- if (p->isulad_io->resize > 0) {
- close(p->isulad_io->resize);
- }
return SHIM_ERR;
}
--
2.40.1

936
0005-2163-add-bind-mount-file-lock.patch Normal file
View File

@ -0,0 +1,936 @@
From c1c5159675073450fe13906771cec6f666053380 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Thu, 31 Aug 2023 13:14:02 +0000
Subject: [PATCH 05/32] !2163 add bind mount file lock * add bind mount file
lock
---
src/cmd/isula/stream/cp.c | 66 ++++++-
src/cmd/isulad/main.c | 51 ++++++
src/common/constants.h | 4 +
.../executor/container_cb/execution_stream.c | 23 ++-
src/daemon/modules/image/oci/oci_export.c | 13 +-
src/daemon/modules/image/oci/oci_load.c | 13 +-
.../graphdriver/devmapper/driver_devmapper.c | 12 +-
.../graphdriver/overlay2/driver_overlay2.c | 12 +-
src/utils/tar/isulad_tar.c | 16 +-
src/utils/tar/isulad_tar.h | 4 +-
src/utils/tar/util_archive.c | 163 +++++++++++++++---
src/utils/tar/util_archive.h | 8 +-
12 files changed, 332 insertions(+), 53 deletions(-)
diff --git a/src/cmd/isula/stream/cp.c b/src/cmd/isula/stream/cp.c
index f0cd99c9..b1e3bbd6 100644
--- a/src/cmd/isula/stream/cp.c
+++ b/src/cmd/isula/stream/cp.c
@@ -73,6 +73,44 @@ static void print_copy_from_container_error(const char *ops_err, const char *arc
}
}
+static int client_get_root_dir(const isula_connect_ops *ops, const client_connect_config_t *config, char **root_dir)
+{
+ int ret = 0;
+ struct isula_info_request request = { 0 };
+ struct isula_info_response *response = NULL;
+
+ response = util_common_calloc_s(sizeof(struct isula_info_response));
+ if (response == NULL) {
+ COMMAND_ERROR("Info: Out of memory");
+ return -1;
+ }
+
+ if (!ops->container.info) {
+ COMMAND_ERROR("Unimplemented info op");
+ ret = -1;
+ goto out;
+ }
+
+ ret = ops->container.info(&request, response, (void *)config);
+ if (ret != 0) {
+ client_print_error(response->cc, response->server_errono, response->errmsg);
+ ret = -1;
+ goto out;
+ }
+
+ if (response->isulad_root_dir == NULL) {
+ COMMAND_ERROR("None root dir");
+ ret = -1;
+ goto out;
+ }
+
+ *root_dir = util_strdup_s(response->isulad_root_dir);
+
+out:
+ isula_info_response_free(response);
+ return ret;
+}
+
static int client_copy_from_container(const struct client_arguments *args, const char *id, const char *srcpath,
const char *destpath)
{
@@ -84,6 +122,7 @@ static int client_copy_from_container(const struct client_arguments *args, const
char *archive_err = NULL;
char *ops_err = NULL;
char *resolved = NULL;
+ char *root_dir = NULL;
struct archive_copy_info *srcinfo = NULL;
client_connect_config_t config;
@@ -92,18 +131,24 @@ static int client_copy_from_container(const struct client_arguments *args, const
COMMAND_ERROR("Unimplemented copy from container operation");
return -1;
}
+ config = get_connect_config(args);
+
+ ret = client_get_root_dir(ops, &config, &root_dir);
+ if (ret != 0) {
+ return -1;
+ }
response = util_common_calloc_s(sizeof(struct isula_copy_from_container_response));
if (response == NULL) {
ERROR("Event: Out of memory");
- return -1;
+ ret = -1;
+ goto out;
}
request.id = (char *)id;
request.runtime = args->runtime;
request.srcpath = (char *)srcpath;
- config = get_connect_config(args);
ret = ops->container.copy_from_container(&request, response, &config);
if (ret) {
ops_err = (response->errmsg != NULL) ? util_strdup_s(response->errmsg) : NULL;
@@ -125,7 +170,7 @@ static int client_copy_from_container(const struct client_arguments *args, const
srcinfo->path = util_strdup_s(srcpath);
srcinfo->isdir = S_ISDIR(response->stat->mode);
- nret = archive_copy_to(&response->reader, srcinfo, resolved, &archive_err);
+ nret = archive_copy_to(&response->reader, srcinfo, resolved, root_dir, &archive_err);
if (nret != 0) {
ret = nret;
}
@@ -137,6 +182,7 @@ static int client_copy_from_container(const struct client_arguments *args, const
out:
print_copy_from_container_error(ops_err, archive_err, ret, args);
+ free(root_dir);
free(resolved);
free(archive_err);
free(ops_err);
@@ -167,6 +213,7 @@ static int client_copy_to_container(const struct client_arguments *args, const c
int nret = 0;
char *archive_err = NULL;
char *resolved = NULL;
+ char *root_dir = NULL;
struct archive_copy_info *srcinfo = NULL;
struct io_read_wrapper archive_reader = { 0 };
client_connect_config_t config = { 0 };
@@ -176,11 +223,18 @@ static int client_copy_to_container(const struct client_arguments *args, const c
COMMAND_ERROR("Unimplemented copy to container operation");
return -1;
}
+ config = get_connect_config(args);
+
+ ret = client_get_root_dir(ops, &config, &root_dir);
+ if (ret != 0) {
+ return -1;
+ }
response = util_common_calloc_s(sizeof(struct isula_copy_to_container_response));
if (response == NULL) {
ERROR("Event: Out of memory");
- return -1;
+ ret = -1;
+ goto out;
}
request.id = (char *)id;
@@ -199,7 +253,7 @@ static int client_copy_to_container(const struct client_arguments *args, const c
goto out;
}
- nret = tar_resource(srcinfo, &archive_reader, &archive_err);
+ nret = tar_resource(srcinfo, root_dir, &archive_reader, &archive_err);
if (nret != 0) {
ret = -1;
goto out;
@@ -212,7 +266,6 @@ static int client_copy_to_container(const struct client_arguments *args, const c
request.reader.read = archive_reader.read;
request.reader.close = archive_reader.close;
- config = get_connect_config(args);
ret = ops->container.copy_to_container(&request, response, &config);
// archive reader close if copy to container failed
@@ -223,6 +276,7 @@ static int client_copy_to_container(const struct client_arguments *args, const c
out:
print_copy_to_container_error(response, archive_err, ret, args);
+ free(root_dir);
free(resolved);
free(archive_err);
free_archive_copy_info(srcinfo);
diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c
index 681dcf03..b32b6626 100644
--- a/src/cmd/isulad/main.c
+++ b/src/cmd/isulad/main.c
@@ -72,6 +72,7 @@
#include "utils_file.h"
#include "utils_string.h"
#include "utils_verify.h"
+#include "path.h"
#include "volume_api.h"
#ifndef DISABLE_CLEANUP
#include "leftover_cleanup_api.h"
@@ -1383,6 +1384,50 @@ out:
return ret;
}
+static int create_mount_flock_file(const struct service_arguments *args)
+{
+ int nret = 0;
+ int fd = -1;
+ char path[PATH_MAX] = { 0 };
+ char cleanpath[PATH_MAX] = { 0 };
+
+ nret = snprintf(path, PATH_MAX, "%s/%s", args->json_confs->graph, MOUNT_FLOCK_FILE_PATH);
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
+ ERROR("Failed to snprintf");
+ return -1;
+ }
+
+ if (util_clean_path(path, cleanpath, sizeof(cleanpath)) == NULL) {
+ ERROR("clean path for %s failed", path);
+ return -1;
+ }
+
+ if (util_fileself_exists(cleanpath)) {
+ int err = 0;
+ // recreate mount flock file
+ // and make file uid/gid and permission correct
+ if (!util_force_remove_file(cleanpath, &err)) {
+ ERROR("Failed to delete %s, error: %s. Please delete %s manually.", path, strerror(err), path);
+ return -1;
+ }
+ }
+
+ fd = util_open(cleanpath, O_RDWR | O_CREAT, MOUNT_FLOCK_FILE_MODE);
+ if (fd < 0) {
+ ERROR("Failed to create file %s", cleanpath);
+ return -1;
+ }
+ close(fd);
+
+ nret = util_set_file_group(cleanpath, args->json_confs->group);
+ if (nret < 0) {
+ ERROR("set group of the path %s failed", cleanpath);
+ return -1;
+ }
+
+ return 0;
+}
+
static int isulad_server_init_service()
{
int ret = -1;
@@ -1413,6 +1458,12 @@ static int isulad_server_init_service()
goto unlock_out;
}
+ ret = create_mount_flock_file(args);
+ if (ret != 0) {
+ ERROR("Failed to create mount flock file");
+ goto unlock_out;
+ }
+
unlock_out:
if (isulad_server_conf_unlock()) {
ret = -1;
diff --git a/src/common/constants.h b/src/common/constants.h
index 409a83a1..d93bb464 100644
--- a/src/common/constants.h
+++ b/src/common/constants.h
@@ -68,6 +68,8 @@ extern "C" {
#define DEFAULT_HIGHEST_DIRECTORY_MODE 0755
+#define MOUNT_FLOCK_FILE_MODE 0660
+
#define ISULAD_CONFIG SYSCONFDIR_PREFIX"/etc/isulad"
#define ISULAD_DAEMON_CONTAINER_CONTEXTS ISULAD_CONFIG "/container_contexts"
@@ -119,6 +121,8 @@ extern "C" {
#define OCI_VERSION "1.0.1"
#endif
+#define MOUNT_FLOCK_FILE_PATH "isulad-chroot-mount.flock"
+
#define OCI_IMAGE_GRAPH_ROOTPATH_NAME "storage"
#ifdef ENABLE_GRPC_REMOTE_CONNECT
diff --git a/src/daemon/executor/container_cb/execution_stream.c b/src/daemon/executor/container_cb/execution_stream.c
index 32721e68..244ec6a0 100644
--- a/src/daemon/executor/container_cb/execution_stream.c
+++ b/src/daemon/executor/container_cb/execution_stream.c
@@ -62,6 +62,7 @@
#include "utils.h"
#include "utils_file.h"
#include "utils_verify.h"
+#include "isulad_config.h"
#if defined (__ANDROID__) || defined(__MUSL__)
#define SIG_CANCEL_SIGNAL SIGUSR1
@@ -442,6 +443,7 @@ static int archive_and_send_copy_data(const stream_func_wrapper *stream,
char *absbase = NULL;
char *err = NULL;
char *buf = NULL;
+ char *root_dir = NULL;
char cleaned[PATH_MAX + 2] = { 0 };
struct io_read_wrapper reader = { 0 };
char *tar_path = NULL;
@@ -474,9 +476,15 @@ static int archive_and_send_copy_data(const stream_func_wrapper *stream,
goto cleanup;
}
+ root_dir = conf_get_isulad_rootdir();
+ if (root_dir == NULL) {
+ ERROR("Failed to get isulad rootdir");
+ goto cleanup;
+ }
+
DEBUG("archive chroot tar stream container_fs(%s) srcdir(%s) relative(%s) srcbase(%s) absbase(%s)",
container_fs, srcdir, tar_path, srcbase, absbase);
- nret = archive_chroot_tar_stream(container_fs, tar_path, srcbase, absbase, &reader);
+ nret = archive_chroot_tar_stream(container_fs, tar_path, srcbase, absbase, root_dir, &reader);
if (nret != 0) {
ERROR("Archive %s failed", resolvedpath);
goto cleanup;
@@ -504,6 +512,7 @@ cleanup:
free(srcdir);
free(srcbase);
free(absbase);
+ free(root_dir);
if (reader.close != NULL) {
int cret = reader.close(reader.context, &err);
if (err != NULL) {
@@ -776,15 +785,25 @@ static int read_and_extract_archive(stream_func_wrapper *stream, const char *con
{
int ret = -1;
char *err = NULL;
+ char *root_dir = NULL;
struct io_read_wrapper content = { 0 };
content.context = stream;
content.read = extract_stream_to_io_read;
- ret = archive_chroot_untar_stream(&content, container_fs, dstdir_in_container, src_rebase, dst_rebase, &err);
+
+ root_dir = conf_get_isulad_rootdir();
+ if (root_dir == NULL) {
+ ERROR("Failed to get isulad rootdir");
+ isulad_set_error_message("Failed to get isulad rootdir");
+ return -1;
+ }
+
+ ret = archive_chroot_untar_stream(&content, container_fs, dstdir_in_container, src_rebase, dst_rebase, root_dir, &err);
if (ret != 0) {
ERROR("Can not untar to container: %s", (err != NULL) ? err : "unknown");
isulad_set_error_message("Can not untar to container: %s", (err != NULL) ? err : "unknown");
}
free(err);
+ free(root_dir);
return ret;
}
diff --git a/src/daemon/modules/image/oci/oci_export.c b/src/daemon/modules/image/oci/oci_export.c
index e27ed6d8..6bfcf4d5 100644
--- a/src/daemon/modules/image/oci/oci_export.c
+++ b/src/daemon/modules/image/oci/oci_export.c
@@ -23,6 +23,7 @@
#include "util_archive.h"
#include "path.h"
#include "utils_file.h"
+#include "isulad_config.h"
int oci_do_export(char *id, char *file)
{
@@ -30,6 +31,7 @@ int oci_do_export(char *id, char *file)
int ret2 = 0;
char *mount_point = NULL;
char *errmsg = NULL;
+ char *root_dir = NULL;
char cleanpath[PATH_MAX] = { 0 };
if (id == NULL || file == NULL) {
@@ -56,7 +58,15 @@ int oci_do_export(char *id, char *file)
return -1;
}
- ret = archive_chroot_tar(mount_point, cleanpath, &errmsg);
+ root_dir = conf_get_isulad_rootdir();
+ if (root_dir == NULL) {
+ ERROR("Failed to get isulad rootdir");
+ isulad_set_error_message("Failed to get isulad rootdir");
+ ret = -1;
+ goto out;
+ }
+
+ ret = archive_chroot_tar(mount_point, cleanpath, root_dir, &errmsg);
if (ret != 0) {
ERROR("failed to export container %s to file %s: %s", id, cleanpath, errmsg);
isulad_set_error_message("Failed to export rootfs with error: %s", errmsg);
@@ -68,6 +78,7 @@ out:
mount_point = NULL;
free(errmsg);
errmsg = NULL;
+ free(root_dir);
ret2 = storage_rootfs_umount(id, false);
if (ret2 != 0) {
diff --git a/src/daemon/modules/image/oci/oci_load.c b/src/daemon/modules/image/oci/oci_load.c
index 04a9f947..4385e55e 100644
--- a/src/daemon/modules/image/oci/oci_load.c
+++ b/src/daemon/modules/image/oci/oci_load.c
@@ -41,6 +41,7 @@
#include "utils_file.h"
#include "utils_verify.h"
#include "oci_image.h"
+#include "isulad_config.h"
#define MANIFEST_BIG_DATA_KEY "manifest"
#define OCI_SCHEMA_VERSION 2
@@ -1068,6 +1069,7 @@ int oci_do_load(const im_load_request *request)
char *digest = NULL;
char *dstdir = NULL;
char *err = NULL;
+ char *root_dir = NULL;
if (request == NULL || request->file == NULL) {
ERROR("Invalid input arguments, cannot load image");
@@ -1088,8 +1090,16 @@ int oci_do_load(const im_load_request *request)
goto out;
}
+ root_dir = conf_get_isulad_rootdir();
+ if (root_dir == NULL) {
+ ERROR("Failed to get isulad rootdir");
+ isulad_try_set_error_message("Failed to get isulad rootdir");
+ ret = -1;
+ goto out;
+ }
+
options.whiteout_format = NONE_WHITEOUT_FORMATE;
- if (archive_unpack(&reader, dstdir, &options, &err) != 0) {
+ if (archive_unpack(&reader, dstdir, &options, root_dir, &err) != 0) {
ERROR("Failed to unpack to %s: %s", dstdir, err);
isulad_try_set_error_message("Failed to unpack to %s: %s", dstdir, err);
ret = -1;
@@ -1175,5 +1185,6 @@ out:
}
free(dstdir);
free(err);
+ free(root_dir);
return ret;
}
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c
index 998ea8c2..ecb62f79 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c
@@ -32,6 +32,7 @@
#include "utils_file.h"
#include "utils_fs.h"
#include "utils_string.h"
+#include "isulad_config.h"
struct io_read_wrapper;
@@ -346,6 +347,7 @@ int devmapper_apply_diff(const char *id, const struct graphdriver *driver, const
int ret = 0;
struct archive_options options = { 0 };
char *err = NULL;
+ char *root_dir = NULL;
if (!util_valid_str(id) || driver == NULL || content == NULL) {
ERROR("invalid argument to apply diff with id(%s)", id);
@@ -366,8 +368,15 @@ int devmapper_apply_diff(const char *id, const struct graphdriver *driver, const
goto out;
}
+ root_dir = conf_get_isulad_rootdir();
+ if (root_dir == NULL) {
+ ERROR("Failed to get isulad rootdir");
+ ret = -1;
+ goto umount_out;
+ }
+
options.whiteout_format = REMOVE_WHITEOUT_FORMATE;
- if (archive_unpack(content, layer_fs, &options, &err) != 0) {
+ if (archive_unpack(content, layer_fs, &options, root_dir, &err) != 0) {
ERROR("devmapper: failed to unpack to %s: %s", layer_fs, err);
ret = -1;
goto umount_out;
@@ -384,6 +393,7 @@ out:
free_driver_mount_opts(mount_opts);
free(layer_fs);
free(err);
+ free(root_dir);
return ret;
}
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
index c5864c90..b177f594 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
@@ -45,6 +45,7 @@
#include "utils_timestamp.h"
#include "selinux_label.h"
#include "err_msg.h"
+#include "isulad_config.h"
#ifdef ENABLE_REMOTE_LAYER_STORE
#include "ro_symlink_maintain.h"
#endif
@@ -1886,6 +1887,7 @@ int overlay2_apply_diff(const char *id, const struct graphdriver *driver, const
char *layer_diff = NULL;
struct archive_options options = { 0 };
char *err = NULL;
+ char *root_dir = NULL;
if (id == NULL || driver == NULL || content == NULL) {
ERROR("invalid argument");
@@ -1919,7 +1921,14 @@ int overlay2_apply_diff(const char *id, const struct graphdriver *driver, const
}
#endif
- ret = archive_unpack(content, layer_diff, &options, &err);
+ root_dir = conf_get_isulad_rootdir();
+ if (root_dir == NULL) {
+ ERROR("Failed to get isulad rootdir");
+ ret = -1;
+ goto out;
+ }
+
+ ret = archive_unpack(content, layer_diff, &options, root_dir ,&err);
if (ret != 0) {
ERROR("Failed to unpack to %s: %s", layer_diff, err);
ret = -1;
@@ -1928,6 +1937,7 @@ int overlay2_apply_diff(const char *id, const struct graphdriver *driver, const
out:
free(err);
+ free(root_dir);
free(layer_dir);
free(layer_diff);
#ifdef ENABLE_USERNS_REMAP
diff --git a/src/utils/tar/isulad_tar.c b/src/utils/tar/isulad_tar.c
index 74176b12..24269c70 100644
--- a/src/utils/tar/isulad_tar.c
+++ b/src/utils/tar/isulad_tar.c
@@ -385,7 +385,7 @@ cleanup:
}
int archive_copy_to(const struct io_read_wrapper *content, const struct archive_copy_info *srcinfo,
- const char *dstpath, char **err)
+ const char *dstpath, const char *root_dir, char **err)
{
int ret = -1;
struct archive_copy_info *dstinfo = NULL;
@@ -393,7 +393,7 @@ int archive_copy_to(const struct io_read_wrapper *content, const struct archive_
char *src_base = NULL;
char *dst_base = NULL;
- if (err == NULL || dstpath == NULL || srcinfo == NULL || content == NULL) {
+ if (err == NULL || dstpath == NULL || srcinfo == NULL || content == NULL || root_dir == NULL) {
return -1;
}
@@ -409,7 +409,7 @@ int archive_copy_to(const struct io_read_wrapper *content, const struct archive_
goto cleanup;
}
- ret = archive_chroot_untar_stream(content, dstdir, ".", src_base, dst_base, err);
+ ret = archive_chroot_untar_stream(content, dstdir, ".", src_base, dst_base, root_dir, err);
cleanup:
free_archive_copy_info(dstinfo);
@@ -419,7 +419,7 @@ cleanup:
return ret;
}
-static int tar_resource_rebase(const char *path, const char *rebase, struct io_read_wrapper *archive_reader, char **err)
+static int tar_resource_rebase(const char *path, const char *rebase, const char *root_dir, struct io_read_wrapper *archive_reader, char **err)
{
int ret = -1;
int nret;
@@ -438,7 +438,7 @@ static int tar_resource_rebase(const char *path, const char *rebase, struct io_r
}
DEBUG("chroot tar stream srcdir(%s) srcbase(%s) rebase(%s)", srcdir, srcbase, rebase);
- nret = archive_chroot_tar_stream(srcdir, srcbase, srcbase, rebase, archive_reader);
+ nret = archive_chroot_tar_stream(srcdir, srcbase, srcbase, rebase, root_dir, archive_reader);
if (nret < 0) {
ERROR("Can not archive path: %s", path);
goto cleanup;
@@ -450,11 +450,11 @@ cleanup:
return ret;
}
-int tar_resource(const struct archive_copy_info *info, struct io_read_wrapper *archive_reader, char **err)
+int tar_resource(const struct archive_copy_info *info, const char *root_dir, struct io_read_wrapper *archive_reader, char **err)
{
- if (info == NULL || archive_reader == NULL || err == NULL) {
+ if (info == NULL || root_dir == NULL || archive_reader == NULL || err == NULL) {
return -1;
}
- return tar_resource_rebase(info->path, info->rebase_name, archive_reader, err);
+ return tar_resource_rebase(info->path, info->rebase_name, root_dir, archive_reader, err);
}
diff --git a/src/utils/tar/isulad_tar.h b/src/utils/tar/isulad_tar.h
index cdd9858a..414bb024 100644
--- a/src/utils/tar/isulad_tar.h
+++ b/src/utils/tar/isulad_tar.h
@@ -43,10 +43,10 @@ struct archive_copy_info *copy_info_source_path(const char *path, bool follow_li
char *prepare_archive_copy(const struct archive_copy_info *srcinfo, const struct archive_copy_info *dstinfo,
char **src_base, char **dst_base, char **err);
-int tar_resource(const struct archive_copy_info *info, struct io_read_wrapper *archive_reader, char **err);
+int tar_resource(const struct archive_copy_info *info, const char *root_dir, struct io_read_wrapper *archive_reader, char **err);
int archive_copy_to(const struct io_read_wrapper *content, const struct archive_copy_info *srcinfo,
- const char *dstpath, char **err);
+ const char *dstpath, const char *root_dir, char **err);
#ifdef __cplusplus
}
diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c
index 0fb7769b..d2fc5488 100644
--- a/src/utils/tar/util_archive.c
+++ b/src/utils/tar/util_archive.c
@@ -33,10 +33,12 @@
#include <netdb.h>
#include <sys/mount.h>
#include <sys/capability.h>
+#include <sys/file.h>
#include <isula_libutils/log.h>
#include <isula_libutils/go_crc64.h>
#include <isula_libutils/storage_entry.h>
+#include <isula_libutils/auto_cleanup.h>
#include "error.h"
#include "map.h"
@@ -83,6 +85,31 @@ static ssize_t read_content(struct archive *a, void *client_data, const void **b
return mydata->content->read(mydata->content->context, mydata->buff, sizeof(mydata->buff));
}
+static char *generate_flock_path(const char *root_dir)
+{
+ int nret = 0;
+ char path[PATH_MAX] = { 0 };
+ char cleanpath[PATH_MAX] = { 0 };
+
+ nret = snprintf(path, PATH_MAX, "%s/%s", root_dir, MOUNT_FLOCK_FILE_PATH);
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
+ ERROR("Failed to snprintf");
+ return NULL;
+ }
+
+ if (util_clean_path(path, cleanpath, sizeof(cleanpath)) == NULL) {
+ ERROR("clean path for %s failed", path);
+ return NULL;
+ }
+
+ if (!util_file_exists(cleanpath)) {
+ ERROR("flock file %s doesn't exist", cleanpath);
+ return NULL;
+ }
+
+ return util_strdup_s(cleanpath);
+}
+
static void do_disable_unneccessary_caps()
{
cap_t caps;
@@ -104,7 +131,58 @@ static void do_disable_unneccessary_caps()
cap_free(caps);
}
-static int make_safedir_is_noexec(const char *dstdir, char **safe_dir)
+// Add flock when bind mount and make it private.
+// Because bind mount usually makes safedir shared mount point,
+// and sometimes it will cause "mount point explosion".
+// E.g. concurrently execute isula cp /tmp/<XXX-File> <CONTAINER-ID>:<CONTAINER-PAT>
+static int bind_mount_with_flock(const char *flock_path, const char *dstdir, const char *tmp_dir)
+{
+ __isula_auto_close int fd = -1;
+ int ret = -1;
+
+ fd = open(flock_path, O_RDWR | O_CLOEXEC);
+ if (fd < 0) {
+ SYSERROR("Failed to open file %s", flock_path);
+ return -1;
+ }
+
+ if (flock(fd, LOCK_EX) != 0) {
+ SYSERROR("Failed to lock file %s", flock_path);
+ return -1;
+ }
+
+ if (mount(dstdir, tmp_dir, "none", MS_BIND, NULL) != 0) {
+ SYSERROR("Mount safe dir failed");
+ goto unlock_out;
+ }
+
+ if (mount(tmp_dir, tmp_dir, "none", MS_BIND | MS_REMOUNT | MS_NOEXEC, NULL) != 0) {
+ SYSERROR("Mount safe dir failed");
+ if (umount(tmp_dir) != 0) {
+ SYSERROR("Failed to umount target %s", tmp_dir);
+ }
+ goto unlock_out;
+ }
+
+ // Change the propagation type.
+ if (mount("", tmp_dir, "", MS_PRIVATE, "") != 0) {
+ SYSERROR("Failed to change the propagation type");
+ if (umount(tmp_dir) != 0) {
+ SYSERROR("Failed to umount target %s", tmp_dir);
+ }
+ goto unlock_out;
+ }
+
+ ret = 0;
+
+unlock_out:
+ if (flock(fd, LOCK_UN) != 0) {
+ SYSERROR("Failed to unlock file %s", flock_path);
+ }
+ return ret;
+}
+
+static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, char **safe_dir)
{
struct stat buf;
char *isulad_tmpdir_env = NULL;
@@ -156,19 +234,8 @@ static int make_safedir_is_noexec(const char *dstdir, char **safe_dir)
return -1;
}
- if (mount(dstdir, tmp_dir, "none", MS_BIND, NULL) != 0) {
- SYSERROR("Mount safe dir failed");
- if (util_path_remove(tmp_dir) != 0) {
- ERROR("Failed to remove path %s", tmp_dir);
- }
- return -1;
- }
-
- if (mount(tmp_dir, tmp_dir, "none", MS_BIND | MS_REMOUNT | MS_NOEXEC, NULL) != 0) {
- SYSERROR("Mount safe dir failed");
- if (umount(tmp_dir) != 0) {
- ERROR("Failed to umount target %s", tmp_dir);
- }
+ if (bind_mount_with_flock(flock_path, dstdir, tmp_dir) != 0) {
+ ERROR("Failed to bind mount from %s to %s with flock", dstdir, tmp_dir);
if (util_path_remove(tmp_dir) != 0) {
ERROR("Failed to remove path %s", tmp_dir);
}
@@ -723,7 +790,7 @@ static void set_child_process_pdeathsig(void)
}
int archive_unpack(const struct io_read_wrapper *content, const char *dstdir, const struct archive_options *options,
- char **errmsg)
+ const char *root_dir, char **errmsg)
{
int ret = 0;
pid_t pid = -1;
@@ -731,12 +798,24 @@ int archive_unpack(const struct io_read_wrapper *content, const char *dstdir, co
int pipe_stderr[2] = { -1, -1 };
char errbuf[BUFSIZ + 1] = { 0 };
char *safe_dir = NULL;
+ char *flock_path = NULL;
- if (make_safedir_is_noexec(dstdir, &safe_dir) != 0) {
- ERROR("Prepare safe dir failed");
+ if (content == NULL || dstdir == NULL || options == NULL || root_dir == NULL) {
return -1;
}
+ flock_path = generate_flock_path(root_dir);
+ if (flock_path == NULL) {
+ ERROR("Failed to generate flock path");
+ return -1;
+ }
+
+ if (make_safedir_is_noexec(flock_path, dstdir, &safe_dir) != 0) {
+ ERROR("Prepare safe dir failed");
+ ret = -1;
+ goto cleanup;
+ }
+
if (pipe2(pipe_stderr, O_CLOEXEC) != 0) {
ERROR("Failed to create pipe");
ret = -1;
@@ -816,6 +895,7 @@ cleanup:
ERROR("Failed to remove path %s", safe_dir);
}
free(safe_dir);
+ free(flock_path);
return ret;
}
@@ -1126,7 +1206,7 @@ static ssize_t fd_write(void *context, const void *data, size_t len)
return util_write_nointr(*(int *)context, data, len);
}
-int archive_chroot_tar(char *path, char *file, char **errmsg)
+int archive_chroot_tar(const char *path, const char *file, const char *root_dir, char **errmsg)
{
struct io_write_wrapper pipe_context = { 0 };
int ret = 0;
@@ -1136,12 +1216,24 @@ int archive_chroot_tar(char *path, char *file, char **errmsg)
char errbuf[BUFSIZ + 1] = { 0 };
int fd = 0;
char *safe_dir = NULL;
+ char *flock_path = NULL;
- if (make_safedir_is_noexec(path, &safe_dir) != 0) {
- ERROR("Prepare safe dir failed");
+ if (path == NULL || file == NULL || root_dir == NULL) {
+ return -1;
+ }
+
+ flock_path = generate_flock_path(root_dir);
+ if (flock_path == NULL) {
+ ERROR("Failed to generate flock path");
return -1;
}
+ if (make_safedir_is_noexec(flock_path, path, &safe_dir) != 0) {
+ ERROR("Prepare safe dir failed");
+ ret = -1;
+ goto cleanup;
+ }
+
if (pipe2(pipe_for_read, O_CLOEXEC) != 0) {
ERROR("Failed to create pipe");
ret = -1;
@@ -1232,6 +1324,7 @@ cleanup:
ERROR("Failed to remove path %s", safe_dir);
}
free(safe_dir);
+ free(flock_path);
return ret;
}
@@ -1352,7 +1445,7 @@ static int archive_context_close(void *context, char **err)
}
int archive_chroot_untar_stream(const struct io_read_wrapper *context, const char *chroot_dir, const char *untar_dir,
- const char *src_base, const char *dst_base, char **errmsg)
+ const char *src_base, const char *dst_base, const char *root_dir, char **errmsg)
{
struct io_read_wrapper pipe_context = { 0 };
int pipe_stream[2] = { -1, -1 };
@@ -1370,12 +1463,19 @@ int archive_chroot_untar_stream(const struct io_read_wrapper *context, const cha
.dst_base = dst_base
};
char *safe_dir = NULL;
+ char *flock_path = NULL;
- if (make_safedir_is_noexec(chroot_dir, &safe_dir) != 0) {
- ERROR("Prepare safe dir failed");
+ flock_path = generate_flock_path(root_dir);
+ if (flock_path == NULL) {
+ ERROR("Failed to generate flock path");
return -1;
}
+ if (make_safedir_is_noexec(flock_path, chroot_dir, &safe_dir) != 0) {
+ ERROR("Prepare safe dir failed");
+ goto cleanup;
+ }
+
if (pipe(pipe_stderr) != 0) {
ERROR("Failed to create pipe: %s", strerror(errno));
goto cleanup;
@@ -1483,12 +1583,13 @@ cleanup:
ERROR("Failed to remove path %s", safe_dir);
}
free(safe_dir);
+ free(flock_path);
return ret;
}
int archive_chroot_tar_stream(const char *chroot_dir, const char *tar_path, const char *src_base, const char *dst_base,
- struct io_read_wrapper *reader)
+ const char *root_dir, struct io_read_wrapper *reader)
{
struct io_write_wrapper pipe_context = { 0 };
int keepfds[] = { -1, -1, -1 };
@@ -1498,12 +1599,19 @@ int archive_chroot_tar_stream(const char *chroot_dir, const char *tar_path, cons
pid_t pid;
struct archive_context *ctx = NULL;
char *safe_dir = NULL;
+ char *flock_path = NULL;
- if (make_safedir_is_noexec(chroot_dir, &safe_dir) != 0) {
- ERROR("Prepare safe dir failed");
+ flock_path = generate_flock_path(root_dir);
+ if (flock_path == NULL) {
+ ERROR("Failed to generate flock path");
return -1;
}
+ if (make_safedir_is_noexec(flock_path, chroot_dir, &safe_dir) != 0) {
+ ERROR("Prepare safe dir failed");
+ goto free_out;
+ }
+
if (pipe(pipe_stderr) != 0) {
ERROR("Failed to create pipe: %s", strerror(errno));
goto free_out;
@@ -1607,6 +1715,7 @@ free_out:
close_archive_pipes_fd(pipe_stderr, 2);
close_archive_pipes_fd(pipe_stream, 2);
free(ctx);
+ free(flock_path);
if (safe_dir != NULL) {
if (umount(safe_dir) != 0) {
ERROR("Failed to umount target %s", safe_dir);
@@ -1848,4 +1957,4 @@ int archive_copy_oci_tar_split_and_ret_size(int src_fd, const char *dist_file, i
}
return foreach_archive_entry(archive_entry_parse, src_fd, dist_file, ret_size);
-}
\ No newline at end of file
+}
diff --git a/src/utils/tar/util_archive.h b/src/utils/tar/util_archive.h
index 5cc2c5ec..8f0ab2a4 100644
--- a/src/utils/tar/util_archive.h
+++ b/src/utils/tar/util_archive.h
@@ -45,17 +45,17 @@ struct archive_options {
};
int archive_unpack(const struct io_read_wrapper *content, const char *dstdir, const struct archive_options *options,
- char **errmsg);
+ const char *root_dir, char **errmsg);
bool valid_archive_format(const char *file);
-int archive_chroot_tar(char *path, char *file, char **errmsg);
+int archive_chroot_tar(const char *path, const char *file, const char *root_dir, char **errmsg);
int archive_chroot_tar_stream(const char *chroot_dir, const char *tar_path, const char *src_base,
- const char *dst_base, struct io_read_wrapper *content);
+ const char *dst_base, const char *root_dir, struct io_read_wrapper *content);
int archive_chroot_untar_stream(const struct io_read_wrapper *content, const char *chroot_dir,
const char *untar_dir, const char *src_base, const char *dst_base,
- char **errmsg);
+ const char *root_dir, char **errmsg);
int archive_copy_oci_tar_split_and_ret_size(int src_fd, const char *dist_file, int64_t *ret_size);
--
2.25.1

75
0005-recheck-delete-command-exit-status.patch
View File

@ -1,75 +0,0 @@
From 57921deef3849f519b3fffdcf76184144ba54fb3 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 16 May 2023 15:16:13 +0800
Subject: [PATCH 5/9] recheck delete command exit status
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
.../modules/runtime/isula/isula_rt_ops.c | 24 ++++++++++++-------
1 file changed, 15 insertions(+), 9 deletions(-)
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index 9008c5c7..07f714f0 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -635,9 +635,9 @@ static int runtime_call_simple(const char *workdir, const char *runtime, const c
}
// oci runtime return -1 if the container 'does not exist'
-// if output contains 'does not exist', means nothing to kill, return 0
-// this will change the exit status of kill command
-static int kill_output_check(const char *output)
+// if output contains 'does not exist', means nothing to kill or delete, return 0
+// this will change the exit status of kill or delete command
+static int non_existent_output_check(const char *output)
{
char *pattern = "does not exist";
@@ -645,24 +645,24 @@ static int kill_output_check(const char *output)
return -1;
}
- // container not exist, kill success, return 0
+ // container not exist, kill or delete success, return 0
if (util_strings_contains_word(output, pattern)) {
return 0;
}
- // kill failed, return -1
+ // kill or delete failed, return -1
return -1;
}
-// kill success or kill_output_check succeed return 0, DO_RETRY_CALL will break;
+// kill success or non_existent_output_check succeed return 0, DO_RETRY_CALL will break;
// if kill failed, recheck on shim alive, if not alive, kill succeed, still return 0;
// else, return -1, DO_RETRY_CALL will call this again;
static int runtime_call_kill_and_check(const char *workdir, const char *runtime, const char *id)
{
int ret = -1;
- // kill succeed, return 0; kill_output_check succeed, return 0;
- ret = runtime_call_simple(workdir, runtime, "kill", NULL, 0, id, kill_output_check);
+ // kill succeed, return 0; non_existent_output_check succeed, return 0;
+ ret = runtime_call_simple(workdir, runtime, "kill", NULL, 0, id, non_existent_output_check);
if (ret == 0) {
return 0;
}
@@ -677,7 +677,13 @@ static int runtime_call_kill_and_check(const char *workdir, const char *runtime,
static int runtime_call_delete_force(const char *workdir, const char *runtime, const char *id)
{
const char *opts[1] = { "--force" };
- return runtime_call_simple(workdir, runtime, "delete", opts, 1, id, NULL);
+ // delete succeed, return 0;
+ // When the runc version is less than or equal to v1.0.0-rc3,
+ // if the container does not exist when force deleting it,
+ // runc will report an error and isulad does not need to retry the deletion again.
+ // related PR ID:d1a743674a98e23d348b29f52c43436356f56b79
+ // non_existent_output_check succeed, return 0;
+ return runtime_call_simple(workdir, runtime, "delete", opts, 1, id, non_existent_output_check);
}
#define ExitSignalOffset 128
--
2.40.1

1054
0006-2168-fix-code-bug.patch Normal file
View File

File diff suppressed because it is too large Load Diff

31
0006-restore-execSync-return-value.patch
View File

@ -1,31 +0,0 @@
From f591197fc150e9a137d869b518cda4cecbf70363 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Thu, 18 May 2023 19:07:13 +0800
Subject: [PATCH 6/9] restore execSync return value
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/entry/connect/grpc/runtime_runtime_service.cc | 7 -------
1 file changed, 7 deletions(-)
diff --git a/src/daemon/entry/connect/grpc/runtime_runtime_service.cc b/src/daemon/entry/connect/grpc/runtime_runtime_service.cc
index 63a780cb..354b220e 100644
--- a/src/daemon/entry/connect/grpc/runtime_runtime_service.cc
+++ b/src/daemon/entry/connect/grpc/runtime_runtime_service.cc
@@ -279,13 +279,6 @@ grpc::Status RuntimeRuntimeServiceImpl::ExecSync(grpc::ServerContext *context,
return grpc::Status(grpc::StatusCode::UNKNOWN, error.GetMessage());
}
- if (reply->exit_code() != 0) {
- ERROR("Object: CRI, Type: Sync exec in container: %s with exit code: %d", request->container_id().c_str(),
- reply->exit_code());
- error.SetError(reply->stderr());
- return grpc::Status(grpc::StatusCode::UNKNOWN, error.GetMessage());
- }
-
WARN("Event: {Object: CRI, Type: sync execed Container: %s}", request->container_id().c_str());
return grpc::Status::OK;
--
2.40.1

1807
0007-2171-Fix-nullptr-in-src-daemon-entry.patch Normal file
View File

File diff suppressed because it is too large Load Diff

131
0007-reinforce-cri_stream.sh-and-health_check.sh.patch
View File

@ -1,131 +0,0 @@
From e04d2f1d8382e7b3e81ab4725a21562147ad1727 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 22 May 2023 12:50:32 +0800
Subject: [PATCH 7/9] reinforce cri_stream.sh and health_check.sh
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
CI/test_cases/container_cases/cri_stream.sh | 30 ++++++++++++----
CI/test_cases/container_cases/health_check.sh | 34 ++++++++++++++-----
2 files changed, 50 insertions(+), 14 deletions(-)
diff --git a/CI/test_cases/container_cases/cri_stream.sh b/CI/test_cases/container_cases/cri_stream.sh
index 8b5440d3..bfe90208 100755
--- a/CI/test_cases/container_cases/cri_stream.sh
+++ b/CI/test_cases/container_cases/cri_stream.sh
@@ -58,6 +58,9 @@ function set_up()
function test_cri_exec_fun()
{
local ret=0
+ local retry_limit=20
+ local retry_interval=1
+ local success=1
local test="test_cri_exec_fun => (${FUNCNAME[@]})"
msg_info "${test} starting..."
declare -a fun_pids
@@ -74,9 +77,15 @@ function test_cri_exec_fun()
done
wait ${abn_pids[*]// /|}
- sleep 2
- ps -T -p $(cat /var/run/isulad.pid) | grep IoCopy
- [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - residual IO copy thread in CRI exec operation" && ((ret++))
+ for i in $(seq 1 "$retry_limit"); do
+ ps -T -p $(cat /var/run/isulad.pid) | grep IoCopy
+ if [ $? -ne 0 ]; then
+ success=0
+ break;
+ fi
+ sleep $retry_interval
+ done
+ [[ $success -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - residual IO copy thread in CRI exec operation" && ((ret++))
msg_info "${test} finished with return ${ret}..."
return ${ret}
@@ -85,6 +94,9 @@ function test_cri_exec_fun()
function test_cri_exec_abn
{
local ret=0
+ local retry_limit=20
+ local retry_interval=1
+ local success=1
local test="test_cri_exec_abn => (${FUNCNAME[@]})"
msg_info "${test} starting..."
@@ -92,10 +104,16 @@ function test_cri_exec_abn
pid=$!
sleep 3
kill -9 $pid
- sleep 2
- ps -T -p $(cat /var/run/isulad.pid) | grep IoCopy
- [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - residual IO copy thread in CRI exec operation" && ((ret++))
+ for i in $(seq 1 "$retry_limit"); do
+ ps -T -p $(cat /var/run/isulad.pid) | grep IoCopy
+ if [ $? -ne 0 ]; then
+ success=0
+ break;
+ fi
+ sleep $retry_interval
+ done
+ [[ $success -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - residual IO copy thread in CRI exec operation" && ((ret++))
msg_info "${test} finished with return ${ret}..."
return ${ret}
diff --git a/CI/test_cases/container_cases/health_check.sh b/CI/test_cases/container_cases/health_check.sh
index 1542bd09..28af6149 100755
--- a/CI/test_cases/container_cases/health_check.sh
+++ b/CI/test_cases/container_cases/health_check.sh
@@ -123,6 +123,9 @@ function test_health_check_timeout()
{
local ret=0
local image="busybox"
+ local retry_limit=10
+ local retry_interval=1
+ local success=1
local test="list && inspect image info test => (${FUNCNAME[@]})"
msg_info "${test} starting..."
@@ -139,16 +142,31 @@ function test_health_check_timeout()
[[ $(isula inspect -f '{{.State.Status}}' ${container_name}) == "running" ]]
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container status: not running" && ((ret++))
- sleep 2 # Health check has been performed yet
-
+ # Health check has been performed yet
+ for i in $(seq 1 "$retry_limit"); do
+ [[ $(isula inspect -f '{{.State.Health.Status}}' ${container_name}) == "starting" ]]
+ if [ $? -eq 0 ]; then
+ success=0
+ break;
+ fi
+ sleep $retry_interval
+ done
# Initial status when the container is still starting
- [[ $(isula inspect -f '{{.State.Health.Status}}' ${container_name}) == "starting" ]]
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not starting" && ((ret++))
-
- sleep 10 # finish first health check
+ [[ $success -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not starting" && ((ret++))
+
+ sleep 7 # finish first health check
+
+ success=1
+ for i in $(seq 1 "$retry_limit"); do
+ [[ $(isula inspect -f '{{.State.Health.Status}}' ${container_name}) == "unhealthy" ]]
+ if [ $? -eq 0 ]; then
+ success=0
+ break;
+ fi
+ sleep $retry_interval
+ done
# The container process exits and the health check status becomes unhealthy
- [[ $(isula inspect -f '{{.State.Health.Status}}' ${container_name}) == "unhealthy" ]]
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not unhealthy" && ((ret++))
+ [[ $success -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not unhealthy" && ((ret++))
[[ $(isula inspect -f '{{.State.ExitCode}}' ${container_name}) == "137" ]]
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container exit code: not 137" && ((ret++))
--
2.40.1

1123
0008-Add-vsock-support-for-exec.patch Normal file
View File

File diff suppressed because it is too large Load Diff

166
0008-reinforce-omit-health_check.sh.patch
View File

@ -1,166 +0,0 @@
From ab3d902b09ace8d69172a4ea6cf9771a21540ffb Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 22 May 2023 19:37:23 +0800
Subject: [PATCH 8/9] reinforce omit health_check.sh
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
CI/test_cases/container_cases/health_check.sh | 100 +++++++++++++++---
1 file changed, 83 insertions(+), 17 deletions(-)
diff --git a/CI/test_cases/container_cases/health_check.sh b/CI/test_cases/container_cases/health_check.sh
index 28af6149..0bbad16e 100755
--- a/CI/test_cases/container_cases/health_check.sh
+++ b/CI/test_cases/container_cases/health_check.sh
@@ -29,6 +29,9 @@ isula pull ${image}
function test_health_check_paraments()
{
local ret=0
+ local retry_limit=10
+ local retry_interval=1
+ local success=1
local test="list && inspect image info test => (${FUNCNAME[@]})"
msg_info "${test} starting..."
@@ -45,16 +48,33 @@ function test_health_check_paraments()
[[ $(isula inspect -f '{{.State.Status}}' ${container_name}) == "running" ]]
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container status: not running" && ((ret++))
- sleep 13 # finish first health check
+ # finish first health check
+ sleep 10
+ for i in $(seq 1 "$retry_limit"); do
+ [[ $(isula inspect -f '{{.State.Health.Status}}' ${container_name}) == "starting" ]]
+ if [ $? -eq 0 ]; then
+ success=0
+ break;
+ fi
+ sleep $retry_interval
+ done
# keep starting status with health check return non-zero at always until status change to unhealthy
- [[ $(isula inspect -f '{{.State.Health.Status}}' ${container_name}) == "starting" ]]
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not starting" && ((ret++))
+ [[ $success -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not starting" && ((ret++))
sleep 6 # finish second health check
- [[ $(isula inspect -f '{{.State.Health.Status}}' ${container_name}) == "unhealthy" ]]
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not unhealthy" && ((ret++))
+ success=1
+ for i in $(seq 1 "$retry_limit"); do
+ [[ $(isula inspect -f '{{.State.Health.Status}}' ${container_name}) == "unhealthy" ]]
+ if [ $? -eq 0 ]; then
+ success=0
+ break;
+ fi
+ sleep $retry_interval
+ done
+
+ [[ $success -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not unhealthy" && ((ret++))
# validate --health-retries option
[[ $(isula inspect -f '{{.State.Health.FailingStreak}}' ${container_name}) == "2" ]]
@@ -77,6 +97,9 @@ function test_health_check_normally()
{
local ret=0
local image="busybox"
+ local retry_limit=10
+ local retry_interval=1
+ local success=1
local test="list && inspect image info test => (${FUNCNAME[@]})"
msg_info "${test} starting..."
@@ -92,25 +115,60 @@ function test_health_check_normally()
[[ $(isula inspect -f '{{.State.Status}}' ${container_name}) == "running" ]]
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container status: not running" && ((ret++))
- sleep 2 # Health check has been performed yet
+ # Health check has been performed yet
+ for i in $(seq 1 "$retry_limit"); do
+ [[ $(isula inspect -f '{{.State.Health.Status}}' ${container_name}) == "starting" ]]
+ if [ $? -eq 0 ]; then
+ success=0
+ break;
+ fi
+ sleep $retry_interval
+ done
# Initial status when the container is still starting
- [[ $(isula inspect -f '{{.State.Health.Status}}' ${container_name}) == "starting" ]]
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not starting" && ((ret++))
+ [[ $success -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not starting" && ((ret++))
sleep 8 # finish first health check
+
+ success=1
+ for i in $(seq 1 "$retry_limit"); do
+ [[ $(isula inspect -f '{{.State.Health.Status}}' ${container_name}) == "healthy" ]]
+ if [ $? -eq 0 ]; then
+ success=0
+ break;
+ fi
+ sleep $retry_interval
+ done
# When the health check returns successfully, status immediately becomes healthy
- [[ $(isula inspect -f '{{.State.Health.Status}}' ${container_name}) == "healthy" ]]
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not healthy" && ((ret++))
+ [[ $success -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not healthy" && ((ret++))
- kill -9 $(isula inspect -f '{{.State.Pid}}' ${container_name}) && sleep 2 # Wait for the container to be killed
+ kill -9 $(isula inspect -f '{{.State.Pid}}' ${container_name})
+
+ # Wait for the container to be killed
+ success=1
+ for i in $(seq 1 "$retry_limit"); do
+ [[ $(isula inspect -f '{{.State.Health.Status}}' ${container_name}) == "unhealthy" ]]
+ if [ $? -eq 0 ]; then
+ success=0
+ break;
+ fi
+ sleep $retry_interval
+ done
# The container process exits abnormally and the health check status becomes unhealthy
- [[ $(isula inspect -f '{{.State.Health.Status}}' ${container_name}) == "unhealthy" ]]
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not unhealthy" && ((ret++))
+ [[ $success -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not unhealthy" && ((ret++))
- [[ $(isula inspect -f '{{.State.ExitCode}}' ${container_name}) == "137" ]]
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container exit code: not 137" && ((ret++))
+ success=1
+ for i in $(seq 1 "$retry_limit"); do
+ [[ $(isula inspect -f '{{.State.ExitCode}}' ${container_name}) == "137" ]]
+ if [ $? -eq 0 ]; then
+ success=0
+ break;
+ fi
+ sleep $retry_interval
+ done
+
+ [[ $success -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container exit code: not 137" && ((ret++))
isula rm -f ${container_name}
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to remove container: ${container_name}" && ((ret++))
@@ -168,8 +226,16 @@ function test_health_check_timeout()
# The container process exits and the health check status becomes unhealthy
[[ $success -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not unhealthy" && ((ret++))
- [[ $(isula inspect -f '{{.State.ExitCode}}' ${container_name}) == "137" ]]
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container exit code: not 137" && ((ret++))
+ success=1
+ for i in $(seq 1 "$retry_limit"); do
+ [[ $(isula inspect -f '{{.State.ExitCode}}' ${container_name}) == "137" ]]
+ if [ $? -eq 0 ]; then
+ success=0
+ break;
+ fi
+ sleep $retry_interval
+ done
+ [[ $success -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container exit code: not 137" && ((ret++))
isula rm -f ${container_name}
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to remove container: ${container_name}" && ((ret++))
--
2.40.1

75
0009-fix-memory-leak-and-array-access-out-of-range.patch
View File

@ -1,75 +0,0 @@
From ab1f394910103615d015077d538cb71c363397fc Mon Sep 17 00:00:00 2001
From: "Neil.wrz" <wangrunze13@huawei.com>
Date: Tue, 23 May 2023 19:01:40 -0700
Subject: [PATCH 9/9] fix memory leak and array access out of range
Signed-off-by: Neil.wrz <wangrunze13@huawei.com>
---
.../oci/storage/remote_layer_support/remote_support.c | 4 ++--
.../storage/remote_layer_support/ro_symlink_maintain.c | 2 +-
src/utils/http/parser.c | 10 ++++++++++
3 files changed, 13 insertions(+), 3 deletions(-)
diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c
index 748298cb..400678c4 100644
--- a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c
+++ b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c
@@ -105,12 +105,12 @@ int remote_start_refresh_thread(pthread_rwlock_t *remote_lock)
res = pthread_create(&a_thread, NULL, remote_refresh_ro_symbol_link, (void *)&supporters);
if (res != 0) {
CRIT("Thread creation failed");
- return -1;
+ goto free_out;
}
if (pthread_detach(a_thread) != 0) {
SYSERROR("Failed to detach 0x%lx", a_thread);
- return -1;
+ goto free_out;
}
return 0;
diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c b/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c
index 0e2b671b..2bcc43e6 100644
--- a/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c
+++ b/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c
@@ -136,7 +136,7 @@ static int do_build_ro_dir(const char *home, const char *id)
nret = asprintf(&ro_layer_dir, "%s/%s/%s", home, REMOTE_RO_LAYER_DIR, id);
if (nret < 0 || nret > PATH_MAX) {
SYSERROR("Failed to create ro layer dir path");
- return -1;
+ goto out;
}
if (util_mkdir_p(ro_layer_dir, IMAGE_STORE_PATH_MODE) != 0) {
diff --git a/src/utils/http/parser.c b/src/utils/http/parser.c
index 12df2435..a79893ba 100644
--- a/src/utils/http/parser.c
+++ b/src/utils/http/parser.c
@@ -88,6 +88,11 @@ static int parser_cb_header_field(http_parser *parser, const char *buf,
m->num_headers++;
}
+ if (m->num_headers == 0) {
+ ERROR("Failed to parse header field because headers num is 0");
+ return -1;
+ }
+
strlncat(m->headers[m->num_headers - 1][0], sizeof(m->headers[m->num_headers - 1][0]), buf, len);
m->last_header_element = FIELD;
@@ -100,6 +105,11 @@ static int parser_cb_header_value(http_parser *parser, const char *buf,
size_t len)
{
struct parsed_http_message *m = parser->data;
+
+ if (m->num_headers == 0) {
+ ERROR("Failed to parse header value because headers num is 0");
+ return -1;
+ }
strlncat(m->headers[m->num_headers - 1][1], sizeof(m->headers[m->num_headers - 1][1]), buf, len);
m->last_header_element = VALUE;
--
2.40.1

2669
0009-remove-unneccessary-strerror.patch Normal file
View File

File diff suppressed because it is too large Load Diff

358
0010-do-not-report-low-level-error-to-user.patch Normal file
View File

@ -0,0 +1,358 @@
From ab03fdd4261ebc11f18e3b783dfc38558e5247b5 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Wed, 6 Sep 2023 10:45:37 +0800
Subject: [PATCH 10/32] do not report low level error to user
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
src/daemon/entry/cri/cri_helpers.cc | 4 ++--
.../v1alpha/cri_container_manager_service.cc | 3 ++-
src/daemon/executor/container_cb/execution.c | 4 ++--
.../executor/container_cb/execution_network.c | 17 ++++++++---------
.../executor/container_cb/execution_stream.c | 4 ++--
src/daemon/modules/container/container_unix.c | 2 +-
src/daemon/modules/image/external/ext_image.c | 4 ++--
src/daemon/modules/image/oci/oci_load.c | 2 +-
.../modules/runtime/engines/lcr/lcr_rt_ops.c | 3 +--
src/daemon/modules/service/service_container.c | 2 +-
src/daemon/modules/spec/verify.c | 2 +-
src/daemon/modules/volume/local.c | 8 ++++----
src/utils/tar/isulad_tar.c | 16 ++++++++--------
src/utils/tar/util_archive.c | 12 ++++++------
14 files changed, 41 insertions(+), 42 deletions(-)
diff --git a/src/daemon/entry/cri/cri_helpers.cc b/src/daemon/entry/cri/cri_helpers.cc
index a80ec7d0..2e1096f5 100644
--- a/src/daemon/entry/cri/cri_helpers.cc
+++ b/src/daemon/entry/cri/cri_helpers.cc
@@ -540,8 +540,8 @@ void RemoveContainerLogSymlink(const std::string &containerID, Errors &error)
if (path != nullptr) {
// Only remove the symlink when container log path is specified.
if (util_path_remove(path) != 0 && errno != ENOENT) {
- error.Errorf("Failed to remove container %s log symlink %s: %s", containerID.c_str(), path,
- strerror(errno));
+ SYSERROR("Failed to remove container %s log symlink %s.", containerID.c_str(), path);
+ error.Errorf("Failed to remove container %s log symlink %s.", containerID.c_str(), path);
goto cleanup;
}
}
diff --git a/src/daemon/entry/cri/v1alpha/cri_container_manager_service.cc b/src/daemon/entry/cri/v1alpha/cri_container_manager_service.cc
index b4faab95..013b938a 100644
--- a/src/daemon/entry/cri/v1alpha/cri_container_manager_service.cc
+++ b/src/daemon/entry/cri/v1alpha/cri_container_manager_service.cc
@@ -547,8 +547,9 @@ void ContainerManagerService::CreateContainerLogSymlink(const std::string &conta
WARN("Deleted previously existing symlink file: %s", path);
}
if (symlink(realPath, path) != 0) {
+ SYSERROR("failed to create symbolic link %s to the container log file %s for container %s", path, realPath, containerID.c_str());
error.Errorf("failed to create symbolic link %s to the container log file %s for container %s: %s", path,
- realPath, containerID.c_str(), strerror(errno));
+ realPath, containerID.c_str());
goto cleanup;
}
} else {
diff --git a/src/daemon/executor/container_cb/execution.c b/src/daemon/executor/container_cb/execution.c
index d3571b7f..63d8143c 100644
--- a/src/daemon/executor/container_cb/execution.c
+++ b/src/daemon/executor/container_cb/execution.c
@@ -345,13 +345,13 @@ static int maybe_create_cpu_realtime_file(int64_t value, const char *file, const
fd = util_open(fpath, O_WRONLY | O_TRUNC | O_CREAT | O_CLOEXEC, 0700);
if (fd < 0) {
SYSERROR("Failed to open file: %s.", fpath);
- isulad_set_error_message("Failed to open file: %s: %s", fpath, strerror(errno));
+ isulad_set_error_message("Failed to open file: %s.", fpath);
return -1;
}
nwrite = util_write_nointr(fd, buf, strlen(buf));
if (nwrite < 0 || (size_t)nwrite != strlen(buf)) {
SYSERROR("Failed to write %s to %s.", buf, fpath);
- isulad_set_error_message("Failed to write '%s' to '%s': %s", buf, fpath, strerror(errno));
+ isulad_set_error_message("Failed to write '%s' to '%s'.", buf, fpath);
return -1;
}
diff --git a/src/daemon/executor/container_cb/execution_network.c b/src/daemon/executor/container_cb/execution_network.c
index ce924332..a145e33a 100644
--- a/src/daemon/executor/container_cb/execution_network.c
+++ b/src/daemon/executor/container_cb/execution_network.c
@@ -68,8 +68,8 @@ static int write_hostname_to_file(const char *rootfs, const char *hostname)
ret = util_write_file(file_path, hostname, strlen(hostname), NETWORK_MOUNT_FILE_MODE);
if (ret) {
- SYSERROR("Failed to write %s", file_path);
- isulad_set_error_message("Failed to write %s: %s", file_path, strerror(errno));
+ SYSERROR("Failed to write %s.", file_path);
+ isulad_set_error_message("Failed to write %s.", file_path);
goto out;
}
@@ -97,8 +97,8 @@ static int fopen_network(FILE **fp, char **file_path, const char *rootfs, const
*fp = util_fopen(*file_path, "a+");
if (*fp == NULL) {
- SYSERROR("Failed to open %s", *file_path);
- isulad_set_error_message("Failed to open %s: %s", *file_path, strerror(errno));
+ SYSERROR("Failed to open %s.", *file_path);
+ isulad_set_error_message("Failed to open %s.", *file_path);
return -1;
}
return 0;
@@ -169,8 +169,8 @@ static int write_content_to_file(const char *file_path, const char *content)
if (content != NULL) {
ret = util_write_file(file_path, content, strlen(content), NETWORK_MOUNT_FILE_MODE);
if (ret != 0) {
- SYSERROR("Failed to write file %s", file_path);
- isulad_set_error_message("Failed to write file %s: %s", file_path, strerror(errno));
+ SYSERROR("Failed to write file %s.", file_path);
+ isulad_set_error_message("Failed to write file %s.", file_path);
return ret;
}
}
@@ -702,9 +702,8 @@ static int chown_network(const char *user_remap, const char *rootfs, const char
goto out;
}
if (chown(file_path, host_uid, host_gid) != 0) {
- SYSERROR("Failed to chown network file '%s' to %u:%u", filename, host_uid, host_gid);
- isulad_set_error_message("Failed to chown network file '%s' to %u:%u: %s", filename, host_uid, host_gid,
- strerror(errno));
+ SYSERROR("Failed to chown network file '%s' to %u:%u.", filename, host_uid, host_gid);
+ isulad_set_error_message("Failed to chown network file '%s' to %u:%u.", filename, host_uid, host_gid);
ret = -1;
goto out;
}
diff --git a/src/daemon/executor/container_cb/execution_stream.c b/src/daemon/executor/container_cb/execution_stream.c
index 7e84cca3..aae9c234 100644
--- a/src/daemon/executor/container_cb/execution_stream.c
+++ b/src/daemon/executor/container_cb/execution_stream.c
@@ -536,7 +536,7 @@ static container_path_stat *do_container_stat_path(const char *rootpath, const c
nret = lstat(resolvedpath, &st);
if (nret < 0) {
SYSERROR("lstat %s failed.", resolvedpath);
- isulad_set_error_message("lstat %s: %s", resolvedpath, strerror(errno));
+ isulad_set_error_message("lstat %s failed.", resolvedpath);
goto cleanup;
}
@@ -922,7 +922,7 @@ static int copy_to_container_check_path_valid(const container_t *cont, const cha
nret = lstat(resolvedpath, &st);
if (nret < 0) {
SYSERROR("lstat %s failed", resolvedpath);
- isulad_set_error_message("lstat %s: %s", resolvedpath, strerror(errno));
+ isulad_set_error_message("lstat %s failed", resolvedpath);
goto cleanup;
}
diff --git a/src/daemon/modules/container/container_unix.c b/src/daemon/modules/container/container_unix.c
index e8c98441..fa53a85f 100644
--- a/src/daemon/modules/container/container_unix.c
+++ b/src/daemon/modules/container/container_unix.c
@@ -518,7 +518,7 @@ static int save_json_config_file(const char *id, const char *rootpath, const cha
nret = util_atomic_write_file(filename, json_data, strlen(json_data), CONFIG_FILE_MODE, false);
if (nret != 0) {
SYSERROR("Write file %s failed.", filename);
- isulad_set_error_message("Write file '%s' failed: %s", filename, strerror(errno));
+ isulad_set_error_message("Write file '%s' failed.", filename);
ret = -1;
}
diff --git a/src/daemon/modules/image/external/ext_image.c b/src/daemon/modules/image/external/ext_image.c
index 10af82a3..e1706469 100644
--- a/src/daemon/modules/image/external/ext_image.c
+++ b/src/daemon/modules/image/external/ext_image.c
@@ -65,8 +65,8 @@ int ext_prepare_rf(const im_prepare_request *request, char **real_rootfs)
return -1;
}
if (realpath(request->rootfs, real_path) == NULL) {
- SYSERROR("Failed to clean rootfs path '%s'", request->rootfs);
- isulad_set_error_message("Failed to clean rootfs path '%s': %s", request->rootfs, strerror(errno));
+ SYSERROR("Failed to clean rootfs path '%s'.", request->rootfs);
+ isulad_set_error_message("Failed to clean rootfs path '%s'.", request->rootfs);
return -1;
}
*real_rootfs = util_strdup_s(real_path);
diff --git a/src/daemon/modules/image/oci/oci_load.c b/src/daemon/modules/image/oci/oci_load.c
index d2efab81..5511a70c 100644
--- a/src/daemon/modules/image/oci/oci_load.c
+++ b/src/daemon/modules/image/oci/oci_load.c
@@ -1046,7 +1046,7 @@ static char *oci_load_path_create()
if (mkdtemp(tmp_dir) == NULL) {
SYSERROR("make temporary dir failed");
- isulad_try_set_error_message("make temporary dir failed: %s", strerror(errno));
+ isulad_try_set_error_message("make temporary dir failed");
ret = -1;
goto out;
}
diff --git a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
index e985cfc1..f61316d0 100644
--- a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
+++ b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
@@ -209,9 +209,8 @@ static int remove_container_rootpath(const char *id, const char *root_path)
}
ret = util_recursive_rmdir(cont_root_path, 0);
if (ret != 0) {
- const char *tmp_err = (errno != 0) ? strerror(errno) : "error";
SYSERROR("Failed to delete container's root directory %s.", cont_root_path);
- isulad_set_error_message("Failed to delete container's root directory %s: %s", cont_root_path, tmp_err);
+ isulad_set_error_message("Failed to delete container's root directory %s.", cont_root_path);
ret = -1;
goto out;
}
diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
index 483670de..370ba059 100644
--- a/src/daemon/modules/service/service_container.c
+++ b/src/daemon/modules/service/service_container.c
@@ -596,7 +596,7 @@ static int valid_mount_point(container_config_v2_common_config_mount_points_elem
if (lstat(mp->source, &st) != 0) {
SYSERROR("lstat %s failed", mp->source);
- isulad_set_error_message("lstat %s: %s", mp->source, strerror(errno));
+ isulad_set_error_message("lstat %s failed", mp->source);
return -1;
}
diff --git a/src/daemon/modules/spec/verify.c b/src/daemon/modules/spec/verify.c
index 6180b887..92029cbd 100644
--- a/src/daemon/modules/spec/verify.c
+++ b/src/daemon/modules/spec/verify.c
@@ -1536,7 +1536,7 @@ static int verify_custom_mount(defs_mount **mounts, size_t len)
if (!util_file_exists(iter->source) && util_mkdir_p(iter->source, mode)) {
#endif
SYSERROR("Failed to create directory '%s'", iter->source);
- isulad_try_set_error_message("Failed to create directory '%s': %s", iter->source, strerror(errno));
+ isulad_try_set_error_message("Failed to create directory '%s'", iter->source);
ret = -1;
goto out;
}
diff --git a/src/daemon/modules/volume/local.c b/src/daemon/modules/volume/local.c
index 7f95757d..6c3354dc 100644
--- a/src/daemon/modules/volume/local.c
+++ b/src/daemon/modules/volume/local.c
@@ -556,15 +556,15 @@ static int remove_volume_dir(char *path)
// remain untouched if we remove the data directory failed.
ret = util_recursive_rmdir(path, 0);
if (ret != 0) {
- SYSERROR("failed to remove volume data dir %s", path);
- isulad_try_set_error_message("failed to remove volume data dir %s: %s", path, strerror(errno));
+ SYSERROR("failed to remove volume data dir %s.", path);
+ isulad_try_set_error_message("failed to remove volume data dir %s.", path);
goto out;
}
ret = util_recursive_rmdir(vol_dir, 0);
if (ret != 0) {
- SYSERROR("failed to remove volume dir %s", vol_dir);
- isulad_try_set_error_message("failed to remove volume dir %s: %s", vol_dir, strerror(errno));
+ SYSERROR("failed to remove volume dir %s.", vol_dir);
+ isulad_try_set_error_message("failed to remove volume dir %s.", vol_dir);
goto out;
}
diff --git a/src/utils/tar/isulad_tar.c b/src/utils/tar/isulad_tar.c
index 7218cca8..bffbb43b 100644
--- a/src/utils/tar/isulad_tar.c
+++ b/src/utils/tar/isulad_tar.c
@@ -114,7 +114,7 @@ static int resolve_host_source_path(const char *path, bool follow_link, char **r
if (follow_link) {
if (realpath(path, real_path) == NULL) {
SYSERROR("Can not get real path of %s.", real_path);
- format_errorf(err, "Can not get real path of %s: %s", real_path, strerror(errno));
+ format_errorf(err, "Can not get real path of %s.", real_path);
return -1;
}
nret = get_rebase_name(path, real_path, resolved_path, rebase_name);
@@ -131,7 +131,7 @@ static int resolve_host_source_path(const char *path, bool follow_link, char **r
}
if (realpath(dirpath, real_path) == NULL) {
SYSERROR("Can not get real path of %s.", dirpath);
- format_errorf(err, "Can not get real path of %s: %s", dirpath, strerror(errno));
+ format_errorf(err, "Can not get real path of %s.", dirpath);
goto cleanup;
}
nret = snprintf(resolved, sizeof(resolved), "%s/%s", real_path, basepath);
@@ -192,7 +192,7 @@ struct archive_copy_info *copy_info_source_path(const char *path, bool follow_li
nret = lstat(resolved_path, &st);
if (nret < 0) {
SYSERROR("lstat %s failed", resolved_path);
- format_errorf(err, "lstat %s: %s", resolved_path, strerror(errno));
+ format_errorf(err, "lstat %s failed", resolved_path);
goto cleanup;
}
@@ -225,8 +225,8 @@ static int copy_info_destination_path_ret(struct archive_copy_info *info, struct
ret = (int)readlink(iter_path, target, PATH_MAX);
if (ret < 0) {
- SYSERROR("Failed to read link of %s", iter_path);
- format_errorf(err, "Failed to read link of %s: %s", iter_path, strerror(errno));
+ SYSERROR("Failed to read link of %s.", iter_path);
+ format_errorf(err, "Failed to read link of %s.", iter_path);
goto cleanup;
}
// is not absolutely path
@@ -258,8 +258,8 @@ static int copy_info_destination_path_ret(struct archive_copy_info *info, struct
if (ret != 0) {
char *dst_parent = NULL;
if (errno != ENOENT) {
- SYSERROR("Can not stat %s", iter_path);
- format_errorf(err, "Can not stat %s: %s", iter_path, strerror(errno));
+ SYSERROR("Can not stat %s.", iter_path);
+ format_errorf(err, "Can not stat %s.", iter_path);
goto cleanup;
}
@@ -429,7 +429,7 @@ static int tar_resource_rebase(const char *path, const char *rebase, const char
if (lstat(path, &st) < 0) {
SYSERROR("lstat %s failed", path);
- format_errorf(err, "lstat %s: %s", path, strerror(errno));
+ format_errorf(err, "lstat %s failed", path);
return -1;
}
if (util_split_path_dir_entry(path, &srcdir, &srcbase) < 0) {
diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c
index f34572ae..82194654 100644
--- a/src/utils/tar/util_archive.c
+++ b/src/utils/tar/util_archive.c
@@ -257,8 +257,8 @@ static int do_safe_chroot(const char *dstdir)
prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
if (chroot(dstdir) != 0) {
- SYSERROR("Failed to chroot to %s", dstdir);
- fprintf(stderr, "Failed to chroot to %s: %s", dstdir, strerror(errno));
+ SYSERROR("Failed to chroot to %s.", dstdir);
+ fprintf(stderr, "Failed to chroot to %s.", dstdir);
return -1;
}
@@ -846,15 +846,15 @@ int archive_unpack(const struct io_read_wrapper *content, const char *dstdir, co
}
if (do_safe_chroot(safe_dir) != 0) {
- SYSERROR("Failed to chroot to %s", safe_dir);
- fprintf(stderr, "Failed to chroot to %s: %s", safe_dir, strerror(errno));
+ SYSERROR("Failed to chroot to %s.", safe_dir);
+ fprintf(stderr, "Failed to chroot to %s.", safe_dir);
ret = -1;
goto child_out;
}
if (chdir("/") != 0) {
SYSERROR("Failed to chroot to /");
- fprintf(stderr, "Failed to chroot to /: %s", strerror(errno));
+ fprintf(stderr, "Failed to chroot to /");
ret = -1;
goto child_out;
}
@@ -1253,7 +1253,7 @@ int archive_chroot_tar(const char *path, const char *file, const char *root_dir,
fd = open(file, TAR_DEFAULT_FLAG, TAR_DEFAULT_MODE);
if (fd < 0) {
SYSERROR("Failed to open file %s for export", file);
- fprintf(stderr, "Failed to open file %s for export: %s\n", file, strerror(errno));
+ fprintf(stderr, "Failed to open file %s for export\n", file);
ret = -1;
goto child_out;
}
--
2.25.1

130
0010-fix-memory-leak-of-top_layer.patch
View File

@ -1,130 +0,0 @@
From 10d3f420735925bcc747384198fdc07bb8faf0c2 Mon Sep 17 00:00:00 2001
From: "Neil.wrz" <wangrunze13@huawei.com>
Date: Wed, 24 May 2023 18:35:33 -0700
Subject: [PATCH 10/15] fix memory leak of top_layer
Signed-off-by: Neil.wrz <wangrunze13@huawei.com>
---
.../oci/storage/image_store/image_store.c | 3 +-
.../remote_layer_support/image_remote_impl.c | 50 +++++++++++++------
.../overlay_remote_impl.c | 4 +-
3 files changed, 38 insertions(+), 19 deletions(-)
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c
index 473ba3c8..65b90832 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c
+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c
@@ -3681,7 +3681,8 @@ int remote_append_image_by_directory_with_lock(const char *id)
nret = snprintf(image_path, sizeof(image_path), "%s/%s", g_image_store->dir, id);
if (nret < 0 || (size_t)nret >= sizeof(image_path)) {
ERROR("Failed to get image path");
- return -1;
+ ret = -1;
+ goto out;
}
ret = append_image_by_directory(image_path);
diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/image_remote_impl.c b/src/daemon/modules/image/oci/storage/remote_layer_support/image_remote_impl.c
index 92bf901d..b4a53ec1 100644
--- a/src/daemon/modules/image/oci/storage/remote_layer_support/image_remote_impl.c
+++ b/src/daemon/modules/image/oci/storage/remote_layer_support/image_remote_impl.c
@@ -126,11 +126,43 @@ out:
return ret;
}
+static int check_top_layer_and_add_image(const char *id)
+{
+ char *top_layer = NULL;
+ int ret = 0;
+
+ top_layer = remote_image_get_top_layer_from_json(id);
+ if (top_layer == NULL) {
+ WARN("Can't get top layer id for image: %s, image not add", id);
+ return 0;
+ }
+
+ if (!remote_layer_layer_valid(top_layer)) {
+ WARN("Current not find valid under layer, remote image:%s not add", id);
+ if (!map_remove(image_byid_new, (void *)id)) {
+ WARN("image %s will not be loaded from remote.", id);
+ }
+ goto out;
+ }
+
+ if (remote_append_image_by_directory_with_lock(id) != 0) {
+ ERROR("Failed to load image into memrory: %s", id);
+ if (!map_remove(image_byid_new, (void *)id)) {
+ WARN("image %s will not be loaded from remote", id);
+ }
+ ret = -1;
+ }
+
+out:
+ free(top_layer);
+
+ return ret;
+}
+
static int remote_image_add(void *data)
{
char **array_added = NULL;
char **array_deleted = NULL;
- char *top_layer = NULL;
map_t *tmp_map = NULL;
bool exist = true;
size_t i = 0;
@@ -144,20 +176,7 @@ static int remote_image_add(void *data)
array_deleted = remote_deleted_layers(image_byid_old, image_byid_new);
for (i = 0; i < util_array_len((const char **)array_added); i++) {
- top_layer = remote_image_get_top_layer_from_json(array_added[i]);
- if (top_layer != NULL && !remote_layer_layer_valid(top_layer)) {
- WARN("Current not find valid under layer, remoet image:%s not added", array_added[i]);
- if (!map_remove(image_byid_new, (void *)array_added[i])) {
- WARN("image %s will not be loaded from remote.", array_added[i]);
- }
- continue;
- }
-
- if (remote_append_image_by_directory_with_lock(array_added[i]) != 0) {
- ERROR("Failed to load image into memrory: %s", array_added[i]);
- if (!map_remove(image_byid_new, (void *)array_added[i])) {
- WARN("image %s will not be loaded from remote", array_added[i]);
- }
+ if (check_top_layer_and_add_image(array_added[i]) != 0) {
ret = -1;
}
}
@@ -179,7 +198,6 @@ static int remote_image_add(void *data)
util_free_array(array_added);
util_free_array(array_deleted);
- free(top_layer);
return ret;
}
diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c b/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c
index 30caf175..238506c2 100644
--- a/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c
+++ b/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c
@@ -292,7 +292,7 @@ free_out:
return ret;
}
-static int remote_image_add(struct remote_overlay_data *data)
+static int remote_overlay_add(struct remote_overlay_data *data)
{
int ret = 0;
char **array_added = NULL;
@@ -346,7 +346,7 @@ void remote_overlay_refresh(struct remote_overlay_data *data)
return;
}
- if (remote_image_add(data) != 0) {
+ if (remote_overlay_add(data) != 0) {
ERROR("refresh overlay failed");
}
}
--
2.25.1

223
0011-distinguishing-exit-codes-between-shim-and-container.patch
View File

@ -1,223 +0,0 @@
From b878dde993c8da90788fae5c2a463812001bff30 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 24 May 2023 09:35:35 +0800
Subject: [PATCH 11/15] distinguishing exit codes between shim and container
processes
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/cmd/isulad-shim/main.c | 10 ++-
src/cmd/isulad-shim/process.c | 8 ++-
.../modules/runtime/isula/isula_rt_ops.c | 63 +++++++++++++++----
3 files changed, 64 insertions(+), 17 deletions(-)
diff --git a/src/cmd/isulad-shim/main.c b/src/cmd/isulad-shim/main.c
index ed55805c..e2625aac 100644
--- a/src/cmd/isulad-shim/main.c
+++ b/src/cmd/isulad-shim/main.c
@@ -160,5 +160,13 @@ int main(int argc, char **argv)
released_timeout_exit();
- return process_signal_handle_routine(p, tid_epoll, timeout);
+ ret = process_signal_handle_routine(p, tid_epoll, timeout);
+ if (ret == SHIM_ERR) {
+ exit(EXIT_FAILURE);
+ }
+ if (ret == SHIM_ERR_TIMEOUT) {
+ exit(SHIM_EXIT_TIMEOUT);
+ }
+
+ exit(EXIT_SUCCESS);
}
diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c
index 6ad50c53..1d070f83 100644
--- a/src/cmd/isulad-shim/process.c
+++ b/src/cmd/isulad-shim/process.c
@@ -1269,7 +1269,7 @@ int process_signal_handle_routine(process_t *p, const pthread_t tid_epoll, const
nret = kill(p->ctr_pid, SIGKILL);
if (nret < 0 && errno != ESRCH) {
write_message(g_log_fd, ERR_MSG, "Can not kill process (pid=%d) with SIGKILL", p->ctr_pid);
- exit(EXIT_FAILURE);
+ return SHIM_ERR;
}
}
@@ -1307,8 +1307,10 @@ int process_signal_handle_routine(process_t *p, const pthread_t tid_epoll, const
if (ret == SHIM_ERR_TIMEOUT) {
write_message(g_log_fd, INFO_MSG, "Wait %d timeout", p->ctr_pid);
- exit(SHIM_EXIT_TIMEOUT);
+ return SHIM_ERR_TIMEOUT;
}
- return status;
+ // write container process exit_code in stdout
+ (void)write_nointr(STDOUT_FILENO, &status, sizeof(int));
+ return SHIM_OK;
}
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index 07f714f0..84a081c1 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -677,9 +677,9 @@ static int runtime_call_kill_and_check(const char *workdir, const char *runtime,
static int runtime_call_delete_force(const char *workdir, const char *runtime, const char *id)
{
const char *opts[1] = { "--force" };
- // delete succeed, return 0;
- // When the runc version is less than or equal to v1.0.0-rc3,
- // if the container does not exist when force deleting it,
+ // delete succeed, return 0;
+ // When the runc version is less than or equal to v1.0.0-rc3,
+ // if the container does not exist when force deleting it,
// runc will report an error and isulad does not need to retry the deletion again.
// related PR ID:d1a743674a98e23d348b29f52c43436356f56b79
// non_existent_output_check succeed, return 0;
@@ -704,11 +704,16 @@ static int status_to_exit_code(int status)
return exit_code;
}
+/*
+ exit_code records the exit code of the container, obtained by reading the stdout of isulad-shim;
+ shim_exit_code records the exit code of isulad-shim, obtained through waitpid;
+*/
static int shim_create(bool fg, const char *id, const char *workdir, const char *bundle, const char *runtime_cmd,
- int *exit_code, const char* timeout)
+ int *exit_code, const char* timeout, int* shim_exit_code)
{
pid_t pid = 0;
int exec_fd[2] = { -1, -1 };
+ int shim_stdout_pipe[2] = { -1, -1 };
int num = 0;
int ret = 0;
char exec_buff[BUFSIZ + 1] = { 0 };
@@ -738,11 +743,18 @@ static int shim_create(bool fg, const char *id, const char *workdir, const char
return -1;
}
+ if (pipe2(shim_stdout_pipe, O_CLOEXEC) != 0) {
+ ERROR("Failed to create pipe for shim exit code");
+ return -1;
+ }
+
pid = fork();
if (pid < 0) {
ERROR("Failed fork for shim parent %s", strerror(errno));
close(exec_fd[0]);
close(exec_fd[1]);
+ close(shim_stdout_pipe[0]);
+ close(shim_stdout_pipe[1]);
return -1;
}
@@ -777,12 +789,21 @@ static int shim_create(bool fg, const char *id, const char *workdir, const char
realexec:
/* real shim process. */
close(exec_fd[0]);
+ close(shim_stdout_pipe[0]);
+ // child process, dup2 shim_stdout_pipe[1] to STDOUT
+ if (dup2(shim_stdout_pipe[1], STDOUT_FILENO) < 0) {
+ (void)dprintf(exec_fd[1], "Dup fd error: %s", strerror(errno));
+ exit(EXIT_FAILURE);
+ }
+
if (setsid() < 0) {
(void)dprintf(exec_fd[1], "%s: failed setsid for process %d", id, getpid());
exit(EXIT_FAILURE);
}
-
- if (util_check_inherited(true, exec_fd[1]) != 0) {
+ int ignore_fd[2] = {-1, -1};
+ ignore_fd[0] = exec_fd[1];
+ ignore_fd[1] = shim_stdout_pipe[1];
+ if (util_check_inherited_exclude_fds(true, ignore_fd, 2) != 0) {
(void)dprintf(exec_fd[1], "close inherited fds failed");
}
@@ -791,24 +812,38 @@ realexec:
}
close(exec_fd[1]);
+ close(shim_stdout_pipe[1]);
num = util_read_nointr(exec_fd[0], exec_buff, sizeof(exec_buff) - 1);
close(exec_fd[0]);
if (num > 0) {
- ERROR("exec failed: %s", exec_buff);
+ ERROR("Exec failed: %s", exec_buff);
ret = -1;
goto out;
}
status = util_wait_for_pid_status(pid);
if (status < 0) {
- ERROR("failed wait shim-parent %d exit %s", pid, strerror(errno));
+ ERROR("Failed wait shim-parent %d exit %s", pid, strerror(errno));
ret = -1;
goto out;
}
- if (exit_code != NULL) {
- *exit_code = status_to_exit_code(status);
+ *shim_exit_code = status_to_exit_code(status);
+ if (*shim_exit_code != 0) {
+ ERROR("Isulad-shim exit error");
+ ret = -1;
+ goto out;
+ }
+
+ if (exit_code == NULL) {
+ goto out;
+ }
+ ret = util_read_nointr(shim_stdout_pipe[0], exit_code, sizeof(int));
+ close(shim_stdout_pipe[0]);
+ if (ret <= 0) {
+ *exit_code = 137;
}
+ ret = 0;
out:
if (ret != 0) {
@@ -892,6 +927,7 @@ int rt_isula_create(const char *id, const char *runtime, const rt_create_params_
int ret = 0;
char workdir[PATH_MAX] = { 0 };
shim_client_process_state p = { 0 };
+ int shim_exit_code = 0;
if (id == NULL || runtime == NULL || params == NULL) {
ERROR("nullptr arguments not allowed");
@@ -924,7 +960,7 @@ int rt_isula_create(const char *id, const char *runtime, const rt_create_params_
}
get_runtime_cmd(runtime, &cmd);
- ret = shim_create(false, id, workdir, params->bundle, cmd, NULL, NULL);
+ ret = shim_create(false, id, workdir, params->bundle, cmd, NULL, NULL, &shim_exit_code);
if (ret != 0) {
runtime_call_delete_force(workdir, runtime, id);
ERROR("%s: failed create shim process", id);
@@ -1125,6 +1161,7 @@ int rt_isula_exec(const char *id, const char *runtime, const rt_exec_params_t *p
int pid = 0;
shim_client_process_state p = { 0 };
char *timeout = NULL;
+ int shim_exit_code = 0;
if (id == NULL || runtime == NULL || params == NULL || exit_code == NULL) {
ERROR("nullptr arguments not allowed");
@@ -1199,13 +1236,13 @@ int rt_isula_exec(const char *id, const char *runtime, const rt_exec_params_t *p
}
}
- ret = shim_create(fg_exec(params), id, workdir, bundle, cmd, exit_code, timeout);
+ ret = shim_create(fg_exec(params), id, workdir, bundle, cmd, exit_code, timeout, &shim_exit_code);
if (ret != 0) {
ERROR("%s: failed create shim process for exec %s", id, exec_id);
goto errlog_out;
}
- if (*exit_code == SHIM_EXIT_TIMEOUT) {
+ if (shim_exit_code == SHIM_EXIT_TIMEOUT) {
ret = -1;
isulad_set_error_message("Exec container error;exec timeout");
ERROR("isulad-shim %d exit for execing timeout", pid);
--
2.25.1

891
0011-remove-usage-of-strerror-with-user-defined-errno.patch Normal file
View File

@ -0,0 +1,891 @@
From 16a4b6f334e4e81615a71cf7930158fb1bee5a12 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Wed, 6 Sep 2023 15:05:29 +0800
Subject: [PATCH 11/32] remove usage of strerror with user defined errno
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
src/cmd/command_parser.c | 12 ++++++----
src/cmd/isula/base/create.c | 3 ++-
src/cmd/isula/isula_host_spec.c | 9 ++++---
src/cmd/isulad/main.c | 8 ++++---
src/cmd/options/opt_ulimit.c | 6 +++--
src/daemon/entry/cri/cni_network_plugin.cc | 9 ++++---
src/daemon/entry/cri/sysctl_tools.c | 14 +++++++----
.../v1/v1_cri_container_manager_service.cc | 4 ++--
.../v1/v1_cri_pod_sandbox_manager_service.cc | 3 ++-
src/daemon/executor/network_cb/network_cb.c | 6 +++--
src/daemon/modules/image/oci/oci_image.c | 6 +++--
.../oci/storage/image_store/image_store.c | 6 +++--
.../graphdriver/devmapper/deviceset.c | 19 +++++++++------
.../storage/layer_store/graphdriver/driver.c | 9 ++++---
.../graphdriver/overlay2/driver_overlay2.c | 17 ++++++++-----
.../oci/storage/layer_store/layer_store.c | 6 +++--
.../remote_layer_support/remote_support.c | 6 +++--
.../oci/storage/rootfs_store/rootfs_store.c | 6 +++--
.../modules/image/oci/storage/storage.c | 6 +++--
.../cni_operator/libcni/invoke/libcni_errno.c | 8 -------
.../cni_operator/libcni/invoke/libcni_errno.h | 2 --
.../cni_operator/libcni/libcni_cached.c | 3 ++-
.../modules/network/native/adaptor_native.c | 17 ++++++++-----
src/daemon/modules/plugin/plugin.c | 24 ++++++++++++-------
src/daemon/modules/service/service_network.c | 6 ++---
src/daemon/sandbox/sandbox.cc | 8 ++++---
src/utils/cutils/network_namespace.c | 3 ++-
src/utils/cutils/utils_file.c | 4 +++-
28 files changed, 144 insertions(+), 86 deletions(-)
diff --git a/src/cmd/command_parser.c b/src/cmd/command_parser.c
index ac353b40..1ad1d92b 100644
--- a/src/cmd/command_parser.c
+++ b/src/cmd/command_parser.c
@@ -546,7 +546,8 @@ int command_convert_u16(command_option_t *option, const char *arg)
}
ret = util_safe_u16(arg, option->data);
if (ret != 0) {
- COMMAND_ERROR("Invalid value \"%s\" for flag --%s: %s", arg, option->large, strerror(-ret));
+ errno = -ret;
+ CMD_SYSERROR("Invalid value \"%s\" for flag --%s", arg, option->large);
return EINVALIDARGS;
}
return 0;
@@ -561,7 +562,8 @@ int command_convert_llong(command_option_t *opt, const char *arg)
}
ret = util_safe_llong(arg, opt->data);
if (ret != 0) {
- COMMAND_ERROR("Invalid value \"%s\" for flag --%s: %s", arg, opt->large, strerror(-ret));
+ errno = -ret;
+ CMD_SYSERROR("Invalid value \"%s\" for flag --%s", arg, opt->large);
return EINVALIDARGS;
}
return 0;
@@ -575,7 +577,8 @@ int command_convert_uint(command_option_t *opt, const char *arg)
}
ret = util_safe_uint(arg, opt->data);
if (ret != 0) {
- COMMAND_ERROR("Invalid value \"%s\" for flag --%s: %s", arg, opt->large, strerror(-ret));
+ errno = -ret;
+ CMD_SYSERROR("Invalid value \"%s\" for flag --%s", arg, opt->large);
return EINVALIDARGS;
}
return 0;
@@ -590,7 +593,8 @@ int command_convert_int(command_option_t *option, const char *arg)
}
ret = util_safe_int(arg, option->data);
if (ret != 0) {
- COMMAND_ERROR("Invalid value \"%s\" for flag --%s: %s", arg, option->large, strerror(-ret));
+ errno = -ret;
+ CMD_SYSERROR("Invalid value \"%s\" for flag --%s", arg, option->large);
return EINVALIDARGS;
}
return 0;
diff --git a/src/cmd/isula/base/create.c b/src/cmd/isula/base/create.c
index aa90c5d6..cd0d4abd 100644
--- a/src/cmd/isula/base/create.c
+++ b/src/cmd/isula/base/create.c
@@ -2032,7 +2032,8 @@ static int create_check_hugetlbs(const struct client_arguments *args)
}
ret = util_parse_byte_size_string(limit, &limitvalue);
if (ret != 0) {
- COMMAND_ERROR("Invalid hugetlb limit:%s:%s", limit, strerror(-ret));
+ errno = -ret;
+ CMD_SYSERROR("Invalid hugetlb limit:%s", limit);
free(dup);
ret = -1;
goto out;
diff --git a/src/cmd/isula/isula_host_spec.c b/src/cmd/isula/isula_host_spec.c
index 9fa08bd2..6f39588d 100644
--- a/src/cmd/isula/isula_host_spec.c
+++ b/src/cmd/isula/isula_host_spec.c
@@ -66,7 +66,8 @@ static bool parse_restart_policy(const char *policy, host_config_restart_policy
}
nret = util_safe_int(dotpos, &(*rp)->maximum_retry_count);
if (nret != 0) {
- COMMAND_ERROR("Maximum retry count must be an integer: %s", strerror(-nret));
+ errno = -nret;
+ CMD_SYSERROR("Maximum retry count must be an integer");
goto cleanup;
}
}
@@ -724,7 +725,8 @@ static host_config_hugetlbs_element *pase_hugetlb_limit(const char *input)
ret = util_parse_byte_size_string(limit_value, &tconverted);
if (ret != 0 || tconverted < 0) {
- COMMAND_ERROR("Parse limit value: %s failed:%s", limit_value, strerror(-ret));
+ errno = -ret;
+ CMD_SYSERROR("Parse limit value: %s failed", limit_value);
goto free_out;
}
limit = (uint64_t)tconverted;
@@ -733,7 +735,8 @@ static host_config_hugetlbs_element *pase_hugetlb_limit(const char *input)
tconverted = 0;
ret = util_parse_byte_size_string(pagesize, &tconverted);
if (ret != 0 || tconverted < 0) {
- COMMAND_ERROR("Parse pagesize error.Invalid hugepage size: %s: %s", pagesize, strerror(-ret));
+ errno = -ret;
+ CMD_SYSERROR("Parse pagesize error.Invalid hugepage size: %s", pagesize);
goto free_out;
}
page = (uint64_t)tconverted;
diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c
index 39cde6aa..8369f9e2 100644
--- a/src/cmd/isulad/main.c
+++ b/src/cmd/isulad/main.c
@@ -632,8 +632,9 @@ static int parse_time_duration(const char *value, unsigned int *seconds)
*(num_str + len - 1) = '\0';
ret = util_safe_uint(num_str, &tmp);
if (ret < 0) {
- ERROR("Illegal unsigned integer: %s", num_str);
- COMMAND_ERROR("Illegal unsigned integer:%s:%s", num_str, strerror(-ret));
+ errno = -ret;
+ SYSERROR("Illegal unsigned integer: %s", num_str);
+ COMMAND_ERROR("Illegal unsigned integer:%s", num_str);
ret = -1;
goto out;
}
@@ -1407,7 +1408,8 @@ static int create_mount_flock_file(const struct service_arguments *args)
// recreate mount flock file
// and make file uid/gid and permission correct
if (!util_force_remove_file(cleanpath, &err)) {
- ERROR("Failed to delete %s, error: %s. Please delete %s manually.", path, strerror(err), path);
+ errno = err;
+ SYSERROR("Failed to delete %s. Please delete %s manually.", path, path);
return -1;
}
}
diff --git a/src/cmd/options/opt_ulimit.c b/src/cmd/options/opt_ulimit.c
index 55912a16..6853c0d9 100644
--- a/src/cmd/options/opt_ulimit.c
+++ b/src/cmd/options/opt_ulimit.c
@@ -63,7 +63,8 @@ static int parse_soft_hard_ulimit(const char *val, char **limitvals, size_t limi
// parse soft
ret = util_safe_llong(limitvals[0], &converted);
if (ret < 0) {
- COMMAND_ERROR("Invalid ulimit soft value: \"%s\", parse int64 failed: %s", val, strerror(-ret));
+ errno = -ret;
+ CMD_SYSERROR("Invalid ulimit soft value: \"%s\", parse int64 failed", val);
ret = -1;
goto out;
}
@@ -74,7 +75,8 @@ static int parse_soft_hard_ulimit(const char *val, char **limitvals, size_t limi
converted = 0;
ret = util_safe_llong(limitvals[1], &converted);
if (ret < 0) {
- COMMAND_ERROR("Invalid ulimit hard value: \"%s\", parse int64 failed: %s", val, strerror(-ret));
+ errno = -ret;
+ CMD_SYSERROR("Invalid ulimit hard value: \"%s\", parse int64 failed", val);
ret = -1;
goto out;
}
diff --git a/src/daemon/entry/cri/cni_network_plugin.cc b/src/daemon/entry/cri/cni_network_plugin.cc
index 1c7fea2e..c186d185 100644
--- a/src/daemon/entry/cri/cni_network_plugin.cc
+++ b/src/daemon/entry/cri/cni_network_plugin.cc
@@ -796,7 +796,8 @@ void CniNetworkPlugin::RLockNetworkMap(Errors &error)
int ret = pthread_rwlock_rdlock(&m_netsLock);
if (ret != 0) {
error.Errorf("Failed to get read lock");
- ERROR("Get read lock failed: %s", strerror(ret));
+ errno = ret;
+ SYSERROR("Get read lock failed");
}
}
@@ -805,7 +806,8 @@ void CniNetworkPlugin::WLockNetworkMap(Errors &error)
int ret = pthread_rwlock_wrlock(&m_netsLock);
if (ret != 0) {
error.Errorf("Failed to get write lock");
- ERROR("Get write lock failed: %s", strerror(ret));
+ errno = ret;
+ SYSERROR("Get write lock failed");
}
}
@@ -814,7 +816,8 @@ void CniNetworkPlugin::UnlockNetworkMap(Errors &error)
int ret = pthread_rwlock_unlock(&m_netsLock);
if (ret != 0) {
error.Errorf("Failed to unlock");
- ERROR("Unlock failed: %s", strerror(ret));
+ errno = ret;
+ SYSERROR("Unlock failed");
}
}
diff --git a/src/daemon/entry/cri/sysctl_tools.c b/src/daemon/entry/cri/sysctl_tools.c
index 847c36e9..ac4fb226 100644
--- a/src/daemon/entry/cri/sysctl_tools.c
+++ b/src/daemon/entry/cri/sysctl_tools.c
@@ -22,6 +22,8 @@
#include <unistd.h>
#include <limits.h>
+#include <isula_libutils/log.h>
+
#include "utils.h"
int get_sysctl(const char *sysctl, char **err)
@@ -41,14 +43,16 @@ int get_sysctl(const char *sysctl, char **err)
ret = -1;
fd = util_open(fullpath, O_RDONLY, 0);
if (fd < 0) {
- if (asprintf(err, "Open %s failed: %s", sysctl, strerror(errno)) < 0) {
+ SYSWARN("Open %s failed", sysctl);
+ if (asprintf(err, "Open %s failed", sysctl) < 0) {
*err = util_strdup_s("Out of memory");
}
goto free_out;
}
rsize = util_read_nointr(fd, buff, sizeof(buff) - 1);
if (rsize <= 0) {
- if (asprintf(err, "Read file failed: %s", strerror(errno)) < 0) {
+ SYSWARN("Read file: %s failed", sysctl);
+ if (asprintf(err, "Read file: %s failed", sysctl) < 0) {
*err = util_strdup_s("Out of memory");
}
goto free_out;
@@ -93,14 +97,16 @@ int set_sysctl(const char *sysctl, int new_value, char **err)
ret = -1;
fd = util_open(fullpath, O_WRONLY, 0);
if (fd < 0) {
- if (asprintf(err, "Open %s failed: %s", sysctl, strerror(errno)) < 0) {
+ SYSWARN("Open %s failed", sysctl);
+ if (asprintf(err, "Open %s failed", sysctl) < 0) {
*err = util_strdup_s("Out of memory");
}
goto free_out;
}
rsize = util_write_nointr(fd, buff, strlen(buff));
if (rsize < 0 || (size_t)rsize != strlen(buff)) {
- if (asprintf(err, "Write new value failed: %s", strerror(errno)) < 0) {
+ SYSWARN("Write new value to %s failed", sysctl);
+ if (asprintf(err, "Write new value to %s failed", sysctl) < 0) {
*err = util_strdup_s("Out of memory");
}
goto free_out;
diff --git a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
index ecb7ffbd..daba21e4 100644
--- a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
+++ b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
@@ -497,8 +497,8 @@ void ContainerManagerService::CreateContainerLogSymlink(const std::string &conta
WARN("Deleted previously existing symlink file: %s", path);
}
if (symlink(realPath, path) != 0) {
- error.Errorf("failed to create symbolic link %s to the container log file %s for container %s: %s", path,
- realPath, containerID.c_str(), strerror(errno));
+ SYSERROR("failed to create symbolic link %s to the container log file %s for container %s", path, realPath, containerID.c_str());
+ error.Errorf("failed to create symbolic link %s to the container log file %s for container %s", path, realPath, containerID.c_str());
goto cleanup;
}
} else {
diff --git a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
index d57338c8..41a02c54 100644
--- a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
+++ b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
@@ -429,7 +429,8 @@ void PodSandboxManagerService::ClearCniNetwork(const std::shared_ptr<sandbox::Sa
// umount netns when cni removed network successfully
if (remove_network_namespace(sandboxKey.c_str()) != 0) {
- error.Errorf("Failed to umount directory %s:%s", sandboxKey.c_str(), strerror(errno));
+ SYSERROR("Failed to umount directory %s", sandboxKey.c_str());
+ error.Errorf("Failed to umount directory %s", sandboxKey.c_str());
}
}
diff --git a/src/daemon/executor/network_cb/network_cb.c b/src/daemon/executor/network_cb/network_cb.c
index e4f9ce3f..d0f361d0 100644
--- a/src/daemon/executor/network_cb/network_cb.c
+++ b/src/daemon/executor/network_cb/network_cb.c
@@ -43,7 +43,8 @@ static inline bool network_conflist_lock(enum lock_type type)
nret = pthread_rwlock_wrlock(&g_network_rwlock);
}
if (nret != 0) {
- ERROR("Lock network list failed: %s", strerror(nret));
+ errno = nret;
+ SYSERROR("Lock network list failed");
return false;
}
@@ -56,7 +57,8 @@ static inline void network_conflist_unlock()
nret = pthread_rwlock_unlock(&g_network_rwlock);
if (nret != 0) {
- FATAL("Unlock network list failed: %s", strerror(nret));
+ errno = nret;
+ SYSERROR("Unlock network list failed");
}
}
diff --git a/src/daemon/modules/image/oci/oci_image.c b/src/daemon/modules/image/oci/oci_image.c
index 40e9a88f..4a48016b 100644
--- a/src/daemon/modules/image/oci/oci_image.c
+++ b/src/daemon/modules/image/oci/oci_image.c
@@ -59,7 +59,8 @@ static inline bool oci_remote_lock(pthread_rwlock_t *remote_lock, bool writable)
nret = pthread_rwlock_rdlock(remote_lock);
}
if (nret != 0) {
- ERROR("Lock memory store failed: %s", strerror(nret));
+ errno = nret;
+ SYSERROR("Lock memory store failed");
return false;
}
@@ -72,7 +73,8 @@ static inline void oci_remote_unlock(pthread_rwlock_t *remote_lock)
nret = pthread_rwlock_unlock(remote_lock);
if (nret != 0) {
- FATAL("Unlock memory store failed: %s", strerror(nret));
+ errno = nret;
+ SYSERROR("Unlock memory store failed");
}
}
#endif
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c
index e9adab1a..55e3bb97 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c
+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c
@@ -94,7 +94,8 @@ static inline bool image_store_lock(enum lock_type type)
nret = pthread_rwlock_wrlock(&g_image_store->rwlock);
}
if (nret != 0) {
- ERROR("Lock memory store failed: %s", strerror(nret));
+ errno = nret;
+ SYSERROR("Lock memory store failed");
return false;
}
@@ -107,7 +108,8 @@ static inline void image_store_unlock()
nret = pthread_rwlock_unlock(&g_image_store->rwlock);
if (nret != 0) {
- FATAL("Unlock memory store failed: %s", strerror(nret));
+ errno = nret;
+ SYSERROR("Unlock memory store failed");
}
}
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
index 81e53ea7..4f19c26d 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
@@ -107,8 +107,9 @@ static int handle_dm_min_free_space(char *val, struct device_set *devset)
int ret = util_parse_percent_string(val, &converted);
if (ret != 0 || converted >= 100) {
- ERROR("Invalid min free space: '%s': %s", val, strerror(-ret));
- isulad_set_error_message("Invalid min free space: '%s': %s", val, strerror(-ret));
+ errno = -ret;
+ SYSERROR("Invalid min free space: '%s'", val);
+ isulad_set_error_message("Invalid min free space: '%s'", val);
return -1;
}
devset->min_free_space_percent = (uint32_t)converted;
@@ -122,8 +123,9 @@ static int handle_dm_basesize(char *val, struct device_set *devset)
int ret = util_parse_byte_size_string(val, &converted);
if (ret != 0) {
- ERROR("Invalid size: '%s': %s", val, strerror(-ret));
- isulad_set_error_message("Invalid size: '%s': %s", val, strerror(-ret));
+ errno = -ret;
+ SYSERROR("Invalid size: '%s'", val);
+ isulad_set_error_message("Invalid size: '%s'", val);
return -1;
}
if (converted <= 0) {
@@ -2722,7 +2724,8 @@ static int determine_driver_capabilities(const char *version, struct device_set
ret = util_parse_byte_size_string(tmp_str[0], &major);
if (ret != 0) {
- ERROR("devmapper: invalid size: '%s': %s", tmp_str[0], strerror(-ret));
+ errno = -ret;
+ SYSERROR("devmapper: invalid size: '%s'", tmp_str[0]);
ret = -1;
goto out;
}
@@ -2742,7 +2745,8 @@ static int determine_driver_capabilities(const char *version, struct device_set
ret = util_parse_byte_size_string(tmp_str[1], &minor);
if (ret != 0) {
- ERROR("devmapper: invalid size: '%s': %s", tmp_str[1], strerror(-ret));
+ errno = -ret;
+ SYSERROR("devmapper: invalid size: '%s'", tmp_str[1]);
ret = -1;
goto out;
}
@@ -2915,7 +2919,8 @@ static int parse_storage_opt(const json_map_string_string *opts, uint64_t *size)
ret = util_parse_byte_size_string(opts->values[i], &converted);
if (ret != 0) {
- ERROR("Invalid size: '%s': %s", opts->values[i], strerror(-ret));
+ errno = -ret;
+ SYSERROR("Invalid size: '%s'", opts->values[i]);
ret = -1;
goto out;
}
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c
index b83c63b1..b1790af1 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c
@@ -86,7 +86,8 @@ static inline bool driver_rd_lock()
nret = pthread_rwlock_rdlock(&g_graphdriver->rwlock);
if (nret != 0) {
- ERROR("Lock driver memory store failed: %s", strerror(nret));
+ errno = nret;
+ SYSERROR("Lock driver memory store failed");
return false;
}
@@ -99,7 +100,8 @@ static inline bool driver_wr_lock()
nret = pthread_rwlock_wrlock(&g_graphdriver->rwlock);
if (nret != 0) {
- ERROR("Lock driver memory store failed: %s", strerror(nret));
+ errno = nret;
+ SYSERROR("Lock driver memory store failed");
return false;
}
@@ -112,7 +114,8 @@ static inline void driver_unlock()
nret = pthread_rwlock_unlock(&g_graphdriver->rwlock);
if (nret != 0) {
- FATAL("Unlock driver memory store failed: %s", strerror(nret));
+ errno = nret;
+ SYSERROR("Unlock driver memory store failed");
}
}
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
index b177f594..3b27076c 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
@@ -134,7 +134,8 @@ static int overlay2_parse_options(struct graphdriver *driver, const char **optio
int64_t converted = 0;
ret = util_parse_byte_size_string(val, &converted);
if (ret != 0) {
- ERROR("Invalid size: '%s': %s", val, strerror(-ret));
+ errno = -ret;
+ SYSERROR("Invalid size: '%s'", val);
ret = -1;
goto out;
}
@@ -143,7 +144,8 @@ static int overlay2_parse_options(struct graphdriver *driver, const char **optio
int64_t converted = 0;
ret = util_parse_byte_size_string(val, &converted);
if (ret != 0) {
- ERROR("Invalid size: '%s': %s", val, strerror(-ret));
+ errno = -ret;
+ SYSERROR("Invalid size: '%s'", val);
ret = -1;
goto out;
}
@@ -152,7 +154,8 @@ static int overlay2_parse_options(struct graphdriver *driver, const char **optio
bool converted_bool = 0;
ret = util_str_to_bool(val, &converted_bool);
if (ret != 0) {
- ERROR("Invalid bool: '%s': %s", val, strerror(-ret));
+ errno = -ret;
+ SYSERROR("Invalid bool: '%s'", val);
ret = -1;
goto out;
}
@@ -161,7 +164,8 @@ static int overlay2_parse_options(struct graphdriver *driver, const char **optio
bool converted_bool = 0;
ret = util_str_to_bool(val, &converted_bool);
if (ret != 0) {
- ERROR("Invalid bool: '%s': %s", val, strerror(-ret));
+ errno = -ret;
+ SYSERROR("Invalid bool: '%s'", val);
ret = -1;
goto out;
}
@@ -830,8 +834,9 @@ static int set_layer_quota(const char *dir, const json_map_string_string *opts,
int64_t converted = 0;
ret = util_parse_byte_size_string(opts->values[i], &converted);
if (ret != 0) {
- ERROR("Invalid size: '%s': %s", opts->values[i], strerror(-ret));
- isulad_set_error_message("Invalid quota size: '%s': %s", opts->values[i], strerror(-ret));
+ errno = -ret;
+ SYSERROR("Invalid size: '%s'", opts->values[i]);
+ isulad_set_error_message("Invalid quota size: '%s'", opts->values[i]);
ret = -1;
goto out;
}
diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
index ddf3a62c..8d8384b8 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
@@ -98,7 +98,8 @@ static inline bool layer_store_lock(bool writable)
nret = pthread_rwlock_rdlock(&g_metadata.rwlock);
}
if (nret != 0) {
- ERROR("Lock memory store failed: %s", strerror(nret));
+ errno = nret;
+ SYSERROR("Lock memory store failed");
return false;
}
@@ -111,7 +112,8 @@ static inline void layer_store_unlock()
nret = pthread_rwlock_unlock(&g_metadata.rwlock);
if (nret != 0) {
- FATAL("Unlock memory store failed: %s", strerror(nret));
+ errno = nret;
+ SYSERROR("Unlock memory store failed");
}
}
diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c
index 400678c4..1bac8dd5 100644
--- a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c
+++ b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c
@@ -39,7 +39,8 @@ static inline bool remote_refresh_lock(pthread_rwlock_t *remote_lock, bool writa
nret = pthread_rwlock_rdlock(remote_lock);
}
if (nret != 0) {
- ERROR("Lock memory store failed: %s", strerror(nret));
+ errno = nret;
+ SYSERROR("Lock memory store failed");
return false;
}
@@ -52,7 +53,8 @@ static inline void remote_refresh_unlock(pthread_rwlock_t *remote_lock)
nret = pthread_rwlock_unlock(remote_lock);
if (nret != 0) {
- FATAL("Unlock memory store failed: %s", strerror(nret));
+ errno = nret;
+ SYSERROR("Unlock memory store failed");
}
}
diff --git a/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.c b/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.c
index 1c5d2d84..ee1e15d0 100644
--- a/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.c
+++ b/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.c
@@ -69,7 +69,8 @@ static inline bool rootfs_store_lock(enum lock_type type)
}
if (nret != 0) {
- ERROR("Lock memory store failed: %s", strerror(nret));
+ errno = nret;
+ SYSERROR("Lock memory store failed");
return false;
}
@@ -82,7 +83,8 @@ static inline void rootfs_store_unlock()
nret = pthread_rwlock_unlock(&g_rootfs_store->rwlock);
if (nret != 0) {
- FATAL("Unlock memory store failed: %s", strerror(nret));
+ errno = nret;
+ SYSERROR("Unlock memory store failed");
}
}
diff --git a/src/daemon/modules/image/oci/storage/storage.c b/src/daemon/modules/image/oci/storage/storage.c
index d5e79207..aa442ecf 100644
--- a/src/daemon/modules/image/oci/storage/storage.c
+++ b/src/daemon/modules/image/oci/storage/storage.c
@@ -61,7 +61,8 @@ static inline bool storage_lock(pthread_rwlock_t *store_lock, bool writable)
nret = pthread_rwlock_rdlock(store_lock);
}
if (nret != 0) {
- ERROR("Lock memory store failed: %s", strerror(nret));
+ errno = nret;
+ SYSERROR("Lock memory store failed");
return false;
}
@@ -74,7 +75,8 @@ static inline void storage_unlock(pthread_rwlock_t *store_lock)
nret = pthread_rwlock_unlock(store_lock);
if (nret != 0) {
- FATAL("Unlock memory store failed: %s", strerror(nret));
+ errno = nret;
+ SYSERROR("Unlock memory store failed");
}
}
diff --git a/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_errno.c b/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_errno.c
index efdcfbc7..977f9fbb 100644
--- a/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_errno.c
+++ b/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_errno.c
@@ -30,14 +30,6 @@ const char * const g_INVOKE_ERR_MSGS[] = {
"Success"
};
-const char *get_invoke_err_msg(int errcode)
-{
- if (errcode > (int)INK_ERR_MIN && errcode <= (int)INK_ERR_SUCCESS) {
- return g_INVOKE_ERR_MSGS[errcode - (int)INK_ERR_MIN];
- }
- return strerror(errcode);
-}
-
const char * const g_CNI_WELL_KNOWN_ERR_MSGS[] = {
/* 0 */
"Success",
diff --git a/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_errno.h b/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_errno.h
index 9f63e5f5..236bc6ef 100644
--- a/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_errno.h
+++ b/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_errno.h
@@ -43,8 +43,6 @@ enum CNI_CUSTOM_ERROR {
CUSTOM_ERR_MAX, // max flag
};
-const char *get_invoke_err_msg(int errcode);
-
enum CNI_WELL_KNOW_ERROR {
CNI_ERR_UNKNOW = 0,
CNI_ERR_INCOMPATIBLE_CNI_VERSION,
diff --git a/src/daemon/modules/network/cni_operator/libcni/libcni_cached.c b/src/daemon/modules/network/cni_operator/libcni/libcni_cached.c
index 63ee6e10..17de527e 100644
--- a/src/daemon/modules/network/cni_operator/libcni/libcni_cached.c
+++ b/src/daemon/modules/network/cni_operator/libcni/libcni_cached.c
@@ -276,7 +276,8 @@ int cni_cache_delete(const char *cache_dir, const char *net_name, const struct r
}
if (!util_force_remove_file(file_path, &get_err)) {
- ERROR("Failed to delete %s, error: %s", file_path, strerror(get_err));
+ errno = get_err;
+ SYSERROR("Failed to delete %s.", file_path);
}
free(file_path);
diff --git a/src/daemon/modules/network/native/adaptor_native.c b/src/daemon/modules/network/native/adaptor_native.c
index 8bc386d1..8d403442 100644
--- a/src/daemon/modules/network/native/adaptor_native.c
+++ b/src/daemon/modules/network/native/adaptor_native.c
@@ -86,7 +86,8 @@ static inline bool native_store_lock(enum lock_type type)
nret = pthread_rwlock_wrlock(&g_store.rwlock);
}
if (nret != 0) {
- ERROR("Lock network list failed: %s", strerror(nret));
+ errno = nret;
+ SYSERROR("Lock network list failed");
return false;
}
@@ -99,7 +100,8 @@ static inline void native_store_unlock()
nret = pthread_rwlock_unlock(&g_store.rwlock);
if (nret != 0) {
- FATAL("Unlock network list failed: %s", strerror(nret));
+ errno = nret;
+ SYSERROR("Unlock network list failed");
}
}
@@ -113,7 +115,8 @@ static inline void native_network_lock(enum lock_type type, native_network *netw
nret = pthread_rwlock_wrlock(&network->rwlock);
}
if (nret != 0) {
- ERROR("Lock network list failed: %s", strerror(nret));
+ errno = nret;
+ SYSERROR("Lock network list failed");
}
}
@@ -123,7 +126,8 @@ static inline void native_network_unlock(native_network *network)
nret = pthread_rwlock_unlock(&network->rwlock);
if (nret != 0) {
- FATAL("Unlock network list failed: %s", strerror(nret));
+ errno = nret;
+ SYSERROR("Unlock network list failed");
}
}
@@ -1944,8 +1948,9 @@ int native_config_remove(const char *name, char **res_name)
WARN("Failed to get %s file path", network->conflist->list->name);
isulad_append_error_message("Failed to get %s file path. ", network->conflist->list->name);
} else if (!util_force_remove_file(path, &get_err)) {
- WARN("Failed to delete %s, error: %s", path, strerror(get_err));
- isulad_append_error_message("Failed to delete %s, error: %s. ", path, strerror(get_err));
+ errno = get_err;
+ SYSWARN("Failed to delete %s.", path);
+ isulad_append_error_message("Failed to delete %s.", path);
}
if (!map_remove(g_store.name_to_network, (void *)network->conflist->list->name)) {
diff --git a/src/daemon/modules/plugin/plugin.c b/src/daemon/modules/plugin/plugin.c
index b4d78dc9..c42cfd21 100644
--- a/src/daemon/modules/plugin/plugin.c
+++ b/src/daemon/modules/plugin/plugin.c
@@ -409,7 +409,8 @@ static void pm_rdlock(void)
errcode = pthread_rwlock_rdlock(&g_plugin_manager->pm_rwlock);
if (errcode != 0) {
- ERROR("Read lock failed: %s", strerror(errcode));
+ errno = errcode;
+ SYSERROR("Read lock failed");
}
}
@@ -419,7 +420,8 @@ static void pm_wrlock(void)
errcode = pthread_rwlock_wrlock(&g_plugin_manager->pm_rwlock);
if (errcode != 0) {
- ERROR("Write lock failed: %s", strerror(errcode));
+ errno = errcode;
+ SYSERROR("Write lock failed");
}
}
@@ -429,7 +431,8 @@ static void pm_unlock(void)
errcode = pthread_rwlock_unlock(&g_plugin_manager->pm_rwlock);
if (errcode != 0) {
- ERROR("Unlock failed: %s", strerror(errcode));
+ errno = errcode;
+ SYSERROR("Unlock failed");
}
}
@@ -659,7 +662,8 @@ static void *plugin_manager_routine(void *arg)
errcode = pthread_detach(pthread_self());
if (errcode != 0) {
- ERROR("Detach thread failed: %s", strerror(errcode));
+ errno = errcode;
+ SYSERROR("Detach thread failed");
return NULL;
}
if (pm_init() < 0) {
@@ -716,7 +720,8 @@ static void plugin_rdlock(plugin_t *plugin)
errcode = pthread_rwlock_rdlock(&plugin->lock);
if (errcode != 0) {
- ERROR("Plugin read lock failed: %s", strerror(errcode));
+ errno = errcode;
+ SYSERROR("Plugin read lock failed");
}
}
@@ -726,7 +731,8 @@ static void plugin_wrlock(plugin_t *plugin)
errcode = pthread_rwlock_wrlock(&plugin->lock);
if (errcode != 0) {
- ERROR("Plugin write lock failed: %s", strerror(errcode));
+ errno = errcode;
+ SYSERROR("Plugin write lock failed");
}
}
@@ -736,7 +742,8 @@ static void plugin_unlock(plugin_t *plugin)
errcode = pthread_rwlock_unlock(&plugin->lock);
if (errcode != 0) {
- ERROR("Plugin unlock failed: %s", strerror(errcode));
+ errno = errcode;
+ SYSERROR("Plugin unlock failed");
}
}
@@ -758,7 +765,8 @@ plugin_t *plugin_new(const char *name, const char *addr)
errcode = pthread_rwlock_init(&plugin->lock, NULL);
if (errcode != 0) {
- ERROR("Plugin init lock failed: %s", strerror(errcode));
+ errno = errcode;
+ SYSERROR("Plugin init lock failed");
goto bad;
}
plugin->name = util_strdup_s(name);
diff --git a/src/daemon/modules/service/service_network.c b/src/daemon/modules/service/service_network.c
index 5502bcbd..6754cf1a 100644
--- a/src/daemon/modules/service/service_network.c
+++ b/src/daemon/modules/service/service_network.c
@@ -962,7 +962,7 @@ static int do_update_internal_file(const char *id, const char *file_path,
ret = 0;
} else {
SYSERROR("Failed to write file %s", file_path);
- isulad_set_error_message("Failed to write file %s: %s", file_path, strerror(errno));
+ isulad_set_error_message("Failed to write file %s", file_path);
ret = -1;
}
@@ -1180,7 +1180,7 @@ static int do_drop_internal_file(const char *id, const char *file_path, const de
goto out;
} else {
SYSERROR("Failed to open %s", file_path);
- isulad_set_error_message("Failed to open %s: %s", file_path, strerror(errno));
+ isulad_set_error_message("Failed to open %s", file_path);
ret = -1;
goto out;
}
@@ -1213,7 +1213,7 @@ static int do_drop_internal_file(const char *id, const char *file_path, const de
ret = util_write_file(file_path, str, strlen(str), NETWORK_MOUNT_FILE_MODE);
if (ret != 0) {
SYSERROR("Failed to write file %s", file_path);
- isulad_set_error_message("Failed to write file %s: %s", file_path, strerror(errno));
+ isulad_set_error_message("Failed to write file %s", file_path);
goto out;
}
diff --git a/src/daemon/sandbox/sandbox.cc b/src/daemon/sandbox/sandbox.cc
index d3fc7eea..1723e95e 100644
--- a/src/daemon/sandbox/sandbox.cc
+++ b/src/daemon/sandbox/sandbox.cc
@@ -817,7 +817,8 @@ auto Sandbox::SaveState(Errors &error) -> bool
nret = util_atomic_write_file(path.c_str(), stateJson.c_str(), stateJson.length(), CONFIG_FILE_MODE, false);
if (nret != 0) {
- error.Errorf("Failed to write file %s: %s", path.c_str(), strerror(errno));
+ SYSERROR("Failed to write file %s");
+ error.Errorf("Failed to write file %s", path.c_str());
return false;
}
@@ -834,7 +835,7 @@ auto Sandbox::SaveNetworkSetting(Errors &error) -> bool
false);
if (nret != 0) {
SYSERROR("Failed to write file %s", path.c_str());
- error.Errorf("Failed to write file %s: %s", path.c_str(), strerror(errno));
+ error.Errorf("Failed to write file %s", path.c_str());
return false;
}
@@ -877,7 +878,8 @@ auto Sandbox::SaveMetadata(Errors &error) -> bool
nret = util_atomic_write_file(path.c_str(), metadataJson.c_str(), metadataJson.length(), CONFIG_FILE_MODE, false);
if (nret != 0) {
- error.Errorf("Failed to write file %s: %s", path.c_str(), strerror(errno));
+ SYSERROR("Failed to write file %s", path.c_str());
+ error.Errorf("Failed to write file %s", path.c_str());
return false;
}
return true;
diff --git a/src/utils/cutils/network_namespace.c b/src/utils/cutils/network_namespace.c
index 0e225d9b..c9838104 100644
--- a/src/utils/cutils/network_namespace.c
+++ b/src/utils/cutils/network_namespace.c
@@ -231,7 +231,8 @@ int remove_network_namespace_file(const char *netns_path)
}
if (!util_force_remove_file(netns_path, &get_err)) {
- ERROR("Failed to remove file %s, error: %s", netns_path, strerror(get_err));
+ errno = get_err;
+ SYSERROR("Failed to remove file %s", netns_path);
return -1;
}
diff --git a/src/utils/cutils/utils_file.c b/src/utils/cutils/utils_file.c
index bc22ee95..1a148b0b 100644
--- a/src/utils/cutils/utils_file.c
+++ b/src/utils/cutils/utils_file.c
@@ -1061,7 +1061,9 @@ char *look_path(const char *file, char **err)
if (en == 0) {
return util_strdup_s(file);
}
- if (asprintf(err, "find exec %s : %s", file, strerror(en)) < 0) {
+ errno = en;
+ SYSERROR("find exec %s failed", file);
+ if (asprintf(err, "find exec %s failed", file) < 0) {
*err = util_strdup_s("Out of memory");
}
return NULL;
--
2.25.1

60
0012-fix-hugetlbs-malloc-length.patch
View File

@ -1,60 +0,0 @@
From 069a36a0fbd5202ca6cf0d34550381b3bf1e3eb2 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Sat, 27 May 2023 17:10:55 +0800
Subject: [PATCH 12/15] fix hugetlbs malloc length
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
src/cmd/isulad-shim/common.c | 5 ++++-
src/daemon/modules/service/inspect_container.c | 2 +-
src/utils/cutils/utils.c | 5 ++++-
3 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/src/cmd/isulad-shim/common.c b/src/cmd/isulad-shim/common.c
index 3787cdfb..7fa3c836 100644
--- a/src/cmd/isulad-shim/common.c
+++ b/src/cmd/isulad-shim/common.c
@@ -381,7 +381,10 @@ void util_usleep_nointerupt(unsigned long usec)
void *util_smart_calloc_s(size_t unit_size, size_t count)
{
- if (unit_size == 0) {
+ // If count or size is 0,
+ // then calloc() returns either NULL,
+ // or a unique pointer value that can later be successfully passed to free()
+ if (unit_size == 0 || count == 0) {
return NULL;
}
diff --git a/src/daemon/modules/service/inspect_container.c b/src/daemon/modules/service/inspect_container.c
index b1050bc7..40cf7aa1 100644
--- a/src/daemon/modules/service/inspect_container.c
+++ b/src/daemon/modules/service/inspect_container.c
@@ -751,7 +751,7 @@ static int pack_inspect_resources(const container_t *cont, container_inspect *in
resources->memory = cont->hostconfig->memory;
resources->memory_swap = cont->hostconfig->memory_swap;
resources->hugetlbs = util_smart_calloc_s(sizeof(container_inspect_resources_hugetlbs_element *),
- resources->hugetlbs_len);
+ cont->hostconfig->hugetlbs_len);
if (resources->hugetlbs == NULL) {
ERROR("Out of memory");
ret = -1;
diff --git a/src/utils/cutils/utils.c b/src/utils/cutils/utils.c
index 3500d8f8..103c7c5b 100644
--- a/src/utils/cutils/utils.c
+++ b/src/utils/cutils/utils.c
@@ -253,7 +253,10 @@ int util_sig_parse(const char *sig_name)
void *util_smart_calloc_s(size_t unit_size, size_t count)
{
- if (unit_size == 0) {
+ // If count or size is 0,
+ // then calloc() returns either NULL,
+ // or a unique pointer value that can later be successfully passed to free()
+ if (unit_size == 0 || count == 0) {
return NULL;
}
--
2.25.1

71
0012-use-gmtime_r-to-replace-gmtime.patch Normal file
View File

@ -0,0 +1,71 @@
From ec04faff6fba052b5bb4ed0b090ae441f888ce5c Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Wed, 6 Sep 2023 16:31:19 +0800
Subject: [PATCH 12/32] use gmtime_r to replace gmtime
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
src/utils/cutils/utils_timestamp.c | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
diff --git a/src/utils/cutils/utils_timestamp.c b/src/utils/cutils/utils_timestamp.c
index fee66ea8..8ae9e42a 100644
--- a/src/utils/cutils/utils_timestamp.c
+++ b/src/utils/cutils/utils_timestamp.c
@@ -652,9 +652,9 @@ int64_t util_time_seconds_since(const char *in)
int32_t nanos = 0;
int64_t result = 0;
struct tm tm = { 0 };
- struct tm *currentm = NULL;
struct types_timezone tz = { 0 };
time_t currentime;
+ struct tm result_time = { 0 };
if (in == NULL || !strcmp(in, defaultContainerTime) || !strcmp(in, "-")) {
return 0;
@@ -666,13 +666,12 @@ int64_t util_time_seconds_since(const char *in)
}
time(&currentime);
- currentm = gmtime(&currentime);
- if (currentm == NULL) {
+ if (gmtime_r(&currentime, &result_time) == NULL) {
ERROR("Get time error");
return 0;
}
- result = get_minmus_time(currentm, &tm);
+ result = get_minmus_time(&result_time, &tm);
result = result + (int64_t)tz.hour * 3600 + (int64_t)tz.min * 60;
if (result > 0) {
@@ -871,9 +870,9 @@ int util_time_format_duration(const char *in, char *out, size_t len)
int32_t nanos = 0;
int64_t result = 0;
struct tm tm = { 0 };
- struct tm *currentm = NULL;
struct types_timezone tz = { 0 };
time_t currentime = { 0 };
+ struct tm result_time = { 0 };
if (out == NULL) {
return -1;
@@ -888,13 +887,12 @@ int util_time_format_duration(const char *in, char *out, size_t len)
}
time(&currentime);
- currentm = gmtime(&currentime);
- if (currentm == NULL) {
+ if (gmtime_r(&currentime, &result_time) == NULL) {
ERROR("Get time error");
return -1;
}
- result = get_minmus_time(currentm, &tm);
+ result = get_minmus_time(&result_time, &tm);
result = result + (int64_t)tz.hour * 3600 + (int64_t)tz.min * 60;
if (result < 0 || !time_human_duration(result, out, len)) {
--
2.25.1

25
0013-fix-forget-to-set-return-value.patch
View File

@ -1,25 +0,0 @@
From 165912f5f5a8346613f75ec16c4c5b2aeb7e81e7 Mon Sep 17 00:00:00 2001
From: "Neil.wrz" <wangrunze13@huawei.com>
Date: Sat, 27 May 2023 02:44:46 -0700
Subject: [PATCH 13/15] fix forget to set return value
Signed-off-by: Neil.wrz <wangrunze13@huawei.com>
---
.../image/oci/storage/remote_layer_support/ro_symlink_maintain.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c b/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c
index 2bcc43e6..4d234aab 100644
--- a/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c
+++ b/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c
@@ -135,6 +135,7 @@ static int do_build_ro_dir(const char *home, const char *id)
nret = asprintf(&ro_layer_dir, "%s/%s/%s", home, REMOTE_RO_LAYER_DIR, id);
if (nret < 0 || nret > PATH_MAX) {
+ ret = -1;
SYSERROR("Failed to create ro layer dir path");
goto out;
}
--
2.25.1

72
0013-improve-report-error-message-of-client.patch Normal file
View File

@ -0,0 +1,72 @@
From a446152d676cf5616784e3f8f80dea8fd2ac221a Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Thu, 7 Sep 2023 14:34:01 +0800
Subject: [PATCH 13/32] improve report error message of client
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
src/daemon/executor/container_cb/execution_stream.c | 4 ++--
src/daemon/modules/service/service_container.c | 2 +-
src/utils/tar/isulad_tar.c | 4 ++--
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/daemon/executor/container_cb/execution_stream.c b/src/daemon/executor/container_cb/execution_stream.c
index aae9c234..7db96b19 100644
--- a/src/daemon/executor/container_cb/execution_stream.c
+++ b/src/daemon/executor/container_cb/execution_stream.c
@@ -536,7 +536,7 @@ static container_path_stat *do_container_stat_path(const char *rootpath, const c
nret = lstat(resolvedpath, &st);
if (nret < 0) {
SYSERROR("lstat %s failed.", resolvedpath);
- isulad_set_error_message("lstat %s failed.", resolvedpath);
+ isulad_set_error_message("Check %s failed, get more information from log.", resolvedpath);
goto cleanup;
}
@@ -922,7 +922,7 @@ static int copy_to_container_check_path_valid(const container_t *cont, const cha
nret = lstat(resolvedpath, &st);
if (nret < 0) {
SYSERROR("lstat %s failed", resolvedpath);
- isulad_set_error_message("lstat %s failed", resolvedpath);
+ isulad_set_error_message("Check %s failed, get more information from log.", resolvedpath);
goto cleanup;
}
diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
index 370ba059..83d82201 100644
--- a/src/daemon/modules/service/service_container.c
+++ b/src/daemon/modules/service/service_container.c
@@ -596,7 +596,7 @@ static int valid_mount_point(container_config_v2_common_config_mount_points_elem
if (lstat(mp->source, &st) != 0) {
SYSERROR("lstat %s failed", mp->source);
- isulad_set_error_message("lstat %s failed", mp->source);
+ isulad_set_error_message("Check %s failed, get more information from log.", mp->source);
return -1;
}
diff --git a/src/utils/tar/isulad_tar.c b/src/utils/tar/isulad_tar.c
index bffbb43b..2e61d823 100644
--- a/src/utils/tar/isulad_tar.c
+++ b/src/utils/tar/isulad_tar.c
@@ -192,7 +192,7 @@ struct archive_copy_info *copy_info_source_path(const char *path, bool follow_li
nret = lstat(resolved_path, &st);
if (nret < 0) {
SYSERROR("lstat %s failed", resolved_path);
- format_errorf(err, "lstat %s failed", resolved_path);
+ format_errorf(err, "Check %s failed, get more information from log.", resolved_path);
goto cleanup;
}
@@ -429,7 +429,7 @@ static int tar_resource_rebase(const char *path, const char *rebase, const char
if (lstat(path, &st) < 0) {
SYSERROR("lstat %s failed", path);
- format_errorf(err, "lstat %s failed", path);
+ format_errorf(err, "Check %s failed, get more information from log.", path);
return -1;
}
if (util_split_path_dir_entry(path, &srcdir, &srcbase) < 0) {
--
2.25.1

43
0014-adapt-new-error-message-for-isula-cp.patch Normal file
View File

@ -0,0 +1,43 @@
From aba6d26fe34b3bea5964bca25f081a240312f08b Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Thu, 7 Sep 2023 14:41:48 +0800
Subject: [PATCH 14/32] adapt new error message for isula cp
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
CI/test_cases/container_cases/cp.sh | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/CI/test_cases/container_cases/cp.sh b/CI/test_cases/container_cases/cp.sh
index 7bec9170..e60ccbc2 100755
--- a/CI/test_cases/container_cases/cp.sh
+++ b/CI/test_cases/container_cases/cp.sh
@@ -57,10 +57,10 @@ test_cp_file_from_container()
fi
rm -rf $dstfile
- isula cp $containername:/etc/../etc/passwd/ $cpfiles 2>&1 | grep "Not a directory"
+ isula cp $containername:/etc/../etc/passwd/ $cpfiles 2>&1 | grep "get more information from log"
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to do copy" && ((ret++))
- isula cp $containername:/etc/nonexists $cpfiles 2>&1 | grep "No such file or directory"
+ isula cp $containername:/etc/nonexists $cpfiles 2>&1 | grep "get more information from log"
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to do copy" && ((ret++))
dstfile=$cpfiles/etc
@@ -146,10 +146,10 @@ test_cp_file_to_container()
isula cp /etc/passwd $containername:$cpfiles/nonexists/ 2>&1 | grep "no such directory"
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to do copy" && ((ret++))
- isula cp /etc/passwd $containername:$cpfiles/nonexists/nonexists 2>&1 | grep "No such file or directory"
+ isula cp /etc/passwd $containername:$cpfiles/nonexists/nonexists 2>&1 | grep "get more information from log"
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to do copy" && ((ret++))
- isula cp /etc/nonexists $containername:$cpfiles 2>&1 | grep "No such file or directory"
+ isula cp /etc/nonexists $containername:$cpfiles 2>&1 | grep "get more information from log"
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to do copy" && ((ret++))
rm -rf $dstfile
--
2.25.1

33
0014-ensure-define-in-local-and-use-correctly-type.patch
View File

@ -1,33 +0,0 @@
From 1f71bbfb6ac54d0e8c4c4a4b9cf669301939dc65 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Sat, 27 May 2023 10:18:40 +0800
Subject: [PATCH 14/15] ensure define in local and use correctly type
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
src/cmd/isula/volume/prune.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/cmd/isula/volume/prune.c b/src/cmd/isula/volume/prune.c
index 2a3bca3e..c8d632ed 100644
--- a/src/cmd/isula/volume/prune.c
+++ b/src/cmd/isula/volume/prune.c
@@ -85,7 +85,6 @@ int cmd_volume_prune_main(int argc, const char **argv)
command_t cmd;
char **volumes = NULL;
size_t volumes_len = 0;
- char ch = 'n';
struct command_option options[] = { LOG_OPTIONS(lconf) COMMON_OPTIONS(g_cmd_volume_prune_args)
PRUNE_OPTIONS(g_cmd_volume_prune_args)
};
@@ -113,6 +112,7 @@ int cmd_volume_prune_main(int argc, const char **argv)
}
if (!g_cmd_volume_prune_args.force) {
+ int ch;
printf("WARNING! This will remove all local volumes not used by at least one container.\n");
printf("Are you sure you want to continue? [y/N]");
ch = getchar();
--
2.25.1

58
0015-2182-Add-mutex-for-container-list-in-sandbox.patch Normal file
View File

@ -0,0 +1,58 @@
From dcceff17d6c2e1c97cb18c65260edfd2d6a3a60a Mon Sep 17 00:00:00 2001
From: xuxuepeng <xuxuepeng1@huawei.com>
Date: Tue, 12 Sep 2023 03:20:33 +0000
Subject: [PATCH 15/32] !2182 Add mutex for container list in sandbox * Add
mutex for container list in sandbox
---
src/daemon/sandbox/sandbox.cc | 4 ++++
src/daemon/sandbox/sandbox.h | 1 +
2 files changed, 5 insertions(+)
diff --git a/src/daemon/sandbox/sandbox.cc b/src/daemon/sandbox/sandbox.cc
index 1723e95e..f391e809 100644
--- a/src/daemon/sandbox/sandbox.cc
+++ b/src/daemon/sandbox/sandbox.cc
@@ -131,6 +131,7 @@ auto Sandbox::GetRuntimeHandle() const -> const std::string &
auto Sandbox::GetContainers() -> std::vector<std::string>
{
+ ReadGuard<RWMutex> lock(m_containersMutex);
return m_containers;
}
@@ -394,16 +395,19 @@ void Sandbox::RemoveLabels(const std::string &key)
void Sandbox::AddContainer(const std::string &id)
{
+ WriteGuard<RWMutex> lock(m_containersMutex);
m_containers.push_back(id);
}
void Sandbox::SetConatiners(const std::vector<std::string> &cons)
{
+ WriteGuard<RWMutex> lock(m_containersMutex);
m_containers = cons;
}
void Sandbox::RemoveContainer(const std::string &id)
{
+ WriteGuard<RWMutex> lock(m_containersMutex);
auto it = std::find(m_containers.begin(), m_containers.end(), id);
if (it != m_containers.end()) {
m_containers.erase(it);
diff --git a/src/daemon/sandbox/sandbox.h b/src/daemon/sandbox/sandbox.h
index 0f135e70..89350131 100644
--- a/src/daemon/sandbox/sandbox.h
+++ b/src/daemon/sandbox/sandbox.h
@@ -200,6 +200,7 @@ private:
std::string m_networkSettings;
// container id lists
std::vector<std::string> m_containers;
+ RWMutex m_containersMutex;
// TOOD: m_sandboxConfig is a protobuf message, it can be converted to json string directly
// if save json string directly for sandbox recover, we need to consider hot
// upgrade between different CRI versions
--
2.25.1

72
0015-Revert-the-changes-in-util_smart_calloc_s.patch
View File

@ -1,72 +0,0 @@
From 57ed3f3f177f0ffad972edda4cfec049f87fb153 Mon Sep 17 00:00:00 2001
From: xuxuepeng <xuxuepeng1@huawei.com>
Date: Mon, 29 May 2023 16:19:38 +0800
Subject: [PATCH 15/15] Revert the changes in util_smart_calloc_s
Signed-off-by: xuxuepeng <xuxuepeng1@huawei.com>
---
src/cmd/isulad-shim/common.c | 11 +++++++----
src/utils/cutils/utils.c | 11 +++++++----
2 files changed, 14 insertions(+), 8 deletions(-)
diff --git a/src/cmd/isulad-shim/common.c b/src/cmd/isulad-shim/common.c
index 7fa3c836..fc4f6035 100644
--- a/src/cmd/isulad-shim/common.c
+++ b/src/cmd/isulad-shim/common.c
@@ -381,10 +381,7 @@ void util_usleep_nointerupt(unsigned long usec)
void *util_smart_calloc_s(size_t unit_size, size_t count)
{
- // If count or size is 0,
- // then calloc() returns either NULL,
- // or a unique pointer value that can later be successfully passed to free()
- if (unit_size == 0 || count == 0) {
+ if (unit_size == 0) {
return NULL;
}
@@ -392,6 +389,12 @@ void *util_smart_calloc_s(size_t unit_size, size_t count)
return NULL;
}
+ // If count or size is 0,
+ // then calloc() returns either NULL,
+ // or a unique pointer value that can later be successfully passed to free()
+ // In current linux implementation, if the size for memory allocation is 0,
+ // then a unique pointer value is returned. If the return value is Null pointer,
+ // it means out of memory.
return calloc(count, unit_size);
}
diff --git a/src/utils/cutils/utils.c b/src/utils/cutils/utils.c
index 103c7c5b..1e17853a 100644
--- a/src/utils/cutils/utils.c
+++ b/src/utils/cutils/utils.c
@@ -253,10 +253,7 @@ int util_sig_parse(const char *sig_name)
void *util_smart_calloc_s(size_t unit_size, size_t count)
{
- // If count or size is 0,
- // then calloc() returns either NULL,
- // or a unique pointer value that can later be successfully passed to free()
- if (unit_size == 0 || count == 0) {
+ if (unit_size == 0 ) {
return NULL;
}
@@ -264,6 +261,12 @@ void *util_smart_calloc_s(size_t unit_size, size_t count)
return NULL;
}
+ // If count or size is 0,
+ // then calloc() returns either NULL,
+ // or a unique pointer value that can later be successfully passed to free()
+ // In current linux implementation, if the size for memory allocation is 0,
+ // then a unique pointer value is returned. If the return value is Null pointer,
+ // it means out of memory.
return calloc(count, unit_size);
}
--
2.25.1

54
0016-2180-fix-execlp-not-enough-args.patch Normal file
View File

@ -0,0 +1,54 @@
From e9c0fb3c72bd102f24afe247bb545df210fa9aee Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Tue, 12 Sep 2023 03:55:17 +0000
Subject: [PATCH 16/32] !2180 fix execlp not enough args * fix execlp not
enough args
---
cmake/set_build_flags.cmake | 2 +-
test/fuzz/CMakeLists.txt | 2 +-
test/image/oci/oci_ut_common.cc | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/cmake/set_build_flags.cmake b/cmake/set_build_flags.cmake
index ba250cdc..09c85c65 100644
--- a/cmake/set_build_flags.cmake
+++ b/cmake/set_build_flags.cmake
@@ -3,7 +3,7 @@ set(CMAKE_C_FLAGS "-fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -Wall -fP
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__FILENAME__='\"$(subst ${CMAKE_SOURCE_DIR}/,,$(abspath $<))\"'")
if (GRPC_CONNECTOR)
- set(CMAKE_CXX_FLAGS "-fPIC -std=c++11 -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -Wall -Wno-error=deprecated-declarations")
+ set(CMAKE_CXX_FLAGS "-fPIC -std=c++17 -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -Wall -Wno-error=deprecated-declarations")
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -D__FILENAME__='\"$(subst ${CMAKE_SOURCE_DIR}/,,$(abspath $<))\"'")
endif()
set(CMAKE_SHARED_LINKER_FLAGS "-Wl,-E -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wtrampolines -shared -pthread")
diff --git a/test/fuzz/CMakeLists.txt b/test/fuzz/CMakeLists.txt
index 478a4012..617a168f 100644
--- a/test/fuzz/CMakeLists.txt
+++ b/test/fuzz/CMakeLists.txt
@@ -34,7 +34,7 @@ MESSAGE(STATUS "GCLANG_PP_BINARY is set to ${GCLANG_PP_BINARY}")
SET(CMAKE_C_COMPILER "${GCLANG_BINARY}")
SET(CMAKE_CXX_COMPILER "${GCLANG_PP_BINARY}")
SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -g -O0 --coverage -fsanitize=fuzzer,address -fsanitize-coverage=indirect-calls,trace-cmp,trace-div,trace-gep")
-SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -g -O0 --coverage -std=c++11 -fsanitize=fuzzer,address -fsanitize-coverage=indirect-calls,trace-cmp,trace-div,trace-gep")
+SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -g -O0 --coverage -std=c++17 -fsanitize=fuzzer,address -fsanitize-coverage=indirect-calls,trace-cmp,trace-div,trace-gep")
SET(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
SET(EXE0 test_volume_mount_spec_fuzz)
diff --git a/test/image/oci/oci_ut_common.cc b/test/image/oci/oci_ut_common.cc
index 1158ae85..9fa25d1c 100644
--- a/test/image/oci/oci_ut_common.cc
+++ b/test/image/oci/oci_ut_common.cc
@@ -22,7 +22,7 @@
int execvp_success(const char *file, char * const argv[])
{
- execlp("echo", "echo");
+ execlp("echo", "echo", NULL);
return -1;
}
--
2.25.1

200
0017-2135-modify-incorrect-variable-type.patch Normal file
View File

@ -0,0 +1,200 @@
From e7f21e04b8710ec60045ba26ebdda5ce8a0c0f09 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 28 Aug 2023 06:46:10 +0000
Subject: [PATCH 17/32] !2135 modify incorrect variable type * modify incorrect
variable type
---
src/client/connect/protocol_type.h | 2 +-
src/daemon/modules/image/oci/oci_load.c | 4 ++--
src/daemon/modules/image/oci/registry/registry.c | 12 +++++++-----
.../oci/storage/layer_store/graphdriver/driver.c | 2 +-
.../image/oci/storage/layer_store/layer_store.c | 15 +++++++++------
src/daemon/modules/image/oci/storage/storage.c | 2 +-
src/daemon/modules/image/oci/utils_images.c | 4 ++--
src/daemon/modules/service/service_container.c | 2 +-
8 files changed, 24 insertions(+), 19 deletions(-)
diff --git a/src/client/connect/protocol_type.h b/src/client/connect/protocol_type.h
index 62d27c91..4206c50b 100644
--- a/src/client/connect/protocol_type.h
+++ b/src/client/connect/protocol_type.h
@@ -244,7 +244,7 @@ typedef struct container_events_format {
char *opt;
char *id;
char **annotations;
- char annotations_len;
+ size_t annotations_len;
} container_events_format_t;
typedef void (*container_events_callback_t)(const container_events_format_t *event);
diff --git a/src/daemon/modules/image/oci/oci_load.c b/src/daemon/modules/image/oci/oci_load.c
index 5511a70c..5e062d44 100644
--- a/src/daemon/modules/image/oci/oci_load.c
+++ b/src/daemon/modules/image/oci/oci_load.c
@@ -164,7 +164,7 @@ static void oci_load_free_layer(load_layer_blob_t *l)
static void oci_load_free_image(load_image_t *im)
{
- int i = 0;
+ size_t i = 0;
if (im == NULL) {
return;
@@ -406,7 +406,7 @@ out:
static int check_time_valid(oci_image_spec *conf)
{
- int i = 0;
+ size_t i = 0;
if (!oci_valid_time(conf->created)) {
ERROR("Invalid created time %s", conf->created);
diff --git a/src/daemon/modules/image/oci/registry/registry.c b/src/daemon/modules/image/oci/registry/registry.c
index 5c660bc9..e0b46e2e 100644
--- a/src/daemon/modules/image/oci/registry/registry.c
+++ b/src/daemon/modules/image/oci/registry/registry.c
@@ -655,18 +655,20 @@ static int register_layer(pull_descriptor *desc, size_t i)
static int get_top_layer_index(pull_descriptor *desc, size_t *top_layer_index)
{
- int i = 0;
+ size_t i;
if (desc == NULL || top_layer_index == NULL) {
ERROR("Invalid NULL pointer");
return -1;
}
-
- for (i = desc->layers_len - 1; i >= 0; i--) {
- if (desc->layers[i].empty_layer) {
+ // iterate over the layers array in reverse order, starting from the last layer
+ // since i is an unsigned number, i traverses from layers_len to 1
+ for (i = desc->layers_len; i > 0; i--) {
+ // the corresponding array index is [i - 1]: layers_len - 1 -> 0
+ if (desc->layers[i - 1].empty_layer) {
continue;
}
- *top_layer_index = i;
+ *top_layer_index = i - 1;
return 0;
}
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c
index b1790af1..fc2857b6 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c
@@ -345,7 +345,7 @@ int graphdriver_apply_diff(const char *id, const struct io_read_wrapper *content
container_inspect_graph_driver *graphdriver_get_metadata(const char *id)
{
int ret = -1;
- int i = 0;
+ size_t i = 0;
container_inspect_graph_driver *inspect_driver = NULL;
json_map_string_string *metadata = NULL;
diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
index 8d8384b8..6ea3c48b 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
@@ -747,7 +747,7 @@ out:
static int insert_memory_stores(const char *id, const struct layer_opts *opts, layer_t *l)
{
int ret = 0;
- int i = 0;
+ size_t i = 0;
if (!append_layer_into_list(l)) {
ret = -1;
@@ -788,9 +788,12 @@ clear_compress_digest:
(void)delete_digest_from_map(g_metadata.by_compress_digest, l->slayer->compressed_diff_digest, id);
}
clear_by_name:
- for (i = i - 1; i >= 0; i--) {
- if (!map_remove(g_metadata.by_name, (void *)opts->names[i])) {
- WARN("Remove name: %s failed", opts->names[i]);
+ // iterate over the names in reverse order, starting from the last name
+ // since i is an unsigned number, i traverses from inserted name len to 1
+ for (; i > 0; i--) {
+ // the corresponding array index is [i - 1]: inserted name len - 1 -> 0
+ if (!map_remove(g_metadata.by_name, (void *)opts->names[i - 1])) {
+ WARN("Remove name: %s failed", opts->names[i - 1]);
}
}
if (!map_remove(g_metadata.by_id, (void *)id)) {
@@ -1812,7 +1815,7 @@ void layer_store_exit()
static uint64_t payload_to_crc(char *payload)
{
int ret = 0;
- int i = 0;
+ size_t i = 0;
uint64_t crc = 0;
uint8_t *crc_sums = NULL;
size_t crc_sums_len = 0;
@@ -2232,7 +2235,7 @@ int remote_load_one_layer(const char *id)
{
int ret = 0;
layer_t *tl = NULL;
- int i = 0;
+ size_t i = 0;
if (!layer_store_lock(true)) {
return -1;
diff --git a/src/daemon/modules/image/oci/storage/storage.c b/src/daemon/modules/image/oci/storage/storage.c
index aa442ecf..13f8bb53 100644
--- a/src/daemon/modules/image/oci/storage/storage.c
+++ b/src/daemon/modules/image/oci/storage/storage.c
@@ -1538,7 +1538,7 @@ out:
static bool is_rootfs_layer(const char *layer_id, const struct rootfs_list *all_rootfs)
{
- int j;
+ size_t j;
if (all_rootfs == NULL || layer_id == NULL) {
return false;
diff --git a/src/daemon/modules/image/oci/utils_images.c b/src/daemon/modules/image/oci/utils_images.c
index a233c2b1..2c5656c6 100644
--- a/src/daemon/modules/image/oci/utils_images.c
+++ b/src/daemon/modules/image/oci/utils_images.c
@@ -450,7 +450,7 @@ static char *convert_created_by(image_manifest_v1_compatibility *config)
int add_rootfs_and_history(const layer_blob *layers, size_t layers_len, const registry_manifest_schema1 *manifest,
docker_image_config_v2 *config)
{
- int i = 0;
+ size_t i = 0;
int ret = 0;
size_t history_index = 0;
parser_error err = NULL;
@@ -511,7 +511,7 @@ int add_rootfs_and_history(const layer_blob *layers, size_t layers_len, const re
ret = util_array_append(&config->rootfs->diff_ids, layers[i].diff_id);
if (ret != 0) {
- ERROR("append diff id of layer %u to rootfs failed, diff id is %s", i, layers[i].diff_id);
+ ERROR("append diff id of layer %zu to rootfs failed, diff id is %s", i, layers[i].diff_id);
ret = -1;
goto out;
}
diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
index 83d82201..1fa2559d 100644
--- a/src/daemon/modules/service/service_container.c
+++ b/src/daemon/modules/service/service_container.c
@@ -320,7 +320,6 @@ static int write_env_content(const char *env_path, const char **env, size_t env_
int fd = -1;
size_t i = 0;
ssize_t nret = 0;
- int env_max = 4096;
ret = create_env_path_dir(env_path);
if (ret < 0) {
@@ -335,6 +334,7 @@ static int write_env_content(const char *env_path, const char **env, size_t env_
}
if (env != NULL) {
for (i = 0; i < env_len; i++) {
+ size_t env_max = 4096;
if (strlen(env[i]) > env_max) {
ERROR("Env is too long");
ret = -1;
--
2.25.1

1575
0018-make-sure-the-input-parameter-is-not-empty-and-optim.patch Normal file
View File

File diff suppressed because it is too large Load Diff

332
0019-remove-password-in-url-module-and-clean-sensitive-in.patch Normal file
View File

@ -0,0 +1,332 @@
From 4adc923cfaf25142aa4cbb909d65c0f3a999cc02 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 29 Aug 2023 11:41:26 +0800
Subject: [PATCH 19/32] remove password in url module and clean sensitive info
in struct passwd
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
.../modules/image/image_rootfs_handler.c | 13 +-
src/utils/cpputils/url.cc | 144 +-----------------
src/utils/cpputils/url.h | 19 +--
3 files changed, 15 insertions(+), 161 deletions(-)
diff --git a/src/daemon/modules/image/image_rootfs_handler.c b/src/daemon/modules/image/image_rootfs_handler.c
index 1a3f4307..a8036ab9 100644
--- a/src/daemon/modules/image/image_rootfs_handler.c
+++ b/src/daemon/modules/image/image_rootfs_handler.c
@@ -85,6 +85,7 @@ static int proc_by_fpasswd(FILE *f_passwd, const char *user, defs_process_user *
char buf[BUFSIZ] = { 0 };
struct passwd pw;
struct passwd *pwbufp = NULL;
+ int ret = -1;
if (f_passwd != NULL) {
#if defined (__ANDROID__) || defined(__MUSL__)
@@ -116,7 +117,7 @@ static int proc_by_fpasswd(FILE *f_passwd, const char *user, defs_process_user *
if (errval != 0 && errval != ENOENT) {
ERROR("Failed to parse passwd file: Insufficient buffer space supplied");
isulad_set_error_message("Failed to parse passwd file: Insufficient buffer space supplied");
- return -1;
+ goto out;
}
if (!userfound && user != NULL) {
int uret = util_safe_llong(user, &n_user);
@@ -124,16 +125,20 @@ static int proc_by_fpasswd(FILE *f_passwd, const char *user, defs_process_user *
if (uret != 0) {
ERROR("Unable to find user '%s'", user);
isulad_set_error_message("Unable to find user '%s': no matching entries in passwd file", user);
- return -1;
+ goto out;
}
if (n_user < MINUID || n_user > MAXUID) {
uids_gids_range_err_log();
- return -1;
+ goto out;
}
puser->uid = (uid_t)n_user;
}
+ ret = 0;
- return 0;
+out:
+ memset(buf, 0, sizeof(buf));
+ memset(pwbufp, 0, sizeof(struct passwd));
+ return ret;
}
static int append_additional_gids(gid_t gid, gid_t **additional_gids, size_t *len)
diff --git a/src/utils/cpputils/url.cc b/src/utils/cpputils/url.cc
index 117eba7e..baaded07 100644
--- a/src/utils/cpputils/url.cc
+++ b/src/utils/cpputils/url.cc
@@ -266,12 +266,7 @@ std::string Escape(const std::string &s, const EncodeMode &mode)
UserInfo *User(const std::string &username) noexcept
{
- return new UserInfo { username, "", false };
-}
-
-UserInfo *UserPassword(const std::string &username, const std::string &password) noexcept
-{
- return new UserInfo { username, password, true };
+ return new UserInfo { username };
}
int Getscheme(const std::string &rawurl, std::string &scheme, std::string &path)
@@ -324,24 +319,6 @@ void Split(const std::string &s, const std::string &c, bool cutc, std::string &t
u = s.substr(i, s.size());
}
-URLDatum *Parse(const std::string &rawurl)
-{
- std::string u, frag;
- Split(rawurl, "#", true, u, frag);
- auto *url = Parse(u, false);
- if (url == nullptr) {
- return nullptr;
- }
- if (frag.empty()) {
- return url;
- }
- url->SetFragment(Unescape(frag, EncodeMode::ENCODE_FRAGMENT));
- if (url->GetFragment().empty()) {
- return nullptr;
- }
- return url;
-}
-
int SplitOffPossibleLeading(std::string &scheme, const std::string &rawurl, URLDatum *url, std::string &rest)
{
if (Getscheme(rawurl, scheme, rest) != 0) {
@@ -385,108 +362,6 @@ URLDatum *HandleNonBackslashPrefix(URLDatum *url, const std::string &scheme, con
return nullptr;
}
-int SetURLDatumInfo(URLDatum *url, const std::string &scheme, bool viaRequest, std::string &rest)
-{
- if ((!scheme.empty() || (!viaRequest && rest.substr(0, 3) == "///")) && rest.substr(0, 2) == "//") {
- std::string authority;
- Split(rest.substr(2, rest.size()), "/", false, authority, rest);
- std::string host = url->GetHost();
- UserInfo *user = url->GetUser();
- if (ParseAuthority(authority, &user, host)) {
- return -1;
- }
- url->SetHost(host);
- url->SetUser(user);
- }
- if (url->SetPath(rest)) {
- return -1;
- }
- url->SetScheme(scheme);
- return 0;
-}
-
-URLDatum *Parse(const std::string &rawurl, bool viaRequest)
-{
- if (rawurl.empty() && viaRequest) {
- ERROR("empty url!");
- return nullptr;
- }
- auto *url = new (std::nothrow) URLDatum;
- if (url == nullptr) {
- ERROR("Out of memory");
- return nullptr;
- }
- if (rawurl == "*") {
- url->SetPathWithoutEscape("*");
- return url;
- }
- std::string scheme = url->GetScheme();
- std::string rest;
- if (SplitOffPossibleLeading(scheme, rawurl, url, rest) != 0) {
- return nullptr;
- }
- bool shouldRet = false;
- auto *tmpret = HandleNonBackslashPrefix(url, scheme, rest, viaRequest, shouldRet);
- if (shouldRet) {
- return tmpret;
- }
- if (SetURLDatumInfo(url, scheme, viaRequest, rest) != 0) {
- return nullptr;
- }
- return url;
-}
-
-int ParseAuthority(const std::string &authority, UserInfo **user, std::string &host)
-{
- size_t i = authority.find("@");
- if (i == std::string::npos) {
- if (ParseHost(authority, host) != 0) {
- *user = nullptr;
- host = "";
- return -1;
- }
- } else {
- if (ParseHost(authority.substr(i + 1, authority.size()), host) != 0) {
- *user = nullptr;
- host = "";
- return -1;
- }
- }
- if (i == std::string::npos) {
- *user = nullptr;
- return 0;
- }
-
- std::string userinfo = authority.substr(0, i);
- if (!ValidUserinfo(userinfo)) {
- *user = nullptr;
- host = "";
- ERROR("net/url: invalid userinfo");
- return -1;
- }
- if (userinfo.find(":") == std::string::npos) {
- userinfo = Unescape(userinfo, EncodeMode::ENCODE_USER_PASSWORD);
- if (userinfo.empty()) {
- *user = nullptr;
- host = "";
- return -1;
- }
- *user = User(userinfo);
- } else {
- std::string servername, serverword;
- Split(userinfo, ":", true, servername, serverword);
- servername = Unescape(servername, EncodeMode::ENCODE_USER_PASSWORD);
- serverword = Unescape(serverword, EncodeMode::ENCODE_USER_PASSWORD);
- if (servername.empty() || serverword.empty()) {
- *user = nullptr;
- host = "";
- return -1;
- }
- *user = UserPassword(servername, serverword);
- }
- return 0;
-}
-
int ParseHost(std::string host, std::string &out)
{
if (host.at(0) == '[') {
@@ -756,9 +631,6 @@ std::string UserInfo::String() const
std::string s;
if (!m_username.empty()) {
s = Escape(m_username, EncodeMode::ENCODE_USER_PASSWORD);
- if (m_passwordSet) {
- s += ":" + Escape(m_password, EncodeMode::ENCODE_USER_PASSWORD);
- }
}
return s;
}
@@ -766,11 +638,6 @@ std::string UserInfo::Username() const
{
return m_username;
}
-std::string UserInfo::Password(bool &set) const
-{
- set = m_passwordSet;
- return m_password;
-}
URLDatum::~URLDatum()
{
@@ -860,15 +727,6 @@ bool URLDatum::IsAbs() const
return (m_scheme != "");
}
-std::unique_ptr<URLDatum> URLDatum::UrlParse(const std::string &ref)
-{
- auto *refurl = Parse(ref);
- if (refurl == nullptr) {
- return nullptr;
- }
- return ResolveReference(refurl);
-}
-
std::unique_ptr<URLDatum> URLDatum::ResolveReference(URLDatum *ref)
{
std::unique_ptr<URLDatum> url(new (std::nothrow) URLDatum(*ref));
diff --git a/src/utils/cpputils/url.h b/src/utils/cpputils/url.h
index abbf20f4..3dd40079 100644
--- a/src/utils/cpputils/url.h
+++ b/src/utils/cpputils/url.h
@@ -49,17 +49,13 @@ private:
class UserInfo {
public:
- UserInfo(const std::string &u, const std::string &p, bool b) : m_username(u), m_password(p),
- m_passwordSet(b) {}
+ UserInfo(const std::string &u) : m_username(u) {}
~UserInfo() = default;
std::string String() const;
std::string Username() const;
- std::string Password(bool &set) const;
private:
std::string m_username;
- std::string m_password;
- bool m_passwordSet;
};
class URLDatum {
@@ -69,7 +65,6 @@ public:
std::string EscapedPath();
std::string String();
bool IsAbs() const;
- std::unique_ptr<URLDatum> UrlParse(const std::string &ref);
std::unique_ptr<URLDatum> ResolveReference(URLDatum *ref);
auto Query()->std::map<std::string, std::vector<std::string>>;
std::string RequestURI();
@@ -88,7 +83,7 @@ public:
{
m_opaque = value;
}
- std::string GetOpaque() const
+ std::string GetOpaque() const
{
return m_opaque;
}
@@ -96,7 +91,7 @@ public:
{
m_user = value;
}
- UserInfo *GetUser() const
+ UserInfo *GetUser() const
{
return m_user;
}
@@ -128,7 +123,7 @@ public:
{
m_rawQuery = value;
}
- std::string GetRawQuery() const
+ std::string GetRawQuery() const
{
return m_rawQuery;
}
@@ -136,7 +131,7 @@ public:
{
m_fragment = value;
}
- std::string GetFragment() const
+ std::string GetFragment() const
{
return m_fragment;
}
@@ -163,13 +158,9 @@ std::string QueryUnescape(const std::string &s);
std::string Unescape(std::string s, const EncodeMode &mode);
std::string QueryEscape(const std::string &s);
std::string Escape(const std::string &s, const EncodeMode &mode);
-UserInfo *UserPassword(const std::string &username, const std::string &password) noexcept;
UserInfo *User(const std::string &username) noexcept;
int Getscheme(const std::string &rawurl, std::string &scheme, std::string &path);
void Split(const std::string &s, const std::string &c, bool cutc, std::string &t, std::string &u);
-URLDatum *Parse(const std::string &rawurl);
-URLDatum *Parse(const std::string &rawurl, bool viaRequest);
-int ParseAuthority(const std::string &authority, UserInfo **user, std::string &host);
int ParseHost(std::string host, std::string &out);
bool ValidEncodedPath(const std::string &s);
bool ValidOptionalPort(const std::string &port);
--
2.25.1

447
0020-2153-fix-codecheck.patch Normal file
View File

@ -0,0 +1,447 @@
From d9c60a7309f3616c1d9d0051ba338a8def37a538 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 29 Aug 2023 09:38:53 +0000
Subject: [PATCH 20/32] !2153 fix codecheck * fix codecheck
---
src/daemon/modules/image/embedded/load.c | 2 +-
src/daemon/modules/image/image.c | 4 +-
src/daemon/modules/image/oci/oci_login.h | 2 -
src/daemon/modules/image/oci/oci_logout.h | 2 -
.../oci/storage/image_store/image_store.c | 1 -
.../oci/storage/image_store/image_store.h | 2 -
.../graphdriver/devmapper/deviceset.c | 9 ++-
.../graphdriver/devmapper/deviceset.h | 5 +-
.../graphdriver/devmapper/driver_devmapper.h | 16 ++---
.../graphdriver/devmapper/wrapper_devmapper.h | 2 -
.../storage/layer_store/graphdriver/driver.c | 2 +-
.../storage/layer_store/graphdriver/driver.h | 59 ++++++++-----------
.../graphdriver/overlay2/driver_overlay2.c | 3 -
.../graphdriver/overlay2/driver_overlay2.h | 8 +--
.../graphdriver/quota/project_quota.h | 1 -
.../oci/storage/layer_store/layer_store.h | 4 --
.../overlay_remote_impl.c | 1 -
.../remote_layer_support/remote_support.c | 2 +-
.../remote_layer_support/remote_support.h | 2 +-
.../oci/storage/rootfs_store/rootfs_store.h | 4 --
20 files changed, 46 insertions(+), 85 deletions(-)
diff --git a/src/daemon/modules/image/embedded/load.c b/src/daemon/modules/image/embedded/load.c
index dc2aeba2..92ac42ad 100644
--- a/src/daemon/modules/image/embedded/load.c
+++ b/src/daemon/modules/image/embedded/load.c
@@ -36,7 +36,7 @@ static char *replace_suffix_to_sgn(const char *file)
ERROR("invalid NULL param");
return NULL;
}
- if (sizeof(".sgn") > SIZE_MAX - strlen(file)) {
+ if (strlen(file) > SIZE_MAX - sizeof(".sgn")) {
return NULL;
}
len = strlen(file) + sizeof(".sgn");
diff --git a/src/daemon/modules/image/image.c b/src/daemon/modules/image/image.c
index 408ceea2..a14f2ac3 100644
--- a/src/daemon/modules/image/image.c
+++ b/src/daemon/modules/image/image.c
@@ -784,7 +784,9 @@ int im_merge_image_config(const char *image_type, const char *image_name, contai
int ret = 0;
struct bim *bim = NULL;
- if (container_spec == NULL || image_name == NULL || image_type == NULL) {
+ // there is no need to judge the image name as empty,
+ // because the image name of external type allows it to be empty.
+ if (container_spec == NULL || image_type == NULL) {
ERROR("Invalid input arguments");
ret = -1;
goto out;
diff --git a/src/daemon/modules/image/oci/oci_login.h b/src/daemon/modules/image/oci/oci_login.h
index ab261ebd..acf6eeb6 100644
--- a/src/daemon/modules/image/oci/oci_login.h
+++ b/src/daemon/modules/image/oci/oci_login.h
@@ -15,8 +15,6 @@
#ifndef DAEMON_MODULES_IMAGE_OCI_OCI_LOGIN_H
#define DAEMON_MODULES_IMAGE_OCI_OCI_LOGIN_H
-#include <stdbool.h>
-
#ifdef __cplusplus
extern "C" {
#endif
diff --git a/src/daemon/modules/image/oci/oci_logout.h b/src/daemon/modules/image/oci/oci_logout.h
index 81f0196c..c0a9bb8b 100644
--- a/src/daemon/modules/image/oci/oci_logout.h
+++ b/src/daemon/modules/image/oci/oci_logout.h
@@ -15,8 +15,6 @@
#ifndef DAEMON_MODULES_IMAGE_OCI_OCI_LOGOUT_H
#define DAEMON_MODULES_IMAGE_OCI_OCI_LOGOUT_H
-#include <stdbool.h>
-
#ifdef __cplusplus
extern "C" {
#endif
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c
index b7e0f0cc..f49f4707 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c
+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c
@@ -2123,7 +2123,6 @@ static int pack_repo_digest(char ***old_repo_digests, const char **image_tags, c
}
for (i = 0; i < util_array_len((const char **)*repo_digests); i++) {
- bool value = true;
if (!map_replace(digest_map, (void *)(*repo_digests)[i], &value)) {
ERROR("Failed to insert pair to digest map: %s", (*repo_digests)[i]);
ret = -1;
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.h b/src/daemon/modules/image/oci/storage/image_store/image_store.h
index 019a2881..4544f84b 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_store.h
+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.h
@@ -29,8 +29,6 @@
#include "isula_libutils/imagetool_images_list.h"
#include "isula_libutils/imagetool_image_summary.h"
-struct storage_module_init_options;
-
#ifdef __cplusplus
extern "C" {
#endif
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
index 79541e54..4652c71a 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
@@ -105,7 +105,6 @@ static int handle_dm_min_free_space(char *val, struct device_set *devset)
{
long converted = 0;
int ret = util_parse_percent_string(val, &converted);
-
if (ret != 0 || converted >= 100) {
errno = -ret;
SYSERROR("Invalid min free space: '%s'", val);
@@ -293,7 +292,8 @@ static char *deviceset_meta_file(const struct device_set *devset)
return file;
}
-// get_dm_name return value format:container-253:0-409697-401641a00390ccd2b21eb464f5eb5a7b735c3731b717e7bffafe65971f4cb498
+// get_dm_name return value format:
+// container-253:0-409697-401641a00390ccd2b21eb464f5eb5a7b735c3731b717e7bffafe65971f4cb498
static char *get_dm_name(const struct device_set *devset, const char *hash)
{
int nret = 0;
@@ -312,7 +312,8 @@ static char *get_dm_name(const struct device_set *devset, const char *hash)
return util_strdup_s(buff);
}
-// get_dev_name return value fromat:/dev/mapper/container-253:0-409697-401641a00390ccd2b21eb464f5eb5a7b735c3731b717e7bffafe65971f4cb498
+// get_dev_name return value fromat:
+// /dev/mapper/container-253:0-409697-401641a00390ccd2b21eb464f5eb5a7b735c3731b717e7bffafe65971f4cb498
static char *get_dev_name(const char *name)
{
return util_string_append(name, DEVMAPPER_DECICE_DIRECTORY);
@@ -2351,7 +2352,6 @@ static int setup_base_image(struct device_set *devset)
devmapper_device_info_t *device_info = NULL;
device_info = lookup_device(devset, "base");
-
// base image already exists. If it is initialized properly, do UUID
// verification and return. Otherwise remove image and set it up
// fresh.
@@ -2504,7 +2504,6 @@ static void cleanup_deleted_devices(struct graphdriver *driver)
goto unlock_driver;
}
-
if (driver->devset->nr_deleted_devices == 0) {
DEBUG("devmapper: no devices to delete");
goto unlock_devset;
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.h b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.h
index ec985e40..d7f7d184 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.h
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.h
@@ -23,10 +23,7 @@
#include "driver.h"
#include "metadata_store.h"
-
-struct device_set;
-struct driver_mount_opts;
-struct graphdriver;
+#include "devices_constants.h"
#ifdef __cplusplus
extern "C" {
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.h b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.h
index 9ee020de..dca2d614 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.h
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.h
@@ -16,22 +16,18 @@
#define DAEMON_MODULES_IMAGE_OCI_STORAGE_LAYER_STORE_GRAPHDRIVER_DEVMAPPER_DRIVER_DEVMAPPER_H
#include <pthread.h>
-#include <isula_libutils/imagetool_fs_info.h>
-#include <isula_libutils/json_common.h>
#include <stdbool.h>
#include <stddef.h>
#include <stdint.h>
+#include <isula_libutils/imagetool_fs_info.h>
+#include <isula_libutils/json_common.h>
+#include <isula_libutils/image_devmapper_transaction.h>
+#include <isula_libutils/image_devmapper_deviceset_metadata.h>
#include "driver.h"
#include "map.h"
-#include "isula_libutils/image_devmapper_transaction.h"
-#include "isula_libutils/image_devmapper_deviceset_metadata.h"
-
-struct driver_create_opts;
-struct driver_mount_opts;
-struct graphdriver;
-struct graphdriver_status;
-struct io_read_wrapper;
+#include "image_api.h"
+#include "io_wrapper.h"
#ifdef __cplusplus
extern "C" {
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.h b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.h
index 01771a3b..4b2ae82b 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.h
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.h
@@ -24,8 +24,6 @@
#include "driver.h"
-struct dm_task;
-
#ifdef __cplusplus
extern "C" {
#endif
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c
index fc2857b6..fb549bae 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c
@@ -1,5 +1,5 @@
/******************************************************************************
- * Copyright (c) Huawei Technologies Co., Ltd. 2017-2019. All rights reserved.
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
* iSulad licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.h b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.h
index acd847cc..2fcfa12b 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.h
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.h
@@ -1,5 +1,5 @@
/******************************************************************************
- * Copyright (c) Huawei Technologies Co., Ltd. 2019. All rights reserved.
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
* iSulad licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
@@ -20,25 +20,42 @@
#include <stddef.h>
#include <pthread.h>
#include <isula_libutils/imagetool_fs_info.h>
+#include <isula_libutils/container_inspect.h>
+#include <isula_libutils/json_common.h>
-#include "isula_libutils/container_inspect.h"
-#include "isula_libutils/json_common.h"
#include "io_wrapper.h"
#include "driver_overlay2_types.h"
#include "devices_constants.h"
#include "storage.h"
#include "image_api.h"
-#include "isula_libutils/container_inspect.h"
-
-struct graphdriver_status;
-struct io_read_wrapper;
-struct storage_module_init_options;
#ifdef __cplusplus
extern "C" {
#endif
-struct graphdriver;
+struct graphdriver {
+ // common implement
+ const struct graphdriver_ops *ops;
+ const char *name;
+ const char *home;
+ char *backing_fs;
+ bool support_dtype;
+
+ bool support_quota;
+#ifdef ENABLE_REMOTE_LAYER_STORE
+ bool enable_remote_layer;
+#endif
+ struct pquota_control *quota_ctrl;
+
+ // options for overlay2
+ struct overlay_options *overlay_opts;
+
+ // options for device mapper
+ struct device_set *devset;
+
+ // lock to protect graphdriver between cleanup and other operations
+ pthread_rwlock_t rwlock;
+};
struct driver_create_opts {
char *mount_label;
@@ -81,30 +98,6 @@ struct graphdriver_ops {
int (*get_layer_fs_info)(const char *id, const struct graphdriver *driver, imagetool_fs_info *fs_info);
};
-struct graphdriver {
- // common implement
- const struct graphdriver_ops *ops;
- const char *name;
- const char *home;
- char *backing_fs;
- bool support_dtype;
-
- bool support_quota;
-#ifdef ENABLE_REMOTE_LAYER_STORE
- bool enable_remote_layer;
-#endif
- struct pquota_control *quota_ctrl;
-
- // options for overlay2
- struct overlay_options *overlay_opts;
-
- // options for device mapper
- struct device_set *devset;
-
- // lock to protect graphdriver between cleanup and other operations
- pthread_rwlock_t rwlock;
-};
-
int graphdriver_init(const struct storage_module_init_options *opts);
int graphdriver_create_rw(const char *id, const char *parent, struct driver_create_opts *create_opts);
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
index ced30b96..7517dd43 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
@@ -648,7 +648,6 @@ const static int check_lower_depth(const char *lowers_str)
lowers_arr = util_string_split(lowers_str, ':');
lowers_size = util_array_len((const char **)lowers_arr);
-
if (lowers_size > OVERLAY_LAYER_MAX_DEPTH) {
ERROR("Max depth exceeded %s", lowers_str);
ret = -1;
@@ -1274,7 +1273,6 @@ static int append_rel_empty_path(const char *id, char ***rel_lowers)
char *rel_path = NULL;
rel_path = util_string_append("/empty", id);
-
if (util_array_append(rel_lowers, rel_path) != 0) {
SYSERROR("Can't append relative layer:%s", rel_path);
ret = -1;
@@ -2181,7 +2179,6 @@ int overlay2_repair_lowers(const char *id, const char *parent, const struct grap
lowers_str = read_layer_lower_file(layer_dir);
lowers_arr = util_string_split(lowers_str, ':');
lowers_size = util_array_len((const char **)lowers_arr);
-
if (lowers_size != 0) {
if (check_lower_valid(driver->home, lowers_arr[0]) == 0) {
DEBUG("Try to repair layer %s, success check", id);
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.h b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.h
index 438c508e..444c0670 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.h
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.h
@@ -22,12 +22,8 @@
#include <stdint.h>
#include "driver.h"
-
-struct driver_create_opts;
-struct driver_mount_opts;
-struct graphdriver;
-struct graphdriver_status;
-struct io_read_wrapper;
+#include "image_api.h"
+#include "io_wrapper.h"
#ifdef __cplusplus
extern "C" {
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.h b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.h
index 94230faa..6cda7456 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.h
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.h
@@ -33,7 +33,6 @@
#include <fcntl.h>
#include <stdlib.h>
#include <inttypes.h>
-#include <linux/magic.h>
#include <linux/dqblk_xfs.h>
#include <errno.h>
#include <libgen.h>
diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.h b/src/daemon/modules/image/oci/storage/layer_store/layer_store.h
index 20287119..eba406d4 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.h
+++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.h
@@ -24,10 +24,6 @@
#include "storage.h"
#include "io_wrapper.h"
-struct io_read_wrapper;
-struct layer_list;
-struct storage_module_init_options;
-
#ifdef __cplusplus
extern "C" {
#endif
diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c b/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c
index 38d9b0ce..86e05ac2 100644
--- a/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c
+++ b/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c
@@ -185,7 +185,6 @@ static int remove_one_remote_overlay_layer(struct remote_overlay_data *data, con
}
link_id = (char *)map_search(overlay_id_link, (void *)overlay_id);
-
if (link_id == NULL) {
ERROR("Failed to find link id for overlay layer: %s", overlay_id);
ret = -1;
diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c
index 5bf9869b..eb919321 100644
--- a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c
+++ b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c
@@ -1,5 +1,5 @@
/******************************************************************************
- * Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved.
+ * Copyright (c) Huawei Technologies Co., Ltd. 2023. All rights reserved.
* iSulad licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.h b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.h
index 30e3ebb0..545cbe49 100644
--- a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.h
+++ b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.h
@@ -1,5 +1,5 @@
/******************************************************************************
- * Copyright (c) Huawei Technologies Co., Ltd. 2020-2023. All rights reserved.
+ * Copyright (c) Huawei Technologies Co., Ltd. 2023. All rights reserved.
* iSulad licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
diff --git a/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.h b/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.h
index 63f3294b..d618c401 100644
--- a/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.h
+++ b/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.h
@@ -24,10 +24,6 @@
#include "storage.h"
#include "rootfs.h"
-struct rootfs_list;
-struct storage_module_init_options;
-struct storage_rootfs_options;
-
#ifdef __cplusplus
extern "C" {
#endif
--
2.25.1

25
0021-2157-bugfix-for-memset.patch Normal file
View File

@ -0,0 +1,25 @@
From 14bc12be8e4219a78b877e60affd4f584ccab220 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 29 Aug 2023 13:18:34 +0000
Subject: [PATCH 21/32] !2157 bugfix for memset * bugfix for memset
---
src/daemon/modules/image/image_rootfs_handler.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/daemon/modules/image/image_rootfs_handler.c b/src/daemon/modules/image/image_rootfs_handler.c
index a8036ab9..ceea4f5b 100644
--- a/src/daemon/modules/image/image_rootfs_handler.c
+++ b/src/daemon/modules/image/image_rootfs_handler.c
@@ -137,7 +137,7 @@ static int proc_by_fpasswd(FILE *f_passwd, const char *user, defs_process_user *
out:
memset(buf, 0, sizeof(buf));
- memset(pwbufp, 0, sizeof(struct passwd));
+ memset(&pw, 0, sizeof(struct passwd));
return ret;
}
--
2.25.1

223
0022-2159-use-macros-to-isolate-the-password-option-of-lo.patch Normal file
View File

@ -0,0 +1,223 @@
From 0c0bc7a873cb5377aa0d5587c28d711a09f00811 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 30 Aug 2023 09:56:29 +0000
Subject: [PATCH 22/32] !2159 use macros to isolate the password option of
login and the plugin module * use macros to isolate the password option of
login and the plugin module
---
cmake/options.cmake | 14 ++++++++++
src/cmd/isula/images/login.h | 28 +++++++++++++------
src/cmd/isulad/main.c | 2 ++
.../executor/container_cb/execution_create.c | 2 ++
src/daemon/modules/CMakeLists.txt | 13 +++++++--
src/daemon/modules/api/CMakeLists.txt | 3 ++
.../container/container_events_handler.c | 2 ++
.../modules/service/service_container.c | 4 +++
8 files changed, 57 insertions(+), 11 deletions(-)
diff --git a/cmake/options.cmake b/cmake/options.cmake
index 5fc5c221..e733fd1c 100644
--- a/cmake/options.cmake
+++ b/cmake/options.cmake
@@ -138,6 +138,20 @@ if (ENABLE_NATIVE_NETWORK OR ENABLE_GRPC)
set(ENABLE_NETWORK 1)
endif()
+option(ENABLE_PLUGIN "enable plugin module" OFF)
+if (ENABLE_PLUGIN STREQUAL "ON")
+ add_definitions(-DENABLE_PLUGIN=1)
+ set(ENABLE_PLUGIN 1)
+ message("${Green}-- Enable plugin module${ColourReset}")
+endif()
+
+option(ENABLE_LOGIN_PASSWORD_OPTION "enable login password option" ON)
+if (ENABLE_LOGIN_PASSWORD_OPTION STREQUAL "ON")
+ add_definitions(-DENABLE_LOGIN_PASSWORD_OPTION=1)
+ set(ENABLE_LOGIN_PASSWORD_OPTION 1)
+ message("${Green}-- Enable login password option${ColourReset}")
+endif()
+
option(EANBLE_IMAGE_LIBARAY "create libisulad_image.so" ON)
if (EANBLE_IMAGE_LIBARAY STREQUAL "ON")
add_definitions(-DEANBLE_IMAGE_LIBARAY)
diff --git a/src/cmd/isula/images/login.h b/src/cmd/isula/images/login.h
index 5f9a676c..38829cba 100644
--- a/src/cmd/isula/images/login.h
+++ b/src/cmd/isula/images/login.h
@@ -24,16 +24,28 @@
extern "C" {
#endif
+#ifdef ENABLE_LOGIN_PASSWORD_OPTION
#define LOGIN_OPTIONS(cmdargs) \
- { CMD_OPT_TYPE_STRING_DUP, false, "username", 'u', &(cmdargs).username, "Username", NULL }, \
- { CMD_OPT_TYPE_STRING_DUP, false, "password", 'p', &(cmdargs).password, "Password", NULL }, \
- { CMD_OPT_TYPE_BOOL, \
- false, \
- "password-stdin", \
- 0, \
- &(cmdargs).password_stdin, \
- "Take the password from stdin", \
+ { CMD_OPT_TYPE_STRING_DUP, false, "username", 'u', &(cmdargs).username, "Username", NULL }, \
+ { CMD_OPT_TYPE_STRING_DUP, false, "password", 'p', &(cmdargs).password, "Password", NULL }, \
+ { CMD_OPT_TYPE_BOOL, \
+ false, \
+ "password-stdin", \
+ 0, \
+ &(cmdargs).password_stdin, \
+ "Take the password from stdin", \
NULL },
+#else
+#define LOGIN_OPTIONS(cmdargs) \
+ { CMD_OPT_TYPE_STRING_DUP, false, "username", 'u', &(cmdargs).username, "Username", NULL }, \
+ { CMD_OPT_TYPE_BOOL, \
+ false, \
+ "password-stdin", \
+ 0, \
+ &(cmdargs).password_stdin, \
+ "Take the password from stdin", \
+ NULL },
+#endif
extern const char g_cmd_login_desc[];
extern const char g_cmd_login_usage[];
diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c
index 8369f9e2..4740f91a 100644
--- a/src/cmd/isulad/main.c
+++ b/src/cmd/isulad/main.c
@@ -1685,10 +1685,12 @@ int main(int argc, char **argv)
goto failure;
}
+#ifdef ENABLE_PLUGIN
if (start_plugin_manager()) {
ERROR("Failed to init plugin_manager");
goto failure;
}
+#endif
clock_gettime(CLOCK_MONOTONIC, &t_end);
use_time = (double)(t_end.tv_sec - t_start.tv_sec) * (double)1000000000 + (double)(t_end.tv_nsec - t_start.tv_nsec);
diff --git a/src/daemon/executor/container_cb/execution_create.c b/src/daemon/executor/container_cb/execution_create.c
index 9c097121..377aa1aa 100644
--- a/src/daemon/executor/container_cb/execution_create.c
+++ b/src/daemon/executor/container_cb/execution_create.c
@@ -1499,6 +1499,7 @@ int container_create_cb(const container_create_request *request, container_creat
goto clean_netns;
}
+#ifdef ENABLE_PLUGIN
/* modify oci_spec by plugin. */
if (plugin_event_container_pre_create(id, oci_spec) != 0) {
ERROR("Plugin event pre create failed");
@@ -1506,6 +1507,7 @@ int container_create_cb(const container_create_request *request, container_creat
cc = ISULAD_ERR_EXEC;
goto clean_netns;
}
+#endif
host_channel = dup_host_channel(host_spec->host_channel);
if (prepare_host_channel(host_channel, host_spec->user_remap)) {
diff --git a/src/daemon/modules/CMakeLists.txt b/src/daemon/modules/CMakeLists.txt
index 5d13412b..a70c094f 100644
--- a/src/daemon/modules/CMakeLists.txt
+++ b/src/daemon/modules/CMakeLists.txt
@@ -3,7 +3,6 @@
aux_source_directory(${CMAKE_CURRENT_SOURCE_DIR} modules_top_srcs)
add_subdirectory(runtime)
add_subdirectory(image)
-add_subdirectory(plugin)
add_subdirectory(spec)
add_subdirectory(container)
add_subdirectory(log)
@@ -17,7 +16,6 @@ set(local_modules_srcs
${modules_top_srcs}
${RUNTIME_SRCS}
${IMAGE_SRCS}
- ${PLUGIN_SRCS}
${SPEC_SRCS}
${MANAGER_SRCS}
${LOG_GATHER_SRCS}
@@ -31,7 +29,6 @@ set(local_modules_incs
${CMAKE_CURRENT_SOURCE_DIR}
${RUNTIME_INCS}
${IMAGE_INCS}
- ${PLUGIN_INCS}
${SPEC_INCS}
${MANAGER_INCS}
${LOG_GATHER_INCS}
@@ -42,6 +39,16 @@ set(local_modules_incs
${VOLUME_INCS}
)
+if (ENABLE_PLUGIN)
+ add_subdirectory(plugin)
+ list(APPEND local_modules_srcs
+ ${PLUGIN_SRCS}
+ )
+ list(APPEND local_modules_incs
+ ${PLUGIN_INCS}
+ )
+endif()
+
set(MODULES_SRCS
${local_modules_srcs}
PARENT_SCOPE
diff --git a/src/daemon/modules/api/CMakeLists.txt b/src/daemon/modules/api/CMakeLists.txt
index f577c45f..0735b25a 100644
--- a/src/daemon/modules/api/CMakeLists.txt
+++ b/src/daemon/modules/api/CMakeLists.txt
@@ -9,3 +9,6 @@ set(MODULES_API_INCS
PARENT_SCOPE
)
+if (NOT ENABLE_PLUGIN)
+ list(REMOVE_ITEM MODULES_API_INCS "${CMAKE_CURRENT_SOURCE_DIR}/plugin_api.h")
+endif()
diff --git a/src/daemon/modules/container/container_events_handler.c b/src/daemon/modules/container/container_events_handler.c
index d78e6fc1..d56c2ee0 100644
--- a/src/daemon/modules/container/container_events_handler.c
+++ b/src/daemon/modules/container/container_events_handler.c
@@ -155,7 +155,9 @@ static int container_state_changed(container_t *cont, const struct isulad_events
} else {
container_state_set_stopped(cont->state, (int)events->exit_status);
container_wait_stop_cond_broadcast(cont);
+#ifdef ENABLE_PLUGIN
plugin_event_container_post_stop(cont);
+#endif
}
auto_remove = !should_restart && cont->hostconfig != NULL && cont->hostconfig->auto_remove;
diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
index 1fa2559d..2d393f62 100644
--- a/src/daemon/modules/service/service_container.c
+++ b/src/daemon/modules/service/service_container.c
@@ -807,12 +807,14 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo
open_stdin = cont->common_config->config->open_stdin;
}
+#ifdef ENABLE_PLUGIN
if (plugin_event_container_pre_start(cont)) {
ERROR("Plugin event pre start failed ");
plugin_event_container_post_stop(cont); /* ignore error */
ret = -1;
goto close_exit_fd;
}
+#endif
#ifdef ENABLE_CRI_API_V1
if (cont->common_config->sandbox_info != NULL &&
@@ -1370,7 +1372,9 @@ int delete_container(container_t *cont, bool force)
}
}
+#ifdef ENABLE_PLUGIN
plugin_event_container_post_remove(cont);
+#endif
ret = do_delete_container(cont);
if (ret != 0) {
--
2.25.1

25
0023-2161-bugfix-for-api-cmakelist.patch Normal file
View File

@ -0,0 +1,25 @@
From 6b02ac8055379fa0b907f5ed10c5bd974cade90f Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Thu, 31 Aug 2023 01:55:41 +0000
Subject: [PATCH 23/32] !2161 bugfix for api cmakelist * bugfix for api
cmakelist
---
src/daemon/modules/api/CMakeLists.txt | 4 ----
1 file changed, 4 deletions(-)
diff --git a/src/daemon/modules/api/CMakeLists.txt b/src/daemon/modules/api/CMakeLists.txt
index 0735b25a..357566fa 100644
--- a/src/daemon/modules/api/CMakeLists.txt
+++ b/src/daemon/modules/api/CMakeLists.txt
@@ -8,7 +8,3 @@ set(MODULES_API_INCS
${CMAKE_CURRENT_SOURCE_DIR}
PARENT_SCOPE
)
-
-if (NOT ENABLE_PLUGIN)
- list(REMOVE_ITEM MODULES_API_INCS "${CMAKE_CURRENT_SOURCE_DIR}/plugin_api.h")
-endif()
--
2.25.1

140
0024-2165-preventing-the-use-of-insecure-isulad-tmpdir-di.patch Normal file
View File

@ -0,0 +1,140 @@
From 64f94112728f35ee76d56fa4cf6dc41bd5cd5d33 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sat, 2 Sep 2023 08:56:38 +0000
Subject: [PATCH 24/32] !2165 preventing the use of insecure isulad tmpdir
directory * preventing the use of insecure isulad tmpdir directory
---
src/common/constants.h | 2 +
.../container/leftover_cleanup/cleanup.c | 66 ++++++++++++++++++-
src/daemon/modules/image/oci/utils_images.c | 10 +++
3 files changed, 77 insertions(+), 1 deletion(-)
diff --git a/src/common/constants.h b/src/common/constants.h
index d93bb464..c0417263 100644
--- a/src/common/constants.h
+++ b/src/common/constants.h
@@ -50,6 +50,8 @@ extern "C" {
#define TEMP_DIRECTORY_MODE 0700
+#define ISULAD_TEMP_DIRECTORY_MODE 0660
+
#define CONSOLE_FIFO_DIRECTORY_MODE 0770
#define SOCKET_GROUP_DIRECTORY_MODE 0660
diff --git a/src/daemon/modules/container/leftover_cleanup/cleanup.c b/src/daemon/modules/container/leftover_cleanup/cleanup.c
index 9a38ffc2..f24ec467 100644
--- a/src/daemon/modules/container/leftover_cleanup/cleanup.c
+++ b/src/daemon/modules/container/leftover_cleanup/cleanup.c
@@ -13,6 +13,8 @@
* Description: provide cleanup functions
*********************************************************************************/
#include <sys/mount.h>
+#include <sys/stat.h>
+#include <unistd.h>
#include "utils.h"
#include "utils_fs.h"
@@ -169,6 +171,67 @@ static bool walk_isulad_tmpdir_cb(const char *path_name, const struct dirent *su
return true;
}
+static int isulad_tmpdir_security_check(const char *tmpdir)
+{
+ struct stat st = { 0 };
+
+ if (lstat(tmpdir, &st) != 0) {
+ SYSERROR("Failed to lstat %s", tmpdir);
+ return -1;
+ }
+
+ if (!S_ISDIR(st.st_mode)) {
+ return -1;
+ }
+
+ if ((st.st_mode & 0777) != ISULAD_TEMP_DIRECTORY_MODE) {
+ return -1;
+ }
+
+ if (st.st_uid != 0) {
+ return -1;
+ }
+
+ if (S_ISLNK(st.st_mode)) {
+ return -1;
+ }
+
+ return 0;
+}
+
+static int recreate_tmpdir(const char *tmpdir)
+{
+ int ret;
+ struct stat st = { 0 };
+
+ if (util_recursive_rmdir(tmpdir, 0)) {
+ ERROR("Failed to remove directory %s", tmpdir);
+ return -1;
+ }
+
+ if (util_mkdir_p(tmpdir, ISULAD_TEMP_DIRECTORY_MODE)) {
+ ERROR("Failed to create directory %s", tmpdir);
+ return -1;
+ }
+
+ if (lstat(tmpdir, &st) != 0) {
+ SYSERROR("Failed to lstat %s", tmpdir);
+ return -1;
+ }
+
+ return ret;
+}
+
+static int ensure_isulad_tmpdir_security(const char *tmpdir)
+{
+ if (isulad_tmpdir_security_check(tmpdir) == 0) {
+ return 0;
+ }
+
+ INFO("iSulad tmpdir does not meet security requirements, recreate it");
+ return recreate_tmpdir(tmpdir);
+}
+
static void cleanup_path(char *dir)
{
int nret;
@@ -186,7 +249,8 @@ static void cleanup_path(char *dir)
return;
}
- if (!util_dir_exists(cleanpath)) {
+ // preventing the use of insecure isulad tmpdir directory
+ if (ensure_isulad_tmpdir_security(cleanpath) != 0) {
return;
}
diff --git a/src/daemon/modules/image/oci/utils_images.c b/src/daemon/modules/image/oci/utils_images.c
index f8fd1e73..4342db5b 100644
--- a/src/daemon/modules/image/oci/utils_images.c
+++ b/src/daemon/modules/image/oci/utils_images.c
@@ -630,6 +630,16 @@ int makesure_isulad_tmpdir_perm_right(const char *root_dir)
goto out;
}
+ if ((st.st_mode & 0777) != TEMP_DIRECTORY_MODE) {
+ ret = -1;
+ goto out;
+ }
+
+ if (S_ISLNK(st.st_mode)) {
+ ret = -1;
+ goto out;
+ }
+
// chown to root
ret = lchown(isulad_tmpdir, 0, 0);
if (ret == 0 || (ret == EPERM && st.st_uid == 0 && st.st_gid == 0)) {
--
2.25.1

238
0025-2166-move-ensure_isulad_tmpdir_security-function-to-.patch Normal file
View File

@ -0,0 +1,238 @@
From c2af7f7d7f6b0f1aaa884204a037e8275092121a Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sat, 2 Sep 2023 10:38:29 +0000
Subject: [PATCH 25/32] !2166 move ensure_isulad_tmpdir_security function to
main.c * move ensure_isulad_tmpdir_security function to main.c
---
src/cmd/isulad/main.c | 101 ++++++++++++++++++
.../container/leftover_cleanup/cleanup.c | 66 +-----------
src/utils/tar/util_archive.c | 2 +-
3 files changed, 103 insertions(+), 66 deletions(-)
diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c
index 4740f91a..e32fed6a 100644
--- a/src/cmd/isulad/main.c
+++ b/src/cmd/isulad/main.c
@@ -1222,6 +1222,101 @@ out:
return ret;
}
+static int isulad_tmpdir_security_check(const char *tmp_dir)
+{
+ struct stat st = { 0 };
+
+ if (lstat(tmp_dir, &st) != 0) {
+ SYSERROR("Failed to lstat %s", tmp_dir);
+ return -1;
+ }
+
+ if (!S_ISDIR(st.st_mode)) {
+ return -1;
+ }
+
+ if ((st.st_mode & 0777) != ISULAD_TEMP_DIRECTORY_MODE) {
+ return -1;
+ }
+
+ if (st.st_uid != 0) {
+ return -1;
+ }
+
+ if (S_ISLNK(st.st_mode)) {
+ return -1;
+ }
+
+ return 0;
+}
+
+static int recreate_tmpdir(const char *tmp_dir)
+{
+ if (util_recursive_rmdir(tmp_dir, 0) != 0) {
+ ERROR("Failed to remove directory %s", tmp_dir);
+ return -1;
+ }
+
+ if (util_mkdir_p(tmp_dir, ISULAD_TEMP_DIRECTORY_MODE) != 0) {
+ ERROR("Failed to create directory %s", tmp_dir);
+ return -1;
+ }
+
+ return 0;
+}
+
+static int do_ensure_isulad_tmpdir_security(const char *isulad_tmp_dir)
+{
+ int nret;
+ char tmp_dir[PATH_MAX] = { 0 };
+ char cleanpath[PATH_MAX] = { 0 };
+
+ nret = snprintf(tmp_dir, PATH_MAX, "%s/isulad_tmpdir", isulad_tmp_dir);
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
+ ERROR("Failed to snprintf");
+ return -1;
+ }
+
+ if (util_clean_path(tmp_dir, cleanpath, sizeof(cleanpath)) == NULL) {
+ ERROR("Failed to clean path for %s", tmp_dir);
+ return -1;
+ }
+
+ if (isulad_tmpdir_security_check(cleanpath) == 0) {
+ return 0;
+ }
+
+ INFO("iSulad tmpdir: %s does not meet security requirements, recreate it", isulad_tmp_dir);
+ return recreate_tmpdir(cleanpath);
+}
+
+static int ensure_isulad_tmpdir_security()
+{
+ char *isulad_tmp_dir = NULL;
+
+ isulad_tmp_dir = getenv("ISULAD_TMPDIR");
+ if (!util_valid_str(isulad_tmp_dir)) {
+ isulad_tmp_dir = "/tmp";
+ }
+
+ if (do_ensure_isulad_tmpdir_security(isulad_tmp_dir) != 0) {
+ ERROR("Failed to ensure the %s directory is a safe directory", isulad_tmp_dir);
+ return -1;
+ }
+
+ if (strcmp(isulad_tmp_dir, "/tmp") == 0) {
+ return 0;
+ }
+
+ // No matter whether ISULAD_TMPDIR is set or not,
+ // ensure the "/tmp" directory is a safe directory
+ if (do_ensure_isulad_tmpdir_security("/tmp") != 0) {
+ WARN("Failed to ensure the /tmp directory is a safe directory");
+ }
+
+ return 0;
+}
+
static int isulad_server_init_common()
{
int ret = -1;
@@ -1261,6 +1356,12 @@ static int isulad_server_init_common()
goto out;
}
+ // preventing the use of insecure isulad tmpdir directory
+ if (ensure_isulad_tmpdir_security() != 0) {
+ ERROR("Failed to ensure isulad tmpdir security");
+ goto out;
+ }
+
if (volume_init(args->json_confs->graph) != 0) {
ERROR("Failed to init volume");
goto out;
diff --git a/src/daemon/modules/container/leftover_cleanup/cleanup.c b/src/daemon/modules/container/leftover_cleanup/cleanup.c
index f24ec467..9a38ffc2 100644
--- a/src/daemon/modules/container/leftover_cleanup/cleanup.c
+++ b/src/daemon/modules/container/leftover_cleanup/cleanup.c
@@ -13,8 +13,6 @@
* Description: provide cleanup functions
*********************************************************************************/
#include <sys/mount.h>
-#include <sys/stat.h>
-#include <unistd.h>
#include "utils.h"
#include "utils_fs.h"
@@ -171,67 +169,6 @@ static bool walk_isulad_tmpdir_cb(const char *path_name, const struct dirent *su
return true;
}
-static int isulad_tmpdir_security_check(const char *tmpdir)
-{
- struct stat st = { 0 };
-
- if (lstat(tmpdir, &st) != 0) {
- SYSERROR("Failed to lstat %s", tmpdir);
- return -1;
- }
-
- if (!S_ISDIR(st.st_mode)) {
- return -1;
- }
-
- if ((st.st_mode & 0777) != ISULAD_TEMP_DIRECTORY_MODE) {
- return -1;
- }
-
- if (st.st_uid != 0) {
- return -1;
- }
-
- if (S_ISLNK(st.st_mode)) {
- return -1;
- }
-
- return 0;
-}
-
-static int recreate_tmpdir(const char *tmpdir)
-{
- int ret;
- struct stat st = { 0 };
-
- if (util_recursive_rmdir(tmpdir, 0)) {
- ERROR("Failed to remove directory %s", tmpdir);
- return -1;
- }
-
- if (util_mkdir_p(tmpdir, ISULAD_TEMP_DIRECTORY_MODE)) {
- ERROR("Failed to create directory %s", tmpdir);
- return -1;
- }
-
- if (lstat(tmpdir, &st) != 0) {
- SYSERROR("Failed to lstat %s", tmpdir);
- return -1;
- }
-
- return ret;
-}
-
-static int ensure_isulad_tmpdir_security(const char *tmpdir)
-{
- if (isulad_tmpdir_security_check(tmpdir) == 0) {
- return 0;
- }
-
- INFO("iSulad tmpdir does not meet security requirements, recreate it");
- return recreate_tmpdir(tmpdir);
-}
-
static void cleanup_path(char *dir)
{
int nret;
@@ -249,8 +186,7 @@ static void cleanup_path(char *dir)
return;
}
- // preventing the use of insecure isulad tmpdir directory
- if (ensure_isulad_tmpdir_security(cleanpath) != 0) {
+ if (!util_dir_exists(cleanpath)) {
return;
}
diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c
index 82194654..82e940a5 100644
--- a/src/utils/tar/util_archive.c
+++ b/src/utils/tar/util_archive.c
@@ -220,7 +220,7 @@ static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, ch
}
// ensure parent dir is exist
- if (util_mkdir_p(cleanpath, buf.st_mode) != 0) {
+ if (util_mkdir_p(cleanpath, ISULAD_TEMP_DIRECTORY_MODE) != 0) {
return -1;
}
--
2.25.1

110
0026-2169-using-macros-to-isolate-isulad-s-enable_plugin-.patch Normal file
View File

@ -0,0 +1,110 @@
From 4e6473570e3a5cd59585818216218a7a512790a5 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 4 Sep 2023 08:45:55 +0000
Subject: [PATCH 26/32] !2169 using macros to isolate isulad's enable_plugin
configuration option * using macros to isolate isulad's enable_plugin
configuration option
---
src/cmd/isulad/isulad_commands.h | 15 +++++++++++----
src/common/constants.h | 2 ++
src/daemon/config/isulad_config.c | 4 ++++
src/daemon/config/isulad_config.h | 2 ++
4 files changed, 19 insertions(+), 4 deletions(-)
diff --git a/src/cmd/isulad/isulad_commands.h b/src/cmd/isulad/isulad_commands.h
index 6a8220cc..05d3551c 100644
--- a/src/cmd/isulad/isulad_commands.h
+++ b/src/cmd/isulad/isulad_commands.h
@@ -78,6 +78,16 @@ int command_default_ulimit_append(command_option_t *option, const char *arg);
#define USERNS_REMAP_OPT(cmdargs)
#endif
+#ifdef ENABLE_PLUGIN
+#define PLUGINS_OPT(cmdargs) \
+ { CMD_OPT_TYPE_STRING_DUP, \
+ false, "enable-plugins", 0, &(cmdargs)->json_confs->enable_plugins, \
+ "Enable plugins for all containers", NULL \
+ },
+#else
+#define PLUGINS_OPT(cmdargs)
+#endif
+
#ifdef ENABLE_GRPC_REMOTE_CONNECT
#define ISULAD_TLS_OPTIONS(cmdargs) \
{ CMD_OPT_TYPE_STRING_DUP, \
@@ -326,10 +336,7 @@ int command_default_ulimit_append(command_option_t *option, const char *arg);
false, "cpu-rt-runtime", 0, &(cmdargs)->json_confs->cpu_rt_runtime, \
"Limit CPU real-time runtime in microseconds for all containers", command_convert_llong \
}, \
- { CMD_OPT_TYPE_STRING_DUP, \
- false, "enable-plugins", 0, &(cmdargs)->json_confs->enable_plugins, \
- "Enable plugins for all containers", NULL \
- }, \
+ PLUGINS_OPT(cmdargs) \
{ CMD_OPT_TYPE_CALLBACK, \
false, "cri-runtime", 0, (cmdargs), \
"CRI runtime class transform", server_callback_cri_runtime \
diff --git a/src/common/constants.h b/src/common/constants.h
index c0417263..f98fb930 100644
--- a/src/common/constants.h
+++ b/src/common/constants.h
@@ -134,9 +134,11 @@ extern "C" {
#define AUTH_PLUGIN "authz-broker"
+#ifdef ENABLE_PLUGIN
#define ISULAD_ENABLE_PLUGINS "ISULAD_ENABLE_PLUGINS"
#define ISULAD_ENABLE_PLUGINS_SEPERATOR ","
#define ISULAD_ENABLE_PLUGINS_SEPERATOR_CHAR ','
+#endif
#ifdef ENABLE_NETWORK
#define ISULAD_CNI_NETWORK_CONF_FILE_PRE "isulacni-"
diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c
index f600f0cf..72722c30 100644
--- a/src/daemon/config/isulad_config.c
+++ b/src/daemon/config/isulad_config.c
@@ -1253,6 +1253,7 @@ out:
return result;
}
+#ifdef ENABLE_PLUGIN
char *conf_get_enable_plugins(void)
{
struct service_arguments *conf = NULL;
@@ -1274,6 +1275,7 @@ out:
(void)isulad_server_conf_unlock();
return plugins;
}
+#endif
#ifdef ENABLE_USERNS_REMAP
char *conf_get_isulad_userns_remap(void)
@@ -1739,7 +1741,9 @@ int merge_json_confs_into_global(struct service_arguments *args)
override_string_value(&args->json_confs->pidfile, &tmp_json_confs->pidfile);
// iSulad runtime execution options
override_string_value(&args->json_confs->hook_spec, &tmp_json_confs->hook_spec);
+#ifdef ENABLE_PLUGIN
override_string_value(&args->json_confs->enable_plugins, &tmp_json_confs->enable_plugins);
+#endif
#ifdef ENABLE_USERNS_REMAP
override_string_value(&args->json_confs->userns_remap, &tmp_json_confs->userns_remap);
#endif
diff --git a/src/daemon/config/isulad_config.h b/src/daemon/config/isulad_config.h
index 4fe1acdc..459ea331 100644
--- a/src/daemon/config/isulad_config.h
+++ b/src/daemon/config/isulad_config.h
@@ -60,7 +60,9 @@ int conf_get_container_log_opts(isulad_daemon_configs_container_log **opts);
char *conf_get_isulad_log_file(void);
char *conf_get_engine_log_file(void);
+#ifdef ENABLE_PLUGIN
char *conf_get_enable_plugins(void);
+#endif
#ifdef ENABLE_USERNS_REMAP
char *conf_get_isulad_userns_remap(void);
#endif
--
2.25.1

87
0027-2178-clean-path-for-fpath-and-verify-chain-id.patch Normal file
View File

@ -0,0 +1,87 @@
From 6dcde807f5bba8ff1aa7d049856f3eddd4b0586f Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sat, 9 Sep 2023 06:48:39 +0000
Subject: [PATCH 27/32] !2178 clean path for fpath and verify chain id Merge
pull request !2178 from zhongtao/image
---
src/daemon/modules/image/oci/oci_load.c | 30 +++++++++++++++++--
.../modules/image/oci/registry/registry.c | 2 +-
2 files changed, 28 insertions(+), 4 deletions(-)
diff --git a/src/daemon/modules/image/oci/oci_load.c b/src/daemon/modules/image/oci/oci_load.c
index 569c5346..fd707330 100644
--- a/src/daemon/modules/image/oci/oci_load.c
+++ b/src/daemon/modules/image/oci/oci_load.c
@@ -27,8 +27,10 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
+#include <linux/limits.h>
#include "utils.h"
+#include "path.h"
#include "isula_libutils/log.h"
#include "util_archive.h"
#include "storage.h"
@@ -717,6 +719,9 @@ static int oci_load_set_layers_info(load_image_t *im, const image_manifest_items
}
for (; i < conf->rootfs->diff_ids_len; i++) {
+ char *fpath = NULL;
+ char cleanpath[PATH_MAX] = { 0 };
+
im->layers[i] = util_common_calloc_s(sizeof(load_layer_blob_t));
if (im->layers[i] == NULL) {
ERROR("Out of memory");
@@ -724,12 +729,31 @@ static int oci_load_set_layers_info(load_image_t *im, const image_manifest_items
goto out;
}
- im->layers[i]->fpath = util_path_join(dstdir, manifest->layers[i]);
- if (im->layers[i]->fpath == NULL) {
- ERROR("Path join failed");
+ fpath = util_path_join(dstdir, manifest->layers[i]);
+ if (fpath == NULL) {
+ ERROR("Failed to join path");
+ ret = -1;
+ goto out;
+ }
+
+ if (util_clean_path(fpath, cleanpath, sizeof(cleanpath)) == NULL) {
+ ERROR("Failed to clean path for %s", fpath);
+ free(fpath);
+ ret = -1;
+ goto out;
+ }
+
+ free(fpath);
+
+ // verify whether the prefix of the path is dstdir to prevent illegal directories
+ if (strncmp(cleanpath, dstdir, strlen(dstdir)) != 0) {
+ ERROR("Illegal directory: %s", cleanpath);
ret = -1;
goto out;
}
+
+ im->layers[i]->fpath = util_strdup_s(cleanpath);
+
// The format is sha256:xxx
im->layers[i]->chain_id = oci_load_calc_chain_id(parent_chain_id_sha256, conf->rootfs->diff_ids[i]);
if (im->layers[i]->chain_id == NULL) {
diff --git a/src/daemon/modules/image/oci/registry/registry.c b/src/daemon/modules/image/oci/registry/registry.c
index e0b46e2e..35753c79 100644
--- a/src/daemon/modules/image/oci/registry/registry.c
+++ b/src/daemon/modules/image/oci/registry/registry.c
@@ -600,7 +600,7 @@ static int register_layer(pull_descriptor *desc, size_t i)
return 0;
}
- id = util_without_sha256_prefix(desc->layers[i].chain_id);
+ id = oci_image_id_from_digest(desc->layers[i].chain_id);
if (id == NULL) {
ERROR("layer %zu have NULL digest for image %s", i, desc->image_name);
return -1;
--
2.25.1

35
0028-2179-modify-the-permissions-of-tmpdir-and-file-lock-.patch Normal file
View File

@ -0,0 +1,35 @@
From a291302fe12e21207c30ebffebf852cb37aface4 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sat, 9 Sep 2023 08:11:06 +0000
Subject: [PATCH 28/32] !2179 modify the permissions of tmpdir and file lock to
600 Merge pull request !2179 from zhongtao/mode
---
src/common/constants.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/common/constants.h b/src/common/constants.h
index f98fb930..caf9b793 100644
--- a/src/common/constants.h
+++ b/src/common/constants.h
@@ -50,7 +50,7 @@ extern "C" {
#define TEMP_DIRECTORY_MODE 0700
-#define ISULAD_TEMP_DIRECTORY_MODE 0660
+#define ISULAD_TEMP_DIRECTORY_MODE 0600
#define CONSOLE_FIFO_DIRECTORY_MODE 0770
@@ -70,7 +70,7 @@ extern "C" {
#define DEFAULT_HIGHEST_DIRECTORY_MODE 0755
-#define MOUNT_FLOCK_FILE_MODE 0660
+#define MOUNT_FLOCK_FILE_MODE 0600
#define ISULAD_CONFIG SYSCONFDIR_PREFIX"/etc/isulad"
--
2.25.1

202
0029-image-ensure-id-of-loaded-and-pulled-image-is-valid.patch Normal file
View File

@ -0,0 +1,202 @@
From 460c943125d9eca7cb4259d42c6c008a709e9dbe Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Wed, 23 Aug 2023 15:42:42 +0800
Subject: [PATCH 29/32] [image] ensure id of loaded and pulled image is valid
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
src/daemon/modules/image/oci/oci_import.c | 14 ++++++++++---
src/daemon/modules/image/oci/oci_load.c | 21 ++++++-------------
.../modules/image/oci/registry/registry.c | 8 ++++++-
src/daemon/modules/image/oci/utils_images.c | 17 ++++++++++++++-
src/daemon/modules/image/oci/utils_images.h | 3 +++
src/utils/cutils/utils.h | 2 --
src/utils/sha256/sha256.c | 1 -
7 files changed, 43 insertions(+), 23 deletions(-)
diff --git a/src/daemon/modules/image/oci/oci_import.c b/src/daemon/modules/image/oci/oci_import.c
index 1e14a916..0568c23f 100644
--- a/src/daemon/modules/image/oci/oci_import.c
+++ b/src/daemon/modules/image/oci/oci_import.c
@@ -93,7 +93,7 @@ static int register_layer(import_desc *desc)
return -1;
}
- id = util_without_sha256_prefix(desc->uncompressed_digest);
+ id = oci_image_id_from_digest(desc->uncompressed_digest);
if (id == NULL) {
ERROR("Invalid NULL param");
return -1;
@@ -315,8 +315,16 @@ static int register_image(import_desc *desc)
opts.create_time = &desc->now_time;
opts.digest = desc->manifest_digest;
- image_id = util_without_sha256_prefix(desc->config_digest);
- top_layer_id = util_without_sha256_prefix(desc->uncompressed_digest);
+ image_id = oci_image_id_from_digest(desc->config_digest);
+ if (image_id == NULL) {
+ ret = -1;
+ goto out;
+ }
+ top_layer_id = oci_image_id_from_digest(desc->uncompressed_digest);
+ if (top_layer_id == NULL) {
+ ret = -1;
+ goto out;
+ }
ret = storage_img_create(image_id, top_layer_id, NULL, &opts);
if (ret != 0) {
pre_top_layer = storage_get_img_top_layer(image_id);
diff --git a/src/daemon/modules/image/oci/oci_load.c b/src/daemon/modules/image/oci/oci_load.c
index fd707330..31ae3849 100644
--- a/src/daemon/modules/image/oci/oci_load.c
+++ b/src/daemon/modules/image/oci/oci_load.c
@@ -290,16 +290,6 @@ out:
return full_digest;
}
-static char *oci_load_without_sha256_prefix(char *digest)
-{
- if (digest == NULL) {
- ERROR("Invalid digest NULL when strip sha256 prefix");
- return NULL;
- }
-
- return digest + strlen(SHA256_PREFIX);
-}
-
static int registry_layer_from_tarball(const load_layer_blob_t *layer, const char *id, const char *parent)
{
int ret = 0;
@@ -345,7 +335,7 @@ static int oci_load_register_layers(load_image_t *desc)
}
for (i = 0; i < desc->layers_len; i++) {
- id = oci_load_without_sha256_prefix(desc->layers[i]->chain_id);
+ id = oci_image_id_from_digest(desc->layers[i]->chain_id);
if (id == NULL) {
ERROR("layer %zu have NULL digest for image %s", i, desc->im_id);
ret = -1;
@@ -457,7 +447,7 @@ static int oci_load_create_image(load_image_t *desc, const char *dst_tag)
top_layer_index = desc->layers_len - 1;
opts.create_time = &timestamp;
opts.digest = desc->manifest_digest;
- top_layer_id = oci_load_without_sha256_prefix(desc->layers[top_layer_index]->chain_id);
+ top_layer_id = oci_image_id_from_digest(desc->layers[top_layer_index]->chain_id);
if (top_layer_id == NULL) {
ERROR("NULL top layer id found for image %s", desc->im_id);
ret = -1;
@@ -764,7 +754,7 @@ static int oci_load_set_layers_info(load_image_t *im, const image_manifest_items
}
parent_chain_id_sha256 = im->layers[i]->chain_id;
- id = oci_load_without_sha256_prefix(im->layers[i]->chain_id);
+ id = oci_image_id_from_digest(im->layers[i]->chain_id);
if (id == NULL) {
ERROR("Wipe out sha256 prefix failed from layer with chain id : %s", im->layers[i]->chain_id);
ret = -1;
@@ -832,7 +822,8 @@ static load_image_t *oci_load_process_manifest(const image_manifest_items_elemen
goto out;
}
- image_id = oci_load_without_sha256_prefix(image_digest);
+ // call util_valid_digest to ensure digest is valid, so image id is valid
+ image_id = oci_image_id_from_digest(image_digest);
if (image_id == NULL) {
ret = -1;
ERROR("Remove sha256 prefix error from image digest %s", image_digest);
@@ -872,7 +863,7 @@ static int64_t get_layer_size_from_storage(char *chain_id_pre)
return -1;
}
- id = oci_load_without_sha256_prefix(chain_id_pre);
+ id = oci_image_id_from_digest(chain_id_pre);
if (id == NULL) {
ERROR("Get chain id failed from value:%s", chain_id_pre);
return -1;
diff --git a/src/daemon/modules/image/oci/registry/registry.c b/src/daemon/modules/image/oci/registry/registry.c
index 35753c79..4124281d 100644
--- a/src/daemon/modules/image/oci/registry/registry.c
+++ b/src/daemon/modules/image/oci/registry/registry.c
@@ -877,7 +877,13 @@ static int register_image(pull_descriptor *desc)
// lock when create image to make sure image content all exist
mutex_lock(&g_shared->image_mutex);
- image_id = util_without_sha256_prefix(desc->config.digest);
+ image_id = oci_image_id_from_digest(desc->config.digest);
+ if (image_id == NULL) {
+ ERROR("Invalid digest: %s", desc->config.digest);
+ isulad_try_set_error_message("invalid image digest: %s", desc->config.digest);
+ ret = -1;
+ goto out;
+ }
ret = create_image(desc, image_id, &reuse);
if (ret != 0) {
ERROR("create image %s failed", desc->image_name);
diff --git a/src/daemon/modules/image/oci/utils_images.c b/src/daemon/modules/image/oci/utils_images.c
index 4342db5b..f92ee59a 100644
--- a/src/daemon/modules/image/oci/utils_images.c
+++ b/src/daemon/modules/image/oci/utils_images.c
@@ -691,4 +691,19 @@ int oci_split_search_name(const char *search_name, char **host, char **name)
return 0;
}
-#endif
\ No newline at end of file
+#endif
+
+char *oci_image_id_from_digest(char *digest)
+{
+ if (digest == NULL) {
+ ERROR("Empty digest");
+ return NULL;
+ }
+
+ if (!util_valid_digest(digest)) {
+ ERROR("Load image with invalid digest: %s", digest);
+ return NULL;
+ }
+
+ return digest + strlen(SHA256_PREFIX);
+}
diff --git a/src/daemon/modules/image/oci/utils_images.h b/src/daemon/modules/image/oci/utils_images.h
index 2238bb91..ea0fb20a 100644
--- a/src/daemon/modules/image/oci/utils_images.h
+++ b/src/daemon/modules/image/oci/utils_images.h
@@ -61,6 +61,9 @@ char *get_hostname_to_strip(void);
char *oci_image_digest_pos(const char *name);
+// return a pointer to digest string without 'sha256:' prefix
+char *oci_image_id_from_digest(char *digest);
+
#ifdef __cplusplus
}
#endif
diff --git a/src/utils/cutils/utils.h b/src/utils/cutils/utils.h
index 83b20e5e..3acf0698 100644
--- a/src/utils/cutils/utils.h
+++ b/src/utils/cutils/utils.h
@@ -388,8 +388,6 @@ int util_generate_random_str(char *id, size_t len);
int util_check_inherited_exclude_fds(bool closeall, int *fds_to_ignore, size_t len_fds);
-char *util_without_sha256_prefix(char *digest);
-
int util_normalized_host_os_arch(char **host_os, char **host_arch, char **host_variant);
int util_read_pid_ppid_info(uint32_t pid, pid_ppid_info_t *pid_info);
diff --git a/src/utils/sha256/sha256.c b/src/utils/sha256/sha256.c
index 54cc2862..4e692355 100644
--- a/src/utils/sha256/sha256.c
+++ b/src/utils/sha256/sha256.c
@@ -388,7 +388,6 @@ char *sha256_full_digest_str(char *str)
char *util_without_sha256_prefix(char *digest)
{
if (digest == NULL || !util_has_prefix(digest, SHA256_PREFIX)) {
- ERROR("Invalid digest when strip sha256 prefix");
return NULL;
}
--
2.25.1

123
0030-mask-proxy-informations.patch Normal file
View File

@ -0,0 +1,123 @@
From ff67cabc3e3839ef4b539805ed54b5c826b6f446 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Mon, 4 Sep 2023 15:19:36 +0800
Subject: [PATCH 30/32] mask proxy informations
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
.../container_cb/execution_information.c | 86 ++++++++++++++++---
1 file changed, 74 insertions(+), 12 deletions(-)
diff --git a/src/daemon/executor/container_cb/execution_information.c b/src/daemon/executor/container_cb/execution_information.c
index 2f3d3627..86bb2894 100644
--- a/src/daemon/executor/container_cb/execution_information.c
+++ b/src/daemon/executor/container_cb/execution_information.c
@@ -176,24 +176,83 @@ out:
static int get_proxy_env(char **proxy, const char *type)
{
int ret = 0;
- char *tmp = NULL;
-
- *proxy = getenv(type);
- if (*proxy == NULL) {
- tmp = util_strings_to_upper(type);
+ int nret;
+ char *tmp_proxy = NULL;
+ char *col_pos = NULL;
+ char *at_pos = NULL;
+ size_t proxy_len;
+ const char *mask_str = "//xxxx:xxxx";
+
+ tmp_proxy = getenv(type);
+ if (tmp_proxy == NULL) {
+ char *tmp = util_strings_to_upper(type);
if (tmp == NULL) {
ERROR("Failed to upper string!");
- ret = -1;
- goto out;
- }
- *proxy = getenv(tmp);
- if (*proxy == NULL) {
- *proxy = "";
+ return -1;
}
+ tmp_proxy = getenv(tmp);
+ free(tmp);
+ }
+
+ if (tmp_proxy == NULL) {
+ return 0;
+ }
+
+ if (strlen(tmp_proxy) >= PATH_MAX) {
+ ERROR("Too long proxy string.");
+ return -1;
+ }
+ tmp_proxy = util_strdup_s(tmp_proxy);
+
+ if (strcmp(NO_PROXY, type) == 0) {
+ *proxy = tmp_proxy;
+ return 0;
+ }
+
+ // mask username and password of proxy
+ col_pos = strchr(tmp_proxy, ':');
+ if (col_pos == NULL) {
+ ERROR("Invalid proxy.");
+ ret = -1;
+ goto out;
+ }
+ at_pos = strrchr(tmp_proxy, '@');
+ if (at_pos == NULL) {
+ // no '@', represent no user information in proxy,
+ // just return original proxy
+ *proxy = tmp_proxy;
+ return 0;
+ }
+
+ // first colon position must before than at position
+ if ((at_pos - col_pos) < 0) {
+ ret = -1;
+ goto out;
}
+ // proxy with userinfo format like: 'http://xxx:xxx@xxxx.com'
+ // so masked proxy length = len(proxy) - (pos(@) - pos(:) + 1) + len(mask-str) + '\0'
+ proxy_len = strlen(tmp_proxy);
+ proxy_len -= (at_pos - tmp_proxy);
+ proxy_len += (col_pos - tmp_proxy) + 1;
+ proxy_len += strlen(mask_str) + 1;
+ *proxy = util_common_calloc_s(proxy_len);
+ if (*proxy == NULL) {
+ ERROR("Out of memory");
+ ret = -1;
+ goto out;
+ }
+ *col_pos = '\0';
+ nret = snprintf(*proxy, proxy_len, "%s:%s%s", tmp_proxy, mask_str, at_pos);
+ if (nret < 0 || nret >= proxy_len) {
+ ret = -1;
+ free(*proxy);
+ *proxy = NULL;
+ goto out;
+ }
+
out:
- free(tmp);
+ util_free_sensitive_string(tmp_proxy);
return ret;
}
@@ -340,6 +399,9 @@ static int isulad_info_cb(const host_info_request *request, host_info_response *
#endif
pack_response:
+ free(http_proxy);
+ free(https_proxy);
+ free(no_proxy);
if (*response != NULL) {
(*response)->cc = cc;
}
--
2.25.1

115
0031-add-testcase-for-isula-info.patch Normal file
View File

@ -0,0 +1,115 @@
From e40f451f5b919ba4154cc6005439f6b4370a7ac3 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Mon, 4 Sep 2023 17:13:13 +0800
Subject: [PATCH 31/32] add testcase for isula info
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
CI/test_cases/container_cases/info.sh | 95 +++++++++++++++++++++++++++
1 file changed, 95 insertions(+)
create mode 100755 CI/test_cases/container_cases/info.sh
diff --git a/CI/test_cases/container_cases/info.sh b/CI/test_cases/container_cases/info.sh
new file mode 100755
index 00000000..e6c03a49
--- /dev/null
+++ b/CI/test_cases/container_cases/info.sh
@@ -0,0 +1,95 @@
+#!/bin/bash
+#
+# attributes: isula info operator
+# concurrent: YES
+# spend time: 1
+
+#######################################################################
+##- Copyright (c) Huawei Technologies Co., Ltd. 2023. All rights reserved.
+# - iSulad licensed under the Mulan PSL v2.
+# - You can use this software according to the terms and conditions of the Mulan PSL v2.
+# - You may obtain a copy of Mulan PSL v2 at:
+# - http://license.coscl.org.cn/MulanPSL2
+# - THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+# - IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+# - PURPOSE.
+# - See the Mulan PSL v2 for more details.
+##- @Description:CI
+##- @Author: haozi007
+##- @Create: 2023-09-04
+#######################################################################
+
+curr_path=$(dirname $(readlink -f "$0"))
+data_path=$(realpath $curr_path/../data)
+source ../helpers.sh
+
+function do_test_t()
+{
+ check_valgrind_log
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++))
+ export http_proxy="http://test:123456@testproxy.com"
+ export https_proxy="http://test:123456@testproxy.com"
+ export no_proxy="127.0.0.1"
+ start_isulad_with_valgrind
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++))
+ isula info | grep "Http Proxy" | grep "http://xxxx:xxxx@testproxy.com"
+ fn_check_eq "$?" "0" "check http proxy failed"
+ isula info | grep "Https Proxy" | grep "http://xxxx:xxxx@testproxy.com"
+ fn_check_eq "$?" "0" "check https proxy failed"
+ isula info | grep "No Proxy" | grep "127.0.0.1"
+ fn_check_eq "$?" "0" "check no proxy failed"
+
+ check_valgrind_log
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++))
+ export http_proxy="https://example.com"
+ export no_proxy="127.0.0.1"
+ start_isulad_with_valgrind
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++))
+ isula info | grep "Http Proxy" | grep "https://example.com"
+ fn_check_eq "$?" "0" "check http proxy failed"
+ isula info | grep "No Proxy" | grep "127.0.0.1"
+ fn_check_eq "$?" "0" "check no proxy failed"
+
+ check_valgrind_log
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++))
+ export http_proxy="http//abc.com"
+ export no_proxy="127.0.0.1:localhost"
+ start_isulad_with_valgrind
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++))
+ isula info | grep "Http Proxy"
+ fn_check_ne "$?" "0" "check http proxy failed"
+ isula info | grep "No Proxy"
+ fn_check_ne "$?" "0" "check no proxy failed"
+
+ check_valgrind_log
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++))
+ export http_proxy="http//xxxx@abc:abc.com"
+ export no_proxy="127.0.0.1"
+ start_isulad_with_valgrind
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++))
+ isula info | grep "Http Proxy"
+ fn_check_ne "$?" "0" "check http proxy failed"
+ isula info | grep "No Proxy"
+ fn_check_ne "$?" "0" "check no proxy failed"
+
+ check_valgrind_log
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++))
+ unset https_proxy http_proxy no_proxy
+ start_isulad_with_valgrind
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++))
+ isula info | grep "Http Proxy"
+ fn_check_ne "$?" "0" "check http proxy failed"
+ isula info | grep "No Proxy"
+ fn_check_ne "$?" "0" "check no proxy failed"
+
+ return $TC_RET_T
+}
+
+ret=0
+
+do_test_t
+if [ $? -ne 0 ];then
+ let "ret=$ret + 1"
+fi
+
+show_result $ret "basic info"
--
2.25.1

25
0032-fix-oci-import-compile-error.patch Normal file
View File

@ -0,0 +1,25 @@
From ff0bf5155c163c5230b3ac6d71e2dfc1ed6cfa01 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Tue, 12 Sep 2023 17:24:24 +0800
Subject: [PATCH 32/32] fix oci import compile error
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
src/daemon/modules/image/oci/oci_import.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/daemon/modules/image/oci/oci_import.c b/src/daemon/modules/image/oci/oci_import.c
index 0568c23f..058107a4 100644
--- a/src/daemon/modules/image/oci/oci_import.c
+++ b/src/daemon/modules/image/oci/oci_import.c
@@ -33,6 +33,7 @@
#include "utils_file.h"
#include "utils_timestamp.h"
#include "util_archive.h"
+#include "utils_images.h"
#define IMPORT_COMMENT "Imported from tarball"
#define ROOTFS_TYPE "layers"
--
2.25.1

60
0033-2188-Support-both-C-11-and-C-17.patch Normal file
View File

@ -0,0 +1,60 @@
From bfd1b325eb93083ce4478c28aa61101ac553b458 Mon Sep 17 00:00:00 2001
From: xuxuepeng <xuxuepeng1@huawei.com>
Date: Wed, 13 Sep 2023 02:16:12 +0000
Subject: [PATCH 33/33] !2188 Support both C++11 and C++17 * Support both C++11
and C++17
---
cmake/set_build_flags.cmake | 11 ++++++++++-
test/fuzz/CMakeLists.txt | 13 ++++++++++++-
2 files changed, 22 insertions(+), 2 deletions(-)
diff --git a/cmake/set_build_flags.cmake b/cmake/set_build_flags.cmake
index 09c85c65..38069791 100644
--- a/cmake/set_build_flags.cmake
+++ b/cmake/set_build_flags.cmake
@@ -3,7 +3,16 @@ set(CMAKE_C_FLAGS "-fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -Wall -fP
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__FILENAME__='\"$(subst ${CMAKE_SOURCE_DIR}/,,$(abspath $<))\"'")
if (GRPC_CONNECTOR)
- set(CMAKE_CXX_FLAGS "-fPIC -std=c++17 -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -Wall -Wno-error=deprecated-declarations")
+ include(CheckCXXCompilerFlag)
+ CHECK_CXX_COMPILER_FLAG("-std=c++17" COMPILER_SUPPORTS_CXX17)
+ if (COMPILER_SUPPORTS_CXX17)
+ message(STATUS "The compiler ${CMAKE_CXX_COMPILER} has C++17 support.")
+ set(CMAKE_CXX_VERSION "-std=c++17")
+ else()
+ message(STATUS "The compiler ${CMAKE_CXX_COMPILER} has no C++17 support. Use C++11.")
+ set(CMAKE_CXX_VERSION "-std=c++11")
+ endif()
+ set(CMAKE_CXX_FLAGS "-fPIC ${CMAKE_CXX_VERSION} -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -Wall -Wno-error=deprecated-declarations")
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -D__FILENAME__='\"$(subst ${CMAKE_SOURCE_DIR}/,,$(abspath $<))\"'")
endif()
set(CMAKE_SHARED_LINKER_FLAGS "-Wl,-E -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wtrampolines -shared -pthread")
diff --git a/test/fuzz/CMakeLists.txt b/test/fuzz/CMakeLists.txt
index 617a168f..0682ffa3 100644
--- a/test/fuzz/CMakeLists.txt
+++ b/test/fuzz/CMakeLists.txt
@@ -34,7 +34,18 @@ MESSAGE(STATUS "GCLANG_PP_BINARY is set to ${GCLANG_PP_BINARY}")
SET(CMAKE_C_COMPILER "${GCLANG_BINARY}")
SET(CMAKE_CXX_COMPILER "${GCLANG_PP_BINARY}")
SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -g -O0 --coverage -fsanitize=fuzzer,address -fsanitize-coverage=indirect-calls,trace-cmp,trace-div,trace-gep")
-SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -g -O0 --coverage -std=c++17 -fsanitize=fuzzer,address -fsanitize-coverage=indirect-calls,trace-cmp,trace-div,trace-gep")
+
+include(CheckCXXCompilerFlag)
+CHECK_CXX_COMPILER_FLAG("-std=c++17" COMPILER_SUPPORTS_CXX17)
+if (COMPILER_SUPPORTS_CXX17)
+ message(STATUS "The compiler ${CMAKE_CXX_COMPILER} has C++17 support.")
+ set(CMAKE_CXX_VERSION "-std=c++17")
+else()
+ message(STATUS "The compiler ${CMAKE_CXX_COMPILER} has no C++17 support. Use C++11.")
+ set(CMAKE_CXX_VERSION "-std=c++11")
+endif()
+
+SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -g -O0 --coverage ${CMAKE_CXX_VERSION} -fsanitize=fuzzer,address -fsanitize-coverage=indirect-calls,trace-cmp,trace-div,trace-gep")
SET(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
SET(EXE0 test_volume_mount_spec_fuzz)
--
2.40.1

97
iSulad.spec
View File

@ -1,8 +1,10 @@
%global _version 2.1.2
%global _release 4
%global _version 2.1.3
%global _release 6
%global is_systemd 1
%global enable_criv1 1
%global enable_shimv2 1
%global is_embedded 1
%global cpp_std 17
Name: iSulad
Version: %{_version}
@ -13,21 +15,39 @@ URL: https://gitee.com/openeuler/iSulad
Source: https://gitee.com/openeuler/iSulad/repository/archive/v%{version}.tar.gz
BuildRoot: {_tmppath}/iSulad-%{version}
Patch0001: 0001-convert-files-from-CRLF-to-LF.patch
Patch0002: 0002-restore-ping-head.patch
Patch0003: 0003-fix-health_check.sh.patch
Patch0004: 0004-ensure-isulad_io-not-NULL-before-close-fd.patch
Patch0005: 0005-recheck-delete-command-exit-status.patch
Patch0006: 0006-restore-execSync-return-value.patch
Patch0007: 0007-reinforce-cri_stream.sh-and-health_check.sh.patch
Patch0008: 0008-reinforce-omit-health_check.sh.patch
Patch0009: 0009-fix-memory-leak-and-array-access-out-of-range.patch
Patch0010: 0010-fix-memory-leak-of-top_layer.patch
Patch0011: 0011-distinguishing-exit-codes-between-shim-and-container.patch
Patch0012: 0012-fix-hugetlbs-malloc-length.patch
Patch0013: 0013-fix-forget-to-set-return-value.patch
Patch0014: 0014-ensure-define-in-local-and-use-correctly-type.patch
Patch0015: 0015-Revert-the-changes-in-util_smart_calloc_s.patch
Patch0001: 0001-2155-Use-reference-in-loop-in-listpodsandbox.patch
Patch0002: 0002-2156-Fix-sandbox-error-logging.patch
Patch0003: 0003-2158-Use-crictl-v1.22.0-for-ci.patch
Patch0004: 0004-2162-Fix-rename-issue-for-id-manager.patch
Patch0005: 0005-2163-add-bind-mount-file-lock.patch
Patch0006: 0006-2168-fix-code-bug.patch
Patch0007: 0007-2171-Fix-nullptr-in-src-daemon-entry.patch
Patch0008: 0008-Add-vsock-support-for-exec.patch
Patch0009: 0009-remove-unneccessary-strerror.patch
Patch0010: 0010-do-not-report-low-level-error-to-user.patch
Patch0011: 0011-remove-usage-of-strerror-with-user-defined-errno.patch
Patch0012: 0012-use-gmtime_r-to-replace-gmtime.patch
Patch0013: 0013-improve-report-error-message-of-client.patch
Patch0014: 0014-adapt-new-error-message-for-isula-cp.patch
Patch0015: 0015-2182-Add-mutex-for-container-list-in-sandbox.patch
Patch0016: 0016-2180-fix-execlp-not-enough-args.patch
Patch0017: 0017-2135-modify-incorrect-variable-type.patch
Patch0018: 0018-make-sure-the-input-parameter-is-not-empty-and-optim.patch
Patch0019: 0019-remove-password-in-url-module-and-clean-sensitive-in.patch
Patch0020: 0020-2153-fix-codecheck.patch
Patch0021: 0021-2157-bugfix-for-memset.patch
Patch0022: 0022-2159-use-macros-to-isolate-the-password-option-of-lo.patch
Patch0023: 0023-2161-bugfix-for-api-cmakelist.patch
Patch0024: 0024-2165-preventing-the-use-of-insecure-isulad-tmpdir-di.patch
Patch0025: 0025-2166-move-ensure_isulad_tmpdir_security-function-to-.patch
Patch0026: 0026-2169-using-macros-to-isolate-isulad-s-enable_plugin-.patch
Patch0027: 0027-2178-clean-path-for-fpath-and-verify-chain-id.patch
Patch0028: 0028-2179-modify-the-permissions-of-tmpdir-and-file-lock-.patch
Patch0029: 0029-image-ensure-id-of-loaded-and-pulled-image-is-valid.patch
Patch0030: 0030-mask-proxy-informations.patch
Patch0031: 0031-add-testcase-for-isula-info.patch
Patch0032: 0032-fix-oci-import-compile-error.patch
Patch0033: 0033-2188-Support-both-C-11-and-C-17.patch
%ifarch x86_64 aarch64
Provides: libhttpclient.so()(64bit)
@ -56,10 +76,9 @@ Requires: sqlite
BuildRequires: gtest-devel gmock-devel
%endif
%define lcrver_lower 2.1.1-0
%define lcrver_upper 2.1.2-0
%define lcrver_lower 2.1.2-0
%define lcrver_upper 2.1.3-0
BuildRequires: lcr-devel > %{lcrver_lower} lcr-devel < %{lcrver_upper}
BuildRequires: libisula-devel > %{lcrver_lower} libisula-devel < %{lcrver_upper}
BuildRequires: cmake gcc-c++ yajl-devel lxc lxc-devel
BuildRequires: grpc grpc-plugins grpc-devel protobuf-devel
@ -67,6 +86,7 @@ BuildRequires: libcurl libcurl-devel libarchive-devel device-mapper-devel
BuildRequires: http-parser-devel
BuildRequires: libseccomp-devel libcap-devel libselinux-devel libwebsockets libwebsockets-devel
BuildRequires: systemd-devel git
BuildRequires: libevhtp-devel libevent-devel
%if 0%{?enable_shimv2}
BuildRequires: lib-shim-v2 lib-shim-v2-devel
%endif
@ -79,6 +99,7 @@ Requires: libcurl
Requires: http-parser libseccomp
Requires: libcap libselinux libwebsockets libarchive device-mapper
Requires: systemd
BuildRequires: libevhtp libevent
%if 0%{?enable_shimv2}
Requires: lib-shim-v2
%endif
@ -93,19 +114,31 @@ Runtime Daemon, written by C.
%build
mkdir -p build
cd build
%cmake \
-DDEBUG=ON \
-DCMAKE_SKIP_RPATH=TRUE \
-DLIB_INSTALL_DIR=%{_libdir} \
-DCMAKE_INSTALL_PREFIX=/usr \
%if 0%{?enable_criv1}
-DENABLE_CRI_API_V1=ON \
-DENABLE_SANDBOXER=ON \
%endif
%if 0%{?enable_shimv2}
-DENABLE_SHIM_V2=ON \
%endif
%if %{defined openeuler}
%cmake -DDEBUG=ON -DCMAKE_SKIP_RPATH=TRUE -DLIB_INSTALL_DIR=%{_libdir} -DCMAKE_INSTALL_PREFIX=/usr -DENABLE_SHIM_V2=ON -DENABLE_UT=ON -DENABLE_GRPC_REMOTE_CONNECT=ON ../
%else
%cmake -DDEBUG=ON -DCMAKE_SKIP_RPATH=TRUE -DLIB_INSTALL_DIR=%{_libdir} -DCMAKE_INSTALL_PREFIX=/usr -DENABLE_SHIM_V2=ON -DENABLE_GRPC_REMOTE_CONNECT=ON ../
%endif
%else
%if %{defined openeuler}
%cmake -DDEBUG=ON -DCMAKE_SKIP_RPATH=TRUE -DLIB_INSTALL_DIR=%{_libdir} -DCMAKE_INSTALL_PREFIX=/usr -DENABLE_UT=ON -DENABLE_GRPC_REMOTE_CONNECT=ON ../
%else
%cmake -DDEBUG=ON -DCMAKE_SKIP_RPATH=TRUE -DLIB_INSTALL_DIR=%{_libdir} -DCMAKE_INSTALL_PREFIX=/usr -DENABLE_GRPC_REMOTE_CONNECT=ON ../
-DENABLE_UT=OFF \
%endif
-DENABLE_GRPC_REMOTE_CONNECT=OFF \
-DENABLE_GRPC=ON \
-DCMAKE_CXX_STANDARD=%{cpp_std} \
../
sed -i "10 a\# undef linux" grpc/src/api/services/cri/v1alpha/api.pb.h
%if 0%{?enable_criv1}
sed -i "10 a\# undef linux" grpc/src/api/services/cri/v1/api_v1.pb.h
%endif
%make_build
%check
@ -270,6 +303,12 @@ fi
%endif
%changelog
* Tue Sep 19 2023 zhongtao <zhongtao17@huawei.com> - 2.1.3-6
- Type: sync
- ID: NA
- SUG: NA
- DESC: Synchronize branch with 23.09
* Mon May 29 2023 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.1.2-4
- Type: bugfix
- ID: NA

BIN
v2.1.2.tar.gz → v2.1.3.tar.gz
View File

Binary file not shown.