From 365eb0b1969d296e7e6894af9f913b3e24f81c21 Mon Sep 17 00:00:00 2001
From: zhongjiawei <zhongjiawei1@huawei.com>
Date: Thu, 1 Dec 2022 15:19:28 +0800
Subject: [PATCH] docker:do not stop health check before sending signal

---
 VERSION-vendor                                |  2 +-
 docker.spec                                   |  8 ++-
 git-commit                                    |  2 +-
 ...op-health-check-before-sending-signa.patch | 60 +++++++++++++++++++
 series.conf                                   |  1 +
 5 files changed, 70 insertions(+), 3 deletions(-)
 create mode 100644 patch/0235-docker-do-not-stop-health-check-before-sending-signa.patch

diff --git a/VERSION-vendor b/VERSION-vendor
index 9decb1e..3f3f526 100644
--- a/VERSION-vendor
+++ b/VERSION-vendor
@@ -1 +1 @@
-18.09.0.315
+18.09.0.316
diff --git a/docker.spec b/docker.spec
index 76b8937..d1126e8 100644
--- a/docker.spec
+++ b/docker.spec
@@ -1,6 +1,6 @@
 Name: docker-engine
 Version: 18.09.0
-Release: 315
+Release: 316
 Epoch: 2
 Summary: The open-source application container engine
 Group: Tools/Docker
@@ -213,6 +213,12 @@ fi
 %endif
 
 %changelog
+* Thu Dec 01 2022 zhongjiawei<zhongjiawei1@huawei.com> - 18.09.0-316
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:do not stop health check before sending signal
+
 * Thu Nov 24 2022 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-315
 - Type:bugfix
 - CVE:NA
diff --git a/git-commit b/git-commit
index 7d98d06..a56ab65 100644
--- a/git-commit
+++ b/git-commit
@@ -1 +1 @@
-c8f038afd97f57b150946e88df14762a5d4dfc98
+9b9af2f4670efbadf39b4fce731a677ad70ebb07
diff --git a/patch/0235-docker-do-not-stop-health-check-before-sending-signa.patch b/patch/0235-docker-do-not-stop-health-check-before-sending-signa.patch
new file mode 100644
index 0000000..849b303
--- /dev/null
+++ b/patch/0235-docker-do-not-stop-health-check-before-sending-signa.patch
@@ -0,0 +1,60 @@
+From b1151e821dd3510b88c67db5694f06fa6c772767 Mon Sep 17 00:00:00 2001
+From: zhongjiawei <zhongjiawei1@huawei.com>
+Date: Thu, 1 Dec 2022 15:09:28 +0800
+Subject: [PATCH] docker:do not stop health check before sending signal
+
+---
+ components/engine/daemon/kill.go              |  2 --
+ .../integration-cli/docker_cli_health_test.go | 26 +++++++++++++++++++
+ 2 files changed, 26 insertions(+), 2 deletions(-)
+
+diff --git a/components/engine/daemon/kill.go b/components/engine/daemon/kill.go
+index cb0ec61d..13079a60 100644
+--- a/components/engine/daemon/kill.go
++++ b/components/engine/daemon/kill.go
+@@ -64,8 +64,6 @@ func (daemon *Daemon) killWithSignal(container *containerpkg.Container, sig int)
+ 	container.Lock()
+ 	defer container.Unlock()
+ 
+-	daemon.stopHealthchecks(container)
+-
+ 	// We could unpause the container for them rather than returning this error
+ 	if container.Paused {
+ 		return fmt.Errorf("Container %s is paused. Unpause the container before stopping or killing", container.ID)
+diff --git a/components/engine/integration-cli/docker_cli_health_test.go b/components/engine/integration-cli/docker_cli_health_test.go
+index 4fb63994..2b5b3672 100644
+--- a/components/engine/integration-cli/docker_cli_health_test.go
++++ b/components/engine/integration-cli/docker_cli_health_test.go
+@@ -165,3 +165,29 @@ ENTRYPOINT /bin/sh -c "sleep 600"`))
+ 	waitForHealthStatus(c, name, "starting", "healthy")
+ 
+ }
++
++// GitHub #37263
++func (s *DockerSuite) TestHealthKillContainer(c *check.C) {
++        testRequires(c, DaemonIsLinux) // busybox doesn't work on Windows
++
++        imageName := "testhealth"
++        buildImageSuccessfully(c, imageName, build.WithDockerfile(`FROM busybox
++HEALTHCHECK --interval=1s --timeout=5s --retries=5 CMD /bin/sh -c "sleep 1"
++ENTRYPOINT /bin/sh -c "sleep 600"`))
++
++        name := "test_health_kill"
++        dockerCmd(c, "run", "-d", "--name", name, imageName)
++        defer func() {
++                dockerCmd(c, "rm", "-f", name)
++                dockerCmd(c, "rmi", imageName)
++        }()
++
++        // Start
++        dockerCmd(c, "start", name)
++        waitForHealthStatus(c, name, "starting", "healthy")
++
++        dockerCmd(c, "kill", "-s", "SIGINT", name)
++        out, _ := dockerCmd(c, "inspect", "--format={{.State.Health.Status}}", name)
++        c.Check(out, checker.Equals, "healthy\n")
++
++}
+-- 
+2.30.0
+
diff --git a/series.conf b/series.conf
index 11abb1d..7a0b884 100644
--- a/series.conf
+++ b/series.conf
@@ -232,4 +232,5 @@ patch/0231-docker-AdditionalGids-must-include-effective-group-I.patch
 patch/0232-docker-ensure-layer-digest-folder-removed-if-ls.driv.patch
 patch/0233-docker-cleanup-netns-file-when-close-docker-daemon.patch
 patch/0234-docker-Read-connection-marking-information-from-CT-f.patch
+patch/0235-docker-do-not-stop-health-check-before-sending-signa.patch
 #end