diff --git a/VERSION-openeuler b/VERSION-openeuler index 436bd5c..7ec2de2 100644 --- a/VERSION-openeuler +++ b/VERSION-openeuler @@ -1 +1 @@ -18.09.0.301 +18.09.0.302 diff --git a/docker.spec b/docker.spec index 91996f6..190693b 100644 --- a/docker.spec +++ b/docker.spec @@ -1,6 +1,6 @@ Name: docker-engine Version: 18.09.0 -Release: 301 +Release: 302 Summary: The open-source application container engine Group: Tools/Docker @@ -212,6 +212,12 @@ fi %endif %changelog +* Tue Jun 28 2022 zjw - 18.09.0-302 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:fix status inconsistent after restart container + * Thu Jun 16 2022 duyiwei - 18.09.0-301 - Type:bugfix - CVE:CVE-2022-24769 diff --git a/git-commit b/git-commit index cf37fa1..0d22777 100644 --- a/git-commit +++ b/git-commit @@ -1 +1 @@ -aa1eee89dbf55f1be74beab946d39bd5308554f6 +9168ea3a0f5f112a9cca9c63f33766cbcb7a58cc diff --git a/patch/0220-docker-fix-endpoint-with-name-container_xx-already-e.patch b/patch/0220-docker-fix-endpoint-with-name-container_xx-already-e.patch index 4ef7e8b..11eeabd 100644 --- a/patch/0220-docker-fix-endpoint-with-name-container_xx-already-e.patch +++ b/patch/0220-docker-fix-endpoint-with-name-container_xx-already-e.patch @@ -1,33 +1,34 @@ -From a7c1bbed0aed4c9a5c67871f7506646c07c34574 Mon Sep 17 00:00:00 2001 +From ba62de1350b25ec1d85eff67bd3c8c5be98d02a7 Mon Sep 17 00:00:00 2001 From: chenjiankun -Date: Thu, 9 Dec 2021 20:58:32 +0800 +Date: Thu, 17 Mar 2022 20:18:30 +0800 Subject: [PATCH] docker: fix "endpoint with name container_xx already exists in network none" error --- - components/engine/daemon/kill.go | 9 +++++++++ - 1 file changed, 9 insertions(+) + components/engine/daemon/kill.go | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/components/engine/daemon/kill.go b/components/engine/daemon/kill.go -index 2652f7ad2..0388b16c9 100644 +index 2652f7ad2..cb0ec61d1 100644 --- a/components/engine/daemon/kill.go +++ b/components/engine/daemon/kill.go -@@ -163,6 +163,15 @@ func (daemon *Daemon) Kill(container *containerpkg.Container) error { +@@ -162,7 +162,16 @@ func (daemon *Daemon) Kill(container *containerpkg.Container) error { + if isErrNoSuchProcess(err) { // there is a case where we hit here before the exit event is processed // So let's wait the container's stop timeout amount of time to see if the event is eventually processed - container.WaitForState(containerpkg.WaitConditionNotRunning, container.StopTimeout()) -+ // using mock exit event to handle container exit -+ ei := libcontainerd.EventInfo{ -+ ContainerID: container.ID, -+ ProcessID: container.ID, -+ Pid: uint32(container.GetPID()), -+ ExitCode: 137, -+ ExitedAt: time.Now(), +- container.WaitForState(containerpkg.WaitConditionNotRunning, container.StopTimeout()) ++ if err := container.WaitForState(containerpkg.WaitConditionNotRunning, container.StopTimeout()); err != nil { ++ ei := libcontainerd.EventInfo{ ++ ContainerID: container.ID, ++ ProcessID: container.ID, ++ Pid: uint32(container.GetPID()), ++ ExitCode: 137, ++ ExitedAt: time.Now(), ++ } ++ daemon.ProcessEvent(container.ID, libcontainerd.EventExit, ei) + } -+ daemon.ProcessEvent(container.ID, libcontainerd.EventExit, ei) return nil } return err -- -2.27.0 - +2.23.0 diff --git a/patch/0224-fix-rwlayer-umountd-after-container-restart.patch b/patch/0224-fix-rwlayer-umountd-after-container-restart.patch new file mode 100644 index 0000000..17b3e2e --- /dev/null +++ b/patch/0224-fix-rwlayer-umountd-after-container-restart.patch @@ -0,0 +1,36 @@ +From e37f4e4f738b605fe5ea1030e39da8d723260007 Mon Sep 17 00:00:00 2001 +From: chenjiankun +Date: Fri, 18 Mar 2022 11:19:28 +0800 +Subject: [PATCH] docker: fix rwlayer umountd after container restart + +if exit event be handled to slow, then the exit event maybe handled again. +we need to add a check after the container lock acquired. +--- + components/engine/daemon/monitor.go | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/components/engine/daemon/monitor.go b/components/engine/daemon/monitor.go +index 0aadf33fd..0bf7f0379 100644 +--- a/components/engine/daemon/monitor.go ++++ b/components/engine/daemon/monitor.go +@@ -60,6 +60,17 @@ func (daemon *Daemon) ProcessEvent(id string, e libcontainerd.EventType, ei libc + if int(ei.Pid) == c.Pid { + logrus.Infof("handle container %s exit event pid=%d", c.ID, c.Pid) + c.Lock() ++ ++ // ProcessEvent could be called concurrently, and will execute serial ++ // for c.Lock(), but int(ei.Pid) == c.Pid has already pass. It will cause ++ // daemon.Cleanup be called twice. This will make rwlayer umount in docker ++ // restart, get "fork/exec /proc/self/exe: no such file or directory" err. ++ // Adding this under c.Lock(), could avaid daemon.Cleanup be called again. ++ if c.Pid == 0 || int(ei.Pid) != c.Pid { ++ c.Unlock() ++ return nil ++ } ++ + _, _, err := daemon.containerd.DeleteTask(context.Background(), c.ID) + if err != nil { + logrus.WithError(err).Warnf("failed to delete container %s from containerd", c.ID) +-- +2.23.0 + diff --git a/series.conf b/series.conf index 10ac7eb..bf9a26a 100644 --- a/series.conf +++ b/series.conf @@ -221,4 +221,5 @@ patch/0220-docker-fix-endpoint-with-name-container_xx-already-e.patch patch/0221-docker-fix-Up-292-years-in-status-in-docker-ps-a.patch patch/0222-docker-Use-original-process-spec-for-execs.patch patch/0223-docker-fix-CVE-2022-24769.patch +patch/0224-fix-rwlayer-umountd-after-container-restart.patch #end