iSulad/0003-bugfix-for-mount-point-remains-under-special-circums.patch

From cd018d3c1ebff2a328912d99fc43c9a7e4f60704 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Thu, 25 Jan 2024 11:24:59 +0800
Subject: [PATCH 3/6] bugfix for mount point remains under special
 circumstances

Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
 src/cmd/isulad/main.c                              | 14 +++++++-------
 .../modules/container/leftover_cleanup/cleanup.c   | 14 +++++++-------
 src/utils/tar/util_archive.c                       | 14 +++++++-------
 3 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c
index d9d8afa0..deca72be 100644
--- a/src/cmd/isulad/main.c
+++ b/src/cmd/isulad/main.c
@@ -1271,23 +1271,23 @@ static int do_ensure_isulad_tmpdir_security(const char *isulad_tmp_dir)
     char tmp_dir[PATH_MAX] = { 0 };
     char cleanpath[PATH_MAX] = { 0 };
 
-    nret = snprintf(tmp_dir, PATH_MAX, "%s/isulad_tmpdir", isulad_tmp_dir);
-    if (nret < 0 || (size_t)nret >= PATH_MAX) {
-        ERROR("Failed to snprintf");
+    if (realpath(isulad_tmp_dir, cleanpath) == NULL) {
+        ERROR("Failed to get real path for %s", tmp_dir);
         return -1;
     }
 
-    if (util_clean_path(tmp_dir, cleanpath, sizeof(cleanpath)) == NULL) {
-        ERROR("Failed to clean path for %s", tmp_dir);
+    nret = snprintf(tmp_dir, PATH_MAX, "%s/isulad_tmpdir", cleanpath);
+    if (nret < 0 || (size_t)nret >= PATH_MAX) {
+        ERROR("Failed to snprintf");
         return -1;
     }
 
-    if (isulad_tmpdir_security_check(cleanpath) == 0) {
+    if (isulad_tmpdir_security_check(tmp_dir) == 0) {
         return 0;
     }
 
     INFO("iSulad tmpdir: %s does not meet security requirements, recreate it", isulad_tmp_dir);
-    return recreate_tmpdir(cleanpath);
+    return recreate_tmpdir(tmp_dir);
 }
 
 static int ensure_isulad_tmpdir_security()
diff --git a/src/daemon/modules/container/leftover_cleanup/cleanup.c b/src/daemon/modules/container/leftover_cleanup/cleanup.c
index b78a4d15..08151f42 100644
--- a/src/daemon/modules/container/leftover_cleanup/cleanup.c
+++ b/src/daemon/modules/container/leftover_cleanup/cleanup.c
@@ -175,22 +175,22 @@ static void cleanup_path(char *dir)
     char tmp_dir[PATH_MAX] = { 0 };
     char cleanpath[PATH_MAX] = { 0 };
 
-    nret = snprintf(tmp_dir, PATH_MAX, "%s/isulad_tmpdir", dir);
-    if (nret < 0 || (size_t)nret >= PATH_MAX) {
-        ERROR("Failed to snprintf");
+    if (realpath(dir, cleanpath) == NULL) {
+        ERROR("get real path for %s failed", tmp_dir);
         return;
     }
 
-    if (util_clean_path(tmp_dir, cleanpath, sizeof(cleanpath)) == NULL) {
-        ERROR("clean path for %s failed", tmp_dir);
+    nret = snprintf(tmp_dir, PATH_MAX, "%s/isulad_tmpdir", cleanpath);
+    if (nret < 0 || (size_t)nret >= PATH_MAX) {
+        ERROR("Failed to snprintf");
         return;
     }
 
-    if (!util_dir_exists(cleanpath)) {
+    if (!util_dir_exists(tmp_dir)) {
         return;
     }
 
-    nret = util_scan_subdirs(cleanpath, walk_isulad_tmpdir_cb, NULL);
+    nret = util_scan_subdirs(tmp_dir, walk_isulad_tmpdir_cb, NULL);
     if (nret != 0) {
         ERROR("failed to scan isulad tmp subdirs");
     }
diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c
index 0a7309c9..e4c302bc 100644
--- a/src/utils/tar/util_archive.c
+++ b/src/utils/tar/util_archive.c
@@ -218,18 +218,18 @@ static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, ch
         isulad_tmpdir_env = DEFAULT_ISULAD_TMPDIR;
     }
 
-    nret = snprintf(isula_tmpdir, PATH_MAX, "%s/isulad_tmpdir", isulad_tmpdir_env);
-    if (nret < 0 || (size_t)nret >= PATH_MAX) {
-        ERROR("Failed to snprintf");
+    if (realpath(isulad_tmpdir_env, cleanpath) == NULL) {
+        ERROR("Failed to get real path for %s", isula_tmpdir);
         return -1;
     }
 
-    if (util_clean_path(isula_tmpdir, cleanpath, sizeof(cleanpath)) == NULL) {
-        ERROR("clean path for %s failed", isula_tmpdir);
+    nret = snprintf(isula_tmpdir, PATH_MAX, "%s/isulad_tmpdir", cleanpath);
+    if (nret < 0 || (size_t)nret >= PATH_MAX) {
+        ERROR("Failed to snprintf");
         return -1;
     }
 
-    nret = snprintf(tmp_dir, PATH_MAX, "%s/tar-chroot-XXXXXX", cleanpath);
+    nret = snprintf(tmp_dir, PATH_MAX, "%s/tar-chroot-XXXXXX", isula_tmpdir);
     if (nret < 0 || (size_t)nret >= PATH_MAX) {
         ERROR("Failed to snprintf string");
         return -1;
@@ -247,7 +247,7 @@ static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, ch
     }
 
     // ensure parent dir is exist
-    if (util_mkdir_p(cleanpath, ISULAD_TEMP_DIRECTORY_MODE) != 0) {
+    if (util_mkdir_p(isula_tmpdir, ISULAD_TEMP_DIRECTORY_MODE) != 0) {
         return -1;
     }
 
-- 
2.25.1
!658 update to v2.1.5 * update to v2.1.5 2024-02-04 02:17:02 +00:00			`From cd018d3c1ebff2a328912d99fc43c9a7e4f60704 Mon Sep 17 00:00:00 2001`
			`From: zhongtao <zhongtao17@huawei.com>`
			`Date: Thu, 25 Jan 2024 11:24:59 +0800`
			`Subject: [PATCH 3/6] bugfix for mount point remains under special`
			`circumstances`

			`Signed-off-by: zhongtao <zhongtao17@huawei.com>`
			`---`
			`src/cmd/isulad/main.c \| 14 +++++++-------`
			`.../modules/container/leftover_cleanup/cleanup.c \| 14 +++++++-------`
			`src/utils/tar/util_archive.c \| 14 +++++++-------`
			`3 files changed, 21 insertions(+), 21 deletions(-)`

			`diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c`
			`index d9d8afa0..deca72be 100644`
			`--- a/src/cmd/isulad/main.c`
			`+++ b/src/cmd/isulad/main.c`
			`@@ -1271,23 +1271,23 @@ static int do_ensure_isulad_tmpdir_security(const char *isulad_tmp_dir)`
			`char tmp_dir[PATH_MAX] = { 0 };`
			`char cleanpath[PATH_MAX] = { 0 };`

			`- nret = snprintf(tmp_dir, PATH_MAX, "%s/isulad_tmpdir", isulad_tmp_dir);`
			`- if (nret < 0 \|\| (size_t)nret >= PATH_MAX) {`
			`- ERROR("Failed to snprintf");`
			`+ if (realpath(isulad_tmp_dir, cleanpath) == NULL) {`
			`+ ERROR("Failed to get real path for %s", tmp_dir);`
			`return -1;`
			`}`

			`- if (util_clean_path(tmp_dir, cleanpath, sizeof(cleanpath)) == NULL) {`
			`- ERROR("Failed to clean path for %s", tmp_dir);`
			`+ nret = snprintf(tmp_dir, PATH_MAX, "%s/isulad_tmpdir", cleanpath);`
			`+ if (nret < 0 \|\| (size_t)nret >= PATH_MAX) {`
			`+ ERROR("Failed to snprintf");`
			`return -1;`
			`}`

			`- if (isulad_tmpdir_security_check(cleanpath) == 0) {`
			`+ if (isulad_tmpdir_security_check(tmp_dir) == 0) {`
			`return 0;`
			`}`

			`INFO("iSulad tmpdir: %s does not meet security requirements, recreate it", isulad_tmp_dir);`
			`- return recreate_tmpdir(cleanpath);`
			`+ return recreate_tmpdir(tmp_dir);`
			`}`

			`static int ensure_isulad_tmpdir_security()`
			`diff --git a/src/daemon/modules/container/leftover_cleanup/cleanup.c b/src/daemon/modules/container/leftover_cleanup/cleanup.c`
			`index b78a4d15..08151f42 100644`
			`--- a/src/daemon/modules/container/leftover_cleanup/cleanup.c`
			`+++ b/src/daemon/modules/container/leftover_cleanup/cleanup.c`
			`@@ -175,22 +175,22 @@ static void cleanup_path(char *dir)`
			`char tmp_dir[PATH_MAX] = { 0 };`
			`char cleanpath[PATH_MAX] = { 0 };`

			`- nret = snprintf(tmp_dir, PATH_MAX, "%s/isulad_tmpdir", dir);`
			`- if (nret < 0 \|\| (size_t)nret >= PATH_MAX) {`
			`- ERROR("Failed to snprintf");`
			`+ if (realpath(dir, cleanpath) == NULL) {`
			`+ ERROR("get real path for %s failed", tmp_dir);`
			`return;`
			`}`

			`- if (util_clean_path(tmp_dir, cleanpath, sizeof(cleanpath)) == NULL) {`
			`- ERROR("clean path for %s failed", tmp_dir);`
			`+ nret = snprintf(tmp_dir, PATH_MAX, "%s/isulad_tmpdir", cleanpath);`
			`+ if (nret < 0 \|\| (size_t)nret >= PATH_MAX) {`
			`+ ERROR("Failed to snprintf");`
			`return;`
			`}`

			`- if (!util_dir_exists(cleanpath)) {`
			`+ if (!util_dir_exists(tmp_dir)) {`
			`return;`
			`}`

			`- nret = util_scan_subdirs(cleanpath, walk_isulad_tmpdir_cb, NULL);`
			`+ nret = util_scan_subdirs(tmp_dir, walk_isulad_tmpdir_cb, NULL);`
			`if (nret != 0) {`
			`ERROR("failed to scan isulad tmp subdirs");`
			`}`
			`diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c`
			`index 0a7309c9..e4c302bc 100644`
			`--- a/src/utils/tar/util_archive.c`
			`+++ b/src/utils/tar/util_archive.c`
			`@@ -218,18 +218,18 @@ static int make_safedir_is_noexec(const char flock_path, const char dstdir, ch`
			`isulad_tmpdir_env = DEFAULT_ISULAD_TMPDIR;`
			`}`

			`- nret = snprintf(isula_tmpdir, PATH_MAX, "%s/isulad_tmpdir", isulad_tmpdir_env);`
			`- if (nret < 0 \|\| (size_t)nret >= PATH_MAX) {`
			`- ERROR("Failed to snprintf");`
			`+ if (realpath(isulad_tmpdir_env, cleanpath) == NULL) {`
			`+ ERROR("Failed to get real path for %s", isula_tmpdir);`
			`return -1;`
			`}`

			`- if (util_clean_path(isula_tmpdir, cleanpath, sizeof(cleanpath)) == NULL) {`
			`- ERROR("clean path for %s failed", isula_tmpdir);`
			`+ nret = snprintf(isula_tmpdir, PATH_MAX, "%s/isulad_tmpdir", cleanpath);`
			`+ if (nret < 0 \|\| (size_t)nret >= PATH_MAX) {`
			`+ ERROR("Failed to snprintf");`
			`return -1;`
			`}`

			`- nret = snprintf(tmp_dir, PATH_MAX, "%s/tar-chroot-XXXXXX", cleanpath);`
			`+ nret = snprintf(tmp_dir, PATH_MAX, "%s/tar-chroot-XXXXXX", isula_tmpdir);`
			`if (nret < 0 \|\| (size_t)nret >= PATH_MAX) {`
			`ERROR("Failed to snprintf string");`
			`return -1;`
			`@@ -247,7 +247,7 @@ static int make_safedir_is_noexec(const char flock_path, const char dstdir, ch`
			`}`

			`// ensure parent dir is exist`
			`- if (util_mkdir_p(cleanpath, ISULAD_TEMP_DIRECTORY_MODE) != 0) {`
			`+ if (util_mkdir_p(isula_tmpdir, ISULAD_TEMP_DIRECTORY_MODE) != 0) {`
			`return -1;`
			`}`

			`--`
			`2.25.1`