From 240929c0e4cadb3083ac893696da7f9ea6488df6 Mon Sep 17 00:00:00 2001 From: haozi007 Date: Tue, 9 Aug 2022 11:43:54 +0800 Subject: [PATCH] sync from openeuler iSulad 1. bug fix; 2. improve health check; 3. ensure read call for string; Signed-off-by: haozi007 --- 0001-do-not-use-tmpfile.patch | 2 +- 0002-use-only-TLS-v1.2-or-later.patch | 2 +- ...eable-dirs-if-user-set-mount-for-dev.patch | 3 +- ...te-arch-unspecified-seccomp-profiles.patch | 2 +- ...CI-test-case-checking-seccomp-option.patch | 2 +- ...ach-when-stdout-and-stderr-are-false.patch | 2 +- ...-quota-out-of-range-when-update-to-1.patch | 49 ++++++ ...ck-monitor-before-stopping-container.patch | 146 ++++++++++++++++++ 0009-set-dup_option-null-after-free.patch | 25 +++ ...ring-must-have-space-store-null-char.patch | 136 ++++++++++++++++ 0011-remove-unused-include-files.patch | 50 ++++++ 0012-fix-lose-override-flag.patch | 25 +++ ...cute-permissions-for-libhttpclient.s.patch | 38 +++++ ...uest_to_rest-forgot-to-handle-suffix.patch | 27 ++++ 0015-add-fuzz-dict.patch | 29 ++++ iSulad.spec | 17 +- 16 files changed, 548 insertions(+), 7 deletions(-) create mode 100644 0007-fix-cpu-quota-out-of-range-when-update-to-1.patch create mode 100644 0008-stop-health-check-monitor-before-stopping-container.patch create mode 100644 0009-set-dup_option-null-after-free.patch create mode 100644 0010-ensure-read-string-must-have-space-store-null-char.patch create mode 100644 0011-remove-unused-include-files.patch create mode 100644 0012-fix-lose-override-flag.patch create mode 100644 0013-Add-read-and-execute-permissions-for-libhttpclient.s.patch create mode 100644 0014-fix-exec_request_to_rest-forgot-to-handle-suffix.patch create mode 100644 0015-add-fuzz-dict.patch diff --git a/0001-do-not-use-tmpfile.patch b/0001-do-not-use-tmpfile.patch index 4a35bc9..30ec977 100644 --- a/0001-do-not-use-tmpfile.patch +++ b/0001-do-not-use-tmpfile.patch @@ -1,7 +1,7 @@ From 2e404b3aa5fcea87a905fbd7ff3465b6135b701e Mon Sep 17 00:00:00 2001 From: WangFengTu Date: Wed, 20 Jul 2022 14:26:58 +0800 -Subject: [PATCH 1/6] do not use tmpfile() +Subject: [PATCH 01/15] do not use tmpfile() Signed-off-by: WangFengTu --- diff --git a/0002-use-only-TLS-v1.2-or-later.patch b/0002-use-only-TLS-v1.2-or-later.patch index 85eb719..56df6fd 100644 --- a/0002-use-only-TLS-v1.2-or-later.patch +++ b/0002-use-only-TLS-v1.2-or-later.patch @@ -1,7 +1,7 @@ From 025d2c2dad2786eda40f2367cdd727a36b8249df Mon Sep 17 00:00:00 2001 From: WangFengTu Date: Thu, 21 Jul 2022 15:37:07 +0800 -Subject: [PATCH 2/6] use only TLS v1.2 or later +Subject: [PATCH 02/15] use only TLS v1.2 or later Signed-off-by: WangFengTu --- diff --git a/0003-don-t-mount-shareable-dirs-if-user-set-mount-for-dev.patch b/0003-don-t-mount-shareable-dirs-if-user-set-mount-for-dev.patch index 9452843..e4ad6c9 100644 --- a/0003-don-t-mount-shareable-dirs-if-user-set-mount-for-dev.patch +++ b/0003-don-t-mount-shareable-dirs-if-user-set-mount-for-dev.patch @@ -1,7 +1,8 @@ From a475d8da1122af712dbc79dc5d92f1cb95d519f9 Mon Sep 17 00:00:00 2001 From: zhangxiaoyu Date: Mon, 25 Jul 2022 20:31:15 +0800 -Subject: [PATCH 3/6] don't mount shareable dirs if user set mount for dev shm +Subject: [PATCH 03/15] don't mount shareable dirs if user set mount for dev + shm Signed-off-by: zhangxiaoyu --- diff --git a/0004-tolerate-arch-unspecified-seccomp-profiles.patch b/0004-tolerate-arch-unspecified-seccomp-profiles.patch index 27dfced..60ac49a 100644 --- a/0004-tolerate-arch-unspecified-seccomp-profiles.patch +++ b/0004-tolerate-arch-unspecified-seccomp-profiles.patch @@ -1,7 +1,7 @@ From 73e02e66102b3e066d5d6424624461c3024cabe4 Mon Sep 17 00:00:00 2001 From: chengzrz Date: Fri, 29 Jul 2022 14:44:55 +0800 -Subject: [PATCH 4/6] tolerate arch unspecified seccomp profiles +Subject: [PATCH 04/15] tolerate arch unspecified seccomp profiles Signed-off-by: chengzrz --- diff --git a/0005-add-a-CI-test-case-checking-seccomp-option.patch b/0005-add-a-CI-test-case-checking-seccomp-option.patch index 82f3d65..61b7a13 100644 --- a/0005-add-a-CI-test-case-checking-seccomp-option.patch +++ b/0005-add-a-CI-test-case-checking-seccomp-option.patch @@ -1,7 +1,7 @@ From c9c2bb6bfbe2060bdc6af53ca0d752572b21594d Mon Sep 17 00:00:00 2001 From: chengzrz Date: Fri, 29 Jul 2022 14:45:20 +0800 -Subject: [PATCH 5/6] add a CI test case, checking seccomp option +Subject: [PATCH 05/15] add a CI test case, checking seccomp option Signed-off-by: chengzrz --- diff --git a/0006-fix-cri-attach-when-stdout-and-stderr-are-false.patch b/0006-fix-cri-attach-when-stdout-and-stderr-are-false.patch index e5447be..ea520ff 100644 --- a/0006-fix-cri-attach-when-stdout-and-stderr-are-false.patch +++ b/0006-fix-cri-attach-when-stdout-and-stderr-are-false.patch @@ -1,7 +1,7 @@ From 9498a8df59f69acbf75f9aa69fef465350288bb8 Mon Sep 17 00:00:00 2001 From: zhangxiaoyu Date: Mon, 1 Aug 2022 11:20:31 +0800 -Subject: [PATCH 6/6] fix cri attach when stdout and stderr are false +Subject: [PATCH 06/15] fix cri attach when stdout and stderr are false Signed-off-by: zhangxiaoyu --- diff --git a/0007-fix-cpu-quota-out-of-range-when-update-to-1.patch b/0007-fix-cpu-quota-out-of-range-when-update-to-1.patch new file mode 100644 index 0000000..de284ca --- /dev/null +++ b/0007-fix-cpu-quota-out-of-range-when-update-to-1.patch @@ -0,0 +1,49 @@ +From 5174fd2608a25a8f7f4b61be79d125b19fb420f9 Mon Sep 17 00:00:00 2001 +From: "Neil.wrz" +Date: Tue, 26 Jul 2022 02:08:43 -0700 +Subject: [PATCH 07/15] fix cpu-quota out of range when update to -1 + +Signed-off-by: Neil.wrz +--- + src/daemon/modules/runtime/engines/engine.h | 2 +- + src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/daemon/modules/runtime/engines/engine.h b/src/daemon/modules/runtime/engines/engine.h +index 8935f845..95428e0f 100644 +--- a/src/daemon/modules/runtime/engines/engine.h ++++ b/src/daemon/modules/runtime/engines/engine.h +@@ -33,7 +33,7 @@ struct engine_cgroup_resources { + uint64_t blkio_weight; + uint64_t cpu_shares; + uint64_t cpu_period; +- uint64_t cpu_quota; ++ int64_t cpu_quota; + char *cpuset_cpus; + char *cpuset_mems; + uint64_t memory_limit; +diff --git a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c +index dd310091..a2b93b72 100644 +--- a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c ++++ b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c +@@ -518,7 +518,7 @@ static void to_engine_resources(const host_config *hostconfig, struct engine_cgr + cr->blkio_weight = hostconfig->blkio_weight; + cr->cpu_shares = (uint64_t)hostconfig->cpu_shares; + cr->cpu_period = (uint64_t)hostconfig->cpu_period; +- cr->cpu_quota = (uint64_t)hostconfig->cpu_quota; ++ cr->cpu_quota = hostconfig->cpu_quota; + cr->cpuset_cpus = hostconfig->cpuset_cpus; + cr->cpuset_mems = hostconfig->cpuset_mems; + cr->memory_limit = (uint64_t)hostconfig->memory; +@@ -532,7 +532,7 @@ static void to_engine_resources(const host_config *hostconfig, struct engine_cgr + period = (uint64_t)(100 * Time_Milli / Time_Micro); + quota = hostconfig->nano_cpus * (int64_t)period / 1e9; + cr->cpu_period = period; +- cr->cpu_quota = (uint64_t)quota; ++ cr->cpu_quota = quota; + } + } + +-- +2.25.1 + diff --git a/0008-stop-health-check-monitor-before-stopping-container.patch b/0008-stop-health-check-monitor-before-stopping-container.patch new file mode 100644 index 0000000..1d6d498 --- /dev/null +++ b/0008-stop-health-check-monitor-before-stopping-container.patch @@ -0,0 +1,146 @@ +From b8fd21e636b643fe9f257a77808d53b067f3d105 Mon Sep 17 00:00:00 2001 +From: songbuhuang <544824346@qq.com> +Date: Wed, 3 Aug 2022 16:06:16 +0800 +Subject: [PATCH 08/15] stop health check monitor before stopping container + +Signed-off-by: songbuhuang <544824346@qq.com> +--- + src/daemon/executor/container_cb/execution.c | 2 -- + src/daemon/executor/container_cb/execution_extend.c | 2 +- + src/daemon/modules/api/container_api.h | 2 +- + .../modules/container/health_check/health_check.c | 12 ++---------- + src/daemon/modules/service/service_container.c | 3 +++ + test/mocks/health_check_mock.cc | 4 ++-- + test/mocks/health_check_mock.h | 2 +- + .../execute/execution_extend/execution_extend_ut.cc | 2 +- + 8 files changed, 11 insertions(+), 18 deletions(-) + +diff --git a/src/daemon/executor/container_cb/execution.c b/src/daemon/executor/container_cb/execution.c +index edc8b42e..68d0d8d6 100644 +--- a/src/daemon/executor/container_cb/execution.c ++++ b/src/daemon/executor/container_cb/execution.c +@@ -676,8 +676,6 @@ static int container_stop_cb(const container_stop_request *request, container_st + goto pack_response; + } + +- container_stop_health_checks(id); +- + if (stop_container(cont, timeout, force, false)) { + cc = ISULAD_ERR_EXEC; + container_state_set_error(cont->state, (const char *)g_isulad_errmsg); +diff --git a/src/daemon/executor/container_cb/execution_extend.c b/src/daemon/executor/container_cb/execution_extend.c +index 9c2a213b..b0da705e 100644 +--- a/src/daemon/executor/container_cb/execution_extend.c ++++ b/src/daemon/executor/container_cb/execution_extend.c +@@ -715,7 +715,7 @@ static int do_pause_container(container_t *cont) + params.rootpath = cont->root_path; + params.state = cont->state_path; + +- container_stop_health_checks(cont->common_config->id); ++ container_stop_health_checks(cont); + + if (runtime_pause(id, cont->runtime, ¶ms)) { + container_update_health_monitor(cont->common_config->id); +diff --git a/src/daemon/modules/api/container_api.h b/src/daemon/modules/api/container_api.h +index 1140d4d5..ed97633f 100644 +--- a/src/daemon/modules/api/container_api.h ++++ b/src/daemon/modules/api/container_api.h +@@ -254,7 +254,7 @@ extern char *container_exit_fifo_create(const char *cont_state_path); + extern int container_exit_fifo_open(const char *cont_exit_fifo); + + void container_init_health_monitor(const char *id); +-void container_stop_health_checks(const char *container_id); ++void container_stop_health_checks(container_t *cont); + + bool container_is_in_gc_progress(const char *id); + +diff --git a/src/daemon/modules/container/health_check/health_check.c b/src/daemon/modules/container/health_check/health_check.c +index b2feee91..273d3531 100644 +--- a/src/daemon/modules/container/health_check/health_check.c ++++ b/src/daemon/modules/container/health_check/health_check.c +@@ -182,23 +182,15 @@ static void close_health_check_monitor(container_t *cont) + + // Called when the container is being stopped (whether because the health check is + // failing or for any other reason). +-void container_stop_health_checks(const char *container_id) ++void container_stop_health_checks(container_t *cont) + { +- container_t *cont = NULL; +- +- if (container_id == NULL) { +- return; +- } +- +- cont = containers_store_get(container_id); + if (cont == NULL) { +- ERROR("Failed to get container info"); + return; + } ++ + if (cont->state != NULL && cont->state->state != NULL && cont->state->state->health != NULL) { + close_health_check_monitor(cont); + } +- container_unref(cont); + } + + /* health check manager free */ +diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c +index a9b14043..2f688f57 100644 +--- a/src/daemon/modules/service/service_container.c ++++ b/src/daemon/modules/service/service_container.c +@@ -1401,6 +1401,9 @@ int stop_container(container_t *cont, int timeout, bool force, bool restart) + ret = -1; + goto out; + } ++ ++ container_stop_health_checks(cont); ++ + // set AutoRemove flag to false before stop so the container won't be + // removed during restart process + if (restart) { +diff --git a/test/mocks/health_check_mock.cc b/test/mocks/health_check_mock.cc +index eab18be7..5e2f210b 100644 +--- a/test/mocks/health_check_mock.cc ++++ b/test/mocks/health_check_mock.cc +@@ -32,10 +32,10 @@ void container_update_health_monitor(const char *container_id) + return; + } + +-void container_stop_health_checks(const char *container_id) ++void container_stop_health_checks(container_t *cont) + { + if (g_health_check_mock != nullptr) { +- return g_health_check_mock->ContainerStopHealthCheck(container_id); ++ return g_health_check_mock->ContainerStopHealthCheck(cont); + } + return; + } +diff --git a/test/mocks/health_check_mock.h b/test/mocks/health_check_mock.h +index ab8e20b0..29dad8ca 100644 +--- a/test/mocks/health_check_mock.h ++++ b/test/mocks/health_check_mock.h +@@ -22,7 +22,7 @@ + class MockHealthCheck { + public: + MOCK_METHOD1(UpdateHealthMonitor, void(const char *container_id)); +- MOCK_METHOD1(ContainerStopHealthCheck, void(const char *container_id)); ++ MOCK_METHOD1(ContainerStopHealthCheck, void(container_t *cont)); + }; + + void MockHealthCheck_SetMock(MockHealthCheck* mock); +diff --git a/test/services/execution/execute/execution_extend/execution_extend_ut.cc b/test/services/execution/execute/execution_extend/execution_extend_ut.cc +index 03872340..e4e6d8d4 100644 +--- a/test/services/execution/execute/execution_extend/execution_extend_ut.cc ++++ b/test/services/execution/execute/execution_extend/execution_extend_ut.cc +@@ -204,7 +204,7 @@ void invokeStateSetPaused(container_state_t *s) + return; + } + +-void invokeContainerStopHealthCheck(const char *container_id) ++void invokeContainerStopHealthCheck(container_t *cont) + { + return; + } +-- +2.25.1 + diff --git a/0009-set-dup_option-null-after-free.patch b/0009-set-dup_option-null-after-free.patch new file mode 100644 index 0000000..e7775fe --- /dev/null +++ b/0009-set-dup_option-null-after-free.patch @@ -0,0 +1,25 @@ +From 3d8258777c2265ea00c9fe13a11d37d0b3320e4c Mon Sep 17 00:00:00 2001 +From: zhangxiaoyu +Date: Fri, 5 Aug 2022 14:37:38 +0800 +Subject: [PATCH 09/15] set dup_option null after free + +Signed-off-by: zhangxiaoyu +--- + .../oci/storage/layer_store/graphdriver/devmapper/deviceset.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c +index a0e749dd..10c7fafd 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c +@@ -239,6 +239,7 @@ static int devmapper_parse_options(struct device_set *devset, const char **optio + } + + free(dup_option); ++ dup_option = NULL; + } + + out: +-- +2.25.1 + diff --git a/0010-ensure-read-string-must-have-space-store-null-char.patch b/0010-ensure-read-string-must-have-space-store-null-char.patch new file mode 100644 index 0000000..2868baf --- /dev/null +++ b/0010-ensure-read-string-must-have-space-store-null-char.patch @@ -0,0 +1,136 @@ +From 6e0b890c16d851bd29009b8a778234ce9e82339e Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Mon, 8 Aug 2022 16:46:22 +0800 +Subject: [PATCH 10/15] ensure read string must have space store null char + +Signed-off-by: haozi007 +--- + src/cmd/isulad-shim/process.c | 2 +- + src/daemon/entry/cri/sysctl_tools.c | 4 ++-- + src/daemon/modules/runtime/isula/isula_rt_ops.c | 2 +- + src/daemon/modules/runtime/shim/shim_rt_ops.c | 8 ++++---- + src/utils/tar/util_archive.c | 4 ++-- + src/utils/tar/util_gzip.c | 2 +- + 6 files changed, 11 insertions(+), 11 deletions(-) + +diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c +index cb859920..4d665b26 100644 +--- a/src/cmd/isulad-shim/process.c ++++ b/src/cmd/isulad-shim/process.c +@@ -1166,7 +1166,7 @@ int create_process(process_t *p) + close_fd(&p->stdio->err); + close_fd(&p->stdio->resize); + } +- nread = read_nointr(exec_fd[0], exec_buff, sizeof(exec_buff)); ++ nread = read_nointr(exec_fd[0], exec_buff, sizeof(exec_buff) - 1); + if (nread > 0) { + write_message(g_log_fd, ERR_MSG, "runtime error"); + ret = SHIM_ERR; +diff --git a/src/daemon/entry/cri/sysctl_tools.c b/src/daemon/entry/cri/sysctl_tools.c +index 9883f9ff..257ccf8f 100644 +--- a/src/daemon/entry/cri/sysctl_tools.c ++++ b/src/daemon/entry/cri/sysctl_tools.c +@@ -31,7 +31,7 @@ int get_sysctl(const char *sysctl, char **err) + int fd = -1; + ssize_t rsize; + char fullpath[PATH_MAX] = { 0 }; +- char buff[MAX_BUFFER_SIZE] = { 0 }; ++ char buff[MAX_BUFFER_SIZE + 1] = { 0 }; + + ret = snprintf(fullpath, PATH_MAX, "%s/%s", SYSCTL_BASE, sysctl); + if (ret < 0 || ret >= PATH_MAX) { +@@ -46,7 +46,7 @@ int get_sysctl(const char *sysctl, char **err) + } + goto free_out; + } +- rsize = util_read_nointr(fd, buff, MAX_BUFFER_SIZE); ++ rsize = util_read_nointr(fd, buff, sizeof(buff) - 1); + if (rsize <= 0) { + if (asprintf(err, "Read file failed: %s", strerror(errno)) < 0) { + *err = util_strdup_s("Out of memory"); +diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c +index 42f1cda6..2ccdde2e 100644 +--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c ++++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c +@@ -712,7 +712,7 @@ realexec: + } + + close(exec_fd[1]); +- num = util_read_nointr(exec_fd[0], exec_buff, sizeof(exec_buff)); ++ num = util_read_nointr(exec_fd[0], exec_buff, sizeof(exec_buff) - 1); + close(exec_fd[0]); + if (num > 0) { + ERROR("exec failed: %s", exec_buff); +diff --git a/src/daemon/modules/runtime/shim/shim_rt_ops.c b/src/daemon/modules/runtime/shim/shim_rt_ops.c +index 21d339e5..9c9446a8 100644 +--- a/src/daemon/modules/runtime/shim/shim_rt_ops.c ++++ b/src/daemon/modules/runtime/shim/shim_rt_ops.c +@@ -110,7 +110,7 @@ static int shim_bin_v2_create(const char *runtime, const char *id, const char *w + int err_fd[2] = {-1, -1}; + int out_fd[2] = {-1, -1}; + char exec_buff[BUFSIZ + 1] = {0}; +- char stdout_buff[PATH_MAX] = {0}; ++ char stdout_buff[PATH_MAX + 1] = {0}; + char stderr_buff[BUFSIZ + 1] = {0}; + + +@@ -186,7 +186,7 @@ static int shim_bin_v2_create(const char *runtime, const char *id, const char *w + } + + close(exec_fd[1]); +- if (util_read_nointr(exec_fd[0], exec_buff, sizeof(exec_buff)) > 0) { ++ if (util_read_nointr(exec_fd[0], exec_buff, sizeof(exec_buff) - 1) > 0) { + ERROR("exec failed: %s", exec_buff); + ret = -1; + goto out; +@@ -203,10 +203,10 @@ static int shim_bin_v2_create(const char *runtime, const char *id, const char *w + status = status_to_exit_code(status); + + close(out_fd[1]); +- util_read_nointr(out_fd[0], stdout_buff, sizeof(stdout_buff)); ++ util_read_nointr(out_fd[0], stdout_buff, sizeof(stdout_buff) - 1); + close(out_fd[0]); + close(err_fd[1]); +- util_read_nointr(err_fd[0], stderr_buff, sizeof(stderr_buff)); ++ util_read_nointr(err_fd[0], stderr_buff, sizeof(stderr_buff) - 1); + close(err_fd[0]); + + if (status != 0) { +diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c +index 1128b947..da814c94 100644 +--- a/src/utils/tar/util_archive.c ++++ b/src/utils/tar/util_archive.c +@@ -596,7 +596,7 @@ int archive_unpack(const struct io_read_wrapper *content, const char *dstdir, co + pid_t pid = -1; + int keepfds[] = { -1, -1, -1 }; + int pipe_stderr[2] = { -1, -1 }; +- char errbuf[BUFSIZ] = { 0 }; ++ char errbuf[BUFSIZ + 1] = { 0 }; + + if (pipe2(pipe_stderr, O_CLOEXEC) != 0) { + ERROR("Failed to create pipe"); +@@ -980,7 +980,7 @@ int archive_chroot_tar(char *path, char *file, char **errmsg) + pid_t pid; + int pipe_for_read[2] = { -1, -1 }; + int keepfds[] = { -1, -1 }; +- char errbuf[BUFSIZ] = { 0 }; ++ char errbuf[BUFSIZ + 1] = { 0 }; + int fd = 0; + + if (pipe2(pipe_for_read, O_CLOEXEC) != 0) { +diff --git a/src/utils/tar/util_gzip.c b/src/utils/tar/util_gzip.c +index 9b17e9d7..5c34d719 100644 +--- a/src/utils/tar/util_gzip.c ++++ b/src/utils/tar/util_gzip.c +@@ -203,7 +203,7 @@ int gzip(const char *filename, size_t len) + } + + ssize_t size_read = 0; +- char buffer[BUFSIZ] = { 0 }; ++ char buffer[BUFSIZ + 1] = { 0 }; + + close(pipefd[1]); + +-- +2.25.1 + diff --git a/0011-remove-unused-include-files.patch b/0011-remove-unused-include-files.patch new file mode 100644 index 0000000..69e159d --- /dev/null +++ b/0011-remove-unused-include-files.patch @@ -0,0 +1,50 @@ +From 448e4c5b0327916c05d8354e4e99565de7a8129d Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Tue, 9 Aug 2022 14:36:33 +0800 +Subject: [PATCH 11/15] remove unused include files + +Signed-off-by: haozi007 +--- + .../storage/layer_store/graphdriver/quota/project_quota.h | 1 - + src/utils/cutils/utils_network.c | 7 ------- + 2 files changed, 8 deletions(-) + +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.h b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.h +index 2aae6bcd..94230faa 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.h ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.h +@@ -35,7 +35,6 @@ + #include + #include + #include +-#include + #include + #include + #include +diff --git a/src/utils/cutils/utils_network.c b/src/utils/cutils/utils_network.c +index 5192d06f..c77edc3c 100644 +--- a/src/utils/cutils/utils_network.c ++++ b/src/utils/cutils/utils_network.c +@@ -18,19 +18,12 @@ + #include "utils_network.h" + + #include +-#include + #include + #include + #include +-#include +-#include + #include +-#include + + #include "utils.h" +-#include "utils_fs.h" +-#include "utils_file.h" +-#include "constants.h" + + int util_create_netns_file(const char *netns_path) + { +-- +2.25.1 + diff --git a/0012-fix-lose-override-flag.patch b/0012-fix-lose-override-flag.patch new file mode 100644 index 0000000..3cdec2a --- /dev/null +++ b/0012-fix-lose-override-flag.patch @@ -0,0 +1,25 @@ +From ec627e1564baf4e77311c917bde9bddf23b63b9b Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Wed, 10 Aug 2022 17:40:36 +0800 +Subject: [PATCH 12/15] fix lose override flag + +Signed-off-by: haozi007 +--- + src/daemon/entry/cri/websocket/service/exec_serve.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/daemon/entry/cri/websocket/service/exec_serve.h b/src/daemon/entry/cri/websocket/service/exec_serve.h +index 65ee6b3a..3f84e0c8 100644 +--- a/src/daemon/entry/cri/websocket/service/exec_serve.h ++++ b/src/daemon/entry/cri/websocket/service/exec_serve.h +@@ -37,6 +37,6 @@ private: + virtual void *SetContainerStreamRequest(::google::protobuf::Message *grequest, const std::string &suffix) override; + virtual int ExecuteStreamCommand(SessionData *lwsCtx, void *request) override; + virtual void CloseConnect(SessionData *lwsCtx) override; +- virtual void FreeRequest(void *m_request); ++ virtual void FreeRequest(void *m_request) override; + }; + #endif // DAEMON_ENTRY_CRI_WEBSOCKET_SERVICE_EXEC_SERVE_H +-- +2.25.1 + diff --git a/0013-Add-read-and-execute-permissions-for-libhttpclient.s.patch b/0013-Add-read-and-execute-permissions-for-libhttpclient.s.patch new file mode 100644 index 0000000..c2e0172 --- /dev/null +++ b/0013-Add-read-and-execute-permissions-for-libhttpclient.s.patch @@ -0,0 +1,38 @@ +From e524923aeeeb96f999dd153ea51f778289fade52 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Fri, 12 Aug 2022 17:17:44 +0800 +Subject: [PATCH 13/15] Add read and execute permissions for libhttpclient.so + and libisulad_tools.so for other users, so that non-root users who join the + isula group can use the isula command normally + +--- + src/CMakeLists.txt | 2 +- + src/utils/http/CMakeLists.txt | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt +index b8843f16..65bcb978 100644 +--- a/src/CMakeLists.txt ++++ b/src/CMakeLists.txt +@@ -197,7 +197,7 @@ endif() + + # ------ install binary -------- + install(TARGETS libisulad_tools +- ${INSTALL_TYPE} DESTINATION ${LIB_INSTALL_DIR_DEFAULT} PERMISSIONS OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE) ++ ${INSTALL_TYPE} DESTINATION ${LIB_INSTALL_DIR_DEFAULT} PERMISSIONS OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) + install(TARGETS libisula + ${INSTALL_TYPE} DESTINATION ${LIB_INSTALL_DIR_DEFAULT} PERMISSIONS OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) + install(TARGETS isula +diff --git a/src/utils/http/CMakeLists.txt b/src/utils/http/CMakeLists.txt +index 0937cfab..ad7d0747 100644 +--- a/src/utils/http/CMakeLists.txt ++++ b/src/utils/http/CMakeLists.txt +@@ -29,4 +29,4 @@ if (ISULAD_GCOV) + endif() + + install(TARGETS libhttpclient +- ${INSTALL_TYPE} DESTINATION ${LIB_INSTALL_DIR_DEFAULT} PERMISSIONS OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE) ++ ${INSTALL_TYPE} DESTINATION ${LIB_INSTALL_DIR_DEFAULT} PERMISSIONS OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) +-- +2.25.1 + diff --git a/0014-fix-exec_request_to_rest-forgot-to-handle-suffix.patch b/0014-fix-exec_request_to_rest-forgot-to-handle-suffix.patch new file mode 100644 index 0000000..fa13a5d --- /dev/null +++ b/0014-fix-exec_request_to_rest-forgot-to-handle-suffix.patch @@ -0,0 +1,27 @@ +From dfcd1cbd6403af11d7afed96b0c8e3ca292722f9 Mon Sep 17 00:00:00 2001 +From: "Neil.wrz" +Date: Fri, 12 Aug 2022 15:30:50 -0700 +Subject: [PATCH 14/15] fix exec_request_to_rest forgot to handle suffix + +Signed-off-by: Neil.wrz +--- + src/client/connect/rest/rest_containers_client.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/client/connect/rest/rest_containers_client.c b/src/client/connect/rest/rest_containers_client.c +index 7e549339..dfa20c75 100644 +--- a/src/client/connect/rest/rest_containers_client.c ++++ b/src/client/connect/rest/rest_containers_client.c +@@ -1620,6 +1620,9 @@ static int exec_request_to_rest(const struct isula_exec_request *le_request, cha + if (le_request->stderr != NULL) { + crequest->stderr = util_strdup_s(le_request->stderr); + } ++ if (le_request->suffix != NULL) { ++ crequest->suffix = util_strdup_s(le_request->suffix); ++ } + + int i = 0; + if (le_request->argc > 0) { +-- +2.25.1 + diff --git a/0015-add-fuzz-dict.patch b/0015-add-fuzz-dict.patch new file mode 100644 index 0000000..f863d85 --- /dev/null +++ b/0015-add-fuzz-dict.patch @@ -0,0 +1,29 @@ +From 13c9523f3f69bafc62be8465dea235bdc7e6df4f Mon Sep 17 00:00:00 2001 +From: WangFengTu +Date: Thu, 11 Aug 2022 20:30:48 +0800 +Subject: [PATCH 15/15] add fuzz dict + +Signed-off-by: WangFengTu +--- + test/fuzz/dict/test_volume_mount_spec_fuzz.dict | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/test/fuzz/dict/test_volume_mount_spec_fuzz.dict b/test/fuzz/dict/test_volume_mount_spec_fuzz.dict +index 8ef79c0b..39ae41df 100644 +--- a/test/fuzz/dict/test_volume_mount_spec_fuzz.dict ++++ b/test/fuzz/dict/test_volume_mount_spec_fuzz.dict +@@ -31,4 +31,11 @@ + "bind-selinux-opts" + "selinux-opts" + "volume-nocopy" ++"volume-nocopy=true" ++"volume-nocopy=false" + "empty" ++"type=bind,src=/bind,dst=/bind,volume-nocopy=true,volume-nocopy=true" ++"type=bind,src=/bind,dst=/bind" ++"type=tmpfs,dst=/tmpfs,volume-nocopy=true" ++"type=squashfs,src=/bind,dst=/tmpfs" ++"type=squashfs,src=/,dst=/tmpfs" +-- +2.25.1 + diff --git a/iSulad.spec b/iSulad.spec index f0706b3..6c702ca 100644 --- a/iSulad.spec +++ b/iSulad.spec @@ -1,5 +1,5 @@ %global _version 2.0.15 -%global _release 2 +%global _release 3 %global is_systemd 1 %global enable_shimv2 1 %global is_embedded 1 @@ -19,6 +19,15 @@ Patch6002: 0003-don-t-mount-shareable-dirs-if-user-set-mount-for-dev.patch Patch6003: 0004-tolerate-arch-unspecified-seccomp-profiles.patch Patch6004: 0005-add-a-CI-test-case-checking-seccomp-option.patch Patch6005: 0006-fix-cri-attach-when-stdout-and-stderr-are-false.patch +Patch6006: 0007-fix-cpu-quota-out-of-range-when-update-to-1.patch +Patch6007: 0008-stop-health-check-monitor-before-stopping-container.patch +Patch6008: 0009-set-dup_option-null-after-free.patch +Patch6009: 0010-ensure-read-string-must-have-space-store-null-char.patch +Patch6010: 0011-remove-unused-include-files.patch +Patch6011: 0012-fix-lose-override-flag.patch +Patch6012: 0013-Add-read-and-execute-permissions-for-libhttpclient.s.patch +Patch6013: 0014-fix-exec_request_to_rest-forgot-to-handle-suffix.patch +Patch6014: 0015-add-fuzz-dict.patch %ifarch x86_64 aarch64 Provides: libhttpclient.so()(64bit) @@ -246,6 +255,12 @@ fi %endif %changelog +* Tue Aug 9 2022 haozi007 - 2.0.15-3 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: sycn patches from openeuler + * Mon Aug 1 2022 chengzeruizhi - 2.0.15-2 - Type: enhancement - ID: NA