!399 sync from openeuler iSulad

From: @duguhaotian Reviewed-by: @jingwoo, @wangfengtu Signed-off-by: @jingwoo
2022-08-13 08:30:17 +00:00 · 2022-08-13 08:30:17 +00:00 · 06b139857e
commit 06b139857e
parent aadb3ab253 240929c0e4
16 changed files with 548 additions and 7 deletions
--- a/0001-do-not-use-tmpfile.patch
+++ b/0001-do-not-use-tmpfile.patch
@ -1,7 +1,7 @@
 From 2e404b3aa5fcea87a905fbd7ff3465b6135b701e Mon Sep 17 00:00:00 2001
 From: WangFengTu <wangfengtu@huawei.com>
 Date: Wed, 20 Jul 2022 14:26:58 +0800
-Subject: [PATCH 1/6] do not use tmpfile()
+Subject: [PATCH 01/15] do not use tmpfile()
 Signed-off-by: WangFengTu <wangfengtu@huawei.com>
 ---
--- a/0002-use-only-TLS-v1.2-or-later.patch
+++ b/0002-use-only-TLS-v1.2-or-later.patch
@ -1,7 +1,7 @@
 From 025d2c2dad2786eda40f2367cdd727a36b8249df Mon Sep 17 00:00:00 2001
 From: WangFengTu <wangfengtu@huawei.com>
 Date: Thu, 21 Jul 2022 15:37:07 +0800
-Subject: [PATCH 2/6] use only TLS v1.2 or later
+Subject: [PATCH 02/15] use only TLS v1.2 or later
 Signed-off-by: WangFengTu <wangfengtu@huawei.com>
 ---
--- a/0003-don-t-mount-shareable-dirs-if-user-set-mount-for-dev.patch
+++ b/0003-don-t-mount-shareable-dirs-if-user-set-mount-for-dev.patch
@ -1,7 +1,8 @@
 From a475d8da1122af712dbc79dc5d92f1cb95d519f9 Mon Sep 17 00:00:00 2001
 From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
 Date: Mon, 25 Jul 2022 20:31:15 +0800
-Subject: [PATCH 3/6] don't mount shareable dirs if user set mount for dev shm
+Subject: [PATCH 03/15] don't mount shareable dirs if user set mount for dev
 shm
 Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
 ---
--- a/0004-tolerate-arch-unspecified-seccomp-profiles.patch
+++ b/0004-tolerate-arch-unspecified-seccomp-profiles.patch
@ -1,7 +1,7 @@
 From 73e02e66102b3e066d5d6424624461c3024cabe4 Mon Sep 17 00:00:00 2001
 From: chengzrz <czrzrichard@gmail.com>
 Date: Fri, 29 Jul 2022 14:44:55 +0800
-Subject: [PATCH 4/6] tolerate arch unspecified seccomp profiles
+Subject: [PATCH 04/15] tolerate arch unspecified seccomp profiles
 Signed-off-by: chengzrz <czrzrichard@gmail.com>
 ---
--- a/0005-add-a-CI-test-case-checking-seccomp-option.patch
+++ b/0005-add-a-CI-test-case-checking-seccomp-option.patch
@ -1,7 +1,7 @@
 From c9c2bb6bfbe2060bdc6af53ca0d752572b21594d Mon Sep 17 00:00:00 2001
 From: chengzrz <czrzrichard@gmail.com>
 Date: Fri, 29 Jul 2022 14:45:20 +0800
-Subject: [PATCH 5/6] add a CI test case, checking seccomp option
+Subject: [PATCH 05/15] add a CI test case, checking seccomp option
 Signed-off-by: chengzrz <czrzrichard@gmail.com>
 ---
--- a/0006-fix-cri-attach-when-stdout-and-stderr-are-false.patch
+++ b/0006-fix-cri-attach-when-stdout-and-stderr-are-false.patch
@ -1,7 +1,7 @@
 From 9498a8df59f69acbf75f9aa69fef465350288bb8 Mon Sep 17 00:00:00 2001
 From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
 Date: Mon, 1 Aug 2022 11:20:31 +0800
-Subject: [PATCH 6/6] fix cri attach when stdout and stderr are false
+Subject: [PATCH 06/15] fix cri attach when stdout and stderr are false
 Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
 ---
--- a/0007-fix-cpu-quota-out-of-range-when-update-to-1.patch
+++ b/0007-fix-cpu-quota-out-of-range-when-update-to-1.patch
@ -0,0 +1,49 @@
 From 5174fd2608a25a8f7f4b61be79d125b19fb420f9 Mon Sep 17 00:00:00 2001
 From: "Neil.wrz" <wangrunze13@huawei.com>
 Date: Tue, 26 Jul 2022 02:08:43 -0700
 Subject: [PATCH 07/15] fix cpu-quota out of range when update to -1
 Signed-off-by: Neil.wrz <wangrunze13@huawei.com>
 ---
 src/daemon/modules/runtime/engines/engine.h         | 2 +-
 src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)
 diff --git a/src/daemon/modules/runtime/engines/engine.h b/src/daemon/modules/runtime/engines/engine.h
 index 8935f845..95428e0f 100644
 --- a/src/daemon/modules/runtime/engines/engine.h
 +++ b/src/daemon/modules/runtime/engines/engine.h
@@ -33,7 +33,7 @@ struct engine_cgroup_resources {
     uint64_t blkio_weight;
     uint64_t cpu_shares;
     uint64_t cpu_period;
 -    uint64_t cpu_quota;
 +    int64_t cpu_quota;
     char *cpuset_cpus;
     char *cpuset_mems;
     uint64_t memory_limit;
 diff --git a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
 index dd310091..a2b93b72 100644
 --- a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
 +++ b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
@@ -518,7 +518,7 @@ static void to_engine_resources(const host_config *hostconfig, struct engine_cgr
     cr->blkio_weight = hostconfig->blkio_weight;
     cr->cpu_shares = (uint64_t)hostconfig->cpu_shares;
     cr->cpu_period = (uint64_t)hostconfig->cpu_period;
 -    cr->cpu_quota = (uint64_t)hostconfig->cpu_quota;
 +    cr->cpu_quota = hostconfig->cpu_quota;
     cr->cpuset_cpus = hostconfig->cpuset_cpus;
     cr->cpuset_mems = hostconfig->cpuset_mems;
     cr->memory_limit = (uint64_t)hostconfig->memory;
@@ -532,7 +532,7 @@ static void to_engine_resources(const host_config *hostconfig, struct engine_cgr
         period = (uint64_t)(100 * Time_Milli / Time_Micro);
         quota = hostconfig->nano_cpus * (int64_t)period / 1e9;
         cr->cpu_period = period;
 -        cr->cpu_quota = (uint64_t)quota;
 +        cr->cpu_quota = quota;
     }
 }
 -- 
 2.25.1
--- a/0008-stop-health-check-monitor-before-stopping-container.patch
+++ b/0008-stop-health-check-monitor-before-stopping-container.patch
@ -0,0 +1,146 @@
 From b8fd21e636b643fe9f257a77808d53b067f3d105 Mon Sep 17 00:00:00 2001
 From: songbuhuang <544824346@qq.com>
 Date: Wed, 3 Aug 2022 16:06:16 +0800
 Subject: [PATCH 08/15] stop health check monitor before stopping container
 Signed-off-by: songbuhuang <544824346@qq.com>
 ---
 src/daemon/executor/container_cb/execution.c         |  2 --
 src/daemon/executor/container_cb/execution_extend.c  |  2 +-
 src/daemon/modules/api/container_api.h               |  2 +-
 .../modules/container/health_check/health_check.c    | 12 ++----------
 src/daemon/modules/service/service_container.c       |  3 +++
 test/mocks/health_check_mock.cc                      |  4 ++--
 test/mocks/health_check_mock.h                       |  2 +-
 .../execute/execution_extend/execution_extend_ut.cc  |  2 +-
 8 files changed, 11 insertions(+), 18 deletions(-)
 diff --git a/src/daemon/executor/container_cb/execution.c b/src/daemon/executor/container_cb/execution.c
 index edc8b42e..68d0d8d6 100644
 --- a/src/daemon/executor/container_cb/execution.c
 +++ b/src/daemon/executor/container_cb/execution.c
@@ -676,8 +676,6 @@ static int container_stop_cb(const container_stop_request *request, container_st
         goto pack_response;
     }
 -    container_stop_health_checks(id);
 -
     if (stop_container(cont, timeout, force, false)) {
         cc = ISULAD_ERR_EXEC;
         container_state_set_error(cont->state, (const char *)g_isulad_errmsg);
 diff --git a/src/daemon/executor/container_cb/execution_extend.c b/src/daemon/executor/container_cb/execution_extend.c
 index 9c2a213b..b0da705e 100644
 --- a/src/daemon/executor/container_cb/execution_extend.c
 +++ b/src/daemon/executor/container_cb/execution_extend.c
@@ -715,7 +715,7 @@ static int do_pause_container(container_t *cont)
     params.rootpath = cont->root_path;
     params.state = cont->state_path;
 -    container_stop_health_checks(cont->common_config->id);
 +    container_stop_health_checks(cont);
     if (runtime_pause(id, cont->runtime, &params)) {
         container_update_health_monitor(cont->common_config->id);
 diff --git a/src/daemon/modules/api/container_api.h b/src/daemon/modules/api/container_api.h
 index 1140d4d5..ed97633f 100644
 --- a/src/daemon/modules/api/container_api.h
 +++ b/src/daemon/modules/api/container_api.h
@@ -254,7 +254,7 @@ extern char *container_exit_fifo_create(const char *cont_state_path);
 extern int container_exit_fifo_open(const char *cont_exit_fifo);
 void container_init_health_monitor(const char *id);
 -void container_stop_health_checks(const char *container_id);
 +void container_stop_health_checks(container_t *cont);
 bool container_is_in_gc_progress(const char *id);
 diff --git a/src/daemon/modules/container/health_check/health_check.c b/src/daemon/modules/container/health_check/health_check.c
 index b2feee91..273d3531 100644
 --- a/src/daemon/modules/container/health_check/health_check.c
 +++ b/src/daemon/modules/container/health_check/health_check.c
@@ -182,23 +182,15 @@ static void close_health_check_monitor(container_t *cont)
 // Called when the container is being stopped (whether because the health check is
 // failing or for any other reason).
 -void container_stop_health_checks(const char *container_id)
 +void container_stop_health_checks(container_t *cont)
 {
 -    container_t *cont = NULL;
 -
 -    if (container_id == NULL) {
 -        return;
 -    }
 -
 -    cont = containers_store_get(container_id);
     if (cont == NULL) {
 -        ERROR("Failed to get container info");
         return;
     }
 +
     if (cont->state != NULL && cont->state->state != NULL && cont->state->state->health != NULL) {
         close_health_check_monitor(cont);
     }
 -    container_unref(cont);
 }
 /* health check manager free */
 diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
 index a9b14043..2f688f57 100644
 --- a/src/daemon/modules/service/service_container.c
 +++ b/src/daemon/modules/service/service_container.c
@@ -1401,6 +1401,9 @@ int stop_container(container_t *cont, int timeout, bool force, bool restart)
         ret = -1;
         goto out;
     }
 +
 +    container_stop_health_checks(cont);
 +
     // set AutoRemove flag to false before stop so the container won't be
     // removed during restart process
     if (restart) {
 diff --git a/test/mocks/health_check_mock.cc b/test/mocks/health_check_mock.cc
 index eab18be7..5e2f210b 100644
 --- a/test/mocks/health_check_mock.cc
 +++ b/test/mocks/health_check_mock.cc
@@ -32,10 +32,10 @@ void container_update_health_monitor(const char *container_id)
     return;
 }
 -void container_stop_health_checks(const char *container_id)
 +void container_stop_health_checks(container_t *cont)
 {
     if (g_health_check_mock != nullptr) {
 -        return g_health_check_mock->ContainerStopHealthCheck(container_id);
 +        return g_health_check_mock->ContainerStopHealthCheck(cont);
     }
     return;
 }
 diff --git a/test/mocks/health_check_mock.h b/test/mocks/health_check_mock.h
 index ab8e20b0..29dad8ca 100644
 --- a/test/mocks/health_check_mock.h
 +++ b/test/mocks/health_check_mock.h
@@ -22,7 +22,7 @@
 class MockHealthCheck {
 public:
     MOCK_METHOD1(UpdateHealthMonitor, void(const char *container_id));
 -    MOCK_METHOD1(ContainerStopHealthCheck, void(const char *container_id));
 +    MOCK_METHOD1(ContainerStopHealthCheck, void(container_t *cont));
 };
 void MockHealthCheck_SetMock(MockHealthCheck* mock);
 diff --git a/test/services/execution/execute/execution_extend/execution_extend_ut.cc b/test/services/execution/execute/execution_extend/execution_extend_ut.cc
 index 03872340..e4e6d8d4 100644
 --- a/test/services/execution/execute/execution_extend/execution_extend_ut.cc
 +++ b/test/services/execution/execute/execution_extend/execution_extend_ut.cc
@@ -204,7 +204,7 @@ void invokeStateSetPaused(container_state_t *s)
     return;
 }
 -void invokeContainerStopHealthCheck(const char *container_id)
 +void invokeContainerStopHealthCheck(container_t *cont)
 {
     return;
 }
 -- 
 2.25.1
--- a/0009-set-dup_option-null-after-free.patch
+++ b/0009-set-dup_option-null-after-free.patch
@ -0,0 +1,25 @@
 From 3d8258777c2265ea00c9fe13a11d37d0b3320e4c Mon Sep 17 00:00:00 2001
 From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
 Date: Fri, 5 Aug 2022 14:37:38 +0800
 Subject: [PATCH 09/15] set dup_option null after free
 Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
 ---
 .../oci/storage/layer_store/graphdriver/devmapper/deviceset.c    | 1 +
 1 file changed, 1 insertion(+)
 diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
 index a0e749dd..10c7fafd 100644
 --- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
 +++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
@@ -239,6 +239,7 @@ static int devmapper_parse_options(struct device_set *devset, const char **optio
         }
         free(dup_option);
 +        dup_option = NULL;
     }
 out:
 -- 
 2.25.1
--- a/0010-ensure-read-string-must-have-space-store-null-char.patch
+++ b/0010-ensure-read-string-must-have-space-store-null-char.patch
@ -0,0 +1,136 @@
 From 6e0b890c16d851bd29009b8a778234ce9e82339e Mon Sep 17 00:00:00 2001
 From: haozi007 <liuhao27@huawei.com>
 Date: Mon, 8 Aug 2022 16:46:22 +0800
 Subject: [PATCH 10/15] ensure read string must have space store null char
 Signed-off-by: haozi007 <liuhao27@huawei.com>
 ---
 src/cmd/isulad-shim/process.c                   | 2 +-
 src/daemon/entry/cri/sysctl_tools.c             | 4 ++--
 src/daemon/modules/runtime/isula/isula_rt_ops.c | 2 +-
 src/daemon/modules/runtime/shim/shim_rt_ops.c   | 8 ++++----
 src/utils/tar/util_archive.c                    | 4 ++--
 src/utils/tar/util_gzip.c                       | 2 +-
 6 files changed, 11 insertions(+), 11 deletions(-)
 diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c
 index cb859920..4d665b26 100644
 --- a/src/cmd/isulad-shim/process.c
 +++ b/src/cmd/isulad-shim/process.c
@@ -1166,7 +1166,7 @@ int create_process(process_t *p)
         close_fd(&p->stdio->err);
         close_fd(&p->stdio->resize);
     }
 -    nread = read_nointr(exec_fd[0], exec_buff, sizeof(exec_buff));
 +    nread = read_nointr(exec_fd[0], exec_buff, sizeof(exec_buff) - 1);
     if (nread > 0) {
         write_message(g_log_fd, ERR_MSG, "runtime error");
         ret = SHIM_ERR;
 diff --git a/src/daemon/entry/cri/sysctl_tools.c b/src/daemon/entry/cri/sysctl_tools.c
 index 9883f9ff..257ccf8f 100644
 --- a/src/daemon/entry/cri/sysctl_tools.c
 +++ b/src/daemon/entry/cri/sysctl_tools.c
@@ -31,7 +31,7 @@ int get_sysctl(const char *sysctl, char **err)
     int fd = -1;
     ssize_t rsize;
     char fullpath[PATH_MAX] = { 0 };
 -    char buff[MAX_BUFFER_SIZE] = { 0 };
 +    char buff[MAX_BUFFER_SIZE + 1] = { 0 };
     ret = snprintf(fullpath, PATH_MAX, "%s/%s", SYSCTL_BASE, sysctl);
     if (ret < 0 || ret >= PATH_MAX) {
@@ -46,7 +46,7 @@ int get_sysctl(const char *sysctl, char **err)
         }
         goto free_out;
     }
 -    rsize = util_read_nointr(fd, buff, MAX_BUFFER_SIZE);
 +    rsize = util_read_nointr(fd, buff, sizeof(buff) - 1);
     if (rsize <= 0) {
         if (asprintf(err, "Read file failed: %s", strerror(errno)) < 0) {
             *err = util_strdup_s("Out of memory");
 diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
 index 42f1cda6..2ccdde2e 100644
 --- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
 +++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -712,7 +712,7 @@ realexec:
     }
     close(exec_fd[1]);
 -    num = util_read_nointr(exec_fd[0], exec_buff, sizeof(exec_buff));
 +    num = util_read_nointr(exec_fd[0], exec_buff, sizeof(exec_buff) - 1);
     close(exec_fd[0]);
     if (num > 0) {
         ERROR("exec failed: %s", exec_buff);
 diff --git a/src/daemon/modules/runtime/shim/shim_rt_ops.c b/src/daemon/modules/runtime/shim/shim_rt_ops.c
 index 21d339e5..9c9446a8 100644
 --- a/src/daemon/modules/runtime/shim/shim_rt_ops.c
 +++ b/src/daemon/modules/runtime/shim/shim_rt_ops.c
@@ -110,7 +110,7 @@ static int shim_bin_v2_create(const char *runtime, const char *id, const char *w
     int err_fd[2] = {-1, -1};
     int out_fd[2] = {-1, -1};
     char exec_buff[BUFSIZ + 1] = {0};
 -    char stdout_buff[PATH_MAX] = {0};
 +    char stdout_buff[PATH_MAX + 1] = {0};
     char stderr_buff[BUFSIZ + 1] = {0};
@@ -186,7 +186,7 @@ static int shim_bin_v2_create(const char *runtime, const char *id, const char *w
     }
     close(exec_fd[1]);
 -    if (util_read_nointr(exec_fd[0], exec_buff, sizeof(exec_buff)) > 0) {
 +    if (util_read_nointr(exec_fd[0], exec_buff, sizeof(exec_buff) - 1) > 0) {
         ERROR("exec failed: %s", exec_buff);
         ret = -1;
         goto out;
@@ -203,10 +203,10 @@ static int shim_bin_v2_create(const char *runtime, const char *id, const char *w
     status = status_to_exit_code(status);
     close(out_fd[1]);
 -    util_read_nointr(out_fd[0], stdout_buff, sizeof(stdout_buff));
 +    util_read_nointr(out_fd[0], stdout_buff, sizeof(stdout_buff) - 1);
     close(out_fd[0]);
     close(err_fd[1]);
 -    util_read_nointr(err_fd[0], stderr_buff, sizeof(stderr_buff));
 +    util_read_nointr(err_fd[0], stderr_buff, sizeof(stderr_buff) - 1);
     close(err_fd[0]);
     if (status != 0) {
 diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c
 index 1128b947..da814c94 100644
 --- a/src/utils/tar/util_archive.c
 +++ b/src/utils/tar/util_archive.c
@@ -596,7 +596,7 @@ int archive_unpack(const struct io_read_wrapper *content, const char *dstdir, co
     pid_t pid = -1;
     int keepfds[] = { -1, -1, -1 };
     int pipe_stderr[2] = { -1, -1 };
 -    char errbuf[BUFSIZ] = { 0 };
 +    char errbuf[BUFSIZ + 1] = { 0 };
     if (pipe2(pipe_stderr, O_CLOEXEC) != 0) {
         ERROR("Failed to create pipe");
@@ -980,7 +980,7 @@ int archive_chroot_tar(char *path, char *file, char **errmsg)
     pid_t pid;
     int pipe_for_read[2] = { -1, -1 };
     int keepfds[] = { -1, -1 };
 -    char errbuf[BUFSIZ] = { 0 };
 +    char errbuf[BUFSIZ + 1] = { 0 };
     int fd = 0;
     if (pipe2(pipe_for_read, O_CLOEXEC) != 0) {
 diff --git a/src/utils/tar/util_gzip.c b/src/utils/tar/util_gzip.c
 index 9b17e9d7..5c34d719 100644
 --- a/src/utils/tar/util_gzip.c
 +++ b/src/utils/tar/util_gzip.c
@@ -203,7 +203,7 @@ int gzip(const char *filename, size_t len)
     }
     ssize_t size_read = 0;
 -    char buffer[BUFSIZ] = { 0 };
 +    char buffer[BUFSIZ + 1] = { 0 };
     close(pipefd[1]);
 -- 
 2.25.1
--- a/0011-remove-unused-include-files.patch
+++ b/0011-remove-unused-include-files.patch
@ -0,0 +1,50 @@
 From 448e4c5b0327916c05d8354e4e99565de7a8129d Mon Sep 17 00:00:00 2001
 From: haozi007 <liuhao27@huawei.com>
 Date: Tue, 9 Aug 2022 14:36:33 +0800
 Subject: [PATCH 11/15] remove unused include files
 Signed-off-by: haozi007 <liuhao27@huawei.com>
 ---
 .../storage/layer_store/graphdriver/quota/project_quota.h  | 1 -
 src/utils/cutils/utils_network.c                           | 7 -------
 2 files changed, 8 deletions(-)
 diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.h b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.h
 index 2aae6bcd..94230faa 100644
 --- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.h
 +++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.h
@@ -35,7 +35,6 @@
 #include <inttypes.h>
 #include <linux/magic.h>
 #include <linux/dqblk_xfs.h>
 -#include <linux/fs.h>
 #include <errno.h>
 #include <libgen.h>
 #include <dirent.h>
 diff --git a/src/utils/cutils/utils_network.c b/src/utils/cutils/utils_network.c
 index 5192d06f..c77edc3c 100644
 --- a/src/utils/cutils/utils_network.c
 +++ b/src/utils/cutils/utils_network.c
@@ -18,19 +18,12 @@
 #include "utils_network.h"
 #include <unistd.h>
 -#include <sched.h>
 #include <stdlib.h>
 #include <pthread.h>
 #include <sys/mount.h>
 -#include <linux/fs.h>
 -#include <syscall.h>
 #include <isula_libutils/log.h>
 -#include <fcntl.h>
 #include "utils.h"
 -#include "utils_fs.h"
 -#include "utils_file.h"
 -#include "constants.h"
 int util_create_netns_file(const char *netns_path)
 {
 -- 
 2.25.1
--- a/0012-fix-lose-override-flag.patch
+++ b/0012-fix-lose-override-flag.patch
@ -0,0 +1,25 @@
 From ec627e1564baf4e77311c917bde9bddf23b63b9b Mon Sep 17 00:00:00 2001
 From: haozi007 <liuhao27@huawei.com>
 Date: Wed, 10 Aug 2022 17:40:36 +0800
 Subject: [PATCH 12/15] fix lose override flag
 Signed-off-by: haozi007 <liuhao27@huawei.com>
 ---
 src/daemon/entry/cri/websocket/service/exec_serve.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/src/daemon/entry/cri/websocket/service/exec_serve.h b/src/daemon/entry/cri/websocket/service/exec_serve.h
 index 65ee6b3a..3f84e0c8 100644
 --- a/src/daemon/entry/cri/websocket/service/exec_serve.h
 +++ b/src/daemon/entry/cri/websocket/service/exec_serve.h
@@ -37,6 +37,6 @@ private:
     virtual void *SetContainerStreamRequest(::google::protobuf::Message *grequest, const std::string &suffix) override;
     virtual int ExecuteStreamCommand(SessionData *lwsCtx, void *request) override;
     virtual void CloseConnect(SessionData *lwsCtx) override;
 -    virtual void FreeRequest(void *m_request);
 +    virtual void FreeRequest(void *m_request) override;
 };
 #endif // DAEMON_ENTRY_CRI_WEBSOCKET_SERVICE_EXEC_SERVE_H
 -- 
 2.25.1
--- a/0013-Add-read-and-execute-permissions-for-libhttpclient.s.patch
+++ b/0013-Add-read-and-execute-permissions-for-libhttpclient.s.patch
@ -0,0 +1,38 @@
 From e524923aeeeb96f999dd153ea51f778289fade52 Mon Sep 17 00:00:00 2001
 From: zhongtao <taozh97@163.com>
 Date: Fri, 12 Aug 2022 17:17:44 +0800
 Subject: [PATCH 13/15] Add read and execute permissions for libhttpclient.so
 and libisulad_tools.so for other users, so that non-root users who join the
 isula group can use the isula command normally
 ---
 src/CMakeLists.txt            | 2 +-
 src/utils/http/CMakeLists.txt | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
 diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
 index b8843f16..65bcb978 100644
 --- a/src/CMakeLists.txt
 +++ b/src/CMakeLists.txt
@@ -197,7 +197,7 @@ endif()
 # ------ install binary --------
 install(TARGETS libisulad_tools
 -    ${INSTALL_TYPE} DESTINATION ${LIB_INSTALL_DIR_DEFAULT} PERMISSIONS OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE)
 +    ${INSTALL_TYPE} DESTINATION ${LIB_INSTALL_DIR_DEFAULT} PERMISSIONS OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
 install(TARGETS libisula
     ${INSTALL_TYPE} DESTINATION ${LIB_INSTALL_DIR_DEFAULT} PERMISSIONS OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
 install(TARGETS isula
 diff --git a/src/utils/http/CMakeLists.txt b/src/utils/http/CMakeLists.txt
 index 0937cfab..ad7d0747 100644
 --- a/src/utils/http/CMakeLists.txt
 +++ b/src/utils/http/CMakeLists.txt
@@ -29,4 +29,4 @@ if (ISULAD_GCOV)
 endif()
 install(TARGETS libhttpclient
 -    ${INSTALL_TYPE} DESTINATION ${LIB_INSTALL_DIR_DEFAULT} PERMISSIONS OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE)
 +    ${INSTALL_TYPE} DESTINATION ${LIB_INSTALL_DIR_DEFAULT} PERMISSIONS OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
 -- 
 2.25.1
--- a/0014-fix-exec_request_to_rest-forgot-to-handle-suffix.patch
+++ b/0014-fix-exec_request_to_rest-forgot-to-handle-suffix.patch
@ -0,0 +1,27 @@
 From dfcd1cbd6403af11d7afed96b0c8e3ca292722f9 Mon Sep 17 00:00:00 2001
 From: "Neil.wrz" <wangrunze13@huawei.com>
 Date: Fri, 12 Aug 2022 15:30:50 -0700
 Subject: [PATCH 14/15] fix exec_request_to_rest forgot to handle suffix
 Signed-off-by: Neil.wrz <wangrunze13@huawei.com>
 ---
 src/client/connect/rest/rest_containers_client.c | 3 +++
 1 file changed, 3 insertions(+)
 diff --git a/src/client/connect/rest/rest_containers_client.c b/src/client/connect/rest/rest_containers_client.c
 index 7e549339..dfa20c75 100644
 --- a/src/client/connect/rest/rest_containers_client.c
 +++ b/src/client/connect/rest/rest_containers_client.c
@@ -1620,6 +1620,9 @@ static int exec_request_to_rest(const struct isula_exec_request *le_request, cha
     if (le_request->stderr != NULL) {
         crequest->stderr = util_strdup_s(le_request->stderr);
     }
 +    if (le_request->suffix != NULL) {
 +        crequest->suffix = util_strdup_s(le_request->suffix);
 +    }
     int i = 0;
     if (le_request->argc > 0) {
 -- 
 2.25.1
--- a/0015-add-fuzz-dict.patch
+++ b/0015-add-fuzz-dict.patch
@ -0,0 +1,29 @@
 From 13c9523f3f69bafc62be8465dea235bdc7e6df4f Mon Sep 17 00:00:00 2001
 From: WangFengTu <wangfengtu@huawei.com>
 Date: Thu, 11 Aug 2022 20:30:48 +0800
 Subject: [PATCH 15/15] add fuzz dict
 Signed-off-by: WangFengTu <wangfengtu@huawei.com>
 ---
 test/fuzz/dict/test_volume_mount_spec_fuzz.dict | 7 +++++++
 1 file changed, 7 insertions(+)
 diff --git a/test/fuzz/dict/test_volume_mount_spec_fuzz.dict b/test/fuzz/dict/test_volume_mount_spec_fuzz.dict
 index 8ef79c0b..39ae41df 100644
 --- a/test/fuzz/dict/test_volume_mount_spec_fuzz.dict
 +++ b/test/fuzz/dict/test_volume_mount_spec_fuzz.dict
@@ -31,4 +31,11 @@
 "bind-selinux-opts"
 "selinux-opts"
 "volume-nocopy"
 +"volume-nocopy=true"
 +"volume-nocopy=false"
 "empty"
 +"type=bind,src=/bind,dst=/bind,volume-nocopy=true,volume-nocopy=true"
 +"type=bind,src=/bind,dst=/bind"
 +"type=tmpfs,dst=/tmpfs,volume-nocopy=true"
 +"type=squashfs,src=/bind,dst=/tmpfs"
 +"type=squashfs,src=/,dst=/tmpfs"
 -- 
 2.25.1
--- a/iSulad.spec
+++ b/iSulad.spec
@ -1,5 +1,5 @@
 %global _version 2.0.15
-%global _release 2
+%global _release 3
 %global is_systemd 1
 %global enable_shimv2 1
 %global is_embedded 1
@ -19,6 +19,15 @@ Patch6002: 0003-don-t-mount-shareable-dirs-if-user-set-mount-for-dev.patch
 Patch6003: 0004-tolerate-arch-unspecified-seccomp-profiles.patch
 Patch6004: 0005-add-a-CI-test-case-checking-seccomp-option.patch
 Patch6005: 0006-fix-cri-attach-when-stdout-and-stderr-are-false.patch
 Patch6006: 0007-fix-cpu-quota-out-of-range-when-update-to-1.patch
 Patch6007: 0008-stop-health-check-monitor-before-stopping-container.patch
 Patch6008: 0009-set-dup_option-null-after-free.patch
 Patch6009: 0010-ensure-read-string-must-have-space-store-null-char.patch
 Patch6010: 0011-remove-unused-include-files.patch
 Patch6011: 0012-fix-lose-override-flag.patch
 Patch6012: 0013-Add-read-and-execute-permissions-for-libhttpclient.s.patch
 Patch6013: 0014-fix-exec_request_to_rest-forgot-to-handle-suffix.patch
 Patch6014: 0015-add-fuzz-dict.patch
 %ifarch x86_64 aarch64
 Provides:       libhttpclient.so()(64bit)
@ -246,6 +255,12 @@ fi
 %endif
 %changelog
 * Tue Aug 9 2022 haozi007 <liuhao27@huawei.com> - 2.0.15-3
 - Type: enhancement
 - ID: NA
 - SUG: NA
 - DESC: sycn patches from openeuler
 * Mon Aug 1 2022 chengzeruizhi <chengzeruizhi@huawei.com> - 2.0.15-2
 - Type: enhancement
 - ID: NA