!223 Fixed a bug that occurs when running a container in host mode

From: @chengzrz
Reviewed-by: @duguhaotian
Signed-off-by: @duguhaotian

0016-fix-mem-leak.patch

@@ -0,0 +1,42 @@
+From b97bdc9e63872bef2164a3b97ab837ac607ccf16 Mon Sep 17 00:00:00 2001
+From: gaohuatao <gaohuatao@huawei.com>
+Date: Fri, 3 Dec 2021 16:36:18 +0800
+Subject: [PATCH] fix mem leak
+
+Signed-off-by: gaohuatao <gaohuatao@huawei.com>
+---
+ src/daemon/modules/image/oci/storage/image_store/image_store.c | 3 ++-
+ .../modules/image/oci/storage/rootfs_store/rootfs_store.c      | 3 ++-
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c
+index d2956114..288d7bd7 100644
+--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c
++++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c
+@@ -2980,7 +2980,8 @@ static int append_image_by_directory(const char *image_dir)
+     im = storage_image_parse_file(image_path, NULL, &err);
+     if (im == NULL) {
+         ERROR("Failed to parse images path: %s", err);
+-        return -1;
++        ret = -1;
++        goto out;
+     }
+ 
+     ret = strip_default_hostname(im);
+diff --git a/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.c b/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.c
+index 8e1d5a11..378d1a96 100644
+--- a/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.c
++++ b/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.c
+@@ -177,7 +177,8 @@ static int append_container_by_directory(const char *container_dir)
+     c = storage_rootfs_parse_file(container_path, NULL, &err);
+     if (c == NULL) {
+         ERROR("Failed to parse container path: %s", err);
+-        return -1;
++        ret = -1;
++        goto out;
+     }
+ 
+     if (do_append_container(c) != 0) {
+-- 
+2.25.1
+

0017-isula-pull-does-not-support-format-name-digest.patch

@@ -0,0 +1,26 @@
+From de8ef6a226fdbee53975d6d746a065a24a98ea05 Mon Sep 17 00:00:00 2001
+From: WangFengTu <wangfengtu@huawei.com>
+Date: Mon, 6 Dec 2021 11:07:36 +0800
+Subject: [PATCH] isula pull does not support format name@digest
+
+Signed-off-by: WangFengTu <wangfengtu@huawei.com>
+---
+ src/cmd/isula/images/pull.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/cmd/isula/images/pull.c b/src/cmd/isula/images/pull.c
+index 3ba7a715..da9cae52 100644
+--- a/src/cmd/isula/images/pull.c
++++ b/src/cmd/isula/images/pull.c
+@@ -25,7 +25,7 @@
+ #include "connect.h"
+ 
+ const char g_cmd_pull_desc[] = "Pull an image or a repository from a registry";
+-const char g_cmd_pull_usage[] = "pull [OPTIONS] NAME[:TAG|@DIGEST]";
++const char g_cmd_pull_usage[] = "pull [OPTIONS] NAME[:TAG]";
+ 
+ struct client_arguments g_cmd_pull_args = {};
+ 
+-- 
+2.25.1
+

0018-Fixed-dangerous-memory-operations.patch

@@ -0,0 +1,144 @@
+From 6f337131977c21966cf7a6898cfc81414c07cf05 Mon Sep 17 00:00:00 2001
+From: chengzrz <czrzrichard@gmail.com>
+Date: Mon, 6 Dec 2021 15:34:31 +0800
+Subject: [PATCH] Fixed dangerous memory operations
+
+Signed-off-by: chengzrz <czrzrichard@gmail.com>
+---
+ .../cri_pod_sandbox_manager_service_impl.cc   |  3 +-
+ .../executor/container_cb/execution_create.c  |  5 +++
+ src/utils/cutils/utils_network.c              | 43 +++++++++++++------
+ test/mocks/namespace_mock.h                   |  3 +-
+ 4 files changed, 40 insertions(+), 14 deletions(-)
+
+diff --git a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc
+index 0a577849..57297287 100644
+--- a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc
++++ b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc
+@@ -477,7 +477,7 @@ void PodSandboxManagerServiceImpl::SetupSandboxNetwork(const runtime::v1alpha2::
+ {
+     std::map<std::string, std::string> stdAnnos;
+     std::map<std::string, std::string> networkOptions;
+-    const char* sandbox_key = get_sandbox_key(inspect_data);
++    char* sandbox_key = get_sandbox_key(inspect_data);
+ 
+     // Setup sandbox files
+     if (config.has_dns_config() && inspect_data->resolv_conf_path != nullptr) {
+@@ -510,6 +510,7 @@ void PodSandboxManagerServiceImpl::SetupSandboxNetwork(const runtime::v1alpha2::
+     }
+ 
+ cleanup:
++    free(sandbox_key);
+     return;
+ }
+ 
+diff --git a/src/daemon/executor/container_cb/execution_create.c b/src/daemon/executor/container_cb/execution_create.c
+index 95a7d9ab..e647ca06 100644
+--- a/src/daemon/executor/container_cb/execution_create.c
++++ b/src/daemon/executor/container_cb/execution_create.c
+@@ -1421,6 +1421,11 @@ static char *new_pod_sandbox_key(void)
+ 
+ static int generate_network_settings(const host_config *host_config, container_config_v2_common_config *v2_spec)
+ {
++    if (host_config == NULL || v2_spec == NULL) {
++        ERROR("Invalid input");
++        return -1;
++    }
++
+     container_config_v2_common_config_network_settings *settings = NULL;
+ 
+     if (!namespace_is_file(host_config->network_mode)) {
+diff --git a/src/utils/cutils/utils_network.c b/src/utils/cutils/utils_network.c
+index a5d77c93..1ca901ea 100644
+--- a/src/utils/cutils/utils_network.c
++++ b/src/utils/cutils/utils_network.c
+@@ -65,26 +65,34 @@ out:
+     return ret;
+ }
+ 
+-static void mount_netns(void *netns_path)
++static void* mount_netns(void *netns_path)
+ {
+-    int failure = EXIT_FAILURE;
+-    int success = EXIT_SUCCESS;
++    int *ecode = (int *)malloc(sizeof(int));
+     char fullpath[PATH_MAX] = { 0x00 };
+     int ret = 0;
+ 
+     if (unshare(CLONE_NEWNET) != 0) {
+-        pthread_exit((void *)&failure);
++        ERROR("Failed to unshare");
++        goto err_out;
+     }
+ 
+     ret = snprintf(fullpath, sizeof(fullpath), "/proc/%d/task/%ld/ns/net", getpid(), (long int)syscall(__NR_gettid));
+     if (ret < 0 || (size_t)ret >= sizeof(fullpath)) {
+-        pthread_exit((void *)&failure);
++        ERROR("Failed to get full path");
++        goto err_out;
+     }
+ 
+     if (util_mount(fullpath, (char *)netns_path, "none", "bind") != 0) {
+-        pthread_exit((void *)&failure);
++        ERROR("Failed to mount %s", fullpath);
++        goto err_out;
+     }
+-    pthread_exit((void *)&success);
++
++    *ecode = EXIT_SUCCESS;
++    pthread_exit((void *)ecode);
++
++err_out:
++    *ecode = EXIT_FAILURE;
++    pthread_exit((void *)ecode);
+ }
+ 
+ // this function mounts netns path to /proc/%d/task/%d/ns/net
+@@ -103,14 +111,25 @@ int util_mount_namespace(const char *netns_path)
+     ret = pthread_join(newns_thread, &status);
+     if (ret != 0) {
+         ERROR("Failed to join thread");
++        ret = -1;
++        goto out;
++    }
++
++    if (status == NULL) {
++        ERROR("Failed set exit status");
+         return -1;
++    }
++
++    if (*(int *)status != 0) {
++        ERROR("Failed to initialize network namespace, status code is %d", *(int *)status);
++        ret = -1;
+     } else {
+-        if (*(int *)status != 0) {
+-            ERROR("Failed to initialize network namespace");
+-            return -1;
+-        }
++        ret = 0;
+     }
+-    return 0;
++
++out:
++    free(status);
++    return ret;
+ }
+ 
+ int util_umount_namespace(const char *netns_path)
+diff --git a/test/mocks/namespace_mock.h b/test/mocks/namespace_mock.h
+index 80e75b0b..5bfc2c70 100644
+--- a/test/mocks/namespace_mock.h
++++ b/test/mocks/namespace_mock.h
+@@ -26,7 +26,8 @@ public:
+     MOCK_METHOD1(ConnectedContainer, char *(const char *mode));
+     MOCK_METHOD3(GetShareNamespacePath, int(const char *type, const char *src_path, char **dest_path));
+     MOCK_METHOD1(GetContainerProcessLabel, char *(const char *path));
+-    MOCK_METHOD4(GetNetworkNamespacePath, int(const host_config *, const container_config_v2_common_config_network_settings *, const char *, char **));
++    MOCK_METHOD4(GetNetworkNamespacePath, int(const host_config *,
++                                              const container_config_v2_common_config_network_settings *, const char *, char **));
+ };
+ 
+ void MockNamespace_SetMock(MockNamespace *mock);
+-- 
+2.25.1
+

0019-add-pull-request-gateway-checker-for-build-and-ut.patch

@@ -0,0 +1,97 @@
+From 5a9ab3c983158c8848868e92d5a06fbd7bfc9141 Mon Sep 17 00:00:00 2001
+From: haozi007 <liuhao27@huawei.com>
+Date: Mon, 6 Dec 2021 09:26:40 +0000
+Subject: [PATCH] add pull request gateway checker for build and ut
+
+Signed-off-by: haozi007 <liuhao27@huawei.com>
+---
+ CI/pr-gateway.sh | 77 ++++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 77 insertions(+)
+ create mode 100755 CI/pr-gateway.sh
+
+diff --git a/CI/pr-gateway.sh b/CI/pr-gateway.sh
+new file mode 100755
+index 00000000..c38059b9
+--- /dev/null
++++ b/CI/pr-gateway.sh
+@@ -0,0 +1,77 @@
++#!/bin/bash
++#######################################################################
++##- @Copyright (C) Huawei Technologies., Ltd. 2021. All rights reserved.
++# - iSulad licensed under the Mulan PSL v2.
++# - You can use this software according to the terms and conditions of the Mulan PSL v2.
++# - You may obtain a copy of Mulan PSL v2 at:
++# -     http://license.coscl.org.cn/MulanPSL2
++# - THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
++# - IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
++# - PURPOSE.
++# - See the Mulan PSL v2 for more details.
++##- @Description:provide gateway checker for pull request of iSulad
++##- @Author: haozi007
++##- @Create: 2021-12-06
++#######################################################################
++tbranch="master"
++if [ $# -eq 1 ]; then
++    tbranch=$1
++fi
++
++dnf install -y gtest-devel gmock-devel diffutils cmake gcc-c++ yajl-devel patch make libtool libevent-devel libevhtp-devel grpc grpc-plugins grpc-devel protobuf-devel libcurl libcurl-devel sqlite-devel libarchive-devel device-mapper-devel http-parser-devel libseccomp-devel libcap-devel libselinux-devel libwebsockets libwebsockets-devel systemd-devel git chrpath
++
++# dnf install -y cargo rust rust-packaging
++
++cd ~
++
++rm -rf lxc
++git clone https://gitee.com/src-openeuler/lxc.git
++pushd lxc
++rm -rf lxc-4.0.3
++./apply-patches || exit 1
++pushd lxc-4.0.3
++./autogen.sh && ./configure || exit 1
++make -j $(nproc) || exit 1
++make install
++popd
++popd
++
++ldconfig
++rm -rf lcr
++git clone https://gitee.com/openeuler/lcr.git
++pushd lcr
++git checkout ${tbranch}
++rm -rf build
++mkdir build
++pushd build
++cmake -DDEBUG=ON -DCMAKE_SKIP_RPATH=TRUE ../ || exit 1
++make -j $(nproc) || exit 1
++make install
++popd
++popd
++
++ldconfig
++rm -rf clibcni
++git clone https://gitee.com/openeuler/clibcni.git
++pushd clibcni
++git checkout ${tbranch}
++rm -rf build
++mkdir build
++pushd build
++cmake -DDEBUG=ON ../ || exit 1
++make -j $(nproc) || exit 1
++make install
++popd
++popd
++
++ldconfig
++pushd iSulad
++rm -rf build
++mkdir build
++pushd build
++cmake -DDEBUG=ON -DCMAKE_INSTALL_PREFIX=/usr -DENABLE_UT=ON -DENABLE_SHIM_V2=OFF ../ || exit 1
++#cmake -DDEBUG=ON -DCMAKE_INSTALL_PREFIX=/usr -DENABLE_UT=ON -DENABLE_SHIM_V2=ON ../ || exit 1
++make -j $(nproc) || exit 1
++ctest -V
++popd
++popd
+-- 
+2.25.1
+

0021-Fixed-a-bug-that-occurs-when-starting-container-in-h.patch

@@ -0,0 +1,36 @@
+From fcc132e592ba1f9c427e02ef6f930eb208a6ebca Mon Sep 17 00:00:00 2001
+From: chengzrz <czrzrichard@gmail.com>
+Date: Thu, 9 Dec 2021 14:56:39 +0800
+Subject: [PATCH] Fixed a bug that occurs when starting container in host mode
+
+Signed-off-by: chengzrz <czrzrichard@gmail.com>
+---
+ src/daemon/modules/spec/specs_namespace.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/daemon/modules/spec/specs_namespace.c b/src/daemon/modules/spec/specs_namespace.c
+index eea0b3ff..e9f98d00 100644
+--- a/src/daemon/modules/spec/specs_namespace.c
++++ b/src/daemon/modules/spec/specs_namespace.c
+@@ -156,7 +156,7 @@ static int handle_get_path_from_host(const host_config *host_spec,
+                                      const container_config_v2_common_config_network_settings *network_settings,
+                                      const char *type, char **dest_path)
+ {
+-    *dest_path = namespace_get_host_namespace_path(host_spec->network_mode);
++    *dest_path = namespace_get_host_namespace_path(type);
+     if (*dest_path == NULL) {
+         return -1;
+     }
+@@ -209,6 +209,9 @@ int get_network_namespace_path(const host_config *host_spec,
+     for (index = 0; index < jump_table_size; ++index) {
+         if (strncmp(network_mode, handler_jump_table[index].mode, strlen(handler_jump_table[index].mode)) == 0) {
+             ret = handler_jump_table[index].handle(host_spec, network_settings, type, dest_path);
++            if (ret != 0) {
++                ERROR("Failed to get ns path, network mode is %s, type is %s", network_mode, type);
++            }
+             return ret;
+         }
+     }
+-- 
+2.25.1
+

iSulad.spec

@@ -1,5 +1,5 @@
 %global _version 2.0.10
-%global _release 10
+%global _release 11
 %global is_systemd 1
 %global enable_shimv2 1
 %global is_embedded 1
@@ -28,6 +28,12 @@ Patch0012: 0012-print-valgrind-log.patch
 Patch0013: 0013-fix-cri-version-memory-leak.patch
 Patch0014: 0014-fix-undefined-reference-in-libisulad_img.so.patch
 Patch0015: 0015-fix-undefined-reference-to-service_arguments_free-in.patch
+Patch0016: 0016-fix-mem-leak.patch
+Patch0017: 0017-isula-pull-does-not-support-format-name-digest.patch
+Patch0018: 0018-Fixed-dangerous-memory-operations.patch
+Patch0019: 0019-add-pull-request-gateway-checker-for-build-and-ut.patch
+Patch0020: 0020-Optimize-websocket-streaming-service-code.patch
+Patch0021: 0021-Fixed-a-bug-that-occurs-when-starting-container-in-h.patch
 
 %ifarch x86_64 aarch64
 Provides:       libhttpclient.so()(64bit)
@@ -252,6 +258,12 @@ fi
 %endif
 
 %changelog
+* Thu Dec 09 2021 chengzeruizhi <chengzeruizhi@huawei.com> - 2.0.10-11
+- Type: bugfix
+- ID: NA
+- SUG: NA
+- DESC: fixed a bug that occurs when starting a container in host mode
+
 * Thu Dec 09 2021 wangfengtu <wagnfengtu@huawei.com> - 2.0.10-10
 - Type: bugfix
 - ID: NA