packages/iSulad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

upgrade from upstream

Browse Source 
Signed-off-by: liuxu <liuxu156@huawei.com>
This commit is contained in:
liuxu 2024-11-25 16:34:57 +08:00
parent a51e04f45a
commit 4e2be1f070
16 changed files with 10707 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
0142-pull-failure-shows-error-reason.patch Normal file
View File

@ -0,0 +1,27 @@
From dd3f733949a0c6c9256a63b54079e9a7b8aa7fe6 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Fri, 25 Oct 2024 02:50:01 +1400
Subject: [PATCH 142/156] pull failure shows error reason
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/entry/connect/grpc/grpc_images_service.cc | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/daemon/entry/connect/grpc/grpc_images_service.cc b/src/daemon/entry/connect/grpc/grpc_images_service.cc
index 32f0446e..6135945a 100644
--- a/src/daemon/entry/connect/grpc/grpc_images_service.cc
+++ b/src/daemon/entry/connect/grpc/grpc_images_service.cc
@@ -691,6 +691,9 @@ Status ImagesServiceImpl::PullImage(ServerContext *context, const PullImageReque
stream.writer = (void *)writer;
ret = cb->image.pull(image_req, &stream, &image_res);
+ if (image_res->errmsg != NULL) {
+ errmsg = image_res->errmsg;
+ }
free_image_pull_image_request(image_req);
free_image_pull_image_response(image_res);
if (ret == 0) {
--
2.34.1

44
0143-move-CGROUP2_SUPER_MAGIC-define-to-cgroup.c.patch Normal file
View File

@ -0,0 +1,44 @@
From d0bb2c00769ab41ada532a04338b91032d7ada2e Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sat, 26 Oct 2024 16:59:09 +1400
Subject: [PATCH 143/156] move CGROUP2_SUPER_MAGIC define to cgroup.c
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/common/cgroup/cgroup.c | 4 ++++
src/daemon/common/cgroup/cgroup_v2.c | 4 ----
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/daemon/common/cgroup/cgroup.c b/src/daemon/common/cgroup/cgroup.c
index 77fafdae..a6846c03 100644
--- a/src/daemon/common/cgroup/cgroup.c
+++ b/src/daemon/common/cgroup/cgroup.c
@@ -36,6 +36,10 @@
#define CGROUP_SUPER_MAGIC 0x27e0eb
#endif
+#ifndef CGROUP2_SUPER_MAGIC
+#define CGROUP2_SUPER_MAGIC 0x63677270
+#endif
+
static cgroup_ops g_cgroup_ops;
static int get_cgroup_version_for_init(void)
diff --git a/src/daemon/common/cgroup/cgroup_v2.c b/src/daemon/common/cgroup/cgroup_v2.c
index ce72e6c4..078425d2 100644
--- a/src/daemon/common/cgroup/cgroup_v2.c
+++ b/src/daemon/common/cgroup/cgroup_v2.c
@@ -52,10 +52,6 @@
#define CGROUP2_CPUSET_CPUS_EFFECTIVE_PATH CGROUP_MOUNTPOINT"/cpuset.cpus.effective"
#define CGROUP2_CPUSET_MEMS_EFFECTIVE_PATH CGROUP_MOUNTPOINT"/cpuset.mems.effective"
-#ifndef CGROUP2_SUPER_MAGIC
-#define CGROUP2_SUPER_MAGIC 0x63677270
-#endif
-
static int get_value_ull_v2(const char *content, const char *match, void *result)
{
uint64_t ull_result = 0;
--
2.34.1

189
0144-update-centos-build-script.patch Normal file
View File

@ -0,0 +1,189 @@
From 10aa1ba26eecdf044c1a97e05db53d286e19a3af Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sat, 26 Oct 2024 18:24:21 +1400
Subject: [PATCH 144/156] update centos build script
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
CI/dockerfiles/Dockerfile-centos | 10 ++-
docs/build_docs/README_zh.md | 4 +
.../script/install_iSulad_on_Centos_7.sh | 83 +++----------------
3 files changed, 23 insertions(+), 74 deletions(-)
diff --git a/CI/dockerfiles/Dockerfile-centos b/CI/dockerfiles/Dockerfile-centos
index af3ce035..0b11014b 100644
--- a/CI/dockerfiles/Dockerfile-centos
+++ b/CI/dockerfiles/Dockerfile-centos
@@ -24,6 +24,11 @@
FROM centos:7.6.1810
MAINTAINER LiFeng <lifeng68@huawei.com>
+RUN sed -i 's/mirror.centos.org/archive.kernel.org\/centos-vault/g' /etc/yum.repos.d/*.repo
+RUN sed -i s/^#.*baseurl=http/baseurl=http/g /etc/yum.repos.d/*.repo
+RUN sed -i s/^mirrorlist=http/#mirrorlist=http/g /etc/yum.repos.d/*.repo
+RUN echo "sslverify=false" | tee -a /etc/yum.conf
+
# Install dependency package
RUN yum clean all && yum makecache && yum install -y epel-release && yum swap -y fakesystemd systemd && \
yum update -y && \
@@ -113,6 +118,9 @@ RUN git config --global http.sslverify false
# install rust
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
+RUN mkdir -p /root/.cargo/
+RUN touch ${HOME}/.cargo/config
+
# configure rust
RUN echo "[source.crates-io]" >> ${HOME}/.cargo/config && \
echo "[source.local-registry]" >> ${HOME}/.cargo/config && \
@@ -286,7 +294,7 @@ RUN export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH && \
make install && \
ldconfig
-RUN dnf install -y ncurses-devel && dnf clean all
+RUN yum install -y ncurses-devel && yum clean all
VOLUME [ "/sys/fs/cgroup" ]
CMD ["/usr/sbin/init"]
diff --git a/docs/build_docs/README_zh.md b/docs/build_docs/README_zh.md
index f27fbc4f..6450bf7e 100644
--- a/docs/build_docs/README_zh.md
+++ b/docs/build_docs/README_zh.md
@@ -40,6 +40,8 @@ $ cd iSulad/docs/build_docs/guide/script
$ sudo ./install_iSulad_on_Centos_7.sh
```
+若需要在centos容器中编译iSulad可参照iSulad编译可使用的镜像dockerfile[Dockerfile-ubuntu](../../CI/dockerfiles/Dockerfile-ubuntu)。
+
### Ubuntu
我们同样在代码仓中提供了在Ubuntu上自动化安装的脚本: [install_iSulad_on_Ubuntu_20_04_LTS](./guide/script/install_iSulad_on_Ubuntu_20_04_LTS.sh)您只需要执行这个脚本就可以自动编译安装iSulad以及其依赖的组件。
@@ -51,6 +53,8 @@ $ sudo chmod +x ./install_iSulad_on_Ubuntu_20_04_LTS.sh
$ sudo ./install_iSulad_on_Ubuntu_20_04_LTS.sh
```
+若需要在ubuntu容器中编译iSulad可参照iSulad编译可使用的镜像dockerfile[Dockerfile-centos](../../CI/dockerfiles/)。
+
## 构建指南
我们提供了多种构建iSulad的方式
diff --git a/docs/build_docs/guide/script/install_iSulad_on_Centos_7.sh b/docs/build_docs/guide/script/install_iSulad_on_Centos_7.sh
index b268d777..d83520e1 100755
--- a/docs/build_docs/guide/script/install_iSulad_on_Centos_7.sh
+++ b/docs/build_docs/guide/script/install_iSulad_on_Centos_7.sh
@@ -5,93 +5,29 @@ set -x
set -e
# install neccessary packages
-yum install -y patch automake autoconf libtool cmake make libcap libcap-devel libselinux libselinux-devel libseccomp libseccomp-devel yajl-devel git libcgroup tar python3 python3-pip device-mapper-devel libcurl-devel zlib-devel glibc-headers openssl-devel gcc gcc-c++ systemd-devel systemd-libs golang libtar libtar-devel which
+# yum install -y patch automake autoconf libtool cmake make libcap libcap-devel libselinux libselinux-devel libseccomp libseccomp-devel yajl-devel git libcgroup tar python3 python3-pip device-mapper-devel libcurl-devel zlib-devel glibc-headers openssl-devel gcc gcc-c++ systemd-devel systemd-libs golang libtar libtar-devel which
# export LDFLAGS
export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH
export LD_LIBRARY_PATH=/usr/local/lib:/usr/lib:$LD_LIBRARY_PATH
- echo "/usr/local/lib" >> /etc/ld.so.conf
+echo "/usr/local/lib" >> /etc/ld.so.conf
BUILD_DIR=/tmp/build_isulad
rm -rf $BUILD_DIR
mkdir -p $BUILD_DIR
-# build libarchive
-cd $BUILD_DIR
-git clone https://gitee.com/src-openeuler/libarchive.git
-cd libarchive
-git checkout -b openEuler-20.03-LTS-tag openEuler-20.03-LTS-tag
-tar -zxvf libarchive-3.4.1.tar.gz
-cd libarchive-3.4.1
-patch -p1 -F1 -s < ../libarchive-uninitialized-value.patch
-cd build
-cmake -DCMAKE_USE_SYSTEM_LIBRARIES=ON ../
-make -j $(nproc)
-make install
-ldconfig
-
-# build protobuf
-cd $BUILD_DIR
-git clone https://gitee.com/src-openeuler/protobuf.git
-cd protobuf
-git checkout openEuler-20.03-LTS-tag
-tar -xzvf protobuf-all-3.9.0.tar.gz
-cd protobuf-3.9.0
-./autogen.sh
-./configure
-make -j $(nproc)
-make install
-ldconfig
-
-# build c-ares
-cd $BUILD_DIR
-git clone https://gitee.com/src-openeuler/c-ares.git
-cd c-ares
-git checkout openEuler-20.03-LTS-tag
-tar -xzvf c-ares-1.15.0.tar.gz
-cd c-ares-1.15.0
-autoreconf -if
-./configure --enable-shared --disable-dependency-tracking
-make -j $(nproc)
-make install
-ldconfig
-
-# build grpc
-cd $BUILD_DIR
-git clone https://gitee.com/src-openeuler/grpc.git
-cd grpc
-git checkout openEuler-20.03-LTS-tag
-tar -xzvf grpc-1.22.0.tar.gz
-cd grpc-1.22.0
-make -j $(nproc)
-make install
-ldconfig
-
-# build libwebsockets
-cd $BUILD_DIR
-git clone https://gitee.com/src-openeuler/libwebsockets.git
-cd libwebsockets
-git checkout openEuler-20.03-LTS-tag
-tar -xzvf libwebsockets-2.4.2.tar.gz
-cd libwebsockets-2.4.2
-patch -p1 -F1 -s < ../libwebsockets-fix-coredump.patch
-mkdir build
-cd build
-cmake -DLWS_WITH_SSL=0 -DLWS_MAX_SMP=32 -DCMAKE_BUILD_TYPE=Debug ../
-make -j $(nproc)
-make install
-ldconfig
-
# build lxc
cd $BUILD_DIR
git clone https://gitee.com/src-openeuler/lxc.git
cd lxc
+git config --global --add safe.directory $BUILD_DIR/lxc/lxc-5.0.2
./apply-patches
-cd lxc-4.0.3
-./autogen.sh
-./configure
-make -j
+cd lxc-5.0.2
+sed -i 's/return open(rpath, (int)((unsigned int)flags | O_CLOEXEC));/return open(rpath, (int)((unsigned int)flags | O_CLOEXEC), 0);/g' src/lxc/isulad_utils.c
+meson setup -Disulad=true \
+ -Dprefix=/usr build
+meson compile -C build
make install
# build lcr
@@ -118,8 +54,9 @@ make install
cd $BUILD_DIR
git clone https://gitee.com/openeuler/iSulad.git
cd iSulad
+sed -i 's/-O2 -Wall -fPIE/-O2 -Wall -fPIE -std=gnu99/g' cmake/set_build_flags.cmake
mkdir build
cd build
-cmake ..
+cmake -DDISABLE_WERROR=on ../
make
make install
--
2.34.1

97
0145-cni-change-error-info.patch Normal file
View File

@ -0,0 +1,97 @@
From 445642718fd3dd7867aad9fc8e6eb5b7dafadcb6 Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Fri, 1 Nov 2024 12:56:38 +0800
Subject: [PATCH 145/156] cni:change error info
Signed-off-by: liuxu <liuxu156@huawei.com>
---
.../modules/network/cni_operator/cni_operate.c | 8 ++++----
.../network/cni_operator/libcni/libcni_api.c | 14 +++++++++++++-
.../network/cni_operator/libcni/libcni_api.h | 2 +-
3 files changed, 18 insertions(+), 6 deletions(-)
diff --git a/src/daemon/modules/network/cni_operator/cni_operate.c b/src/daemon/modules/network/cni_operator/cni_operate.c
index 6db6db51..80a2642d 100644
--- a/src/daemon/modules/network/cni_operator/cni_operate.c
+++ b/src/daemon/modules/network/cni_operator/cni_operate.c
@@ -731,13 +731,13 @@ static int update_runtime_conf_cni_args_by_cached(cni_cached_info *info, struct
return 0;
}
-static int get_configs_from_cached(const char *network, struct runtime_conf *rc, char **conf_list)
+static int get_configs_from_cached(const char *network, const char *cni_version, struct runtime_conf *rc, char **conf_list)
{
int ret = 0;
size_t i;
cni_cached_info *info = NULL;
- info = cni_get_network_list_cached_info(network, rc);
+ info = cni_get_network_list_cached_info(network, cni_version, rc);
if (info == NULL) {
return 0;
}
@@ -857,7 +857,7 @@ int check_network_plane(const struct cni_manager *manager, const struct cni_netw
goto out;
}
- ret = get_configs_from_cached(list->list->name, rc, NULL);
+ ret = get_configs_from_cached(list->list->name, list->list->cni_version, rc, NULL);
if (ret != 0) {
ERROR("Get cached info failed");
ret = -1;
@@ -901,7 +901,7 @@ int detach_network_plane(const struct cni_manager *manager, const struct cni_net
goto out;
}
- ret = get_configs_from_cached(list->list->name, rc, NULL);
+ ret = get_configs_from_cached(list->list->name, list->list->cni_version, rc, NULL);
if (ret != 0) {
ERROR("Get cached info failed");
ret = -1;
diff --git a/src/daemon/modules/network/cni_operator/libcni/libcni_api.c b/src/daemon/modules/network/cni_operator/libcni/libcni_api.c
index 7ba983af..c55c8e9d 100644
--- a/src/daemon/modules/network/cni_operator/libcni/libcni_api.c
+++ b/src/daemon/modules/network/cni_operator/libcni/libcni_api.c
@@ -81,13 +81,25 @@ struct cni_opt_result *cni_get_network_list_cached_result(const struct cni_netwo
return result;
}
-cni_cached_info *cni_get_network_list_cached_info(const char *network, const struct runtime_conf *rc)
+cni_cached_info *cni_get_network_list_cached_info(const char *network, const char *cni_version, const struct runtime_conf *rc)
{
+ bool greater = false;
if (network == NULL) {
ERROR("Empty network");
return NULL;
}
+ if (util_version_greater_than_or_equal_to(cni_version, SUPPORT_CACHE_AND_CHECK_VERSION, &greater) != 0) {
+ ERROR("Invalid cni version %s", cni_version);
+ return NULL;
+ }
+
+ // CACHE was added in CNI spec version 0.4.0 and higher
+ if (!greater) {
+ WARN("result version: %s is too old, do not save this cache", cni_version);
+ return NULL;
+ }
+
return cni_cache_read(g_module_conf.cache_dir, network, rc);
}
diff --git a/src/daemon/modules/network/cni_operator/libcni/libcni_api.h b/src/daemon/modules/network/cni_operator/libcni/libcni_api.h
index 2f10d6e9..bf16f168 100644
--- a/src/daemon/modules/network/cni_operator/libcni/libcni_api.h
+++ b/src/daemon/modules/network/cni_operator/libcni/libcni_api.h
@@ -75,7 +75,7 @@ bool cni_module_init(const char *cache_dir, const char * const *paths, size_t pa
struct cni_opt_result *cni_get_network_list_cached_result(const struct cni_network_list_conf *list,
const struct runtime_conf *rc);
-cni_cached_info *cni_get_network_list_cached_info(const char *network, const struct runtime_conf *rc);
+cni_cached_info *cni_get_network_list_cached_info(const char *network, const char *cni_version, const struct runtime_conf *rc);
int cni_add_network_list(const struct cni_network_list_conf *list, const struct runtime_conf *rc,
struct cni_opt_result **pret);
--
2.34.1

233
0146-bugfix-for-sem_wait-call-when-errno-is-EINTR.patch Normal file
View File

@ -0,0 +1,233 @@
From 70f5e98110b2c63755f283712eebbd075787081b Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 5 Nov 2024 03:15:04 +1400
Subject: [PATCH 146/156] bugfix for sem_wait call when errno is EINTR
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/cmd/isula/base/start.c | 4 +++-
src/cmd/isula/client_console.c | 4 +++-
src/cmd/isula/stream/attach.c | 8 ++++++--
src/cmd/isula/stream/exec.c | 4 +++-
src/cmd/isulad-shim/process.c | 4 +++-
src/cmd/isulad/main.c | 8 ++++++--
src/daemon/entry/connect/grpc/grpc_containers_service.cc | 8 ++++++--
src/daemon/entry/cri/streams/attach_serve.cc | 4 +++-
src/daemon/entry/cri/streams/websocket/ws_server.cc | 5 ++++-
src/daemon/modules/events/collector.c | 8 ++++++--
src/daemon/modules/service/io_handler.c | 4 +++-
11 files changed, 46 insertions(+), 15 deletions(-)
diff --git a/src/cmd/isula/base/start.c b/src/cmd/isula/base/start.c
index 6a066638..3f8c13ee 100644
--- a/src/cmd/isula/base/start.c
+++ b/src/cmd/isula/base/start.c
@@ -193,7 +193,9 @@ out:
void client_wait_fifo_exit(const struct client_arguments *args)
{
if (args->custom_conf.attach_stdin || args->custom_conf.attach_stdout || args->custom_conf.attach_stderr) {
- sem_wait(&g_console_waitexit_sem);
+ while(sem_wait(&g_console_waitexit_sem) == -1 && errno == EINTR) {
+ continue;
+ }
}
}
diff --git a/src/cmd/isula/client_console.c b/src/cmd/isula/client_console.c
index 555f59b6..fb6f6c05 100644
--- a/src/cmd/isula/client_console.c
+++ b/src/cmd/isula/client_console.c
@@ -259,7 +259,9 @@ int start_client_console_thread(struct command_fifo_config *console_fifos, bool
return -1;
}
- sem_wait(console_fifos->wait_open);
+ while(sem_wait(console_fifos->wait_open) == -1 && errno == EINTR) {
+ continue;
+ }
return 0;
}
diff --git a/src/cmd/isula/stream/attach.c b/src/cmd/isula/stream/attach.c
index b61c9350..bc3eb141 100644
--- a/src/cmd/isula/stream/attach.c
+++ b/src/cmd/isula/stream/attach.c
@@ -285,7 +285,9 @@ static int container_wait_thread(struct client_arguments *args, uint32_t *exit_c
(void)sem_destroy(&sem_started);
return -1;
}
- (void)sem_wait(&sem_started);
+ while(sem_wait(&sem_started) == -1 && errno == EINTR) {
+ continue;
+ }
(void)sem_destroy(&sem_started);
return 0;
}
@@ -366,7 +368,9 @@ static int client_attach(struct client_arguments *args, uint32_t *exit_code)
}
#ifndef GRPC_CONNECTOR
- sem_wait(&g_attach_waitexit_sem);
+ while(sem_wait(&g_attach_waitexit_sem) == -1 && errno == EINTR) {
+ continue;
+ }
#endif
if (clock_gettime(CLOCK_REALTIME, &ts) == -1) {
diff --git a/src/cmd/isula/stream/exec.c b/src/cmd/isula/stream/exec.c
index cacb0278..6eab4d4f 100644
--- a/src/cmd/isula/stream/exec.c
+++ b/src/cmd/isula/stream/exec.c
@@ -380,7 +380,9 @@ static int local_cmd_exec(struct client_arguments *args, uint32_t *exit_code)
ret = client_exec(args, command_fifos, exit_code);
if (ret == 0 &&
(args->custom_conf.attach_stdin || args->custom_conf.attach_stdout || args->custom_conf.attach_stderr)) {
- sem_wait(&g_command_waitexit_sem);
+ while(sem_wait(&g_command_waitexit_sem) == -1 && errno == EINTR) {
+ continue;
+ }
}
out:
delete_command_fifo(command_fifos);
diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c
index 18fae03f..11903a5c 100644
--- a/src/cmd/isulad-shim/process.c
+++ b/src/cmd/isulad-shim/process.c
@@ -1237,7 +1237,9 @@ int process_io_start(process_t *p, pthread_t *tid_epoll)
if (ret != SHIM_OK) {
return SHIM_SYS_ERR(errno);
}
- (void)sem_wait(&p->sem_mainloop);
+ while(sem_wait(&p->sem_mainloop) == -1 && errno == EINTR) {
+ continue;
+ }
(void)sem_destroy(&p->sem_mainloop);
return SHIM_OK;
diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c
index 0228caa8..7c6148fd 100644
--- a/src/cmd/isulad/main.c
+++ b/src/cmd/isulad/main.c
@@ -1648,7 +1648,9 @@ static void *do_shutdown_handler(void *arg)
prctl(PR_SET_NAME, "Shutdown");
- sem_wait(&g_daemon_shutdown_sem);
+ while(sem_wait(&g_daemon_shutdown_sem) == -1 && errno == EINTR) {
+ continue;
+ }
daemon_shutdown();
@@ -1868,7 +1870,9 @@ int main(int argc, char **argv)
server_common_start();
- sem_wait(&g_daemon_wait_shutdown_sem);
+ while(sem_wait(&g_daemon_wait_shutdown_sem) == -1 && errno == EINTR) {
+ continue;
+ }
DAEMON_CLEAR_ERRMSG();
return 0;
diff --git a/src/daemon/entry/connect/grpc/grpc_containers_service.cc b/src/daemon/entry/connect/grpc/grpc_containers_service.cc
index c5e7c275..0a46b36c 100644
--- a/src/daemon/entry/connect/grpc/grpc_containers_service.cc
+++ b/src/daemon/entry/connect/grpc/grpc_containers_service.cc
@@ -306,7 +306,9 @@ Status ContainerServiceImpl::RemoteStart(ServerContext *context,
// close pipe 1 first, make sure io copy thread exit
close(read_pipe_fd[1]);
if (container_req->attach_stderr && ret == 0) {
- (void)sem_wait(&sem);
+ while(sem_wait(&sem) == -1 && errno == EINTR) {
+ continue;
+ }
}
(void)sem_destroy(&sem);
close(read_pipe_fd[0]);
@@ -656,7 +658,9 @@ Status ContainerServiceImpl::Attach(ServerContext *context, ServerReaderWriter<A
close(pipefd[1]);
// Waiting sem, make sure the sem is posted always in attach callback.
if (container_req->attach_stderr && ret == 0) {
- (void)sem_wait(&sem_stderr);
+ while(sem_wait(&sem_stderr) == -1 && errno == EINTR) {
+ continue;
+ }
}
(void)sem_destroy(&sem_stderr);
close(pipefd[0]);
diff --git a/src/daemon/entry/cri/streams/attach_serve.cc b/src/daemon/entry/cri/streams/attach_serve.cc
index 3d59e539..9c0e56c4 100644
--- a/src/daemon/entry/cri/streams/attach_serve.cc
+++ b/src/daemon/entry/cri/streams/attach_serve.cc
@@ -145,7 +145,9 @@ int AttachServe::ExecuteStreamCommand(SessionData *lwsCtx, void *request)
WsWriteStdoutToClient(lwsCtx, message.c_str(), message.length());
} else {
// wait io copy thread complete
- (void)sem_wait(&attachSem);
+ while(sem_wait(&attachSem) == -1 && errno == EINTR) {
+ continue;
+ }
}
(void)sem_destroy(&attachSem);
diff --git a/src/daemon/entry/cri/streams/websocket/ws_server.cc b/src/daemon/entry/cri/streams/websocket/ws_server.cc
index a8d89b36..7e3225b2 100644
--- a/src/daemon/entry/cri/streams/websocket/ws_server.cc
+++ b/src/daemon/entry/cri/streams/websocket/ws_server.cc
@@ -193,7 +193,10 @@ void WebsocketServer::CloseWsSession(int socketID)
close(session->pipes.at(1));
session->pipes.at(1) = -1;
}
- (void)sem_wait(session->syncCloseSem);
+
+ while(sem_wait(session->syncCloseSem) == -1 && errno == EINTR) {
+ continue;
+ }
(void)sem_destroy(session->syncCloseSem);
delete session->syncCloseSem;
session->syncCloseSem = nullptr;
diff --git a/src/daemon/modules/events/collector.c b/src/daemon/modules/events/collector.c
index af688742..eb79bf81 100644
--- a/src/daemon/modules/events/collector.c
+++ b/src/daemon/modules/events/collector.c
@@ -932,7 +932,9 @@ int add_monitor_client(char *name, const types_timestamp_t *since, const types_t
goto sem_free;
}
- sem_wait(&context_info->context_sem);
+ while(sem_wait(&context_info->context_sem) == -1 && errno == EINTR) {
+ continue;
+ }
sem_free:
sem_destroy(&context_info->context_sem);
@@ -1002,7 +1004,9 @@ static int start_monitored()
goto out;
}
- sem_wait(msync.monitord_sem);
+ while(sem_wait(msync.monitord_sem) == -1 && errno == EINTR) {
+ continue;
+ }
sem_destroy(msync.monitord_sem);
if (monitored_exitcode) {
isulad_set_error_message("Monitored start failed");
diff --git a/src/daemon/modules/service/io_handler.c b/src/daemon/modules/service/io_handler.c
index 474fa650..f3b47737 100644
--- a/src/daemon/modules/service/io_handler.c
+++ b/src/daemon/modules/service/io_handler.c
@@ -485,7 +485,9 @@ static int start_io_copy_thread(int sync_fd, bool detach, struct io_copy_arg *co
return -1;
}
- sem_wait(&thread_arg.wait_sem);
+ while(sem_wait(&thread_arg.wait_sem) == -1 && errno == EINTR) {
+ continue;
+ }
sem_destroy(&thread_arg.wait_sem);
return 0;
}
--
2.34.1

229
0147-add-no-pivot-root-support.patch Normal file
View File

@ -0,0 +1,229 @@
From 3a925ead33267d44cafd182a85e75c9c3ac25d58 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 6 Nov 2024 15:24:30 +0800
Subject: [PATCH 147/156] add no pivot root support
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
cmake/options.cmake | 7 +++++++
src/cmd/isula/base/create.c | 7 +++++++
src/cmd/isula/base/create.h | 11 ++++++++++
src/cmd/isula/base/run.c | 3 +++
src/cmd/isula/client_arguments.h | 4 ++++
src/cmd/isula/isula_host_spec.c | 5 +++++
src/cmd/isula/isula_host_spec.h | 4 ++++
src/cmd/isulad-shim/process.c | 6 ++++++
src/daemon/modules/api/runtime_api.h | 1 +
.../modules/runtime/isula/isula_rt_ops.c | 3 +++
.../modules/service/service_container.c | 20 +++++++++++++++++++
11 files changed, 71 insertions(+)
diff --git a/cmake/options.cmake b/cmake/options.cmake
index 41177fe0..15d7044a 100644
--- a/cmake/options.cmake
+++ b/cmake/options.cmake
@@ -168,6 +168,13 @@ if (ENABLE_NATIVE_NETWORK OR ENABLE_GRPC)
set(ENABLE_NETWORK 1)
endif()
+option(ENABLE_NO_PIVOT_ROOT "Enable no pivot root" ON)
+if (ENABLE_NO_PIVOT_ROOT STREQUAL "ON")
+ add_definitions(-DENABLE_NO_PIVOT_ROOT)
+ set(ENABLE_NO_PIVOT_ROOT 1)
+ message("${Green}-- Enable no pivot root${ColourReset}")
+endif()
+
option(ENABLE_PLUGIN "enable plugin module" OFF)
if (ENABLE_PLUGIN STREQUAL "ON")
add_definitions(-DENABLE_PLUGIN=1)
diff --git a/src/cmd/isula/base/create.c b/src/cmd/isula/base/create.c
index b04dddb5..7331676a 100644
--- a/src/cmd/isula/base/create.c
+++ b/src/cmd/isula/base/create.c
@@ -1292,6 +1292,10 @@ static isula_host_config_t *request_pack_host_config(const struct client_argumen
hostconfig->publish_all = args->custom_conf.publish_all;
#endif
+#ifdef ENABLE_NO_PIVOT_ROOT
+ hostconfig->no_pivot_root = args->custom_conf.no_pivot_root;
+#endif
+
return hostconfig;
error_out:
@@ -1750,6 +1754,9 @@ int cmd_create_main(int argc, const char **argv)
COMMON_OPTIONS(g_cmd_create_args)
#ifdef ENABLE_NATIVE_NETWORK
CREATE_NETWORK_OPTIONS(g_cmd_create_args)
+#endif
+#ifdef ENABLE_NO_PIVOT_ROOT
+ NO_PIVOT_ROOT_OPTIONS(g_cmd_create_args)
#endif
};
diff --git a/src/cmd/isula/base/create.h b/src/cmd/isula/base/create.h
index 9eb471b4..b4205a88 100644
--- a/src/cmd/isula/base/create.h
+++ b/src/cmd/isula/base/create.h
@@ -39,6 +39,17 @@ extern "C" {
#define USERNS_OPT(cmdargs)
#endif
+#ifdef ENABLE_NO_PIVOT_ROOT
+#define NO_PIVOT_ROOT_OPTIONS(cmdargs) \
+ { CMD_OPT_TYPE_BOOL, \
+ false, \
+ "no-pivot", \
+ 0, \
+ &(cmdargs).custom_conf.no_pivot_root, \
+ "disable use of pivot-root (oci runtime only)", \
+ NULL },
+#endif
+
#define CREATE_OPTIONS(cmdargs) \
{ \
CMD_OPT_TYPE_BOOL, \
diff --git a/src/cmd/isula/base/run.c b/src/cmd/isula/base/run.c
index 8d48244c..15e035c1 100644
--- a/src/cmd/isula/base/run.c
+++ b/src/cmd/isula/base/run.c
@@ -150,6 +150,9 @@ int cmd_run_main(int argc, const char **argv)
CREATE_EXTEND_OPTIONS(g_cmd_run_args) RUN_OPTIONS(g_cmd_run_args)
#ifdef ENABLE_NATIVE_NETWORK
CREATE_NETWORK_OPTIONS(g_cmd_run_args)
+#endif
+#ifdef ENABLE_NO_PIVOT_ROOT
+ NO_PIVOT_ROOT_OPTIONS(g_cmd_run_args)
#endif
};
isula_libutils_default_log_config(argv[0], &lconf);
diff --git a/src/cmd/isula/client_arguments.h b/src/cmd/isula/client_arguments.h
index 76d01122..debcc903 100644
--- a/src/cmd/isula/client_arguments.h
+++ b/src/cmd/isula/client_arguments.h
@@ -237,6 +237,10 @@ struct custom_configs {
/* publish a container's port to the host */
char **publish;
#endif
+
+#ifdef ENABLE_NO_PIVOT_ROOT
+ bool no_pivot_root;
+#endif
};
struct args_cgroup_resources {
diff --git a/src/cmd/isula/isula_host_spec.c b/src/cmd/isula/isula_host_spec.c
index 9e902ed9..4c2fefa4 100644
--- a/src/cmd/isula/isula_host_spec.c
+++ b/src/cmd/isula/isula_host_spec.c
@@ -1729,6 +1729,11 @@ int generate_hostconfig(const isula_host_config_t *srcconfig, char **hostconfigs
#ifdef ENABLE_NATIVE_NETWORK
dstconfig->port_bindings = srcconfig->port_bindings;
#endif
+
+#ifdef ENABLE_NO_PIVOT_ROOT
+ dstconfig->no_pivot_root = srcconfig->no_pivot_root;
+#endif
+
*hostconfigstr = host_config_generate_json(dstconfig, &ctx, &err);
#ifdef ENABLE_NATIVE_NETWORK
dstconfig->port_bindings = NULL;
diff --git a/src/cmd/isula/isula_host_spec.h b/src/cmd/isula/isula_host_spec.h
index 25a54236..f00526e4 100644
--- a/src/cmd/isula/isula_host_spec.h
+++ b/src/cmd/isula/isula_host_spec.h
@@ -163,6 +163,10 @@ typedef struct isula_host_config {
bool publish_all;
defs_map_string_object_port_bindings *port_bindings;
#endif
+
+#ifdef ENABLE_NO_PIVOT_ROOT
+ bool no_pivot_root;
+#endif
} isula_host_config_t;
int generate_hostconfig(const isula_host_config_t *srcconfig, char **hostconfigstr);
diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c
index 11903a5c..10d21565 100644
--- a/src/cmd/isulad-shim/process.c
+++ b/src/cmd/isulad-shim/process.c
@@ -1298,6 +1298,12 @@ static void get_runtime_cmd(process_t *p, const char *log_path, const char *pid_
params[i++] = "create";
params[i++] = "--bundle";
params[i++] = p->bundle;
+#ifdef ENABLE_NO_PIVOT_ROOT
+ if (getenv("ISULAD_RAMDISK") != NULL || p->state->no_pivot_root) {
+ params[i++] = "--no-pivot";
+ }
+#endif
+
}
params[i++] = "--pid-file";
params[i++] = pid_path;
diff --git a/src/daemon/modules/api/runtime_api.h b/src/daemon/modules/api/runtime_api.h
index bd170c30..930710ca 100644
--- a/src/daemon/modules/api/runtime_api.h
+++ b/src/daemon/modules/api/runtime_api.h
@@ -84,6 +84,7 @@ typedef struct _rt_create_params_t {
bool tty;
bool open_stdin;
const char *task_addr;
+ bool no_pivot_root;
} rt_create_params_t;
typedef struct _rt_start_params_t {
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index dc156154..e628c3fe 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -1209,6 +1209,9 @@ int rt_isula_create(const char *id, const char *runtime, const rt_create_params_
p.runtime_args_len = runtime_args_len;
p.attach_socket = attach_socket;
p.systemd_cgroup = conf_get_systemd_cgroup();
+#ifdef ENABLE_NO_PIVOT_ROOT
+ p.no_pivot_root = params->no_pivot_root;
+#endif
copy_process(&p, config->process);
copy_annotations(&p, config->annotations);
diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
index 4157c631..754c28ac 100644
--- a/src/daemon/modules/service/service_container.c
+++ b/src/daemon/modules/service/service_container.c
@@ -743,6 +743,23 @@ static int do_oci_spec_update(const char *id, oci_runtime_spec *oci_spec, contai
return 0;
}
+static bool pack_no_pivot_root(const container_t *cont)
+{
+ size_t i = 0;
+ bool ret = false;
+
+ ret = cont->hostconfig->no_pivot_root;
+ if (cont->common_config->config->annotations != NULL) {
+ for (i = 0; i < cont->common_config->config->annotations->len; i++) {
+ if (strcmp(cont->common_config->config->annotations->keys[i], "ISULAD_RAMDISK") == 0) {
+ ret = true;
+ break;
+ }
+ }
+ }
+ return ret;
+}
+
static int do_start_container(container_t *cont, const char *console_fifos[], bool reset_rm, pid_ppid_info_t *pid_info)
{
int ret = 0;
@@ -906,6 +923,9 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo
create_params.exit_fifo = exit_fifo;
create_params.tty = tty;
create_params.open_stdin = open_stdin;
+#ifdef ENABLE_NO_PIVOT_ROOT
+ create_params.no_pivot_root = pack_no_pivot_root(cont);
+#endif
#ifdef ENABLE_CRI_API_V1
if (cont->common_config->sandbox_info != NULL) {
create_params.task_addr = cont->common_config->sandbox_info->task_address;
--
2.34.1

227
0148-fix-issues-Isula-ps-cannot-display-port-mapping.patch Normal file
View File

@ -0,0 +1,227 @@
From 6d5121eacdb42a4dd7c2ea498c534b893b80e405 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=AD=A6=E7=A7=AF=E8=B6=85?= <wujichao1@huawei.com>
Date: Thu, 7 Nov 2024 20:17:41 +0800
Subject: [PATCH 148/156] fix issues: Isula ps cannot display port mapping
---
src/api/services/containers/container.proto | 1 +
.../connect/grpc/grpc_containers_client.cc | 2 +
src/client/connect/protocol_type.c | 4 ++
src/client/connect/protocol_type.h | 1 +
src/cmd/isula/information/ps.c | 9 ++-
.../connect/grpc/container/list_service.cc | 3 +
src/daemon/executor/container_cb/list.c | 2 +
src/daemon/modules/api/container_api.h | 2 +
src/daemon/modules/container/container_unix.c | 56 ++++++++++++++++++-
9 files changed, 77 insertions(+), 3 deletions(-)
diff --git a/src/api/services/containers/container.proto b/src/api/services/containers/container.proto
index 8d05681e..113fcb10 100644
--- a/src/api/services/containers/container.proto
+++ b/src/api/services/containers/container.proto
@@ -65,6 +65,7 @@ message Container {
string name = 16;
string health_state = 17;
int64 created = 18;
+ string ports = 19;
}
message Container_info {
diff --git a/src/client/connect/grpc/grpc_containers_client.cc b/src/client/connect/grpc/grpc_containers_client.cc
index adeac0ba..f042290e 100644
--- a/src/client/connect/grpc/grpc_containers_client.cc
+++ b/src/client/connect/grpc/grpc_containers_client.cc
@@ -1241,6 +1241,8 @@ private:
util_strdup_s("none");
response->container_summary[index]->command = !in.command().empty() ? util_strdup_s(in.command().c_str()) :
util_strdup_s("-");
+ response->container_summary[index]->ports = !in.ports().empty() ? util_strdup_s(in.ports().c_str()) :
+ nullptr;
const char *starttime = !in.startat().empty() ? in.startat().c_str() : "-";
response->container_summary[index]->startat = util_strdup_s(starttime);
diff --git a/src/client/connect/protocol_type.c b/src/client/connect/protocol_type.c
index 57dcf753..d0ab9732 100644
--- a/src/client/connect/protocol_type.c
+++ b/src/client/connect/protocol_type.c
@@ -531,6 +531,10 @@ void isula_list_response_free(struct isula_list_response *response)
free(response->container_summary[i]->command);
response->container_summary[i]->command = NULL;
}
+ if (response->container_summary[i]->ports != NULL) {
+ free(response->container_summary[i]->ports);
+ response->container_summary[i]->ports = NULL;
+ }
if (response->container_summary[i]->startat != NULL) {
free(response->container_summary[i]->startat);
response->container_summary[i]->startat = NULL;
diff --git a/src/client/connect/protocol_type.h b/src/client/connect/protocol_type.h
index 2b445c5a..02e315bf 100644
--- a/src/client/connect/protocol_type.h
+++ b/src/client/connect/protocol_type.h
@@ -204,6 +204,7 @@ struct isula_container_summary_info {
char *id;
char *image;
char *command;
+ char *ports;
char *name;
Container_Status status;
uint32_t exit_code;
diff --git a/src/cmd/isula/information/ps.c b/src/cmd/isula/information/ps.c
index 13c35dc7..6bdc157f 100644
--- a/src/cmd/isula/information/ps.c
+++ b/src/cmd/isula/information/ps.c
@@ -332,7 +332,8 @@ static void print_basic_container_info_item(const struct isula_container_summary
} else if (strcmp(name, "Created") == 0) {
print_created_field(in->created, length->created_length);
} else if (strcmp(name, "Ports") == 0) {
- printf("%-*s", (int)length->ports_length, " ");
+ const char *ports = (in->ports != NULL ? in->ports : "N/A");
+ printf("%-*s", (int)length->ports_length, ports);
}
}
@@ -515,6 +516,12 @@ static void list_field_width(struct isula_container_summary_info **info, const s
l->command_length = (unsigned int)cmd_len;
}
}
+ if (in->ports != NULL) {
+ size_t ports_len = strlen(in->ports);
+ if (ports_len > l->ports_length) {
+ l->ports_length = (unsigned int)ports_len;
+ }
+ }
calculate_str_length(in->name, &l->name_length);
calculate_str_length(in->runtime, &l->runtime_length);
diff --git a/src/daemon/entry/connect/grpc/container/list_service.cc b/src/daemon/entry/connect/grpc/container/list_service.cc
index e831acbc..dfd48191 100644
--- a/src/daemon/entry/connect/grpc/container/list_service.cc
+++ b/src/daemon/entry/connect/grpc/container/list_service.cc
@@ -121,6 +121,9 @@ void ContainerListService::FillResponseTogRPC(void *containerRes, containers::Li
if (response->containers[i]->command != nullptr) {
container->set_command(response->containers[i]->command);
}
+ if (response->containers[i]->ports != nullptr) {
+ container->set_ports(response->containers[i]->ports);
+ }
container->set_exit_code(response->containers[i]->exit_code);
container->set_restartcount(response->containers[i]->restartcount);
if (response->containers[i]->startat != nullptr) {
diff --git a/src/daemon/executor/container_cb/list.c b/src/daemon/executor/container_cb/list.c
index 243eb4d2..2e8c7a79 100644
--- a/src/daemon/executor/container_cb/list.c
+++ b/src/daemon/executor/container_cb/list.c
@@ -609,6 +609,8 @@ static int fill_container_info(container_container *container_info, const contai
container_info->status = (int)container_state_judge_status(cont_state);
+ container_info->ports = container_get_ports(cont);
+
container_info->command = container_get_command(cont);
image = container_get_image(cont);
container_info->image = image ? image : util_strdup_s("none");
diff --git a/src/daemon/modules/api/container_api.h b/src/daemon/modules/api/container_api.h
index a6ec8e22..e4d7fc25 100644
--- a/src/daemon/modules/api/container_api.h
+++ b/src/daemon/modules/api/container_api.h
@@ -185,6 +185,8 @@ int container_v2_spec_merge_container_spec(container_config_v2_common_config *v2
char *container_get_command(const container_t *cont);
+char *container_get_ports(const container_t *cont);
+
char *container_get_image(const container_t *cont);
int container_exit_on_next(container_t *cont);
diff --git a/src/daemon/modules/container/container_unix.c b/src/daemon/modules/container/container_unix.c
index 6f345ea0..812ab9e1 100644
--- a/src/daemon/modules/container/container_unix.c
+++ b/src/daemon/modules/container/container_unix.c
@@ -20,6 +20,7 @@
#include <isula_libutils/container_config_v2.h>
#include <isula_libutils/host_config.h>
#include <isula_libutils/json_common.h>
+#include <isula_libutils/auto_cleanup.h>
#include <limits.h>
#include <pthread.h>
#include <stdbool.h>
@@ -1253,7 +1254,7 @@ char *container_get_command(const container_t *cont)
if (cont->common_config->path != NULL) {
nret = util_array_append(&args, cont->common_config->path);
if (nret < 0) {
- ERROR("Appned string failed");
+ ERROR("Append string failed");
goto cleanup;
}
}
@@ -1268,7 +1269,7 @@ char *container_get_command(const container_t *cont)
nret = util_array_append(&args, arg);
free(arg);
if (nret < 0) {
- ERROR("Appned string failed");
+ ERROR("Append string failed");
goto cleanup;
}
}
@@ -1280,6 +1281,57 @@ cleanup:
return cmd;
}
+/* container get ports */
+char *container_get_ports(const container_t *cont)
+{
+ int nret;
+ size_t i, j, ports_num = 0;
+ __isula_auto_array_t char **args = NULL;
+ char *ports = NULL;
+
+ if (cont == NULL || cont->hostconfig == NULL || cont->hostconfig->port_bindings == NULL) {
+ return NULL;
+ }
+
+ for (i = 0; cont->hostconfig->port_bindings->keys != NULL && i < cont->hostconfig->port_bindings->len; i++) {
+ for (j = 0; j < cont->hostconfig->port_bindings->values[i]->element->host_len; j++) {
+ __isula_auto_free char *arg = NULL;
+ char *host_ip = cont->hostconfig->port_bindings->values[i]->element->host[j]->host_ip;
+ if (host_ip == NULL) {
+ host_ip = "0.0.0.0";
+ }
+ char *host_port = cont->hostconfig->port_bindings->values[i]->element->host[j]->host_port;
+ if (host_port == NULL) {
+ host_port = "";
+ }
+ char *cont_port_type = cont->hostconfig->port_bindings->keys[i];
+ if (cont_port_type == NULL) {
+ cont_port_type = "";
+ }
+ size_t total_len = strlen(host_ip) + strlen(host_port) + strlen(cont_port_type) + 4; // 4 for ":->" and null terminator
+ arg = util_common_calloc_s(total_len);
+ if (arg == NULL) {
+ ERROR("Out of memory");
+ return ports;
+ }
+ nret = snprintf(arg, total_len, "%s:%s->%s", host_ip, host_port, cont_port_type);
+ if (nret < 0 || (size_t)nret >= total_len) {
+ ERROR("Failed to print string");
+ return ports;
+ }
+ nret = util_array_append(&args, arg);
+ if (nret < 0) {
+ ERROR("Append string failed");
+ return ports;
+ }
+ ports_num++;
+ }
+ }
+ ports = util_string_join(", ", (const char **)args, ports_num);
+
+ return ports;
+}
+
/* container get image */
char *container_get_image(const container_t *cont)
{
--
2.34.1

87
0149-move-nri-call-in-stop-and-remove-con.patch Normal file
View File

@ -0,0 +1,87 @@
From db60c64138b45539fe70282c853ac2dae5954924 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Thu, 14 Nov 2024 17:34:49 +0800
Subject: [PATCH 149/156] move nri call in stop and remove con
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/common/cri/cri_helpers.cc | 18 ++++++++++++++++++
.../cri/v1/v1_cri_container_manager_service.cc | 14 --------------
2 files changed, 18 insertions(+), 14 deletions(-)
diff --git a/src/daemon/common/cri/cri_helpers.cc b/src/daemon/common/cri/cri_helpers.cc
index a8cbd996..aa8e3c19 100644
--- a/src/daemon/common/cri/cri_helpers.cc
+++ b/src/daemon/common/cri/cri_helpers.cc
@@ -32,6 +32,10 @@
#include "isulad_config.h"
#include "sha256.h"
+#ifdef ENABLE_NRI
+#include "nri_adaption.h"
+#endif
+
namespace CRIHelpers {
const std::string Constants::POD_NETWORK_ANNOTATION_KEY { "network.alpha.kubernetes.io/network" };
const std::string Constants::CONTAINER_TYPE_LABEL_KEY { "cri.isulad.type" };
@@ -660,6 +664,13 @@ void RemoveContainerHelper(service_executor_t *cb, const std::string &containerI
goto cleanup;
}
+#ifdef ENABLE_NRI
+ if (!NRIAdaptation::GetInstance()->RemoveContainer(containerID, error)) {
+ ERROR("NRI RemoveContainer notification failed: %s", error.GetCMessage());
+ }
+ error.Clear();
+#endif
+
if (cb->container.remove(request, &response) != 0) {
if (response != nullptr && response->errmsg != nullptr) {
error.SetError(response->errmsg);
@@ -719,6 +730,13 @@ void StopContainerHelper(service_executor_t *cb, const std::string &containerID,
error.SetError(msg);
}
+#ifdef ENABLE_NRI
+ if (!NRIAdaptation::GetInstance()->StopContainer(containerID, error)) {
+ ERROR("NRI StopContainer notification failed: %s", error.GetCMessage());
+ }
+ error.Clear();
+#endif
+
free_container_stop_request(request);
free_container_stop_response(response);
}
diff --git a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
index 1e84d14c..b585b49c 100644
--- a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
+++ b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
@@ -618,25 +618,11 @@ cleanup:
void ContainerManagerService::StopContainer(const std::string &containerID, int64_t timeout, Errors &error)
{
-#ifdef ENABLE_NRI
- Errors nriErr;
-#endif
CRIHelpers::StopContainer(m_cb, containerID, timeout, error);
-#ifdef ENABLE_NRI
- if (!NRIAdaptation::GetInstance()->StopContainer(containerID, nriErr)) {
- ERROR("NRI StopContainer notification failed: %s", nriErr.GetCMessage());
- }
-#endif
}
void ContainerManagerService::RemoveContainer(const std::string &containerID, Errors &error)
{
-#ifdef ENABLE_NRI
- Errors nriErr;
- if (!NRIAdaptation::GetInstance()->RemoveContainer(containerID, nriErr)) {
- ERROR("NRI RemoveContainer notification failed: %s", nriErr.GetCMessage());
- }
-#endif
CRIHelpers::RemoveContainer(m_cb, containerID, error);
if (error.NotEmpty()) {
WARN("Failed to remove container %s", containerID.c_str());
--
2.34.1

548
0150-add-missing-con-linux-info-for-nri-module.patch Normal file
View File

@ -0,0 +1,548 @@
From 140166e0f385a2f23502efeeba4113536736c3c8 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Thu, 14 Nov 2024 16:45:08 +0800
Subject: [PATCH 150/156] add missing con linux info for nri module
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/common/nri/nri_convert.cc | 482 ++++++++++++++++++++++++++-
1 file changed, 480 insertions(+), 2 deletions(-)
diff --git a/src/daemon/common/nri/nri_convert.cc b/src/daemon/common/nri/nri_convert.cc
index 30caf1dd..d862d992 100644
--- a/src/daemon/common/nri/nri_convert.cc
+++ b/src/daemon/common/nri/nri_convert.cc
@@ -15,12 +15,16 @@
#include "nri_convert.h"
+#include <sys/stat.h>
+#include <sys/sysmacros.h>
+
#include "container_api.h"
#include "v1_cri_helpers.h"
#include "path.h"
#include "transform.h"
#include "nri_utils.h"
#include "cstruct_wrapper.h"
+#include "specs_api.h"
static int64_t DefaultOOMScoreAdj = 0;
@@ -385,6 +389,462 @@ error_out:
return false;
}
+static int ConvertDevice(const char *host_path, const char *container_path, const char *permissions,
+ nri_linux_device &device, nri_linux_device_cgroup &deviceCgroup)
+{
+ int ret = 0;
+ struct stat st;
+ const char *dev_type = NULL;
+ unsigned int file_mode = 0;
+
+ if (host_path == NULL) {
+ return -1;
+ }
+
+ ret = stat(host_path, &st);
+ if (ret < 0) {
+ ERROR("device %s no exists", host_path);
+ return -1;
+ }
+
+ file_mode = st.st_mode & 0777;
+
+ /* check device type first */
+ if (S_ISBLK(st.st_mode)) {
+ file_mode |= S_IFBLK;
+ dev_type = "b";
+ } else if (S_ISCHR(st.st_mode)) {
+ file_mode |= S_IFCHR;
+ dev_type = "c";
+ } else {
+ ERROR("Cannot determine the device number for device %s", host_path);
+ return -1;
+ }
+
+ /* fill spec dev */
+ device.major = (int64_t)major(st.st_rdev);
+ device.minor = (int64_t)minor(st.st_rdev);
+ device.uid = (uint32_t *)util_common_calloc_s(sizeof(uint32_t*));
+ if (device.uid == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+ *(device.uid) = st.st_uid;
+ device.gid = (uint32_t *)util_common_calloc_s(sizeof(uint32_t*));
+ if (device.gid == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+ *(device.gid) = st.st_gid;
+ device.file_mode = (uint32_t *)util_common_calloc_s(sizeof(uint32_t));
+ if (device.file_mode == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+ *(device.file_mode) = (int)file_mode;
+ device.type = util_strdup_s(dev_type);
+ device.path = util_strdup_s(container_path);
+
+ /* fill spec cgroup dev */
+ deviceCgroup.allow = true;
+ deviceCgroup.access = util_strdup_s(permissions);
+ deviceCgroup.type = util_strdup_s(dev_type);
+ deviceCgroup.major = (int64_t *)util_common_calloc_s(sizeof(int64_t));
+ if (deviceCgroup.major == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+ *(deviceCgroup.major) = (int64_t)major(st.st_rdev);
+ deviceCgroup.minor = (int64_t *)util_common_calloc_s(sizeof(int64_t));
+ if (deviceCgroup.minor == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+ *(deviceCgroup.minor) = (int64_t)minor(st.st_rdev);
+
+ return 0;
+}
+
+static int ConvertHostConfigDevices(const host_config_devices_element *dev_map, nri_linux_device &device,
+ nri_linux_device_cgroup &deviceCgroup)
+{
+ return ConvertDevice(dev_map->path_on_host, dev_map->path_in_container,
+ dev_map->cgroup_permissions, device, deviceCgroup);
+}
+
+static int ConLinuxDeviceToNRI(const host_config *config, nri_container &con)
+{
+ size_t i;
+
+ if (config->devices_len == 0 && config->nri_devices_len == 0) {
+ return 0;
+ }
+ con.linux->devices = (nri_linux_device **)util_smart_calloc_s(sizeof(nri_linux_device *),
+ config->devices_len + config->nri_devices_len);
+ if (con.linux->devices == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+
+ con.linux->resources->devices = (nri_linux_device_cgroup **)util_smart_calloc_s(sizeof(nri_linux_device_cgroup *),
+ config->devices_len);
+ if (con.linux->resources->devices == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+
+ for (i = 0; i < config->devices_len; i++) {
+ nri_linux_device *device = (nri_linux_device *)util_common_calloc_s(sizeof(nri_linux_device));
+ if (device == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+
+ nri_linux_device_cgroup *deviceCgroup = (nri_linux_device_cgroup *)util_common_calloc_s(sizeof(
+ nri_linux_device_cgroup));
+ if (deviceCgroup == nullptr) {
+ ERROR("Out of memory");
+ free_nri_linux_device(device);
+ return -1;
+ }
+
+ if (ConvertHostConfigDevices(config->devices[i], *device, *deviceCgroup) != 0) {
+ ERROR("Failed to convert host config devices");
+ free_nri_linux_device(device);
+ free_nri_linux_device_cgroup(deviceCgroup);
+ return -1;
+ }
+
+ con.linux->devices[i] = device;
+ con.linux->resources->devices[i] = deviceCgroup;
+ con.linux->devices_len++;
+ con.linux->resources->devices_len++;
+ }
+
+ for (i = 0; i < config->nri_devices_len; i++) {
+ nri_linux_device *device = (nri_linux_device *)util_common_calloc_s(sizeof(nri_linux_device));
+ if (device == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+
+ device->file_mode = (uint32_t *)util_common_calloc_s(sizeof(uint32_t));
+ if (device->file_mode == nullptr) {
+ ERROR("Out of memory");
+ free_nri_linux_device(device);
+ return -1;
+ }
+ *(device->file_mode) = config->nri_devices[i]->file_mode;
+
+ device->path = util_strdup_s(config->nri_devices[i]->path);
+ device->type = util_strdup_s(config->nri_devices[i]->type);
+ device->major = config->nri_devices[i]->major;
+ device->minor = config->nri_devices[i]->minor;
+
+ device->uid = (uint32_t *)util_common_calloc_s(sizeof(uint32_t));
+ if (device->uid == nullptr) {
+ ERROR("Out of memory");
+ free_nri_linux_device(device);
+ return -1;
+ }
+ *(device->uid) = config->nri_devices[i]->uid;
+
+ device->gid = (uint32_t *)util_common_calloc_s(sizeof(uint32_t));
+ if (device->gid == nullptr) {
+ ERROR("Out of memory");
+ free_nri_linux_device(device);
+ return -1;
+ }
+ *(device->gid) = config->nri_devices[i]->gid;
+ con.linux->devices[i + config->devices_len] = device;
+ con.linux->devices_len++;
+ }
+
+ return 0;
+}
+
+static int ConvertCRIV1Devices(const ::runtime::v1::Device &dev_map, nri_linux_device &device,
+ nri_linux_device_cgroup &deviceCgroup)
+{
+ return ConvertDevice(dev_map.host_path().c_str(), dev_map.container_path().c_str(),
+ dev_map.permissions().c_str(), device, deviceCgroup);
+}
+
+static bool ConLinuxResourcesCpuToNRI(const host_config *config, nri_linux_cpu &cpu)
+{
+ cpu.shares = (uint64_t *)util_common_calloc_s(sizeof(uint64_t));
+ if (cpu.shares == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+ *(cpu.shares) = config->cpu_shares;
+
+ cpu.quota = (int64_t *)util_common_calloc_s(sizeof(int64_t));
+ if (cpu.quota == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+ *(cpu.quota) = config->cpu_quota;
+
+ cpu.period = (uint64_t *)util_common_calloc_s(sizeof(uint64_t));
+ if (cpu.period == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+ *(cpu.period) = config->cpu_period;
+
+ cpu.cpus = util_strdup_s(config->cpuset_cpus);
+ cpu.mems = util_strdup_s(config->cpuset_mems);
+
+ return true;
+}
+
+static bool ConLinuxResourcesMemoryToNRI(const host_config *config, nri_linux_memory &memory)
+{
+ memory.limit = (int64_t *)util_common_calloc_s(sizeof(int64_t));
+ if (memory.limit == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+ *(memory.limit) = config->memory;
+
+ memory.reservation = (int64_t *)util_common_calloc_s(sizeof(int64_t));
+ if (memory.reservation == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+
+ *(memory.reservation) = config->memory_reservation;
+
+ memory.swap = (int64_t *)util_common_calloc_s(sizeof(int64_t));
+ if (memory.swap == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+ *(memory.swap) = config->memory_swap;
+
+ memory.kernel = (int64_t *)util_common_calloc_s(sizeof(int64_t));
+ if (memory.kernel == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+ *(memory.kernel) = config->kernel_memory;
+
+ // isulad has not set kernel_tcp
+ memory.kernel_tcp = nullptr;
+
+ if (config->memory_swappiness != nullptr) {
+ memory.swappiness = (uint64_t *)util_common_calloc_s(sizeof(uint64_t));
+ if (memory.swappiness == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+ *(memory.swappiness) = *(config->memory_swappiness);
+ }
+
+ memory.disable_oom_killer = (uint8_t *)util_common_calloc_s(sizeof(uint8_t));
+ if (memory.disable_oom_killer == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+ *(memory.disable_oom_killer) = config->oom_kill_disable;
+
+ // isulad has not set use_hierarchy
+ memory.use_hierarchy = (uint8_t *)util_common_calloc_s(sizeof(uint8_t));
+ if (memory.use_hierarchy == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+ *(memory.use_hierarchy) = false;
+ return true;
+}
+
+auto ConLinuxResourcesToNRI(const host_config *config) -> nri_linux_resources *
+{
+ nri_linux_resources *resources = nullptr;
+ size_t i;
+
+ resources = init_nri_linux_resources();
+ if (resources == nullptr) {
+ ERROR("Failed to init nri linux resources");
+ return nullptr;
+ }
+
+ if (!ConLinuxResourcesCpuToNRI(config, *resources->cpu)) {
+ ERROR("Failed to transform cpu to nri");
+ goto error_out;
+ }
+
+ if (!ConLinuxResourcesMemoryToNRI(config, *resources->memory)) {
+ ERROR("Failed to transform memory to nri");
+ goto error_out;
+ }
+
+ resources->hugepage_limits = (nri_hugepage_limit **)util_smart_calloc_s(sizeof(nri_hugepage_limit *),
+ config->hugetlbs_len);
+ if (resources->hugepage_limits == nullptr) {
+ ERROR("Out of memory");
+ goto error_out;
+ }
+
+ for (i = 0; i < config->hugetlbs_len; i++) {
+ resources->hugepage_limits[i] = (nri_hugepage_limit *)util_common_calloc_s(sizeof(nri_hugepage_limit));
+ if (resources->hugepage_limits[i] == nullptr) {
+ ERROR("Out of memory");
+ goto error_out;
+ }
+ resources->hugepage_limits[i]->page_size = util_strdup_s(config->hugetlbs[i]->page_size);
+ resources->hugepage_limits[i]->limit = config->hugetlbs[i]->limit;
+ resources->hugepage_limits_len++;
+ }
+
+ // resources.blockio_class is not support
+ // resources.rdt_class is not support
+ // They are not standard fields in oci spec
+
+ if (dup_json_map_string_string(config->unified, resources->unified) != 0) {
+ ERROR("Failed to copy unified map");
+ goto error_out;
+ }
+
+ // resources.devices is set in ConLinuxDeviceToNRI
+
+ return resources;
+
+error_out:
+ free_nri_linux_resources(resources);
+ resources = nullptr;
+ return resources;
+}
+
+static bool ConLinuxToNRI(const char *id, const host_config *config, nri_container &con)
+{
+ con.linux = (nri_linux_container *)util_common_calloc_s(sizeof(nri_linux_container));
+ if (con.linux == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+
+ con.linux->resources = ConLinuxResourcesToNRI(config);
+ if (con.linux->resources == nullptr) {
+ ERROR("Failed to transform resources to nri for con : %s", id);
+ return false;
+ }
+
+ if (ConLinuxDeviceToNRI(config, con) != 0) {
+ ERROR("Failed to transform devices to nri for con : %s", id);
+ return false;
+ }
+
+ con.linux->oom_score_adj = (int64_t *)util_common_calloc_s(sizeof(int64_t));
+ if (con.linux->oom_score_adj == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+
+ *(con.linux->oom_score_adj) = config->oom_score_adj;
+
+ con.linux->cgroups_path = merge_container_cgroups_path(id, config);
+ if (con.linux->cgroups_path == NULL) {
+ WARN("nri container cgroups path is NULL");
+ }
+ return true;
+}
+
+static int ConConfigLinuxDeviceToNRI(const runtime::v1::ContainerConfig &containerConfig, nri_container &con)
+{
+ int i;
+ int conConfigDevicesSize = containerConfig.devices_size();
+
+ if (conConfigDevicesSize == 0) {
+ return 0;
+ }
+ con.linux->devices = (nri_linux_device **)util_smart_calloc_s(sizeof(nri_linux_device *), conConfigDevicesSize);
+ if (con.linux->devices == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+
+ if (con.linux->resources == nullptr) {
+ con.linux->resources = init_nri_linux_resources();
+ if (con.linux->resources == nullptr) {
+ ERROR("Failed to init nri linux resources");
+ return -1;
+ }
+ }
+
+ con.linux->resources->devices = (nri_linux_device_cgroup **)util_smart_calloc_s(sizeof(nri_linux_device_cgroup *),
+ conConfigDevicesSize);
+ if (con.linux->resources->devices == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+
+ for (i = 0; i < conConfigDevicesSize; i++) {
+ nri_linux_device *device = (nri_linux_device *)util_common_calloc_s(sizeof(nri_linux_device));
+ if (device == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+
+ nri_linux_device_cgroup *deviceCgroup = (nri_linux_device_cgroup *)util_common_calloc_s(sizeof(
+ nri_linux_device_cgroup));
+ if (deviceCgroup == nullptr) {
+ ERROR("Out of memory");
+ free_nri_linux_device(device);
+ return -1;
+ }
+
+ if (ConvertCRIV1Devices(containerConfig.devices(i), *device, *deviceCgroup) != 0) {
+ ERROR("Failed to convert CRI v1 devices");
+ free_nri_linux_device(device);
+ free_nri_linux_device_cgroup(deviceCgroup);
+ return -1;
+ }
+
+ con.linux->devices[i] = device;
+ con.linux->resources->devices[i] = deviceCgroup;
+ con.linux->devices_len++;
+ con.linux->resources->devices_len++;
+ }
+
+ return 0;
+}
+
+static bool ConConfigLinuxToNRI(const runtime::v1::ContainerConfig &containerConfig, nri_container &con)
+{
+ const char *name = containerConfig.metadata().name().c_str();
+ con.linux = (nri_linux_container *)util_common_calloc_s(sizeof(nri_linux_container));
+ if (con.linux == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+
+ if (containerConfig.has_linux() && containerConfig.linux().has_resources()) {
+ con.linux->resources = LinuxResourcesToNRI(containerConfig.linux().resources());
+ if (con.linux->resources == nullptr) {
+ ERROR("Failed to transform resources to nri for con : %s", name);
+ return false;
+ }
+
+ con.linux->oom_score_adj = (int64_t *)util_common_calloc_s(sizeof(int64_t));
+ if (con.linux->oom_score_adj == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+ *(con.linux->oom_score_adj) = containerConfig.linux().resources().oom_score_adj();
+ }
+
+ if (ConConfigLinuxDeviceToNRI(containerConfig, con) != 0) {
+ ERROR("Failed to convert devices to nri for con : %s", name);
+ return false;
+ }
+
+ // ContainerToNRIByConfig is called when CreateContainer, and cannot get pid at this time
+ con.linux->cgroups_path = NULL;
+ return true;
+}
+
// container info is incomplete because container in excution is not created
auto ContainerToNRIByConConfig(const runtime::v1::ContainerConfig &containerConfig, nri_container &con) -> bool
{
@@ -395,6 +855,9 @@ auto ContainerToNRIByConConfig(const runtime::v1::ContainerConfig &containerConf
Errors tmpError;
+ // ContainerToNRIByConfig is called when CreateConatiner, and the status is 0(CONTAINER_UNKNOWN) at this time
+ con.state = 0;
+
con.labels = Transform::ProtobufMapToJsonMapForString(containerConfig.labels(), tmpError);
if (con.labels == nullptr) {
ERROR("Failed to transform labels to nri for con : %s, : %s", con.name, tmpError.GetMessage().c_str());
@@ -426,9 +889,18 @@ auto ContainerToNRIByConConfig(const runtime::v1::ContainerConfig &containerConf
ERROR("Failed to transform mounts to nri for con : %s", con.name);
return false;
}
- return true;
- // todo: can not get container hooks and pid from containerConfig
+ if (!ConConfigLinuxToNRI(containerConfig, con)) {
+ ERROR("Failed to convert conatiner linux info to nri for con : %s", con.name);
+ return false;
+ }
+
+ // todo: CRI module can not get container hooks from containerConfig
+ // ContainerToNRIByConfig is called when CreateConatiner, and cannot get pid at this time
+
+ // rlimit not support in containerd
+
+ return true;
}
// container info is incomplete because container in excution is not created
@@ -486,6 +958,11 @@ auto ContainerToNRIByID(const std::string &id, nri_container &con) -> bool
goto out;
}
+ if (!ConLinuxToNRI(cont->common_config->id, cont->hostconfig, con)) {
+ ERROR("Failed to transform conatiner linux info to nri for con : %s", con.name);
+ goto out;
+ }
+
// todo: can convert hostconfig's hook_spec to nri spec
con.pid = container_state_get_pid(cont->state);
@@ -644,6 +1121,7 @@ auto ContainersToNRI(std::vector<std::unique_ptr<runtime::v1::Container>> &conta
}
if (!ContainerToNRIByID(containers[i].get()->id(), *con)) {
ERROR("Failed to transform container to nri for container : %s", containers[i]->metadata().name().c_str());
+ free_nri_container(con);
return false;
}
cons.push_back(con);
--
2.34.1

1600
0151-sandbox-sandbox-api-update.patch Normal file
View File

File diff suppressed because it is too large Load Diff

48
0152-add-omitted-macro-definition.patch Normal file
View File

@ -0,0 +1,48 @@
From 9aadae1a71243bab41f5bf43c60f8f1b72806d54 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Fri, 22 Nov 2024 02:40:13 +1400
Subject: [PATCH 152/156] add omitted macro definition
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/modules/api/runtime_api.h | 2 ++
src/daemon/modules/service/service_container.c | 2 ++
2 files changed, 4 insertions(+)
diff --git a/src/daemon/modules/api/runtime_api.h b/src/daemon/modules/api/runtime_api.h
index 930710ca..1f23efe3 100644
--- a/src/daemon/modules/api/runtime_api.h
+++ b/src/daemon/modules/api/runtime_api.h
@@ -84,7 +84,9 @@ typedef struct _rt_create_params_t {
bool tty;
bool open_stdin;
const char *task_addr;
+#ifdef ENABLE_NO_PIVOT_ROOT
bool no_pivot_root;
+#endif
} rt_create_params_t;
typedef struct _rt_start_params_t {
diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
index 754c28ac..8e80e936 100644
--- a/src/daemon/modules/service/service_container.c
+++ b/src/daemon/modules/service/service_container.c
@@ -743,6 +743,7 @@ static int do_oci_spec_update(const char *id, oci_runtime_spec *oci_spec, contai
return 0;
}
+#ifdef ENABLE_NO_PIVOT_ROOT
static bool pack_no_pivot_root(const container_t *cont)
{
size_t i = 0;
@@ -759,6 +760,7 @@ static bool pack_no_pivot_root(const container_t *cont)
}
return ret;
}
+#endif
static int do_start_container(container_t *cont, const char *console_fifos[], bool reset_rm, pid_ppid_info_t *pid_info)
{
--
2.34.1

4272
0153-sandbox-sandbox-api-adapt-rust-interface.patch Normal file
View File

File diff suppressed because it is too large Load Diff

25
0154-add-linux-capability.h-head-file.patch Normal file
View File

@ -0,0 +1,25 @@
From 94cf20fe53c0a42f703dd6a0122c619c0ee06715 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sat, 23 Nov 2024 03:45:22 +1400
Subject: [PATCH 154/156] add linux/capability.h head file
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/utils/cutils/utils_cap.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/utils/cutils/utils_cap.h b/src/utils/cutils/utils_cap.h
index c7e78ac2..e741b565 100644
--- a/src/utils/cutils/utils_cap.h
+++ b/src/utils/cutils/utils_cap.h
@@ -18,6 +18,7 @@
#include <stdbool.h>
#include <stddef.h>
+#include <linux/capability.h>
#ifdef __cplusplus
extern "C" {
--
2.34.1

34
0155-sandbox-fix-unused-variables.patch Normal file
View File

@ -0,0 +1,34 @@
From baa25031fcf68443bc1262bebec69a54fed38d88 Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Mon, 25 Nov 2024 15:18:13 +0800
Subject: [PATCH 155/156] sandbox:fix unused variables
Signed-off-by: liuxu <liuxu156@huawei.com>
---
.../sandboxer/controller/client/grpc_sandboxer_client.cc | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/daemon/sandbox/sandboxer/controller/client/grpc_sandboxer_client.cc b/src/daemon/sandbox/sandboxer/controller/client/grpc_sandboxer_client.cc
index d7ff76d7..5b7f3c1c 100644
--- a/src/daemon/sandbox/sandboxer/controller/client/grpc_sandboxer_client.cc
+++ b/src/daemon/sandbox/sandboxer/controller/client/grpc_sandboxer_client.cc
@@ -92,7 +92,6 @@ auto SandboxerClient::InitCreateRequest(sandbox_create_request &request,
(void)memcpy(request.options->value, encoded.c_str(), encoded.size());
request.options->value_len = encoded.size();
request.netns_path = util_strdup_s(params.netNSPath.c_str());
- sandbox_mount **mounts = NULL;
size_t mounts_len = params.mounts.size();
if (mounts_len > 0) {
request.rootfs = (sandbox_mount**)util_common_calloc_s(mounts_len * sizeof(sandbox_mount *));
@@ -112,7 +111,7 @@ auto SandboxerClient::InitCreateRequest(sandbox_create_request &request,
free(m);
return false;
}
- mounts[request.rootfs_len++] = m;
+ request.rootfs[request.rootfs_len++] = m;
m = NULL;
}
}
--
2.34.1

3021
0156-sandbox-sandbox-api-adapt-rust-interface-UT.patch Normal file
View File

File diff suppressed because it is too large Load Diff

27
iSulad.spec
View File

@ -1,5 +1,5 @@
%global _version 2.1.5
%global _release 13
%global _release 14
%global is_systemd 1
%global enable_criv1 1
%global enable_cdi 1
@ -9,6 +9,7 @@
%ifarch x86_64 aarch64
%global enable_nri 0
%global enable_sandboxer 0
%endif
Name: iSulad
@ -161,6 +162,21 @@ Patch0138: 0138-bugfix-for-log-in-make_safedir_is_noexec.patch
Patch0139: 0139-containers-in-paused-state-are-not-allowed-to-start.patch
Patch0140: 0140-remove-meaningless-code.patch
Patch0141: 0141-fix-unqualified-call-to-std-move.patch
Patch0142: 0142-pull-failure-shows-error-reason.patch
Patch0143: 0143-move-CGROUP2_SUPER_MAGIC-define-to-cgroup.c.patch
Patch0144: 0144-update-centos-build-script.patch
Patch0145: 0145-cni-change-error-info.patch
Patch0146: 0146-bugfix-for-sem_wait-call-when-errno-is-EINTR.patch
Patch0147: 0147-add-no-pivot-root-support.patch
Patch0148: 0148-fix-issues-Isula-ps-cannot-display-port-mapping.patch
Patch0149: 0149-move-nri-call-in-stop-and-remove-con.patch
Patch0150: 0150-add-missing-con-linux-info-for-nri-module.patch
Patch0151: 0151-sandbox-sandbox-api-update.patch
Patch0152: 0152-add-omitted-macro-definition.patch
Patch0153: 0153-sandbox-sandbox-api-adapt-rust-interface.patch
Patch0154: 0154-add-linux-capability.h-head-file.patch
Patch0155: 0155-sandbox-fix-unused-variables.patch
Patch0156: 0156-sandbox-sandbox-api-adapt-rust-interface-UT.patch
%ifarch x86_64 aarch64
Provides: libhttpclient.so()(64bit)
@ -243,6 +259,9 @@ cd build
%if 0%{?enable_nri}
-DENABLE_NRI=ON \
%endif
%if 0%{?enable_sandboxer}
-DENABLE_SANDBOXER=ON \
%endif
%endif
%if 0%{?enable_shimv2}
-DENABLE_SHIM_V2=ON \
@ -425,6 +444,12 @@ fi
%endif
%changelog
* Mon Nov 25 2024 liuxu <liuxu156@huawei.com> - 2.1.5-14
- Type: update
- ID: NA
- SUG: NA
- DESC: upgrade from upstream
* Thu Nov 21 2024 zhongtao <zhongtao17@huawei.com> - 2.1.5-13
- Type: bugfix
- ID: NA