packages/iSulad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

iSulad: adapt kata based on next_openeuler

Browse Source 
Change-Id: Ia37071fce115de96e5e139369011451457caf714
Signed-off-by: LiFeng <lifeng68@huawei.com>
This commit is contained in:
LiFeng 2020-01-19 00:06:40 -05:00 committed by WangFengTu
parent 1aa264fde3
commit 5bd893e34e
68 changed files with 2409 additions and 2416 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmake/options.cmake
View File

@ -33,7 +33,7 @@ endif()
option(VERSION "set isulad version" ON) option(VERSION "set isulad version" ON)
if (VERSION STREQUAL "ON") if (VERSION STREQUAL "ON")
set(ISULAD_VERSION "1.1.9") set(ISULAD_VERSION "1.1.11")
endif() endif()
option(DEBUG "set isulad gcc option" ON) option(DEBUG "set isulad gcc option" ON)

4
iSulad.spec
View File

@ -1,5 +1,5 @@
%global _version 1.1.9 %global _version 1.1.11
%global _release 20200206.104209.gitd282adb9 %global _release 20200204.221506.git50cfadfa
%global is_systemd 1 %global is_systemd 1
%global debug_package %{nil} %global debug_package %{nil}

1
src/constants.h
View File

@ -53,6 +53,7 @@
#define DEFAULT_CA_FILE "ca.pem" #define DEFAULT_CA_FILE "ca.pem"
#define DEFAULT_KEY_FILE "key.pem" #define DEFAULT_KEY_FILE "key.pem"
#define DEFAULT_CERT_FILE "cert.pem" #define DEFAULT_CERT_FILE "cert.pem"
#define OCI_CONFIG_JSON "config.json"
#define LOG_MAX_RETRIES 10 #define LOG_MAX_RETRIES 10

57
src/cutils/utils_file.c
View File

@ -877,3 +877,60 @@ char *verify_file_and_get_real_path(const char *file)
return util_strdup_s(resolved_path); return util_strdup_s(resolved_path);
} }
int util_copy_file(const char *src_file, const char *dst_file)
{
#define BUFSIZE 4096
int ret = 0;
char *nret = NULL;
char real_src_file[PATH_MAX + 1] = { 0 };
int src_fd = -1;
int dst_fd = -1;
char buf[BUFSIZE + 1] = { 0 };
if (src_file == NULL || dst_file == NULL) {
return ret;
}
nret = realpath(src_file, real_src_file);
if (nret == NULL) {
ERROR("real path: %s, return: %s", src_file, strerror(errno));
ret = -1;
return ret;
}
src_fd = util_open(real_src_file, O_RDONLY, CONFIG_FILE_MODE);
if (src_fd < 0) {
ERROR("Open src file: %s, failed: %s", real_src_file, strerror(errno));
ret = -1;
goto free_out;
}
dst_fd = util_open(dst_file, O_WRONLY | O_CREAT | O_TRUNC, DEFAULT_SECURE_FILE_MODE);
if (dst_fd < 0) {
ERROR("Creat file: %s, failed: %s", dst_file, strerror(errno));
ret = -1;
goto free_out;
}
while (true) {
ssize_t len = util_read_nointr(src_fd, buf, BUFSIZE);
if (len < 0) {
ERROR("Read src file failed: %s", strerror(errno));
ret = -1;
goto free_out;
} else if (len == 0) {
break;
}
if (util_write_nointr(dst_fd, buf, (size_t)len) != len) {
ERROR("Write file failed: %s", strerror(errno));
ret = -1;
goto free_out;
}
}
free_out:
if (src_fd >= 0) {
close(src_fd);
}
if (dst_fd >= 0) {
close(dst_fd);
}
return ret;
}

2
src/cutils/utils_file.h
View File

@ -71,6 +71,8 @@ int util_write_file(const char *fname, const char *content, size_t content_len);
char *verify_file_and_get_real_path(const char *file); char *verify_file_and_get_real_path(const char *file);
int util_copy_file(const char *src_file, const char *dst_file);
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif

7
src/engines/engine.h
View File

@ -103,11 +103,6 @@ typedef struct _engine_start_request_t {
uint32_t start_timeout; uint32_t start_timeout;
const char *container_pidfile; const char *container_pidfile;
const char *exit_fifo; const char *exit_fifo;
uid_t uid;
gid_t gid;
gid_t *additional_gids;
size_t additional_gids_len;
} engine_start_request_t; } engine_start_request_t;
typedef struct _engine_exec_request_t { typedef struct _engine_exec_request_t {
@ -132,7 +127,7 @@ typedef struct _engine_exec_request_t {
} engine_exec_request_t; } engine_exec_request_t;
typedef bool (*engine_create_t)(const char *, const char *, const char *, void *); typedef bool (*engine_create_t)(const char *, const char *, void *);
typedef bool (*engine_start_t)(const engine_start_request_t *request); typedef bool (*engine_start_t)(const engine_start_request_t *request);

9
src/http/http.c
View File

@ -351,6 +351,7 @@ int authz_http_request(const char *username, const char *action, char **resp)
char err_msg[AUTHZ_ERROR_MSG_SIZE] = { 0 }; char err_msg[AUTHZ_ERROR_MSG_SIZE] = { 0 };
long response_code = 0; long response_code = 0;
int ret = 0; int ret = 0;
int nret = 0;
size_t length = 0; size_t length = 0;
struct http_get_options *options = NULL; struct http_get_options *options = NULL;
if (strlen(username) > ((SIZE_MAX - strlen(action)) - strlen(":")) - 1) { if (strlen(username) > ((SIZE_MAX - strlen(action)) - strlen(":")) - 1) {
@ -364,7 +365,7 @@ int authz_http_request(const char *username, const char *action, char **resp)
*resp = util_strdup_s("Inernal server error: Out of memory"); *resp = util_strdup_s("Inernal server error: Out of memory");
return -1; return -1;
} }
int nret = snprintf(request_body, length, "%s:%s", username, action); nret = snprintf(request_body, length, "%s:%s", username, action);
if (nret < 0 || (size_t)nret >= length) { if (nret < 0 || (size_t)nret >= length) {
ERROR("Failed to print string"); ERROR("Failed to print string");
free(request_body); free(request_body);
@ -392,14 +393,14 @@ int authz_http_request(const char *username, const char *action, char **resp)
goto out; goto out;
} }
if (response_code != StatusOK) { if (response_code != StatusOK) {
ret = snprintf(err_msg, sizeof(err_msg), "action '%s' for user '%s': permission denied", action, username); ret = -1;
if (ret < 0 || (size_t)ret >= sizeof(err_msg)) { nret = snprintf(err_msg, sizeof(err_msg), "action '%s' for user '%s': permission denied", action, username);
if (nret < 0 || (size_t)nret >= sizeof(err_msg)) {
ERROR("Out of memory"); ERROR("Out of memory");
*resp = util_strdup_s("Inernal server error: Out of memory"); *resp = util_strdup_s("Inernal server error: Out of memory");
goto out; goto out;
} }
*resp = util_strdup_s(err_msg); *resp = util_strdup_s(err_msg);
ret = -1;
goto out; goto out;
} }

238
src/image/embedded/embedded_config_merge.c
View File

@ -30,98 +30,113 @@
#include "mediatype.h" #include "mediatype.h"
#include "embedded_config_merge.h" #include "embedded_config_merge.h"
int merge_env_config(oci_runtime_spec *oci_spec, static int embedded_merge_entrypoint(embedded_config *config, container_config *container_spec)
embedded_manifest **manifest)
{ {
if ((*manifest)->config->env && (*manifest)->config->env_len != 0) { if (config->entrypoint && container_spec->entrypoint_len == 0) {
int ret = merge_env(oci_spec, (const char **)(*manifest)->config->env, (*manifest)->config->env_len);
if (ret != 0) {
ERROR("Failed to merge environment variables");
return -1;
}
}
return 0;
}
int replace_cmds_config(container_custom_config *custom_spec,
embedded_manifest **manifest)
{
embedded_config *config = (*manifest)->config;
if (config->entrypoint && custom_spec->entrypoint_len == 0) {
int ret = dup_array_of_strings((const char **)config->entrypoint, config->entrypoint_len, int ret = dup_array_of_strings((const char **)config->entrypoint, config->entrypoint_len,
&(custom_spec->entrypoint), &(custom_spec->entrypoint_len)); &(container_spec->entrypoint), &(container_spec->entrypoint_len));
if (ret != 0) { if (ret != 0) {
ERROR("Failed to duplicate entrypoint from manifest"); ERROR("Failed to duplicate entrypoint from manifest");
return -1; return -1;
} }
custom_spec->entrypoint_len = (*manifest)->config->entrypoint_len; container_spec->entrypoint_len = config->entrypoint_len;
} }
return 0; return 0;
} }
int merge_config(oci_runtime_spec *oci_spec, static int embedded_merge_env(const embedded_config *config, container_config *container_spec)
container_custom_config *custom_spec,
const char *image_config,
embedded_manifest **manifest)
{ {
if ((*manifest)->config != NULL) { int ret = 0;
if ((*manifest)->config->workdir != NULL) { size_t new_size = 0;
free(oci_spec->process->cwd); size_t old_size = 0;
oci_spec->process->cwd = util_strdup_s((*manifest)->config->workdir); size_t i = 0;
size_t j = 0;
char **temp = NULL;
char **im_kv = NULL;
char **custom_kv = NULL;
if (config->env == NULL || config->env_len == 0) {
return 0;
}
if (config->env_len > LIST_ENV_SIZE_MAX - container_spec->env_len) {
ERROR("The length of envionment variables is too long, the limit is %d", LIST_ENV_SIZE_MAX);
isulad_set_error_message("The length of envionment variables is too long, the limit is %d", LIST_ENV_SIZE_MAX);
ret = -1;
goto out;
}
new_size = (container_spec->env_len + config->env_len) * sizeof(char *);
old_size = container_spec->env_len * sizeof(char *);
ret = mem_realloc((void **)&temp, new_size, container_spec->env, old_size);
if (ret != 0) {
ERROR("Failed to realloc memory for envionment variables");
ret = -1;
goto out;
}
container_spec->env = temp;
for (i = 0; i < config->env_len; i++) {
bool found = false;
im_kv = util_string_split(config->env[i], '=');
if (im_kv == NULL) {
continue;
} }
if (merge_env_config(oci_spec, manifest) != 0) { for (j = 0; j < container_spec->env_len; j++) {
custom_kv = util_string_split(container_spec->env[i], '=');
if (custom_kv == NULL) {
continue;
}
if (strcmp(im_kv[0], custom_kv[0]) == 0) {
found = true;
}
util_free_array(custom_kv);
custom_kv = NULL;
if (found) {
break;
}
}
if (!found) {
container_spec->env[container_spec->env_len] = util_strdup_s(config->env[i]);
container_spec->env_len++;
}
util_free_array(im_kv);
im_kv = NULL;
}
out:
return ret;
}
static int merge_embedded_config(const embedded_manifest *manifest, container_config *container_spec)
{
if (manifest->config != NULL) {
if (manifest->config->workdir != NULL) {
free(container_spec->working_dir);
container_spec->working_dir = util_strdup_s(manifest->config->workdir);
}
if (embedded_merge_env(manifest->config, container_spec) != 0) {
return -1; return -1;
} }
return replace_cmds_config(custom_spec, manifest); return embedded_merge_entrypoint(manifest->config, container_spec);
} }
return 0; return 0;
} }
int pre_deal_config(oci_runtime_spec *oci_spec, static int gen_abs_path(const embedded_manifest *manifest, char **abs_path, char *config_path, char *real_path, int i)
container_custom_config *custom_spec,
const char *image_config,
embedded_manifest **manifest,
char **config_path,
char **err)
{
bool param_error = (oci_spec == NULL || image_config == NULL);
if (param_error) {
ERROR("invalid NULL param");
return -1;
}
*manifest = embedded_manifest_parse_data(image_config, 0, err);
if (*manifest == NULL) {
ERROR("parse manifest failed: %s", *err);
return -1;
}
if (merge_config(oci_spec, custom_spec, image_config, manifest) != 0) {
return -1;
}
int ret = lim_query_image_data((*manifest)->image_name, IMAGE_DATA_TYPE_CONFIG_PATH, config_path, NULL);
if (ret != 0) {
ERROR("query config path for image %s failed", (*manifest)->image_name);
return -1;
}
return 0;
}
int gen_abs_path(embedded_manifest **manifest, char **abs_path, char *config_path, char *real_path, int i)
{ {
/* change source to absolute path */ /* change source to absolute path */
if ((*manifest)->layers[i]->path_in_host[0] == '/') { if (manifest->layers[i]->path_in_host[0] == '/') {
(*abs_path) = util_strdup_s((*manifest)->layers[i]->path_in_host); (*abs_path) = util_strdup_s(manifest->layers[i]->path_in_host);
} else { } else {
(*abs_path) = util_add_path(config_path, (*manifest)->layers[i]->path_in_host); (*abs_path) = util_add_path(config_path, manifest->layers[i]->path_in_host);
} }
if ((*abs_path) == NULL) { if ((*abs_path) == NULL) {
ERROR("add path %s and %s failed", config_path, ERROR("add path %s and %s failed", config_path,
(*manifest)->layers[i]->path_in_host); manifest->layers[i]->path_in_host);
return -1; return -1;
} }
@ -132,7 +147,7 @@ int gen_abs_path(embedded_manifest **manifest, char **abs_path, char *config_pat
return 0; return 0;
} }
int gen_one_mount(embedded_manifest *manifest, char *mount, char *real_path, int i) static int gen_one_mount(const embedded_manifest *manifest, char *mount, char *real_path, int i)
{ {
int nret = 0; int nret = 0;
if (manifest->layers[i]->media_type == NULL) { if (manifest->layers[i]->media_type == NULL) {
@ -148,27 +163,62 @@ int gen_one_mount(embedded_manifest *manifest, char *mount, char *real_path, int
"type=bind,ro=true,bind-propagation=rprivate,src=%s,dst=%s", "type=bind,ro=true,bind-propagation=rprivate,src=%s,dst=%s",
real_path, manifest->layers[i]->path_in_container); real_path, manifest->layers[i]->path_in_container);
} }
if (nret < 0 || (size_t)nret >= (PATH_MAX * 3)) { if (nret < 0 || nret >= (PATH_MAX * 3)) {
ERROR("print string for mounts failed"); ERROR("print string for mounts failed");
return -1; return -1;
} }
return 0; return 0;
} }
int embedded_image_merge_config(oci_runtime_spec *oci_spec, static int embedded_append_mounts(char **volumes, size_t volumes_len, container_config *container_spec)
container_custom_config *custom_spec, {
const char *image_config) int ret = 0;
size_t i = 0;
size_t new_size = 0;
size_t old_size = 0;
char **temp = NULL;
if (volumes == NULL || volumes_len == 0) {
return 0;
}
if (volumes_len > LIST_ENV_SIZE_MAX - container_spec->mounts_len) {
ERROR("The length of mounts is too long, the limit is %d", LIST_ENV_SIZE_MAX);
isulad_set_error_message("The length of mounts is too long, the limit is %d", LIST_ENV_SIZE_MAX);
ret = -1;
goto out;
}
new_size = (container_spec->mounts_len + volumes_len) * sizeof(char *);
old_size = container_spec->mounts_len * sizeof(char *);
ret = mem_realloc((void **)&temp, new_size, container_spec->mounts, old_size);
if (ret != 0) {
ERROR("Failed to realloc memory for mounts");
ret = -1;
goto out;
}
container_spec->mounts = temp;
for (i = 0; i < volumes_len; i++) {
container_spec->mounts[container_spec->mounts_len] = util_strdup_s(volumes[i]);
container_spec->mounts_len++;
}
out:
return ret;
}
static int embedded_merge_mounts(const embedded_manifest *manifest, container_config *container_spec)
{ {
int ret = 0; int ret = 0;
char *err = NULL;
embedded_manifest *manifest = NULL;
int i = 0; int i = 0;
char **mounts = NULL;
size_t cap = 0;
char *config_path = NULL; char *config_path = NULL;
char *abs_path = NULL; char *abs_path = NULL;
size_t cap = 0;
char **mounts = NULL;
if (pre_deal_config(oci_spec, custom_spec, image_config, &manifest, &config_path, &err) != 0) { ret = lim_query_image_data(manifest->image_name, IMAGE_DATA_TYPE_CONFIG_PATH, &config_path, NULL);
if (ret != 0) {
ERROR("query config path for image %s failed", manifest->image_name);
ret = -1; ret = -1;
goto out; goto out;
} }
@ -192,7 +242,7 @@ int embedded_image_merge_config(oci_runtime_spec *oci_spec,
goto out; goto out;
} }
if (gen_abs_path(&manifest, &abs_path, config_path, real_path, i) != 0) { if (gen_abs_path(manifest, &abs_path, config_path, real_path, i) != 0) {
ret = -1; ret = -1;
goto out; goto out;
} }
@ -204,19 +254,47 @@ int embedded_image_merge_config(oci_runtime_spec *oci_spec,
} }
} }
ret = merge_volumes(oci_spec, mounts, util_array_len((const char **)mounts), NULL, parse_mount); ret = embedded_append_mounts(mounts, util_array_len((const char **)mounts), container_spec);
if (ret) { if (ret) {
ERROR("Failed to merge layer into mounts"); ERROR("Failed to merge layer into mounts");
goto out; goto out;
} }
out: out:
free(err);
util_free_array(mounts); util_free_array(mounts);
free_embedded_manifest(manifest);
free(abs_path); free(abs_path);
UTIL_FREE_AND_SET_NULL(config_path); UTIL_FREE_AND_SET_NULL(config_path);
return ret; return ret;
} }
int embedded_image_merge_config(const char *image_config, container_config *container_spec)
{
int ret = 0;
char *err = NULL;
embedded_manifest *manifest = NULL;
manifest = embedded_manifest_parse_data(image_config, 0, &err);
if (manifest == NULL) {
ERROR("parse manifest failed: %s", err);
ret = -1;
goto out;
}
if (merge_embedded_config(manifest, container_spec) != 0) {
ret = -1;
goto out;
}
ret = embedded_merge_mounts(manifest, container_spec);
if (ret != 0) {
ERROR("query config path for image %s failed", manifest->image_name);
ret = -1;
goto out;
}
out:
free(err);
free_embedded_manifest(manifest);
return ret;
}

4
src/image/embedded/embedded_config_merge.h
View File

@ -21,9 +21,7 @@
extern "C" { extern "C" {
#endif #endif
int embedded_image_merge_config(oci_runtime_spec *oci_spec, int embedded_image_merge_config(const char *image_config, container_config *container_spec);
container_custom_config *custom_spec,
const char *image_config);
#ifdef __cplusplus #ifdef __cplusplus
} }

27
src/image/embedded/embedded_image.c
View File

@ -94,15 +94,13 @@ int embedded_delete_rf(const im_delete_request *request)
return 0; return 0;
} }
static int do_merge_embedded_image_conf(oci_runtime_spec *oci_spec, static int do_merge_embedded_image_conf(const char *image_name, container_config *container_spec)
container_custom_config *custom_spec,
const char *image_name)
{ {
int ret = 0; int ret = 0;
char *image_config = NULL; char *image_config = NULL;
char *image_type = NULL; char *image_type = NULL;
if (oci_spec == NULL || image_name == NULL) { if (container_spec == NULL || image_name == NULL) {
ERROR("invalid NULL param"); ERROR("invalid NULL param");
return -1; return -1;
} }
@ -114,7 +112,7 @@ static int do_merge_embedded_image_conf(oci_runtime_spec *oci_spec,
} }
if (strcmp(image_type, IMAGE_TYPE_EMBEDDED) == 0) { if (strcmp(image_type, IMAGE_TYPE_EMBEDDED) == 0) {
ret = embedded_image_merge_config(oci_spec, custom_spec, image_config); ret = embedded_image_merge_config(image_config, container_spec);
if (ret != 0) { if (ret != 0) {
goto out; goto out;
} }
@ -132,7 +130,7 @@ out:
} }
int embedded_merge_conf(oci_runtime_spec *oci_spec, const host_config *host_spec, container_custom_config *custom_spec, int embedded_merge_conf(const host_config *host_spec, container_config *container_spec,
const im_prepare_request *request, char **real_rootfs) const im_prepare_request *request, char **real_rootfs)
{ {
int ret = 0; int ret = 0;
@ -149,13 +147,7 @@ int embedded_merge_conf(oci_runtime_spec *oci_spec, const host_config *host_spec
return nret; return nret;
} }
if (merge_user("/", oci_spec, host_spec, custom_spec->user)) { nret = do_merge_embedded_image_conf(request->image_name, container_spec);
ERROR("Failed to merge user: %s", custom_spec->user);
ret = -1;
goto umount;
}
nret = do_merge_embedded_image_conf(oci_spec, custom_spec, request->image_name);
if (nret != 0) { if (nret != 0) {
ret = nret; ret = nret;
goto umount; goto umount;
@ -171,10 +163,13 @@ umount:
return ret; return ret;
} }
int embedded_get_user_conf(const char *basefs, host_config *hc, const char *userstr, int embedded_get_user_conf(const char *basefs, host_config *hc, const char *userstr, defs_process_user *puser)
oci_runtime_spec_process_user *puser)
{ {
return 0; if (puser == NULL) {
ERROR("Empty basefs or puser");
return -1;
}
return get_user("/", hc, userstr, puser);;
} }
static int embedded_images_to_imagetool_images(struct db_all_images *all_images, static int embedded_images_to_imagetool_images(struct db_all_images *all_images,

5
src/image/embedded/embedded_image.h
View File

@ -32,11 +32,10 @@ int embedded_delete_rf(const im_delete_request *request);
char *embedded_resolve_image_name(const char *image_name); char *embedded_resolve_image_name(const char *image_name);
int embedded_merge_conf(oci_runtime_spec *oci_spec, const host_config *host_spec, container_custom_config *custom_spec, int embedded_merge_conf(const host_config *host_spec, container_config *container_spec,
const im_prepare_request *request, char **real_rootfs); const im_prepare_request *request, char **real_rootfs);
int embedded_get_user_conf(const char *basefs, host_config *hc, const char *userstr, int embedded_get_user_conf(const char *basefs, host_config *hc, const char *userstr, defs_process_user *puser);
oci_runtime_spec_process_user *puser);
int embedded_list_images(const im_list_request *request, imagetool_images_list **list); int embedded_list_images(const im_list_request *request, imagetool_images_list **list);

6
src/image/external/ext_image.c vendored
View File

@ -101,7 +101,7 @@ char *ext_resolve_image_name(const char *image_name)
return util_strdup_s(image_name); return util_strdup_s(image_name);
} }
int ext_merge_conf(oci_runtime_spec *oci_spec, const host_config *host_spec, container_custom_config *custom_spec, int ext_merge_conf(const host_config *host_spec, container_config *container_spec,
const im_prepare_request *request, char **real_rootfs) const im_prepare_request *request, char **real_rootfs)
#ifdef ENABLE_OCI_IMAGE #ifdef ENABLE_OCI_IMAGE
{ {
@ -148,7 +148,7 @@ int ext_merge_conf(oci_runtime_spec *oci_spec, const host_config *host_spec, con
goto out; goto out;
} }
ret = oci_image_merge_config(image_info->info, oci_spec, custom_spec); ret = oci_image_merge_config(image_info->info, container_spec);
out: out:
free(resolved_name); free(resolved_name);
@ -181,7 +181,7 @@ out:
} }
#endif #endif
int ext_get_user_conf(const char *basefs, host_config *hc, const char *userstr, oci_runtime_spec_process_user *puser) int ext_get_user_conf(const char *basefs, host_config *hc, const char *userstr, defs_process_user *puser)
{ {
if (basefs == NULL || puser == NULL) { if (basefs == NULL || puser == NULL) {
ERROR("Empty basefs or puser"); ERROR("Empty basefs or puser");

4
src/image/external/ext_image.h vendored
View File

@ -27,9 +27,9 @@ int ext_umount_rf(const im_umount_request *request);
int ext_delete_rf(const im_delete_request *request); int ext_delete_rf(const im_delete_request *request);
char *ext_resolve_image_name(const char *image_name); char *ext_resolve_image_name(const char *image_name);
int ext_merge_conf(oci_runtime_spec *oci_spec, const host_config *host_spec, container_custom_config *custom_spec, int ext_merge_conf(const host_config *host_spec, container_config *container_spec,
const im_prepare_request *request, char **real_rootfs); const im_prepare_request *request, char **real_rootfs);
int ext_get_user_conf(const char *basefs, host_config *hc, const char *userstr, oci_runtime_spec_process_user *puser); int ext_get_user_conf(const char *basefs, host_config *hc, const char *userstr, defs_process_user *puser);
int ext_list_images(const im_list_request *request, imagetool_images_list **list); int ext_list_images(const im_list_request *request, imagetool_images_list **list);
int ext_remove_image(const im_remove_request *request); int ext_remove_image(const im_remove_request *request);
int ext_inspect_image(const im_inspect_request *request, char **inspected_json); int ext_inspect_image(const im_inspect_request *request, char **inspected_json);

10
src/image/image.c
View File

@ -662,15 +662,15 @@ bool im_config_image_exist(const char *image_name)
} }
int im_merge_image_config(const char *id, const char *image_type, const char *image_name, int im_merge_image_config(const char *id, const char *image_type, const char *image_name,
const char *ext_config_image, oci_runtime_spec *oci_spec, const char *ext_config_image,
host_config *host_spec, container_custom_config *custom_spec, host_config *host_spec, container_config *container_spec,
char **real_rootfs) char **real_rootfs)
{ {
int ret = 0; int ret = 0;
struct bim *bim = NULL; struct bim *bim = NULL;
im_prepare_request *request = NULL; im_prepare_request *request = NULL;
if (real_rootfs == NULL || oci_spec == NULL || image_type == NULL) { if (real_rootfs == NULL || image_type == NULL) {
ERROR("Invalid input arguments"); ERROR("Invalid input arguments");
ret = -1; ret = -1;
goto out; goto out;
@ -702,7 +702,7 @@ int im_merge_image_config(const char *id, const char *image_type, const char *im
EVENT("Event: {Object: %s, Type: preparing rootfs with image %s}", id, image_name); EVENT("Event: {Object: %s, Type: preparing rootfs with image %s}", id, image_name);
ret = bim->ops->merge_conf(oci_spec, host_spec, custom_spec, request, real_rootfs); ret = bim->ops->merge_conf(host_spec, container_spec, request, real_rootfs);
request->storage_opt = NULL; request->storage_opt = NULL;
if (ret != 0) { if (ret != 0) {
ERROR("Failed to merge image %s config, config image is %s", image_name, ext_config_image); ERROR("Failed to merge image %s config, config image is %s", image_name, ext_config_image);
@ -720,7 +720,7 @@ out:
} }
int im_get_user_conf(const char *image_type, const char *basefs, host_config *hc, const char *userstr, int im_get_user_conf(const char *image_type, const char *basefs, host_config *hc, const char *userstr,
oci_runtime_spec_process_user *puser) defs_process_user *puser)
{ {
int ret = 0; int ret = 0;
struct bim *bim = NULL; struct bim *bim = NULL;

13
src/image/image.h
View File

@ -21,8 +21,8 @@
#include "oci_image_index.h" #include "oci_image_index.h"
#include "oci_image_spec.h" #include "oci_image_spec.h"
#include "oci_runtime_spec.h" #include "oci_runtime_spec.h"
#include "container_custom_config.h"
#include "host_config.h" #include "host_config.h"
#include "container_config.h"
#include "libisulad.h" #include "libisulad.h"
#ifdef ENABLE_OCI_IMAGE #ifdef ENABLE_OCI_IMAGE
@ -212,12 +212,12 @@ struct bim_ops {
char *(*resolve_image_name)(const char *image_name); char *(*resolve_image_name)(const char *image_name);
/* merge image config ops */ /* merge image config ops */
int (*merge_conf)(oci_runtime_spec *oci_spec, const host_config *host_spec, container_custom_config *custom_spec, int (*merge_conf)(const host_config *host_spec, container_config *container_spec,
const im_prepare_request *request, char **real_rootfs); const im_prepare_request *request, char **real_rootfs);
/* get user config ops */ /* get user config ops */
int (*get_user_conf)(const char *basefs, host_config *hc, int (*get_user_conf)(const char *basefs, host_config *hc,
const char *userstr, oci_runtime_spec_process_user *puser); const char *userstr, defs_process_user *puser);
/* list images */ /* list images */
int (*list_ims)(const im_list_request *request, imagetool_images_list **images); int (*list_ims)(const im_list_request *request, imagetool_images_list **images);
@ -293,11 +293,12 @@ int im_umount_container_rootfs(const char *image_type, const char *image_name, c
int im_remove_container_rootfs(const char *image_type, const char *container_id); int im_remove_container_rootfs(const char *image_type, const char *container_id);
int im_merge_image_config(const char *id, const char *image_type, const char *image_name, int im_merge_image_config(const char *id, const char *image_type, const char *image_name,
const char *ext_config_image, oci_runtime_spec *oci_spec, host_config *host_spec, const char *ext_config_image,
container_custom_config *custom_spec, char **real_rootfs); host_config *host_spec, container_config *container_spec,
char **real_rootfs);
int im_get_user_conf(const char *image_type, const char *basefs, host_config *hc, const char *userstr, int im_get_user_conf(const char *image_type, const char *basefs, host_config *hc, const char *userstr,
oci_runtime_spec_process_user *puser); defs_process_user *puser);
int im_list_images(const im_list_request *request, im_list_response **response); int im_list_images(const im_list_request *request, im_list_response **response);

4
src/image/oci/isula_image.c
View File

@ -156,7 +156,7 @@ int isula_prepare_rf(const im_prepare_request *request, char **real_rootfs)
real_rootfs, NULL); real_rootfs, NULL);
} }
int isula_merge_conf_rf(oci_runtime_spec *oci_spec, const host_config *host_spec, container_custom_config *custom_spec, int isula_merge_conf_rf(const host_config *host_spec, container_config *container_spec,
const im_prepare_request *request, char **real_rootfs) const im_prepare_request *request, char **real_rootfs)
{ {
oci_image_spec *image = NULL; oci_image_spec *image = NULL;
@ -173,7 +173,7 @@ int isula_merge_conf_rf(oci_runtime_spec *oci_spec, const host_config *host_spec
ERROR("Get prepare rootfs failed of image: %s", request->image_name); ERROR("Get prepare rootfs failed of image: %s", request->image_name);
goto out; goto out;
} }
ret = oci_image_conf_merge_into_spec(request->image_name, oci_spec, custom_spec); ret = oci_image_conf_merge_into_spec(request->image_name, container_spec);
if (ret != 0) { if (ret != 0) {
ERROR("Failed to merge oci config for image: %s", request->image_name); ERROR("Failed to merge oci config for image: %s", request->image_name);
goto out; goto out;

2
src/image/oci/isula_image.h
View File

@ -32,7 +32,7 @@ int isula_get_filesystem_info(im_fs_info_response **response);
int isual_load_image(const im_load_request *request); int isual_load_image(const im_load_request *request);
int isula_prepare_rf(const im_prepare_request *request, char **real_rootfs); int isula_prepare_rf(const im_prepare_request *request, char **real_rootfs);
int isula_merge_conf_rf(oci_runtime_spec *oci_spec, const host_config *host_spec, container_custom_config *custom_spec, int isula_merge_conf_rf(const host_config *host_spec, container_config *container_spec,
const im_prepare_request *request, char **real_rootfs); const im_prepare_request *request, char **real_rootfs);
int isula_mount_rf(const im_mount_request *request); int isula_mount_rf(const im_mount_request *request);
int isula_umount_rf(const im_umount_request *request); int isula_umount_rf(const im_umount_request *request);

9
src/image/oci/oci_common_operators.c
View File

@ -244,7 +244,7 @@ static void oci_strip_dockerio(const imagetool_image *image)
return; return;
} }
int oci_get_user_conf(const char *basefs, host_config *hc, const char *userstr, oci_runtime_spec_process_user *puser) int oci_get_user_conf(const char *basefs, host_config *hc, const char *userstr, defs_process_user *puser)
{ {
if (basefs == NULL || puser == NULL) { if (basefs == NULL || puser == NULL) {
ERROR("Empty basefs or puser"); ERROR("Empty basefs or puser");
@ -796,14 +796,13 @@ int oci_get_all_images(const im_list_request *request, imagetool_images_list **i
return isula_list_images(request, images); return isula_list_images(request, images);
} }
int oci_image_conf_merge_into_spec(const char *image_name, oci_runtime_spec *oci_spec, int oci_image_conf_merge_into_spec(const char *image_name, container_config *container_spec)
container_custom_config *custom_spec)
{ {
int ret = 0; int ret = 0;
oci_image_t *image_info = NULL; oci_image_t *image_info = NULL;
char *resolved_name = NULL; char *resolved_name = NULL;
if (oci_spec == NULL || image_name == NULL) { if (container_spec == NULL || image_name == NULL) {
ERROR("invalid NULL param"); ERROR("invalid NULL param");
return -1; return -1;
} }
@ -822,7 +821,7 @@ int oci_image_conf_merge_into_spec(const char *image_name, oci_runtime_spec *oci
goto out; goto out;
} }
ret = oci_image_merge_config(image_info->info, oci_spec, custom_spec); ret = oci_image_merge_config(image_info->info, container_spec);
if (ret != 0) { if (ret != 0) {
ERROR("Failed to merge oci config for image %s", resolved_name); ERROR("Failed to merge oci config for image %s", resolved_name);
ret = -1; ret = -1;

5
src/image/oci/oci_common_operators.h
View File

@ -29,7 +29,7 @@ char *oci_normalize_image_name(const char *name);
bool oci_detect(const char *image_name); bool oci_detect(const char *image_name);
char *oci_resolve_image_name(const char *name); char *oci_resolve_image_name(const char *name);
int oci_get_user_conf(const char *basefs, host_config *hc, const char *userstr, oci_runtime_spec_process_user *puser); int oci_get_user_conf(const char *basefs, host_config *hc, const char *userstr, defs_process_user *puser);
int oci_list_images(const im_list_request *request, imagetool_images_list **images); int oci_list_images(const im_list_request *request, imagetool_images_list **images);
int oci_status_image(im_status_request *request, im_status_response **response); int oci_status_image(im_status_request *request, im_status_response **response);
int oci_inspect_image(const im_inspect_request *request, char **inspected_json); int oci_inspect_image(const im_inspect_request *request, char **inspected_json);
@ -37,8 +37,7 @@ int oci_inspect_image(const im_inspect_request *request, char **inspected_json);
imagetool_image *oci_get_image_info_by_name(const char *id); imagetool_image *oci_get_image_info_by_name(const char *id);
int oci_get_all_images(const im_list_request *request, imagetool_images_list **images); int oci_get_all_images(const im_list_request *request, imagetool_images_list **images);
int oci_image_conf_merge_into_spec(const char *image_name, oci_runtime_spec *oci_spec, int oci_image_conf_merge_into_spec(const char *image_name, container_config *container_spec);
container_custom_config *custom_spec);
#ifdef __cplusplus #ifdef __cplusplus
} }

201
src/image/oci/oci_config_merge.c
View File

@ -25,52 +25,110 @@
#include "specs_mount.h" #include "specs_mount.h"
#include "specs_extend.h" #include "specs_extend.h"
static void oci_image_merge_working_dir(const char *working_dir, oci_runtime_spec *oci_spec) static void oci_image_merge_working_dir(const char *working_dir, container_config *container_spec)
{ {
if (working_dir == NULL) { if (working_dir == NULL) {
return; return;
} }
free(oci_spec->process->cwd); free(container_spec->working_dir);
oci_spec->process->cwd = util_strdup_s(working_dir); container_spec->working_dir = util_strdup_s(working_dir);
} }
static int oci_image_merge_env(const oci_image_spec_config *config, oci_runtime_spec *oci_spec) static int oci_image_merge_env(const oci_image_spec_config *config, container_config *container_spec)
{ {
int ret = 0;
size_t new_size = 0;
size_t old_size = 0;
size_t i = 0;
size_t j = 0;
char **temp = NULL;
char **im_kv = NULL;
char **custom_kv = NULL;
if (config->env == NULL || config->env_len == 0) { if (config->env == NULL || config->env_len == 0) {
return 0; return 0;
} }
if (merge_env(oci_spec, (const char **)config->env, config->env_len) != 0) {
ERROR("Failed to merge environment variables"); if (config->env_len > LIST_ENV_SIZE_MAX - container_spec->env_len) {
return -1; ERROR("The length of envionment variables is too long, the limit is %d", LIST_ENV_SIZE_MAX);
isulad_set_error_message("The length of envionment variables is too long, the limit is %d", LIST_ENV_SIZE_MAX);
ret = -1;
goto out;
} }
new_size = (container_spec->env_len + config->env_len) * sizeof(char *);
old_size = container_spec->env_len * sizeof(char *);
ret = mem_realloc((void **)&temp, new_size, container_spec->env, old_size);
if (ret != 0) {
ERROR("Failed to realloc memory for envionment variables");
ret = -1;
goto out;
}
container_spec->env = temp;
for (i = 0; i < config->env_len; i++) {
bool found = false;
im_kv = util_string_split(config->env[i], '=');
if (im_kv == NULL) {
continue;
}
for (j = 0; j < container_spec->env_len; j++) {
custom_kv = util_string_split(container_spec->env[i], '=');
if (custom_kv == NULL) {
continue;
}
if (strcmp(im_kv[0], custom_kv[0]) == 0) {
found = true;
}
util_free_array(custom_kv);
custom_kv = NULL;
if (found) {
break;
}
}
if (!found) {
container_spec->env[container_spec->env_len] = util_strdup_s(config->env[i]);
container_spec->env_len++;
}
util_free_array(im_kv);
im_kv = NULL;
}
out:
return ret;
return 0; return 0;
} }
static int do_duplicate_commands(const oci_image_spec_config *config, container_custom_config *custom_spec) static int do_duplicate_commands(const oci_image_spec_config *config, container_config *container_spec)
{ {
size_t i; size_t i;
if (custom_spec->cmd_len != 0 || config->cmd_len == 0) { if (container_spec->cmd_len != 0 || config->cmd_len == 0) {
return 0; return 0;
} }
custom_spec->cmd = (char **)util_smart_calloc_s(sizeof(char *), config->cmd_len); if (config->cmd_len > SIZE_MAX / sizeof(char *)) {
if (custom_spec->cmd == NULL) { ERROR("too many commands!");
return -1;
}
container_spec->cmd = (char **)util_common_calloc_s(sizeof(char *) * config->cmd_len);
if (container_spec->cmd == NULL) {
ERROR("Out of memory"); ERROR("Out of memory");
return -1; return -1;
} }
for (i = 0; i < config->cmd_len; i++) { for (i = 0; i < config->cmd_len; i++) {
custom_spec->cmd[i] = util_strdup_s(config->cmd[i]); container_spec->cmd[i] = util_strdup_s(config->cmd[i]);
custom_spec->cmd_len++; container_spec->cmd_len++;
} }
return 0; return 0;
} }
static int do_duplicate_entrypoints(const oci_image_spec_config *config, container_custom_config *custom_spec) static int do_duplicate_entrypoints(const oci_image_spec_config *config, container_config *container_spec)
{ {
size_t i; size_t i;
@ -78,64 +136,53 @@ static int do_duplicate_entrypoints(const oci_image_spec_config *config, contain
return 0; return 0;
} }
custom_spec->entrypoint = (char **)util_smart_calloc_s(sizeof(char *), config->entrypoint_len); if (config->entrypoint_len > SIZE_MAX / sizeof(char *)) {
if (custom_spec->entrypoint == NULL) { ERROR("too many entrypoints!");
return -1;
}
container_spec->entrypoint = (char **)util_common_calloc_s(sizeof(char *) * config->entrypoint_len);
if (container_spec->entrypoint == NULL) {
ERROR("Out of memory"); ERROR("Out of memory");
return -1; return -1;
} }
for (i = 0; i < config->entrypoint_len; i++) { for (i = 0; i < config->entrypoint_len; i++) {
custom_spec->entrypoint[i] = util_strdup_s(config->entrypoint[i]); container_spec->entrypoint[i] = util_strdup_s(config->entrypoint[i]);
custom_spec->entrypoint_len++; container_spec->entrypoint_len++;
} }
return 0; return 0;
} }
static int oci_image_merge_entrypoint(const oci_image_spec_config *config, container_custom_config *custom_spec) static int oci_image_merge_entrypoint(const oci_image_spec_config *config, container_config *container_spec)
{ {
if (custom_spec->entrypoint_len != 0) { if (container_spec->entrypoint_len != 0) {
return 0; return 0;
} }
if (do_duplicate_commands(config, custom_spec) != 0) { if (do_duplicate_commands(config, container_spec) != 0) {
return -1; return -1;
} }
if (do_duplicate_entrypoints(config, custom_spec) != 0) { if (do_duplicate_entrypoints(config, container_spec) != 0) {
return -1; return -1;
} }
return 0; return 0;
} }
static void oci_image_merge_user(const char *user, container_custom_config *custom_spec) static void oci_image_merge_user(const char *user, container_config *container_spec)
{ {
if (custom_spec->user != NULL) { if (container_spec->user != NULL) {
return; return;
} }
custom_spec->user = util_strdup_s(user); container_spec->user = util_strdup_s(user);
}
static int oci_image_merge_volumes(const oci_image_spec_config *config, oci_runtime_spec *oci_spec)
{
int ret;
if (config->volumes == NULL) {
return 0;
}
ret = merge_volumes(oci_spec, config->volumes->keys, config->volumes->len, NULL, parse_volume);
if (ret != 0) {
ERROR("Failed to merge volumes");
return -1;
}
return 0;
} }
static int dup_health_check_from_image(const defs_health_check *image_health_check, static int dup_health_check_from_image(const defs_health_check *image_health_check,
container_custom_config *custom_spec) container_config *container_spec)
{ {
int ret = 0; int ret = 0;
size_t i; size_t i;
@ -145,7 +192,13 @@ static int dup_health_check_from_image(const defs_health_check *image_health_che
return -1; return -1;
} }
health_check->test = util_smart_calloc_s(sizeof(char *), image_health_check->test_len); if (image_health_check->test_len > SIZE_MAX / sizeof(char *)) {
ERROR("invalid health check commands!");
ret = -1;
goto out;
}
health_check->test = util_common_calloc_s(sizeof(char *) * image_health_check->test_len);
if (health_check->test == NULL) { if (health_check->test == NULL) {
ERROR("Out of memory"); ERROR("Out of memory");
ret = -1; ret = -1;
@ -162,7 +215,7 @@ static int dup_health_check_from_image(const defs_health_check *image_health_che
health_check->retries = image_health_check->retries; health_check->retries = image_health_check->retries;
health_check->exit_on_unhealthy = image_health_check->exit_on_unhealthy; health_check->exit_on_unhealthy = image_health_check->exit_on_unhealthy;
custom_spec->health_check = health_check; container_spec->health_check = health_check;
health_check = NULL; health_check = NULL;
@ -172,39 +225,43 @@ out:
} }
static int update_health_check_from_image(const defs_health_check *image_health_check, static int update_health_check_from_image(const defs_health_check *image_health_check,
container_custom_config *custom_spec) container_config *container_spec)
{ {
if (custom_spec->health_check->test_len == 0) { if (container_spec->health_check->test_len == 0) {
size_t i; size_t i;
custom_spec->health_check->test = util_smart_calloc_s(sizeof(char *), image_health_check->test_len); if (image_health_check->test_len > SIZE_MAX / sizeof(char *)) {
if (custom_spec->health_check->test == NULL) { ERROR("invalid health check commands!");
return -1;
}
container_spec->health_check->test = util_common_calloc_s(sizeof(char *) * image_health_check->test_len);
if (container_spec->health_check->test == NULL) {
ERROR("Out of memory"); ERROR("Out of memory");
return -1; return -1;
} }
for (i = 0; i < image_health_check->test_len; i++) { for (i = 0; i < image_health_check->test_len; i++) {
custom_spec->health_check->test[i] = util_strdup_s(image_health_check->test[i]); container_spec->health_check->test[i] = util_strdup_s(image_health_check->test[i]);
custom_spec->health_check->test_len++; container_spec->health_check->test_len++;
} }
} }
if (custom_spec->health_check->interval == 0) { if (container_spec->health_check->interval == 0) {
custom_spec->health_check->interval = image_health_check->interval; container_spec->health_check->interval = image_health_check->interval;
} }
if (custom_spec->health_check->timeout == 0) { if (container_spec->health_check->timeout == 0) {
custom_spec->health_check->timeout = image_health_check->timeout; container_spec->health_check->timeout = image_health_check->timeout;
} }
if (custom_spec->health_check->start_period == 0) { if (container_spec->health_check->start_period == 0) {
custom_spec->health_check->start_period = image_health_check->start_period; container_spec->health_check->start_period = image_health_check->start_period;
} }
if (custom_spec->health_check->retries == 0) { if (container_spec->health_check->retries == 0) {
custom_spec->health_check->retries = image_health_check->retries; container_spec->health_check->retries = image_health_check->retries;
} }
return 0; return 0;
} }
static int oci_image_merge_health_check(const defs_health_check *image_health_check, static int oci_image_merge_health_check(const defs_health_check *image_health_check,
container_custom_config *custom_spec) container_config *container_spec)
{ {
int ret = 0; int ret = 0;
@ -217,13 +274,13 @@ static int oci_image_merge_health_check(const defs_health_check *image_health_ch
return -1; return -1;
} }
if (custom_spec->health_check == NULL) { if (container_spec->health_check == NULL) {
if (dup_health_check_from_image(image_health_check, custom_spec) != 0) { if (dup_health_check_from_image(image_health_check, container_spec) != 0) {
ret = -1; ret = -1;
goto out; goto out;
} }
} else { } else {
if (update_health_check_from_image(image_health_check, custom_spec) != 0) { if (update_health_check_from_image(image_health_check, container_spec) != 0) {
ret = -1; ret = -1;
goto out; goto out;
} }
@ -233,38 +290,34 @@ out:
return ret; return ret;
} }
int oci_image_merge_config(imagetool_image *image_conf, oci_runtime_spec *oci_spec, int oci_image_merge_config(imagetool_image *image_conf, container_config *container_spec)
container_custom_config *custom_spec)
{ {
int ret = 0; int ret = 0;
if (image_conf == NULL || oci_spec == NULL || custom_spec == NULL) { if (image_conf == NULL || container_spec == NULL) {
ERROR("Invalid input arguments"); ERROR("Invalid input arguments");
return -1; return -1;
} }
if (image_conf->spec != NULL && image_conf->spec->config != NULL) { if (image_conf->spec != NULL && image_conf->spec->config != NULL) {
oci_image_merge_working_dir(image_conf->spec->config->working_dir, oci_spec); oci_image_merge_working_dir(image_conf->spec->config->working_dir, container_spec);
if (oci_image_merge_env(image_conf->spec->config, oci_spec) != 0) { if (oci_image_merge_env(image_conf->spec->config, container_spec) != 0) {
ret = -1; ret = -1;
goto out; goto out;
} }
if (oci_image_merge_entrypoint(image_conf->spec->config, custom_spec) != 0) { if (oci_image_merge_entrypoint(image_conf->spec->config, container_spec) != 0) {
ret = -1; ret = -1;
goto out; goto out;
} }
oci_image_merge_user(image_conf->spec->config->user, custom_spec); oci_image_merge_user(image_conf->spec->config->user, container_spec);
if (oci_image_merge_volumes(image_conf->spec->config, oci_spec) != 0) { // ignore volumes now
ret = -1;
goto out;
}
} }
if (oci_image_merge_health_check(image_conf->healthcheck, custom_spec) != 0) { if (oci_image_merge_health_check(image_conf->healthcheck, container_spec) != 0) {
ret = -1; ret = -1;
goto out; goto out;
} }

5
src/image/oci/oci_config_merge.h
View File

@ -17,15 +17,14 @@
#define __OCI_IMAGE_MERGE_CONFIG_H_ #define __OCI_IMAGE_MERGE_CONFIG_H_
#include "imagetool_image.h" #include "imagetool_image.h"
#include "container_custom_config.h"
#include "oci_runtime_spec.h" #include "oci_runtime_spec.h"
#include "container_config.h"
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
int oci_image_merge_config(imagetool_image *image_conf, oci_runtime_spec *oci_spec, int oci_image_merge_config(imagetool_image *image_conf, container_config *container_spec);
container_custom_config *custom_spec);
#ifdef __cplusplus #ifdef __cplusplus
} }

9
src/json/schema/schema/container/conf-request.json
View File

@ -1,9 +0,0 @@
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"container_id": {
"type": "string"
}
}
}

21
src/json/schema/schema/container/conf-response.json
View File

@ -1,21 +0,0 @@
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"container_logpath": {
"type": "string"
},
"container_logsize": {
"type": "string"
},
"container_logrotate": {
"type": "uint32"
},
"cc": {
"type": "uint32"
},
"errmsg": {
"type": "string"
}
}
}

26
src/json/schema/schema/container/config.json
View File

@ -88,6 +88,32 @@
}, },
"HealthCheck": { "HealthCheck": {
"$ref": "../defs.json#/definitions/HealthCheck" "$ref": "../defs.json#/definitions/HealthCheck"
},
"SystemContainer": {
"type": "boolean"
},
"NsChangeOpt": {
"type": "string"
},
"Mounts": {
"type": "array",
"items": {
"type": "string"
}
},
"LogConfig": {
"type": "object",
"properties": {
"log_file": {
"type": "string"
},
"log_file_size": {
"type": "string"
},
"log_file_rotate": {
"type": "uint64"
}
}
} }
}, },
"required": [ "required": [

83
src/json/schema/schema/container/custom-config.json
View File

@ -1,83 +0,0 @@
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"Env": {
"type": "array",
"items": {
"type": "string"
}
},
"Hostname": {
"type": "string"
},
"User": {
"type": "string"
},
"AttachStdin": {
"type": "boolean"
},
"AttachStdout": {
"type": "boolean"
},
"AttachStderr": {
"type": "boolean"
},
"Tty": {
"type": "boolean"
},
"OpenStdin": {
"type": "boolean"
},
"SystemContainer": {
"type": "boolean"
},
"NsChangeOpt": {
"type": "string"
},
"Mounts": {
"type": "array",
"items": {
"type": "string"
}
},
"Entrypoint": {
"type": "array",
"items": {
"type": "string"
}
},
"Labels": {
"$ref": "../defs.json#/definitions/mapStringString"
},
"Cmd": {
"$ref": "../defs.json#/definitions/ArrayOfStrings"
},
"annotations": {
"$ref": "../defs.json#/definitions/mapStringString"
},
"WorkingDir": {
"type": "string"
},
"Entrypoint": {
"$ref": "../defs.json#/definitions/ArrayOfStrings"
},
"LogConfig": {
"type": "object",
"properties": {
"log_file": {
"type": "string"
},
"log_file_size": {
"type": "string"
},
"log_file_rotate": {
"type": "uint64"
}
}
},
"HealthCheck": {
"$ref": "../defs.json#/definitions/HealthCheck"
}
}
}

9
src/json/schema/schema/container/info.json
View File

@ -8,15 +8,6 @@
"image_type": { "image_type": {
"type": "string" "type": "string"
}, },
"pid": {
"type": "int32"
},
"has_pid": {
"type": "boolean"
},
"status": {
"type": "integer"
},
"pids_current": { "pids_current": {
"type": "uint64" "type": "uint64"
}, },

3
src/json/schema/schema/container/stats-request.json
View File

@ -5,9 +5,6 @@
"filters": { "filters": {
"$ref": "../defs.json#/definitions/filters" "$ref": "../defs.json#/definitions/filters"
}, },
"runtime": {
"type": "string"
},
"containers": { "containers": {
"$ref": "../defs.json#/definitions/ArrayOfStrings" "$ref": "../defs.json#/definitions/ArrayOfStrings"
}, },

698
src/json/schema/schema/defs.json
View File

@ -303,6 +303,702 @@
"$ref": "#/definitions/mapStringBool" "$ref": "#/definitions/mapStringBool"
} }
} }
} },
"any": {
"type": "object",
"properties": {
"type_url": {
"type": "string"
},
"value": {
"type": "array",
"items": {
"type": "byte"
}
}
}
},
"zone": {
"type": "object",
"properties": {
"name": {
"type":"string"
},
"offset": {
"$ref": "#/definitions/uint8"
},
"isDST": {
"type": "boolean"
}
}
},
"zoneTrans": {
"type": "object",
"properties": {
"wnen": {
"$ref": "#/definitions/int64"
},
"index": {
"$ref": "#/definitions/uint8"
},
"isstd": {
"type": "boolean"
},
"isutc": {
"type": "boolean"
}
}
},
"location": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"zone": {
"type": "array",
"items": {
"$ref": "#/definitions/zone"
}
},
"tx": {
"type": "array",
"items": {
"$ref": "#/definitions/zoneTrans"
}
},
"cacheStart": {
"$ref": "#/definitions/int64"
},
"cacheEnd": {
"$ref": "#/definitions/int64"
},
"cacheZone": {
"$ref": "#/definitions/zone"
}
}
},
"time": {
"type": "object",
"properties": {
"wall": {
"$ref": "#/definitions/uint64"
},
"ext": {
"$ref": "#/definitions/int64"
},
"loc": {
"$ref": "#/definitions/location"
}
}
},
"RootfsPropagation": {
"type": "string",
"enum": [
"private",
"shared",
"slave",
"unbindable"
]
},
"SeccompArch": {
"type": "string",
"enum": [
"SCMP_ARCH_X86",
"SCMP_ARCH_X86_64",
"SCMP_ARCH_X32",
"SCMP_ARCH_ARM",
"SCMP_ARCH_AARCH64",
"SCMP_ARCH_MIPS",
"SCMP_ARCH_MIPS64",
"SCMP_ARCH_MIPS64N32",
"SCMP_ARCH_MIPSEL",
"SCMP_ARCH_MIPSEL64",
"SCMP_ARCH_MIPSEL64N32",
"SCMP_ARCH_PPC",
"SCMP_ARCH_PPC64",
"SCMP_ARCH_PPC64LE",
"SCMP_ARCH_S390",
"SCMP_ARCH_S390X",
"SCMP_ARCH_PARISC",
"SCMP_ARCH_PARISC64"
]
},
"SeccompAction": {
"type": "string",
"enum": [
"SCMP_ACT_KILL",
"SCMP_ACT_TRAP",
"SCMP_ACT_ERRNO",
"SCMP_ACT_TRACE",
"SCMP_ACT_ALLOW"
]
},
"SeccompOperators": {
"type": "string",
"enum": [
"SCMP_CMP_NE",
"SCMP_CMP_LT",
"SCMP_CMP_LE",
"SCMP_CMP_EQ",
"SCMP_CMP_GE",
"SCMP_CMP_GT",
"SCMP_CMP_MASKED_EQ"
]
},
"SyscallArg": {
"type": "object",
"properties": {
"index": {
"$ref": "#/definitions/uint32"
},
"value": {
"$ref": "#/definitions/uint64"
},
"valueTwo": {
"$ref": "#/definitions/uint64"
},
"op": {
"$ref": "#/definitions/SeccompOperators"
}
},
"required": [
"index",
"value",
"op"
]
},
"Syscall": {
"type": "object",
"properties": {
"names": {
"type": "array",
"items": {
"type": "string"
},
"minItems": 1
},
"action": {
"$ref": "#/definitions/SeccompAction"
},
"args": {
"type": "array",
"items": {
"$ref": "#/definitions/SyscallArg"
}
}
},
"required": [
"names",
"action"
]
},
"Major": {
"description": "major device number",
"$ref": "#/definitions/int64"
},
"Minor": {
"description": "minor device number",
"$ref": "#/definitions/int64"
},
"FileMode": {
"description": "File permissions mode (typically an octal value)",
"type": "integer",
"minimum": 0,
"maximum": 512
},
"FileType": {
"description": "Type of a block or special character device",
"type": "string",
"pattern": "^[cbup]$"
},
"Device": {
"type": "object",
"required": [
"type",
"path"
],
"properties": {
"type": {
"$ref": "#/definitions/FileType"
},
"path": {
"$ref": "#/definitions/FilePath"
},
"fileMode": {
"$ref": "#/definitions/FileMode"
},
"major": {
"$ref": "#/definitions/Major"
},
"minor": {
"$ref": "#/definitions/Minor"
},
"uid": {
"$ref": "#/definitions/UID"
},
"gid": {
"$ref": "#/definitions/GID"
}
}
},
"weight": {
"type": "integer"
},
"blockIODevice": {
"type": "object",
"properties": {
"major": {
"$ref": "#/definitions/Major"
},
"minor": {
"$ref": "#/definitions/Minor"
}
},
"required": [
"major",
"minor"
]
},
"blockIODeviceWeight": {
"type": "object",
"allOf": [
{
"$ref": "#/definitions/blockIODevice"
},
{
"type": "object",
"properties": {
"weight": {
"$ref": "#/definitions/weight"
},
"leafWeight": {
"$ref": "#/definitions/weight"
}
}
}
]
},
"blockIODeviceThrottle": {
"allOf": [
{
"$ref": "#/definitions/blockIODevice"
},
{
"type": "object",
"properties": {
"rate": {
"$ref": "#/definitions/uint64"
}
}
}
]
},
"DeviceCgroup": {
"type": "object",
"properties": {
"allow": {
"type": "boolean"
},
"type": {
"type": "string"
},
"major": {
"$ref": "#/definitions/Major"
},
"minor": {
"$ref": "#/definitions/Minor"
},
"access": {
"type": "string"
}
},
"required": [
"allow"
]
},
"NetworkInterfacePriority": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"priority": {
"$ref": "#/definitions/uint32"
}
},
"required": [
"name",
"priority"
]
},
"NamespaceType": {
"type": "string",
"enum": [
"mount",
"pid",
"network",
"uts",
"ipc",
"user",
"cgroup"
]
},
"NamespaceReference": {
"type": "object",
"properties": {
"type": {
"$ref": "#/definitions/NamespaceType"
},
"path": {
"$ref": "#/definitions/FilePath"
}
},
"required": [
"type"
]
},
"processInfo": {
"type": "object",
"properties": {
"pid": {
"$ref": "#/definitions/uint32"
},
"info": {
"$ref": "#/definitions/any"
}
}
},
"process": {
"id": "https://opencontainers.org/schema/bundle/process",
"type": "object",
"required": [
"cwd",
"args"
],
"properties": {
"args": {
"id": "https://opencontainers.org/schema/bundle/process/args",
"$ref": "#/definitions/ArrayOfStrings"
},
"consoleSize": {
"id": "https://opencontainers.org/schema/bundle/process/consoleSize",
"type": "object",
"required": [
"height",
"width"
],
"properties": {
"height": {
"id": "https://opencontainers.org/schema/bundle/process/consoleSize/height",
"$ref": "#/definitions/uint64"
},
"width": {
"id": "https://opencontainers.org/schema/bundle/process/consoleSize/width",
"$ref": "#/definitions/uint64"
}
}
},
"cwd": {
"id": "https://opencontainers.org/schema/bundle/process/cwd",
"type": "string"
},
"env": {
"id": "https://opencontainers.org/schema/bundle/process/env",
"$ref": "#/definitions/Env"
},
"terminal": {
"id": "https://opencontainers.org/schema/bundle/process/terminal",
"type": "boolean"
},
"user": {
"id": "https://opencontainers.org/schema/bundle/process/user",
"type": "object",
"properties": {
"uid": {
"id": "https://opencontainers.org/schema/bundle/process/user/uid",
"$ref": "#/definitions/UID"
},
"gid": {
"id": "https://opencontainers.org/schema/bundle/process/user/gid",
"$ref": "#/definitions/GID"
},
"additionalGids": {
"id": "https://opencontainers.org/schema/bundle/process/user/additionalGids",
"$ref": "#/definitions/ArrayOfGIDs"
},
"username": {
"id": "https://opencontainers.org/schema/bundle/process/user/username",
"type": "string"
}
}
},
"capabilities": {
"id": "https://opencontainers.org/schema/bundle/process/linux/capabilities",
"type": "object",
"properties": {
"bounding": {
"id": "https://opencontainers.org/schema/bundle/process/linux/capabilities/bounding",
"type": "array",
"items": {
"type": "string"
}
},
"permitted": {
"id": "https://opencontainers.org/schema/bundle/process/linux/capabilities/permitted",
"type": "array",
"items": {
"type": "string"
}
},
"effective": {
"id": "https://opencontainers.org/schema/bundle/process/linux/capabilities/effective",
"type": "array",
"items": {
"type": "string"
}
},
"inheritable": {
"id": "https://opencontainers.org/schema/bundle/process/linux/capabilities/inheritable",
"type": "array",
"items": {
"type": "string"
}
},
"ambient": {
"id": "https://opencontainers.org/schema/bundle/process/linux/capabilities/ambient",
"type": "array",
"items": {
"type": "string"
}
}
}
},
"apparmorProfile": {
"id": "https://opencontainers.org/schema/bundle/process/linux/apparmorProfile",
"type": "string"
},
"oomScoreAdj": {
"id": "https://opencontainers.org/schema/bundle/process/linux/oomScoreAdj",
"type": "integer"
},
"selinuxLabel": {
"id": "https://opencontainers.org/schema/bundle/process/linux/selinuxLabel",
"type": "string"
},
"noNewPrivileges": {
"id": "https://opencontainers.org/schema/bundle/process/linux/noNewPrivileges",
"type": "boolean"
},
"rlimits": {
"id": "https://opencontainers.org/schema/bundle/linux/rlimits",
"type": "array",
"items": {
"id": "https://opencontainers.org/schema/bundle/linux/rlimits/0",
"type": "object",
"required": [
"type",
"soft",
"hard"
],
"properties": {
"hard": {
"id": "https://opencontainers.org/schema/bundle/linux/rlimits/0/hard",
"$ref": "#/definitions/uint64"
},
"soft": {
"id": "https://opencontainers.org/schema/bundle/linux/rlimits/0/soft",
"$ref": "#/definitions/uint64"
},
"type": {
"id": "https://opencontainers.org/schema/bundle/linux/rlimits/0/type",
"type": "string",
"pattern": "^RLIMIT_[A-Z]+$"
}
}
}
}
}
},
"resources": {
"id": "https://opencontainers.org/schema/bundle/linux/resources",
"type": "object",
"properties": {
"devices": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/devices",
"type": "array",
"items": {
"$ref": "#/definitions/DeviceCgroup"
}
},
"pids": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/pids",
"type": "object",
"properties": {
"limit": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/pids/limit",
"$ref": "#/definitions/int64"
}
},
"required": [
"limit"
]
},
"blockIO": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO",
"type": "object",
"properties": {
"weight": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/weight",
"$ref": "#/definitions/weight"
},
"leafWeight": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/leafWeight",
"$ref": "#/definitions/weight"
},
"throttleReadBpsDevice": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/throttleReadBpsDevice",
"type": "array",
"items": {
"$ref": "#/definitions/blockIODeviceThrottle"
}
},
"throttleWriteBpsDevice": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/throttleWriteBpsDevice",
"type": "array",
"items": {
"$ref": "#/definitions/blockIODeviceThrottle"
}
},
"throttleReadIOPSDevice": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/throttleReadIOPSDevice",
"type": "array",
"items": {
"$ref": "#/definitions/blockIODeviceThrottle"
}
},
"throttleWriteIOPSDevice": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/throttleWriteIOPSDevice",
"type": "array",
"items": {
"$ref": "#/definitions/blockIODeviceThrottle"
}
},
"weightDevice": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/weightDevice",
"type": "array",
"items": {
"$ref": "#/definitions/blockIODeviceWeight"
}
}
}
},
"cpu": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/cpu",
"type": "object",
"properties": {
"cpus": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/cpus",
"type": "string"
},
"mems": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/mems",
"type": "string"
},
"period": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/period",
"$ref": "#/definitions/uint64"
},
"quota": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/quota",
"$ref": "#/definitions/int64"
},
"realtimePeriod": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/realtimePeriod",
"$ref": "#/definitions/uint64"
},
"realtimeRuntime": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/realtimeRuntime",
"$ref": "#/definitions/int64"
},
"shares": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/shares",
"$ref": "#/definitions/uint64"
}
}
},
"hugepageLimits": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/hugepageLimits",
"type": "array",
"items": {
"type": "object",
"properties": {
"pageSize": {
"type": "string"
},
"limit": {
"$ref": "#/definitions/uint64"
}
},
"required": [
"pageSize",
"limit"
]
}
},
"memory": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/memory",
"type": "object",
"properties": {
"kernel": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/memory/kernel",
"$ref": "#/definitions/int64"
},
"kernelTCP": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/memory/kernelTCP",
"$ref": "#/definitions/int64"
},
"limit": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/memory/limit",
"$ref": "#/definitions/int64"
},
"reservation": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/memory/reservation",
"$ref": "#/definitions/int64"
},
"swap": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/memory/swap",
"$ref": "#/definitions/int64"
},
"swappiness": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/memory/swappiness",
"$ref": "#/definitions/uint64"
},
"disableOOMKiller": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/memory/disableOOMKiller",
"type": "boolean"
}
}
},
"network": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/network",
"type": "object",
"properties": {
"classID": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/network/classId",
"$ref": "#/definitions/uint32"
},
"priorities": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/network/priorities",
"type": "array",
"items": {
"$ref": "#/definitions/NetworkInterfacePriority"
}
}
}
}
}
}
} }
} }

12
src/json/schema/schema/docker/seccomp.json
View File

@ -13,12 +13,12 @@
"type": "object", "type": "object",
"properties": { "properties": {
"architecture": { "architecture": {
"$ref": "../oci/runtime/defs-linux.json#/definitions/SeccompArch" "$ref": "../defs.json#/definitions/SeccompArch"
}, },
"subArchitectures": { "subArchitectures": {
"type": "array", "type": "array",
"items": { "items": {
"$ref": "../oci/runtime/defs-linux.json#/definitions/SeccompArch" "$ref": "../defs.json#/definitions/SeccompArch"
} }
} }
} }
@ -38,7 +38,7 @@
"minItems": 1 "minItems": 1
}, },
"action": { "action": {
"$ref": "../oci/runtime/defs-linux.json#/definitions/SeccompAction" "$ref": "../defs.json#/definitions/SeccompAction"
}, },
"args": { "args": {
"type": "array", "type": "array",
@ -55,7 +55,7 @@
"$ref": "../defs.json#/definitions/uint64" "$ref": "../defs.json#/definitions/uint64"
}, },
"op": { "op": {
"$ref": "../oci/runtime/defs-linux.json#/definitions/SeccompOperators" "$ref": "../defs.json#/definitions/SeccompOperators"
} }
}, },
"required": [ "required": [
@ -74,7 +74,7 @@
"arches": { "arches": {
"type": "array", "type": "array",
"items": { "items": {
"$ref": "../oci/runtime/defs-linux.json#/definitions/SeccompArch" "$ref": "../defs.json#/definitions/SeccompArch"
} }
}, },
"caps": { "caps": {
@ -91,7 +91,7 @@
"arches": { "arches": {
"type": "array", "type": "array",
"items": { "items": {
"$ref": "../oci/runtime/defs-linux.json#/definitions/SeccompArch" "$ref": "../defs.json#/definitions/SeccompArch"
} }
}, },
"caps": { "caps": {

192
src/json/schema/schema/oci/runtime/config-linux.json
View File

@ -8,7 +8,7 @@
"id": "https://opencontainers.org/schema/bundle/linux/devices", "id": "https://opencontainers.org/schema/bundle/linux/devices",
"type": "array", "type": "array",
"items": { "items": {
"$ref": "defs-linux.json#/definitions/Device" "$ref": "../../defs.json#/definitions/Device"
} }
}, },
"uidMappings": { "uidMappings": {
@ -31,197 +31,21 @@
"items": { "items": {
"anyOf": [ "anyOf": [
{ {
"$ref": "defs-linux.json#/definitions/NamespaceReference" "$ref": "../../defs.json#/definitions/NamespaceReference"
} }
] ]
} }
}, },
"resources": { "resources": {
"id": "https://opencontainers.org/schema/bundle/linux/resources", "$ref": "../../defs.json#/definitions/resources"
"type": "object", },
"properties": {
"devices": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/devices",
"type": "array",
"items": {
"$ref": "defs-linux.json#/definitions/DeviceCgroup"
}
},
"pids": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/pids",
"type": "object",
"properties": {
"limit": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/pids/limit",
"$ref": "../../defs.json#/definitions/int64"
}
},
"required": [
"limit"
]
},
"blockIO": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO",
"type": "object",
"properties": {
"weight": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/weight",
"$ref": "defs-linux.json#/definitions/weight"
},
"leafWeight": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/leafWeight",
"$ref": "defs-linux.json#/definitions/weight"
},
"throttleReadBpsDevice": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/throttleReadBpsDevice",
"type": "array",
"items": {
"$ref": "defs-linux.json#/definitions/blockIODeviceThrottle"
}
},
"throttleWriteBpsDevice": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/throttleWriteBpsDevice",
"type": "array",
"items": {
"$ref": "defs-linux.json#/definitions/blockIODeviceThrottle"
}
},
"throttleReadIOPSDevice": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/throttleReadIOPSDevice",
"type": "array",
"items": {
"$ref": "defs-linux.json#/definitions/blockIODeviceThrottle"
}
},
"throttleWriteIOPSDevice": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/throttleWriteIOPSDevice",
"type": "array",
"items": {
"$ref": "defs-linux.json#/definitions/blockIODeviceThrottle"
}
},
"weightDevice": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/weightDevice",
"type": "array",
"items": {
"$ref": "defs-linux.json#/definitions/blockIODeviceWeight"
}
}
}
},
"cpu": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/cpu",
"type": "object",
"properties": {
"cpus": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/cpus",
"type": "string"
},
"mems": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/mems",
"type": "string"
},
"period": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/period",
"$ref": "../../defs.json#/definitions/uint64"
},
"quota": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/quota",
"$ref": "../../defs.json#/definitions/int64"
},
"realtimePeriod": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/realtimePeriod",
"$ref": "../../defs.json#/definitions/uint64"
},
"realtimeRuntime": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/realtimeRuntime",
"$ref": "../../defs.json#/definitions/int64"
},
"shares": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/shares",
"$ref": "../../defs.json#/definitions/uint64"
}
}
},
"hugepageLimits": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/hugepageLimits",
"type": "array",
"items": {
"type": "object",
"properties": {
"pageSize": {
"type": "string"
},
"limit": {
"$ref": "../../defs.json#/definitions/uint64"
}
},
"required": [
"pageSize",
"limit"
]
}
},
"memory": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/memory",
"type": "object",
"properties": {
"kernel": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/memory/kernel",
"$ref": "../../defs.json#/definitions/int64"
},
"kernelTCP": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/memory/kernelTCP",
"$ref": "../../defs.json#/definitions/int64"
},
"limit": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/memory/limit",
"$ref": "../../defs.json#/definitions/int64"
},
"reservation": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/memory/reservation",
"$ref": "../../defs.json#/definitions/int64"
},
"swap": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/memory/swap",
"$ref": "../../defs.json#/definitions/int64"
},
"swappiness": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/memory/swappiness",
"$ref": "../../defs.json#/definitions/uint64"
},
"disableOOMKiller": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/memory/disableOOMKiller",
"type": "boolean"
}
}
},
"network": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/network",
"type": "object",
"properties": {
"classID": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/network/classId",
"$ref": "../../defs.json#/definitions/uint32"
},
"priorities": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/network/priorities",
"type": "array",
"items": {
"$ref": "defs-linux.json#/definitions/NetworkInterfacePriority"
}
}
}
}
}
},
"cgroupsPath": { "cgroupsPath": {
"id": "https://opencontainers.org/schema/bundle/linux/cgroupsPath", "id": "https://opencontainers.org/schema/bundle/linux/cgroupsPath",
"type": "string" "type": "string"
}, },
"rootfsPropagation": { "rootfsPropagation": {
"id": "https://opencontainers.org/schema/bundle/linux/rootfsPropagation", "id": "https://opencontainers.org/schema/bundle/linux/rootfsPropagation",
"$ref": "defs-linux.json#/definitions/RootfsPropagation" "$ref": "../../defs.json#/definitions/RootfsPropagation"
}, },
"seccomp": { "seccomp": {
"id": "https://opencontainers.org/schema/bundle/linux/seccomp", "id": "https://opencontainers.org/schema/bundle/linux/seccomp",
@ -235,14 +59,14 @@
"id": "https://opencontainers.org/schema/bundle/linux/seccomp/architectures", "id": "https://opencontainers.org/schema/bundle/linux/seccomp/architectures",
"type": "array", "type": "array",
"items": { "items": {
"$ref": "defs-linux.json#/definitions/SeccompArch" "$ref": "../../defs.json#/definitions/SeccompArch"
} }
}, },
"syscalls": { "syscalls": {
"id": "https://opencontainers.org/schema/bundle/linux/seccomp/syscalls", "id": "https://opencontainers.org/schema/bundle/linux/seccomp/syscalls",
"type": "array", "type": "array",
"items": { "items": {
"$ref": "defs-linux.json#/definitions/Syscall" "$ref": "../../defs.json#/definitions/Syscall"
} }
} }
}, },

270
src/json/schema/schema/oci/runtime/defs-linux.json
View File

@ -1,270 +0,0 @@
{
"definitions": {
"RootfsPropagation": {
"type": "string",
"enum": [
"private",
"shared",
"slave",
"unbindable"
]
},
"SeccompArch": {
"type": "string",
"enum": [
"SCMP_ARCH_X86",
"SCMP_ARCH_X86_64",
"SCMP_ARCH_X32",
"SCMP_ARCH_ARM",
"SCMP_ARCH_AARCH64",
"SCMP_ARCH_MIPS",
"SCMP_ARCH_MIPS64",
"SCMP_ARCH_MIPS64N32",
"SCMP_ARCH_MIPSEL",
"SCMP_ARCH_MIPSEL64",
"SCMP_ARCH_MIPSEL64N32",
"SCMP_ARCH_PPC",
"SCMP_ARCH_PPC64",
"SCMP_ARCH_PPC64LE",
"SCMP_ARCH_S390",
"SCMP_ARCH_S390X",
"SCMP_ARCH_PARISC",
"SCMP_ARCH_PARISC64"
]
},
"SeccompAction": {
"type": "string",
"enum": [
"SCMP_ACT_KILL",
"SCMP_ACT_TRAP",
"SCMP_ACT_ERRNO",
"SCMP_ACT_TRACE",
"SCMP_ACT_ALLOW"
]
},
"SeccompOperators": {
"type": "string",
"enum": [
"SCMP_CMP_NE",
"SCMP_CMP_LT",
"SCMP_CMP_LE",
"SCMP_CMP_EQ",
"SCMP_CMP_GE",
"SCMP_CMP_GT",
"SCMP_CMP_MASKED_EQ"
]
},
"SyscallArg": {
"type": "object",
"properties": {
"index": {
"$ref": "../../defs.json#/definitions/uint32"
},
"value": {
"$ref": "../../defs.json#/definitions/uint64"
},
"valueTwo": {
"$ref": "../../defs.json#/definitions/uint64"
},
"op": {
"$ref": "#/definitions/SeccompOperators"
}
},
"required": [
"index",
"value",
"op"
]
},
"Syscall": {
"type": "object",
"properties": {
"names": {
"type": "array",
"items": {
"type": "string"
},
"minItems": 1
},
"action": {
"$ref": "#/definitions/SeccompAction"
},
"args": {
"type": "array",
"items": {
"$ref": "#/definitions/SyscallArg"
}
}
},
"required": [
"names",
"action"
]
},
"Major": {
"description": "major device number",
"$ref": "../../defs.json#/definitions/int64"
},
"Minor": {
"description": "minor device number",
"$ref": "../../defs.json#/definitions/int64"
},
"FileMode": {
"description": "File permissions mode (typically an octal value)",
"type": "integer",
"minimum": 0,
"maximum": 512
},
"FileType": {
"description": "Type of a block or special character device",
"type": "string",
"pattern": "^[cbup]$"
},
"Device": {
"type": "object",
"required": [
"type",
"path"
],
"properties": {
"type": {
"$ref": "#/definitions/FileType"
},
"path": {
"$ref": "../../defs.json#/definitions/FilePath"
},
"fileMode": {
"$ref": "#/definitions/FileMode"
},
"major": {
"$ref": "#/definitions/Major"
},
"minor": {
"$ref": "#/definitions/Minor"
},
"uid": {
"$ref": "../../defs.json#/definitions/UID"
},
"gid": {
"$ref": "../../defs.json#/definitions/GID"
}
}
},
"weight": {
"type": "integer"
},
"blockIODevice": {
"type": "object",
"properties": {
"major": {
"$ref": "#/definitions/Major"
},
"minor": {
"$ref": "#/definitions/Minor"
}
},
"required": [
"major",
"minor"
]
},
"blockIODeviceWeight": {
"type": "object",
"allOf": [
{
"$ref": "#/definitions/blockIODevice"
},
{
"type": "object",
"properties": {
"weight": {
"$ref": "#/definitions/weight"
},
"leafWeight": {
"$ref": "#/definitions/weight"
}
}
}
]
},
"blockIODeviceThrottle": {
"allOf": [
{
"$ref": "#/definitions/blockIODevice"
},
{
"type": "object",
"properties": {
"rate": {
"$ref": "../../defs.json#/definitions/uint64"
}
}
}
]
},
"DeviceCgroup": {
"type": "object",
"properties": {
"allow": {
"type": "boolean"
},
"type": {
"type": "string"
},
"major": {
"$ref": "#/definitions/Major"
},
"minor": {
"$ref": "#/definitions/Minor"
},
"access": {
"type": "string"
}
},
"required": [
"allow"
]
},
"NetworkInterfacePriority": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"priority": {
"$ref": "../../defs.json#/definitions/uint32"
}
},
"required": [
"name",
"priority"
]
},
"NamespaceType": {
"type": "string",
"enum": [
"mount",
"pid",
"network",
"uts",
"ipc",
"user",
"cgroup"
]
},
"NamespaceReference": {
"type": "object",
"properties": {
"type": {
"$ref": "#/definitions/NamespaceType"
},
"path": {
"$ref": "../../defs.json#/definitions/FilePath"
}
},
"required": [
"type"
]
}
}
}

2
src/json/schema/schema/oci/runtime/pspec.json
View File

@ -23,7 +23,7 @@
"id": "https://opencontainers.org/schema/bundle/linux/devices", "id": "https://opencontainers.org/schema/bundle/linux/devices",
"type": "array", "type": "array",
"items": { "items": {
"$ref": "defs-linux.json#/definitions/Device" "$ref": "../../defs.json#/definitions/Device"
} }
}, },
"resources": { "resources": {

150
src/json/schema/schema/oci/runtime/spec.json
View File

@ -56,155 +56,7 @@
} }
}, },
"process": { "process": {
"id": "https://opencontainers.org/schema/bundle/process", "$ref": "../../defs.json#/definitions/process"
"type": "object",
"required": [
"cwd",
"args"
],
"properties": {
"args": {
"id": "https://opencontainers.org/schema/bundle/process/args",
"$ref": "../../defs.json#/definitions/ArrayOfStrings"
},
"consoleSize": {
"id": "https://opencontainers.org/schema/bundle/process/consoleSize",
"type": "object",
"required": [
"height",
"width"
],
"properties": {
"height": {
"id": "https://opencontainers.org/schema/bundle/process/consoleSize/height",
"$ref": "../../defs.json#/definitions/uint64"
},
"width": {
"id": "https://opencontainers.org/schema/bundle/process/consoleSize/width",
"$ref": "../../defs.json#/definitions/uint64"
}
}
},
"cwd": {
"id": "https://opencontainers.org/schema/bundle/process/cwd",
"type": "string"
},
"env": {
"id": "https://opencontainers.org/schema/bundle/process/env",
"$ref": "../../defs.json#/definitions/Env"
},
"terminal": {
"id": "https://opencontainers.org/schema/bundle/process/terminal",
"type": "boolean"
},
"user": {
"id": "https://opencontainers.org/schema/bundle/process/user",
"type": "object",
"properties": {
"uid": {
"id": "https://opencontainers.org/schema/bundle/process/user/uid",
"$ref": "../../defs.json#/definitions/UID"
},
"gid": {
"id": "https://opencontainers.org/schema/bundle/process/user/gid",
"$ref": "../../defs.json#/definitions/GID"
},
"additionalGids": {
"id": "https://opencontainers.org/schema/bundle/process/user/additionalGids",
"$ref": "../../defs.json#/definitions/ArrayOfGIDs"
},
"username": {
"id": "https://opencontainers.org/schema/bundle/process/user/username",
"type": "string"
}
}
},
"capabilities": {
"id": "https://opencontainers.org/schema/bundle/process/linux/capabilities",
"type": "object",
"properties": {
"bounding": {
"id": "https://opencontainers.org/schema/bundle/process/linux/capabilities/bounding",
"type": "array",
"items": {
"type": "string"
}
},
"permitted": {
"id": "https://opencontainers.org/schema/bundle/process/linux/capabilities/permitted",
"type": "array",
"items": {
"type": "string"
}
},
"effective": {
"id": "https://opencontainers.org/schema/bundle/process/linux/capabilities/effective",
"type": "array",
"items": {
"type": "string"
}
},
"inheritable": {
"id": "https://opencontainers.org/schema/bundle/process/linux/capabilities/inheritable",
"type": "array",
"items": {
"type": "string"
}
},
"ambient": {
"id": "https://opencontainers.org/schema/bundle/process/linux/capabilities/ambient",
"type": "array",
"items": {
"type": "string"
}
}
}
},
"apparmorProfile": {
"id": "https://opencontainers.org/schema/bundle/process/linux/apparmorProfile",
"type": "string"
},
"oomScoreAdj": {
"id": "https://opencontainers.org/schema/bundle/process/linux/oomScoreAdj",
"type": "integer"
},
"selinuxLabel": {
"id": "https://opencontainers.org/schema/bundle/process/linux/selinuxLabel",
"type": "string"
},
"noNewPrivileges": {
"id": "https://opencontainers.org/schema/bundle/process/linux/noNewPrivileges",
"type": "boolean"
},
"rlimits": {
"id": "https://opencontainers.org/schema/bundle/linux/rlimits",
"type": "array",
"items": {
"id": "https://opencontainers.org/schema/bundle/linux/rlimits/0",
"type": "object",
"required": [
"type",
"soft",
"hard"
],
"properties": {
"hard": {
"id": "https://opencontainers.org/schema/bundle/linux/rlimits/0/hard",
"$ref": "../../defs.json#/definitions/uint64"
},
"soft": {
"id": "https://opencontainers.org/schema/bundle/linux/rlimits/0/soft",
"$ref": "../../defs.json#/definitions/uint64"
},
"type": {
"id": "https://opencontainers.org/schema/bundle/linux/rlimits/0/type",
"type": "string",
"pattern": "^RLIMIT_[A-Z]+$"
}
}
}
}
}
}, },
"linux": { "linux": {
"$ref": "config-linux.json#/linux" "$ref": "config-linux.json#/linux"

2
src/json/schema/src/read_file.c
View File

@ -1,7 +1,7 @@
/* /*
Copyright 2017 Giuseppe Scrivano Copyright 2017 Giuseppe Scrivano
Copyright (C) Huawei Technologies., Ltd. 2018-2019. All rights reserved. Copyright (C) Huawei Technologies., Ltd. 2018-2019. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License. you may not use this file except in compliance with the License.
You may obtain a copy of the License at You may obtain a copy of the License at

2
src/json/schema/src/read_file.h
View File

@ -1,7 +1,7 @@
/* /*
Copyright 2017 Giuseppe Scrivano Copyright 2017 Giuseppe Scrivano
Copyright (C) Huawei Technologies., Ltd. 2018-2019. All rights reserved. Copyright (C) Huawei Technologies., Ltd. 2018-2019. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License. you may not use this file except in compliance with the License.
You may obtain a copy of the License at You may obtain a copy of the License at

1
src/namespace.h
View File

@ -40,6 +40,7 @@
#define TYPE_NAMESPACE_CGROUP "cgroup" #define TYPE_NAMESPACE_CGROUP "cgroup"
#define ETC_HOSTS "/etc/hosts" #define ETC_HOSTS "/etc/hosts"
#define ETC_HOSTNAME "/etc/hostname"
#define RESOLV_CONF_PATH "/etc/resolv.conf" #define RESOLV_CONF_PATH "/etc/resolv.conf"
static inline bool is_host(const char *mode) static inline bool is_host(const char *mode)

138
src/pack_config.c
View File

@ -25,11 +25,11 @@
#include "log.h" #include "log.h"
#include "pack_config.h" #include "pack_config.h"
#include "container_custom_config.h"
#include "host_config.h" #include "host_config.h"
#include "utils.h" #include "utils.h"
#include "parse_common.h" #include "parse_common.h"
#include "path.h" #include "path.h"
#include "container_config.h"
static bool parse_restart_policy(const char *policy, host_config_restart_policy **rp) static bool parse_restart_policy(const char *policy, host_config_restart_policy **rp)
{ {
@ -1775,33 +1775,33 @@ out:
return ret; return ret;
} }
static int pack_container_custom_config_log(container_custom_config *custom_spec, static int pack_container_custom_config_log(container_config *container_spec,
const isula_container_config_t *custom_conf) const isula_container_config_t *custom_conf)
{ {
int ret = 0; int ret = 0;
/* log config */ /* log config */
custom_spec->log_config = util_common_calloc_s(sizeof(container_custom_config_log_config)); container_spec->log_config = util_common_calloc_s(sizeof(container_config_log_config));
if (custom_spec->log_config == NULL) { if (container_spec->log_config == NULL) {
ret = -1; ret = -1;
goto out; goto out;
} }
if (custom_conf->log_file != NULL) { if (custom_conf->log_file != NULL) {
custom_spec->log_config->log_file = util_strdup_s(custom_conf->log_file); container_spec->log_config->log_file = util_strdup_s(custom_conf->log_file);
} }
if (custom_conf->log_file_size != NULL) { if (custom_conf->log_file_size != NULL) {
custom_spec->log_config->log_file_size = util_strdup_s(custom_conf->log_file_size); container_spec->log_config->log_file_size = util_strdup_s(custom_conf->log_file_size);
} }
if (custom_conf->log_file_rotate) { if (custom_conf->log_file_rotate) {
custom_spec->log_config->log_file_rotate = custom_conf->log_file_rotate; container_spec->log_config->log_file_rotate = custom_conf->log_file_rotate;
} }
out: out:
return ret; return ret;
} }
static int pack_container_custom_config_args(container_custom_config *custom_spec, static int pack_container_custom_config_args(container_config *container_spec,
const isula_container_config_t *custom_conf) const isula_container_config_t *custom_conf)
{ {
int ret = 0; int ret = 0;
@ -1809,13 +1809,13 @@ static int pack_container_custom_config_args(container_custom_config *custom_spe
/* entrypoint */ /* entrypoint */
if (util_valid_str(custom_conf->entrypoint)) { if (util_valid_str(custom_conf->entrypoint)) {
custom_spec->entrypoint = util_common_calloc_s(sizeof(char *)); container_spec->entrypoint = util_common_calloc_s(sizeof(char *));
if (custom_spec->entrypoint == NULL) { if (container_spec->entrypoint == NULL) {
ret = -1; ret = -1;
goto out; goto out;
} }
custom_spec->entrypoint[0] = util_strdup_s(custom_conf->entrypoint); container_spec->entrypoint[0] = util_strdup_s(custom_conf->entrypoint);
custom_spec->entrypoint_len++; container_spec->entrypoint_len++;
} }
/* commands */ /* commands */
@ -1825,14 +1825,14 @@ static int pack_container_custom_config_args(container_custom_config *custom_spe
ret = -1; ret = -1;
goto out; goto out;
} }
custom_spec->cmd = util_common_calloc_s(custom_conf->cmd_len * sizeof(char *)); container_spec->cmd = util_common_calloc_s(custom_conf->cmd_len * sizeof(char *));
if (custom_spec->cmd == NULL) { if (container_spec->cmd == NULL) {
ret = -1; ret = -1;
goto out; goto out;
} }
for (i = 0; i < (int)custom_conf->cmd_len; i++) { for (i = 0; i < (int)custom_conf->cmd_len; i++) {
custom_spec->cmd[custom_spec->cmd_len] = util_strdup_s(custom_conf->cmd[i]); container_spec->cmd[container_spec->cmd_len] = util_strdup_s(custom_conf->cmd[i]);
custom_spec->cmd_len++; container_spec->cmd_len++;
} }
} }
@ -1840,7 +1840,7 @@ out:
return ret; return ret;
} }
static int pack_container_custom_config_mounts(container_custom_config *custom_spec, static int pack_container_custom_config_mounts(container_config *container_spec,
const isula_container_config_t *custom_conf) const isula_container_config_t *custom_conf)
{ {
int ret = 0; int ret = 0;
@ -1853,21 +1853,21 @@ static int pack_container_custom_config_mounts(container_custom_config *custom_s
ret = -1; ret = -1;
goto out; goto out;
} }
custom_spec->mounts = util_common_calloc_s(custom_conf->mounts_len * sizeof(char *)); container_spec->mounts = util_common_calloc_s(custom_conf->mounts_len * sizeof(char *));
if (custom_spec->mounts == NULL) { if (container_spec->mounts == NULL) {
ret = -1; ret = -1;
goto out; goto out;
} }
for (i = 0; i < (int)custom_conf->mounts_len; i++) { for (i = 0; i < (int)custom_conf->mounts_len; i++) {
custom_spec->mounts[custom_spec->mounts_len] = util_strdup_s(custom_conf->mounts[i]); container_spec->mounts[container_spec->mounts_len] = util_strdup_s(custom_conf->mounts[i]);
custom_spec->mounts_len++; container_spec->mounts_len++;
} }
} }
out: out:
return ret; return ret;
} }
static int pack_container_custom_config_array(container_custom_config *custom_spec, static int pack_container_custom_config_array(container_config *container_spec,
const isula_container_config_t *custom_conf) const isula_container_config_t *custom_conf)
{ {
int ret = 0; int ret = 0;
@ -1879,14 +1879,14 @@ static int pack_container_custom_config_array(container_custom_config *custom_sp
COMMAND_ERROR("Too many environment variables"); COMMAND_ERROR("Too many environment variables");
return -1; return -1;
} }
custom_spec->env = util_common_calloc_s(custom_conf->env_len * sizeof(char *)); container_spec->env = util_common_calloc_s(custom_conf->env_len * sizeof(char *));
if (custom_spec->env == NULL) { if (container_spec->env == NULL) {
ret = -1; ret = -1;
goto out; goto out;
} }
for (i = 0; i < (int)custom_conf->env_len; i++) { for (i = 0; i < (int)custom_conf->env_len; i++) {
custom_spec->env[custom_spec->env_len] = util_strdup_s(custom_conf->env[i]); container_spec->env[container_spec->env_len] = util_strdup_s(custom_conf->env[i]);
custom_spec->env_len++; container_spec->env_len++;
} }
} }
@ -1907,7 +1907,7 @@ static bool have_health_check(const isula_container_config_t *custom_conf)
return have_health_settings; return have_health_settings;
} }
static int pack_custom_no_health_check(container_custom_config *custom_spec, bool have_health_settings, static int pack_custom_no_health_check(container_config *container_spec, bool have_health_settings,
defs_health_check *health_config) defs_health_check *health_config)
{ {
int ret = 0; int ret = 0;
@ -1923,13 +1923,13 @@ static int pack_custom_no_health_check(container_custom_config *custom_spec, boo
goto out; goto out;
} }
health_config->test[health_config->test_len++] = util_strdup_s("NONE"); health_config->test[health_config->test_len++] = util_strdup_s("NONE");
custom_spec->health_check = health_config; container_spec->health_check = health_config;
out: out:
return ret; return ret;
} }
static int pack_custom_with_health_check(container_custom_config *custom_spec, static int pack_custom_with_health_check(container_config *container_spec,
const isula_container_config_t *custom_conf, bool have_health_settings, const isula_container_config_t *custom_conf, bool have_health_settings,
defs_health_check *health_config) defs_health_check *health_config)
{ {
@ -1953,23 +1953,23 @@ static int pack_custom_with_health_check(container_custom_config *custom_spec,
health_config->start_period = custom_conf->health_start_period; health_config->start_period = custom_conf->health_start_period;
health_config->retries = custom_conf->health_retries; health_config->retries = custom_conf->health_retries;
health_config->exit_on_unhealthy = custom_conf->exit_on_unhealthy; health_config->exit_on_unhealthy = custom_conf->exit_on_unhealthy;
if (custom_spec->health_check != NULL) { if (container_spec->health_check != NULL) {
free_defs_health_check(custom_spec->health_check); free_defs_health_check(container_spec->health_check);
} }
custom_spec->health_check = health_config; container_spec->health_check = health_config;
out: out:
return ret; return ret;
} }
static int pack_container_custom_config_health(container_custom_config *custom_spec, static int pack_container_custom_config_health(container_config *container_spec,
const isula_container_config_t *custom_conf) const isula_container_config_t *custom_conf)
{ {
int ret = 0; int ret = 0;
bool have_health_settings = false; bool have_health_settings = false;
defs_health_check *health_config = NULL; defs_health_check *health_config = NULL;
if (custom_spec == NULL || custom_conf == NULL) { if (container_spec == NULL || custom_conf == NULL) {
return 0; return 0;
} }
@ -1982,12 +1982,12 @@ static int pack_container_custom_config_health(container_custom_config *custom_s
} }
if (custom_conf->no_healthcheck) { if (custom_conf->no_healthcheck) {
ret = pack_custom_no_health_check(custom_spec, have_health_settings, health_config); ret = pack_custom_no_health_check(container_spec, have_health_settings, health_config);
if (ret != 0) { if (ret != 0) {
goto out; goto out;
} }
} else if (have_health_settings) { } else if (have_health_settings) {
ret = pack_custom_with_health_check(custom_spec, custom_conf, have_health_settings, health_config); ret = pack_custom_with_health_check(container_spec, custom_conf, have_health_settings, health_config);
if (ret != 0) { if (ret != 0) {
goto out; goto out;
} }
@ -2002,21 +2002,21 @@ out:
return ret; return ret;
} }
static int pack_container_custom_config_annotation(container_custom_config *custom_spec, static int pack_container_custom_config_annotation(container_config *container_spec,
const isula_container_config_t *custom_conf) const isula_container_config_t *custom_conf)
{ {
int ret = 0; int ret = 0;
size_t j; size_t j;
custom_spec->annotations = util_common_calloc_s(sizeof(json_map_string_string)); container_spec->annotations = util_common_calloc_s(sizeof(json_map_string_string));
if (custom_spec->annotations == NULL) { if (container_spec->annotations == NULL) {
ERROR("Out of memory"); ERROR("Out of memory");
ret = -1; ret = -1;
goto out; goto out;
} }
if (custom_conf->annotations != NULL) { if (custom_conf->annotations != NULL) {
for (j = 0; j < custom_conf->annotations->len; j++) { for (j = 0; j < custom_conf->annotations->len; j++) {
if (append_json_map_string_string(custom_spec->annotations, custom_conf->annotations->keys[j], if (append_json_map_string_string(container_spec->annotations, custom_conf->annotations->keys[j],
custom_conf->annotations->values[j])) { custom_conf->annotations->values[j])) {
ERROR("Append map failed"); ERROR("Append map failed");
ret = -1; ret = -1;
@ -2028,32 +2028,32 @@ out:
return ret; return ret;
} }
static int pack_container_custom_config_pre(container_custom_config *custom_spec, static int pack_container_custom_config_pre(container_config *container_spec,
const isula_container_config_t *custom_conf) const isula_container_config_t *custom_conf)
{ {
int ret = 0; int ret = 0;
ret = pack_container_custom_config_log(custom_spec, custom_conf); ret = pack_container_custom_config_log(container_spec, custom_conf);
if (ret != 0) { if (ret != 0) {
goto out; goto out;
} }
ret = pack_container_custom_config_args(custom_spec, custom_conf); ret = pack_container_custom_config_args(container_spec, custom_conf);
if (ret != 0) { if (ret != 0) {
goto out; goto out;
} }
ret = pack_container_custom_config_mounts(custom_spec, custom_conf); ret = pack_container_custom_config_mounts(container_spec, custom_conf);
if (ret != 0) { if (ret != 0) {
goto out; goto out;
} }
ret = pack_container_custom_config_array(custom_spec, custom_conf); ret = pack_container_custom_config_array(container_spec, custom_conf);
if (ret != 0) { if (ret != 0) {
goto out; goto out;
} }
ret = pack_container_custom_config_health(custom_spec, custom_conf); ret = pack_container_custom_config_health(container_spec, custom_conf);
if (ret != 0) { if (ret != 0) {
goto out; goto out;
} }
@ -2062,75 +2062,75 @@ out:
} }
/* translate create_custom_config to container_custom_config */ /* translate create_custom_config to container_custom_config */
static int pack_container_custom_config(container_custom_config *custom_spec, static int pack_container_custom_config(container_config *container_spec,
const isula_container_config_t *custom_conf) const isula_container_config_t *custom_conf)
{ {
int ret = -1; int ret = -1;
if (custom_spec == NULL || custom_conf == NULL) { if (container_spec == NULL || custom_conf == NULL) {
return ret; return ret;
} }
ret = pack_container_custom_config_pre(custom_spec, custom_conf); ret = pack_container_custom_config_pre(container_spec, custom_conf);
if (ret != 0) { if (ret != 0) {
goto out; goto out;
} }
if (custom_conf->hostname != NULL) { if (custom_conf->hostname != NULL) {
custom_spec->hostname = util_strdup_s(custom_conf->hostname); container_spec->hostname = util_strdup_s(custom_conf->hostname);
} }
/* console config */ /* console config */
custom_spec->tty = custom_conf->tty; container_spec->tty = custom_conf->tty;
custom_spec->open_stdin = custom_conf->open_stdin; container_spec->open_stdin = custom_conf->open_stdin;
custom_spec->attach_stdin = custom_conf->attach_stdin; container_spec->attach_stdin = custom_conf->attach_stdin;
custom_spec->attach_stdout = custom_conf->attach_stdout; container_spec->attach_stdout = custom_conf->attach_stdout;
custom_spec->attach_stderr = custom_conf->attach_stderr; container_spec->attach_stderr = custom_conf->attach_stderr;
/* user and group */ /* user and group */
if (custom_conf->user != NULL) { if (custom_conf->user != NULL) {
custom_spec->user = util_strdup_s(custom_conf->user); container_spec->user = util_strdup_s(custom_conf->user);
} }
/* settings for system container */ /* settings for system container */
if (custom_conf->system_container) { if (custom_conf->system_container) {
custom_spec->system_container = custom_conf->system_container; container_spec->system_container = custom_conf->system_container;
} }
if (custom_conf->ns_change_opt != NULL) { if (custom_conf->ns_change_opt != NULL) {
custom_spec->ns_change_opt = util_strdup_s(custom_conf->ns_change_opt); container_spec->ns_change_opt = util_strdup_s(custom_conf->ns_change_opt);
} }
ret = pack_container_custom_config_annotation(custom_spec, custom_conf); ret = pack_container_custom_config_annotation(container_spec, custom_conf);
if (ret != 0) { if (ret != 0) {
goto out; goto out;
} }
if (custom_conf->workdir != NULL) { if (custom_conf->workdir != NULL) {
custom_spec->working_dir = util_strdup_s(custom_conf->workdir); container_spec->working_dir = util_strdup_s(custom_conf->workdir);
} }
out: out:
return ret; return ret;
} }
int generate_container_config(const isula_container_config_t *custom_conf, char **custom_config_str) int generate_container_config(const isula_container_config_t *custom_conf, char **container_config_str)
{ {
int ret = 0; int ret = 0;
container_custom_config *custom_spec = NULL; container_config *container_spec = NULL;
struct parser_context ctx = { OPT_GEN_SIMPLIFY, 0 }; struct parser_context ctx = { OPT_GEN_SIMPLIFY, 0 };
parser_error err = NULL; parser_error err = NULL;
/* step 1: malloc the container_custom_config */ /* step 1: malloc the container config */
custom_spec = util_common_calloc_s(sizeof(container_custom_config)); container_spec = util_common_calloc_s(sizeof(container_config));
if (custom_spec == NULL) { if (container_spec == NULL) {
ERROR("Memory out"); ERROR("Memory out");
ret = -1; ret = -1;
goto out; goto out;
} }
/* step 2: pack the container custom config */ /* step 2: pack the container custom config */
ret = pack_container_custom_config(custom_spec, custom_conf); ret = pack_container_custom_config(container_spec, custom_conf);
if (ret != 0) { if (ret != 0) {
ERROR("Failed to pack the container custom config"); ERROR("Failed to pack the container custom config");
ret = -1; ret = -1;
@ -2138,15 +2138,15 @@ int generate_container_config(const isula_container_config_t *custom_conf, char
} }
/* step 3: generate the config string */ /* step 3: generate the config string */
*custom_config_str = container_custom_config_generate_json(custom_spec, &ctx, &err); *container_config_str = container_config_generate_json(container_spec, &ctx, &err);
if (*custom_config_str == NULL) { if (*container_config_str == NULL) {
ERROR("Failed to generate OCI specification json string"); ERROR("Failed to generate OCI specification json string");
ret = -1; ret = -1;
goto out; goto out;
} }
out: out:
free_container_custom_config(custom_spec); free_container_config(container_spec);
free(err); free(err);
return ret; return ret;

2
src/pack_config.h
View File

@ -24,7 +24,7 @@ extern "C" {
int generate_hostconfig(const isula_host_config_t *srcconfig, char **hostconfigstr); int generate_hostconfig(const isula_host_config_t *srcconfig, char **hostconfigstr);
int generate_container_config(const isula_container_config_t *custom_conf, int generate_container_config(const isula_container_config_t *custom_conf,
char **custom_config_str); char **container_config_str);
#ifdef __cplusplus #ifdef __cplusplus
} }

34
src/plugin/plugin.c
View File

@ -211,7 +211,7 @@ static int set_env_enable_plugins(oci_runtime_spec *oci)
if (oci->process == NULL) { if (oci->process == NULL) {
ERROR("BUG oci->process should not be nil"); ERROR("BUG oci->process should not be nil");
oci->process = util_common_calloc_s(sizeof(oci_runtime_spec_process)); oci->process = util_common_calloc_s(sizeof(defs_process));
if (oci->process == NULL) { if (oci->process == NULL) {
ERROR("out of memory"); ERROR("out of memory");
goto failed; goto failed;
@ -880,6 +880,7 @@ out:
int pm_activate_plugin(plugin_t *plugin) int pm_activate_plugin(plugin_t *plugin)
{ {
int ret = 0; int ret = 0;
int nret = 0;
plugin_activate_plugin_request reqs = { 0 }; plugin_activate_plugin_request reqs = { 0 };
char *body = NULL; char *body = NULL;
size_t body_len = 0; size_t body_len = 0;
@ -901,8 +902,8 @@ int pm_activate_plugin(plugin_t *plugin)
} }
body_len = strlen(body) + 1; body_len = strlen(body) + 1;
ret = snprintf(socket, PATH_MAX, "unix://%s", plugin->addr); nret = snprintf(socket, PATH_MAX, "unix://%s", plugin->addr);
if (ret < 0 || ret >= PATH_MAX) { if (nret < 0 || nret >= PATH_MAX) {
ERROR("get plugin socket failed"); ERROR("get plugin socket failed");
ret = -1; ret = -1;
goto out; goto out;
@ -1044,7 +1045,7 @@ static int pm_prepare_init_reqs(const plugin_t *plugin, plugin_init_plugin_reque
elem->status = get_status(cont); elem->status = get_status(cont);
ocic = read_oci_config(cont->root_path, elem->id); ocic = load_oci_config(cont->root_path, elem->id);
if (ocic == NULL) { if (ocic == NULL) {
ret = -1; ret = -1;
ERROR("read oci config failed"); ERROR("read oci config failed");
@ -1073,6 +1074,7 @@ out:
static int pm_init_plugin(const plugin_t *plugin) static int pm_init_plugin(const plugin_t *plugin)
{ {
int ret = 0; int ret = 0;
int nret = 0;
char **cnames = NULL; char **cnames = NULL;
size_t container_num = 0; size_t container_num = 0;
plugin_init_plugin_request reqs = { 0 }; plugin_init_plugin_request reqs = { 0 };
@ -1127,8 +1129,8 @@ static int pm_init_plugin(const plugin_t *plugin)
} }
body_len = strlen(body) + 1; body_len = strlen(body) + 1;
ret = snprintf(socket, PATH_MAX, "unix://%s", plugin->addr); nret = snprintf(socket, PATH_MAX, "unix://%s", plugin->addr);
if (ret < 0 || ret >= PATH_MAX) { if (nret < 0 || nret >= PATH_MAX) {
ERROR("get plugin socket failed %s", plugin->addr); ERROR("get plugin socket failed %s", plugin->addr);
ret = -1; ret = -1;
goto out; goto out;
@ -1443,6 +1445,7 @@ out:
static int plugin_event_pre_create_handle(const plugin_t *plugin, const char *cid, char **base) static int plugin_event_pre_create_handle(const plugin_t *plugin, const char *cid, char **base)
{ {
int ret = 0; int ret = 0;
int nret = 0;
char *body = NULL; char *body = NULL;
size_t body_len = 0; size_t body_len = 0;
struct parser_context ctx = { struct parser_context ctx = {
@ -1467,8 +1470,8 @@ static int plugin_event_pre_create_handle(const plugin_t *plugin, const char *ci
} }
body_len = strlen(body) + 1; body_len = strlen(body) + 1;
ret = snprintf(socket, sizeof(socket), "unix://%s", plugin->addr); nret = snprintf(socket, sizeof(socket), "unix://%s", plugin->addr);
if (ret < 0 || (size_t)ret >= sizeof(socket)) { if (nret < 0 || (size_t)nret >= sizeof(socket)) {
ERROR("get plugin socket failed %s", plugin->addr); ERROR("get plugin socket failed %s", plugin->addr);
ret = -1; ret = -1;
goto out; goto out;
@ -1618,6 +1621,7 @@ out:
static int plugin_event_pre_start_handle(const plugin_t *plugin, const char *cid) static int plugin_event_pre_start_handle(const plugin_t *plugin, const char *cid)
{ {
int ret = 0; int ret = 0;
int nret = 0;
char *body = NULL; char *body = NULL;
size_t body_len = 0; size_t body_len = 0;
struct parser_context ctx = { struct parser_context ctx = {
@ -1639,8 +1643,8 @@ static int plugin_event_pre_start_handle(const plugin_t *plugin, const char *cid
} }
body_len = strlen(body) + 1; body_len = strlen(body) + 1;
ret = snprintf(socket, sizeof(socket), "unix://%s", plugin->addr); nret = snprintf(socket, sizeof(socket), "unix://%s", plugin->addr);
if (ret < 0 || (size_t)ret >= sizeof(socket)) { if (nret < 0 || (size_t)nret >= sizeof(socket)) {
ERROR("get plugin socket failed %s", plugin->addr); ERROR("get plugin socket failed %s", plugin->addr);
ret = -1; ret = -1;
goto out; goto out;
@ -1717,6 +1721,7 @@ out:
static int plugin_event_post_stop_handle(const plugin_t *plugin, const char *cid) static int plugin_event_post_stop_handle(const plugin_t *plugin, const char *cid)
{ {
int ret = 0; int ret = 0;
int nret = 0;
char *body = NULL; char *body = NULL;
size_t body_len = 0; size_t body_len = 0;
struct parser_context ctx = { struct parser_context ctx = {
@ -1738,8 +1743,8 @@ static int plugin_event_post_stop_handle(const plugin_t *plugin, const char *cid
} }
body_len = strlen(body) + 1; body_len = strlen(body) + 1;
ret = snprintf(socket, sizeof(socket), "unix://%s", plugin->addr); nret = snprintf(socket, sizeof(socket), "unix://%s", plugin->addr);
if (ret < 0 || (size_t)ret >= sizeof(socket)) { if (nret < 0 || (size_t)nret >= sizeof(socket)) {
ERROR("get plugin socket failed %s", plugin->addr); ERROR("get plugin socket failed %s", plugin->addr);
ret = -1; ret = -1;
goto out; goto out;
@ -1815,6 +1820,7 @@ out:
static int plugin_event_post_remove_handle(const plugin_t *plugin, const char *cid) static int plugin_event_post_remove_handle(const plugin_t *plugin, const char *cid)
{ {
int ret = 0; int ret = 0;
int nret = 0;
char *body = NULL; char *body = NULL;
size_t body_len = 0; size_t body_len = 0;
struct parser_context ctx = { struct parser_context ctx = {
@ -1836,8 +1842,8 @@ static int plugin_event_post_remove_handle(const plugin_t *plugin, const char *c
} }
body_len = strlen(body) + 1; body_len = strlen(body) + 1;
ret = snprintf(socket, sizeof(socket), "unix://%s", plugin->addr); nret = snprintf(socket, sizeof(socket), "unix://%s", plugin->addr);
if (ret < 0 || (size_t)ret >= sizeof(socket)) { if (nret < 0 || (size_t)nret >= sizeof(socket)) {
ERROR("get plugin socket failed %s", plugin->addr); ERROR("get plugin socket failed %s", plugin->addr);
ret = -1; ret = -1;
goto out; goto out;

18
src/plugin/pspec.c
View File

@ -72,7 +72,7 @@ static oci_runtime_pspec *raw_get_pspec(oci_runtime_spec *oci)
return NULL; return NULL;
} }
if (oci->linux->resources != NULL && pspec->resources == NULL) { if (oci->linux->resources != NULL && pspec->resources == NULL) {
pspec->resources = util_common_calloc_s(sizeof(oci_runtime_config_linux_resources)); pspec->resources = util_common_calloc_s(sizeof(defs_resources));
if (pspec->resources == NULL) { if (pspec->resources == NULL) {
ERROR("Out of memory"); ERROR("Out of memory");
free_oci_runtime_pspec(pspec); free_oci_runtime_pspec(pspec);
@ -85,10 +85,10 @@ static oci_runtime_pspec *raw_get_pspec(oci_runtime_spec *oci)
PPR_UPDATE(pspec, oci, mounts, mounts_len, free_defs_mount); PPR_UPDATE(pspec, oci, mounts, mounts_len, free_defs_mount);
PPR_UPDATE(pspec, oci->process, env, env_len, free); PPR_UPDATE(pspec, oci->process, env, env_len, free);
PPR_UPDATE(pspec, oci->linux, devices, devices_len, free_oci_runtime_defs_linux_device); PPR_UPDATE(pspec, oci->linux, devices, devices_len, free_defs_device);
PPR_UPDATE(pspec->resources, oci->linux->resources, devices, devices_len, PPR_UPDATE(pspec->resources, oci->linux->resources, devices, devices_len,
free_oci_runtime_defs_linux_device_cgroup); free_defs_device_cgroup);
return pspec; return pspec;
} }
@ -99,7 +99,7 @@ static void raw_set_pspec(oci_runtime_spec *oci, oci_runtime_pspec *pspec)
return; return;
} }
if (pspec->resources != NULL && oci->linux->resources == NULL) { if (pspec->resources != NULL && oci->linux->resources == NULL) {
oci->linux->resources = util_common_calloc_s(sizeof(oci_runtime_config_linux_resources)); oci->linux->resources = util_common_calloc_s(sizeof(defs_resources));
if (oci->linux->resources == NULL) { if (oci->linux->resources == NULL) {
ERROR("out of memory"); ERROR("out of memory");
return; return;
@ -111,10 +111,10 @@ static void raw_set_pspec(oci_runtime_spec *oci, oci_runtime_pspec *pspec)
PPR_UPDATE(oci, pspec, mounts, mounts_len, free_defs_mount); PPR_UPDATE(oci, pspec, mounts, mounts_len, free_defs_mount);
PPR_UPDATE(oci->process, pspec, env, env_len, free); PPR_UPDATE(oci->process, pspec, env, env_len, free);
PPR_UPDATE(oci->linux, pspec, devices, devices_len, free_oci_runtime_defs_linux_device); PPR_UPDATE(oci->linux, pspec, devices, devices_len, free_defs_device);
PPR_UPDATE(oci->linux->resources, pspec->resources, devices, devices_len, PPR_UPDATE(oci->linux->resources, pspec->resources, devices, devices_len,
free_oci_runtime_defs_linux_device_cgroup); free_defs_device_cgroup);
} }
char *get_pspec(oci_runtime_spec *oci) char *get_pspec(oci_runtime_spec *oci)
@ -186,7 +186,7 @@ static void raw_update_pspec(oci_runtime_pspec *base, oci_runtime_pspec *new)
return; return;
} }
if (new->resources != NULL && base->resources == NULL) { if (new->resources != NULL && base->resources == NULL) {
base->resources = util_common_calloc_s(sizeof(oci_runtime_config_linux_resources)); base->resources = util_common_calloc_s(sizeof(defs_resources));
if (base->resources == NULL) { if (base->resources == NULL) {
ERROR("Out of memory"); ERROR("Out of memory");
return; return;
@ -198,9 +198,9 @@ static void raw_update_pspec(oci_runtime_pspec *base, oci_runtime_pspec *new)
PPR_UPDATE(base, new, mounts, mounts_len, free_defs_mount); PPR_UPDATE(base, new, mounts, mounts_len, free_defs_mount);
PPR_UPDATE(base, new, env, env_len, free); PPR_UPDATE(base, new, env, env_len, free);
PPR_UPDATE(base, new, devices, devices_len, free_oci_runtime_defs_linux_device); PPR_UPDATE(base, new, devices, devices_len, free_defs_device);
PPR_UPDATE(base->resources, new->resources, devices, devices_len, free_oci_runtime_defs_linux_device_cgroup); PPR_UPDATE(base->resources, new->resources, devices, devices_len, free_defs_device_cgroup);
} }
char *merge_pspec(const char *base, const char *data) char *merge_pspec(const char *base, const char *data)

64
src/runtime/lcr/lcr_rt_ops.c
View File

@ -55,7 +55,7 @@ int rt_lcr_create(const char *name, const char *runtime, const rt_create_params_
goto out; goto out;
} }
if (!engine_ops->engine_create_op(name, runtime_root, params->real_rootfs, params->oci_config_data)) { if (!engine_ops->engine_create_op(name, runtime_root, params->oci_config_data)) {
ERROR("Failed to create container"); ERROR("Failed to create container");
const char *tmpmsg = NULL; const char *tmpmsg = NULL;
tmpmsg = engine_ops->engine_get_errmsg_op(); tmpmsg = engine_ops->engine_get_errmsg_op();
@ -127,10 +127,6 @@ int rt_lcr_start(const char *name, const char *runtime, const rt_start_params_t
request.start_timeout = params->start_timeout; request.start_timeout = params->start_timeout;
request.container_pidfile = params->container_pidfile; request.container_pidfile = params->container_pidfile;
request.exit_fifo = params->exit_fifo; request.exit_fifo = params->exit_fifo;
request.uid = params->puser->uid;
request.gid = params->puser->gid;
request.additional_gids = params->puser->additional_gids;
request.additional_gids_len = params->puser->additional_gids_len;
if (!engine_ops->engine_start_op(&request)) { if (!engine_ops->engine_start_op(&request)) {
const char *tmpmsg = NULL; const char *tmpmsg = NULL;
@ -306,11 +302,51 @@ out:
} }
return ret; return ret;
} }
// user string(UID:GID)
static int generate_user_string_by_uid_gid(const defs_process_user *puser, char **user)
{
char uid_str[ISULAD_NUMSTRLEN32] = { 0 };
char gid_str[ISULAD_NUMSTRLEN32] = { 0 };
size_t len;
int nret = 0;
nret = snprintf(uid_str, ISULAD_NUMSTRLEN32, "%u", (unsigned int)puser->uid);
if (nret < 0 || nret >= ISULAD_NUMSTRLEN32) {
ERROR("Invalid UID:%u", (unsigned int)puser->uid);
return -1;
}
nret = snprintf(gid_str, ISULAD_NUMSTRLEN32, "%u", (unsigned int)puser->gid);
if (nret < 0 || nret >= ISULAD_NUMSTRLEN32) {
ERROR("Invalid attach uid value :%u", (unsigned int)puser->gid);
return -1;
}
len = strlen(uid_str) + 1 + strlen(gid_str) + 1;
*user = (char *)util_common_calloc_s(len * sizeof(char));
if (*user == NULL) {
ERROR("Out of memory");
return -1;
}
nret = snprintf(*user, len, "%u:%u", (unsigned int)puser->uid, (unsigned int)puser->gid);
if (nret < 0 || (size_t)nret >= len) {
ERROR("Invalid UID:GID (%u:%u)", (unsigned int)puser->uid, (unsigned int)puser->gid);
free(*user);
*user = NULL;
return -1;
}
return 0;
}
int rt_lcr_exec(const char *id, const char *runtime, const rt_exec_params_t *params, int *exit_code) int rt_lcr_exec(const char *id, const char *runtime, const rt_exec_params_t *params, int *exit_code)
{ {
int ret = 0; int ret = 0;
struct engine_operation *engine_ops = NULL; struct engine_operation *engine_ops = NULL;
engine_exec_request_t request = { 0 }; engine_exec_request_t request = { 0 };
char *user = NULL;
engine_ops = engines_get_handler(runtime); engine_ops = engines_get_handler(runtime);
if (engine_ops == NULL || engine_ops->engine_exec_op == NULL) { if (engine_ops == NULL || engine_ops->engine_exec_op == NULL) {
@ -323,14 +359,20 @@ int rt_lcr_exec(const char *id, const char *runtime, const rt_exec_params_t *par
request.lcrpath = params->rootpath; request.lcrpath = params->rootpath;
request.logpath = params->logpath; request.logpath = params->logpath;
request.loglevel = params->loglevel; request.loglevel = params->loglevel;
request.args = (const char **)params->args; request.args = (const char **)params->spec->args;
request.args_len = params->args_len; request.args_len = params->spec->args_len;
request.env = (const char **)params->envs; request.env = (const char **)params->spec->env;
request.env_len = params->envs_len; request.env_len = params->spec->env_len;
request.console_fifos = params->console_fifos; request.console_fifos = params->console_fifos;
request.timeout = params->timeout; request.timeout = params->timeout;
request.user = params->user;
request.suffix = params->suffix; request.suffix = params->suffix;
if (params->spec->user != NULL) {
if (generate_user_string_by_uid_gid(params->spec->user, &user) != 0) {
ret = -1;
goto out;
}
request.user = user;
}
if (!engine_ops->engine_exec_op(&request, exit_code)) { if (!engine_ops->engine_exec_op(&request, exit_code)) {
const char *tmpmsg = NULL; const char *tmpmsg = NULL;
@ -338,7 +380,6 @@ int rt_lcr_exec(const char *id, const char *runtime, const rt_exec_params_t *par
isulad_set_error_message("Exec container error;%s", (tmpmsg && strcmp(tmpmsg, DEF_SUCCESS_STR)) ? isulad_set_error_message("Exec container error;%s", (tmpmsg && strcmp(tmpmsg, DEF_SUCCESS_STR)) ?
tmpmsg : DEF_ERR_RUNTIME_STR); tmpmsg : DEF_ERR_RUNTIME_STR);
util_contain_errmsg(g_isulad_errmsg, exit_code); util_contain_errmsg(g_isulad_errmsg, exit_code);
engine_ops->engine_clear_errmsg_op();
ret = -1; ret = -1;
goto out; goto out;
} }
@ -347,6 +388,7 @@ out:
if (engine_ops != NULL) { if (engine_ops != NULL) {
engine_ops->engine_clear_errmsg_op(); engine_ops->engine_clear_errmsg_op();
} }
free(user);
return ret; return ret;
} }

8
src/runtime/runtime.h
View File

@ -31,7 +31,6 @@ typedef struct _rt_create_params_t {
const char *rootfs; const char *rootfs;
const char *bundle; const char *bundle;
const char *state; const char *state;
const char *real_rootfs;
void *oci_config_data; void *oci_config_data;
bool terminal; bool terminal;
const char *stdin; const char *stdin;
@ -54,7 +53,6 @@ typedef struct _rt_start_params_t {
const char *container_pidfile; const char *container_pidfile;
const char *exit_fifo; const char *exit_fifo;
const oci_runtime_spec_process_user *puser;
} rt_start_params_t; } rt_start_params_t;
typedef struct _rt_restart_params_t { typedef struct _rt_restart_params_t {
@ -87,12 +85,8 @@ typedef struct _rt_exec_params_t {
const char *loglevel; const char *loglevel;
const char **console_fifos; const char **console_fifos;
int64_t timeout; int64_t timeout;
const char *user;
const char * const *args;
size_t args_len;
const char * const *envs;
size_t envs_len;
const char *suffix; const char *suffix;
defs_process *spec;
} rt_exec_params_t; } rt_exec_params_t;
typedef struct _rt_pause_params_t { typedef struct _rt_pause_params_t {

18
src/services/cri/cri_container.cc
View File

@ -25,7 +25,6 @@
#include "log.h" #include "log.h"
#include "utils.h" #include "utils.h"
#include "container_custom_config.h"
#include "timestamp.h" #include "timestamp.h"
#include "cri_helpers.h" #include "cri_helpers.h"
#include "path.h" #include "path.h"
@ -115,12 +114,12 @@ void CRIRuntimeServiceImpl::GetContainerTimeStamps(container_inspect *inspect, i
} }
} }
container_custom_config *CRIRuntimeServiceImpl::GenerateCreateContainerCustomConfig( container_config *CRIRuntimeServiceImpl::GenerateCreateContainerCustomConfig(
const std::string &realPodSandboxID, const runtime::v1alpha2::ContainerConfig &containerConfig, const std::string &realPodSandboxID, const runtime::v1alpha2::ContainerConfig &containerConfig,
const runtime::v1alpha2::PodSandboxConfig &podSandboxConfig, Errors &error) const runtime::v1alpha2::PodSandboxConfig &podSandboxConfig, Errors &error)
{ {
container_custom_config *custom_config = container_config *custom_config =
(container_custom_config *)util_common_calloc_s(sizeof(container_custom_config)); (container_config *)util_common_calloc_s(sizeof(container_config));
if (custom_config == nullptr) { if (custom_config == nullptr) {
error.SetError("Out of memory"); error.SetError("Out of memory");
goto cleanup; goto cleanup;
@ -168,7 +167,7 @@ container_custom_config *CRIRuntimeServiceImpl::GenerateCreateContainerCustomCon
return custom_config; return custom_config;
cleanup: cleanup:
free_container_custom_config(custom_config); free_container_config(custom_config);
return nullptr; return nullptr;
} }
@ -308,7 +307,7 @@ container_create_request *CRIRuntimeServiceImpl::GenerateCreateContainerRequest(
request->image = util_strdup_s(containerConfig.image().image().c_str()); request->image = util_strdup_s(containerConfig.image().image().c_str());
} }
container_custom_config *custom_config { nullptr }; container_config *custom_config { nullptr };
host_config *hostconfig = GenerateCreateContainerHostConfig(containerConfig, error); host_config *hostconfig = GenerateCreateContainerHostConfig(containerConfig, error);
if (error.NotEmpty()) { if (error.NotEmpty()) {
@ -338,7 +337,7 @@ container_create_request *CRIRuntimeServiceImpl::GenerateCreateContainerRequest(
goto cleanup; goto cleanup;
} }
request->customconfig = container_custom_config_generate_json(custom_config, &ctx, &perror); request->customconfig = container_config_generate_json(custom_config, &ctx, &perror);
if (request->customconfig == nullptr) { if (request->customconfig == nullptr) {
error.Errorf("Failed to generate custom config json: %s", perror); error.Errorf("Failed to generate custom config json: %s", perror);
free_container_create_request(request); free_container_create_request(request);
@ -347,7 +346,7 @@ container_create_request *CRIRuntimeServiceImpl::GenerateCreateContainerRequest(
} }
cleanup: cleanup:
free_host_config(hostconfig); free_host_config(hostconfig);
free_container_custom_config(custom_config); free_container_config(custom_config);
free(perror); free(perror);
return request; return request;
} }
@ -396,7 +395,7 @@ cleanup:
} }
void CRIRuntimeServiceImpl::MakeContainerConfig(const runtime::v1alpha2::ContainerConfig &config, void CRIRuntimeServiceImpl::MakeContainerConfig(const runtime::v1alpha2::ContainerConfig &config,
container_custom_config *cConfig, Errors &error) container_config *cConfig, Errors &error)
{ {
if (config.command_size() > 0) { if (config.command_size() > 0) {
if (static_cast<size_t>(config.command_size()) > SIZE_MAX / sizeof(char *)) { if (static_cast<size_t>(config.command_size()) > SIZE_MAX / sizeof(char *)) {
@ -964,7 +963,6 @@ void CRIRuntimeServiceImpl::ListContainerStats(
goto cleanup; goto cleanup;
} }
request->all = true; request->all = true;
request->runtime = util_strdup_s(CRIHelpers::Constants::DEFAULT_RUNTIME_NAME.c_str());
request->filters = (defs_filters *)util_common_calloc_s(sizeof(defs_filters)); request->filters = (defs_filters *)util_common_calloc_s(sizeof(defs_filters));
if (request->filters == nullptr) { if (request->filters == nullptr) {

2
src/services/cri/cri_helpers.cc
View File

@ -418,7 +418,7 @@ std::unique_ptr<runtime::v1alpha2::PodSandbox> CheckpointToSandbox(const std::st
return result; return result;
} }
void UpdateCreateConfig(container_custom_config *createConfig, host_config *hc, void UpdateCreateConfig(container_config *createConfig, host_config *hc,
const runtime::v1alpha2::ContainerConfig &config, const std::string &podSandboxID, const runtime::v1alpha2::ContainerConfig &config, const std::string &podSandboxID,
Errors &error) Errors &error)
{ {

2
src/services/cri/cri_helpers.h
View File

@ -90,7 +90,7 @@ std::unique_ptr<runtime::v1alpha2::PodSandbox> CheckpointToSandbox(const std::st
std::string StringsJoin(const std::vector<std::string> &vec, const std::string &sep); std::string StringsJoin(const std::vector<std::string> &vec, const std::string &sep);
void UpdateCreateConfig(container_custom_config *createConfig, host_config *hc, void UpdateCreateConfig(container_config *createConfig, host_config *hc,
const runtime::v1alpha2::ContainerConfig &config, const std::string &podSandboxID, const runtime::v1alpha2::ContainerConfig &config, const std::string &podSandboxID,
Errors &error); Errors &error);

1
src/services/cri/cri_runtime_service.cc
View File

@ -26,7 +26,6 @@
#include "utils.h" #include "utils.h"
#include "config.h" #include "config.h"
#include "host_config.h" #include "host_config.h"
#include "container_custom_config.h"
#include "cri_helpers.h" #include "cri_helpers.h"
#include "network_plugin.h" #include "network_plugin.h"
#include "container_inspect.h" #include "container_inspect.h"

11
src/services/cri/cri_runtime_service.h
View File

@ -27,7 +27,6 @@
#include "callback.h" #include "callback.h"
#include "container_inspect.h" #include "container_inspect.h"
#include "host_config.h" #include "host_config.h"
#include "container_custom_config.h"
#include "errors.h" #include "errors.h"
#include "cri_image_service.h" #include "cri_image_service.h"
#include "cri_pod_network.h" #include "cri_pod_network.h"
@ -168,12 +167,12 @@ private:
void ApplySandboxResources(const runtime::v1alpha2::LinuxPodSandboxConfig *lc, host_config *hc, Errors &error); void ApplySandboxResources(const runtime::v1alpha2::LinuxPodSandboxConfig *lc, host_config *hc, Errors &error);
void ApplySandboxLinuxOptions(const runtime::v1alpha2::LinuxPodSandboxConfig &lc, host_config *hc, void ApplySandboxLinuxOptions(const runtime::v1alpha2::LinuxPodSandboxConfig &lc, host_config *hc,
container_custom_config *custom_config, Errors &error); container_config *container_config, Errors &error);
void MakeSandboxIsuladConfig(const runtime::v1alpha2::PodSandboxConfig &c, host_config *hc, void MakeSandboxIsuladConfig(const runtime::v1alpha2::PodSandboxConfig &c, host_config *hc,
container_custom_config *custom_config, Errors &error); container_config *container_config, Errors &error);
void MakeContainerConfig(const runtime::v1alpha2::ContainerConfig &config, container_custom_config *cConfig, void MakeContainerConfig(const runtime::v1alpha2::ContainerConfig &config, container_config *container_config,
Errors &error); Errors &error);
void GetContainerLogPath(const std::string &containerID, char **path, char **realPath, Errors &error); void GetContainerLogPath(const std::string &containerID, char **path, char **realPath, Errors &error);
@ -226,7 +225,7 @@ private:
host_config *hostconfig, Errors &error); host_config *hostconfig, Errors &error);
int PackCreateContainerHostConfigDevices(const runtime::v1alpha2::ContainerConfig &containerConfig, int PackCreateContainerHostConfigDevices(const runtime::v1alpha2::ContainerConfig &containerConfig,
host_config *hostconfig, Errors &error); host_config *hostconfig, Errors &error);
container_custom_config * container_config *
GenerateCreateContainerCustomConfig(const std::string &realPodSandboxID, GenerateCreateContainerCustomConfig(const std::string &realPodSandboxID,
const runtime::v1alpha2::ContainerConfig &containerConfig, const runtime::v1alpha2::ContainerConfig &containerConfig,
const runtime::v1alpha2::PodSandboxConfig &podSandboxConfig, Errors &error); const runtime::v1alpha2::PodSandboxConfig &podSandboxConfig, Errors &error);
@ -253,7 +252,7 @@ private:
std::string &jsonCheckpoint, Errors &error); std::string &jsonCheckpoint, Errors &error);
container_create_request *PackCreateContainerRequest(const runtime::v1alpha2::PodSandboxConfig &config, container_create_request *PackCreateContainerRequest(const runtime::v1alpha2::PodSandboxConfig &config,
const std::string &image, host_config *hostconfig, const std::string &image, host_config *hostconfig,
container_custom_config *custom_config, Errors &error); container_config *container_config, Errors &error);
int GetRealSandboxIDToStop(const std::string &podSandboxID, bool &hostNetwork, std::string &name, std::string &ns, int GetRealSandboxIDToStop(const std::string &podSandboxID, bool &hostNetwork, std::string &name, std::string &ns,
std::string &realSandboxID, std::map<std::string, std::string> &stdAnnos, Errors &error); std::string &realSandboxID, std::map<std::string, std::string> &stdAnnos, Errors &error);
int StopAllContainersInSandbox(const std::string &realSandboxID, Errors &error); int StopAllContainersInSandbox(const std::string &realSandboxID, Errors &error);

15
src/services/cri/cri_sandbox.cc
View File

@ -33,7 +33,6 @@
#include "naming.h" #include "naming.h"
#include "host_config.h" #include "host_config.h"
#include "cri_helpers.h" #include "cri_helpers.h"
#include "container_custom_config.h"
#include "checkpoint_handler.h" #include "checkpoint_handler.h"
#include "cri_security_context.h" #include "cri_security_context.h"
@ -128,7 +127,7 @@ void CRIRuntimeServiceImpl::ApplySandboxResources(const runtime::v1alpha2::Linux
} }
void CRIRuntimeServiceImpl::ApplySandboxLinuxOptions(const runtime::v1alpha2::LinuxPodSandboxConfig &lc, void CRIRuntimeServiceImpl::ApplySandboxLinuxOptions(const runtime::v1alpha2::LinuxPodSandboxConfig &lc,
host_config *hc, container_custom_config *custom_config, host_config *hc, container_config *custom_config,
Errors &error) Errors &error)
{ {
CRISecurity::ApplySandboxSecurityContext(lc, custom_config, hc, error); CRISecurity::ApplySandboxSecurityContext(lc, custom_config, hc, error);
@ -202,7 +201,7 @@ void CRIRuntimeServiceImpl::MergeSecurityContextToHostConfig(const runtime::v1al
} }
void CRIRuntimeServiceImpl::MakeSandboxIsuladConfig(const runtime::v1alpha2::PodSandboxConfig &c, host_config *hc, void CRIRuntimeServiceImpl::MakeSandboxIsuladConfig(const runtime::v1alpha2::PodSandboxConfig &c, host_config *hc,
container_custom_config *custom_config, Errors &error) container_config *custom_config, Errors &error)
{ {
custom_config->labels = CRIHelpers::MakeLabels(c.labels(), error); custom_config->labels = CRIHelpers::MakeLabels(c.labels(), error);
if (error.NotEmpty()) { if (error.NotEmpty()) {
@ -311,7 +310,7 @@ void CRIRuntimeServiceImpl::SetupSandboxFiles(const std::string &resolvPath,
container_create_request *CRIRuntimeServiceImpl::PackCreateContainerRequest( container_create_request *CRIRuntimeServiceImpl::PackCreateContainerRequest(
const runtime::v1alpha2::PodSandboxConfig &config, const runtime::v1alpha2::PodSandboxConfig &config,
const std::string &image, host_config *hostconfig, const std::string &image, host_config *hostconfig,
container_custom_config *custom_config, Errors &error) container_config *custom_config, Errors &error)
{ {
struct parser_context ctx = { OPT_GEN_SIMPLIFY, 0 }; struct parser_context ctx = { OPT_GEN_SIMPLIFY, 0 };
parser_error perror = nullptr; parser_error perror = nullptr;
@ -332,7 +331,7 @@ container_create_request *CRIRuntimeServiceImpl::PackCreateContainerRequest(
error.Errorf("Failed to generate host config json: %s", perror); error.Errorf("Failed to generate host config json: %s", perror);
goto error_out; goto error_out;
} }
create_request->customconfig = container_custom_config_generate_json(custom_config, &ctx, &perror); create_request->customconfig = container_config_generate_json(custom_config, &ctx, &perror);
if (create_request->customconfig == nullptr) { if (create_request->customconfig == nullptr) {
error.Errorf("Failed to generate custom config json: %s", perror); error.Errorf("Failed to generate custom config json: %s", perror);
goto error_out; goto error_out;
@ -353,7 +352,7 @@ container_create_request *CRIRuntimeServiceImpl::GenerateSandboxCreateContainerR
{ {
container_create_request *create_request = nullptr; container_create_request *create_request = nullptr;
host_config *hostconfig = nullptr; host_config *hostconfig = nullptr;
container_custom_config *custom_config = nullptr; container_config *custom_config = nullptr;
cri::PodSandboxCheckpoint checkpoint; cri::PodSandboxCheckpoint checkpoint;
hostconfig = (host_config *)util_common_calloc_s(sizeof(host_config)); hostconfig = (host_config *)util_common_calloc_s(sizeof(host_config));
@ -362,7 +361,7 @@ container_create_request *CRIRuntimeServiceImpl::GenerateSandboxCreateContainerR
goto error_out; goto error_out;
} }
custom_config = (container_custom_config *)util_common_calloc_s(sizeof(container_custom_config)); custom_config = (container_config *)util_common_calloc_s(sizeof(container_config));
if (custom_config == nullptr) { if (custom_config == nullptr) {
error.SetError("Out of memory"); error.SetError("Out of memory");
goto error_out; goto error_out;
@ -401,7 +400,7 @@ error_out:
create_request = nullptr; create_request = nullptr;
cleanup: cleanup:
free_host_config(hostconfig); free_host_config(hostconfig);
free_container_custom_config(custom_config); free_container_config(custom_config);
return create_request; return create_request;
} }

6
src/services/cri/cri_security_context.cc
View File

@ -20,7 +20,7 @@
namespace CRISecurity { namespace CRISecurity {
static void ModifyContainerConfig(const runtime::v1alpha2::LinuxContainerSecurityContext &sc, static void ModifyContainerConfig(const runtime::v1alpha2::LinuxContainerSecurityContext &sc,
container_custom_config *config) container_config *config)
{ {
if (sc.has_run_as_user()) { if (sc.has_run_as_user()) {
free(config->user); free(config->user);
@ -195,7 +195,7 @@ static void ModifySandboxNamespaceOptions(const runtime::v1alpha2::NamespaceOpti
ModifyHostNetworkOptionForSandbox(nsOpts, hostConfig); ModifyHostNetworkOptionForSandbox(nsOpts, hostConfig);
} }
void ApplySandboxSecurityContext(const runtime::v1alpha2::LinuxPodSandboxConfig &lc, container_custom_config *config, void ApplySandboxSecurityContext(const runtime::v1alpha2::LinuxPodSandboxConfig &lc, container_config *config,
host_config *hc, Errors &error) host_config *hc, Errors &error)
{ {
std::unique_ptr<runtime::v1alpha2::LinuxContainerSecurityContext> sc( std::unique_ptr<runtime::v1alpha2::LinuxContainerSecurityContext> sc(
@ -227,7 +227,7 @@ void ApplySandboxSecurityContext(const runtime::v1alpha2::LinuxPodSandboxConfig
} }
void ApplyContainerSecurityContext(const runtime::v1alpha2::LinuxContainerConfig &lc, const std::string &podSandboxID, void ApplyContainerSecurityContext(const runtime::v1alpha2::LinuxContainerConfig &lc, const std::string &podSandboxID,
container_custom_config *config, host_config *hc, Errors &error) container_config *config, host_config *hc, Errors &error)
{ {
if (lc.has_security_context()) { if (lc.has_security_context()) {
const runtime::v1alpha2::LinuxContainerSecurityContext &sc = lc.security_context(); const runtime::v1alpha2::LinuxContainerSecurityContext &sc = lc.security_context();

6
src/services/cri/cri_security_context.h
View File

@ -18,15 +18,15 @@
#include <string> #include <string>
#include "api.pb.h" #include "api.pb.h"
#include "errors.h" #include "errors.h"
#include "container_custom_config.h"
#include "host_config.h" #include "host_config.h"
#include "container_config.h"
namespace CRISecurity { namespace CRISecurity {
void ApplySandboxSecurityContext(const runtime::v1alpha2::LinuxPodSandboxConfig &lc, container_custom_config *config, void ApplySandboxSecurityContext(const runtime::v1alpha2::LinuxPodSandboxConfig &lc, container_config *config,
host_config *hc, Errors &error); host_config *hc, Errors &error);
void ApplyContainerSecurityContext(const runtime::v1alpha2::LinuxContainerConfig &lc, const std::string &podSandboxID, void ApplyContainerSecurityContext(const runtime::v1alpha2::LinuxContainerConfig &lc, const std::string &podSandboxID,
container_custom_config *config, host_config *hc, Errors &errorr); container_config *config, host_config *hc, Errors &errorr);
} // namespace CRISecurity } // namespace CRISecurity

91
src/services/execution/execute/execution.c
View File

@ -514,7 +514,7 @@ static int prepare_user_remap_config(const container_t *cont)
return 0; return 0;
} }
static int generate_user_and_groups_conf(const container_t *cont, oci_runtime_spec_process_user **puser) static int generate_user_and_groups_conf(const container_t *cont, defs_process_user **puser)
{ {
int ret = -1; int ret = -1;
char *username = NULL; char *username = NULL;
@ -524,7 +524,7 @@ static int generate_user_and_groups_conf(const container_t *cont, oci_runtime_sp
return -1; return -1;
} }
*puser = util_common_calloc_s(sizeof(oci_runtime_spec_process_user)); *puser = util_common_calloc_s(sizeof(defs_process_user));
if (*puser == NULL) { if (*puser == NULL) {
ERROR("Out of memory"); ERROR("Out of memory");
return -1; return -1;
@ -534,11 +534,12 @@ static int generate_user_and_groups_conf(const container_t *cont, oci_runtime_sp
username = cont->common_config->config->user; username = cont->common_config->config->user;
} }
/* username may be NULL, we will handle it as UID 0 in get_user */
ret = im_get_user_conf(cont->common_config->image_type, cont->common_config->base_fs, cont->hostconfig, username, ret = im_get_user_conf(cont->common_config->image_type, cont->common_config->base_fs, cont->hostconfig, username,
*puser); *puser);
if (ret != 0) { if (ret != 0) {
ERROR("Get user failed with '%s'", username ? username : ""); ERROR("Get user failed with '%s'", username ? username : "");
free_oci_runtime_spec_process_user(*puser); free_defs_process_user(*puser);
*puser = NULL; *puser = NULL;
} }
@ -678,6 +679,25 @@ static void clean_resources_on_failure(const container_t *cont, const char *engi
return; return;
} }
static int renew_oci_config(const container_t *cont, const oci_runtime_spec *oci_spec)
{
int ret = 0;
defs_process_user *puser = NULL;
if (generate_user_and_groups_conf(cont, &puser) != 0) {
ret = -1;
goto out;
}
free_defs_process_user(oci_spec->process->user);
oci_spec->process->user = puser;
puser = NULL;
out:
free_defs_process_user(puser);
return ret;
}
static int do_start_container(container_t *cont, const char *console_fifos[], bool reset_rm, static int do_start_container(container_t *cont, const char *console_fifos[], bool reset_rm,
container_pid_t *pid_info) container_pid_t *pid_info)
{ {
@ -692,11 +712,20 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo
char *logdriver = NULL; char *logdriver = NULL;
char *exit_fifo = NULL; char *exit_fifo = NULL;
char *pidfile = NULL; char *pidfile = NULL;
oci_runtime_spec_process_user *puser = NULL; char bundle[PATH_MAX] = { 0 };
const char *runtime = cont->runtime; const char *runtime = cont->runtime;
const char *id = cont->common_config->id; const char *id = cont->common_config->id;
oci_runtime_spec *oci_spec = NULL;
rt_create_params_t create_params = { 0 };
rt_start_params_t start_params = { 0 }; rt_start_params_t start_params = { 0 };
nret = snprintf(bundle, sizeof(bundle), "%s/%s", cont->root_path, id);
if (nret < 0 || (size_t)nret >= sizeof(bundle)) {
ERROR("Failed to print bundle string");
ret = -1;
goto out;
}
DEBUG("bd:%s, state:%s", bundle, cont->state_path);
if (mount_dev_tmpfs_for_system_container(cont) < 0) { if (mount_dev_tmpfs_for_system_container(cont) < 0) {
ret = -1; ret = -1;
goto out; goto out;
@ -730,6 +759,13 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo
goto out; goto out;
} }
oci_spec = load_oci_config(cont->root_path, id);
if (oci_spec == NULL) {
ERROR("Failed to load oci config");
ret = -1;
goto close_exit_fd;
}
nret = im_mount_container_rootfs(cont->common_config->image_type, cont->common_config->image, id); nret = im_mount_container_rootfs(cont->common_config->image_type, cont->common_config->image, id);
if (nret != 0) { if (nret != 0) {
ERROR("Failed to mount rootfs for container %s", id); ERROR("Failed to mount rootfs for container %s", id);
@ -737,7 +773,31 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo
goto close_exit_fd; goto close_exit_fd;
} }
if (generate_user_and_groups_conf(cont, &puser) != 0) { if (renew_oci_config(cont, oci_spec) != 0) {
ret = -1;
goto close_exit_fd;
}
if (verify_container_settings_start(oci_spec) != 0) {
ret = -1;
goto close_exit_fd;
}
start_timeout = conf_get_start_timeout();
if (cont->common_config->config != NULL) {
tty = cont->common_config->config->tty;
open_stdin = cont->common_config->config->open_stdin;
}
create_params.bundle = bundle;
create_params.state = cont->state_path;
create_params.oci_config_data = oci_spec;
create_params.terminal = tty;
create_params.stdin = console_fifos[0];
create_params.stdout = console_fifos[1];
create_params.stderr = console_fifos[2];
if (runtime_create(id, runtime, &create_params) != 0) {
ret = -1; ret = -1;
goto close_exit_fd; goto close_exit_fd;
} }
@ -749,17 +809,6 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo
goto close_exit_fd; goto close_exit_fd;
} }
if (verify_container_settings_start(cont->root_path, id) != 0) {
ret = -1;
goto close_exit_fd;
}
start_timeout = conf_get_start_timeout();
if (cont->common_config->config != NULL) {
tty = cont->common_config->config->tty;
open_stdin = cont->common_config->config->open_stdin;
}
start_params.rootpath = cont->root_path; start_params.rootpath = cont->root_path;
start_params.tty = tty; start_params.tty = tty;
start_params.open_stdin = open_stdin; start_params.open_stdin = open_stdin;
@ -769,7 +818,6 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo
start_params.start_timeout = start_timeout; start_params.start_timeout = start_timeout;
start_params.container_pidfile = pidfile; start_params.container_pidfile = pidfile;
start_params.exit_fifo = exit_fifo; start_params.exit_fifo = exit_fifo;
start_params.puser = puser;
ret = runtime_start(id, runtime, &start_params, pid_info); ret = runtime_start(id, runtime, &start_params, pid_info);
if (ret == 0) { if (ret == 0) {
@ -788,13 +836,14 @@ close_exit_fd:
clean_resources: clean_resources:
clean_resources_on_failure(cont, engine_log_path, loglevel); clean_resources_on_failure(cont, engine_log_path, loglevel);
out: out:
free_oci_runtime_spec_process_user(puser);
free(loglevel); free(loglevel);
free(engine_log_path); free(engine_log_path);
free(logdriver); free(logdriver);
free(exit_fifo); free(exit_fifo);
free(pidfile); free(pidfile);
free_oci_runtime_spec(oci_spec);
if (ret != 0) { if (ret != 0) {
umount_rootfs_on_failure(cont); umount_rootfs_on_failure(cont);
(void)umount_dev_tmpfs_for_system_container(cont); (void)umount_dev_tmpfs_for_system_container(cont);
@ -1232,10 +1281,6 @@ static uint32_t stop_and_start(container_t *cont, int timeout)
goto out; goto out;
} }
if (verify_container_settings_start(cont->root_path, id)) {
cc = ISULAD_ERR_EXEC;
goto out;
}
if (is_running(cont->state)) { if (is_running(cont->state)) {
INFO("Container is already running"); INFO("Container is already running");
goto out; goto out;
@ -1273,7 +1318,7 @@ static uint32_t do_restart_container(container_t *cont, int timeout)
if (ret == -1) { if (ret == -1) {
container_state_set_error(cont->state, (const char *)g_isulad_errmsg); container_state_set_error(cont->state, (const char *)g_isulad_errmsg);
return ISULAD_ERR_EXEC; return ISULAD_ERR_EXEC;
} else if (ret == -2) { } else if (ret == RUNTIME_NOT_IMPLEMENT_RESET) {
/* runtime don't implement restart, use stop and start */ /* runtime don't implement restart, use stop and start */
return stop_and_start(cont, timeout); return stop_and_start(cont, timeout);
} }

376
src/services/execution/execute/execution_create.c
View File

@ -148,80 +148,84 @@ error_out:
return NULL; return NULL;
} }
static container_custom_config *get_custom_spec_from_request(const container_create_request *request) static container_config *get_container_spec_from_request(const container_create_request *request)
{ {
parser_error err = NULL; parser_error err = NULL;
container_custom_config *custom_spec = container_custom_config_parse_data(request->customconfig, NULL, &err); container_config *container_spec = container_config_parse_data(request->customconfig, NULL, &err);
if (custom_spec == NULL) { if (container_spec == NULL) {
ERROR("Failed to parse custom config data:%s", err); ERROR("Failed to parse custom config data:%s", err);
} }
free(err); free(err);
return custom_spec; return container_spec;
} }
static int add_default_log_config_to_custom_spec(const char *id, const char *runtime_root, static int add_default_log_config_to_container_spec(const char *id, const char *runtime_root,
container_custom_config *custom_config) container_config *container_spec)
{ {
int ret = 0; int ret = 0;
/* generate default log path */ /* generate default log path */
if (custom_config->log_config == NULL) { if (container_spec->log_config == NULL) {
custom_config->log_config = util_common_calloc_s(sizeof(container_custom_config_log_config)); container_spec->log_config = util_common_calloc_s(sizeof(container_config_log_config));
if (custom_config->log_config == NULL) { if (container_spec->log_config == NULL) {
ERROR("Out of memory"); ERROR("Out of memory");
ret = -1; ret = -1;
goto out; goto out;
} }
} }
if (custom_config->log_config->log_file == NULL) { if (container_spec->log_config->log_file == NULL) {
char default_path[PATH_MAX] = { 0 }; char default_path[PATH_MAX] = { 0 };
int nret = snprintf(default_path, PATH_MAX, "%s/%s/console.log", runtime_root, id); int nret = snprintf(default_path, PATH_MAX, "%s/%s/console.log", runtime_root, id);
if (nret >= PATH_MAX || nret < 0) { if (nret < 0 || nret >= PATH_MAX) {
ERROR("Create default log path for container %s failed", id); ERROR("Create default log path for container %s failed", id);
ret = -1; ret = -1;
goto out; goto out;
} }
custom_config->log_config->log_file = util_strdup_s(default_path); container_spec->log_config->log_file = util_strdup_s(default_path);
} }
out: out:
return ret; return ret;
} }
static container_custom_config *get_custom_spec(const char *id, const char *runtime_root, static container_config *get_container_spec(const char *id, const char *runtime_root,
const container_create_request *request) const container_create_request *request)
{ {
container_custom_config *custom_spec = NULL; container_config *container_spec = NULL;
custom_spec = get_custom_spec_from_request(request); container_spec = get_container_spec_from_request(request);
if (custom_spec == NULL) { if (container_spec == NULL) {
return NULL; return NULL;
} }
if (add_default_log_config_to_custom_spec(id, runtime_root, custom_spec)) { if (add_default_log_config_to_container_spec(id, runtime_root, container_spec)) {
goto error_out; goto error_out;
} }
return custom_spec; return container_spec;
error_out: error_out:
free_container_custom_config(custom_spec); free_container_config(container_spec);
return NULL; return NULL;
} }
static oci_runtime_spec *merge_config(const char *id, const char *image_type, const char *image_name, static oci_runtime_spec *generate_oci_config(host_config *host_spec,
const char *ext_config_image, host_config *host_spec, const char *real_rootfs,
container_custom_config *custom_spec, container_config_v2_common_config *v2_spec)
container_config_v2_common_config *v2_spec, char **real_rootfs)
{ {
int ret = 0;
oci_runtime_spec *oci_spec = NULL; oci_runtime_spec *oci_spec = NULL;
oci_spec = merge_container_config(id, image_type, image_name, ext_config_image, host_spec, custom_spec, oci_spec = default_spec(host_spec->system_container);
v2_spec, real_rootfs);
if (oci_spec == NULL) { if (oci_spec == NULL) {
goto error_out;
}
ret = merge_all_specs(host_spec, real_rootfs, v2_spec, oci_spec);
if (ret != 0) {
ERROR("Failed to merge config"); ERROR("Failed to merge config");
goto error_out; goto error_out;
} }
@ -239,7 +243,7 @@ error_out:
} }
static int merge_config_for_syscontainer(const container_create_request *request, const host_config *host_spec, static int merge_config_for_syscontainer(const container_create_request *request, const host_config *host_spec,
const container_custom_config *custom_spec, const oci_runtime_spec *oci_spec) const container_config *container_spec, const oci_runtime_spec *oci_spec)
{ {
int ret = 0; int ret = 0;
@ -247,7 +251,7 @@ static int merge_config_for_syscontainer(const container_create_request *request
return 0; return 0;
} }
if (merge_network(host_spec, request->rootfs, custom_spec->hostname) != 0) { if (merge_network(host_spec, request->rootfs, container_spec->hostname) != 0) {
ERROR("Failed to merge network config"); ERROR("Failed to merge network config");
ret = -1; ret = -1;
goto out; goto out;
@ -547,34 +551,6 @@ void umount_host_channel(const host_config_host_channel *host_channel)
} }
} }
static int generate_merged_oci_config_json(const char *id, oci_runtime_spec *oci_spec,
char **oci_config_data)
{
char *err = NULL;
if (verify_container_settings(oci_spec)) {
ERROR("Failed to verify container settings");
return -1;
}
/* modify oci_spec by plugin. */
if (plugin_event_container_pre_create(id, oci_spec)) {
ERROR("Plugin event pre create failed");
(void)plugin_event_container_post_remove2(id, oci_spec); /* ignore error */
return -1;
}
*oci_config_data = oci_runtime_spec_generate_json(oci_spec, 0, &err);
if (*oci_config_data == NULL) {
ERROR("Failed to generate runtime spec json,erro:%s", err);
free(err);
isulad_set_error_message("Failed to generate runtime spec json");
return -1;
}
free(err);
return 0;
}
static int create_container_root_dir(const char *id, const char *runtime_root) static int create_container_root_dir(const char *id, const char *runtime_root)
{ {
int ret = 0; int ret = 0;
@ -623,104 +599,6 @@ out:
return ret; return ret;
} }
static container_config_v2_common_config *get_config_v2_spec(const char *id, const char *runtime_root,
const host_config *host_spec)
{
container_config_v2_common_config *v2_spec = NULL;
v2_spec = util_common_calloc_s(sizeof(container_config_v2_common_config));
if (v2_spec == NULL) {
ERROR("Failed to malloc container_config_v2_common_config");
return NULL;
}
/* set network config to v2_spec */
if (init_container_network_confs(id, runtime_root, host_spec, v2_spec) != 0) {
ERROR("Init Network files failed");
goto error_out;
}
return v2_spec;
error_out:
free_container_config_v2_common_config(v2_spec);
return NULL;
}
/* save config v2 */
static int create_v2_config_json(const char *id, const char *runtime_root, container_config_v2_common_config *v2_spec)
{
int ret = 0;
char *json_v2 = NULL;
parser_error err = NULL;
container_config_v2 config_v2 = { 0 };
container_config_v2_state state = { 0 };
config_v2.common_config = v2_spec;
config_v2.state = &state;
json_v2 = container_config_v2_generate_json(&config_v2, NULL, &err);
if (json_v2 == NULL) {
ERROR("Failed to generate container config V2 json string:%s", err ? err : " ");
ret = -1;
goto out;
}
ret = save_config_v2_json(id, runtime_root, json_v2);
if (ret != 0) {
ERROR("Failed to save container config V2 json to file");
ret = -1;
goto out;
}
out:
free(json_v2);
free(err);
return ret;
}
/* save host config */
static int create_host_config_json(const char *id, const char *runtime_root, const host_config *host_spec)
{
int ret = 0;
char *json_host_config = NULL;
parser_error err = NULL;
json_host_config = host_config_generate_json(host_spec, NULL, &err);
if (json_host_config == NULL) {
ERROR("Failed to generate container host config json string:%s", err ? err : " ");
ret = -1;
goto out;
}
ret = save_host_config(id, runtime_root, json_host_config);
if (ret != 0) {
ERROR("Failed to save container host config json to file");
ret = -1;
goto out;
}
out:
free(json_host_config);
free(err);
return ret;
}
static int save_container_config_before_create(const char *id, const char *runtime_root, host_config *host_spec,
container_config_v2_common_config *v2_spec)
{
if (create_v2_config_json(id, runtime_root, v2_spec) != 0) {
return -1;
}
if (create_host_config_json(id, runtime_root, host_spec) != 0) {
return -1;
}
return 0;
}
static host_config_host_channel *dup_host_channel(const host_config_host_channel *channel) static host_config_host_channel *dup_host_channel(const host_config_host_channel *channel)
{ {
host_config_host_channel *dup_channel = NULL; host_config_host_channel *dup_channel = NULL;
@ -744,15 +622,6 @@ static host_config_host_channel *dup_host_channel(const host_config_host_channel
return dup_channel; return dup_channel;
} }
static int verify_merged_custom_config(const container_custom_config *custom_spec)
{
if (verify_health_check_parameter(custom_spec) != 0) {
return -1;
}
return 0;
}
static int response_allocate_memory(container_create_response **response) static int response_allocate_memory(container_create_response **response)
{ {
if (response == NULL) { if (response == NULL) {
@ -837,75 +706,28 @@ static int preparate_runtime_environment(const container_create_request *request
} }
static int get_basic_spec(const container_create_request *request, const char *id, const char *runtime_root, static int get_basic_spec(const container_create_request *request, const char *id, const char *runtime_root,
host_config **host_spec, container_custom_config **custom_spec) host_config **host_spec, container_config **container_spec)
{ {
*host_spec = get_host_spec(request); *host_spec = get_host_spec(request);
if (*host_spec == NULL) { if (*host_spec == NULL) {
return -1; return -1;
} }
*custom_spec = get_custom_spec(id, runtime_root, request); *container_spec = get_container_spec(id, runtime_root, request);
if (*custom_spec == NULL) { if (*container_spec == NULL) {
return -1;
}
return 0;
}
static int get_v2_spec(const container_create_request *request, const char *id, const char *name,
const char *runtime_root, const host_config *host_spec, const char *image_type,
container_config_v2_common_config **v2_spec)
{
*v2_spec = get_config_v2_spec(id, runtime_root, host_spec);
if (*v2_spec == NULL) {
ERROR("Failed to malloc container_config_v2_common_config");
return -1;
}
if (v2_spec_make_basic_info(id, name, request->image, image_type, *v2_spec) != 0) {
ERROR("Failed to malloc container_config_v2_common_config");
return -1;
}
return 0;
}
static int v2_spec_merge_config(const container_custom_config *custom_spec, const oci_runtime_spec *oci_spec,
container_config_v2_common_config *v2_spec)
{
if (v2_spec_merge_custom_spec(custom_spec, v2_spec) != 0) {
ERROR("Failed to malloc container_config_v2_common_config");
return -1;
}
if (v2_spec_merge_oci_spec(oci_spec, v2_spec) != 0) {
ERROR("Failed to malloc container_config_v2_common_config");
return -1;
}
return 0;
}
static int generate_oci_config_json(const char *id, const container_create_request *request,
const host_config *host_spec, const container_custom_config *custom_spec,
oci_runtime_spec *oci_spec, char **oci_config_data)
{
if (verify_merged_custom_config(custom_spec)) {
return -1;
}
if (merge_config_for_syscontainer(request, host_spec, custom_spec, oci_spec) != 0) {
ERROR("Failed to merge config for syscontainer");
return -1;
}
if (generate_merged_oci_config_json(id, oci_spec, oci_config_data) != 0) {
return -1; return -1;
} }
return 0; return 0;
} }
/*
* request -> host_spec + container_spec
* container_spec + image config
* host_spec + container_spec + default_spec+ global_spec => oci_spec
* verify oci_spec
* register container(save v2_spec\host_spec\oci_spec)
*/
int container_create_cb(const container_create_request *request, int container_create_cb(const container_create_request *request,
container_create_response **response) container_create_response **response)
{ {
@ -921,11 +743,10 @@ int container_create_cb(const container_create_request *request,
const char *ext_config_image = NULL; const char *ext_config_image = NULL;
oci_runtime_spec *oci_spec = NULL; oci_runtime_spec *oci_spec = NULL;
host_config *host_spec = NULL; host_config *host_spec = NULL;
container_custom_config *custom_spec = NULL; container_config *container_spec = NULL;
container_config_v2_common_config *v2_spec = NULL; container_config_v2_common_config *v2_spec = NULL;
host_config_host_channel *host_channel = NULL; host_config_host_channel *host_channel = NULL;
rt_create_params_t create_params = { 0 }; int ret = 0;
rt_rm_params_t delete_params = { 0 };
DAEMON_CLEAR_ERRMSG(); DAEMON_CLEAR_ERRMSG();
@ -946,75 +767,109 @@ int container_create_cb(const container_create_request *request,
goto clean_nameindex; goto clean_nameindex;
} }
if (get_basic_spec(request, id, runtime_root, &host_spec, &custom_spec) != 0) { if (get_basic_spec(request, id, runtime_root, &host_spec, &container_spec) != 0) {
cc = ISULAD_ERR_INPUT; cc = ISULAD_ERR_INPUT;
goto clean_container_root_dir; goto clean_container_root_dir;
} }
if (get_v2_spec(request, id, name, runtime_root, host_spec, image_type, &v2_spec) != 0) { v2_spec = util_common_calloc_s(sizeof(container_config_v2_common_config));
if (v2_spec == NULL) {
ERROR("Failed to malloc container_config_v2_common_config");
cc = ISULAD_ERR_INPUT;
goto clean_container_root_dir;
}
char timebuffer[TIME_STR_SIZE] = { 0 };
v2_spec->id = id ? util_strdup_s(id) : NULL;
v2_spec->name = name ? util_strdup_s(name) : NULL;
v2_spec->image = image_name ? util_strdup_s(image_name) : util_strdup_s("none");
v2_spec->image_type = image_type ? util_strdup_s(image_type) : NULL;
(void)get_now_time_buffer(timebuffer, sizeof(timebuffer));
free(v2_spec->created);
v2_spec->created = util_strdup_s(timebuffer);
v2_spec->config = container_spec;
/* set network config to v2_spec */
if (init_container_network_confs(id, runtime_root, host_spec, v2_spec) != 0) {
ERROR("Init Network files failed");
cc = ISULAD_ERR_INPUT;
goto clean_container_root_dir;
}
ret = im_merge_image_config(id, image_type, image_name, ext_config_image, host_spec,
v2_spec->config, &real_rootfs);
if (ret != 0) {
ERROR("Can not merge container_spec with image config");
cc = ISULAD_ERR_EXEC; cc = ISULAD_ERR_EXEC;
goto clean_container_root_dir; goto clean_container_root_dir;
} }
if (save_container_config_before_create(id, runtime_root, host_spec, v2_spec) != 0) { if (verify_health_check_parameter(v2_spec->config) != 0) {
cc = ISULAD_ERR_EXEC; cc = ISULAD_ERR_EXEC;
goto clean_container_root_dir; goto clean_rootfs;
}
oci_spec = generate_oci_config(host_spec, real_rootfs, v2_spec);
if (oci_spec == NULL) {
cc = ISULAD_ERR_EXEC;
goto clean_rootfs;
}
if (merge_config_for_syscontainer(request, host_spec, v2_spec->config, oci_spec) != 0) {
ERROR("Failed to merge config for syscontainer");
cc = ISULAD_ERR_EXEC;
goto clean_rootfs;
}
/* modify oci_spec by plugin. */
if (plugin_event_container_pre_create(id, oci_spec) != 0) {
ERROR("Plugin event pre create failed");
(void)plugin_event_container_post_remove2(id, oci_spec); /* ignore error */
cc = ISULAD_ERR_EXEC;
goto clean_rootfs;
} }
host_channel = dup_host_channel(host_spec->host_channel); host_channel = dup_host_channel(host_spec->host_channel);
if (prepare_host_channel(host_channel, host_spec->user_remap)) { if (prepare_host_channel(host_channel, host_spec->user_remap)) {
ERROR("Failed to prepare host channel with '%s'", host_spec->host_channel); ERROR("Failed to prepare host channel with '%s'", host_spec->host_channel);
cc = ISULAD_ERR_EXEC; sleep(111);
goto clean_container_root_dir;
}
oci_spec = merge_config(id, image_type, image_name, ext_config_image, host_spec, custom_spec, v2_spec,
&real_rootfs);
if (oci_spec == NULL) {
cc = ISULAD_ERR_EXEC;
goto clean_rootfs;
}
if (real_rootfs == NULL) {
ERROR("Can not found rootfs");
cc = ISULAD_ERR_INPUT;
goto clean_rootfs;
}
if (generate_oci_config_json(id, request, host_spec, custom_spec, oci_spec, &oci_config_data) != 0) {
cc = ISULAD_ERR_INPUT;
goto clean_rootfs;
}
create_params.real_rootfs = real_rootfs;
create_params.oci_config_data = oci_config_data;
if (runtime_create(id, runtime, &create_params) != 0) {
ERROR("Runtime create container failed");
cc = ISULAD_ERR_EXEC; cc = ISULAD_ERR_EXEC;
goto clean_rootfs; goto clean_rootfs;
} }
if (v2_spec_merge_config(custom_spec, oci_spec, v2_spec) != 0) { if (verify_container_settings(oci_spec)) {
ERROR("Failed to verify container settings");
cc = ISULAD_ERR_EXEC; cc = ISULAD_ERR_EXEC;
goto clean_on_error; goto umount_channel;
}
if (save_oci_config(id, runtime_root, oci_spec) != 0) {
ERROR("Failed to save container settings");
cc = ISULAD_ERR_EXEC;
goto umount_channel;
}
if (v2_spec_merge_contaner_spec(v2_spec) != 0) {
ERROR("Failed to merge container settings");
cc = ISULAD_ERR_EXEC;
goto umount_channel;
} }
if (register_new_container(id, runtime, &host_spec, &v2_spec)) { if (register_new_container(id, runtime, &host_spec, &v2_spec)) {
ERROR("Failed to register new container"); ERROR("Failed to register new container");
cc = ISULAD_ERR_EXEC; cc = ISULAD_ERR_EXEC;
goto clean_on_error; goto umount_channel;
} }
EVENT("Event: {Object: %s, Type: Created %s}", id, name); EVENT("Event: {Object: %s, Type: Created %s}", id, name);
goto pack_response; goto pack_response;
clean_on_error: umount_channel:
delete_params.rootpath = runtime_root; umount_host_channel(host_channel);
(void)runtime_rm(id, runtime, &delete_params);
clean_rootfs: clean_rootfs:
(void)im_remove_container_rootfs(image_type, id); (void)im_remove_container_rootfs(image_type, id);
umount_host_channel(host_channel);
clean_container_root_dir: clean_container_root_dir:
(void)delete_container_root_dir(id, runtime_root); (void)delete_container_root_dir(id, runtime_root);
@ -1033,7 +888,6 @@ pack_response:
free(id); free(id);
free_oci_runtime_spec(oci_spec); free_oci_runtime_spec(oci_spec);
free_host_config(host_spec); free_host_config(host_spec);
free_container_custom_config(custom_spec);
free_container_config_v2_common_config(v2_spec); free_container_config_v2_common_config(v2_spec);
free_host_config_host_channel(host_channel); free_host_config_host_channel(host_channel);
free_log_prefix(); free_log_prefix();

61
src/services/execution/execute/execution_extend.c
View File

@ -41,6 +41,7 @@
#include "execution_extend.h" #include "execution_extend.h"
#include "sysinfo.h" #include "sysinfo.h"
#include "health_check.h" #include "health_check.h"
#include "specs.h"
#include "runtime.h" #include "runtime.h"
#include "filters.h" #include "filters.h"
@ -1000,6 +1001,8 @@ static int do_update_resources(const container_update_request *request, containe
parser_error err = NULL; parser_error err = NULL;
host_config *hostconfig = NULL; host_config *hostconfig = NULL;
host_config *backup_hostconfig = NULL; host_config *backup_hostconfig = NULL;
oci_runtime_spec *oci_spec = NULL;
oci_runtime_spec *backup_oci_spec = NULL;
rt_update_params_t params = { 0 }; rt_update_params_t params = { 0 };
if (request->host_config == NULL) { if (request->host_config == NULL) {
@ -1029,29 +1032,67 @@ static int do_update_resources(const container_update_request *request, containe
} }
if (update_container(cont, hostconfig)) { if (update_container(cont, hostconfig)) {
host_config_restore_unlocking(cont, backup_hostconfig);
ret = -1; ret = -1;
goto unlock_out; goto restore_hostspec;
} }
if (container_to_disk(cont)) { if (container_to_disk(cont)) {
ERROR("Failed to save container \"%s\" to disk", id); ERROR("Failed to save container \"%s\" to disk", id);
host_config_restore_unlocking(cont, backup_hostconfig);
ret = -1; ret = -1;
goto unlock_out; goto restore_hostspec;
} }
if (hostconfig->restart_policy && hostconfig->restart_policy->name) { if (hostconfig->restart_policy && hostconfig->restart_policy->name) {
container_update_restart_manager(cont, hostconfig->restart_policy); container_update_restart_manager(cont, hostconfig->restart_policy);
} }
params.rootpath = cont->root_path; oci_spec = load_oci_config(cont->root_path, id);
params.hostconfig = hostconfig; if (oci_spec == NULL) {
if (runtime_update(id, cont->runtime, &params)) { ERROR("Failed to load oci config");
ERROR("Update container %s failed", id);
ret = -1; ret = -1;
goto unlock_out; goto restore_hostspec;
} }
backup_oci_spec = load_oci_config(cont->root_path, id);
if (oci_spec == NULL) {
ERROR("Failed to load oci config");
ret = -1;
goto restore_hostspec;
}
ret = merge_conf_cgroup(oci_spec, hostconfig);
if (ret != 0) {
ERROR("Failed to merge cgroup config to oci spec");
ret = -1;
goto restore_hostspec;
}
if (save_oci_config(id, cont->root_path, oci_spec) != 0) {
ERROR("Failed to save updated oci spec");
ret = -1;
goto restore_ocispec;
}
if (is_running(cont->state)) {
params.rootpath = cont->root_path;
params.hostconfig = hostconfig;
if (runtime_update(id, cont->runtime, &params)) {
ERROR("Update container %s failed", id);
ret = -1;
goto restore_ocispec;
}
}
goto unlock_out;
restore_ocispec:
if (save_oci_config(id, cont->root_path, backup_oci_spec) != 0) {
ERROR("Failed to restore oci spec");
ret = -1;
}
restore_hostspec:
host_config_restore_unlocking(cont, backup_hostconfig);
unlock_out: unlock_out:
container_unlock(cont); container_unlock(cont);
out: out:
@ -1059,6 +1100,8 @@ out:
free_host_config(backup_hostconfig); free_host_config(backup_hostconfig);
} }
free_host_config(hostconfig); free_host_config(hostconfig);
free_oci_runtime_spec(oci_spec);
free_oci_runtime_spec(backup_oci_spec);
free(err); free(err);
return ret; return ret;
} }

243
src/services/execution/execute/execution_network.c
View File

@ -760,7 +760,7 @@ cleanup:
} }
static int init_container_network_confs_container(const char *id, const host_config *hc, static int init_container_network_confs_container(const char *id, const host_config *hc,
container_config_v2_common_config *common_config) container_config_v2_common_config *v2_spec)
{ {
int ret = 0; int ret = 0;
size_t len = strlen(SHARE_NAMESPACE_PREFIX); size_t len = strlen(SHARE_NAMESPACE_PREFIX);
@ -773,89 +773,222 @@ static int init_container_network_confs_container(const char *id, const host_con
} }
if (nc->common_config->hostname_path != NULL) { if (nc->common_config->hostname_path != NULL) {
free(common_config->hostname_path); free(v2_spec->hostname_path);
common_config->hostname_path = util_strdup_s(nc->common_config->hostname_path); v2_spec->hostname_path = util_strdup_s(nc->common_config->hostname_path);
} }
if (nc->common_config->hosts_path != NULL) { if (nc->common_config->hosts_path != NULL) {
free(common_config->hosts_path); free(v2_spec->hosts_path);
common_config->hosts_path = util_strdup_s(nc->common_config->hosts_path); v2_spec->hosts_path = util_strdup_s(nc->common_config->hosts_path);
} }
if (nc->common_config->resolv_conf_path != NULL) { if (nc->common_config->resolv_conf_path != NULL) {
free(common_config->resolv_conf_path); free(v2_spec->resolv_conf_path);
common_config->resolv_conf_path = util_strdup_s(nc->common_config->resolv_conf_path); v2_spec->resolv_conf_path = util_strdup_s(nc->common_config->resolv_conf_path);
} }
if (nc->common_config->config != NULL && nc->common_config->config->hostname != NULL) { if (nc->common_config->config != NULL && nc->common_config->config->hostname != NULL) {
if (common_config->config == NULL) { free(v2_spec->config->hostname);
common_config->config = util_common_calloc_s(sizeof(container_config)); v2_spec->config->hostname = util_strdup_s(nc->common_config->config->hostname);
if (common_config->config == NULL) {
ERROR("Out of memory");
ret = -1;
goto cleanup;
}
}
free(common_config->config->hostname);
common_config->config->hostname = util_strdup_s(nc->common_config->config->hostname);
} }
cleanup:
container_unref(nc); container_unref(nc);
return ret; return ret;
} }
int init_container_network_confs(const char *id, const char *rootpath, const host_config *hc, static int create_default_hostname(const char *id, const char *rootpath, bool share_host,
container_config_v2_common_config *common_config) container_config_v2_common_config *v2_spec)
{ {
int ret = 0; int ret = 0;
int nret = 0;
char file_path[PATH_MAX] = { 0x0 }; char file_path[PATH_MAX] = { 0x0 };
char hostname_content[MAX_HOST_NAME_LEN + 2] = { 0 };
// is container mode if (v2_spec->config->hostname == NULL) {
if (is_container(hc->network_mode)) { if (share_host) {
ret = init_container_network_confs_container(id, hc, common_config);
goto cleanup;
}
// is host mode
if (is_host(hc->network_mode)) {
if (common_config->config == NULL) {
common_config->config = util_common_calloc_s(sizeof(container_config));
if (common_config->config == NULL) {
ERROR("Out of memory");
ret = -1;
goto cleanup;
}
}
if (common_config->config->hostname == NULL) {
char hostname[MAX_HOST_NAME_LEN] = { 0x00 }; char hostname[MAX_HOST_NAME_LEN] = { 0x00 };
ret = gethostname(hostname, sizeof(hostname)); ret = gethostname(hostname, sizeof(hostname));
if (ret != 0) { if (ret != 0) {
ERROR("Get hostname error"); ERROR("Get hostname error");
goto cleanup; goto out;
} }
common_config->config->hostname = util_strdup_s(hostname); v2_spec->config->hostname = util_strdup_s(hostname);
} else {
v2_spec->config->hostname = util_strdup_s("localhost");
} }
} }
// create hosts, resolv.conf and so nret = snprintf(file_path, PATH_MAX, "%s/%s/%s", rootpath, id, "hostname");
int nret = snprintf(file_path, PATH_MAX, "%s/%s/%s", rootpath, id, "hosts"); if (nret < 0 || nret >= PATH_MAX) {
if (nret >= PATH_MAX || nret < 0) {
ERROR("Failed to print string"); ERROR("Failed to print string");
ret = -1; ret = -1;
goto cleanup; goto out;
} }
free(common_config->hosts_path);
common_config->hosts_path = util_strdup_s(file_path);
nret = snprintf(file_path, PATH_MAX, "%s/%s/%s", rootpath, id, "resolv.conf");
if (nret >= PATH_MAX || nret < 0) {
ERROR("Failed to print string");
ret = -1;
goto cleanup;
}
free(common_config->resolv_conf_path);
common_config->resolv_conf_path = util_strdup_s(file_path);
cleanup: nret = snprintf(hostname_content, MAX_HOST_NAME_LEN + 2, "%s\n", v2_spec->config->hostname);
if (nret < 0 || (size_t)nret >= sizeof(hostname_content)) {
ERROR("Failed to print string");
ret = -1;
goto out;
}
if (util_write_file(file_path, hostname_content, strlen(hostname_content)) != 0) {
ERROR("Failed to create default hostname");
ret = -1;
goto out;
}
free(v2_spec->hostname_path);
v2_spec->hostname_path = util_strdup_s(file_path);
out:
return ret;
}
static int write_default_hosts(const char *file_path, const char *hostname)
{
int ret = 0;
char *content = NULL;
size_t content_len = 0;
const char *default_config = "127.0.0.1 localhost\n"
"::1 localhost ip6-localhost ip6-loopback\n"
"fe00::0 ip6-localnet\n"
"ff00::0 ip6-mcastprefix\n"
"ff02::1 ip6-allnodes\n"
"ff02::2 ip6-allrouters\n";
const char *loop_ip = "127.0.0.1 ";
if (strlen(hostname) > (((SIZE_MAX - strlen(default_config)) - strlen(loop_ip)) - 2)) {
ret = -1;
goto out_free;
}
content_len = strlen(default_config) + strlen(loop_ip) + strlen(hostname) + 1 + 1;
content = util_common_calloc_s(content_len);
if (content == NULL) {
ERROR("Memory out");
ret = -1;
goto out_free;
}
ret = snprintf(content, content_len, "%s%s%s\n", default_config, loop_ip, hostname);
if (ret < 0 || (size_t)ret >= content_len) {
ERROR("Failed to generate default hosts");
ret = -1;
goto out_free;
}
ret = util_write_file(file_path, content, strlen(content));
if (ret != 0) {
ret = -1;
goto out_free;
}
out_free:
free(content);
return ret;
}
static int create_default_hosts(const char *id, const char *rootpath, bool share_host,
container_config_v2_common_config *v2_spec)
{
int ret = 0;
char file_path[PATH_MAX] = { 0x0 };
ret = snprintf(file_path, PATH_MAX, "%s/%s/%s", rootpath, id, "hosts");
if (ret < 0 || ret >= PATH_MAX) {
ERROR("Failed to print string");
ret = -1;
goto out;
}
if (share_host && util_file_exists(ETC_HOSTS)) {
ret = util_copy_file(ETC_HOSTS, file_path);
} else {
ret = write_default_hosts(file_path, v2_spec->config->hostname);
}
if (ret != 0) {
ERROR("Failed to create default hosts");
goto out;
}
free(v2_spec->hosts_path);
v2_spec->hosts_path = util_strdup_s(file_path);
out:
return ret;
}
static int write_default_resolve(const char *file_path)
{
const char *default_ipv4_dns = "\nnameserver 8.8.8.8\nnameserver 8.8.4.4\n";;
return util_write_file(file_path, default_ipv4_dns, strlen(default_ipv4_dns));
}
static int create_default_resolv(const char *id, const char *rootpath, container_config_v2_common_config *v2_spec)
{
int ret = 0;
char file_path[PATH_MAX] = { 0x0 };
ret = snprintf(file_path, PATH_MAX, "%s/%s/%s", rootpath, id, "resolv.conf");
if (ret < 0 || ret >= PATH_MAX) {
ERROR("Failed to print string");
ret = -1;
goto out;
}
if (util_file_exists(RESOLV_CONF_PATH)) {
ret = util_copy_file(RESOLV_CONF_PATH, file_path);
} else {
ret = write_default_resolve(file_path);
}
if (ret != 0) {
ERROR("Failed to create default resolv.conf");
goto out;
}
free(v2_spec->resolv_conf_path);
v2_spec->resolv_conf_path = util_strdup_s(file_path);
out:
return ret;
}
int init_container_network_confs(const char *id, const char *rootpath, const host_config *hc,
container_config_v2_common_config *v2_spec)
{
int ret = 0;
bool share_host = is_host(hc->network_mode);
// is container mode
if (is_container(hc->network_mode)) {
return init_container_network_confs_container(id, hc, v2_spec);
}
if (create_default_hostname(id, rootpath, share_host, v2_spec) != 0) {
ERROR("Failed to create default hostname");
ret = -1;
goto out;
}
if (create_default_hosts(id, rootpath, share_host, v2_spec) != 0) {
ERROR("Failed to create default hosts");
ret = -1;
goto out;
}
if (create_default_resolv(id, rootpath, v2_spec) != 0) {
ERROR("Failed to create default resolv.conf");
ret = -1;
goto out;
}
out:
return ret; return ret;
} }

248
src/services/execution/execute/execution_stream.c
View File

@ -248,14 +248,129 @@ out:
return ret; return ret;
} }
static int exec_container(container_t *cont, const char *runtime, char * const console_fifos[], const char *user, int merge_exec_process_env(defs_process *spec, const container_config *container_spec, const char **env, size_t env_len)
size_t argc, const char **argv, size_t env_len, const char **env, {
int64_t timeout, const char *suffix, int *exit_code) int ret = 0;
size_t env_count = 0;
size_t i = 0;
if (env_len > LIST_ENV_SIZE_MAX - container_spec->env_len) {
ERROR("The length of envionment variables is too long, the limit is %d", LIST_ENV_SIZE_MAX);
isulad_set_error_message("The length of envionment variables is too long, the limit is %d", LIST_ENV_SIZE_MAX);
ret = -1;
goto out;
}
env_count = container_spec->env_len + env_len;
if (env_count == 0) {
ret = 0;
goto out;
}
spec->env = util_common_calloc_s(env_count * sizeof(char *));
if (spec->env == NULL) {
ERROR("Failed to malloc memory for envionment variables");
ret = -1;
goto out;
}
for (i = 0; i < container_spec->env_len; i++) {
spec->env[spec->env_len] = util_strdup_s(container_spec->env[i]);
spec->env_len++;
}
for (i = 0; i < env_len; i++) {
spec->env[spec->env_len] = util_strdup_s(env[i]);
spec->env_len++;
}
out:
return ret;
}
static int dup_defs_process_user(defs_process_user *src, defs_process_user **dst)
{
int ret = 0;
size_t i;
if (src == NULL) {
return 0;
}
*dst = (defs_process_user *)util_common_calloc_s(sizeof(defs_process_user));
if (*dst == NULL) {
ERROR("Out of memory");
return -1;
}
(*dst)->username = util_strdup_s(src->username);
(*dst)->uid = src->uid;
(*dst)->gid = src->gid;
if (src->additional_gids_len != 0) {
(*dst)->additional_gids = util_common_calloc_s(sizeof(gid_t) * src->additional_gids_len);
if ((*dst)->additional_gids == NULL) {
ERROR("Out of memory");
ret = -1;
goto out;
}
(*dst)->additional_gids_len = src->additional_gids_len;
for (i = 0; i < src->additional_gids_len; i++) {
(*dst)->additional_gids[i] = src->additional_gids[i];
}
}
out:
return ret;
}
static defs_process *make_exec_process_spec(const container_config *container_spec, defs_process_user *puser,
const container_exec_request *request)
{
int ret = 0;
defs_process *spec = NULL;
spec = util_common_calloc_s(sizeof(defs_process));
if (spec == NULL) {
return NULL;
}
ret = merge_exec_process_env(spec, container_spec, (const char **)request->env, request->env_len);
if (ret != 0) {
ERROR("Failed to dup args for exec process spec");
goto err_out;
}
ret = dup_array_of_strings((const char **)request->argv, request->argv_len, &(spec->args), &(spec->args_len));
if (ret != 0) {
ERROR("Failed to dup envs for exec process spec");
goto err_out;
}
ret = dup_defs_process_user(puser, &(spec->user));
if (ret != 0) {
ERROR("Failed to dup process user for exec process spec");
goto err_out;
}
spec->terminal = request->tty;
spec->cwd = util_strdup_s(container_spec->working_dir ? container_spec->working_dir : "/");
return spec;
err_out:
free_defs_process(spec);
return NULL;
}
static int exec_container(container_t *cont, const char *runtime, char * const console_fifos[],
defs_process_user *puser,
const container_exec_request *request, int *exit_code)
{ {
int ret = 0; int ret = 0;
char *engine_log_path = NULL; char *engine_log_path = NULL;
char *loglevel = NULL; char *loglevel = NULL;
char *logdriver = NULL; char *logdriver = NULL;
defs_process *process_spec = NULL;
rt_exec_params_t params = { 0 }; rt_exec_params_t params = { 0 };
loglevel = conf_get_isulad_loglevel(); loglevel = conf_get_isulad_loglevel();
@ -277,17 +392,20 @@ static int exec_container(container_t *cont, const char *runtime, char * const c
goto out; goto out;
} }
process_spec = make_exec_process_spec(cont->common_config->config, puser, request);
if (process_spec == NULL) {
ERROR("Exec: Failed to make process spec");
ret = -1;
goto out;
}
params.loglevel = loglevel; params.loglevel = loglevel;
params.logpath = engine_log_path; params.logpath = engine_log_path;
params.console_fifos = (const char **)console_fifos; params.console_fifos = (const char **)console_fifos;
params.rootpath = cont->root_path; params.rootpath = cont->root_path;
params.timeout = timeout; params.timeout = request->timeout;
params.user = user; params.suffix = request->suffix;
params.args = (const char * const *)argv; params.spec = process_spec;
params.args_len = argc;
params.envs = (const char * const *)env;
params.envs_len = env_len;
params.suffix = suffix;
if (runtime_exec(cont->common_config->id, runtime, &params, exit_code)) { if (runtime_exec(cont->common_config->id, runtime, &params, exit_code)) {
ERROR("Runtime exec container failed"); ERROR("Runtime exec container failed");
@ -299,6 +417,7 @@ out:
free(loglevel); free(loglevel);
free(engine_log_path); free(engine_log_path);
free(logdriver); free(logdriver);
free_defs_process(process_spec);
return ret; return ret;
} }
@ -408,100 +527,23 @@ static void container_exec_cb_end(container_exec_response *response, uint32_t cc
} }
} }
static int get_user_and_groups_conf(const container_t *cont, const char *username, static int get_exec_user_info(const container_t *cont, const char *username, defs_process_user **puser)
oci_runtime_spec_process_user **puser)
{ {
int ret = -1; int ret = 0;
if (username == NULL) {
return 0;
}
if (cont == NULL || cont->common_config == NULL) { *puser = util_common_calloc_s(sizeof(defs_process_user));
ERROR("Can not found container config");
return -1;
}
*puser = util_common_calloc_s(sizeof(oci_runtime_spec_process_user));
if (*puser == NULL) { if (*puser == NULL) {
ERROR("Out of memory"); ERROR("Out of memory");
return -1; return -1;
} }
ret = im_get_user_conf(cont->common_config->image_type, cont->common_config->base_fs, ret = im_get_user_conf(cont->common_config->image_type, cont->common_config->base_fs,
cont->hostconfig, username, *puser); cont->hostconfig, username, *puser);
if (ret != 0) { if (ret != 0) {
ERROR("Get user failed with '%s'", username ? username : ""); ERROR("Get user failed with '%s'", username ? username : "");
free_oci_runtime_spec_process_user(*puser);
*puser = NULL;
}
return ret;
}
// user string(UID:GID)
static int generate_user_string_by_uid_gid(const oci_runtime_spec_process_user *puser, char **user)
{
char uid_str[ISULAD_NUMSTRLEN32] = { 0 };
char gid_str[ISULAD_NUMSTRLEN32] = { 0 };
size_t len;
int nret = snprintf(uid_str, ISULAD_NUMSTRLEN32, "%u", (unsigned int)puser->uid);
if (nret >= ISULAD_NUMSTRLEN32 || nret < 0) {
ERROR("Invalid UID:%u", (unsigned int)puser->uid);
return -1;
}
nret = snprintf(gid_str, ISULAD_NUMSTRLEN32, "%u", (unsigned int)puser->gid);
if (nret >= ISULAD_NUMSTRLEN32 || nret < 0) {
ERROR("Invalid attach uid value :%u", (unsigned int)puser->gid);
return -1;
}
len = strlen(uid_str) + 1 + strlen(gid_str) + 1;
*user = (char *)util_common_calloc_s(len * sizeof(char));
if (*user == NULL) {
ERROR("Out of memory");
return -1;
}
nret = snprintf(*user, len, "%u:%u", (unsigned int)puser->uid, (unsigned int)puser->gid);
if ((size_t)nret >= len || nret < 0) {
ERROR("Invalid UID:GID (%u:%u)", (unsigned int)puser->uid, (unsigned int)puser->gid);
free(*user);
*user = NULL;
return -1;
}
return 0;
}
static int get_exec_user_string(const container_t *cont, const char *username, char **user)
{
int ret = 0;
oci_runtime_spec_process_user *puser = NULL;
if (username == NULL) {
return 0;
}
if (cont == NULL || user == NULL) {
ERROR("Invalid parameters");
return -1;
}
if (get_user_and_groups_conf(cont, username, &puser) != 0) {
ERROR("Failed to get user and groups conf");
ret = -1; ret = -1;
goto out; goto out;
} }
if (generate_user_string_by_uid_gid(puser, user) != 0) {
ret = -1;
goto out;
}
out: out:
free_oci_runtime_spec_process_user(puser);
return ret; return ret;
} }
@ -516,7 +558,7 @@ static int container_exec_cb(const container_exec_request *request, container_ex
char *fifopath = NULL; char *fifopath = NULL;
pthread_t thread_id = 0; pthread_t thread_id = 0;
container_t *cont = NULL; container_t *cont = NULL;
char *user = NULL; defs_process_user *puser = NULL;
DAEMON_CLEAR_ERRMSG(); DAEMON_CLEAR_ERRMSG();
if (request == NULL || response == NULL) { if (request == NULL || response == NULL) {
@ -529,11 +571,6 @@ static int container_exec_cb(const container_exec_request *request, container_ex
} }
id = cont->common_config->id; id = cont->common_config->id;
if (get_exec_user_string(cont, request->user, &user) != 0) {
cc = ISULAD_ERR_EXEC;
goto pack_response;
}
set_log_prefix(id); set_log_prefix(id);
EVENT("Event: {Object: %s, Type: execing}", id); EVENT("Event: {Object: %s, Type: execing}", id);
@ -565,14 +602,19 @@ static int container_exec_cb(const container_exec_request *request, container_ex
goto pack_response; goto pack_response;
} }
if (request->user != NULL) {
if (get_exec_user_info(cont, request->user, &puser) != 0) {
cc = ISULAD_ERR_EXEC;
goto pack_response;
}
}
if (exec_prepare_console(cont, request, stdinfd, stdout_handler, fifos, &fifopath, &sync_fd, &thread_id)) { if (exec_prepare_console(cont, request, stdinfd, stdout_handler, fifos, &fifopath, &sync_fd, &thread_id)) {
cc = ISULAD_ERR_EXEC; cc = ISULAD_ERR_EXEC;
goto pack_response; goto pack_response;
} }
if (exec_container(cont, cont->runtime, (char * const *)fifos, user, request->argv_len, if (exec_container(cont, cont->runtime, (char * const *)fifos, puser, request, &exit_code)) {
(const char **)request->argv, request->env_len,
(const char **)request->env, request->timeout, request->suffix, &exit_code)) {
cc = ISULAD_ERR_EXEC; cc = ISULAD_ERR_EXEC;
goto pack_response; goto pack_response;
} }
@ -586,7 +628,7 @@ pack_response:
free(fifos[1]); free(fifos[1]);
free(fifos[2]); free(fifos[2]);
free(fifopath); free(fifopath);
free(user); free_defs_process_user(puser);
container_unref(cont); container_unref(cont);
free_log_prefix(); free_log_prefix();
@ -2026,6 +2068,7 @@ static int container_logs_cb(const struct isulad_logs_request *request, stream_f
container_t *cont = NULL; container_t *cont = NULL;
struct container_log_config *log_config = NULL; struct container_log_config *log_config = NULL;
struct last_log_file_position last_pos = {0}; struct last_log_file_position last_pos = {0};
Container_Status status = CONTAINER_STATUS_UNKNOWN;
*response = (struct isulad_logs_response *)util_common_calloc_s(sizeof(struct isulad_logs_response)); *response = (struct isulad_logs_response *)util_common_calloc_s(sizeof(struct isulad_logs_response));
if (*response == NULL) { if (*response == NULL) {
@ -2049,6 +2092,11 @@ static int container_logs_cb(const struct isulad_logs_request *request, stream_f
id = cont->common_config->id; id = cont->common_config->id;
set_log_prefix(id); set_log_prefix(id);
status = state_get_status(cont->state);
if (status == CONTAINER_STATUS_CREATED) {
goto out;
}
/* check state of container */ /* check state of container */
if (gc_is_gc_progress(id)) { if (gc_is_gc_progress(id)) {
isulad_set_error_message("can not get logs from container which is dead or marked for removal"); isulad_set_error_message("can not get logs from container which is dead or marked for removal");

326
src/services/execution/manager/container_unix.c
View File

@ -21,8 +21,6 @@
#include "container_unix.h" #include "container_unix.h"
#include "log.h" #include "log.h"
#include "utils.h" #include "utils.h"
#include "container_custom_config.h"
#include "container_start_generate_config.h"
static int parse_container_log_configs(container_t *cont); static int parse_container_log_configs(container_t *cont);
@ -332,175 +330,21 @@ int container_wait_rm_locking(container_t *cont, int timeout)
return ret; return ret;
} }
static int pack_container_config_annotations_from_oci_spec(const oci_runtime_spec *oci_spec,
container_config_v2_common_config *v2_spec)
{
int ret = 0;
size_t i = 0;
if (oci_spec->annotations != NULL && oci_spec->annotations->len) {
if (v2_spec->config == NULL) {
v2_spec->config = util_common_calloc_s(sizeof(container_config));
if (v2_spec->config == NULL) {
ERROR("Out of memory");
ret = -1;
goto out;
}
}
v2_spec->config->annotations = util_common_calloc_s(sizeof(json_map_string_string));
if (v2_spec->config->annotations == NULL) {
ERROR("Out of memory");
ret = -1;
goto out;
}
if (oci_spec->annotations->len > SIZE_MAX / sizeof(char *)) {
ERROR("Annotations list is too long!");
ret = -1;
goto out;
}
v2_spec->config->annotations->keys =
util_common_calloc_s(sizeof(char *) * oci_spec->annotations->len);
if (v2_spec->config->annotations->keys == NULL) {
ERROR("Out of memory");
ret = -1;
goto out;
}
v2_spec->config->annotations->values =
util_common_calloc_s(sizeof(char *) * oci_spec->annotations->len);
if (v2_spec->config->annotations->values == NULL) {
ERROR("Out of memory");
ret = -1;
goto out;
}
for (i = 0; i < oci_spec->annotations->len; i++) {
v2_spec->config->annotations->keys[i] = util_strdup_s(oci_spec->annotations->keys[i]);
v2_spec->config->annotations->values[i] = util_strdup_s(oci_spec->annotations->values[i]);
v2_spec->config->annotations->len++;
}
}
out:
return ret;
}
static int pack_container_config_labels(container_config_v2_common_config *config,
const container_custom_config *custom_spec)
{
int ret = 0;
size_t i = 0;
if (custom_spec->labels != NULL && custom_spec->labels->len) {
if (config->config == NULL) {
config->config = util_common_calloc_s(sizeof(container_config));
if (config->config == NULL) {
ERROR("Out of memory");
ret = -1;
goto out;
}
}
config->config->labels = util_common_calloc_s(sizeof(json_map_string_string));
if (config->config->labels == NULL) {
ERROR("Out of memory");
ret = -1;
goto out;
}
if (custom_spec->labels->len > LIST_SIZE_MAX) {
ERROR("Labels list is too long, the limit is %d", LIST_SIZE_MAX);
isulad_set_error_message("Labels list is too long, the limit is %d", LIST_SIZE_MAX);
ret = -1;
goto out;
}
config->config->labels->keys = util_common_calloc_s(sizeof(char *) * custom_spec->labels->len);
if (config->config->labels->keys == NULL) {
ERROR("Out of memory");
ret = -1;
goto out;
}
config->config->labels->values = util_common_calloc_s(sizeof(char *) * custom_spec->labels->len);
if (config->config->labels->values == NULL) {
ERROR("Out of memory");
ret = -1;
goto out;
}
for (i = 0; i < custom_spec->labels->len; i++) {
config->config->labels->keys[i] = util_strdup_s(custom_spec->labels->keys[i]);
config->config->labels->values[i] = util_strdup_s(custom_spec->labels->values[i]);
config->config->labels->len++;
}
}
out:
return ret;
}
static int pack_container_config_health_check(container_config_v2_common_config *config,
const container_custom_config *custom_spec)
{
int ret = 0;
size_t i = 0;
if (custom_spec != NULL && custom_spec->health_check != NULL) {
if (config->config == NULL) {
config->config = util_common_calloc_s(sizeof(container_config));
if (config->config == NULL) {
ERROR("Out of memory");
ret = -1;
goto out;
}
}
config->config->health_check = util_common_calloc_s(sizeof(defs_health_check));
if (config->config->health_check == NULL) {
ERROR("Out of memory");
ret = -1;
goto out;
}
if (custom_spec->health_check->test != NULL && custom_spec->health_check->test_len != 0) {
if (custom_spec->health_check->test_len > SIZE_MAX / sizeof(char *)) {
ERROR("test list is too long!");
ret = -1;
goto out;
}
config->config->health_check->test =
util_common_calloc_s(sizeof(char *) * custom_spec->health_check->test_len);
if (config->config->health_check->test == NULL) {
ERROR("Out of memory");
ret = -1;
goto out;
}
for (i = 0; i < custom_spec->health_check->test_len; i++) {
config->config->health_check->test[i] = util_strdup_s(custom_spec->health_check->test[i]);
config->config->health_check->test_len++;
}
config->config->health_check->interval = custom_spec->health_check->interval;
config->config->health_check->timeout = custom_spec->health_check->timeout;
config->config->health_check->start_period = custom_spec->health_check->start_period;
config->config->health_check->retries = custom_spec->health_check->retries;
config->config->health_check->exit_on_unhealthy = custom_spec->health_check->exit_on_unhealthy;
}
}
out:
return ret;
}
static inline void add_to_config_v2_args(const char *str, char **args, size_t *args_len) static inline void add_to_config_v2_args(const char *str, char **args, size_t *args_len)
{ {
args[*args_len] = str ? util_strdup_s(str) : NULL; args[*args_len] = str ? util_strdup_s(str) : NULL;
(*args_len)++; (*args_len)++;
} }
static int pack_path_and_args_from_custom_spec(const container_custom_config *custom_spec, static int pack_path_and_args_from_container_spec(const container_config *container_spec,
container_config_v2_common_config *v2_spec) container_config_v2_common_config *v2_spec)
{ {
int ret = 0; int ret = 0;
size_t i, total; size_t i, total;
if (custom_spec->entrypoint != NULL && custom_spec->entrypoint_len > 0) { if (container_spec->entrypoint != NULL && container_spec->entrypoint_len > 0) {
v2_spec->path = util_strdup_s(custom_spec->entrypoint[0]); v2_spec->path = util_strdup_s(container_spec->entrypoint[0]);
total = custom_spec->entrypoint_len + custom_spec->cmd_len - 1; total = container_spec->entrypoint_len + container_spec->cmd_len - 1;
if (total > SIZE_MAX / sizeof(char *)) { if (total > SIZE_MAX / sizeof(char *)) {
ERROR("Container oci spec process args elements is too much!"); ERROR("Container oci spec process args elements is too much!");
@ -517,18 +361,18 @@ static int pack_path_and_args_from_custom_spec(const container_custom_config *cu
ret = -1; ret = -1;
goto out; goto out;
} }
for (i = 1; i < custom_spec->entrypoint_len; i++) { for (i = 1; i < container_spec->entrypoint_len; i++) {
add_to_config_v2_args(custom_spec->entrypoint[i], v2_spec->args, &(v2_spec->args_len)); add_to_config_v2_args(container_spec->entrypoint[i], v2_spec->args, &(v2_spec->args_len));
} }
for (i = 0; i < custom_spec->cmd_len; i++) { for (i = 0; i < container_spec->cmd_len; i++) {
add_to_config_v2_args(custom_spec->cmd[i], v2_spec->args, &(v2_spec->args_len)); add_to_config_v2_args(container_spec->cmd[i], v2_spec->args, &(v2_spec->args_len));
} }
goto out; goto out;
} }
if (custom_spec->cmd != NULL && custom_spec->cmd_len > 0) { if (container_spec->cmd != NULL && container_spec->cmd_len > 0) {
v2_spec->path = util_strdup_s(custom_spec->cmd[0]); v2_spec->path = util_strdup_s(container_spec->cmd[0]);
total = custom_spec->cmd_len - 1; total = container_spec->cmd_len - 1;
if (total > SIZE_MAX / sizeof(char *)) { if (total > SIZE_MAX / sizeof(char *)) {
ERROR("Container oci spec process args elements is too much!"); ERROR("Container oci spec process args elements is too much!");
@ -545,8 +389,8 @@ static int pack_path_and_args_from_custom_spec(const container_custom_config *cu
ret = -1; ret = -1;
goto out; goto out;
} }
for (i = 1; i < custom_spec->cmd_len; i++) { for (i = 1; i < container_spec->cmd_len; i++) {
add_to_config_v2_args(custom_spec->cmd[i], v2_spec->args, &(v2_spec->args_len)); add_to_config_v2_args(container_spec->cmd[i], v2_spec->args, &(v2_spec->args_len));
} }
} }
@ -576,65 +420,22 @@ int v2_spec_make_basic_info(const char *id, const char *name, const char *image_
} }
/* container merge basic v2 spec info */ /* container merge basic v2 spec info */
int v2_spec_merge_custom_spec(const container_custom_config *custom_spec, container_config_v2_common_config *v2_spec) int v2_spec_merge_contaner_spec(container_config_v2_common_config *v2_spec)
{ {
int ret = 0; int ret = 0;
container_config *container_spec = NULL;
if (v2_spec == NULL || custom_spec == NULL) { if (v2_spec == NULL) {
return -1; return -1;
} }
if (custom_spec->log_config != NULL && custom_spec->log_config->log_file != NULL) { container_spec = v2_spec->config;
v2_spec->log_path = util_strdup_s(custom_spec->log_config->log_file);
if (container_spec->log_config != NULL && container_spec->log_config->log_file != NULL) {
v2_spec->log_path = util_strdup_s(container_spec->log_config->log_file);
} }
if (v2_spec->config == NULL) { if (pack_path_and_args_from_container_spec(container_spec, v2_spec) != 0) {
v2_spec->config = util_common_calloc_s(sizeof(container_config));
if (v2_spec->config == NULL) {
ERROR("Failed to malloc container_config_v2_common_config_config");
ret = -1;
goto out;
}
}
v2_spec->config->attach_stdin = custom_spec->attach_stdin;
v2_spec->config->attach_stdout = custom_spec->attach_stdout;
v2_spec->config->attach_stderr = custom_spec->attach_stderr;
v2_spec->config->tty = custom_spec->tty;
v2_spec->config->open_stdin = custom_spec->open_stdin;
if (custom_spec->user != NULL) {
v2_spec->config->user = util_strdup_s(custom_spec->user);
}
if (pack_path_and_args_from_custom_spec(custom_spec, v2_spec) != 0) {
ret = -1;
goto out;
}
ret = dup_array_of_strings((const char **)(custom_spec->cmd), custom_spec->cmd_len,
&(v2_spec->config->cmd), &(v2_spec->config->cmd_len));
if (ret != 0) {
goto out;
}
ret = dup_array_of_strings((const char **)(custom_spec->entrypoint), custom_spec->entrypoint_len,
&(v2_spec->config->entrypoint), &(v2_spec->config->entrypoint_len));
if (ret != 0) {
goto out;
}
ret = pack_container_config_labels(v2_spec, custom_spec);
if (ret != 0) {
ERROR("Failed to pack labels config");
ret = -1;
goto out;
}
ret = pack_container_config_health_check(v2_spec, custom_spec);
if (ret != 0) {
ERROR("Failed to pack health check config");
ret = -1; ret = -1;
goto out; goto out;
} }
@ -643,53 +444,6 @@ out:
return ret; return ret;
} }
static int pack_envs_from_oci_spec(const oci_runtime_spec *oci_spec, const container_config_v2_common_config *v2_spec)
{
int ret = 0;
if (oci_spec->process != NULL && oci_spec->process->env != NULL) {
ret = dup_array_of_strings((const char **)(oci_spec->process->env), oci_spec->process->env_len,
&(v2_spec->config->env), &(v2_spec->config->env_len));
if (ret != 0) {
goto out;
}
}
out:
return ret;
}
static void pack_hostname_from_oci_spec(const oci_runtime_spec *oci_spec,
const container_config_v2_common_config *v2_spec)
{
if (oci_spec->hostname != NULL) {
free(v2_spec->config->hostname);
v2_spec->config->hostname = util_strdup_s(oci_spec->hostname);
}
}
/* container pack common config */
int v2_spec_merge_oci_spec(const oci_runtime_spec *oci_spec, container_config_v2_common_config *v2_spec)
{
if (oci_spec == NULL || v2_spec == NULL) {
ERROR("Invalid inputs for pack container common config");
return -1;
}
if (pack_envs_from_oci_spec(oci_spec, v2_spec) != 0) {
return -1;
}
pack_hostname_from_oci_spec(oci_spec, v2_spec);
if (pack_container_config_annotations_from_oci_spec(oci_spec, v2_spec) != 0) {
ERROR("Failed to pack annotations config");
return -1;
}
return 0;
}
/* save json config file */ /* save json config file */
static int save_json_config_file(const char *id, const char *rootpath, static int save_json_config_file(const char *id, const char *rootpath,
const char *json_data, const char *fname) const char *json_data, const char *fname)
@ -800,37 +554,6 @@ out:
return hostconfig; return hostconfig;
} }
static bool check_start_generate_config(const char *rootpath, const char *id)
{
#define START_GENERATE_CONFIG "start_generate_config.json"
int nret;
bool ret = false;
char filename[PATH_MAX] = { 0x00 };
parser_error err = NULL;
container_start_generate_config *config = NULL;
nret = snprintf(filename, sizeof(filename), "%s/%s/%s", rootpath, id, START_GENERATE_CONFIG);
if (nret < 0 || (size_t)nret >= sizeof(filename)) {
ERROR("Failed to print string");
goto out;
}
if (!util_file_exists(filename)) {
return true;
}
config = container_start_generate_config_parse_file(filename, NULL, &err);
if (config == NULL) {
ERROR("Failed to parse start generate config file:%s", err);
goto out;
}
ret = true;
out:
free(err);
free_container_start_generate_config(config);
return ret;
}
/* container save host config */ /* container save host config */
static int container_save_host_config(const container_t *cont) static int container_save_host_config(const container_t *cont)
{ {
@ -997,9 +720,6 @@ container_t *container_load(const char *runtime, const char *rootpath, const cha
return NULL; return NULL;
} }
if (!check_start_generate_config(rootpath, id)) {
return NULL;
}
v2config = read_config_v2(rootpath, id); v2config = read_config_v2(rootpath, id);
if (v2config == NULL) { if (v2config == NULL) {
ERROR("Failed to read config v2 file:%s", id); ERROR("Failed to read config v2 file:%s", id);
@ -1216,7 +936,7 @@ int container_exit_on_next(container_t *cont)
return ret; return ret;
} }
/* this function should be called in container_lock */ /* this function should be called in container_lock*/
int container_wait_stop(container_t *cont, int timeout) int container_wait_stop(container_t *cont, int timeout)
{ {
int ret = 0; int ret = 0;

5
src/services/execution/manager/container_unix.h
View File

@ -19,7 +19,6 @@
#include "libisulad.h" #include "libisulad.h"
#include "util_atomic.h" #include "util_atomic.h"
#include "container_custom_config.h"
#include "container_config_v2.h" #include "container_config_v2.h"
#include "host_config.h" #include "host_config.h"
#include "container_state.h" #include "container_state.h"
@ -81,9 +80,7 @@ char *container_get_env_nolock(const container_t *cont, const char *key);
int v2_spec_make_basic_info(const char *id, const char *name, const char *image_name, const char *image_type, int v2_spec_make_basic_info(const char *id, const char *name, const char *image_name, const char *image_type,
container_config_v2_common_config *v2_spec); container_config_v2_common_config *v2_spec);
int v2_spec_merge_custom_spec(const container_custom_config *custom_spec, container_config_v2_common_config *v2_spec); int v2_spec_merge_contaner_spec(container_config_v2_common_config *v2_spec);
int v2_spec_merge_oci_spec(const oci_runtime_spec *oci_spec, container_config_v2_common_config *v2_spec);
char *container_get_command(const container_t *cont); char *container_get_command(const container_t *cont);

23
src/services/execution/manager/restore.c
View File

@ -291,18 +291,8 @@ static int restore_state(container_t *cont)
const char *runtime = cont->runtime; const char *runtime = cont->runtime;
rt_status_params_t params = { 0 }; rt_status_params_t params = { 0 };
struct engine_container_status_info real_status = { 0 }; struct engine_container_status_info real_status = { 0 };
Container_Status status = CONTAINER_STATUS_UNKNOWN; Container_Status status = state_get_status(cont->state);
params.rootpath = cont->root_path;
nret = runtime_status(id, runtime, &params, &real_status);
if (nret != 0) {
ERROR("Failed to restore container %s, due to can not load container status", id);
ret = -1;
goto out;
}
status = state_get_status(cont->state);
(void)container_exit_on_next(cont); /* cancel restart policy */ (void)container_exit_on_next(cont); /* cancel restart policy */
#ifdef ENABLE_OCI_IMAGE #ifdef ENABLE_OCI_IMAGE
@ -314,6 +304,14 @@ static int restore_state(container_t *cont)
} }
#endif #endif
params.rootpath = cont->root_path;
nret = runtime_status(id, runtime, &params, &real_status);
if (nret != 0) {
ERROR("Failed to restore container %s, make real status to STOPPED. Due to can not load container with status %d", id,
status);
real_status.status = ENGINE_CONTAINER_STATUS_STOPPED;
}
if (real_status.status == ENGINE_CONTAINER_STATUS_STOPPED) { if (real_status.status == ENGINE_CONTAINER_STATUS_STOPPED) {
ret = restore_stopped_container(status, cont, &need_save); ret = restore_stopped_container(status, cont, &need_save);
if (ret != 0) { if (ret != 0) {
@ -335,12 +333,11 @@ static int restore_state(container_t *cont)
goto out; goto out;
} }
out:
if (is_removal_in_progress(cont->state)) { if (is_removal_in_progress(cont->state)) {
state_reset_removal_in_progress(cont->state); state_reset_removal_in_progress(cont->state);
need_save = true; need_save = true;
} }
out:
if (need_save && container_to_disk(cont) != 0) { if (need_save && container_to_disk(cont) != 0) {
ERROR("Failed to re-save container \"%s\" to disk", id); ERROR("Failed to re-save container \"%s\" to disk", id);
ret = -1; ret = -1;

485
src/services/execution/spec/specs.c
View File

@ -35,7 +35,6 @@
#include "oci_runtime_hooks.h" #include "oci_runtime_hooks.h"
#include "docker_seccomp.h" #include "docker_seccomp.h"
#include "host_config.h" #include "host_config.h"
#include "container_custom_config.h"
#include "utils.h" #include "utils.h"
#include "config.h" #include "config.h"
#include "isulad_config.h" #include "isulad_config.h"
@ -45,6 +44,7 @@
#include "specs_extend.h" #include "specs_extend.h"
#include "image.h" #include "image.h"
#include "path.h" #include "path.h"
#include "constants.h"
#ifndef CLONE_NEWUTS #ifndef CLONE_NEWUTS
#define CLONE_NEWUTS 0x04000000 #define CLONE_NEWUTS 0x04000000
@ -74,26 +74,40 @@
#define CLONE_NEWCGROUP 0x02000000 #define CLONE_NEWCGROUP 0x02000000
#endif #endif
#define OCICONFIGJSON "ociconfig.json" static int make_sure_oci_spec_annotations(oci_runtime_spec *oci_spec)
{
if (oci_spec->annotations == NULL) {
oci_spec->annotations = util_common_calloc_s(sizeof(json_map_string_string));
if (oci_spec->annotations == NULL) {
return -1;
}
}
return 0;
}
static int merge_annotations(oci_runtime_spec *oci_spec, container_custom_config *custom_conf) static int merge_annotations(oci_runtime_spec *oci_spec, const container_config *container_spec)
{ {
int ret = 0; int ret = 0;
size_t i; size_t i;
if (custom_conf->annotations != NULL && custom_conf->annotations->len) { ret = make_sure_oci_spec_annotations(oci_spec);
if (oci_spec->annotations->len > LIST_SIZE_MAX - custom_conf->annotations->len) { if (ret < 0) {
goto out;
}
if (container_spec->annotations != NULL && container_spec->annotations->len) {
if (oci_spec->annotations->len > LIST_SIZE_MAX - container_spec->annotations->len) {
ERROR("Too many annotations to add, the limit is %d", LIST_SIZE_MAX); ERROR("Too many annotations to add, the limit is %d", LIST_SIZE_MAX);
isulad_set_error_message("Too many annotations to add, the limit is %d", LIST_SIZE_MAX); isulad_set_error_message("Too many annotations to add, the limit is %d", LIST_SIZE_MAX);
ret = -1; ret = -1;
goto out; goto out;
} }
for (i = 0; i < custom_conf->annotations->len; i++) { for (i = 0; i < container_spec->annotations->len; i++) {
ret = append_json_map_string_string(oci_spec->annotations, custom_conf->annotations->keys[i], ret = append_json_map_string_string(oci_spec->annotations, container_spec->annotations->keys[i],
custom_conf->annotations->values[i]); container_spec->annotations->values[i]);
if (ret != 0) { if (ret != 0) {
ERROR("Failed to append annotation:%s, value:%s", custom_conf->annotations->keys[i], ERROR("Failed to append annotation:%s, value:%s", container_spec->annotations->keys[i],
custom_conf->annotations->values[i]); container_spec->annotations->values[i]);
goto out; goto out;
} }
} }
@ -102,16 +116,16 @@ out:
return ret; return ret;
} }
static int make_annotations_log_console(const oci_runtime_spec *oci_spec, const container_custom_config *custom_conf) static int make_annotations_log_console(const container_config *container_spec)
{ {
int ret = 0; int ret = 0;
int nret = 0; int nret = 0;
char tmp_str[ISULAD_NUMSTRLEN64] = {0}; char tmp_str[ISULAD_NUMSTRLEN64] = {0};
if (custom_conf->log_config != NULL) { if (container_spec->log_config != NULL) {
if (custom_conf->log_config->log_file != NULL) { if (container_spec->log_config->log_file != NULL) {
if (append_json_map_string_string(oci_spec->annotations, CONTAINER_LOG_CONFIG_KEY_FILE, if (append_json_map_string_string(container_spec->annotations, CONTAINER_LOG_CONFIG_KEY_FILE,
custom_conf->log_config->log_file)) { container_spec->log_config->log_file)) {
ERROR("append log console file failed"); ERROR("append log console file failed");
ret = -1; ret = -1;
goto out; goto out;
@ -119,22 +133,22 @@ static int make_annotations_log_console(const oci_runtime_spec *oci_spec, const
} }
nret = snprintf(tmp_str, sizeof(tmp_str), "%llu", nret = snprintf(tmp_str, sizeof(tmp_str), "%llu",
(unsigned long long)(custom_conf->log_config->log_file_rotate)); (unsigned long long)(container_spec->log_config->log_file_rotate));
if (nret < 0 || (size_t)nret >= sizeof(tmp_str)) { if (nret < 0 || (size_t)nret >= sizeof(tmp_str)) {
ERROR("create rotate string failed"); ERROR("create rotate string failed");
ret = -1; ret = -1;
goto out; goto out;
} }
if (append_json_map_string_string(oci_spec->annotations, CONTAINER_LOG_CONFIG_KEY_ROTATE, tmp_str)) { if (append_json_map_string_string(container_spec->annotations, CONTAINER_LOG_CONFIG_KEY_ROTATE, tmp_str)) {
ERROR("append log console file rotate failed"); ERROR("append log console file rotate failed");
ret = -1; ret = -1;
goto out; goto out;
} }
if (custom_conf->log_config->log_file_size != NULL) { if (container_spec->log_config->log_file_size != NULL) {
if (append_json_map_string_string(oci_spec->annotations, CONTAINER_LOG_CONFIG_KEY_SIZE, if (append_json_map_string_string(container_spec->annotations, CONTAINER_LOG_CONFIG_KEY_SIZE,
custom_conf->log_config->log_file_size)) { container_spec->log_config->log_file_size)) {
ERROR("append log console file size failed"); ERROR("append log console file size failed");
ret = -1; ret = -1;
goto out; goto out;
@ -146,12 +160,12 @@ out:
return ret; return ret;
} }
static int make_annotations_network_mode(const oci_runtime_spec *oci_spec, const host_config *host_spec) static int make_annotations_network_mode(const container_config *container_spec, const host_config *host_spec)
{ {
int ret = 0; int ret = 0;
if (host_spec->network_mode != NULL) { if (host_spec->network_mode != NULL) {
if (append_json_map_string_string(oci_spec->annotations, "host.network.mode", host_spec->network_mode)) { if (append_json_map_string_string(container_spec->annotations, "host.network.mode", host_spec->network_mode)) {
ERROR("append network mode failed"); ERROR("append network mode failed");
ret = -1; ret = -1;
goto out; goto out;
@ -162,12 +176,12 @@ out:
return ret; return ret;
} }
static int make_annotations_system_container(const oci_runtime_spec *oci_spec, const host_config *host_spec) static int make_annotations_system_container(const container_config *container_spec, const host_config *host_spec)
{ {
int ret = 0; int ret = 0;
if (host_spec->system_container) { if (host_spec->system_container) {
if (append_json_map_string_string(oci_spec->annotations, "system.container", "true")) { if (append_json_map_string_string(container_spec->annotations, "system.container", "true")) {
ERROR("Realloc annotations failed"); ERROR("Realloc annotations failed");
ret = -1; ret = -1;
goto out; goto out;
@ -178,7 +192,7 @@ out:
return ret; return ret;
} }
static int make_annotations_cgroup_dir(const oci_runtime_spec *oci_spec, const host_config *host_spec) static int make_annotations_cgroup_dir(const container_config *container_spec, const host_config *host_spec)
{ {
int ret = 0; int ret = 0;
char cleaned[PATH_MAX] = { 0 }; char cleaned[PATH_MAX] = { 0 };
@ -199,7 +213,7 @@ static int make_annotations_cgroup_dir(const oci_runtime_spec *oci_spec, const h
ret = -1; ret = -1;
goto out; goto out;
} }
if (append_json_map_string_string(oci_spec->annotations, "cgroup.dir", cleaned)) { if (append_json_map_string_string(container_spec->annotations, "cgroup.dir", cleaned)) {
ERROR("Realloc annotations failed"); ERROR("Realloc annotations failed");
ret = -1; ret = -1;
goto out; goto out;
@ -210,7 +224,7 @@ out:
return ret; return ret;
} }
static int make_annotations_oom_score_adj(const oci_runtime_spec *oci_spec, const host_config *host_spec) static int make_annotations_oom_score_adj(const container_config *container_spec, const host_config *host_spec)
{ {
int ret = 0; int ret = 0;
char tmp_str[ISULAD_NUMSTRLEN64 + 1] = { 0 }; char tmp_str[ISULAD_NUMSTRLEN64 + 1] = { 0 };
@ -223,7 +237,7 @@ static int make_annotations_oom_score_adj(const oci_runtime_spec *oci_spec, cons
ret = -1; ret = -1;
goto out; goto out;
} }
if (append_json_map_string_string(oci_spec->annotations, "proc.oom_score_adj", tmp_str)) { if (append_json_map_string_string(container_spec->annotations, "proc.oom_score_adj", tmp_str)) {
ERROR("append oom score adj which configure proc filesystem for the container failed "); ERROR("append oom score adj which configure proc filesystem for the container failed ");
ret = -1; ret = -1;
goto out; goto out;
@ -234,7 +248,7 @@ out:
return ret; return ret;
} }
static int make_annotations_files_limit(const oci_runtime_spec *oci_spec, const host_config *host_spec) static int make_annotations_files_limit(const container_config *container_spec, const host_config *host_spec)
{ {
int ret = 0; int ret = 0;
char tmp_str[ISULAD_NUMSTRLEN64 + 1] = { 0 }; char tmp_str[ISULAD_NUMSTRLEN64 + 1] = { 0 };
@ -250,7 +264,7 @@ static int make_annotations_files_limit(const oci_runtime_spec *oci_spec, const
goto out; goto out;
} }
if (append_json_map_string_string(oci_spec->annotations, "files.limit", tmp_str)) { if (append_json_map_string_string(container_spec->annotations, "files.limit", tmp_str)) {
ERROR("append files limit failed"); ERROR("append files limit failed");
ret = -1; ret = -1;
goto out; goto out;
@ -261,63 +275,117 @@ out:
return ret; return ret;
} }
static int make_sure_oci_spec_annotations(oci_runtime_spec *oci_spec) static int make_sure_container_spec_annotations(container_config *container_spec)
{ {
if (oci_spec->annotations == NULL) { if (container_spec->annotations == NULL) {
oci_spec->annotations = util_common_calloc_s(sizeof(json_map_string_string)); container_spec->annotations = util_common_calloc_s(sizeof(json_map_string_string));
if (oci_spec->annotations == NULL) { if (container_spec->annotations == NULL) {
return -1; return -1;
} }
} }
return 0; return 0;
} }
static int make_annotations(oci_runtime_spec *oci_spec, container_custom_config *custom_conf, host_config *host_spec) static inline bool is_valid_umask_value(const char *value)
{
return (strcmp(value, UMASK_NORMAL) == 0 || strcmp(value, UMASK_SECURE) == 0);
}
static int add_native_umask(const container_config *container_spec)
{
int ret = 0;
size_t i = 0;
char *umask = NULL;
for (i = 0; i < container_spec->annotations->len; i++) {
if (strcmp(container_spec->annotations->keys[i], ANNOTATION_UMAKE_KEY) == 0) {
if (!is_valid_umask_value(container_spec->annotations->values[i])) {
ERROR("native.umask option %s not supported", container_spec->annotations->values[i]);
isulad_set_error_message("native.umask option %s not supported", container_spec->annotations->values[i]);
ret = -1;
}
goto out;
}
}
umask = conf_get_isulad_native_umask();
if (umask == NULL) {
ERROR("Failed to get default native umask");
ret = -1;
goto out;
}
if (append_json_map_string_string(container_spec->annotations, ANNOTATION_UMAKE_KEY, umask)) {
ERROR("Failed to append annotations: native.umask=%s", umask);
ret = -1;
goto out;
}
out:
free(umask);
return ret;
}
static int make_annotations(oci_runtime_spec *oci_spec, container_config *container_spec, host_config *host_spec)
{ {
int ret = 0; int ret = 0;
ret = make_sure_oci_spec_annotations(oci_spec); ret = make_sure_container_spec_annotations(container_spec);
if (ret < 0) { if (ret < 0) {
goto out; goto out;
} }
ret = make_annotations_network_mode(oci_spec, host_spec); ret = make_annotations_network_mode(container_spec, host_spec);
if (ret != 0) { if (ret != 0) {
ret = -1; ret = -1;
goto out; goto out;
} }
ret = make_annotations_system_container(oci_spec, host_spec); ret = make_annotations_system_container(container_spec, host_spec);
if (ret != 0) { if (ret != 0) {
ret = -1; ret = -1;
goto out; goto out;
} }
ret = make_annotations_cgroup_dir(oci_spec, host_spec); ret = make_annotations_cgroup_dir(container_spec, host_spec);
if (ret != 0) { if (ret != 0) {
ret = -1; ret = -1;
goto out; goto out;
} }
ret = make_annotations_oom_score_adj(oci_spec, host_spec); ret = make_annotations_oom_score_adj(container_spec, host_spec);
if (ret != 0) { if (ret != 0) {
ret = -1; ret = -1;
goto out; goto out;
} }
ret = make_annotations_files_limit(oci_spec, host_spec); ret = make_annotations_files_limit(container_spec, host_spec);
if (ret != 0) { if (ret != 0) {
ret = -1; ret = -1;
goto out; goto out;
} }
ret = make_annotations_log_console(oci_spec, custom_conf); ret = make_annotations_log_console(container_spec);
if (ret != 0) { if (ret != 0) {
ret = -1; ret = -1;
goto out; goto out;
} }
if (merge_annotations(oci_spec, custom_conf)) { /* add rootfs.mount */
ret = add_rootfs_mount(container_spec);
if (ret != 0) {
ERROR("Failed to add rootfs mount");
goto out;
}
/* add native.umask */
ret = add_native_umask(container_spec);
if (ret != 0) {
ERROR("Failed to add native umask");
goto out;
}
if (merge_annotations(oci_spec, container_spec)) {
ret = -1; ret = -1;
goto out; goto out;
} }
@ -407,7 +475,7 @@ static int make_sure_oci_spec_linux_resources_cpu(oci_runtime_spec *oci_spec)
} }
if (oci_spec->linux->resources->cpu == NULL) { if (oci_spec->linux->resources->cpu == NULL) {
oci_spec->linux->resources->cpu = util_common_calloc_s(sizeof(oci_runtime_config_linux_resources_cpu)); oci_spec->linux->resources->cpu = util_common_calloc_s(sizeof(defs_resources_cpu));
if (oci_spec->linux->resources->cpu == NULL) { if (oci_spec->linux->resources->cpu == NULL) {
return -1; return -1;
} }
@ -532,7 +600,7 @@ static int make_sure_oci_spec_linux_resources_mem(oci_runtime_spec *oci_spec)
} }
if (oci_spec->linux->resources->memory == NULL) { if (oci_spec->linux->resources->memory == NULL) {
oci_spec->linux->resources->memory = util_common_calloc_s(sizeof(oci_runtime_config_linux_resources_memory)); oci_spec->linux->resources->memory = util_common_calloc_s(sizeof(defs_resources_memory));
if (oci_spec->linux->resources->memory == NULL) { if (oci_spec->linux->resources->memory == NULL) {
return -1; return -1;
} }
@ -559,28 +627,9 @@ static int merge_memory_oom_kill_disable(oci_runtime_spec *oci_spec, bool oom_ki
{ {
int ret = 0; int ret = 0;
if (oci_spec->linux == NULL) { ret = make_sure_oci_spec_linux_resources_mem(oci_spec);
oci_spec->linux = util_common_calloc_s(sizeof(oci_runtime_config_linux)); if (ret < 0) {
if (oci_spec->linux == NULL) { goto out;
ret = -1;
goto out;
}
}
if (oci_spec->linux->resources == NULL) {
oci_spec->linux->resources = util_common_calloc_s(sizeof(oci_runtime_config_linux_resources));
if (oci_spec->linux->resources == NULL) {
ret = -1;
goto out;
}
}
if (oci_spec->linux->resources->memory == NULL) {
oci_spec->linux->resources->memory = util_common_calloc_s(sizeof(oci_runtime_config_linux_resources_memory));
if (oci_spec->linux->resources->memory == NULL) {
ret = -1;
goto out;
}
} }
oci_spec->linux->resources->memory->disable_oom_killer = oom_kill_disable; oci_spec->linux->resources->memory->disable_oom_killer = oom_kill_disable;
@ -639,23 +688,23 @@ static int merge_hugetlbs(oci_runtime_spec *oci_spec, host_config_hugetlbs_eleme
int ret = 0; int ret = 0;
size_t i = 0; size_t i = 0;
size_t new_size, old_size; size_t new_size, old_size;
oci_runtime_config_linux_resources_hugepage_limits_element **hugepage_limits_temp = NULL; defs_resources_hugepage_limits_element **hugepage_limits_temp = NULL;
ret = make_sure_oci_spec_linux_resources(oci_spec); ret = make_sure_oci_spec_linux_resources(oci_spec);
if (ret < 0) { if (ret < 0) {
goto out; goto out;
} }
if (hugetlbs_len > SIZE_MAX / sizeof(oci_runtime_config_linux_resources_hugepage_limits_element *) - if (hugetlbs_len > SIZE_MAX / sizeof(defs_resources_hugepage_limits_element *) -
oci_spec->linux->resources->hugepage_limits_len) { oci_spec->linux->resources->hugepage_limits_len) {
ERROR("Too many hugetlbs to merge!"); ERROR("Too many hugetlbs to merge!");
ret = -1; ret = -1;
goto out; goto out;
} }
old_size = oci_spec->linux->resources->hugepage_limits_len * old_size = oci_spec->linux->resources->hugepage_limits_len *
sizeof(oci_runtime_config_linux_resources_hugepage_limits_element *); sizeof(defs_resources_hugepage_limits_element *);
new_size = (oci_spec->linux->resources->hugepage_limits_len + hugetlbs_len) new_size = (oci_spec->linux->resources->hugepage_limits_len + hugetlbs_len)
* sizeof(oci_runtime_config_linux_resources_hugepage_limits_element *); * sizeof(defs_resources_hugepage_limits_element *);
ret = mem_realloc((void **)&hugepage_limits_temp, new_size, ret = mem_realloc((void **)&hugepage_limits_temp, new_size,
oci_spec->linux->resources->hugepage_limits, old_size); oci_spec->linux->resources->hugepage_limits, old_size);
if (ret != 0) { if (ret != 0) {
@ -668,7 +717,7 @@ static int merge_hugetlbs(oci_runtime_spec *oci_spec, host_config_hugetlbs_eleme
for (i = 0; i < hugetlbs_len; i++) { for (i = 0; i < hugetlbs_len; i++) {
oci_spec->linux->resources->hugepage_limits[oci_spec->linux->resources->hugepage_limits_len] oci_spec->linux->resources->hugepage_limits[oci_spec->linux->resources->hugepage_limits_len]
= util_common_calloc_s(sizeof(oci_runtime_config_linux_resources_hugepage_limits_element)); = util_common_calloc_s(sizeof(defs_resources_hugepage_limits_element));
if (oci_spec->linux->resources->hugepage_limits[oci_spec->linux->resources->hugepage_limits_len] == NULL) { if (oci_spec->linux->resources->hugepage_limits[oci_spec->linux->resources->hugepage_limits_len] == NULL) {
ERROR("Failed to malloc memory for hugepage limits"); ERROR("Failed to malloc memory for hugepage limits");
ret = -1; ret = -1;
@ -727,7 +776,7 @@ out:
return ret; return ret;
} }
static void clean_correlated_selinux(oci_runtime_spec_process *process) static void clean_correlated_selinux(defs_process *process)
{ {
if (process == NULL) { if (process == NULL) {
return; return;
@ -851,7 +900,7 @@ static int make_sure_oci_spec_linux_resources_pids(oci_runtime_spec *oci_spec)
} }
if (oci_spec->linux->resources->pids == NULL) { if (oci_spec->linux->resources->pids == NULL) {
oci_spec->linux->resources->pids = util_common_calloc_s(sizeof(oci_runtime_config_linux_resources_pids)); oci_spec->linux->resources->pids = util_common_calloc_s(sizeof(defs_resources_pids));
if (oci_spec->linux->resources->pids == NULL) { if (oci_spec->linux->resources->pids == NULL) {
return -1; return -1;
} }
@ -875,28 +924,12 @@ out:
} }
static int merge_hostname(oci_runtime_spec *oci_spec, const host_config *host_spec, static int merge_hostname(oci_runtime_spec *oci_spec, const host_config *host_spec,
container_custom_config *custom_spec) container_config *container_spec)
{ {
int ret = 0;
if (custom_spec->hostname == NULL) {
if (host_spec->network_mode != NULL && !strcmp(host_spec->network_mode, "host")) {
char hostname[MAX_HOST_NAME_LEN] = { 0x00 };
ret = gethostname(hostname, sizeof(hostname));
if (ret != 0) {
ERROR("Get hostname error");
goto out;
}
custom_spec->hostname = util_strdup_s(hostname);
} else {
custom_spec->hostname = util_strdup_s("localhost");
}
}
free(oci_spec->hostname); free(oci_spec->hostname);
oci_spec->hostname = util_strdup_s(custom_spec->hostname); oci_spec->hostname = util_strdup_s(container_spec->hostname);
out:
return ret; return 0;
} }
static int merge_conf_cgroup_cpu_int64(oci_runtime_spec *oci_spec, const host_config *host_spec) static int merge_conf_cgroup_cpu_int64(oci_runtime_spec *oci_spec, const host_config *host_spec)
@ -1056,7 +1089,7 @@ out:
} }
static int do_merge_one_ulimit_override(const oci_runtime_spec *oci_spec, static int do_merge_one_ulimit_override(const oci_runtime_spec *oci_spec,
oci_runtime_spec_process_rlimits_element *rlimit) defs_process_rlimits_element *rlimit)
{ {
size_t j; size_t j;
bool exists = false; bool exists = false;
@ -1075,7 +1108,7 @@ static int do_merge_one_ulimit_override(const oci_runtime_spec *oci_spec,
} }
if (exists) { if (exists) {
/* override ulimit */ /* override ulimit */
free_oci_runtime_spec_process_rlimits_element(oci_spec->process->rlimits[j]); free_defs_process_rlimits_element(oci_spec->process->rlimits[j]);
oci_spec->process->rlimits[j] = rlimit; oci_spec->process->rlimits[j] = rlimit;
} else { } else {
oci_spec->process->rlimits[oci_spec->process->rlimits_len] = rlimit; oci_spec->process->rlimits[oci_spec->process->rlimits_len] = rlimit;
@ -1087,7 +1120,7 @@ static int do_merge_one_ulimit_override(const oci_runtime_spec *oci_spec,
static int merge_one_ulimit_override(const oci_runtime_spec *oci_spec, const host_config_ulimits_element *ulimit) static int merge_one_ulimit_override(const oci_runtime_spec *oci_spec, const host_config_ulimits_element *ulimit)
{ {
oci_runtime_spec_process_rlimits_element *rlimit = NULL; defs_process_rlimits_element *rlimit = NULL;
if (trans_ulimit_to_rlimit(&rlimit, ulimit) != 0) { if (trans_ulimit_to_rlimit(&rlimit, ulimit) != 0) {
return -1; return -1;
@ -1184,7 +1217,7 @@ out:
return ret; return ret;
} }
static int merge_conf_cgroup(oci_runtime_spec *oci_spec, const host_config *host_spec) int merge_conf_cgroup(oci_runtime_spec *oci_spec, const host_config *host_spec)
{ {
int ret = 0; int ret = 0;
@ -1253,7 +1286,7 @@ static int prepare_process_args(oci_runtime_spec *oci_spec, size_t args_len)
return 0; return 0;
} }
static int replace_entrypoint_cmds_from_spec(const oci_runtime_spec *oci_spec, container_custom_config *custom_spec) static int replace_entrypoint_cmds_from_spec(const oci_runtime_spec *oci_spec, container_config *container_spec)
{ {
if (oci_spec->process->args_len == 0) { if (oci_spec->process->args_len == 0) {
ERROR("No command specified"); ERROR("No command specified");
@ -1261,27 +1294,27 @@ static int replace_entrypoint_cmds_from_spec(const oci_runtime_spec *oci_spec, c
return -1; return -1;
} }
return dup_array_of_strings((const char **)(oci_spec->process->args), oci_spec->process->args_len, return dup_array_of_strings((const char **)(oci_spec->process->args), oci_spec->process->args_len,
&(custom_spec->cmd), &(custom_spec->cmd_len)); &(container_spec->cmd), &(container_spec->cmd_len));
} }
static int merge_conf_args(oci_runtime_spec *oci_spec, container_custom_config *custom_spec) static int merge_conf_args(oci_runtime_spec *oci_spec, container_config *container_spec)
{ {
int ret = 0; int ret = 0;
size_t argslen = 0; size_t argslen = 0;
size_t i = 0; size_t i = 0;
// Reset entrypoint if we do not want to use entrypoint from image // Reset entrypoint if we do not want to use entrypoint from image
if (custom_spec->entrypoint_len == 1 && custom_spec->entrypoint[0][0] == '\0') { if (container_spec->entrypoint_len == 1 && container_spec->entrypoint[0][0] == '\0') {
free(custom_spec->entrypoint[0]); free(container_spec->entrypoint[0]);
custom_spec->entrypoint[0] = NULL; container_spec->entrypoint[0] = NULL;
free(custom_spec->entrypoint); free(container_spec->entrypoint);
custom_spec->entrypoint = NULL; container_spec->entrypoint = NULL;
custom_spec->entrypoint_len = 0; container_spec->entrypoint_len = 0;
} }
argslen = custom_spec->cmd_len; argslen = container_spec->cmd_len;
if (custom_spec->entrypoint_len != 0) { if (container_spec->entrypoint_len != 0) {
argslen += custom_spec->entrypoint_len; argslen += container_spec->entrypoint_len;
} }
if (argslen > LIST_SIZE_MAX) { if (argslen > LIST_SIZE_MAX) {
@ -1291,7 +1324,7 @@ static int merge_conf_args(oci_runtime_spec *oci_spec, container_custom_config *
} }
if (argslen == 0) { if (argslen == 0) {
return replace_entrypoint_cmds_from_spec(oci_spec, custom_spec); return replace_entrypoint_cmds_from_spec(oci_spec, container_spec);
} }
if (prepare_process_args(oci_spec, argslen) < 0) { if (prepare_process_args(oci_spec, argslen) < 0) {
@ -1300,13 +1333,13 @@ static int merge_conf_args(oci_runtime_spec *oci_spec, container_custom_config *
} }
// append commands... to entrypoint // append commands... to entrypoint
for (i = 0; custom_spec->entrypoint != NULL && i < custom_spec->entrypoint_len; i++) { for (i = 0; container_spec->entrypoint != NULL && i < container_spec->entrypoint_len; i++) {
oci_spec->process->args[oci_spec->process->args_len] = util_strdup_s(custom_spec->entrypoint[i]); oci_spec->process->args[oci_spec->process->args_len] = util_strdup_s(container_spec->entrypoint[i]);
oci_spec->process->args_len++; oci_spec->process->args_len++;
} }
for (i = 0; custom_spec->cmd != NULL && i < custom_spec->cmd_len; i++) { for (i = 0; container_spec->cmd != NULL && i < container_spec->cmd_len; i++) {
oci_spec->process->args[oci_spec->process->args_len] = util_strdup_s(custom_spec->cmd[i]); oci_spec->process->args[oci_spec->process->args_len] = util_strdup_s(container_spec->cmd[i]);
oci_spec->process->args_len++; oci_spec->process->args_len++;
} }
@ -1321,7 +1354,7 @@ static int merge_share_namespace_helper(const oci_runtime_spec *oci_spec, const
size_t len = 0; size_t len = 0;
size_t org_len = 0; size_t org_len = 0;
size_t i = 0; size_t i = 0;
oci_runtime_defs_linux_namespace_reference **work_ns = NULL; defs_namespace_reference **work_ns = NULL;
org_len = oci_spec->linux->namespaces_len; org_len = oci_spec->linux->namespaces_len;
len = oci_spec->linux->namespaces_len; len = oci_spec->linux->namespaces_len;
@ -1329,7 +1362,7 @@ static int merge_share_namespace_helper(const oci_runtime_spec *oci_spec, const
tmp_mode = get_share_namespace_path(type, mode); tmp_mode = get_share_namespace_path(type, mode);
for (i = 0; i < org_len; i++) { for (i = 0; i < org_len; i++) {
if (strcmp(mode, work_ns[i]->type) == 0) { if (strcmp(type, work_ns[i]->type) == 0) {
free(work_ns[i]->path); free(work_ns[i]->path);
work_ns[i]->path = NULL; work_ns[i]->path = NULL;
if (tmp_mode != NULL) { if (tmp_mode != NULL) {
@ -1338,20 +1371,21 @@ static int merge_share_namespace_helper(const oci_runtime_spec *oci_spec, const
break; break;
} }
} }
if (i >= org_len) { if (i >= org_len) {
if (len > (SIZE_MAX / sizeof(oci_runtime_defs_linux_namespace_reference *)) - 1) { if (len > (SIZE_MAX / sizeof(defs_namespace_reference *)) - 1) {
ret = -1; ret = -1;
ERROR("Out of memory"); ERROR("Out of memory");
goto out; goto out;
} }
ret = mem_realloc((void **)&work_ns, (len + 1) * sizeof(oci_runtime_defs_linux_namespace_reference *), ret = mem_realloc((void **)&work_ns, (len + 1) * sizeof(defs_namespace_reference *),
(void *)work_ns, len * sizeof(oci_runtime_defs_linux_namespace_reference *)); (void *)work_ns, len * sizeof(defs_namespace_reference *));
if (ret != 0) { if (ret != 0) {
ERROR("Out of memory"); ERROR("Out of memory");
goto out; goto out;
} }
work_ns[len] = util_common_calloc_s(sizeof(oci_runtime_defs_linux_namespace_reference)); work_ns[len] = util_common_calloc_s(sizeof(defs_namespace_reference));
if (work_ns[len] == NULL) { if (work_ns[len] == NULL) {
ERROR("Out of memory"); ERROR("Out of memory");
ret = -1; ret = -1;
@ -1495,7 +1529,7 @@ out:
} }
static int merge_settings_for_system_container(oci_runtime_spec *oci_spec, host_config *host_spec, static int merge_settings_for_system_container(oci_runtime_spec *oci_spec, host_config *host_spec,
container_custom_config *custom_spec) container_config *container_spec)
{ {
int ret = -1; int ret = -1;
@ -1519,8 +1553,8 @@ static int merge_settings_for_system_container(oci_runtime_spec *oci_spec, host_
} }
// append mounts of oci_spec // append mounts of oci_spec
if (custom_spec->ns_change_opt != NULL) { if (container_spec->ns_change_opt != NULL) {
ret = adapt_settings_for_mounts(oci_spec, custom_spec); ret = adapt_settings_for_mounts(oci_spec, container_spec);
if (ret != 0) { if (ret != 0) {
ERROR("Failed to adapt settings for ns_change_opt"); ERROR("Failed to adapt settings for ns_change_opt");
goto out; goto out;
@ -1532,7 +1566,7 @@ out:
} }
static int merge_resources_conf(oci_runtime_spec *oci_spec, host_config *host_spec, static int merge_resources_conf(oci_runtime_spec *oci_spec, host_config *host_spec,
container_custom_config *custom_spec, container_config_v2_common_config *common_config) container_config_v2_common_config *v2_spec)
{ {
int ret = 0; int ret = 0;
@ -1551,7 +1585,7 @@ static int merge_resources_conf(oci_runtime_spec *oci_spec, host_config *host_sp
goto out; goto out;
} }
ret = merge_conf_mounts(oci_spec, custom_spec, host_spec, common_config); ret = merge_conf_mounts(oci_spec, host_spec, v2_spec);
if (ret) { if (ret) {
goto out; goto out;
} }
@ -1559,18 +1593,33 @@ out:
return ret; return ret;
} }
static int merge_process_conf(oci_runtime_spec *oci_spec, const host_config *host_spec, static int merge_terminal(oci_runtime_spec *oci_spec, bool terminal)
container_custom_config *custom_spec)
{ {
int ret = 0; int ret = 0;
ret = merge_conf_args(oci_spec, custom_spec); ret = make_sure_oci_spec_process(oci_spec);
if (ret < 0) {
goto out;
}
oci_spec->process->terminal = terminal;
out:
return ret;
}
static int merge_process_conf(oci_runtime_spec *oci_spec, const host_config *host_spec,
container_config *container_spec)
{
int ret = 0;
ret = merge_conf_args(oci_spec, container_spec);
if (ret != 0) { if (ret != 0) {
goto out; goto out;
} }
/* environment variables */ /* environment variables */
ret = merge_env(oci_spec, (const char **)custom_spec->env, custom_spec->env_len); ret = merge_env(oci_spec, (const char **)container_spec->env, container_spec->env_len);
if (ret != 0) { if (ret != 0) {
ERROR("Failed to merge environment variables"); ERROR("Failed to merge environment variables");
goto out; goto out;
@ -1584,7 +1633,7 @@ static int merge_process_conf(oci_runtime_spec *oci_spec, const host_config *hos
} }
/* working dir */ /* working dir */
ret = merge_working_dir(oci_spec, custom_spec->working_dir); ret = merge_working_dir(oci_spec, container_spec->working_dir);
if (ret != 0) { if (ret != 0) {
ERROR("Failed to merge working dir"); ERROR("Failed to merge working dir");
goto out; goto out;
@ -1597,6 +1646,13 @@ static int merge_process_conf(oci_runtime_spec *oci_spec, const host_config *hos
goto out; goto out;
} }
/* merge whether allocate a pseudo-TTY */
ret = merge_terminal(oci_spec, container_spec->tty);
if (ret != 0) {
ERROR("Failed to merge process terminal");
goto out;
}
out: out:
return ret; return ret;
} }
@ -1630,17 +1686,25 @@ out:
} }
static int merge_conf(oci_runtime_spec *oci_spec, host_config *host_spec, int merge_all_specs(host_config *host_spec, const char *real_rootfs,
container_custom_config *custom_spec, container_config_v2_common_config *common_config) container_config_v2_common_config *v2_spec, oci_runtime_spec *oci_spec)
{ {
int ret = 0; int ret = 0;
ret = merge_resources_conf(oci_spec, host_spec, custom_spec, common_config); ret = merge_root(oci_spec, real_rootfs, host_spec);
if (ret != 0) {
ERROR("Failed to merge root");
goto out;
}
v2_spec->base_fs = util_strdup_s(real_rootfs);
ret = merge_resources_conf(oci_spec, host_spec, v2_spec);
if (ret != 0) { if (ret != 0) {
goto out; goto out;
} }
ret = merge_process_conf(oci_spec, host_spec, custom_spec); ret = merge_process_conf(oci_spec, host_spec, v2_spec->config);
if (ret != 0) { if (ret != 0) {
goto out; goto out;
} }
@ -1659,7 +1723,7 @@ static int merge_conf(oci_runtime_spec *oci_spec, host_config *host_spec,
} }
/* settings for system container */ /* settings for system container */
ret = merge_settings_for_system_container(oci_spec, host_spec, custom_spec); ret = merge_settings_for_system_container(oci_spec, host_spec, v2_spec->config);
if (ret != 0) { if (ret != 0) {
ERROR("Failed to merge system container conf"); ERROR("Failed to merge system container conf");
goto out; goto out;
@ -1672,13 +1736,13 @@ static int merge_conf(oci_runtime_spec *oci_spec, host_config *host_spec,
goto out; goto out;
} }
ret = merge_hostname(oci_spec, host_spec, custom_spec); ret = merge_hostname(oci_spec, host_spec, v2_spec->config);
if (ret != 0) { if (ret != 0) {
ERROR("Failed to merge hostname"); ERROR("Failed to merge hostname");
goto out; goto out;
} }
ret = make_annotations(oci_spec, custom_spec, host_spec); ret = make_annotations(oci_spec, v2_spec->config, host_spec);
if (ret != 0) { if (ret != 0) {
ret = -1; ret = -1;
goto out; goto out;
@ -1700,97 +1764,6 @@ out:
return ret; return ret;
} }
/* merge the default config with host config and image config and custom config */
oci_runtime_spec *merge_container_config(const char *id, const char *image_type, const char *image_name,
const char *ext_config_image, host_config *host_spec,
container_custom_config *custom_spec,
container_config_v2_common_config *v2_spec, char **real_rootfs)
{
oci_runtime_spec *oci_spec = NULL;
parser_error err = NULL;
int ret = 0;
oci_spec = default_spec(host_spec->system_container);
if (oci_spec == NULL) {
goto out;
}
ret = make_sure_oci_spec_linux(oci_spec);
if (ret < 0) {
goto out;
}
ret = im_merge_image_config(id, image_type, image_name, ext_config_image, oci_spec, host_spec,
custom_spec, real_rootfs);
if (ret != 0) {
ERROR("Can not merge with image config");
goto free_out;
}
if (*real_rootfs != NULL) {
ret = merge_root(oci_spec, *real_rootfs, host_spec);
if (ret != 0) {
ERROR("Failed to merge root");
goto free_out;
}
v2_spec->base_fs = util_strdup_s(*real_rootfs);
}
ret = merge_conf(oci_spec, host_spec, custom_spec, v2_spec);
if (ret != 0) {
ERROR("Failed to merge config");
goto free_out;
}
goto out;
free_out:
free_oci_runtime_spec(oci_spec);
oci_spec = NULL;
out:
free(err);
return oci_spec;
}
static inline bool is_valid_umask_value(const char *value)
{
return (strcmp(value, UMASK_NORMAL) == 0 || strcmp(value, UMASK_SECURE) == 0);
}
static int add_native_umask(const oci_runtime_spec *container)
{
int ret = 0;
size_t i = 0;
char *umask = NULL;
for (i = 0; i < container->annotations->len; i++) {
if (strcmp(container->annotations->keys[i], ANNOTATION_UMAKE_KEY) == 0) {
if (!is_valid_umask_value(container->annotations->values[i])) {
ERROR("native.umask option %s not supported", container->annotations->values[i]);
isulad_set_error_message("native.umask option %s not supported", container->annotations->values[i]);
ret = -1;
}
goto out;
}
}
umask = conf_get_isulad_native_umask();
if (umask == NULL) {
ERROR("Failed to get default native umask");
ret = -1;
goto out;
}
if (append_json_map_string_string(container->annotations, ANNOTATION_UMAKE_KEY, umask)) {
ERROR("Failed to append annotations: native.umask=%s", umask);
ret = -1;
goto out;
}
out:
free(umask);
return ret;
}
/* merge the default config with host config and custom config */ /* merge the default config with host config and custom config */
int merge_global_config(oci_runtime_spec *oci_spec) int merge_global_config(oci_runtime_spec *oci_spec)
{ {
@ -1808,33 +1781,19 @@ int merge_global_config(oci_runtime_spec *oci_spec)
goto out; goto out;
} }
/* add rootfs.mount */
ret = add_rootfs_mount(oci_spec);
if (ret != 0) {
ERROR("Failed to add rootfs mount");
goto out;
}
/* add native.umask */
ret = add_native_umask(oci_spec);
if (ret != 0) {
ERROR("Failed to add native umask");
goto out;
}
out: out:
return ret; return ret;
} }
/* read oci config */ /* read oci config */
oci_runtime_spec *read_oci_config(const char *rootpath, const char *name) oci_runtime_spec *load_oci_config(const char *rootpath, const char *name)
{ {
int nret; int nret;
char filename[PATH_MAX] = { 0x00 }; char filename[PATH_MAX] = { 0x00 };
parser_error err = NULL; parser_error err = NULL;
oci_runtime_spec *ociconfig = NULL; oci_runtime_spec *ociconfig = NULL;
nret = snprintf(filename, sizeof(filename), "%s/%s/%s", rootpath, name, OCICONFIGJSON); nret = snprintf(filename, sizeof(filename), "%s/%s/%s", rootpath, name, OCI_CONFIG_JSON);
if (nret < 0 || (size_t)nret >= sizeof(filename)) { if (nret < 0 || (size_t)nret >= sizeof(filename)) {
ERROR("Failed to print string"); ERROR("Failed to print string");
goto out; goto out;
@ -1851,3 +1810,39 @@ out:
return ociconfig; return ociconfig;
} }
int save_oci_config(const char *id, const char *rootpath, const oci_runtime_spec *oci_spec)
{
int ret = 0;
int nret = 0;
char *json_container = NULL;
char file_path[PATH_MAX] = { 0x0 };
struct parser_context ctx = { OPT_PARSE_STRICT, stderr };
parser_error err = NULL;
nret = snprintf(file_path, PATH_MAX, "%s/%s/%s", rootpath, id, OCI_CONFIG_JSON);
if (nret < 0 || nret >= PATH_MAX) {
ERROR("Failed to print string");
ret = -1;
goto out_free;
}
json_container = oci_runtime_spec_generate_json(oci_spec, &ctx, &err);
if (json_container == NULL) {
ERROR("Failed to generate json: %s", err);
ret = -1;
goto out_free;
}
if (util_write_file(file_path, json_container, strlen(json_container)) != 0) {
ERROR("write json container failed: %s", strerror(errno));
ret = -1;
goto out_free;
}
out_free:
free(err);
free(json_container);
return ret;
}

15
src/services/execution/spec/specs.h
View File

@ -18,17 +18,20 @@
#include <stdint.h> #include <stdint.h>
#include "libisulad.h" #include "libisulad.h"
#include "host_config.h" #include "host_config.h"
#include "container_custom_config.h"
#include "container_config_v2.h" #include "container_config_v2.h"
#include "oci_runtime_hooks.h" #include "oci_runtime_hooks.h"
#include "oci_runtime_spec.h" #include "oci_runtime_spec.h"
oci_runtime_spec *merge_container_config(const char *id, const char *image_type, const char *image_name,
const char *ext_image_name, host_config *host_spec, int merge_all_specs(host_config *host_spec,
container_custom_config *custom_spec, const char *real_rootfs,
container_config_v2_common_config *v2_spec, char **real_rootfs); container_config_v2_common_config *v2_spec, oci_runtime_spec *oci_spec);
int merge_global_config(oci_runtime_spec *oci_spec); int merge_global_config(oci_runtime_spec *oci_spec);
oci_runtime_spec *read_oci_config(const char *rootpath, const char *name); oci_runtime_spec *load_oci_config(const char *rootpath, const char *name);
oci_runtime_spec *default_spec(bool system_container);
int merge_conf_cgroup(oci_runtime_spec *oci_spec, const host_config *host_spec);
int save_oci_config(const char *id, const char *rootpath, const oci_runtime_spec *oci_spec);
#endif #endif

81
src/services/execution/spec/specs_extend.c
View File

@ -32,7 +32,6 @@
#include "log.h" #include "log.h"
#include "oci_runtime_spec.h" #include "oci_runtime_spec.h"
#include "host_config.h" #include "host_config.h"
#include "container_custom_config.h"
#include "utils.h" #include "utils.h"
#include "config.h" #include "config.h"
#include "path.h" #include "path.h"
@ -572,7 +571,7 @@ static bool b_user_found(const char *user, const struct passwd *pwbufp)
} }
static int proc_by_fpasswd(FILE *f_passwd, const char *user, oci_runtime_spec_process_user *puser, static int proc_by_fpasswd(FILE *f_passwd, const char *user, defs_process_user *puser,
char **matched_username) char **matched_username)
{ {
int ret = 0; int ret = 0;
@ -659,7 +658,7 @@ static int append_additional_gids(gid_t gid, gid_t **additional_gids, size_t *le
return 0; return 0;
} }
static int search_group_list(struct group *gbufp, const char *username, oci_runtime_spec_process_user *puser) static int search_group_list(struct group *gbufp, const char *username, defs_process_user *puser)
{ {
char **username_list = gbufp->gr_mem; char **username_list = gbufp->gr_mem;
while (username_list != NULL && *username_list != NULL) { while (username_list != NULL && *username_list != NULL) {
@ -694,7 +693,7 @@ static bool check_group_found(const char *group, const struct group *gbufp)
return false; return false;
} }
static int do_proc_by_froup(FILE *f_group, const char *group, oci_runtime_spec_process_user *puser, static int do_proc_by_froup(FILE *f_group, const char *group, defs_process_user *puser,
const char *matched_username, int *groupcnt) const char *matched_username, int *groupcnt)
{ {
int errval = 0; int errval = 0;
@ -729,7 +728,7 @@ static int do_proc_by_froup(FILE *f_group, const char *group, oci_runtime_spec_p
return 0; return 0;
} }
static int proc_by_fgroup(FILE *f_group, const char *group, oci_runtime_spec_process_user *puser, static int proc_by_fgroup(FILE *f_group, const char *group, defs_process_user *puser,
const char *matched_username) const char *matched_username)
{ {
int ret = 0; int ret = 0;
@ -764,7 +763,7 @@ out:
return ret; return ret;
} }
static int get_exec_user(const char *username, FILE *f_passwd, FILE *f_group, oci_runtime_spec_process_user *puser) static int get_exec_user(const char *username, FILE *f_passwd, FILE *f_group, defs_process_user *puser)
{ {
int ret = 0; int ret = 0;
char *tmp = NULL; char *tmp = NULL;
@ -831,7 +830,7 @@ static bool group_matched(const char *group, const struct group *gbufp)
} }
static int get_one_additional_group(const char *additional_group, struct group *groups, size_t groups_len, static int get_one_additional_group(const char *additional_group, struct group *groups, size_t groups_len,
oci_runtime_spec_process_user *puser) defs_process_user *puser)
{ {
int ret = 0; int ret = 0;
int gret = -1; int gret = -1;
@ -878,7 +877,7 @@ out:
int get_additional_groups(char **additional_groups, size_t additional_groups_len, int get_additional_groups(char **additional_groups, size_t additional_groups_len,
FILE *f_group, oci_runtime_spec_process_user *puser) FILE *f_group, defs_process_user *puser)
{ {
int ret = 0; int ret = 0;
size_t i; size_t i;
@ -942,7 +941,7 @@ static int resolve_basefs(const char *basefs, char **resolved_basefs)
return 0; return 0;
} }
int get_user(const char *basefs, const host_config *hc, const char *userstr, oci_runtime_spec_process_user *puser) int get_user(const char *basefs, const host_config *hc, const char *userstr, defs_process_user *puser)
{ {
int ret = 0; int ret = 0;
FILE *f_passwd = NULL; FILE *f_passwd = NULL;
@ -1002,46 +1001,9 @@ cleanup:
return ret; return ret;
} }
static int make_sure_oci_spec_porcess_user(oci_runtime_spec *oci_spec)
{
int ret = 0;
ret = make_sure_oci_spec_process(oci_spec);
if (ret < 0) {
return -1;
}
if (oci_spec->process->user == NULL) {
oci_spec->process->user = util_common_calloc_s(sizeof(oci_runtime_spec_process_user));
if (oci_spec->process->user == NULL) {
return -1;
}
}
return 0;
}
int merge_user(const char *basefs, oci_runtime_spec *oci_spec, const host_config *hc, const char *user)
{
int ret = 0;
ret = make_sure_oci_spec_porcess_user(oci_spec);
if (ret < 0) {
goto out;
}
if (get_user(basefs, hc, user, oci_spec->process->user)) {
ERROR("Failed to get user with '%s'", user ? user : "");
ret = -1;
goto out;
}
out:
return ret;
}
char *oci_container_get_env(const oci_runtime_spec *oci_spec, const char *key) char *oci_container_get_env(const oci_runtime_spec *oci_spec, const char *key)
{ {
const oci_runtime_spec_process *op = NULL; const defs_process *op = NULL;
if (oci_spec == NULL) { if (oci_spec == NULL) {
ERROR("nil oci_spec"); ERROR("nil oci_spec");
@ -1070,7 +1032,7 @@ int make_sure_oci_spec_linux(oci_runtime_spec *oci_spec)
int make_sure_oci_spec_process(oci_runtime_spec *oci_spec) int make_sure_oci_spec_process(oci_runtime_spec *oci_spec)
{ {
if (oci_spec->process == NULL) { if (oci_spec->process == NULL) {
oci_spec->process = util_common_calloc_s(sizeof(oci_runtime_spec_process)); oci_spec->process = util_common_calloc_s(sizeof(defs_process));
if (oci_spec->process == NULL) { if (oci_spec->process == NULL) {
return -1; return -1;
} }
@ -1088,7 +1050,7 @@ int make_sure_oci_spec_linux_resources(oci_runtime_spec *oci_spec)
} }
if (oci_spec->linux->resources == NULL) { if (oci_spec->linux->resources == NULL) {
oci_spec->linux->resources = util_common_calloc_s(sizeof(oci_runtime_config_linux_resources)); oci_spec->linux->resources = util_common_calloc_s(sizeof(defs_resources));
if (oci_spec->linux->resources == NULL) { if (oci_spec->linux->resources == NULL) {
return -1; return -1;
} }
@ -1106,8 +1068,7 @@ int make_sure_oci_spec_linux_resources_blkio(oci_runtime_spec *oci_spec)
} }
if (oci_spec->linux->resources->block_io == NULL) { if (oci_spec->linux->resources->block_io == NULL) {
oci_spec->linux->resources->block_io = oci_spec->linux->resources->block_io = util_common_calloc_s(sizeof(defs_resources_block_io));
util_common_calloc_s(sizeof(oci_runtime_config_linux_resources_block_io));
if (oci_spec->linux->resources->block_io == NULL) { if (oci_spec->linux->resources->block_io == NULL) {
return -1; return -1;
} }
@ -1119,21 +1080,21 @@ int merge_ulimits_pre(oci_runtime_spec *oci_spec, size_t host_ulimits_len)
{ {
int ret; int ret;
size_t new_size, old_size, tmp; size_t new_size, old_size, tmp;
oci_runtime_spec_process_rlimits_element **rlimits_temp = NULL; defs_process_rlimits_element **rlimits_temp = NULL;
ret = make_sure_oci_spec_process(oci_spec); ret = make_sure_oci_spec_process(oci_spec);
if (ret < 0) { if (ret < 0) {
goto out; goto out;
} }
tmp = SIZE_MAX / sizeof(oci_runtime_spec_process_rlimits_element *) - oci_spec->process->rlimits_len; tmp = SIZE_MAX / sizeof(defs_process_rlimits_element *) - oci_spec->process->rlimits_len;
if (host_ulimits_len > tmp) { if (host_ulimits_len > tmp) {
ERROR("Too many rlimits to merge!"); ERROR("Too many rlimits to merge!");
ret = -1; ret = -1;
goto out; goto out;
} }
old_size = oci_spec->process->rlimits_len * sizeof(oci_runtime_spec_process_rlimits_element *); old_size = oci_spec->process->rlimits_len * sizeof(defs_process_rlimits_element *);
new_size = (oci_spec->process->rlimits_len + host_ulimits_len) * sizeof(oci_runtime_spec_process_rlimits_element *); new_size = (oci_spec->process->rlimits_len + host_ulimits_len) * sizeof(defs_process_rlimits_element *);
ret = mem_realloc((void **)&rlimits_temp, new_size, oci_spec->process->rlimits, old_size); ret = mem_realloc((void **)&rlimits_temp, new_size, oci_spec->process->rlimits, old_size);
if (ret != 0) { if (ret != 0) {
ERROR("Failed to realloc memory for rlimits"); ERROR("Failed to realloc memory for rlimits");
@ -1145,14 +1106,14 @@ out:
return ret; return ret;
} }
int trans_ulimit_to_rlimit(oci_runtime_spec_process_rlimits_element **rlimit_dst, int trans_ulimit_to_rlimit(defs_process_rlimits_element **rlimit_dst,
const host_config_ulimits_element *ulimit) const host_config_ulimits_element *ulimit)
{ {
#define RLIMIT_PRE "RLIMIT_" #define RLIMIT_PRE "RLIMIT_"
int ret = 0; int ret = 0;
size_t j, namelen; size_t j, namelen;
char *typename = NULL; char *typename = NULL;
oci_runtime_spec_process_rlimits_element *rlimit = NULL; defs_process_rlimits_element *rlimit = NULL;
// name + "RLIMIT_" + '\0' // name + "RLIMIT_" + '\0'
if (strlen(ulimit->name) > ((SIZE_MAX - strlen(RLIMIT_PRE)) - 1)) { if (strlen(ulimit->name) > ((SIZE_MAX - strlen(RLIMIT_PRE)) - 1)) {
@ -1173,7 +1134,7 @@ int trans_ulimit_to_rlimit(oci_runtime_spec_process_rlimits_element **rlimit_dst
typename[j + strlen(RLIMIT_PRE)] = (char)toupper((int)(ulimit->name[j])); typename[j + strlen(RLIMIT_PRE)] = (char)toupper((int)(ulimit->name[j]));
} }
rlimit = util_common_calloc_s(sizeof(oci_runtime_spec_process_rlimits_element)); rlimit = util_common_calloc_s(sizeof(defs_process_rlimits_element));
if (rlimit == NULL) { if (rlimit == NULL) {
ERROR("Failed to malloc memory for rlimit"); ERROR("Failed to malloc memory for rlimit");
ret = -1; ret = -1;
@ -1191,7 +1152,7 @@ out:
return ret; return ret;
} }
static int do_merge_one_ulimit(const oci_runtime_spec *oci_spec, oci_runtime_spec_process_rlimits_element *rlimit) static int do_merge_one_ulimit(const oci_runtime_spec *oci_spec, defs_process_rlimits_element *rlimit)
{ {
size_t j; size_t j;
bool exists = false; bool exists = false;
@ -1222,7 +1183,7 @@ static int do_merge_one_ulimit(const oci_runtime_spec *oci_spec, oci_runtime_spe
static int merge_one_ulimit(const oci_runtime_spec *oci_spec, const host_config_ulimits_element *ulimit) static int merge_one_ulimit(const oci_runtime_spec *oci_spec, const host_config_ulimits_element *ulimit)
{ {
oci_runtime_spec_process_rlimits_element *rlimit = NULL; defs_process_rlimits_element *rlimit = NULL;
if (trans_ulimit_to_rlimit(&rlimit, ulimit) != 0) { if (trans_ulimit_to_rlimit(&rlimit, ulimit) != 0) {
return -1; return -1;

7
src/services/execution/spec/specs_extend.h
View File

@ -18,7 +18,6 @@
#include <stdint.h> #include <stdint.h>
#include "libisulad.h" #include "libisulad.h"
#include "host_config.h" #include "host_config.h"
#include "container_custom_config.h"
#include "container_config_v2.h" #include "container_config_v2.h"
#include "oci_runtime_hooks.h" #include "oci_runtime_hooks.h"
#include "oci_runtime_spec.h" #include "oci_runtime_spec.h"
@ -43,7 +42,7 @@ int merge_global_ulimit(oci_runtime_spec *oci_spec);
int merge_ulimits_pre(oci_runtime_spec *oci_spec, size_t host_ulimits_len); int merge_ulimits_pre(oci_runtime_spec *oci_spec, size_t host_ulimits_len);
int trans_ulimit_to_rlimit(oci_runtime_spec_process_rlimits_element **rlimit_dst, int trans_ulimit_to_rlimit(defs_process_rlimits_element **rlimit_dst,
const host_config_ulimits_element *ulimit); const host_config_ulimits_element *ulimit);
int make_userns_remap(oci_runtime_spec *container, const char *user_remap); int make_userns_remap(oci_runtime_spec *container, const char *user_remap);
@ -52,11 +51,9 @@ int merge_env(oci_runtime_spec *oci_spec, const char **env, size_t env_len);
int merge_env_target_file(oci_runtime_spec *oci_spec, const char *env_target_file); int merge_env_target_file(oci_runtime_spec *oci_spec, const char *env_target_file);
int merge_user(const char *basefs, oci_runtime_spec *oci_spec, const host_config *hc, const char *user);
char *oci_container_get_env(const oci_runtime_spec *oci_spec, const char *key); char *oci_container_get_env(const oci_runtime_spec *oci_spec, const char *key);
int get_user(const char *basefs, const host_config *hc, const char *userstr, oci_runtime_spec_process_user *puser); int get_user(const char *basefs, const host_config *hc, const char *userstr, defs_process_user *puser);
#if defined(__cplusplus) || defined(c_plusplus) #if defined(__cplusplus) || defined(c_plusplus)
} }

294
src/services/execution/spec/specs_mount.c
View File

@ -33,7 +33,6 @@
#include "oci_runtime_spec.h" #include "oci_runtime_spec.h"
#include "oci_runtime_hooks.h" #include "oci_runtime_hooks.h"
#include "host_config.h" #include "host_config.h"
#include "container_custom_config.h"
#include "utils.h" #include "utils.h"
#include "config.h" #include "config.h"
#include "path.h" #include "path.h"
@ -130,17 +129,17 @@ out:
return ret; return ret;
} }
int adapt_settings_for_mounts(oci_runtime_spec *oci_spec, container_custom_config *custom_spec) int adapt_settings_for_mounts(oci_runtime_spec *oci_spec, container_config *container_spec)
{ {
size_t i, array_str_len; size_t i, array_str_len;
int ret = 0; int ret = 0;
char **array_str = NULL; char **array_str = NULL;
if (custom_spec == NULL) { if (container_spec == NULL) {
return -1; return -1;
} }
array_str = util_string_split(custom_spec->ns_change_opt, ','); array_str = util_string_split(container_spec->ns_change_opt, ',');
if (array_str == NULL) { if (array_str == NULL) {
ERROR("Out of memory"); ERROR("Out of memory");
ret = -1; ret = -1;
@ -806,8 +805,8 @@ erro_out:
return NULL; return NULL;
} }
static int get_devices_from_path(const host_config_devices_element *dev_map, oci_runtime_defs_linux_device *spec_dev, static int get_devices_from_path(const host_config_devices_element *dev_map, defs_device *spec_dev,
oci_runtime_defs_linux_device_cgroup *spec_dev_cgroup) defs_device_cgroup *spec_dev_cgroup)
{ {
int ret = 0; int ret = 0;
struct stat st; struct stat st;
@ -860,22 +859,22 @@ static int get_devices_from_path(const host_config_devices_element *dev_map, oci
return 0; return 0;
} }
static int merge_custom_device(oci_runtime_defs_linux_device **out_spec_dev, static int merge_custom_device(defs_device **out_spec_dev,
oci_runtime_defs_linux_device_cgroup **out_spec_dev_cgroup, defs_device_cgroup **out_spec_dev_cgroup,
const host_config_devices_element *dev_map) const host_config_devices_element *dev_map)
{ {
int ret = 0; int ret = 0;
oci_runtime_defs_linux_device *spec_dev = NULL; defs_device *spec_dev = NULL;
oci_runtime_defs_linux_device_cgroup *spec_dev_cgroup = NULL; defs_device_cgroup *spec_dev_cgroup = NULL;
spec_dev = util_common_calloc_s(sizeof(oci_runtime_defs_linux_device)); spec_dev = util_common_calloc_s(sizeof(defs_device));
if (spec_dev == NULL) { if (spec_dev == NULL) {
ERROR("Memory out"); ERROR("Memory out");
ret = -1; ret = -1;
goto erro_out; goto erro_out;
} }
spec_dev_cgroup = util_common_calloc_s(sizeof(oci_runtime_defs_linux_device_cgroup)); spec_dev_cgroup = util_common_calloc_s(sizeof(defs_device_cgroup));
if (spec_dev_cgroup == NULL) { if (spec_dev_cgroup == NULL) {
ERROR("Memory out"); ERROR("Memory out");
ret = -1; ret = -1;
@ -894,14 +893,14 @@ static int merge_custom_device(oci_runtime_defs_linux_device **out_spec_dev,
goto out; goto out;
erro_out: erro_out:
free_oci_runtime_defs_linux_device(spec_dev); free_defs_device(spec_dev);
free_oci_runtime_defs_linux_device_cgroup(spec_dev_cgroup); free_defs_device_cgroup(spec_dev_cgroup);
out: out:
return ret; return ret;
} }
static int get_weight_devices_from_path(const host_config_blkio_weight_device_element *weight_dev, static int get_weight_devices_from_path(const host_config_blkio_weight_device_element *weight_dev,
oci_runtime_defs_linux_block_io_device_weight *spec_weight_dev) defs_block_io_device_weight *spec_weight_dev)
{ {
int ret = 0; int ret = 0;
struct stat st; struct stat st;
@ -929,13 +928,13 @@ static int get_weight_devices_from_path(const host_config_blkio_weight_device_el
return 0; return 0;
} }
static int merge_host_config_blk_weight_device(oci_runtime_defs_linux_block_io_device_weight **out_spec_weight_dev, static int merge_host_config_blk_weight_device(defs_block_io_device_weight **out_spec_weight_dev,
const host_config_blkio_weight_device_element *weight_dev) const host_config_blkio_weight_device_element *weight_dev)
{ {
int ret = 0; int ret = 0;
oci_runtime_defs_linux_block_io_device_weight *spec_weight_dev = NULL; defs_block_io_device_weight *spec_weight_dev = NULL;
spec_weight_dev = util_common_calloc_s(sizeof(oci_runtime_defs_linux_block_io_device_weight)); spec_weight_dev = util_common_calloc_s(sizeof(defs_block_io_device_weight));
if (spec_weight_dev == NULL) { if (spec_weight_dev == NULL) {
ERROR("Memory out"); ERROR("Memory out");
ret = -1; ret = -1;
@ -953,14 +952,14 @@ static int merge_host_config_blk_weight_device(oci_runtime_defs_linux_block_io_d
goto out; goto out;
erro_out: erro_out:
free_oci_runtime_defs_linux_block_io_device_weight(spec_weight_dev); free_defs_block_io_device_weight(spec_weight_dev);
out: out:
return ret; return ret;
} }
static int get_read_bps_devices_from_path(const host_config_blkio_device_read_bps_element *read_bps_dev, static int get_read_bps_devices_from_path(const host_config_blkio_device_read_bps_element *read_bps_dev,
oci_runtime_defs_linux_block_io_device_throttle *spec_read_bps_dev) defs_block_io_device_throttle *spec_read_bps_dev)
{ {
int ret = 0; int ret = 0;
struct stat st; struct stat st;
@ -985,13 +984,13 @@ static int get_read_bps_devices_from_path(const host_config_blkio_device_read_bp
} }
static int merge_host_config_blk_read_bps_device( static int merge_host_config_blk_read_bps_device(
oci_runtime_defs_linux_block_io_device_throttle **out_spec_read_bps_dev, defs_block_io_device_throttle **out_spec_read_bps_dev,
const host_config_blkio_device_read_bps_element *blkio_device_read_bps) const host_config_blkio_device_read_bps_element *blkio_device_read_bps)
{ {
int ret = 0; int ret = 0;
oci_runtime_defs_linux_block_io_device_throttle *spec_read_bps_dev = NULL; defs_block_io_device_throttle *spec_read_bps_dev = NULL;
spec_read_bps_dev = util_common_calloc_s(sizeof(oci_runtime_defs_linux_block_io_device_throttle)); spec_read_bps_dev = util_common_calloc_s(sizeof(defs_block_io_device_throttle));
if (spec_read_bps_dev == NULL) { if (spec_read_bps_dev == NULL) {
ERROR("Memory out"); ERROR("Memory out");
ret = -1; ret = -1;
@ -1009,14 +1008,14 @@ static int merge_host_config_blk_read_bps_device(
goto out; goto out;
erro_out: erro_out:
free_oci_runtime_defs_linux_block_io_device_throttle(spec_read_bps_dev); free_defs_block_io_device_throttle(spec_read_bps_dev);
out: out:
return ret; return ret;
} }
static int get_write_bps_devices_from_path(const host_config_blkio_device_write_bps_element *write_bps_dev, static int get_write_bps_devices_from_path(const host_config_blkio_device_write_bps_element *write_bps_dev,
oci_runtime_defs_linux_block_io_device_throttle *spec_write_bps_dev) defs_block_io_device_throttle *spec_write_bps_dev)
{ {
int ret = 0; int ret = 0;
struct stat st; struct stat st;
@ -1041,13 +1040,13 @@ static int get_write_bps_devices_from_path(const host_config_blkio_device_write_
} }
static int merge_host_config_blk_write_bps_device( static int merge_host_config_blk_write_bps_device(
oci_runtime_defs_linux_block_io_device_throttle **out_spec_write_bps_dev, defs_block_io_device_throttle **out_spec_write_bps_dev,
const host_config_blkio_device_write_bps_element *blkio_device_write_bps) const host_config_blkio_device_write_bps_element *blkio_device_write_bps)
{ {
int ret = 0; int ret = 0;
oci_runtime_defs_linux_block_io_device_throttle *spec_write_bps_dev = NULL; defs_block_io_device_throttle *spec_write_bps_dev = NULL;
spec_write_bps_dev = util_common_calloc_s(sizeof(oci_runtime_defs_linux_block_io_device_throttle)); spec_write_bps_dev = util_common_calloc_s(sizeof(defs_block_io_device_throttle));
if (spec_write_bps_dev == NULL) { if (spec_write_bps_dev == NULL) {
ERROR("Memory out"); ERROR("Memory out");
ret = -1; ret = -1;
@ -1065,7 +1064,7 @@ static int merge_host_config_blk_write_bps_device(
goto out; goto out;
erro_out: erro_out:
free_oci_runtime_defs_linux_block_io_device_throttle(spec_write_bps_dev); free_defs_block_io_device_throttle(spec_write_bps_dev);
out: out:
return ret; return ret;
@ -1077,7 +1076,7 @@ static int merge_all_devices(oci_runtime_spec *oci_spec, host_config_devices_ele
int ret = 0; int ret = 0;
size_t new_size = 0, old_size = 0; size_t new_size = 0, old_size = 0;
size_t i = 0; size_t i = 0;
oci_runtime_defs_linux_device **spec_dev = NULL; defs_device **spec_dev = NULL;
ret = make_sure_oci_spec_linux_resources(oci_spec); ret = make_sure_oci_spec_linux_resources(oci_spec);
if (ret < 0) { if (ret < 0) {
@ -1091,8 +1090,8 @@ static int merge_all_devices(oci_runtime_spec *oci_spec, host_config_devices_ele
ret = -1; ret = -1;
goto out; goto out;
} }
new_size = (oci_spec->linux->devices_len + devices_len) * sizeof(oci_runtime_defs_linux_device *); new_size = (oci_spec->linux->devices_len + devices_len) * sizeof(defs_device *);
old_size = oci_spec->linux->devices_len * sizeof(oci_runtime_defs_linux_device *); old_size = oci_spec->linux->devices_len * sizeof(defs_device *);
ret = mem_realloc((void **)&spec_dev, new_size, oci_spec->linux->devices, old_size); ret = mem_realloc((void **)&spec_dev, new_size, oci_spec->linux->devices, old_size);
if (ret != 0) { if (ret != 0) {
ERROR("Out of memory"); ERROR("Out of memory");
@ -1102,16 +1101,16 @@ static int merge_all_devices(oci_runtime_spec *oci_spec, host_config_devices_ele
oci_spec->linux->devices = spec_dev; oci_spec->linux->devices = spec_dev;
/* malloc for cgroup->device */ /* malloc for cgroup->device */
oci_runtime_defs_linux_device_cgroup **spec_cgroup_dev = NULL; defs_device_cgroup **spec_cgroup_dev = NULL;
if (devices_len > SIZE_MAX / sizeof(oci_runtime_defs_linux_device_cgroup *) - if (devices_len > SIZE_MAX / sizeof(defs_device_cgroup *) -
oci_spec->linux->resources->devices_len) { oci_spec->linux->resources->devices_len) {
ERROR("Too many cgroup devices to merge!"); ERROR("Too many cgroup devices to merge!");
ret = -1; ret = -1;
goto out; goto out;
} }
new_size = (oci_spec->linux->resources->devices_len + devices_len) new_size = (oci_spec->linux->resources->devices_len + devices_len)
* sizeof(oci_runtime_defs_linux_device_cgroup *); * sizeof(defs_device_cgroup *);
old_size = oci_spec->linux->resources->devices_len * sizeof(oci_runtime_defs_linux_device_cgroup *); old_size = oci_spec->linux->resources->devices_len * sizeof(defs_device_cgroup *);
ret = mem_realloc((void **)&spec_cgroup_dev, new_size, oci_spec->linux->resources->devices, old_size); ret = mem_realloc((void **)&spec_cgroup_dev, new_size, oci_spec->linux->resources->devices, old_size);
if (ret != 0) { if (ret != 0) {
ERROR("Out of memory"); ERROR("Out of memory");
@ -1243,8 +1242,8 @@ int merge_all_devices_and_all_permission(oci_runtime_spec *oci_spec)
{ {
int ret = 0; int ret = 0;
size_t i = 0; size_t i = 0;
oci_runtime_config_linux_resources *ptr = NULL; defs_resources *ptr = NULL;
oci_runtime_defs_linux_device_cgroup *spec_dev_cgroup = NULL; defs_device_cgroup *spec_dev_cgroup = NULL;
ret = merge_all_devices_in_dir("/dev", NULL, NULL, oci_spec); ret = merge_all_devices_in_dir("/dev", NULL, NULL, oci_spec);
if (ret != 0) { if (ret != 0) {
@ -1261,7 +1260,7 @@ int merge_all_devices_and_all_permission(oci_runtime_spec *oci_spec)
ptr = oci_spec->linux->resources; ptr = oci_spec->linux->resources;
if (ptr->devices != NULL) { if (ptr->devices != NULL) {
for (i = 0; i < ptr->devices_len; i++) { for (i = 0; i < ptr->devices_len; i++) {
free_oci_runtime_defs_linux_device_cgroup(ptr->devices[i]); free_defs_device_cgroup(ptr->devices[i]);
ptr->devices[i] = NULL; ptr->devices[i] = NULL;
} }
free(ptr->devices); free(ptr->devices);
@ -1269,7 +1268,7 @@ int merge_all_devices_and_all_permission(oci_runtime_spec *oci_spec)
ptr->devices_len = 0; ptr->devices_len = 0;
} }
ptr->devices = util_common_calloc_s(sizeof(oci_runtime_defs_linux_device_cgroup *)); ptr->devices = util_common_calloc_s(sizeof(defs_device_cgroup *));
if (ptr->devices == NULL) { if (ptr->devices == NULL) {
ret = -1; ret = -1;
goto out; goto out;
@ -1277,7 +1276,7 @@ int merge_all_devices_and_all_permission(oci_runtime_spec *oci_spec)
ptr->devices_len = 1; ptr->devices_len = 1;
spec_dev_cgroup = util_common_calloc_s(sizeof(oci_runtime_defs_linux_device_cgroup)); spec_dev_cgroup = util_common_calloc_s(sizeof(defs_device_cgroup));
if (spec_dev_cgroup == NULL) { if (spec_dev_cgroup == NULL) {
ret = -1; ret = -1;
goto out; goto out;
@ -1498,14 +1497,14 @@ static int merge_custom_one_device(oci_runtime_spec *oci_spec, const host_config
} }
/* malloc for linux->device */ /* malloc for linux->device */
oci_runtime_defs_linux_device **spec_dev = NULL; defs_device **spec_dev = NULL;
if (oci_spec->linux->devices_len > SIZE_MAX / sizeof(oci_runtime_defs_linux_device *) - 1) { if (oci_spec->linux->devices_len > SIZE_MAX / sizeof(defs_device *) - 1) {
ERROR("Too many linux devices to merge!"); ERROR("Too many linux devices to merge!");
ret = -1; ret = -1;
goto out; goto out;
} }
new_size = (oci_spec->linux->devices_len + 1) * sizeof(oci_runtime_defs_linux_device *); new_size = (oci_spec->linux->devices_len + 1) * sizeof(defs_device *);
old_size = new_size - sizeof(oci_runtime_defs_linux_device *); old_size = new_size - sizeof(defs_device *);
ret = mem_realloc((void **)&spec_dev, new_size, oci_spec->linux->devices, old_size); ret = mem_realloc((void **)&spec_dev, new_size, oci_spec->linux->devices, old_size);
if (ret != 0) { if (ret != 0) {
ERROR("Failed to realloc memory for devices"); ERROR("Failed to realloc memory for devices");
@ -1516,14 +1515,14 @@ static int merge_custom_one_device(oci_runtime_spec *oci_spec, const host_config
oci_spec->linux->devices = spec_dev; oci_spec->linux->devices = spec_dev;
/* malloc for cgroup->device */ /* malloc for cgroup->device */
oci_runtime_defs_linux_device_cgroup **spec_cgroup_dev = NULL; defs_device_cgroup **spec_cgroup_dev = NULL;
if (oci_spec->linux->resources->devices_len > SIZE_MAX / sizeof(oci_runtime_defs_linux_device_cgroup *) - 1) { if (oci_spec->linux->resources->devices_len > SIZE_MAX / sizeof(defs_device_cgroup *) - 1) {
ERROR("Too many cgroup devices to merge!"); ERROR("Too many cgroup devices to merge!");
ret = -1; ret = -1;
goto out; goto out;
} }
new_size = (oci_spec->linux->resources->devices_len + 1) * sizeof(oci_runtime_defs_linux_device_cgroup *); new_size = (oci_spec->linux->resources->devices_len + 1) * sizeof(defs_device_cgroup *);
old_size = new_size - sizeof(oci_runtime_defs_linux_device_cgroup *); old_size = new_size - sizeof(defs_device_cgroup *);
ret = mem_realloc((void **)&spec_cgroup_dev, new_size, oci_spec->linux->resources->devices, old_size); ret = mem_realloc((void **)&spec_cgroup_dev, new_size, oci_spec->linux->resources->devices, old_size);
if (ret != 0) { if (ret != 0) {
ERROR("Failed to realloc memory for cgroup devices"); ERROR("Failed to realloc memory for cgroup devices");
@ -1597,7 +1596,7 @@ static int merge_blkio_weight_device(oci_runtime_spec *oci_spec,
size_t new_size = 0; size_t new_size = 0;
size_t old_size = 0; size_t old_size = 0;
size_t i = 0; size_t i = 0;
oci_runtime_defs_linux_block_io_device_weight **weight_device = NULL; defs_block_io_device_weight **weight_device = NULL;
ret = make_sure_oci_spec_linux_resources_blkio(oci_spec); ret = make_sure_oci_spec_linux_resources_blkio(oci_spec);
if (ret < 0) { if (ret < 0) {
@ -1612,9 +1611,9 @@ static int merge_blkio_weight_device(oci_runtime_spec *oci_spec,
} }
new_size = (oci_spec->linux->resources->block_io->weight_device_len + blkio_weight_device_len) new_size = (oci_spec->linux->resources->block_io->weight_device_len + blkio_weight_device_len)
* sizeof(oci_runtime_defs_linux_block_io_device_weight *); * sizeof(defs_block_io_device_weight *);
old_size = oci_spec->linux->resources->block_io->weight_device_len * old_size = oci_spec->linux->resources->block_io->weight_device_len *
sizeof(oci_runtime_defs_linux_block_io_device_weight *); sizeof(defs_block_io_device_weight *);
ret = mem_realloc((void **)&weight_device, new_size, oci_spec->linux->resources->block_io->weight_device, ret = mem_realloc((void **)&weight_device, new_size, oci_spec->linux->resources->block_io->weight_device,
old_size); old_size);
if (ret != 0) { if (ret != 0) {
@ -1649,7 +1648,7 @@ static int merge_blkio_read_bps_device(oci_runtime_spec *oci_spec,
size_t new_size = 0; size_t new_size = 0;
size_t old_size = 0; size_t old_size = 0;
size_t i = 0; size_t i = 0;
oci_runtime_defs_linux_block_io_device_throttle **throttle_read_bps_device = NULL; defs_block_io_device_throttle **throttle_read_bps_device = NULL;
ret = make_sure_oci_spec_linux_resources_blkio(oci_spec); ret = make_sure_oci_spec_linux_resources_blkio(oci_spec);
if (ret < 0) { if (ret < 0) {
@ -1666,9 +1665,9 @@ static int merge_blkio_read_bps_device(oci_runtime_spec *oci_spec,
} }
new_size = (oci_spec->linux->resources->block_io->throttle_read_bps_device_len + throttle_read_bps_device_len) new_size = (oci_spec->linux->resources->block_io->throttle_read_bps_device_len + throttle_read_bps_device_len)
* sizeof(oci_runtime_defs_linux_block_io_device_throttle *); * sizeof(defs_block_io_device_throttle *);
old_size = oci_spec->linux->resources->block_io->throttle_read_bps_device_len * old_size = oci_spec->linux->resources->block_io->throttle_read_bps_device_len *
sizeof(oci_runtime_defs_linux_block_io_device_throttle *); sizeof(defs_block_io_device_throttle *);
ret = mem_realloc((void **)&throttle_read_bps_device, new_size, ret = mem_realloc((void **)&throttle_read_bps_device, new_size,
oci_spec->linux->resources->block_io->throttle_read_bps_device, old_size); oci_spec->linux->resources->block_io->throttle_read_bps_device, old_size);
if (ret != 0) { if (ret != 0) {
@ -1702,7 +1701,7 @@ static int merge_blkio_write_bps_device(oci_runtime_spec *oci_spec,
size_t new_size = 0; size_t new_size = 0;
size_t old_size = 0; size_t old_size = 0;
size_t i = 0; size_t i = 0;
oci_runtime_defs_linux_block_io_device_throttle **throttle_write_bps_device = NULL; defs_block_io_device_throttle **throttle_write_bps_device = NULL;
ret = make_sure_oci_spec_linux_resources_blkio(oci_spec); ret = make_sure_oci_spec_linux_resources_blkio(oci_spec);
if (ret < 0) { if (ret < 0) {
@ -1719,9 +1718,9 @@ static int merge_blkio_write_bps_device(oci_runtime_spec *oci_spec,
} }
new_size = (oci_spec->linux->resources->block_io->throttle_write_bps_device_len + throttle_write_bps_device_len) new_size = (oci_spec->linux->resources->block_io->throttle_write_bps_device_len + throttle_write_bps_device_len)
* sizeof(oci_runtime_defs_linux_block_io_device_throttle *); * sizeof(defs_block_io_device_throttle *);
old_size = oci_spec->linux->resources->block_io->throttle_write_bps_device_len * old_size = oci_spec->linux->resources->block_io->throttle_write_bps_device_len *
sizeof(oci_runtime_defs_linux_block_io_device_throttle *); sizeof(defs_block_io_device_throttle *);
ret = mem_realloc((void **)&throttle_write_bps_device, new_size, ret = mem_realloc((void **)&throttle_write_bps_device, new_size,
oci_spec->linux->resources->block_io->throttle_write_bps_device, old_size); oci_spec->linux->resources->block_io->throttle_write_bps_device, old_size);
if (ret != 0) { if (ret != 0) {
@ -1957,35 +1956,68 @@ static int change_dev_shm_size(oci_runtime_spec *oci_spec, int64_t shm_size)
return -1; return -1;
} }
static int merge_volumes_to_mount(oci_runtime_spec *oci_spec, host_config *host_spec, static inline bool is_mount_destination_hosts(const char *destination)
container_config_v2_common_config *common_config) {
return strcmp(destination, "/etc/hosts") == 0;
}
static inline bool is_mount_destination_resolv(const char *destination)
{
return strcmp(destination, "/etc/resolv.conf") == 0;
}
static inline bool is_mount_destination_hostname(const char *destination)
{
return strcmp(destination, "/etc/hostname") == 0;
}
/* find whether mount entry with destination "/etc/hostname" "/etc/hosts" "/etc/resolv.conf" exits in mount
* if not exists: append mounts to ocispec by v2_spec
* if exists: replace the source in v2_spec
*/
static int append_network_files_mounts(oci_runtime_spec *oci_spec, container_config_v2_common_config *v2_spec)
{ {
int ret = 0; int ret = 0;
size_t i = 0;
bool has_hosts_mount = false;
bool has_resolv_mount = false;
bool has_hostname_mount = false;
if (host_spec->binds != NULL && host_spec->binds_len) { for (i = 0; i < oci_spec->mounts_len; i++) {
ret = merge_volumes(oci_spec, host_spec->binds, if (is_mount_destination_hosts(oci_spec->mounts[i]->destination)) {
host_spec->binds_len, common_config, has_hosts_mount = true;
parse_volume); free(v2_spec->hosts_path);
if (ret) { v2_spec->hosts_path = util_strdup_s(oci_spec->mounts[i]->source);
ERROR("Failed to merge volumes"); }
goto out; if (is_mount_destination_resolv(oci_spec->mounts[i]->destination)) {
has_resolv_mount = true;
free(v2_spec->resolv_conf_path);
v2_spec->resolv_conf_path = util_strdup_s(oci_spec->mounts[i]->source);
}
if (is_mount_destination_hostname(oci_spec->mounts[i]->destination)) {
has_hostname_mount = true;
free(v2_spec->hostname_path);
v2_spec->hostname_path = util_strdup_s(oci_spec->mounts[i]->source);
} }
} }
out: /* add network config files */
return ret; if (!has_hosts_mount && !mount_file(oci_spec, v2_spec->hosts_path, ETC_HOSTS)) {
} ERROR("Merge hosts mount failed");
ret = -1;
static int merge_host_channel_to_mount(oci_runtime_spec *oci_spec, host_config *host_spec) goto out;
{ }
int ret = 0; if (!has_resolv_mount &&
!mount_file(oci_spec, v2_spec->resolv_conf_path, RESOLV_CONF_PATH)) {
if (host_spec->host_channel == NULL) { ERROR("Merge resolv.conf mount failed");
return 0; ret = -1;
goto out;
} }
if (!add_host_channel_mount(oci_spec, host_spec->host_channel)) { if (!has_hostname_mount &&
ERROR("Failed to merge host channel mount"); !mount_file(oci_spec, v2_spec->hostname_path, ETC_HOSTNAME)) {
ERROR("Merge hostname mount failed");
ret = -1; ret = -1;
goto out; goto out;
} }
@ -1994,14 +2026,35 @@ out:
return ret; return ret;
} }
static int merge_mounts_to_mount_filesystem(oci_runtime_spec *oci_spec, container_custom_config *custom_spec, int merge_conf_mounts(oci_runtime_spec *oci_spec, host_config *host_spec,
host_config *host_spec, container_config_v2_common_config *common_config) container_config_v2_common_config *v2_spec)
{ {
int ret = 0; int ret = 0;
container_config *container_spec = v2_spec->config;
if (custom_spec->mounts && custom_spec->mounts_len) { /* volumes to mount */
ret = merge_volumes(oci_spec, custom_spec->mounts, if (host_spec->binds != NULL && host_spec->binds_len) {
custom_spec->mounts_len, common_config, ret = merge_volumes(oci_spec, host_spec->binds,
host_spec->binds_len, v2_spec,
parse_volume);
if (ret) {
ERROR("Failed to merge volumes");
goto out;
}
}
/* host channel to mount */
if (host_spec->host_channel != NULL) {
if (!add_host_channel_mount(oci_spec, host_spec->host_channel)) {
ERROR("Failed to merge host channel mount");
goto out;
}
}
/* mounts to mount filesystem */
if (container_spec->mounts && container_spec->mounts_len) {
ret = merge_volumes(oci_spec, container_spec->mounts,
container_spec->mounts_len, v2_spec,
parse_mount); parse_mount);
if (ret) { if (ret) {
ERROR("Failed to merge mounts"); ERROR("Failed to merge mounts");
@ -2009,14 +2062,6 @@ static int merge_mounts_to_mount_filesystem(oci_runtime_spec *oci_spec, containe
} }
} }
out:
return ret;
}
static int merge_shm_size(oci_runtime_spec *oci_spec, host_config *host_spec)
{
int ret = 0;
if (host_spec->shm_size >= 0) { if (host_spec->shm_size >= 0) {
if (host_spec->shm_size == 0) { if (host_spec->shm_size == 0) {
host_spec->shm_size = DEFAULT_SHM_SIZE; host_spec->shm_size = DEFAULT_SHM_SIZE;
@ -2029,26 +2074,10 @@ static int merge_shm_size(oci_runtime_spec *oci_spec, host_config *host_spec)
} }
} }
out: if (!host_spec->system_container) {
return ret; ret = append_network_files_mounts(oci_spec, v2_spec);
} if (ret) {
ERROR("Failed to append network mounts");
static int merge_network_config_files(oci_runtime_spec *oci_spec, host_config *host_spec,
container_config_v2_common_config *common_config)
{
int ret = 0;
if (is_container(host_spec->network_mode)) {
/* add network config files */
if (common_config->hosts_path != NULL && !mount_file(oci_spec, common_config->hosts_path, ETC_HOSTS)) {
ERROR("Merge hosts mount failed");
ret = -1;
goto out;
}
if (common_config->resolv_conf_path != NULL &&
!mount_file(oci_spec, common_config->resolv_conf_path, RESOLV_CONF_PATH)) {
ERROR("Merge resolv.conf mount failed");
ret = -1;
goto out; goto out;
} }
} }
@ -2057,44 +2086,7 @@ out:
return ret; return ret;
} }
int merge_conf_mounts(oci_runtime_spec *oci_spec, container_custom_config *custom_spec, host_config *host_spec, int add_rootfs_mount(const container_config *container_spec)
container_config_v2_common_config *common_config)
{
int ret = 0;
/* volumes to mount */
ret = merge_volumes_to_mount(oci_spec, host_spec, common_config);
if (ret != 0) {
goto out;
}
/* host channel to mount */
if (merge_host_channel_to_mount(oci_spec, host_spec) != 0) {
ret = -1;
goto out;
}
/* mounts to mount filesystem */
if (merge_mounts_to_mount_filesystem(oci_spec, custom_spec, host_spec, common_config) != 0) {
ret = -1;
goto out;
}
if (merge_shm_size(oci_spec, host_spec) != 0) {
ret = -1;
goto out;
}
if (merge_network_config_files(oci_spec, host_spec, common_config) != 0) {
ret = -1;
goto out;
}
out:
return ret;
}
int add_rootfs_mount(const oci_runtime_spec *container)
{ {
int ret = 0; int ret = 0;
char *mntparent = NULL; char *mntparent = NULL;
@ -2105,7 +2097,7 @@ int add_rootfs_mount(const oci_runtime_spec *container)
ret = -1; ret = -1;
goto out; goto out;
} }
if (append_json_map_string_string(container->annotations, "rootfs.mount", mntparent)) { if (append_json_map_string_string(container_spec->annotations, "rootfs.mount", mntparent)) {
ERROR("Realloc annotatinons failed"); ERROR("Realloc annotatinons failed");
ret = -1; ret = -1;
goto out; goto out;

7
src/services/execution/spec/specs_mount.h
View File

@ -18,12 +18,11 @@
#include <stdint.h> #include <stdint.h>
#include "libisulad.h" #include "libisulad.h"
#include "host_config.h" #include "host_config.h"
#include "container_custom_config.h"
#include "container_config_v2.h" #include "container_config_v2.h"
#include "oci_runtime_hooks.h" #include "oci_runtime_hooks.h"
#include "oci_runtime_spec.h" #include "oci_runtime_spec.h"
int adapt_settings_for_mounts(oci_runtime_spec *oci_spec, container_custom_config *custom_spec); int adapt_settings_for_mounts(oci_runtime_spec *oci_spec, container_config *container_spec);
typedef defs_mount *(*parse_mount_cb)(const char *mount); typedef defs_mount *(*parse_mount_cb)(const char *mount);
@ -35,10 +34,10 @@ defs_mount *parse_mount(const char *mount);
defs_mount *parse_volume(const char *volume); defs_mount *parse_volume(const char *volume);
int merge_conf_mounts(oci_runtime_spec *oci_spec, container_custom_config *custom_spec, host_config *host_spec, int merge_conf_mounts(oci_runtime_spec *oci_spec, host_config *host_spec,
container_config_v2_common_config *common_config); container_config_v2_common_config *common_config);
int add_rootfs_mount(const oci_runtime_spec *container); int add_rootfs_mount(const container_config *container_spec);
int set_mounts_readwrite_option(const oci_runtime_spec *oci_spec); int set_mounts_readwrite_option(const oci_runtime_spec *oci_spec);

71
src/services/execution/spec/specs_security.c
View File

@ -37,7 +37,6 @@
#include "oci_runtime_spec.h" #include "oci_runtime_spec.h"
#include "docker_seccomp.h" #include "docker_seccomp.h"
#include "host_config.h" #include "host_config.h"
#include "container_custom_config.h"
#include "utils.h" #include "utils.h"
#include "config.h" #include "config.h"
#include "isulad_config.h" #include "isulad_config.h"
@ -285,14 +284,14 @@ free_out:
return ret; return ret;
} }
int refill_oci_process_capabilities(oci_runtime_spec_process_capabilities **caps, const char **src_caps, int refill_oci_process_capabilities(defs_process_capabilities **caps, const char **src_caps,
size_t src_caps_len) size_t src_caps_len)
{ {
int ret = 0; int ret = 0;
size_t i = 0; size_t i = 0;
if (*caps == NULL) { if (*caps == NULL) {
*caps = util_common_calloc_s(sizeof(oci_runtime_spec_process_capabilities)); *caps = util_common_calloc_s(sizeof(defs_process_capabilities));
if (*caps == NULL) { if (*caps == NULL) {
ret = -1; ret = -1;
goto out; goto out;
@ -383,7 +382,7 @@ static bool is_arch_in_seccomp(const docker_seccomp *seccomp, const char *arch)
return false; return false;
} }
static bool is_cap_in_seccomp(const oci_runtime_spec_process_capabilities *capabilites, const char *cap) static bool is_cap_in_seccomp(const defs_process_capabilities *capabilites, const char *cap)
{ {
size_t i = 0; size_t i = 0;
@ -400,7 +399,7 @@ static bool is_cap_in_seccomp(const oci_runtime_spec_process_capabilities *capab
} }
static void meet_include(const docker_seccomp *seccomp, const docker_seccomp_syscalls_element *syscall, static void meet_include(const docker_seccomp *seccomp, const docker_seccomp_syscalls_element *syscall,
const oci_runtime_spec_process_capabilities *capabilites, bool *meet_include_arch, const defs_process_capabilities *capabilites, bool *meet_include_arch,
bool *meet_include_cap) bool *meet_include_cap)
{ {
size_t i; size_t i;
@ -433,7 +432,7 @@ static void meet_include(const docker_seccomp *seccomp, const docker_seccomp_sys
} }
static void meet_exclude(const docker_seccomp *seccomp, const docker_seccomp_syscalls_element *syscall, static void meet_exclude(const docker_seccomp *seccomp, const docker_seccomp_syscalls_element *syscall,
const oci_runtime_spec_process_capabilities *capabilites, bool *meet_exclude_arch, const defs_process_capabilities *capabilites, bool *meet_exclude_arch,
bool *meet_exclude_cap) bool *meet_exclude_cap)
{ {
size_t i; size_t i;
@ -467,7 +466,7 @@ static void meet_exclude(const docker_seccomp *seccomp, const docker_seccomp_sys
} }
static bool meet_filtering_rules(const docker_seccomp *seccomp, const docker_seccomp_syscalls_element *syscall, static bool meet_filtering_rules(const docker_seccomp *seccomp, const docker_seccomp_syscalls_element *syscall,
const oci_runtime_spec_process_capabilities *capabilites) const defs_process_capabilities *capabilites)
{ {
bool meet_include_arch = false; bool meet_include_arch = false;
bool meet_include_cap = false; bool meet_include_cap = false;
@ -520,7 +519,7 @@ static int dup_architectures_to_oci_spec(const docker_seccomp *docker_seccomp_sp
} }
static int dup_syscall_args_to_oci_spec(const docker_seccomp_syscalls_element *docker_syscall, static int dup_syscall_args_to_oci_spec(const docker_seccomp_syscalls_element *docker_syscall,
oci_runtime_defs_linux_syscall *oci_syscall) defs_syscall *oci_syscall)
{ {
size_t i = 0; size_t i = 0;
@ -528,20 +527,20 @@ static int dup_syscall_args_to_oci_spec(const docker_seccomp_syscalls_element *d
return 0; return 0;
} }
if (docker_syscall->args_len > (SIZE_MAX / sizeof(oci_runtime_defs_linux_syscall_arg *))) { if (docker_syscall->args_len > (SIZE_MAX / sizeof(defs_syscall_arg *))) {
return -1; return -1;
} }
oci_syscall->args = util_common_calloc_s(docker_syscall->args_len * sizeof(oci_runtime_defs_linux_syscall_arg *)); oci_syscall->args = util_common_calloc_s(docker_syscall->args_len * sizeof(defs_syscall_arg *));
if (oci_syscall->args == NULL) { if (oci_syscall->args == NULL) {
return -1; return -1;
} }
for (i = 0; i < docker_syscall->args_len; i++) { for (i = 0; i < docker_syscall->args_len; i++) {
oci_syscall->args[i] = util_common_calloc_s(sizeof(oci_runtime_defs_linux_syscall_arg)); oci_syscall->args[i] = util_common_calloc_s(sizeof(defs_syscall_arg));
if (oci_syscall->args[i] == NULL) { if (oci_syscall->args[i] == NULL) {
return -1; return -1;
} }
oci_runtime_defs_linux_syscall_arg *args_element = oci_syscall->args[i]; defs_syscall_arg *args_element = oci_syscall->args[i];
args_element->index = docker_syscall->args[i]->index; args_element->index = docker_syscall->args[i]->index;
args_element->value = docker_syscall->args[i]->value; args_element->value = docker_syscall->args[i]->value;
args_element->value_two = docker_syscall->args[i]->value_two; args_element->value_two = docker_syscall->args[i]->value_two;
@ -554,23 +553,23 @@ static int dup_syscall_args_to_oci_spec(const docker_seccomp_syscalls_element *d
static int dup_syscall_to_oci_spec(const docker_seccomp *docker_seccomp_spec, static int dup_syscall_to_oci_spec(const docker_seccomp *docker_seccomp_spec,
oci_runtime_config_linux_seccomp *oci_seccomp_spec, oci_runtime_config_linux_seccomp *oci_seccomp_spec,
const oci_runtime_spec_process_capabilities *capabilites) const defs_process_capabilities *capabilites)
{ {
int ret = 0; int ret = 0;
size_t i, j, k; size_t i, j, k;
size_t new_size, old_size; size_t new_size, old_size;
oci_runtime_defs_linux_syscall **tmp_syscalls = NULL; defs_syscall **tmp_syscalls = NULL;
if (docker_seccomp_spec->syscalls_len == 0) { if (docker_seccomp_spec->syscalls_len == 0) {
return 0; return 0;
} }
if (docker_seccomp_spec->syscalls_len > (SIZE_MAX / sizeof(oci_runtime_defs_linux_syscall *))) { if (docker_seccomp_spec->syscalls_len > (SIZE_MAX / sizeof(defs_syscall *))) {
return -1; return -1;
} }
oci_seccomp_spec->syscalls = oci_seccomp_spec->syscalls =
util_common_calloc_s(docker_seccomp_spec->syscalls_len * sizeof(oci_runtime_defs_linux_syscall *)); util_common_calloc_s(docker_seccomp_spec->syscalls_len * sizeof(defs_syscall *));
if (oci_seccomp_spec->syscalls == NULL) { if (oci_seccomp_spec->syscalls == NULL) {
return -1; return -1;
} }
@ -579,7 +578,7 @@ static int dup_syscall_to_oci_spec(const docker_seccomp *docker_seccomp_spec,
continue; continue;
} }
k = oci_seccomp_spec->syscalls_len; k = oci_seccomp_spec->syscalls_len;
oci_seccomp_spec->syscalls[k] = util_common_calloc_s(sizeof(oci_runtime_defs_linux_syscall)); oci_seccomp_spec->syscalls[k] = util_common_calloc_s(sizeof(defs_syscall));
if (oci_seccomp_spec->syscalls[k] == NULL) { if (oci_seccomp_spec->syscalls[k] == NULL) {
return -1; return -1;
} }
@ -604,8 +603,8 @@ static int dup_syscall_to_oci_spec(const docker_seccomp *docker_seccomp_spec,
} }
} }
new_size = sizeof(oci_runtime_defs_linux_syscall *) * oci_seccomp_spec->syscalls_len; new_size = sizeof(defs_syscall *) * oci_seccomp_spec->syscalls_len;
old_size = sizeof(oci_runtime_defs_linux_syscall *) * docker_seccomp_spec->syscalls_len; old_size = sizeof(defs_syscall *) * docker_seccomp_spec->syscalls_len;
ret = mem_realloc((void **)&tmp_syscalls, new_size, oci_seccomp_spec->syscalls, old_size); ret = mem_realloc((void **)&tmp_syscalls, new_size, oci_seccomp_spec->syscalls, old_size);
if (ret < 0) { if (ret < 0) {
ERROR("Out of memory"); ERROR("Out of memory");
@ -617,7 +616,7 @@ static int dup_syscall_to_oci_spec(const docker_seccomp *docker_seccomp_spec,
} }
static oci_runtime_config_linux_seccomp *trans_docker_seccomp_to_oci_format( static oci_runtime_config_linux_seccomp *trans_docker_seccomp_to_oci_format(
const docker_seccomp *docker_seccomp_spec, const oci_runtime_spec_process_capabilities *capabilites) const docker_seccomp *docker_seccomp_spec, const defs_process_capabilities *capabilites)
{ {
oci_runtime_config_linux_seccomp *oci_seccomp_spec = NULL; oci_runtime_config_linux_seccomp *oci_seccomp_spec = NULL;
@ -650,7 +649,7 @@ done:
return oci_seccomp_spec; return oci_seccomp_spec;
} }
int merge_default_seccomp_spec(oci_runtime_spec *oci_spec, const oci_runtime_spec_process_capabilities *capabilites) int merge_default_seccomp_spec(oci_runtime_spec *oci_spec, const defs_process_capabilities *capabilites)
{ {
oci_runtime_config_linux_seccomp *oci_seccomp_spec = NULL; oci_runtime_config_linux_seccomp *oci_seccomp_spec = NULL;
docker_seccomp *docker_seccomp_spec = NULL; docker_seccomp *docker_seccomp_spec = NULL;
@ -679,21 +678,21 @@ int merge_default_seccomp_spec(oci_runtime_spec *oci_spec, const oci_runtime_spe
} }
static int append_systemcall_to_seccomp(oci_runtime_config_linux_seccomp *seccomp, static int append_systemcall_to_seccomp(oci_runtime_config_linux_seccomp *seccomp,
oci_runtime_defs_linux_syscall *element) defs_syscall *element)
{ {
int nret = 0; int nret = 0;
size_t old_size, new_size; size_t old_size, new_size;
oci_runtime_defs_linux_syscall **tmp_syscalls = NULL; defs_syscall **tmp_syscalls = NULL;
if (seccomp == NULL || element == NULL) { if (seccomp == NULL || element == NULL) {
return -1; return -1;
} }
if (seccomp->syscalls_len > SIZE_MAX / sizeof(oci_runtime_defs_linux_syscall *) - 1) { if (seccomp->syscalls_len > SIZE_MAX / sizeof(defs_syscall *) - 1) {
CRIT("Too many syscalls to append!"); CRIT("Too many syscalls to append!");
return -1; return -1;
} }
new_size = (seccomp->syscalls_len + 1) * sizeof(oci_runtime_defs_linux_syscall *); new_size = (seccomp->syscalls_len + 1) * sizeof(defs_syscall *);
old_size = new_size - sizeof(oci_runtime_defs_linux_syscall *); old_size = new_size - sizeof(defs_syscall *);
nret = mem_realloc((void **)&tmp_syscalls, new_size, seccomp->syscalls, old_size); nret = mem_realloc((void **)&tmp_syscalls, new_size, seccomp->syscalls, old_size);
if (nret < 0) { if (nret < 0) {
CRIT("Memory allocation error."); CRIT("Memory allocation error.");
@ -705,13 +704,13 @@ static int append_systemcall_to_seccomp(oci_runtime_config_linux_seccomp *seccom
return 0; return 0;
} }
static oci_runtime_defs_linux_syscall *make_seccomp_syscalls_element(const char **names, size_t names_len, static defs_syscall *make_seccomp_syscalls_element(const char **names, size_t names_len,
const char *action, size_t args_len, const char *action, size_t args_len,
oci_runtime_defs_linux_syscall_arg **args) defs_syscall_arg **args)
{ {
size_t i = 0; size_t i = 0;
oci_runtime_defs_linux_syscall *ret = NULL; defs_syscall *ret = NULL;
ret = util_common_calloc_s(sizeof(oci_runtime_defs_linux_syscall)); ret = util_common_calloc_s(sizeof(defs_syscall));
if (ret == NULL) { if (ret == NULL) {
CRIT("Memory allocation error."); CRIT("Memory allocation error.");
goto out; goto out;
@ -719,17 +718,17 @@ static oci_runtime_defs_linux_syscall *make_seccomp_syscalls_element(const char
ret->action = util_strdup_s(action ? action : ""); ret->action = util_strdup_s(action ? action : "");
ret->args_len = args_len; ret->args_len = args_len;
if (args_len) { if (args_len) {
if (args_len > SIZE_MAX / sizeof(oci_runtime_defs_linux_syscall_arg *)) { if (args_len > SIZE_MAX / sizeof(defs_syscall_arg *)) {
CRIT("Too many seccomp syscalls!"); CRIT("Too many seccomp syscalls!");
goto out; goto out;
} }
ret->args = util_common_calloc_s(args_len * sizeof(oci_runtime_defs_linux_syscall_arg *)); ret->args = util_common_calloc_s(args_len * sizeof(defs_syscall_arg *));
if (ret->args == NULL) { if (ret->args == NULL) {
CRIT("Memory allocation error."); CRIT("Memory allocation error.");
goto out; goto out;
} }
for (i = 0; i < args_len; i++) { for (i = 0; i < args_len; i++) {
ret->args[i] = util_common_calloc_s(sizeof(oci_runtime_defs_linux_syscall_arg)); ret->args[i] = util_common_calloc_s(sizeof(defs_syscall_arg));
if (ret->args[i] == NULL) { if (ret->args[i] == NULL) {
CRIT("Memory allocation error."); CRIT("Memory allocation error.");
goto out; goto out;
@ -758,7 +757,7 @@ static oci_runtime_defs_linux_syscall *make_seccomp_syscalls_element(const char
return ret; return ret;
out: out:
free_oci_runtime_defs_linux_syscall(ret); free_defs_syscall(ret);
ret = NULL; ret = NULL;
return ret; return ret;
} }
@ -771,7 +770,7 @@ static int make_sure_oci_spec_process_capabilities(oci_runtime_spec *oci_spec)
} }
if (oci_spec->process->capabilities == NULL) { if (oci_spec->process->capabilities == NULL) {
oci_spec->process->capabilities = util_common_calloc_s(sizeof(oci_runtime_spec_process_capabilities)); oci_spec->process->capabilities = util_common_calloc_s(sizeof(defs_process_capabilities));
if (oci_spec->process->capabilities == NULL) { if (oci_spec->process->capabilities == NULL) {
return -1; return -1;
} }

5
src/services/execution/spec/specs_security.h
View File

@ -18,14 +18,13 @@
#include <stdint.h> #include <stdint.h>
#include "libisulad.h" #include "libisulad.h"
#include "host_config.h" #include "host_config.h"
#include "container_custom_config.h"
#include "container_config_v2.h" #include "container_config_v2.h"
#include "oci_runtime_spec.h" #include "oci_runtime_spec.h"
int merge_default_seccomp_spec(oci_runtime_spec *oci_spec, int merge_default_seccomp_spec(oci_runtime_spec *oci_spec,
const oci_runtime_spec_process_capabilities *capabilites); const defs_process_capabilities *capabilites);
int merge_caps(oci_runtime_spec *oci_spec, const char **adds, size_t adds_len, const char **drops, int merge_caps(oci_runtime_spec *oci_spec, const char **adds, size_t adds_len, const char **drops,
size_t drops_len); size_t drops_len);
int refill_oci_process_capabilities(oci_runtime_spec_process_capabilities **caps, int refill_oci_process_capabilities(defs_process_capabilities **caps,
const char **src_caps, size_t src_caps_len); const char **src_caps, size_t src_caps_len);
int merge_sysctls(oci_runtime_spec *oci_spec, const json_map_string_string *sysctls); int merge_sysctls(oci_runtime_spec *oci_spec, const json_map_string_string *sysctls);
int merge_no_new_privileges(oci_runtime_spec *oci_spec, const host_config *host_spec); int merge_no_new_privileges(oci_runtime_spec *oci_spec, const host_config *host_spec);

63
src/services/execution/spec/verify.c
View File

@ -314,7 +314,7 @@ static int verify_oom_control(const sysinfo_t *sysinfo, bool oomdisable)
} }
/* verify resources memory */ /* verify resources memory */
static int verify_resources_memory(const sysinfo_t *sysinfo, const oci_runtime_config_linux_resources_memory *memory) static int verify_resources_memory(const sysinfo_t *sysinfo, const defs_resources_memory *memory)
{ {
int ret = 0; int ret = 0;
@ -348,7 +348,7 @@ out:
} }
/* verify resources pids */ /* verify resources pids */
static int verify_resources_pids(const sysinfo_t *sysinfo, const oci_runtime_config_linux_resources_pids *pids) static int verify_resources_pids(const sysinfo_t *sysinfo, const defs_resources_pids *pids)
{ {
int ret = 0; int ret = 0;
@ -703,7 +703,7 @@ out:
} }
/* verify resources cpu */ /* verify resources cpu */
static int verify_resources_cpu(const sysinfo_t *sysinfo, const oci_runtime_config_linux_resources_cpu *cpu) static int verify_resources_cpu(const sysinfo_t *sysinfo, const defs_resources_cpu *cpu)
{ {
int ret = 0; int ret = 0;
@ -919,7 +919,7 @@ out:
} }
/* verify resources blkio */ /* verify resources blkio */
static int verify_resources_blkio(const sysinfo_t *sysinfo, const oci_runtime_config_linux_resources_block_io *blkio) static int verify_resources_blkio(const sysinfo_t *sysinfo, const defs_resources_block_io *blkio)
{ {
int ret = 0; int ret = 0;
@ -949,8 +949,8 @@ out:
} }
static bool check_hugetlbs_repeated(size_t newlen, const char *pagesize, static bool check_hugetlbs_repeated(size_t newlen, const char *pagesize,
const oci_runtime_config_linux_resources_hugepage_limits_element *hugetlb, const defs_resources_hugepage_limits_element *hugetlb,
oci_runtime_config_linux_resources_hugepage_limits_element **newtlb) defs_resources_hugepage_limits_element **newtlb)
{ {
bool repeated = false; bool repeated = false;
size_t j; size_t j;
@ -969,7 +969,7 @@ out:
return repeated; return repeated;
} }
static void free_hugetlbs_array(oci_runtime_config_linux_resources_hugepage_limits_element **hugetlb, static void free_hugetlbs_array(defs_resources_hugepage_limits_element **hugetlb,
size_t hugetlb_len) size_t hugetlb_len)
{ {
size_t i; size_t i;
@ -980,7 +980,7 @@ static void free_hugetlbs_array(oci_runtime_config_linux_resources_hugepage_limi
for (i = 0; i < hugetlb_len; i++) { for (i = 0; i < hugetlb_len; i++) {
if (hugetlb[i] != NULL) { if (hugetlb[i] != NULL) {
free_oci_runtime_config_linux_resources_hugepage_limits_element(hugetlb[i]); free_defs_resources_hugepage_limits_element(hugetlb[i]);
hugetlb[i] = NULL; hugetlb[i] = NULL;
} }
} }
@ -989,11 +989,11 @@ static void free_hugetlbs_array(oci_runtime_config_linux_resources_hugepage_limi
/* verify resources hugetlbs */ /* verify resources hugetlbs */
static int verify_resources_hugetlbs(const sysinfo_t *sysinfo, static int verify_resources_hugetlbs(const sysinfo_t *sysinfo,
oci_runtime_config_linux_resources_hugepage_limits_element ***hugetlb, defs_resources_hugepage_limits_element ***hugetlb,
size_t *hugetlb_len) size_t *hugetlb_len)
{ {
int ret = 0; int ret = 0;
oci_runtime_config_linux_resources_hugepage_limits_element **newhugetlb = NULL; defs_resources_hugepage_limits_element **newhugetlb = NULL;
size_t newlen = 0; size_t newlen = 0;
size_t i; size_t i;
@ -1008,7 +1008,7 @@ static int verify_resources_hugetlbs(const sysinfo_t *sysinfo,
for (i = 0; i < *hugetlb_len; i++) { for (i = 0; i < *hugetlb_len; i++) {
char *pagesize = NULL; char *pagesize = NULL;
size_t newsize, oldsize; size_t newsize, oldsize;
oci_runtime_config_linux_resources_hugepage_limits_element **tmphugetlb; defs_resources_hugepage_limits_element **tmphugetlb;
pagesize = validate_hugetlb((*hugetlb)[i]->page_size, (*hugetlb)[i]->limit); pagesize = validate_hugetlb((*hugetlb)[i]->page_size, (*hugetlb)[i]->limit);
if (pagesize == NULL) { if (pagesize == NULL) {
@ -1022,14 +1022,14 @@ static int verify_resources_hugetlbs(const sysinfo_t *sysinfo,
} }
// append new hugetlb // append new hugetlb
if (newlen > SIZE_MAX / sizeof(oci_runtime_config_linux_resources_hugepage_limits_element *) - 1) { if (newlen > SIZE_MAX / sizeof(defs_resources_hugepage_limits_element *) - 1) {
free(pagesize); free(pagesize);
ERROR("Too many new hugetlb to append!"); ERROR("Too many new hugetlb to append!");
ret = -1; ret = -1;
goto out; goto out;
} }
newsize = sizeof(oci_runtime_config_linux_resources_hugepage_limits_element *) * (newlen + 1); newsize = sizeof(defs_resources_hugepage_limits_element *) * (newlen + 1);
oldsize = newsize - sizeof(oci_runtime_config_linux_resources_hugepage_limits_element *); oldsize = newsize - sizeof(defs_resources_hugepage_limits_element *);
ret = mem_realloc((void **)&tmphugetlb, newsize, newhugetlb, oldsize); ret = mem_realloc((void **)&tmphugetlb, newsize, newhugetlb, oldsize);
if (ret < 0) { if (ret < 0) {
free(pagesize); free(pagesize);
@ -1038,7 +1038,7 @@ static int verify_resources_hugetlbs(const sysinfo_t *sysinfo,
goto out; goto out;
} }
newhugetlb = tmphugetlb; newhugetlb = tmphugetlb;
newhugetlb[newlen] = util_common_calloc_s(sizeof(oci_runtime_config_linux_resources_hugepage_limits_element)); newhugetlb[newlen] = util_common_calloc_s(sizeof(defs_resources_hugepage_limits_element));
if (newhugetlb[newlen] == NULL) { if (newhugetlb[newlen] == NULL) {
free(pagesize); free(pagesize);
ERROR("Out of memory"); ERROR("Out of memory");
@ -1075,13 +1075,13 @@ static int adapt_memory_swap(const sysinfo_t *sysinfo, const int64_t *limit, int
} }
/* adapt resources memory */ /* adapt resources memory */
static int adapt_resources_memory(const sysinfo_t *sysinfo, oci_runtime_config_linux_resources_memory *memory) static int adapt_resources_memory(const sysinfo_t *sysinfo, defs_resources_memory *memory)
{ {
return adapt_memory_swap(sysinfo, &(memory->limit), &(memory->swap)); return adapt_memory_swap(sysinfo, &(memory->limit), &(memory->swap));
} }
/* verify linux resources */ /* verify linux resources */
static int verify_linux_resources(const sysinfo_t *sysinfo, oci_runtime_config_linux_resources *resources) static int verify_linux_resources(const sysinfo_t *sysinfo, defs_resources *resources)
{ {
int ret = 0; int ret = 0;
@ -1125,7 +1125,7 @@ out:
} }
/* adapt linux resources */ /* adapt linux resources */
static int adapt_linux_resources(const sysinfo_t *sysinfo, oci_runtime_config_linux_resources *resources) static int adapt_linux_resources(const sysinfo_t *sysinfo, defs_resources *resources)
{ {
int ret = 0; int ret = 0;
@ -1910,22 +1910,15 @@ out:
} }
/* verify container settings start */ /* verify container settings start */
int verify_container_settings_start(const char *rootpath, const char *id) int verify_container_settings_start(const oci_runtime_spec *oci_spec)
{ {
int ret = 0; int ret = 0;
oci_runtime_spec *container = read_oci_config(rootpath, id);
if (container == NULL) {
ERROR("Failed to read oci config");
ret = -1;
goto out;
}
/* verify custom mount info, ensure source path exist */ /* verify custom mount info, ensure source path exist */
if (container->mounts != NULL && container->mounts_len > 0) { if (oci_spec->mounts != NULL && oci_spec->mounts_len > 0) {
ret = verify_custom_mount(container->mounts, container->mounts_len); ret = verify_custom_mount(oci_spec->mounts, oci_spec->mounts_len);
} }
out:
free_oci_runtime_spec(container);
return ret; return ret;
} }
@ -1934,33 +1927,33 @@ static inline bool is_less_than_one_second(int64_t timeout)
return timeout != 0 && timeout < Time_Second; return timeout != 0 && timeout < Time_Second;
} }
int verify_health_check_parameter(const container_custom_config *custom_spec) int verify_health_check_parameter(const container_config *container_spec)
{ {
int ret = 0; int ret = 0;
if (custom_spec == NULL || custom_spec->health_check == NULL) { if (container_spec == NULL || container_spec->health_check == NULL) {
return ret; return ret;
} }
if (is_less_than_one_second(custom_spec->health_check->interval)) { if (is_less_than_one_second(container_spec->health_check->interval)) {
ERROR("Interval in Healthcheck cannot be less than one second"); ERROR("Interval in Healthcheck cannot be less than one second");
isulad_set_error_message("Interval in Healthcheck cannot be less than one second"); isulad_set_error_message("Interval in Healthcheck cannot be less than one second");
ret = -1; ret = -1;
goto out; goto out;
} }
if (is_less_than_one_second(custom_spec->health_check->timeout)) { if (is_less_than_one_second(container_spec->health_check->timeout)) {
ERROR("Timeout in Healthcheck cannot be less than one second"); ERROR("Timeout in Healthcheck cannot be less than one second");
isulad_set_error_message("Timeout in Healthcheck cannot be less than one second"); isulad_set_error_message("Timeout in Healthcheck cannot be less than one second");
ret = -1; ret = -1;
goto out; goto out;
} }
if (is_less_than_one_second(custom_spec->health_check->start_period)) { if (is_less_than_one_second(container_spec->health_check->start_period)) {
ERROR("StartPeriod in Healthcheck cannot be less than one second"); ERROR("StartPeriod in Healthcheck cannot be less than one second");
isulad_set_error_message("StartPeriod in Healthcheck cannot be less than one second"); isulad_set_error_message("StartPeriod in Healthcheck cannot be less than one second");
ret = -1; ret = -1;
goto out; goto out;
} }
if (custom_spec->health_check->retries < 0) { if (container_spec->health_check->retries < 0) {
ERROR("--health-retries cannot be negative"); ERROR("--health-retries cannot be negative");
isulad_set_error_message("--health-retries cannot be negative"); isulad_set_error_message("--health-retries cannot be negative");
ret = -1; ret = -1;

4
src/services/execution/spec/verify.h
View File

@ -22,11 +22,11 @@ int verify_container_settings(const oci_runtime_spec *container);
int verify_oci_hook(const oci_runtime_spec_hooks *h); int verify_oci_hook(const oci_runtime_spec_hooks *h);
int verify_container_settings_start(const char *rootpath, const char *id); int verify_container_settings_start(const oci_runtime_spec *oci_spec);
int verify_host_config_settings(host_config *hostconfig, bool update); int verify_host_config_settings(host_config *hostconfig, bool update);
int verify_health_check_parameter(const container_custom_config *custom_spec); int verify_health_check_parameter(const container_config *container_spec);
#endif /* __VERIFY_H */ #endif /* __VERIFY_H */