packages/iSulad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

iSulad: adapt kata based on next_openeuler

Browse Source 
Change-Id: Ia37071fce115de96e5e139369011451457caf714
Signed-off-by: LiFeng <lifeng68@huawei.com>
This commit is contained in:
LiFeng 2020-01-19 00:06:40 -05:00 committed by WangFengTu
parent 1aa264fde3
commit 5bd893e34e
68 changed files with 2409 additions and 2416 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmake/options.cmake
View File

@ -33,7 +33,7 @@ endif()
option(VERSION "set isulad version" ON)
if (VERSION STREQUAL "ON")
set(ISULAD_VERSION "1.1.9")
set(ISULAD_VERSION "1.1.11")
endif()
option(DEBUG "set isulad gcc option" ON)

4
iSulad.spec
View File

@ -1,5 +1,5 @@
%global _version 1.1.9
%global _release 20200206.104209.gitd282adb9
%global _version 1.1.11
%global _release 20200204.221506.git50cfadfa
%global is_systemd 1
%global debug_package %{nil}

1
src/constants.h
View File

@ -53,6 +53,7 @@
#define DEFAULT_CA_FILE "ca.pem"
#define DEFAULT_KEY_FILE "key.pem"
#define DEFAULT_CERT_FILE "cert.pem"
#define OCI_CONFIG_JSON "config.json"
#define LOG_MAX_RETRIES 10

57
src/cutils/utils_file.c
View File

@ -877,3 +877,60 @@ char *verify_file_and_get_real_path(const char *file)
return util_strdup_s(resolved_path);
}
int util_copy_file(const char *src_file, const char *dst_file)
{
#define BUFSIZE 4096
int ret = 0;
char *nret = NULL;
char real_src_file[PATH_MAX + 1] = { 0 };
int src_fd = -1;
int dst_fd = -1;
char buf[BUFSIZE + 1] = { 0 };
if (src_file == NULL || dst_file == NULL) {
return ret;
}
nret = realpath(src_file, real_src_file);
if (nret == NULL) {
ERROR("real path: %s, return: %s", src_file, strerror(errno));
ret = -1;
return ret;
}
src_fd = util_open(real_src_file, O_RDONLY, CONFIG_FILE_MODE);
if (src_fd < 0) {
ERROR("Open src file: %s, failed: %s", real_src_file, strerror(errno));
ret = -1;
goto free_out;
}
dst_fd = util_open(dst_file, O_WRONLY | O_CREAT | O_TRUNC, DEFAULT_SECURE_FILE_MODE);
if (dst_fd < 0) {
ERROR("Creat file: %s, failed: %s", dst_file, strerror(errno));
ret = -1;
goto free_out;
}
while (true) {
ssize_t len = util_read_nointr(src_fd, buf, BUFSIZE);
if (len < 0) {
ERROR("Read src file failed: %s", strerror(errno));
ret = -1;
goto free_out;
} else if (len == 0) {
break;
}
if (util_write_nointr(dst_fd, buf, (size_t)len) != len) {
ERROR("Write file failed: %s", strerror(errno));
ret = -1;
goto free_out;
}
}
free_out:
if (src_fd >= 0) {
close(src_fd);
}
if (dst_fd >= 0) {
close(dst_fd);
}
return ret;
}

2
src/cutils/utils_file.h
View File

@ -71,6 +71,8 @@ int util_write_file(const char *fname, const char *content, size_t content_len);
char *verify_file_and_get_real_path(const char *file);
int util_copy_file(const char *src_file, const char *dst_file);
#ifdef __cplusplus
}
#endif

7
src/engines/engine.h
View File

@ -103,11 +103,6 @@ typedef struct _engine_start_request_t {
uint32_t start_timeout;
const char *container_pidfile;
const char *exit_fifo;
uid_t uid;
gid_t gid;
gid_t *additional_gids;
size_t additional_gids_len;
} engine_start_request_t;
typedef struct _engine_exec_request_t {
@ -132,7 +127,7 @@ typedef struct _engine_exec_request_t {
} engine_exec_request_t;
typedef bool (*engine_create_t)(const char *, const char *, const char *, void *);
typedef bool (*engine_create_t)(const char *, const char *, void *);
typedef bool (*engine_start_t)(const engine_start_request_t *request);

9
src/http/http.c
View File

@ -351,6 +351,7 @@ int authz_http_request(const char *username, const char *action, char **resp)
char err_msg[AUTHZ_ERROR_MSG_SIZE] = { 0 };
long response_code = 0;
int ret = 0;
int nret = 0;
size_t length = 0;
struct http_get_options *options = NULL;
if (strlen(username) > ((SIZE_MAX - strlen(action)) - strlen(":")) - 1) {
@ -364,7 +365,7 @@ int authz_http_request(const char *username, const char *action, char **resp)
*resp = util_strdup_s("Inernal server error: Out of memory");
return -1;
}
int nret = snprintf(request_body, length, "%s:%s", username, action);
nret = snprintf(request_body, length, "%s:%s", username, action);
if (nret < 0 || (size_t)nret >= length) {
ERROR("Failed to print string");
free(request_body);
@ -392,14 +393,14 @@ int authz_http_request(const char *username, const char *action, char **resp)
goto out;
}
if (response_code != StatusOK) {
ret = snprintf(err_msg, sizeof(err_msg), "action '%s' for user '%s': permission denied", action, username);
if (ret < 0 || (size_t)ret >= sizeof(err_msg)) {
ret = -1;
nret = snprintf(err_msg, sizeof(err_msg), "action '%s' for user '%s': permission denied", action, username);
if (nret < 0 || (size_t)nret >= sizeof(err_msg)) {
ERROR("Out of memory");
*resp = util_strdup_s("Inernal server error: Out of memory");
goto out;
}
*resp = util_strdup_s(err_msg);
ret = -1;
goto out;
}

238
src/image/embedded/embedded_config_merge.c
View File

@ -30,98 +30,113 @@
#include "mediatype.h"
#include "embedded_config_merge.h"
int merge_env_config(oci_runtime_spec *oci_spec,
embedded_manifest **manifest)
static int embedded_merge_entrypoint(embedded_config *config, container_config *container_spec)
{
if ((*manifest)->config->env && (*manifest)->config->env_len != 0) {
int ret = merge_env(oci_spec, (const char **)(*manifest)->config->env, (*manifest)->config->env_len);
if (ret != 0) {
ERROR("Failed to merge environment variables");
return -1;
}
}
return 0;
}
int replace_cmds_config(container_custom_config *custom_spec,
embedded_manifest **manifest)
{
embedded_config *config = (*manifest)->config;
if (config->entrypoint && custom_spec->entrypoint_len == 0) {
if (config->entrypoint && container_spec->entrypoint_len == 0) {
int ret = dup_array_of_strings((const char **)config->entrypoint, config->entrypoint_len,
&(custom_spec->entrypoint), &(custom_spec->entrypoint_len));
&(container_spec->entrypoint), &(container_spec->entrypoint_len));
if (ret != 0) {
ERROR("Failed to duplicate entrypoint from manifest");
return -1;
}
custom_spec->entrypoint_len = (*manifest)->config->entrypoint_len;
container_spec->entrypoint_len = config->entrypoint_len;
}
return 0;
}
int merge_config(oci_runtime_spec *oci_spec,
container_custom_config *custom_spec,
const char *image_config,
embedded_manifest **manifest)
static int embedded_merge_env(const embedded_config *config, container_config *container_spec)
{
if ((*manifest)->config != NULL) {
if ((*manifest)->config->workdir != NULL) {
free(oci_spec->process->cwd);
oci_spec->process->cwd = util_strdup_s((*manifest)->config->workdir);
int ret = 0;
size_t new_size = 0;
size_t old_size = 0;
size_t i = 0;
size_t j = 0;
char **temp = NULL;
char **im_kv = NULL;
char **custom_kv = NULL;
if (config->env == NULL || config->env_len == 0) {
return 0;
}
if (config->env_len > LIST_ENV_SIZE_MAX - container_spec->env_len) {
ERROR("The length of envionment variables is too long, the limit is %d", LIST_ENV_SIZE_MAX);
isulad_set_error_message("The length of envionment variables is too long, the limit is %d", LIST_ENV_SIZE_MAX);
ret = -1;
goto out;
}
new_size = (container_spec->env_len + config->env_len) * sizeof(char *);
old_size = container_spec->env_len * sizeof(char *);
ret = mem_realloc((void **)&temp, new_size, container_spec->env, old_size);
if (ret != 0) {
ERROR("Failed to realloc memory for envionment variables");
ret = -1;
goto out;
}
container_spec->env = temp;
for (i = 0; i < config->env_len; i++) {
bool found = false;
im_kv = util_string_split(config->env[i], '=');
if (im_kv == NULL) {
continue;
}
if (merge_env_config(oci_spec, manifest) != 0) {
for (j = 0; j < container_spec->env_len; j++) {
custom_kv = util_string_split(container_spec->env[i], '=');
if (custom_kv == NULL) {
continue;
}
if (strcmp(im_kv[0], custom_kv[0]) == 0) {
found = true;
}
util_free_array(custom_kv);
custom_kv = NULL;
if (found) {
break;
}
}
if (!found) {
container_spec->env[container_spec->env_len] = util_strdup_s(config->env[i]);
container_spec->env_len++;
}
util_free_array(im_kv);
im_kv = NULL;
}
out:
return ret;
}
static int merge_embedded_config(const embedded_manifest *manifest, container_config *container_spec)
{
if (manifest->config != NULL) {
if (manifest->config->workdir != NULL) {
free(container_spec->working_dir);
container_spec->working_dir = util_strdup_s(manifest->config->workdir);
}
if (embedded_merge_env(manifest->config, container_spec) != 0) {
return -1;
}
return replace_cmds_config(custom_spec, manifest);
return embedded_merge_entrypoint(manifest->config, container_spec);
}
return 0;
}
int pre_deal_config(oci_runtime_spec *oci_spec,
container_custom_config *custom_spec,
const char *image_config,
embedded_manifest **manifest,
char **config_path,
char **err)
{
bool param_error = (oci_spec == NULL || image_config == NULL);
if (param_error) {
ERROR("invalid NULL param");
return -1;
}
*manifest = embedded_manifest_parse_data(image_config, 0, err);
if (*manifest == NULL) {
ERROR("parse manifest failed: %s", *err);
return -1;
}
if (merge_config(oci_spec, custom_spec, image_config, manifest) != 0) {
return -1;
}
int ret = lim_query_image_data((*manifest)->image_name, IMAGE_DATA_TYPE_CONFIG_PATH, config_path, NULL);
if (ret != 0) {
ERROR("query config path for image %s failed", (*manifest)->image_name);
return -1;
}
return 0;
}
int gen_abs_path(embedded_manifest **manifest, char **abs_path, char *config_path, char *real_path, int i)
static int gen_abs_path(const embedded_manifest *manifest, char **abs_path, char *config_path, char *real_path, int i)
{
/* change source to absolute path */
if ((*manifest)->layers[i]->path_in_host[0] == '/') {
(*abs_path) = util_strdup_s((*manifest)->layers[i]->path_in_host);
if (manifest->layers[i]->path_in_host[0] == '/') {
(*abs_path) = util_strdup_s(manifest->layers[i]->path_in_host);
} else {
(*abs_path) = util_add_path(config_path, (*manifest)->layers[i]->path_in_host);
(*abs_path) = util_add_path(config_path, manifest->layers[i]->path_in_host);
}
if ((*abs_path) == NULL) {
ERROR("add path %s and %s failed", config_path,
(*manifest)->layers[i]->path_in_host);
manifest->layers[i]->path_in_host);
return -1;
}
@ -132,7 +147,7 @@ int gen_abs_path(embedded_manifest **manifest, char **abs_path, char *config_pat
return 0;
}
int gen_one_mount(embedded_manifest *manifest, char *mount, char *real_path, int i)
static int gen_one_mount(const embedded_manifest *manifest, char *mount, char *real_path, int i)
{
int nret = 0;
if (manifest->layers[i]->media_type == NULL) {
@ -148,27 +163,62 @@ int gen_one_mount(embedded_manifest *manifest, char *mount, char *real_path, int
"type=bind,ro=true,bind-propagation=rprivate,src=%s,dst=%s",
real_path, manifest->layers[i]->path_in_container);
}
if (nret < 0 || (size_t)nret >= (PATH_MAX * 3)) {
if (nret < 0 || nret >= (PATH_MAX * 3)) {
ERROR("print string for mounts failed");
return -1;
}
return 0;
}
int embedded_image_merge_config(oci_runtime_spec *oci_spec,
container_custom_config *custom_spec,
const char *image_config)
static int embedded_append_mounts(char **volumes, size_t volumes_len, container_config *container_spec)
{
int ret = 0;
size_t i = 0;
size_t new_size = 0;
size_t old_size = 0;
char **temp = NULL;
if (volumes == NULL || volumes_len == 0) {
return 0;
}
if (volumes_len > LIST_ENV_SIZE_MAX - container_spec->mounts_len) {
ERROR("The length of mounts is too long, the limit is %d", LIST_ENV_SIZE_MAX);
isulad_set_error_message("The length of mounts is too long, the limit is %d", LIST_ENV_SIZE_MAX);
ret = -1;
goto out;
}
new_size = (container_spec->mounts_len + volumes_len) * sizeof(char *);
old_size = container_spec->mounts_len * sizeof(char *);
ret = mem_realloc((void **)&temp, new_size, container_spec->mounts, old_size);
if (ret != 0) {
ERROR("Failed to realloc memory for mounts");
ret = -1;
goto out;
}
container_spec->mounts = temp;
for (i = 0; i < volumes_len; i++) {
container_spec->mounts[container_spec->mounts_len] = util_strdup_s(volumes[i]);
container_spec->mounts_len++;
}
out:
return ret;
}
static int embedded_merge_mounts(const embedded_manifest *manifest, container_config *container_spec)
{
int ret = 0;
char *err = NULL;
embedded_manifest *manifest = NULL;
int i = 0;
char **mounts = NULL;
size_t cap = 0;
char *config_path = NULL;
char *abs_path = NULL;
size_t cap = 0;
char **mounts = NULL;
if (pre_deal_config(oci_spec, custom_spec, image_config, &manifest, &config_path, &err) != 0) {
ret = lim_query_image_data(manifest->image_name, IMAGE_DATA_TYPE_CONFIG_PATH, &config_path, NULL);
if (ret != 0) {
ERROR("query config path for image %s failed", manifest->image_name);
ret = -1;
goto out;
}
@ -192,7 +242,7 @@ int embedded_image_merge_config(oci_runtime_spec *oci_spec,
goto out;
}
if (gen_abs_path(&manifest, &abs_path, config_path, real_path, i) != 0) {
if (gen_abs_path(manifest, &abs_path, config_path, real_path, i) != 0) {
ret = -1;
goto out;
}
@ -204,19 +254,47 @@ int embedded_image_merge_config(oci_runtime_spec *oci_spec,
}
}
ret = merge_volumes(oci_spec, mounts, util_array_len((const char **)mounts), NULL, parse_mount);
ret = embedded_append_mounts(mounts, util_array_len((const char **)mounts), container_spec);
if (ret) {
ERROR("Failed to merge layer into mounts");
goto out;
}
out:
free(err);
util_free_array(mounts);
free_embedded_manifest(manifest);
free(abs_path);
UTIL_FREE_AND_SET_NULL(config_path);
return ret;
}
int embedded_image_merge_config(const char *image_config, container_config *container_spec)
{
int ret = 0;
char *err = NULL;
embedded_manifest *manifest = NULL;
manifest = embedded_manifest_parse_data(image_config, 0, &err);
if (manifest == NULL) {
ERROR("parse manifest failed: %s", err);
ret = -1;
goto out;
}
if (merge_embedded_config(manifest, container_spec) != 0) {
ret = -1;
goto out;
}
ret = embedded_merge_mounts(manifest, container_spec);
if (ret != 0) {
ERROR("query config path for image %s failed", manifest->image_name);
ret = -1;
goto out;
}
out:
free(err);
free_embedded_manifest(manifest);
return ret;
}

4
src/image/embedded/embedded_config_merge.h
View File

@ -21,9 +21,7 @@
extern "C" {
#endif
int embedded_image_merge_config(oci_runtime_spec *oci_spec,
container_custom_config *custom_spec,
const char *image_config);
int embedded_image_merge_config(const char *image_config, container_config *container_spec);
#ifdef __cplusplus
}

27
src/image/embedded/embedded_image.c
View File

@ -94,15 +94,13 @@ int embedded_delete_rf(const im_delete_request *request)
return 0;
}
static int do_merge_embedded_image_conf(oci_runtime_spec *oci_spec,
container_custom_config *custom_spec,
const char *image_name)
static int do_merge_embedded_image_conf(const char *image_name, container_config *container_spec)
{
int ret = 0;
char *image_config = NULL;
char *image_type = NULL;
if (oci_spec == NULL || image_name == NULL) {
if (container_spec == NULL || image_name == NULL) {
ERROR("invalid NULL param");
return -1;
}
@ -114,7 +112,7 @@ static int do_merge_embedded_image_conf(oci_runtime_spec *oci_spec,
}
if (strcmp(image_type, IMAGE_TYPE_EMBEDDED) == 0) {
ret = embedded_image_merge_config(oci_spec, custom_spec, image_config);
ret = embedded_image_merge_config(image_config, container_spec);
if (ret != 0) {
goto out;
}
@ -132,7 +130,7 @@ out:
}
int embedded_merge_conf(oci_runtime_spec *oci_spec, const host_config *host_spec, container_custom_config *custom_spec,
int embedded_merge_conf(const host_config *host_spec, container_config *container_spec,
const im_prepare_request *request, char **real_rootfs)
{
int ret = 0;
@ -149,13 +147,7 @@ int embedded_merge_conf(oci_runtime_spec *oci_spec, const host_config *host_spec
return nret;
}
if (merge_user("/", oci_spec, host_spec, custom_spec->user)) {
ERROR("Failed to merge user: %s", custom_spec->user);
ret = -1;
goto umount;
}
nret = do_merge_embedded_image_conf(oci_spec, custom_spec, request->image_name);
nret = do_merge_embedded_image_conf(request->image_name, container_spec);
if (nret != 0) {
ret = nret;
goto umount;
@ -171,10 +163,13 @@ umount:
return ret;
}
int embedded_get_user_conf(const char *basefs, host_config *hc, const char *userstr,
oci_runtime_spec_process_user *puser)
int embedded_get_user_conf(const char *basefs, host_config *hc, const char *userstr, defs_process_user *puser)
{
return 0;
if (puser == NULL) {
ERROR("Empty basefs or puser");
return -1;
}
return get_user("/", hc, userstr, puser);;
}
static int embedded_images_to_imagetool_images(struct db_all_images *all_images,

5
src/image/embedded/embedded_image.h
View File

@ -32,11 +32,10 @@ int embedded_delete_rf(const im_delete_request *request);
char *embedded_resolve_image_name(const char *image_name);
int embedded_merge_conf(oci_runtime_spec *oci_spec, const host_config *host_spec, container_custom_config *custom_spec,
int embedded_merge_conf(const host_config *host_spec, container_config *container_spec,
const im_prepare_request *request, char **real_rootfs);
int embedded_get_user_conf(const char *basefs, host_config *hc, const char *userstr,
oci_runtime_spec_process_user *puser);
int embedded_get_user_conf(const char *basefs, host_config *hc, const char *userstr, defs_process_user *puser);
int embedded_list_images(const im_list_request *request, imagetool_images_list **list);

6
src/image/external/ext_image.c vendored
View File

@ -101,7 +101,7 @@ char *ext_resolve_image_name(const char *image_name)
return util_strdup_s(image_name);
}
int ext_merge_conf(oci_runtime_spec *oci_spec, const host_config *host_spec, container_custom_config *custom_spec,
int ext_merge_conf(const host_config *host_spec, container_config *container_spec,
const im_prepare_request *request, char **real_rootfs)
#ifdef ENABLE_OCI_IMAGE
{
@ -148,7 +148,7 @@ int ext_merge_conf(oci_runtime_spec *oci_spec, const host_config *host_spec, con
goto out;
}
ret = oci_image_merge_config(image_info->info, oci_spec, custom_spec);
ret = oci_image_merge_config(image_info->info, container_spec);
out:
free(resolved_name);
@ -181,7 +181,7 @@ out:
}
#endif
int ext_get_user_conf(const char *basefs, host_config *hc, const char *userstr, oci_runtime_spec_process_user *puser)
int ext_get_user_conf(const char *basefs, host_config *hc, const char *userstr, defs_process_user *puser)
{
if (basefs == NULL || puser == NULL) {
ERROR("Empty basefs or puser");

4
src/image/external/ext_image.h vendored
View File

@ -27,9 +27,9 @@ int ext_umount_rf(const im_umount_request *request);
int ext_delete_rf(const im_delete_request *request);
char *ext_resolve_image_name(const char *image_name);
int ext_merge_conf(oci_runtime_spec *oci_spec, const host_config *host_spec, container_custom_config *custom_spec,
int ext_merge_conf(const host_config *host_spec, container_config *container_spec,
const im_prepare_request *request, char **real_rootfs);
int ext_get_user_conf(const char *basefs, host_config *hc, const char *userstr, oci_runtime_spec_process_user *puser);
int ext_get_user_conf(const char *basefs, host_config *hc, const char *userstr, defs_process_user *puser);
int ext_list_images(const im_list_request *request, imagetool_images_list **list);
int ext_remove_image(const im_remove_request *request);
int ext_inspect_image(const im_inspect_request *request, char **inspected_json);

10
src/image/image.c
View File

@ -662,15 +662,15 @@ bool im_config_image_exist(const char *image_name)
}
int im_merge_image_config(const char *id, const char *image_type, const char *image_name,
const char *ext_config_image, oci_runtime_spec *oci_spec,
host_config *host_spec, container_custom_config *custom_spec,
const char *ext_config_image,
host_config *host_spec, container_config *container_spec,
char **real_rootfs)
{
int ret = 0;
struct bim *bim = NULL;
im_prepare_request *request = NULL;
if (real_rootfs == NULL || oci_spec == NULL || image_type == NULL) {
if (real_rootfs == NULL || image_type == NULL) {
ERROR("Invalid input arguments");
ret = -1;
goto out;
@ -702,7 +702,7 @@ int im_merge_image_config(const char *id, const char *image_type, const char *im
EVENT("Event: {Object: %s, Type: preparing rootfs with image %s}", id, image_name);
ret = bim->ops->merge_conf(oci_spec, host_spec, custom_spec, request, real_rootfs);
ret = bim->ops->merge_conf(host_spec, container_spec, request, real_rootfs);
request->storage_opt = NULL;
if (ret != 0) {
ERROR("Failed to merge image %s config, config image is %s", image_name, ext_config_image);
@ -720,7 +720,7 @@ out:
}
int im_get_user_conf(const char *image_type, const char *basefs, host_config *hc, const char *userstr,
oci_runtime_spec_process_user *puser)
defs_process_user *puser)
{
int ret = 0;
struct bim *bim = NULL;

13
src/image/image.h
View File

@ -21,8 +21,8 @@
#include "oci_image_index.h"
#include "oci_image_spec.h"
#include "oci_runtime_spec.h"
#include "container_custom_config.h"
#include "host_config.h"
#include "container_config.h"
#include "libisulad.h"
#ifdef ENABLE_OCI_IMAGE
@ -212,12 +212,12 @@ struct bim_ops {
char *(*resolve_image_name)(const char *image_name);
/* merge image config ops */
int (*merge_conf)(oci_runtime_spec *oci_spec, const host_config *host_spec, container_custom_config *custom_spec,
int (*merge_conf)(const host_config *host_spec, container_config *container_spec,
const im_prepare_request *request, char **real_rootfs);
/* get user config ops */
int (*get_user_conf)(const char *basefs, host_config *hc,
const char *userstr, oci_runtime_spec_process_user *puser);
const char *userstr, defs_process_user *puser);
/* list images */
int (*list_ims)(const im_list_request *request, imagetool_images_list **images);
@ -293,11 +293,12 @@ int im_umount_container_rootfs(const char *image_type, const char *image_name, c
int im_remove_container_rootfs(const char *image_type, const char *container_id);
int im_merge_image_config(const char *id, const char *image_type, const char *image_name,
const char *ext_config_image, oci_runtime_spec *oci_spec, host_config *host_spec,
container_custom_config *custom_spec, char **real_rootfs);
const char *ext_config_image,
host_config *host_spec, container_config *container_spec,
char **real_rootfs);
int im_get_user_conf(const char *image_type, const char *basefs, host_config *hc, const char *userstr,
oci_runtime_spec_process_user *puser);
defs_process_user *puser);
int im_list_images(const im_list_request *request, im_list_response **response);

4
src/image/oci/isula_image.c
View File

@ -156,7 +156,7 @@ int isula_prepare_rf(const im_prepare_request *request, char **real_rootfs)
real_rootfs, NULL);
}
int isula_merge_conf_rf(oci_runtime_spec *oci_spec, const host_config *host_spec, container_custom_config *custom_spec,
int isula_merge_conf_rf(const host_config *host_spec, container_config *container_spec,
const im_prepare_request *request, char **real_rootfs)
{
oci_image_spec *image = NULL;
@ -173,7 +173,7 @@ int isula_merge_conf_rf(oci_runtime_spec *oci_spec, const host_config *host_spec
ERROR("Get prepare rootfs failed of image: %s", request->image_name);
goto out;
}
ret = oci_image_conf_merge_into_spec(request->image_name, oci_spec, custom_spec);
ret = oci_image_conf_merge_into_spec(request->image_name, container_spec);
if (ret != 0) {
ERROR("Failed to merge oci config for image: %s", request->image_name);
goto out;

2
src/image/oci/isula_image.h
View File

@ -32,7 +32,7 @@ int isula_get_filesystem_info(im_fs_info_response **response);
int isual_load_image(const im_load_request *request);
int isula_prepare_rf(const im_prepare_request *request, char **real_rootfs);
int isula_merge_conf_rf(oci_runtime_spec *oci_spec, const host_config *host_spec, container_custom_config *custom_spec,
int isula_merge_conf_rf(const host_config *host_spec, container_config *container_spec,
const im_prepare_request *request, char **real_rootfs);
int isula_mount_rf(const im_mount_request *request);
int isula_umount_rf(const im_umount_request *request);

9
src/image/oci/oci_common_operators.c
View File

@ -244,7 +244,7 @@ static void oci_strip_dockerio(const imagetool_image *image)
return;
}
int oci_get_user_conf(const char *basefs, host_config *hc, const char *userstr, oci_runtime_spec_process_user *puser)
int oci_get_user_conf(const char *basefs, host_config *hc, const char *userstr, defs_process_user *puser)
{
if (basefs == NULL || puser == NULL) {
ERROR("Empty basefs or puser");
@ -796,14 +796,13 @@ int oci_get_all_images(const im_list_request *request, imagetool_images_list **i
return isula_list_images(request, images);
}
int oci_image_conf_merge_into_spec(const char *image_name, oci_runtime_spec *oci_spec,
container_custom_config *custom_spec)
int oci_image_conf_merge_into_spec(const char *image_name, container_config *container_spec)
{
int ret = 0;
oci_image_t *image_info = NULL;
char *resolved_name = NULL;
if (oci_spec == NULL || image_name == NULL) {
if (container_spec == NULL || image_name == NULL) {
ERROR("invalid NULL param");
return -1;
}
@ -822,7 +821,7 @@ int oci_image_conf_merge_into_spec(const char *image_name, oci_runtime_spec *oci
goto out;
}
ret = oci_image_merge_config(image_info->info, oci_spec, custom_spec);
ret = oci_image_merge_config(image_info->info, container_spec);
if (ret != 0) {
ERROR("Failed to merge oci config for image %s", resolved_name);
ret = -1;

5
src/image/oci/oci_common_operators.h
View File

@ -29,7 +29,7 @@ char *oci_normalize_image_name(const char *name);
bool oci_detect(const char *image_name);
char *oci_resolve_image_name(const char *name);
int oci_get_user_conf(const char *basefs, host_config *hc, const char *userstr, oci_runtime_spec_process_user *puser);
int oci_get_user_conf(const char *basefs, host_config *hc, const char *userstr, defs_process_user *puser);
int oci_list_images(const im_list_request *request, imagetool_images_list **images);
int oci_status_image(im_status_request *request, im_status_response **response);
int oci_inspect_image(const im_inspect_request *request, char **inspected_json);
@ -37,8 +37,7 @@ int oci_inspect_image(const im_inspect_request *request, char **inspected_json);
imagetool_image *oci_get_image_info_by_name(const char *id);
int oci_get_all_images(const im_list_request *request, imagetool_images_list **images);
int oci_image_conf_merge_into_spec(const char *image_name, oci_runtime_spec *oci_spec,
container_custom_config *custom_spec);
int oci_image_conf_merge_into_spec(const char *image_name, container_config *container_spec);
#ifdef __cplusplus
}

201
src/image/oci/oci_config_merge.c
View File

@ -25,52 +25,110 @@
#include "specs_mount.h"
#include "specs_extend.h"
static void oci_image_merge_working_dir(const char *working_dir, oci_runtime_spec *oci_spec)
static void oci_image_merge_working_dir(const char *working_dir, container_config *container_spec)
{
if (working_dir == NULL) {
return;
}
free(oci_spec->process->cwd);
oci_spec->process->cwd = util_strdup_s(working_dir);
free(container_spec->working_dir);
container_spec->working_dir = util_strdup_s(working_dir);
}
static int oci_image_merge_env(const oci_image_spec_config *config, oci_runtime_spec *oci_spec)
static int oci_image_merge_env(const oci_image_spec_config *config, container_config *container_spec)
{
int ret = 0;
size_t new_size = 0;
size_t old_size = 0;
size_t i = 0;
size_t j = 0;
char **temp = NULL;
char **im_kv = NULL;
char **custom_kv = NULL;
if (config->env == NULL || config->env_len == 0) {
return 0;
}
if (merge_env(oci_spec, (const char **)config->env, config->env_len) != 0) {
ERROR("Failed to merge environment variables");
return -1;
if (config->env_len > LIST_ENV_SIZE_MAX - container_spec->env_len) {
ERROR("The length of envionment variables is too long, the limit is %d", LIST_ENV_SIZE_MAX);
isulad_set_error_message("The length of envionment variables is too long, the limit is %d", LIST_ENV_SIZE_MAX);
ret = -1;
goto out;
}
new_size = (container_spec->env_len + config->env_len) * sizeof(char *);
old_size = container_spec->env_len * sizeof(char *);
ret = mem_realloc((void **)&temp, new_size, container_spec->env, old_size);
if (ret != 0) {
ERROR("Failed to realloc memory for envionment variables");
ret = -1;
goto out;
}
container_spec->env = temp;
for (i = 0; i < config->env_len; i++) {
bool found = false;
im_kv = util_string_split(config->env[i], '=');
if (im_kv == NULL) {
continue;
}
for (j = 0; j < container_spec->env_len; j++) {
custom_kv = util_string_split(container_spec->env[i], '=');
if (custom_kv == NULL) {
continue;
}
if (strcmp(im_kv[0], custom_kv[0]) == 0) {
found = true;
}
util_free_array(custom_kv);
custom_kv = NULL;
if (found) {
break;
}
}
if (!found) {
container_spec->env[container_spec->env_len] = util_strdup_s(config->env[i]);
container_spec->env_len++;
}
util_free_array(im_kv);
im_kv = NULL;
}
out:
return ret;
return 0;
}
static int do_duplicate_commands(const oci_image_spec_config *config, container_custom_config *custom_spec)
static int do_duplicate_commands(const oci_image_spec_config *config, container_config *container_spec)
{
size_t i;
if (custom_spec->cmd_len != 0 || config->cmd_len == 0) {
if (container_spec->cmd_len != 0 || config->cmd_len == 0) {
return 0;
}
custom_spec->cmd = (char **)util_smart_calloc_s(sizeof(char *), config->cmd_len);
if (custom_spec->cmd == NULL) {
if (config->cmd_len > SIZE_MAX / sizeof(char *)) {
ERROR("too many commands!");
return -1;
}
container_spec->cmd = (char **)util_common_calloc_s(sizeof(char *) * config->cmd_len);
if (container_spec->cmd == NULL) {
ERROR("Out of memory");
return -1;
}
for (i = 0; i < config->cmd_len; i++) {
custom_spec->cmd[i] = util_strdup_s(config->cmd[i]);
custom_spec->cmd_len++;
container_spec->cmd[i] = util_strdup_s(config->cmd[i]);
container_spec->cmd_len++;
}
return 0;
}
static int do_duplicate_entrypoints(const oci_image_spec_config *config, container_custom_config *custom_spec)
static int do_duplicate_entrypoints(const oci_image_spec_config *config, container_config *container_spec)
{
size_t i;
@ -78,64 +136,53 @@ static int do_duplicate_entrypoints(const oci_image_spec_config *config, contain
return 0;
}
custom_spec->entrypoint = (char **)util_smart_calloc_s(sizeof(char *), config->entrypoint_len);
if (custom_spec->entrypoint == NULL) {
if (config->entrypoint_len > SIZE_MAX / sizeof(char *)) {
ERROR("too many entrypoints!");
return -1;
}
container_spec->entrypoint = (char **)util_common_calloc_s(sizeof(char *) * config->entrypoint_len);
if (container_spec->entrypoint == NULL) {
ERROR("Out of memory");
return -1;
}
for (i = 0; i < config->entrypoint_len; i++) {
custom_spec->entrypoint[i] = util_strdup_s(config->entrypoint[i]);
custom_spec->entrypoint_len++;
container_spec->entrypoint[i] = util_strdup_s(config->entrypoint[i]);
container_spec->entrypoint_len++;
}
return 0;
}
static int oci_image_merge_entrypoint(const oci_image_spec_config *config, container_custom_config *custom_spec)
static int oci_image_merge_entrypoint(const oci_image_spec_config *config, container_config *container_spec)
{
if (custom_spec->entrypoint_len != 0) {
if (container_spec->entrypoint_len != 0) {
return 0;
}
if (do_duplicate_commands(config, custom_spec) != 0) {
if (do_duplicate_commands(config, container_spec) != 0) {
return -1;
}
if (do_duplicate_entrypoints(config, custom_spec) != 0) {
if (do_duplicate_entrypoints(config, container_spec) != 0) {
return -1;
}
return 0;
}
static void oci_image_merge_user(const char *user, container_custom_config *custom_spec)
static void oci_image_merge_user(const char *user, container_config *container_spec)
{
if (custom_spec->user != NULL) {
if (container_spec->user != NULL) {
return;
}
custom_spec->user = util_strdup_s(user);
}
static int oci_image_merge_volumes(const oci_image_spec_config *config, oci_runtime_spec *oci_spec)
{
int ret;
if (config->volumes == NULL) {
return 0;
}
ret = merge_volumes(oci_spec, config->volumes->keys, config->volumes->len, NULL, parse_volume);
if (ret != 0) {
ERROR("Failed to merge volumes");
return -1;
}
return 0;
container_spec->user = util_strdup_s(user);
}
static int dup_health_check_from_image(const defs_health_check *image_health_check,
container_custom_config *custom_spec)
container_config *container_spec)
{
int ret = 0;
size_t i;
@ -145,7 +192,13 @@ static int dup_health_check_from_image(const defs_health_check *image_health_che
return -1;
}
health_check->test = util_smart_calloc_s(sizeof(char *), image_health_check->test_len);
if (image_health_check->test_len > SIZE_MAX / sizeof(char *)) {
ERROR("invalid health check commands!");
ret = -1;
goto out;
}
health_check->test = util_common_calloc_s(sizeof(char *) * image_health_check->test_len);
if (health_check->test == NULL) {
ERROR("Out of memory");
ret = -1;
@ -162,7 +215,7 @@ static int dup_health_check_from_image(const defs_health_check *image_health_che
health_check->retries = image_health_check->retries;
health_check->exit_on_unhealthy = image_health_check->exit_on_unhealthy;
custom_spec->health_check = health_check;
container_spec->health_check = health_check;
health_check = NULL;
@ -172,39 +225,43 @@ out:
}
static int update_health_check_from_image(const defs_health_check *image_health_check,
container_custom_config *custom_spec)
container_config *container_spec)
{
if (custom_spec->health_check->test_len == 0) {
if (container_spec->health_check->test_len == 0) {
size_t i;
custom_spec->health_check->test = util_smart_calloc_s(sizeof(char *), image_health_check->test_len);
if (custom_spec->health_check->test == NULL) {
if (image_health_check->test_len > SIZE_MAX / sizeof(char *)) {
ERROR("invalid health check commands!");
return -1;
}
container_spec->health_check->test = util_common_calloc_s(sizeof(char *) * image_health_check->test_len);
if (container_spec->health_check->test == NULL) {
ERROR("Out of memory");
return -1;
}
for (i = 0; i < image_health_check->test_len; i++) {
custom_spec->health_check->test[i] = util_strdup_s(image_health_check->test[i]);
custom_spec->health_check->test_len++;
container_spec->health_check->test[i] = util_strdup_s(image_health_check->test[i]);
container_spec->health_check->test_len++;
}
}
if (custom_spec->health_check->interval == 0) {
custom_spec->health_check->interval = image_health_check->interval;
if (container_spec->health_check->interval == 0) {
container_spec->health_check->interval = image_health_check->interval;
}
if (custom_spec->health_check->timeout == 0) {
custom_spec->health_check->timeout = image_health_check->timeout;
if (container_spec->health_check->timeout == 0) {
container_spec->health_check->timeout = image_health_check->timeout;
}
if (custom_spec->health_check->start_period == 0) {
custom_spec->health_check->start_period = image_health_check->start_period;
if (container_spec->health_check->start_period == 0) {
container_spec->health_check->start_period = image_health_check->start_period;
}
if (custom_spec->health_check->retries == 0) {
custom_spec->health_check->retries = image_health_check->retries;
if (container_spec->health_check->retries == 0) {
container_spec->health_check->retries = image_health_check->retries;
}
return 0;
}
static int oci_image_merge_health_check(const defs_health_check *image_health_check,
container_custom_config *custom_spec)
container_config *container_spec)
{
int ret = 0;
@ -217,13 +274,13 @@ static int oci_image_merge_health_check(const defs_health_check *image_health_ch
return -1;
}
if (custom_spec->health_check == NULL) {
if (dup_health_check_from_image(image_health_check, custom_spec) != 0) {
if (container_spec->health_check == NULL) {
if (dup_health_check_from_image(image_health_check, container_spec) != 0) {
ret = -1;
goto out;
}
} else {
if (update_health_check_from_image(image_health_check, custom_spec) != 0) {
if (update_health_check_from_image(image_health_check, container_spec) != 0) {
ret = -1;
goto out;
}
@ -233,38 +290,34 @@ out:
return ret;
}
int oci_image_merge_config(imagetool_image *image_conf, oci_runtime_spec *oci_spec,
container_custom_config *custom_spec)
int oci_image_merge_config(imagetool_image *image_conf, container_config *container_spec)
{
int ret = 0;
if (image_conf == NULL || oci_spec == NULL || custom_spec == NULL) {
if (image_conf == NULL || container_spec == NULL) {
ERROR("Invalid input arguments");
return -1;
}
if (image_conf->spec != NULL && image_conf->spec->config != NULL) {
oci_image_merge_working_dir(image_conf->spec->config->working_dir, oci_spec);
oci_image_merge_working_dir(image_conf->spec->config->working_dir, container_spec);
if (oci_image_merge_env(image_conf->spec->config, oci_spec) != 0) {
if (oci_image_merge_env(image_conf->spec->config, container_spec) != 0) {
ret = -1;
goto out;
}
if (oci_image_merge_entrypoint(image_conf->spec->config, custom_spec) != 0) {
if (oci_image_merge_entrypoint(image_conf->spec->config, container_spec) != 0) {
ret = -1;
goto out;
}
oci_image_merge_user(image_conf->spec->config->user, custom_spec);
oci_image_merge_user(image_conf->spec->config->user, container_spec);
if (oci_image_merge_volumes(image_conf->spec->config, oci_spec) != 0) {
ret = -1;
goto out;
}
// ignore volumes now
}
if (oci_image_merge_health_check(image_conf->healthcheck, custom_spec) != 0) {
if (oci_image_merge_health_check(image_conf->healthcheck, container_spec) != 0) {
ret = -1;
goto out;
}

5
src/image/oci/oci_config_merge.h
View File

@ -17,15 +17,14 @@
#define __OCI_IMAGE_MERGE_CONFIG_H_
#include "imagetool_image.h"
#include "container_custom_config.h"
#include "oci_runtime_spec.h"
#include "container_config.h"
#ifdef __cplusplus
extern "C" {
#endif
int oci_image_merge_config(imagetool_image *image_conf, oci_runtime_spec *oci_spec,
container_custom_config *custom_spec);
int oci_image_merge_config(imagetool_image *image_conf, container_config *container_spec);
#ifdef __cplusplus
}

9
src/json/schema/schema/container/conf-request.json
View File

@ -1,9 +0,0 @@
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"container_id": {
"type": "string"
}
}
}

21
src/json/schema/schema/container/conf-response.json
View File

@ -1,21 +0,0 @@
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"container_logpath": {
"type": "string"
},
"container_logsize": {
"type": "string"
},
"container_logrotate": {
"type": "uint32"
},
"cc": {
"type": "uint32"
},
"errmsg": {
"type": "string"
}
}
}

26
src/json/schema/schema/container/config.json
View File

@ -88,6 +88,32 @@
},
"HealthCheck": {
"$ref": "../defs.json#/definitions/HealthCheck"
},
"SystemContainer": {
"type": "boolean"
},
"NsChangeOpt": {
"type": "string"
},
"Mounts": {
"type": "array",
"items": {
"type": "string"
}
},
"LogConfig": {
"type": "object",
"properties": {
"log_file": {
"type": "string"
},
"log_file_size": {
"type": "string"
},
"log_file_rotate": {
"type": "uint64"
}
}
}
},
"required": [

83
src/json/schema/schema/container/custom-config.json
View File

@ -1,83 +0,0 @@
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"Env": {
"type": "array",
"items": {
"type": "string"
}
},
"Hostname": {
"type": "string"
},
"User": {
"type": "string"
},
"AttachStdin": {
"type": "boolean"
},
"AttachStdout": {
"type": "boolean"
},
"AttachStderr": {
"type": "boolean"
},
"Tty": {
"type": "boolean"
},
"OpenStdin": {
"type": "boolean"
},
"SystemContainer": {
"type": "boolean"
},
"NsChangeOpt": {
"type": "string"
},
"Mounts": {
"type": "array",
"items": {
"type": "string"
}
},
"Entrypoint": {
"type": "array",
"items": {
"type": "string"
}
},
"Labels": {
"$ref": "../defs.json#/definitions/mapStringString"
},
"Cmd": {
"$ref": "../defs.json#/definitions/ArrayOfStrings"
},
"annotations": {
"$ref": "../defs.json#/definitions/mapStringString"
},
"WorkingDir": {
"type": "string"
},
"Entrypoint": {
"$ref": "../defs.json#/definitions/ArrayOfStrings"
},
"LogConfig": {
"type": "object",
"properties": {
"log_file": {
"type": "string"
},
"log_file_size": {
"type": "string"
},
"log_file_rotate": {
"type": "uint64"
}
}
},
"HealthCheck": {
"$ref": "../defs.json#/definitions/HealthCheck"
}
}
}

9
src/json/schema/schema/container/info.json
View File

@ -8,15 +8,6 @@
"image_type": {
"type": "string"
},
"pid": {
"type": "int32"
},
"has_pid": {
"type": "boolean"
},
"status": {
"type": "integer"
},
"pids_current": {
"type": "uint64"
},

3
src/json/schema/schema/container/stats-request.json
View File

@ -5,9 +5,6 @@
"filters": {
"$ref": "../defs.json#/definitions/filters"
},
"runtime": {
"type": "string"
},
"containers": {
"$ref": "../defs.json#/definitions/ArrayOfStrings"
},

698
src/json/schema/schema/defs.json
View File

@ -303,6 +303,702 @@
"$ref": "#/definitions/mapStringBool"
}
}
}
},
"any": {
"type": "object",
"properties": {
"type_url": {
"type": "string"
},
"value": {
"type": "array",
"items": {
"type": "byte"
}
}
}
},
"zone": {
"type": "object",
"properties": {
"name": {
"type":"string"
},
"offset": {
"$ref": "#/definitions/uint8"
},
"isDST": {
"type": "boolean"
}
}
},
"zoneTrans": {
"type": "object",
"properties": {
"wnen": {
"$ref": "#/definitions/int64"
},
"index": {
"$ref": "#/definitions/uint8"
},
"isstd": {
"type": "boolean"
},
"isutc": {
"type": "boolean"
}
}
},
"location": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"zone": {
"type": "array",
"items": {
"$ref": "#/definitions/zone"
}
},
"tx": {
"type": "array",
"items": {
"$ref": "#/definitions/zoneTrans"
}
},
"cacheStart": {
"$ref": "#/definitions/int64"
},
"cacheEnd": {
"$ref": "#/definitions/int64"
},
"cacheZone": {
"$ref": "#/definitions/zone"
}
}
},
"time": {
"type": "object",
"properties": {
"wall": {
"$ref": "#/definitions/uint64"
},
"ext": {
"$ref": "#/definitions/int64"
},
"loc": {
"$ref": "#/definitions/location"
}
}
},
"RootfsPropagation": {
"type": "string",
"enum": [
"private",
"shared",
"slave",
"unbindable"
]
},
"SeccompArch": {
"type": "string",
"enum": [
"SCMP_ARCH_X86",
"SCMP_ARCH_X86_64",
"SCMP_ARCH_X32",
"SCMP_ARCH_ARM",
"SCMP_ARCH_AARCH64",
"SCMP_ARCH_MIPS",
"SCMP_ARCH_MIPS64",
"SCMP_ARCH_MIPS64N32",
"SCMP_ARCH_MIPSEL",
"SCMP_ARCH_MIPSEL64",
"SCMP_ARCH_MIPSEL64N32",
"SCMP_ARCH_PPC",
"SCMP_ARCH_PPC64",
"SCMP_ARCH_PPC64LE",
"SCMP_ARCH_S390",
"SCMP_ARCH_S390X",
"SCMP_ARCH_PARISC",
"SCMP_ARCH_PARISC64"
]
},
"SeccompAction": {
"type": "string",
"enum": [
"SCMP_ACT_KILL",
"SCMP_ACT_TRAP",
"SCMP_ACT_ERRNO",
"SCMP_ACT_TRACE",
"SCMP_ACT_ALLOW"
]
},
"SeccompOperators": {
"type": "string",
"enum": [
"SCMP_CMP_NE",
"SCMP_CMP_LT",
"SCMP_CMP_LE",
"SCMP_CMP_EQ",
"SCMP_CMP_GE",
"SCMP_CMP_GT",
"SCMP_CMP_MASKED_EQ"
]
},
"SyscallArg": {
"type": "object",
"properties": {
"index": {
"$ref": "#/definitions/uint32"
},
"value": {
"$ref": "#/definitions/uint64"
},
"valueTwo": {
"$ref": "#/definitions/uint64"
},
"op": {
"$ref": "#/definitions/SeccompOperators"
}
},
"required": [
"index",
"value",
"op"
]
},
"Syscall": {
"type": "object",
"properties": {
"names": {
"type": "array",
"items": {
"type": "string"
},
"minItems": 1
},
"action": {
"$ref": "#/definitions/SeccompAction"
},
"args": {
"type": "array",
"items": {
"$ref": "#/definitions/SyscallArg"
}
}
},
"required": [
"names",
"action"
]
},
"Major": {
"description": "major device number",
"$ref": "#/definitions/int64"
},
"Minor": {
"description": "minor device number",
"$ref": "#/definitions/int64"
},
"FileMode": {
"description": "File permissions mode (typically an octal value)",
"type": "integer",
"minimum": 0,
"maximum": 512
},
"FileType": {
"description": "Type of a block or special character device",
"type": "string",
"pattern": "^[cbup]$"
},
"Device": {
"type": "object",
"required": [
"type",
"path"
],
"properties": {
"type": {
"$ref": "#/definitions/FileType"
},
"path": {
"$ref": "#/definitions/FilePath"
},
"fileMode": {
"$ref": "#/definitions/FileMode"
},
"major": {
"$ref": "#/definitions/Major"
},
"minor": {
"$ref": "#/definitions/Minor"
},
"uid": {
"$ref": "#/definitions/UID"
},
"gid": {
"$ref": "#/definitions/GID"
}
}
},
"weight": {
"type": "integer"
},
"blockIODevice": {
"type": "object",
"properties": {
"major": {
"$ref": "#/definitions/Major"
},
"minor": {
"$ref": "#/definitions/Minor"
}
},
"required": [
"major",
"minor"
]
},
"blockIODeviceWeight": {
"type": "object",
"allOf": [
{
"$ref": "#/definitions/blockIODevice"
},
{
"type": "object",
"properties": {
"weight": {
"$ref": "#/definitions/weight"
},
"leafWeight": {
"$ref": "#/definitions/weight"
}
}
}
]
},
"blockIODeviceThrottle": {
"allOf": [
{
"$ref": "#/definitions/blockIODevice"
},
{
"type": "object",
"properties": {
"rate": {
"$ref": "#/definitions/uint64"
}
}
}
]
},
"DeviceCgroup": {
"type": "object",
"properties": {
"allow": {
"type": "boolean"
},
"type": {
"type": "string"
},
"major": {
"$ref": "#/definitions/Major"
},
"minor": {
"$ref": "#/definitions/Minor"
},
"access": {
"type": "string"
}
},
"required": [
"allow"
]
},
"NetworkInterfacePriority": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"priority": {
"$ref": "#/definitions/uint32"
}
},
"required": [
"name",
"priority"
]
},
"NamespaceType": {
"type": "string",
"enum": [
"mount",
"pid",
"network",
"uts",
"ipc",
"user",
"cgroup"
]
},
"NamespaceReference": {
"type": "object",
"properties": {
"type": {
"$ref": "#/definitions/NamespaceType"
},
"path": {
"$ref": "#/definitions/FilePath"
}
},
"required": [
"type"
]
},
"processInfo": {
"type": "object",
"properties": {
"pid": {
"$ref": "#/definitions/uint32"
},
"info": {
"$ref": "#/definitions/any"
}
}
},
"process": {
"id": "https://opencontainers.org/schema/bundle/process",
"type": "object",
"required": [
"cwd",
"args"
],
"properties": {
"args": {
"id": "https://opencontainers.org/schema/bundle/process/args",
"$ref": "#/definitions/ArrayOfStrings"
},
"consoleSize": {
"id": "https://opencontainers.org/schema/bundle/process/consoleSize",
"type": "object",
"required": [
"height",
"width"
],
"properties": {
"height": {
"id": "https://opencontainers.org/schema/bundle/process/consoleSize/height",
"$ref": "#/definitions/uint64"
},
"width": {
"id": "https://opencontainers.org/schema/bundle/process/consoleSize/width",
"$ref": "#/definitions/uint64"
}
}
},
"cwd": {
"id": "https://opencontainers.org/schema/bundle/process/cwd",
"type": "string"
},
"env": {
"id": "https://opencontainers.org/schema/bundle/process/env",
"$ref": "#/definitions/Env"
},
"terminal": {
"id": "https://opencontainers.org/schema/bundle/process/terminal",
"type": "boolean"
},
"user": {
"id": "https://opencontainers.org/schema/bundle/process/user",
"type": "object",
"properties": {
"uid": {
"id": "https://opencontainers.org/schema/bundle/process/user/uid",
"$ref": "#/definitions/UID"
},
"gid": {
"id": "https://opencontainers.org/schema/bundle/process/user/gid",
"$ref": "#/definitions/GID"
},
"additionalGids": {
"id": "https://opencontainers.org/schema/bundle/process/user/additionalGids",
"$ref": "#/definitions/ArrayOfGIDs"
},
"username": {
"id": "https://opencontainers.org/schema/bundle/process/user/username",
"type": "string"
}
}
},
"capabilities": {
"id": "https://opencontainers.org/schema/bundle/process/linux/capabilities",
"type": "object",
"properties": {
"bounding": {
"id": "https://opencontainers.org/schema/bundle/process/linux/capabilities/bounding",
"type": "array",
"items": {
"type": "string"
}
},
"permitted": {
"id": "https://opencontainers.org/schema/bundle/process/linux/capabilities/permitted",
"type": "array",
"items": {
"type": "string"
}
},
"effective": {
"id": "https://opencontainers.org/schema/bundle/process/linux/capabilities/effective",
"type": "array",
"items": {
"type": "string"
}
},
"inheritable": {
"id": "https://opencontainers.org/schema/bundle/process/linux/capabilities/inheritable",
"type": "array",
"items": {
"type": "string"
}
},
"ambient": {
"id": "https://opencontainers.org/schema/bundle/process/linux/capabilities/ambient",
"type": "array",
"items": {
"type": "string"
}
}
}
},
"apparmorProfile": {
"id": "https://opencontainers.org/schema/bundle/process/linux/apparmorProfile",
"type": "string"
},
"oomScoreAdj": {
"id": "https://opencontainers.org/schema/bundle/process/linux/oomScoreAdj",
"type": "integer"
},
"selinuxLabel": {
"id": "https://opencontainers.org/schema/bundle/process/linux/selinuxLabel",
"type": "string"
},
"noNewPrivileges": {
"id": "https://opencontainers.org/schema/bundle/process/linux/noNewPrivileges",
"type": "boolean"
},
"rlimits": {
"id": "https://opencontainers.org/schema/bundle/linux/rlimits",
"type": "array",
"items": {
"id": "https://opencontainers.org/schema/bundle/linux/rlimits/0",
"type": "object",
"required": [
"type",
"soft",
"hard"
],
"properties": {
"hard": {
"id": "https://opencontainers.org/schema/bundle/linux/rlimits/0/hard",
"$ref": "#/definitions/uint64"
},
"soft": {
"id": "https://opencontainers.org/schema/bundle/linux/rlimits/0/soft",
"$ref": "#/definitions/uint64"
},
"type": {
"id": "https://opencontainers.org/schema/bundle/linux/rlimits/0/type",
"type": "string",
"pattern": "^RLIMIT_[A-Z]+$"
}
}
}
}
}
},
"resources": {
"id": "https://opencontainers.org/schema/bundle/linux/resources",
"type": "object",
"properties": {
"devices": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/devices",
"type": "array",
"items": {
"$ref": "#/definitions/DeviceCgroup"
}
},
"pids": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/pids",
"type": "object",
"properties": {
"limit": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/pids/limit",
"$ref": "#/definitions/int64"
}
},
"required": [
"limit"
]
},
"blockIO": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO",
"type": "object",
"properties": {
"weight": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/weight",
"$ref": "#/definitions/weight"
},
"leafWeight": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/leafWeight",
"$ref": "#/definitions/weight"
},
"throttleReadBpsDevice": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/throttleReadBpsDevice",
"type": "array",
"items": {
"$ref": "#/definitions/blockIODeviceThrottle"
}
},
"throttleWriteBpsDevice": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/throttleWriteBpsDevice",
"type": "array",
"items": {
"$ref": "#/definitions/blockIODeviceThrottle"
}
},
"throttleReadIOPSDevice": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/throttleReadIOPSDevice",
"type": "array",
"items": {
"$ref": "#/definitions/blockIODeviceThrottle"
}
},
"throttleWriteIOPSDevice": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/throttleWriteIOPSDevice",
"type": "array",
"items": {
"$ref": "#/definitions/blockIODeviceThrottle"
}
},
"weightDevice": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/weightDevice",
"type": "array",
"items": {
"$ref": "#/definitions/blockIODeviceWeight"
}
}
}
},
"cpu": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/cpu",
"type": "object",
"properties": {
"cpus": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/cpus",
"type": "string"
},
"mems": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/mems",
"type": "string"
},
"period": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/period",
"$ref": "#/definitions/uint64"
},
"quota": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/quota",
"$ref": "#/definitions/int64"
},
"realtimePeriod": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/realtimePeriod",
"$ref": "#/definitions/uint64"
},
"realtimeRuntime": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/realtimeRuntime",
"$ref": "#/definitions/int64"
},
"shares": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/shares",
"$ref": "#/definitions/uint64"
}
}
},
"hugepageLimits": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/hugepageLimits",
"type": "array",
"items": {
"type": "object",
"properties": {
"pageSize": {
"type": "string"
},
"limit": {
"$ref": "#/definitions/uint64"
}
},
"required": [
"pageSize",
"limit"
]
}
},
"memory": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/memory",
"type": "object",
"properties": {
"kernel": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/memory/kernel",
"$ref": "#/definitions/int64"
},
"kernelTCP": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/memory/kernelTCP",
"$ref": "#/definitions/int64"
},
"limit": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/memory/limit",
"$ref": "#/definitions/int64"
},
"reservation": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/memory/reservation",
"$ref": "#/definitions/int64"
},
"swap": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/memory/swap",
"$ref": "#/definitions/int64"
},
"swappiness": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/memory/swappiness",
"$ref": "#/definitions/uint64"
},
"disableOOMKiller": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/memory/disableOOMKiller",
"type": "boolean"
}
}
},
"network": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/network",
"type": "object",
"properties": {
"classID": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/network/classId",
"$ref": "#/definitions/uint32"
},
"priorities": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/network/priorities",
"type": "array",
"items": {
"$ref": "#/definitions/NetworkInterfacePriority"
}
}
}
}
}
}
}
}

12
src/json/schema/schema/docker/seccomp.json
View File

@ -13,12 +13,12 @@
"type": "object",
"properties": {
"architecture": {
"$ref": "../oci/runtime/defs-linux.json#/definitions/SeccompArch"
"$ref": "../defs.json#/definitions/SeccompArch"
},
"subArchitectures": {
"type": "array",
"items": {
"$ref": "../oci/runtime/defs-linux.json#/definitions/SeccompArch"
"$ref": "../defs.json#/definitions/SeccompArch"
}
}
}
@ -38,7 +38,7 @@
"minItems": 1
},
"action": {
"$ref": "../oci/runtime/defs-linux.json#/definitions/SeccompAction"
"$ref": "../defs.json#/definitions/SeccompAction"
},
"args": {
"type": "array",
@ -55,7 +55,7 @@
"$ref": "../defs.json#/definitions/uint64"
},
"op": {
"$ref": "../oci/runtime/defs-linux.json#/definitions/SeccompOperators"
"$ref": "../defs.json#/definitions/SeccompOperators"
}
},
"required": [
@ -74,7 +74,7 @@
"arches": {
"type": "array",
"items": {
"$ref": "../oci/runtime/defs-linux.json#/definitions/SeccompArch"
"$ref": "../defs.json#/definitions/SeccompArch"
}
},
"caps": {
@ -91,7 +91,7 @@
"arches": {
"type": "array",
"items": {
"$ref": "../oci/runtime/defs-linux.json#/definitions/SeccompArch"
"$ref": "../defs.json#/definitions/SeccompArch"
}
},
"caps": {

192
src/json/schema/schema/oci/runtime/config-linux.json
View File

@ -8,7 +8,7 @@
"id": "https://opencontainers.org/schema/bundle/linux/devices",
"type": "array",
"items": {
"$ref": "defs-linux.json#/definitions/Device"
"$ref": "../../defs.json#/definitions/Device"
}
},
"uidMappings": {
@ -31,197 +31,21 @@
"items": {
"anyOf": [
{
"$ref": "defs-linux.json#/definitions/NamespaceReference"
"$ref": "../../defs.json#/definitions/NamespaceReference"
}
]
}
},
"resources": {
"id": "https://opencontainers.org/schema/bundle/linux/resources",
"type": "object",
"properties": {
"devices": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/devices",
"type": "array",
"items": {
"$ref": "defs-linux.json#/definitions/DeviceCgroup"
}
},
"pids": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/pids",
"type": "object",
"properties": {
"limit": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/pids/limit",
"$ref": "../../defs.json#/definitions/int64"
}
},
"required": [
"limit"
]
},
"blockIO": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO",
"type": "object",
"properties": {
"weight": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/weight",
"$ref": "defs-linux.json#/definitions/weight"
},
"leafWeight": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/leafWeight",
"$ref": "defs-linux.json#/definitions/weight"
},
"throttleReadBpsDevice": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/throttleReadBpsDevice",
"type": "array",
"items": {
"$ref": "defs-linux.json#/definitions/blockIODeviceThrottle"
}
},
"throttleWriteBpsDevice": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/throttleWriteBpsDevice",
"type": "array",
"items": {
"$ref": "defs-linux.json#/definitions/blockIODeviceThrottle"
}
},
"throttleReadIOPSDevice": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/throttleReadIOPSDevice",
"type": "array",
"items": {
"$ref": "defs-linux.json#/definitions/blockIODeviceThrottle"
}
},
"throttleWriteIOPSDevice": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/throttleWriteIOPSDevice",
"type": "array",
"items": {
"$ref": "defs-linux.json#/definitions/blockIODeviceThrottle"
}
},
"weightDevice": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/weightDevice",
"type": "array",
"items": {
"$ref": "defs-linux.json#/definitions/blockIODeviceWeight"
}
}
}
},
"cpu": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/cpu",
"type": "object",
"properties": {
"cpus": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/cpus",
"type": "string"
},
"mems": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/mems",
"type": "string"
},
"period": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/period",
"$ref": "../../defs.json#/definitions/uint64"
},
"quota": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/quota",
"$ref": "../../defs.json#/definitions/int64"
},
"realtimePeriod": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/realtimePeriod",
"$ref": "../../defs.json#/definitions/uint64"
},
"realtimeRuntime": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/realtimeRuntime",
"$ref": "../../defs.json#/definitions/int64"
},
"shares": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/shares",
"$ref": "../../defs.json#/definitions/uint64"
}
}
},
"hugepageLimits": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/hugepageLimits",
"type": "array",
"items": {
"type": "object",
"properties": {
"pageSize": {
"type": "string"
},
"limit": {
"$ref": "../../defs.json#/definitions/uint64"
}
},
"required": [
"pageSize",
"limit"
]
}
},
"memory": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/memory",
"type": "object",
"properties": {
"kernel": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/memory/kernel",
"$ref": "../../defs.json#/definitions/int64"
},
"kernelTCP": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/memory/kernelTCP",
"$ref": "../../defs.json#/definitions/int64"
},
"limit": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/memory/limit",
"$ref": "../../defs.json#/definitions/int64"
},
"reservation": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/memory/reservation",
"$ref": "../../defs.json#/definitions/int64"
},
"swap": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/memory/swap",
"$ref": "../../defs.json#/definitions/int64"
},
"swappiness": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/memory/swappiness",
"$ref": "../../defs.json#/definitions/uint64"
},
"disableOOMKiller": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/memory/disableOOMKiller",
"type": "boolean"
}
}
},
"network": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/network",
"type": "object",
"properties": {
"classID": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/network/classId",
"$ref": "../../defs.json#/definitions/uint32"
},
"priorities": {
"id": "https://opencontainers.org/schema/bundle/linux/resources/network/priorities",
"type": "array",
"items": {
"$ref": "defs-linux.json#/definitions/NetworkInterfacePriority"
}
}
}
}
}
},
"resources": {
"$ref": "../../defs.json#/definitions/resources"
},
"cgroupsPath": {
"id": "https://opencontainers.org/schema/bundle/linux/cgroupsPath",
"type": "string"
},
"rootfsPropagation": {
"id": "https://opencontainers.org/schema/bundle/linux/rootfsPropagation",
"$ref": "defs-linux.json#/definitions/RootfsPropagation"
"$ref": "../../defs.json#/definitions/RootfsPropagation"
},
"seccomp": {
"id": "https://opencontainers.org/schema/bundle/linux/seccomp",
@ -235,14 +59,14 @@
"id": "https://opencontainers.org/schema/bundle/linux/seccomp/architectures",
"type": "array",
"items": {
"$ref": "defs-linux.json#/definitions/SeccompArch"
"$ref": "../../defs.json#/definitions/SeccompArch"
}
},
"syscalls": {
"id": "https://opencontainers.org/schema/bundle/linux/seccomp/syscalls",
"type": "array",
"items": {
"$ref": "defs-linux.json#/definitions/Syscall"
"$ref": "../../defs.json#/definitions/Syscall"
}
}
},

270
src/json/schema/schema/oci/runtime/defs-linux.json
View File

@ -1,270 +0,0 @@
{
"definitions": {
"RootfsPropagation": {
"type": "string",
"enum": [
"private",
"shared",
"slave",
"unbindable"
]
},
"SeccompArch": {
"type": "string",
"enum": [
"SCMP_ARCH_X86",
"SCMP_ARCH_X86_64",
"SCMP_ARCH_X32",
"SCMP_ARCH_ARM",
"SCMP_ARCH_AARCH64",
"SCMP_ARCH_MIPS",
"SCMP_ARCH_MIPS64",
"SCMP_ARCH_MIPS64N32",
"SCMP_ARCH_MIPSEL",
"SCMP_ARCH_MIPSEL64",
"SCMP_ARCH_MIPSEL64N32",
"SCMP_ARCH_PPC",
"SCMP_ARCH_PPC64",
"SCMP_ARCH_PPC64LE",
"SCMP_ARCH_S390",
"SCMP_ARCH_S390X",
"SCMP_ARCH_PARISC",
"SCMP_ARCH_PARISC64"
]
},
"SeccompAction": {
"type": "string",
"enum": [
"SCMP_ACT_KILL",
"SCMP_ACT_TRAP",
"SCMP_ACT_ERRNO",
"SCMP_ACT_TRACE",
"SCMP_ACT_ALLOW"
]
},
"SeccompOperators": {
"type": "string",
"enum": [
"SCMP_CMP_NE",
"SCMP_CMP_LT",
"SCMP_CMP_LE",
"SCMP_CMP_EQ",
"SCMP_CMP_GE",
"SCMP_CMP_GT",
"SCMP_CMP_MASKED_EQ"
]
},
"SyscallArg": {
"type": "object",
"properties": {
"index": {
"$ref": "../../defs.json#/definitions/uint32"
},
"value": {
"$ref": "../../defs.json#/definitions/uint64"
},
"valueTwo": {
"$ref": "../../defs.json#/definitions/uint64"
},
"op": {
"$ref": "#/definitions/SeccompOperators"
}
},
"required": [
"index",
"value",
"op"
]
},
"Syscall": {
"type": "object",
"properties": {
"names": {
"type": "array",
"items": {
"type": "string"
},
"minItems": 1
},
"action": {
"$ref": "#/definitions/SeccompAction"
},
"args": {
"type": "array",
"items": {
"$ref": "#/definitions/SyscallArg"
}
}
},
"required": [
"names",
"action"
]
},
"Major": {
"description": "major device number",
"$ref": "../../defs.json#/definitions/int64"
},
"Minor": {
"description": "minor device number",
"$ref": "../../defs.json#/definitions/int64"
},
"FileMode": {
"description": "File permissions mode (typically an octal value)",
"type": "integer",
"minimum": 0,
"maximum": 512
},
"FileType": {
"description": "Type of a block or special character device",
"type": "string",
"pattern": "^[cbup]$"
},
"Device": {
"type": "object",
"required": [
"type",
"path"
],
"properties": {
"type": {
"$ref": "#/definitions/FileType"
},
"path": {
"$ref": "../../defs.json#/definitions/FilePath"
},
"fileMode": {
"$ref": "#/definitions/FileMode"
},
"major": {
"$ref": "#/definitions/Major"
},
"minor": {
"$ref": "#/definitions/Minor"
},
"uid": {
"$ref": "../../defs.json#/definitions/UID"
},
"gid": {
"$ref": "../../defs.json#/definitions/GID"
}
}
},
"weight": {
"type": "integer"
},
"blockIODevice": {
"type": "object",
"properties": {
"major": {
"$ref": "#/definitions/Major"
},
"minor": {
"$ref": "#/definitions/Minor"
}
},
"required": [
"major",
"minor"
]
},
"blockIODeviceWeight": {
"type": "object",
"allOf": [
{
"$ref": "#/definitions/blockIODevice"
},
{
"type": "object",
"properties": {
"weight": {
"$ref": "#/definitions/weight"
},
"leafWeight": {
"$ref": "#/definitions/weight"
}
}
}
]
},
"blockIODeviceThrottle": {
"allOf": [
{
"$ref": "#/definitions/blockIODevice"
},
{
"type": "object",
"properties": {
"rate": {
"$ref": "../../defs.json#/definitions/uint64"
}
}
}
]
},
"DeviceCgroup": {
"type": "object",
"properties": {
"allow": {
"type": "boolean"
},
"type": {
"type": "string"
},
"major": {
"$ref": "#/definitions/Major"
},
"minor": {
"$ref": "#/definitions/Minor"
},
"access": {
"type": "string"
}
},
"required": [
"allow"
]
},
"NetworkInterfacePriority": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"priority": {
"$ref": "../../defs.json#/definitions/uint32"
}
},
"required": [
"name",
"priority"
]
},
"NamespaceType": {
"type": "string",
"enum": [
"mount",
"pid",
"network",
"uts",
"ipc",
"user",
"cgroup"
]
},
"NamespaceReference": {
"type": "object",
"properties": {
"type": {
"$ref": "#/definitions/NamespaceType"
},
"path": {
"$ref": "../../defs.json#/definitions/FilePath"
}
},
"required": [
"type"
]
}
}
}

2
src/json/schema/schema/oci/runtime/pspec.json
View File

@ -23,7 +23,7 @@
"id": "https://opencontainers.org/schema/bundle/linux/devices",
"type": "array",
"items": {
"$ref": "defs-linux.json#/definitions/Device"
"$ref": "../../defs.json#/definitions/Device"
}
},
"resources": {

150
src/json/schema/schema/oci/runtime/spec.json
View File

@ -56,155 +56,7 @@
}
},
"process": {
"id": "https://opencontainers.org/schema/bundle/process",
"type": "object",
"required": [
"cwd",
"args"
],
"properties": {
"args": {
"id": "https://opencontainers.org/schema/bundle/process/args",
"$ref": "../../defs.json#/definitions/ArrayOfStrings"
},
"consoleSize": {
"id": "https://opencontainers.org/schema/bundle/process/consoleSize",
"type": "object",
"required": [
"height",
"width"
],
"properties": {
"height": {
"id": "https://opencontainers.org/schema/bundle/process/consoleSize/height",
"$ref": "../../defs.json#/definitions/uint64"
},
"width": {
"id": "https://opencontainers.org/schema/bundle/process/consoleSize/width",
"$ref": "../../defs.json#/definitions/uint64"
}
}
},
"cwd": {
"id": "https://opencontainers.org/schema/bundle/process/cwd",
"type": "string"
},
"env": {
"id": "https://opencontainers.org/schema/bundle/process/env",
"$ref": "../../defs.json#/definitions/Env"
},
"terminal": {
"id": "https://opencontainers.org/schema/bundle/process/terminal",
"type": "boolean"
},
"user": {
"id": "https://opencontainers.org/schema/bundle/process/user",
"type": "object",
"properties": {
"uid": {
"id": "https://opencontainers.org/schema/bundle/process/user/uid",
"$ref": "../../defs.json#/definitions/UID"
},
"gid": {
"id": "https://opencontainers.org/schema/bundle/process/user/gid",
"$ref": "../../defs.json#/definitions/GID"
},
"additionalGids": {
"id": "https://opencontainers.org/schema/bundle/process/user/additionalGids",
"$ref": "../../defs.json#/definitions/ArrayOfGIDs"
},
"username": {
"id": "https://opencontainers.org/schema/bundle/process/user/username",
"type": "string"
}
}
},
"capabilities": {
"id": "https://opencontainers.org/schema/bundle/process/linux/capabilities",
"type": "object",
"properties": {
"bounding": {
"id": "https://opencontainers.org/schema/bundle/process/linux/capabilities/bounding",
"type": "array",
"items": {
"type": "string"
}
},
"permitted": {
"id": "https://opencontainers.org/schema/bundle/process/linux/capabilities/permitted",
"type": "array",
"items": {
"type": "string"
}
},
"effective": {
"id": "https://opencontainers.org/schema/bundle/process/linux/capabilities/effective",
"type": "array",
"items": {
"type": "string"
}
},
"inheritable": {
"id": "https://opencontainers.org/schema/bundle/process/linux/capabilities/inheritable",
"type": "array",
"items": {
"type": "string"
}
},
"ambient": {
"id": "https://opencontainers.org/schema/bundle/process/linux/capabilities/ambient",
"type": "array",
"items": {
"type": "string"
}
}
}
},
"apparmorProfile": {
"id": "https://opencontainers.org/schema/bundle/process/linux/apparmorProfile",
"type": "string"
},
"oomScoreAdj": {
"id": "https://opencontainers.org/schema/bundle/process/linux/oomScoreAdj",
"type": "integer"
},
"selinuxLabel": {
"id": "https://opencontainers.org/schema/bundle/process/linux/selinuxLabel",
"type": "string"
},
"noNewPrivileges": {
"id": "https://opencontainers.org/schema/bundle/process/linux/noNewPrivileges",
"type": "boolean"
},
"rlimits": {
"id": "https://opencontainers.org/schema/bundle/linux/rlimits",
"type": "array",
"items": {
"id": "https://opencontainers.org/schema/bundle/linux/rlimits/0",
"type": "object",
"required": [
"type",
"soft",
"hard"
],
"properties": {
"hard": {
"id": "https://opencontainers.org/schema/bundle/linux/rlimits/0/hard",
"$ref": "../../defs.json#/definitions/uint64"
},
"soft": {
"id": "https://opencontainers.org/schema/bundle/linux/rlimits/0/soft",
"$ref": "../../defs.json#/definitions/uint64"
},
"type": {
"id": "https://opencontainers.org/schema/bundle/linux/rlimits/0/type",
"type": "string",
"pattern": "^RLIMIT_[A-Z]+$"
}
}
}
}
}
"$ref": "../../defs.json#/definitions/process"
},
"linux": {
"$ref": "config-linux.json#/linux"

1
src/namespace.h
View File

@ -40,6 +40,7 @@
#define TYPE_NAMESPACE_CGROUP "cgroup"
#define ETC_HOSTS "/etc/hosts"
#define ETC_HOSTNAME "/etc/hostname"
#define RESOLV_CONF_PATH "/etc/resolv.conf"
static inline bool is_host(const char *mode)

138
src/pack_config.c
View File

@ -25,11 +25,11 @@
#include "log.h"
#include "pack_config.h"
#include "container_custom_config.h"
#include "host_config.h"
#include "utils.h"
#include "parse_common.h"
#include "path.h"
#include "container_config.h"
static bool parse_restart_policy(const char *policy, host_config_restart_policy **rp)
{
@ -1775,33 +1775,33 @@ out:
return ret;
}
static int pack_container_custom_config_log(container_custom_config *custom_spec,
static int pack_container_custom_config_log(container_config *container_spec,
const isula_container_config_t *custom_conf)
{
int ret = 0;
/* log config */
custom_spec->log_config = util_common_calloc_s(sizeof(container_custom_config_log_config));
if (custom_spec->log_config == NULL) {
container_spec->log_config = util_common_calloc_s(sizeof(container_config_log_config));
if (container_spec->log_config == NULL) {
ret = -1;
goto out;
}
if (custom_conf->log_file != NULL) {
custom_spec->log_config->log_file = util_strdup_s(custom_conf->log_file);
container_spec->log_config->log_file = util_strdup_s(custom_conf->log_file);
}
if (custom_conf->log_file_size != NULL) {
custom_spec->log_config->log_file_size = util_strdup_s(custom_conf->log_file_size);
container_spec->log_config->log_file_size = util_strdup_s(custom_conf->log_file_size);
}
if (custom_conf->log_file_rotate) {
custom_spec->log_config->log_file_rotate = custom_conf->log_file_rotate;
container_spec->log_config->log_file_rotate = custom_conf->log_file_rotate;
}
out:
return ret;
}
static int pack_container_custom_config_args(container_custom_config *custom_spec,
static int pack_container_custom_config_args(container_config *container_spec,
const isula_container_config_t *custom_conf)
{
int ret = 0;
@ -1809,13 +1809,13 @@ static int pack_container_custom_config_args(container_custom_config *custom_spe
/* entrypoint */
if (util_valid_str(custom_conf->entrypoint)) {
custom_spec->entrypoint = util_common_calloc_s(sizeof(char *));
if (custom_spec->entrypoint == NULL) {
container_spec->entrypoint = util_common_calloc_s(sizeof(char *));
if (container_spec->entrypoint == NULL) {
ret = -1;
goto out;
}
custom_spec->entrypoint[0] = util_strdup_s(custom_conf->entrypoint);
custom_spec->entrypoint_len++;
container_spec->entrypoint[0] = util_strdup_s(custom_conf->entrypoint);
container_spec->entrypoint_len++;
}
/* commands */
@ -1825,14 +1825,14 @@ static int pack_container_custom_config_args(container_custom_config *custom_spe
ret = -1;
goto out;
}
custom_spec->cmd = util_common_calloc_s(custom_conf->cmd_len * sizeof(char *));
if (custom_spec->cmd == NULL) {
container_spec->cmd = util_common_calloc_s(custom_conf->cmd_len * sizeof(char *));
if (container_spec->cmd == NULL) {
ret = -1;
goto out;
}
for (i = 0; i < (int)custom_conf->cmd_len; i++) {
custom_spec->cmd[custom_spec->cmd_len] = util_strdup_s(custom_conf->cmd[i]);
custom_spec->cmd_len++;
container_spec->cmd[container_spec->cmd_len] = util_strdup_s(custom_conf->cmd[i]);
container_spec->cmd_len++;
}
}
@ -1840,7 +1840,7 @@ out:
return ret;
}
static int pack_container_custom_config_mounts(container_custom_config *custom_spec,
static int pack_container_custom_config_mounts(container_config *container_spec,
const isula_container_config_t *custom_conf)
{
int ret = 0;
@ -1853,21 +1853,21 @@ static int pack_container_custom_config_mounts(container_custom_config *custom_s
ret = -1;
goto out;
}
custom_spec->mounts = util_common_calloc_s(custom_conf->mounts_len * sizeof(char *));
if (custom_spec->mounts == NULL) {
container_spec->mounts = util_common_calloc_s(custom_conf->mounts_len * sizeof(char *));
if (container_spec->mounts == NULL) {
ret = -1;
goto out;
}
for (i = 0; i < (int)custom_conf->mounts_len; i++) {
custom_spec->mounts[custom_spec->mounts_len] = util_strdup_s(custom_conf->mounts[i]);
custom_spec->mounts_len++;
container_spec->mounts[container_spec->mounts_len] = util_strdup_s(custom_conf->mounts[i]);
container_spec->mounts_len++;
}
}
out:
return ret;
}
static int pack_container_custom_config_array(container_custom_config *custom_spec,
static int pack_container_custom_config_array(container_config *container_spec,
const isula_container_config_t *custom_conf)
{
int ret = 0;
@ -1879,14 +1879,14 @@ static int pack_container_custom_config_array(container_custom_config *custom_sp
COMMAND_ERROR("Too many environment variables");
return -1;
}
custom_spec->env = util_common_calloc_s(custom_conf->env_len * sizeof(char *));
if (custom_spec->env == NULL) {
container_spec->env = util_common_calloc_s(custom_conf->env_len * sizeof(char *));
if (container_spec->env == NULL) {
ret = -1;
goto out;
}
for (i = 0; i < (int)custom_conf->env_len; i++) {
custom_spec->env[custom_spec->env_len] = util_strdup_s(custom_conf->env[i]);
custom_spec->env_len++;
container_spec->env[container_spec->env_len] = util_strdup_s(custom_conf->env[i]);
container_spec->env_len++;
}
}
@ -1907,7 +1907,7 @@ static bool have_health_check(const isula_container_config_t *custom_conf)
return have_health_settings;
}
static int pack_custom_no_health_check(container_custom_config *custom_spec, bool have_health_settings,
static int pack_custom_no_health_check(container_config *container_spec, bool have_health_settings,
defs_health_check *health_config)
{
int ret = 0;
@ -1923,13 +1923,13 @@ static int pack_custom_no_health_check(container_custom_config *custom_spec, boo
goto out;
}
health_config->test[health_config->test_len++] = util_strdup_s("NONE");
custom_spec->health_check = health_config;
container_spec->health_check = health_config;
out:
return ret;
}
static int pack_custom_with_health_check(container_custom_config *custom_spec,
static int pack_custom_with_health_check(container_config *container_spec,
const isula_container_config_t *custom_conf, bool have_health_settings,
defs_health_check *health_config)
{
@ -1953,23 +1953,23 @@ static int pack_custom_with_health_check(container_custom_config *custom_spec,
health_config->start_period = custom_conf->health_start_period;
health_config->retries = custom_conf->health_retries;
health_config->exit_on_unhealthy = custom_conf->exit_on_unhealthy;
if (custom_spec->health_check != NULL) {
free_defs_health_check(custom_spec->health_check);
if (container_spec->health_check != NULL) {
free_defs_health_check(container_spec->health_check);
}
custom_spec->health_check = health_config;
container_spec->health_check = health_config;
out:
return ret;
}
static int pack_container_custom_config_health(container_custom_config *custom_spec,
static int pack_container_custom_config_health(container_config *container_spec,
const isula_container_config_t *custom_conf)
{
int ret = 0;
bool have_health_settings = false;
defs_health_check *health_config = NULL;
if (custom_spec == NULL || custom_conf == NULL) {
if (container_spec == NULL || custom_conf == NULL) {
return 0;
}
@ -1982,12 +1982,12 @@ static int pack_container_custom_config_health(container_custom_config *custom_s
}
if (custom_conf->no_healthcheck) {
ret = pack_custom_no_health_check(custom_spec, have_health_settings, health_config);
ret = pack_custom_no_health_check(container_spec, have_health_settings, health_config);
if (ret != 0) {
goto out;
}
} else if (have_health_settings) {
ret = pack_custom_with_health_check(custom_spec, custom_conf, have_health_settings, health_config);
ret = pack_custom_with_health_check(container_spec, custom_conf, have_health_settings, health_config);
if (ret != 0) {
goto out;
}
@ -2002,21 +2002,21 @@ out:
return ret;
}
static int pack_container_custom_config_annotation(container_custom_config *custom_spec,
static int pack_container_custom_config_annotation(container_config *container_spec,
const isula_container_config_t *custom_conf)
{
int ret = 0;
size_t j;
custom_spec->annotations = util_common_calloc_s(sizeof(json_map_string_string));
if (custom_spec->annotations == NULL) {
container_spec->annotations = util_common_calloc_s(sizeof(json_map_string_string));
if (container_spec->annotations == NULL) {
ERROR("Out of memory");
ret = -1;
goto out;
}
if (custom_conf->annotations != NULL) {
for (j = 0; j < custom_conf->annotations->len; j++) {
if (append_json_map_string_string(custom_spec->annotations, custom_conf->annotations->keys[j],
if (append_json_map_string_string(container_spec->annotations, custom_conf->annotations->keys[j],
custom_conf->annotations->values[j])) {
ERROR("Append map failed");
ret = -1;
@ -2028,32 +2028,32 @@ out:
return ret;
}
static int pack_container_custom_config_pre(container_custom_config *custom_spec,
static int pack_container_custom_config_pre(container_config *container_spec,
const isula_container_config_t *custom_conf)
{
int ret = 0;
ret = pack_container_custom_config_log(custom_spec, custom_conf);
ret = pack_container_custom_config_log(container_spec, custom_conf);
if (ret != 0) {
goto out;
}
ret = pack_container_custom_config_args(custom_spec, custom_conf);
ret = pack_container_custom_config_args(container_spec, custom_conf);
if (ret != 0) {
goto out;
}
ret = pack_container_custom_config_mounts(custom_spec, custom_conf);
ret = pack_container_custom_config_mounts(container_spec, custom_conf);
if (ret != 0) {
goto out;
}
ret = pack_container_custom_config_array(custom_spec, custom_conf);
ret = pack_container_custom_config_array(container_spec, custom_conf);
if (ret != 0) {
goto out;
}
ret = pack_container_custom_config_health(custom_spec, custom_conf);
ret = pack_container_custom_config_health(container_spec, custom_conf);
if (ret != 0) {
goto out;
}
@ -2062,75 +2062,75 @@ out:
}
/* translate create_custom_config to container_custom_config */
static int pack_container_custom_config(container_custom_config *custom_spec,
static int pack_container_custom_config(container_config *container_spec,
const isula_container_config_t *custom_conf)
{
int ret = -1;
if (custom_spec == NULL || custom_conf == NULL) {
if (container_spec == NULL || custom_conf == NULL) {
return ret;
}
ret = pack_container_custom_config_pre(custom_spec, custom_conf);
ret = pack_container_custom_config_pre(container_spec, custom_conf);
if (ret != 0) {
goto out;
}
if (custom_conf->hostname != NULL) {
custom_spec->hostname = util_strdup_s(custom_conf->hostname);
container_spec->hostname = util_strdup_s(custom_conf->hostname);
}
/* console config */
custom_spec->tty = custom_conf->tty;
custom_spec->open_stdin = custom_conf->open_stdin;
custom_spec->attach_stdin = custom_conf->attach_stdin;
custom_spec->attach_stdout = custom_conf->attach_stdout;
custom_spec->attach_stderr = custom_conf->attach_stderr;
container_spec->tty = custom_conf->tty;
container_spec->open_stdin = custom_conf->open_stdin;
container_spec->attach_stdin = custom_conf->attach_stdin;
container_spec->attach_stdout = custom_conf->attach_stdout;
container_spec->attach_stderr = custom_conf->attach_stderr;
/* user and group */
if (custom_conf->user != NULL) {
custom_spec->user = util_strdup_s(custom_conf->user);
container_spec->user = util_strdup_s(custom_conf->user);
}
/* settings for system container */
if (custom_conf->system_container) {
custom_spec->system_container = custom_conf->system_container;
container_spec->system_container = custom_conf->system_container;
}
if (custom_conf->ns_change_opt != NULL) {
custom_spec->ns_change_opt = util_strdup_s(custom_conf->ns_change_opt);
container_spec->ns_change_opt = util_strdup_s(custom_conf->ns_change_opt);
}
ret = pack_container_custom_config_annotation(custom_spec, custom_conf);
ret = pack_container_custom_config_annotation(container_spec, custom_conf);
if (ret != 0) {
goto out;
}
if (custom_conf->workdir != NULL) {
custom_spec->working_dir = util_strdup_s(custom_conf->workdir);
container_spec->working_dir = util_strdup_s(custom_conf->workdir);
}
out:
return ret;
}
int generate_container_config(const isula_container_config_t *custom_conf, char **custom_config_str)
int generate_container_config(const isula_container_config_t *custom_conf, char **container_config_str)
{
int ret = 0;
container_custom_config *custom_spec = NULL;
container_config *container_spec = NULL;
struct parser_context ctx = { OPT_GEN_SIMPLIFY, 0 };
parser_error err = NULL;
/* step 1: malloc the container_custom_config */
custom_spec = util_common_calloc_s(sizeof(container_custom_config));
if (custom_spec == NULL) {
/* step 1: malloc the container config */
container_spec = util_common_calloc_s(sizeof(container_config));
if (container_spec == NULL) {
ERROR("Memory out");
ret = -1;
goto out;
}
/* step 2: pack the container custom config */
ret = pack_container_custom_config(custom_spec, custom_conf);
ret = pack_container_custom_config(container_spec, custom_conf);
if (ret != 0) {
ERROR("Failed to pack the container custom config");
ret = -1;
@ -2138,15 +2138,15 @@ int generate_container_config(const isula_container_config_t *custom_conf, char
}
/* step 3: generate the config string */
*custom_config_str = container_custom_config_generate_json(custom_spec, &ctx, &err);
if (*custom_config_str == NULL) {
*container_config_str = container_config_generate_json(container_spec, &ctx, &err);
if (*container_config_str == NULL) {
ERROR("Failed to generate OCI specification json string");
ret = -1;
goto out;
}
out:
free_container_custom_config(custom_spec);
free_container_config(container_spec);
free(err);
return ret;

2
src/pack_config.h
View File

@ -24,7 +24,7 @@ extern "C" {
int generate_hostconfig(const isula_host_config_t *srcconfig, char **hostconfigstr);
int generate_container_config(const isula_container_config_t *custom_conf,
char **custom_config_str);
char **container_config_str);
#ifdef __cplusplus
}

34
src/plugin/plugin.c
View File

@ -211,7 +211,7 @@ static int set_env_enable_plugins(oci_runtime_spec *oci)
if (oci->process == NULL) {
ERROR("BUG oci->process should not be nil");
oci->process = util_common_calloc_s(sizeof(oci_runtime_spec_process));
oci->process = util_common_calloc_s(sizeof(defs_process));
if (oci->process == NULL) {
ERROR("out of memory");
goto failed;
@ -880,6 +880,7 @@ out:
int pm_activate_plugin(plugin_t *plugin)
{
int ret = 0;
int nret = 0;
plugin_activate_plugin_request reqs = { 0 };
char *body = NULL;
size_t body_len = 0;
@ -901,8 +902,8 @@ int pm_activate_plugin(plugin_t *plugin)
}
body_len = strlen(body) + 1;
ret = snprintf(socket, PATH_MAX, "unix://%s", plugin->addr);
if (ret < 0 || ret >= PATH_MAX) {
nret = snprintf(socket, PATH_MAX, "unix://%s", plugin->addr);
if (nret < 0 || nret >= PATH_MAX) {
ERROR("get plugin socket failed");
ret = -1;
goto out;
@ -1044,7 +1045,7 @@ static int pm_prepare_init_reqs(const plugin_t *plugin, plugin_init_plugin_reque
elem->status = get_status(cont);
ocic = read_oci_config(cont->root_path, elem->id);
ocic = load_oci_config(cont->root_path, elem->id);
if (ocic == NULL) {
ret = -1;
ERROR("read oci config failed");
@ -1073,6 +1074,7 @@ out:
static int pm_init_plugin(const plugin_t *plugin)
{
int ret = 0;
int nret = 0;
char **cnames = NULL;
size_t container_num = 0;
plugin_init_plugin_request reqs = { 0 };
@ -1127,8 +1129,8 @@ static int pm_init_plugin(const plugin_t *plugin)
}
body_len = strlen(body) + 1;
ret = snprintf(socket, PATH_MAX, "unix://%s", plugin->addr);
if (ret < 0 || ret >= PATH_MAX) {
nret = snprintf(socket, PATH_MAX, "unix://%s", plugin->addr);
if (nret < 0 || nret >= PATH_MAX) {
ERROR("get plugin socket failed %s", plugin->addr);
ret = -1;
goto out;
@ -1443,6 +1445,7 @@ out:
static int plugin_event_pre_create_handle(const plugin_t *plugin, const char *cid, char **base)
{
int ret = 0;
int nret = 0;
char *body = NULL;
size_t body_len = 0;
struct parser_context ctx = {
@ -1467,8 +1470,8 @@ static int plugin_event_pre_create_handle(const plugin_t *plugin, const char *ci
}
body_len = strlen(body) + 1;
ret = snprintf(socket, sizeof(socket), "unix://%s", plugin->addr);
if (ret < 0 || (size_t)ret >= sizeof(socket)) {
nret = snprintf(socket, sizeof(socket), "unix://%s", plugin->addr);
if (nret < 0 || (size_t)nret >= sizeof(socket)) {
ERROR("get plugin socket failed %s", plugin->addr);
ret = -1;
goto out;
@ -1618,6 +1621,7 @@ out:
static int plugin_event_pre_start_handle(const plugin_t *plugin, const char *cid)
{
int ret = 0;
int nret = 0;
char *body = NULL;
size_t body_len = 0;
struct parser_context ctx = {
@ -1639,8 +1643,8 @@ static int plugin_event_pre_start_handle(const plugin_t *plugin, const char *cid
}
body_len = strlen(body) + 1;
ret = snprintf(socket, sizeof(socket), "unix://%s", plugin->addr);
if (ret < 0 || (size_t)ret >= sizeof(socket)) {
nret = snprintf(socket, sizeof(socket), "unix://%s", plugin->addr);
if (nret < 0 || (size_t)nret >= sizeof(socket)) {
ERROR("get plugin socket failed %s", plugin->addr);
ret = -1;
goto out;
@ -1717,6 +1721,7 @@ out:
static int plugin_event_post_stop_handle(const plugin_t *plugin, const char *cid)
{
int ret = 0;
int nret = 0;
char *body = NULL;
size_t body_len = 0;
struct parser_context ctx = {
@ -1738,8 +1743,8 @@ static int plugin_event_post_stop_handle(const plugin_t *plugin, const char *cid
}
body_len = strlen(body) + 1;
ret = snprintf(socket, sizeof(socket), "unix://%s", plugin->addr);
if (ret < 0 || (size_t)ret >= sizeof(socket)) {
nret = snprintf(socket, sizeof(socket), "unix://%s", plugin->addr);
if (nret < 0 || (size_t)nret >= sizeof(socket)) {
ERROR("get plugin socket failed %s", plugin->addr);
ret = -1;
goto out;
@ -1815,6 +1820,7 @@ out:
static int plugin_event_post_remove_handle(const plugin_t *plugin, const char *cid)
{
int ret = 0;
int nret = 0;
char *body = NULL;
size_t body_len = 0;
struct parser_context ctx = {
@ -1836,8 +1842,8 @@ static int plugin_event_post_remove_handle(const plugin_t *plugin, const char *c
}
body_len = strlen(body) + 1;
ret = snprintf(socket, sizeof(socket), "unix://%s", plugin->addr);
if (ret < 0 || (size_t)ret >= sizeof(socket)) {
nret = snprintf(socket, sizeof(socket), "unix://%s", plugin->addr);
if (nret < 0 || (size_t)nret >= sizeof(socket)) {
ERROR("get plugin socket failed %s", plugin->addr);
ret = -1;
goto out;

18
src/plugin/pspec.c
View File

@ -72,7 +72,7 @@ static oci_runtime_pspec *raw_get_pspec(oci_runtime_spec *oci)
return NULL;
}
if (oci->linux->resources != NULL && pspec->resources == NULL) {
pspec->resources = util_common_calloc_s(sizeof(oci_runtime_config_linux_resources));
pspec->resources = util_common_calloc_s(sizeof(defs_resources));
if (pspec->resources == NULL) {
ERROR("Out of memory");
free_oci_runtime_pspec(pspec);
@ -85,10 +85,10 @@ static oci_runtime_pspec *raw_get_pspec(oci_runtime_spec *oci)
PPR_UPDATE(pspec, oci, mounts, mounts_len, free_defs_mount);
PPR_UPDATE(pspec, oci->process, env, env_len, free);
PPR_UPDATE(pspec, oci->linux, devices, devices_len, free_oci_runtime_defs_linux_device);
PPR_UPDATE(pspec, oci->linux, devices, devices_len, free_defs_device);
PPR_UPDATE(pspec->resources, oci->linux->resources, devices, devices_len,
free_oci_runtime_defs_linux_device_cgroup);
free_defs_device_cgroup);
return pspec;
}
@ -99,7 +99,7 @@ static void raw_set_pspec(oci_runtime_spec *oci, oci_runtime_pspec *pspec)
return;
}
if (pspec->resources != NULL && oci->linux->resources == NULL) {
oci->linux->resources = util_common_calloc_s(sizeof(oci_runtime_config_linux_resources));
oci->linux->resources = util_common_calloc_s(sizeof(defs_resources));
if (oci->linux->resources == NULL) {
ERROR("out of memory");
return;
@ -111,10 +111,10 @@ static void raw_set_pspec(oci_runtime_spec *oci, oci_runtime_pspec *pspec)
PPR_UPDATE(oci, pspec, mounts, mounts_len, free_defs_mount);
PPR_UPDATE(oci->process, pspec, env, env_len, free);
PPR_UPDATE(oci->linux, pspec, devices, devices_len, free_oci_runtime_defs_linux_device);
PPR_UPDATE(oci->linux, pspec, devices, devices_len, free_defs_device);
PPR_UPDATE(oci->linux->resources, pspec->resources, devices, devices_len,
free_oci_runtime_defs_linux_device_cgroup);
free_defs_device_cgroup);
}
char *get_pspec(oci_runtime_spec *oci)
@ -186,7 +186,7 @@ static void raw_update_pspec(oci_runtime_pspec *base, oci_runtime_pspec *new)
return;
}
if (new->resources != NULL && base->resources == NULL) {
base->resources = util_common_calloc_s(sizeof(oci_runtime_config_linux_resources));
base->resources = util_common_calloc_s(sizeof(defs_resources));
if (base->resources == NULL) {
ERROR("Out of memory");
return;
@ -198,9 +198,9 @@ static void raw_update_pspec(oci_runtime_pspec *base, oci_runtime_pspec *new)
PPR_UPDATE(base, new, mounts, mounts_len, free_defs_mount);
PPR_UPDATE(base, new, env, env_len, free);
PPR_UPDATE(base, new, devices, devices_len, free_oci_runtime_defs_linux_device);
PPR_UPDATE(base, new, devices, devices_len, free_defs_device);
PPR_UPDATE(base->resources, new->resources, devices, devices_len, free_oci_runtime_defs_linux_device_cgroup);
PPR_UPDATE(base->resources, new->resources, devices, devices_len, free_defs_device_cgroup);
}
char *merge_pspec(const char *base, const char *data)

64
src/runtime/lcr/lcr_rt_ops.c
View File

@ -55,7 +55,7 @@ int rt_lcr_create(const char *name, const char *runtime, const rt_create_params_
goto out;
}
if (!engine_ops->engine_create_op(name, runtime_root, params->real_rootfs, params->oci_config_data)) {
if (!engine_ops->engine_create_op(name, runtime_root, params->oci_config_data)) {
ERROR("Failed to create container");
const char *tmpmsg = NULL;
tmpmsg = engine_ops->engine_get_errmsg_op();
@ -127,10 +127,6 @@ int rt_lcr_start(const char *name, const char *runtime, const rt_start_params_t
request.start_timeout = params->start_timeout;
request.container_pidfile = params->container_pidfile;
request.exit_fifo = params->exit_fifo;
request.uid = params->puser->uid;
request.gid = params->puser->gid;
request.additional_gids = params->puser->additional_gids;
request.additional_gids_len = params->puser->additional_gids_len;
if (!engine_ops->engine_start_op(&request)) {
const char *tmpmsg = NULL;
@ -306,11 +302,51 @@ out:
}
return ret;
}
// user string(UID:GID)
static int generate_user_string_by_uid_gid(const defs_process_user *puser, char **user)
{
char uid_str[ISULAD_NUMSTRLEN32] = { 0 };
char gid_str[ISULAD_NUMSTRLEN32] = { 0 };
size_t len;
int nret = 0;
nret = snprintf(uid_str, ISULAD_NUMSTRLEN32, "%u", (unsigned int)puser->uid);
if (nret < 0 || nret >= ISULAD_NUMSTRLEN32) {
ERROR("Invalid UID:%u", (unsigned int)puser->uid);
return -1;
}
nret = snprintf(gid_str, ISULAD_NUMSTRLEN32, "%u", (unsigned int)puser->gid);
if (nret < 0 || nret >= ISULAD_NUMSTRLEN32) {
ERROR("Invalid attach uid value :%u", (unsigned int)puser->gid);
return -1;
}
len = strlen(uid_str) + 1 + strlen(gid_str) + 1;
*user = (char *)util_common_calloc_s(len * sizeof(char));
if (*user == NULL) {
ERROR("Out of memory");
return -1;
}
nret = snprintf(*user, len, "%u:%u", (unsigned int)puser->uid, (unsigned int)puser->gid);
if (nret < 0 || (size_t)nret >= len) {
ERROR("Invalid UID:GID (%u:%u)", (unsigned int)puser->uid, (unsigned int)puser->gid);
free(*user);
*user = NULL;
return -1;
}
return 0;
}
int rt_lcr_exec(const char *id, const char *runtime, const rt_exec_params_t *params, int *exit_code)
{
int ret = 0;
struct engine_operation *engine_ops = NULL;
engine_exec_request_t request = { 0 };
char *user = NULL;
engine_ops = engines_get_handler(runtime);
if (engine_ops == NULL || engine_ops->engine_exec_op == NULL) {
@ -323,14 +359,20 @@ int rt_lcr_exec(const char *id, const char *runtime, const rt_exec_params_t *par
request.lcrpath = params->rootpath;
request.logpath = params->logpath;
request.loglevel = params->loglevel;
request.args = (const char **)params->args;
request.args_len = params->args_len;
request.env = (const char **)params->envs;
request.env_len = params->envs_len;
request.args = (const char **)params->spec->args;
request.args_len = params->spec->args_len;
request.env = (const char **)params->spec->env;
request.env_len = params->spec->env_len;
request.console_fifos = params->console_fifos;
request.timeout = params->timeout;
request.user = params->user;
request.suffix = params->suffix;
if (params->spec->user != NULL) {
if (generate_user_string_by_uid_gid(params->spec->user, &user) != 0) {
ret = -1;
goto out;
}
request.user = user;
}
if (!engine_ops->engine_exec_op(&request, exit_code)) {
const char *tmpmsg = NULL;
@ -338,7 +380,6 @@ int rt_lcr_exec(const char *id, const char *runtime, const rt_exec_params_t *par
isulad_set_error_message("Exec container error;%s", (tmpmsg && strcmp(tmpmsg, DEF_SUCCESS_STR)) ?
tmpmsg : DEF_ERR_RUNTIME_STR);
util_contain_errmsg(g_isulad_errmsg, exit_code);
engine_ops->engine_clear_errmsg_op();
ret = -1;
goto out;
}
@ -347,6 +388,7 @@ out:
if (engine_ops != NULL) {
engine_ops->engine_clear_errmsg_op();
}
free(user);
return ret;
}

8
src/runtime/runtime.h
View File

@ -31,7 +31,6 @@ typedef struct _rt_create_params_t {
const char *rootfs;
const char *bundle;
const char *state;
const char *real_rootfs;
void *oci_config_data;
bool terminal;
const char *stdin;
@ -54,7 +53,6 @@ typedef struct _rt_start_params_t {
const char *container_pidfile;
const char *exit_fifo;
const oci_runtime_spec_process_user *puser;
} rt_start_params_t;
typedef struct _rt_restart_params_t {
@ -87,12 +85,8 @@ typedef struct _rt_exec_params_t {
const char *loglevel;
const char **console_fifos;
int64_t timeout;
const char *user;
const char * const *args;
size_t args_len;
const char * const *envs;
size_t envs_len;
const char *suffix;
defs_process *spec;
} rt_exec_params_t;
typedef struct _rt_pause_params_t {

18
src/services/cri/cri_container.cc
View File

@ -25,7 +25,6 @@
#include "log.h"
#include "utils.h"
#include "container_custom_config.h"
#include "timestamp.h"
#include "cri_helpers.h"
#include "path.h"
@ -115,12 +114,12 @@ void CRIRuntimeServiceImpl::GetContainerTimeStamps(container_inspect *inspect, i
}
}
container_custom_config *CRIRuntimeServiceImpl::GenerateCreateContainerCustomConfig(
container_config *CRIRuntimeServiceImpl::GenerateCreateContainerCustomConfig(
const std::string &realPodSandboxID, const runtime::v1alpha2::ContainerConfig &containerConfig,
const runtime::v1alpha2::PodSandboxConfig &podSandboxConfig, Errors &error)
{
container_custom_config *custom_config =
(container_custom_config *)util_common_calloc_s(sizeof(container_custom_config));
container_config *custom_config =
(container_config *)util_common_calloc_s(sizeof(container_config));
if (custom_config == nullptr) {
error.SetError("Out of memory");
goto cleanup;
@ -168,7 +167,7 @@ container_custom_config *CRIRuntimeServiceImpl::GenerateCreateContainerCustomCon
return custom_config;
cleanup:
free_container_custom_config(custom_config);
free_container_config(custom_config);
return nullptr;
}
@ -308,7 +307,7 @@ container_create_request *CRIRuntimeServiceImpl::GenerateCreateContainerRequest(
request->image = util_strdup_s(containerConfig.image().image().c_str());
}
container_custom_config *custom_config { nullptr };
container_config *custom_config { nullptr };
host_config *hostconfig = GenerateCreateContainerHostConfig(containerConfig, error);
if (error.NotEmpty()) {
@ -338,7 +337,7 @@ container_create_request *CRIRuntimeServiceImpl::GenerateCreateContainerRequest(
goto cleanup;
}
request->customconfig = container_custom_config_generate_json(custom_config, &ctx, &perror);
request->customconfig = container_config_generate_json(custom_config, &ctx, &perror);
if (request->customconfig == nullptr) {
error.Errorf("Failed to generate custom config json: %s", perror);
free_container_create_request(request);
@ -347,7 +346,7 @@ container_create_request *CRIRuntimeServiceImpl::GenerateCreateContainerRequest(
}
cleanup:
free_host_config(hostconfig);
free_container_custom_config(custom_config);
free_container_config(custom_config);
free(perror);
return request;
}
@ -396,7 +395,7 @@ cleanup:
}
void CRIRuntimeServiceImpl::MakeContainerConfig(const runtime::v1alpha2::ContainerConfig &config,
container_custom_config *cConfig, Errors &error)
container_config *cConfig, Errors &error)
{
if (config.command_size() > 0) {
if (static_cast<size_t>(config.command_size()) > SIZE_MAX / sizeof(char *)) {
@ -964,7 +963,6 @@ void CRIRuntimeServiceImpl::ListContainerStats(
goto cleanup;
}
request->all = true;
request->runtime = util_strdup_s(CRIHelpers::Constants::DEFAULT_RUNTIME_NAME.c_str());
request->filters = (defs_filters *)util_common_calloc_s(sizeof(defs_filters));
if (request->filters == nullptr) {

2
src/services/cri/cri_helpers.cc
View File

@ -418,7 +418,7 @@ std::unique_ptr<runtime::v1alpha2::PodSandbox> CheckpointToSandbox(const std::st
return result;
}
void UpdateCreateConfig(container_custom_config *createConfig, host_config *hc,
void UpdateCreateConfig(container_config *createConfig, host_config *hc,
const runtime::v1alpha2::ContainerConfig &config, const std::string &podSandboxID,
Errors &error)
{

2
src/services/cri/cri_helpers.h
View File

@ -90,7 +90,7 @@ std::unique_ptr<runtime::v1alpha2::PodSandbox> CheckpointToSandbox(const std::st
std::string StringsJoin(const std::vector<std::string> &vec, const std::string &sep);
void UpdateCreateConfig(container_custom_config *createConfig, host_config *hc,
void UpdateCreateConfig(container_config *createConfig, host_config *hc,
const runtime::v1alpha2::ContainerConfig &config, const std::string &podSandboxID,
Errors &error);

1
src/services/cri/cri_runtime_service.cc
View File

@ -26,7 +26,6 @@
#include "utils.h"
#include "config.h"
#include "host_config.h"
#include "container_custom_config.h"
#include "cri_helpers.h"
#include "network_plugin.h"
#include "container_inspect.h"

11
src/services/cri/cri_runtime_service.h
View File

@ -27,7 +27,6 @@
#include "callback.h"
#include "container_inspect.h"
#include "host_config.h"
#include "container_custom_config.h"
#include "errors.h"
#include "cri_image_service.h"
#include "cri_pod_network.h"
@ -168,12 +167,12 @@ private:
void ApplySandboxResources(const runtime::v1alpha2::LinuxPodSandboxConfig *lc, host_config *hc, Errors &error);
void ApplySandboxLinuxOptions(const runtime::v1alpha2::LinuxPodSandboxConfig &lc, host_config *hc,
container_custom_config *custom_config, Errors &error);
container_config *container_config, Errors &error);
void MakeSandboxIsuladConfig(const runtime::v1alpha2::PodSandboxConfig &c, host_config *hc,
container_custom_config *custom_config, Errors &error);
container_config *container_config, Errors &error);
void MakeContainerConfig(const runtime::v1alpha2::ContainerConfig &config, container_custom_config *cConfig,
void MakeContainerConfig(const runtime::v1alpha2::ContainerConfig &config, container_config *container_config,
Errors &error);
void GetContainerLogPath(const std::string &containerID, char **path, char **realPath, Errors &error);
@ -226,7 +225,7 @@ private:
host_config *hostconfig, Errors &error);
int PackCreateContainerHostConfigDevices(const runtime::v1alpha2::ContainerConfig &containerConfig,
host_config *hostconfig, Errors &error);
container_custom_config *
container_config *
GenerateCreateContainerCustomConfig(const std::string &realPodSandboxID,
const runtime::v1alpha2::ContainerConfig &containerConfig,
const runtime::v1alpha2::PodSandboxConfig &podSandboxConfig, Errors &error);
@ -253,7 +252,7 @@ private:
std::string &jsonCheckpoint, Errors &error);
container_create_request *PackCreateContainerRequest(const runtime::v1alpha2::PodSandboxConfig &config,
const std::string &image, host_config *hostconfig,
container_custom_config *custom_config, Errors &error);
container_config *container_config, Errors &error);
int GetRealSandboxIDToStop(const std::string &podSandboxID, bool &hostNetwork, std::string &name, std::string &ns,
std::string &realSandboxID, std::map<std::string, std::string> &stdAnnos, Errors &error);
int StopAllContainersInSandbox(const std::string &realSandboxID, Errors &error);

15
src/services/cri/cri_sandbox.cc
View File

@ -33,7 +33,6 @@
#include "naming.h"
#include "host_config.h"
#include "cri_helpers.h"
#include "container_custom_config.h"
#include "checkpoint_handler.h"
#include "cri_security_context.h"
@ -128,7 +127,7 @@ void CRIRuntimeServiceImpl::ApplySandboxResources(const runtime::v1alpha2::Linux
}
void CRIRuntimeServiceImpl::ApplySandboxLinuxOptions(const runtime::v1alpha2::LinuxPodSandboxConfig &lc,
host_config *hc, container_custom_config *custom_config,
host_config *hc, container_config *custom_config,
Errors &error)
{
CRISecurity::ApplySandboxSecurityContext(lc, custom_config, hc, error);
@ -202,7 +201,7 @@ void CRIRuntimeServiceImpl::MergeSecurityContextToHostConfig(const runtime::v1al
}
void CRIRuntimeServiceImpl::MakeSandboxIsuladConfig(const runtime::v1alpha2::PodSandboxConfig &c, host_config *hc,
container_custom_config *custom_config, Errors &error)
container_config *custom_config, Errors &error)
{
custom_config->labels = CRIHelpers::MakeLabels(c.labels(), error);
if (error.NotEmpty()) {
@ -311,7 +310,7 @@ void CRIRuntimeServiceImpl::SetupSandboxFiles(const std::string &resolvPath,
container_create_request *CRIRuntimeServiceImpl::PackCreateContainerRequest(
const runtime::v1alpha2::PodSandboxConfig &config,
const std::string &image, host_config *hostconfig,
container_custom_config *custom_config, Errors &error)
container_config *custom_config, Errors &error)
{
struct parser_context ctx = { OPT_GEN_SIMPLIFY, 0 };
parser_error perror = nullptr;
@ -332,7 +331,7 @@ container_create_request *CRIRuntimeServiceImpl::PackCreateContainerRequest(
error.Errorf("Failed to generate host config json: %s", perror);
goto error_out;
}
create_request->customconfig = container_custom_config_generate_json(custom_config, &ctx, &perror);
create_request->customconfig = container_config_generate_json(custom_config, &ctx, &perror);
if (create_request->customconfig == nullptr) {
error.Errorf("Failed to generate custom config json: %s", perror);
goto error_out;
@ -353,7 +352,7 @@ container_create_request *CRIRuntimeServiceImpl::GenerateSandboxCreateContainerR
{
container_create_request *create_request = nullptr;
host_config *hostconfig = nullptr;
container_custom_config *custom_config = nullptr;
container_config *custom_config = nullptr;
cri::PodSandboxCheckpoint checkpoint;
hostconfig = (host_config *)util_common_calloc_s(sizeof(host_config));
@ -362,7 +361,7 @@ container_create_request *CRIRuntimeServiceImpl::GenerateSandboxCreateContainerR
goto error_out;
}
custom_config = (container_custom_config *)util_common_calloc_s(sizeof(container_custom_config));
custom_config = (container_config *)util_common_calloc_s(sizeof(container_config));
if (custom_config == nullptr) {
error.SetError("Out of memory");
goto error_out;
@ -401,7 +400,7 @@ error_out:
create_request = nullptr;
cleanup:
free_host_config(hostconfig);
free_container_custom_config(custom_config);
free_container_config(custom_config);
return create_request;
}

6
src/services/cri/cri_security_context.cc
View File

@ -20,7 +20,7 @@
namespace CRISecurity {
static void ModifyContainerConfig(const runtime::v1alpha2::LinuxContainerSecurityContext &sc,
container_custom_config *config)
container_config *config)
{
if (sc.has_run_as_user()) {
free(config->user);
@ -195,7 +195,7 @@ static void ModifySandboxNamespaceOptions(const runtime::v1alpha2::NamespaceOpti
ModifyHostNetworkOptionForSandbox(nsOpts, hostConfig);
}
void ApplySandboxSecurityContext(const runtime::v1alpha2::LinuxPodSandboxConfig &lc, container_custom_config *config,
void ApplySandboxSecurityContext(const runtime::v1alpha2::LinuxPodSandboxConfig &lc, container_config *config,
host_config *hc, Errors &error)
{
std::unique_ptr<runtime::v1alpha2::LinuxContainerSecurityContext> sc(
@ -227,7 +227,7 @@ void ApplySandboxSecurityContext(const runtime::v1alpha2::LinuxPodSandboxConfig
}
void ApplyContainerSecurityContext(const runtime::v1alpha2::LinuxContainerConfig &lc, const std::string &podSandboxID,
container_custom_config *config, host_config *hc, Errors &error)
container_config *config, host_config *hc, Errors &error)
{
if (lc.has_security_context()) {
const runtime::v1alpha2::LinuxContainerSecurityContext &sc = lc.security_context();

6
src/services/cri/cri_security_context.h
View File

@ -18,15 +18,15 @@
#include <string>
#include "api.pb.h"
#include "errors.h"
#include "container_custom_config.h"
#include "host_config.h"
#include "container_config.h"
namespace CRISecurity {
void ApplySandboxSecurityContext(const runtime::v1alpha2::LinuxPodSandboxConfig &lc, container_custom_config *config,
void ApplySandboxSecurityContext(const runtime::v1alpha2::LinuxPodSandboxConfig &lc, container_config *config,
host_config *hc, Errors &error);
void ApplyContainerSecurityContext(const runtime::v1alpha2::LinuxContainerConfig &lc, const std::string &podSandboxID,
container_custom_config *config, host_config *hc, Errors &errorr);
container_config *config, host_config *hc, Errors &errorr);
} // namespace CRISecurity

91
src/services/execution/execute/execution.c
View File

@ -514,7 +514,7 @@ static int prepare_user_remap_config(const container_t *cont)
return 0;
}
static int generate_user_and_groups_conf(const container_t *cont, oci_runtime_spec_process_user **puser)
static int generate_user_and_groups_conf(const container_t *cont, defs_process_user **puser)
{
int ret = -1;
char *username = NULL;
@ -524,7 +524,7 @@ static int generate_user_and_groups_conf(const container_t *cont, oci_runtime_sp
return -1;
}
*puser = util_common_calloc_s(sizeof(oci_runtime_spec_process_user));
*puser = util_common_calloc_s(sizeof(defs_process_user));
if (*puser == NULL) {
ERROR("Out of memory");
return -1;
@ -534,11 +534,12 @@ static int generate_user_and_groups_conf(const container_t *cont, oci_runtime_sp
username = cont->common_config->config->user;
}
/* username may be NULL, we will handle it as UID 0 in get_user */
ret = im_get_user_conf(cont->common_config->image_type, cont->common_config->base_fs, cont->hostconfig, username,
*puser);
if (ret != 0) {
ERROR("Get user failed with '%s'", username ? username : "");
free_oci_runtime_spec_process_user(*puser);
free_defs_process_user(*puser);
*puser = NULL;
}
@ -678,6 +679,25 @@ static void clean_resources_on_failure(const container_t *cont, const char *engi
return;
}
static int renew_oci_config(const container_t *cont, const oci_runtime_spec *oci_spec)
{
int ret = 0;
defs_process_user *puser = NULL;
if (generate_user_and_groups_conf(cont, &puser) != 0) {
ret = -1;
goto out;
}
free_defs_process_user(oci_spec->process->user);
oci_spec->process->user = puser;
puser = NULL;
out:
free_defs_process_user(puser);
return ret;
}
static int do_start_container(container_t *cont, const char *console_fifos[], bool reset_rm,
container_pid_t *pid_info)
{
@ -692,11 +712,20 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo
char *logdriver = NULL;
char *exit_fifo = NULL;
char *pidfile = NULL;
oci_runtime_spec_process_user *puser = NULL;
char bundle[PATH_MAX] = { 0 };
const char *runtime = cont->runtime;
const char *id = cont->common_config->id;
oci_runtime_spec *oci_spec = NULL;
rt_create_params_t create_params = { 0 };
rt_start_params_t start_params = { 0 };
nret = snprintf(bundle, sizeof(bundle), "%s/%s", cont->root_path, id);
if (nret < 0 || (size_t)nret >= sizeof(bundle)) {
ERROR("Failed to print bundle string");
ret = -1;
goto out;
}
DEBUG("bd:%s, state:%s", bundle, cont->state_path);
if (mount_dev_tmpfs_for_system_container(cont) < 0) {
ret = -1;
goto out;
@ -730,6 +759,13 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo
goto out;
}
oci_spec = load_oci_config(cont->root_path, id);
if (oci_spec == NULL) {
ERROR("Failed to load oci config");
ret = -1;
goto close_exit_fd;
}
nret = im_mount_container_rootfs(cont->common_config->image_type, cont->common_config->image, id);
if (nret != 0) {
ERROR("Failed to mount rootfs for container %s", id);
@ -737,7 +773,31 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo
goto close_exit_fd;
}
if (generate_user_and_groups_conf(cont, &puser) != 0) {
if (renew_oci_config(cont, oci_spec) != 0) {
ret = -1;
goto close_exit_fd;
}
if (verify_container_settings_start(oci_spec) != 0) {
ret = -1;
goto close_exit_fd;
}
start_timeout = conf_get_start_timeout();
if (cont->common_config->config != NULL) {
tty = cont->common_config->config->tty;
open_stdin = cont->common_config->config->open_stdin;
}
create_params.bundle = bundle;
create_params.state = cont->state_path;
create_params.oci_config_data = oci_spec;
create_params.terminal = tty;
create_params.stdin = console_fifos[0];
create_params.stdout = console_fifos[1];
create_params.stderr = console_fifos[2];
if (runtime_create(id, runtime, &create_params) != 0) {
ret = -1;
goto close_exit_fd;
}
@ -749,17 +809,6 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo
goto close_exit_fd;
}
if (verify_container_settings_start(cont->root_path, id) != 0) {
ret = -1;
goto close_exit_fd;
}
start_timeout = conf_get_start_timeout();
if (cont->common_config->config != NULL) {
tty = cont->common_config->config->tty;
open_stdin = cont->common_config->config->open_stdin;
}
start_params.rootpath = cont->root_path;
start_params.tty = tty;
start_params.open_stdin = open_stdin;
@ -769,7 +818,6 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo
start_params.start_timeout = start_timeout;
start_params.container_pidfile = pidfile;
start_params.exit_fifo = exit_fifo;
start_params.puser = puser;
ret = runtime_start(id, runtime, &start_params, pid_info);
if (ret == 0) {
@ -788,13 +836,14 @@ close_exit_fd:
clean_resources:
clean_resources_on_failure(cont, engine_log_path, loglevel);
out:
free_oci_runtime_spec_process_user(puser);
free(loglevel);
free(engine_log_path);
free(logdriver);
free(exit_fifo);
free(pidfile);
free_oci_runtime_spec(oci_spec);
if (ret != 0) {
umount_rootfs_on_failure(cont);
(void)umount_dev_tmpfs_for_system_container(cont);
@ -1232,10 +1281,6 @@ static uint32_t stop_and_start(container_t *cont, int timeout)
goto out;
}
if (verify_container_settings_start(cont->root_path, id)) {
cc = ISULAD_ERR_EXEC;
goto out;
}
if (is_running(cont->state)) {
INFO("Container is already running");
goto out;
@ -1273,7 +1318,7 @@ static uint32_t do_restart_container(container_t *cont, int timeout)
if (ret == -1) {
container_state_set_error(cont->state, (const char *)g_isulad_errmsg);
return ISULAD_ERR_EXEC;
} else if (ret == -2) {
} else if (ret == RUNTIME_NOT_IMPLEMENT_RESET) {
/* runtime don't implement restart, use stop and start */
return stop_and_start(cont, timeout);
}

376
src/services/execution/execute/execution_create.c
View File

@ -148,80 +148,84 @@ error_out:
return NULL;
}
static container_custom_config *get_custom_spec_from_request(const container_create_request *request)
static container_config *get_container_spec_from_request(const container_create_request *request)
{
parser_error err = NULL;
container_custom_config *custom_spec = container_custom_config_parse_data(request->customconfig, NULL, &err);
if (custom_spec == NULL) {
container_config *container_spec = container_config_parse_data(request->customconfig, NULL, &err);
if (container_spec == NULL) {
ERROR("Failed to parse custom config data:%s", err);
}
free(err);
return custom_spec;
return container_spec;
}
static int add_default_log_config_to_custom_spec(const char *id, const char *runtime_root,
container_custom_config *custom_config)
static int add_default_log_config_to_container_spec(const char *id, const char *runtime_root,
container_config *container_spec)
{
int ret = 0;
/* generate default log path */
if (custom_config->log_config == NULL) {
custom_config->log_config = util_common_calloc_s(sizeof(container_custom_config_log_config));
if (custom_config->log_config == NULL) {
if (container_spec->log_config == NULL) {
container_spec->log_config = util_common_calloc_s(sizeof(container_config_log_config));
if (container_spec->log_config == NULL) {
ERROR("Out of memory");
ret = -1;
goto out;
}
}
if (custom_config->log_config->log_file == NULL) {
if (container_spec->log_config->log_file == NULL) {
char default_path[PATH_MAX] = { 0 };
int nret = snprintf(default_path, PATH_MAX, "%s/%s/console.log", runtime_root, id);
if (nret >= PATH_MAX || nret < 0) {
if (nret < 0 || nret >= PATH_MAX) {
ERROR("Create default log path for container %s failed", id);
ret = -1;
goto out;
}
custom_config->log_config->log_file = util_strdup_s(default_path);
container_spec->log_config->log_file = util_strdup_s(default_path);
}
out:
return ret;
}
static container_custom_config *get_custom_spec(const char *id, const char *runtime_root,
const container_create_request *request)
static container_config *get_container_spec(const char *id, const char *runtime_root,
const container_create_request *request)
{
container_custom_config *custom_spec = NULL;
container_config *container_spec = NULL;
custom_spec = get_custom_spec_from_request(request);
if (custom_spec == NULL) {
container_spec = get_container_spec_from_request(request);
if (container_spec == NULL) {
return NULL;
}
if (add_default_log_config_to_custom_spec(id, runtime_root, custom_spec)) {
if (add_default_log_config_to_container_spec(id, runtime_root, container_spec)) {
goto error_out;
}
return custom_spec;
return container_spec;
error_out:
free_container_custom_config(custom_spec);
free_container_config(container_spec);
return NULL;
}
static oci_runtime_spec *merge_config(const char *id, const char *image_type, const char *image_name,
const char *ext_config_image, host_config *host_spec,
container_custom_config *custom_spec,
container_config_v2_common_config *v2_spec, char **real_rootfs)
static oci_runtime_spec *generate_oci_config(host_config *host_spec,
const char *real_rootfs,
container_config_v2_common_config *v2_spec)
{
int ret = 0;
oci_runtime_spec *oci_spec = NULL;
oci_spec = merge_container_config(id, image_type, image_name, ext_config_image, host_spec, custom_spec,
v2_spec, real_rootfs);
oci_spec = default_spec(host_spec->system_container);
if (oci_spec == NULL) {
goto error_out;
}
ret = merge_all_specs(host_spec, real_rootfs, v2_spec, oci_spec);
if (ret != 0) {
ERROR("Failed to merge config");
goto error_out;
}
@ -239,7 +243,7 @@ error_out:
}
static int merge_config_for_syscontainer(const container_create_request *request, const host_config *host_spec,
const container_custom_config *custom_spec, const oci_runtime_spec *oci_spec)
const container_config *container_spec, const oci_runtime_spec *oci_spec)
{
int ret = 0;
@ -247,7 +251,7 @@ static int merge_config_for_syscontainer(const container_create_request *request
return 0;
}
if (merge_network(host_spec, request->rootfs, custom_spec->hostname) != 0) {
if (merge_network(host_spec, request->rootfs, container_spec->hostname) != 0) {
ERROR("Failed to merge network config");
ret = -1;
goto out;
@ -547,34 +551,6 @@ void umount_host_channel(const host_config_host_channel *host_channel)
}
}
static int generate_merged_oci_config_json(const char *id, oci_runtime_spec *oci_spec,
char **oci_config_data)
{
char *err = NULL;
if (verify_container_settings(oci_spec)) {
ERROR("Failed to verify container settings");
return -1;
}
/* modify oci_spec by plugin. */
if (plugin_event_container_pre_create(id, oci_spec)) {
ERROR("Plugin event pre create failed");
(void)plugin_event_container_post_remove2(id, oci_spec); /* ignore error */
return -1;
}
*oci_config_data = oci_runtime_spec_generate_json(oci_spec, 0, &err);
if (*oci_config_data == NULL) {
ERROR("Failed to generate runtime spec json,erro:%s", err);
free(err);
isulad_set_error_message("Failed to generate runtime spec json");
return -1;
}
free(err);
return 0;
}
static int create_container_root_dir(const char *id, const char *runtime_root)
{
int ret = 0;
@ -623,104 +599,6 @@ out:
return ret;
}
static container_config_v2_common_config *get_config_v2_spec(const char *id, const char *runtime_root,
const host_config *host_spec)
{
container_config_v2_common_config *v2_spec = NULL;
v2_spec = util_common_calloc_s(sizeof(container_config_v2_common_config));
if (v2_spec == NULL) {
ERROR("Failed to malloc container_config_v2_common_config");
return NULL;
}
/* set network config to v2_spec */
if (init_container_network_confs(id, runtime_root, host_spec, v2_spec) != 0) {
ERROR("Init Network files failed");
goto error_out;
}
return v2_spec;
error_out:
free_container_config_v2_common_config(v2_spec);
return NULL;
}
/* save config v2 */
static int create_v2_config_json(const char *id, const char *runtime_root, container_config_v2_common_config *v2_spec)
{
int ret = 0;
char *json_v2 = NULL;
parser_error err = NULL;
container_config_v2 config_v2 = { 0 };
container_config_v2_state state = { 0 };
config_v2.common_config = v2_spec;
config_v2.state = &state;
json_v2 = container_config_v2_generate_json(&config_v2, NULL, &err);
if (json_v2 == NULL) {
ERROR("Failed to generate container config V2 json string:%s", err ? err : " ");
ret = -1;
goto out;
}
ret = save_config_v2_json(id, runtime_root, json_v2);
if (ret != 0) {
ERROR("Failed to save container config V2 json to file");
ret = -1;
goto out;
}
out:
free(json_v2);
free(err);
return ret;
}
/* save host config */
static int create_host_config_json(const char *id, const char *runtime_root, const host_config *host_spec)
{
int ret = 0;
char *json_host_config = NULL;
parser_error err = NULL;
json_host_config = host_config_generate_json(host_spec, NULL, &err);
if (json_host_config == NULL) {
ERROR("Failed to generate container host config json string:%s", err ? err : " ");
ret = -1;
goto out;
}
ret = save_host_config(id, runtime_root, json_host_config);
if (ret != 0) {
ERROR("Failed to save container host config json to file");
ret = -1;
goto out;
}
out:
free(json_host_config);
free(err);
return ret;
}
static int save_container_config_before_create(const char *id, const char *runtime_root, host_config *host_spec,
container_config_v2_common_config *v2_spec)
{
if (create_v2_config_json(id, runtime_root, v2_spec) != 0) {
return -1;
}
if (create_host_config_json(id, runtime_root, host_spec) != 0) {
return -1;
}
return 0;
}
static host_config_host_channel *dup_host_channel(const host_config_host_channel *channel)
{
host_config_host_channel *dup_channel = NULL;
@ -744,15 +622,6 @@ static host_config_host_channel *dup_host_channel(const host_config_host_channel
return dup_channel;
}
static int verify_merged_custom_config(const container_custom_config *custom_spec)
{
if (verify_health_check_parameter(custom_spec) != 0) {
return -1;
}
return 0;
}
static int response_allocate_memory(container_create_response **response)
{
if (response == NULL) {
@ -837,75 +706,28 @@ static int preparate_runtime_environment(const container_create_request *request
}
static int get_basic_spec(const container_create_request *request, const char *id, const char *runtime_root,
host_config **host_spec, container_custom_config **custom_spec)
host_config **host_spec, container_config **container_spec)
{
*host_spec = get_host_spec(request);
if (*host_spec == NULL) {
return -1;
}
*custom_spec = get_custom_spec(id, runtime_root, request);
if (*custom_spec == NULL) {
return -1;
}
return 0;
}
static int get_v2_spec(const container_create_request *request, const char *id, const char *name,
const char *runtime_root, const host_config *host_spec, const char *image_type,
container_config_v2_common_config **v2_spec)
{
*v2_spec = get_config_v2_spec(id, runtime_root, host_spec);
if (*v2_spec == NULL) {
ERROR("Failed to malloc container_config_v2_common_config");
return -1;
}
if (v2_spec_make_basic_info(id, name, request->image, image_type, *v2_spec) != 0) {
ERROR("Failed to malloc container_config_v2_common_config");
return -1;
}
return 0;
}
static int v2_spec_merge_config(const container_custom_config *custom_spec, const oci_runtime_spec *oci_spec,
container_config_v2_common_config *v2_spec)
{
if (v2_spec_merge_custom_spec(custom_spec, v2_spec) != 0) {
ERROR("Failed to malloc container_config_v2_common_config");
return -1;
}
if (v2_spec_merge_oci_spec(oci_spec, v2_spec) != 0) {
ERROR("Failed to malloc container_config_v2_common_config");
return -1;
}
return 0;
}
static int generate_oci_config_json(const char *id, const container_create_request *request,
const host_config *host_spec, const container_custom_config *custom_spec,
oci_runtime_spec *oci_spec, char **oci_config_data)
{
if (verify_merged_custom_config(custom_spec)) {
return -1;
}
if (merge_config_for_syscontainer(request, host_spec, custom_spec, oci_spec) != 0) {
ERROR("Failed to merge config for syscontainer");
return -1;
}
if (generate_merged_oci_config_json(id, oci_spec, oci_config_data) != 0) {
*container_spec = get_container_spec(id, runtime_root, request);
if (*container_spec == NULL) {
return -1;
}
return 0;
}
/*
* request -> host_spec + container_spec
* container_spec + image config
* host_spec + container_spec + default_spec+ global_spec => oci_spec
* verify oci_spec
* register container(save v2_spec\host_spec\oci_spec)
*/
int container_create_cb(const container_create_request *request,
container_create_response **response)
{
@ -921,11 +743,10 @@ int container_create_cb(const container_create_request *request,
const char *ext_config_image = NULL;
oci_runtime_spec *oci_spec = NULL;
host_config *host_spec = NULL;
container_custom_config *custom_spec = NULL;
container_config *container_spec = NULL;
container_config_v2_common_config *v2_spec = NULL;
host_config_host_channel *host_channel = NULL;
rt_create_params_t create_params = { 0 };
rt_rm_params_t delete_params = { 0 };
int ret = 0;
DAEMON_CLEAR_ERRMSG();
@ -946,75 +767,109 @@ int container_create_cb(const container_create_request *request,
goto clean_nameindex;
}
if (get_basic_spec(request, id, runtime_root, &host_spec, &custom_spec) != 0) {
if (get_basic_spec(request, id, runtime_root, &host_spec, &container_spec) != 0) {
cc = ISULAD_ERR_INPUT;
goto clean_container_root_dir;
}
if (get_v2_spec(request, id, name, runtime_root, host_spec, image_type, &v2_spec) != 0) {
v2_spec = util_common_calloc_s(sizeof(container_config_v2_common_config));
if (v2_spec == NULL) {
ERROR("Failed to malloc container_config_v2_common_config");
cc = ISULAD_ERR_INPUT;
goto clean_container_root_dir;
}
char timebuffer[TIME_STR_SIZE] = { 0 };
v2_spec->id = id ? util_strdup_s(id) : NULL;
v2_spec->name = name ? util_strdup_s(name) : NULL;
v2_spec->image = image_name ? util_strdup_s(image_name) : util_strdup_s("none");
v2_spec->image_type = image_type ? util_strdup_s(image_type) : NULL;
(void)get_now_time_buffer(timebuffer, sizeof(timebuffer));
free(v2_spec->created);
v2_spec->created = util_strdup_s(timebuffer);
v2_spec->config = container_spec;
/* set network config to v2_spec */
if (init_container_network_confs(id, runtime_root, host_spec, v2_spec) != 0) {
ERROR("Init Network files failed");
cc = ISULAD_ERR_INPUT;
goto clean_container_root_dir;
}
ret = im_merge_image_config(id, image_type, image_name, ext_config_image, host_spec,
v2_spec->config, &real_rootfs);
if (ret != 0) {
ERROR("Can not merge container_spec with image config");
cc = ISULAD_ERR_EXEC;
goto clean_container_root_dir;
}
if (save_container_config_before_create(id, runtime_root, host_spec, v2_spec) != 0) {
if (verify_health_check_parameter(v2_spec->config) != 0) {
cc = ISULAD_ERR_EXEC;
goto clean_container_root_dir;
goto clean_rootfs;
}
oci_spec = generate_oci_config(host_spec, real_rootfs, v2_spec);
if (oci_spec == NULL) {
cc = ISULAD_ERR_EXEC;
goto clean_rootfs;
}
if (merge_config_for_syscontainer(request, host_spec, v2_spec->config, oci_spec) != 0) {
ERROR("Failed to merge config for syscontainer");
cc = ISULAD_ERR_EXEC;
goto clean_rootfs;
}
/* modify oci_spec by plugin. */
if (plugin_event_container_pre_create(id, oci_spec) != 0) {
ERROR("Plugin event pre create failed");
(void)plugin_event_container_post_remove2(id, oci_spec); /* ignore error */
cc = ISULAD_ERR_EXEC;
goto clean_rootfs;
}
host_channel = dup_host_channel(host_spec->host_channel);
if (prepare_host_channel(host_channel, host_spec->user_remap)) {
ERROR("Failed to prepare host channel with '%s'", host_spec->host_channel);
cc = ISULAD_ERR_EXEC;
goto clean_container_root_dir;
}
oci_spec = merge_config(id, image_type, image_name, ext_config_image, host_spec, custom_spec, v2_spec,
&real_rootfs);
if (oci_spec == NULL) {
cc = ISULAD_ERR_EXEC;
goto clean_rootfs;
}
if (real_rootfs == NULL) {
ERROR("Can not found rootfs");
cc = ISULAD_ERR_INPUT;
goto clean_rootfs;
}
if (generate_oci_config_json(id, request, host_spec, custom_spec, oci_spec, &oci_config_data) != 0) {
cc = ISULAD_ERR_INPUT;
goto clean_rootfs;
}
create_params.real_rootfs = real_rootfs;
create_params.oci_config_data = oci_config_data;
if (runtime_create(id, runtime, &create_params) != 0) {
ERROR("Runtime create container failed");
sleep(111);
cc = ISULAD_ERR_EXEC;
goto clean_rootfs;
}
if (v2_spec_merge_config(custom_spec, oci_spec, v2_spec) != 0) {
if (verify_container_settings(oci_spec)) {
ERROR("Failed to verify container settings");
cc = ISULAD_ERR_EXEC;
goto clean_on_error;
goto umount_channel;
}
if (save_oci_config(id, runtime_root, oci_spec) != 0) {
ERROR("Failed to save container settings");
cc = ISULAD_ERR_EXEC;
goto umount_channel;
}
if (v2_spec_merge_contaner_spec(v2_spec) != 0) {
ERROR("Failed to merge container settings");
cc = ISULAD_ERR_EXEC;
goto umount_channel;
}
if (register_new_container(id, runtime, &host_spec, &v2_spec)) {
ERROR("Failed to register new container");
cc = ISULAD_ERR_EXEC;
goto clean_on_error;
goto umount_channel;
}
EVENT("Event: {Object: %s, Type: Created %s}", id, name);
goto pack_response;
clean_on_error:
delete_params.rootpath = runtime_root;
(void)runtime_rm(id, runtime, &delete_params);
umount_channel:
umount_host_channel(host_channel);
clean_rootfs:
(void)im_remove_container_rootfs(image_type, id);
umount_host_channel(host_channel);
clean_container_root_dir:
(void)delete_container_root_dir(id, runtime_root);
@ -1033,7 +888,6 @@ pack_response:
free(id);
free_oci_runtime_spec(oci_spec);
free_host_config(host_spec);
free_container_custom_config(custom_spec);
free_container_config_v2_common_config(v2_spec);
free_host_config_host_channel(host_channel);
free_log_prefix();

61
src/services/execution/execute/execution_extend.c
View File

@ -41,6 +41,7 @@
#include "execution_extend.h"
#include "sysinfo.h"
#include "health_check.h"
#include "specs.h"
#include "runtime.h"
#include "filters.h"
@ -1000,6 +1001,8 @@ static int do_update_resources(const container_update_request *request, containe
parser_error err = NULL;
host_config *hostconfig = NULL;
host_config *backup_hostconfig = NULL;
oci_runtime_spec *oci_spec = NULL;
oci_runtime_spec *backup_oci_spec = NULL;
rt_update_params_t params = { 0 };
if (request->host_config == NULL) {
@ -1029,29 +1032,67 @@ static int do_update_resources(const container_update_request *request, containe
}
if (update_container(cont, hostconfig)) {
host_config_restore_unlocking(cont, backup_hostconfig);
ret = -1;
goto unlock_out;
goto restore_hostspec;
}
if (container_to_disk(cont)) {
ERROR("Failed to save container \"%s\" to disk", id);
host_config_restore_unlocking(cont, backup_hostconfig);
ret = -1;
goto unlock_out;
goto restore_hostspec;
}
if (hostconfig->restart_policy && hostconfig->restart_policy->name) {
container_update_restart_manager(cont, hostconfig->restart_policy);
}
params.rootpath = cont->root_path;
params.hostconfig = hostconfig;
if (runtime_update(id, cont->runtime, &params)) {
ERROR("Update container %s failed", id);
oci_spec = load_oci_config(cont->root_path, id);
if (oci_spec == NULL) {
ERROR("Failed to load oci config");
ret = -1;
goto unlock_out;
goto restore_hostspec;
}
backup_oci_spec = load_oci_config(cont->root_path, id);
if (oci_spec == NULL) {
ERROR("Failed to load oci config");
ret = -1;
goto restore_hostspec;
}
ret = merge_conf_cgroup(oci_spec, hostconfig);
if (ret != 0) {
ERROR("Failed to merge cgroup config to oci spec");
ret = -1;
goto restore_hostspec;
}
if (save_oci_config(id, cont->root_path, oci_spec) != 0) {
ERROR("Failed to save updated oci spec");
ret = -1;
goto restore_ocispec;
}
if (is_running(cont->state)) {
params.rootpath = cont->root_path;
params.hostconfig = hostconfig;
if (runtime_update(id, cont->runtime, &params)) {
ERROR("Update container %s failed", id);
ret = -1;
goto restore_ocispec;
}
}
goto unlock_out;
restore_ocispec:
if (save_oci_config(id, cont->root_path, backup_oci_spec) != 0) {
ERROR("Failed to restore oci spec");
ret = -1;
}
restore_hostspec:
host_config_restore_unlocking(cont, backup_hostconfig);
unlock_out:
container_unlock(cont);
out:
@ -1059,6 +1100,8 @@ out:
free_host_config(backup_hostconfig);
}
free_host_config(hostconfig);
free_oci_runtime_spec(oci_spec);
free_oci_runtime_spec(backup_oci_spec);
free(err);
return ret;
}

243
src/services/execution/execute/execution_network.c
View File

@ -760,7 +760,7 @@ cleanup:
}
static int init_container_network_confs_container(const char *id, const host_config *hc,
container_config_v2_common_config *common_config)
container_config_v2_common_config *v2_spec)
{
int ret = 0;
size_t len = strlen(SHARE_NAMESPACE_PREFIX);
@ -773,89 +773,222 @@ static int init_container_network_confs_container(const char *id, const host_con
}
if (nc->common_config->hostname_path != NULL) {
free(common_config->hostname_path);
common_config->hostname_path = util_strdup_s(nc->common_config->hostname_path);
free(v2_spec->hostname_path);
v2_spec->hostname_path = util_strdup_s(nc->common_config->hostname_path);
}
if (nc->common_config->hosts_path != NULL) {
free(common_config->hosts_path);
common_config->hosts_path = util_strdup_s(nc->common_config->hosts_path);
free(v2_spec->hosts_path);
v2_spec->hosts_path = util_strdup_s(nc->common_config->hosts_path);
}
if (nc->common_config->resolv_conf_path != NULL) {
free(common_config->resolv_conf_path);
common_config->resolv_conf_path = util_strdup_s(nc->common_config->resolv_conf_path);
free(v2_spec->resolv_conf_path);
v2_spec->resolv_conf_path = util_strdup_s(nc->common_config->resolv_conf_path);
}
if (nc->common_config->config != NULL && nc->common_config->config->hostname != NULL) {
if (common_config->config == NULL) {
common_config->config = util_common_calloc_s(sizeof(container_config));
if (common_config->config == NULL) {
ERROR("Out of memory");
ret = -1;
goto cleanup;
}
}
free(common_config->config->hostname);
common_config->config->hostname = util_strdup_s(nc->common_config->config->hostname);
free(v2_spec->config->hostname);
v2_spec->config->hostname = util_strdup_s(nc->common_config->config->hostname);
}
cleanup:
container_unref(nc);
return ret;
}
int init_container_network_confs(const char *id, const char *rootpath, const host_config *hc,
container_config_v2_common_config *common_config)
static int create_default_hostname(const char *id, const char *rootpath, bool share_host,
container_config_v2_common_config *v2_spec)
{
int ret = 0;
int nret = 0;
char file_path[PATH_MAX] = { 0x0 };
char hostname_content[MAX_HOST_NAME_LEN + 2] = { 0 };
// is container mode
if (is_container(hc->network_mode)) {
ret = init_container_network_confs_container(id, hc, common_config);
goto cleanup;
}
// is host mode
if (is_host(hc->network_mode)) {
if (common_config->config == NULL) {
common_config->config = util_common_calloc_s(sizeof(container_config));
if (common_config->config == NULL) {
ERROR("Out of memory");
ret = -1;
goto cleanup;
}
}
if (common_config->config->hostname == NULL) {
if (v2_spec->config->hostname == NULL) {
if (share_host) {
char hostname[MAX_HOST_NAME_LEN] = { 0x00 };
ret = gethostname(hostname, sizeof(hostname));
if (ret != 0) {
ERROR("Get hostname error");
goto cleanup;
goto out;
}
common_config->config->hostname = util_strdup_s(hostname);
v2_spec->config->hostname = util_strdup_s(hostname);
} else {
v2_spec->config->hostname = util_strdup_s("localhost");
}
}
// create hosts, resolv.conf and so
int nret = snprintf(file_path, PATH_MAX, "%s/%s/%s", rootpath, id, "hosts");
if (nret >= PATH_MAX || nret < 0) {
nret = snprintf(file_path, PATH_MAX, "%s/%s/%s", rootpath, id, "hostname");
if (nret < 0 || nret >= PATH_MAX) {
ERROR("Failed to print string");
ret = -1;
goto cleanup;
goto out;
}
free(common_config->hosts_path);
common_config->hosts_path = util_strdup_s(file_path);
nret = snprintf(file_path, PATH_MAX, "%s/%s/%s", rootpath, id, "resolv.conf");
if (nret >= PATH_MAX || nret < 0) {
ERROR("Failed to print string");
ret = -1;
goto cleanup;
}
free(common_config->resolv_conf_path);
common_config->resolv_conf_path = util_strdup_s(file_path);
cleanup:
nret = snprintf(hostname_content, MAX_HOST_NAME_LEN + 2, "%s\n", v2_spec->config->hostname);
if (nret < 0 || (size_t)nret >= sizeof(hostname_content)) {
ERROR("Failed to print string");
ret = -1;
goto out;
}
if (util_write_file(file_path, hostname_content, strlen(hostname_content)) != 0) {
ERROR("Failed to create default hostname");
ret = -1;
goto out;
}
free(v2_spec->hostname_path);
v2_spec->hostname_path = util_strdup_s(file_path);
out:
return ret;
}
static int write_default_hosts(const char *file_path, const char *hostname)
{
int ret = 0;
char *content = NULL;
size_t content_len = 0;
const char *default_config = "127.0.0.1 localhost\n"
"::1 localhost ip6-localhost ip6-loopback\n"
"fe00::0 ip6-localnet\n"
"ff00::0 ip6-mcastprefix\n"
"ff02::1 ip6-allnodes\n"
"ff02::2 ip6-allrouters\n";
const char *loop_ip = "127.0.0.1 ";
if (strlen(hostname) > (((SIZE_MAX - strlen(default_config)) - strlen(loop_ip)) - 2)) {
ret = -1;
goto out_free;
}
content_len = strlen(default_config) + strlen(loop_ip) + strlen(hostname) + 1 + 1;
content = util_common_calloc_s(content_len);
if (content == NULL) {
ERROR("Memory out");
ret = -1;
goto out_free;
}
ret = snprintf(content, content_len, "%s%s%s\n", default_config, loop_ip, hostname);
if (ret < 0 || (size_t)ret >= content_len) {
ERROR("Failed to generate default hosts");
ret = -1;
goto out_free;
}
ret = util_write_file(file_path, content, strlen(content));
if (ret != 0) {
ret = -1;
goto out_free;
}
out_free:
free(content);
return ret;
}
static int create_default_hosts(const char *id, const char *rootpath, bool share_host,
container_config_v2_common_config *v2_spec)
{
int ret = 0;
char file_path[PATH_MAX] = { 0x0 };
ret = snprintf(file_path, PATH_MAX, "%s/%s/%s", rootpath, id, "hosts");
if (ret < 0 || ret >= PATH_MAX) {
ERROR("Failed to print string");
ret = -1;
goto out;
}
if (share_host && util_file_exists(ETC_HOSTS)) {
ret = util_copy_file(ETC_HOSTS, file_path);
} else {
ret = write_default_hosts(file_path, v2_spec->config->hostname);
}
if (ret != 0) {
ERROR("Failed to create default hosts");
goto out;
}
free(v2_spec->hosts_path);
v2_spec->hosts_path = util_strdup_s(file_path);
out:
return ret;
}
static int write_default_resolve(const char *file_path)
{
const char *default_ipv4_dns = "\nnameserver 8.8.8.8\nnameserver 8.8.4.4\n";;
return util_write_file(file_path, default_ipv4_dns, strlen(default_ipv4_dns));
}
static int create_default_resolv(const char *id, const char *rootpath, container_config_v2_common_config *v2_spec)
{
int ret = 0;
char file_path[PATH_MAX] = { 0x0 };
ret = snprintf(file_path, PATH_MAX, "%s/%s/%s", rootpath, id, "resolv.conf");
if (ret < 0 || ret >= PATH_MAX) {
ERROR("Failed to print string");
ret = -1;
goto out;
}
if (util_file_exists(RESOLV_CONF_PATH)) {
ret = util_copy_file(RESOLV_CONF_PATH, file_path);
} else {
ret = write_default_resolve(file_path);
}
if (ret != 0) {
ERROR("Failed to create default resolv.conf");
goto out;
}
free(v2_spec->resolv_conf_path);
v2_spec->resolv_conf_path = util_strdup_s(file_path);
out:
return ret;
}
int init_container_network_confs(const char *id, const char *rootpath, const host_config *hc,
container_config_v2_common_config *v2_spec)
{
int ret = 0;
bool share_host = is_host(hc->network_mode);
// is container mode
if (is_container(hc->network_mode)) {
return init_container_network_confs_container(id, hc, v2_spec);
}
if (create_default_hostname(id, rootpath, share_host, v2_spec) != 0) {
ERROR("Failed to create default hostname");
ret = -1;
goto out;
}
if (create_default_hosts(id, rootpath, share_host, v2_spec) != 0) {
ERROR("Failed to create default hosts");
ret = -1;
goto out;
}
if (create_default_resolv(id, rootpath, v2_spec) != 0) {
ERROR("Failed to create default resolv.conf");
ret = -1;
goto out;
}
out:
return ret;
}

248
src/services/execution/execute/execution_stream.c
View File

@ -248,14 +248,129 @@ out:
return ret;
}
static int exec_container(container_t *cont, const char *runtime, char * const console_fifos[], const char *user,
size_t argc, const char **argv, size_t env_len, const char **env,
int64_t timeout, const char *suffix, int *exit_code)
int merge_exec_process_env(defs_process *spec, const container_config *container_spec, const char **env, size_t env_len)
{
int ret = 0;
size_t env_count = 0;
size_t i = 0;
if (env_len > LIST_ENV_SIZE_MAX - container_spec->env_len) {
ERROR("The length of envionment variables is too long, the limit is %d", LIST_ENV_SIZE_MAX);
isulad_set_error_message("The length of envionment variables is too long, the limit is %d", LIST_ENV_SIZE_MAX);
ret = -1;
goto out;
}
env_count = container_spec->env_len + env_len;
if (env_count == 0) {
ret = 0;
goto out;
}
spec->env = util_common_calloc_s(env_count * sizeof(char *));
if (spec->env == NULL) {
ERROR("Failed to malloc memory for envionment variables");
ret = -1;
goto out;
}
for (i = 0; i < container_spec->env_len; i++) {
spec->env[spec->env_len] = util_strdup_s(container_spec->env[i]);
spec->env_len++;
}
for (i = 0; i < env_len; i++) {
spec->env[spec->env_len] = util_strdup_s(env[i]);
spec->env_len++;
}
out:
return ret;
}
static int dup_defs_process_user(defs_process_user *src, defs_process_user **dst)
{
int ret = 0;
size_t i;
if (src == NULL) {
return 0;
}
*dst = (defs_process_user *)util_common_calloc_s(sizeof(defs_process_user));
if (*dst == NULL) {
ERROR("Out of memory");
return -1;
}
(*dst)->username = util_strdup_s(src->username);
(*dst)->uid = src->uid;
(*dst)->gid = src->gid;
if (src->additional_gids_len != 0) {
(*dst)->additional_gids = util_common_calloc_s(sizeof(gid_t) * src->additional_gids_len);
if ((*dst)->additional_gids == NULL) {
ERROR("Out of memory");
ret = -1;
goto out;
}
(*dst)->additional_gids_len = src->additional_gids_len;
for (i = 0; i < src->additional_gids_len; i++) {
(*dst)->additional_gids[i] = src->additional_gids[i];
}
}
out:
return ret;
}
static defs_process *make_exec_process_spec(const container_config *container_spec, defs_process_user *puser,
const container_exec_request *request)
{
int ret = 0;
defs_process *spec = NULL;
spec = util_common_calloc_s(sizeof(defs_process));
if (spec == NULL) {
return NULL;
}
ret = merge_exec_process_env(spec, container_spec, (const char **)request->env, request->env_len);
if (ret != 0) {
ERROR("Failed to dup args for exec process spec");
goto err_out;
}
ret = dup_array_of_strings((const char **)request->argv, request->argv_len, &(spec->args), &(spec->args_len));
if (ret != 0) {
ERROR("Failed to dup envs for exec process spec");
goto err_out;
}
ret = dup_defs_process_user(puser, &(spec->user));
if (ret != 0) {
ERROR("Failed to dup process user for exec process spec");
goto err_out;
}
spec->terminal = request->tty;
spec->cwd = util_strdup_s(container_spec->working_dir ? container_spec->working_dir : "/");
return spec;
err_out:
free_defs_process(spec);
return NULL;
}
static int exec_container(container_t *cont, const char *runtime, char * const console_fifos[],
defs_process_user *puser,
const container_exec_request *request, int *exit_code)
{
int ret = 0;
char *engine_log_path = NULL;
char *loglevel = NULL;
char *logdriver = NULL;
defs_process *process_spec = NULL;
rt_exec_params_t params = { 0 };
loglevel = conf_get_isulad_loglevel();
@ -277,17 +392,20 @@ static int exec_container(container_t *cont, const char *runtime, char * const c
goto out;
}
process_spec = make_exec_process_spec(cont->common_config->config, puser, request);
if (process_spec == NULL) {
ERROR("Exec: Failed to make process spec");
ret = -1;
goto out;
}
params.loglevel = loglevel;
params.logpath = engine_log_path;
params.console_fifos = (const char **)console_fifos;
params.rootpath = cont->root_path;
params.timeout = timeout;
params.user = user;
params.args = (const char * const *)argv;
params.args_len = argc;
params.envs = (const char * const *)env;
params.envs_len = env_len;
params.suffix = suffix;
params.timeout = request->timeout;
params.suffix = request->suffix;
params.spec = process_spec;
if (runtime_exec(cont->common_config->id, runtime, &params, exit_code)) {
ERROR("Runtime exec container failed");
@ -299,6 +417,7 @@ out:
free(loglevel);
free(engine_log_path);
free(logdriver);
free_defs_process(process_spec);
return ret;
}
@ -408,100 +527,23 @@ static void container_exec_cb_end(container_exec_response *response, uint32_t cc
}
}
static int get_user_and_groups_conf(const container_t *cont, const char *username,
oci_runtime_spec_process_user **puser)
static int get_exec_user_info(const container_t *cont, const char *username, defs_process_user **puser)
{
int ret = -1;
if (username == NULL) {
return 0;
}
int ret = 0;
if (cont == NULL || cont->common_config == NULL) {
ERROR("Can not found container config");
return -1;
}
*puser = util_common_calloc_s(sizeof(oci_runtime_spec_process_user));
*puser = util_common_calloc_s(sizeof(defs_process_user));
if (*puser == NULL) {
ERROR("Out of memory");
return -1;
}
ret = im_get_user_conf(cont->common_config->image_type, cont->common_config->base_fs,
cont->hostconfig, username, *puser);
if (ret != 0) {
ERROR("Get user failed with '%s'", username ? username : "");
free_oci_runtime_spec_process_user(*puser);
*puser = NULL;
}
return ret;
}
// user string(UID:GID)
static int generate_user_string_by_uid_gid(const oci_runtime_spec_process_user *puser, char **user)
{
char uid_str[ISULAD_NUMSTRLEN32] = { 0 };
char gid_str[ISULAD_NUMSTRLEN32] = { 0 };
size_t len;
int nret = snprintf(uid_str, ISULAD_NUMSTRLEN32, "%u", (unsigned int)puser->uid);
if (nret >= ISULAD_NUMSTRLEN32 || nret < 0) {
ERROR("Invalid UID:%u", (unsigned int)puser->uid);
return -1;
}
nret = snprintf(gid_str, ISULAD_NUMSTRLEN32, "%u", (unsigned int)puser->gid);
if (nret >= ISULAD_NUMSTRLEN32 || nret < 0) {
ERROR("Invalid attach uid value :%u", (unsigned int)puser->gid);
return -1;
}
len = strlen(uid_str) + 1 + strlen(gid_str) + 1;
*user = (char *)util_common_calloc_s(len * sizeof(char));
if (*user == NULL) {
ERROR("Out of memory");
return -1;
}
nret = snprintf(*user, len, "%u:%u", (unsigned int)puser->uid, (unsigned int)puser->gid);
if ((size_t)nret >= len || nret < 0) {
ERROR("Invalid UID:GID (%u:%u)", (unsigned int)puser->uid, (unsigned int)puser->gid);
free(*user);
*user = NULL;
return -1;
}
return 0;
}
static int get_exec_user_string(const container_t *cont, const char *username, char **user)
{
int ret = 0;
oci_runtime_spec_process_user *puser = NULL;
if (username == NULL) {
return 0;
}
if (cont == NULL || user == NULL) {
ERROR("Invalid parameters");
return -1;
}
if (get_user_and_groups_conf(cont, username, &puser) != 0) {
ERROR("Failed to get user and groups conf");
ret = -1;
goto out;
}
if (generate_user_string_by_uid_gid(puser, user) != 0) {
ret = -1;
goto out;
}
out:
free_oci_runtime_spec_process_user(puser);
return ret;
}
@ -516,7 +558,7 @@ static int container_exec_cb(const container_exec_request *request, container_ex
char *fifopath = NULL;
pthread_t thread_id = 0;
container_t *cont = NULL;
char *user = NULL;
defs_process_user *puser = NULL;
DAEMON_CLEAR_ERRMSG();
if (request == NULL || response == NULL) {
@ -529,11 +571,6 @@ static int container_exec_cb(const container_exec_request *request, container_ex
}
id = cont->common_config->id;
if (get_exec_user_string(cont, request->user, &user) != 0) {
cc = ISULAD_ERR_EXEC;
goto pack_response;
}
set_log_prefix(id);
EVENT("Event: {Object: %s, Type: execing}", id);
@ -565,14 +602,19 @@ static int container_exec_cb(const container_exec_request *request, container_ex
goto pack_response;
}
if (request->user != NULL) {
if (get_exec_user_info(cont, request->user, &puser) != 0) {
cc = ISULAD_ERR_EXEC;
goto pack_response;
}
}
if (exec_prepare_console(cont, request, stdinfd, stdout_handler, fifos, &fifopath, &sync_fd, &thread_id)) {
cc = ISULAD_ERR_EXEC;
goto pack_response;
}
if (exec_container(cont, cont->runtime, (char * const *)fifos, user, request->argv_len,
(const char **)request->argv, request->env_len,
(const char **)request->env, request->timeout, request->suffix, &exit_code)) {
if (exec_container(cont, cont->runtime, (char * const *)fifos, puser, request, &exit_code)) {
cc = ISULAD_ERR_EXEC;
goto pack_response;
}
@ -586,7 +628,7 @@ pack_response:
free(fifos[1]);
free(fifos[2]);
free(fifopath);
free(user);
free_defs_process_user(puser);
container_unref(cont);
free_log_prefix();
@ -2026,6 +2068,7 @@ static int container_logs_cb(const struct isulad_logs_request *request, stream_f
container_t *cont = NULL;
struct container_log_config *log_config = NULL;
struct last_log_file_position last_pos = {0};
Container_Status status = CONTAINER_STATUS_UNKNOWN;
*response = (struct isulad_logs_response *)util_common_calloc_s(sizeof(struct isulad_logs_response));
if (*response == NULL) {
@ -2049,6 +2092,11 @@ static int container_logs_cb(const struct isulad_logs_request *request, stream_f
id = cont->common_config->id;
set_log_prefix(id);
status = state_get_status(cont->state);
if (status == CONTAINER_STATUS_CREATED) {
goto out;
}
/* check state of container */
if (gc_is_gc_progress(id)) {
isulad_set_error_message("can not get logs from container which is dead or marked for removal");

326
src/services/execution/manager/container_unix.c
View File

@ -21,8 +21,6 @@
#include "container_unix.h"
#include "log.h"
#include "utils.h"
#include "container_custom_config.h"
#include "container_start_generate_config.h"
static int parse_container_log_configs(container_t *cont);
@ -332,175 +330,21 @@ int container_wait_rm_locking(container_t *cont, int timeout)
return ret;
}
static int pack_container_config_annotations_from_oci_spec(const oci_runtime_spec *oci_spec,
container_config_v2_common_config *v2_spec)
{
int ret = 0;
size_t i = 0;
if (oci_spec->annotations != NULL && oci_spec->annotations->len) {
if (v2_spec->config == NULL) {
v2_spec->config = util_common_calloc_s(sizeof(container_config));
if (v2_spec->config == NULL) {
ERROR("Out of memory");
ret = -1;
goto out;
}
}
v2_spec->config->annotations = util_common_calloc_s(sizeof(json_map_string_string));
if (v2_spec->config->annotations == NULL) {
ERROR("Out of memory");
ret = -1;
goto out;
}
if (oci_spec->annotations->len > SIZE_MAX / sizeof(char *)) {
ERROR("Annotations list is too long!");
ret = -1;
goto out;
}
v2_spec->config->annotations->keys =
util_common_calloc_s(sizeof(char *) * oci_spec->annotations->len);
if (v2_spec->config->annotations->keys == NULL) {
ERROR("Out of memory");
ret = -1;
goto out;
}
v2_spec->config->annotations->values =
util_common_calloc_s(sizeof(char *) * oci_spec->annotations->len);
if (v2_spec->config->annotations->values == NULL) {
ERROR("Out of memory");
ret = -1;
goto out;
}
for (i = 0; i < oci_spec->annotations->len; i++) {
v2_spec->config->annotations->keys[i] = util_strdup_s(oci_spec->annotations->keys[i]);
v2_spec->config->annotations->values[i] = util_strdup_s(oci_spec->annotations->values[i]);
v2_spec->config->annotations->len++;
}
}
out:
return ret;
}
static int pack_container_config_labels(container_config_v2_common_config *config,
const container_custom_config *custom_spec)
{
int ret = 0;
size_t i = 0;
if (custom_spec->labels != NULL && custom_spec->labels->len) {
if (config->config == NULL) {
config->config = util_common_calloc_s(sizeof(container_config));
if (config->config == NULL) {
ERROR("Out of memory");
ret = -1;
goto out;
}
}
config->config->labels = util_common_calloc_s(sizeof(json_map_string_string));
if (config->config->labels == NULL) {
ERROR("Out of memory");
ret = -1;
goto out;
}
if (custom_spec->labels->len > LIST_SIZE_MAX) {
ERROR("Labels list is too long, the limit is %d", LIST_SIZE_MAX);
isulad_set_error_message("Labels list is too long, the limit is %d", LIST_SIZE_MAX);
ret = -1;
goto out;
}
config->config->labels->keys = util_common_calloc_s(sizeof(char *) * custom_spec->labels->len);
if (config->config->labels->keys == NULL) {
ERROR("Out of memory");
ret = -1;
goto out;
}
config->config->labels->values = util_common_calloc_s(sizeof(char *) * custom_spec->labels->len);
if (config->config->labels->values == NULL) {
ERROR("Out of memory");
ret = -1;
goto out;
}
for (i = 0; i < custom_spec->labels->len; i++) {
config->config->labels->keys[i] = util_strdup_s(custom_spec->labels->keys[i]);
config->config->labels->values[i] = util_strdup_s(custom_spec->labels->values[i]);
config->config->labels->len++;
}
}
out:
return ret;
}
static int pack_container_config_health_check(container_config_v2_common_config *config,
const container_custom_config *custom_spec)
{
int ret = 0;
size_t i = 0;
if (custom_spec != NULL && custom_spec->health_check != NULL) {
if (config->config == NULL) {
config->config = util_common_calloc_s(sizeof(container_config));
if (config->config == NULL) {
ERROR("Out of memory");
ret = -1;
goto out;
}
}
config->config->health_check = util_common_calloc_s(sizeof(defs_health_check));
if (config->config->health_check == NULL) {
ERROR("Out of memory");
ret = -1;
goto out;
}
if (custom_spec->health_check->test != NULL && custom_spec->health_check->test_len != 0) {
if (custom_spec->health_check->test_len > SIZE_MAX / sizeof(char *)) {
ERROR("test list is too long!");
ret = -1;
goto out;
}
config->config->health_check->test =
util_common_calloc_s(sizeof(char *) * custom_spec->health_check->test_len);
if (config->config->health_check->test == NULL) {
ERROR("Out of memory");
ret = -1;
goto out;
}
for (i = 0; i < custom_spec->health_check->test_len; i++) {
config->config->health_check->test[i] = util_strdup_s(custom_spec->health_check->test[i]);
config->config->health_check->test_len++;
}
config->config->health_check->interval = custom_spec->health_check->interval;
config->config->health_check->timeout = custom_spec->health_check->timeout;
config->config->health_check->start_period = custom_spec->health_check->start_period;
config->config->health_check->retries = custom_spec->health_check->retries;
config->config->health_check->exit_on_unhealthy = custom_spec->health_check->exit_on_unhealthy;
}
}
out:
return ret;
}
static inline void add_to_config_v2_args(const char *str, char **args, size_t *args_len)
{
args[*args_len] = str ? util_strdup_s(str) : NULL;
(*args_len)++;
}
static int pack_path_and_args_from_custom_spec(const container_custom_config *custom_spec,
container_config_v2_common_config *v2_spec)
static int pack_path_and_args_from_container_spec(const container_config *container_spec,
container_config_v2_common_config *v2_spec)
{
int ret = 0;
size_t i, total;
if (custom_spec->entrypoint != NULL && custom_spec->entrypoint_len > 0) {
v2_spec->path = util_strdup_s(custom_spec->entrypoint[0]);
total = custom_spec->entrypoint_len + custom_spec->cmd_len - 1;
if (container_spec->entrypoint != NULL && container_spec->entrypoint_len > 0) {
v2_spec->path = util_strdup_s(container_spec->entrypoint[0]);
total = container_spec->entrypoint_len + container_spec->cmd_len - 1;
if (total > SIZE_MAX / sizeof(char *)) {
ERROR("Container oci spec process args elements is too much!");
@ -517,18 +361,18 @@ static int pack_path_and_args_from_custom_spec(const container_custom_config *cu
ret = -1;
goto out;
}
for (i = 1; i < custom_spec->entrypoint_len; i++) {
add_to_config_v2_args(custom_spec->entrypoint[i], v2_spec->args, &(v2_spec->args_len));
for (i = 1; i < container_spec->entrypoint_len; i++) {
add_to_config_v2_args(container_spec->entrypoint[i], v2_spec->args, &(v2_spec->args_len));
}
for (i = 0; i < custom_spec->cmd_len; i++) {
add_to_config_v2_args(custom_spec->cmd[i], v2_spec->args, &(v2_spec->args_len));
for (i = 0; i < container_spec->cmd_len; i++) {
add_to_config_v2_args(container_spec->cmd[i], v2_spec->args, &(v2_spec->args_len));
}
goto out;
}
if (custom_spec->cmd != NULL && custom_spec->cmd_len > 0) {
v2_spec->path = util_strdup_s(custom_spec->cmd[0]);
total = custom_spec->cmd_len - 1;
if (container_spec->cmd != NULL && container_spec->cmd_len > 0) {
v2_spec->path = util_strdup_s(container_spec->cmd[0]);
total = container_spec->cmd_len - 1;
if (total > SIZE_MAX / sizeof(char *)) {
ERROR("Container oci spec process args elements is too much!");
@ -545,8 +389,8 @@ static int pack_path_and_args_from_custom_spec(const container_custom_config *cu
ret = -1;
goto out;
}
for (i = 1; i < custom_spec->cmd_len; i++) {
add_to_config_v2_args(custom_spec->cmd[i], v2_spec->args, &(v2_spec->args_len));
for (i = 1; i < container_spec->cmd_len; i++) {
add_to_config_v2_args(container_spec->cmd[i], v2_spec->args, &(v2_spec->args_len));
}
}
@ -576,65 +420,22 @@ int v2_spec_make_basic_info(const char *id, const char *name, const char *image_
}
/* container merge basic v2 spec info */
int v2_spec_merge_custom_spec(const container_custom_config *custom_spec, container_config_v2_common_config *v2_spec)
int v2_spec_merge_contaner_spec(container_config_v2_common_config *v2_spec)
{
int ret = 0;
container_config *container_spec = NULL;
if (v2_spec == NULL || custom_spec == NULL) {
if (v2_spec == NULL) {
return -1;
}
if (custom_spec->log_config != NULL && custom_spec->log_config->log_file != NULL) {
v2_spec->log_path = util_strdup_s(custom_spec->log_config->log_file);
container_spec = v2_spec->config;
if (container_spec->log_config != NULL && container_spec->log_config->log_file != NULL) {
v2_spec->log_path = util_strdup_s(container_spec->log_config->log_file);
}
if (v2_spec->config == NULL) {
v2_spec->config = util_common_calloc_s(sizeof(container_config));
if (v2_spec->config == NULL) {
ERROR("Failed to malloc container_config_v2_common_config_config");
ret = -1;
goto out;
}
}
v2_spec->config->attach_stdin = custom_spec->attach_stdin;
v2_spec->config->attach_stdout = custom_spec->attach_stdout;
v2_spec->config->attach_stderr = custom_spec->attach_stderr;
v2_spec->config->tty = custom_spec->tty;
v2_spec->config->open_stdin = custom_spec->open_stdin;
if (custom_spec->user != NULL) {
v2_spec->config->user = util_strdup_s(custom_spec->user);
}
if (pack_path_and_args_from_custom_spec(custom_spec, v2_spec) != 0) {
ret = -1;
goto out;
}
ret = dup_array_of_strings((const char **)(custom_spec->cmd), custom_spec->cmd_len,
&(v2_spec->config->cmd), &(v2_spec->config->cmd_len));
if (ret != 0) {
goto out;
}
ret = dup_array_of_strings((const char **)(custom_spec->entrypoint), custom_spec->entrypoint_len,
&(v2_spec->config->entrypoint), &(v2_spec->config->entrypoint_len));
if (ret != 0) {
goto out;
}
ret = pack_container_config_labels(v2_spec, custom_spec);
if (ret != 0) {
ERROR("Failed to pack labels config");
ret = -1;
goto out;
}
ret = pack_container_config_health_check(v2_spec, custom_spec);
if (ret != 0) {
ERROR("Failed to pack health check config");
if (pack_path_and_args_from_container_spec(container_spec, v2_spec) != 0) {
ret = -1;
goto out;
}
@ -643,53 +444,6 @@ out:
return ret;
}
static int pack_envs_from_oci_spec(const oci_runtime_spec *oci_spec, const container_config_v2_common_config *v2_spec)
{
int ret = 0;
if (oci_spec->process != NULL && oci_spec->process->env != NULL) {
ret = dup_array_of_strings((const char **)(oci_spec->process->env), oci_spec->process->env_len,
&(v2_spec->config->env), &(v2_spec->config->env_len));
if (ret != 0) {
goto out;
}
}
out:
return ret;
}
static void pack_hostname_from_oci_spec(const oci_runtime_spec *oci_spec,
const container_config_v2_common_config *v2_spec)
{
if (oci_spec->hostname != NULL) {
free(v2_spec->config->hostname);
v2_spec->config->hostname = util_strdup_s(oci_spec->hostname);
}
}
/* container pack common config */
int v2_spec_merge_oci_spec(const oci_runtime_spec *oci_spec, container_config_v2_common_config *v2_spec)
{
if (oci_spec == NULL || v2_spec == NULL) {
ERROR("Invalid inputs for pack container common config");
return -1;
}
if (pack_envs_from_oci_spec(oci_spec, v2_spec) != 0) {
return -1;
}
pack_hostname_from_oci_spec(oci_spec, v2_spec);
if (pack_container_config_annotations_from_oci_spec(oci_spec, v2_spec) != 0) {
ERROR("Failed to pack annotations config");
return -1;
}
return 0;
}
/* save json config file */
static int save_json_config_file(const char *id, const char *rootpath,
const char *json_data, const char *fname)
@ -800,37 +554,6 @@ out:
return hostconfig;
}
static bool check_start_generate_config(const char *rootpath, const char *id)
{
#define START_GENERATE_CONFIG "start_generate_config.json"
int nret;
bool ret = false;
char filename[PATH_MAX] = { 0x00 };
parser_error err = NULL;
container_start_generate_config *config = NULL;
nret = snprintf(filename, sizeof(filename), "%s/%s/%s", rootpath, id, START_GENERATE_CONFIG);
if (nret < 0 || (size_t)nret >= sizeof(filename)) {
ERROR("Failed to print string");
goto out;
}
if (!util_file_exists(filename)) {
return true;
}
config = container_start_generate_config_parse_file(filename, NULL, &err);
if (config == NULL) {
ERROR("Failed to parse start generate config file:%s", err);
goto out;
}
ret = true;
out:
free(err);
free_container_start_generate_config(config);
return ret;
}
/* container save host config */
static int container_save_host_config(const container_t *cont)
{
@ -997,9 +720,6 @@ container_t *container_load(const char *runtime, const char *rootpath, const cha
return NULL;
}
if (!check_start_generate_config(rootpath, id)) {
return NULL;
}
v2config = read_config_v2(rootpath, id);
if (v2config == NULL) {
ERROR("Failed to read config v2 file:%s", id);
@ -1216,7 +936,7 @@ int container_exit_on_next(container_t *cont)
return ret;
}
/* this function should be called in container_lock */
/* this function should be called in container_lock*/
int container_wait_stop(container_t *cont, int timeout)
{
int ret = 0;

5
src/services/execution/manager/container_unix.h
View File

@ -19,7 +19,6 @@
#include "libisulad.h"
#include "util_atomic.h"
#include "container_custom_config.h"
#include "container_config_v2.h"
#include "host_config.h"
#include "container_state.h"
@ -81,9 +80,7 @@ char *container_get_env_nolock(const container_t *cont, const char *key);
int v2_spec_make_basic_info(const char *id, const char *name, const char *image_name, const char *image_type,
container_config_v2_common_config *v2_spec);
int v2_spec_merge_custom_spec(const container_custom_config *custom_spec, container_config_v2_common_config *v2_spec);
int v2_spec_merge_oci_spec(const oci_runtime_spec *oci_spec, container_config_v2_common_config *v2_spec);
int v2_spec_merge_contaner_spec(container_config_v2_common_config *v2_spec);
char *container_get_command(const container_t *cont);

23
src/services/execution/manager/restore.c
View File

@ -291,18 +291,8 @@ static int restore_state(container_t *cont)
const char *runtime = cont->runtime;
rt_status_params_t params = { 0 };
struct engine_container_status_info real_status = { 0 };
Container_Status status = CONTAINER_STATUS_UNKNOWN;
Container_Status status = state_get_status(cont->state);
params.rootpath = cont->root_path;
nret = runtime_status(id, runtime, &params, &real_status);
if (nret != 0) {
ERROR("Failed to restore container %s, due to can not load container status", id);
ret = -1;
goto out;
}
status = state_get_status(cont->state);
(void)container_exit_on_next(cont); /* cancel restart policy */
#ifdef ENABLE_OCI_IMAGE
@ -314,6 +304,14 @@ static int restore_state(container_t *cont)
}
#endif
params.rootpath = cont->root_path;
nret = runtime_status(id, runtime, &params, &real_status);
if (nret != 0) {
ERROR("Failed to restore container %s, make real status to STOPPED. Due to can not load container with status %d", id,
status);
real_status.status = ENGINE_CONTAINER_STATUS_STOPPED;
}
if (real_status.status == ENGINE_CONTAINER_STATUS_STOPPED) {
ret = restore_stopped_container(status, cont, &need_save);
if (ret != 0) {
@ -335,12 +333,11 @@ static int restore_state(container_t *cont)
goto out;
}
out:
if (is_removal_in_progress(cont->state)) {
state_reset_removal_in_progress(cont->state);
need_save = true;
}
out:
if (need_save && container_to_disk(cont) != 0) {
ERROR("Failed to re-save container \"%s\" to disk", id);
ret = -1;

485
src/services/execution/spec/specs.c
View File

@ -35,7 +35,6 @@
#include "oci_runtime_hooks.h"
#include "docker_seccomp.h"
#include "host_config.h"
#include "container_custom_config.h"
#include "utils.h"
#include "config.h"
#include "isulad_config.h"
@ -45,6 +44,7 @@
#include "specs_extend.h"
#include "image.h"
#include "path.h"
#include "constants.h"
#ifndef CLONE_NEWUTS
#define CLONE_NEWUTS 0x04000000
@ -74,26 +74,40 @@
#define CLONE_NEWCGROUP 0x02000000
#endif
#define OCICONFIGJSON "ociconfig.json"
static int make_sure_oci_spec_annotations(oci_runtime_spec *oci_spec)
{
if (oci_spec->annotations == NULL) {
oci_spec->annotations = util_common_calloc_s(sizeof(json_map_string_string));
if (oci_spec->annotations == NULL) {
return -1;
}
}
return 0;
}
static int merge_annotations(oci_runtime_spec *oci_spec, container_custom_config *custom_conf)
static int merge_annotations(oci_runtime_spec *oci_spec, const container_config *container_spec)
{
int ret = 0;
size_t i;
if (custom_conf->annotations != NULL && custom_conf->annotations->len) {
if (oci_spec->annotations->len > LIST_SIZE_MAX - custom_conf->annotations->len) {
ret = make_sure_oci_spec_annotations(oci_spec);
if (ret < 0) {
goto out;
}
if (container_spec->annotations != NULL && container_spec->annotations->len) {
if (oci_spec->annotations->len > LIST_SIZE_MAX - container_spec->annotations->len) {
ERROR("Too many annotations to add, the limit is %d", LIST_SIZE_MAX);
isulad_set_error_message("Too many annotations to add, the limit is %d", LIST_SIZE_MAX);
ret = -1;
goto out;
}
for (i = 0; i < custom_conf->annotations->len; i++) {
ret = append_json_map_string_string(oci_spec->annotations, custom_conf->annotations->keys[i],
custom_conf->annotations->values[i]);
for (i = 0; i < container_spec->annotations->len; i++) {
ret = append_json_map_string_string(oci_spec->annotations, container_spec->annotations->keys[i],
container_spec->annotations->values[i]);
if (ret != 0) {
ERROR("Failed to append annotation:%s, value:%s", custom_conf->annotations->keys[i],
custom_conf->annotations->values[i]);
ERROR("Failed to append annotation:%s, value:%s", container_spec->annotations->keys[i],
container_spec->annotations->values[i]);
goto out;
}
}
@ -102,16 +116,16 @@ out:
return ret;
}
static int make_annotations_log_console(const oci_runtime_spec *oci_spec, const container_custom_config *custom_conf)
static int make_annotations_log_console(const container_config *container_spec)
{
int ret = 0;
int nret = 0;
char tmp_str[ISULAD_NUMSTRLEN64] = {0};
if (custom_conf->log_config != NULL) {
if (custom_conf->log_config->log_file != NULL) {
if (append_json_map_string_string(oci_spec->annotations, CONTAINER_LOG_CONFIG_KEY_FILE,
custom_conf->log_config->log_file)) {
if (container_spec->log_config != NULL) {
if (container_spec->log_config->log_file != NULL) {
if (append_json_map_string_string(container_spec->annotations, CONTAINER_LOG_CONFIG_KEY_FILE,
container_spec->log_config->log_file)) {
ERROR("append log console file failed");
ret = -1;
goto out;
@ -119,22 +133,22 @@ static int make_annotations_log_console(const oci_runtime_spec *oci_spec, const
}
nret = snprintf(tmp_str, sizeof(tmp_str), "%llu",
(unsigned long long)(custom_conf->log_config->log_file_rotate));
(unsigned long long)(container_spec->log_config->log_file_rotate));
if (nret < 0 || (size_t)nret >= sizeof(tmp_str)) {
ERROR("create rotate string failed");
ret = -1;
goto out;
}
if (append_json_map_string_string(oci_spec->annotations, CONTAINER_LOG_CONFIG_KEY_ROTATE, tmp_str)) {
if (append_json_map_string_string(container_spec->annotations, CONTAINER_LOG_CONFIG_KEY_ROTATE, tmp_str)) {
ERROR("append log console file rotate failed");
ret = -1;
goto out;
}
if (custom_conf->log_config->log_file_size != NULL) {
if (append_json_map_string_string(oci_spec->annotations, CONTAINER_LOG_CONFIG_KEY_SIZE,
custom_conf->log_config->log_file_size)) {
if (container_spec->log_config->log_file_size != NULL) {
if (append_json_map_string_string(container_spec->annotations, CONTAINER_LOG_CONFIG_KEY_SIZE,
container_spec->log_config->log_file_size)) {
ERROR("append log console file size failed");
ret = -1;
goto out;
@ -146,12 +160,12 @@ out:
return ret;
}
static int make_annotations_network_mode(const oci_runtime_spec *oci_spec, const host_config *host_spec)
static int make_annotations_network_mode(const container_config *container_spec, const host_config *host_spec)
{
int ret = 0;
if (host_spec->network_mode != NULL) {
if (append_json_map_string_string(oci_spec->annotations, "host.network.mode", host_spec->network_mode)) {
if (append_json_map_string_string(container_spec->annotations, "host.network.mode", host_spec->network_mode)) {
ERROR("append network mode failed");
ret = -1;
goto out;
@ -162,12 +176,12 @@ out:
return ret;
}
static int make_annotations_system_container(const oci_runtime_spec *oci_spec, const host_config *host_spec)
static int make_annotations_system_container(const container_config *container_spec, const host_config *host_spec)
{
int ret = 0;
if (host_spec->system_container) {
if (append_json_map_string_string(oci_spec->annotations, "system.container", "true")) {
if (append_json_map_string_string(container_spec->annotations, "system.container", "true")) {
ERROR("Realloc annotations failed");
ret = -1;
goto out;
@ -178,7 +192,7 @@ out:
return ret;
}
static int make_annotations_cgroup_dir(const oci_runtime_spec *oci_spec, const host_config *host_spec)
static int make_annotations_cgroup_dir(const container_config *container_spec, const host_config *host_spec)
{
int ret = 0;
char cleaned[PATH_MAX] = { 0 };
@ -199,7 +213,7 @@ static int make_annotations_cgroup_dir(const oci_runtime_spec *oci_spec, const h
ret = -1;
goto out;
}
if (append_json_map_string_string(oci_spec->annotations, "cgroup.dir", cleaned)) {
if (append_json_map_string_string(container_spec->annotations, "cgroup.dir", cleaned)) {
ERROR("Realloc annotations failed");
ret = -1;
goto out;
@ -210,7 +224,7 @@ out:
return ret;
}
static int make_annotations_oom_score_adj(const oci_runtime_spec *oci_spec, const host_config *host_spec)
static int make_annotations_oom_score_adj(const container_config *container_spec, const host_config *host_spec)
{
int ret = 0;
char tmp_str[ISULAD_NUMSTRLEN64 + 1] = { 0 };
@ -223,7 +237,7 @@ static int make_annotations_oom_score_adj(const oci_runtime_spec *oci_spec, cons
ret = -1;
goto out;
}
if (append_json_map_string_string(oci_spec->annotations, "proc.oom_score_adj", tmp_str)) {
if (append_json_map_string_string(container_spec->annotations, "proc.oom_score_adj", tmp_str)) {
ERROR("append oom score adj which configure proc filesystem for the container failed ");
ret = -1;
goto out;
@ -234,7 +248,7 @@ out:
return ret;
}
static int make_annotations_files_limit(const oci_runtime_spec *oci_spec, const host_config *host_spec)
static int make_annotations_files_limit(const container_config *container_spec, const host_config *host_spec)
{
int ret = 0;
char tmp_str[ISULAD_NUMSTRLEN64 + 1] = { 0 };
@ -250,7 +264,7 @@ static int make_annotations_files_limit(const oci_runtime_spec *oci_spec, const
goto out;
}
if (append_json_map_string_string(oci_spec->annotations, "files.limit", tmp_str)) {
if (append_json_map_string_string(container_spec->annotations, "files.limit", tmp_str)) {
ERROR("append files limit failed");
ret = -1;
goto out;
@ -261,63 +275,117 @@ out:
return ret;
}
static int make_sure_oci_spec_annotations(oci_runtime_spec *oci_spec)
static int make_sure_container_spec_annotations(container_config *container_spec)
{
if (oci_spec->annotations == NULL) {
oci_spec->annotations = util_common_calloc_s(sizeof(json_map_string_string));
if (oci_spec->annotations == NULL) {
if (container_spec->annotations == NULL) {
container_spec->annotations = util_common_calloc_s(sizeof(json_map_string_string));
if (container_spec->annotations == NULL) {
return -1;
}
}
return 0;
}
static int make_annotations(oci_runtime_spec *oci_spec, container_custom_config *custom_conf, host_config *host_spec)
static inline bool is_valid_umask_value(const char *value)
{
return (strcmp(value, UMASK_NORMAL) == 0 || strcmp(value, UMASK_SECURE) == 0);
}
static int add_native_umask(const container_config *container_spec)
{
int ret = 0;
size_t i = 0;
char *umask = NULL;
for (i = 0; i < container_spec->annotations->len; i++) {
if (strcmp(container_spec->annotations->keys[i], ANNOTATION_UMAKE_KEY) == 0) {
if (!is_valid_umask_value(container_spec->annotations->values[i])) {
ERROR("native.umask option %s not supported", container_spec->annotations->values[i]);
isulad_set_error_message("native.umask option %s not supported", container_spec->annotations->values[i]);
ret = -1;
}
goto out;
}
}
umask = conf_get_isulad_native_umask();
if (umask == NULL) {
ERROR("Failed to get default native umask");
ret = -1;
goto out;
}
if (append_json_map_string_string(container_spec->annotations, ANNOTATION_UMAKE_KEY, umask)) {
ERROR("Failed to append annotations: native.umask=%s", umask);
ret = -1;
goto out;
}
out:
free(umask);
return ret;
}
static int make_annotations(oci_runtime_spec *oci_spec, container_config *container_spec, host_config *host_spec)
{
int ret = 0;
ret = make_sure_oci_spec_annotations(oci_spec);
ret = make_sure_container_spec_annotations(container_spec);
if (ret < 0) {
goto out;
}
ret = make_annotations_network_mode(oci_spec, host_spec);
ret = make_annotations_network_mode(container_spec, host_spec);
if (ret != 0) {
ret = -1;
goto out;
}
ret = make_annotations_system_container(oci_spec, host_spec);
ret = make_annotations_system_container(container_spec, host_spec);
if (ret != 0) {
ret = -1;
goto out;
}
ret = make_annotations_cgroup_dir(oci_spec, host_spec);
ret = make_annotations_cgroup_dir(container_spec, host_spec);
if (ret != 0) {
ret = -1;
goto out;
}
ret = make_annotations_oom_score_adj(oci_spec, host_spec);
ret = make_annotations_oom_score_adj(container_spec, host_spec);
if (ret != 0) {
ret = -1;
goto out;
}
ret = make_annotations_files_limit(oci_spec, host_spec);
ret = make_annotations_files_limit(container_spec, host_spec);
if (ret != 0) {
ret = -1;
goto out;
}
ret = make_annotations_log_console(oci_spec, custom_conf);
ret = make_annotations_log_console(container_spec);
if (ret != 0) {
ret = -1;
goto out;
}
if (merge_annotations(oci_spec, custom_conf)) {
/* add rootfs.mount */
ret = add_rootfs_mount(container_spec);
if (ret != 0) {
ERROR("Failed to add rootfs mount");
goto out;
}
/* add native.umask */
ret = add_native_umask(container_spec);
if (ret != 0) {
ERROR("Failed to add native umask");
goto out;
}
if (merge_annotations(oci_spec, container_spec)) {
ret = -1;
goto out;
}
@ -407,7 +475,7 @@ static int make_sure_oci_spec_linux_resources_cpu(oci_runtime_spec *oci_spec)
}
if (oci_spec->linux->resources->cpu == NULL) {
oci_spec->linux->resources->cpu = util_common_calloc_s(sizeof(oci_runtime_config_linux_resources_cpu));
oci_spec->linux->resources->cpu = util_common_calloc_s(sizeof(defs_resources_cpu));
if (oci_spec->linux->resources->cpu == NULL) {
return -1;
}
@ -532,7 +600,7 @@ static int make_sure_oci_spec_linux_resources_mem(oci_runtime_spec *oci_spec)
}
if (oci_spec->linux->resources->memory == NULL) {
oci_spec->linux->resources->memory = util_common_calloc_s(sizeof(oci_runtime_config_linux_resources_memory));
oci_spec->linux->resources->memory = util_common_calloc_s(sizeof(defs_resources_memory));
if (oci_spec->linux->resources->memory == NULL) {
return -1;
}
@ -559,28 +627,9 @@ static int merge_memory_oom_kill_disable(oci_runtime_spec *oci_spec, bool oom_ki
{
int ret = 0;
if (oci_spec->linux == NULL) {
oci_spec->linux = util_common_calloc_s(sizeof(oci_runtime_config_linux));
if (oci_spec->linux == NULL) {
ret = -1;
goto out;
}
}
if (oci_spec->linux->resources == NULL) {
oci_spec->linux->resources = util_common_calloc_s(sizeof(oci_runtime_config_linux_resources));
if (oci_spec->linux->resources == NULL) {
ret = -1;
goto out;
}
}
if (oci_spec->linux->resources->memory == NULL) {
oci_spec->linux->resources->memory = util_common_calloc_s(sizeof(oci_runtime_config_linux_resources_memory));
if (oci_spec->linux->resources->memory == NULL) {
ret = -1;
goto out;
}
ret = make_sure_oci_spec_linux_resources_mem(oci_spec);
if (ret < 0) {
goto out;
}
oci_spec->linux->resources->memory->disable_oom_killer = oom_kill_disable;
@ -639,23 +688,23 @@ static int merge_hugetlbs(oci_runtime_spec *oci_spec, host_config_hugetlbs_eleme
int ret = 0;
size_t i = 0;
size_t new_size, old_size;
oci_runtime_config_linux_resources_hugepage_limits_element **hugepage_limits_temp = NULL;
defs_resources_hugepage_limits_element **hugepage_limits_temp = NULL;
ret = make_sure_oci_spec_linux_resources(oci_spec);
if (ret < 0) {
goto out;
}
if (hugetlbs_len > SIZE_MAX / sizeof(oci_runtime_config_linux_resources_hugepage_limits_element *) -
if (hugetlbs_len > SIZE_MAX / sizeof(defs_resources_hugepage_limits_element *) -
oci_spec->linux->resources->hugepage_limits_len) {
ERROR("Too many hugetlbs to merge!");
ret = -1;
goto out;
}
old_size = oci_spec->linux->resources->hugepage_limits_len *
sizeof(oci_runtime_config_linux_resources_hugepage_limits_element *);
sizeof(defs_resources_hugepage_limits_element *);
new_size = (oci_spec->linux->resources->hugepage_limits_len + hugetlbs_len)
* sizeof(oci_runtime_config_linux_resources_hugepage_limits_element *);
* sizeof(defs_resources_hugepage_limits_element *);
ret = mem_realloc((void **)&hugepage_limits_temp, new_size,
oci_spec->linux->resources->hugepage_limits, old_size);
if (ret != 0) {
@ -668,7 +717,7 @@ static int merge_hugetlbs(oci_runtime_spec *oci_spec, host_config_hugetlbs_eleme
for (i = 0; i < hugetlbs_len; i++) {
oci_spec->linux->resources->hugepage_limits[oci_spec->linux->resources->hugepage_limits_len]
= util_common_calloc_s(sizeof(oci_runtime_config_linux_resources_hugepage_limits_element));
= util_common_calloc_s(sizeof(defs_resources_hugepage_limits_element));
if (oci_spec->linux->resources->hugepage_limits[oci_spec->linux->resources->hugepage_limits_len] == NULL) {
ERROR("Failed to malloc memory for hugepage limits");
ret = -1;
@ -727,7 +776,7 @@ out:
return ret;
}
static void clean_correlated_selinux(oci_runtime_spec_process *process)
static void clean_correlated_selinux(defs_process *process)
{
if (process == NULL) {
return;
@ -851,7 +900,7 @@ static int make_sure_oci_spec_linux_resources_pids(oci_runtime_spec *oci_spec)
}
if (oci_spec->linux->resources->pids == NULL) {
oci_spec->linux->resources->pids = util_common_calloc_s(sizeof(oci_runtime_config_linux_resources_pids));
oci_spec->linux->resources->pids = util_common_calloc_s(sizeof(defs_resources_pids));
if (oci_spec->linux->resources->pids == NULL) {
return -1;
}
@ -875,28 +924,12 @@ out:
}
static int merge_hostname(oci_runtime_spec *oci_spec, const host_config *host_spec,
container_custom_config *custom_spec)
container_config *container_spec)
{
int ret = 0;
if (custom_spec->hostname == NULL) {
if (host_spec->network_mode != NULL && !strcmp(host_spec->network_mode, "host")) {
char hostname[MAX_HOST_NAME_LEN] = { 0x00 };
ret = gethostname(hostname, sizeof(hostname));
if (ret != 0) {
ERROR("Get hostname error");
goto out;
}
custom_spec->hostname = util_strdup_s(hostname);
} else {
custom_spec->hostname = util_strdup_s("localhost");
}
}
free(oci_spec->hostname);
oci_spec->hostname = util_strdup_s(custom_spec->hostname);
out:
return ret;
oci_spec->hostname = util_strdup_s(container_spec->hostname);
return 0;
}
static int merge_conf_cgroup_cpu_int64(oci_runtime_spec *oci_spec, const host_config *host_spec)
@ -1056,7 +1089,7 @@ out:
}
static int do_merge_one_ulimit_override(const oci_runtime_spec *oci_spec,
oci_runtime_spec_process_rlimits_element *rlimit)
defs_process_rlimits_element *rlimit)
{
size_t j;
bool exists = false;
@ -1075,7 +1108,7 @@ static int do_merge_one_ulimit_override(const oci_runtime_spec *oci_spec,
}
if (exists) {
/* override ulimit */
free_oci_runtime_spec_process_rlimits_element(oci_spec->process->rlimits[j]);
free_defs_process_rlimits_element(oci_spec->process->rlimits[j]);
oci_spec->process->rlimits[j] = rlimit;
} else {
oci_spec->process->rlimits[oci_spec->process->rlimits_len] = rlimit;
@ -1087,7 +1120,7 @@ static int do_merge_one_ulimit_override(const oci_runtime_spec *oci_spec,
static int merge_one_ulimit_override(const oci_runtime_spec *oci_spec, const host_config_ulimits_element *ulimit)
{
oci_runtime_spec_process_rlimits_element *rlimit = NULL;
defs_process_rlimits_element *rlimit = NULL;
if (trans_ulimit_to_rlimit(&rlimit, ulimit) != 0) {
return -1;
@ -1184,7 +1217,7 @@ out:
return ret;
}
static int merge_conf_cgroup(oci_runtime_spec *oci_spec, const host_config *host_spec)
int merge_conf_cgroup(oci_runtime_spec *oci_spec, const host_config *host_spec)
{
int ret = 0;
@ -1253,7 +1286,7 @@ static int prepare_process_args(oci_runtime_spec *oci_spec, size_t args_len)
return 0;
}
static int replace_entrypoint_cmds_from_spec(const oci_runtime_spec *oci_spec, container_custom_config *custom_spec)
static int replace_entrypoint_cmds_from_spec(const oci_runtime_spec *oci_spec, container_config *container_spec)
{
if (oci_spec->process->args_len == 0) {
ERROR("No command specified");
@ -1261,27 +1294,27 @@ static int replace_entrypoint_cmds_from_spec(const oci_runtime_spec *oci_spec, c
return -1;
}
return dup_array_of_strings((const char **)(oci_spec->process->args), oci_spec->process->args_len,
&(custom_spec->cmd), &(custom_spec->cmd_len));
&(container_spec->cmd), &(container_spec->cmd_len));
}
static int merge_conf_args(oci_runtime_spec *oci_spec, container_custom_config *custom_spec)
static int merge_conf_args(oci_runtime_spec *oci_spec, container_config *container_spec)
{
int ret = 0;
size_t argslen = 0;
size_t i = 0;
// Reset entrypoint if we do not want to use entrypoint from image
if (custom_spec->entrypoint_len == 1 && custom_spec->entrypoint[0][0] == '\0') {
free(custom_spec->entrypoint[0]);
custom_spec->entrypoint[0] = NULL;
free(custom_spec->entrypoint);
custom_spec->entrypoint = NULL;
custom_spec->entrypoint_len = 0;
if (container_spec->entrypoint_len == 1 && container_spec->entrypoint[0][0] == '\0') {
free(container_spec->entrypoint[0]);
container_spec->entrypoint[0] = NULL;
free(container_spec->entrypoint);
container_spec->entrypoint = NULL;
container_spec->entrypoint_len = 0;
}
argslen = custom_spec->cmd_len;
if (custom_spec->entrypoint_len != 0) {
argslen += custom_spec->entrypoint_len;
argslen = container_spec->cmd_len;
if (container_spec->entrypoint_len != 0) {
argslen += container_spec->entrypoint_len;
}
if (argslen > LIST_SIZE_MAX) {
@ -1291,7 +1324,7 @@ static int merge_conf_args(oci_runtime_spec *oci_spec, container_custom_config *
}
if (argslen == 0) {
return replace_entrypoint_cmds_from_spec(oci_spec, custom_spec);
return replace_entrypoint_cmds_from_spec(oci_spec, container_spec);
}
if (prepare_process_args(oci_spec, argslen) < 0) {
@ -1300,13 +1333,13 @@ static int merge_conf_args(oci_runtime_spec *oci_spec, container_custom_config *
}
// append commands... to entrypoint
for (i = 0; custom_spec->entrypoint != NULL && i < custom_spec->entrypoint_len; i++) {
oci_spec->process->args[oci_spec->process->args_len] = util_strdup_s(custom_spec->entrypoint[i]);
for (i = 0; container_spec->entrypoint != NULL && i < container_spec->entrypoint_len; i++) {
oci_spec->process->args[oci_spec->process->args_len] = util_strdup_s(container_spec->entrypoint[i]);
oci_spec->process->args_len++;
}
for (i = 0; custom_spec->cmd != NULL && i < custom_spec->cmd_len; i++) {
oci_spec->process->args[oci_spec->process->args_len] = util_strdup_s(custom_spec->cmd[i]);
for (i = 0; container_spec->cmd != NULL && i < container_spec->cmd_len; i++) {
oci_spec->process->args[oci_spec->process->args_len] = util_strdup_s(container_spec->cmd[i]);
oci_spec->process->args_len++;
}
@ -1321,7 +1354,7 @@ static int merge_share_namespace_helper(const oci_runtime_spec *oci_spec, const
size_t len = 0;
size_t org_len = 0;
size_t i = 0;
oci_runtime_defs_linux_namespace_reference **work_ns = NULL;
defs_namespace_reference **work_ns = NULL;
org_len = oci_spec->linux->namespaces_len;
len = oci_spec->linux->namespaces_len;
@ -1329,7 +1362,7 @@ static int merge_share_namespace_helper(const oci_runtime_spec *oci_spec, const
tmp_mode = get_share_namespace_path(type, mode);
for (i = 0; i < org_len; i++) {
if (strcmp(mode, work_ns[i]->type) == 0) {
if (strcmp(type, work_ns[i]->type) == 0) {
free(work_ns[i]->path);
work_ns[i]->path = NULL;
if (tmp_mode != NULL) {
@ -1338,20 +1371,21 @@ static int merge_share_namespace_helper(const oci_runtime_spec *oci_spec, const
break;
}
}
if (i >= org_len) {
if (len > (SIZE_MAX / sizeof(oci_runtime_defs_linux_namespace_reference *)) - 1) {
if (len > (SIZE_MAX / sizeof(defs_namespace_reference *)) - 1) {
ret = -1;
ERROR("Out of memory");
goto out;
}
ret = mem_realloc((void **)&work_ns, (len + 1) * sizeof(oci_runtime_defs_linux_namespace_reference *),
(void *)work_ns, len * sizeof(oci_runtime_defs_linux_namespace_reference *));
ret = mem_realloc((void **)&work_ns, (len + 1) * sizeof(defs_namespace_reference *),
(void *)work_ns, len * sizeof(defs_namespace_reference *));
if (ret != 0) {
ERROR("Out of memory");
goto out;
}
work_ns[len] = util_common_calloc_s(sizeof(oci_runtime_defs_linux_namespace_reference));
work_ns[len] = util_common_calloc_s(sizeof(defs_namespace_reference));
if (work_ns[len] == NULL) {
ERROR("Out of memory");
ret = -1;
@ -1495,7 +1529,7 @@ out:
}
static int merge_settings_for_system_container(oci_runtime_spec *oci_spec, host_config *host_spec,
container_custom_config *custom_spec)
container_config *container_spec)
{
int ret = -1;
@ -1519,8 +1553,8 @@ static int merge_settings_for_system_container(oci_runtime_spec *oci_spec, host_
}
// append mounts of oci_spec
if (custom_spec->ns_change_opt != NULL) {
ret = adapt_settings_for_mounts(oci_spec, custom_spec);
if (container_spec->ns_change_opt != NULL) {
ret = adapt_settings_for_mounts(oci_spec, container_spec);
if (ret != 0) {
ERROR("Failed to adapt settings for ns_change_opt");
goto out;
@ -1532,7 +1566,7 @@ out:
}
static int merge_resources_conf(oci_runtime_spec *oci_spec, host_config *host_spec,
container_custom_config *custom_spec, container_config_v2_common_config *common_config)
container_config_v2_common_config *v2_spec)
{
int ret = 0;
@ -1551,7 +1585,7 @@ static int merge_resources_conf(oci_runtime_spec *oci_spec, host_config *host_sp
goto out;
}
ret = merge_conf_mounts(oci_spec, custom_spec, host_spec, common_config);
ret = merge_conf_mounts(oci_spec, host_spec, v2_spec);
if (ret) {
goto out;
}
@ -1559,18 +1593,33 @@ out:
return ret;
}
static int merge_process_conf(oci_runtime_spec *oci_spec, const host_config *host_spec,
container_custom_config *custom_spec)
static int merge_terminal(oci_runtime_spec *oci_spec, bool terminal)
{
int ret = 0;
ret = merge_conf_args(oci_spec, custom_spec);
ret = make_sure_oci_spec_process(oci_spec);
if (ret < 0) {
goto out;
}
oci_spec->process->terminal = terminal;
out:
return ret;
}
static int merge_process_conf(oci_runtime_spec *oci_spec, const host_config *host_spec,
container_config *container_spec)
{
int ret = 0;
ret = merge_conf_args(oci_spec, container_spec);
if (ret != 0) {
goto out;
}
/* environment variables */
ret = merge_env(oci_spec, (const char **)custom_spec->env, custom_spec->env_len);
ret = merge_env(oci_spec, (const char **)container_spec->env, container_spec->env_len);
if (ret != 0) {
ERROR("Failed to merge environment variables");
goto out;
@ -1584,7 +1633,7 @@ static int merge_process_conf(oci_runtime_spec *oci_spec, const host_config *hos
}
/* working dir */
ret = merge_working_dir(oci_spec, custom_spec->working_dir);
ret = merge_working_dir(oci_spec, container_spec->working_dir);
if (ret != 0) {
ERROR("Failed to merge working dir");
goto out;
@ -1597,6 +1646,13 @@ static int merge_process_conf(oci_runtime_spec *oci_spec, const host_config *hos
goto out;
}
/* merge whether allocate a pseudo-TTY */
ret = merge_terminal(oci_spec, container_spec->tty);
if (ret != 0) {
ERROR("Failed to merge process terminal");
goto out;
}
out:
return ret;
}
@ -1630,17 +1686,25 @@ out:
}
static int merge_conf(oci_runtime_spec *oci_spec, host_config *host_spec,
container_custom_config *custom_spec, container_config_v2_common_config *common_config)
int merge_all_specs(host_config *host_spec, const char *real_rootfs,
container_config_v2_common_config *v2_spec, oci_runtime_spec *oci_spec)
{
int ret = 0;
ret = merge_resources_conf(oci_spec, host_spec, custom_spec, common_config);
ret = merge_root(oci_spec, real_rootfs, host_spec);
if (ret != 0) {
ERROR("Failed to merge root");
goto out;
}
v2_spec->base_fs = util_strdup_s(real_rootfs);
ret = merge_resources_conf(oci_spec, host_spec, v2_spec);
if (ret != 0) {
goto out;
}
ret = merge_process_conf(oci_spec, host_spec, custom_spec);
ret = merge_process_conf(oci_spec, host_spec, v2_spec->config);
if (ret != 0) {
goto out;
}
@ -1659,7 +1723,7 @@ static int merge_conf(oci_runtime_spec *oci_spec, host_config *host_spec,
}
/* settings for system container */
ret = merge_settings_for_system_container(oci_spec, host_spec, custom_spec);
ret = merge_settings_for_system_container(oci_spec, host_spec, v2_spec->config);
if (ret != 0) {
ERROR("Failed to merge system container conf");
goto out;
@ -1672,13 +1736,13 @@ static int merge_conf(oci_runtime_spec *oci_spec, host_config *host_spec,
goto out;
}
ret = merge_hostname(oci_spec, host_spec, custom_spec);
ret = merge_hostname(oci_spec, host_spec, v2_spec->config);
if (ret != 0) {
ERROR("Failed to merge hostname");
goto out;
}
ret = make_annotations(oci_spec, custom_spec, host_spec);
ret = make_annotations(oci_spec, v2_spec->config, host_spec);
if (ret != 0) {
ret = -1;
goto out;
@ -1700,97 +1764,6 @@ out:
return ret;
}
/* merge the default config with host config and image config and custom config */
oci_runtime_spec *merge_container_config(const char *id, const char *image_type, const char *image_name,
const char *ext_config_image, host_config *host_spec,
container_custom_config *custom_spec,
container_config_v2_common_config *v2_spec, char **real_rootfs)
{
oci_runtime_spec *oci_spec = NULL;
parser_error err = NULL;
int ret = 0;
oci_spec = default_spec(host_spec->system_container);
if (oci_spec == NULL) {
goto out;
}
ret = make_sure_oci_spec_linux(oci_spec);
if (ret < 0) {
goto out;
}
ret = im_merge_image_config(id, image_type, image_name, ext_config_image, oci_spec, host_spec,
custom_spec, real_rootfs);
if (ret != 0) {
ERROR("Can not merge with image config");
goto free_out;
}
if (*real_rootfs != NULL) {
ret = merge_root(oci_spec, *real_rootfs, host_spec);
if (ret != 0) {
ERROR("Failed to merge root");
goto free_out;
}
v2_spec->base_fs = util_strdup_s(*real_rootfs);
}
ret = merge_conf(oci_spec, host_spec, custom_spec, v2_spec);
if (ret != 0) {
ERROR("Failed to merge config");
goto free_out;
}
goto out;
free_out:
free_oci_runtime_spec(oci_spec);
oci_spec = NULL;
out:
free(err);
return oci_spec;
}
static inline bool is_valid_umask_value(const char *value)
{
return (strcmp(value, UMASK_NORMAL) == 0 || strcmp(value, UMASK_SECURE) == 0);
}
static int add_native_umask(const oci_runtime_spec *container)
{
int ret = 0;
size_t i = 0;
char *umask = NULL;
for (i = 0; i < container->annotations->len; i++) {
if (strcmp(container->annotations->keys[i], ANNOTATION_UMAKE_KEY) == 0) {
if (!is_valid_umask_value(container->annotations->values[i])) {
ERROR("native.umask option %s not supported", container->annotations->values[i]);
isulad_set_error_message("native.umask option %s not supported", container->annotations->values[i]);
ret = -1;
}
goto out;
}
}
umask = conf_get_isulad_native_umask();
if (umask == NULL) {
ERROR("Failed to get default native umask");
ret = -1;
goto out;
}
if (append_json_map_string_string(container->annotations, ANNOTATION_UMAKE_KEY, umask)) {
ERROR("Failed to append annotations: native.umask=%s", umask);
ret = -1;
goto out;
}
out:
free(umask);
return ret;
}
/* merge the default config with host config and custom config */
int merge_global_config(oci_runtime_spec *oci_spec)
{
@ -1808,33 +1781,19 @@ int merge_global_config(oci_runtime_spec *oci_spec)
goto out;
}
/* add rootfs.mount */
ret = add_rootfs_mount(oci_spec);
if (ret != 0) {
ERROR("Failed to add rootfs mount");
goto out;
}
/* add native.umask */
ret = add_native_umask(oci_spec);
if (ret != 0) {
ERROR("Failed to add native umask");
goto out;
}
out:
return ret;
}
/* read oci config */
oci_runtime_spec *read_oci_config(const char *rootpath, const char *name)
oci_runtime_spec *load_oci_config(const char *rootpath, const char *name)
{
int nret;
char filename[PATH_MAX] = { 0x00 };
parser_error err = NULL;
oci_runtime_spec *ociconfig = NULL;
nret = snprintf(filename, sizeof(filename), "%s/%s/%s", rootpath, name, OCICONFIGJSON);
nret = snprintf(filename, sizeof(filename), "%s/%s/%s", rootpath, name, OCI_CONFIG_JSON);
if (nret < 0 || (size_t)nret >= sizeof(filename)) {
ERROR("Failed to print string");
goto out;
@ -1851,3 +1810,39 @@ out:
return ociconfig;
}
int save_oci_config(const char *id, const char *rootpath, const oci_runtime_spec *oci_spec)
{
int ret = 0;
int nret = 0;
char *json_container = NULL;
char file_path[PATH_MAX] = { 0x0 };
struct parser_context ctx = { OPT_PARSE_STRICT, stderr };
parser_error err = NULL;
nret = snprintf(file_path, PATH_MAX, "%s/%s/%s", rootpath, id, OCI_CONFIG_JSON);
if (nret < 0 || nret >= PATH_MAX) {
ERROR("Failed to print string");
ret = -1;
goto out_free;
}
json_container = oci_runtime_spec_generate_json(oci_spec, &ctx, &err);
if (json_container == NULL) {
ERROR("Failed to generate json: %s", err);
ret = -1;
goto out_free;
}
if (util_write_file(file_path, json_container, strlen(json_container)) != 0) {
ERROR("write json container failed: %s", strerror(errno));
ret = -1;
goto out_free;
}
out_free:
free(err);
free(json_container);
return ret;
}

15
src/services/execution/spec/specs.h
View File

@ -18,17 +18,20 @@
#include <stdint.h>
#include "libisulad.h"
#include "host_config.h"
#include "container_custom_config.h"
#include "container_config_v2.h"
#include "oci_runtime_hooks.h"
#include "oci_runtime_spec.h"
oci_runtime_spec *merge_container_config(const char *id, const char *image_type, const char *image_name,
const char *ext_image_name, host_config *host_spec,
container_custom_config *custom_spec,
container_config_v2_common_config *v2_spec, char **real_rootfs);
int merge_all_specs(host_config *host_spec,
const char *real_rootfs,
container_config_v2_common_config *v2_spec, oci_runtime_spec *oci_spec);
int merge_global_config(oci_runtime_spec *oci_spec);
oci_runtime_spec *read_oci_config(const char *rootpath, const char *name);
oci_runtime_spec *load_oci_config(const char *rootpath, const char *name);
oci_runtime_spec *default_spec(bool system_container);
int merge_conf_cgroup(oci_runtime_spec *oci_spec, const host_config *host_spec);
int save_oci_config(const char *id, const char *rootpath, const oci_runtime_spec *oci_spec);
#endif

81
src/services/execution/spec/specs_extend.c
View File

@ -32,7 +32,6 @@
#include "log.h"
#include "oci_runtime_spec.h"
#include "host_config.h"
#include "container_custom_config.h"
#include "utils.h"
#include "config.h"
#include "path.h"
@ -572,7 +571,7 @@ static bool b_user_found(const char *user, const struct passwd *pwbufp)
}
static int proc_by_fpasswd(FILE *f_passwd, const char *user, oci_runtime_spec_process_user *puser,
static int proc_by_fpasswd(FILE *f_passwd, const char *user, defs_process_user *puser,
char **matched_username)
{
int ret = 0;
@ -659,7 +658,7 @@ static int append_additional_gids(gid_t gid, gid_t **additional_gids, size_t *le
return 0;
}
static int search_group_list(struct group *gbufp, const char *username, oci_runtime_spec_process_user *puser)
static int search_group_list(struct group *gbufp, const char *username, defs_process_user *puser)
{
char **username_list = gbufp->gr_mem;
while (username_list != NULL && *username_list != NULL) {
@ -694,7 +693,7 @@ static bool check_group_found(const char *group, const struct group *gbufp)
return false;
}
static int do_proc_by_froup(FILE *f_group, const char *group, oci_runtime_spec_process_user *puser,
static int do_proc_by_froup(FILE *f_group, const char *group, defs_process_user *puser,
const char *matched_username, int *groupcnt)
{
int errval = 0;
@ -729,7 +728,7 @@ static int do_proc_by_froup(FILE *f_group, const char *group, oci_runtime_spec_p
return 0;
}
static int proc_by_fgroup(FILE *f_group, const char *group, oci_runtime_spec_process_user *puser,
static int proc_by_fgroup(FILE *f_group, const char *group, defs_process_user *puser,
const char *matched_username)
{
int ret = 0;
@ -764,7 +763,7 @@ out:
return ret;
}
static int get_exec_user(const char *username, FILE *f_passwd, FILE *f_group, oci_runtime_spec_process_user *puser)
static int get_exec_user(const char *username, FILE *f_passwd, FILE *f_group, defs_process_user *puser)
{
int ret = 0;
char *tmp = NULL;
@ -831,7 +830,7 @@ static bool group_matched(const char *group, const struct group *gbufp)
}
static int get_one_additional_group(const char *additional_group, struct group *groups, size_t groups_len,
oci_runtime_spec_process_user *puser)
defs_process_user *puser)
{
int ret = 0;
int gret = -1;
@ -878,7 +877,7 @@ out:
int get_additional_groups(char **additional_groups, size_t additional_groups_len,
FILE *f_group, oci_runtime_spec_process_user *puser)
FILE *f_group, defs_process_user *puser)
{
int ret = 0;
size_t i;
@ -942,7 +941,7 @@ static int resolve_basefs(const char *basefs, char **resolved_basefs)
return 0;
}
int get_user(const char *basefs, const host_config *hc, const char *userstr, oci_runtime_spec_process_user *puser)
int get_user(const char *basefs, const host_config *hc, const char *userstr, defs_process_user *puser)
{
int ret = 0;
FILE *f_passwd = NULL;
@ -1002,46 +1001,9 @@ cleanup:
return ret;
}
static int make_sure_oci_spec_porcess_user(oci_runtime_spec *oci_spec)
{
int ret = 0;
ret = make_sure_oci_spec_process(oci_spec);
if (ret < 0) {
return -1;
}
if (oci_spec->process->user == NULL) {
oci_spec->process->user = util_common_calloc_s(sizeof(oci_runtime_spec_process_user));
if (oci_spec->process->user == NULL) {
return -1;
}
}
return 0;
}
int merge_user(const char *basefs, oci_runtime_spec *oci_spec, const host_config *hc, const char *user)
{
int ret = 0;
ret = make_sure_oci_spec_porcess_user(oci_spec);
if (ret < 0) {
goto out;
}
if (get_user(basefs, hc, user, oci_spec->process->user)) {
ERROR("Failed to get user with '%s'", user ? user : "");
ret = -1;
goto out;
}
out:
return ret;
}
char *oci_container_get_env(const oci_runtime_spec *oci_spec, const char *key)
{
const oci_runtime_spec_process *op = NULL;
const defs_process *op = NULL;
if (oci_spec == NULL) {
ERROR("nil oci_spec");
@ -1070,7 +1032,7 @@ int make_sure_oci_spec_linux(oci_runtime_spec *oci_spec)
int make_sure_oci_spec_process(oci_runtime_spec *oci_spec)
{
if (oci_spec->process == NULL) {
oci_spec->process = util_common_calloc_s(sizeof(oci_runtime_spec_process));
oci_spec->process = util_common_calloc_s(sizeof(defs_process));
if (oci_spec->process == NULL) {
return -1;
}
@ -1088,7 +1050,7 @@ int make_sure_oci_spec_linux_resources(oci_runtime_spec *oci_spec)
}
if (oci_spec->linux->resources == NULL) {
oci_spec->linux->resources = util_common_calloc_s(sizeof(oci_runtime_config_linux_resources));
oci_spec->linux->resources = util_common_calloc_s(sizeof(defs_resources));
if (oci_spec->linux->resources == NULL) {
return -1;
}
@ -1106,8 +1068,7 @@ int make_sure_oci_spec_linux_resources_blkio(oci_runtime_spec *oci_spec)
}
if (oci_spec->linux->resources->block_io == NULL) {
oci_spec->linux->resources->block_io =
util_common_calloc_s(sizeof(oci_runtime_config_linux_resources_block_io));
oci_spec->linux->resources->block_io = util_common_calloc_s(sizeof(defs_resources_block_io));
if (oci_spec->linux->resources->block_io == NULL) {
return -1;
}
@ -1119,21 +1080,21 @@ int merge_ulimits_pre(oci_runtime_spec *oci_spec, size_t host_ulimits_len)
{
int ret;
size_t new_size, old_size, tmp;
oci_runtime_spec_process_rlimits_element **rlimits_temp = NULL;
defs_process_rlimits_element **rlimits_temp = NULL;
ret = make_sure_oci_spec_process(oci_spec);
if (ret < 0) {
goto out;
}
tmp = SIZE_MAX / sizeof(oci_runtime_spec_process_rlimits_element *) - oci_spec->process->rlimits_len;
tmp = SIZE_MAX / sizeof(defs_process_rlimits_element *) - oci_spec->process->rlimits_len;
if (host_ulimits_len > tmp) {
ERROR("Too many rlimits to merge!");
ret = -1;
goto out;
}
old_size = oci_spec->process->rlimits_len * sizeof(oci_runtime_spec_process_rlimits_element *);
new_size = (oci_spec->process->rlimits_len + host_ulimits_len) * sizeof(oci_runtime_spec_process_rlimits_element *);
old_size = oci_spec->process->rlimits_len * sizeof(defs_process_rlimits_element *);
new_size = (oci_spec->process->rlimits_len + host_ulimits_len) * sizeof(defs_process_rlimits_element *);
ret = mem_realloc((void **)&rlimits_temp, new_size, oci_spec->process->rlimits, old_size);
if (ret != 0) {
ERROR("Failed to realloc memory for rlimits");
@ -1145,14 +1106,14 @@ out:
return ret;
}
int trans_ulimit_to_rlimit(oci_runtime_spec_process_rlimits_element **rlimit_dst,
int trans_ulimit_to_rlimit(defs_process_rlimits_element **rlimit_dst,
const host_config_ulimits_element *ulimit)
{
#define RLIMIT_PRE "RLIMIT_"
int ret = 0;
size_t j, namelen;
char *typename = NULL;
oci_runtime_spec_process_rlimits_element *rlimit = NULL;
defs_process_rlimits_element *rlimit = NULL;
// name + "RLIMIT_" + '\0'
if (strlen(ulimit->name) > ((SIZE_MAX - strlen(RLIMIT_PRE)) - 1)) {
@ -1173,7 +1134,7 @@ int trans_ulimit_to_rlimit(oci_runtime_spec_process_rlimits_element **rlimit_dst
typename[j + strlen(RLIMIT_PRE)] = (char)toupper((int)(ulimit->name[j]));
}
rlimit = util_common_calloc_s(sizeof(oci_runtime_spec_process_rlimits_element));
rlimit = util_common_calloc_s(sizeof(defs_process_rlimits_element));
if (rlimit == NULL) {
ERROR("Failed to malloc memory for rlimit");
ret = -1;
@ -1191,7 +1152,7 @@ out:
return ret;
}
static int do_merge_one_ulimit(const oci_runtime_spec *oci_spec, oci_runtime_spec_process_rlimits_element *rlimit)
static int do_merge_one_ulimit(const oci_runtime_spec *oci_spec, defs_process_rlimits_element *rlimit)
{
size_t j;
bool exists = false;
@ -1222,7 +1183,7 @@ static int do_merge_one_ulimit(const oci_runtime_spec *oci_spec, oci_runtime_spe
static int merge_one_ulimit(const oci_runtime_spec *oci_spec, const host_config_ulimits_element *ulimit)
{
oci_runtime_spec_process_rlimits_element *rlimit = NULL;
defs_process_rlimits_element *rlimit = NULL;
if (trans_ulimit_to_rlimit(&rlimit, ulimit) != 0) {
return -1;

7
src/services/execution/spec/specs_extend.h
View File

@ -18,7 +18,6 @@
#include <stdint.h>
#include "libisulad.h"
#include "host_config.h"
#include "container_custom_config.h"
#include "container_config_v2.h"
#include "oci_runtime_hooks.h"
#include "oci_runtime_spec.h"
@ -43,7 +42,7 @@ int merge_global_ulimit(oci_runtime_spec *oci_spec);
int merge_ulimits_pre(oci_runtime_spec *oci_spec, size_t host_ulimits_len);
int trans_ulimit_to_rlimit(oci_runtime_spec_process_rlimits_element **rlimit_dst,
int trans_ulimit_to_rlimit(defs_process_rlimits_element **rlimit_dst,
const host_config_ulimits_element *ulimit);
int make_userns_remap(oci_runtime_spec *container, const char *user_remap);
@ -52,11 +51,9 @@ int merge_env(oci_runtime_spec *oci_spec, const char **env, size_t env_len);
int merge_env_target_file(oci_runtime_spec *oci_spec, const char *env_target_file);
int merge_user(const char *basefs, oci_runtime_spec *oci_spec, const host_config *hc, const char *user);
char *oci_container_get_env(const oci_runtime_spec *oci_spec, const char *key);
int get_user(const char *basefs, const host_config *hc, const char *userstr, oci_runtime_spec_process_user *puser);
int get_user(const char *basefs, const host_config *hc, const char *userstr, defs_process_user *puser);
#if defined(__cplusplus) || defined(c_plusplus)
}

294
src/services/execution/spec/specs_mount.c
View File

@ -33,7 +33,6 @@
#include "oci_runtime_spec.h"
#include "oci_runtime_hooks.h"
#include "host_config.h"
#include "container_custom_config.h"
#include "utils.h"
#include "config.h"
#include "path.h"
@ -130,17 +129,17 @@ out:
return ret;
}
int adapt_settings_for_mounts(oci_runtime_spec *oci_spec, container_custom_config *custom_spec)
int adapt_settings_for_mounts(oci_runtime_spec *oci_spec, container_config *container_spec)
{
size_t i, array_str_len;
int ret = 0;
char **array_str = NULL;
if (custom_spec == NULL) {
if (container_spec == NULL) {
return -1;
}
array_str = util_string_split(custom_spec->ns_change_opt, ',');
array_str = util_string_split(container_spec->ns_change_opt, ',');
if (array_str == NULL) {
ERROR("Out of memory");
ret = -1;
@ -806,8 +805,8 @@ erro_out:
return NULL;
}
static int get_devices_from_path(const host_config_devices_element *dev_map, oci_runtime_defs_linux_device *spec_dev,
oci_runtime_defs_linux_device_cgroup *spec_dev_cgroup)
static int get_devices_from_path(const host_config_devices_element *dev_map, defs_device *spec_dev,
defs_device_cgroup *spec_dev_cgroup)
{
int ret = 0;
struct stat st;
@ -860,22 +859,22 @@ static int get_devices_from_path(const host_config_devices_element *dev_map, oci
return 0;
}
static int merge_custom_device(oci_runtime_defs_linux_device **out_spec_dev,
oci_runtime_defs_linux_device_cgroup **out_spec_dev_cgroup,
static int merge_custom_device(defs_device **out_spec_dev,
defs_device_cgroup **out_spec_dev_cgroup,
const host_config_devices_element *dev_map)
{
int ret = 0;
oci_runtime_defs_linux_device *spec_dev = NULL;
oci_runtime_defs_linux_device_cgroup *spec_dev_cgroup = NULL;
defs_device *spec_dev = NULL;
defs_device_cgroup *spec_dev_cgroup = NULL;
spec_dev = util_common_calloc_s(sizeof(oci_runtime_defs_linux_device));
spec_dev = util_common_calloc_s(sizeof(defs_device));
if (spec_dev == NULL) {
ERROR("Memory out");
ret = -1;
goto erro_out;
}
spec_dev_cgroup = util_common_calloc_s(sizeof(oci_runtime_defs_linux_device_cgroup));
spec_dev_cgroup = util_common_calloc_s(sizeof(defs_device_cgroup));
if (spec_dev_cgroup == NULL) {
ERROR("Memory out");
ret = -1;
@ -894,14 +893,14 @@ static int merge_custom_device(oci_runtime_defs_linux_device **out_spec_dev,
goto out;
erro_out:
free_oci_runtime_defs_linux_device(spec_dev);
free_oci_runtime_defs_linux_device_cgroup(spec_dev_cgroup);
free_defs_device(spec_dev);
free_defs_device_cgroup(spec_dev_cgroup);
out:
return ret;
}
static int get_weight_devices_from_path(const host_config_blkio_weight_device_element *weight_dev,
oci_runtime_defs_linux_block_io_device_weight *spec_weight_dev)
defs_block_io_device_weight *spec_weight_dev)
{
int ret = 0;
struct stat st;
@ -929,13 +928,13 @@ static int get_weight_devices_from_path(const host_config_blkio_weight_device_el
return 0;
}
static int merge_host_config_blk_weight_device(oci_runtime_defs_linux_block_io_device_weight **out_spec_weight_dev,
static int merge_host_config_blk_weight_device(defs_block_io_device_weight **out_spec_weight_dev,
const host_config_blkio_weight_device_element *weight_dev)
{
int ret = 0;
oci_runtime_defs_linux_block_io_device_weight *spec_weight_dev = NULL;
defs_block_io_device_weight *spec_weight_dev = NULL;
spec_weight_dev = util_common_calloc_s(sizeof(oci_runtime_defs_linux_block_io_device_weight));
spec_weight_dev = util_common_calloc_s(sizeof(defs_block_io_device_weight));
if (spec_weight_dev == NULL) {
ERROR("Memory out");
ret = -1;
@ -953,14 +952,14 @@ static int merge_host_config_blk_weight_device(oci_runtime_defs_linux_block_io_d
goto out;
erro_out:
free_oci_runtime_defs_linux_block_io_device_weight(spec_weight_dev);
free_defs_block_io_device_weight(spec_weight_dev);
out:
return ret;
}
static int get_read_bps_devices_from_path(const host_config_blkio_device_read_bps_element *read_bps_dev,
oci_runtime_defs_linux_block_io_device_throttle *spec_read_bps_dev)
defs_block_io_device_throttle *spec_read_bps_dev)
{
int ret = 0;
struct stat st;
@ -985,13 +984,13 @@ static int get_read_bps_devices_from_path(const host_config_blkio_device_read_bp
}
static int merge_host_config_blk_read_bps_device(
oci_runtime_defs_linux_block_io_device_throttle **out_spec_read_bps_dev,
defs_block_io_device_throttle **out_spec_read_bps_dev,
const host_config_blkio_device_read_bps_element *blkio_device_read_bps)
{
int ret = 0;
oci_runtime_defs_linux_block_io_device_throttle *spec_read_bps_dev = NULL;
defs_block_io_device_throttle *spec_read_bps_dev = NULL;
spec_read_bps_dev = util_common_calloc_s(sizeof(oci_runtime_defs_linux_block_io_device_throttle));
spec_read_bps_dev = util_common_calloc_s(sizeof(defs_block_io_device_throttle));
if (spec_read_bps_dev == NULL) {
ERROR("Memory out");
ret = -1;
@ -1009,14 +1008,14 @@ static int merge_host_config_blk_read_bps_device(
goto out;
erro_out:
free_oci_runtime_defs_linux_block_io_device_throttle(spec_read_bps_dev);
free_defs_block_io_device_throttle(spec_read_bps_dev);
out:
return ret;
}
static int get_write_bps_devices_from_path(const host_config_blkio_device_write_bps_element *write_bps_dev,
oci_runtime_defs_linux_block_io_device_throttle *spec_write_bps_dev)
defs_block_io_device_throttle *spec_write_bps_dev)
{
int ret = 0;
struct stat st;
@ -1041,13 +1040,13 @@ static int get_write_bps_devices_from_path(const host_config_blkio_device_write_
}
static int merge_host_config_blk_write_bps_device(
oci_runtime_defs_linux_block_io_device_throttle **out_spec_write_bps_dev,
defs_block_io_device_throttle **out_spec_write_bps_dev,
const host_config_blkio_device_write_bps_element *blkio_device_write_bps)
{
int ret = 0;
oci_runtime_defs_linux_block_io_device_throttle *spec_write_bps_dev = NULL;
defs_block_io_device_throttle *spec_write_bps_dev = NULL;
spec_write_bps_dev = util_common_calloc_s(sizeof(oci_runtime_defs_linux_block_io_device_throttle));
spec_write_bps_dev = util_common_calloc_s(sizeof(defs_block_io_device_throttle));
if (spec_write_bps_dev == NULL) {
ERROR("Memory out");
ret = -1;
@ -1065,7 +1064,7 @@ static int merge_host_config_blk_write_bps_device(
goto out;
erro_out:
free_oci_runtime_defs_linux_block_io_device_throttle(spec_write_bps_dev);
free_defs_block_io_device_throttle(spec_write_bps_dev);
out:
return ret;
@ -1077,7 +1076,7 @@ static int merge_all_devices(oci_runtime_spec *oci_spec, host_config_devices_ele
int ret = 0;
size_t new_size = 0, old_size = 0;
size_t i = 0;
oci_runtime_defs_linux_device **spec_dev = NULL;
defs_device **spec_dev = NULL;
ret = make_sure_oci_spec_linux_resources(oci_spec);
if (ret < 0) {
@ -1091,8 +1090,8 @@ static int merge_all_devices(oci_runtime_spec *oci_spec, host_config_devices_ele
ret = -1;
goto out;
}
new_size = (oci_spec->linux->devices_len + devices_len) * sizeof(oci_runtime_defs_linux_device *);
old_size = oci_spec->linux->devices_len * sizeof(oci_runtime_defs_linux_device *);
new_size = (oci_spec->linux->devices_len + devices_len) * sizeof(defs_device *);
old_size = oci_spec->linux->devices_len * sizeof(defs_device *);
ret = mem_realloc((void **)&spec_dev, new_size, oci_spec->linux->devices, old_size);
if (ret != 0) {
ERROR("Out of memory");
@ -1102,16 +1101,16 @@ static int merge_all_devices(oci_runtime_spec *oci_spec, host_config_devices_ele
oci_spec->linux->devices = spec_dev;
/* malloc for cgroup->device */
oci_runtime_defs_linux_device_cgroup **spec_cgroup_dev = NULL;
if (devices_len > SIZE_MAX / sizeof(oci_runtime_defs_linux_device_cgroup *) -
defs_device_cgroup **spec_cgroup_dev = NULL;
if (devices_len > SIZE_MAX / sizeof(defs_device_cgroup *) -
oci_spec->linux->resources->devices_len) {
ERROR("Too many cgroup devices to merge!");
ret = -1;
goto out;
}
new_size = (oci_spec->linux->resources->devices_len + devices_len)
* sizeof(oci_runtime_defs_linux_device_cgroup *);
old_size = oci_spec->linux->resources->devices_len * sizeof(oci_runtime_defs_linux_device_cgroup *);
* sizeof(defs_device_cgroup *);
old_size = oci_spec->linux->resources->devices_len * sizeof(defs_device_cgroup *);
ret = mem_realloc((void **)&spec_cgroup_dev, new_size, oci_spec->linux->resources->devices, old_size);
if (ret != 0) {
ERROR("Out of memory");
@ -1243,8 +1242,8 @@ int merge_all_devices_and_all_permission(oci_runtime_spec *oci_spec)
{
int ret = 0;
size_t i = 0;
oci_runtime_config_linux_resources *ptr = NULL;
oci_runtime_defs_linux_device_cgroup *spec_dev_cgroup = NULL;
defs_resources *ptr = NULL;
defs_device_cgroup *spec_dev_cgroup = NULL;
ret = merge_all_devices_in_dir("/dev", NULL, NULL, oci_spec);
if (ret != 0) {
@ -1261,7 +1260,7 @@ int merge_all_devices_and_all_permission(oci_runtime_spec *oci_spec)
ptr = oci_spec->linux->resources;
if (ptr->devices != NULL) {
for (i = 0; i < ptr->devices_len; i++) {
free_oci_runtime_defs_linux_device_cgroup(ptr->devices[i]);
free_defs_device_cgroup(ptr->devices[i]);
ptr->devices[i] = NULL;
}
free(ptr->devices);
@ -1269,7 +1268,7 @@ int merge_all_devices_and_all_permission(oci_runtime_spec *oci_spec)
ptr->devices_len = 0;
}
ptr->devices = util_common_calloc_s(sizeof(oci_runtime_defs_linux_device_cgroup *));
ptr->devices = util_common_calloc_s(sizeof(defs_device_cgroup *));
if (ptr->devices == NULL) {
ret = -1;
goto out;
@ -1277,7 +1276,7 @@ int merge_all_devices_and_all_permission(oci_runtime_spec *oci_spec)
ptr->devices_len = 1;
spec_dev_cgroup = util_common_calloc_s(sizeof(oci_runtime_defs_linux_device_cgroup));
spec_dev_cgroup = util_common_calloc_s(sizeof(defs_device_cgroup));
if (spec_dev_cgroup == NULL) {
ret = -1;
goto out;
@ -1498,14 +1497,14 @@ static int merge_custom_one_device(oci_runtime_spec *oci_spec, const host_config
}
/* malloc for linux->device */
oci_runtime_defs_linux_device **spec_dev = NULL;
if (oci_spec->linux->devices_len > SIZE_MAX / sizeof(oci_runtime_defs_linux_device *) - 1) {
defs_device **spec_dev = NULL;
if (oci_spec->linux->devices_len > SIZE_MAX / sizeof(defs_device *) - 1) {
ERROR("Too many linux devices to merge!");
ret = -1;
goto out;
}
new_size = (oci_spec->linux->devices_len + 1) * sizeof(oci_runtime_defs_linux_device *);
old_size = new_size - sizeof(oci_runtime_defs_linux_device *);
new_size = (oci_spec->linux->devices_len + 1) * sizeof(defs_device *);
old_size = new_size - sizeof(defs_device *);
ret = mem_realloc((void **)&spec_dev, new_size, oci_spec->linux->devices, old_size);
if (ret != 0) {
ERROR("Failed to realloc memory for devices");
@ -1516,14 +1515,14 @@ static int merge_custom_one_device(oci_runtime_spec *oci_spec, const host_config
oci_spec->linux->devices = spec_dev;
/* malloc for cgroup->device */
oci_runtime_defs_linux_device_cgroup **spec_cgroup_dev = NULL;
if (oci_spec->linux->resources->devices_len > SIZE_MAX / sizeof(oci_runtime_defs_linux_device_cgroup *) - 1) {
defs_device_cgroup **spec_cgroup_dev = NULL;
if (oci_spec->linux->resources->devices_len > SIZE_MAX / sizeof(defs_device_cgroup *) - 1) {
ERROR("Too many cgroup devices to merge!");
ret = -1;
goto out;
}
new_size = (oci_spec->linux->resources->devices_len + 1) * sizeof(oci_runtime_defs_linux_device_cgroup *);
old_size = new_size - sizeof(oci_runtime_defs_linux_device_cgroup *);
new_size = (oci_spec->linux->resources->devices_len + 1) * sizeof(defs_device_cgroup *);
old_size = new_size - sizeof(defs_device_cgroup *);
ret = mem_realloc((void **)&spec_cgroup_dev, new_size, oci_spec->linux->resources->devices, old_size);
if (ret != 0) {
ERROR("Failed to realloc memory for cgroup devices");
@ -1597,7 +1596,7 @@ static int merge_blkio_weight_device(oci_runtime_spec *oci_spec,
size_t new_size = 0;
size_t old_size = 0;
size_t i = 0;
oci_runtime_defs_linux_block_io_device_weight **weight_device = NULL;
defs_block_io_device_weight **weight_device = NULL;
ret = make_sure_oci_spec_linux_resources_blkio(oci_spec);
if (ret < 0) {
@ -1612,9 +1611,9 @@ static int merge_blkio_weight_device(oci_runtime_spec *oci_spec,
}
new_size = (oci_spec->linux->resources->block_io->weight_device_len + blkio_weight_device_len)
* sizeof(oci_runtime_defs_linux_block_io_device_weight *);
* sizeof(defs_block_io_device_weight *);
old_size = oci_spec->linux->resources->block_io->weight_device_len *
sizeof(oci_runtime_defs_linux_block_io_device_weight *);
sizeof(defs_block_io_device_weight *);
ret = mem_realloc((void **)&weight_device, new_size, oci_spec->linux->resources->block_io->weight_device,
old_size);
if (ret != 0) {
@ -1649,7 +1648,7 @@ static int merge_blkio_read_bps_device(oci_runtime_spec *oci_spec,
size_t new_size = 0;
size_t old_size = 0;
size_t i = 0;
oci_runtime_defs_linux_block_io_device_throttle **throttle_read_bps_device = NULL;
defs_block_io_device_throttle **throttle_read_bps_device = NULL;
ret = make_sure_oci_spec_linux_resources_blkio(oci_spec);
if (ret < 0) {
@ -1666,9 +1665,9 @@ static int merge_blkio_read_bps_device(oci_runtime_spec *oci_spec,
}
new_size = (oci_spec->linux->resources->block_io->throttle_read_bps_device_len + throttle_read_bps_device_len)
* sizeof(oci_runtime_defs_linux_block_io_device_throttle *);
* sizeof(defs_block_io_device_throttle *);
old_size = oci_spec->linux->resources->block_io->throttle_read_bps_device_len *
sizeof(oci_runtime_defs_linux_block_io_device_throttle *);
sizeof(defs_block_io_device_throttle *);
ret = mem_realloc((void **)&throttle_read_bps_device, new_size,
oci_spec->linux->resources->block_io->throttle_read_bps_device, old_size);
if (ret != 0) {
@ -1702,7 +1701,7 @@ static int merge_blkio_write_bps_device(oci_runtime_spec *oci_spec,
size_t new_size = 0;
size_t old_size = 0;
size_t i = 0;
oci_runtime_defs_linux_block_io_device_throttle **throttle_write_bps_device = NULL;
defs_block_io_device_throttle **throttle_write_bps_device = NULL;
ret = make_sure_oci_spec_linux_resources_blkio(oci_spec);
if (ret < 0) {
@ -1719,9 +1718,9 @@ static int merge_blkio_write_bps_device(oci_runtime_spec *oci_spec,
}
new_size = (oci_spec->linux->resources->block_io->throttle_write_bps_device_len + throttle_write_bps_device_len)
* sizeof(oci_runtime_defs_linux_block_io_device_throttle *);
* sizeof(defs_block_io_device_throttle *);
old_size = oci_spec->linux->resources->block_io->throttle_write_bps_device_len *
sizeof(oci_runtime_defs_linux_block_io_device_throttle *);
sizeof(defs_block_io_device_throttle *);
ret = mem_realloc((void **)&throttle_write_bps_device, new_size,
oci_spec->linux->resources->block_io->throttle_write_bps_device, old_size);
if (ret != 0) {
@ -1957,35 +1956,68 @@ static int change_dev_shm_size(oci_runtime_spec *oci_spec, int64_t shm_size)
return -1;
}
static int merge_volumes_to_mount(oci_runtime_spec *oci_spec, host_config *host_spec,
container_config_v2_common_config *common_config)
static inline bool is_mount_destination_hosts(const char *destination)
{
return strcmp(destination, "/etc/hosts") == 0;
}
static inline bool is_mount_destination_resolv(const char *destination)
{
return strcmp(destination, "/etc/resolv.conf") == 0;
}
static inline bool is_mount_destination_hostname(const char *destination)
{
return strcmp(destination, "/etc/hostname") == 0;
}
/* find whether mount entry with destination "/etc/hostname" "/etc/hosts" "/etc/resolv.conf" exits in mount
* if not exists: append mounts to ocispec by v2_spec
* if exists: replace the source in v2_spec
*/
static int append_network_files_mounts(oci_runtime_spec *oci_spec, container_config_v2_common_config *v2_spec)
{
int ret = 0;
size_t i = 0;
bool has_hosts_mount = false;
bool has_resolv_mount = false;
bool has_hostname_mount = false;
if (host_spec->binds != NULL && host_spec->binds_len) {
ret = merge_volumes(oci_spec, host_spec->binds,
host_spec->binds_len, common_config,
parse_volume);
if (ret) {
ERROR("Failed to merge volumes");
goto out;
for (i = 0; i < oci_spec->mounts_len; i++) {
if (is_mount_destination_hosts(oci_spec->mounts[i]->destination)) {
has_hosts_mount = true;
free(v2_spec->hosts_path);
v2_spec->hosts_path = util_strdup_s(oci_spec->mounts[i]->source);
}
if (is_mount_destination_resolv(oci_spec->mounts[i]->destination)) {
has_resolv_mount = true;
free(v2_spec->resolv_conf_path);
v2_spec->resolv_conf_path = util_strdup_s(oci_spec->mounts[i]->source);
}
if (is_mount_destination_hostname(oci_spec->mounts[i]->destination)) {
has_hostname_mount = true;
free(v2_spec->hostname_path);
v2_spec->hostname_path = util_strdup_s(oci_spec->mounts[i]->source);
}
}
out:
return ret;
}
static int merge_host_channel_to_mount(oci_runtime_spec *oci_spec, host_config *host_spec)
{
int ret = 0;
if (host_spec->host_channel == NULL) {
return 0;
/* add network config files */
if (!has_hosts_mount && !mount_file(oci_spec, v2_spec->hosts_path, ETC_HOSTS)) {
ERROR("Merge hosts mount failed");
ret = -1;
goto out;
}
if (!has_resolv_mount &&
!mount_file(oci_spec, v2_spec->resolv_conf_path, RESOLV_CONF_PATH)) {
ERROR("Merge resolv.conf mount failed");
ret = -1;
goto out;
}
if (!add_host_channel_mount(oci_spec, host_spec->host_channel)) {
ERROR("Failed to merge host channel mount");
if (!has_hostname_mount &&
!mount_file(oci_spec, v2_spec->hostname_path, ETC_HOSTNAME)) {
ERROR("Merge hostname mount failed");
ret = -1;
goto out;
}
@ -1994,14 +2026,35 @@ out:
return ret;
}
static int merge_mounts_to_mount_filesystem(oci_runtime_spec *oci_spec, container_custom_config *custom_spec,
host_config *host_spec, container_config_v2_common_config *common_config)
int merge_conf_mounts(oci_runtime_spec *oci_spec, host_config *host_spec,
container_config_v2_common_config *v2_spec)
{
int ret = 0;
container_config *container_spec = v2_spec->config;
if (custom_spec->mounts && custom_spec->mounts_len) {
ret = merge_volumes(oci_spec, custom_spec->mounts,
custom_spec->mounts_len, common_config,
/* volumes to mount */
if (host_spec->binds != NULL && host_spec->binds_len) {
ret = merge_volumes(oci_spec, host_spec->binds,
host_spec->binds_len, v2_spec,
parse_volume);
if (ret) {
ERROR("Failed to merge volumes");
goto out;
}
}
/* host channel to mount */
if (host_spec->host_channel != NULL) {
if (!add_host_channel_mount(oci_spec, host_spec->host_channel)) {
ERROR("Failed to merge host channel mount");
goto out;
}
}
/* mounts to mount filesystem */
if (container_spec->mounts && container_spec->mounts_len) {
ret = merge_volumes(oci_spec, container_spec->mounts,
container_spec->mounts_len, v2_spec,
parse_mount);
if (ret) {
ERROR("Failed to merge mounts");
@ -2009,14 +2062,6 @@ static int merge_mounts_to_mount_filesystem(oci_runtime_spec *oci_spec, containe
}
}
out:
return ret;
}
static int merge_shm_size(oci_runtime_spec *oci_spec, host_config *host_spec)
{
int ret = 0;
if (host_spec->shm_size >= 0) {
if (host_spec->shm_size == 0) {
host_spec->shm_size = DEFAULT_SHM_SIZE;
@ -2029,26 +2074,10 @@ static int merge_shm_size(oci_runtime_spec *oci_spec, host_config *host_spec)
}
}
out:
return ret;
}
static int merge_network_config_files(oci_runtime_spec *oci_spec, host_config *host_spec,
container_config_v2_common_config *common_config)
{
int ret = 0;
if (is_container(host_spec->network_mode)) {
/* add network config files */
if (common_config->hosts_path != NULL && !mount_file(oci_spec, common_config->hosts_path, ETC_HOSTS)) {
ERROR("Merge hosts mount failed");
ret = -1;
goto out;
}
if (common_config->resolv_conf_path != NULL &&
!mount_file(oci_spec, common_config->resolv_conf_path, RESOLV_CONF_PATH)) {
ERROR("Merge resolv.conf mount failed");
ret = -1;
if (!host_spec->system_container) {
ret = append_network_files_mounts(oci_spec, v2_spec);
if (ret) {
ERROR("Failed to append network mounts");
goto out;
}
}
@ -2057,44 +2086,7 @@ out:
return ret;
}
int merge_conf_mounts(oci_runtime_spec *oci_spec, container_custom_config *custom_spec, host_config *host_spec,
container_config_v2_common_config *common_config)
{
int ret = 0;
/* volumes to mount */
ret = merge_volumes_to_mount(oci_spec, host_spec, common_config);
if (ret != 0) {
goto out;
}
/* host channel to mount */
if (merge_host_channel_to_mount(oci_spec, host_spec) != 0) {
ret = -1;
goto out;
}
/* mounts to mount filesystem */
if (merge_mounts_to_mount_filesystem(oci_spec, custom_spec, host_spec, common_config) != 0) {
ret = -1;
goto out;
}
if (merge_shm_size(oci_spec, host_spec) != 0) {
ret = -1;
goto out;
}
if (merge_network_config_files(oci_spec, host_spec, common_config) != 0) {
ret = -1;
goto out;
}
out:
return ret;
}
int add_rootfs_mount(const oci_runtime_spec *container)
int add_rootfs_mount(const container_config *container_spec)
{
int ret = 0;
char *mntparent = NULL;
@ -2105,7 +2097,7 @@ int add_rootfs_mount(const oci_runtime_spec *container)
ret = -1;
goto out;
}
if (append_json_map_string_string(container->annotations, "rootfs.mount", mntparent)) {
if (append_json_map_string_string(container_spec->annotations, "rootfs.mount", mntparent)) {
ERROR("Realloc annotatinons failed");
ret = -1;
goto out;

7
src/services/execution/spec/specs_mount.h
View File

@ -18,12 +18,11 @@
#include <stdint.h>
#include "libisulad.h"
#include "host_config.h"
#include "container_custom_config.h"
#include "container_config_v2.h"
#include "oci_runtime_hooks.h"
#include "oci_runtime_spec.h"
int adapt_settings_for_mounts(oci_runtime_spec *oci_spec, container_custom_config *custom_spec);
int adapt_settings_for_mounts(oci_runtime_spec *oci_spec, container_config *container_spec);
typedef defs_mount *(*parse_mount_cb)(const char *mount);
@ -35,10 +34,10 @@ defs_mount *parse_mount(const char *mount);
defs_mount *parse_volume(const char *volume);
int merge_conf_mounts(oci_runtime_spec *oci_spec, container_custom_config *custom_spec, host_config *host_spec,
int merge_conf_mounts(oci_runtime_spec *oci_spec, host_config *host_spec,
container_config_v2_common_config *common_config);
int add_rootfs_mount(const oci_runtime_spec *container);
int add_rootfs_mount(const container_config *container_spec);
int set_mounts_readwrite_option(const oci_runtime_spec *oci_spec);

71
src/services/execution/spec/specs_security.c
View File

@ -37,7 +37,6 @@
#include "oci_runtime_spec.h"
#include "docker_seccomp.h"
#include "host_config.h"
#include "container_custom_config.h"
#include "utils.h"
#include "config.h"
#include "isulad_config.h"
@ -285,14 +284,14 @@ free_out:
return ret;
}
int refill_oci_process_capabilities(oci_runtime_spec_process_capabilities **caps, const char **src_caps,
int refill_oci_process_capabilities(defs_process_capabilities **caps, const char **src_caps,
size_t src_caps_len)
{
int ret = 0;
size_t i = 0;
if (*caps == NULL) {
*caps = util_common_calloc_s(sizeof(oci_runtime_spec_process_capabilities));
*caps = util_common_calloc_s(sizeof(defs_process_capabilities));
if (*caps == NULL) {
ret = -1;
goto out;
@ -383,7 +382,7 @@ static bool is_arch_in_seccomp(const docker_seccomp *seccomp, const char *arch)
return false;
}
static bool is_cap_in_seccomp(const oci_runtime_spec_process_capabilities *capabilites, const char *cap)
static bool is_cap_in_seccomp(const defs_process_capabilities *capabilites, const char *cap)
{
size_t i = 0;
@ -400,7 +399,7 @@ static bool is_cap_in_seccomp(const oci_runtime_spec_process_capabilities *capab
}
static void meet_include(const docker_seccomp *seccomp, const docker_seccomp_syscalls_element *syscall,
const oci_runtime_spec_process_capabilities *capabilites, bool *meet_include_arch,
const defs_process_capabilities *capabilites, bool *meet_include_arch,
bool *meet_include_cap)
{
size_t i;
@ -433,7 +432,7 @@ static void meet_include(const docker_seccomp *seccomp, const docker_seccomp_sys
}
static void meet_exclude(const docker_seccomp *seccomp, const docker_seccomp_syscalls_element *syscall,
const oci_runtime_spec_process_capabilities *capabilites, bool *meet_exclude_arch,
const defs_process_capabilities *capabilites, bool *meet_exclude_arch,
bool *meet_exclude_cap)
{
size_t i;
@ -467,7 +466,7 @@ static void meet_exclude(const docker_seccomp *seccomp, const docker_seccomp_sys
}
static bool meet_filtering_rules(const docker_seccomp *seccomp, const docker_seccomp_syscalls_element *syscall,
const oci_runtime_spec_process_capabilities *capabilites)
const defs_process_capabilities *capabilites)
{
bool meet_include_arch = false;
bool meet_include_cap = false;
@ -520,7 +519,7 @@ static int dup_architectures_to_oci_spec(const docker_seccomp *docker_seccomp_sp
}
static int dup_syscall_args_to_oci_spec(const docker_seccomp_syscalls_element *docker_syscall,
oci_runtime_defs_linux_syscall *oci_syscall)
defs_syscall *oci_syscall)
{
size_t i = 0;
@ -528,20 +527,20 @@ static int dup_syscall_args_to_oci_spec(const docker_seccomp_syscalls_element *d
return 0;
}
if (docker_syscall->args_len > (SIZE_MAX / sizeof(oci_runtime_defs_linux_syscall_arg *))) {
if (docker_syscall->args_len > (SIZE_MAX / sizeof(defs_syscall_arg *))) {
return -1;
}
oci_syscall->args = util_common_calloc_s(docker_syscall->args_len * sizeof(oci_runtime_defs_linux_syscall_arg *));
oci_syscall->args = util_common_calloc_s(docker_syscall->args_len * sizeof(defs_syscall_arg *));
if (oci_syscall->args == NULL) {
return -1;
}
for (i = 0; i < docker_syscall->args_len; i++) {
oci_syscall->args[i] = util_common_calloc_s(sizeof(oci_runtime_defs_linux_syscall_arg));
oci_syscall->args[i] = util_common_calloc_s(sizeof(defs_syscall_arg));
if (oci_syscall->args[i] == NULL) {
return -1;
}
oci_runtime_defs_linux_syscall_arg *args_element = oci_syscall->args[i];
defs_syscall_arg *args_element = oci_syscall->args[i];
args_element->index = docker_syscall->args[i]->index;
args_element->value = docker_syscall->args[i]->value;
args_element->value_two = docker_syscall->args[i]->value_two;
@ -554,23 +553,23 @@ static int dup_syscall_args_to_oci_spec(const docker_seccomp_syscalls_element *d
static int dup_syscall_to_oci_spec(const docker_seccomp *docker_seccomp_spec,
oci_runtime_config_linux_seccomp *oci_seccomp_spec,
const oci_runtime_spec_process_capabilities *capabilites)
const defs_process_capabilities *capabilites)
{
int ret = 0;
size_t i, j, k;
size_t new_size, old_size;
oci_runtime_defs_linux_syscall **tmp_syscalls = NULL;
defs_syscall **tmp_syscalls = NULL;
if (docker_seccomp_spec->syscalls_len == 0) {
return 0;
}
if (docker_seccomp_spec->syscalls_len > (SIZE_MAX / sizeof(oci_runtime_defs_linux_syscall *))) {
if (docker_seccomp_spec->syscalls_len > (SIZE_MAX / sizeof(defs_syscall *))) {
return -1;
}
oci_seccomp_spec->syscalls =
util_common_calloc_s(docker_seccomp_spec->syscalls_len * sizeof(oci_runtime_defs_linux_syscall *));
util_common_calloc_s(docker_seccomp_spec->syscalls_len * sizeof(defs_syscall *));
if (oci_seccomp_spec->syscalls == NULL) {
return -1;
}
@ -579,7 +578,7 @@ static int dup_syscall_to_oci_spec(const docker_seccomp *docker_seccomp_spec,
continue;
}
k = oci_seccomp_spec->syscalls_len;
oci_seccomp_spec->syscalls[k] = util_common_calloc_s(sizeof(oci_runtime_defs_linux_syscall));
oci_seccomp_spec->syscalls[k] = util_common_calloc_s(sizeof(defs_syscall));
if (oci_seccomp_spec->syscalls[k] == NULL) {
return -1;
}
@ -604,8 +603,8 @@ static int dup_syscall_to_oci_spec(const docker_seccomp *docker_seccomp_spec,
}
}
new_size = sizeof(oci_runtime_defs_linux_syscall *) * oci_seccomp_spec->syscalls_len;
old_size = sizeof(oci_runtime_defs_linux_syscall *) * docker_seccomp_spec->syscalls_len;
new_size = sizeof(defs_syscall *) * oci_seccomp_spec->syscalls_len;
old_size = sizeof(defs_syscall *) * docker_seccomp_spec->syscalls_len;
ret = mem_realloc((void **)&tmp_syscalls, new_size, oci_seccomp_spec->syscalls, old_size);
if (ret < 0) {
ERROR("Out of memory");
@ -617,7 +616,7 @@ static int dup_syscall_to_oci_spec(const docker_seccomp *docker_seccomp_spec,
}
static oci_runtime_config_linux_seccomp *trans_docker_seccomp_to_oci_format(
const docker_seccomp *docker_seccomp_spec, const oci_runtime_spec_process_capabilities *capabilites)
const docker_seccomp *docker_seccomp_spec, const defs_process_capabilities *capabilites)
{
oci_runtime_config_linux_seccomp *oci_seccomp_spec = NULL;
@ -650,7 +649,7 @@ done:
return oci_seccomp_spec;
}
int merge_default_seccomp_spec(oci_runtime_spec *oci_spec, const oci_runtime_spec_process_capabilities *capabilites)
int merge_default_seccomp_spec(oci_runtime_spec *oci_spec, const defs_process_capabilities *capabilites)
{
oci_runtime_config_linux_seccomp *oci_seccomp_spec = NULL;
docker_seccomp *docker_seccomp_spec = NULL;
@ -679,21 +678,21 @@ int merge_default_seccomp_spec(oci_runtime_spec *oci_spec, const oci_runtime_spe
}
static int append_systemcall_to_seccomp(oci_runtime_config_linux_seccomp *seccomp,
oci_runtime_defs_linux_syscall *element)
defs_syscall *element)
{
int nret = 0;
size_t old_size, new_size;
oci_runtime_defs_linux_syscall **tmp_syscalls = NULL;
defs_syscall **tmp_syscalls = NULL;
if (seccomp == NULL || element == NULL) {
return -1;
}
if (seccomp->syscalls_len > SIZE_MAX / sizeof(oci_runtime_defs_linux_syscall *) - 1) {
if (seccomp->syscalls_len > SIZE_MAX / sizeof(defs_syscall *) - 1) {
CRIT("Too many syscalls to append!");
return -1;
}
new_size = (seccomp->syscalls_len + 1) * sizeof(oci_runtime_defs_linux_syscall *);
old_size = new_size - sizeof(oci_runtime_defs_linux_syscall *);
new_size = (seccomp->syscalls_len + 1) * sizeof(defs_syscall *);
old_size = new_size - sizeof(defs_syscall *);
nret = mem_realloc((void **)&tmp_syscalls, new_size, seccomp->syscalls, old_size);
if (nret < 0) {
CRIT("Memory allocation error.");
@ -705,13 +704,13 @@ static int append_systemcall_to_seccomp(oci_runtime_config_linux_seccomp *seccom
return 0;
}
static oci_runtime_defs_linux_syscall *make_seccomp_syscalls_element(const char **names, size_t names_len,
const char *action, size_t args_len,
oci_runtime_defs_linux_syscall_arg **args)
static defs_syscall *make_seccomp_syscalls_element(const char **names, size_t names_len,
const char *action, size_t args_len,
defs_syscall_arg **args)
{
size_t i = 0;
oci_runtime_defs_linux_syscall *ret = NULL;
ret = util_common_calloc_s(sizeof(oci_runtime_defs_linux_syscall));
defs_syscall *ret = NULL;
ret = util_common_calloc_s(sizeof(defs_syscall));
if (ret == NULL) {
CRIT("Memory allocation error.");
goto out;
@ -719,17 +718,17 @@ static oci_runtime_defs_linux_syscall *make_seccomp_syscalls_element(const char
ret->action = util_strdup_s(action ? action : "");
ret->args_len = args_len;
if (args_len) {
if (args_len > SIZE_MAX / sizeof(oci_runtime_defs_linux_syscall_arg *)) {
if (args_len > SIZE_MAX / sizeof(defs_syscall_arg *)) {
CRIT("Too many seccomp syscalls!");
goto out;
}
ret->args = util_common_calloc_s(args_len * sizeof(oci_runtime_defs_linux_syscall_arg *));
ret->args = util_common_calloc_s(args_len * sizeof(defs_syscall_arg *));
if (ret->args == NULL) {
CRIT("Memory allocation error.");
goto out;
}
for (i = 0; i < args_len; i++) {
ret->args[i] = util_common_calloc_s(sizeof(oci_runtime_defs_linux_syscall_arg));
ret->args[i] = util_common_calloc_s(sizeof(defs_syscall_arg));
if (ret->args[i] == NULL) {
CRIT("Memory allocation error.");
goto out;
@ -758,7 +757,7 @@ static oci_runtime_defs_linux_syscall *make_seccomp_syscalls_element(const char
return ret;
out:
free_oci_runtime_defs_linux_syscall(ret);
free_defs_syscall(ret);
ret = NULL;
return ret;
}
@ -771,7 +770,7 @@ static int make_sure_oci_spec_process_capabilities(oci_runtime_spec *oci_spec)
}
if (oci_spec->process->capabilities == NULL) {
oci_spec->process->capabilities = util_common_calloc_s(sizeof(oci_runtime_spec_process_capabilities));
oci_spec->process->capabilities = util_common_calloc_s(sizeof(defs_process_capabilities));
if (oci_spec->process->capabilities == NULL) {
return -1;
}

5
src/services/execution/spec/specs_security.h
View File

@ -18,14 +18,13 @@
#include <stdint.h>
#include "libisulad.h"
#include "host_config.h"
#include "container_custom_config.h"
#include "container_config_v2.h"
#include "oci_runtime_spec.h"
int merge_default_seccomp_spec(oci_runtime_spec *oci_spec,
const oci_runtime_spec_process_capabilities *capabilites);
const defs_process_capabilities *capabilites);
int merge_caps(oci_runtime_spec *oci_spec, const char **adds, size_t adds_len, const char **drops,
size_t drops_len);
int refill_oci_process_capabilities(oci_runtime_spec_process_capabilities **caps,
int refill_oci_process_capabilities(defs_process_capabilities **caps,
const char **src_caps, size_t src_caps_len);
int merge_sysctls(oci_runtime_spec *oci_spec, const json_map_string_string *sysctls);
int merge_no_new_privileges(oci_runtime_spec *oci_spec, const host_config *host_spec);

63
src/services/execution/spec/verify.c
View File

@ -314,7 +314,7 @@ static int verify_oom_control(const sysinfo_t *sysinfo, bool oomdisable)
}
/* verify resources memory */
static int verify_resources_memory(const sysinfo_t *sysinfo, const oci_runtime_config_linux_resources_memory *memory)
static int verify_resources_memory(const sysinfo_t *sysinfo, const defs_resources_memory *memory)
{
int ret = 0;
@ -348,7 +348,7 @@ out:
}
/* verify resources pids */
static int verify_resources_pids(const sysinfo_t *sysinfo, const oci_runtime_config_linux_resources_pids *pids)
static int verify_resources_pids(const sysinfo_t *sysinfo, const defs_resources_pids *pids)
{
int ret = 0;
@ -703,7 +703,7 @@ out:
}
/* verify resources cpu */
static int verify_resources_cpu(const sysinfo_t *sysinfo, const oci_runtime_config_linux_resources_cpu *cpu)
static int verify_resources_cpu(const sysinfo_t *sysinfo, const defs_resources_cpu *cpu)
{
int ret = 0;
@ -919,7 +919,7 @@ out:
}
/* verify resources blkio */
static int verify_resources_blkio(const sysinfo_t *sysinfo, const oci_runtime_config_linux_resources_block_io *blkio)
static int verify_resources_blkio(const sysinfo_t *sysinfo, const defs_resources_block_io *blkio)
{
int ret = 0;
@ -949,8 +949,8 @@ out:
}
static bool check_hugetlbs_repeated(size_t newlen, const char *pagesize,
const oci_runtime_config_linux_resources_hugepage_limits_element *hugetlb,
oci_runtime_config_linux_resources_hugepage_limits_element **newtlb)
const defs_resources_hugepage_limits_element *hugetlb,
defs_resources_hugepage_limits_element **newtlb)
{
bool repeated = false;
size_t j;
@ -969,7 +969,7 @@ out:
return repeated;
}
static void free_hugetlbs_array(oci_runtime_config_linux_resources_hugepage_limits_element **hugetlb,
static void free_hugetlbs_array(defs_resources_hugepage_limits_element **hugetlb,
size_t hugetlb_len)
{
size_t i;
@ -980,7 +980,7 @@ static void free_hugetlbs_array(oci_runtime_config_linux_resources_hugepage_limi
for (i = 0; i < hugetlb_len; i++) {
if (hugetlb[i] != NULL) {
free_oci_runtime_config_linux_resources_hugepage_limits_element(hugetlb[i]);
free_defs_resources_hugepage_limits_element(hugetlb[i]);
hugetlb[i] = NULL;
}
}
@ -989,11 +989,11 @@ static void free_hugetlbs_array(oci_runtime_config_linux_resources_hugepage_limi
/* verify resources hugetlbs */
static int verify_resources_hugetlbs(const sysinfo_t *sysinfo,
oci_runtime_config_linux_resources_hugepage_limits_element ***hugetlb,
defs_resources_hugepage_limits_element ***hugetlb,
size_t *hugetlb_len)
{
int ret = 0;
oci_runtime_config_linux_resources_hugepage_limits_element **newhugetlb = NULL;
defs_resources_hugepage_limits_element **newhugetlb = NULL;
size_t newlen = 0;
size_t i;
@ -1008,7 +1008,7 @@ static int verify_resources_hugetlbs(const sysinfo_t *sysinfo,
for (i = 0; i < *hugetlb_len; i++) {
char *pagesize = NULL;
size_t newsize, oldsize;
oci_runtime_config_linux_resources_hugepage_limits_element **tmphugetlb;
defs_resources_hugepage_limits_element **tmphugetlb;
pagesize = validate_hugetlb((*hugetlb)[i]->page_size, (*hugetlb)[i]->limit);
if (pagesize == NULL) {
@ -1022,14 +1022,14 @@ static int verify_resources_hugetlbs(const sysinfo_t *sysinfo,
}
// append new hugetlb
if (newlen > SIZE_MAX / sizeof(oci_runtime_config_linux_resources_hugepage_limits_element *) - 1) {
if (newlen > SIZE_MAX / sizeof(defs_resources_hugepage_limits_element *) - 1) {
free(pagesize);
ERROR("Too many new hugetlb to append!");
ret = -1;
goto out;
}
newsize = sizeof(oci_runtime_config_linux_resources_hugepage_limits_element *) * (newlen + 1);
oldsize = newsize - sizeof(oci_runtime_config_linux_resources_hugepage_limits_element *);
newsize = sizeof(defs_resources_hugepage_limits_element *) * (newlen + 1);
oldsize = newsize - sizeof(defs_resources_hugepage_limits_element *);
ret = mem_realloc((void **)&tmphugetlb, newsize, newhugetlb, oldsize);
if (ret < 0) {
free(pagesize);
@ -1038,7 +1038,7 @@ static int verify_resources_hugetlbs(const sysinfo_t *sysinfo,
goto out;
}
newhugetlb = tmphugetlb;
newhugetlb[newlen] = util_common_calloc_s(sizeof(oci_runtime_config_linux_resources_hugepage_limits_element));
newhugetlb[newlen] = util_common_calloc_s(sizeof(defs_resources_hugepage_limits_element));
if (newhugetlb[newlen] == NULL) {
free(pagesize);
ERROR("Out of memory");
@ -1075,13 +1075,13 @@ static int adapt_memory_swap(const sysinfo_t *sysinfo, const int64_t *limit, int
}
/* adapt resources memory */
static int adapt_resources_memory(const sysinfo_t *sysinfo, oci_runtime_config_linux_resources_memory *memory)
static int adapt_resources_memory(const sysinfo_t *sysinfo, defs_resources_memory *memory)
{
return adapt_memory_swap(sysinfo, &(memory->limit), &(memory->swap));
}
/* verify linux resources */
static int verify_linux_resources(const sysinfo_t *sysinfo, oci_runtime_config_linux_resources *resources)
static int verify_linux_resources(const sysinfo_t *sysinfo, defs_resources *resources)
{
int ret = 0;
@ -1125,7 +1125,7 @@ out:
}
/* adapt linux resources */
static int adapt_linux_resources(const sysinfo_t *sysinfo, oci_runtime_config_linux_resources *resources)
static int adapt_linux_resources(const sysinfo_t *sysinfo, defs_resources *resources)
{
int ret = 0;
@ -1910,22 +1910,15 @@ out:
}
/* verify container settings start */
int verify_container_settings_start(const char *rootpath, const char *id)
int verify_container_settings_start(const oci_runtime_spec *oci_spec)
{
int ret = 0;
oci_runtime_spec *container = read_oci_config(rootpath, id);
if (container == NULL) {
ERROR("Failed to read oci config");
ret = -1;
goto out;
}
/* verify custom mount info, ensure source path exist */
if (container->mounts != NULL && container->mounts_len > 0) {
ret = verify_custom_mount(container->mounts, container->mounts_len);
if (oci_spec->mounts != NULL && oci_spec->mounts_len > 0) {
ret = verify_custom_mount(oci_spec->mounts, oci_spec->mounts_len);
}
out:
free_oci_runtime_spec(container);
return ret;
}
@ -1934,33 +1927,33 @@ static inline bool is_less_than_one_second(int64_t timeout)
return timeout != 0 && timeout < Time_Second;
}
int verify_health_check_parameter(const container_custom_config *custom_spec)
int verify_health_check_parameter(const container_config *container_spec)
{
int ret = 0;
if (custom_spec == NULL || custom_spec->health_check == NULL) {
if (container_spec == NULL || container_spec->health_check == NULL) {
return ret;
}
if (is_less_than_one_second(custom_spec->health_check->interval)) {
if (is_less_than_one_second(container_spec->health_check->interval)) {
ERROR("Interval in Healthcheck cannot be less than one second");
isulad_set_error_message("Interval in Healthcheck cannot be less than one second");
ret = -1;
goto out;
}
if (is_less_than_one_second(custom_spec->health_check->timeout)) {
if (is_less_than_one_second(container_spec->health_check->timeout)) {
ERROR("Timeout in Healthcheck cannot be less than one second");
isulad_set_error_message("Timeout in Healthcheck cannot be less than one second");
ret = -1;
goto out;
}
if (is_less_than_one_second(custom_spec->health_check->start_period)) {
if (is_less_than_one_second(container_spec->health_check->start_period)) {
ERROR("StartPeriod in Healthcheck cannot be less than one second");
isulad_set_error_message("StartPeriod in Healthcheck cannot be less than one second");
ret = -1;
goto out;
}
if (custom_spec->health_check->retries < 0) {
if (container_spec->health_check->retries < 0) {
ERROR("--health-retries cannot be negative");
isulad_set_error_message("--health-retries cannot be negative");
ret = -1;

4
src/services/execution/spec/verify.h
View File

@ -22,11 +22,11 @@ int verify_container_settings(const oci_runtime_spec *container);
int verify_oci_hook(const oci_runtime_spec_hooks *h);
int verify_container_settings_start(const char *rootpath, const char *id);
int verify_container_settings_start(const oci_runtime_spec *oci_spec);
int verify_host_config_settings(host_config *hostconfig, bool update);
int verify_health_check_parameter(const container_custom_config *custom_spec);
int verify_health_check_parameter(const container_config *container_spec);
#endif /* __VERIFY_H */