packages/iSulad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!658 update to v2.1.5

Browse Source 
* update to v2.1.5
This commit is contained in:
zhongtao 2024-02-04 02:17:02 +00:00 committed by haozi007
parent ec62a45688
commit ad9fca6166
79 changed files with 669 additions and 17644 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
0001-code-improve-for-sandbox.cc.patch Normal file
View File

@ -0,0 +1,27 @@
From 9497e03709a035805effd96eaa21f6c221a79e94 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Fri, 19 Jan 2024 17:12:30 +0800
Subject: [PATCH 1/6] code improve for sandbox.cc
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/sandbox/sandbox.cc | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/daemon/sandbox/sandbox.cc b/src/daemon/sandbox/sandbox.cc
index 359cfbad..7b6496ed 100644
--- a/src/daemon/sandbox/sandbox.cc
+++ b/src/daemon/sandbox/sandbox.cc
@@ -1086,8 +1086,7 @@ void Sandbox::FillSandboxMetadata(sandbox_metadata* metadata, Errors &error)
metadata->task_address = util_strdup_s(m_taskAddress.c_str());
metadata->net_ns_path = util_strdup_s(m_netNsPath.c_str());
- google::protobuf::util::MessageToJsonString(*m_sandboxConfig.get(), &jsonStr);
- if (jsonStr.length() == 0) {
+ if (!google::protobuf::util::MessageToJsonString(*m_sandboxConfig.get(), &jsonStr).ok()) {
error.Errorf("Failed to get sandbox config json for sandbox: '%s'", m_id.c_str());
ERROR("Failed to get sandbox config json for sandbox: '%s'", m_id.c_str());
}
--
2.25.1

347
0001-sandbox-del-m_containers-and-m_containersMutex.patch
View File

@ -1,347 +0,0 @@
From d1aa4166d8ce7f3db83ff1ffbd54b796943233b3 Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Tue, 24 Oct 2023 16:19:15 +0800
Subject: [PATCH 01/14] sandbox:del m_containers and m_containersMutex
---
.../v1/v1_cri_container_manager_service.cc | 30 -----
.../cri/v1/v1_cri_container_manager_service.h | 1 -
.../v1/v1_cri_pod_sandbox_manager_service.cc | 103 +++++++++++++++---
.../v1/v1_cri_pod_sandbox_manager_service.h | 7 +-
src/daemon/sandbox/sandbox.cc | 31 ------
src/daemon/sandbox/sandbox.h | 7 --
6 files changed, 95 insertions(+), 84 deletions(-)
diff --git a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
index eb19cac6..70629591 100644
--- a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
+++ b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
@@ -499,7 +499,6 @@ std::string ContainerManagerService::CreateContainer(const std::string &podSandb
}
response_id = response->id;
- sandbox->AddContainer(response_id);
cleanup:
free_container_create_request(request);
@@ -591,37 +590,8 @@ void ContainerManagerService::StopContainer(const std::string &containerID, int6
CRIHelpers::StopContainer(m_cb, containerID, timeout, error);
}
-// TODO: Consider to refactor the way we handle container list in sandbox.
-// This function might be removed after that.
-void ContainerManagerService::RemoveContainerIDFromSandbox(const std::string &containerID)
-{
- std::string realContainerID;
- std::string podSandboxID;
- Errors error;
-
- CRIHelpersV1::GetContainerSandboxID(containerID, realContainerID, podSandboxID, error);
- if (error.NotEmpty()) {
- WARN("Failed to get sandbox id for container %s: %s", containerID.c_str(), error.GetCMessage());
- return;
- }
-
- std::shared_ptr<sandbox::Sandbox> sandbox = sandbox::SandboxManager::GetInstance()->GetSandbox(podSandboxID);
- if (sandbox == nullptr) {
- ERROR("Failed to get sandbox instance: %s for creating container", podSandboxID.c_str());
- error.Errorf("Failed to get sandbox instance: %s for creating container", podSandboxID.c_str());
- return;
- }
-
- sandbox->RemoveContainer(realContainerID);
-}
-
void ContainerManagerService::RemoveContainer(const std::string &containerID, Errors &error)
{
- // TODO: Refactor after adding the ability to use sandbox manager for sandboxid query
- // This will remove container id from sandbox container_list first,
- // if the following operation failed, it could cause inconsistency.
- RemoveContainerIDFromSandbox(containerID);
-
CRIHelpers::RemoveContainer(m_cb, containerID, error);
if (error.NotEmpty()) {
WARN("Failed to remove container %s", containerID.c_str());
diff --git a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.h b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.h
index 31449170..1d210416 100644
--- a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.h
+++ b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.h
@@ -97,7 +97,6 @@ private:
void MakeContainerConfig(const runtime::v1::ContainerConfig &config, container_config *cConfig,
Errors &error);
void CreateContainerLogSymlink(const std::string &containerID, Errors &error);
- void RemoveContainerIDFromSandbox(const std::string &containerID);
void ListContainersFromGRPC(const runtime::v1::ContainerFilter *filter, container_list_request **request,
Errors &error);
void ListContainersToGRPC(container_list_response *response,
diff --git a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
index 901ef231..2c802900 100644
--- a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
+++ b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
@@ -452,20 +452,90 @@ auto PodSandboxManagerService::GetSandboxKey(const container_inspect *inspect_da
return std::string(inspect_data->network_settings->sandbox_key);
}
-auto PodSandboxManagerService::StopAllContainersInSandbox(const std::vector<std::string> &containers,
- Errors &error) -> bool
+auto PodSandboxManagerService::GetContainerListResponse(const std::string &readSandboxID,
+ std::vector<std::string> &errors) -> std::unique_ptr<CStructWrapper<container_list_response>>
{
+ int ret = 0;
+ container_list_request *list_request { nullptr };
+ container_list_response *list_response { nullptr };
+
+ if (m_cb == nullptr || m_cb->container.list == nullptr) {
+ ERROR("Unimplemented callback");
+ errors.push_back("Unimplemented callback");
+ return nullptr;
+ }
+
+ // list all containers to stop
+ auto list_request_wrapper = makeUniquePtrCStructWrapper<container_list_request>(free_container_list_request);
+ if (list_request_wrapper == nullptr) {
+ ERROR("Out of memory");
+ errors.push_back("Out of memory");
+ return nullptr;
+ }
+ list_request = list_request_wrapper->get();
+ list_request->all = true;
+
+ list_request->filters = (defs_filters *)util_common_calloc_s(sizeof(defs_filters));
+ if (list_request->filters == nullptr) {
+ ERROR("Out of memory");
+ errors.push_back("Out of memory");
+ return nullptr;
+ }
+
+ // Add sandbox label
+ if (CRIHelpers::FiltersAddLabel(list_request->filters, CRIHelpers::Constants::SANDBOX_ID_LABEL_KEY,
+ readSandboxID) != 0) {
+ std::string tmp_errmsg = "Failed to add label in sandbox" + readSandboxID;
+ ERROR(tmp_errmsg.c_str());
+ errors.push_back(tmp_errmsg);
+ return nullptr;
+ }
+
+ ret = m_cb->container.list(list_request, &list_response);
+ auto list_response_wrapper = makeUniquePtrCStructWrapper<container_list_response>(list_response, free_container_list_response);
+ if (list_response_wrapper == nullptr) {
+ ERROR("Failed to call list container callback");
+ errors.push_back("Failed to call list container callback");
+ return nullptr;
+ }
+ if (ret != 0) {
+ if (list_response != nullptr && list_response->errmsg != nullptr) {
+ ERROR(list_response->errmsg);
+ errors.push_back(list_response->errmsg);
+ } else {
+ ERROR("Failed to call list container callback");
+ errors.push_back("Failed to call list container callback");
+ }
+ return nullptr;
+ }
+
+ return list_response_wrapper;
+}
+
+auto PodSandboxManagerService::StopAllContainersInSandbox(const std::string &readSandboxID,
+ Errors &error) -> int
+{
+ int ret = 0;
+ std::vector<std::string> errors;
+ auto list_response_wrapper = GetContainerListResponse(readSandboxID, errors);
+ if (list_response_wrapper == nullptr) {
+ error.SetAggregate(errors);
+ return -1;
+ }
+ auto list_response = list_response_wrapper->get();
+
// Stop all containers in the sandbox.
- for (const auto &con : containers) {
+ for (size_t i = 0; i < list_response->containers_len; i++) {
Errors stopError;
- CRIHelpers::StopContainerHelper(m_cb, con, 0, stopError);
+ CRIHelpers::StopContainerHelper(m_cb, list_response->containers[i]->id, 0, stopError);
if (stopError.NotEmpty() && !CRIHelpers::IsContainerNotFoundError(stopError.GetMessage())) {
- ERROR("Error stop container: %s: %s", con.c_str(), stopError.GetCMessage());
+ ERROR("Error stop container: %s: %s", list_response->containers[i]->id, stopError.GetCMessage());
error.SetError(stopError.GetMessage());
- return false;
+ return -1;
}
}
- return true;
+
+ return ret;
}
auto PodSandboxManagerService::GetNetworkReady(const std::string &podSandboxID, Errors &error) -> bool
@@ -508,7 +578,7 @@ void PodSandboxManagerService::StopPodSandbox(const std::string &podSandboxID, E
// Stop all containers inside the sandbox. This terminates the container forcibly,
// and container may still be created, so production should not rely on this behavior.
// TODO: according to the state(stopping and removal) in sandbox to avoid future container creation.
- if (!StopAllContainersInSandbox(sandbox->GetContainers(), error)) {
+ if (StopAllContainersInSandbox(sandbox->GetId(), error) != 0) {
return;
}
@@ -524,15 +594,22 @@ void PodSandboxManagerService::StopPodSandbox(const std::string &podSandboxID, E
sandbox->Stop(sandbox::DEFAULT_STOP_TIMEOUT, error);
}
-void PodSandboxManagerService::RemoveAllContainersInSandbox(const std::vector<std::string> &containers,
+void PodSandboxManagerService::RemoveAllContainersInSandbox(const std::string &readSandboxID,
std::vector<std::string> &errors)
{
+ auto list_response_wrapper = GetContainerListResponse(readSandboxID, errors);
+ if (list_response_wrapper == nullptr) {
+ return;
+ }
+
+ auto list_response = list_response_wrapper->get();
+
// Remove all containers in the sandbox.
- for (const auto &con : containers) {
+ for (size_t i = 0; i < list_response->containers_len; i++) {
Errors rmError;
- CRIHelpers::RemoveContainerHelper(m_cb, con, rmError);
+ CRIHelpers::RemoveContainerHelper(m_cb, list_response->containers[i]->id, rmError);
if (rmError.NotEmpty() && !CRIHelpers::IsContainerNotFoundError(rmError.GetMessage())) {
- ERROR("Error remove container: %s: %s", con.c_str(), rmError.GetCMessage());
+ ERROR("Error remove container: %s: %s", list_response->containers[i]->id, rmError.GetCMessage());
errors.push_back(rmError.GetMessage());
}
}
@@ -598,7 +675,7 @@ void PodSandboxManagerService::RemovePodSandbox(const std::string &podSandboxID,
// Remove all containers inside the sandbox.
// container may still be created, so production should not rely on this behavior.
// TODO: according to the state(stopping and removal) in sandbox to avoid future container creation.
- RemoveAllContainersInSandbox(sandbox->GetContainers(), errors);
+ RemoveAllContainersInSandbox(sandbox->GetId(), errors);
if (errors.size() != 0) {
error.SetAggregate(errors);
return;
diff --git a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.h b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.h
index 48a7cf7f..2bd28007 100644
--- a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.h
+++ b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.h
@@ -32,6 +32,7 @@
#include "cgroup.h"
#include "sandbox.h"
#include "v1_cri_container_manager_service.h"
+#include "cstruct_wrapper.h"
namespace CRIV1 {
class PodSandboxManagerService {
@@ -89,9 +90,11 @@ private:
Errors &error);
void ClearCniNetwork(const std::shared_ptr<sandbox::Sandbox> sandbox, Errors &error);
void StopContainerHelper(const std::string &containerID, Errors &error);
- auto StopAllContainersInSandbox(const std::vector<std::string> &containers, Errors &error) -> bool;
+ auto GetContainerListResponse(const std::string &readSandboxID,
+ std::vector<std::string> &errors) -> std::unique_ptr<CStructWrapper<container_list_response>>;
+ auto StopAllContainersInSandbox(const std::string &readSandboxID, Errors &error) -> int;
auto GetNetworkReady(const std::string &podSandboxID, Errors &error) -> bool;
- void RemoveAllContainersInSandbox(const std::vector<std::string> &containers, std::vector<std::string> &errors);
+ void RemoveAllContainersInSandbox(const std::string &readSandboxID, std::vector<std::string> &errors);
void ClearNetworkReady(const std::string &podSandboxID);
auto SharesHostNetwork(const container_inspect *inspect) -> runtime::v1::NamespaceMode;
auto SharesHostPid(const container_inspect *inspect) -> runtime::v1::NamespaceMode;
diff --git a/src/daemon/sandbox/sandbox.cc b/src/daemon/sandbox/sandbox.cc
index ece28f4d..c8fd30be 100644
--- a/src/daemon/sandbox/sandbox.cc
+++ b/src/daemon/sandbox/sandbox.cc
@@ -135,12 +135,6 @@ auto Sandbox::GetRuntimeHandle() const -> const std::string &
return m_runtimeInfo.runtimeHandler;
}
-auto Sandbox::GetContainers() -> std::vector<std::string>
-{
- ReadGuard<RWMutex> lock(m_containersMutex);
- return m_containers;
-}
-
auto Sandbox::GetSandboxConfig() const -> const runtime::v1::PodSandboxConfig &
{
return *m_sandboxConfig;
@@ -409,27 +403,6 @@ void Sandbox::RemoveLabels(const std::string &key)
m_sandboxConfig->mutable_labels()->erase(key);
}
-void Sandbox::AddContainer(const std::string &id)
-{
- WriteGuard<RWMutex> lock(m_containersMutex);
- m_containers.push_back(id);
-}
-
-void Sandbox::SetConatiners(const std::vector<std::string> &cons)
-{
- WriteGuard<RWMutex> lock(m_containersMutex);
- m_containers = cons;
-}
-
-void Sandbox::RemoveContainer(const std::string &id)
-{
- WriteGuard<RWMutex> lock(m_containersMutex);
- auto it = std::find(m_containers.begin(), m_containers.end(), id);
- if (it != m_containers.end()) {
- m_containers.erase(it);
- }
-}
-
void Sandbox::UpdateNetworkSettings(const std::string &settingsJson, Errors &error)
{
if (settingsJson.length() == 0) {
@@ -1009,8 +982,6 @@ auto Sandbox::LoadMetadata(Errors &error) -> bool
m_networkReady = metadata->get()->network_ready;
m_taskAddress = std::string(metadata->get()->task_address);
m_netNsPath = std::string(metadata->get()->net_ns_path);
- Transform::CharArrayToStringVector((const char **)metadata->get()->containers,
- util_array_len((const char **)metadata->get()->containers), m_containers);
ret = google::protobuf::util::JsonStringToMessage(metadata->get()->sandbox_config_json, &config).ok();
if (!ret) {
@@ -1120,8 +1091,6 @@ void Sandbox::FillSandboxMetadata(sandbox_metadata* metadata, Errors &error)
metadata->task_address = util_strdup_s(m_taskAddress.c_str());
metadata->net_ns_path = util_strdup_s(m_netNsPath.c_str());
- metadata->containers = Transform::StringVectorToCharArray(m_containers);
-
google::protobuf::util::MessageToJsonString(*m_sandboxConfig.get(), &jsonStr);
if (jsonStr.length() == 0) {
error.Errorf("Failed to get sandbox config json for sandbox: '%s'", m_id.c_str());
diff --git a/src/daemon/sandbox/sandbox.h b/src/daemon/sandbox/sandbox.h
index 13ee4958..20a8e338 100644
--- a/src/daemon/sandbox/sandbox.h
+++ b/src/daemon/sandbox/sandbox.h
@@ -104,7 +104,6 @@ public:
auto GetCreatedAt() -> uint64_t;
auto GetPid() -> uint32_t;
auto GetTaskAddress() const -> const std::string &;
- auto GetContainers() -> std::vector<std::string>;
auto GetImage() -> const std::string &;
void SetNetMode(const std::string &mode);
void SetController(std::shared_ptr<Controller> controller);
@@ -112,9 +111,6 @@ public:
void RemoveAnnotations(const std::string &key);
void AddLabels(const std::string &key, const std::string &value);
void RemoveLabels(const std::string &key);
- void AddContainer(const std::string &id);
- void SetConatiners(const std::vector<std::string> &cons);
- void RemoveContainer(const std::string &id);
void UpdateNetworkSettings(const std::string &settingsJson, Errors &error);
auto UpdateStatsInfo(const StatsInfo &info) -> StatsInfo;
void SetNetworkReady(bool ready);
@@ -203,9 +199,6 @@ private:
bool m_networkReady;
std::string m_networkSettings;
std::string m_image;
- // container id lists
- std::vector<std::string> m_containers;
- RWMutex m_containersMutex;
// TOOD: m_sandboxConfig is a protobuf message, it can be converted to json string directly
// if save json string directly for sandbox recover, we need to consider hot
// upgrade between different CRI versions
--
2.42.0

255
0002-fix-compile-error-with-protobuf-25.1-and-grpc-1.60.x.patch Normal file
View File

@ -0,0 +1,255 @@
From 71f8d4accbec5153b362281bbaf9a516ccd083f5 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 22 Jan 2024 15:55:16 +0800
Subject: [PATCH 2/6] fix compile error with protobuf 25.1 and grpc 1.60.x
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
cmake/checker.cmake | 76 +++++++++++++++++++
cmake/protoc.cmake | 3 -
src/CMakeLists.txt | 12 +--
.../sandbox/controller/manager/CMakeLists.txt | 4 +-
.../sandboxer/async_wait_call/CMakeLists.txt | 4 +-
.../sandboxer/sandboxer_client/CMakeLists.txt | 4 +-
.../sandboxer_controller/CMakeLists.txt | 4 +-
test/sandbox/controller/shim/CMakeLists.txt | 4 +-
test/sandbox/sandbox/CMakeLists.txt | 4 +-
test/sandbox/sandbox_manager/CMakeLists.txt | 4 +-
10 files changed, 87 insertions(+), 32 deletions(-)
diff --git a/cmake/checker.cmake b/cmake/checker.cmake
index e19618e4..b0c395ef 100644
--- a/cmake/checker.cmake
+++ b/cmake/checker.cmake
@@ -154,7 +154,83 @@ if (GRPC_CONNECTOR)
find_library(GPR_LIBRARY gpr)
_CHECK(GPR_LIBRARY "GPR_LIBRARY-NOTFOUND" "libgpr.so")
# no check
+
+ # The use of absl libraries depends on the version of protobuf and grpc.
+ # Versions of protobuf before v22.0 do not require absl libraries at all.
+ # However, versions after v22.0 require the support of absl libraries.
+ # As a result, we skip the check for absl libraries in order to accommodate different protobuf and grpc versions.
+ set(ISULAD_ABSL_USED_TARGETS)
find_library(ABSL_SYNC_LIB absl_synchronization)
+ if (ABSL_SYNC_LIB)
+ set(ISULAD_ABSL_USED_TARGETS
+ ${ISULAD_ABSL_USED_TARGETS}
+ ${ABSL_SYNC_LIB}
+ )
+ endif()
+
+ find_library(ABSL_CORD_LIB absl_cord)
+ if (ABSL_CORD_LIB)
+ set(ISULAD_ABSL_USED_TARGETS
+ ${ISULAD_ABSL_USED_TARGETS}
+ ${ABSL_CORD_LIB}
+ )
+ endif()
+
+ find_library(ABSL_CORDZ_FUNCTIONS_LIB absl_cordz_functions)
+ if (ABSL_CORDZ_FUNCTIONS_LIB)
+ set(ISULAD_ABSL_USED_TARGETS
+ ${ISULAD_ABSL_USED_TARGETS}
+ ${ABSL_CORDZ_FUNCTIONS_LIB}
+ )
+ endif()
+
+ find_library(ABSL_CORDZ_INFO_LIB absl_cordz_info)
+ if (ABSL_CORDZ_INFO_LIB)
+ set(ISULAD_ABSL_USED_TARGETS
+ ${ISULAD_ABSL_USED_TARGETS}
+ ${ABSL_CORDZ_INFO_LIB}
+ )
+ endif()
+
+ find_library(ABSL_HASH_LIB absl_hash)
+ if (ABSL_HASH_LIB)
+ set(ISULAD_ABSL_USED_TARGETS
+ ${ISULAD_ABSL_USED_TARGETS}
+ ${ABSL_HASH_LIB}
+ )
+ endif()
+
+ find_library(ABSL_LOG_INTERNAL_CHECK_OP_LIB absl_log_internal_check_op)
+ if (ABSL_LOG_INTERNAL_CHECK_OP_LIB)
+ set(ISULAD_ABSL_USED_TARGETS
+ ${ISULAD_ABSL_USED_TARGETS}
+ ${ABSL_LOG_INTERNAL_CHECK_OP_LIB}
+ )
+ endif()
+
+ find_library(ABSL_LOG_INTERNAL_MESSAGE_LIB absl_log_internal_message)
+ if (ABSL_LOG_INTERNAL_MESSAGE_LIB)
+ set(ISULAD_ABSL_USED_TARGETS
+ ${ISULAD_ABSL_USED_TARGETS}
+ ${ABSL_LOG_INTERNAL_MESSAGE_LIB}
+ )
+ endif()
+
+ find_library(ABSL_LOG_INTERNAL_NULLGUARD_LIB absl_log_internal_nullguard)
+ if (ABSL_LOG_INTERNAL_NULLGUARD_LIB)
+ set(ISULAD_ABSL_USED_TARGETS
+ ${ISULAD_ABSL_USED_TARGETS}
+ ${ABSL_LOG_INTERNAL_NULLGUARD_LIB}
+ )
+ endif()
+
+ find_library(ABSL_STATUS_LIB absl_status)
+ if (ABSL_STATUS_LIB)
+ set(ISULAD_ABSL_USED_TARGETS
+ ${ISULAD_ABSL_USED_TARGETS}
+ ${ABSL_STATUS_LIB}
+ )
+ endif()
# check websocket
find_path(WEBSOCKET_INCLUDE_DIR libwebsockets.h)
diff --git a/cmake/protoc.cmake b/cmake/protoc.cmake
index 80c08687..6e2d1b84 100644
--- a/cmake/protoc.cmake
+++ b/cmake/protoc.cmake
@@ -69,9 +69,6 @@ endif()
if (ENABLE_CRI_API_V1 AND ENABLE_SANDBOXER)
execute_process(COMMAND mkdir -p ${SANDBOX_PROTOS_OUT_PATH})
- PROTOC_CPP_GEN(sandbox ${SANDBOX_PROTOS_OUT_PATH} ${PROTOS_PATH}/sandbox/google/protobuf/any.proto)
- PROTOC_CPP_GEN(sandbox ${SANDBOX_PROTOS_OUT_PATH} ${PROTOS_PATH}/sandbox/google/protobuf/empty.proto)
- PROTOC_CPP_GEN(sandbox ${SANDBOX_PROTOS_OUT_PATH} ${PROTOS_PATH}/sandbox/google/protobuf/timestamp.proto)
PROTOC_CPP_GEN(sandbox ${SANDBOX_PROTOS_OUT_PATH} ${PROTOS_PATH}/sandbox/sandbox/types/sandbox.proto)
PROTOC_CPP_GEN(sandbox ${SANDBOX_PROTOS_OUT_PATH} ${PROTOS_PATH}/sandbox/sandbox/types/mount.proto)
PROTOC_CPP_GEN(sandbox ${SANDBOX_PROTOS_OUT_PATH} ${PROTOS_PATH}/sandbox/sandbox/types/platform.proto)
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 860447de..d1bc65f9 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -85,10 +85,8 @@ target_link_libraries(libisula_client libisulad_tools)
if (GRPC_CONNECTOR)
target_link_libraries(libisula_client -Wl,--as-needed -lstdc++)
target_link_libraries(libisula_client -Wl,--as-needed ${PROTOBUF_LIBRARY})
- target_link_libraries(libisula_client -Wl,--no-as-needed ${GRPC_PP_REFLECTION_LIBRARY} ${GRPC_PP_LIBRARY} ${GRPC_LIBRARY} ${GPR_LIBRARY})
- if(ABSL_SYNC_LIB)
- target_link_libraries(libisula_client -Wl,--no-as-needed ${ABSL_SYNC_LIB})
- endif()
+ target_link_libraries(libisula_client -Wl,--as-needed ${GRPC_PP_REFLECTION_LIBRARY} ${GRPC_PP_LIBRARY} ${GRPC_LIBRARY} ${GPR_LIBRARY})
+ target_link_libraries(libisula_client -Wl,--as-needed ${ISULAD_ABSL_USED_TARGETS})
else()
target_link_libraries(libisula_client -ldl libhttpclient)
set_target_properties(libisula_client PROPERTIES LINKER_LANGUAGE "C")
@@ -182,13 +180,11 @@ endif()
if (GRPC_CONNECTOR)
target_link_libraries(isulad -Wl,--as-needed -lstdc++)
target_link_libraries(isulad -Wl,--as-needed ${WEBSOCKET_LIBRARY} ${PROTOBUF_LIBRARY})
- target_link_libraries(isulad -Wl,--no-as-needed ${GRPC_PP_REFLECTION_LIBRARY} ${GRPC_PP_LIBRARY} ${GRPC_LIBRARY} ${GPR_LIBRARY})
+ target_link_libraries(isulad -Wl,--as-needed ${GRPC_PP_REFLECTION_LIBRARY} ${GRPC_PP_LIBRARY} ${GRPC_LIBRARY} ${GPR_LIBRARY})
if (ENABLE_METRICS)
target_link_libraries(isulad ${EVHTP_LIBRARY} ${EVENT_LIBRARY})
endif()
- if(ABSL_SYNC_LIB)
- target_link_libraries(isulad -Wl,--no-as-needed ${ABSL_SYNC_LIB})
- endif()
+ target_link_libraries(isulad -Wl,--as-needed ${ISULAD_ABSL_USED_TARGETS})
else()
message("Restful iSulad")
target_link_libraries(isulad ${EVHTP_LIBRARY} ${EVENT_LIBRARY})
diff --git a/test/sandbox/controller/manager/CMakeLists.txt b/test/sandbox/controller/manager/CMakeLists.txt
index 3724538e..6e8c9052 100644
--- a/test/sandbox/controller/manager/CMakeLists.txt
+++ b/test/sandbox/controller/manager/CMakeLists.txt
@@ -40,8 +40,6 @@ target_include_directories(${EXE} PUBLIC
)
target_link_libraries(${EXE} ${GTEST_BOTH_LIBRARIES} ${GMOCK_LIBRARY} ${GMOCK_MAIN_LIBRARY} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} libutils_ut -lgrpc -lgrpc++ -lprotobuf -lcrypto -lyajl -lz)
-if(ABSL_SYNC_LIB)
- target_link_libraries(${EXE} -Wl,--no-as-needed ${ABSL_SYNC_LIB})
-endif()
+target_link_libraries(${EXE} -Wl,--as-needed ${ISULAD_ABSL_USED_TARGETS})
add_test(NAME ${EXE} COMMAND ${EXE} --gtest_output=xml:${EXE}-Results.xml)
set_tests_properties(${EXE} PROPERTIES TIMEOUT 120)
diff --git a/test/sandbox/controller/sandboxer/async_wait_call/CMakeLists.txt b/test/sandbox/controller/sandboxer/async_wait_call/CMakeLists.txt
index c8eb803e..0631988a 100644
--- a/test/sandbox/controller/sandboxer/async_wait_call/CMakeLists.txt
+++ b/test/sandbox/controller/sandboxer/async_wait_call/CMakeLists.txt
@@ -32,8 +32,6 @@ target_include_directories(${EXE} PUBLIC
)
target_link_libraries(${EXE} ${GTEST_BOTH_LIBRARIES} ${GMOCK_LIBRARY} ${GMOCK_MAIN_LIBRARY} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} libutils_ut -lgrpc -lgrpc++ -lprotobuf -lcrypto -lyajl -lz)
-if(ABSL_SYNC_LIB)
- target_link_libraries(${EXE} -Wl,--no-as-needed ${ABSL_SYNC_LIB})
-endif()
+target_link_libraries(${EXE} -Wl,--as-needed ${ISULAD_ABSL_USED_TARGETS})
add_test(NAME ${EXE} COMMAND ${EXE} --gtest_output=xml:${EXE}-Results.xml)
set_tests_properties(${EXE} PROPERTIES TIMEOUT 120)
diff --git a/test/sandbox/controller/sandboxer/sandboxer_client/CMakeLists.txt b/test/sandbox/controller/sandboxer/sandboxer_client/CMakeLists.txt
index 91f26883..881797c6 100644
--- a/test/sandbox/controller/sandboxer/sandboxer_client/CMakeLists.txt
+++ b/test/sandbox/controller/sandboxer/sandboxer_client/CMakeLists.txt
@@ -36,8 +36,6 @@ target_include_directories(${EXE} PUBLIC
)
target_link_libraries(${EXE} ${GTEST_BOTH_LIBRARIES} ${GMOCK_LIBRARY} ${GMOCK_MAIN_LIBRARY} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} libutils_ut -lgrpc -lgrpc++ -lprotobuf -lcrypto -lyajl -lz)
-if(ABSL_SYNC_LIB)
- target_link_libraries(${EXE} -Wl,--no-as-needed ${ABSL_SYNC_LIB})
-endif()
+target_link_libraries(${EXE} -Wl,--as-needed ${ISULAD_ABSL_USED_TARGETS})
add_test(NAME ${EXE} COMMAND ${EXE} --gtest_output=xml:${EXE}-Results.xml)
set_tests_properties(${EXE} PROPERTIES TIMEOUT 120)
diff --git a/test/sandbox/controller/sandboxer/sandboxer_controller/CMakeLists.txt b/test/sandbox/controller/sandboxer/sandboxer_controller/CMakeLists.txt
index d38392e0..963ce9a5 100644
--- a/test/sandbox/controller/sandboxer/sandboxer_controller/CMakeLists.txt
+++ b/test/sandbox/controller/sandboxer/sandboxer_controller/CMakeLists.txt
@@ -33,8 +33,6 @@ target_include_directories(${EXE} PUBLIC
)
target_link_libraries(${EXE} ${GTEST_BOTH_LIBRARIES} ${GMOCK_LIBRARY} ${GMOCK_MAIN_LIBRARY} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} libutils_ut -lgrpc -lgrpc++ -lprotobuf -lcrypto -lyajl -lz)
-if(ABSL_SYNC_LIB)
- target_link_libraries(${EXE} -Wl,--no-as-needed ${ABSL_SYNC_LIB})
-endif()
+target_link_libraries(${EXE} -Wl,--as-needed ${ISULAD_ABSL_USED_TARGETS})
add_test(NAME ${EXE} COMMAND ${EXE} --gtest_output=xml:${EXE}-Results.xml)
set_tests_properties(${EXE} PROPERTIES TIMEOUT 120)
diff --git a/test/sandbox/controller/shim/CMakeLists.txt b/test/sandbox/controller/shim/CMakeLists.txt
index af066546..6423bb80 100644
--- a/test/sandbox/controller/shim/CMakeLists.txt
+++ b/test/sandbox/controller/shim/CMakeLists.txt
@@ -50,8 +50,6 @@ target_include_directories(${EXE} PUBLIC
)
target_link_libraries(${EXE} ${GTEST_BOTH_LIBRARIES} ${GMOCK_LIBRARY} ${GMOCK_MAIN_LIBRARY} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} libutils_ut -lgrpc++ -lprotobuf -lcrypto -lyajl -lz)
-if(ABSL_SYNC_LIB)
- target_link_libraries(${EXE} -Wl,--no-as-needed ${ABSL_SYNC_LIB})
-endif()
+target_link_libraries(${EXE} -Wl,--as-needed ${ISULAD_ABSL_USED_TARGETS})
add_test(NAME ${EXE} COMMAND ${EXE} --gtest_output=xml:${EXE}-Results.xml)
set_tests_properties(${EXE} PROPERTIES TIMEOUT 120)
diff --git a/test/sandbox/sandbox/CMakeLists.txt b/test/sandbox/sandbox/CMakeLists.txt
index efcc2bdc..138d4d8d 100644
--- a/test/sandbox/sandbox/CMakeLists.txt
+++ b/test/sandbox/sandbox/CMakeLists.txt
@@ -48,8 +48,6 @@ target_include_directories(${EXE} PUBLIC
)
target_link_libraries(${EXE} ${GTEST_BOTH_LIBRARIES} ${GMOCK_LIBRARY} ${GMOCK_MAIN_LIBRARY} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} libutils_ut -lgrpc -lgrpc++ -lprotobuf -lcrypto -lyajl -lz)
-if(ABSL_SYNC_LIB)
- target_link_libraries(${EXE} -Wl,--no-as-needed ${ABSL_SYNC_LIB})
-endif()
+target_link_libraries(${EXE} -Wl,--as-needed ${ISULAD_ABSL_USED_TARGETS})
add_test(NAME ${EXE} COMMAND ${EXE} --gtest_output=xml:${EXE}-Results.xml)
set_tests_properties(${EXE} PROPERTIES TIMEOUT 120)
diff --git a/test/sandbox/sandbox_manager/CMakeLists.txt b/test/sandbox/sandbox_manager/CMakeLists.txt
index f43b0f97..5a7cb2ea 100644
--- a/test/sandbox/sandbox_manager/CMakeLists.txt
+++ b/test/sandbox/sandbox_manager/CMakeLists.txt
@@ -48,8 +48,6 @@ target_include_directories(${EXE} PUBLIC
)
set_target_properties(${EXE} PROPERTIES LINK_FLAGS "-Wl,--wrap,util_list_all_subdir")
target_link_libraries(${EXE} ${GTEST_BOTH_LIBRARIES} ${GMOCK_LIBRARY} ${GMOCK_MAIN_LIBRARY} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} libutils_ut -lgrpc -lgrpc++ -lprotobuf -lcrypto -lyajl -lz)
-if(ABSL_SYNC_LIB)
- target_link_libraries(${EXE} -Wl,--no-as-needed ${ABSL_SYNC_LIB})
-endif()
+target_link_libraries(${EXE} -Wl,--as-needed ${ISULAD_ABSL_USED_TARGETS})
add_test(NAME ${EXE} COMMAND ${EXE} --gtest_output=xml:${EXE}-Results.xml)
set_tests_properties(${EXE} PROPERTIES TIMEOUT 120)
--
2.25.1

167
0002-sandbox-adapt-UT-when-del-m_containers-and-m_contain.patch
View File

@ -1,167 +0,0 @@
From 415d7dca6175136ca4c1c780f1e512fd363d01c4 Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Fri, 3 Nov 2023 14:27:45 +0800
Subject: [PATCH 02/14] sandbox:adapt UT when del m_containers and
m_containersMutex
---
.../design/detailed/Sandbox/sandbox_design_zh.md | 16 +---------------
test/mocks/sandbox_mock.cc | 11 -----------
test/mocks/sandbox_mock.h | 4 ----
test/sandbox/sandbox/sandbox_ut.cc | 14 --------------
4 files changed, 1 insertion(+), 44 deletions(-)
diff --git a/docs/design/detailed/Sandbox/sandbox_design_zh.md b/docs/design/detailed/Sandbox/sandbox_design_zh.md
index 86acd70b..109094cb 100644
--- a/docs/design/detailed/Sandbox/sandbox_design_zh.md
+++ b/docs/design/detailed/Sandbox/sandbox_design_zh.md
@@ -99,7 +99,6 @@ auto GetNetworkSettings() -> const std::string &;
auto GetCreatedAt() -> uint64_t;
auto GetPid() -> uint32_t;
auto GetTaskAddress() const -> const std::string &;
-auto GetContainers() -> std::vector<std::string>;
// 设置和更新sandbox的变量值
void SetNetMode(const std::string &mode);
@@ -108,9 +107,6 @@ void AddAnnotations(const std::string &key, const std::string &value);
void RemoveAnnotations(const std::string &key);
void AddLabels(const std::string &key, const std::string &value);
void RemoveLabels(const std::string &key);
-void AddContainer(const std::string &id);
-void SetConatiners(const std::vector<std::string> &cons);
-void RemoveContainer(const std::string &id);
void UpdateNetworkSettings(const std::string &settingsJson, Errors &error);
auto UpdateStatsInfo(const StatsInfo &info) -> StatsInfo;
void SetNetworkReady(bool ready);
@@ -252,16 +248,12 @@ public:
auto GetCreatedAt() -> uint64_t;
auto GetPid() -> uint32_t;
auto GetTaskAddress() const -> const std::string &;
- auto GetContainers() -> std::vector<std::string>;
void SetNetMode(const std::string &mode);
void SetController(std::shared_ptr<Controller> controller);
void AddAnnotations(const std::string &key, const std::string &value);
void RemoveAnnotations(const std::string &key);
void AddLabels(const std::string &key, const std::string &value);
void RemoveLabels(const std::string &key);
- void AddContainer(const std::string &id);
- void SetConatiners(const std::vector<std::string> &cons);
- void RemoveContainer(const std::string &id);
void UpdateNetworkSettings(const std::string &settingsJson, Errors &error);
auto UpdateStatsInfo(const StatsInfo &info) -> StatsInfo;
void SetNetworkReady(bool ready);
@@ -347,9 +339,6 @@ private:
std::string m_networkMode;
bool m_networkReady;
std::string m_networkSettings;
- // container id lists
- std::vector<std::string> m_containers;
- RWMutex m_containersMutex;
// TOOD: m_sandboxConfig is a protobuf message, it can be converted to json string directly
// if save json string directly for sandbox recover, we need to consider hot
// upgrade between different CRI versions
@@ -410,9 +399,7 @@ std::string m_netNsPath;
std::string m_networkMode;
bool m_networkReady;
std::string m_networkSettings;
-// container id lists
-std::vector<std::string> m_containers;
-RWMutex m_containersMutex;
+
// TOOD: m_sandboxConfig is a protobuf message, it can be converted to json string directly
// if save json string directly for sandbox recover, we need to consider hot
// upgrade between different CRI versions
@@ -430,7 +417,6 @@ std::set<uint32_t> m_vsockPorts;
1. m_mutex: 保障并发sandbox的生命周期操作start, stop, remove
2. m_stateMutex:保障并发对m_statem_statsInfom_networkSettings的修改与读取
-3. m_containersMutex保障对m_containers的并发操作
## 4.2 sandbox manage 模块
diff --git a/test/mocks/sandbox_mock.cc b/test/mocks/sandbox_mock.cc
index ab6c2d60..e5aefdda 100644
--- a/test/mocks/sandbox_mock.cc
+++ b/test/mocks/sandbox_mock.cc
@@ -77,14 +77,6 @@ const std::string &Sandbox::GetRuntimeHandle() const
return defaultStr;
}
-std::vector<std::string> Sandbox::GetContainers()
-{
- if (g_sandbox_mock != nullptr) {
- return g_sandbox_mock->GetContainers();
- }
- return defaultVec;
-}
-
const runtime::v1::PodSandboxConfig & Sandbox::GetSandboxConfig() const
{
if (g_sandbox_mock != nullptr) {
@@ -154,9 +146,6 @@ void Sandbox::AddAnnotations(const std::string &key, const std::string &value) {
void Sandbox::RemoveAnnotations(const std::string &key) {}
void Sandbox::AddLabels(const std::string &key, const std::string &value) {}
void Sandbox::RemoveLabels(const std::string &key) {}
-void Sandbox::AddContainer(const std::string &id) {}
-void Sandbox::SetConatiners(const std::vector<std::string> &cons) {}
-void Sandbox::RemoveContainer(const std::string &id) {}
void Sandbox::UpdateNetworkSettings(const std::string &settingsJson, Errors &error) {}
void Sandbox::PrepareSandboxDirs(Errors &error) {}
void Sandbox::CleanupSandboxDirs() {}
diff --git a/test/mocks/sandbox_mock.h b/test/mocks/sandbox_mock.h
index 6b46dca6..341042e9 100644
--- a/test/mocks/sandbox_mock.h
+++ b/test/mocks/sandbox_mock.h
@@ -31,7 +31,6 @@ public:
MOCK_METHOD0(GetName, const std::string & ());
MOCK_METHOD0(GetSandboxer, const std::string & ());
MOCK_METHOD0(GetRuntimeHandle, const std::string & ());
- MOCK_METHOD0(GetContainers, std::vector<std::string>());
MOCK_METHOD0(GetSandboxConfig, const runtime::v1::PodSandboxConfig &());
MOCK_METHOD0(GetMutableSandboxConfig, std::shared_ptr<runtime::v1::PodSandboxConfig>());
MOCK_METHOD0(GetRootDir, const std::string & ());
@@ -46,9 +45,6 @@ public:
MOCK_METHOD1(RemoveAnnotations, void(const std::string &key));
MOCK_METHOD2(AddLabels, void(const std::string &key, const std::string &value));
MOCK_METHOD1(RemoveLabels, void(const std::string &key));
- MOCK_METHOD1(AddContainer, void(const std::string &id));
- MOCK_METHOD1(SetConatiners, void(const std::vector<std::string> &cons));
- MOCK_METHOD1(RemoveContainer, void(const std::string &id));
MOCK_METHOD2(UpdateNetworkSettings, void(const std::string &settingsJson, Errors &error));
MOCK_METHOD1(UpdateStatsInfo, StatsInfo(const StatsInfo &info));
MOCK_METHOD1(SetNetworkReady, void(bool ready));
diff --git a/test/sandbox/sandbox/sandbox_ut.cc b/test/sandbox/sandbox/sandbox_ut.cc
index 494fb543..dd84d8fb 100644
--- a/test/sandbox/sandbox/sandbox_ut.cc
+++ b/test/sandbox/sandbox/sandbox_ut.cc
@@ -49,7 +49,6 @@ TEST_F(SandboxTest, TestDefaultGetters)
ASSERT_STREQ(sandbox->GetRuntime().c_str(), info.runtime.c_str());
ASSERT_STREQ(sandbox->GetSandboxer().c_str(), info.sandboxer.c_str());
ASSERT_STREQ(sandbox->GetRuntimeHandle().c_str(), info.runtimeHandler.c_str());
- ASSERT_EQ(sandbox->GetContainers().size(), 0);
ASSERT_STREQ(sandbox->GetRootDir().c_str(), sandbox_rootdir.c_str());
ASSERT_STREQ(sandbox->GetStateDir().c_str(), sandbox_statedir.c_str());
ASSERT_STREQ(sandbox->GetResolvPath().c_str(), (sandbox_rootdir + "/resolv.conf").c_str());
@@ -85,19 +84,6 @@ TEST_F(SandboxTest, TestGettersAndSetters)
sandbox->RemoveLabels("key");
EXPECT_TRUE(sandbox->GetSandboxConfig().labels().empty());
- std::string containerId = "container_id";
- sandbox->AddContainer(containerId);
- auto Mycontainers = sandbox->GetContainers();
- auto it = std::find(Mycontainers.begin(), Mycontainers.end(), containerId);
- EXPECT_NE(Mycontainers.end(), it);
-
- sandbox->RemoveContainer(containerId);
- EXPECT_EQ(sandbox->GetContainers().size(), 0);
-
- std::vector<std::string> containers = {"container1", "container2"};
- sandbox->SetConatiners(containers);
- EXPECT_EQ(sandbox->GetContainers(), containers);
-
StatsInfo statsInfo = {1234, 100};
sandbox->UpdateStatsInfo(statsInfo);
EXPECT_EQ(sandbox->GetStatsInfo().timestamp, statsInfo.timestamp);
--
2.42.0

642
0003-Add-Readonly-Masked-Path-and-RunAsGroup-support-for-.patch
View File

@ -1,642 +0,0 @@
From c1eb46b00ea65fc5601f0d843bc485d087f687e0 Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Mon, 6 Nov 2023 17:31:58 +0800
Subject: [PATCH 03/14] Add Readonly/Masked Path and RunAsGroup support for cri
Signed-off-by: jikai<jikai11@huawei.com>
---
.../common/cri/v1/v1_cri_security_context.cc | 111 ++++++++++++++++--
.../v1/v1_cri_container_manager_service.cc | 16 ++-
.../entry/cri/v1alpha/cri_security_context.cc | 110 +++++++++++++++--
src/daemon/modules/spec/specs.c | 74 +++++++++++-
src/daemon/modules/spec/specs_extend.c | 17 ++-
src/daemon/modules/spec/specs_security.c | 19 +--
6 files changed, 294 insertions(+), 53 deletions(-)
diff --git a/src/daemon/common/cri/v1/v1_cri_security_context.cc b/src/daemon/common/cri/v1/v1_cri_security_context.cc
index f6441f42..930710e0 100644
--- a/src/daemon/common/cri/v1/v1_cri_security_context.cc
+++ b/src/daemon/common/cri/v1/v1_cri_security_context.cc
@@ -19,15 +19,28 @@
#include <memory>
namespace CRISecurityV1 {
-static void ModifyContainerConfig(const runtime::v1::LinuxContainerSecurityContext &sc, container_config *config)
+static void ModifyContainerConfig(const runtime::v1::LinuxContainerSecurityContext &sc, container_config *config, Errors &error)
{
+ // none -> ""; username -> username; username, uid -> username; username, uid, gid -> username:gid;
+ // username, gid -> username:gid; uid -> uid; uid, gid -> uid:gid; gid -> error
+ std::string user;
if (sc.has_run_as_user()) {
- free(config->user);
- config->user = util_strdup_s(std::to_string(sc.run_as_user().value()).c_str());
+ user = std::to_string(sc.run_as_user().value());
}
if (!sc.run_as_username().empty()) {
+ user = sc.run_as_username();
+ }
+ if (sc.has_run_as_group()) {
+ if (user.empty()) {
+ ERROR("Invalid security context: runAsGroup without runAsUser or runAsUsername");
+ error.SetError("Invalid security context: runAsGroup without runAsUser or runAsUsername");
+ return;
+ }
+ user += ":" + std::to_string(sc.run_as_group().value());
+ }
+ if (!user.empty()) {
free(config->user);
- config->user = util_strdup_s(sc.run_as_username().c_str());
+ config->user = util_strdup_s(user.c_str());
}
}
@@ -42,6 +55,7 @@ static void ModifyHostConfigCapabilities(const runtime::v1::LinuxContainerSecuri
if (!capAdd.empty()) {
hostConfig->cap_add = (char **)util_smart_calloc_s(sizeof(char *), capAdd.size());
if (hostConfig->cap_add == nullptr) {
+ ERROR("Out of memory");
error.SetError("Out of memory");
return;
}
@@ -54,6 +68,7 @@ static void ModifyHostConfigCapabilities(const runtime::v1::LinuxContainerSecuri
if (!capDrop.empty()) {
hostConfig->cap_drop = (char **)util_smart_calloc_s(sizeof(char *), capDrop.size());
if (hostConfig->cap_drop == nullptr) {
+ ERROR("Out of memory");
error.SetError("Out of memory");
return;
}
@@ -74,7 +89,8 @@ static void ModifyHostConfigNoNewPrivs(const runtime::v1::LinuxContainerSecurity
}
if (hostConfig->security_opt_len > (SIZE_MAX / sizeof(char *)) - 1) {
- error.Errorf("Out of memory");
+ ERROR("The size of security opts exceeds the limit");
+ error.Errorf("The size of security opts exceeds the limit");
return;
}
@@ -82,6 +98,7 @@ static void ModifyHostConfigNoNewPrivs(const runtime::v1::LinuxContainerSecurity
size_t newSize = oldSize + sizeof(char *);
int ret = util_mem_realloc((void **)(&tmp_security_opt), newSize, (void *)hostConfig->security_opt, oldSize);
if (ret != 0) {
+ ERROR("Out of memory");
error.Errorf("Out of memory");
return;
}
@@ -98,12 +115,9 @@ static void ModifyHostConfigscSupplementalGroups(const runtime::v1::LinuxContain
const google::protobuf::RepeatedField<google::protobuf::int64> &groups = sc.supplemental_groups();
if (!groups.empty()) {
- if (static_cast<size_t>(groups.size()) > SIZE_MAX / sizeof(char *)) {
- error.SetError("Invalid group size");
- return;
- }
- hostConfig->group_add = (char **)util_common_calloc_s(sizeof(char *) * groups.size());
+ hostConfig->group_add = (char **)util_smart_calloc_s(sizeof(char *), groups.size());
if (hostConfig->group_add == nullptr) {
+ ERROR("Out of memory");
error.SetError("Out of memory");
return;
}
@@ -114,6 +128,64 @@ static void ModifyHostConfigscSupplementalGroups(const runtime::v1::LinuxContain
}
}
+static void ApplyMaskedPathsToHostConfig(const runtime::v1::LinuxContainerSecurityContext &sc, host_config *hostConfig,
+ Errors &error)
+{
+ if (sc.masked_paths_size() <= 0) {
+ return;
+ }
+
+ if (hostConfig->masked_paths_len > ((SIZE_MAX / sizeof(char *)) - sc.masked_paths_size())) {
+ ERROR("The size of masked paths exceeds the limit");
+ error.Errorf("The size of masked paths exceeds the limit");
+ return;
+ }
+
+ char **tmp_masked_paths {nullptr};
+ size_t oldSize = hostConfig->masked_paths_len * sizeof(char *);
+ size_t newSize = oldSize + sc.masked_paths_size() * sizeof(char *);
+ int ret = util_mem_realloc((void **)&tmp_masked_paths, newSize, (void *)hostConfig->masked_paths, oldSize);
+ if (ret != 0) {
+ ERROR("Out of memory");
+ error.Errorf("Out of memory");
+ return;
+ }
+
+ hostConfig->masked_paths = tmp_masked_paths;
+ for (int i = 0; i < sc.masked_paths_size(); ++i) {
+ hostConfig->masked_paths[hostConfig->masked_paths_len++] = util_strdup_s(sc.masked_paths(i).c_str());
+ }
+}
+
+static void ApplyReadonlyPathsToHostConfig(const runtime::v1::LinuxContainerSecurityContext &sc, host_config *hostConfig,
+ Errors &error)
+{
+ if (sc.readonly_paths_size() <= 0) {
+ return;
+ }
+
+ if (hostConfig->readonly_paths_len > ((SIZE_MAX / sizeof(char *)) - sc.readonly_paths_size())) {
+ ERROR("The size of readonly paths exceeds the limit");
+ error.Errorf("The size of readonly paths exceeds the limit");
+ return;
+ }
+
+ char **tmp_readonly_paths {nullptr};
+ size_t oldSize = hostConfig->readonly_paths_len * sizeof(char *);
+ size_t newSize = oldSize + sc.readonly_paths_size() * sizeof(char *);
+ int ret = util_mem_realloc((void **)&tmp_readonly_paths, newSize, (void *)hostConfig->readonly_paths, oldSize);
+ if (ret != 0) {
+ ERROR("Out of memory");
+ error.Errorf("Out of memory");
+ return;
+ }
+
+ hostConfig->readonly_paths = tmp_readonly_paths;
+ for (int i = 0; i < sc.readonly_paths_size(); ++i) {
+ hostConfig->readonly_paths[hostConfig->readonly_paths_len++] = util_strdup_s(sc.readonly_paths(i).c_str());
+ }
+}
+
static void ModifyHostConfig(const runtime::v1::LinuxContainerSecurityContext &sc, host_config *hostConfig,
Errors &error)
{
@@ -123,6 +195,8 @@ static void ModifyHostConfig(const runtime::v1::LinuxContainerSecurityContext &s
ModifyHostConfigCapabilities(sc, hostConfig, error);
ModifyHostConfigNoNewPrivs(sc, hostConfig, error);
ModifyHostConfigscSupplementalGroups(sc, hostConfig, error);
+ ApplyMaskedPathsToHostConfig(sc, hostConfig, error);
+ ApplyReadonlyPathsToHostConfig(sc, hostConfig, error);
}
static void ModifyContainerNamespaceOptions(const runtime::v1::NamespaceOption &nsOpts,
@@ -196,11 +270,18 @@ void ApplySandboxSecurityContext(const runtime::v1::LinuxPodSandboxConfig &lc, c
*sc->mutable_supplemental_groups() = old.supplemental_groups();
sc->set_readonly_rootfs(old.readonly_rootfs());
}
- ModifyContainerConfig(*sc, config);
+ ModifyContainerConfig(*sc, config, error);
+ if (error.NotEmpty()) {
+ ERROR("Failed to modify container config for sandbox");
+ return;
+ }
+
ModifyHostConfig(*sc, hc, error);
if (error.NotEmpty()) {
+ ERROR("Failed to modify host config for sandbox");
return;
}
+
ModifySandboxNamespaceOptions(sc->namespace_options(), hc);
}
@@ -209,9 +290,15 @@ void ApplyContainerSecurityContext(const runtime::v1::LinuxContainerConfig &lc,
{
if (lc.has_security_context()) {
const runtime::v1::LinuxContainerSecurityContext &sc = lc.security_context();
- ModifyContainerConfig(sc, config);
+ ModifyContainerConfig(sc, config, error);
+ if (error.NotEmpty()) {
+ ERROR("Failed to modify container config for container");
+ return;
+ }
+
ModifyHostConfig(sc, hc, error);
if (error.NotEmpty()) {
+ ERROR("Failed to modify host config for container");
return;
}
}
diff --git a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
index 70629591..1f20d2d2 100644
--- a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
+++ b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
@@ -128,8 +128,22 @@ void ContainerManagerService::DoUsePodLevelSELinuxConfig(const runtime::v1::Cont
return;
}
+ const char securityOptSep = '=';
+
const runtime::v1::LinuxSandboxSecurityContext &context = config.linux().security_context();
- CRIHelpersV1::ApplySandboxSecurityContextToHostConfig(context, hostconfig, error);
+ std::vector<std::string> selinuxOpts = CRIHelpersV1::GetSELinuxLabelOpts(context.has_selinux_options(),
+ context.selinux_options(), securityOptSep, error);
+ if (error.NotEmpty()) {
+ ERROR("Failed to generate SELinuxLabel options for container %s", error.GetMessage().c_str());
+ error.Errorf("Failed to generate SELinuxLabel options for container %s", error.GetMessage().c_str());
+ return;
+ }
+ CRIHelpersV1::AddSecurityOptsToHostConfig(selinuxOpts, hostconfig, error);
+ if (error.NotEmpty()) {
+ ERROR("Failed to add securityOpts to hostconfig: %s", error.GetMessage().c_str());
+ error.Errorf("Failed to add securityOpts to hostconfig: %s", error.GetMessage().c_str());
+ return;
+ }
}
auto ContainerManagerService::IsSELinuxLabelEmpty(const ::runtime::v1::SELinuxOption &selinuxOption) -> bool
diff --git a/src/daemon/entry/cri/v1alpha/cri_security_context.cc b/src/daemon/entry/cri/v1alpha/cri_security_context.cc
index 0535b438..57ec3a63 100644
--- a/src/daemon/entry/cri/v1alpha/cri_security_context.cc
+++ b/src/daemon/entry/cri/v1alpha/cri_security_context.cc
@@ -20,15 +20,29 @@
#include <memory>
namespace CRISecurity {
-static void ModifyContainerConfig(const runtime::v1alpha2::LinuxContainerSecurityContext &sc, container_config *config)
+static void ModifyContainerConfig(const runtime::v1alpha2::LinuxContainerSecurityContext &sc, container_config *config,
+ Errors &error)
{
+ // none -> ""; username -> username; username, uid -> username; username, uid, gid -> username:gid;
+ // username, gid -> username:gid; uid -> uid; uid, gid -> uid:gid; gid -> error
+ std::string user;
if (sc.has_run_as_user()) {
- free(config->user);
- config->user = util_strdup_s(std::to_string(sc.run_as_user().value()).c_str());
+ user = std::to_string(sc.run_as_user().value());
}
if (!sc.run_as_username().empty()) {
+ user = sc.run_as_username();
+ }
+ if (sc.has_run_as_group()) {
+ if (user.empty()) {
+ ERROR("Invalid security context: runAsGroup without runAsUser or runAsUsername");
+ error.SetError("Invalid security context: runAsGroup without runAsUser or runAsUsername");
+ return;
+ }
+ user += ":" + std::to_string(sc.run_as_group().value());
+ }
+ if (!user.empty()) {
free(config->user);
- config->user = util_strdup_s(sc.run_as_username().c_str());
+ config->user = util_strdup_s(user.c_str());
}
}
@@ -43,6 +57,7 @@ static void ModifyHostConfigCapabilities(const runtime::v1alpha2::LinuxContainer
if (!capAdd.empty()) {
hostConfig->cap_add = (char **)util_smart_calloc_s(sizeof(char *), capAdd.size());
if (hostConfig->cap_add == nullptr) {
+ ERROR("Out of memory");
error.SetError("Out of memory");
return;
}
@@ -55,6 +70,7 @@ static void ModifyHostConfigCapabilities(const runtime::v1alpha2::LinuxContainer
if (!capDrop.empty()) {
hostConfig->cap_drop = (char **)util_smart_calloc_s(sizeof(char *), capDrop.size());
if (hostConfig->cap_drop == nullptr) {
+ ERROR("Out of memory");
error.SetError("Out of memory");
return;
}
@@ -75,7 +91,8 @@ static void ModifyHostConfigNoNewPrivs(const runtime::v1alpha2::LinuxContainerSe
}
if (hostConfig->security_opt_len > (SIZE_MAX / sizeof(char *)) - 1) {
- error.Errorf("Out of memory");
+ ERROR("The size of security opts exceeds the limit");
+ error.Errorf("The size of security opts exceeds the limit");
return;
}
@@ -83,6 +100,7 @@ static void ModifyHostConfigNoNewPrivs(const runtime::v1alpha2::LinuxContainerSe
size_t newSize = oldSize + sizeof(char *);
int ret = util_mem_realloc((void **)(&tmp_security_opt), newSize, (void *)hostConfig->security_opt, oldSize);
if (ret != 0) {
+ ERROR("Out of memory");
error.Errorf("Out of memory");
return;
}
@@ -99,12 +117,9 @@ static void ModifyHostConfigscSupplementalGroups(const runtime::v1alpha2::LinuxC
const google::protobuf::RepeatedField<google::protobuf::int64> &groups = sc.supplemental_groups();
if (!groups.empty()) {
- if (static_cast<size_t>(groups.size()) > SIZE_MAX / sizeof(char *)) {
- error.SetError("Invalid group size");
- return;
- }
- hostConfig->group_add = (char **)util_common_calloc_s(sizeof(char *) * groups.size());
+ hostConfig->group_add = (char **)util_smart_calloc_s(sizeof(char *), groups.size());
if (hostConfig->group_add == nullptr) {
+ ERROR("Out of memory");
error.SetError("Out of memory");
return;
}
@@ -115,6 +130,64 @@ static void ModifyHostConfigscSupplementalGroups(const runtime::v1alpha2::LinuxC
}
}
+static void ApplyMaskedPathsToHostConfig(const runtime::v1alpha2::LinuxContainerSecurityContext &sc, host_config *hostConfig,
+ Errors &error)
+{
+ if (sc.masked_paths_size() <= 0) {
+ return;
+ }
+
+ if (hostConfig->masked_paths_len > ((SIZE_MAX / sizeof(char *)) - sc.masked_paths_size())) {
+ ERROR("The size of masked paths exceeds the limit");
+ error.Errorf("The size of masked paths exceeds the limit");
+ return;
+ }
+
+ char **tmp_masked_paths {nullptr};
+ size_t oldSize = hostConfig->masked_paths_len * sizeof(char *);
+ size_t newSize = oldSize + sc.masked_paths_size() * sizeof(char *);
+ int ret = util_mem_realloc((void **)&tmp_masked_paths, newSize, (void *)hostConfig->masked_paths, oldSize);
+ if (ret != 0) {
+ ERROR("Out of memory");
+ error.Errorf("Out of memory");
+ return;
+ }
+
+ hostConfig->masked_paths = tmp_masked_paths;
+ for (int i = 0; i < sc.masked_paths_size(); ++i) {
+ hostConfig->masked_paths[hostConfig->masked_paths_len++] = util_strdup_s(sc.masked_paths(i).c_str());
+ }
+}
+
+static void ApplyReadonlyPathsToHostConfig(const runtime::v1alpha2::LinuxContainerSecurityContext &sc, host_config *hostConfig,
+ Errors &error)
+{
+ if (sc.readonly_paths_size() <= 0) {
+ return;
+ }
+
+ if (hostConfig->readonly_paths_len > ((SIZE_MAX / sizeof(char *)) - sc.readonly_paths_size())) {
+ ERROR("The size of readonly paths exceeds the limit");
+ error.Errorf("The size of readonly paths exceeds the limit");
+ return;
+ }
+
+ char **tmp_readonly_paths {nullptr};
+ size_t oldSize = hostConfig->readonly_paths_len * sizeof(char *);
+ size_t newSize = oldSize + sc.readonly_paths_size() * sizeof(char *);
+ int ret = util_mem_realloc((void **)&tmp_readonly_paths, newSize, (void *)hostConfig->readonly_paths, oldSize);
+ if (ret != 0) {
+ ERROR("Out of memory");
+ error.Errorf("Out of memory");
+ return;
+ }
+
+ hostConfig->readonly_paths = tmp_readonly_paths;
+ for (int i = 0; i < sc.readonly_paths_size(); ++i) {
+ hostConfig->readonly_paths[hostConfig->readonly_paths_len++] = util_strdup_s(sc.readonly_paths(i).c_str());
+ }
+}
+
static void ModifyHostConfig(const runtime::v1alpha2::LinuxContainerSecurityContext &sc, host_config *hostConfig,
Errors &error)
{
@@ -124,6 +197,8 @@ static void ModifyHostConfig(const runtime::v1alpha2::LinuxContainerSecurityCont
ModifyHostConfigCapabilities(sc, hostConfig, error);
ModifyHostConfigNoNewPrivs(sc, hostConfig, error);
ModifyHostConfigscSupplementalGroups(sc, hostConfig, error);
+ ApplyMaskedPathsToHostConfig(sc, hostConfig, error);
+ ApplyReadonlyPathsToHostConfig(sc, hostConfig, error);
}
static void ModifyContainerNamespaceOptions(const runtime::v1alpha2::NamespaceOption &nsOpts,
@@ -179,6 +254,7 @@ void ApplySandboxSecurityContext(const runtime::v1alpha2::LinuxPodSandboxConfig
std::unique_ptr<runtime::v1alpha2::LinuxContainerSecurityContext> sc(
new (std::nothrow) runtime::v1alpha2::LinuxContainerSecurityContext);
if (sc == nullptr) {
+ ERROR("Out of memory");
error.SetError("Out of memory");
return;
}
@@ -197,9 +273,14 @@ void ApplySandboxSecurityContext(const runtime::v1alpha2::LinuxPodSandboxConfig
*sc->mutable_supplemental_groups() = old.supplemental_groups();
sc->set_readonly_rootfs(old.readonly_rootfs());
}
- ModifyContainerConfig(*sc, config);
+ ModifyContainerConfig(*sc, config, error);
+ if (error.NotEmpty()) {
+ ERROR("Failed to modify container config for sandbox");
+ return;
+ }
ModifyHostConfig(*sc, hc, error);
if (error.NotEmpty()) {
+ ERROR("Failed to modify host config for sandbox");
return;
}
ModifySandboxNamespaceOptions(sc->namespace_options(), hc);
@@ -210,9 +291,14 @@ void ApplyContainerSecurityContext(const runtime::v1alpha2::LinuxContainerConfig
{
if (lc.has_security_context()) {
const runtime::v1alpha2::LinuxContainerSecurityContext &sc = lc.security_context();
- ModifyContainerConfig(sc, config);
+ ModifyContainerConfig(sc, config, error);
+ if (error.NotEmpty()) {
+ ERROR("Failed to modify container config for container");
+ return;
+ }
ModifyHostConfig(sc, hc, error);
if (error.NotEmpty()) {
+ ERROR("Failed to modify host config for container");
return;
}
}
diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c
index a7751d1b..95346603 100644
--- a/src/daemon/modules/spec/specs.c
+++ b/src/daemon/modules/spec/specs.c
@@ -2133,6 +2133,58 @@ static int generate_security_opt(host_config *hc)
}
#endif
+static int merge_paths(char ***dest_paths, size_t *dest_paths_len, char **src_paths, size_t src_paths_len)
+{
+ if (dest_paths == NULL || dest_paths_len == NULL) {
+ ERROR("Invalid args");
+ return -1;
+ }
+
+ if (src_paths_len > SIZE_MAX / sizeof(char *) ||
+ *dest_paths_len > ((SIZE_MAX / sizeof(char *)) - src_paths_len)) {
+ ERROR("Out of memory");
+ return -1;
+ }
+
+ size_t i;
+ char **tmp_paths = NULL;
+ size_t old_size = *dest_paths_len * sizeof(char *);
+ size_t new_size = old_size + src_paths_len * sizeof(char *);
+ int ret = util_mem_realloc((void **)&tmp_paths, new_size,
+ (void *)*dest_paths, old_size);
+ if (ret != 0) {
+ ERROR("Out of memory");
+ return -1;
+ }
+
+ *dest_paths = tmp_paths;
+ for (i = 0; i < src_paths_len; i++) {
+ (*dest_paths)[(*dest_paths_len)++] = util_strdup_s(src_paths[i]);
+ }
+
+ return 0;
+}
+
+static int merge_masked_paths(oci_runtime_spec *oci_spec, char **masked_paths, size_t masked_paths_len)
+{
+ if (masked_paths == NULL || masked_paths_len == 0) {
+ return 0;
+ }
+
+ return merge_paths(&oci_spec->linux->masked_paths, &oci_spec->linux->masked_paths_len,
+ masked_paths, masked_paths_len);
+}
+
+static int merge_readonly_paths(oci_runtime_spec *oci_spec, char **readonly_paths, size_t readonly_paths_len)
+{
+ if (readonly_paths == NULL || readonly_paths_len == 0) {
+ return 0;
+ }
+
+ return merge_paths(&oci_spec->linux->readonly_paths, &oci_spec->linux->readonly_paths_len,
+ readonly_paths, readonly_paths_len);
+}
+
static int merge_security_conf(oci_runtime_spec *oci_spec, host_config *host_spec,
container_config_v2_common_config *v2_spec)
{
@@ -2180,6 +2232,18 @@ static int merge_security_conf(oci_runtime_spec *oci_spec, host_config *host_spe
}
#endif
+ ret = merge_masked_paths(oci_spec, host_spec->masked_paths, host_spec->masked_paths_len);
+ if (ret != 0) {
+ ERROR("Failed to merge masked paths");
+ goto out;
+ }
+
+ ret = merge_readonly_paths(oci_spec, host_spec->readonly_paths, host_spec->readonly_paths_len);
+ if (ret != 0) {
+ ERROR("Failed to merge readonly paths");
+ goto out;
+ }
+
out:
return ret;
}
@@ -2205,11 +2269,6 @@ static int merge_oci_cgroups_path(const char *id, oci_runtime_spec *oci_spec, co
return -1;
}
- if (make_sure_oci_spec_linux(oci_spec) != 0) {
- ERROR("Failed to make oci spec linux");
- return -1;
- }
-
free(oci_spec->linux->cgroups_path);
oci_spec->linux->cgroups_path = merge_container_cgroups_path(id, host_spec);
@@ -2228,6 +2287,11 @@ int merge_all_specs(host_config *host_spec, const char *real_rootfs, container_c
char *userns_remap = conf_get_isulad_userns_remap();
#endif
+ if (make_sure_oci_spec_linux(oci_spec) != 0) {
+ ERROR("Failed to make oci spec linux");
+ return -1;
+ }
+
ret = merge_root(oci_spec, real_rootfs, host_spec);
if (ret != 0) {
ERROR("Failed to merge root");
diff --git a/src/daemon/modules/spec/specs_extend.c b/src/daemon/modules/spec/specs_extend.c
index 5ede7936..199cba54 100644
--- a/src/daemon/modules/spec/specs_extend.c
+++ b/src/daemon/modules/spec/specs_extend.c
@@ -136,28 +136,21 @@ static int make_linux_uid_gid_mappings(oci_runtime_spec *container, unsigned int
unsigned int size)
{
int ret = 0;
-
- ret = make_sure_oci_spec_linux(container);
- if (ret < 0) {
- goto out;
- }
-
if (container->linux->uid_mappings == NULL) {
ret = make_one_id_mapping(&(container->linux->uid_mappings), host_uid, size);
if (ret < 0) {
- goto out;
+ return ret;
}
container->linux->uid_mappings_len++;
}
if (container->linux->gid_mappings == NULL) {
ret = make_one_id_mapping(&(container->linux->gid_mappings), host_gid, size);
if (ret < 0) {
- goto out;
+ return ret;
}
container->linux->gid_mappings_len++;
}
-out:
return ret;
}
@@ -180,6 +173,12 @@ int make_userns_remap(oci_runtime_spec *container, const char *user_remap)
if (host_uid == 0 && host_gid == 0) {
return 0;
}
+
+ if (make_sure_oci_spec_linux(container) != 0) {
+ ERROR("Failed to make oci spce linux");
+ return -1;
+ }
+
ret = make_linux_uid_gid_mappings(container, host_uid, host_gid, size);
if (ret) {
ERROR("Make linux uid and gid mappings failed");
diff --git a/src/daemon/modules/spec/specs_security.c b/src/daemon/modules/spec/specs_security.c
index 08db8d0d..e78cc744 100644
--- a/src/daemon/modules/spec/specs_security.c
+++ b/src/daemon/modules/spec/specs_security.c
@@ -879,13 +879,6 @@ int merge_caps(oci_runtime_spec *oci_spec, const char **adds, size_t adds_len, c
static int make_sure_oci_spec_linux_sysctl(oci_runtime_spec *oci_spec)
{
- int ret = 0;
-
- ret = make_sure_oci_spec_linux(oci_spec);
- if (ret < 0) {
- return -1;
- }
-
if (oci_spec->linux->sysctl == NULL) {
oci_spec->linux->sysctl = util_common_calloc_s(sizeof(json_map_string_string));
if (oci_spec->linux->sysctl == NULL) {
@@ -904,6 +897,11 @@ int merge_sysctls(oci_runtime_spec *oci_spec, const json_map_string_string *sysc
return 0;
}
+ ret = make_sure_oci_spec_linux(oci_spec);
+ if (ret < 0) {
+ return -1;
+ }
+
ret = make_sure_oci_spec_linux_sysctl(oci_spec);
if (ret < 0) {
goto out;
@@ -1004,13 +1002,6 @@ static void free_adds_cap_for_system_container(char **adds, size_t adds_len)
static int make_sure_oci_spec_linux_seccomp(oci_runtime_spec *oci_spec)
{
- int ret = 0;
-
- ret = make_sure_oci_spec_linux(oci_spec);
- if (ret < 0) {
- return -1;
- }
-
if (oci_spec->linux->seccomp == NULL) {
oci_spec->linux->seccomp = util_common_calloc_s(sizeof(oci_runtime_config_linux_seccomp));
if (oci_spec->linux->seccomp == NULL) {
--
2.42.0

123
0003-bugfix-for-mount-point-remains-under-special-circums.patch Normal file
View File

@ -0,0 +1,123 @@
From cd018d3c1ebff2a328912d99fc43c9a7e4f60704 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Thu, 25 Jan 2024 11:24:59 +0800
Subject: [PATCH 3/6] bugfix for mount point remains under special
circumstances
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/cmd/isulad/main.c | 14 +++++++-------
.../modules/container/leftover_cleanup/cleanup.c | 14 +++++++-------
src/utils/tar/util_archive.c | 14 +++++++-------
3 files changed, 21 insertions(+), 21 deletions(-)
diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c
index d9d8afa0..deca72be 100644
--- a/src/cmd/isulad/main.c
+++ b/src/cmd/isulad/main.c
@@ -1271,23 +1271,23 @@ static int do_ensure_isulad_tmpdir_security(const char *isulad_tmp_dir)
char tmp_dir[PATH_MAX] = { 0 };
char cleanpath[PATH_MAX] = { 0 };
- nret = snprintf(tmp_dir, PATH_MAX, "%s/isulad_tmpdir", isulad_tmp_dir);
- if (nret < 0 || (size_t)nret >= PATH_MAX) {
- ERROR("Failed to snprintf");
+ if (realpath(isulad_tmp_dir, cleanpath) == NULL) {
+ ERROR("Failed to get real path for %s", tmp_dir);
return -1;
}
- if (util_clean_path(tmp_dir, cleanpath, sizeof(cleanpath)) == NULL) {
- ERROR("Failed to clean path for %s", tmp_dir);
+ nret = snprintf(tmp_dir, PATH_MAX, "%s/isulad_tmpdir", cleanpath);
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
+ ERROR("Failed to snprintf");
return -1;
}
- if (isulad_tmpdir_security_check(cleanpath) == 0) {
+ if (isulad_tmpdir_security_check(tmp_dir) == 0) {
return 0;
}
INFO("iSulad tmpdir: %s does not meet security requirements, recreate it", isulad_tmp_dir);
- return recreate_tmpdir(cleanpath);
+ return recreate_tmpdir(tmp_dir);
}
static int ensure_isulad_tmpdir_security()
diff --git a/src/daemon/modules/container/leftover_cleanup/cleanup.c b/src/daemon/modules/container/leftover_cleanup/cleanup.c
index b78a4d15..08151f42 100644
--- a/src/daemon/modules/container/leftover_cleanup/cleanup.c
+++ b/src/daemon/modules/container/leftover_cleanup/cleanup.c
@@ -175,22 +175,22 @@ static void cleanup_path(char *dir)
char tmp_dir[PATH_MAX] = { 0 };
char cleanpath[PATH_MAX] = { 0 };
- nret = snprintf(tmp_dir, PATH_MAX, "%s/isulad_tmpdir", dir);
- if (nret < 0 || (size_t)nret >= PATH_MAX) {
- ERROR("Failed to snprintf");
+ if (realpath(dir, cleanpath) == NULL) {
+ ERROR("get real path for %s failed", tmp_dir);
return;
}
- if (util_clean_path(tmp_dir, cleanpath, sizeof(cleanpath)) == NULL) {
- ERROR("clean path for %s failed", tmp_dir);
+ nret = snprintf(tmp_dir, PATH_MAX, "%s/isulad_tmpdir", cleanpath);
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
+ ERROR("Failed to snprintf");
return;
}
- if (!util_dir_exists(cleanpath)) {
+ if (!util_dir_exists(tmp_dir)) {
return;
}
- nret = util_scan_subdirs(cleanpath, walk_isulad_tmpdir_cb, NULL);
+ nret = util_scan_subdirs(tmp_dir, walk_isulad_tmpdir_cb, NULL);
if (nret != 0) {
ERROR("failed to scan isulad tmp subdirs");
}
diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c
index 0a7309c9..e4c302bc 100644
--- a/src/utils/tar/util_archive.c
+++ b/src/utils/tar/util_archive.c
@@ -218,18 +218,18 @@ static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, ch
isulad_tmpdir_env = DEFAULT_ISULAD_TMPDIR;
}
- nret = snprintf(isula_tmpdir, PATH_MAX, "%s/isulad_tmpdir", isulad_tmpdir_env);
- if (nret < 0 || (size_t)nret >= PATH_MAX) {
- ERROR("Failed to snprintf");
+ if (realpath(isulad_tmpdir_env, cleanpath) == NULL) {
+ ERROR("Failed to get real path for %s", isula_tmpdir);
return -1;
}
- if (util_clean_path(isula_tmpdir, cleanpath, sizeof(cleanpath)) == NULL) {
- ERROR("clean path for %s failed", isula_tmpdir);
+ nret = snprintf(isula_tmpdir, PATH_MAX, "%s/isulad_tmpdir", cleanpath);
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
+ ERROR("Failed to snprintf");
return -1;
}
- nret = snprintf(tmp_dir, PATH_MAX, "%s/tar-chroot-XXXXXX", cleanpath);
+ nret = snprintf(tmp_dir, PATH_MAX, "%s/tar-chroot-XXXXXX", isula_tmpdir);
if (nret < 0 || (size_t)nret >= PATH_MAX) {
ERROR("Failed to snprintf string");
return -1;
@@ -247,7 +247,7 @@ static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, ch
}
// ensure parent dir is exist
- if (util_mkdir_p(cleanpath, ISULAD_TEMP_DIRECTORY_MODE) != 0) {
+ if (util_mkdir_p(isula_tmpdir, ISULAD_TEMP_DIRECTORY_MODE) != 0) {
return -1;
}
--
2.25.1

71
0004-do-not-cleanup-if-the-directory-does-not-exist.patch Normal file
View File

@ -0,0 +1,71 @@
From 7f13d95572040d30b70edbfac3c4b7350ee8855c Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Fri, 26 Jan 2024 12:59:45 +0800
Subject: [PATCH 4/6] do not cleanup if the directory does not exist
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/cmd/isulad/main.c | 20 ++++++++++++++++++-
.../container/leftover_cleanup/cleanup.c | 13 +++++++++++-
2 files changed, 31 insertions(+), 2 deletions(-)
diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c
index deca72be..fd0b6e89 100644
--- a/src/cmd/isulad/main.c
+++ b/src/cmd/isulad/main.c
@@ -1270,8 +1270,26 @@ static int do_ensure_isulad_tmpdir_security(const char *isulad_tmp_dir)
int nret;
char tmp_dir[PATH_MAX] = { 0 };
char cleanpath[PATH_MAX] = { 0 };
+ char isulad_tmp_cleanpath[PATH_MAX] = { 0 };
- if (realpath(isulad_tmp_dir, cleanpath) == NULL) {
+ if (util_clean_path(isulad_tmp_dir, isulad_tmp_cleanpath, sizeof(isulad_tmp_cleanpath)) == NULL) {
+ ERROR("Failed to clean path for %s", isulad_tmp_dir);
+ return -1;
+ }
+
+ // Determine whether isulad_tmp_dir exists. If it does not exist, create it
+ // to prevent realpath from reporting errors because the folder does not exist.
+ if (!util_dir_exists(isulad_tmp_cleanpath)) {
+ nret = snprintf(tmp_dir, PATH_MAX, "%s/isulad_tmpdir", isulad_tmp_cleanpath);
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
+ ERROR("Failed to snprintf");
+ return -1;
+ }
+ INFO("iSulad tmpdir: %s does not exist, create it", isulad_tmp_dir);
+ return recreate_tmpdir(tmp_dir);
+ }
+
+ if (realpath(isulad_tmp_cleanpath, cleanpath) == NULL) {
ERROR("Failed to get real path for %s", tmp_dir);
return -1;
}
diff --git a/src/daemon/modules/container/leftover_cleanup/cleanup.c b/src/daemon/modules/container/leftover_cleanup/cleanup.c
index 08151f42..16dba630 100644
--- a/src/daemon/modules/container/leftover_cleanup/cleanup.c
+++ b/src/daemon/modules/container/leftover_cleanup/cleanup.c
@@ -174,8 +174,19 @@ static void cleanup_path(char *dir)
int nret;
char tmp_dir[PATH_MAX] = { 0 };
char cleanpath[PATH_MAX] = { 0 };
+ char dir_cleanpath[PATH_MAX] = { 0 };
- if (realpath(dir, cleanpath) == NULL) {
+ if (util_clean_path(dir, dir_cleanpath, sizeof(dir_cleanpath)) == NULL) {
+ ERROR("clean path for %s failed", dir);
+ return;
+ }
+
+ // If dir does not exist, skip cleanup
+ if (!util_dir_exists(dir_cleanpath)) {
+ return;
+ }
+
+ if (realpath(dir_cleanpath, cleanpath) == NULL) {
ERROR("get real path for %s failed", tmp_dir);
return;
}
--
2.25.1

482
0004-network-support-version-opt.patch
View File

@ -1,482 +0,0 @@
From 7a2dd92a527c1f5ee79239d93b792dc9a9758e27 Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Tue, 7 Nov 2023 20:38:22 +0800
Subject: [PATCH 04/14] network:support version opt
---
.../network/cni_operator/cni_operate.c | 16 +++
.../network/cni_operator/cni_operate.h | 3 +
.../cni_operator/libcni/invoke/libcni_exec.c | 86 +++++++++++++-
.../cni_operator/libcni/invoke/libcni_exec.h | 2 +
.../libcni/invoke/libcni_result_parse.c | 29 +++++
.../libcni/invoke/libcni_result_parse.h | 6 +
.../network/cni_operator/libcni/libcni_api.c | 106 ++++++++++++++++++
.../network/cni_operator/libcni/libcni_api.h | 8 +-
.../cni_operator/libcni/libcni_result_type.c | 18 +++
.../cni_operator/libcni/libcni_result_type.h | 12 ++
.../modules/network/native/adaptor_native.c | 3 +-
11 files changed, 281 insertions(+), 8 deletions(-)
diff --git a/src/daemon/modules/network/cni_operator/cni_operate.c b/src/daemon/modules/network/cni_operator/cni_operate.c
index 62249f18..6db6db51 100644
--- a/src/daemon/modules/network/cni_operator/cni_operate.c
+++ b/src/daemon/modules/network/cni_operator/cni_operate.c
@@ -926,6 +926,22 @@ out:
return ret;
}
+int version_network_plane(const struct cni_network_list_conf *list,
+ struct cni_version_info_list **result_version_list)
+{
+ if (list == NULL || list->list == NULL) {
+ ERROR("Invalid input params");
+ return -1;
+ }
+
+ if (cni_version_network_list(list, result_version_list) != 0) {
+ ERROR("Version CNI network failed");
+ return -1;
+ }
+
+ return 0;
+}
+
int detach_loopback(const char *id, const char *netns)
{
int ret = 0;
diff --git a/src/daemon/modules/network/cni_operator/cni_operate.h b/src/daemon/modules/network/cni_operator/cni_operate.h
index 150c1154..7750ff00 100644
--- a/src/daemon/modules/network/cni_operator/cni_operate.h
+++ b/src/daemon/modules/network/cni_operator/cni_operate.h
@@ -61,6 +61,9 @@ int detach_network_plane(const struct cni_manager *manager, const struct cni_net
int check_network_plane(const struct cni_manager *manager, const struct cni_network_list_conf *list,
struct cni_opt_result **result);
+int version_network_plane(const struct cni_network_list_conf *list,
+ struct cni_version_info_list **result_version_list);
+
#ifdef __cplusplus
}
#endif
diff --git a/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_exec.c b/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_exec.c
index c4bc81c0..4908565e 100644
--- a/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_exec.c
+++ b/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_exec.c
@@ -28,7 +28,7 @@
#include <sys/wait.h>
#include <isula_libutils/cni_inner_plugin_info.h>
-#include <isula_libutils/cni_version.h>
+#include <isula_libutils/cni_version_info.h>
#include <isula_libutils/log.h>
#include <isula_libutils/cni_exec_error.h>
#include <isula_libutils/auto_cleanup.h>
@@ -183,10 +183,10 @@ static char *str_cni_exec_error(const cni_exec_error *e_err)
static char *cniversion_decode(const char *jsonstr)
{
__isula_auto_free parser_error err = NULL;
- cni_version *conf = NULL;
+ cni_version_info *conf = NULL;
char *result = NULL;
- conf = cni_version_parse_data(jsonstr, NULL, &err);
+ conf = cni_version_info_parse_data(jsonstr, NULL, &err);
if (conf == NULL) {
ERROR("decoding config \"%s\", failed: %s", jsonstr, err);
goto out;
@@ -198,7 +198,7 @@ static char *cniversion_decode(const char *jsonstr)
result = util_strdup_s(conf->cni_version);
out:
- free_cni_version(conf);
+ free_cni_version_info(conf);
return result;
}
@@ -466,6 +466,84 @@ out:
return ret;
}
+static char *get_default_version_stdin(void)
+{
+ char *stdin_str = NULL;
+ int ret;
+
+ ret = asprintf(&stdin_str, "{\"cniVersion\":\"%s\"}", CURRENT_VERSION);
+ if (ret < 0) {
+ ERROR("parse cni version failed");
+ }
+ return stdin_str;
+}
+
+static int do_parse_version_info_stdout_str(int exec_ret, const cni_exec_error *e_err,
+ const char *stdout_str, cni_version_info **result_version)
+{
+ __isula_auto_free char *err_msg = NULL;
+ struct parser_context ctx = { OPT_GEN_SIMPLIFY, 0 };
+ __isula_auto_free parser_error perr = NULL;
+
+ if (exec_ret != 0) {
+ err_msg = str_cni_exec_error(e_err);
+ ERROR("raw exec failed: %s", err_msg);
+ isulad_append_error_message("raw exec failed: %s. ", err_msg);
+ return -1;
+ }
+
+ if (stdout_str == NULL || strlen(stdout_str) == 0) {
+ ERROR("Get empty version result");
+ return -1;
+ }
+ free_cni_version_info(*result_version);
+ *result_version = cni_version_info_parse_data(stdout_str, &ctx, &perr);
+ if (*result_version == NULL) {
+ ERROR("parse cni result version failed: %s", perr);
+ return -1;
+ }
+
+ return 0;
+}
+
+int get_version_info(const char *plugin_path, cni_version_info **result_version)
+{
+ __isula_auto_free char *err_msg = NULL;
+ char **envs = NULL;
+ __isula_auto_free char *stdout_str = NULL;
+ __isula_auto_free char *stdin_str = NULL;
+ cni_exec_error *e_err = NULL;
+ int ret = 0;
+ const struct cni_args cniargs = {
+ .command = "VERSION",
+ .netns = "dummy",
+ .ifname = "dummy",
+ .path = "dummy",
+ .container_id = "dummy"
+ };
+
+ stdin_str = get_default_version_stdin();
+ if (stdin_str == NULL) {
+ return -1;
+ }
+
+ envs = as_env(&cniargs);
+ if (envs == NULL) {
+ ERROR("create env failed");
+ return -1;
+ }
+
+ ret = raw_exec(plugin_path, stdin_str, envs, &stdout_str, &e_err);
+ DEBUG("Raw exec \"%s\" result: %d", plugin_path, ret);
+ DEBUG("Raw exec stdout: %s", stdout_str);
+ ret = do_parse_version_info_stdout_str(ret, e_err, stdout_str, result_version);
+
+ util_free_array(envs);
+ free_cni_exec_error(e_err);
+ return ret;
+
+}
+
void free_cni_args(struct cni_args *cargs)
{
size_t i = 0;
diff --git a/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_exec.h b/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_exec.h
index 60b1c972..48d8d8b6 100644
--- a/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_exec.h
+++ b/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_exec.h
@@ -40,6 +40,8 @@ int exec_plugin_with_result(const char *plugin_path, const char *cni_net_conf_js
int exec_plugin_without_result(const char *plugin_path, const char *cni_net_conf_json, const struct cni_args *cniargs);
+int get_version_info(const char *plugin_path, cni_version_info **result_version);
+
#ifdef __cplusplus
}
#endif
diff --git a/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_result_parse.c b/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_result_parse.c
index 164b2e29..aa4f75cf 100644
--- a/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_result_parse.c
+++ b/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_result_parse.c
@@ -741,3 +741,32 @@ struct cni_opt_result *new_result(const char *version, const char *jsonstr)
ERROR("unsupported CNI result version \"%s\"", version);
return NULL;
}
+
+size_t get_curr_support_version_len(void)
+{
+ return CURR_SUPPORT_VERSION_LEN;
+}
+
+int get_support_version_pos(const char *version)
+{
+ int i = 0;
+ if (version == NULL) {
+ return -1;
+ }
+
+ for (i = CURR_SUPPORT_VERSION_LEN - 1; i >= 0; i--) {
+ if ((g_curr_support_versions[i] != NULL) && (strcmp(version, g_curr_support_versions[i]) == 0)) {
+ return i;
+ }
+ }
+
+ return -1;
+}
+
+const char *get_support_version_by_pos(size_t pos)
+{
+ if (pos >= CURR_SUPPORT_VERSION_LEN) {
+ return NULL;
+ }
+ return g_curr_support_versions[pos];
+}
\ No newline at end of file
diff --git a/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_result_parse.h b/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_result_parse.h
index 547bc915..438e1332 100644
--- a/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_result_parse.h
+++ b/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_result_parse.h
@@ -37,6 +37,12 @@ cni_result_curr *cni_result_curr_to_json_result(const struct cni_opt_result *src
struct cni_opt_result *copy_result_from_current(const cni_result_curr *curr_result);
+size_t get_curr_support_version_len(void);
+
+int get_support_version_pos(const char *version);
+
+const char *get_support_version_by_pos(size_t pos);
+
#ifdef __cplusplus
}
#endif
diff --git a/src/daemon/modules/network/cni_operator/libcni/libcni_api.c b/src/daemon/modules/network/cni_operator/libcni/libcni_api.c
index 781759e8..7f62df78 100644
--- a/src/daemon/modules/network/cni_operator/libcni/libcni_api.c
+++ b/src/daemon/modules/network/cni_operator/libcni/libcni_api.c
@@ -843,6 +843,112 @@ free_out:
return ret;
}
+static int version_network(const char *plugin_name, cni_version_info **result_version)
+{
+ int ret = 0;
+ __isula_auto_free char *plugin_path = NULL;
+
+ if (plugin_name == NULL) {
+ ERROR("Empty plugin name");
+ return -1;
+ }
+
+ ret = find_plugin_in_path(plugin_name, (const char * const *)g_module_conf.bin_paths,
+ g_module_conf.bin_paths_len, &plugin_path);
+ if (ret != 0) {
+ ERROR("Failed to find plugin: \"%s\"", plugin_name);
+ isulad_append_error_message("Failed to find plugin: \"%s\". ", plugin_name);
+ return ret;
+ }
+
+ // cni plugin calls should not take longer than 90 seconds
+ CALL_CHECK_TIMEOUT(90, ret = get_version_info(plugin_path, result_version));
+ return ret;
+}
+
+int cni_version_network_list(const struct cni_network_list_conf *list,
+ struct cni_version_info_list **result_version_list)
+{
+ int ret = 0;
+ int i;
+ cni_version_info *tmp_result_version = NULL;
+
+ if ((list == NULL) || (list->list == NULL) || (result_version_list == NULL)) {
+ ERROR("Empty arguments");
+ return -1;
+ }
+
+ *result_version_list = util_common_calloc_s(sizeof(struct cni_version_info_list));
+ if (*result_version_list == NULL) {
+ ERROR("Out of memory");
+ return -1;
+ }
+ (*result_version_list)->result_versions = util_smart_calloc_s(sizeof(cni_version_info *), list->list->plugins_len);
+ if ((*result_version_list)->result_versions == NULL) {
+ ERROR("Out of memory");
+ ret = -1;
+ goto free_out;
+ }
+
+ for (i = 0; i < list->list->plugins_len; i++) {
+ if (version_network(list->list->plugins[i]->type, &tmp_result_version) != 0) {
+ ret = -1;
+ ERROR("Run version plugin: %d failed", i);
+ goto free_out;
+ }
+ (*result_version_list)->result_versions[i] = tmp_result_version;
+ (*result_version_list)->result_versions_len += 1;
+ tmp_result_version = NULL;
+ }
+
+ return ret;
+
+free_out:
+ free_cni_version_info_list(*result_version_list);
+ *result_version_list = NULL;
+ return ret;
+}
+
+/* get the latest CNI version supported by all plugins */
+char *cni_get_plugins_supported_version(cni_net_conf_list *list)
+{
+ // init to default version, if no found, just return default version
+ char *cni_version = util_strdup_s(CURRENT_VERSION);
+ int i, j, version_pos;
+ struct cni_version_info_list *result_version_list = NULL;
+ struct cni_network_list_conf network_list = {
+ .list = list,
+ };
+ size_t curr_support_version_len = get_curr_support_version_len();
+ __isula_auto_free size_t *plugin_version_count = util_smart_calloc_s(sizeof(size_t), curr_support_version_len);
+ if (plugin_version_count == NULL) {
+ return cni_version;
+ }
+ if (cni_version_network_list(&network_list, &result_version_list) != 0) {
+ return cni_version;
+ }
+
+ // count plugin supported version
+ for (i = 0; i < result_version_list->result_versions_len; i++) {
+ for (j = result_version_list->result_versions[i]->supported_versions_len - 1; j >= 0 ; j--) {
+ version_pos = get_support_version_pos(result_version_list->result_versions[i]->supported_versions[j]);
+ if (version_pos < 0) {
+ break;
+ }
+ plugin_version_count[version_pos]++;
+ if (plugin_version_count[version_pos] == list->plugins_len) {
+ free(cni_version);
+ cni_version = util_strdup_s(get_support_version_by_pos(version_pos));
+ goto free_out;
+ }
+ }
+ }
+
+free_out:
+ free_cni_version_info_list(result_version_list);
+ return cni_version;
+}
+
static int do_copy_plugin_args(const struct runtime_conf *rc, struct cni_args **cargs)
{
size_t i = 0;
diff --git a/src/daemon/modules/network/cni_operator/libcni/libcni_api.h b/src/daemon/modules/network/cni_operator/libcni/libcni_api.h
index 878cb1bb..f94ab3f7 100644
--- a/src/daemon/modules/network/cni_operator/libcni/libcni_api.h
+++ b/src/daemon/modules/network/cni_operator/libcni/libcni_api.h
@@ -28,9 +28,6 @@
extern "C" {
#endif
-#define CURRENT_VERSION "1.0.0"
-#define SUPPORT_CACHE_AND_CHECK_VERSION "0.4.0"
-
#define SUPPORT_CAPABILITY_PORTMAPPINGS "portMappings"
#define SUPPORT_CAPABILITY_BANDWIDTH "bandwidth"
#define SUPPORT_CAPABILITY_IPRANGES "ipRanges"
@@ -87,6 +84,11 @@ int cni_del_network_list(const struct cni_network_list_conf *list, const struct
int cni_check_network_list(const struct cni_network_list_conf *list, const struct runtime_conf *rc,
struct cni_opt_result **p_result);
+
+int cni_version_network_list(const struct cni_network_list_conf *list,
+ struct cni_version_info_list **result_version_list);
+
+char *cni_get_plugins_supported_version(cni_net_conf_list *list);
void free_cni_port_mapping(struct cni_port_mapping *val);
diff --git a/src/daemon/modules/network/cni_operator/libcni/libcni_result_type.c b/src/daemon/modules/network/cni_operator/libcni/libcni_result_type.c
index fd1091de..8a0ce1dd 100644
--- a/src/daemon/modules/network/cni_operator/libcni/libcni_result_type.c
+++ b/src/daemon/modules/network/cni_operator/libcni/libcni_result_type.c
@@ -129,3 +129,21 @@ void free_cni_opt_result(struct cni_opt_result *val)
val->my_dns = NULL;
free(val);
}
+
+void free_cni_version_info_list(struct cni_version_info_list *val)
+{
+ size_t i = 0;
+
+ if (val == NULL) {
+ return;
+ }
+
+ for (i = 0; i < val->result_versions_len; i++) {
+ free_cni_version_info(val->result_versions[i]);
+ val->result_versions[i] = NULL;
+ }
+ free(val->result_versions);
+ val->result_versions = NULL;
+
+ free(val);
+}
diff --git a/src/daemon/modules/network/cni_operator/libcni/libcni_result_type.h b/src/daemon/modules/network/cni_operator/libcni/libcni_result_type.h
index abbc22fe..36640e63 100644
--- a/src/daemon/modules/network/cni_operator/libcni/libcni_result_type.h
+++ b/src/daemon/modules/network/cni_operator/libcni/libcni_result_type.h
@@ -19,10 +19,15 @@
#include <sys/types.h>
#include <stdbool.h>
+#include <isula_libutils/cni_version_info.h>
+
#ifdef __cplusplus
extern "C" {
#endif
+#define CURRENT_VERSION "1.0.0"
+#define SUPPORT_CACHE_AND_CHECK_VERSION "0.4.0"
+
/* define types for version */
struct cni_opt_result_interface {
char *name;
@@ -73,6 +78,11 @@ struct cni_opt_result {
struct cni_opt_result_dns *my_dns;
};
+struct cni_version_info_list {
+ cni_version_info **result_versions;
+ size_t result_versions_len;
+};
+
void free_cni_opt_result_ipconfig(struct cni_opt_result_ipconfig *ipc);
void free_cni_opt_result_route(struct cni_opt_result_route *val);
@@ -83,6 +93,8 @@ void free_cni_opt_result_dns(struct cni_opt_result_dns *val);
void free_cni_opt_result(struct cni_opt_result *val);
+void free_cni_version_info_list(struct cni_version_info_list *val);
+
#ifdef __cplusplus
}
#endif
diff --git a/src/daemon/modules/network/native/adaptor_native.c b/src/daemon/modules/network/native/adaptor_native.c
index 4c63dec1..45288d7e 100644
--- a/src/daemon/modules/network/native/adaptor_native.c
+++ b/src/daemon/modules/network/native/adaptor_native.c
@@ -26,6 +26,7 @@
#include "linked_list.h"
#include "isulad_config.h"
#include <isula_libutils/log.h>
+#include <isula_libutils/auto_cleanup.h>
#include "utils_network.h"
#include "network_tools.h"
#include "cni_operate.h"
@@ -1301,7 +1302,7 @@ static cni_net_conf_list *conf_bridge(const network_create_request *request, str
list->plugins_len++;
}
- list->cni_version = util_strdup_s(CURRENT_VERSION);
+ list->cni_version = cni_get_plugins_supported_version(list);
if (request->name != NULL) {
list->name = util_strdup_s(request->name);
} else {
--
2.42.0

87
0005-doc-support-version-opt.patch
View File

@ -1,87 +0,0 @@
From e314c2ba64b6f7a8b88566e6c01fac791c8e4186 Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Wed, 8 Nov 2023 16:03:50 +0800
Subject: [PATCH 05/14] doc:support version opt
---
.../detailed/Network/cni_1.0.0_change.md | 24 ++++++++++++++++++-
.../detailed/Network/cni_operator_design.md | 8 +++++++
.../Network/cni_operator_design_zh.md | 8 +++++++
3 files changed, 39 insertions(+), 1 deletion(-)
diff --git a/docs/design/detailed/Network/cni_1.0.0_change.md b/docs/design/detailed/Network/cni_1.0.0_change.md
index 35dde2f7..a91225fb 100644
--- a/docs/design/detailed/Network/cni_1.0.0_change.md
+++ b/docs/design/detailed/Network/cni_1.0.0_change.md
@@ -33,7 +33,29 @@ cni_net_conf_runtime_config;
## 2. Execution Protocol
### VERSION
-VERSION操作用于检查插件支持的CNI规范的版本在spec-v1.0.0中它增加了输入参数cniVersioniSulad未使用VERSION功能因此不涉及。
+VERSION操作用于检查插件支持的CNI规范的版本在spec-v1.0.0中它增加了输入参数cniVersion。
+
+整体时序:
+```mermaid
+sequenceDiagram
+ participant conf_bridge
+ participant cni_get_plugins_supported_version
+ participant cni_version_network_list
+ participant version_network
+ participant get_version_info
+ conf_bridge ->> cni_get_plugins_supported_version:post cni_net_conf_list
+ cni_get_plugins_supported_version ->> cni_version_network_list:post cni_net_conf_list
+ loop for each plugin
+ cni_version_network_list ->> version_network:post each cni_net_conf
+ version_network ->> get_version_info:post each cni_net_conf plugin path e.g.
+ get_version_info -->> version_network:get version_result
+ version_network -->> cni_version_network_list:get version_result
+ end
+ cni_version_network_list ->> cni_version_network_list:comb cni_version_info_list
+ cni_version_network_list -->> cni_get_plugins_supported_version:get cni_version_info_list
+ cni_get_plugins_supported_version ->> cni_get_plugins_supported_version:find the latest CNI version supported by all plugins
+ cni_get_plugins_supported_version -->> conf_bridge:get version
+```
## 3. Execution of Network Configurations
diff --git a/docs/design/detailed/Network/cni_operator_design.md b/docs/design/detailed/Network/cni_operator_design.md
index e77f4f94..64aaf2ed 100644
--- a/docs/design/detailed/Network/cni_operator_design.md
+++ b/docs/design/detailed/Network/cni_operator_design.md
@@ -73,6 +73,14 @@ int detach_network_plane(const struct cni_manager *manager, const struct cni_net
* Return value: return 0 on success, non-zero on failure
*/
int check_network_plane(const struct cni_manager *manager, const struct cni_network_list_conf *list, struct cni_opt_result **result);
+
+/*
+* Description: get the CNI version information supported by the plugins required for the single network plane of the container;
+* list: network configuration;
+* result_version_list: record the CNI version supported by the plugins;
+* Return value: return 0 on success, non-zero on failure
+*/
+int version_network_plane(const struct cni_network_list_conf *list, struct cni_result_version_list **result_version_list);
````
# 4. Detailed Design
diff --git a/docs/design/detailed/Network/cni_operator_design_zh.md b/docs/design/detailed/Network/cni_operator_design_zh.md
index ac88806e..6aa3c51a 100644
--- a/docs/design/detailed/Network/cni_operator_design_zh.md
+++ b/docs/design/detailed/Network/cni_operator_design_zh.md
@@ -73,6 +73,14 @@ int detach_network_plane(const struct cni_manager *manager, const struct cni_net
* 返回值成功返回0失败返回非0
*/
int check_network_plane(const struct cni_manager *manager, const struct cni_network_list_conf *list, struct cni_opt_result **result);
+
+/*
+* 说明获取容器单网络平面所需的插件支持的CNI版本信息
+* list: 网络配置;
+* result_version_list记录插件支持的CNI版本信息
+* 返回值成功返回0失败返回非0
+*/
+int version_network_plane(const struct cni_network_list_conf *list, struct cni_result_version_list **result_version_list);
```
# 4.详细设计
--
2.42.0

151
0005-module-only-deletes-the-temporary-files-it-creates.patch Normal file
View File

@ -0,0 +1,151 @@
From 69dcd191afbdea5a178fb96a21e28537c2fc6a75 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sat, 27 Jan 2024 11:16:37 +0800
Subject: [PATCH 5/6] module only deletes the temporary files it creates
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/cmd/isulad/main.c | 2 +-
src/common/constants.h | 2 +-
src/daemon/modules/image/oci/oci_image.c | 44 +++++++++++++++++--
src/daemon/modules/image/oci/oci_image.h | 4 ++
src/daemon/modules/image/oci/oci_load.c | 2 +-
.../modules/image/oci/registry/registry.c | 2 +-
6 files changed, 48 insertions(+), 8 deletions(-)
diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c
index fd0b6e89..7c0c072e 100644
--- a/src/cmd/isulad/main.c
+++ b/src/cmd/isulad/main.c
@@ -1252,7 +1252,7 @@ static int isulad_tmpdir_security_check(const char *tmp_dir)
static int recreate_tmpdir(const char *tmp_dir)
{
- if (util_recursive_rmdir(tmp_dir, 0) != 0) {
+ if (util_path_remove(tmp_dir) != 0) {
ERROR("Failed to remove directory %s", tmp_dir);
return -1;
}
diff --git a/src/common/constants.h b/src/common/constants.h
index 27d4956e..8a6f86d8 100644
--- a/src/common/constants.h
+++ b/src/common/constants.h
@@ -50,7 +50,7 @@ extern "C" {
#define TEMP_DIRECTORY_MODE 0700
-#define ISULAD_TEMP_DIRECTORY_MODE 0600
+#define ISULAD_TEMP_DIRECTORY_MODE 0700
#define CONSOLE_FIFO_DIRECTORY_MODE 0770
diff --git a/src/daemon/modules/image/oci/oci_image.c b/src/daemon/modules/image/oci/oci_image.c
index 9cf2cd4f..ce1c8a6b 100644
--- a/src/daemon/modules/image/oci/oci_image.c
+++ b/src/daemon/modules/image/oci/oci_image.c
@@ -283,10 +283,42 @@ out:
return ret;
}
+// remove dir that image module created
+// return false when failed to rmdir
+// eg: oci-image-load-XXXXXX && registry-XXXXXX
+static bool remove_image_tmpdir_cb(const char *path_name, const struct dirent *sub_dir, void *context)
+{
+ int nret = 0;
+ char tmpdir[PATH_MAX] = { 0 };
+
+ if (sub_dir == NULL) {
+ return true;
+ }
+
+ if (!util_has_prefix(sub_dir->d_name, LOAD_TMPDIR_PREFIX) && !util_has_prefix(sub_dir->d_name, REGISTRY_TMPDIR_PREFIX)) {
+ // only remove directory that image module created
+ return true;
+ }
+
+ nret = snprintf(tmpdir, PATH_MAX, "%s/%s", path_name, sub_dir->d_name);
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
+ ERROR("Failed to snprintf for %s", sub_dir->d_name);
+ return false;
+ }
+
+ if (util_recursive_rmdir(tmpdir, 0) != 0) {
+ ERROR("Failed to remove path %s", tmpdir);
+ return false;
+ }
+
+ return true;
+}
+
static int recreate_image_tmpdir()
{
char *image_tmp_path = NULL;
int ret = 0;
+ int nret = 0;
image_tmp_path = oci_get_isulad_tmpdir(g_oci_image_module_data.root_dir);
if (image_tmp_path == NULL) {
@@ -295,10 +327,14 @@ static int recreate_image_tmpdir()
goto out;
}
- if (util_recursive_rmdir(image_tmp_path, 0)) {
- ERROR("failed to remove directory %s", image_tmp_path);
- ret = -1;
- goto out;
+ // If image_tmp_path exist, cleanup it
+ if (util_dir_exists(image_tmp_path)) {
+ nret = util_scan_subdirs(image_tmp_path, remove_image_tmpdir_cb, NULL);
+ if (nret != 0) {
+ ERROR("Failed to scan isulad tmp subdirs");
+ ret = -1;
+ goto out;
+ }
}
if (util_mkdir_p(image_tmp_path, TEMP_DIRECTORY_MODE)) {
diff --git a/src/daemon/modules/image/oci/oci_image.h b/src/daemon/modules/image/oci/oci_image.h
index c7304897..482091d6 100644
--- a/src/daemon/modules/image/oci/oci_image.h
+++ b/src/daemon/modules/image/oci/oci_image.h
@@ -38,6 +38,10 @@ struct oci_image_module_data {
char **insecure_registries;
size_t insecure_registries_len;
};
+
+#define LOAD_TMPDIR_PREFIX "oci-image-load-"
+#define REGISTRY_TMPDIR_PREFIX "registry-"
+
struct oci_image_module_data *get_oci_image_data(void);
int oci_init(const isulad_daemon_configs *args);
diff --git a/src/daemon/modules/image/oci/oci_load.c b/src/daemon/modules/image/oci/oci_load.c
index 31ae3849..534e2647 100644
--- a/src/daemon/modules/image/oci/oci_load.c
+++ b/src/daemon/modules/image/oci/oci_load.c
@@ -1048,7 +1048,7 @@ static char *oci_load_path_create()
goto out;
}
- nret = snprintf(tmp_dir, PATH_MAX, "%s/oci-image-load-XXXXXX", image_tmp_path);
+ nret = snprintf(tmp_dir, PATH_MAX, "%s/%sXXXXXX", image_tmp_path, LOAD_TMPDIR_PREFIX);
if (nret < 0 || (size_t)nret >= sizeof(tmp_dir)) {
ERROR("Path is too long");
ret = -1;
diff --git a/src/daemon/modules/image/oci/registry/registry.c b/src/daemon/modules/image/oci/registry/registry.c
index 751a8727..aed3057a 100644
--- a/src/daemon/modules/image/oci/registry/registry.c
+++ b/src/daemon/modules/image/oci/registry/registry.c
@@ -1908,7 +1908,7 @@ static int prepare_pull_desc(pull_descriptor *desc, registry_pull_options *optio
goto out;
}
- sret = snprintf(blobpath, PATH_MAX, "%s/registry-XXXXXX", image_tmp_path);
+ sret = snprintf(blobpath, PATH_MAX, "%s/%sXXXXXX", image_tmp_path, REGISTRY_TMPDIR_PREFIX);
if (sret < 0 || (size_t)sret >= PATH_MAX) {
ERROR("image tmp work path too long");
ret = -1;
--
2.25.1

26
0006-2242-disable-grpc-remote-connect-by-default.patch
View File

@ -1,26 +0,0 @@
From ee928d5af7ab7c42ee4597e1b6ae5871767c165d Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 13 Nov 2023 03:04:35 +0000
Subject: [PATCH 06/14] !2242 disable grpc remote connect by default * disable
grpc remote connect by default
---
cmake/options.cmake | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cmake/options.cmake b/cmake/options.cmake
index 8f1dfbbe..aeb24662 100644
--- a/cmake/options.cmake
+++ b/cmake/options.cmake
@@ -106,7 +106,7 @@ if (ENABLE_SELINUX STREQUAL "ON")
message("${Green}-- Enable selinux${ColourReset}")
endif()
-option(ENABLE_GRPC_REMOTE_CONNECT "enable gRPC remote connect" ON)
+option(ENABLE_GRPC_REMOTE_CONNECT "enable gRPC remote connect" OFF)
if (ENABLE_GRPC_REMOTE_CONNECT STREQUAL "ON")
add_definitions(-DENABLE_GRPC_REMOTE_CONNECT=1)
set(ENABLE_GRPC_REMOTE_CONNECT 1)
--
2.42.0

26
0006-skip-devmapper-ut.patch Normal file
View File

@ -0,0 +1,26 @@
From b290e7fb553c5cc6746c9dcfe4896098f74bc7d7 Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Tue, 30 Jan 2024 12:35:58 +0800
Subject: [PATCH 6/6] skip devmapper ut
Signed-off-by: jikai <jikai11@huawei.com>
---
CI/make-and-install.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/CI/make-and-install.sh b/CI/make-and-install.sh
index c1d26ff1..9bb984cd 100755
--- a/CI/make-and-install.sh
+++ b/CI/make-and-install.sh
@@ -75,7 +75,7 @@ mkdir build && cd build
cmake -DCMAKE_BUILD_TYPE=Debug -DENABLE_UT=ON -DENABLE_CRI_API_V1=ON -DENABLE_SHIM_V2=ON -DENABLE_METRICS=ON ..
make -j $(nproc)
make install
-ctest -T memcheck --output-on-failure
+ctest -E "driver_devmapper_ut" -T memcheck --output-on-failure
echo_success "===================RUN DT-LLT TESTCASES END========================="
# build fuzz
--
2.25.1

209
0007-2244-Save-task-address-of-shim-v2.patch
View File

@ -1,209 +0,0 @@
From 23945e20c418595a7a4037e9258f23aa7bed6b48 Mon Sep 17 00:00:00 2001
From: jake <jikai11@huawei.com>
Date: Mon, 13 Nov 2023 08:15:12 +0000
Subject: [PATCH 07/14] !2244 Save task address of shim v2 * Save task address
of shim v2
---
.../v1/v1_cri_container_manager_service.cc | 6 ++
.../v1alpha/cri_container_manager_service.cc | 5 ++
src/daemon/modules/runtime/shim/shim_rt_ops.c | 86 ++++++++++++++-----
3 files changed, 74 insertions(+), 23 deletions(-)
diff --git a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
index 1f20d2d2..f635df2b 100644
--- a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
+++ b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
@@ -1013,6 +1013,12 @@ auto ContainerManagerService::ContainerStats(const std::string &containerID, Err
if (error.NotEmpty()) {
goto cleanup;
}
+ if (contStatsVec.size() == 0) {
+ ERROR("Failed to get container stats");
+ error.SetError("Failed to get container stats");
+ goto cleanup;
+ }
+
contStats = std::move(contStatsVec[0]);
cleanup:
diff --git a/src/daemon/entry/cri/v1alpha/cri_container_manager_service.cc b/src/daemon/entry/cri/v1alpha/cri_container_manager_service.cc
index 6f8ca114..9da25768 100644
--- a/src/daemon/entry/cri/v1alpha/cri_container_manager_service.cc
+++ b/src/daemon/entry/cri/v1alpha/cri_container_manager_service.cc
@@ -1019,6 +1019,11 @@ auto ContainerManagerService::ContainerStats(const std::string &containerID, Err
if (error.NotEmpty()) {
goto cleanup;
}
+ if (contStatsVec.size() == 0) {
+ ERROR("Failed to get container stats");
+ error.SetError("Failed to get container stats");
+ goto cleanup;
+ }
contStats = std::move(contStatsVec[0]);
cleanup:
diff --git a/src/daemon/modules/runtime/shim/shim_rt_ops.c b/src/daemon/modules/runtime/shim/shim_rt_ops.c
index d348dfe1..550b17f3 100644
--- a/src/daemon/modules/runtime/shim/shim_rt_ops.c
+++ b/src/daemon/modules/runtime/shim/shim_rt_ops.c
@@ -16,13 +16,17 @@
#define _GNU_SOURCE
#include "shim_rt_ops.h"
+
#include <stdlib.h>
#include <unistd.h>
#include <sys/wait.h>
#include <sys/stat.h>
#include <limits.h>
-#include "isula_libutils/log.h"
-#include "isula_libutils/shim_client_process_state.h"
+
+#include <isula_libutils/auto_cleanup.h>
+#include <isula_libutils/log.h>
+#include <isula_libutils/shim_client_process_state.h>
+
#include "utils.h"
#include "utils_string.h"
#include "constants.h"
@@ -318,16 +322,46 @@ bool rt_shim_detect(const char *runtime)
return false;
}
+static int save_shim_v2_address(const char *bundle, const char *addr)
+{
+ int nret;
+ char filename[PATH_MAX] = { 0 };
+
+ if (bundle == NULL) {
+ ERROR("Invalid input params");
+ return -1;
+ }
+
+ if (addr == NULL || strlen(addr) == 0) {
+ ERROR("Invalid shim v2 addr");
+ return -1;
+ }
+
+ nret = snprintf(filename, sizeof(filename), "%s/%s", bundle, "address");
+ if (nret < 0 || (size_t)nret >= sizeof(filename)) {
+ ERROR("Failed to print string");
+ return -1;
+ }
+
+ nret = util_atomic_write_file(filename, addr, strlen(addr), CONFIG_FILE_MODE, false);
+ if (nret != 0) {
+ ERROR("Failed to write file %s", filename);
+ return -1;
+ }
+
+ return 0;
+}
+
int rt_shim_create(const char *id, const char *runtime, const rt_create_params_t *params)
{
int ret = 0;
int pid = 0;
int fd = -1;
const char *task_address = NULL;
- char addr[PATH_MAX] = {0};
- char *exit_fifo_path = NULL;
- char *state_path = NULL;
- char *log_path = NULL;
+ char response[PATH_MAX] = {0};
+ __isula_auto_free char *exit_fifo_path = NULL;
+ __isula_auto_free char *state_path = NULL;
+ __isula_auto_free char *log_path = NULL;
if (id == NULL || runtime == NULL || params == NULL) {
ERROR("Invalid input params");
@@ -337,29 +371,25 @@ int rt_shim_create(const char *id, const char *runtime, const rt_create_params_t
exit_fifo_path = util_path_dir(params->exit_fifo);
if (exit_fifo_path == NULL) {
ERROR("%s: failed to get exit fifo dir from %s", id, params->exit_fifo);
- ret = -1;
- goto out;
+ return -1;
}
state_path = util_path_dir(exit_fifo_path);
if (state_path == NULL) {
ERROR("%s:failed to get state dir from %s", id, exit_fifo_path);
- ret = -1;
- goto out;
+ return -1;
}
log_path = util_string_append(SHIM_V2_LOG, params->bundle);
if (log_path == NULL) {
ERROR("Fail to append log path");
- ret = -1;
- goto out;
+ return -1;
}
fd = util_open(log_path, O_RDWR | O_CREAT | O_TRUNC, DEFAULT_SECURE_FILE_MODE);
if (fd < 0) {
ERROR("Failed to create log file for shim v2: %s", log_path);
- ret = -1;
- goto out;
+ return -1;
}
close(fd);
@@ -367,13 +397,13 @@ int rt_shim_create(const char *id, const char *runtime, const rt_create_params_t
* If task address is not set, create a new shim-v2 and get the address.
* If task address is set, use it directly.
*/
- if (params->task_addr == NULL) {
- if (shim_bin_v2_create(runtime, id, params->bundle, NULL, addr, state_path) != 0) {
+ if (params->task_addr == NULL || strlen(params->task_addr) == 0) {
+ if (shim_bin_v2_create(runtime, id, params->bundle, NULL, response, state_path) != 0) {
ERROR("%s: failed to create v2 shim", id);
- ret = -1;
- goto out;
+ return -1;
}
- task_address = addr;
+
+ task_address = response;
} else {
task_address = params->task_addr;
}
@@ -392,10 +422,20 @@ int rt_shim_create(const char *id, const char *runtime, const rt_create_params_t
goto out;
}
+ if (save_shim_v2_address(params->bundle, task_address) != 0) {
+ ERROR("%s: failed to save shim v2 address", id);
+ ret = -1;
+ goto out;
+ }
+
+ return 0;
+
out:
- free(log_path);
- free(exit_fifo_path);
- free(state_path);
+ if (ret != 0) {
+ if (shim_v2_kill(id, NULL, SIGKILL, false) != 0) {
+ ERROR("%s: kill shim v2 failed", id);
+ }
+ }
return ret;
}
@@ -614,7 +654,7 @@ int rt_shim_status(const char *id, const char *runtime, const rt_status_params_t
return -1;
}
- if (params->task_address != NULL) {
+ if (params->task_address != NULL && strlen(params->task_address) != 0) {
if (strlen(params->task_address) >= PATH_MAX) {
ERROR("Invalid task address");
return -1;
--
2.42.0

110
0008-2233-add-runc-append-function-design-doc.patch
View File

File diff suppressed because one or more lines are too long

1056
0009-2243-Refactor-capbilities-specs.patch
View File

File diff suppressed because it is too large Load Diff

33
0010-2245-fix-utils_verify_ut-failure-when-remote-grpc-fu.patch
View File

@ -1,33 +0,0 @@
From c8415e904333c99a2fcd4f8d070942b6923d44ed Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 13 Nov 2023 08:52:42 +0000
Subject: [PATCH 10/14] !2245 fix utils_verify_ut failure when remote grpc
function is turned off * fix utils_verify_ut failure when remote grpc
function is turned off
---
test/cutils/utils_verify/utils_verify_ut.cc | 2 ++
1 file changed, 2 insertions(+)
diff --git a/test/cutils/utils_verify/utils_verify_ut.cc b/test/cutils/utils_verify/utils_verify_ut.cc
index 79670ec1..f2ff57c7 100644
--- a/test/cutils/utils_verify/utils_verify_ut.cc
+++ b/test/cutils/utils_verify/utils_verify_ut.cc
@@ -70,12 +70,14 @@ TEST(utils_verify, test_util_validate_socket)
ASSERT_EQ(util_validate_socket("unix://./isulad"), false);
ASSERT_EQ(util_validate_socket("unix://isulad"), false);
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
ASSERT_EQ(util_validate_socket("tcp://localhost:2375"), true);
ASSERT_EQ(util_validate_socket("tcp://127.0.0.1:2375"), true);
ASSERT_EQ(util_validate_socket("tcp://"), false);
ASSERT_EQ(util_validate_socket("tcp://127.0.0.1"), false);
ASSERT_EQ(util_validate_socket("tcp://127.0.0.1,2375"), false);
+#endif
}
TEST(utils_verify, test_util_valid_device_mode)
--
2.42.0

1312
0011-add-runc-attach-implement.patch
View File

File diff suppressed because it is too large Load Diff

242
0012-add-runc-attach-implement-unit-test-and-ci-test.patch
View File

@ -1,242 +0,0 @@
From d37c0c7ded0e107167a98dc1eda2000142d274f0 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 7 Nov 2023 16:39:50 +0800
Subject: [PATCH 12/14] add runc attach implement unit test and ci test
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
CI/test_cases/container_cases/attach.sh | 153 ++++++++++++++++++++
CI/test_cases/container_cases/cri_stream.sh | 6 +-
test/cmd/isulad-shim/common/common_ut.cc | 42 ++++++
3 files changed, 197 insertions(+), 4 deletions(-)
create mode 100755 CI/test_cases/container_cases/attach.sh
diff --git a/CI/test_cases/container_cases/attach.sh b/CI/test_cases/container_cases/attach.sh
new file mode 100755
index 00000000..0d362757
--- /dev/null
+++ b/CI/test_cases/container_cases/attach.sh
@@ -0,0 +1,153 @@
+#!/bin/bash
+#
+# attributes: isula attach test
+# concurrent: NA
+# spend time: 5
+
+#######################################################################
+##- Copyright (c) Huawei Technologies Co., Ltd. 2023. All rights reserved.
+# - iSulad licensed under the Mulan PSL v2.
+# - You can use this software according to the terms and conditions of the Mulan PSL v2.
+# - You may obtain a copy of Mulan PSL v2 at:
+# - http://license.coscl.org.cn/MulanPSL2
+# - THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+# - IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+# - PURPOSE.
+# - See the Mulan PSL v2 for more details.
+##- @Description:CI
+##- @Author: zhongtao
+##- @Create: 2023-11-06
+#######################################################################
+
+declare -r curr_path=$(dirname $(readlink -f "$0"))
+source ../helpers.sh
+
+# $1 : retry limit
+# $2 : retry_interval
+# $3 : retry function
+function do_retry()
+{
+ for i in $(seq 1 "$1"); do
+ $3 $4 $5
+ if [ $? -ne 0 ]; then
+ return 0
+ fi
+ sleep $2
+ done
+ return 1
+}
+
+function get_ioCopy()
+{
+ ps -T -p $(cat /var/run/isulad.pid) | grep IoCopy
+ return $?
+}
+
+function inspect_container_status()
+{
+ [[ $(isula inspect -f '{{.State.Status}}' ${1}) != "${2}" ]]
+ return $?
+}
+
+function set_up()
+{
+ local ret=0
+ local runtime=$1
+
+ isula run -tid --name test --runtime $runtime busybox sh
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image: ${image}" && ((ret++))
+
+ msg_info "${test} finished with return ${ret}..."
+ return ${ret}
+}
+
+function test_attach_fun()
+{
+ local ret=0
+ local retry_limit=20
+ local retry_interval=1
+ container_name="test"
+ local test="test_attach_fun => (${FUNCNAME[@]})"
+
+ msg_info "${test} starting..."
+
+ expect <<-END
+spawn isula attach test
+send \n
+expect "*"
+sleep 1
+send "ls \r"
+expect "*"
+send "exit \r"
+expect "*"
+sleep 2
+expect eof
+END
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to attach container test" && ((ret++))
+
+ count=$(isula logs test | grep ls | wc -l)
+ [[ $count -ne 1 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to do attach" && ((ret++))
+
+ do_retry ${retry_limit} ${retry_interval} inspect_container_status ${container_name} exited
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container status: not Exited" && ((ret++))
+
+ (isula attach test > /tmp/test_attach1.log 2>&1) &
+ sleep 2
+ cat /tmp/test_attach1.log | grep "You cannot attach to a stopped container, start it first"
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to do attach, except fail" && ((ret++))
+
+ rm -rf /tmp/test_attach1.log
+
+ do_retry ${retry_limit} ${retry_interval} get_ioCopy
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - residual IO copy thread in CRI exec operation" && ((ret++))
+
+ msg_info "${test} finished with return ${ret}..."
+ return ${ret}
+}
+
+function tear_down()
+{
+ local ret=0
+
+ isula rm -f test
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to rm container: test" && ((ret++))
+
+ return ${ret}
+}
+
+function do_test_t()
+{
+ local ret=0
+ local runtime=$1
+ local test="basic attach test => (${runtime})"
+ msg_info "${test} starting..."
+
+ set_up $runtime || ((ret++))
+
+ test_attach_fun || ((ret++))
+
+ tear_down || ((ret++))
+
+ msg_info "${test} finished with return ${ret}..."
+
+ return $ret
+}
+
+ret=0
+
+isula pull busybox
+[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to pull image: ${image}" && return ${FAILURE}
+
+isula images | grep busybox
+[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - missing list image: ${image}" && ((ret++))
+
+for element in ${RUNTIME_LIST[@]};
+do
+ do_test_t $element
+ if [ $? -ne 0 ];then
+ let "ret=$ret + 1"
+ fi
+done
+
+show_result $ret "basic attach"
+
diff --git a/CI/test_cases/container_cases/cri_stream.sh b/CI/test_cases/container_cases/cri_stream.sh
index 2360e240..43ed3891 100755
--- a/CI/test_cases/container_cases/cri_stream.sh
+++ b/CI/test_cases/container_cases/cri_stream.sh
@@ -187,10 +187,8 @@ function do_test_t()
test_cri_exec_fun || ((ret++))
test_cri_exec_abn || ((ret++))
- # runc attach not support
- if [ $runtime == "lcr" ]; then
- test_cri_attach || ((ret++))
- fi
+ test_cri_attach || ((ret++))
+
tear_down || ((ret++))
msg_info "${test} finished with return ${ret}..."
diff --git a/test/cmd/isulad-shim/common/common_ut.cc b/test/cmd/isulad-shim/common/common_ut.cc
index 63395232..fb60f628 100644
--- a/test/cmd/isulad-shim/common/common_ut.cc
+++ b/test/cmd/isulad-shim/common/common_ut.cc
@@ -87,3 +87,45 @@ TEST_F(CommonUnitTest, test_combined_output)
params[0] = non_cmd.c_str();
EXPECT_EQ(cmd_combined_output(non_cmd.c_str(), params, output, &output_len), -1);
}
+
+TEST_F(CommonUnitTest, test_get_attach_fifo_item)
+{
+ struct isula_linked_list *attach_fifos = NULL;
+ attach_fifos = (struct isula_linked_list *)isula_common_calloc_s(sizeof(struct isula_linked_list));
+ ASSERT_TRUE(attach_fifos != nullptr);
+
+ isula_linked_list_init(attach_fifos);
+
+ EXPECT_EQ(get_attach_fifo_item(4, attach_fifos), nullptr);
+ EXPECT_EQ(get_attach_fifo_item(-1, attach_fifos), nullptr);
+ EXPECT_EQ(get_attach_fifo_item(4, NULL), nullptr);
+
+ struct shim_fifos_fd fifos1 = {
+ .in_fd = 1,
+ .out_fd = 2,
+ .err_fd = 3,
+ };
+ struct shim_fifos_fd fifos2 = {
+ .in_fd = 4,
+ .out_fd = 5,
+ .err_fd = 6,
+ };
+ struct isula_linked_list *node1 = NULL;
+ struct isula_linked_list *node2 = NULL;
+ node1 = (struct isula_linked_list *)isula_common_calloc_s(sizeof(struct isula_linked_list));
+ ASSERT_TRUE(node1 != nullptr);
+ node1->elem = &fifos1;
+ isula_linked_list_add(attach_fifos, node1);
+
+ node2 = (struct isula_linked_list *)isula_common_calloc_s(sizeof(struct isula_linked_list));
+ ASSERT_TRUE(node2 != nullptr);
+ node2->elem = &fifos2;
+ isula_linked_list_add(attach_fifos, node2);
+
+ EXPECT_EQ(get_attach_fifo_item(1, attach_fifos), node1);
+ EXPECT_EQ(get_attach_fifo_item(4, attach_fifos), node2);
+
+ free(node1);
+ free(node2);
+ free(attach_fifos);
+}
--
2.42.0

26
0013-support-gcov-of-CI.patch
View File

@ -1,26 +0,0 @@
From f4ea9145cea40cb97a86cd5eb91e1726cf48dd0d Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Tue, 14 Nov 2023 09:17:05 +0800
Subject: [PATCH 13/14] support gcov of CI
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
CI/dockerfiles/Dockerfile-fedora | 2 ++
1 file changed, 2 insertions(+)
diff --git a/CI/dockerfiles/Dockerfile-fedora b/CI/dockerfiles/Dockerfile-fedora
index c30a3d0b..bef44377 100644
--- a/CI/dockerfiles/Dockerfile-fedora
+++ b/CI/dockerfiles/Dockerfile-fedora
@@ -115,6 +115,8 @@ RUN echo "[source.crates-io]" >> ${HOME}/.cargo/config && \
echo "[source.local-registry]" >> ${HOME}/.cargo/config && \
echo "directory = \"vendor\"" >> ${HOME}/.cargo/config
+RUN dnf install -y lcov && dnf clean all
+
# install libevhtp
RUN export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH && \
set -x && \
--
2.42.0

163
0014-compatibility-for-manage-pods-which-created-by-old-i.patch
View File

@ -1,163 +0,0 @@
From 2bf2acb51aec12e734c970b02cd7802f088a2222 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Tue, 14 Nov 2023 10:29:34 +0800
Subject: [PATCH 14/14] compatibility for manage pods which created by old
iSulad
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
.../cri_pod_sandbox_manager_service.cc | 12 +++-
src/daemon/entry/cri/v1alpha/naming.cc | 72 ++++++++++++++++---
src/daemon/entry/cri/v1alpha/naming.h | 2 +-
3 files changed, 72 insertions(+), 14 deletions(-)
diff --git a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
index 6e8f40b9..8533bb8c 100644
--- a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
+++ b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
@@ -1153,7 +1153,11 @@ void PodSandboxManagerService::PodSandboxStatusToGRPC(const container_inspect *i
CRIHelpers::ExtractLabels(inspect->config->labels, *podStatus->mutable_labels());
CRIHelpers::ExtractAnnotations(inspect->config->annotations, *podStatus->mutable_annotations());
- CRINaming::ParseSandboxName(podStatus->annotations(), *podStatus->mutable_metadata(), error);
+ std::string name;
+ if (inspect->name != nullptr) {
+ name = std::string(inspect->name);
+ }
+ CRINaming::ParseSandboxName(name, podStatus->annotations(), *podStatus->mutable_metadata(), error);
if (error.NotEmpty()) {
return;
}
@@ -1266,7 +1270,11 @@ void PodSandboxManagerService::ListPodSandboxToGRPC(container_list_response *res
CRIHelpers::ExtractAnnotations(response->containers[i]->annotations, *pod->mutable_annotations());
- CRINaming::ParseSandboxName(pod->annotations(), *pod->mutable_metadata(), error);
+ std::string name;
+ if (response->containers[i]->name != nullptr) {
+ name = std::string(response->containers[i]->name);
+ }
+ CRINaming::ParseSandboxName(name, pod->annotations(), *pod->mutable_metadata(), error);
if (filterOutReadySandboxes && pod->state() == runtime::v1alpha2::SANDBOX_READY) {
continue;
diff --git a/src/daemon/entry/cri/v1alpha/naming.cc b/src/daemon/entry/cri/v1alpha/naming.cc
index abb6e57d..de47a97d 100644
--- a/src/daemon/entry/cri/v1alpha/naming.cc
+++ b/src/daemon/entry/cri/v1alpha/naming.cc
@@ -26,6 +26,38 @@
#include "utils.h"
namespace CRINaming {
+// default sandbox name create by MakeSandboxName();
+// format is 'k8s_containername_metadataname_namespace_uid_attempt'
+static int parseName(const std::string &name, std::vector<std::string> &items, unsigned int &attempt, Errors &err)
+{
+ std::istringstream f(name);
+ std::string part;
+
+ while (getline(f, part, CRI::Constants::nameDelimiterChar)) {
+ items.push_back(part);
+ }
+
+ // format: k8s_containername_metadataname_namespace_uid_attempt
+ // so split name by '_', length of result array must be 6
+ if (items.size() != 6) {
+ err.Errorf("failed to parse the sandbox name: %s", name.c_str());
+ return -1;
+ }
+
+ if (items[0] != CRI::Constants::kubePrefix) {
+ err.Errorf("container is not managed by kubernetes: %s", name.c_str());
+ return -1;
+ }
+
+ // last item index is 5, and must be attempt
+ if (util_safe_uint(items[5].c_str(), &attempt)) {
+ err.Errorf("failed to parse the sandbox name %s: %s", name.c_str(), strerror(errno));
+ return -1;
+ }
+
+ return 0;
+}
+
std::string MakeSandboxName(const runtime::v1alpha2::PodSandboxMetadata &metadata)
{
std::string sname;
@@ -44,9 +76,12 @@ std::string MakeSandboxName(const runtime::v1alpha2::PodSandboxMetadata &metadat
return sname;
}
-void ParseSandboxName(const google::protobuf::Map<std::string, std::string> &annotations,
+void ParseSandboxName(const std::string &name, const google::protobuf::Map<std::string, std::string> &annotations,
runtime::v1alpha2::PodSandboxMetadata &metadata, Errors &err)
{
+ // need check uid and attemp 2 items
+ int needSetUidAndAttemp = 2;
+
if (annotations.count(CRIHelpers::Constants::SANDBOX_NAME_ANNOTATION_KEY) == 0) {
err.Errorf("annotation don't contains the sandbox name, failed to parse it");
return;
@@ -57,21 +92,36 @@ void ParseSandboxName(const google::protobuf::Map<std::string, std::string> &ann
return;
}
- if (annotations.count(CRIHelpers::Constants::SANDBOX_UID_ANNOTATION_KEY) == 0) {
- err.Errorf("annotation don't contains the sandbox uid, failed to parse it");
- return;
+ metadata.set_name(annotations.at(CRIHelpers::Constants::SANDBOX_NAME_ANNOTATION_KEY));
+ metadata.set_namespace_(annotations.at(CRIHelpers::Constants::SANDBOX_NAMESPACE_ANNOTATION_KEY));
+
+ if (annotations.count(CRIHelpers::Constants::SANDBOX_UID_ANNOTATION_KEY) != 0) {
+ metadata.set_uid(annotations.at(CRIHelpers::Constants::SANDBOX_UID_ANNOTATION_KEY));
+ needSetUidAndAttemp--;
+ }
+
+ if (annotations.count(CRIHelpers::Constants::SANDBOX_ATTEMPT_ANNOTATION_KEY) != 0) {
+ auto sandboxAttempt = annotations.at(CRIHelpers::Constants::SANDBOX_ATTEMPT_ANNOTATION_KEY);
+ metadata.set_attempt(static_cast<google::protobuf::uint32>(std::stoul(sandboxAttempt)));
+ needSetUidAndAttemp--;
}
- if (annotations.count(CRIHelpers::Constants::SANDBOX_ATTEMPT_ANNOTATION_KEY) == 0) {
- err.Errorf("annotation don't contains the sandbox attempt, failed to parse it");
+ if (needSetUidAndAttemp == 0) {
return;
}
- metadata.set_name(annotations.at(CRIHelpers::Constants::SANDBOX_NAME_ANNOTATION_KEY));
- metadata.set_namespace_(annotations.at(CRIHelpers::Constants::SANDBOX_NAMESPACE_ANNOTATION_KEY));
- metadata.set_uid(annotations.at(CRIHelpers::Constants::SANDBOX_UID_ANNOTATION_KEY));
- auto sandboxAttempt = annotations.at(CRIHelpers::Constants::SANDBOX_ATTEMPT_ANNOTATION_KEY);
- metadata.set_attempt(static_cast<google::protobuf::uint32>(std::stoul(sandboxAttempt)));
+ // get uid and attempt from name,
+ // compatibility to new iSulad manage pods created by old version iSulad
+ // maybe should remove in next version of iSulad
+ std::vector<std::string> items;
+ unsigned int attempt;
+
+ if (parseName(name, items, attempt, err) != 0) {
+ return;
+ }
+ // index 4 in split array, must be uid
+ metadata.set_uid(items[4]);
+ metadata.set_attempt(static_cast<google::protobuf::uint32>(attempt));
}
std::string MakeContainerName(const runtime::v1alpha2::PodSandboxConfig &s, const runtime::v1alpha2::ContainerConfig &c)
diff --git a/src/daemon/entry/cri/v1alpha/naming.h b/src/daemon/entry/cri/v1alpha/naming.h
index 7eab41d3..f2d51a98 100644
--- a/src/daemon/entry/cri/v1alpha/naming.h
+++ b/src/daemon/entry/cri/v1alpha/naming.h
@@ -26,7 +26,7 @@ std::string MakeSandboxName(const runtime::v1alpha2::PodSandboxMetadata &metadat
std::string MakeContainerName(const runtime::v1alpha2::PodSandboxConfig &s,
const runtime::v1alpha2::ContainerConfig &c);
-void ParseSandboxName(const google::protobuf::Map<std::string, std::string> &annotations,
+void ParseSandboxName(const std::string &name, const google::protobuf::Map<std::string, std::string> &annotations,
runtime::v1alpha2::PodSandboxMetadata &metadata, Errors &err);
void ParseContainerName(const google::protobuf::Map<std::string, std::string> &annotations,
--
2.42.0

33
0015-2250-Remove-PERFMON-BPF-CHECKPOINT_RESTORE.patch
View File

@ -1,33 +0,0 @@
From ba0460408ab6118e1ecf3dda242af1d4b0980777 Mon Sep 17 00:00:00 2001
From: xuxuepeng <xuxuepeng1@huawei.com>
Date: Tue, 14 Nov 2023 14:00:31 +0000
Subject: [PATCH 15/16] !2250 Remove PERFMON, BPF, CHECKPOINT_RESTORE Merge
pull request !2250 from xuxuepeng/master
---
src/utils/cutils/utils_cap.c | 9 ---------
1 file changed, 9 deletions(-)
diff --git a/src/utils/cutils/utils_cap.c b/src/utils/cutils/utils_cap.c
index 6473df45..8c9cfafa 100644
--- a/src/utils/cutils/utils_cap.c
+++ b/src/utils/cutils/utils_cap.c
@@ -74,15 +74,6 @@ const char *g_all_caps[] = {
#ifdef CAP_AUDIT_READ
"CAP_AUDIT_READ",
#endif
-#ifdef CAP_PERFMON
- "CAP_PERFMON",
-#endif
-#ifdef CAP_BPF
- "CAP_BPF",
-#endif
-#ifdef CAP_CHECKPOINT_RESTORE
- "CAP_CHECKPOINT_RESTORE",
-#endif
};
static inline size_t util_get_all_caps_len()
--
2.42.0

202
0016-improve-event-logs.patch
View File

@ -1,202 +0,0 @@
From d611f18abac0f4077c9bf85f76162719cc5e55eb Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Tue, 14 Nov 2023 15:12:39 +0800
Subject: [PATCH 16/64] improve event logs
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
.../grpc/cri/v1/cri_v1_runtime_runtime_service.cc | 13 ++++++++-----
.../grpc/cri/v1alpha/cri_runtime_runtime_service.cc | 10 +++++++---
src/daemon/entry/cri/cni_network_plugin.cc | 6 +++---
.../cri/v1alpha/cri_pod_sandbox_manager_service.cc | 3 ++-
src/daemon/executor/volume_cb/volume_cb.c | 4 ++--
src/daemon/modules/network/native/adaptor_native.c | 8 ++++----
6 files changed, 26 insertions(+), 18 deletions(-)
diff --git a/src/daemon/entry/connect/grpc/cri/v1/cri_v1_runtime_runtime_service.cc b/src/daemon/entry/connect/grpc/cri/v1/cri_v1_runtime_runtime_service.cc
index b8d5746c..1db79307 100644
--- a/src/daemon/entry/connect/grpc/cri/v1/cri_v1_runtime_runtime_service.cc
+++ b/src/daemon/entry/connect/grpc/cri/v1/cri_v1_runtime_runtime_service.cc
@@ -75,7 +75,7 @@ grpc::Status RuntimeV1RuntimeServiceImpl::CreateContainer(grpc::ServerContext *c
return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments");
}
- EVENT("Event: {Object: CRI, Type: Creating Container}");
+ EVENT("Event: {Object: CRI, Type: Creating Container for sandbox: %s}", request->pod_sandbox_id().c_str());
std::string responseID =
m_rService->CreateContainer(request->pod_sandbox_id(), request->config(), request->sandbox_config(), error);
@@ -316,17 +316,20 @@ grpc::Status RuntimeV1RuntimeServiceImpl::RunPodSandbox(grpc::ServerContext *con
ERROR("Invalid input arguments");
return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments");
}
-
- EVENT("Event: {Object: CRI, Type: Running Pod}");
+ if (request->has_config() && request->config().has_metadata()) {
+ EVENT("Event: {Object: CRI, Type: Running Pod: %s}", request->config().metadata().name().c_str());
+ } else {
+ EVENT("Event: {Object: CRI, Type: Running Pod}");
+ }
std::string responseID = m_rService->RunPodSandbox(request->config(), request->runtime_handler(), error);
if (!error.Empty() || responseID.empty()) {
- ERROR("Object: CRI, Type: Failed to run pod:%s", error.GetMessage().c_str());
+ ERROR("Object: CRI, Type: Failed to run pod: %s", error.GetMessage().c_str());
return grpc::Status(grpc::StatusCode::UNKNOWN, error.GetMessage());
}
reply->set_pod_sandbox_id(responseID);
- EVENT("Event: {Object: CRI, Type: Run Pod success}");
+ EVENT("Event: {Object: CRI, Type: Run Pod: %s success}", responseID.c_str());
return grpc::Status::OK;
}
diff --git a/src/daemon/entry/connect/grpc/cri/v1alpha/cri_runtime_runtime_service.cc b/src/daemon/entry/connect/grpc/cri/v1alpha/cri_runtime_runtime_service.cc
index ec3f01cd..a56b167c 100644
--- a/src/daemon/entry/connect/grpc/cri/v1alpha/cri_runtime_runtime_service.cc
+++ b/src/daemon/entry/connect/grpc/cri/v1alpha/cri_runtime_runtime_service.cc
@@ -73,7 +73,7 @@ grpc::Status RuntimeRuntimeServiceImpl::CreateContainer(grpc::ServerContext *con
return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments");
}
- EVENT("Event: {Object: CRI, Type: Creating Container}");
+ EVENT("Event: {Object: CRI, Type: Creating Container for sandbox: %s}", request->pod_sandbox_id().c_str());
std::string responseID =
m_rService->CreateContainer(request->pod_sandbox_id(), request->config(), request->sandbox_config(), error);
@@ -315,7 +315,11 @@ grpc::Status RuntimeRuntimeServiceImpl::RunPodSandbox(grpc::ServerContext *conte
return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments");
}
- EVENT("Event: {Object: CRI, Type: Running Pod}");
+ if (request->has_config() && request->config().has_metadata()) {
+ EVENT("Event: {Object: CRI, Type: Running Pod: %s}", request->config().metadata().name().c_str());
+ } else {
+ EVENT("Event: {Object: CRI, Type: Running Pod}");
+ }
std::string responseID = m_rService->RunPodSandbox(request->config(), request->runtime_handler(), error);
if (!error.Empty() || responseID.empty()) {
@@ -324,7 +328,7 @@ grpc::Status RuntimeRuntimeServiceImpl::RunPodSandbox(grpc::ServerContext *conte
}
reply->set_pod_sandbox_id(responseID);
- EVENT("Event: {Object: CRI, Type: Run Pod success}");
+ EVENT("Event: {Object: CRI, Type: Run Pod: %s success}", responseID.c_str());
return grpc::Status::OK;
}
diff --git a/src/daemon/entry/cri/cni_network_plugin.cc b/src/daemon/entry/cri/cni_network_plugin.cc
index 656fceda..377796ee 100644
--- a/src/daemon/entry/cri/cni_network_plugin.cc
+++ b/src/daemon/entry/cri/cni_network_plugin.cc
@@ -612,12 +612,12 @@ void CniNetworkPlugin::SetUpPod(const std::string &ns, const std::string &name,
if (g_isulad_errmsg != nullptr) {
err.SetError(g_isulad_errmsg);
} else {
- err.Errorf("setup cni for container: %s failed", id.c_str());
+ err.Errorf("setup cni for sandbox: %s failed", id.c_str());
}
// rollback all network plane
// if mutl-networks, one network plane failed, cause to left network can not be delete.
if (network_module_detach(config, NETWOKR_API_TYPE_CRI) != 0) {
- WARN("rollback all network for: %s failed", id.c_str());
+ WARN("rollback all network for sandbox: %s failed", id.c_str());
}
}
@@ -671,7 +671,7 @@ void CniNetworkPlugin::TearDownPod(const std::string &ns, const std::string &nam
}
if (network_module_detach(config, NETWOKR_API_TYPE_CRI) != 0) {
- err.Errorf("teardown cni for container: %s failed", id.c_str());
+ err.Errorf("teardown cni for sandbox: %s failed", id.c_str());
}
UnlockNetworkMap(err);
diff --git a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
index 8533bb8c..8eff22ac 100644
--- a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
+++ b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
@@ -618,6 +618,7 @@ auto PodSandboxManagerService::RunPodSandbox(const runtime::v1alpha2::PodSandbox
// Step 2: Create the sandbox container.
response_id = CreateSandboxContainer(config, image, jsonCheckpoint, runtimeHandler, error);
if (error.NotEmpty()) {
+ ERROR("Create sandbox failed: %s", error.GetCMessage());
goto cleanup;
}
@@ -672,7 +673,7 @@ auto PodSandboxManagerService::RunPodSandbox(const runtime::v1alpha2::PodSandbox
UpdatePodSandboxNetworkSettings(response_id, network_setting_json, tmpErr);
// If saving network settings failed, ignore error
if (tmpErr.NotEmpty()) {
- WARN("%s", tmpErr.GetCMessage());
+ WARN("Update sandbox network setting err: %s", tmpErr.GetCMessage());
}
}
goto cleanup;
diff --git a/src/daemon/executor/volume_cb/volume_cb.c b/src/daemon/executor/volume_cb/volume_cb.c
index 2148922e..ff5973b8 100644
--- a/src/daemon/executor/volume_cb/volume_cb.c
+++ b/src/daemon/executor/volume_cb/volume_cb.c
@@ -52,7 +52,7 @@ static int volume_list_cb(const volume_list_volume_request *request, volume_list
goto err_out;
}
- EVENT("Volume Event: {Object: list volumes, Type: listing}");
+ INFO("Volume Event: {Object: list volumes, Type: listing}");
list = volume_list();
if (list == NULL) {
@@ -85,7 +85,7 @@ static int volume_list_cb(const volume_list_volume_request *request, volume_list
}
out:
- EVENT("Volume Event: {Object: list volumes, Type: listed");
+ INFO("Volume Event: {Object: list volumes, Type: listed");
err_out:
if (*response != NULL) {
diff --git a/src/daemon/modules/network/native/adaptor_native.c b/src/daemon/modules/network/native/adaptor_native.c
index 45288d7e..baaecc32 100644
--- a/src/daemon/modules/network/native/adaptor_native.c
+++ b/src/daemon/modules/network/native/adaptor_native.c
@@ -1510,7 +1510,7 @@ int native_config_inspect(const char *name, char **network_json)
return -1;
}
- EVENT("Event: {Object: network, Type: inspecting, Target: %s}", name);
+ INFO("Event: {Object: network, Type: inspecting, Target: %s}", name);
if (!native_store_lock(SHARED)) {
return -1;
@@ -1538,7 +1538,7 @@ int native_config_inspect(const char *name, char **network_json)
// TODO: inspect the linked containers ip info
- EVENT("Event: {Object: network, Type: inspected, Target: %s}", name);
+ INFO("Event: {Object: network, Type: inspected, Target: %s}", name);
goto out;
}
@@ -1635,7 +1635,7 @@ int native_config_list(const struct filters_args *filters, network_network_info
return -1;
}
- EVENT("Event: {Object: network, Type: listing}");
+ INFO("Event: {Object: network, Type: listing}");
if (!native_store_lock(SHARED)) {
return -1;
@@ -1693,7 +1693,7 @@ int native_config_list(const struct filters_args *filters, network_network_info
*networks_len = nets_len;
nets_len = 0;
- EVENT("Event: {Object: network, Type: listed}");
+ INFO("Event: {Object: network, Type: listed}");
out:
map_itor_free(itor);
--
2.42.0

57
0017-2251-open-ENABLE_GRPC_REMOTE_CONNECT-in-CI.patch
View File

@ -1,57 +0,0 @@
From 48dc6f0adda72d7f4742afe1b8380370debfe4f4 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 15 Nov 2023 03:10:15 +0000
Subject: [PATCH 17/64] !2251 open ENABLE_GRPC_REMOTE_CONNECT in CI * open
ENABLE_GRPC_REMOTE_CONNECT in CI
---
CI/make-and-install.sh | 4 ++--
CI/only_build_isulad.sh | 2 +-
CI/pr-gateway.sh | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/CI/make-and-install.sh b/CI/make-and-install.sh
index cdd0e432..c1d26ff1 100755
--- a/CI/make-and-install.sh
+++ b/CI/make-and-install.sh
@@ -103,9 +103,9 @@ rm -rf build
mkdir build
cd build
if [[ ${enable_gcov} -ne 0 ]]; then
- cmake -DLIB_INSTALL_DIR=${builddir}/lib -DCMAKE_INSTALL_PREFIX=${builddir} -DCMAKE_INSTALL_SYSCONFDIR=${builddir}/etc -DCMAKE_BUILD_TYPE=Debug -DGCOV=ON -DENABLE_EMBEDDED=ON -DENABLE_COVERAGE=ON -DENABLE_CRI_API_V1=ON -DENABLE_UT=ON -DENABLE_METRICS=ON -DENABLE_REMOTE_LAYER_STORE=ON ..
+ cmake -DLIB_INSTALL_DIR=${builddir}/lib -DCMAKE_INSTALL_PREFIX=${builddir} -DCMAKE_INSTALL_SYSCONFDIR=${builddir}/etc -DCMAKE_BUILD_TYPE=Debug -DGCOV=ON -DENABLE_EMBEDDED=ON -DENABLE_COVERAGE=ON -DENABLE_CRI_API_V1=ON -DENABLE_UT=ON -DENABLE_METRICS=ON -DENABLE_REMOTE_LAYER_STORE=ON -DENABLE_GRPC_REMOTE_CONNECT=ON ..
else
- cmake -DLIB_INSTALL_DIR=${builddir}/lib -DCMAKE_INSTALL_PREFIX=${builddir} -DCMAKE_INSTALL_SYSCONFDIR=${builddir}/etc -DENABLE_EMBEDDED=ON -DENABLE_METRICS=ON -DENABLE_REMOTE_LAYER_STORE=ON -DENABLE_CRI_API_V1=ON ..
+ cmake -DLIB_INSTALL_DIR=${builddir}/lib -DCMAKE_INSTALL_PREFIX=${builddir} -DCMAKE_INSTALL_SYSCONFDIR=${builddir}/etc -DENABLE_EMBEDDED=ON -DENABLE_METRICS=ON -DENABLE_REMOTE_LAYER_STORE=ON -DENABLE_CRI_API_V1=ON -DENABLE_GRPC_REMOTE_CONNECT=ON ..
fi
make -j $(nproc)
make install
diff --git a/CI/only_build_isulad.sh b/CI/only_build_isulad.sh
index d2d3417d..c3dc39d6 100755
--- a/CI/only_build_isulad.sh
+++ b/CI/only_build_isulad.sh
@@ -67,7 +67,7 @@ popd
git clone https://gitee.com/openeuler/iSulad.git
pushd iSulad
mkdir build && pushd build
-cmake -DENABLE_UT=ON ../
+cmake -DENABLE_UT=ON -DENABLE_GRPC_REMOTE_CONNECT=ON ../
make -j2 && make install
ctest -V
popd
diff --git a/CI/pr-gateway.sh b/CI/pr-gateway.sh
index 291fc4ae..08bcfc4f 100755
--- a/CI/pr-gateway.sh
+++ b/CI/pr-gateway.sh
@@ -99,7 +99,7 @@ pushd iSulad
rm -rf build
mkdir build
pushd build
-cmake -DDEBUG=ON -DCMAKE_INSTALL_PREFIX=/usr -DENABLE_UT=ON -DENABLE_CRI_API_V1=ON -DENABLE_REMOTE_LAYER_STORE=ON -DENABLE_SHIM_V2=OFF ../ || exit 1
+cmake -DDEBUG=ON -DCMAKE_INSTALL_PREFIX=/usr -DENABLE_UT=ON -DENABLE_CRI_API_V1=ON -DENABLE_REMOTE_LAYER_STORE=ON -DENABLE_SHIM_V2=OFF -DENABLE_GRPC_REMOTE_CONNECT=ON ../ || exit 1
make -j $(nproc) || exit 1
ctest -V
popd
--
2.42.0

57
0018-Add-compatibility-between-iSulad-and-k8s.patch
View File

@ -1,57 +0,0 @@
From bec48dcd219885abd72cb9973a2e810e3f504269 Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Wed, 15 Nov 2023 10:51:01 +0800
Subject: [PATCH 18/64] Add compatibility between iSulad and k8s
Signed-off-by: jikai<jikai11@huawei.com>
---
README.md | 13 ++++++++++++-
README_zh.md | 12 +++++++++++-
2 files changed, 23 insertions(+), 2 deletions(-)
diff --git a/README.md b/README.md
index 7e4b6de1..e7949dee 100644
--- a/README.md
+++ b/README.md
@@ -233,4 +233,15 @@ The standard specification versions that `iSulad` is compatible with are as foll
- Compatible with OCI 1.0.0.
- Compatible with CNI 0.3.0 and above.
-- Compatible with lcr 2.1.x and above.
\ No newline at end of file
+- Compatible with lcr 2.1.x and above.
+
+## Kubernetes Support
+
+`iSulad` supports Kubernetes version 1.13 and above. The following table shows the compatibility between `iSulad` and Kubernetes.
+It lists the minimum `iSulad` version required for some given Kubernetes versions.
+
+iSulad Version | Kubernetes Version | CRI Version
+--- | --- | ---
+v2.0.0+ | v1.13-v1.18 | v1alpha2
+v2.0.8+ | v1.19-v1.22 | v1alpha2
+v2.1.4+ | v1.23-v1.26 | v1, v1alpha2
diff --git a/README_zh.md b/README_zh.md
index 72942765..1c4dff4f 100755
--- a/README_zh.md
+++ b/README_zh.md
@@ -229,4 +229,14 @@ $ sudo isula rm test
- 兼容 1.0.0 版本的OCI
- 兼容 0.3.0 版本以上的CNI
-- 兼容 2.1.x 版本以上的lcr
\ No newline at end of file
+- 兼容 2.1.x 版本以上的lcr
+
+## Kubernetes Support
+
+`iSulad`提供对Kubernetes 1.13 版本以上的支持。以下表格显示了 `iSulad` 与 Kubernetes 之间的兼容性。它给出了指定Kubernetes版本下所需要的最低 `iSulad` 版本。
+
+iSulad 版本 | Kubernetes 版本 | CRI 版本
+--- | --- | ---
+v2.0.0+ | v1.13-v1.18 | v1alpha2
+v2.0.8+ | v1.19-v1.22 | v1alpha2
+v2.1.4+ | v1.23-v1.26 | v1, v1alpha2
--
2.42.0

384
0019-2254-lcr-container-with-a-damaged-config-file-will-r.patch
View File

@ -1,384 +0,0 @@
From 21bca2bb054ed7a1b9b78e01965f8a6d9c3fd28d Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 20 Nov 2023 12:58:26 +0000
Subject: [PATCH 19/64] !2254 lcr container with a damaged config file will
rebuild the config during restore * lcr container with a damaged config file
will rebuild the config during restore
---
src/common/constants.h | 2 +
src/daemon/modules/api/runtime_api.h | 7 ++
.../modules/container/restore/restore.c | 28 ++++--
.../modules/runtime/engines/lcr/lcr_rt_ops.c | 99 ++++++++++++++++++-
.../modules/runtime/engines/lcr/lcr_rt_ops.h | 1 +
.../modules/runtime/isula/isula_rt_ops.c | 6 ++
.../modules/runtime/isula/isula_rt_ops.h | 1 +
src/daemon/modules/runtime/runtime.c | 24 +++++
src/daemon/modules/runtime/shim/shim_rt_ops.c | 6 ++
src/daemon/modules/runtime/shim/shim_rt_ops.h | 2 +
10 files changed, 167 insertions(+), 9 deletions(-)
diff --git a/src/common/constants.h b/src/common/constants.h
index caf9b793..5f12ae25 100644
--- a/src/common/constants.h
+++ b/src/common/constants.h
@@ -86,6 +86,8 @@ extern "C" {
#define LOG_MAX_RETRIES 10
+#define INVALID_CONFIG_ERR_CODE 2
+
#define MAX_MSG_BUFFER_SIZE (32 * 1024)
#define DEFAULT_WEBSOCKET_SERVER_LISTENING_PORT 10350
diff --git a/src/daemon/modules/api/runtime_api.h b/src/daemon/modules/api/runtime_api.h
index 3c2100f5..08558f42 100644
--- a/src/daemon/modules/api/runtime_api.h
+++ b/src/daemon/modules/api/runtime_api.h
@@ -41,6 +41,7 @@ typedef enum {
struct runtime_container_status_info {
bool has_pid;
uint32_t pid;
+ int error_code;
Runtime_Container_Status status;
};
@@ -197,6 +198,10 @@ typedef struct _rt_exec_resize_params_t {
unsigned int width;
} rt_exec_resize_params_t;
+typedef struct _rt_runtime_rebuild_config_params_t {
+ const char *rootpath;
+} rt_rebuild_config_params_t;
+
struct rt_ops {
/* detect whether runtime is of this runtime type */
bool (*detect)(const char *runtime);
@@ -233,6 +238,7 @@ struct rt_ops {
rt_listpids_out_t *out);
int (*rt_resize)(const char *name, const char *runtime, const rt_resize_params_t *params);
int (*rt_exec_resize)(const char *name, const char *runtime, const rt_exec_resize_params_t *params);
+ int (*rt_rebuild_config)(const char *name, const char *runtime, const rt_rebuild_config_params_t *params);
};
int runtime_create(const char *name, const char *runtime, const rt_create_params_t *params);
@@ -253,6 +259,7 @@ int runtime_attach(const char *name, const char *runtime, const rt_attach_params
int runtime_update(const char *name, const char *runtime, const rt_update_params_t *params);
int runtime_listpids(const char *name, const char *runtime, const rt_listpids_params_t *params, rt_listpids_out_t *out);
+int runtime_rebuild_config(const char *name, const char *runtime, const rt_rebuild_config_params_t *params);
void free_rt_listpids_out_t(rt_listpids_out_t *out);
int runtime_resize(const char *name, const char *runtime, const rt_resize_params_t *params);
int runtime_exec_resize(const char *name, const char *runtime, const rt_exec_resize_params_t *params);
diff --git a/src/daemon/modules/container/restore/restore.c b/src/daemon/modules/container/restore/restore.c
index c26cf561..f6218fe6 100644
--- a/src/daemon/modules/container/restore/restore.c
+++ b/src/daemon/modules/container/restore/restore.c
@@ -16,15 +16,18 @@
#include <stdio.h>
#include <unistd.h>
#include <limits.h>
-#include <isula_libutils/container_config_v2.h>
-#include <isula_libutils/host_config.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
+#include <isula_libutils/container_config_v2.h>
+#include <isula_libutils/host_config.h>
+#include <isula_libutils/log.h>
+#include <isula_libutils/auto_cleanup.h>
+
#include "isulad_config.h"
-#include "isula_libutils/log.h"
+
#include "container_api.h"
#include "supervisor.h"
#include "containers_gc.h"
@@ -276,9 +279,22 @@ static void restore_state(container_t *cont)
#endif
nret = runtime_status(id, runtime, &params, &real_status);
if (nret != 0) {
- WARN("Failed to restore container %s, make real status to STOPPED. Due to can not load container with status %d",
- id, status);
- real_status.status = RUNTIME_CONTAINER_STATUS_STOPPED;
+ bool rebuild_config = (real_status.error_code == INVALID_CONFIG_ERR_CODE);
+ int tempret = -1;
+ // only the lcr container with a damaged config file will rebuild the config
+ if (rebuild_config) {
+ rt_rebuild_config_params_t rebuild_params = { 0 };
+ rebuild_params.rootpath = cont->root_path;
+ nret = runtime_rebuild_config(id, runtime, &rebuild_params);
+ EVENT("Rebuild config for container: %s, result : %d", id, nret);
+ if (nret == 0) {
+ tempret = runtime_status(id, runtime, &params, &real_status);
+ }
+ }
+ if (tempret != 0) {
+ WARN("Failed to restore container %s, make real status to STOPPED. Due to cannot load container with status %d", id, status);
+ real_status.status = RUNTIME_CONTAINER_STATUS_STOPPED;
+ }
}
if (real_status.status == RUNTIME_CONTAINER_STATUS_STOPPED) {
diff --git a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
index f61316d0..2f42909b 100644
--- a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
+++ b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
@@ -16,15 +16,18 @@
#include <stdio.h>
#include <limits.h>
#include <errno.h>
-#include <isula_libutils/defs.h>
-#include <isula_libutils/host_config.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include <strings.h>
+#include <isula_libutils/log.h>
+#include <isula_libutils/defs.h>
+#include <isula_libutils/host_config.h>
+#include <isula_libutils/auto_cleanup.h>
+#include <isula_libutils/oci_runtime_spec.h>
+
#include "lcr_rt_ops.h"
-#include "isula_libutils/log.h"
#include "engine.h"
#include "error.h"
#include "isulad_config.h"
@@ -32,6 +35,8 @@
#include "runtime_api.h"
#include "utils_file.h"
+#define LCR_CONFIG_FILE "config"
+
bool rt_lcr_detect(const char *runtime)
{
/* now we just support lcr engine */
@@ -276,6 +281,17 @@ int rt_lcr_status(const char *name, const char *runtime, const rt_status_params_
nret = engine_ops->engine_get_container_status_op(name, params->rootpath, status);
if (nret != 0) {
ret = -1;
+ const char *tmpmsg = NULL;
+ if (engine_ops->engine_get_errmsg_op != NULL) {
+ tmpmsg = engine_ops->engine_get_errmsg_op();
+ }
+ if (tmpmsg != NULL && strstr(tmpmsg, "Failed to load config") != NULL) {
+ status->error_code = INVALID_CONFIG_ERR_CODE;
+ }
+ isulad_set_error_message("Runtime state container error: %s",
+ (tmpmsg != NULL && strcmp(tmpmsg, DEF_SUCCESS_STR)) != 0 ? tmpmsg : DEF_ERR_RUNTIME_STR);
+ ERROR("Runtime state container error: %s",
+ (tmpmsg != NULL && strcmp(tmpmsg, DEF_SUCCESS_STR)) != 0 ? tmpmsg : DEF_ERR_RUNTIME_STR);
goto out;
}
@@ -756,3 +772,80 @@ int rt_lcr_kill(const char *id, const char *runtime, const rt_kill_params_t *par
return 0;
}
+
+int rt_lcr_rebuild_config(const char *name, const char *runtime, const rt_rebuild_config_params_t *params)
+{
+ int ret = -1;
+ int nret = 0;
+ char config_file[PATH_MAX] = { 0 };
+ char bak_config_file[PATH_MAX] = { 0 };
+ char oci_config_file[PATH_MAX] = { 0 };
+ struct engine_operation *engine_ops = NULL;
+ oci_runtime_spec *oci_spec = NULL;
+ __isula_auto_free char *json_container = NULL;
+ __isula_auto_free parser_error err = NULL;
+
+ engine_ops = engines_get_handler(runtime);
+ if (engine_ops == NULL || engine_ops->engine_create_op == NULL) {
+ ERROR("Failed to get engine rebuild config operations");
+ return -1;
+ }
+
+ nret = snprintf(config_file, PATH_MAX, "%s/%s/%s", params->rootpath, name, LCR_CONFIG_FILE);
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
+ ERROR("Failed to snprintf config file for container %s", name);
+ return -1;
+ }
+
+ nret = snprintf(bak_config_file, PATH_MAX, "%s/%s/%s", params->rootpath, name, ".tmp_config_bak");
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
+ ERROR("Failed to snprintf bak config file for container %s", name);
+ return -1;
+ }
+
+ nret = snprintf(oci_config_file, sizeof(oci_config_file), "%s/%s/%s", params->rootpath, name, OCI_CONFIG_JSON);
+ if (nret < 0 || (size_t)nret >= sizeof(oci_config_file)) {
+ ERROR("Failed to snprintf for config json");
+ return -1;
+ }
+
+ oci_spec = oci_runtime_spec_parse_file(oci_config_file, NULL, &err);
+ if (oci_spec == NULL) {
+ ERROR("Failed to parse oci config file:%s", err);
+ return -1;
+ }
+
+ // delete the bak config file to prevent the remnants of the previous bak file
+ if (util_fileself_exists(bak_config_file) && util_path_remove(bak_config_file) != 0) {
+ ERROR("Failed to remove bak_config_file for container: %s", name);
+ goto out;
+ }
+
+ if (util_fileself_exists(config_file) && rename(config_file, bak_config_file) != 0) {
+ ERROR("Failed to backup old config for container: %s", name);
+ goto out;
+ }
+
+ nret = engine_ops->engine_create_op(name, params->rootpath, (void *)oci_spec);
+ if (nret != 0) {
+ // delete the invalid config file to prevent rename failed
+ if (util_fileself_exists(config_file) && util_path_remove(config_file) != 0) {
+ WARN("Failed to remove bak_config_file for container %s", name);
+ }
+ if (util_fileself_exists(bak_config_file) && rename(bak_config_file, config_file) != 0) {
+ WARN("Failed to rename backup old config to config for container %s", name);
+ }
+ }
+
+ ret = 0;
+
+out:
+ if (engine_ops != NULL && engine_ops->engine_clear_errmsg_op != NULL) {
+ engine_ops->engine_clear_errmsg_op();
+ }
+ if (util_fileself_exists(bak_config_file) && util_path_remove(bak_config_file) != 0) {
+ WARN("Failed to remove bak_config_file for %s", name);
+ }
+ free_oci_runtime_spec(oci_spec);
+ return ret;
+}
diff --git a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.h b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.h
index 5b74ad6c..7403544d 100644
--- a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.h
+++ b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.h
@@ -47,6 +47,7 @@ int rt_lcr_resources_stats(const char *name, const char *runtime, const rt_stats
int rt_lcr_resize(const char *id, const char *runtime, const rt_resize_params_t *params);
int rt_lcr_exec_resize(const char *id, const char *runtime, const rt_exec_resize_params_t *params);
int rt_lcr_kill(const char *id, const char *runtime, const rt_kill_params_t *params);
+int rt_lcr_rebuild_config(const char *name, const char *runtime, const rt_rebuild_config_params_t *params);
#ifdef __cplusplus
}
#endif
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index 1787170b..83214c1a 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -2013,3 +2013,9 @@ int rt_isula_kill(const char *id, const char *runtime, const rt_kill_params_t *p
return 0;
}
+
+// the config file of oci runtime is config.json. If it is damaged, it cannot be rebuilt.
+int rt_isula_rebuild_config(const char *name, const char *runtime, const rt_rebuild_config_params_t *params)
+{
+ return 0;
+}
\ No newline at end of file
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.h b/src/daemon/modules/runtime/isula/isula_rt_ops.h
index 49b6cc0e..1e5e049a 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.h
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.h
@@ -46,6 +46,7 @@ int rt_isula_resources_stats(const char *name, const char *runtime, const rt_sta
int rt_isula_resize(const char *id, const char *runtime, const rt_resize_params_t *params);
int rt_isula_exec_resize(const char *id, const char *runtime, const rt_exec_resize_params_t *params);
int rt_isula_kill(const char *id, const char *runtime, const rt_kill_params_t *params);
+int rt_isula_rebuild_config(const char *name, const char *runtime, const rt_rebuild_config_params_t *params);
#ifdef __cplusplus
}
diff --git a/src/daemon/modules/runtime/runtime.c b/src/daemon/modules/runtime/runtime.c
index cb383970..d9a332af 100644
--- a/src/daemon/modules/runtime/runtime.c
+++ b/src/daemon/modules/runtime/runtime.c
@@ -45,6 +45,7 @@ static const struct rt_ops g_lcr_rt_ops = {
.rt_resize = rt_lcr_resize,
.rt_exec_resize = rt_lcr_exec_resize,
.rt_kill = rt_lcr_kill,
+ .rt_rebuild_config = rt_lcr_rebuild_config,
};
static const struct rt_ops g_isula_rt_ops = {
@@ -65,6 +66,7 @@ static const struct rt_ops g_isula_rt_ops = {
.rt_resize = rt_isula_resize,
.rt_exec_resize = rt_isula_exec_resize,
.rt_kill = rt_isula_kill,
+ .rt_rebuild_config = rt_isula_rebuild_config,
};
#ifdef ENABLE_SHIM_V2
@@ -86,6 +88,7 @@ static const struct rt_ops g_shim_rt_ops = {
.rt_resize = rt_shim_resize,
.rt_exec_resize = rt_shim_exec_resize,
.rt_kill = rt_shim_kill,
+ .rt_rebuild_config = rt_shim_rebuild_config,
};
#endif
@@ -465,6 +468,27 @@ out:
return ret;
}
+int runtime_rebuild_config(const char *name, const char *runtime, const rt_rebuild_config_params_t *params)
+{
+ int ret = 0;
+ const struct rt_ops *ops = NULL;
+
+ if (name == NULL || runtime == NULL || params == NULL) {
+ ERROR("Invalid arguments for runtime rebuild config");
+ return -1;
+ }
+
+ ops = rt_ops_query(runtime);
+ if (ops == NULL) {
+ ERROR("Failed to get runtime ops");
+ return -1;
+ }
+
+ ret = ops->rt_rebuild_config(name, runtime, params);
+
+ return ret;
+}
+
int runtime_resize(const char *name, const char *runtime, const rt_resize_params_t *params)
{
int ret = 0;
diff --git a/src/daemon/modules/runtime/shim/shim_rt_ops.c b/src/daemon/modules/runtime/shim/shim_rt_ops.c
index 550b17f3..56fc43c2 100644
--- a/src/daemon/modules/runtime/shim/shim_rt_ops.c
+++ b/src/daemon/modules/runtime/shim/shim_rt_ops.c
@@ -805,3 +805,9 @@ int rt_shim_kill(const char *id, const char *runtime, const rt_kill_params_t *pa
return 0;
}
+
+// the config file of oci runtime is config.json. If it is damaged, it cannot be rebuilt.
+int rt_shim_rebuild_config(const char *name, const char *runtime, const rt_rebuild_config_params_t *params)
+{
+ return 0;
+}
\ No newline at end of file
diff --git a/src/daemon/modules/runtime/shim/shim_rt_ops.h b/src/daemon/modules/runtime/shim/shim_rt_ops.h
index 03b7c018..2df34f4c 100644
--- a/src/daemon/modules/runtime/shim/shim_rt_ops.h
+++ b/src/daemon/modules/runtime/shim/shim_rt_ops.h
@@ -62,6 +62,8 @@ int rt_shim_exec_resize(const char *id, const char *runtime, const rt_exec_resiz
bool is_valid_v2_runtime(const char* name);
+int rt_shim_rebuild_config(const char *name, const char *runtime, const rt_rebuild_config_params_t *params);
+
#ifdef __cplusplus
}
#endif
--
2.42.0

39
0020-2253-bugfix-for-runc-container-exec.patch
View File

@ -1,39 +0,0 @@
From 6b636051af158fac017998732d7d121b8ea71081 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 20 Nov 2023 12:59:09 +0000
Subject: [PATCH 20/64] !2253 bugfix for runc container exec * bugfix for runc
container exec
---
src/daemon/modules/runtime/isula/isula_rt_ops.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index 83214c1a..e61d1f91 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -1386,17 +1386,16 @@ int rt_isula_exec(const char *id, const char *runtime, const rt_exec_params_t *p
}
ret = shim_create(fg_exec(params), id, workdir, bundle, cmd, exit_code, timeout, &shim_exit_code);
- if (ret != 0) {
- ERROR("%s: failed create shim process for exec %s", id, exec_id);
- goto errlog_out;
- }
-
if (shim_exit_code == SHIM_EXIT_TIMEOUT) {
ret = -1;
isulad_set_error_message("Exec container error;exec timeout");
ERROR("isulad-shim %d exit for execing timeout", pid);
goto errlog_out;
}
+ if (ret != 0) {
+ ERROR("%s: failed create shim process for exec %s", id, exec_id);
+ goto errlog_out;
+ }
pid = get_container_process_pid(workdir);
if (pid < 0) {
--
2.42.0

58
0021-bugfix-of-update-restart-policy-for-auto-remove-cont.patch
View File

@ -1,58 +0,0 @@
From ea51fa836464660fcca245e7e36a2b4cdf1e5997 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Tue, 21 Nov 2023 10:23:26 +0800
Subject: [PATCH 21/64] bugfix of update restart policy for auto remove
container
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
.../executor/container_cb/execution_extend.c | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/src/daemon/executor/container_cb/execution_extend.c b/src/daemon/executor/container_cb/execution_extend.c
index 6759a4fc..de017b4e 100644
--- a/src/daemon/executor/container_cb/execution_extend.c
+++ b/src/daemon/executor/container_cb/execution_extend.c
@@ -1113,15 +1113,14 @@ static int update_host_config_check(container_t *cont, host_config *hostconfig)
ret = verify_host_config_settings(hostconfig, true);
if (ret != 0) {
- goto out;
+ return -1;
}
if (container_is_removal_in_progress(cont->state) || container_is_dead(cont->state)) {
ERROR("Container is marked for removal and cannot be \"update\".");
isulad_set_error_message(
"Cannot update container %s: Container is marked for removal and cannot be \"update\".", id);
- ret = -1;
- goto out;
+ return -1;
}
if (container_is_running(cont->state) && hostconfig->kernel_memory) {
@@ -1129,12 +1128,17 @@ static int update_host_config_check(container_t *cont, host_config *hostconfig)
isulad_set_error_message("Cannot update container %s: Can not update kernel memory to a running container,"
" please stop it first.",
id);
- ret = -1;
- goto out;
+ return -1;
}
-out:
- return ret;
+ if (cont->hostconfig->auto_remove && hostconfig->restart_policy != NULL &&
+ hostconfig->restart_policy->name != NULL && strcmp("no", hostconfig->restart_policy->name) != 0) {
+ ERROR("Cannot update restart policy for the auto remove container %s", id);
+ isulad_set_error_message("Cannot update restart policy for the auto remove container %s", id);
+ return -1;
+ }
+
+ return 0;
}
static int do_update_resources(const container_update_request *request, container_t *cont)
--
2.42.0

57
0022-add-update-restart-policy-test.patch
View File

@ -1,57 +0,0 @@
From 6815aec33caedaacba3b392ee5a2e5088fdf1faa Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Tue, 21 Nov 2023 10:24:26 +0800
Subject: [PATCH 22/64] add update restart policy test
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
CI/test_cases/container_cases/update.sh | 26 +++++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/CI/test_cases/container_cases/update.sh b/CI/test_cases/container_cases/update.sh
index d379acc2..29543e7c 100755
--- a/CI/test_cases/container_cases/update.sh
+++ b/CI/test_cases/container_cases/update.sh
@@ -138,6 +138,27 @@ function do_test_t()
return $TC_RET_T
}
+function test_autoremove_restartpolicy()
+{
+ containername=test_update2
+ containerid=`isula run -itd --runtime $1 --rm --name $containername busybox`
+ fn_check_eq "$?" "0" "run failed"
+
+ isula update --restart always $containerid
+ fn_check_ne "$?" "0" "update should fail"
+
+ isula update --restart nooooooooooo $containerid
+ fn_check_ne "$?" "0" "update should fail"
+
+ isula update --restart no $containerid
+ fn_check_eq "$?" "0" "update restart policy no failed"
+
+ isula rm -f $containername
+ fn_check_eq "$?" "0" "rm failed"
+
+ return $TC_RET_T
+}
+
function do_test_t1()
{
containername=test_update1
@@ -173,6 +194,11 @@ do
let "ret=$ret + 1"
fi
+ test_autoremove_restartpolicy $element
+ if [ $? -ne 0 ];then
+ let "ret=$ret + 1"
+ fi
+
if [ -f "/sys/fs/cgroup/memory/memory.memsw.usage_in_bytes" ];then
do_test_t1 $element
if [ $? -ne 0 ];then
--
2.42.0

73
0023-2260-bugfix-for-rebuild-config.patch
View File

@ -1,73 +0,0 @@
From f08072a865fcf6191d65e7c01e11b99049758c57 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 21 Nov 2023 03:27:31 +0000
Subject: [PATCH 23/64] !2260 bugfix for rebuild config * bugfix for rebuild
config
---
src/daemon/modules/container/restore/restore.c | 1 -
src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c | 5 +----
src/daemon/modules/runtime/runtime.c | 5 +----
3 files changed, 2 insertions(+), 9 deletions(-)
diff --git a/src/daemon/modules/container/restore/restore.c b/src/daemon/modules/container/restore/restore.c
index f6218fe6..a60b1410 100644
--- a/src/daemon/modules/container/restore/restore.c
+++ b/src/daemon/modules/container/restore/restore.c
@@ -24,7 +24,6 @@
#include <isula_libutils/container_config_v2.h>
#include <isula_libutils/host_config.h>
#include <isula_libutils/log.h>
-#include <isula_libutils/auto_cleanup.h>
#include "isulad_config.h"
diff --git a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
index 2f42909b..8f7211d7 100644
--- a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
+++ b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
@@ -782,7 +782,6 @@ int rt_lcr_rebuild_config(const char *name, const char *runtime, const rt_rebuil
char oci_config_file[PATH_MAX] = { 0 };
struct engine_operation *engine_ops = NULL;
oci_runtime_spec *oci_spec = NULL;
- __isula_auto_free char *json_container = NULL;
__isula_auto_free parser_error err = NULL;
engine_ops = engines_get_handler(runtime);
@@ -836,9 +835,7 @@ int rt_lcr_rebuild_config(const char *name, const char *runtime, const rt_rebuil
WARN("Failed to rename backup old config to config for container %s", name);
}
}
-
- ret = 0;
-
+ ret = nret != 0 ? -1 : 0;
out:
if (engine_ops != NULL && engine_ops->engine_clear_errmsg_op != NULL) {
engine_ops->engine_clear_errmsg_op();
diff --git a/src/daemon/modules/runtime/runtime.c b/src/daemon/modules/runtime/runtime.c
index d9a332af..4a239f0a 100644
--- a/src/daemon/modules/runtime/runtime.c
+++ b/src/daemon/modules/runtime/runtime.c
@@ -470,7 +470,6 @@ out:
int runtime_rebuild_config(const char *name, const char *runtime, const rt_rebuild_config_params_t *params)
{
- int ret = 0;
const struct rt_ops *ops = NULL;
if (name == NULL || runtime == NULL || params == NULL) {
@@ -484,9 +483,7 @@ int runtime_rebuild_config(const char *name, const char *runtime, const rt_rebui
return -1;
}
- ret = ops->rt_rebuild_config(name, runtime, params);
-
- return ret;
+ return ops->rt_rebuild_config(name, runtime, params);
}
int runtime_resize(const char *name, const char *runtime, const rt_resize_params_t *params)
--
2.42.0

1815
0024-2170-isula-image-pull.patch
View File

File diff suppressed because it is too large Load Diff

84
0025-2084-image-pull.patch
View File

@ -1,84 +0,0 @@
From 79384f7b0ac7319120d1f677323c43069742a354 Mon Sep 17 00:00:00 2001
From: sailorvii <chenw66@chinaunicom.cn>
Date: Wed, 22 Nov 2023 01:22:42 +0000
Subject: [PATCH 25/64] =?UTF-8?q?!2084=20=E5=A2=9E=E5=8A=A0image=20pull=20?=
=?UTF-8?q?=E6=97=B6=E8=BF=9B=E5=BA=A6=E6=9D=A1=E6=98=BE=E7=A4=BA=E7=9A=84?=
=?UTF-8?q?=E8=AE=BE=E8=AE=A1=20*=20Refine=20document=20by=20the=20impleme?=
=?UTF-8?q?ntation.=20*=20Refine=20a=20word.=20*=20Add=20progress=20bard?=
=?UTF-8?q?=20proposal.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
docs/design/detailed/Misc/progressBar.md | 58 ++++++++++++++++++++++++
1 file changed, 58 insertions(+)
create mode 100644 docs/design/detailed/Misc/progressBar.md
diff --git a/docs/design/detailed/Misc/progressBar.md b/docs/design/detailed/Misc/progressBar.md
new file mode 100644
index 00000000..3cf733a6
--- /dev/null
+++ b/docs/design/detailed/Misc/progressBar.md
@@ -0,0 +1,58 @@
+# 方案目标
+在Image pull过程中显示多个layer下载的进度。
+
+之前的grpc pull和cri pull共用了接口需要新增grpc pull接口该接口类型为stream带progress status。
+重写函数oci_do_pull_image底层函数pull_image复用。
+在结构体registry_pull_options增加map。
+
+# 限制
+1. 每一个connection只做一件事否则progress store会混乱。
+2. 这个功能只为grpc 连接服务。
+
+# 总体设计
+## 主要功能模块
+### Progress status store
+每次pull命令或者行为为一个connection。每个image会按照layer来下载。所以我们建立了一个status map。 map的key为Layer ID内容结构体定义如下:
+
+```
+struct progress_status {
+ // Layer ID
+ char ID[13];
+
+ // total is the end value describing when we made 100% progress for an operation. Unit is Byte.
+ int64 total;
+
+ // current is the current value for the operation. Unit is Byte.
+ int64 current;
+}
+```
+
+#### API
+```
+progress_status_map *progress_status_map_new();
+
+bool progress_status_map_insert(progress_status_map *progress_status_map, char *key, progress *value);
+
+```
+
+### Client Progress 显示
+在client每次读到消息时获取当前窗口宽度(termios.h: tcgetattr)如果宽度小于110字符则压缩显示(已下载/全部字节),如果不是,则显示进度条。
+当第一次收到时计算需要显示的任务数task number每个任务显示一行。
+当更新状态时将光标回退task number行清除该行打印完一行将光标移到下一行清除该行并打印新的进度重复上述步骤直至所有任务打印完成。
+
+## 主要流程
+### 下载任务获取下载状态
+在结构体pull_descriptor新增*progress_status_store 传递write_progress_status的map *。
+
+在http_request中修改原来的桩函数xfer这个函数将实时采集curl pull的状态如当前下载的字节数总的字节数。
+
+
+### server获取下载状态并传递给client
+新增函数int ImagesServiceImpl::PullImage函数Response参数为stream每隔100ms读取progress status map并序列化为json message写入response stream。
+```
+Status ImagesServiceImpl::PullImage(ServerContext *context, const PullImageRequest *request,
+ ServerWriter<PullImageResponse> *writer)
+```
+
+### client收取状态并显示
+修改原来的grpc_images_client中ImagesPull函数。阻塞式读取response stream 流不为空则一直读取并打印显示每个progress status。
--
2.42.0

39
0026-CI-add-ncurse-for-ubuntu-and-centos.patch
View File

@ -1,39 +0,0 @@
From c87ecc7f26a0a0034a8bf49691f572fe1d4fed29 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Wed, 22 Nov 2023 15:00:24 +0800
Subject: [PATCH 26/64] [CI] add ncurse for ubuntu and centos
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
CI/dockerfiles/Dockerfile-centos | 2 ++
CI/dockerfiles/Dockerfile-ubuntu | 2 +-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/CI/dockerfiles/Dockerfile-centos b/CI/dockerfiles/Dockerfile-centos
index 7250b7bd..1d76b4ec 100644
--- a/CI/dockerfiles/Dockerfile-centos
+++ b/CI/dockerfiles/Dockerfile-centos
@@ -299,5 +299,7 @@ RUN export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH && \
make install && \
ldconfig
+RUN dnf install -y ncurses-devel && dnf clean all
+
VOLUME [ "/sys/fs/cgroup" ]
CMD ["/usr/sbin/init"]
diff --git a/CI/dockerfiles/Dockerfile-ubuntu b/CI/dockerfiles/Dockerfile-ubuntu
index f84ae0a7..2441a7ce 100644
--- a/CI/dockerfiles/Dockerfile-ubuntu
+++ b/CI/dockerfiles/Dockerfile-ubuntu
@@ -84,7 +84,7 @@ RUN apt update -y && apt upgrade -y && \
patch \
tcpdump
-RUN apt autoremove -y
+RUN apt install -y libncurses-dev && apt autoremove -y
RUN pip3 install meson ninja
RUN echo "export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH" >> /etc/bashrc && \
--
2.42.0

631
0027-improve-code-of-pull-progress.patch
View File

@ -1,631 +0,0 @@
From 78304f7ad584517e02125c928e976f34aaf859f8 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Wed, 22 Nov 2023 15:00:43 +0800
Subject: [PATCH 27/64] improve code of pull progress
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
src/client/connect/CMakeLists.txt | 7 +-
src/client/connect/grpc/grpc_images_client.cc | 48 ++----
.../connect/grpc/grpc_volumes_client.cc | 1 -
src/daemon/common/events_format.h | 2 +
.../v1/v1_cri_image_manager_service_impl.cc | 2 -
.../v1alpha/cri_image_manager_service_impl.cc | 2 -
src/daemon/executor/image_cb/image_cb.c | 2 +
src/daemon/modules/api/event_type.h | 4 +-
src/daemon/modules/events/collector.c | 4 +-
src/daemon/modules/image/image.c | 2 +-
src/daemon/modules/image/oci/oci_pull.c | 146 ++++++++++--------
src/daemon/modules/image/oci/progress.c | 28 +++-
src/daemon/modules/image/oci/progress.h | 6 +-
.../modules/image/oci/registry/http_request.c | 28 +---
.../oci/storage/image_store/image_store.c | 2 +-
.../graphdriver/overlay2/driver_overlay2.c | 2 +-
.../modules/image/oci/storage/storage.c | 5 +-
17 files changed, 137 insertions(+), 154 deletions(-)
diff --git a/src/client/connect/CMakeLists.txt b/src/client/connect/CMakeLists.txt
index 00ba2f68..d4ce6c9c 100644
--- a/src/client/connect/CMakeLists.txt
+++ b/src/client/connect/CMakeLists.txt
@@ -12,10 +12,7 @@ if (GRPC_CONNECTOR)
aux_source_directory(${CMAKE_BINARY_DIR}/grpc/src/api/services/containers CONNECT_API_CONTAINERS)
aux_source_directory(${CMAKE_BINARY_DIR}/grpc/src/api/services/images CONNECT_API_IMAGES)
aux_source_directory(${CMAKE_BINARY_DIR}/grpc/src/api/services/volumes CONNECT_API_VOLUMES)
- # TODO: current isula pull use CRI pullImage API, we should remove this dependence
- aux_source_directory(${CMAKE_BINARY_DIR}/grpc/src/api/services/cri CONNECT_API_CRI)
- aux_source_directory(${CMAKE_BINARY_DIR}/grpc/src/api/services/cri/v1alpha CONNECT_API_CRI_ALPHAS)
- set(CONNECT_API ${CONNECT_API_VOLUMES} ${CONNECT_API_CONTAINERS} ${CONNECT_API_IMAGES} ${CONNECT_API_CRI_ALPHAS} ${CONNECT_API_CRI})
+ set(CONNECT_API ${CONNECT_API_VOLUMES} ${CONNECT_API_CONTAINERS} ${CONNECT_API_IMAGES})
list(APPEND local_client_connect_srcs ${CONNECT_API})
list(APPEND local_client_connect_incs ${CMAKE_CURRENT_SOURCE_DIR}/grpc)
@@ -23,8 +20,6 @@ if (GRPC_CONNECTOR)
${CMAKE_BINARY_DIR}/grpc/src/api/services/volumes
${CMAKE_BINARY_DIR}/grpc/src/api/services/containers
${CMAKE_BINARY_DIR}/grpc/src/api/services/images
- ${CMAKE_BINARY_DIR}/grpc/src/api/services/cri
- ${CMAKE_BINARY_DIR}/grpc/src/api/services/cri/v1alpha
)
if(ENABLE_NATIVE_NETWORK)
diff --git a/src/client/connect/grpc/grpc_images_client.cc b/src/client/connect/grpc/grpc_images_client.cc
index 7a283e8c..7fd36cc1 100644
--- a/src/client/connect/grpc/grpc_images_client.cc
+++ b/src/client/connect/grpc/grpc_images_client.cc
@@ -390,50 +390,20 @@ public:
return 0;
}
- auto run(const struct isula_pull_request *request, struct isula_pull_response *response) -> int override
- {
- ClientContext context;
- PullImageRequest grequest;
-
-#ifdef ENABLE_GRPC_REMOTE_CONNECT
-#ifdef OPENSSL_VERIFY
- // Set common name from cert.perm
- char common_name_value[ClientBaseConstants::COMMON_NAME_LEN] = { 0 };
- int ret = get_common_name_from_tls_cert(m_certFile.c_str(), common_name_value,
- ClientBaseConstants::COMMON_NAME_LEN);
- if (ret != 0) {
- ERROR("Failed to get common name in: %s", m_certFile.c_str());
- return -1;
- }
- context.AddMetadata("username", std::string(common_name_value, strlen(common_name_value)));
- context.AddMetadata("tls_mode", m_tlsMode);
-#endif
-#endif
- if (request_to_grpc(request, &grequest) != 0) {
- ERROR("Failed to transform pull request to grpc");
- response->server_errono = ISULAD_ERR_INPUT;
- return -1;
- }
-
- auto reader = stub_->PullImage(&context, grequest);
+ auto grpc_call(ClientContext *context, const PullImageRequest &req, PullImageResponse *reply) -> Status override
+ {
+ auto reader = stub_->PullImage(context, req);
- PullImageResponse gresponse;
- if (grequest.is_progress_visible()) {
- while (reader->Read(&gresponse)) {
- output_progress(gresponse);
+ if (req.is_progress_visible()) {
+ while (reader->Read(reply)) {
+ output_progress(*reply);
}
} else {
- reader->Read(&gresponse);
+ reader->Read(reply);
WARN("The terminal may not support ANSI Escape code. Display is skipped");
}
- Status status = reader->Finish();
- if (!status.ok()) {
- ERROR("Error code: %d: %s", status.error_code(), status.error_message().c_str());
- unpackStatus(status, response);
- return -1;
- }
- response->image_ref = util_strdup_s(gresponse.image_ref().c_str());
- return 0;
+
+ return reader->Finish();
}
private:
diff --git a/src/client/connect/grpc/grpc_volumes_client.cc b/src/client/connect/grpc/grpc_volumes_client.cc
index 32b83a9e..5fe8ed5e 100644
--- a/src/client/connect/grpc/grpc_volumes_client.cc
+++ b/src/client/connect/grpc/grpc_volumes_client.cc
@@ -16,7 +16,6 @@
#include <string>
-#include "api.grpc.pb.h"
#include "client_base.h"
#include "volumes.grpc.pb.h"
#include "utils.h"
diff --git a/src/daemon/common/events_format.h b/src/daemon/common/events_format.h
index 7e97b2c5..6b8fcfd5 100644
--- a/src/daemon/common/events_format.h
+++ b/src/daemon/common/events_format.h
@@ -64,6 +64,8 @@ typedef enum {
EVENTS_TYPE_IMAGE_PULL,
EVENTS_TYPE_IMAGE_LOGIN,
EVENTS_TYPE_IMAGE_LOGOUT,
+ EVENTS_TYPE_IMAGE_IMPORT,
+ EVENTS_TYPE_IMAGE_TAG,
EVENTS_TYPE_IMAGE_MAX_STATE
} image_events_type_t;
diff --git a/src/daemon/entry/cri/v1/v1_cri_image_manager_service_impl.cc b/src/daemon/entry/cri/v1/v1_cri_image_manager_service_impl.cc
index b9cbf24c..066eed5e 100644
--- a/src/daemon/entry/cri/v1/v1_cri_image_manager_service_impl.cc
+++ b/src/daemon/entry/cri/v1/v1_cri_image_manager_service_impl.cc
@@ -25,7 +25,6 @@
#include "v1_cri_helpers.h"
#include "err_msg.h"
-#include "events_sender_api.h"
#include "isula_libutils/log.h"
#include "service_image_api.h"
#include "utils.h"
@@ -277,7 +276,6 @@ auto ImageManagerServiceImpl::PullImage(const runtime::v1::ImageSpec &image,
if (response->image_ref != nullptr) {
out_str = response->image_ref;
}
- (void)isulad_monitor_send_image_event(request->image, IM_PULL);
cleanup:
DAEMON_CLEAR_ERRMSG();
diff --git a/src/daemon/entry/cri/v1alpha/cri_image_manager_service_impl.cc b/src/daemon/entry/cri/v1alpha/cri_image_manager_service_impl.cc
index 0b36f007..9015df26 100644
--- a/src/daemon/entry/cri/v1alpha/cri_image_manager_service_impl.cc
+++ b/src/daemon/entry/cri/v1alpha/cri_image_manager_service_impl.cc
@@ -25,7 +25,6 @@
#include "cri_helpers.h"
#include "err_msg.h"
-#include "events_sender_api.h"
#include "isula_libutils/log.h"
#include "service_image_api.h"
#include "utils.h"
@@ -277,7 +276,6 @@ auto ImageManagerServiceImpl::PullImage(const runtime::v1alpha2::ImageSpec &imag
if (response->image_ref != nullptr) {
out_str = response->image_ref;
}
- (void)isulad_monitor_send_image_event(request->image, IM_PULL);
cleanup:
DAEMON_CLEAR_ERRMSG();
diff --git a/src/daemon/executor/image_cb/image_cb.c b/src/daemon/executor/image_cb/image_cb.c
index 317cb0a8..60899f2b 100644
--- a/src/daemon/executor/image_cb/image_cb.c
+++ b/src/daemon/executor/image_cb/image_cb.c
@@ -519,6 +519,7 @@ static int image_tag_cb(const image_tag_image_request *request, image_tag_image_
}
EVENT("Image Event: {Object: %s, Type: Tagged}", request->src_name);
+ (void)isulad_monitor_send_image_event(request->src_name, IM_TAG);
out:
if (*response != NULL) {
@@ -997,6 +998,7 @@ static int image_pull_cb(const image_pull_image_request *request, stream_func_wr
}
EVENT("Image Event: {Object: %s, Type: Pulled}", request->image_name);
+ (void)isulad_monitor_send_image_event(request->image_name, IM_PULL);
out:
(*response)->cc = cc;
diff --git a/src/daemon/modules/api/event_type.h b/src/daemon/modules/api/event_type.h
index c3c7951b..4f2aaf28 100644
--- a/src/daemon/modules/api/event_type.h
+++ b/src/daemon/modules/api/event_type.h
@@ -54,7 +54,9 @@ typedef enum {
MAX_STATE,
} runtime_state_t;
-typedef enum { IM_LOAD, IM_REMOVE, IM_PULL, IM_LOGIN, IM_LOGOUT, IM_IMPORT } image_state_t;
+// relate to g_isulad_image_event_strtype and image_events_type_t
+// we should keep them consistent
+typedef enum { IM_LOAD, IM_REMOVE, IM_PULL, IM_LOGIN, IM_LOGOUT, IM_IMPORT, IM_TAG } image_state_t;
typedef enum { CONTAINER_EVENT, IMAGE_EVENT } msg_event_type_t;
typedef enum { MONITORD_MSG_STATE, MONITORD_MSG_PRIORITY, MONITORD_MSG_EXIT_CODE } msg_type_t;
diff --git a/src/daemon/modules/events/collector.c b/src/daemon/modules/events/collector.c
index b82ede81..36aa9299 100644
--- a/src/daemon/modules/events/collector.c
+++ b/src/daemon/modules/events/collector.c
@@ -157,11 +157,11 @@ static const char *isulad_event_sta2str(container_events_type_t sta)
return g_isulad_event_strtype[sta];
}
-static const char * const g_isulad_image_event_strtype[] = { "load", "remove", "pull", "login", "logout" };
+static const char * const g_isulad_image_event_strtype[] = { "load", "remove", "pull", "login", "logout", "import", "tag" };
static const char *isulad_image_event_sta2str(image_events_type_t sta)
{
- if (sta > EVENTS_TYPE_IMAGE_LOGOUT) {
+ if (sta >= EVENTS_TYPE_IMAGE_MAX_STATE) {
return NULL;
}
diff --git a/src/daemon/modules/image/image.c b/src/daemon/modules/image/image.c
index 8d7e2c1a..4a1950fe 100644
--- a/src/daemon/modules/image/image.c
+++ b/src/daemon/modules/image/image.c
@@ -784,7 +784,7 @@ int im_merge_image_config(const char *image_type, const char *image_name, contai
int ret = 0;
struct bim *bim = NULL;
- // there is no need to judge the image name as empty,
+ // there is no need to judge the image name as empty,
// because the image name of external type allows it to be empty.
if (container_spec == NULL || image_type == NULL) {
ERROR("Invalid input arguments");
diff --git a/src/daemon/modules/image/oci/oci_pull.c b/src/daemon/modules/image/oci/oci_pull.c
index 2706af91..9ad875a5 100644
--- a/src/daemon/modules/image/oci/oci_pull.c
+++ b/src/daemon/modules/image/oci/oci_pull.c
@@ -75,7 +75,8 @@ out:
return ret;
}
-static void update_option_insecure_registry(registry_pull_options *options, char **insecure_registries, const char *host)
+static void update_option_insecure_registry(registry_pull_options *options, char **insecure_registries,
+ const char *host)
{
char **registry = NULL;
@@ -188,83 +189,95 @@ typedef struct status_arg {
stream_func_wrapper *stream;
} status_arg;
+static int do_get_progress_from_store(progress_status_map *status_store, image_progress *result)
+{
+ int i = 0;
+ size_t progress_size = progress_status_map_size(status_store);
+
+ result->progresses = util_smart_calloc_s(sizeof(image_progress_progresses_element *), progress_size);
+ if (result->progresses == NULL) {
+ ERROR("Out of memory");
+ return -1;
+ }
+
+ if (!progress_status_map_lock(status_store)) {
+ WARN("Cannot itorate progress status map for locking failed");
+ // ignore lock error, retry lock after delay.
+ return 0;
+ }
+
+ map_itor *itor = map_itor_new(status_store->map);
+ for (i = 0; map_itor_valid(itor) && i < progress_size; map_itor_next(itor), i++) {
+ void *id = map_itor_key(itor);
+ const progress *value = (progress *)map_itor_value(itor);
+ const int ID_LEN = 12; // The last 12 charactos of image digest.
+
+ result->progresses[i] = util_common_calloc_s(sizeof(image_progress_progresses_element));
+ if (result->progresses[i] == NULL) {
+ // ignore error, return got progress data
+ WARN("Out of memory");
+ break;
+ }
+ result->progresses[i]->id = util_strdup_s((char *)id + strlen((char *)id) - ID_LEN);
+ result->progresses[i]->total = value->dltotal;
+ result->progresses[i]->current = value->dlnow;
+ result->progresses_len++;
+ }
+ map_itor_free(itor);
+ progress_status_map_unlock(status_store);
+
+ return 0;
+}
+
void *get_progress_status(void *arg)
{
status_arg *status = (status_arg *)arg;
- const int delay = 100; // Sleep for 100 milliseconds
- bool write_ok = false;
+
+ prctl(PR_SET_NAME, "PullProgress");
if (status == NULL || status->status_store == NULL || status->stream == NULL) {
ERROR("Get progress status condition error");
return NULL;
}
- for (;;) {
- int i = 0;
-
- usleep(delay * 1000); // Sleep for 100 milliseconds
+ while (!status->should_terminal || status->image != NULL) {
+ bool write_ok = false;
+ image_progress *iprogresses = NULL;
- if (status->should_terminal && status->image == NULL) {
+ // Step 1: delay 100ms, wait progress update
+ util_usleep_nointerupt(100 * 1000);
+
+ // Step 2: check client whether is canceled?
+ if (status->stream->is_cancelled(status->stream->context)) {
+ WARN("pull stream is cancelled");
break;
}
-
- image_progress *progresses;
- size_t progress_size = progress_status_map_size(status->status_store);
- progresses = util_common_calloc_s(sizeof(image_progress));
- if (progresses == NULL) {
- ERROR("Out of memory. Skip progress show.");
- break;
+ iprogresses = util_common_calloc_s(sizeof(image_progress));
+ if (iprogresses == NULL) {
+ ERROR("Out of memory");
+ break;
}
-
- progresses->progresses = util_smart_calloc_s(sizeof(image_progress_progresses_element *), progress_size);
- if (progresses->progresses == NULL) {
- ERROR("Out of memory. Skip progress show.");
- goto roundend;
+ // Step 3: get progress of pull from progress status store
+ if (do_get_progress_from_store(status->status_store, iprogresses) != 0) {
+ free_image_progress(iprogresses);
+ break;
}
+
+ // Step 4: check main thread whether is finished, and setted pulled image info
if (status->image != NULL) {
- progresses->image = util_strdup_s(status->image_name);
+ iprogresses->image = util_strdup_s(status->image_name);
status->image = NULL;
}
- if (!progress_status_map_lock(status->status_store)) {
- ERROR("Cannot itorate progress status map for locking failed");
- goto roundend;
- }
- map_itor *itor = map_itor_new(status->status_store->map);
- for (i = 0; map_itor_valid(itor) && i < progress_size; map_itor_next(itor), i++) {
- void *id = map_itor_key(itor);
- const progress *value = (progress *)map_itor_value(itor);
- const int ID_LEN = 12; // The last 12 charactos of image digest.
-
- progresses->progresses[i] = util_common_calloc_s(sizeof(image_progress_progresses_element));
- if (progresses->progresses[i] == NULL) {
- WARN("Out of memory. Skip progress show.");
- map_itor_free(itor);
- progress_status_map_unlock(status->status_store);
- goto roundend;
- }
- progresses->progresses[i]->id = util_strdup_s((char *)id + strlen((char *)id) - ID_LEN);
- progresses->progresses[i]->total = value->dltotal;
- progresses->progresses[i]->current = value->dlnow;
- progresses->progresses_len++;
+ // Step 5: send got progress of pull to client
+ write_ok = status->stream->write_func(status->stream->writer, iprogresses);
+ if (!write_ok) {
+ WARN("Send progress data to client failed, just ignore and retry it");
}
- map_itor_free(itor);
- progress_status_map_unlock(status->status_store);
-
- /* send to client */
- write_ok = status->stream->write_func(status->stream->writer, progresses);
- if (write_ok) {
- goto roundend;
- }
- if (status->stream->is_cancelled(status->stream->context)) {
- ERROR("pull stream is cancelled");
- goto roundend;
- }
- ERROR("Send progress data to client failed");
-roundend:
- free_image_progress(progresses);
+ free_image_progress(iprogresses);
}
+
return NULL;
}
@@ -286,7 +299,7 @@ int oci_do_pull_image(const im_pull_request *request, stream_func_wrapper *strea
if (request->is_progress_visible && stream != NULL) {
progress_status_store = progress_status_map_new();
if (progress_status_store == NULL) {
- ERROR("Out of memory and will not show the pull progress");
+ ERROR("Out of memory");
isulad_set_error_message("Failed to pull image %s with error: out of memory", request->image);
ret = -1;
goto out;
@@ -321,21 +334,28 @@ int oci_do_pull_image(const im_pull_request *request, stream_func_wrapper *strea
arg.image = image;
arg.image_name = dest_image_name;
if (!request->is_progress_visible && stream != NULL) {
- image_progress *progresses;
+ image_progress *progresses = NULL;
+ bool nret = false;
progresses = util_common_calloc_s(sizeof(image_progress));
if (progresses == NULL) {
- ERROR("Out of memory. Skip progress show.");
- goto out;
+ ERROR("Out of memory");
+ isulad_set_error_message("Failed to pull image %s with error: out of memory", request->image);
+ ret = -1;
+ goto out;
}
progresses->image = util_strdup_s(dest_image_name);
- if (stream->write_func(stream->writer, progresses)) {
+ nret = stream->write_func(stream->writer, progresses);
+ free_image_progress(progresses);
+ if (!nret) {
ERROR("Send progress data to client failed");
+ isulad_set_error_message("Failed to pull image %s with error: send progress data to client failed", request->image);
+ ret = -1;
goto out;
}
}
response->image_ref = util_strdup_s(image->id);
-
+
out:
arg.should_terminal = true;
if (tid != 0 && pthread_join(tid, NULL) != 0) {
diff --git a/src/daemon/modules/image/oci/progress.c b/src/daemon/modules/image/oci/progress.c
index 110f22c0..7d0c10a4 100644
--- a/src/daemon/modules/image/oci/progress.c
+++ b/src/daemon/modules/image/oci/progress.c
@@ -34,15 +34,16 @@ size_t progress_status_map_size(progress_status_map *progress_status_map)
}
ret = map_size(progress_status_map->map);
progress_status_map_unlock(progress_status_map);
-
+
return ret;
}
-bool progress_status_map_insert(progress_status_map *progress_status_map, char *key, progress *value)
+bool progress_status_map_udpate(progress_status_map *progress_status_map, char *key, int64_t current, int64_t total)
{
bool ret = false;
+ progress *pval = NULL;
- if (progress_status_map == NULL || key == NULL || value == NULL) {
+ if (progress_status_map == NULL || key == NULL) {
ERROR("Invalid parameter");
return false;
}
@@ -51,9 +52,26 @@ bool progress_status_map_insert(progress_status_map *progress_status_map, char *
ERROR("Cannot replace the progress status map item for locking failed");
return false;
}
- ret = map_insert(progress_status_map->map, key, value);
- progress_status_map_unlock(progress_status_map);
+ // If the item exists, only replace the value.
+ pval = map_search(progress_status_map->map, key);
+ if (pval != NULL) {
+ pval->dlnow = current;
+ pval->dltotal = total;
+ progress_status_map_unlock(progress_status_map);
+ return true;
+ }
+ pval = util_common_calloc_s(sizeof(progress));
+ if (pval == NULL) {
+ ERROR("Out of memory");
+ progress_status_map_unlock(progress_status_map);
+ return false;
+ }
+ pval->dlnow = current;
+ pval->dltotal = total;
+
+ ret = map_insert(progress_status_map->map, key, pval);
+ progress_status_map_unlock(progress_status_map);
return ret;
}
diff --git a/src/daemon/modules/image/oci/progress.h b/src/daemon/modules/image/oci/progress.h
index 496a32f3..dcc8e144 100644
--- a/src/daemon/modules/image/oci/progress.h
+++ b/src/daemon/modules/image/oci/progress.h
@@ -29,11 +29,11 @@ typedef struct progress_status_map {
} progress_status_map;
typedef struct progress {
- int64_t dlnow;
- int64_t dltotal;
+ int64_t dlnow;
+ int64_t dltotal;
} progress;
-bool progress_status_map_insert(progress_status_map *progress_status_map, char *key, progress *value);
+bool progress_status_map_udpate(progress_status_map *progress_status_map, char *key, int64_t current, int64_t total);
progress_status_map *progress_status_map_new();
diff --git a/src/daemon/modules/image/oci/registry/http_request.c b/src/daemon/modules/image/oci/registry/http_request.c
index 748c9a9b..450fbc41 100644
--- a/src/daemon/modules/image/oci/registry/http_request.c
+++ b/src/daemon/modules/image/oci/registry/http_request.c
@@ -692,44 +692,22 @@ out:
static int xfer_inner(void *p, int64_t dltotal, int64_t dlnow, int64_t ultotal, int64_t ulnow)
{
progress_arg *arg = (progress_arg *)p;
- progress *progress_value = NULL;
if (arg == NULL || arg->map_store == NULL) {
ERROR("Wrong progress arg");
return -1;
}
+
// When fetch_manifest_list, there's no digest. It's not a layer pulling progress and skip it.
if (arg->digest == NULL) {
return 0;
}
- if (!progress_status_map_lock(arg->map_store)) {
- ERROR("Cannot update progress status map for locking failed");
+ if (!progress_status_map_udpate(arg->map_store, arg->digest, dlnow, dltotal)) {
+ ERROR("Failed to update pull progress");
return -1;
}
- // If the item exists, only replace the value.
- progress_value = map_search(arg->map_store->map, arg->digest);
- if (progress_value != NULL) {
- progress_value->dlnow = dlnow;
- progress_value->dltotal = dltotal;
- progress_status_map_unlock(arg->map_store);
-
- return 0;
- }
- progress_status_map_unlock(arg->map_store);
-
- progress_value = util_common_calloc_s(sizeof(progress));
- if (progress_value == NULL) {
- ERROR("Out of memory");
- return -1;
- }
-
- progress_value->dlnow = dlnow;
- progress_value->dltotal = dltotal;
-
- progress_status_map_insert(arg->map_store, arg->digest, progress_value);
-
return 0;
}
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c
index f49f4707..58baa47a 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c
+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c
@@ -2824,7 +2824,7 @@ static int implicit_digest(map_t *digests, image_t *img)
// Find whether the manifest in big_data_digests exists, if not, return 0 directly
if (!get_index_by_key((const char **)img->simage->big_data_digests->keys, img->simage->big_data_digests->len,
- IMAGE_DIGEST_BIG_DATA_KEY, &index)) {
+ IMAGE_DIGEST_BIG_DATA_KEY, &index)) {
return 0;
}
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
index 7517dd43..3bc433ae 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
@@ -1930,7 +1930,7 @@ int overlay2_apply_diff(const char *id, const struct graphdriver *driver, const
goto out;
}
- ret = archive_unpack(content, layer_diff, &options, root_dir ,&err);
+ ret = archive_unpack(content, layer_diff, &options, root_dir, &err);
if (ret != 0) {
ERROR("Failed to unpack to %s: %s", layer_diff, err);
ret = -1;
diff --git a/src/daemon/modules/image/oci/storage/storage.c b/src/daemon/modules/image/oci/storage/storage.c
index 2e53dbac..0d1a846a 100644
--- a/src/daemon/modules/image/oci/storage/storage.c
+++ b/src/daemon/modules/image/oci/storage/storage.c
@@ -215,7 +215,7 @@ int storage_inc_hold_refs(const char *layer_id)
int storage_dec_hold_refs(const char *layer_id)
{
int ret = 0;
-
+
if (layer_id == NULL) {
ERROR("Empty layer id");
return -1;
@@ -550,7 +550,8 @@ char *storage_img_get_image_id(const char *img_name)
return image_store_lookup(img_name);
}
-static bool is_top_layer_of_other_image(const char *img_id, const imagetool_images_list *all_images, const char *layer_id)
+static bool is_top_layer_of_other_image(const char *img_id, const imagetool_images_list *all_images,
+ const char *layer_id)
{
size_t i = 0;
--
2.42.0

3476
0028-2230-format-code.patch
View File

File diff suppressed because it is too large Load Diff

445
0029-2255-Fix-cpusets-offline-issue.patch
View File

@ -1,445 +0,0 @@
From a6f1ff360dded79ce5139a8b97a51c37d2fbd403 Mon Sep 17 00:00:00 2001
From: xuxuepeng <xuxuepeng1@huawei.com>
Date: Thu, 23 Nov 2023 13:18:13 +0000
Subject: [PATCH 29/64] !2255 Fix cpusets offline issue * Fix cpusets offline
issue
---
src/daemon/common/sysinfo.c | 1 +
src/daemon/common/sysinfo.h | 3 +
src/daemon/modules/spec/verify.c | 24 ++---
test/mocks/image_mock.cc | 16 +++
test/mocks/image_mock.h | 2 +
test/specs/CMakeLists.txt | 1 +
test/specs/verify/CMakeLists.txt | 85 +++++++++++++++
test/specs/verify/verify_ut.cc | 173 +++++++++++++++++++++++++++++++
8 files changed, 289 insertions(+), 16 deletions(-)
create mode 100644 test/specs/verify/CMakeLists.txt
create mode 100644 test/specs/verify/verify_ut.cc
diff --git a/src/daemon/common/sysinfo.c b/src/daemon/common/sysinfo.c
index 957b370b..39338925 100644
--- a/src/daemon/common/sysinfo.c
+++ b/src/daemon/common/sysinfo.c
@@ -393,6 +393,7 @@ sysinfo_t *get_sys_info(bool quiet)
}
sysinfo->ncpus = get_nprocs();
+ sysinfo->ncpus_conf = get_nprocs_conf();
cgroup_version = common_get_cgroup_version();
if (cgroup_version < 0) {
diff --git a/src/daemon/common/sysinfo.h b/src/daemon/common/sysinfo.h
index 4ac65df6..363576a9 100644
--- a/src/daemon/common/sysinfo.h
+++ b/src/daemon/common/sysinfo.h
@@ -25,7 +25,10 @@ extern "C" {
#include "cgroup.h"
typedef struct {
+ // Number of processors currently online (i.e., available).
int ncpus;
+ // Number of processors configured.
+ int ncpus_conf;
cgroup_mem_info_t cgmeminfo;
cgroup_cpu_info_t cgcpuinfo;
cgroup_hugetlb_info_t hugetlbinfo;
diff --git a/src/daemon/modules/spec/verify.c b/src/daemon/modules/spec/verify.c
index 850595ed..2a8b3259 100644
--- a/src/daemon/modules/spec/verify.c
+++ b/src/daemon/modules/spec/verify.c
@@ -25,6 +25,7 @@
#include <errno.h>
#include <fcntl.h>
#include <isula_libutils/auto_cleanup.h>
+#include <isula_libutils/utils_macro.h>
#include <isula_libutils/container_config.h>
#include <isula_libutils/defs.h>
#include <isula_libutils/host_config.h>
@@ -560,7 +561,7 @@ static bool check_cpu(const char *provided, const char *available)
}
/* parse unit list */
-int parse_unit_list(const char *val, bool *available_list, int cpu_num)
+STATIC int parse_unit_list(const char *val, bool *available_list, int cpu_num)
{
int ret = -1;
char *str = NULL;
@@ -612,22 +613,13 @@ out:
}
/* is cpuset list available */
-static bool is_cpuset_list_available(const char *provided, const char *available)
+STATIC bool is_cpuset_list_available(const char *provided, const char *available, int cpu_num)
{
- int cpu_num = 0;
int i = 0;
bool ret = false;
bool *parsed_provided = NULL;
bool *parsed_available = NULL;
- sysinfo_t *sysinfo = NULL;
-
- sysinfo = get_sys_info(true);
- if (sysinfo == NULL) {
- ERROR("get sysinfo failed");
- return false;
- }
- cpu_num = sysinfo->ncpus;
parsed_provided = util_smart_calloc_s(sizeof(bool), (unsigned int)cpu_num);
if (parsed_provided == NULL) {
ERROR("memory alloc failed!");
@@ -661,10 +653,10 @@ out:
}
/* is cpuset cpus available */
-bool is_cpuset_cpus_available(const sysinfo_t *sysinfo, const char *cpus)
+STATIC bool is_cpuset_cpus_available(const sysinfo_t *sysinfo, const char *cpus)
{
bool ret = false;
- ret = is_cpuset_list_available(cpus, sysinfo->cpusetinfo.cpus);
+ ret = is_cpuset_list_available(cpus, sysinfo->cpusetinfo.cpus, sysinfo->ncpus_conf);
if (!ret) {
ERROR("Checking cpuset.cpus got invalid format: %s.", cpus);
isulad_set_error_message("Checking cpuset.cpus got invalid format: %s.", cpus);
@@ -673,10 +665,10 @@ bool is_cpuset_cpus_available(const sysinfo_t *sysinfo, const char *cpus)
}
/* is cpuset mems available */
-bool is_cpuset_mems_available(const sysinfo_t *sysinfo, const char *mems)
+STATIC bool is_cpuset_mems_available(const sysinfo_t *sysinfo, const char *mems)
{
bool ret = false;
- ret = is_cpuset_list_available(mems, sysinfo->cpusetinfo.mems);
+ ret = is_cpuset_list_available(mems, sysinfo->cpusetinfo.mems, sysinfo->ncpus_conf);
if (!ret) {
ERROR("Checking cpuset.mems got invalid format: %s.", mems);
isulad_set_error_message("Checking cpuset.mems got invalid format: %s.", mems);
@@ -685,7 +677,7 @@ bool is_cpuset_mems_available(const sysinfo_t *sysinfo, const char *mems)
}
// cpuset subsystem checks and adjustments
-static int verify_resources_cpuset(const sysinfo_t *sysinfo, const char *cpus, const char *mems)
+STATIC int verify_resources_cpuset(const sysinfo_t *sysinfo, const char *cpus, const char *mems)
{
int ret = 0;
bool cpus_available = false;
diff --git a/test/mocks/image_mock.cc b/test/mocks/image_mock.cc
index 7114080c..cebe418d 100644
--- a/test/mocks/image_mock.cc
+++ b/test/mocks/image_mock.cc
@@ -54,3 +54,19 @@ int im_umount_container_rootfs(const char *image_type, const char *image_name, c
}
return 0;
}
+
+struct graphdriver_status *im_graphdriver_get_status(void)
+{
+ if (g_image_mock != nullptr) {
+ return g_image_mock->ImGraphdriverGetStatus();
+ }
+ return nullptr;
+}
+
+void im_free_graphdriver_status(struct graphdriver_status *status)
+{
+ if (g_image_mock != nullptr) {
+ g_image_mock->ImFreeGraphdriverStatus(status);
+ }
+ return;
+}
diff --git a/test/mocks/image_mock.h b/test/mocks/image_mock.h
index 0c7c1e51..f05be516 100644
--- a/test/mocks/image_mock.h
+++ b/test/mocks/image_mock.h
@@ -28,6 +28,8 @@ public:
const char *container_id));
MOCK_METHOD3(ImUmountContainerRootfs, int(const char *image_type, const char *image_name,
const char *container_id));
+ MOCK_METHOD0(ImGraphdriverGetStatus, struct graphdriver_status *());
+ MOCK_METHOD1(ImFreeGraphdriverStatus, void(struct graphdriver_status *status));
};
void MockImage_SetMock(MockImage *mock);
diff --git a/test/specs/CMakeLists.txt b/test/specs/CMakeLists.txt
index 7acd68a1..bf5ed535 100644
--- a/test/specs/CMakeLists.txt
+++ b/test/specs/CMakeLists.txt
@@ -2,3 +2,4 @@ project(iSulad_UT)
add_subdirectory(specs)
add_subdirectory(specs_extend)
+add_subdirectory(verify)
diff --git a/test/specs/verify/CMakeLists.txt b/test/specs/verify/CMakeLists.txt
new file mode 100644
index 00000000..0e60a39e
--- /dev/null
+++ b/test/specs/verify/CMakeLists.txt
@@ -0,0 +1,85 @@
+project(iSulad_UT)
+
+SET(EXE specs_verify_ut)
+
+add_definitions(-DUNIT_TEST=ON)
+
+add_executable(${EXE}
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_regex.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_verify.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_array.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_string.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_convert.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_file.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_timestamp.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/util_atomic.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_mount_spec.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_fs.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_cap.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/sha256/sha256.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/path.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/map/map.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/map/rb_tree.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/common/err_msg.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/common/sysinfo.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/common/cgroup.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/common/cgroup_v1.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/modules/spec/verify.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../test/image/oci/oci_ut_common.cc
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/containers_store_mock.cc
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/namespace_mock.cc
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/container_unix_mock.cc
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/engine_mock.cc
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/selinux_label_mock.cc
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/isulad_config_mock.cc
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/storage_mock.cc
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/image_mock.cc
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/storage_mock.cc
+ verify_ut.cc)
+
+target_include_directories(${EXE} PUBLIC
+ ${GTEST_INCLUDE_DIR}
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../include
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/modules/image/oci
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/modules/image
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/modules/image/external
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/common
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/map
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/cmd/isulad
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/config
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/common
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/modules/api
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/modules/volume
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/modules/runtime
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/modules/container
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/modules/container/restart_manager
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/modules/container/health_check
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/modules/image/oci/storage
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/services
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/services/execution
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/modules/spec/
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/services/execution/manager
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/modules/events
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/services/execution/execute
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/tar
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/plugin
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/http
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/modules/runtime/engines
+ ${ENGINES_INCS}
+ ${RUNTIME_INCS}
+ ${IMAGE_INCS}
+ ${CMAKE_BINARY_DIR}/conf
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/sha256
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/config
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/cmd
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/services/graphdriver
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/console
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../test/image/oci
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks
+ )
+
+target_link_libraries(${EXE} ${GTEST_BOTH_LIBRARIES} ${GMOCK_LIBRARY} ${GMOCK_MAIN_LIBRARY} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} -lgrpc++ -lprotobuf -lcrypto -lyajl -lz)
+add_test(NAME ${EXE} COMMAND ${EXE} --gtest_output=xml:${EXE}-Results.xml)
+set_tests_properties(${EXE} PROPERTIES TIMEOUT 120)
diff --git a/test/specs/verify/verify_ut.cc b/test/specs/verify/verify_ut.cc
new file mode 100644
index 00000000..e764e476
--- /dev/null
+++ b/test/specs/verify/verify_ut.cc
@@ -0,0 +1,173 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2023. All rights reserved.
+ * iSulad licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: specs verify ut
+ * Author: xuxuepeng
+ * Create: 2023-11-16
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <gtest/gtest.h>
+#include "mock.h"
+#include <gtest/gtest.h>
+#include <gmock/gmock.h>
+#include "sysinfo.h"
+#include "utils.h"
+
+using namespace std;
+
+#define HOST_CONFIG_FILE "../../../../test/specs/verify/hostconfig.json"
+#define OCI_RUNTIME_SPEC_FILE "../../../../test/specs/verify/oci_runtime_spec.json"
+
+extern "C" {
+ int verify_resources_cpuset(const sysinfo_t *sysinfo, const char *cpus, const char *mems);
+}
+
+/* get sys info */
+sysinfo_t *create_sys_info_for_cpuset_test(const char *cpus, const char *mems, int ncpus_conf, int ncpus)
+{
+ sysinfo_t *sysinfo = NULL;
+
+ sysinfo = (sysinfo_t *)util_common_calloc_s(sizeof(sysinfo_t));
+ if (sysinfo == NULL) {
+ ERROR("Out of memory");
+ return NULL;
+ }
+
+ sysinfo->ncpus = ncpus;
+ sysinfo->ncpus_conf = ncpus_conf;
+
+ sysinfo->cpusetinfo.cpuset = true;
+ sysinfo->cpusetinfo.cpus = util_strdup_s(cpus);
+ sysinfo->cpusetinfo.mems = util_strdup_s(mems);
+
+ return sysinfo;
+}
+
+void test_different_provided_cpus_mems(sysinfo_t *sysinfo, const char *provided_cpus, const char *provided_mems,
+ int expected)
+{
+ int ret = 0;
+ ret = verify_resources_cpuset(sysinfo, provided_cpus, provided_mems);
+ ASSERT_EQ(ret, expected);
+}
+
+// Test the case when provided is null, and available is 0-7
+TEST(test_verify_resources_cpuset, test_0_7)
+{
+ sysinfo_t *sysinfo = create_sys_info_for_cpuset_test("0-7", "0-7", 8, 8);
+ test_different_provided_cpus_mems(sysinfo, nullptr, nullptr, 0);
+
+ test_different_provided_cpus_mems(sysinfo, "0", "0", 0);
+ test_different_provided_cpus_mems(sysinfo, "2", "2", 0);
+ test_different_provided_cpus_mems(sysinfo, "7", "7", 0);
+ test_different_provided_cpus_mems(sysinfo, "8", "8", -1);
+
+ test_different_provided_cpus_mems(sysinfo, "1,2", "1,2", 0);
+ test_different_provided_cpus_mems(sysinfo, "1,3,5", "1,3,5", 0);
+
+ test_different_provided_cpus_mems(sysinfo, "0-7", "0-7", 0);
+ test_different_provided_cpus_mems(sysinfo, "0-8", "0-8", -1);
+ test_different_provided_cpus_mems(sysinfo, "0-1,3-7", "0-1,3-7", 0);
+ test_different_provided_cpus_mems(sysinfo, "0-1,3,5-7", "0-1,3,5-7", 0);
+
+ free_sysinfo(sysinfo);
+}
+
+// Test the case when provided is null, and available is 0-1,3-7
+TEST(test_verify_resources_cpuset, test_0_1_3_7)
+{
+ sysinfo_t *sysinfo = create_sys_info_for_cpuset_test("0-1,3-7", "0-1,3-7", 8, 7);
+ test_different_provided_cpus_mems(sysinfo, nullptr, nullptr, 0);
+
+ test_different_provided_cpus_mems(sysinfo, "0", "0", 0);
+ test_different_provided_cpus_mems(sysinfo, "2", "2", -1);
+ test_different_provided_cpus_mems(sysinfo, "7", "7", 0);
+ test_different_provided_cpus_mems(sysinfo, "8", "8", -1);
+
+ test_different_provided_cpus_mems(sysinfo, "1,2", "1,2", -1);
+ test_different_provided_cpus_mems(sysinfo, "1,3,5", "1,3,5", 0);
+
+ test_different_provided_cpus_mems(sysinfo, "0-7", "0-7", -1);
+ test_different_provided_cpus_mems(sysinfo, "0-8", "0-8", -1);
+ test_different_provided_cpus_mems(sysinfo, "0-1,3-7", "0-1,3-7", 0);
+ test_different_provided_cpus_mems(sysinfo, "0-1,3,5-7", "0-1,3,5-7", 0);
+
+ free_sysinfo(sysinfo);
+}
+
+// Test the case when provided is null, and available is 0-6
+TEST(test_verify_resources_cpuset, test_0_6)
+{
+ sysinfo_t *sysinfo = create_sys_info_for_cpuset_test("0-6", "0-6", 8, 7);
+
+ test_different_provided_cpus_mems(sysinfo, nullptr, nullptr, 0);
+
+ test_different_provided_cpus_mems(sysinfo, "0", "0", 0);
+ test_different_provided_cpus_mems(sysinfo, "2", "2", 0);
+ test_different_provided_cpus_mems(sysinfo, "7", "7", -1);
+ test_different_provided_cpus_mems(sysinfo, "8", "8", -1);
+
+ test_different_provided_cpus_mems(sysinfo, "1,2", "1,2", 0);
+ test_different_provided_cpus_mems(sysinfo, "1,3,5", "1,3,5", 0);
+
+ test_different_provided_cpus_mems(sysinfo, "0-7", "0-7", -1);
+ test_different_provided_cpus_mems(sysinfo, "0-8", "0-8", -1);
+ test_different_provided_cpus_mems(sysinfo, "0-1,3-7", "0-1,3-7", -1);
+ test_different_provided_cpus_mems(sysinfo, "0-1,3,5-7", "0-1,3,5-7", -1);
+
+ free_sysinfo(sysinfo);
+}
+
+// Test the case when provided is null, and available is 1-7
+TEST(test_verify_resources_cpuset, test_1_7)
+{
+ sysinfo_t *sysinfo = create_sys_info_for_cpuset_test("1-7", "1-7", 8, 7);
+
+ test_different_provided_cpus_mems(sysinfo, nullptr, nullptr, 0);
+
+ test_different_provided_cpus_mems(sysinfo, "0", "0", -1);
+ test_different_provided_cpus_mems(sysinfo, "2", "2", 0);
+ test_different_provided_cpus_mems(sysinfo, "7", "7", 0);
+ test_different_provided_cpus_mems(sysinfo, "8", "8", -1);
+
+ test_different_provided_cpus_mems(sysinfo, "1,2", "1,2", 0);
+ test_different_provided_cpus_mems(sysinfo, "1,3,5", "1,3,5", 0);
+
+ test_different_provided_cpus_mems(sysinfo, "0-7", "0-7", -1);
+ test_different_provided_cpus_mems(sysinfo, "0-8", "0-8", -1);
+ test_different_provided_cpus_mems(sysinfo, "0-1,3-7", "0-1,3-7", -1);
+ test_different_provided_cpus_mems(sysinfo, "0-1,3,5-7", "0-1,3,5-7", -1);
+
+ free_sysinfo(sysinfo);
+}
+
+// Test the case when provided is null, and available is 0,3
+TEST(test_verify_resources_cpuset, test_null_03)
+{
+ sysinfo_t *sysinfo = create_sys_info_for_cpuset_test("0,3", "0,3", 8, 2);
+ test_different_provided_cpus_mems(sysinfo, nullptr, nullptr, 0);
+
+ test_different_provided_cpus_mems(sysinfo, "0", "0", 0);
+ test_different_provided_cpus_mems(sysinfo, "2", "2", -1);
+ test_different_provided_cpus_mems(sysinfo, "7", "7", -1);
+ test_different_provided_cpus_mems(sysinfo, "8", "8", -1);
+
+ test_different_provided_cpus_mems(sysinfo, "1,2", "1,2", -1);
+ test_different_provided_cpus_mems(sysinfo, "1,3,5", "1,3,5", -1);
+
+ test_different_provided_cpus_mems(sysinfo, "0-7", "0-7", -1);
+ test_different_provided_cpus_mems(sysinfo, "0-8", "0-8", -1);
+ test_different_provided_cpus_mems(sysinfo, "0-1,3-7", "0-1,3-7", -1);
+ test_different_provided_cpus_mems(sysinfo, "0-1,3,5-7", "0-1,3,5-7", -1);
+
+ free_sysinfo(sysinfo);
+}
--
2.42.0

52
0030-modify-daemon-json-default-runtime-to-runc.patch
View File

@ -1,52 +0,0 @@
From b94f36b3d06abd711449b2e91303dfdd33f9c979 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 21 Nov 2023 21:31:48 +0800
Subject: [PATCH 30/64] modify daemon json default runtime to runc
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/cmd/isula/base/create.h | 2 +-
src/cmd/isula/extend/stats.c | 1 -
src/contrib/config/daemon.json | 2 +-
3 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/cmd/isula/base/create.h b/src/cmd/isula/base/create.h
index 986be41f..9eb471b4 100644
--- a/src/cmd/isula/base/create.h
+++ b/src/cmd/isula/base/create.h
@@ -332,7 +332,7 @@ extern "C" {
"runtime", \
'R', \
&(cmdargs).runtime, \
- "Runtime to use for containers(default: lcr)", \
+ "Runtime to use for containers", \
NULL }, \
{ CMD_OPT_TYPE_STRING_DUP, \
false, \
diff --git a/src/cmd/isula/extend/stats.c b/src/cmd/isula/extend/stats.c
index c11fe218..04485608 100644
--- a/src/cmd/isula/extend/stats.c
+++ b/src/cmd/isula/extend/stats.c
@@ -41,7 +41,6 @@ struct client_arguments g_cmd_stats_args = {
.showall = false,
.nostream = false,
.original = false,
- .runtime = "lcr",
};
static struct isula_stats_response *g_oldstats = NULL;
diff --git a/src/contrib/config/daemon.json b/src/contrib/config/daemon.json
index 4faf4057..966e016a 100644
--- a/src/contrib/config/daemon.json
+++ b/src/contrib/config/daemon.json
@@ -1,6 +1,6 @@
{
"group": "isula",
- "default-runtime": "lcr",
+ "default-runtime": "runc",
"graph": "/var/lib/isulad",
"state": "/var/run/isulad",
"log-level": "ERROR",
--
2.42.0

815
0031-modify-CI-for-default-runtime-to-runc.patch
View File

@ -1,815 +0,0 @@
From c0d86490ba53bf9a33f7569dc31c4ec1ba54f073 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 21 Nov 2023 21:32:08 +0800
Subject: [PATCH 31/64] modify CI for default runtime to runc
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
CI/test_cases/container_cases/cni_test.sh | 103 ++++++++++--------
.../container_cases/exec_additional_gids.sh | 26 +++--
CI/test_cases/container_cases/export.sh | 10 +-
.../hook_ignore_poststart_error.sh | 10 +-
.../container_cases/hook_spec_test.sh | 12 +-
...igdata_stream.sh => lcr_bigdata_stream.sh} | 32 +-----
.../container_cases/{exec.sh => lcr_exec.sh} | 2 +-
CI/test_cases/container_cases/nano_cpus.sh | 8 +-
CI/test_cases/container_cases/restart.sh | 14 ++-
CI/test_cases/container_cases/run.sh | 49 +++++----
..._stream_runc.sh => runc_bigdata_stream.sh} | 0
.../{exec_runc.sh => runc_exec.sh} | 0
CI/test_cases/container_cases/seccomp.sh | 12 +-
CI/test_cases/container_cases/stop.sh | 19 +++-
CI/test_cases/critest.sh | 6 +-
15 files changed, 166 insertions(+), 137 deletions(-)
rename CI/test_cases/container_cases/{bigdata_stream.sh => lcr_bigdata_stream.sh} (93%)
rename CI/test_cases/container_cases/{exec.sh => lcr_exec.sh} (97%)
rename CI/test_cases/container_cases/{bigdata_stream_runc.sh => runc_bigdata_stream.sh} (100%)
rename CI/test_cases/container_cases/{exec_runc.sh => runc_exec.sh} (100%)
diff --git a/CI/test_cases/container_cases/cni_test.sh b/CI/test_cases/container_cases/cni_test.sh
index bbc381dd..114cf2a3 100755
--- a/CI/test_cases/container_cases/cni_test.sh
+++ b/CI/test_cases/container_cases/cni_test.sh
@@ -37,6 +37,10 @@ function do_post()
start_isulad_with_valgrind
}
+# $1: pod runtime;
+# $2: pod config;
+# $3: eth0 ip;
+# $4: eth1 ip;
function do_test_help()
{
msg_info "this is $0 do_test"
@@ -53,7 +57,7 @@ function do_test_help()
TC_RET_T=$(($TC_RET_T+1))
fi
- sid=`crictl runp ${data_path}/$1`
+ sid=`crictl runp --runtime $1 ${data_path}/$2`
if [ $? -ne 0 ]; then
msg_err "Failed to run sandbox"
TC_RET_T=$(($TC_RET_T+1))
@@ -61,7 +65,7 @@ function do_test_help()
cnt=`ls /var/lib/cni/results/* | wc -l`
target_cnt=1
- if [ "x$3" != "x" ];then
+ if [ "x$4" != "x" ];then
target_cnt=2
fi
@@ -77,7 +81,7 @@ function do_test_help()
TC_RET_T=$(($TC_RET_T+1))
fi
- cid=`crictl create $sid ${data_path}/container-config.json ${data_path}/$1`
+ cid=`crictl create $sid ${data_path}/container-config.json ${data_path}/$2`
if [ $? -ne 0 ];then
msg_err "create container failed"
TC_RET_T=$(($TC_RET_T+1))
@@ -107,29 +111,29 @@ function do_test_help()
nsenter -t $con_pid -n ifconfig eth0
TC_RET_T=$(($TC_RET_T+1))
fi
- nsenter -t $pod_pid -n ifconfig eth0 | grep "$2"
+ nsenter -t $pod_pid -n ifconfig eth0 | grep "$3"
if [ $? -ne 0 ];then
- msg_err "expect ip: $1, get: "
+ msg_err "expect ip: $3, get: "
nsenter -t $pod_pid -n ifconfig eth0
TC_RET_T=$(($TC_RET_T+1))
fi
- crictl inspectp $sid | grep "$2"
+ crictl inspectp $sid | grep "$3"
if [ $? -ne 0 ];then
- msg_err "inspectp: expect ip: $1, get: "
+ msg_err "inspectp: expect ip: $3, get: "
crictl inspectp $sid
TC_RET_T=$(($TC_RET_T+1))
fi
- if [ "x$3" != "x" ];then
- nsenter -t $pod_pid -n ifconfig eth1 | grep "$3"
+ if [ "x$4" != "x" ];then
+ nsenter -t $pod_pid -n ifconfig eth1 | grep "$4"
if [ $? -ne 0 ];then
- msg_err "expect ip: $2, get: "
+ msg_err "expect ip: $4, get: "
nsenter -t $pod_pid -n ifconfig eth1
TC_RET_T=$(($TC_RET_T+1))
fi
- crictl inspectp $sid | grep "$3"
+ crictl inspectp $sid | grep "$4"
if [ $? -ne 0 ];then
- msg_err "inspectp expect ip: $2, get: "
+ msg_err "inspectp expect ip: $4, get: "
crictl inspectp $sid
TC_RET_T=$(($TC_RET_T+1))
fi
@@ -170,7 +174,7 @@ function do_test_help()
function default_cni_config()
{
- do_test_help "sandbox-config.json" "10\.1\."
+ do_test_help $1 "sandbox-config.json" "10\.1\."
}
function new_cni_config()
@@ -189,12 +193,12 @@ function new_cni_config()
fi
done
tail $ISUALD_LOG
- do_test_help "mutlnet_pod.json" "10\.2\." "10\.1\."
+ do_test_help $1 "mutlnet_pod.json" "10\.2\." "10\.1\."
}
function check_annotation_extension()
{
- sid=`crictl runp ${data_path}/sandbox-config.json`
+ sid=`crictl runp --runtime $1 ${data_path}/sandbox-config.json`
if [ $? -ne 0 ]; then
msg_err "Failed to run sandbox"
TC_RET_T=$(($TC_RET_T+1))
@@ -253,7 +257,7 @@ function check_rollback()
done
tail $ISUALD_LOG
- crictl runp ${data_path}/mutl_wrong_net_pod.json
+ crictl runp --runtime $1 ${data_path}/mutl_wrong_net_pod.json
if [ $? -eq 0 ]; then
msg_err "Run sandbox success with invalid cni configs"
TC_RET_T=$(($TC_RET_T+1))
@@ -302,13 +306,14 @@ function check_rollback()
# $2: expect ingress rate;
# $3: input egress rate;
# $4: expect egress rate;
+# $5: pod runtime;
function check_annotation_valid_bandwidth()
{
rm bandwidth.json
cp ${data_path}/mock_sandbox.json bandwidth.json
sed -i "s#ingressholder#$1#g" bandwidth.json
sed -i "s#engressholder#$3#g" bandwidth.json
- sid=`crictl runp bandwidth.json`
+ sid=`crictl runp --runtime $5 bandwidth.json`
if [ $? -ne 0 ]; then
msg_err "Failed to run sandbox"
TC_RET_T=$(($TC_RET_T+1))
@@ -345,6 +350,7 @@ function check_annotation_valid_bandwidth()
return $TC_RET_T
}
+# function not called
function check_annotation_invalid_bandwidth()
{
rm bandwidth.json
@@ -386,44 +392,51 @@ function check_annotation()
done
tail $ISUALD_LOG
- check_annotation_extension
+ check_annotation_extension $1
- check_annotation_valid_bandwidth "10.24k" "10240" "-1.024k" "-1024"
- check_annotation_valid_bandwidth "1024m" "2" "-1024m" "-1"
- check_annotation_valid_bandwidth "1.000001Ki" "1025" "-1.00001Ki" "-1024"
- check_annotation_valid_bandwidth "0.1Mi" "104858" "-0.01Mi" "-10485"
- check_annotation_valid_bandwidth "1.00001e2" "101" "-1.0001e2" "-100"
+ check_annotation_valid_bandwidth "10.24k" "10240" "-1.024k" "-1024" $1
+ check_annotation_valid_bandwidth "1024m" "2" "-1024m" "-1" $1
+ check_annotation_valid_bandwidth "1.000001Ki" "1025" "-1.00001Ki" "-1024" $1
+ check_annotation_valid_bandwidth "0.1Mi" "104858" "-0.01Mi" "-10485" $1
+ check_annotation_valid_bandwidth "1.00001e2" "101" "-1.0001e2" "-100" $1
return $TC_RET_T
}
-ret=0
+function do_test_t()
+{
+ local ret=0
+ local runtime=$1
+ local test="cni_test => (${runtime})"
+ msg_info "${test} starting..."
+
+ default_cni_config $runtime || ((ret++))
+
+ new_cni_config $runtime || ((ret++))
+
+ check_annotation $runtime || ((ret++))
-do_pre
-if [ $? -ne 0 ];then
- let "ret=$ret + 1"
-fi
+ check_rollback $runtime || ((ret++))
-default_cni_config
-if [ $? -ne 0 ];then
- let "ret=$ret + 1"
-fi
+ msg_info "${test} finished with return ${ret}..."
-new_cni_config
-if [ $? -ne 0 ];then
- let "ret=$ret + 1"
-fi
+ return $ret
+}
-check_annotation
-if [ $? -ne 0 ];then
- let "ret=$ret + 1"
-fi
+ret=0
-check_rollback
-if [ $? -ne 0 ];then
- let "ret=$ret + 1"
-fi
+for element in ${RUNTIME_LIST[@]};
+do
+ do_pre
+ if [ $? -ne 0 ];then
+ let "ret=$ret + 1"
+ fi
-do_post
+ do_test_t $element
+ if [ $? -ne 0 ];then
+ let "ret=$ret + 1"
+ fi
+ do_post
+done
show_result $ret "cni base test"
diff --git a/CI/test_cases/container_cases/exec_additional_gids.sh b/CI/test_cases/container_cases/exec_additional_gids.sh
index f24678d3..2edfd750 100755
--- a/CI/test_cases/container_cases/exec_additional_gids.sh
+++ b/CI/test_cases/container_cases/exec_additional_gids.sh
@@ -22,7 +22,6 @@
curr_path=$(dirname $(readlink -f "$0"))
data_path=$(realpath $curr_path/../data)
source ../helpers.sh
-test="exec additional gids test => test_exec_additional_gids"
test_log=$(mktemp /tmp/additional_gids_test_XXX)
USERNAME="user"
@@ -37,10 +36,14 @@ file_info="Keep it secret, keep it safe"
function additional_gids_test()
{
local ret=0
+ local runtime=$1
+ test="exec additional gids test => test_exec_additional_gids => $runtime"
+
+ msg_info "${test} starting..."
isula rm -f `isula ps -a -q`
- isula run -tid -n $cont_name ubuntu bash
+ isula run -tid --runtime $runtime -n $cont_name ubuntu bash
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container" && ((ret++))
isula exec $cont_name bash -c "groupadd --gid $USER_GID $USERNAME \
@@ -52,10 +55,13 @@ function additional_gids_test()
&& chmod 606 /app/sekrit.txt"
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - create user and group failed" && ((ret++))
+ # runc is not support exec --workdir
/usr/bin/expect <<- EOF > ${test_log} 2>&1
set timeout 10
-spawn isula exec -it --workdir /app -u $USERNAME $cont_name bash
+spawn isula exec -it -u $USERNAME $cont_name bash
expect "${USERNAME}*"
+send "cd /app\n"
+expect "*"
send "newgrp ${ADDITIONAL_GROUP}\n"
expect "*"
send "groups\n"
@@ -75,18 +81,18 @@ EOF
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - read error message failed" && ((ret++))
isula rm -f `isula ps -a -q`
+ rm -rf ${test_log}
+
+ msg_info "${test} finished with return ${ret}..."
return ${ret}
}
declare -i ans=0
-msg_info "${test} starting..."
-
-additional_gids_test || ((ans++))
-
-rm -rf ${test_log}
-
-msg_info "${test} finished with return ${ret}..."
+for element in ${RUNTIME_LIST[@]};
+do
+ additional_gids_test $element || ((ans++))
+done
show_result ${ans} "${curr_path}/${0}"
diff --git a/CI/test_cases/container_cases/export.sh b/CI/test_cases/container_cases/export.sh
index eeef2809..1cff873d 100755
--- a/CI/test_cases/container_cases/export.sh
+++ b/CI/test_cases/container_cases/export.sh
@@ -26,7 +26,8 @@ function test_image_export()
{
local ret=0
local image="busybox"
- local test="export container test => (${FUNCNAME[@]})"
+ local runtime=$1
+ local test="export container test => (${FUNCNAME[@]}) => $runtime"
msg_info "${test} starting..."
@@ -36,7 +37,7 @@ function test_image_export()
isula images | grep busybox
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - missing list image: ${image}" && ((ret++))
- CONT=`isula run -itd busybox`
+ CONT=`isula run --runtime $runtime -itd busybox`
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image: ${image}" && ((ret++))
isula export -o export.tar ${CONT}
@@ -55,6 +56,9 @@ function test_image_export()
declare -i ans=0
-test_image_export || ((ans++))
+for element in ${RUNTIME_LIST[@]};
+do
+ test_image_export $element || ((ans++))
+done
show_result ${ans} "${curr_path}/${0}"
diff --git a/CI/test_cases/container_cases/hook_ignore_poststart_error.sh b/CI/test_cases/container_cases/hook_ignore_poststart_error.sh
index 5c86a4c1..8c636f7e 100755
--- a/CI/test_cases/container_cases/hook_ignore_poststart_error.sh
+++ b/CI/test_cases/container_cases/hook_ignore_poststart_error.sh
@@ -28,7 +28,8 @@ function test_hook_ignore_poststart_error_spec()
{
local ret=0
local image="busybox"
- local test="container hook test => (${FUNCNAME[@]})"
+ local runtime=$1
+ local test="container hook test => (${FUNCNAME[@]}) => $runtime"
CONT=test_hook_spec
cp ${test_data_path}/poststart.sh /tmp/
@@ -40,7 +41,7 @@ function test_hook_ignore_poststart_error_spec()
isula images | grep busybox
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - missing list image: ${image}" && ((ret++))
- isula run -n $CONT -itd --hook-spec ${test_data_path}/oci_hook_poststart_check.json ${image} &
+ isula run -n $CONT -itd --runtime $runtime --hook-spec ${test_data_path}/oci_hook_poststart_check.json ${image} &
for a in `seq 20`
do
@@ -74,6 +75,9 @@ function test_hook_ignore_poststart_error_spec()
declare -i ans=0
-test_hook_ignore_poststart_error_spec || ((ans++))
+for element in ${RUNTIME_LIST[@]};
+do
+ test_hook_ignore_poststart_error_spec $1 || ((ans++))
+done
show_result ${ans} "${curr_path}/${0}"
diff --git a/CI/test_cases/container_cases/hook_spec_test.sh b/CI/test_cases/container_cases/hook_spec_test.sh
index c88ed340..33b7c2e5 100755
--- a/CI/test_cases/container_cases/hook_spec_test.sh
+++ b/CI/test_cases/container_cases/hook_spec_test.sh
@@ -28,7 +28,8 @@ function test_hook_spec()
{
local ret=0
local image="busybox"
- local test="container hook test => (${FUNCNAME[@]})"
+ local runtime=$1
+ local test="container hook test => (${FUNCNAME[@]}) => $runtime"
msg_info "${test} starting..."
isula pull ${image}
@@ -37,7 +38,7 @@ function test_hook_spec()
isula images | grep busybox
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - missing list image: ${image}" && ((ret++))
- CONT=`isula run -itd --hook-spec ${test_data_path}/test-hookspec.json ${image}`
+ CONT=`isula run -itd --runtime $runtime --hook-spec ${test_data_path}/test-hookspec.json ${image}`
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image: ${image}" && ((ret++))
isula stop -t 0 ${CONT}
@@ -51,7 +52,7 @@ function test_hook_spec()
isula run -n $no_permission_container -itd --hook-spec ${test_data_path}/no_permission.json ${image} > $runlog 2>&1
[[ $? -ne 126 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to check exit code container with image: ${image}" && ((ret++))
- cat $runlog | grep "Permission denied"
+ cat $runlog | grep -i "Permission denied"
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to get no_permission output: ${image}" && ((ret++))
isula rm -f $no_permission_container
@@ -95,6 +96,9 @@ EOF
declare -i ans=0
-test_hook_spec || ((ans++))
+for element in ${RUNTIME_LIST[@]};
+do
+ test_hook_spec $element || ((ans++))
+done
show_result ${ans} "${curr_path}/${0}"
diff --git a/CI/test_cases/container_cases/bigdata_stream.sh b/CI/test_cases/container_cases/lcr_bigdata_stream.sh
similarity index 93%
rename from CI/test_cases/container_cases/bigdata_stream.sh
rename to CI/test_cases/container_cases/lcr_bigdata_stream.sh
index 3bfc2d50..c8ecc48a 100755
--- a/CI/test_cases/container_cases/bigdata_stream.sh
+++ b/CI/test_cases/container_cases/lcr_bigdata_stream.sh
@@ -40,7 +40,7 @@ function set_up()
isula images | grep busybox
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - missing list image: ${image}" && ((ret++))
- CID=$(isula run -itd ${image} sh)
+ CID=$(isula run --runtime lcr -itd ${image} sh)
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image: ${image}" && ((ret++))
isula exec -it $CID dd if=/dev/zero of=test_500M bs=1M count=500
@@ -389,33 +389,6 @@ function test_stream_with_kill_isulad()
return ${ret}
}
-function test_stream_with_runc()
-{
- local ret=0
- local image="busybox"
- local test="test_stream_with_runc => (${FUNCNAME[@]})"
- msg_info "${test} starting..."
-
- RUNCID=$(isula run -itd --runtime runc ${image} sh)
- isula exec -it $RUNCID dd if=/dev/zero of=test_500M bs=1M count=500
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to create bigdata" && ((ret++))
-
- isula exec -it $RUNCID cat test_500M > /home/iocopy_stream_data_500M
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to cat bigdata" && ((ret++))
-
- sync && sync
- total_size=$(stat -c"%s" /home/iocopy_stream_data_500M)
- [[ $total_size -ne 524288000 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stream iocopy loss data" && ((ret++))
-
- isula rm -f $RUNCID
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to rm container" && ((ret++))
-
- rm -rf /home/iocopy_stream_data_500M
-
- msg_info "${test} finished with return ${ret}..."
- return ${ret}
-}
-
function tear_down()
{
local ret=0
@@ -438,7 +411,7 @@ function test_memory_leak_with_bigdata_stream()
start_isulad_with_valgrind
- CID=$(isula run -itd ${image} sh)
+ CID=$(isula run --runtime lcr -itd ${image} sh)
isula exec -it $CID dd if=/dev/zero of=test_100M bs=1M count=100
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to create bigdata" && ((ret++))
@@ -477,7 +450,6 @@ test_stream_with_stop_lxc_monitor || ((ans++))
test_stream_with_kill_lxc_monitor || ((ans++))
test_stream_with_stop_isulad || ((ans++))
test_stream_with_kill_isulad || ((ans++))
-test_stream_with_runc || ((ans++))
tear_down || ((ans++))
test_memory_leak_with_bigdata_stream || ((ans++))
diff --git a/CI/test_cases/container_cases/exec.sh b/CI/test_cases/container_cases/lcr_exec.sh
similarity index 97%
rename from CI/test_cases/container_cases/exec.sh
rename to CI/test_cases/container_cases/lcr_exec.sh
index 96ceb884..4f51773d 100755
--- a/CI/test_cases/container_cases/exec.sh
+++ b/CI/test_cases/container_cases/lcr_exec.sh
@@ -30,7 +30,7 @@ function exec_workdir()
isula rm -f `isula ps -a -q`
- isula run -tid -n cont_workdir busybox sh
+ isula run -tid --runtime lcr -n cont_workdir busybox sh
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with --workdir" && ((ret++))
isula exec -ti --workdir /workdir cont_workdir pwd | grep "/workdir"
diff --git a/CI/test_cases/container_cases/nano_cpus.sh b/CI/test_cases/container_cases/nano_cpus.sh
index c679958d..85223038 100755
--- a/CI/test_cases/container_cases/nano_cpus.sh
+++ b/CI/test_cases/container_cases/nano_cpus.sh
@@ -26,7 +26,8 @@ function test_cpu_nano_spec()
{
local ret=0
local image="busybox"
- local test="container blkio nano test => (${FUNCNAME[@]})"
+ local runtime=$1
+ local test="container blkio nano test => (${FUNCNAME[@]}) => $runtime"
msg_info "${test} starting..."
@@ -108,6 +109,9 @@ function test_cpu_nano_spec()
declare -i ans=0
-test_cpu_nano_spec || ((ans++))
+for element in ${RUNTIME_LIST[@]};
+do
+ test_cpu_nano_spec $element || ((ans++))
+done
show_result ${ans} "${curr_path}/${0}"
diff --git a/CI/test_cases/container_cases/restart.sh b/CI/test_cases/container_cases/restart.sh
index 5902af06..fddee1f7 100755
--- a/CI/test_cases/container_cases/restart.sh
+++ b/CI/test_cases/container_cases/restart.sh
@@ -26,7 +26,8 @@ source ../helpers.sh
function do_test_t()
{
containername=test_restart
- isula run --name $containername -td busybox
+
+ isula run --runtime $1 --name $containername -td busybox
fn_check_eq "$?" "0" "run failed"
testcontainer $containername running
@@ -46,9 +47,12 @@ function do_test_t()
ret=0
-do_test_t
-if [ $? -ne 0 ];then
- let "ret=$ret + 1"
-fi
+for element in ${RUNTIME_LIST[@]};
+do
+ do_test_t $element
+ if [ $? -ne 0 ];then
+ let "ret=$ret + 1"
+ fi
+done
show_result $ret "basic restart"
diff --git a/CI/test_cases/container_cases/run.sh b/CI/test_cases/container_cases/run.sh
index ad449402..8ea3e514 100755
--- a/CI/test_cases/container_cases/run.sh
+++ b/CI/test_cases/container_cases/run.sh
@@ -25,7 +25,7 @@ source ../helpers.sh
function do_test_t()
{
- tid=`isula run -tid --name hostname busybox`
+ tid=`isula run --runtime $1 -tid --name hostname busybox`
chostname=`isula exec -it $tid hostname`
fn_check_eq "$chostname" "${tid:0:12}" "default hostname is id of container"
isula exec -it hostname env | grep HOSTNAME
@@ -37,7 +37,7 @@ function do_test_t()
containername=test_basic_run
containername2=container_to_join
- isula run --name $containername -td busybox
+ isula run --runtime $1 --name $containername -td busybox
fn_check_eq "$?" "0" "run failed"
testcontainer $containername running
@@ -48,7 +48,7 @@ function do_test_t()
isula rm $containername
fn_check_eq "$?" "0" "rm failed"
- isula run --name $containername -td -v /dev/shm:/dev/shm busybox
+ isula run --runtime $1 --name $containername -td -v /dev/shm:/dev/shm busybox
fn_check_eq "$?" "0" "run failed"
testcontainer $containername running
@@ -61,7 +61,7 @@ function do_test_t()
echo AA > /tmp/test_run_env
- isula run --name $containername -itd --user 100:100 -e AAA=BB -e BAA --env-file /tmp/test_run_env busybox
+ isula run --runtime $1 --name $containername -itd --user 100:100 -e AAA=BB -e BAA --env-file /tmp/test_run_env busybox
fn_check_eq "$?" "0" "run failed"
testcontainer $containername running
@@ -72,18 +72,21 @@ function do_test_t()
isula rm $containername
fn_check_eq "$?" "0" "rm failed"
- isula run --name $containername -itd --external-rootfs / --read-only none sh
- fn_check_eq "$?" "0" "run container with host rootfs failed"
- testcontainer $containername running
+ # runc directly uses the root directory as external rootfs and will report the error pivot_root .: device or resource busy
+ if [ $runtime == "lcr" ]; then
+ isula run --runtime $1 --name $containername -itd --external-rootfs / --read-only none sh
+ fn_check_eq "$?" "0" "run container with host rootfs failed"
+ testcontainer $containername running
- isula stop -t 0 $containername
- fn_check_eq "$?" "0" "stop failed"
- testcontainer $containername exited
+ isula stop -t 0 $containername
+ fn_check_eq "$?" "0" "stop failed"
+ testcontainer $containername exited
- isula rm $containername
- fn_check_eq "$?" "0" "rm failed"
+ isula rm $containername
+ fn_check_eq "$?" "0" "rm failed"
+ fi
- isula run --name $containername -itd --net=host --pid=host --ipc=host --uts=host busybox
+ isula run --runtime $1 --name $containername -itd --net=host --pid=host --ipc=host --uts=host busybox
fn_check_eq "$?" "0" "run failed"
testcontainer $containername running
@@ -94,7 +97,7 @@ function do_test_t()
isula rm $containername
fn_check_eq "$?" "0" "rm failed"
- isula run --name $containername -itd --net=none --pid=none --ipc=none --uts=none busybox
+ isula run --runtime $1 --name $containername -itd --net=none --pid=none --ipc=none --uts=none busybox
fn_check_eq "$?" "0" "run failed"
testcontainer $containername running
@@ -105,11 +108,11 @@ function do_test_t()
isula rm $containername
fn_check_eq "$?" "0" "rm failed"
- isula run --name $containername2 -itd busybox
+ isula run --runtime $1 --name $containername2 -itd busybox
fn_check_eq "$?" "0" "run failed"
testcontainer $containername2 running
- isula run --name $containername -itd --net=container:$containername2 --pid=container:$containername2 --ipc=container:$containername2 --uts=container:$containername2 busybox
+ isula run --runtime $1 --name $containername -itd --net=container:$containername2 --pid=container:$containername2 --ipc=container:$containername2 --uts=container:$containername2 busybox
fn_check_eq "$?" "0" "run failed"
testcontainer $containername running
@@ -135,7 +138,7 @@ function do_run_remote_test_t()
local ret=0
local image="busybox"
local config='tcp://127.0.0.1:2890'
- local test="container start with --attach remote test => (${FUNCNAME[@]})"
+ local test="container start with --attach remote test => (${FUNCNAME[@]}) => $1"
check_valgrind_log
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++))
@@ -144,13 +147,13 @@ function do_run_remote_test_t()
containername=run_remote
- isula run -ti -H "$config" --name $containername busybox xxx
+ isula run --runtime $1 -ti -H "$config" --name $containername busybox xxx
[[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed check invalid run ${containername} remote" && ((ret++))
testcontainer $containername exited
isula rm -f -H "$config" $containername
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to rm container remote" && ((ret++))
- isula run -ti -H "$config" --name $containername busybox /bin/sh -c 'echo "hello"' | grep hello
+ isula run --runtime $1 -ti -H "$config" --name $containername busybox /bin/sh -c 'echo "hello"' | grep hello
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run ${containername} remote" && ((ret++))
testcontainer $containername exited
@@ -169,8 +172,10 @@ function do_run_remote_test_t()
declare -i ans=0
-do_test_t || ((ans++))
-
-do_run_remote_test_t || ((ans++))
+for element in ${RUNTIME_LIST[@]};
+do
+ do_test_t $element || ((ans++))
+ do_run_remote_test_t $element || ((ans++))
+done
show_result ${ans} "${curr_path}/${0}"
diff --git a/CI/test_cases/container_cases/bigdata_stream_runc.sh b/CI/test_cases/container_cases/runc_bigdata_stream.sh
similarity index 100%
rename from CI/test_cases/container_cases/bigdata_stream_runc.sh
rename to CI/test_cases/container_cases/runc_bigdata_stream.sh
diff --git a/CI/test_cases/container_cases/exec_runc.sh b/CI/test_cases/container_cases/runc_exec.sh
similarity index 100%
rename from CI/test_cases/container_cases/exec_runc.sh
rename to CI/test_cases/container_cases/runc_exec.sh
diff --git a/CI/test_cases/container_cases/seccomp.sh b/CI/test_cases/container_cases/seccomp.sh
index 9e886d10..3cb08d84 100755
--- a/CI/test_cases/container_cases/seccomp.sh
+++ b/CI/test_cases/container_cases/seccomp.sh
@@ -39,8 +39,9 @@ function do_pre() {
function do_test() {
local ret=0
-
- msg_info "this is $0 do_test"
+ local runtime=$1
+ local test="seccomp test => (${runtime})"
+ msg_info "${test} starting..."
cid1=$(isula run -tid --security-opt seccomp=/etc/isulad/seccomp_default.json busybox sh)
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - Failed to run container with the default seccomp profile" && ((ret++))
@@ -52,7 +53,7 @@ function do_test() {
--security-opt seccomp=${test_data_path}/seccomp_profile_without_archmap.json busybox sh)
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - Failed to run container with multiple seccomp profiles" && ((ret++))
- isula stop "${cid1}" "${cid2}" "${cid3}"
+ isula stop -t 0 "${cid1}" "${cid2}" "${cid3}"
isula rm -f $(isula ps -qa)
@@ -69,7 +70,10 @@ declare -i ans=0
do_pre || ((ans++))
-do_test || ((ans++))
+for element in ${RUNTIME_LIST[@]};
+do
+ do_test $element || ((ans++))
+done
do_post
diff --git a/CI/test_cases/container_cases/stop.sh b/CI/test_cases/container_cases/stop.sh
index 962e72f3..13292710 100755
--- a/CI/test_cases/container_cases/stop.sh
+++ b/CI/test_cases/container_cases/stop.sh
@@ -25,8 +25,12 @@ source ../helpers.sh
function do_test_t()
{
+ local runtime=$1
+ local test="start_test => (${runtime})"
+ msg_info "${test} starting..."
+
containername=test_stop
- isula run --name $containername -td busybox
+ isula run --runtime $runtime --name $containername -td busybox
fn_check_eq "$?" "0" "run failed"
testcontainer $containername running
@@ -61,14 +65,19 @@ function do_test_t()
isula rm $containername
fn_check_eq "$?" "0" "rm failed"
+ msg_info "${test} finished with return ${ret}..."
+
return $TC_RET_T
}
ret=0
-do_test_t
-if [ $? -ne 0 ];then
- let "ret=$ret + 1"
-fi
+for element in ${RUNTIME_LIST[@]};
+do
+ do_test_t $element
+ if [ $? -ne 0 ];then
+ let "ret=$ret + 1"
+ fi
+done
show_result $ret "basic stop"
diff --git a/CI/test_cases/critest.sh b/CI/test_cases/critest.sh
index 044ce2ed..f8d4975e 100755
--- a/CI/test_cases/critest.sh
+++ b/CI/test_cases/critest.sh
@@ -130,7 +130,7 @@ function test_critest() {
function do_test_t() {
local ret=0
- local runtime="lcr"
+ local runtime="runc"
local test="critest => $runtime"
msg_info "${test} starting..."
echo "${test}" >> ${testcase_data}/critest.log
@@ -143,11 +143,11 @@ function do_test_t() {
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++))
# replace default runtime
- sed -i 's/"default-runtime": "lcr"/"default-runtime": "runc"/g' /etc/isulad/daemon.json
+ sed -i 's/"default-runtime": "runc"/"default-runtime": "lcr"/g' /etc/isulad/daemon.json
start_isulad_without_valgrind --selinux-enabled --network-plugin cni
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad with selinux and cni failed" && ((ret++))
- runtime=runc
+ runtime=lcr
test="critest => $runtime"
msg_info "${test} starting..."
echo "${test}" >> ${testcase_data}/critest.log
--
2.42.0

737
0032-add-ut-for-devicemapper.patch
View File

@ -1,737 +0,0 @@
From ca297d26dc1e7b47d6987c6bbbd92dd2e3d78670 Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Wed, 22 Nov 2023 22:05:04 +0800
Subject: [PATCH 32/64] add ut for devicemapper
Signed-off-by: jikai <jikai11@huawei.com>
---
test/image/oci/storage/layers/CMakeLists.txt | 2 +
.../storage/layers/devmapper/CMakeLists.txt | 71 +++++
...9702e4bd316dd50ae85467b0378a419b23b60ba73d | 6 +
...a9fb83febf6dc0b1548dfe896161533668281c9f4f | 6 +
...0a625721fdbea5c94ca6da897acdd814d710149770 | 6 +
.../devmapper/data/devicemapper/metadata/base | 7 +
.../devicemapper/metadata/deviceset-metadata | 5 +
.../metadata/transaction-metadata | 5 +
.../layers/devmapper/driver_devmapper_ut.cc | 283 ++++++++++++++++++
test/mocks/libdevmapper_mock.cc | 191 ++++++++++++
test/mocks/libdevmapper_mock.h | 52 ++++
11 files changed, 634 insertions(+)
create mode 100644 test/image/oci/storage/layers/devmapper/CMakeLists.txt
create mode 100644 test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/068615102be4457b22d40c9702e4bd316dd50ae85467b0378a419b23b60ba73d
create mode 100644 test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f
create mode 100644 test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/ba0dae6243cc9fa2890df40a625721fdbea5c94ca6da897acdd814d710149770
create mode 100644 test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/base
create mode 100644 test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/deviceset-metadata
create mode 100644 test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/transaction-metadata
create mode 100644 test/image/oci/storage/layers/devmapper/driver_devmapper_ut.cc
create mode 100644 test/mocks/libdevmapper_mock.cc
create mode 100644 test/mocks/libdevmapper_mock.h
diff --git a/test/image/oci/storage/layers/CMakeLists.txt b/test/image/oci/storage/layers/CMakeLists.txt
index 413a8b38..e1c76453 100644
--- a/test/image/oci/storage/layers/CMakeLists.txt
+++ b/test/image/oci/storage/layers/CMakeLists.txt
@@ -1,5 +1,7 @@
project(iSulad_UT)
+add_subdirectory(devmapper)
+
# storage_driver_ut
SET(DRIVER_EXE storage_driver_ut)
diff --git a/test/image/oci/storage/layers/devmapper/CMakeLists.txt b/test/image/oci/storage/layers/devmapper/CMakeLists.txt
new file mode 100644
index 00000000..f98de1a8
--- /dev/null
+++ b/test/image/oci/storage/layers/devmapper/CMakeLists.txt
@@ -0,0 +1,71 @@
+project(iSulad_UT)
+
+# driver_devmapper_ut
+SET(DRIVER_DEVMAPPER_EXE driver_devmapper_ut)
+
+add_executable(${DRIVER_DEVMAPPER_EXE}
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/utils.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/utils_regex.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/utils_verify.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/utils_array.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/utils_string.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/utils_convert.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/utils_file.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/utils_fs.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/util_atomic.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/utils_base64.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/utils_timestamp.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/path.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/map/map.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/map/rb_tree.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/buffer/buffer.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/tar/util_archive.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/tar/util_gzip.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/sha256/sha256.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/config/daemon_arguments.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/config/isulad_config.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/common/err_msg.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/common/selinux_label.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/metadata_store.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../mocks/libdevmapper_mock.cc
+ driver_devmapper_ut.cc)
+
+target_include_directories(${DRIVER_DEVMAPPER_EXE} PUBLIC
+ ${GTEST_INCLUDE_DIR}
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../include
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/common
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/tar
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/map
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/sha256
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/console
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/buffer
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/config
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/common
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/api
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/remote_layer_support
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../mocks
+ )
+
+set_target_properties(${DRIVER_DEVMAPPER_EXE} PROPERTIES LINK_FLAGS "-Wl,--wrap,util_exec_cmd -Wl,--wrap,util_mount -Wl,--wrap,umount2")
+
+target_link_libraries(${DRIVER_DEVMAPPER_EXE}
+ ${GTEST_BOTH_LIBRARIES}
+ ${GMOCK_LIBRARY}
+ ${GMOCK_MAIN_LIBRARY}
+ ${CMAKE_THREAD_LIBS_INIT}
+ ${ISULA_LIBUTILS_LIBRARY}
+ ${LIBTAR_LIBRARY}
+ -lcrypto -lyajl -larchive ${SELINUX_LIBRARY} -lz -lcap)
+
+add_test(NAME ${DRIVER_DEVMAPPER_EXE} COMMAND ${DRIVER_DEVMAPPER_EXE} --gtest_output=xml:${DRIVER_DEVMAPPER_EXE}-Results.xml)
+set_tests_properties(${DRIVER_DEVMAPPER_EXE} PROPERTIES TIMEOUT 120)
diff --git a/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/068615102be4457b22d40c9702e4bd316dd50ae85467b0378a419b23b60ba73d b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/068615102be4457b22d40c9702e4bd316dd50ae85467b0378a419b23b60ba73d
new file mode 100644
index 00000000..f51ae926
--- /dev/null
+++ b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/068615102be4457b22d40c9702e4bd316dd50ae85467b0378a419b23b60ba73d
@@ -0,0 +1,6 @@
+{
+ "hash": "068615102be4457b22d40c9702e4bd316dd50ae85467b0378a419b23b60ba73d",
+ "device_id": 6,
+ "size": 10737418240,
+ "transaction_id": 8
+}
diff --git a/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f
new file mode 100644
index 00000000..de727a79
--- /dev/null
+++ b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f
@@ -0,0 +1,6 @@
+{
+ "hash": "3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f",
+ "device_id": 4,
+ "size": 10737418240,
+ "transaction_id": 4
+}
diff --git a/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/ba0dae6243cc9fa2890df40a625721fdbea5c94ca6da897acdd814d710149770 b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/ba0dae6243cc9fa2890df40a625721fdbea5c94ca6da897acdd814d710149770
new file mode 100644
index 00000000..e1e8988e
--- /dev/null
+++ b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/ba0dae6243cc9fa2890df40a625721fdbea5c94ca6da897acdd814d710149770
@@ -0,0 +1,6 @@
+{
+ "hash": "ba0dae6243cc9fa2890df40a625721fdbea5c94ca6da897acdd814d710149770",
+ "device_id": 2,
+ "size": 10737418240,
+ "transaction_id": 2
+}
diff --git a/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/base b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/base
new file mode 100644
index 00000000..2412113d
--- /dev/null
+++ b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/base
@@ -0,0 +1,7 @@
+{
+ "hash": "base",
+ "device_id": 1,
+ "size": 10737418240,
+ "transaction_id": 1,
+ "initialized": true
+}
diff --git a/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/deviceset-metadata b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/deviceset-metadata
new file mode 100644
index 00000000..94f7a6a3
--- /dev/null
+++ b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/deviceset-metadata
@@ -0,0 +1,5 @@
+{
+ "next_device_id": 7,
+ "BaseDeviceFilesystem": "ext4",
+ "BaseDeviceUUID": "4fa22307-0c88-4fa4-8f16-a9459e9cbc4a"
+}
diff --git a/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/transaction-metadata b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/transaction-metadata
new file mode 100644
index 00000000..a011249a
--- /dev/null
+++ b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/transaction-metadata
@@ -0,0 +1,5 @@
+{
+ "open_transaction_id": 8,
+ "device_hash": "068615102be4457b22d40c9702e4bd316dd50ae85467b0378a419b23b60ba73d",
+ "device_id": 6
+}
diff --git a/test/image/oci/storage/layers/devmapper/driver_devmapper_ut.cc b/test/image/oci/storage/layers/devmapper/driver_devmapper_ut.cc
new file mode 100644
index 00000000..59e53f97
--- /dev/null
+++ b/test/image/oci/storage/layers/devmapper/driver_devmapper_ut.cc
@@ -0,0 +1,283 @@
+/******************************************************************************
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved.
+ * iSulad licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Author: jikai
+ * Create: 2023-11-22
+ * Description: provide oci storage driver unit test for devmapper
+ ******************************************************************************/
+
+#include <gtest/gtest.h>
+#include <gmock/gmock.h>
+
+#include "driver_devmapper.h"
+#include "mock.h"
+#include "path.h"
+#include "utils.h"
+#include "libdevmapper_mock.h"
+
+using ::testing::Invoke;
+using ::testing::NiceMock;
+using ::testing::Return;
+using ::testing::_;
+
+extern "C" {
+ DECLARE_WRAPPER_V(util_exec_cmd, bool, (exec_func_t cb_func, void *args, const char *stdin_msg, char **stdout_msg, char **stderr_msg));
+ DEFINE_WRAPPER_V(util_exec_cmd, bool, (exec_func_t cb_func, void *args, const char *stdin_msg, char **stdout_msg, char **stderr_msg), (cb_func, args, stdin_msg, stdout_msg, stderr_msg));
+
+ DECLARE_WRAPPER(util_mount, int, (const char *src, const char *dst, const char *mtype, const char *mntopts));
+ DEFINE_WRAPPER(util_mount, int, (const char *src, const char *dst, const char *mtype, const char *mntopts), (src, dst, mtype, mntopts));
+
+ DECLARE_WRAPPER(umount2, int, (const char *__special_file, int __flags));
+ DEFINE_WRAPPER(umount2, int, (const char *__special_file, int __flags), (__special_file, __flags));
+}
+
+static std::string GetDirectory()
+{
+ char abs_path[PATH_MAX] { 0x00 };
+ int ret = readlink("/proc/self/exe", abs_path, sizeof(abs_path));
+ if (ret < 0 || static_cast<size_t>(ret) >= sizeof(abs_path)) {
+ return "";
+ }
+
+ for (int i { ret }; i >= 0; --i) {
+ if (abs_path[i] == '/') {
+ abs_path[i + 1] = '\0';
+ break;
+ }
+ }
+
+ return static_cast<std::string>(abs_path) + "../../../../../../../test/image/oci/storage/layers/devmapper";
+}
+
+static bool invokeUtilExecCmd(exec_func_t cb_func, void *args, const char *stdin_msg, char **stdout_msg, char **stderr_msg)
+{
+ if (cb_func == nullptr || args == nullptr || stdout_msg == nullptr || stderr_msg == nullptr) {
+ return false;
+ }
+
+ char **tmp_args = static_cast<char **>(args);
+
+ if (util_array_len((const char **)tmp_args) < 1) {
+ return false;
+ }
+
+ if (strcmp(tmp_args[0], "blkid") == 0) {
+ *stdout_msg = util_strdup_s("4fa22307-0c88-4fa4-8f16-a9459e9cbc4a");
+ }
+ return true;
+}
+
+static struct dm_task *invokeDMTaskCreate(int type) {
+ return static_cast<struct dm_task *>(util_common_calloc_s(sizeof(0)));
+}
+
+static void invokeDMTaskDestroy(struct dm_task *task) {
+ free(task);
+ return;
+}
+
+static int invokeDMTaskGetDriverVersion(struct dm_task *task, char *version, size_t size) {
+ if (task == nullptr || version == nullptr || strncpy(version, "4.27.0", size) == NULL) {
+ return 0;
+ }
+
+ return 1;
+}
+
+static int invokeDMTaskGetInfo(struct dm_task *task, struct dm_info *dmi) {
+ if (task == nullptr || dmi == nullptr) {
+ return 0;
+ }
+
+ dmi->exists = 1;
+ return 1;
+}
+
+static void *invokeDMGetNextTarget(struct dm_task *task, void *next, uint64_t *start, uint64_t *length,
+ char **target_type, char **params) {
+ static char type[] = "thin-pool";
+ static char par[] = "0 0/1024 0/1024";
+ if (target_type) {
+ *target_type = type;
+ }
+ if (params) {
+ *params = par;
+ }
+ return nullptr;
+}
+
+class DriverDevmapperUnitTest : public testing::Test {
+protected:
+ void SetUp() override
+ {
+ MockLibdevmapper_SetMock(&m_libdevmapper_mock);
+ std::string isulad_dir { "/tmp/isulad/" };
+ mkdir(isulad_dir.c_str(), 0755);
+ std::string root_dir = isulad_dir + "data";
+ std::string run_dir = isulad_dir + "data/run";
+ std::string data_dir = GetDirectory() + "/data";
+ std::string driver_home = root_dir + "/devicemapper";
+
+ ASSERT_STRNE(util_clean_path(data_dir.c_str(), data_path, sizeof(data_path)), nullptr);
+ std::string cp_command = "cp -r " + std::string(data_path) + " " + isulad_dir;
+ ASSERT_EQ(system(cp_command.c_str()), 0);
+
+ char **driver_opts = static_cast<char **>(util_common_calloc_s(3 * sizeof(char *)));
+ driver_opts[0] = strdup("dm.thinpooldev=/dev/mapper/isulad0-thinpool");
+ driver_opts[1] = strdup("dm.fs=ext4");
+ driver_opts[2] = strdup("dm.min_free_space=10%");
+ int driver_opts_len = 3;
+
+ ASSERT_EQ(devmapper_init(&driver, nullptr, (const char **)driver_opts, driver_opts_len), -1);
+
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskCreate(_)).WillRepeatedly(Invoke(invokeDMTaskCreate));
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskSetMessage(_, _)).WillRepeatedly(Return(1));
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskSetSector(_, _)).WillRepeatedly(Return(1));
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskSetAddNode(_, _)).WillRepeatedly(Return(1));
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskAddTarget(_, _, _, _, _)).WillRepeatedly(Return(1));
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskSetName(_, _)).WillRepeatedly(Return(1));
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskRun(_)).WillRepeatedly(Return(1));
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskDestroy(_)).WillRepeatedly(Invoke(invokeDMTaskDestroy));
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskGetInfo(_, _)).WillRepeatedly(Invoke(invokeDMTaskGetInfo));
+ EXPECT_CALL(m_libdevmapper_mock, DMGetNextTarget(_, _, _, _, _, _)).WillRepeatedly(Invoke(invokeDMGetNextTarget));
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskSetCookie(_, _, _)).WillRepeatedly(Return(1));
+ EXPECT_CALL(m_libdevmapper_mock, DMUdevWait(_)).WillRepeatedly(Return(1));
+ EXPECT_CALL(m_libdevmapper_mock, DMUdevComplete(_)).WillRepeatedly(Return(1));
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskDeferredRemove(_)).WillRepeatedly(Return(1));
+
+
+ char *names = static_cast<char *>(util_common_calloc_s(sizeof(struct dm_names) + strlen("isulad0-pool") + 1));
+ struct dm_names *dname = (struct dm_names *)names;
+ dname->dev = 1;
+ dname->next = 0;
+ strcpy(names + sizeof(struct dm_names), "isulad0-pool");
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskGetNames(_)).WillOnce(Return(dname));
+ EXPECT_CALL(m_libdevmapper_mock, DMSetDevDir(_)).WillOnce(Return(1));
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskGetDriverVersion(_, _, _)).WillOnce(Invoke(invokeDMTaskGetDriverVersion));
+ EXPECT_CALL(m_libdevmapper_mock, DMUdevGetSyncSupport()).WillOnce(Return(1));
+
+ MOCK_SET_V(util_exec_cmd, invokeUtilExecCmd);
+
+ ASSERT_EQ(devmapper_init(&driver, driver_home.c_str(), (const char **)driver_opts, driver_opts_len), 0);
+ MOCK_CLEAR(util_exec_cmd);
+
+ util_free_array_by_len(driver_opts, driver_opts_len);
+ free(names);
+ }
+
+ void TearDown() override
+ {
+ MockLibdevmapper_SetMock(nullptr);
+ std::string rm_command = "rm -rf /tmp/isulad/";
+ ASSERT_EQ(system(rm_command.c_str()), 0);
+ }
+
+ NiceMock<MockLibdevmapper> m_libdevmapper_mock;
+ char data_path[PATH_MAX] = { 0x00 };
+ graphdriver driver = {.ops = nullptr, .name = "devicemapper", };
+};
+
+TEST_F(DriverDevmapperUnitTest, test_devmapper_layer_exists)
+{
+ std::string id { "3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f" };
+ std::string incorrectId { "eb29745b8228e1e97c01b1d5c2554a319c00a94d8dd5746a3904222ad65a13f8" };
+ ASSERT_TRUE(devmapper_layer_exist(id.c_str(), &driver));
+ ASSERT_FALSE(devmapper_layer_exist(incorrectId.c_str(), &driver));
+}
+
+TEST_F(DriverDevmapperUnitTest, test_devmapper_create_rw)
+{
+ std::string id { "eb29745b8228e1e97c01b1d5c2554a319c00a94d8dd5746a3904222ad65a13f8" };
+ struct driver_create_opts *create_opts;
+
+ create_opts = (struct driver_create_opts *)util_common_calloc_s(sizeof(struct driver_create_opts));
+ ASSERT_NE(create_opts, nullptr);
+
+ create_opts->storage_opt = static_cast<json_map_string_string *>(util_common_calloc_s(sizeof(json_map_string_string)));
+ ASSERT_NE(create_opts->storage_opt, nullptr);
+ create_opts->storage_opt->keys = static_cast<char **>(util_common_calloc_s(sizeof(char *)));
+ create_opts->storage_opt->values = static_cast<char **>(util_common_calloc_s(sizeof(char *)));
+ create_opts->storage_opt->keys[0] = strdup("size");
+ create_opts->storage_opt->values[0] = strdup("10G");
+ create_opts->storage_opt->len = 1;
+
+ ASSERT_EQ(devmapper_create_rw(id.c_str(), nullptr, &driver, create_opts), 0);
+ ASSERT_TRUE(devmapper_layer_exist(id.c_str(), &driver));
+}
+
+TEST_F(DriverDevmapperUnitTest, test_devmapper_mount_layer)
+{
+ std::string id { "3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f" };
+ std::string merged_dir = "/tmp/isulad/data/devicemapper/mnt/" + id + "/rootfs";
+ struct driver_mount_opts *mount_opts = nullptr;
+ char* mount_dir = nullptr;
+
+ MOCK_SET(util_mount, 0);
+ mount_dir = devmapper_mount_layer(id.c_str(), &driver, mount_opts);
+ ASSERT_STREQ(mount_dir, merged_dir.c_str());
+ MOCK_CLEAR(util_mount);
+
+ MOCK_SET(umount2, 0);
+ ASSERT_EQ(devmapper_umount_layer(id.c_str(), &driver), 0);
+ MOCK_CLEAR(umount2);
+ free(mount_dir);
+ mount_dir = nullptr;
+
+ mount_opts = static_cast<struct driver_mount_opts *>(util_common_calloc_s(sizeof(struct driver_mount_opts)));
+ ASSERT_NE(mount_opts, nullptr);
+ mount_opts->options = static_cast<char **>(util_common_calloc_s(1 * sizeof(char *)));
+ mount_opts->options[0] = strdup("ro");
+ mount_opts->options_len = 1;
+
+ MOCK_SET(util_mount, 0);
+ mount_dir = devmapper_mount_layer(id.c_str(), &driver, mount_opts);
+ ASSERT_STREQ(mount_dir, merged_dir.c_str());
+ MOCK_CLEAR(util_mount);
+
+ MOCK_SET(umount2, 0);
+ ASSERT_EQ(devmapper_umount_layer(id.c_str(), &driver), 0);
+ MOCK_CLEAR(umount2);
+ free(mount_opts->mount_label);
+ util_free_array_by_len(mount_opts->options, mount_opts->options_len);
+ free(mount_opts);
+ free(mount_dir);
+}
+
+TEST_F(DriverDevmapperUnitTest, test_devmapper_get_layer_metadata)
+{
+ std::string id { "3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f" };
+ json_map_string_string *map_info = static_cast<json_map_string_string *>(util_common_calloc_s(sizeof(json_map_string_string)));
+
+ ASSERT_EQ(devmapper_get_layer_metadata(id.c_str(), &driver, map_info), 0);
+ ASSERT_EQ(map_info->len, 4);
+ ASSERT_STREQ(map_info->keys[0], "DeviceId");
+ ASSERT_STREQ(map_info->values[0], "4");
+ ASSERT_STREQ(map_info->keys[1], "DeviceSize");
+ ASSERT_STREQ(map_info->values[1], "10737418240");
+ ASSERT_STREQ(map_info->keys[2], "DeviceName");
+ ASSERT_STREQ(map_info->keys[3], "MergedDir");
+ ASSERT_STREQ(map_info->values[3], "/tmp/isulad/data/devicemapper/mnt/3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f/rootfs");
+
+ free_json_map_string_string(map_info);
+}
+
+TEST_F(DriverDevmapperUnitTest, test_devmapper_get_driver_status)
+{
+ struct graphdriver_status *status = static_cast<struct graphdriver_status *>(util_common_calloc_s(sizeof(struct graphdriver_status)));
+
+ EXPECT_CALL(m_libdevmapper_mock, DMUdevGetSyncSupport()).WillOnce(Return(1));
+
+ ASSERT_EQ(devmapper_get_driver_status(&driver, status), 0);
+ ASSERT_STREQ(status->driver_name, "devicemapper");
+ free(status->driver_name);
+ free(status->backing_fs);
+ free(status->status);
+ free(status);
+}
diff --git a/test/mocks/libdevmapper_mock.cc b/test/mocks/libdevmapper_mock.cc
new file mode 100644
index 00000000..7d6c8024
--- /dev/null
+++ b/test/mocks/libdevmapper_mock.cc
@@ -0,0 +1,191 @@
+/******************************************************************************
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+ * iSulad licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Author: jikai
+ * Create: 2023-11-22
+ * Description: provide lib device mapper mock
+ ******************************************************************************/
+
+#include "libdevmapper_mock.h"
+
+namespace {
+MockLibdevmapper *g_libdevmapper_mock = nullptr;
+}
+
+void MockLibdevmapper_SetMock(MockLibdevmapper* mock)
+{
+ g_libdevmapper_mock = mock;
+}
+
+struct dm_task *dm_task_create(int type)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMTaskCreate(type);
+ }
+ return nullptr;
+}
+
+int dm_task_set_message(struct dm_task *dmt, const char *msg)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMTaskSetMessage(dmt, msg);
+ }
+ return 0;
+}
+
+int dm_task_set_sector(struct dm_task *dmt, uint64_t sector)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMTaskSetSector(dmt, sector);
+ }
+ return 0;
+}
+
+int dm_task_set_add_node(struct dm_task *dmt, dm_add_node_t add_node)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMTaskSetAddNode(dmt, add_node);
+ }
+ return 0;
+}
+
+int dm_task_add_target(struct dm_task *dmt, uint64_t start, uint64_t size, const char *ttype, const char *params)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMTaskAddTarget(dmt, start, size, ttype, params);
+ }
+ return 0;
+}
+
+int dm_set_dev_dir(const char *dir)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMSetDevDir(dir);
+ }
+ return 0;
+}
+
+int dm_task_set_name(struct dm_task *dmt, const char *name)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMTaskSetName(dmt, name);
+ }
+ return 0;
+}
+
+int dm_task_run(struct dm_task *dmt)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMTaskRun(dmt);
+ }
+ return 0;
+}
+
+int dm_task_get_driver_version(struct dm_task *dmt, char *version, size_t size)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMTaskGetDriverVersion(dmt, version, size);
+ }
+ return 0;
+}
+
+void dm_task_destroy(struct dm_task *dmt)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ g_libdevmapper_mock->DMTaskDestroy(dmt);
+ }
+}
+
+int dm_get_library_version(char *version, size_t size)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMGetLibraryVersion(version, size);
+ }
+ return 0;
+}
+
+int dm_task_get_info(struct dm_task *dmt, struct dm_info *info)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMTaskGetInfo(dmt, info);
+ }
+ return 0;
+}
+
+void *dm_get_next_target(struct dm_task *dmt, void *next, uint64_t *start, uint64_t *length,
+ char **target_type, char **params)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMGetNextTarget(dmt, next, start, length, target_type, params);
+ }
+ return nullptr;
+}
+
+int dm_task_set_cookie(struct dm_task *dmt, uint32_t *cookie, uint16_t flags)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMTaskSetCookie(dmt, cookie, flags);
+ }
+ return 0;
+}
+
+int dm_udev_wait(uint32_t cookie)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMUdevWait(cookie);
+ }
+ return 0;
+}
+
+int dm_udev_complete(uint32_t cookie)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMUdevComplete(cookie);
+ }
+ return 0;
+}
+
+int dm_task_deferred_remove(struct dm_task *dmt)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMTaskDeferredRemove(dmt);
+ }
+ return 0;
+}
+
+struct dm_names *dm_task_get_names(struct dm_task *dmt)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMTaskGetNames(dmt);
+ }
+ return nullptr;
+}
+
+int dm_udev_get_sync_support(void)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMUdevGetSyncSupport();
+ }
+ return 0;
+}
+
+void dm_udev_set_sync_support(int sync_with_udev)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ g_libdevmapper_mock->DMUdevSetSyncSupport(sync_with_udev);
+ }
+}
+
+void dm_log_with_errno_init(void log_cb(int level, const char *file, int line, int dm_errno_or_class, const char *f, ...))
+{
+ if (g_libdevmapper_mock != nullptr) {
+ g_libdevmapper_mock->DMLogWithErrnoInit(log_cb);
+ }
+}
diff --git a/test/mocks/libdevmapper_mock.h b/test/mocks/libdevmapper_mock.h
new file mode 100644
index 00000000..53c5ad4b
--- /dev/null
+++ b/test/mocks/libdevmapper_mock.h
@@ -0,0 +1,52 @@
+/******************************************************************************
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+ * iSulad licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Author: jikai
+ * Create: 2023-11-22
+ * Description: provide lib device mapper mock
+ ******************************************************************************/
+
+#ifndef _ISULAD_TEST_MOCKS_DEVMAPPER_MOCK_H
+#define _ISULAD_TEST_MOCKS_DEVMAPPER_MOCK_H
+
+#include <gmock/gmock.h>
+
+#include <libdevmapper.h>
+
+class MockLibdevmapper {
+public:
+ virtual ~MockLibdevmapper() = default;
+ MOCK_METHOD1(DMTaskCreate, struct dm_task*(int type));
+ MOCK_METHOD2(DMTaskSetMessage, int(struct dm_task *dmt, const char *msg));
+ MOCK_METHOD2(DMTaskSetSector, int(struct dm_task *dmt, uint64_t sector));
+ MOCK_METHOD2(DMTaskSetAddNode, int(struct dm_task *dmt, dm_add_node_t add_node));
+ MOCK_METHOD5(DMTaskAddTarget, int(struct dm_task *dmt, uint64_t start, uint64_t size, const char *ttype, const char *params));
+ MOCK_METHOD1(DMSetDevDir, int(const char *dir));
+ MOCK_METHOD2(DMTaskSetName, int(struct dm_task *dmt, const char *name));
+ MOCK_METHOD1(DMTaskRun, int(struct dm_task *dmt));
+ MOCK_METHOD3(DMTaskGetDriverVersion, int(struct dm_task *dmt, char *version, size_t size));
+ MOCK_METHOD1(DMTaskDestroy, void(struct dm_task *dmt));
+ MOCK_METHOD2(DMGetLibraryVersion, int(char *version, size_t size));
+ MOCK_METHOD2(DMTaskGetInfo, int(struct dm_task *dmt, struct dm_info *info));
+ MOCK_METHOD6(DMGetNextTarget, void*(struct dm_task *dmt, void *next, uint64_t *start, uint64_t *length,
+ char **target_type, char **params));
+ MOCK_METHOD3(DMTaskSetCookie, int(struct dm_task *dmt, uint32_t *cookie, uint16_t flags));
+ MOCK_METHOD1(DMUdevWait, int(uint32_t cookie));
+ MOCK_METHOD1(DMUdevComplete, int(uint32_t cookie));
+ MOCK_METHOD1(DMTaskDeferredRemove, int(struct dm_task *dmt));
+ MOCK_METHOD1(DMTaskGetNames, struct dm_names *(struct dm_task *dmt));
+ MOCK_METHOD0(DMUdevGetSyncSupport, int(void));
+ MOCK_METHOD1(DMUdevSetSyncSupport, void(int sync_with_udev));
+ MOCK_METHOD1(DMLogWithErrnoInit, void(void log_cb(int level, const char *file, int line, int dm_errno_or_class, const char *f, ...)));
+};
+
+void MockLibdevmapper_SetMock(MockLibdevmapper* mock);
+
+#endif
--
2.42.0

46
0033-2275-bugfix-for-rt_lcr_rebuild_config.patch
View File

@ -1,46 +0,0 @@
From fa7356538c7f747a81aa3d0a511a662ee4345afe Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Fri, 24 Nov 2023 08:33:45 +0000
Subject: [PATCH 33/64] !2275 bugfix for rt_lcr_rebuild_config * bugfix for
rt_lcr_rebuild_config
---
src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
index 8f7211d7..44ecab5a 100644
--- a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
+++ b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
@@ -777,6 +777,7 @@ int rt_lcr_rebuild_config(const char *name, const char *runtime, const rt_rebuil
{
int ret = -1;
int nret = 0;
+ bool rebuild_success = false;
char config_file[PATH_MAX] = { 0 };
char bak_config_file[PATH_MAX] = { 0 };
char oci_config_file[PATH_MAX] = { 0 };
@@ -825,8 +826,8 @@ int rt_lcr_rebuild_config(const char *name, const char *runtime, const rt_rebuil
goto out;
}
- nret = engine_ops->engine_create_op(name, params->rootpath, (void *)oci_spec);
- if (nret != 0) {
+ rebuild_success = engine_ops->engine_create_op(name, params->rootpath, (void *)oci_spec);
+ if (!rebuild_success) {
// delete the invalid config file to prevent rename failed
if (util_fileself_exists(config_file) && util_path_remove(config_file) != 0) {
WARN("Failed to remove bak_config_file for container %s", name);
@@ -835,7 +836,8 @@ int rt_lcr_rebuild_config(const char *name, const char *runtime, const rt_rebuil
WARN("Failed to rename backup old config to config for container %s", name);
}
}
- ret = nret != 0 ? -1 : 0;
+ ret = rebuild_success ? 0 : -1;
+
out:
if (engine_ops != NULL && engine_ops->engine_clear_errmsg_op != NULL) {
engine_ops->engine_clear_errmsg_op();
--
2.42.0

25
0034-2277-remove-shim-v2-format-error-log.patch
View File

@ -1,25 +0,0 @@
From fe03c12676b8a48a2aede2d177f2cbcbdd68f930 Mon Sep 17 00:00:00 2001
From: jake <jikai11@huawei.com>
Date: Sat, 25 Nov 2023 03:34:01 +0000
Subject: [PATCH 34/64] !2277 remove shim v2 format error log * remove shim v2
format error log
---
src/daemon/modules/runtime/shim/shim_rt_ops.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/daemon/modules/runtime/shim/shim_rt_ops.c b/src/daemon/modules/runtime/shim/shim_rt_ops.c
index 1bc9dc54..5066f804 100644
--- a/src/daemon/modules/runtime/shim/shim_rt_ops.c
+++ b/src/daemon/modules/runtime/shim/shim_rt_ops.c
@@ -115,7 +115,6 @@ bool is_valid_v2_runtime(const char* name)
parts_len = util_array_len((const char **)parts);
if (!(parts_len == 4 && strcmp(parts[0], "io") == 0 && strcmp(parts[1], "containerd") == 0)) {
- ERROR("ShimV2 runtime format is wrong");
util_free_array(parts);
return false;
}
--
2.42.0

26
0035-2276-bugfix-for-integration_check.sh.patch
View File

@ -1,26 +0,0 @@
From a2c565705f80f787e50ffc15db38ba367f517eb2 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sat, 25 Nov 2023 03:34:50 +0000
Subject: [PATCH 35/64] !2276 bugfix for integration_check.sh * bugfix for
integration_check.sh
---
CI/test_cases/image_cases/integration_check.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/CI/test_cases/image_cases/integration_check.sh b/CI/test_cases/image_cases/integration_check.sh
index e43369e3..6ec3ab52 100755
--- a/CI/test_cases/image_cases/integration_check.sh
+++ b/CI/test_cases/image_cases/integration_check.sh
@@ -65,7 +65,7 @@ function test_image_info()
echo "xxx:11" >> ${change_file}
sed -i 's#image-layer-check": false#image-layer-check": true#g' /etc/isulad/daemon.json
- pkill -9 isulad
+ kill -9 $(pidof isulad)
start_isulad_with_valgrind
isula ps -a | grep ${cid}
--
2.42.0

40
0036-modify-create_network.sh-for-default-runtime-changed.patch
View File

@ -1,40 +0,0 @@
From e422c6cf725240dea80e1c51ba21cae8ee6641c6 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sat, 25 Nov 2023 18:21:56 +0800
Subject: [PATCH 36/64] modify create_network.sh for default runtime changed
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
CI/test_cases/container_cases/create_network.sh | 2 +-
CI/test_cases/helpers.sh | 2 ++
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/CI/test_cases/container_cases/create_network.sh b/CI/test_cases/container_cases/create_network.sh
index 470bda70..5bafbc60 100755
--- a/CI/test_cases/container_cases/create_network.sh
+++ b/CI/test_cases/container_cases/create_network.sh
@@ -37,7 +37,7 @@ function test_network_param()
msg_info "${test} starting..."
- root="`isula info | grep 'iSulad Root Dir' | awk -F ':' '{print $2}'`/engines/lcr"
+ root="`isula info | grep 'iSulad Root Dir' | awk -F ':' '{print $2}'`/engines/$DEFAULT_RUNTIME"
isula pull ${image}
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to pull image: ${image}" && return ${FAILURE}
diff --git a/CI/test_cases/helpers.sh b/CI/test_cases/helpers.sh
index f3eeb54d..c5eba8a2 100755
--- a/CI/test_cases/helpers.sh
+++ b/CI/test_cases/helpers.sh
@@ -29,6 +29,8 @@ ISULAD_RUN_ROOT_PATH="/var/run/isulad"
RUNTIME_LIST=(lcr runc)
+DEFAULT_RUNTIME=runc
+
testcase_data="/tmp/testcases_data"
enable_native_network=0
--
2.42.0

141
0037-modify-the-container-runtime-when-running-embedded.s.patch
View File

@ -1,141 +0,0 @@
From 8e4b6eceeb117fc90b5b638329f8888e43d3f442 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 27 Nov 2023 17:21:15 +0800
Subject: [PATCH 37/64] modify the container runtime when running embedded.sh
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
CI/test_cases/image_cases/embedded.sh | 30 +++++++++++++--------------
1 file changed, 15 insertions(+), 15 deletions(-)
diff --git a/CI/test_cases/image_cases/embedded.sh b/CI/test_cases/image_cases/embedded.sh
index cdc75e50..a1d4c37a 100755
--- a/CI/test_cases/image_cases/embedded.sh
+++ b/CI/test_cases/image_cases/embedded.sh
@@ -81,14 +81,14 @@ function test_run_image()
{
local ret=0
- isula run -t -n embedded_test1 nonexistentname1:v1 /bin/sh
+ isula run --runtime lcr -t -n embedded_test1 nonexistentname1:v1 /bin/sh
[[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - run nonexistent image should failed" && ((ret++))
isula load -i "$embedded_manifest" -t embedded
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - load embedded image failed" && ((ret++))
# run container based on embedded image
- isula run --name embedded_test1 test:v1 ls /home/home/home
+ isula run --runtime lcr --name embedded_test1 test:v1 ls /home/home/home
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - run embedded image failed" && ((ret++))
# delete container based on embedded image
@@ -96,7 +96,7 @@ function test_run_image()
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - delete container based on embedded image failed" && ((ret++))
# test image's env
- isula run --name embedded_test1 test:v1 /bin/sh -c "echo \$c | grep \"d e\""
+ isula run --runtime lcr --name embedded_test1 test:v1 /bin/sh -c "echo \$c | grep \"d e\""
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - test image's env failed" && ((ret++))
# delete container based on embedded image
@@ -119,7 +119,7 @@ function test_mount()
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - load embedded imagefailed" && ((ret++))
# run --mount
- isula run --mount type=bind,src="$embedded_basedir",dst=/usr,ro=true,bind-propagation=rprivate --name embedded_test2 test:v1 true
+ isula run --runtime lcr --mount type=bind,src="$embedded_basedir",dst=/usr,ro=true,bind-propagation=rprivate --name embedded_test2 test:v1 true
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - run --mount failed" && ((ret++))
testcontainer embedded_test2 exited
@@ -127,25 +127,25 @@ function test_mount()
isula rm embedded_test2
# test invalid mode
- isula run --mount type=bind,src="$embedded_basedir",dst=/usr,ro=invalid --name embedded_test2 test:v1 true
+ isula run --runtime lcr --mount type=bind,src="$embedded_basedir",dst=/usr,ro=invalid --name embedded_test2 test:v1 true
[[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - invalid mode should failed" && ((ret++))
isula rm embedded_test2
# test invalid bind propagation mode
- isula run --mount type=bind,src="$embedded_basedir",dst=/usr,bind-propagation=invalid --name embedded_test2 test:v1 true
+ isula run --runtime lcr --mount type=bind,src="$embedded_basedir",dst=/usr,bind-propagation=invalid --name embedded_test2 test:v1 true
[[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - invalid bind propagation mode should failed" && ((ret++))
isula rm embedded_test2
# test source not exist
- isula run --mount type=bind,src=abcdefg/notexist,dst=/usr --name embedded_test2 test:v1 true
+ isula run --runtime lcr --mount type=bind,src=abcdefg/notexist,dst=/usr --name embedded_test2 test:v1 true
[[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - invalid source not exist should failed" && ((ret++))
isula rm embedded_test2
# test source not a regular file
- isula run --mount type=squashfs,src=/tmp,dst=/usr --name embedded_test2 test:v1 true
+ isula run --runtime lcr --mount type=squashfs,src=/tmp,dst=/usr --name embedded_test2 test:v1 true
[[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - source not a regular file should failed" && ((ret++))
isula rm embedded_test2
@@ -153,7 +153,7 @@ function test_mount()
# test path //tmp/test
mkdir -p /tmp/test_mount
mkdir -p /tmp/test_mount1/test
- isula run -v /tmp/test_mount:/tmp --mount type=bind,src=/tmp/test_mount1,dst=//tmp/test_mount1,ro=true,bind-propagation=rprivate --name embedded_test2 test:v1 ls /tmp/test_mount1/test
+ isula run --runtime lcr -v /tmp/test_mount:/tmp --mount type=bind,src=/tmp/test_mount1,dst=//tmp/test_mount1,ro=true,bind-propagation=rprivate --name embedded_test2 test:v1 ls /tmp/test_mount1/test
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - test path //tmp/test failed" && ((ret++))
isula rm embedded_test2
@@ -186,7 +186,7 @@ function test_query_image()
[[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - inspect nonexist item should failed" && ((ret++))
# test inspect container, it should conatainer image info
- isula run --name embedded_inspect test:v1 ls /home/home/home
+ isula run --runtime lcr --name embedded_inspect test:v1 ls /home/home/home
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - run container for inspect failed" && ((ret++))
isula inspect -f '{{json .Image}}' embedded_inspect
@@ -437,19 +437,19 @@ function test_entrypoint()
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - load embedded image failed" && ((ret++))
# test image's entrypoint
- isula run --name embedded_entrypoint1 test:v1
+ isula run --runtime lcr --name embedded_entrypoint1 test:v1
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - test image's entrypoint failed" && ((ret++))
isula rm embedded_entrypoint1
# test image's entrypoint with cmds
- isula run --name embedded_entrypoint1 test:v1 /bin
+ isula run --runtime lcr --name embedded_entrypoint1 test:v1 /bin
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - test image's entrypoint with cmds failed" && ((ret++))
isula rm embedded_entrypoint1
# test image's entrypoint override image's entrypoint
- isula run --entrypoint=/bin/ls --name embedded_entrypoint1 test:v1 /bin
+ isula run --runtime lcr --entrypoint=/bin/ls --name embedded_entrypoint1 test:v1 /bin
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - test image's entrypoint override image's entrypoint failed" && ((ret++))
isula rm embedded_entrypoint1
@@ -464,7 +464,7 @@ function test_entrypoint()
isula load -i "$embedded_manifest_invalid" -t embedded
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - test entrypoint with variable failed" && ((ret++))
- isula run -e env_id=me --name embedded_entrypoint1 test:v1
+ isula run --runtime lcr -e env_id=me --name embedded_entrypoint1 test:v1
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - test run embedded image with env failed" && ((ret++))
isula rm embedded_entrypoint1
@@ -519,7 +519,7 @@ function test_symbolic()
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - load embedded image failed" && ((ret++))
# run container based on embedded image
- isula run --name embedded_test_symbolic test:v1 ls /home/home/home
+ isula run --runtime lcr --name embedded_test_symbolic test:v1 ls /home/home/home
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - run container based on embedded image failed" && ((ret++))
isula rm embedded_test_symbolic
--
2.42.0

68
0038-save-sandbox-to-disk-after-network-ready.patch
View File

@ -1,68 +0,0 @@
From e33b7915d9ef5092252bc3ce5d93fbde74d73990 Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Mon, 27 Nov 2023 15:09:39 +0800
Subject: [PATCH 38/64] save sandbox to disk after network ready
Signed-off-by: jikai <jikai11@huawei.com>
---
.../cri/v1/v1_cri_pod_sandbox_manager_service.cc | 13 ++++++++++---
src/daemon/sandbox/sandbox.cc | 6 ------
2 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
index 0f6b8508..a0c45111 100644
--- a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
+++ b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
@@ -358,14 +358,21 @@ auto PodSandboxManagerService::RunPodSandbox(const runtime::v1::PodSandboxConfig
goto cleanup_sandbox;
}
- // Step 8: Call sandbox create.
+ // Step 8: Save sandbox to disk
+ sandbox->Save(error);
+ if (error.NotEmpty()) {
+ ERROR("Failed to save sandbox, %s", sandboxName.c_str());
+ goto cleanup_network;
+ }
+
+ // Step 9: Call sandbox create.
sandbox->Create(error);
if (error.NotEmpty()) {
ERROR("Failed to create sandbox: %s", sandboxName.c_str());
goto cleanup_network;
}
- // Step 9: Save network settings json to disk
+ // Step 10: Save network settings json to disk
// Update network settings before start sandbox since sandbox container will use the sandbox key
if (namespace_is_cni(networkMode.c_str())) {
Errors tmpErr;
@@ -376,7 +383,7 @@ auto PodSandboxManagerService::RunPodSandbox(const runtime::v1::PodSandboxConfig
}
}
- // Step 10: Call sandbox start.
+ // Step 11: Call sandbox start.
sandbox->Start(error);
if (error.NotEmpty()) {
ERROR("Failed to start sandbox: %s", sandboxName.c_str());
diff --git a/src/daemon/sandbox/sandbox.cc b/src/daemon/sandbox/sandbox.cc
index b1832265..9fe9fa48 100644
--- a/src/daemon/sandbox/sandbox.cc
+++ b/src/daemon/sandbox/sandbox.cc
@@ -599,12 +599,6 @@ void Sandbox::PrepareSandboxDirs(Errors &error)
goto out;
}
- if (!Save(error)) {
- error.Errorf("Failed to save sandbox, %s", m_id.c_str());
- ERROR("Failed to save sandbox, %s", m_id.c_str());
- goto out;
- }
-
umask(mask);
return;
--
2.42.0

153
0039-fix-the-problem-of-abnormal-branches-not-waiting-for.patch
View File

@ -1,153 +0,0 @@
From b26654a73694c20fcd895b3b93ad5d42a1d5b3fb Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 27 Nov 2023 14:52:43 +0800
Subject: [PATCH 39/64] fix the problem of abnormal branches not waiting for
child processes
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/cmd/isulad-shim/common.c | 6 +++---
src/cmd/isulad-shim/process.c | 14 ++++++++------
src/daemon/modules/runtime/isula/isula_rt_ops.c | 16 ++++++++++------
src/daemon/modules/runtime/shim/shim_rt_ops.c | 15 +++++++++------
4 files changed, 30 insertions(+), 21 deletions(-)
diff --git a/src/cmd/isulad-shim/common.c b/src/cmd/isulad-shim/common.c
index 48d266dc..3cc7d2a7 100644
--- a/src/cmd/isulad-shim/common.c
+++ b/src/cmd/isulad-shim/common.c
@@ -126,12 +126,12 @@ int cmd_combined_output(const char *binary, const char *params[], void *output,
}
*output_len = isula_file_read_nointr(stdio[0], output, BUFSIZ - 1);
- close(stdio[0]);
- close(exec_fd[0]);
- wait(&status);
ret = SHIM_OK;
out:
+ close(stdio[0]);
+ close(exec_fd[0]);
+ wait(&status);
if (ret != SHIM_OK) {
kill(pid, 9);
}
diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c
index 187067d2..e8cb9b32 100644
--- a/src/cmd/isulad-shim/process.c
+++ b/src/cmd/isulad-shim/process.c
@@ -1472,7 +1472,7 @@ static void exec_runtime_process(process_t *p, int exec_fd)
const char *params[MAX_RUNTIME_ARGS] = { 0 };
get_runtime_cmd(p, log_path, pid_path, process_desc, params);
execvp(p->runtime, (char * const *)params);
- (void)dprintf(exec_fd, "fork/exec error: %s", strerror(errno));
+ (void)dprintf(exec_fd, "run process: %s error: %s", p->runtime, strerror(errno));
_exit(EXIT_FAILURE);
}
@@ -1510,11 +1510,6 @@ int create_process(process_t *p)
close_fd(&p->stdio->resize);
}
nread = isula_file_read_nointr(exec_fd[0], exec_buff, sizeof(exec_buff) - 1);
- if (nread > 0) {
- write_message(ERR_MSG, "runtime error");
- ret = SHIM_ERR;
- goto out;
- }
/* block to wait runtime pid exit */
ret = waitpid(pid, NULL, 0);
@@ -1524,6 +1519,13 @@ int create_process(process_t *p)
goto out;
}
+ // if an error occurs in exec_runtime_process, jump directly to the out branch after waitpid.
+ if (nread > 0) {
+ write_message(ERR_MSG, "%s", exec_buff);
+ ret = SHIM_ERR;
+ goto out;
+ }
+
/* save runtime pid */
data = read_text_file("pid");
if (data == NULL) {
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index 859356e5..5d7ae500 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -906,17 +906,13 @@ realexec:
}
execvp(SHIM_BINARY, (char * const *)params);
- (void)dprintf(shim_stderr_pipe[1], "exec failed: %s", strerror(errno));
+ (void)dprintf(shim_stderr_pipe[1], "run process: %s failed: %s", SHIM_BINARY, strerror(errno));
+ exit(EXIT_FAILURE);
}
close(shim_stderr_pipe[1]);
close(shim_stdout_pipe[1]);
num = util_read_nointr(shim_stderr_pipe[0], exec_buff, sizeof(exec_buff) - 1);
- if (num > 0) {
- ERROR("Exec failed: %s", exec_buff);
- ret = -1;
- goto out;
- }
status = util_wait_for_pid_status(pid);
if (status < 0) {
@@ -925,6 +921,14 @@ realexec:
goto out;
}
+ // if failed to exec, jump directly to the out branch after waitpid.
+ if (num > 0) {
+ ERROR("%s", exec_buff);
+ isulad_set_error_message("%s", exec_buff);
+ ret = -1;
+ goto out;
+ }
+
*shim_exit_code = status_to_exit_code(status);
if (*shim_exit_code != 0) {
ERROR("Isulad-shim exit error");
diff --git a/src/daemon/modules/runtime/shim/shim_rt_ops.c b/src/daemon/modules/runtime/shim/shim_rt_ops.c
index 5066f804..81daf224 100644
--- a/src/daemon/modules/runtime/shim/shim_rt_ops.c
+++ b/src/daemon/modules/runtime/shim/shim_rt_ops.c
@@ -251,17 +251,13 @@ static int shim_bin_v2_create(const char *runtime, const char *id, const char *w
}
execvp(binary, (char * const *)params);
- (void)dprintf(exec_fd[1], "exec failed: %s", strerror(errno));
+ (void)dprintf(exec_fd[1], "run process: %s failed: %s", binary, strerror(errno));
exit(EXIT_FAILURE);
}
close(exec_fd[1]);
exec_fd[1] = -1;
- if (util_read_nointr(exec_fd[0], exec_buff, sizeof(exec_buff) - 1) > 0) {
- ERROR("exec failed: %s", exec_buff);
- ret = -1;
- goto out;
- }
+ nret = util_read_nointr(exec_fd[0], exec_buff, sizeof(exec_buff) - 1);
close(exec_fd[0]);
exec_fd[0] = -1;
@@ -272,6 +268,13 @@ static int shim_bin_v2_create(const char *runtime, const char *id, const char *w
goto out;
}
+ // if failed to exec, jump directly to the out branch after waitpid.
+ if (nret > 0) {
+ ERROR("%s", exec_buff);
+ ret = -1;
+ goto out;
+ }
+
status = status_to_exit_code(status);
close(out_fd[1]);
--
2.42.0

62
0040-remove-embedded-image-support-in-readme.patch
View File

@ -1,62 +0,0 @@
From 6f9661d7e12e22ff4eeb76647cbe862c5fe7e18d Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 27 Nov 2023 20:50:33 +0800
Subject: [PATCH 40/64] remove embedded image support in readme
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
README.md | 6 +-----
README_zh.md | 6 +-----
2 files changed, 2 insertions(+), 10 deletions(-)
diff --git a/README.md b/README.md
index e7949dee..970b6e72 100644
--- a/README.md
+++ b/README.md
@@ -32,7 +32,7 @@ kata-runtime start secure containers with lightweight virtual machines.
### Image
-`iSulad` supports multiple image formats, including OCI, external rootfs and embedded image.
+`iSulad` supports multiple image formats, including OCI and external rootfs.
#### OCI
@@ -42,10 +42,6 @@ OCI is a docker-compatible image format that supports pulling images and running
External rootfs allows users to prepare a bootable `root fs` directory, which is mainly used in system container scenarios.
-#### embedded image
-
-Embedded image is a unique embedded image format of `iSulad`, which occupies low resources and is mainly used in embedded application scenarios.
-
### Operation Interface
`iSulad` provides two different interfaces for image and container management operations: CLI and CRI.
diff --git a/README_zh.md b/README_zh.md
index 1c4dff4f..5db28f3a 100755
--- a/README_zh.md
+++ b/README_zh.md
@@ -32,7 +32,7 @@ kata-runtime是一个安全容器runtime用于启动安全容器时使用。
### Image
-`iSulad`支持多种镜像格式包括OCI标准镜像格式、external rootfs镜像格式和embedded image镜像格式。
+`iSulad`支持多种镜像格式包括OCI标准镜像格式和external rootfs镜像格式。
#### OCI
@@ -42,10 +42,6 @@ OCI标准镜像格式是与docker兼容的镜像格式支持从远程镜像
external rootfs镜像格式允许用户自行准备可启动的`root fs`目录,主要用于系统容器场景。
-#### embedded image
-
-embedded image镜像格式是`iSulad`特有的嵌入式镜像格式,占用资源低,主要用于嵌入式应用场景。
-
### Operation Interface
`iSulad`提供两种不同的镜像和容器管理操作接口分别为CLI和CRI。
--
2.42.0

392
0041-Acquire-system-info-in-on-demand.patch
View File

@ -1,392 +0,0 @@
From 13bc364cb5d8c03b701dde2b2811be84ee608e92 Mon Sep 17 00:00:00 2001
From: xuxuepeng <xuxuepeng1@huawei.com>
Date: Fri, 24 Nov 2023 14:18:32 +0800
Subject: [PATCH 41/64] Acquire system info in on demand
Signed-off-by: xuxuepeng <xuxuepeng1@huawei.com>
---
src/cmd/isulad/main.c | 2 --
src/daemon/common/sysinfo.c | 10 +-----
src/daemon/common/sysinfo.h | 6 ++++
.../executor/container_cb/execution_create.c | 32 +++++++++----------
.../executor/container_cb/execution_extend.c | 9 +++++-
src/daemon/modules/spec/verify.c | 32 ++++++++-----------
src/daemon/modules/spec/verify.h | 5 +--
test/mocks/sysinfo_mock.cc | 8 +++++
test/mocks/sysinfo_mock.h | 1 +
test/mocks/verify_mock.cc | 4 +--
test/mocks/verify_mock.h | 2 +-
11 files changed, 60 insertions(+), 51 deletions(-)
diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c
index 5b971a72..95454e2a 100644
--- a/src/cmd/isulad/main.c
+++ b/src/cmd/isulad/main.c
@@ -1765,8 +1765,6 @@ int main(int argc, char **argv)
update_isulad_rlimits();
- (void)get_sys_info(true);
-
clock_gettime(CLOCK_MONOTONIC, &t_start);
if (pre_init_daemon(argc, argv) != 0) {
diff --git a/src/daemon/common/sysinfo.c b/src/daemon/common/sysinfo.c
index 39338925..28665834 100644
--- a/src/daemon/common/sysinfo.c
+++ b/src/daemon/common/sysinfo.c
@@ -19,7 +19,6 @@
#include <errno.h>
#include <sys/sysinfo.h>
-#include <isula_libutils/auto_cleanup.h>
#include <isula_libutils/log.h>
#include "err_msg.h"
@@ -30,8 +29,6 @@
#define etcOsRelease "/etc/os-release"
#define altOsRelease "/usr/lib/os-release"
-static sysinfo_t *g_sysinfo = NULL;
-
static char *get_pagesize(const char *pline)
{
size_t headlen;
@@ -382,10 +379,6 @@ sysinfo_t *get_sys_info(bool quiet)
sysinfo_t *sysinfo = NULL;
int ret = 0;
- if (g_sysinfo != NULL) {
- return g_sysinfo;
- }
-
sysinfo = util_common_calloc_s(sizeof(sysinfo_t));
if (sysinfo == NULL) {
ERROR("Out of memory");
@@ -413,7 +406,6 @@ sysinfo_t *get_sys_info(bool quiet)
if (ret != 0) {
goto out;
}
- g_sysinfo = sysinfo;
out:
if (ret != 0) {
free_sysinfo(sysinfo);
@@ -577,7 +569,7 @@ char *sysinfo_cgroup_controller_cpurt_mnt_path(void)
__isula_auto_free char *mnt = NULL;
__isula_auto_free char *root = NULL;
char fpath[PATH_MAX] = { 0 };
- sysinfo_t *sysinfo = NULL;
+ __isula_auto_sysinfo_t sysinfo_t *sysinfo = NULL;
sysinfo = get_sys_info(true);
if (sysinfo == NULL) {
diff --git a/src/daemon/common/sysinfo.h b/src/daemon/common/sysinfo.h
index 363576a9..cb44d1c5 100644
--- a/src/daemon/common/sysinfo.h
+++ b/src/daemon/common/sysinfo.h
@@ -21,6 +21,7 @@ extern "C" {
#include <stdbool.h>
#include <stdint.h>
+#include <isula_libutils/auto_cleanup.h>
#include "cgroup.h"
@@ -96,6 +97,11 @@ void free_mounts_info(mountinfo_t **minfos);
char *sysinfo_cgroup_controller_cpurt_mnt_path(void);
+// define auto free function callback for sysinfo_t
+define_auto_cleanup_callback(free_sysinfo, sysinfo_t)
+// define auto free macro for sysinfo_t
+#define __isula_auto_sysinfo_t auto_cleanup_tag(free_sysinfo)
+
#ifdef __cplusplus
}
#endif
diff --git a/src/daemon/executor/container_cb/execution_create.c b/src/daemon/executor/container_cb/execution_create.c
index 6b6c3b75..ca2a9163 100644
--- a/src/daemon/executor/container_cb/execution_create.c
+++ b/src/daemon/executor/container_cb/execution_create.c
@@ -145,7 +145,7 @@ static int merge_external_rootfs_to_host_config(host_config *host_spec, const ch
return 0;
}
-static host_config *get_host_spec(const container_create_request *request)
+static host_config *get_host_spec(const container_create_request *request, const sysinfo_t *sysinfo)
{
host_config *host_spec = NULL;
@@ -158,7 +158,7 @@ static host_config *get_host_spec(const container_create_request *request)
goto error_out;
}
- if (verify_host_config_settings(host_spec, false)) {
+ if (verify_host_config_settings(host_spec, sysinfo, false)) {
ERROR("Failed to verify host config settings");
goto error_out;
}
@@ -1109,17 +1109,9 @@ static int preparate_runtime_environment(const container_create_request *request
return 0;
}
-static int adapt_host_spec(host_config *host_spec)
+static int adapt_host_spec(host_config *host_spec, const sysinfo_t *sysinfo)
{
int ret = 0;
- sysinfo_t *sysinfo = NULL;
-
- sysinfo = get_sys_info(true);
- if (sysinfo == NULL) {
- ERROR("Can not get system info");
- ret = -1;
- goto out;
- }
if (host_spec->memory > 0 && host_spec->memory_swap == 0 && sysinfo->cgmeminfo.swap) {
if (host_spec->memory > (INT64_MAX / 2)) {
@@ -1136,14 +1128,14 @@ out:
}
static int get_basic_spec(const container_create_request *request, host_config **host_spec,
- container_config **container_spec)
+ container_config **container_spec, const sysinfo_t *sysinfo)
{
- *host_spec = get_host_spec(request);
+ *host_spec = get_host_spec(request, sysinfo);
if (*host_spec == NULL) {
return -1;
}
- if (adapt_host_spec(*host_spec) != 0) {
+ if (adapt_host_spec(*host_spec, sysinfo) != 0) {
return -1;
}
@@ -1393,6 +1385,7 @@ int container_create_cb(const container_create_request *request, container_creat
int ret = 0;
bool skip_id_name_manage = false;
bool skip_sandbox_key_manage = false;
+ __isula_auto_sysinfo_t sysinfo_t *sysinfo = NULL;
DAEMON_CLEAR_ERRMSG();
@@ -1413,7 +1406,14 @@ int container_create_cb(const container_create_request *request, container_creat
goto clean_nameindex;
}
- if (get_basic_spec(request, &host_spec, &container_spec) != 0) {
+ sysinfo = get_sys_info(true);
+ if (sysinfo == NULL) {
+ ERROR("Failed to get system info");
+ cc = ISULAD_ERR_EXEC;
+ goto clean_nameindex;
+ }
+
+ if (get_basic_spec(request, &host_spec, &container_spec, sysinfo) != 0) {
cc = ISULAD_ERR_INPUT;
goto clean_container_root_dir;
}
@@ -1540,7 +1540,7 @@ int container_create_cb(const container_create_request *request, container_creat
goto clean_netns;
}
- if (verify_container_settings(oci_spec) != 0) {
+ if (verify_container_settings(oci_spec, sysinfo) != 0) {
ERROR("Failed to verify container settings");
cc = ISULAD_ERR_EXEC;
goto umount_channel;
diff --git a/src/daemon/executor/container_cb/execution_extend.c b/src/daemon/executor/container_cb/execution_extend.c
index de017b4e..25ec5d3b 100644
--- a/src/daemon/executor/container_cb/execution_extend.c
+++ b/src/daemon/executor/container_cb/execution_extend.c
@@ -1110,8 +1110,15 @@ static int update_host_config_check(container_t *cont, host_config *hostconfig)
{
int ret = 0;
const char *id = cont->common_config->id;
+ __isula_auto_sysinfo_t sysinfo_t *sysinfo = NULL;
- ret = verify_host_config_settings(hostconfig, true);
+ sysinfo = get_sys_info(true);
+ if (sysinfo == NULL) {
+ ERROR("Failed to get system info for updating container %s", id);
+ return -1;
+ }
+
+ ret = verify_host_config_settings(hostconfig, sysinfo, true);
if (ret != 0) {
return -1;
}
diff --git a/src/daemon/modules/spec/verify.c b/src/daemon/modules/spec/verify.c
index 2a8b3259..b9e3c606 100644
--- a/src/daemon/modules/spec/verify.c
+++ b/src/daemon/modules/spec/verify.c
@@ -41,7 +41,6 @@
#include "constants.h"
#include "err_msg.h"
#include "isula_libutils/log.h"
-#include "sysinfo.h"
#include "selinux_label.h"
#include "image_api.h"
#include "utils.h"
@@ -1614,16 +1613,13 @@ out:
}
/* verify container settings */
-int verify_container_settings(const oci_runtime_spec *container)
+int verify_container_settings(const oci_runtime_spec *container, const sysinfo_t *sysinfo)
{
int ret = 0;
- sysinfo_t *sysinfo = NULL;
- sysinfo = get_sys_info(true);
- if (sysinfo == NULL) {
- ERROR("Can not get system info");
- ret = -1;
- goto out;
+ if (container == NULL || sysinfo == NULL) {
+ ERROR("Invalid input arguments for verifying container settings");
+ return -1;
}
if (!util_valid_host_name(container->hostname)) {
@@ -1987,16 +1983,9 @@ static int host_config_settings_restart_policy(const host_config *hostconfig)
return verify_restart_policy_name(rp, hostconfig);
}
-static int host_config_settings_with_sysinfo(host_config *hostconfig, bool update)
+static int host_config_settings_with_sysinfo(host_config *hostconfig, const sysinfo_t *sysinfo, bool update)
{
int ret = 0;
- sysinfo_t *sysinfo = NULL;
-
- sysinfo = get_sys_info(true);
- if (sysinfo == NULL) {
- ERROR("Can not get system info");
- return -1;
- }
ret = verify_host_config_hugetlbs(sysinfo, &(hostconfig->hugetlbs), &(hostconfig->hugetlbs_len));
if (ret != 0) {
@@ -2055,7 +2044,7 @@ out:
}
/* verify host config settings */
-int verify_host_config_settings(host_config *hostconfig, bool update)
+int verify_host_config_settings(host_config *hostconfig, const sysinfo_t *sysinfo, bool update)
{
int ret = 0;
#ifdef ENABLE_USERNS_REMAP
@@ -2066,6 +2055,13 @@ int verify_host_config_settings(host_config *hostconfig, bool update)
goto out;
}
+ if (sysinfo == NULL) {
+ ERROR("Invalid sysinfo for verifying host config settings");
+ isulad_set_error_message("Invalid sysinfo for verifying host config settings");
+ ret = -1;
+ goto out;
+ }
+
#ifdef ENABLE_USERNS_REMAP
if (userns_remap != NULL && hostconfig->user_remap != NULL) {
ERROR("invalid --user-remap command option, daemon already configed --userns-remap");
@@ -2081,7 +2077,7 @@ int verify_host_config_settings(host_config *hostconfig, bool update)
goto out;
}
- ret = host_config_settings_with_sysinfo(hostconfig, update);
+ ret = host_config_settings_with_sysinfo(hostconfig, sysinfo, update);
if (ret != 0) {
goto out;
}
diff --git a/src/daemon/modules/spec/verify.h b/src/daemon/modules/spec/verify.h
index 21e8fba8..0224f9fb 100644
--- a/src/daemon/modules/spec/verify.h
+++ b/src/daemon/modules/spec/verify.h
@@ -20,18 +20,19 @@
#include "isula_libutils/oci_runtime_spec.h"
#include "isula_libutils/host_config.h"
#include "isula_libutils/container_config.h"
+#include "sysinfo.h"
#ifdef __cplusplus
extern "C" {
#endif
-int verify_container_settings(const oci_runtime_spec *container);
+int verify_container_settings(const oci_runtime_spec *container, const sysinfo_t *sysinfo);
int verify_oci_hook(const oci_runtime_spec_hooks *h);
int verify_container_settings_start(const oci_runtime_spec *oci_spec);
-int verify_host_config_settings(host_config *hostconfig, bool update);
+int verify_host_config_settings(host_config *hostconfig, const sysinfo_t *sysinfo, bool update);
int verify_container_config(const container_config *container_spec, const char *runtime);
diff --git a/test/mocks/sysinfo_mock.cc b/test/mocks/sysinfo_mock.cc
index f9abc786..d8f33f84 100644
--- a/test/mocks/sysinfo_mock.cc
+++ b/test/mocks/sysinfo_mock.cc
@@ -63,6 +63,14 @@ char *validate_hugetlb(const char *pagesize, uint64_t limit)
return nullptr;
}
+sysinfo_t *get_sys_info(bool quiet)
+{
+ if (g_sysinfo_mock != nullptr) {
+ return g_sysinfo_mock->GetSysInfo(quiet);
+ }
+ return nullptr;
+}
+
void free_sysinfo(sysinfo_t *sysinfo)
{
if (g_sysinfo_mock != nullptr) {
diff --git a/test/mocks/sysinfo_mock.h b/test/mocks/sysinfo_mock.h
index 45208b0f..2b8e926d 100644
--- a/test/mocks/sysinfo_mock.h
+++ b/test/mocks/sysinfo_mock.h
@@ -26,6 +26,7 @@ public:
MOCK_METHOD1(FreeMountsInfo, void(mountinfo_t **minfos));
MOCK_METHOD0(GetDefaultHugePageSize, char *(void));
MOCK_METHOD2(ValidateHugetlb, char*(const char *pagesize, uint64_t limit));
+ MOCK_METHOD1(GetSysInfo, sysinfo_t *(bool quiet));
MOCK_METHOD1(FreeSysinfo, void(sysinfo_t *sysinfo));
};
diff --git a/test/mocks/verify_mock.cc b/test/mocks/verify_mock.cc
index 0e7e7461..4c481676 100644
--- a/test/mocks/verify_mock.cc
+++ b/test/mocks/verify_mock.cc
@@ -24,10 +24,10 @@ void MockVerify_SetMock(MockVerify *mock)
g_verify_mock = mock;
}
-int verify_host_config_settings(host_config *hostconfig, bool update)
+int verify_host_config_settings(host_config *hostconfig, const sysinfo_t *sysinfo, bool update)
{
if (g_verify_mock != nullptr) {
- return g_verify_mock->VerifyHostConfigSettings(hostconfig, update);
+ return g_verify_mock->VerifyHostConfigSettings(hostconfig, sysinfo, update);
}
return 0;
}
diff --git a/test/mocks/verify_mock.h b/test/mocks/verify_mock.h
index 7890159f..b9ad8627 100644
--- a/test/mocks/verify_mock.h
+++ b/test/mocks/verify_mock.h
@@ -21,7 +21,7 @@
class MockVerify {
public:
- MOCK_METHOD2(VerifyHostConfigSettings, int(host_config *hostconfig, bool update));
+ MOCK_METHOD3(VerifyHostConfigSettings, int(host_config *hostconfig, const sysinfo_t *sysinfo, bool update));
};
void MockVerify_SetMock(MockVerify* mock);
--
2.42.0

92
0042-2268-bugfix-for-the-bliko-zero-value-exception-when-.patch
View File

@ -1,92 +0,0 @@
From dddba4ec73b56bc2fcf3a95171fad104e962dfda Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 29 Nov 2023 09:33:53 +0000
Subject: [PATCH 42/64] =?UTF-8?q?!2268=20bugfix=20for=20the=20bliko=20zero?=
=?UTF-8?q?=20value=20exception=20when=20executing=20the=20stats=20command?=
=?UTF-8?q?=20on=20the=20oci=20container=20*=20bugfix=20for=20the=20bliko?=
=?UTF-8?q?=20zero=20value=20exception=20when=20executing=20the=20stats=20?=
=?UTF-8?q?com=E2=80=A6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.../modules/runtime/isula/isula_rt_ops.c | 55 +++++++++++++------
1 file changed, 38 insertions(+), 17 deletions(-)
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index 5d7ae500..1e2ecdb2 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -610,6 +610,43 @@ out:
return ret;
}
+static void transform_stats_info_from_runtime(shim_client_runtime_stats *stats, struct runtime_container_resources_stats_info *info)
+{
+ if (stats == NULL || stats->data == NULL) {
+ return;
+ }
+ if (stats->data->pids != NULL) {
+ info->pids_current = stats->data->pids->current;
+ }
+ if (stats->data->cpu != NULL && stats->data->cpu->usage != NULL) {
+ info->cpu_use_nanos = stats->data->cpu->usage->total;
+ info->cpu_system_use = stats->data->cpu->usage->kernel;
+ }
+ shim_client_runtime_stats_data_memory *memory = stats->data->memory;
+ if (memory != NULL && memory->usage != NULL) {
+ info->mem_used = memory->usage->usage;
+ info->mem_limit = memory->usage->limit;
+ }
+ if (memory != NULL && memory->raw != NULL) {
+ info->inactive_file_total = memory->raw->total_inactive_file;
+ info->rss_bytes = memory->raw->rss;
+ info->page_faults = memory->raw->pgfault;
+ info->major_page_faults = memory->raw->pgmajfault;
+ }
+ shim_client_runtime_stats_data_blkio *blkio = stats->data->blkio;
+ if (blkio == NULL) {
+ return;
+ }
+ for (size_t i = 0; i < blkio->io_service_bytes_recursive_len; i++) {
+ if (strcasecmp(blkio->io_service_bytes_recursive[i]->op, "read") == 0) {
+ info->blkio_read += blkio->io_service_bytes_recursive[i]->value;
+ }
+ if (strcasecmp(blkio->io_service_bytes_recursive[i]->op, "write") == 0) {
+ info->blkio_write += blkio->io_service_bytes_recursive[i]->value;
+ }
+ }
+}
+
static int runtime_call_stats(const char *workdir, const char *runtime, const char *id,
struct runtime_container_resources_stats_info *info)
{
@@ -658,23 +695,7 @@ static int runtime_call_stats(const char *workdir, const char *runtime, const ch
goto out;
}
- if (stats != NULL && stats->data != NULL && stats->data->pids != NULL) {
- info->pids_current = stats->data->pids->current;
- }
- if (stats != NULL && stats->data != NULL && stats->data->cpu != NULL && stats->data->cpu->usage) {
- info->cpu_use_nanos = stats->data->cpu->usage->total;
- info->cpu_system_use = stats->data->cpu->usage->kernel;
- }
- if (stats != NULL && stats->data != NULL && stats->data->memory != NULL && stats->data->memory->usage) {
- info->mem_used = stats->data->memory->usage->usage;
- info->mem_limit = stats->data->memory->usage->limit;
- }
- if (stats != NULL && stats->data != NULL && stats->data->memory != NULL && stats->data->memory->raw) {
- info->inactive_file_total = stats->data->memory->raw->total_inactive_file;
- info->rss_bytes = stats->data->memory->raw->rss;
- info->page_faults = stats->data->memory->raw->pgfault;
- info->major_page_faults = stats->data->memory->raw->pgmajfault;
- }
+ transform_stats_info_from_runtime(stats, info);
out:
free_shim_client_runtime_stats(stats);
--
2.42.0

34
0043-move-variable-declaration-out-of-loop.patch
View File

@ -1,34 +0,0 @@
From 261a924b656eea9eff2ca6cbdd611eb1f9555af7 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Thu, 30 Nov 2023 16:02:44 +1400
Subject: [PATCH 43/64] move variable declaration out of loop
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/modules/runtime/isula/isula_rt_ops.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index 1e2ecdb2..3950ff4a 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -612,6 +612,7 @@ out:
static void transform_stats_info_from_runtime(shim_client_runtime_stats *stats, struct runtime_container_resources_stats_info *info)
{
+ size_t i;
if (stats == NULL || stats->data == NULL) {
return;
}
@@ -637,7 +638,7 @@ static void transform_stats_info_from_runtime(shim_client_runtime_stats *stats,
if (blkio == NULL) {
return;
}
- for (size_t i = 0; i < blkio->io_service_bytes_recursive_len; i++) {
+ for (i = 0; i < blkio->io_service_bytes_recursive_len; i++) {
if (strcasecmp(blkio->io_service_bytes_recursive[i]->op, "read") == 0) {
info->blkio_read += blkio->io_service_bytes_recursive[i]->value;
}
--
2.42.0

40
0044-2289-check-protobuf-and-grpc-version-in-cmake-for-cr.patch
View File

@ -1,40 +0,0 @@
From 8045fcfb3765698d8cc3f07186fcc29d6702ee71 Mon Sep 17 00:00:00 2001
From: jake <jikai11@huawei.com>
Date: Thu, 30 Nov 2023 11:58:47 +0000
Subject: [PATCH 44/64] !2289 check protobuf and grpc version in cmake for cri
v1 * check protobuf and grpc version in cmake for cri v1
---
cmake/checker.cmake | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/cmake/checker.cmake b/cmake/checker.cmake
index cc4a1fc3..e19618e4 100644
--- a/cmake/checker.cmake
+++ b/cmake/checker.cmake
@@ -125,7 +125,11 @@ endif()
if (GRPC_CONNECTOR)
# check protobuf
- pkg_check_modules(PC_PROTOBUF "protobuf>=3.1.0")
+ if (ENABLE_CRI_API_V1)
+ pkg_check_modules(PC_PROTOBUF "protobuf>=3.14.0")
+ else()
+ pkg_check_modules(PC_PROTOBUF "protobuf>=3.1.0")
+ endif()
find_library(PROTOBUF_LIBRARY protobuf
HINTS ${PC_PROTOBUF_LIBDIR} ${PC_PROTOBUF_LIBRARY_DIRS})
_CHECK(PROTOBUF_LIBRARY "PROTOBUF_LIBRARY-NOTFOUND" "libprotobuf.so")
@@ -136,6 +140,9 @@ if (GRPC_CONNECTOR)
_CHECK(CMD_GRPC_CPP_PLUGIN "CMD_GRPC_CPP_PLUGIN-NOTFOUND" "grpc_cpp_plugin")
# check grpc
+ if (ENABLE_CRI_API_V1)
+ pkg_check_modules(PC_GRPC++ "grpc++>=1.41.0")
+ endif()
find_path(GRPC_INCLUDE_DIR grpc/grpc.h)
_CHECK(GRPC_INCLUDE_DIR "GRPC_INCLUDE_DIR-NOTFOUND" "grpc/grpc.h")
find_library(GRPC_PP_REFLECTION_LIBRARY grpc++_reflection)
--
2.42.0

381
0045-improve-ut-for-devicemapper.patch
View File

@ -1,381 +0,0 @@
From 2ad7ecf5adbd75f1ba4678e69d768d4b807ae08d Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Wed, 29 Nov 2023 17:08:31 +0800
Subject: [PATCH 45/64] improve ut for devicemapper
Signed-off-by: jikai <jikai11@huawei.com>
---
.../storage/layers/devmapper/CMakeLists.txt | 8 +-
.../id | 1 +
.../layers/devmapper/driver_devmapper_ut.cc | 209 +++++++++++++-----
3 files changed, 165 insertions(+), 53 deletions(-)
create mode 100644 test/image/oci/storage/layers/devmapper/data/devicemapper/mnt/068615102be4457b22d40c9702e4bd316dd50ae85467b0378a419b23b60ba73d/id
diff --git a/test/image/oci/storage/layers/devmapper/CMakeLists.txt b/test/image/oci/storage/layers/devmapper/CMakeLists.txt
index f98de1a8..e6ba0307 100644
--- a/test/image/oci/storage/layers/devmapper/CMakeLists.txt
+++ b/test/image/oci/storage/layers/devmapper/CMakeLists.txt
@@ -23,14 +23,18 @@ add_executable(${DRIVER_DEVMAPPER_EXE}
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/tar/util_gzip.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/sha256/sha256.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/config/daemon_arguments.c
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/config/isulad_config.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/common/err_msg.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/common/selinux_label.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/metadata_store.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../mocks/libdevmapper_mock.cc
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../mocks/isulad_config_mock.cc
driver_devmapper_ut.cc)
target_include_directories(${DRIVER_DEVMAPPER_EXE} PUBLIC
@@ -56,7 +60,7 @@ target_include_directories(${DRIVER_DEVMAPPER_EXE} PUBLIC
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../mocks
)
-set_target_properties(${DRIVER_DEVMAPPER_EXE} PROPERTIES LINK_FLAGS "-Wl,--wrap,util_exec_cmd -Wl,--wrap,util_mount -Wl,--wrap,umount2")
+set_target_properties(${DRIVER_DEVMAPPER_EXE} PROPERTIES LINK_FLAGS "-Wl,--wrap,util_exec_cmd -Wl,--wrap,util_mount -Wl,--wrap,umount2 -Wl,--wrap,archive_unpack")
target_link_libraries(${DRIVER_DEVMAPPER_EXE}
${GTEST_BOTH_LIBRARIES}
diff --git a/test/image/oci/storage/layers/devmapper/data/devicemapper/mnt/068615102be4457b22d40c9702e4bd316dd50ae85467b0378a419b23b60ba73d/id b/test/image/oci/storage/layers/devmapper/data/devicemapper/mnt/068615102be4457b22d40c9702e4bd316dd50ae85467b0378a419b23b60ba73d/id
new file mode 100644
index 00000000..5e6b1b2a
--- /dev/null
+++ b/test/image/oci/storage/layers/devmapper/data/devicemapper/mnt/068615102be4457b22d40c9702e4bd316dd50ae85467b0378a419b23b60ba73d/id
@@ -0,0 +1 @@
+3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f
\ No newline at end of file
diff --git a/test/image/oci/storage/layers/devmapper/driver_devmapper_ut.cc b/test/image/oci/storage/layers/devmapper/driver_devmapper_ut.cc
index 59e53f97..088aa4d4 100644
--- a/test/image/oci/storage/layers/devmapper/driver_devmapper_ut.cc
+++ b/test/image/oci/storage/layers/devmapper/driver_devmapper_ut.cc
@@ -16,11 +16,16 @@
#include <gtest/gtest.h>
#include <gmock/gmock.h>
+#include "driver.h"
#include "driver_devmapper.h"
+#include "driver_overlay2.h"
#include "mock.h"
#include "path.h"
#include "utils.h"
+#include "util_archive.h"
#include "libdevmapper_mock.h"
+#include "isulad_config_mock.h"
+#include "wrapper_devmapper.h"
using ::testing::Invoke;
using ::testing::NiceMock;
@@ -29,13 +34,20 @@ using ::testing::_;
extern "C" {
DECLARE_WRAPPER_V(util_exec_cmd, bool, (exec_func_t cb_func, void *args, const char *stdin_msg, char **stdout_msg, char **stderr_msg));
- DEFINE_WRAPPER_V(util_exec_cmd, bool, (exec_func_t cb_func, void *args, const char *stdin_msg, char **stdout_msg, char **stderr_msg), (cb_func, args, stdin_msg, stdout_msg, stderr_msg));
+ DEFINE_WRAPPER_V(util_exec_cmd, bool, (exec_func_t cb_func, void *args, const char *stdin_msg, char **stdout_msg, char **stderr_msg),
+ (cb_func, args, stdin_msg, stdout_msg, stderr_msg));
DECLARE_WRAPPER(util_mount, int, (const char *src, const char *dst, const char *mtype, const char *mntopts));
DEFINE_WRAPPER(util_mount, int, (const char *src, const char *dst, const char *mtype, const char *mntopts), (src, dst, mtype, mntopts));
DECLARE_WRAPPER(umount2, int, (const char *__special_file, int __flags));
DEFINE_WRAPPER(umount2, int, (const char *__special_file, int __flags), (__special_file, __flags));
+
+ DECLARE_WRAPPER(archive_unpack, int, (const io_read_wrapper *content, const char *dstdir, const archive_options *options,
+ const char *root_dir, char **errmsg));
+ DEFINE_WRAPPER(archive_unpack, int, (const io_read_wrapper *content, const char *dstdir, const archive_options *options,
+ const char *root_dir, char **errmsg),
+ (content, dstdir, options, root_dir, errmsg));
}
static std::string GetDirectory()
@@ -118,6 +130,7 @@ protected:
void SetUp() override
{
MockLibdevmapper_SetMock(&m_libdevmapper_mock);
+ MockIsuladConf_SetMock(&m_isulad_conf_mock);
std::string isulad_dir { "/tmp/isulad/" };
mkdir(isulad_dir.c_str(), 0755);
std::string root_dir = isulad_dir + "data";
@@ -129,13 +142,18 @@ protected:
std::string cp_command = "cp -r " + std::string(data_path) + " " + isulad_dir;
ASSERT_EQ(system(cp_command.c_str()), 0);
- char **driver_opts = static_cast<char **>(util_common_calloc_s(3 * sizeof(char *)));
- driver_opts[0] = strdup("dm.thinpooldev=/dev/mapper/isulad0-thinpool");
- driver_opts[1] = strdup("dm.fs=ext4");
- driver_opts[2] = strdup("dm.min_free_space=10%");
- int driver_opts_len = 3;
-
- ASSERT_EQ(devmapper_init(&driver, nullptr, (const char **)driver_opts, driver_opts_len), -1);
+ opts = (struct storage_module_init_options *)util_common_calloc_s(sizeof(struct storage_module_init_options));
+ opts->storage_root = strdup(root_dir.c_str());
+ opts->storage_run_root = strdup(run_dir.c_str());
+ opts->driver_name = strdup("devicemapper");
+ opts->driver_opts = (char **)util_common_calloc_s(6 * sizeof(char *));
+ opts->driver_opts[0] = strdup("dm.thinpooldev=/dev/mapper/isulad0-thinpool");
+ opts->driver_opts[1] = strdup("dm.fs=ext4");
+ opts->driver_opts[2] = strdup("dm.min_free_space=10%");
+ opts->driver_opts[3] = strdup("dm.basesize=12G");
+ opts->driver_opts[4] = strdup("dm.mkfsarg=-q");
+ opts->driver_opts[5] = strdup("dm.mountopt=rw");
+ opts->driver_opts_len = 6;
EXPECT_CALL(m_libdevmapper_mock, DMTaskCreate(_)).WillRepeatedly(Invoke(invokeDMTaskCreate));
EXPECT_CALL(m_libdevmapper_mock, DMTaskSetMessage(_, _)).WillRepeatedly(Return(1));
@@ -152,7 +170,6 @@ protected:
EXPECT_CALL(m_libdevmapper_mock, DMUdevComplete(_)).WillRepeatedly(Return(1));
EXPECT_CALL(m_libdevmapper_mock, DMTaskDeferredRemove(_)).WillRepeatedly(Return(1));
-
char *names = static_cast<char *>(util_common_calloc_s(sizeof(struct dm_names) + strlen("isulad0-pool") + 1));
struct dm_names *dname = (struct dm_names *)names;
dname->dev = 1;
@@ -164,32 +181,76 @@ protected:
EXPECT_CALL(m_libdevmapper_mock, DMUdevGetSyncSupport()).WillOnce(Return(1));
MOCK_SET_V(util_exec_cmd, invokeUtilExecCmd);
-
- ASSERT_EQ(devmapper_init(&driver, driver_home.c_str(), (const char **)driver_opts, driver_opts_len), 0);
+ MOCK_SET(util_mount, 0);
+ MOCK_SET(umount2, 0);
+ ASSERT_EQ(graphdriver_init(opts), 0);
MOCK_CLEAR(util_exec_cmd);
-
- util_free_array_by_len(driver_opts, driver_opts_len);
- free(names);
+ MOCK_CLEAR(util_mount);
+ MOCK_CLEAR(umount2);
}
void TearDown() override
{
+ MOCK_SET(umount2, 0);
+ ASSERT_EQ(graphdriver_cleanup(), 0);
+ MOCK_CLEAR(umount2);
+
MockLibdevmapper_SetMock(nullptr);
+ MockIsuladConf_SetMock(nullptr);
std::string rm_command = "rm -rf /tmp/isulad/";
ASSERT_EQ(system(rm_command.c_str()), 0);
+
+ if (opts != NULL) {
+ free(opts->storage_root);
+ free(opts->storage_run_root);
+ free(opts->driver_name);
+ util_free_array_by_len(opts->driver_opts, opts->driver_opts_len);
+ free(opts);
+ }
}
NiceMock<MockLibdevmapper> m_libdevmapper_mock;
+ NiceMock<MockIsuladConf> m_isulad_conf_mock;
char data_path[PATH_MAX] = { 0x00 };
- graphdriver driver = {.ops = nullptr, .name = "devicemapper", };
+ struct storage_module_init_options *opts = NULL;
};
+TEST_F(DriverDevmapperUnitTest, test_devmapper_init)
+{
+ // cleanup before
+ MOCK_SET(umount2, 0);
+ ASSERT_EQ(graphdriver_cleanup(), 0);
+ MOCK_CLEAR(umount2);
+
+ std::string rm_command = "rm -rf /tmp/isulad/";
+ ASSERT_EQ(system(rm_command.c_str()), 0);
+ std::string mk_command = "mkdir -p /tmp/isulad/data/devicemapper/mnt";
+ ASSERT_EQ(system(mk_command.c_str()), 0);
+ char *names = static_cast<char *>(util_common_calloc_s(sizeof(struct dm_names) + strlen("isulad0-pool") + 1));
+ struct dm_names *dname = (struct dm_names *)names;
+ dname->dev = 1;
+ dname->next = 0;
+ strcpy(names + sizeof(struct dm_names), "isulad0-pool");
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskGetNames(_)).WillOnce(Return(dname));
+ EXPECT_CALL(m_libdevmapper_mock, DMSetDevDir(_)).WillOnce(Return(1));
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskGetDriverVersion(_, _, _)).WillOnce(Invoke(invokeDMTaskGetDriverVersion));
+ EXPECT_CALL(m_libdevmapper_mock, DMUdevGetSyncSupport()).WillOnce(Return(1));
+
+ MOCK_SET_V(util_exec_cmd, invokeUtilExecCmd);
+ MOCK_SET(util_mount, 0);
+ MOCK_SET(umount2, 0);
+ ASSERT_EQ(graphdriver_init(opts), 0);
+ MOCK_CLEAR(util_exec_cmd);
+ MOCK_CLEAR(util_mount);
+ MOCK_CLEAR(umount2);
+}
+
TEST_F(DriverDevmapperUnitTest, test_devmapper_layer_exists)
{
std::string id { "3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f" };
std::string incorrectId { "eb29745b8228e1e97c01b1d5c2554a319c00a94d8dd5746a3904222ad65a13f8" };
- ASSERT_TRUE(devmapper_layer_exist(id.c_str(), &driver));
- ASSERT_FALSE(devmapper_layer_exist(incorrectId.c_str(), &driver));
+ ASSERT_TRUE(graphdriver_layer_exists(id.c_str()));
+ ASSERT_FALSE(graphdriver_layer_exists(incorrectId.c_str()));
}
TEST_F(DriverDevmapperUnitTest, test_devmapper_create_rw)
@@ -205,11 +266,42 @@ TEST_F(DriverDevmapperUnitTest, test_devmapper_create_rw)
create_opts->storage_opt->keys = static_cast<char **>(util_common_calloc_s(sizeof(char *)));
create_opts->storage_opt->values = static_cast<char **>(util_common_calloc_s(sizeof(char *)));
create_opts->storage_opt->keys[0] = strdup("size");
- create_opts->storage_opt->values[0] = strdup("10G");
+ create_opts->storage_opt->values[0] = strdup("12G");
+ create_opts->storage_opt->len = 1;
+
+ ASSERT_EQ(graphdriver_create_rw(id.c_str(), nullptr, create_opts), 0);
+ ASSERT_TRUE(graphdriver_layer_exists(id.c_str()));
+ free_driver_create_opts(create_opts);
+}
+
+TEST_F(DriverDevmapperUnitTest, test_devmapper_create_ro)
+{
+ std::string id { "eb29745b8228e1e97c01b1d5c2554a319c00a94d8dd5746a3904222ad65a13f8" };
+ struct driver_create_opts *create_opts;
+
+ create_opts = (struct driver_create_opts *)util_common_calloc_s(sizeof(struct driver_create_opts));
+ ASSERT_NE(create_opts, nullptr);
+
+ create_opts->storage_opt = static_cast<json_map_string_string *>(util_common_calloc_s(sizeof(json_map_string_string)));
+ ASSERT_NE(create_opts->storage_opt, nullptr);
+ create_opts->storage_opt->keys = static_cast<char **>(util_common_calloc_s(sizeof(char *)));
+ create_opts->storage_opt->values = static_cast<char **>(util_common_calloc_s(sizeof(char *)));
+ create_opts->storage_opt->keys[0] = strdup("size");
+ create_opts->storage_opt->values[0] = strdup("12G");
create_opts->storage_opt->len = 1;
- ASSERT_EQ(devmapper_create_rw(id.c_str(), nullptr, &driver, create_opts), 0);
- ASSERT_TRUE(devmapper_layer_exist(id.c_str(), &driver));
+ ASSERT_EQ(graphdriver_create_ro(id.c_str(), nullptr, create_opts), 0);
+ ASSERT_TRUE(graphdriver_layer_exists(id.c_str()));
+ free_driver_create_opts(create_opts);
+}
+
+TEST_F(DriverDevmapperUnitTest, test_devmapper_rm_layer)
+{
+ std::string existed_id { "3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f" };
+ std::string not_existed_id { "eb29745b8228e1e97c01b1d5c2554a319c00a94d8dd5746a3904222ad65a13f8" };
+
+ ASSERT_EQ(graphdriver_rm_layer(existed_id.c_str()), 0);
+ ASSERT_EQ(graphdriver_rm_layer(not_existed_id.c_str()), 0);
}
TEST_F(DriverDevmapperUnitTest, test_devmapper_mount_layer)
@@ -220,12 +312,12 @@ TEST_F(DriverDevmapperUnitTest, test_devmapper_mount_layer)
char* mount_dir = nullptr;
MOCK_SET(util_mount, 0);
- mount_dir = devmapper_mount_layer(id.c_str(), &driver, mount_opts);
+ mount_dir = graphdriver_mount_layer(id.c_str(), mount_opts);
ASSERT_STREQ(mount_dir, merged_dir.c_str());
MOCK_CLEAR(util_mount);
MOCK_SET(umount2, 0);
- ASSERT_EQ(devmapper_umount_layer(id.c_str(), &driver), 0);
+ ASSERT_EQ(graphdriver_umount_layer(id.c_str()), 0);
MOCK_CLEAR(umount2);
free(mount_dir);
mount_dir = nullptr;
@@ -237,47 +329,62 @@ TEST_F(DriverDevmapperUnitTest, test_devmapper_mount_layer)
mount_opts->options_len = 1;
MOCK_SET(util_mount, 0);
- mount_dir = devmapper_mount_layer(id.c_str(), &driver, mount_opts);
+ mount_dir = graphdriver_mount_layer(id.c_str(), mount_opts);
ASSERT_STREQ(mount_dir, merged_dir.c_str());
MOCK_CLEAR(util_mount);
MOCK_SET(umount2, 0);
- ASSERT_EQ(devmapper_umount_layer(id.c_str(), &driver), 0);
+ ASSERT_EQ(graphdriver_umount_layer(id.c_str()), 0);
MOCK_CLEAR(umount2);
- free(mount_opts->mount_label);
- util_free_array_by_len(mount_opts->options, mount_opts->options_len);
- free(mount_opts);
- free(mount_dir);
+ free_driver_mount_opts(mount_opts);
}
-TEST_F(DriverDevmapperUnitTest, test_devmapper_get_layer_metadata)
+TEST_F(DriverDevmapperUnitTest, test_devmapper_get_data)
{
std::string id { "3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f" };
- json_map_string_string *map_info = static_cast<json_map_string_string *>(util_common_calloc_s(sizeof(json_map_string_string)));
-
- ASSERT_EQ(devmapper_get_layer_metadata(id.c_str(), &driver, map_info), 0);
- ASSERT_EQ(map_info->len, 4);
- ASSERT_STREQ(map_info->keys[0], "DeviceId");
- ASSERT_STREQ(map_info->values[0], "4");
- ASSERT_STREQ(map_info->keys[1], "DeviceSize");
- ASSERT_STREQ(map_info->values[1], "10737418240");
- ASSERT_STREQ(map_info->keys[2], "DeviceName");
- ASSERT_STREQ(map_info->keys[3], "MergedDir");
- ASSERT_STREQ(map_info->values[3], "/tmp/isulad/data/devicemapper/mnt/3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f/rootfs");
-
- free_json_map_string_string(map_info);
-}
-TEST_F(DriverDevmapperUnitTest, test_devmapper_get_driver_status)
-{
- struct graphdriver_status *status = static_cast<struct graphdriver_status *>(util_common_calloc_s(sizeof(struct graphdriver_status)));
+ container_inspect_graph_driver *inspect = graphdriver_get_metadata(id.c_str());
+ ASSERT_NE(inspect, nullptr);
+ ASSERT_STREQ(inspect->data->device_id, "4");
+ ASSERT_STREQ(inspect->data->device_size, "10737418240");
+ ASSERT_STREQ(inspect->data->merged_dir, "/tmp/isulad/data/devicemapper/mnt/3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f/rootfs");
+ free_container_inspect_graph_driver(inspect);
EXPECT_CALL(m_libdevmapper_mock, DMUdevGetSyncSupport()).WillOnce(Return(1));
- ASSERT_EQ(devmapper_get_driver_status(&driver, status), 0);
+ struct graphdriver_status *status = graphdriver_get_status();
+ ASSERT_NE(status, nullptr);
ASSERT_STREQ(status->driver_name, "devicemapper");
- free(status->driver_name);
- free(status->backing_fs);
- free(status->status);
- free(status);
+ free_graphdriver_status(status);
+
+ ASSERT_EQ(devmapper_repair_lowers(nullptr, nullptr, nullptr), 0);
+ ASSERT_EQ(devmapper_get_layer_fs_info(nullptr, nullptr, nullptr), 0);
}
+
+TEST_F(DriverDevmapperUnitTest, test_devmapper_apply_diff)
+{
+ struct io_read_wrapper reader = {0};
+ std::string id { "3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f" };
+ MOCK_SET(util_mount, 0);
+ MOCK_SET(archive_unpack, 0);
+ MOCK_SET(umount2, 0);
+ EXPECT_CALL(m_isulad_conf_mock, ConfGetISuladRootDir()).WillOnce(Return(util_strdup_s("/tmp/isulad")));
+ ASSERT_EQ(graphdriver_apply_diff(id.c_str(), &reader), 0);
+ MOCK_CLEAR(archive_unpack);
+ MOCK_CLEAR(util_mount);
+ MOCK_CLEAR(umount2);
+}
+
+TEST_F(DriverDevmapperUnitTest, test_wrapper_devmapper)
+{
+ ASSERT_STREQ(dev_strerror(ERR_TASK_RUN), "Task run error");
+ ASSERT_STREQ(dev_strerror(ERR_TASK_SET_COOKIE), "Task set cookie error");
+ ASSERT_STREQ(dev_strerror(ERR_NIL_COOKIE), "cookie ptr can't be nil");
+ ASSERT_STREQ(dev_strerror(ERR_TASK_SET_ADD_NODE), "Task add dm node failed");
+ ASSERT_STREQ(dev_strerror(ERR_BUSY), "Device busy");
+ ASSERT_STREQ(dev_strerror(ERR_DEVICE_ID_EXISTS), "Device exists already");
+ ASSERT_STREQ(dev_strerror(ERR_ENXIO), "No such device of address");
+ ASSERT_STREQ(dev_strerror(ERR_TASK_ADD_TARGET), "Task add target device error");
+ ASSERT_STREQ(dev_strerror(ERR_TASK_DEFERRED_REMOVE), "dm_task_deferred_remove failed");
+ ASSERT_STREQ(dev_strerror(100), "Unknown error");
+}
\ No newline at end of file
--
2.42.0

56
0046-2292-bugfix-for-run.sh-and-add-build-notify-msg-for-.patch
View File

@ -1,56 +0,0 @@
From d813e654b5b964f79857df3c9130f174443a76be Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 4 Dec 2023 09:44:42 +0000
Subject: [PATCH 46/64] !2292 bugfix for run.sh and add build notify msg for
ENABLE_GRPC_REMOTE_CONNECT * bugfix for run.sh and add build notify msg for
ENABLE_GRPC_REMOTE_CONNECT
---
CI/test_cases/container_cases/run.sh | 6 +++---
cmake/options.cmake | 1 +
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/CI/test_cases/container_cases/run.sh b/CI/test_cases/container_cases/run.sh
index 8ea3e514..1bfd388b 100755
--- a/CI/test_cases/container_cases/run.sh
+++ b/CI/test_cases/container_cases/run.sh
@@ -27,7 +27,8 @@ function do_test_t()
{
tid=`isula run --runtime $1 -tid --name hostname busybox`
chostname=`isula exec -it $tid hostname`
- fn_check_eq "$chostname" "${tid:0:12}" "default hostname is id of container"
+ clean_hostname=$(echo "$hostname" | sed 's/[\x01-\x1F\x7F]//g')
+ fn_check_eq "${clean_hostname}" "${tid:0:12}" "default hostname is not id of container"
isula exec -it hostname env | grep HOSTNAME
fn_check_eq "$?" "0" "check HOSTNAME env failed"
isula stop -t 0 $tid
@@ -149,13 +150,12 @@ function do_run_remote_test_t()
isula run --runtime $1 -ti -H "$config" --name $containername busybox xxx
[[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed check invalid run ${containername} remote" && ((ret++))
- testcontainer $containername exited
+
isula rm -f -H "$config" $containername
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to rm container remote" && ((ret++))
isula run --runtime $1 -ti -H "$config" --name $containername busybox /bin/sh -c 'echo "hello"' | grep hello
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run ${containername} remote" && ((ret++))
- testcontainer $containername exited
isula rm -f -H "$config" $containername
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to rm container remote" && ((ret++))
diff --git a/cmake/options.cmake b/cmake/options.cmake
index aeb24662..bf7db93a 100644
--- a/cmake/options.cmake
+++ b/cmake/options.cmake
@@ -110,6 +110,7 @@ option(ENABLE_GRPC_REMOTE_CONNECT "enable gRPC remote connect" OFF)
if (ENABLE_GRPC_REMOTE_CONNECT STREQUAL "ON")
add_definitions(-DENABLE_GRPC_REMOTE_CONNECT=1)
set(ENABLE_GRPC_REMOTE_CONNECT 1)
+ message("${Green}-- enable gRPC remote connect${ColourReset}")
endif()
option(ENABLE_SHIM_V2 "enable shim v2 runtime" OFF)
--
2.42.0

251
0047-2295-keep-the-service-status-unchanged-after-iSulad-.patch
View File

@ -1,251 +0,0 @@
From 98825c56135aeeb02f50a5eec5896d39d3ea649f Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 6 Dec 2023 01:56:52 +0000
Subject: [PATCH 47/64] !2295 keep the service status unchanged after iSulad
service upgrade * keep the service status unchanged after iSulad service
upgrade and
---
iSulad.spec | 121 +++++++++++++++++++++++++++-------------------------
1 file changed, 62 insertions(+), 59 deletions(-)
diff --git a/iSulad.spec b/iSulad.spec
index 6be2067d..0efbf043 100644
--- a/iSulad.spec
+++ b/iSulad.spec
@@ -1,24 +1,23 @@
%global _version 2.1.4
-%global _release 1
+%global _release 2
%global is_systemd 1
%global enable_criv1 1
%global enable_shimv2 1
-%global enable_embedded 1
+%global is_embedded 1
+%global cpp_std 17
Name: iSulad
Version: %{_version}
Release: %{_release}
Summary: Lightweight Container Runtime Daemon
License: Mulan PSL v2
-URL: isulad
-Source: iSulad-2.1.tar.gz
+URL: https://gitee.com/openeuler/iSulad
+Source: https://gitee.com/openeuler/iSulad/repository/archive/v%{version}.tar.gz
BuildRoot: {_tmppath}/iSulad-%{version}
-ExclusiveArch: x86_64 aarch64
%ifarch x86_64 aarch64
Provides: libhttpclient.so()(64bit)
Provides: libisula_client.so()(64bit)
-Provides: libisulad_img.so()(64bit)
Provides: libisulad_tools.so()(64bit)
%endif
@@ -33,40 +32,56 @@ Requires(preun): chkconfig
Requires(preun): initscripts
%endif
-%if 0%{?enable_embedded}
+%if 0%{?is_embedded}
BuildRequires: sqlite-devel
-Requires: sqlite
+Requires: sqlite
%endif
-%if 0%{?enable_shimv2}
-BuildRequires: lib-shim-v2-devel
-Requires: lib-shim-v2
+%if %{defined openeuler}
+BuildRequires: gtest-devel gmock-devel
%endif
-BuildRequires: cmake gcc-c++ lxc-devel lcr-devel yajl-devel libisula-devel
-BuildRequires: grpc-plugins grpc-devel protobuf-devel
-BuildRequires: libcurl-devel libarchive-devel device-mapper-devel
+%define lcrver_lower 2.1.3-0
+%define lcrver_upper 2.1.4-0
+
+BuildRequires: libisula-devel > %{lcrver_lower} libisula-devel < %{lcrver_upper}
+BuildRequires: cmake gcc-c++ yajl-devel
+BuildRequires: grpc grpc-plugins grpc-devel protobuf-devel
+BuildRequires: libcurl libcurl-devel libarchive-devel device-mapper-devel
BuildRequires: http-parser-devel
-BuildRequires: libselinux-devel libwebsockets-devel
+BuildRequires: libseccomp-devel libcap-devel libselinux-devel libwebsockets libwebsockets-devel
BuildRequires: systemd-devel git
+BuildRequires: libevhtp-devel libevent-devel
+%if 0%{?enable_shimv2}
+BuildRequires: lib-shim-v2 lib-shim-v2-devel
+%endif
+
-Requires: libisula lxc
-Requires: grpc libcurl http-parser
-Requires: libselinux libwebsockets libarchive device-mapper
+Requires: libisula > %{lcrver_lower} libisula < %{lcrver_upper}
+Requires: grpc protobuf
+Requires: libcurl
+Requires: http-parser libseccomp
+Requires: libcap libselinux libwebsockets libarchive device-mapper
Requires: systemd
+Requires: (docker-runc or runc)
+BuildRequires: libevhtp libevent
+%if 0%{?enable_shimv2}
+Requires: lib-shim-v2
+%endif
%description
This is a umbrella project for gRPC-services based Lightweight Container
Runtime Daemon, written by C.
%prep
-%autosetup -c -n iSulad-%{version}
+%autosetup -n iSulad-v%{_version} -Sgit -p1
%build
mkdir -p build
cd build
%cmake \
-DDEBUG=ON \
+ -DCMAKE_SKIP_RPATH=TRUE \
-DLIB_INSTALL_DIR=%{_libdir} \
-DCMAKE_INSTALL_PREFIX=/usr \
%if 0%{?enable_criv1}
@@ -76,36 +91,47 @@ cd build
%if 0%{?enable_shimv2}
-DENABLE_SHIM_V2=ON \
%endif
+%if %{defined openeuler}
+ -DENABLE_UT=OFF \
+%endif
+ -DENABLE_GRPC_REMOTE_CONNECT=OFF \
+ -DENABLE_GRPC=ON \
+ -DCMAKE_CXX_STANDARD=%{cpp_std} \
../
+
+sed -i "10 a\# undef linux" grpc/src/api/services/cri/v1alpha/api.pb.h
+%if 0%{?enable_criv1}
+sed -i "10 a\# undef linux" grpc/src/api/services/cri/v1/api_v1.pb.h
+%endif
+
%make_build
+%check
+%if %{defined openeuler}
+cd build
+# registry_images_ut and volume_ut must run with root user
+ctest -E "registry_images_ut|volume_ut"
+%endif
+
%install
rm -rf %{buildroot}
cd build
install -d $RPM_BUILD_ROOT/%{_libdir}
-install -m 0644 ./src/libisula_client.so %{buildroot}/%{_libdir}/libisula_client.so
-install -m 0644 ./src/utils/http/libhttpclient.so %{buildroot}/%{_libdir}/libhttpclient.so
-chrpath -d ./src/libisulad_tools.so
-install -m 0644 ./src/libisulad_tools.so %{buildroot}/%{_libdir}/libisulad_tools.so
-chrpath -d ./src/daemon/modules/image/libisulad_img.so
-install -m 0644 ./src/daemon/modules/image/libisulad_img.so %{buildroot}/%{_libdir}/libisulad_img.so
-chmod +x %{buildroot}/%{_libdir}/libisula_client.so
-chmod +x %{buildroot}/%{_libdir}/libhttpclient.so
-chmod +x %{buildroot}/%{_libdir}/libisulad_img.so
+install -m 0755 ./src/libisula_client.so %{buildroot}/%{_libdir}/libisula_client.so
+install -m 0755 ./src/utils/http/libhttpclient.so %{buildroot}/%{_libdir}/libhttpclient.so
+install -m 0755 ./src/libisulad_tools.so %{buildroot}/%{_libdir}/libisulad_tools.so
install -d $RPM_BUILD_ROOT/%{_libdir}/pkgconfig
install -m 0640 ./conf/isulad.pc %{buildroot}/%{_libdir}/pkgconfig/isulad.pc
install -d $RPM_BUILD_ROOT/%{_bindir}
+
install -m 0755 ./src/isula %{buildroot}/%{_bindir}/isula
install -m 0755 ./src/isulad-shim %{buildroot}/%{_bindir}/isulad-shim
-install -m 0755 ./src/isulad %{buildroot}/%{_bindir}/isulad
-chrpath -d ./src/isula
-chrpath -d ./src/isulad-shim
-chrpath -d ./src/isulad
+
+install -m 0755 ./src/isulad %{buildroot}/%{_bindir}/isulad
install -d $RPM_BUILD_ROOT/%{_includedir}/isulad
-install -m 0644 ../src/daemon/modules/api/image_api.h %{buildroot}/%{_includedir}/isulad/image_api.h
install -d $RPM_BUILD_ROOT/%{_sysconfdir}/isulad
install -m 0640 ../src/contrib/config/daemon.json %{buildroot}/%{_sysconfdir}/isulad/daemon.json
@@ -134,8 +160,6 @@ install -d $RPM_BUILD_ROOT/%{_initddir}
install -p -m 0640 ../src/contrib/init/isulad.init $RPM_BUILD_ROOT/%{_initddir}/isulad.init
%endif
-install -d $RPM_BUILD_ROOT/usr/share/bash-completion/completions
-install -p -m 0644 ../src/contrib/completion/isula $RPM_BUILD_ROOT/usr/share/bash-completion/completions/isula
%clean
rm -rf %{buildroot}
@@ -143,19 +167,17 @@ rm -rf %{buildroot}
# support update from lcrd to isulad, will remove in next version
if [ "$1" = "2" ]; then
%if 0%{?is_systemd}
-systemctl stop lcrd
-systemctl disable lcrd
+systemctl stop lcrd &>/dev/null
+systemctl disable lcrd &>/dev/null
if [ -e %{_sysconfdir}/isulad/daemon.json ];then
sed -i 's#/etc/default/lcrd/hooks#/etc/default/isulad/hooks#g' %{_sysconfdir}/isulad/daemon.json
fi
%else
-/sbin/chkconfig --del lcrd
+/sbin/chkconfig --del lcrd &>/dev/null
%endif
fi
%post
-source /usr/share/bash-completion/completions/isula
-
if ! getent group isula > /dev/null; then
groupadd --system isula
fi
@@ -174,12 +196,6 @@ if [ -e %{_unitdir}/lcrd.service.rpmsave ]; then
mv %{_unitdir}/lcrd.service.rpmsave %{_unitdir}/isulad.service
sed -i 's/lcrd/isulad/g' %{_unitdir}/isulad.service
fi
-systemctl status isulad | grep 'Active:' | grep 'running'
-if [ $? -eq 0 ]; then
- systemctl restart isulad
-else
- systemctl start isulad
-fi
%else
/sbin/service isulad status | grep 'Active:' | grep 'running'
if [ $? -eq 0 ]; then
@@ -226,7 +242,6 @@ fi
%{_initddir}/isulad.init
%attr(0640,root,root) %{_initddir}/isulad.init
%endif
-%{_includedir}/isulad/*
%attr(0755,root,root) %{_libdir}/pkgconfig
%attr(0640,root,root) %{_libdir}/pkgconfig/isulad.pc
%defattr(0755,root,root,0755)
@@ -242,17 +257,5 @@ fi
%else
%config(noreplace,missingok) %{_initddir}/isulad.init
%endif
-/usr/share/bash-completion/completions/isula
%changelog
-* Tue Sep 10 2020 openEuler Buildteam <buildteam@openeuler.org> - 2.0.5-20200910.140350.git72990229
-- Type:enhancement
-- ID:NA
-- SUG:NA
-- DESC: add chrpath
-
-* Mon Aug 03 2020 openEuler Buildteam <buildteam@openeuler.org> - 2.0.3-20200803.130854.git0c7dc28a
-- Type:enhancement
-- ID:NA
-- SUG:NA
-- DESC: add debug packages
--
2.42.0

40
0048-modify-attach-socket-name.patch
View File

@ -1,40 +0,0 @@
From c01b761e14e6b4ea6745688e47b255f17ba26055 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 6 Dec 2023 15:15:32 +0800
Subject: [PATCH 48/64] modify attach socket name
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/cmd/isulad-shim/common.h | 2 +-
src/daemon/modules/runtime/isula/isula_rt_ops.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/cmd/isulad-shim/common.h b/src/cmd/isulad-shim/common.h
index 2020a799..c4f86d24 100644
--- a/src/cmd/isulad-shim/common.h
+++ b/src/cmd/isulad-shim/common.h
@@ -60,7 +60,7 @@ extern "C" {
#define CONTAINER_ACTION_REBOOT 129
#define CONTAINER_ACTION_SHUTDOWN 130
-#define ATTACH_SOCKET "attach_socket.sock"
+#define ATTACH_SOCKET "attach.sock"
#define ATTACH_LOG_NAME "attach-log.json"
#define ATTACH_DETACH_MSG "read escape sequence"
#define MAX_ATTACH_NUM 16
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index 3950ff4a..fbb779f7 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -57,7 +57,7 @@
#define SHIM_BINARY "isulad-shim"
#define RESIZE_FIFO_NAME "resize_fifo"
-#define ATTACH_SOCKET "attach_socket.sock"
+#define ATTACH_SOCKET "attach.sock"
#define SHIM_LOG_SIZE ((BUFSIZ - 100) / 2)
#define RESIZE_DATA_SIZE 100
#define PID_WAIT_TIME 120
--
2.42.0

110
0049-2298-bugfix-for-hook_ignore_poststart_error-run-in-o.patch
View File

@ -1,110 +0,0 @@
From 94122c5752936b4f5db14521cdd0f39a3dec6851 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Thu, 7 Dec 2023 03:32:15 +0000
Subject: [PATCH 49/64] !2298 bugfix for hook_ignore_poststart_error run in oci
runtime * bugfix for hook_ignore_poststart_error run in oci runtime
---
.../hook_ignore_poststart_error.sh | 70 +++++++++++++------
1 file changed, 50 insertions(+), 20 deletions(-)
diff --git a/CI/test_cases/container_cases/hook_ignore_poststart_error.sh b/CI/test_cases/container_cases/hook_ignore_poststart_error.sh
index 8c636f7e..38b6f021 100755
--- a/CI/test_cases/container_cases/hook_ignore_poststart_error.sh
+++ b/CI/test_cases/container_cases/hook_ignore_poststart_error.sh
@@ -24,6 +24,48 @@ source ../helpers.sh
test_data_path=$(realpath $curr_path/test_data)
+# $1 hook process
+# $2 container id
+# $3 expect container status
+# $4 process statement
+function test_kill_hook()
+{
+ for a in `seq 20`
+ do
+ bpid=`ps aux | grep "$1" | grep -v grep | awk '{print $2}'`
+ if [ "x" != "x$bpid" ];then
+ kill -9 $bpid
+ break
+ else
+ sleep .5
+ continue
+ fi
+ done
+
+ if [ "x" != "x$4" ];then
+ for a in `seq 20`
+ do
+ bpid=`ps aux | grep "$4" | grep -v grep | awk '{print $2}'`
+ if [ "x" != "x$bpid" ];then
+ kill -9 $bpid
+ break
+ else
+ sleep .5
+ continue
+ fi
+ done
+ fi
+
+ status=`isula inspect -f '{{json .State.Status}}' $2`
+ if [ "$status" == "$3" ];then
+ echo "get right status"
+ return 0
+ else
+ echo "expect $2 $3, but get $status"
+ return 1
+ fi
+}
+
function test_hook_ignore_poststart_error_spec()
{
local ret=0
@@ -42,27 +84,15 @@ function test_hook_ignore_poststart_error_spec()
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - missing list image: ${image}" && ((ret++))
isula run -n $CONT -itd --runtime $runtime --hook-spec ${test_data_path}/oci_hook_poststart_check.json ${image} &
-
- for a in `seq 20`
- do
- bpid=`ps aux | grep "poststart.sh" | grep -v grep | awk '{print $2}'`
- if [ "x" != "x$bpid" ];then
- kill -9 $bpid
- break
- else
- sleep .5
- continue
- fi
- done
-
- status=`isula inspect -f '{{json .State.Status}}' $CONT`
- if [ "$status" == "\"running\"" ];then
- echo "get right status"
+
+ # when runc container run poststart hook, the process structure is different from lxc
+ if [ $runtime == "lcr" ]; then
+ test_kill_hook "poststart.sh" $CONT \"running\"
else
- echo "expect $CONT running, but get $status"
- ret++
+ test_kill_hook "poststart.sh" $CONT \"exited\" "sleep 300"
fi
-
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to test kill hook: ${image}" && ((ret++))
+
isula stop -t 0 ${CONT}
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to stop ${CONT}" && ((ret++))
@@ -77,7 +107,7 @@ declare -i ans=0
for element in ${RUNTIME_LIST[@]};
do
- test_hook_ignore_poststart_error_spec $1 || ((ans++))
+ test_hook_ignore_poststart_error_spec $element || ((ans++))
done
show_result ${ans} "${curr_path}/${0}"
--
2.42.0

28
0050-2304-remove-build-and-test-in-coverage.patch
View File

@ -1,28 +0,0 @@
From c2e9919ec8612d6e811644ec8aacf53cec0c4f20 Mon Sep 17 00:00:00 2001
From: jake <jikai11@huawei.com>
Date: Tue, 12 Dec 2023 08:55:30 +0000
Subject: [PATCH 50/64] !2304 remove build and test in coverage * remove build
and test in coverage
---
CI/generate_gcov.sh | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/CI/generate_gcov.sh b/CI/generate_gcov.sh
index 153c9f5a..76bf382b 100755
--- a/CI/generate_gcov.sh
+++ b/CI/generate_gcov.sh
@@ -31,8 +31,8 @@ ctest
lcov --directory . --capture --output-file coverage.info --rc lcov_branch_coverage=1
# Remove std/build files
lcov --remove coverage.info '/usr/*' -o coverage.info --rc lcov_branch_coverage=1
-lcov --remove coverage.info 'build/*' -o coverage.info --rc lcov_branch_coverage=1
-lcov --remove coverage.info 'test/*' -o coverage.info --rc lcov_branch_coverage=1
+lcov --remove coverage.info "$ISULAD_SRC_PATH/build/*" -o coverage.info --rc lcov_branch_coverage=1
+lcov --remove coverage.info "$ISULAD_SRC_PATH/test/*" -o coverage.info --rc lcov_branch_coverage=1
# Generate html
genhtml --ignore-errors source -o $GCOV_RESULT_PATH/coverage coverage.info --branch-coverage --rc lcov_branch_coverage=1
--
2.42.0

197
0051-2303-use-a-timeout-epoll-loop-to-ensure-complete-dat.patch
View File

@ -1,197 +0,0 @@
From 7d1b8d25468528a59318430d50d839032f2c1a07 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 12 Dec 2023 12:26:32 +0000
Subject: [PATCH 51/64] !2303 use a timeout epoll loop to ensure complete data
reception * use a timeout epoll loop to ensure complete data reception
---
src/cmd/isulad-shim/process.c | 105 +++++++++-------------------------
src/cmd/isulad-shim/process.h | 1 -
2 files changed, 26 insertions(+), 80 deletions(-)
diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c
index e8cb9b32..97524f1a 100644
--- a/src/cmd/isulad-shim/process.c
+++ b/src/cmd/isulad-shim/process.c
@@ -169,6 +169,7 @@ static int get_exec_winsize(const char *buf, struct winsize *wsize)
static int sync_exit_cb(int fd, uint32_t events, void *cbdata, isula_epoll_descr_t *descr)
{
+ isula_epoll_remove_handler(descr, fd);
return EPOLL_LOOP_HANDLE_CLOSE;
}
@@ -364,23 +365,14 @@ static int stdout_cb(int fd, uint32_t events, void *cbdata, isula_epoll_descr_t
int r_count = 0;
int w_count = 0;
- if (events & EPOLLHUP) {
- return EPOLL_LOOP_HANDLE_CLOSE;
- }
-
- if (!(events & EPOLLIN)) {
- return EPOLL_LOOP_HANDLE_CONTINUE;
- }
-
(void)memset(p->buf, 0, DEFAULT_IO_COPY_BUF);
- if (p->block_read) {
- r_count = isula_file_read_nointr(fd, p->buf, DEFAULT_IO_COPY_BUF);
- } else {
- r_count = read(fd, p->buf, DEFAULT_IO_COPY_BUF);
- }
- if (r_count <= 0) {
- return EPOLL_LOOP_HANDLE_CLOSE;
+ r_count = isula_file_read_nointr(fd, p->buf, DEFAULT_IO_COPY_BUF);
+ if (r_count <= 0 ) {
+ isula_epoll_remove_handler(descr, fd);
+ // fd cannot be closed here, which will cause the container process to exit abnormally
+ // due to terminal fd receiving the sighup signal.
+ return EPOLL_LOOP_HANDLE_CONTINUE;
}
shim_write_container_log_file(p->terminal, STDID_OUT, p->buf, r_count);
@@ -419,23 +411,14 @@ static int stderr_cb(int fd, uint32_t events, void *cbdata, isula_epoll_descr_t
int r_count = 0;
int w_count = 0;
- if (events & EPOLLHUP) {
- return EPOLL_LOOP_HANDLE_CLOSE;
- }
-
- if (!(events & EPOLLIN)) {
- return EPOLL_LOOP_HANDLE_CONTINUE;
- }
-
(void)memset(p->buf, 0, DEFAULT_IO_COPY_BUF);
- if (p->block_read) {
- r_count = isula_file_read_nointr(fd, p->buf, DEFAULT_IO_COPY_BUF);
- } else {
- r_count = read(fd, p->buf, DEFAULT_IO_COPY_BUF);
- }
- if (r_count <= 0) {
- return EPOLL_LOOP_HANDLE_CLOSE;
+ r_count = isula_file_read_nointr(fd, p->buf, DEFAULT_IO_COPY_BUF);
+ if (r_count <= 0 ) {
+ isula_epoll_remove_handler(descr, fd);
+ // fd cannot be closed here, which will cause the container process to exit abnormally
+ // due to terminal fd receiving the sighup signal.
+ return EPOLL_LOOP_HANDLE_CONTINUE;
}
shim_write_container_log_file(p->terminal, STDID_ERR, p->buf, r_count);
@@ -474,18 +457,11 @@ static int resize_cb(int fd, uint32_t events, void *cbdata, isula_epoll_descr_t
int r_count = 0;
int resize_fd = -1;
- if (events & EPOLLHUP) {
- return EPOLL_LOOP_HANDLE_CLOSE;
- }
-
- if (!(events & EPOLLIN)) {
- return EPOLL_LOOP_HANDLE_CONTINUE;
- }
-
(void)memset(p->buf, 0, DEFAULT_IO_COPY_BUF);
r_count = isula_file_read_nointr(fd, p->buf, DEFAULT_IO_COPY_BUF);
if (r_count <= 0) {
- return EPOLL_LOOP_HANDLE_CLOSE;
+ close(fd);
+ return EPOLL_LOOP_HANDLE_CONTINUE;
}
resize_fd = p->recv_fd;
@@ -915,8 +891,6 @@ static int open_generic_io(process_t *p, isula_epoll_descr_t *descr)
static void *io_epoll_loop(void *data)
{
int ret = 0;
- int fd_out = -1;
- int fd_err = -1;
process_t *p = (process_t *)data;
isula_epoll_descr_t descr;
@@ -953,49 +927,23 @@ static void *io_epoll_loop(void *data)
(void)sem_post(&p->sem_mainloop);
+ // th frist epoll_loop will exit in the following scenarios:
+ // 1. Receive sync fd event
+ // 2. stdin fd receive EPOLLHUP event
+ // 3. stdin fd read failed
ret = isula_epoll_loop(&descr, -1);
if (ret != 0) {
write_message(ERR_MSG, "epoll loop failed");
exit(EXIT_FAILURE);
}
- // in order to avoid data loss, set fd non-block and read it
- p->block_read = false;
- if (p->state->terminal) {
- fd_out = p->recv_fd;
- } else {
- fd_out = p->shim_io->out;
- fd_err = p->shim_io->err;
- }
-
- if (fd_out > 0) {
- ret = isula_set_non_block(fd_out);
- if (ret != SHIM_OK) {
- write_message(ERR_MSG, "set fd %d non_block failed:%d", fd_out, SHIM_SYS_ERR(errno));
- exit(EXIT_FAILURE);
- }
-
- for (;;) {
- ret = stdout_cb(fd_out, EPOLLIN, p, &descr);
- if (ret == EPOLL_LOOP_HANDLE_CLOSE) {
- break;
- }
- }
- }
-
- if (fd_err > 0) {
- ret = isula_set_non_block(fd_err);
- if (ret != SHIM_OK) {
- write_message(ERR_MSG, "set fd %d non_block failed:%d", fd_err, SHIM_SYS_ERR(errno));
- exit(EXIT_FAILURE);
- }
-
- for (;;) {
- ret = stderr_cb(fd_err, EPOLLIN, p, &descr);
- if (ret == EPOLL_LOOP_HANDLE_CLOSE) {
- break;
- }
- }
+ // use a timeout epoll loop to ensure complete data reception
+ // th second epoll_loop will exit in the following scenarios:
+ // 1. both stdout fd and stderr fd failed to read
+ // 2. no event received within 100 milliseconds
+ ret = isula_epoll_loop(&descr, 100);
+ if (ret != 0) {
+ write_message(ERR_MSG, "Repeat the epoll loop to ensure that all data is transferred");
}
return NULL;
@@ -1220,7 +1168,6 @@ process_t *new_process(char *id, char *bundle, char *runtime)
p->bundle = bundle;
p->runtime = runtime;
p->state = p_state;
- p->block_read = true;
p->console_sock_path = NULL;
p->exit_fd = -1;
p->io_loop_fd = -1;
diff --git a/src/cmd/isulad-shim/process.h b/src/cmd/isulad-shim/process.h
index 5607316c..32ba7366 100644
--- a/src/cmd/isulad-shim/process.h
+++ b/src/cmd/isulad-shim/process.h
@@ -55,7 +55,6 @@ typedef struct process {
int sync_fd;
int listen_fd;
int recv_fd;
- bool block_read;
log_terminal *terminal;
stdio_t *stdio; // shim to on runtime side, in:r out/err: w
stdio_t *shim_io; // shim io on isulad side, in: w out/err: r
--
2.42.0

170
0052-modify-the-default-value-of-ISULAD_TMPDIR-to-var-lib.patch
View File

@ -1,170 +0,0 @@
From 06d42781cbfc3d9baa7155b480e22b9f4164ab91 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 12 Dec 2023 20:24:57 +0800
Subject: [PATCH 52/64] modify the default value of ISULAD_TMPDIR to
/var/lib/isulad
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/cmd/isulad/main.c | 13 +++++++------
src/common/constants.h | 2 ++
src/contrib/config/iSulad.sysconfig | 4 ++--
.../modules/container/leftover_cleanup/cleanup.c | 6 +++---
src/daemon/modules/image/oci/utils_images.c | 2 +-
src/utils/cutils/utils_verify.c | 5 +++++
src/utils/cutils/utils_verify.h | 2 ++
src/utils/tar/util_archive.c | 9 +++++----
8 files changed, 27 insertions(+), 16 deletions(-)
diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c
index 95454e2a..d33e4004 100644
--- a/src/cmd/isulad/main.c
+++ b/src/cmd/isulad/main.c
@@ -1295,8 +1295,8 @@ static int ensure_isulad_tmpdir_security()
char *isulad_tmp_dir = NULL;
isulad_tmp_dir = getenv("ISULAD_TMPDIR");
- if (!util_valid_str(isulad_tmp_dir)) {
- isulad_tmp_dir = "/tmp";
+ if (!util_valid_isulad_tmpdir(isulad_tmp_dir)) {
+ isulad_tmp_dir = DEFAULT_ISULAD_TMPDIR;
}
if (do_ensure_isulad_tmpdir_security(isulad_tmp_dir) != 0) {
@@ -1304,14 +1304,15 @@ static int ensure_isulad_tmpdir_security()
return -1;
}
- if (strcmp(isulad_tmp_dir, "/tmp") == 0) {
+ if (strcmp(isulad_tmp_dir, DEFAULT_ISULAD_TMPDIR) == 0) {
return 0;
}
// No matter whether ISULAD_TMPDIR is set or not,
- // ensure the "/tmp" directory is a safe directory
- if (do_ensure_isulad_tmpdir_security("/tmp") != 0) {
- WARN("Failed to ensure the /tmp directory is a safe directory");
+ // ensure the DEFAULT_ISULAD_TMPDIR directory is a safe directory
+ // TODO: if isula is no longer tarred in the future, we can delete it.
+ if (do_ensure_isulad_tmpdir_security(DEFAULT_ISULAD_TMPDIR) != 0) {
+ WARN("Failed to ensure the default ISULAD_TMPDIR : %s directory is a safe directory", DEFAULT_ISULAD_TMPDIR);
}
return 0;
diff --git a/src/common/constants.h b/src/common/constants.h
index 5f12ae25..27d4956e 100644
--- a/src/common/constants.h
+++ b/src/common/constants.h
@@ -129,6 +129,8 @@ extern "C" {
#define OCI_IMAGE_GRAPH_ROOTPATH_NAME "storage"
+#define DEFAULT_ISULAD_TMPDIR "/var/lib/isulad"
+
#ifdef ENABLE_GRPC_REMOTE_CONNECT
#define DEFAULT_TCP_HOST "tcp://localhost:2375"
#define DEFAULT_TLS_HOST "tcp://localhost:2376"
diff --git a/src/contrib/config/iSulad.sysconfig b/src/contrib/config/iSulad.sysconfig
index 43ba7cbd..25099480 100644
--- a/src/contrib/config/iSulad.sysconfig
+++ b/src/contrib/config/iSulad.sysconfig
@@ -22,5 +22,5 @@
#SYSMONITOR_OPTIONS='-H tcp://127.0.0.1:2375 --tlsverify --tlscacert=/root/.iSulad/ca.pem --tlscert=/root/.iSulad/cert.pem --tlskey=/root/.iSulad/key.pem'
# Location used for temporary files, such as those created by isula load and pull operations.
-# Default is /var/tmp. Can be overridden by setting the following env variable.
-# ISULAD_TMPDIR=/var/tmp
+# Default is /var/lib/isulad. Can be overridden by setting the following env variable.
+# ISULAD_TMPDIR=/var/lib/isulad
diff --git a/src/daemon/modules/container/leftover_cleanup/cleanup.c b/src/daemon/modules/container/leftover_cleanup/cleanup.c
index 9a38ffc2..af5f0eee 100644
--- a/src/daemon/modules/container/leftover_cleanup/cleanup.c
+++ b/src/daemon/modules/container/leftover_cleanup/cleanup.c
@@ -203,12 +203,12 @@ void do_isulad_tmpdir_cleaner(void)
char *isula_tmp_dir = NULL;
isula_tmp_dir = getenv("ISULAD_TMPDIR");
- if (util_valid_str(isula_tmp_dir)) {
+ if (util_valid_isulad_tmpdir(isula_tmp_dir)) {
cleanup_path(isula_tmp_dir);
}
// No matter whether ISULAD_TMPDIR is set or not,
- // clean up the "/tmp" directory to prevent the mount point from remaining
- cleanup_path("/tmp");
+ // clean up the DEFAULT_ISULAD_TMPDIR directory to prevent the mount point from remaining
+ cleanup_path(DEFAULT_ISULAD_TMPDIR);
return;
}
diff --git a/src/daemon/modules/image/oci/utils_images.c b/src/daemon/modules/image/oci/utils_images.c
index f92ee59a..d94388bd 100644
--- a/src/daemon/modules/image/oci/utils_images.c
+++ b/src/daemon/modules/image/oci/utils_images.c
@@ -595,7 +595,7 @@ char *oci_get_isulad_tmpdir(const char *root_dir)
}
env_dir = getenv("ISULAD_TMPDIR");
- if (util_valid_str(env_dir)) {
+ if (util_valid_isulad_tmpdir(env_dir)) {
isulad_tmpdir = util_path_join(env_dir, "isulad_tmpdir");
} else {
isulad_tmpdir = util_path_join(root_dir, "isulad_tmpdir");
diff --git a/src/utils/cutils/utils_verify.c b/src/utils/cutils/utils_verify.c
index f4ce3199..7f2db48b 100644
--- a/src/utils/cutils/utils_verify.c
+++ b/src/utils/cutils/utils_verify.c
@@ -744,6 +744,11 @@ bool util_valid_volume_name(const char *name)
return util_reg_match(patten, name) == 0;
}
+bool util_valid_isulad_tmpdir(const char *dir)
+{
+ return util_valid_str(dir) && strcmp(dir, "/tmp") != 0;
+}
+
#ifdef ENABLE_IMAGE_SEARCH
bool util_valid_search_name(const char *name)
{
diff --git a/src/utils/cutils/utils_verify.h b/src/utils/cutils/utils_verify.h
index 54d1ce71..bafd2a82 100644
--- a/src/utils/cutils/utils_verify.h
+++ b/src/utils/cutils/utils_verify.h
@@ -124,6 +124,8 @@ bool util_valid_sysctl(const char *sysctl_key);
bool util_valid_volume_name(const char *name);
+bool util_valid_isulad_tmpdir(const char *dir);
+
#ifdef ENABLE_IMAGE_SEARCH
bool util_valid_search_name(const char *name);
#endif
diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c
index 82e940a5..e8fad391 100644
--- a/src/utils/tar/util_archive.c
+++ b/src/utils/tar/util_archive.c
@@ -134,7 +134,7 @@ static void do_disable_unneccessary_caps()
// Add flock when bind mount and make it private.
// Because bind mount usually makes safedir shared mount point,
// and sometimes it will cause "mount point explosion".
-// E.g. concurrently execute isula cp /tmp/<XXX-File> <CONTAINER-ID>:<CONTAINER-PAT>
+// E.g. concurrently execute isula cp DEFAULT_ISULAD_TMPDIR/<XXX-File> <CONTAINER-ID>:<CONTAINER-PAT>
static int bind_mount_with_flock(const char *flock_path, const char *dstdir, const char *tmp_dir)
{
__isula_auto_close int fd = -1;
@@ -192,9 +192,10 @@ static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, ch
int nret;
isulad_tmpdir_env = getenv("ISULAD_TMPDIR");
- if (!util_valid_str(isulad_tmpdir_env)) {
- // if not setted isulad tmpdir, just use /tmp
- isulad_tmpdir_env = "/tmp";
+ if (!util_valid_isulad_tmpdir(isulad_tmpdir_env)) {
+ INFO("if not setted isulad tmpdir or setted unvalid dir, use DEFAULT_ISULAD_TMPDIR");
+ // if not setted isulad tmpdir, just use DEFAULT_ISULAD_TMPDIR
+ isulad_tmpdir_env = DEFAULT_ISULAD_TMPDIR;
}
nret = snprintf(isula_tmpdir, PATH_MAX, "%s/isulad_tmpdir", isulad_tmpdir_env);
--
2.42.0

58
0053-prevent-the-parent-dir-from-being-bind-mounted-to-th.patch
View File

@ -1,58 +0,0 @@
From 05117ed2887ee1535978170cd06596ee015951f4 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 12 Dec 2023 20:26:30 +0800
Subject: [PATCH 53/64] prevent the parent dir from being bind mounted to the
subdir
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/utils/tar/util_archive.c | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c
index e8fad391..29c2bc03 100644
--- a/src/utils/tar/util_archive.c
+++ b/src/utils/tar/util_archive.c
@@ -182,6 +182,26 @@ unlock_out:
return ret;
}
+static int is_parent_directory(const char *parent_path, const char *child_path)
+{
+ size_t parent_len = strlen(parent_path);
+ size_t child_len = strlen(child_path);
+
+ if (parent_len == 0 || child_len == 0 || parent_len >= child_len) {
+ return -1;
+ }
+
+ if (strncmp(parent_path, child_path, parent_len) != 0) {
+ return -1;
+ }
+
+ if (child_path[parent_len] != '/') {
+ return -1;
+ }
+
+ return 0;
+}
+
static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, char **safe_dir)
{
struct stat buf;
@@ -235,6 +255,12 @@ static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, ch
return -1;
}
+ // prevent the parent directory from being bind mounted to the subdirectory
+ if (is_parent_directory(dstdir, tmp_dir) == 0) {
+ ERROR("Cannot bind mount the parent directory: %s to its subdirectory: %s", dstdir, tmp_dir);
+ return -1;
+ }
+
if (bind_mount_with_flock(flock_path, dstdir, tmp_dir) != 0) {
ERROR("Failed to bind mount from %s to %s with flock", dstdir, tmp_dir);
if (util_path_remove(tmp_dir) != 0) {
--
2.42.0

25
0054-2308-Remove-unused-header-file.patch
View File

@ -1,25 +0,0 @@
From 93071602df77cc3b5508266b181f1ace947bd3be Mon Sep 17 00:00:00 2001
From: xuxuepeng <xuxuepeng1@huawei.com>
Date: Wed, 13 Dec 2023 02:34:20 +0000
Subject: [PATCH 54/64] !2308 Remove unused header file * Fix compiling failure
in image oci UT
---
src/daemon/config/isulad_config.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c
index 1af47127..51758adb 100644
--- a/src/daemon/config/isulad_config.c
+++ b/src/daemon/config/isulad_config.c
@@ -32,7 +32,6 @@
#include "constants.h"
#include "utils.h"
-#include "sysinfo.h"
#include "err_msg.h"
#include "daemon_arguments.h"
#include "utils_array.h"
--
2.42.0

43
0055-verify-the-mount-dir-first-and-then-create-tmpdir.patch
View File

@ -1,43 +0,0 @@
From 3d38013418d0c5304dfbafcb0b2a5b4062964c53 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 13 Dec 2023 15:13:12 +0800
Subject: [PATCH 55/64] verify the mount dir first and then create tmpdir
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/utils/tar/util_archive.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c
index 29c2bc03..655b3516 100644
--- a/src/utils/tar/util_archive.c
+++ b/src/utils/tar/util_archive.c
@@ -235,6 +235,12 @@ static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, ch
return -1;
}
+ // prevent the parent directory from being bind mounted to the subdirectory
+ if (is_parent_directory(dstdir, tmp_dir) == 0) {
+ ERROR("Cannot bind mount the parent directory: %s to its subdirectory: %s", dstdir, tmp_dir);
+ return -1;
+ }
+
if (stat(dstdir, &buf) < 0) {
SYSERROR("Check chroot dir failed");
return -1;
@@ -255,12 +261,6 @@ static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, ch
return -1;
}
- // prevent the parent directory from being bind mounted to the subdirectory
- if (is_parent_directory(dstdir, tmp_dir) == 0) {
- ERROR("Cannot bind mount the parent directory: %s to its subdirectory: %s", dstdir, tmp_dir);
- return -1;
- }
-
if (bind_mount_with_flock(flock_path, dstdir, tmp_dir) != 0) {
ERROR("Failed to bind mount from %s to %s with flock", dstdir, tmp_dir);
if (util_path_remove(tmp_dir) != 0) {
--
2.42.0

26
0056-2300-Maintaining-a-uniform-code-style.patch
View File

@ -1,26 +0,0 @@
From 2f36e5cae2414804040b6168b79011550281d8d7 Mon Sep 17 00:00:00 2001
From: chen524 <chenkui_yewu@cmss.chinamobile.com>
Date: Wed, 13 Dec 2023 08:02:20 +0000
Subject: [PATCH 56/64] !2300 Maintaining a uniform code style * update
src/cmd/command_parser.c.
---
src/cmd/command_parser.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/cmd/command_parser.c b/src/cmd/command_parser.c
index 1ad1d92b..93b19dae 100644
--- a/src/cmd/command_parser.c
+++ b/src/cmd/command_parser.c
@@ -438,7 +438,7 @@ int command_valid_socket_append_array(command_option_t *option, const char *arg)
}
if (util_array_append(option->data, arg) != 0) {
- ERROR("merge hosts config failed");
+ COMMAND_ERROR("Merge hosts config failed");
return -1;
}
len++;
--
2.42.0

36
0057-2312-Add-Huawei-Cloud-CodeArts-compilation-script.patch
View File

@ -1,36 +0,0 @@
From 5efff4c61ed885ce45d62e33e2e97a78519fefe8 Mon Sep 17 00:00:00 2001
From: dreamloy <3038807110@qq.com>
Date: Wed, 13 Dec 2023 08:39:04 +0000
Subject: [PATCH 57/64] =?UTF-8?q?!2312=20Add=20Huawei=20Cloud=20CodeArts?=
=?UTF-8?q?=20compilation=20script=20*=20=E5=B0=86codecheck=5Fcompile.sh?=
=?UTF-8?q?=20=E7=A7=BB=E5=8A=A8=E5=88=B0tools=E4=B8=8B=20*=20=E6=96=B0?=
=?UTF-8?q?=E5=A2=9E=E5=8D=8E=E4=B8=BA=E4=BA=91codeArs=E7=BC=96=E8=AF=91?=
=?UTF-8?q?=E8=84=9A=E6=9C=AC?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
tools/codecheck_compile.sh | 9 +++++++++
1 file changed, 9 insertions(+)
create mode 100644 tools/codecheck_compile.sh
diff --git a/tools/codecheck_compile.sh b/tools/codecheck_compile.sh
new file mode 100644
index 00000000..99cadfe7
--- /dev/null
+++ b/tools/codecheck_compile.sh
@@ -0,0 +1,9 @@
+## 华为云codeArts执行版本检查时规则集涉及到代码安全增强包需要编译脚本才能执行
+BASEPATH=$( cd -- "$( dirname -- "${BASH_SOURCE[0]:-$0}" )" &> /dev/null && pwd )
+ROOTDIR="$BASEPATH"
+PROGRAM=$(basename "${BASH_SOURCE[0]:-$0}")
+whoami
+ls
+cd docs/build_docs/guide/script
+chmod +x ./install_iSulad_on_Ubuntu_20_04_LTS.sh
+./install_iSulad_on_Ubuntu_20_04_LTS.sh
\ No newline at end of file
--
2.42.0

26
0058-bugfix-del-redundant-code.patch
View File

@ -1,26 +0,0 @@
From a593232e7f34de03142388fddecbea8f3b617245 Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Wed, 13 Dec 2023 17:06:37 +0800
Subject: [PATCH 58/64] bugfix:del redundant code
---
src/daemon/modules/image/image.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/src/daemon/modules/image/image.c b/src/daemon/modules/image/image.c
index 4a1950fe..f01265bf 100644
--- a/src/daemon/modules/image/image.c
+++ b/src/daemon/modules/image/image.c
@@ -602,9 +602,6 @@ void free_im_prepare_request(im_prepare_request *request)
free(request->mount_label);
request->mount_label = NULL;
- free(request->mount_label);
- request->mount_label = NULL;
-
free_json_map_string_string(request->storage_opt);
request->storage_opt = NULL;
--
2.42.0

71
0059-improve-code-of-pull.patch
View File

@ -1,71 +0,0 @@
From e47abc01c8778cc07c11a331ae31ce46b6fd06a0 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Thu, 14 Dec 2023 10:59:34 +0800
Subject: [PATCH 59/64] improve code of pull
1. ignore unneccessary error log;
2. do not show progress, if stdout is not tty;
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
src/cmd/isula/images/pull.c | 6 ++++++
.../modules/image/oci/storage/image_store/image_type.c | 8 ++++++++
.../layer_store/graphdriver/overlay2/driver_overlay2.c | 5 +++++
3 files changed, 19 insertions(+)
diff --git a/src/cmd/isula/images/pull.c b/src/cmd/isula/images/pull.c
index 9d420778..b30cc0bd 100644
--- a/src/cmd/isula/images/pull.c
+++ b/src/cmd/isula/images/pull.c
@@ -36,6 +36,12 @@ struct client_arguments g_cmd_pull_args = {};
static bool is_terminal_show_supported()
{
#ifdef GRPC_CONNECTOR
+ // if stdout is not tty, just ingore progress
+ if (!isatty(STDOUT_FILENO)) {
+ WARN("Stdout is not tty device, just ignore progress.");
+ return false;
+ }
+
// Initialize the terminfo database
setupterm(NULL, STDOUT_FILENO, (int *)0);
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_type.c b/src/daemon/modules/image/oci/storage/image_store/image_type.c
index 50af0a69..50a81db2 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_type.c
+++ b/src/daemon/modules/image/oci/storage/image_store/image_type.c
@@ -77,6 +77,14 @@ int try_fill_image_spec(image_t *img, const char *id, const char *image_store_di
goto out;
}
+ // for new_image(), first try will failed because config file not exist
+ // and image_store_set_big_data() will retry this function
+ if (!util_file_exists(config_file)) {
+ WARN("Oci image spec: %s not found.", config_file);
+ ret = -1;
+ goto out;
+ }
+
img->spec = oci_image_spec_parse_file(config_file, NULL, &err);
if (img->spec == NULL) {
ERROR("Failed to parse oci image spec: %s", err);
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
index 3bc433ae..3d814954 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
@@ -1133,7 +1133,12 @@ static char *read_layer_lower_file(const char *layer_dir)
goto out;
}
+ // lowest layer do not have lower file
+ if (!util_file_exists(lower_file)) {
+ goto out;
+ }
lower = util_read_text_file(lower_file);
+
out:
free(lower_file);
return lower;
--
2.42.0

30
0060-remove-var-in-coverage-and-fix-build-test-remove.patch
View File

@ -1,30 +0,0 @@
From f1fa4c7bdc2c67a4ef9c476ba9e0e2de6b589bc5 Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Thu, 14 Dec 2023 10:49:26 +0800
Subject: [PATCH 60/64] remove /var/* in coverage and fix build/test remove
Signed-off-by: jikai <jikai11@huawei.com>
---
CI/generate_gcov.sh | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/CI/generate_gcov.sh b/CI/generate_gcov.sh
index 76bf382b..7518c5c1 100755
--- a/CI/generate_gcov.sh
+++ b/CI/generate_gcov.sh
@@ -29,10 +29,8 @@ cp -r ~/build $ISULAD_COPY_PATH
cd $ISULAD_COPY_PATH/build
ctest
lcov --directory . --capture --output-file coverage.info --rc lcov_branch_coverage=1
-# Remove std/build files
-lcov --remove coverage.info '/usr/*' -o coverage.info --rc lcov_branch_coverage=1
-lcov --remove coverage.info "$ISULAD_SRC_PATH/build/*" -o coverage.info --rc lcov_branch_coverage=1
-lcov --remove coverage.info "$ISULAD_SRC_PATH/test/*" -o coverage.info --rc lcov_branch_coverage=1
+# extract src only files
+lcov --extract coverage.info '*/iSulad/src/*' -o coverage.info --rc lcov_branch_coverage=1
# Generate html
genhtml --ignore-errors source -o $GCOV_RESULT_PATH/coverage coverage.info --branch-coverage --rc lcov_branch_coverage=1
--
2.42.0

165
0061-2320-improve-CI-test.patch
View File

@ -1,165 +0,0 @@
From 712d82656ac9bafda7d29be70e7dbcd761a01f98 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sun, 17 Dec 2023 05:58:56 +0000
Subject: [PATCH 61/64] !2320 improve CI test * improve CI test
---
.../container_cases/restartpolicy.sh | 35 ++++++++++++++-----
CI/test_cases/image_cases/image_digest.sh | 10 +++---
CI/test_cases/image_cases/image_search.sh | 26 ++------------
3 files changed, 35 insertions(+), 36 deletions(-)
diff --git a/CI/test_cases/container_cases/restartpolicy.sh b/CI/test_cases/container_cases/restartpolicy.sh
index 11c3608f..0ab09636 100755
--- a/CI/test_cases/container_cases/restartpolicy.sh
+++ b/CI/test_cases/container_cases/restartpolicy.sh
@@ -23,18 +23,37 @@ curr_path=$(dirname $(readlink -f "$0"))
data_path=$(realpath $curr_path/../data)
source ../helpers.sh
+# $1 : retry limit
+# $2 : retry_interval
+# $3 : container name
+# $4 : expect restart count
+function do_retry()
+{
+ for i in $(seq 1 "$1"); do
+ count=`isula inspect --format='{{json .RestartCount}}' ${3}`
+ if [ $count -eq $4 ]; then
+ return 0
+ fi
+ sleep $2
+ done
+ echo "expect $4, get $count"
+ return 1
+}
+
function do_test_on_failure()
{
+ local retry_limit=15
+ local retry_interval=1
containername=test_rp_on_failure
isula run --name $containername -td --restart on-failure:3 busybox /bin/sh -c "exit 2"
fn_check_eq "$?" "0" "run failed"
- sleep 8
- count=`isula inspect --format='{{json .RestartCount}}' $containername`
- if [[ $count != "3" ]];then
- echo "expect 3 but get $count"
+ do_retry ${retry_limit} ${retry_interval} ${containername} 3
+ if [[ $? -ne 0 ]];then
TC_RET_T=$(($TC_RET_T+1))
fi
+
+ isula stop -t 0 $containername
testcontainer $containername exited
isula rm $containername
@@ -43,14 +62,14 @@ function do_test_on_failure()
function do_test_unless_stopped()
{
+ local retry_limit=15
+ local retry_interval=1
containername=test_rp_unless_stopped
isula run --name $containername -td --restart unless-stopped busybox /bin/sh -c "exit 2"
fn_check_eq "$?" "0" "run failed"
- sleep 8
- count=`isula inspect --format='{{json .RestartCount}}' $containername`
- if [[ $count == "0" ]];then
- echo "expect not 0 but get $count"
+ do_retry ${retry_limit} ${retry_interval} ${containername} 0
+ if [[ $? -ne 0 ]];then
TC_RET_T=$(($TC_RET_T+1))
fi
diff --git a/CI/test_cases/image_cases/image_digest.sh b/CI/test_cases/image_cases/image_digest.sh
index e30f29f0..cc8b0e48 100755
--- a/CI/test_cases/image_cases/image_digest.sh
+++ b/CI/test_cases/image_cases/image_digest.sh
@@ -25,14 +25,14 @@ source ../helpers.sh
function test_image_with_digest()
{
local ret=0
- local image="busybox"
- local image2="ubuntu"
- local image_digest="busybox@sha256:5cd3db04b8be5773388576a83177aff4f40a03457a63855f4b9cbe30542b9a43"
+ local image="3laho3y3.mirror.aliyuncs.com/library/busybox"
+ local image2="3laho3y3.mirror.aliyuncs.com/library/ubuntu"
+ local image_digest="3laho3y3.mirror.aliyuncs.com/library/busybox@sha256:62ffc2ed7554e4c6d360bce40bbcf196573dd27c4ce080641a2c59867e732dee"
local test="pull && inspect && tag image with digest test => (${FUNCNAME[@]})"
msg_info "${test} starting..."
- isula pull docker.io/library/${image_digest}
+ isula pull ${image_digest}
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to pull image: ${image}" && return ${FAILURE}
isula tag ${image_digest} ${image}:digest_test
@@ -71,7 +71,7 @@ function test_image_with_digest()
isula inspect -f '{{.image.repo_tags}}' ${image_digest} | grep "${image}:digest_test"
[[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - image digest delete error: ${image_digest}" && ((ret++))
- isula pull docker.io/library/${image2}:latest
+ isula pull ${image2}:latest
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to pull image: ${image2}" && return ${FAILURE}
digest=$(isula inspect "${image2}:latest" | grep "@sha256" | awk -F"\"" '{print $2}')
diff --git a/CI/test_cases/image_cases/image_search.sh b/CI/test_cases/image_cases/image_search.sh
index 1d281cb2..11af02f1 100755
--- a/CI/test_cases/image_cases/image_search.sh
+++ b/CI/test_cases/image_cases/image_search.sh
@@ -33,6 +33,7 @@ function test_image_search()
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && return ${FAILURE}
msg_info "${test} starting..."
+ rm -rf /etc/isulad/daemon.bak
cp /etc/isulad/daemon.json /etc/isulad/daemon.bak
sed -i "/registry-mirrors/a\ \"docker.io\"," /etc/isulad/daemon.json
@@ -49,39 +50,18 @@ function test_image_search()
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - search ${invalid_image} should fail as it's search name is invalid" && return ${FAILURE}
# test search options
- isula search --no-trunc ${image}
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to search images with no-trunc: ${image}" && ((ret++))
-
- isula search --limit 5 ${image}
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to search images with limit: ${image}" && ((ret++))
+ isula search --no-trunc --limit 5 --filter stars=3 --filter is-official=true --filter is-automated=false --format "table {{.Name}}\t{{.IsOfficial}}" ${image}
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to search images with search options: ${image}" && ((ret++))
isula search --limit -1 ${image} 2>&1 | grep "Invalid value"
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to search images with limit: ${image} and and catch error msg" && ((ret++))
- isula search --filter stars=3 ${image}
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to search images with filter stars: ${image}" && ((ret++))
-
- isula search --filter is-official=true ${image}
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to search images with filter is-official: ${image}" && ((ret++))
-
- isula search --filter is-automated=true ${image} 2>&1 | grep "AUTOMATED"
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to search images with filter is-automated: ${image}" && ((ret++))
-
isula search --filter aa=true ${image} 2>&1 | grep "Invalid filter"
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to set filter for search ${image} and catch error msg" && ((ret++))
- isula search ${image} 2>&1 | grep "NAME"
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to search images with default table format: ${image}" && ((ret++))
-
- isula search --format "table {{.IsAutomated}}\t{{.IsOfficial}}" ${image} 2>&1 | grep "AUTOMATED"
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to search images with table format: ${image}" && ((ret++))
-
isula search --format "{{Name}}" ${image} 2>&1 | grep "invalid format field"
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to set format for search ${image} and catch error msg" && ((ret++))
- isula search --format "{{.Name}}" ${image} 2>&1
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to search images with none-table format: ${image}" && ((ret++))
-
cp -f /etc/isulad/daemon.bak /etc/isulad/daemon.json
check_valgrind_log
--
2.42.0

319
0062-verify-name-and-digest-consistency.patch
View File

@ -1,319 +0,0 @@
From 950dc3c56f192061383de4d19229ace243eae503 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 18 Dec 2023 15:54:37 +0800
Subject: [PATCH 62/64] verify name and digest consistency
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
.../oci/storage/image_store/image_store.c | 265 +++++++++++-------
1 file changed, 162 insertions(+), 103 deletions(-)
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c
index 58baa47a..1b482504 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c
+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c
@@ -22,6 +22,7 @@
#include <isula_libutils/storage_image.h>
#include <isula_libutils/imagetool_images_list.h>
#include <isula_libutils/json_common.h>
+#include <isula_libutils/auto_cleanup.h>
#include <limits.h>
#include <pthread.h>
#include <stdlib.h>
@@ -444,11 +445,161 @@ out:
return value;
}
+static int resort_image_names(const char **names, size_t names_len, char **first_name, char ***image_tags,
+ char ***image_digests)
+{
+ int ret = 0;
+ size_t i;
+ char *prefix = NULL;
+
+ for (i = 0; i < names_len; i++) {
+ size_t len = strlen(names[i]);
+ if (strlen(names[i]) > MAX_IMAGE_NAME_LENGTH) {
+ prefix = util_sub_string(names[i], len - MAX_IMAGE_NAME_LENGTH,
+ MAX_IMAGE_NAME_LENGTH - MAX_IMAGE_DIGEST_LENGTH);
+ }
+
+ // TODO: maybe should support other digest
+ if (prefix != NULL && strcmp(prefix, DIGEST_PREFIX) == 0) {
+ if (util_array_append(image_digests, names[i]) != 0) {
+ ERROR("Failed to append image to digest: %s", names[i]);
+ ret = -1;
+ goto out;
+ }
+ } else {
+ if (util_array_append(image_tags, names[i]) != 0) {
+ ERROR("Failed to append image to tags: %s", names[i]);
+ ret = -1;
+ goto out;
+ }
+ }
+ }
+
+ if (first_name == NULL) {
+ goto out;
+ }
+
+ if (util_array_len((const char **)(*image_digests)) > 0) {
+ free(*first_name);
+ *first_name = util_strdup_s((*image_digests)[0]);
+ }
+
+ if (util_array_len((const char **)(*image_tags)) > 0) {
+ free(*first_name);
+ *first_name = util_strdup_s((*image_tags)[0]);
+ }
+
+out:
+ if (ret != 0) {
+ util_free_array(*image_digests);
+ util_free_array(*image_tags);
+ free(*first_name);
+ }
+ free(prefix);
+ return ret;
+}
+
+// Validate checks that the contents is a valid digest
+static bool validate_digest(const char *digest)
+{
+ bool ret = true;
+ const char *sha256_encode_patten = "^[a-f0-9]{64}$";
+ char *value = util_strdup_s(digest);
+ char *index = strchr(value, ':');
+ char *alg = NULL;
+ char *encode = NULL;
+
+ // contains ':' and is not the last character
+ if (index == NULL || index - value + 1 == strlen(value)) {
+ INFO("Invalid checksum digest format");
+ ret = false;
+ goto out;
+ }
+
+ *index++ = '\0';
+
+ alg = value;
+ encode = index;
+ // Currently only support SHA256 algorithm
+ if (strcmp(alg, "sha256") != 0) {
+ DEBUG("Unsupported digest algorithm: %s", alg);
+ ret = false;
+ goto out;
+ }
+
+ ret = util_reg_match(sha256_encode_patten, encode) == 0;
+
+out:
+ free(value);
+ return ret;
+}
+
+// Parsing a reference string as a possible identifier, full digest, or familiar name.
+static char *parse_digest_reference(const char *ref)
+{
+ char *indentfier_patten = "^[a-f0-9]{64}$";
+
+ if (util_reg_match(indentfier_patten, ref) == 0) {
+ return util_string_append(ref, "sha256:");
+ }
+
+ if (validate_digest(ref)) {
+ return util_strdup_s(ref);
+ }
+
+ return oci_normalize_image_name(ref);
+}
+
+static int is_name_digest_consistent(const char *name, char **names, size_t names_len, const char *digest)
+{
+ size_t i;
+ int ret = -1;
+ int nret = 0;
+ char *tag_pos = NULL;
+ char **tags = NULL;
+ char **digests = NULL;
+
+ if (resort_image_names((const char **)names, names_len, NULL, &tags, &digests) != 0) {
+ ERROR("Failed to resort image names");
+ goto out;
+ }
+
+ for (i = 0; i < util_array_len((const char **)tags); i++) {
+ __isula_auto_free char *ref = NULL;
+ __isula_auto_free char *tmp_repo_digests = NULL;
+ ref = parse_digest_reference(tags[i]);
+ if (ref == NULL) {
+ continue;
+ }
+ tag_pos = util_tag_pos(ref);
+ if (tag_pos == NULL) {
+ ERROR("invalid ref %s", ref);
+ continue;
+ }
+ *tag_pos = '\0';
+
+ nret = asprintf(&tmp_repo_digests, "%s@%s", ref, digest);
+ if (nret < 0) {
+ ERROR("Failed to receive repo digest");
+ goto out;
+ }
+ if (strcmp(name, tmp_repo_digests) == 0) {
+ ret = 0;
+ goto out;
+ }
+ }
+out:
+ util_free_array(tags);
+ util_free_array(digests);
+ return ret;
+}
+
// by_digest returns the image which matches the specified name.
static image_t *by_digest(const char *name)
{
digest_image_t *digest_filter_images = NULL;
char *digest = NULL;
+ image_t *tmp_ret = NULL;
// split digest for image name with digest
digest = strrchr(name, '@');
@@ -457,12 +608,21 @@ static image_t *by_digest(const char *name)
}
digest++;
digest_filter_images = (digest_image_t *)map_search(g_image_store->bydigest, (void *)digest);
- if (digest_filter_images == NULL) {
+ if (digest_filter_images == NULL || linked_list_empty(&(digest_filter_images->images_list))) {
return NULL;
}
// currently, a digest corresponds to an image, directly returning the first element
- return linked_list_first_elem(&(digest_filter_images->images_list));
+ tmp_ret = linked_list_first_elem(&(digest_filter_images->images_list));
+
+ // verify name and digest consistency to ensure we are not matching images to different repositories,
+ // even if the digests match.
+ // For example, ubuntu@sha256:abc......, shouldn't match test@sha256:abc......
+ if (is_name_digest_consistent(name, tmp_ret->simage->names, tmp_ret->simage->names_len, digest) != 0) {
+ return NULL;
+ }
+
+ return tmp_ret;
}
static image_t *lookup(const char *id)
@@ -2001,107 +2161,6 @@ out:
return ret;
}
-static int resort_image_names(const char **names, size_t names_len, char **first_name, char ***image_tags,
- char ***image_digests)
-{
- int ret = 0;
- size_t i;
- char *prefix = NULL;
-
- for (i = 0; i < names_len; i++) {
- size_t len = strlen(names[i]);
- if (strlen(names[i]) > MAX_IMAGE_NAME_LENGTH) {
- prefix = util_sub_string(names[i], len - MAX_IMAGE_NAME_LENGTH,
- MAX_IMAGE_NAME_LENGTH - MAX_IMAGE_DIGEST_LENGTH);
- }
-
- // TODO: maybe should support other digest
- if (prefix != NULL && strcmp(prefix, DIGEST_PREFIX) == 0) {
- if (util_array_append(image_digests, names[i]) != 0) {
- ERROR("Failed to append image to digest: %s", names[i]);
- ret = -1;
- goto out;
- }
- } else {
- if (util_array_append(image_tags, names[i]) != 0) {
- ERROR("Failed to append image to tags: %s", names[i]);
- ret = -1;
- goto out;
- }
- }
- }
-
- if (util_array_len((const char **)(*image_digests)) > 0) {
- free(*first_name);
- *first_name = util_strdup_s((*image_digests)[0]);
- }
-
- if (util_array_len((const char **)(*image_tags)) > 0) {
- free(*first_name);
- *first_name = util_strdup_s((*image_tags)[0]);
- }
-
-out:
- if (ret != 0) {
- util_free_array(*image_digests);
- util_free_array(*image_tags);
- free(*first_name);
- }
- free(prefix);
- return ret;
-}
-
-// Validate checks that the contents is a valid digest
-static bool validate_digest(const char *digest)
-{
- bool ret = true;
- const char *sha256_encode_patten = "^[a-f0-9]{64}$";
- char *value = util_strdup_s(digest);
- char *index = strchr(value, ':');
- char *alg = NULL;
- char *encode = NULL;
-
- // contains ':' and is not the last character
- if (index == NULL || index - value + 1 == strlen(value)) {
- INFO("Invalid checksum digest format");
- ret = false;
- goto out;
- }
-
- *index++ = '\0';
-
- alg = value;
- encode = index;
- // Currently only support SHA256 algorithm
- if (strcmp(alg, "sha256") != 0) {
- DEBUG("Unsupported digest algorithm: %s", alg);
- ret = false;
- goto out;
- }
-
- ret = util_reg_match(sha256_encode_patten, encode) == 0;
-
-out:
- free(value);
- return ret;
-}
-
-// Parsing a reference string as a possible identifier, full digest, or familiar name.
-static char *parse_digest_reference(const char *ref)
-{
- char *indentfier_patten = "^[a-f0-9]{64}$";
-
- if (util_reg_match(indentfier_patten, ref) == 0) {
- return util_string_append(ref, "sha256:");
- }
-
- if (validate_digest(ref)) {
- return util_strdup_s(ref);
- }
-
- return oci_normalize_image_name(ref);
-}
-
static int pack_repo_digest(char ***old_repo_digests, const char **image_tags, const char *digest, char ***repo_digests)
{
int ret = 0;
--
2.42.0

35
0063-code-improve-for-oci_rmi.patch
View File

@ -1,35 +0,0 @@
From 2db6add74c621344e902ce28b5e6764f6ef55b8e Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 18 Dec 2023 16:07:57 +0800
Subject: [PATCH 63/64] code improve for oci_rmi
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/modules/image/oci/oci_image.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/src/daemon/modules/image/oci/oci_image.c b/src/daemon/modules/image/oci/oci_image.c
index 471510e7..9cf2cd4f 100644
--- a/src/daemon/modules/image/oci/oci_image.c
+++ b/src/daemon/modules/image/oci/oci_image.c
@@ -542,6 +542,17 @@ int oci_rmi(const im_rmi_request *request)
goto out;
}
+ for (i = 0; i < image_names_len; i++) {
+ if (strcmp(real_image_name, image_names[i]) == 0) {
+ break;
+ }
+ }
+ if (i == image_names_len) {
+ ERROR("Invalid real_image_name");
+ ret = -1;
+ goto out;
+ }
+
reduced_image_names = (char **)util_smart_calloc_s(sizeof(char *), image_names_len - 1);
if (reduced_image_names == NULL) {
ERROR("Out of memory");
--
2.42.0

26
0064-bugfix-for-resort_image_names.patch
View File

@ -1,26 +0,0 @@
From 39686ee4443400b810edecb38e3891b808e3a065 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 18 Dec 2023 20:59:46 +0800
Subject: [PATCH 64/64] bugfix for resort_image_names
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/modules/image/oci/storage/image_store/image_store.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c
index 1b482504..034268bc 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c
+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c
@@ -473,6 +473,8 @@ static int resort_image_names(const char **names, size_t names_len, char **first
goto out;
}
}
+ free(prefix);
+ prefix = NULL;
}
if (first_name == NULL) {
--
2.42.0

76
0065-fix-stopp-removes-cont-error-remove-inspect-error-lo.patch
View File

@ -1,76 +0,0 @@
From 3d8c6127161acbe35bf03fe495ac43e2b9242cbf Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Tue, 19 Dec 2023 18:31:30 +0800
Subject: [PATCH 65/71] fix stopp removes cont error & remove inspect error log
Signed-off-by: jikai <jikai11@huawei.com>
---
.../cri_pod_sandbox_manager_service.cc | 36 ++++++++-----------
.../container_cb/execution_information.c | 2 +-
2 files changed, 15 insertions(+), 23 deletions(-)
diff --git a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
index bc40cb06..4d1d19eb 100644
--- a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
+++ b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
@@ -703,30 +703,22 @@ auto PodSandboxManagerService::GetRealSandboxIDToStop(const std::string &podSand
std::map<std::string, std::string> &stdAnnos, Errors &error)
-> int
{
- Errors statusErr;
+ auto status = PodSandboxStatus(podSandboxID, error);
+ if (error.NotEmpty()) {
+ return -1;
+ }
- auto status = PodSandboxStatus(podSandboxID, statusErr);
- if (statusErr.Empty()) {
- if (status->linux().namespaces().has_options()) {
- hostNetwork = (status->linux().namespaces().options().network() == runtime::v1alpha2::NamespaceMode::NODE);
- }
- // if metadata is invalid, don't return -1 and continue stopping pod
- if (status->has_metadata()) {
- name = status->metadata().name();
- ns = status->metadata().namespace_();
- }
- realSandboxID = status->id();
- CRIHelpers::ProtobufAnnoMapToStd(status->annotations(), stdAnnos);
- } else {
- if (CRIHelpers::IsContainerNotFoundError(statusErr.GetMessage())) {
- WARN("Both sandbox container and checkpoint for id %s could not be found. "
- "Proceed without further sandbox information.",
- podSandboxID.c_str());
- } else {
- error.Errorf("failed to get sandbox status: %s", statusErr.GetCMessage());
- return -1;
- }
+ if (status->linux().namespaces().has_options()) {
+ hostNetwork = (status->linux().namespaces().options().network() == runtime::v1alpha2::NamespaceMode::NODE);
}
+ // if metadata is invalid, don't return -1 and continue stopping pod
+ if (status->has_metadata()) {
+ name = status->metadata().name();
+ ns = status->metadata().namespace_();
+ }
+ realSandboxID = status->id();
+ CRIHelpers::ProtobufAnnoMapToStd(status->annotations(), stdAnnos);
+
if (realSandboxID.empty()) {
realSandboxID = podSandboxID;
}
diff --git a/src/daemon/executor/container_cb/execution_information.c b/src/daemon/executor/container_cb/execution_information.c
index 420f08df..03fce848 100644
--- a/src/daemon/executor/container_cb/execution_information.c
+++ b/src/daemon/executor/container_cb/execution_information.c
@@ -914,7 +914,7 @@ static int inspect_container_helper(const char *id, int timeout, char **containe
inspect = inspect_container(id, timeout, true);
if (inspect == NULL) {
- ERROR("Failed to inspect container:%s", id);
+ DEBUG("Failed to inspect container:%s", id);
ret = -1;
goto out;
}
--
2.25.1

41
0066-2313-use-lxc-5.X-in-CI-testcase.patch
View File

@ -1,41 +0,0 @@
From 1c28f9259463433a7aac10733be09f8d47ec17a5 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Thu, 21 Dec 2023 12:36:52 +0000
Subject: [PATCH 66/71] !2313 use lxc 5.X in CI testcase * use lxc 5.X in CI
testcase
---
CI/install_depends.sh | 16 +++++-----------
1 file changed, 5 insertions(+), 11 deletions(-)
diff --git a/CI/install_depends.sh b/CI/install_depends.sh
index 5a4d71fa..ebeb79db 100755
--- a/CI/install_depends.sh
+++ b/CI/install_depends.sh
@@ -105,18 +105,12 @@ cd ~
git clone https://gitee.com/src-openeuler/lxc.git
git config --global --add safe.directory ~/lxc/lxc-5.0.2
cd lxc
-git checkout origin/openEuler-22.03-LTS-SP1
-tar xf lxc-4.0.3.tar.gz
-cd lxc-4.0.3
-mv ../*.patch .
-for var in $(ls 0*.patch | sort -n)
-do
- patch -p1 < ${var}
-done
+./apply-patches
+cd lxc-5.0.2
+mkdir -p build
sed -i 's/fd == STDIN_FILENO || fd == STDOUT_FILENO || fd == STDERR_FILENO/fd == 0 || fd == 1 || fd == 2 || fd >= 1000/g' ./src/lxc/start.c
-./autogen.sh
-./configure --prefix=${builddir} enable_werror=no
-make -j $(nproc)
+meson setup -Disulad=true -Dprefix=${builddir} build
+meson compile -C build
make install
ldconfig
--
2.25.1

27
0067-2329-modify-mount-dev-directory-for-lxc-5.X.patch
View File

@ -1,27 +0,0 @@
From 4a3ec85d707db28f10d4cd5654abf227dfc515cc Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Mon, 25 Dec 2023 09:34:28 +0000
Subject: [PATCH 67/71] !2329 modify mount /dev directory for lxc 5.X * modify
mount /dev directory for lxc 5.X
---
CI/test_cases/container_cases/bind_special_dir.sh | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/CI/test_cases/container_cases/bind_special_dir.sh b/CI/test_cases/container_cases/bind_special_dir.sh
index d030bb08..545d5099 100755
--- a/CI/test_cases/container_cases/bind_special_dir.sh
+++ b/CI/test_cases/container_cases/bind_special_dir.sh
@@ -42,7 +42,8 @@ function test_bind_special_dir()
if [ $runtime == "runc" ]; then
c_id=`isula run -itd -v -itd --runtime=$runtime -v /sys/fs:/sys/fs:rw -v /proc:/proc -v /dev/pts:/dev/pts:rw busybox sh`
else
- c_id=`isula run --runtime=$runtime -itd -v -itd -v /sys/fs:/sys/fs:rw -v /proc:/proc -v /dev:/dev:ro -v /dev/pts:/dev/pts:rw busybox sh`
+ # lxc 5.X cannot support mount /dev directory
+ c_id=`isula run --runtime=$runtime -itd -v -itd -v /sys/fs:/sys/fs:rw -v /proc:/proc busybox sh`
fi
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image: ${image}" && ((ret++))
--
2.25.1

139
0068-add-cri-1.29-api-change-docs.patch
View File

File diff suppressed because one or more lines are too long

57
0069-add-exec-workdir-support-for-oci-runtime.patch
View File

@ -1,57 +0,0 @@
From 921ee84f80adda64fb0a7125f9f709bff416945c Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 26 Dec 2023 10:17:19 +0800
Subject: [PATCH 69/71] add exec workdir support for oci runtime
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/cmd/isula/stream/exec.h | 2 +-
src/cmd/isulad-shim/process.c | 4 ++++
src/daemon/modules/runtime/isula/isula_rt_ops.c | 3 +++
3 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/cmd/isula/stream/exec.h b/src/cmd/isula/stream/exec.h
index 83a4af06..8d8e4347 100644
--- a/src/cmd/isula/stream/exec.h
+++ b/src/cmd/isula/stream/exec.h
@@ -48,7 +48,7 @@ extern "C" {
"Username or UID (format: <name|uid>[:<group|gid>])", \
NULL }, \
{ CMD_OPT_TYPE_STRING_DUP, false, "workdir", 0, &(cmdargs).custom_conf.workdir, \
- "Working directory inside the container, supported only when runtime is lcr", NULL }
+ "Working directory inside the container", NULL }
extern const char g_cmd_exec_desc[];
extern const char g_cmd_exec_usage[];
diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c
index 97524f1a..06726a40 100644
--- a/src/cmd/isulad-shim/process.c
+++ b/src/cmd/isulad-shim/process.c
@@ -1274,6 +1274,10 @@ static void get_runtime_cmd(process_t *p, const char *log_path, const char *pid_
#endif
params[i++] = "--process";
params[i++] = process_desc;
+ if (p->state->cwd != NULL) {
+ params[i++] = "--cwd";
+ params[i++] = p->state->cwd;
+ }
} else {
params[i++] = "create";
params[i++] = "--bundle";
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index fbb779f7..c754fc54 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -1345,6 +1345,9 @@ static int preparation_exec(const char *id, const char *runtime, const char *wor
p.runtime_args = (char **)runtime_args;
p.runtime_args_len = runtime_args_len;
copy_process(&p, process);
+ if (params->workdir != NULL) {
+ p.cwd = (char *)params->workdir;
+ }
ret = create_process_json_file(workdir, &p);
if (ret != 0) {
--
2.25.1

27
0070-add-testcases-for-exec-workdir.patch
View File

@ -1,27 +0,0 @@
From cf7effbfaf81d1982d81bbc6ca1c5eafbc07d07b Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 26 Dec 2023 10:24:52 +0800
Subject: [PATCH 70/71] add testcases for exec --workdir
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
CI/test_cases/container_cases/runc_exec.sh | 3 +++
1 file changed, 3 insertions(+)
diff --git a/CI/test_cases/container_cases/runc_exec.sh b/CI/test_cases/container_cases/runc_exec.sh
index f963724e..aa7020ee 100755
--- a/CI/test_cases/container_cases/runc_exec.sh
+++ b/CI/test_cases/container_cases/runc_exec.sh
@@ -53,6 +53,9 @@ function exec_runc_test()
isula exec -tid $container_name /bin/sh -c 'exit 2'
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - exit code should be 0" && ((ret++))
+ isula exec -ti --workdir /tmp $container_name pwd | grep "/tmp"
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - workdir is not /workdir failed" && ((ret++))
+
ls /var/run/isulad/runc/${ID}/exec/
ls /var/run/isulad/runc/${ID}/exec/ | wc -l | grep 0
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - residual dir after success exec" && ((ret++))
--
2.25.1

34
0071-iSulad-restart-isuald-when-upgrade-active-isulad.patch
View File

@ -1,34 +0,0 @@
From cffeca42fa88c749f122b904ecc2e634d4911576 Mon Sep 17 00:00:00 2001
From: yangjiaqi <yangjiaqi16@huawei.com>
Date: Thu, 28 Dec 2023 15:56:47 +0800
Subject: [PATCH 71/71] iSulad: restart isuald when upgrade active isulad
Signed-off-by: yangjiaqi <yangjiaqi16@huawei.com>
---
iSulad.spec | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/iSulad.spec b/iSulad.spec
index 0efbf043..71b61c8b 100644
--- a/iSulad.spec
+++ b/iSulad.spec
@@ -196,6 +196,16 @@ if [ -e %{_unitdir}/lcrd.service.rpmsave ]; then
mv %{_unitdir}/lcrd.service.rpmsave %{_unitdir}/isulad.service
sed -i 's/lcrd/isulad/g' %{_unitdir}/isulad.service
fi
+# During the isulad upgrade process, the isulad service may still be running, but the service may be unavailable
+# due to configuration updates and other reasons.
+# it may fail if the X package is upgraded synchronously with isulad and depends on the isulad command,
+# For example syscontianer-tools and lxcfs-tools.
+# Therefore, after upgrading isulad, if the original status of isulad is running,
+# we need to restart isulad to ensure that the service is available during the upgrade process.
+systemctl status isulad | grep 'Active:' | grep 'running'
+if [ $? -eq 0 ]; then
+ systemctl restart isulad
+fi
%else
/sbin/service isulad status | grep 'Active:' | grep 'running'
if [ $? -eq 0 ]; then
--
2.25.1

91
iSulad.spec
View File

@ -1,5 +1,5 @@
%global _version 2.1.4 %global _version 2.1.5
%global _release 5 %global _release 1
%global is_systemd 1 %global is_systemd 1
%global enable_criv1 1 %global enable_criv1 1
%global enable_shimv2 1 %global enable_shimv2 1
@ -15,77 +15,12 @@ URL: https://gitee.com/openeuler/iSulad
Source: https://gitee.com/openeuler/iSulad/repository/archive/v%{version}.tar.gz Source: https://gitee.com/openeuler/iSulad/repository/archive/v%{version}.tar.gz
BuildRoot: {_tmppath}/iSulad-%{version} BuildRoot: {_tmppath}/iSulad-%{version}
Patch0001: 0001-sandbox-del-m_containers-and-m_containersMutex.patch Patch0001: 0001-code-improve-for-sandbox.cc.patch
Patch0002: 0002-sandbox-adapt-UT-when-del-m_containers-and-m_contain.patch Patch0002: 0002-fix-compile-error-with-protobuf-25.1-and-grpc-1.60.x.patch
Patch0003: 0003-Add-Readonly-Masked-Path-and-RunAsGroup-support-for-.patch Patch0003: 0003-bugfix-for-mount-point-remains-under-special-circums.patch
Patch0004: 0004-network-support-version-opt.patch Patch0004: 0004-do-not-cleanup-if-the-directory-does-not-exist.patch
Patch0005: 0005-doc-support-version-opt.patch Patch0005: 0005-module-only-deletes-the-temporary-files-it-creates.patch
Patch0006: 0006-2242-disable-grpc-remote-connect-by-default.patch Patch0006: 0006-skip-devmapper-ut.patch
Patch0007: 0007-2244-Save-task-address-of-shim-v2.patch
Patch0008: 0008-2233-add-runc-append-function-design-doc.patch
Patch0009: 0009-2243-Refactor-capbilities-specs.patch
Patch0010: 0010-2245-fix-utils_verify_ut-failure-when-remote-grpc-fu.patch
Patch0011: 0011-add-runc-attach-implement.patch
Patch0012: 0012-add-runc-attach-implement-unit-test-and-ci-test.patch
Patch0013: 0013-support-gcov-of-CI.patch
Patch0014: 0014-compatibility-for-manage-pods-which-created-by-old-i.patch
Patch0015: 0015-2250-Remove-PERFMON-BPF-CHECKPOINT_RESTORE.patch
Patch0016: 0016-improve-event-logs.patch
Patch0017: 0017-2251-open-ENABLE_GRPC_REMOTE_CONNECT-in-CI.patch
Patch0018: 0018-Add-compatibility-between-iSulad-and-k8s.patch
Patch0019: 0019-2254-lcr-container-with-a-damaged-config-file-will-r.patch
Patch0020: 0020-2253-bugfix-for-runc-container-exec.patch
Patch0021: 0021-bugfix-of-update-restart-policy-for-auto-remove-cont.patch
Patch0022: 0022-add-update-restart-policy-test.patch
Patch0023: 0023-2260-bugfix-for-rebuild-config.patch
Patch0024: 0024-2170-isula-image-pull.patch
Patch0025: 0025-2084-image-pull.patch
Patch0026: 0026-CI-add-ncurse-for-ubuntu-and-centos.patch
Patch0027: 0027-improve-code-of-pull-progress.patch
Patch0028: 0028-2230-format-code.patch
Patch0029: 0029-2255-Fix-cpusets-offline-issue.patch
Patch0030: 0030-modify-daemon-json-default-runtime-to-runc.patch
Patch0031: 0031-modify-CI-for-default-runtime-to-runc.patch
Patch0032: 0032-add-ut-for-devicemapper.patch
Patch0033: 0033-2275-bugfix-for-rt_lcr_rebuild_config.patch
Patch0034: 0034-2277-remove-shim-v2-format-error-log.patch
Patch0035: 0035-2276-bugfix-for-integration_check.sh.patch
Patch0036: 0036-modify-create_network.sh-for-default-runtime-changed.patch
Patch0037: 0037-modify-the-container-runtime-when-running-embedded.s.patch
Patch0038: 0038-save-sandbox-to-disk-after-network-ready.patch
Patch0039: 0039-fix-the-problem-of-abnormal-branches-not-waiting-for.patch
Patch0040: 0040-remove-embedded-image-support-in-readme.patch
Patch0041: 0041-Acquire-system-info-in-on-demand.patch
Patch0042: 0042-2268-bugfix-for-the-bliko-zero-value-exception-when-.patch
Patch0043: 0043-move-variable-declaration-out-of-loop.patch
Patch0044: 0044-2289-check-protobuf-and-grpc-version-in-cmake-for-cr.patch
Patch0045: 0045-improve-ut-for-devicemapper.patch
Patch0046: 0046-2292-bugfix-for-run.sh-and-add-build-notify-msg-for-.patch
Patch0047: 0047-2295-keep-the-service-status-unchanged-after-iSulad-.patch
Patch0048: 0048-modify-attach-socket-name.patch
Patch0049: 0049-2298-bugfix-for-hook_ignore_poststart_error-run-in-o.patch
Patch0050: 0050-2304-remove-build-and-test-in-coverage.patch
Patch0051: 0051-2303-use-a-timeout-epoll-loop-to-ensure-complete-dat.patch
Patch0052: 0052-modify-the-default-value-of-ISULAD_TMPDIR-to-var-lib.patch
Patch0053: 0053-prevent-the-parent-dir-from-being-bind-mounted-to-th.patch
Patch0054: 0054-2308-Remove-unused-header-file.patch
Patch0055: 0055-verify-the-mount-dir-first-and-then-create-tmpdir.patch
Patch0056: 0056-2300-Maintaining-a-uniform-code-style.patch
Patch0057: 0057-2312-Add-Huawei-Cloud-CodeArts-compilation-script.patch
Patch0058: 0058-bugfix-del-redundant-code.patch
Patch0059: 0059-improve-code-of-pull.patch
Patch0060: 0060-remove-var-in-coverage-and-fix-build-test-remove.patch
Patch0061: 0061-2320-improve-CI-test.patch
Patch0062: 0062-verify-name-and-digest-consistency.patch
Patch0063: 0063-code-improve-for-oci_rmi.patch
Patch0064: 0064-bugfix-for-resort_image_names.patch
Patch0065: 0065-fix-stopp-removes-cont-error-remove-inspect-error-lo.patch
Patch0066: 0066-2313-use-lxc-5.X-in-CI-testcase.patch
Patch0067: 0067-2329-modify-mount-dev-directory-for-lxc-5.X.patch
Patch0068: 0068-add-cri-1.29-api-change-docs.patch
Patch0069: 0069-add-exec-workdir-support-for-oci-runtime.patch
Patch0070: 0070-add-testcases-for-exec-workdir.patch
Patch0071: 0071-iSulad-restart-isuald-when-upgrade-active-isulad.patch
%ifarch x86_64 aarch64 %ifarch x86_64 aarch64
Provides: libhttpclient.so()(64bit) Provides: libhttpclient.so()(64bit)
@ -113,8 +48,8 @@ Requires: sqlite
BuildRequires: gtest-devel gmock-devel BuildRequires: gtest-devel gmock-devel
%endif %endif
%define lcrver_lower 2.1.3-0 %define lcrver_lower 2.1.4-0
%define lcrver_upper 2.1.4-0 %define lcrver_upper 2.1.5-0
BuildRequires: libisula-devel > %{lcrver_lower} libisula-devel < %{lcrver_upper} BuildRequires: libisula-devel > %{lcrver_lower} libisula-devel < %{lcrver_upper}
BuildRequires: cmake gcc-c++ yajl-devel BuildRequires: cmake gcc-c++ yajl-devel
@ -341,6 +276,12 @@ fi
%endif %endif
%changelog %changelog
* Tue Jan 30 2024 zhongtao <zhongtao17@huawei.com> - 2.1.5-1
- Type: update
- ID: NA
- SUG: NA
- DESC: update to v2.1.5
* Fri Dec 29 2023 yangjiaqi <yangjiaqi16@huawei.com> - 2.1.4-5 * Fri Dec 29 2023 yangjiaqi <yangjiaqi16@huawei.com> - 2.1.4-5
- Type: bugfix - Type: bugfix
- ID: NA - ID: NA

BIN
v2.1.4.tar.gz → v2.1.5.tar.gz
View File

Binary file not shown.