xuxuepeng
haozi007
parent
cff876a2c9
commit
f2271d04b4
@ -1,9 +1,9 @@
|
||||
From 3f949cbfe601de10d813fd08a5ca58cdc5a7258e Mon Sep 17 00:00:00 2001
|
||||
From 8dacc4a2740ed3ba99fab88324c50fa37274297d Mon Sep 17 00:00:00 2001
|
||||
From: xuxuepeng <xuxuepeng1@huawei.com>
|
||||
Date: Tue, 29 Aug 2023 19:21:27 +0800
|
||||
Subject: [PATCH] Use reference in loop in listpodsandbox
|
||||
Date: Tue, 29 Aug 2023 11:50:52 +0000
|
||||
Subject: [PATCH 01/33] !2155 Use reference in loop in listpodsandbox * Use
|
||||
reference in loop in listpodsandbox
|
||||
|
||||
Signed-off-by: xuxuepeng <xuxuepeng1@huawei.com>
|
||||
---
|
||||
src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
28
0002-2156-Fix-sandbox-error-logging.patch
Normal file
28
0002-2156-Fix-sandbox-error-logging.patch
Normal file
@ -0,0 +1,28 @@
|
||||
From cc6302549b722a5c309c90794afe27b2e7e7b29e Mon Sep 17 00:00:00 2001
|
||||
From: xuxuepeng <xuxuepeng1@huawei.com>
|
||||
Date: Tue, 29 Aug 2023 13:18:13 +0000
|
||||
Subject: [PATCH 02/33] !2156 Fix sandbox error logging * Fix sandbox error
|
||||
logging
|
||||
|
||||
---
|
||||
src/daemon/sandbox/sandbox.cc | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/daemon/sandbox/sandbox.cc b/src/daemon/sandbox/sandbox.cc
|
||||
index 2433e11b..968dae24 100644
|
||||
--- a/src/daemon/sandbox/sandbox.cc
|
||||
+++ b/src/daemon/sandbox/sandbox.cc
|
||||
@@ -581,8 +581,8 @@ auto Sandbox::Create(Errors &error) -> bool
|
||||
|
||||
nret = util_mkdir_p(m_rootdir.c_str(), CONFIG_DIRECTORY_MODE);
|
||||
if (nret != 0 && errno != EEXIST) {
|
||||
- error.Errorf("Failed to create sandbox path %s", m_rootdir);
|
||||
- SYSERROR("Failed to create sandbox path %s", m_rootdir);
|
||||
+ error.Errorf("Failed to create sandbox path %s", m_rootdir.c_str());
|
||||
+ SYSERROR("Failed to create sandbox path %s", m_rootdir.c_str());
|
||||
return false;
|
||||
}
|
||||
#ifdef ENABLE_USERNS_REMAP
|
||||
--
|
||||
2.40.1
|
||||
|
||||
26
0003-2158-Use-crictl-v1.22.0-for-ci.patch
Normal file
26
0003-2158-Use-crictl-v1.22.0-for-ci.patch
Normal file
@ -0,0 +1,26 @@
|
||||
From 384940dee7ed5bcc01014520b94917f5782f996e Mon Sep 17 00:00:00 2001
|
||||
From: xuxuepeng <xuxuepeng1@huawei.com>
|
||||
Date: Wed, 30 Aug 2023 03:36:45 +0000
|
||||
Subject: [PATCH 03/33] !2158 Use crictl v1.22.0 for ci * Use crictl v1.22.0
|
||||
for ci
|
||||
|
||||
---
|
||||
CI/install_depends.sh | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/CI/install_depends.sh b/CI/install_depends.sh
|
||||
index ff919afe..bff825a8 100755
|
||||
--- a/CI/install_depends.sh
|
||||
+++ b/CI/install_depends.sh
|
||||
@@ -46,7 +46,7 @@ function make_crictl()
|
||||
cd cri-tools
|
||||
# crictl v1.18 cannot recognise the SecurityProfile seccomp of LinuxSandboxSecurityContext
|
||||
# and the LinuxContainerSecurityContext.has_seccomp() always false
|
||||
- git checkout v1.24.2
|
||||
+ git checkout v1.22.0
|
||||
make -j $nproc
|
||||
echo "make cri-tools: $?"
|
||||
cp ./build/bin/crictl ${builddir}/bin/
|
||||
--
|
||||
2.40.1
|
||||
|
||||
113
0004-2162-Fix-rename-issue-for-id-manager.patch
Normal file
113
0004-2162-Fix-rename-issue-for-id-manager.patch
Normal file
@ -0,0 +1,113 @@
|
||||
From 0dbf21e22d51721e43fa2c1abecf30da271501c5 Mon Sep 17 00:00:00 2001
|
||||
From: xuxuepeng <xuxuepeng1@huawei.com>
|
||||
Date: Thu, 31 Aug 2023 04:11:22 +0000
|
||||
Subject: [PATCH 04/33] !2162 Fix rename issue for id manager Merge pull
|
||||
request !2162 from xuxuepeng/master
|
||||
|
||||
---
|
||||
src/daemon/common/id_name_manager.c | 21 ++++++++++++++++++-
|
||||
src/daemon/common/id_name_manager.h | 1 +
|
||||
.../container_cb/execution_information.c | 12 +++++++++++
|
||||
src/daemon/sandbox/sandbox_manager.cc | 6 ++++--
|
||||
4 files changed, 37 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/daemon/common/id_name_manager.c b/src/daemon/common/id_name_manager.c
|
||||
index e6b24798..3fc1c443 100644
|
||||
--- a/src/daemon/common/id_name_manager.c
|
||||
+++ b/src/daemon/common/id_name_manager.c
|
||||
@@ -382,4 +382,23 @@ bool id_name_manager_remove_entry(const char *id, const char *name)
|
||||
}
|
||||
|
||||
return ret;
|
||||
-}
|
||||
\ No newline at end of file
|
||||
+}
|
||||
+
|
||||
+bool id_name_manager_rename(const char *new_name, const char *old_name)
|
||||
+{
|
||||
+ if (old_name == NULL || new_name == NULL) {
|
||||
+ ERROR("Failed to rename empty name");
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
+ if (!try_add_name(new_name)) {
|
||||
+ ERROR("Failed to add %s to name map", new_name);
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
+ if (!try_remove_name(old_name)) {
|
||||
+ WARN("Failed to remove %s from name map", old_name);
|
||||
+ }
|
||||
+
|
||||
+ return true;
|
||||
+}
|
||||
diff --git a/src/daemon/common/id_name_manager.h b/src/daemon/common/id_name_manager.h
|
||||
index 3c9f6d45..09f0867e 100644
|
||||
--- a/src/daemon/common/id_name_manager.h
|
||||
+++ b/src/daemon/common/id_name_manager.h
|
||||
@@ -27,6 +27,7 @@ bool id_name_manager_add_entry_with_existing_id(const char *id, const char *name
|
||||
bool id_name_manager_add_entry_with_new_id(const char *name, char **id);
|
||||
bool id_name_manager_add_entry_with_new_id_and_name(char **id, char **name);
|
||||
bool id_name_manager_remove_entry(const char *id, const char *name);
|
||||
+bool id_name_manager_rename(const char *new_name, const char *old_name);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
diff --git a/src/daemon/executor/container_cb/execution_information.c b/src/daemon/executor/container_cb/execution_information.c
|
||||
index 28480224..93e5032e 100644
|
||||
--- a/src/daemon/executor/container_cb/execution_information.c
|
||||
+++ b/src/daemon/executor/container_cb/execution_information.c
|
||||
@@ -60,6 +60,7 @@
|
||||
#include "utils_convert.h"
|
||||
#include "utils_string.h"
|
||||
#include "utils_verify.h"
|
||||
+#include "id_name_manager.h"
|
||||
|
||||
static int container_version_cb(const container_version_request *request, container_version_response **response)
|
||||
{
|
||||
@@ -1075,11 +1076,22 @@ static int container_rename(container_t *cont, const char *new_name)
|
||||
goto out;
|
||||
}
|
||||
|
||||
+ if (!id_name_manager_rename(new_name, old_name)) {
|
||||
+ ERROR("Failed to rename %s to %s in id-name manager", old_name, new_name);
|
||||
+ isulad_set_error_message("Failed to rename %s to %s in id-name manager", old_name, new_name);
|
||||
+ ret = -1;
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
if (!container_name_index_rename(new_name, old_name, id)) {
|
||||
ERROR("Name %s is in use", new_name);
|
||||
isulad_set_error_message("Conflict. The name \"%s\" is already in use by container %s. "
|
||||
"You have to remove (or rename) that container to be able to reuse that name.",
|
||||
new_name, new_name);
|
||||
+ // restore name in id-name manager
|
||||
+ if (!id_name_manager_rename(old_name, new_name)) {
|
||||
+ ERROR("Failed to restore name from \"%s\" to \"%s\" in id-name manager", new_name, old_name);
|
||||
+ }
|
||||
ret = -1;
|
||||
goto out;
|
||||
}
|
||||
diff --git a/src/daemon/sandbox/sandbox_manager.cc b/src/daemon/sandbox/sandbox_manager.cc
|
||||
index 527a9aec..e258320a 100644
|
||||
--- a/src/daemon/sandbox/sandbox_manager.cc
|
||||
+++ b/src/daemon/sandbox/sandbox_manager.cc
|
||||
@@ -210,11 +210,13 @@ bool SandboxManager::IDNameManagerRemoveEntry(const std::string &id, const std::
|
||||
// Save the id and name of the sandbox to the map of the id_name_manager module
|
||||
bool SandboxManager::IDNameManagerNewEntry(std::string &id, const std::string &name)
|
||||
{
|
||||
- __isula_auto_free char *tmpId = NULL;
|
||||
bool ret = false;
|
||||
if (id.empty()) {
|
||||
+ __isula_auto_free char *tmpId = NULL;
|
||||
ret = id_name_manager_add_entry_with_new_id(name.c_str(), &tmpId);
|
||||
- id = tmpId;
|
||||
+ if (tmpId != NULL) {
|
||||
+ id = tmpId;
|
||||
+ }
|
||||
} else {
|
||||
ret = id_name_manager_add_entry_with_existing_id(id.c_str(), name.c_str());
|
||||
}
|
||||
--
|
||||
2.40.1
|
||||
|
||||
936
0005-2163-add-bind-mount-file-lock.patch
Normal file
936
0005-2163-add-bind-mount-file-lock.patch
Normal file
@ -0,0 +1,936 @@
|
||||
From c1c5159675073450fe13906771cec6f666053380 Mon Sep 17 00:00:00 2001
|
||||
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
|
||||
Date: Thu, 31 Aug 2023 13:14:02 +0000
|
||||
Subject: [PATCH 05/33] !2163 add bind mount file lock * add bind mount file
|
||||
lock
|
||||
|
||||
---
|
||||
src/cmd/isula/stream/cp.c | 66 ++++++-
|
||||
src/cmd/isulad/main.c | 51 ++++++
|
||||
src/common/constants.h | 4 +
|
||||
.../executor/container_cb/execution_stream.c | 23 ++-
|
||||
src/daemon/modules/image/oci/oci_export.c | 13 +-
|
||||
src/daemon/modules/image/oci/oci_load.c | 13 +-
|
||||
.../graphdriver/devmapper/driver_devmapper.c | 12 +-
|
||||
.../graphdriver/overlay2/driver_overlay2.c | 12 +-
|
||||
src/utils/tar/isulad_tar.c | 16 +-
|
||||
src/utils/tar/isulad_tar.h | 4 +-
|
||||
src/utils/tar/util_archive.c | 163 +++++++++++++++---
|
||||
src/utils/tar/util_archive.h | 8 +-
|
||||
12 files changed, 332 insertions(+), 53 deletions(-)
|
||||
|
||||
diff --git a/src/cmd/isula/stream/cp.c b/src/cmd/isula/stream/cp.c
|
||||
index f0cd99c9..b1e3bbd6 100644
|
||||
--- a/src/cmd/isula/stream/cp.c
|
||||
+++ b/src/cmd/isula/stream/cp.c
|
||||
@@ -73,6 +73,44 @@ static void print_copy_from_container_error(const char *ops_err, const char *arc
|
||||
}
|
||||
}
|
||||
|
||||
+static int client_get_root_dir(const isula_connect_ops *ops, const client_connect_config_t *config, char **root_dir)
|
||||
+{
|
||||
+ int ret = 0;
|
||||
+ struct isula_info_request request = { 0 };
|
||||
+ struct isula_info_response *response = NULL;
|
||||
+
|
||||
+ response = util_common_calloc_s(sizeof(struct isula_info_response));
|
||||
+ if (response == NULL) {
|
||||
+ COMMAND_ERROR("Info: Out of memory");
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if (!ops->container.info) {
|
||||
+ COMMAND_ERROR("Unimplemented info op");
|
||||
+ ret = -1;
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ ret = ops->container.info(&request, response, (void *)config);
|
||||
+ if (ret != 0) {
|
||||
+ client_print_error(response->cc, response->server_errono, response->errmsg);
|
||||
+ ret = -1;
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ if (response->isulad_root_dir == NULL) {
|
||||
+ COMMAND_ERROR("None root dir");
|
||||
+ ret = -1;
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ *root_dir = util_strdup_s(response->isulad_root_dir);
|
||||
+
|
||||
+out:
|
||||
+ isula_info_response_free(response);
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
static int client_copy_from_container(const struct client_arguments *args, const char *id, const char *srcpath,
|
||||
const char *destpath)
|
||||
{
|
||||
@@ -84,6 +122,7 @@ static int client_copy_from_container(const struct client_arguments *args, const
|
||||
char *archive_err = NULL;
|
||||
char *ops_err = NULL;
|
||||
char *resolved = NULL;
|
||||
+ char *root_dir = NULL;
|
||||
struct archive_copy_info *srcinfo = NULL;
|
||||
client_connect_config_t config;
|
||||
|
||||
@@ -92,18 +131,24 @@ static int client_copy_from_container(const struct client_arguments *args, const
|
||||
COMMAND_ERROR("Unimplemented copy from container operation");
|
||||
return -1;
|
||||
}
|
||||
+ config = get_connect_config(args);
|
||||
+
|
||||
+ ret = client_get_root_dir(ops, &config, &root_dir);
|
||||
+ if (ret != 0) {
|
||||
+ return -1;
|
||||
+ }
|
||||
|
||||
response = util_common_calloc_s(sizeof(struct isula_copy_from_container_response));
|
||||
if (response == NULL) {
|
||||
ERROR("Event: Out of memory");
|
||||
- return -1;
|
||||
+ ret = -1;
|
||||
+ goto out;
|
||||
}
|
||||
|
||||
request.id = (char *)id;
|
||||
request.runtime = args->runtime;
|
||||
request.srcpath = (char *)srcpath;
|
||||
|
||||
- config = get_connect_config(args);
|
||||
ret = ops->container.copy_from_container(&request, response, &config);
|
||||
if (ret) {
|
||||
ops_err = (response->errmsg != NULL) ? util_strdup_s(response->errmsg) : NULL;
|
||||
@@ -125,7 +170,7 @@ static int client_copy_from_container(const struct client_arguments *args, const
|
||||
srcinfo->path = util_strdup_s(srcpath);
|
||||
srcinfo->isdir = S_ISDIR(response->stat->mode);
|
||||
|
||||
- nret = archive_copy_to(&response->reader, srcinfo, resolved, &archive_err);
|
||||
+ nret = archive_copy_to(&response->reader, srcinfo, resolved, root_dir, &archive_err);
|
||||
if (nret != 0) {
|
||||
ret = nret;
|
||||
}
|
||||
@@ -137,6 +182,7 @@ static int client_copy_from_container(const struct client_arguments *args, const
|
||||
|
||||
out:
|
||||
print_copy_from_container_error(ops_err, archive_err, ret, args);
|
||||
+ free(root_dir);
|
||||
free(resolved);
|
||||
free(archive_err);
|
||||
free(ops_err);
|
||||
@@ -167,6 +213,7 @@ static int client_copy_to_container(const struct client_arguments *args, const c
|
||||
int nret = 0;
|
||||
char *archive_err = NULL;
|
||||
char *resolved = NULL;
|
||||
+ char *root_dir = NULL;
|
||||
struct archive_copy_info *srcinfo = NULL;
|
||||
struct io_read_wrapper archive_reader = { 0 };
|
||||
client_connect_config_t config = { 0 };
|
||||
@@ -176,11 +223,18 @@ static int client_copy_to_container(const struct client_arguments *args, const c
|
||||
COMMAND_ERROR("Unimplemented copy to container operation");
|
||||
return -1;
|
||||
}
|
||||
+ config = get_connect_config(args);
|
||||
+
|
||||
+ ret = client_get_root_dir(ops, &config, &root_dir);
|
||||
+ if (ret != 0) {
|
||||
+ return -1;
|
||||
+ }
|
||||
|
||||
response = util_common_calloc_s(sizeof(struct isula_copy_to_container_response));
|
||||
if (response == NULL) {
|
||||
ERROR("Event: Out of memory");
|
||||
- return -1;
|
||||
+ ret = -1;
|
||||
+ goto out;
|
||||
}
|
||||
|
||||
request.id = (char *)id;
|
||||
@@ -199,7 +253,7 @@ static int client_copy_to_container(const struct client_arguments *args, const c
|
||||
goto out;
|
||||
}
|
||||
|
||||
- nret = tar_resource(srcinfo, &archive_reader, &archive_err);
|
||||
+ nret = tar_resource(srcinfo, root_dir, &archive_reader, &archive_err);
|
||||
if (nret != 0) {
|
||||
ret = -1;
|
||||
goto out;
|
||||
@@ -212,7 +266,6 @@ static int client_copy_to_container(const struct client_arguments *args, const c
|
||||
request.reader.read = archive_reader.read;
|
||||
request.reader.close = archive_reader.close;
|
||||
|
||||
- config = get_connect_config(args);
|
||||
ret = ops->container.copy_to_container(&request, response, &config);
|
||||
|
||||
// archive reader close if copy to container failed
|
||||
@@ -223,6 +276,7 @@ static int client_copy_to_container(const struct client_arguments *args, const c
|
||||
|
||||
out:
|
||||
print_copy_to_container_error(response, archive_err, ret, args);
|
||||
+ free(root_dir);
|
||||
free(resolved);
|
||||
free(archive_err);
|
||||
free_archive_copy_info(srcinfo);
|
||||
diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c
|
||||
index 681dcf03..b32b6626 100644
|
||||
--- a/src/cmd/isulad/main.c
|
||||
+++ b/src/cmd/isulad/main.c
|
||||
@@ -72,6 +72,7 @@
|
||||
#include "utils_file.h"
|
||||
#include "utils_string.h"
|
||||
#include "utils_verify.h"
|
||||
+#include "path.h"
|
||||
#include "volume_api.h"
|
||||
#ifndef DISABLE_CLEANUP
|
||||
#include "leftover_cleanup_api.h"
|
||||
@@ -1383,6 +1384,50 @@ out:
|
||||
return ret;
|
||||
}
|
||||
|
||||
+static int create_mount_flock_file(const struct service_arguments *args)
|
||||
+{
|
||||
+ int nret = 0;
|
||||
+ int fd = -1;
|
||||
+ char path[PATH_MAX] = { 0 };
|
||||
+ char cleanpath[PATH_MAX] = { 0 };
|
||||
+
|
||||
+ nret = snprintf(path, PATH_MAX, "%s/%s", args->json_confs->graph, MOUNT_FLOCK_FILE_PATH);
|
||||
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
|
||||
+ ERROR("Failed to snprintf");
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if (util_clean_path(path, cleanpath, sizeof(cleanpath)) == NULL) {
|
||||
+ ERROR("clean path for %s failed", path);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if (util_fileself_exists(cleanpath)) {
|
||||
+ int err = 0;
|
||||
+ // recreate mount flock file
|
||||
+ // and make file uid/gid and permission correct
|
||||
+ if (!util_force_remove_file(cleanpath, &err)) {
|
||||
+ ERROR("Failed to delete %s, error: %s. Please delete %s manually.", path, strerror(err), path);
|
||||
+ return -1;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ fd = util_open(cleanpath, O_RDWR | O_CREAT, MOUNT_FLOCK_FILE_MODE);
|
||||
+ if (fd < 0) {
|
||||
+ ERROR("Failed to create file %s", cleanpath);
|
||||
+ return -1;
|
||||
+ }
|
||||
+ close(fd);
|
||||
+
|
||||
+ nret = util_set_file_group(cleanpath, args->json_confs->group);
|
||||
+ if (nret < 0) {
|
||||
+ ERROR("set group of the path %s failed", cleanpath);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
static int isulad_server_init_service()
|
||||
{
|
||||
int ret = -1;
|
||||
@@ -1413,6 +1458,12 @@ static int isulad_server_init_service()
|
||||
goto unlock_out;
|
||||
}
|
||||
|
||||
+ ret = create_mount_flock_file(args);
|
||||
+ if (ret != 0) {
|
||||
+ ERROR("Failed to create mount flock file");
|
||||
+ goto unlock_out;
|
||||
+ }
|
||||
+
|
||||
unlock_out:
|
||||
if (isulad_server_conf_unlock()) {
|
||||
ret = -1;
|
||||
diff --git a/src/common/constants.h b/src/common/constants.h
|
||||
index 409a83a1..d93bb464 100644
|
||||
--- a/src/common/constants.h
|
||||
+++ b/src/common/constants.h
|
||||
@@ -68,6 +68,8 @@ extern "C" {
|
||||
|
||||
#define DEFAULT_HIGHEST_DIRECTORY_MODE 0755
|
||||
|
||||
+#define MOUNT_FLOCK_FILE_MODE 0660
|
||||
+
|
||||
#define ISULAD_CONFIG SYSCONFDIR_PREFIX"/etc/isulad"
|
||||
|
||||
#define ISULAD_DAEMON_CONTAINER_CONTEXTS ISULAD_CONFIG "/container_contexts"
|
||||
@@ -119,6 +121,8 @@ extern "C" {
|
||||
#define OCI_VERSION "1.0.1"
|
||||
#endif
|
||||
|
||||
+#define MOUNT_FLOCK_FILE_PATH "isulad-chroot-mount.flock"
|
||||
+
|
||||
#define OCI_IMAGE_GRAPH_ROOTPATH_NAME "storage"
|
||||
|
||||
#ifdef ENABLE_GRPC_REMOTE_CONNECT
|
||||
diff --git a/src/daemon/executor/container_cb/execution_stream.c b/src/daemon/executor/container_cb/execution_stream.c
|
||||
index 32721e68..244ec6a0 100644
|
||||
--- a/src/daemon/executor/container_cb/execution_stream.c
|
||||
+++ b/src/daemon/executor/container_cb/execution_stream.c
|
||||
@@ -62,6 +62,7 @@
|
||||
#include "utils.h"
|
||||
#include "utils_file.h"
|
||||
#include "utils_verify.h"
|
||||
+#include "isulad_config.h"
|
||||
|
||||
#if defined (__ANDROID__) || defined(__MUSL__)
|
||||
#define SIG_CANCEL_SIGNAL SIGUSR1
|
||||
@@ -442,6 +443,7 @@ static int archive_and_send_copy_data(const stream_func_wrapper *stream,
|
||||
char *absbase = NULL;
|
||||
char *err = NULL;
|
||||
char *buf = NULL;
|
||||
+ char *root_dir = NULL;
|
||||
char cleaned[PATH_MAX + 2] = { 0 };
|
||||
struct io_read_wrapper reader = { 0 };
|
||||
char *tar_path = NULL;
|
||||
@@ -474,9 +476,15 @@ static int archive_and_send_copy_data(const stream_func_wrapper *stream,
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
+ root_dir = conf_get_isulad_rootdir();
|
||||
+ if (root_dir == NULL) {
|
||||
+ ERROR("Failed to get isulad rootdir");
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
DEBUG("archive chroot tar stream container_fs(%s) srcdir(%s) relative(%s) srcbase(%s) absbase(%s)",
|
||||
container_fs, srcdir, tar_path, srcbase, absbase);
|
||||
- nret = archive_chroot_tar_stream(container_fs, tar_path, srcbase, absbase, &reader);
|
||||
+ nret = archive_chroot_tar_stream(container_fs, tar_path, srcbase, absbase, root_dir, &reader);
|
||||
if (nret != 0) {
|
||||
ERROR("Archive %s failed", resolvedpath);
|
||||
goto cleanup;
|
||||
@@ -504,6 +512,7 @@ cleanup:
|
||||
free(srcdir);
|
||||
free(srcbase);
|
||||
free(absbase);
|
||||
+ free(root_dir);
|
||||
if (reader.close != NULL) {
|
||||
int cret = reader.close(reader.context, &err);
|
||||
if (err != NULL) {
|
||||
@@ -776,15 +785,25 @@ static int read_and_extract_archive(stream_func_wrapper *stream, const char *con
|
||||
{
|
||||
int ret = -1;
|
||||
char *err = NULL;
|
||||
+ char *root_dir = NULL;
|
||||
struct io_read_wrapper content = { 0 };
|
||||
content.context = stream;
|
||||
content.read = extract_stream_to_io_read;
|
||||
- ret = archive_chroot_untar_stream(&content, container_fs, dstdir_in_container, src_rebase, dst_rebase, &err);
|
||||
+
|
||||
+ root_dir = conf_get_isulad_rootdir();
|
||||
+ if (root_dir == NULL) {
|
||||
+ ERROR("Failed to get isulad rootdir");
|
||||
+ isulad_set_error_message("Failed to get isulad rootdir");
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ ret = archive_chroot_untar_stream(&content, container_fs, dstdir_in_container, src_rebase, dst_rebase, root_dir, &err);
|
||||
if (ret != 0) {
|
||||
ERROR("Can not untar to container: %s", (err != NULL) ? err : "unknown");
|
||||
isulad_set_error_message("Can not untar to container: %s", (err != NULL) ? err : "unknown");
|
||||
}
|
||||
free(err);
|
||||
+ free(root_dir);
|
||||
return ret;
|
||||
}
|
||||
|
||||
diff --git a/src/daemon/modules/image/oci/oci_export.c b/src/daemon/modules/image/oci/oci_export.c
|
||||
index e27ed6d8..6bfcf4d5 100644
|
||||
--- a/src/daemon/modules/image/oci/oci_export.c
|
||||
+++ b/src/daemon/modules/image/oci/oci_export.c
|
||||
@@ -23,6 +23,7 @@
|
||||
#include "util_archive.h"
|
||||
#include "path.h"
|
||||
#include "utils_file.h"
|
||||
+#include "isulad_config.h"
|
||||
|
||||
int oci_do_export(char *id, char *file)
|
||||
{
|
||||
@@ -30,6 +31,7 @@ int oci_do_export(char *id, char *file)
|
||||
int ret2 = 0;
|
||||
char *mount_point = NULL;
|
||||
char *errmsg = NULL;
|
||||
+ char *root_dir = NULL;
|
||||
char cleanpath[PATH_MAX] = { 0 };
|
||||
|
||||
if (id == NULL || file == NULL) {
|
||||
@@ -56,7 +58,15 @@ int oci_do_export(char *id, char *file)
|
||||
return -1;
|
||||
}
|
||||
|
||||
- ret = archive_chroot_tar(mount_point, cleanpath, &errmsg);
|
||||
+ root_dir = conf_get_isulad_rootdir();
|
||||
+ if (root_dir == NULL) {
|
||||
+ ERROR("Failed to get isulad rootdir");
|
||||
+ isulad_set_error_message("Failed to get isulad rootdir");
|
||||
+ ret = -1;
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ ret = archive_chroot_tar(mount_point, cleanpath, root_dir, &errmsg);
|
||||
if (ret != 0) {
|
||||
ERROR("failed to export container %s to file %s: %s", id, cleanpath, errmsg);
|
||||
isulad_set_error_message("Failed to export rootfs with error: %s", errmsg);
|
||||
@@ -68,6 +78,7 @@ out:
|
||||
mount_point = NULL;
|
||||
free(errmsg);
|
||||
errmsg = NULL;
|
||||
+ free(root_dir);
|
||||
|
||||
ret2 = storage_rootfs_umount(id, false);
|
||||
if (ret2 != 0) {
|
||||
diff --git a/src/daemon/modules/image/oci/oci_load.c b/src/daemon/modules/image/oci/oci_load.c
|
||||
index 04a9f947..4385e55e 100644
|
||||
--- a/src/daemon/modules/image/oci/oci_load.c
|
||||
+++ b/src/daemon/modules/image/oci/oci_load.c
|
||||
@@ -41,6 +41,7 @@
|
||||
#include "utils_file.h"
|
||||
#include "utils_verify.h"
|
||||
#include "oci_image.h"
|
||||
+#include "isulad_config.h"
|
||||
|
||||
#define MANIFEST_BIG_DATA_KEY "manifest"
|
||||
#define OCI_SCHEMA_VERSION 2
|
||||
@@ -1068,6 +1069,7 @@ int oci_do_load(const im_load_request *request)
|
||||
char *digest = NULL;
|
||||
char *dstdir = NULL;
|
||||
char *err = NULL;
|
||||
+ char *root_dir = NULL;
|
||||
|
||||
if (request == NULL || request->file == NULL) {
|
||||
ERROR("Invalid input arguments, cannot load image");
|
||||
@@ -1088,8 +1090,16 @@ int oci_do_load(const im_load_request *request)
|
||||
goto out;
|
||||
}
|
||||
|
||||
+ root_dir = conf_get_isulad_rootdir();
|
||||
+ if (root_dir == NULL) {
|
||||
+ ERROR("Failed to get isulad rootdir");
|
||||
+ isulad_try_set_error_message("Failed to get isulad rootdir");
|
||||
+ ret = -1;
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
options.whiteout_format = NONE_WHITEOUT_FORMATE;
|
||||
- if (archive_unpack(&reader, dstdir, &options, &err) != 0) {
|
||||
+ if (archive_unpack(&reader, dstdir, &options, root_dir, &err) != 0) {
|
||||
ERROR("Failed to unpack to %s: %s", dstdir, err);
|
||||
isulad_try_set_error_message("Failed to unpack to %s: %s", dstdir, err);
|
||||
ret = -1;
|
||||
@@ -1175,5 +1185,6 @@ out:
|
||||
}
|
||||
free(dstdir);
|
||||
free(err);
|
||||
+ free(root_dir);
|
||||
return ret;
|
||||
}
|
||||
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c
|
||||
index 998ea8c2..ecb62f79 100644
|
||||
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c
|
||||
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c
|
||||
@@ -32,6 +32,7 @@
|
||||
#include "utils_file.h"
|
||||
#include "utils_fs.h"
|
||||
#include "utils_string.h"
|
||||
+#include "isulad_config.h"
|
||||
|
||||
struct io_read_wrapper;
|
||||
|
||||
@@ -346,6 +347,7 @@ int devmapper_apply_diff(const char *id, const struct graphdriver *driver, const
|
||||
int ret = 0;
|
||||
struct archive_options options = { 0 };
|
||||
char *err = NULL;
|
||||
+ char *root_dir = NULL;
|
||||
|
||||
if (!util_valid_str(id) || driver == NULL || content == NULL) {
|
||||
ERROR("invalid argument to apply diff with id(%s)", id);
|
||||
@@ -366,8 +368,15 @@ int devmapper_apply_diff(const char *id, const struct graphdriver *driver, const
|
||||
goto out;
|
||||
}
|
||||
|
||||
+ root_dir = conf_get_isulad_rootdir();
|
||||
+ if (root_dir == NULL) {
|
||||
+ ERROR("Failed to get isulad rootdir");
|
||||
+ ret = -1;
|
||||
+ goto umount_out;
|
||||
+ }
|
||||
+
|
||||
options.whiteout_format = REMOVE_WHITEOUT_FORMATE;
|
||||
- if (archive_unpack(content, layer_fs, &options, &err) != 0) {
|
||||
+ if (archive_unpack(content, layer_fs, &options, root_dir, &err) != 0) {
|
||||
ERROR("devmapper: failed to unpack to %s: %s", layer_fs, err);
|
||||
ret = -1;
|
||||
goto umount_out;
|
||||
@@ -384,6 +393,7 @@ out:
|
||||
free_driver_mount_opts(mount_opts);
|
||||
free(layer_fs);
|
||||
free(err);
|
||||
+ free(root_dir);
|
||||
return ret;
|
||||
}
|
||||
|
||||
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
|
||||
index c5864c90..b177f594 100644
|
||||
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
|
||||
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
|
||||
@@ -45,6 +45,7 @@
|
||||
#include "utils_timestamp.h"
|
||||
#include "selinux_label.h"
|
||||
#include "err_msg.h"
|
||||
+#include "isulad_config.h"
|
||||
#ifdef ENABLE_REMOTE_LAYER_STORE
|
||||
#include "ro_symlink_maintain.h"
|
||||
#endif
|
||||
@@ -1886,6 +1887,7 @@ int overlay2_apply_diff(const char *id, const struct graphdriver *driver, const
|
||||
char *layer_diff = NULL;
|
||||
struct archive_options options = { 0 };
|
||||
char *err = NULL;
|
||||
+ char *root_dir = NULL;
|
||||
|
||||
if (id == NULL || driver == NULL || content == NULL) {
|
||||
ERROR("invalid argument");
|
||||
@@ -1919,7 +1921,14 @@ int overlay2_apply_diff(const char *id, const struct graphdriver *driver, const
|
||||
}
|
||||
#endif
|
||||
|
||||
- ret = archive_unpack(content, layer_diff, &options, &err);
|
||||
+ root_dir = conf_get_isulad_rootdir();
|
||||
+ if (root_dir == NULL) {
|
||||
+ ERROR("Failed to get isulad rootdir");
|
||||
+ ret = -1;
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ ret = archive_unpack(content, layer_diff, &options, root_dir ,&err);
|
||||
if (ret != 0) {
|
||||
ERROR("Failed to unpack to %s: %s", layer_diff, err);
|
||||
ret = -1;
|
||||
@@ -1928,6 +1937,7 @@ int overlay2_apply_diff(const char *id, const struct graphdriver *driver, const
|
||||
|
||||
out:
|
||||
free(err);
|
||||
+ free(root_dir);
|
||||
free(layer_dir);
|
||||
free(layer_diff);
|
||||
#ifdef ENABLE_USERNS_REMAP
|
||||
diff --git a/src/utils/tar/isulad_tar.c b/src/utils/tar/isulad_tar.c
|
||||
index 74176b12..24269c70 100644
|
||||
--- a/src/utils/tar/isulad_tar.c
|
||||
+++ b/src/utils/tar/isulad_tar.c
|
||||
@@ -385,7 +385,7 @@ cleanup:
|
||||
}
|
||||
|
||||
int archive_copy_to(const struct io_read_wrapper *content, const struct archive_copy_info *srcinfo,
|
||||
- const char *dstpath, char **err)
|
||||
+ const char *dstpath, const char *root_dir, char **err)
|
||||
{
|
||||
int ret = -1;
|
||||
struct archive_copy_info *dstinfo = NULL;
|
||||
@@ -393,7 +393,7 @@ int archive_copy_to(const struct io_read_wrapper *content, const struct archive_
|
||||
char *src_base = NULL;
|
||||
char *dst_base = NULL;
|
||||
|
||||
- if (err == NULL || dstpath == NULL || srcinfo == NULL || content == NULL) {
|
||||
+ if (err == NULL || dstpath == NULL || srcinfo == NULL || content == NULL || root_dir == NULL) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -409,7 +409,7 @@ int archive_copy_to(const struct io_read_wrapper *content, const struct archive_
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
- ret = archive_chroot_untar_stream(content, dstdir, ".", src_base, dst_base, err);
|
||||
+ ret = archive_chroot_untar_stream(content, dstdir, ".", src_base, dst_base, root_dir, err);
|
||||
|
||||
cleanup:
|
||||
free_archive_copy_info(dstinfo);
|
||||
@@ -419,7 +419,7 @@ cleanup:
|
||||
return ret;
|
||||
}
|
||||
|
||||
-static int tar_resource_rebase(const char *path, const char *rebase, struct io_read_wrapper *archive_reader, char **err)
|
||||
+static int tar_resource_rebase(const char *path, const char *rebase, const char *root_dir, struct io_read_wrapper *archive_reader, char **err)
|
||||
{
|
||||
int ret = -1;
|
||||
int nret;
|
||||
@@ -438,7 +438,7 @@ static int tar_resource_rebase(const char *path, const char *rebase, struct io_r
|
||||
}
|
||||
|
||||
DEBUG("chroot tar stream srcdir(%s) srcbase(%s) rebase(%s)", srcdir, srcbase, rebase);
|
||||
- nret = archive_chroot_tar_stream(srcdir, srcbase, srcbase, rebase, archive_reader);
|
||||
+ nret = archive_chroot_tar_stream(srcdir, srcbase, srcbase, rebase, root_dir, archive_reader);
|
||||
if (nret < 0) {
|
||||
ERROR("Can not archive path: %s", path);
|
||||
goto cleanup;
|
||||
@@ -450,11 +450,11 @@ cleanup:
|
||||
return ret;
|
||||
}
|
||||
|
||||
-int tar_resource(const struct archive_copy_info *info, struct io_read_wrapper *archive_reader, char **err)
|
||||
+int tar_resource(const struct archive_copy_info *info, const char *root_dir, struct io_read_wrapper *archive_reader, char **err)
|
||||
{
|
||||
- if (info == NULL || archive_reader == NULL || err == NULL) {
|
||||
+ if (info == NULL || root_dir == NULL || archive_reader == NULL || err == NULL) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
- return tar_resource_rebase(info->path, info->rebase_name, archive_reader, err);
|
||||
+ return tar_resource_rebase(info->path, info->rebase_name, root_dir, archive_reader, err);
|
||||
}
|
||||
diff --git a/src/utils/tar/isulad_tar.h b/src/utils/tar/isulad_tar.h
|
||||
index cdd9858a..414bb024 100644
|
||||
--- a/src/utils/tar/isulad_tar.h
|
||||
+++ b/src/utils/tar/isulad_tar.h
|
||||
@@ -43,10 +43,10 @@ struct archive_copy_info *copy_info_source_path(const char *path, bool follow_li
|
||||
char *prepare_archive_copy(const struct archive_copy_info *srcinfo, const struct archive_copy_info *dstinfo,
|
||||
char **src_base, char **dst_base, char **err);
|
||||
|
||||
-int tar_resource(const struct archive_copy_info *info, struct io_read_wrapper *archive_reader, char **err);
|
||||
+int tar_resource(const struct archive_copy_info *info, const char *root_dir, struct io_read_wrapper *archive_reader, char **err);
|
||||
|
||||
int archive_copy_to(const struct io_read_wrapper *content, const struct archive_copy_info *srcinfo,
|
||||
- const char *dstpath, char **err);
|
||||
+ const char *dstpath, const char *root_dir, char **err);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c
|
||||
index 0fb7769b..d2fc5488 100644
|
||||
--- a/src/utils/tar/util_archive.c
|
||||
+++ b/src/utils/tar/util_archive.c
|
||||
@@ -33,10 +33,12 @@
|
||||
#include <netdb.h>
|
||||
#include <sys/mount.h>
|
||||
#include <sys/capability.h>
|
||||
+#include <sys/file.h>
|
||||
|
||||
#include <isula_libutils/log.h>
|
||||
#include <isula_libutils/go_crc64.h>
|
||||
#include <isula_libutils/storage_entry.h>
|
||||
+#include <isula_libutils/auto_cleanup.h>
|
||||
|
||||
#include "error.h"
|
||||
#include "map.h"
|
||||
@@ -83,6 +85,31 @@ static ssize_t read_content(struct archive *a, void *client_data, const void **b
|
||||
return mydata->content->read(mydata->content->context, mydata->buff, sizeof(mydata->buff));
|
||||
}
|
||||
|
||||
+static char *generate_flock_path(const char *root_dir)
|
||||
+{
|
||||
+ int nret = 0;
|
||||
+ char path[PATH_MAX] = { 0 };
|
||||
+ char cleanpath[PATH_MAX] = { 0 };
|
||||
+
|
||||
+ nret = snprintf(path, PATH_MAX, "%s/%s", root_dir, MOUNT_FLOCK_FILE_PATH);
|
||||
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
|
||||
+ ERROR("Failed to snprintf");
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ if (util_clean_path(path, cleanpath, sizeof(cleanpath)) == NULL) {
|
||||
+ ERROR("clean path for %s failed", path);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ if (!util_file_exists(cleanpath)) {
|
||||
+ ERROR("flock file %s doesn't exist", cleanpath);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ return util_strdup_s(cleanpath);
|
||||
+}
|
||||
+
|
||||
static void do_disable_unneccessary_caps()
|
||||
{
|
||||
cap_t caps;
|
||||
@@ -104,7 +131,58 @@ static void do_disable_unneccessary_caps()
|
||||
cap_free(caps);
|
||||
}
|
||||
|
||||
-static int make_safedir_is_noexec(const char *dstdir, char **safe_dir)
|
||||
+// Add flock when bind mount and make it private.
|
||||
+// Because bind mount usually makes safedir shared mount point,
|
||||
+// and sometimes it will cause "mount point explosion".
|
||||
+// E.g. concurrently execute isula cp /tmp/<XXX-File> <CONTAINER-ID>:<CONTAINER-PAT>
|
||||
+static int bind_mount_with_flock(const char *flock_path, const char *dstdir, const char *tmp_dir)
|
||||
+{
|
||||
+ __isula_auto_close int fd = -1;
|
||||
+ int ret = -1;
|
||||
+
|
||||
+ fd = open(flock_path, O_RDWR | O_CLOEXEC);
|
||||
+ if (fd < 0) {
|
||||
+ SYSERROR("Failed to open file %s", flock_path);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if (flock(fd, LOCK_EX) != 0) {
|
||||
+ SYSERROR("Failed to lock file %s", flock_path);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if (mount(dstdir, tmp_dir, "none", MS_BIND, NULL) != 0) {
|
||||
+ SYSERROR("Mount safe dir failed");
|
||||
+ goto unlock_out;
|
||||
+ }
|
||||
+
|
||||
+ if (mount(tmp_dir, tmp_dir, "none", MS_BIND | MS_REMOUNT | MS_NOEXEC, NULL) != 0) {
|
||||
+ SYSERROR("Mount safe dir failed");
|
||||
+ if (umount(tmp_dir) != 0) {
|
||||
+ SYSERROR("Failed to umount target %s", tmp_dir);
|
||||
+ }
|
||||
+ goto unlock_out;
|
||||
+ }
|
||||
+
|
||||
+ // Change the propagation type.
|
||||
+ if (mount("", tmp_dir, "", MS_PRIVATE, "") != 0) {
|
||||
+ SYSERROR("Failed to change the propagation type");
|
||||
+ if (umount(tmp_dir) != 0) {
|
||||
+ SYSERROR("Failed to umount target %s", tmp_dir);
|
||||
+ }
|
||||
+ goto unlock_out;
|
||||
+ }
|
||||
+
|
||||
+ ret = 0;
|
||||
+
|
||||
+unlock_out:
|
||||
+ if (flock(fd, LOCK_UN) != 0) {
|
||||
+ SYSERROR("Failed to unlock file %s", flock_path);
|
||||
+ }
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, char **safe_dir)
|
||||
{
|
||||
struct stat buf;
|
||||
char *isulad_tmpdir_env = NULL;
|
||||
@@ -156,19 +234,8 @@ static int make_safedir_is_noexec(const char *dstdir, char **safe_dir)
|
||||
return -1;
|
||||
}
|
||||
|
||||
- if (mount(dstdir, tmp_dir, "none", MS_BIND, NULL) != 0) {
|
||||
- SYSERROR("Mount safe dir failed");
|
||||
- if (util_path_remove(tmp_dir) != 0) {
|
||||
- ERROR("Failed to remove path %s", tmp_dir);
|
||||
- }
|
||||
- return -1;
|
||||
- }
|
||||
-
|
||||
- if (mount(tmp_dir, tmp_dir, "none", MS_BIND | MS_REMOUNT | MS_NOEXEC, NULL) != 0) {
|
||||
- SYSERROR("Mount safe dir failed");
|
||||
- if (umount(tmp_dir) != 0) {
|
||||
- ERROR("Failed to umount target %s", tmp_dir);
|
||||
- }
|
||||
+ if (bind_mount_with_flock(flock_path, dstdir, tmp_dir) != 0) {
|
||||
+ ERROR("Failed to bind mount from %s to %s with flock", dstdir, tmp_dir);
|
||||
if (util_path_remove(tmp_dir) != 0) {
|
||||
ERROR("Failed to remove path %s", tmp_dir);
|
||||
}
|
||||
@@ -723,7 +790,7 @@ static void set_child_process_pdeathsig(void)
|
||||
}
|
||||
|
||||
int archive_unpack(const struct io_read_wrapper *content, const char *dstdir, const struct archive_options *options,
|
||||
- char **errmsg)
|
||||
+ const char *root_dir, char **errmsg)
|
||||
{
|
||||
int ret = 0;
|
||||
pid_t pid = -1;
|
||||
@@ -731,12 +798,24 @@ int archive_unpack(const struct io_read_wrapper *content, const char *dstdir, co
|
||||
int pipe_stderr[2] = { -1, -1 };
|
||||
char errbuf[BUFSIZ + 1] = { 0 };
|
||||
char *safe_dir = NULL;
|
||||
+ char *flock_path = NULL;
|
||||
|
||||
- if (make_safedir_is_noexec(dstdir, &safe_dir) != 0) {
|
||||
- ERROR("Prepare safe dir failed");
|
||||
+ if (content == NULL || dstdir == NULL || options == NULL || root_dir == NULL) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
+ flock_path = generate_flock_path(root_dir);
|
||||
+ if (flock_path == NULL) {
|
||||
+ ERROR("Failed to generate flock path");
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if (make_safedir_is_noexec(flock_path, dstdir, &safe_dir) != 0) {
|
||||
+ ERROR("Prepare safe dir failed");
|
||||
+ ret = -1;
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
if (pipe2(pipe_stderr, O_CLOEXEC) != 0) {
|
||||
ERROR("Failed to create pipe");
|
||||
ret = -1;
|
||||
@@ -816,6 +895,7 @@ cleanup:
|
||||
ERROR("Failed to remove path %s", safe_dir);
|
||||
}
|
||||
free(safe_dir);
|
||||
+ free(flock_path);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -1126,7 +1206,7 @@ static ssize_t fd_write(void *context, const void *data, size_t len)
|
||||
return util_write_nointr(*(int *)context, data, len);
|
||||
}
|
||||
|
||||
-int archive_chroot_tar(char *path, char *file, char **errmsg)
|
||||
+int archive_chroot_tar(const char *path, const char *file, const char *root_dir, char **errmsg)
|
||||
{
|
||||
struct io_write_wrapper pipe_context = { 0 };
|
||||
int ret = 0;
|
||||
@@ -1136,12 +1216,24 @@ int archive_chroot_tar(char *path, char *file, char **errmsg)
|
||||
char errbuf[BUFSIZ + 1] = { 0 };
|
||||
int fd = 0;
|
||||
char *safe_dir = NULL;
|
||||
+ char *flock_path = NULL;
|
||||
|
||||
- if (make_safedir_is_noexec(path, &safe_dir) != 0) {
|
||||
- ERROR("Prepare safe dir failed");
|
||||
+ if (path == NULL || file == NULL || root_dir == NULL) {
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ flock_path = generate_flock_path(root_dir);
|
||||
+ if (flock_path == NULL) {
|
||||
+ ERROR("Failed to generate flock path");
|
||||
return -1;
|
||||
}
|
||||
|
||||
+ if (make_safedir_is_noexec(flock_path, path, &safe_dir) != 0) {
|
||||
+ ERROR("Prepare safe dir failed");
|
||||
+ ret = -1;
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
if (pipe2(pipe_for_read, O_CLOEXEC) != 0) {
|
||||
ERROR("Failed to create pipe");
|
||||
ret = -1;
|
||||
@@ -1232,6 +1324,7 @@ cleanup:
|
||||
ERROR("Failed to remove path %s", safe_dir);
|
||||
}
|
||||
free(safe_dir);
|
||||
+ free(flock_path);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -1352,7 +1445,7 @@ static int archive_context_close(void *context, char **err)
|
||||
}
|
||||
|
||||
int archive_chroot_untar_stream(const struct io_read_wrapper *context, const char *chroot_dir, const char *untar_dir,
|
||||
- const char *src_base, const char *dst_base, char **errmsg)
|
||||
+ const char *src_base, const char *dst_base, const char *root_dir, char **errmsg)
|
||||
{
|
||||
struct io_read_wrapper pipe_context = { 0 };
|
||||
int pipe_stream[2] = { -1, -1 };
|
||||
@@ -1370,12 +1463,19 @@ int archive_chroot_untar_stream(const struct io_read_wrapper *context, const cha
|
||||
.dst_base = dst_base
|
||||
};
|
||||
char *safe_dir = NULL;
|
||||
+ char *flock_path = NULL;
|
||||
|
||||
- if (make_safedir_is_noexec(chroot_dir, &safe_dir) != 0) {
|
||||
- ERROR("Prepare safe dir failed");
|
||||
+ flock_path = generate_flock_path(root_dir);
|
||||
+ if (flock_path == NULL) {
|
||||
+ ERROR("Failed to generate flock path");
|
||||
return -1;
|
||||
}
|
||||
|
||||
+ if (make_safedir_is_noexec(flock_path, chroot_dir, &safe_dir) != 0) {
|
||||
+ ERROR("Prepare safe dir failed");
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
if (pipe(pipe_stderr) != 0) {
|
||||
ERROR("Failed to create pipe: %s", strerror(errno));
|
||||
goto cleanup;
|
||||
@@ -1483,12 +1583,13 @@ cleanup:
|
||||
ERROR("Failed to remove path %s", safe_dir);
|
||||
}
|
||||
free(safe_dir);
|
||||
+ free(flock_path);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int archive_chroot_tar_stream(const char *chroot_dir, const char *tar_path, const char *src_base, const char *dst_base,
|
||||
- struct io_read_wrapper *reader)
|
||||
+ const char *root_dir, struct io_read_wrapper *reader)
|
||||
{
|
||||
struct io_write_wrapper pipe_context = { 0 };
|
||||
int keepfds[] = { -1, -1, -1 };
|
||||
@@ -1498,12 +1599,19 @@ int archive_chroot_tar_stream(const char *chroot_dir, const char *tar_path, cons
|
||||
pid_t pid;
|
||||
struct archive_context *ctx = NULL;
|
||||
char *safe_dir = NULL;
|
||||
+ char *flock_path = NULL;
|
||||
|
||||
- if (make_safedir_is_noexec(chroot_dir, &safe_dir) != 0) {
|
||||
- ERROR("Prepare safe dir failed");
|
||||
+ flock_path = generate_flock_path(root_dir);
|
||||
+ if (flock_path == NULL) {
|
||||
+ ERROR("Failed to generate flock path");
|
||||
return -1;
|
||||
}
|
||||
|
||||
+ if (make_safedir_is_noexec(flock_path, chroot_dir, &safe_dir) != 0) {
|
||||
+ ERROR("Prepare safe dir failed");
|
||||
+ goto free_out;
|
||||
+ }
|
||||
+
|
||||
if (pipe(pipe_stderr) != 0) {
|
||||
ERROR("Failed to create pipe: %s", strerror(errno));
|
||||
goto free_out;
|
||||
@@ -1607,6 +1715,7 @@ free_out:
|
||||
close_archive_pipes_fd(pipe_stderr, 2);
|
||||
close_archive_pipes_fd(pipe_stream, 2);
|
||||
free(ctx);
|
||||
+ free(flock_path);
|
||||
if (safe_dir != NULL) {
|
||||
if (umount(safe_dir) != 0) {
|
||||
ERROR("Failed to umount target %s", safe_dir);
|
||||
@@ -1848,4 +1957,4 @@ int archive_copy_oci_tar_split_and_ret_size(int src_fd, const char *dist_file, i
|
||||
}
|
||||
|
||||
return foreach_archive_entry(archive_entry_parse, src_fd, dist_file, ret_size);
|
||||
-}
|
||||
\ No newline at end of file
|
||||
+}
|
||||
diff --git a/src/utils/tar/util_archive.h b/src/utils/tar/util_archive.h
|
||||
index 5cc2c5ec..8f0ab2a4 100644
|
||||
--- a/src/utils/tar/util_archive.h
|
||||
+++ b/src/utils/tar/util_archive.h
|
||||
@@ -45,17 +45,17 @@ struct archive_options {
|
||||
};
|
||||
|
||||
int archive_unpack(const struct io_read_wrapper *content, const char *dstdir, const struct archive_options *options,
|
||||
- char **errmsg);
|
||||
+ const char *root_dir, char **errmsg);
|
||||
|
||||
bool valid_archive_format(const char *file);
|
||||
|
||||
-int archive_chroot_tar(char *path, char *file, char **errmsg);
|
||||
+int archive_chroot_tar(const char *path, const char *file, const char *root_dir, char **errmsg);
|
||||
|
||||
int archive_chroot_tar_stream(const char *chroot_dir, const char *tar_path, const char *src_base,
|
||||
- const char *dst_base, struct io_read_wrapper *content);
|
||||
+ const char *dst_base, const char *root_dir, struct io_read_wrapper *content);
|
||||
int archive_chroot_untar_stream(const struct io_read_wrapper *content, const char *chroot_dir,
|
||||
const char *untar_dir, const char *src_base, const char *dst_base,
|
||||
- char **errmsg);
|
||||
+ const char *root_dir, char **errmsg);
|
||||
|
||||
int archive_copy_oci_tar_split_and_ret_size(int src_fd, const char *dist_file, int64_t *ret_size);
|
||||
|
||||
--
|
||||
2.40.1
|
||||
|
||||
1054
0006-2168-fix-code-bug.patch
Normal file
1054
0006-2168-fix-code-bug.patch
Normal file
File diff suppressed because it is too large
Load Diff
1807
0007-2171-Fix-nullptr-in-src-daemon-entry.patch
Normal file
1807
0007-2171-Fix-nullptr-in-src-daemon-entry.patch
Normal file
File diff suppressed because it is too large
Load Diff
1123
0008-Add-vsock-support-for-exec.patch
Normal file
1123
0008-Add-vsock-support-for-exec.patch
Normal file
File diff suppressed because it is too large
Load Diff
2669
0009-remove-unneccessary-strerror.patch
Normal file
2669
0009-remove-unneccessary-strerror.patch
Normal file
File diff suppressed because it is too large
Load Diff
358
0010-do-not-report-low-level-error-to-user.patch
Normal file
358
0010-do-not-report-low-level-error-to-user.patch
Normal file
@ -0,0 +1,358 @@
|
||||
From ab03fdd4261ebc11f18e3b783dfc38558e5247b5 Mon Sep 17 00:00:00 2001
|
||||
From: haozi007 <liuhao27@huawei.com>
|
||||
Date: Wed, 6 Sep 2023 10:45:37 +0800
|
||||
Subject: [PATCH 10/33] do not report low level error to user
|
||||
|
||||
Signed-off-by: haozi007 <liuhao27@huawei.com>
|
||||
---
|
||||
src/daemon/entry/cri/cri_helpers.cc | 4 ++--
|
||||
.../v1alpha/cri_container_manager_service.cc | 3 ++-
|
||||
src/daemon/executor/container_cb/execution.c | 4 ++--
|
||||
.../executor/container_cb/execution_network.c | 17 ++++++++---------
|
||||
.../executor/container_cb/execution_stream.c | 4 ++--
|
||||
src/daemon/modules/container/container_unix.c | 2 +-
|
||||
src/daemon/modules/image/external/ext_image.c | 4 ++--
|
||||
src/daemon/modules/image/oci/oci_load.c | 2 +-
|
||||
.../modules/runtime/engines/lcr/lcr_rt_ops.c | 3 +--
|
||||
src/daemon/modules/service/service_container.c | 2 +-
|
||||
src/daemon/modules/spec/verify.c | 2 +-
|
||||
src/daemon/modules/volume/local.c | 8 ++++----
|
||||
src/utils/tar/isulad_tar.c | 16 ++++++++--------
|
||||
src/utils/tar/util_archive.c | 12 ++++++------
|
||||
14 files changed, 41 insertions(+), 42 deletions(-)
|
||||
|
||||
diff --git a/src/daemon/entry/cri/cri_helpers.cc b/src/daemon/entry/cri/cri_helpers.cc
|
||||
index a80ec7d0..2e1096f5 100644
|
||||
--- a/src/daemon/entry/cri/cri_helpers.cc
|
||||
+++ b/src/daemon/entry/cri/cri_helpers.cc
|
||||
@@ -540,8 +540,8 @@ void RemoveContainerLogSymlink(const std::string &containerID, Errors &error)
|
||||
if (path != nullptr) {
|
||||
// Only remove the symlink when container log path is specified.
|
||||
if (util_path_remove(path) != 0 && errno != ENOENT) {
|
||||
- error.Errorf("Failed to remove container %s log symlink %s: %s", containerID.c_str(), path,
|
||||
- strerror(errno));
|
||||
+ SYSERROR("Failed to remove container %s log symlink %s.", containerID.c_str(), path);
|
||||
+ error.Errorf("Failed to remove container %s log symlink %s.", containerID.c_str(), path);
|
||||
goto cleanup;
|
||||
}
|
||||
}
|
||||
diff --git a/src/daemon/entry/cri/v1alpha/cri_container_manager_service.cc b/src/daemon/entry/cri/v1alpha/cri_container_manager_service.cc
|
||||
index b4faab95..013b938a 100644
|
||||
--- a/src/daemon/entry/cri/v1alpha/cri_container_manager_service.cc
|
||||
+++ b/src/daemon/entry/cri/v1alpha/cri_container_manager_service.cc
|
||||
@@ -547,8 +547,9 @@ void ContainerManagerService::CreateContainerLogSymlink(const std::string &conta
|
||||
WARN("Deleted previously existing symlink file: %s", path);
|
||||
}
|
||||
if (symlink(realPath, path) != 0) {
|
||||
+ SYSERROR("failed to create symbolic link %s to the container log file %s for container %s", path, realPath, containerID.c_str());
|
||||
error.Errorf("failed to create symbolic link %s to the container log file %s for container %s: %s", path,
|
||||
- realPath, containerID.c_str(), strerror(errno));
|
||||
+ realPath, containerID.c_str());
|
||||
goto cleanup;
|
||||
}
|
||||
} else {
|
||||
diff --git a/src/daemon/executor/container_cb/execution.c b/src/daemon/executor/container_cb/execution.c
|
||||
index d3571b7f..63d8143c 100644
|
||||
--- a/src/daemon/executor/container_cb/execution.c
|
||||
+++ b/src/daemon/executor/container_cb/execution.c
|
||||
@@ -345,13 +345,13 @@ static int maybe_create_cpu_realtime_file(int64_t value, const char *file, const
|
||||
fd = util_open(fpath, O_WRONLY | O_TRUNC | O_CREAT | O_CLOEXEC, 0700);
|
||||
if (fd < 0) {
|
||||
SYSERROR("Failed to open file: %s.", fpath);
|
||||
- isulad_set_error_message("Failed to open file: %s: %s", fpath, strerror(errno));
|
||||
+ isulad_set_error_message("Failed to open file: %s.", fpath);
|
||||
return -1;
|
||||
}
|
||||
nwrite = util_write_nointr(fd, buf, strlen(buf));
|
||||
if (nwrite < 0 || (size_t)nwrite != strlen(buf)) {
|
||||
SYSERROR("Failed to write %s to %s.", buf, fpath);
|
||||
- isulad_set_error_message("Failed to write '%s' to '%s': %s", buf, fpath, strerror(errno));
|
||||
+ isulad_set_error_message("Failed to write '%s' to '%s'.", buf, fpath);
|
||||
return -1;
|
||||
}
|
||||
|
||||
diff --git a/src/daemon/executor/container_cb/execution_network.c b/src/daemon/executor/container_cb/execution_network.c
|
||||
index ce924332..a145e33a 100644
|
||||
--- a/src/daemon/executor/container_cb/execution_network.c
|
||||
+++ b/src/daemon/executor/container_cb/execution_network.c
|
||||
@@ -68,8 +68,8 @@ static int write_hostname_to_file(const char *rootfs, const char *hostname)
|
||||
|
||||
ret = util_write_file(file_path, hostname, strlen(hostname), NETWORK_MOUNT_FILE_MODE);
|
||||
if (ret) {
|
||||
- SYSERROR("Failed to write %s", file_path);
|
||||
- isulad_set_error_message("Failed to write %s: %s", file_path, strerror(errno));
|
||||
+ SYSERROR("Failed to write %s.", file_path);
|
||||
+ isulad_set_error_message("Failed to write %s.", file_path);
|
||||
goto out;
|
||||
}
|
||||
|
||||
@@ -97,8 +97,8 @@ static int fopen_network(FILE **fp, char **file_path, const char *rootfs, const
|
||||
|
||||
*fp = util_fopen(*file_path, "a+");
|
||||
if (*fp == NULL) {
|
||||
- SYSERROR("Failed to open %s", *file_path);
|
||||
- isulad_set_error_message("Failed to open %s: %s", *file_path, strerror(errno));
|
||||
+ SYSERROR("Failed to open %s.", *file_path);
|
||||
+ isulad_set_error_message("Failed to open %s.", *file_path);
|
||||
return -1;
|
||||
}
|
||||
return 0;
|
||||
@@ -169,8 +169,8 @@ static int write_content_to_file(const char *file_path, const char *content)
|
||||
if (content != NULL) {
|
||||
ret = util_write_file(file_path, content, strlen(content), NETWORK_MOUNT_FILE_MODE);
|
||||
if (ret != 0) {
|
||||
- SYSERROR("Failed to write file %s", file_path);
|
||||
- isulad_set_error_message("Failed to write file %s: %s", file_path, strerror(errno));
|
||||
+ SYSERROR("Failed to write file %s.", file_path);
|
||||
+ isulad_set_error_message("Failed to write file %s.", file_path);
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
@@ -702,9 +702,8 @@ static int chown_network(const char *user_remap, const char *rootfs, const char
|
||||
goto out;
|
||||
}
|
||||
if (chown(file_path, host_uid, host_gid) != 0) {
|
||||
- SYSERROR("Failed to chown network file '%s' to %u:%u", filename, host_uid, host_gid);
|
||||
- isulad_set_error_message("Failed to chown network file '%s' to %u:%u: %s", filename, host_uid, host_gid,
|
||||
- strerror(errno));
|
||||
+ SYSERROR("Failed to chown network file '%s' to %u:%u.", filename, host_uid, host_gid);
|
||||
+ isulad_set_error_message("Failed to chown network file '%s' to %u:%u.", filename, host_uid, host_gid);
|
||||
ret = -1;
|
||||
goto out;
|
||||
}
|
||||
diff --git a/src/daemon/executor/container_cb/execution_stream.c b/src/daemon/executor/container_cb/execution_stream.c
|
||||
index 7e84cca3..aae9c234 100644
|
||||
--- a/src/daemon/executor/container_cb/execution_stream.c
|
||||
+++ b/src/daemon/executor/container_cb/execution_stream.c
|
||||
@@ -536,7 +536,7 @@ static container_path_stat *do_container_stat_path(const char *rootpath, const c
|
||||
nret = lstat(resolvedpath, &st);
|
||||
if (nret < 0) {
|
||||
SYSERROR("lstat %s failed.", resolvedpath);
|
||||
- isulad_set_error_message("lstat %s: %s", resolvedpath, strerror(errno));
|
||||
+ isulad_set_error_message("lstat %s failed.", resolvedpath);
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
@@ -922,7 +922,7 @@ static int copy_to_container_check_path_valid(const container_t *cont, const cha
|
||||
nret = lstat(resolvedpath, &st);
|
||||
if (nret < 0) {
|
||||
SYSERROR("lstat %s failed", resolvedpath);
|
||||
- isulad_set_error_message("lstat %s: %s", resolvedpath, strerror(errno));
|
||||
+ isulad_set_error_message("lstat %s failed", resolvedpath);
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
diff --git a/src/daemon/modules/container/container_unix.c b/src/daemon/modules/container/container_unix.c
|
||||
index e8c98441..fa53a85f 100644
|
||||
--- a/src/daemon/modules/container/container_unix.c
|
||||
+++ b/src/daemon/modules/container/container_unix.c
|
||||
@@ -518,7 +518,7 @@ static int save_json_config_file(const char *id, const char *rootpath, const cha
|
||||
nret = util_atomic_write_file(filename, json_data, strlen(json_data), CONFIG_FILE_MODE, false);
|
||||
if (nret != 0) {
|
||||
SYSERROR("Write file %s failed.", filename);
|
||||
- isulad_set_error_message("Write file '%s' failed: %s", filename, strerror(errno));
|
||||
+ isulad_set_error_message("Write file '%s' failed.", filename);
|
||||
ret = -1;
|
||||
}
|
||||
|
||||
diff --git a/src/daemon/modules/image/external/ext_image.c b/src/daemon/modules/image/external/ext_image.c
|
||||
index 10af82a3..e1706469 100644
|
||||
--- a/src/daemon/modules/image/external/ext_image.c
|
||||
+++ b/src/daemon/modules/image/external/ext_image.c
|
||||
@@ -65,8 +65,8 @@ int ext_prepare_rf(const im_prepare_request *request, char **real_rootfs)
|
||||
return -1;
|
||||
}
|
||||
if (realpath(request->rootfs, real_path) == NULL) {
|
||||
- SYSERROR("Failed to clean rootfs path '%s'", request->rootfs);
|
||||
- isulad_set_error_message("Failed to clean rootfs path '%s': %s", request->rootfs, strerror(errno));
|
||||
+ SYSERROR("Failed to clean rootfs path '%s'.", request->rootfs);
|
||||
+ isulad_set_error_message("Failed to clean rootfs path '%s'.", request->rootfs);
|
||||
return -1;
|
||||
}
|
||||
*real_rootfs = util_strdup_s(real_path);
|
||||
diff --git a/src/daemon/modules/image/oci/oci_load.c b/src/daemon/modules/image/oci/oci_load.c
|
||||
index d2efab81..5511a70c 100644
|
||||
--- a/src/daemon/modules/image/oci/oci_load.c
|
||||
+++ b/src/daemon/modules/image/oci/oci_load.c
|
||||
@@ -1046,7 +1046,7 @@ static char *oci_load_path_create()
|
||||
|
||||
if (mkdtemp(tmp_dir) == NULL) {
|
||||
SYSERROR("make temporary dir failed");
|
||||
- isulad_try_set_error_message("make temporary dir failed: %s", strerror(errno));
|
||||
+ isulad_try_set_error_message("make temporary dir failed");
|
||||
ret = -1;
|
||||
goto out;
|
||||
}
|
||||
diff --git a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
|
||||
index e985cfc1..f61316d0 100644
|
||||
--- a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
|
||||
+++ b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
|
||||
@@ -209,9 +209,8 @@ static int remove_container_rootpath(const char *id, const char *root_path)
|
||||
}
|
||||
ret = util_recursive_rmdir(cont_root_path, 0);
|
||||
if (ret != 0) {
|
||||
- const char *tmp_err = (errno != 0) ? strerror(errno) : "error";
|
||||
SYSERROR("Failed to delete container's root directory %s.", cont_root_path);
|
||||
- isulad_set_error_message("Failed to delete container's root directory %s: %s", cont_root_path, tmp_err);
|
||||
+ isulad_set_error_message("Failed to delete container's root directory %s.", cont_root_path);
|
||||
ret = -1;
|
||||
goto out;
|
||||
}
|
||||
diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
|
||||
index 483670de..370ba059 100644
|
||||
--- a/src/daemon/modules/service/service_container.c
|
||||
+++ b/src/daemon/modules/service/service_container.c
|
||||
@@ -596,7 +596,7 @@ static int valid_mount_point(container_config_v2_common_config_mount_points_elem
|
||||
|
||||
if (lstat(mp->source, &st) != 0) {
|
||||
SYSERROR("lstat %s failed", mp->source);
|
||||
- isulad_set_error_message("lstat %s: %s", mp->source, strerror(errno));
|
||||
+ isulad_set_error_message("lstat %s failed", mp->source);
|
||||
return -1;
|
||||
}
|
||||
|
||||
diff --git a/src/daemon/modules/spec/verify.c b/src/daemon/modules/spec/verify.c
|
||||
index 6180b887..92029cbd 100644
|
||||
--- a/src/daemon/modules/spec/verify.c
|
||||
+++ b/src/daemon/modules/spec/verify.c
|
||||
@@ -1536,7 +1536,7 @@ static int verify_custom_mount(defs_mount **mounts, size_t len)
|
||||
if (!util_file_exists(iter->source) && util_mkdir_p(iter->source, mode)) {
|
||||
#endif
|
||||
SYSERROR("Failed to create directory '%s'", iter->source);
|
||||
- isulad_try_set_error_message("Failed to create directory '%s': %s", iter->source, strerror(errno));
|
||||
+ isulad_try_set_error_message("Failed to create directory '%s'", iter->source);
|
||||
ret = -1;
|
||||
goto out;
|
||||
}
|
||||
diff --git a/src/daemon/modules/volume/local.c b/src/daemon/modules/volume/local.c
|
||||
index 7f95757d..6c3354dc 100644
|
||||
--- a/src/daemon/modules/volume/local.c
|
||||
+++ b/src/daemon/modules/volume/local.c
|
||||
@@ -556,15 +556,15 @@ static int remove_volume_dir(char *path)
|
||||
// remain untouched if we remove the data directory failed.
|
||||
ret = util_recursive_rmdir(path, 0);
|
||||
if (ret != 0) {
|
||||
- SYSERROR("failed to remove volume data dir %s", path);
|
||||
- isulad_try_set_error_message("failed to remove volume data dir %s: %s", path, strerror(errno));
|
||||
+ SYSERROR("failed to remove volume data dir %s.", path);
|
||||
+ isulad_try_set_error_message("failed to remove volume data dir %s.", path);
|
||||
goto out;
|
||||
}
|
||||
|
||||
ret = util_recursive_rmdir(vol_dir, 0);
|
||||
if (ret != 0) {
|
||||
- SYSERROR("failed to remove volume dir %s", vol_dir);
|
||||
- isulad_try_set_error_message("failed to remove volume dir %s: %s", vol_dir, strerror(errno));
|
||||
+ SYSERROR("failed to remove volume dir %s.", vol_dir);
|
||||
+ isulad_try_set_error_message("failed to remove volume dir %s.", vol_dir);
|
||||
goto out;
|
||||
}
|
||||
|
||||
diff --git a/src/utils/tar/isulad_tar.c b/src/utils/tar/isulad_tar.c
|
||||
index 7218cca8..bffbb43b 100644
|
||||
--- a/src/utils/tar/isulad_tar.c
|
||||
+++ b/src/utils/tar/isulad_tar.c
|
||||
@@ -114,7 +114,7 @@ static int resolve_host_source_path(const char *path, bool follow_link, char **r
|
||||
if (follow_link) {
|
||||
if (realpath(path, real_path) == NULL) {
|
||||
SYSERROR("Can not get real path of %s.", real_path);
|
||||
- format_errorf(err, "Can not get real path of %s: %s", real_path, strerror(errno));
|
||||
+ format_errorf(err, "Can not get real path of %s.", real_path);
|
||||
return -1;
|
||||
}
|
||||
nret = get_rebase_name(path, real_path, resolved_path, rebase_name);
|
||||
@@ -131,7 +131,7 @@ static int resolve_host_source_path(const char *path, bool follow_link, char **r
|
||||
}
|
||||
if (realpath(dirpath, real_path) == NULL) {
|
||||
SYSERROR("Can not get real path of %s.", dirpath);
|
||||
- format_errorf(err, "Can not get real path of %s: %s", dirpath, strerror(errno));
|
||||
+ format_errorf(err, "Can not get real path of %s.", dirpath);
|
||||
goto cleanup;
|
||||
}
|
||||
nret = snprintf(resolved, sizeof(resolved), "%s/%s", real_path, basepath);
|
||||
@@ -192,7 +192,7 @@ struct archive_copy_info *copy_info_source_path(const char *path, bool follow_li
|
||||
nret = lstat(resolved_path, &st);
|
||||
if (nret < 0) {
|
||||
SYSERROR("lstat %s failed", resolved_path);
|
||||
- format_errorf(err, "lstat %s: %s", resolved_path, strerror(errno));
|
||||
+ format_errorf(err, "lstat %s failed", resolved_path);
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
@@ -225,8 +225,8 @@ static int copy_info_destination_path_ret(struct archive_copy_info *info, struct
|
||||
|
||||
ret = (int)readlink(iter_path, target, PATH_MAX);
|
||||
if (ret < 0) {
|
||||
- SYSERROR("Failed to read link of %s", iter_path);
|
||||
- format_errorf(err, "Failed to read link of %s: %s", iter_path, strerror(errno));
|
||||
+ SYSERROR("Failed to read link of %s.", iter_path);
|
||||
+ format_errorf(err, "Failed to read link of %s.", iter_path);
|
||||
goto cleanup;
|
||||
}
|
||||
// is not absolutely path
|
||||
@@ -258,8 +258,8 @@ static int copy_info_destination_path_ret(struct archive_copy_info *info, struct
|
||||
if (ret != 0) {
|
||||
char *dst_parent = NULL;
|
||||
if (errno != ENOENT) {
|
||||
- SYSERROR("Can not stat %s", iter_path);
|
||||
- format_errorf(err, "Can not stat %s: %s", iter_path, strerror(errno));
|
||||
+ SYSERROR("Can not stat %s.", iter_path);
|
||||
+ format_errorf(err, "Can not stat %s.", iter_path);
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
@@ -429,7 +429,7 @@ static int tar_resource_rebase(const char *path, const char *rebase, const char
|
||||
|
||||
if (lstat(path, &st) < 0) {
|
||||
SYSERROR("lstat %s failed", path);
|
||||
- format_errorf(err, "lstat %s: %s", path, strerror(errno));
|
||||
+ format_errorf(err, "lstat %s failed", path);
|
||||
return -1;
|
||||
}
|
||||
if (util_split_path_dir_entry(path, &srcdir, &srcbase) < 0) {
|
||||
diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c
|
||||
index f34572ae..82194654 100644
|
||||
--- a/src/utils/tar/util_archive.c
|
||||
+++ b/src/utils/tar/util_archive.c
|
||||
@@ -257,8 +257,8 @@ static int do_safe_chroot(const char *dstdir)
|
||||
prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
|
||||
|
||||
if (chroot(dstdir) != 0) {
|
||||
- SYSERROR("Failed to chroot to %s", dstdir);
|
||||
- fprintf(stderr, "Failed to chroot to %s: %s", dstdir, strerror(errno));
|
||||
+ SYSERROR("Failed to chroot to %s.", dstdir);
|
||||
+ fprintf(stderr, "Failed to chroot to %s.", dstdir);
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -846,15 +846,15 @@ int archive_unpack(const struct io_read_wrapper *content, const char *dstdir, co
|
||||
}
|
||||
|
||||
if (do_safe_chroot(safe_dir) != 0) {
|
||||
- SYSERROR("Failed to chroot to %s", safe_dir);
|
||||
- fprintf(stderr, "Failed to chroot to %s: %s", safe_dir, strerror(errno));
|
||||
+ SYSERROR("Failed to chroot to %s.", safe_dir);
|
||||
+ fprintf(stderr, "Failed to chroot to %s.", safe_dir);
|
||||
ret = -1;
|
||||
goto child_out;
|
||||
}
|
||||
|
||||
if (chdir("/") != 0) {
|
||||
SYSERROR("Failed to chroot to /");
|
||||
- fprintf(stderr, "Failed to chroot to /: %s", strerror(errno));
|
||||
+ fprintf(stderr, "Failed to chroot to /");
|
||||
ret = -1;
|
||||
goto child_out;
|
||||
}
|
||||
@@ -1253,7 +1253,7 @@ int archive_chroot_tar(const char *path, const char *file, const char *root_dir,
|
||||
fd = open(file, TAR_DEFAULT_FLAG, TAR_DEFAULT_MODE);
|
||||
if (fd < 0) {
|
||||
SYSERROR("Failed to open file %s for export", file);
|
||||
- fprintf(stderr, "Failed to open file %s for export: %s\n", file, strerror(errno));
|
||||
+ fprintf(stderr, "Failed to open file %s for export\n", file);
|
||||
ret = -1;
|
||||
goto child_out;
|
||||
}
|
||||
--
|
||||
2.40.1
|
||||
|
||||
891
0011-remove-usage-of-strerror-with-user-defined-errno.patch
Normal file
891
0011-remove-usage-of-strerror-with-user-defined-errno.patch
Normal file
@ -0,0 +1,891 @@
|
||||
From 16a4b6f334e4e81615a71cf7930158fb1bee5a12 Mon Sep 17 00:00:00 2001
|
||||
From: haozi007 <liuhao27@huawei.com>
|
||||
Date: Wed, 6 Sep 2023 15:05:29 +0800
|
||||
Subject: [PATCH 11/33] remove usage of strerror with user defined errno
|
||||
|
||||
Signed-off-by: haozi007 <liuhao27@huawei.com>
|
||||
---
|
||||
src/cmd/command_parser.c | 12 ++++++----
|
||||
src/cmd/isula/base/create.c | 3 ++-
|
||||
src/cmd/isula/isula_host_spec.c | 9 ++++---
|
||||
src/cmd/isulad/main.c | 8 ++++---
|
||||
src/cmd/options/opt_ulimit.c | 6 +++--
|
||||
src/daemon/entry/cri/cni_network_plugin.cc | 9 ++++---
|
||||
src/daemon/entry/cri/sysctl_tools.c | 14 +++++++----
|
||||
.../v1/v1_cri_container_manager_service.cc | 4 ++--
|
||||
.../v1/v1_cri_pod_sandbox_manager_service.cc | 3 ++-
|
||||
src/daemon/executor/network_cb/network_cb.c | 6 +++--
|
||||
src/daemon/modules/image/oci/oci_image.c | 6 +++--
|
||||
.../oci/storage/image_store/image_store.c | 6 +++--
|
||||
.../graphdriver/devmapper/deviceset.c | 19 +++++++++------
|
||||
.../storage/layer_store/graphdriver/driver.c | 9 ++++---
|
||||
.../graphdriver/overlay2/driver_overlay2.c | 17 ++++++++-----
|
||||
.../oci/storage/layer_store/layer_store.c | 6 +++--
|
||||
.../remote_layer_support/remote_support.c | 6 +++--
|
||||
.../oci/storage/rootfs_store/rootfs_store.c | 6 +++--
|
||||
.../modules/image/oci/storage/storage.c | 6 +++--
|
||||
.../cni_operator/libcni/invoke/libcni_errno.c | 8 -------
|
||||
.../cni_operator/libcni/invoke/libcni_errno.h | 2 --
|
||||
.../cni_operator/libcni/libcni_cached.c | 3 ++-
|
||||
.../modules/network/native/adaptor_native.c | 17 ++++++++-----
|
||||
src/daemon/modules/plugin/plugin.c | 24 ++++++++++++-------
|
||||
src/daemon/modules/service/service_network.c | 6 ++---
|
||||
src/daemon/sandbox/sandbox.cc | 8 ++++---
|
||||
src/utils/cutils/network_namespace.c | 3 ++-
|
||||
src/utils/cutils/utils_file.c | 4 +++-
|
||||
28 files changed, 144 insertions(+), 86 deletions(-)
|
||||
|
||||
diff --git a/src/cmd/command_parser.c b/src/cmd/command_parser.c
|
||||
index ac353b40..1ad1d92b 100644
|
||||
--- a/src/cmd/command_parser.c
|
||||
+++ b/src/cmd/command_parser.c
|
||||
@@ -546,7 +546,8 @@ int command_convert_u16(command_option_t *option, const char *arg)
|
||||
}
|
||||
ret = util_safe_u16(arg, option->data);
|
||||
if (ret != 0) {
|
||||
- COMMAND_ERROR("Invalid value \"%s\" for flag --%s: %s", arg, option->large, strerror(-ret));
|
||||
+ errno = -ret;
|
||||
+ CMD_SYSERROR("Invalid value \"%s\" for flag --%s", arg, option->large);
|
||||
return EINVALIDARGS;
|
||||
}
|
||||
return 0;
|
||||
@@ -561,7 +562,8 @@ int command_convert_llong(command_option_t *opt, const char *arg)
|
||||
}
|
||||
ret = util_safe_llong(arg, opt->data);
|
||||
if (ret != 0) {
|
||||
- COMMAND_ERROR("Invalid value \"%s\" for flag --%s: %s", arg, opt->large, strerror(-ret));
|
||||
+ errno = -ret;
|
||||
+ CMD_SYSERROR("Invalid value \"%s\" for flag --%s", arg, opt->large);
|
||||
return EINVALIDARGS;
|
||||
}
|
||||
return 0;
|
||||
@@ -575,7 +577,8 @@ int command_convert_uint(command_option_t *opt, const char *arg)
|
||||
}
|
||||
ret = util_safe_uint(arg, opt->data);
|
||||
if (ret != 0) {
|
||||
- COMMAND_ERROR("Invalid value \"%s\" for flag --%s: %s", arg, opt->large, strerror(-ret));
|
||||
+ errno = -ret;
|
||||
+ CMD_SYSERROR("Invalid value \"%s\" for flag --%s", arg, opt->large);
|
||||
return EINVALIDARGS;
|
||||
}
|
||||
return 0;
|
||||
@@ -590,7 +593,8 @@ int command_convert_int(command_option_t *option, const char *arg)
|
||||
}
|
||||
ret = util_safe_int(arg, option->data);
|
||||
if (ret != 0) {
|
||||
- COMMAND_ERROR("Invalid value \"%s\" for flag --%s: %s", arg, option->large, strerror(-ret));
|
||||
+ errno = -ret;
|
||||
+ CMD_SYSERROR("Invalid value \"%s\" for flag --%s", arg, option->large);
|
||||
return EINVALIDARGS;
|
||||
}
|
||||
return 0;
|
||||
diff --git a/src/cmd/isula/base/create.c b/src/cmd/isula/base/create.c
|
||||
index aa90c5d6..cd0d4abd 100644
|
||||
--- a/src/cmd/isula/base/create.c
|
||||
+++ b/src/cmd/isula/base/create.c
|
||||
@@ -2032,7 +2032,8 @@ static int create_check_hugetlbs(const struct client_arguments *args)
|
||||
}
|
||||
ret = util_parse_byte_size_string(limit, &limitvalue);
|
||||
if (ret != 0) {
|
||||
- COMMAND_ERROR("Invalid hugetlb limit:%s:%s", limit, strerror(-ret));
|
||||
+ errno = -ret;
|
||||
+ CMD_SYSERROR("Invalid hugetlb limit:%s", limit);
|
||||
free(dup);
|
||||
ret = -1;
|
||||
goto out;
|
||||
diff --git a/src/cmd/isula/isula_host_spec.c b/src/cmd/isula/isula_host_spec.c
|
||||
index 9fa08bd2..6f39588d 100644
|
||||
--- a/src/cmd/isula/isula_host_spec.c
|
||||
+++ b/src/cmd/isula/isula_host_spec.c
|
||||
@@ -66,7 +66,8 @@ static bool parse_restart_policy(const char *policy, host_config_restart_policy
|
||||
}
|
||||
nret = util_safe_int(dotpos, &(*rp)->maximum_retry_count);
|
||||
if (nret != 0) {
|
||||
- COMMAND_ERROR("Maximum retry count must be an integer: %s", strerror(-nret));
|
||||
+ errno = -nret;
|
||||
+ CMD_SYSERROR("Maximum retry count must be an integer");
|
||||
goto cleanup;
|
||||
}
|
||||
}
|
||||
@@ -724,7 +725,8 @@ static host_config_hugetlbs_element *pase_hugetlb_limit(const char *input)
|
||||
|
||||
ret = util_parse_byte_size_string(limit_value, &tconverted);
|
||||
if (ret != 0 || tconverted < 0) {
|
||||
- COMMAND_ERROR("Parse limit value: %s failed:%s", limit_value, strerror(-ret));
|
||||
+ errno = -ret;
|
||||
+ CMD_SYSERROR("Parse limit value: %s failed", limit_value);
|
||||
goto free_out;
|
||||
}
|
||||
limit = (uint64_t)tconverted;
|
||||
@@ -733,7 +735,8 @@ static host_config_hugetlbs_element *pase_hugetlb_limit(const char *input)
|
||||
tconverted = 0;
|
||||
ret = util_parse_byte_size_string(pagesize, &tconverted);
|
||||
if (ret != 0 || tconverted < 0) {
|
||||
- COMMAND_ERROR("Parse pagesize error.Invalid hugepage size: %s: %s", pagesize, strerror(-ret));
|
||||
+ errno = -ret;
|
||||
+ CMD_SYSERROR("Parse pagesize error.Invalid hugepage size: %s", pagesize);
|
||||
goto free_out;
|
||||
}
|
||||
page = (uint64_t)tconverted;
|
||||
diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c
|
||||
index 39cde6aa..8369f9e2 100644
|
||||
--- a/src/cmd/isulad/main.c
|
||||
+++ b/src/cmd/isulad/main.c
|
||||
@@ -632,8 +632,9 @@ static int parse_time_duration(const char *value, unsigned int *seconds)
|
||||
*(num_str + len - 1) = '\0';
|
||||
ret = util_safe_uint(num_str, &tmp);
|
||||
if (ret < 0) {
|
||||
- ERROR("Illegal unsigned integer: %s", num_str);
|
||||
- COMMAND_ERROR("Illegal unsigned integer:%s:%s", num_str, strerror(-ret));
|
||||
+ errno = -ret;
|
||||
+ SYSERROR("Illegal unsigned integer: %s", num_str);
|
||||
+ COMMAND_ERROR("Illegal unsigned integer:%s", num_str);
|
||||
ret = -1;
|
||||
goto out;
|
||||
}
|
||||
@@ -1407,7 +1408,8 @@ static int create_mount_flock_file(const struct service_arguments *args)
|
||||
// recreate mount flock file
|
||||
// and make file uid/gid and permission correct
|
||||
if (!util_force_remove_file(cleanpath, &err)) {
|
||||
- ERROR("Failed to delete %s, error: %s. Please delete %s manually.", path, strerror(err), path);
|
||||
+ errno = err;
|
||||
+ SYSERROR("Failed to delete %s. Please delete %s manually.", path, path);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
diff --git a/src/cmd/options/opt_ulimit.c b/src/cmd/options/opt_ulimit.c
|
||||
index 55912a16..6853c0d9 100644
|
||||
--- a/src/cmd/options/opt_ulimit.c
|
||||
+++ b/src/cmd/options/opt_ulimit.c
|
||||
@@ -63,7 +63,8 @@ static int parse_soft_hard_ulimit(const char *val, char **limitvals, size_t limi
|
||||
// parse soft
|
||||
ret = util_safe_llong(limitvals[0], &converted);
|
||||
if (ret < 0) {
|
||||
- COMMAND_ERROR("Invalid ulimit soft value: \"%s\", parse int64 failed: %s", val, strerror(-ret));
|
||||
+ errno = -ret;
|
||||
+ CMD_SYSERROR("Invalid ulimit soft value: \"%s\", parse int64 failed", val);
|
||||
ret = -1;
|
||||
goto out;
|
||||
}
|
||||
@@ -74,7 +75,8 @@ static int parse_soft_hard_ulimit(const char *val, char **limitvals, size_t limi
|
||||
converted = 0;
|
||||
ret = util_safe_llong(limitvals[1], &converted);
|
||||
if (ret < 0) {
|
||||
- COMMAND_ERROR("Invalid ulimit hard value: \"%s\", parse int64 failed: %s", val, strerror(-ret));
|
||||
+ errno = -ret;
|
||||
+ CMD_SYSERROR("Invalid ulimit hard value: \"%s\", parse int64 failed", val);
|
||||
ret = -1;
|
||||
goto out;
|
||||
}
|
||||
diff --git a/src/daemon/entry/cri/cni_network_plugin.cc b/src/daemon/entry/cri/cni_network_plugin.cc
|
||||
index 1c7fea2e..c186d185 100644
|
||||
--- a/src/daemon/entry/cri/cni_network_plugin.cc
|
||||
+++ b/src/daemon/entry/cri/cni_network_plugin.cc
|
||||
@@ -796,7 +796,8 @@ void CniNetworkPlugin::RLockNetworkMap(Errors &error)
|
||||
int ret = pthread_rwlock_rdlock(&m_netsLock);
|
||||
if (ret != 0) {
|
||||
error.Errorf("Failed to get read lock");
|
||||
- ERROR("Get read lock failed: %s", strerror(ret));
|
||||
+ errno = ret;
|
||||
+ SYSERROR("Get read lock failed");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -805,7 +806,8 @@ void CniNetworkPlugin::WLockNetworkMap(Errors &error)
|
||||
int ret = pthread_rwlock_wrlock(&m_netsLock);
|
||||
if (ret != 0) {
|
||||
error.Errorf("Failed to get write lock");
|
||||
- ERROR("Get write lock failed: %s", strerror(ret));
|
||||
+ errno = ret;
|
||||
+ SYSERROR("Get write lock failed");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -814,7 +816,8 @@ void CniNetworkPlugin::UnlockNetworkMap(Errors &error)
|
||||
int ret = pthread_rwlock_unlock(&m_netsLock);
|
||||
if (ret != 0) {
|
||||
error.Errorf("Failed to unlock");
|
||||
- ERROR("Unlock failed: %s", strerror(ret));
|
||||
+ errno = ret;
|
||||
+ SYSERROR("Unlock failed");
|
||||
}
|
||||
}
|
||||
|
||||
diff --git a/src/daemon/entry/cri/sysctl_tools.c b/src/daemon/entry/cri/sysctl_tools.c
|
||||
index 847c36e9..ac4fb226 100644
|
||||
--- a/src/daemon/entry/cri/sysctl_tools.c
|
||||
+++ b/src/daemon/entry/cri/sysctl_tools.c
|
||||
@@ -22,6 +22,8 @@
|
||||
#include <unistd.h>
|
||||
#include <limits.h>
|
||||
|
||||
+#include <isula_libutils/log.h>
|
||||
+
|
||||
#include "utils.h"
|
||||
|
||||
int get_sysctl(const char *sysctl, char **err)
|
||||
@@ -41,14 +43,16 @@ int get_sysctl(const char *sysctl, char **err)
|
||||
ret = -1;
|
||||
fd = util_open(fullpath, O_RDONLY, 0);
|
||||
if (fd < 0) {
|
||||
- if (asprintf(err, "Open %s failed: %s", sysctl, strerror(errno)) < 0) {
|
||||
+ SYSWARN("Open %s failed", sysctl);
|
||||
+ if (asprintf(err, "Open %s failed", sysctl) < 0) {
|
||||
*err = util_strdup_s("Out of memory");
|
||||
}
|
||||
goto free_out;
|
||||
}
|
||||
rsize = util_read_nointr(fd, buff, sizeof(buff) - 1);
|
||||
if (rsize <= 0) {
|
||||
- if (asprintf(err, "Read file failed: %s", strerror(errno)) < 0) {
|
||||
+ SYSWARN("Read file: %s failed", sysctl);
|
||||
+ if (asprintf(err, "Read file: %s failed", sysctl) < 0) {
|
||||
*err = util_strdup_s("Out of memory");
|
||||
}
|
||||
goto free_out;
|
||||
@@ -93,14 +97,16 @@ int set_sysctl(const char *sysctl, int new_value, char **err)
|
||||
ret = -1;
|
||||
fd = util_open(fullpath, O_WRONLY, 0);
|
||||
if (fd < 0) {
|
||||
- if (asprintf(err, "Open %s failed: %s", sysctl, strerror(errno)) < 0) {
|
||||
+ SYSWARN("Open %s failed", sysctl);
|
||||
+ if (asprintf(err, "Open %s failed", sysctl) < 0) {
|
||||
*err = util_strdup_s("Out of memory");
|
||||
}
|
||||
goto free_out;
|
||||
}
|
||||
rsize = util_write_nointr(fd, buff, strlen(buff));
|
||||
if (rsize < 0 || (size_t)rsize != strlen(buff)) {
|
||||
- if (asprintf(err, "Write new value failed: %s", strerror(errno)) < 0) {
|
||||
+ SYSWARN("Write new value to %s failed", sysctl);
|
||||
+ if (asprintf(err, "Write new value to %s failed", sysctl) < 0) {
|
||||
*err = util_strdup_s("Out of memory");
|
||||
}
|
||||
goto free_out;
|
||||
diff --git a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
|
||||
index ecb7ffbd..daba21e4 100644
|
||||
--- a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
|
||||
+++ b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
|
||||
@@ -497,8 +497,8 @@ void ContainerManagerService::CreateContainerLogSymlink(const std::string &conta
|
||||
WARN("Deleted previously existing symlink file: %s", path);
|
||||
}
|
||||
if (symlink(realPath, path) != 0) {
|
||||
- error.Errorf("failed to create symbolic link %s to the container log file %s for container %s: %s", path,
|
||||
- realPath, containerID.c_str(), strerror(errno));
|
||||
+ SYSERROR("failed to create symbolic link %s to the container log file %s for container %s", path, realPath, containerID.c_str());
|
||||
+ error.Errorf("failed to create symbolic link %s to the container log file %s for container %s", path, realPath, containerID.c_str());
|
||||
goto cleanup;
|
||||
}
|
||||
} else {
|
||||
diff --git a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
|
||||
index d57338c8..41a02c54 100644
|
||||
--- a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
|
||||
+++ b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
|
||||
@@ -429,7 +429,8 @@ void PodSandboxManagerService::ClearCniNetwork(const std::shared_ptr<sandbox::Sa
|
||||
|
||||
// umount netns when cni removed network successfully
|
||||
if (remove_network_namespace(sandboxKey.c_str()) != 0) {
|
||||
- error.Errorf("Failed to umount directory %s:%s", sandboxKey.c_str(), strerror(errno));
|
||||
+ SYSERROR("Failed to umount directory %s", sandboxKey.c_str());
|
||||
+ error.Errorf("Failed to umount directory %s", sandboxKey.c_str());
|
||||
}
|
||||
}
|
||||
|
||||
diff --git a/src/daemon/executor/network_cb/network_cb.c b/src/daemon/executor/network_cb/network_cb.c
|
||||
index e4f9ce3f..d0f361d0 100644
|
||||
--- a/src/daemon/executor/network_cb/network_cb.c
|
||||
+++ b/src/daemon/executor/network_cb/network_cb.c
|
||||
@@ -43,7 +43,8 @@ static inline bool network_conflist_lock(enum lock_type type)
|
||||
nret = pthread_rwlock_wrlock(&g_network_rwlock);
|
||||
}
|
||||
if (nret != 0) {
|
||||
- ERROR("Lock network list failed: %s", strerror(nret));
|
||||
+ errno = nret;
|
||||
+ SYSERROR("Lock network list failed");
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -56,7 +57,8 @@ static inline void network_conflist_unlock()
|
||||
|
||||
nret = pthread_rwlock_unlock(&g_network_rwlock);
|
||||
if (nret != 0) {
|
||||
- FATAL("Unlock network list failed: %s", strerror(nret));
|
||||
+ errno = nret;
|
||||
+ SYSERROR("Unlock network list failed");
|
||||
}
|
||||
}
|
||||
|
||||
diff --git a/src/daemon/modules/image/oci/oci_image.c b/src/daemon/modules/image/oci/oci_image.c
|
||||
index 40e9a88f..4a48016b 100644
|
||||
--- a/src/daemon/modules/image/oci/oci_image.c
|
||||
+++ b/src/daemon/modules/image/oci/oci_image.c
|
||||
@@ -59,7 +59,8 @@ static inline bool oci_remote_lock(pthread_rwlock_t *remote_lock, bool writable)
|
||||
nret = pthread_rwlock_rdlock(remote_lock);
|
||||
}
|
||||
if (nret != 0) {
|
||||
- ERROR("Lock memory store failed: %s", strerror(nret));
|
||||
+ errno = nret;
|
||||
+ SYSERROR("Lock memory store failed");
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -72,7 +73,8 @@ static inline void oci_remote_unlock(pthread_rwlock_t *remote_lock)
|
||||
|
||||
nret = pthread_rwlock_unlock(remote_lock);
|
||||
if (nret != 0) {
|
||||
- FATAL("Unlock memory store failed: %s", strerror(nret));
|
||||
+ errno = nret;
|
||||
+ SYSERROR("Unlock memory store failed");
|
||||
}
|
||||
}
|
||||
#endif
|
||||
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c
|
||||
index e9adab1a..55e3bb97 100644
|
||||
--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c
|
||||
+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c
|
||||
@@ -94,7 +94,8 @@ static inline bool image_store_lock(enum lock_type type)
|
||||
nret = pthread_rwlock_wrlock(&g_image_store->rwlock);
|
||||
}
|
||||
if (nret != 0) {
|
||||
- ERROR("Lock memory store failed: %s", strerror(nret));
|
||||
+ errno = nret;
|
||||
+ SYSERROR("Lock memory store failed");
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -107,7 +108,8 @@ static inline void image_store_unlock()
|
||||
|
||||
nret = pthread_rwlock_unlock(&g_image_store->rwlock);
|
||||
if (nret != 0) {
|
||||
- FATAL("Unlock memory store failed: %s", strerror(nret));
|
||||
+ errno = nret;
|
||||
+ SYSERROR("Unlock memory store failed");
|
||||
}
|
||||
}
|
||||
|
||||
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
|
||||
index 81e53ea7..4f19c26d 100644
|
||||
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
|
||||
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
|
||||
@@ -107,8 +107,9 @@ static int handle_dm_min_free_space(char *val, struct device_set *devset)
|
||||
int ret = util_parse_percent_string(val, &converted);
|
||||
|
||||
if (ret != 0 || converted >= 100) {
|
||||
- ERROR("Invalid min free space: '%s': %s", val, strerror(-ret));
|
||||
- isulad_set_error_message("Invalid min free space: '%s': %s", val, strerror(-ret));
|
||||
+ errno = -ret;
|
||||
+ SYSERROR("Invalid min free space: '%s'", val);
|
||||
+ isulad_set_error_message("Invalid min free space: '%s'", val);
|
||||
return -1;
|
||||
}
|
||||
devset->min_free_space_percent = (uint32_t)converted;
|
||||
@@ -122,8 +123,9 @@ static int handle_dm_basesize(char *val, struct device_set *devset)
|
||||
int ret = util_parse_byte_size_string(val, &converted);
|
||||
|
||||
if (ret != 0) {
|
||||
- ERROR("Invalid size: '%s': %s", val, strerror(-ret));
|
||||
- isulad_set_error_message("Invalid size: '%s': %s", val, strerror(-ret));
|
||||
+ errno = -ret;
|
||||
+ SYSERROR("Invalid size: '%s'", val);
|
||||
+ isulad_set_error_message("Invalid size: '%s'", val);
|
||||
return -1;
|
||||
}
|
||||
if (converted <= 0) {
|
||||
@@ -2722,7 +2724,8 @@ static int determine_driver_capabilities(const char *version, struct device_set
|
||||
|
||||
ret = util_parse_byte_size_string(tmp_str[0], &major);
|
||||
if (ret != 0) {
|
||||
- ERROR("devmapper: invalid size: '%s': %s", tmp_str[0], strerror(-ret));
|
||||
+ errno = -ret;
|
||||
+ SYSERROR("devmapper: invalid size: '%s'", tmp_str[0]);
|
||||
ret = -1;
|
||||
goto out;
|
||||
}
|
||||
@@ -2742,7 +2745,8 @@ static int determine_driver_capabilities(const char *version, struct device_set
|
||||
|
||||
ret = util_parse_byte_size_string(tmp_str[1], &minor);
|
||||
if (ret != 0) {
|
||||
- ERROR("devmapper: invalid size: '%s': %s", tmp_str[1], strerror(-ret));
|
||||
+ errno = -ret;
|
||||
+ SYSERROR("devmapper: invalid size: '%s'", tmp_str[1]);
|
||||
ret = -1;
|
||||
goto out;
|
||||
}
|
||||
@@ -2915,7 +2919,8 @@ static int parse_storage_opt(const json_map_string_string *opts, uint64_t *size)
|
||||
|
||||
ret = util_parse_byte_size_string(opts->values[i], &converted);
|
||||
if (ret != 0) {
|
||||
- ERROR("Invalid size: '%s': %s", opts->values[i], strerror(-ret));
|
||||
+ errno = -ret;
|
||||
+ SYSERROR("Invalid size: '%s'", opts->values[i]);
|
||||
ret = -1;
|
||||
goto out;
|
||||
}
|
||||
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c
|
||||
index b83c63b1..b1790af1 100644
|
||||
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c
|
||||
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c
|
||||
@@ -86,7 +86,8 @@ static inline bool driver_rd_lock()
|
||||
|
||||
nret = pthread_rwlock_rdlock(&g_graphdriver->rwlock);
|
||||
if (nret != 0) {
|
||||
- ERROR("Lock driver memory store failed: %s", strerror(nret));
|
||||
+ errno = nret;
|
||||
+ SYSERROR("Lock driver memory store failed");
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -99,7 +100,8 @@ static inline bool driver_wr_lock()
|
||||
|
||||
nret = pthread_rwlock_wrlock(&g_graphdriver->rwlock);
|
||||
if (nret != 0) {
|
||||
- ERROR("Lock driver memory store failed: %s", strerror(nret));
|
||||
+ errno = nret;
|
||||
+ SYSERROR("Lock driver memory store failed");
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -112,7 +114,8 @@ static inline void driver_unlock()
|
||||
|
||||
nret = pthread_rwlock_unlock(&g_graphdriver->rwlock);
|
||||
if (nret != 0) {
|
||||
- FATAL("Unlock driver memory store failed: %s", strerror(nret));
|
||||
+ errno = nret;
|
||||
+ SYSERROR("Unlock driver memory store failed");
|
||||
}
|
||||
}
|
||||
|
||||
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
|
||||
index b177f594..3b27076c 100644
|
||||
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
|
||||
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
|
||||
@@ -134,7 +134,8 @@ static int overlay2_parse_options(struct graphdriver *driver, const char **optio
|
||||
int64_t converted = 0;
|
||||
ret = util_parse_byte_size_string(val, &converted);
|
||||
if (ret != 0) {
|
||||
- ERROR("Invalid size: '%s': %s", val, strerror(-ret));
|
||||
+ errno = -ret;
|
||||
+ SYSERROR("Invalid size: '%s'", val);
|
||||
ret = -1;
|
||||
goto out;
|
||||
}
|
||||
@@ -143,7 +144,8 @@ static int overlay2_parse_options(struct graphdriver *driver, const char **optio
|
||||
int64_t converted = 0;
|
||||
ret = util_parse_byte_size_string(val, &converted);
|
||||
if (ret != 0) {
|
||||
- ERROR("Invalid size: '%s': %s", val, strerror(-ret));
|
||||
+ errno = -ret;
|
||||
+ SYSERROR("Invalid size: '%s'", val);
|
||||
ret = -1;
|
||||
goto out;
|
||||
}
|
||||
@@ -152,7 +154,8 @@ static int overlay2_parse_options(struct graphdriver *driver, const char **optio
|
||||
bool converted_bool = 0;
|
||||
ret = util_str_to_bool(val, &converted_bool);
|
||||
if (ret != 0) {
|
||||
- ERROR("Invalid bool: '%s': %s", val, strerror(-ret));
|
||||
+ errno = -ret;
|
||||
+ SYSERROR("Invalid bool: '%s'", val);
|
||||
ret = -1;
|
||||
goto out;
|
||||
}
|
||||
@@ -161,7 +164,8 @@ static int overlay2_parse_options(struct graphdriver *driver, const char **optio
|
||||
bool converted_bool = 0;
|
||||
ret = util_str_to_bool(val, &converted_bool);
|
||||
if (ret != 0) {
|
||||
- ERROR("Invalid bool: '%s': %s", val, strerror(-ret));
|
||||
+ errno = -ret;
|
||||
+ SYSERROR("Invalid bool: '%s'", val);
|
||||
ret = -1;
|
||||
goto out;
|
||||
}
|
||||
@@ -830,8 +834,9 @@ static int set_layer_quota(const char *dir, const json_map_string_string *opts,
|
||||
int64_t converted = 0;
|
||||
ret = util_parse_byte_size_string(opts->values[i], &converted);
|
||||
if (ret != 0) {
|
||||
- ERROR("Invalid size: '%s': %s", opts->values[i], strerror(-ret));
|
||||
- isulad_set_error_message("Invalid quota size: '%s': %s", opts->values[i], strerror(-ret));
|
||||
+ errno = -ret;
|
||||
+ SYSERROR("Invalid size: '%s'", opts->values[i]);
|
||||
+ isulad_set_error_message("Invalid quota size: '%s'", opts->values[i]);
|
||||
ret = -1;
|
||||
goto out;
|
||||
}
|
||||
diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
|
||||
index ddf3a62c..8d8384b8 100644
|
||||
--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
|
||||
+++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
|
||||
@@ -98,7 +98,8 @@ static inline bool layer_store_lock(bool writable)
|
||||
nret = pthread_rwlock_rdlock(&g_metadata.rwlock);
|
||||
}
|
||||
if (nret != 0) {
|
||||
- ERROR("Lock memory store failed: %s", strerror(nret));
|
||||
+ errno = nret;
|
||||
+ SYSERROR("Lock memory store failed");
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -111,7 +112,8 @@ static inline void layer_store_unlock()
|
||||
|
||||
nret = pthread_rwlock_unlock(&g_metadata.rwlock);
|
||||
if (nret != 0) {
|
||||
- FATAL("Unlock memory store failed: %s", strerror(nret));
|
||||
+ errno = nret;
|
||||
+ SYSERROR("Unlock memory store failed");
|
||||
}
|
||||
}
|
||||
|
||||
diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c
|
||||
index 400678c4..1bac8dd5 100644
|
||||
--- a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c
|
||||
+++ b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c
|
||||
@@ -39,7 +39,8 @@ static inline bool remote_refresh_lock(pthread_rwlock_t *remote_lock, bool writa
|
||||
nret = pthread_rwlock_rdlock(remote_lock);
|
||||
}
|
||||
if (nret != 0) {
|
||||
- ERROR("Lock memory store failed: %s", strerror(nret));
|
||||
+ errno = nret;
|
||||
+ SYSERROR("Lock memory store failed");
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -52,7 +53,8 @@ static inline void remote_refresh_unlock(pthread_rwlock_t *remote_lock)
|
||||
|
||||
nret = pthread_rwlock_unlock(remote_lock);
|
||||
if (nret != 0) {
|
||||
- FATAL("Unlock memory store failed: %s", strerror(nret));
|
||||
+ errno = nret;
|
||||
+ SYSERROR("Unlock memory store failed");
|
||||
}
|
||||
}
|
||||
|
||||
diff --git a/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.c b/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.c
|
||||
index 1c5d2d84..ee1e15d0 100644
|
||||
--- a/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.c
|
||||
+++ b/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.c
|
||||
@@ -69,7 +69,8 @@ static inline bool rootfs_store_lock(enum lock_type type)
|
||||
}
|
||||
|
||||
if (nret != 0) {
|
||||
- ERROR("Lock memory store failed: %s", strerror(nret));
|
||||
+ errno = nret;
|
||||
+ SYSERROR("Lock memory store failed");
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -82,7 +83,8 @@ static inline void rootfs_store_unlock()
|
||||
|
||||
nret = pthread_rwlock_unlock(&g_rootfs_store->rwlock);
|
||||
if (nret != 0) {
|
||||
- FATAL("Unlock memory store failed: %s", strerror(nret));
|
||||
+ errno = nret;
|
||||
+ SYSERROR("Unlock memory store failed");
|
||||
}
|
||||
}
|
||||
|
||||
diff --git a/src/daemon/modules/image/oci/storage/storage.c b/src/daemon/modules/image/oci/storage/storage.c
|
||||
index d5e79207..aa442ecf 100644
|
||||
--- a/src/daemon/modules/image/oci/storage/storage.c
|
||||
+++ b/src/daemon/modules/image/oci/storage/storage.c
|
||||
@@ -61,7 +61,8 @@ static inline bool storage_lock(pthread_rwlock_t *store_lock, bool writable)
|
||||
nret = pthread_rwlock_rdlock(store_lock);
|
||||
}
|
||||
if (nret != 0) {
|
||||
- ERROR("Lock memory store failed: %s", strerror(nret));
|
||||
+ errno = nret;
|
||||
+ SYSERROR("Lock memory store failed");
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -74,7 +75,8 @@ static inline void storage_unlock(pthread_rwlock_t *store_lock)
|
||||
|
||||
nret = pthread_rwlock_unlock(store_lock);
|
||||
if (nret != 0) {
|
||||
- FATAL("Unlock memory store failed: %s", strerror(nret));
|
||||
+ errno = nret;
|
||||
+ SYSERROR("Unlock memory store failed");
|
||||
}
|
||||
}
|
||||
|
||||
diff --git a/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_errno.c b/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_errno.c
|
||||
index efdcfbc7..977f9fbb 100644
|
||||
--- a/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_errno.c
|
||||
+++ b/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_errno.c
|
||||
@@ -30,14 +30,6 @@ const char * const g_INVOKE_ERR_MSGS[] = {
|
||||
"Success"
|
||||
};
|
||||
|
||||
-const char *get_invoke_err_msg(int errcode)
|
||||
-{
|
||||
- if (errcode > (int)INK_ERR_MIN && errcode <= (int)INK_ERR_SUCCESS) {
|
||||
- return g_INVOKE_ERR_MSGS[errcode - (int)INK_ERR_MIN];
|
||||
- }
|
||||
- return strerror(errcode);
|
||||
-}
|
||||
-
|
||||
const char * const g_CNI_WELL_KNOWN_ERR_MSGS[] = {
|
||||
/* 0 */
|
||||
"Success",
|
||||
diff --git a/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_errno.h b/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_errno.h
|
||||
index 9f63e5f5..236bc6ef 100644
|
||||
--- a/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_errno.h
|
||||
+++ b/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_errno.h
|
||||
@@ -43,8 +43,6 @@ enum CNI_CUSTOM_ERROR {
|
||||
CUSTOM_ERR_MAX, // max flag
|
||||
};
|
||||
|
||||
-const char *get_invoke_err_msg(int errcode);
|
||||
-
|
||||
enum CNI_WELL_KNOW_ERROR {
|
||||
CNI_ERR_UNKNOW = 0,
|
||||
CNI_ERR_INCOMPATIBLE_CNI_VERSION,
|
||||
diff --git a/src/daemon/modules/network/cni_operator/libcni/libcni_cached.c b/src/daemon/modules/network/cni_operator/libcni/libcni_cached.c
|
||||
index 63ee6e10..17de527e 100644
|
||||
--- a/src/daemon/modules/network/cni_operator/libcni/libcni_cached.c
|
||||
+++ b/src/daemon/modules/network/cni_operator/libcni/libcni_cached.c
|
||||
@@ -276,7 +276,8 @@ int cni_cache_delete(const char *cache_dir, const char *net_name, const struct r
|
||||
}
|
||||
|
||||
if (!util_force_remove_file(file_path, &get_err)) {
|
||||
- ERROR("Failed to delete %s, error: %s", file_path, strerror(get_err));
|
||||
+ errno = get_err;
|
||||
+ SYSERROR("Failed to delete %s.", file_path);
|
||||
}
|
||||
|
||||
free(file_path);
|
||||
diff --git a/src/daemon/modules/network/native/adaptor_native.c b/src/daemon/modules/network/native/adaptor_native.c
|
||||
index 8bc386d1..8d403442 100644
|
||||
--- a/src/daemon/modules/network/native/adaptor_native.c
|
||||
+++ b/src/daemon/modules/network/native/adaptor_native.c
|
||||
@@ -86,7 +86,8 @@ static inline bool native_store_lock(enum lock_type type)
|
||||
nret = pthread_rwlock_wrlock(&g_store.rwlock);
|
||||
}
|
||||
if (nret != 0) {
|
||||
- ERROR("Lock network list failed: %s", strerror(nret));
|
||||
+ errno = nret;
|
||||
+ SYSERROR("Lock network list failed");
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -99,7 +100,8 @@ static inline void native_store_unlock()
|
||||
|
||||
nret = pthread_rwlock_unlock(&g_store.rwlock);
|
||||
if (nret != 0) {
|
||||
- FATAL("Unlock network list failed: %s", strerror(nret));
|
||||
+ errno = nret;
|
||||
+ SYSERROR("Unlock network list failed");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -113,7 +115,8 @@ static inline void native_network_lock(enum lock_type type, native_network *netw
|
||||
nret = pthread_rwlock_wrlock(&network->rwlock);
|
||||
}
|
||||
if (nret != 0) {
|
||||
- ERROR("Lock network list failed: %s", strerror(nret));
|
||||
+ errno = nret;
|
||||
+ SYSERROR("Lock network list failed");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -123,7 +126,8 @@ static inline void native_network_unlock(native_network *network)
|
||||
|
||||
nret = pthread_rwlock_unlock(&network->rwlock);
|
||||
if (nret != 0) {
|
||||
- FATAL("Unlock network list failed: %s", strerror(nret));
|
||||
+ errno = nret;
|
||||
+ SYSERROR("Unlock network list failed");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1944,8 +1948,9 @@ int native_config_remove(const char *name, char **res_name)
|
||||
WARN("Failed to get %s file path", network->conflist->list->name);
|
||||
isulad_append_error_message("Failed to get %s file path. ", network->conflist->list->name);
|
||||
} else if (!util_force_remove_file(path, &get_err)) {
|
||||
- WARN("Failed to delete %s, error: %s", path, strerror(get_err));
|
||||
- isulad_append_error_message("Failed to delete %s, error: %s. ", path, strerror(get_err));
|
||||
+ errno = get_err;
|
||||
+ SYSWARN("Failed to delete %s.", path);
|
||||
+ isulad_append_error_message("Failed to delete %s.", path);
|
||||
}
|
||||
|
||||
if (!map_remove(g_store.name_to_network, (void *)network->conflist->list->name)) {
|
||||
diff --git a/src/daemon/modules/plugin/plugin.c b/src/daemon/modules/plugin/plugin.c
|
||||
index b4d78dc9..c42cfd21 100644
|
||||
--- a/src/daemon/modules/plugin/plugin.c
|
||||
+++ b/src/daemon/modules/plugin/plugin.c
|
||||
@@ -409,7 +409,8 @@ static void pm_rdlock(void)
|
||||
|
||||
errcode = pthread_rwlock_rdlock(&g_plugin_manager->pm_rwlock);
|
||||
if (errcode != 0) {
|
||||
- ERROR("Read lock failed: %s", strerror(errcode));
|
||||
+ errno = errcode;
|
||||
+ SYSERROR("Read lock failed");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -419,7 +420,8 @@ static void pm_wrlock(void)
|
||||
|
||||
errcode = pthread_rwlock_wrlock(&g_plugin_manager->pm_rwlock);
|
||||
if (errcode != 0) {
|
||||
- ERROR("Write lock failed: %s", strerror(errcode));
|
||||
+ errno = errcode;
|
||||
+ SYSERROR("Write lock failed");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -429,7 +431,8 @@ static void pm_unlock(void)
|
||||
|
||||
errcode = pthread_rwlock_unlock(&g_plugin_manager->pm_rwlock);
|
||||
if (errcode != 0) {
|
||||
- ERROR("Unlock failed: %s", strerror(errcode));
|
||||
+ errno = errcode;
|
||||
+ SYSERROR("Unlock failed");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -659,7 +662,8 @@ static void *plugin_manager_routine(void *arg)
|
||||
|
||||
errcode = pthread_detach(pthread_self());
|
||||
if (errcode != 0) {
|
||||
- ERROR("Detach thread failed: %s", strerror(errcode));
|
||||
+ errno = errcode;
|
||||
+ SYSERROR("Detach thread failed");
|
||||
return NULL;
|
||||
}
|
||||
if (pm_init() < 0) {
|
||||
@@ -716,7 +720,8 @@ static void plugin_rdlock(plugin_t *plugin)
|
||||
|
||||
errcode = pthread_rwlock_rdlock(&plugin->lock);
|
||||
if (errcode != 0) {
|
||||
- ERROR("Plugin read lock failed: %s", strerror(errcode));
|
||||
+ errno = errcode;
|
||||
+ SYSERROR("Plugin read lock failed");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -726,7 +731,8 @@ static void plugin_wrlock(plugin_t *plugin)
|
||||
|
||||
errcode = pthread_rwlock_wrlock(&plugin->lock);
|
||||
if (errcode != 0) {
|
||||
- ERROR("Plugin write lock failed: %s", strerror(errcode));
|
||||
+ errno = errcode;
|
||||
+ SYSERROR("Plugin write lock failed");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -736,7 +742,8 @@ static void plugin_unlock(plugin_t *plugin)
|
||||
|
||||
errcode = pthread_rwlock_unlock(&plugin->lock);
|
||||
if (errcode != 0) {
|
||||
- ERROR("Plugin unlock failed: %s", strerror(errcode));
|
||||
+ errno = errcode;
|
||||
+ SYSERROR("Plugin unlock failed");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -758,7 +765,8 @@ plugin_t *plugin_new(const char *name, const char *addr)
|
||||
|
||||
errcode = pthread_rwlock_init(&plugin->lock, NULL);
|
||||
if (errcode != 0) {
|
||||
- ERROR("Plugin init lock failed: %s", strerror(errcode));
|
||||
+ errno = errcode;
|
||||
+ SYSERROR("Plugin init lock failed");
|
||||
goto bad;
|
||||
}
|
||||
plugin->name = util_strdup_s(name);
|
||||
diff --git a/src/daemon/modules/service/service_network.c b/src/daemon/modules/service/service_network.c
|
||||
index 5502bcbd..6754cf1a 100644
|
||||
--- a/src/daemon/modules/service/service_network.c
|
||||
+++ b/src/daemon/modules/service/service_network.c
|
||||
@@ -962,7 +962,7 @@ static int do_update_internal_file(const char *id, const char *file_path,
|
||||
ret = 0;
|
||||
} else {
|
||||
SYSERROR("Failed to write file %s", file_path);
|
||||
- isulad_set_error_message("Failed to write file %s: %s", file_path, strerror(errno));
|
||||
+ isulad_set_error_message("Failed to write file %s", file_path);
|
||||
ret = -1;
|
||||
}
|
||||
|
||||
@@ -1180,7 +1180,7 @@ static int do_drop_internal_file(const char *id, const char *file_path, const de
|
||||
goto out;
|
||||
} else {
|
||||
SYSERROR("Failed to open %s", file_path);
|
||||
- isulad_set_error_message("Failed to open %s: %s", file_path, strerror(errno));
|
||||
+ isulad_set_error_message("Failed to open %s", file_path);
|
||||
ret = -1;
|
||||
goto out;
|
||||
}
|
||||
@@ -1213,7 +1213,7 @@ static int do_drop_internal_file(const char *id, const char *file_path, const de
|
||||
ret = util_write_file(file_path, str, strlen(str), NETWORK_MOUNT_FILE_MODE);
|
||||
if (ret != 0) {
|
||||
SYSERROR("Failed to write file %s", file_path);
|
||||
- isulad_set_error_message("Failed to write file %s: %s", file_path, strerror(errno));
|
||||
+ isulad_set_error_message("Failed to write file %s", file_path);
|
||||
goto out;
|
||||
}
|
||||
|
||||
diff --git a/src/daemon/sandbox/sandbox.cc b/src/daemon/sandbox/sandbox.cc
|
||||
index d3fc7eea..1723e95e 100644
|
||||
--- a/src/daemon/sandbox/sandbox.cc
|
||||
+++ b/src/daemon/sandbox/sandbox.cc
|
||||
@@ -817,7 +817,8 @@ auto Sandbox::SaveState(Errors &error) -> bool
|
||||
|
||||
nret = util_atomic_write_file(path.c_str(), stateJson.c_str(), stateJson.length(), CONFIG_FILE_MODE, false);
|
||||
if (nret != 0) {
|
||||
- error.Errorf("Failed to write file %s: %s", path.c_str(), strerror(errno));
|
||||
+ SYSERROR("Failed to write file %s");
|
||||
+ error.Errorf("Failed to write file %s", path.c_str());
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -834,7 +835,7 @@ auto Sandbox::SaveNetworkSetting(Errors &error) -> bool
|
||||
false);
|
||||
if (nret != 0) {
|
||||
SYSERROR("Failed to write file %s", path.c_str());
|
||||
- error.Errorf("Failed to write file %s: %s", path.c_str(), strerror(errno));
|
||||
+ error.Errorf("Failed to write file %s", path.c_str());
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -877,7 +878,8 @@ auto Sandbox::SaveMetadata(Errors &error) -> bool
|
||||
|
||||
nret = util_atomic_write_file(path.c_str(), metadataJson.c_str(), metadataJson.length(), CONFIG_FILE_MODE, false);
|
||||
if (nret != 0) {
|
||||
- error.Errorf("Failed to write file %s: %s", path.c_str(), strerror(errno));
|
||||
+ SYSERROR("Failed to write file %s", path.c_str());
|
||||
+ error.Errorf("Failed to write file %s", path.c_str());
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
diff --git a/src/utils/cutils/network_namespace.c b/src/utils/cutils/network_namespace.c
|
||||
index 0e225d9b..c9838104 100644
|
||||
--- a/src/utils/cutils/network_namespace.c
|
||||
+++ b/src/utils/cutils/network_namespace.c
|
||||
@@ -231,7 +231,8 @@ int remove_network_namespace_file(const char *netns_path)
|
||||
}
|
||||
|
||||
if (!util_force_remove_file(netns_path, &get_err)) {
|
||||
- ERROR("Failed to remove file %s, error: %s", netns_path, strerror(get_err));
|
||||
+ errno = get_err;
|
||||
+ SYSERROR("Failed to remove file %s", netns_path);
|
||||
return -1;
|
||||
}
|
||||
|
||||
diff --git a/src/utils/cutils/utils_file.c b/src/utils/cutils/utils_file.c
|
||||
index bc22ee95..1a148b0b 100644
|
||||
--- a/src/utils/cutils/utils_file.c
|
||||
+++ b/src/utils/cutils/utils_file.c
|
||||
@@ -1061,7 +1061,9 @@ char *look_path(const char *file, char **err)
|
||||
if (en == 0) {
|
||||
return util_strdup_s(file);
|
||||
}
|
||||
- if (asprintf(err, "find exec %s : %s", file, strerror(en)) < 0) {
|
||||
+ errno = en;
|
||||
+ SYSERROR("find exec %s failed", file);
|
||||
+ if (asprintf(err, "find exec %s failed", file) < 0) {
|
||||
*err = util_strdup_s("Out of memory");
|
||||
}
|
||||
return NULL;
|
||||
--
|
||||
2.40.1
|
||||
|
||||
71
0012-use-gmtime_r-to-replace-gmtime.patch
Normal file
71
0012-use-gmtime_r-to-replace-gmtime.patch
Normal file
@ -0,0 +1,71 @@
|
||||
From ec04faff6fba052b5bb4ed0b090ae441f888ce5c Mon Sep 17 00:00:00 2001
|
||||
From: haozi007 <liuhao27@huawei.com>
|
||||
Date: Wed, 6 Sep 2023 16:31:19 +0800
|
||||
Subject: [PATCH 12/33] use gmtime_r to replace gmtime
|
||||
|
||||
Signed-off-by: haozi007 <liuhao27@huawei.com>
|
||||
---
|
||||
src/utils/cutils/utils_timestamp.c | 14 ++++++--------
|
||||
1 file changed, 6 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/src/utils/cutils/utils_timestamp.c b/src/utils/cutils/utils_timestamp.c
|
||||
index fee66ea8..8ae9e42a 100644
|
||||
--- a/src/utils/cutils/utils_timestamp.c
|
||||
+++ b/src/utils/cutils/utils_timestamp.c
|
||||
@@ -652,9 +652,9 @@ int64_t util_time_seconds_since(const char *in)
|
||||
int32_t nanos = 0;
|
||||
int64_t result = 0;
|
||||
struct tm tm = { 0 };
|
||||
- struct tm *currentm = NULL;
|
||||
struct types_timezone tz = { 0 };
|
||||
time_t currentime;
|
||||
+ struct tm result_time = { 0 };
|
||||
|
||||
if (in == NULL || !strcmp(in, defaultContainerTime) || !strcmp(in, "-")) {
|
||||
return 0;
|
||||
@@ -666,13 +666,12 @@ int64_t util_time_seconds_since(const char *in)
|
||||
}
|
||||
|
||||
time(¤time);
|
||||
- currentm = gmtime(¤time);
|
||||
- if (currentm == NULL) {
|
||||
+ if (gmtime_r(¤time, &result_time) == NULL) {
|
||||
ERROR("Get time error");
|
||||
return 0;
|
||||
}
|
||||
|
||||
- result = get_minmus_time(currentm, &tm);
|
||||
+ result = get_minmus_time(&result_time, &tm);
|
||||
result = result + (int64_t)tz.hour * 3600 + (int64_t)tz.min * 60;
|
||||
|
||||
if (result > 0) {
|
||||
@@ -871,9 +870,9 @@ int util_time_format_duration(const char *in, char *out, size_t len)
|
||||
int32_t nanos = 0;
|
||||
int64_t result = 0;
|
||||
struct tm tm = { 0 };
|
||||
- struct tm *currentm = NULL;
|
||||
struct types_timezone tz = { 0 };
|
||||
time_t currentime = { 0 };
|
||||
+ struct tm result_time = { 0 };
|
||||
|
||||
if (out == NULL) {
|
||||
return -1;
|
||||
@@ -888,13 +887,12 @@ int util_time_format_duration(const char *in, char *out, size_t len)
|
||||
}
|
||||
|
||||
time(¤time);
|
||||
- currentm = gmtime(¤time);
|
||||
- if (currentm == NULL) {
|
||||
+ if (gmtime_r(¤time, &result_time) == NULL) {
|
||||
ERROR("Get time error");
|
||||
return -1;
|
||||
}
|
||||
|
||||
- result = get_minmus_time(currentm, &tm);
|
||||
+ result = get_minmus_time(&result_time, &tm);
|
||||
result = result + (int64_t)tz.hour * 3600 + (int64_t)tz.min * 60;
|
||||
|
||||
if (result < 0 || !time_human_duration(result, out, len)) {
|
||||
--
|
||||
2.40.1
|
||||
|
||||
72
0013-improve-report-error-message-of-client.patch
Normal file
72
0013-improve-report-error-message-of-client.patch
Normal file
@ -0,0 +1,72 @@
|
||||
From a446152d676cf5616784e3f8f80dea8fd2ac221a Mon Sep 17 00:00:00 2001
|
||||
From: haozi007 <liuhao27@huawei.com>
|
||||
Date: Thu, 7 Sep 2023 14:34:01 +0800
|
||||
Subject: [PATCH 13/33] improve report error message of client
|
||||
|
||||
Signed-off-by: haozi007 <liuhao27@huawei.com>
|
||||
---
|
||||
src/daemon/executor/container_cb/execution_stream.c | 4 ++--
|
||||
src/daemon/modules/service/service_container.c | 2 +-
|
||||
src/utils/tar/isulad_tar.c | 4 ++--
|
||||
3 files changed, 5 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/src/daemon/executor/container_cb/execution_stream.c b/src/daemon/executor/container_cb/execution_stream.c
|
||||
index aae9c234..7db96b19 100644
|
||||
--- a/src/daemon/executor/container_cb/execution_stream.c
|
||||
+++ b/src/daemon/executor/container_cb/execution_stream.c
|
||||
@@ -536,7 +536,7 @@ static container_path_stat *do_container_stat_path(const char *rootpath, const c
|
||||
nret = lstat(resolvedpath, &st);
|
||||
if (nret < 0) {
|
||||
SYSERROR("lstat %s failed.", resolvedpath);
|
||||
- isulad_set_error_message("lstat %s failed.", resolvedpath);
|
||||
+ isulad_set_error_message("Check %s failed, get more information from log.", resolvedpath);
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
@@ -922,7 +922,7 @@ static int copy_to_container_check_path_valid(const container_t *cont, const cha
|
||||
nret = lstat(resolvedpath, &st);
|
||||
if (nret < 0) {
|
||||
SYSERROR("lstat %s failed", resolvedpath);
|
||||
- isulad_set_error_message("lstat %s failed", resolvedpath);
|
||||
+ isulad_set_error_message("Check %s failed, get more information from log.", resolvedpath);
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
|
||||
index 370ba059..83d82201 100644
|
||||
--- a/src/daemon/modules/service/service_container.c
|
||||
+++ b/src/daemon/modules/service/service_container.c
|
||||
@@ -596,7 +596,7 @@ static int valid_mount_point(container_config_v2_common_config_mount_points_elem
|
||||
|
||||
if (lstat(mp->source, &st) != 0) {
|
||||
SYSERROR("lstat %s failed", mp->source);
|
||||
- isulad_set_error_message("lstat %s failed", mp->source);
|
||||
+ isulad_set_error_message("Check %s failed, get more information from log.", mp->source);
|
||||
return -1;
|
||||
}
|
||||
|
||||
diff --git a/src/utils/tar/isulad_tar.c b/src/utils/tar/isulad_tar.c
|
||||
index bffbb43b..2e61d823 100644
|
||||
--- a/src/utils/tar/isulad_tar.c
|
||||
+++ b/src/utils/tar/isulad_tar.c
|
||||
@@ -192,7 +192,7 @@ struct archive_copy_info *copy_info_source_path(const char *path, bool follow_li
|
||||
nret = lstat(resolved_path, &st);
|
||||
if (nret < 0) {
|
||||
SYSERROR("lstat %s failed", resolved_path);
|
||||
- format_errorf(err, "lstat %s failed", resolved_path);
|
||||
+ format_errorf(err, "Check %s failed, get more information from log.", resolved_path);
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
@@ -429,7 +429,7 @@ static int tar_resource_rebase(const char *path, const char *rebase, const char
|
||||
|
||||
if (lstat(path, &st) < 0) {
|
||||
SYSERROR("lstat %s failed", path);
|
||||
- format_errorf(err, "lstat %s failed", path);
|
||||
+ format_errorf(err, "Check %s failed, get more information from log.", path);
|
||||
return -1;
|
||||
}
|
||||
if (util_split_path_dir_entry(path, &srcdir, &srcbase) < 0) {
|
||||
--
|
||||
2.40.1
|
||||
|
||||
43
0014-adapt-new-error-message-for-isula-cp.patch
Normal file
43
0014-adapt-new-error-message-for-isula-cp.patch
Normal file
@ -0,0 +1,43 @@
|
||||
From aba6d26fe34b3bea5964bca25f081a240312f08b Mon Sep 17 00:00:00 2001
|
||||
From: haozi007 <liuhao27@huawei.com>
|
||||
Date: Thu, 7 Sep 2023 14:41:48 +0800
|
||||
Subject: [PATCH 14/33] adapt new error message for isula cp
|
||||
|
||||
Signed-off-by: haozi007 <liuhao27@huawei.com>
|
||||
---
|
||||
CI/test_cases/container_cases/cp.sh | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/CI/test_cases/container_cases/cp.sh b/CI/test_cases/container_cases/cp.sh
|
||||
index 7bec9170..e60ccbc2 100755
|
||||
--- a/CI/test_cases/container_cases/cp.sh
|
||||
+++ b/CI/test_cases/container_cases/cp.sh
|
||||
@@ -57,10 +57,10 @@ test_cp_file_from_container()
|
||||
fi
|
||||
rm -rf $dstfile
|
||||
|
||||
- isula cp $containername:/etc/../etc/passwd/ $cpfiles 2>&1 | grep "Not a directory"
|
||||
+ isula cp $containername:/etc/../etc/passwd/ $cpfiles 2>&1 | grep "get more information from log"
|
||||
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to do copy" && ((ret++))
|
||||
|
||||
- isula cp $containername:/etc/nonexists $cpfiles 2>&1 | grep "No such file or directory"
|
||||
+ isula cp $containername:/etc/nonexists $cpfiles 2>&1 | grep "get more information from log"
|
||||
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to do copy" && ((ret++))
|
||||
|
||||
dstfile=$cpfiles/etc
|
||||
@@ -146,10 +146,10 @@ test_cp_file_to_container()
|
||||
isula cp /etc/passwd $containername:$cpfiles/nonexists/ 2>&1 | grep "no such directory"
|
||||
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to do copy" && ((ret++))
|
||||
|
||||
- isula cp /etc/passwd $containername:$cpfiles/nonexists/nonexists 2>&1 | grep "No such file or directory"
|
||||
+ isula cp /etc/passwd $containername:$cpfiles/nonexists/nonexists 2>&1 | grep "get more information from log"
|
||||
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to do copy" && ((ret++))
|
||||
|
||||
- isula cp /etc/nonexists $containername:$cpfiles 2>&1 | grep "No such file or directory"
|
||||
+ isula cp /etc/nonexists $containername:$cpfiles 2>&1 | grep "get more information from log"
|
||||
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to do copy" && ((ret++))
|
||||
rm -rf $dstfile
|
||||
|
||||
--
|
||||
2.40.1
|
||||
|
||||
58
0015-2182-Add-mutex-for-container-list-in-sandbox.patch
Normal file
58
0015-2182-Add-mutex-for-container-list-in-sandbox.patch
Normal file
@ -0,0 +1,58 @@
|
||||
From dcceff17d6c2e1c97cb18c65260edfd2d6a3a60a Mon Sep 17 00:00:00 2001
|
||||
From: xuxuepeng <xuxuepeng1@huawei.com>
|
||||
Date: Tue, 12 Sep 2023 03:20:33 +0000
|
||||
Subject: [PATCH 15/33] !2182 Add mutex for container list in sandbox * Add
|
||||
mutex for container list in sandbox
|
||||
|
||||
---
|
||||
src/daemon/sandbox/sandbox.cc | 4 ++++
|
||||
src/daemon/sandbox/sandbox.h | 1 +
|
||||
2 files changed, 5 insertions(+)
|
||||
|
||||
diff --git a/src/daemon/sandbox/sandbox.cc b/src/daemon/sandbox/sandbox.cc
|
||||
index 1723e95e..f391e809 100644
|
||||
--- a/src/daemon/sandbox/sandbox.cc
|
||||
+++ b/src/daemon/sandbox/sandbox.cc
|
||||
@@ -131,6 +131,7 @@ auto Sandbox::GetRuntimeHandle() const -> const std::string &
|
||||
|
||||
auto Sandbox::GetContainers() -> std::vector<std::string>
|
||||
{
|
||||
+ ReadGuard<RWMutex> lock(m_containersMutex);
|
||||
return m_containers;
|
||||
}
|
||||
|
||||
@@ -394,16 +395,19 @@ void Sandbox::RemoveLabels(const std::string &key)
|
||||
|
||||
void Sandbox::AddContainer(const std::string &id)
|
||||
{
|
||||
+ WriteGuard<RWMutex> lock(m_containersMutex);
|
||||
m_containers.push_back(id);
|
||||
}
|
||||
|
||||
void Sandbox::SetConatiners(const std::vector<std::string> &cons)
|
||||
{
|
||||
+ WriteGuard<RWMutex> lock(m_containersMutex);
|
||||
m_containers = cons;
|
||||
}
|
||||
|
||||
void Sandbox::RemoveContainer(const std::string &id)
|
||||
{
|
||||
+ WriteGuard<RWMutex> lock(m_containersMutex);
|
||||
auto it = std::find(m_containers.begin(), m_containers.end(), id);
|
||||
if (it != m_containers.end()) {
|
||||
m_containers.erase(it);
|
||||
diff --git a/src/daemon/sandbox/sandbox.h b/src/daemon/sandbox/sandbox.h
|
||||
index 0f135e70..89350131 100644
|
||||
--- a/src/daemon/sandbox/sandbox.h
|
||||
+++ b/src/daemon/sandbox/sandbox.h
|
||||
@@ -200,6 +200,7 @@ private:
|
||||
std::string m_networkSettings;
|
||||
// container id lists
|
||||
std::vector<std::string> m_containers;
|
||||
+ RWMutex m_containersMutex;
|
||||
// TOOD: m_sandboxConfig is a protobuf message, it can be converted to json string directly
|
||||
// if save json string directly for sandbox recover, we need to consider hot
|
||||
// upgrade between different CRI versions
|
||||
--
|
||||
2.40.1
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
From 85f6947f9f0c3a5ac7f70250b5c80627f2d18949 Mon Sep 17 00:00:00 2001
|
||||
From e9c0fb3c72bd102f24afe247bb545df210fa9aee Mon Sep 17 00:00:00 2001
|
||||
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
|
||||
Date: Tue, 1 Aug 2023 15:05:55 +0800
|
||||
Subject: [PATCH] fix execlp not enough args
|
||||
Date: Tue, 12 Sep 2023 03:55:17 +0000
|
||||
Subject: [PATCH 16/33] !2180 fix execlp not enough args * fix execlp not
|
||||
enough args
|
||||
|
||||
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
|
||||
---
|
||||
cmake/set_build_flags.cmake | 2 +-
|
||||
test/fuzz/CMakeLists.txt | 2 +-
|
||||
@ -11,7 +11,7 @@ Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
|
||||
3 files changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/cmake/set_build_flags.cmake b/cmake/set_build_flags.cmake
|
||||
index ba250cd..09c85c6 100644
|
||||
index ba250cdc..09c85c65 100644
|
||||
--- a/cmake/set_build_flags.cmake
|
||||
+++ b/cmake/set_build_flags.cmake
|
||||
@@ -3,7 +3,7 @@ set(CMAKE_C_FLAGS "-fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -Wall -fP
|
||||
@ -24,7 +24,7 @@ index ba250cd..09c85c6 100644
|
||||
endif()
|
||||
set(CMAKE_SHARED_LINKER_FLAGS "-Wl,-E -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wtrampolines -shared -pthread")
|
||||
diff --git a/test/fuzz/CMakeLists.txt b/test/fuzz/CMakeLists.txt
|
||||
index 478a401..617a168 100644
|
||||
index 478a4012..617a168f 100644
|
||||
--- a/test/fuzz/CMakeLists.txt
|
||||
+++ b/test/fuzz/CMakeLists.txt
|
||||
@@ -34,7 +34,7 @@ MESSAGE(STATUS "GCLANG_PP_BINARY is set to ${GCLANG_PP_BINARY}")
|
||||
@ -37,7 +37,7 @@ index 478a401..617a168 100644
|
||||
|
||||
SET(EXE0 test_volume_mount_spec_fuzz)
|
||||
diff --git a/test/image/oci/oci_ut_common.cc b/test/image/oci/oci_ut_common.cc
|
||||
index 1158ae8..9fa25d1 100644
|
||||
index 1158ae85..9fa25d1c 100644
|
||||
--- a/test/image/oci/oci_ut_common.cc
|
||||
+++ b/test/image/oci/oci_ut_common.cc
|
||||
@@ -22,7 +22,7 @@
|
||||
@ -50,5 +50,5 @@ index 1158ae8..9fa25d1 100644
|
||||
}
|
||||
|
||||
--
|
||||
2.25.1
|
||||
2.40.1
|
||||
|
||||
200
0017-2135-modify-incorrect-variable-type.patch
Normal file
200
0017-2135-modify-incorrect-variable-type.patch
Normal file
@ -0,0 +1,200 @@
|
||||
From e7f21e04b8710ec60045ba26ebdda5ce8a0c0f09 Mon Sep 17 00:00:00 2001
|
||||
From: zhongtao <zhongtao17@huawei.com>
|
||||
Date: Mon, 28 Aug 2023 06:46:10 +0000
|
||||
Subject: [PATCH 17/33] !2135 modify incorrect variable type * modify incorrect
|
||||
variable type
|
||||
|
||||
---
|
||||
src/client/connect/protocol_type.h | 2 +-
|
||||
src/daemon/modules/image/oci/oci_load.c | 4 ++--
|
||||
src/daemon/modules/image/oci/registry/registry.c | 12 +++++++-----
|
||||
.../oci/storage/layer_store/graphdriver/driver.c | 2 +-
|
||||
.../image/oci/storage/layer_store/layer_store.c | 15 +++++++++------
|
||||
src/daemon/modules/image/oci/storage/storage.c | 2 +-
|
||||
src/daemon/modules/image/oci/utils_images.c | 4 ++--
|
||||
src/daemon/modules/service/service_container.c | 2 +-
|
||||
8 files changed, 24 insertions(+), 19 deletions(-)
|
||||
|
||||
diff --git a/src/client/connect/protocol_type.h b/src/client/connect/protocol_type.h
|
||||
index 62d27c91..4206c50b 100644
|
||||
--- a/src/client/connect/protocol_type.h
|
||||
+++ b/src/client/connect/protocol_type.h
|
||||
@@ -244,7 +244,7 @@ typedef struct container_events_format {
|
||||
char *opt;
|
||||
char *id;
|
||||
char **annotations;
|
||||
- char annotations_len;
|
||||
+ size_t annotations_len;
|
||||
} container_events_format_t;
|
||||
|
||||
typedef void (*container_events_callback_t)(const container_events_format_t *event);
|
||||
diff --git a/src/daemon/modules/image/oci/oci_load.c b/src/daemon/modules/image/oci/oci_load.c
|
||||
index 5511a70c..5e062d44 100644
|
||||
--- a/src/daemon/modules/image/oci/oci_load.c
|
||||
+++ b/src/daemon/modules/image/oci/oci_load.c
|
||||
@@ -164,7 +164,7 @@ static void oci_load_free_layer(load_layer_blob_t *l)
|
||||
|
||||
static void oci_load_free_image(load_image_t *im)
|
||||
{
|
||||
- int i = 0;
|
||||
+ size_t i = 0;
|
||||
|
||||
if (im == NULL) {
|
||||
return;
|
||||
@@ -406,7 +406,7 @@ out:
|
||||
|
||||
static int check_time_valid(oci_image_spec *conf)
|
||||
{
|
||||
- int i = 0;
|
||||
+ size_t i = 0;
|
||||
|
||||
if (!oci_valid_time(conf->created)) {
|
||||
ERROR("Invalid created time %s", conf->created);
|
||||
diff --git a/src/daemon/modules/image/oci/registry/registry.c b/src/daemon/modules/image/oci/registry/registry.c
|
||||
index 5c660bc9..e0b46e2e 100644
|
||||
--- a/src/daemon/modules/image/oci/registry/registry.c
|
||||
+++ b/src/daemon/modules/image/oci/registry/registry.c
|
||||
@@ -655,18 +655,20 @@ static int register_layer(pull_descriptor *desc, size_t i)
|
||||
|
||||
static int get_top_layer_index(pull_descriptor *desc, size_t *top_layer_index)
|
||||
{
|
||||
- int i = 0;
|
||||
+ size_t i;
|
||||
|
||||
if (desc == NULL || top_layer_index == NULL) {
|
||||
ERROR("Invalid NULL pointer");
|
||||
return -1;
|
||||
}
|
||||
-
|
||||
- for (i = desc->layers_len - 1; i >= 0; i--) {
|
||||
- if (desc->layers[i].empty_layer) {
|
||||
+ // iterate over the layers array in reverse order, starting from the last layer
|
||||
+ // since i is an unsigned number, i traverses from layers_len to 1
|
||||
+ for (i = desc->layers_len; i > 0; i--) {
|
||||
+ // the corresponding array index is [i - 1]: layers_len - 1 -> 0
|
||||
+ if (desc->layers[i - 1].empty_layer) {
|
||||
continue;
|
||||
}
|
||||
- *top_layer_index = i;
|
||||
+ *top_layer_index = i - 1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c
|
||||
index b1790af1..fc2857b6 100644
|
||||
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c
|
||||
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c
|
||||
@@ -345,7 +345,7 @@ int graphdriver_apply_diff(const char *id, const struct io_read_wrapper *content
|
||||
container_inspect_graph_driver *graphdriver_get_metadata(const char *id)
|
||||
{
|
||||
int ret = -1;
|
||||
- int i = 0;
|
||||
+ size_t i = 0;
|
||||
container_inspect_graph_driver *inspect_driver = NULL;
|
||||
json_map_string_string *metadata = NULL;
|
||||
|
||||
diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
|
||||
index 8d8384b8..6ea3c48b 100644
|
||||
--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
|
||||
+++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
|
||||
@@ -747,7 +747,7 @@ out:
|
||||
static int insert_memory_stores(const char *id, const struct layer_opts *opts, layer_t *l)
|
||||
{
|
||||
int ret = 0;
|
||||
- int i = 0;
|
||||
+ size_t i = 0;
|
||||
|
||||
if (!append_layer_into_list(l)) {
|
||||
ret = -1;
|
||||
@@ -788,9 +788,12 @@ clear_compress_digest:
|
||||
(void)delete_digest_from_map(g_metadata.by_compress_digest, l->slayer->compressed_diff_digest, id);
|
||||
}
|
||||
clear_by_name:
|
||||
- for (i = i - 1; i >= 0; i--) {
|
||||
- if (!map_remove(g_metadata.by_name, (void *)opts->names[i])) {
|
||||
- WARN("Remove name: %s failed", opts->names[i]);
|
||||
+ // iterate over the names in reverse order, starting from the last name
|
||||
+ // since i is an unsigned number, i traverses from inserted name len to 1
|
||||
+ for (; i > 0; i--) {
|
||||
+ // the corresponding array index is [i - 1]: inserted name len - 1 -> 0
|
||||
+ if (!map_remove(g_metadata.by_name, (void *)opts->names[i - 1])) {
|
||||
+ WARN("Remove name: %s failed", opts->names[i - 1]);
|
||||
}
|
||||
}
|
||||
if (!map_remove(g_metadata.by_id, (void *)id)) {
|
||||
@@ -1812,7 +1815,7 @@ void layer_store_exit()
|
||||
static uint64_t payload_to_crc(char *payload)
|
||||
{
|
||||
int ret = 0;
|
||||
- int i = 0;
|
||||
+ size_t i = 0;
|
||||
uint64_t crc = 0;
|
||||
uint8_t *crc_sums = NULL;
|
||||
size_t crc_sums_len = 0;
|
||||
@@ -2232,7 +2235,7 @@ int remote_load_one_layer(const char *id)
|
||||
{
|
||||
int ret = 0;
|
||||
layer_t *tl = NULL;
|
||||
- int i = 0;
|
||||
+ size_t i = 0;
|
||||
|
||||
if (!layer_store_lock(true)) {
|
||||
return -1;
|
||||
diff --git a/src/daemon/modules/image/oci/storage/storage.c b/src/daemon/modules/image/oci/storage/storage.c
|
||||
index aa442ecf..13f8bb53 100644
|
||||
--- a/src/daemon/modules/image/oci/storage/storage.c
|
||||
+++ b/src/daemon/modules/image/oci/storage/storage.c
|
||||
@@ -1538,7 +1538,7 @@ out:
|
||||
|
||||
static bool is_rootfs_layer(const char *layer_id, const struct rootfs_list *all_rootfs)
|
||||
{
|
||||
- int j;
|
||||
+ size_t j;
|
||||
|
||||
if (all_rootfs == NULL || layer_id == NULL) {
|
||||
return false;
|
||||
diff --git a/src/daemon/modules/image/oci/utils_images.c b/src/daemon/modules/image/oci/utils_images.c
|
||||
index a233c2b1..2c5656c6 100644
|
||||
--- a/src/daemon/modules/image/oci/utils_images.c
|
||||
+++ b/src/daemon/modules/image/oci/utils_images.c
|
||||
@@ -450,7 +450,7 @@ static char *convert_created_by(image_manifest_v1_compatibility *config)
|
||||
int add_rootfs_and_history(const layer_blob *layers, size_t layers_len, const registry_manifest_schema1 *manifest,
|
||||
docker_image_config_v2 *config)
|
||||
{
|
||||
- int i = 0;
|
||||
+ size_t i = 0;
|
||||
int ret = 0;
|
||||
size_t history_index = 0;
|
||||
parser_error err = NULL;
|
||||
@@ -511,7 +511,7 @@ int add_rootfs_and_history(const layer_blob *layers, size_t layers_len, const re
|
||||
|
||||
ret = util_array_append(&config->rootfs->diff_ids, layers[i].diff_id);
|
||||
if (ret != 0) {
|
||||
- ERROR("append diff id of layer %u to rootfs failed, diff id is %s", i, layers[i].diff_id);
|
||||
+ ERROR("append diff id of layer %zu to rootfs failed, diff id is %s", i, layers[i].diff_id);
|
||||
ret = -1;
|
||||
goto out;
|
||||
}
|
||||
diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
|
||||
index 83d82201..1fa2559d 100644
|
||||
--- a/src/daemon/modules/service/service_container.c
|
||||
+++ b/src/daemon/modules/service/service_container.c
|
||||
@@ -320,7 +320,6 @@ static int write_env_content(const char *env_path, const char **env, size_t env_
|
||||
int fd = -1;
|
||||
size_t i = 0;
|
||||
ssize_t nret = 0;
|
||||
- int env_max = 4096;
|
||||
|
||||
ret = create_env_path_dir(env_path);
|
||||
if (ret < 0) {
|
||||
@@ -335,6 +334,7 @@ static int write_env_content(const char *env_path, const char **env, size_t env_
|
||||
}
|
||||
if (env != NULL) {
|
||||
for (i = 0; i < env_len; i++) {
|
||||
+ size_t env_max = 4096;
|
||||
if (strlen(env[i]) > env_max) {
|
||||
ERROR("Env is too long");
|
||||
ret = -1;
|
||||
--
|
||||
2.40.1
|
||||
|
||||
1575
0018-make-sure-the-input-parameter-is-not-empty-and-optim.patch
Normal file
1575
0018-make-sure-the-input-parameter-is-not-empty-and-optim.patch
Normal file
File diff suppressed because it is too large
Load Diff
332
0019-remove-password-in-url-module-and-clean-sensitive-in.patch
Normal file
332
0019-remove-password-in-url-module-and-clean-sensitive-in.patch
Normal file
@ -0,0 +1,332 @@
|
||||
From 4adc923cfaf25142aa4cbb909d65c0f3a999cc02 Mon Sep 17 00:00:00 2001
|
||||
From: zhongtao <zhongtao17@huawei.com>
|
||||
Date: Tue, 29 Aug 2023 11:41:26 +0800
|
||||
Subject: [PATCH 19/33] remove password in url module and clean sensitive info
|
||||
in struct passwd
|
||||
|
||||
Signed-off-by: zhongtao <zhongtao17@huawei.com>
|
||||
---
|
||||
.../modules/image/image_rootfs_handler.c | 13 +-
|
||||
src/utils/cpputils/url.cc | 144 +-----------------
|
||||
src/utils/cpputils/url.h | 19 +--
|
||||
3 files changed, 15 insertions(+), 161 deletions(-)
|
||||
|
||||
diff --git a/src/daemon/modules/image/image_rootfs_handler.c b/src/daemon/modules/image/image_rootfs_handler.c
|
||||
index 1a3f4307..a8036ab9 100644
|
||||
--- a/src/daemon/modules/image/image_rootfs_handler.c
|
||||
+++ b/src/daemon/modules/image/image_rootfs_handler.c
|
||||
@@ -85,6 +85,7 @@ static int proc_by_fpasswd(FILE *f_passwd, const char *user, defs_process_user *
|
||||
char buf[BUFSIZ] = { 0 };
|
||||
struct passwd pw;
|
||||
struct passwd *pwbufp = NULL;
|
||||
+ int ret = -1;
|
||||
|
||||
if (f_passwd != NULL) {
|
||||
#if defined (__ANDROID__) || defined(__MUSL__)
|
||||
@@ -116,7 +117,7 @@ static int proc_by_fpasswd(FILE *f_passwd, const char *user, defs_process_user *
|
||||
if (errval != 0 && errval != ENOENT) {
|
||||
ERROR("Failed to parse passwd file: Insufficient buffer space supplied");
|
||||
isulad_set_error_message("Failed to parse passwd file: Insufficient buffer space supplied");
|
||||
- return -1;
|
||||
+ goto out;
|
||||
}
|
||||
if (!userfound && user != NULL) {
|
||||
int uret = util_safe_llong(user, &n_user);
|
||||
@@ -124,16 +125,20 @@ static int proc_by_fpasswd(FILE *f_passwd, const char *user, defs_process_user *
|
||||
if (uret != 0) {
|
||||
ERROR("Unable to find user '%s'", user);
|
||||
isulad_set_error_message("Unable to find user '%s': no matching entries in passwd file", user);
|
||||
- return -1;
|
||||
+ goto out;
|
||||
}
|
||||
if (n_user < MINUID || n_user > MAXUID) {
|
||||
uids_gids_range_err_log();
|
||||
- return -1;
|
||||
+ goto out;
|
||||
}
|
||||
puser->uid = (uid_t)n_user;
|
||||
}
|
||||
+ ret = 0;
|
||||
|
||||
- return 0;
|
||||
+out:
|
||||
+ memset(buf, 0, sizeof(buf));
|
||||
+ memset(pwbufp, 0, sizeof(struct passwd));
|
||||
+ return ret;
|
||||
}
|
||||
|
||||
static int append_additional_gids(gid_t gid, gid_t **additional_gids, size_t *len)
|
||||
diff --git a/src/utils/cpputils/url.cc b/src/utils/cpputils/url.cc
|
||||
index 117eba7e..baaded07 100644
|
||||
--- a/src/utils/cpputils/url.cc
|
||||
+++ b/src/utils/cpputils/url.cc
|
||||
@@ -266,12 +266,7 @@ std::string Escape(const std::string &s, const EncodeMode &mode)
|
||||
|
||||
UserInfo *User(const std::string &username) noexcept
|
||||
{
|
||||
- return new UserInfo { username, "", false };
|
||||
-}
|
||||
-
|
||||
-UserInfo *UserPassword(const std::string &username, const std::string &password) noexcept
|
||||
-{
|
||||
- return new UserInfo { username, password, true };
|
||||
+ return new UserInfo { username };
|
||||
}
|
||||
|
||||
int Getscheme(const std::string &rawurl, std::string &scheme, std::string &path)
|
||||
@@ -324,24 +319,6 @@ void Split(const std::string &s, const std::string &c, bool cutc, std::string &t
|
||||
u = s.substr(i, s.size());
|
||||
}
|
||||
|
||||
-URLDatum *Parse(const std::string &rawurl)
|
||||
-{
|
||||
- std::string u, frag;
|
||||
- Split(rawurl, "#", true, u, frag);
|
||||
- auto *url = Parse(u, false);
|
||||
- if (url == nullptr) {
|
||||
- return nullptr;
|
||||
- }
|
||||
- if (frag.empty()) {
|
||||
- return url;
|
||||
- }
|
||||
- url->SetFragment(Unescape(frag, EncodeMode::ENCODE_FRAGMENT));
|
||||
- if (url->GetFragment().empty()) {
|
||||
- return nullptr;
|
||||
- }
|
||||
- return url;
|
||||
-}
|
||||
-
|
||||
int SplitOffPossibleLeading(std::string &scheme, const std::string &rawurl, URLDatum *url, std::string &rest)
|
||||
{
|
||||
if (Getscheme(rawurl, scheme, rest) != 0) {
|
||||
@@ -385,108 +362,6 @@ URLDatum *HandleNonBackslashPrefix(URLDatum *url, const std::string &scheme, con
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
-int SetURLDatumInfo(URLDatum *url, const std::string &scheme, bool viaRequest, std::string &rest)
|
||||
-{
|
||||
- if ((!scheme.empty() || (!viaRequest && rest.substr(0, 3) == "///")) && rest.substr(0, 2) == "//") {
|
||||
- std::string authority;
|
||||
- Split(rest.substr(2, rest.size()), "/", false, authority, rest);
|
||||
- std::string host = url->GetHost();
|
||||
- UserInfo *user = url->GetUser();
|
||||
- if (ParseAuthority(authority, &user, host)) {
|
||||
- return -1;
|
||||
- }
|
||||
- url->SetHost(host);
|
||||
- url->SetUser(user);
|
||||
- }
|
||||
- if (url->SetPath(rest)) {
|
||||
- return -1;
|
||||
- }
|
||||
- url->SetScheme(scheme);
|
||||
- return 0;
|
||||
-}
|
||||
-
|
||||
-URLDatum *Parse(const std::string &rawurl, bool viaRequest)
|
||||
-{
|
||||
- if (rawurl.empty() && viaRequest) {
|
||||
- ERROR("empty url!");
|
||||
- return nullptr;
|
||||
- }
|
||||
- auto *url = new (std::nothrow) URLDatum;
|
||||
- if (url == nullptr) {
|
||||
- ERROR("Out of memory");
|
||||
- return nullptr;
|
||||
- }
|
||||
- if (rawurl == "*") {
|
||||
- url->SetPathWithoutEscape("*");
|
||||
- return url;
|
||||
- }
|
||||
- std::string scheme = url->GetScheme();
|
||||
- std::string rest;
|
||||
- if (SplitOffPossibleLeading(scheme, rawurl, url, rest) != 0) {
|
||||
- return nullptr;
|
||||
- }
|
||||
- bool shouldRet = false;
|
||||
- auto *tmpret = HandleNonBackslashPrefix(url, scheme, rest, viaRequest, shouldRet);
|
||||
- if (shouldRet) {
|
||||
- return tmpret;
|
||||
- }
|
||||
- if (SetURLDatumInfo(url, scheme, viaRequest, rest) != 0) {
|
||||
- return nullptr;
|
||||
- }
|
||||
- return url;
|
||||
-}
|
||||
-
|
||||
-int ParseAuthority(const std::string &authority, UserInfo **user, std::string &host)
|
||||
-{
|
||||
- size_t i = authority.find("@");
|
||||
- if (i == std::string::npos) {
|
||||
- if (ParseHost(authority, host) != 0) {
|
||||
- *user = nullptr;
|
||||
- host = "";
|
||||
- return -1;
|
||||
- }
|
||||
- } else {
|
||||
- if (ParseHost(authority.substr(i + 1, authority.size()), host) != 0) {
|
||||
- *user = nullptr;
|
||||
- host = "";
|
||||
- return -1;
|
||||
- }
|
||||
- }
|
||||
- if (i == std::string::npos) {
|
||||
- *user = nullptr;
|
||||
- return 0;
|
||||
- }
|
||||
-
|
||||
- std::string userinfo = authority.substr(0, i);
|
||||
- if (!ValidUserinfo(userinfo)) {
|
||||
- *user = nullptr;
|
||||
- host = "";
|
||||
- ERROR("net/url: invalid userinfo");
|
||||
- return -1;
|
||||
- }
|
||||
- if (userinfo.find(":") == std::string::npos) {
|
||||
- userinfo = Unescape(userinfo, EncodeMode::ENCODE_USER_PASSWORD);
|
||||
- if (userinfo.empty()) {
|
||||
- *user = nullptr;
|
||||
- host = "";
|
||||
- return -1;
|
||||
- }
|
||||
- *user = User(userinfo);
|
||||
- } else {
|
||||
- std::string servername, serverword;
|
||||
- Split(userinfo, ":", true, servername, serverword);
|
||||
- servername = Unescape(servername, EncodeMode::ENCODE_USER_PASSWORD);
|
||||
- serverword = Unescape(serverword, EncodeMode::ENCODE_USER_PASSWORD);
|
||||
- if (servername.empty() || serverword.empty()) {
|
||||
- *user = nullptr;
|
||||
- host = "";
|
||||
- return -1;
|
||||
- }
|
||||
- *user = UserPassword(servername, serverword);
|
||||
- }
|
||||
- return 0;
|
||||
-}
|
||||
-
|
||||
int ParseHost(std::string host, std::string &out)
|
||||
{
|
||||
if (host.at(0) == '[') {
|
||||
@@ -756,9 +631,6 @@ std::string UserInfo::String() const
|
||||
std::string s;
|
||||
if (!m_username.empty()) {
|
||||
s = Escape(m_username, EncodeMode::ENCODE_USER_PASSWORD);
|
||||
- if (m_passwordSet) {
|
||||
- s += ":" + Escape(m_password, EncodeMode::ENCODE_USER_PASSWORD);
|
||||
- }
|
||||
}
|
||||
return s;
|
||||
}
|
||||
@@ -766,11 +638,6 @@ std::string UserInfo::Username() const
|
||||
{
|
||||
return m_username;
|
||||
}
|
||||
-std::string UserInfo::Password(bool &set) const
|
||||
-{
|
||||
- set = m_passwordSet;
|
||||
- return m_password;
|
||||
-}
|
||||
|
||||
URLDatum::~URLDatum()
|
||||
{
|
||||
@@ -860,15 +727,6 @@ bool URLDatum::IsAbs() const
|
||||
return (m_scheme != "");
|
||||
}
|
||||
|
||||
-std::unique_ptr<URLDatum> URLDatum::UrlParse(const std::string &ref)
|
||||
-{
|
||||
- auto *refurl = Parse(ref);
|
||||
- if (refurl == nullptr) {
|
||||
- return nullptr;
|
||||
- }
|
||||
- return ResolveReference(refurl);
|
||||
-}
|
||||
-
|
||||
std::unique_ptr<URLDatum> URLDatum::ResolveReference(URLDatum *ref)
|
||||
{
|
||||
std::unique_ptr<URLDatum> url(new (std::nothrow) URLDatum(*ref));
|
||||
diff --git a/src/utils/cpputils/url.h b/src/utils/cpputils/url.h
|
||||
index abbf20f4..3dd40079 100644
|
||||
--- a/src/utils/cpputils/url.h
|
||||
+++ b/src/utils/cpputils/url.h
|
||||
@@ -49,17 +49,13 @@ private:
|
||||
|
||||
class UserInfo {
|
||||
public:
|
||||
- UserInfo(const std::string &u, const std::string &p, bool b) : m_username(u), m_password(p),
|
||||
- m_passwordSet(b) {}
|
||||
+ UserInfo(const std::string &u) : m_username(u) {}
|
||||
~UserInfo() = default;
|
||||
std::string String() const;
|
||||
std::string Username() const;
|
||||
- std::string Password(bool &set) const;
|
||||
|
||||
private:
|
||||
std::string m_username;
|
||||
- std::string m_password;
|
||||
- bool m_passwordSet;
|
||||
};
|
||||
|
||||
class URLDatum {
|
||||
@@ -69,7 +65,6 @@ public:
|
||||
std::string EscapedPath();
|
||||
std::string String();
|
||||
bool IsAbs() const;
|
||||
- std::unique_ptr<URLDatum> UrlParse(const std::string &ref);
|
||||
std::unique_ptr<URLDatum> ResolveReference(URLDatum *ref);
|
||||
auto Query()->std::map<std::string, std::vector<std::string>>;
|
||||
std::string RequestURI();
|
||||
@@ -88,7 +83,7 @@ public:
|
||||
{
|
||||
m_opaque = value;
|
||||
}
|
||||
- std::string GetOpaque() const
|
||||
+ std::string GetOpaque() const
|
||||
{
|
||||
return m_opaque;
|
||||
}
|
||||
@@ -96,7 +91,7 @@ public:
|
||||
{
|
||||
m_user = value;
|
||||
}
|
||||
- UserInfo *GetUser() const
|
||||
+ UserInfo *GetUser() const
|
||||
{
|
||||
return m_user;
|
||||
}
|
||||
@@ -128,7 +123,7 @@ public:
|
||||
{
|
||||
m_rawQuery = value;
|
||||
}
|
||||
- std::string GetRawQuery() const
|
||||
+ std::string GetRawQuery() const
|
||||
{
|
||||
return m_rawQuery;
|
||||
}
|
||||
@@ -136,7 +131,7 @@ public:
|
||||
{
|
||||
m_fragment = value;
|
||||
}
|
||||
- std::string GetFragment() const
|
||||
+ std::string GetFragment() const
|
||||
{
|
||||
return m_fragment;
|
||||
}
|
||||
@@ -163,13 +158,9 @@ std::string QueryUnescape(const std::string &s);
|
||||
std::string Unescape(std::string s, const EncodeMode &mode);
|
||||
std::string QueryEscape(const std::string &s);
|
||||
std::string Escape(const std::string &s, const EncodeMode &mode);
|
||||
-UserInfo *UserPassword(const std::string &username, const std::string &password) noexcept;
|
||||
UserInfo *User(const std::string &username) noexcept;
|
||||
int Getscheme(const std::string &rawurl, std::string &scheme, std::string &path);
|
||||
void Split(const std::string &s, const std::string &c, bool cutc, std::string &t, std::string &u);
|
||||
-URLDatum *Parse(const std::string &rawurl);
|
||||
-URLDatum *Parse(const std::string &rawurl, bool viaRequest);
|
||||
-int ParseAuthority(const std::string &authority, UserInfo **user, std::string &host);
|
||||
int ParseHost(std::string host, std::string &out);
|
||||
bool ValidEncodedPath(const std::string &s);
|
||||
bool ValidOptionalPort(const std::string &port);
|
||||
--
|
||||
2.40.1
|
||||
|
||||
447
0020-2153-fix-codecheck.patch
Normal file
447
0020-2153-fix-codecheck.patch
Normal file
@ -0,0 +1,447 @@
|
||||
From d9c60a7309f3616c1d9d0051ba338a8def37a538 Mon Sep 17 00:00:00 2001
|
||||
From: zhongtao <zhongtao17@huawei.com>
|
||||
Date: Tue, 29 Aug 2023 09:38:53 +0000
|
||||
Subject: [PATCH 20/33] !2153 fix codecheck * fix codecheck
|
||||
|
||||
---
|
||||
src/daemon/modules/image/embedded/load.c | 2 +-
|
||||
src/daemon/modules/image/image.c | 4 +-
|
||||
src/daemon/modules/image/oci/oci_login.h | 2 -
|
||||
src/daemon/modules/image/oci/oci_logout.h | 2 -
|
||||
.../oci/storage/image_store/image_store.c | 1 -
|
||||
.../oci/storage/image_store/image_store.h | 2 -
|
||||
.../graphdriver/devmapper/deviceset.c | 9 ++-
|
||||
.../graphdriver/devmapper/deviceset.h | 5 +-
|
||||
.../graphdriver/devmapper/driver_devmapper.h | 16 ++---
|
||||
.../graphdriver/devmapper/wrapper_devmapper.h | 2 -
|
||||
.../storage/layer_store/graphdriver/driver.c | 2 +-
|
||||
.../storage/layer_store/graphdriver/driver.h | 59 ++++++++-----------
|
||||
.../graphdriver/overlay2/driver_overlay2.c | 3 -
|
||||
.../graphdriver/overlay2/driver_overlay2.h | 8 +--
|
||||
.../graphdriver/quota/project_quota.h | 1 -
|
||||
.../oci/storage/layer_store/layer_store.h | 4 --
|
||||
.../overlay_remote_impl.c | 1 -
|
||||
.../remote_layer_support/remote_support.c | 2 +-
|
||||
.../remote_layer_support/remote_support.h | 2 +-
|
||||
.../oci/storage/rootfs_store/rootfs_store.h | 4 --
|
||||
20 files changed, 46 insertions(+), 85 deletions(-)
|
||||
|
||||
diff --git a/src/daemon/modules/image/embedded/load.c b/src/daemon/modules/image/embedded/load.c
|
||||
index dc2aeba2..92ac42ad 100644
|
||||
--- a/src/daemon/modules/image/embedded/load.c
|
||||
+++ b/src/daemon/modules/image/embedded/load.c
|
||||
@@ -36,7 +36,7 @@ static char *replace_suffix_to_sgn(const char *file)
|
||||
ERROR("invalid NULL param");
|
||||
return NULL;
|
||||
}
|
||||
- if (sizeof(".sgn") > SIZE_MAX - strlen(file)) {
|
||||
+ if (strlen(file) > SIZE_MAX - sizeof(".sgn")) {
|
||||
return NULL;
|
||||
}
|
||||
len = strlen(file) + sizeof(".sgn");
|
||||
diff --git a/src/daemon/modules/image/image.c b/src/daemon/modules/image/image.c
|
||||
index 408ceea2..a14f2ac3 100644
|
||||
--- a/src/daemon/modules/image/image.c
|
||||
+++ b/src/daemon/modules/image/image.c
|
||||
@@ -784,7 +784,9 @@ int im_merge_image_config(const char *image_type, const char *image_name, contai
|
||||
int ret = 0;
|
||||
struct bim *bim = NULL;
|
||||
|
||||
- if (container_spec == NULL || image_name == NULL || image_type == NULL) {
|
||||
+ // there is no need to judge the image name as empty,
|
||||
+ // because the image name of external type allows it to be empty.
|
||||
+ if (container_spec == NULL || image_type == NULL) {
|
||||
ERROR("Invalid input arguments");
|
||||
ret = -1;
|
||||
goto out;
|
||||
diff --git a/src/daemon/modules/image/oci/oci_login.h b/src/daemon/modules/image/oci/oci_login.h
|
||||
index ab261ebd..acf6eeb6 100644
|
||||
--- a/src/daemon/modules/image/oci/oci_login.h
|
||||
+++ b/src/daemon/modules/image/oci/oci_login.h
|
||||
@@ -15,8 +15,6 @@
|
||||
#ifndef DAEMON_MODULES_IMAGE_OCI_OCI_LOGIN_H
|
||||
#define DAEMON_MODULES_IMAGE_OCI_OCI_LOGIN_H
|
||||
|
||||
-#include <stdbool.h>
|
||||
-
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
diff --git a/src/daemon/modules/image/oci/oci_logout.h b/src/daemon/modules/image/oci/oci_logout.h
|
||||
index 81f0196c..c0a9bb8b 100644
|
||||
--- a/src/daemon/modules/image/oci/oci_logout.h
|
||||
+++ b/src/daemon/modules/image/oci/oci_logout.h
|
||||
@@ -15,8 +15,6 @@
|
||||
#ifndef DAEMON_MODULES_IMAGE_OCI_OCI_LOGOUT_H
|
||||
#define DAEMON_MODULES_IMAGE_OCI_OCI_LOGOUT_H
|
||||
|
||||
-#include <stdbool.h>
|
||||
-
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c
|
||||
index b7e0f0cc..f49f4707 100644
|
||||
--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c
|
||||
+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c
|
||||
@@ -2123,7 +2123,6 @@ static int pack_repo_digest(char ***old_repo_digests, const char **image_tags, c
|
||||
}
|
||||
|
||||
for (i = 0; i < util_array_len((const char **)*repo_digests); i++) {
|
||||
- bool value = true;
|
||||
if (!map_replace(digest_map, (void *)(*repo_digests)[i], &value)) {
|
||||
ERROR("Failed to insert pair to digest map: %s", (*repo_digests)[i]);
|
||||
ret = -1;
|
||||
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.h b/src/daemon/modules/image/oci/storage/image_store/image_store.h
|
||||
index 019a2881..4544f84b 100644
|
||||
--- a/src/daemon/modules/image/oci/storage/image_store/image_store.h
|
||||
+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.h
|
||||
@@ -29,8 +29,6 @@
|
||||
#include "isula_libutils/imagetool_images_list.h"
|
||||
#include "isula_libutils/imagetool_image_summary.h"
|
||||
|
||||
-struct storage_module_init_options;
|
||||
-
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
|
||||
index 79541e54..4652c71a 100644
|
||||
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
|
||||
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
|
||||
@@ -105,7 +105,6 @@ static int handle_dm_min_free_space(char *val, struct device_set *devset)
|
||||
{
|
||||
long converted = 0;
|
||||
int ret = util_parse_percent_string(val, &converted);
|
||||
-
|
||||
if (ret != 0 || converted >= 100) {
|
||||
errno = -ret;
|
||||
SYSERROR("Invalid min free space: '%s'", val);
|
||||
@@ -293,7 +292,8 @@ static char *deviceset_meta_file(const struct device_set *devset)
|
||||
return file;
|
||||
}
|
||||
|
||||
-// get_dm_name return value format:container-253:0-409697-401641a00390ccd2b21eb464f5eb5a7b735c3731b717e7bffafe65971f4cb498
|
||||
+// get_dm_name return value format:
|
||||
+// container-253:0-409697-401641a00390ccd2b21eb464f5eb5a7b735c3731b717e7bffafe65971f4cb498
|
||||
static char *get_dm_name(const struct device_set *devset, const char *hash)
|
||||
{
|
||||
int nret = 0;
|
||||
@@ -312,7 +312,8 @@ static char *get_dm_name(const struct device_set *devset, const char *hash)
|
||||
return util_strdup_s(buff);
|
||||
}
|
||||
|
||||
-// get_dev_name return value fromat:/dev/mapper/container-253:0-409697-401641a00390ccd2b21eb464f5eb5a7b735c3731b717e7bffafe65971f4cb498
|
||||
+// get_dev_name return value fromat:
|
||||
+// /dev/mapper/container-253:0-409697-401641a00390ccd2b21eb464f5eb5a7b735c3731b717e7bffafe65971f4cb498
|
||||
static char *get_dev_name(const char *name)
|
||||
{
|
||||
return util_string_append(name, DEVMAPPER_DECICE_DIRECTORY);
|
||||
@@ -2351,7 +2352,6 @@ static int setup_base_image(struct device_set *devset)
|
||||
devmapper_device_info_t *device_info = NULL;
|
||||
|
||||
device_info = lookup_device(devset, "base");
|
||||
-
|
||||
// base image already exists. If it is initialized properly, do UUID
|
||||
// verification and return. Otherwise remove image and set it up
|
||||
// fresh.
|
||||
@@ -2504,7 +2504,6 @@ static void cleanup_deleted_devices(struct graphdriver *driver)
|
||||
goto unlock_driver;
|
||||
}
|
||||
|
||||
-
|
||||
if (driver->devset->nr_deleted_devices == 0) {
|
||||
DEBUG("devmapper: no devices to delete");
|
||||
goto unlock_devset;
|
||||
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.h b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.h
|
||||
index ec985e40..d7f7d184 100644
|
||||
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.h
|
||||
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.h
|
||||
@@ -23,10 +23,7 @@
|
||||
|
||||
#include "driver.h"
|
||||
#include "metadata_store.h"
|
||||
-
|
||||
-struct device_set;
|
||||
-struct driver_mount_opts;
|
||||
-struct graphdriver;
|
||||
+#include "devices_constants.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.h b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.h
|
||||
index 9ee020de..dca2d614 100644
|
||||
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.h
|
||||
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.h
|
||||
@@ -16,22 +16,18 @@
|
||||
#define DAEMON_MODULES_IMAGE_OCI_STORAGE_LAYER_STORE_GRAPHDRIVER_DEVMAPPER_DRIVER_DEVMAPPER_H
|
||||
|
||||
#include <pthread.h>
|
||||
-#include <isula_libutils/imagetool_fs_info.h>
|
||||
-#include <isula_libutils/json_common.h>
|
||||
#include <stdbool.h>
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
+#include <isula_libutils/imagetool_fs_info.h>
|
||||
+#include <isula_libutils/json_common.h>
|
||||
+#include <isula_libutils/image_devmapper_transaction.h>
|
||||
+#include <isula_libutils/image_devmapper_deviceset_metadata.h>
|
||||
|
||||
#include "driver.h"
|
||||
#include "map.h"
|
||||
-#include "isula_libutils/image_devmapper_transaction.h"
|
||||
-#include "isula_libutils/image_devmapper_deviceset_metadata.h"
|
||||
-
|
||||
-struct driver_create_opts;
|
||||
-struct driver_mount_opts;
|
||||
-struct graphdriver;
|
||||
-struct graphdriver_status;
|
||||
-struct io_read_wrapper;
|
||||
+#include "image_api.h"
|
||||
+#include "io_wrapper.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.h b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.h
|
||||
index 01771a3b..4b2ae82b 100644
|
||||
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.h
|
||||
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.h
|
||||
@@ -24,8 +24,6 @@
|
||||
|
||||
#include "driver.h"
|
||||
|
||||
-struct dm_task;
|
||||
-
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c
|
||||
index fc2857b6..fb549bae 100644
|
||||
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c
|
||||
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c
|
||||
@@ -1,5 +1,5 @@
|
||||
/******************************************************************************
|
||||
- * Copyright (c) Huawei Technologies Co., Ltd. 2017-2019. All rights reserved.
|
||||
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
|
||||
* iSulad licensed under the Mulan PSL v2.
|
||||
* You can use this software according to the terms and conditions of the Mulan PSL v2.
|
||||
* You may obtain a copy of Mulan PSL v2 at:
|
||||
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.h b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.h
|
||||
index acd847cc..2fcfa12b 100644
|
||||
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.h
|
||||
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.h
|
||||
@@ -1,5 +1,5 @@
|
||||
/******************************************************************************
|
||||
- * Copyright (c) Huawei Technologies Co., Ltd. 2019. All rights reserved.
|
||||
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
|
||||
* iSulad licensed under the Mulan PSL v2.
|
||||
* You can use this software according to the terms and conditions of the Mulan PSL v2.
|
||||
* You may obtain a copy of Mulan PSL v2 at:
|
||||
@@ -20,25 +20,42 @@
|
||||
#include <stddef.h>
|
||||
#include <pthread.h>
|
||||
#include <isula_libutils/imagetool_fs_info.h>
|
||||
+#include <isula_libutils/container_inspect.h>
|
||||
+#include <isula_libutils/json_common.h>
|
||||
|
||||
-#include "isula_libutils/container_inspect.h"
|
||||
-#include "isula_libutils/json_common.h"
|
||||
#include "io_wrapper.h"
|
||||
#include "driver_overlay2_types.h"
|
||||
#include "devices_constants.h"
|
||||
#include "storage.h"
|
||||
#include "image_api.h"
|
||||
-#include "isula_libutils/container_inspect.h"
|
||||
-
|
||||
-struct graphdriver_status;
|
||||
-struct io_read_wrapper;
|
||||
-struct storage_module_init_options;
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
-struct graphdriver;
|
||||
+struct graphdriver {
|
||||
+ // common implement
|
||||
+ const struct graphdriver_ops *ops;
|
||||
+ const char *name;
|
||||
+ const char *home;
|
||||
+ char *backing_fs;
|
||||
+ bool support_dtype;
|
||||
+
|
||||
+ bool support_quota;
|
||||
+#ifdef ENABLE_REMOTE_LAYER_STORE
|
||||
+ bool enable_remote_layer;
|
||||
+#endif
|
||||
+ struct pquota_control *quota_ctrl;
|
||||
+
|
||||
+ // options for overlay2
|
||||
+ struct overlay_options *overlay_opts;
|
||||
+
|
||||
+ // options for device mapper
|
||||
+ struct device_set *devset;
|
||||
+
|
||||
+ // lock to protect graphdriver between cleanup and other operations
|
||||
+ pthread_rwlock_t rwlock;
|
||||
+};
|
||||
|
||||
struct driver_create_opts {
|
||||
char *mount_label;
|
||||
@@ -81,30 +98,6 @@ struct graphdriver_ops {
|
||||
int (*get_layer_fs_info)(const char *id, const struct graphdriver *driver, imagetool_fs_info *fs_info);
|
||||
};
|
||||
|
||||
-struct graphdriver {
|
||||
- // common implement
|
||||
- const struct graphdriver_ops *ops;
|
||||
- const char *name;
|
||||
- const char *home;
|
||||
- char *backing_fs;
|
||||
- bool support_dtype;
|
||||
-
|
||||
- bool support_quota;
|
||||
-#ifdef ENABLE_REMOTE_LAYER_STORE
|
||||
- bool enable_remote_layer;
|
||||
-#endif
|
||||
- struct pquota_control *quota_ctrl;
|
||||
-
|
||||
- // options for overlay2
|
||||
- struct overlay_options *overlay_opts;
|
||||
-
|
||||
- // options for device mapper
|
||||
- struct device_set *devset;
|
||||
-
|
||||
- // lock to protect graphdriver between cleanup and other operations
|
||||
- pthread_rwlock_t rwlock;
|
||||
-};
|
||||
-
|
||||
int graphdriver_init(const struct storage_module_init_options *opts);
|
||||
|
||||
int graphdriver_create_rw(const char *id, const char *parent, struct driver_create_opts *create_opts);
|
||||
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
|
||||
index ced30b96..7517dd43 100644
|
||||
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
|
||||
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
|
||||
@@ -648,7 +648,6 @@ const static int check_lower_depth(const char *lowers_str)
|
||||
|
||||
lowers_arr = util_string_split(lowers_str, ':');
|
||||
lowers_size = util_array_len((const char **)lowers_arr);
|
||||
-
|
||||
if (lowers_size > OVERLAY_LAYER_MAX_DEPTH) {
|
||||
ERROR("Max depth exceeded %s", lowers_str);
|
||||
ret = -1;
|
||||
@@ -1274,7 +1273,6 @@ static int append_rel_empty_path(const char *id, char ***rel_lowers)
|
||||
char *rel_path = NULL;
|
||||
|
||||
rel_path = util_string_append("/empty", id);
|
||||
-
|
||||
if (util_array_append(rel_lowers, rel_path) != 0) {
|
||||
SYSERROR("Can't append relative layer:%s", rel_path);
|
||||
ret = -1;
|
||||
@@ -2181,7 +2179,6 @@ int overlay2_repair_lowers(const char *id, const char *parent, const struct grap
|
||||
lowers_str = read_layer_lower_file(layer_dir);
|
||||
lowers_arr = util_string_split(lowers_str, ':');
|
||||
lowers_size = util_array_len((const char **)lowers_arr);
|
||||
-
|
||||
if (lowers_size != 0) {
|
||||
if (check_lower_valid(driver->home, lowers_arr[0]) == 0) {
|
||||
DEBUG("Try to repair layer %s, success check", id);
|
||||
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.h b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.h
|
||||
index 438c508e..444c0670 100644
|
||||
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.h
|
||||
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.h
|
||||
@@ -22,12 +22,8 @@
|
||||
#include <stdint.h>
|
||||
|
||||
#include "driver.h"
|
||||
-
|
||||
-struct driver_create_opts;
|
||||
-struct driver_mount_opts;
|
||||
-struct graphdriver;
|
||||
-struct graphdriver_status;
|
||||
-struct io_read_wrapper;
|
||||
+#include "image_api.h"
|
||||
+#include "io_wrapper.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.h b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.h
|
||||
index 94230faa..6cda7456 100644
|
||||
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.h
|
||||
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.h
|
||||
@@ -33,7 +33,6 @@
|
||||
#include <fcntl.h>
|
||||
#include <stdlib.h>
|
||||
#include <inttypes.h>
|
||||
-#include <linux/magic.h>
|
||||
#include <linux/dqblk_xfs.h>
|
||||
#include <errno.h>
|
||||
#include <libgen.h>
|
||||
diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.h b/src/daemon/modules/image/oci/storage/layer_store/layer_store.h
|
||||
index 20287119..eba406d4 100644
|
||||
--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.h
|
||||
+++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.h
|
||||
@@ -24,10 +24,6 @@
|
||||
#include "storage.h"
|
||||
#include "io_wrapper.h"
|
||||
|
||||
-struct io_read_wrapper;
|
||||
-struct layer_list;
|
||||
-struct storage_module_init_options;
|
||||
-
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c b/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c
|
||||
index 38d9b0ce..86e05ac2 100644
|
||||
--- a/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c
|
||||
+++ b/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c
|
||||
@@ -185,7 +185,6 @@ static int remove_one_remote_overlay_layer(struct remote_overlay_data *data, con
|
||||
}
|
||||
|
||||
link_id = (char *)map_search(overlay_id_link, (void *)overlay_id);
|
||||
-
|
||||
if (link_id == NULL) {
|
||||
ERROR("Failed to find link id for overlay layer: %s", overlay_id);
|
||||
ret = -1;
|
||||
diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c
|
||||
index 5bf9869b..eb919321 100644
|
||||
--- a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c
|
||||
+++ b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c
|
||||
@@ -1,5 +1,5 @@
|
||||
/******************************************************************************
|
||||
- * Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved.
|
||||
+ * Copyright (c) Huawei Technologies Co., Ltd. 2023. All rights reserved.
|
||||
* iSulad licensed under the Mulan PSL v2.
|
||||
* You can use this software according to the terms and conditions of the Mulan PSL v2.
|
||||
* You may obtain a copy of Mulan PSL v2 at:
|
||||
diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.h b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.h
|
||||
index 30e3ebb0..545cbe49 100644
|
||||
--- a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.h
|
||||
+++ b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.h
|
||||
@@ -1,5 +1,5 @@
|
||||
/******************************************************************************
|
||||
- * Copyright (c) Huawei Technologies Co., Ltd. 2020-2023. All rights reserved.
|
||||
+ * Copyright (c) Huawei Technologies Co., Ltd. 2023. All rights reserved.
|
||||
* iSulad licensed under the Mulan PSL v2.
|
||||
* You can use this software according to the terms and conditions of the Mulan PSL v2.
|
||||
* You may obtain a copy of Mulan PSL v2 at:
|
||||
diff --git a/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.h b/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.h
|
||||
index 63f3294b..d618c401 100644
|
||||
--- a/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.h
|
||||
+++ b/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.h
|
||||
@@ -24,10 +24,6 @@
|
||||
#include "storage.h"
|
||||
#include "rootfs.h"
|
||||
|
||||
-struct rootfs_list;
|
||||
-struct storage_module_init_options;
|
||||
-struct storage_rootfs_options;
|
||||
-
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
--
|
||||
2.40.1
|
||||
|
||||
25
0021-2157-bugfix-for-memset.patch
Normal file
25
0021-2157-bugfix-for-memset.patch
Normal file
@ -0,0 +1,25 @@
|
||||
From 14bc12be8e4219a78b877e60affd4f584ccab220 Mon Sep 17 00:00:00 2001
|
||||
From: zhongtao <zhongtao17@huawei.com>
|
||||
Date: Tue, 29 Aug 2023 13:18:34 +0000
|
||||
Subject: [PATCH 21/33] !2157 bugfix for memset * bugfix for memset
|
||||
|
||||
---
|
||||
src/daemon/modules/image/image_rootfs_handler.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/daemon/modules/image/image_rootfs_handler.c b/src/daemon/modules/image/image_rootfs_handler.c
|
||||
index a8036ab9..ceea4f5b 100644
|
||||
--- a/src/daemon/modules/image/image_rootfs_handler.c
|
||||
+++ b/src/daemon/modules/image/image_rootfs_handler.c
|
||||
@@ -137,7 +137,7 @@ static int proc_by_fpasswd(FILE *f_passwd, const char *user, defs_process_user *
|
||||
|
||||
out:
|
||||
memset(buf, 0, sizeof(buf));
|
||||
- memset(pwbufp, 0, sizeof(struct passwd));
|
||||
+ memset(&pw, 0, sizeof(struct passwd));
|
||||
return ret;
|
||||
}
|
||||
|
||||
--
|
||||
2.40.1
|
||||
|
||||
223
0022-2159-use-macros-to-isolate-the-password-option-of-lo.patch
Normal file
223
0022-2159-use-macros-to-isolate-the-password-option-of-lo.patch
Normal file
@ -0,0 +1,223 @@
|
||||
From 0c0bc7a873cb5377aa0d5587c28d711a09f00811 Mon Sep 17 00:00:00 2001
|
||||
From: zhongtao <zhongtao17@huawei.com>
|
||||
Date: Wed, 30 Aug 2023 09:56:29 +0000
|
||||
Subject: [PATCH 22/33] !2159 use macros to isolate the password option of
|
||||
login and the plugin module * use macros to isolate the password option of
|
||||
login and the plugin module
|
||||
|
||||
---
|
||||
cmake/options.cmake | 14 ++++++++++
|
||||
src/cmd/isula/images/login.h | 28 +++++++++++++------
|
||||
src/cmd/isulad/main.c | 2 ++
|
||||
.../executor/container_cb/execution_create.c | 2 ++
|
||||
src/daemon/modules/CMakeLists.txt | 13 +++++++--
|
||||
src/daemon/modules/api/CMakeLists.txt | 3 ++
|
||||
.../container/container_events_handler.c | 2 ++
|
||||
.../modules/service/service_container.c | 4 +++
|
||||
8 files changed, 57 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/cmake/options.cmake b/cmake/options.cmake
|
||||
index 5fc5c221..e733fd1c 100644
|
||||
--- a/cmake/options.cmake
|
||||
+++ b/cmake/options.cmake
|
||||
@@ -138,6 +138,20 @@ if (ENABLE_NATIVE_NETWORK OR ENABLE_GRPC)
|
||||
set(ENABLE_NETWORK 1)
|
||||
endif()
|
||||
|
||||
+option(ENABLE_PLUGIN "enable plugin module" OFF)
|
||||
+if (ENABLE_PLUGIN STREQUAL "ON")
|
||||
+ add_definitions(-DENABLE_PLUGIN=1)
|
||||
+ set(ENABLE_PLUGIN 1)
|
||||
+ message("${Green}-- Enable plugin module${ColourReset}")
|
||||
+endif()
|
||||
+
|
||||
+option(ENABLE_LOGIN_PASSWORD_OPTION "enable login password option" ON)
|
||||
+if (ENABLE_LOGIN_PASSWORD_OPTION STREQUAL "ON")
|
||||
+ add_definitions(-DENABLE_LOGIN_PASSWORD_OPTION=1)
|
||||
+ set(ENABLE_LOGIN_PASSWORD_OPTION 1)
|
||||
+ message("${Green}-- Enable login password option${ColourReset}")
|
||||
+endif()
|
||||
+
|
||||
option(EANBLE_IMAGE_LIBARAY "create libisulad_image.so" ON)
|
||||
if (EANBLE_IMAGE_LIBARAY STREQUAL "ON")
|
||||
add_definitions(-DEANBLE_IMAGE_LIBARAY)
|
||||
diff --git a/src/cmd/isula/images/login.h b/src/cmd/isula/images/login.h
|
||||
index 5f9a676c..38829cba 100644
|
||||
--- a/src/cmd/isula/images/login.h
|
||||
+++ b/src/cmd/isula/images/login.h
|
||||
@@ -24,16 +24,28 @@
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
+#ifdef ENABLE_LOGIN_PASSWORD_OPTION
|
||||
#define LOGIN_OPTIONS(cmdargs) \
|
||||
- { CMD_OPT_TYPE_STRING_DUP, false, "username", 'u', &(cmdargs).username, "Username", NULL }, \
|
||||
- { CMD_OPT_TYPE_STRING_DUP, false, "password", 'p', &(cmdargs).password, "Password", NULL }, \
|
||||
- { CMD_OPT_TYPE_BOOL, \
|
||||
- false, \
|
||||
- "password-stdin", \
|
||||
- 0, \
|
||||
- &(cmdargs).password_stdin, \
|
||||
- "Take the password from stdin", \
|
||||
+ { CMD_OPT_TYPE_STRING_DUP, false, "username", 'u', &(cmdargs).username, "Username", NULL }, \
|
||||
+ { CMD_OPT_TYPE_STRING_DUP, false, "password", 'p', &(cmdargs).password, "Password", NULL }, \
|
||||
+ { CMD_OPT_TYPE_BOOL, \
|
||||
+ false, \
|
||||
+ "password-stdin", \
|
||||
+ 0, \
|
||||
+ &(cmdargs).password_stdin, \
|
||||
+ "Take the password from stdin", \
|
||||
NULL },
|
||||
+#else
|
||||
+#define LOGIN_OPTIONS(cmdargs) \
|
||||
+ { CMD_OPT_TYPE_STRING_DUP, false, "username", 'u', &(cmdargs).username, "Username", NULL }, \
|
||||
+ { CMD_OPT_TYPE_BOOL, \
|
||||
+ false, \
|
||||
+ "password-stdin", \
|
||||
+ 0, \
|
||||
+ &(cmdargs).password_stdin, \
|
||||
+ "Take the password from stdin", \
|
||||
+ NULL },
|
||||
+#endif
|
||||
|
||||
extern const char g_cmd_login_desc[];
|
||||
extern const char g_cmd_login_usage[];
|
||||
diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c
|
||||
index 8369f9e2..4740f91a 100644
|
||||
--- a/src/cmd/isulad/main.c
|
||||
+++ b/src/cmd/isulad/main.c
|
||||
@@ -1685,10 +1685,12 @@ int main(int argc, char **argv)
|
||||
goto failure;
|
||||
}
|
||||
|
||||
+#ifdef ENABLE_PLUGIN
|
||||
if (start_plugin_manager()) {
|
||||
ERROR("Failed to init plugin_manager");
|
||||
goto failure;
|
||||
}
|
||||
+#endif
|
||||
|
||||
clock_gettime(CLOCK_MONOTONIC, &t_end);
|
||||
use_time = (double)(t_end.tv_sec - t_start.tv_sec) * (double)1000000000 + (double)(t_end.tv_nsec - t_start.tv_nsec);
|
||||
diff --git a/src/daemon/executor/container_cb/execution_create.c b/src/daemon/executor/container_cb/execution_create.c
|
||||
index 9c097121..377aa1aa 100644
|
||||
--- a/src/daemon/executor/container_cb/execution_create.c
|
||||
+++ b/src/daemon/executor/container_cb/execution_create.c
|
||||
@@ -1499,6 +1499,7 @@ int container_create_cb(const container_create_request *request, container_creat
|
||||
goto clean_netns;
|
||||
}
|
||||
|
||||
+#ifdef ENABLE_PLUGIN
|
||||
/* modify oci_spec by plugin. */
|
||||
if (plugin_event_container_pre_create(id, oci_spec) != 0) {
|
||||
ERROR("Plugin event pre create failed");
|
||||
@@ -1506,6 +1507,7 @@ int container_create_cb(const container_create_request *request, container_creat
|
||||
cc = ISULAD_ERR_EXEC;
|
||||
goto clean_netns;
|
||||
}
|
||||
+#endif
|
||||
|
||||
host_channel = dup_host_channel(host_spec->host_channel);
|
||||
if (prepare_host_channel(host_channel, host_spec->user_remap)) {
|
||||
diff --git a/src/daemon/modules/CMakeLists.txt b/src/daemon/modules/CMakeLists.txt
|
||||
index 5d13412b..a70c094f 100644
|
||||
--- a/src/daemon/modules/CMakeLists.txt
|
||||
+++ b/src/daemon/modules/CMakeLists.txt
|
||||
@@ -3,7 +3,6 @@
|
||||
aux_source_directory(${CMAKE_CURRENT_SOURCE_DIR} modules_top_srcs)
|
||||
add_subdirectory(runtime)
|
||||
add_subdirectory(image)
|
||||
-add_subdirectory(plugin)
|
||||
add_subdirectory(spec)
|
||||
add_subdirectory(container)
|
||||
add_subdirectory(log)
|
||||
@@ -17,7 +16,6 @@ set(local_modules_srcs
|
||||
${modules_top_srcs}
|
||||
${RUNTIME_SRCS}
|
||||
${IMAGE_SRCS}
|
||||
- ${PLUGIN_SRCS}
|
||||
${SPEC_SRCS}
|
||||
${MANAGER_SRCS}
|
||||
${LOG_GATHER_SRCS}
|
||||
@@ -31,7 +29,6 @@ set(local_modules_incs
|
||||
${CMAKE_CURRENT_SOURCE_DIR}
|
||||
${RUNTIME_INCS}
|
||||
${IMAGE_INCS}
|
||||
- ${PLUGIN_INCS}
|
||||
${SPEC_INCS}
|
||||
${MANAGER_INCS}
|
||||
${LOG_GATHER_INCS}
|
||||
@@ -42,6 +39,16 @@ set(local_modules_incs
|
||||
${VOLUME_INCS}
|
||||
)
|
||||
|
||||
+if (ENABLE_PLUGIN)
|
||||
+ add_subdirectory(plugin)
|
||||
+ list(APPEND local_modules_srcs
|
||||
+ ${PLUGIN_SRCS}
|
||||
+ )
|
||||
+ list(APPEND local_modules_incs
|
||||
+ ${PLUGIN_INCS}
|
||||
+ )
|
||||
+endif()
|
||||
+
|
||||
set(MODULES_SRCS
|
||||
${local_modules_srcs}
|
||||
PARENT_SCOPE
|
||||
diff --git a/src/daemon/modules/api/CMakeLists.txt b/src/daemon/modules/api/CMakeLists.txt
|
||||
index f577c45f..0735b25a 100644
|
||||
--- a/src/daemon/modules/api/CMakeLists.txt
|
||||
+++ b/src/daemon/modules/api/CMakeLists.txt
|
||||
@@ -9,3 +9,6 @@ set(MODULES_API_INCS
|
||||
PARENT_SCOPE
|
||||
)
|
||||
|
||||
+if (NOT ENABLE_PLUGIN)
|
||||
+ list(REMOVE_ITEM MODULES_API_INCS "${CMAKE_CURRENT_SOURCE_DIR}/plugin_api.h")
|
||||
+endif()
|
||||
diff --git a/src/daemon/modules/container/container_events_handler.c b/src/daemon/modules/container/container_events_handler.c
|
||||
index d78e6fc1..d56c2ee0 100644
|
||||
--- a/src/daemon/modules/container/container_events_handler.c
|
||||
+++ b/src/daemon/modules/container/container_events_handler.c
|
||||
@@ -155,7 +155,9 @@ static int container_state_changed(container_t *cont, const struct isulad_events
|
||||
} else {
|
||||
container_state_set_stopped(cont->state, (int)events->exit_status);
|
||||
container_wait_stop_cond_broadcast(cont);
|
||||
+#ifdef ENABLE_PLUGIN
|
||||
plugin_event_container_post_stop(cont);
|
||||
+#endif
|
||||
}
|
||||
|
||||
auto_remove = !should_restart && cont->hostconfig != NULL && cont->hostconfig->auto_remove;
|
||||
diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
|
||||
index 1fa2559d..2d393f62 100644
|
||||
--- a/src/daemon/modules/service/service_container.c
|
||||
+++ b/src/daemon/modules/service/service_container.c
|
||||
@@ -807,12 +807,14 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo
|
||||
open_stdin = cont->common_config->config->open_stdin;
|
||||
}
|
||||
|
||||
+#ifdef ENABLE_PLUGIN
|
||||
if (plugin_event_container_pre_start(cont)) {
|
||||
ERROR("Plugin event pre start failed ");
|
||||
plugin_event_container_post_stop(cont); /* ignore error */
|
||||
ret = -1;
|
||||
goto close_exit_fd;
|
||||
}
|
||||
+#endif
|
||||
|
||||
#ifdef ENABLE_CRI_API_V1
|
||||
if (cont->common_config->sandbox_info != NULL &&
|
||||
@@ -1370,7 +1372,9 @@ int delete_container(container_t *cont, bool force)
|
||||
}
|
||||
}
|
||||
|
||||
+#ifdef ENABLE_PLUGIN
|
||||
plugin_event_container_post_remove(cont);
|
||||
+#endif
|
||||
|
||||
ret = do_delete_container(cont);
|
||||
if (ret != 0) {
|
||||
--
|
||||
2.40.1
|
||||
|
||||
25
0023-2161-bugfix-for-api-cmakelist.patch
Normal file
25
0023-2161-bugfix-for-api-cmakelist.patch
Normal file
@ -0,0 +1,25 @@
|
||||
From 6b02ac8055379fa0b907f5ed10c5bd974cade90f Mon Sep 17 00:00:00 2001
|
||||
From: zhongtao <zhongtao17@huawei.com>
|
||||
Date: Thu, 31 Aug 2023 01:55:41 +0000
|
||||
Subject: [PATCH 23/33] !2161 bugfix for api cmakelist * bugfix for api
|
||||
cmakelist
|
||||
|
||||
---
|
||||
src/daemon/modules/api/CMakeLists.txt | 4 ----
|
||||
1 file changed, 4 deletions(-)
|
||||
|
||||
diff --git a/src/daemon/modules/api/CMakeLists.txt b/src/daemon/modules/api/CMakeLists.txt
|
||||
index 0735b25a..357566fa 100644
|
||||
--- a/src/daemon/modules/api/CMakeLists.txt
|
||||
+++ b/src/daemon/modules/api/CMakeLists.txt
|
||||
@@ -8,7 +8,3 @@ set(MODULES_API_INCS
|
||||
${CMAKE_CURRENT_SOURCE_DIR}
|
||||
PARENT_SCOPE
|
||||
)
|
||||
-
|
||||
-if (NOT ENABLE_PLUGIN)
|
||||
- list(REMOVE_ITEM MODULES_API_INCS "${CMAKE_CURRENT_SOURCE_DIR}/plugin_api.h")
|
||||
-endif()
|
||||
--
|
||||
2.40.1
|
||||
|
||||
140
0024-2165-preventing-the-use-of-insecure-isulad-tmpdir-di.patch
Normal file
140
0024-2165-preventing-the-use-of-insecure-isulad-tmpdir-di.patch
Normal file
@ -0,0 +1,140 @@
|
||||
From 64f94112728f35ee76d56fa4cf6dc41bd5cd5d33 Mon Sep 17 00:00:00 2001
|
||||
From: zhongtao <zhongtao17@huawei.com>
|
||||
Date: Sat, 2 Sep 2023 08:56:38 +0000
|
||||
Subject: [PATCH 24/33] !2165 preventing the use of insecure isulad tmpdir
|
||||
directory * preventing the use of insecure isulad tmpdir directory
|
||||
|
||||
---
|
||||
src/common/constants.h | 2 +
|
||||
.../container/leftover_cleanup/cleanup.c | 66 ++++++++++++++++++-
|
||||
src/daemon/modules/image/oci/utils_images.c | 10 +++
|
||||
3 files changed, 77 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/common/constants.h b/src/common/constants.h
|
||||
index d93bb464..c0417263 100644
|
||||
--- a/src/common/constants.h
|
||||
+++ b/src/common/constants.h
|
||||
@@ -50,6 +50,8 @@ extern "C" {
|
||||
|
||||
#define TEMP_DIRECTORY_MODE 0700
|
||||
|
||||
+#define ISULAD_TEMP_DIRECTORY_MODE 0660
|
||||
+
|
||||
#define CONSOLE_FIFO_DIRECTORY_MODE 0770
|
||||
|
||||
#define SOCKET_GROUP_DIRECTORY_MODE 0660
|
||||
diff --git a/src/daemon/modules/container/leftover_cleanup/cleanup.c b/src/daemon/modules/container/leftover_cleanup/cleanup.c
|
||||
index 9a38ffc2..f24ec467 100644
|
||||
--- a/src/daemon/modules/container/leftover_cleanup/cleanup.c
|
||||
+++ b/src/daemon/modules/container/leftover_cleanup/cleanup.c
|
||||
@@ -13,6 +13,8 @@
|
||||
* Description: provide cleanup functions
|
||||
*********************************************************************************/
|
||||
#include <sys/mount.h>
|
||||
+#include <sys/stat.h>
|
||||
+#include <unistd.h>
|
||||
|
||||
#include "utils.h"
|
||||
#include "utils_fs.h"
|
||||
@@ -169,6 +171,67 @@ static bool walk_isulad_tmpdir_cb(const char *path_name, const struct dirent *su
|
||||
return true;
|
||||
}
|
||||
|
||||
+static int isulad_tmpdir_security_check(const char *tmpdir)
|
||||
+{
|
||||
+ struct stat st = { 0 };
|
||||
+
|
||||
+ if (lstat(tmpdir, &st) != 0) {
|
||||
+ SYSERROR("Failed to lstat %s", tmpdir);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if (!S_ISDIR(st.st_mode)) {
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if ((st.st_mode & 0777) != ISULAD_TEMP_DIRECTORY_MODE) {
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if (st.st_uid != 0) {
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if (S_ISLNK(st.st_mode)) {
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+static int recreate_tmpdir(const char *tmpdir)
|
||||
+{
|
||||
+ int ret;
|
||||
+ struct stat st = { 0 };
|
||||
+
|
||||
+ if (util_recursive_rmdir(tmpdir, 0)) {
|
||||
+ ERROR("Failed to remove directory %s", tmpdir);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if (util_mkdir_p(tmpdir, ISULAD_TEMP_DIRECTORY_MODE)) {
|
||||
+ ERROR("Failed to create directory %s", tmpdir);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if (lstat(tmpdir, &st) != 0) {
|
||||
+ SYSERROR("Failed to lstat %s", tmpdir);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+static int ensure_isulad_tmpdir_security(const char *tmpdir)
|
||||
+{
|
||||
+ if (isulad_tmpdir_security_check(tmpdir) == 0) {
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ INFO("iSulad tmpdir does not meet security requirements, recreate it");
|
||||
+ return recreate_tmpdir(tmpdir);
|
||||
+}
|
||||
+
|
||||
static void cleanup_path(char *dir)
|
||||
{
|
||||
int nret;
|
||||
@@ -186,7 +249,8 @@ static void cleanup_path(char *dir)
|
||||
return;
|
||||
}
|
||||
|
||||
- if (!util_dir_exists(cleanpath)) {
|
||||
+ // preventing the use of insecure isulad tmpdir directory
|
||||
+ if (ensure_isulad_tmpdir_security(cleanpath) != 0) {
|
||||
return;
|
||||
}
|
||||
|
||||
diff --git a/src/daemon/modules/image/oci/utils_images.c b/src/daemon/modules/image/oci/utils_images.c
|
||||
index f8fd1e73..4342db5b 100644
|
||||
--- a/src/daemon/modules/image/oci/utils_images.c
|
||||
+++ b/src/daemon/modules/image/oci/utils_images.c
|
||||
@@ -630,6 +630,16 @@ int makesure_isulad_tmpdir_perm_right(const char *root_dir)
|
||||
goto out;
|
||||
}
|
||||
|
||||
+ if ((st.st_mode & 0777) != TEMP_DIRECTORY_MODE) {
|
||||
+ ret = -1;
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ if (S_ISLNK(st.st_mode)) {
|
||||
+ ret = -1;
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
// chown to root
|
||||
ret = lchown(isulad_tmpdir, 0, 0);
|
||||
if (ret == 0 || (ret == EPERM && st.st_uid == 0 && st.st_gid == 0)) {
|
||||
--
|
||||
2.40.1
|
||||
|
||||
238
0025-2166-move-ensure_isulad_tmpdir_security-function-to-.patch
Normal file
238
0025-2166-move-ensure_isulad_tmpdir_security-function-to-.patch
Normal file
@ -0,0 +1,238 @@
|
||||
From c2af7f7d7f6b0f1aaa884204a037e8275092121a Mon Sep 17 00:00:00 2001
|
||||
From: zhongtao <zhongtao17@huawei.com>
|
||||
Date: Sat, 2 Sep 2023 10:38:29 +0000
|
||||
Subject: [PATCH 25/33] !2166 move ensure_isulad_tmpdir_security function to
|
||||
main.c * move ensure_isulad_tmpdir_security function to main.c
|
||||
|
||||
---
|
||||
src/cmd/isulad/main.c | 101 ++++++++++++++++++
|
||||
.../container/leftover_cleanup/cleanup.c | 66 +-----------
|
||||
src/utils/tar/util_archive.c | 2 +-
|
||||
3 files changed, 103 insertions(+), 66 deletions(-)
|
||||
|
||||
diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c
|
||||
index 4740f91a..e32fed6a 100644
|
||||
--- a/src/cmd/isulad/main.c
|
||||
+++ b/src/cmd/isulad/main.c
|
||||
@@ -1222,6 +1222,101 @@ out:
|
||||
return ret;
|
||||
}
|
||||
|
||||
+static int isulad_tmpdir_security_check(const char *tmp_dir)
|
||||
+{
|
||||
+ struct stat st = { 0 };
|
||||
+
|
||||
+ if (lstat(tmp_dir, &st) != 0) {
|
||||
+ SYSERROR("Failed to lstat %s", tmp_dir);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if (!S_ISDIR(st.st_mode)) {
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if ((st.st_mode & 0777) != ISULAD_TEMP_DIRECTORY_MODE) {
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if (st.st_uid != 0) {
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if (S_ISLNK(st.st_mode)) {
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+static int recreate_tmpdir(const char *tmp_dir)
|
||||
+{
|
||||
+ if (util_recursive_rmdir(tmp_dir, 0) != 0) {
|
||||
+ ERROR("Failed to remove directory %s", tmp_dir);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if (util_mkdir_p(tmp_dir, ISULAD_TEMP_DIRECTORY_MODE) != 0) {
|
||||
+ ERROR("Failed to create directory %s", tmp_dir);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+static int do_ensure_isulad_tmpdir_security(const char *isulad_tmp_dir)
|
||||
+{
|
||||
+ int nret;
|
||||
+ char tmp_dir[PATH_MAX] = { 0 };
|
||||
+ char cleanpath[PATH_MAX] = { 0 };
|
||||
+
|
||||
+ nret = snprintf(tmp_dir, PATH_MAX, "%s/isulad_tmpdir", isulad_tmp_dir);
|
||||
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
|
||||
+ ERROR("Failed to snprintf");
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if (util_clean_path(tmp_dir, cleanpath, sizeof(cleanpath)) == NULL) {
|
||||
+ ERROR("Failed to clean path for %s", tmp_dir);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if (isulad_tmpdir_security_check(cleanpath) == 0) {
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ INFO("iSulad tmpdir: %s does not meet security requirements, recreate it", isulad_tmp_dir);
|
||||
+ return recreate_tmpdir(cleanpath);
|
||||
+}
|
||||
+
|
||||
+static int ensure_isulad_tmpdir_security()
|
||||
+{
|
||||
+ char *isulad_tmp_dir = NULL;
|
||||
+
|
||||
+ isulad_tmp_dir = getenv("ISULAD_TMPDIR");
|
||||
+ if (!util_valid_str(isulad_tmp_dir)) {
|
||||
+ isulad_tmp_dir = "/tmp";
|
||||
+ }
|
||||
+
|
||||
+ if (do_ensure_isulad_tmpdir_security(isulad_tmp_dir) != 0) {
|
||||
+ ERROR("Failed to ensure the %s directory is a safe directory", isulad_tmp_dir);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if (strcmp(isulad_tmp_dir, "/tmp") == 0) {
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ // No matter whether ISULAD_TMPDIR is set or not,
|
||||
+ // ensure the "/tmp" directory is a safe directory
|
||||
+ if (do_ensure_isulad_tmpdir_security("/tmp") != 0) {
|
||||
+ WARN("Failed to ensure the /tmp directory is a safe directory");
|
||||
+ }
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
static int isulad_server_init_common()
|
||||
{
|
||||
int ret = -1;
|
||||
@@ -1261,6 +1356,12 @@ static int isulad_server_init_common()
|
||||
goto out;
|
||||
}
|
||||
|
||||
+ // preventing the use of insecure isulad tmpdir directory
|
||||
+ if (ensure_isulad_tmpdir_security() != 0) {
|
||||
+ ERROR("Failed to ensure isulad tmpdir security");
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
if (volume_init(args->json_confs->graph) != 0) {
|
||||
ERROR("Failed to init volume");
|
||||
goto out;
|
||||
diff --git a/src/daemon/modules/container/leftover_cleanup/cleanup.c b/src/daemon/modules/container/leftover_cleanup/cleanup.c
|
||||
index f24ec467..9a38ffc2 100644
|
||||
--- a/src/daemon/modules/container/leftover_cleanup/cleanup.c
|
||||
+++ b/src/daemon/modules/container/leftover_cleanup/cleanup.c
|
||||
@@ -13,8 +13,6 @@
|
||||
* Description: provide cleanup functions
|
||||
*********************************************************************************/
|
||||
#include <sys/mount.h>
|
||||
-#include <sys/stat.h>
|
||||
-#include <unistd.h>
|
||||
|
||||
#include "utils.h"
|
||||
#include "utils_fs.h"
|
||||
@@ -171,67 +169,6 @@ static bool walk_isulad_tmpdir_cb(const char *path_name, const struct dirent *su
|
||||
return true;
|
||||
}
|
||||
|
||||
-static int isulad_tmpdir_security_check(const char *tmpdir)
|
||||
-{
|
||||
- struct stat st = { 0 };
|
||||
-
|
||||
- if (lstat(tmpdir, &st) != 0) {
|
||||
- SYSERROR("Failed to lstat %s", tmpdir);
|
||||
- return -1;
|
||||
- }
|
||||
-
|
||||
- if (!S_ISDIR(st.st_mode)) {
|
||||
- return -1;
|
||||
- }
|
||||
-
|
||||
- if ((st.st_mode & 0777) != ISULAD_TEMP_DIRECTORY_MODE) {
|
||||
- return -1;
|
||||
- }
|
||||
-
|
||||
- if (st.st_uid != 0) {
|
||||
- return -1;
|
||||
- }
|
||||
-
|
||||
- if (S_ISLNK(st.st_mode)) {
|
||||
- return -1;
|
||||
- }
|
||||
-
|
||||
- return 0;
|
||||
-}
|
||||
-
|
||||
-static int recreate_tmpdir(const char *tmpdir)
|
||||
-{
|
||||
- int ret;
|
||||
- struct stat st = { 0 };
|
||||
-
|
||||
- if (util_recursive_rmdir(tmpdir, 0)) {
|
||||
- ERROR("Failed to remove directory %s", tmpdir);
|
||||
- return -1;
|
||||
- }
|
||||
-
|
||||
- if (util_mkdir_p(tmpdir, ISULAD_TEMP_DIRECTORY_MODE)) {
|
||||
- ERROR("Failed to create directory %s", tmpdir);
|
||||
- return -1;
|
||||
- }
|
||||
-
|
||||
- if (lstat(tmpdir, &st) != 0) {
|
||||
- SYSERROR("Failed to lstat %s", tmpdir);
|
||||
- return -1;
|
||||
- }
|
||||
-
|
||||
- return ret;
|
||||
-}
|
||||
-
|
||||
-static int ensure_isulad_tmpdir_security(const char *tmpdir)
|
||||
-{
|
||||
- if (isulad_tmpdir_security_check(tmpdir) == 0) {
|
||||
- return 0;
|
||||
- }
|
||||
-
|
||||
- INFO("iSulad tmpdir does not meet security requirements, recreate it");
|
||||
- return recreate_tmpdir(tmpdir);
|
||||
-}
|
||||
-
|
||||
static void cleanup_path(char *dir)
|
||||
{
|
||||
int nret;
|
||||
@@ -249,8 +186,7 @@ static void cleanup_path(char *dir)
|
||||
return;
|
||||
}
|
||||
|
||||
- // preventing the use of insecure isulad tmpdir directory
|
||||
- if (ensure_isulad_tmpdir_security(cleanpath) != 0) {
|
||||
+ if (!util_dir_exists(cleanpath)) {
|
||||
return;
|
||||
}
|
||||
|
||||
diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c
|
||||
index 82194654..82e940a5 100644
|
||||
--- a/src/utils/tar/util_archive.c
|
||||
+++ b/src/utils/tar/util_archive.c
|
||||
@@ -220,7 +220,7 @@ static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, ch
|
||||
}
|
||||
|
||||
// ensure parent dir is exist
|
||||
- if (util_mkdir_p(cleanpath, buf.st_mode) != 0) {
|
||||
+ if (util_mkdir_p(cleanpath, ISULAD_TEMP_DIRECTORY_MODE) != 0) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
--
|
||||
2.40.1
|
||||
|
||||
110
0026-2169-using-macros-to-isolate-isulad-s-enable_plugin-.patch
Normal file
110
0026-2169-using-macros-to-isolate-isulad-s-enable_plugin-.patch
Normal file
@ -0,0 +1,110 @@
|
||||
From 4e6473570e3a5cd59585818216218a7a512790a5 Mon Sep 17 00:00:00 2001
|
||||
From: zhongtao <zhongtao17@huawei.com>
|
||||
Date: Mon, 4 Sep 2023 08:45:55 +0000
|
||||
Subject: [PATCH 26/33] !2169 using macros to isolate isulad's enable_plugin
|
||||
configuration option * using macros to isolate isulad's enable_plugin
|
||||
configuration option
|
||||
|
||||
---
|
||||
src/cmd/isulad/isulad_commands.h | 15 +++++++++++----
|
||||
src/common/constants.h | 2 ++
|
||||
src/daemon/config/isulad_config.c | 4 ++++
|
||||
src/daemon/config/isulad_config.h | 2 ++
|
||||
4 files changed, 19 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/cmd/isulad/isulad_commands.h b/src/cmd/isulad/isulad_commands.h
|
||||
index 6a8220cc..05d3551c 100644
|
||||
--- a/src/cmd/isulad/isulad_commands.h
|
||||
+++ b/src/cmd/isulad/isulad_commands.h
|
||||
@@ -78,6 +78,16 @@ int command_default_ulimit_append(command_option_t *option, const char *arg);
|
||||
#define USERNS_REMAP_OPT(cmdargs)
|
||||
#endif
|
||||
|
||||
+#ifdef ENABLE_PLUGIN
|
||||
+#define PLUGINS_OPT(cmdargs) \
|
||||
+ { CMD_OPT_TYPE_STRING_DUP, \
|
||||
+ false, "enable-plugins", 0, &(cmdargs)->json_confs->enable_plugins, \
|
||||
+ "Enable plugins for all containers", NULL \
|
||||
+ },
|
||||
+#else
|
||||
+#define PLUGINS_OPT(cmdargs)
|
||||
+#endif
|
||||
+
|
||||
#ifdef ENABLE_GRPC_REMOTE_CONNECT
|
||||
#define ISULAD_TLS_OPTIONS(cmdargs) \
|
||||
{ CMD_OPT_TYPE_STRING_DUP, \
|
||||
@@ -326,10 +336,7 @@ int command_default_ulimit_append(command_option_t *option, const char *arg);
|
||||
false, "cpu-rt-runtime", 0, &(cmdargs)->json_confs->cpu_rt_runtime, \
|
||||
"Limit CPU real-time runtime in microseconds for all containers", command_convert_llong \
|
||||
}, \
|
||||
- { CMD_OPT_TYPE_STRING_DUP, \
|
||||
- false, "enable-plugins", 0, &(cmdargs)->json_confs->enable_plugins, \
|
||||
- "Enable plugins for all containers", NULL \
|
||||
- }, \
|
||||
+ PLUGINS_OPT(cmdargs) \
|
||||
{ CMD_OPT_TYPE_CALLBACK, \
|
||||
false, "cri-runtime", 0, (cmdargs), \
|
||||
"CRI runtime class transform", server_callback_cri_runtime \
|
||||
diff --git a/src/common/constants.h b/src/common/constants.h
|
||||
index c0417263..f98fb930 100644
|
||||
--- a/src/common/constants.h
|
||||
+++ b/src/common/constants.h
|
||||
@@ -134,9 +134,11 @@ extern "C" {
|
||||
|
||||
#define AUTH_PLUGIN "authz-broker"
|
||||
|
||||
+#ifdef ENABLE_PLUGIN
|
||||
#define ISULAD_ENABLE_PLUGINS "ISULAD_ENABLE_PLUGINS"
|
||||
#define ISULAD_ENABLE_PLUGINS_SEPERATOR ","
|
||||
#define ISULAD_ENABLE_PLUGINS_SEPERATOR_CHAR ','
|
||||
+#endif
|
||||
|
||||
#ifdef ENABLE_NETWORK
|
||||
#define ISULAD_CNI_NETWORK_CONF_FILE_PRE "isulacni-"
|
||||
diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c
|
||||
index f600f0cf..72722c30 100644
|
||||
--- a/src/daemon/config/isulad_config.c
|
||||
+++ b/src/daemon/config/isulad_config.c
|
||||
@@ -1253,6 +1253,7 @@ out:
|
||||
return result;
|
||||
}
|
||||
|
||||
+#ifdef ENABLE_PLUGIN
|
||||
char *conf_get_enable_plugins(void)
|
||||
{
|
||||
struct service_arguments *conf = NULL;
|
||||
@@ -1274,6 +1275,7 @@ out:
|
||||
(void)isulad_server_conf_unlock();
|
||||
return plugins;
|
||||
}
|
||||
+#endif
|
||||
|
||||
#ifdef ENABLE_USERNS_REMAP
|
||||
char *conf_get_isulad_userns_remap(void)
|
||||
@@ -1739,7 +1741,9 @@ int merge_json_confs_into_global(struct service_arguments *args)
|
||||
override_string_value(&args->json_confs->pidfile, &tmp_json_confs->pidfile);
|
||||
// iSulad runtime execution options
|
||||
override_string_value(&args->json_confs->hook_spec, &tmp_json_confs->hook_spec);
|
||||
+#ifdef ENABLE_PLUGIN
|
||||
override_string_value(&args->json_confs->enable_plugins, &tmp_json_confs->enable_plugins);
|
||||
+#endif
|
||||
#ifdef ENABLE_USERNS_REMAP
|
||||
override_string_value(&args->json_confs->userns_remap, &tmp_json_confs->userns_remap);
|
||||
#endif
|
||||
diff --git a/src/daemon/config/isulad_config.h b/src/daemon/config/isulad_config.h
|
||||
index 4fe1acdc..459ea331 100644
|
||||
--- a/src/daemon/config/isulad_config.h
|
||||
+++ b/src/daemon/config/isulad_config.h
|
||||
@@ -60,7 +60,9 @@ int conf_get_container_log_opts(isulad_daemon_configs_container_log **opts);
|
||||
|
||||
char *conf_get_isulad_log_file(void);
|
||||
char *conf_get_engine_log_file(void);
|
||||
+#ifdef ENABLE_PLUGIN
|
||||
char *conf_get_enable_plugins(void);
|
||||
+#endif
|
||||
#ifdef ENABLE_USERNS_REMAP
|
||||
char *conf_get_isulad_userns_remap(void);
|
||||
#endif
|
||||
--
|
||||
2.40.1
|
||||
|
||||
87
0027-2178-clean-path-for-fpath-and-verify-chain-id.patch
Normal file
87
0027-2178-clean-path-for-fpath-and-verify-chain-id.patch
Normal file
@ -0,0 +1,87 @@
|
||||
From 6dcde807f5bba8ff1aa7d049856f3eddd4b0586f Mon Sep 17 00:00:00 2001
|
||||
From: zhongtao <zhongtao17@huawei.com>
|
||||
Date: Sat, 9 Sep 2023 06:48:39 +0000
|
||||
Subject: [PATCH 27/33] !2178 clean path for fpath and verify chain id Merge
|
||||
pull request !2178 from zhongtao/image
|
||||
|
||||
---
|
||||
src/daemon/modules/image/oci/oci_load.c | 30 +++++++++++++++++--
|
||||
.../modules/image/oci/registry/registry.c | 2 +-
|
||||
2 files changed, 28 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/daemon/modules/image/oci/oci_load.c b/src/daemon/modules/image/oci/oci_load.c
|
||||
index 569c5346..fd707330 100644
|
||||
--- a/src/daemon/modules/image/oci/oci_load.c
|
||||
+++ b/src/daemon/modules/image/oci/oci_load.c
|
||||
@@ -27,8 +27,10 @@
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
+#include <linux/limits.h>
|
||||
|
||||
#include "utils.h"
|
||||
+#include "path.h"
|
||||
#include "isula_libutils/log.h"
|
||||
#include "util_archive.h"
|
||||
#include "storage.h"
|
||||
@@ -717,6 +719,9 @@ static int oci_load_set_layers_info(load_image_t *im, const image_manifest_items
|
||||
}
|
||||
|
||||
for (; i < conf->rootfs->diff_ids_len; i++) {
|
||||
+ char *fpath = NULL;
|
||||
+ char cleanpath[PATH_MAX] = { 0 };
|
||||
+
|
||||
im->layers[i] = util_common_calloc_s(sizeof(load_layer_blob_t));
|
||||
if (im->layers[i] == NULL) {
|
||||
ERROR("Out of memory");
|
||||
@@ -724,12 +729,31 @@ static int oci_load_set_layers_info(load_image_t *im, const image_manifest_items
|
||||
goto out;
|
||||
}
|
||||
|
||||
- im->layers[i]->fpath = util_path_join(dstdir, manifest->layers[i]);
|
||||
- if (im->layers[i]->fpath == NULL) {
|
||||
- ERROR("Path join failed");
|
||||
+ fpath = util_path_join(dstdir, manifest->layers[i]);
|
||||
+ if (fpath == NULL) {
|
||||
+ ERROR("Failed to join path");
|
||||
+ ret = -1;
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ if (util_clean_path(fpath, cleanpath, sizeof(cleanpath)) == NULL) {
|
||||
+ ERROR("Failed to clean path for %s", fpath);
|
||||
+ free(fpath);
|
||||
+ ret = -1;
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ free(fpath);
|
||||
+
|
||||
+ // verify whether the prefix of the path is dstdir to prevent illegal directories
|
||||
+ if (strncmp(cleanpath, dstdir, strlen(dstdir)) != 0) {
|
||||
+ ERROR("Illegal directory: %s", cleanpath);
|
||||
ret = -1;
|
||||
goto out;
|
||||
}
|
||||
+
|
||||
+ im->layers[i]->fpath = util_strdup_s(cleanpath);
|
||||
+
|
||||
// The format is sha256:xxx
|
||||
im->layers[i]->chain_id = oci_load_calc_chain_id(parent_chain_id_sha256, conf->rootfs->diff_ids[i]);
|
||||
if (im->layers[i]->chain_id == NULL) {
|
||||
diff --git a/src/daemon/modules/image/oci/registry/registry.c b/src/daemon/modules/image/oci/registry/registry.c
|
||||
index e0b46e2e..35753c79 100644
|
||||
--- a/src/daemon/modules/image/oci/registry/registry.c
|
||||
+++ b/src/daemon/modules/image/oci/registry/registry.c
|
||||
@@ -600,7 +600,7 @@ static int register_layer(pull_descriptor *desc, size_t i)
|
||||
return 0;
|
||||
}
|
||||
|
||||
- id = util_without_sha256_prefix(desc->layers[i].chain_id);
|
||||
+ id = oci_image_id_from_digest(desc->layers[i].chain_id);
|
||||
if (id == NULL) {
|
||||
ERROR("layer %zu have NULL digest for image %s", i, desc->image_name);
|
||||
return -1;
|
||||
--
|
||||
2.40.1
|
||||
|
||||
@ -0,0 +1,35 @@
|
||||
From a291302fe12e21207c30ebffebf852cb37aface4 Mon Sep 17 00:00:00 2001
|
||||
From: zhongtao <zhongtao17@huawei.com>
|
||||
Date: Sat, 9 Sep 2023 08:11:06 +0000
|
||||
Subject: [PATCH 28/33] !2179 modify the permissions of tmpdir and file lock to
|
||||
600 Merge pull request !2179 from zhongtao/mode
|
||||
|
||||
---
|
||||
src/common/constants.h | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/common/constants.h b/src/common/constants.h
|
||||
index f98fb930..caf9b793 100644
|
||||
--- a/src/common/constants.h
|
||||
+++ b/src/common/constants.h
|
||||
@@ -50,7 +50,7 @@ extern "C" {
|
||||
|
||||
#define TEMP_DIRECTORY_MODE 0700
|
||||
|
||||
-#define ISULAD_TEMP_DIRECTORY_MODE 0660
|
||||
+#define ISULAD_TEMP_DIRECTORY_MODE 0600
|
||||
|
||||
#define CONSOLE_FIFO_DIRECTORY_MODE 0770
|
||||
|
||||
@@ -70,7 +70,7 @@ extern "C" {
|
||||
|
||||
#define DEFAULT_HIGHEST_DIRECTORY_MODE 0755
|
||||
|
||||
-#define MOUNT_FLOCK_FILE_MODE 0660
|
||||
+#define MOUNT_FLOCK_FILE_MODE 0600
|
||||
|
||||
#define ISULAD_CONFIG SYSCONFDIR_PREFIX"/etc/isulad"
|
||||
|
||||
--
|
||||
2.40.1
|
||||
|
||||
202
0029-image-ensure-id-of-loaded-and-pulled-image-is-valid.patch
Normal file
202
0029-image-ensure-id-of-loaded-and-pulled-image-is-valid.patch
Normal file
@ -0,0 +1,202 @@
|
||||
From 460c943125d9eca7cb4259d42c6c008a709e9dbe Mon Sep 17 00:00:00 2001
|
||||
From: haozi007 <liuhao27@huawei.com>
|
||||
Date: Wed, 23 Aug 2023 15:42:42 +0800
|
||||
Subject: [PATCH 29/33] [image] ensure id of loaded and pulled image is valid
|
||||
|
||||
Signed-off-by: haozi007 <liuhao27@huawei.com>
|
||||
---
|
||||
src/daemon/modules/image/oci/oci_import.c | 14 ++++++++++---
|
||||
src/daemon/modules/image/oci/oci_load.c | 21 ++++++-------------
|
||||
.../modules/image/oci/registry/registry.c | 8 ++++++-
|
||||
src/daemon/modules/image/oci/utils_images.c | 17 ++++++++++++++-
|
||||
src/daemon/modules/image/oci/utils_images.h | 3 +++
|
||||
src/utils/cutils/utils.h | 2 --
|
||||
src/utils/sha256/sha256.c | 1 -
|
||||
7 files changed, 43 insertions(+), 23 deletions(-)
|
||||
|
||||
diff --git a/src/daemon/modules/image/oci/oci_import.c b/src/daemon/modules/image/oci/oci_import.c
|
||||
index 1e14a916..0568c23f 100644
|
||||
--- a/src/daemon/modules/image/oci/oci_import.c
|
||||
+++ b/src/daemon/modules/image/oci/oci_import.c
|
||||
@@ -93,7 +93,7 @@ static int register_layer(import_desc *desc)
|
||||
return -1;
|
||||
}
|
||||
|
||||
- id = util_without_sha256_prefix(desc->uncompressed_digest);
|
||||
+ id = oci_image_id_from_digest(desc->uncompressed_digest);
|
||||
if (id == NULL) {
|
||||
ERROR("Invalid NULL param");
|
||||
return -1;
|
||||
@@ -315,8 +315,16 @@ static int register_image(import_desc *desc)
|
||||
opts.create_time = &desc->now_time;
|
||||
opts.digest = desc->manifest_digest;
|
||||
|
||||
- image_id = util_without_sha256_prefix(desc->config_digest);
|
||||
- top_layer_id = util_without_sha256_prefix(desc->uncompressed_digest);
|
||||
+ image_id = oci_image_id_from_digest(desc->config_digest);
|
||||
+ if (image_id == NULL) {
|
||||
+ ret = -1;
|
||||
+ goto out;
|
||||
+ }
|
||||
+ top_layer_id = oci_image_id_from_digest(desc->uncompressed_digest);
|
||||
+ if (top_layer_id == NULL) {
|
||||
+ ret = -1;
|
||||
+ goto out;
|
||||
+ }
|
||||
ret = storage_img_create(image_id, top_layer_id, NULL, &opts);
|
||||
if (ret != 0) {
|
||||
pre_top_layer = storage_get_img_top_layer(image_id);
|
||||
diff --git a/src/daemon/modules/image/oci/oci_load.c b/src/daemon/modules/image/oci/oci_load.c
|
||||
index fd707330..31ae3849 100644
|
||||
--- a/src/daemon/modules/image/oci/oci_load.c
|
||||
+++ b/src/daemon/modules/image/oci/oci_load.c
|
||||
@@ -290,16 +290,6 @@ out:
|
||||
return full_digest;
|
||||
}
|
||||
|
||||
-static char *oci_load_without_sha256_prefix(char *digest)
|
||||
-{
|
||||
- if (digest == NULL) {
|
||||
- ERROR("Invalid digest NULL when strip sha256 prefix");
|
||||
- return NULL;
|
||||
- }
|
||||
-
|
||||
- return digest + strlen(SHA256_PREFIX);
|
||||
-}
|
||||
-
|
||||
static int registry_layer_from_tarball(const load_layer_blob_t *layer, const char *id, const char *parent)
|
||||
{
|
||||
int ret = 0;
|
||||
@@ -345,7 +335,7 @@ static int oci_load_register_layers(load_image_t *desc)
|
||||
}
|
||||
|
||||
for (i = 0; i < desc->layers_len; i++) {
|
||||
- id = oci_load_without_sha256_prefix(desc->layers[i]->chain_id);
|
||||
+ id = oci_image_id_from_digest(desc->layers[i]->chain_id);
|
||||
if (id == NULL) {
|
||||
ERROR("layer %zu have NULL digest for image %s", i, desc->im_id);
|
||||
ret = -1;
|
||||
@@ -457,7 +447,7 @@ static int oci_load_create_image(load_image_t *desc, const char *dst_tag)
|
||||
top_layer_index = desc->layers_len - 1;
|
||||
opts.create_time = ×tamp;
|
||||
opts.digest = desc->manifest_digest;
|
||||
- top_layer_id = oci_load_without_sha256_prefix(desc->layers[top_layer_index]->chain_id);
|
||||
+ top_layer_id = oci_image_id_from_digest(desc->layers[top_layer_index]->chain_id);
|
||||
if (top_layer_id == NULL) {
|
||||
ERROR("NULL top layer id found for image %s", desc->im_id);
|
||||
ret = -1;
|
||||
@@ -764,7 +754,7 @@ static int oci_load_set_layers_info(load_image_t *im, const image_manifest_items
|
||||
}
|
||||
parent_chain_id_sha256 = im->layers[i]->chain_id;
|
||||
|
||||
- id = oci_load_without_sha256_prefix(im->layers[i]->chain_id);
|
||||
+ id = oci_image_id_from_digest(im->layers[i]->chain_id);
|
||||
if (id == NULL) {
|
||||
ERROR("Wipe out sha256 prefix failed from layer with chain id : %s", im->layers[i]->chain_id);
|
||||
ret = -1;
|
||||
@@ -832,7 +822,8 @@ static load_image_t *oci_load_process_manifest(const image_manifest_items_elemen
|
||||
goto out;
|
||||
}
|
||||
|
||||
- image_id = oci_load_without_sha256_prefix(image_digest);
|
||||
+ // call util_valid_digest to ensure digest is valid, so image id is valid
|
||||
+ image_id = oci_image_id_from_digest(image_digest);
|
||||
if (image_id == NULL) {
|
||||
ret = -1;
|
||||
ERROR("Remove sha256 prefix error from image digest %s", image_digest);
|
||||
@@ -872,7 +863,7 @@ static int64_t get_layer_size_from_storage(char *chain_id_pre)
|
||||
return -1;
|
||||
}
|
||||
|
||||
- id = oci_load_without_sha256_prefix(chain_id_pre);
|
||||
+ id = oci_image_id_from_digest(chain_id_pre);
|
||||
if (id == NULL) {
|
||||
ERROR("Get chain id failed from value:%s", chain_id_pre);
|
||||
return -1;
|
||||
diff --git a/src/daemon/modules/image/oci/registry/registry.c b/src/daemon/modules/image/oci/registry/registry.c
|
||||
index 35753c79..4124281d 100644
|
||||
--- a/src/daemon/modules/image/oci/registry/registry.c
|
||||
+++ b/src/daemon/modules/image/oci/registry/registry.c
|
||||
@@ -877,7 +877,13 @@ static int register_image(pull_descriptor *desc)
|
||||
|
||||
// lock when create image to make sure image content all exist
|
||||
mutex_lock(&g_shared->image_mutex);
|
||||
- image_id = util_without_sha256_prefix(desc->config.digest);
|
||||
+ image_id = oci_image_id_from_digest(desc->config.digest);
|
||||
+ if (image_id == NULL) {
|
||||
+ ERROR("Invalid digest: %s", desc->config.digest);
|
||||
+ isulad_try_set_error_message("invalid image digest: %s", desc->config.digest);
|
||||
+ ret = -1;
|
||||
+ goto out;
|
||||
+ }
|
||||
ret = create_image(desc, image_id, &reuse);
|
||||
if (ret != 0) {
|
||||
ERROR("create image %s failed", desc->image_name);
|
||||
diff --git a/src/daemon/modules/image/oci/utils_images.c b/src/daemon/modules/image/oci/utils_images.c
|
||||
index 4342db5b..f92ee59a 100644
|
||||
--- a/src/daemon/modules/image/oci/utils_images.c
|
||||
+++ b/src/daemon/modules/image/oci/utils_images.c
|
||||
@@ -691,4 +691,19 @@ int oci_split_search_name(const char *search_name, char **host, char **name)
|
||||
|
||||
return 0;
|
||||
}
|
||||
-#endif
|
||||
\ No newline at end of file
|
||||
+#endif
|
||||
+
|
||||
+char *oci_image_id_from_digest(char *digest)
|
||||
+{
|
||||
+ if (digest == NULL) {
|
||||
+ ERROR("Empty digest");
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ if (!util_valid_digest(digest)) {
|
||||
+ ERROR("Load image with invalid digest: %s", digest);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ return digest + strlen(SHA256_PREFIX);
|
||||
+}
|
||||
diff --git a/src/daemon/modules/image/oci/utils_images.h b/src/daemon/modules/image/oci/utils_images.h
|
||||
index 2238bb91..ea0fb20a 100644
|
||||
--- a/src/daemon/modules/image/oci/utils_images.h
|
||||
+++ b/src/daemon/modules/image/oci/utils_images.h
|
||||
@@ -61,6 +61,9 @@ char *get_hostname_to_strip(void);
|
||||
|
||||
char *oci_image_digest_pos(const char *name);
|
||||
|
||||
+// return a pointer to digest string without 'sha256:' prefix
|
||||
+char *oci_image_id_from_digest(char *digest);
|
||||
+
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
diff --git a/src/utils/cutils/utils.h b/src/utils/cutils/utils.h
|
||||
index 83b20e5e..3acf0698 100644
|
||||
--- a/src/utils/cutils/utils.h
|
||||
+++ b/src/utils/cutils/utils.h
|
||||
@@ -388,8 +388,6 @@ int util_generate_random_str(char *id, size_t len);
|
||||
|
||||
int util_check_inherited_exclude_fds(bool closeall, int *fds_to_ignore, size_t len_fds);
|
||||
|
||||
-char *util_without_sha256_prefix(char *digest);
|
||||
-
|
||||
int util_normalized_host_os_arch(char **host_os, char **host_arch, char **host_variant);
|
||||
|
||||
int util_read_pid_ppid_info(uint32_t pid, pid_ppid_info_t *pid_info);
|
||||
diff --git a/src/utils/sha256/sha256.c b/src/utils/sha256/sha256.c
|
||||
index 54cc2862..4e692355 100644
|
||||
--- a/src/utils/sha256/sha256.c
|
||||
+++ b/src/utils/sha256/sha256.c
|
||||
@@ -388,7 +388,6 @@ char *sha256_full_digest_str(char *str)
|
||||
char *util_without_sha256_prefix(char *digest)
|
||||
{
|
||||
if (digest == NULL || !util_has_prefix(digest, SHA256_PREFIX)) {
|
||||
- ERROR("Invalid digest when strip sha256 prefix");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
--
|
||||
2.40.1
|
||||
|
||||
123
0030-mask-proxy-informations.patch
Normal file
123
0030-mask-proxy-informations.patch
Normal file
@ -0,0 +1,123 @@
|
||||
From ff67cabc3e3839ef4b539805ed54b5c826b6f446 Mon Sep 17 00:00:00 2001
|
||||
From: haozi007 <liuhao27@huawei.com>
|
||||
Date: Mon, 4 Sep 2023 15:19:36 +0800
|
||||
Subject: [PATCH 30/33] mask proxy informations
|
||||
|
||||
Signed-off-by: haozi007 <liuhao27@huawei.com>
|
||||
---
|
||||
.../container_cb/execution_information.c | 86 ++++++++++++++++---
|
||||
1 file changed, 74 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/src/daemon/executor/container_cb/execution_information.c b/src/daemon/executor/container_cb/execution_information.c
|
||||
index 2f3d3627..86bb2894 100644
|
||||
--- a/src/daemon/executor/container_cb/execution_information.c
|
||||
+++ b/src/daemon/executor/container_cb/execution_information.c
|
||||
@@ -176,24 +176,83 @@ out:
|
||||
static int get_proxy_env(char **proxy, const char *type)
|
||||
{
|
||||
int ret = 0;
|
||||
- char *tmp = NULL;
|
||||
-
|
||||
- *proxy = getenv(type);
|
||||
- if (*proxy == NULL) {
|
||||
- tmp = util_strings_to_upper(type);
|
||||
+ int nret;
|
||||
+ char *tmp_proxy = NULL;
|
||||
+ char *col_pos = NULL;
|
||||
+ char *at_pos = NULL;
|
||||
+ size_t proxy_len;
|
||||
+ const char *mask_str = "//xxxx:xxxx";
|
||||
+
|
||||
+ tmp_proxy = getenv(type);
|
||||
+ if (tmp_proxy == NULL) {
|
||||
+ char *tmp = util_strings_to_upper(type);
|
||||
if (tmp == NULL) {
|
||||
ERROR("Failed to upper string!");
|
||||
- ret = -1;
|
||||
- goto out;
|
||||
- }
|
||||
- *proxy = getenv(tmp);
|
||||
- if (*proxy == NULL) {
|
||||
- *proxy = "";
|
||||
+ return -1;
|
||||
}
|
||||
+ tmp_proxy = getenv(tmp);
|
||||
+ free(tmp);
|
||||
+ }
|
||||
+
|
||||
+ if (tmp_proxy == NULL) {
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ if (strlen(tmp_proxy) >= PATH_MAX) {
|
||||
+ ERROR("Too long proxy string.");
|
||||
+ return -1;
|
||||
+ }
|
||||
+ tmp_proxy = util_strdup_s(tmp_proxy);
|
||||
+
|
||||
+ if (strcmp(NO_PROXY, type) == 0) {
|
||||
+ *proxy = tmp_proxy;
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ // mask username and password of proxy
|
||||
+ col_pos = strchr(tmp_proxy, ':');
|
||||
+ if (col_pos == NULL) {
|
||||
+ ERROR("Invalid proxy.");
|
||||
+ ret = -1;
|
||||
+ goto out;
|
||||
+ }
|
||||
+ at_pos = strrchr(tmp_proxy, '@');
|
||||
+ if (at_pos == NULL) {
|
||||
+ // no '@', represent no user information in proxy,
|
||||
+ // just return original proxy
|
||||
+ *proxy = tmp_proxy;
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ // first colon position must before than at position
|
||||
+ if ((at_pos - col_pos) < 0) {
|
||||
+ ret = -1;
|
||||
+ goto out;
|
||||
}
|
||||
|
||||
+ // proxy with userinfo format like: 'http://xxx:xxx@xxxx.com'
|
||||
+ // so masked proxy length = len(proxy) - (pos(@) - pos(:) + 1) + len(mask-str) + '\0'
|
||||
+ proxy_len = strlen(tmp_proxy);
|
||||
+ proxy_len -= (at_pos - tmp_proxy);
|
||||
+ proxy_len += (col_pos - tmp_proxy) + 1;
|
||||
+ proxy_len += strlen(mask_str) + 1;
|
||||
+ *proxy = util_common_calloc_s(proxy_len);
|
||||
+ if (*proxy == NULL) {
|
||||
+ ERROR("Out of memory");
|
||||
+ ret = -1;
|
||||
+ goto out;
|
||||
+ }
|
||||
+ *col_pos = '\0';
|
||||
+ nret = snprintf(*proxy, proxy_len, "%s:%s%s", tmp_proxy, mask_str, at_pos);
|
||||
+ if (nret < 0 || nret >= proxy_len) {
|
||||
+ ret = -1;
|
||||
+ free(*proxy);
|
||||
+ *proxy = NULL;
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
out:
|
||||
- free(tmp);
|
||||
+ util_free_sensitive_string(tmp_proxy);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -340,6 +399,9 @@ static int isulad_info_cb(const host_info_request *request, host_info_response *
|
||||
#endif
|
||||
|
||||
pack_response:
|
||||
+ free(http_proxy);
|
||||
+ free(https_proxy);
|
||||
+ free(no_proxy);
|
||||
if (*response != NULL) {
|
||||
(*response)->cc = cc;
|
||||
}
|
||||
--
|
||||
2.40.1
|
||||
|
||||
115
0031-add-testcase-for-isula-info.patch
Normal file
115
0031-add-testcase-for-isula-info.patch
Normal file
@ -0,0 +1,115 @@
|
||||
From e40f451f5b919ba4154cc6005439f6b4370a7ac3 Mon Sep 17 00:00:00 2001
|
||||
From: haozi007 <liuhao27@huawei.com>
|
||||
Date: Mon, 4 Sep 2023 17:13:13 +0800
|
||||
Subject: [PATCH 31/33] add testcase for isula info
|
||||
|
||||
Signed-off-by: haozi007 <liuhao27@huawei.com>
|
||||
---
|
||||
CI/test_cases/container_cases/info.sh | 95 +++++++++++++++++++++++++++
|
||||
1 file changed, 95 insertions(+)
|
||||
create mode 100755 CI/test_cases/container_cases/info.sh
|
||||
|
||||
diff --git a/CI/test_cases/container_cases/info.sh b/CI/test_cases/container_cases/info.sh
|
||||
new file mode 100755
|
||||
index 00000000..e6c03a49
|
||||
--- /dev/null
|
||||
+++ b/CI/test_cases/container_cases/info.sh
|
||||
@@ -0,0 +1,95 @@
|
||||
+#!/bin/bash
|
||||
+#
|
||||
+# attributes: isula info operator
|
||||
+# concurrent: YES
|
||||
+# spend time: 1
|
||||
+
|
||||
+#######################################################################
|
||||
+##- Copyright (c) Huawei Technologies Co., Ltd. 2023. All rights reserved.
|
||||
+# - iSulad licensed under the Mulan PSL v2.
|
||||
+# - You can use this software according to the terms and conditions of the Mulan PSL v2.
|
||||
+# - You may obtain a copy of Mulan PSL v2 at:
|
||||
+# - http://license.coscl.org.cn/MulanPSL2
|
||||
+# - THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
|
||||
+# - IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
|
||||
+# - PURPOSE.
|
||||
+# - See the Mulan PSL v2 for more details.
|
||||
+##- @Description:CI
|
||||
+##- @Author: haozi007
|
||||
+##- @Create: 2023-09-04
|
||||
+#######################################################################
|
||||
+
|
||||
+curr_path=$(dirname $(readlink -f "$0"))
|
||||
+data_path=$(realpath $curr_path/../data)
|
||||
+source ../helpers.sh
|
||||
+
|
||||
+function do_test_t()
|
||||
+{
|
||||
+ check_valgrind_log
|
||||
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++))
|
||||
+ export http_proxy="http://test:123456@testproxy.com"
|
||||
+ export https_proxy="http://test:123456@testproxy.com"
|
||||
+ export no_proxy="127.0.0.1"
|
||||
+ start_isulad_with_valgrind
|
||||
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++))
|
||||
+ isula info | grep "Http Proxy" | grep "http://xxxx:xxxx@testproxy.com"
|
||||
+ fn_check_eq "$?" "0" "check http proxy failed"
|
||||
+ isula info | grep "Https Proxy" | grep "http://xxxx:xxxx@testproxy.com"
|
||||
+ fn_check_eq "$?" "0" "check https proxy failed"
|
||||
+ isula info | grep "No Proxy" | grep "127.0.0.1"
|
||||
+ fn_check_eq "$?" "0" "check no proxy failed"
|
||||
+
|
||||
+ check_valgrind_log
|
||||
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++))
|
||||
+ export http_proxy="https://example.com"
|
||||
+ export no_proxy="127.0.0.1"
|
||||
+ start_isulad_with_valgrind
|
||||
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++))
|
||||
+ isula info | grep "Http Proxy" | grep "https://example.com"
|
||||
+ fn_check_eq "$?" "0" "check http proxy failed"
|
||||
+ isula info | grep "No Proxy" | grep "127.0.0.1"
|
||||
+ fn_check_eq "$?" "0" "check no proxy failed"
|
||||
+
|
||||
+ check_valgrind_log
|
||||
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++))
|
||||
+ export http_proxy="http//abc.com"
|
||||
+ export no_proxy="127.0.0.1:localhost"
|
||||
+ start_isulad_with_valgrind
|
||||
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++))
|
||||
+ isula info | grep "Http Proxy"
|
||||
+ fn_check_ne "$?" "0" "check http proxy failed"
|
||||
+ isula info | grep "No Proxy"
|
||||
+ fn_check_ne "$?" "0" "check no proxy failed"
|
||||
+
|
||||
+ check_valgrind_log
|
||||
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++))
|
||||
+ export http_proxy="http//xxxx@abc:abc.com"
|
||||
+ export no_proxy="127.0.0.1"
|
||||
+ start_isulad_with_valgrind
|
||||
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++))
|
||||
+ isula info | grep "Http Proxy"
|
||||
+ fn_check_ne "$?" "0" "check http proxy failed"
|
||||
+ isula info | grep "No Proxy"
|
||||
+ fn_check_ne "$?" "0" "check no proxy failed"
|
||||
+
|
||||
+ check_valgrind_log
|
||||
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++))
|
||||
+ unset https_proxy http_proxy no_proxy
|
||||
+ start_isulad_with_valgrind
|
||||
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++))
|
||||
+ isula info | grep "Http Proxy"
|
||||
+ fn_check_ne "$?" "0" "check http proxy failed"
|
||||
+ isula info | grep "No Proxy"
|
||||
+ fn_check_ne "$?" "0" "check no proxy failed"
|
||||
+
|
||||
+ return $TC_RET_T
|
||||
+}
|
||||
+
|
||||
+ret=0
|
||||
+
|
||||
+do_test_t
|
||||
+if [ $? -ne 0 ];then
|
||||
+ let "ret=$ret + 1"
|
||||
+fi
|
||||
+
|
||||
+show_result $ret "basic info"
|
||||
--
|
||||
2.40.1
|
||||
|
||||
25
0032-fix-oci-import-compile-error.patch
Normal file
25
0032-fix-oci-import-compile-error.patch
Normal file
@ -0,0 +1,25 @@
|
||||
From ff0bf5155c163c5230b3ac6d71e2dfc1ed6cfa01 Mon Sep 17 00:00:00 2001
|
||||
From: haozi007 <liuhao27@huawei.com>
|
||||
Date: Tue, 12 Sep 2023 17:24:24 +0800
|
||||
Subject: [PATCH 32/33] fix oci import compile error
|
||||
|
||||
Signed-off-by: haozi007 <liuhao27@huawei.com>
|
||||
---
|
||||
src/daemon/modules/image/oci/oci_import.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/src/daemon/modules/image/oci/oci_import.c b/src/daemon/modules/image/oci/oci_import.c
|
||||
index 0568c23f..058107a4 100644
|
||||
--- a/src/daemon/modules/image/oci/oci_import.c
|
||||
+++ b/src/daemon/modules/image/oci/oci_import.c
|
||||
@@ -33,6 +33,7 @@
|
||||
#include "utils_file.h"
|
||||
#include "utils_timestamp.h"
|
||||
#include "util_archive.h"
|
||||
+#include "utils_images.h"
|
||||
|
||||
#define IMPORT_COMMENT "Imported from tarball"
|
||||
#define ROOTFS_TYPE "layers"
|
||||
--
|
||||
2.40.1
|
||||
|
||||
60
0033-2188-Support-both-C-11-and-C-17.patch
Normal file
60
0033-2188-Support-both-C-11-and-C-17.patch
Normal file
@ -0,0 +1,60 @@
|
||||
From bfd1b325eb93083ce4478c28aa61101ac553b458 Mon Sep 17 00:00:00 2001
|
||||
From: xuxuepeng <xuxuepeng1@huawei.com>
|
||||
Date: Wed, 13 Sep 2023 02:16:12 +0000
|
||||
Subject: [PATCH 33/33] !2188 Support both C++11 and C++17 * Support both C++11
|
||||
and C++17
|
||||
|
||||
---
|
||||
cmake/set_build_flags.cmake | 11 ++++++++++-
|
||||
test/fuzz/CMakeLists.txt | 13 ++++++++++++-
|
||||
2 files changed, 22 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/cmake/set_build_flags.cmake b/cmake/set_build_flags.cmake
|
||||
index 09c85c65..38069791 100644
|
||||
--- a/cmake/set_build_flags.cmake
|
||||
+++ b/cmake/set_build_flags.cmake
|
||||
@@ -3,7 +3,16 @@ set(CMAKE_C_FLAGS "-fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -Wall -fP
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__FILENAME__='\"$(subst ${CMAKE_SOURCE_DIR}/,,$(abspath $<))\"'")
|
||||
|
||||
if (GRPC_CONNECTOR)
|
||||
- set(CMAKE_CXX_FLAGS "-fPIC -std=c++17 -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -Wall -Wno-error=deprecated-declarations")
|
||||
+ include(CheckCXXCompilerFlag)
|
||||
+ CHECK_CXX_COMPILER_FLAG("-std=c++17" COMPILER_SUPPORTS_CXX17)
|
||||
+ if (COMPILER_SUPPORTS_CXX17)
|
||||
+ message(STATUS "The compiler ${CMAKE_CXX_COMPILER} has C++17 support.")
|
||||
+ set(CMAKE_CXX_VERSION "-std=c++17")
|
||||
+ else()
|
||||
+ message(STATUS "The compiler ${CMAKE_CXX_COMPILER} has no C++17 support. Use C++11.")
|
||||
+ set(CMAKE_CXX_VERSION "-std=c++11")
|
||||
+ endif()
|
||||
+ set(CMAKE_CXX_FLAGS "-fPIC ${CMAKE_CXX_VERSION} -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -Wall -Wno-error=deprecated-declarations")
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -D__FILENAME__='\"$(subst ${CMAKE_SOURCE_DIR}/,,$(abspath $<))\"'")
|
||||
endif()
|
||||
set(CMAKE_SHARED_LINKER_FLAGS "-Wl,-E -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wtrampolines -shared -pthread")
|
||||
diff --git a/test/fuzz/CMakeLists.txt b/test/fuzz/CMakeLists.txt
|
||||
index 617a168f..0682ffa3 100644
|
||||
--- a/test/fuzz/CMakeLists.txt
|
||||
+++ b/test/fuzz/CMakeLists.txt
|
||||
@@ -34,7 +34,18 @@ MESSAGE(STATUS "GCLANG_PP_BINARY is set to ${GCLANG_PP_BINARY}")
|
||||
SET(CMAKE_C_COMPILER "${GCLANG_BINARY}")
|
||||
SET(CMAKE_CXX_COMPILER "${GCLANG_PP_BINARY}")
|
||||
SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -g -O0 --coverage -fsanitize=fuzzer,address -fsanitize-coverage=indirect-calls,trace-cmp,trace-div,trace-gep")
|
||||
-SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -g -O0 --coverage -std=c++17 -fsanitize=fuzzer,address -fsanitize-coverage=indirect-calls,trace-cmp,trace-div,trace-gep")
|
||||
+
|
||||
+include(CheckCXXCompilerFlag)
|
||||
+CHECK_CXX_COMPILER_FLAG("-std=c++17" COMPILER_SUPPORTS_CXX17)
|
||||
+if (COMPILER_SUPPORTS_CXX17)
|
||||
+ message(STATUS "The compiler ${CMAKE_CXX_COMPILER} has C++17 support.")
|
||||
+ set(CMAKE_CXX_VERSION "-std=c++17")
|
||||
+else()
|
||||
+ message(STATUS "The compiler ${CMAKE_CXX_COMPILER} has no C++17 support. Use C++11.")
|
||||
+ set(CMAKE_CXX_VERSION "-std=c++11")
|
||||
+endif()
|
||||
+
|
||||
+SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -g -O0 --coverage ${CMAKE_CXX_VERSION} -fsanitize=fuzzer,address -fsanitize-coverage=indirect-calls,trace-cmp,trace-div,trace-gep")
|
||||
SET(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
|
||||
|
||||
SET(EXE0 test_volume_mount_spec_fuzz)
|
||||
--
|
||||
2.40.1
|
||||
|
||||
45
iSulad.spec
45
iSulad.spec
@ -1,5 +1,5 @@
|
||||
%global _version 2.1.3
|
||||
%global _release 1
|
||||
%global _release 2
|
||||
%global is_systemd 1
|
||||
%global enable_criv1 1
|
||||
%global enable_shimv2 1
|
||||
@ -15,9 +15,40 @@ URL: https://gitee.com/openeuler/iSulad
|
||||
Source: https://gitee.com/openeuler/iSulad/repository/archive/v%{version}.tar.gz
|
||||
BuildRoot: {_tmppath}/iSulad-%{version}
|
||||
|
||||
Patch0001: 0001-Use-reference-in-loop-in-listpodsandbox.patch
|
||||
Patch6001: 6001-fix-execlp-not-enough-args.patch
|
||||
Patch6002: 6002-modify-daemon-json-default-runtime-to-runc.patch
|
||||
Patch0001: 0001-2155-Use-reference-in-loop-in-listpodsandbox.patch
|
||||
Patch0002: 0002-2156-Fix-sandbox-error-logging.patch
|
||||
Patch0003: 0003-2158-Use-crictl-v1.22.0-for-ci.patch
|
||||
Patch0004: 0004-2162-Fix-rename-issue-for-id-manager.patch
|
||||
Patch0005: 0005-2163-add-bind-mount-file-lock.patch
|
||||
Patch0006: 0006-2168-fix-code-bug.patch
|
||||
Patch0007: 0007-2171-Fix-nullptr-in-src-daemon-entry.patch
|
||||
Patch0008: 0008-Add-vsock-support-for-exec.patch
|
||||
Patch0009: 0009-remove-unneccessary-strerror.patch
|
||||
Patch0010: 0010-do-not-report-low-level-error-to-user.patch
|
||||
Patch0011: 0011-remove-usage-of-strerror-with-user-defined-errno.patch
|
||||
Patch0012: 0012-use-gmtime_r-to-replace-gmtime.patch
|
||||
Patch0013: 0013-improve-report-error-message-of-client.patch
|
||||
Patch0014: 0014-adapt-new-error-message-for-isula-cp.patch
|
||||
Patch0015: 0015-2182-Add-mutex-for-container-list-in-sandbox.patch
|
||||
Patch0016: 0016-2180-fix-execlp-not-enough-args.patch
|
||||
Patch0017: 0017-2135-modify-incorrect-variable-type.patch
|
||||
Patch0018: 0018-make-sure-the-input-parameter-is-not-empty-and-optim.patch
|
||||
Patch0019: 0019-remove-password-in-url-module-and-clean-sensitive-in.patch
|
||||
Patch0020: 0020-2153-fix-codecheck.patch
|
||||
Patch0021: 0021-2157-bugfix-for-memset.patch
|
||||
Patch0022: 0022-2159-use-macros-to-isolate-the-password-option-of-lo.patch
|
||||
Patch0023: 0023-2161-bugfix-for-api-cmakelist.patch
|
||||
Patch0024: 0024-2165-preventing-the-use-of-insecure-isulad-tmpdir-di.patch
|
||||
Patch0025: 0025-2166-move-ensure_isulad_tmpdir_security-function-to-.patch
|
||||
Patch0026: 0026-2169-using-macros-to-isolate-isulad-s-enable_plugin-.patch
|
||||
Patch0027: 0027-2178-clean-path-for-fpath-and-verify-chain-id.patch
|
||||
Patch0028: 0028-2179-modify-the-permissions-of-tmpdir-and-file-lock-.patch
|
||||
Patch0029: 0029-image-ensure-id-of-loaded-and-pulled-image-is-valid.patch
|
||||
Patch0030: 0030-mask-proxy-informations.patch
|
||||
Patch0031: 0031-add-testcase-for-isula-info.patch
|
||||
Patch0032: 0032-fix-oci-import-compile-error.patch
|
||||
Patch0033: 0033-2188-Support-both-C-11-and-C-17.patch
|
||||
Patch6001: 6001-modify-daemon-json-default-runtime-to-runc.patch
|
||||
|
||||
%ifarch x86_64 aarch64
|
||||
Provides: libhttpclient.so()(64bit)
|
||||
@ -272,6 +303,12 @@ fi
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Sep 13 2023 xuxuepeng <xuxuepeng1@huawei.com> - 2.1.3-2
|
||||
- Type: update
|
||||
- ID: NA
|
||||
- SUG: NA
|
||||
- DESC: Add vsock support for exec
|
||||
|
||||
* Tue Aug 29 2023 xuxuepeng <xuxuepeng1@huawei.com> - 2.1.3-1
|
||||
- Type: update
|
||||
- ID: NA
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user