packages/iSulad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:97c4bdee8b84a011e51522df11356fa4f276b979
Branches Tags
packages:main
...
compare: packages:80c9e1b77fefabe6be8342c8653ad3716e274ca6
Branches Tags
packages:main

10 Commits
97c4bdee8b ... 80c9e1b77f

Author SHA1 Message Date
openeuler-ci-bot
80c9e1b77f
!776 sync patches from upstream 
From: @jade_t 
Reviewed-by: @taotao-sauce 
Signed-off-by: @taotao-sauce
 2025-05-16 02:33:27 +00:00
dongyuzhen
21f7324fec sync patches from upstream 2025-05-14 14:16:41 +08:00
openeuler-ci-bot
2ec068bcaa
!763 [sync] PR-759: Sync patches from upstream for refactoring sandbox and bugfixing 
From: @openeuler-sync-bot 
Reviewed-by: @taotao-sauce 
Signed-off-by: @taotao-sauce
 2025-01-06 03:53:46 +00:00
Lu Jingxiao
a1efa78546 Sync patches from upstream for refactoring sandbox and bugfixing 
including:
15dd7690 add layer storage ut test
7a3d70db bugfix for parse_http_header
3144357f bugfix: mem leak
02a8be62 image store:fix code style
4f030e07 registry module code improve
0340a824 fix some bad code
7dfa6916 add image storage unit test
1e9031cc UT: del shim_sandbox and change sandbox ops
16da6634 sandbox: del shim_sandbox and change sandbox ops

Signed-off-by: Lu Jingxiao <lujingxiao@huawei.com>
(cherry picked from commit cd18a717e414326116ccbd19bc87e29fa9c4ffc6)
 2025-01-06 10:43:52 +08:00
openeuler-ci-bot
d2f1f654aa
!760 [sync] PR-758: Sync patches from upstream 
From: @openeuler-sync-bot 
Reviewed-by: @taotao-sauce 
Signed-off-by: @taotao-sauce
 2025-01-05 07:19:49 +00:00
Lu Jingxiao
d2bf32cae3 Sync patches from upstream 
including:
3e0cafd6 supplementary registry design documentation
a6b8a2c0 bugfix:do purge container when do_start_container failed
2a307813 image store: add UT
255fada4 image layer:fix code style
6766ace8 bugfix:fix exec --detach for shim v2
3c9d51bf bugfix for workdir len verify
f55efffa bug fix: Isula ps not display N/A when ports empty
9006b290 bugfix:overwriting when i is len-1

Signed-off-by: Lu Jingxiao <lujingxiao@huawei.com>
(cherry picked from commit ca9c755d85eeece47f587426603a8f0d5c99eac9)
 2024-12-31 09:42:51 +08:00
openeuler-ci-bot
1dc43c9f12
!757 [sync] PR-754: bugfix for nri 
From: @openeuler-sync-bot 
Reviewed-by: @xuxuepeng 
Signed-off-by: @xuxuepeng
 2024-12-18 10:13:56 +00:00
zhongtao
25daf1f442 bugfix for nri 
Signed-off-by: zhongtao <zhongtao17@huawei.com>
(cherry picked from commit 2b0d5a6513507eeece64da43cde77e9e92e21b51)
 2024-12-18 17:32:15 +08:00
openeuler-ci-bot
dd4ef73cde
!752 [sync] PR-750: sandboxer require isula-rust-extensions 
From: @openeuler-sync-bot 
Reviewed-by: @taotao-sauce 
Signed-off-by: @taotao-sauce
 2024-12-02 08:27:56 +00:00
liuxu
c7c69ee3a4 sandboxer require isula-rust-extensions 
Signed-off-by: liuxu <liuxu156@huawei.com>
(cherry picked from commit beadf6d3baa2047e5e79f5c3a7288a2df4d34b6f)
 2024-11-28 17:15:01 +08:00
45 changed files with 8999 additions and 3 deletions
Show Stats Expand all files Collapse all files

80
0157-bugfix-for-nri-init.patch Normal file
View File

@ -0,0 +1,80 @@
From 08b996a54c6330e704cbc9271f348a62e24fe880 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 18 Dec 2024 22:43:26 +1400
Subject: [PATCH 157/158] bugfix for nri init
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/common/nri/nri_convert.cc | 7 ++++---
src/daemon/nri/nri_plugin_ops.cc | 28 +++++++++++++---------------
2 files changed, 17 insertions(+), 18 deletions(-)
diff --git a/src/daemon/common/nri/nri_convert.cc b/src/daemon/common/nri/nri_convert.cc
index d862d992..6e571d9a 100644
--- a/src/daemon/common/nri/nri_convert.cc
+++ b/src/daemon/common/nri/nri_convert.cc
@@ -196,7 +196,6 @@ auto PodSandboxToNRI(const std::shared_ptr<const sandbox::Sandbox> &sandbox, nri
pod._namespace = util_strdup_s(sandbox->GetSandboxConfig().metadata().namespace_().c_str());
}
-
pod.labels = Transform::ProtobufMapToJsonMapForString(sandbox->GetSandboxConfig().labels(), tmpError);
if (pod.labels == nullptr) {
ERROR("Failed to transform labels to nri for pod : %s, : %s", pod.name, tmpError.GetMessage().c_str());
@@ -971,9 +970,11 @@ auto ContainerToNRIByID(const std::string &id, nri_container &con) -> bool
goto out;
}
- con.pod_sandbox_id = util_strdup_s(cont->common_config->sandbox_info->id);
- ret = true;
+ if (cont->common_config->sandbox_info!= nullptr && cont->common_config->sandbox_info->id != nullptr) {
+ con.pod_sandbox_id = util_strdup_s(cont->common_config->sandbox_info->id);
+ }
+ ret = true;
out:
container_unref(cont);
return ret;
diff --git a/src/daemon/nri/nri_plugin_ops.cc b/src/daemon/nri/nri_plugin_ops.cc
index e2f88b63..7953f7de 100644
--- a/src/daemon/nri/nri_plugin_ops.cc
+++ b/src/daemon/nri/nri_plugin_ops.cc
@@ -42,22 +42,20 @@ bool nri_adaption_init(void)
{
Errors error;
- if (!conf_get_nri_support()) {
- return true;
- }
-
- nri_runtime_callbacks callbacks;
- callbacks.register_plugin = nri_registry_containers;
- callbacks.update_containers = nri_update_containers;
- if (nri_runtime_service_init(callbacks) != 0) {
- ERROR("Failed to init runtime service\n");
- return false;
- }
+ if (conf_get_nri_support()) {
+ nri_runtime_callbacks callbacks;
+ callbacks.register_plugin = nri_registry_containers;
+ callbacks.update_containers = nri_update_containers;
+ if (nri_runtime_service_init(callbacks) != 0) {
+ ERROR("Failed to init runtime service\n");
+ return false;
+ }
- if (conf_get_nri_external_support()) {
- if (!start_external_listener()) {
- ERROR("Failed to start external listener\n");
- goto clean_out;
+ if (conf_get_nri_external_support()) {
+ if (!start_external_listener()) {
+ ERROR("Failed to start external listener\n");
+ goto clean_out;
+ }
}
}
--
2.25.1

87
0158-Revert-move-nri-call-in-stop-and-remove-con.patch Normal file
View File

@ -0,0 +1,87 @@
From e160e82c1a7eff3c9cca9794a4db04508e9ffb05 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 18 Dec 2024 22:54:32 +1400
Subject: [PATCH 158/158] Revert "move nri call in stop and remove con"
This reverts commit db60c64138b45539fe70282c853ac2dae5954924.
---
src/daemon/common/cri/cri_helpers.cc | 18 ------------------
.../cri/v1/v1_cri_container_manager_service.cc | 14 ++++++++++++++
2 files changed, 14 insertions(+), 18 deletions(-)
diff --git a/src/daemon/common/cri/cri_helpers.cc b/src/daemon/common/cri/cri_helpers.cc
index aa8e3c19..a8cbd996 100644
--- a/src/daemon/common/cri/cri_helpers.cc
+++ b/src/daemon/common/cri/cri_helpers.cc
@@ -32,10 +32,6 @@
#include "isulad_config.h"
#include "sha256.h"
-#ifdef ENABLE_NRI
-#include "nri_adaption.h"
-#endif
-
namespace CRIHelpers {
const std::string Constants::POD_NETWORK_ANNOTATION_KEY { "network.alpha.kubernetes.io/network" };
const std::string Constants::CONTAINER_TYPE_LABEL_KEY { "cri.isulad.type" };
@@ -664,13 +660,6 @@ void RemoveContainerHelper(service_executor_t *cb, const std::string &containerI
goto cleanup;
}
-#ifdef ENABLE_NRI
- if (!NRIAdaptation::GetInstance()->RemoveContainer(containerID, error)) {
- ERROR("NRI RemoveContainer notification failed: %s", error.GetCMessage());
- }
- error.Clear();
-#endif
-
if (cb->container.remove(request, &response) != 0) {
if (response != nullptr && response->errmsg != nullptr) {
error.SetError(response->errmsg);
@@ -730,13 +719,6 @@ void StopContainerHelper(service_executor_t *cb, const std::string &containerID,
error.SetError(msg);
}
-#ifdef ENABLE_NRI
- if (!NRIAdaptation::GetInstance()->StopContainer(containerID, error)) {
- ERROR("NRI StopContainer notification failed: %s", error.GetCMessage());
- }
- error.Clear();
-#endif
-
free_container_stop_request(request);
free_container_stop_response(response);
}
diff --git a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
index b585b49c..1e84d14c 100644
--- a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
+++ b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
@@ -618,11 +618,25 @@ cleanup:
void ContainerManagerService::StopContainer(const std::string &containerID, int64_t timeout, Errors &error)
{
+#ifdef ENABLE_NRI
+ Errors nriErr;
+#endif
CRIHelpers::StopContainer(m_cb, containerID, timeout, error);
+#ifdef ENABLE_NRI
+ if (!NRIAdaptation::GetInstance()->StopContainer(containerID, nriErr)) {
+ ERROR("NRI StopContainer notification failed: %s", nriErr.GetCMessage());
+ }
+#endif
}
void ContainerManagerService::RemoveContainer(const std::string &containerID, Errors &error)
{
+#ifdef ENABLE_NRI
+ Errors nriErr;
+ if (!NRIAdaptation::GetInstance()->RemoveContainer(containerID, nriErr)) {
+ ERROR("NRI RemoveContainer notification failed: %s", nriErr.GetCMessage());
+ }
+#endif
CRIHelpers::RemoveContainer(m_cb, containerID, error);
if (error.NotEmpty()) {
WARN("Failed to remove container %s", containerID.c_str());
--
2.25.1

31
0159-bugfix-overwriting-when-i-is-len-1.patch Normal file
View File

@ -0,0 +1,31 @@
From 9006b2901cb17b5cf0fa3579334ddb765ac3fe11 Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Mon, 25 Nov 2024 19:42:02 +0800
Subject: [PATCH 01/19] bugfix:overwriting when i is len-1
Signed-off-by: liuxu <liuxu156@huawei.com>
---
src/daemon/modules/spec/specs.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c
index 36e89343..67a47257 100644
--- a/src/daemon/modules/spec/specs.c
+++ b/src/daemon/modules/spec/specs.c
@@ -2779,8 +2779,11 @@ void spec_remove_mount(oci_runtime_spec *oci_spec, const char *dest)
for (i = 0; i < oci_spec->mounts_len; i++) {
if (strcmp(oci_spec->mounts[i]->destination, dest) == 0) {
free_defs_mount(oci_spec->mounts[i]);
- (void)memcpy((void **)&oci_spec->mounts[i], (void **)&oci_spec->mounts[i + 1],
- (oci_spec->mounts_len - i - 1) * sizeof(void *));
+ oci_spec->mounts[i] = NULL;
+ if (i != oci_spec->mounts_len - 1) {
+ (void)memcpy((void **)&oci_spec->mounts[i], (void **)&oci_spec->mounts[i + 1],
+ (oci_spec->mounts_len - i - 1) * sizeof(void *));
+ }
oci_spec->mounts_len--;
return;
}
--
2.23.0

25
0160-bug-fix-Isula-ps-not-display-N-A-when-ports-empty.patch Normal file
View File

@ -0,0 +1,25 @@
From f55efffaeb1f28ac4e4e1b60b820b2b4694067b4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=AD=A6=E7=A7=AF=E8=B6=85?= <wujichao1@huawei.com>
Date: Tue, 26 Nov 2024 20:29:29 +0800
Subject: [PATCH 02/19] bug fix: Isula ps not display N/A when ports empty
---
src/cmd/isula/information/ps.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/cmd/isula/information/ps.c b/src/cmd/isula/information/ps.c
index 6bdc157f..5f46ef22 100644
--- a/src/cmd/isula/information/ps.c
+++ b/src/cmd/isula/information/ps.c
@@ -332,7 +332,7 @@ static void print_basic_container_info_item(const struct isula_container_summary
} else if (strcmp(name, "Created") == 0) {
print_created_field(in->created, length->created_length);
} else if (strcmp(name, "Ports") == 0) {
- const char *ports = (in->ports != NULL ? in->ports : "N/A");
+ const char *ports = (in->ports != NULL ? in->ports : " ");
printf("%-*s", (int)length->ports_length, ports);
}
}
--
2.23.0

28
0161-bugfix-for-workdir-len-verify.patch Normal file
View File

@ -0,0 +1,28 @@
From 3c9d51bfdf0e71ac846946d746003139bf3a02c8 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 26 Nov 2024 23:46:52 +1400
Subject: [PATCH 03/19] bugfix for workdir len verify
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/modules/runtime/isula/isula_rt_ops.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index e628c3fe..22608e4c 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -786,8 +786,8 @@ static int shielded_output_check(const char *output, const char *workdir)
return 0;
}
- if (sizeof(chdir_pattern) > PATH_MAX - strlen("chdir ") - strlen(" failed")) {
- INFO("chdir_pattern is too long");
+ if (strlen(workdir) > PATH_MAX - strlen("chdir ") - strlen(" failed")) {
+ INFO("workdir is too long");
return -1;
}
--
2.23.0

115
0162-bugfix-fix-exec-detach-for-shim-v2.patch Normal file
View File

@ -0,0 +1,115 @@
From 6766ace88ac35f217b5e6b6ddab7c30e126a7956 Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Tue, 26 Nov 2024 15:37:46 +0800
Subject: [PATCH 04/19] bugfix:fix exec --detach for shim v2
Signed-off-by: liuxu <liuxu156@huawei.com>
---
.../modules/runtime/isula/isula_rt_ops.c | 11 ++----
src/daemon/modules/runtime/runtime_common.h | 35 +++++++++++++++++++
src/daemon/modules/runtime/shim/shim_rt_ops.c | 4 ++-
3 files changed, 40 insertions(+), 10 deletions(-)
create mode 100644 src/daemon/modules/runtime/runtime_common.h
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index e628c3fe..11288310 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -56,6 +56,7 @@
#include "utils_file.h"
#include "console.h"
#include "shim_constants.h"
+#include "runtime_common.h"
#define SHIM_BINARY "isulad-shim"
#define RESIZE_FIFO_NAME "resize_fifo"
@@ -1393,14 +1394,6 @@ int rt_isula_rm(const char *id, const char *runtime, const rt_rm_params_t *param
return 0;
}
-static bool fg_exec(const rt_exec_params_t *params)
-{
- if (params->console_fifos[0] != NULL || params->console_fifos[1] != NULL || params->console_fifos[2] != NULL) {
- return true;
- }
- return false;
-}
-
static char *try_generate_random_id()
{
char *id = NULL;
@@ -1536,7 +1529,7 @@ int rt_isula_exec(const char *id, const char *runtime, const rt_exec_params_t *p
}
}
- args.fg = fg_exec(params);
+ args.fg = rt_fg_exec(params);
args.id = id;
args.workdir = workdir;
args.bundle = bundle;
diff --git a/src/daemon/modules/runtime/runtime_common.h b/src/daemon/modules/runtime/runtime_common.h
new file mode 100644
index 00000000..dde47110
--- /dev/null
+++ b/src/daemon/modules/runtime/runtime_common.h
@@ -0,0 +1,35 @@
+/******************************************************************************
+ * Copyright (c) Huawei Technologies Co., Ltd. 2024. All rights reserved.
+ * iSulad licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Author: liuxu
+ * Create: 2024-11-28
+ * Description: runtime common definition
+ ******************************************************************************/
+
+#ifndef DAEMON_MODULES_RUNTIME_COMMON_H
+#define DAEMON_MODULES_RUNTIME_COMMON_H
+
+#include "runtime_api.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+static inline bool rt_fg_exec(const rt_exec_params_t *params)
+{
+ return params->console_fifos[0] != NULL || params->console_fifos[1] != NULL || params->console_fifos[2] != NULL;
+}
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // DAEMON_MODULES_RUNTIME_COMMON_H
diff --git a/src/daemon/modules/runtime/shim/shim_rt_ops.c b/src/daemon/modules/runtime/shim/shim_rt_ops.c
index fc4d8e3a..fce18ade 100644
--- a/src/daemon/modules/runtime/shim/shim_rt_ops.c
+++ b/src/daemon/modules/runtime/shim/shim_rt_ops.c
@@ -36,6 +36,7 @@
#include "shim_rt_monitor.h"
#include "supervisor.h"
#include "isulad_config.h"
+#include "runtime_common.h"
#define EXIT_SIGNAL_OFFSET_X 128
@@ -589,7 +590,8 @@ int rt_shim_exec(const char *id, const char *runtime, const rt_exec_params_t *pa
goto out;
}
- if (shim_v2_wait(id, params->suffix, exit_code) != 0) {
+ if (rt_fg_exec(params) &&
+ shim_v2_wait(id, params->suffix, exit_code) != 0) {
ERROR("%s: failed to wait exec process", id);
ret = -1;
goto out;
--
2.23.0

114
0163-image-layer-fix-code-style.patch Normal file
View File

@ -0,0 +1,114 @@
From 255fada49877e854690d628dc7832c3e459fd5aa Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Thu, 5 Dec 2024 19:59:15 +0800
Subject: [PATCH 05/19] image layer:fix code style
Signed-off-by: liuxu <liuxu156@huawei.com>
---
.../modules/image/oci/storage/layer_store/layer.c | 9 +++++----
.../modules/image/oci/storage/layer_store/layer.h | 6 +++---
.../image/oci/storage/layer_store/layer_store.c | 11 ++++++-----
.../image/oci/storage/layer_store/layer_store.h | 5 +++--
4 files changed, 17 insertions(+), 14 deletions(-)
diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer.c b/src/daemon/modules/image/oci/storage/layer_store/layer.c
index 4beb3d10..8fd9aa5b 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/layer.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/layer.c
@@ -15,16 +15,17 @@
#include "layer.h"
-#include <isula_libutils/json_common.h>
-#include <isula_libutils/storage_layer.h>
#include <stdlib.h>
#include <string.h>
+#include <isula_libutils/json_common.h>
+#include <isula_libutils/storage_layer.h>
+#include <isula_libutils/storage_mount_point.h>
+#include <isula_libutils/log.h>
+
#include "constants.h"
-#include "isula_libutils/storage_mount_point.h"
#include "util_atomic.h"
#include "utils.h"
-#include "isula_libutils/log.h"
#include "utils_file.h"
void free_layer_t(layer_t *ptr)
diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer.h b/src/daemon/modules/image/oci/storage/layer_store/layer.h
index 9387efe0..94831ef4 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/layer.h
+++ b/src/daemon/modules/image/oci/storage/layer_store/layer.h
@@ -20,9 +20,9 @@
#include <stdbool.h>
#include <stddef.h>
-#include "isula_libutils/storage_layer.h"
-#include "isula_libutils/storage_mount_point.h"
-#include "isula_libutils/log.h"
+#include <isula_libutils/storage_layer.h>
+#include <isula_libutils/storage_mount_point.h>
+#include <isula_libutils/log.h>
#ifdef __cplusplus
extern "C" {
diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
index 3ffe0ca7..bb2e7edc 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
@@ -19,6 +19,11 @@
#include <stdio.h>
#include <limits.h>
#include <dirent.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/stat.h>
+
#include <isula_libutils/container_inspect.h>
#include <isula_libutils/storage_layer.h>
#include <isula_libutils/storage_mount_point.h>
@@ -26,10 +31,6 @@
#include <isula_libutils/log.h>
#include <isula_libutils/storage_entry.h>
#include <isula_libutils/go_crc64.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/stat.h>
#include "util_archive.h"
#include "storage.h"
@@ -1709,7 +1710,7 @@ static int load_layers_from_json_files()
}
ret = 0;
- goto unlock_out;
+
unlock_out:
layer_store_unlock();
return ret;
diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.h b/src/daemon/modules/image/oci/storage/layer_store/layer_store.h
index eba406d4..a1b0857e 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.h
+++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.h
@@ -16,11 +16,12 @@
#define DAEMON_MODULES_IMAGE_OCI_STORAGE_LAYER_STORE_LAYER_STORE_H
#include <stdint.h>
-#include <isula_libutils/imagetool_fs_info.h>
-#include <isula_libutils/json_common.h>
#include <stdbool.h>
#include <stddef.h>
+#include <isula_libutils/imagetool_fs_info.h>
+#include <isula_libutils/json_common.h>
+
#include "storage.h"
#include "io_wrapper.h"
--
2.23.0

207
0164-image-store-add-UT.patch Normal file
View File

@ -0,0 +1,207 @@
From 2a3078132c461c45cba2932a75517314db06dcbd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=AD=A6=E7=A7=AF=E8=B6=85?= <wujichao1@huawei.com>
Date: Fri, 6 Dec 2024 16:32:03 +0800
Subject: [PATCH 06/19] image store: add UT
---
.../oci/storage/images/storage_images_ut.cc | 53 ++++++++++++++++++-
1 file changed, 51 insertions(+), 2 deletions(-)
diff --git a/test/image/oci/storage/images/storage_images_ut.cc b/test/image/oci/storage/images/storage_images_ut.cc
index 001090fe..ad0084d6 100644
--- a/test/image/oci/storage/images/storage_images_ut.cc
+++ b/test/image/oci/storage/images/storage_images_ut.cc
@@ -269,12 +269,21 @@ TEST_F(StorageImagesCompatibilityUnitTest, test_load_v1_image)
EXPECT_CALL(m_storage_mock, FreeLayerList(_)).WillRepeatedly(Invoke(invokeFreeLayerList));
opts.storage_root = strdup(store_real_path);
opts.driver_name = strdup("overlay");
+
+ std::string converted_image_id { "597fa49c3dbc5dd1e84120dd1906b65223afd479a7e094c085b580060c0fccec" };
+ ASSERT_FALSE(image_store_exists(converted_image_id.c_str())); // before init must false
+ ASSERT_EQ(image_store_delete(converted_image_id.c_str()), -1); // before init must false
+
ASSERT_EQ(image_store_init(&opts), 0);
+ // init twice will go to errror branch "Image store has already been initialized"
+ ASSERT_EQ(image_store_init(&opts), -1);
free(opts.storage_root);
free(opts.driver_name);
- std::string converted_image_id { "597fa49c3dbc5dd1e84120dd1906b65223afd479a7e094c085b580060c0fccec" };
ASSERT_TRUE(image_store_exists(converted_image_id.c_str()));
+ const char* null_id = NULL;
+ ASSERT_FALSE(image_store_exists(null_id));
ASSERT_EQ(image_store_delete(converted_image_id.c_str()), 0);
+ ASSERT_EQ(image_store_delete(null_id), -1);
}
class StorageImagesUnitTest : public testing::Test {
@@ -320,6 +329,8 @@ protected:
TEST_F(StorageImagesUnitTest, test_images_load)
{
+ const char* null_id = NULL;
+ ASSERT_EQ(image_store_get_image(null_id), nullptr);
auto image = image_store_get_image(ids.at(0).c_str());
ASSERT_NE(image, nullptr);
@@ -345,11 +356,17 @@ TEST_F(StorageImagesUnitTest, test_images_load)
char **names { nullptr };
size_t names_len { 0 };
+
+ ASSERT_EQ(image_store_big_data_names(null_id, &names, &names_len), -1);
ASSERT_EQ(image_store_big_data_names(ids.at(0).c_str(), &names, &names_len), 0);
ASSERT_EQ(names_len, 2);
ASSERT_STREQ(names[0], "sha256:39891ff67da98ab8540d71320915f33d2eb80ab42908e398472cab3c1ce7ac10");
ASSERT_STREQ(names[1], "manifest");
+ const char* null_name = NULL;
+ ASSERT_EQ(image_store_big_data_size(null_id, names[0]), -1);
+ ASSERT_EQ(image_store_big_data_size(ids.at(0).c_str(), null_name), -1);
+
ASSERT_EQ(image_store_big_data_size(ids.at(0).c_str(), names[0]), 2235);
ASSERT_EQ(image_store_big_data_size(ids.at(0).c_str(), names[1]), 741);
for (size_t i {}; i < names_len; ++i) {
@@ -418,7 +435,11 @@ TEST_F(StorageImagesUnitTest, test_image_store_create)
std::cout << buffer << std::endl;
std::string key = "sha256:" + std::string(created_image);
+ const char* null_key = NULL;
ASSERT_EQ(image_store_set_big_data(created_image, key.c_str(), buffer.c_str()), 0);
+ ASSERT_EQ(image_store_set_big_data(created_image, null_key, buffer.c_str()), -1);
+ const char* null_id = NULL;
+ ASSERT_EQ(image_store_set_big_data(null_id, key.c_str(), buffer.c_str()), -1);
std::string img_store_path = std::string(store_real_path) + "/overlay-images/";
ASSERT_TRUE(dirExists((img_store_path + id).c_str()));
@@ -440,10 +461,13 @@ TEST_F(StorageImagesUnitTest, test_image_store_create)
std::cout << "manifest :" << std::endl;
std::cout << manifest_content << std::endl;
+ ASSERT_EQ(image_store_big_data(null_id, "manifest"), nullptr);
+ ASSERT_EQ(image_store_big_data(id.c_str(), null_key), nullptr);
char *data = image_store_big_data(id.c_str(), "manifest");
ASSERT_STREQ(data, manifest_content.c_str());
free(data);
+ ASSERT_EQ(image_store_get_image(null_id), nullptr);
auto image = image_store_get_image(id.c_str());
ASSERT_NE(image, nullptr);
ASSERT_NE(image->created, nullptr);
@@ -476,16 +500,19 @@ TEST_F(StorageImagesUnitTest, test_image_store_create)
free_imagetool_image(image);
char *toplayer = nullptr;
+ ASSERT_EQ(image_store_top_layer(null_id), nullptr);
ASSERT_STREQ((toplayer = image_store_top_layer(id.c_str())),
"6194458b07fcf01f1483d96cd6c34302ffff7f382bb151a6d023c4e80ba3050a");
free(toplayer);
+ ASSERT_EQ(image_store_set_image_size(null_id, 1000), -1);
ASSERT_EQ(image_store_set_image_size(id.c_str(), 1000), 0);
image = image_store_get_image(id.c_str());
ASSERT_EQ(image->size, 1000);
free_imagetool_image(image);
+ ASSERT_EQ(image_store_add_name(null_id, "isula.org/library/test:latest"), -1);
ASSERT_EQ(image_store_add_name(id.c_str(), "isula.org/library/test:latest"), 0);
image = image_store_get_image(id.c_str());
ASSERT_EQ(image->repo_tags_len, 2);
@@ -497,6 +524,9 @@ TEST_F(StorageImagesUnitTest, test_image_store_create)
img_names = (char **)util_common_calloc_s(2 * sizeof(char *));
img_names[0] = util_strdup_s("busybox:latest");
img_names[1] = util_strdup_s("centos:3.0");
+ size_t names_len = 0;
+ ASSERT_EQ(image_store_set_names(null_id, (const char **)img_names, 2), -1);
+ ASSERT_EQ(image_store_set_names(id.c_str(), (const char **)img_names, names_len), -1);
ASSERT_EQ(image_store_set_names(id.c_str(), (const char **)img_names, 2), 0);
image = image_store_get_image(id.c_str());
ASSERT_EQ(image->repo_tags_len, 2);
@@ -505,13 +535,17 @@ TEST_F(StorageImagesUnitTest, test_image_store_create)
util_free_array_by_len(img_names, 2);
free_imagetool_image(image);
+ ASSERT_EQ(image_store_set_metadata(null_id, "{metadata}"), -1);
ASSERT_EQ(image_store_set_metadata(id.c_str(), "{metadata}"), 0);
char *manifest_val = nullptr;
+
+ ASSERT_EQ(image_store_metadata(null_id), nullptr);
ASSERT_STREQ((manifest_val = image_store_metadata(id.c_str())), "{metadata}");
free(manifest_val);
free(created_image);
+ ASSERT_EQ(image_store_delete(null_id), -1);
ASSERT_EQ(image_store_delete(id.c_str()), 0);
ASSERT_EQ(image_store_get_image(id.c_str()), nullptr);
ASSERT_FALSE(dirExists((img_store_path + id).c_str()));
@@ -530,6 +564,7 @@ TEST_F(StorageImagesUnitTest, test_image_store_create)
std::cout << cp_command << std::endl;
ASSERT_EQ(system(cp_command.c_str()), 0);
+ ASSERT_EQ(image_store_big_data_digest(random_id, null_key), nullptr);
char *digest = image_store_big_data_digest(random_id, "manifest");
ASSERT_STREQ(digest, "sha256:fdb7b1fccaaa535cb8211a194dd6314acc643f3a36d1a7d2b79c299a9173fa7e");
free(digest);
@@ -547,6 +582,8 @@ TEST_F(StorageImagesUnitTest, test_image_store_lookup)
std::string truncatedId { "e4db68de4ff27" };
std::string incorrectId { "4db68de4ff27" };
+ const char* null_id = NULL;
+ ASSERT_EQ(image_store_lookup(null_id), nullptr);
char *value = nullptr;
ASSERT_STREQ((value = image_store_lookup(name.c_str())), id.c_str());
free(value);
@@ -563,6 +600,8 @@ TEST_F(StorageImagesUnitTest, test_image_store_exists)
std::string truncatedId { "398" };
std::string incorrectId { "ff67da98ab8540d713209" };
+ const char* null_id = NULL;
+ ASSERT_FALSE(image_store_exists(null_id));
ASSERT_TRUE(image_store_exists(name.c_str()));
ASSERT_TRUE(image_store_exists(truncatedId.c_str()));
ASSERT_FALSE(image_store_exists(incorrectId.c_str()));
@@ -584,6 +623,7 @@ TEST_F(StorageImagesUnitTest, test_image_store_metadata)
TEST_F(StorageImagesUnitTest, test_image_store_get_all_images)
{
imagetool_images_list *images_list = nullptr;
+ ASSERT_EQ(image_store_get_all_images(images_list), -1);
images_list = (imagetool_images_list *)util_common_calloc_s(sizeof(imagetool_images_list));
ASSERT_NE(images_list, nullptr);
@@ -613,7 +653,12 @@ TEST_F(StorageImagesUnitTest, test_image_store_get_something)
ASSERT_EQ(image_store_get_images_number(), 2);
ASSERT_EQ(image_store_get_fs_info(fs_info), 0);
+ imagetool_fs_info *null_fs_info = nullptr;
+ ASSERT_EQ(image_store_get_fs_info(null_fs_info), -1);
+
ASSERT_EQ(image_store_get_names(ids.at(0).c_str(), &names, &names_len), 0);
+ const char* null_id = NULL;
+ ASSERT_EQ(image_store_get_names(null_id, &names, &names_len), -1);
ASSERT_EQ(names_len, 1);
ASSERT_STREQ(names[0], "imagehub.isulad.com/official/centos:latest");
@@ -632,7 +677,9 @@ TEST_F(StorageImagesUnitTest, test_image_store_delete)
ASSERT_FALSE(image_store_exists(elem.c_str()));
ASSERT_FALSE(dirExists((std::string(store_real_path) + "/overlay-images/" + elem).c_str()));
}
-
+ const char* null_id = NULL;
+ ASSERT_FALSE(image_store_exists(null_id));
+ ASSERT_EQ(image_store_delete(null_id), -1);
Restore();
}
@@ -646,6 +693,8 @@ TEST_F(StorageImagesUnitTest, test_image_store_remove_single_name)
}
ASSERT_EQ(image_store_add_name(ids.at(0).c_str(), "imagehub.isulad.com/official/busybox:latest"), 0);
+ const char* null_id = NULL;
+ ASSERT_EQ(image_store_add_name(null_id, "imagehub.isulad.com/official/busybox:latest"), -1);
Restore();
}
--
2.23.0

125
0165-bugfix-do-purge-container-when-do_start_container-fa.patch Normal file
View File

@ -0,0 +1,125 @@
From a6b8a2c04df21d940ce0d22128b776c00d460bba Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Fri, 6 Dec 2024 10:39:22 +0800
Subject: [PATCH 07/19] bugfix:do purge container when do_start_container
failed
Signed-off-by: liuxu <liuxu156@huawei.com>
---
.../modules/container/restore/restore.c | 1 +
.../modules/container/supervisor/supervisor.c | 4 +--
.../modules/service/service_container.c | 25 ++++++++++++++++---
3 files changed, 23 insertions(+), 7 deletions(-)
diff --git a/src/daemon/modules/container/restore/restore.c b/src/daemon/modules/container/restore/restore.c
index 52f68d21..44ed14df 100644
--- a/src/daemon/modules/container/restore/restore.c
+++ b/src/daemon/modules/container/restore/restore.c
@@ -95,6 +95,7 @@ static int restore_supervisor(const container_t *cont)
if (container_supervisor_add_exit_monitor(exit_fifo_fd, exit_fifo, &pid_info, cont)) {
ERROR("Failed to add exit monitor to supervisor");
+ close(exit_fifo_fd);
ret = -1;
goto out;
}
diff --git a/src/daemon/modules/container/supervisor/supervisor.c b/src/daemon/modules/container/supervisor/supervisor.c
index 294783eb..f77f58d7 100644
--- a/src/daemon/modules/container/supervisor/supervisor.c
+++ b/src/daemon/modules/container/supervisor/supervisor.c
@@ -328,7 +328,6 @@ int container_supervisor_add_exit_monitor(int fd, const char *exit_fifo, const p
if (pid_info == NULL || cont == NULL || cont->common_config == NULL) {
ERROR("Invalid input arguments");
- close(fd);
return -1;
}
@@ -336,7 +335,6 @@ int container_supervisor_add_exit_monitor(int fd, const char *exit_fifo, const p
cgroup_path = merge_container_cgroups_path(cont->common_config->id, cont->hostconfig);
if (cgroup_path == NULL) {
ERROR("Failed to get cgroup path");
- close(fd);
return -1;
}
#endif
@@ -344,7 +342,6 @@ int container_supervisor_add_exit_monitor(int fd, const char *exit_fifo, const p
data = util_common_calloc_s(sizeof(struct supervisor_handler_data));
if (data == NULL) {
ERROR("Memory out");
- close(fd);
return -1;
}
@@ -385,6 +382,7 @@ int container_supervisor_add_exit_monitor(int fd, const char *exit_fifo, const p
goto out;
err:
+ data->fd = -1;
supervisor_handler_data_free(data);
#ifdef ENABLE_OOM_MONITOR
common_free_cgroup_oom_handler_info(oom_handler_info);
diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
index 8e80e936..250e8299 100644
--- a/src/daemon/modules/service/service_container.c
+++ b/src/daemon/modules/service/service_container.c
@@ -283,7 +283,6 @@ static int do_post_start_on_success(container_t *cont, int exit_fifo_fd,
{
int ret = 0;
- // exit_fifo_fd was closed in container_supervisor_add_exit_monitor
if (container_supervisor_add_exit_monitor(exit_fifo_fd, exit_fifo, pid_info, cont)) {
ERROR("Failed to add exit monitor to supervisor");
ret = -1;
@@ -936,7 +935,11 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo
if (runtime_create(id, runtime, &create_params) != 0) {
ret = -1;
+#ifdef ENABLE_CRI_API_V1
+ goto clean_prepare_container;
+#else
goto close_exit_fd;
+#endif
}
start_params.rootpath = cont->root_path;
@@ -959,19 +962,33 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo
if (do_post_start_on_success(cont, exit_fifo_fd, exit_fifo, pid_info) != 0) {
ERROR("Failed to do post start on runtime start success");
ret = -1;
- goto clean_resources;
+#ifdef ENABLE_CRI_API_V1
+ goto clean_prepare_container;
+#else
+ goto close_exit_fd;
+#endif
}
} else {
// wait monitor cleanup cgroup and processes finished
wait_exit_fifo(id, exit_fifo_fd);
+#ifdef ENABLE_CRI_API_V1
+ goto clean_prepare_container;
+#else
goto close_exit_fd;
+#endif
}
goto out;
+#ifdef ENABLE_CRI_API_V1
+clean_prepare_container:
+ if (cont->common_config->sandbox_info != NULL &&
+ sandbox_purge_container(cont->common_config) != 0) {
+ ERROR("Failed to remove container %s from sandbox", id);
+ }
+#endif
+
close_exit_fd:
close(exit_fifo_fd);
-
-clean_resources:
clean_resources_on_failure(cont, engine_log_path, loglevel);
out:
--
2.23.0

101
0166-supplementary-registry-design-documentation.patch Normal file
View File

File diff suppressed because one or more lines are too long

1167
0167-sandbox-del-shim_sandbox-and-change-sandbox-ops.patch Normal file
View File

File diff suppressed because it is too large Load Diff

348
0168-UT-del-shim_sandbox-and-change-sandbox-ops.patch Normal file
View File

@ -0,0 +1,348 @@
From 1e9031cc064f6980250287641e6b3311af755485 Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Sat, 30 Nov 2024 09:50:33 +0800
Subject: [PATCH 02/11] UT: del shim_sandbox and change sandbox ops
Signed-off-by: liuxu <liuxu156@huawei.com>
---
test/mocks/sandbox_mock.cc | 26 ++++++++
test/mocks/sandbox_mock.h | 9 +++
test/mocks/sandboxer_sandbox_mock.cc | 35 +++++-----
test/mocks/sandboxer_sandbox_mock.h | 13 ++--
test/mocks/shim_sandbox_mock.cc | 72 ---------------------
test/mocks/shim_sandbox_mock.h | 43 ------------
test/sandbox/sandbox/CMakeLists.txt | 1 -
test/sandbox/sandbox/sandbox_ut.cc | 5 +-
test/sandbox/sandbox_manager/CMakeLists.txt | 1 -
9 files changed, 61 insertions(+), 144 deletions(-)
delete mode 100644 test/mocks/shim_sandbox_mock.cc
delete mode 100644 test/mocks/shim_sandbox_mock.h
diff --git a/test/mocks/sandbox_mock.cc b/test/mocks/sandbox_mock.cc
index 9db57a93..cce5a1b6 100644
--- a/test/mocks/sandbox_mock.cc
+++ b/test/mocks/sandbox_mock.cc
@@ -221,4 +221,30 @@ bool Sandbox::Remove(Errors &error)
}
return true;
}
+
+void Sandbox::LoadSandboxTasks() {}
+
+auto Sandbox::PrepareContainer(const char *containerId, const char *baseFs,
+ const oci_runtime_spec *ociSpec,
+ const char *consoleFifos[]) -> int
+{
+ return 0;
+}
+
+auto Sandbox::PrepareExec(const char *containerId, const char *execId,
+ defs_process *processSpec, const char *consoleFifos[]) -> int
+{
+ return 0;
+}
+
+auto Sandbox::PurgeContainer(const char *containerId) -> int
+{
+ return 0;
+}
+
+auto Sandbox::PurgeExec(const char *containerId, const char *execId) -> int
+{
+ return 0;
+}
+
}
\ No newline at end of file
diff --git a/test/mocks/sandbox_mock.h b/test/mocks/sandbox_mock.h
index 98f40ad2..4908bcd9 100644
--- a/test/mocks/sandbox_mock.h
+++ b/test/mocks/sandbox_mock.h
@@ -58,6 +58,15 @@ public:
MOCK_METHOD2(Stop, bool(uint32_t timeoutSecs, Errors &error));
MOCK_METHOD1(Remove, bool(Errors &error));
MOCK_METHOD1(Status, void(runtime::v1::PodSandboxStatus &status));
+
+ MOCK_METHOD0(LoadSandboxTasks, void());
+ MOCK_METHOD4(PrepareContainer, int(const char *containerId, const char *baseFs,
+ const oci_runtime_spec *ociSpec,
+ const char *consoleFifos[]));
+ MOCK_METHOD4(PrepareExec, int(const char *containerId, const char *execId,
+ defs_process *processSpec, const char *consoleFifos[]));
+ MOCK_METHOD1(PurgeContainer, int(const char *containerId));
+ MOCK_METHOD2(PurgeExec, int(const char *containerId, const char *execId));
};
void MockSandbox_SetMock(MockSandbox *mock);
diff --git a/test/mocks/sandboxer_sandbox_mock.cc b/test/mocks/sandboxer_sandbox_mock.cc
index cce58842..6ebe2820 100644
--- a/test/mocks/sandboxer_sandbox_mock.cc
+++ b/test/mocks/sandboxer_sandbox_mock.cc
@@ -33,40 +33,39 @@ void MockSandboxerSandbox_SetMock(MockSandboxerSandbox *mock)
void SandboxerSandbox::LoadSandboxTasks() {}
-auto SandboxerSandbox::SaveSandboxTasks() -> bool
+auto SandboxerSandbox::PrepareContainer(const char *containerId, const char *baseFs,
+ const oci_runtime_spec *ociSpec,
+ const char *consoleFifos[]) -> int
{
if (g_sandboxer_sandbox_mock != nullptr) {
- return g_sandboxer_sandbox_mock->SaveSandboxTasks();
+ return g_sandboxer_sandbox_mock->PrepareContainer(containerId, baseFs, ociSpec, consoleFifos);
}
- return true;
-}
+ return 0;
+}
-auto SandboxerSandbox::AddSandboxTasks(sandbox_task *task) -> bool
+auto SandboxerSandbox::PrepareExec(const char *containerId, const char *execId,
+ defs_process *processSpec, const char *consoleFifos[]) -> int
{
if (g_sandboxer_sandbox_mock != nullptr) {
- return g_sandboxer_sandbox_mock->AddSandboxTasks(task);
+ return g_sandboxer_sandbox_mock->PrepareExec(containerId, execId, processSpec, consoleFifos);
}
- return true;
-}
+ return 0;
+}
-auto SandboxerSandbox::GetAnySandboxTasks() -> std::string
+auto SandboxerSandbox::PurgeContainer(const char *containerId) -> int
{
if (g_sandboxer_sandbox_mock != nullptr) {
- return g_sandboxer_sandbox_mock->GetAnySandboxTasks();
+ return g_sandboxer_sandbox_mock->PurgeContainer(containerId);
}
- return std::string("Nothing for sandboxer.");
+ return 0;
}
-void SandboxerSandbox::DeleteSandboxTasks(const char *containerId) {}
-
-auto SandboxerSandbox::AddSandboxTasksProcess(const char *containerId, sandbox_process *processes) -> bool
+auto SandboxerSandbox::PurgeExec(const char *containerId, const char *execId) -> int
{
if (g_sandboxer_sandbox_mock != nullptr) {
- return g_sandboxer_sandbox_mock->AddSandboxTasksProcess(containerId, processes);
+ return g_sandboxer_sandbox_mock->PurgeExec(containerId, execId);
}
- return true;
+ return 0;
}
-void SandboxerSandbox::DeleteSandboxTasksProcess(const char *containerId, const char *execId) {}
-
}
\ No newline at end of file
diff --git a/test/mocks/sandboxer_sandbox_mock.h b/test/mocks/sandboxer_sandbox_mock.h
index 4f76e5fc..020fe4d6 100644
--- a/test/mocks/sandboxer_sandbox_mock.h
+++ b/test/mocks/sandboxer_sandbox_mock.h
@@ -28,12 +28,13 @@ public:
virtual ~MockSandboxerSandbox() = default;
MOCK_METHOD0(LoadSandboxTasks, void());
- MOCK_METHOD0(SaveSandboxTasks, bool());
- MOCK_METHOD1(AddSandboxTasks, bool(sandbox_task *task));
- MOCK_METHOD0(GetAnySandboxTasks, std::string());
- MOCK_METHOD1(DeleteSandboxTasks, void(const char *containerId));
- MOCK_METHOD2(AddSandboxTasksProcess, bool(const char *containerId, sandbox_process *processes));
- MOCK_METHOD2(DeleteSandboxTasksProcess, void(const char *containerId, const char *execId));
+ MOCK_METHOD4(PrepareContainer, int(const char *containerId, const char *baseFs,
+ const oci_runtime_spec *ociSpec,
+ const char *consoleFifos[]));
+ MOCK_METHOD4(PrepareExec, int(const char *containerId, const char *execId,
+ defs_process *processSpec, const char *consoleFifos[]));
+ MOCK_METHOD1(PurgeContainer, int(const char *containerId));
+ MOCK_METHOD2(PurgeExec, int(const char *containerId, const char *execId));
};
void MockSandboxerSandbox_SetMock(MockSandboxerSandbox *mock);
diff --git a/test/mocks/shim_sandbox_mock.cc b/test/mocks/shim_sandbox_mock.cc
deleted file mode 100644
index ccefb424..00000000
--- a/test/mocks/shim_sandbox_mock.cc
+++ /dev/null
@@ -1,72 +0,0 @@
-/******************************************************************************
- * Copyright (c) Huawei Technologies Co., Ltd. 2023. All rights reserved.
- * iSulad licensed under the Mulan PSL v2.
- * You can use this software according to the terms and conditions of the Mulan PSL v2.
- * You may obtain a copy of Mulan PSL v2 at:
- * http://license.coscl.org.cn/MulanPSL2
- * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
- * PURPOSE.
- * See the Mulan PSL v2 for more details.
- * Author: liuxu
- * Create: 2024-11-21
- * Description: provide sandbox mock
- ******************************************************************************/
-
-#include <gmock/gmock.h>
-#include "shim_sandbox_mock.h"
-
-namespace sandbox {
-MockShimSandbox *g_shim_sandbox_mock = nullptr;
-
-ShimSandbox::ShimSandbox(const std::string id, const std::string &rootdir, const std::string &statedir, const std::string name,
- const RuntimeInfo info, std::string netMode, std::string netNsPath, const runtime::v1::PodSandboxConfig sandboxConfig,
- std::string image):Sandbox(id, rootdir, statedir, name, info, netMode,
- netNsPath, sandboxConfig, image)
-{
-}
-
-void MockShimSandbox_SetMock(MockShimSandbox *mock)
-{
- g_shim_sandbox_mock = mock;
-}
-
-void ShimSandbox::LoadSandboxTasks() {}
-
-auto ShimSandbox::SaveSandboxTasks() -> bool
-{
- if (g_shim_sandbox_mock != nullptr) {
- return g_shim_sandbox_mock->SaveSandboxTasks();
- }
- return true;
-}
-
-auto ShimSandbox::AddSandboxTasks(sandbox_task *task) -> bool
-{
- if (g_shim_sandbox_mock != nullptr) {
- return g_shim_sandbox_mock->AddSandboxTasks(task);
- }
- return true;
-}
-
-auto ShimSandbox::GetAnySandboxTasks() -> std::string
-{
- if (g_shim_sandbox_mock != nullptr) {
- return g_shim_sandbox_mock->GetAnySandboxTasks();
- }
- return std::string("Nothing for shim.");
-}
-
-void ShimSandbox::DeleteSandboxTasks(const char *containerId) {}
-
-auto ShimSandbox::AddSandboxTasksProcess(const char *containerId, sandbox_process *processes) -> bool
-{
- if (g_shim_sandbox_mock != nullptr) {
- return g_shim_sandbox_mock->AddSandboxTasksProcess(containerId, processes);
- }
- return true;
-}
-
-void ShimSandbox::DeleteSandboxTasksProcess(const char *containerId, const char *execId) {}
-
-}
\ No newline at end of file
diff --git a/test/mocks/shim_sandbox_mock.h b/test/mocks/shim_sandbox_mock.h
deleted file mode 100644
index 1b16a4cc..00000000
--- a/test/mocks/shim_sandbox_mock.h
+++ /dev/null
@@ -1,43 +0,0 @@
-/******************************************************************************
- * Copyright (c) Huawei Technologies Co., Ltd. 2023. All rights reserved.
- * iSulad licensed under the Mulan PSL v2.
- * You can use this software according to the terms and conditions of the Mulan PSL v2.
- * You may obtain a copy of Mulan PSL v2 at:
- * http://license.coscl.org.cn/MulanPSL2
- * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
- * PURPOSE.
- * See the Mulan PSL v2 for more details.
- * Author: liuxu
- * Create: 2024-11-21
- * Description: provide sandbox mock
- ******************************************************************************/
-
-#ifndef _ISULAD_TEST_MOCKS_SHIM_SANDBOX_MOCK_H
-#define _ISULAD_TEST_MOCKS_SHIM_SANDBOX_MOCK_H
-
-#include <gmock/gmock.h>
-#include "sandbox_mock.h"
-#include "shim_sandbox.h"
-
-namespace sandbox {
-
-class MockShimSandbox : public MockSandbox {
-public:
- MockShimSandbox() = default;
- virtual ~MockShimSandbox() = default;
-
- MOCK_METHOD0(LoadSandboxTasks, void());
- MOCK_METHOD0(SaveSandboxTasks, bool());
- MOCK_METHOD1(AddSandboxTasks, bool(sandbox_task *task));
- MOCK_METHOD0(GetAnySandboxTasks, std::string());
- MOCK_METHOD1(DeleteSandboxTasks, void(const char *containerId));
- MOCK_METHOD2(AddSandboxTasksProcess, bool(const char *containerId, sandbox_process *processes));
- MOCK_METHOD2(DeleteSandboxTasksProcess, void(const char *containerId, const char *execId));
-};
-
-void MockShimSandbox_SetMock(MockShimSandbox *mock);
-
-}
-
-#endif
diff --git a/test/sandbox/sandbox/CMakeLists.txt b/test/sandbox/sandbox/CMakeLists.txt
index 9ee67033..6dd6c3ee 100644
--- a/test/sandbox/sandbox/CMakeLists.txt
+++ b/test/sandbox/sandbox/CMakeLists.txt
@@ -16,7 +16,6 @@ add_executable(${EXE}
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/sandbox/sandbox_task.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/sandbox/controller_manager.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/sandbox/sandboxer/controller/sandboxer_controller.cc
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/sandbox/shim/shim_sandbox.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/common/id_name_manager.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/config/isulad_config.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../test/sandbox/controller/controller_common.cc
diff --git a/test/sandbox/sandbox/sandbox_ut.cc b/test/sandbox/sandbox/sandbox_ut.cc
index 192d46ef..dd84d8fb 100644
--- a/test/sandbox/sandbox/sandbox_ut.cc
+++ b/test/sandbox/sandbox/sandbox_ut.cc
@@ -16,7 +16,6 @@
#include <gtest/gtest.h>
#include "sandbox.h"
-#include "shim_sandbox.h"
namespace sandbox {
@@ -41,7 +40,7 @@ TEST_F(SandboxTest, TestDefaultGetters)
std::string name = "test";
RuntimeInfo info = {"runc", "shim", "kuasar"};
- auto sandbox = new ShimSandbox(id, rootdir, statedir, name, info);
+ auto sandbox = new Sandbox(id, rootdir, statedir, name, info);
ASSERT_NE(sandbox, nullptr);
ASSERT_EQ(sandbox->IsReady(), false);
@@ -67,7 +66,7 @@ TEST_F(SandboxTest, TestGettersAndSetters)
std::string statedir = "/test2/statedir";
std::string mode = "host";
- auto sandbox = new ShimSandbox(id, rootdir, statedir);
+ auto sandbox = new Sandbox(id, rootdir, statedir);
ASSERT_NE(sandbox, nullptr);
sandbox->SetNetMode(mode);
diff --git a/test/sandbox/sandbox_manager/CMakeLists.txt b/test/sandbox/sandbox_manager/CMakeLists.txt
index 9254263c..a7dd8c9d 100644
--- a/test/sandbox/sandbox_manager/CMakeLists.txt
+++ b/test/sandbox/sandbox_manager/CMakeLists.txt
@@ -12,7 +12,6 @@ add_executable(${EXE}
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cpputils/read_write_lock.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cpputils/transform.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/sandbox_mock.cc
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/shim_sandbox_mock.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/sandboxer_sandbox_mock.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/sandbox/sandbox_manager.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/common/id_name_manager.c
--
2.23.0

135
0169-add-image-storage-unit-test.patch Normal file
View File

@ -0,0 +1,135 @@
From 7dfa69162cd5ef01592808df555626a0688e6f4c Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 11 Dec 2024 19:09:20 +1400
Subject: [PATCH 03/11] add image storage unit test
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
.../oci/storage/image_store/image_store.c | 4 +-
test/image/oci/storage/images/CMakeLists.txt | 2 +
.../oci/storage/images/storage_images_ut.cc | 51 +++++++++++++++++++
3 files changed, 56 insertions(+), 1 deletion(-)
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c
index afe53764..71bf36e0 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c
+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c
@@ -27,6 +27,8 @@
#include <pthread.h>
#include <stdlib.h>
+#include <isula_libutils/utils_macro.h>
+
#include "utils.h"
#include "utils_file.h"
#include "utils_images.h"
@@ -3004,7 +3006,7 @@ static int do_append_image(storage_image *im)
return 0;
}
-static void strip_host_prefix(char **name)
+STATIC void strip_host_prefix(char **name)
{
char *new_image_name = NULL;
diff --git a/test/image/oci/storage/images/CMakeLists.txt b/test/image/oci/storage/images/CMakeLists.txt
index 28e0b505..04e60a69 100644
--- a/test/image/oci/storage/images/CMakeLists.txt
+++ b/test/image/oci/storage/images/CMakeLists.txt
@@ -2,6 +2,8 @@ project(iSulad_UT)
SET(EXE storage_images_ut)
+add_definitions(-DUNIT_TEST=ON)
+
add_executable(${EXE}
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../src/utils/cutils/utils.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../src/utils/cutils/utils_regex.c
diff --git a/test/image/oci/storage/images/storage_images_ut.cc b/test/image/oci/storage/images/storage_images_ut.cc
index ad0084d6..15da586e 100644
--- a/test/image/oci/storage/images/storage_images_ut.cc
+++ b/test/image/oci/storage/images/storage_images_ut.cc
@@ -46,6 +46,10 @@ using ::testing::AtLeast;
using ::testing::Invoke;
using ::testing::_;
+extern "C" {
+ void strip_host_prefix(char **name);
+}
+
std::string GetDirectory()
{
char abs_path[PATH_MAX] { 0x00 };
@@ -299,11 +303,13 @@ protected:
ASSERT_EQ(image_store_init(&opts), 0);
free(opts.storage_root);
free(opts.driver_name);
+ MockIsuladConf_SetMock(&m_isulad_conf);
}
void TearDown() override
{
image_store_free();
+ MockIsuladConf_SetMock(nullptr);
}
void BackUp()
@@ -325,6 +331,7 @@ protected:
std::vector<std::string> ids { "39891ff67da98ab8540d71320915f33d2eb80ab42908e398472cab3c1ce7ac10",
"e4db68de4ff27c2adfea0c54bbb73a61a42f5b667c326de4d7d5b19ab71c6a3b" };
char store_real_path[PATH_MAX] = { 0x00 };
+ NiceMock<MockIsuladConf> m_isulad_conf;
};
TEST_F(StorageImagesUnitTest, test_images_load)
@@ -714,3 +721,47 @@ TEST_F(StorageImagesUnitTest, test_image_store_remove_multi_name)
Restore();
}
+
+static isulad_daemon_constants *g_test_isulad_daemon_constants = NULL;
+
+isulad_daemon_constants *invoke_get_isulad_daemon_constants(void)
+{
+ g_test_isulad_daemon_constants = (isulad_daemon_constants *)util_common_calloc_s(sizeof(isulad_daemon_constants));
+ if (g_test_isulad_daemon_constants == NULL) {
+ return NULL;
+ }
+ g_test_isulad_daemon_constants->default_host = util_strdup_s("docker.io");
+
+ return g_test_isulad_daemon_constants;
+}
+
+TEST_F(StorageImagesUnitTest, test_strip_host_prefix)
+{
+ char *name = util_strdup_s("docker.io/test_image");
+ std::string test_name = "test_image";
+ std::string test_name_origin = "docker.io/test_image";
+ char *null_name = NULL;
+
+ strip_host_prefix(&name);
+ ASSERT_STREQ(name, test_name_origin.c_str());
+
+ EXPECT_CALL(m_isulad_conf, GetIsuladDaemonConstants()).WillRepeatedly(Invoke(invoke_get_isulad_daemon_constants));
+
+ strip_host_prefix(&name);
+ ASSERT_STREQ(name, test_name.c_str());
+
+ strip_host_prefix(&null_name);
+ ASSERT_EQ(null_name, nullptr);
+
+ free(name);
+ free_isulad_daemon_constants(g_test_isulad_daemon_constants);
+}
+
+#ifdef ENABLE_REMOTE_LAYER_STORE
+TEST_F(StorageImagesUnitTest, test_remote_layer_common)
+{
+ ASSERT_EQ(remote_append_image_by_directory_with_lock(NULL), -1);
+ ASSERT_EQ(remote_remove_image_from_memory_with_lock(NULL), -1);
+ ASSERT_EQ(remote_image_get_top_layer_from_json(NULL), nullptr);
+}
+#endif
--
2.23.0

165
0170-fix-some-bad-code.patch Normal file
View File

@ -0,0 +1,165 @@
From 0340a8248e8a4fb133ab3638679755d8590dafae Mon Sep 17 00:00:00 2001
From: xuxuepeng <xuxuepeng1@huawei.com>
Date: Wed, 11 Dec 2024 13:03:21 +0800
Subject: [PATCH 04/11] fix some bad code
Signed-off-by: xuxuepeng <xuxuepeng1@huawei.com>
---
.../storage/layer_store/graphdriver/driver.c | 19 +++++----------
.../graphdriver/overlay2/driver_overlay2.c | 24 ++++++++++++++-----
2 files changed, 24 insertions(+), 19 deletions(-)
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c
index 94235b80..99fd573c 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c
@@ -121,36 +121,31 @@ static inline void driver_unlock()
int graphdriver_init(const struct storage_module_init_options *opts)
{
- int ret = 0;
size_t i = 0;
char driver_home[PATH_MAX] = { 0 };
if (opts == NULL || opts->storage_root == NULL || opts->driver_name == NULL) {
- ret = -1;
- goto out;
+ return -1;
}
int nret = snprintf(driver_home, PATH_MAX, "%s/%s", opts->storage_root, opts->driver_name);
if (nret < 0 || (size_t)nret >= PATH_MAX) {
ERROR("Sprintf graph driver path failed");
- ret = -1;
- goto out;
+ return -1;
}
for (i = 0; i < g_numdrivers; i++) {
if (strcmp(opts->driver_name, g_drivers[i].name) == 0) {
if (pthread_rwlock_init(&(g_drivers[i].rwlock), NULL) != 0) {
ERROR("Failed to init driver rwlock");
- ret = -1;
- goto out;
+ return -1;
}
#ifdef ENABLE_REMOTE_LAYER_STORE
g_drivers[i].enable_remote_layer = opts->enable_remote_layer;
#endif
if (g_drivers[i].ops->init(&g_drivers[i], driver_home, (const char **)opts->driver_opts,
opts->driver_opts_len) != 0) {
- ret = -1;
- goto out;
+ return -1;
}
g_graphdriver = &g_drivers[i];
break;
@@ -159,12 +154,10 @@ int graphdriver_init(const struct storage_module_init_options *opts)
if (i == g_numdrivers) {
ERROR("unsupported driver %s", opts->driver_name);
- ret = -1;
- goto out;
+ return -1;
}
-out:
- return ret;
+ return 0;
}
int graphdriver_create_rw(const char *id, const char *parent, struct driver_create_opts *create_opts)
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
index 6d45f463..cc24909a 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
@@ -64,6 +64,9 @@ struct io_read_wrapper;
#define QUOTA_SIZE_OPTION "overlay2.size"
#define QUOTA_BASESIZE_OPTIONS "overlay2.basesize"
+#define OVERRIDE_KERNELCHECK_OPTIONS "overlay2.override_kernel_check"
+#define SKIP_MOUNT_HOME_OPTIONS "overlay2.skip_mount_home"
+#define MOUNT_OPTIONS "overlay2.mountopt"
// MAX_LAYER_ID_LENGTH represents the number of random characters which can be used to create the unique link identifer
// for every layer. If this value is too long then the page size limit for the mount command may be exceeded.
// The idLength should be selected such that following equation is true (512 is a buffer for label metadata).
@@ -150,7 +153,7 @@ static int overlay2_parse_options(struct graphdriver *driver, const char **optio
goto out;
}
overlay_opts->default_quota = converted;
- } else if (strcasecmp(dup, "overlay2.override_kernel_check") == 0) {
+ } else if (strcasecmp(dup, OVERRIDE_KERNELCHECK_OPTIONS) == 0) {
bool converted_bool = 0;
ret = util_str_to_bool(val, &converted_bool);
if (ret != 0) {
@@ -160,7 +163,7 @@ static int overlay2_parse_options(struct graphdriver *driver, const char **optio
goto out;
}
overlay_opts->override_kernelcheck = converted_bool;
- } else if (strcasecmp(dup, "overlay2.skip_mount_home") == 0) {
+ } else if (strcasecmp(dup, SKIP_MOUNT_HOME_OPTIONS) == 0) {
bool converted_bool = 0;
ret = util_str_to_bool(val, &converted_bool);
if (ret != 0) {
@@ -170,7 +173,7 @@ static int overlay2_parse_options(struct graphdriver *driver, const char **optio
goto out;
}
overlay_opts->skip_mount_home = converted_bool;
- } else if (strcasecmp(dup, "overlay2.mountopt") == 0) {
+ } else if (strcasecmp(dup, MOUNT_OPTIONS) == 0) {
overlay_opts->mount_options = util_strdup_s(val);
} else {
ERROR("Overlay2: unknown option: '%s'", dup);
@@ -693,6 +696,10 @@ static char *get_lower(const char *parent, const char *driver_home)
goto out;
}
+ /*
+ * lower format: "l/5697636c0104156cb2bd94be25", so "/" and "\0" must be
+ * counted in the size for snprintf.
+ */
lower_len = strlen(OVERLAY_LINK_DIR) + 1 + strlen(parent_link) + 1;
parent_lower_file = util_path_join(parent_dir, OVERLAY_LAYER_LOWER);
@@ -707,6 +714,11 @@ static char *get_lower(const char *parent, const char *driver_home)
ERROR("parent lower %s too large", parent_link_file);
goto out;
}
+ /*
+ * with parent link, the lower format will be like
+ * "l/5697636c0104156cb2bd94be25:l/df53b618a57bb50a61755b5623",
+ * so ":" must be counted.
+ */
lower_len = lower_len + strlen(parent_lowers) + 1;
}
@@ -911,7 +923,7 @@ static int do_create_remote_ro(const char *id, const char *parent, const struct
#ifdef ENABLE_USERNS_REMAP
if (set_file_owner_for_userns_remap(layer_dir, userns_remap) != 0) {
ERROR("Unable to change directory %s owner for user remap.", layer_dir);
- goto out;
+ goto err_out;
}
#endif
@@ -977,7 +989,7 @@ static int do_create(const char *id, const char *parent, const struct graphdrive
if (set_file_owner_for_userns_remap(layer_dir, userns_remap) != 0) {
ERROR("Unable to change directory %s owner for user remap.", layer_dir);
ret = -1;
- goto out;
+ goto err_out;
}
#endif
@@ -1790,7 +1802,7 @@ out:
return ret;
}
-bool is_valid_layer_link(const char *link_id, const struct graphdriver *driver)
+static bool is_valid_layer_link(const char *link_id, const struct graphdriver *driver)
{
bool valid = false;
char *link_dir = NULL;
--
2.23.0

578
0171-registry-module-code-improve.patch Normal file
View File

@ -0,0 +1,578 @@
From 4f030e07e99dfe996897b69c9d950f3226363afe Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 11 Dec 2024 04:04:45 +1400
Subject: [PATCH 05/11] registry module code improve
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/modules/image/oci/oci_pull.c | 2 +-
.../modules/image/oci/registry/http_request.c | 30 +++-----
.../modules/image/oci/registry/registry.c | 74 +++++++++----------
.../image/oci/registry/registry_apiv1.c | 11 +--
.../image/oci/registry/registry_apiv2.c | 62 +++++-----------
5 files changed, 72 insertions(+), 107 deletions(-)
diff --git a/src/daemon/modules/image/oci/oci_pull.c b/src/daemon/modules/image/oci/oci_pull.c
index 1c486974..245d14fd 100644
--- a/src/daemon/modules/image/oci/oci_pull.c
+++ b/src/daemon/modules/image/oci/oci_pull.c
@@ -105,7 +105,7 @@ static int pull_image(const im_pull_request *request, progress_status_map *progr
options = (registry_pull_options *)util_common_calloc_s(sizeof(registry_pull_options));
if (options == NULL) {
ERROR("Out of memory");
- goto out;
+ return ret;
}
if (request->auth != NULL) {
diff --git a/src/daemon/modules/image/oci/registry/http_request.c b/src/daemon/modules/image/oci/registry/http_request.c
index 80fc2184..b9b29c39 100644
--- a/src/daemon/modules/image/oci/registry/http_request.c
+++ b/src/daemon/modules/image/oci/registry/http_request.c
@@ -16,9 +16,6 @@
#define _GNU_SOURCE /* See feature_test_macros(7) */
#include "http_request.h"
#include <curl/curl.h>
-#include <isula_libutils/json_common.h>
-#include <isula_libutils/log.h>
-#include <isula_libutils/registry_token.h>
#include <pthread.h>
#include <stdbool.h>
#include <stdio.h>
@@ -27,6 +24,10 @@
#include <strings.h>
#include <time.h>
+#include <isula_libutils/json_common.h>
+#include <isula_libutils/log.h>
+#include <isula_libutils/registry_token.h>
+
#include "buffer.h"
#include "certs.h"
#include "err_msg.h"
@@ -128,7 +129,6 @@ static int setup_ssl_config(pull_descriptor *desc, struct http_get_options *opti
options->ssl_verify_host = !desc->skip_tls_verify;
out:
-
free(host);
host = NULL;
@@ -437,16 +437,14 @@ static int setup_common_options(pull_descriptor *desc, struct http_get_options *
if (ret != 0) {
ERROR("Failed setup ssl config");
isulad_try_set_error_message("setup ssl config failed");
- ret = -1;
- goto out;
+ return -1;
}
if (custom_headers != NULL) {
options->custom_headers = util_str_array_dup(custom_headers, util_array_len(custom_headers));
if (options->custom_headers == NULL) {
ERROR("dup headers failed");
- ret = -1;
- goto out;
+ return -1;
}
}
@@ -454,14 +452,10 @@ static int setup_common_options(pull_descriptor *desc, struct http_get_options *
if (ret != 0) {
ERROR("setup auth challenges failed");
isulad_try_set_error_message("setup auth challenges failed");
- ret = -1;
- goto out;
+ return -1;
}
options->debug = false;
-
-out:
-
return ret;
}
@@ -478,21 +472,16 @@ static int setup_get_token_options(pull_descriptor *desc, struct http_get_option
ret = setup_ssl_config(desc, options, url);
if (ret != 0) {
ERROR("Failed setup ssl config");
- ret = -1;
- goto out;
+ return -1;
}
ret = setup_auth_basic(desc, &options->custom_headers);
if (ret != 0) {
ERROR("dup headers failed");
- ret = -1;
- goto out;
+ return -1;
}
options->debug = false;
-
-out:
-
return ret;
}
@@ -526,7 +515,6 @@ static int http_request_buf_options(pull_descriptor *desc, struct http_get_optio
*output = util_strdup_s(output_buffer->contents);
out:
-
buffer_free(output_buffer);
return ret;
diff --git a/src/daemon/modules/image/oci/registry/registry.c b/src/daemon/modules/image/oci/registry/registry.c
index 2e99255a..9a3b59a1 100644
--- a/src/daemon/modules/image/oci/registry/registry.c
+++ b/src/daemon/modules/image/oci/registry/registry.c
@@ -20,13 +20,21 @@
#include <string.h>
#include <limits.h>
#include <errno.h>
+#include <pthread.h>
+#include <stdlib.h>
+
#include <isula_libutils/docker_image_rootfs.h>
#include <isula_libutils/json_common.h>
#include <isula_libutils/oci_image_content_descriptor.h>
#include <isula_libutils/oci_image_manifest.h>
#include <isula_libutils/oci_image_spec.h>
-#include <pthread.h>
-#include <stdlib.h>
+#include <isula_libutils/registry_manifest_schema2.h>
+#include <isula_libutils/registry_manifest_schema1.h>
+#include <isula_libutils/docker_image_config_v2.h>
+#include <isula_libutils/image_manifest_v1_compatibility.h>
+#ifdef ENABLE_IMAGE_SEARCH
+#include <isula_libutils/image_search_image.h>
+#endif
#include "mediatype.h"
#include "isula_libutils/log.h"
@@ -35,13 +43,6 @@
#include "registry_apiv1.h"
#include "certs.h"
#include "auths.h"
-#include "isula_libutils/registry_manifest_schema2.h"
-#include "isula_libutils/registry_manifest_schema1.h"
-#include "isula_libutils/docker_image_config_v2.h"
-#include "isula_libutils/image_manifest_v1_compatibility.h"
-#ifdef ENABLE_IMAGE_SEARCH
-#include "isula_libutils/image_search_image.h"
-#endif
#include "sha256.h"
#include "map.h"
#include "linked_list.h"
@@ -536,7 +537,6 @@ static char *calc_chain_id(char *parent_chain_id, char *diff_id)
full_digest = util_full_digest(digest);
out:
-
free(digest);
digest = NULL;
@@ -797,7 +797,6 @@ static int set_config(pull_descriptor *desc, char *image_id)
}
out:
-
free(config_str);
config_str = NULL;
@@ -812,17 +811,15 @@ static int set_loaded_time(pull_descriptor *desc, char *image_id)
if (!util_get_now_time_stamp(&now)) {
ret = -1;
ERROR("get now time stamp failed");
- goto out;
+ return ret;
}
ret = storage_img_set_loaded_time(image_id, &now);
if (ret != 0) {
ERROR("set loaded time failed");
- goto out;
+ return ret;
}
-out:
-
return ret;
}
@@ -984,7 +981,6 @@ static int parse_docker_config(pull_descriptor *desc)
desc->config.create_time = util_to_timestamp_from_str(config->created);
out:
-
free_docker_image_config_v2(config);
config = NULL;
free(err);
@@ -1084,17 +1080,15 @@ static int fetch_and_parse_config(pull_descriptor *desc)
ret = fetch_config(desc);
if (ret != 0) {
ERROR("fetch config failed");
- goto out;
+ return ret;
}
ret = parse_config(desc);
if (ret != 0) {
ERROR("parse config failed");
- goto out;
+ return ret;
}
-out:
-
return ret;
}
@@ -1110,17 +1104,15 @@ static int fetch_and_parse_manifest(pull_descriptor *desc)
ret = fetch_manifest(desc);
if (ret != 0) {
ERROR("fetch manifest failed");
- goto out;
+ return ret;
}
ret = parse_manifest(desc);
if (ret != 0) {
ERROR("parse manifest failed");
- goto out;
+ return ret;
}
-out:
-
return ret;
}
@@ -2116,6 +2108,26 @@ static void cached_layers_kvfree(void *key, void *value)
return;
}
+static void free_registry_global(registry_global *registry)
+{
+ if (registry == NULL) {
+ return;
+ }
+
+ if (registry->cond_inited) {
+ pthread_cond_destroy(&registry->cond);
+ }
+ if (registry->mutex_inited) {
+ pthread_mutex_destroy(&registry->mutex);
+ }
+ if (registry->image_mutex_inited) {
+ pthread_mutex_destroy(&registry->image_mutex);
+ }
+ map_free(registry->cached_layers);
+ registry->cached_layers = NULL;
+ free(registry);
+}
+
int registry_init(char *auths_dir, char *certs_dir)
{
int ret = 0;
@@ -2160,18 +2172,7 @@ int registry_init(char *auths_dir, char *certs_dir)
out:
if (ret != 0) {
- if (g_shared->cond_inited) {
- pthread_cond_destroy(&g_shared->cond);
- }
- if (g_shared->mutex_inited) {
- pthread_mutex_destroy(&g_shared->mutex);
- }
- if (g_shared->image_mutex_inited) {
- pthread_mutex_destroy(&g_shared->image_mutex);
- }
- map_free(g_shared->cached_layers);
- g_shared->cached_layers = NULL;
- free(g_shared);
+ free_registry_global(g_shared);
g_shared = NULL;
}
@@ -2221,7 +2222,6 @@ int registry_login(registry_login_options *options)
}
out:
-
free_pull_desc(desc);
desc = NULL;
diff --git a/src/daemon/modules/image/oci/registry/registry_apiv1.c b/src/daemon/modules/image/oci/registry/registry_apiv1.c
index 6da24c1d..d45f3876 100644
--- a/src/daemon/modules/image/oci/registry/registry_apiv1.c
+++ b/src/daemon/modules/image/oci/registry/registry_apiv1.c
@@ -18,12 +18,16 @@
#include <stdio.h>
#include <string.h>
#include <limits.h>
-#include <isula_libutils/http_parser.h>
-#include <isula_libutils/json_common.h>
#include <stdbool.h>
#include <stdlib.h>
#include <strings.h>
+#include <isula_libutils/http_parser.h>
+#include <isula_libutils/json_common.h>
+#include <isula_libutils/oci_image_index.h>
+#include <isula_libutils/registry_manifest_list.h>
+#include <isula_libutils/imagetool_search_result.h>
+
#include "registry_type.h"
#include "isula_libutils/log.h"
#include "http.h"
@@ -31,9 +35,6 @@
#include "utils.h"
#include "parser.h"
#include "mediatype.h"
-#include "isula_libutils/oci_image_index.h"
-#include "isula_libutils/registry_manifest_list.h"
-#include "isula_libutils/imagetool_search_result.h"
#include "auths.h"
#include "err_msg.h"
#include "sha256.h"
diff --git a/src/daemon/modules/image/oci/registry/registry_apiv2.c b/src/daemon/modules/image/oci/registry/registry_apiv2.c
index dd49fab7..5d83b425 100644
--- a/src/daemon/modules/image/oci/registry/registry_apiv2.c
+++ b/src/daemon/modules/image/oci/registry/registry_apiv2.c
@@ -18,12 +18,15 @@
#include <stdio.h>
#include <string.h>
#include <limits.h>
-#include <isula_libutils/http_parser.h>
-#include <isula_libutils/json_common.h>
#include <stdbool.h>
#include <stdlib.h>
#include <strings.h>
+#include <isula_libutils/http_parser.h>
+#include <isula_libutils/json_common.h>
+#include <isula_libutils/oci_image_index.h>
+#include <isula_libutils/registry_manifest_list.h>
+
#include "registry_type.h"
#include "isula_libutils/log.h"
#include "http.h"
@@ -31,8 +34,6 @@
#include "utils.h"
#include "parser.h"
#include "mediatype.h"
-#include "isula_libutils/oci_image_index.h"
-#include "isula_libutils/registry_manifest_list.h"
#include "auths.h"
#include "err_msg.h"
#include "sha256.h"
@@ -60,7 +61,6 @@ static void set_body_null_if_exist(char *message)
static int parse_http_header(char *resp_buf, size_t buf_size, struct parsed_http_message *message)
{
char *real_message = NULL;
- int ret = 0;
if (resp_buf == NULL || message == NULL) {
ERROR("Invalid NULL param");
@@ -70,8 +70,7 @@ static int parse_http_header(char *resp_buf, size_t buf_size, struct parsed_http
real_message = strstr(resp_buf, "HTTP/1.1");
if (real_message == NULL) {
ERROR("Failed to parse response, the response do not have HTTP/1.1");
- ret = -1;
- goto out;
+ return -1;
}
set_body_null_if_exist(real_message);
@@ -79,13 +78,10 @@ static int parse_http_header(char *resp_buf, size_t buf_size, struct parsed_http
ret = parse_http(real_message, strlen(real_message), message, HTTP_RESPONSE);
if (ret != 0) {
ERROR("Failed to parse response: %s", real_message);
- ret = -1;
- goto out;
+ return -1;
}
-out:
-
- return ret;
+ return 0;
}
static int parse_challenges(pull_descriptor *desc, char *schema, char *params)
@@ -225,7 +221,6 @@ static void free_parsed_http_message(struct parsed_http_message **message)
(*message)->body = NULL;
free(*message);
*message = NULL;
- return;
}
static struct parsed_http_message *get_parsed_message(char *http_head)
@@ -386,7 +381,7 @@ static int registry_ping(pull_descriptor *desc)
ret = registry_pingv2(desc, "https");
if (ret == 0) {
desc->protocol = util_strdup_s("https");
- goto out;
+ return ret;
}
if (desc->insecure_registry) {
@@ -396,15 +391,13 @@ static int registry_ping(pull_descriptor *desc)
ret = registry_pingv2(desc, "http");
if (ret != 0) {
ERROR("ping %s with http failed", desc->host);
- goto out;
+ return ret;
}
desc->protocol = util_strdup_s("http");
} else {
ERROR("ping %s with https failed", desc->host);
}
-out:
-
return ret;
}
@@ -552,7 +545,6 @@ static int parse_manifest_head(char *http_head, char **content_type, char **dige
}
out:
-
if (ret != 0) {
free(*content_type);
*content_type = NULL;
@@ -584,19 +576,16 @@ static int append_manifests_accepts(char ***custom_headers)
sret = snprintf(accept, MAX_ACCEPT_LEN, "Accept: %s", mediatypes[i]);
if (sret < 0 || (size_t)sret >= MAX_ACCEPT_LEN) {
ERROR("Failed to sprintf accept media type %s", mediatypes[i]);
- ret = -1;
- goto out;
+ return -1;
}
ret = util_array_append(custom_headers, accept);
if (ret != 0) {
ERROR("append accepts failed");
- goto out;
+ return ret;
}
}
-out:
-
return ret;
}
@@ -703,7 +692,6 @@ static int fetch_manifest_list(pull_descriptor *desc, char *file, char **content
}
out:
-
free(http_head);
http_head = NULL;
util_free_array(custom_headers);
@@ -727,7 +715,6 @@ static void try_log_resp_body(char *path, char *file)
ERROR("Get %s response message body: %s", path, body);
}
free(body);
- return;
}
static int fetch_data(pull_descriptor *desc, char *path, char *file, char *content_type, char *digest)
@@ -1009,25 +996,22 @@ static int fetch_manifest_data(pull_descriptor *desc, char *file, char **content
ERROR("select manifest failed, manifests:%s", manifest_text);
free(manifest_text);
manifest_text = NULL;
- goto out;
+ return ret;
}
sret = snprintf(path, sizeof(path), "/v2/%s/manifests/%s", desc->name, *digest);
if (sret < 0 || (size_t)sret >= sizeof(path)) {
ERROR("Failed to sprintf path for manifest");
- ret = -1;
- goto out;
+ return -1;
}
ret = fetch_data(desc, path, file, *content_type, *digest);
if (ret != 0) {
ERROR("registry: Get %s failed", path);
- goto out;
+ return ret;
}
}
-out:
-
return ret;
}
@@ -1096,20 +1080,17 @@ int fetch_config(pull_descriptor *desc)
sret = snprintf(path, sizeof(path), "/v2/%s/blobs/%s", desc->name, desc->config.digest);
if (sret < 0 || (size_t)sret >= sizeof(path)) {
ERROR("Failed to sprintf path for config");
- ret = -1;
- goto out;
+ return -1;
}
ret = fetch_data(desc, path, file, desc->config.media_type, desc->config.digest);
if (ret != 0) {
ERROR("registry: Get %s failed", path);
- goto out;
+ return ret;
}
desc->config.file = util_strdup_s(file);
-out:
-
return ret;
}
@@ -1141,18 +1122,15 @@ int fetch_layer(pull_descriptor *desc, size_t index)
sret = snprintf(path, sizeof(path), "/v2/%s/blobs/%s", desc->name, layer->digest);
if (sret < 0 || (size_t)sret >= sizeof(path)) {
ERROR("Failed to sprintf path for layer %zu, name %s, digest %s", index, desc->name, layer->digest);
- ret = -1;
- goto out;
+ return -1;
}
ret = fetch_data(desc, path, file, layer->media_type, layer->digest);
if (ret != 0) {
ERROR("registry: Get %s failed", path);
- goto out;
+ return ret;
}
-out:
-
return ret;
}
@@ -1185,7 +1163,6 @@ int parse_login(char *http_head, char *host)
}
out:
-
free_parsed_http_message(&message);
return ret;
@@ -1230,7 +1207,6 @@ int login_to_registry(pull_descriptor *desc)
goto out;
}
out:
-
free(resp_buffer);
resp_buffer = NULL;
--
2.23.0

147
0172-image-store-fix-code-style.patch Normal file
View File

@ -0,0 +1,147 @@
From 02a8be62cc7c1a492be5c9bc1fdf816b7d223b96 Mon Sep 17 00:00:00 2001
From: zhongjiawei <zhongjiawei1@huawei.com>
Date: Wed, 11 Dec 2024 15:48:55 +0800
Subject: [PATCH 06/11] image store:fix code style
---
.../oci/storage/image_store/image_store.c | 29 +++++++++----------
.../oci/storage/image_store/image_store.h | 9 +++---
.../oci/storage/image_store/image_type.c | 6 ++--
.../oci/storage/image_store/image_type.h | 6 ++--
4 files changed, 25 insertions(+), 25 deletions(-)
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c
index 71bf36e0..1909e7f7 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c
+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c
@@ -19,33 +19,34 @@
#include <stdio.h>
#include <string.h>
#include <sha256.h>
+#include <limits.h>
+#include <pthread.h>
+#include <stdlib.h>
+
+#include <isula_libutils/defs.h>
+#include <isula_libutils/log.h>
#include <isula_libutils/storage_image.h>
#include <isula_libutils/imagetool_images_list.h>
#include <isula_libutils/json_common.h>
#include <isula_libutils/auto_cleanup.h>
-#include <limits.h>
-#include <pthread.h>
-#include <stdlib.h>
+#include <isula_libutils/imagetool_image.h>
+#include <isula_libutils/imagetool_image_summary.h>
+#include <isula_libutils/registry_manifest_schema1.h>
+#include <isula_libutils/registry_manifest_schema2.h>
+#include <isula_libutils/oci_image_manifest.h>
+#include <isula_libutils/image_manifest_v1_compatibility.h>
#include <isula_libutils/utils_macro.h>
#include "utils.h"
#include "utils_file.h"
#include "utils_images.h"
-#include "isula_libutils/log.h"
#include "constants.h"
#include "utils_array.h"
#include "utils_string.h"
#include "utils_regex.h"
-#include "isula_libutils/defs.h"
#include "map.h"
#include "utils_convert.h"
-#include "isula_libutils/imagetool_image.h"
-#include "isula_libutils/imagetool_image_summary.h"
-#include "isula_libutils/registry_manifest_schema1.h"
-#include "isula_libutils/registry_manifest_schema2.h"
-#include "isula_libutils/oci_image_manifest.h"
-#include "isula_libutils/image_manifest_v1_compatibility.h"
#include "registry_type.h"
#include "mediatype.h"
#include "storage.h"
@@ -1361,8 +1362,7 @@ int image_store_set_big_data(const char *id, const char *key, const char *data)
if (!image_store_lock(EXCLUSIVE)) {
ERROR("Failed to lock image store with exclusive lock, not allowed to change image big data assignments");
- ret = -1;
- goto out;
+ return -1;
}
img = lookup(id);
@@ -1648,8 +1648,7 @@ int image_store_get_names(const char *id, char ***names, size_t *names_len)
if (!image_store_lock(SHARED)) {
ERROR("Failed to lock image store with shared lock, not allowed to get image names assignments");
- ret = -1;
- goto out;
+ return -1;
}
img = lookup(id);
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.h b/src/daemon/modules/image/oci/storage/image_store/image_store.h
index 4544f84b..82bc1696 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_store.h
+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.h
@@ -18,16 +18,17 @@
#include <stdbool.h>
#include <string.h>
#include <pthread.h>
-#include <isula_libutils/imagetool_fs_info.h>
#include <stdint.h>
+#include <isula_libutils/imagetool_fs_info.h>
+#include <isula_libutils/imagetool_image.h>
+#include <isula_libutils/imagetool_images_list.h>
+#include <isula_libutils/imagetool_image_summary.h>
+
#include "storage.h"
#include "utils_timestamp.h"
#include "map.h"
#include "linked_list.h"
-#include "isula_libutils/imagetool_image.h"
-#include "isula_libutils/imagetool_images_list.h"
-#include "isula_libutils/imagetool_image_summary.h"
#ifdef __cplusplus
extern "C" {
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_type.c b/src/daemon/modules/image/oci/storage/image_store/image_type.c
index 50a81db2..67421cd6 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_type.c
+++ b/src/daemon/modules/image/oci/storage/image_store/image_type.c
@@ -19,11 +19,11 @@
#include <stdlib.h>
#include <stdio.h>
-#include "isula_libutils/storage_image.h"
+#include <isula_libutils/storage_image.h>
+#include <isula_libutils/log.h>
+
#include "util_atomic.h"
#include "utils.h"
-#include "isula_libutils/log.h"
-
#include "utils_images.h"
static image_t *create_empty_image()
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_type.h b/src/daemon/modules/image/oci/storage/image_store/image_type.h
index d8376644..bbf7a7dc 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_type.h
+++ b/src/daemon/modules/image/oci/storage/image_store/image_type.h
@@ -19,9 +19,9 @@
#include <stdint.h>
#include <pthread.h>
-#include "isula_libutils/storage_image.h"
-#include "isula_libutils/log.h"
-#include "isula_libutils/oci_image_spec.h"
+#include <isula_libutils/storage_image.h>
+#include <isula_libutils/log.h>
+#include <isula_libutils/oci_image_spec.h>
#ifdef __cplusplus
extern "C" {
--
2.23.0

64
0173-bugfix-mem-leak.patch Normal file
View File

@ -0,0 +1,64 @@
From 3144357f7c735e24af180b9352378618ce8b2368 Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Wed, 11 Dec 2024 11:32:06 +0800
Subject: [PATCH 07/11] bugfix: mem leak
Signed-off-by: liuxu <liuxu156@huawei.com>
---
src/daemon/executor/container_cb/execution_network.c | 2 ++
src/daemon/modules/service/inspect_container.c | 2 ++
src/utils/cutils/utils.c | 9 ++++++++-
3 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/src/daemon/executor/container_cb/execution_network.c b/src/daemon/executor/container_cb/execution_network.c
index a145e33a..8e34998c 100644
--- a/src/daemon/executor/container_cb/execution_network.c
+++ b/src/daemon/executor/container_cb/execution_network.c
@@ -1213,6 +1213,8 @@ static int generate_network_element(const char **bridges, const size_t len, defs
defs_map_string_object_networks_element *), len);
if (networks->values == NULL) {
ERROR("Out of memory ");
+ free(networks->keys);
+ networks->keys = NULL;
return -1;
}
diff --git a/src/daemon/modules/service/inspect_container.c b/src/daemon/modules/service/inspect_container.c
index 40cf7aa1..ca3955c6 100644
--- a/src/daemon/modules/service/inspect_container.c
+++ b/src/daemon/modules/service/inspect_container.c
@@ -629,6 +629,8 @@ static int do_transform_cni_to_map(container_network_settings *settings)
util_smart_calloc_s(sizeof(defs_map_string_object_port_bindings_element *), settings->cni_ports_len);
if (result->values == NULL) {
ERROR("Out of memory");
+ free(result->keys);
+ result->keys = NULL;
ret = -1;
goto out;
}
diff --git a/src/utils/cutils/utils.c b/src/utils/cutils/utils.c
index 69f6dbf0..cf207acc 100644
--- a/src/utils/cutils/utils.c
+++ b/src/utils/cutils/utils.c
@@ -1609,10 +1609,17 @@ defs_map_string_object *dup_map_string_empty_object(defs_map_string_object *src)
}
dst->keys = util_smart_calloc_s(sizeof(char *), src->len);
+ if (dst->keys == NULL) {
+ ERROR("Out of memory");
+ ret = -1;
+ goto out;
+ }
dst->values = util_smart_calloc_s(sizeof(defs_map_string_object_element *), src->len);
- if (dst->keys == NULL || dst->values == NULL) {
+ if (dst->values == NULL) {
ERROR("Out of memory");
ret = -1;
+ free(dst->keys);
+ dst->keys = NULL;
goto out;
}
--
2.23.0

25
0174-bugfix-for-parse_http_header.patch Normal file
View File

@ -0,0 +1,25 @@
From 7a3d70dba97facedf1394e65a80f7cc12be8273c Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 18 Dec 2024 16:37:33 +1400
Subject: [PATCH 08/11] bugfix for parse_http_header
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/modules/image/oci/registry/registry_apiv2.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/daemon/modules/image/oci/registry/registry_apiv2.c b/src/daemon/modules/image/oci/registry/registry_apiv2.c
index 5d83b425..7f33646d 100644
--- a/src/daemon/modules/image/oci/registry/registry_apiv2.c
+++ b/src/daemon/modules/image/oci/registry/registry_apiv2.c
@@ -61,6 +61,7 @@ static void set_body_null_if_exist(char *message)
static int parse_http_header(char *resp_buf, size_t buf_size, struct parsed_http_message *message)
{
char *real_message = NULL;
+ int ret = 0;
if (resp_buf == NULL || message == NULL) {
ERROR("Invalid NULL param");
--
2.23.0

244
0175-add-layer-storage-ut-test.patch Normal file
View File

@ -0,0 +1,244 @@
From 96ce67b474de6d6cff1a87cd652ff00dafda7d6e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=AD=A6=E7=A7=AF=E8=B6=85?= <wujichao1@huawei.com>
Date: Tue, 24 Dec 2024 19:39:26 +0800
Subject: [PATCH 11/11] add layer storage ut test
---
test/image/oci/storage/layers/CMakeLists.txt | 1 +
.../oci/storage/layers/storage_layers_ut.cc | 166 +++++++++++++++++-
2 files changed, 165 insertions(+), 2 deletions(-)
diff --git a/test/image/oci/storage/layers/CMakeLists.txt b/test/image/oci/storage/layers/CMakeLists.txt
index e1c76453..c4384e8f 100644
--- a/test/image/oci/storage/layers/CMakeLists.txt
+++ b/test/image/oci/storage/layers/CMakeLists.txt
@@ -148,5 +148,6 @@ target_link_libraries(${LAYER_EXE}
${LIBTAR_LIBRARY}
-lwebsockets -lcrypto -lyajl -larchive ${SELINUX_LIBRARY} -ldevmapper -lz -lcap)
+set_target_properties(${LAYER_EXE} PROPERTIES LINK_FLAGS "-Wl,--wrap,map_new -Wl,--wrap,map_insert -Wl,--wrap,map_search -Wl,--wrap,util_common_calloc_s -Wl,--wrap,util_smart_calloc_s")
add_test(NAME ${LAYER_EXE} COMMAND ${LAYER_EXE} --gtest_output=xml:${LAYER_EXE}-Results.xml)
set_tests_properties(${LAYER_EXE} PROPERTIES TIMEOUT 120)
diff --git a/test/image/oci/storage/layers/storage_layers_ut.cc b/test/image/oci/storage/layers/storage_layers_ut.cc
index 73611fdc..a03f4ce8 100644
--- a/test/image/oci/storage/layers/storage_layers_ut.cc
+++ b/test/image/oci/storage/layers/storage_layers_ut.cc
@@ -29,6 +29,8 @@
#include "storage.h"
#include "layer.h"
#include "driver_quota_mock.h"
+#include "map.h"
+#include "mock.h"
using ::testing::Args;
using ::testing::ByRef;
@@ -41,6 +43,95 @@ using ::testing::AtLeast;
using ::testing::Invoke;
using ::testing::_;
+static int g_map_search_count = 0;
+static int g_map_search_match = 1;
+static int g_map_new_count = 0;
+static int g_map_new_match = 1;
+static int g_map_insert_count = 0;
+static int g_map_insert_match = 1;
+
+extern "C" {
+ DECLARE_WRAPPER_V(map_new, map_t *, (map_type_t kvtype, map_cmp_func comparator, map_kvfree_func kvfree));
+ DEFINE_WRAPPER_V(map_new, map_t *, (map_type_t kvtype, map_cmp_func comparator, map_kvfree_func kvfree), (kvtype, comparator, kvfree));
+ DECLARE_WRAPPER_V(map_insert, bool, (map_t *map, void *key, void *value));
+ DEFINE_WRAPPER_V(map_insert, bool, (map_t *map, void *key, void *value), (map, key, value));
+ DECLARE_WRAPPER_V(map_search, void *, (const map_t *map, void *key));
+ DEFINE_WRAPPER_V(map_search, void *, (const map_t *map, void *key), (map, key));
+
+ DECLARE_WRAPPER_V(util_smart_calloc_s, void *, (size_t size, size_t len));
+ DEFINE_WRAPPER_V(util_smart_calloc_s, void *, (size_t size, size_t len), (size, len));
+ DECLARE_WRAPPER_V(util_common_calloc_s, void *, (size_t size));
+ DEFINE_WRAPPER_V(util_common_calloc_s, void *, (size_t size), (size));
+}
+
+/*
+* Repeatedly calling the function executes the wrapper function and original function in the following order:
+* wrapper function; original function, wrapper function; original function, original function, wrapper function;...
+* Similar to regular queues (1 means wrapper, 0 means original): 1; 0 1; 0 0 1; 0 0 0 1; ...
+* It's used to MOCK a function that repeat permutation.
+* If you want a regular queue, the variables needs to be assigned back to the initial value.
+*/
+static map_t *map_new_return_null(map_type_t kvtype, map_cmp_func comparator, map_kvfree_func kvfree)
+{
+ g_map_new_count++;
+ if (g_map_new_count == g_map_new_match) {
+ g_map_new_match++;
+ g_map_new_count = 0;
+ return nullptr;
+ } else {
+ return __real_map_new(kvtype, comparator, kvfree);
+ }
+}
+
+/*
+* Repeatedly calling the function executes the wrapper function and original function in the following order:
+* wrapper function; original function, wrapper function; original function, original function, wrapper function;...
+* Similar to regular queues (1 means wrapper, 0 means original): 1; 0 1; 0 0 1; 0 0 0 1; ...
+* It's used to MOCK a function that repeat permutation.
+* If you want a regular queue, the variables needs to be assigned back to the initial value.
+*/
+static bool map_insert_return_false(map_t *map, void *key, void *value)
+{
+ g_map_insert_count++;
+ if (g_map_insert_count == g_map_insert_match) {
+ g_map_insert_match++;
+ g_map_insert_count = 0;
+ return false;
+ } else {
+ return __real_map_insert(map, key, value);
+ }
+}
+
+/*
+* Repeatedly calling the function executes the wrapper function and original function in the following order:
+* wrapper function; original function, wrapper function; original function, original function, wrapper function;...
+* Similar to regular queues (1 means wrapper, 0 means original): 1; 0 1; 0 0 1; 0 0 0 1; ...
+* It's used to MOCK a function that repeat permutation.
+* If you want a regular queue, the variables needs to be assigned back to the initial value.
+*/
+void *map_search_fail(const map_t *map, void *key)
+{
+ g_map_search_count++;
+ if (g_map_search_count == g_map_search_match) {
+ g_map_search_match++;
+ g_map_search_count = 0;
+ return nullptr;
+ } else {
+ return __real_map_search(map, key);
+ }
+
+}
+
+void *util_common_calloc_s_fail(size_t size)
+{
+ return nullptr;
+}
+
+void *util_smart_calloc_s_fail(size_t size, size_t len)
+{
+ return nullptr;
+}
+
std::string GetDirectory()
{
char abs_path[PATH_MAX] { 0x00 };
@@ -178,6 +269,7 @@ protected:
std::string isulad_dir = "/tmp/isulad/";
mkdir(isulad_dir.c_str(), 0755);
std::string root_dir = isulad_dir + "data";
+ mkdir(root_dir.c_str(), 0755);
std::string run_dir = isulad_dir + "data/run";
std::string data_dir = GetDirectory() + "/data";
@@ -194,12 +286,40 @@ protected:
opts.storage_root = strdup(real_path);
ASSERT_STRNE(util_clean_path(run_dir.c_str(), real_run_path, sizeof(real_run_path)), nullptr);
opts.storage_run_root = strdup(real_run_path);
- opts.driver_name = strdup("overlay");
opts.driver_opts = static_cast<char **>(util_smart_calloc_s(sizeof(char *), 1));
opts.driver_opts[0] = strdup("overlay2.skip_mount_home=true");
opts.driver_opts_len = 1;
-
+#ifdef ENABLE_REMOTE_LAYER_STORE
+ opts.enable_remote_layer = true;
+#endif
EXPECT_CALL(m_driver_quota_mock, QuotaCtl(_, _, _, _)).WillRepeatedly(Invoke(invokeQuotaCtl));
+
+ opts.driver_name = NULL;
+ ASSERT_EQ(layer_store_init(&opts), -1);
+
+ char over_path_max_driver_name[5000] { 0x00 }; // PATH_MAX = 4096
+ std::memset(over_path_max_driver_name, 'a', 4999);
+ over_path_max_driver_name[4999]= '\0';
+ opts.driver_name = over_path_max_driver_name;
+ ASSERT_EQ(layer_store_init(&opts), -1);
+
+ opts.driver_name = strdup("overlay");
+ MOCK_SET_V(map_new, map_new_return_null);
+ g_map_new_count = 0;
+ g_map_new_match = 1;
+ ASSERT_EQ(layer_store_init(&opts), -1);
+ ASSERT_EQ(layer_store_init(&opts), -1);
+ ASSERT_EQ(layer_store_init(&opts), -1);
+ ASSERT_EQ(layer_store_init(&opts), -1);
+ MOCK_CLEAR(map_new);
+
+ MOCK_SET_V(map_insert, map_insert_return_false);
+ g_map_insert_count = 0;
+ g_map_insert_match = 1;
+ ASSERT_EQ(layer_store_init(&opts), -1);
+ ASSERT_EQ(layer_store_init(&opts), -1);
+ MOCK_CLEAR(map_insert);
+
ASSERT_EQ(layer_store_init(&opts), 0);
free(opts.storage_root);
@@ -238,6 +358,13 @@ TEST_F(StorageLayersUnitTest, test_layers_load)
struct layer_list *layer_list = (struct layer_list *)util_common_calloc_s(sizeof(struct layer_list));
ASSERT_NE(layer_list, nullptr);
+ ASSERT_EQ(layer_store_list(NULL), -1);
+ MOCK_SET_V(util_smart_calloc_s, util_smart_calloc_s_fail);
+ ASSERT_EQ(layer_store_list(layer_list), -1);
+ MOCK_CLEAR(util_smart_calloc_s);
+ MOCK_SET_V(util_common_calloc_s, util_common_calloc_s_fail);
+ ASSERT_EQ(layer_store_list(layer_list), -1);
+ MOCK_CLEAR(util_common_calloc_s);
ASSERT_EQ(layer_store_list(layer_list), 0);
ASSERT_EQ(layer_list->layers_len, 2);
@@ -315,6 +442,18 @@ TEST_F(StorageLayersUnitTest, test_layer_store_by_compress_digest)
std::string id { "9c27e219663c25e0f28493790cc0b88bc973ba3b1686355f221c38a36978ac63" };
struct layer_list *layer_list = (struct layer_list *)util_common_calloc_s(sizeof(struct layer_list));
+ MOCK_SET_V(util_smart_calloc_s, util_smart_calloc_s_fail);
+ ASSERT_EQ(layer_store_by_compress_digest(compress.c_str(), layer_list), -1);
+ MOCK_CLEAR(util_smart_calloc_s);
+ MOCK_SET_V(util_common_calloc_s, util_common_calloc_s_fail);
+ ASSERT_EQ(layer_store_by_compress_digest(compress.c_str(), layer_list), -1);
+ MOCK_CLEAR(util_common_calloc_s);
+ MOCK_SET_V(map_search, map_search_fail);
+ g_map_search_count = 0;
+ g_map_search_match = 1;
+ ASSERT_EQ(layer_store_by_compress_digest(compress.c_str(), layer_list), -1);
+ MOCK_CLEAR(map_search);
+
ASSERT_EQ(layer_store_by_compress_digest(compress.c_str(), layer_list), 0);
ASSERT_EQ(layer_list->layers_len, 1);
@@ -324,3 +463,26 @@ TEST_F(StorageLayersUnitTest, test_layer_store_by_compress_digest)
free_layer_list(layer_list);
}
+
+#ifdef ENABLE_REMOTE_LAYER_STORE
+TEST_F(StorageLayersUnitTest, test_remote_layer_common)
+{
+ ASSERT_EQ(remote_layer_remove_memory_stores_with_lock(NULL), -1);
+ char arr[] = "random_id";
+ const char *random_id = arr;
+ MOCK_SET_V(map_search, map_search_fail);
+ g_map_search_count = 0;
+ g_map_search_match = 1;
+ ASSERT_EQ(remote_layer_remove_memory_stores_with_lock(random_id), 0);
+ MOCK_CLEAR(map_search);
+
+ ASSERT_EQ(remote_load_one_layer(NULL), -1);
+ MOCK_SET_V(map_search, map_search_fail);
+ g_map_search_count = 0;
+ g_map_search_match = 1;
+ ASSERT_EQ(remote_load_one_layer(random_id), -1);
+ MOCK_CLEAR(map_search);
+
+ ASSERT_EQ(remote_load_one_layer(random_id), -1);
+}
+#endif
--
2.23.0

207
0176-add-registry-ut-test.patch Normal file
View File

@ -0,0 +1,207 @@
From cdb0e2b6431b4212b809ab1edf954d6b3a702a20 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=AD=A6=E7=A7=AF=E8=B6=85?= <wujichao1@huawei.com>
Date: Mon, 30 Dec 2024 17:28:23 +0800
Subject: [PATCH 176/198] add registry ut test
---
test/image/oci/registry/CMakeLists.txt | 1 +
test/image/oci/registry/registry_ut.cc | 123 +++++++++++++++++++++++++
2 files changed, 124 insertions(+)
diff --git a/test/image/oci/registry/CMakeLists.txt b/test/image/oci/registry/CMakeLists.txt
index 6166c2d0..d78bb7d3 100644
--- a/test/image/oci/registry/CMakeLists.txt
+++ b/test/image/oci/registry/CMakeLists.txt
@@ -71,5 +71,6 @@ target_include_directories(${EXE} PUBLIC
)
target_link_libraries(${EXE} ${GTEST_BOTH_LIBRARIES} ${GMOCK_LIBRARY} ${GMOCK_MAIN_LIBRARY} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} -lcrypto -lyajl -lz libhttpclient)
+set_target_properties(${EXE} PROPERTIES LINK_FLAGS "-Wl,--wrap,map_new -Wl,--wrap,util_common_calloc_s -Wl,--wrap,pthread_mutex_init -Wl,--wrap,pthread_cond_init")
add_test(NAME ${EXE} COMMAND ${EXE} --gtest_output=xml:${EXE}-Results.xml)
set_tests_properties(${EXE} PROPERTIES TIMEOUT 120)
diff --git a/test/image/oci/registry/registry_ut.cc b/test/image/oci/registry/registry_ut.cc
index 1503ee3b..4eacdb11 100644
--- a/test/image/oci/registry/registry_ut.cc
+++ b/test/image/oci/registry/registry_ut.cc
@@ -27,6 +27,7 @@
#include <gtest/gtest.h>
#include <gmock/gmock.h>
#include <curl/curl.h>
+#include <pthread.h>
#include "utils.h"
#include "utils_array.h"
@@ -45,6 +46,8 @@
#include "auths.h"
#include "oci_image_mock.h"
#include "isulad_config_mock.h"
+#include "map.h"
+#include "mock.h"
using ::testing::Args;
using ::testing::ByRef;
@@ -56,6 +59,55 @@ using ::testing::NotNull;
using ::testing::AtLeast;
using ::testing::Invoke;
+static int g_pthread_mutex_init_count = 0;
+static int g_pthread_mutex_init_match = 1;
+
+extern "C" {
+ DECLARE_WRAPPER_V(map_new, map_t *, (map_type_t kvtype, map_cmp_func comparator, map_kvfree_func kvfree));
+ DEFINE_WRAPPER_V(map_new, map_t *, (map_type_t kvtype, map_cmp_func comparator, map_kvfree_func kvfree), (kvtype, comparator, kvfree));
+ DECLARE_WRAPPER_V(pthread_mutex_init, int, (pthread_mutex_t *__mutex,const pthread_mutexattr_t *__mutexattr));
+ DEFINE_WRAPPER_V(pthread_mutex_init, int, (pthread_mutex_t *__mutex,const pthread_mutexattr_t *__mutexattr), (__mutex, __mutexattr));
+ DECLARE_WRAPPER_V(pthread_cond_init, int, (pthread_cond_t *__restrict __cond,const pthread_condattr_t *__restrict __cond_attr));
+ DEFINE_WRAPPER_V(pthread_cond_init, int, (pthread_cond_t *__restrict __cond,const pthread_condattr_t *__restrict __cond_attr), (__cond, __cond_attr));
+ DECLARE_WRAPPER_V(util_common_calloc_s, void *, (size_t size));
+ DEFINE_WRAPPER_V(util_common_calloc_s, void *, (size_t size), (size));
+}
+
+/*
+*Repeatedly calling the function executes the wrapper function and original function in the following order:
+*wrapper function; original function, wrapper function; original function, original function, wrapper function;...
+*Similar to regular queues (1 means wrapper, 0 means original): 1; 0 1; 0 0 1; 0 0 0 1; ...
+*It's used to MOCK a function that repeat permutation.
+*If you want a regular queue, the variables needs to be assigned back to the initial value.
+*/
+// extern int pthread_mutex_init (pthread_mutex_t *__mutex,const pthread_mutexattr_t *__mutexattr)
+static int failed_pthread_mutex_init(pthread_mutex_t *__mutex,const pthread_mutexattr_t *__mutexattr)
+{
+ g_pthread_mutex_init_count++;
+ if (g_pthread_mutex_init_count == g_pthread_mutex_init_match) {
+ g_pthread_mutex_init_match++;
+ g_pthread_mutex_init_count = 0;
+ return -1;
+ } else {
+ return __real_pthread_mutex_init(__mutex, __mutexattr);
+ }
+}
+
+void *util_common_calloc_s_fail(size_t size)
+{
+ return nullptr;
+}
+
+static int failed_pthread_cond_init(pthread_cond_t *__restrict __cond,const pthread_condattr_t *__restrict __cond_attr)
+{
+ return -1;
+}
+
+static map_t *map_new_return_null(map_type_t kvtype, map_cmp_func comparator, map_kvfree_func kvfree)
+{
+ return nullptr;
+}
+
std::string get_dir()
{
char abs_path[PATH_MAX] { 0x00 };
@@ -655,6 +707,25 @@ TEST_F(RegistryUnitTest, test_pull_v1_image)
ASSERT_EQ(util_mkdir_p(mirror_dir.c_str(), 0700), 0);
ASSERT_EQ(create_certs(mirror_dir), 0);
ASSERT_EQ(init_log(), 0);
+
+ // test utile common calloc fail
+ MOCK_SET_V(util_common_calloc_s, util_common_calloc_s_fail);
+ ASSERT_EQ(registry_init((char *)auths_dir.c_str(), (char *)certs_dir.c_str()), -1);
+ MOCK_CLEAR(util_common_calloc_s);
+ // test pthread mutex init fail
+ MOCK_SET_V(pthread_mutex_init, failed_pthread_mutex_init);
+ g_pthread_mutex_init_count = 0;
+ g_pthread_mutex_init_match = 1;
+ ASSERT_EQ(registry_init((char *)auths_dir.c_str(), (char *)certs_dir.c_str()), -1);
+ ASSERT_EQ(registry_init((char *)auths_dir.c_str(), (char *)certs_dir.c_str()), -1);
+ MOCK_CLEAR(pthread_mutex_init);
+ MOCK_SET_V(pthread_cond_init, failed_pthread_cond_init);
+ ASSERT_EQ(registry_init((char *)auths_dir.c_str(), (char *)certs_dir.c_str()), -1);
+ MOCK_CLEAR(pthread_cond_init);
+ MOCK_SET_V(map_new, map_new_return_null);
+ ASSERT_EQ(registry_init((char *)auths_dir.c_str(), (char *)certs_dir.c_str()), -1);
+ MOCK_CLEAR(map_new);
+
ASSERT_EQ(registry_init((char *)auths_dir.c_str(), (char *)certs_dir.c_str()), 0);
EXPECT_CALL(m_http_mock, HttpRequest(::testing::_, ::testing::_, ::testing::_, ::testing::_))
@@ -665,6 +736,30 @@ TEST_F(RegistryUnitTest, test_pull_v1_image)
ASSERT_EQ(registry_pull(&options), 0);
ASSERT_EQ(registry_pull(&options), 0);
+
+ // test empty options
+ ASSERT_EQ(registry_pull(nullptr), -1);
+
+ // test utile common calloc fail
+ MOCK_SET_V(util_common_calloc_s, util_common_calloc_s_fail);
+ ASSERT_EQ(registry_pull(&options), -1);
+ MOCK_CLEAR(util_common_calloc_s);
+
+ options.dest_image_name = nullptr;
+ ASSERT_EQ(registry_pull(&options), -1);
+ options.dest_image_name = (char *)"quay.io/coreos/etcd:v3.3.17-arm64";
+
+ options.image_name = nullptr;
+ ASSERT_EQ(registry_pull(&options), -1);
+ options.image_name = (char *)"quay.io/coreos/etcd:v3.3.17-arm64";
+
+ // test pthread mutex init fail
+ MOCK_SET_V(pthread_mutex_init, failed_pthread_mutex_init);
+ g_pthread_mutex_init_count = 0;
+ g_pthread_mutex_init_match = 1;
+ ASSERT_EQ(registry_pull(&options), -1);
+ ASSERT_EQ(registry_pull(&options), -1);
+ MOCK_CLEAR(pthread_mutex_init);
}
TEST_F(RegistryUnitTest, test_login)
@@ -690,6 +785,21 @@ TEST_F(RegistryUnitTest, test_login)
options.auth.username = (char *)"test3";
options.auth.password = (char *)"test3";
ASSERT_EQ(registry_login(&options), 0);
+
+ // test empty options
+ ASSERT_EQ(registry_login(nullptr), -1);
+
+ // test utile common calloc fail
+ MOCK_SET_V(util_common_calloc_s, util_common_calloc_s_fail);
+ ASSERT_EQ(registry_login(&options), -1);
+ MOCK_CLEAR(util_common_calloc_s);
+
+ // test pthread mutex init fail
+ MOCK_SET_V(pthread_mutex_init, failed_pthread_mutex_init);
+ g_pthread_mutex_init_count = 0;
+ g_pthread_mutex_init_match = 1;
+ ASSERT_EQ(registry_login(&options), -1);
+ MOCK_CLEAR(pthread_mutex_init);
}
TEST_F(RegistryUnitTest, test_logout)
@@ -699,6 +809,9 @@ TEST_F(RegistryUnitTest, test_logout)
ASSERT_EQ(registry_logout((char *)"test2.com"), 0);
+ // test empty host
+ ASSERT_EQ(registry_logout(nullptr), -1);
+
auth_data = util_read_text_file(auths_file.c_str());
ASSERT_NE(strstr(auth_data, "hub-mirror.c.163.com"), nullptr);
free(auth_data);
@@ -837,6 +950,16 @@ TEST_F(RegistryUnitTest, test_search_image)
ASSERT_EQ(result->results[0]->is_automated, false);
ASSERT_EQ(result->results[0]->is_official, true);
+ // test Invalid NULL param
+ options->search_name = nullptr;
+ ASSERT_EQ(registry_search(options, &result), -1);
+ options->search_name = util_strdup_s("index.docker.io/busybox");
+
+ // test utile common calloc fail
+ MOCK_SET_V(util_common_calloc_s, util_common_calloc_s_fail);
+ ASSERT_EQ(registry_search(options, &result), -1);
+ MOCK_CLEAR(util_common_calloc_s);
+
free_imagetool_search_result(result);
// test not found
--
2.34.1

39
0177-add-loongarch64-support.patch Normal file
View File

@ -0,0 +1,39 @@
From efefd9fb4137ecdf59973e55586a4bc50cff4ad3 Mon Sep 17 00:00:00 2001
From: qiangxuhui <qiangxuhui@loongson.cn>
Date: Mon, 6 Jan 2025 09:46:11 +0800
Subject: [PATCH 177/198] add loongarch64 support
---
src/daemon/modules/spec/specs_security.c | 1 +
src/utils/cutils/utils.c | 3 ++-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/daemon/modules/spec/specs_security.c b/src/daemon/modules/spec/specs_security.c
index b34aec7c..4a71a1b5 100644
--- a/src/daemon/modules/spec/specs_security.c
+++ b/src/daemon/modules/spec/specs_security.c
@@ -332,6 +332,7 @@ static char *seccomp_trans_arch_for_docker(const char *arch)
{ "SCMP_ARCH_PARISC", "parisc" },
{ "SCMP_ARCH_PARISC64", "parisc64" },
{ "SCMP_ARCH_RISCV64", "riscv64" },
+ { "SCMP_ARCH_LOONGARCH64", "loong64" },
{ "SCMP_ARCH_ALL", "all" }
};
for (i = 0; i < sizeof(arch_map) / sizeof(arch_map[0]); i++) {
diff --git a/src/utils/cutils/utils.c b/src/utils/cutils/utils.c
index cf207acc..4db7d9ac 100644
--- a/src/utils/cutils/utils.c
+++ b/src/utils/cutils/utils.c
@@ -1442,7 +1442,8 @@ static void normalized_host_arch(char **host_arch, struct utsname uts)
{ "armhf", "arm" },
{ "armel", "arm" },
{ "mips64le", "mips64le" },
- { "mips64el", "mips64le" }
+ { "mips64el", "mips64le" },
+ { "loongarch64", "loong64" }
};
size_t i = 0;
--
2.34.1

353
0178-add-storage-driver-ut.patch Normal file
View File

@ -0,0 +1,353 @@
From 7321614a1097d4527f5968d1e3c7c1a06f6a9cd4 Mon Sep 17 00:00:00 2001
From: wujichao <wujichao1@huawei.com>
Date: Thu, 9 Jan 2025 16:15:25 +0800
Subject: [PATCH 178/198] add storage driver ut
---
.../graphdriver/overlay2/driver_overlay2.c | 18 +-
test/image/oci/storage/layers/CMakeLists.txt | 2 +
.../oci/storage/layers/storage_driver_ut.cc | 174 ++++++++++++++++--
3 files changed, 169 insertions(+), 25 deletions(-)
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
index cc24909a..2b2e1eb3 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
@@ -26,6 +26,8 @@
#include <stdio.h>
#include <strings.h>
+#include <isula_libutils/utils_macro.h>
+
#include "isula_libutils/log.h"
#ifdef ENABLE_USERNS_REMAP
#include "isulad_config.h"
@@ -828,7 +830,7 @@ out:
return ret;
}
-static int set_layer_quota(const char *dir, const json_map_string_string *opts, const struct graphdriver *driver)
+STATIC int set_layer_quota(const char *dir, const json_map_string_string *opts, const struct graphdriver *driver)
{
int ret = 0;
size_t i = 0;
@@ -875,7 +877,7 @@ out:
}
#ifdef ENABLE_REMOTE_LAYER_STORE
-static int do_create_remote_ro(const char *id, const char *parent, const struct graphdriver *driver,
+STATIC int do_create_remote_ro(const char *id, const char *parent, const struct graphdriver *driver,
const struct driver_create_opts *create_opts)
{
int ret = -1;
@@ -1021,7 +1023,7 @@ out:
return ret;
}
-static int append_default_quota_opts(struct driver_create_opts *ori_opts, uint64_t quota)
+STATIC int append_default_quota_opts(struct driver_create_opts *ori_opts, uint64_t quota)
{
int ret = 0;
int nret = 0;
@@ -1362,7 +1364,7 @@ out:
return ret;
}
-static char *get_mount_opt_data_with_custom_option(size_t cur_size, const char *cur_opts,
+STATIC char *get_mount_opt_data_with_custom_option(size_t cur_size, const char *cur_opts,
const struct driver_mount_opts *mount_opts)
{
int nret = 0;
@@ -1405,7 +1407,7 @@ out:
return mount_data;
}
-static char *get_mount_opt_data_with_driver_option(size_t cur_size, const char *cur_opts, const char *mount_opts)
+STATIC char *get_mount_opt_data_with_driver_option(size_t cur_size, const char *cur_opts, const char *mount_opts)
{
int nret = 0;
char *mount_data = NULL;
@@ -1523,7 +1525,7 @@ out:
return mount_data;
}
-static char *get_rel_mount_opt_data(const char *id, const char *rel_lower_dir, const struct graphdriver *driver,
+STATIC char *get_rel_mount_opt_data(const char *id, const char *rel_lower_dir, const struct graphdriver *driver,
const struct driver_mount_opts *mount_opts)
{
int nret = 0;
@@ -1663,7 +1665,7 @@ out:
return ret;
}
-static int rel_mount(const char *driver_home, const char *id, const char *mount_data)
+STATIC int rel_mount(const char *driver_home, const char *id, const char *mount_data)
{
int ret = 0;
char *mount_target = NULL;
@@ -2151,7 +2153,7 @@ out:
return ret;
}
-static int check_lower_valid(const char *driver_home, const char *lower)
+STATIC int check_lower_valid(const char *driver_home, const char *lower)
{
int ret = 0;
char *abs_path = NULL;
diff --git a/test/image/oci/storage/layers/CMakeLists.txt b/test/image/oci/storage/layers/CMakeLists.txt
index c4384e8f..eae67833 100644
--- a/test/image/oci/storage/layers/CMakeLists.txt
+++ b/test/image/oci/storage/layers/CMakeLists.txt
@@ -5,6 +5,8 @@ add_subdirectory(devmapper)
# storage_driver_ut
SET(DRIVER_EXE storage_driver_ut)
+add_definitions(-DUNIT_TEST=ON)
+
add_executable(${DRIVER_EXE}
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../src/utils/cutils/utils.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../src/utils/cutils/utils_regex.c
diff --git a/test/image/oci/storage/layers/storage_driver_ut.cc b/test/image/oci/storage/layers/storage_driver_ut.cc
index 943fa073..79b29b71 100644
--- a/test/image/oci/storage/layers/storage_driver_ut.cc
+++ b/test/image/oci/storage/layers/storage_driver_ut.cc
@@ -40,6 +40,20 @@ using ::testing::Invoke;
using ::testing::_;
using ::testing::FLAGS_gmock_catch_leaked_mocks;
+extern "C" {
+ int set_layer_quota(const char *dir, const json_map_string_string *opts, const struct graphdriver *driver);
+ int do_create_remote_ro(const char *id, const char *parent, const struct graphdriver *driver,
+ const struct driver_create_opts *create_opts);
+ int append_default_quota_opts(struct driver_create_opts *ori_opts, uint64_t quota);
+ char *get_mount_opt_data_with_custom_option(size_t cur_size, const char *cur_opts,
+ const struct driver_mount_opts *mount_opts);
+ char *get_mount_opt_data_with_driver_option(size_t cur_size, const char *cur_opts, const char *mount_opts);
+ char *get_rel_mount_opt_data(const char *id, const char *rel_lower_dir, const struct graphdriver *driver,
+ const struct driver_mount_opts *mount_opts);
+ int rel_mount(const char *driver_home, const char *id, const char *mount_data);
+ int check_lower_valid(const char *driver_home, const char *lower);
+}
+
std::string GetDirectory()
{
char abs_path[PATH_MAX] { 0x00 };
@@ -121,7 +135,7 @@ protected:
void SetUp() override
{
MockDriverQuota_SetMock(&m_driver_quota_mock);
- std::string isulad_dir { "/tmp/isulad/" };
+ std::string isulad_dir = "/opt/isulad_storege_driver_ut/";
mkdir(isulad_dir.c_str(), 0755);
std::string root_dir = isulad_dir + "data";
std::string run_dir = isulad_dir + "data/run";
@@ -146,15 +160,15 @@ protected:
struct storage_module_init_options *opts = (struct storage_module_init_options *)util_common_calloc_s(sizeof(
struct storage_module_init_options));
- opts->storage_root = strdup(root_dir.c_str());
- opts->storage_run_root = strdup(run_dir.c_str());
- opts->driver_name = strdup("overlay");
+ opts->storage_root = util_strdup_s(root_dir.c_str());
+ opts->storage_run_root = util_strdup_s(run_dir.c_str());
+ opts->driver_name = util_strdup_s("overlay");
opts->driver_opts = (char **)util_common_calloc_s(5 * sizeof(char *));
- opts->driver_opts[0] = strdup("overlay2.basesize=128M");
- opts->driver_opts[1] = strdup("overlay2.override_kernel_check=true");
- opts->driver_opts[2] = strdup("overlay2.skip_mount_home=false");
- opts->driver_opts[3] = strdup("overlay2.mountopt=rw");
- opts->driver_opts[4] = strdup("overlay2.skip_mount_home=true");
+ opts->driver_opts[0] = util_strdup_s("overlay2.basesize=128M");
+ opts->driver_opts[1] = util_strdup_s("overlay2.override_kernel_check=true");
+ opts->driver_opts[2] = util_strdup_s("overlay2.skip_mount_home=false");
+ opts->driver_opts[3] = util_strdup_s("overlay2.mountopt=rw");
+ opts->driver_opts[4] = util_strdup_s("overlay2.skip_mount_home=true");
opts->driver_opts_len = 4;
EXPECT_CALL(m_driver_quota_mock, QuotaCtl(_, _, _, _)).WillRepeatedly(Invoke(invokeQuotaCtl));
@@ -173,7 +187,7 @@ protected:
if (support_overlay) {
ASSERT_EQ(graphdriver_cleanup(), 0);
}
- std::string rm_command = "rm -rf /tmp/isulad/";
+ std::string rm_command = "rm -rf /opt/isulad_storege_driver_ut/";
ASSERT_EQ(system(rm_command.c_str()), 0);
}
@@ -195,6 +209,134 @@ TEST_F(StorageDriverUnitTest, test_graphdriver_layer_exists)
ASSERT_FALSE(graphdriver_layer_exists(incorrectId.c_str()));
}
+TEST_F(StorageDriverUnitTest, test_set_layer_quota)
+{
+ if (!support_overlay) {
+ return;
+ }
+
+ struct driver_create_opts *create_opts = (struct driver_create_opts *)util_common_calloc_s(sizeof(struct driver_create_opts));
+ ASSERT_NE(create_opts, nullptr);
+ create_opts->storage_opt = (json_map_string_string *)util_common_calloc_s(sizeof(json_map_string_string));
+ ASSERT_NE(create_opts->storage_opt, nullptr);
+ create_opts->storage_opt->keys = (char **)util_common_calloc_s(sizeof(char *));
+ create_opts->storage_opt->values = (char **)util_common_calloc_s(sizeof(char *));
+ create_opts->storage_opt->keys[0] = util_strdup_s("size");
+ create_opts->storage_opt->values[0] = util_strdup_s("");
+ create_opts->storage_opt->len = 1;
+ ASSERT_EQ(set_layer_quota("/opt/isulad_storege_driver_ut/", create_opts->storage_opt, nullptr), -1);
+ create_opts->storage_opt->keys[0] = util_strdup_s("notsize");
+ ASSERT_EQ(set_layer_quota("/opt/isulad_storege_driver_ut/", create_opts->storage_opt, nullptr), -1);
+ free_driver_create_opts(create_opts);
+}
+
+#ifdef ENABLE_REMOTE_LAYER_STORE
+TEST_F(StorageDriverUnitTest, test_do_create_remote_ro)
+{
+ if (!support_overlay) {
+ return;
+ }
+
+ struct graphdriver *graph_driver = (struct graphdriver *)util_common_calloc_s(sizeof(struct graphdriver));
+ ASSERT_NE(graph_driver, nullptr);
+ graph_driver->home = nullptr;
+ ASSERT_EQ(do_create_remote_ro(nullptr, nullptr, graph_driver, nullptr), -1);
+ graph_driver->home = "driver_home";
+ ASSERT_EQ(do_create_remote_ro(nullptr, nullptr, graph_driver, nullptr), -1);
+ free(graph_driver);
+}
+#endif
+
+TEST_F(StorageDriverUnitTest, test_append_default_quota_opts)
+{
+ if (!support_overlay) {
+ return;
+ }
+
+ struct driver_create_opts *create_opts = (struct driver_create_opts *)util_common_calloc_s(sizeof(struct driver_create_opts));
+ ASSERT_NE(create_opts, nullptr);
+ create_opts->storage_opt = (json_map_string_string *)util_common_calloc_s(sizeof(json_map_string_string));
+ ASSERT_NE(create_opts->storage_opt, nullptr);
+ create_opts->storage_opt->keys = (char **)util_common_calloc_s(sizeof(char *));
+ create_opts->storage_opt->values = (char **)util_common_calloc_s(sizeof(char *));
+ create_opts->storage_opt->keys[0] = util_strdup_s("size");
+ create_opts->storage_opt->values[0] = util_strdup_s("128M");
+ create_opts->storage_opt->len = 1;
+ ASSERT_EQ(append_default_quota_opts(nullptr, 0), 0);
+ ASSERT_EQ(append_default_quota_opts(create_opts, 134217728), 0); // 134217728 = 128*1024*1024
+ free_driver_create_opts(create_opts);
+}
+
+TEST_F(StorageDriverUnitTest, test_get_mount_opt_data_with_custom_option)
+{
+ if (!support_overlay) {
+ return;
+ }
+
+ struct driver_mount_opts * mount_opts = (struct driver_mount_opts *)util_common_calloc_s(sizeof(struct driver_mount_opts));
+ ASSERT_NE(mount_opts, nullptr);
+ mount_opts->options = (char **)util_common_calloc_s(1 * sizeof(char *));
+ mount_opts->options[0] = util_strdup_s("ro");
+ mount_opts->options_len = 1;
+ size_t cur_size = 0;
+ const char *cur_opts = "cur_opts";
+ ASSERT_EQ(get_mount_opt_data_with_custom_option(cur_size, cur_opts, mount_opts), nullptr);
+ free_driver_mount_opts(mount_opts);
+}
+
+TEST_F(StorageDriverUnitTest, test_get_mount_opt_data_with_driver_option)
+{
+ if (!support_overlay) {
+ return;
+ }
+ struct driver_mount_opts * mount_opts = (struct driver_mount_opts *)util_common_calloc_s(sizeof(struct driver_mount_opts));
+ ASSERT_NE(mount_opts, nullptr);
+ mount_opts->options = (char **)util_common_calloc_s(1 * sizeof(char *));
+ mount_opts->options[0] = util_strdup_s("ro");
+ size_t cur_size = 0;
+ const char *cur_opts = "cur_opts";
+ ASSERT_EQ(get_mount_opt_data_with_driver_option(cur_size, cur_opts, mount_opts->options[0]), nullptr);
+ free_driver_mount_opts(mount_opts);
+}
+
+TEST_F(StorageDriverUnitTest, test_get_rel_mount_opt_data)
+{
+ if (!support_overlay) {
+ return;
+ }
+ std::string id { "9c27e219663c25e0f28493790cc0b88bc973ba3b1686355f221c38a36978ac63" };
+ struct driver_mount_opts * mount_opts = (struct driver_mount_opts *)util_common_calloc_s(sizeof(struct driver_mount_opts));
+ ASSERT_NE(mount_opts, nullptr);
+ mount_opts->options = (char **)util_common_calloc_s(1 * sizeof(char *));
+ mount_opts->options[0] = util_strdup_s("ro");
+ mount_opts->options_len = 1;
+ const char *rel_lower_dir = "rel_lower_dir";
+ std::string res { "ro,lowerdir=rel_lower_dir,upperdir=9c27e219663c25e0f28493790cc0b88bc973ba3b1686355f221c38a36978ac63/diff,workdir=9c27e219663c25e0f28493790cc0b88bc973ba3b1686355f221c38a36978ac63/work" };
+ ASSERT_EQ(get_rel_mount_opt_data(id.c_str(), rel_lower_dir, nullptr, mount_opts), res);
+ free_driver_mount_opts(mount_opts);
+}
+
+TEST_F(StorageDriverUnitTest, test_rel_mount)
+{
+ if (!support_overlay) {
+ return;
+ }
+ const char *mount_data = "mount_data";
+ const char *driver_home = nullptr;
+ std::string id { "9c27e219663c25e0f28493790cc0b88bc973ba3b1686355f221c38a36978ac63" };
+ ASSERT_EQ(rel_mount(driver_home, id.c_str(), mount_data),-1);
+}
+
+TEST_F(StorageDriverUnitTest, test_check_lower_valid)
+{
+ if (!support_overlay) {
+ return;
+ }
+ const char *lower = "lower";
+ const char *driver_home = nullptr;
+ ASSERT_EQ(check_lower_valid(driver_home, lower), -1);
+}
+
TEST_F(StorageDriverUnitTest, test_graphdriver_create_rw)
{
if (!support_overlay) {
@@ -202,17 +344,15 @@ TEST_F(StorageDriverUnitTest, test_graphdriver_create_rw)
}
std::string id { "eb29745b8228e1e97c01b1d5c2554a319c00a94d8dd5746a3904222ad65a13f8" };
- struct driver_create_opts *create_opts;
-
- create_opts = (struct driver_create_opts *)util_common_calloc_s(sizeof(struct driver_create_opts));
+ struct driver_create_opts *create_opts = (struct driver_create_opts *)util_common_calloc_s(sizeof(struct driver_create_opts));
ASSERT_NE(create_opts, nullptr);
create_opts->storage_opt = (json_map_string_string *)util_common_calloc_s(sizeof(json_map_string_string));
ASSERT_NE(create_opts->storage_opt, nullptr);
create_opts->storage_opt->keys = (char **)util_common_calloc_s(sizeof(char *));
create_opts->storage_opt->values = (char **)util_common_calloc_s(sizeof(char *));
- create_opts->storage_opt->keys[0] = strdup("size");
- create_opts->storage_opt->values[0] = strdup("128M");
+ create_opts->storage_opt->keys[0] = util_strdup_s("size");
+ create_opts->storage_opt->values[0] = util_strdup_s("128M");
create_opts->storage_opt->len = 1;
EXPECT_CALL(m_driver_quota_mock, IOCtl(_, _)).WillRepeatedly(Invoke(invokeIOCtl));
@@ -231,7 +371,7 @@ TEST_F(StorageDriverUnitTest, test_graphdriver_mount_layer)
}
std::string id { "9c27e219663c25e0f28493790cc0b88bc973ba3b1686355f221c38a36978ac63" };
- std::string merged_dir = "/tmp/isulad/data/overlay/" + id + "/merged";
+ std::string merged_dir = "/opt/isulad_storege_driver_ut/data/overlay/" + id + "/merged";
struct driver_mount_opts *mount_opts = nullptr;
char* mount_dir = nullptr;
@@ -248,7 +388,7 @@ TEST_F(StorageDriverUnitTest, test_graphdriver_mount_layer)
mount_opts = (struct driver_mount_opts *)util_common_calloc_s(sizeof(struct driver_mount_opts));
ASSERT_NE(mount_opts, nullptr);
mount_opts->options = (char **)util_common_calloc_s(1 * sizeof(char *));
- mount_opts->options[0] = strdup("ro");
+ mount_opts->options[0] = util_strdup_s("ro");
mount_opts->options_len = 1;
FLAGS_gmock_catch_leaked_mocks = false;
--
2.34.1

63
0179-iSulad-support-shim-stats-cmd.patch Normal file
View File

@ -0,0 +1,63 @@
From ab9c9d71482e355e0015ac1c6331849f4ff98ee0 Mon Sep 17 00:00:00 2001
From: zhongjiawei <zhongjiawei1@huawei.com>
Date: Fri, 10 Jan 2025 11:51:52 +0800
Subject: [PATCH 179/198] iSulad: support shim stats cmd
---
src/daemon/modules/runtime/shim/shim_rt_ops.c | 32 +++++++++++++++++--
1 file changed, 29 insertions(+), 3 deletions(-)
diff --git a/src/daemon/modules/runtime/shim/shim_rt_ops.c b/src/daemon/modules/runtime/shim/shim_rt_ops.c
index fce18ade..30b5e442 100644
--- a/src/daemon/modules/runtime/shim/shim_rt_ops.c
+++ b/src/daemon/modules/runtime/shim/shim_rt_ops.c
@@ -779,11 +779,37 @@ int rt_shim_listpids(const char *id, const char *runtime, const rt_listpids_para
return 0;
}
+static void transform_stats_info_from_runtime(struct Stats *stats,
+ struct runtime_container_resources_stats_info *info)
+{
+ if (info == NULL) {
+ return;
+ }
+ info->pids_current = stats->pids_current;
+ info->cpu_use_nanos = stats->cpu_use_nanos;
+ info->cpu_system_use = stats->cpu_system_use;
+ info->mem_used = stats->mem_used;
+ info->mem_limit = stats->mem_limit;
+ info->rss_bytes = stats->rss_bytes;
+ info->inactive_file_total = stats->inactive_file_total;
+ info->page_faults = stats->page_faults;
+ info->major_page_faults = stats->major_page_faults;
+ info->swap_used = stats->swap_used;
+ info->swap_limit = stats->swap_limit;
+ info->blkio_read = stats->blkio_read;
+ info->blkio_write = stats->blkio_write;
+}
+
int rt_shim_resources_stats(const char *id, const char *runtime, const rt_stats_params_t *params,
struct runtime_container_resources_stats_info *rs_stats)
{
- ERROR("rt_shim_resources_stats not impl");
- return -1;
+ struct Stats ss = { 0 };
+ if (shim_v2_stats(id, &ss) != 0) {
+ ERROR("rt_shim_stats failed");
+ return -1;
+ }
+ transform_stats_info_from_runtime(&ss, rs_stats);
+ return 0;
}
int rt_shim_resize(const char *id, const char *runtime, const rt_resize_params_t *params)
@@ -820,4 +846,4 @@ int rt_shim_kill(const char *id, const char *runtime, const rt_kill_params_t *pa
int rt_shim_rebuild_config(const char *name, const char *runtime, const rt_rebuild_config_params_t *params)
{
return 0;
-}
\ No newline at end of file
+}
--
2.34.1

24
0180-fix-storage-driver-ut.patch Normal file
View File

@ -0,0 +1,24 @@
From 0c17c332565f32ea59f67dfc67bf32cda5660372 Mon Sep 17 00:00:00 2001
From: wujichao <wujichao1@huawei.com>
Date: Tue, 14 Jan 2025 14:33:11 +0800
Subject: [PATCH 180/198] fix storage driver ut
---
test/image/oci/storage/layers/storage_driver_ut.cc | 1 +
1 file changed, 1 insertion(+)
diff --git a/test/image/oci/storage/layers/storage_driver_ut.cc b/test/image/oci/storage/layers/storage_driver_ut.cc
index 79b29b71..3a530715 100644
--- a/test/image/oci/storage/layers/storage_driver_ut.cc
+++ b/test/image/oci/storage/layers/storage_driver_ut.cc
@@ -138,6 +138,7 @@ protected:
std::string isulad_dir = "/opt/isulad_storege_driver_ut/";
mkdir(isulad_dir.c_str(), 0755);
std::string root_dir = isulad_dir + "data";
+ mkdir(root_dir.c_str(), 0755);
std::string run_dir = isulad_dir + "data/run";
std::string data_dir = GetDirectory() + "/data";
--
2.34.1

25
0181-apply-patch-for-lib-shim-v2-install.patch Normal file
View File

@ -0,0 +1,25 @@
From 7d181ca89304b78d8db73c0f41eab0bb07488e2b Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sun, 19 Jan 2025 18:09:59 +0800
Subject: [PATCH 181/198] apply patch for lib shim v2 install
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
CI/install_depends.sh | 1 +
1 file changed, 1 insertion(+)
diff --git a/CI/install_depends.sh b/CI/install_depends.sh
index ebeb79db..8b7c7201 100755
--- a/CI/install_depends.sh
+++ b/CI/install_depends.sh
@@ -161,6 +161,7 @@ cd lib-shim-v2
tar xf lib-shim-v2-*
dname=$(tar -tf lib-shim-v2-*.tar.gz | head -1)
cd $dname
+git apply ../0*
mkdir .cargo
cat >> ./.cargo/config << EOF
[source.crates-io]
--
2.34.1

262
0182-fix-error-macro-isolation-memory-leak-and-meanless-r.patch Normal file
View File

@ -0,0 +1,262 @@
From 98ae352fb43f3bf5aa1ac1ea2d3d6cee61cf856e Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 20 Jan 2025 22:44:56 +0800
Subject: [PATCH 182/198] fix error macro isolation/ memory leak and meanless
reply file in sandbox ut
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
test/sandbox/CMakeLists.txt | 2 +-
test/sandbox/controller/CMakeLists.txt | 7 ++++--
.../manager/controller_manager_ut.cc | 17 +++++++-------
.../sandboxer_controller_ut.cc | 1 +
.../controller/shim/shim_controller_ut.cc | 3 +++
test/sandbox/sandbox/CMakeLists.txt | 22 ++++++++++++++-----
test/sandbox/sandbox_manager/CMakeLists.txt | 12 ++++++++--
.../sandbox_manager/sandbox_manager_ut.cc | 2 ++
8 files changed, 48 insertions(+), 18 deletions(-)
diff --git a/test/sandbox/CMakeLists.txt b/test/sandbox/CMakeLists.txt
index 38d7ccb9..1a9fedf6 100644
--- a/test/sandbox/CMakeLists.txt
+++ b/test/sandbox/CMakeLists.txt
@@ -1,6 +1,6 @@
project(iSulad_UT)
-if (ENABLE_SANDBOXER)
+if (ENABLE_CRI_API_V1)
add_subdirectory(controller)
add_subdirectory(sandbox_manager)
add_subdirectory(sandbox)
diff --git a/test/sandbox/controller/CMakeLists.txt b/test/sandbox/controller/CMakeLists.txt
index d201872b..4273c2bd 100644
--- a/test/sandbox/controller/CMakeLists.txt
+++ b/test/sandbox/controller/CMakeLists.txt
@@ -2,6 +2,9 @@ project(iSulad_UT)
list(APPEND grpc_sandbox_type_srcs ${CMAKE_BINARY_DIR}/grpc/src/api/services/cri/v1/api_v1.pb.cc)
list(APPEND grpc_sandbox_type_srcs ${CMAKE_BINARY_DIR}/grpc/src/api/services/cri/gogo.pb.cc)
-add_subdirectory(sandboxer)
-add_subdirectory(manager)
+
+if (ENABLE_SANDBOXER)
+ add_subdirectory(sandboxer)
+ add_subdirectory(manager)
+endif()
add_subdirectory(shim)
diff --git a/test/sandbox/controller/manager/controller_manager_ut.cc b/test/sandbox/controller/manager/controller_manager_ut.cc
index 705baaca..c60f8818 100644
--- a/test/sandbox/controller/manager/controller_manager_ut.cc
+++ b/test/sandbox/controller/manager/controller_manager_ut.cc
@@ -16,12 +16,13 @@
#include <memory>
#include "gtest/gtest.h"
#include "sandboxer_controller.h"
-#include "grpc_sandboxer_client_mock.h"
#include "controller_manager.h"
#include "controller_common.h"
#include "utils.h"
#include "isulad_config_mock.h"
#include "shim_controller.h"
+#include "controller.h"
+#include "grpc_sandboxer_client_mock.h"
class ControllerManagerWrapper : public sandbox::ControllerManager {
public:
@@ -81,7 +82,7 @@ TEST_F(ControllerManagerTest, InitTestSucceed)
EXPECT_CALL(*isuladConfMock, ConfGetServerConf()).Times(1).WillOnce(testing::Return(args));
EXPECT_TRUE(ControllerManagerWrapper::GetInstance()->Init(err));
EXPECT_TRUE(err.Empty());
- EXPECT_NE(ControllerManagerWrapper::GetInstance()->GetController(SHIM_CONTROLLER_NAME), nullptr);
+ EXPECT_NE(ControllerManagerWrapper::GetInstance()->GetController(sandbox::SHIM_CONTROLLER_NAME), nullptr);
EXPECT_NE(ControllerManagerWrapper::GetInstance()->GetController("vmm"), nullptr);
FreeDummyServerconf(args);
}
@@ -96,7 +97,7 @@ TEST_F(ControllerManagerTest, InitTestSucceedWithEmptyConfig)
EXPECT_CALL(*isuladConfMock, ConfGetServerConf()).Times(1).WillOnce(testing::Return(args));
EXPECT_TRUE(ControllerManagerWrapper::GetInstance()->Init(err));
EXPECT_TRUE(err.Empty());
- EXPECT_NE(ControllerManagerWrapper::GetInstance()->GetController(SHIM_CONTROLLER_NAME), nullptr);
+ EXPECT_NE(ControllerManagerWrapper::GetInstance()->GetController(sandbox::SHIM_CONTROLLER_NAME), nullptr);
EXPECT_EQ(ControllerManagerWrapper::GetInstance()->GetController("vmm"), nullptr);
FreeDummyServerconf(args);
}
@@ -111,7 +112,7 @@ TEST_F(ControllerManagerTest, InitTestFailedWithEmptySandboxerConfig)
EXPECT_CALL(*isuladConfMock, ConfGetServerConf()).Times(1).WillOnce(testing::Return(args));
EXPECT_FALSE(ControllerManagerWrapper::GetInstance()->Init(err));
EXPECT_THAT(err.GetCMessage(), testing::HasSubstr("Failed to load sandboxer controllers config"));
- EXPECT_NE(ControllerManagerWrapper::GetInstance()->GetController(SHIM_CONTROLLER_NAME), nullptr);
+ EXPECT_NE(ControllerManagerWrapper::GetInstance()->GetController(sandbox::SHIM_CONTROLLER_NAME), nullptr);
EXPECT_EQ(ControllerManagerWrapper::GetInstance()->GetController("vmm"), nullptr);
FreeDummyServerconf(args);
}
@@ -126,7 +127,7 @@ TEST_F(ControllerManagerTest, InitTestSucceedWithNullConfig)
EXPECT_CALL(*isuladConfMock, ConfGetServerConf()).Times(1).WillOnce(testing::Return(args));
EXPECT_TRUE(ControllerManagerWrapper::GetInstance()->Init(err));
EXPECT_TRUE(err.Empty());
- EXPECT_NE(ControllerManagerWrapper::GetInstance()->GetController(SHIM_CONTROLLER_NAME), nullptr);
+ EXPECT_NE(ControllerManagerWrapper::GetInstance()->GetController(sandbox::SHIM_CONTROLLER_NAME), nullptr);
EXPECT_EQ(ControllerManagerWrapper::GetInstance()->GetController("vmm"), nullptr);
FreeDummyServerconf(args);
}
@@ -142,7 +143,7 @@ TEST_F(ControllerManagerTest, InitTestFailedWithDupShimConfig)
EXPECT_CALL(*isuladConfMock, ConfGetServerConf()).Times(1).WillOnce(testing::Return(args));
EXPECT_FALSE(ControllerManagerWrapper::GetInstance()->Init(err));
EXPECT_THAT(err.GetCMessage(), testing::HasSubstr("Sandboxer controller already registered, sandboxer:"));
- EXPECT_NE(ControllerManagerWrapper::GetInstance()->GetController(SHIM_CONTROLLER_NAME), nullptr);
+ EXPECT_NE(ControllerManagerWrapper::GetInstance()->GetController(sandbox::SHIM_CONTROLLER_NAME), nullptr);
FreeDummyServerconf(args);
}
@@ -191,7 +192,7 @@ TEST_F(ControllerManagerTest, InitTestFailedWithDupInit)
EXPECT_CALL(*isuladConfMock, ConfGetServerConf()).Times(2).WillRepeatedly(testing::Return(args));
EXPECT_TRUE(ControllerManagerWrapper::GetInstance()->Init(err));
EXPECT_TRUE(err.Empty());
- EXPECT_NE(ControllerManagerWrapper::GetInstance()->GetController(SHIM_CONTROLLER_NAME), nullptr);
+ EXPECT_NE(ControllerManagerWrapper::GetInstance()->GetController(sandbox::SHIM_CONTROLLER_NAME), nullptr);
EXPECT_NE(ControllerManagerWrapper::GetInstance()->GetController("vmm"), nullptr);
EXPECT_FALSE(ControllerManagerWrapper::GetInstance()->Init(err));
EXPECT_THAT(err.GetCMessage(), testing::HasSubstr("Sandboxer controller already registered,"));
@@ -211,6 +212,6 @@ TEST_F(ControllerManagerTest, InitTestFailedWithNullConf)
TEST_F(ControllerManagerTest, FindControllerTestFailedBeforeInit)
{
Errors err;
- EXPECT_EQ(ControllerManagerWrapper::GetInstance()->GetController(SHIM_CONTROLLER_NAME), nullptr);
+ EXPECT_EQ(ControllerManagerWrapper::GetInstance()->GetController(sandbox::SHIM_CONTROLLER_NAME), nullptr);
EXPECT_EQ(ControllerManagerWrapper::GetInstance()->GetController("vmm"), nullptr);
}
diff --git a/test/sandbox/controller/sandboxer/sandboxer_controller/sandboxer_controller_ut.cc b/test/sandbox/controller/sandboxer/sandboxer_controller/sandboxer_controller_ut.cc
index 726464e8..d31d5b95 100644
--- a/test/sandbox/controller/sandboxer/sandboxer_controller/sandboxer_controller_ut.cc
+++ b/test/sandbox/controller/sandboxer/sandboxer_controller/sandboxer_controller_ut.cc
@@ -32,6 +32,7 @@ protected:
void TearDown() override
{
m_contoller.reset(nullptr);
+ MockSandboxerClient_SetMock(nullptr);
}
std::string m_sandboxer = "sandboxer";
diff --git a/test/sandbox/controller/shim/shim_controller_ut.cc b/test/sandbox/controller/shim/shim_controller_ut.cc
index e43cc645..75a51797 100644
--- a/test/sandbox/controller/shim/shim_controller_ut.cc
+++ b/test/sandbox/controller/shim/shim_controller_ut.cc
@@ -41,6 +41,9 @@ protected:
void TearDown() override
{
m_contoller.reset(nullptr);
+ MockCallback_SetMock(nullptr);
+ MockServiceContainerApi_SetMock(nullptr);
+ MockImageApi_SetMock(nullptr);
}
std::string m_sandboxer = "shim";
diff --git a/test/sandbox/sandbox/CMakeLists.txt b/test/sandbox/sandbox/CMakeLists.txt
index 6dd6c3ee..d033c93f 100644
--- a/test/sandbox/sandbox/CMakeLists.txt
+++ b/test/sandbox/sandbox/CMakeLists.txt
@@ -4,8 +4,24 @@ SET(EXE sandbox_ut)
aux_source_directory(${CMAKE_BINARY_DIR}/grpc/src/api/services/sandbox/sandbox/types sandbox_type_srcs)
+if(ENABLE_SANDBOXER)
+ set(sandboxer_srcs
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/sandbox/sandboxer/controller/sandboxer_controller.cc
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/grpc_sandboxer_client_mock.cc
+ )
+ set(sandbox_dir
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/sandbox/sandboxer
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/sandbox/sandboxer/controller
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/sandbox/sandboxer/controller/client
+ )
+else()
+ set(sandboxer_srcs "")
+ set(sandbox_dir "")
+endif()
+
add_executable(${EXE}
${sandbox_type_srcs}
+ ${sandboxer_srcs}
${CMAKE_BINARY_DIR}/grpc/src/api/services/cri/v1/api_v1.pb.cc
${CMAKE_BINARY_DIR}/grpc/src/api/services/cri/gogo.pb.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cpputils/errors.cc
@@ -15,12 +31,10 @@ add_executable(${EXE}
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/sandbox/sandbox.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/sandbox/sandbox_task.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/sandbox/controller_manager.cc
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/sandbox/sandboxer/controller/sandboxer_controller.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/common/id_name_manager.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/config/isulad_config.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../test/sandbox/controller/controller_common.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/config/daemon_arguments.c
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/grpc_sandboxer_client_mock.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/shim_controller_mock.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/mailbox_mock.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/common/err_msg.c
@@ -28,6 +42,7 @@ add_executable(${EXE}
target_include_directories(${EXE} PUBLIC
${GTEST_INCLUDE_DIR}
+ ${sandbox_dir}
${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/common
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/config
@@ -37,9 +52,6 @@ target_include_directories(${EXE} PUBLIC
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/sandbox
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/sandbox/shim
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/sandbox/shim/controller
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/sandbox/sandboxer
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/sandbox/sandboxer/controller
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/sandbox/sandboxer/controller/client
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/sandbox
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/common
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cpputils
diff --git a/test/sandbox/sandbox_manager/CMakeLists.txt b/test/sandbox/sandbox_manager/CMakeLists.txt
index a7dd8c9d..45c55300 100644
--- a/test/sandbox/sandbox_manager/CMakeLists.txt
+++ b/test/sandbox/sandbox_manager/CMakeLists.txt
@@ -4,8 +4,18 @@ SET(EXE sandbox_manager_ut)
aux_source_directory(${CMAKE_BINARY_DIR}/grpc/src/api/services/sandbox/sandbox/types sandbox_type_srcs)
+if(ENABLE_SANDBOXER)
+ set(sandboxer_srcs
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/sandbox/sandboxer/controller/sandboxer_controller.cc
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/grpc_sandboxer_client_mock.cc
+ )
+else()
+ set(sandboxer_srcs "")
+endif()
+
add_executable(${EXE}
${sandbox_type_srcs}
+ ${sandboxer_srcs}
${CMAKE_BINARY_DIR}/grpc/src/api/services/cri/v1/api_v1.pb.cc
${CMAKE_BINARY_DIR}/grpc/src/api/services/cri/gogo.pb.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cpputils/errors.cc
@@ -19,8 +29,6 @@ add_executable(${EXE}
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/common/err_msg.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/config/daemon_arguments.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/sandbox/controller_manager.cc
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/grpc_sandboxer_client_mock.cc
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/sandboxer_controller_mock.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/shim_controller_mock.cc
${CMAKE_CURRENT_SOURCE_DIR}/sandbox_manager_ut.cc)
diff --git a/test/sandbox/sandbox_manager/sandbox_manager_ut.cc b/test/sandbox/sandbox_manager/sandbox_manager_ut.cc
index 9e762039..276b6f4c 100644
--- a/test/sandbox/sandbox_manager/sandbox_manager_ut.cc
+++ b/test/sandbox/sandbox_manager/sandbox_manager_ut.cc
@@ -154,7 +154,9 @@ TEST_F(SandboxManagerTest, TestCreateSandbox)
"{\"cri-sandboxers\": {\"kuasar\": {\"name\": \"vmm\",\"address\": \"/run/vmm-sandboxer.sock\"}}}";
struct service_arguments *args = CreateDummyServerConf(daemonConfig);
ASSERT_NE(args, nullptr);
+#ifdef ENABLE_SANDBOXER
EXPECT_CALL(*isuladConfMock, ConfGetServerConf()).Times(1).WillOnce(testing::Return(args));
+#endif
EXPECT_TRUE(ControllerManager::GetInstance()->Init(error));
EXPECT_TRUE(error.Empty());
--
2.34.1

575
0183-add-dt-for-cri-v1.patch Normal file
View File

@ -0,0 +1,575 @@
From 262707f0d14e7c42554875cab38fdef985c21acc Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sat, 11 Jan 2025 15:04:54 +0800
Subject: [PATCH 183/198] add dt for cri v1
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
CI/install_depends.sh | 5 +-
.../container_cases/cri_default_namespace.sh | 39 ++++++------
.../container_cases/cri_exec_sync.sh | 40 ++++++------
CI/test_cases/container_cases/cri_pod_ip.sh | 51 +++++++--------
CI/test_cases/container_cases/cri_stream.sh | 45 +++++++------
CI/test_cases/container_cases/cri_test.sh | 40 ++++++------
CI/test_cases/critest.sh | 52 +++++++++------
CI/test_cases/helpers.sh | 63 +++++++++++++++++++
8 files changed, 205 insertions(+), 130 deletions(-)
diff --git a/CI/install_depends.sh b/CI/install_depends.sh
index 8b7c7201..c7fb9563 100755
--- a/CI/install_depends.sh
+++ b/CI/install_depends.sh
@@ -44,9 +44,8 @@ function make_crictl()
git clone https://gitee.com/duguhaotian/cri-tools.git
go version
cd cri-tools
- # crictl v1.18 cannot recognise the SecurityProfile seccomp of LinuxSandboxSecurityContext
- # and the LinuxContainerSecurityContext.has_seccomp() always false
- git checkout v1.22.0
+ # update crictl to 1.25, used to test cri v1 alpha and cri v1.
+ git checkout v1.25.0
make -j $nproc
echo "make cri-tools: $?"
cp ./build/bin/crictl ${builddir}/bin/
diff --git a/CI/test_cases/container_cases/cri_default_namespace.sh b/CI/test_cases/container_cases/cri_default_namespace.sh
index d013c6fa..1f418947 100755
--- a/CI/test_cases/container_cases/cri_default_namespace.sh
+++ b/CI/test_cases/container_cases/cri_default_namespace.sh
@@ -18,17 +18,8 @@ function set_up()
msg_info "${test} starting..."
- cp /etc/isulad/daemon.json /etc/isulad/daemon.bak
- sed -i "s#\"pod-sandbox-image\": \"\"#\"pod-sandbox-image\": \"mirrorgooglecontainers/pause-amd64:3.0\"#g" /etc/isulad/daemon.json
-
- check_valgrind_log
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to stop isulad" && return ${FAILURE}
-
- start_isulad_with_valgrind
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to start isulad" && return ${FAILURE}
-
- isula load -i ${pause_img_path}/pause.tar
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to load pause image" && return ${FAILURE}
+ init_cri_conf $1
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to init cri conf: ${1}" && return ${FAILURE}
crictl pull ${image}
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to pull image: ${image}" && return ${FAILURE}
@@ -92,20 +83,28 @@ function test_cri_default_namespace_in_pod_fun()
function tear_down()
{
- cp -f /etc/isulad/daemon.bak /etc/isulad/daemon.json
- check_valgrind_log
- start_isulad_with_valgrind
+ local ret=0
+ restore_cri_conf
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to restore cri conf" && ((ret++))
+ return $ret
}
declare -i ans=0
-set_up || ((ans++))
-
-for element in ${RUNTIME_LIST[@]};
+for version in ${CRI_LIST[@]};
do
- test_cri_default_namespace_in_pod_fun $element || ((ans++))
-done
+ test="test_cri_default_namespace_in_pod_fun, use cri version => (${version})"
+ msg_info "${test} starting..."
+
+ set_up $version || ((ans++))
-tear_down
+ for element in ${RUNTIME_LIST[@]};
+ do
+ test_cri_default_namespace_in_pod_fun $element || ((ans++))
+ done
+
+ tear_down || ((ans++))
+ msg_info "${test} finished with return ${ans}..."
+done
show_result ${ans} "${curr_path}/${0}"
diff --git a/CI/test_cases/container_cases/cri_exec_sync.sh b/CI/test_cases/container_cases/cri_exec_sync.sh
index 97ea01ca..62352be5 100755
--- a/CI/test_cases/container_cases/cri_exec_sync.sh
+++ b/CI/test_cases/container_cases/cri_exec_sync.sh
@@ -33,17 +33,8 @@ function do_pre()
msg_info "${test} starting..."
- cp /etc/isulad/daemon.json /etc/isulad/daemon.bak
- sed -i "s#\"pod-sandbox-image\": \"\"#\"pod-sandbox-image\": \"mirrorgooglecontainers/pause-amd64:3.0\"#g" /etc/isulad/daemon.json
-
- check_valgrind_log
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to stop isulad" && return ${FAILURE}
-
- start_isulad_with_valgrind
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to start isulad" && return ${FAILURE}
-
- isula load -i ${pause_img_path}/pause.tar
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to load pause image" && return ${FAILURE}
+ init_cri_conf $1
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to init cri conf: ${1}" && return ${FAILURE}
crictl pull ${image}
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to pull image: ${image}" && return ${FAILURE}
@@ -116,10 +107,10 @@ function tear_down()
function do_post()
{
- cp -f /etc/isulad/daemon.bak /etc/isulad/daemon.json
-
- check_valgrind_log
- start_isulad_with_valgrind
+ local ret=0
+ restore_cri_conf
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to restore cri conf" && ((ret++))
+ return $ret
}
function do_test_t()
@@ -142,13 +133,20 @@ function do_test_t()
declare -i ans=0
-do_pre || ((ans++))
-
-for element in ${RUNTIME_LIST[@]};
+for version in ${CRI_LIST[@]};
do
- do_test_t $element || ((ans++))
-done
+ test="test_cri_exec_sync_fun, use cri version => (${version})"
+ msg_info "${test} starting..."
-do_post
+ do_pre $version || ((ans++))
+
+ for element in ${RUNTIME_LIST[@]};
+ do
+ do_test_t $element || ((ans++))
+ done
+
+ do_post || ((ans++))
+ msg_info "${test} finished with return ${ans}..."
+done
show_result ${ans} "${curr_path}/${0}"
diff --git a/CI/test_cases/container_cases/cri_pod_ip.sh b/CI/test_cases/container_cases/cri_pod_ip.sh
index 7bf7833b..01c644f4 100755
--- a/CI/test_cases/container_cases/cri_pod_ip.sh
+++ b/CI/test_cases/container_cases/cri_pod_ip.sh
@@ -12,8 +12,8 @@ source ../helpers.sh
function do_pre()
{
- cp /etc/isulad/daemon.json /etc/isulad/daemon.bak
- sed -i "s#\"pod-sandbox-image\": \"\"#\"pod-sandbox-image\": \"mirrorgooglecontainers/pause-amd64:3.0\"#g" /etc/isulad/daemon.json
+ init_cri_conf $1
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to init cri conf: ${1}" && return ${FAILURE}
init_cni_conf $data_path
if [ $? -ne 0 ]; then
@@ -21,21 +21,14 @@ function do_pre()
TC_RET_T=$(($TC_RET_T+1))
return $TC_RET_T
fi
-
- isula load -i ${pause_img_path}/pause.tar
- if [ $? -ne 0 ]; then
- msg_err "Failed to load pause image"
- TC_RET_T=$(($TC_RET_T+1))
- return $TC_RET_T
- fi
-
}
function do_post()
{
- cp -f /etc/isulad/daemon.bak /etc/isulad/daemon.json
- check_valgrind_log
- start_isulad_with_valgrind
+ local ret=0
+ restore_cri_conf
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to restore cri conf" && ((ret++))
+ return $ret
}
function do_test()
@@ -104,21 +97,29 @@ function do_test()
}
-ret=0
+ans=0
-do_pre
-if [ $? -ne 0 ];then
- let "ret=$ret + 1"
-fi
-
-for element in ${RUNTIME_LIST[@]};
+for version in ${CRI_LIST[@]};
do
- do_test $element
+ test="test_cri_default_namespace_fun, use cri version => (${version})"
+ msg_info "${test} starting..."
+
+ do_pre $version || ((ans++))
if [ $? -ne 0 ];then
- let "ret=$ret + 1"
+ let "ans=$ans + 1"
fi
-done
-do_post
+ for element in ${RUNTIME_LIST[@]};
+ do
+ do_test $element
+ if [ $? -ne 0 ];then
+ let "ans=$ans + 1"
+ fi
+ done
+
+ do_post || ((ans++))
+
+ msg_info "${test} finished with return ${ans}..."
+done
-show_result $ret "cni base test"
+show_result $ans "cni base test"
diff --git a/CI/test_cases/container_cases/cri_stream.sh b/CI/test_cases/container_cases/cri_stream.sh
index 43ed3891..e4918c23 100755
--- a/CI/test_cases/container_cases/cri_stream.sh
+++ b/CI/test_cases/container_cases/cri_stream.sh
@@ -39,17 +39,8 @@ function do_pre()
msg_info "${test} starting..."
- cp /etc/isulad/daemon.json /etc/isulad/daemon.bak
- sed -i "s#\"pod-sandbox-image\": \"\"#\"pod-sandbox-image\": \"mirrorgooglecontainers/pause-amd64:3.0\"#g" /etc/isulad/daemon.json
-
- check_valgrind_log
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to stop isulad" && return ${FAILURE}
-
- start_isulad_without_valgrind
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to start isulad" && return ${FAILURE}
-
- isula load -i ${pause_img_path}/pause.tar
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to load pause image" && return ${FAILURE}
+ init_cri_conf $1 "without_valgrind"
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to init cri conf: ${1}" && return ${FAILURE}
crictl pull ${image}
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to pull image: ${image}" && return ${FAILURE}
@@ -130,13 +121,12 @@ function test_cri_attach
local test="test_cri_attach => (${FUNCNAME[@]})"
msg_info "${test} starting..."
- nohup cricli attach -i ${cid} &
+ nohup cricli attach -ti ${cid} &
pid=$!
sleep 2
ps -T -p $(cat /var/run/isulad.pid) | grep IoCopy
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - residual IO copy thread in CRI attach operation" && ((ret++))
-
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - attach failed, no IOCopy thread" && ((ret++))
kill -9 $pid
sleep 2
@@ -169,10 +159,10 @@ function tear_down()
function do_post()
{
- cp -f /etc/isulad/daemon.bak /etc/isulad/daemon.json
-
- stop_isulad_without_valgrind
- start_isulad_with_valgrind
+ local ret=0
+ restore_cri_conf "without_valgrind"
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to restore cri conf" && ((ret++))
+ return $ret
}
function do_test_t()
@@ -198,13 +188,20 @@ function do_test_t()
declare -i ans=0
-do_pre || ((ans++))
-
-for element in ${RUNTIME_LIST[@]};
+for version in ${CRI_LIST[@]};
do
- do_test_t $element || ((ans++))
-done
+ test="test_cri_stream_fun, use cri version => (${version})"
+ msg_info "${test} starting..."
+
+ do_pre $version || ((ans++))
-do_post
+ for element in ${RUNTIME_LIST[@]};
+ do
+ do_test_t $element || ((ans++))
+ done
+
+ do_post || ((ans++))
+ msg_info "${test} finished with return ${ans}..."
+done
show_result ${ans} "${curr_path}/${0}"
diff --git a/CI/test_cases/container_cases/cri_test.sh b/CI/test_cases/container_cases/cri_test.sh
index 88420761..ed333a28 100755
--- a/CI/test_cases/container_cases/cri_test.sh
+++ b/CI/test_cases/container_cases/cri_test.sh
@@ -28,24 +28,21 @@ function do_pre()
{
sed -i "s#seccomp_localhost_ref#${data_path}/seccomp_localhost.json#g" ${data_path}/container-config-seccomp-localhost.json
- cp /etc/isulad/daemon.json /etc/isulad/daemon.bak
- sed -i "s#\"pod-sandbox-image\": \"\"#\"pod-sandbox-image\": \"mirrorgooglecontainers/pause-amd64:3.0\"#g" /etc/isulad/daemon.json
-
- check_valgrind_log
- start_isulad_with_valgrind
-
- isula load -i ${pause_img_path}/pause.tar
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to load pause" && return ${FAILURE}
-
+ init_cri_conf $1 "without_valgrind"
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to init cri conf: ${1}" && return ${FAILURE}
+
isula pull busybox
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to pull busybox" && return ${FAILURE}
+
+ return 0
}
function do_post()
{
- cp -f /etc/isulad/daemon.bak /etc/isulad/daemon.json
- check_valgrind_log
- start_isulad_with_valgrind
+ local ret=0
+ restore_cri_conf "without_valgrind"
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to restore cri conf" && ((ret++))
+ return $ret
}
function test_cri_seccomp()
@@ -82,7 +79,7 @@ function test_cri_seccomp()
[[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - chmod should fail as it's blocked by seccomp" && ((ret++))
fi
- isula rm -f `isula ps -a -q`
+ crictl rmp -f $(crictl pods -q)
msg_info "${test} finished with return ${ret}..."
return ${ret}
@@ -90,13 +87,20 @@ function test_cri_seccomp()
declare -i ans=0
-do_pre
+for version in ${CRI_LIST[@]};
+do
+ test="test_cri_test_fun, use cri version => (${version})"
+ msg_info "${test} starting..."
+
+ do_pre $version || ((ans++))
-test_cri_seccomp "default" || ((ans++))
-test_cri_seccomp "unconfined" || ((ans++))
-test_cri_seccomp "localhost" || ((ans++))
+ test_cri_seccomp "default" || ((ans++))
+ test_cri_seccomp "unconfined" || ((ans++))
+ test_cri_seccomp "localhost" || ((ans++))
-do_post
+ do_post || ((ans++))
+ msg_info "${test} finished with return ${ans}..."
+done
show_result ${ans} "${curr_path}/${0}"
diff --git a/CI/test_cases/critest.sh b/CI/test_cases/critest.sh
index f8d4975e..136594a0 100755
--- a/CI/test_cases/critest.sh
+++ b/CI/test_cases/critest.sh
@@ -62,8 +62,9 @@ function restore_selinux_environment() {
function pre_test() {
# build critest
- local VERSION="v1.22.0"
+ local VERSION="v1.25.0"
+ rm -rf cri-tools
git clone https://gitee.com/duguhaotian/cri-tools.git
go version
cd cri-tools
@@ -75,15 +76,8 @@ function pre_test() {
critest --version
# config pause
- cp /etc/isulad/daemon.json /etc/isulad/daemon.bak
- sed -i "s#\"pod-sandbox-image\": \"\"#\"pod-sandbox-image\": \"mirrorgooglecontainers/pause-amd64:3.0\"#g" /etc/isulad/daemon.json
-
- isula load -i ${pause_img_path}/pause.tar
- if [ $? -ne 0 ]; then
- msg_err "Failed to load pause image"
- TC_RET_T=$(($TC_RET_T + 1))
- return $TC_RET_T
- fi
+ init_cri_conf $1
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to init cri conf: ${1}" && return ${FAILURE}
# config cni
init_cni_conf $data_path
@@ -107,7 +101,9 @@ function post_test() {
restore_selinux_environment
rm -rf ./cri-tools
rm /usr/local/bin/critest
- cp -f /etc/isulad/daemon.bak /etc/isulad/daemon.json
+
+ restore_cri_conf
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to restore cri conf" && ((ret++))
# clear env
isula rm -f `isula ps -qa`
@@ -117,10 +113,8 @@ function post_test() {
do
isula pull ${image}
done
-
- stop_isulad_without_valgrind
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - memory leak" && return ${FAILURE}
- start_isulad_with_valgrind
+
+ return ${ret}
}
function test_critest() {
@@ -158,12 +152,32 @@ function do_test_t() {
return $ret
}
-declare -i ans=0
+function do_critest_test_t()
+{
+ local cri_version=$1
+ local ret=0
+ local test="do_critest_test_t => (${cri_version})"
+ msg_info "${test} starting..."
+
+ pre_test $cri_version || (ret++)
-pre_test || (ans++)
+ do_test_t || ((ret++))
-do_test_t || ((ans++))
+ post_test || (ret++)
-post_test || (ans++)
+ msg_info "${test} finished with return ${ret}..."
+
+ return $ret
+}
+
+declare -i ans=0
+
+for version in ${CRI_LIST[@]};
+do
+ do_critest_test_t $version
+ if [ $? -ne 0 ];then
+ let "ans=$ans + 1"
+ fi
+done
show_result ${ans} "${curr_path}/${0}"
diff --git a/CI/test_cases/helpers.sh b/CI/test_cases/helpers.sh
index 0288b4ea..111058e3 100755
--- a/CI/test_cases/helpers.sh
+++ b/CI/test_cases/helpers.sh
@@ -31,6 +31,8 @@ RUNTIME_LIST=(lcr runc)
DEFAULT_RUNTIME=runc
+CRI_LIST=(v1alpha v1)
+
testcase_data="/tmp/testcases_data"
enable_native_network=0
@@ -321,4 +323,65 @@ function do_pretest() {
msg_info "#####################"
}
+function init_cri_conf() {
+ local ret=0
+ check_valgrind_log
+ if [ $? -ne 0 ]; then
+ echo "stop isulad failed"
+ ret=$(($ret+1))
+ fi
+
+ cp /etc/isulad/daemon.json /etc/isulad/daemon.bak
+ if [ "x$1" == "xv1" ]; then
+ echo "use cri v1"
+ sed -i '/"pod-sandbox-image": ""/i "enable-cri-v1": true,' /etc/isulad/daemon.json
+ fi
+ sed -i "s#\"pod-sandbox-image\": \"\"#\"pod-sandbox-image\": \"mirrorgooglecontainers/pause-amd64:3.0\"#g" /etc/isulad/daemon.json
+
+ if [ "x$2" == "xwithout_valgrind" ]; then
+ start_isulad_without_valgrind
+ else
+ echo "start with valgrind"
+ start_isulad_with_valgrind
+ fi
+ if [ $? -ne 0 ]; then
+ echo "start failed"
+ ret=$(($ret+1))
+ fi
+
+ isula load -i ${pause_img_path}/pause.tar
+ if [ $? -ne 0 ]; then
+ msg_err "Failed to load pause image"
+ ret=$(($ret + 1))
+ return $ret
+ fi
+
+ return $ret
+}
+
+function restore_cri_conf() {
+ local ret=0
+
+ if [ "x$1" == "xwithout_valgrind" ]; then
+ stop_isulad_without_valgrind
+ else
+ echo "stop with valgrind"
+ check_valgrind_log
+ fi
+ if [ $? -ne 0 ]; then
+ echo "stop isulad failed"
+ ret=$(($ret+1))
+ fi
+
+ cp /etc/isulad/daemon.bak /etc/isulad/daemon.json
+
+ start_isulad_with_valgrind
+ if [ $? -ne 0 ]; then
+ echo "start failed"
+ ret=$(($ret+1))
+ fi
+
+ return $ret
+}
+
do_pretest
--
2.34.1

454
0184-do-check-process-alive-read-pid-ppid-info-in-runtime.patch Normal file
View File

@ -0,0 +1,454 @@
From 02b51963a37da893cc52a35562dd32f772e9e497 Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Fri, 24 Nov 2023 17:36:50 +0800
Subject: [PATCH 184/198] do check process alive read pid ppid info in runtime
Signed-off-by: jikai <jikai11@huawei.com>
---
src/daemon/modules/api/runtime_api.h | 17 ++++++++
.../container/container_gc/containers_gc.c | 19 +++++++--
.../modules/container/restore/restore.c | 29 ++++++++++---
.../modules/container/supervisor/supervisor.c | 17 +++++++-
.../modules/runtime/engines/lcr/lcr_rt_ops.c | 11 +++++
.../modules/runtime/engines/lcr/lcr_rt_ops.h | 4 ++
.../modules/runtime/isula/isula_rt_ops.c | 13 +++++-
.../modules/runtime/isula/isula_rt_ops.h | 3 ++
src/daemon/modules/runtime/runtime.c | 42 +++++++++++++++++++
src/daemon/modules/runtime/shim/shim_rt_ops.c | 22 ++++++++++
src/daemon/modules/runtime/shim/shim_rt_ops.h | 3 ++
.../modules/service/service_container.c | 1 +
12 files changed, 169 insertions(+), 12 deletions(-)
diff --git a/src/daemon/modules/api/runtime_api.h b/src/daemon/modules/api/runtime_api.h
index 1f23efe3..b0d70493 100644
--- a/src/daemon/modules/api/runtime_api.h
+++ b/src/daemon/modules/api/runtime_api.h
@@ -208,6 +208,15 @@ typedef struct _rt_runtime_rebuild_config_params_t {
const char *rootpath;
} rt_rebuild_config_params_t;
+typedef struct _rt_runtime_read_pid_ppid_info_params_t {
+ int pid;
+} rt_read_pid_ppid_info_params_t;
+
+typedef struct _rt_runtime_detect_process_params_t {
+ int pid;
+ uint64_t start_time;
+} rt_detect_process_params_t;
+
struct rt_ops {
/* detect whether runtime is of this runtime type */
bool (*detect)(const char *runtime);
@@ -245,6 +254,10 @@ struct rt_ops {
int (*rt_resize)(const char *name, const char *runtime, const rt_resize_params_t *params);
int (*rt_exec_resize)(const char *name, const char *runtime, const rt_exec_resize_params_t *params);
int (*rt_rebuild_config)(const char *name, const char *runtime, const rt_rebuild_config_params_t *params);
+
+ int (*rt_read_pid_ppid_info)(const char *name, const char *runtime, const rt_read_pid_ppid_info_params_t *params,
+ pid_ppid_info_t *pid_info);
+ int (*rt_detect_process)(const char *name, const char *runtime, const rt_detect_process_params_t *params);
};
int runtime_create(const char *name, const char *runtime, const rt_create_params_t *params);
@@ -269,6 +282,10 @@ int runtime_rebuild_config(const char *name, const char *runtime, const rt_rebui
void free_rt_listpids_out_t(rt_listpids_out_t *out);
int runtime_resize(const char *name, const char *runtime, const rt_resize_params_t *params);
int runtime_exec_resize(const char *name, const char *runtime, const rt_exec_resize_params_t *params);
+
+int runtime_read_pid_ppid_info(const char *name, const char *runtime, const rt_read_pid_ppid_info_params_t *params,
+ pid_ppid_info_t *pid_info);
+int runtime_detect_process(const char *name, const char *runtime, const rt_detect_process_params_t *params);
bool is_default_runtime(const char *name);
int runtime_init(void);
diff --git a/src/daemon/modules/container/container_gc/containers_gc.c b/src/daemon/modules/container/container_gc/containers_gc.c
index 2d16dee8..3f2473d5 100644
--- a/src/daemon/modules/container/container_gc/containers_gc.c
+++ b/src/daemon/modules/container/container_gc/containers_gc.c
@@ -386,6 +386,7 @@ static void gc_monitor_process(const char *id, pid_t pid, unsigned long long sta
{
INFO("Received garbage collector monitor of %s with pid %d", id, pid);
+ // for shim-v2, here is a ppid, which is always 0
if (util_process_alive(pid, start_time)) {
int ret = kill(pid, SIGKILL);
if (ret < 0 && errno != ESRCH) {
@@ -461,14 +462,16 @@ static void gc_container_process(struct linked_list *it)
char *runtime = NULL;
char *id = NULL;
container_garbage_config_gc_containers_element *gc_cont = NULL;
+ rt_detect_process_params_t detect_params = {
+ .pid = gc_cont->pid,
+ .start_time = gc_cont->start_time,
+ };
gc_cont = (container_garbage_config_gc_containers_element *)it->elem;
id = gc_cont->id;
runtime = gc_cont->runtime;
- pid = gc_cont->pid;
- start_time = gc_cont->start_time;
- if (util_process_alive(pid, start_time) == false) {
+ if (runtime_detect_process(id, runtime, &detect_params) < 0) {
ret = clean_container_resource(id, runtime, pid);
if (ret != 0) {
WARN("Failed to clean resources of container %s", id);
@@ -495,7 +498,15 @@ static void gc_container_process(struct linked_list *it)
free(it);
} else {
try_to_resume_container(id, runtime);
- ret = kill(pid, SIGKILL);
+
+ rt_kill_params_t kill_params = {
+ .signal = SIGKILL,
+ .stop_signal = SIGKILL,
+ .pid = pid,
+ .start_time = start_time,
+ };
+
+ ret = runtime_kill(id, runtime, &kill_params);
if (ret < 0 && errno != ESRCH) {
ERROR("Can not kill process (pid=%d) with SIGKILL for container %s", pid, id);
}
diff --git a/src/daemon/modules/container/restore/restore.c b/src/daemon/modules/container/restore/restore.c
index 44ed14df..48a3ae4b 100644
--- a/src/daemon/modules/container/restore/restore.c
+++ b/src/daemon/modules/container/restore/restore.c
@@ -58,7 +58,12 @@ static int restore_supervisor(const container_t *cont)
char *exit_fifo = NULL;
char *id = cont->common_config->id;
char *statepath = cont->state_path;
+ char *runtime = cont->runtime;
pid_ppid_info_t pid_info = { 0 };
+ rt_detect_process_params_t params = {
+ .pid = cont->state->state->pid,
+ .start_time = cont->state->state->start_time,
+ };
nret = snprintf(container_state, sizeof(container_state), "%s/%s", statepath, id);
if (nret < 0 || (size_t)nret >= sizeof(container_state)) {
@@ -81,7 +86,7 @@ static int restore_supervisor(const container_t *cont)
goto out;
}
- if (!util_process_alive(cont->state->state->pid, cont->state->state->start_time)) {
+ if (runtime_detect_process(id, runtime, &params) != 0) {
ERROR("Container %s pid %d already dead, skip add supervisor", id, cont->state->state->pid);
close(exit_fifo_fd);
ret = -1;
@@ -112,8 +117,10 @@ static int post_stopped_container_to_gc(const char *id, const char *runtime, con
{
int ret = 0;
pid_ppid_info_t pid_info = { 0 };
+ rt_read_pid_ppid_info_params_t params = { 0 };
+ params.pid = old_pid_info->pid;
- (void)util_read_pid_ppid_info(old_pid_info->pid, &pid_info);
+ (void)runtime_read_pid_ppid_info(id, runtime, &params, &pid_info);
if (pid_info.ppid == 0) {
pid_info.ppid = old_pid_info->ppid;
pid_info.pstart_time = old_pid_info->pstart_time;
@@ -180,9 +187,15 @@ static void restore_stopped_container(Container_Status status, const container_t
pid_ppid_info_t pid_info = { 0 };
if (status != CONTAINER_STATUS_STOPPED && status != CONTAINER_STATUS_CREATED) {
- if (util_process_alive(cont->state->state->pid, cont->state->state->start_time)) {
+ rt_detect_process_params_t params = {
+ .pid = cont->state->state->pid,
+ .start_time = cont->state->state->start_time,
+ };
+ if (runtime_detect_process(id, cont->runtime, &params) == 0) {
pid_info.pid = cont->state->state->pid;
+ pid_info.start_time = cont->state->state->start_time;
}
+
if (util_process_alive(cont->state->state->p_pid, cont->state->state->p_start_time)) {
pid_info.ppid = cont->state->state->p_pid;
pid_info.pstart_time = cont->state->state->p_start_time;
@@ -204,8 +217,11 @@ static void restore_running_container(Container_Status status, container_t *cont
int nret = 0;
const char *id = cont->common_config->id;
pid_ppid_info_t pid_info = { 0 };
+ rt_read_pid_ppid_info_params_t params = {
+ .pid = info->pid,
+ };
- nret = util_read_pid_ppid_info(info->pid, &pid_info);
+ nret = runtime_read_pid_ppid_info(id, cont->runtime, &params, &pid_info);
if (nret == 0) {
try_to_set_container_running(status, cont, &pid_info);
container_state_reset_has_been_manual_stopped(cont->state);
@@ -234,10 +250,13 @@ static void restore_paused_container(Container_Status status, container_t *cont,
int nret = 0;
const char *id = cont->common_config->id;
pid_ppid_info_t pid_info = { 0 };
+ rt_read_pid_ppid_info_params_t params = {
+ .pid = info->pid,
+ };
container_state_set_paused(cont->state);
- nret = util_read_pid_ppid_info(info->pid, &pid_info);
+ nret = runtime_read_pid_ppid_info(id, cont->runtime, &params, &pid_info);
if (nret == 0) {
try_to_set_paused_container_pid(status, cont, &pid_info);
container_state_reset_has_been_manual_stopped(cont->state);
diff --git a/src/daemon/modules/container/supervisor/supervisor.c b/src/daemon/modules/container/supervisor/supervisor.c
index f77f58d7..b5ff6166 100644
--- a/src/daemon/modules/container/supervisor/supervisor.c
+++ b/src/daemon/modules/container/supervisor/supervisor.c
@@ -46,6 +46,7 @@
#include "cgroup.h"
#include "specs_api.h"
#endif
+#include "runtime_api.h"
pthread_mutex_t g_supervisor_lock = PTHREAD_MUTEX_INITIALIZER;
struct epoll_descr g_supervisor_descr;
@@ -177,6 +178,17 @@ static void *clean_resources_thread(void *arg)
char *runtime = data->runtime;
unsigned long long start_time = data->pid_info.start_time;
pid_t pid = data->pid_info.pid;
+ rt_detect_process_params_t detect_params = {
+ .pid = pid,
+ .start_time = start_time,
+ };
+ rt_kill_params_t kill_params = {
+ .signal = SIGKILL,
+ .stop_signal = SIGKILL,
+ .pid = pid,
+ .start_time = start_time
+ };
+
int retry_count = 0;
int max_retry = 10;
#ifdef ENABLE_CRI_API_V1
@@ -192,7 +204,7 @@ static void *clean_resources_thread(void *arg)
prctl(PR_SET_NAME, "Clean resource");
retry:
- if (false == util_process_alive(pid, start_time)) {
+ if (runtime_detect_process(name, runtime, &detect_params) < 0) {
ret = clean_container_resource(name, runtime, pid);
// clean_container_resource failed, do not log error message,
// just add to gc to retry clean resource.
@@ -200,7 +212,7 @@ retry:
ERROR("Failed to clean resources of container %s", name);
}
} else {
- ret = kill(pid, SIGKILL);
+ ret = runtime_kill(name, runtime, &kill_params);
if (ret < 0 && errno != ESRCH) {
ERROR("Can not kill process (pid=%d) with SIGKILL for container %s", pid, name);
}
@@ -212,6 +224,7 @@ retry:
}
// get info of init process in container for debug problem of container
+ // but for shim-v2, this might be a misleading debug info
proc_t *c_proc = util_get_process_proc_info(pid);
if (c_proc != NULL) {
ERROR("Container %s into GC with process state: {cmd: %s, state: %c, pid: %d}", name, c_proc->cmd, c_proc->state,
diff --git a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
index 64a8adbc..eb3afb94 100644
--- a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
+++ b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
@@ -941,3 +941,14 @@ out:
free_oci_runtime_spec(oci_spec);
return ret;
}
+
+int rt_lcr_read_pid_ppid_info(const char *name, const char *runtime, const rt_read_pid_ppid_info_params_t *params,
+ pid_ppid_info_t *pid_info)
+{
+ return util_read_pid_ppid_info(params->pid, pid_info);
+}
+
+int rt_lcr_detect_process(const char *name, const char *runtime, const rt_detect_process_params_t *params)
+{
+ return util_process_alive(params->pid, params->start_time) ? 0 : -1;
+}
diff --git a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.h b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.h
index 7403544d..85ebe6f7 100644
--- a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.h
+++ b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.h
@@ -48,6 +48,10 @@ int rt_lcr_resize(const char *id, const char *runtime, const rt_resize_params_t
int rt_lcr_exec_resize(const char *id, const char *runtime, const rt_exec_resize_params_t *params);
int rt_lcr_kill(const char *id, const char *runtime, const rt_kill_params_t *params);
int rt_lcr_rebuild_config(const char *name, const char *runtime, const rt_rebuild_config_params_t *params);
+
+int rt_lcr_read_pid_ppid_info(const char *name, const char *runtime, const rt_read_pid_ppid_info_params_t *params,
+ pid_ppid_info_t *pid_info);
+int rt_lcr_detect_process(const char *name, const char *runtime, const rt_detect_process_params_t *params);
#ifdef __cplusplus
}
#endif
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index 0adb3858..35c09921 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -2173,4 +2173,15 @@ int rt_isula_kill(const char *id, const char *runtime, const rt_kill_params_t *p
int rt_isula_rebuild_config(const char *name, const char *runtime, const rt_rebuild_config_params_t *params)
{
return 0;
-}
\ No newline at end of file
+}
+
+int rt_isula_read_pid_ppid_info(const char *id, const char *runtime, const rt_read_pid_ppid_info_params_t *params,
+ pid_ppid_info_t *pid_info)
+{
+ return util_read_pid_ppid_info(params->pid, pid_info);
+}
+
+int rt_isula_detect_process(const char *id, const char *runtime, const rt_detect_process_params_t *params)
+{
+ return util_process_alive(params->pid, params->start_time) ? 0 : -1;
+}
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.h b/src/daemon/modules/runtime/isula/isula_rt_ops.h
index 1e5e049a..88236a1e 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.h
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.h
@@ -48,6 +48,9 @@ int rt_isula_exec_resize(const char *id, const char *runtime, const rt_exec_resi
int rt_isula_kill(const char *id, const char *runtime, const rt_kill_params_t *params);
int rt_isula_rebuild_config(const char *name, const char *runtime, const rt_rebuild_config_params_t *params);
+int rt_isula_read_pid_ppid_info(const char *name, const char *runtime, const rt_read_pid_ppid_info_params_t *params,
+ pid_ppid_info_t *pid_info);
+int rt_isula_detect_process(const char *name, const char *runtime, const rt_detect_process_params_t *params);
#ifdef __cplusplus
}
#endif
diff --git a/src/daemon/modules/runtime/runtime.c b/src/daemon/modules/runtime/runtime.c
index 43b78bca..7be140dc 100644
--- a/src/daemon/modules/runtime/runtime.c
+++ b/src/daemon/modules/runtime/runtime.c
@@ -46,6 +46,8 @@ static const struct rt_ops g_lcr_rt_ops = {
.rt_exec_resize = rt_lcr_exec_resize,
.rt_kill = rt_lcr_kill,
.rt_rebuild_config = rt_lcr_rebuild_config,
+ .rt_read_pid_ppid_info = rt_lcr_read_pid_ppid_info,
+ .rt_detect_process = rt_lcr_detect_process,
};
static const struct rt_ops g_isula_rt_ops = {
@@ -67,6 +69,8 @@ static const struct rt_ops g_isula_rt_ops = {
.rt_exec_resize = rt_isula_exec_resize,
.rt_kill = rt_isula_kill,
.rt_rebuild_config = rt_isula_rebuild_config,
+ .rt_read_pid_ppid_info = rt_isula_read_pid_ppid_info,
+ .rt_detect_process = rt_isula_detect_process,
};
#ifdef ENABLE_SHIM_V2
@@ -89,6 +93,8 @@ static const struct rt_ops g_shim_rt_ops = {
.rt_exec_resize = rt_shim_exec_resize,
.rt_kill = rt_shim_kill,
.rt_rebuild_config = rt_shim_rebuild_config,
+ .rt_read_pid_ppid_info = rt_shim_read_pid_ppid_info,
+ .rt_detect_process = rt_shim_detect_process,
};
#endif
@@ -534,6 +540,42 @@ out:
return ret;
}
+int runtime_read_pid_ppid_info(const char *name, const char *runtime, const rt_read_pid_ppid_info_params_t *params,
+ pid_ppid_info_t *pid_info)
+{
+ const struct rt_ops *ops = NULL;
+
+ if (name == NULL || runtime == NULL || params == NULL) {
+ ERROR("Invalid arguments for runtime exec resize");
+ return -1;
+ }
+
+ ops = rt_ops_query(runtime);
+ if (ops == NULL) {
+ ERROR("Failed to get runtime ops");
+ return -1;
+ }
+
+ return ops->rt_read_pid_ppid_info(name, runtime, params, pid_info);
+}
+
+int runtime_detect_process(const char *name, const char *runtime, const rt_detect_process_params_t *params)
+{
+ const struct rt_ops *ops = NULL;
+
+ if (name == NULL || runtime == NULL || params == NULL) {
+ ERROR("Invalid arguments for runtime process alive");
+ return -1;
+ }
+
+ ops = rt_ops_query(runtime);
+ if (ops == NULL) {
+ return -1;
+ }
+
+ return ops->rt_detect_process(name, runtime, params);
+}
+
bool is_default_runtime(const char *name)
{
const char *runtimes[] = { "lcr", "runc", "kata-runtime" };
diff --git a/src/daemon/modules/runtime/shim/shim_rt_ops.c b/src/daemon/modules/runtime/shim/shim_rt_ops.c
index 30b5e442..268d66d9 100644
--- a/src/daemon/modules/runtime/shim/shim_rt_ops.c
+++ b/src/daemon/modules/runtime/shim/shim_rt_ops.c
@@ -847,3 +847,25 @@ int rt_shim_rebuild_config(const char *name, const char *runtime, const rt_rebui
{
return 0;
}
+
+int rt_shim_read_pid_ppid_info(const char *name, const char *runtime, const rt_read_pid_ppid_info_params_t *params,
+ pid_ppid_info_t *pid_info)
+{
+ if (pid_info == NULL) {
+ ERROR("Invalid input params");
+ return -1;
+ }
+
+ pid_info->pid = params->pid;
+ return 0;
+}
+
+int rt_shim_detect_process(const char *name, const char *runtime, const rt_detect_process_params_t *params)
+{
+ if (shim_v2_kill(name, NULL, 0, false) != 0) {
+ ERROR("%s: detect process failed", name);
+ return -1;
+ }
+
+ return 0;
+}
diff --git a/src/daemon/modules/runtime/shim/shim_rt_ops.h b/src/daemon/modules/runtime/shim/shim_rt_ops.h
index 2df34f4c..a3968cf5 100644
--- a/src/daemon/modules/runtime/shim/shim_rt_ops.h
+++ b/src/daemon/modules/runtime/shim/shim_rt_ops.h
@@ -64,6 +64,9 @@ bool is_valid_v2_runtime(const char* name);
int rt_shim_rebuild_config(const char *name, const char *runtime, const rt_rebuild_config_params_t *params);
+int rt_shim_read_pid_ppid_info(const char *id, const char *runtime, const rt_read_pid_ppid_info_params_t *params,
+ pid_ppid_info_t *pid_info);
+int rt_shim_detect_process(const char *id, const char *runtime, const rt_detect_process_params_t *params);
#ifdef __cplusplus
}
#endif
diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
index 250e8299..dbf56776 100644
--- a/src/daemon/modules/service/service_container.c
+++ b/src/daemon/modules/service/service_container.c
@@ -1513,6 +1513,7 @@ out:
static int send_signal_to_process(pid_t pid, unsigned long long start_time, uint32_t stop_signal, uint32_t signal)
{
+ // for shim-v2, here is a ppid, which is always 0
if (util_process_alive(pid, start_time) == false) {
if (signal == stop_signal || signal == SIGKILL) {
WARN("Process %d is not alive", pid);
--
2.34.1

275
0185-sandbox-sandboxer-code-isolation.patch Normal file
View File

@ -0,0 +1,275 @@
From e36d01f2f3a91060b0fecd3ef4b2c0e09b1e5f23 Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Fri, 7 Feb 2025 11:43:21 +0800
Subject: [PATCH 185/198] sandbox:sandboxer code isolation
Signed-off-by: liuxu <liuxu156@huawei.com>
---
.../modules/service/service_container.c | 37 ++++++++-----------
src/daemon/sandbox/sandbox.cc | 10 ++++-
src/daemon/sandbox/sandbox.h | 6 ++-
src/daemon/sandbox/sandbox_ops.cc | 2 +
src/daemon/sandbox/sandbox_ops.h | 2 +
.../sandbox/{ => sandboxer}/sandbox_task.cc | 0
.../sandbox/{ => sandboxer}/sandbox_task.h | 0
7 files changed, 33 insertions(+), 24 deletions(-)
rename src/daemon/sandbox/{ => sandboxer}/sandbox_task.cc (100%)
rename src/daemon/sandbox/{ => sandboxer}/sandbox_task.h (100%)
diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
index 250e8299..18104781 100644
--- a/src/daemon/modules/service/service_container.c
+++ b/src/daemon/modules/service/service_container.c
@@ -780,6 +780,9 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo
oci_runtime_spec *oci_spec = NULL;
rt_create_params_t create_params = { 0 };
rt_start_params_t start_params = { 0 };
+#ifdef ENABLE_SANDBOXER
+ int prepare_container_ret = -1;
+#endif
nret = snprintf(bundle, sizeof(bundle), "%s/%s", cont->root_path, id);
if (nret < 0 || (size_t)nret >= sizeof(bundle)) {
@@ -904,7 +907,7 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo
}
#endif
-#ifdef ENABLE_CRI_API_V1
+#ifdef ENABLE_SANDBOXER
if (cont->common_config->sandbox_info != NULL &&
sandbox_prepare_container(cont->common_config,
oci_spec, console_fifos, tty) != 0) {
@@ -912,6 +915,7 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo
ret = -1;
goto close_exit_fd;
}
+ prepare_container_ret = 0;
#endif
create_params.bundle = bundle;
@@ -935,11 +939,7 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo
if (runtime_create(id, runtime, &create_params) != 0) {
ret = -1;
-#ifdef ENABLE_CRI_API_V1
- goto clean_prepare_container;
-#else
goto close_exit_fd;
-#endif
}
start_params.rootpath = cont->root_path;
@@ -962,32 +962,25 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo
if (do_post_start_on_success(cont, exit_fifo_fd, exit_fifo, pid_info) != 0) {
ERROR("Failed to do post start on runtime start success");
ret = -1;
-#ifdef ENABLE_CRI_API_V1
- goto clean_prepare_container;
-#else
goto close_exit_fd;
-#endif
}
} else {
// wait monitor cleanup cgroup and processes finished
wait_exit_fifo(id, exit_fifo_fd);
-#ifdef ENABLE_CRI_API_V1
- goto clean_prepare_container;
-#else
goto close_exit_fd;
-#endif
}
goto out;
-#ifdef ENABLE_CRI_API_V1
-clean_prepare_container:
- if (cont->common_config->sandbox_info != NULL &&
- sandbox_purge_container(cont->common_config) != 0) {
- ERROR("Failed to remove container %s from sandbox", id);
+close_exit_fd:
+#ifdef ENABLE_SANDBOXER
+ if (prepare_container_ret == 0) {
+ if (cont->common_config->sandbox_info != NULL &&
+ sandbox_purge_container(cont->common_config) != 0) {
+ ERROR("Failed to remove container %s from sandbox", id);
+ }
}
#endif
-close_exit_fd:
close(exit_fifo_fd);
clean_resources_on_failure(cont, engine_log_path, loglevel);
@@ -1689,7 +1682,7 @@ int stop_container(container_t *cont, int timeout, bool force, bool restart)
}
}
-#ifdef ENABLE_CRI_API_V1
+#ifdef ENABLE_SANDBOXER
if (cont->common_config->sandbox_info != NULL &&
sandbox_purge_container(cont->common_config) != 0) {
ERROR("Failed to remove container %s from sandbox", id);
@@ -2159,7 +2152,7 @@ static int do_exec_container(const container_t *cont, const char *runtime, char
goto out;
}
-#ifdef ENABLE_CRI_API_V1
+#ifdef ENABLE_SANDBOXER
if (cont->common_config->sandbox_info != NULL &&
sandbox_prepare_exec(cont->common_config, request->suffix,
process_spec, (const char **)console_fifos, request->tty) != 0) {
@@ -2283,7 +2276,7 @@ static void exec_container_end(container_exec_response *response, const containe
const char *exec_id, uint32_t cc,
int exit_code, int sync_fd, pthread_t thread_id)
{
-#ifdef ENABLE_CRI_API_V1
+#ifdef ENABLE_SANDBOXER
if (cont->common_config->sandbox_info != NULL &&
sandbox_purge_exec(cont->common_config, exec_id) != 0) {
ERROR("Failed to purge container for exec %s", exec_id);
diff --git a/src/daemon/sandbox/sandbox.cc b/src/daemon/sandbox/sandbox.cc
index d105d71a..d5681d48 100644
--- a/src/daemon/sandbox/sandbox.cc
+++ b/src/daemon/sandbox/sandbox.cc
@@ -494,7 +494,9 @@ auto Sandbox::Load(Errors &error) -> bool
}
LoadNetworkSetting();
+#ifdef ENABLE_SANDBOXER
LoadSandboxTasks();
+#endif
// When the sandbox status acquisition fails or wait fails, the sandbox status is set to not ready,
// and the user decides whether to delete the sandbox.
@@ -583,9 +585,11 @@ void Sandbox::CleanupSandboxDirs()
ERROR("Failed to delete sandbox's root directory %s", m_rootdir.c_str());
}
+#ifdef ENABLE_SANDBOXER
if (util_recursive_rmdir(m_statedir.c_str(), 0) != 0) {
- ERROR("Failed to delete sandbox's state directory %s", m_rootdir.c_str());
+ ERROR("Failed to delete sandbox's state directory %s", m_statedir.c_str());
}
+#endif
}
void Sandbox::PrepareSandboxDirs(Errors &error)
@@ -615,12 +619,14 @@ void Sandbox::PrepareSandboxDirs(Errors &error)
goto out;
}
+#ifdef ENABLE_SANDBOXER
nret = util_mkdir_p(m_statedir.c_str(), TEMP_DIRECTORY_MODE);
if (nret < 0) {
error.Errorf("Unable to create sandbox state directory %s.", m_statedir.c_str());
ERROR("Unable to create sandbox state directory %s.", m_statedir.c_str());
goto out;
}
+#endif
umask(mask);
return;
@@ -1119,6 +1125,7 @@ void Sandbox::FillSandboxMetadata(sandbox_metadata* metadata, Errors &error)
metadata->sandbox_config_json = util_strdup_s(jsonStr.c_str());
}
+#ifdef ENABLE_SANDBOXER
void Sandbox::LoadSandboxTasks()
{
}
@@ -1145,5 +1152,6 @@ auto Sandbox::PurgeExec(const char *containerId, const char *execId) -> int
{
return 0;
}
+#endif
}
\ No newline at end of file
diff --git a/src/daemon/sandbox/sandbox.h b/src/daemon/sandbox/sandbox.h
index 58d60ecb..3a7b0736 100644
--- a/src/daemon/sandbox/sandbox.h
+++ b/src/daemon/sandbox/sandbox.h
@@ -23,6 +23,9 @@
#include <isula_libutils/container_network_settings.h>
#include <isula_libutils/sandbox_state.h>
#include <isula_libutils/sandbox_metadata.h>
+#ifdef ENABLE_SANDBOXER
+#include <isula_libutils/oci_runtime_spec.h>
+#endif
#include "api_v1.grpc.pb.h"
#include "errors.h"
@@ -30,7 +33,6 @@
#include "controller_manager.h"
#include "cstruct_wrapper.h"
#include "read_write_lock.h"
-#include "sandbox_task.h"
namespace sandbox {
@@ -140,6 +142,7 @@ public:
auto Remove(Errors &error) -> bool;
void Status(runtime::v1::PodSandboxStatus &status);
+#ifdef ENABLE_SANDBOXER
// for sandbox api update
virtual void LoadSandboxTasks();
virtual auto PrepareContainer(const char *containerId, const char *baseFs,
@@ -149,6 +152,7 @@ public:
defs_process *processSpec, const char *consoleFifos[]) -> int;
virtual auto PurgeContainer(const char *containerId) -> int;
virtual auto PurgeExec(const char *containerId, const char *execId) -> int;
+#endif
private:
auto SaveState(Errors &error) -> bool;
diff --git a/src/daemon/sandbox/sandbox_ops.cc b/src/daemon/sandbox/sandbox_ops.cc
index ae881933..cf88c1bd 100644
--- a/src/daemon/sandbox/sandbox_ops.cc
+++ b/src/daemon/sandbox/sandbox_ops.cc
@@ -25,6 +25,7 @@
#include "namespace.h"
#include "utils.h"
+#ifdef ENABLE_SANDBOXER
static inline bool validate_sandbox_info(const container_sandbox_info *sandbox)
{
return (sandbox != NULL && sandbox->sandboxer != NULL &&
@@ -110,6 +111,7 @@ int sandbox_purge_exec(const container_config_v2_common_config *config, const ch
return sandbox->PurgeExec(config->id, exec_id);
}
+#endif /* ENABLE_SANDBOXER */
int sandbox_on_sandbox_exit(const char *sandbox_id, int exit_code)
{
diff --git a/src/daemon/sandbox/sandbox_ops.h b/src/daemon/sandbox/sandbox_ops.h
index 8189efd6..e1309313 100644
--- a/src/daemon/sandbox/sandbox_ops.h
+++ b/src/daemon/sandbox/sandbox_ops.h
@@ -24,6 +24,7 @@
extern "C" {
#endif
+#ifdef ENABLE_SANDBOXER
int sandbox_prepare_container(const container_config_v2_common_config *config,
const oci_runtime_spec *oci_spec,
const char *console_fifos[], bool tty);
@@ -35,6 +36,7 @@ int sandbox_prepare_exec(const container_config_v2_common_config *config,
int sandbox_purge_container(const container_config_v2_common_config *config);
int sandbox_purge_exec(const container_config_v2_common_config *config, const char *exec_id);
+#endif
int sandbox_on_sandbox_exit(const char *sandbox_id, int exit_code);
diff --git a/src/daemon/sandbox/sandbox_task.cc b/src/daemon/sandbox/sandboxer/sandbox_task.cc
similarity index 100%
rename from src/daemon/sandbox/sandbox_task.cc
rename to src/daemon/sandbox/sandboxer/sandbox_task.cc
diff --git a/src/daemon/sandbox/sandbox_task.h b/src/daemon/sandbox/sandboxer/sandbox_task.h
similarity index 100%
rename from src/daemon/sandbox/sandbox_task.h
rename to src/daemon/sandbox/sandboxer/sandbox_task.h
--
2.34.1

111
0186-UT-sandboxer-code-isolation.patch Normal file
View File

@ -0,0 +1,111 @@
From 80de8ca6b9bdd56d0e53d73a631fefb2e170b3c3 Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Fri, 7 Feb 2025 16:51:42 +0800
Subject: [PATCH 186/198] UT:sandboxer code isolation
Signed-off-by: liuxu <liuxu156@huawei.com>
---
test/mocks/sandbox_mock.cc | 2 ++
test/mocks/sandbox_mock.h | 2 ++
test/mocks/sandboxer_sandbox_mock.cc | 5 ++++-
test/mocks/sandboxer_sandbox_mock.h | 3 +++
test/sandbox/sandbox/CMakeLists.txt | 1 -
5 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/test/mocks/sandbox_mock.cc b/test/mocks/sandbox_mock.cc
index cce5a1b6..e14473bb 100644
--- a/test/mocks/sandbox_mock.cc
+++ b/test/mocks/sandbox_mock.cc
@@ -222,6 +222,7 @@ bool Sandbox::Remove(Errors &error)
return true;
}
+#ifdef ENABLE_SANDBOXER
void Sandbox::LoadSandboxTasks() {}
auto Sandbox::PrepareContainer(const char *containerId, const char *baseFs,
@@ -246,5 +247,6 @@ auto Sandbox::PurgeExec(const char *containerId, const char *execId) -> int
{
return 0;
}
+#endif
}
\ No newline at end of file
diff --git a/test/mocks/sandbox_mock.h b/test/mocks/sandbox_mock.h
index 4908bcd9..3c776f69 100644
--- a/test/mocks/sandbox_mock.h
+++ b/test/mocks/sandbox_mock.h
@@ -59,6 +59,7 @@ public:
MOCK_METHOD1(Remove, bool(Errors &error));
MOCK_METHOD1(Status, void(runtime::v1::PodSandboxStatus &status));
+#ifdef ENABLE_SANDBOXER
MOCK_METHOD0(LoadSandboxTasks, void());
MOCK_METHOD4(PrepareContainer, int(const char *containerId, const char *baseFs,
const oci_runtime_spec *ociSpec,
@@ -67,6 +68,7 @@ public:
defs_process *processSpec, const char *consoleFifos[]));
MOCK_METHOD1(PurgeContainer, int(const char *containerId));
MOCK_METHOD2(PurgeExec, int(const char *containerId, const char *execId));
+#endif
};
void MockSandbox_SetMock(MockSandbox *mock);
diff --git a/test/mocks/sandboxer_sandbox_mock.cc b/test/mocks/sandboxer_sandbox_mock.cc
index 6ebe2820..9366c738 100644
--- a/test/mocks/sandboxer_sandbox_mock.cc
+++ b/test/mocks/sandboxer_sandbox_mock.cc
@@ -13,6 +13,8 @@
* Description: provide sandbox mock
******************************************************************************/
+#ifdef ENABLE_SANDBOXER
+
#include <gmock/gmock.h>
#include "sandboxer_sandbox_mock.h"
@@ -68,4 +70,5 @@ auto SandboxerSandbox::PurgeExec(const char *containerId, const char *execId) ->
return 0;
}
-}
\ No newline at end of file
+}
+#endif
\ No newline at end of file
diff --git a/test/mocks/sandboxer_sandbox_mock.h b/test/mocks/sandboxer_sandbox_mock.h
index 020fe4d6..69bea078 100644
--- a/test/mocks/sandboxer_sandbox_mock.h
+++ b/test/mocks/sandboxer_sandbox_mock.h
@@ -16,6 +16,8 @@
#ifndef _ISULAD_TEST_MOCKS_SANDBOXER_SANDBOX_MOCK_H
#define _ISULAD_TEST_MOCKS_SANDBOXER_SANDBOX_MOCK_H
+#ifdef ENABLE_SANDBOXER
+
#include <gmock/gmock.h>
#include "sandbox_mock.h"
#include "sandboxer_sandbox.h"
@@ -40,5 +42,6 @@ public:
void MockSandboxerSandbox_SetMock(MockSandboxerSandbox *mock);
}
+#endif
#endif
diff --git a/test/sandbox/sandbox/CMakeLists.txt b/test/sandbox/sandbox/CMakeLists.txt
index d033c93f..358633dc 100644
--- a/test/sandbox/sandbox/CMakeLists.txt
+++ b/test/sandbox/sandbox/CMakeLists.txt
@@ -29,7 +29,6 @@ add_executable(${EXE}
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cpputils/transform.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cpputils/cxxutils.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/sandbox/sandbox.cc
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/sandbox/sandbox_task.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/sandbox/controller_manager.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/common/id_name_manager.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/config/isulad_config.c
--
2.34.1

517
0187-remove-uncalled-functions-in-cri-v1.patch Normal file
View File

@ -0,0 +1,517 @@
From a883b34db2ca8d17261b0a2dd154f12487ddebfa Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 10 Feb 2025 09:37:26 +0800
Subject: [PATCH 187/198] remove uncalled functions in cri v1
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/common/cri/v1/v1_cri_helpers.cc | 67 -------------------
src/daemon/common/cri/v1/v1_cri_helpers.h | 8 ---
src/daemon/common/cri/v1/v1_naming.cc | 30 ---------
src/daemon/common/cri/v1/v1_naming.h | 3 -
.../v1/v1_cri_container_manager_service.cc | 27 --------
.../cri/v1/v1_cri_container_manager_service.h | 1 -
.../v1/v1_cri_pod_sandbox_manager_service.cc | 63 -----------------
.../v1/v1_cri_pod_sandbox_manager_service.h | 7 --
.../entry/cri/v1alpha/v1alpha_cri_helpers.cc | 21 ------
.../entry/cri/v1alpha/v1alpha_cri_helpers.h | 3 -
src/daemon/sandbox/controller_manager.cc | 5 --
src/daemon/sandbox/controller_manager.h | 1 -
src/daemon/sandbox/sandbox.cc | 5 --
src/daemon/sandbox/sandbox.h | 1 -
src/daemon/sandbox/sandbox_manager.cc | 6 --
src/daemon/sandbox/sandbox_manager.h | 1 -
16 files changed, 249 deletions(-)
diff --git a/src/daemon/common/cri/v1/v1_cri_helpers.cc b/src/daemon/common/cri/v1/v1_cri_helpers.cc
index dfe14ade..d71e3681 100644
--- a/src/daemon/common/cri/v1/v1_cri_helpers.cc
+++ b/src/daemon/common/cri/v1/v1_cri_helpers.cc
@@ -57,27 +57,6 @@ auto ContainerStatusToRuntime(Container_Status status) -> runtime::v1::Container
}
}
-auto CheckpointToSandbox(const std::string &id, const CRI::PodSandboxCheckpoint &checkpoint)
--> std::unique_ptr<runtime::v1::PodSandbox>
-{
- std::unique_ptr<runtime::v1::PodSandbox> result(new (std::nothrow) runtime::v1::PodSandbox);
- if (result == nullptr) {
- return nullptr;
- }
- runtime::v1::PodSandboxMetadata *metadata = new (std::nothrow) runtime::v1::PodSandboxMetadata;
- if (metadata == nullptr) {
- return nullptr;
- }
-
- metadata->set_name(checkpoint.GetName());
- metadata->set_namespace_(checkpoint.GetNamespace());
- result->set_allocated_metadata(metadata);
- result->set_id(id);
- result->set_state(runtime::v1::SANDBOX_NOTREADY);
-
- return result;
-}
-
void UpdateCreateConfig(container_config *createConfig, host_config *hc,
const runtime::v1::ContainerConfig &config, const std::string &podSandboxID,
Errors &error)
@@ -199,24 +178,6 @@ auto GenerateEnvList(const ::google::protobuf::RepeatedPtrField<::runtime::v1::K
return vect;
}
-auto ValidateCheckpointKey(const std::string &key, Errors &error) -> bool
-{
- const std::string PATTERN { "^([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]$" };
-
- if (key.empty()) {
- goto err_out;
- }
-
- if (key.size() <= CRIHelpers::Constants::MAX_CHECKPOINT_KEY_LEN &&
- util_reg_match(PATTERN.c_str(), key.c_str()) == 0) {
- return true;
- }
-
-err_out:
- error.Errorf("invalid key: %s", key.c_str());
- return false;
-}
-
auto ToIsuladContainerStatus(const runtime::v1::ContainerStateValue &state) -> std::string
{
if (state.state() == runtime::v1::CONTAINER_CREATED) {
@@ -362,34 +323,6 @@ void AddSecurityOptsToHostConfig(std::vector<std::string> &securityOpts, host_co
}
}
-void GetContainerSandboxID(const std::string &containerID, std::string &realContainerID, std::string &sandboxID,
- Errors &error)
-{
- std::string PodID;
- container_inspect *info = CRIHelpers::InspectContainer(containerID, error, false);
- if (error.NotEmpty()) {
- error.Errorf("Failed to inspect container %s: %s", containerID.c_str(), error.GetCMessage());
- return;
- }
-
- // TODO: Refactor after adding the ability to use sandbox manager for sandboxid query
- if (info->config != nullptr && info->config->labels != nullptr) {
- for (size_t j = 0; j < info->config->labels->len; j++) {
- if (strcmp(info->config->labels->keys[j], CRIHelpers::Constants::SANDBOX_ID_LABEL_KEY.c_str()) == 0
- && strcmp(info->config->labels->values[j], "") != 0) {
- PodID = info->config->labels->values[j];
- break;
- }
- }
- }
-
- if (PodID.empty()) {
- error.Errorf("Failed to get sandbox id for container %s", containerID.c_str());
- } else {
- sandboxID = PodID;
- }
- realContainerID = info->id;
-}
#ifdef ENABLE_SANDBOXER
std::string CRISandboxerConvert(const std::string &runtime)
diff --git a/src/daemon/common/cri/v1/v1_cri_helpers.h b/src/daemon/common/cri/v1/v1_cri_helpers.h
index 22cffd0d..6a848581 100644
--- a/src/daemon/common/cri/v1/v1_cri_helpers.h
+++ b/src/daemon/common/cri/v1/v1_cri_helpers.h
@@ -42,9 +42,6 @@ struct commonSecurityContext {
auto ContainerStatusToRuntime(Container_Status status) -> runtime::v1::ContainerState;
-auto CheckpointToSandbox(const std::string &id, const CRI::PodSandboxCheckpoint &checkpoint)
--> std::unique_ptr<runtime::v1::PodSandbox>;
-
void UpdateCreateConfig(container_config *createConfig, host_config *hc,
const runtime::v1::ContainerConfig &config, const std::string &podSandboxID,
Errors &error);
@@ -55,8 +52,6 @@ void GenerateMountBindings(const google::protobuf::RepeatedPtrField<runtime::v1:
auto GenerateEnvList(const ::google::protobuf::RepeatedPtrField<::runtime::v1::KeyValue> &envs)
-> std::vector<std::string>;
-auto ValidateCheckpointKey(const std::string &key, Errors &error) -> bool;
-
auto ToIsuladContainerStatus(const runtime::v1::ContainerStateValue &state) -> std::string;
auto GetSeccompSecurityOpts(const bool hasSeccomp, const ::runtime::v1::SecurityProfile &seccomp,
@@ -72,9 +67,6 @@ auto GetSecurityOpts(const commonSecurityContext &context, const char &separator
void AddSecurityOptsToHostConfig(std::vector<std::string> &securityOpts, host_config *hostconfig, Errors &error);
-void GetContainerSandboxID(const std::string &containerID, std::string &realContainerID, std::string &sandboxID,
- Errors &error);
-
std::string CRISandboxerConvert(const std::string &runtime);
void ApplySandboxSecurityContextToHostConfig(const runtime::v1::LinuxSandboxSecurityContext &context, host_config *hc,
diff --git a/src/daemon/common/cri/v1/v1_naming.cc b/src/daemon/common/cri/v1/v1_naming.cc
index 1a1ebb0d..2a5b972c 100644
--- a/src/daemon/common/cri/v1/v1_naming.cc
+++ b/src/daemon/common/cri/v1/v1_naming.cc
@@ -44,36 +44,6 @@ std::string MakeSandboxName(const runtime::v1::PodSandboxMetadata &metadata)
return sname;
}
-void ParseSandboxName(const google::protobuf::Map<std::string, std::string> &annotations,
- runtime::v1::PodSandboxMetadata &metadata, Errors &err)
-{
- if (annotations.count(CRIHelpers::Constants::SANDBOX_NAME_ANNOTATION_KEY) == 0) {
- err.Errorf("annotation don't contains the sandbox name, failed to parse it");
- return;
- }
-
- if (annotations.count(CRIHelpers::Constants::SANDBOX_NAMESPACE_ANNOTATION_KEY) == 0) {
- err.Errorf("annotation don't contains the sandbox namespace, failed to parse it");
- return;
- }
-
- if (annotations.count(CRIHelpers::Constants::SANDBOX_UID_ANNOTATION_KEY) == 0) {
- err.Errorf("annotation don't contains the sandbox uid, failed to parse it");
- return;
- }
-
- if (annotations.count(CRIHelpers::Constants::SANDBOX_ATTEMPT_ANNOTATION_KEY) == 0) {
- err.Errorf("annotation don't contains the sandbox attempt, failed to parse it");
- return;
- }
-
- metadata.set_name(annotations.at(CRIHelpers::Constants::SANDBOX_NAME_ANNOTATION_KEY));
- metadata.set_namespace_(annotations.at(CRIHelpers::Constants::SANDBOX_NAMESPACE_ANNOTATION_KEY));
- metadata.set_uid(annotations.at(CRIHelpers::Constants::SANDBOX_UID_ANNOTATION_KEY));
- auto sandboxAttempt = annotations.at(CRIHelpers::Constants::SANDBOX_ATTEMPT_ANNOTATION_KEY);
- metadata.set_attempt(static_cast<google::protobuf::uint32>(std::stoul(sandboxAttempt)));
-}
-
std::string MakeContainerName(const runtime::v1::PodSandboxConfig &s, const runtime::v1::ContainerConfig &c)
{
std::string sname;
diff --git a/src/daemon/common/cri/v1/v1_naming.h b/src/daemon/common/cri/v1/v1_naming.h
index d0862077..364f17c9 100644
--- a/src/daemon/common/cri/v1/v1_naming.h
+++ b/src/daemon/common/cri/v1/v1_naming.h
@@ -26,9 +26,6 @@ std::string MakeSandboxName(const runtime::v1::PodSandboxMetadata &metadata);
std::string MakeContainerName(const runtime::v1::PodSandboxConfig &s,
const runtime::v1::ContainerConfig &c);
-void ParseSandboxName(const google::protobuf::Map<std::string, std::string> &annotations,
- runtime::v1::PodSandboxMetadata &metadata, Errors &err);
-
void ParseContainerName(const google::protobuf::Map<std::string, std::string> &annotations,
runtime::v1::ContainerMetadata *metadata, Errors &err);
} // namespace CRINamingV1
diff --git a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
index 1e84d14c..e8dcd699 100644
--- a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
+++ b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
@@ -33,33 +33,6 @@
#endif
namespace CRIV1 {
-auto ContainerManagerService::GetContainerOrSandboxRuntime(const std::string &realID, Errors &error) -> std::string
-{
- std::string runtime;
- if (m_cb == nullptr || m_cb->container.get_runtime == nullptr) {
- error.SetError("Unimplemented callback");
- return runtime;
- }
- container_get_runtime_response *response { nullptr };
-
- if (m_cb->container.get_runtime(realID.c_str(), &response) != 0) {
- if (response != nullptr && response->errmsg != nullptr) {
- error.SetError(response->errmsg);
- } else {
- error.SetError("Failed to call get id callback");
- }
- goto cleanup;
- }
-
- if (response->runtime != nullptr) {
- runtime = response->runtime;
- }
-
-cleanup:
- free_container_get_runtime_response(response);
- return runtime;
-}
-
auto ContainerManagerService::PackCreateContainerHostConfigDevices(
const runtime::v1::ContainerConfig &containerConfig, host_config *hostconfig, Errors &error) -> int
{
diff --git a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.h b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.h
index 50f5ed69..1153b79c 100644
--- a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.h
+++ b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.h
@@ -73,7 +73,6 @@ public:
void Attach(const runtime::v1::AttachRequest &req, runtime::v1::AttachResponse *resp, Errors &error);
private:
- auto GetContainerOrSandboxRuntime(const std::string &realID, Errors &error) -> std::string;
auto GenerateCreateContainerRequest(sandbox::Sandbox &sandbox,
const runtime::v1::ContainerConfig &containerConfig,
const runtime::v1::PodSandboxConfig &podSandboxConfig,
diff --git a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
index a5f98619..43705853 100644
--- a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
+++ b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
@@ -491,17 +491,6 @@ void PodSandboxManagerService::ClearCniNetwork(const std::shared_ptr<sandbox::Sa
}
}
-auto PodSandboxManagerService::GetSandboxKey(const container_inspect *inspect_data) -> std::string
-{
- if (inspect_data == nullptr || inspect_data->network_settings == nullptr ||
- inspect_data->network_settings->sandbox_key == nullptr) {
- ERROR("Inspect data does not have network settings");
- return std::string("");
- }
-
- return std::string(inspect_data->network_settings->sandbox_key);
-}
-
auto PodSandboxManagerService::GetContainerListResponse(const std::string &readSandboxID,
std::vector<std::string> &errors) -> std::unique_ptr<CStructWrapper<container_list_response>>
{
@@ -589,21 +578,6 @@ auto PodSandboxManagerService::StopAllContainersInSandbox(const std::string &rea
return ret;
}
-auto PodSandboxManagerService::GetNetworkReady(const std::string &podSandboxID, Errors &error) -> bool
-{
- std::lock_guard<std::mutex> lockGuard(m_networkReadyLock);
-
- bool ready { false };
- auto iter = m_networkReady.find(podSandboxID);
- if (iter != m_networkReady.end()) {
- ready = iter->second;
- } else {
- error.Errorf("Do not find network: %s", podSandboxID.c_str());
- }
-
- return ready;
-}
-
void PodSandboxManagerService::StopPodSandbox(const std::string &podSandboxID, Errors &error)
{
if (m_cb == nullptr || m_cb->container.stop == nullptr) {
@@ -674,16 +648,6 @@ void PodSandboxManagerService::RemoveAllContainersInSandbox(const std::string &r
}
}
-void PodSandboxManagerService::ClearNetworkReady(const std::string &podSandboxID)
-{
- std::lock_guard<std::mutex> lockGuard(m_networkReadyLock);
-
- auto iter = m_networkReady.find(podSandboxID);
- if (iter != m_networkReady.end()) {
- m_networkReady.erase(iter);
- }
-}
-
void PodSandboxManagerService::RemovePodSandbox(const std::string &podSandboxID, Errors &error)
{
std::vector<std::string> errors;
@@ -766,33 +730,6 @@ void PodSandboxManagerService::RemovePodSandbox(const std::string &podSandboxID,
#endif
}
-auto PodSandboxManagerService::SharesHostNetwork(const container_inspect *inspect) -> runtime::v1::NamespaceMode
-{
- if (inspect != nullptr && inspect->host_config != nullptr && (inspect->host_config->network_mode != nullptr) &&
- std::string(inspect->host_config->network_mode) == CRI::Constants::namespaceModeHost) {
- return runtime::v1::NamespaceMode::NODE;
- }
- return runtime::v1::NamespaceMode::POD;
-}
-
-auto PodSandboxManagerService::SharesHostPid(const container_inspect *inspect) -> runtime::v1::NamespaceMode
-{
- if (inspect != nullptr && inspect->host_config != nullptr && (inspect->host_config->pid_mode != nullptr) &&
- std::string(inspect->host_config->pid_mode) == CRI::Constants::namespaceModeHost) {
- return runtime::v1::NamespaceMode::NODE;
- }
- return runtime::v1::NamespaceMode::CONTAINER;
-}
-
-auto PodSandboxManagerService::SharesHostIpc(const container_inspect *inspect) -> runtime::v1::NamespaceMode
-{
- if (inspect != nullptr && inspect->host_config != nullptr && (inspect->host_config->ipc_mode != nullptr) &&
- std::string(inspect->host_config->ipc_mode) == CRI::Constants::namespaceModeHost) {
- return runtime::v1::NamespaceMode::NODE;
- }
- return runtime::v1::NamespaceMode::POD;
-}
-
void PodSandboxManagerService::GetIPs(std::shared_ptr<sandbox::Sandbox> sandbox, std::vector<std::string> &ips)
{
const auto id = sandbox->GetId();
diff --git a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.h b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.h
index d5c0cf91..b02216c0 100644
--- a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.h
+++ b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.h
@@ -93,12 +93,7 @@ private:
auto GetContainerListResponse(const std::string &readSandboxID,
std::vector<std::string> &errors) -> std::unique_ptr<CStructWrapper<container_list_response>>;
auto StopAllContainersInSandbox(const std::string &readSandboxID, Errors &error) -> int;
- auto GetNetworkReady(const std::string &podSandboxID, Errors &error) -> bool;
void RemoveAllContainersInSandbox(const std::string &readSandboxID, std::vector<std::string> &errors);
- void ClearNetworkReady(const std::string &podSandboxID);
- auto SharesHostNetwork(const container_inspect *inspect) -> runtime::v1::NamespaceMode;
- auto SharesHostPid(const container_inspect *inspect) -> runtime::v1::NamespaceMode;
- auto SharesHostIpc(const container_inspect *inspect) -> runtime::v1::NamespaceMode;
void SetSandboxStatusNetwork(std::shared_ptr<sandbox::Sandbox> sandbox,
std::unique_ptr<runtime::v1::PodSandboxStatus> &podStatus);
void GetIPs(std::shared_ptr<sandbox::Sandbox> sandbox, std::vector<std::string> &ips);
@@ -108,7 +103,6 @@ private:
auto GetAvailableBytes(const uint64_t &memoryLimit, const uint64_t &workingSetBytes) -> uint64_t;
void GetPodSandboxCgroupMetrics(const std::string &cgroupParent, cgroup_metrics_t &cgroupMetrics,
Errors &error);
- auto GetSandboxKey(const container_inspect *inspect_data) -> std::string;
void GetPodSandboxNetworkMetrics(const std::string &netnsPath,
std::map<std::string, std::string> &annotations,
std::vector<Network::NetworkInterfaceStats> &netMetrics, Errors &error);
@@ -138,7 +132,6 @@ private:
private:
std::string m_podSandboxImage;
std::mutex m_networkReadyLock;
- std::map<std::string, bool> m_networkReady;
service_executor_t *m_cb { nullptr };
std::shared_ptr<Network::PluginManager> m_pluginManager { nullptr };
bool m_enablePodEvents;
diff --git a/src/daemon/entry/cri/v1alpha/v1alpha_cri_helpers.cc b/src/daemon/entry/cri/v1alpha/v1alpha_cri_helpers.cc
index 0afea06a..3974add5 100644
--- a/src/daemon/entry/cri/v1alpha/v1alpha_cri_helpers.cc
+++ b/src/daemon/entry/cri/v1alpha/v1alpha_cri_helpers.cc
@@ -53,27 +53,6 @@ auto ContainerStatusToRuntime(Container_Status status) -> runtime::v1alpha2::Con
}
}
-auto CheckpointToSandbox(const std::string &id, const CRI::PodSandboxCheckpoint &checkpoint)
--> std::unique_ptr<runtime::v1alpha2::PodSandbox>
-{
- std::unique_ptr<runtime::v1alpha2::PodSandbox> result(new (std::nothrow) runtime::v1alpha2::PodSandbox);
- if (result == nullptr) {
- return nullptr;
- }
- runtime::v1alpha2::PodSandboxMetadata *metadata = new (std::nothrow) runtime::v1alpha2::PodSandboxMetadata;
- if (metadata == nullptr) {
- return nullptr;
- }
-
- metadata->set_name(checkpoint.GetName());
- metadata->set_namespace_(checkpoint.GetNamespace());
- result->set_allocated_metadata(metadata);
- result->set_id(id);
- result->set_state(runtime::v1alpha2::SANDBOX_NOTREADY);
-
- return result;
-}
-
void UpdateCreateConfig(container_config *createConfig, host_config *hc,
const runtime::v1alpha2::ContainerConfig &config, const std::string &podSandboxID,
Errors &error)
diff --git a/src/daemon/entry/cri/v1alpha/v1alpha_cri_helpers.h b/src/daemon/entry/cri/v1alpha/v1alpha_cri_helpers.h
index 6bca8169..f3331421 100644
--- a/src/daemon/entry/cri/v1alpha/v1alpha_cri_helpers.h
+++ b/src/daemon/entry/cri/v1alpha/v1alpha_cri_helpers.h
@@ -40,9 +40,6 @@ struct commonSecurityContext {
auto ContainerStatusToRuntime(Container_Status status) -> runtime::v1alpha2::ContainerState;
-auto CheckpointToSandbox(const std::string &id, const CRI::PodSandboxCheckpoint &checkpoint)
--> std::unique_ptr<runtime::v1alpha2::PodSandbox>;
-
void UpdateCreateConfig(container_config *createConfig, host_config *hc,
const runtime::v1alpha2::ContainerConfig &config, const std::string &podSandboxID,
Errors &error);
diff --git a/src/daemon/sandbox/controller_manager.cc b/src/daemon/sandbox/controller_manager.cc
index 947f2d19..ae01fefe 100644
--- a/src/daemon/sandbox/controller_manager.cc
+++ b/src/daemon/sandbox/controller_manager.cc
@@ -55,11 +55,6 @@ bool ControllerManager::Init(Errors &error)
return true;
}
-bool ControllerManager::Cleanup(Errors &error)
-{
- return true;
-}
-
auto ControllerManager::RegisterShimController(Errors &error) -> bool
{
if (m_controllers.find(SHIM_CONTROLLER_NAME) != m_controllers.end()) {
diff --git a/src/daemon/sandbox/controller_manager.h b/src/daemon/sandbox/controller_manager.h
index 3fd547cf..c8febffb 100644
--- a/src/daemon/sandbox/controller_manager.h
+++ b/src/daemon/sandbox/controller_manager.h
@@ -27,7 +27,6 @@ public:
static auto GetInstance() -> ControllerManager*;
auto Init(Errors &error) -> bool;
- auto Cleanup(Errors &error) -> bool;
auto GetController(const std::string &name) -> std::shared_ptr<Controller>;
private:
auto RegisterShimController(Errors &error) -> bool;
diff --git a/src/daemon/sandbox/sandbox.cc b/src/daemon/sandbox/sandbox.cc
index d105d71a..0ddbb9ce 100644
--- a/src/daemon/sandbox/sandbox.cc
+++ b/src/daemon/sandbox/sandbox.cc
@@ -210,11 +210,6 @@ auto Sandbox::GetPid() -> uint32_t
return m_state.pid;
}
-auto Sandbox::GetImage() -> const std::string &
-{
- return m_image;
-}
-
void Sandbox::DoUpdateExitedStatus(const ControllerExitInfo &exitInfo)
{
WriteGuard<RWMutex> lock(m_stateMutex);
diff --git a/src/daemon/sandbox/sandbox.h b/src/daemon/sandbox/sandbox.h
index 58d60ecb..aa9071ac 100644
--- a/src/daemon/sandbox/sandbox.h
+++ b/src/daemon/sandbox/sandbox.h
@@ -106,7 +106,6 @@ public:
auto GetCreatedAt() -> uint64_t;
auto GetPid() -> uint32_t;
auto GetTaskAddress() const -> const std::string &;
- auto GetImage() -> const std::string &;
void SetNetMode(const std::string &mode);
void SetController(std::shared_ptr<Controller> controller);
void AddAnnotations(const std::string &key, const std::string &value);
diff --git a/src/daemon/sandbox/sandbox_manager.cc b/src/daemon/sandbox/sandbox_manager.cc
index a7908a60..d884902d 100644
--- a/src/daemon/sandbox/sandbox_manager.cc
+++ b/src/daemon/sandbox/sandbox_manager.cc
@@ -405,12 +405,6 @@ auto SandboxManager::NameIndexGet(const std::string &name) -> std::string
return std::string();
}
-auto SandboxManager::NameIndexGetAll(void) -> std::map<std::string, std::string>
-{
- ReadGuard<RWMutex> lock(m_indexRWMutex);
- return m_nameIndexMap;
-}
-
auto SandboxManager::GetSandboxRootpath() -> std::string
{
__isula_auto_free char *root_path = NULL;
diff --git a/src/daemon/sandbox/sandbox_manager.h b/src/daemon/sandbox/sandbox_manager.h
index b6007ad8..a5fb702f 100644
--- a/src/daemon/sandbox/sandbox_manager.h
+++ b/src/daemon/sandbox/sandbox_manager.h
@@ -62,7 +62,6 @@ private:
void NameIndexAdd(const std::string &name, const std::string &id);
void NameIndexRemove(const std::string &name);
auto NameIndexGet(const std::string &name) -> std::string;
- auto NameIndexGetAll(void) -> std::map<std::string, std::string>;
auto IDNameManagerRemoveEntry(const std::string &id, const std::string &name) -> bool;
auto IDNameManagerNewEntry(std::string &id, const std::string &name) -> bool;
--
2.34.1

71
0188-sandbox-fix-memory-leak-in-fill-sandbox-metadate.patch Normal file
View File

@ -0,0 +1,71 @@
From 012553d4c53bd8d1c73d22c18fd24bf441041d54 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sat, 8 Feb 2025 11:34:59 +0800
Subject: [PATCH 188/198] [sandbox] fix memory leak in fill sandbox metadate
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/sandbox/sandbox.cc | 26 +++++++++++++++++++++-----
1 file changed, 21 insertions(+), 5 deletions(-)
diff --git a/src/daemon/sandbox/sandbox.cc b/src/daemon/sandbox/sandbox.cc
index 12693445..e2f42237 100644
--- a/src/daemon/sandbox/sandbox.cc
+++ b/src/daemon/sandbox/sandbox.cc
@@ -890,20 +890,24 @@ auto Sandbox::GenerateSandboxMetadataJson(sandbox_metadata *metadata) -> std::st
auto Sandbox::SaveMetadata(Errors &error) -> bool
{
- sandbox_metadata_runtime_info info = { 0 };
- sandbox_metadata metadata = { 0 };
int nret = -1;
const std::string path = GetMetadataJsonPath();
std::string metadataJson;
- metadata.runtime_info = &info;
+ sandbox_metadata *metadata = static_cast<sandbox_metadata *>(util_common_calloc_s(sizeof(sandbox_metadata)));
+ if (metadata == nullptr) {
+ error.SetError("Out of memory");
+ return false;
+ }
+
+ auto metadataWarpper = std::unique_ptr<CStructWrapper<sandbox_metadata>>(new CStructWrapper<sandbox_metadata>(metadata, free_sandbox_metadata));
- FillSandboxMetadata(&metadata, error);
+ FillSandboxMetadata(metadata, error);
if (!error.Empty()) {
return false;
}
- metadataJson = GenerateSandboxMetadataJson(&metadata);
+ metadataJson = GenerateSandboxMetadataJson(metadata);
if (metadataJson.length() == 0) {
error.Errorf("Failed to get sandbox metadata json for sandbox: '%s'", m_id.c_str());
return false;
@@ -1102,11 +1106,23 @@ auto Sandbox::GetNetworkSettingsPath() -> std::string
void Sandbox::FillSandboxMetadata(sandbox_metadata* metadata, Errors &error)
{
std::string jsonStr;
+ sandbox_metadata_runtime_info *info = nullptr;
+
metadata->id = util_strdup_s(m_id.c_str());
metadata->name = util_strdup_s(m_name.c_str());
+
+ info = static_cast<sandbox_metadata_runtime_info *>(util_common_calloc_s(sizeof(sandbox_metadata_runtime_info)));
+ if (info == NULL) {
+ error.SetError("Out of memory");
+ ERROR("Out of memory");
+ return;
+ }
+
+ metadata->runtime_info = info;
metadata->runtime_info->runtime = util_strdup_s(m_runtimeInfo.runtime.c_str());
metadata->runtime_info->sandboxer = util_strdup_s(m_runtimeInfo.sandboxer.c_str());
metadata->runtime_info->runtime_handler = util_strdup_s(m_runtimeInfo.runtimeHandler.c_str());
+
metadata->net_mode = util_strdup_s(m_netMode.c_str());
metadata->network_ready = m_networkReady;
metadata->task_address = util_strdup_s(m_taskAddress.c_str());
--
2.34.1

44
0189-add-sandbox-pid-init-and-verify-sandbox-ready-when-c.patch Normal file
View File

@ -0,0 +1,44 @@
From 317b853a0d70bab56d2c0f814e6d1c4203a48c5f Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Thu, 16 Jan 2025 01:16:42 +1400
Subject: [PATCH 189/198] add sandbox pid init and verify sandbox ready when
create container
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc | 6 ++++++
src/daemon/sandbox/sandbox.cc | 1 +
2 files changed, 7 insertions(+)
diff --git a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
index e8dcd699..abf60c0c 100644
--- a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
+++ b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
@@ -483,6 +483,12 @@ std::string ContainerManagerService::CreateContainer(const std::string &podSandb
return response_id;
}
+ // verify whether the sandbox is ready
+ if (!sandbox->IsReady()) {
+ error.Errorf("Failed to generate sandbox_info because the sandbox %s is not ready", sandbox->GetId().c_str());
+ return nullptr;
+ }
+
#ifdef ENABLE_NRI
Errors nriErr;
nri_container_adjustment *adjust = NULL;
diff --git a/src/daemon/sandbox/sandbox.cc b/src/daemon/sandbox/sandbox.cc
index e2f42237..b97c0bc6 100644
--- a/src/daemon/sandbox/sandbox.cc
+++ b/src/daemon/sandbox/sandbox.cc
@@ -100,6 +100,7 @@ Sandbox::Sandbox(const std::string id, const std::string &rootdir, const std::st
const uint64_t defaultCreatedAt { 1 };
m_state.createdAt = defaultCreatedAt;
m_image = image;
+ m_state.pid = -1;
}
auto Sandbox::IsReady() -> bool
--
2.34.1

399
0190-modified-the-procedure-of-start-pod-and-set-up-netwo.patch Normal file
View File

@ -0,0 +1,399 @@
From 1d42d850b71e3a0e269f268411999c265a1a8f5b Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 10 Feb 2025 10:44:01 +0800
Subject: [PATCH 190/198] modified the procedure of start pod and set up
network in cri v1
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
.../v1/v1_cri_pod_sandbox_manager_service.cc | 276 +++++++++++++-----
.../v1/v1_cri_pod_sandbox_manager_service.h | 3 +
2 files changed, 206 insertions(+), 73 deletions(-)
diff --git a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
index 43705853..62464acd 100644
--- a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
+++ b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
@@ -19,6 +19,7 @@
#include <isula_libutils/host_config.h>
#include <isula_libutils/container_config.h>
#include <isula_libutils/auto_cleanup.h>
+#include <isula_libutils/container_network_settings.h>
#include <algorithm>
#include "checkpoint_handler.h"
@@ -273,12 +274,6 @@ void PodSandboxManagerService::SetupSandboxNetwork(const std::shared_ptr<sandbox
std::map<std::string, std::string> networkOptions;
networkOptions["UID"] = config.metadata().uid();
- if (prepare_network_namespace(sandboxKey.c_str(), false, 0) != 0) {
- error.Errorf("Failed to prepare network namespace: %s", sandboxKey.c_str());
- ERROR("Failed to prepare network namespace: %s", sandboxKey.c_str());
- return;
- }
-
// Setup networking for the sandbox.
m_pluginManager->SetUpPod(config.metadata().namespace_(), config.metadata().name(),
Network::DEFAULT_NETWORK_INTERFACE_NAME, sandbox->GetId(), stdAnnos, networkOptions,
@@ -295,85 +290,137 @@ void PodSandboxManagerService::SetupSandboxNetwork(const std::shared_ptr<sandbox
DEBUG("set %s ready", sandbox->GetId().c_str());
}
-auto PodSandboxManagerService::RunPodSandbox(const runtime::v1::PodSandboxConfig &config,
- const std::string &runtimeHandler, Errors &error) -> std::string
+void PodSandboxManagerService::GenerateNetworkSetting(std::string &sandboxKey, std::string &network_setting_json, Errors &error)
+{
+ container_network_settings *settings = NULL;
+ __isula_auto_free char *jerr = NULL;
+ __isula_auto_free char *setting_json { nullptr };
+
+ settings = (container_network_settings *)util_common_calloc_s(sizeof(container_network_settings));
+ if (settings == NULL) {
+ ERROR("Out of memory");
+ error.Errorf("Out of memory");
+ return;
+ }
+
+ auto settingsWarpper = std::unique_ptr<CStructWrapper<container_network_settings>>(new CStructWrapper<container_network_settings>(settings, free_container_network_settings));
+
+ settings->sandbox_key = util_strdup_s(sandboxKey.c_str());
+ if (settings->sandbox_key == NULL) {
+ ERROR("Failed to set sandbox key for network setting");
+ error.Errorf("Failed to set sandbox key for network setting");
+ return;
+ }
+
+ setting_json = container_network_settings_generate_json(settings, nullptr, &jerr);
+ if (setting_json == nullptr) {
+ error.Errorf("Get network settings json err:%s", jerr);
+ }
+
+ network_setting_json = std::string(setting_json);
+}
+
+void PodSandboxManagerService::StartPodSandboxAndSetupNetowrk(std::shared_ptr<sandbox::Sandbox> sandbox, std::string &sandboxKey, std::string &sandboxName, std::string &networkMode, Errors &error)
{
- std::string response_id;
- std::string sandboxName;
- sandbox::RuntimeInfo runtimeInfo;
- std::string networkMode;
- std::string sandboxKey;
- std::string jsonCheckpoint;
- std::string network_setting_json;
- runtime::v1::PodSandboxConfig copyConfig = config;
cri_container_message_t msg = { 0 };
-#ifdef ENABLE_NRI
- Errors nriErr;
-#endif
+ std::string network_setting_json;
- // Step 1: Parepare sandbox name, runtime and networkMode
- PrepareSandboxData(config, runtimeHandler, sandboxName, runtimeInfo, networkMode, error);
+ // Step 7.2.1: Call sandbox create.
+ sandbox->Create(error);
if (error.NotEmpty()) {
- return response_id;
+ ERROR("Failed to create sandbox: %s", sandboxName.c_str());
+ return;
}
- // Step 2: Pull the image for the sandbox.
- // Maybe we should pull image in shim controller ?
- // But pull image interface is only in CRI image service, and it can't be called in shim controller,
- // so we pull image in CRI pod service.
- const std::string &image = m_podSandboxImage;
- if (!EnsureSandboxImageExists(image, runtimeInfo.sandboxer, error)) {
- ERROR("Failed to pull sandbox image %s: %s", image.c_str(), error.NotEmpty() ? error.GetCMessage() : "");
- error.Errorf("Failed to pull sandbox image %s: %s", image.c_str(), error.NotEmpty() ? error.GetCMessage() : "");
- return response_id;
+ msg.container_id = sandbox->GetId().c_str();
+ msg.sandbox_id = sandbox->GetId().c_str();
+ msg.type = CRI_CONTAINER_MESSAGE_TYPE_CREATED;
+ mailbox_publish(MAILBOX_TOPIC_CRI_CONTAINER, &msg);
+
+ // Step 7.2.2: Save network settings json to disk
+ // Update network settings before start sandbox since sandbox container will use the sandbox key
+ if (namespace_is_cni(networkMode.c_str())) {
+ GenerateNetworkSetting(sandboxKey, network_setting_json, error);
+ // If saving network settings failed, ignore error
+ if (error.NotEmpty()) {
+ ERROR("Failed to generate networksetting :%s", error.GetCMessage());
+ return;
+ }
+
+ sandbox->UpdateNetworkSettings(network_setting_json, error);
+ // If saving network settings failed, ignore error
+ if (error.NotEmpty()) {
+ ERROR("%s", error.GetCMessage());
+ return;
+ }
}
- // Step 3: Prepare sandbox checkpoint
- PrepareSandboxCheckpoint(config, jsonCheckpoint, error);
+ // Step 7.2.3: Call sandbox start.
+ sandbox->Start(error);
if (error.NotEmpty()) {
- return response_id;
+ ERROR("Failed to start sandbox: %s", sandboxName.c_str());
+ return;
}
- // Step 4: Update sandbox instance config
- UpdateSandboxConfig(copyConfig, jsonCheckpoint, error);
+ // Step 7.2.4:Setup networking for the sandbox.
+ SetupSandboxNetwork(sandbox, network_setting_json, error);
if (error.NotEmpty()) {
- return response_id;
+ goto stop_sandbox;
}
- // Step 5: Prepare sandboxKey
+ // Step 7.2.5:update Network settings after setup network to update ip info.
if (namespace_is_cni(networkMode.c_str())) {
- // cleanup sandboxKey file in DeleteSandbox
- PrepareSandboxKey(sandboxKey, error);
- if (error.NotEmpty()) {
- return response_id;
+ Errors tmpErr;
+ sandbox->UpdateNetworkSettings(network_setting_json, tmpErr);
+ // If saving network settings failed, ignore error
+ if (tmpErr.NotEmpty()) {
+ WARN("%s", tmpErr.GetCMessage());
}
}
- // Step 6: Create sandbox instance
- auto sandbox = sandbox::SandboxManager::GetInstance()->CreateSandbox(sandboxName, runtimeInfo, sandboxKey,
- networkMode, copyConfig, image, error);
+ // Step 7.2.6: Save sandbox to disk
+ sandbox->Save(error);
if (error.NotEmpty()) {
- if (namespace_is_cni(networkMode.c_str())) {
- (void)remove_network_namespace_file(sandboxKey.c_str());
+ ERROR("Failed to save sandbox, %s", sandboxName.c_str());
+ goto cleanup_network;
+ }
+ return;
+
+cleanup_network:
+ if (namespace_is_cni(sandbox->GetNetMode().c_str())) {
+ Errors clearErr;
+ ClearCniNetwork(sandbox, clearErr);
+ if (clearErr.NotEmpty()) {
+ ERROR("Failed to clean cni network: %s", clearErr.GetCMessage());
}
- return response_id;
}
- // Step 7: Setup networking for the sandbox.
+stop_sandbox:
+ Errors stopError;
+ CRIHelpers::StopContainerHelper(m_cb, sandbox->GetId(), 0, stopError);
+ WARN("Error stop container: %s: %s", sandbox->GetId().c_str(), stopError.GetCMessage());
+}
+
+void PodSandboxManagerService::SetupNetowrkAndStartPodSandbox(std::shared_ptr<sandbox::Sandbox> sandbox, std::string &sandboxName, std::string &networkMode, Errors &error)
+{
+ cri_container_message_t msg = { 0 };
+ std::string network_setting_json;
+
+ // Step 7.1.1: Setup networking for the sandbox.
// Setup sandbox network before create sandbox since the remote create might fail for sandbox
SetupSandboxNetwork(sandbox, network_setting_json, error);
if (error.NotEmpty()) {
- goto cleanup_sandbox;
+ return;
}
- // Step 8: Save sandbox to disk
+ // Step 7.1.2: Save sandbox to disk
sandbox->Save(error);
if (error.NotEmpty()) {
ERROR("Failed to save sandbox, %s", sandboxName.c_str());
goto cleanup_network;
}
- // Step 9: Call sandbox create.
+ // Step 7.1.3: Call sandbox create.
sandbox->Create(error);
if (error.NotEmpty()) {
ERROR("Failed to create sandbox: %s", sandboxName.c_str());
@@ -385,7 +432,7 @@ auto PodSandboxManagerService::RunPodSandbox(const runtime::v1::PodSandboxConfig
msg.type = CRI_CONTAINER_MESSAGE_TYPE_CREATED;
mailbox_publish(MAILBOX_TOPIC_CRI_CONTAINER, &msg);
- // Step 10: Save network settings json to disk
+ // Step 7.1.4: Save network settings json to disk
// Update network settings before start sandbox since sandbox container will use the sandbox key
if (namespace_is_cni(networkMode.c_str())) {
Errors tmpErr;
@@ -396,26 +443,15 @@ auto PodSandboxManagerService::RunPodSandbox(const runtime::v1::PodSandboxConfig
}
}
- // Step 11: Call sandbox start.
+ // Step 7.1.5: Call sandbox start.
sandbox->Start(error);
if (error.NotEmpty()) {
ERROR("Failed to start sandbox: %s", sandboxName.c_str());
- // If start failed, sandbox should be NotReady, we cleanup network and delete sandbox in remove
- return response_id;
- }
-
- msg.type = CRI_CONTAINER_MESSAGE_TYPE_STARTED;
- mailbox_publish(MAILBOX_TOPIC_CRI_CONTAINER, &msg);
-
-#ifdef ENABLE_NRI
- if (!NRIAdaptation::GetInstance()->RunPodSandbox(sandbox, nriErr)) {
- ERROR("NRI RunPodSandbox failed: %s", nriErr.GetCMessage());
- error.Errorf("NRI RunPodSandbox failed: %s", nriErr.GetCMessage());
- return response_id;
+ // If start failed, sandbox should be NotReady, we cleanup network, but delete sandbox in remove
+ goto cleanup_network;
}
-#endif
- return sandbox->GetId();
+ return;
cleanup_network:
if (namespace_is_cni(sandbox->GetNetMode().c_str())) {
@@ -423,21 +459,115 @@ cleanup_network:
ClearCniNetwork(sandbox, clearErr);
if (clearErr.NotEmpty()) {
ERROR("Failed to clean cni network: %s", clearErr.GetCMessage());
+ return;
+ }
+ }
+}
+
+auto PodSandboxManagerService::RunPodSandbox(const runtime::v1::PodSandboxConfig &config,
+ const std::string &runtimeHandler, Errors &error) -> std::string
+{
+ std::string response_id;
+ std::string sandboxName;
+ sandbox::RuntimeInfo runtimeInfo;
+ std::string networkMode;
+ std::string sandboxKey;
+ std::string jsonCheckpoint;
+ runtime::v1::PodSandboxConfig copyConfig = config;
+ std::map<std::string, std::string> stdAnnos;
+ cri_container_message_t msg = { 0 };
+ std::shared_ptr<sandbox::Sandbox> sandbox;
+#ifdef ENABLE_NRI
+ Errors nriErr;
+#endif
+
+ // Step 1: Parepare sandbox name, runtime and networkMode
+ PrepareSandboxData(config, runtimeHandler, sandboxName, runtimeInfo, networkMode, error);
+ if (error.NotEmpty()) {
+ return response_id;
+ }
+
+ // Step 2: Pull the image for the sandbox.
+ // Maybe we should pull image in shim controller ?
+ // But pull image interface is only in CRI image service, and it can't be called in shim controller,
+ // so we pull image in CRI pod service.
+ const std::string &image = m_podSandboxImage;
+ if (!EnsureSandboxImageExists(image, runtimeInfo.sandboxer, error)) {
+ ERROR("Failed to pull sandbox image %s: %s", image.c_str(), error.NotEmpty() ? error.GetCMessage() : "");
+ error.Errorf("Failed to pull sandbox image %s: %s", image.c_str(), error.NotEmpty() ? error.GetCMessage() : "");
+ return response_id;
+ }
+
+ // Step 3: Prepare sandbox checkpoint
+ PrepareSandboxCheckpoint(config, jsonCheckpoint, error);
+ if (error.NotEmpty()) {
+ return response_id;
+ }
+
+ // Step 4: Update sandbox instance config
+ UpdateSandboxConfig(copyConfig, jsonCheckpoint, error);
+ if (error.NotEmpty()) {
+ return response_id;
+ }
+
+ // Step 5: Prepare sandboxKey and mount ns namespace
+ if (namespace_is_cni(networkMode.c_str())) {
+ // cleanup sandboxKey file in DeleteSandbox
+ PrepareSandboxKey(sandboxKey, error);
+ if (error.NotEmpty()) {
return response_id;
}
+ if (prepare_network_namespace(sandboxKey.c_str(), false, 0) != 0) {
+ error.Errorf("Failed to prepare network namespace: %s", sandboxKey.c_str());
+ ERROR("Failed to prepare network namespace: %s", sandboxKey.c_str());
+ goto clean_ns;
+ }
}
-cleanup_sandbox:
- sandbox::SandboxManager::GetInstance()->DeleteSandbox(sandbox->GetId(), error);
+ // Step 6: Create sandbox instance
+ sandbox = sandbox::SandboxManager::GetInstance()->CreateSandbox(sandboxName, runtimeInfo, sandboxKey,
+ networkMode, copyConfig, image, error);
+ if (error.NotEmpty()) {
+ goto clean_ns;
+ }
+
+ CRIHelpers::ProtobufAnnoMapToStd(sandbox->GetSandboxConfig().annotations(), stdAnnos);
+ // Step 7: According to the annotation and network namespace mode,
+ // determine the order of start sandbox and setup network.
+ // tips: clean sandbox and network in sub function.
+ if (CRIHelpers::SetupNetworkFirst(stdAnnos)) {
+ // Step 7.1: Setup networking for the sandbox, and then start the sandbox container.
+ SetupNetowrkAndStartPodSandbox(sandbox, sandboxName, networkMode, error);
+ } else {
+ // Step 7.2: (Default)Start the sandbox container, and then setup networking for the sandbox.
+ // why: Some kata multi-network plane plugins (such as configuring vfio device pass-through)
+ // need to be called after the pod is already running.
+ StartPodSandboxAndSetupNetowrk(sandbox, sandboxKey, sandboxName, networkMode, error);
+ }
if (error.NotEmpty()) {
- ERROR("Failed to delete sandbox: %s", sandbox->GetId().c_str());
+ goto clean_ns;
}
+
+ msg.type = CRI_CONTAINER_MESSAGE_TYPE_STARTED;
+ mailbox_publish(MAILBOX_TOPIC_CRI_CONTAINER, &msg);
+
#ifdef ENABLE_NRI
- if (!NRIAdaptation::GetInstance()->RemovePodSandbox(sandbox, nriErr)) {
- DEBUG("NRI RemovePodSandbox failed: %s", nriErr.GetCMessage());
+ if (!NRIAdaptation::GetInstance()->RunPodSandbox(sandbox, nriErr)) {
+ ERROR("NRI RunPodSandbox failed: %s", nriErr.GetCMessage());
+ error.Errorf("NRI RunPodSandbox failed: %s", nriErr.GetCMessage());
+ return response_id;
}
#endif
+ return sandbox->GetId();
+clean_ns:
+ if (namespace_is_cni(networkMode.c_str())) {
+ // umount netns when prepare runp failed
+ if (remove_network_namespace(sandboxKey.c_str()) != 0) {
+ SYSERROR("Failed to umount directory %s", sandboxKey.c_str());
+ }
+ (void)remove_network_namespace_file(sandboxKey.c_str());
+ }
return response_id;
}
diff --git a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.h b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.h
index b02216c0..01d06624 100644
--- a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.h
+++ b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.h
@@ -86,6 +86,9 @@ private:
void UpdateSandboxConfig(runtime::v1::PodSandboxConfig &config, std::string &jsonCheckpoint, Errors &error);
void SetupSandboxFiles(const std::string &resolvPath, const runtime::v1::PodSandboxConfig &config,
Errors &error);
+ void GenerateNetworkSetting(std::string &sandboxKey, std::string &network_setting_json, Errors &error);
+ void StartPodSandboxAndSetupNetowrk(std::shared_ptr<sandbox::Sandbox> sandbox, std::string &sandboxKey, std::string &sandboxName, std::string &networkMode, Errors &error);
+ void SetupNetowrkAndStartPodSandbox(std::shared_ptr<sandbox::Sandbox> sandbox, std::string &sandboxName, std::string &networkMode, Errors &error);
void SetupSandboxNetwork(const std::shared_ptr<sandbox::Sandbox> sandbox, std::string &network_settings_json,
Errors &error);
void ClearCniNetwork(const std::shared_ptr<sandbox::Sandbox> sandbox, Errors &error);
--
2.34.1

36
0191-bugfix-dereference-null-pointer.patch Normal file
View File

@ -0,0 +1,36 @@
From 2861c3105e1605c0a0b037558b0ccf54c9780678 Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Tue, 11 Feb 2025 11:08:31 +0800
Subject: [PATCH 191/198] bugfix:dereference null pointer
Signed-off-by: liuxu <liuxu156@huawei.com>
---
src/daemon/modules/container/container_gc/containers_gc.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/daemon/modules/container/container_gc/containers_gc.c b/src/daemon/modules/container/container_gc/containers_gc.c
index 3f2473d5..5dd299dc 100644
--- a/src/daemon/modules/container/container_gc/containers_gc.c
+++ b/src/daemon/modules/container/container_gc/containers_gc.c
@@ -461,15 +461,16 @@ static void gc_container_process(struct linked_list *it)
unsigned long long start_time = 0;
char *runtime = NULL;
char *id = NULL;
- container_garbage_config_gc_containers_element *gc_cont = NULL;
+ container_garbage_config_gc_containers_element *gc_cont = (container_garbage_config_gc_containers_element *)it->elem;
rt_detect_process_params_t detect_params = {
.pid = gc_cont->pid,
.start_time = gc_cont->start_time,
};
- gc_cont = (container_garbage_config_gc_containers_element *)it->elem;
id = gc_cont->id;
runtime = gc_cont->runtime;
+ pid = gc_cont->pid;
+ start_time = gc_cont->start_time;
if (runtime_detect_process(id, runtime, &detect_params) < 0) {
ret = clean_container_resource(id, runtime, pid);
--
2.34.1

158
0192-modify-save-step-in-run-sandbox.patch Normal file
View File

@ -0,0 +1,158 @@
From edb21523aac45aa5628243599a296592a6b84d79 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 12 Feb 2025 11:18:46 +1400
Subject: [PATCH 192/198] modify save step in run sandbox
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
.../v1/v1_cri_pod_sandbox_manager_service.cc | 55 +++++++------------
1 file changed, 19 insertions(+), 36 deletions(-)
diff --git a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
index 62464acd..8a7779ad 100644
--- a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
+++ b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
@@ -325,7 +325,7 @@ void PodSandboxManagerService::StartPodSandboxAndSetupNetowrk(std::shared_ptr<sa
cri_container_message_t msg = { 0 };
std::string network_setting_json;
- // Step 7.2.1: Call sandbox create.
+ // Step 8.2.1: Call sandbox create.
sandbox->Create(error);
if (error.NotEmpty()) {
ERROR("Failed to create sandbox: %s", sandboxName.c_str());
@@ -337,7 +337,7 @@ void PodSandboxManagerService::StartPodSandboxAndSetupNetowrk(std::shared_ptr<sa
msg.type = CRI_CONTAINER_MESSAGE_TYPE_CREATED;
mailbox_publish(MAILBOX_TOPIC_CRI_CONTAINER, &msg);
- // Step 7.2.2: Save network settings json to disk
+ // Step 8.2.2: Save network settings json to disk
// Update network settings before start sandbox since sandbox container will use the sandbox key
if (namespace_is_cni(networkMode.c_str())) {
GenerateNetworkSetting(sandboxKey, network_setting_json, error);
@@ -355,20 +355,20 @@ void PodSandboxManagerService::StartPodSandboxAndSetupNetowrk(std::shared_ptr<sa
}
}
- // Step 7.2.3: Call sandbox start.
+ // Step 8.2.3: Call sandbox start.
sandbox->Start(error);
if (error.NotEmpty()) {
ERROR("Failed to start sandbox: %s", sandboxName.c_str());
return;
}
- // Step 7.2.4:Setup networking for the sandbox.
+ // Step 8.2.4:Setup networking for the sandbox.
SetupSandboxNetwork(sandbox, network_setting_json, error);
if (error.NotEmpty()) {
goto stop_sandbox;
}
- // Step 7.2.5:update Network settings after setup network to update ip info.
+ // Step 8.2.5:update Network settings after setup network to update ip info.
if (namespace_is_cni(networkMode.c_str())) {
Errors tmpErr;
sandbox->UpdateNetworkSettings(network_setting_json, tmpErr);
@@ -378,23 +378,7 @@ void PodSandboxManagerService::StartPodSandboxAndSetupNetowrk(std::shared_ptr<sa
}
}
- // Step 7.2.6: Save sandbox to disk
- sandbox->Save(error);
- if (error.NotEmpty()) {
- ERROR("Failed to save sandbox, %s", sandboxName.c_str());
- goto cleanup_network;
- }
return;
-
-cleanup_network:
- if (namespace_is_cni(sandbox->GetNetMode().c_str())) {
- Errors clearErr;
- ClearCniNetwork(sandbox, clearErr);
- if (clearErr.NotEmpty()) {
- ERROR("Failed to clean cni network: %s", clearErr.GetCMessage());
- }
- }
-
stop_sandbox:
Errors stopError;
CRIHelpers::StopContainerHelper(m_cb, sandbox->GetId(), 0, stopError);
@@ -406,21 +390,14 @@ void PodSandboxManagerService::SetupNetowrkAndStartPodSandbox(std::shared_ptr<sa
cri_container_message_t msg = { 0 };
std::string network_setting_json;
- // Step 7.1.1: Setup networking for the sandbox.
+ // Step 8.1.1: Setup networking for the sandbox.
// Setup sandbox network before create sandbox since the remote create might fail for sandbox
SetupSandboxNetwork(sandbox, network_setting_json, error);
if (error.NotEmpty()) {
return;
}
- // Step 7.1.2: Save sandbox to disk
- sandbox->Save(error);
- if (error.NotEmpty()) {
- ERROR("Failed to save sandbox, %s", sandboxName.c_str());
- goto cleanup_network;
- }
-
- // Step 7.1.3: Call sandbox create.
+ // Step 8.1.2: Call sandbox create.
sandbox->Create(error);
if (error.NotEmpty()) {
ERROR("Failed to create sandbox: %s", sandboxName.c_str());
@@ -432,7 +409,7 @@ void PodSandboxManagerService::SetupNetowrkAndStartPodSandbox(std::shared_ptr<sa
msg.type = CRI_CONTAINER_MESSAGE_TYPE_CREATED;
mailbox_publish(MAILBOX_TOPIC_CRI_CONTAINER, &msg);
- // Step 7.1.4: Save network settings json to disk
+ // Step 8.1.3: Save network settings json to disk
// Update network settings before start sandbox since sandbox container will use the sandbox key
if (namespace_is_cni(networkMode.c_str())) {
Errors tmpErr;
@@ -443,14 +420,13 @@ void PodSandboxManagerService::SetupNetowrkAndStartPodSandbox(std::shared_ptr<sa
}
}
- // Step 7.1.5: Call sandbox start.
+ // Step 8.1.4: Call sandbox start.
sandbox->Start(error);
if (error.NotEmpty()) {
ERROR("Failed to start sandbox: %s", sandboxName.c_str());
// If start failed, sandbox should be NotReady, we cleanup network, but delete sandbox in remove
goto cleanup_network;
}
-
return;
cleanup_network:
@@ -531,15 +507,22 @@ auto PodSandboxManagerService::RunPodSandbox(const runtime::v1::PodSandboxConfig
goto clean_ns;
}
+ // Step 7: Save sandbox metadate to disk for sandbox instance create success
+ sandbox->Save(error);
+ if (error.NotEmpty()) {
+ ERROR("Failed to save sandbox, %s", sandboxName.c_str());
+ goto clean_ns;
+ }
+
CRIHelpers::ProtobufAnnoMapToStd(sandbox->GetSandboxConfig().annotations(), stdAnnos);
- // Step 7: According to the annotation and network namespace mode,
+ // Step 8: According to the annotation and network namespace mode,
// determine the order of start sandbox and setup network.
// tips: clean sandbox and network in sub function.
if (CRIHelpers::SetupNetworkFirst(stdAnnos)) {
- // Step 7.1: Setup networking for the sandbox, and then start the sandbox container.
+ // Step 8.1: Setup networking for the sandbox, and then start the sandbox container.
SetupNetowrkAndStartPodSandbox(sandbox, sandboxName, networkMode, error);
} else {
- // Step 7.2: (Default)Start the sandbox container, and then setup networking for the sandbox.
+ // Step 8.2: (Default)Start the sandbox container, and then setup networking for the sandbox.
// why: Some kata multi-network plane plugins (such as configuring vfio device pass-through)
// need to be called after the pod is already running.
StartPodSandboxAndSetupNetowrk(sandbox, sandboxKey, sandboxName, networkMode, error);
--
2.34.1

209
0193-add-dt-for-cri-v1.patch Normal file
View File

@ -0,0 +1,209 @@
From bb2ed9b37d7c69b0af88487693826556321d46e9 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 11 Feb 2025 22:42:39 +0800
Subject: [PATCH 193/198] add dt for cri v1
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
CI/test_cases/container_cases/cri_stats.sh | 90 ++++++++++++++++++++++
CI/test_cases/container_cases/cri_test.sh | 80 +++++++++++++++++++
2 files changed, 170 insertions(+)
create mode 100755 CI/test_cases/container_cases/cri_stats.sh
diff --git a/CI/test_cases/container_cases/cri_stats.sh b/CI/test_cases/container_cases/cri_stats.sh
new file mode 100755
index 00000000..f6acb397
--- /dev/null
+++ b/CI/test_cases/container_cases/cri_stats.sh
@@ -0,0 +1,90 @@
+#!/bin/bash
+#
+# attributes: isulad basic cri seccomp
+# concurrent: NA
+# spend time: 4
+
+#######################################################################
+##- Copyright (c) Huawei Technologies Co., Ltd. 2022. All rights reserved.
+# - iSulad licensed under the Mulan PSL v2.
+# - You can use this software according to the terms and conditions of the Mulan PSL v2.
+# - You may obtain a copy of Mulan PSL v2 at:
+# - http://license.coscl.org.cn/MulanPSL2
+# - THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+# - IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+# - PURPOSE.
+# - See the Mulan PSL v2 for more details.
+##- @Description:CI
+##- @Author: wangfengtu
+##- @Create: 2022-08-13
+#######################################################################
+
+source ../helpers.sh
+curr_path=$(dirname $(readlink -f "$0"))
+data_path=$(realpath $curr_path/criconfigs)
+pause_img_path=$(realpath $curr_path/test_data)
+
+function do_pre()
+{
+ sed -i "s#seccomp_localhost_ref#${data_path}/seccomp_localhost.json#g" ${data_path}/container-config-seccomp-localhost.json
+
+ init_cri_conf $1 "without_valgrind"
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to init cri conf: ${1}" && return ${FAILURE}
+
+ isula pull busybox
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to pull busybox" && return ${FAILURE}
+
+ return 0
+}
+
+function do_post()
+{
+ local ret=0
+ restore_cri_conf "without_valgrind"
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to restore cri conf" && ((ret++))
+ return $ret
+}
+
+function test_cri_stats()
+{
+ local ret=0
+ local test="cri stats test => (${FUNCNAME[@]})"
+
+ msg_info "${test} starting..."
+
+ sid=$(crictl runp ${data_path}/sandbox-config.json)
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run sandbox" && ((ret++))
+
+ cid=$(crictl create $sid ${data_path}/container-config.json ${data_path}/sandbox-config.json)
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to create container" && ((ret++))
+
+ crictl start $cid
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to start container" && ((ret++))
+
+ crictl statsp $sid
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to get cri stats" && ((ret++))
+
+ crictl stats $cid
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to get cri stats" && ((ret++))
+
+ msg_info "${test} finished with return ${ret}..."
+ return ${ret}
+}
+
+declare -i ans=0
+
+for version in ${CRI_LIST[@]};
+do
+ test="test_cri_test_fun, use cri version => (${version})"
+ msg_info "${test} starting..."
+
+ do_pre $version || ((ans++))
+
+ test_cri_stats || ((ans++))
+
+ do_post || ((ans++))
+ msg_info "${test} finished with return ${ans}..."
+done
+
+show_result ${ans} "${curr_path}/${0}"
+
diff --git a/CI/test_cases/container_cases/cri_test.sh b/CI/test_cases/container_cases/cri_test.sh
index ed333a28..6dc2291e 100755
--- a/CI/test_cases/container_cases/cri_test.sh
+++ b/CI/test_cases/container_cases/cri_test.sh
@@ -45,6 +45,83 @@ function do_post()
return $ret
}
+function test_cri_info()
+{
+ local ret=0
+ local image="busybox"
+ local test="cri info test => (${FUNCNAME[@]})"
+
+ msg_info "${test} starting..."
+
+ crictl info
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to get cri info" && ((ret++))
+
+ msg_info "${test} finished with return ${ret}..."
+ return ${ret}
+}
+
+function test_cri_list()
+{
+ local ret=0
+ local image="busybox"
+ local test="cri list test => (${FUNCNAME[@]})"
+
+ msg_info "${test} starting..."
+
+ sid=$(crictl runp ${data_path}/sandbox-config.json)
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run sandbox" && ((ret++))
+
+ cid=$(crictl create $sid ${data_path}/container-config.json ${data_path}/sandbox-config.json)
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to create container" && ((ret++))
+
+ crictl start $cid
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to start container" && ((ret++))
+
+ crictl pods | grep "^${sid:0:5}"
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to list cri pod" && ((ret++))
+
+ crictl ps -a | grep "^${cid:0:5}"
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to list cri container" && ((ret++))
+
+ stop_isulad_without_valgrind
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++))
+
+ start_isulad_without_valgrind
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++))
+
+ crictl ps -a | grep "^${cid:0:5}"
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to list cri container after restart" && ((ret++))
+
+ crictl pods | grep "^${sid:0:5}"
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to list cri pod after restart" && ((ret++))
+
+ crictl rmp -f $(crictl pods -q)
+
+ msg_info "${test} finished with return ${ret}..."
+ return ${ret}
+}
+
+function test_cri_images()
+{
+ local ret=0
+ local image="busybox"
+ local test="cri images test => (${FUNCNAME[@]})"
+
+ msg_info "${test} starting..."
+
+ crictl pull $image
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to pull image" && ((ret++))
+
+ crictl images | grep $image
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to list cri images" && ((ret++))
+
+ crictl rmi $image
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to remove image" && ((ret++))
+
+ msg_info "${test} finished with return ${ret}..."
+ return ${ret}
+}
+
function test_cri_seccomp()
{
local ret=0
@@ -97,6 +174,9 @@ do
test_cri_seccomp "default" || ((ans++))
test_cri_seccomp "unconfined" || ((ans++))
test_cri_seccomp "localhost" || ((ans++))
+ test_cri_info || ((ans++))
+ test_cri_list || ((ans++))
+ test_cri_images || ((ans++))
do_post || ((ans++))
msg_info "${test} finished with return ${ans}..."
--
2.34.1

26
0194-modify-the-CreateContainer-failed-return.patch Normal file
View File

@ -0,0 +1,26 @@
From b2bf7c101852a90fba3f7e85734fa887e3cd5fad Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Fri, 14 Feb 2025 15:23:21 +1400
Subject: [PATCH 194/198] modify the CreateContainer failed return
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
index abf60c0c..fe1cca0c 100644
--- a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
+++ b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
@@ -486,7 +486,7 @@ std::string ContainerManagerService::CreateContainer(const std::string &podSandb
// verify whether the sandbox is ready
if (!sandbox->IsReady()) {
error.Errorf("Failed to generate sandbox_info because the sandbox %s is not ready", sandbox->GetId().c_str());
- return nullptr;
+ return response_id;
}
#ifdef ENABLE_NRI
--
2.34.1

379
0195-Add-some-unit-tests-for-sandbox-and-shim-controller.patch Normal file
View File

@ -0,0 +1,379 @@
From 94f867944d0f36ad77a488ab35f5555bf3c09c01 Mon Sep 17 00:00:00 2001
From: xuxuepeng <xuxuepeng1@huawei.com>
Date: Fri, 14 Feb 2025 14:48:25 +0800
Subject: [PATCH 195/198] Add some unit tests for sandbox and shim controller
Signed-off-by: xuxuepeng <xuxuepeng1@huawei.com>
---
src/daemon/sandbox/sandbox.h | 2 +-
.../shim/controller/shim_controller.cc | 5 +
test/sandbox/controller/shim/CMakeLists.txt | 2 +
.../controller/shim/shim_controller_ut.cc | 123 +++++++++++++++++-
test/sandbox/sandbox/CMakeLists.txt | 5 +
test/sandbox/sandbox/sandbox_ut.cc | 64 ++++++++-
6 files changed, 196 insertions(+), 5 deletions(-)
diff --git a/src/daemon/sandbox/sandbox.h b/src/daemon/sandbox/sandbox.h
index 9007ea16..0aeec826 100644
--- a/src/daemon/sandbox/sandbox.h
+++ b/src/daemon/sandbox/sandbox.h
@@ -118,6 +118,7 @@ public:
auto UpdateStatsInfo(const StatsInfo &info) -> StatsInfo;
void SetNetworkReady(bool ready);
void SetNetworkMode(const std::string &networkMode);
+ void SetSandboxConfig(const runtime::v1::PodSandboxConfig &config);
auto FindAvailableVsockPort(uint32_t &port) -> bool;
void ReleaseVsockPort(uint32_t port);
auto CleanupSandboxFiles(Errors &error) -> bool;
@@ -162,7 +163,6 @@ private:
auto LoadMetadata(Errors &error) -> bool;
void LoadNetworkSetting();
- void SetSandboxConfig(const runtime::v1::PodSandboxConfig &config);
void SetNetworkSettings(const std::string &settings, Errors &error);
auto CreateHostname(bool shareHost, Errors &error) -> bool;
auto CreateHosts(bool shareHost, Errors &error) -> bool;
diff --git a/src/daemon/sandbox/shim/controller/shim_controller.cc b/src/daemon/sandbox/shim/controller/shim_controller.cc
index 7e4338f6..563a2f3d 100644
--- a/src/daemon/sandbox/shim/controller/shim_controller.cc
+++ b/src/daemon/sandbox/shim/controller/shim_controller.cc
@@ -289,6 +289,11 @@ bool ShimController::Create(const std::string &sandboxId,
std::unique_ptr<ControllerSandboxInfo> ShimController::Start(const std::string &sandboxId, Errors &error)
{
+ if (m_cb == nullptr || m_cb->container.start == nullptr) {
+ ERROR("Unimplemented callback");
+ error.SetError("Unimplemented callback");
+ return nullptr;
+ }
std::unique_ptr<ControllerSandboxInfo> sandboxInfo(new ControllerSandboxInfo());
auto requestWrapper = makeUniquePtrCStructWrapper<container_start_request>(free_container_start_request);
if (requestWrapper == nullptr) {
diff --git a/test/sandbox/controller/shim/CMakeLists.txt b/test/sandbox/controller/shim/CMakeLists.txt
index 069312c9..18f989f1 100644
--- a/test/sandbox/controller/shim/CMakeLists.txt
+++ b/test/sandbox/controller/shim/CMakeLists.txt
@@ -28,6 +28,7 @@ add_executable(${EXE}
target_include_directories(${EXE} PUBLIC
${GTEST_INCLUDE_DIR}
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../include
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/common
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/common/cri
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/common/cri/v1
@@ -52,6 +53,7 @@ target_include_directories(${EXE} PUBLIC
${CMAKE_BINARY_DIR}/grpc/src/api/services/cri/v1
)
+set_target_properties(${EXE} PROPERTIES LINK_FLAGS "-Wl,--wrap,isula_common_calloc_s")
target_link_libraries(${EXE} ${GTEST_BOTH_LIBRARIES} ${GMOCK_LIBRARY} ${GMOCK_MAIN_LIBRARY} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} libutils_ut -lgrpc++ -lprotobuf -lcrypto -lyajl -lz)
target_link_libraries(${EXE} -Wl,--as-needed ${ISULAD_ABSL_USED_TARGETS})
add_test(NAME ${EXE} COMMAND ${EXE} --gtest_output=xml:${EXE}-Results.xml)
diff --git a/test/sandbox/controller/shim/shim_controller_ut.cc b/test/sandbox/controller/shim/shim_controller_ut.cc
index 75a51797..d85a87b2 100644
--- a/test/sandbox/controller/shim/shim_controller_ut.cc
+++ b/test/sandbox/controller/shim/shim_controller_ut.cc
@@ -21,6 +21,12 @@
#include "image_api_mock.h"
#include "service_container_api_mock.h"
#include "shim_controller.h"
+#include "mock.h"
+
+extern "C" {
+ DECLARE_WRAPPER(isula_common_calloc_s, void *, (size_t size));
+ DEFINE_WRAPPER(isula_common_calloc_s, void *, (size_t size), (size));
+}
class ShimControllerTest : public testing::Test {
protected:
@@ -76,6 +82,32 @@ TEST_F(ShimControllerTest, CreateTestFailed)
EXPECT_FALSE(m_contoller->Create(DUMMY_SANDBOX_ID, *params, err));
}
+TEST_F(ShimControllerTest, CreateTestContainerCallbackNullPtrError)
+{
+ Errors err;
+ std::unique_ptr<sandbox::ControllerCreateParams> params = CreateTestCreateParams();
+ // shim controller create needs linux config.
+ (void)params->config->mutable_linux();
+ (void)params->config->mutable_linux()->mutable_resources();
+ auto callback = get_service_executor();
+ auto tmp_create = callback->container.create;
+ callback->container.create = nullptr;
+ EXPECT_FALSE(m_contoller->Create(DUMMY_SANDBOX_ID, *params, err));
+ callback->container.create = tmp_create;
+}
+
+TEST_F(ShimControllerTest, CreateTestContainerCallocError)
+{
+ Errors err;
+ std::unique_ptr<sandbox::ControllerCreateParams> params = CreateTestCreateParams();
+ // shim controller create needs linux config.
+ (void)params->config->mutable_linux();
+ (void)params->config->mutable_linux()->mutable_resources();
+ MOCK_SET(isula_common_calloc_s, nullptr);
+ EXPECT_FALSE(m_contoller->Create(DUMMY_SANDBOX_ID, *params, err));
+ MOCK_CLEAR(isula_common_calloc_s);
+}
+
/************* Unit tests for Start *************/
TEST_F(ShimControllerTest, StartTestSucceed)
{
@@ -99,7 +131,6 @@ TEST_F(ShimControllerTest, StartTestSucceed)
EXPECT_EQ(ret->pid, 1234);
}
-/************* Unit tests for Start *************/
TEST_F(ShimControllerTest, StartTestFailed)
{
Errors err;
@@ -108,6 +139,24 @@ TEST_F(ShimControllerTest, StartTestFailed)
EXPECT_EQ(ret, nullptr);
}
+TEST_F(ShimControllerTest, StartTestContainerCallbackNullPtrError)
+{
+ Errors err;
+ auto callback = get_service_executor();
+ auto tmp_start = callback->container.start;
+ callback->container.start = nullptr;
+ EXPECT_FALSE(m_contoller->Start(DUMMY_SANDBOX_ID, err));
+ callback->container.start = tmp_start;
+}
+
+TEST_F(ShimControllerTest, StartTestContainerCallocError)
+{
+ Errors err;
+ MOCK_SET(isula_common_calloc_s, nullptr);
+ EXPECT_FALSE(m_contoller->Start(DUMMY_SANDBOX_ID, err));
+ MOCK_CLEAR(isula_common_calloc_s);
+}
+
/************* Unit tests for Stop *************/
TEST_F(ShimControllerTest, StopTestSucceed)
{
@@ -123,6 +172,24 @@ TEST_F(ShimControllerTest, StopTestFailed)
EXPECT_FALSE(m_contoller->Stop(DUMMY_SANDBOX_ID, 0, err));
}
+TEST_F(ShimControllerTest, StopTestContainerCallbackNullPtrError)
+{
+ Errors err;
+ auto callback = get_service_executor();
+ auto tmp_stop = callback->container.stop;
+ callback->container.stop = nullptr;
+ EXPECT_FALSE(m_contoller->Stop(DUMMY_SANDBOX_ID, 0, err));
+ callback->container.stop = tmp_stop;
+}
+
+TEST_F(ShimControllerTest, StopTestContainerCallocError)
+{
+ Errors err;
+ MOCK_SET(isula_common_calloc_s, nullptr);
+ EXPECT_FALSE(m_contoller->Stop(DUMMY_SANDBOX_ID, 0, err));
+ MOCK_CLEAR(isula_common_calloc_s);
+}
+
/************* Unit tests for Status *************/
TEST_F(ShimControllerTest, StatusTestSucceed)
{
@@ -167,3 +234,57 @@ TEST_F(ShimControllerTest, ShutdownTestFailed)
EXPECT_CALL(*m_containerCallbackMock, ContainerRemove).Times(1).WillOnce(testing::Return(1));
EXPECT_FALSE(m_contoller->Shutdown(DUMMY_SANDBOX_ID, err));
}
+
+TEST_F(ShimControllerTest, ShutdownTestContainerCallbackNullPtrError)
+{
+ Errors err;
+ auto callback = get_service_executor();
+ auto tmp_remove = callback->container.remove;
+ callback->container.remove = nullptr;
+ EXPECT_FALSE(m_contoller->Shutdown(DUMMY_SANDBOX_ID, err));
+ callback->container.remove = tmp_remove;
+}
+
+TEST_F(ShimControllerTest, ShutdownTestContainerCallocError)
+{
+ Errors err;
+ MOCK_SET(isula_common_calloc_s, nullptr);
+ EXPECT_FALSE(m_contoller->Shutdown(DUMMY_SANDBOX_ID, err));
+ MOCK_CLEAR(isula_common_calloc_s);
+}
+
+/*********** Unit tests for Platform ***********/
+TEST_F(ShimControllerTest, PlatformTestSucceed)
+{
+ Errors err;
+ // Not support yet
+ std::unique_ptr<sandbox::ControllerPlatformInfo> ret = m_contoller->Platform(DUMMY_SANDBOX_ID, err);
+ EXPECT_EQ(ret, nullptr);
+}
+
+/*********** Unit tests for Update ***********/
+TEST_F(ShimControllerTest, UpdateTestSucceed)
+{
+ Errors err;
+ // Shim Controller update is always true
+ EXPECT_TRUE(m_contoller->Update(nullptr, nullptr, err));
+}
+
+/*********** Unit tests for UpdateNetworkSettings ***********/
+TEST_F(ShimControllerTest, UpdateNetworkSettingsTestCallbackNullPtrError)
+{
+ Errors err;
+ auto callback = get_service_executor();
+ auto tmp_update_network_settings = callback->container.update_network_settings;
+ callback->container.update_network_settings = nullptr;
+ EXPECT_FALSE(m_contoller->UpdateNetworkSettings(DUMMY_SANDBOX_ID, "networkSettings", err));
+ callback->container.update_network_settings = tmp_update_network_settings;
+}
+
+TEST_F(ShimControllerTest, UpdateNetworkSettingsTestContainerCallocError)
+{
+ Errors err;
+ MOCK_SET(isula_common_calloc_s, nullptr);
+ EXPECT_FALSE(m_contoller->UpdateNetworkSettings(DUMMY_SANDBOX_ID, "networkSettings", err));
+ MOCK_CLEAR(isula_common_calloc_s);
+}
diff --git a/test/sandbox/sandbox/CMakeLists.txt b/test/sandbox/sandbox/CMakeLists.txt
index 358633dc..3a249f90 100644
--- a/test/sandbox/sandbox/CMakeLists.txt
+++ b/test/sandbox/sandbox/CMakeLists.txt
@@ -29,7 +29,9 @@ add_executable(${EXE}
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cpputils/transform.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cpputils/cxxutils.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/sandbox/sandbox.cc
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/sandbox/sandbox_ops.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/sandbox/controller_manager.cc
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/sandbox/sandbox_manager.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/common/id_name_manager.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/config/isulad_config.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../test/sandbox/controller/controller_common.cc
@@ -43,6 +45,7 @@ target_include_directories(${EXE} PUBLIC
${GTEST_INCLUDE_DIR}
${sandbox_dir}
${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../include
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/common
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/config
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/entry/cri
@@ -54,10 +57,12 @@ target_include_directories(${EXE} PUBLIC
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/sandbox
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/common
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cpputils
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils
${CMAKE_BINARY_DIR}/grpc/src/api/services/cri
${CMAKE_BINARY_DIR}/grpc/src/api/services/cri/v1
)
+set_target_properties(${EXE} PROPERTIES LINK_FLAGS "-Wl,--wrap,util_file_exists -Wl,--wrap,mount")
target_link_libraries(${EXE} ${GTEST_BOTH_LIBRARIES} ${GMOCK_LIBRARY} ${GMOCK_MAIN_LIBRARY} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} libutils_ut -lgrpc -lgrpc++ -lprotobuf -lcrypto -lyajl -lz)
target_link_libraries(${EXE} -Wl,--as-needed ${ISULAD_ABSL_USED_TARGETS})
add_test(NAME ${EXE} COMMAND ${EXE} --gtest_output=xml:${EXE}-Results.xml)
diff --git a/test/sandbox/sandbox/sandbox_ut.cc b/test/sandbox/sandbox/sandbox_ut.cc
index dd84d8fb..7534d67a 100644
--- a/test/sandbox/sandbox/sandbox_ut.cc
+++ b/test/sandbox/sandbox/sandbox_ut.cc
@@ -14,8 +14,22 @@
*/
#include <gtest/gtest.h>
-
+#include <fstream>
#include "sandbox.h"
+#include "sandbox_ops.h"
+#include "mock.h"
+#include "utils_file.h"
+
+extern "C" {
+ DECLARE_WRAPPER(util_file_exists, bool, (const char * path));
+ DEFINE_WRAPPER(util_file_exists, bool, (const char * path), (path));
+ DECLARE_WRAPPER(mount, int, (const char *__special_file, const char *__dir,
+ const char *__fstype, unsigned long int __rwflag,
+ const void *__data));
+ DEFINE_WRAPPER(mount, int, (const char *__special_file, const char *__dir,
+ const char *__fstype, unsigned long int __rwflag,
+ const void *__data), (__special_file, __dir, __fstype, __rwflag, __data));
+}
namespace sandbox {
@@ -39,8 +53,10 @@ TEST_F(SandboxTest, TestDefaultGetters)
std::string sandbox_statedir = statedir + "/" + id;
std::string name = "test";
RuntimeInfo info = {"runc", "shim", "kuasar"};
+ std::shared_ptr<runtime::v1::PodSandboxConfig> pod_config = std::make_shared<runtime::v1::PodSandboxConfig>();
+ pod_config->set_hostname("test");
- auto sandbox = new Sandbox(id, rootdir, statedir, name, info);
+ auto sandbox = std::unique_ptr<Sandbox>(new Sandbox(id, rootdir, statedir, name, info));
ASSERT_NE(sandbox, nullptr);
ASSERT_EQ(sandbox->IsReady(), false);
@@ -57,6 +73,8 @@ TEST_F(SandboxTest, TestDefaultGetters)
ASSERT_EQ(sandbox->GetStatsInfo().cpuUseNanos, 0);
ASSERT_EQ(sandbox->GetNetworkReady(), false);
ASSERT_STREQ(sandbox->GetNetMode().c_str(), DEFAULT_NETMODE.c_str());
+ sandbox->SetSandboxConfig(*pod_config);
+ ASSERT_STREQ(sandbox->GetMutableSandboxConfig()->hostname().c_str(), pod_config->hostname().c_str());
}
TEST_F(SandboxTest, TestGettersAndSetters)
@@ -66,7 +84,7 @@ TEST_F(SandboxTest, TestGettersAndSetters)
std::string statedir = "/test2/statedir";
std::string mode = "host";
- auto sandbox = new Sandbox(id, rootdir, statedir);
+ auto sandbox = std::unique_ptr<Sandbox>(new Sandbox(id, rootdir, statedir));
ASSERT_NE(sandbox, nullptr);
sandbox->SetNetMode(mode);
@@ -93,4 +111,44 @@ TEST_F(SandboxTest, TestGettersAndSetters)
EXPECT_TRUE(sandbox->GetNetworkReady());
}
+TEST_F(SandboxTest, TestCreateDefaultResolveConf)
+{
+ std::string id = "34567890";
+ std::string rootdir = "/tmp/test3/rootdir";
+ std::string statedir = "/tmp/test3/statedir";
+ std::string name = "test";
+ RuntimeInfo info = {"runc", "shim", "kuasar"};
+ std::string host_nework = "host";
+ Errors error;
+
+ auto sandbox = std::unique_ptr<Sandbox>(new Sandbox(id, rootdir, statedir, name, info, host_nework));
+ ASSERT_NE(sandbox, nullptr);
+ MOCK_SET(util_file_exists, false);
+ MOCK_SET(mount, 0);
+ sandbox->PrepareSandboxDirs(error);
+ ASSERT_TRUE(error.Empty());
+ MOCK_CLEAR(util_file_exists);
+ MOCK_CLEAR(mount);
+ const std::string RESOLVE_CONF = "\nnameserver 8.8.8.8\nnameserver 8.8.4.4\n";
+ std::string RESOLVE_PATH = rootdir + "/" + id + "/resolv.conf";
+ ASSERT_TRUE(util_file_exists(RESOLVE_PATH.c_str()));
+ std::ifstream f(RESOLVE_PATH);
+ std::string line;
+ std::string content = "";
+ while (std::getline(f, line)) {
+ content += line;
+ content +="\n";
+ }
+ f.close();
+ ASSERT_STREQ(RESOLVE_CONF.c_str(), content.c_str());
+ sandbox->CleanupSandboxDirs();
+ ASSERT_FALSE(util_file_exists(RESOLVE_PATH.c_str()));
+}
+
+TEST_F(SandboxTest, TestSandboxOpsOnExitFailed)
+{
+ ASSERT_EQ(sandbox_on_sandbox_exit(nullptr, 0), -1);
+ ASSERT_EQ(sandbox_on_sandbox_exit("12345678", 0), -1);
+}
+
}
\ No newline at end of file
--
2.34.1

26
0196-add-remove-pod-in-cri-stats.patch Normal file
View File

@ -0,0 +1,26 @@
From a478553bc957d0cd684883ad63fec6a639631658 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 17 Feb 2025 16:27:10 +0800
Subject: [PATCH 196/198] add remove pod in cri stats
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
CI/test_cases/container_cases/cri_stats.sh | 2 ++
1 file changed, 2 insertions(+)
diff --git a/CI/test_cases/container_cases/cri_stats.sh b/CI/test_cases/container_cases/cri_stats.sh
index f6acb397..72fb2856 100755
--- a/CI/test_cases/container_cases/cri_stats.sh
+++ b/CI/test_cases/container_cases/cri_stats.sh
@@ -66,6 +66,8 @@ function test_cri_stats()
crictl stats $cid
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to get cri stats" && ((ret++))
+
+ crictl rmp -f $(crictl pods -q)
msg_info "${test} finished with return ${ret}..."
return ${ret}
--
2.34.1

539
0197-coco-support-confidential-containers.patch Normal file
View File

@ -0,0 +1,539 @@
From 2edae8a425ae3442ee73469ca3fd2f3bf9422301 Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Mon, 16 Dec 2024 17:11:04 +0800
Subject: [PATCH 197/198] coco:support confidential containers
Signed-off-by: liuxu <liuxu156@huawei.com>
---
cmake/options.cmake | 11 +++
src/common/constants.h | 6 ++
src/daemon/common/cri/v1/v1_cri_helpers.cc | 71 +++++++++++++---
src/daemon/common/cri/v1/v1_cri_helpers.h | 4 +
.../v1/v1_cri_container_manager_service.cc | 5 ++
.../v1/v1_cri_pod_sandbox_manager_service.cc | 14 +++-
.../executor/container_cb/execution_create.c | 12 +++
src/daemon/modules/api/image_api.h | 3 +
src/daemon/modules/image/CMakeLists.txt | 10 +++
src/daemon/modules/image/image.c | 46 +++++++++++
.../modules/image/remote/CMakeLists.txt | 13 +++
.../modules/image/remote/remote_image.c | 81 +++++++++++++++++++
.../modules/image/remote/remote_image.h | 40 +++++++++
.../sandbox/sandboxer/sandboxer_sandbox.cc | 10 ++-
14 files changed, 308 insertions(+), 18 deletions(-)
create mode 100644 src/daemon/modules/image/remote/CMakeLists.txt
create mode 100644 src/daemon/modules/image/remote/remote_image.c
create mode 100644 src/daemon/modules/image/remote/remote_image.h
diff --git a/cmake/options.cmake b/cmake/options.cmake
index 018502d7..efbd0a52 100644
--- a/cmake/options.cmake
+++ b/cmake/options.cmake
@@ -62,6 +62,17 @@ if (ENABLE_SANDBOXER STREQUAL "ON")
endif()
endif()
+option(ENABLE_REMOTE_IMAGE "Enable remote image" OFF)
+if (ENABLE_REMOTE_IMAGE STREQUAL "ON")
+ if (ENABLE_SANDBOXER)
+ add_definitions(-DENABLE_REMOTE_IMAGE)
+ set(ENABLE_REMOTE_IMAGE 1)
+ message("${Green}-- Enable remote image${ColourReset}")
+ else()
+ message("${Yellow}-- Can not enable remote image, remote image need enable sandboxer first ${ColourReset}")
+ endif()
+endif()
+
option(ENABLE_OOM_MONITOR "Enable oom monitor" ON)
if (ENABLE_OOM_MONITOR STREQUAL "ON")
add_definitions(-DENABLE_OOM_MONITOR)
diff --git a/src/common/constants.h b/src/common/constants.h
index 8a6f86d8..7759896f 100644
--- a/src/common/constants.h
+++ b/src/common/constants.h
@@ -218,6 +218,12 @@ typedef enum { WAIT_CONDITION_STOPPED = 0, WAIT_CONDITION_REMOVED = 1 } wait_con
#define CRI_CONTAINER_TYPE_LABEL_KEY "cri.isulad.type"
#define CRI_CONTAINER_TYPE_LABEL_SANDBOX "podsandbox"
+#ifdef ENABLE_REMOTE_IMAGE
+// Note: Currently, remote image is used only in confidentail container, so the image is supposed to be encrypted
+#define SANDBOX_IMAGE_TYPE_REMOTE "remote"
+#define IMAGE_NAME_COCO "[Encrypted]"
+#endif
+
#ifdef __cplusplus
}
#endif
diff --git a/src/daemon/common/cri/v1/v1_cri_helpers.cc b/src/daemon/common/cri/v1/v1_cri_helpers.cc
index d71e3681..48dcfb45 100644
--- a/src/daemon/common/cri/v1/v1_cri_helpers.cc
+++ b/src/daemon/common/cri/v1/v1_cri_helpers.cc
@@ -325,10 +325,32 @@ void AddSecurityOptsToHostConfig(std::vector<std::string> &securityOpts, host_co
}
#ifdef ENABLE_SANDBOXER
+static defs_map_string_object_sandboxer_element *GetCRISandboxer(
+ const std::string &runtime, struct service_arguments *args)
+{
+ defs_map_string_object_sandboxer_element *criSandboxer = nullptr;
+ defs_map_string_object_sandboxer *criSandboxerList = nullptr;
+
+ criSandboxerList = args->json_confs->cri_sandboxers;
+ for (size_t i = 0; i < criSandboxerList->len; i++) {
+ if (criSandboxerList->keys[i] == nullptr || criSandboxerList->values[i] == nullptr ||
+ criSandboxerList->values[i]->name == nullptr) {
+ WARN("CRI runtimes key or value is null");
+ continue;
+ }
+
+ if (runtime == std::string(criSandboxerList->keys[i])) {
+ criSandboxer = criSandboxerList->values[i];
+ break;
+ }
+ }
+ return criSandboxer;
+}
+
std::string CRISandboxerConvert(const std::string &runtime)
{
std::string sandboxer;
- defs_map_string_object_sandboxer *criSandboxerList = nullptr;
+ defs_map_string_object_sandboxer_element *criSandboxer = nullptr;
if (runtime.empty()) {
return DEFAULT_SANDBOXER_NAME;
@@ -346,24 +368,47 @@ std::string CRISandboxerConvert(const std::string &runtime)
}
sandboxer = DEFAULT_SANDBOXER_NAME;
- criSandboxerList = args->json_confs->cri_sandboxers;
- for (size_t i = 0; i < criSandboxerList->len; i++) {
- if (criSandboxerList->keys[i] == nullptr || criSandboxerList->values[i] == nullptr ||
- criSandboxerList->values[i]->name == nullptr) {
- WARN("CRI runtimes key or value is null");
- continue;
- }
-
- if (runtime == std::string(criSandboxerList->keys[i])) {
- sandboxer = std::string(criSandboxerList->values[i]->name);
- break;
- }
+ criSandboxer = GetCRISandboxer(runtime, args);
+ if (criSandboxer != nullptr) {
+ sandboxer = std::string(criSandboxer->name);
}
out:
(void)isulad_server_conf_unlock();
return sandboxer;
}
+
+#ifdef ENABLE_REMOTE_IMAGE
+std::string GetCRISandboxerImageType(const std::string &runtime)
+{
+ std::string imageType = "";
+ defs_map_string_object_sandboxer_element *criSandboxer = nullptr;
+
+ if (runtime.empty()) {
+ return imageType;
+ }
+
+ if (isulad_server_conf_rdlock()) {
+ ERROR("Lock isulad server conf failed");
+ return imageType;
+ }
+
+ struct service_arguments *args = conf_get_server_conf();
+ if (args == nullptr || args->json_confs == nullptr || args->json_confs->cri_sandboxers == nullptr) {
+ ERROR("Cannot get cri sandboxer list");
+ goto out;
+ }
+
+ criSandboxer = GetCRISandboxer(runtime, args);
+ if (criSandboxer != nullptr && criSandboxer->image_type != nullptr) {
+ imageType = std::string(criSandboxer->image_type);
+ }
+
+out:
+ (void)isulad_server_conf_unlock();
+ return imageType;
+}
+#endif
#else
std::string CRISandboxerConvert(const std::string &runtime)
{
diff --git a/src/daemon/common/cri/v1/v1_cri_helpers.h b/src/daemon/common/cri/v1/v1_cri_helpers.h
index 6a848581..4fd15d0b 100644
--- a/src/daemon/common/cri/v1/v1_cri_helpers.h
+++ b/src/daemon/common/cri/v1/v1_cri_helpers.h
@@ -69,6 +69,10 @@ void AddSecurityOptsToHostConfig(std::vector<std::string> &securityOpts, host_co
std::string CRISandboxerConvert(const std::string &runtime);
+#ifdef ENABLE_REMOTE_IMAGE
+std::string GetCRISandboxerImageType(const std::string &runtime);
+#endif
+
void ApplySandboxSecurityContextToHostConfig(const runtime::v1::LinuxSandboxSecurityContext &context, host_config *hc,
Errors &error);
#ifdef ENABLE_CDI
diff --git a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
index fe1cca0c..1cc584fb 100644
--- a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
+++ b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
@@ -371,6 +371,11 @@ auto ContainerManagerService::GenerateSandboxInfo(
}
sandbox_info->sandboxer = util_strdup_s(sandbox.GetSandboxer().c_str());
+#ifdef ENABLE_REMOTE_IMAGE
+ sandbox_info->image_type = util_strdup_s(
+ CRIHelpersV1::GetCRISandboxerImageType(sandbox.GetSandboxer()).c_str()
+ );
+#endif
sandbox_info->id = util_strdup_s(sandbox.GetId().c_str());
sandbox_info->pid = sandbox.GetPid();
sandbox_info->task_address = util_strdup_s(sandbox.GetTaskAddress().c_str());
diff --git a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
index 8a7779ad..fd87e90b 100644
--- a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
+++ b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
@@ -468,11 +468,17 @@ auto PodSandboxManagerService::RunPodSandbox(const runtime::v1::PodSandboxConfig
// But pull image interface is only in CRI image service, and it can't be called in shim controller,
// so we pull image in CRI pod service.
const std::string &image = m_podSandboxImage;
- if (!EnsureSandboxImageExists(image, runtimeInfo.sandboxer, error)) {
- ERROR("Failed to pull sandbox image %s: %s", image.c_str(), error.NotEmpty() ? error.GetCMessage() : "");
- error.Errorf("Failed to pull sandbox image %s: %s", image.c_str(), error.NotEmpty() ? error.GetCMessage() : "");
- return response_id;
+#ifdef ENABLE_REMOTE_IMAGE
+ if (CRIHelpersV1::GetCRISandboxerImageType(runtimeInfo.sandboxer) != std::string(SANDBOX_IMAGE_TYPE_REMOTE)) {
+#endif
+ if (!EnsureSandboxImageExists(image, runtimeInfo.sandboxer, error)) {
+ ERROR("Failed to pull sandbox image %s: %s", image.c_str(), error.NotEmpty() ? error.GetCMessage() : "");
+ error.Errorf("Failed to pull sandbox image %s: %s", image.c_str(), error.NotEmpty() ? error.GetCMessage() : "");
+ return response_id;
+ }
+#ifdef ENABLE_REMOTE_IMAGE
}
+#endif
// Step 3: Prepare sandbox checkpoint
PrepareSandboxCheckpoint(config, jsonCheckpoint, error);
diff --git a/src/daemon/executor/container_cb/execution_create.c b/src/daemon/executor/container_cb/execution_create.c
index dcbdd1d3..6cd860c2 100644
--- a/src/daemon/executor/container_cb/execution_create.c
+++ b/src/daemon/executor/container_cb/execution_create.c
@@ -1016,6 +1016,18 @@ static int get_request_container_info(const container_create_request *request, c
static int get_request_image_info(const container_create_request *request, char **image_type, char **image_name)
{
+#ifdef ENABLE_REMOTE_IMAGE
+ if (is_container_in_sandbox(request->sandbox) &&
+ strcmp(request->sandbox->image_type, IMAGE_TYPE_REMOTE) == 0) {
+ /*
+ * Note: Currently, remote image type and coco image type
+ * are considered to be the same type.
+ */
+ *image_type = util_strdup_s(IMAGE_TYPE_REMOTE);
+ *image_name = util_strdup_s(IMAGE_NAME_COCO);
+ return 0;
+ }
+#endif
*image_type = im_get_image_type(request->image, request->rootfs);
if (*image_type == NULL) {
return -1;
diff --git a/src/daemon/modules/api/image_api.h b/src/daemon/modules/api/image_api.h
index f35cd013..062684c9 100644
--- a/src/daemon/modules/api/image_api.h
+++ b/src/daemon/modules/api/image_api.h
@@ -41,6 +41,9 @@ extern "C" {
#define IMAGE_TYPE_OCI "oci"
#define IMAGE_TYPE_EMBEDDED "embedded"
#define IMAGE_TYPE_EXTERNAL "external"
+#ifdef ENABLE_REMOTE_IMAGE
+#define IMAGE_TYPE_REMOTE SANDBOX_IMAGE_TYPE_REMOTE
+#endif
typedef struct {
char *image;
diff --git a/src/daemon/modules/image/CMakeLists.txt b/src/daemon/modules/image/CMakeLists.txt
index d8b78ce1..6d31a1ea 100644
--- a/src/daemon/modules/image/CMakeLists.txt
+++ b/src/daemon/modules/image/CMakeLists.txt
@@ -33,6 +33,16 @@ if (ENABLE_EMBEDDED_IMAGE)
)
endif()
+if (ENABLE_REMOTE_IMAGE)
+ add_subdirectory(remote)
+ list(APPEND local_image_srcs
+ ${REMOTE_SRCS}
+ )
+ list(APPEND local_image_incs
+ ${REMOTE_INCS}
+ )
+endif()
+
set(IMAGE_SRCS
${local_image_srcs}
PARENT_SCOPE
diff --git a/src/daemon/modules/image/image.c b/src/daemon/modules/image/image.c
index 871f5f39..baf2ba9d 100644
--- a/src/daemon/modules/image/image.c
+++ b/src/daemon/modules/image/image.c
@@ -125,6 +125,10 @@ struct bim_type {
#include "oci_image.h"
#endif
+#ifdef ENABLE_REMOTE_IMAGE
+#include "remote_image.h"
+#endif
+
#ifdef ENABLE_EMBEDDED_IMAGE
#include "embedded_image.h"
#include "db_all.h"
@@ -243,6 +247,45 @@ static const struct bim_ops g_ext_ops = {
#endif
};
+#ifdef ENABLE_REMOTE_IMAGE
+/* remote */
+static const struct bim_ops g_remote_ops = {
+ .init = NULL,
+ .clean_resource = NULL,
+ .detect = NULL,
+
+ .prepare_rf = remote_prepare_rf,
+ .mount_rf = remote_mount_rf,
+ .umount_rf = remote_umount_rf,
+ .delete_rf = remote_delete_rf,
+ .delete_broken_rf = remote_delete_broken_rf,
+ .export_rf = NULL,
+ .get_dir_rf = NULL,
+
+ .merge_conf = remote_merge_conf_rf,
+ .get_user_conf = remote_get_user_conf,
+
+ .list_ims = NULL,
+ .get_image_count = NULL,
+ .rm_image = remote_rmi,
+ .inspect_image = NULL,
+ .resolve_image_name = remote_resolve_image_name,
+ .container_fs_usage = remote_container_filesystem_usage,
+ .get_filesystem_info = remote_get_filesystem_info,
+ .image_status = NULL,
+ .load_image = NULL,
+ .pull_image = NULL,
+ .login = NULL,
+ .logout = NULL,
+ .tag_image = NULL,
+ .import = NULL,
+ .image_summary = NULL,
+#ifdef ENABLE_IMAGE_SEARCH
+ .search_image = NULL,
+#endif
+};
+#endif
+
static const struct bim_type g_bims[] = {
#ifdef ENABLE_OCI_IMAGE
{
@@ -254,6 +297,9 @@ static const struct bim_type g_bims[] = {
#ifdef ENABLE_EMBEDDED_IMAGE
{ .image_type = IMAGE_TYPE_EMBEDDED, .ops = &g_embedded_ops },
#endif
+#ifdef ENABLE_REMOTE_IMAGE
+ { .image_type = IMAGE_TYPE_REMOTE, .ops = &g_remote_ops },
+#endif
};
diff --git a/src/daemon/modules/image/remote/CMakeLists.txt b/src/daemon/modules/image/remote/CMakeLists.txt
new file mode 100644
index 00000000..6e7dab6d
--- /dev/null
+++ b/src/daemon/modules/image/remote/CMakeLists.txt
@@ -0,0 +1,13 @@
+# get current directory sources files
+aux_source_directory(${CMAKE_CURRENT_SOURCE_DIR} local_remote_srcs)
+
+set(REMOTE_SRCS
+ ${local_remote_srcs}
+ PARENT_SCOPE
+ )
+
+set(REMOTE_INCS
+ ${CMAKE_CURRENT_SOURCE_DIR}
+ PARENT_SCOPE
+ )
+
diff --git a/src/daemon/modules/image/remote/remote_image.c b/src/daemon/modules/image/remote/remote_image.c
new file mode 100644
index 00000000..87b7593d
--- /dev/null
+++ b/src/daemon/modules/image/remote/remote_image.c
@@ -0,0 +1,81 @@
+/******************************************************************************
+ * Copyright (c) Huawei Technologies Co., Ltd. 2025-2026. All rights reserved.
+ * iSulad licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Author: liuxu
+ * Create: 2025-02-11
+ * Explanation: provide remote image function
+ ******************************************************************************/
+#include "remote_image.h"
+
+#include <isula_libutils/log.h>
+
+#include "utils.h"
+
+
+char *remote_resolve_image_name(const char *name)
+{
+ return util_strdup_s(IMAGE_NAME_COCO);
+}
+
+int remote_prepare_rf(const im_prepare_request *request, char **real_rootfs)
+{
+ if (real_rootfs == NULL) {
+ ERROR("Failed to prepare remote rootfs, rootfs is NULL.");
+ return -1;
+ }
+ // real_rootfs will be changed by runtime when sandbox image type is "remote"
+ *real_rootfs = util_strdup_s("rootfs");
+ return 0;
+}
+
+int remote_rmi(const im_rmi_request *request)
+{
+ return 0;
+}
+
+int remote_get_filesystem_info(im_fs_info_response **response)
+{
+ return 0;
+}
+
+int remote_container_filesystem_usage(const im_container_fs_usage_request *request, imagetool_fs_info **fs_usage)
+{
+ return 0;
+}
+
+int remote_delete_broken_rf(const im_delete_rootfs_request *request)
+{
+ return 0;
+}
+
+int remote_delete_rf(const im_delete_rootfs_request *request)
+{
+ return 0;
+}
+
+int remote_umount_rf(const im_umount_request *request)
+{
+ return 0;
+}
+
+int remote_mount_rf(const im_mount_request *request)
+{
+ return 0;
+}
+
+int remote_merge_conf_rf(const char *img_name, container_config *container_spec)
+{
+ return 0;
+}
+
+int remote_get_user_conf(const char *basefs, host_config *hc, const char *userstr, defs_process_user *puser)
+{
+ return 0;
+}
diff --git a/src/daemon/modules/image/remote/remote_image.h b/src/daemon/modules/image/remote/remote_image.h
new file mode 100644
index 00000000..be952129
--- /dev/null
+++ b/src/daemon/modules/image/remote/remote_image.h
@@ -0,0 +1,40 @@
+/******************************************************************************
+ * Copyright (c) Huawei Technologies Co., Ltd. 2025-2026. All rights reserved.
+ * iSulad licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Author: liuxu
+ * Create: 2025-02-11
+ * Explanation: provide remote image function definition
+ ******************************************************************************/
+#ifndef DAEMON_MODULES_IMAGE_REMOTE_IMAGE_H
+#define DAEMON_MODULES_IMAGE_REMOTE_IMAGE_H
+
+#include "image_api.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+char *remote_resolve_image_name(const char *name);
+int remote_prepare_rf(const im_prepare_request *request, char **real_rootfs);
+int remote_rmi(const im_rmi_request *request);
+int remote_get_filesystem_info(im_fs_info_response **response);
+int remote_container_filesystem_usage(const im_container_fs_usage_request *request, imagetool_fs_info **fs_usage);
+int remote_delete_broken_rf(const im_delete_rootfs_request *request);
+int remote_delete_rf(const im_delete_rootfs_request *request);
+int remote_umount_rf(const im_umount_request *request);
+int remote_mount_rf(const im_mount_request *request);
+int remote_merge_conf_rf(const char *img_name, container_config *container_spec);
+int remote_get_user_conf(const char *basefs, host_config *hc, const char *userstr, defs_process_user *puser);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/src/daemon/sandbox/sandboxer/sandboxer_sandbox.cc b/src/daemon/sandbox/sandboxer/sandboxer_sandbox.cc
index b2e2fb32..e26b87c8 100644
--- a/src/daemon/sandbox/sandboxer/sandboxer_sandbox.cc
+++ b/src/daemon/sandbox/sandboxer/sandboxer_sandbox.cc
@@ -31,6 +31,8 @@
#include "cxxutils.h"
#include "utils_timestamp.h"
#include "utils_array.h"
+#include "constants.h"
+#include "v1_cri_helpers.h"
namespace sandbox {
@@ -297,6 +299,12 @@ static defs_process *clone_defs_process(defs_process *process_spec)
auto SandboxerSandbox::GenerateCtrlRootfs(sandbox_task *task, const char *baseFs) -> int
{
+#ifdef ENABLE_REMOTE_IMAGE
+ // do not mount image to vm for remote or confidential containers
+ if (CRIHelpersV1::GetCRISandboxerImageType(GetSandboxer()) == std::string(SANDBOX_IMAGE_TYPE_REMOTE)) {
+ return 0;
+ }
+#endif
size_t len = 1;
if (nullptr == baseFs) {
ERROR("Container %s has no base fs", task->task_id);
@@ -573,7 +581,7 @@ auto SandboxerSandbox::PrepareExec(const char *containerId, const char *execId,
}
process = process_wrapper->move();
if (InitApiSandbox(apiSandbox) != 0) {
- ERROR("Failed to init %s api sandbox.", containerId);
+ ERROR("Failed to update %s api sandbox.", containerId);
goto del_out;
}
if (DoSandboxUpdate(apiSandbox) != 0) {
--
2.34.1

169
0198-isolate-isula-search-ut-in-registry_images_ut.patch Normal file
View File

@ -0,0 +1,169 @@
From 487191cf6bbedc14524056dd653bdc920e78f545 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 19 Feb 2025 11:52:59 +1400
Subject: [PATCH 198/198] isolate isula search ut in registry_images_ut
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
test/image/oci/registry/CMakeLists.txt | 10 ++-
test/image/oci/registry/registry_ut.cc | 103 +++++++++++++------------
2 files changed, 61 insertions(+), 52 deletions(-)
diff --git a/test/image/oci/registry/CMakeLists.txt b/test/image/oci/registry/CMakeLists.txt
index d78bb7d3..5ae59ebc 100644
--- a/test/image/oci/registry/CMakeLists.txt
+++ b/test/image/oci/registry/CMakeLists.txt
@@ -2,7 +2,16 @@ project(iSulad_UT)
SET(EXE registry_images_ut)
+if(ENABLE_IMAGE_SEARCH)
+ set(search_srcs
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/image/oci/registry/registry_apiv1.c
+ )
+else()
+ set(search_srcs "")
+endif()
+
add_executable(${EXE}
+ ${search_srcs}
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/utils/cutils/utils.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/utils/cutils/utils_regex.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/utils/cutils/utils_verify.c
@@ -34,7 +43,6 @@ add_executable(${EXE}
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/image/oci/registry/registry.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/image/oci/registry/registry_apiv2.c
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/image/oci/registry/registry_apiv1.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/image/oci/registry/http_request.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/image/oci/registry/certs.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/image/oci/registry/auths.c
diff --git a/test/image/oci/registry/registry_ut.cc b/test/image/oci/registry/registry_ut.cc
index 4eacdb11..c5d9717c 100644
--- a/test/image/oci/registry/registry_ut.cc
+++ b/test/image/oci/registry/registry_ut.cc
@@ -395,57 +395,6 @@ int invokeHttpRequestLogin(const char *url, struct http_get_options *options, lo
return 0;
}
-int invokeHttpRequestSearch(const char *url, struct http_get_options *options, long *response_code, int recursive_len)
-{
-#define RETRY_TIMES 3
-#define SEARCH_TEST_NOT_FOUND 2
-#define SEARCH_TEST_SERVER_ERROR 5
-#define SEARCH_TEST_RETRY_SUCCESS 8
- std::string file;
- char *data = nullptr;
- Buffer *output_buffer = (Buffer *)options->output;
- static int search_count = 0;
-
- ERROR("url is %s", url);
- ERROR("search_count is %d", search_count);
-
- std::string data_path = get_dir() + "/data/oci/";
- if (strcmp(url, "https://index.docker.io/v1/_ping") == 0) {
- file = data_path + "ping_v1_head";
- } else if (util_has_prefix(url, "https://index.docker.io/v1/search?q=busybox")) {
- search_count++;
- // test not find
- if (search_count >= SEARCH_TEST_NOT_FOUND && search_count < SEARCH_TEST_NOT_FOUND + RETRY_TIMES) {
- file = data_path + "search_result_404";
- }
- // test server error and restry
- else if ((search_count >= SEARCH_TEST_SERVER_ERROR && search_count < SEARCH_TEST_SERVER_ERROR + RETRY_TIMES) ||
- (search_count == SEARCH_TEST_RETRY_SUCCESS)) {
- file = data_path + "search_server_error";
- } else {
- file = data_path + "search_result";
- }
- } else {
- ERROR("%s not match failed", url);
- return -1;
- }
-
- data = util_read_text_file(file.c_str());
- if (data == nullptr) {
- ERROR("read file %s failed", file.c_str());
- return -1;
- }
-
- if (options->outputtype == HTTP_REQUEST_STRBUF) {
- free(output_buffer->contents);
- output_buffer->contents = util_strdup_s(data);
- }
- free(data);
-
- return 0;
-}
-
-
int invokeStorageImgCreate(const char *id, const char *parent_id, const char *metadata,
struct storage_img_create_options *opts)
{
@@ -921,6 +870,57 @@ TEST_F(RegistryUnitTest, test_cleanup)
ASSERT_EQ(remove_certs(mirror_dir), 0);
}
+#ifdef ENABLE_IMAGE_SEARCH
+int invokeHttpRequestSearch(const char *url, struct http_get_options *options, long *response_code, int recursive_len)
+{
+#define RETRY_TIMES 3
+#define SEARCH_TEST_NOT_FOUND 2
+#define SEARCH_TEST_SERVER_ERROR 5
+#define SEARCH_TEST_RETRY_SUCCESS 8
+ std::string file;
+ char *data = nullptr;
+ Buffer *output_buffer = (Buffer *)options->output;
+ static int search_count = 0;
+
+ ERROR("url is %s", url);
+ ERROR("search_count is %d", search_count);
+
+ std::string data_path = get_dir() + "/data/oci/";
+ if (strcmp(url, "https://index.docker.io/v1/_ping") == 0) {
+ file = data_path + "ping_v1_head";
+ } else if (util_has_prefix(url, "https://index.docker.io/v1/search?q=busybox")) {
+ search_count++;
+ // test not find
+ if (search_count >= SEARCH_TEST_NOT_FOUND && search_count < SEARCH_TEST_NOT_FOUND + RETRY_TIMES) {
+ file = data_path + "search_result_404";
+ }
+ // test server error and restry
+ else if ((search_count >= SEARCH_TEST_SERVER_ERROR && search_count < SEARCH_TEST_SERVER_ERROR + RETRY_TIMES) ||
+ (search_count == SEARCH_TEST_RETRY_SUCCESS)) {
+ file = data_path + "search_server_error";
+ } else {
+ file = data_path + "search_result";
+ }
+ } else {
+ ERROR("%s not match failed", url);
+ return -1;
+ }
+
+ data = util_read_text_file(file.c_str());
+ if (data == nullptr) {
+ ERROR("read file %s failed", file.c_str());
+ return -1;
+ }
+
+ if (options->outputtype == HTTP_REQUEST_STRBUF) {
+ free(output_buffer->contents);
+ output_buffer->contents = util_strdup_s(data);
+ }
+ free(data);
+
+ return 0;
+}
+
TEST_F(RegistryUnitTest, test_search_image)
{
registry_search_options *options = nullptr;
@@ -971,3 +971,4 @@ TEST_F(RegistryUnitTest, test_search_image)
free_registry_search_options(options);
}
+#endif
\ No newline at end of file
--
2.34.1

80
0199-move-sandbox-network_ready-from-metadata-to-state-fo.patch Normal file
View File

@ -0,0 +1,80 @@
From c61807c0f18022117fc02889b42d87ec19e9d1e9 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sat, 22 Feb 2025 10:38:59 +1400
Subject: [PATCH 1/2] move sandbox network_ready from metadata to state for
save optimization
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/sandbox/sandbox.cc | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/src/daemon/sandbox/sandbox.cc b/src/daemon/sandbox/sandbox.cc
index b97c0bc6..33d7f63f 100644
--- a/src/daemon/sandbox/sandbox.cc
+++ b/src/daemon/sandbox/sandbox.cc
@@ -431,7 +431,11 @@ auto Sandbox::UpdateStatsInfo(const StatsInfo &info) -> StatsInfo
void Sandbox::SetNetworkReady(bool ready)
{
+ Errors tmp_error;
m_networkReady = ready;
+ if (!SaveState(tmp_error)) {
+ ERROR("Failed to save sandbox state, %s for %s", m_id.c_str(), tmp_error.GetMessage().c_str());
+ }
}
auto Sandbox::Save(Errors &error) -> bool
@@ -504,6 +508,8 @@ auto Sandbox::Load(Errors &error) -> bool
return true;
}
+// no need to save state after recovery
+// when restarting isulad, the status will be updated again and wait sandbox
void Sandbox::OnSandboxReady()
{
WriteGuard<RWMutex> lock(m_stateMutex);
@@ -514,6 +520,8 @@ void Sandbox::OnSandboxReady()
m_state.status = SANDBOX_STATUS_RUNNING;
}
+// no need to save intermediate state
+// when restarting isulad, the status will be updated again and wait sandbox
void Sandbox::OnSandboxPending()
{
WriteGuard<RWMutex> lock(m_stateMutex);
@@ -842,6 +850,7 @@ auto Sandbox::SaveState(Errors &error) -> bool
state.pid = m_state.pid;
state.status = m_state.status;
state.updated_at = m_state.updatedAt;
+ state.network_ready = m_networkReady;
stateJson = GenerateSandboxStateJson(&state);
if (stateJson.length() == 0) {
@@ -953,6 +962,7 @@ auto Sandbox::LoadState(Errors &error) -> bool
m_state.createdAt = state->get()->created_at;
m_state.updatedAt = state->get()->updated_at;
m_state.status = (SandboxStatus)state->get()->status;
+ m_networkReady = state->get()->network_ready;
return true;
}
@@ -1005,7 +1015,6 @@ auto Sandbox::LoadMetadata(Errors &error) -> bool
m_runtimeInfo.sandboxer = std::string(metadata->get()->runtime_info->sandboxer);
m_runtimeInfo.runtimeHandler = std::string(metadata->get()->runtime_info->runtime_handler);
m_netMode = std::string(metadata->get()->net_mode);
- m_networkReady = metadata->get()->network_ready;
m_taskAddress = std::string(metadata->get()->task_address);
m_netNsPath = std::string(metadata->get()->net_ns_path);
@@ -1125,7 +1134,6 @@ void Sandbox::FillSandboxMetadata(sandbox_metadata* metadata, Errors &error)
metadata->runtime_info->runtime_handler = util_strdup_s(m_runtimeInfo.runtimeHandler.c_str());
metadata->net_mode = util_strdup_s(m_netMode.c_str());
- metadata->network_ready = m_networkReady;
metadata->task_address = util_strdup_s(m_taskAddress.c_str());
metadata->net_ns_path = util_strdup_s(m_netNsPath.c_str());
--
2.43.0

91
0200-clean-sandbox-when-create-failed-to-be-consisent-wit.patch Normal file
View File

@ -0,0 +1,91 @@
From e980d889e5af64219cbb1bf7ec4ebaa14c05588a Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 24 Feb 2025 15:10:28 +1400
Subject: [PATCH 2/2] clean sandbox when create failed to be consisent with CRI
v1alpha
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
.../v1/v1_cri_pod_sandbox_manager_service.cc | 25 +++++++++++++++++--
1 file changed, 23 insertions(+), 2 deletions(-)
diff --git a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
index fd87e90b..35f968e8 100644
--- a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
+++ b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
@@ -324,12 +324,14 @@ void PodSandboxManagerService::StartPodSandboxAndSetupNetowrk(std::shared_ptr<sa
{
cri_container_message_t msg = { 0 };
std::string network_setting_json;
+ Errors stopError;
// Step 8.2.1: Call sandbox create.
sandbox->Create(error);
if (error.NotEmpty()) {
ERROR("Failed to create sandbox: %s", sandboxName.c_str());
- return;
+ // clean_sandbox to be consisent with CRI v1alpha
+ goto cleanup_sandbox;
}
msg.container_id = sandbox->GetId().c_str();
@@ -380,15 +382,21 @@ void PodSandboxManagerService::StartPodSandboxAndSetupNetowrk(std::shared_ptr<sa
return;
stop_sandbox:
- Errors stopError;
CRIHelpers::StopContainerHelper(m_cb, sandbox->GetId(), 0, stopError);
WARN("Error stop container: %s: %s", sandbox->GetId().c_str(), stopError.GetCMessage());
+ return;
+cleanup_sandbox:
+ sandbox::SandboxManager::GetInstance()->DeleteSandbox(sandbox->GetId(), error);
+ if (error.NotEmpty()) {
+ WARN("Error remove container: %s: %s", sandbox->GetId().c_str(), error.GetCMessage());
+ }
}
void PodSandboxManagerService::SetupNetowrkAndStartPodSandbox(std::shared_ptr<sandbox::Sandbox> sandbox, std::string &sandboxName, std::string &networkMode, Errors &error)
{
cri_container_message_t msg = { 0 };
std::string network_setting_json;
+ bool clean_sandbox = true;
// Step 8.1.1: Setup networking for the sandbox.
// Setup sandbox network before create sandbox since the remote create might fail for sandbox
@@ -404,6 +412,8 @@ void PodSandboxManagerService::SetupNetowrkAndStartPodSandbox(std::shared_ptr<sa
goto cleanup_network;
}
+ // clean_sandbox is false, no need to clean sandbox to be consisent with CRI v1alpha
+ clean_sandbox = false;
msg.container_id = sandbox->GetId().c_str();
msg.sandbox_id = sandbox->GetId().c_str();
msg.type = CRI_CONTAINER_MESSAGE_TYPE_CREATED;
@@ -438,6 +448,13 @@ cleanup_network:
return;
}
}
+ if (clean_sandbox) {
+ sandbox::SandboxManager::GetInstance()->DeleteSandbox(sandbox->GetId(), error);
+ if (error.NotEmpty()) {
+ WARN("Error remove sanbox: %s: %s", sandbox->GetId().c_str(), error.GetCMessage());
+ }
+ }
+
}
auto PodSandboxManagerService::RunPodSandbox(const runtime::v1::PodSandboxConfig &config,
@@ -517,6 +534,10 @@ auto PodSandboxManagerService::RunPodSandbox(const runtime::v1::PodSandboxConfig
sandbox->Save(error);
if (error.NotEmpty()) {
ERROR("Failed to save sandbox, %s", sandboxName.c_str());
+ sandbox::SandboxManager::GetInstance()->DeleteSandbox(sandbox->GetId(), error);
+ if (error.NotEmpty()) {
+ WARN("Error remove sanbox: %s: %s", sandbox->GetId().c_str(), error.GetCMessage());
+ }
goto clean_ns;
}
--
2.43.0

84
iSulad.spec
View File

@ -1,5 +1,5 @@
%global _version 2.1.5
%global _release 14
%global _release 19
%global is_systemd 1
%global enable_criv1 1
%global enable_cdi 1
@ -10,6 +10,7 @@
%ifarch x86_64 aarch64
%global enable_nri 0
%global enable_sandboxer 0
%global enable_remote_image 0
%endif
Name: iSulad
@ -177,6 +178,50 @@ Patch0153: 0153-sandbox-sandbox-api-adapt-rust-interface.patch
Patch0154: 0154-add-linux-capability.h-head-file.patch
Patch0155: 0155-sandbox-fix-unused-variables.patch
Patch0156: 0156-sandbox-sandbox-api-adapt-rust-interface-UT.patch
Patch0157: 0157-bugfix-for-nri-init.patch
Patch0158: 0158-Revert-move-nri-call-in-stop-and-remove-con.patch
Patch0159: 0159-bugfix-overwriting-when-i-is-len-1.patch
Patch0160: 0160-bug-fix-Isula-ps-not-display-N-A-when-ports-empty.patch
Patch0161: 0161-bugfix-for-workdir-len-verify.patch
Patch0162: 0162-bugfix-fix-exec-detach-for-shim-v2.patch
Patch0163: 0163-image-layer-fix-code-style.patch
Patch0164: 0164-image-store-add-UT.patch
Patch0165: 0165-bugfix-do-purge-container-when-do_start_container-fa.patch
Patch0166: 0166-supplementary-registry-design-documentation.patch
Patch0167: 0167-sandbox-del-shim_sandbox-and-change-sandbox-ops.patch
Patch0168: 0168-UT-del-shim_sandbox-and-change-sandbox-ops.patch
Patch0169: 0169-add-image-storage-unit-test.patch
Patch0170: 0170-fix-some-bad-code.patch
Patch0171: 0171-registry-module-code-improve.patch
Patch0172: 0172-image-store-fix-code-style.patch
Patch0173: 0173-bugfix-mem-leak.patch
Patch0174: 0174-bugfix-for-parse_http_header.patch
Patch0175: 0175-add-layer-storage-ut-test.patch
Patch0176: 0176-add-registry-ut-test.patch
Patch0177: 0177-add-loongarch64-support.patch
Patch0178: 0178-add-storage-driver-ut.patch
Patch0179: 0179-iSulad-support-shim-stats-cmd.patch
Patch0180: 0180-fix-storage-driver-ut.patch
Patch0181: 0181-apply-patch-for-lib-shim-v2-install.patch
Patch0182: 0182-fix-error-macro-isolation-memory-leak-and-meanless-r.patch
Patch0183: 0183-add-dt-for-cri-v1.patch
Patch0184: 0184-do-check-process-alive-read-pid-ppid-info-in-runtime.patch
Patch0185: 0185-sandbox-sandboxer-code-isolation.patch
Patch0186: 0186-UT-sandboxer-code-isolation.patch
Patch0187: 0187-remove-uncalled-functions-in-cri-v1.patch
Patch0188: 0188-sandbox-fix-memory-leak-in-fill-sandbox-metadate.patch
Patch0189: 0189-add-sandbox-pid-init-and-verify-sandbox-ready-when-c.patch
Patch0190: 0190-modified-the-procedure-of-start-pod-and-set-up-netwo.patch
Patch0191: 0191-bugfix-dereference-null-pointer.patch
Patch0192: 0192-modify-save-step-in-run-sandbox.patch
Patch0193: 0193-add-dt-for-cri-v1.patch
Patch0194: 0194-modify-the-CreateContainer-failed-return.patch
Patch0195: 0195-Add-some-unit-tests-for-sandbox-and-shim-controller.patch
Patch0196: 0196-add-remove-pod-in-cri-stats.patch
Patch0197: 0197-coco-support-confidential-containers.patch
Patch0198: 0198-isolate-isula-search-ut-in-registry_images_ut.patch
Patch0199: 0199-move-sandbox-network_ready-from-metadata-to-state-fo.patch
Patch0200: 0200-clean-sandbox-when-create-failed-to-be-consisent-wit.patch
%ifarch x86_64 aarch64
Provides: libhttpclient.so()(64bit)
@ -217,7 +262,7 @@ BuildRequires: libevhtp-devel libevent-devel
%if 0%{?enable_shimv2}
BuildRequires: lib-shim-v2 lib-shim-v2-devel
%endif
%if 0%{?enable_nri}
%if 0%{?enable_nri} || 0%{?enable_sandboxer}
BuildRequires: isula-rust-extensions-devel
%endif
@ -232,7 +277,7 @@ BuildRequires: libevhtp libevent
%if 0%{?enable_shimv2}
Requires: lib-shim-v2
%endif
%if 0%{?enable_nri}
%if 0%{?enable_nri} || 0%{?enable_sandboxer}
Requires: isula-rust-extensions
%endif
@ -261,6 +306,9 @@ cd build
%endif
%if 0%{?enable_sandboxer}
-DENABLE_SANDBOXER=ON \
%if 0%{?enable_remote_image}
-DENABLE_REMOTE_IMAGE=ON \
%endif
%endif
%endif
%if 0%{?enable_shimv2}
@ -444,6 +492,36 @@ fi
%endif
%changelog
* Wed May 14 2025 dongyuzhen <dongyuzhen@h-partners.com> - 2.1.5-19
- Type:enhancement
- CVE:NA
- SUG:NA
- DESC:sync patches from upstream
* Mon Dec 30 2024 jingxiaolu<lujingxiao@huawei.com> - 2.1.5-18
- Type: bugfix
- ID: NA
- SUG: NA
- DESC: sync patches from upstream for refactoring sandbox and bugfixing
* Mon Dec 30 2024 jingxiaolu<lujingxiao@huawei.com> - 2.1.5-17
- Type: bugfix
- ID: NA
- SUG: NA
- DESC: sync patches from upstream
* Wed Dec 18 2024 zhongtao <zhongtao17@huawei.com> - 2.1.5-16
- Type: bugfix
- ID: NA
- SUG: NA
- DESC: bugfix for nri
* Thu Nov 28 2024 liuxu <liuxu156@huawei.com> - 2.1.5-15
- Type: update
- ID: NA
- SUG: NA
- DESC: sandboxer require isula-rust-extensions
* Mon Nov 25 2024 liuxu <liuxu156@huawei.com> - 2.1.5-14
- Type: update
- ID: NA