packages/lcr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!257 sync from upstream

Browse Source 
* sync from upstream
This commit is contained in:
jake 2023-09-19 08:38:39 +00:00 committed by haozi007
parent 862d85e44b
commit 26787717d8
9 changed files with 3018 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
0001-support-check-symbols-and-compile-code-in-cmake.patch Normal file
View File

@ -0,0 +1,37 @@
From 6646d4020ba6e1ea2bf4a129cd7188368e18d3bc Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Sat, 26 Aug 2023 10:54:02 +0800
Subject: [PATCH 1/8] support check symbols and compile code in cmake
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
cmake/checker.cmake | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/cmake/checker.cmake b/cmake/checker.cmake
index 13c1cdb..27a83d1 100644
--- a/cmake/checker.cmake
+++ b/cmake/checker.cmake
@@ -20,6 +20,9 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
#
+include(CheckFunctionExists)
+include(CheckCSourceCompiles)
+
# check depends library and headers
find_package(PkgConfig REQUIRED)
@@ -91,3 +94,9 @@ if (ENABLE_GCOV)
_CHECK(CMD_GENHTML "CMD_GENHTML-NOTFOUND" "genhtml")
endif()
+check_function_exists(strerror_r HAVE_STRERROR_R)
+
+check_c_source_compiles(
+ "#define _GNU_SOURCE\n#include <string.h>\nint main() { char err_str[128]; char *ptr = strerror_r(-2, err_str, 128); return ptr != (void *)0L; }"
+ STRERROR_R_CHAR_P
+)
--
2.34.1

97
0002-remove-unnecessary-strerror.patch Normal file
View File

@ -0,0 +1,97 @@
From 24579633671fca855dd1c66a4d7614ccf2e7e388 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Tue, 5 Sep 2023 19:35:37 +0800
Subject: [PATCH 2/8] remove unnecessary strerror
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
src/runtime/lcrcontainer_execute.c | 3 +--
src/runtime/lcrcontainer_extend.c | 16 ++++++++--------
2 files changed, 9 insertions(+), 10 deletions(-)
diff --git a/src/runtime/lcrcontainer_execute.c b/src/runtime/lcrcontainer_execute.c
index 864c097..f2bb944 100644
--- a/src/runtime/lcrcontainer_execute.c
+++ b/src/runtime/lcrcontainer_execute.c
@@ -71,8 +71,7 @@
do \
{ \
SYSERROR("Error updating cgroup %s to %s", (item), (value)); \
- lcr_set_error_message(LCR_ERR_RUNTIME, "Error updating cgroup %s to %s: %s", (item), (value), \
- strerror(errno)); \
+ lcr_set_error_message(LCR_ERR_RUNTIME, "Error updating cgroup %s to %s.", (item), (value)); \
} while (0)
static inline void add_array_elem(char **array, size_t total, size_t *pos, const char *elem)
diff --git a/src/runtime/lcrcontainer_extend.c b/src/runtime/lcrcontainer_extend.c
index 2f3ae9f..8b5a85c 100644
--- a/src/runtime/lcrcontainer_extend.c
+++ b/src/runtime/lcrcontainer_extend.c
@@ -153,7 +153,7 @@ static int make_annotations(oci_runtime_spec *container, const struct lxc_contai
goto out;
}
if (lcr_util_ensure_path(&realpath, anno->values[fpos])) {
- ERROR("Invalid log path: %s, error: %s.", anno->values[fpos], strerror(errno));
+ SYSERROR("Invalid log path: %s.", anno->values[fpos]);
goto out;
}
ret = 0;
@@ -378,7 +378,7 @@ static int lcr_spec_write_seccomp_line(FILE *fp, const char *seccomp)
line[nret] = '\n';
if (fwrite(line, 1, len ,fp) != len) {
- ERROR("Write file failed: %s", strerror(errno));
+ SYSERROR("Write file failed");
goto cleanup;
}
@@ -743,8 +743,8 @@ static FILE *lcr_open_config_file(const char *bundle)
fd = lcr_util_open(real_config, O_CREAT | O_TRUNC | O_CLOEXEC | O_WRONLY, CONFIG_FILE_MODE);
if (fd == -1) {
- ERROR("Create file %s failed, %s", real_config, strerror(errno));
- lcr_set_error_message(LCR_ERR_RUNTIME, "Create file %s failed, %s", real_config, strerror(errno));
+ SYSERROR("Create file %s failed", real_config);
+ lcr_set_error_message(LCR_ERR_RUNTIME, "Create file %s failed", real_config);
goto out;
}
@@ -856,7 +856,7 @@ static int lcr_spec_write_config(FILE *fp, const struct lcr_list *lcr_conf)
line_encode[len] = '\n';
if (fwrite(line_encode, 1, len + 1, fp) != len + 1) {
- ERROR("Write file failed: %s", strerror(errno));
+ SYSERROR("Write file failed");
goto cleanup;
}
@@ -908,7 +908,7 @@ char *lcr_get_bundle(const char *lcrpath, const char *name)
ERROR("Bundle %s does not exist", bundle);
break;
default:
- ERROR("Access %s failed: %s\n", bundle, strerror(errno));
+ SYSERROR("Access %s failed", bundle);
}
goto cleanup;
}
@@ -995,7 +995,7 @@ static int lcr_write_file(const char *path, const char *data, size_t len)
}
if (write(fd, data, len) == -1) {
- ERROR("write data to %s failed: %s", real_path, strerror(errno));
+ SYSERROR("write data to %s failed", real_path);
goto out_free;
}
@@ -1023,7 +1023,7 @@ static bool lcr_write_ocihooks(const char *path, const oci_runtime_spec_hooks *h
}
if (lcr_write_file(path, json_hooks, strlen(json_hooks)) == -1) {
- ERROR("write json hooks failed: %s", strerror(errno));
+ SYSERROR("write json hooks failed");
goto out_free;
}
--
2.34.1

82
0003-improve-code-of-function-in-log.patch Normal file
View File

@ -0,0 +1,82 @@
From 19810333a97614619a1e2c945c253c964ef02d3b Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Wed, 6 Sep 2023 14:22:21 +0800
Subject: [PATCH 3/8] improve code of function in log
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
src/runtime/lcrcontainer_execute.c | 4 ++--
src/third_party/log.c | 6 +++---
src/third_party/log.h | 4 ++--
3 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/runtime/lcrcontainer_execute.c b/src/runtime/lcrcontainer_execute.c
index f2bb944..e91ff27 100644
--- a/src/runtime/lcrcontainer_execute.c
+++ b/src/runtime/lcrcontainer_execute.c
@@ -883,7 +883,7 @@ static void execute_lxc_attach(const char *name, const char *path, const struct
execvp("lxc-attach", params);
- COMMAND_ERROR("Failed to exec lxc-attach: %s", strerror(errno));
+ CMD_SYSERROR("Failed to exec lxc-attach");
free(params);
exit(EXIT_FAILURE);
}
@@ -1027,6 +1027,6 @@ void execute_lxc_start(const char *name, const char *path, const struct lcr_star
execvp("lxc-start", params);
- COMMAND_ERROR("Failed to exec lxc-start: %s.", strerror(errno));
+ CMD_SYSERROR("Failed to exec lxc-start.");
exit(EXIT_FAILURE);
}
diff --git a/src/third_party/log.c b/src/third_party/log.c
index 5ba638b..5097eb8 100644
--- a/src/third_party/log.c
+++ b/src/third_party/log.c
@@ -309,18 +309,18 @@ static int open_fifo(const char *fifo_path)
nret = mknod(fifo_path, S_IFIFO | S_IRUSR | S_IWUSR, (dev_t)0);
if (nret && errno != EEXIST) {
- COMMAND_ERROR("Mknod failed: %s", strerror(errno));
+ CMD_SYSERROR("Mknod failed");
return nret;
}
fifo_fd = lcr_util_open(fifo_path, O_RDWR | O_NONBLOCK, 0);
if (fifo_fd == -1) {
- COMMAND_ERROR("Open fifo %s failed: %s", fifo_path, strerror(errno));
+ CMD_SYSERROR("Open fifo %s failed", fifo_path);
return -1;
}
if (fcntl(fifo_fd, F_SETPIPE_SZ, LOG_FIFO_SIZE) == -1) {
- COMMAND_ERROR("Set fifo buffer size failed: %s", strerror(errno));
+ CMD_SYSERROR("Set fifo buffer size failed");
close(fifo_fd);
return -1;
}
diff --git a/src/third_party/log.h b/src/third_party/log.h
index 3462b17..d0e5fa8 100644
--- a/src/third_party/log.h
+++ b/src/third_party/log.h
@@ -417,13 +417,13 @@ lxc_log_priority_define(&g_lxc_log_category_lxc, FATAL);
#define CMD_SYSERROR(format, ...) \
do { \
lxc_log_strerror_r; \
- fprintf(stderr, "%s - " format, ptr, ##__VA_ARGS__); \
+ fprintf(stderr, "%s - " format "\n", ptr, ##__VA_ARGS__); \
} while (0)
#define CMD_SYSINFO(format, ...) \
do { \
lxc_log_strerror_r; \
- printf("%s - " format, ptr, ##__VA_ARGS__); \
+ printf("%s - " format "\n", ptr, ##__VA_ARGS__); \
} while (0)
#define COMMAND_ERROR(fmt, args...) \
--
2.34.1

338
0004-support-visibility-of-compiler.patch Normal file
View File

@ -0,0 +1,338 @@
From ed36936f30525704f71e3b7444c1d25ffe50ab2f Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Tue, 12 Sep 2023 10:27:05 +0800
Subject: [PATCH 4/8] support visibility of compiler
use visibility for liblcr
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
CMakeLists.txt | 4 +--
src/CMakeLists.txt | 1 +
src/runtime/lcrcontainer.h | 68 ++++++++++++++++++++------------------
src/utils/utils_compile.h | 50 ++++++++++++++++++++++++++++
4 files changed, 88 insertions(+), 35 deletions(-)
create mode 100644 src/utils/utils_compile.h
diff --git a/CMakeLists.txt b/CMakeLists.txt
index a51ac7d..e00dc96 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -117,8 +117,8 @@ install(FILES ${CMAKE_BINARY_DIR}/conf/lcr.pc
DESTINATION ${LIB_INSTALL_DIR_DEFAULT}/pkgconfig PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ GROUP_WRITE WORLD_READ WORLD_EXECUTE)
install(FILES ${CMAKE_BINARY_DIR}/conf/libisula.pc
DESTINATION ${LIB_INSTALL_DIR_DEFAULT}/pkgconfig PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ GROUP_WRITE WORLD_READ WORLD_EXECUTE)
-install(FILES src/runtime/lcrcontainer.h
- DESTINATION include/lcr)
+install(FILES src/runtime/lcrcontainer.h DESTINATION include/lcr)
+install(FILES src/utils/utils_compile.h DESTINATION include/lcr)
install(FILES src/third_party/log.h DESTINATION include/isula_libutils)
install(FILES src/third_party/go_crc64.h DESTINATION include/isula_libutils)
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 2bf468f..c423dd7 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -124,6 +124,7 @@ target_include_directories(liblcr
# set liblcr compile flags
set_target_properties(liblcr PROPERTIES PREFIX "")
target_link_libraries(liblcr ${check_libs} isula_libutils)
+target_compile_options(liblcr PRIVATE -fvisibility=hidden)
if (CMAKE_TOOLCHAIN_FILE)
target_link_directories(liblcr PUBLIC ${CMAKE_LIBRARY_PATH})
diff --git a/src/runtime/lcrcontainer.h b/src/runtime/lcrcontainer.h
index edfc869..6add8c4 100644
--- a/src/runtime/lcrcontainer.h
+++ b/src/runtime/lcrcontainer.h
@@ -32,13 +32,15 @@
#include <stdbool.h>
#include <sys/types.h>
+#include "utils_compile.h"
+
#ifdef __cplusplus
extern "C" {
#endif
/* define console log config */
-struct lcr_console_config {
+__EXPORT__ struct lcr_console_config {
char *log_path;
unsigned int log_rotate;
char *log_file_size;
@@ -47,7 +49,7 @@ struct lcr_console_config {
/*
* Store lcr container info
*/
-struct lcr_container_info {
+__EXPORT__ struct lcr_container_info {
/* Name of container. */
char *name;
/* State of container. */
@@ -62,7 +64,7 @@ struct lcr_container_info {
bool running;
};
-struct blkio_stats {
+__EXPORT__ struct blkio_stats {
uint64_t read;
uint64_t write;
uint64_t total;
@@ -71,7 +73,7 @@ struct blkio_stats {
/*
* Store lcr container state
*/
-struct lcr_container_state {
+__EXPORT__ struct lcr_container_state {
/* Name of container */
char *name;
/* State of container */
@@ -108,14 +110,14 @@ typedef enum {
lcr_msg_exit_code,
} lcr_msg_type_t;
-struct lcr_msg {
+__EXPORT__ struct lcr_msg {
lcr_msg_type_t type;
char name[NAME_MAX + 1];
int value;
int pid;
};
-struct lcr_cgroup_resources {
+__EXPORT__ struct lcr_cgroup_resources {
uint64_t blkio_weight;
uint64_t cpu_shares;
uint64_t cpu_period;
@@ -134,23 +136,23 @@ struct lcr_cgroup_resources {
* Get one container info for a given lcrpath.
* return struct of container info, or NULL on error.
*/
-struct lcr_container_info *lcr_container_info_get(const char *name, const char *lcrpath);
+__EXPORT__ struct lcr_container_info *lcr_container_info_get(const char *name, const char *lcrpath);
/*
* Free lcr_container_info returned lcr_container_info_get
*/
-void lcr_container_info_free(struct lcr_container_info *info);
+__EXPORT__ void lcr_container_info_free(struct lcr_container_info *info);
/*
* Get a complete list of all containers for a given lcrpath.
* return Number of containers, or -1 on error.
*/
-int lcr_list_all_containers(const char *lcrpath, struct lcr_container_info **info_arr);
+__EXPORT__ int lcr_list_all_containers(const char *lcrpath, struct lcr_container_info **info_arr);
/*
* Free lcr_container_info array returned by lcr_list_{active,all}_containers
*/
-void lcr_containers_info_free(struct lcr_container_info **info_arr, size_t size);
+__EXPORT__ void lcr_containers_info_free(struct lcr_container_info **info_arr, size_t size);
/*
* Create a container
@@ -158,7 +160,7 @@ void lcr_containers_info_free(struct lcr_container_info **info_arr, size_t size)
* param lcrpath : container path
* param oci_json_data : json string of oci config data
*/
-bool lcr_create_from_ocidata(const char *name, const char *lcrpath, const void *oci_json_data);
+__EXPORT__ bool lcr_create_from_ocidata(const char *name, const char *lcrpath, const void *oci_json_data);
/*
* Create a container
@@ -166,7 +168,7 @@ bool lcr_create_from_ocidata(const char *name, const char *lcrpath, const void *
* param lcrpath : container path
* param oci_config : pointer of struct oci config
*/
-bool lcr_create(const char *name, const char *lcrpath, void *oci_config);
+__EXPORT__ bool lcr_create(const char *name, const char *lcrpath, void *oci_config);
/*
* Start a container
@@ -188,7 +190,7 @@ bool lcr_create(const char *name, const char *lcrpath, void *oci_config);
* gid : user in which group
* additional_gids : Add additional groups to join
*/
-struct lcr_start_request {
+__EXPORT__ struct lcr_start_request {
const char *name;
const char *lcrpath;
@@ -204,7 +206,7 @@ struct lcr_start_request {
const char *exit_fifo;
bool image_type_oci;
};
-bool lcr_start(const struct lcr_start_request *request);
+__EXPORT__ bool lcr_start(const struct lcr_start_request *request);
/*
* Stop a container
@@ -212,7 +214,7 @@ bool lcr_start(const struct lcr_start_request *request);
* param lcrpath : container path, set to NULL if you want use default lcrpath.
* param signal : signal to send to the container.
*/
-bool lcr_kill(const char *name, const char *lcrpath, uint32_t signal);
+__EXPORT__ bool lcr_kill(const char *name, const char *lcrpath, uint32_t signal);
/*
* Delete a container
@@ -220,9 +222,9 @@ bool lcr_kill(const char *name, const char *lcrpath, uint32_t signal);
* param lcrpath : container path, set to NULL if you want use default lcrpath.
* param force : force to delete container
*/
-bool lcr_delete(const char *name, const char *lcrpath);
+__EXPORT__ bool lcr_delete(const char *name, const char *lcrpath);
-bool lcr_clean(const char *name, const char *lcrpath, const char *logpath, const char *loglevel, pid_t pid);
+__EXPORT__ bool lcr_clean(const char *name, const char *lcrpath, const char *logpath, const char *loglevel, pid_t pid);
/*
* Get state of the container
@@ -230,26 +232,26 @@ bool lcr_clean(const char *name, const char *lcrpath, const char *logpath, const
* param lcrpath : container path, set to NULL if you want use default lcrpath.
* param lcs : returned contaiener state
*/
-bool lcr_state(const char *name, const char *lcrpath, struct lcr_container_state *lcs);
+__EXPORT__ bool lcr_state(const char *name, const char *lcrpath, struct lcr_container_state *lcs);
/*
* Pause a container
* param name : container name, required.
* param lcrpath : container path, set to NULL if you want use default lcrpath.
*/
-bool lcr_pause(const char *name, const char *lcrpath);
+__EXPORT__ bool lcr_pause(const char *name, const char *lcrpath);
/*
* Resume a container
* param name : container name, required.
* param lcrpath : container path, set to NULL if you want use default lcrpath.
*/
-bool lcr_resume(const char *name, const char *lcrpath);
+__EXPORT__ bool lcr_resume(const char *name, const char *lcrpath);
/*
* Free lcr_container_state returned by lcr_state
*/
-void lcr_container_state_free(struct lcr_container_state *lcs);
+__EXPORT__ void lcr_container_state_free(struct lcr_container_state *lcs);
/*
* console function
@@ -259,7 +261,7 @@ void lcr_container_state_free(struct lcr_container_state *lcs);
* param out_fifo : fifo names of output FIFO
* Returns false if the console FIFOs add failed, true if success
*/
-bool lcr_console(const char *name, const char *lcrpath, const char *in_fifo, const char *out_fifo,
+__EXPORT__ bool lcr_console(const char *name, const char *lcrpath, const char *in_fifo, const char *out_fifo,
const char *err_fifo);
/*
@@ -268,14 +270,14 @@ bool lcr_console(const char *name, const char *lcrpath, const char *in_fifo, con
* param lcrpath : container path, set to NULL if you want use default lcrpath.
* param config : use to store container console configs, cannot be NULL
*/
-bool lcr_get_console_config(const char *name, const char *lcrpath, struct lcr_console_config *config);
+__EXPORT__ bool lcr_get_console_config(const char *name, const char *lcrpath, struct lcr_console_config *config);
-void lcr_free_console_config(struct lcr_console_config *config);
+__EXPORT__ void lcr_free_console_config(struct lcr_console_config *config);
-int lcr_log_init(const char *name, const char *file, const char *priority,
+__EXPORT__ int lcr_log_init(const char *name, const char *file, const char *priority,
const char *prefix, int quiet, const char *lcrpath);
-struct lcr_exec_request {
+__EXPORT__ struct lcr_exec_request {
const char *name;
const char *lcrpath;
@@ -303,18 +305,18 @@ struct lcr_exec_request {
/*
* Execute process inside a container
*/
-bool lcr_exec(const struct lcr_exec_request *request, int *exit_code);
+__EXPORT__ bool lcr_exec(const struct lcr_exec_request *request, int *exit_code);
-bool lcr_update(const char *name, const char *lcrpath, const struct lcr_cgroup_resources *cr);
+__EXPORT__ bool lcr_update(const char *name, const char *lcrpath, const struct lcr_cgroup_resources *cr);
-const char *lcr_get_errmsg();
+__EXPORT__ const char *lcr_get_errmsg();
-void lcr_free_errmsg();
+__EXPORT__ void lcr_free_errmsg();
-bool lcr_get_container_pids(const char *name, const char *lcrpath, pid_t **pids, size_t *pids_len);
+__EXPORT__ bool lcr_get_container_pids(const char *name, const char *lcrpath, pid_t **pids, size_t *pids_len);
-bool lcr_resize(const char *name, const char *lcrpath, unsigned int height, unsigned int width);
-bool lcr_exec_resize(const char *name, const char *lcrpath, const char *suffix, unsigned int height,
+__EXPORT__ bool lcr_resize(const char *name, const char *lcrpath, unsigned int height, unsigned int width);
+__EXPORT__ bool lcr_exec_resize(const char *name, const char *lcrpath, const char *suffix, unsigned int height,
unsigned int width);
#ifdef __cplusplus
}
diff --git a/src/utils/utils_compile.h b/src/utils/utils_compile.h
new file mode 100644
index 0000000..3bdb24e
--- /dev/null
+++ b/src/utils/utils_compile.h
@@ -0,0 +1,50 @@
+/******************************************************************************
+ * isula: compile utils
+ *
+ * Copyright (c) Huawei Technologies Co., Ltd. 2023. All rights reserved.
+ *
+ * Authors:
+ * Haozi007 <liuhao27@huawei.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ ********************************************************************************/
+#ifndef _ISULA_UTILS_UTILS_COMPILE_H
+#define _ISULA_UTILS_UTILS_COMPILE_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if defined(__GNUC__) && (__GNUC__ >= 4)
+#ifndef __HIDDEN__
+#define __HIDDEN__ __attribute__((visibility("hidden")))
+#endif
+
+#ifndef __EXPORT__
+#define __EXPORT__ __attribute__((visibility("default")))
+#endif
+
+#else
+#define __HIDDEN__
+#ifndef __EXPORT__
+#endif
+
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _ISULA_UTILS_UTILS_COMPILE_H */
\ No newline at end of file
--
2.34.1

1098
0005-refactor-util-buffer-and-add-ut.patch Normal file
View File

File diff suppressed because it is too large Load Diff

34
0006-264-Support-both-C-11-and-C-17.patch Normal file
View File

@ -0,0 +1,34 @@
From 2d3f4ef95a3c4d4e87ce71c5ced43f3d8e81cc9e Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Thu, 14 Sep 2023 09:00:05 +0000
Subject: [PATCH 6/8] !264 Support both C++11 and C++17 * Support both C++11
and C++17
---
cmake/set_build_flags.cmake | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/cmake/set_build_flags.cmake b/cmake/set_build_flags.cmake
index 3b6842a..7d4c9fc 100644
--- a/cmake/set_build_flags.cmake
+++ b/cmake/set_build_flags.cmake
@@ -24,8 +24,15 @@
set(CMAKE_C_FLAGS "-fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -Wall -fPIE")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__FILENAME__='\"$(subst ${CMAKE_SOURCE_DIR}/,,$(abspath $<))\"'")
+include(CheckCXXCompilerFlag)
+CHECK_CXX_COMPILER_FLAG("-std=c++17" COMPILER_SUPPORTS_CXX17)
if (ENABLE_UT)
- set(CMAKE_CXX_FLAGS "-fPIC -std=c++11 -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -Wall")
+ set(CMAKE_CXX_VERSION "-std=c++11")
+ if (COMPILER_SUPPORTS_CXX17)
+ message(STATUS "The compiler ${CMAKE_CXX_COMPILER} has C++17 support.")
+ set(CMAKE_CXX_VERSION "-std=c++17")
+ endif()
+ set(CMAKE_CXX_FLAGS "-fPIC ${CMAKE_CXX_VERSION} -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -Wall")
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -D__FILENAME__='\"$(subst ${CMAKE_SOURCE_DIR}/,,$(abspath $<))\"'")
endif()
set(CMAKE_SHARED_LINKER_FLAGS "-Wl,-E -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wtrampolines -shared -pthread")
--
2.34.1

1283
0007-262-Fix-empty-pointer-and-overflow.patch Normal file
View File

File diff suppressed because it is too large Load Diff

30
0008-266-set-env-to-avoid-invoke-lxc-binary-directly.patch Normal file
View File

@ -0,0 +1,30 @@
From ac0e25d39dc0eaaf492ea626e1c1bbf3b5f2999f Mon Sep 17 00:00:00 2001
From: jake <jikai11@huawei.com>
Date: Mon, 18 Sep 2023 11:08:22 +0000
Subject: [PATCH 8/8] !266 set env to avoid invoke lxc binary directly * set
env to avoid invoke lxc binary directly
---
src/runtime/lcrcontainer.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/runtime/lcrcontainer.c b/src/runtime/lcrcontainer.c
index 4270902..ad6dc66 100644
--- a/src/runtime/lcrcontainer.c
+++ b/src/runtime/lcrcontainer.c
@@ -289,6 +289,12 @@ bool lcr_start(const struct lcr_start_request *request)
close(pipefd[0]);
dup2(pipefd[1], 2);
+ // should set LXC_MEMFD_REXEC=1 before lxc_start
+ // to improve the security of launching containers
+ if (setenv("LXC_MEMFD_REXEC", "1", true) != 0) {
+ exit(1);
+ }
+
execute_lxc_start(request->name, path, request);
}
--
2.34.1

20
lcr.spec
View File

@ -1,5 +1,5 @@
%global _version 2.1.2
%global _release 2
%global _release 3
%global _inner_name isula_libutils
%global enable_lxc 0
@ -13,6 +13,15 @@ Group: Applications/System
License: LGPLv2.1+
BuildRoot: %{_tmppath}/lcr-%{version}
Patch0001: 0001-support-check-symbols-and-compile-code-in-cmake.patch
Patch0002: 0002-remove-unnecessary-strerror.patch
Patch0003: 0003-improve-code-of-function-in-log.patch
Patch0004: 0004-support-visibility-of-compiler.patch
Patch0005: 0005-refactor-util-buffer-and-add-ut.patch
Patch0006: 0006-264-Support-both-C-11-and-C-17.patch
Patch0007: 0007-262-Fix-empty-pointer-and-overflow.patch
Patch0008: 0008-266-set-env-to-avoid-invoke-lxc-binary-directly.patch
%define lxcver_lower 4.0.3-2022102400
%define lxcver_upper 5.0.3
@ -85,6 +94,8 @@ install -m 0644 ../build/json/*.h %{buildroot}/%{_includedir}/%{_inner_name}/
install -m 0644 ../src/json/*.h %{buildroot}/%{_includedir}/%{_inner_name}/
install -m 0644 ../src/third_party/*.h %{buildroot}/%{_includedir}/%{_inner_name}/
install -m 0644 ../src/auto_cleanup.h %{buildroot}/%{_includedir}/%{_inner_name}/
#install header files from utils later
install -m 0644 ../src/utils/utils_compile.h %{buildroot}/%{_includedir}/lcr/utils_compile.h
chmod +x %{buildroot}/%{_libdir}/libisula_libutils.so
find %{buildroot} -type f -name '*.la' -exec rm -f {} ';'
@ -116,8 +127,15 @@ rm -rf %{buildroot}
%defattr(-,root,root,-)
%{_includedir}/%{_inner_name}/*.h
%{_includedir}/lcr/lcrcontainer.h
%{_includedir}/lcr/utils_compile.h
%changelog
* Tue Sep 19 2023 jikai<jikai11@huawei.com> - 2.1.2-3
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:sync from upstream
* Tue Aug 29 2023 xuxuepeng<xuxuepeng1@huawei.com> - 2.1.2-2
- Type:bugfix
- CVE:NA