packages/lxc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!513 skip setup console if disable pty and fix syscontainer-hooks write devices rule useless

Browse Source 
* skip setup console if disable pty and fix syscontainer-hooks write dev…
This commit is contained in:
zhangxiaoyu 2024-01-10 06:12:01 +00:00 committed by haozi007
parent 00deb30ecc
commit 33fcfecc72
2 changed files with 185 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

177
0011-skip-setup-console-if-disable-pty-and-fix-syscontain.patch Normal file
View File

@ -0,0 +1,177 @@
From 0d4216ef2cae2cc10b755b0403bfff0f377bdf17 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Thu, 4 Jan 2024 09:35:41 +0800
Subject: [PATCH] skip setup console if disable pty and fix syscontainer-hooks
write devices rule useless
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
src/lxc/conf.c | 16 +++++++++-----
src/lxc/start.c | 59 ++++++++++++++++++++++++++++---------------------
src/lxc/sync.h | 10 ++++-----
3 files changed, 48 insertions(+), 37 deletions(-)
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 84b8baf..c73ba04 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -2318,6 +2318,12 @@ static int lxc_setup_console(const struct lxc_handler *handler,
if (!wants_console(console))
return log_trace(0, "Skipping console setup");
+#ifdef HAVE_ISULAD
+ if (handler->disable_pty) {
+ return 0;
+ }
+#endif
+
if (console->pty < 0) {
/*
* Allocate a console from the container's devpts instance. We
@@ -4583,7 +4589,11 @@ static int lxc_recv_console_from_child(struct lxc_handler *handler)
return 0;
/* We've already allocated a console from the host's devpts instance. */
+#ifdef HAVE_ISULAD
+ if (console->disable_pty || console->pty >= 0)
+#else
if (console->pty >= 0)
+#endif
return 0;
ret = __lxc_abstract_unix_recv_two_fds(handler->data_sock[1],
@@ -4870,12 +4880,6 @@ int lxc_setup(struct lxc_handler *handler)
if (ret < 0)
return log_error(-1, "Failed to setup \"/dev\" symlinks");
-#ifdef HAVE_ISULAD
- /* Ask father to run oci prestart hooks and wait for him to finish. */
- if (!lxc_sync_barrier_parent(handler, START_SYNC_OCI_PRESTART_HOOK)) {
- return log_error(-1, "Failed to sync parent to start host hook");
- }
-#endif
ret = lxc_setup_rootfs_switch_root(&lxc_conf->rootfs);
if (ret < 0)
return log_error(-1, "Failed to pivot root into rootfs");
diff --git a/src/lxc/start.c b/src/lxc/start.c
index 1c8e258..0a5cb26 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -1608,10 +1608,11 @@ static int do_start(void *data)
close_prot_errno_disarm(devnull_fd);
-#ifndef HAVE_ISULAD
+#ifdef HAVE_ISULAD
+ if (handler->disable_pty)
// setsid in lxc_setup() -> lxc_setup_console()
- setsid();
#endif
+ setsid();
if (handler->conf->init_cwd) {
#ifdef HAVE_ISULAD
@@ -1642,6 +1643,11 @@ static int do_start(void *data)
}
#ifdef HAVE_ISULAD
+ /* Ask father to run oci prestart hooks and wait for him to finish. */
+ if (!lxc_sync_barrier_parent(handler, START_SYNC_OCI_PRESTART_HOOK)) {
+ return log_error(-1, "Failed to sync parent to start host hook");
+ }
+
/* close pipes after sync fds */
/* isulad: dup2 pipe[0][0] to container stdin, pipe[1][1] to container stdout, pipe[2][1] to container stderr */
if (handler->disable_pty) {
@@ -2377,29 +2383,6 @@ static int lxc_spawn(struct lxc_handler *handler)
goto out_delete_net;
}
-#ifdef HAVE_ISULAD
- if (!lxc_sync_wait_child(handler, START_SYNC_OCI_PRESTART_HOOK))
- goto out_delete_net;
-
- /* isulad: Run oci prestart hook at here */
- ret = run_oci_hooks(name, "oci-prestart", conf, lxcpath);
- if (ret < 0) {
- ERROR("Failed to run oci prestart hooks");
- goto out_delete_net;
- }
-
- if (START_TIMEOUT == global_timeout_state) {
- lxc_write_error_message(conf->errpipe[1], "Starting the container \"%s\" timeout.", name);
- ERROR("Starting the container \"%s\" timeout.", name);
- goto out_delete_net;
- }
-
- /* Tell the child to continue its initialization. We'll get
- * START_SYNC_POST_OCI_PRESTART_HOOK when it is ready for us to run oci prestart hooks.
- */
- if (!lxc_sync_wake_child(handler, START_SYNC_POST_OCI_PRESTART_HOOK))
- goto out_delete_net;
-#endif
if (!lxc_sync_wait_child(handler, START_SYNC_CGROUP_LIMITS))
goto out_delete_net;
@@ -2433,6 +2416,32 @@ static int lxc_spawn(struct lxc_handler *handler)
if (!lxc_sync_wake_child(handler, START_SYNC_FDS))
goto out_delete_net;
+#ifdef HAVE_ISULAD
+ // OCI prestart hook should run after setup_limits_legacy.
+ // Otherwise 'syscontainer-hooks' write devices rule will be useless.
+ if (!lxc_sync_wait_child(handler, START_SYNC_OCI_PRESTART_HOOK))
+ goto out_delete_net;
+
+ /* isulad: Run oci prestart hook at here */
+ ret = run_oci_hooks(name, "oci-prestart", conf, lxcpath);
+ if (ret < 0) {
+ ERROR("Failed to run oci prestart hooks");
+ goto out_delete_net;
+ }
+
+ if (START_TIMEOUT == global_timeout_state) {
+ lxc_write_error_message(conf->errpipe[1], "Starting the container \"%s\" timeout.", name);
+ ERROR("Starting the container \"%s\" timeout.", name);
+ goto out_delete_net;
+ }
+
+ /* Tell the child to continue its initialization. We'll get
+ * START_SYNC_POST_OCI_PRESTART_HOOK when it is ready for us to run oci prestart hooks.
+ */
+ if (!lxc_sync_wake_child(handler, START_SYNC_POST_OCI_PRESTART_HOOK))
+ goto out_delete_net;
+#endif
+
if (handler->ns_unshare_flags & CLONE_NEWCGROUP) {
/* Now we're ready to preserve the cgroup namespace */
ret = lxc_try_preserve_namespace(handler, LXC_NS_CGROUP, "cgroup");
diff --git a/src/lxc/sync.h b/src/lxc/sync.h
index 6802d32..b6080dd 100644
--- a/src/lxc/sync.h
+++ b/src/lxc/sync.h
@@ -20,17 +20,15 @@ enum /* start */ {
START_SYNC_CONFIGURE = 1,
START_SYNC_POST_CONFIGURE = 2,
START_SYNC_IDMAPPED_MOUNTS = 3,
+ START_SYNC_CGROUP_LIMITS = 4,
+ START_SYNC_FDS = 5,
#ifdef HAVE_ISULAD
- START_SYNC_OCI_PRESTART_HOOK = 4,
- START_SYNC_POST_OCI_PRESTART_HOOK = 5,
- START_SYNC_CGROUP_LIMITS = 6,
- START_SYNC_FDS = 7,
+ START_SYNC_OCI_PRESTART_HOOK = 6,
+ START_SYNC_POST_OCI_PRESTART_HOOK = 7,
START_SYNC_READY_START = 8,
START_SYNC_RESTART = 9,
START_SYNC_POST_RESTART = 10,
#else
- START_SYNC_CGROUP_LIMITS = 4,
- START_SYNC_FDS = 5,
START_SYNC_READY_START = 6,
START_SYNC_RESTART = 7,
START_SYNC_POST_RESTART = 8,
--
2.25.1

9
lxc.spec
View File

@ -1,4 +1,4 @@
%global _release 7 %global _release 8
%global enable_isulad 1 %global enable_isulad 1
Name: lxc Name: lxc
@ -19,6 +19,7 @@ Patch0007: 0007-fix-run-container-failed-when-enable-isulad.patch
Patch0008: 0008-bugfix-for-system-container-and-stream.patch Patch0008: 0008-bugfix-for-system-container-and-stream.patch
Patch0009: 0009-bugfix-about-cgroup-mount-propagation-and-capabiliti.patch Patch0009: 0009-bugfix-about-cgroup-mount-propagation-and-capabiliti.patch
Patch0010: 0010-add-storage-block-code-for-embedded-image.patch Patch0010: 0010-add-storage-block-code-for-embedded-image.patch
Patch0011: 0011-skip-setup-console-if-disable-pty-and-fix-syscontain.patch
BuildRequires: systemd-units git libtool graphviz docbook2X doxygen chrpath BuildRequires: systemd-units git libtool graphviz docbook2X doxygen chrpath
BuildRequires: pkgconfig(libseccomp) BuildRequires: pkgconfig(libseccomp)
@ -206,6 +207,12 @@ meson test -C build
%endif %endif
%changelog %changelog
* Thu Jan 04 2024 zhangxiaoyu<zhangxiaoyu58@huawei.com> - 5.0.2-8
- Type: bugfix
- ID:NA
- SUG:NA
- DESC: skip setup console if disable pty and fix syscontainer-hooks write devices rule useless
* Fri Dec 29 2023 zhangxiaoyu<zhangxiaoyu58@huawei.com> - 5.0.2-7 * Fri Dec 29 2023 zhangxiaoyu<zhangxiaoyu58@huawei.com> - 5.0.2-7
- Type: bugfix - Type: bugfix
- ID:NA - ID:NA