packages/lxc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix compile error

Browse Source 
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
This commit is contained in:
zhangxiaoyu 2022-07-21 18:54:46 +08:00
parent 8d0200b2c3
commit d9cd0481fa
6 changed files with 244 additions and 294 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
0001-refactor-patch-code-of-utils-commands-and-so-on.patch
View File

@ -6,19 +6,20 @@ Subject: [PATCH] refactor patch code of utils commands and so on
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com> Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
--- ---
src/lxc/cgroups/isulad_cgroup2_devices.c | 575 +++++++++++++++++++++++ src/lxc/cgroups/isulad_cgroup2_devices.c | 575 +++++++++++++++++++++++
src/lxc/commands.c | 180 +++++++ src/lxc/commands.c | 185 +++++++-
src/lxc/commands.h | 10 + src/lxc/commands.h | 10 +
src/lxc/conf.h | 95 ++++ src/lxc/conf.h | 95 ++++
src/lxc/isulad_utils.c | 317 +++++++++++++ src/lxc/isulad_utils.c | 319 +++++++++++++
src/lxc/isulad_utils.h | 98 ++++ src/lxc/isulad_utils.h | 98 ++++
src/lxc/lsm/lsm.c | 20 + src/lxc/lsm/lsm.c | 20 +
src/lxc/lxc.h | 19 + src/lxc/lxc.h | 19 +
src/lxc/lxccontainer.h | 194 ++++++++ src/lxc/lxccontainer.h | 194 ++++++++
src/lxc/network.c | 8 +
src/lxc/tools/lxc_ls.c | 8 + src/lxc/tools/lxc_ls.c | 8 +
src/lxc/tools/lxc_start.c | 109 ++++- src/lxc/tools/lxc_start.c | 109 ++++-
src/lxc/utils.c | 174 +++++++ src/lxc/utils.c | 173 +++++++
src/lxc/utils.h | 11 + src/lxc/utils.h | 11 +
13 files changed, 1809 insertions(+), 1 deletion(-) 14 files changed, 1821 insertions(+), 3 deletions(-)
create mode 100644 src/lxc/cgroups/isulad_cgroup2_devices.c create mode 100644 src/lxc/cgroups/isulad_cgroup2_devices.c
create mode 100644 src/lxc/isulad_utils.c create mode 100644 src/lxc/isulad_utils.c
create mode 100644 src/lxc/isulad_utils.h create mode 100644 src/lxc/isulad_utils.h
@ -605,7 +606,7 @@ index 0000000..05613c5
+} +}
+#endif +#endif
diff --git a/src/lxc/commands.c b/src/lxc/commands.c diff --git a/src/lxc/commands.c b/src/lxc/commands.c
index b6ae101..ae50cc6 100644 index b6ae101..c2a5665 100644
--- a/src/lxc/commands.c --- a/src/lxc/commands.c
+++ b/src/lxc/commands.c +++ b/src/lxc/commands.c
@@ -86,6 +86,10 @@ static const char *lxc_cmd_str(lxc_cmd_t cmd) @@ -86,6 +86,10 @@ static const char *lxc_cmd_str(lxc_cmd_t cmd)
@ -635,7 +636,19 @@ index b6ae101..ae50cc6 100644
if (ret < 0) if (ret < 0)
return log_warn_errno(-1, return log_warn_errno(-1,
errno, "Failed to receive response for command \"%s\"", errno, "Failed to receive response for command \"%s\"",
@@ -1260,7 +1272,11 @@ int lxc_cmd_serve_state_clients(const char *name, const char *lxcpath, @@ -592,8 +604,9 @@ static int lxc_cmd_get_cgroup_callback_do(int fd, struct lxc_cmd_req *req,
reqdata = NULL;
}
- get_fn = (limiting_cgroup ? cgroup_ops->get_cgroup
- : cgroup_ops->get_limiting_cgroup);
+ // bugfix in newer version
+ get_fn = (limiting_cgroup ? cgroup_ops->get_limiting_cgroup
+ : cgroup_ops->get_cgroup);
path = get_fn(cgroup_ops, reqdata);
@@ -1260,7 +1273,11 @@ int lxc_cmd_serve_state_clients(const char *name, const char *lxcpath,
ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL); ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
if (ret < 0) if (ret < 0)
@ -647,7 +660,7 @@ index b6ae101..ae50cc6 100644
return 0; return 0;
} }
@@ -1475,6 +1491,123 @@ static int lxc_cmd_get_limiting_cgroup2_fd_callback(int fd, @@ -1475,6 +1492,123 @@ static int lxc_cmd_get_limiting_cgroup2_fd_callback(int fd,
return ret_errno(ENOSYS); return ret_errno(ENOSYS);
} }
@ -771,7 +784,7 @@ index b6ae101..ae50cc6 100644
static int lxc_cmd_process(int fd, struct lxc_cmd_req *req, static int lxc_cmd_process(int fd, struct lxc_cmd_req *req,
struct lxc_handler *handler, struct lxc_handler *handler,
struct lxc_epoll_descr *descr) struct lxc_epoll_descr *descr)
@@ -1504,10 +1637,18 @@ static int lxc_cmd_process(int fd, struct lxc_cmd_req *req, @@ -1504,10 +1638,18 @@ static int lxc_cmd_process(int fd, struct lxc_cmd_req *req,
[LXC_CMD_GET_INIT_PIDFD] = lxc_cmd_get_init_pidfd_callback, [LXC_CMD_GET_INIT_PIDFD] = lxc_cmd_get_init_pidfd_callback,
[LXC_CMD_GET_LIMITING_CGROUP] = lxc_cmd_get_limiting_cgroup_callback, [LXC_CMD_GET_LIMITING_CGROUP] = lxc_cmd_get_limiting_cgroup_callback,
[LXC_CMD_GET_LIMITING_CGROUP2_FD] = lxc_cmd_get_limiting_cgroup2_fd_callback, [LXC_CMD_GET_LIMITING_CGROUP2_FD] = lxc_cmd_get_limiting_cgroup2_fd_callback,
@ -790,7 +803,7 @@ index b6ae101..ae50cc6 100644
return cb[req->cmd](fd, req, handler, descr); return cb[req->cmd](fd, req, handler, descr);
} }
@@ -1646,6 +1787,44 @@ static int lxc_cmd_accept(int fd, uint32_t events, void *data, @@ -1646,6 +1788,44 @@ static int lxc_cmd_accept(int fd, uint32_t events, void *data,
return ret; return ret;
} }
@ -835,7 +848,7 @@ index b6ae101..ae50cc6 100644
int lxc_cmd_init(const char *name, const char *lxcpath, const char *suffix) int lxc_cmd_init(const char *name, const char *lxcpath, const char *suffix)
{ {
__do_close int fd = -EBADF; __do_close int fd = -EBADF;
@@ -1670,6 +1849,7 @@ int lxc_cmd_init(const char *name, const char *lxcpath, const char *suffix) @@ -1670,6 +1850,7 @@ int lxc_cmd_init(const char *name, const char *lxcpath, const char *suffix)
return log_trace(move_fd(fd), "Created abstract unix socket \"%s\"", &path[1]); return log_trace(move_fd(fd), "Created abstract unix socket \"%s\"", &path[1]);
} }
@ -1034,10 +1047,10 @@ index b72afba..0478eb1 100644
#endif /* __LXC_CONF_H */ #endif /* __LXC_CONF_H */
diff --git a/src/lxc/isulad_utils.c b/src/lxc/isulad_utils.c diff --git a/src/lxc/isulad_utils.c b/src/lxc/isulad_utils.c
new file mode 100644 new file mode 100644
index 0000000..47d0ff5 index 0000000..15d9323
--- /dev/null --- /dev/null
+++ b/src/lxc/isulad_utils.c +++ b/src/lxc/isulad_utils.c
@@ -0,0 +1,317 @@ @@ -0,0 +1,319 @@
+/* SPDX-License-Identifier: LGPL-2.1+ */ +/* SPDX-License-Identifier: LGPL-2.1+ */
+/****************************************************************************** +/******************************************************************************
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. Allrights reserved + * Copyright (c) Huawei Technologies Co., Ltd. 2020. Allrights reserved
@ -1051,6 +1064,8 @@ index 0000000..47d0ff5
+#include <sys/types.h> +#include <sys/types.h>
+#include <sys/stat.h> +#include <sys/stat.h>
+#include <fcntl.h> +#include <fcntl.h>
+#include <pwd.h>
+#include <ctype.h>
+ +
+#include "isulad_utils.h" +#include "isulad_utils.h"
+#include "log.h" +#include "log.h"
@ -1772,6 +1787,28 @@ index b4ec1d6..3680ade 100644
/*! /*!
* \brief Add a reference to the specified container. * \brief Add a reference to the specified container.
* *
diff --git a/src/lxc/network.c b/src/lxc/network.c
index bca0440..56efa4b 100644
--- a/src/lxc/network.c
+++ b/src/lxc/network.c
@@ -3441,9 +3441,17 @@ static int lxc_network_setup_in_child_namespaces_common(struct lxc_netdev *netde
/* set the network device up */
if (netdev->flags & IFF_UP) {
+#ifdef HAVE_ISULAD
+ if (netdev->name[0] != '\0') {
+ err = lxc_netdev_up(netdev->name);
+ if (err)
+ return log_error_errno(-1, -err, "Failed to set network device \"%s\" up", netdev->name);
+ }
+#else
err = lxc_netdev_up(netdev->name);
if (err)
return log_error_errno(-1, -err, "Failed to set network device \"%s\" up", netdev->name);
+#endif
/* the network is up, make the loopback up too */
err = lxc_netdev_up("lo");
diff --git a/src/lxc/tools/lxc_ls.c b/src/lxc/tools/lxc_ls.c diff --git a/src/lxc/tools/lxc_ls.c b/src/lxc/tools/lxc_ls.c
index 0abcd7a..7c0b69c 100644 index 0abcd7a..7c0b69c 100644
--- a/src/lxc/tools/lxc_ls.c --- a/src/lxc/tools/lxc_ls.c
@ -1969,21 +2006,20 @@ index 459b867..3ef5961 100644
exit(err); exit(err);
} }
diff --git a/src/lxc/utils.c b/src/lxc/utils.c diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index 88d0f85..f038dc5 100644 index 88d0f85..ab351d8 100644
--- a/src/lxc/utils.c --- a/src/lxc/utils.c
+++ b/src/lxc/utils.c +++ b/src/lxc/utils.c
@@ -27,6 +27,10 @@ @@ -27,6 +27,9 @@
#include <sys/types.h> #include <sys/types.h>
#include <sys/wait.h> #include <sys/wait.h>
#include <unistd.h> #include <unistd.h>
+#ifdef HAVE_ISULAD +#ifdef HAVE_ISULAD
+#include <sys/sysmacros.h> +#include <sys/sysmacros.h>
+#include <pwd.h>
+#endif +#endif
#include "config.h" #include "config.h"
#include "log.h" #include "log.h"
@@ -71,6 +75,9 @@ static int _recursive_rmdir(const char *dirname, dev_t pdev, @@ -71,6 +74,9 @@ static int _recursive_rmdir(const char *dirname, dev_t pdev,
int ret; int ret;
struct dirent *direntp; struct dirent *direntp;
char pathname[PATH_MAX]; char pathname[PATH_MAX];
@ -1993,7 +2029,7 @@ index 88d0f85..f038dc5 100644
dir = opendir(dirname); dir = opendir(dirname);
if (!dir) if (!dir)
@@ -133,6 +140,11 @@ static int _recursive_rmdir(const char *dirname, dev_t pdev, @@ -133,6 +139,11 @@ static int _recursive_rmdir(const char *dirname, dev_t pdev,
} else { } else {
ret = unlink(pathname); ret = unlink(pathname);
if (ret < 0) { if (ret < 0) {
@ -2005,7 +2041,7 @@ index 88d0f85..f038dc5 100644
__do_close int fd = -EBADF; __do_close int fd = -EBADF;
fd = open(pathname, O_RDONLY | O_CLOEXEC | O_NONBLOCK); fd = open(pathname, O_RDONLY | O_CLOEXEC | O_NONBLOCK);
@@ -158,10 +170,18 @@ static int _recursive_rmdir(const char *dirname, dev_t pdev, @@ -158,10 +169,18 @@ static int _recursive_rmdir(const char *dirname, dev_t pdev,
} }
if (rmdir(dirname) < 0 && !btrfs_try_remove_subvol(dirname) && !hadexclude) { if (rmdir(dirname) < 0 && !btrfs_try_remove_subvol(dirname) && !hadexclude) {
@ -2024,7 +2060,7 @@ index 88d0f85..f038dc5 100644
return failed ? -1 : 0; return failed ? -1 : 0;
} }
@@ -1008,7 +1028,11 @@ static int open_if_safe(int dirfd, const char *nextpath) @@ -1008,7 +1027,11 @@ static int open_if_safe(int dirfd, const char *nextpath)
* *
* Return an open fd for the path, or <0 on error. * Return an open fd for the path, or <0 on error.
*/ */
@ -2036,7 +2072,7 @@ index 88d0f85..f038dc5 100644
{ {
int curlen = 0, dirfd, fulllen, i; int curlen = 0, dirfd, fulllen, i;
char *dup; char *dup;
@@ -1079,6 +1103,65 @@ out: @@ -1079,6 +1102,65 @@ out:
return dirfd; return dirfd;
} }
@ -2102,7 +2138,7 @@ index 88d0f85..f038dc5 100644
/* /*
* Safely mount a path into a container, ensuring that the mount target * Safely mount a path into a container, ensuring that the mount target
* is under the container's @rootfs. (If @rootfs is NULL, then the container * is under the container's @rootfs. (If @rootfs is NULL, then the container
@@ -1087,14 +1170,22 @@ out: @@ -1087,14 +1169,22 @@ out:
* CAVEAT: This function must not be used for other purposes than container * CAVEAT: This function must not be used for other purposes than container
* setup before executing the container's init * setup before executing the container's init
*/ */
@ -2125,7 +2161,7 @@ index 88d0f85..f038dc5 100644
if (!rootfs) if (!rootfs)
rootfs = ""; rootfs = "";
@@ -1137,8 +1228,23 @@ int safe_mount(const char *src, const char *dest, const char *fstype, @@ -1137,8 +1227,23 @@ int safe_mount(const char *src, const char *dest, const char *fstype,
return -EINVAL; return -EINVAL;
} }
@ -2149,7 +2185,7 @@ index 88d0f85..f038dc5 100644
if (srcfd != -1) if (srcfd != -1)
close(srcfd); close(srcfd);
@@ -1149,6 +1255,19 @@ int safe_mount(const char *src, const char *dest, const char *fstype, @@ -1149,6 +1254,19 @@ int safe_mount(const char *src, const char *dest, const char *fstype,
return ret; return ret;
} }
@ -2169,7 +2205,7 @@ index 88d0f85..f038dc5 100644
return 0; return 0;
} }
@@ -1215,7 +1334,11 @@ domount: @@ -1215,7 +1333,11 @@ domount:
if (!strcmp(rootfs, "")) if (!strcmp(rootfs, ""))
ret = mount("proc", path, "proc", 0, NULL); ret = mount("proc", path, "proc", 0, NULL);
else else
@ -2181,7 +2217,7 @@ index 88d0f85..f038dc5 100644
if (ret < 0) if (ret < 0)
return -1; return -1;
@@ -1425,6 +1548,11 @@ static int lxc_get_unused_loop_dev(char *name_loop) @@ -1425,6 +1547,11 @@ static int lxc_get_unused_loop_dev(char *name_loop)
{ {
int loop_nr, ret; int loop_nr, ret;
int fd_ctl = -1, fd_tmp = -1; int fd_ctl = -1, fd_tmp = -1;
@ -2193,7 +2229,7 @@ index 88d0f85..f038dc5 100644
fd_ctl = open("/dev/loop-control", O_RDWR | O_CLOEXEC); fd_ctl = open("/dev/loop-control", O_RDWR | O_CLOEXEC);
if (fd_ctl < 0) { if (fd_ctl < 0) {
@@ -1442,8 +1570,37 @@ static int lxc_get_unused_loop_dev(char *name_loop) @@ -1442,8 +1569,37 @@ static int lxc_get_unused_loop_dev(char *name_loop)
if (ret < 0 || ret >= LO_NAME_SIZE) if (ret < 0 || ret >= LO_NAME_SIZE)
goto on_error; goto on_error;
@ -2231,7 +2267,7 @@ index 88d0f85..f038dc5 100644
/* on Android loop devices are moved under /dev/block, give it a shot */ /* on Android loop devices are moved under /dev/block, give it a shot */
ret = snprintf(name_loop, LO_NAME_SIZE, "/dev/block/loop%d", loop_nr); ret = snprintf(name_loop, LO_NAME_SIZE, "/dev/block/loop%d", loop_nr);
if (ret < 0 || ret >= LO_NAME_SIZE) if (ret < 0 || ret >= LO_NAME_SIZE)
@@ -1452,6 +1609,7 @@ static int lxc_get_unused_loop_dev(char *name_loop) @@ -1452,6 +1608,7 @@ static int lxc_get_unused_loop_dev(char *name_loop)
fd_tmp = open(name_loop, O_RDWR | O_CLOEXEC); fd_tmp = open(name_loop, O_RDWR | O_CLOEXEC);
if (fd_tmp < 0) if (fd_tmp < 0)
SYSERROR("Failed to open loop \"%s\"", name_loop); SYSERROR("Failed to open loop \"%s\"", name_loop);
@ -2239,7 +2275,7 @@ index 88d0f85..f038dc5 100644
} }
on_error: on_error:
@@ -1661,6 +1819,7 @@ uint64_t lxc_find_next_power2(uint64_t n) @@ -1661,6 +1818,7 @@ uint64_t lxc_find_next_power2(uint64_t n)
return n; return n;
} }
@ -2247,7 +2283,7 @@ index 88d0f85..f038dc5 100644
static int process_dead(/* takes */ int status_fd) static int process_dead(/* takes */ int status_fd)
{ {
__do_close int dupfd = -EBADF; __do_close int dupfd = -EBADF;
@@ -1698,15 +1857,19 @@ static int process_dead(/* takes */ int status_fd) @@ -1698,15 +1856,19 @@ static int process_dead(/* takes */ int status_fd)
return ret; return ret;
} }
@ -2267,7 +2303,7 @@ index 88d0f85..f038dc5 100644
/* verify that we haven't been orphaned in the meantime */ /* verify that we haven't been orphaned in the meantime */
ppid = (pid_t)syscall(SYS_getppid); ppid = (pid_t)syscall(SYS_getppid);
if (ppid == 0) { /* parent outside our pidns */ if (ppid == 0) { /* parent outside our pidns */
@@ -1718,6 +1881,7 @@ int lxc_set_death_signal(int signal, pid_t parent, int parent_status_fd) @@ -1718,6 +1880,7 @@ int lxc_set_death_signal(int signal, pid_t parent, int parent_status_fd)
} else if (ppid != parent) { } else if (ppid != parent) {
return raise(SIGKILL); return raise(SIGKILL);
} }
@ -2275,7 +2311,7 @@ index 88d0f85..f038dc5 100644
if (ret < 0) if (ret < 0)
return -1; return -1;
@@ -1755,8 +1919,18 @@ int lxc_rm_rf(const char *dirname) @@ -1755,8 +1918,18 @@ int lxc_rm_rf(const char *dirname)
struct dirent *direntp; struct dirent *direntp;
dir = opendir(dirname); dir = opendir(dirname);

111
0002-refactor-patch-code-of-isulad-for-conf-exec-attach.patch
View File

@ -6,13 +6,13 @@ Subject: [PATCH] refactor patch code of isulad for conf/exec/attach
Signed-off-by: haozi007 <liuhao27@huawei.com> Signed-off-by: haozi007 <liuhao27@huawei.com>
--- ---
src/lxc/attach_options.h | 41 +- src/lxc/attach_options.h | 41 +-
src/lxc/conf.c | 1990 ++++++++++++++++++++++++++++++++++++- src/lxc/conf.c | 1993 ++++++++++++++++++++++++++++++++++++-
src/lxc/criu.c | 8 +- src/lxc/criu.c | 8 +-
src/lxc/execute.c | 19 + src/lxc/execute.c | 19 +
src/lxc/file_utils.c | 27 + src/lxc/file_utils.c | 27 +
src/lxc/lsm/apparmor.c | 14 + src/lxc/lsm/apparmor.c | 14 +
src/lxc/tools/arguments.h | 24 + src/lxc/tools/arguments.h | 24 +
7 files changed, 2119 insertions(+), 4 deletions(-) 7 files changed, 2122 insertions(+), 4 deletions(-)
diff --git a/src/lxc/attach_options.h b/src/lxc/attach_options.h diff --git a/src/lxc/attach_options.h b/src/lxc/attach_options.h
index 63e62d4..16b4e21 100644 index 63e62d4..16b4e21 100644
@ -101,7 +101,7 @@ index 63e62d4..16b4e21 100644
#ifdef __cplusplus #ifdef __cplusplus
} }
diff --git a/src/lxc/conf.c b/src/lxc/conf.c diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 0078996..dd7c9c9 100644 index 0078996..378cf9f 100644
--- a/src/lxc/conf.c --- a/src/lxc/conf.c
+++ b/src/lxc/conf.c +++ b/src/lxc/conf.c
@@ -33,6 +33,14 @@ @@ -33,6 +33,14 @@
@ -414,24 +414,27 @@ index 0078996..dd7c9c9 100644
if (pts_mnt_fd >= 0) { if (pts_mnt_fd >= 0) {
ret = move_mount(pts_mnt_fd, "", -EBADF, path, MOVE_MOUNT_F_EMPTY_PATH); ret = move_mount(pts_mnt_fd, "", -EBADF, path, MOVE_MOUNT_F_EMPTY_PATH);
if (!ret) { if (!ret) {
@@ -1633,17 +1797,32 @@ static int lxc_setup_dev_console(const struct lxc_rootfs *rootfs, @@ -1633,17 +1797,35 @@ static int lxc_setup_dev_console(const struct lxc_rootfs *rootfs,
} }
ret = safe_mount(console->name, path, "none", MS_BIND, 0, rootfs_path); ret = safe_mount(console->name, path, "none", MS_BIND, 0, rootfs_path);
+#else +
+ // add mount lable for console
+ ret = safe_mount(console->name, path, "bind", MS_BIND, 0, rootfs_path, mount_label);
+#endif
if (ret < 0) if (ret < 0)
return log_error_errno(-1, errno, "Failed to mount %d(%s) on \"%s\"", pts_mnt_fd, console->name, path); return log_error_errno(-1, errno, "Failed to mount %d(%s) on \"%s\"", pts_mnt_fd, console->name, path);
+#ifdef HAVE_ISULAD
+ }
+ DEBUG("Mounted pts device \"%s\" onto \"%s\"", console->name, path);
+#else
finish: finish:
DEBUG("Mounted pts device %d(%s) onto \"%s\"", pts_mnt_fd, console->name, path); DEBUG("Mounted pts device %d(%s) onto \"%s\"", pts_mnt_fd, console->name, path);
+#else
+ // add mount lable for console
+ ret = safe_mount(console->name, path, "bind", MS_BIND, 0, rootfs_path, mount_label);
+
+ if (ret < 0)
+ return log_error_errno(-1, errno, "Failed to mount \"%s\" on \"%s\"", console->name, path);
+
+ }
+ DEBUG("Mounted pts device \"%s\" onto \"%s\"", console->name, path);
+#endif +#endif
+
return 0; return 0;
} }
@ -447,7 +450,7 @@ index 0078996..dd7c9c9 100644
{ {
int ret; int ret;
char path[PATH_MAX], lxcpath[PATH_MAX]; char path[PATH_MAX], lxcpath[PATH_MAX];
@@ -1686,11 +1865,15 @@ static int lxc_setup_ttydir_console(const struct lxc_rootfs *rootfs, @@ -1686,11 +1868,15 @@ static int lxc_setup_ttydir_console(const struct lxc_rootfs *rootfs,
if (ret < 0 && errno != EEXIST) if (ret < 0 && errno != EEXIST)
return log_error_errno(-errno, errno, "Failed to create console"); return log_error_errno(-errno, errno, "Failed to create console");
@ -463,7 +466,7 @@ index 0078996..dd7c9c9 100644
if (pts_mnt_fd >= 0) { if (pts_mnt_fd >= 0) {
ret = move_mount(pts_mnt_fd, "", -EBADF, lxcpath, MOVE_MOUNT_F_EMPTY_PATH); ret = move_mount(pts_mnt_fd, "", -EBADF, lxcpath, MOVE_MOUNT_F_EMPTY_PATH);
if (!ret) { if (!ret) {
@@ -1707,11 +1890,23 @@ static int lxc_setup_ttydir_console(const struct lxc_rootfs *rootfs, @@ -1707,11 +1893,23 @@ static int lxc_setup_ttydir_console(const struct lxc_rootfs *rootfs,
ret = safe_mount(console->name, lxcpath, "none", MS_BIND, 0, rootfs_path); ret = safe_mount(console->name, lxcpath, "none", MS_BIND, 0, rootfs_path);
if (ret < 0) if (ret < 0)
return log_error_errno(-1, errno, "Failed to mount %d(%s) on \"%s\"", pts_mnt_fd, console->name, lxcpath); return log_error_errno(-1, errno, "Failed to mount %d(%s) on \"%s\"", pts_mnt_fd, console->name, lxcpath);
@ -487,7 +490,7 @@ index 0078996..dd7c9c9 100644
if (ret < 0) if (ret < 0)
return log_error_errno(-1, errno, "Failed to mount \"%s\" on \"%s\"", console->name, lxcpath); return log_error_errno(-1, errno, "Failed to mount \"%s\" on \"%s\"", console->name, lxcpath);
DEBUG("Mounted \"%s\" onto \"%s\"", console->name, lxcpath); DEBUG("Mounted \"%s\" onto \"%s\"", console->name, lxcpath);
@@ -1720,6 +1915,7 @@ finish: @@ -1720,6 +1918,7 @@ finish:
return 0; return 0;
} }
@ -495,7 +498,7 @@ index 0078996..dd7c9c9 100644
static int lxc_setup_console(const struct lxc_rootfs *rootfs, static int lxc_setup_console(const struct lxc_rootfs *rootfs,
const struct lxc_terminal *console, char *ttydir, const struct lxc_terminal *console, char *ttydir,
int pts_mnt_fd) int pts_mnt_fd)
@@ -1730,7 +1926,18 @@ static int lxc_setup_console(const struct lxc_rootfs *rootfs, @@ -1730,7 +1929,18 @@ static int lxc_setup_console(const struct lxc_rootfs *rootfs,
return lxc_setup_ttydir_console(rootfs, console, ttydir, pts_mnt_fd); return lxc_setup_ttydir_console(rootfs, console, ttydir, pts_mnt_fd);
} }
@ -505,16 +508,16 @@ index 0078996..dd7c9c9 100644
+{ +{
+ if (!ttydir) + if (!ttydir)
+ return lxc_setup_dev_console(rootfs, console, mount_label); + return lxc_setup_dev_console(rootfs, console, mount_label);
+
+ return lxc_setup_ttydir_console(rootfs, console, ttydir, mount_label); + return lxc_setup_ttydir_console(rootfs, console, ttydir, mount_label);
+} +}
+#endif +#endif
+
+#ifndef HAVE_ISULAD +#ifndef HAVE_ISULAD
static int parse_mntopt(char *opt, unsigned long *flags, char **data, size_t size) static int parse_mntopt(char *opt, unsigned long *flags, char **data, size_t size)
{ {
ssize_t ret; ssize_t ret;
@@ -1798,6 +2005,77 @@ int parse_mntopts(const char *mntopts, unsigned long *mntflags, char **mntdata) @@ -1798,6 +2008,77 @@ int parse_mntopts(const char *mntopts, unsigned long *mntflags, char **mntdata)
return 0; return 0;
} }
@ -592,7 +595,7 @@ index 0078996..dd7c9c9 100644
static void parse_propagationopt(char *opt, unsigned long *flags) static void parse_propagationopt(char *opt, unsigned long *flags)
{ {
@@ -1862,10 +2140,17 @@ static char *get_field(char *src, int nfields) @@ -1862,10 +2143,17 @@ static char *get_field(char *src, int nfields)
return p; return p;
} }
@ -610,7 +613,7 @@ index 0078996..dd7c9c9 100644
{ {
int ret; int ret;
char srcbuf[PATH_MAX]; char srcbuf[PATH_MAX];
@@ -1881,8 +2166,13 @@ static int mount_entry(const char *fsname, const char *target, @@ -1881,8 +2169,13 @@ static int mount_entry(const char *fsname, const char *target,
srcpath = srcbuf; srcpath = srcbuf;
} }
@ -624,7 +627,7 @@ index 0078996..dd7c9c9 100644
if (ret < 0) { if (ret < 0) {
if (optional) if (optional)
return log_info_errno(0, errno, "Failed to mount \"%s\" on \"%s\" (optional)", return log_info_errno(0, errno, "Failed to mount \"%s\" on \"%s\" (optional)",
@@ -2010,8 +2300,15 @@ static int mount_entry_create_dir_file(const struct mntent *mntent, @@ -2010,8 +2303,15 @@ static int mount_entry_create_dir_file(const struct mntent *mntent,
if (hasmntopt(mntent, "create=dir")) { if (hasmntopt(mntent, "create=dir")) {
ret = mkdir_p(path, 0755); ret = mkdir_p(path, 0755);
@ -640,7 +643,7 @@ index 0078996..dd7c9c9 100644
} }
if (!hasmntopt(mntent, "create=file")) if (!hasmntopt(mntent, "create=file"))
@@ -2028,29 +2325,56 @@ static int mount_entry_create_dir_file(const struct mntent *mntent, @@ -2028,29 +2328,56 @@ static int mount_entry_create_dir_file(const struct mntent *mntent,
p2 = dirname(p1); p2 = dirname(p1);
ret = mkdir_p(p2, 0755); ret = mkdir_p(p2, 0755);
@ -697,7 +700,7 @@ index 0078996..dd7c9c9 100644
optional = hasmntopt(mntent, "optional") != NULL; optional = hasmntopt(mntent, "optional") != NULL;
dev = hasmntopt(mntent, "dev") != NULL; dev = hasmntopt(mntent, "dev") != NULL;
@@ -2059,9 +2383,41 @@ static inline int mount_entry_on_generic(struct mntent *mntent, @@ -2059,9 +2386,41 @@ static inline int mount_entry_on_generic(struct mntent *mntent,
if (rootfs && rootfs->path) if (rootfs && rootfs->path)
rootfs_path = rootfs->mount; rootfs_path = rootfs->mount;
@ -739,7 +742,7 @@ index 0078996..dd7c9c9 100644
if (optional) if (optional)
return 0; return 0;
@@ -2069,6 +2425,29 @@ static inline int mount_entry_on_generic(struct mntent *mntent, @@ -2069,6 +2428,29 @@ static inline int mount_entry_on_generic(struct mntent *mntent,
} }
cull_mntent_opt(mntent); cull_mntent_opt(mntent);
@ -769,7 +772,7 @@ index 0078996..dd7c9c9 100644
ret = parse_propagationopts(mntent->mnt_opts, &pflags); ret = parse_propagationopts(mntent->mnt_opts, &pflags);
if (ret < 0) if (ret < 0)
return -1; return -1;
@@ -2079,6 +2458,7 @@ static inline int mount_entry_on_generic(struct mntent *mntent, @@ -2079,6 +2461,7 @@ static inline int mount_entry_on_generic(struct mntent *mntent,
ret = mount_entry(mntent->mnt_fsname, path, mntent->mnt_type, mntflags, ret = mount_entry(mntent->mnt_fsname, path, mntent->mnt_type, mntflags,
pflags, mntdata, optional, dev, relative, rootfs_path); pflags, mntdata, optional, dev, relative, rootfs_path);
@ -777,7 +780,7 @@ index 0078996..dd7c9c9 100644
return ret; return ret;
} }
@@ -2098,13 +2478,25 @@ static inline int mount_entry_on_systemfs(struct mntent *mntent) @@ -2098,13 +2481,25 @@ static inline int mount_entry_on_systemfs(struct mntent *mntent)
if (ret < 0 || ret >= sizeof(path)) if (ret < 0 || ret >= sizeof(path))
return -1; return -1;
@ -803,7 +806,7 @@ index 0078996..dd7c9c9 100644
{ {
int offset; int offset;
char *aux; char *aux;
@@ -2140,13 +2532,25 @@ skipabs: @@ -2140,13 +2535,25 @@ skipabs:
if (ret < 0 || ret >= PATH_MAX) if (ret < 0 || ret >= PATH_MAX)
return -1; return -1;
@ -829,7 +832,7 @@ index 0078996..dd7c9c9 100644
{ {
int ret; int ret;
char path[PATH_MAX]; char path[PATH_MAX];
@@ -2156,12 +2560,22 @@ static int mount_entry_on_relative_rootfs(struct mntent *mntent, @@ -2156,12 +2563,22 @@ static int mount_entry_on_relative_rootfs(struct mntent *mntent,
if (ret < 0 || (size_t)ret >= sizeof(path)) if (ret < 0 || (size_t)ret >= sizeof(path))
return -1; return -1;
@ -852,7 +855,7 @@ index 0078996..dd7c9c9 100644
{ {
char buf[PATH_MAX]; char buf[PATH_MAX];
struct mntent mntent; struct mntent mntent;
@@ -2169,6 +2583,42 @@ static int mount_file_entries(const struct lxc_conf *conf, @@ -2169,6 +2586,42 @@ static int mount_file_entries(const struct lxc_conf *conf,
while (getmntent_r(file, &mntent, buf, sizeof(buf))) { while (getmntent_r(file, &mntent, buf, sizeof(buf))) {
int ret; int ret;
@ -895,7 +898,7 @@ index 0078996..dd7c9c9 100644
if (!rootfs->path) if (!rootfs->path)
ret = mount_entry_on_systemfs(&mntent); ret = mount_entry_on_systemfs(&mntent);
else if (mntent.mnt_dir[0] != '/') else if (mntent.mnt_dir[0] != '/')
@@ -2177,6 +2627,8 @@ static int mount_file_entries(const struct lxc_conf *conf, @@ -2177,6 +2630,8 @@ static int mount_file_entries(const struct lxc_conf *conf,
else else
ret = mount_entry_on_absolute_rootfs(&mntent, rootfs, ret = mount_entry_on_absolute_rootfs(&mntent, rootfs,
lxc_name, lxc_path); lxc_name, lxc_path);
@ -904,7 +907,7 @@ index 0078996..dd7c9c9 100644
if (ret < 0) if (ret < 0)
return -1; return -1;
} }
@@ -2195,9 +2647,15 @@ static inline void __auto_endmntent__(FILE **f) @@ -2195,9 +2650,15 @@ static inline void __auto_endmntent__(FILE **f)
#define __do_endmntent __attribute__((__cleanup__(__auto_endmntent__))) #define __do_endmntent __attribute__((__cleanup__(__auto_endmntent__)))
@ -920,7 +923,7 @@ index 0078996..dd7c9c9 100644
{ {
__do_endmntent FILE *f = NULL; __do_endmntent FILE *f = NULL;
int ret; int ret;
@@ -2209,7 +2667,11 @@ static int setup_mount(const struct lxc_conf *conf, @@ -2209,7 +2670,11 @@ static int setup_mount(const struct lxc_conf *conf,
if (!f) if (!f)
return log_error_errno(-1, errno, "Failed to open \"%s\"", fstab); return log_error_errno(-1, errno, "Failed to open \"%s\"", fstab);
@ -932,7 +935,7 @@ index 0078996..dd7c9c9 100644
if (ret < 0) if (ret < 0)
ERROR("Failed to set up mount entries"); ERROR("Failed to set up mount entries");
@@ -2285,10 +2747,17 @@ FILE *make_anonymous_mount_file(struct lxc_list *mount, @@ -2285,10 +2750,17 @@ FILE *make_anonymous_mount_file(struct lxc_list *mount,
return f; return f;
} }
@ -950,7 +953,7 @@ index 0078996..dd7c9c9 100644
{ {
__do_fclose FILE *f = NULL; __do_fclose FILE *f = NULL;
@@ -2296,7 +2765,11 @@ static int setup_mount_entries(const struct lxc_conf *conf, @@ -2296,7 +2768,11 @@ static int setup_mount_entries(const struct lxc_conf *conf,
if (!f) if (!f)
return -1; return -1;
@ -962,7 +965,7 @@ index 0078996..dd7c9c9 100644
} }
static int parse_cap(const char *cap) static int parse_cap(const char *cap)
@@ -2395,6 +2868,16 @@ static int dropcaps_except(struct lxc_list *caps) @@ -2395,6 +2871,16 @@ static int dropcaps_except(struct lxc_list *caps)
lxc_list_for_each (iterator, caps) { lxc_list_for_each (iterator, caps) {
keep_entry = iterator->elem; keep_entry = iterator->elem;
@ -979,7 +982,7 @@ index 0078996..dd7c9c9 100644
capid = parse_cap(keep_entry); capid = parse_cap(keep_entry);
if (capid == -2) if (capid == -2)
continue; continue;
@@ -2443,7 +2926,11 @@ static int parse_resource(const char *res) @@ -2443,7 +2929,11 @@ static int parse_resource(const char *res)
return resid; return resid;
} }
@ -991,7 +994,7 @@ index 0078996..dd7c9c9 100644
{ {
int resid; int resid;
struct lxc_list *it; struct lxc_list *it;
@@ -2457,8 +2944,17 @@ int setup_resource_limits(struct lxc_list *limits, pid_t pid) @@ -2457,8 +2947,17 @@ int setup_resource_limits(struct lxc_list *limits, pid_t pid)
return log_error(-1, "Unknown resource %s", lim->resource); return log_error(-1, "Unknown resource %s", lim->resource);
#if HAVE_PRLIMIT || HAVE_PRLIMIT64 #if HAVE_PRLIMIT || HAVE_PRLIMIT64
@ -1009,7 +1012,7 @@ index 0078996..dd7c9c9 100644
TRACE("Setup \"%s\" limit", lim->resource); TRACE("Setup \"%s\" limit", lim->resource);
#else #else
@@ -2601,6 +3097,27 @@ struct lxc_conf *lxc_conf_init(void) @@ -2601,6 +3100,27 @@ struct lxc_conf *lxc_conf_init(void)
memset(&new->ns_share, 0, sizeof(char *) * LXC_NS_MAX); memset(&new->ns_share, 0, sizeof(char *) * LXC_NS_MAX);
seccomp_conf_init(new); seccomp_conf_init(new);
@ -1037,7 +1040,7 @@ index 0078996..dd7c9c9 100644
return new; return new;
} }
@@ -3001,7 +3518,11 @@ again: @@ -3001,7 +3521,11 @@ again:
null_endofword(target); null_endofword(target);
ret = mount(NULL, target, NULL, MS_SLAVE, NULL); ret = mount(NULL, target, NULL, MS_SLAVE, NULL);
if (ret < 0) { if (ret < 0) {
@ -1049,7 +1052,7 @@ index 0078996..dd7c9c9 100644
continue; continue;
} }
TRACE("Recursively turned old root mount tree into dependent mount"); TRACE("Recursively turned old root mount tree into dependent mount");
@@ -3046,7 +3567,11 @@ static int lxc_execute_bind_init(struct lxc_handler *handler) @@ -3046,7 +3570,11 @@ static int lxc_execute_bind_init(struct lxc_handler *handler)
return log_error_errno(-1, errno, "Failed to create dummy \"%s\" file as bind mount target", destpath); return log_error_errno(-1, errno, "Failed to create dummy \"%s\" file as bind mount target", destpath);
} }
@ -1061,7 +1064,7 @@ index 0078996..dd7c9c9 100644
if (ret < 0) if (ret < 0)
return log_error_errno(-1, errno, "Failed to bind mount lxc.init.static into container"); return log_error_errno(-1, errno, "Failed to bind mount lxc.init.static into container");
@@ -3082,7 +3607,13 @@ int lxc_setup_rootfs_prepare_root(struct lxc_conf *conf, const char *name, @@ -3082,7 +3610,13 @@ int lxc_setup_rootfs_prepare_root(struct lxc_conf *conf, const char *name,
return log_trace(0, "Bind mounted container / onto itself"); return log_trace(0, "Bind mounted container / onto itself");
} }
@ -1075,7 +1078,7 @@ index 0078996..dd7c9c9 100644
ret = run_lxc_hooks(name, "pre-mount", conf, NULL); ret = run_lxc_hooks(name, "pre-mount", conf, NULL);
if (ret < 0) if (ret < 0)
@@ -3182,15 +3713,29 @@ static int lxc_setup_boot_id(void) @@ -3182,15 +3716,29 @@ static int lxc_setup_boot_id(void)
int lxc_setup(struct lxc_handler *handler) int lxc_setup(struct lxc_handler *handler)
{ {
@ -1105,7 +1108,7 @@ index 0078996..dd7c9c9 100644
if (handler->nsfd[LXC_NS_UTS] == -EBADF) { if (handler->nsfd[LXC_NS_UTS] == -EBADF) {
ret = setup_utsname(lxc_conf->utsname); ret = setup_utsname(lxc_conf->utsname);
@@ -3221,6 +3766,7 @@ int lxc_setup(struct lxc_handler *handler) @@ -3221,6 +3769,7 @@ int lxc_setup(struct lxc_handler *handler)
return log_error(-1, "Failed to send network device names and ifindices to parent"); return log_error(-1, "Failed to send network device names and ifindices to parent");
} }
@ -1113,7 +1116,7 @@ index 0078996..dd7c9c9 100644
if (wants_console(&lxc_conf->console)) { if (wants_console(&lxc_conf->console)) {
pts_mnt_fd = open_tree(-EBADF, lxc_conf->console.name, pts_mnt_fd = open_tree(-EBADF, lxc_conf->console.name,
OPEN_TREE_CLONE | OPEN_TREE_CLOEXEC | AT_EMPTY_PATH); OPEN_TREE_CLONE | OPEN_TREE_CLOEXEC | AT_EMPTY_PATH);
@@ -3231,9 +3777,15 @@ int lxc_setup(struct lxc_handler *handler) @@ -3231,9 +3780,15 @@ int lxc_setup(struct lxc_handler *handler)
TRACE("Created detached mount for container's console \"%s\"", TRACE("Created detached mount for container's console \"%s\"",
lxc_conf->console.name); lxc_conf->console.name);
} }
@ -1129,7 +1132,7 @@ index 0078996..dd7c9c9 100644
if (ret < 0) if (ret < 0)
return log_error(-1, "Failed to mount \"/dev\""); return log_error(-1, "Failed to mount \"/dev\"");
} }
@@ -3245,15 +3797,38 @@ int lxc_setup(struct lxc_handler *handler) @@ -3245,15 +3800,38 @@ int lxc_setup(struct lxc_handler *handler)
if (ret < 0) if (ret < 0)
return log_error(-1, "Failed to setup first automatic mounts"); return log_error(-1, "Failed to setup first automatic mounts");
@ -1168,7 +1171,7 @@ index 0078996..dd7c9c9 100644
} }
if (lxc_conf->is_execute) { if (lxc_conf->is_execute) {
@@ -3278,6 +3853,7 @@ int lxc_setup(struct lxc_handler *handler) @@ -3278,6 +3856,7 @@ int lxc_setup(struct lxc_handler *handler)
} }
} }
@ -1176,7 +1179,7 @@ index 0078996..dd7c9c9 100644
/* Now mount only cgroups, if wanted. Before, /sys could not have been /* Now mount only cgroups, if wanted. Before, /sys could not have been
* mounted. It is guaranteed to be mounted now either through * mounted. It is guaranteed to be mounted now either through
* automatically or via fstab entries. * automatically or via fstab entries.
@@ -3285,6 +3861,7 @@ int lxc_setup(struct lxc_handler *handler) @@ -3285,6 +3864,7 @@ int lxc_setup(struct lxc_handler *handler)
ret = lxc_mount_auto_mounts(lxc_conf, lxc_conf->auto_mounts & LXC_AUTO_CGROUP_MASK, handler); ret = lxc_mount_auto_mounts(lxc_conf, lxc_conf->auto_mounts & LXC_AUTO_CGROUP_MASK, handler);
if (ret < 0) if (ret < 0)
return log_error(-1, "Failed to setup remaining automatic mounts"); return log_error(-1, "Failed to setup remaining automatic mounts");
@ -1184,7 +1187,7 @@ index 0078996..dd7c9c9 100644
ret = run_lxc_hooks(name, "mount", lxc_conf, NULL); ret = run_lxc_hooks(name, "mount", lxc_conf, NULL);
if (ret < 0) if (ret < 0)
@@ -3295,21 +3872,45 @@ int lxc_setup(struct lxc_handler *handler) @@ -3295,21 +3875,45 @@ int lxc_setup(struct lxc_handler *handler)
if (ret < 0) if (ret < 0)
return log_error(-1, "Failed to run autodev hooks"); return log_error(-1, "Failed to run autodev hooks");
@ -1230,7 +1233,7 @@ index 0078996..dd7c9c9 100644
if (ret < 0) if (ret < 0)
return log_error(-1, "Failed to setup console"); return log_error(-1, "Failed to setup console");
@@ -3317,6 +3918,12 @@ int lxc_setup(struct lxc_handler *handler) @@ -3317,6 +3921,12 @@ int lxc_setup(struct lxc_handler *handler)
if (ret < 0) if (ret < 0)
return log_error(-1, "Failed to setup \"/dev\" symlinks"); return log_error(-1, "Failed to setup \"/dev\" symlinks");
@ -1243,7 +1246,7 @@ index 0078996..dd7c9c9 100644
ret = lxc_setup_rootfs_switch_root(&lxc_conf->rootfs); ret = lxc_setup_rootfs_switch_root(&lxc_conf->rootfs);
if (ret < 0) if (ret < 0)
return log_error(-1, "Failed to pivot root into rootfs"); return log_error(-1, "Failed to pivot root into rootfs");
@@ -3325,14 +3932,31 @@ int lxc_setup(struct lxc_handler *handler) @@ -3325,14 +3935,31 @@ int lxc_setup(struct lxc_handler *handler)
if (lxc_conf->autodev > 0) if (lxc_conf->autodev > 0)
(void)lxc_setup_boot_id(); (void)lxc_setup_boot_id();
@ -1275,7 +1278,7 @@ index 0078996..dd7c9c9 100644
ret = setup_personality(lxc_conf->personality); ret = setup_personality(lxc_conf->personality);
if (ret < 0) if (ret < 0)
return log_error(-1, "Failed to set personality"); return log_error(-1, "Failed to set personality");
@@ -3347,6 +3971,37 @@ int lxc_setup(struct lxc_handler *handler) @@ -3347,6 +3974,37 @@ int lxc_setup(struct lxc_handler *handler)
return log_error(-1, "Failed to setup sysctl parameters"); return log_error(-1, "Failed to setup sysctl parameters");
} }
@ -1313,7 +1316,7 @@ index 0078996..dd7c9c9 100644
if (!lxc_list_empty(&lxc_conf->keepcaps)) { if (!lxc_list_empty(&lxc_conf->keepcaps)) {
if (!lxc_list_empty(&lxc_conf->caps)) if (!lxc_list_empty(&lxc_conf->caps))
return log_error(-1, "Container requests lxc.cap.drop and lxc.cap.keep: either use lxc.cap.drop or lxc.cap.keep, not both"); return log_error(-1, "Container requests lxc.cap.drop and lxc.cap.keep: either use lxc.cap.drop or lxc.cap.keep, not both");
@@ -3753,6 +4408,25 @@ void lxc_conf_free(struct lxc_conf *conf) @@ -3753,6 +4411,25 @@ void lxc_conf_free(struct lxc_conf *conf)
free(conf->cgroup_meta.controllers); free(conf->cgroup_meta.controllers);
free(conf->shmount.path_host); free(conf->shmount.path_host);
free(conf->shmount.path_cont); free(conf->shmount.path_cont);
@ -1339,7 +1342,7 @@ index 0078996..dd7c9c9 100644
free(conf); free(conf);
} }
@@ -4775,3 +5449,1315 @@ struct lxc_list *sort_cgroup_settings(struct lxc_list *cgroup_settings) @@ -4775,3 +5452,1315 @@ struct lxc_list *sort_cgroup_settings(struct lxc_list *cgroup_settings)
return result; return result;
} }

12
0003-refactor-patch-code-of-isulad-for-selinux-attach.patch
View File

@ -7,8 +7,8 @@ Signed-off-by: haozi007 <liuhao27@huawei.com>
--- ---
src/lxc/exec_commands.c | 471 +++++++++++++++++++++++++++++++++++++ src/lxc/exec_commands.c | 471 +++++++++++++++++++++++++++++++++++++
src/lxc/lsm/selinux.c | 258 ++++++++++++++++++++ src/lxc/lsm/selinux.c | 258 ++++++++++++++++++++
src/lxc/tools/lxc_attach.c | 415 +++++++++++++++++++++++++++++++- src/lxc/tools/lxc_attach.c | 413 +++++++++++++++++++++++++++++++-
3 files changed, 1143 insertions(+), 1 deletion(-) 3 files changed, 1141 insertions(+), 1 deletion(-)
create mode 100644 src/lxc/exec_commands.c create mode 100644 src/lxc/exec_commands.c
diff --git a/src/lxc/exec_commands.c b/src/lxc/exec_commands.c diff --git a/src/lxc/exec_commands.c b/src/lxc/exec_commands.c
@ -772,7 +772,7 @@ index dba0ab5..bd4f449 100644
struct lsm_drv *lsm_selinux_drv_init(void) struct lsm_drv *lsm_selinux_drv_init(void)
diff --git a/src/lxc/tools/lxc_attach.c b/src/lxc/tools/lxc_attach.c diff --git a/src/lxc/tools/lxc_attach.c b/src/lxc/tools/lxc_attach.c
index a8f493a..58e19aa 100644 index a8f493a..1a5a241 100644
--- a/src/lxc/tools/lxc_attach.c --- a/src/lxc/tools/lxc_attach.c
+++ b/src/lxc/tools/lxc_attach.c +++ b/src/lxc/tools/lxc_attach.c
@@ -72,8 +72,20 @@ static const struct option my_longopts[] = { @@ -72,8 +72,20 @@ static const struct option my_longopts[] = {
@ -947,7 +947,7 @@ index a8f493a..58e19aa 100644
} }
return 0; return 0;
@@ -264,6 +395,287 @@ static int lxc_attach_create_log_file(const char *log_file) @@ -264,6 +395,285 @@ static int lxc_attach_create_log_file(const char *log_file)
return fd; return fd;
} }
@ -1207,11 +1207,9 @@ index a8f493a..58e19aa 100644
+ attach_options.open_stdin = true; + attach_options.open_stdin = true;
+ } + }
+ +
+#ifdef HAVE_ISULAD
+ if (my_args.workdir) { + if (my_args.workdir) {
+ attach_options.initial_cwd = my_args.workdir; + attach_options.initial_cwd = my_args.workdir;
+ } + }
+#endif
+ +
+ /* isulad: add do attach background */ + /* isulad: add do attach background */
+ if (attach_options.attach_flags & LXC_ATTACH_TERMINAL) + if (attach_options.attach_flags & LXC_ATTACH_TERMINAL)
@ -1235,7 +1233,7 @@ index a8f493a..58e19aa 100644
int main(int argc, char *argv[]) int main(int argc, char *argv[])
{ {
int ret = -1; int ret = -1;
@@ -377,3 +789,4 @@ out: @@ -377,3 +787,4 @@ out:
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }

194
0006-refactor-patch-about-namespace-log-terminal.patch
View File

@ -5,24 +5,22 @@ Subject: [PATCH] refactor patch about namespace log terminal
Signed-off-by: Neil.wrz <wangrunze13@huawei.com> Signed-off-by: Neil.wrz <wangrunze13@huawei.com>
--- ---
configure.ac | 30 +++++++++- configure.ac | 30 ++++++++++-
src/lxc/Makefile.am | 46 ++++++++++++++- src/lxc/Makefile.am | 44 ++++++++++++++-
src/lxc/af_unix.c | 89 +++++++++++++++++++++++++++++ src/lxc/af_unix.c | 89 ++++++++++++++++++++++++++++++
src/lxc/commands_utils.c | 57 +++++++++++++++++++ src/lxc/commands_utils.c | 57 ++++++++++++++++++++
src/lxc/exec_commands.h | 77 +++++++++++++++++++++++++ src/lxc/exec_commands.h | 77 ++++++++++++++++++++++++++
src/lxc/file_utils.h | 4 ++ src/lxc/file_utils.h | 4 ++
src/lxc/isulad_utils.c | 99 +++++++++++++++++++++++++++++++++ src/lxc/json/read-file.c | 95 +++++++++++++++++++++++++++++++++
src/lxc/json/read-file.c | 95 +++++++++++++++++++++++++++++++
src/lxc/log.c | 56 +++++++++++++++++++ src/lxc/log.c | 56 +++++++++++++++++++
src/lxc/path.h | 65 ++++++++++++++++++++++ src/lxc/path.h | 65 ++++++++++++++++++++++
src/lxc/start.h | 32 +++++++++++ src/lxc/start.h | 30 +++++++++++
src/lxc/storage/block.c | 86 ++++++++++++++++++++++++++++ src/lxc/storage/block.c | 86 +++++++++++++++++++++++++++++
src/lxc/storage/block.h | 41 ++++++++++++++ src/lxc/storage/block.h | 41 ++++++++++++++
src/lxc/storage/storage_utils.c | 61 +++++++++++++++++++- src/lxc/storage/storage_utils.c | 60 +++++++++++++++++++++
src/lxc/terminal.h | 35 ++++++++++++ src/lxc/terminal.h | 35 ++++++++++++
15 files changed, 869 insertions(+), 4 deletions(-) 14 files changed, 766 insertions(+), 3 deletions(-)
create mode 100644 src/lxc/exec_commands.h create mode 100644 src/lxc/exec_commands.h
create mode 100644 src/lxc/isulad_utils.c
create mode 100644 src/lxc/json/read-file.c create mode 100644 src/lxc/json/read-file.c
create mode 100644 src/lxc/path.h create mode 100644 src/lxc/path.h
create mode 100644 src/lxc/storage/block.c create mode 100644 src/lxc/storage/block.c
@ -110,7 +108,7 @@ index 059d57d..ce8854e 100644
AC_CONFIG_FILES([ AC_CONFIG_FILES([
Makefile Makefile
diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am
index d1e2364..433d938 100644 index d1e2364..b9a8750 100644
--- a/src/lxc/Makefile.am --- a/src/lxc/Makefile.am
+++ b/src/lxc/Makefile.am +++ b/src/lxc/Makefile.am
@@ -52,6 +52,16 @@ noinst_HEADERS = api_extensions.h \ @@ -52,6 +52,16 @@ noinst_HEADERS = api_extensions.h \
@ -138,22 +136,13 @@ index d1e2364..433d938 100644
cgroups/cgroup.c cgroups/cgroup.h \ cgroups/cgroup.c cgroups/cgroup.h \
cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \
cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ cgroups/cgroup_utils.c cgroups/cgroup_utils.h \
@@ -135,6 +144,9 @@ liblxc_la_SOURCES = af_unix.c af_unix.h \ @@ -154,6 +163,22 @@ liblxc_la_SOURCES = af_unix.c af_unix.h \
start.c start.h \
storage/btrfs.c storage/btrfs.h \
storage/dir.c storage/dir.h \
+if HAVE_ISULAD
+ storage/block.c storage/block.h \
+endif
storage/loop.c storage/loop.h \
storage/lvm.c storage/lvm.h \
storage/nbd.c storage/nbd.h \
@@ -154,6 +166,21 @@ liblxc_la_SOURCES = af_unix.c af_unix.h \
version.h \ version.h \
$(LSM_SOURCES) $(LSM_SOURCES)
+if HAVE_ISULAD +if HAVE_ISULAD
+liblxc_la_SOURCES += isulad_utils.c isulad_utils.h \ +liblxc_la_SOURCES += isulad_utils.c isulad_utils.h \
+ storage/block.c storage/block.h \
+ path.c path.h \ + path.c path.h \
+ json/json_common.c json/json_common.h \ + json/json_common.c json/json_common.h \
+ json/defs.h json/defs.c \ + json/defs.h json/defs.c \
@ -170,7 +159,7 @@ index d1e2364..433d938 100644
if IS_BIONIC if IS_BIONIC
liblxc_la_SOURCES += ../include/fexecve.c ../include/fexecve.h \ liblxc_la_SOURCES += ../include/fexecve.c ../include/fexecve.h \
../include/lxcmntent.c ../include/lxcmntent.h \ ../include/lxcmntent.c ../include/lxcmntent.h \
@@ -212,6 +239,10 @@ AM_CFLAGS = -DLXCROOTFSMOUNT=\"$(LXCROOTFSMOUNT)\" \ @@ -212,6 +237,10 @@ AM_CFLAGS = -DLXCROOTFSMOUNT=\"$(LXCROOTFSMOUNT)\" \
-I $(top_srcdir)/src/lxc/storage \ -I $(top_srcdir)/src/lxc/storage \
-I $(top_srcdir)/src/lxc/cgroups -I $(top_srcdir)/src/lxc/cgroups
@ -181,7 +170,7 @@ index d1e2364..433d938 100644
if ENABLE_APPARMOR if ENABLE_APPARMOR
AM_CFLAGS += -DHAVE_APPARMOR AM_CFLAGS += -DHAVE_APPARMOR
endif endif
@@ -249,6 +280,10 @@ liblxc_la_CFLAGS += -fsanitize=address \ @@ -249,6 +278,10 @@ liblxc_la_CFLAGS += -fsanitize=address \
-fno-omit-frame-pointer -fno-omit-frame-pointer
endif endif
@ -192,7 +181,7 @@ index d1e2364..433d938 100644
if ENABLE_UBSAN if ENABLE_UBSAN
liblxc_la_CFLAGS += -fsanitize=undefined liblxc_la_CFLAGS += -fsanitize=undefined
endif endif
@@ -258,6 +293,12 @@ liblxc_la_LDFLAGS = -pthread \ @@ -258,6 +291,12 @@ liblxc_la_LDFLAGS = -pthread \
-Wl,-soname,liblxc.so.$(firstword $(subst ., ,@LXC_ABI@)) \ -Wl,-soname,liblxc.so.$(firstword $(subst ., ,@LXC_ABI@)) \
-version-info @LXC_ABI_MAJOR@ -version-info @LXC_ABI_MAJOR@
@ -205,7 +194,7 @@ index d1e2364..433d938 100644
liblxc_la_LIBADD = $(CAP_LIBS) \ liblxc_la_LIBADD = $(CAP_LIBS) \
$(OPENSSL_LIBS) \ $(OPENSSL_LIBS) \
$(SELINUX_LIBS) \ $(SELINUX_LIBS) \
@@ -321,7 +362,8 @@ LDADD = liblxc.la \ @@ -321,7 +360,8 @@ LDADD = liblxc.la \
@OPENSSL_LIBS@ \ @OPENSSL_LIBS@ \
@SECCOMP_LIBS@ \ @SECCOMP_LIBS@ \
@SELINUX_LIBS@ \ @SELINUX_LIBS@ \
@ -516,111 +505,6 @@ index f9c8abe..37cd79e 100644
+#endif +#endif
+ +
#endif /* __LXC_FILE_UTILS_H */ #endif /* __LXC_FILE_UTILS_H */
diff --git a/src/lxc/isulad_utils.c b/src/lxc/isulad_utils.c
new file mode 100644
index 0000000..b282404
--- /dev/null
+++ b/src/lxc/isulad_utils.c
@@ -0,0 +1,99 @@
+/* SPDX-License-Identifier: LGPL-2.1+ */
+/******************************************************************************
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. Allrights reserved
+ * Description: isulad utils
+ * Author: lifeng
+ * Create: 2020-04-11
+******************************************************************************/
+
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
+#include "isulad_utils.h"
+#include "log.h"
+#include "path.h"
+#include "file_utils.h"
+
+lxc_log_define(isulad_utils, lxc);
+
+void *lxc_common_calloc_s(size_t size)
+{
+ if (size == 0 || size > SIZE_MAX) {
+ return NULL;
+ }
+
+ return calloc((size_t)1, size);
+}
+
+int lxc_mem_realloc(void **newptr, size_t newsize, void *oldptr, size_t oldsize)
+{
+ void *tmp = NULL;
+
+ if (newsize == 0) {
+ goto err_out;
+ }
+
+ tmp = lxc_common_calloc_s(newsize);
+ if (tmp == NULL) {
+ ERROR("Failed to malloc memory");
+ goto err_out;
+ }
+
+ if (oldptr != NULL) {
+ memcpy(tmp, oldptr, (newsize < oldsize) ? newsize : oldsize);
+
+ memset(oldptr, 0, oldsize);
+
+ free(oldptr);
+ }
+
+ *newptr = tmp;
+ return 0;
+
+err_out:
+ return -1;
+}
+
+char *safe_strdup(const char *src)
+{
+ char *dst = NULL;
+
+ if (src == NULL) {
+ return NULL;
+ }
+
+ dst = strdup(src);
+ if (dst == NULL) {
+ abort();
+ }
+
+ return dst;
+}
+
+int lxc_open(const char *filename, int flags, mode_t mode)
+{
+ char rpath[PATH_MAX] = {0x00};
+
+ if (cleanpath(filename, rpath, sizeof(rpath)) == NULL) {
+ return -1;
+ }
+ if (mode) {
+ return open(rpath, (int)((unsigned int)flags | O_CLOEXEC), mode);
+ } else {
+ return open(rpath, (int)((unsigned int)flags | O_CLOEXEC));
+ }
+}
+
+FILE *lxc_fopen(const char *filename, const char *mode)
+{
+ char rpath[PATH_MAX] = {0x00};
+
+ if (cleanpath(filename, rpath, sizeof(rpath)) == NULL) {
+ return NULL;
+ }
+
+ return fopen_cloexec(rpath, mode);
+}
diff --git a/src/lxc/json/read-file.c b/src/lxc/json/read-file.c diff --git a/src/lxc/json/read-file.c b/src/lxc/json/read-file.c
new file mode 100644 new file mode 100644
index 0000000..34ebeed index 0000000..34ebeed
@ -900,7 +784,7 @@ index 0000000..2c60fb9
+ +
+#endif +#endif
diff --git a/src/lxc/start.h b/src/lxc/start.h diff --git a/src/lxc/start.h b/src/lxc/start.h
index ece4aac..1d05be6 100644 index ece4aac..c7a0a55 100644
--- a/src/lxc/start.h --- a/src/lxc/start.h
+++ b/src/lxc/start.h +++ b/src/lxc/start.h
@@ -124,8 +124,17 @@ struct lxc_handler { @@ -124,8 +124,17 @@ struct lxc_handler {
@ -933,26 +817,18 @@ index ece4aac..1d05be6 100644
int (*post_start)(struct lxc_handler *, void *); int (*post_start)(struct lxc_handler *, void *);
}; };
@@ -147,10 +160,15 @@ extern int lxc_serve_state_clients(const char *name, @@ -164,14 +177,31 @@ extern void lxc_end(struct lxc_handler *handler);
struct lxc_handler *handler, */
lxc_state_t state); extern int lxc_check_inherited(struct lxc_conf *conf, bool closeall,
extern void lxc_abort(struct lxc_handler *handler); int *fds_to_ignore, size_t len_fds);
+#ifdef HAVE_ISULAD +#ifndef HAVE_ISULAD
+extern void lxc_zero_handler(struct lxc_handler *handler); static inline int inherit_fds(struct lxc_handler *handler, bool closeall)
+extern void lxc_free_handler(struct lxc_handler *handler); {
+#else
extern struct lxc_handler *lxc_init_handler(struct lxc_handler *old,
const char *name,
struct lxc_conf *conf,
const char *lxcpath, bool daemonize);
+#endif
extern void lxc_put_handler(struct lxc_handler *handler);
extern int lxc_init(const char *name, struct lxc_handler *handler);
extern void lxc_end(struct lxc_handler *handler);
@@ -169,9 +187,23 @@ static inline int inherit_fds(struct lxc_handler *handler, bool closeall)
return lxc_check_inherited(handler->conf, closeall, handler->keep_fds, return lxc_check_inherited(handler->conf, closeall, handler->keep_fds,
ARRAY_SIZE(handler->keep_fds)); ARRAY_SIZE(handler->keep_fds));
} }
+#endif
+
+#ifdef HAVE_ISULAD +#ifdef HAVE_ISULAD
+extern int __lxc_start(struct lxc_handler *handler, +extern int __lxc_start(struct lxc_handler *handler,
+ struct lxc_operations* ops, void *data, const char *lxcpath, + struct lxc_operations* ops, void *data, const char *lxcpath,
@ -1113,7 +989,7 @@ index 0000000..2fa7565
+ +
+#endif /* __LXC_BLK_H */ +#endif /* __LXC_BLK_H */
diff --git a/src/lxc/storage/storage_utils.c b/src/lxc/storage/storage_utils.c diff --git a/src/lxc/storage/storage_utils.c b/src/lxc/storage/storage_utils.c
index f96bd52..63371ae 100644 index f96bd52..696c6e5 100644
--- a/src/lxc/storage/storage_utils.c --- a/src/lxc/storage/storage_utils.c
+++ b/src/lxc/storage/storage_utils.c +++ b/src/lxc/storage/storage_utils.c
@@ -256,10 +256,17 @@ int is_blktype(struct lxc_storage *b) @@ -256,10 +256,17 @@ int is_blktype(struct lxc_storage *b)
@ -1134,7 +1010,7 @@ index f96bd52..63371ae 100644
int ret; int ret;
struct cbarg { struct cbarg {
const char *rootfs; const char *rootfs;
@@ -288,14 +295,40 @@ int mount_unknown_fs(const char *rootfs, const char *target, @@ -288,14 +295,41 @@ int mount_unknown_fs(const char *rootfs, const char *target,
ret = lxc_file_for_each_line(fsfile[i], find_fstype_cb, &cbarg); ret = lxc_file_for_each_line(fsfile[i], find_fstype_cb, &cbarg);
if (ret < 0) { if (ret < 0) {
ERROR("Failed to parse \"%s\"", fsfile[i]); ERROR("Failed to parse \"%s\"", fsfile[i]);
@ -1145,17 +1021,17 @@ index f96bd52..63371ae 100644
return -1; return -1;
} }
- if (ret)
+#ifdef HAVE_ISULAD +#ifdef HAVE_ISULAD
+ if (ret) { + if (ret) {
+ lxc_free_array((void**)mount_errors, free); + lxc_free_array((void**)mount_errors, free);
+ mount_errors = NULL; + mount_errors = NULL;
return 0; + return 0;
+ } + }
+#else +#else
+ if (ret) if (ret)
+ return 0; return 0;
+#endif +#endif
+ }
+ +
+#ifdef HAVE_ISULAD +#ifdef HAVE_ISULAD
+ if (mount_errors != NULL) { + if (mount_errors != NULL) {
@ -1176,7 +1052,7 @@ index f96bd52..63371ae 100644
return -1; return -1;
} }
@@ -316,6 +349,11 @@ int find_fstype_cb(char *buffer, void *data) @@ -316,6 +350,11 @@ int find_fstype_cb(char *buffer, void *data)
char *mntdata = NULL; char *mntdata = NULL;
char *fstype; char *fstype;
@ -1188,7 +1064,7 @@ index f96bd52..63371ae 100644
/* we don't try 'nodev' entries */ /* we don't try 'nodev' entries */
if (strstr(buffer, "nodev")) if (strstr(buffer, "nodev"))
return 0; return 0;
@@ -327,14 +365,35 @@ int find_fstype_cb(char *buffer, void *data) @@ -327,14 +366,35 @@ int find_fstype_cb(char *buffer, void *data)
DEBUG("Trying to mount \"%s\"->\"%s\" with FSType \"%s\"", cbarg->rootfs, DEBUG("Trying to mount \"%s\"->\"%s\" with FSType \"%s\"", cbarg->rootfs,
cbarg->target, fstype); cbarg->target, fstype);

115
0007-refactor-patches-on-terminal.c-start.c-and-so-on.patch
View File

@ -13,14 +13,14 @@ Signed-off-by: chengzrz <czrzrichard@gmail.com>
src/lxc/lsm/lsm.h | 8 + src/lxc/lsm/lsm.h | 8 +
src/lxc/lxclock.h | 4 + src/lxc/lxclock.h | 4 +
src/lxc/mainloop.h | 4 + src/lxc/mainloop.h | 4 +
src/lxc/start.c | 952 ++++++++++++++++++++++++++++++++++++ src/lxc/start.c | 958 ++++++++++++++++++++++++++++++++++++
src/lxc/storage/btrfs.c | 11 + src/lxc/storage/btrfs.c | 11 +
src/lxc/storage/overlay.c | 8 + src/lxc/storage/overlay.c | 8 +
src/lxc/sync.h | 4 + src/lxc/sync.h | 4 +
src/lxc/terminal.c | 990 ++++++++++++++++++++++++++++++++++++++ src/lxc/terminal.c | 990 ++++++++++++++++++++++++++++++++++++++
src/tests/Makefile.am | 4 + src/tests/Makefile.am | 4 +
src/tests/attach.c | 11 + src/tests/attach.c | 11 +
15 files changed, 2019 insertions(+) 15 files changed, 2025 insertions(+)
diff --git a/hooks/Makefile.am b/hooks/Makefile.am diff --git a/hooks/Makefile.am b/hooks/Makefile.am
index 5ae73d7..ddfd4bc 100644 index 5ae73d7..ddfd4bc 100644
@ -166,7 +166,7 @@ index e6ab9a6..aa41a93 100644
+ +
#endif #endif
diff --git a/src/lxc/start.c b/src/lxc/start.c diff --git a/src/lxc/start.c b/src/lxc/start.c
index fd969c4..d83330e 100644 index fd969c4..f82df34 100644
--- a/src/lxc/start.c --- a/src/lxc/start.c
+++ b/src/lxc/start.c +++ b/src/lxc/start.c
@@ -304,7 +304,11 @@ static int setup_signal_fd(sigset_t *oldmask) @@ -304,7 +304,11 @@ static int setup_signal_fd(sigset_t *oldmask)
@ -209,7 +209,17 @@ index fd969c4..d83330e 100644
out_mainloop_console: out_mainloop_console:
if (has_console) { if (has_console) {
@@ -671,6 +689,12 @@ struct lxc_handler *lxc_init_handler(struct lxc_handler *old, @@ -637,7 +655,9 @@ struct lxc_handler *lxc_init_handler(struct lxc_handler *old,
const char *name, struct lxc_conf *conf,
const char *lxcpath, bool daemonize)
{
+#ifndef HAVE_ISULAD
int nr_keep_fds = 0;
+#endif
int ret;
struct lxc_handler *handler;
@@ -671,6 +691,12 @@ struct lxc_handler *lxc_init_handler(struct lxc_handler *old,
handler->nsfd[i] = -EBADF; handler->nsfd[i] = -EBADF;
handler->name = name; handler->name = name;
@ -222,7 +232,28 @@ index fd969c4..d83330e 100644
if (daemonize) if (daemonize)
handler->transient_pid = lxc_raw_getpid(); handler->transient_pid = lxc_raw_getpid();
else else
@@ -721,6 +745,10 @@ int lxc_init(const char *name, struct lxc_handler *handler) @@ -691,8 +717,10 @@ struct lxc_handler *lxc_init_handler(struct lxc_handler *old,
TRACE("Created anonymous pair {%d,%d} of unix sockets",
handler->state_socket_pair[0],
handler->state_socket_pair[1]);
+#ifndef HAVE_ISULAD
handler->keep_fds[nr_keep_fds++] = handler->state_socket_pair[0];
handler->keep_fds[nr_keep_fds++] = handler->state_socket_pair[1];
+#endif
}
if (handler->conf->reboot == REBOOT_NONE) {
@@ -701,7 +729,9 @@ struct lxc_handler *lxc_init_handler(struct lxc_handler *old,
ERROR("Failed to set up command socket");
goto on_error;
}
+#ifndef HAVE_ISULAD
handler->keep_fds[nr_keep_fds++] = handler->conf->maincmd_fd;
+#endif
}
TRACE("Unix domain socket %d for command server is ready",
@@ -721,6 +751,10 @@ int lxc_init(const char *name, struct lxc_handler *handler)
int ret; int ret;
const char *loglevel; const char *loglevel;
struct lxc_conf *conf = handler->conf; struct lxc_conf *conf = handler->conf;
@ -233,7 +264,7 @@ index fd969c4..d83330e 100644
handler->monitor_pid = lxc_raw_getpid(); handler->monitor_pid = lxc_raw_getpid();
status_fd = open("/proc/self/status", O_RDONLY | O_CLOEXEC); status_fd = open("/proc/self/status", O_RDONLY | O_CLOEXEC);
@@ -810,6 +838,9 @@ int lxc_init(const char *name, struct lxc_handler *handler) @@ -810,6 +844,9 @@ int lxc_init(const char *name, struct lxc_handler *handler)
ret = lxc_terminal_setup(conf); ret = lxc_terminal_setup(conf);
if (ret < 0) { if (ret < 0) {
ERROR("Failed to create console"); ERROR("Failed to create console");
@ -243,7 +274,7 @@ index fd969c4..d83330e 100644
goto out_restore_sigmask; goto out_restore_sigmask;
} }
TRACE("Created console"); TRACE("Created console");
@@ -853,6 +884,185 @@ out_restore_sigmask: @@ -853,6 +890,185 @@ out_restore_sigmask:
return -1; return -1;
} }
@ -429,7 +460,7 @@ index fd969c4..d83330e 100644
void lxc_end(struct lxc_handler *handler) void lxc_end(struct lxc_handler *handler)
{ {
int ret; int ret;
@@ -926,6 +1136,33 @@ void lxc_end(struct lxc_handler *handler) @@ -926,6 +1142,33 @@ void lxc_end(struct lxc_handler *handler)
lsm_process_cleanup(handler->conf, handler->lxcpath); lsm_process_cleanup(handler->conf, handler->lxcpath);
@ -463,7 +494,7 @@ index fd969c4..d83330e 100644
if (cgroup_ops) { if (cgroup_ops) {
cgroup_ops->payload_destroy(cgroup_ops, handler); cgroup_ops->payload_destroy(cgroup_ops, handler);
cgroup_ops->monitor_destroy(cgroup_ops, handler); cgroup_ops->monitor_destroy(cgroup_ops, handler);
@@ -940,12 +1177,25 @@ void lxc_end(struct lxc_handler *handler) @@ -940,12 +1183,25 @@ void lxc_end(struct lxc_handler *handler)
*/ */
close_prot_errno_disarm(handler->conf->maincmd_fd); close_prot_errno_disarm(handler->conf->maincmd_fd);
TRACE("Closed command socket"); TRACE("Closed command socket");
@ -489,7 +520,7 @@ index fd969c4..d83330e 100644
/* The command socket is closed so no one can acces the command /* The command socket is closed so no one can acces the command
* socket anymore so there's no need to lock it. * socket anymore so there's no need to lock it.
*/ */
@@ -1042,6 +1292,25 @@ static int do_start(void *data) @@ -1042,6 +1298,25 @@ static int do_start(void *data)
lxc_sync_fini_parent(handler); lxc_sync_fini_parent(handler);
@ -515,7 +546,7 @@ index fd969c4..d83330e 100644
if (lxc_abstract_unix_recv_fds(data_sock1, &status_fd, 1, NULL, 0) < 0) { if (lxc_abstract_unix_recv_fds(data_sock1, &status_fd, 1, NULL, 0) < 0) {
ERROR("Failed to receive status file descriptor to child process"); ERROR("Failed to receive status file descriptor to child process");
goto out_warn_father; goto out_warn_father;
@@ -1155,7 +1424,11 @@ static int do_start(void *data) @@ -1155,7 +1430,11 @@ static int do_start(void *data)
* means that migration won't work, but at least we won't spew output * means that migration won't work, but at least we won't spew output
* where it isn't wanted. * where it isn't wanted.
*/ */
@ -527,7 +558,7 @@ index fd969c4..d83330e 100644
char path[PATH_MAX]; char path[PATH_MAX];
ret = snprintf(path, sizeof(path), "%s/dev/null", ret = snprintf(path, sizeof(path), "%s/dev/null",
@@ -1221,6 +1494,9 @@ static int do_start(void *data) @@ -1221,6 +1500,9 @@ static int do_start(void *data)
/* Setup the container, ip, names, utsname, ... */ /* Setup the container, ip, names, utsname, ... */
ret = lxc_setup(handler); ret = lxc_setup(handler);
if (ret < 0) { if (ret < 0) {
@ -537,7 +568,7 @@ index fd969c4..d83330e 100644
ERROR("Failed to setup container \"%s\"", handler->name); ERROR("Failed to setup container \"%s\"", handler->name);
goto out_warn_father; goto out_warn_father;
} }
@@ -1243,12 +1519,70 @@ static int do_start(void *data) @@ -1243,12 +1525,70 @@ static int do_start(void *data)
DEBUG("Set PR_SET_NO_NEW_PRIVS to block execve() gainable privileges"); DEBUG("Set PR_SET_NO_NEW_PRIVS to block execve() gainable privileges");
} }
@ -608,7 +639,7 @@ index fd969c4..d83330e 100644
if (handler->conf->console.pts >= 0) { if (handler->conf->console.pts >= 0) {
if (handler->daemonize || !handler->conf->is_execute) if (handler->daemonize || !handler->conf->is_execute)
ret = set_stdfds(handler->conf->console.pts); ret = set_stdfds(handler->conf->console.pts);
@@ -1260,6 +1594,7 @@ static int do_start(void *data) @@ -1260,6 +1600,7 @@ static int do_start(void *data)
goto out_warn_father; goto out_warn_father;
} }
} }
@ -616,7 +647,7 @@ index fd969c4..d83330e 100644
/* If we mounted a temporary proc, then unmount it now. */ /* If we mounted a temporary proc, then unmount it now. */
tmp_proc_unmount(handler->conf); tmp_proc_unmount(handler->conf);
@@ -1283,6 +1618,21 @@ static int do_start(void *data) @@ -1283,6 +1624,21 @@ static int do_start(void *data)
close_prot_errno_disarm(handler->sigfd); close_prot_errno_disarm(handler->sigfd);
@ -638,7 +669,7 @@ index fd969c4..d83330e 100644
if (handler->conf->console.pts < 0 && handler->daemonize) { if (handler->conf->console.pts < 0 && handler->daemonize) {
if (devnull_fd < 0) { if (devnull_fd < 0) {
devnull_fd = open_devnull(); devnull_fd = open_devnull();
@@ -1296,12 +1646,25 @@ static int do_start(void *data) @@ -1296,12 +1652,25 @@ static int do_start(void *data)
goto out_warn_father; goto out_warn_father;
} }
} }
@ -664,7 +695,7 @@ index fd969c4..d83330e 100644
ret = chdir(handler->conf->init_cwd); ret = chdir(handler->conf->init_cwd);
if (ret < 0) { if (ret < 0) {
SYSERROR("Could not change directory to \"%s\"", SYSERROR("Could not change directory to \"%s\"",
@@ -1345,6 +1708,13 @@ static int do_start(void *data) @@ -1345,6 +1714,13 @@ static int do_start(void *data)
} }
} }
@ -678,7 +709,7 @@ index fd969c4..d83330e 100644
/* The container has been setup. We can now switch to an unprivileged /* The container has been setup. We can now switch to an unprivileged
* uid/gid. * uid/gid.
*/ */
@@ -1358,6 +1728,13 @@ static int do_start(void *data) @@ -1358,6 +1734,13 @@ static int do_start(void *data)
if (new_gid == nsgid) if (new_gid == nsgid)
new_gid = LXC_INVALID_GID; new_gid = LXC_INVALID_GID;
@ -692,7 +723,7 @@ index fd969c4..d83330e 100644
/* Make sure that the processes STDIO is correctly owned by the user that we are switching to */ /* Make sure that the processes STDIO is correctly owned by the user that we are switching to */
ret = fix_stdio_permissions(new_uid); ret = fix_stdio_permissions(new_uid);
if (ret) if (ret)
@@ -1371,8 +1748,16 @@ static int do_start(void *data) @@ -1371,8 +1754,16 @@ static int do_start(void *data)
#if HAVE_LIBCAP #if HAVE_LIBCAP
if (lxc_proc_cap_is_set(CAP_SETGID, CAP_EFFECTIVE)) if (lxc_proc_cap_is_set(CAP_SETGID, CAP_EFFECTIVE))
#endif #endif
@ -709,7 +740,7 @@ index fd969c4..d83330e 100644
if (!lxc_switch_uid_gid(new_uid, new_gid)) if (!lxc_switch_uid_gid(new_uid, new_gid))
goto out_warn_father; goto out_warn_father;
@@ -1383,6 +1768,19 @@ static int do_start(void *data) @@ -1383,6 +1774,19 @@ static int do_start(void *data)
goto out_warn_father; goto out_warn_father;
} }
@ -729,7 +760,7 @@ index fd969c4..d83330e 100644
if (handler->conf->monitor_signal_pdeath != SIGKILL) { if (handler->conf->monitor_signal_pdeath != SIGKILL) {
ret = lxc_set_death_signal(handler->conf->monitor_signal_pdeath, ret = lxc_set_death_signal(handler->conf->monitor_signal_pdeath,
handler->monitor_pid, status_fd); handler->monitor_pid, status_fd);
@@ -1397,7 +1795,12 @@ static int do_start(void *data) @@ -1397,7 +1801,12 @@ static int do_start(void *data)
* After this call, we are in error because this ops should not return * After this call, we are in error because this ops should not return
* as it execs. * as it execs.
*/ */
@ -742,7 +773,7 @@ index fd969c4..d83330e 100644
out_warn_father: out_warn_father:
/* /*
@@ -1529,6 +1932,94 @@ static inline int do_share_ns(void *arg) @@ -1529,6 +1938,94 @@ static inline int do_share_ns(void *arg)
return 0; return 0;
} }
@ -837,7 +868,7 @@ index fd969c4..d83330e 100644
/* lxc_spawn() performs crucial setup tasks and clone()s the new process which /* lxc_spawn() performs crucial setup tasks and clone()s the new process which
* exec()s the requested container binary. * exec()s the requested container binary.
* Note that lxc_spawn() runs in the parent namespaces. Any operations performed * Note that lxc_spawn() runs in the parent namespaces. Any operations performed
@@ -1595,7 +2086,11 @@ static int lxc_spawn(struct lxc_handler *handler) @@ -1595,7 +2092,11 @@ static int lxc_spawn(struct lxc_handler *handler)
* it readonly. * it readonly.
* If the container is unprivileged then skip rootfs pinning. * If the container is unprivileged then skip rootfs pinning.
*/ */
@ -849,7 +880,7 @@ index fd969c4..d83330e 100644
handler->pinfd = pin_rootfs(conf->rootfs.path); handler->pinfd = pin_rootfs(conf->rootfs.path);
if (handler->pinfd == -EBADF) if (handler->pinfd == -EBADF)
INFO("Failed to pin the rootfs for container \"%s\"", handler->name); INFO("Failed to pin the rootfs for container \"%s\"", handler->name);
@@ -1640,6 +2135,32 @@ static int lxc_spawn(struct lxc_handler *handler) @@ -1640,6 +2141,32 @@ static int lxc_spawn(struct lxc_handler *handler)
} }
TRACE("Cloned child process %d", handler->pid); TRACE("Cloned child process %d", handler->pid);
@ -882,7 +913,7 @@ index fd969c4..d83330e 100644
/* Verify that we can actually make use of pidfds. */ /* Verify that we can actually make use of pidfds. */
if (!lxc_can_use_pidfd(handler->pidfd)) if (!lxc_can_use_pidfd(handler->pidfd))
close_prot_errno_disarm(handler->pidfd); close_prot_errno_disarm(handler->pidfd);
@@ -1652,6 +2173,13 @@ static int lxc_spawn(struct lxc_handler *handler) @@ -1652,6 +2179,13 @@ static int lxc_spawn(struct lxc_handler *handler)
if (ret < 0) if (ret < 0)
SYSERROR("Failed to set environment variable: LXC_PID=%s", pidstr); SYSERROR("Failed to set environment variable: LXC_PID=%s", pidstr);
@ -896,7 +927,7 @@ index fd969c4..d83330e 100644
for (i = 0; i < LXC_NS_MAX; i++) for (i = 0; i < LXC_NS_MAX; i++)
if (handler->ns_on_clone_flags & ns_info[i].clone_flag) if (handler->ns_on_clone_flags & ns_info[i].clone_flag)
INFO("Cloned %s", ns_info[i].flag_name); INFO("Cloned %s", ns_info[i].flag_name);
@@ -1765,7 +2293,11 @@ static int lxc_spawn(struct lxc_handler *handler) @@ -1765,7 +2299,11 @@ static int lxc_spawn(struct lxc_handler *handler)
goto out_delete_net; goto out_delete_net;
if (!lxc_list_empty(&conf->limits)) { if (!lxc_list_empty(&conf->limits)) {
@ -908,7 +939,7 @@ index fd969c4..d83330e 100644
if (ret < 0) { if (ret < 0) {
ERROR("Failed to setup resource limits"); ERROR("Failed to setup resource limits");
goto out_delete_net; goto out_delete_net;
@@ -1816,6 +2348,26 @@ static int lxc_spawn(struct lxc_handler *handler) @@ -1816,6 +2354,26 @@ static int lxc_spawn(struct lxc_handler *handler)
ERROR("Failed to run lxc.hook.start-host"); ERROR("Failed to run lxc.hook.start-host");
goto out_delete_net; goto out_delete_net;
} }
@ -935,7 +966,7 @@ index fd969c4..d83330e 100644
/* Tell the child to complete its initialization and wait for it to exec /* Tell the child to complete its initialization and wait for it to exec
* or return an error. (The child will never return * or return an error. (The child will never return
@@ -1859,6 +2411,22 @@ static int lxc_spawn(struct lxc_handler *handler) @@ -1859,6 +2417,22 @@ static int lxc_spawn(struct lxc_handler *handler)
if (ret < 0) if (ret < 0)
goto out_abort; goto out_abort;
@ -958,7 +989,7 @@ index fd969c4..d83330e 100644
ret = lxc_set_state(name, handler, RUNNING); ret = lxc_set_state(name, handler, RUNNING);
if (ret < 0) { if (ret < 0) {
ERROR("Failed to set state to \"%s\"", lxc_state2str(RUNNING)); ERROR("Failed to set state to \"%s\"", lxc_state2str(RUNNING));
@@ -1883,9 +2451,83 @@ out_sync_fini: @@ -1883,9 +2457,83 @@ out_sync_fini:
return -1; return -1;
} }
@ -1042,7 +1073,7 @@ index fd969c4..d83330e 100644
int ret, status; int ret, status;
const char *name = handler->name; const char *name = handler->name;
struct lxc_conf *conf = handler->conf; struct lxc_conf *conf = handler->conf;
@@ -1901,6 +2543,16 @@ int __lxc_start(struct lxc_handler *handler, struct lxc_operations *ops, @@ -1901,6 +2549,16 @@ int __lxc_start(struct lxc_handler *handler, struct lxc_operations *ops,
handler->daemonize = daemonize; handler->daemonize = daemonize;
cgroup_ops = handler->cgroup_ops; cgroup_ops = handler->cgroup_ops;
@ -1059,7 +1090,7 @@ index fd969c4..d83330e 100644
if (!attach_block_device(handler->conf)) { if (!attach_block_device(handler->conf)) {
ERROR("Failed to attach block device"); ERROR("Failed to attach block device");
ret = -1; ret = -1;
@@ -1959,11 +2611,13 @@ int __lxc_start(struct lxc_handler *handler, struct lxc_operations *ops, @@ -1959,11 +2617,13 @@ int __lxc_start(struct lxc_handler *handler, struct lxc_operations *ops,
goto out_delete_network; goto out_delete_network;
} }
@ -1073,7 +1104,7 @@ index fd969c4..d83330e 100644
status = lxc_wait_for_pid_status(handler->pid); status = lxc_wait_for_pid_status(handler->pid);
if (status < 0) if (status < 0)
@@ -1973,6 +2627,21 @@ int __lxc_start(struct lxc_handler *handler, struct lxc_operations *ops, @@ -1973,6 +2633,21 @@ int __lxc_start(struct lxc_handler *handler, struct lxc_operations *ops,
* reboot. This should mean it was an lxc-execute which simply exited. * reboot. This should mean it was an lxc-execute which simply exited.
* In any case, treat it as a 'halt'. * In any case, treat it as a 'halt'.
*/ */
@ -1095,7 +1126,7 @@ index fd969c4..d83330e 100644
if (WIFSIGNALED(status)) { if (WIFSIGNALED(status)) {
switch(WTERMSIG(status)) { switch(WTERMSIG(status)) {
case SIGINT: /* halt */ case SIGINT: /* halt */
@@ -1990,6 +2659,7 @@ int __lxc_start(struct lxc_handler *handler, struct lxc_operations *ops, @@ -1990,6 +2665,7 @@ int __lxc_start(struct lxc_handler *handler, struct lxc_operations *ops,
break; break;
} }
} }
@ -1103,7 +1134,7 @@ index fd969c4..d83330e 100644
ret = lxc_restore_phys_nics_to_netns(handler); ret = lxc_restore_phys_nics_to_netns(handler);
if (ret < 0) if (ret < 0)
@@ -1997,11 +2667,20 @@ int __lxc_start(struct lxc_handler *handler, struct lxc_operations *ops, @@ -1997,11 +2673,20 @@ int __lxc_start(struct lxc_handler *handler, struct lxc_operations *ops,
close_prot_errno_disarm(handler->pinfd); close_prot_errno_disarm(handler->pinfd);
@ -1124,7 +1155,7 @@ index fd969c4..d83330e 100644
/* These are not the droids you are looking for. */ /* These are not the droids you are looking for. */
__private_goto1: __private_goto1:
lxc_delete_network(handler); lxc_delete_network(handler);
@@ -2032,7 +2711,11 @@ struct start_args { @@ -2032,7 +2717,11 @@ struct start_args {
char *const *argv; char *const *argv;
}; };
@ -1136,7 +1167,7 @@ index fd969c4..d83330e 100644
{ {
struct start_args *arg = data; struct start_args *arg = data;
@@ -2040,6 +2723,9 @@ static int start(struct lxc_handler *handler, void* data) @@ -2040,6 +2729,9 @@ static int start(struct lxc_handler *handler, void* data)
execvp(arg->argv[0], arg->argv); execvp(arg->argv[0], arg->argv);
SYSERROR("Failed to exec \"%s\"", arg->argv[0]); SYSERROR("Failed to exec \"%s\"", arg->argv[0]);
@ -1146,7 +1177,7 @@ index fd969c4..d83330e 100644
return 0; return 0;
} }
@@ -2057,14 +2743,22 @@ static struct lxc_operations start_ops = { @@ -2057,14 +2749,22 @@ static struct lxc_operations start_ops = {
}; };
int lxc_start(char *const argv[], struct lxc_handler *handler, int lxc_start(char *const argv[], struct lxc_handler *handler,
@ -1169,7 +1200,7 @@ index fd969c4..d83330e 100644
} }
static void lxc_destroy_container_on_signal(struct lxc_handler *handler, static void lxc_destroy_container_on_signal(struct lxc_handler *handler,
@@ -2136,3 +2830,261 @@ static bool do_destroy_container(struct lxc_handler *handler) @@ -2136,3 +2836,261 @@ static bool do_destroy_container(struct lxc_handler *handler)
return storage_destroy(handler->conf); return storage_destroy(handler->conf);
} }
@ -1304,7 +1335,7 @@ index fd969c4..d83330e 100644
+ return handler; + return handler;
+ +
+on_error: +on_error:
+ lxc_free_handler(handler); + lxc_put_handler(handler);
+ +
+ return NULL; + return NULL;
+} +}
@ -1355,7 +1386,7 @@ index fd969c4..d83330e 100644
+ return handler; + return handler;
+ +
+on_error: +on_error:
+ lxc_free_handler(handler); + lxc_put_handler(handler);
+ +
+ return NULL; + return NULL;
+} +}
@ -1401,7 +1432,7 @@ index fd969c4..d83330e 100644
+ } + }
+ +
+out: +out:
+ lxc_free_handler(handler); + lxc_put_handler(handler);
+ return ret; + return ret;
+} +}
+ +
@ -1426,7 +1457,7 @@ index fd969c4..d83330e 100644
+ } + }
+ +
+out: +out:
+ lxc_free_handler(handler); + lxc_put_handler(handler);
+ return ret; + return ret;
+} +}
+ +

8
lxc.spec
View File

@ -1,4 +1,4 @@
%global _release 2022072102 %global _release 2022072103
Name: lxc Name: lxc
Version: 4.0.3 Version: 4.0.3
@ -187,6 +187,12 @@ make check
%{_mandir}/*/man7/%{name}* %{_mandir}/*/man7/%{name}*
%changelog %changelog
* Thu Jul 21 2022 zhangxiaoyu<zhangxiaoyu58@huawei.com> - 4.0.3-2022072102
- Type:bugfix
- ID:NA
- SUG:NA
- DESC: fix compile error
* Thu Jul 21 2022 chengzeruizhi<chengzeruizhi@huawei.com> - 4.0.3-2022072101 * Thu Jul 21 2022 chengzeruizhi<chengzeruizhi@huawei.com> - 4.0.3-2022072101
- Type:bugfix - Type:bugfix
- ID:NA - ID:NA