0016-unfreeze-freezing-container-and-bugfix-for-files.lim.patch

@@ -1,228 +0,0 @@
-From 26e0dea1270556b08c37c20da9db229de664dbd1 Mon Sep 17 00:00:00 2001
-From: jikai <jikai11@huawei.com>
-Date: Fri, 23 Feb 2024 17:30:12 +0800
-Subject: [PATCH] unfreeze freezing container and bugfix for files.limit and
- syscontainer
-
-1. container in the freezing state must be unfreeze
-https://gitee.com/src-openeuler/lxc/pulls/498
-
-2. bugfix for files.limit invalid
-should return false if failed to write cgroup.procs after max times,
-or will lead to files.limit invalid
-
-3. run oci-prestart hook before switch root
-In: https://gitee.com/src-openeuler/lxc/pulls/513, we move oci-prestart hook
-after sync_cgroup_limits, for sync_cgroup_limits will write a *:* rwm device rule
-which will lead the device rule we write in oci-prestart hook useless.
-However the modification move oci-prestart hook after change root.
-We restore the changes. Since setup_limits_legacy will do the a *:* rwm write,
-we only ensure that setup_limits_legacy executes before oci-prestart.
-
-Signed-off-by: jikai <jikai11@huawei.com>
----
- src/lxc/cgroups/cgfsng.c |  2 ++
- src/lxc/conf.c           |  6 ++++
- src/lxc/lxccontainer.c   |  7 +++++
- src/lxc/start.c          | 61 +++++++++++++++++++++++++---------------
- src/lxc/sync.c           |  6 ++--
- src/lxc/sync.h           | 10 ++++---
- 6 files changed, 62 insertions(+), 30 deletions(-)
-
-diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
-index 471c281..311bdf7 100644
---- a/src/lxc/cgroups/cgfsng.c
-+++ b/src/lxc/cgroups/cgfsng.c
-@@ -1889,6 +1889,8 @@ retry:
- 				retry_count++;
- 				goto retry;
- 			}
-+			SYSERROR("Failed to enter cgroup \"%s/cgroup.procs\"", h->path_con);
-+			return false;
- 		}
- #else
- 		ret = lxc_writeat(h->dfd_con, "cgroup.procs", pidstr, len);
-diff --git a/src/lxc/conf.c b/src/lxc/conf.c
-index 595e605..9e7f6a2 100644
---- a/src/lxc/conf.c
-+++ b/src/lxc/conf.c
-@@ -4900,6 +4900,12 @@ int lxc_setup(struct lxc_handler *handler)
- 	if (ret < 0)
- 		return log_error(-1, "Failed to setup \"/dev\" symlinks");
- 
-+#ifdef HAVE_ISULAD
-+	/* Ask parent to run oci prestart hooks and wait for him to finish. */
-+	if (!lxc_sync_barrier_parent(handler, START_SYNC_OCI_PRESTART_HOOK)) {
-+		return log_error(-1, "Failed to sync parent to start host hook");
-+	}
-+#endif
- 	ret = lxc_setup_rootfs_switch_root(&lxc_conf->rootfs);
- 	if (ret < 0)
- 		return log_error(-1, "Failed to pivot root into rootfs");
-diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
-index 5720cf7..318b7f5 100644
---- a/src/lxc/lxccontainer.c
-+++ b/src/lxc/lxccontainer.c
-@@ -560,7 +560,14 @@ static bool do_lxcapi_unfreeze(struct lxc_container *c)
- 		return false;
- 
- 	s = lxc_getstate(c->name, c->config_path);
-+#ifdef HAVE_ISULAD
-+	// Prevent lxc from unexpectedly exiting when executing freeze,
-+	// causing the container to be in the FREEZING state,
-+	// making normal life cycle management impossible.
-+	if (s == FROZEN || s == FREEZING) {
-+#else
- 	if (s == FROZEN) {
-+#endif
- 		ret = cgroup_unfreeze(c->name, c->config_path, -1);
- 		if (ret == -ENOCGROUP2)
- 			ret = lxc_unfreeze(c->lxc_conf, c->name, c->config_path);
-diff --git a/src/lxc/start.c b/src/lxc/start.c
-index 0a5cb26..2fea7b0 100644
---- a/src/lxc/start.c
-+++ b/src/lxc/start.c
-@@ -1643,11 +1643,6 @@ static int do_start(void *data)
- 	}
- 
- #ifdef HAVE_ISULAD
--	/* Ask father to run oci prestart hooks and wait for him to finish. */
--	if (!lxc_sync_barrier_parent(handler, START_SYNC_OCI_PRESTART_HOOK)) {
--		return log_error(-1, "Failed to sync parent to start host hook");
--	}
--
- 	/* close pipes after sync fds */
- 	/* isulad: dup2 pipe[0][0] to container stdin, pipe[1][1] to container stdout, pipe[2][1] to container stderr */
- 	if (handler->disable_pty) {
-@@ -2383,7 +2378,9 @@ static int lxc_spawn(struct lxc_handler *handler)
- 		goto out_delete_net;
- 	}
- 
--	if (!lxc_sync_wait_child(handler, START_SYNC_CGROUP_LIMITS))
-+#ifdef HAVE_ISULAD
-+	// OCI prestart hook should run before lxc_setup_rootfs_switch_root.
-+	if (!lxc_sync_wait_child(handler, START_SYNC_OCI_PRESTART_HOOK))
- 		goto out_delete_net;
- 
- 	/*
-@@ -2403,25 +2400,8 @@ static int lxc_spawn(struct lxc_handler *handler)
- 	}
- 	TRACE("Set up cgroup2 device controller limits");
- 
--	cgroup_ops->finalize(cgroup_ops);
--	TRACE("Finished setting up cgroups");
--
--	/* Run any host-side start hooks */
--	ret = run_lxc_hooks(name, "start-host", conf, NULL);
--	if (ret < 0) {
--		ERROR("Failed to run lxc.hook.start-host");
--		goto out_delete_net;
--	}
--
--	if (!lxc_sync_wake_child(handler, START_SYNC_FDS))
--		goto out_delete_net;
--
--#ifdef HAVE_ISULAD
- 	// OCI prestart hook should run after setup_limits_legacy.
- 	// Otherwise 'syscontainer-hooks' write devices rule will be useless.
--	if (!lxc_sync_wait_child(handler, START_SYNC_OCI_PRESTART_HOOK))
--		goto out_delete_net;
--
- 	/* isulad: Run oci prestart hook at here */
- 	ret = run_oci_hooks(name, "oci-prestart", conf, lxcpath);
- 	if (ret < 0) {
-@@ -2442,6 +2422,41 @@ static int lxc_spawn(struct lxc_handler *handler)
- 		goto out_delete_net;
- #endif
- 
-+	if (!lxc_sync_wait_child(handler, START_SYNC_CGROUP_LIMITS))
-+		goto out_delete_net;
-+
-+#ifndef HAVE_ISULAD
-+	/*
-+	 * With isolation the limiting devices cgroup was already setup, so
-+	 * only setup devices here if we have no namespace directory.
-+	 */
-+	if (!handler->conf->cgroup_meta.namespace_dir &&
-+	    !cgroup_ops->setup_limits_legacy(cgroup_ops, handler->conf, true)) {
-+		ERROR("Failed to setup legacy device cgroup controller limits");
-+		goto out_delete_net;
-+	}
-+	TRACE("Set up legacy device cgroup controller limits");
-+
-+	if (!cgroup_ops->devices_activate(cgroup_ops, handler)) {
-+		ERROR("Failed to setup cgroup2 device controller limits");
-+		goto out_delete_net;
-+	}
-+	TRACE("Set up cgroup2 device controller limits");
-+#endif
-+
-+	cgroup_ops->finalize(cgroup_ops);
-+	TRACE("Finished setting up cgroups");
-+
-+	/* Run any host-side start hooks */
-+	ret = run_lxc_hooks(name, "start-host", conf, NULL);
-+	if (ret < 0) {
-+		ERROR("Failed to run lxc.hook.start-host");
-+		goto out_delete_net;
-+	}
-+
-+	if (!lxc_sync_wake_child(handler, START_SYNC_FDS))
-+		goto out_delete_net;
-+
- 	if (handler->ns_unshare_flags & CLONE_NEWCGROUP) {
- 		/* Now we're ready to preserve the cgroup namespace */
- 		ret = lxc_try_preserve_namespace(handler, LXC_NS_CGROUP, "cgroup");
-diff --git a/src/lxc/sync.c b/src/lxc/sync.c
-index f156809..09d932b 100644
---- a/src/lxc/sync.c
-+++ b/src/lxc/sync.c
-@@ -66,16 +66,16 @@ static inline const char *start_sync_to_string(int state)
- 		return "configure";
- 	case START_SYNC_POST_CONFIGURE:
- 		return "post-configure";
--	case START_SYNC_CGROUP_LIMITS:
--		return "cgroup-limits";
- 	case START_SYNC_IDMAPPED_MOUNTS:
- 		return "idmapped-mounts";
--#ifdef HAVE_ISULAd
-+#ifdef HAVE_ISULAD
- 	case START_SYNC_OCI_PRESTART_HOOK:
- 		return "oci-prestart-hook";
- 	case START_SYNC_POST_OCI_PRESTART_HOOK:
- 		return "post-oci-prestart-hook";
- #endif
-+	case START_SYNC_CGROUP_LIMITS:
-+		return "cgroup-limits";
- 	case START_SYNC_FDS:
- 		return "fds";
- 	case START_SYNC_READY_START:
-diff --git a/src/lxc/sync.h b/src/lxc/sync.h
-index b6080dd..6802d32 100644
---- a/src/lxc/sync.h
-+++ b/src/lxc/sync.h
-@@ -20,15 +20,17 @@ enum /* start */ {
- 	START_SYNC_CONFIGURE		=  1,
- 	START_SYNC_POST_CONFIGURE	=  2,
- 	START_SYNC_IDMAPPED_MOUNTS	=  3,
--	START_SYNC_CGROUP_LIMITS	=  4,
--	START_SYNC_FDS			=  5,
- #ifdef HAVE_ISULAD
--	START_SYNC_OCI_PRESTART_HOOK = 6,
--	START_SYNC_POST_OCI_PRESTART_HOOK = 7,
-+	START_SYNC_OCI_PRESTART_HOOK = 4,
-+	START_SYNC_POST_OCI_PRESTART_HOOK = 5,
-+	START_SYNC_CGROUP_LIMITS	=  6,
-+	START_SYNC_FDS			=  7,
- 	START_SYNC_READY_START		=  8,
- 	START_SYNC_RESTART		=  9,
- 	START_SYNC_POST_RESTART		=  10,
- #else
-+	START_SYNC_CGROUP_LIMITS	=  4,
-+	START_SYNC_FDS			=  5,
- 	START_SYNC_READY_START		=  6,
- 	START_SYNC_RESTART		=  7,
- 	START_SYNC_POST_RESTART		=  8,
--- 
-2.33.0
-

0017-fix-error-of-cc.compiles-on-aarch.patch

@@ -1,29 +0,0 @@
-From a65709b18943fd2f5859738c5000f22e07529967 Mon Sep 17 00:00:00 2001
-From: yuncang123 <1050706328@qq.com>
-Date: Sun, 15 Sep 2024 02:06:07 +0800
-Subject: [PATCH] fix-error-of-cc.compiles-on-aarch
-
----
- meson.build | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/meson.build b/meson.build
-index 1b2d673..1b4e369 100644
---- a/meson.build
-+++ b/meson.build
-@@ -538,7 +538,11 @@ int func (void) {
- }
- '''
- 
--have_func_strerror_r_char_p = cc.compiles(code, name : 'strerror_r() returns char *')
-+    if cc.get_id() == 'clang'
-+        have_func_strerror_r_char_p = cc.compiles(code, args : '-Wno-error=unused-command-line-argument', name : 'strerror_r() returns char *')
-+    else
-+        have_func_strerror_r_char_p = cc.compiles(code, name : 'strerror_r() returns char *')
-+    endif
- endif
- 
- srcconf.set10('STRERROR_R_CHAR_P', have_func_strerror_r_char_p)
--- 
-2.43.0
-

0018-add-fPIC-compile-option.patch

@@ -1,25 +0,0 @@
-From 03e6b2afddf816e9931ae0eb463ead33ceaaea98 Mon Sep 17 00:00:00 2001
-From: zhongtao <zhongtao17@huawei.com>
-Date: Wed, 9 Oct 2024 10:12:34 +0800
-Subject: [PATCH] add fPIC compile option
-
-Signed-off-by: zhongtao <zhongtao17@huawei.com>
----
- meson.build | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/meson.build b/meson.build
-index 05bcbb2..2954422 100644
---- a/meson.build
-+++ b/meson.build
-@@ -235,6 +235,7 @@ if want_isulad
-     yajldep = dependency('yajl', version : '>=2')
-     srcconf.set('HAVE_ISULAD', yajldep.found())
-     liblxc_dependencies += yajldep
-+    possible_link_flags += ['-fPIC']
- else
-     srcconf.set('HAVE_ISULAD', false)
- endif
--- 
-2.25.1
-

lxc.spec

@@ -1,5 +1,5 @@
-%global _release 17
+%global _release 12
-%bcond isulad 1
+%global enable_isulad 1
 
 Name:           lxc
 Version:        5.0.2
@@ -24,9 +24,6 @@ Patch0012:	0012-fix-dev-mount-failed-and-skip-send-recv-devpts_fd-if.patch
 Patch0013:	0013-ensure-cpuset-cgroup-built-while-writing-cgroup.proc.patch
 Patch0014:	0014-fix-cpuset-cgroup-error.patch
 Patch0015:	0015-append-mntopt-to-mntdata-if-not-found-in-mount_opt.patch
-Patch0016:	0016-unfreeze-freezing-container-and-bugfix-for-files.lim.patch
-Patch0017: 	0017-fix-error-of-cc.compiles-on-aarch.patch
-Patch0018:	0018-add-fPIC-compile-option.patch
 
 BuildRequires:  systemd-units git libtool graphviz docbook2X doxygen chrpath
 BuildRequires:  pkgconfig(libseccomp)
@@ -90,13 +87,11 @@ This package contains documentation for lxc for creating containers.
 %ifarch riscv64
 export LDFLAGS="%{build_ldflags} -latomic -pthread"
 %endif
-meson setup \
+%if 0%{?enable_isulad}
-    %{?with_isulad:-Disulad=true} \
+meson setup -Disulad=true -Dtests=true -Dprefix=/usr build
-    %{!?with_isulad:-Disulad=false} \
+%else
-%if "%{?toolchain}" == "clang"
+meson setup -Disulad=false -Dtests=true -Dprefix=/usr build
-    -Db_lto=false \
 %endif
-    -Dprefix=/usr build
 meson compile -C build
 
 %install
@@ -197,7 +192,7 @@ meson test -C build
 %{_datadir}/%{name}/config/*
 %dir %{_datadir}/%{name}/__pycache__
 %{_datadir}/%{name}/__pycache__/*
-%if %{without isulad}
+%if !0%{?enable_isulad}
 %{_datadir}/%{name}/hooks
 %endif
 
@@ -216,36 +211,6 @@ meson test -C build
 %endif
 
 %changelog
-* Mon Nov 25 2024 jikai <jikai11@huawei.com> - 5.0.2-17
-- Type: bugfix
-- ID:NA
-- SUG:NA
-- DESC: sync patch from master to add fPIC compile option
-
-* Sun Sep 15 2024 yuanchao <1050706328@qq.com> - 5.0.2-16
-- Type: bugfix
-- ID:NA
-- SUG:NA
-- DESC: fix error of cc.compiles in meson.build on aarch cased by '-fstack-clash-protection' and '-Werror'
-
-* Mon Jul 29 2024 jikai <jikai11@huawei.com> - 5.0.2-15
-- Type: bugfix
-- ID:NA
-- SUG:NA
-- DESC: disable tests while building lxc
-
-* Mon Mar 11 2024 jchzhou <zhoujiacheng@iscas.ac.cn> - 5.0.2-14
-- Type: bugfix
-- ID:NA
-- SUG:NA
-- DESC: update meson parameters for disabling LTO when building with clang & ld.bfd
-
-* Mon Feb 26 2024 jikai<jikai11@huawei.com> - 5.0.2-13
-- Type: bugfix
-- ID:NA
-- SUG:NA
-- DESC: unfreeze freezing container and bugfix for files.limit and syscontainer
-
 * Thu Feb 22 2024 jikai<jikai11@huawei.com> - 5.0.2-12
 - Type: bugfix
 - ID:NA