diff --git a/apply-patch b/apply-patch index c48245f..7ad233d 100755 --- a/apply-patch +++ b/apply-patch @@ -19,7 +19,7 @@ while IPF= read -r line do if [[ "$line" =~ ^patch* ]]; then echo patch -p1 $cwd/$line - patch -p1 < $cwd/$line + cd $src && patch -p1 < $cwd/$line fi done <"$series" diff --git a/git-commit b/git-commit index 258f1f7..92cc7b4 100644 --- a/git-commit +++ b/git-commit @@ -1 +1 @@ -9b47ea11a903817a64b3d14fc8a7b88835bd1a00 +f4036ea04db8cd0df716110b147057209c36ac78 diff --git a/patch/0001-runc-Add-spec-for-euleros.patch b/patch/0001-runc-Add-spec-for-euleros.patch index 864791f..161dc1e 100644 --- a/patch/0001-runc-Add-spec-for-euleros.patch +++ b/patch/0001-runc-Add-spec-for-euleros.patch @@ -1,18 +1,18 @@ -From 0aa433bd4f83b99ed1964d67abbb7fe833d8b78d Mon Sep 17 00:00:00 2001 +From ee228fa3991d1d0008416df61b4bae645adf8e1a Mon Sep 17 00:00:00 2001 From: zhongjiawei -Date: Sat, 8 Oct 2022 15:49:27 +0800 -Subject: [PATCH] runc:Add spec for euleros +Date: Thu, 5 Jan 2023 16:13:12 +0800 +Subject: [PATCH] runc: Add spec for euleros --- - runc-1.1.3/script/runc-euleros.spec | 50 +++++++++++++++++++++++++++++ + script/runc-euleros.spec | 50 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) - create mode 100644 runc-1.1.3/script/runc-euleros.spec + create mode 100644 script/runc-euleros.spec -diff --git a/runc-1.1.3/script/runc-euleros.spec b/runc-1.1.3/script/runc-euleros.spec +diff --git a/script/runc-euleros.spec b/script/runc-euleros.spec new file mode 100644 index 0000000..db4e868 --- /dev/null -+++ b/runc-1.1.3/script/runc-euleros.spec ++++ b/script/runc-euleros.spec @@ -0,0 +1,50 @@ +%global _bindir /usr/local/bin + diff --git a/patch/0002-runc-fix-unittest-and-integration-test-error-caused.patch b/patch/0002-runc-fix-unittest-and-integration-test-error-caused.patch index 1c516ee..3d5f0bd 100644 --- a/patch/0002-runc-fix-unittest-and-integration-test-error-caused.patch +++ b/patch/0002-runc-fix-unittest-and-integration-test-error-caused.patch @@ -1,17 +1,17 @@ -From 3afc90db6eb945e2668b66b1613659bb28e306e1 Mon Sep 17 00:00:00 2001 +From 992170fc8663968692d76db0710ca3fa64de5917 Mon Sep 17 00:00:00 2001 From: zhongjiawei -Date: Sat, 8 Oct 2022 16:23:11 +0800 +Date: Thu, 5 Jan 2023 16:16:57 +0800 Subject: [PATCH] runc:fix unittest and integration test error caused --- - runc-1.1.3/libcontainer/integration/execin_test.go | 8 +------- - runc-1.1.3/tests/integration/exec.bats | 4 ++-- + libcontainer/integration/execin_test.go | 8 +------- + tests/integration/exec.bats | 4 ++-- 2 files changed, 3 insertions(+), 9 deletions(-) -diff --git a/runc-1.1.3/libcontainer/integration/execin_test.go b/runc-1.1.3/libcontainer/integration/execin_test.go +diff --git a/libcontainer/integration/execin_test.go b/libcontainer/integration/execin_test.go index f8a6a9c..9669eca 100644 ---- a/runc-1.1.3/libcontainer/integration/execin_test.go -+++ b/runc-1.1.3/libcontainer/integration/execin_test.go +--- a/libcontainer/integration/execin_test.go ++++ b/libcontainer/integration/execin_test.go @@ -62,9 +62,6 @@ func TestExecIn(t *testing.T) { if !strings.Contains(out, "cat") || !strings.Contains(out, "ps") { t.Fatalf("unexpected running process, output %q", out) @@ -36,10 +36,10 @@ index f8a6a9c..9669eca 100644 } } -diff --git a/runc-1.1.3/tests/integration/exec.bats b/runc-1.1.3/tests/integration/exec.bats +diff --git a/tests/integration/exec.bats b/tests/integration/exec.bats index 140cd18..cd01f00 100644 ---- a/runc-1.1.3/tests/integration/exec.bats -+++ b/runc-1.1.3/tests/integration/exec.bats +--- a/tests/integration/exec.bats ++++ b/tests/integration/exec.bats @@ -101,7 +101,7 @@ function teardown() { runc exec --cwd /bin test_busybox pwd diff --git a/patch/0003-runc-add-timeout-for-syscall.Openat.patch b/patch/0003-runc-add-timeout-for-syscall.Openat.patch index 74584bc..974f8c5 100644 --- a/patch/0003-runc-add-timeout-for-syscall.Openat.patch +++ b/patch/0003-runc-add-timeout-for-syscall.Openat.patch @@ -1,18 +1,16 @@ -From 1bc820d277edc05d145b8729e3a8e343b9d4b529 Mon Sep 17 00:00:00 2001 +From 1c953cdee5aa6c677bef7c7042dbec6fc9ddf172 Mon Sep 17 00:00:00 2001 From: zhongjiawei -Date: Mon, 10 Oct 2022 14:49:30 +0800 +Date: Thu, 5 Jan 2023 16:18:37 +0800 Subject: [PATCH] runc:add timeout for syscall.Openat -Openat will be blocked until the fifo on the other side is opened, but in some -abnomal scenario(e.g. containerd is killed), Openat maybe be blocked all the time. --- - .../libcontainer/standard_init_linux.go | 29 ++++++++++++++----- + libcontainer/standard_init_linux.go | 29 ++++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) -diff --git a/runc-1.1.3/libcontainer/standard_init_linux.go b/runc-1.1.3/libcontainer/standard_init_linux.go +diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index 585a04f..ab553ef 100644 ---- a/runc-1.1.3/libcontainer/standard_init_linux.go -+++ b/runc-1.1.3/libcontainer/standard_init_linux.go +--- a/libcontainer/standard_init_linux.go ++++ b/libcontainer/standard_init_linux.go @@ -6,6 +6,7 @@ import ( "os" "os/exec" diff --git a/patch/0004-runc-update-state-eariler-to-avoid-cgroup-leak-when-.patch b/patch/0004-runc-update-state-eariler-to-avoid-cgroup-leak-when-.patch index 9094fbe..a918e23 100644 --- a/patch/0004-runc-update-state-eariler-to-avoid-cgroup-leak-when-.patch +++ b/patch/0004-runc-update-state-eariler-to-avoid-cgroup-leak-when-.patch @@ -1,6 +1,6 @@ -From 1d9d98ffd7b452087e70d2e2bd62f8827af58a10 Mon Sep 17 00:00:00 2001 +From 88f50537a85aed278be136cd0b3d4664e8c71b5d Mon Sep 17 00:00:00 2001 From: zhongjiawei -Date: Mon, 10 Oct 2022 15:20:13 +0800 +Date: Thu, 5 Jan 2023 16:19:48 +0800 Subject: [PATCH] runc: update state eariler to avoid cgroup leak when process failed @@ -20,15 +20,15 @@ This patch perform state updating right after cgroup applying. so `runc delete` will do the cleaning job Change-Id: I7b247f501986e712a86da3958d1be573af4e84a6 -Signed-off-by: Deng Guangxing +Signed-off-by: Deng Guangxing -Date: Mon, 17 Oct 2022 15:47:24 +0800 +Date: Thu, 5 Jan 2023 16:21:10 +0800 Subject: [PATCH] runc: print cgroup info if cpuset missing occurs --- - runc-1.1.3/libcontainer/cgroups/fs/cpuset.go | 20 ++++++++++++++++++++ + libcontainer/cgroups/fs/cpuset.go | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) -diff --git a/runc-1.1.3/libcontainer/cgroups/fs/cpuset.go b/runc-1.1.3/libcontainer/cgroups/fs/cpuset.go +diff --git a/libcontainer/cgroups/fs/cpuset.go b/libcontainer/cgroups/fs/cpuset.go index 550baa4..341d5dc 100644 ---- a/runc-1.1.3/libcontainer/cgroups/fs/cpuset.go -+++ b/runc-1.1.3/libcontainer/cgroups/fs/cpuset.go +--- a/libcontainer/cgroups/fs/cpuset.go ++++ b/libcontainer/cgroups/fs/cpuset.go @@ -172,6 +172,26 @@ func (s *CpusetGroup) ApplyDir(dir string, r *configs.Resources, pid int) error } diff --git a/patch/0006-runc-add-more-specific-log-for-hooks.patch b/patch/0006-runc-add-more-specific-log-for-hooks.patch index d577478..d5fcfce 100644 --- a/patch/0006-runc-add-more-specific-log-for-hooks.patch +++ b/patch/0006-runc-add-more-specific-log-for-hooks.patch @@ -1,16 +1,16 @@ -From 2d6cea3500b37c854ead44cf557864968903ad21 Mon Sep 17 00:00:00 2001 +From 7cc7be6f85400953208981415d9f46a4db12bbcc Mon Sep 17 00:00:00 2001 From: zhongjiawei -Date: Mon, 17 Oct 2022 16:06:55 +0800 +Date: Thu, 5 Jan 2023 16:22:53 +0800 Subject: [PATCH] runc: add more specific log for hooks --- - runc-1.1.3/libcontainer/configs/config.go | 2 ++ + libcontainer/configs/config.go | 2 ++ 1 file changed, 2 insertions(+) -diff --git a/runc-1.1.3/libcontainer/configs/config.go b/runc-1.1.3/libcontainer/configs/config.go +diff --git a/libcontainer/configs/config.go b/libcontainer/configs/config.go index c1b4a00..72910ff 100644 ---- a/runc-1.1.3/libcontainer/configs/config.go -+++ b/runc-1.1.3/libcontainer/configs/config.go +--- a/libcontainer/configs/config.go ++++ b/libcontainer/configs/config.go @@ -279,9 +279,11 @@ type Capabilities struct { func (hooks HookList) RunHooks(state *specs.State) error { diff --git a/patch/0007-runc-reduce-max-number-of-retries-to-10.patch b/patch/0007-runc-reduce-max-number-of-retries-to-10.patch index 813fcb0..43c1ad5 100644 --- a/patch/0007-runc-reduce-max-number-of-retries-to-10.patch +++ b/patch/0007-runc-reduce-max-number-of-retries-to-10.patch @@ -1,19 +1,19 @@ -From dfbe86042987a6f5c14c589668183f37d2ecac91 Mon Sep 17 00:00:00 2001 +From 68d83f90cbca399aa4797b8d63eaa1fa35b1ad30 Mon Sep 17 00:00:00 2001 From: zhongjiawei -Date: Mon, 17 Oct 2022 16:21:01 +0800 +Date: Thu, 5 Jan 2023 16:24:00 +0800 Subject: [PATCH] runc: reduce max number of retries to 10 [Changelog]:when killing containers in D state, now runc will do 100 retries, which leads that containerd blocks for 10 seconds. [Author]:Ruilin Li --- - runc-1.1.3/delete.go | 4 ++-- + delete.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -diff --git a/runc-1.1.3/delete.go b/runc-1.1.3/delete.go +diff --git a/delete.go b/delete.go index 746b0df..799c2a7 100644 ---- a/runc-1.1.3/delete.go -+++ b/runc-1.1.3/delete.go +--- a/delete.go ++++ b/delete.go @@ -14,8 +14,8 @@ import ( ) diff --git a/patch/0008-runc-print-error-message-during-start-into-container.patch b/patch/0008-runc-print-error-message-during-start-into-container.patch index 880f22f..77f5301 100644 --- a/patch/0008-runc-print-error-message-during-start-into-container.patch +++ b/patch/0008-runc-print-error-message-during-start-into-container.patch @@ -1,16 +1,16 @@ -From 199c22b2e5188acee4b38a373ab3e4cf978c7f94 Mon Sep 17 00:00:00 2001 +From 8a337b8a40bf15bc25770cc5a853e962a96435c0 Mon Sep 17 00:00:00 2001 From: zhongjiawei -Date: Mon, 17 Oct 2022 16:26:48 +0800 +Date: Thu, 5 Jan 2023 16:24:53 +0800 Subject: [PATCH] runc: print error message during start into container log --- - runc-1.1.3/init.go | 2 ++ + init.go | 2 ++ 1 file changed, 2 insertions(+) -diff --git a/runc-1.1.3/init.go b/runc-1.1.3/init.go +diff --git a/init.go b/init.go index bddc237..a0520b5 100644 ---- a/runc-1.1.3/init.go -+++ b/runc-1.1.3/init.go +--- a/init.go ++++ b/init.go @@ -1,6 +1,7 @@ package main diff --git a/patch/0009-runc-ignore-exec.fifo-removing-not-exist-error.patch b/patch/0009-runc-ignore-exec.fifo-removing-not-exist-error.patch index 5c882da..f29b01b 100644 --- a/patch/0009-runc-ignore-exec.fifo-removing-not-exist-error.patch +++ b/patch/0009-runc-ignore-exec.fifo-removing-not-exist-error.patch @@ -1,16 +1,16 @@ -From 13e4ce1748fbf311c01238e03f9314b2c2b4777e Mon Sep 17 00:00:00 2001 +From 4e44d5c41ff9d97fdae4e0951ef1d461e07e84ad Mon Sep 17 00:00:00 2001 From: zhongjiawei -Date: Mon, 17 Oct 2022 16:33:33 +0800 +Date: Thu, 5 Jan 2023 16:25:57 +0800 Subject: [PATCH] runc: ignore exec.fifo removing not exist error --- - runc-1.1.3/libcontainer/container_linux.go | 5 ++++- + libcontainer/container_linux.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) -diff --git a/runc-1.1.3/libcontainer/container_linux.go b/runc-1.1.3/libcontainer/container_linux.go +diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 9df830d..6b68a0e 100644 ---- a/runc-1.1.3/libcontainer/container_linux.go -+++ b/runc-1.1.3/libcontainer/container_linux.go +--- a/libcontainer/container_linux.go ++++ b/libcontainer/container_linux.go @@ -325,7 +325,10 @@ func handleFifoResult(result openResult) error { if err := readFromExecFifo(f); err != nil { return err diff --git a/patch/0010-runc-Add-file-fds-limit.patch b/patch/0010-runc-Add-file-fds-limit.patch index ad1bb8e..af730ca 100644 --- a/patch/0010-runc-Add-file-fds-limit.patch +++ b/patch/0010-runc-Add-file-fds-limit.patch @@ -1,25 +1,25 @@ -From ebee018ddc5b1d1d9d5484fb2db40123599eb4e8 Mon Sep 17 00:00:00 2001 +From 75bed4f00f31595800cb30d176656b381bfa646b Mon Sep 17 00:00:00 2001 From: zhongjiawei -Date: Mon, 17 Oct 2022 17:54:20 +0800 +Date: Thu, 5 Jan 2023 16:27:05 +0800 Subject: [PATCH] runc:Add file fds limit --- - runc-1.1.3/events.go | 3 + - runc-1.1.3/libcontainer/cgroups/fs/files.go | 79 +++++++++++++++++++ - runc-1.1.3/libcontainer/cgroups/fs/fs.go | 1 + - runc-1.1.3/libcontainer/cgroups/stats.go | 8 ++ - runc-1.1.3/libcontainer/cgroups/systemd/v1.go | 1 + - .../libcontainer/configs/cgroup_linux.go | 3 + - .../libcontainer/specconv/spec_linux.go | 4 + - runc-1.1.3/types/events.go | 6 ++ + events.go | 3 + + libcontainer/cgroups/fs/files.go | 79 +++++++++++++++++++ + libcontainer/cgroups/fs/fs.go | 1 + + libcontainer/cgroups/stats.go | 8 ++ + libcontainer/cgroups/systemd/v1.go | 1 + + libcontainer/configs/cgroup_linux.go | 3 + + libcontainer/specconv/spec_linux.go | 4 + + types/events.go | 6 ++ .../runtime-spec/specs-go/config.go | 8 ++ 9 files changed, 113 insertions(+) - create mode 100644 runc-1.1.3/libcontainer/cgroups/fs/files.go + create mode 100644 libcontainer/cgroups/fs/files.go -diff --git a/runc-1.1.3/events.go b/runc-1.1.3/events.go +diff --git a/events.go b/events.go index 6cdc01c..94712e3 100644 ---- a/runc-1.1.3/events.go -+++ b/runc-1.1.3/events.go +--- a/events.go ++++ b/events.go @@ -120,6 +120,9 @@ func convertLibcontainerStats(ls *libcontainer.Stats) *types.Stats { s.Pids.Current = cg.PidsStats.Current s.Pids.Limit = cg.PidsStats.Limit @@ -30,11 +30,11 @@ index 6cdc01c..94712e3 100644 s.CPU.Usage.Kernel = cg.CpuStats.CpuUsage.UsageInKernelmode s.CPU.Usage.User = cg.CpuStats.CpuUsage.UsageInUsermode s.CPU.Usage.Total = cg.CpuStats.CpuUsage.TotalUsage -diff --git a/runc-1.1.3/libcontainer/cgroups/fs/files.go b/runc-1.1.3/libcontainer/cgroups/fs/files.go +diff --git a/libcontainer/cgroups/fs/files.go b/libcontainer/cgroups/fs/files.go new file mode 100644 index 0000000..3315cda --- /dev/null -+++ b/runc-1.1.3/libcontainer/cgroups/fs/files.go ++++ b/libcontainer/cgroups/fs/files.go @@ -0,0 +1,79 @@ +/* +Copyright (c) Huawei Technologies Co., Ltd. 2017-2019. All rights reserved. @@ -115,10 +115,10 @@ index 0000000..3315cda + stats.FilesStats.Limit = max + return nil +} -diff --git a/runc-1.1.3/libcontainer/cgroups/fs/fs.go b/runc-1.1.3/libcontainer/cgroups/fs/fs.go +diff --git a/libcontainer/cgroups/fs/fs.go b/libcontainer/cgroups/fs/fs.go index fb4fcc7..59b6dff 100644 ---- a/runc-1.1.3/libcontainer/cgroups/fs/fs.go -+++ b/runc-1.1.3/libcontainer/cgroups/fs/fs.go +--- a/libcontainer/cgroups/fs/fs.go ++++ b/libcontainer/cgroups/fs/fs.go @@ -20,6 +20,7 @@ var subsystems = []subsystem{ &CpuGroup{}, &CpuacctGroup{}, @@ -127,10 +127,10 @@ index fb4fcc7..59b6dff 100644 &BlkioGroup{}, &HugetlbGroup{}, &NetClsGroup{}, -diff --git a/runc-1.1.3/libcontainer/cgroups/stats.go b/runc-1.1.3/libcontainer/cgroups/stats.go +diff --git a/libcontainer/cgroups/stats.go b/libcontainer/cgroups/stats.go index 40a81dd..8f1d4ce 100644 ---- a/runc-1.1.3/libcontainer/cgroups/stats.go -+++ b/runc-1.1.3/libcontainer/cgroups/stats.go +--- a/libcontainer/cgroups/stats.go ++++ b/libcontainer/cgroups/stats.go @@ -116,6 +116,13 @@ type PidsStats struct { Limit uint64 `json:"limit,omitempty"` } @@ -153,10 +153,10 @@ index 40a81dd..8f1d4ce 100644 BlkioStats BlkioStats `json:"blkio_stats,omitempty"` // the map is in the format "size of hugepage: stats of the hugepage" HugetlbStats map[string]HugetlbStats `json:"hugetlb_stats,omitempty"` -diff --git a/runc-1.1.3/libcontainer/cgroups/systemd/v1.go b/runc-1.1.3/libcontainer/cgroups/systemd/v1.go +diff --git a/libcontainer/cgroups/systemd/v1.go b/libcontainer/cgroups/systemd/v1.go index a74a05a..19d1099 100644 ---- a/runc-1.1.3/libcontainer/cgroups/systemd/v1.go -+++ b/runc-1.1.3/libcontainer/cgroups/systemd/v1.go +--- a/libcontainer/cgroups/systemd/v1.go ++++ b/libcontainer/cgroups/systemd/v1.go @@ -63,6 +63,7 @@ var legacySubsystems = []subsystem{ &fs.CpuGroup{}, &fs.CpuacctGroup{}, @@ -165,10 +165,10 @@ index a74a05a..19d1099 100644 &fs.BlkioGroup{}, &fs.HugetlbGroup{}, &fs.PerfEventGroup{}, -diff --git a/runc-1.1.3/libcontainer/configs/cgroup_linux.go b/runc-1.1.3/libcontainer/configs/cgroup_linux.go +diff --git a/libcontainer/configs/cgroup_linux.go b/libcontainer/configs/cgroup_linux.go index 2d4a898..8cbc154 100644 ---- a/runc-1.1.3/libcontainer/configs/cgroup_linux.go -+++ b/runc-1.1.3/libcontainer/configs/cgroup_linux.go +--- a/libcontainer/configs/cgroup_linux.go ++++ b/libcontainer/configs/cgroup_linux.go @@ -87,6 +87,9 @@ type Resources struct { // Process limit; set <= `0' to disable limit. PidsLimit int64 `json:"pids_limit"` @@ -179,10 +179,10 @@ index 2d4a898..8cbc154 100644 // Specifies per cgroup weight, range is from 10 to 1000. BlkioWeight uint16 `json:"blkio_weight"` -diff --git a/runc-1.1.3/libcontainer/specconv/spec_linux.go b/runc-1.1.3/libcontainer/specconv/spec_linux.go +diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index c7ca4c8..19dd947 100644 ---- a/runc-1.1.3/libcontainer/specconv/spec_linux.go -+++ b/runc-1.1.3/libcontainer/specconv/spec_linux.go +--- a/libcontainer/specconv/spec_linux.go ++++ b/libcontainer/specconv/spec_linux.go @@ -747,6 +747,10 @@ func CreateCgroupConfig(opts *CreateOpts, defaultDevs []*devices.Device) (*confi if r.Pids != nil { c.Resources.PidsLimit = r.Pids.Limit @@ -194,10 +194,10 @@ index c7ca4c8..19dd947 100644 if r.BlockIO != nil { if r.BlockIO.Weight != nil { c.Resources.BlkioWeight = *r.BlockIO.Weight -diff --git a/runc-1.1.3/types/events.go b/runc-1.1.3/types/events.go +diff --git a/types/events.go b/types/events.go index 81bde82..1fdff8f 100644 ---- a/runc-1.1.3/types/events.go -+++ b/runc-1.1.3/types/events.go +--- a/types/events.go ++++ b/types/events.go @@ -15,6 +15,7 @@ type Stats struct { CPUSet CPUSet `json:"cpuset"` Memory Memory `json:"memory"` @@ -218,10 +218,10 @@ index 81bde82..1fdff8f 100644 type Throttling struct { Periods uint64 `json:"periods,omitempty"` ThrottledPeriods uint64 `json:"throttledPeriods,omitempty"` -diff --git a/runc-1.1.3/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go b/runc-1.1.3/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go +diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go index 6a7a91e..e8143b2 100644 ---- a/runc-1.1.3/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go -+++ b/runc-1.1.3/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go +--- a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go ++++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go @@ -336,6 +336,12 @@ type LinuxPids struct { Limit int64 `json:"limit"` } diff --git a/patch/0011-runc-logs-forwarding-to-syslog.patch b/patch/0011-runc-logs-forwarding-to-syslog.patch index 8832fad..04bb88e 100644 --- a/patch/0011-runc-logs-forwarding-to-syslog.patch +++ b/patch/0011-runc-logs-forwarding-to-syslog.patch @@ -1,23 +1,14 @@ -From 658fb594136222061ad4653cbb540eeade7e5ddc Mon Sep 17 00:00:00 2001 -From: zhong-jiawei-1 -Date: Tue, 18 Oct 2022 16:33:41 +0800 +From 3cea048a118096974936bf35c793075eabe830df Mon Sep 17 00:00:00 2001 +From: zhongjiawei +Date: Thu, 5 Jan 2023 16:28:12 +0800 Subject: [PATCH] runc: runc logs forwarding to syslog -reason:runc logs forwarding to syslog and using the config "--log-level" to control the number of logs - -Change-Id: Ia93f6f5c56131ea8558c4b7b7e5c4bec827a1bad - -Conflicts: - libcontainer/container_linux.go - libcontainer/process_linux.go - libcontainer/state_linux.go - --- - runc-1.1.3/create.go | 2 +- - runc-1.1.3/libcontainer/configs/config.go | 70 +++++++++--- - runc-1.1.3/libcontainer/container_linux.go | 2 +- - runc-1.1.3/main.go | 20 ++++ - .../github.com/sirupsen/logrus/Checklist | 1 + + create.go | 2 +- + libcontainer/configs/config.go | 70 +++++++++--- + libcontainer/container_linux.go | 2 +- + main.go | 20 ++++ + vendor/github.com/sirupsen/logrus/Checklist | 1 + .../logrus/hooks/airbrake/airbrake.go | 54 ++++++++++ .../sirupsen/logrus/hooks/bugsnag/bugsnag.go | 68 ++++++++++++ .../logrus/hooks/papertrail/README.md | 28 +++++ @@ -27,20 +18,20 @@ Conflicts: .../sirupsen/logrus/hooks/syslog/README.md | 20 ++++ .../sirupsen/logrus/hooks/syslog/syslog.go | 59 +++++++++++ 13 files changed, 523 insertions(+), 17 deletions(-) - create mode 100644 runc-1.1.3/vendor/github.com/sirupsen/logrus/Checklist - create mode 100644 runc-1.1.3/vendor/github.com/sirupsen/logrus/hooks/airbrake/airbrake.go - create mode 100644 runc-1.1.3/vendor/github.com/sirupsen/logrus/hooks/bugsnag/bugsnag.go - create mode 100644 runc-1.1.3/vendor/github.com/sirupsen/logrus/hooks/papertrail/README.md - create mode 100644 runc-1.1.3/vendor/github.com/sirupsen/logrus/hooks/papertrail/papertrail.go - create mode 100644 runc-1.1.3/vendor/github.com/sirupsen/logrus/hooks/sentry/README.md - create mode 100644 runc-1.1.3/vendor/github.com/sirupsen/logrus/hooks/sentry/sentry.go - create mode 100644 runc-1.1.3/vendor/github.com/sirupsen/logrus/hooks/syslog/README.md - create mode 100644 runc-1.1.3/vendor/github.com/sirupsen/logrus/hooks/syslog/syslog.go + create mode 100644 vendor/github.com/sirupsen/logrus/Checklist + create mode 100644 vendor/github.com/sirupsen/logrus/hooks/airbrake/airbrake.go + create mode 100644 vendor/github.com/sirupsen/logrus/hooks/bugsnag/bugsnag.go + create mode 100644 vendor/github.com/sirupsen/logrus/hooks/papertrail/README.md + create mode 100644 vendor/github.com/sirupsen/logrus/hooks/papertrail/papertrail.go + create mode 100644 vendor/github.com/sirupsen/logrus/hooks/sentry/README.md + create mode 100644 vendor/github.com/sirupsen/logrus/hooks/sentry/sentry.go + create mode 100644 vendor/github.com/sirupsen/logrus/hooks/syslog/README.md + create mode 100644 vendor/github.com/sirupsen/logrus/hooks/syslog/syslog.go -diff --git a/runc-1.1.3/create.go b/runc-1.1.3/create.go +diff --git a/create.go b/create.go index 97854b8..46ef1ef 100644 ---- a/runc-1.1.3/create.go -+++ b/runc-1.1.3/create.go +--- a/create.go ++++ b/create.go @@ -2,9 +2,9 @@ package main import ( @@ -52,10 +43,10 @@ index 97854b8..46ef1ef 100644 ) var createCommand = cli.Command{ -diff --git a/runc-1.1.3/libcontainer/configs/config.go b/runc-1.1.3/libcontainer/configs/config.go +diff --git a/libcontainer/configs/config.go b/libcontainer/configs/config.go index 72910ff..9076846 100644 ---- a/runc-1.1.3/libcontainer/configs/config.go -+++ b/runc-1.1.3/libcontainer/configs/config.go +--- a/libcontainer/configs/config.go ++++ b/libcontainer/configs/config.go @@ -4,15 +4,22 @@ import ( "bytes" "encoding/json" @@ -169,10 +160,10 @@ index 72910ff..9076846 100644 + } } } -diff --git a/runc-1.1.3/libcontainer/container_linux.go b/runc-1.1.3/libcontainer/container_linux.go +diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 6b68a0e..425e44d 100644 ---- a/runc-1.1.3/libcontainer/container_linux.go -+++ b/runc-1.1.3/libcontainer/container_linux.go +--- a/libcontainer/container_linux.go ++++ b/libcontainer/container_linux.go @@ -368,7 +368,7 @@ func (c *linuxContainer) start(process *Process) (retErr error) { if err := c.config.Hooks[configs.Poststart].RunHooks(s); err != nil { @@ -182,10 +173,10 @@ index 6b68a0e..425e44d 100644 } return err } -diff --git a/runc-1.1.3/main.go b/runc-1.1.3/main.go +diff --git a/main.go b/main.go index 4d66638..9e14976 100644 ---- a/runc-1.1.3/main.go -+++ b/runc-1.1.3/main.go +--- a/main.go ++++ b/main.go @@ -100,6 +100,10 @@ func main() { Value: root, Usage: "root directory for storage of container state (this should be located in tmpfs)", @@ -221,18 +212,18 @@ index 4d66638..9e14976 100644 + } return nil } -diff --git a/runc-1.1.3/vendor/github.com/sirupsen/logrus/Checklist b/runc-1.1.3/vendor/github.com/sirupsen/logrus/Checklist +diff --git a/vendor/github.com/sirupsen/logrus/Checklist b/vendor/github.com/sirupsen/logrus/Checklist new file mode 100644 index 0000000..7117b24 --- /dev/null -+++ b/runc-1.1.3/vendor/github.com/sirupsen/logrus/Checklist ++++ b/vendor/github.com/sirupsen/logrus/Checklist @@ -0,0 +1 @@ +imported from runc v1.0.0-Release Candidate 2: Godeps/_workspace/src/github.com/Sirupsen/logrus/hooks -diff --git a/runc-1.1.3/vendor/github.com/sirupsen/logrus/hooks/airbrake/airbrake.go b/runc-1.1.3/vendor/github.com/sirupsen/logrus/hooks/airbrake/airbrake.go +diff --git a/vendor/github.com/sirupsen/logrus/hooks/airbrake/airbrake.go b/vendor/github.com/sirupsen/logrus/hooks/airbrake/airbrake.go new file mode 100644 index 0000000..b0502c3 --- /dev/null -+++ b/runc-1.1.3/vendor/github.com/sirupsen/logrus/hooks/airbrake/airbrake.go ++++ b/vendor/github.com/sirupsen/logrus/hooks/airbrake/airbrake.go @@ -0,0 +1,54 @@ +package airbrake + @@ -288,11 +279,11 @@ index 0000000..b0502c3 + logrus.PanicLevel, + } +} -diff --git a/runc-1.1.3/vendor/github.com/sirupsen/logrus/hooks/bugsnag/bugsnag.go b/runc-1.1.3/vendor/github.com/sirupsen/logrus/hooks/bugsnag/bugsnag.go +diff --git a/vendor/github.com/sirupsen/logrus/hooks/bugsnag/bugsnag.go b/vendor/github.com/sirupsen/logrus/hooks/bugsnag/bugsnag.go new file mode 100644 index 0000000..d20a0f5 --- /dev/null -+++ b/runc-1.1.3/vendor/github.com/sirupsen/logrus/hooks/bugsnag/bugsnag.go ++++ b/vendor/github.com/sirupsen/logrus/hooks/bugsnag/bugsnag.go @@ -0,0 +1,68 @@ +package logrus_bugsnag + @@ -362,11 +353,11 @@ index 0000000..d20a0f5 + logrus.PanicLevel, + } +} -diff --git a/runc-1.1.3/vendor/github.com/sirupsen/logrus/hooks/papertrail/README.md b/runc-1.1.3/vendor/github.com/sirupsen/logrus/hooks/papertrail/README.md +diff --git a/vendor/github.com/sirupsen/logrus/hooks/papertrail/README.md b/vendor/github.com/sirupsen/logrus/hooks/papertrail/README.md new file mode 100644 index 0000000..ae61e92 --- /dev/null -+++ b/runc-1.1.3/vendor/github.com/sirupsen/logrus/hooks/papertrail/README.md ++++ b/vendor/github.com/sirupsen/logrus/hooks/papertrail/README.md @@ -0,0 +1,28 @@ +# Papertrail Hook for Logrus :walrus: + @@ -396,11 +387,11 @@ index 0000000..ae61e92 + } +} +``` -diff --git a/runc-1.1.3/vendor/github.com/sirupsen/logrus/hooks/papertrail/papertrail.go b/runc-1.1.3/vendor/github.com/sirupsen/logrus/hooks/papertrail/papertrail.go +diff --git a/vendor/github.com/sirupsen/logrus/hooks/papertrail/papertrail.go b/vendor/github.com/sirupsen/logrus/hooks/papertrail/papertrail.go new file mode 100644 index 0000000..c0f10c1 --- /dev/null -+++ b/runc-1.1.3/vendor/github.com/sirupsen/logrus/hooks/papertrail/papertrail.go ++++ b/vendor/github.com/sirupsen/logrus/hooks/papertrail/papertrail.go @@ -0,0 +1,55 @@ +package logrus_papertrail + @@ -457,11 +448,11 @@ index 0000000..c0f10c1 + logrus.DebugLevel, + } +} -diff --git a/runc-1.1.3/vendor/github.com/sirupsen/logrus/hooks/sentry/README.md b/runc-1.1.3/vendor/github.com/sirupsen/logrus/hooks/sentry/README.md +diff --git a/vendor/github.com/sirupsen/logrus/hooks/sentry/README.md b/vendor/github.com/sirupsen/logrus/hooks/sentry/README.md new file mode 100644 index 0000000..19e58bb --- /dev/null -+++ b/runc-1.1.3/vendor/github.com/sirupsen/logrus/hooks/sentry/README.md ++++ b/vendor/github.com/sirupsen/logrus/hooks/sentry/README.md @@ -0,0 +1,61 @@ +# Sentry Hook for Logrus :walrus: + @@ -524,11 +515,11 @@ index 0000000..19e58bb +hook, _ := logrus_sentry.NewSentryHook(...) +hook.Timeout = 20*time.Second +``` -diff --git a/runc-1.1.3/vendor/github.com/sirupsen/logrus/hooks/sentry/sentry.go b/runc-1.1.3/vendor/github.com/sirupsen/logrus/hooks/sentry/sentry.go +diff --git a/vendor/github.com/sirupsen/logrus/hooks/sentry/sentry.go b/vendor/github.com/sirupsen/logrus/hooks/sentry/sentry.go new file mode 100644 index 0000000..379f281 --- /dev/null -+++ b/runc-1.1.3/vendor/github.com/sirupsen/logrus/hooks/sentry/sentry.go ++++ b/vendor/github.com/sirupsen/logrus/hooks/sentry/sentry.go @@ -0,0 +1,100 @@ +package logrus_sentry + @@ -630,11 +621,11 @@ index 0000000..379f281 +func (hook *SentryHook) Levels() []logrus.Level { + return hook.levels +} -diff --git a/runc-1.1.3/vendor/github.com/sirupsen/logrus/hooks/syslog/README.md b/runc-1.1.3/vendor/github.com/sirupsen/logrus/hooks/syslog/README.md +diff --git a/vendor/github.com/sirupsen/logrus/hooks/syslog/README.md b/vendor/github.com/sirupsen/logrus/hooks/syslog/README.md new file mode 100644 index 0000000..4dbb8e7 --- /dev/null -+++ b/runc-1.1.3/vendor/github.com/sirupsen/logrus/hooks/syslog/README.md ++++ b/vendor/github.com/sirupsen/logrus/hooks/syslog/README.md @@ -0,0 +1,20 @@ +# Syslog Hooks for Logrus :walrus: + @@ -656,11 +647,11 @@ index 0000000..4dbb8e7 + } +} +``` -diff --git a/runc-1.1.3/vendor/github.com/sirupsen/logrus/hooks/syslog/syslog.go b/runc-1.1.3/vendor/github.com/sirupsen/logrus/hooks/syslog/syslog.go +diff --git a/vendor/github.com/sirupsen/logrus/hooks/syslog/syslog.go b/vendor/github.com/sirupsen/logrus/hooks/syslog/syslog.go new file mode 100644 index 0000000..b6fa374 --- /dev/null -+++ b/runc-1.1.3/vendor/github.com/sirupsen/logrus/hooks/syslog/syslog.go ++++ b/vendor/github.com/sirupsen/logrus/hooks/syslog/syslog.go @@ -0,0 +1,59 @@ +package logrus_syslog + diff --git a/patch/0012-runc-support-namespaced-kernel-params-can-be-changed.patch b/patch/0012-runc-support-namespaced-kernel-params-can-be-changed.patch index 989407b..bf6662e 100644 --- a/patch/0012-runc-support-namespaced-kernel-params-can-be-changed.patch +++ b/patch/0012-runc-support-namespaced-kernel-params-can-be-changed.patch @@ -1,18 +1,19 @@ -From eda4f5b5bcf9ca36a2ba3250b366ad1fb4bab28c Mon Sep 17 00:00:00 2001 -From: zhong-jiawei-1 -Date: Tue, 18 Oct 2022 17:18:47 +0800 +From 0e2bc1f9d2dffe3cf2c678d88855faffc122b1c5 Mon Sep 17 00:00:00 2001 +From: zhongjiawei +Date: Thu, 5 Jan 2023 16:29:06 +0800 Subject: [PATCH] runc:support namespaced kernel params can be changed in system container +Signed-off-by: zhongjiawei --- - runc-1.1.3/libcontainer/rootfs_linux.go | 26 +++++++++++++++++++ - .../libcontainer/standard_init_linux.go | 7 +++++ + libcontainer/rootfs_linux.go | 26 ++++++++++++++++++++++++++ + libcontainer/standard_init_linux.go | 7 +++++++ 2 files changed, 33 insertions(+) -diff --git a/runc-1.1.3/libcontainer/rootfs_linux.go b/runc-1.1.3/libcontainer/rootfs_linux.go +diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 3cfd2bf..4dbe9f4 100644 ---- a/runc-1.1.3/libcontainer/rootfs_linux.go -+++ b/runc-1.1.3/libcontainer/rootfs_linux.go +--- a/libcontainer/rootfs_linux.go ++++ b/libcontainer/rootfs_linux.go @@ -417,6 +417,9 @@ func mountToRootfs(m *configs.Mount, c *mountConfig) error { } else if fi.Mode()&os.ModeDir == 0 { return fmt.Errorf("filesystem %q must be mounted on ordinary directory", m.Device) @@ -53,10 +54,10 @@ index 3cfd2bf..4dbe9f4 100644 // remountReadonly will remount an existing mount point and ensure that it is read-only. func remountReadonly(m *configs.Mount) error { var ( -diff --git a/runc-1.1.3/libcontainer/standard_init_linux.go b/runc-1.1.3/libcontainer/standard_init_linux.go +diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index ab553ef..0dd51b2 100644 ---- a/runc-1.1.3/libcontainer/standard_init_linux.go -+++ b/runc-1.1.3/libcontainer/standard_init_linux.go +--- a/libcontainer/standard_init_linux.go ++++ b/libcontainer/standard_init_linux.go @@ -141,6 +141,13 @@ func (l *linuxStandardInit) Init() error { return fmt.Errorf("can't make %q read-only: %w", path, err) } diff --git a/patch/0013-runc-modify-minHookTimeOut.patch b/patch/0013-runc-modify-minHookTimeOut.patch index 1b26d70..05af88b 100644 --- a/patch/0013-runc-modify-minHookTimeOut.patch +++ b/patch/0013-runc-modify-minHookTimeOut.patch @@ -1,16 +1,16 @@ -From b8495e4a88faa18a3851235b9b2431164826cc3f Mon Sep 17 00:00:00 2001 -From: zhong-jiawei-1 -Date: Fri, 21 Oct 2022 15:37:47 +0800 +From 845b54fcaa8cd843034479b2019eaa9ee5faaf75 Mon Sep 17 00:00:00 2001 +From: zhongjiawei +Date: Thu, 5 Jan 2023 16:30:36 +0800 Subject: [PATCH] runc: modify minHookTimeOut --- - runc-1.1.3/libcontainer/configs/config.go | 2 +- + libcontainer/configs/config.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/runc-1.1.3/libcontainer/configs/config.go b/runc-1.1.3/libcontainer/configs/config.go +diff --git a/libcontainer/configs/config.go b/libcontainer/configs/config.go index 9076846..540bcdb 100644 ---- a/runc-1.1.3/libcontainer/configs/config.go -+++ b/runc-1.1.3/libcontainer/configs/config.go +--- a/libcontainer/configs/config.go ++++ b/libcontainer/configs/config.go @@ -12,7 +12,7 @@ import ( ) diff --git a/patch/0014-runc-make-hooks-log-more-userful-and-fix-syslog-hook.patch b/patch/0014-runc-make-hooks-log-more-userful-and-fix-syslog-hook.patch index f82c4ed..c7931bc 100644 --- a/patch/0014-runc-make-hooks-log-more-userful-and-fix-syslog-hook.patch +++ b/patch/0014-runc-make-hooks-log-more-userful-and-fix-syslog-hook.patch @@ -1,17 +1,17 @@ -From 60b8eb8bd890a96c671f31cc9cda9e5cb9d487f1 Mon Sep 17 00:00:00 2001 -From: zhong-jiawei-1 -Date: Fri, 21 Oct 2022 16:30:02 +0800 +From 8b5360bd401a33f5c637710fc5c545c8facb6b20 Mon Sep 17 00:00:00 2001 +From: zhongjiawei +Date: Thu, 5 Jan 2023 16:31:33 +0800 Subject: [PATCH] runc:make hooks log more userful and fix syslog hook bug --- - runc-1.1.3/libcontainer/configs/config.go | 17 ++++++++++++++--- - runc-1.1.3/main.go | 5 ++++- + libcontainer/configs/config.go | 17 ++++++++++++++--- + main.go | 5 ++++- 2 files changed, 18 insertions(+), 4 deletions(-) -diff --git a/runc-1.1.3/libcontainer/configs/config.go b/runc-1.1.3/libcontainer/configs/config.go +diff --git a/libcontainer/configs/config.go b/libcontainer/configs/config.go index 540bcdb..cda79bf 100644 ---- a/runc-1.1.3/libcontainer/configs/config.go -+++ b/runc-1.1.3/libcontainer/configs/config.go +--- a/libcontainer/configs/config.go ++++ b/libcontainer/configs/config.go @@ -8,6 +8,7 @@ import ( "github.com/opencontainers/runc/libcontainer/devices" "github.com/opencontainers/runtime-spec/specs-go" @@ -66,10 +66,10 @@ index 540bcdb..cda79bf 100644 func (c Command) Run(s *specs.State) error { b, err := json.Marshal(s) if err != nil { -diff --git a/runc-1.1.3/main.go b/runc-1.1.3/main.go +diff --git a/main.go b/main.go index 9e14976..0a6f3b4 100644 ---- a/runc-1.1.3/main.go -+++ b/runc-1.1.3/main.go +--- a/main.go ++++ b/main.go @@ -4,6 +4,7 @@ import ( "errors" "fmt" diff --git a/patch/0015-runc-fix-runc-log-decode-failed.patch b/patch/0015-runc-fix-runc-log-decode-failed.patch index d551126..11377cb 100644 --- a/patch/0015-runc-fix-runc-log-decode-failed.patch +++ b/patch/0015-runc-fix-runc-log-decode-failed.patch @@ -1,16 +1,16 @@ -From c940ccbc26322c4dae9b3c7caa82d5e2eefcf7b1 Mon Sep 17 00:00:00 2001 -From: zhong-jiawei-1 -Date: Fri, 21 Oct 2022 16:40:34 +0800 +From 5584140c9549c2c9c6a0b0c5afea0850d1e88926 Mon Sep 17 00:00:00 2001 +From: zhongjiawei +Date: Thu, 5 Jan 2023 16:32:43 +0800 Subject: [PATCH] runc: fix runc log decode failed --- - runc-1.1.3/main.go | 21 ++++++++++++++++++++- + main.go | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) -diff --git a/runc-1.1.3/main.go b/runc-1.1.3/main.go +diff --git a/main.go b/main.go index 0a6f3b4..6e9101a 100644 ---- a/runc-1.1.3/main.go -+++ b/runc-1.1.3/main.go +--- a/main.go ++++ b/main.go @@ -1,6 +1,7 @@ package main diff --git a/patch/0016-runc-do-not-setup-sysctl-in-runc-when-userns-enable.patch b/patch/0016-runc-do-not-setup-sysctl-in-runc-when-userns-enable.patch index cf07a99..944a23c 100644 --- a/patch/0016-runc-do-not-setup-sysctl-in-runc-when-userns-enable.patch +++ b/patch/0016-runc-do-not-setup-sysctl-in-runc-when-userns-enable.patch @@ -1,16 +1,16 @@ -From 4d52919666e6cfc75c87908a2fe62c180684c4cd Mon Sep 17 00:00:00 2001 -From: zhong-jiawei-1 -Date: Fri, 21 Oct 2022 16:56:15 +0800 +From 6b4045a28504aaefdb8c1e9abe6b4ad7c445684a Mon Sep 17 00:00:00 2001 +From: zhongjiawei +Date: Thu, 5 Jan 2023 16:33:42 +0800 Subject: [PATCH] runc:do not setup sysctl in runc when userns enable --- - runc-1.1.3/libcontainer/standard_init_linux.go | 10 ++++++---- + libcontainer/standard_init_linux.go | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) -diff --git a/runc-1.1.3/libcontainer/standard_init_linux.go b/runc-1.1.3/libcontainer/standard_init_linux.go +diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index 0dd51b2..b202ba9 100644 ---- a/runc-1.1.3/libcontainer/standard_init_linux.go -+++ b/runc-1.1.3/libcontainer/standard_init_linux.go +--- a/libcontainer/standard_init_linux.go ++++ b/libcontainer/standard_init_linux.go @@ -130,10 +130,12 @@ func (l *linuxStandardInit) Init() error { if err := apparmor.ApplyProfile(l.config.AppArmorProfile); err != nil { return fmt.Errorf("unable to apply apparmor profile: %w", err) diff --git a/patch/0017-runc-support-set-seccomp-priority.patch b/patch/0017-runc-support-set-seccomp-priority.patch index cb5b304..dc84683 100644 --- a/patch/0017-runc-support-set-seccomp-priority.patch +++ b/patch/0017-runc-support-set-seccomp-priority.patch @@ -1,19 +1,19 @@ -From cbb187aee3a309a38a973dee1c1f6d66c1256cf5 Mon Sep 17 00:00:00 2001 -From: zhong-jiawei-1 -Date: Fri, 21 Oct 2022 17:09:33 +0800 +From e9cf09ef6800b7740b2c9a7fe7efcf6af91fbc9f Mon Sep 17 00:00:00 2001 +From: zhongjiawei +Date: Thu, 5 Jan 2023 16:34:57 +0800 Subject: [PATCH] runc: support set seccomp priority --- - runc-1.1.3/libcontainer/configs/config.go | 1 + - runc-1.1.3/libcontainer/seccomp/seccomp_linux.go | 2 +- - runc-1.1.3/libcontainer/specconv/spec_linux.go | 1 + + libcontainer/configs/config.go | 1 + + libcontainer/seccomp/seccomp_linux.go | 2 +- + libcontainer/specconv/spec_linux.go | 1 + .../github.com/opencontainers/runtime-spec/specs-go/config.go | 1 + 4 files changed, 4 insertions(+), 1 deletion(-) -diff --git a/runc-1.1.3/libcontainer/configs/config.go b/runc-1.1.3/libcontainer/configs/config.go +diff --git a/libcontainer/configs/config.go b/libcontainer/configs/config.go index cda79bf..f85ade3 100644 ---- a/runc-1.1.3/libcontainer/configs/config.go -+++ b/runc-1.1.3/libcontainer/configs/config.go +--- a/libcontainer/configs/config.go ++++ b/libcontainer/configs/config.go @@ -88,6 +88,7 @@ type Syscall struct { Name string `json:"name"` Action Action `json:"action"` @@ -22,10 +22,10 @@ index cda79bf..f85ade3 100644 Args []*Arg `json:"args"` } -diff --git a/runc-1.1.3/libcontainer/seccomp/seccomp_linux.go b/runc-1.1.3/libcontainer/seccomp/seccomp_linux.go +diff --git a/libcontainer/seccomp/seccomp_linux.go b/libcontainer/seccomp/seccomp_linux.go index 8c12af7..e4b5750 100644 ---- a/runc-1.1.3/libcontainer/seccomp/seccomp_linux.go -+++ b/runc-1.1.3/libcontainer/seccomp/seccomp_linux.go +--- a/libcontainer/seccomp/seccomp_linux.go ++++ b/libcontainer/seccomp/seccomp_linux.go @@ -256,7 +256,7 @@ func matchCall(filter *libseccomp.ScmpFilter, call *configs.Syscall, defAct libs } } @@ -35,10 +35,10 @@ index 8c12af7..e4b5750 100644 } // Version returns major, minor, and micro. -diff --git a/runc-1.1.3/libcontainer/specconv/spec_linux.go b/runc-1.1.3/libcontainer/specconv/spec_linux.go +diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index 19dd947..02a7439 100644 ---- a/runc-1.1.3/libcontainer/specconv/spec_linux.go -+++ b/runc-1.1.3/libcontainer/specconv/spec_linux.go +--- a/libcontainer/specconv/spec_linux.go ++++ b/libcontainer/specconv/spec_linux.go @@ -1061,6 +1061,7 @@ func SetupSeccomp(config *specs.LinuxSeccomp) (*configs.Seccomp, error) { Name: name, Action: newAction, @@ -47,10 +47,10 @@ index 19dd947..02a7439 100644 Args: []*configs.Arg{}, } // Loop through all the arguments of the syscall and convert them -diff --git a/runc-1.1.3/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go b/runc-1.1.3/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go +diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go index e8143b2..135f74a 100644 ---- a/runc-1.1.3/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go -+++ b/runc-1.1.3/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go +--- a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go ++++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go @@ -688,6 +688,7 @@ type LinuxSyscall struct { Names []string `json:"names"` Action LinuxSeccompAction `json:"action"` diff --git a/patch/0018-runc-do-not-kill-container-if-poststart-hooks-execut.patch b/patch/0018-runc-do-not-kill-container-if-poststart-hooks-execut.patch index c246f3b..3cf2a6e 100644 --- a/patch/0018-runc-do-not-kill-container-if-poststart-hooks-execut.patch +++ b/patch/0018-runc-do-not-kill-container-if-poststart-hooks-execut.patch @@ -1,16 +1,16 @@ -From ac414a8ac967e0fbbf27ea6364f0b134fe9ce9e2 Mon Sep 17 00:00:00 2001 -From: zhong-jiawei-1 -Date: Mon, 24 Oct 2022 11:34:15 +0800 +From 7140cab44cd368e987089b66948cfc7f8a414b83 Mon Sep 17 00:00:00 2001 +From: zhongjiawei +Date: Thu, 5 Jan 2023 16:35:55 +0800 Subject: [PATCH] runc:do not kill container if poststart hooks execute failed --- - runc-1.1.3/libcontainer/container_linux.go | 5 +---- + libcontainer/container_linux.go | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) -diff --git a/runc-1.1.3/libcontainer/container_linux.go b/runc-1.1.3/libcontainer/container_linux.go +diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 425e44d..10890c1 100644 ---- a/runc-1.1.3/libcontainer/container_linux.go -+++ b/runc-1.1.3/libcontainer/container_linux.go +--- a/libcontainer/container_linux.go ++++ b/libcontainer/container_linux.go @@ -367,10 +367,7 @@ func (c *linuxContainer) start(process *Process) (retErr error) { } diff --git a/patch/0019-runc-print-memory-info-when-syscall.Exec-failed.patch b/patch/0019-runc-print-memory-info-when-syscall.Exec-failed.patch index 8746cde..6cf9b5a 100644 --- a/patch/0019-runc-print-memory-info-when-syscall.Exec-failed.patch +++ b/patch/0019-runc-print-memory-info-when-syscall.Exec-failed.patch @@ -1,17 +1,17 @@ -From cb55699bd5f0de2bcf38b343194fd08779fb0317 Mon Sep 17 00:00:00 2001 -From: zhong-jiawei-1 -Date: Mon, 24 Oct 2022 15:18:35 +0800 +From 5159ecfcc9180dd47e843818844c59cb9284d662 Mon Sep 17 00:00:00 2001 +From: zhongjiawei +Date: Thu, 5 Jan 2023 16:36:48 +0800 Subject: [PATCH] runc: print memory info when syscall.Exec failed --- - runc-1.1.3/libcontainer/container_linux.go | 1 + - .../libcontainer/standard_init_linux.go | 33 ++++++++++++++++++- + libcontainer/container_linux.go | 1 + + libcontainer/standard_init_linux.go | 33 ++++++++++++++++++++++++++++- 2 files changed, 33 insertions(+), 1 deletion(-) -diff --git a/runc-1.1.3/libcontainer/container_linux.go b/runc-1.1.3/libcontainer/container_linux.go +diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 10890c1..5ef5a9a 100644 ---- a/runc-1.1.3/libcontainer/container_linux.go -+++ b/runc-1.1.3/libcontainer/container_linux.go +--- a/libcontainer/container_linux.go ++++ b/libcontainer/container_linux.go @@ -355,6 +355,7 @@ func (c *linuxContainer) start(process *Process) (retErr error) { } @@ -20,10 +20,10 @@ index 10890c1..5ef5a9a 100644 return fmt.Errorf("unable to start container process: %w", err) } -diff --git a/runc-1.1.3/libcontainer/standard_init_linux.go b/runc-1.1.3/libcontainer/standard_init_linux.go +diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index b202ba9..8a60501 100644 ---- a/runc-1.1.3/libcontainer/standard_init_linux.go -+++ b/runc-1.1.3/libcontainer/standard_init_linux.go +--- a/libcontainer/standard_init_linux.go ++++ b/libcontainer/standard_init_linux.go @@ -3,8 +3,10 @@ package libcontainer import ( "errors" diff --git a/patch/0020-runc-add-sysctl-kernel.pid_max-to-whitelist.patch b/patch/0020-runc-add-sysctl-kernel.pid_max-to-whitelist.patch index f3b538c..b9470ee 100644 --- a/patch/0020-runc-add-sysctl-kernel.pid_max-to-whitelist.patch +++ b/patch/0020-runc-add-sysctl-kernel.pid_max-to-whitelist.patch @@ -1,16 +1,16 @@ -From 76914fe3613afd7b7adb5a43e3dd7ba1ef33e654 Mon Sep 17 00:00:00 2001 -From: zhong-jiawei-1 -Date: Mon, 24 Oct 2022 15:21:45 +0800 +From af158d403f0395ee93636a6a77b4d37adbef6ee1 Mon Sep 17 00:00:00 2001 +From: zhongjiawei +Date: Thu, 5 Jan 2023 16:37:39 +0800 Subject: [PATCH] runc:add sysctl kernel.pid_max to whitelist --- - runc-1.1.3/libcontainer/configs/validate/validator.go | 1 + + libcontainer/configs/validate/validator.go | 1 + 1 file changed, 1 insertion(+) -diff --git a/runc-1.1.3/libcontainer/configs/validate/validator.go b/runc-1.1.3/libcontainer/configs/validate/validator.go +diff --git a/libcontainer/configs/validate/validator.go b/libcontainer/configs/validate/validator.go index 627621a..3647aa2 100644 ---- a/runc-1.1.3/libcontainer/configs/validate/validator.go -+++ b/runc-1.1.3/libcontainer/configs/validate/validator.go +--- a/libcontainer/configs/validate/validator.go ++++ b/libcontainer/configs/validate/validator.go @@ -171,6 +171,7 @@ func (v *ConfigValidator) sysctl(config *configs.Config) error { "kernel.shmmax": true, "kernel.shmmni": true, diff --git a/patch/0021-runc-disable-core-dump-during-exec.patch b/patch/0021-runc-disable-core-dump-during-exec.patch index 332524e..536d924 100644 --- a/patch/0021-runc-disable-core-dump-during-exec.patch +++ b/patch/0021-runc-disable-core-dump-during-exec.patch @@ -1,16 +1,16 @@ -From 486d2a4b0756b0fe266f8ff79e5ecdb7ae5d680c Mon Sep 17 00:00:00 2001 -From: zhong-jiawei-1 -Date: Mon, 24 Oct 2022 15:29:29 +0800 +From c8bf02dafed3537cd295c0898804809744f02f1e Mon Sep 17 00:00:00 2001 +From: zhongjiawei +Date: Thu, 5 Jan 2023 16:38:29 +0800 Subject: [PATCH] runc:disable core dump during exec --- - runc-1.1.3/libcontainer/process_linux.go | 2 ++ + libcontainer/process_linux.go | 2 ++ 1 file changed, 2 insertions(+) -diff --git a/runc-1.1.3/libcontainer/process_linux.go b/runc-1.1.3/libcontainer/process_linux.go +diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index 29408d7..75d05b7 100644 ---- a/runc-1.1.3/libcontainer/process_linux.go -+++ b/runc-1.1.3/libcontainer/process_linux.go +--- a/libcontainer/process_linux.go ++++ b/libcontainer/process_linux.go @@ -79,6 +79,8 @@ func (p *setnsProcess) signal(sig os.Signal) error { } diff --git a/patch/0022-runc-fix-exec-problem-caused-by-libseccomp-updating.patch b/patch/0022-runc-fix-exec-problem-caused-by-libseccomp-updating.patch index 41a8b9c..45cfb43 100644 --- a/patch/0022-runc-fix-exec-problem-caused-by-libseccomp-updating.patch +++ b/patch/0022-runc-fix-exec-problem-caused-by-libseccomp-updating.patch @@ -1,6 +1,6 @@ -From ca9d0d09ae435785482f21d2c49b4131a74c4382 Mon Sep 17 00:00:00 2001 -From: zhong-jiawei-1 -Date: Mon, 24 Oct 2022 15:35:51 +0800 +From 62ccdfd5cd6572c8c2c5965b9ca85fc78f43bfb6 Mon Sep 17 00:00:00 2001 +From: zhongjiawei +Date: Thu, 5 Jan 2023 16:41:29 +0800 Subject: [PATCH] runc:fix exec problem caused by libseccomp updating reason: libseccomp updating causes runc exec performance @@ -18,15 +18,14 @@ takes about 1s Change-Id: I751ac8354394bd15a420ad8410b12ef3f75622a1 Signed-off-by: xiadanni - --- - runc-1.1.3/libcontainer/seccomp/seccomp_linux.go | 3 +++ + libcontainer/seccomp/seccomp_linux.go | 3 +++ 1 file changed, 3 insertions(+) -diff --git a/runc-1.1.3/libcontainer/seccomp/seccomp_linux.go b/runc-1.1.3/libcontainer/seccomp/seccomp_linux.go +diff --git a/libcontainer/seccomp/seccomp_linux.go b/libcontainer/seccomp/seccomp_linux.go index e4b5750..a925be1 100644 ---- a/runc-1.1.3/libcontainer/seccomp/seccomp_linux.go -+++ b/runc-1.1.3/libcontainer/seccomp/seccomp_linux.go +--- a/libcontainer/seccomp/seccomp_linux.go ++++ b/libcontainer/seccomp/seccomp_linux.go @@ -6,6 +6,7 @@ package seccomp import ( "errors" diff --git a/patch/0023-runc-add-log-message-for-cgroup-file-check.patch b/patch/0023-runc-add-log-message-for-cgroup-file-check.patch index fd7029e..9c35486 100644 --- a/patch/0023-runc-add-log-message-for-cgroup-file-check.patch +++ b/patch/0023-runc-add-log-message-for-cgroup-file-check.patch @@ -1,17 +1,17 @@ -From fe0237c3d86a278561d14ead9254b8e68699f1eb Mon Sep 17 00:00:00 2001 -From: zhong-jiawei-1 -Date: Mon, 24 Oct 2022 17:01:39 +0800 +From 71c298bc54c68714bde5f4aad293f2fa603ede3e Mon Sep 17 00:00:00 2001 +From: zhongjiawei +Date: Thu, 5 Jan 2023 16:43:03 +0800 Subject: [PATCH] runc:add log message for cgroup file check --- - runc-1.1.3/libcontainer/cgroups/file.go | 7 ++++- - runc-1.1.3/libcontainer/cgroups/fs/cpuset.go | 31 +++++++++++++++----- + libcontainer/cgroups/file.go | 7 ++++++- + libcontainer/cgroups/fs/cpuset.go | 31 +++++++++++++++++++++++-------- 2 files changed, 29 insertions(+), 9 deletions(-) -diff --git a/runc-1.1.3/libcontainer/cgroups/file.go b/runc-1.1.3/libcontainer/cgroups/file.go +diff --git a/libcontainer/cgroups/file.go b/libcontainer/cgroups/file.go index 0cdaf74..bc7f0a3 100644 ---- a/runc-1.1.3/libcontainer/cgroups/file.go -+++ b/runc-1.1.3/libcontainer/cgroups/file.go +--- a/libcontainer/cgroups/file.go ++++ b/libcontainer/cgroups/file.go @@ -51,7 +51,12 @@ func WriteFile(dir, file, data string) error { defer fd.Close() if err := retryingWriteFile(fd, data); err != nil { @@ -26,10 +26,10 @@ index 0cdaf74..bc7f0a3 100644 } return nil } -diff --git a/runc-1.1.3/libcontainer/cgroups/fs/cpuset.go b/runc-1.1.3/libcontainer/cgroups/fs/cpuset.go +diff --git a/libcontainer/cgroups/fs/cpuset.go b/libcontainer/cgroups/fs/cpuset.go index 341d5dc..ef1f633 100644 ---- a/runc-1.1.3/libcontainer/cgroups/fs/cpuset.go -+++ b/runc-1.1.3/libcontainer/cgroups/fs/cpuset.go +--- a/libcontainer/cgroups/fs/cpuset.go ++++ b/libcontainer/cgroups/fs/cpuset.go @@ -25,14 +25,23 @@ func (s *CpusetGroup) Apply(path string, r *configs.Resources, pid int) error { } diff --git a/patch/0024-runc-unified-use-of-logpipe.patch b/patch/0024-runc-unified-use-of-logpipe.patch index 6fb5be8..a9bc691 100644 --- a/patch/0024-runc-unified-use-of-logpipe.patch +++ b/patch/0024-runc-unified-use-of-logpipe.patch @@ -1,18 +1,18 @@ -From 6d50719513bcd5994526232facf4f289b9e0e75a Mon Sep 17 00:00:00 2001 -From: zhong-jiawei-1 -Date: Mon, 24 Oct 2022 20:44:25 +0800 -Subject: [PATCH] runc:unified use of logpipe +From c40ef2e5c3415c807172271936a06dfbf89747ee Mon Sep 17 00:00:00 2001 +From: zhongjiawei +Date: Thu, 5 Jan 2023 16:43:54 +0800 +Subject: [PATCH] runc:add log message for cgroup file check --- - runc-1.1.3/libcontainer/container_linux.go | 1 - - .../libcontainer/standard_init_linux.go | 30 +------------------ - runc-1.1.3/main.go | 25 ---------------- + libcontainer/container_linux.go | 1 - + libcontainer/standard_init_linux.go | 30 +---------------------------- + main.go | 25 ------------------------ 3 files changed, 1 insertion(+), 55 deletions(-) -diff --git a/runc-1.1.3/libcontainer/container_linux.go b/runc-1.1.3/libcontainer/container_linux.go +diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 5ef5a9a..10890c1 100644 ---- a/runc-1.1.3/libcontainer/container_linux.go -+++ b/runc-1.1.3/libcontainer/container_linux.go +--- a/libcontainer/container_linux.go ++++ b/libcontainer/container_linux.go @@ -355,7 +355,6 @@ func (c *linuxContainer) start(process *Process) (retErr error) { } @@ -21,10 +21,10 @@ index 5ef5a9a..10890c1 100644 return fmt.Errorf("unable to start container process: %w", err) } -diff --git a/runc-1.1.3/libcontainer/standard_init_linux.go b/runc-1.1.3/libcontainer/standard_init_linux.go +diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index 8a60501..99e7003 100644 ---- a/runc-1.1.3/libcontainer/standard_init_linux.go -+++ b/runc-1.1.3/libcontainer/standard_init_linux.go +--- a/libcontainer/standard_init_linux.go ++++ b/libcontainer/standard_init_linux.go @@ -276,34 +276,6 @@ func (l *linuxStandardInit) Init() error { return err } @@ -61,10 +61,10 @@ index 8a60501..99e7003 100644 + return system.Exec(name, l.config.Args[0:], os.Environ()) } -diff --git a/runc-1.1.3/main.go b/runc-1.1.3/main.go +diff --git a/main.go b/main.go index 6e9101a..e624347 100644 ---- a/runc-1.1.3/main.go -+++ b/runc-1.1.3/main.go +--- a/main.go ++++ b/main.go @@ -1,7 +1,6 @@ package main diff --git a/patch/0025-runc-support-set-cpuset.prefer_cpus-using-cpuset-cpu.patch b/patch/0025-runc-support-set-cpuset.prefer_cpus-using-cpuset-cpu.patch index ba915ef..0035b39 100644 --- a/patch/0025-runc-support-set-cpuset.prefer_cpus-using-cpuset-cpu.patch +++ b/patch/0025-runc-support-set-cpuset.prefer_cpus-using-cpuset-cpu.patch @@ -1,16 +1,16 @@ -From 2c786d0cb9f93c52c8929822cdfd0f795bcf64be Mon Sep 17 00:00:00 2001 -From: zhong-jiawei-1 -Date: Tue, 25 Oct 2022 10:58:03 +0800 +From b22fdd593f463caea0c96c66b1fed442bccfeb8f Mon Sep 17 00:00:00 2001 +From: zhongjiawei +Date: Thu, 5 Jan 2023 16:48:21 +0800 Subject: [PATCH] runc:support set cpuset.prefer_cpus using --cpuset-cpus --- - runc-1.1.3/libcontainer/cgroups/fs/cpuset.go | 118 ++++++++++++++++++- + libcontainer/cgroups/fs/cpuset.go | 118 +++++++++++++++++++++++++++++- 1 file changed, 114 insertions(+), 4 deletions(-) -diff --git a/runc-1.1.3/libcontainer/cgroups/fs/cpuset.go b/runc-1.1.3/libcontainer/cgroups/fs/cpuset.go +diff --git a/libcontainer/cgroups/fs/cpuset.go b/libcontainer/cgroups/fs/cpuset.go index ef1f633..989f4ec 100644 ---- a/runc-1.1.3/libcontainer/cgroups/fs/cpuset.go -+++ b/runc-1.1.3/libcontainer/cgroups/fs/cpuset.go +--- a/libcontainer/cgroups/fs/cpuset.go ++++ b/libcontainer/cgroups/fs/cpuset.go @@ -24,16 +24,126 @@ func (s *CpusetGroup) Apply(path string, r *configs.Resources, pid int) error { return s.ApplyDir(path, r, pid) } diff --git a/patch/0026-runc-add-DT-for-cpuset.preferred_cpus-setting.patch b/patch/0026-runc-add-DT-for-cpuset.preferred_cpus-setting.patch index 0c264c7..fbf0ea3 100644 --- a/patch/0026-runc-add-DT-for-cpuset.preferred_cpus-setting.patch +++ b/patch/0026-runc-add-DT-for-cpuset.preferred_cpus-setting.patch @@ -1,18 +1,18 @@ -From 905cb9a78f13d321860ee921990d60447c148605 Mon Sep 17 00:00:00 2001 -From: zhong-jiawei-1 -Date: Tue, 25 Oct 2022 11:18:42 +0800 +From 43dfa46b403166f4195803b7522bbc94a97d8e7c Mon Sep 17 00:00:00 2001 +From: zhongjiawei +Date: Thu, 5 Jan 2023 16:49:18 +0800 Subject: [PATCH] runc:add DT for cpuset.preferred_cpus setting --- - .../libcontainer/cgroups/fs/cpuset_test.go | 217 ++++++++++++++++++ - .../tests/test_docker_cpuset_preferred.sh | 41 ++++ + libcontainer/cgroups/fs/cpuset_test.go | 217 +++++++++++++++++++++++++ + tests/test_docker_cpuset_preferred.sh | 41 +++++ 2 files changed, 258 insertions(+) - create mode 100755 runc-1.1.3/tests/test_docker_cpuset_preferred.sh + create mode 100755 tests/test_docker_cpuset_preferred.sh -diff --git a/runc-1.1.3/libcontainer/cgroups/fs/cpuset_test.go b/runc-1.1.3/libcontainer/cgroups/fs/cpuset_test.go +diff --git a/libcontainer/cgroups/fs/cpuset_test.go b/libcontainer/cgroups/fs/cpuset_test.go index 8933b3c..0c72c7d 100644 ---- a/runc-1.1.3/libcontainer/cgroups/fs/cpuset_test.go -+++ b/runc-1.1.3/libcontainer/cgroups/fs/cpuset_test.go +--- a/libcontainer/cgroups/fs/cpuset_test.go ++++ b/libcontainer/cgroups/fs/cpuset_test.go @@ -1,6 +1,9 @@ package fs @@ -244,11 +244,11 @@ index 8933b3c..0c72c7d 100644 func TestCPUSetSetMems(t *testing.T) { path := tempDir(t, "cpuset") -diff --git a/runc-1.1.3/tests/test_docker_cpuset_preferred.sh b/runc-1.1.3/tests/test_docker_cpuset_preferred.sh +diff --git a/tests/test_docker_cpuset_preferred.sh b/tests/test_docker_cpuset_preferred.sh new file mode 100755 index 0000000..c80db24 --- /dev/null -+++ b/runc-1.1.3/tests/test_docker_cpuset_preferred.sh ++++ b/tests/test_docker_cpuset_preferred.sh @@ -0,0 +1,41 @@ +#!/bin/bash + diff --git a/patch/0027-runc-modify-runc-Makefile.patch b/patch/0027-runc-modify-runc-Makefile.patch index 81a7f96..a210516 100644 --- a/patch/0027-runc-modify-runc-Makefile.patch +++ b/patch/0027-runc-modify-runc-Makefile.patch @@ -1,16 +1,16 @@ -From c102651a124775ec8c92b774086c46f76407e9d8 Mon Sep 17 00:00:00 2001 -From: zhong-jiawei-1 -Date: Wed, 26 Oct 2022 15:34:29 +0800 +From 6ee9f98fdd90901a2f93b7b58244e543c4623dbe Mon Sep 17 00:00:00 2001 +From: zhongjiawei +Date: Thu, 5 Jan 2023 16:50:18 +0800 Subject: [PATCH] runc:modify runc Makefile --- - runc-1.1.3/Makefile | 28 ++++++++++++++++++++++------ + Makefile | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) -diff --git a/runc-1.1.3/Makefile b/runc-1.1.3/Makefile +diff --git a/Makefile b/Makefile index cf82c0c..34b5347 100644 ---- a/runc-1.1.3/Makefile -+++ b/runc-1.1.3/Makefile +--- a/Makefile ++++ b/Makefile @@ -10,9 +10,12 @@ GIT_BRANCH_CLEAN := $(shell echo $(GIT_BRANCH) | sed -e "s/[^[:alnum:]]/-/g") RUNC_IMAGE := runc_dev$(if $(GIT_BRANCH_CLEAN),:$(GIT_BRANCH_CLEAN)) PROJECT := github.com/opencontainers/runc diff --git a/patch/0028-runc-cgroup-apply-method-modify.patch b/patch/0028-runc-cgroup-apply-method-modify.patch index 3b4ca71..31baaeb 100644 --- a/patch/0028-runc-cgroup-apply-method-modify.patch +++ b/patch/0028-runc-cgroup-apply-method-modify.patch @@ -1,22 +1,22 @@ -From acf803b2e77f2d6f9a9868c5ca25e27ada413f30 Mon Sep 17 00:00:00 2001 -From: zhong-jiawei-1 -Date: Thu, 27 Oct 2022 10:05:29 +0800 +From 6ae765b2529fbfde33c3562834308add80bd34e2 Mon Sep 17 00:00:00 2001 +From: zhongjiawei +Date: Thu, 5 Jan 2023 16:51:24 +0800 Subject: [PATCH] runc:cgroup apply method modify --- - runc-1.1.3/libcontainer/cgroups/fs/cpuset.go | 15 ++- - runc-1.1.3/libcontainer/cgroups/fs/files.go | 23 ++--- - runc-1.1.3/libcontainer/cgroups/fs/utils.go | 97 +++++++++++++++++++ - runc-1.1.3/libcontainer/rootfs_linux.go | 1 + - .../libcontainer/standard_init_linux.go | 4 +- - runc-1.1.3/main.go | 1 - + libcontainer/cgroups/fs/cpuset.go | 15 ++++- + libcontainer/cgroups/fs/files.go | 23 +++---- + libcontainer/cgroups/fs/utils.go | 97 +++++++++++++++++++++++++++++ + libcontainer/rootfs_linux.go | 1 + + libcontainer/standard_init_linux.go | 4 +- + main.go | 1 - 6 files changed, 119 insertions(+), 22 deletions(-) - create mode 100644 runc-1.1.3/libcontainer/cgroups/fs/utils.go + create mode 100644 libcontainer/cgroups/fs/utils.go -diff --git a/runc-1.1.3/libcontainer/cgroups/fs/cpuset.go b/runc-1.1.3/libcontainer/cgroups/fs/cpuset.go +diff --git a/libcontainer/cgroups/fs/cpuset.go b/libcontainer/cgroups/fs/cpuset.go index 989f4ec..379407e 100644 ---- a/runc-1.1.3/libcontainer/cgroups/fs/cpuset.go -+++ b/runc-1.1.3/libcontainer/cgroups/fs/cpuset.go +--- a/libcontainer/cgroups/fs/cpuset.go ++++ b/libcontainer/cgroups/fs/cpuset.go @@ -1,7 +1,9 @@ package fs @@ -67,10 +67,10 @@ index 989f4ec..379407e 100644 ret := fmt.Errorf("failed copy parent cgroup setting, %v", err) if _, err := os.Stat(parent); err != nil { ret = fmt.Errorf("%v, %v", ret, err) -diff --git a/runc-1.1.3/libcontainer/cgroups/fs/files.go b/runc-1.1.3/libcontainer/cgroups/fs/files.go +diff --git a/libcontainer/cgroups/fs/files.go b/libcontainer/cgroups/fs/files.go index 3315cda..b02743c 100644 ---- a/runc-1.1.3/libcontainer/cgroups/fs/files.go -+++ b/runc-1.1.3/libcontainer/cgroups/fs/files.go +--- a/libcontainer/cgroups/fs/files.go ++++ b/libcontainer/cgroups/fs/files.go @@ -18,27 +18,22 @@ import ( "path/filepath" ) @@ -117,11 +117,11 @@ index 3315cda..b02743c 100644 func (s *FilesGroup) GetStats(path string, stats *cgroups.Stats) error { usage, err := getCgroupParamUint(path, "files.usage") if err != nil { -diff --git a/runc-1.1.3/libcontainer/cgroups/fs/utils.go b/runc-1.1.3/libcontainer/cgroups/fs/utils.go +diff --git a/libcontainer/cgroups/fs/utils.go b/libcontainer/cgroups/fs/utils.go new file mode 100644 index 0000000..38820a8 --- /dev/null -+++ b/runc-1.1.3/libcontainer/cgroups/fs/utils.go ++++ b/libcontainer/cgroups/fs/utils.go @@ -0,0 +1,97 @@ +// +build linux + @@ -220,10 +220,10 @@ index 0000000..38820a8 + return nil +} + -diff --git a/runc-1.1.3/libcontainer/rootfs_linux.go b/runc-1.1.3/libcontainer/rootfs_linux.go +diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 4dbe9f4..0bf1729 100644 ---- a/runc-1.1.3/libcontainer/rootfs_linux.go -+++ b/runc-1.1.3/libcontainer/rootfs_linux.go +--- a/libcontainer/rootfs_linux.go ++++ b/libcontainer/rootfs_linux.go @@ -10,6 +10,7 @@ import ( "path/filepath" "strconv" @@ -232,10 +232,10 @@ index 4dbe9f4..0bf1729 100644 "time" securejoin "github.com/cyphar/filepath-securejoin" -diff --git a/runc-1.1.3/libcontainer/standard_init_linux.go b/runc-1.1.3/libcontainer/standard_init_linux.go +diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index 99e7003..c288c88 100644 ---- a/runc-1.1.3/libcontainer/standard_init_linux.go -+++ b/runc-1.1.3/libcontainer/standard_init_linux.go +--- a/libcontainer/standard_init_linux.go ++++ b/libcontainer/standard_init_linux.go @@ -3,11 +3,11 @@ package libcontainer import ( "errors" @@ -250,10 +250,10 @@ index 99e7003..c288c88 100644 "time" "github.com/opencontainers/runtime-spec/specs-go" -diff --git a/runc-1.1.3/main.go b/runc-1.1.3/main.go +diff --git a/main.go b/main.go index e624347..e52a2ea 100644 ---- a/runc-1.1.3/main.go -+++ b/runc-1.1.3/main.go +--- a/main.go ++++ b/main.go @@ -4,7 +4,6 @@ import ( "errors" "fmt" diff --git a/patch/0029-runc-runc-log-forward-to-syslog.patch b/patch/0029-runc-runc-log-forward-to-syslog.patch index acf6201..980f512 100644 --- a/patch/0029-runc-runc-log-forward-to-syslog.patch +++ b/patch/0029-runc-runc-log-forward-to-syslog.patch @@ -1,17 +1,17 @@ -From 0ee4b516f4e39ccef4b893a678b01095acbe6ad0 Mon Sep 17 00:00:00 2001 +From 0013fb97dd10a75ae6f455d8c839315f13a39969 Mon Sep 17 00:00:00 2001 From: zhongjiawei -Date: Mon, 7 Nov 2022 18:56:11 +0800 +Date: Thu, 5 Jan 2023 16:52:16 +0800 Subject: [PATCH] runc:runc log forward to syslog --- - runc-1.1.3/main.go | 27 ++++++++++++++++++- + main.go | 27 ++++++++++++++++++- .../sirupsen/logrus/hooks/syslog/syslog.go | 2 +- 2 files changed, 27 insertions(+), 2 deletions(-) -diff --git a/runc-1.1.3/main.go b/runc-1.1.3/main.go +diff --git a/main.go b/main.go index e52a2ea..381681e 100644 ---- a/runc-1.1.3/main.go -+++ b/runc-1.1.3/main.go +--- a/main.go ++++ b/main.go @@ -1,19 +1,23 @@ package main @@ -70,10 +70,10 @@ index e52a2ea..381681e 100644 + fmt.Fprint(f, string(s)) + } +} -diff --git a/runc-1.1.3/vendor/github.com/sirupsen/logrus/hooks/syslog/syslog.go b/runc-1.1.3/vendor/github.com/sirupsen/logrus/hooks/syslog/syslog.go +diff --git a/vendor/github.com/sirupsen/logrus/hooks/syslog/syslog.go b/vendor/github.com/sirupsen/logrus/hooks/syslog/syslog.go index b6fa374..430f646 100644 ---- a/runc-1.1.3/vendor/github.com/sirupsen/logrus/hooks/syslog/syslog.go -+++ b/runc-1.1.3/vendor/github.com/sirupsen/logrus/hooks/syslog/syslog.go +--- a/vendor/github.com/sirupsen/logrus/hooks/syslog/syslog.go ++++ b/vendor/github.com/sirupsen/logrus/hooks/syslog/syslog.go @@ -2,7 +2,7 @@ package logrus_syslog import ( diff --git a/patch/0030-runc-support-specify-umask.patch b/patch/0030-runc-support-specify-umask.patch deleted file mode 100644 index c3ece81..0000000 --- a/patch/0030-runc-support-specify-umask.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 9e76966232e71cfabc2553c6a0dee1f59ee9216c Mon Sep 17 00:00:00 2001 -From: zhongjiawei -Date: Sat, 17 Dec 2022 11:18:41 +0800 -Subject: [PATCH] runc:support specify umask - ---- - libcontainer/rootfs_linux.go | 7 ++++++- - libcontainer/setns_init_linux.go | 8 ++++++++ - 2 files changed, 14 insertions(+), 1 deletion(-) - -diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go -index a1bd7e7..b005429 100644 ---- a/libcontainer/rootfs_linux.go -+++ b/libcontainer/rootfs_linux.go -@@ -140,7 +140,12 @@ func finalizeRootfs(config *configs.Config) (err error) { - } - } - -- syscall.Umask(0022) -+ umask := libcontainerUtils.SearchLabels(config.Labels, "native.umask") -+ if umask == "normal" { -+ syscall.Umask(0022) -+ } else { -+ syscall.Umask(0027) -+ } - return nil - } - -diff --git a/libcontainer/setns_init_linux.go b/libcontainer/setns_init_linux.go -index e6dfbba..1f7ec98 100644 ---- a/libcontainer/setns_init_linux.go -+++ b/libcontainer/setns_init_linux.go -@@ -11,6 +11,7 @@ import ( - "github.com/opencontainers/runc/libcontainer/keys" - "github.com/opencontainers/runc/libcontainer/seccomp" - "github.com/opencontainers/runc/libcontainer/system" -+ "github.com/opencontainers/runc/libcontainer/utils" - "github.com/opencontainers/selinux/go-selinux/label" - ) - -@@ -42,6 +43,13 @@ func (l *linuxSetnsInit) Init() error { - return err - } - } -+ // set exec process umask to 0027 or 0022 according to container's config -+ umask := utils.SearchLabels(l.config.Config.Labels, "native.umask") -+ if umask == "normal" { -+ syscall.Umask(0022) -+ } else { -+ syscall.Umask(0027) -+ } - if l.config.NoNewPrivileges { - if err := system.Prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); err != nil { - return err --- -2.30.0 - diff --git a/runc.spec b/runc.spec index 6a90bb2..bc62cff 100644 --- a/runc.spec +++ b/runc.spec @@ -3,7 +3,7 @@ Name: docker-runc Version: 1.1.3 -Release: 7 +Release: 8 Summary: runc is a CLI tool for spawning and running containers according to the OCI specification. License: ASL 2.0 @@ -54,6 +54,12 @@ install -p -m 755 runc $RPM_BUILD_ROOT/%{_bindir}/runc %{_bindir}/runc %changelog +* Thu Jan 5 2023 zhongjiawei - 1.1.3-8 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:modify apply-patch path + * Sat Dec 17 2022 zhongjiawei - 1.1.3-7 - Type:bugfix - CVE:NA