packages/runc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

runc: sync patches

Browse Source 
Signed-off-by: Grooooot <isula@huawei.com>
This commit is contained in:
Grooooot 2020-03-05 14:20:27 +08:00
parent 33edf12965
commit ba3d1f2aa6
9 changed files with 245 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
README.en.md
View File

@ -1,36 +0,0 @@
# runc
#### Description
{**When you're done, you can delete the content in this README and update the file with details for others getting started with your repository**}
#### Software Architecture
Software architecture description
#### Installation
1. xxxx
2. xxxx
3. xxxx
#### Instructions
1. xxxx
2. xxxx
3. xxxx
#### Contribution
1. Fork the repository
2. Create Feat_xxx branch
3. Commit your code
4. Create Pull Request
#### Gitee Feature
1. You can use Readme\_XXX.md to support different languages, such as Readme\_en.md, Readme\_zh.md
2. Gitee blog [blog.gitee.com](https://blog.gitee.com)
3. Explore open source project [https://gitee.com/explore](https://gitee.com/explore)
4. The most valuable open source project [GVP](https://gitee.com/gvp)
5. The manual of Gitee [https://gitee.com/help](https://gitee.com/help)
6. The most popular members [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/)

39
README.md
View File

@ -1,39 +0,0 @@
# runc
#### 介绍
{**以下是码云平台说明,您可以替换此简介**
码云是 OSCHINA 推出的基于 Git 的代码托管平台(同时支持 SVN。专为开发者提供稳定、高效、安全的云端软件开发协作平台
无论是个人、团队、或是企业,都能够用码云实现代码托管、项目管理、协作开发。企业项目请看 [https://gitee.com/enterprises](https://gitee.com/enterprises)}
#### 软件架构
软件架构说明
#### 安装教程
1. xxxx
2. xxxx
3. xxxx
#### 使用说明
1. xxxx
2. xxxx
3. xxxx
#### 参与贡献
1. Fork 本仓库
2. 新建 Feat_xxx 分支
3. 提交代码
4. 新建 Pull Request
#### 码云特技
1. 使用 Readme\_XXX.md 来支持不同的语言,例如 Readme\_en.md, Readme\_zh.md
2. 码云官方博客 [blog.gitee.com](https://blog.gitee.com)
3. 你可以 [https://gitee.com/explore](https://gitee.com/explore) 这个地址来了解码云上的优秀开源项目
4. [GVP](https://gitee.com/gvp) 全称是码云最有价值开源项目,是码云综合评定出的优秀开源项目
5. 码云官方提供的使用手册 [https://gitee.com/help](https://gitee.com/help)
6. 码云封面人物是一档用来展示码云会员风采的栏目 [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/)

50
patch/0112-runc-Fixes-1585-config.Namespaces-is-empty-.patch Normal file
View File

@ -0,0 +1,50 @@
From 38b4e1c3faeb7dfb3001dbd34fb2fe904a642367 Mon Sep 17 00:00:00 2001
From: xiadanni1 <xiadanni1@huawei.com>
Date: Fri, 13 Dec 2019 03:40:47 +0800
Subject: [PATCH 1/5] runc: Fixes #1585 config.Namespaces is empty
when accessed
reason:Fixes #1585 config.Namespaces is empty when accessed
Change-Id: I734db7320eee233a1b5a3c6f569506b7304e764e
Signed-off-by: xiadanni1 <xiadanni1@huawei.com>
---
libcontainer/specconv/spec_linux.go | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go
index 8c4567c..0cbc66f 100644
--- a/libcontainer/specconv/spec_linux.go
+++ b/libcontainer/specconv/spec_linux.go
@@ -180,13 +180,6 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) {
}
exists := false
- if config.Namespaces.Contains(configs.NEWNET) && config.Namespaces.PathOf(configs.NEWNET) == "" {
- config.Networks = []*configs.Network{
- {
- Type: "loopback",
- },
- }
- }
for _, m := range spec.Mounts {
config.Mounts = append(config.Mounts, createLibcontainerMount(cwd, m))
}
@@ -217,7 +210,13 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) {
}
config.Namespaces.Add(t, ns.Path)
}
-
+ if config.Namespaces.Contains(configs.NEWNET) && config.Namespaces.PathOf(configs.NEWNET) == "" {
+ config.Networks = []*configs.Network{
+ {
+ Type: "loopback",
+ },
+ }
+ }
// set extra path masking for libcontainer for the various unsafe places in proc
config.MaskPaths = spec.Linux.MaskedPaths
config.ReadonlyPaths = spec.Linux.ReadonlyPaths
--
1.8.3.1

46
patch/0113-runc-Write-freezer-state-after-every-state-.patch Normal file
View File

@ -0,0 +1,46 @@
From caea676dbff1834f7c22c0ebe20a1d2c8c18b762 Mon Sep 17 00:00:00 2001
From: xiadanni1 <xiadanni1@huawei.com>
Date: Fri, 13 Dec 2019 06:50:44 +0800
Subject: [PATCH 2/5] runc:Write freezer state after every state
check
reason:This commit ensures we write the expected freezer cgroup state
after every state check, in case the state check does not give the expected
result. This can happen when a new task is created and prevents the
whole cgroup to be FROZEN, leaving the state into FREEZING instead.
This patch prevents the case of an infinite loop to happen.
Fixes https://github.com/opencontainers/runc/issues/1609
Change-Id: I8243eba847357715b13fd4e291bee9782ee50360
Signed-off-by: xiadanni1 <xiadanni1@huawei.com>
---
libcontainer/cgroups/fs/freezer.go | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/libcontainer/cgroups/fs/freezer.go b/libcontainer/cgroups/fs/freezer.go
index e70dfe3..5ab3c02 100644
--- a/libcontainer/cgroups/fs/freezer.go
+++ b/libcontainer/cgroups/fs/freezer.go
@@ -29,11 +29,14 @@ func (s *FreezerGroup) Apply(d *cgroupData) error {
func (s *FreezerGroup) Set(path string, cgroup *configs.Cgroup) error {
switch cgroup.Resources.Freezer {
case configs.Frozen, configs.Thawed:
- if err := writeFile(path, "freezer.state", string(cgroup.Resources.Freezer)); err != nil {
- return err
- }
-
for {
+ // In case this loop does not exit because it doesn't get the expected
+ // state, let's write again this state, hoping it's going to be properly
+ // set this time. Otherwise, this loop could run infinitely, waiting for
+ // a state change that would never happen.
+ if err := writeFile(path, "freezer.state", string(cgroup.Resources.Freezer)); err != nil {
+ return err
+ }
state, err := readFile(path, "freezer.state")
if err != nil {
return err
--
1.8.3.1

43
patch/0114-runc-may-kill-other-process-when-container-.patch Normal file
View File

@ -0,0 +1,43 @@
From b39f29f48456ae7e9b85ff7584adeb7e68fda460 Mon Sep 17 00:00:00 2001
From: xiadanni1 <xiadanni1@huawei.com>
Date: Thu, 19 Dec 2019 02:35:01 +0800
Subject: [PATCH 3/5] runc: may kill other process when container
has been stopped
reason:may kill other process when container has been stopped
Change-Id: Iaa1af6f44dec5d7eac3518ff1dbdfedc68eb7219
Signed-off-by: xiadanni1 <xiadanni1@huawei.com>
---
libcontainer/container_linux.go | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go
index e7c178b..9b25183 100644
--- a/libcontainer/container_linux.go
+++ b/libcontainer/container_linux.go
@@ -358,10 +358,18 @@ func (c *linuxContainer) Signal(s os.Signal, all bool) error {
if all {
return signalAllProcesses(c.cgroupManager, s)
}
- if err := c.initProcess.signal(s); err != nil {
- return newSystemErrorWithCause(err, "signaling init process")
+ status, err := c.currentStatus()
+ if err != nil {
+ return err
}
- return nil
+ // to avoid a PID reuse attack
+ if status == Running || status == Created {
+ if err := c.initProcess.signal(s); err != nil {
+ return newSystemErrorWithCause(err, "signaling init process")
+ }
+ return nil
+ }
+ return newGenericError(fmt.Errorf("container not running"), ContainerNotRunning)
}
func (c *linuxContainer) createExecFifo() error {
--
1.8.3.1

54
patch/0115-runc-Fix-cgroup-hugetlb-size-prefix-for-kB.patch Normal file
View File

@ -0,0 +1,54 @@
From d46d29ea24d8fb4fc03c739e619d7d241dc5556c Mon Sep 17 00:00:00 2001
From: xiadanni1 <xiadanni1@huawei.com>
Date: Thu, 19 Dec 2019 02:37:54 +0800
Subject: [PATCH 4/5] runc: Fix cgroup hugetlb size prefix for kB
reason:The hugetlb cgroup control files (introduced here in 2012:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=abb8206cb0773)
use "KB" and not "kB"
(https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/mm/hugetlb_cgroup.c?h=v5.0#n349).
The behavior in the kernel has not changed since the introduction, and
the current code using "kB" will therefore fail on devices with small
amounts of ram (see
https://github.com/kubernetes/kubernetes/issues/77169) running a kernel
with config flag CONFIG_HUGETLBFS=y
As seen from the code in "mem_fmt" inside hugetlb_cgroup.c, only "KB",
"MB" and "GB" are used, so the others may be removed as well.
Here is a real world example of the files inside the
"/sys/kernel/mm/hugepages/" directory:
- "hugepages-64kB"
- "hugepages-2048kB"
- "hugepages-32768kB"
- "hugepages-1048576kB"
And the corresponding cgroup files:
- "hugetlb.64KB._____"
- "hugetlb.2MB._____"
- "hugetlb.32MB._____"
- "hugetlb.1GB._____"
Change-Id: If35e44e4b6846f8ed2870aedb9fed5dd3a38e91f
Signed-off-by: xiadanni1 <xiadanni1@huawei.com>
---
libcontainer/cgroups/utils.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libcontainer/cgroups/utils.go b/libcontainer/cgroups/utils.go
index c9411ee..5155e14 100644
--- a/libcontainer/cgroups/utils.go
+++ b/libcontainer/cgroups/utils.go
@@ -384,7 +384,7 @@ func RemovePaths(paths map[string]string) (err error) {
func GetHugePageSize() ([]string, error) {
var pageSizes []string
- sizeList := []string{"B", "kB", "MB", "GB", "TB", "PB"}
+ sizeList := []string{"B", "KB", "MB", "GB", "TB", "PB"}
files, err := ioutil.ReadDir("/sys/kernel/mm/hugepages")
if err != nil {
return pageSizes, err
--
1.8.3.1

46
patch/0116-runc-check-nil-pointers-in-cgroup-manager.patch Normal file
View File

@ -0,0 +1,46 @@
From 1b9ff04a3f6e7bc9b8bce087ccacf894c21adc97 Mon Sep 17 00:00:00 2001
From: xiadanni1 <xiadanni1@huawei.com>
Date: Thu, 19 Dec 2019 02:41:08 +0800
Subject: [PATCH 5/5] runc: check nil pointers in cgroup manager
reason:check nil pointers in cgroup manager
Change-Id: I94bda4b4ca4031ee93d54885603e60e64d3683a0
Signed-off-by: xiadanni1 <xiadanni1@huawei.com>
---
libcontainer/cgroups/fs/apply_raw.go | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/libcontainer/cgroups/fs/apply_raw.go b/libcontainer/cgroups/fs/apply_raw.go
index 7677f33..73c733a 100644
--- a/libcontainer/cgroups/fs/apply_raw.go
+++ b/libcontainer/cgroups/fs/apply_raw.go
@@ -189,9 +189,13 @@ func (m *Manager) GetStats() (*cgroups.Stats, error) {
}
func (m *Manager) Set(container *configs.Config) error {
+ if container.Cgroups == nil {
+ return nil
+ }
+
// If Paths are set, then we are just joining cgroups paths
// and there is no need to set any values.
- if m.Cgroups.Paths != nil {
+ if m.Cgroups != nil && m.Cgroups.Paths != nil {
return nil
}
@@ -214,6 +218,10 @@ func (m *Manager) Set(container *configs.Config) error {
// Freeze toggles the container's freezer cgroup depending on the state
// provided
func (m *Manager) Freeze(state configs.FreezerState) error {
+ if m.Cgroups == nil {
+ return errors.New("cannot toggle freezer: cgroups not configured for container")
+ }
+
paths := m.GetPaths()
dir := paths["freezer"]
prevState := m.Cgroups.Resources.Freezer
--
1.8.3.1

2
runc-openeuler.spec
View File

@ -2,7 +2,7 @@
Name: docker-runc
Version: 1.0.0.rc3
Release: 101
Release: 102
Summary: runc is a CLI tool for spawning and running containers according to the OCI specification.
License: ASL 2.0

5
series.conf
View File

@ -108,3 +108,8 @@
0111-runc-add-log-message-for-cgroup-file-check.patch
0112-runc-add-log-message-for-cgroup-file-check.patch
0113-runc-modify-files-cgroup-info-reading-path.patch
0112-runc-Fixes-1585-config.Namespaces-is-empty-.patch
0113-runc-Write-freezer-state-after-every-state-.patch
0114-runc-may-kill-other-process-when-container-.patch
0115-runc-Fix-cgroup-hugetlb-size-prefix-for-kB.patch
0116-runc-check-nil-pointers-in-cgroup-manager.patch