packages/runc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

runc: fix connect container failed when reading partially written state.json content

Browse Source
This commit is contained in:
cenhuilin 2022-07-20 01:34:49 +00:00
parent eb907822d8
commit e7614429c9
3 changed files with 65 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
patch/0131-runc-save-state-atomic.patch Normal file
View File

@ -0,0 +1,57 @@
From 957c155cdf03ef1b3bb53d1e107850924bda2c89 Mon Sep 17 00:00:00 2001
From: cenhuilin <cenhuilin@kylinos.cn>
Date: Fri, 8 Jul 2022 02:00:53 +0000
Subject: [PATCH] Write state.json atomically
We want to make sure that the state file is syned and cannot be
read partially or truncated.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
---
libcontainer/container_linux.go | 31 ++++++++++++++++++++++++-------
1 file changed, 24 insertions(+), 7 deletions(-)
diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go
index 7be84a6..709a95e 100644
--- a/libcontainer/container_linux.go
+++ b/libcontainer/container_linux.go
@@ -1385,13 +1385,30 @@ func (c *linuxContainer) updateState(process parentProcess) (*State, error) {
return state, nil
}
-func (c *linuxContainer) saveState(s *State) error {
- f, err := os.Create(filepath.Join(c.root, stateFilename))
- if err != nil {
- return err
- }
- defer f.Close()
- return utils.WriteJSON(f, s)
+func (c *linuxContainer) saveState(s *State) (retErr error) {
+ tmpFile, err := ioutil.TempFile(c.root, "state-")
+ if err != nil {
+ return err
+ }
+
+ defer func() {
+ if retErr != nil {
+ tmpFile.Close()
+ os.Remove(tmpFile.Name())
+ }
+ }()
+
+ err = utils.WriteJSON(tmpFile, s)
+ if err != nil {
+ return err
+ }
+ err = tmpFile.Close()
+ if err != nil {
+ return err
+ }
+
+ stateFilePath := filepath.Join(c.root, stateFilename)
+ return os.Rename(tmpFile.Name(), stateFilePath)
}
func (c *linuxContainer) deleteState() error {
--
2.33.0

8
runc.spec
View File

@ -4,7 +4,7 @@
Name: docker-runc Name: docker-runc
Version: 1.0.0.rc3 Version: 1.0.0.rc3
Release: 117 Release: 118
Summary: runc is a CLI tool for spawning and running containers according to the OCI specification. Summary: runc is a CLI tool for spawning and running containers according to the OCI specification.
License: ASL 2.0 License: ASL 2.0
@ -53,6 +53,12 @@ install -p -m 755 runc $RPM_BUILD_ROOT/%{_bindir}/runc
%{_bindir}/runc %{_bindir}/runc
%changelog %changelog
* Fri Jul 8 2022 cenhuilin <cenhuilin@kylinos.cn> - 1.0.0.rc3-118
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:fix connect container failed when reading partially written state.json content
* Mon Apr 11 2022 fushanqing <fushanqing@kylinos.cn> - 1.0.0.rc3-117 * Mon Apr 11 2022 fushanqing <fushanqing@kylinos.cn> - 1.0.0.rc3-117
- add macro - add macro

1
series.conf
View File

@ -128,4 +128,5 @@ patch/0127-runc-add-mount-destination-validation-fix-CVE-2021.patch
patch/0128-runc-optimize-nsexec-logging.patch patch/0128-runc-optimize-nsexec-logging.patch
patch/0129-runc-improve-log-for-debugging.patch patch/0129-runc-improve-log-for-debugging.patch
patch/0130-runc-fix-cgroup-info-print-error.patch patch/0130-runc-fix-cgroup-info-print-error.patch
patch/0131-runc-save-state-atomic.patch
#end #end