diff --git a/0008-use-file-locks-to-avoid-remounting-the-sharepath-mas.patch b/0008-use-file-locks-to-avoid-remounting-the-sharepath-mas.patch new file mode 100644 index 0000000..7a6a3e0 --- /dev/null +++ b/0008-use-file-locks-to-avoid-remounting-the-sharepath-mas.patch @@ -0,0 +1,88 @@ +From 39ff0ed013102542292f3270ed99babe3964c2a8 Mon Sep 17 00:00:00 2001 +From: yangjiaqi +Date: Fri, 11 Aug 2023 14:47:05 +0800 +Subject: [PATCH] use file locks to avoid remounting the sharepath/master dir + +Signed-off-by: yangjiaqi +--- + utils/transfer.go | 40 +++++++++++++++++++++++++++++++++++----- + 1 file changed, 35 insertions(+), 5 deletions(-) + +diff --git a/utils/transfer.go b/utils/transfer.go +index 9c6d527..789cb99 100644 +--- a/utils/transfer.go ++++ b/utils/transfer.go +@@ -20,17 +20,20 @@ import ( + "path/filepath" + "syscall" + +- mymount "isula.org/syscontainer-tools/pkg/mount" + "github.com/docker/docker/pkg/mount" ++ "github.com/sirupsen/logrus" ++ "golang.org/x/sys/unix" + ++ hconfig "isula.org/syscontainer-tools/config" ++ mymount "isula.org/syscontainer-tools/pkg/mount" + "isula.org/syscontainer-tools/types" +- "github.com/sirupsen/logrus" + ) + + const ( + masterPath = "/.sharedpath/master" + midTransferPath = "/.sharedpath/midpath" + slavePath = "/.sharedpath" ++ lockFile = "master_locker" + ) + + /* Add path to container when it is running +@@ -171,17 +174,44 @@ func GetSlavePath() string { + + // PrepareHostPath prepare host path + func PrepareHostPath(id string) error { ++ lockFile := filepath.Join(hconfig.IsuladToolsDir, lockFile) ++ // get lock file handler ++ f, err := os.OpenFile(lockFile, os.O_RDONLY|os.O_CREATE, 0600) ++ if err != nil { ++ return err ++ } ++ defer f.Close() + +- if err := os.MkdirAll(masterPath, 0600); err != nil { +- return fmt.Errorf("create host shared path failed, err: %s", err) ++ // lock ++ if err := unix.Flock(int(f.Fd()), unix.LOCK_EX); err != nil { ++ return fmt.Errorf("fail to lock file %v: %v", f.Name(), err) + } +- if m, _ := mount.Mounted(masterPath); m != true { ++ mountErr := func() error { ++ mounted, err := mount.Mounted(masterPath) ++ if err != nil { ++ return fmt.Errorf("fail to know whether %v is mounted: %v", masterPath, err) ++ } ++ // has mounted ++ if mounted { ++ return nil ++ } ++ // do nothing if the directory has already been existed ++ if err := os.MkdirAll(masterPath, 0600); err != nil { ++ return fmt.Errorf("create host shared path failed, err: %s", err) ++ } + if err := mount.Mount("none", masterPath, "tmpfs", "size=16m"); err != nil { + return fmt.Errorf("mount host shared path failed:, %s", err) + } + if err := syscall.Mount("none", masterPath, "none", syscall.MS_SHARED|syscall.MS_REC, ""); err != nil { + return fmt.Errorf("failed to make mountpoint shared, err: %s", err) + } ++ return nil ++ }() ++ if unlockErr := unix.Flock(int(f.Fd()), unix.LOCK_UN); unlockErr != nil { ++ logrus.Errorf("failed to unlock %v : %v", f.Name(), unlockErr) ++ } ++ if mountErr != nil { ++ return mountErr + } + + if err := os.MkdirAll(filepath.Join(masterPath, id), 0600); err != nil { +-- +2.30.0 + diff --git a/syscontainer-tools.spec b/syscontainer-tools.spec index 91c84b3..c355861 100644 --- a/syscontainer-tools.spec +++ b/syscontainer-tools.spec @@ -1,7 +1,7 @@ #Basic Information Name: syscontainer-tools Version: 0.9 -Release: 55 +Release: 56 Summary: syscontainer tools for IT, work with iSulad License: Mulan PSL v2 URL: https://gitee.com/openeuler/syscontainer-tools @@ -15,6 +15,7 @@ Patch4: 0004-add-dt-test.patch Patch5: 0005-add-riscv64-to-syscall-build.patch Patch6: 0006-syscontainer-tools-Add-sw64-architecture.patch Patch7: 0007-support-ipv6.patch +Patch8: 0008-use-file-locks-to-avoid-remounting-the-sharepath-mas.patch #Dependency BuildRequires: glibc-static @@ -116,6 +117,12 @@ chmod 0640 ${HOOK_SPEC}/hookspec.json rm -rfv %{buildroot} %changelog +* Tue Aug 15 2023 yangjiaqi - 0.9-56 +- Type:bugfix +- CVE:NA +- SUG:restart +- DESC:use file locks to avoid remounting the sharepath/master dir + * Thu Aug 10 2023 yangjiaqi - 0.9-55 - Type:bugfix - CVE:NA