diff --git a/0009-clean-up-run-syscontainer-tools-netns-containerid-di.patch b/0009-clean-up-run-syscontainer-tools-netns-containerid-di.patch new file mode 100644 index 0000000..f34b0f4 --- /dev/null +++ b/0009-clean-up-run-syscontainer-tools-netns-containerid-di.patch @@ -0,0 +1,58 @@ +From 7581283eb8e235ae0923e8c68677e059895a3c9b Mon Sep 17 00:00:00 2001 +From: yangjiaqi +Date: Thu, 17 Aug 2023 20:12:49 +0800 +Subject: [PATCH] clean up run/syscontainer-tools/netns/containerid dir residue + +Signed-off-by: yangjiaqi +--- + hooks/syscontainer-hooks/prestart.go | 22 +++++++++++++++++++++- + 1 file changed, 21 insertions(+), 1 deletion(-) + +diff --git a/hooks/syscontainer-hooks/prestart.go b/hooks/syscontainer-hooks/prestart.go +index a71d26b..8b5756e 100644 +--- a/hooks/syscontainer-hooks/prestart.go ++++ b/hooks/syscontainer-hooks/prestart.go +@@ -23,11 +23,13 @@ import ( + "strconv" + "strings" + ++ "github.com/docker/docker/pkg/mount" + "github.com/opencontainers/runc/libcontainer/configs" + _ "github.com/opencontainers/runc/libcontainer/nsenter" + "github.com/opencontainers/runtime-spec/specs-go" + "github.com/sirupsen/logrus" + "golang.org/x/sys/unix" ++ + hconfig "isula.org/syscontainer-tools/config" + "isula.org/syscontainer-tools/libdevice" + "isula.org/syscontainer-tools/libdevice/nsexec" +@@ -251,7 +253,25 @@ func UpdateNetwork(state *configs.HookState, hookConfig *hconfig.ContainerHookCo + logrus.Errorf("[device-hook] Failed to Create netns dir %v", err) + return err + } +- file, err := os.Create(filepath.Join(hconfig.IsuladToolsDirNetns, state.ID)) ++ /* ++ each container can only be in prestart, running or poststop at the same time, ++ so there is no lock protection for the file /run/syscontainer-tools/netns/containerid. ++ */ ++ netnsMountpoint := filepath.Join(hconfig.IsuladToolsDirNetns, state.ID) ++ // see if the current network namespace file is mounted ++ mounted, err := mount.Mounted(netnsMountpoint) ++ if err != nil { ++ logrus.Errorf("[device-hook] Failed to get mount info %v: %v", netnsMountpoint, err) ++ } ++ // has mounted ++ if mounted { ++ // maybe the previous poststop command was not executed or interrupted, resulting in residual ++ if removeErr := RemoveNetworkDevices(state, hookConfig, spec); removeErr != nil { ++ logrus.Errorf("[device-hook] Failed to remove network devices and umount netns file and %v is still mounted: %v", ++ netnsMountpoint, removeErr) ++ } ++ } ++ file, err := os.Create(netnsMountpoint) + if err != nil { + logrus.Errorf("[device-hook] Failed to Create netns file %v", err) + return err +-- +2.30.0 + diff --git a/syscontainer-tools.spec b/syscontainer-tools.spec index c355861..80f9cab 100644 --- a/syscontainer-tools.spec +++ b/syscontainer-tools.spec @@ -1,7 +1,7 @@ #Basic Information Name: syscontainer-tools Version: 0.9 -Release: 56 +Release: 57 Summary: syscontainer tools for IT, work with iSulad License: Mulan PSL v2 URL: https://gitee.com/openeuler/syscontainer-tools @@ -16,6 +16,7 @@ Patch5: 0005-add-riscv64-to-syscall-build.patch Patch6: 0006-syscontainer-tools-Add-sw64-architecture.patch Patch7: 0007-support-ipv6.patch Patch8: 0008-use-file-locks-to-avoid-remounting-the-sharepath-mas.patch +Patch9: 0009-clean-up-run-syscontainer-tools-netns-containerid-di.patch #Dependency BuildRequires: glibc-static @@ -117,6 +118,12 @@ chmod 0640 ${HOOK_SPEC}/hookspec.json rm -rfv %{buildroot} %changelog +* Thu Aug 17 2023 yangjiaqi - 0.9-57 +- Type:bugfix +- CVE:NA +- SUG:restart +- DESC:clean up run/syscontainer-tools/netns/container_id directory residues in the prestart phase + * Tue Aug 15 2023 yangjiaqi - 0.9-56 - Type:bugfix - CVE:NA