From 5bd893e34edc0de189ca117af5ed72055428947e Mon Sep 17 00:00:00 2001 From: LiFeng Date: Sun, 19 Jan 2020 00:06:40 -0500 Subject: [PATCH 1/7] iSulad: adapt kata based on next_openeuler Change-Id: Ia37071fce115de96e5e139369011451457caf714 Signed-off-by: LiFeng --- cmake/options.cmake | 2 +- iSulad.spec | 4 +- src/constants.h | 1 + src/cutils/utils_file.c | 57 ++ src/cutils/utils_file.h | 2 + src/engines/engine.h | 7 +- src/http/http.c | 9 +- src/image/embedded/embedded_config_merge.c | 226 ++++-- src/image/embedded/embedded_config_merge.h | 4 +- src/image/embedded/embedded_image.c | 27 +- src/image/embedded/embedded_image.h | 5 +- src/image/external/ext_image.c | 6 +- src/image/external/ext_image.h | 4 +- src/image/image.c | 10 +- src/image/image.h | 13 +- src/image/oci/isula_image.c | 4 +- src/image/oci/isula_image.h | 2 +- src/image/oci/oci_common_operators.c | 9 +- src/image/oci/oci_common_operators.h | 5 +- src/image/oci/oci_config_merge.c | 201 +++-- src/image/oci/oci_config_merge.h | 5 +- .../schema/schema/container/conf-request.json | 9 - .../schema/container/conf-response.json | 21 - src/json/schema/schema/container/config.json | 26 + .../schema/container/custom-config.json | 83 --- src/json/schema/schema/container/info.json | 9 - .../schema/container/stats-request.json | 3 - src/json/schema/schema/defs.json | 698 +++++++++++++++++- src/json/schema/schema/docker/seccomp.json | 12 +- .../schema/oci/runtime/config-linux.json | 192 +---- .../schema/schema/oci/runtime/defs-linux.json | 270 ------- src/json/schema/schema/oci/runtime/pspec.json | 2 +- src/json/schema/schema/oci/runtime/spec.json | 150 +--- src/json/schema/src/read_file.c | 2 +- src/json/schema/src/read_file.h | 2 +- src/namespace.h | 1 + src/pack_config.c | 138 ++-- src/pack_config.h | 2 +- src/plugin/plugin.c | 34 +- src/plugin/pspec.c | 18 +- src/runtime/lcr/lcr_rt_ops.c | 64 +- src/runtime/runtime.h | 8 +- src/services/cri/cri_container.cc | 18 +- src/services/cri/cri_helpers.cc | 2 +- src/services/cri/cri_helpers.h | 2 +- src/services/cri/cri_runtime_service.cc | 1 - src/services/cri/cri_runtime_service.h | 11 +- src/services/cri/cri_sandbox.cc | 15 +- src/services/cri/cri_security_context.cc | 6 +- src/services/cri/cri_security_context.h | 6 +- src/services/execution/execute/execution.c | 83 ++- .../execution/execute/execution_create.c | 356 +++------ .../execution/execute/execution_extend.c | 61 +- .../execution/execute/execution_network.c | 237 ++++-- .../execution/execute/execution_stream.c | 248 ++++--- .../execution/manager/container_unix.c | 324 +------- .../execution/manager/container_unix.h | 5 +- src/services/execution/manager/restore.c | 23 +- src/services/execution/spec/specs.c | 483 ++++++------ src/services/execution/spec/specs.h | 15 +- src/services/execution/spec/specs_extend.c | 81 +- src/services/execution/spec/specs_extend.h | 7 +- src/services/execution/spec/specs_mount.c | 290 ++++---- src/services/execution/spec/specs_mount.h | 7 +- src/services/execution/spec/specs_security.c | 71 +- src/services/execution/spec/specs_security.h | 5 +- src/services/execution/spec/verify.c | 63 +- src/services/execution/spec/verify.h | 4 +- 68 files changed, 2382 insertions(+), 2389 deletions(-) delete mode 100644 src/json/schema/schema/container/conf-request.json delete mode 100644 src/json/schema/schema/container/conf-response.json delete mode 100644 src/json/schema/schema/container/custom-config.json delete mode 100644 src/json/schema/schema/oci/runtime/defs-linux.json diff --git a/cmake/options.cmake b/cmake/options.cmake index 1bb7534..f4b0b34 100644 --- a/cmake/options.cmake +++ b/cmake/options.cmake @@ -33,7 +33,7 @@ endif() option(VERSION "set isulad version" ON) if (VERSION STREQUAL "ON") - set(ISULAD_VERSION "1.1.9") + set(ISULAD_VERSION "1.1.11") endif() option(DEBUG "set isulad gcc option" ON) diff --git a/iSulad.spec b/iSulad.spec index 9ddd359..df788d3 100644 --- a/iSulad.spec +++ b/iSulad.spec @@ -1,5 +1,5 @@ -%global _version 1.1.9 -%global _release 20200206.104209.gitd282adb9 +%global _version 1.1.11 +%global _release 20200204.221506.git50cfadfa %global is_systemd 1 %global debug_package %{nil} diff --git a/src/constants.h b/src/constants.h index bbc033d..973b006 100644 --- a/src/constants.h +++ b/src/constants.h @@ -53,6 +53,7 @@ #define DEFAULT_CA_FILE "ca.pem" #define DEFAULT_KEY_FILE "key.pem" #define DEFAULT_CERT_FILE "cert.pem" +#define OCI_CONFIG_JSON "config.json" #define LOG_MAX_RETRIES 10 diff --git a/src/cutils/utils_file.c b/src/cutils/utils_file.c index 3bac068..95df5ba 100644 --- a/src/cutils/utils_file.c +++ b/src/cutils/utils_file.c @@ -877,3 +877,60 @@ char *verify_file_and_get_real_path(const char *file) return util_strdup_s(resolved_path); } +int util_copy_file(const char *src_file, const char *dst_file) +{ +#define BUFSIZE 4096 + int ret = 0; + char *nret = NULL; + char real_src_file[PATH_MAX + 1] = { 0 }; + int src_fd = -1; + int dst_fd = -1; + char buf[BUFSIZE + 1] = { 0 }; + + if (src_file == NULL || dst_file == NULL) { + return ret; + } + nret = realpath(src_file, real_src_file); + if (nret == NULL) { + ERROR("real path: %s, return: %s", src_file, strerror(errno)); + ret = -1; + return ret; + } + src_fd = util_open(real_src_file, O_RDONLY, CONFIG_FILE_MODE); + if (src_fd < 0) { + ERROR("Open src file: %s, failed: %s", real_src_file, strerror(errno)); + ret = -1; + goto free_out; + } + dst_fd = util_open(dst_file, O_WRONLY | O_CREAT | O_TRUNC, DEFAULT_SECURE_FILE_MODE); + if (dst_fd < 0) { + ERROR("Creat file: %s, failed: %s", dst_file, strerror(errno)); + ret = -1; + goto free_out; + } + while (true) { + ssize_t len = util_read_nointr(src_fd, buf, BUFSIZE); + if (len < 0) { + ERROR("Read src file failed: %s", strerror(errno)); + ret = -1; + goto free_out; + } else if (len == 0) { + break; + } + if (util_write_nointr(dst_fd, buf, (size_t)len) != len) { + ERROR("Write file failed: %s", strerror(errno)); + ret = -1; + goto free_out; + } + } + +free_out: + if (src_fd >= 0) { + close(src_fd); + } + if (dst_fd >= 0) { + close(dst_fd); + } + return ret; +} + diff --git a/src/cutils/utils_file.h b/src/cutils/utils_file.h index 7cfc251..78ae5cd 100644 --- a/src/cutils/utils_file.h +++ b/src/cutils/utils_file.h @@ -71,6 +71,8 @@ int util_write_file(const char *fname, const char *content, size_t content_len); char *verify_file_and_get_real_path(const char *file); +int util_copy_file(const char *src_file, const char *dst_file); + #ifdef __cplusplus } #endif diff --git a/src/engines/engine.h b/src/engines/engine.h index 69303e2..2b52847 100644 --- a/src/engines/engine.h +++ b/src/engines/engine.h @@ -103,11 +103,6 @@ typedef struct _engine_start_request_t { uint32_t start_timeout; const char *container_pidfile; const char *exit_fifo; - - uid_t uid; - gid_t gid; - gid_t *additional_gids; - size_t additional_gids_len; } engine_start_request_t; typedef struct _engine_exec_request_t { @@ -132,7 +127,7 @@ typedef struct _engine_exec_request_t { } engine_exec_request_t; -typedef bool (*engine_create_t)(const char *, const char *, const char *, void *); +typedef bool (*engine_create_t)(const char *, const char *, void *); typedef bool (*engine_start_t)(const engine_start_request_t *request); diff --git a/src/http/http.c b/src/http/http.c index 04a608a..8860aad 100644 --- a/src/http/http.c +++ b/src/http/http.c @@ -351,6 +351,7 @@ int authz_http_request(const char *username, const char *action, char **resp) char err_msg[AUTHZ_ERROR_MSG_SIZE] = { 0 }; long response_code = 0; int ret = 0; + int nret = 0; size_t length = 0; struct http_get_options *options = NULL; if (strlen(username) > ((SIZE_MAX - strlen(action)) - strlen(":")) - 1) { @@ -364,7 +365,7 @@ int authz_http_request(const char *username, const char *action, char **resp) *resp = util_strdup_s("Inernal server error: Out of memory"); return -1; } - int nret = snprintf(request_body, length, "%s:%s", username, action); + nret = snprintf(request_body, length, "%s:%s", username, action); if (nret < 0 || (size_t)nret >= length) { ERROR("Failed to print string"); free(request_body); @@ -392,14 +393,14 @@ int authz_http_request(const char *username, const char *action, char **resp) goto out; } if (response_code != StatusOK) { - ret = snprintf(err_msg, sizeof(err_msg), "action '%s' for user '%s': permission denied", action, username); - if (ret < 0 || (size_t)ret >= sizeof(err_msg)) { + ret = -1; + nret = snprintf(err_msg, sizeof(err_msg), "action '%s' for user '%s': permission denied", action, username); + if (nret < 0 || (size_t)nret >= sizeof(err_msg)) { ERROR("Out of memory"); *resp = util_strdup_s("Inernal server error: Out of memory"); goto out; } *resp = util_strdup_s(err_msg); - ret = -1; goto out; } diff --git a/src/image/embedded/embedded_config_merge.c b/src/image/embedded/embedded_config_merge.c index befb254..a73bcd6 100644 --- a/src/image/embedded/embedded_config_merge.c +++ b/src/image/embedded/embedded_config_merge.c @@ -30,98 +30,113 @@ #include "mediatype.h" #include "embedded_config_merge.h" -int merge_env_config(oci_runtime_spec *oci_spec, - embedded_manifest **manifest) +static int embedded_merge_entrypoint(embedded_config *config, container_config *container_spec) { - if ((*manifest)->config->env && (*manifest)->config->env_len != 0) { - int ret = merge_env(oci_spec, (const char **)(*manifest)->config->env, (*manifest)->config->env_len); + if (config->entrypoint && container_spec->entrypoint_len == 0) { + int ret = dup_array_of_strings((const char **)config->entrypoint, config->entrypoint_len, + &(container_spec->entrypoint), &(container_spec->entrypoint_len)); if (ret != 0) { - ERROR("Failed to merge environment variables"); + ERROR("Failed to duplicate entrypoint from manifest"); return -1; } + container_spec->entrypoint_len = config->entrypoint_len; } return 0; } -int replace_cmds_config(container_custom_config *custom_spec, - embedded_manifest **manifest) +static int embedded_merge_env(const embedded_config *config, container_config *container_spec) { - embedded_config *config = (*manifest)->config; + int ret = 0; + size_t new_size = 0; + size_t old_size = 0; + size_t i = 0; + size_t j = 0; + char **temp = NULL; + char **im_kv = NULL; + char **custom_kv = NULL; - if (config->entrypoint && custom_spec->entrypoint_len == 0) { - int ret = dup_array_of_strings((const char **)config->entrypoint, config->entrypoint_len, - &(custom_spec->entrypoint), &(custom_spec->entrypoint_len)); - if (ret != 0) { - ERROR("Failed to duplicate entrypoint from manifest"); - return -1; - } - custom_spec->entrypoint_len = (*manifest)->config->entrypoint_len; + if (config->env == NULL || config->env_len == 0) { + return 0; } - return 0; -} -int merge_config(oci_runtime_spec *oci_spec, - container_custom_config *custom_spec, - const char *image_config, - embedded_manifest **manifest) -{ - if ((*manifest)->config != NULL) { - if ((*manifest)->config->workdir != NULL) { - free(oci_spec->process->cwd); - oci_spec->process->cwd = util_strdup_s((*manifest)->config->workdir); + if (config->env_len > LIST_ENV_SIZE_MAX - container_spec->env_len) { + ERROR("The length of envionment variables is too long, the limit is %d", LIST_ENV_SIZE_MAX); + isulad_set_error_message("The length of envionment variables is too long, the limit is %d", LIST_ENV_SIZE_MAX); + ret = -1; + goto out; + } + new_size = (container_spec->env_len + config->env_len) * sizeof(char *); + old_size = container_spec->env_len * sizeof(char *); + ret = mem_realloc((void **)&temp, new_size, container_spec->env, old_size); + if (ret != 0) { + ERROR("Failed to realloc memory for envionment variables"); + ret = -1; + goto out; + } + + container_spec->env = temp; + for (i = 0; i < config->env_len; i++) { + bool found = false; + im_kv = util_string_split(config->env[i], '='); + if (im_kv == NULL) { + continue; } - if (merge_env_config(oci_spec, manifest) != 0) { - return -1; + for (j = 0; j < container_spec->env_len; j++) { + custom_kv = util_string_split(container_spec->env[i], '='); + if (custom_kv == NULL) { + continue; + } + if (strcmp(im_kv[0], custom_kv[0]) == 0) { + found = true; + } + util_free_array(custom_kv); + custom_kv = NULL; + if (found) { + break; + } } - return replace_cmds_config(custom_spec, manifest); + if (!found) { + container_spec->env[container_spec->env_len] = util_strdup_s(config->env[i]); + container_spec->env_len++; + } + util_free_array(im_kv); + im_kv = NULL; } - return 0; +out: + return ret; } -int pre_deal_config(oci_runtime_spec *oci_spec, - container_custom_config *custom_spec, - const char *image_config, - embedded_manifest **manifest, - char **config_path, - char **err) -{ - bool param_error = (oci_spec == NULL || image_config == NULL); - if (param_error) { - ERROR("invalid NULL param"); - return -1; - } - *manifest = embedded_manifest_parse_data(image_config, 0, err); - if (*manifest == NULL) { - ERROR("parse manifest failed: %s", *err); - return -1; - } +static int merge_embedded_config(const embedded_manifest *manifest, container_config *container_spec) +{ + if (manifest->config != NULL) { + if (manifest->config->workdir != NULL) { + free(container_spec->working_dir); + container_spec->working_dir = util_strdup_s(manifest->config->workdir); + } - if (merge_config(oci_spec, custom_spec, image_config, manifest) != 0) { - return -1; - } + if (embedded_merge_env(manifest->config, container_spec) != 0) { + return -1; + } - int ret = lim_query_image_data((*manifest)->image_name, IMAGE_DATA_TYPE_CONFIG_PATH, config_path, NULL); - if (ret != 0) { - ERROR("query config path for image %s failed", (*manifest)->image_name); - return -1; + return embedded_merge_entrypoint(manifest->config, container_spec); } return 0; } -int gen_abs_path(embedded_manifest **manifest, char **abs_path, char *config_path, char *real_path, int i) +static int gen_abs_path(const embedded_manifest *manifest, char **abs_path, char *config_path, char *real_path, int i) { /* change source to absolute path */ - if ((*manifest)->layers[i]->path_in_host[0] == '/') { - (*abs_path) = util_strdup_s((*manifest)->layers[i]->path_in_host); + if (manifest->layers[i]->path_in_host[0] == '/') { + (*abs_path) = util_strdup_s(manifest->layers[i]->path_in_host); } else { - (*abs_path) = util_add_path(config_path, (*manifest)->layers[i]->path_in_host); + (*abs_path) = util_add_path(config_path, manifest->layers[i]->path_in_host); } if ((*abs_path) == NULL) { ERROR("add path %s and %s failed", config_path, - (*manifest)->layers[i]->path_in_host); + manifest->layers[i]->path_in_host); return -1; } @@ -132,7 +147,7 @@ int gen_abs_path(embedded_manifest **manifest, char **abs_path, char *config_pat return 0; } -int gen_one_mount(embedded_manifest *manifest, char *mount, char *real_path, int i) +static int gen_one_mount(const embedded_manifest *manifest, char *mount, char *real_path, int i) { int nret = 0; if (manifest->layers[i]->media_type == NULL) { @@ -148,27 +163,62 @@ int gen_one_mount(embedded_manifest *manifest, char *mount, char *real_path, int "type=bind,ro=true,bind-propagation=rprivate,src=%s,dst=%s", real_path, manifest->layers[i]->path_in_container); } - if (nret < 0 || (size_t)nret >= (PATH_MAX * 3)) { + if (nret < 0 || nret >= (PATH_MAX * 3)) { ERROR("print string for mounts failed"); return -1; } return 0; } -int embedded_image_merge_config(oci_runtime_spec *oci_spec, - container_custom_config *custom_spec, - const char *image_config) +static int embedded_append_mounts(char **volumes, size_t volumes_len, container_config *container_spec) +{ + int ret = 0; + size_t i = 0; + size_t new_size = 0; + size_t old_size = 0; + char **temp = NULL; + + if (volumes == NULL || volumes_len == 0) { + return 0; + } + if (volumes_len > LIST_ENV_SIZE_MAX - container_spec->mounts_len) { + ERROR("The length of mounts is too long, the limit is %d", LIST_ENV_SIZE_MAX); + isulad_set_error_message("The length of mounts is too long, the limit is %d", LIST_ENV_SIZE_MAX); + ret = -1; + goto out; + } + new_size = (container_spec->mounts_len + volumes_len) * sizeof(char *); + old_size = container_spec->mounts_len * sizeof(char *); + ret = mem_realloc((void **)&temp, new_size, container_spec->mounts, old_size); + if (ret != 0) { + ERROR("Failed to realloc memory for mounts"); + ret = -1; + goto out; + } + + container_spec->mounts = temp; + + for (i = 0; i < volumes_len; i++) { + container_spec->mounts[container_spec->mounts_len] = util_strdup_s(volumes[i]); + container_spec->mounts_len++; + } + +out: + return ret; +} + +static int embedded_merge_mounts(const embedded_manifest *manifest, container_config *container_spec) { int ret = 0; - char *err = NULL; - embedded_manifest *manifest = NULL; int i = 0; - char **mounts = NULL; - size_t cap = 0; char *config_path = NULL; char *abs_path = NULL; + size_t cap = 0; + char **mounts = NULL; - if (pre_deal_config(oci_spec, custom_spec, image_config, &manifest, &config_path, &err) != 0) { + ret = lim_query_image_data(manifest->image_name, IMAGE_DATA_TYPE_CONFIG_PATH, &config_path, NULL); + if (ret != 0) { + ERROR("query config path for image %s failed", manifest->image_name); ret = -1; goto out; } @@ -192,7 +242,7 @@ int embedded_image_merge_config(oci_runtime_spec *oci_spec, goto out; } - if (gen_abs_path(&manifest, &abs_path, config_path, real_path, i) != 0) { + if (gen_abs_path(manifest, &abs_path, config_path, real_path, i) != 0) { ret = -1; goto out; } @@ -204,19 +254,47 @@ int embedded_image_merge_config(oci_runtime_spec *oci_spec, } } - ret = merge_volumes(oci_spec, mounts, util_array_len((const char **)mounts), NULL, parse_mount); + ret = embedded_append_mounts(mounts, util_array_len((const char **)mounts), container_spec); if (ret) { ERROR("Failed to merge layer into mounts"); goto out; } out: - free(err); util_free_array(mounts); - free_embedded_manifest(manifest); free(abs_path); UTIL_FREE_AND_SET_NULL(config_path); return ret; } +int embedded_image_merge_config(const char *image_config, container_config *container_spec) +{ + int ret = 0; + char *err = NULL; + embedded_manifest *manifest = NULL; + + manifest = embedded_manifest_parse_data(image_config, 0, &err); + if (manifest == NULL) { + ERROR("parse manifest failed: %s", err); + ret = -1; + goto out; + } + + if (merge_embedded_config(manifest, container_spec) != 0) { + ret = -1; + goto out; + } + + ret = embedded_merge_mounts(manifest, container_spec); + if (ret != 0) { + ERROR("query config path for image %s failed", manifest->image_name); + ret = -1; + goto out; + } +out: + free(err); + free_embedded_manifest(manifest); + return ret; +} + diff --git a/src/image/embedded/embedded_config_merge.h b/src/image/embedded/embedded_config_merge.h index 7ed6c68..f22cb6b 100644 --- a/src/image/embedded/embedded_config_merge.h +++ b/src/image/embedded/embedded_config_merge.h @@ -21,9 +21,7 @@ extern "C" { #endif -int embedded_image_merge_config(oci_runtime_spec *oci_spec, - container_custom_config *custom_spec, - const char *image_config); +int embedded_image_merge_config(const char *image_config, container_config *container_spec); #ifdef __cplusplus } diff --git a/src/image/embedded/embedded_image.c b/src/image/embedded/embedded_image.c index 3ae0be5..c4574fd 100644 --- a/src/image/embedded/embedded_image.c +++ b/src/image/embedded/embedded_image.c @@ -94,15 +94,13 @@ int embedded_delete_rf(const im_delete_request *request) return 0; } -static int do_merge_embedded_image_conf(oci_runtime_spec *oci_spec, - container_custom_config *custom_spec, - const char *image_name) +static int do_merge_embedded_image_conf(const char *image_name, container_config *container_spec) { int ret = 0; char *image_config = NULL; char *image_type = NULL; - if (oci_spec == NULL || image_name == NULL) { + if (container_spec == NULL || image_name == NULL) { ERROR("invalid NULL param"); return -1; } @@ -114,7 +112,7 @@ static int do_merge_embedded_image_conf(oci_runtime_spec *oci_spec, } if (strcmp(image_type, IMAGE_TYPE_EMBEDDED) == 0) { - ret = embedded_image_merge_config(oci_spec, custom_spec, image_config); + ret = embedded_image_merge_config(image_config, container_spec); if (ret != 0) { goto out; } @@ -132,7 +130,7 @@ out: } -int embedded_merge_conf(oci_runtime_spec *oci_spec, const host_config *host_spec, container_custom_config *custom_spec, +int embedded_merge_conf(const host_config *host_spec, container_config *container_spec, const im_prepare_request *request, char **real_rootfs) { int ret = 0; @@ -149,13 +147,7 @@ int embedded_merge_conf(oci_runtime_spec *oci_spec, const host_config *host_spec return nret; } - if (merge_user("/", oci_spec, host_spec, custom_spec->user)) { - ERROR("Failed to merge user: %s", custom_spec->user); - ret = -1; - goto umount; - } - - nret = do_merge_embedded_image_conf(oci_spec, custom_spec, request->image_name); + nret = do_merge_embedded_image_conf(request->image_name, container_spec); if (nret != 0) { ret = nret; goto umount; @@ -171,10 +163,13 @@ umount: return ret; } -int embedded_get_user_conf(const char *basefs, host_config *hc, const char *userstr, - oci_runtime_spec_process_user *puser) +int embedded_get_user_conf(const char *basefs, host_config *hc, const char *userstr, defs_process_user *puser) { - return 0; + if (puser == NULL) { + ERROR("Empty basefs or puser"); + return -1; + } + return get_user("/", hc, userstr, puser);; } static int embedded_images_to_imagetool_images(struct db_all_images *all_images, diff --git a/src/image/embedded/embedded_image.h b/src/image/embedded/embedded_image.h index eee116c..626da01 100644 --- a/src/image/embedded/embedded_image.h +++ b/src/image/embedded/embedded_image.h @@ -32,11 +32,10 @@ int embedded_delete_rf(const im_delete_request *request); char *embedded_resolve_image_name(const char *image_name); -int embedded_merge_conf(oci_runtime_spec *oci_spec, const host_config *host_spec, container_custom_config *custom_spec, +int embedded_merge_conf(const host_config *host_spec, container_config *container_spec, const im_prepare_request *request, char **real_rootfs); -int embedded_get_user_conf(const char *basefs, host_config *hc, const char *userstr, - oci_runtime_spec_process_user *puser); +int embedded_get_user_conf(const char *basefs, host_config *hc, const char *userstr, defs_process_user *puser); int embedded_list_images(const im_list_request *request, imagetool_images_list **list); diff --git a/src/image/external/ext_image.c b/src/image/external/ext_image.c index 38a77c8..cde4629 100644 --- a/src/image/external/ext_image.c +++ b/src/image/external/ext_image.c @@ -101,7 +101,7 @@ char *ext_resolve_image_name(const char *image_name) return util_strdup_s(image_name); } -int ext_merge_conf(oci_runtime_spec *oci_spec, const host_config *host_spec, container_custom_config *custom_spec, +int ext_merge_conf(const host_config *host_spec, container_config *container_spec, const im_prepare_request *request, char **real_rootfs) #ifdef ENABLE_OCI_IMAGE { @@ -148,7 +148,7 @@ int ext_merge_conf(oci_runtime_spec *oci_spec, const host_config *host_spec, con goto out; } - ret = oci_image_merge_config(image_info->info, oci_spec, custom_spec); + ret = oci_image_merge_config(image_info->info, container_spec); out: free(resolved_name); @@ -181,7 +181,7 @@ out: } #endif -int ext_get_user_conf(const char *basefs, host_config *hc, const char *userstr, oci_runtime_spec_process_user *puser) +int ext_get_user_conf(const char *basefs, host_config *hc, const char *userstr, defs_process_user *puser) { if (basefs == NULL || puser == NULL) { ERROR("Empty basefs or puser"); diff --git a/src/image/external/ext_image.h b/src/image/external/ext_image.h index 2346953..13276af 100644 --- a/src/image/external/ext_image.h +++ b/src/image/external/ext_image.h @@ -27,9 +27,9 @@ int ext_umount_rf(const im_umount_request *request); int ext_delete_rf(const im_delete_request *request); char *ext_resolve_image_name(const char *image_name); -int ext_merge_conf(oci_runtime_spec *oci_spec, const host_config *host_spec, container_custom_config *custom_spec, +int ext_merge_conf(const host_config *host_spec, container_config *container_spec, const im_prepare_request *request, char **real_rootfs); -int ext_get_user_conf(const char *basefs, host_config *hc, const char *userstr, oci_runtime_spec_process_user *puser); +int ext_get_user_conf(const char *basefs, host_config *hc, const char *userstr, defs_process_user *puser); int ext_list_images(const im_list_request *request, imagetool_images_list **list); int ext_remove_image(const im_remove_request *request); int ext_inspect_image(const im_inspect_request *request, char **inspected_json); diff --git a/src/image/image.c b/src/image/image.c index c7d7ae6..97a82c5 100644 --- a/src/image/image.c +++ b/src/image/image.c @@ -662,15 +662,15 @@ bool im_config_image_exist(const char *image_name) } int im_merge_image_config(const char *id, const char *image_type, const char *image_name, - const char *ext_config_image, oci_runtime_spec *oci_spec, - host_config *host_spec, container_custom_config *custom_spec, + const char *ext_config_image, + host_config *host_spec, container_config *container_spec, char **real_rootfs) { int ret = 0; struct bim *bim = NULL; im_prepare_request *request = NULL; - if (real_rootfs == NULL || oci_spec == NULL || image_type == NULL) { + if (real_rootfs == NULL || image_type == NULL) { ERROR("Invalid input arguments"); ret = -1; goto out; @@ -702,7 +702,7 @@ int im_merge_image_config(const char *id, const char *image_type, const char *im EVENT("Event: {Object: %s, Type: preparing rootfs with image %s}", id, image_name); - ret = bim->ops->merge_conf(oci_spec, host_spec, custom_spec, request, real_rootfs); + ret = bim->ops->merge_conf(host_spec, container_spec, request, real_rootfs); request->storage_opt = NULL; if (ret != 0) { ERROR("Failed to merge image %s config, config image is %s", image_name, ext_config_image); @@ -720,7 +720,7 @@ out: } int im_get_user_conf(const char *image_type, const char *basefs, host_config *hc, const char *userstr, - oci_runtime_spec_process_user *puser) + defs_process_user *puser) { int ret = 0; struct bim *bim = NULL; diff --git a/src/image/image.h b/src/image/image.h index 2c4b32f..144a138 100644 --- a/src/image/image.h +++ b/src/image/image.h @@ -21,8 +21,8 @@ #include "oci_image_index.h" #include "oci_image_spec.h" #include "oci_runtime_spec.h" -#include "container_custom_config.h" #include "host_config.h" +#include "container_config.h" #include "libisulad.h" #ifdef ENABLE_OCI_IMAGE @@ -212,12 +212,12 @@ struct bim_ops { char *(*resolve_image_name)(const char *image_name); /* merge image config ops */ - int (*merge_conf)(oci_runtime_spec *oci_spec, const host_config *host_spec, container_custom_config *custom_spec, + int (*merge_conf)(const host_config *host_spec, container_config *container_spec, const im_prepare_request *request, char **real_rootfs); /* get user config ops */ int (*get_user_conf)(const char *basefs, host_config *hc, - const char *userstr, oci_runtime_spec_process_user *puser); + const char *userstr, defs_process_user *puser); /* list images */ int (*list_ims)(const im_list_request *request, imagetool_images_list **images); @@ -293,11 +293,12 @@ int im_umount_container_rootfs(const char *image_type, const char *image_name, c int im_remove_container_rootfs(const char *image_type, const char *container_id); int im_merge_image_config(const char *id, const char *image_type, const char *image_name, - const char *ext_config_image, oci_runtime_spec *oci_spec, host_config *host_spec, - container_custom_config *custom_spec, char **real_rootfs); + const char *ext_config_image, + host_config *host_spec, container_config *container_spec, + char **real_rootfs); int im_get_user_conf(const char *image_type, const char *basefs, host_config *hc, const char *userstr, - oci_runtime_spec_process_user *puser); + defs_process_user *puser); int im_list_images(const im_list_request *request, im_list_response **response); diff --git a/src/image/oci/isula_image.c b/src/image/oci/isula_image.c index cdd5c4c..f4a3e62 100644 --- a/src/image/oci/isula_image.c +++ b/src/image/oci/isula_image.c @@ -156,7 +156,7 @@ int isula_prepare_rf(const im_prepare_request *request, char **real_rootfs) real_rootfs, NULL); } -int isula_merge_conf_rf(oci_runtime_spec *oci_spec, const host_config *host_spec, container_custom_config *custom_spec, +int isula_merge_conf_rf(const host_config *host_spec, container_config *container_spec, const im_prepare_request *request, char **real_rootfs) { oci_image_spec *image = NULL; @@ -173,7 +173,7 @@ int isula_merge_conf_rf(oci_runtime_spec *oci_spec, const host_config *host_spec ERROR("Get prepare rootfs failed of image: %s", request->image_name); goto out; } - ret = oci_image_conf_merge_into_spec(request->image_name, oci_spec, custom_spec); + ret = oci_image_conf_merge_into_spec(request->image_name, container_spec); if (ret != 0) { ERROR("Failed to merge oci config for image: %s", request->image_name); goto out; diff --git a/src/image/oci/isula_image.h b/src/image/oci/isula_image.h index c30b622..7c3e75f 100644 --- a/src/image/oci/isula_image.h +++ b/src/image/oci/isula_image.h @@ -32,7 +32,7 @@ int isula_get_filesystem_info(im_fs_info_response **response); int isual_load_image(const im_load_request *request); int isula_prepare_rf(const im_prepare_request *request, char **real_rootfs); -int isula_merge_conf_rf(oci_runtime_spec *oci_spec, const host_config *host_spec, container_custom_config *custom_spec, +int isula_merge_conf_rf(const host_config *host_spec, container_config *container_spec, const im_prepare_request *request, char **real_rootfs); int isula_mount_rf(const im_mount_request *request); int isula_umount_rf(const im_umount_request *request); diff --git a/src/image/oci/oci_common_operators.c b/src/image/oci/oci_common_operators.c index cb31b06..0248ac7 100644 --- a/src/image/oci/oci_common_operators.c +++ b/src/image/oci/oci_common_operators.c @@ -244,7 +244,7 @@ static void oci_strip_dockerio(const imagetool_image *image) return; } -int oci_get_user_conf(const char *basefs, host_config *hc, const char *userstr, oci_runtime_spec_process_user *puser) +int oci_get_user_conf(const char *basefs, host_config *hc, const char *userstr, defs_process_user *puser) { if (basefs == NULL || puser == NULL) { ERROR("Empty basefs or puser"); @@ -796,14 +796,13 @@ int oci_get_all_images(const im_list_request *request, imagetool_images_list **i return isula_list_images(request, images); } -int oci_image_conf_merge_into_spec(const char *image_name, oci_runtime_spec *oci_spec, - container_custom_config *custom_spec) +int oci_image_conf_merge_into_spec(const char *image_name, container_config *container_spec) { int ret = 0; oci_image_t *image_info = NULL; char *resolved_name = NULL; - if (oci_spec == NULL || image_name == NULL) { + if (container_spec == NULL || image_name == NULL) { ERROR("invalid NULL param"); return -1; } @@ -822,7 +821,7 @@ int oci_image_conf_merge_into_spec(const char *image_name, oci_runtime_spec *oci goto out; } - ret = oci_image_merge_config(image_info->info, oci_spec, custom_spec); + ret = oci_image_merge_config(image_info->info, container_spec); if (ret != 0) { ERROR("Failed to merge oci config for image %s", resolved_name); ret = -1; diff --git a/src/image/oci/oci_common_operators.h b/src/image/oci/oci_common_operators.h index 0b42d73..fab7c74 100644 --- a/src/image/oci/oci_common_operators.h +++ b/src/image/oci/oci_common_operators.h @@ -29,7 +29,7 @@ char *oci_normalize_image_name(const char *name); bool oci_detect(const char *image_name); char *oci_resolve_image_name(const char *name); -int oci_get_user_conf(const char *basefs, host_config *hc, const char *userstr, oci_runtime_spec_process_user *puser); +int oci_get_user_conf(const char *basefs, host_config *hc, const char *userstr, defs_process_user *puser); int oci_list_images(const im_list_request *request, imagetool_images_list **images); int oci_status_image(im_status_request *request, im_status_response **response); int oci_inspect_image(const im_inspect_request *request, char **inspected_json); @@ -37,8 +37,7 @@ int oci_inspect_image(const im_inspect_request *request, char **inspected_json); imagetool_image *oci_get_image_info_by_name(const char *id); int oci_get_all_images(const im_list_request *request, imagetool_images_list **images); -int oci_image_conf_merge_into_spec(const char *image_name, oci_runtime_spec *oci_spec, - container_custom_config *custom_spec); +int oci_image_conf_merge_into_spec(const char *image_name, container_config *container_spec); #ifdef __cplusplus } diff --git a/src/image/oci/oci_config_merge.c b/src/image/oci/oci_config_merge.c index 5e00332..f925fee 100644 --- a/src/image/oci/oci_config_merge.c +++ b/src/image/oci/oci_config_merge.c @@ -25,52 +25,110 @@ #include "specs_mount.h" #include "specs_extend.h" -static void oci_image_merge_working_dir(const char *working_dir, oci_runtime_spec *oci_spec) +static void oci_image_merge_working_dir(const char *working_dir, container_config *container_spec) { if (working_dir == NULL) { return; } - free(oci_spec->process->cwd); - oci_spec->process->cwd = util_strdup_s(working_dir); + free(container_spec->working_dir); + container_spec->working_dir = util_strdup_s(working_dir); } -static int oci_image_merge_env(const oci_image_spec_config *config, oci_runtime_spec *oci_spec) +static int oci_image_merge_env(const oci_image_spec_config *config, container_config *container_spec) { + int ret = 0; + size_t new_size = 0; + size_t old_size = 0; + size_t i = 0; + size_t j = 0; + char **temp = NULL; + char **im_kv = NULL; + char **custom_kv = NULL; + if (config->env == NULL || config->env_len == 0) { return 0; } - if (merge_env(oci_spec, (const char **)config->env, config->env_len) != 0) { - ERROR("Failed to merge environment variables"); - return -1; + + if (config->env_len > LIST_ENV_SIZE_MAX - container_spec->env_len) { + ERROR("The length of envionment variables is too long, the limit is %d", LIST_ENV_SIZE_MAX); + isulad_set_error_message("The length of envionment variables is too long, the limit is %d", LIST_ENV_SIZE_MAX); + ret = -1; + goto out; } + new_size = (container_spec->env_len + config->env_len) * sizeof(char *); + old_size = container_spec->env_len * sizeof(char *); + ret = mem_realloc((void **)&temp, new_size, container_spec->env, old_size); + if (ret != 0) { + ERROR("Failed to realloc memory for envionment variables"); + ret = -1; + goto out; + } + + container_spec->env = temp; + for (i = 0; i < config->env_len; i++) { + bool found = false; + im_kv = util_string_split(config->env[i], '='); + if (im_kv == NULL) { + continue; + } + + for (j = 0; j < container_spec->env_len; j++) { + custom_kv = util_string_split(container_spec->env[i], '='); + if (custom_kv == NULL) { + continue; + } + if (strcmp(im_kv[0], custom_kv[0]) == 0) { + found = true; + } + util_free_array(custom_kv); + custom_kv = NULL; + if (found) { + break; + } + } + + if (!found) { + container_spec->env[container_spec->env_len] = util_strdup_s(config->env[i]); + container_spec->env_len++; + } + util_free_array(im_kv); + im_kv = NULL; + } +out: + return ret; return 0; } -static int do_duplicate_commands(const oci_image_spec_config *config, container_custom_config *custom_spec) +static int do_duplicate_commands(const oci_image_spec_config *config, container_config *container_spec) { size_t i; - if (custom_spec->cmd_len != 0 || config->cmd_len == 0) { + if (container_spec->cmd_len != 0 || config->cmd_len == 0) { return 0; } - custom_spec->cmd = (char **)util_smart_calloc_s(sizeof(char *), config->cmd_len); - if (custom_spec->cmd == NULL) { + if (config->cmd_len > SIZE_MAX / sizeof(char *)) { + ERROR("too many commands!"); + return -1; + } + + container_spec->cmd = (char **)util_common_calloc_s(sizeof(char *) * config->cmd_len); + if (container_spec->cmd == NULL) { ERROR("Out of memory"); return -1; } for (i = 0; i < config->cmd_len; i++) { - custom_spec->cmd[i] = util_strdup_s(config->cmd[i]); - custom_spec->cmd_len++; + container_spec->cmd[i] = util_strdup_s(config->cmd[i]); + container_spec->cmd_len++; } return 0; } -static int do_duplicate_entrypoints(const oci_image_spec_config *config, container_custom_config *custom_spec) +static int do_duplicate_entrypoints(const oci_image_spec_config *config, container_config *container_spec) { size_t i; @@ -78,64 +136,53 @@ static int do_duplicate_entrypoints(const oci_image_spec_config *config, contain return 0; } - custom_spec->entrypoint = (char **)util_smart_calloc_s(sizeof(char *), config->entrypoint_len); - if (custom_spec->entrypoint == NULL) { + if (config->entrypoint_len > SIZE_MAX / sizeof(char *)) { + ERROR("too many entrypoints!"); + return -1; + } + + container_spec->entrypoint = (char **)util_common_calloc_s(sizeof(char *) * config->entrypoint_len); + if (container_spec->entrypoint == NULL) { ERROR("Out of memory"); return -1; } for (i = 0; i < config->entrypoint_len; i++) { - custom_spec->entrypoint[i] = util_strdup_s(config->entrypoint[i]); - custom_spec->entrypoint_len++; + container_spec->entrypoint[i] = util_strdup_s(config->entrypoint[i]); + container_spec->entrypoint_len++; } return 0; } -static int oci_image_merge_entrypoint(const oci_image_spec_config *config, container_custom_config *custom_spec) +static int oci_image_merge_entrypoint(const oci_image_spec_config *config, container_config *container_spec) { - if (custom_spec->entrypoint_len != 0) { + if (container_spec->entrypoint_len != 0) { return 0; } - if (do_duplicate_commands(config, custom_spec) != 0) { + if (do_duplicate_commands(config, container_spec) != 0) { return -1; } - if (do_duplicate_entrypoints(config, custom_spec) != 0) { + if (do_duplicate_entrypoints(config, container_spec) != 0) { return -1; } return 0; } -static void oci_image_merge_user(const char *user, container_custom_config *custom_spec) +static void oci_image_merge_user(const char *user, container_config *container_spec) { - if (custom_spec->user != NULL) { + if (container_spec->user != NULL) { return; } - custom_spec->user = util_strdup_s(user); -} - -static int oci_image_merge_volumes(const oci_image_spec_config *config, oci_runtime_spec *oci_spec) -{ - int ret; - - if (config->volumes == NULL) { - return 0; - } - ret = merge_volumes(oci_spec, config->volumes->keys, config->volumes->len, NULL, parse_volume); - if (ret != 0) { - ERROR("Failed to merge volumes"); - return -1; - } - - return 0; + container_spec->user = util_strdup_s(user); } static int dup_health_check_from_image(const defs_health_check *image_health_check, - container_custom_config *custom_spec) + container_config *container_spec) { int ret = 0; size_t i; @@ -145,7 +192,13 @@ static int dup_health_check_from_image(const defs_health_check *image_health_che return -1; } - health_check->test = util_smart_calloc_s(sizeof(char *), image_health_check->test_len); + if (image_health_check->test_len > SIZE_MAX / sizeof(char *)) { + ERROR("invalid health check commands!"); + ret = -1; + goto out; + } + + health_check->test = util_common_calloc_s(sizeof(char *) * image_health_check->test_len); if (health_check->test == NULL) { ERROR("Out of memory"); ret = -1; @@ -162,7 +215,7 @@ static int dup_health_check_from_image(const defs_health_check *image_health_che health_check->retries = image_health_check->retries; health_check->exit_on_unhealthy = image_health_check->exit_on_unhealthy; - custom_spec->health_check = health_check; + container_spec->health_check = health_check; health_check = NULL; @@ -172,39 +225,43 @@ out: } static int update_health_check_from_image(const defs_health_check *image_health_check, - container_custom_config *custom_spec) + container_config *container_spec) { - if (custom_spec->health_check->test_len == 0) { + if (container_spec->health_check->test_len == 0) { size_t i; - custom_spec->health_check->test = util_smart_calloc_s(sizeof(char *), image_health_check->test_len); - if (custom_spec->health_check->test == NULL) { + if (image_health_check->test_len > SIZE_MAX / sizeof(char *)) { + ERROR("invalid health check commands!"); + return -1; + } + container_spec->health_check->test = util_common_calloc_s(sizeof(char *) * image_health_check->test_len); + if (container_spec->health_check->test == NULL) { ERROR("Out of memory"); return -1; } for (i = 0; i < image_health_check->test_len; i++) { - custom_spec->health_check->test[i] = util_strdup_s(image_health_check->test[i]); - custom_spec->health_check->test_len++; + container_spec->health_check->test[i] = util_strdup_s(image_health_check->test[i]); + container_spec->health_check->test_len++; } } - if (custom_spec->health_check->interval == 0) { - custom_spec->health_check->interval = image_health_check->interval; + if (container_spec->health_check->interval == 0) { + container_spec->health_check->interval = image_health_check->interval; } - if (custom_spec->health_check->timeout == 0) { - custom_spec->health_check->timeout = image_health_check->timeout; + if (container_spec->health_check->timeout == 0) { + container_spec->health_check->timeout = image_health_check->timeout; } - if (custom_spec->health_check->start_period == 0) { - custom_spec->health_check->start_period = image_health_check->start_period; + if (container_spec->health_check->start_period == 0) { + container_spec->health_check->start_period = image_health_check->start_period; } - if (custom_spec->health_check->retries == 0) { - custom_spec->health_check->retries = image_health_check->retries; + if (container_spec->health_check->retries == 0) { + container_spec->health_check->retries = image_health_check->retries; } return 0; } static int oci_image_merge_health_check(const defs_health_check *image_health_check, - container_custom_config *custom_spec) + container_config *container_spec) { int ret = 0; @@ -217,13 +274,13 @@ static int oci_image_merge_health_check(const defs_health_check *image_health_ch return -1; } - if (custom_spec->health_check == NULL) { - if (dup_health_check_from_image(image_health_check, custom_spec) != 0) { + if (container_spec->health_check == NULL) { + if (dup_health_check_from_image(image_health_check, container_spec) != 0) { ret = -1; goto out; } } else { - if (update_health_check_from_image(image_health_check, custom_spec) != 0) { + if (update_health_check_from_image(image_health_check, container_spec) != 0) { ret = -1; goto out; } @@ -233,38 +290,34 @@ out: return ret; } -int oci_image_merge_config(imagetool_image *image_conf, oci_runtime_spec *oci_spec, - container_custom_config *custom_spec) +int oci_image_merge_config(imagetool_image *image_conf, container_config *container_spec) { int ret = 0; - if (image_conf == NULL || oci_spec == NULL || custom_spec == NULL) { + if (image_conf == NULL || container_spec == NULL) { ERROR("Invalid input arguments"); return -1; } if (image_conf->spec != NULL && image_conf->spec->config != NULL) { - oci_image_merge_working_dir(image_conf->spec->config->working_dir, oci_spec); + oci_image_merge_working_dir(image_conf->spec->config->working_dir, container_spec); - if (oci_image_merge_env(image_conf->spec->config, oci_spec) != 0) { + if (oci_image_merge_env(image_conf->spec->config, container_spec) != 0) { ret = -1; goto out; } - if (oci_image_merge_entrypoint(image_conf->spec->config, custom_spec) != 0) { + if (oci_image_merge_entrypoint(image_conf->spec->config, container_spec) != 0) { ret = -1; goto out; } - oci_image_merge_user(image_conf->spec->config->user, custom_spec); + oci_image_merge_user(image_conf->spec->config->user, container_spec); - if (oci_image_merge_volumes(image_conf->spec->config, oci_spec) != 0) { - ret = -1; - goto out; - } + // ignore volumes now } - if (oci_image_merge_health_check(image_conf->healthcheck, custom_spec) != 0) { + if (oci_image_merge_health_check(image_conf->healthcheck, container_spec) != 0) { ret = -1; goto out; } diff --git a/src/image/oci/oci_config_merge.h b/src/image/oci/oci_config_merge.h index 414ff4b..7854851 100644 --- a/src/image/oci/oci_config_merge.h +++ b/src/image/oci/oci_config_merge.h @@ -17,15 +17,14 @@ #define __OCI_IMAGE_MERGE_CONFIG_H_ #include "imagetool_image.h" -#include "container_custom_config.h" #include "oci_runtime_spec.h" +#include "container_config.h" #ifdef __cplusplus extern "C" { #endif -int oci_image_merge_config(imagetool_image *image_conf, oci_runtime_spec *oci_spec, - container_custom_config *custom_spec); +int oci_image_merge_config(imagetool_image *image_conf, container_config *container_spec); #ifdef __cplusplus } diff --git a/src/json/schema/schema/container/conf-request.json b/src/json/schema/schema/container/conf-request.json deleted file mode 100644 index fa86505..0000000 --- a/src/json/schema/schema/container/conf-request.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "container_id": { - "type": "string" - } - } -} diff --git a/src/json/schema/schema/container/conf-response.json b/src/json/schema/schema/container/conf-response.json deleted file mode 100644 index 2dfbc25..0000000 --- a/src/json/schema/schema/container/conf-response.json +++ /dev/null @@ -1,21 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "container_logpath": { - "type": "string" - }, - "container_logsize": { - "type": "string" - }, - "container_logrotate": { - "type": "uint32" - }, - "cc": { - "type": "uint32" - }, - "errmsg": { - "type": "string" - } - } -} diff --git a/src/json/schema/schema/container/config.json b/src/json/schema/schema/container/config.json index 61f071b..ad1b24d 100644 --- a/src/json/schema/schema/container/config.json +++ b/src/json/schema/schema/container/config.json @@ -88,6 +88,32 @@ }, "HealthCheck": { "$ref": "../defs.json#/definitions/HealthCheck" + }, + "SystemContainer": { + "type": "boolean" + }, + "NsChangeOpt": { + "type": "string" + }, + "Mounts": { + "type": "array", + "items": { + "type": "string" + } + }, + "LogConfig": { + "type": "object", + "properties": { + "log_file": { + "type": "string" + }, + "log_file_size": { + "type": "string" + }, + "log_file_rotate": { + "type": "uint64" + } + } } }, "required": [ diff --git a/src/json/schema/schema/container/custom-config.json b/src/json/schema/schema/container/custom-config.json deleted file mode 100644 index eaee5c0..0000000 --- a/src/json/schema/schema/container/custom-config.json +++ /dev/null @@ -1,83 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "Env": { - "type": "array", - "items": { - "type": "string" - } - }, - "Hostname": { - "type": "string" - }, - "User": { - "type": "string" - }, - "AttachStdin": { - "type": "boolean" - }, - "AttachStdout": { - "type": "boolean" - }, - "AttachStderr": { - "type": "boolean" - }, - "Tty": { - "type": "boolean" - }, - "OpenStdin": { - "type": "boolean" - }, - "SystemContainer": { - "type": "boolean" - }, - "NsChangeOpt": { - "type": "string" - }, - "Mounts": { - "type": "array", - "items": { - "type": "string" - } - }, - "Entrypoint": { - "type": "array", - "items": { - "type": "string" - } - }, - "Labels": { - "$ref": "../defs.json#/definitions/mapStringString" - }, - "Cmd": { - "$ref": "../defs.json#/definitions/ArrayOfStrings" - }, - "annotations": { - "$ref": "../defs.json#/definitions/mapStringString" - }, - "WorkingDir": { - "type": "string" - }, - "Entrypoint": { - "$ref": "../defs.json#/definitions/ArrayOfStrings" - }, - "LogConfig": { - "type": "object", - "properties": { - "log_file": { - "type": "string" - }, - "log_file_size": { - "type": "string" - }, - "log_file_rotate": { - "type": "uint64" - } - } - }, - "HealthCheck": { - "$ref": "../defs.json#/definitions/HealthCheck" - } - } -} diff --git a/src/json/schema/schema/container/info.json b/src/json/schema/schema/container/info.json index 2ac7d0a..654f02f 100644 --- a/src/json/schema/schema/container/info.json +++ b/src/json/schema/schema/container/info.json @@ -8,15 +8,6 @@ "image_type": { "type": "string" }, - "pid": { - "type": "int32" - }, - "has_pid": { - "type": "boolean" - }, - "status": { - "type": "integer" - }, "pids_current": { "type": "uint64" }, diff --git a/src/json/schema/schema/container/stats-request.json b/src/json/schema/schema/container/stats-request.json index f6e7e45..fc12475 100644 --- a/src/json/schema/schema/container/stats-request.json +++ b/src/json/schema/schema/container/stats-request.json @@ -5,9 +5,6 @@ "filters": { "$ref": "../defs.json#/definitions/filters" }, - "runtime": { - "type": "string" - }, "containers": { "$ref": "../defs.json#/definitions/ArrayOfStrings" }, diff --git a/src/json/schema/schema/defs.json b/src/json/schema/schema/defs.json index 72bdad7..be56b15 100644 --- a/src/json/schema/schema/defs.json +++ b/src/json/schema/schema/defs.json @@ -303,6 +303,702 @@ "$ref": "#/definitions/mapStringBool" } } - } + }, + "any": { + "type": "object", + "properties": { + "type_url": { + "type": "string" + }, + "value": { + "type": "array", + "items": { + "type": "byte" + } + } + } + }, + "zone": { + "type": "object", + "properties": { + "name": { + "type":"string" + }, + "offset": { + "$ref": "#/definitions/uint8" + }, + "isDST": { + "type": "boolean" + } + } + }, + "zoneTrans": { + "type": "object", + "properties": { + "wnen": { + "$ref": "#/definitions/int64" + }, + "index": { + "$ref": "#/definitions/uint8" + }, + "isstd": { + "type": "boolean" + }, + "isutc": { + "type": "boolean" + } + } + }, + + "location": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "zone": { + "type": "array", + "items": { + "$ref": "#/definitions/zone" + } + }, + "tx": { + "type": "array", + "items": { + "$ref": "#/definitions/zoneTrans" + } + }, + "cacheStart": { + "$ref": "#/definitions/int64" + }, + "cacheEnd": { + "$ref": "#/definitions/int64" + }, + "cacheZone": { + "$ref": "#/definitions/zone" + } + } + }, + "time": { + "type": "object", + "properties": { + "wall": { + "$ref": "#/definitions/uint64" + }, + "ext": { + "$ref": "#/definitions/int64" + }, + "loc": { + "$ref": "#/definitions/location" + } + } + }, + "RootfsPropagation": { + "type": "string", + "enum": [ + "private", + "shared", + "slave", + "unbindable" + ] + }, + "SeccompArch": { + "type": "string", + "enum": [ + "SCMP_ARCH_X86", + "SCMP_ARCH_X86_64", + "SCMP_ARCH_X32", + "SCMP_ARCH_ARM", + "SCMP_ARCH_AARCH64", + "SCMP_ARCH_MIPS", + "SCMP_ARCH_MIPS64", + "SCMP_ARCH_MIPS64N32", + "SCMP_ARCH_MIPSEL", + "SCMP_ARCH_MIPSEL64", + "SCMP_ARCH_MIPSEL64N32", + "SCMP_ARCH_PPC", + "SCMP_ARCH_PPC64", + "SCMP_ARCH_PPC64LE", + "SCMP_ARCH_S390", + "SCMP_ARCH_S390X", + "SCMP_ARCH_PARISC", + "SCMP_ARCH_PARISC64" + ] + }, + "SeccompAction": { + "type": "string", + "enum": [ + "SCMP_ACT_KILL", + "SCMP_ACT_TRAP", + "SCMP_ACT_ERRNO", + "SCMP_ACT_TRACE", + "SCMP_ACT_ALLOW" + ] + }, + "SeccompOperators": { + "type": "string", + "enum": [ + "SCMP_CMP_NE", + "SCMP_CMP_LT", + "SCMP_CMP_LE", + "SCMP_CMP_EQ", + "SCMP_CMP_GE", + "SCMP_CMP_GT", + "SCMP_CMP_MASKED_EQ" + ] + }, + "SyscallArg": { + "type": "object", + "properties": { + "index": { + "$ref": "#/definitions/uint32" + }, + "value": { + "$ref": "#/definitions/uint64" + }, + "valueTwo": { + "$ref": "#/definitions/uint64" + }, + "op": { + "$ref": "#/definitions/SeccompOperators" + } + }, + "required": [ + "index", + "value", + "op" + ] + }, + "Syscall": { + "type": "object", + "properties": { + "names": { + "type": "array", + "items": { + "type": "string" + }, + "minItems": 1 + }, + "action": { + "$ref": "#/definitions/SeccompAction" + }, + "args": { + "type": "array", + "items": { + "$ref": "#/definitions/SyscallArg" + } + } + }, + "required": [ + "names", + "action" + ] + }, + "Major": { + "description": "major device number", + "$ref": "#/definitions/int64" + }, + "Minor": { + "description": "minor device number", + "$ref": "#/definitions/int64" + }, + "FileMode": { + "description": "File permissions mode (typically an octal value)", + "type": "integer", + "minimum": 0, + "maximum": 512 + }, + "FileType": { + "description": "Type of a block or special character device", + "type": "string", + "pattern": "^[cbup]$" + }, + "Device": { + "type": "object", + "required": [ + "type", + "path" + ], + "properties": { + "type": { + "$ref": "#/definitions/FileType" + }, + "path": { + "$ref": "#/definitions/FilePath" + }, + "fileMode": { + "$ref": "#/definitions/FileMode" + }, + "major": { + "$ref": "#/definitions/Major" + }, + "minor": { + "$ref": "#/definitions/Minor" + }, + "uid": { + "$ref": "#/definitions/UID" + }, + "gid": { + "$ref": "#/definitions/GID" + } + } + }, + "weight": { + "type": "integer" + }, + "blockIODevice": { + "type": "object", + "properties": { + "major": { + "$ref": "#/definitions/Major" + }, + "minor": { + "$ref": "#/definitions/Minor" + } + }, + "required": [ + "major", + "minor" + ] + }, + "blockIODeviceWeight": { + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/blockIODevice" + }, + { + "type": "object", + "properties": { + "weight": { + "$ref": "#/definitions/weight" + }, + "leafWeight": { + "$ref": "#/definitions/weight" + } + } + } + ] + }, + "blockIODeviceThrottle": { + "allOf": [ + { + "$ref": "#/definitions/blockIODevice" + }, + { + "type": "object", + "properties": { + "rate": { + "$ref": "#/definitions/uint64" + } + } + } + ] + }, + "DeviceCgroup": { + "type": "object", + "properties": { + "allow": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "major": { + "$ref": "#/definitions/Major" + }, + "minor": { + "$ref": "#/definitions/Minor" + }, + "access": { + "type": "string" + } + }, + "required": [ + "allow" + ] + }, + "NetworkInterfacePriority": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "priority": { + "$ref": "#/definitions/uint32" + } + }, + "required": [ + "name", + "priority" + ] + }, + "NamespaceType": { + "type": "string", + "enum": [ + "mount", + "pid", + "network", + "uts", + "ipc", + "user", + "cgroup" + ] + }, + "NamespaceReference": { + "type": "object", + "properties": { + "type": { + "$ref": "#/definitions/NamespaceType" + }, + "path": { + "$ref": "#/definitions/FilePath" + } + }, + "required": [ + "type" + ] + }, + "processInfo": { + "type": "object", + "properties": { + "pid": { + "$ref": "#/definitions/uint32" + }, + "info": { + "$ref": "#/definitions/any" + } + } + }, + "process": { + "id": "https://opencontainers.org/schema/bundle/process", + "type": "object", + "required": [ + "cwd", + "args" + ], + "properties": { + "args": { + "id": "https://opencontainers.org/schema/bundle/process/args", + "$ref": "#/definitions/ArrayOfStrings" + }, + "consoleSize": { + "id": "https://opencontainers.org/schema/bundle/process/consoleSize", + "type": "object", + "required": [ + "height", + "width" + ], + "properties": { + "height": { + "id": "https://opencontainers.org/schema/bundle/process/consoleSize/height", + "$ref": "#/definitions/uint64" + }, + "width": { + "id": "https://opencontainers.org/schema/bundle/process/consoleSize/width", + "$ref": "#/definitions/uint64" + } + } + }, + "cwd": { + "id": "https://opencontainers.org/schema/bundle/process/cwd", + "type": "string" + }, + "env": { + "id": "https://opencontainers.org/schema/bundle/process/env", + "$ref": "#/definitions/Env" + }, + "terminal": { + "id": "https://opencontainers.org/schema/bundle/process/terminal", + "type": "boolean" + }, + "user": { + "id": "https://opencontainers.org/schema/bundle/process/user", + "type": "object", + "properties": { + "uid": { + "id": "https://opencontainers.org/schema/bundle/process/user/uid", + "$ref": "#/definitions/UID" + }, + "gid": { + "id": "https://opencontainers.org/schema/bundle/process/user/gid", + "$ref": "#/definitions/GID" + }, + "additionalGids": { + "id": "https://opencontainers.org/schema/bundle/process/user/additionalGids", + "$ref": "#/definitions/ArrayOfGIDs" + }, + "username": { + "id": "https://opencontainers.org/schema/bundle/process/user/username", + "type": "string" + } + } + }, + "capabilities": { + "id": "https://opencontainers.org/schema/bundle/process/linux/capabilities", + "type": "object", + "properties": { + "bounding": { + "id": "https://opencontainers.org/schema/bundle/process/linux/capabilities/bounding", + "type": "array", + "items": { + "type": "string" + } + }, + "permitted": { + "id": "https://opencontainers.org/schema/bundle/process/linux/capabilities/permitted", + "type": "array", + "items": { + "type": "string" + } + }, + "effective": { + "id": "https://opencontainers.org/schema/bundle/process/linux/capabilities/effective", + "type": "array", + "items": { + "type": "string" + } + }, + "inheritable": { + "id": "https://opencontainers.org/schema/bundle/process/linux/capabilities/inheritable", + "type": "array", + "items": { + "type": "string" + } + }, + "ambient": { + "id": "https://opencontainers.org/schema/bundle/process/linux/capabilities/ambient", + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "apparmorProfile": { + "id": "https://opencontainers.org/schema/bundle/process/linux/apparmorProfile", + "type": "string" + }, + "oomScoreAdj": { + "id": "https://opencontainers.org/schema/bundle/process/linux/oomScoreAdj", + "type": "integer" + }, + "selinuxLabel": { + "id": "https://opencontainers.org/schema/bundle/process/linux/selinuxLabel", + "type": "string" + }, + "noNewPrivileges": { + "id": "https://opencontainers.org/schema/bundle/process/linux/noNewPrivileges", + "type": "boolean" + }, + "rlimits": { + "id": "https://opencontainers.org/schema/bundle/linux/rlimits", + "type": "array", + "items": { + "id": "https://opencontainers.org/schema/bundle/linux/rlimits/0", + "type": "object", + "required": [ + "type", + "soft", + "hard" + ], + "properties": { + "hard": { + "id": "https://opencontainers.org/schema/bundle/linux/rlimits/0/hard", + "$ref": "#/definitions/uint64" + }, + "soft": { + "id": "https://opencontainers.org/schema/bundle/linux/rlimits/0/soft", + "$ref": "#/definitions/uint64" + }, + "type": { + "id": "https://opencontainers.org/schema/bundle/linux/rlimits/0/type", + "type": "string", + "pattern": "^RLIMIT_[A-Z]+$" + } + } + } + } + } + }, + "resources": { + "id": "https://opencontainers.org/schema/bundle/linux/resources", + "type": "object", + "properties": { + "devices": { + "id": "https://opencontainers.org/schema/bundle/linux/resources/devices", + "type": "array", + "items": { + "$ref": "#/definitions/DeviceCgroup" + } + }, + "pids": { + "id": "https://opencontainers.org/schema/bundle/linux/resources/pids", + "type": "object", + "properties": { + "limit": { + "id": "https://opencontainers.org/schema/bundle/linux/resources/pids/limit", + "$ref": "#/definitions/int64" + } + }, + "required": [ + "limit" + ] + }, + "blockIO": { + "id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO", + "type": "object", + "properties": { + "weight": { + "id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/weight", + "$ref": "#/definitions/weight" + }, + "leafWeight": { + "id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/leafWeight", + "$ref": "#/definitions/weight" + }, + "throttleReadBpsDevice": { + "id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/throttleReadBpsDevice", + "type": "array", + "items": { + "$ref": "#/definitions/blockIODeviceThrottle" + } + }, + "throttleWriteBpsDevice": { + "id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/throttleWriteBpsDevice", + "type": "array", + "items": { + "$ref": "#/definitions/blockIODeviceThrottle" + } + }, + "throttleReadIOPSDevice": { + "id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/throttleReadIOPSDevice", + "type": "array", + "items": { + "$ref": "#/definitions/blockIODeviceThrottle" + } + }, + "throttleWriteIOPSDevice": { + "id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/throttleWriteIOPSDevice", + "type": "array", + "items": { + "$ref": "#/definitions/blockIODeviceThrottle" + } + }, + "weightDevice": { + "id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/weightDevice", + "type": "array", + "items": { + "$ref": "#/definitions/blockIODeviceWeight" + } + } + } + }, + "cpu": { + "id": "https://opencontainers.org/schema/bundle/linux/resources/cpu", + "type": "object", + "properties": { + "cpus": { + "id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/cpus", + "type": "string" + }, + "mems": { + "id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/mems", + "type": "string" + }, + "period": { + "id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/period", + "$ref": "#/definitions/uint64" + }, + "quota": { + "id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/quota", + "$ref": "#/definitions/int64" + }, + "realtimePeriod": { + "id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/realtimePeriod", + "$ref": "#/definitions/uint64" + }, + "realtimeRuntime": { + "id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/realtimeRuntime", + "$ref": "#/definitions/int64" + }, + "shares": { + "id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/shares", + "$ref": "#/definitions/uint64" + } + } + }, + "hugepageLimits": { + "id": "https://opencontainers.org/schema/bundle/linux/resources/hugepageLimits", + "type": "array", + "items": { + "type": "object", + "properties": { + "pageSize": { + "type": "string" + }, + "limit": { + "$ref": "#/definitions/uint64" + } + }, + "required": [ + "pageSize", + "limit" + ] + } + }, + "memory": { + "id": "https://opencontainers.org/schema/bundle/linux/resources/memory", + "type": "object", + "properties": { + "kernel": { + "id": "https://opencontainers.org/schema/bundle/linux/resources/memory/kernel", + "$ref": "#/definitions/int64" + }, + "kernelTCP": { + "id": "https://opencontainers.org/schema/bundle/linux/resources/memory/kernelTCP", + "$ref": "#/definitions/int64" + }, + "limit": { + "id": "https://opencontainers.org/schema/bundle/linux/resources/memory/limit", + "$ref": "#/definitions/int64" + }, + "reservation": { + "id": "https://opencontainers.org/schema/bundle/linux/resources/memory/reservation", + "$ref": "#/definitions/int64" + }, + "swap": { + "id": "https://opencontainers.org/schema/bundle/linux/resources/memory/swap", + "$ref": "#/definitions/int64" + }, + "swappiness": { + "id": "https://opencontainers.org/schema/bundle/linux/resources/memory/swappiness", + "$ref": "#/definitions/uint64" + }, + "disableOOMKiller": { + "id": "https://opencontainers.org/schema/bundle/linux/resources/memory/disableOOMKiller", + "type": "boolean" + } + } + }, + "network": { + "id": "https://opencontainers.org/schema/bundle/linux/resources/network", + "type": "object", + "properties": { + "classID": { + "id": "https://opencontainers.org/schema/bundle/linux/resources/network/classId", + "$ref": "#/definitions/uint32" + }, + "priorities": { + "id": "https://opencontainers.org/schema/bundle/linux/resources/network/priorities", + "type": "array", + "items": { + "$ref": "#/definitions/NetworkInterfacePriority" + } + } + } + } + } + } } } diff --git a/src/json/schema/schema/docker/seccomp.json b/src/json/schema/schema/docker/seccomp.json index 1318ad3..c1bc8c9 100644 --- a/src/json/schema/schema/docker/seccomp.json +++ b/src/json/schema/schema/docker/seccomp.json @@ -13,12 +13,12 @@ "type": "object", "properties": { "architecture": { - "$ref": "../oci/runtime/defs-linux.json#/definitions/SeccompArch" + "$ref": "../defs.json#/definitions/SeccompArch" }, "subArchitectures": { "type": "array", "items": { - "$ref": "../oci/runtime/defs-linux.json#/definitions/SeccompArch" + "$ref": "../defs.json#/definitions/SeccompArch" } } } @@ -38,7 +38,7 @@ "minItems": 1 }, "action": { - "$ref": "../oci/runtime/defs-linux.json#/definitions/SeccompAction" + "$ref": "../defs.json#/definitions/SeccompAction" }, "args": { "type": "array", @@ -55,7 +55,7 @@ "$ref": "../defs.json#/definitions/uint64" }, "op": { - "$ref": "../oci/runtime/defs-linux.json#/definitions/SeccompOperators" + "$ref": "../defs.json#/definitions/SeccompOperators" } }, "required": [ @@ -74,7 +74,7 @@ "arches": { "type": "array", "items": { - "$ref": "../oci/runtime/defs-linux.json#/definitions/SeccompArch" + "$ref": "../defs.json#/definitions/SeccompArch" } }, "caps": { @@ -91,7 +91,7 @@ "arches": { "type": "array", "items": { - "$ref": "../oci/runtime/defs-linux.json#/definitions/SeccompArch" + "$ref": "../defs.json#/definitions/SeccompArch" } }, "caps": { diff --git a/src/json/schema/schema/oci/runtime/config-linux.json b/src/json/schema/schema/oci/runtime/config-linux.json index 70b05e0..4925616 100644 --- a/src/json/schema/schema/oci/runtime/config-linux.json +++ b/src/json/schema/schema/oci/runtime/config-linux.json @@ -8,7 +8,7 @@ "id": "https://opencontainers.org/schema/bundle/linux/devices", "type": "array", "items": { - "$ref": "defs-linux.json#/definitions/Device" + "$ref": "../../defs.json#/definitions/Device" } }, "uidMappings": { @@ -31,197 +31,21 @@ "items": { "anyOf": [ { - "$ref": "defs-linux.json#/definitions/NamespaceReference" + "$ref": "../../defs.json#/definitions/NamespaceReference" } ] } }, - "resources": { - "id": "https://opencontainers.org/schema/bundle/linux/resources", - "type": "object", - "properties": { - "devices": { - "id": "https://opencontainers.org/schema/bundle/linux/resources/devices", - "type": "array", - "items": { - "$ref": "defs-linux.json#/definitions/DeviceCgroup" - } - }, - "pids": { - "id": "https://opencontainers.org/schema/bundle/linux/resources/pids", - "type": "object", - "properties": { - "limit": { - "id": "https://opencontainers.org/schema/bundle/linux/resources/pids/limit", - "$ref": "../../defs.json#/definitions/int64" - } - }, - "required": [ - "limit" - ] - }, - "blockIO": { - "id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO", - "type": "object", - "properties": { - "weight": { - "id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/weight", - "$ref": "defs-linux.json#/definitions/weight" - }, - "leafWeight": { - "id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/leafWeight", - "$ref": "defs-linux.json#/definitions/weight" - }, - "throttleReadBpsDevice": { - "id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/throttleReadBpsDevice", - "type": "array", - "items": { - "$ref": "defs-linux.json#/definitions/blockIODeviceThrottle" - } - }, - "throttleWriteBpsDevice": { - "id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/throttleWriteBpsDevice", - "type": "array", - "items": { - "$ref": "defs-linux.json#/definitions/blockIODeviceThrottle" - } - }, - "throttleReadIOPSDevice": { - "id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/throttleReadIOPSDevice", - "type": "array", - "items": { - "$ref": "defs-linux.json#/definitions/blockIODeviceThrottle" - } - }, - "throttleWriteIOPSDevice": { - "id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/throttleWriteIOPSDevice", - "type": "array", - "items": { - "$ref": "defs-linux.json#/definitions/blockIODeviceThrottle" - } - }, - "weightDevice": { - "id": "https://opencontainers.org/schema/bundle/linux/resources/blockIO/weightDevice", - "type": "array", - "items": { - "$ref": "defs-linux.json#/definitions/blockIODeviceWeight" - } - } - } - }, - "cpu": { - "id": "https://opencontainers.org/schema/bundle/linux/resources/cpu", - "type": "object", - "properties": { - "cpus": { - "id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/cpus", - "type": "string" - }, - "mems": { - "id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/mems", - "type": "string" - }, - "period": { - "id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/period", - "$ref": "../../defs.json#/definitions/uint64" - }, - "quota": { - "id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/quota", - "$ref": "../../defs.json#/definitions/int64" - }, - "realtimePeriod": { - "id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/realtimePeriod", - "$ref": "../../defs.json#/definitions/uint64" - }, - "realtimeRuntime": { - "id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/realtimeRuntime", - "$ref": "../../defs.json#/definitions/int64" - }, - "shares": { - "id": "https://opencontainers.org/schema/bundle/linux/resources/cpu/shares", - "$ref": "../../defs.json#/definitions/uint64" - } - } - }, - "hugepageLimits": { - "id": "https://opencontainers.org/schema/bundle/linux/resources/hugepageLimits", - "type": "array", - "items": { - "type": "object", - "properties": { - "pageSize": { - "type": "string" - }, - "limit": { - "$ref": "../../defs.json#/definitions/uint64" - } - }, - "required": [ - "pageSize", - "limit" - ] - } - }, - "memory": { - "id": "https://opencontainers.org/schema/bundle/linux/resources/memory", - "type": "object", - "properties": { - "kernel": { - "id": "https://opencontainers.org/schema/bundle/linux/resources/memory/kernel", - "$ref": "../../defs.json#/definitions/int64" - }, - "kernelTCP": { - "id": "https://opencontainers.org/schema/bundle/linux/resources/memory/kernelTCP", - "$ref": "../../defs.json#/definitions/int64" - }, - "limit": { - "id": "https://opencontainers.org/schema/bundle/linux/resources/memory/limit", - "$ref": "../../defs.json#/definitions/int64" - }, - "reservation": { - "id": "https://opencontainers.org/schema/bundle/linux/resources/memory/reservation", - "$ref": "../../defs.json#/definitions/int64" - }, - "swap": { - "id": "https://opencontainers.org/schema/bundle/linux/resources/memory/swap", - "$ref": "../../defs.json#/definitions/int64" - }, - "swappiness": { - "id": "https://opencontainers.org/schema/bundle/linux/resources/memory/swappiness", - "$ref": "../../defs.json#/definitions/uint64" - }, - "disableOOMKiller": { - "id": "https://opencontainers.org/schema/bundle/linux/resources/memory/disableOOMKiller", - "type": "boolean" - } - } - }, - "network": { - "id": "https://opencontainers.org/schema/bundle/linux/resources/network", - "type": "object", - "properties": { - "classID": { - "id": "https://opencontainers.org/schema/bundle/linux/resources/network/classId", - "$ref": "../../defs.json#/definitions/uint32" - }, - "priorities": { - "id": "https://opencontainers.org/schema/bundle/linux/resources/network/priorities", - "type": "array", - "items": { - "$ref": "defs-linux.json#/definitions/NetworkInterfacePriority" - } - } - } - } - } - }, + "resources": { + "$ref": "../../defs.json#/definitions/resources" + }, "cgroupsPath": { "id": "https://opencontainers.org/schema/bundle/linux/cgroupsPath", "type": "string" }, "rootfsPropagation": { "id": "https://opencontainers.org/schema/bundle/linux/rootfsPropagation", - "$ref": "defs-linux.json#/definitions/RootfsPropagation" + "$ref": "../../defs.json#/definitions/RootfsPropagation" }, "seccomp": { "id": "https://opencontainers.org/schema/bundle/linux/seccomp", @@ -235,14 +59,14 @@ "id": "https://opencontainers.org/schema/bundle/linux/seccomp/architectures", "type": "array", "items": { - "$ref": "defs-linux.json#/definitions/SeccompArch" + "$ref": "../../defs.json#/definitions/SeccompArch" } }, "syscalls": { "id": "https://opencontainers.org/schema/bundle/linux/seccomp/syscalls", "type": "array", "items": { - "$ref": "defs-linux.json#/definitions/Syscall" + "$ref": "../../defs.json#/definitions/Syscall" } } }, diff --git a/src/json/schema/schema/oci/runtime/defs-linux.json b/src/json/schema/schema/oci/runtime/defs-linux.json deleted file mode 100644 index ccbe3c7..0000000 --- a/src/json/schema/schema/oci/runtime/defs-linux.json +++ /dev/null @@ -1,270 +0,0 @@ -{ - "definitions": { - "RootfsPropagation": { - "type": "string", - "enum": [ - "private", - "shared", - "slave", - "unbindable" - ] - }, - "SeccompArch": { - "type": "string", - "enum": [ - "SCMP_ARCH_X86", - "SCMP_ARCH_X86_64", - "SCMP_ARCH_X32", - "SCMP_ARCH_ARM", - "SCMP_ARCH_AARCH64", - "SCMP_ARCH_MIPS", - "SCMP_ARCH_MIPS64", - "SCMP_ARCH_MIPS64N32", - "SCMP_ARCH_MIPSEL", - "SCMP_ARCH_MIPSEL64", - "SCMP_ARCH_MIPSEL64N32", - "SCMP_ARCH_PPC", - "SCMP_ARCH_PPC64", - "SCMP_ARCH_PPC64LE", - "SCMP_ARCH_S390", - "SCMP_ARCH_S390X", - "SCMP_ARCH_PARISC", - "SCMP_ARCH_PARISC64" - ] - }, - "SeccompAction": { - "type": "string", - "enum": [ - "SCMP_ACT_KILL", - "SCMP_ACT_TRAP", - "SCMP_ACT_ERRNO", - "SCMP_ACT_TRACE", - "SCMP_ACT_ALLOW" - ] - }, - "SeccompOperators": { - "type": "string", - "enum": [ - "SCMP_CMP_NE", - "SCMP_CMP_LT", - "SCMP_CMP_LE", - "SCMP_CMP_EQ", - "SCMP_CMP_GE", - "SCMP_CMP_GT", - "SCMP_CMP_MASKED_EQ" - ] - }, - "SyscallArg": { - "type": "object", - "properties": { - "index": { - "$ref": "../../defs.json#/definitions/uint32" - }, - "value": { - "$ref": "../../defs.json#/definitions/uint64" - }, - "valueTwo": { - "$ref": "../../defs.json#/definitions/uint64" - }, - "op": { - "$ref": "#/definitions/SeccompOperators" - } - }, - "required": [ - "index", - "value", - "op" - ] - }, - "Syscall": { - "type": "object", - "properties": { - "names": { - "type": "array", - "items": { - "type": "string" - }, - "minItems": 1 - }, - "action": { - "$ref": "#/definitions/SeccompAction" - }, - "args": { - "type": "array", - "items": { - "$ref": "#/definitions/SyscallArg" - } - } - }, - "required": [ - "names", - "action" - ] - }, - "Major": { - "description": "major device number", - "$ref": "../../defs.json#/definitions/int64" - }, - "Minor": { - "description": "minor device number", - "$ref": "../../defs.json#/definitions/int64" - }, - "FileMode": { - "description": "File permissions mode (typically an octal value)", - "type": "integer", - "minimum": 0, - "maximum": 512 - }, - "FileType": { - "description": "Type of a block or special character device", - "type": "string", - "pattern": "^[cbup]$" - }, - "Device": { - "type": "object", - "required": [ - "type", - "path" - ], - "properties": { - "type": { - "$ref": "#/definitions/FileType" - }, - "path": { - "$ref": "../../defs.json#/definitions/FilePath" - }, - "fileMode": { - "$ref": "#/definitions/FileMode" - }, - "major": { - "$ref": "#/definitions/Major" - }, - "minor": { - "$ref": "#/definitions/Minor" - }, - "uid": { - "$ref": "../../defs.json#/definitions/UID" - }, - "gid": { - "$ref": "../../defs.json#/definitions/GID" - } - } - }, - "weight": { - "type": "integer" - }, - "blockIODevice": { - "type": "object", - "properties": { - "major": { - "$ref": "#/definitions/Major" - }, - "minor": { - "$ref": "#/definitions/Minor" - } - }, - "required": [ - "major", - "minor" - ] - }, - "blockIODeviceWeight": { - "type": "object", - "allOf": [ - { - "$ref": "#/definitions/blockIODevice" - }, - { - "type": "object", - "properties": { - "weight": { - "$ref": "#/definitions/weight" - }, - "leafWeight": { - "$ref": "#/definitions/weight" - } - } - } - ] - }, - "blockIODeviceThrottle": { - "allOf": [ - { - "$ref": "#/definitions/blockIODevice" - }, - { - "type": "object", - "properties": { - "rate": { - "$ref": "../../defs.json#/definitions/uint64" - } - } - } - ] - }, - "DeviceCgroup": { - "type": "object", - "properties": { - "allow": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "major": { - "$ref": "#/definitions/Major" - }, - "minor": { - "$ref": "#/definitions/Minor" - }, - "access": { - "type": "string" - } - }, - "required": [ - "allow" - ] - }, - "NetworkInterfacePriority": { - "type": "object", - "properties": { - "name": { - "type": "string" - }, - "priority": { - "$ref": "../../defs.json#/definitions/uint32" - } - }, - "required": [ - "name", - "priority" - ] - }, - "NamespaceType": { - "type": "string", - "enum": [ - "mount", - "pid", - "network", - "uts", - "ipc", - "user", - "cgroup" - ] - }, - "NamespaceReference": { - "type": "object", - "properties": { - "type": { - "$ref": "#/definitions/NamespaceType" - }, - "path": { - "$ref": "../../defs.json#/definitions/FilePath" - } - }, - "required": [ - "type" - ] - } - } -} diff --git a/src/json/schema/schema/oci/runtime/pspec.json b/src/json/schema/schema/oci/runtime/pspec.json index 5cefc40..bf8084c 100644 --- a/src/json/schema/schema/oci/runtime/pspec.json +++ b/src/json/schema/schema/oci/runtime/pspec.json @@ -23,7 +23,7 @@ "id": "https://opencontainers.org/schema/bundle/linux/devices", "type": "array", "items": { - "$ref": "defs-linux.json#/definitions/Device" + "$ref": "../../defs.json#/definitions/Device" } }, "resources": { diff --git a/src/json/schema/schema/oci/runtime/spec.json b/src/json/schema/schema/oci/runtime/spec.json index 61eacbd..832abd9 100644 --- a/src/json/schema/schema/oci/runtime/spec.json +++ b/src/json/schema/schema/oci/runtime/spec.json @@ -56,155 +56,7 @@ } }, "process": { - "id": "https://opencontainers.org/schema/bundle/process", - "type": "object", - "required": [ - "cwd", - "args" - ], - "properties": { - "args": { - "id": "https://opencontainers.org/schema/bundle/process/args", - "$ref": "../../defs.json#/definitions/ArrayOfStrings" - }, - "consoleSize": { - "id": "https://opencontainers.org/schema/bundle/process/consoleSize", - "type": "object", - "required": [ - "height", - "width" - ], - "properties": { - "height": { - "id": "https://opencontainers.org/schema/bundle/process/consoleSize/height", - "$ref": "../../defs.json#/definitions/uint64" - }, - "width": { - "id": "https://opencontainers.org/schema/bundle/process/consoleSize/width", - "$ref": "../../defs.json#/definitions/uint64" - } - } - }, - "cwd": { - "id": "https://opencontainers.org/schema/bundle/process/cwd", - "type": "string" - }, - "env": { - "id": "https://opencontainers.org/schema/bundle/process/env", - "$ref": "../../defs.json#/definitions/Env" - }, - "terminal": { - "id": "https://opencontainers.org/schema/bundle/process/terminal", - "type": "boolean" - }, - "user": { - "id": "https://opencontainers.org/schema/bundle/process/user", - "type": "object", - "properties": { - "uid": { - "id": "https://opencontainers.org/schema/bundle/process/user/uid", - "$ref": "../../defs.json#/definitions/UID" - }, - "gid": { - "id": "https://opencontainers.org/schema/bundle/process/user/gid", - "$ref": "../../defs.json#/definitions/GID" - }, - "additionalGids": { - "id": "https://opencontainers.org/schema/bundle/process/user/additionalGids", - "$ref": "../../defs.json#/definitions/ArrayOfGIDs" - }, - "username": { - "id": "https://opencontainers.org/schema/bundle/process/user/username", - "type": "string" - } - } - }, - "capabilities": { - "id": "https://opencontainers.org/schema/bundle/process/linux/capabilities", - "type": "object", - "properties": { - "bounding": { - "id": "https://opencontainers.org/schema/bundle/process/linux/capabilities/bounding", - "type": "array", - "items": { - "type": "string" - } - }, - "permitted": { - "id": "https://opencontainers.org/schema/bundle/process/linux/capabilities/permitted", - "type": "array", - "items": { - "type": "string" - } - }, - "effective": { - "id": "https://opencontainers.org/schema/bundle/process/linux/capabilities/effective", - "type": "array", - "items": { - "type": "string" - } - }, - "inheritable": { - "id": "https://opencontainers.org/schema/bundle/process/linux/capabilities/inheritable", - "type": "array", - "items": { - "type": "string" - } - }, - "ambient": { - "id": "https://opencontainers.org/schema/bundle/process/linux/capabilities/ambient", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "apparmorProfile": { - "id": "https://opencontainers.org/schema/bundle/process/linux/apparmorProfile", - "type": "string" - }, - "oomScoreAdj": { - "id": "https://opencontainers.org/schema/bundle/process/linux/oomScoreAdj", - "type": "integer" - }, - "selinuxLabel": { - "id": "https://opencontainers.org/schema/bundle/process/linux/selinuxLabel", - "type": "string" - }, - "noNewPrivileges": { - "id": "https://opencontainers.org/schema/bundle/process/linux/noNewPrivileges", - "type": "boolean" - }, - "rlimits": { - "id": "https://opencontainers.org/schema/bundle/linux/rlimits", - "type": "array", - "items": { - "id": "https://opencontainers.org/schema/bundle/linux/rlimits/0", - "type": "object", - "required": [ - "type", - "soft", - "hard" - ], - "properties": { - "hard": { - "id": "https://opencontainers.org/schema/bundle/linux/rlimits/0/hard", - "$ref": "../../defs.json#/definitions/uint64" - }, - "soft": { - "id": "https://opencontainers.org/schema/bundle/linux/rlimits/0/soft", - "$ref": "../../defs.json#/definitions/uint64" - }, - "type": { - "id": "https://opencontainers.org/schema/bundle/linux/rlimits/0/type", - "type": "string", - "pattern": "^RLIMIT_[A-Z]+$" - } - } - } - } - } + "$ref": "../../defs.json#/definitions/process" }, "linux": { "$ref": "config-linux.json#/linux" diff --git a/src/json/schema/src/read_file.c b/src/json/schema/src/read_file.c index bbfff73..08b9059 100644 --- a/src/json/schema/src/read_file.c +++ b/src/json/schema/src/read_file.c @@ -1,7 +1,7 @@ /* Copyright 2017 Giuseppe Scrivano Copyright (C) Huawei Technologies., Ltd. 2018-2019. All rights reserved. - + Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at diff --git a/src/json/schema/src/read_file.h b/src/json/schema/src/read_file.h index 0bf6a25..4edc585 100644 --- a/src/json/schema/src/read_file.h +++ b/src/json/schema/src/read_file.h @@ -1,7 +1,7 @@ /* Copyright 2017 Giuseppe Scrivano Copyright (C) Huawei Technologies., Ltd. 2018-2019. All rights reserved. - + Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at diff --git a/src/namespace.h b/src/namespace.h index 5843020..7a7dc40 100644 --- a/src/namespace.h +++ b/src/namespace.h @@ -40,6 +40,7 @@ #define TYPE_NAMESPACE_CGROUP "cgroup" #define ETC_HOSTS "/etc/hosts" +#define ETC_HOSTNAME "/etc/hostname" #define RESOLV_CONF_PATH "/etc/resolv.conf" static inline bool is_host(const char *mode) diff --git a/src/pack_config.c b/src/pack_config.c index 8eb44a4..ca016ca 100644 --- a/src/pack_config.c +++ b/src/pack_config.c @@ -25,11 +25,11 @@ #include "log.h" #include "pack_config.h" -#include "container_custom_config.h" #include "host_config.h" #include "utils.h" #include "parse_common.h" #include "path.h" +#include "container_config.h" static bool parse_restart_policy(const char *policy, host_config_restart_policy **rp) { @@ -1775,33 +1775,33 @@ out: return ret; } -static int pack_container_custom_config_log(container_custom_config *custom_spec, +static int pack_container_custom_config_log(container_config *container_spec, const isula_container_config_t *custom_conf) { int ret = 0; /* log config */ - custom_spec->log_config = util_common_calloc_s(sizeof(container_custom_config_log_config)); - if (custom_spec->log_config == NULL) { + container_spec->log_config = util_common_calloc_s(sizeof(container_config_log_config)); + if (container_spec->log_config == NULL) { ret = -1; goto out; } if (custom_conf->log_file != NULL) { - custom_spec->log_config->log_file = util_strdup_s(custom_conf->log_file); + container_spec->log_config->log_file = util_strdup_s(custom_conf->log_file); } if (custom_conf->log_file_size != NULL) { - custom_spec->log_config->log_file_size = util_strdup_s(custom_conf->log_file_size); + container_spec->log_config->log_file_size = util_strdup_s(custom_conf->log_file_size); } if (custom_conf->log_file_rotate) { - custom_spec->log_config->log_file_rotate = custom_conf->log_file_rotate; + container_spec->log_config->log_file_rotate = custom_conf->log_file_rotate; } out: return ret; } -static int pack_container_custom_config_args(container_custom_config *custom_spec, +static int pack_container_custom_config_args(container_config *container_spec, const isula_container_config_t *custom_conf) { int ret = 0; @@ -1809,13 +1809,13 @@ static int pack_container_custom_config_args(container_custom_config *custom_spe /* entrypoint */ if (util_valid_str(custom_conf->entrypoint)) { - custom_spec->entrypoint = util_common_calloc_s(sizeof(char *)); - if (custom_spec->entrypoint == NULL) { + container_spec->entrypoint = util_common_calloc_s(sizeof(char *)); + if (container_spec->entrypoint == NULL) { ret = -1; goto out; } - custom_spec->entrypoint[0] = util_strdup_s(custom_conf->entrypoint); - custom_spec->entrypoint_len++; + container_spec->entrypoint[0] = util_strdup_s(custom_conf->entrypoint); + container_spec->entrypoint_len++; } /* commands */ @@ -1825,14 +1825,14 @@ static int pack_container_custom_config_args(container_custom_config *custom_spe ret = -1; goto out; } - custom_spec->cmd = util_common_calloc_s(custom_conf->cmd_len * sizeof(char *)); - if (custom_spec->cmd == NULL) { + container_spec->cmd = util_common_calloc_s(custom_conf->cmd_len * sizeof(char *)); + if (container_spec->cmd == NULL) { ret = -1; goto out; } for (i = 0; i < (int)custom_conf->cmd_len; i++) { - custom_spec->cmd[custom_spec->cmd_len] = util_strdup_s(custom_conf->cmd[i]); - custom_spec->cmd_len++; + container_spec->cmd[container_spec->cmd_len] = util_strdup_s(custom_conf->cmd[i]); + container_spec->cmd_len++; } } @@ -1840,7 +1840,7 @@ out: return ret; } -static int pack_container_custom_config_mounts(container_custom_config *custom_spec, +static int pack_container_custom_config_mounts(container_config *container_spec, const isula_container_config_t *custom_conf) { int ret = 0; @@ -1853,21 +1853,21 @@ static int pack_container_custom_config_mounts(container_custom_config *custom_s ret = -1; goto out; } - custom_spec->mounts = util_common_calloc_s(custom_conf->mounts_len * sizeof(char *)); - if (custom_spec->mounts == NULL) { + container_spec->mounts = util_common_calloc_s(custom_conf->mounts_len * sizeof(char *)); + if (container_spec->mounts == NULL) { ret = -1; goto out; } for (i = 0; i < (int)custom_conf->mounts_len; i++) { - custom_spec->mounts[custom_spec->mounts_len] = util_strdup_s(custom_conf->mounts[i]); - custom_spec->mounts_len++; + container_spec->mounts[container_spec->mounts_len] = util_strdup_s(custom_conf->mounts[i]); + container_spec->mounts_len++; } } out: return ret; } -static int pack_container_custom_config_array(container_custom_config *custom_spec, +static int pack_container_custom_config_array(container_config *container_spec, const isula_container_config_t *custom_conf) { int ret = 0; @@ -1879,14 +1879,14 @@ static int pack_container_custom_config_array(container_custom_config *custom_sp COMMAND_ERROR("Too many environment variables"); return -1; } - custom_spec->env = util_common_calloc_s(custom_conf->env_len * sizeof(char *)); - if (custom_spec->env == NULL) { + container_spec->env = util_common_calloc_s(custom_conf->env_len * sizeof(char *)); + if (container_spec->env == NULL) { ret = -1; goto out; } for (i = 0; i < (int)custom_conf->env_len; i++) { - custom_spec->env[custom_spec->env_len] = util_strdup_s(custom_conf->env[i]); - custom_spec->env_len++; + container_spec->env[container_spec->env_len] = util_strdup_s(custom_conf->env[i]); + container_spec->env_len++; } } @@ -1907,7 +1907,7 @@ static bool have_health_check(const isula_container_config_t *custom_conf) return have_health_settings; } -static int pack_custom_no_health_check(container_custom_config *custom_spec, bool have_health_settings, +static int pack_custom_no_health_check(container_config *container_spec, bool have_health_settings, defs_health_check *health_config) { int ret = 0; @@ -1923,13 +1923,13 @@ static int pack_custom_no_health_check(container_custom_config *custom_spec, boo goto out; } health_config->test[health_config->test_len++] = util_strdup_s("NONE"); - custom_spec->health_check = health_config; + container_spec->health_check = health_config; out: return ret; } -static int pack_custom_with_health_check(container_custom_config *custom_spec, +static int pack_custom_with_health_check(container_config *container_spec, const isula_container_config_t *custom_conf, bool have_health_settings, defs_health_check *health_config) { @@ -1953,23 +1953,23 @@ static int pack_custom_with_health_check(container_custom_config *custom_spec, health_config->start_period = custom_conf->health_start_period; health_config->retries = custom_conf->health_retries; health_config->exit_on_unhealthy = custom_conf->exit_on_unhealthy; - if (custom_spec->health_check != NULL) { - free_defs_health_check(custom_spec->health_check); + if (container_spec->health_check != NULL) { + free_defs_health_check(container_spec->health_check); } - custom_spec->health_check = health_config; + container_spec->health_check = health_config; out: return ret; } -static int pack_container_custom_config_health(container_custom_config *custom_spec, +static int pack_container_custom_config_health(container_config *container_spec, const isula_container_config_t *custom_conf) { int ret = 0; bool have_health_settings = false; defs_health_check *health_config = NULL; - if (custom_spec == NULL || custom_conf == NULL) { + if (container_spec == NULL || custom_conf == NULL) { return 0; } @@ -1982,12 +1982,12 @@ static int pack_container_custom_config_health(container_custom_config *custom_s } if (custom_conf->no_healthcheck) { - ret = pack_custom_no_health_check(custom_spec, have_health_settings, health_config); + ret = pack_custom_no_health_check(container_spec, have_health_settings, health_config); if (ret != 0) { goto out; } } else if (have_health_settings) { - ret = pack_custom_with_health_check(custom_spec, custom_conf, have_health_settings, health_config); + ret = pack_custom_with_health_check(container_spec, custom_conf, have_health_settings, health_config); if (ret != 0) { goto out; } @@ -2002,21 +2002,21 @@ out: return ret; } -static int pack_container_custom_config_annotation(container_custom_config *custom_spec, +static int pack_container_custom_config_annotation(container_config *container_spec, const isula_container_config_t *custom_conf) { int ret = 0; size_t j; - custom_spec->annotations = util_common_calloc_s(sizeof(json_map_string_string)); - if (custom_spec->annotations == NULL) { + container_spec->annotations = util_common_calloc_s(sizeof(json_map_string_string)); + if (container_spec->annotations == NULL) { ERROR("Out of memory"); ret = -1; goto out; } if (custom_conf->annotations != NULL) { for (j = 0; j < custom_conf->annotations->len; j++) { - if (append_json_map_string_string(custom_spec->annotations, custom_conf->annotations->keys[j], + if (append_json_map_string_string(container_spec->annotations, custom_conf->annotations->keys[j], custom_conf->annotations->values[j])) { ERROR("Append map failed"); ret = -1; @@ -2028,32 +2028,32 @@ out: return ret; } -static int pack_container_custom_config_pre(container_custom_config *custom_spec, +static int pack_container_custom_config_pre(container_config *container_spec, const isula_container_config_t *custom_conf) { int ret = 0; - ret = pack_container_custom_config_log(custom_spec, custom_conf); + ret = pack_container_custom_config_log(container_spec, custom_conf); if (ret != 0) { goto out; } - ret = pack_container_custom_config_args(custom_spec, custom_conf); + ret = pack_container_custom_config_args(container_spec, custom_conf); if (ret != 0) { goto out; } - ret = pack_container_custom_config_mounts(custom_spec, custom_conf); + ret = pack_container_custom_config_mounts(container_spec, custom_conf); if (ret != 0) { goto out; } - ret = pack_container_custom_config_array(custom_spec, custom_conf); + ret = pack_container_custom_config_array(container_spec, custom_conf); if (ret != 0) { goto out; } - ret = pack_container_custom_config_health(custom_spec, custom_conf); + ret = pack_container_custom_config_health(container_spec, custom_conf); if (ret != 0) { goto out; } @@ -2062,75 +2062,75 @@ out: } /* translate create_custom_config to container_custom_config */ -static int pack_container_custom_config(container_custom_config *custom_spec, +static int pack_container_custom_config(container_config *container_spec, const isula_container_config_t *custom_conf) { int ret = -1; - if (custom_spec == NULL || custom_conf == NULL) { + if (container_spec == NULL || custom_conf == NULL) { return ret; } - ret = pack_container_custom_config_pre(custom_spec, custom_conf); + ret = pack_container_custom_config_pre(container_spec, custom_conf); if (ret != 0) { goto out; } if (custom_conf->hostname != NULL) { - custom_spec->hostname = util_strdup_s(custom_conf->hostname); + container_spec->hostname = util_strdup_s(custom_conf->hostname); } /* console config */ - custom_spec->tty = custom_conf->tty; - custom_spec->open_stdin = custom_conf->open_stdin; - custom_spec->attach_stdin = custom_conf->attach_stdin; - custom_spec->attach_stdout = custom_conf->attach_stdout; - custom_spec->attach_stderr = custom_conf->attach_stderr; + container_spec->tty = custom_conf->tty; + container_spec->open_stdin = custom_conf->open_stdin; + container_spec->attach_stdin = custom_conf->attach_stdin; + container_spec->attach_stdout = custom_conf->attach_stdout; + container_spec->attach_stderr = custom_conf->attach_stderr; /* user and group */ if (custom_conf->user != NULL) { - custom_spec->user = util_strdup_s(custom_conf->user); + container_spec->user = util_strdup_s(custom_conf->user); } /* settings for system container */ if (custom_conf->system_container) { - custom_spec->system_container = custom_conf->system_container; + container_spec->system_container = custom_conf->system_container; } if (custom_conf->ns_change_opt != NULL) { - custom_spec->ns_change_opt = util_strdup_s(custom_conf->ns_change_opt); + container_spec->ns_change_opt = util_strdup_s(custom_conf->ns_change_opt); } - ret = pack_container_custom_config_annotation(custom_spec, custom_conf); + ret = pack_container_custom_config_annotation(container_spec, custom_conf); if (ret != 0) { goto out; } if (custom_conf->workdir != NULL) { - custom_spec->working_dir = util_strdup_s(custom_conf->workdir); + container_spec->working_dir = util_strdup_s(custom_conf->workdir); } out: return ret; } -int generate_container_config(const isula_container_config_t *custom_conf, char **custom_config_str) +int generate_container_config(const isula_container_config_t *custom_conf, char **container_config_str) { int ret = 0; - container_custom_config *custom_spec = NULL; + container_config *container_spec = NULL; struct parser_context ctx = { OPT_GEN_SIMPLIFY, 0 }; parser_error err = NULL; - /* step 1: malloc the container_custom_config */ - custom_spec = util_common_calloc_s(sizeof(container_custom_config)); - if (custom_spec == NULL) { + /* step 1: malloc the container config */ + container_spec = util_common_calloc_s(sizeof(container_config)); + if (container_spec == NULL) { ERROR("Memory out"); ret = -1; goto out; } /* step 2: pack the container custom config */ - ret = pack_container_custom_config(custom_spec, custom_conf); + ret = pack_container_custom_config(container_spec, custom_conf); if (ret != 0) { ERROR("Failed to pack the container custom config"); ret = -1; @@ -2138,15 +2138,15 @@ int generate_container_config(const isula_container_config_t *custom_conf, char } /* step 3: generate the config string */ - *custom_config_str = container_custom_config_generate_json(custom_spec, &ctx, &err); - if (*custom_config_str == NULL) { + *container_config_str = container_config_generate_json(container_spec, &ctx, &err); + if (*container_config_str == NULL) { ERROR("Failed to generate OCI specification json string"); ret = -1; goto out; } out: - free_container_custom_config(custom_spec); + free_container_config(container_spec); free(err); return ret; diff --git a/src/pack_config.h b/src/pack_config.h index 2c48f1a..7c757e8 100644 --- a/src/pack_config.h +++ b/src/pack_config.h @@ -24,7 +24,7 @@ extern "C" { int generate_hostconfig(const isula_host_config_t *srcconfig, char **hostconfigstr); int generate_container_config(const isula_container_config_t *custom_conf, - char **custom_config_str); + char **container_config_str); #ifdef __cplusplus } diff --git a/src/plugin/plugin.c b/src/plugin/plugin.c index 1f98a71..01f5a8f 100644 --- a/src/plugin/plugin.c +++ b/src/plugin/plugin.c @@ -211,7 +211,7 @@ static int set_env_enable_plugins(oci_runtime_spec *oci) if (oci->process == NULL) { ERROR("BUG oci->process should not be nil"); - oci->process = util_common_calloc_s(sizeof(oci_runtime_spec_process)); + oci->process = util_common_calloc_s(sizeof(defs_process)); if (oci->process == NULL) { ERROR("out of memory"); goto failed; @@ -880,6 +880,7 @@ out: int pm_activate_plugin(plugin_t *plugin) { int ret = 0; + int nret = 0; plugin_activate_plugin_request reqs = { 0 }; char *body = NULL; size_t body_len = 0; @@ -901,8 +902,8 @@ int pm_activate_plugin(plugin_t *plugin) } body_len = strlen(body) + 1; - ret = snprintf(socket, PATH_MAX, "unix://%s", plugin->addr); - if (ret < 0 || ret >= PATH_MAX) { + nret = snprintf(socket, PATH_MAX, "unix://%s", plugin->addr); + if (nret < 0 || nret >= PATH_MAX) { ERROR("get plugin socket failed"); ret = -1; goto out; @@ -1044,7 +1045,7 @@ static int pm_prepare_init_reqs(const plugin_t *plugin, plugin_init_plugin_reque elem->status = get_status(cont); - ocic = read_oci_config(cont->root_path, elem->id); + ocic = load_oci_config(cont->root_path, elem->id); if (ocic == NULL) { ret = -1; ERROR("read oci config failed"); @@ -1073,6 +1074,7 @@ out: static int pm_init_plugin(const plugin_t *plugin) { int ret = 0; + int nret = 0; char **cnames = NULL; size_t container_num = 0; plugin_init_plugin_request reqs = { 0 }; @@ -1127,8 +1129,8 @@ static int pm_init_plugin(const plugin_t *plugin) } body_len = strlen(body) + 1; - ret = snprintf(socket, PATH_MAX, "unix://%s", plugin->addr); - if (ret < 0 || ret >= PATH_MAX) { + nret = snprintf(socket, PATH_MAX, "unix://%s", plugin->addr); + if (nret < 0 || nret >= PATH_MAX) { ERROR("get plugin socket failed %s", plugin->addr); ret = -1; goto out; @@ -1443,6 +1445,7 @@ out: static int plugin_event_pre_create_handle(const plugin_t *plugin, const char *cid, char **base) { int ret = 0; + int nret = 0; char *body = NULL; size_t body_len = 0; struct parser_context ctx = { @@ -1467,8 +1470,8 @@ static int plugin_event_pre_create_handle(const plugin_t *plugin, const char *ci } body_len = strlen(body) + 1; - ret = snprintf(socket, sizeof(socket), "unix://%s", plugin->addr); - if (ret < 0 || (size_t)ret >= sizeof(socket)) { + nret = snprintf(socket, sizeof(socket), "unix://%s", plugin->addr); + if (nret < 0 || (size_t)nret >= sizeof(socket)) { ERROR("get plugin socket failed %s", plugin->addr); ret = -1; goto out; @@ -1618,6 +1621,7 @@ out: static int plugin_event_pre_start_handle(const plugin_t *plugin, const char *cid) { int ret = 0; + int nret = 0; char *body = NULL; size_t body_len = 0; struct parser_context ctx = { @@ -1639,8 +1643,8 @@ static int plugin_event_pre_start_handle(const plugin_t *plugin, const char *cid } body_len = strlen(body) + 1; - ret = snprintf(socket, sizeof(socket), "unix://%s", plugin->addr); - if (ret < 0 || (size_t)ret >= sizeof(socket)) { + nret = snprintf(socket, sizeof(socket), "unix://%s", plugin->addr); + if (nret < 0 || (size_t)nret >= sizeof(socket)) { ERROR("get plugin socket failed %s", plugin->addr); ret = -1; goto out; @@ -1717,6 +1721,7 @@ out: static int plugin_event_post_stop_handle(const plugin_t *plugin, const char *cid) { int ret = 0; + int nret = 0; char *body = NULL; size_t body_len = 0; struct parser_context ctx = { @@ -1738,8 +1743,8 @@ static int plugin_event_post_stop_handle(const plugin_t *plugin, const char *cid } body_len = strlen(body) + 1; - ret = snprintf(socket, sizeof(socket), "unix://%s", plugin->addr); - if (ret < 0 || (size_t)ret >= sizeof(socket)) { + nret = snprintf(socket, sizeof(socket), "unix://%s", plugin->addr); + if (nret < 0 || (size_t)nret >= sizeof(socket)) { ERROR("get plugin socket failed %s", plugin->addr); ret = -1; goto out; @@ -1815,6 +1820,7 @@ out: static int plugin_event_post_remove_handle(const plugin_t *plugin, const char *cid) { int ret = 0; + int nret = 0; char *body = NULL; size_t body_len = 0; struct parser_context ctx = { @@ -1836,8 +1842,8 @@ static int plugin_event_post_remove_handle(const plugin_t *plugin, const char *c } body_len = strlen(body) + 1; - ret = snprintf(socket, sizeof(socket), "unix://%s", plugin->addr); - if (ret < 0 || (size_t)ret >= sizeof(socket)) { + nret = snprintf(socket, sizeof(socket), "unix://%s", plugin->addr); + if (nret < 0 || (size_t)nret >= sizeof(socket)) { ERROR("get plugin socket failed %s", plugin->addr); ret = -1; goto out; diff --git a/src/plugin/pspec.c b/src/plugin/pspec.c index 2b69196..dabf42f 100644 --- a/src/plugin/pspec.c +++ b/src/plugin/pspec.c @@ -72,7 +72,7 @@ static oci_runtime_pspec *raw_get_pspec(oci_runtime_spec *oci) return NULL; } if (oci->linux->resources != NULL && pspec->resources == NULL) { - pspec->resources = util_common_calloc_s(sizeof(oci_runtime_config_linux_resources)); + pspec->resources = util_common_calloc_s(sizeof(defs_resources)); if (pspec->resources == NULL) { ERROR("Out of memory"); free_oci_runtime_pspec(pspec); @@ -85,10 +85,10 @@ static oci_runtime_pspec *raw_get_pspec(oci_runtime_spec *oci) PPR_UPDATE(pspec, oci, mounts, mounts_len, free_defs_mount); PPR_UPDATE(pspec, oci->process, env, env_len, free); - PPR_UPDATE(pspec, oci->linux, devices, devices_len, free_oci_runtime_defs_linux_device); + PPR_UPDATE(pspec, oci->linux, devices, devices_len, free_defs_device); PPR_UPDATE(pspec->resources, oci->linux->resources, devices, devices_len, - free_oci_runtime_defs_linux_device_cgroup); + free_defs_device_cgroup); return pspec; } @@ -99,7 +99,7 @@ static void raw_set_pspec(oci_runtime_spec *oci, oci_runtime_pspec *pspec) return; } if (pspec->resources != NULL && oci->linux->resources == NULL) { - oci->linux->resources = util_common_calloc_s(sizeof(oci_runtime_config_linux_resources)); + oci->linux->resources = util_common_calloc_s(sizeof(defs_resources)); if (oci->linux->resources == NULL) { ERROR("out of memory"); return; @@ -111,10 +111,10 @@ static void raw_set_pspec(oci_runtime_spec *oci, oci_runtime_pspec *pspec) PPR_UPDATE(oci, pspec, mounts, mounts_len, free_defs_mount); PPR_UPDATE(oci->process, pspec, env, env_len, free); - PPR_UPDATE(oci->linux, pspec, devices, devices_len, free_oci_runtime_defs_linux_device); + PPR_UPDATE(oci->linux, pspec, devices, devices_len, free_defs_device); PPR_UPDATE(oci->linux->resources, pspec->resources, devices, devices_len, - free_oci_runtime_defs_linux_device_cgroup); + free_defs_device_cgroup); } char *get_pspec(oci_runtime_spec *oci) @@ -186,7 +186,7 @@ static void raw_update_pspec(oci_runtime_pspec *base, oci_runtime_pspec *new) return; } if (new->resources != NULL && base->resources == NULL) { - base->resources = util_common_calloc_s(sizeof(oci_runtime_config_linux_resources)); + base->resources = util_common_calloc_s(sizeof(defs_resources)); if (base->resources == NULL) { ERROR("Out of memory"); return; @@ -198,9 +198,9 @@ static void raw_update_pspec(oci_runtime_pspec *base, oci_runtime_pspec *new) PPR_UPDATE(base, new, mounts, mounts_len, free_defs_mount); PPR_UPDATE(base, new, env, env_len, free); - PPR_UPDATE(base, new, devices, devices_len, free_oci_runtime_defs_linux_device); + PPR_UPDATE(base, new, devices, devices_len, free_defs_device); - PPR_UPDATE(base->resources, new->resources, devices, devices_len, free_oci_runtime_defs_linux_device_cgroup); + PPR_UPDATE(base->resources, new->resources, devices, devices_len, free_defs_device_cgroup); } char *merge_pspec(const char *base, const char *data) diff --git a/src/runtime/lcr/lcr_rt_ops.c b/src/runtime/lcr/lcr_rt_ops.c index 72a6fa8..8f17e2b 100644 --- a/src/runtime/lcr/lcr_rt_ops.c +++ b/src/runtime/lcr/lcr_rt_ops.c @@ -55,7 +55,7 @@ int rt_lcr_create(const char *name, const char *runtime, const rt_create_params_ goto out; } - if (!engine_ops->engine_create_op(name, runtime_root, params->real_rootfs, params->oci_config_data)) { + if (!engine_ops->engine_create_op(name, runtime_root, params->oci_config_data)) { ERROR("Failed to create container"); const char *tmpmsg = NULL; tmpmsg = engine_ops->engine_get_errmsg_op(); @@ -127,10 +127,6 @@ int rt_lcr_start(const char *name, const char *runtime, const rt_start_params_t request.start_timeout = params->start_timeout; request.container_pidfile = params->container_pidfile; request.exit_fifo = params->exit_fifo; - request.uid = params->puser->uid; - request.gid = params->puser->gid; - request.additional_gids = params->puser->additional_gids; - request.additional_gids_len = params->puser->additional_gids_len; if (!engine_ops->engine_start_op(&request)) { const char *tmpmsg = NULL; @@ -306,11 +302,51 @@ out: } return ret; } + +// user string(UID:GID) +static int generate_user_string_by_uid_gid(const defs_process_user *puser, char **user) +{ + char uid_str[ISULAD_NUMSTRLEN32] = { 0 }; + char gid_str[ISULAD_NUMSTRLEN32] = { 0 }; + size_t len; + int nret = 0; + + nret = snprintf(uid_str, ISULAD_NUMSTRLEN32, "%u", (unsigned int)puser->uid); + if (nret < 0 || nret >= ISULAD_NUMSTRLEN32) { + ERROR("Invalid UID:%u", (unsigned int)puser->uid); + return -1; + } + + nret = snprintf(gid_str, ISULAD_NUMSTRLEN32, "%u", (unsigned int)puser->gid); + if (nret < 0 || nret >= ISULAD_NUMSTRLEN32) { + ERROR("Invalid attach uid value :%u", (unsigned int)puser->gid); + return -1; + } + + len = strlen(uid_str) + 1 + strlen(gid_str) + 1; + *user = (char *)util_common_calloc_s(len * sizeof(char)); + if (*user == NULL) { + ERROR("Out of memory"); + return -1; + } + + nret = snprintf(*user, len, "%u:%u", (unsigned int)puser->uid, (unsigned int)puser->gid); + if (nret < 0 || (size_t)nret >= len) { + ERROR("Invalid UID:GID (%u:%u)", (unsigned int)puser->uid, (unsigned int)puser->gid); + free(*user); + *user = NULL; + return -1; + } + + return 0; +} + int rt_lcr_exec(const char *id, const char *runtime, const rt_exec_params_t *params, int *exit_code) { int ret = 0; struct engine_operation *engine_ops = NULL; engine_exec_request_t request = { 0 }; + char *user = NULL; engine_ops = engines_get_handler(runtime); if (engine_ops == NULL || engine_ops->engine_exec_op == NULL) { @@ -323,14 +359,20 @@ int rt_lcr_exec(const char *id, const char *runtime, const rt_exec_params_t *par request.lcrpath = params->rootpath; request.logpath = params->logpath; request.loglevel = params->loglevel; - request.args = (const char **)params->args; - request.args_len = params->args_len; - request.env = (const char **)params->envs; - request.env_len = params->envs_len; + request.args = (const char **)params->spec->args; + request.args_len = params->spec->args_len; + request.env = (const char **)params->spec->env; + request.env_len = params->spec->env_len; request.console_fifos = params->console_fifos; request.timeout = params->timeout; - request.user = params->user; request.suffix = params->suffix; + if (params->spec->user != NULL) { + if (generate_user_string_by_uid_gid(params->spec->user, &user) != 0) { + ret = -1; + goto out; + } + request.user = user; + } if (!engine_ops->engine_exec_op(&request, exit_code)) { const char *tmpmsg = NULL; @@ -338,7 +380,6 @@ int rt_lcr_exec(const char *id, const char *runtime, const rt_exec_params_t *par isulad_set_error_message("Exec container error;%s", (tmpmsg && strcmp(tmpmsg, DEF_SUCCESS_STR)) ? tmpmsg : DEF_ERR_RUNTIME_STR); util_contain_errmsg(g_isulad_errmsg, exit_code); - engine_ops->engine_clear_errmsg_op(); ret = -1; goto out; } @@ -347,6 +388,7 @@ out: if (engine_ops != NULL) { engine_ops->engine_clear_errmsg_op(); } + free(user); return ret; } diff --git a/src/runtime/runtime.h b/src/runtime/runtime.h index 5eb0a81..161fb0b 100644 --- a/src/runtime/runtime.h +++ b/src/runtime/runtime.h @@ -31,7 +31,6 @@ typedef struct _rt_create_params_t { const char *rootfs; const char *bundle; const char *state; - const char *real_rootfs; void *oci_config_data; bool terminal; const char *stdin; @@ -54,7 +53,6 @@ typedef struct _rt_start_params_t { const char *container_pidfile; const char *exit_fifo; - const oci_runtime_spec_process_user *puser; } rt_start_params_t; typedef struct _rt_restart_params_t { @@ -87,12 +85,8 @@ typedef struct _rt_exec_params_t { const char *loglevel; const char **console_fifos; int64_t timeout; - const char *user; - const char * const *args; - size_t args_len; - const char * const *envs; - size_t envs_len; const char *suffix; + defs_process *spec; } rt_exec_params_t; typedef struct _rt_pause_params_t { diff --git a/src/services/cri/cri_container.cc b/src/services/cri/cri_container.cc index 3f6cc22..ec408c7 100644 --- a/src/services/cri/cri_container.cc +++ b/src/services/cri/cri_container.cc @@ -25,7 +25,6 @@ #include "log.h" #include "utils.h" -#include "container_custom_config.h" #include "timestamp.h" #include "cri_helpers.h" #include "path.h" @@ -115,12 +114,12 @@ void CRIRuntimeServiceImpl::GetContainerTimeStamps(container_inspect *inspect, i } } -container_custom_config *CRIRuntimeServiceImpl::GenerateCreateContainerCustomConfig( +container_config *CRIRuntimeServiceImpl::GenerateCreateContainerCustomConfig( const std::string &realPodSandboxID, const runtime::v1alpha2::ContainerConfig &containerConfig, const runtime::v1alpha2::PodSandboxConfig &podSandboxConfig, Errors &error) { - container_custom_config *custom_config = - (container_custom_config *)util_common_calloc_s(sizeof(container_custom_config)); + container_config *custom_config = + (container_config *)util_common_calloc_s(sizeof(container_config)); if (custom_config == nullptr) { error.SetError("Out of memory"); goto cleanup; @@ -168,7 +167,7 @@ container_custom_config *CRIRuntimeServiceImpl::GenerateCreateContainerCustomCon return custom_config; cleanup: - free_container_custom_config(custom_config); + free_container_config(custom_config); return nullptr; } @@ -308,7 +307,7 @@ container_create_request *CRIRuntimeServiceImpl::GenerateCreateContainerRequest( request->image = util_strdup_s(containerConfig.image().image().c_str()); } - container_custom_config *custom_config { nullptr }; + container_config *custom_config { nullptr }; host_config *hostconfig = GenerateCreateContainerHostConfig(containerConfig, error); if (error.NotEmpty()) { @@ -338,7 +337,7 @@ container_create_request *CRIRuntimeServiceImpl::GenerateCreateContainerRequest( goto cleanup; } - request->customconfig = container_custom_config_generate_json(custom_config, &ctx, &perror); + request->customconfig = container_config_generate_json(custom_config, &ctx, &perror); if (request->customconfig == nullptr) { error.Errorf("Failed to generate custom config json: %s", perror); free_container_create_request(request); @@ -347,7 +346,7 @@ container_create_request *CRIRuntimeServiceImpl::GenerateCreateContainerRequest( } cleanup: free_host_config(hostconfig); - free_container_custom_config(custom_config); + free_container_config(custom_config); free(perror); return request; } @@ -396,7 +395,7 @@ cleanup: } void CRIRuntimeServiceImpl::MakeContainerConfig(const runtime::v1alpha2::ContainerConfig &config, - container_custom_config *cConfig, Errors &error) + container_config *cConfig, Errors &error) { if (config.command_size() > 0) { if (static_cast(config.command_size()) > SIZE_MAX / sizeof(char *)) { @@ -964,7 +963,6 @@ void CRIRuntimeServiceImpl::ListContainerStats( goto cleanup; } request->all = true; - request->runtime = util_strdup_s(CRIHelpers::Constants::DEFAULT_RUNTIME_NAME.c_str()); request->filters = (defs_filters *)util_common_calloc_s(sizeof(defs_filters)); if (request->filters == nullptr) { diff --git a/src/services/cri/cri_helpers.cc b/src/services/cri/cri_helpers.cc index 48589da..82b762e 100644 --- a/src/services/cri/cri_helpers.cc +++ b/src/services/cri/cri_helpers.cc @@ -418,7 +418,7 @@ std::unique_ptr CheckpointToSandbox(const std::st return result; } -void UpdateCreateConfig(container_custom_config *createConfig, host_config *hc, +void UpdateCreateConfig(container_config *createConfig, host_config *hc, const runtime::v1alpha2::ContainerConfig &config, const std::string &podSandboxID, Errors &error) { diff --git a/src/services/cri/cri_helpers.h b/src/services/cri/cri_helpers.h index 8e308c6..a22815a 100644 --- a/src/services/cri/cri_helpers.h +++ b/src/services/cri/cri_helpers.h @@ -90,7 +90,7 @@ std::unique_ptr CheckpointToSandbox(const std::st std::string StringsJoin(const std::vector &vec, const std::string &sep); -void UpdateCreateConfig(container_custom_config *createConfig, host_config *hc, +void UpdateCreateConfig(container_config *createConfig, host_config *hc, const runtime::v1alpha2::ContainerConfig &config, const std::string &podSandboxID, Errors &error); diff --git a/src/services/cri/cri_runtime_service.cc b/src/services/cri/cri_runtime_service.cc index 6784af2..76d3d0e 100644 --- a/src/services/cri/cri_runtime_service.cc +++ b/src/services/cri/cri_runtime_service.cc @@ -26,7 +26,6 @@ #include "utils.h" #include "config.h" #include "host_config.h" -#include "container_custom_config.h" #include "cri_helpers.h" #include "network_plugin.h" #include "container_inspect.h" diff --git a/src/services/cri/cri_runtime_service.h b/src/services/cri/cri_runtime_service.h index df0a8f9..b271200 100644 --- a/src/services/cri/cri_runtime_service.h +++ b/src/services/cri/cri_runtime_service.h @@ -27,7 +27,6 @@ #include "callback.h" #include "container_inspect.h" #include "host_config.h" -#include "container_custom_config.h" #include "errors.h" #include "cri_image_service.h" #include "cri_pod_network.h" @@ -168,12 +167,12 @@ private: void ApplySandboxResources(const runtime::v1alpha2::LinuxPodSandboxConfig *lc, host_config *hc, Errors &error); void ApplySandboxLinuxOptions(const runtime::v1alpha2::LinuxPodSandboxConfig &lc, host_config *hc, - container_custom_config *custom_config, Errors &error); + container_config *container_config, Errors &error); void MakeSandboxIsuladConfig(const runtime::v1alpha2::PodSandboxConfig &c, host_config *hc, - container_custom_config *custom_config, Errors &error); + container_config *container_config, Errors &error); - void MakeContainerConfig(const runtime::v1alpha2::ContainerConfig &config, container_custom_config *cConfig, + void MakeContainerConfig(const runtime::v1alpha2::ContainerConfig &config, container_config *container_config, Errors &error); void GetContainerLogPath(const std::string &containerID, char **path, char **realPath, Errors &error); @@ -226,7 +225,7 @@ private: host_config *hostconfig, Errors &error); int PackCreateContainerHostConfigDevices(const runtime::v1alpha2::ContainerConfig &containerConfig, host_config *hostconfig, Errors &error); - container_custom_config * + container_config * GenerateCreateContainerCustomConfig(const std::string &realPodSandboxID, const runtime::v1alpha2::ContainerConfig &containerConfig, const runtime::v1alpha2::PodSandboxConfig &podSandboxConfig, Errors &error); @@ -253,7 +252,7 @@ private: std::string &jsonCheckpoint, Errors &error); container_create_request *PackCreateContainerRequest(const runtime::v1alpha2::PodSandboxConfig &config, const std::string &image, host_config *hostconfig, - container_custom_config *custom_config, Errors &error); + container_config *container_config, Errors &error); int GetRealSandboxIDToStop(const std::string &podSandboxID, bool &hostNetwork, std::string &name, std::string &ns, std::string &realSandboxID, std::map &stdAnnos, Errors &error); int StopAllContainersInSandbox(const std::string &realSandboxID, Errors &error); diff --git a/src/services/cri/cri_sandbox.cc b/src/services/cri/cri_sandbox.cc index 4cf4e2b..3f138f9 100644 --- a/src/services/cri/cri_sandbox.cc +++ b/src/services/cri/cri_sandbox.cc @@ -33,7 +33,6 @@ #include "naming.h" #include "host_config.h" #include "cri_helpers.h" -#include "container_custom_config.h" #include "checkpoint_handler.h" #include "cri_security_context.h" @@ -128,7 +127,7 @@ void CRIRuntimeServiceImpl::ApplySandboxResources(const runtime::v1alpha2::Linux } void CRIRuntimeServiceImpl::ApplySandboxLinuxOptions(const runtime::v1alpha2::LinuxPodSandboxConfig &lc, - host_config *hc, container_custom_config *custom_config, + host_config *hc, container_config *custom_config, Errors &error) { CRISecurity::ApplySandboxSecurityContext(lc, custom_config, hc, error); @@ -202,7 +201,7 @@ void CRIRuntimeServiceImpl::MergeSecurityContextToHostConfig(const runtime::v1al } void CRIRuntimeServiceImpl::MakeSandboxIsuladConfig(const runtime::v1alpha2::PodSandboxConfig &c, host_config *hc, - container_custom_config *custom_config, Errors &error) + container_config *custom_config, Errors &error) { custom_config->labels = CRIHelpers::MakeLabels(c.labels(), error); if (error.NotEmpty()) { @@ -311,7 +310,7 @@ void CRIRuntimeServiceImpl::SetupSandboxFiles(const std::string &resolvPath, container_create_request *CRIRuntimeServiceImpl::PackCreateContainerRequest( const runtime::v1alpha2::PodSandboxConfig &config, const std::string &image, host_config *hostconfig, - container_custom_config *custom_config, Errors &error) + container_config *custom_config, Errors &error) { struct parser_context ctx = { OPT_GEN_SIMPLIFY, 0 }; parser_error perror = nullptr; @@ -332,7 +331,7 @@ container_create_request *CRIRuntimeServiceImpl::PackCreateContainerRequest( error.Errorf("Failed to generate host config json: %s", perror); goto error_out; } - create_request->customconfig = container_custom_config_generate_json(custom_config, &ctx, &perror); + create_request->customconfig = container_config_generate_json(custom_config, &ctx, &perror); if (create_request->customconfig == nullptr) { error.Errorf("Failed to generate custom config json: %s", perror); goto error_out; @@ -353,7 +352,7 @@ container_create_request *CRIRuntimeServiceImpl::GenerateSandboxCreateContainerR { container_create_request *create_request = nullptr; host_config *hostconfig = nullptr; - container_custom_config *custom_config = nullptr; + container_config *custom_config = nullptr; cri::PodSandboxCheckpoint checkpoint; hostconfig = (host_config *)util_common_calloc_s(sizeof(host_config)); @@ -362,7 +361,7 @@ container_create_request *CRIRuntimeServiceImpl::GenerateSandboxCreateContainerR goto error_out; } - custom_config = (container_custom_config *)util_common_calloc_s(sizeof(container_custom_config)); + custom_config = (container_config *)util_common_calloc_s(sizeof(container_config)); if (custom_config == nullptr) { error.SetError("Out of memory"); goto error_out; @@ -401,7 +400,7 @@ error_out: create_request = nullptr; cleanup: free_host_config(hostconfig); - free_container_custom_config(custom_config); + free_container_config(custom_config); return create_request; } diff --git a/src/services/cri/cri_security_context.cc b/src/services/cri/cri_security_context.cc index 2ac79eb..72807cd 100644 --- a/src/services/cri/cri_security_context.cc +++ b/src/services/cri/cri_security_context.cc @@ -20,7 +20,7 @@ namespace CRISecurity { static void ModifyContainerConfig(const runtime::v1alpha2::LinuxContainerSecurityContext &sc, - container_custom_config *config) + container_config *config) { if (sc.has_run_as_user()) { free(config->user); @@ -195,7 +195,7 @@ static void ModifySandboxNamespaceOptions(const runtime::v1alpha2::NamespaceOpti ModifyHostNetworkOptionForSandbox(nsOpts, hostConfig); } -void ApplySandboxSecurityContext(const runtime::v1alpha2::LinuxPodSandboxConfig &lc, container_custom_config *config, +void ApplySandboxSecurityContext(const runtime::v1alpha2::LinuxPodSandboxConfig &lc, container_config *config, host_config *hc, Errors &error) { std::unique_ptr sc( @@ -227,7 +227,7 @@ void ApplySandboxSecurityContext(const runtime::v1alpha2::LinuxPodSandboxConfig } void ApplyContainerSecurityContext(const runtime::v1alpha2::LinuxContainerConfig &lc, const std::string &podSandboxID, - container_custom_config *config, host_config *hc, Errors &error) + container_config *config, host_config *hc, Errors &error) { if (lc.has_security_context()) { const runtime::v1alpha2::LinuxContainerSecurityContext &sc = lc.security_context(); diff --git a/src/services/cri/cri_security_context.h b/src/services/cri/cri_security_context.h index d0958e0..3c3f75f 100644 --- a/src/services/cri/cri_security_context.h +++ b/src/services/cri/cri_security_context.h @@ -18,15 +18,15 @@ #include #include "api.pb.h" #include "errors.h" -#include "container_custom_config.h" #include "host_config.h" +#include "container_config.h" namespace CRISecurity { -void ApplySandboxSecurityContext(const runtime::v1alpha2::LinuxPodSandboxConfig &lc, container_custom_config *config, +void ApplySandboxSecurityContext(const runtime::v1alpha2::LinuxPodSandboxConfig &lc, container_config *config, host_config *hc, Errors &error); void ApplyContainerSecurityContext(const runtime::v1alpha2::LinuxContainerConfig &lc, const std::string &podSandboxID, - container_custom_config *config, host_config *hc, Errors &errorr); + container_config *config, host_config *hc, Errors &errorr); } // namespace CRISecurity diff --git a/src/services/execution/execute/execution.c b/src/services/execution/execute/execution.c index 667bfaa..40e4376 100644 --- a/src/services/execution/execute/execution.c +++ b/src/services/execution/execute/execution.c @@ -514,7 +514,7 @@ static int prepare_user_remap_config(const container_t *cont) return 0; } -static int generate_user_and_groups_conf(const container_t *cont, oci_runtime_spec_process_user **puser) +static int generate_user_and_groups_conf(const container_t *cont, defs_process_user **puser) { int ret = -1; char *username = NULL; @@ -524,7 +524,7 @@ static int generate_user_and_groups_conf(const container_t *cont, oci_runtime_sp return -1; } - *puser = util_common_calloc_s(sizeof(oci_runtime_spec_process_user)); + *puser = util_common_calloc_s(sizeof(defs_process_user)); if (*puser == NULL) { ERROR("Out of memory"); return -1; @@ -534,11 +534,12 @@ static int generate_user_and_groups_conf(const container_t *cont, oci_runtime_sp username = cont->common_config->config->user; } + /* username may be NULL, we will handle it as UID 0 in get_user */ ret = im_get_user_conf(cont->common_config->image_type, cont->common_config->base_fs, cont->hostconfig, username, *puser); if (ret != 0) { ERROR("Get user failed with '%s'", username ? username : ""); - free_oci_runtime_spec_process_user(*puser); + free_defs_process_user(*puser); *puser = NULL; } @@ -678,6 +679,25 @@ static void clean_resources_on_failure(const container_t *cont, const char *engi return; } +static int renew_oci_config(const container_t *cont, const oci_runtime_spec *oci_spec) +{ + int ret = 0; + defs_process_user *puser = NULL; + + if (generate_user_and_groups_conf(cont, &puser) != 0) { + ret = -1; + goto out; + } + + free_defs_process_user(oci_spec->process->user); + oci_spec->process->user = puser; + puser = NULL; + +out: + free_defs_process_user(puser); + return ret; +} + static int do_start_container(container_t *cont, const char *console_fifos[], bool reset_rm, container_pid_t *pid_info) { @@ -692,11 +712,20 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo char *logdriver = NULL; char *exit_fifo = NULL; char *pidfile = NULL; - oci_runtime_spec_process_user *puser = NULL; + char bundle[PATH_MAX] = { 0 }; const char *runtime = cont->runtime; const char *id = cont->common_config->id; + oci_runtime_spec *oci_spec = NULL; + rt_create_params_t create_params = { 0 }; rt_start_params_t start_params = { 0 }; + nret = snprintf(bundle, sizeof(bundle), "%s/%s", cont->root_path, id); + if (nret < 0 || (size_t)nret >= sizeof(bundle)) { + ERROR("Failed to print bundle string"); + ret = -1; + goto out; + } + DEBUG("bd:%s, state:%s", bundle, cont->state_path); if (mount_dev_tmpfs_for_system_container(cont) < 0) { ret = -1; goto out; @@ -730,26 +759,26 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo goto out; } - nret = im_mount_container_rootfs(cont->common_config->image_type, cont->common_config->image, id); - if (nret != 0) { - ERROR("Failed to mount rootfs for container %s", id); + oci_spec = load_oci_config(cont->root_path, id); + if (oci_spec == NULL) { + ERROR("Failed to load oci config"); ret = -1; goto close_exit_fd; } - if (generate_user_and_groups_conf(cont, &puser) != 0) { + nret = im_mount_container_rootfs(cont->common_config->image_type, cont->common_config->image, id); + if (nret != 0) { + ERROR("Failed to mount rootfs for container %s", id); ret = -1; goto close_exit_fd; } - if (plugin_event_container_pre_start(cont)) { - ERROR("Plugin event pre start failed "); - plugin_event_container_post_stop(cont); /* ignore error */ + if (renew_oci_config(cont, oci_spec) != 0) { ret = -1; goto close_exit_fd; } - if (verify_container_settings_start(cont->root_path, id) != 0) { + if (verify_container_settings_start(oci_spec) != 0) { ret = -1; goto close_exit_fd; } @@ -760,6 +789,26 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo open_stdin = cont->common_config->config->open_stdin; } + create_params.bundle = bundle; + create_params.state = cont->state_path; + create_params.oci_config_data = oci_spec; + create_params.terminal = tty; + create_params.stdin = console_fifos[0]; + create_params.stdout = console_fifos[1]; + create_params.stderr = console_fifos[2]; + + if (runtime_create(id, runtime, &create_params) != 0) { + ret = -1; + goto close_exit_fd; + } + + if (plugin_event_container_pre_start(cont)) { + ERROR("Plugin event pre start failed "); + plugin_event_container_post_stop(cont); /* ignore error */ + ret = -1; + goto close_exit_fd; + } + start_params.rootpath = cont->root_path; start_params.tty = tty; start_params.open_stdin = open_stdin; @@ -769,7 +818,6 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo start_params.start_timeout = start_timeout; start_params.container_pidfile = pidfile; start_params.exit_fifo = exit_fifo; - start_params.puser = puser; ret = runtime_start(id, runtime, &start_params, pid_info); if (ret == 0) { @@ -788,13 +836,14 @@ close_exit_fd: clean_resources: clean_resources_on_failure(cont, engine_log_path, loglevel); + out: - free_oci_runtime_spec_process_user(puser); free(loglevel); free(engine_log_path); free(logdriver); free(exit_fifo); free(pidfile); + free_oci_runtime_spec(oci_spec); if (ret != 0) { umount_rootfs_on_failure(cont); (void)umount_dev_tmpfs_for_system_container(cont); @@ -1232,10 +1281,6 @@ static uint32_t stop_and_start(container_t *cont, int timeout) goto out; } - if (verify_container_settings_start(cont->root_path, id)) { - cc = ISULAD_ERR_EXEC; - goto out; - } if (is_running(cont->state)) { INFO("Container is already running"); goto out; @@ -1273,7 +1318,7 @@ static uint32_t do_restart_container(container_t *cont, int timeout) if (ret == -1) { container_state_set_error(cont->state, (const char *)g_isulad_errmsg); return ISULAD_ERR_EXEC; - } else if (ret == -2) { + } else if (ret == RUNTIME_NOT_IMPLEMENT_RESET) { /* runtime don't implement restart, use stop and start */ return stop_and_start(cont, timeout); } diff --git a/src/services/execution/execute/execution_create.c b/src/services/execution/execute/execution_create.c index 1e94fcc..9e12bdd 100644 --- a/src/services/execution/execute/execution_create.c +++ b/src/services/execution/execute/execution_create.c @@ -148,80 +148,84 @@ error_out: return NULL; } -static container_custom_config *get_custom_spec_from_request(const container_create_request *request) +static container_config *get_container_spec_from_request(const container_create_request *request) { parser_error err = NULL; - container_custom_config *custom_spec = container_custom_config_parse_data(request->customconfig, NULL, &err); - if (custom_spec == NULL) { + container_config *container_spec = container_config_parse_data(request->customconfig, NULL, &err); + if (container_spec == NULL) { ERROR("Failed to parse custom config data:%s", err); } free(err); - return custom_spec; + return container_spec; } -static int add_default_log_config_to_custom_spec(const char *id, const char *runtime_root, - container_custom_config *custom_config) +static int add_default_log_config_to_container_spec(const char *id, const char *runtime_root, + container_config *container_spec) { int ret = 0; /* generate default log path */ - if (custom_config->log_config == NULL) { - custom_config->log_config = util_common_calloc_s(sizeof(container_custom_config_log_config)); - if (custom_config->log_config == NULL) { + if (container_spec->log_config == NULL) { + container_spec->log_config = util_common_calloc_s(sizeof(container_config_log_config)); + if (container_spec->log_config == NULL) { ERROR("Out of memory"); ret = -1; goto out; } } - if (custom_config->log_config->log_file == NULL) { + if (container_spec->log_config->log_file == NULL) { char default_path[PATH_MAX] = { 0 }; int nret = snprintf(default_path, PATH_MAX, "%s/%s/console.log", runtime_root, id); - if (nret >= PATH_MAX || nret < 0) { + if (nret < 0 || nret >= PATH_MAX) { ERROR("Create default log path for container %s failed", id); ret = -1; goto out; } - custom_config->log_config->log_file = util_strdup_s(default_path); + container_spec->log_config->log_file = util_strdup_s(default_path); } out: return ret; } -static container_custom_config *get_custom_spec(const char *id, const char *runtime_root, - const container_create_request *request) +static container_config *get_container_spec(const char *id, const char *runtime_root, + const container_create_request *request) { - container_custom_config *custom_spec = NULL; + container_config *container_spec = NULL; - custom_spec = get_custom_spec_from_request(request); - if (custom_spec == NULL) { + container_spec = get_container_spec_from_request(request); + if (container_spec == NULL) { return NULL; } - if (add_default_log_config_to_custom_spec(id, runtime_root, custom_spec)) { + if (add_default_log_config_to_container_spec(id, runtime_root, container_spec)) { goto error_out; } - return custom_spec; + return container_spec; error_out: - free_container_custom_config(custom_spec); + free_container_config(container_spec); return NULL; } -static oci_runtime_spec *merge_config(const char *id, const char *image_type, const char *image_name, - const char *ext_config_image, host_config *host_spec, - container_custom_config *custom_spec, - container_config_v2_common_config *v2_spec, char **real_rootfs) +static oci_runtime_spec *generate_oci_config(host_config *host_spec, + const char *real_rootfs, + container_config_v2_common_config *v2_spec) { + int ret = 0; oci_runtime_spec *oci_spec = NULL; - oci_spec = merge_container_config(id, image_type, image_name, ext_config_image, host_spec, custom_spec, - v2_spec, real_rootfs); + oci_spec = default_spec(host_spec->system_container); if (oci_spec == NULL) { + goto error_out; + } + + ret = merge_all_specs(host_spec, real_rootfs, v2_spec, oci_spec); + if (ret != 0) { ERROR("Failed to merge config"); goto error_out; } @@ -239,7 +243,7 @@ error_out: } static int merge_config_for_syscontainer(const container_create_request *request, const host_config *host_spec, - const container_custom_config *custom_spec, const oci_runtime_spec *oci_spec) + const container_config *container_spec, const oci_runtime_spec *oci_spec) { int ret = 0; @@ -247,7 +251,7 @@ static int merge_config_for_syscontainer(const container_create_request *request return 0; } - if (merge_network(host_spec, request->rootfs, custom_spec->hostname) != 0) { + if (merge_network(host_spec, request->rootfs, container_spec->hostname) != 0) { ERROR("Failed to merge network config"); ret = -1; goto out; @@ -547,34 +551,6 @@ void umount_host_channel(const host_config_host_channel *host_channel) } } -static int generate_merged_oci_config_json(const char *id, oci_runtime_spec *oci_spec, - char **oci_config_data) -{ - char *err = NULL; - - if (verify_container_settings(oci_spec)) { - ERROR("Failed to verify container settings"); - return -1; - } - - /* modify oci_spec by plugin. */ - if (plugin_event_container_pre_create(id, oci_spec)) { - ERROR("Plugin event pre create failed"); - (void)plugin_event_container_post_remove2(id, oci_spec); /* ignore error */ - return -1; - } - - *oci_config_data = oci_runtime_spec_generate_json(oci_spec, 0, &err); - if (*oci_config_data == NULL) { - ERROR("Failed to generate runtime spec json,erro:%s", err); - free(err); - isulad_set_error_message("Failed to generate runtime spec json"); - return -1; - } - free(err); - return 0; -} - static int create_container_root_dir(const char *id, const char *runtime_root) { int ret = 0; @@ -623,104 +599,6 @@ out: return ret; } -static container_config_v2_common_config *get_config_v2_spec(const char *id, const char *runtime_root, - const host_config *host_spec) -{ - container_config_v2_common_config *v2_spec = NULL; - - v2_spec = util_common_calloc_s(sizeof(container_config_v2_common_config)); - if (v2_spec == NULL) { - ERROR("Failed to malloc container_config_v2_common_config"); - return NULL; - } - - /* set network config to v2_spec */ - if (init_container_network_confs(id, runtime_root, host_spec, v2_spec) != 0) { - ERROR("Init Network files failed"); - goto error_out; - } - - return v2_spec; - -error_out: - free_container_config_v2_common_config(v2_spec); - return NULL; -} - -/* save config v2 */ -static int create_v2_config_json(const char *id, const char *runtime_root, container_config_v2_common_config *v2_spec) -{ - int ret = 0; - char *json_v2 = NULL; - parser_error err = NULL; - container_config_v2 config_v2 = { 0 }; - container_config_v2_state state = { 0 }; - - config_v2.common_config = v2_spec; - config_v2.state = &state; - - json_v2 = container_config_v2_generate_json(&config_v2, NULL, &err); - if (json_v2 == NULL) { - ERROR("Failed to generate container config V2 json string:%s", err ? err : " "); - ret = -1; - goto out; - } - - ret = save_config_v2_json(id, runtime_root, json_v2); - if (ret != 0) { - ERROR("Failed to save container config V2 json to file"); - ret = -1; - goto out; - } - -out: - free(json_v2); - free(err); - return ret; -} - -/* save host config */ -static int create_host_config_json(const char *id, const char *runtime_root, const host_config *host_spec) -{ - int ret = 0; - char *json_host_config = NULL; - parser_error err = NULL; - - json_host_config = host_config_generate_json(host_spec, NULL, &err); - if (json_host_config == NULL) { - ERROR("Failed to generate container host config json string:%s", err ? err : " "); - ret = -1; - goto out; - } - - ret = save_host_config(id, runtime_root, json_host_config); - if (ret != 0) { - ERROR("Failed to save container host config json to file"); - ret = -1; - goto out; - } - -out: - free(json_host_config); - free(err); - - return ret; -} - -static int save_container_config_before_create(const char *id, const char *runtime_root, host_config *host_spec, - container_config_v2_common_config *v2_spec) -{ - if (create_v2_config_json(id, runtime_root, v2_spec) != 0) { - return -1; - } - - if (create_host_config_json(id, runtime_root, host_spec) != 0) { - return -1; - } - - return 0; -} - static host_config_host_channel *dup_host_channel(const host_config_host_channel *channel) { host_config_host_channel *dup_channel = NULL; @@ -744,15 +622,6 @@ static host_config_host_channel *dup_host_channel(const host_config_host_channel return dup_channel; } -static int verify_merged_custom_config(const container_custom_config *custom_spec) -{ - if (verify_health_check_parameter(custom_spec) != 0) { - return -1; - } - - return 0; -} - static int response_allocate_memory(container_create_response **response) { if (response == NULL) { @@ -837,75 +706,28 @@ static int preparate_runtime_environment(const container_create_request *request } static int get_basic_spec(const container_create_request *request, const char *id, const char *runtime_root, - host_config **host_spec, container_custom_config **custom_spec) + host_config **host_spec, container_config **container_spec) { *host_spec = get_host_spec(request); if (*host_spec == NULL) { return -1; } - *custom_spec = get_custom_spec(id, runtime_root, request); - if (*custom_spec == NULL) { - return -1; - } - - return 0; -} - -static int get_v2_spec(const container_create_request *request, const char *id, const char *name, - const char *runtime_root, const host_config *host_spec, const char *image_type, - container_config_v2_common_config **v2_spec) -{ - *v2_spec = get_config_v2_spec(id, runtime_root, host_spec); - if (*v2_spec == NULL) { - ERROR("Failed to malloc container_config_v2_common_config"); - return -1; - } - - if (v2_spec_make_basic_info(id, name, request->image, image_type, *v2_spec) != 0) { - ERROR("Failed to malloc container_config_v2_common_config"); - return -1; - } - - return 0; -} - -static int v2_spec_merge_config(const container_custom_config *custom_spec, const oci_runtime_spec *oci_spec, - container_config_v2_common_config *v2_spec) -{ - if (v2_spec_merge_custom_spec(custom_spec, v2_spec) != 0) { - ERROR("Failed to malloc container_config_v2_common_config"); - return -1; - } - - if (v2_spec_merge_oci_spec(oci_spec, v2_spec) != 0) { - ERROR("Failed to malloc container_config_v2_common_config"); - return -1; - } - - return 0; -} - -static int generate_oci_config_json(const char *id, const container_create_request *request, - const host_config *host_spec, const container_custom_config *custom_spec, - oci_runtime_spec *oci_spec, char **oci_config_data) -{ - if (verify_merged_custom_config(custom_spec)) { - return -1; - } - - if (merge_config_for_syscontainer(request, host_spec, custom_spec, oci_spec) != 0) { - ERROR("Failed to merge config for syscontainer"); - return -1; - } - - if (generate_merged_oci_config_json(id, oci_spec, oci_config_data) != 0) { + *container_spec = get_container_spec(id, runtime_root, request); + if (*container_spec == NULL) { return -1; } return 0; } +/* + * request -> host_spec + container_spec + * container_spec + image config + * host_spec + container_spec + default_spec+ global_spec => oci_spec + * verify oci_spec + * register container(save v2_spec\host_spec\oci_spec) + */ int container_create_cb(const container_create_request *request, container_create_response **response) { @@ -921,11 +743,10 @@ int container_create_cb(const container_create_request *request, const char *ext_config_image = NULL; oci_runtime_spec *oci_spec = NULL; host_config *host_spec = NULL; - container_custom_config *custom_spec = NULL; + container_config *container_spec = NULL; container_config_v2_common_config *v2_spec = NULL; host_config_host_channel *host_channel = NULL; - rt_create_params_t create_params = { 0 }; - rt_rm_params_t delete_params = { 0 }; + int ret = 0; DAEMON_CLEAR_ERRMSG(); @@ -946,75 +767,109 @@ int container_create_cb(const container_create_request *request, goto clean_nameindex; } - if (get_basic_spec(request, id, runtime_root, &host_spec, &custom_spec) != 0) { + if (get_basic_spec(request, id, runtime_root, &host_spec, &container_spec) != 0) { cc = ISULAD_ERR_INPUT; goto clean_container_root_dir; } - if (get_v2_spec(request, id, name, runtime_root, host_spec, image_type, &v2_spec) != 0) { - cc = ISULAD_ERR_EXEC; + v2_spec = util_common_calloc_s(sizeof(container_config_v2_common_config)); + if (v2_spec == NULL) { + ERROR("Failed to malloc container_config_v2_common_config"); + cc = ISULAD_ERR_INPUT; goto clean_container_root_dir; } - if (save_container_config_before_create(id, runtime_root, host_spec, v2_spec) != 0) { - cc = ISULAD_ERR_EXEC; + char timebuffer[TIME_STR_SIZE] = { 0 }; + v2_spec->id = id ? util_strdup_s(id) : NULL; + v2_spec->name = name ? util_strdup_s(name) : NULL; + v2_spec->image = image_name ? util_strdup_s(image_name) : util_strdup_s("none"); + v2_spec->image_type = image_type ? util_strdup_s(image_type) : NULL; + (void)get_now_time_buffer(timebuffer, sizeof(timebuffer)); + free(v2_spec->created); + v2_spec->created = util_strdup_s(timebuffer); + + v2_spec->config = container_spec; + + /* set network config to v2_spec */ + if (init_container_network_confs(id, runtime_root, host_spec, v2_spec) != 0) { + ERROR("Init Network files failed"); + cc = ISULAD_ERR_INPUT; goto clean_container_root_dir; } - host_channel = dup_host_channel(host_spec->host_channel); - if (prepare_host_channel(host_channel, host_spec->user_remap)) { - ERROR("Failed to prepare host channel with '%s'", host_spec->host_channel); + ret = im_merge_image_config(id, image_type, image_name, ext_config_image, host_spec, + v2_spec->config, &real_rootfs); + if (ret != 0) { + ERROR("Can not merge container_spec with image config"); cc = ISULAD_ERR_EXEC; goto clean_container_root_dir; } - oci_spec = merge_config(id, image_type, image_name, ext_config_image, host_spec, custom_spec, v2_spec, - &real_rootfs); - if (oci_spec == NULL) { + if (verify_health_check_parameter(v2_spec->config) != 0) { cc = ISULAD_ERR_EXEC; goto clean_rootfs; } - if (real_rootfs == NULL) { - ERROR("Can not found rootfs"); - cc = ISULAD_ERR_INPUT; + + oci_spec = generate_oci_config(host_spec, real_rootfs, v2_spec); + if (oci_spec == NULL) { + cc = ISULAD_ERR_EXEC; goto clean_rootfs; } - if (generate_oci_config_json(id, request, host_spec, custom_spec, oci_spec, &oci_config_data) != 0) { - cc = ISULAD_ERR_INPUT; + if (merge_config_for_syscontainer(request, host_spec, v2_spec->config, oci_spec) != 0) { + ERROR("Failed to merge config for syscontainer"); + cc = ISULAD_ERR_EXEC; goto clean_rootfs; } - create_params.real_rootfs = real_rootfs; - create_params.oci_config_data = oci_config_data; + /* modify oci_spec by plugin. */ + if (plugin_event_container_pre_create(id, oci_spec) != 0) { + ERROR("Plugin event pre create failed"); + (void)plugin_event_container_post_remove2(id, oci_spec); /* ignore error */ + cc = ISULAD_ERR_EXEC; + goto clean_rootfs; + } - if (runtime_create(id, runtime, &create_params) != 0) { - ERROR("Runtime create container failed"); + host_channel = dup_host_channel(host_spec->host_channel); + if (prepare_host_channel(host_channel, host_spec->user_remap)) { + ERROR("Failed to prepare host channel with '%s'", host_spec->host_channel); + sleep(111); cc = ISULAD_ERR_EXEC; goto clean_rootfs; } - if (v2_spec_merge_config(custom_spec, oci_spec, v2_spec) != 0) { + if (verify_container_settings(oci_spec)) { + ERROR("Failed to verify container settings"); + cc = ISULAD_ERR_EXEC; + goto umount_channel; + } + + if (save_oci_config(id, runtime_root, oci_spec) != 0) { + ERROR("Failed to save container settings"); cc = ISULAD_ERR_EXEC; - goto clean_on_error; + goto umount_channel; + } + + if (v2_spec_merge_contaner_spec(v2_spec) != 0) { + ERROR("Failed to merge container settings"); + cc = ISULAD_ERR_EXEC; + goto umount_channel; } if (register_new_container(id, runtime, &host_spec, &v2_spec)) { ERROR("Failed to register new container"); cc = ISULAD_ERR_EXEC; - goto clean_on_error; + goto umount_channel; } EVENT("Event: {Object: %s, Type: Created %s}", id, name); goto pack_response; -clean_on_error: - delete_params.rootpath = runtime_root; - (void)runtime_rm(id, runtime, &delete_params); +umount_channel: + umount_host_channel(host_channel); clean_rootfs: (void)im_remove_container_rootfs(image_type, id); - umount_host_channel(host_channel); clean_container_root_dir: (void)delete_container_root_dir(id, runtime_root); @@ -1033,7 +888,6 @@ pack_response: free(id); free_oci_runtime_spec(oci_spec); free_host_config(host_spec); - free_container_custom_config(custom_spec); free_container_config_v2_common_config(v2_spec); free_host_config_host_channel(host_channel); free_log_prefix(); diff --git a/src/services/execution/execute/execution_extend.c b/src/services/execution/execute/execution_extend.c index b0d0c13..8d1f44c 100644 --- a/src/services/execution/execute/execution_extend.c +++ b/src/services/execution/execute/execution_extend.c @@ -41,6 +41,7 @@ #include "execution_extend.h" #include "sysinfo.h" #include "health_check.h" +#include "specs.h" #include "runtime.h" #include "filters.h" @@ -1000,6 +1001,8 @@ static int do_update_resources(const container_update_request *request, containe parser_error err = NULL; host_config *hostconfig = NULL; host_config *backup_hostconfig = NULL; + oci_runtime_spec *oci_spec = NULL; + oci_runtime_spec *backup_oci_spec = NULL; rt_update_params_t params = { 0 }; if (request->host_config == NULL) { @@ -1029,29 +1032,67 @@ static int do_update_resources(const container_update_request *request, containe } if (update_container(cont, hostconfig)) { - host_config_restore_unlocking(cont, backup_hostconfig); ret = -1; - goto unlock_out; + goto restore_hostspec; } if (container_to_disk(cont)) { ERROR("Failed to save container \"%s\" to disk", id); - host_config_restore_unlocking(cont, backup_hostconfig); ret = -1; - goto unlock_out; + goto restore_hostspec; } if (hostconfig->restart_policy && hostconfig->restart_policy->name) { container_update_restart_manager(cont, hostconfig->restart_policy); } - params.rootpath = cont->root_path; - params.hostconfig = hostconfig; - if (runtime_update(id, cont->runtime, ¶ms)) { - ERROR("Update container %s failed", id); + oci_spec = load_oci_config(cont->root_path, id); + if (oci_spec == NULL) { + ERROR("Failed to load oci config"); ret = -1; - goto unlock_out; + goto restore_hostspec; + } + + backup_oci_spec = load_oci_config(cont->root_path, id); + if (oci_spec == NULL) { + ERROR("Failed to load oci config"); + ret = -1; + goto restore_hostspec; + } + + ret = merge_conf_cgroup(oci_spec, hostconfig); + if (ret != 0) { + ERROR("Failed to merge cgroup config to oci spec"); + ret = -1; + goto restore_hostspec; } + if (save_oci_config(id, cont->root_path, oci_spec) != 0) { + ERROR("Failed to save updated oci spec"); + ret = -1; + goto restore_ocispec; + } + + if (is_running(cont->state)) { + params.rootpath = cont->root_path; + params.hostconfig = hostconfig; + if (runtime_update(id, cont->runtime, ¶ms)) { + ERROR("Update container %s failed", id); + ret = -1; + goto restore_ocispec; + } + } + + goto unlock_out; + +restore_ocispec: + if (save_oci_config(id, cont->root_path, backup_oci_spec) != 0) { + ERROR("Failed to restore oci spec"); + ret = -1; + } + +restore_hostspec: + host_config_restore_unlocking(cont, backup_hostconfig); + unlock_out: container_unlock(cont); out: @@ -1059,6 +1100,8 @@ out: free_host_config(backup_hostconfig); } free_host_config(hostconfig); + free_oci_runtime_spec(oci_spec); + free_oci_runtime_spec(backup_oci_spec); free(err); return ret; } diff --git a/src/services/execution/execute/execution_network.c b/src/services/execution/execute/execution_network.c index 85a7ba5..8b25de9 100644 --- a/src/services/execution/execute/execution_network.c +++ b/src/services/execution/execute/execution_network.c @@ -760,7 +760,7 @@ cleanup: } static int init_container_network_confs_container(const char *id, const host_config *hc, - container_config_v2_common_config *common_config) + container_config_v2_common_config *v2_spec) { int ret = 0; size_t len = strlen(SHARE_NAMESPACE_PREFIX); @@ -773,89 +773,222 @@ static int init_container_network_confs_container(const char *id, const host_con } if (nc->common_config->hostname_path != NULL) { - free(common_config->hostname_path); - common_config->hostname_path = util_strdup_s(nc->common_config->hostname_path); + free(v2_spec->hostname_path); + v2_spec->hostname_path = util_strdup_s(nc->common_config->hostname_path); } if (nc->common_config->hosts_path != NULL) { - free(common_config->hosts_path); - common_config->hosts_path = util_strdup_s(nc->common_config->hosts_path); + free(v2_spec->hosts_path); + v2_spec->hosts_path = util_strdup_s(nc->common_config->hosts_path); } if (nc->common_config->resolv_conf_path != NULL) { - free(common_config->resolv_conf_path); - common_config->resolv_conf_path = util_strdup_s(nc->common_config->resolv_conf_path); + free(v2_spec->resolv_conf_path); + v2_spec->resolv_conf_path = util_strdup_s(nc->common_config->resolv_conf_path); } if (nc->common_config->config != NULL && nc->common_config->config->hostname != NULL) { - if (common_config->config == NULL) { - common_config->config = util_common_calloc_s(sizeof(container_config)); - if (common_config->config == NULL) { - ERROR("Out of memory"); - ret = -1; - goto cleanup; - } - } - - free(common_config->config->hostname); - common_config->config->hostname = util_strdup_s(nc->common_config->config->hostname); + free(v2_spec->config->hostname); + v2_spec->config->hostname = util_strdup_s(nc->common_config->config->hostname); } -cleanup: container_unref(nc); return ret; } -int init_container_network_confs(const char *id, const char *rootpath, const host_config *hc, - container_config_v2_common_config *common_config) +static int create_default_hostname(const char *id, const char *rootpath, bool share_host, + container_config_v2_common_config *v2_spec) { int ret = 0; + int nret = 0; char file_path[PATH_MAX] = { 0x0 }; + char hostname_content[MAX_HOST_NAME_LEN + 2] = { 0 }; - // is container mode - if (is_container(hc->network_mode)) { - ret = init_container_network_confs_container(id, hc, common_config); - goto cleanup; - } - - // is host mode - if (is_host(hc->network_mode)) { - if (common_config->config == NULL) { - common_config->config = util_common_calloc_s(sizeof(container_config)); - if (common_config->config == NULL) { - ERROR("Out of memory"); - ret = -1; - goto cleanup; - } - } - if (common_config->config->hostname == NULL) { + if (v2_spec->config->hostname == NULL) { + if (share_host) { char hostname[MAX_HOST_NAME_LEN] = { 0x00 }; ret = gethostname(hostname, sizeof(hostname)); if (ret != 0) { ERROR("Get hostname error"); - goto cleanup; + goto out; } - common_config->config->hostname = util_strdup_s(hostname); + v2_spec->config->hostname = util_strdup_s(hostname); + } else { + v2_spec->config->hostname = util_strdup_s("localhost"); } } - // create hosts, resolv.conf and so - int nret = snprintf(file_path, PATH_MAX, "%s/%s/%s", rootpath, id, "hosts"); - if (nret >= PATH_MAX || nret < 0) { + nret = snprintf(file_path, PATH_MAX, "%s/%s/%s", rootpath, id, "hostname"); + if (nret < 0 || nret >= PATH_MAX) { ERROR("Failed to print string"); ret = -1; - goto cleanup; + goto out; } - free(common_config->hosts_path); - common_config->hosts_path = util_strdup_s(file_path); - nret = snprintf(file_path, PATH_MAX, "%s/%s/%s", rootpath, id, "resolv.conf"); - if (nret >= PATH_MAX || nret < 0) { + + nret = snprintf(hostname_content, MAX_HOST_NAME_LEN + 2, "%s\n", v2_spec->config->hostname); + if (nret < 0 || (size_t)nret >= sizeof(hostname_content)) { ERROR("Failed to print string"); ret = -1; - goto cleanup; + goto out; } - free(common_config->resolv_conf_path); - common_config->resolv_conf_path = util_strdup_s(file_path); -cleanup: + + if (util_write_file(file_path, hostname_content, strlen(hostname_content)) != 0) { + ERROR("Failed to create default hostname"); + ret = -1; + goto out; + } + + free(v2_spec->hostname_path); + v2_spec->hostname_path = util_strdup_s(file_path); + +out: + return ret; +} + +static int write_default_hosts(const char *file_path, const char *hostname) +{ + int ret = 0; + char *content = NULL; + size_t content_len = 0; + const char *default_config = "127.0.0.1 localhost\n" + "::1 localhost ip6-localhost ip6-loopback\n" + "fe00::0 ip6-localnet\n" + "ff00::0 ip6-mcastprefix\n" + "ff02::1 ip6-allnodes\n" + "ff02::2 ip6-allrouters\n"; + const char *loop_ip = "127.0.0.1 "; + + if (strlen(hostname) > (((SIZE_MAX - strlen(default_config)) - strlen(loop_ip)) - 2)) { + ret = -1; + goto out_free; + } + + content_len = strlen(default_config) + strlen(loop_ip) + strlen(hostname) + 1 + 1; + content = util_common_calloc_s(content_len); + if (content == NULL) { + ERROR("Memory out"); + ret = -1; + goto out_free; + } + + ret = snprintf(content, content_len, "%s%s%s\n", default_config, loop_ip, hostname); + if (ret < 0 || (size_t)ret >= content_len) { + ERROR("Failed to generate default hosts"); + ret = -1; + goto out_free; + } + + ret = util_write_file(file_path, content, strlen(content)); + if (ret != 0) { + ret = -1; + goto out_free; + } + +out_free: + free(content); + return ret; +} + + +static int create_default_hosts(const char *id, const char *rootpath, bool share_host, + container_config_v2_common_config *v2_spec) +{ + int ret = 0; + char file_path[PATH_MAX] = { 0x0 }; + + ret = snprintf(file_path, PATH_MAX, "%s/%s/%s", rootpath, id, "hosts"); + if (ret < 0 || ret >= PATH_MAX) { + ERROR("Failed to print string"); + ret = -1; + goto out; + } + + if (share_host && util_file_exists(ETC_HOSTS)) { + ret = util_copy_file(ETC_HOSTS, file_path); + } else { + ret = write_default_hosts(file_path, v2_spec->config->hostname); + } + + if (ret != 0) { + ERROR("Failed to create default hosts"); + goto out; + } + + free(v2_spec->hosts_path); + v2_spec->hosts_path = util_strdup_s(file_path); + +out: + return ret; +} + +static int write_default_resolve(const char *file_path) +{ + const char *default_ipv4_dns = "\nnameserver 8.8.8.8\nnameserver 8.8.4.4\n";; + + return util_write_file(file_path, default_ipv4_dns, strlen(default_ipv4_dns)); +} + +static int create_default_resolv(const char *id, const char *rootpath, container_config_v2_common_config *v2_spec) +{ + int ret = 0; + char file_path[PATH_MAX] = { 0x0 }; + + ret = snprintf(file_path, PATH_MAX, "%s/%s/%s", rootpath, id, "resolv.conf"); + if (ret < 0 || ret >= PATH_MAX) { + ERROR("Failed to print string"); + ret = -1; + goto out; + } + + if (util_file_exists(RESOLV_CONF_PATH)) { + ret = util_copy_file(RESOLV_CONF_PATH, file_path); + } else { + ret = write_default_resolve(file_path); + } + + if (ret != 0) { + ERROR("Failed to create default resolv.conf"); + goto out; + } + + free(v2_spec->resolv_conf_path); + v2_spec->resolv_conf_path = util_strdup_s(file_path); + +out: + return ret; +} + + + +int init_container_network_confs(const char *id, const char *rootpath, const host_config *hc, + container_config_v2_common_config *v2_spec) +{ + int ret = 0; + bool share_host = is_host(hc->network_mode); + + // is container mode + if (is_container(hc->network_mode)) { + return init_container_network_confs_container(id, hc, v2_spec); + } + + if (create_default_hostname(id, rootpath, share_host, v2_spec) != 0) { + ERROR("Failed to create default hostname"); + ret = -1; + goto out; + } + + if (create_default_hosts(id, rootpath, share_host, v2_spec) != 0) { + ERROR("Failed to create default hosts"); + ret = -1; + goto out; + } + + if (create_default_resolv(id, rootpath, v2_spec) != 0) { + ERROR("Failed to create default resolv.conf"); + ret = -1; + goto out; + } + +out: return ret; } diff --git a/src/services/execution/execute/execution_stream.c b/src/services/execution/execute/execution_stream.c index 26110ce..b5004ad 100644 --- a/src/services/execution/execute/execution_stream.c +++ b/src/services/execution/execute/execution_stream.c @@ -248,14 +248,129 @@ out: return ret; } -static int exec_container(container_t *cont, const char *runtime, char * const console_fifos[], const char *user, - size_t argc, const char **argv, size_t env_len, const char **env, - int64_t timeout, const char *suffix, int *exit_code) +int merge_exec_process_env(defs_process *spec, const container_config *container_spec, const char **env, size_t env_len) +{ + int ret = 0; + size_t env_count = 0; + size_t i = 0; + + if (env_len > LIST_ENV_SIZE_MAX - container_spec->env_len) { + ERROR("The length of envionment variables is too long, the limit is %d", LIST_ENV_SIZE_MAX); + isulad_set_error_message("The length of envionment variables is too long, the limit is %d", LIST_ENV_SIZE_MAX); + ret = -1; + goto out; + } + env_count = container_spec->env_len + env_len; + if (env_count == 0) { + ret = 0; + goto out; + } + + spec->env = util_common_calloc_s(env_count * sizeof(char *)); + if (spec->env == NULL) { + ERROR("Failed to malloc memory for envionment variables"); + ret = -1; + goto out; + } + + for (i = 0; i < container_spec->env_len; i++) { + spec->env[spec->env_len] = util_strdup_s(container_spec->env[i]); + spec->env_len++; + } + + for (i = 0; i < env_len; i++) { + spec->env[spec->env_len] = util_strdup_s(env[i]); + spec->env_len++; + } + +out: + return ret; +} + +static int dup_defs_process_user(defs_process_user *src, defs_process_user **dst) +{ + int ret = 0; + size_t i; + + if (src == NULL) { + return 0; + } + + *dst = (defs_process_user *)util_common_calloc_s(sizeof(defs_process_user)); + if (*dst == NULL) { + ERROR("Out of memory"); + return -1; + } + + (*dst)->username = util_strdup_s(src->username); + (*dst)->uid = src->uid; + (*dst)->gid = src->gid; + + if (src->additional_gids_len != 0) { + (*dst)->additional_gids = util_common_calloc_s(sizeof(gid_t) * src->additional_gids_len); + if ((*dst)->additional_gids == NULL) { + ERROR("Out of memory"); + ret = -1; + goto out; + } + (*dst)->additional_gids_len = src->additional_gids_len; + for (i = 0; i < src->additional_gids_len; i++) { + (*dst)->additional_gids[i] = src->additional_gids[i]; + } + } + +out: + return ret; +} + +static defs_process *make_exec_process_spec(const container_config *container_spec, defs_process_user *puser, + const container_exec_request *request) +{ + int ret = 0; + defs_process *spec = NULL; + + spec = util_common_calloc_s(sizeof(defs_process)); + if (spec == NULL) { + return NULL; + } + + ret = merge_exec_process_env(spec, container_spec, (const char **)request->env, request->env_len); + if (ret != 0) { + ERROR("Failed to dup args for exec process spec"); + goto err_out; + } + + ret = dup_array_of_strings((const char **)request->argv, request->argv_len, &(spec->args), &(spec->args_len)); + if (ret != 0) { + ERROR("Failed to dup envs for exec process spec"); + goto err_out; + } + + ret = dup_defs_process_user(puser, &(spec->user)); + if (ret != 0) { + ERROR("Failed to dup process user for exec process spec"); + goto err_out; + } + + spec->terminal = request->tty; + spec->cwd = util_strdup_s(container_spec->working_dir ? container_spec->working_dir : "/"); + + return spec; + +err_out: + free_defs_process(spec); + return NULL; +} + +static int exec_container(container_t *cont, const char *runtime, char * const console_fifos[], + defs_process_user *puser, + const container_exec_request *request, int *exit_code) { int ret = 0; char *engine_log_path = NULL; char *loglevel = NULL; char *logdriver = NULL; + defs_process *process_spec = NULL; rt_exec_params_t params = { 0 }; loglevel = conf_get_isulad_loglevel(); @@ -277,17 +392,20 @@ static int exec_container(container_t *cont, const char *runtime, char * const c goto out; } + process_spec = make_exec_process_spec(cont->common_config->config, puser, request); + if (process_spec == NULL) { + ERROR("Exec: Failed to make process spec"); + ret = -1; + goto out; + } + params.loglevel = loglevel; params.logpath = engine_log_path; params.console_fifos = (const char **)console_fifos; params.rootpath = cont->root_path; - params.timeout = timeout; - params.user = user; - params.args = (const char * const *)argv; - params.args_len = argc; - params.envs = (const char * const *)env; - params.envs_len = env_len; - params.suffix = suffix; + params.timeout = request->timeout; + params.suffix = request->suffix; + params.spec = process_spec; if (runtime_exec(cont->common_config->id, runtime, ¶ms, exit_code)) { ERROR("Runtime exec container failed"); @@ -299,6 +417,7 @@ out: free(loglevel); free(engine_log_path); free(logdriver); + free_defs_process(process_spec); return ret; } @@ -408,100 +527,23 @@ static void container_exec_cb_end(container_exec_response *response, uint32_t cc } } -static int get_user_and_groups_conf(const container_t *cont, const char *username, - oci_runtime_spec_process_user **puser) +static int get_exec_user_info(const container_t *cont, const char *username, defs_process_user **puser) { - int ret = -1; - if (username == NULL) { - return 0; - } - - if (cont == NULL || cont->common_config == NULL) { - ERROR("Can not found container config"); - return -1; - } + int ret = 0; - *puser = util_common_calloc_s(sizeof(oci_runtime_spec_process_user)); + *puser = util_common_calloc_s(sizeof(defs_process_user)); if (*puser == NULL) { ERROR("Out of memory"); return -1; } - ret = im_get_user_conf(cont->common_config->image_type, cont->common_config->base_fs, cont->hostconfig, username, *puser); if (ret != 0) { ERROR("Get user failed with '%s'", username ? username : ""); - free_oci_runtime_spec_process_user(*puser); - *puser = NULL; - } - - return ret; -} - -// user string(UID:GID) -static int generate_user_string_by_uid_gid(const oci_runtime_spec_process_user *puser, char **user) -{ - char uid_str[ISULAD_NUMSTRLEN32] = { 0 }; - char gid_str[ISULAD_NUMSTRLEN32] = { 0 }; - size_t len; - - int nret = snprintf(uid_str, ISULAD_NUMSTRLEN32, "%u", (unsigned int)puser->uid); - if (nret >= ISULAD_NUMSTRLEN32 || nret < 0) { - ERROR("Invalid UID:%u", (unsigned int)puser->uid); - return -1; - } - - nret = snprintf(gid_str, ISULAD_NUMSTRLEN32, "%u", (unsigned int)puser->gid); - if (nret >= ISULAD_NUMSTRLEN32 || nret < 0) { - ERROR("Invalid attach uid value :%u", (unsigned int)puser->gid); - return -1; - } - - len = strlen(uid_str) + 1 + strlen(gid_str) + 1; - *user = (char *)util_common_calloc_s(len * sizeof(char)); - if (*user == NULL) { - ERROR("Out of memory"); - return -1; - } - - nret = snprintf(*user, len, "%u:%u", (unsigned int)puser->uid, (unsigned int)puser->gid); - if ((size_t)nret >= len || nret < 0) { - ERROR("Invalid UID:GID (%u:%u)", (unsigned int)puser->uid, (unsigned int)puser->gid); - free(*user); - *user = NULL; - return -1; - } - - return 0; -} - -static int get_exec_user_string(const container_t *cont, const char *username, char **user) -{ - int ret = 0; - oci_runtime_spec_process_user *puser = NULL; - - if (username == NULL) { - return 0; - } - - if (cont == NULL || user == NULL) { - ERROR("Invalid parameters"); - return -1; - } - - if (get_user_and_groups_conf(cont, username, &puser) != 0) { - ERROR("Failed to get user and groups conf"); ret = -1; goto out; } - - if (generate_user_string_by_uid_gid(puser, user) != 0) { - ret = -1; - goto out; - } - out: - free_oci_runtime_spec_process_user(puser); return ret; } @@ -516,7 +558,7 @@ static int container_exec_cb(const container_exec_request *request, container_ex char *fifopath = NULL; pthread_t thread_id = 0; container_t *cont = NULL; - char *user = NULL; + defs_process_user *puser = NULL; DAEMON_CLEAR_ERRMSG(); if (request == NULL || response == NULL) { @@ -529,11 +571,6 @@ static int container_exec_cb(const container_exec_request *request, container_ex } id = cont->common_config->id; - if (get_exec_user_string(cont, request->user, &user) != 0) { - cc = ISULAD_ERR_EXEC; - goto pack_response; - } - set_log_prefix(id); EVENT("Event: {Object: %s, Type: execing}", id); @@ -565,14 +602,19 @@ static int container_exec_cb(const container_exec_request *request, container_ex goto pack_response; } + if (request->user != NULL) { + if (get_exec_user_info(cont, request->user, &puser) != 0) { + cc = ISULAD_ERR_EXEC; + goto pack_response; + } + } + if (exec_prepare_console(cont, request, stdinfd, stdout_handler, fifos, &fifopath, &sync_fd, &thread_id)) { cc = ISULAD_ERR_EXEC; goto pack_response; } - if (exec_container(cont, cont->runtime, (char * const *)fifos, user, request->argv_len, - (const char **)request->argv, request->env_len, - (const char **)request->env, request->timeout, request->suffix, &exit_code)) { + if (exec_container(cont, cont->runtime, (char * const *)fifos, puser, request, &exit_code)) { cc = ISULAD_ERR_EXEC; goto pack_response; } @@ -586,7 +628,7 @@ pack_response: free(fifos[1]); free(fifos[2]); free(fifopath); - free(user); + free_defs_process_user(puser); container_unref(cont); free_log_prefix(); @@ -2026,6 +2068,7 @@ static int container_logs_cb(const struct isulad_logs_request *request, stream_f container_t *cont = NULL; struct container_log_config *log_config = NULL; struct last_log_file_position last_pos = {0}; + Container_Status status = CONTAINER_STATUS_UNKNOWN; *response = (struct isulad_logs_response *)util_common_calloc_s(sizeof(struct isulad_logs_response)); if (*response == NULL) { @@ -2049,6 +2092,11 @@ static int container_logs_cb(const struct isulad_logs_request *request, stream_f id = cont->common_config->id; set_log_prefix(id); + status = state_get_status(cont->state); + if (status == CONTAINER_STATUS_CREATED) { + goto out; + } + /* check state of container */ if (gc_is_gc_progress(id)) { isulad_set_error_message("can not get logs from container which is dead or marked for removal"); diff --git a/src/services/execution/manager/container_unix.c b/src/services/execution/manager/container_unix.c index 8559ba0..12035f8 100644 --- a/src/services/execution/manager/container_unix.c +++ b/src/services/execution/manager/container_unix.c @@ -21,8 +21,6 @@ #include "container_unix.h" #include "log.h" #include "utils.h" -#include "container_custom_config.h" -#include "container_start_generate_config.h" static int parse_container_log_configs(container_t *cont); @@ -332,175 +330,21 @@ int container_wait_rm_locking(container_t *cont, int timeout) return ret; } -static int pack_container_config_annotations_from_oci_spec(const oci_runtime_spec *oci_spec, - container_config_v2_common_config *v2_spec) -{ - int ret = 0; - size_t i = 0; - - if (oci_spec->annotations != NULL && oci_spec->annotations->len) { - if (v2_spec->config == NULL) { - v2_spec->config = util_common_calloc_s(sizeof(container_config)); - if (v2_spec->config == NULL) { - ERROR("Out of memory"); - ret = -1; - goto out; - } - } - v2_spec->config->annotations = util_common_calloc_s(sizeof(json_map_string_string)); - if (v2_spec->config->annotations == NULL) { - ERROR("Out of memory"); - ret = -1; - goto out; - } - if (oci_spec->annotations->len > SIZE_MAX / sizeof(char *)) { - ERROR("Annotations list is too long!"); - ret = -1; - goto out; - } - v2_spec->config->annotations->keys = - util_common_calloc_s(sizeof(char *) * oci_spec->annotations->len); - if (v2_spec->config->annotations->keys == NULL) { - ERROR("Out of memory"); - ret = -1; - goto out; - } - v2_spec->config->annotations->values = - util_common_calloc_s(sizeof(char *) * oci_spec->annotations->len); - if (v2_spec->config->annotations->values == NULL) { - ERROR("Out of memory"); - ret = -1; - goto out; - } - - for (i = 0; i < oci_spec->annotations->len; i++) { - v2_spec->config->annotations->keys[i] = util_strdup_s(oci_spec->annotations->keys[i]); - v2_spec->config->annotations->values[i] = util_strdup_s(oci_spec->annotations->values[i]); - v2_spec->config->annotations->len++; - } - } - -out: - return ret; -} - -static int pack_container_config_labels(container_config_v2_common_config *config, - const container_custom_config *custom_spec) -{ - int ret = 0; - size_t i = 0; - - if (custom_spec->labels != NULL && custom_spec->labels->len) { - if (config->config == NULL) { - config->config = util_common_calloc_s(sizeof(container_config)); - if (config->config == NULL) { - ERROR("Out of memory"); - ret = -1; - goto out; - } - } - config->config->labels = util_common_calloc_s(sizeof(json_map_string_string)); - if (config->config->labels == NULL) { - ERROR("Out of memory"); - ret = -1; - goto out; - } - if (custom_spec->labels->len > LIST_SIZE_MAX) { - ERROR("Labels list is too long, the limit is %d", LIST_SIZE_MAX); - isulad_set_error_message("Labels list is too long, the limit is %d", LIST_SIZE_MAX); - ret = -1; - goto out; - } - config->config->labels->keys = util_common_calloc_s(sizeof(char *) * custom_spec->labels->len); - if (config->config->labels->keys == NULL) { - ERROR("Out of memory"); - ret = -1; - goto out; - } - config->config->labels->values = util_common_calloc_s(sizeof(char *) * custom_spec->labels->len); - if (config->config->labels->values == NULL) { - ERROR("Out of memory"); - ret = -1; - goto out; - } - - for (i = 0; i < custom_spec->labels->len; i++) { - config->config->labels->keys[i] = util_strdup_s(custom_spec->labels->keys[i]); - config->config->labels->values[i] = util_strdup_s(custom_spec->labels->values[i]); - config->config->labels->len++; - } - } - -out: - return ret; -} - -static int pack_container_config_health_check(container_config_v2_common_config *config, - const container_custom_config *custom_spec) -{ - int ret = 0; - size_t i = 0; - - if (custom_spec != NULL && custom_spec->health_check != NULL) { - if (config->config == NULL) { - config->config = util_common_calloc_s(sizeof(container_config)); - if (config->config == NULL) { - ERROR("Out of memory"); - ret = -1; - goto out; - } - } - config->config->health_check = util_common_calloc_s(sizeof(defs_health_check)); - if (config->config->health_check == NULL) { - ERROR("Out of memory"); - ret = -1; - goto out; - } - - if (custom_spec->health_check->test != NULL && custom_spec->health_check->test_len != 0) { - if (custom_spec->health_check->test_len > SIZE_MAX / sizeof(char *)) { - ERROR("test list is too long!"); - ret = -1; - goto out; - } - config->config->health_check->test = - util_common_calloc_s(sizeof(char *) * custom_spec->health_check->test_len); - if (config->config->health_check->test == NULL) { - ERROR("Out of memory"); - ret = -1; - goto out; - } - for (i = 0; i < custom_spec->health_check->test_len; i++) { - config->config->health_check->test[i] = util_strdup_s(custom_spec->health_check->test[i]); - config->config->health_check->test_len++; - } - - config->config->health_check->interval = custom_spec->health_check->interval; - config->config->health_check->timeout = custom_spec->health_check->timeout; - config->config->health_check->start_period = custom_spec->health_check->start_period; - config->config->health_check->retries = custom_spec->health_check->retries; - config->config->health_check->exit_on_unhealthy = custom_spec->health_check->exit_on_unhealthy; - } - } -out: - return ret; -} - static inline void add_to_config_v2_args(const char *str, char **args, size_t *args_len) { args[*args_len] = str ? util_strdup_s(str) : NULL; (*args_len)++; } -static int pack_path_and_args_from_custom_spec(const container_custom_config *custom_spec, - container_config_v2_common_config *v2_spec) +static int pack_path_and_args_from_container_spec(const container_config *container_spec, + container_config_v2_common_config *v2_spec) { int ret = 0; size_t i, total; - if (custom_spec->entrypoint != NULL && custom_spec->entrypoint_len > 0) { - v2_spec->path = util_strdup_s(custom_spec->entrypoint[0]); - total = custom_spec->entrypoint_len + custom_spec->cmd_len - 1; + if (container_spec->entrypoint != NULL && container_spec->entrypoint_len > 0) { + v2_spec->path = util_strdup_s(container_spec->entrypoint[0]); + total = container_spec->entrypoint_len + container_spec->cmd_len - 1; if (total > SIZE_MAX / sizeof(char *)) { ERROR("Container oci spec process args elements is too much!"); @@ -517,18 +361,18 @@ static int pack_path_and_args_from_custom_spec(const container_custom_config *cu ret = -1; goto out; } - for (i = 1; i < custom_spec->entrypoint_len; i++) { - add_to_config_v2_args(custom_spec->entrypoint[i], v2_spec->args, &(v2_spec->args_len)); + for (i = 1; i < container_spec->entrypoint_len; i++) { + add_to_config_v2_args(container_spec->entrypoint[i], v2_spec->args, &(v2_spec->args_len)); } - for (i = 0; i < custom_spec->cmd_len; i++) { - add_to_config_v2_args(custom_spec->cmd[i], v2_spec->args, &(v2_spec->args_len)); + for (i = 0; i < container_spec->cmd_len; i++) { + add_to_config_v2_args(container_spec->cmd[i], v2_spec->args, &(v2_spec->args_len)); } goto out; } - if (custom_spec->cmd != NULL && custom_spec->cmd_len > 0) { - v2_spec->path = util_strdup_s(custom_spec->cmd[0]); - total = custom_spec->cmd_len - 1; + if (container_spec->cmd != NULL && container_spec->cmd_len > 0) { + v2_spec->path = util_strdup_s(container_spec->cmd[0]); + total = container_spec->cmd_len - 1; if (total > SIZE_MAX / sizeof(char *)) { ERROR("Container oci spec process args elements is too much!"); @@ -545,8 +389,8 @@ static int pack_path_and_args_from_custom_spec(const container_custom_config *cu ret = -1; goto out; } - for (i = 1; i < custom_spec->cmd_len; i++) { - add_to_config_v2_args(custom_spec->cmd[i], v2_spec->args, &(v2_spec->args_len)); + for (i = 1; i < container_spec->cmd_len; i++) { + add_to_config_v2_args(container_spec->cmd[i], v2_spec->args, &(v2_spec->args_len)); } } @@ -576,120 +420,30 @@ int v2_spec_make_basic_info(const char *id, const char *name, const char *image_ } /* container merge basic v2 spec info */ -int v2_spec_merge_custom_spec(const container_custom_config *custom_spec, container_config_v2_common_config *v2_spec) +int v2_spec_merge_contaner_spec(container_config_v2_common_config *v2_spec) { int ret = 0; + container_config *container_spec = NULL; - if (v2_spec == NULL || custom_spec == NULL) { + if (v2_spec == NULL) { return -1; } - if (custom_spec->log_config != NULL && custom_spec->log_config->log_file != NULL) { - v2_spec->log_path = util_strdup_s(custom_spec->log_config->log_file); - } + container_spec = v2_spec->config; - if (v2_spec->config == NULL) { - v2_spec->config = util_common_calloc_s(sizeof(container_config)); - if (v2_spec->config == NULL) { - ERROR("Failed to malloc container_config_v2_common_config_config"); - ret = -1; - goto out; - } - } - - v2_spec->config->attach_stdin = custom_spec->attach_stdin; - v2_spec->config->attach_stdout = custom_spec->attach_stdout; - v2_spec->config->attach_stderr = custom_spec->attach_stderr; - v2_spec->config->tty = custom_spec->tty; - v2_spec->config->open_stdin = custom_spec->open_stdin; - - if (custom_spec->user != NULL) { - v2_spec->config->user = util_strdup_s(custom_spec->user); + if (container_spec->log_config != NULL && container_spec->log_config->log_file != NULL) { + v2_spec->log_path = util_strdup_s(container_spec->log_config->log_file); } - if (pack_path_and_args_from_custom_spec(custom_spec, v2_spec) != 0) { - ret = -1; - goto out; - } - - - ret = dup_array_of_strings((const char **)(custom_spec->cmd), custom_spec->cmd_len, - &(v2_spec->config->cmd), &(v2_spec->config->cmd_len)); - if (ret != 0) { - goto out; - } - - ret = dup_array_of_strings((const char **)(custom_spec->entrypoint), custom_spec->entrypoint_len, - &(v2_spec->config->entrypoint), &(v2_spec->config->entrypoint_len)); - if (ret != 0) { - goto out; - } - - ret = pack_container_config_labels(v2_spec, custom_spec); - if (ret != 0) { - ERROR("Failed to pack labels config"); + if (pack_path_and_args_from_container_spec(container_spec, v2_spec) != 0) { ret = -1; goto out; } - ret = pack_container_config_health_check(v2_spec, custom_spec); - if (ret != 0) { - ERROR("Failed to pack health check config"); - ret = -1; - goto out; - } - -out: - return ret; -} - -static int pack_envs_from_oci_spec(const oci_runtime_spec *oci_spec, const container_config_v2_common_config *v2_spec) -{ - int ret = 0; - - if (oci_spec->process != NULL && oci_spec->process->env != NULL) { - ret = dup_array_of_strings((const char **)(oci_spec->process->env), oci_spec->process->env_len, - &(v2_spec->config->env), &(v2_spec->config->env_len)); - if (ret != 0) { - goto out; - } - } - out: return ret; } -static void pack_hostname_from_oci_spec(const oci_runtime_spec *oci_spec, - const container_config_v2_common_config *v2_spec) -{ - if (oci_spec->hostname != NULL) { - free(v2_spec->config->hostname); - v2_spec->config->hostname = util_strdup_s(oci_spec->hostname); - } -} - -/* container pack common config */ -int v2_spec_merge_oci_spec(const oci_runtime_spec *oci_spec, container_config_v2_common_config *v2_spec) -{ - if (oci_spec == NULL || v2_spec == NULL) { - ERROR("Invalid inputs for pack container common config"); - return -1; - } - - if (pack_envs_from_oci_spec(oci_spec, v2_spec) != 0) { - return -1; - } - - pack_hostname_from_oci_spec(oci_spec, v2_spec); - - if (pack_container_config_annotations_from_oci_spec(oci_spec, v2_spec) != 0) { - ERROR("Failed to pack annotations config"); - return -1; - } - - return 0; -} - /* save json config file */ static int save_json_config_file(const char *id, const char *rootpath, const char *json_data, const char *fname) @@ -800,37 +554,6 @@ out: return hostconfig; } -static bool check_start_generate_config(const char *rootpath, const char *id) -{ -#define START_GENERATE_CONFIG "start_generate_config.json" - int nret; - bool ret = false; - char filename[PATH_MAX] = { 0x00 }; - parser_error err = NULL; - container_start_generate_config *config = NULL; - - nret = snprintf(filename, sizeof(filename), "%s/%s/%s", rootpath, id, START_GENERATE_CONFIG); - if (nret < 0 || (size_t)nret >= sizeof(filename)) { - ERROR("Failed to print string"); - goto out; - } - - if (!util_file_exists(filename)) { - return true; - } - - config = container_start_generate_config_parse_file(filename, NULL, &err); - if (config == NULL) { - ERROR("Failed to parse start generate config file:%s", err); - goto out; - } - ret = true; -out: - free(err); - free_container_start_generate_config(config); - return ret; -} - /* container save host config */ static int container_save_host_config(const container_t *cont) { @@ -997,9 +720,6 @@ container_t *container_load(const char *runtime, const char *rootpath, const cha return NULL; } - if (!check_start_generate_config(rootpath, id)) { - return NULL; - } v2config = read_config_v2(rootpath, id); if (v2config == NULL) { ERROR("Failed to read config v2 file:%s", id); @@ -1216,7 +936,7 @@ int container_exit_on_next(container_t *cont) return ret; } -/* this function should be called in container_lock */ +/* this function should be called in container_lock*/ int container_wait_stop(container_t *cont, int timeout) { int ret = 0; diff --git a/src/services/execution/manager/container_unix.h b/src/services/execution/manager/container_unix.h index bc47704..1f7f950 100644 --- a/src/services/execution/manager/container_unix.h +++ b/src/services/execution/manager/container_unix.h @@ -19,7 +19,6 @@ #include "libisulad.h" #include "util_atomic.h" -#include "container_custom_config.h" #include "container_config_v2.h" #include "host_config.h" #include "container_state.h" @@ -81,9 +80,7 @@ char *container_get_env_nolock(const container_t *cont, const char *key); int v2_spec_make_basic_info(const char *id, const char *name, const char *image_name, const char *image_type, container_config_v2_common_config *v2_spec); -int v2_spec_merge_custom_spec(const container_custom_config *custom_spec, container_config_v2_common_config *v2_spec); - -int v2_spec_merge_oci_spec(const oci_runtime_spec *oci_spec, container_config_v2_common_config *v2_spec); +int v2_spec_merge_contaner_spec(container_config_v2_common_config *v2_spec); char *container_get_command(const container_t *cont); diff --git a/src/services/execution/manager/restore.c b/src/services/execution/manager/restore.c index 2638bb1..7df0042 100644 --- a/src/services/execution/manager/restore.c +++ b/src/services/execution/manager/restore.c @@ -291,18 +291,8 @@ static int restore_state(container_t *cont) const char *runtime = cont->runtime; rt_status_params_t params = { 0 }; struct engine_container_status_info real_status = { 0 }; - Container_Status status = CONTAINER_STATUS_UNKNOWN; + Container_Status status = state_get_status(cont->state); - params.rootpath = cont->root_path; - - nret = runtime_status(id, runtime, ¶ms, &real_status); - if (nret != 0) { - ERROR("Failed to restore container %s, due to can not load container status", id); - ret = -1; - goto out; - } - - status = state_get_status(cont->state); (void)container_exit_on_next(cont); /* cancel restart policy */ #ifdef ENABLE_OCI_IMAGE @@ -314,6 +304,14 @@ static int restore_state(container_t *cont) } #endif + params.rootpath = cont->root_path; + nret = runtime_status(id, runtime, ¶ms, &real_status); + if (nret != 0) { + ERROR("Failed to restore container %s, make real status to STOPPED. Due to can not load container with status %d", id, + status); + real_status.status = ENGINE_CONTAINER_STATUS_STOPPED; + } + if (real_status.status == ENGINE_CONTAINER_STATUS_STOPPED) { ret = restore_stopped_container(status, cont, &need_save); if (ret != 0) { @@ -335,12 +333,11 @@ static int restore_state(container_t *cont) goto out; } +out: if (is_removal_in_progress(cont->state)) { state_reset_removal_in_progress(cont->state); need_save = true; } - -out: if (need_save && container_to_disk(cont) != 0) { ERROR("Failed to re-save container \"%s\" to disk", id); ret = -1; diff --git a/src/services/execution/spec/specs.c b/src/services/execution/spec/specs.c index 39ee4bf..f2fdb20 100644 --- a/src/services/execution/spec/specs.c +++ b/src/services/execution/spec/specs.c @@ -35,7 +35,6 @@ #include "oci_runtime_hooks.h" #include "docker_seccomp.h" #include "host_config.h" -#include "container_custom_config.h" #include "utils.h" #include "config.h" #include "isulad_config.h" @@ -45,6 +44,7 @@ #include "specs_extend.h" #include "image.h" #include "path.h" +#include "constants.h" #ifndef CLONE_NEWUTS #define CLONE_NEWUTS 0x04000000 @@ -74,26 +74,40 @@ #define CLONE_NEWCGROUP 0x02000000 #endif -#define OCICONFIGJSON "ociconfig.json" +static int make_sure_oci_spec_annotations(oci_runtime_spec *oci_spec) +{ + if (oci_spec->annotations == NULL) { + oci_spec->annotations = util_common_calloc_s(sizeof(json_map_string_string)); + if (oci_spec->annotations == NULL) { + return -1; + } + } + return 0; +} -static int merge_annotations(oci_runtime_spec *oci_spec, container_custom_config *custom_conf) +static int merge_annotations(oci_runtime_spec *oci_spec, const container_config *container_spec) { int ret = 0; size_t i; - if (custom_conf->annotations != NULL && custom_conf->annotations->len) { - if (oci_spec->annotations->len > LIST_SIZE_MAX - custom_conf->annotations->len) { + ret = make_sure_oci_spec_annotations(oci_spec); + if (ret < 0) { + goto out; + } + + if (container_spec->annotations != NULL && container_spec->annotations->len) { + if (oci_spec->annotations->len > LIST_SIZE_MAX - container_spec->annotations->len) { ERROR("Too many annotations to add, the limit is %d", LIST_SIZE_MAX); isulad_set_error_message("Too many annotations to add, the limit is %d", LIST_SIZE_MAX); ret = -1; goto out; } - for (i = 0; i < custom_conf->annotations->len; i++) { - ret = append_json_map_string_string(oci_spec->annotations, custom_conf->annotations->keys[i], - custom_conf->annotations->values[i]); + for (i = 0; i < container_spec->annotations->len; i++) { + ret = append_json_map_string_string(oci_spec->annotations, container_spec->annotations->keys[i], + container_spec->annotations->values[i]); if (ret != 0) { - ERROR("Failed to append annotation:%s, value:%s", custom_conf->annotations->keys[i], - custom_conf->annotations->values[i]); + ERROR("Failed to append annotation:%s, value:%s", container_spec->annotations->keys[i], + container_spec->annotations->values[i]); goto out; } } @@ -102,16 +116,16 @@ out: return ret; } -static int make_annotations_log_console(const oci_runtime_spec *oci_spec, const container_custom_config *custom_conf) +static int make_annotations_log_console(const container_config *container_spec) { int ret = 0; int nret = 0; char tmp_str[ISULAD_NUMSTRLEN64] = {0}; - if (custom_conf->log_config != NULL) { - if (custom_conf->log_config->log_file != NULL) { - if (append_json_map_string_string(oci_spec->annotations, CONTAINER_LOG_CONFIG_KEY_FILE, - custom_conf->log_config->log_file)) { + if (container_spec->log_config != NULL) { + if (container_spec->log_config->log_file != NULL) { + if (append_json_map_string_string(container_spec->annotations, CONTAINER_LOG_CONFIG_KEY_FILE, + container_spec->log_config->log_file)) { ERROR("append log console file failed"); ret = -1; goto out; @@ -119,22 +133,22 @@ static int make_annotations_log_console(const oci_runtime_spec *oci_spec, const } nret = snprintf(tmp_str, sizeof(tmp_str), "%llu", - (unsigned long long)(custom_conf->log_config->log_file_rotate)); + (unsigned long long)(container_spec->log_config->log_file_rotate)); if (nret < 0 || (size_t)nret >= sizeof(tmp_str)) { ERROR("create rotate string failed"); ret = -1; goto out; } - if (append_json_map_string_string(oci_spec->annotations, CONTAINER_LOG_CONFIG_KEY_ROTATE, tmp_str)) { + if (append_json_map_string_string(container_spec->annotations, CONTAINER_LOG_CONFIG_KEY_ROTATE, tmp_str)) { ERROR("append log console file rotate failed"); ret = -1; goto out; } - if (custom_conf->log_config->log_file_size != NULL) { - if (append_json_map_string_string(oci_spec->annotations, CONTAINER_LOG_CONFIG_KEY_SIZE, - custom_conf->log_config->log_file_size)) { + if (container_spec->log_config->log_file_size != NULL) { + if (append_json_map_string_string(container_spec->annotations, CONTAINER_LOG_CONFIG_KEY_SIZE, + container_spec->log_config->log_file_size)) { ERROR("append log console file size failed"); ret = -1; goto out; @@ -146,12 +160,12 @@ out: return ret; } -static int make_annotations_network_mode(const oci_runtime_spec *oci_spec, const host_config *host_spec) +static int make_annotations_network_mode(const container_config *container_spec, const host_config *host_spec) { int ret = 0; if (host_spec->network_mode != NULL) { - if (append_json_map_string_string(oci_spec->annotations, "host.network.mode", host_spec->network_mode)) { + if (append_json_map_string_string(container_spec->annotations, "host.network.mode", host_spec->network_mode)) { ERROR("append network mode failed"); ret = -1; goto out; @@ -162,12 +176,12 @@ out: return ret; } -static int make_annotations_system_container(const oci_runtime_spec *oci_spec, const host_config *host_spec) +static int make_annotations_system_container(const container_config *container_spec, const host_config *host_spec) { int ret = 0; if (host_spec->system_container) { - if (append_json_map_string_string(oci_spec->annotations, "system.container", "true")) { + if (append_json_map_string_string(container_spec->annotations, "system.container", "true")) { ERROR("Realloc annotations failed"); ret = -1; goto out; @@ -178,7 +192,7 @@ out: return ret; } -static int make_annotations_cgroup_dir(const oci_runtime_spec *oci_spec, const host_config *host_spec) +static int make_annotations_cgroup_dir(const container_config *container_spec, const host_config *host_spec) { int ret = 0; char cleaned[PATH_MAX] = { 0 }; @@ -199,7 +213,7 @@ static int make_annotations_cgroup_dir(const oci_runtime_spec *oci_spec, const h ret = -1; goto out; } - if (append_json_map_string_string(oci_spec->annotations, "cgroup.dir", cleaned)) { + if (append_json_map_string_string(container_spec->annotations, "cgroup.dir", cleaned)) { ERROR("Realloc annotations failed"); ret = -1; goto out; @@ -210,7 +224,7 @@ out: return ret; } -static int make_annotations_oom_score_adj(const oci_runtime_spec *oci_spec, const host_config *host_spec) +static int make_annotations_oom_score_adj(const container_config *container_spec, const host_config *host_spec) { int ret = 0; char tmp_str[ISULAD_NUMSTRLEN64 + 1] = { 0 }; @@ -223,7 +237,7 @@ static int make_annotations_oom_score_adj(const oci_runtime_spec *oci_spec, cons ret = -1; goto out; } - if (append_json_map_string_string(oci_spec->annotations, "proc.oom_score_adj", tmp_str)) { + if (append_json_map_string_string(container_spec->annotations, "proc.oom_score_adj", tmp_str)) { ERROR("append oom score adj which configure proc filesystem for the container failed "); ret = -1; goto out; @@ -234,7 +248,7 @@ out: return ret; } -static int make_annotations_files_limit(const oci_runtime_spec *oci_spec, const host_config *host_spec) +static int make_annotations_files_limit(const container_config *container_spec, const host_config *host_spec) { int ret = 0; char tmp_str[ISULAD_NUMSTRLEN64 + 1] = { 0 }; @@ -250,7 +264,7 @@ static int make_annotations_files_limit(const oci_runtime_spec *oci_spec, const goto out; } - if (append_json_map_string_string(oci_spec->annotations, "files.limit", tmp_str)) { + if (append_json_map_string_string(container_spec->annotations, "files.limit", tmp_str)) { ERROR("append files limit failed"); ret = -1; goto out; @@ -261,63 +275,117 @@ out: return ret; } -static int make_sure_oci_spec_annotations(oci_runtime_spec *oci_spec) +static int make_sure_container_spec_annotations(container_config *container_spec) { - if (oci_spec->annotations == NULL) { - oci_spec->annotations = util_common_calloc_s(sizeof(json_map_string_string)); - if (oci_spec->annotations == NULL) { + if (container_spec->annotations == NULL) { + container_spec->annotations = util_common_calloc_s(sizeof(json_map_string_string)); + if (container_spec->annotations == NULL) { return -1; } } return 0; } -static int make_annotations(oci_runtime_spec *oci_spec, container_custom_config *custom_conf, host_config *host_spec) +static inline bool is_valid_umask_value(const char *value) +{ + return (strcmp(value, UMASK_NORMAL) == 0 || strcmp(value, UMASK_SECURE) == 0); +} + +static int add_native_umask(const container_config *container_spec) { int ret = 0; + size_t i = 0; + char *umask = NULL; - ret = make_sure_oci_spec_annotations(oci_spec); + for (i = 0; i < container_spec->annotations->len; i++) { + if (strcmp(container_spec->annotations->keys[i], ANNOTATION_UMAKE_KEY) == 0) { + if (!is_valid_umask_value(container_spec->annotations->values[i])) { + ERROR("native.umask option %s not supported", container_spec->annotations->values[i]); + isulad_set_error_message("native.umask option %s not supported", container_spec->annotations->values[i]); + ret = -1; + } + goto out; + } + } + + umask = conf_get_isulad_native_umask(); + if (umask == NULL) { + ERROR("Failed to get default native umask"); + ret = -1; + goto out; + } + + if (append_json_map_string_string(container_spec->annotations, ANNOTATION_UMAKE_KEY, umask)) { + ERROR("Failed to append annotations: native.umask=%s", umask); + ret = -1; + goto out; + } + +out: + free(umask); + return ret; +} + +static int make_annotations(oci_runtime_spec *oci_spec, container_config *container_spec, host_config *host_spec) +{ + int ret = 0; + + ret = make_sure_container_spec_annotations(container_spec); if (ret < 0) { goto out; } - ret = make_annotations_network_mode(oci_spec, host_spec); + ret = make_annotations_network_mode(container_spec, host_spec); if (ret != 0) { ret = -1; goto out; } - ret = make_annotations_system_container(oci_spec, host_spec); + ret = make_annotations_system_container(container_spec, host_spec); if (ret != 0) { ret = -1; goto out; } - ret = make_annotations_cgroup_dir(oci_spec, host_spec); + ret = make_annotations_cgroup_dir(container_spec, host_spec); if (ret != 0) { ret = -1; goto out; } - ret = make_annotations_oom_score_adj(oci_spec, host_spec); + ret = make_annotations_oom_score_adj(container_spec, host_spec); if (ret != 0) { ret = -1; goto out; } - ret = make_annotations_files_limit(oci_spec, host_spec); + ret = make_annotations_files_limit(container_spec, host_spec); if (ret != 0) { ret = -1; goto out; } - ret = make_annotations_log_console(oci_spec, custom_conf); + ret = make_annotations_log_console(container_spec); if (ret != 0) { ret = -1; goto out; } - if (merge_annotations(oci_spec, custom_conf)) { + /* add rootfs.mount */ + ret = add_rootfs_mount(container_spec); + if (ret != 0) { + ERROR("Failed to add rootfs mount"); + goto out; + } + + /* add native.umask */ + ret = add_native_umask(container_spec); + if (ret != 0) { + ERROR("Failed to add native umask"); + goto out; + } + + if (merge_annotations(oci_spec, container_spec)) { ret = -1; goto out; } @@ -407,7 +475,7 @@ static int make_sure_oci_spec_linux_resources_cpu(oci_runtime_spec *oci_spec) } if (oci_spec->linux->resources->cpu == NULL) { - oci_spec->linux->resources->cpu = util_common_calloc_s(sizeof(oci_runtime_config_linux_resources_cpu)); + oci_spec->linux->resources->cpu = util_common_calloc_s(sizeof(defs_resources_cpu)); if (oci_spec->linux->resources->cpu == NULL) { return -1; } @@ -532,7 +600,7 @@ static int make_sure_oci_spec_linux_resources_mem(oci_runtime_spec *oci_spec) } if (oci_spec->linux->resources->memory == NULL) { - oci_spec->linux->resources->memory = util_common_calloc_s(sizeof(oci_runtime_config_linux_resources_memory)); + oci_spec->linux->resources->memory = util_common_calloc_s(sizeof(defs_resources_memory)); if (oci_spec->linux->resources->memory == NULL) { return -1; } @@ -559,28 +627,9 @@ static int merge_memory_oom_kill_disable(oci_runtime_spec *oci_spec, bool oom_ki { int ret = 0; - if (oci_spec->linux == NULL) { - oci_spec->linux = util_common_calloc_s(sizeof(oci_runtime_config_linux)); - if (oci_spec->linux == NULL) { - ret = -1; - goto out; - } - } - - if (oci_spec->linux->resources == NULL) { - oci_spec->linux->resources = util_common_calloc_s(sizeof(oci_runtime_config_linux_resources)); - if (oci_spec->linux->resources == NULL) { - ret = -1; - goto out; - } - } - - if (oci_spec->linux->resources->memory == NULL) { - oci_spec->linux->resources->memory = util_common_calloc_s(sizeof(oci_runtime_config_linux_resources_memory)); - if (oci_spec->linux->resources->memory == NULL) { - ret = -1; - goto out; - } + ret = make_sure_oci_spec_linux_resources_mem(oci_spec); + if (ret < 0) { + goto out; } oci_spec->linux->resources->memory->disable_oom_killer = oom_kill_disable; @@ -639,23 +688,23 @@ static int merge_hugetlbs(oci_runtime_spec *oci_spec, host_config_hugetlbs_eleme int ret = 0; size_t i = 0; size_t new_size, old_size; - oci_runtime_config_linux_resources_hugepage_limits_element **hugepage_limits_temp = NULL; + defs_resources_hugepage_limits_element **hugepage_limits_temp = NULL; ret = make_sure_oci_spec_linux_resources(oci_spec); if (ret < 0) { goto out; } - if (hugetlbs_len > SIZE_MAX / sizeof(oci_runtime_config_linux_resources_hugepage_limits_element *) - + if (hugetlbs_len > SIZE_MAX / sizeof(defs_resources_hugepage_limits_element *) - oci_spec->linux->resources->hugepage_limits_len) { ERROR("Too many hugetlbs to merge!"); ret = -1; goto out; } old_size = oci_spec->linux->resources->hugepage_limits_len * - sizeof(oci_runtime_config_linux_resources_hugepage_limits_element *); + sizeof(defs_resources_hugepage_limits_element *); new_size = (oci_spec->linux->resources->hugepage_limits_len + hugetlbs_len) - * sizeof(oci_runtime_config_linux_resources_hugepage_limits_element *); + * sizeof(defs_resources_hugepage_limits_element *); ret = mem_realloc((void **)&hugepage_limits_temp, new_size, oci_spec->linux->resources->hugepage_limits, old_size); if (ret != 0) { @@ -668,7 +717,7 @@ static int merge_hugetlbs(oci_runtime_spec *oci_spec, host_config_hugetlbs_eleme for (i = 0; i < hugetlbs_len; i++) { oci_spec->linux->resources->hugepage_limits[oci_spec->linux->resources->hugepage_limits_len] - = util_common_calloc_s(sizeof(oci_runtime_config_linux_resources_hugepage_limits_element)); + = util_common_calloc_s(sizeof(defs_resources_hugepage_limits_element)); if (oci_spec->linux->resources->hugepage_limits[oci_spec->linux->resources->hugepage_limits_len] == NULL) { ERROR("Failed to malloc memory for hugepage limits"); ret = -1; @@ -727,7 +776,7 @@ out: return ret; } -static void clean_correlated_selinux(oci_runtime_spec_process *process) +static void clean_correlated_selinux(defs_process *process) { if (process == NULL) { return; @@ -851,7 +900,7 @@ static int make_sure_oci_spec_linux_resources_pids(oci_runtime_spec *oci_spec) } if (oci_spec->linux->resources->pids == NULL) { - oci_spec->linux->resources->pids = util_common_calloc_s(sizeof(oci_runtime_config_linux_resources_pids)); + oci_spec->linux->resources->pids = util_common_calloc_s(sizeof(defs_resources_pids)); if (oci_spec->linux->resources->pids == NULL) { return -1; } @@ -875,28 +924,12 @@ out: } static int merge_hostname(oci_runtime_spec *oci_spec, const host_config *host_spec, - container_custom_config *custom_spec) + container_config *container_spec) { - int ret = 0; - - if (custom_spec->hostname == NULL) { - if (host_spec->network_mode != NULL && !strcmp(host_spec->network_mode, "host")) { - char hostname[MAX_HOST_NAME_LEN] = { 0x00 }; - ret = gethostname(hostname, sizeof(hostname)); - if (ret != 0) { - ERROR("Get hostname error"); - goto out; - } - custom_spec->hostname = util_strdup_s(hostname); - } else { - custom_spec->hostname = util_strdup_s("localhost"); - } - } - free(oci_spec->hostname); - oci_spec->hostname = util_strdup_s(custom_spec->hostname); -out: - return ret; + oci_spec->hostname = util_strdup_s(container_spec->hostname); + + return 0; } static int merge_conf_cgroup_cpu_int64(oci_runtime_spec *oci_spec, const host_config *host_spec) @@ -1056,7 +1089,7 @@ out: } static int do_merge_one_ulimit_override(const oci_runtime_spec *oci_spec, - oci_runtime_spec_process_rlimits_element *rlimit) + defs_process_rlimits_element *rlimit) { size_t j; bool exists = false; @@ -1075,7 +1108,7 @@ static int do_merge_one_ulimit_override(const oci_runtime_spec *oci_spec, } if (exists) { /* override ulimit */ - free_oci_runtime_spec_process_rlimits_element(oci_spec->process->rlimits[j]); + free_defs_process_rlimits_element(oci_spec->process->rlimits[j]); oci_spec->process->rlimits[j] = rlimit; } else { oci_spec->process->rlimits[oci_spec->process->rlimits_len] = rlimit; @@ -1087,7 +1120,7 @@ static int do_merge_one_ulimit_override(const oci_runtime_spec *oci_spec, static int merge_one_ulimit_override(const oci_runtime_spec *oci_spec, const host_config_ulimits_element *ulimit) { - oci_runtime_spec_process_rlimits_element *rlimit = NULL; + defs_process_rlimits_element *rlimit = NULL; if (trans_ulimit_to_rlimit(&rlimit, ulimit) != 0) { return -1; @@ -1184,7 +1217,7 @@ out: return ret; } -static int merge_conf_cgroup(oci_runtime_spec *oci_spec, const host_config *host_spec) +int merge_conf_cgroup(oci_runtime_spec *oci_spec, const host_config *host_spec) { int ret = 0; @@ -1253,7 +1286,7 @@ static int prepare_process_args(oci_runtime_spec *oci_spec, size_t args_len) return 0; } -static int replace_entrypoint_cmds_from_spec(const oci_runtime_spec *oci_spec, container_custom_config *custom_spec) +static int replace_entrypoint_cmds_from_spec(const oci_runtime_spec *oci_spec, container_config *container_spec) { if (oci_spec->process->args_len == 0) { ERROR("No command specified"); @@ -1261,27 +1294,27 @@ static int replace_entrypoint_cmds_from_spec(const oci_runtime_spec *oci_spec, c return -1; } return dup_array_of_strings((const char **)(oci_spec->process->args), oci_spec->process->args_len, - &(custom_spec->cmd), &(custom_spec->cmd_len)); + &(container_spec->cmd), &(container_spec->cmd_len)); } -static int merge_conf_args(oci_runtime_spec *oci_spec, container_custom_config *custom_spec) +static int merge_conf_args(oci_runtime_spec *oci_spec, container_config *container_spec) { int ret = 0; size_t argslen = 0; size_t i = 0; // Reset entrypoint if we do not want to use entrypoint from image - if (custom_spec->entrypoint_len == 1 && custom_spec->entrypoint[0][0] == '\0') { - free(custom_spec->entrypoint[0]); - custom_spec->entrypoint[0] = NULL; - free(custom_spec->entrypoint); - custom_spec->entrypoint = NULL; - custom_spec->entrypoint_len = 0; + if (container_spec->entrypoint_len == 1 && container_spec->entrypoint[0][0] == '\0') { + free(container_spec->entrypoint[0]); + container_spec->entrypoint[0] = NULL; + free(container_spec->entrypoint); + container_spec->entrypoint = NULL; + container_spec->entrypoint_len = 0; } - argslen = custom_spec->cmd_len; - if (custom_spec->entrypoint_len != 0) { - argslen += custom_spec->entrypoint_len; + argslen = container_spec->cmd_len; + if (container_spec->entrypoint_len != 0) { + argslen += container_spec->entrypoint_len; } if (argslen > LIST_SIZE_MAX) { @@ -1291,7 +1324,7 @@ static int merge_conf_args(oci_runtime_spec *oci_spec, container_custom_config * } if (argslen == 0) { - return replace_entrypoint_cmds_from_spec(oci_spec, custom_spec); + return replace_entrypoint_cmds_from_spec(oci_spec, container_spec); } if (prepare_process_args(oci_spec, argslen) < 0) { @@ -1300,13 +1333,13 @@ static int merge_conf_args(oci_runtime_spec *oci_spec, container_custom_config * } // append commands... to entrypoint - for (i = 0; custom_spec->entrypoint != NULL && i < custom_spec->entrypoint_len; i++) { - oci_spec->process->args[oci_spec->process->args_len] = util_strdup_s(custom_spec->entrypoint[i]); + for (i = 0; container_spec->entrypoint != NULL && i < container_spec->entrypoint_len; i++) { + oci_spec->process->args[oci_spec->process->args_len] = util_strdup_s(container_spec->entrypoint[i]); oci_spec->process->args_len++; } - for (i = 0; custom_spec->cmd != NULL && i < custom_spec->cmd_len; i++) { - oci_spec->process->args[oci_spec->process->args_len] = util_strdup_s(custom_spec->cmd[i]); + for (i = 0; container_spec->cmd != NULL && i < container_spec->cmd_len; i++) { + oci_spec->process->args[oci_spec->process->args_len] = util_strdup_s(container_spec->cmd[i]); oci_spec->process->args_len++; } @@ -1321,7 +1354,7 @@ static int merge_share_namespace_helper(const oci_runtime_spec *oci_spec, const size_t len = 0; size_t org_len = 0; size_t i = 0; - oci_runtime_defs_linux_namespace_reference **work_ns = NULL; + defs_namespace_reference **work_ns = NULL; org_len = oci_spec->linux->namespaces_len; len = oci_spec->linux->namespaces_len; @@ -1329,7 +1362,7 @@ static int merge_share_namespace_helper(const oci_runtime_spec *oci_spec, const tmp_mode = get_share_namespace_path(type, mode); for (i = 0; i < org_len; i++) { - if (strcmp(mode, work_ns[i]->type) == 0) { + if (strcmp(type, work_ns[i]->type) == 0) { free(work_ns[i]->path); work_ns[i]->path = NULL; if (tmp_mode != NULL) { @@ -1338,20 +1371,21 @@ static int merge_share_namespace_helper(const oci_runtime_spec *oci_spec, const break; } } + if (i >= org_len) { - if (len > (SIZE_MAX / sizeof(oci_runtime_defs_linux_namespace_reference *)) - 1) { + if (len > (SIZE_MAX / sizeof(defs_namespace_reference *)) - 1) { ret = -1; ERROR("Out of memory"); goto out; } - ret = mem_realloc((void **)&work_ns, (len + 1) * sizeof(oci_runtime_defs_linux_namespace_reference *), - (void *)work_ns, len * sizeof(oci_runtime_defs_linux_namespace_reference *)); + ret = mem_realloc((void **)&work_ns, (len + 1) * sizeof(defs_namespace_reference *), + (void *)work_ns, len * sizeof(defs_namespace_reference *)); if (ret != 0) { ERROR("Out of memory"); goto out; } - work_ns[len] = util_common_calloc_s(sizeof(oci_runtime_defs_linux_namespace_reference)); + work_ns[len] = util_common_calloc_s(sizeof(defs_namespace_reference)); if (work_ns[len] == NULL) { ERROR("Out of memory"); ret = -1; @@ -1495,7 +1529,7 @@ out: } static int merge_settings_for_system_container(oci_runtime_spec *oci_spec, host_config *host_spec, - container_custom_config *custom_spec) + container_config *container_spec) { int ret = -1; @@ -1519,8 +1553,8 @@ static int merge_settings_for_system_container(oci_runtime_spec *oci_spec, host_ } // append mounts of oci_spec - if (custom_spec->ns_change_opt != NULL) { - ret = adapt_settings_for_mounts(oci_spec, custom_spec); + if (container_spec->ns_change_opt != NULL) { + ret = adapt_settings_for_mounts(oci_spec, container_spec); if (ret != 0) { ERROR("Failed to adapt settings for ns_change_opt"); goto out; @@ -1532,7 +1566,7 @@ out: } static int merge_resources_conf(oci_runtime_spec *oci_spec, host_config *host_spec, - container_custom_config *custom_spec, container_config_v2_common_config *common_config) + container_config_v2_common_config *v2_spec) { int ret = 0; @@ -1551,7 +1585,7 @@ static int merge_resources_conf(oci_runtime_spec *oci_spec, host_config *host_sp goto out; } - ret = merge_conf_mounts(oci_spec, custom_spec, host_spec, common_config); + ret = merge_conf_mounts(oci_spec, host_spec, v2_spec); if (ret) { goto out; } @@ -1559,18 +1593,33 @@ out: return ret; } +static int merge_terminal(oci_runtime_spec *oci_spec, bool terminal) +{ + int ret = 0; + + ret = make_sure_oci_spec_process(oci_spec); + if (ret < 0) { + goto out; + } + + oci_spec->process->terminal = terminal; + +out: + return ret; +} + static int merge_process_conf(oci_runtime_spec *oci_spec, const host_config *host_spec, - container_custom_config *custom_spec) + container_config *container_spec) { int ret = 0; - ret = merge_conf_args(oci_spec, custom_spec); + ret = merge_conf_args(oci_spec, container_spec); if (ret != 0) { goto out; } /* environment variables */ - ret = merge_env(oci_spec, (const char **)custom_spec->env, custom_spec->env_len); + ret = merge_env(oci_spec, (const char **)container_spec->env, container_spec->env_len); if (ret != 0) { ERROR("Failed to merge environment variables"); goto out; @@ -1584,7 +1633,7 @@ static int merge_process_conf(oci_runtime_spec *oci_spec, const host_config *hos } /* working dir */ - ret = merge_working_dir(oci_spec, custom_spec->working_dir); + ret = merge_working_dir(oci_spec, container_spec->working_dir); if (ret != 0) { ERROR("Failed to merge working dir"); goto out; @@ -1597,6 +1646,13 @@ static int merge_process_conf(oci_runtime_spec *oci_spec, const host_config *hos goto out; } + /* merge whether allocate a pseudo-TTY */ + ret = merge_terminal(oci_spec, container_spec->tty); + if (ret != 0) { + ERROR("Failed to merge process terminal"); + goto out; + } + out: return ret; } @@ -1630,17 +1686,25 @@ out: } -static int merge_conf(oci_runtime_spec *oci_spec, host_config *host_spec, - container_custom_config *custom_spec, container_config_v2_common_config *common_config) +int merge_all_specs(host_config *host_spec, const char *real_rootfs, + container_config_v2_common_config *v2_spec, oci_runtime_spec *oci_spec) { int ret = 0; - ret = merge_resources_conf(oci_spec, host_spec, custom_spec, common_config); + ret = merge_root(oci_spec, real_rootfs, host_spec); if (ret != 0) { + ERROR("Failed to merge root"); goto out; } + v2_spec->base_fs = util_strdup_s(real_rootfs); - ret = merge_process_conf(oci_spec, host_spec, custom_spec); + + ret = merge_resources_conf(oci_spec, host_spec, v2_spec); + if (ret != 0) { + goto out; + } + + ret = merge_process_conf(oci_spec, host_spec, v2_spec->config); if (ret != 0) { goto out; } @@ -1659,7 +1723,7 @@ static int merge_conf(oci_runtime_spec *oci_spec, host_config *host_spec, } /* settings for system container */ - ret = merge_settings_for_system_container(oci_spec, host_spec, custom_spec); + ret = merge_settings_for_system_container(oci_spec, host_spec, v2_spec->config); if (ret != 0) { ERROR("Failed to merge system container conf"); goto out; @@ -1672,13 +1736,13 @@ static int merge_conf(oci_runtime_spec *oci_spec, host_config *host_spec, goto out; } - ret = merge_hostname(oci_spec, host_spec, custom_spec); + ret = merge_hostname(oci_spec, host_spec, v2_spec->config); if (ret != 0) { ERROR("Failed to merge hostname"); goto out; } - ret = make_annotations(oci_spec, custom_spec, host_spec); + ret = make_annotations(oci_spec, v2_spec->config, host_spec); if (ret != 0) { ret = -1; goto out; @@ -1700,97 +1764,6 @@ out: return ret; } -/* merge the default config with host config and image config and custom config */ -oci_runtime_spec *merge_container_config(const char *id, const char *image_type, const char *image_name, - const char *ext_config_image, host_config *host_spec, - container_custom_config *custom_spec, - container_config_v2_common_config *v2_spec, char **real_rootfs) -{ - oci_runtime_spec *oci_spec = NULL; - parser_error err = NULL; - int ret = 0; - - oci_spec = default_spec(host_spec->system_container); - if (oci_spec == NULL) { - goto out; - } - - ret = make_sure_oci_spec_linux(oci_spec); - if (ret < 0) { - goto out; - } - - ret = im_merge_image_config(id, image_type, image_name, ext_config_image, oci_spec, host_spec, - custom_spec, real_rootfs); - if (ret != 0) { - ERROR("Can not merge with image config"); - goto free_out; - } - - if (*real_rootfs != NULL) { - ret = merge_root(oci_spec, *real_rootfs, host_spec); - if (ret != 0) { - ERROR("Failed to merge root"); - goto free_out; - } - v2_spec->base_fs = util_strdup_s(*real_rootfs); - } - ret = merge_conf(oci_spec, host_spec, custom_spec, v2_spec); - if (ret != 0) { - ERROR("Failed to merge config"); - goto free_out; - } - - goto out; - -free_out: - free_oci_runtime_spec(oci_spec); - oci_spec = NULL; -out: - free(err); - return oci_spec; -} - -static inline bool is_valid_umask_value(const char *value) -{ - return (strcmp(value, UMASK_NORMAL) == 0 || strcmp(value, UMASK_SECURE) == 0); -} - -static int add_native_umask(const oci_runtime_spec *container) -{ - int ret = 0; - size_t i = 0; - char *umask = NULL; - - for (i = 0; i < container->annotations->len; i++) { - if (strcmp(container->annotations->keys[i], ANNOTATION_UMAKE_KEY) == 0) { - if (!is_valid_umask_value(container->annotations->values[i])) { - ERROR("native.umask option %s not supported", container->annotations->values[i]); - isulad_set_error_message("native.umask option %s not supported", container->annotations->values[i]); - ret = -1; - } - goto out; - } - } - - umask = conf_get_isulad_native_umask(); - if (umask == NULL) { - ERROR("Failed to get default native umask"); - ret = -1; - goto out; - } - - if (append_json_map_string_string(container->annotations, ANNOTATION_UMAKE_KEY, umask)) { - ERROR("Failed to append annotations: native.umask=%s", umask); - ret = -1; - goto out; - } - -out: - free(umask); - return ret; -} - /* merge the default config with host config and custom config */ int merge_global_config(oci_runtime_spec *oci_spec) { @@ -1808,33 +1781,19 @@ int merge_global_config(oci_runtime_spec *oci_spec) goto out; } - /* add rootfs.mount */ - ret = add_rootfs_mount(oci_spec); - if (ret != 0) { - ERROR("Failed to add rootfs mount"); - goto out; - } - - /* add native.umask */ - ret = add_native_umask(oci_spec); - if (ret != 0) { - ERROR("Failed to add native umask"); - goto out; - } - out: return ret; } /* read oci config */ -oci_runtime_spec *read_oci_config(const char *rootpath, const char *name) +oci_runtime_spec *load_oci_config(const char *rootpath, const char *name) { int nret; char filename[PATH_MAX] = { 0x00 }; parser_error err = NULL; oci_runtime_spec *ociconfig = NULL; - nret = snprintf(filename, sizeof(filename), "%s/%s/%s", rootpath, name, OCICONFIGJSON); + nret = snprintf(filename, sizeof(filename), "%s/%s/%s", rootpath, name, OCI_CONFIG_JSON); if (nret < 0 || (size_t)nret >= sizeof(filename)) { ERROR("Failed to print string"); goto out; @@ -1851,3 +1810,39 @@ out: return ociconfig; } +int save_oci_config(const char *id, const char *rootpath, const oci_runtime_spec *oci_spec) +{ + int ret = 0; + int nret = 0; + char *json_container = NULL; + char file_path[PATH_MAX] = { 0x0 }; + struct parser_context ctx = { OPT_PARSE_STRICT, stderr }; + parser_error err = NULL; + + nret = snprintf(file_path, PATH_MAX, "%s/%s/%s", rootpath, id, OCI_CONFIG_JSON); + if (nret < 0 || nret >= PATH_MAX) { + ERROR("Failed to print string"); + ret = -1; + goto out_free; + } + + json_container = oci_runtime_spec_generate_json(oci_spec, &ctx, &err); + if (json_container == NULL) { + ERROR("Failed to generate json: %s", err); + ret = -1; + goto out_free; + } + + if (util_write_file(file_path, json_container, strlen(json_container)) != 0) { + ERROR("write json container failed: %s", strerror(errno)); + ret = -1; + goto out_free; + } + +out_free: + free(err); + free(json_container); + return ret; +} + + diff --git a/src/services/execution/spec/specs.h b/src/services/execution/spec/specs.h index 09ecc7e..1b64574 100644 --- a/src/services/execution/spec/specs.h +++ b/src/services/execution/spec/specs.h @@ -18,17 +18,20 @@ #include #include "libisulad.h" #include "host_config.h" -#include "container_custom_config.h" #include "container_config_v2.h" #include "oci_runtime_hooks.h" #include "oci_runtime_spec.h" -oci_runtime_spec *merge_container_config(const char *id, const char *image_type, const char *image_name, - const char *ext_image_name, host_config *host_spec, - container_custom_config *custom_spec, - container_config_v2_common_config *v2_spec, char **real_rootfs); + +int merge_all_specs(host_config *host_spec, + const char *real_rootfs, + container_config_v2_common_config *v2_spec, oci_runtime_spec *oci_spec); + int merge_global_config(oci_runtime_spec *oci_spec); -oci_runtime_spec *read_oci_config(const char *rootpath, const char *name); +oci_runtime_spec *load_oci_config(const char *rootpath, const char *name); +oci_runtime_spec *default_spec(bool system_container); +int merge_conf_cgroup(oci_runtime_spec *oci_spec, const host_config *host_spec); +int save_oci_config(const char *id, const char *rootpath, const oci_runtime_spec *oci_spec); #endif diff --git a/src/services/execution/spec/specs_extend.c b/src/services/execution/spec/specs_extend.c index 5b999a8..737069e 100644 --- a/src/services/execution/spec/specs_extend.c +++ b/src/services/execution/spec/specs_extend.c @@ -32,7 +32,6 @@ #include "log.h" #include "oci_runtime_spec.h" #include "host_config.h" -#include "container_custom_config.h" #include "utils.h" #include "config.h" #include "path.h" @@ -572,7 +571,7 @@ static bool b_user_found(const char *user, const struct passwd *pwbufp) } -static int proc_by_fpasswd(FILE *f_passwd, const char *user, oci_runtime_spec_process_user *puser, +static int proc_by_fpasswd(FILE *f_passwd, const char *user, defs_process_user *puser, char **matched_username) { int ret = 0; @@ -659,7 +658,7 @@ static int append_additional_gids(gid_t gid, gid_t **additional_gids, size_t *le return 0; } -static int search_group_list(struct group *gbufp, const char *username, oci_runtime_spec_process_user *puser) +static int search_group_list(struct group *gbufp, const char *username, defs_process_user *puser) { char **username_list = gbufp->gr_mem; while (username_list != NULL && *username_list != NULL) { @@ -694,7 +693,7 @@ static bool check_group_found(const char *group, const struct group *gbufp) return false; } -static int do_proc_by_froup(FILE *f_group, const char *group, oci_runtime_spec_process_user *puser, +static int do_proc_by_froup(FILE *f_group, const char *group, defs_process_user *puser, const char *matched_username, int *groupcnt) { int errval = 0; @@ -729,7 +728,7 @@ static int do_proc_by_froup(FILE *f_group, const char *group, oci_runtime_spec_p return 0; } -static int proc_by_fgroup(FILE *f_group, const char *group, oci_runtime_spec_process_user *puser, +static int proc_by_fgroup(FILE *f_group, const char *group, defs_process_user *puser, const char *matched_username) { int ret = 0; @@ -764,7 +763,7 @@ out: return ret; } -static int get_exec_user(const char *username, FILE *f_passwd, FILE *f_group, oci_runtime_spec_process_user *puser) +static int get_exec_user(const char *username, FILE *f_passwd, FILE *f_group, defs_process_user *puser) { int ret = 0; char *tmp = NULL; @@ -831,7 +830,7 @@ static bool group_matched(const char *group, const struct group *gbufp) } static int get_one_additional_group(const char *additional_group, struct group *groups, size_t groups_len, - oci_runtime_spec_process_user *puser) + defs_process_user *puser) { int ret = 0; int gret = -1; @@ -878,7 +877,7 @@ out: int get_additional_groups(char **additional_groups, size_t additional_groups_len, - FILE *f_group, oci_runtime_spec_process_user *puser) + FILE *f_group, defs_process_user *puser) { int ret = 0; size_t i; @@ -942,7 +941,7 @@ static int resolve_basefs(const char *basefs, char **resolved_basefs) return 0; } -int get_user(const char *basefs, const host_config *hc, const char *userstr, oci_runtime_spec_process_user *puser) +int get_user(const char *basefs, const host_config *hc, const char *userstr, defs_process_user *puser) { int ret = 0; FILE *f_passwd = NULL; @@ -1002,46 +1001,9 @@ cleanup: return ret; } -static int make_sure_oci_spec_porcess_user(oci_runtime_spec *oci_spec) -{ - int ret = 0; - - ret = make_sure_oci_spec_process(oci_spec); - if (ret < 0) { - return -1; - } - - if (oci_spec->process->user == NULL) { - oci_spec->process->user = util_common_calloc_s(sizeof(oci_runtime_spec_process_user)); - if (oci_spec->process->user == NULL) { - return -1; - } - } - return 0; -} - -int merge_user(const char *basefs, oci_runtime_spec *oci_spec, const host_config *hc, const char *user) -{ - int ret = 0; - - ret = make_sure_oci_spec_porcess_user(oci_spec); - if (ret < 0) { - goto out; - } - - if (get_user(basefs, hc, user, oci_spec->process->user)) { - ERROR("Failed to get user with '%s'", user ? user : ""); - ret = -1; - goto out; - } - -out: - return ret; -} - char *oci_container_get_env(const oci_runtime_spec *oci_spec, const char *key) { - const oci_runtime_spec_process *op = NULL; + const defs_process *op = NULL; if (oci_spec == NULL) { ERROR("nil oci_spec"); @@ -1070,7 +1032,7 @@ int make_sure_oci_spec_linux(oci_runtime_spec *oci_spec) int make_sure_oci_spec_process(oci_runtime_spec *oci_spec) { if (oci_spec->process == NULL) { - oci_spec->process = util_common_calloc_s(sizeof(oci_runtime_spec_process)); + oci_spec->process = util_common_calloc_s(sizeof(defs_process)); if (oci_spec->process == NULL) { return -1; } @@ -1088,7 +1050,7 @@ int make_sure_oci_spec_linux_resources(oci_runtime_spec *oci_spec) } if (oci_spec->linux->resources == NULL) { - oci_spec->linux->resources = util_common_calloc_s(sizeof(oci_runtime_config_linux_resources)); + oci_spec->linux->resources = util_common_calloc_s(sizeof(defs_resources)); if (oci_spec->linux->resources == NULL) { return -1; } @@ -1106,8 +1068,7 @@ int make_sure_oci_spec_linux_resources_blkio(oci_runtime_spec *oci_spec) } if (oci_spec->linux->resources->block_io == NULL) { - oci_spec->linux->resources->block_io = - util_common_calloc_s(sizeof(oci_runtime_config_linux_resources_block_io)); + oci_spec->linux->resources->block_io = util_common_calloc_s(sizeof(defs_resources_block_io)); if (oci_spec->linux->resources->block_io == NULL) { return -1; } @@ -1119,21 +1080,21 @@ int merge_ulimits_pre(oci_runtime_spec *oci_spec, size_t host_ulimits_len) { int ret; size_t new_size, old_size, tmp; - oci_runtime_spec_process_rlimits_element **rlimits_temp = NULL; + defs_process_rlimits_element **rlimits_temp = NULL; ret = make_sure_oci_spec_process(oci_spec); if (ret < 0) { goto out; } - tmp = SIZE_MAX / sizeof(oci_runtime_spec_process_rlimits_element *) - oci_spec->process->rlimits_len; + tmp = SIZE_MAX / sizeof(defs_process_rlimits_element *) - oci_spec->process->rlimits_len; if (host_ulimits_len > tmp) { ERROR("Too many rlimits to merge!"); ret = -1; goto out; } - old_size = oci_spec->process->rlimits_len * sizeof(oci_runtime_spec_process_rlimits_element *); - new_size = (oci_spec->process->rlimits_len + host_ulimits_len) * sizeof(oci_runtime_spec_process_rlimits_element *); + old_size = oci_spec->process->rlimits_len * sizeof(defs_process_rlimits_element *); + new_size = (oci_spec->process->rlimits_len + host_ulimits_len) * sizeof(defs_process_rlimits_element *); ret = mem_realloc((void **)&rlimits_temp, new_size, oci_spec->process->rlimits, old_size); if (ret != 0) { ERROR("Failed to realloc memory for rlimits"); @@ -1145,14 +1106,14 @@ out: return ret; } -int trans_ulimit_to_rlimit(oci_runtime_spec_process_rlimits_element **rlimit_dst, +int trans_ulimit_to_rlimit(defs_process_rlimits_element **rlimit_dst, const host_config_ulimits_element *ulimit) { #define RLIMIT_PRE "RLIMIT_" int ret = 0; size_t j, namelen; char *typename = NULL; - oci_runtime_spec_process_rlimits_element *rlimit = NULL; + defs_process_rlimits_element *rlimit = NULL; // name + "RLIMIT_" + '\0' if (strlen(ulimit->name) > ((SIZE_MAX - strlen(RLIMIT_PRE)) - 1)) { @@ -1173,7 +1134,7 @@ int trans_ulimit_to_rlimit(oci_runtime_spec_process_rlimits_element **rlimit_dst typename[j + strlen(RLIMIT_PRE)] = (char)toupper((int)(ulimit->name[j])); } - rlimit = util_common_calloc_s(sizeof(oci_runtime_spec_process_rlimits_element)); + rlimit = util_common_calloc_s(sizeof(defs_process_rlimits_element)); if (rlimit == NULL) { ERROR("Failed to malloc memory for rlimit"); ret = -1; @@ -1191,7 +1152,7 @@ out: return ret; } -static int do_merge_one_ulimit(const oci_runtime_spec *oci_spec, oci_runtime_spec_process_rlimits_element *rlimit) +static int do_merge_one_ulimit(const oci_runtime_spec *oci_spec, defs_process_rlimits_element *rlimit) { size_t j; bool exists = false; @@ -1222,7 +1183,7 @@ static int do_merge_one_ulimit(const oci_runtime_spec *oci_spec, oci_runtime_spe static int merge_one_ulimit(const oci_runtime_spec *oci_spec, const host_config_ulimits_element *ulimit) { - oci_runtime_spec_process_rlimits_element *rlimit = NULL; + defs_process_rlimits_element *rlimit = NULL; if (trans_ulimit_to_rlimit(&rlimit, ulimit) != 0) { return -1; diff --git a/src/services/execution/spec/specs_extend.h b/src/services/execution/spec/specs_extend.h index 3142115..a9dc28c 100644 --- a/src/services/execution/spec/specs_extend.h +++ b/src/services/execution/spec/specs_extend.h @@ -18,7 +18,6 @@ #include #include "libisulad.h" #include "host_config.h" -#include "container_custom_config.h" #include "container_config_v2.h" #include "oci_runtime_hooks.h" #include "oci_runtime_spec.h" @@ -43,7 +42,7 @@ int merge_global_ulimit(oci_runtime_spec *oci_spec); int merge_ulimits_pre(oci_runtime_spec *oci_spec, size_t host_ulimits_len); -int trans_ulimit_to_rlimit(oci_runtime_spec_process_rlimits_element **rlimit_dst, +int trans_ulimit_to_rlimit(defs_process_rlimits_element **rlimit_dst, const host_config_ulimits_element *ulimit); int make_userns_remap(oci_runtime_spec *container, const char *user_remap); @@ -52,11 +51,9 @@ int merge_env(oci_runtime_spec *oci_spec, const char **env, size_t env_len); int merge_env_target_file(oci_runtime_spec *oci_spec, const char *env_target_file); -int merge_user(const char *basefs, oci_runtime_spec *oci_spec, const host_config *hc, const char *user); - char *oci_container_get_env(const oci_runtime_spec *oci_spec, const char *key); -int get_user(const char *basefs, const host_config *hc, const char *userstr, oci_runtime_spec_process_user *puser); +int get_user(const char *basefs, const host_config *hc, const char *userstr, defs_process_user *puser); #if defined(__cplusplus) || defined(c_plusplus) } diff --git a/src/services/execution/spec/specs_mount.c b/src/services/execution/spec/specs_mount.c index ad681c1..df99cb4 100644 --- a/src/services/execution/spec/specs_mount.c +++ b/src/services/execution/spec/specs_mount.c @@ -33,7 +33,6 @@ #include "oci_runtime_spec.h" #include "oci_runtime_hooks.h" #include "host_config.h" -#include "container_custom_config.h" #include "utils.h" #include "config.h" #include "path.h" @@ -130,17 +129,17 @@ out: return ret; } -int adapt_settings_for_mounts(oci_runtime_spec *oci_spec, container_custom_config *custom_spec) +int adapt_settings_for_mounts(oci_runtime_spec *oci_spec, container_config *container_spec) { size_t i, array_str_len; int ret = 0; char **array_str = NULL; - if (custom_spec == NULL) { + if (container_spec == NULL) { return -1; } - array_str = util_string_split(custom_spec->ns_change_opt, ','); + array_str = util_string_split(container_spec->ns_change_opt, ','); if (array_str == NULL) { ERROR("Out of memory"); ret = -1; @@ -806,8 +805,8 @@ erro_out: return NULL; } -static int get_devices_from_path(const host_config_devices_element *dev_map, oci_runtime_defs_linux_device *spec_dev, - oci_runtime_defs_linux_device_cgroup *spec_dev_cgroup) +static int get_devices_from_path(const host_config_devices_element *dev_map, defs_device *spec_dev, + defs_device_cgroup *spec_dev_cgroup) { int ret = 0; struct stat st; @@ -860,22 +859,22 @@ static int get_devices_from_path(const host_config_devices_element *dev_map, oci return 0; } -static int merge_custom_device(oci_runtime_defs_linux_device **out_spec_dev, - oci_runtime_defs_linux_device_cgroup **out_spec_dev_cgroup, +static int merge_custom_device(defs_device **out_spec_dev, + defs_device_cgroup **out_spec_dev_cgroup, const host_config_devices_element *dev_map) { int ret = 0; - oci_runtime_defs_linux_device *spec_dev = NULL; - oci_runtime_defs_linux_device_cgroup *spec_dev_cgroup = NULL; + defs_device *spec_dev = NULL; + defs_device_cgroup *spec_dev_cgroup = NULL; - spec_dev = util_common_calloc_s(sizeof(oci_runtime_defs_linux_device)); + spec_dev = util_common_calloc_s(sizeof(defs_device)); if (spec_dev == NULL) { ERROR("Memory out"); ret = -1; goto erro_out; } - spec_dev_cgroup = util_common_calloc_s(sizeof(oci_runtime_defs_linux_device_cgroup)); + spec_dev_cgroup = util_common_calloc_s(sizeof(defs_device_cgroup)); if (spec_dev_cgroup == NULL) { ERROR("Memory out"); ret = -1; @@ -894,14 +893,14 @@ static int merge_custom_device(oci_runtime_defs_linux_device **out_spec_dev, goto out; erro_out: - free_oci_runtime_defs_linux_device(spec_dev); - free_oci_runtime_defs_linux_device_cgroup(spec_dev_cgroup); + free_defs_device(spec_dev); + free_defs_device_cgroup(spec_dev_cgroup); out: return ret; } static int get_weight_devices_from_path(const host_config_blkio_weight_device_element *weight_dev, - oci_runtime_defs_linux_block_io_device_weight *spec_weight_dev) + defs_block_io_device_weight *spec_weight_dev) { int ret = 0; struct stat st; @@ -929,13 +928,13 @@ static int get_weight_devices_from_path(const host_config_blkio_weight_device_el return 0; } -static int merge_host_config_blk_weight_device(oci_runtime_defs_linux_block_io_device_weight **out_spec_weight_dev, +static int merge_host_config_blk_weight_device(defs_block_io_device_weight **out_spec_weight_dev, const host_config_blkio_weight_device_element *weight_dev) { int ret = 0; - oci_runtime_defs_linux_block_io_device_weight *spec_weight_dev = NULL; + defs_block_io_device_weight *spec_weight_dev = NULL; - spec_weight_dev = util_common_calloc_s(sizeof(oci_runtime_defs_linux_block_io_device_weight)); + spec_weight_dev = util_common_calloc_s(sizeof(defs_block_io_device_weight)); if (spec_weight_dev == NULL) { ERROR("Memory out"); ret = -1; @@ -953,14 +952,14 @@ static int merge_host_config_blk_weight_device(oci_runtime_defs_linux_block_io_d goto out; erro_out: - free_oci_runtime_defs_linux_block_io_device_weight(spec_weight_dev); + free_defs_block_io_device_weight(spec_weight_dev); out: return ret; } static int get_read_bps_devices_from_path(const host_config_blkio_device_read_bps_element *read_bps_dev, - oci_runtime_defs_linux_block_io_device_throttle *spec_read_bps_dev) + defs_block_io_device_throttle *spec_read_bps_dev) { int ret = 0; struct stat st; @@ -985,13 +984,13 @@ static int get_read_bps_devices_from_path(const host_config_blkio_device_read_bp } static int merge_host_config_blk_read_bps_device( - oci_runtime_defs_linux_block_io_device_throttle **out_spec_read_bps_dev, + defs_block_io_device_throttle **out_spec_read_bps_dev, const host_config_blkio_device_read_bps_element *blkio_device_read_bps) { int ret = 0; - oci_runtime_defs_linux_block_io_device_throttle *spec_read_bps_dev = NULL; + defs_block_io_device_throttle *spec_read_bps_dev = NULL; - spec_read_bps_dev = util_common_calloc_s(sizeof(oci_runtime_defs_linux_block_io_device_throttle)); + spec_read_bps_dev = util_common_calloc_s(sizeof(defs_block_io_device_throttle)); if (spec_read_bps_dev == NULL) { ERROR("Memory out"); ret = -1; @@ -1009,14 +1008,14 @@ static int merge_host_config_blk_read_bps_device( goto out; erro_out: - free_oci_runtime_defs_linux_block_io_device_throttle(spec_read_bps_dev); + free_defs_block_io_device_throttle(spec_read_bps_dev); out: return ret; } static int get_write_bps_devices_from_path(const host_config_blkio_device_write_bps_element *write_bps_dev, - oci_runtime_defs_linux_block_io_device_throttle *spec_write_bps_dev) + defs_block_io_device_throttle *spec_write_bps_dev) { int ret = 0; struct stat st; @@ -1041,13 +1040,13 @@ static int get_write_bps_devices_from_path(const host_config_blkio_device_write_ } static int merge_host_config_blk_write_bps_device( - oci_runtime_defs_linux_block_io_device_throttle **out_spec_write_bps_dev, + defs_block_io_device_throttle **out_spec_write_bps_dev, const host_config_blkio_device_write_bps_element *blkio_device_write_bps) { int ret = 0; - oci_runtime_defs_linux_block_io_device_throttle *spec_write_bps_dev = NULL; + defs_block_io_device_throttle *spec_write_bps_dev = NULL; - spec_write_bps_dev = util_common_calloc_s(sizeof(oci_runtime_defs_linux_block_io_device_throttle)); + spec_write_bps_dev = util_common_calloc_s(sizeof(defs_block_io_device_throttle)); if (spec_write_bps_dev == NULL) { ERROR("Memory out"); ret = -1; @@ -1065,7 +1064,7 @@ static int merge_host_config_blk_write_bps_device( goto out; erro_out: - free_oci_runtime_defs_linux_block_io_device_throttle(spec_write_bps_dev); + free_defs_block_io_device_throttle(spec_write_bps_dev); out: return ret; @@ -1077,7 +1076,7 @@ static int merge_all_devices(oci_runtime_spec *oci_spec, host_config_devices_ele int ret = 0; size_t new_size = 0, old_size = 0; size_t i = 0; - oci_runtime_defs_linux_device **spec_dev = NULL; + defs_device **spec_dev = NULL; ret = make_sure_oci_spec_linux_resources(oci_spec); if (ret < 0) { @@ -1091,8 +1090,8 @@ static int merge_all_devices(oci_runtime_spec *oci_spec, host_config_devices_ele ret = -1; goto out; } - new_size = (oci_spec->linux->devices_len + devices_len) * sizeof(oci_runtime_defs_linux_device *); - old_size = oci_spec->linux->devices_len * sizeof(oci_runtime_defs_linux_device *); + new_size = (oci_spec->linux->devices_len + devices_len) * sizeof(defs_device *); + old_size = oci_spec->linux->devices_len * sizeof(defs_device *); ret = mem_realloc((void **)&spec_dev, new_size, oci_spec->linux->devices, old_size); if (ret != 0) { ERROR("Out of memory"); @@ -1102,16 +1101,16 @@ static int merge_all_devices(oci_runtime_spec *oci_spec, host_config_devices_ele oci_spec->linux->devices = spec_dev; /* malloc for cgroup->device */ - oci_runtime_defs_linux_device_cgroup **spec_cgroup_dev = NULL; - if (devices_len > SIZE_MAX / sizeof(oci_runtime_defs_linux_device_cgroup *) - + defs_device_cgroup **spec_cgroup_dev = NULL; + if (devices_len > SIZE_MAX / sizeof(defs_device_cgroup *) - oci_spec->linux->resources->devices_len) { ERROR("Too many cgroup devices to merge!"); ret = -1; goto out; } new_size = (oci_spec->linux->resources->devices_len + devices_len) - * sizeof(oci_runtime_defs_linux_device_cgroup *); - old_size = oci_spec->linux->resources->devices_len * sizeof(oci_runtime_defs_linux_device_cgroup *); + * sizeof(defs_device_cgroup *); + old_size = oci_spec->linux->resources->devices_len * sizeof(defs_device_cgroup *); ret = mem_realloc((void **)&spec_cgroup_dev, new_size, oci_spec->linux->resources->devices, old_size); if (ret != 0) { ERROR("Out of memory"); @@ -1243,8 +1242,8 @@ int merge_all_devices_and_all_permission(oci_runtime_spec *oci_spec) { int ret = 0; size_t i = 0; - oci_runtime_config_linux_resources *ptr = NULL; - oci_runtime_defs_linux_device_cgroup *spec_dev_cgroup = NULL; + defs_resources *ptr = NULL; + defs_device_cgroup *spec_dev_cgroup = NULL; ret = merge_all_devices_in_dir("/dev", NULL, NULL, oci_spec); if (ret != 0) { @@ -1261,7 +1260,7 @@ int merge_all_devices_and_all_permission(oci_runtime_spec *oci_spec) ptr = oci_spec->linux->resources; if (ptr->devices != NULL) { for (i = 0; i < ptr->devices_len; i++) { - free_oci_runtime_defs_linux_device_cgroup(ptr->devices[i]); + free_defs_device_cgroup(ptr->devices[i]); ptr->devices[i] = NULL; } free(ptr->devices); @@ -1269,7 +1268,7 @@ int merge_all_devices_and_all_permission(oci_runtime_spec *oci_spec) ptr->devices_len = 0; } - ptr->devices = util_common_calloc_s(sizeof(oci_runtime_defs_linux_device_cgroup *)); + ptr->devices = util_common_calloc_s(sizeof(defs_device_cgroup *)); if (ptr->devices == NULL) { ret = -1; goto out; @@ -1277,7 +1276,7 @@ int merge_all_devices_and_all_permission(oci_runtime_spec *oci_spec) ptr->devices_len = 1; - spec_dev_cgroup = util_common_calloc_s(sizeof(oci_runtime_defs_linux_device_cgroup)); + spec_dev_cgroup = util_common_calloc_s(sizeof(defs_device_cgroup)); if (spec_dev_cgroup == NULL) { ret = -1; goto out; @@ -1498,14 +1497,14 @@ static int merge_custom_one_device(oci_runtime_spec *oci_spec, const host_config } /* malloc for linux->device */ - oci_runtime_defs_linux_device **spec_dev = NULL; - if (oci_spec->linux->devices_len > SIZE_MAX / sizeof(oci_runtime_defs_linux_device *) - 1) { + defs_device **spec_dev = NULL; + if (oci_spec->linux->devices_len > SIZE_MAX / sizeof(defs_device *) - 1) { ERROR("Too many linux devices to merge!"); ret = -1; goto out; } - new_size = (oci_spec->linux->devices_len + 1) * sizeof(oci_runtime_defs_linux_device *); - old_size = new_size - sizeof(oci_runtime_defs_linux_device *); + new_size = (oci_spec->linux->devices_len + 1) * sizeof(defs_device *); + old_size = new_size - sizeof(defs_device *); ret = mem_realloc((void **)&spec_dev, new_size, oci_spec->linux->devices, old_size); if (ret != 0) { ERROR("Failed to realloc memory for devices"); @@ -1516,14 +1515,14 @@ static int merge_custom_one_device(oci_runtime_spec *oci_spec, const host_config oci_spec->linux->devices = spec_dev; /* malloc for cgroup->device */ - oci_runtime_defs_linux_device_cgroup **spec_cgroup_dev = NULL; - if (oci_spec->linux->resources->devices_len > SIZE_MAX / sizeof(oci_runtime_defs_linux_device_cgroup *) - 1) { + defs_device_cgroup **spec_cgroup_dev = NULL; + if (oci_spec->linux->resources->devices_len > SIZE_MAX / sizeof(defs_device_cgroup *) - 1) { ERROR("Too many cgroup devices to merge!"); ret = -1; goto out; } - new_size = (oci_spec->linux->resources->devices_len + 1) * sizeof(oci_runtime_defs_linux_device_cgroup *); - old_size = new_size - sizeof(oci_runtime_defs_linux_device_cgroup *); + new_size = (oci_spec->linux->resources->devices_len + 1) * sizeof(defs_device_cgroup *); + old_size = new_size - sizeof(defs_device_cgroup *); ret = mem_realloc((void **)&spec_cgroup_dev, new_size, oci_spec->linux->resources->devices, old_size); if (ret != 0) { ERROR("Failed to realloc memory for cgroup devices"); @@ -1597,7 +1596,7 @@ static int merge_blkio_weight_device(oci_runtime_spec *oci_spec, size_t new_size = 0; size_t old_size = 0; size_t i = 0; - oci_runtime_defs_linux_block_io_device_weight **weight_device = NULL; + defs_block_io_device_weight **weight_device = NULL; ret = make_sure_oci_spec_linux_resources_blkio(oci_spec); if (ret < 0) { @@ -1612,9 +1611,9 @@ static int merge_blkio_weight_device(oci_runtime_spec *oci_spec, } new_size = (oci_spec->linux->resources->block_io->weight_device_len + blkio_weight_device_len) - * sizeof(oci_runtime_defs_linux_block_io_device_weight *); + * sizeof(defs_block_io_device_weight *); old_size = oci_spec->linux->resources->block_io->weight_device_len * - sizeof(oci_runtime_defs_linux_block_io_device_weight *); + sizeof(defs_block_io_device_weight *); ret = mem_realloc((void **)&weight_device, new_size, oci_spec->linux->resources->block_io->weight_device, old_size); if (ret != 0) { @@ -1649,7 +1648,7 @@ static int merge_blkio_read_bps_device(oci_runtime_spec *oci_spec, size_t new_size = 0; size_t old_size = 0; size_t i = 0; - oci_runtime_defs_linux_block_io_device_throttle **throttle_read_bps_device = NULL; + defs_block_io_device_throttle **throttle_read_bps_device = NULL; ret = make_sure_oci_spec_linux_resources_blkio(oci_spec); if (ret < 0) { @@ -1666,9 +1665,9 @@ static int merge_blkio_read_bps_device(oci_runtime_spec *oci_spec, } new_size = (oci_spec->linux->resources->block_io->throttle_read_bps_device_len + throttle_read_bps_device_len) - * sizeof(oci_runtime_defs_linux_block_io_device_throttle *); + * sizeof(defs_block_io_device_throttle *); old_size = oci_spec->linux->resources->block_io->throttle_read_bps_device_len * - sizeof(oci_runtime_defs_linux_block_io_device_throttle *); + sizeof(defs_block_io_device_throttle *); ret = mem_realloc((void **)&throttle_read_bps_device, new_size, oci_spec->linux->resources->block_io->throttle_read_bps_device, old_size); if (ret != 0) { @@ -1702,7 +1701,7 @@ static int merge_blkio_write_bps_device(oci_runtime_spec *oci_spec, size_t new_size = 0; size_t old_size = 0; size_t i = 0; - oci_runtime_defs_linux_block_io_device_throttle **throttle_write_bps_device = NULL; + defs_block_io_device_throttle **throttle_write_bps_device = NULL; ret = make_sure_oci_spec_linux_resources_blkio(oci_spec); if (ret < 0) { @@ -1719,9 +1718,9 @@ static int merge_blkio_write_bps_device(oci_runtime_spec *oci_spec, } new_size = (oci_spec->linux->resources->block_io->throttle_write_bps_device_len + throttle_write_bps_device_len) - * sizeof(oci_runtime_defs_linux_block_io_device_throttle *); + * sizeof(defs_block_io_device_throttle *); old_size = oci_spec->linux->resources->block_io->throttle_write_bps_device_len * - sizeof(oci_runtime_defs_linux_block_io_device_throttle *); + sizeof(defs_block_io_device_throttle *); ret = mem_realloc((void **)&throttle_write_bps_device, new_size, oci_spec->linux->resources->block_io->throttle_write_bps_device, old_size); if (ret != 0) { @@ -1957,35 +1956,68 @@ static int change_dev_shm_size(oci_runtime_spec *oci_spec, int64_t shm_size) return -1; } -static int merge_volumes_to_mount(oci_runtime_spec *oci_spec, host_config *host_spec, - container_config_v2_common_config *common_config) +static inline bool is_mount_destination_hosts(const char *destination) { - int ret = 0; + return strcmp(destination, "/etc/hosts") == 0; +} - if (host_spec->binds != NULL && host_spec->binds_len) { - ret = merge_volumes(oci_spec, host_spec->binds, - host_spec->binds_len, common_config, - parse_volume); - if (ret) { - ERROR("Failed to merge volumes"); - goto out; - } - } +static inline bool is_mount_destination_resolv(const char *destination) +{ + return strcmp(destination, "/etc/resolv.conf") == 0; +} -out: - return ret; +static inline bool is_mount_destination_hostname(const char *destination) +{ + return strcmp(destination, "/etc/hostname") == 0; } -static int merge_host_channel_to_mount(oci_runtime_spec *oci_spec, host_config *host_spec) + +/* find whether mount entry with destination "/etc/hostname" "/etc/hosts" "/etc/resolv.conf" exits in mount + * if not exists: append mounts to ocispec by v2_spec + * if exists: replace the source in v2_spec + */ +static int append_network_files_mounts(oci_runtime_spec *oci_spec, container_config_v2_common_config *v2_spec) { int ret = 0; + size_t i = 0; + bool has_hosts_mount = false; + bool has_resolv_mount = false; + bool has_hostname_mount = false; - if (host_spec->host_channel == NULL) { - return 0; + for (i = 0; i < oci_spec->mounts_len; i++) { + if (is_mount_destination_hosts(oci_spec->mounts[i]->destination)) { + has_hosts_mount = true; + free(v2_spec->hosts_path); + v2_spec->hosts_path = util_strdup_s(oci_spec->mounts[i]->source); + } + if (is_mount_destination_resolv(oci_spec->mounts[i]->destination)) { + has_resolv_mount = true; + free(v2_spec->resolv_conf_path); + v2_spec->resolv_conf_path = util_strdup_s(oci_spec->mounts[i]->source); + } + if (is_mount_destination_hostname(oci_spec->mounts[i]->destination)) { + has_hostname_mount = true; + free(v2_spec->hostname_path); + v2_spec->hostname_path = util_strdup_s(oci_spec->mounts[i]->source); + } + } + + /* add network config files */ + if (!has_hosts_mount && !mount_file(oci_spec, v2_spec->hosts_path, ETC_HOSTS)) { + ERROR("Merge hosts mount failed"); + ret = -1; + goto out; + } + if (!has_resolv_mount && + !mount_file(oci_spec, v2_spec->resolv_conf_path, RESOLV_CONF_PATH)) { + ERROR("Merge resolv.conf mount failed"); + ret = -1; + goto out; } - if (!add_host_channel_mount(oci_spec, host_spec->host_channel)) { - ERROR("Failed to merge host channel mount"); + if (!has_hostname_mount && + !mount_file(oci_spec, v2_spec->hostname_path, ETC_HOSTNAME)) { + ERROR("Merge hostname mount failed"); ret = -1; goto out; } @@ -1994,28 +2026,41 @@ out: return ret; } -static int merge_mounts_to_mount_filesystem(oci_runtime_spec *oci_spec, container_custom_config *custom_spec, - host_config *host_spec, container_config_v2_common_config *common_config) +int merge_conf_mounts(oci_runtime_spec *oci_spec, host_config *host_spec, + container_config_v2_common_config *v2_spec) { int ret = 0; + container_config *container_spec = v2_spec->config; - if (custom_spec->mounts && custom_spec->mounts_len) { - ret = merge_volumes(oci_spec, custom_spec->mounts, - custom_spec->mounts_len, common_config, - parse_mount); + /* volumes to mount */ + if (host_spec->binds != NULL && host_spec->binds_len) { + ret = merge_volumes(oci_spec, host_spec->binds, + host_spec->binds_len, v2_spec, + parse_volume); if (ret) { - ERROR("Failed to merge mounts"); + ERROR("Failed to merge volumes"); goto out; } } -out: - return ret; -} + /* host channel to mount */ + if (host_spec->host_channel != NULL) { + if (!add_host_channel_mount(oci_spec, host_spec->host_channel)) { + ERROR("Failed to merge host channel mount"); + goto out; + } + } -static int merge_shm_size(oci_runtime_spec *oci_spec, host_config *host_spec) -{ - int ret = 0; + /* mounts to mount filesystem */ + if (container_spec->mounts && container_spec->mounts_len) { + ret = merge_volumes(oci_spec, container_spec->mounts, + container_spec->mounts_len, v2_spec, + parse_mount); + if (ret) { + ERROR("Failed to merge mounts"); + goto out; + } + } if (host_spec->shm_size >= 0) { if (host_spec->shm_size == 0) { @@ -2029,26 +2074,10 @@ static int merge_shm_size(oci_runtime_spec *oci_spec, host_config *host_spec) } } -out: - return ret; -} - -static int merge_network_config_files(oci_runtime_spec *oci_spec, host_config *host_spec, - container_config_v2_common_config *common_config) -{ - int ret = 0; - - if (is_container(host_spec->network_mode)) { - /* add network config files */ - if (common_config->hosts_path != NULL && !mount_file(oci_spec, common_config->hosts_path, ETC_HOSTS)) { - ERROR("Merge hosts mount failed"); - ret = -1; - goto out; - } - if (common_config->resolv_conf_path != NULL && - !mount_file(oci_spec, common_config->resolv_conf_path, RESOLV_CONF_PATH)) { - ERROR("Merge resolv.conf mount failed"); - ret = -1; + if (!host_spec->system_container) { + ret = append_network_files_mounts(oci_spec, v2_spec); + if (ret) { + ERROR("Failed to append network mounts"); goto out; } } @@ -2057,44 +2086,7 @@ out: return ret; } -int merge_conf_mounts(oci_runtime_spec *oci_spec, container_custom_config *custom_spec, host_config *host_spec, - container_config_v2_common_config *common_config) -{ - int ret = 0; - - /* volumes to mount */ - ret = merge_volumes_to_mount(oci_spec, host_spec, common_config); - if (ret != 0) { - goto out; - } - - /* host channel to mount */ - if (merge_host_channel_to_mount(oci_spec, host_spec) != 0) { - ret = -1; - goto out; - } - - /* mounts to mount filesystem */ - if (merge_mounts_to_mount_filesystem(oci_spec, custom_spec, host_spec, common_config) != 0) { - ret = -1; - goto out; - } - - if (merge_shm_size(oci_spec, host_spec) != 0) { - ret = -1; - goto out; - } - - if (merge_network_config_files(oci_spec, host_spec, common_config) != 0) { - ret = -1; - goto out; - } - -out: - return ret; -} - -int add_rootfs_mount(const oci_runtime_spec *container) +int add_rootfs_mount(const container_config *container_spec) { int ret = 0; char *mntparent = NULL; @@ -2105,7 +2097,7 @@ int add_rootfs_mount(const oci_runtime_spec *container) ret = -1; goto out; } - if (append_json_map_string_string(container->annotations, "rootfs.mount", mntparent)) { + if (append_json_map_string_string(container_spec->annotations, "rootfs.mount", mntparent)) { ERROR("Realloc annotatinons failed"); ret = -1; goto out; diff --git a/src/services/execution/spec/specs_mount.h b/src/services/execution/spec/specs_mount.h index d1c22df..88d1bb7 100644 --- a/src/services/execution/spec/specs_mount.h +++ b/src/services/execution/spec/specs_mount.h @@ -18,12 +18,11 @@ #include #include "libisulad.h" #include "host_config.h" -#include "container_custom_config.h" #include "container_config_v2.h" #include "oci_runtime_hooks.h" #include "oci_runtime_spec.h" -int adapt_settings_for_mounts(oci_runtime_spec *oci_spec, container_custom_config *custom_spec); +int adapt_settings_for_mounts(oci_runtime_spec *oci_spec, container_config *container_spec); typedef defs_mount *(*parse_mount_cb)(const char *mount); @@ -35,10 +34,10 @@ defs_mount *parse_mount(const char *mount); defs_mount *parse_volume(const char *volume); -int merge_conf_mounts(oci_runtime_spec *oci_spec, container_custom_config *custom_spec, host_config *host_spec, +int merge_conf_mounts(oci_runtime_spec *oci_spec, host_config *host_spec, container_config_v2_common_config *common_config); -int add_rootfs_mount(const oci_runtime_spec *container); +int add_rootfs_mount(const container_config *container_spec); int set_mounts_readwrite_option(const oci_runtime_spec *oci_spec); diff --git a/src/services/execution/spec/specs_security.c b/src/services/execution/spec/specs_security.c index 6d3eacb..b947b14 100644 --- a/src/services/execution/spec/specs_security.c +++ b/src/services/execution/spec/specs_security.c @@ -37,7 +37,6 @@ #include "oci_runtime_spec.h" #include "docker_seccomp.h" #include "host_config.h" -#include "container_custom_config.h" #include "utils.h" #include "config.h" #include "isulad_config.h" @@ -285,14 +284,14 @@ free_out: return ret; } -int refill_oci_process_capabilities(oci_runtime_spec_process_capabilities **caps, const char **src_caps, +int refill_oci_process_capabilities(defs_process_capabilities **caps, const char **src_caps, size_t src_caps_len) { int ret = 0; size_t i = 0; if (*caps == NULL) { - *caps = util_common_calloc_s(sizeof(oci_runtime_spec_process_capabilities)); + *caps = util_common_calloc_s(sizeof(defs_process_capabilities)); if (*caps == NULL) { ret = -1; goto out; @@ -383,7 +382,7 @@ static bool is_arch_in_seccomp(const docker_seccomp *seccomp, const char *arch) return false; } -static bool is_cap_in_seccomp(const oci_runtime_spec_process_capabilities *capabilites, const char *cap) +static bool is_cap_in_seccomp(const defs_process_capabilities *capabilites, const char *cap) { size_t i = 0; @@ -400,7 +399,7 @@ static bool is_cap_in_seccomp(const oci_runtime_spec_process_capabilities *capab } static void meet_include(const docker_seccomp *seccomp, const docker_seccomp_syscalls_element *syscall, - const oci_runtime_spec_process_capabilities *capabilites, bool *meet_include_arch, + const defs_process_capabilities *capabilites, bool *meet_include_arch, bool *meet_include_cap) { size_t i; @@ -433,7 +432,7 @@ static void meet_include(const docker_seccomp *seccomp, const docker_seccomp_sys } static void meet_exclude(const docker_seccomp *seccomp, const docker_seccomp_syscalls_element *syscall, - const oci_runtime_spec_process_capabilities *capabilites, bool *meet_exclude_arch, + const defs_process_capabilities *capabilites, bool *meet_exclude_arch, bool *meet_exclude_cap) { size_t i; @@ -467,7 +466,7 @@ static void meet_exclude(const docker_seccomp *seccomp, const docker_seccomp_sys } static bool meet_filtering_rules(const docker_seccomp *seccomp, const docker_seccomp_syscalls_element *syscall, - const oci_runtime_spec_process_capabilities *capabilites) + const defs_process_capabilities *capabilites) { bool meet_include_arch = false; bool meet_include_cap = false; @@ -520,7 +519,7 @@ static int dup_architectures_to_oci_spec(const docker_seccomp *docker_seccomp_sp } static int dup_syscall_args_to_oci_spec(const docker_seccomp_syscalls_element *docker_syscall, - oci_runtime_defs_linux_syscall *oci_syscall) + defs_syscall *oci_syscall) { size_t i = 0; @@ -528,20 +527,20 @@ static int dup_syscall_args_to_oci_spec(const docker_seccomp_syscalls_element *d return 0; } - if (docker_syscall->args_len > (SIZE_MAX / sizeof(oci_runtime_defs_linux_syscall_arg *))) { + if (docker_syscall->args_len > (SIZE_MAX / sizeof(defs_syscall_arg *))) { return -1; } - oci_syscall->args = util_common_calloc_s(docker_syscall->args_len * sizeof(oci_runtime_defs_linux_syscall_arg *)); + oci_syscall->args = util_common_calloc_s(docker_syscall->args_len * sizeof(defs_syscall_arg *)); if (oci_syscall->args == NULL) { return -1; } for (i = 0; i < docker_syscall->args_len; i++) { - oci_syscall->args[i] = util_common_calloc_s(sizeof(oci_runtime_defs_linux_syscall_arg)); + oci_syscall->args[i] = util_common_calloc_s(sizeof(defs_syscall_arg)); if (oci_syscall->args[i] == NULL) { return -1; } - oci_runtime_defs_linux_syscall_arg *args_element = oci_syscall->args[i]; + defs_syscall_arg *args_element = oci_syscall->args[i]; args_element->index = docker_syscall->args[i]->index; args_element->value = docker_syscall->args[i]->value; args_element->value_two = docker_syscall->args[i]->value_two; @@ -554,23 +553,23 @@ static int dup_syscall_args_to_oci_spec(const docker_seccomp_syscalls_element *d static int dup_syscall_to_oci_spec(const docker_seccomp *docker_seccomp_spec, oci_runtime_config_linux_seccomp *oci_seccomp_spec, - const oci_runtime_spec_process_capabilities *capabilites) + const defs_process_capabilities *capabilites) { int ret = 0; size_t i, j, k; size_t new_size, old_size; - oci_runtime_defs_linux_syscall **tmp_syscalls = NULL; + defs_syscall **tmp_syscalls = NULL; if (docker_seccomp_spec->syscalls_len == 0) { return 0; } - if (docker_seccomp_spec->syscalls_len > (SIZE_MAX / sizeof(oci_runtime_defs_linux_syscall *))) { + if (docker_seccomp_spec->syscalls_len > (SIZE_MAX / sizeof(defs_syscall *))) { return -1; } oci_seccomp_spec->syscalls = - util_common_calloc_s(docker_seccomp_spec->syscalls_len * sizeof(oci_runtime_defs_linux_syscall *)); + util_common_calloc_s(docker_seccomp_spec->syscalls_len * sizeof(defs_syscall *)); if (oci_seccomp_spec->syscalls == NULL) { return -1; } @@ -579,7 +578,7 @@ static int dup_syscall_to_oci_spec(const docker_seccomp *docker_seccomp_spec, continue; } k = oci_seccomp_spec->syscalls_len; - oci_seccomp_spec->syscalls[k] = util_common_calloc_s(sizeof(oci_runtime_defs_linux_syscall)); + oci_seccomp_spec->syscalls[k] = util_common_calloc_s(sizeof(defs_syscall)); if (oci_seccomp_spec->syscalls[k] == NULL) { return -1; } @@ -604,8 +603,8 @@ static int dup_syscall_to_oci_spec(const docker_seccomp *docker_seccomp_spec, } } - new_size = sizeof(oci_runtime_defs_linux_syscall *) * oci_seccomp_spec->syscalls_len; - old_size = sizeof(oci_runtime_defs_linux_syscall *) * docker_seccomp_spec->syscalls_len; + new_size = sizeof(defs_syscall *) * oci_seccomp_spec->syscalls_len; + old_size = sizeof(defs_syscall *) * docker_seccomp_spec->syscalls_len; ret = mem_realloc((void **)&tmp_syscalls, new_size, oci_seccomp_spec->syscalls, old_size); if (ret < 0) { ERROR("Out of memory"); @@ -617,7 +616,7 @@ static int dup_syscall_to_oci_spec(const docker_seccomp *docker_seccomp_spec, } static oci_runtime_config_linux_seccomp *trans_docker_seccomp_to_oci_format( - const docker_seccomp *docker_seccomp_spec, const oci_runtime_spec_process_capabilities *capabilites) + const docker_seccomp *docker_seccomp_spec, const defs_process_capabilities *capabilites) { oci_runtime_config_linux_seccomp *oci_seccomp_spec = NULL; @@ -650,7 +649,7 @@ done: return oci_seccomp_spec; } -int merge_default_seccomp_spec(oci_runtime_spec *oci_spec, const oci_runtime_spec_process_capabilities *capabilites) +int merge_default_seccomp_spec(oci_runtime_spec *oci_spec, const defs_process_capabilities *capabilites) { oci_runtime_config_linux_seccomp *oci_seccomp_spec = NULL; docker_seccomp *docker_seccomp_spec = NULL; @@ -679,21 +678,21 @@ int merge_default_seccomp_spec(oci_runtime_spec *oci_spec, const oci_runtime_spe } static int append_systemcall_to_seccomp(oci_runtime_config_linux_seccomp *seccomp, - oci_runtime_defs_linux_syscall *element) + defs_syscall *element) { int nret = 0; size_t old_size, new_size; - oci_runtime_defs_linux_syscall **tmp_syscalls = NULL; + defs_syscall **tmp_syscalls = NULL; if (seccomp == NULL || element == NULL) { return -1; } - if (seccomp->syscalls_len > SIZE_MAX / sizeof(oci_runtime_defs_linux_syscall *) - 1) { + if (seccomp->syscalls_len > SIZE_MAX / sizeof(defs_syscall *) - 1) { CRIT("Too many syscalls to append!"); return -1; } - new_size = (seccomp->syscalls_len + 1) * sizeof(oci_runtime_defs_linux_syscall *); - old_size = new_size - sizeof(oci_runtime_defs_linux_syscall *); + new_size = (seccomp->syscalls_len + 1) * sizeof(defs_syscall *); + old_size = new_size - sizeof(defs_syscall *); nret = mem_realloc((void **)&tmp_syscalls, new_size, seccomp->syscalls, old_size); if (nret < 0) { CRIT("Memory allocation error."); @@ -705,13 +704,13 @@ static int append_systemcall_to_seccomp(oci_runtime_config_linux_seccomp *seccom return 0; } -static oci_runtime_defs_linux_syscall *make_seccomp_syscalls_element(const char **names, size_t names_len, - const char *action, size_t args_len, - oci_runtime_defs_linux_syscall_arg **args) +static defs_syscall *make_seccomp_syscalls_element(const char **names, size_t names_len, + const char *action, size_t args_len, + defs_syscall_arg **args) { size_t i = 0; - oci_runtime_defs_linux_syscall *ret = NULL; - ret = util_common_calloc_s(sizeof(oci_runtime_defs_linux_syscall)); + defs_syscall *ret = NULL; + ret = util_common_calloc_s(sizeof(defs_syscall)); if (ret == NULL) { CRIT("Memory allocation error."); goto out; @@ -719,17 +718,17 @@ static oci_runtime_defs_linux_syscall *make_seccomp_syscalls_element(const char ret->action = util_strdup_s(action ? action : ""); ret->args_len = args_len; if (args_len) { - if (args_len > SIZE_MAX / sizeof(oci_runtime_defs_linux_syscall_arg *)) { + if (args_len > SIZE_MAX / sizeof(defs_syscall_arg *)) { CRIT("Too many seccomp syscalls!"); goto out; } - ret->args = util_common_calloc_s(args_len * sizeof(oci_runtime_defs_linux_syscall_arg *)); + ret->args = util_common_calloc_s(args_len * sizeof(defs_syscall_arg *)); if (ret->args == NULL) { CRIT("Memory allocation error."); goto out; } for (i = 0; i < args_len; i++) { - ret->args[i] = util_common_calloc_s(sizeof(oci_runtime_defs_linux_syscall_arg)); + ret->args[i] = util_common_calloc_s(sizeof(defs_syscall_arg)); if (ret->args[i] == NULL) { CRIT("Memory allocation error."); goto out; @@ -758,7 +757,7 @@ static oci_runtime_defs_linux_syscall *make_seccomp_syscalls_element(const char return ret; out: - free_oci_runtime_defs_linux_syscall(ret); + free_defs_syscall(ret); ret = NULL; return ret; } @@ -771,7 +770,7 @@ static int make_sure_oci_spec_process_capabilities(oci_runtime_spec *oci_spec) } if (oci_spec->process->capabilities == NULL) { - oci_spec->process->capabilities = util_common_calloc_s(sizeof(oci_runtime_spec_process_capabilities)); + oci_spec->process->capabilities = util_common_calloc_s(sizeof(defs_process_capabilities)); if (oci_spec->process->capabilities == NULL) { return -1; } diff --git a/src/services/execution/spec/specs_security.h b/src/services/execution/spec/specs_security.h index 4454cbc..e68d29a 100644 --- a/src/services/execution/spec/specs_security.h +++ b/src/services/execution/spec/specs_security.h @@ -18,14 +18,13 @@ #include #include "libisulad.h" #include "host_config.h" -#include "container_custom_config.h" #include "container_config_v2.h" #include "oci_runtime_spec.h" int merge_default_seccomp_spec(oci_runtime_spec *oci_spec, - const oci_runtime_spec_process_capabilities *capabilites); + const defs_process_capabilities *capabilites); int merge_caps(oci_runtime_spec *oci_spec, const char **adds, size_t adds_len, const char **drops, size_t drops_len); -int refill_oci_process_capabilities(oci_runtime_spec_process_capabilities **caps, +int refill_oci_process_capabilities(defs_process_capabilities **caps, const char **src_caps, size_t src_caps_len); int merge_sysctls(oci_runtime_spec *oci_spec, const json_map_string_string *sysctls); int merge_no_new_privileges(oci_runtime_spec *oci_spec, const host_config *host_spec); diff --git a/src/services/execution/spec/verify.c b/src/services/execution/spec/verify.c index ed3da29..51cb29f 100644 --- a/src/services/execution/spec/verify.c +++ b/src/services/execution/spec/verify.c @@ -314,7 +314,7 @@ static int verify_oom_control(const sysinfo_t *sysinfo, bool oomdisable) } /* verify resources memory */ -static int verify_resources_memory(const sysinfo_t *sysinfo, const oci_runtime_config_linux_resources_memory *memory) +static int verify_resources_memory(const sysinfo_t *sysinfo, const defs_resources_memory *memory) { int ret = 0; @@ -348,7 +348,7 @@ out: } /* verify resources pids */ -static int verify_resources_pids(const sysinfo_t *sysinfo, const oci_runtime_config_linux_resources_pids *pids) +static int verify_resources_pids(const sysinfo_t *sysinfo, const defs_resources_pids *pids) { int ret = 0; @@ -703,7 +703,7 @@ out: } /* verify resources cpu */ -static int verify_resources_cpu(const sysinfo_t *sysinfo, const oci_runtime_config_linux_resources_cpu *cpu) +static int verify_resources_cpu(const sysinfo_t *sysinfo, const defs_resources_cpu *cpu) { int ret = 0; @@ -919,7 +919,7 @@ out: } /* verify resources blkio */ -static int verify_resources_blkio(const sysinfo_t *sysinfo, const oci_runtime_config_linux_resources_block_io *blkio) +static int verify_resources_blkio(const sysinfo_t *sysinfo, const defs_resources_block_io *blkio) { int ret = 0; @@ -949,8 +949,8 @@ out: } static bool check_hugetlbs_repeated(size_t newlen, const char *pagesize, - const oci_runtime_config_linux_resources_hugepage_limits_element *hugetlb, - oci_runtime_config_linux_resources_hugepage_limits_element **newtlb) + const defs_resources_hugepage_limits_element *hugetlb, + defs_resources_hugepage_limits_element **newtlb) { bool repeated = false; size_t j; @@ -969,7 +969,7 @@ out: return repeated; } -static void free_hugetlbs_array(oci_runtime_config_linux_resources_hugepage_limits_element **hugetlb, +static void free_hugetlbs_array(defs_resources_hugepage_limits_element **hugetlb, size_t hugetlb_len) { size_t i; @@ -980,7 +980,7 @@ static void free_hugetlbs_array(oci_runtime_config_linux_resources_hugepage_limi for (i = 0; i < hugetlb_len; i++) { if (hugetlb[i] != NULL) { - free_oci_runtime_config_linux_resources_hugepage_limits_element(hugetlb[i]); + free_defs_resources_hugepage_limits_element(hugetlb[i]); hugetlb[i] = NULL; } } @@ -989,11 +989,11 @@ static void free_hugetlbs_array(oci_runtime_config_linux_resources_hugepage_limi /* verify resources hugetlbs */ static int verify_resources_hugetlbs(const sysinfo_t *sysinfo, - oci_runtime_config_linux_resources_hugepage_limits_element ***hugetlb, + defs_resources_hugepage_limits_element ***hugetlb, size_t *hugetlb_len) { int ret = 0; - oci_runtime_config_linux_resources_hugepage_limits_element **newhugetlb = NULL; + defs_resources_hugepage_limits_element **newhugetlb = NULL; size_t newlen = 0; size_t i; @@ -1008,7 +1008,7 @@ static int verify_resources_hugetlbs(const sysinfo_t *sysinfo, for (i = 0; i < *hugetlb_len; i++) { char *pagesize = NULL; size_t newsize, oldsize; - oci_runtime_config_linux_resources_hugepage_limits_element **tmphugetlb; + defs_resources_hugepage_limits_element **tmphugetlb; pagesize = validate_hugetlb((*hugetlb)[i]->page_size, (*hugetlb)[i]->limit); if (pagesize == NULL) { @@ -1022,14 +1022,14 @@ static int verify_resources_hugetlbs(const sysinfo_t *sysinfo, } // append new hugetlb - if (newlen > SIZE_MAX / sizeof(oci_runtime_config_linux_resources_hugepage_limits_element *) - 1) { + if (newlen > SIZE_MAX / sizeof(defs_resources_hugepage_limits_element *) - 1) { free(pagesize); ERROR("Too many new hugetlb to append!"); ret = -1; goto out; } - newsize = sizeof(oci_runtime_config_linux_resources_hugepage_limits_element *) * (newlen + 1); - oldsize = newsize - sizeof(oci_runtime_config_linux_resources_hugepage_limits_element *); + newsize = sizeof(defs_resources_hugepage_limits_element *) * (newlen + 1); + oldsize = newsize - sizeof(defs_resources_hugepage_limits_element *); ret = mem_realloc((void **)&tmphugetlb, newsize, newhugetlb, oldsize); if (ret < 0) { free(pagesize); @@ -1038,7 +1038,7 @@ static int verify_resources_hugetlbs(const sysinfo_t *sysinfo, goto out; } newhugetlb = tmphugetlb; - newhugetlb[newlen] = util_common_calloc_s(sizeof(oci_runtime_config_linux_resources_hugepage_limits_element)); + newhugetlb[newlen] = util_common_calloc_s(sizeof(defs_resources_hugepage_limits_element)); if (newhugetlb[newlen] == NULL) { free(pagesize); ERROR("Out of memory"); @@ -1075,13 +1075,13 @@ static int adapt_memory_swap(const sysinfo_t *sysinfo, const int64_t *limit, int } /* adapt resources memory */ -static int adapt_resources_memory(const sysinfo_t *sysinfo, oci_runtime_config_linux_resources_memory *memory) +static int adapt_resources_memory(const sysinfo_t *sysinfo, defs_resources_memory *memory) { return adapt_memory_swap(sysinfo, &(memory->limit), &(memory->swap)); } /* verify linux resources */ -static int verify_linux_resources(const sysinfo_t *sysinfo, oci_runtime_config_linux_resources *resources) +static int verify_linux_resources(const sysinfo_t *sysinfo, defs_resources *resources) { int ret = 0; @@ -1125,7 +1125,7 @@ out: } /* adapt linux resources */ -static int adapt_linux_resources(const sysinfo_t *sysinfo, oci_runtime_config_linux_resources *resources) +static int adapt_linux_resources(const sysinfo_t *sysinfo, defs_resources *resources) { int ret = 0; @@ -1910,22 +1910,15 @@ out: } /* verify container settings start */ -int verify_container_settings_start(const char *rootpath, const char *id) +int verify_container_settings_start(const oci_runtime_spec *oci_spec) { int ret = 0; - oci_runtime_spec *container = read_oci_config(rootpath, id); - if (container == NULL) { - ERROR("Failed to read oci config"); - ret = -1; - goto out; - } /* verify custom mount info, ensure source path exist */ - if (container->mounts != NULL && container->mounts_len > 0) { - ret = verify_custom_mount(container->mounts, container->mounts_len); + if (oci_spec->mounts != NULL && oci_spec->mounts_len > 0) { + ret = verify_custom_mount(oci_spec->mounts, oci_spec->mounts_len); } -out: - free_oci_runtime_spec(container); + return ret; } @@ -1934,33 +1927,33 @@ static inline bool is_less_than_one_second(int64_t timeout) return timeout != 0 && timeout < Time_Second; } -int verify_health_check_parameter(const container_custom_config *custom_spec) +int verify_health_check_parameter(const container_config *container_spec) { int ret = 0; - if (custom_spec == NULL || custom_spec->health_check == NULL) { + if (container_spec == NULL || container_spec->health_check == NULL) { return ret; } - if (is_less_than_one_second(custom_spec->health_check->interval)) { + if (is_less_than_one_second(container_spec->health_check->interval)) { ERROR("Interval in Healthcheck cannot be less than one second"); isulad_set_error_message("Interval in Healthcheck cannot be less than one second"); ret = -1; goto out; } - if (is_less_than_one_second(custom_spec->health_check->timeout)) { + if (is_less_than_one_second(container_spec->health_check->timeout)) { ERROR("Timeout in Healthcheck cannot be less than one second"); isulad_set_error_message("Timeout in Healthcheck cannot be less than one second"); ret = -1; goto out; } - if (is_less_than_one_second(custom_spec->health_check->start_period)) { + if (is_less_than_one_second(container_spec->health_check->start_period)) { ERROR("StartPeriod in Healthcheck cannot be less than one second"); isulad_set_error_message("StartPeriod in Healthcheck cannot be less than one second"); ret = -1; goto out; } - if (custom_spec->health_check->retries < 0) { + if (container_spec->health_check->retries < 0) { ERROR("--health-retries cannot be negative"); isulad_set_error_message("--health-retries cannot be negative"); ret = -1; diff --git a/src/services/execution/spec/verify.h b/src/services/execution/spec/verify.h index 2f2c255..e1426b9 100644 --- a/src/services/execution/spec/verify.h +++ b/src/services/execution/spec/verify.h @@ -22,11 +22,11 @@ int verify_container_settings(const oci_runtime_spec *container); int verify_oci_hook(const oci_runtime_spec_hooks *h); -int verify_container_settings_start(const char *rootpath, const char *id); +int verify_container_settings_start(const oci_runtime_spec *oci_spec); int verify_host_config_settings(host_config *hostconfig, bool update); -int verify_health_check_parameter(const container_custom_config *custom_spec); +int verify_health_check_parameter(const container_config *container_spec); #endif /* __VERIFY_H */ -- Gitee From 43555b4437fa7db7e635027733df650acbf84cb7 Mon Sep 17 00:00:00 2001 From: LiFeng Date: Thu, 6 Feb 2020 21:39:20 -0500 Subject: [PATCH 2/7] iSulad: inernal change fix bug in websocket Signed-off-by: LiFeng --- src/websocket/service/ws_server.cc | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/src/websocket/service/ws_server.cc b/src/websocket/service/ws_server.cc index 8a3624f..da1d564 100644 --- a/src/websocket/service/ws_server.cc +++ b/src/websocket/service/ws_server.cc @@ -217,7 +217,8 @@ int WebsocketServer::DumpHandshakeInfo(struct lws *wsi) noexcept lws_hdr_copy(wsi, buf, sizeof(buf), WSI_TOKEN_GET_URI); if (strlen(buf) == 0) { - lws_close_reason(wsi, LWS_CLOSE_STATUS_PROTOCOL_ERR, (unsigned char *)("Invalid URL"), strlen("Invalid URL")); + ERROR("invalid url"); + CloseWsSession(wsi); return -1; } @@ -264,10 +265,7 @@ int WebsocketServer::Wswrite(struct lws *wsi, void *in, size_t len) auto it = m_wsis.find(wsi); if (it != m_wsis.end()) { if (it->second.close) { - const std::string closeMsg = "websocket session disconnected"; - DEBUG(closeMsg.c_str()); - lws_close_reason(wsi, LWS_CLOSE_STATUS_GOINGAWAY, (unsigned char *)(closeMsg.c_str()), - closeMsg.length()); + DEBUG("websocket session disconnected"); return -1; } it->second.buf_mutex->lock(); -- Gitee From 368f9f2ca0e73edcf41730d2bddd99ffc1398ba9 Mon Sep 17 00:00:00 2001 From: LiFeng Date: Sat, 8 Feb 2020 03:04:10 -0500 Subject: [PATCH 3/7] iSulad: do resume when do gc process Signed-off-by: LiFeng --- .../execution/execute/execution_extend.c | 4 +- .../execution/manager/containers_gc.c | 53 +++++++++++++++++++ src/services/execution/manager/restore.c | 6 ++- 3 files changed, 60 insertions(+), 3 deletions(-) diff --git a/src/services/execution/execute/execution_extend.c b/src/services/execution/execute/execution_extend.c index 8d1f44c..b2b3bb2 100644 --- a/src/services/execution/execute/execution_extend.c +++ b/src/services/execution/execute/execution_extend.c @@ -498,7 +498,7 @@ pack_response: return (cc == ISULAD_SUCCESS) ? 0 : -1; } -static int resume_container(container_t *cont) +static int do_resume_container(container_t *cont) { int ret = 0; const char *id = cont->common_config->id; @@ -662,7 +662,7 @@ static int container_resume_cb(const container_resume_request *request, containe goto pack_response; } - ret = resume_container(cont); + ret = do_resume_container(cont); if (ret != 0) { cc = ISULAD_ERR_EXEC; container_state_set_error(cont->state, (const char *)g_isulad_errmsg); diff --git a/src/services/execution/manager/containers_gc.c b/src/services/execution/manager/containers_gc.c index 98dc38e..b0567e6 100644 --- a/src/services/execution/manager/containers_gc.c +++ b/src/services/execution/manager/containers_gc.c @@ -25,6 +25,7 @@ #include "utils.h" #include "execution.h" #include "containers_store.h" +#include "runtime.h" static containers_gc_t g_gc_containers; @@ -385,6 +386,57 @@ static void add_to_list_tail_to_retry_gc(struct linked_list *it) gc_containers_unlock(); } +static int do_runtime_resume_container(const container_t *cont) +{ + int ret = 0; + rt_resume_params_t params = { 0 }; + const char *id = cont->common_config->id; + + params.rootpath = cont->root_path; + + if (runtime_resume(id, cont->runtime, ¶ms)) { + ERROR("Failed to resume container:%s", id); + ret = -1; + goto out; + } + + state_reset_paused(cont->state); + + if (container_to_disk(cont)) { + ERROR("Failed to save container \"%s\" to disk", id); + ret = -1; + goto out; + } + +out: + return ret; +} + +static void try_to_resume_container(const char *id, const char *runtime) +{ + int ret = 0; + container_t *cont = NULL; + + if (id == NULL || runtime == NULL) { + ERROR("Invalid input arguments"); + goto out; + } + + cont = containers_store_get(id); + if (cont == NULL) { + WARN("No such container:%s", id); + goto out; + } + + ret = do_runtime_resume_container(cont); + if (ret != 0) { + ERROR("try to runtime resume failed"); + goto out; + } +out: + container_unref(cont); +} + static void gc_container_process(struct linked_list *it) { int ret = 0; @@ -424,6 +476,7 @@ static void gc_container_process(struct linked_list *it) free_container_garbage_config_gc_containers_element(gc_cont); free(it); } else { + try_to_resume_container(id, runtime); ret = kill(pid, SIGKILL); if (ret < 0 && errno != ESRCH) { ERROR("Can not kill process (pid=%d) with SIGKILL for container %s", pid, id); diff --git a/src/services/execution/manager/restore.c b/src/services/execution/manager/restore.c index 7df0042..6f6287c 100644 --- a/src/services/execution/manager/restore.c +++ b/src/services/execution/manager/restore.c @@ -205,10 +205,14 @@ static void try_to_set_container_running(Container_Status status, container_t *c static int restore_stopped_container(Container_Status status, const container_t *cont, bool *need_save) { const char *id = cont->common_config->id; + pid_t pid = 0; if (status != CONTAINER_STATUS_STOPPED && \ status != CONTAINER_STATUS_CREATED) { - int nret = post_stopped_container_to_gc(id, cont->runtime, cont->state_path, 0); + if (util_process_alive(cont->state->state->pid, cont->state->state->start_time)) { + pid = cont->state->state->pid; + } + int nret = post_stopped_container_to_gc(id, cont->runtime, cont->state_path, pid); if (nret != 0) { ERROR("Failed to post container %s to garbage" "collector, that may lost some resources" -- Gitee From 4fabc9ffbf6a58f8da30269c5aed62eba9ecd7b4 Mon Sep 17 00:00:00 2001 From: WangFengTu Date: Mon, 20 Jan 2020 11:48:15 +0800 Subject: [PATCH 4/7] Support devicemapper Signed-off-by: WangFengTu --- src/api/image_client/isula_image.proto | 8 +- src/api/services/containers/container.proto | 2 + src/cmd/isula/information/info.c | 31 ++++++ .../client/grpc/grpc_containers_client.cc | 11 +++ .../client/grpc/grpc_isula_image_client.cc | 6 +- src/connect/client/isula_image_connect.c | 4 +- src/connect/client/isula_image_connect.h | 4 +- .../service/grpc/grpc_containers_service.h | 2 + .../grpc/grpc_containers_service_private.cc | 20 ++++ src/cutils/utils_string.c | 25 +++++ src/cutils/utils_string.h | 2 + src/image/image.c | 2 + src/image/image.h | 3 +- src/image/oci/global_config.c | 6 ++ src/image/oci/isula_storage_status.c | 60 +++++++++++- src/image/oci/oci_common_operators.c | 67 ------------- src/image/oci/oci_common_operators.h | 1 - .../schema/schema/host/info-response.json | 6 ++ src/libisula.h | 2 + .../execution/execute/execution_information.c | 21 +++++ src/services/graphdriver/CMakeLists.txt | 3 + .../graphdriver/devmapper/CMakeLists.txt | 7 ++ .../graphdriver/devmapper/driver_devmapper.c | 94 +++++++++++++++++++ .../graphdriver/devmapper/driver_devmapper.h | 34 +++++++ src/services/graphdriver/driver.c | 17 +++- src/services/graphdriver/driver.h | 3 +- 26 files changed, 347 insertions(+), 94 deletions(-) create mode 100644 src/services/graphdriver/devmapper/CMakeLists.txt create mode 100644 src/services/graphdriver/devmapper/driver_devmapper.c create mode 100644 src/services/graphdriver/devmapper/driver_devmapper.h diff --git a/src/api/image_client/isula_image.proto b/src/api/image_client/isula_image.proto index 41a7f7d..4a01932 100644 --- a/src/api/image_client/isula_image.proto +++ b/src/api/image_client/isula_image.proto @@ -141,11 +141,9 @@ message LoadImageResponose { message GraphdriverStatusRequest {} message GraphdriverStatusResponse { - string backing_fs = 1; - bool supports_d_type = 2; - bool native_overlay_diff = 3; - string errmsg = 4; - uint32 cc = 5; + string status = 1; + string errmsg = 2; + uint32 cc = 3; } message ContainerFsUsageRequest { diff --git a/src/api/services/containers/container.proto b/src/api/services/containers/container.proto index 73729cf..871d703 100644 --- a/src/api/services/containers/container.proto +++ b/src/api/services/containers/container.proto @@ -376,6 +376,8 @@ message InfoResponse { string http_proxy = 20; string https_proxy = 21; string no_proxy = 22; + string driver_name = 23; + string driver_status = 24; } message UpdateRequest { diff --git a/src/cmd/isula/information/info.c b/src/cmd/isula/information/info.c index 0e4ace8..bcb81f8 100644 --- a/src/cmd/isula/information/info.c +++ b/src/cmd/isula/information/info.c @@ -26,6 +26,31 @@ const char g_cmd_info_usage[] = "info"; struct client_arguments g_cmd_info_args = {}; +static void print_with_space(const char *info) +{ + size_t i = 0; + size_t size = 0; + bool print_space = true; + + if (info == NULL) { + return; + } + + size = strlen(info); + for (i = 0; i < size; i++) { + if (print_space) { + printf(" "); + print_space = false; + } + if (info[i] == '\n') { + print_space = true; + } + printf("%c", info[i]); + } + + return; +} + static void client_info_server(const struct isula_info_response *response) { printf("Containers: %u\n", (unsigned int)(response->containers_num)); @@ -36,6 +61,12 @@ static void client_info_server(const struct isula_info_response *response) if (response->version != NULL) { printf("Server Version: %s\n", response->version); } + if (response->driver_name != NULL) { + printf("Storage Driver: %s\n", response->driver_name); + } + if (response->driver_status != NULL) { + print_with_space(response->driver_status); + } if (response->logging_driver != NULL) { printf("Logging Driver: %s\n", response->logging_driver); } diff --git a/src/connect/client/grpc/grpc_containers_client.cc b/src/connect/client/grpc/grpc_containers_client.cc index 0ccb7a3..4a3a53f 100644 --- a/src/connect/client/grpc/grpc_containers_client.cc +++ b/src/connect/client/grpc/grpc_containers_client.cc @@ -105,6 +105,7 @@ public: } response->total_mem = gresponse->total_mem(); get_proxy_info_from_grpc(response, gresponse); + get_driver_info_from_grpc(response, gresponse); return 0; } @@ -150,6 +151,16 @@ private: response->no_proxy = util_strdup_s(gresponse->no_proxy().c_str()); } } + + void get_driver_info_from_grpc(isula_info_response *response, InfoResponse *gresponse) + { + if (!gresponse->driver_name().empty()) { + response->driver_name = util_strdup_s(gresponse->driver_name().c_str()); + } + if (!gresponse->driver_status().empty()) { + response->driver_status = util_strdup_s(gresponse->driver_status().c_str()); + } + } }; class ContainerCreate : public ClientBaseserver_errono = gresp->cc(); - if (!gresp->backing_fs().empty()) { - resp->backing_fs = util_strdup_s(gresp->backing_fs().c_str()); + if (!gresp->status().empty()) { + resp->status = util_strdup_s(gresp->status().c_str()); } - resp->supports_d_type = gresp->supports_d_type(); - resp->native_overlay_diff = gresp->native_overlay_diff(); return 0; } diff --git a/src/connect/client/isula_image_connect.c b/src/connect/client/isula_image_connect.c index 470147d..b5ff790 100644 --- a/src/connect/client/isula_image_connect.c +++ b/src/connect/client/isula_image_connect.c @@ -463,8 +463,8 @@ void free_isula_storage_status_response(struct isula_storage_status_response *pt if (ptr == NULL) { return; } - free(ptr->backing_fs); - ptr->backing_fs = NULL; + free(ptr->status); + ptr->status = NULL; free(ptr->errmsg); ptr->errmsg = NULL; free(ptr); diff --git a/src/connect/client/isula_image_connect.h b/src/connect/client/isula_image_connect.h index 8a2fa79..9e1ae29 100644 --- a/src/connect/client/isula_image_connect.h +++ b/src/connect/client/isula_image_connect.h @@ -223,9 +223,7 @@ struct isula_storage_status_request { }; struct isula_storage_status_response { - char *backing_fs; - bool supports_d_type; - bool native_overlay_diff; + char *status; char *errmsg; uint32_t cc; diff --git a/src/connect/service/grpc/grpc_containers_service.h b/src/connect/service/grpc/grpc_containers_service.h index 21fbf27..98c3505 100644 --- a/src/connect/service/grpc/grpc_containers_service.h +++ b/src/connect/service/grpc/grpc_containers_service.h @@ -218,6 +218,8 @@ private: int pack_proxy_info_to_grpc(const host_info_response *response, InfoResponse *gresponse); + int pack_driver_info_to_grpc(const host_info_response *response, InfoResponse *gresponse); + int logs_request_from_grpc(const LogsRequest *grequest, struct isulad_logs_request **request); }; diff --git a/src/connect/service/grpc/grpc_containers_service_private.cc b/src/connect/service/grpc/grpc_containers_service_private.cc index b7ceafc..bc7787e 100644 --- a/src/connect/service/grpc/grpc_containers_service_private.cc +++ b/src/connect/service/grpc/grpc_containers_service_private.cc @@ -110,6 +110,10 @@ int ContainerServiceImpl::info_response_to_grpc(const host_info_response *respon return -1; } + if (pack_driver_info_to_grpc(response, gresponse)) { + return -1; + } + return 0; } @@ -1109,4 +1113,20 @@ int ContainerServiceImpl::pack_proxy_info_to_grpc(const host_info_response *resp return 0; } +int ContainerServiceImpl::pack_driver_info_to_grpc(const host_info_response *response, InfoResponse *gresponse) +{ + if (response == nullptr) { + gresponse->set_cc(ISULAD_ERR_MEMOUT); + return 0; + } + + if (response->driver_name != nullptr) { + gresponse->set_driver_name(response->driver_name); + } + if (response->driver_status != nullptr) { + gresponse->set_driver_status(response->driver_status); + } + + return 0; +} diff --git a/src/cutils/utils_string.c b/src/cutils/utils_string.c index 953f707..27136bb 100644 --- a/src/cutils/utils_string.c +++ b/src/cutils/utils_string.c @@ -18,6 +18,7 @@ #include #include #include +#include #include "utils.h" #include "log.h" @@ -266,6 +267,30 @@ int util_parse_byte_size_string(const char *s, int64_t *converted) return ret; } +int util_parse_percent_string(const char *s, long *converted) +{ + char *dup = NULL; + + if (s == NULL || converted == NULL || s[0] == 0 || strlen(s) < 2 || s[strlen(s) - 1] != '%') { + return -EINVAL; + } + dup = util_strdup_s(s); + if (dup == NULL) { + return -ENOMEM; + } + dup[strlen(dup) - 1] = 0; + + *converted = strtol(dup, NULL, 10); + if ((errno == ERANGE && (*converted == LONG_MAX || *converted == LONG_MIN)) || + (errno != 0 && *converted == 0) || *converted < 0 || *converted >= 100) { + free(dup); + return -EINVAL; + } + + free(dup); + return 0; +} + static char **util_shrink_array(char **orig_array, size_t new_size) { char **new_array = NULL; diff --git a/src/cutils/utils_string.h b/src/cutils/utils_string.h index 317e988..d869936 100644 --- a/src/cutils/utils_string.h +++ b/src/cutils/utils_string.h @@ -35,6 +35,8 @@ char *strings_to_upper(const char *str); int util_parse_byte_size_string(const char *s, int64_t *converted); +int util_parse_percent_string(const char *s, long *converted); + // Breaks src_str into an array of string according to _sep, // note that two or more contiguous delimiter bytes is considered to be a single delimiter char **util_string_split(const char *src_str, char _sep); diff --git a/src/image/image.c b/src/image/image.c index 97a82c5..e3e8fcc 100644 --- a/src/image/image.c +++ b/src/image/image.c @@ -1745,6 +1745,8 @@ void free_im_storage_status_response(im_storage_status_response *ptr) } free(ptr->backing_fs); ptr->backing_fs = NULL; + free(ptr->status); + ptr->status = NULL; free(ptr); } diff --git a/src/image/image.h b/src/image/image.h index 144a138..8b72368 100644 --- a/src/image/image.h +++ b/src/image/image.h @@ -55,8 +55,7 @@ typedef struct { typedef struct { char *backing_fs; - bool supports_d_type; - bool native_overlay_diff; + char *status; } im_storage_status_response; typedef struct { diff --git a/src/image/oci/global_config.c b/src/image/oci/global_config.c index 70b1838..f18f04c 100644 --- a/src/image/oci/global_config.c +++ b/src/image/oci/global_config.c @@ -58,6 +58,12 @@ static int pack_global_graph_driver(const char * const *options, bool ignore_sto add_array_kv(params, PARAM_NUM, &i, options[GB_OPTION_DRIVER_OPTIONS], *p); } + if (strcmp(graph_driver, "devicemapper") == 0) { + // option "test=false" is used when devicemapper thinpool is created automatically by iSulad-kit. + // Make "test" always be true to avoid config check as we always create thinpool manually. + add_array_kv(params, PARAM_NUM, &i, options[GB_OPTION_DRIVER_OPTIONS], "test=true"); + } + ret = 0; *count = i; out: diff --git a/src/image/oci/isula_storage_status.c b/src/image/oci/isula_storage_status.c index 9a2e7f5..01fc80c 100644 --- a/src/image/oci/isula_storage_status.c +++ b/src/image/oci/isula_storage_status.c @@ -20,11 +20,58 @@ #include "utils.h" #include "log.h" -static void pack_im_response(const struct isula_storage_status_response *iresp, im_storage_status_response *resp) +// format: [status xx: val] +static int get_graphdriver_status_line_value(const char *line, char **start, char **end) { - resp->backing_fs = util_strdup_s(iresp->backing_fs); - resp->supports_d_type = iresp->supports_d_type; - resp->native_overlay_diff = iresp->native_overlay_diff; + char *pstart = NULL; + char *pend = NULL; + + pstart = strchr(line, ':'); + if (pstart == NULL) { + ERROR("Invalid output: %s", line); + return -1; + } + pstart++; + if (*pstart != ' ') { + ERROR("Invalid output: %s", line); + return -1; + } + pstart++; + + pend = strchr(pstart, '\n'); + if (pend == NULL) { + ERROR("Invalid output: %s", pstart); + return -1; + } + *pend++ = '\0'; + + *start = pstart; + *end = pend; + return 0; +} + +static int pack_im_response(const struct isula_storage_status_response *iresp, im_storage_status_response *resp) +{ + char *pstart = NULL; + char *pend = NULL; + + if (iresp->status == NULL) { + ERROR("Storage status response status NULL"); + isulad_set_error_message("Storage status response NULL"); + return -1; + } + + resp->status = util_strdup_s(iresp->status); + + // Backing Filesystem: extfs + if (get_graphdriver_status_line_value(iresp->status, &pstart, &pend) != 0) { + ERROR("Get backing filesystem from status failed. status:%s", iresp->status); + isulad_set_error_message("Get backing filesystem from status failed"); + return -1; + } + resp->backing_fs = util_strdup_s(pstart); + + return 0; } int isula_do_storage_status(im_storage_status_response *resp) @@ -71,7 +118,10 @@ int isula_do_storage_status(im_storage_status_response *resp) ret = -1; goto out; } - pack_im_response(iresp, resp); + ret = pack_im_response(iresp, resp); + if (ret != 0) { + goto out; + } out: free_isula_storage_status_response(iresp); diff --git a/src/image/oci/oci_common_operators.c b/src/image/oci/oci_common_operators.c index 0248ac7..73950cf 100644 --- a/src/image/oci/oci_common_operators.c +++ b/src/image/oci/oci_common_operators.c @@ -58,73 +58,6 @@ bool oci_detect(const char *image_name) return oci_image_exist(image_name); } -// format: [status xx: val] -static int get_graphdriver_status_line_value(const char *line, char **start, char **end) -{ - char *pstart = NULL; - char *pend = NULL; - - pstart = strchr(line, ':'); - if (pstart == NULL) { - ERROR("Invalid output: %s", line); - return -1; - } - pstart++; - if (*pstart != ' ') { - ERROR("Invalid output: %s", line); - return -1; - } - pstart++; - - pend = strchr(pstart, '\n'); - if (pend == NULL) { - ERROR("Invalid output: %s", pstart); - return -1; - } - *pend++ = '\0'; - - *start = pstart; - *end = pend; - return 0; -} - -int pack_storage_status_response(const char *stdout_buffer, im_storage_status_response *resp) -{ - char *pstart = NULL; - char *pend = NULL; - int nret = -1; - - // Backing Filesystem: extfs - if (get_graphdriver_status_line_value(stdout_buffer, &pstart, &pend) != 0) { - goto free_out; - } - resp->backing_fs = util_strdup_s(pstart); - - // Supports d_type: true - if (get_graphdriver_status_line_value(pend, &pstart, &pend) != 0) { - goto free_out; - } - nret = util_str_to_bool(pstart, &resp->supports_d_type); - if (nret < 0) { - ERROR("Invalid output: %s", pstart); - goto free_out; - } - - // Native Overlay Diff: true - if (get_graphdriver_status_line_value(pend, &pstart, &pend) != 0) { - goto free_out; - } - nret = util_str_to_bool(pstart, &resp->native_overlay_diff); - if (nret < 0) { - ERROR("Invalid output: %s", pstart); - goto free_out; - } - nret = 0; -free_out: - - return nret; -} - char *get_last_part(char **parts) { char *last_part = NULL; diff --git a/src/image/oci/oci_common_operators.h b/src/image/oci/oci_common_operators.h index fab7c74..f697393 100644 --- a/src/image/oci/oci_common_operators.h +++ b/src/image/oci/oci_common_operators.h @@ -24,7 +24,6 @@ extern "C" { #endif -int pack_storage_status_response(const char *stdout_buffer, im_storage_status_response *resp); char *oci_normalize_image_name(const char *name); bool oci_detect(const char *image_name); diff --git a/src/json/schema/schema/host/info-response.json b/src/json/schema/schema/host/info-response.json index 92a498f..c42fa68 100644 --- a/src/json/schema/schema/host/info-response.json +++ b/src/json/schema/schema/host/info-response.json @@ -62,6 +62,12 @@ "no_proxy": { "type": "string" }, + "driver_name": { + "type": "string" + }, + "driver_status": { + "type": "string" + }, "cc": { "type": "uint32" }, diff --git a/src/libisula.h b/src/libisula.h index ef9caef..69633ac 100644 --- a/src/libisula.h +++ b/src/libisula.h @@ -529,6 +529,8 @@ struct isula_info_response { char *http_proxy; char *https_proxy; char *no_proxy; + char *driver_name; + char *driver_status; uint32_t total_mem; uint32_t containers_num; uint32_t c_running; diff --git a/src/services/execution/execute/execution_information.c b/src/services/execution/execute/execution_information.c index 1cb8b43..e821886 100644 --- a/src/services/execution/execute/execution_information.c +++ b/src/services/execution/execute/execution_information.c @@ -198,6 +198,8 @@ static int isulad_info_cb(const host_info_request *request, host_info_response * struct utsname u; im_image_count_request *im_request = NULL; char *rootpath = NULL; + char *graph_driver = NULL; + struct graphdriver_status *driver_status = NULL; DAEMON_CLEAR_ERRMSG(); @@ -228,6 +230,19 @@ static int isulad_info_cb(const host_info_request *request, host_info_response * } #ifdef ENABLE_OCI_IMAGE im_request->type = util_strdup_s(IMAGE_TYPE_OCI); + + graph_driver = conf_get_isulad_storage_driver(); + if (graph_driver == NULL) { + ERROR("Failed to get graph driver name info!"); + goto pack_response; + } + + driver_status = graphdriver_get_status(); + if (driver_status == NULL) { + ERROR("Failed to get graph driver status info!"); + cc = ISULAD_ERR_EXEC; + goto pack_response; + } #endif images_num = im_get_image_count(im_request); @@ -308,12 +323,18 @@ static int isulad_info_cb(const host_info_request *request, host_info_response * (*response)->http_proxy = util_strdup_s(http_proxy); (*response)->https_proxy = util_strdup_s(https_proxy); (*response)->no_proxy = util_strdup_s(no_proxy); +#ifdef ENABLE_OCI_IMAGE + (*response)->driver_name = util_strdup_s(graph_driver); + (*response)->driver_status = util_strdup_s(driver_status->status); +#endif pack_response: if (*response != NULL) { (*response)->cc = cc; } free(rootpath); + free(graph_driver); + free_graphdriver_status(driver_status); free(huge_page_size); free(operating_system); free_im_image_count_request(im_request); diff --git a/src/services/graphdriver/CMakeLists.txt b/src/services/graphdriver/CMakeLists.txt index 9aff0a0..f532f85 100644 --- a/src/services/graphdriver/CMakeLists.txt +++ b/src/services/graphdriver/CMakeLists.txt @@ -1,14 +1,17 @@ # get current directory sources files aux_source_directory(${CMAKE_CURRENT_SOURCE_DIR} local_graphdriver_srcs) add_subdirectory(overlay2) +add_subdirectory(devmapper) set(GRAPHDRIVER_SRCS ${local_graphdriver_srcs} ${OVERLAY2_SRCS} + ${DEVMAPPER_SRCS} PARENT_SCOPE ) set(GRAPHDRIVER_INCS ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_SOURCE_DIR}/overlay2 + ${CMAKE_CURRENT_SOURCE_DIR}/devmapper PARENT_SCOPE ) diff --git a/src/services/graphdriver/devmapper/CMakeLists.txt b/src/services/graphdriver/devmapper/CMakeLists.txt new file mode 100644 index 0000000..e55256c --- /dev/null +++ b/src/services/graphdriver/devmapper/CMakeLists.txt @@ -0,0 +1,7 @@ +# get current directory sources files +aux_source_directory(${CMAKE_CURRENT_SOURCE_DIR} local_devmapper_srcs) + +set(DEVMAPPER_SRCS + ${local_devmapper_srcs} + PARENT_SCOPE + ) diff --git a/src/services/graphdriver/devmapper/driver_devmapper.c b/src/services/graphdriver/devmapper/driver_devmapper.c new file mode 100644 index 0000000..4bd765c --- /dev/null +++ b/src/services/graphdriver/devmapper/driver_devmapper.c @@ -0,0 +1,94 @@ +/****************************************************************************** +* Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. +* iSulad licensed under the Mulan PSL v1. +* You can use this software according to the terms and conditions of the Mulan PSL v1. +* You may obtain a copy of Mulan PSL v1 at: +* http://license.coscl.org.cn/MulanPSL +* THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR +* IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR +* PURPOSE. +* See the Mulan PSL v1 for more details. +* Author: wangfengtu +* Create: 2020-01-19 +* Description: provide devicemapper graphdriver function definition +******************************************************************************/ +#include "driver_devmapper.h" +#include +#include +#include + +#include "libisulad.h" +#include "utils.h" + +#define DM_LOG_FATAL 2 +#define DM_LOG_DEBUG 7 + +int devmapper_init(struct graphdriver *driver) +{ + return 0; +} + +bool devmapper_is_quota_options(struct graphdriver *driver, const char *option) +{ + return false; +} + +int devmapper_parse_options(struct graphdriver *driver, const char **options, size_t options_len) +{ + size_t i = 0; + + for (i = 0; options != NULL && i < options_len; i++) { + char *dup = NULL; + char *p = NULL; + char *val = NULL; + int ret = 0; + + dup = util_strdup_s(options[i]); + if (dup == NULL) { + isulad_set_error_message("Out of memory"); + return -1; + } + p = strchr(dup, '='); + if (!p) { + isulad_set_error_message("Unable to parse key/value option: '%s'", dup); + free(dup); + return -1; + } + *p = '\0'; + val = p + 1; + if (strcasecmp(dup, "dm.fs") == 0) { + if (strcmp(val, "ext4")) { + isulad_set_error_message("Invalid filesystem: '%s': not supported", val); + ret = -1; + } + } else if (strcasecmp(dup, "dm.thinpooldev") == 0) { + if (!strcmp(val, "")) { + isulad_set_error_message("Invalid thinpool device, it must not be empty"); + ret = -1; + } + } else if (strcasecmp(dup, "dm.min_free_space") == 0) { + long converted = 0; + ret = util_parse_percent_string(val, &converted); + if (ret != 0) { + isulad_set_error_message("Invalid min free space: '%s': %s", val, strerror(-ret)); + } + } else if (strcasecmp(dup, "dm.basesize") == 0) { + int64_t converted = 0; + ret = util_parse_byte_size_string(val, &converted); + if (ret != 0) { + isulad_set_error_message("Invalid size: '%s': %s", val, strerror(-ret)); + } + } else if (strcasecmp(dup, "dm.mkfsarg") == 0 || strcasecmp(dup, "dm.mountopt") == 0) { + /* We have no way to check validation here, validation is checked when using them. */ + } else { + isulad_set_error_message("devicemapper: unknown option: '%s'", dup); + ret = -1; + } + free(dup); + if (ret != 0) { + return ret; + } + } + + return 0; +} diff --git a/src/services/graphdriver/devmapper/driver_devmapper.h b/src/services/graphdriver/devmapper/driver_devmapper.h new file mode 100644 index 0000000..7f94f9e --- /dev/null +++ b/src/services/graphdriver/devmapper/driver_devmapper.h @@ -0,0 +1,34 @@ +/****************************************************************************** +* Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. +* iSulad licensed under the Mulan PSL v1. +* You can use this software according to the terms and conditions of the Mulan PSL v1. +* You may obtain a copy of Mulan PSL v1 at: +* http://license.coscl.org.cn/MulanPSL +* THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR +* IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR +* PURPOSE. +* See the Mulan PSL v1 for more details. +* Author: wangfengtu +* Create: 2020-01-19 +* Description: provide devicemapper graphdriver function definition +******************************************************************************/ +#ifndef __GRAPHDRIVER_DEVMAPPER_H +#define __GRAPHDRIVER_DEVMAPPER_H + +#include "driver.h" + +#ifdef __cplusplus +extern "C" { +#endif + +int devmapper_init(struct graphdriver *driver); + +int devmapper_parse_options(struct graphdriver *driver, const char **options, size_t options_len); + +bool devmapper_is_quota_options(struct graphdriver *driver, const char *option); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/src/services/graphdriver/driver.c b/src/services/graphdriver/driver.c index 400a05c..b7721af 100644 --- a/src/services/graphdriver/driver.c +++ b/src/services/graphdriver/driver.c @@ -20,6 +20,7 @@ #include #include "driver_overlay2.h" +#include "driver_devmapper.h" #include "utils.h" #include "libisulad.h" #include "log.h" @@ -35,8 +36,18 @@ static const struct graphdriver_ops g_overlay2_ops = { .is_quota_options = overlay2_is_quota_options, }; +/* devicemapper */ +#define DRIVER_DEVMAPPER_NAME "devicemapper" + +static const struct graphdriver_ops g_devmapper_ops = { + .init = devmapper_init, + .parse_options = devmapper_parse_options, + .is_quota_options = devmapper_is_quota_options, +}; + static struct graphdriver g_drivers[] = { - {.name = DRIVER_OVERLAY2_NAME, .ops = &g_overlay2_ops} + {.name = DRIVER_OVERLAY2_NAME, .ops = &g_overlay2_ops}, + {.name = DRIVER_DEVMAPPER_NAME, .ops = &g_devmapper_ops} }; static const size_t g_numdrivers = sizeof(g_drivers) / sizeof(struct graphdriver); @@ -101,8 +112,7 @@ struct graphdriver_status *graphdriver_get_status(void) } status->backing_fs = util_strdup_s(resp->backing_fs); - status->supports_d_type = resp->supports_d_type; - status->native_overlay_diff = resp->native_overlay_diff; + status->status = util_strdup_s(resp->status); ret = 0; free_out: @@ -178,6 +188,7 @@ void free_graphdriver_status(struct graphdriver_status *status) return; } free(status->backing_fs); + free(status->status); free(status); } diff --git a/src/services/graphdriver/driver.h b/src/services/graphdriver/driver.h index 888ecf4..8192683 100644 --- a/src/services/graphdriver/driver.h +++ b/src/services/graphdriver/driver.h @@ -41,8 +41,7 @@ struct graphdriver { struct graphdriver_status { char *backing_fs; - bool supports_d_type; - bool native_overlay_diff; + char *status; }; struct graphdriver *graphdriver_init(const char *name, char **storage_opts, size_t storage_opts_len); -- Gitee From 54474df8396f36c03662734aa68637ed361fe6bf Mon Sep 17 00:00:00 2001 From: LiFeng Date: Tue, 11 Feb 2020 21:49:08 -0500 Subject: [PATCH 5/7] iSulad: remove unnecessary space in ps\images Signed-off-by: LiFeng --- src/cmd/isula/images/images.c | 2 +- src/cmd/isula/information/ps.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/cmd/isula/images/images.c b/src/cmd/isula/images/images.c index fbd68dd..b6eee35 100644 --- a/src/cmd/isula/images/images.c +++ b/src/cmd/isula/images/images.c @@ -222,7 +222,7 @@ static void images_info_print_quiet(const struct isula_list_images_response *res for (i = 0, in = response->images_list; in != NULL && i < response->images_num; i++, in++) { char *digest = util_short_digest(in->digest); - printf("%-*s ", SHORT_DIGEST_LEN, digest ? digest : ""); + printf("%-*s", SHORT_DIGEST_LEN, digest ? digest : ""); printf("\n"); free(digest); } diff --git a/src/cmd/isula/information/ps.c b/src/cmd/isula/information/ps.c index d1ce659..bea4c3a 100644 --- a/src/cmd/isula/information/ps.c +++ b/src/cmd/isula/information/ps.c @@ -149,7 +149,7 @@ static void list_print_quiet(struct isula_container_summary_info **info, const s continue; } - printf("%-*s ", (int)length->id_length, in->id ? in->id : "-"); + printf("%-*s", (int)length->id_length, in->id ? in->id : "-"); printf("\n"); } } -- Gitee From 29191e30b0b3c7db135890850257389da5efe76a Mon Sep 17 00:00:00 2001 From: LiFeng Date: Wed, 12 Feb 2020 02:39:33 -0500 Subject: [PATCH 6/7] iSulad: adapt llt for oci runtime Signed-off-by: LiFeng --- src/pack_config.c | 2 +- .../image/oci/oci_config_merge/CMakeLists.txt | 2 - .../oci_config_merge/oci_config_merge_llt.cc | 196 ++++-------------- 3 files changed, 38 insertions(+), 162 deletions(-) diff --git a/src/pack_config.c b/src/pack_config.c index ca016ca..90f3d7f 100644 --- a/src/pack_config.c +++ b/src/pack_config.c @@ -2061,7 +2061,7 @@ out: return ret; } -/* translate create_custom_config to container_custom_config */ +/* translate create_custom_config to container_config */ static int pack_container_custom_config(container_config *container_spec, const isula_container_config_t *custom_conf) { diff --git a/test/image/oci/oci_config_merge/CMakeLists.txt b/test/image/oci/oci_config_merge/CMakeLists.txt index bc993de..14d964a 100644 --- a/test/image/oci/oci_config_merge/CMakeLists.txt +++ b/test/image/oci/oci_config_merge/CMakeLists.txt @@ -19,11 +19,9 @@ add_executable(${EXE} ${CMAKE_BINARY_DIR}/json/host_config.c ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/services/execution/spec/specs_extend.c ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/libisulad.c - ${CMAKE_BINARY_DIR}/json/oci_runtime_defs_linux.c ${CMAKE_BINARY_DIR}/json/defs.c ${CMAKE_BINARY_DIR}/json/container_config_v2.c ${CMAKE_BINARY_DIR}/json/container_config.c - ${CMAKE_BINARY_DIR}/json/container_custom_config.c ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/config/isulad_config.c ${CMAKE_BINARY_DIR}/json/oci_runtime_spec.c ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/services/execution/spec/sysinfo.c diff --git a/test/image/oci/oci_config_merge/oci_config_merge_llt.cc b/test/image/oci/oci_config_merge/oci_config_merge_llt.cc index 25728ec..95c9f3b 100644 --- a/test/image/oci/oci_config_merge/oci_config_merge_llt.cc +++ b/test/image/oci/oci_config_merge/oci_config_merge_llt.cc @@ -20,6 +20,7 @@ #include "oci_runtime_spec.h" #include "oci_config_merge.h" #include "imagetool_image.h" +#include "container_config.h" #include "oci_llt_common.h" #define IMAGETOOL_IMAGE_FILE "image/oci/oci_config_merge/imagetool_image.json" @@ -70,34 +71,21 @@ void *util_smart_calloc_s_fail(size_t size, size_t len) TEST(oci_config_merge_llt, test_oci_image_merge_config) { char *imagetool_image_file = NULL; - char *oci_runtime_spec_file = NULL; imagetool_image *tool_image = NULL; - oci_runtime_spec *oci_spec = NULL; - container_custom_config *custom_config = NULL; + container_config *custom_config = NULL; char *err = NULL; int i = 0; // All parameter NULL - ASSERT_NE(oci_image_merge_config(NULL, NULL, NULL), 0); + ASSERT_NE(oci_image_merge_config(NULL, NULL), 0); - // Parameter image_config is NULL - oci_runtime_spec_file = json_path(OCI_RUNTIME_SPEC_FILE); - ASSERT_TRUE(oci_runtime_spec_file != NULL); - oci_spec = oci_runtime_spec_parse_file(oci_runtime_spec_file, NULL, &err); - ASSERT_TRUE(oci_spec != NULL); - free(err); - err = NULL; - free(oci_runtime_spec_file); - oci_runtime_spec_file = NULL; - custom_config = (container_custom_config *) util_common_calloc_s(sizeof(container_custom_config)); + custom_config = (container_config *) util_common_calloc_s(sizeof(container_config)); ASSERT_TRUE(custom_config != NULL); - ASSERT_NE(oci_image_merge_config(NULL, oci_spec, custom_config), 0); + ASSERT_NE(oci_image_merge_config(NULL, custom_config), 0); - free_oci_runtime_spec(oci_spec); - oci_spec = NULL; - free_container_custom_config(custom_config); + free_container_config(custom_config); custom_config = NULL; // Parameter oci_spec is NULL @@ -111,14 +99,14 @@ TEST(oci_config_merge_llt, test_oci_image_merge_config) free(imagetool_image_file); imagetool_image_file = NULL; - custom_config = (container_custom_config *) util_common_calloc_s(sizeof(container_custom_config)); + custom_config = (container_config *) util_common_calloc_s(sizeof(container_config)); ASSERT_TRUE(custom_config != NULL); - ASSERT_NE(oci_image_merge_config(tool_image, NULL, custom_config), 0); + ASSERT_EQ(oci_image_merge_config(tool_image, custom_config), 0); free_imagetool_image(tool_image); tool_image = NULL; - free_container_custom_config(custom_config); + free_container_config(custom_config); custom_config = NULL; // Parameter custom_spec is NULL @@ -132,19 +120,8 @@ TEST(oci_config_merge_llt, test_oci_image_merge_config) free(imagetool_image_file); imagetool_image_file = NULL; - oci_runtime_spec_file = json_path(OCI_RUNTIME_SPEC_FILE); - ASSERT_TRUE(oci_runtime_spec_file != NULL); - oci_spec = oci_runtime_spec_parse_file(oci_runtime_spec_file, NULL, &err); - ASSERT_TRUE(oci_spec != NULL); - free(err); - err = NULL; - free(oci_runtime_spec_file); - oci_runtime_spec_file = NULL; - - ASSERT_NE(oci_image_merge_config(tool_image, oci_spec, NULL), 0); + ASSERT_NE(oci_image_merge_config(tool_image, NULL), 0); - free_oci_runtime_spec(oci_spec); - oci_spec = NULL; free_imagetool_image(tool_image); tool_image = NULL; @@ -159,25 +136,15 @@ TEST(oci_config_merge_llt, test_oci_image_merge_config) free(imagetool_image_file); imagetool_image_file = NULL; - oci_runtime_spec_file = json_path(OCI_RUNTIME_SPEC_FILE); - ASSERT_TRUE(oci_runtime_spec_file != NULL); - oci_spec = oci_runtime_spec_parse_file(oci_runtime_spec_file, NULL, &err); - ASSERT_TRUE(oci_spec != NULL); - free(err); - err = NULL; - free(oci_runtime_spec_file); - oci_runtime_spec_file = NULL; - - custom_config = (container_custom_config *) util_common_calloc_s(sizeof(container_custom_config)); + custom_config = (container_config *) util_common_calloc_s(sizeof(container_config)); ASSERT_TRUE(custom_config != NULL); - ASSERT_EQ(oci_image_merge_config(tool_image, oci_spec, custom_config), 0); + ASSERT_EQ(oci_image_merge_config(tool_image, custom_config), 0); + - free_oci_runtime_spec(oci_spec); - oci_spec = NULL; free_imagetool_image(tool_image); tool_image = NULL; - free_container_custom_config(custom_config); + free_container_config(custom_config); custom_config = NULL; // image_config's volumes not NULL @@ -201,25 +168,14 @@ TEST(oci_config_merge_llt, test_oci_image_merge_config) ASSERT_TRUE(tool_image->spec->config->volumes->values != NULL); tool_image->spec->config->volumes->len = 1; - oci_runtime_spec_file = json_path(OCI_RUNTIME_SPEC_FILE); - ASSERT_TRUE(oci_runtime_spec_file != NULL); - oci_spec = oci_runtime_spec_parse_file(oci_runtime_spec_file, NULL, &err); - ASSERT_TRUE(oci_spec != NULL); - free(err); - err = NULL; - free(oci_runtime_spec_file); - oci_runtime_spec_file = NULL; - - custom_config = (container_custom_config *) util_common_calloc_s(sizeof(container_custom_config)); + custom_config = (container_config *) util_common_calloc_s(sizeof(container_config)); ASSERT_TRUE(custom_config != NULL); - ASSERT_NE(oci_image_merge_config(tool_image, oci_spec, custom_config), 0); + ASSERT_EQ(oci_image_merge_config(tool_image, custom_config), 0); - free_oci_runtime_spec(oci_spec); - oci_spec = NULL; free_imagetool_image(tool_image); tool_image = NULL; - free_container_custom_config(custom_config); + free_container_config(custom_config); custom_config = NULL; // Config merge condition 1 @@ -257,25 +213,8 @@ TEST(oci_config_merge_llt, test_oci_image_merge_config) tool_image->spec->config->user = util_strdup_s("mail"); ASSERT_TRUE(tool_image->spec->config->user != NULL); - oci_runtime_spec_file = json_path(OCI_RUNTIME_SPEC_FILE); - ASSERT_TRUE(oci_runtime_spec_file != NULL); - oci_spec = oci_runtime_spec_parse_file(oci_runtime_spec_file, NULL, &err); - ASSERT_TRUE(oci_spec != NULL); - free(err); - err = NULL; - free(oci_runtime_spec_file); - oci_runtime_spec_file = NULL; - - free(oci_spec->process->cwd); - oci_spec->process->cwd = util_strdup_s("/bin/pwd"); - ASSERT_TRUE(oci_spec->process->cwd != NULL); - util_free_array(oci_spec->process->env); - oci_spec->process->env = single_array_from_string("B=b"); - ASSERT_TRUE(oci_spec->process->env != NULL); - oci_spec->process->env_len = 1; - - custom_config = (container_custom_config *) util_common_calloc_s(sizeof(container_custom_config)); + custom_config = (container_config *) util_common_calloc_s(sizeof(container_config)); ASSERT_TRUE(custom_config != NULL); util_free_array(custom_config->cmd); @@ -295,14 +234,13 @@ TEST(oci_config_merge_llt, test_oci_image_merge_config) custom_config->health_check = (defs_health_check *) util_common_calloc_s(sizeof(defs_health_check)); ASSERT_TRUE(custom_config->health_check != NULL); - ASSERT_EQ(oci_image_merge_config(tool_image, oci_spec, custom_config), 0); + ASSERT_EQ(oci_image_merge_config(tool_image, custom_config), 0); - ASSERT_STREQ(oci_spec->process->cwd, "/root"); + ASSERT_STREQ(custom_config->working_dir, "/root"); - ASSERT_TRUE(oci_spec->process->env != NULL); - ASSERT_STREQ(oci_spec->process->env[0], "B=b"); - ASSERT_STREQ(oci_spec->process->env[1], "A=a"); - ASSERT_EQ(oci_spec->process->env_len, 2); + ASSERT_TRUE(custom_config->env != NULL); + ASSERT_STREQ(custom_config->env[0], "A=a"); + ASSERT_EQ(custom_config->env_len, 1); ASSERT_TRUE(custom_config->cmd != NULL); ASSERT_STREQ(custom_config->cmd[0], "/bin/mkdir"); @@ -314,11 +252,9 @@ TEST(oci_config_merge_llt, test_oci_image_merge_config) ASSERT_STREQ(custom_config->user, "daemon"); - free_oci_runtime_spec(oci_spec); - oci_spec = NULL; free_imagetool_image(tool_image); tool_image = NULL; - free_container_custom_config(custom_config); + free_container_config(custom_config); custom_config = NULL; // Config merge condition 2 @@ -354,25 +290,8 @@ TEST(oci_config_merge_llt, test_oci_image_merge_config) tool_image->spec->config->user = util_strdup_s("mail"); ASSERT_TRUE(tool_image->spec->config->user != NULL); - oci_runtime_spec_file = json_path(OCI_RUNTIME_SPEC_FILE); - ASSERT_TRUE(oci_runtime_spec_file != NULL); - oci_spec = oci_runtime_spec_parse_file(oci_runtime_spec_file, NULL, &err); - ASSERT_TRUE(oci_spec != NULL); - free(err); - err = NULL; - free(oci_runtime_spec_file); - oci_runtime_spec_file = NULL; - - free(oci_spec->process->cwd); - oci_spec->process->cwd = util_strdup_s("/bin/pwd"); - ASSERT_TRUE(oci_spec->process->cwd != NULL); - util_free_array(oci_spec->process->env); - oci_spec->process->env = single_array_from_string("B=b"); - ASSERT_TRUE(oci_spec->process->env != NULL); - oci_spec->process->env_len = 1; - - custom_config = (container_custom_config *) util_common_calloc_s(sizeof(container_custom_config)); + custom_config = (container_config *) util_common_calloc_s(sizeof(container_config)); ASSERT_TRUE(custom_config != NULL); util_free_array(custom_config->cmd); @@ -386,13 +305,11 @@ TEST(oci_config_merge_llt, test_oci_image_merge_config) free(custom_config->user); custom_config->user = NULL; - ASSERT_EQ(oci_image_merge_config(tool_image, oci_spec, custom_config), 0); + ASSERT_EQ(oci_image_merge_config(tool_image, custom_config), 0); - ASSERT_STREQ(oci_spec->process->cwd, "/bin/pwd"); + ASSERT_STREQ(custom_config->working_dir, NULL); - ASSERT_TRUE(oci_spec->process->env != NULL); - ASSERT_STREQ(oci_spec->process->env[0], "B=b"); - ASSERT_EQ(oci_spec->process->env_len, 1); + ASSERT_EQ(custom_config->env_len, 0); ASSERT_TRUE(custom_config->cmd != NULL); ASSERT_STREQ(custom_config->cmd[0], "/bin/echo"); @@ -404,11 +321,9 @@ TEST(oci_config_merge_llt, test_oci_image_merge_config) ASSERT_STREQ(custom_config->user, "mail"); - free_oci_runtime_spec(oci_spec); - oci_spec = NULL; free_imagetool_image(tool_image); tool_image = NULL; - free_container_custom_config(custom_config); + free_container_config(custom_config); custom_config = NULL; // Test malloc failed @@ -423,16 +338,7 @@ TEST(oci_config_merge_llt, test_oci_image_merge_config) free(imagetool_image_file); imagetool_image_file = NULL; - oci_runtime_spec_file = json_path(OCI_RUNTIME_SPEC_FILE); - ASSERT_TRUE(oci_runtime_spec_file != NULL); - oci_spec = oci_runtime_spec_parse_file(oci_runtime_spec_file, NULL, &err); - ASSERT_TRUE(oci_spec != NULL); - free(err); - err = NULL; - free(oci_runtime_spec_file); - oci_runtime_spec_file = NULL; - - custom_config = (container_custom_config *) util_common_calloc_s(sizeof(container_custom_config)); + custom_config = (container_config *) util_common_calloc_s(sizeof(container_config)); ASSERT_TRUE(custom_config != NULL); g_malloc_match = 1; @@ -452,14 +358,12 @@ TEST(oci_config_merge_llt, test_oci_image_merge_config) } MOCK_SET_V(util_smart_calloc_s, util_smart_calloc_s_fail); - ASSERT_NE(oci_image_merge_config(tool_image, oci_spec, custom_config), 0); + ASSERT_EQ(oci_image_merge_config(tool_image, custom_config), 0); MOCK_CLEAR(util_smart_calloc_s); - free_oci_runtime_spec(oci_spec); - oci_spec = NULL; free_imagetool_image(tool_image); tool_image = NULL; - free_container_custom_config(custom_config); + free_container_config(custom_config); custom_config = NULL; } @@ -474,27 +378,12 @@ TEST(oci_config_merge_llt, test_oci_image_merge_config) free(imagetool_image_file); imagetool_image_file = NULL; - oci_runtime_spec_file = json_path(OCI_RUNTIME_SPEC_FILE); - ASSERT_TRUE(oci_runtime_spec_file != NULL); - oci_spec = oci_runtime_spec_parse_file(oci_runtime_spec_file, NULL, &err); - ASSERT_TRUE(oci_spec != NULL); - free(err); - err = NULL; - free(oci_runtime_spec_file); - oci_runtime_spec_file = NULL; - - custom_config = (container_custom_config *) util_common_calloc_s(sizeof(container_custom_config)); + custom_config = (container_config *) util_common_calloc_s(sizeof(container_config)); ASSERT_TRUE(custom_config != NULL); - MOCK_SET(merge_env, -1); - ASSERT_NE(oci_image_merge_config(tool_image, oci_spec, custom_config), 0); - MOCK_CLEAR(merge_env); - - free_oci_runtime_spec(oci_spec); - oci_spec = NULL; free_imagetool_image(tool_image); tool_image = NULL; - free_container_custom_config(custom_config); + free_container_config(custom_config); custom_config = NULL; // Test test_len == NULL @@ -508,28 +397,17 @@ TEST(oci_config_merge_llt, test_oci_image_merge_config) free(imagetool_image_file); imagetool_image_file = NULL; - oci_runtime_spec_file = json_path(OCI_RUNTIME_SPEC_FILE); - ASSERT_TRUE(oci_runtime_spec_file != NULL); - oci_spec = oci_runtime_spec_parse_file(oci_runtime_spec_file, NULL, &err); - ASSERT_TRUE(oci_spec != NULL); - free(err); - err = NULL; - free(oci_runtime_spec_file); - oci_runtime_spec_file = NULL; - util_free_array(tool_image->healthcheck->test); tool_image->healthcheck->test = NULL; tool_image->healthcheck->test_len = 0; - custom_config = (container_custom_config *) util_common_calloc_s(sizeof(container_custom_config)); + custom_config = (container_config *) util_common_calloc_s(sizeof(container_config)); ASSERT_TRUE(custom_config != NULL); - ASSERT_NE(oci_image_merge_config(tool_image, oci_spec, custom_config), 0); + ASSERT_NE(oci_image_merge_config(tool_image, custom_config), 0); - free_oci_runtime_spec(oci_spec); - oci_spec = NULL; free_imagetool_image(tool_image); tool_image = NULL; - free_container_custom_config(custom_config); + free_container_config(custom_config); custom_config = NULL; } -- Gitee From 3362ce9cab2a940a86011f8c819ff3d00c93cd33 Mon Sep 17 00:00:00 2001 From: WangFengTu Date: Fri, 17 Jan 2020 05:30:27 -0500 Subject: [PATCH 7/7] Change isulad_kit to isulad-img Signed-off-by: WangFengTu --- Dockerfile | 6 +-- iSulad.spec | 2 +- src/image/oci/global_config.c | 4 +- src/image/oci/isula_image.c | 4 +- src/image/oci/run_image_server.c | 88 ++++++++++++++++---------------- src/image/oci/run_image_server.h | 2 +- 6 files changed, 53 insertions(+), 53 deletions(-) diff --git a/Dockerfile b/Dockerfile index feb476c..d575a48 100644 --- a/Dockerfile +++ b/Dockerfile @@ -247,12 +247,12 @@ RUN export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH && \ make install && \ ldconfig -# install iSulad-kit +# install iSulad-img RUN export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH && \ set -x && \ cd ~ && \ - git clone https://gitee.com/openeuler/iSulad-kit.git && \ - cd iSulad-kit && \ + git clone https://gitee.com/openeuler/iSulad-img.git && \ + cd iSulad-img && \ ./apply-patch && \ make -j $(nproc) && \ make install && \ diff --git a/iSulad.spec b/iSulad.spec index df788d3..699bad3 100644 --- a/iSulad.spec +++ b/iSulad.spec @@ -36,7 +36,7 @@ BuildRequires: http-parser-devel libevhtp-devel libevent-devel BuildRequires: libseccomp-devel libcap-devel libwebsockets libwebsockets-devel BuildRequires: systemd-devel git -Requires: iSulad-kit lcr lxc clibcni +Requires: iSulad-img lcr lxc clibcni Requires: grpc protobuf yajl Requires: libcurl Requires: sqlite http-parser libseccomp diff --git a/src/image/oci/global_config.c b/src/image/oci/global_config.c index f18f04c..0b09e1f 100644 --- a/src/image/oci/global_config.c +++ b/src/image/oci/global_config.c @@ -42,14 +42,14 @@ static int pack_global_graph_driver(const char * const *options, bool ignore_sto if (strcmp(graph_driver, "overlay2") == 0) { // Treating overlay2 as overlay cause image was downloaded always // in '/var/lib/isulad/storage/overlay' directory. - // See iSulad-kit/vendor/github.com/containers/storage/drivers/overlay/overlay.go, + // See iSulad-img/vendor/github.com/containers/storage/drivers/overlay/overlay.go, // Driver is inited by name "overlay". graph_driver[strlen(graph_driver) - 1] = '\0'; } add_array_kv(params, PARAM_NUM, &i, options[GB_OPTION_DRIVER_NAME], graph_driver); graph_opts = conf_get_storage_opts(); - // since iSulad-kit will set quota when pull image, which is differ from docker, + // since iSulad-img will set quota when pull image, which is differ from docker, // and we may get some error if setted, ignore it if neccessary. for (p = graph_opts; (p != NULL) && (*p != NULL); p++) { if (ignore_storage_opt_size && driver != NULL && driver->ops->is_quota_options(driver, *p)) { diff --git a/src/image/oci/isula_image.c b/src/image/oci/isula_image.c index f4a3e62..77ac4ab 100644 --- a/src/image/oci/isula_image.c +++ b/src/image/oci/isula_image.c @@ -52,7 +52,7 @@ void isula_exit(void) { int nret; - isula_kit_exit(); + isula_img_exit(); nret = pthread_cancel(g_monitor_thread); if (nret != 0) { SYSERROR("Cancel isula monitor thread failed"); @@ -70,7 +70,7 @@ static int start_isula_image_server(void) im_opt_timeout = im_opt_timeout >= MIN_OPT_TIMEOUT ? im_opt_timeout : MIN_OPT_TIMEOUT; - // check whether isula_kit is running by systemd + // check whether isulad-img is running by systemd if (util_file_exists(ISULA_IMAGE_SERVER_DEFAULT_SOCK)) { if (!conf_update_im_server_sock_addr(ISULA_IMAGE_SERVER_DEFAULT_SOCK)) { ERROR("Update image socket address failed"); diff --git a/src/image/oci/run_image_server.c b/src/image/oci/run_image_server.c index bab6f50..e9ba60a 100644 --- a/src/image/oci/run_image_server.c +++ b/src/image/oci/run_image_server.c @@ -48,7 +48,7 @@ const char *g_imtool_gb_options[] = { NULL, }; -#define ISULA_IMAGE_SERVER_CMD "isulad_kit" +#define ISULA_IMAGE_SERVER_CMD "isulad-img" #define ISULA_IMAGE_DAEMON "daemon" #define ISULA_IMAGE_DAEMON_HOST "--host" #define ISULA_IMAGE_DAEMON_OPTION_TLS_VERIFY "--tls-verify=false" @@ -59,9 +59,9 @@ const char *g_imtool_gb_options[] = { #define ONE_TENTH_SECOND 100000 static pthread_mutex_t g_mutex; -static pid_t g_isulad_kit_pid = -1; -static unsigned long long g_isulad_kit_start_time = 0; -static bool g_isula_kit_exit = false; +static pid_t g_isulad_img_pid = -1; +static unsigned long long g_isulad_img_start_time = 0; +static bool g_isula_img_exit = false; static int pack_isula_image_global_options(char *params[], size_t *count, bool ignore_storage_opt_size) { @@ -206,10 +206,10 @@ static void kill_old_image_server(pid_t server_pid, unsigned long long start_tim } } -static void *heartbeat_for_isulad_kit(void *arg) +static void *heartbeat_for_isulad_img(void *arg) { - pid_t tmp_isulad_kit_pid = -1; - unsigned long long tmp_isulad_kit_start_time = 0; + pid_t tmp_isulad_img_pid = -1; + unsigned long long tmp_isulad_img_start_time = 0; if (pthread_detach(pthread_self()) != 0) { ERROR("Detach heartbeat thread failed"); @@ -224,22 +224,22 @@ static void *heartbeat_for_isulad_kit(void *arg) continue; } - tmp_isulad_kit_pid = g_isulad_kit_pid; - tmp_isulad_kit_start_time = g_isulad_kit_start_time; + tmp_isulad_img_pid = g_isulad_img_pid; + tmp_isulad_img_start_time = g_isulad_img_start_time; if (pthread_mutex_unlock(&g_mutex) != 0) { - ERROR("Lock isulad kit pid failed"); + ERROR("Lock isulad img pid failed"); break; } - if (tmp_isulad_kit_pid == -1) { + if (tmp_isulad_img_pid == -1) { usleep_nointerupt(ONE_TENTH_SECOND); continue; } do_check_mainloop(); - kill_old_image_server(tmp_isulad_kit_pid, tmp_isulad_kit_start_time, HALF_A_SECOND); + kill_old_image_server(tmp_isulad_img_pid, tmp_isulad_img_start_time, HALF_A_SECOND); } return NULL; @@ -299,7 +299,7 @@ static int isula_image_server_load_first_check(const struct server_monitor_conf } /* 1. If health check success, send a mutex to main thread and make it run again; - * 2. Sync data between iSulad and iSulad-kit. + * 2. Sync data between iSulad and iSulad-img. */ if (retry) { ret = isula_sync_images(); @@ -323,37 +323,37 @@ out: return ret; } -void isula_kit_exit() +void isula_img_exit() { if (pthread_mutex_lock(&g_mutex) != 0) { - ERROR("Lock isulad kit pid failed"); + ERROR("Lock isulad img pid failed"); return; } - g_isula_kit_exit = true; - kill_old_image_server(g_isulad_kit_pid, g_isulad_kit_start_time, ONE_TENTH_SECOND); + g_isula_img_exit = true; + kill_old_image_server(g_isulad_img_pid, g_isulad_img_start_time, ONE_TENTH_SECOND); if (pthread_mutex_unlock(&g_mutex) != 0) { - ERROR("Unlock isulad kit pid failed"); + ERROR("Unlock isulad img pid failed"); } } -static void update_isulad_kit_pid_info(pid_t pid, unsigned long long start_time) +static void update_isulad_img_pid_info(pid_t pid, unsigned long long start_time) { if (pthread_mutex_lock(&g_mutex) != 0) { - ERROR("Lock isulad kit pid failed"); + ERROR("Lock isulad img pid failed"); return; } - g_isulad_kit_start_time = start_time; - g_isulad_kit_pid = pid; + g_isulad_img_start_time = start_time; + g_isulad_img_pid = pid; if (pthread_mutex_unlock(&g_mutex) != 0) { - ERROR("Unlock isulad kit pid failed"); + ERROR("Unlock isulad img pid failed"); } } -static int load_isula_image_server(const struct server_monitor_conf *conf, bool retry, pid_t *kit_pid) +static int load_isula_image_server(const struct server_monitor_conf *conf, bool retry, pid_t *img_pid) { pid_t pid = 0; int ret = 0; @@ -368,7 +368,7 @@ static int load_isula_image_server(const struct server_monitor_conf *conf, bool } if (pid == (pid_t)0) { - // child to load isula-kit binary + // child to load isulad-img binary nret = prctl(PR_SET_PDEATHSIG, SIGKILL, (unsigned long)0, (unsigned long)0, (unsigned long)0); if (nret < 0) { COMMAND_ERROR("Failed to set parent death signal"); @@ -381,18 +381,18 @@ static int load_isula_image_server(const struct server_monitor_conf *conf, bool } execute_run_isula_image_server(NULL); } - *kit_pid = pid; + *img_pid = pid; /* parent */ start_time = get_image_server_start_time(pid); - /* check first load isulad kit is success. */ + /* check first load isulad img is success. */ if (isula_image_server_load_first_check(conf, retry) != 0) { ret = -1; } - /* update isulad_kit information */ - update_isulad_kit_pid_info(pid, start_time); + /* update isulad-img information */ + update_isulad_img_pid_info(pid, start_time); out: return ret; @@ -417,7 +417,7 @@ void *isula_image_server_monitor(void *arg) struct server_monitor_conf *conf = (struct server_monitor_conf *)arg; bool retry_flag = false; pthread_t wp_thread; - pid_t isulad_kit_pid; + pid_t isulad_img_pid; if (conf == NULL) { ERROR("Invalid arguments"); @@ -430,7 +430,7 @@ void *isula_image_server_monitor(void *arg) goto pexit; } - nret = pthread_create(&wp_thread, NULL, heartbeat_for_isulad_kit, NULL); + nret = pthread_create(&wp_thread, NULL, heartbeat_for_isulad_img, NULL); if (nret != 0) { ERROR("Create heartbeat thread failed: %s", strerror(nret)); goto pexit; @@ -446,42 +446,42 @@ void *isula_image_server_monitor(void *arg) retry: remove_old_socket_file(); - isulad_kit_pid = (pid_t) - 1; + isulad_img_pid = (pid_t) - 1; // First, fork new process to run image server binary. - nret = load_isula_image_server(conf, retry_flag, &isulad_kit_pid); + nret = load_isula_image_server(conf, retry_flag, &isulad_img_pid); if (nret != 0) { if (!retry_flag) { - ERROR("First start isulad kit failed"); + ERROR("First start isulad img failed"); goto pexit; } WARN("Load isula image server failed"); } retry_flag = true; - if (isulad_kit_pid == (pid_t) - 1) { + if (isulad_img_pid == (pid_t) - 1) { usleep_nointerupt(HALF_A_SECOND); goto retry; } - /* waitpid for isulad_kit process */ - nret = wait_for_pid(isulad_kit_pid); + /* waitpid for isulad-img process */ + nret = wait_for_pid(isulad_img_pid); if (nret != 0) { - SYSERROR("Wait isulad kit failed"); + SYSERROR("Wait isulad img failed"); } - /* clean old isulad_kit information */ + /* clean old isulad-img information */ if (pthread_mutex_lock(&g_mutex) != 0) { - ERROR("Lock isulad kit pid failed"); + ERROR("Lock isulad img pid failed"); } - g_isulad_kit_start_time = 0; - g_isulad_kit_pid = -1; - if (g_isula_kit_exit) { + g_isulad_img_start_time = 0; + g_isulad_img_pid = -1; + if (g_isula_img_exit) { (void)pthread_mutex_unlock(&g_mutex); goto pexit; } if (pthread_mutex_unlock(&g_mutex) != 0) { - ERROR("Unlock isulad kit pid failed"); + ERROR("Unlock isulad img pid failed"); } usleep_nointerupt(HALF_A_SECOND); diff --git a/src/image/oci/run_image_server.h b/src/image/oci/run_image_server.h index 9e08a1e..2f3cd78 100644 --- a/src/image/oci/run_image_server.h +++ b/src/image/oci/run_image_server.h @@ -29,7 +29,7 @@ struct server_monitor_conf { void *isula_image_server_monitor(void *arg); -void isula_kit_exit(); +void isula_img_exit(); #ifdef __cplusplus } -- Gitee