From 955e584502c9320b3e2151f7707373702b46dd8c Mon Sep 17 00:00:00 2001
From: gaohuatao <gaohuatao@huawei.com>
Date: Thu, 11 Nov 2021 20:21:11 +0800
Subject: [PATCH] upgrade from upstream

Signed-off-by: gaohuatao <gaohuatao@huawei.com>
(cherry picked from commit f2c24d74c35fa1bdd4f397d43ba25a4d1c79aaa9)
---
 0032-disable-lxc_keep-with-oci-image.patch | 169 +++++++++++++++++++++
 lxc.spec                                   |   9 +-
 series.conf                                |   1 +
 3 files changed, 178 insertions(+), 1 deletion(-)
 create mode 100644 0032-disable-lxc_keep-with-oci-image.patch

diff --git a/0032-disable-lxc_keep-with-oci-image.patch b/0032-disable-lxc_keep-with-oci-image.patch
new file mode 100644
index 0000000..0e0c6e0
--- /dev/null
+++ b/0032-disable-lxc_keep-with-oci-image.patch
@@ -0,0 +1,169 @@
+From dc08143bcaf8722492a70848124b8d48dfa099f7 Mon Sep 17 00:00:00 2001
+From: gaohuatao <gaohuatao@huawei.com>
+Date: Fri, 22 Oct 2021 14:43:13 +0800
+Subject: [PATCH] disable lxc_keep with oci image
+
+Signed-off-by: gaohuatao <gaohuatao@huawei.com>
+---
+ src/lxc/confile.c      |  6 ++++++
+ src/lxc/lxccontainer.c | 24 ++++++++++++++++++++++++
+ src/lxc/lxccontainer.h | 18 ++++++++++++++++++
+ src/lxc/start.c        |  5 +++++
+ src/lxc/start.h        |  1 +
+ 5 files changed, 54 insertions(+)
+
+diff --git a/src/lxc/confile.c b/src/lxc/confile.c
+index e898e23..e298ce9 100644
+--- a/src/lxc/confile.c
++++ b/src/lxc/confile.c
+@@ -3018,6 +3018,12 @@ bool lxc_config_define_load(struct lxc_list *defines, struct lxc_container *c)
+ 
+ 	lxc_list_for_each(it, defines) {
+ 		struct new_config_item *new_item = it->elem;
++#ifdef HAVE_ISULAD
++		if (strcmp(new_item->key, LXC_IMAGE_OCI_KEY) == 0) {
++			c->set_oci_type(c, true);
++			continue;
++		}
++#endif
+ 		bret = c->set_config_item(c, new_item->key, new_item->val);
+ 		if (!bret)
+ 			break;
+diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
+index 2d58191..69706a5 100644
+--- a/src/lxc/lxccontainer.c
++++ b/src/lxc/lxccontainer.c
+@@ -1061,6 +1061,10 @@ static bool do_lxcapi_start(struct lxc_container *c, int useinit, char * const a
+ 	if (!argv) {
+ 		argv = init_cmd = use_init_args(conf->init_argv, conf->init_argc);
+ 	}
++
++	if (c->image_type_oci) {
++		handler->image_type_oci = true;
++	}
+ #endif
+ 
+ 	/* ... otherwise use default_args. */
+@@ -5755,6 +5759,22 @@ static bool do_lxcapi_set_start_timeout(struct lxc_container *c,  unsigned int s
+ 
+ WRAP_API_1(bool, lxcapi_set_start_timeout, unsigned int)
+ 
++/* isulad add set image type */
++static bool do_lxcapi_set_oci_type(struct lxc_container *c,  bool image_type_oci)
++{
++	if (!c || !c->lxc_conf)
++		return false;
++	if (container_mem_lock(c)) {
++		ERROR("Error getting mem lock");
++		return false;
++	}
++	c->image_type_oci = image_type_oci;
++	container_mem_unlock(c);
++	return true;
++}
++
++WRAP_API_1(bool, lxcapi_set_oci_type, bool)
++
+ static uint64_t metrics_get_ull(struct lxc_container *c, struct cgroup_ops *cgroup_ops, const char *item)
+ {
+     char buf[81] = {0};
+@@ -6177,6 +6197,9 @@ struct lxc_container *lxc_container_new(const char *name, const char *configpath
+ 
+ 	c->daemonize = true;
+ 	c->pidfile = NULL;
++#ifdef HAVE_ISULAD
++	c->image_type_oci = false;
++#endif
+ 
+ 	/* Assign the member functions. */
+ 	c->is_defined = lxcapi_is_defined;
+@@ -6249,6 +6272,7 @@ struct lxc_container *lxc_container_new(const char *name, const char *configpath
+ 	c->clean_container_resource = lxcapi_clean_container_resource;
+ 	c->get_container_pids = lxcapi_get_container_pids;
+ 	c->set_start_timeout = lxcapi_set_start_timeout;
++	c->set_oci_type = lxcapi_set_oci_type;
+ 	c->get_container_metrics = lxcapi_get_container_metrics;
+ #endif
+ 	return c;
+diff --git a/src/lxc/lxccontainer.h b/src/lxc/lxccontainer.h
+index 9abbd09..a5be3f8 100644
+--- a/src/lxc/lxccontainer.h
++++ b/src/lxc/lxccontainer.h
+@@ -26,6 +26,8 @@ extern "C" {
+ #define LXC_CREATE_MAXFLAGS       (1 << 1) /*!< Number of \c LXC_CREATE* flags */
+ #define LXC_MOUNT_API_V1		   1
+ 
++#define LXC_IMAGE_OCI_KEY "lxc.imagetype.oci"
++
+ struct bdev_specs;
+ 
+ struct lxc_snapshot;
+@@ -164,6 +166,12 @@ struct lxc_container {
+ 	 */
+ 	unsigned int start_timeout;
+ 
++	/*! isulad:
++	 * \private
++	 *  image_type_oci
++	 */
++	bool image_type_oci;
++
+ 	/*!
+ 	 * \brief Determine if \c /var/lib/lxc/$name/config exists.
+ 	 *
+@@ -1010,6 +1018,16 @@ struct lxc_container {
+ 	 */
+ 	bool (*set_start_timeout)(struct lxc_container *c, unsigned int start_timeout);
+ 
++	/*! isulad add
++	 * \brief An API call to set oci type
++	 *
++	 * \param c Container.
++	 * \param image_type_oci image oci type.
++	 *
++	 * \return \c true on success, else \c false.
++	 */
++	bool (*set_oci_type)(struct lxc_container *c, bool image_type_oci);
++	
+ 	/*! isulad add
+ 	 * \brief An API call to set start timeout
+ 	 *
+diff --git a/src/lxc/start.c b/src/lxc/start.c
+index 52ea561..c1563e0 100644
+--- a/src/lxc/start.c
++++ b/src/lxc/start.c
+@@ -694,6 +694,7 @@ struct lxc_handler *lxc_init_handler(const char *name, struct lxc_conf *conf,
+ 
+ #ifdef HAVE_ISULAD
+ 	handler->exit_code = -1; /* isulad: record exit code of container */
++	handler->image_type_oci = false;
+ #endif
+ 
+ 	if (daemonize)
+@@ -2080,7 +2081,11 @@ static int lxc_spawn(struct lxc_handler *handler)
+ 	 * it readonly.
+ 	 * If the container is unprivileged then skip rootfs pinning.
+ 	 */
++#ifdef HAVE_ISULAD
++	if (!wants_to_map_ids && !handler->image_type_oci) {
++#else
+ 	if (!wants_to_map_ids) {
++#endif
+ 		handler->pinfd = pin_rootfs(conf->rootfs.path);
+ 		if (handler->pinfd == -EBADF)
+ 			INFO("Failed to pin the rootfs for container \"%s\"", handler->name);
+diff --git a/src/lxc/start.h b/src/lxc/start.h
+index ebeeb72..98de103 100644
+--- a/src/lxc/start.h
++++ b/src/lxc/start.h
+@@ -129,6 +129,7 @@ struct lxc_handler {
+ 	bool disable_pty;
+ 	/* Indicates whether should we keep stdin active. */
+ 	bool open_stdin;
++	bool image_type_oci;
+ #endif
+ 
+ };
+-- 
+2.20.1
+
diff --git a/lxc.spec b/lxc.spec
index 0aba398..ed4d724 100644
--- a/lxc.spec
+++ b/lxc.spec
@@ -1,4 +1,4 @@
-%global _release 2021092601
+%global _release 2021102101
 
 Name:           lxc
 Version:        4.0.3
@@ -39,6 +39,7 @@ Patch0028:	0028-seccomp-init-and-destroy-notifier.cookie.patch
 Patch0029:	0029-just-use-origin-loop-if-do-not-have-io.patch
 Patch0030:	0030-conf-fix-a-memory-leak.patch
 Patch0031:	0031-fix-lsm_se_mount_context-memory-leak.patch
+Patch0032:	0032-disable-lxc_keep-with-oci-image.patch
 
 BuildRequires:  systemd-units git libtool graphviz docbook2X doxygen chrpath
 BuildRequires:  pkgconfig(libseccomp)
@@ -210,6 +211,12 @@ make check
 %{_mandir}/*/man7/%{name}*
 
 %changelog
+* Thu Oct 21 2021 gaohuatao<gaohuatao@huawei.com> - 4.0.3-2021102101
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:disable lxc_keep
+
 * Sun Sep 26 2021 chengzeruizhi<chengzeruizhi@huawei.com> - 4.0.3-2021092601
 - Type:bugfix
 - ID:NA
diff --git a/series.conf b/series.conf
index 25f1cec..974d5d8 100644
--- a/series.conf
+++ b/series.conf
@@ -29,3 +29,4 @@
 0029-just-use-origin-loop-if-do-not-have-io.patch
 0030-conf-fix-a-memory-leak.patch
 0031-fix-lsm_se_mount_context-memory-leak.patch
+0032-disable-lxc_keep-with-oci-image.patch
-- 
Gitee