From 9e0415cf0d94ea6af888965afd7740f42a16b0c3 Mon Sep 17 00:00:00 2001 From: zhangxiaoyu Date: Thu, 21 Jul 2022 18:54:46 +0800 Subject: [PATCH] fix compile error Signed-off-by: zhangxiaoyu --- ...tch-code-of-utils-commands-and-so-on.patch | 98 ++++++--- ...-code-of-isulad-for-conf-exec-attach.patch | 111 +++++----- ...ch-code-of-isulad-for-selinux-attach.patch | 12 +- ...r-patch-about-namespace-log-terminal.patch | 194 ++++-------------- ...ches-on-terminal.c-start.c-and-so-on.patch | 115 +++++++---- lxc.spec | 8 +- 6 files changed, 244 insertions(+), 294 deletions(-) diff --git a/0001-refactor-patch-code-of-utils-commands-and-so-on.patch b/0001-refactor-patch-code-of-utils-commands-and-so-on.patch index 53fde44..5c0cd7f 100644 --- a/0001-refactor-patch-code-of-utils-commands-and-so-on.patch +++ b/0001-refactor-patch-code-of-utils-commands-and-so-on.patch @@ -6,19 +6,20 @@ Subject: [PATCH] refactor patch code of utils commands and so on Signed-off-by: zhangxiaoyu --- src/lxc/cgroups/isulad_cgroup2_devices.c | 575 +++++++++++++++++++++++ - src/lxc/commands.c | 180 +++++++ + src/lxc/commands.c | 185 +++++++- src/lxc/commands.h | 10 + src/lxc/conf.h | 95 ++++ - src/lxc/isulad_utils.c | 317 +++++++++++++ + src/lxc/isulad_utils.c | 319 +++++++++++++ src/lxc/isulad_utils.h | 98 ++++ src/lxc/lsm/lsm.c | 20 + src/lxc/lxc.h | 19 + src/lxc/lxccontainer.h | 194 ++++++++ + src/lxc/network.c | 8 + src/lxc/tools/lxc_ls.c | 8 + src/lxc/tools/lxc_start.c | 109 ++++- - src/lxc/utils.c | 174 +++++++ + src/lxc/utils.c | 173 +++++++ src/lxc/utils.h | 11 + - 13 files changed, 1809 insertions(+), 1 deletion(-) + 14 files changed, 1821 insertions(+), 3 deletions(-) create mode 100644 src/lxc/cgroups/isulad_cgroup2_devices.c create mode 100644 src/lxc/isulad_utils.c create mode 100644 src/lxc/isulad_utils.h @@ -605,7 +606,7 @@ index 0000000..05613c5 +} +#endif diff --git a/src/lxc/commands.c b/src/lxc/commands.c -index b6ae101..ae50cc6 100644 +index b6ae101..c2a5665 100644 --- a/src/lxc/commands.c +++ b/src/lxc/commands.c @@ -86,6 +86,10 @@ static const char *lxc_cmd_str(lxc_cmd_t cmd) @@ -635,7 +636,19 @@ index b6ae101..ae50cc6 100644 if (ret < 0) return log_warn_errno(-1, errno, "Failed to receive response for command \"%s\"", -@@ -1260,7 +1272,11 @@ int lxc_cmd_serve_state_clients(const char *name, const char *lxcpath, +@@ -592,8 +604,9 @@ static int lxc_cmd_get_cgroup_callback_do(int fd, struct lxc_cmd_req *req, + reqdata = NULL; + } + +- get_fn = (limiting_cgroup ? cgroup_ops->get_cgroup +- : cgroup_ops->get_limiting_cgroup); ++ // bugfix in newer version ++ get_fn = (limiting_cgroup ? cgroup_ops->get_limiting_cgroup ++ : cgroup_ops->get_cgroup); + + path = get_fn(cgroup_ops, reqdata); + +@@ -1260,7 +1273,11 @@ int lxc_cmd_serve_state_clients(const char *name, const char *lxcpath, ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL); if (ret < 0) @@ -647,7 +660,7 @@ index b6ae101..ae50cc6 100644 return 0; } -@@ -1475,6 +1491,123 @@ static int lxc_cmd_get_limiting_cgroup2_fd_callback(int fd, +@@ -1475,6 +1492,123 @@ static int lxc_cmd_get_limiting_cgroup2_fd_callback(int fd, return ret_errno(ENOSYS); } @@ -771,7 +784,7 @@ index b6ae101..ae50cc6 100644 static int lxc_cmd_process(int fd, struct lxc_cmd_req *req, struct lxc_handler *handler, struct lxc_epoll_descr *descr) -@@ -1504,10 +1637,18 @@ static int lxc_cmd_process(int fd, struct lxc_cmd_req *req, +@@ -1504,10 +1638,18 @@ static int lxc_cmd_process(int fd, struct lxc_cmd_req *req, [LXC_CMD_GET_INIT_PIDFD] = lxc_cmd_get_init_pidfd_callback, [LXC_CMD_GET_LIMITING_CGROUP] = lxc_cmd_get_limiting_cgroup_callback, [LXC_CMD_GET_LIMITING_CGROUP2_FD] = lxc_cmd_get_limiting_cgroup2_fd_callback, @@ -790,7 +803,7 @@ index b6ae101..ae50cc6 100644 return cb[req->cmd](fd, req, handler, descr); } -@@ -1646,6 +1787,44 @@ static int lxc_cmd_accept(int fd, uint32_t events, void *data, +@@ -1646,6 +1788,44 @@ static int lxc_cmd_accept(int fd, uint32_t events, void *data, return ret; } @@ -835,7 +848,7 @@ index b6ae101..ae50cc6 100644 int lxc_cmd_init(const char *name, const char *lxcpath, const char *suffix) { __do_close int fd = -EBADF; -@@ -1670,6 +1849,7 @@ int lxc_cmd_init(const char *name, const char *lxcpath, const char *suffix) +@@ -1670,6 +1850,7 @@ int lxc_cmd_init(const char *name, const char *lxcpath, const char *suffix) return log_trace(move_fd(fd), "Created abstract unix socket \"%s\"", &path[1]); } @@ -1034,10 +1047,10 @@ index b72afba..0478eb1 100644 #endif /* __LXC_CONF_H */ diff --git a/src/lxc/isulad_utils.c b/src/lxc/isulad_utils.c new file mode 100644 -index 0000000..47d0ff5 +index 0000000..15d9323 --- /dev/null +++ b/src/lxc/isulad_utils.c -@@ -0,0 +1,317 @@ +@@ -0,0 +1,319 @@ +/* SPDX-License-Identifier: LGPL-2.1+ */ +/****************************************************************************** + * Copyright (c) Huawei Technologies Co., Ltd. 2020. Allrights reserved @@ -1051,6 +1064,8 @@ index 0000000..47d0ff5 +#include +#include +#include ++#include ++#include + +#include "isulad_utils.h" +#include "log.h" @@ -1772,6 +1787,28 @@ index b4ec1d6..3680ade 100644 /*! * \brief Add a reference to the specified container. * +diff --git a/src/lxc/network.c b/src/lxc/network.c +index bca0440..56efa4b 100644 +--- a/src/lxc/network.c ++++ b/src/lxc/network.c +@@ -3441,9 +3441,17 @@ static int lxc_network_setup_in_child_namespaces_common(struct lxc_netdev *netde + + /* set the network device up */ + if (netdev->flags & IFF_UP) { ++#ifdef HAVE_ISULAD ++ if (netdev->name[0] != '\0') { ++ err = lxc_netdev_up(netdev->name); ++ if (err) ++ return log_error_errno(-1, -err, "Failed to set network device \"%s\" up", netdev->name); ++ } ++#else + err = lxc_netdev_up(netdev->name); + if (err) + return log_error_errno(-1, -err, "Failed to set network device \"%s\" up", netdev->name); ++#endif + + /* the network is up, make the loopback up too */ + err = lxc_netdev_up("lo"); diff --git a/src/lxc/tools/lxc_ls.c b/src/lxc/tools/lxc_ls.c index 0abcd7a..7c0b69c 100644 --- a/src/lxc/tools/lxc_ls.c @@ -1969,21 +2006,20 @@ index 459b867..3ef5961 100644 exit(err); } diff --git a/src/lxc/utils.c b/src/lxc/utils.c -index 88d0f85..f038dc5 100644 +index 88d0f85..ab351d8 100644 --- a/src/lxc/utils.c +++ b/src/lxc/utils.c -@@ -27,6 +27,10 @@ +@@ -27,6 +27,9 @@ #include #include #include +#ifdef HAVE_ISULAD +#include -+#include +#endif #include "config.h" #include "log.h" -@@ -71,6 +75,9 @@ static int _recursive_rmdir(const char *dirname, dev_t pdev, +@@ -71,6 +74,9 @@ static int _recursive_rmdir(const char *dirname, dev_t pdev, int ret; struct dirent *direntp; char pathname[PATH_MAX]; @@ -1993,7 +2029,7 @@ index 88d0f85..f038dc5 100644 dir = opendir(dirname); if (!dir) -@@ -133,6 +140,11 @@ static int _recursive_rmdir(const char *dirname, dev_t pdev, +@@ -133,6 +139,11 @@ static int _recursive_rmdir(const char *dirname, dev_t pdev, } else { ret = unlink(pathname); if (ret < 0) { @@ -2005,7 +2041,7 @@ index 88d0f85..f038dc5 100644 __do_close int fd = -EBADF; fd = open(pathname, O_RDONLY | O_CLOEXEC | O_NONBLOCK); -@@ -158,10 +170,18 @@ static int _recursive_rmdir(const char *dirname, dev_t pdev, +@@ -158,10 +169,18 @@ static int _recursive_rmdir(const char *dirname, dev_t pdev, } if (rmdir(dirname) < 0 && !btrfs_try_remove_subvol(dirname) && !hadexclude) { @@ -2024,7 +2060,7 @@ index 88d0f85..f038dc5 100644 return failed ? -1 : 0; } -@@ -1008,7 +1028,11 @@ static int open_if_safe(int dirfd, const char *nextpath) +@@ -1008,7 +1027,11 @@ static int open_if_safe(int dirfd, const char *nextpath) * * Return an open fd for the path, or <0 on error. */ @@ -2036,7 +2072,7 @@ index 88d0f85..f038dc5 100644 { int curlen = 0, dirfd, fulllen, i; char *dup; -@@ -1079,6 +1103,65 @@ out: +@@ -1079,6 +1102,65 @@ out: return dirfd; } @@ -2102,7 +2138,7 @@ index 88d0f85..f038dc5 100644 /* * Safely mount a path into a container, ensuring that the mount target * is under the container's @rootfs. (If @rootfs is NULL, then the container -@@ -1087,14 +1170,22 @@ out: +@@ -1087,14 +1169,22 @@ out: * CAVEAT: This function must not be used for other purposes than container * setup before executing the container's init */ @@ -2125,7 +2161,7 @@ index 88d0f85..f038dc5 100644 if (!rootfs) rootfs = ""; -@@ -1137,8 +1228,23 @@ int safe_mount(const char *src, const char *dest, const char *fstype, +@@ -1137,8 +1227,23 @@ int safe_mount(const char *src, const char *dest, const char *fstype, return -EINVAL; } @@ -2149,7 +2185,7 @@ index 88d0f85..f038dc5 100644 if (srcfd != -1) close(srcfd); -@@ -1149,6 +1255,19 @@ int safe_mount(const char *src, const char *dest, const char *fstype, +@@ -1149,6 +1254,19 @@ int safe_mount(const char *src, const char *dest, const char *fstype, return ret; } @@ -2169,7 +2205,7 @@ index 88d0f85..f038dc5 100644 return 0; } -@@ -1215,7 +1334,11 @@ domount: +@@ -1215,7 +1333,11 @@ domount: if (!strcmp(rootfs, "")) ret = mount("proc", path, "proc", 0, NULL); else @@ -2181,7 +2217,7 @@ index 88d0f85..f038dc5 100644 if (ret < 0) return -1; -@@ -1425,6 +1548,11 @@ static int lxc_get_unused_loop_dev(char *name_loop) +@@ -1425,6 +1547,11 @@ static int lxc_get_unused_loop_dev(char *name_loop) { int loop_nr, ret; int fd_ctl = -1, fd_tmp = -1; @@ -2193,7 +2229,7 @@ index 88d0f85..f038dc5 100644 fd_ctl = open("/dev/loop-control", O_RDWR | O_CLOEXEC); if (fd_ctl < 0) { -@@ -1442,8 +1570,37 @@ static int lxc_get_unused_loop_dev(char *name_loop) +@@ -1442,8 +1569,37 @@ static int lxc_get_unused_loop_dev(char *name_loop) if (ret < 0 || ret >= LO_NAME_SIZE) goto on_error; @@ -2231,7 +2267,7 @@ index 88d0f85..f038dc5 100644 /* on Android loop devices are moved under /dev/block, give it a shot */ ret = snprintf(name_loop, LO_NAME_SIZE, "/dev/block/loop%d", loop_nr); if (ret < 0 || ret >= LO_NAME_SIZE) -@@ -1452,6 +1609,7 @@ static int lxc_get_unused_loop_dev(char *name_loop) +@@ -1452,6 +1608,7 @@ static int lxc_get_unused_loop_dev(char *name_loop) fd_tmp = open(name_loop, O_RDWR | O_CLOEXEC); if (fd_tmp < 0) SYSERROR("Failed to open loop \"%s\"", name_loop); @@ -2239,7 +2275,7 @@ index 88d0f85..f038dc5 100644 } on_error: -@@ -1661,6 +1819,7 @@ uint64_t lxc_find_next_power2(uint64_t n) +@@ -1661,6 +1818,7 @@ uint64_t lxc_find_next_power2(uint64_t n) return n; } @@ -2247,7 +2283,7 @@ index 88d0f85..f038dc5 100644 static int process_dead(/* takes */ int status_fd) { __do_close int dupfd = -EBADF; -@@ -1698,15 +1857,19 @@ static int process_dead(/* takes */ int status_fd) +@@ -1698,15 +1856,19 @@ static int process_dead(/* takes */ int status_fd) return ret; } @@ -2267,7 +2303,7 @@ index 88d0f85..f038dc5 100644 /* verify that we haven't been orphaned in the meantime */ ppid = (pid_t)syscall(SYS_getppid); if (ppid == 0) { /* parent outside our pidns */ -@@ -1718,6 +1881,7 @@ int lxc_set_death_signal(int signal, pid_t parent, int parent_status_fd) +@@ -1718,6 +1880,7 @@ int lxc_set_death_signal(int signal, pid_t parent, int parent_status_fd) } else if (ppid != parent) { return raise(SIGKILL); } @@ -2275,7 +2311,7 @@ index 88d0f85..f038dc5 100644 if (ret < 0) return -1; -@@ -1755,8 +1919,18 @@ int lxc_rm_rf(const char *dirname) +@@ -1755,8 +1918,18 @@ int lxc_rm_rf(const char *dirname) struct dirent *direntp; dir = opendir(dirname); diff --git a/0002-refactor-patch-code-of-isulad-for-conf-exec-attach.patch b/0002-refactor-patch-code-of-isulad-for-conf-exec-attach.patch index 31c6206..00c07a5 100644 --- a/0002-refactor-patch-code-of-isulad-for-conf-exec-attach.patch +++ b/0002-refactor-patch-code-of-isulad-for-conf-exec-attach.patch @@ -6,13 +6,13 @@ Subject: [PATCH] refactor patch code of isulad for conf/exec/attach Signed-off-by: haozi007 --- src/lxc/attach_options.h | 41 +- - src/lxc/conf.c | 1990 ++++++++++++++++++++++++++++++++++++- + src/lxc/conf.c | 1993 ++++++++++++++++++++++++++++++++++++- src/lxc/criu.c | 8 +- src/lxc/execute.c | 19 + src/lxc/file_utils.c | 27 + src/lxc/lsm/apparmor.c | 14 + src/lxc/tools/arguments.h | 24 + - 7 files changed, 2119 insertions(+), 4 deletions(-) + 7 files changed, 2122 insertions(+), 4 deletions(-) diff --git a/src/lxc/attach_options.h b/src/lxc/attach_options.h index 63e62d4..16b4e21 100644 @@ -101,7 +101,7 @@ index 63e62d4..16b4e21 100644 #ifdef __cplusplus } diff --git a/src/lxc/conf.c b/src/lxc/conf.c -index 0078996..dd7c9c9 100644 +index 0078996..378cf9f 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -33,6 +33,14 @@ @@ -414,24 +414,27 @@ index 0078996..dd7c9c9 100644 if (pts_mnt_fd >= 0) { ret = move_mount(pts_mnt_fd, "", -EBADF, path, MOVE_MOUNT_F_EMPTY_PATH); if (!ret) { -@@ -1633,17 +1797,32 @@ static int lxc_setup_dev_console(const struct lxc_rootfs *rootfs, +@@ -1633,17 +1797,35 @@ static int lxc_setup_dev_console(const struct lxc_rootfs *rootfs, } ret = safe_mount(console->name, path, "none", MS_BIND, 0, rootfs_path); -+#else -+ // add mount lable for console -+ ret = safe_mount(console->name, path, "bind", MS_BIND, 0, rootfs_path, mount_label); -+#endif ++ if (ret < 0) return log_error_errno(-1, errno, "Failed to mount %d(%s) on \"%s\"", pts_mnt_fd, console->name, path); -+#ifdef HAVE_ISULAD -+ } -+ DEBUG("Mounted pts device \"%s\" onto \"%s\"", console->name, path); -+#else finish: DEBUG("Mounted pts device %d(%s) onto \"%s\"", pts_mnt_fd, console->name, path); ++#else ++ // add mount lable for console ++ ret = safe_mount(console->name, path, "bind", MS_BIND, 0, rootfs_path, mount_label); ++ ++ if (ret < 0) ++ return log_error_errno(-1, errno, "Failed to mount \"%s\" on \"%s\"", console->name, path); ++ ++ } ++ DEBUG("Mounted pts device \"%s\" onto \"%s\"", console->name, path); +#endif ++ return 0; } @@ -447,7 +450,7 @@ index 0078996..dd7c9c9 100644 { int ret; char path[PATH_MAX], lxcpath[PATH_MAX]; -@@ -1686,11 +1865,15 @@ static int lxc_setup_ttydir_console(const struct lxc_rootfs *rootfs, +@@ -1686,11 +1868,15 @@ static int lxc_setup_ttydir_console(const struct lxc_rootfs *rootfs, if (ret < 0 && errno != EEXIST) return log_error_errno(-errno, errno, "Failed to create console"); @@ -463,7 +466,7 @@ index 0078996..dd7c9c9 100644 if (pts_mnt_fd >= 0) { ret = move_mount(pts_mnt_fd, "", -EBADF, lxcpath, MOVE_MOUNT_F_EMPTY_PATH); if (!ret) { -@@ -1707,11 +1890,23 @@ static int lxc_setup_ttydir_console(const struct lxc_rootfs *rootfs, +@@ -1707,11 +1893,23 @@ static int lxc_setup_ttydir_console(const struct lxc_rootfs *rootfs, ret = safe_mount(console->name, lxcpath, "none", MS_BIND, 0, rootfs_path); if (ret < 0) return log_error_errno(-1, errno, "Failed to mount %d(%s) on \"%s\"", pts_mnt_fd, console->name, lxcpath); @@ -487,7 +490,7 @@ index 0078996..dd7c9c9 100644 if (ret < 0) return log_error_errno(-1, errno, "Failed to mount \"%s\" on \"%s\"", console->name, lxcpath); DEBUG("Mounted \"%s\" onto \"%s\"", console->name, lxcpath); -@@ -1720,6 +1915,7 @@ finish: +@@ -1720,6 +1918,7 @@ finish: return 0; } @@ -495,7 +498,7 @@ index 0078996..dd7c9c9 100644 static int lxc_setup_console(const struct lxc_rootfs *rootfs, const struct lxc_terminal *console, char *ttydir, int pts_mnt_fd) -@@ -1730,7 +1926,18 @@ static int lxc_setup_console(const struct lxc_rootfs *rootfs, +@@ -1730,7 +1929,18 @@ static int lxc_setup_console(const struct lxc_rootfs *rootfs, return lxc_setup_ttydir_console(rootfs, console, ttydir, pts_mnt_fd); } @@ -505,16 +508,16 @@ index 0078996..dd7c9c9 100644 +{ + if (!ttydir) + return lxc_setup_dev_console(rootfs, console, mount_label); -+ + + return lxc_setup_ttydir_console(rootfs, console, ttydir, mount_label); +} +#endif - ++ +#ifndef HAVE_ISULAD static int parse_mntopt(char *opt, unsigned long *flags, char **data, size_t size) { ssize_t ret; -@@ -1798,6 +2005,77 @@ int parse_mntopts(const char *mntopts, unsigned long *mntflags, char **mntdata) +@@ -1798,6 +2008,77 @@ int parse_mntopts(const char *mntopts, unsigned long *mntflags, char **mntdata) return 0; } @@ -592,7 +595,7 @@ index 0078996..dd7c9c9 100644 static void parse_propagationopt(char *opt, unsigned long *flags) { -@@ -1862,10 +2140,17 @@ static char *get_field(char *src, int nfields) +@@ -1862,10 +2143,17 @@ static char *get_field(char *src, int nfields) return p; } @@ -610,7 +613,7 @@ index 0078996..dd7c9c9 100644 { int ret; char srcbuf[PATH_MAX]; -@@ -1881,8 +2166,13 @@ static int mount_entry(const char *fsname, const char *target, +@@ -1881,8 +2169,13 @@ static int mount_entry(const char *fsname, const char *target, srcpath = srcbuf; } @@ -624,7 +627,7 @@ index 0078996..dd7c9c9 100644 if (ret < 0) { if (optional) return log_info_errno(0, errno, "Failed to mount \"%s\" on \"%s\" (optional)", -@@ -2010,8 +2300,15 @@ static int mount_entry_create_dir_file(const struct mntent *mntent, +@@ -2010,8 +2303,15 @@ static int mount_entry_create_dir_file(const struct mntent *mntent, if (hasmntopt(mntent, "create=dir")) { ret = mkdir_p(path, 0755); @@ -640,7 +643,7 @@ index 0078996..dd7c9c9 100644 } if (!hasmntopt(mntent, "create=file")) -@@ -2028,29 +2325,56 @@ static int mount_entry_create_dir_file(const struct mntent *mntent, +@@ -2028,29 +2328,56 @@ static int mount_entry_create_dir_file(const struct mntent *mntent, p2 = dirname(p1); ret = mkdir_p(p2, 0755); @@ -697,7 +700,7 @@ index 0078996..dd7c9c9 100644 optional = hasmntopt(mntent, "optional") != NULL; dev = hasmntopt(mntent, "dev") != NULL; -@@ -2059,9 +2383,41 @@ static inline int mount_entry_on_generic(struct mntent *mntent, +@@ -2059,9 +2386,41 @@ static inline int mount_entry_on_generic(struct mntent *mntent, if (rootfs && rootfs->path) rootfs_path = rootfs->mount; @@ -739,7 +742,7 @@ index 0078996..dd7c9c9 100644 if (optional) return 0; -@@ -2069,6 +2425,29 @@ static inline int mount_entry_on_generic(struct mntent *mntent, +@@ -2069,6 +2428,29 @@ static inline int mount_entry_on_generic(struct mntent *mntent, } cull_mntent_opt(mntent); @@ -769,7 +772,7 @@ index 0078996..dd7c9c9 100644 ret = parse_propagationopts(mntent->mnt_opts, &pflags); if (ret < 0) return -1; -@@ -2079,6 +2458,7 @@ static inline int mount_entry_on_generic(struct mntent *mntent, +@@ -2079,6 +2461,7 @@ static inline int mount_entry_on_generic(struct mntent *mntent, ret = mount_entry(mntent->mnt_fsname, path, mntent->mnt_type, mntflags, pflags, mntdata, optional, dev, relative, rootfs_path); @@ -777,7 +780,7 @@ index 0078996..dd7c9c9 100644 return ret; } -@@ -2098,13 +2478,25 @@ static inline int mount_entry_on_systemfs(struct mntent *mntent) +@@ -2098,13 +2481,25 @@ static inline int mount_entry_on_systemfs(struct mntent *mntent) if (ret < 0 || ret >= sizeof(path)) return -1; @@ -803,7 +806,7 @@ index 0078996..dd7c9c9 100644 { int offset; char *aux; -@@ -2140,13 +2532,25 @@ skipabs: +@@ -2140,13 +2535,25 @@ skipabs: if (ret < 0 || ret >= PATH_MAX) return -1; @@ -829,7 +832,7 @@ index 0078996..dd7c9c9 100644 { int ret; char path[PATH_MAX]; -@@ -2156,12 +2560,22 @@ static int mount_entry_on_relative_rootfs(struct mntent *mntent, +@@ -2156,12 +2563,22 @@ static int mount_entry_on_relative_rootfs(struct mntent *mntent, if (ret < 0 || (size_t)ret >= sizeof(path)) return -1; @@ -852,7 +855,7 @@ index 0078996..dd7c9c9 100644 { char buf[PATH_MAX]; struct mntent mntent; -@@ -2169,6 +2583,42 @@ static int mount_file_entries(const struct lxc_conf *conf, +@@ -2169,6 +2586,42 @@ static int mount_file_entries(const struct lxc_conf *conf, while (getmntent_r(file, &mntent, buf, sizeof(buf))) { int ret; @@ -895,7 +898,7 @@ index 0078996..dd7c9c9 100644 if (!rootfs->path) ret = mount_entry_on_systemfs(&mntent); else if (mntent.mnt_dir[0] != '/') -@@ -2177,6 +2627,8 @@ static int mount_file_entries(const struct lxc_conf *conf, +@@ -2177,6 +2630,8 @@ static int mount_file_entries(const struct lxc_conf *conf, else ret = mount_entry_on_absolute_rootfs(&mntent, rootfs, lxc_name, lxc_path); @@ -904,7 +907,7 @@ index 0078996..dd7c9c9 100644 if (ret < 0) return -1; } -@@ -2195,9 +2647,15 @@ static inline void __auto_endmntent__(FILE **f) +@@ -2195,9 +2650,15 @@ static inline void __auto_endmntent__(FILE **f) #define __do_endmntent __attribute__((__cleanup__(__auto_endmntent__))) @@ -920,7 +923,7 @@ index 0078996..dd7c9c9 100644 { __do_endmntent FILE *f = NULL; int ret; -@@ -2209,7 +2667,11 @@ static int setup_mount(const struct lxc_conf *conf, +@@ -2209,7 +2670,11 @@ static int setup_mount(const struct lxc_conf *conf, if (!f) return log_error_errno(-1, errno, "Failed to open \"%s\"", fstab); @@ -932,7 +935,7 @@ index 0078996..dd7c9c9 100644 if (ret < 0) ERROR("Failed to set up mount entries"); -@@ -2285,10 +2747,17 @@ FILE *make_anonymous_mount_file(struct lxc_list *mount, +@@ -2285,10 +2750,17 @@ FILE *make_anonymous_mount_file(struct lxc_list *mount, return f; } @@ -950,7 +953,7 @@ index 0078996..dd7c9c9 100644 { __do_fclose FILE *f = NULL; -@@ -2296,7 +2765,11 @@ static int setup_mount_entries(const struct lxc_conf *conf, +@@ -2296,7 +2768,11 @@ static int setup_mount_entries(const struct lxc_conf *conf, if (!f) return -1; @@ -962,7 +965,7 @@ index 0078996..dd7c9c9 100644 } static int parse_cap(const char *cap) -@@ -2395,6 +2868,16 @@ static int dropcaps_except(struct lxc_list *caps) +@@ -2395,6 +2871,16 @@ static int dropcaps_except(struct lxc_list *caps) lxc_list_for_each (iterator, caps) { keep_entry = iterator->elem; @@ -979,7 +982,7 @@ index 0078996..dd7c9c9 100644 capid = parse_cap(keep_entry); if (capid == -2) continue; -@@ -2443,7 +2926,11 @@ static int parse_resource(const char *res) +@@ -2443,7 +2929,11 @@ static int parse_resource(const char *res) return resid; } @@ -991,7 +994,7 @@ index 0078996..dd7c9c9 100644 { int resid; struct lxc_list *it; -@@ -2457,8 +2944,17 @@ int setup_resource_limits(struct lxc_list *limits, pid_t pid) +@@ -2457,8 +2947,17 @@ int setup_resource_limits(struct lxc_list *limits, pid_t pid) return log_error(-1, "Unknown resource %s", lim->resource); #if HAVE_PRLIMIT || HAVE_PRLIMIT64 @@ -1009,7 +1012,7 @@ index 0078996..dd7c9c9 100644 TRACE("Setup \"%s\" limit", lim->resource); #else -@@ -2601,6 +3097,27 @@ struct lxc_conf *lxc_conf_init(void) +@@ -2601,6 +3100,27 @@ struct lxc_conf *lxc_conf_init(void) memset(&new->ns_share, 0, sizeof(char *) * LXC_NS_MAX); seccomp_conf_init(new); @@ -1037,7 +1040,7 @@ index 0078996..dd7c9c9 100644 return new; } -@@ -3001,7 +3518,11 @@ again: +@@ -3001,7 +3521,11 @@ again: null_endofword(target); ret = mount(NULL, target, NULL, MS_SLAVE, NULL); if (ret < 0) { @@ -1049,7 +1052,7 @@ index 0078996..dd7c9c9 100644 continue; } TRACE("Recursively turned old root mount tree into dependent mount"); -@@ -3046,7 +3567,11 @@ static int lxc_execute_bind_init(struct lxc_handler *handler) +@@ -3046,7 +3570,11 @@ static int lxc_execute_bind_init(struct lxc_handler *handler) return log_error_errno(-1, errno, "Failed to create dummy \"%s\" file as bind mount target", destpath); } @@ -1061,7 +1064,7 @@ index 0078996..dd7c9c9 100644 if (ret < 0) return log_error_errno(-1, errno, "Failed to bind mount lxc.init.static into container"); -@@ -3082,7 +3607,13 @@ int lxc_setup_rootfs_prepare_root(struct lxc_conf *conf, const char *name, +@@ -3082,7 +3610,13 @@ int lxc_setup_rootfs_prepare_root(struct lxc_conf *conf, const char *name, return log_trace(0, "Bind mounted container / onto itself"); } @@ -1075,7 +1078,7 @@ index 0078996..dd7c9c9 100644 ret = run_lxc_hooks(name, "pre-mount", conf, NULL); if (ret < 0) -@@ -3182,15 +3713,29 @@ static int lxc_setup_boot_id(void) +@@ -3182,15 +3716,29 @@ static int lxc_setup_boot_id(void) int lxc_setup(struct lxc_handler *handler) { @@ -1105,7 +1108,7 @@ index 0078996..dd7c9c9 100644 if (handler->nsfd[LXC_NS_UTS] == -EBADF) { ret = setup_utsname(lxc_conf->utsname); -@@ -3221,6 +3766,7 @@ int lxc_setup(struct lxc_handler *handler) +@@ -3221,6 +3769,7 @@ int lxc_setup(struct lxc_handler *handler) return log_error(-1, "Failed to send network device names and ifindices to parent"); } @@ -1113,7 +1116,7 @@ index 0078996..dd7c9c9 100644 if (wants_console(&lxc_conf->console)) { pts_mnt_fd = open_tree(-EBADF, lxc_conf->console.name, OPEN_TREE_CLONE | OPEN_TREE_CLOEXEC | AT_EMPTY_PATH); -@@ -3231,9 +3777,15 @@ int lxc_setup(struct lxc_handler *handler) +@@ -3231,9 +3780,15 @@ int lxc_setup(struct lxc_handler *handler) TRACE("Created detached mount for container's console \"%s\"", lxc_conf->console.name); } @@ -1129,7 +1132,7 @@ index 0078996..dd7c9c9 100644 if (ret < 0) return log_error(-1, "Failed to mount \"/dev\""); } -@@ -3245,15 +3797,38 @@ int lxc_setup(struct lxc_handler *handler) +@@ -3245,15 +3800,38 @@ int lxc_setup(struct lxc_handler *handler) if (ret < 0) return log_error(-1, "Failed to setup first automatic mounts"); @@ -1168,7 +1171,7 @@ index 0078996..dd7c9c9 100644 } if (lxc_conf->is_execute) { -@@ -3278,6 +3853,7 @@ int lxc_setup(struct lxc_handler *handler) +@@ -3278,6 +3856,7 @@ int lxc_setup(struct lxc_handler *handler) } } @@ -1176,7 +1179,7 @@ index 0078996..dd7c9c9 100644 /* Now mount only cgroups, if wanted. Before, /sys could not have been * mounted. It is guaranteed to be mounted now either through * automatically or via fstab entries. -@@ -3285,6 +3861,7 @@ int lxc_setup(struct lxc_handler *handler) +@@ -3285,6 +3864,7 @@ int lxc_setup(struct lxc_handler *handler) ret = lxc_mount_auto_mounts(lxc_conf, lxc_conf->auto_mounts & LXC_AUTO_CGROUP_MASK, handler); if (ret < 0) return log_error(-1, "Failed to setup remaining automatic mounts"); @@ -1184,7 +1187,7 @@ index 0078996..dd7c9c9 100644 ret = run_lxc_hooks(name, "mount", lxc_conf, NULL); if (ret < 0) -@@ -3295,21 +3872,45 @@ int lxc_setup(struct lxc_handler *handler) +@@ -3295,21 +3875,45 @@ int lxc_setup(struct lxc_handler *handler) if (ret < 0) return log_error(-1, "Failed to run autodev hooks"); @@ -1230,7 +1233,7 @@ index 0078996..dd7c9c9 100644 if (ret < 0) return log_error(-1, "Failed to setup console"); -@@ -3317,6 +3918,12 @@ int lxc_setup(struct lxc_handler *handler) +@@ -3317,6 +3921,12 @@ int lxc_setup(struct lxc_handler *handler) if (ret < 0) return log_error(-1, "Failed to setup \"/dev\" symlinks"); @@ -1243,7 +1246,7 @@ index 0078996..dd7c9c9 100644 ret = lxc_setup_rootfs_switch_root(&lxc_conf->rootfs); if (ret < 0) return log_error(-1, "Failed to pivot root into rootfs"); -@@ -3325,14 +3932,31 @@ int lxc_setup(struct lxc_handler *handler) +@@ -3325,14 +3935,31 @@ int lxc_setup(struct lxc_handler *handler) if (lxc_conf->autodev > 0) (void)lxc_setup_boot_id(); @@ -1275,7 +1278,7 @@ index 0078996..dd7c9c9 100644 ret = setup_personality(lxc_conf->personality); if (ret < 0) return log_error(-1, "Failed to set personality"); -@@ -3347,6 +3971,37 @@ int lxc_setup(struct lxc_handler *handler) +@@ -3347,6 +3974,37 @@ int lxc_setup(struct lxc_handler *handler) return log_error(-1, "Failed to setup sysctl parameters"); } @@ -1313,7 +1316,7 @@ index 0078996..dd7c9c9 100644 if (!lxc_list_empty(&lxc_conf->keepcaps)) { if (!lxc_list_empty(&lxc_conf->caps)) return log_error(-1, "Container requests lxc.cap.drop and lxc.cap.keep: either use lxc.cap.drop or lxc.cap.keep, not both"); -@@ -3753,6 +4408,25 @@ void lxc_conf_free(struct lxc_conf *conf) +@@ -3753,6 +4411,25 @@ void lxc_conf_free(struct lxc_conf *conf) free(conf->cgroup_meta.controllers); free(conf->shmount.path_host); free(conf->shmount.path_cont); @@ -1339,7 +1342,7 @@ index 0078996..dd7c9c9 100644 free(conf); } -@@ -4775,3 +5449,1315 @@ struct lxc_list *sort_cgroup_settings(struct lxc_list *cgroup_settings) +@@ -4775,3 +5452,1315 @@ struct lxc_list *sort_cgroup_settings(struct lxc_list *cgroup_settings) return result; } diff --git a/0003-refactor-patch-code-of-isulad-for-selinux-attach.patch b/0003-refactor-patch-code-of-isulad-for-selinux-attach.patch index 6c2ecfa..c7e81d3 100644 --- a/0003-refactor-patch-code-of-isulad-for-selinux-attach.patch +++ b/0003-refactor-patch-code-of-isulad-for-selinux-attach.patch @@ -7,8 +7,8 @@ Signed-off-by: haozi007 --- src/lxc/exec_commands.c | 471 +++++++++++++++++++++++++++++++++++++ src/lxc/lsm/selinux.c | 258 ++++++++++++++++++++ - src/lxc/tools/lxc_attach.c | 415 +++++++++++++++++++++++++++++++- - 3 files changed, 1143 insertions(+), 1 deletion(-) + src/lxc/tools/lxc_attach.c | 413 +++++++++++++++++++++++++++++++- + 3 files changed, 1141 insertions(+), 1 deletion(-) create mode 100644 src/lxc/exec_commands.c diff --git a/src/lxc/exec_commands.c b/src/lxc/exec_commands.c @@ -772,7 +772,7 @@ index dba0ab5..bd4f449 100644 struct lsm_drv *lsm_selinux_drv_init(void) diff --git a/src/lxc/tools/lxc_attach.c b/src/lxc/tools/lxc_attach.c -index a8f493a..58e19aa 100644 +index a8f493a..1a5a241 100644 --- a/src/lxc/tools/lxc_attach.c +++ b/src/lxc/tools/lxc_attach.c @@ -72,8 +72,20 @@ static const struct option my_longopts[] = { @@ -947,7 +947,7 @@ index a8f493a..58e19aa 100644 } return 0; -@@ -264,6 +395,287 @@ static int lxc_attach_create_log_file(const char *log_file) +@@ -264,6 +395,285 @@ static int lxc_attach_create_log_file(const char *log_file) return fd; } @@ -1207,11 +1207,9 @@ index a8f493a..58e19aa 100644 + attach_options.open_stdin = true; + } + -+#ifdef HAVE_ISULAD + if (my_args.workdir) { + attach_options.initial_cwd = my_args.workdir; + } -+#endif + + /* isulad: add do attach background */ + if (attach_options.attach_flags & LXC_ATTACH_TERMINAL) @@ -1235,7 +1233,7 @@ index a8f493a..58e19aa 100644 int main(int argc, char *argv[]) { int ret = -1; -@@ -377,3 +789,4 @@ out: +@@ -377,3 +787,4 @@ out: exit(EXIT_FAILURE); } diff --git a/0006-refactor-patch-about-namespace-log-terminal.patch b/0006-refactor-patch-about-namespace-log-terminal.patch index ee9dea5..d3db741 100644 --- a/0006-refactor-patch-about-namespace-log-terminal.patch +++ b/0006-refactor-patch-about-namespace-log-terminal.patch @@ -5,24 +5,22 @@ Subject: [PATCH] refactor patch about namespace log terminal Signed-off-by: Neil.wrz --- - configure.ac | 30 +++++++++- - src/lxc/Makefile.am | 46 ++++++++++++++- - src/lxc/af_unix.c | 89 +++++++++++++++++++++++++++++ - src/lxc/commands_utils.c | 57 +++++++++++++++++++ - src/lxc/exec_commands.h | 77 +++++++++++++++++++++++++ + configure.ac | 30 ++++++++++- + src/lxc/Makefile.am | 44 ++++++++++++++- + src/lxc/af_unix.c | 89 ++++++++++++++++++++++++++++++ + src/lxc/commands_utils.c | 57 ++++++++++++++++++++ + src/lxc/exec_commands.h | 77 ++++++++++++++++++++++++++ src/lxc/file_utils.h | 4 ++ - src/lxc/isulad_utils.c | 99 +++++++++++++++++++++++++++++++++ - src/lxc/json/read-file.c | 95 +++++++++++++++++++++++++++++++ + src/lxc/json/read-file.c | 95 +++++++++++++++++++++++++++++++++ src/lxc/log.c | 56 +++++++++++++++++++ src/lxc/path.h | 65 ++++++++++++++++++++++ - src/lxc/start.h | 32 +++++++++++ - src/lxc/storage/block.c | 86 ++++++++++++++++++++++++++++ + src/lxc/start.h | 30 +++++++++++ + src/lxc/storage/block.c | 86 +++++++++++++++++++++++++++++ src/lxc/storage/block.h | 41 ++++++++++++++ - src/lxc/storage/storage_utils.c | 61 +++++++++++++++++++- + src/lxc/storage/storage_utils.c | 60 +++++++++++++++++++++ src/lxc/terminal.h | 35 ++++++++++++ - 15 files changed, 869 insertions(+), 4 deletions(-) + 14 files changed, 766 insertions(+), 3 deletions(-) create mode 100644 src/lxc/exec_commands.h - create mode 100644 src/lxc/isulad_utils.c create mode 100644 src/lxc/json/read-file.c create mode 100644 src/lxc/path.h create mode 100644 src/lxc/storage/block.c @@ -110,7 +108,7 @@ index 059d57d..ce8854e 100644 AC_CONFIG_FILES([ Makefile diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am -index d1e2364..433d938 100644 +index d1e2364..b9a8750 100644 --- a/src/lxc/Makefile.am +++ b/src/lxc/Makefile.am @@ -52,6 +52,16 @@ noinst_HEADERS = api_extensions.h \ @@ -138,22 +136,13 @@ index d1e2364..433d938 100644 cgroups/cgroup.c cgroups/cgroup.h \ cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ -@@ -135,6 +144,9 @@ liblxc_la_SOURCES = af_unix.c af_unix.h \ - start.c start.h \ - storage/btrfs.c storage/btrfs.h \ - storage/dir.c storage/dir.h \ -+if HAVE_ISULAD -+ storage/block.c storage/block.h \ -+endif - storage/loop.c storage/loop.h \ - storage/lvm.c storage/lvm.h \ - storage/nbd.c storage/nbd.h \ -@@ -154,6 +166,21 @@ liblxc_la_SOURCES = af_unix.c af_unix.h \ +@@ -154,6 +163,22 @@ liblxc_la_SOURCES = af_unix.c af_unix.h \ version.h \ $(LSM_SOURCES) +if HAVE_ISULAD +liblxc_la_SOURCES += isulad_utils.c isulad_utils.h \ ++ storage/block.c storage/block.h \ + path.c path.h \ + json/json_common.c json/json_common.h \ + json/defs.h json/defs.c \ @@ -170,7 +159,7 @@ index d1e2364..433d938 100644 if IS_BIONIC liblxc_la_SOURCES += ../include/fexecve.c ../include/fexecve.h \ ../include/lxcmntent.c ../include/lxcmntent.h \ -@@ -212,6 +239,10 @@ AM_CFLAGS = -DLXCROOTFSMOUNT=\"$(LXCROOTFSMOUNT)\" \ +@@ -212,6 +237,10 @@ AM_CFLAGS = -DLXCROOTFSMOUNT=\"$(LXCROOTFSMOUNT)\" \ -I $(top_srcdir)/src/lxc/storage \ -I $(top_srcdir)/src/lxc/cgroups @@ -181,7 +170,7 @@ index d1e2364..433d938 100644 if ENABLE_APPARMOR AM_CFLAGS += -DHAVE_APPARMOR endif -@@ -249,6 +280,10 @@ liblxc_la_CFLAGS += -fsanitize=address \ +@@ -249,6 +278,10 @@ liblxc_la_CFLAGS += -fsanitize=address \ -fno-omit-frame-pointer endif @@ -192,7 +181,7 @@ index d1e2364..433d938 100644 if ENABLE_UBSAN liblxc_la_CFLAGS += -fsanitize=undefined endif -@@ -258,6 +293,12 @@ liblxc_la_LDFLAGS = -pthread \ +@@ -258,6 +291,12 @@ liblxc_la_LDFLAGS = -pthread \ -Wl,-soname,liblxc.so.$(firstword $(subst ., ,@LXC_ABI@)) \ -version-info @LXC_ABI_MAJOR@ @@ -205,7 +194,7 @@ index d1e2364..433d938 100644 liblxc_la_LIBADD = $(CAP_LIBS) \ $(OPENSSL_LIBS) \ $(SELINUX_LIBS) \ -@@ -321,7 +362,8 @@ LDADD = liblxc.la \ +@@ -321,7 +360,8 @@ LDADD = liblxc.la \ @OPENSSL_LIBS@ \ @SECCOMP_LIBS@ \ @SELINUX_LIBS@ \ @@ -516,111 +505,6 @@ index f9c8abe..37cd79e 100644 +#endif + #endif /* __LXC_FILE_UTILS_H */ -diff --git a/src/lxc/isulad_utils.c b/src/lxc/isulad_utils.c -new file mode 100644 -index 0000000..b282404 ---- /dev/null -+++ b/src/lxc/isulad_utils.c -@@ -0,0 +1,99 @@ -+/* SPDX-License-Identifier: LGPL-2.1+ */ -+/****************************************************************************** -+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. Allrights reserved -+ * Description: isulad utils -+ * Author: lifeng -+ * Create: 2020-04-11 -+******************************************************************************/ -+ -+#include -+#include -+#include -+#include -+#include -+ -+#include "isulad_utils.h" -+#include "log.h" -+#include "path.h" -+#include "file_utils.h" -+ -+lxc_log_define(isulad_utils, lxc); -+ -+void *lxc_common_calloc_s(size_t size) -+{ -+ if (size == 0 || size > SIZE_MAX) { -+ return NULL; -+ } -+ -+ return calloc((size_t)1, size); -+} -+ -+int lxc_mem_realloc(void **newptr, size_t newsize, void *oldptr, size_t oldsize) -+{ -+ void *tmp = NULL; -+ -+ if (newsize == 0) { -+ goto err_out; -+ } -+ -+ tmp = lxc_common_calloc_s(newsize); -+ if (tmp == NULL) { -+ ERROR("Failed to malloc memory"); -+ goto err_out; -+ } -+ -+ if (oldptr != NULL) { -+ memcpy(tmp, oldptr, (newsize < oldsize) ? newsize : oldsize); -+ -+ memset(oldptr, 0, oldsize); -+ -+ free(oldptr); -+ } -+ -+ *newptr = tmp; -+ return 0; -+ -+err_out: -+ return -1; -+} -+ -+char *safe_strdup(const char *src) -+{ -+ char *dst = NULL; -+ -+ if (src == NULL) { -+ return NULL; -+ } -+ -+ dst = strdup(src); -+ if (dst == NULL) { -+ abort(); -+ } -+ -+ return dst; -+} -+ -+int lxc_open(const char *filename, int flags, mode_t mode) -+{ -+ char rpath[PATH_MAX] = {0x00}; -+ -+ if (cleanpath(filename, rpath, sizeof(rpath)) == NULL) { -+ return -1; -+ } -+ if (mode) { -+ return open(rpath, (int)((unsigned int)flags | O_CLOEXEC), mode); -+ } else { -+ return open(rpath, (int)((unsigned int)flags | O_CLOEXEC)); -+ } -+} -+ -+FILE *lxc_fopen(const char *filename, const char *mode) -+{ -+ char rpath[PATH_MAX] = {0x00}; -+ -+ if (cleanpath(filename, rpath, sizeof(rpath)) == NULL) { -+ return NULL; -+ } -+ -+ return fopen_cloexec(rpath, mode); -+} diff --git a/src/lxc/json/read-file.c b/src/lxc/json/read-file.c new file mode 100644 index 0000000..34ebeed @@ -900,7 +784,7 @@ index 0000000..2c60fb9 + +#endif diff --git a/src/lxc/start.h b/src/lxc/start.h -index ece4aac..1d05be6 100644 +index ece4aac..c7a0a55 100644 --- a/src/lxc/start.h +++ b/src/lxc/start.h @@ -124,8 +124,17 @@ struct lxc_handler { @@ -933,26 +817,18 @@ index ece4aac..1d05be6 100644 int (*post_start)(struct lxc_handler *, void *); }; -@@ -147,10 +160,15 @@ extern int lxc_serve_state_clients(const char *name, - struct lxc_handler *handler, - lxc_state_t state); - extern void lxc_abort(struct lxc_handler *handler); -+#ifdef HAVE_ISULAD -+extern void lxc_zero_handler(struct lxc_handler *handler); -+extern void lxc_free_handler(struct lxc_handler *handler); -+#else - extern struct lxc_handler *lxc_init_handler(struct lxc_handler *old, - const char *name, - struct lxc_conf *conf, - const char *lxcpath, bool daemonize); -+#endif - extern void lxc_put_handler(struct lxc_handler *handler); - extern int lxc_init(const char *name, struct lxc_handler *handler); - extern void lxc_end(struct lxc_handler *handler); -@@ -169,9 +187,23 @@ static inline int inherit_fds(struct lxc_handler *handler, bool closeall) +@@ -164,14 +177,31 @@ extern void lxc_end(struct lxc_handler *handler); + */ + extern int lxc_check_inherited(struct lxc_conf *conf, bool closeall, + int *fds_to_ignore, size_t len_fds); ++#ifndef HAVE_ISULAD + static inline int inherit_fds(struct lxc_handler *handler, bool closeall) + { return lxc_check_inherited(handler->conf, closeall, handler->keep_fds, ARRAY_SIZE(handler->keep_fds)); } ++#endif ++ +#ifdef HAVE_ISULAD +extern int __lxc_start(struct lxc_handler *handler, + struct lxc_operations* ops, void *data, const char *lxcpath, @@ -1113,7 +989,7 @@ index 0000000..2fa7565 + +#endif /* __LXC_BLK_H */ diff --git a/src/lxc/storage/storage_utils.c b/src/lxc/storage/storage_utils.c -index f96bd52..63371ae 100644 +index f96bd52..696c6e5 100644 --- a/src/lxc/storage/storage_utils.c +++ b/src/lxc/storage/storage_utils.c @@ -256,10 +256,17 @@ int is_blktype(struct lxc_storage *b) @@ -1134,7 +1010,7 @@ index f96bd52..63371ae 100644 int ret; struct cbarg { const char *rootfs; -@@ -288,14 +295,40 @@ int mount_unknown_fs(const char *rootfs, const char *target, +@@ -288,14 +295,41 @@ int mount_unknown_fs(const char *rootfs, const char *target, ret = lxc_file_for_each_line(fsfile[i], find_fstype_cb, &cbarg); if (ret < 0) { ERROR("Failed to parse \"%s\"", fsfile[i]); @@ -1145,17 +1021,17 @@ index f96bd52..63371ae 100644 return -1; } -- if (ret) +#ifdef HAVE_ISULAD + if (ret) { + lxc_free_array((void**)mount_errors, free); + mount_errors = NULL; - return 0; ++ return 0; + } +#else -+ if (ret) -+ return 0; + if (ret) + return 0; +#endif ++ } + +#ifdef HAVE_ISULAD + if (mount_errors != NULL) { @@ -1176,7 +1052,7 @@ index f96bd52..63371ae 100644 return -1; } -@@ -316,6 +349,11 @@ int find_fstype_cb(char *buffer, void *data) +@@ -316,6 +350,11 @@ int find_fstype_cb(char *buffer, void *data) char *mntdata = NULL; char *fstype; @@ -1188,7 +1064,7 @@ index f96bd52..63371ae 100644 /* we don't try 'nodev' entries */ if (strstr(buffer, "nodev")) return 0; -@@ -327,14 +365,35 @@ int find_fstype_cb(char *buffer, void *data) +@@ -327,14 +366,35 @@ int find_fstype_cb(char *buffer, void *data) DEBUG("Trying to mount \"%s\"->\"%s\" with FSType \"%s\"", cbarg->rootfs, cbarg->target, fstype); diff --git a/0007-refactor-patches-on-terminal.c-start.c-and-so-on.patch b/0007-refactor-patches-on-terminal.c-start.c-and-so-on.patch index 37fc288..84f7048 100644 --- a/0007-refactor-patches-on-terminal.c-start.c-and-so-on.patch +++ b/0007-refactor-patches-on-terminal.c-start.c-and-so-on.patch @@ -13,14 +13,14 @@ Signed-off-by: chengzrz src/lxc/lsm/lsm.h | 8 + src/lxc/lxclock.h | 4 + src/lxc/mainloop.h | 4 + - src/lxc/start.c | 952 ++++++++++++++++++++++++++++++++++++ + src/lxc/start.c | 958 ++++++++++++++++++++++++++++++++++++ src/lxc/storage/btrfs.c | 11 + src/lxc/storage/overlay.c | 8 + src/lxc/sync.h | 4 + src/lxc/terminal.c | 990 ++++++++++++++++++++++++++++++++++++++ src/tests/Makefile.am | 4 + src/tests/attach.c | 11 + - 15 files changed, 2019 insertions(+) + 15 files changed, 2025 insertions(+) diff --git a/hooks/Makefile.am b/hooks/Makefile.am index 5ae73d7..ddfd4bc 100644 @@ -166,7 +166,7 @@ index e6ab9a6..aa41a93 100644 + #endif diff --git a/src/lxc/start.c b/src/lxc/start.c -index fd969c4..d83330e 100644 +index fd969c4..f82df34 100644 --- a/src/lxc/start.c +++ b/src/lxc/start.c @@ -304,7 +304,11 @@ static int setup_signal_fd(sigset_t *oldmask) @@ -209,7 +209,17 @@ index fd969c4..d83330e 100644 out_mainloop_console: if (has_console) { -@@ -671,6 +689,12 @@ struct lxc_handler *lxc_init_handler(struct lxc_handler *old, +@@ -637,7 +655,9 @@ struct lxc_handler *lxc_init_handler(struct lxc_handler *old, + const char *name, struct lxc_conf *conf, + const char *lxcpath, bool daemonize) + { ++#ifndef HAVE_ISULAD + int nr_keep_fds = 0; ++#endif + int ret; + struct lxc_handler *handler; + +@@ -671,6 +691,12 @@ struct lxc_handler *lxc_init_handler(struct lxc_handler *old, handler->nsfd[i] = -EBADF; handler->name = name; @@ -222,7 +232,28 @@ index fd969c4..d83330e 100644 if (daemonize) handler->transient_pid = lxc_raw_getpid(); else -@@ -721,6 +745,10 @@ int lxc_init(const char *name, struct lxc_handler *handler) +@@ -691,8 +717,10 @@ struct lxc_handler *lxc_init_handler(struct lxc_handler *old, + TRACE("Created anonymous pair {%d,%d} of unix sockets", + handler->state_socket_pair[0], + handler->state_socket_pair[1]); ++#ifndef HAVE_ISULAD + handler->keep_fds[nr_keep_fds++] = handler->state_socket_pair[0]; + handler->keep_fds[nr_keep_fds++] = handler->state_socket_pair[1]; ++#endif + } + + if (handler->conf->reboot == REBOOT_NONE) { +@@ -701,7 +729,9 @@ struct lxc_handler *lxc_init_handler(struct lxc_handler *old, + ERROR("Failed to set up command socket"); + goto on_error; + } ++#ifndef HAVE_ISULAD + handler->keep_fds[nr_keep_fds++] = handler->conf->maincmd_fd; ++#endif + } + + TRACE("Unix domain socket %d for command server is ready", +@@ -721,6 +751,10 @@ int lxc_init(const char *name, struct lxc_handler *handler) int ret; const char *loglevel; struct lxc_conf *conf = handler->conf; @@ -233,7 +264,7 @@ index fd969c4..d83330e 100644 handler->monitor_pid = lxc_raw_getpid(); status_fd = open("/proc/self/status", O_RDONLY | O_CLOEXEC); -@@ -810,6 +838,9 @@ int lxc_init(const char *name, struct lxc_handler *handler) +@@ -810,6 +844,9 @@ int lxc_init(const char *name, struct lxc_handler *handler) ret = lxc_terminal_setup(conf); if (ret < 0) { ERROR("Failed to create console"); @@ -243,7 +274,7 @@ index fd969c4..d83330e 100644 goto out_restore_sigmask; } TRACE("Created console"); -@@ -853,6 +884,185 @@ out_restore_sigmask: +@@ -853,6 +890,185 @@ out_restore_sigmask: return -1; } @@ -429,7 +460,7 @@ index fd969c4..d83330e 100644 void lxc_end(struct lxc_handler *handler) { int ret; -@@ -926,6 +1136,33 @@ void lxc_end(struct lxc_handler *handler) +@@ -926,6 +1142,33 @@ void lxc_end(struct lxc_handler *handler) lsm_process_cleanup(handler->conf, handler->lxcpath); @@ -463,7 +494,7 @@ index fd969c4..d83330e 100644 if (cgroup_ops) { cgroup_ops->payload_destroy(cgroup_ops, handler); cgroup_ops->monitor_destroy(cgroup_ops, handler); -@@ -940,12 +1177,25 @@ void lxc_end(struct lxc_handler *handler) +@@ -940,12 +1183,25 @@ void lxc_end(struct lxc_handler *handler) */ close_prot_errno_disarm(handler->conf->maincmd_fd); TRACE("Closed command socket"); @@ -489,7 +520,7 @@ index fd969c4..d83330e 100644 /* The command socket is closed so no one can acces the command * socket anymore so there's no need to lock it. */ -@@ -1042,6 +1292,25 @@ static int do_start(void *data) +@@ -1042,6 +1298,25 @@ static int do_start(void *data) lxc_sync_fini_parent(handler); @@ -515,7 +546,7 @@ index fd969c4..d83330e 100644 if (lxc_abstract_unix_recv_fds(data_sock1, &status_fd, 1, NULL, 0) < 0) { ERROR("Failed to receive status file descriptor to child process"); goto out_warn_father; -@@ -1155,7 +1424,11 @@ static int do_start(void *data) +@@ -1155,7 +1430,11 @@ static int do_start(void *data) * means that migration won't work, but at least we won't spew output * where it isn't wanted. */ @@ -527,7 +558,7 @@ index fd969c4..d83330e 100644 char path[PATH_MAX]; ret = snprintf(path, sizeof(path), "%s/dev/null", -@@ -1221,6 +1494,9 @@ static int do_start(void *data) +@@ -1221,6 +1500,9 @@ static int do_start(void *data) /* Setup the container, ip, names, utsname, ... */ ret = lxc_setup(handler); if (ret < 0) { @@ -537,7 +568,7 @@ index fd969c4..d83330e 100644 ERROR("Failed to setup container \"%s\"", handler->name); goto out_warn_father; } -@@ -1243,12 +1519,70 @@ static int do_start(void *data) +@@ -1243,12 +1525,70 @@ static int do_start(void *data) DEBUG("Set PR_SET_NO_NEW_PRIVS to block execve() gainable privileges"); } @@ -608,7 +639,7 @@ index fd969c4..d83330e 100644 if (handler->conf->console.pts >= 0) { if (handler->daemonize || !handler->conf->is_execute) ret = set_stdfds(handler->conf->console.pts); -@@ -1260,6 +1594,7 @@ static int do_start(void *data) +@@ -1260,6 +1600,7 @@ static int do_start(void *data) goto out_warn_father; } } @@ -616,7 +647,7 @@ index fd969c4..d83330e 100644 /* If we mounted a temporary proc, then unmount it now. */ tmp_proc_unmount(handler->conf); -@@ -1283,6 +1618,21 @@ static int do_start(void *data) +@@ -1283,6 +1624,21 @@ static int do_start(void *data) close_prot_errno_disarm(handler->sigfd); @@ -638,7 +669,7 @@ index fd969c4..d83330e 100644 if (handler->conf->console.pts < 0 && handler->daemonize) { if (devnull_fd < 0) { devnull_fd = open_devnull(); -@@ -1296,12 +1646,25 @@ static int do_start(void *data) +@@ -1296,12 +1652,25 @@ static int do_start(void *data) goto out_warn_father; } } @@ -664,7 +695,7 @@ index fd969c4..d83330e 100644 ret = chdir(handler->conf->init_cwd); if (ret < 0) { SYSERROR("Could not change directory to \"%s\"", -@@ -1345,6 +1708,13 @@ static int do_start(void *data) +@@ -1345,6 +1714,13 @@ static int do_start(void *data) } } @@ -678,7 +709,7 @@ index fd969c4..d83330e 100644 /* The container has been setup. We can now switch to an unprivileged * uid/gid. */ -@@ -1358,6 +1728,13 @@ static int do_start(void *data) +@@ -1358,6 +1734,13 @@ static int do_start(void *data) if (new_gid == nsgid) new_gid = LXC_INVALID_GID; @@ -692,7 +723,7 @@ index fd969c4..d83330e 100644 /* Make sure that the processes STDIO is correctly owned by the user that we are switching to */ ret = fix_stdio_permissions(new_uid); if (ret) -@@ -1371,8 +1748,16 @@ static int do_start(void *data) +@@ -1371,8 +1754,16 @@ static int do_start(void *data) #if HAVE_LIBCAP if (lxc_proc_cap_is_set(CAP_SETGID, CAP_EFFECTIVE)) #endif @@ -709,7 +740,7 @@ index fd969c4..d83330e 100644 if (!lxc_switch_uid_gid(new_uid, new_gid)) goto out_warn_father; -@@ -1383,6 +1768,19 @@ static int do_start(void *data) +@@ -1383,6 +1774,19 @@ static int do_start(void *data) goto out_warn_father; } @@ -729,7 +760,7 @@ index fd969c4..d83330e 100644 if (handler->conf->monitor_signal_pdeath != SIGKILL) { ret = lxc_set_death_signal(handler->conf->monitor_signal_pdeath, handler->monitor_pid, status_fd); -@@ -1397,7 +1795,12 @@ static int do_start(void *data) +@@ -1397,7 +1801,12 @@ static int do_start(void *data) * After this call, we are in error because this ops should not return * as it execs. */ @@ -742,7 +773,7 @@ index fd969c4..d83330e 100644 out_warn_father: /* -@@ -1529,6 +1932,94 @@ static inline int do_share_ns(void *arg) +@@ -1529,6 +1938,94 @@ static inline int do_share_ns(void *arg) return 0; } @@ -837,7 +868,7 @@ index fd969c4..d83330e 100644 /* lxc_spawn() performs crucial setup tasks and clone()s the new process which * exec()s the requested container binary. * Note that lxc_spawn() runs in the parent namespaces. Any operations performed -@@ -1595,7 +2086,11 @@ static int lxc_spawn(struct lxc_handler *handler) +@@ -1595,7 +2092,11 @@ static int lxc_spawn(struct lxc_handler *handler) * it readonly. * If the container is unprivileged then skip rootfs pinning. */ @@ -849,7 +880,7 @@ index fd969c4..d83330e 100644 handler->pinfd = pin_rootfs(conf->rootfs.path); if (handler->pinfd == -EBADF) INFO("Failed to pin the rootfs for container \"%s\"", handler->name); -@@ -1640,6 +2135,32 @@ static int lxc_spawn(struct lxc_handler *handler) +@@ -1640,6 +2141,32 @@ static int lxc_spawn(struct lxc_handler *handler) } TRACE("Cloned child process %d", handler->pid); @@ -882,7 +913,7 @@ index fd969c4..d83330e 100644 /* Verify that we can actually make use of pidfds. */ if (!lxc_can_use_pidfd(handler->pidfd)) close_prot_errno_disarm(handler->pidfd); -@@ -1652,6 +2173,13 @@ static int lxc_spawn(struct lxc_handler *handler) +@@ -1652,6 +2179,13 @@ static int lxc_spawn(struct lxc_handler *handler) if (ret < 0) SYSERROR("Failed to set environment variable: LXC_PID=%s", pidstr); @@ -896,7 +927,7 @@ index fd969c4..d83330e 100644 for (i = 0; i < LXC_NS_MAX; i++) if (handler->ns_on_clone_flags & ns_info[i].clone_flag) INFO("Cloned %s", ns_info[i].flag_name); -@@ -1765,7 +2293,11 @@ static int lxc_spawn(struct lxc_handler *handler) +@@ -1765,7 +2299,11 @@ static int lxc_spawn(struct lxc_handler *handler) goto out_delete_net; if (!lxc_list_empty(&conf->limits)) { @@ -908,7 +939,7 @@ index fd969c4..d83330e 100644 if (ret < 0) { ERROR("Failed to setup resource limits"); goto out_delete_net; -@@ -1816,6 +2348,26 @@ static int lxc_spawn(struct lxc_handler *handler) +@@ -1816,6 +2354,26 @@ static int lxc_spawn(struct lxc_handler *handler) ERROR("Failed to run lxc.hook.start-host"); goto out_delete_net; } @@ -935,7 +966,7 @@ index fd969c4..d83330e 100644 /* Tell the child to complete its initialization and wait for it to exec * or return an error. (The child will never return -@@ -1859,6 +2411,22 @@ static int lxc_spawn(struct lxc_handler *handler) +@@ -1859,6 +2417,22 @@ static int lxc_spawn(struct lxc_handler *handler) if (ret < 0) goto out_abort; @@ -958,7 +989,7 @@ index fd969c4..d83330e 100644 ret = lxc_set_state(name, handler, RUNNING); if (ret < 0) { ERROR("Failed to set state to \"%s\"", lxc_state2str(RUNNING)); -@@ -1883,9 +2451,83 @@ out_sync_fini: +@@ -1883,9 +2457,83 @@ out_sync_fini: return -1; } @@ -1042,7 +1073,7 @@ index fd969c4..d83330e 100644 int ret, status; const char *name = handler->name; struct lxc_conf *conf = handler->conf; -@@ -1901,6 +2543,16 @@ int __lxc_start(struct lxc_handler *handler, struct lxc_operations *ops, +@@ -1901,6 +2549,16 @@ int __lxc_start(struct lxc_handler *handler, struct lxc_operations *ops, handler->daemonize = daemonize; cgroup_ops = handler->cgroup_ops; @@ -1059,7 +1090,7 @@ index fd969c4..d83330e 100644 if (!attach_block_device(handler->conf)) { ERROR("Failed to attach block device"); ret = -1; -@@ -1959,11 +2611,13 @@ int __lxc_start(struct lxc_handler *handler, struct lxc_operations *ops, +@@ -1959,11 +2617,13 @@ int __lxc_start(struct lxc_handler *handler, struct lxc_operations *ops, goto out_delete_network; } @@ -1073,7 +1104,7 @@ index fd969c4..d83330e 100644 status = lxc_wait_for_pid_status(handler->pid); if (status < 0) -@@ -1973,6 +2627,21 @@ int __lxc_start(struct lxc_handler *handler, struct lxc_operations *ops, +@@ -1973,6 +2633,21 @@ int __lxc_start(struct lxc_handler *handler, struct lxc_operations *ops, * reboot. This should mean it was an lxc-execute which simply exited. * In any case, treat it as a 'halt'. */ @@ -1095,7 +1126,7 @@ index fd969c4..d83330e 100644 if (WIFSIGNALED(status)) { switch(WTERMSIG(status)) { case SIGINT: /* halt */ -@@ -1990,6 +2659,7 @@ int __lxc_start(struct lxc_handler *handler, struct lxc_operations *ops, +@@ -1990,6 +2665,7 @@ int __lxc_start(struct lxc_handler *handler, struct lxc_operations *ops, break; } } @@ -1103,7 +1134,7 @@ index fd969c4..d83330e 100644 ret = lxc_restore_phys_nics_to_netns(handler); if (ret < 0) -@@ -1997,11 +2667,20 @@ int __lxc_start(struct lxc_handler *handler, struct lxc_operations *ops, +@@ -1997,11 +2673,20 @@ int __lxc_start(struct lxc_handler *handler, struct lxc_operations *ops, close_prot_errno_disarm(handler->pinfd); @@ -1124,7 +1155,7 @@ index fd969c4..d83330e 100644 /* These are not the droids you are looking for. */ __private_goto1: lxc_delete_network(handler); -@@ -2032,7 +2711,11 @@ struct start_args { +@@ -2032,7 +2717,11 @@ struct start_args { char *const *argv; }; @@ -1136,7 +1167,7 @@ index fd969c4..d83330e 100644 { struct start_args *arg = data; -@@ -2040,6 +2723,9 @@ static int start(struct lxc_handler *handler, void* data) +@@ -2040,6 +2729,9 @@ static int start(struct lxc_handler *handler, void* data) execvp(arg->argv[0], arg->argv); SYSERROR("Failed to exec \"%s\"", arg->argv[0]); @@ -1146,7 +1177,7 @@ index fd969c4..d83330e 100644 return 0; } -@@ -2057,14 +2743,22 @@ static struct lxc_operations start_ops = { +@@ -2057,14 +2749,22 @@ static struct lxc_operations start_ops = { }; int lxc_start(char *const argv[], struct lxc_handler *handler, @@ -1169,7 +1200,7 @@ index fd969c4..d83330e 100644 } static void lxc_destroy_container_on_signal(struct lxc_handler *handler, -@@ -2136,3 +2830,261 @@ static bool do_destroy_container(struct lxc_handler *handler) +@@ -2136,3 +2836,261 @@ static bool do_destroy_container(struct lxc_handler *handler) return storage_destroy(handler->conf); } @@ -1304,7 +1335,7 @@ index fd969c4..d83330e 100644 + return handler; + +on_error: -+ lxc_free_handler(handler); ++ lxc_put_handler(handler); + + return NULL; +} @@ -1355,7 +1386,7 @@ index fd969c4..d83330e 100644 + return handler; + +on_error: -+ lxc_free_handler(handler); ++ lxc_put_handler(handler); + + return NULL; +} @@ -1401,7 +1432,7 @@ index fd969c4..d83330e 100644 + } + +out: -+ lxc_free_handler(handler); ++ lxc_put_handler(handler); + return ret; +} + @@ -1426,7 +1457,7 @@ index fd969c4..d83330e 100644 + } + +out: -+ lxc_free_handler(handler); ++ lxc_put_handler(handler); + return ret; +} + diff --git a/lxc.spec b/lxc.spec index fa99517..189f1de 100644 --- a/lxc.spec +++ b/lxc.spec @@ -1,4 +1,4 @@ -%global _release 2022072102 +%global _release 2022072103 Name: lxc Version: 4.0.3 @@ -187,6 +187,12 @@ make check %{_mandir}/*/man7/%{name}* %changelog +* Thu Jul 21 2022 zhangxiaoyu - 4.0.3-2022072102 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC: fix compile error + * Thu Jul 21 2022 chengzeruizhi - 4.0.3-2022072101 - Type:bugfix - ID:NA -- Gitee