diff --git a/apply-patches b/apply-patches new file mode 100755 index 0000000000000000000000000000000000000000..074071d13a21d8dd01c34509210febe579d05b4e --- /dev/null +++ b/apply-patches @@ -0,0 +1,36 @@ +####################################################################### +##- @Copyright (C) Huawei Technologies., Ltd. 2019. All rights reserved. +# - lcr licensed under the Mulan PSL v1. +# - You can use this software according to the terms and conditions of the Mulan PSL v1. +# - You may obtain a copy of Mulan PSL v1 at: +# - http://license.coscl.org.cn/MulanPSL +# - THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR +# - IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR +# - PURPOSE. +# - See the Mulan PSL v1 for more details. +##- @Description: apply patchs +##- @Author: lifeng +##- @Create: 2019-04-25 +####################################################################### +#!/bin/bash + +set -ex + +pkg=lxc-3.0.3 +cwd=$PWD +src=$cwd/lxc-3.0.3 + +tar -xzvf $pkg.tar.gz + +cd $src + +cat $cwd/series.conf | while read line +do + if [[ $line == '' || $line =~ ^\s*# ]]; then + continue + fi + echo $cwd/$line + patch -p1 -F1 -s < $cwd/$line +done + +cd $cwd diff --git a/series.conf b/series.conf new file mode 100644 index 0000000000000000000000000000000000000000..8361e71ba9974f14a872646044c01db8c2ac3f03 --- /dev/null +++ b/series.conf @@ -0,0 +1,139 @@ +lxc-CVE-2019-5736-runC-rexec-callers-as-memfd.patch +0001-confile-add-lxc.isulad.init.args-config-interface.patch +0002-namespace-add-support-share-namespace-by-path.patch +0003-confile-add-lxc.isulad.populate.device-interface.patch +0004-support-isulad-fifo-log.patch +0005-auto-mount-cgroup-sys-and-proc.patch +0006-conf.c-fix-bug-when-set-no-ro-mount-mount-propagatio.patch +0007-use-isulad-log-format.patch +0008-isulad-modify-exit-code-and-stop-signal.patch +0009-lxc_start-add-default-terminal-fifos.patch +0010-Save-pid-ppid-info-into-file-for-isulad.patch +0011-Add-exit-FIFO-to-monitor-state-of-lxc-monitor.patch +0012-Init-fifos-in-lxc_attach_terminal.patch +0013-isulad-set-env-home-in-container.patch +0014-support-rotate-for-container-log-file.patch +0015-fix-high-gcc-compile-bug.patch +0016-add-masked-paths-and-ro-paths.patch +0017-isulad-check-cgroup-cpu.shares-after-setted.patch +0018-lxc-attach-add-support-terminal-fifos.patch +0019-remount-cgroup-readonly-and-make-soft-link-of-subcgr.patch +0020-fix-log-error-when-symlink-subcgroup.patch +0021-lxc-attch-add-error-message.patch +0022-support-rootfs-mount-propagation.patch +0023-attach.c-change-uid-and-gid-from-lxc-container-confi.patch +0024-isulad-support-symlink-in-mount-entry-and-not-permit.patch +0025-support-oci-hooks.patch +0026-remove-filelock-and-do-not-destroy-directory-when-de.patch +0027-fix-bug-of-memory-leak.patch +0028-support-rootfs-for-container.patch +0029-add-start-timeout-to-limit-start-time.patch +0030-support-block-device-as-rootfs.patch +0031-clean-add-clean-resources-api.patch +0032-Drop-all-caps-when-cap.keep-ISULAD_KEEP_NONE.patch +0033-support-mount-squashfs-in-mount-entry.patch +0034-some-small-bugfix.patch +0035-lxc-fixup-builds-with-newer-glibc.patch +0036-drop_caps-add-drop-caps-of-current-process.patch +0037-restore-default-signal-handlers-and-set-umask-0027.patch +0038-make-the-given-terminal-as-controlling-terminal.patch +0039-print-error-message-when-container-start-failed.patch +0040-add-timeout-200ms-for-cmds-send-to-lxc-monitor.patch +0041-return-1-when-_lxc_start-fails.patch +0042-lxc-seccomp-adopt-to-lxc3.0.patch +0043-check-null-pointer-of-handler-to-fix-coredump-of-att.patch +0044-support-space-in-volume-mount-and-env.patch +0045-add_terminal_fifos-Add-terminal-fifos-dynamically.patch +0046-Do-not-test-cgroup-writeable.patch +0047-Fix-memory-leak-in-lxc_global_config_value.patch +0048-clear-ONLCR-flag-from-master-of-terminal.patch +0049-Add-100ms-timeout-for-console-epoll.patch +0050-seccomp-add-rules-for-specified-architecture-only.patch +0051-if-ocihook-is-empty.patch +0052-Fix-seccomp-fail-when-all-specified-in-config.patch +0053-destroy-empty-cgroup-path-return-ture.patch +0054-fix-invalid-log-message.patch +0055-Fix-compile-error.patch +0056-caps-use-_LINUX_CAPABILITY_VERSION_3-to-set-cap.patch +0057-confile-add-support-umask.patch +0058-do-not-check-ppid-when-set-death-signal.patch +0059-delete-unused-variable-ppid.patch +0060-using-json-file-to-write-console-log-of-container.patch +0061-Fix-hook-use-the-path-args-envs-execvp-dirctory.patch +0062-setup-sysctls-before-set-read-only-path-and-masked-p.patch +0063-lxc-ignore-systemcall-load-failure-error.patch +0064-lxc-Reduce-seccomp-processing-log-level.patch +0065-Storage-return-true-if-storage_init-init-fail.patch +0066-lxc-Pids-limit-does-not-report-an-error-after-execut.patch +0067-lxc-report-error-when-remove-directory-failed.patch +0068-support-record-stdout-stderr-log-of-container-consol.patch +0069-lxc-killall-processes-if-container-shared-pid-namesp.patch +0070-lxc-signal-all-process-for-shared-container-when-con.patch +0071-lxc-get-cgroup-path-according-to-cgroup-mountpoint.patch +0072-lxc-adapt-to-docker-18.09.patch +0073-lxc-support-set-additional-groups.patch +0074-lxc-only-add-valid-fd-to-mainloop.patch +0075-lxc-add-timeout-for-attach.patch +0076-lxc-delete-unused-variable.patch +0077-lxc-set-negative-files.limit-to-max-and-fix-bug-of-s.patch +0078-Run-pre-start-hook-before-chroot.patch +0079-inherid-env-from-parent-in-oci-hooks.patch +0080-lxc-fix-compile-error.patch +0081-lxc-Change-the-range-of-attach-timeout.patch +0082-lxc-fix-memory-leak-cause-by-setenv.patch +0083-lxc-free-lxc-handler.patch +0084-lxc-memory-leak-of-lxc_grow_array.patch +0085-lxc-update-json-file-from-isulad.patch +0086-confile-add-support-systemd.patch +0087-lxc-adapt-to-spec-of-oci-hook.patch +0088-fix-lxc-build-error.patch +0089-lxc-add-get-container-processes-pids-func.patch +0090-lxc-remove-unused-variable.patch +0091-lxc-support-namespaced-kernel-params-can-be-changed-.patch +0092-lxc-add-output-error-when-create-unified-cgroup.patch +0093-optimize-isulad_kit-operator.patch +0094-exec-load-uid-gid-and-groups.patch +0095-lxc-don-t-use-the-unified-hierarchy-for-the-systemd-.patch +0096-close-inherited-fd-in-hook-process.patch +0097-lxc-report-error-when-fork-exec-error-for-hooks.patch +0098-lxc-make-dev-bind-mount-from-host-tmpfs-for-system-c.patch +0099-terminal-do-not-close-the-master-fd-of-pty.patch +0100-start-add-check-save-pid-info-file.patch +0101-lxc-fix-code-error.patch +0102-lxc-fix-compile-warnings.patch +0103-lxc-fix-code-error-in-conf.c.patch +0104-lxc-fix-code-error.patch +0105-lxc-fix-code-error-warnings.patch +0106-set-timeout-to-1s-for-cmds-send-to-lxc-monitor.patch +0107-add-log-for-failure-of-rename-file.patch +0108-check-calloc-input-valid.patch +0109-add-secure-compile-flags-to-lxc.patch +0110-add-doc-for-lxc.patch +0111-lxc-use-safe_strdup-instead-of-strdup.patch +0112-fix-secure-errors.patch +0113-Malloc-parameter-check-and-judgment.patch +0114-lxc-fix-code-errors.patch +0115-fix-compile-error-on-ubuntu.patch +0116-lxc-set-base-cgroup-path-to.patch +0117-pupulate-device-with-dir-mode-750-and-set-uid-gid.patch +0118-fix-sscanf-return-value-check.patch +0119-remove-unuse-binary.patch +0120-remove-unuse-unmount-namespace.patch +0121-optimize-log-when-root-path-is-invalid.patch +0122-lxc-fix-code-reivew-errors.patch +0123-in-accordance-with-hook-spec-in-oci.patch +0124-lxc-close-maincmd-fd-before-destroy-cgroup.patch +0125-lxc-fix-strcat-bug-in-cleanpath.patch +0126-add-user-option-for-lxc-attach.patch +0127-log-only-write-size-begin-if-buffer-is-full.patch +0128-link-proc-mounts-to-etc-mtab.patch +0129-cgfsng-add-retry-for-enter-cgroup.patch +0130-fix-snprintf-create-abstract-socket-name-bug.patch +0131-fix-commands-and-terminal-memory-leak-bug.patch +0132-lxc-fix-bug-in-cgroup-parent.patch +0133-lxc-fix-bug-in-cgfsng.patch +0134-lxc-do-cpuset-same-as-runc.patch +0135-lxc-fix-code-warnings-for-cgfsng.c.patch +0136-lxc-fix-retry-bug-in-cgroup.patch +0137-lxc-fix-bug-in-read-proc.patch +0138-resize-implement-resize-function-in-exec-start.patch