From c25bfa2cc9abf33d1772ef9e232e98228980a1e1 Mon Sep 17 00:00:00 2001 From: zhongjiawei Date: Wed, 8 Feb 2023 17:18:27 +0800 Subject: [PATCH] runc:make runc spec compatible 1.0.0.rc3 1.adapt DisableOOMKiller, OOMScoreAdj position adjustment. 2.adapt to BlackIO json parsing field change modification. --- git-commit | 2 +- ...-make-runc-spec-compatible-1.0.0.rc3.patch | 213 ++++++++++++++++++ runc.spec | 8 +- series.conf | 1 + 4 files changed, 222 insertions(+), 2 deletions(-) create mode 100644 patch/0032-runc-make-runc-spec-compatible-1.0.0.rc3.patch diff --git a/git-commit b/git-commit index c1fb008..206eba9 100644 --- a/git-commit +++ b/git-commit @@ -1 +1 @@ -34166983fc5395fe07a5ff625c4f884e8efb98c8 +b17d05d6bfb1f6d087f5585e5236ffc04173af69 diff --git a/patch/0032-runc-make-runc-spec-compatible-1.0.0.rc3.patch b/patch/0032-runc-make-runc-spec-compatible-1.0.0.rc3.patch new file mode 100644 index 0000000..facacb3 --- /dev/null +++ b/patch/0032-runc-make-runc-spec-compatible-1.0.0.rc3.patch @@ -0,0 +1,213 @@ +From 437b5cda354b8e2572eb24377774396117b513d0 Mon Sep 17 00:00:00 2001 +From: zhongjiawei +Date: Thu, 9 Feb 2023 16:41:35 +0800 +Subject: [PATCH] runc:make runc spec compatible 1.0.0.rc3 + +--- + spec.go | 181 +++++++++++++++++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 180 insertions(+), 1 deletion(-) + +diff --git a/spec.go b/spec.go +index 806d2f1..7170648 100644 +--- a/spec.go ++++ b/spec.go +@@ -112,8 +112,95 @@ created by an unprivileged user. + }, + } + ++type compatSpec struct { ++ specs.Spec ++ Linux *linux `json:"linux,omitempty" platform:"linux"` ++} ++ ++type linux struct { ++ specs.Linux ++ Resources *linuxResources `json:"resources,omitempty"` ++} ++ ++type linuxResources struct { ++ specs.LinuxResources ++ // DisableOOMKiller disables the OOM killer for out of memory conditions ++ DisableOOMKiller *bool `json:"disableOOMKiller,omitempty"` ++ // Specify an oom_score_adj for the container. ++ OOMScoreAdj *int `json:"oomScoreAdj,omitempty"` ++ // BlockIO restriction configuration ++ BlockIO *LinuxBlockIO `json:"blockIO,omitempty"` ++} ++ ++// LinuxBlockIO for Linux cgroup 'blkio' resource management ++type LinuxBlockIO struct { ++ // Specifies per cgroup weight, range is from 10 to 1000 ++ Weight *uint16 `json:"blkioWeight,omitempty"` ++ // Specifies tasks' weight in the given cgroup while competing with the cgroup's child cgroups, range is from 10 to 1000, CFQ scheduler only ++ LeafWeight *uint16 `json:"blkioLeafWeight,omitempty"` ++ // Weight per cgroup per device, can override BlkioWeight ++ WeightDevice []LinuxWeightDevice `json:"blkioWeightDevice,omitempty"` ++ // IO read rate limit per cgroup per device, bytes per second ++ ThrottleReadBpsDevice []LinuxThrottleDevice `json:"blkioThrottleReadBpsDevice,omitempty"` ++ // IO write rate limit per cgroup per device, bytes per second ++ ThrottleWriteBpsDevice []LinuxThrottleDevice `json:"blkioThrottleWriteBpsDevice,omitempty"` ++ // IO read rate limit per cgroup per device, IO per second ++ ThrottleReadIOPSDevice []LinuxThrottleDevice `json:"blkioThrottleReadIOPSDevice,omitempty"` ++ // IO write rate limit per cgroup per device, IO per second ++ ThrottleWriteIOPSDevice []LinuxThrottleDevice `json:"blkioThrottleWriteIOPSDevice,omitempty"` ++} ++ ++// linuxBlockIODevice holds major:minor format supported in blkio cgroup ++type linuxBlockIODevice struct { ++ // Major is the device's major number. ++ Major int64 `json:"major"` ++ // Minor is the device's minor number. ++ Minor int64 `json:"minor"` ++} ++ ++// LinuxWeightDevice struct holds a `major:minor weight` pair for blkioWeightDevice ++type LinuxWeightDevice struct { ++ linuxBlockIODevice ++ // Weight is the bandwidth rate for the device, range is from 10 to 1000 ++ Weight *uint16 `json:"weight,omitempty"` ++ // LeafWeight is the bandwidth rate for the device while competing with the cgroup's child cgroups, range is from 10 to 1000, CFQ scheduler only ++ LeafWeight *uint16 `json:"leafWeight,omitempty"` ++} ++ ++// LinuxThrottleDevice struct holds a `major:minor rate_per_second` pair ++type LinuxThrottleDevice struct { ++ linuxBlockIODevice ++ // Rate is the IO rate limit per cgroup per device ++ Rate uint64 `json:"rate"` ++} ++ ++func versionRc6Plus(ver string) bool { ++ if len(ver) < 5 { // version should be a.b.c[-rcn][x] ++ return false ++ } ++ ++ // docker-18.09 1.0.1 ++ if ver[:5] < "1.0.1" { ++ return true ++ } ++ ++ // < 1.0.0-rc6: include 1.0.0-rc5xxx ++ return false ++} ++ + // loadSpec loads the specification from the provided path. + func loadSpec(cPath string) (spec *specs.Spec, err error) { ++ spec, err = loadOriginSpec(cPath) ++ if err != nil || versionRc6Plus(spec.Version) { ++ return loadCompactSpec(cPath) ++ } ++ ++ return spec, validateProcessSpec(spec.Process) ++ ++} ++ ++// loadSpec loads the specification from the provided path. ++func loadOriginSpec(cPath string) (spec *specs.Spec, err error) { + cf, err := os.Open(cPath) + if err != nil { + if os.IsNotExist(err) { +@@ -126,7 +213,99 @@ func loadSpec(cPath string) (spec *specs.Spec, err error) { + if err = json.NewDecoder(cf).Decode(&spec); err != nil { + return nil, err + } +- return spec, validateProcessSpec(spec.Process) ++ return spec, nil ++} ++ ++func loadCompactSpec(cPath string) (*specs.Spec, error) { ++ var compatSpec compatSpec ++ cf, err := os.Open(cPath) ++ if err != nil { ++ if os.IsNotExist(err) { ++ return nil, fmt.Errorf("JSON specification file %s not found", cPath) ++ } ++ return nil, err ++ } ++ defer cf.Close() ++ ++ if err = json.NewDecoder(cf).Decode(&compatSpec); err != nil { ++ return nil, fmt.Errorf("config.json %q error :%v", cPath, err) ++ } ++ ++ var spec *specs.Spec ++ if spec, err = updateCompactSpec(&compatSpec); err != nil { ++ return nil, err ++ } ++ ++ return spec, nil ++} ++ ++func updateCompactSpec(compatSpec *compatSpec) (*specs.Spec, error) { ++ compatjson, _ := json.Marshal(compatSpec) ++ var spec specs.Spec ++ err := json.Unmarshal(compatjson, &spec) ++ if err != nil { ++ return nil, fmt.Errorf("update config failed %v", err) ++ } ++ ++ if compatSpec != nil && compatSpec.Linux != nil && ++ compatSpec.Linux.Resources != nil && ++ compatSpec.Linux.Resources.DisableOOMKiller != nil { ++ if spec.Linux.Resources.Memory == nil { ++ memory := &specs.LinuxMemory{ ++ DisableOOMKiller: compatSpec.Linux.Resources.DisableOOMKiller, ++ } ++ spec.Linux.Resources.Memory = memory ++ } else { ++ spec.Linux.Resources.Memory.DisableOOMKiller = compatSpec.Linux.Resources.DisableOOMKiller ++ } ++ } ++ ++ if compatSpec != nil && compatSpec.Linux != nil && ++ compatSpec.Linux.Resources != nil && ++ compatSpec.Linux.Resources.OOMScoreAdj != nil { ++ if spec.Process == nil { ++ process := &specs.Process{ ++ OOMScoreAdj: compatSpec.Linux.Resources.OOMScoreAdj, ++ } ++ spec.Process = process ++ } else { ++ spec.Process.OOMScoreAdj = compatSpec.Linux.Resources.OOMScoreAdj ++ } ++ } ++ ++ if compatSpec.Linux.Resources.BlockIO != nil { ++ spec.Linux.Resources.BlockIO.Weight = compatSpec.Linux.Resources.BlockIO.Weight ++ spec.Linux.Resources.BlockIO.LeafWeight = compatSpec.Linux.Resources.BlockIO.LeafWeight ++ if compatSpec.Linux.Resources.BlockIO.WeightDevice != nil { ++ for _, wd := range compatSpec.Linux.Resources.BlockIO.WeightDevice { ++ wdSpec := specs.LinuxWeightDevice{ ++ Weight: wd.Weight, ++ LeafWeight: wd.LeafWeight, ++ } ++ wdSpec.Major = wd.Major ++ wdSpec.Minor = wd.Minor ++ spec.Linux.Resources.BlockIO.WeightDevice = append(spec.Linux.Resources.BlockIO.WeightDevice, wdSpec) ++ } ++ } ++ procLinuxThrottleDevice := func(src []LinuxThrottleDevice, dest *[]specs.LinuxThrottleDevice) { ++ if src != nil { ++ for _, ltd := range src { ++ ltdSpec := specs.LinuxThrottleDevice{ ++ Rate: ltd.Rate, ++ } ++ ltdSpec.Major = ltd.Major ++ ltdSpec.Minor = ltd.Minor ++ *dest = append(*dest, ltdSpec) ++ } ++ } ++ } ++ procLinuxThrottleDevice(compatSpec.Linux.Resources.BlockIO.ThrottleReadBpsDevice, &spec.Linux.Resources.BlockIO.ThrottleReadBpsDevice) ++ procLinuxThrottleDevice(compatSpec.Linux.Resources.BlockIO.ThrottleWriteBpsDevice, &spec.Linux.Resources.BlockIO.ThrottleWriteBpsDevice) ++ procLinuxThrottleDevice(compatSpec.Linux.Resources.BlockIO.ThrottleReadIOPSDevice, &spec.Linux.Resources.BlockIO.ThrottleReadIOPSDevice) ++ procLinuxThrottleDevice(compatSpec.Linux.Resources.BlockIO.ThrottleWriteIOPSDevice, &spec.Linux.Resources.BlockIO.ThrottleWriteIOPSDevice) ++ } ++ ++ return &spec, nil + } + + func createLibContainerRlimit(rlimit specs.POSIXRlimit) (configs.Rlimit, error) { +-- +2.33.0 + diff --git a/runc.spec b/runc.spec index 0ef7f21..f8644df 100644 --- a/runc.spec +++ b/runc.spec @@ -3,7 +3,7 @@ Name: docker-runc Version: 1.1.3 -Release: 10 +Release: 11 Summary: runc is a CLI tool for spawning and running containers according to the OCI specification. License: ASL 2.0 @@ -54,6 +54,12 @@ install -p -m 755 runc $RPM_BUILD_ROOT/%{_bindir}/runc %{_bindir}/runc %changelog +* Thu Feb 9 2023 zhongjiawei - 1.1.3-11 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:make runc spec compatible 1.0.0.rc3 + * Tue Jan 17 2023 zhongjiawei - 1.1.3-10 - Type:bugfix - CVE:NA diff --git a/series.conf b/series.conf index 4719f82..380e585 100644 --- a/series.conf +++ b/series.conf @@ -29,3 +29,4 @@ patch/0028-runc-cgroup-apply-method-modify.patch patch/0029-runc-runc-log-forward-to-syslog.patch patch/0030-runc-support-specify-umask.patch patch/0031-runc-modify-linuxcontainer-starttime-uint64-type-tob.patch +patch/0032-runc-make-runc-spec-compatible-1.0.0.rc3.patch -- Gitee