From ddedb892000428fe58401f8c1570c31842416fa3 Mon Sep 17 00:00:00 2001
From: zhongjiawei <zhongjiawei1@huawei.com>
Date: Mon, 4 Mar 2024 19:17:36 +0800
Subject: [PATCH] runc:backport some patches

---
 git-commit                                    |  2 +-
 patch/0157-runc-Fix-File-to-Close.patch       | 27 +++++++++
 ...mpfs-mode-opts-when-dir-already-exis.patch | 59 +++++++++++++++++++
 runc.spec                                     |  8 ++-
 series.conf                                   |  2 +
 5 files changed, 96 insertions(+), 2 deletions(-)
 create mode 100644 patch/0157-runc-Fix-File-to-Close.patch
 create mode 100644 patch/0158-runc-Fix-tmpfs-mode-opts-when-dir-already-exis.patch

diff --git a/git-commit b/git-commit
index 0e218a5..9d88b24 100644
--- a/git-commit
+++ b/git-commit
@@ -1 +1 @@
-077273104199bd5d8201ee80bf78af5e21a44228
+d36503f0bdc96da64702b73054e26c8e6780e8de
diff --git a/patch/0157-runc-Fix-File-to-Close.patch b/patch/0157-runc-Fix-File-to-Close.patch
new file mode 100644
index 0000000..fcd62f0
--- /dev/null
+++ b/patch/0157-runc-Fix-File-to-Close.patch
@@ -0,0 +1,27 @@
+From 329422245586df752a020d3887cb0ee83cab7f59 Mon Sep 17 00:00:00 2001
+From: "hang.jiang" <hang.jiang@daocloud.io>
+Date: Fri, 1 Sep 2023 16:17:13 +0800
+Subject: [PATCH 1/4] Fix File to Close
+ 
+Reference:https://github.com/opencontainers/runc/commit/937ca107c3d22da77eb8e8030f2342253b980980
+ 
+Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
+---
+ update.go | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/update.go b/update.go
+index 226a18a..46f7974 100644
+--- a/update.go
++++ b/update.go
+@@ -162,6 +162,7 @@ other options are ignored.
+ 				if err != nil {
+ 					return err
+ 				}
++				defer f.Close()
+ 			}
+ 			err = json.NewDecoder(f).Decode(&r)
+ 			if err != nil {
+-- 
+2.33.0
+
diff --git a/patch/0158-runc-Fix-tmpfs-mode-opts-when-dir-already-exis.patch b/patch/0158-runc-Fix-tmpfs-mode-opts-when-dir-already-exis.patch
new file mode 100644
index 0000000..67a47c8
--- /dev/null
+++ b/patch/0158-runc-Fix-tmpfs-mode-opts-when-dir-already-exis.patch
@@ -0,0 +1,59 @@
+From 6594fe86b84fa69fd44172694d9495b37e5c653a Mon Sep 17 00:00:00 2001
+From: Brian Goff <cpuguy83@gmail.com>
+Date: Thu, 22 Jun 2023 21:35:19 +0000
+Subject: [PATCH 2/4] Fix tmpfs mode opts when dir already exists
+ 
+When a directory already exists (or after a container is restarted) the
+perms of the directory being mounted to were being used even when a
+different permission is set on the tmpfs mount options.
+ 
+This prepends the original directory perms to the mount options.
+If the perms were already set in the mount opts then those perms will
+win.
+This eliminates the need to perform a chmod after mount entirely.
+ 
+Reference:https://github.com/opencontainers/runc/commit/9fa8b9de3e74c306db186494187fb789f0fdab4d
+ 
+Signed-off-by: Brian Goff <cpuguy83@gmail.com>
+---
+ libcontainer/rootfs_linux.go | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go
+index 97707ca..d43867b 100644
+--- a/libcontainer/rootfs_linux.go
++++ b/libcontainer/rootfs_linux.go
+@@ -212,11 +212,16 @@ func mountToRootfs(m *configs.Mount, rootfs, mountLabel string) error {
+ 	case "tmpfs":
+ 		copyUp := m.Extensions&configs.EXT_COPYUP == configs.EXT_COPYUP
+ 		tmpDir := ""
+-		stat, err := os.Stat(dest)
+-		if err != nil {
++		if stat, err := os.Stat(dest); err != nil {
+ 			if err := os.MkdirAll(dest, 0755); err != nil {
+ 				return err
+ 			}
++		} else {
++			dt := fmt.Sprintf("mode=%04o", stat.Mode())
++			if m.Data != "" {
++				dt = dt + "," + m.Data
++			}
++			m.Data = dt
+ 		}
+ 		if copyUp {
+ 			tmpDir, err = ioutil.TempDir("/tmp", "runctmpdir")
+@@ -245,11 +250,6 @@ func mountToRootfs(m *configs.Mount, rootfs, mountLabel string) error {
+ 				return errMsg
+ 			}
+ 		}
+-		if stat != nil {
+-			if err = os.Chmod(dest, stat.Mode()); err != nil {
+-				return err
+-			}
+-		}
+ 		return nil
+ 	case "bind":
+ 		stat, err := os.Stat(m.Source)
+-- 
+2.33.0
+
diff --git a/runc.spec b/runc.spec
index 5589b0a..bc0078e 100644
--- a/runc.spec
+++ b/runc.spec
@@ -4,7 +4,7 @@
 
 Name: docker-runc
 Version: 1.0.0.rc3
-Release: 321
+Release: 322
 Summary: runc is a CLI tool for spawning and running containers according to the OCI specification.
 
 License: ASL 2.0
@@ -57,6 +57,12 @@ install -p -m 755 runc $RPM_BUILD_ROOT/%{_bindir}/runc
 %{_bindir}/runc
 
 %changelog
+* Mon Mar 04 2024 zhongjiawei<zhongjiawei1@huawei.com> - 1.0.0.rc3-322
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:backport some patches
+
 * Mon Feb 5 2024 zhongjiawei<zhongjiawei1@huawei.com> - 1.0.0.rc3-321
 - Type:bugfix
 - CVE:NA
diff --git a/series.conf b/series.conf
index 7834e42..6e4541f 100644
--- a/series.conf
+++ b/series.conf
@@ -156,4 +156,6 @@ patch/0153-runc-delete-do-not-ignore-error-from-destroy.patch
 patch/0154-libct-Destroy-don-t-proceed-in-case-of-errors.patch
 patch/0155-runc-fix-CVE-2024-21626.patch
 patch/0156-runc-check-cmd-exist.patch
+patch/0157-runc-Fix-File-to-Close.patch
+patch/0158-runc-Fix-tmpfs-mode-opts-when-dir-already-exis.patch
 #end
-- 
Gitee