From c113349401aac9fbf2dd1620c55ec21c31e46123 Mon Sep 17 00:00:00 2001
From: zhongjiawei <zhongjiawei1@huawei.com>
Date: Mon, 15 Jul 2024 14:31:34 +0800
Subject: [PATCH] runc:sync some patches

Signed-off-by: zhongjiawei <zhongjiawei1@huawei.com>
---
 git-commit                                    |  2 +-
 patch/0042-runc-fix-a-data-race.patch         | 26 ++++++++++
 ...pport-set-umask-through-native.umask.patch | 48 +++++++++++++++++++
 runc.spec                                     |  8 +++-
 series.conf                                   |  2 +
 5 files changed, 84 insertions(+), 2 deletions(-)
 create mode 100644 patch/0042-runc-fix-a-data-race.patch
 create mode 100644 patch/0043-runc-do-not-support-set-umask-through-native.umask.patch

diff --git a/git-commit b/git-commit
index 0facadb..6f86182 100644
--- a/git-commit
+++ b/git-commit
@@ -1 +1 @@
-288b7252b0db60842f5d7e1b9716c84c98f4ea30
+f96899740a738303176d8f2d08881d42eadc2ee0
diff --git a/patch/0042-runc-fix-a-data-race.patch b/patch/0042-runc-fix-a-data-race.patch
new file mode 100644
index 0000000..2a42c4f
--- /dev/null
+++ b/patch/0042-runc-fix-a-data-race.patch
@@ -0,0 +1,26 @@
+From d1ef3ab619c7743d389fc882ec65df38d140fc08 Mon Sep 17 00:00:00 2001
+From: zhongjiawei <zhongjiawei1@huawei.com>
+Date: Mon, 17 Jun 2024 23:22:39 +0800
+Subject: [PATCH] libct/config: fix a data race
+
+Reference:https://github.com/opencontainers/runc/commit/c342872276d4a3d5f662684115e282cbb20bf227
+---
+ libcontainer/configs/config.go | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libcontainer/configs/config.go b/libcontainer/configs/config.go
+index f85ade3f..c9ecc3cb 100644
+--- a/libcontainer/configs/config.go
++++ b/libcontainer/configs/config.go
+@@ -455,7 +455,7 @@ func (c Command) Run(s *specs.State) error {
+ 			return err
+ 		case <-timerCh:
+ 			cmd.Process.Kill()
+-			cmd.Wait()
++			<-errC
+ 			return fmt.Errorf("hook ran past specified timeout of %.1fs", c.Timeout.Seconds())
+ 		case <-timeAfter:
+ 			if c.Timeout != nil {
+-- 
+2.33.0
+
diff --git a/patch/0043-runc-do-not-support-set-umask-through-native.umask.patch b/patch/0043-runc-do-not-support-set-umask-through-native.umask.patch
new file mode 100644
index 0000000..5528a6f
--- /dev/null
+++ b/patch/0043-runc-do-not-support-set-umask-through-native.umask.patch
@@ -0,0 +1,48 @@
+From 19a4209a82132f930fe55cbb2255eb453b465e56 Mon Sep 17 00:00:00 2001
+From: zhongjiawei <zhongjiawei1@huawei.com>
+Date: Thu, 11 Jul 2024 20:18:01 +0800
+Subject: [PATCH] runc:do not support set umask through native.umask
+
+Signed-off-by: zhongjiawei <zhongjiawei1@huawei.com>
+---
+ libcontainer/rootfs_linux.go     | 6 ------
+ libcontainer/setns_init_linux.go | 6 ------
+ 2 files changed, 12 deletions(-)
+
+diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go
+index c42e388..499d753 100644
+--- a/libcontainer/rootfs_linux.go
++++ b/libcontainer/rootfs_linux.go
+@@ -192,12 +192,6 @@ func finalizeRootfs(config *configs.Config) (err error) {
+ 	} else {
+ 		unix.Umask(0o022)
+ 	}
+-	umask := utils.SearchLabels(config.Labels, "native.umask")
+-	if umask == "normal" {
+-		unix.Umask(0o022)
+-	} else {
+-		unix.Umask(0o027)
+-	}
+ 	return nil
+ }
+ 
+diff --git a/libcontainer/setns_init_linux.go b/libcontainer/setns_init_linux.go
+index f1dcab6..d8cdfdf 100644
+--- a/libcontainer/setns_init_linux.go
++++ b/libcontainer/setns_init_linux.go
+@@ -56,12 +56,6 @@ func (l *linuxSetnsInit) Init() error {
+ 			return err
+ 		}
+ 	}
+-        umask := utils.SearchLabels(l.config.Config.Labels, "native.umask")
+-        if umask == "normal" {
+-                unix.Umask(0o022)
+-        } else {
+-                unix.Umask(0o027)
+-        }
+ 	if l.config.NoNewPrivileges {
+ 		if err := unix.Prctl(unix.PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); err != nil {
+ 			return err
+-- 
+2.33.0
+
diff --git a/runc.spec b/runc.spec
index 5bc1c19..fe9b51e 100644
--- a/runc.spec
+++ b/runc.spec
@@ -3,7 +3,7 @@
 
 Name: runc
 Version: 1.1.8
-Release: 16
+Release: 17
 Summary: runc is a CLI tool for spawning and running containers according to the OCI specification.
 
 License: ASL 2.0
@@ -57,6 +57,12 @@ install -p -m 755 runc $RPM_BUILD_ROOT/%{_bindir}/runc
 %{_bindir}/runc
 
 %changelog
+* Mon Jul 15 2024 zhongjiawei<zhongjiawei1@huawei.com> - 1.1.8-17
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:sync some patches
+
 * Fri Jun 14 2024 zhaixiaojuan<zhaixiaojuan@loongson.cn> - 1.1.8-16
 - Type:bugfix
 - CVE:NA
diff --git a/series.conf b/series.conf
index 97b90ac..9546ca3 100644
--- a/series.conf
+++ b/series.conf
@@ -37,3 +37,5 @@ patch/0037-runc-fix-CVE-2024-21626.patch
 patch/0038-runc-check-cmd-exist.patch
 patch/0039-runc-fix-CVE-2024-3154.patch
 patch/0040-add-loongarch64-seccomp-support.patch
+patch/0042-runc-fix-a-data-race.patch
+patch/0043-runc-do-not-support-set-umask-through-native.umask.patch
-- 
Gitee