From 7f22d4330261cdaa1aa070d174b2877256fc24b6 Mon Sep 17 00:00:00 2001
From: zhongjiawei <zhongjiawei1@huawei.com>
Date: Mon, 6 Jan 2025 14:21:07 +0800
Subject: [PATCH] runc:Fix failed exec after systemctl daemon-reload

---
 git-commit                                    |  2 +-
 ...d-exec-after-systemctl-daemon-reload.patch | 65 +++++++++++++++++++
 runc.spec                                     |  8 ++-
 series.conf                                   |  1 +
 4 files changed, 74 insertions(+), 2 deletions(-)
 create mode 100644 patch/0060-runc-fix-failed-exec-after-systemctl-daemon-reload.patch

diff --git a/git-commit b/git-commit
index 0ae8246..b356e5f 100644
--- a/git-commit
+++ b/git-commit
@@ -1 +1 @@
-ae908e306b8682a184ba191e4a810afe367c607c
+f93bc478fbbc54f67e5883f09d3ced9ce5789766
diff --git a/patch/0060-runc-fix-failed-exec-after-systemctl-daemon-reload.patch b/patch/0060-runc-fix-failed-exec-after-systemctl-daemon-reload.patch
new file mode 100644
index 0000000..7a72d1b
--- /dev/null
+++ b/patch/0060-runc-fix-failed-exec-after-systemctl-daemon-reload.patch
@@ -0,0 +1,65 @@
+From: xulei <xulei@xfusion.com>
+Date: Wed, 25 Dec 2024 11:11:08 +0800
+Subject: [PATCH] runc:Fix failed exec after systemctl daemon-reload
+ 
+Reference: https://github.com/opencontainers/runc/pull/3554/files
+
+---
+ libcontainer/cgroups/systemd/common.go | 16 +++++++++-------
+ tests/integration/dev.bats             | 16 ++++++++++++++++
+ 2 files changed, 25 insertions(+), 7 deletions(-)
+ 
+diff --git a/libcontainer/cgroups/systemd/common.go b/libcontainer/cgroups/systemd/common.go
+index 5a68a3c..45744c1 100644
+--- a/libcontainer/cgroups/systemd/common.go
++++ b/libcontainer/cgroups/systemd/common.go
+@@ -288,14 +288,16 @@ func generateDeviceProperties(r *configs.Resources) ([]systemdDbus.Property, err
+ 			case devices.CharDevice:
+ 				entry.Path = fmt.Sprintf("/dev/char/%d:%d", rule.Major, rule.Minor)
+ 			}
++			// systemd will issue a warning if the path we give here doesn't exist.
++			// Since all of this logic is best-effort anyway (we manually set these
++			// rules separately to systemd) we can safely skip entries that don't
++			// have a corresponding path.
++			if _, err := os.Stat(entry.Path); err != nil {
++				logrus.Debugf("skipping device %s for systemd: %s", entry.Path, err)
++				continue
++			}
+ 		}
+-		// systemd will issue a warning if the path we give here doesn't exist.
+-		// Since all of this logic is best-effort anyway (we manually set these
+-		// rules separately to systemd) we can safely skip entries that don't
+-		// have a corresponding path.
+-		if _, err := os.Stat(entry.Path); err == nil {
+-			deviceAllowList = append(deviceAllowList, entry)
+-		}
++		deviceAllowList = append(deviceAllowList, entry)
+ 	}
+ 
+ 	properties = append(properties, newProp("DeviceAllow", deviceAllowList))
+diff --git a/tests/integration/dev.bats b/tests/integration/dev.bats
+index 01f6778..2433157 100644
+--- a/tests/integration/dev.bats
++++ b/tests/integration/dev.bats
+@@ -128,3 +128,19 @@ function teardown() {
+ 	runc exec test_allow_block sh -c 'fdisk -l '"$device"''
+ 	[ "$status" -eq 0 ]
+ }
++
++# https://github.com/opencontainers/runc/issues/3551
++@test "runc exec vs systemctl daemon-reload" {
++	requires systemd root
++
++	runc run -d --console-socket "$CONSOLE_SOCKET" test_exec
++	[ "$status" -eq 0 ]
++
++	runc exec -t test_exec sh -c "ls -l /proc/self/fd/0; echo 123"
++	[ "$status" -eq 0 ]
++
++	systemctl daemon-reload
++
++	runc exec -t test_exec sh -c "ls -l /proc/self/fd/0; echo 123"
++	[ "$status" -eq 0 ]
++}
+-- 
+2.33.0
diff --git a/runc.spec b/runc.spec
index c22d8c2..378c964 100644
--- a/runc.spec
+++ b/runc.spec
@@ -3,7 +3,7 @@
 
 Name: runc
 Version: 1.1.3
-Release: 31
+Release: 32
 Summary: runc is a CLI tool for spawning and running containers according to the OCI specification.
 
 License: ASL 2.0
@@ -54,6 +54,12 @@ install -p -m 755 runc $RPM_BUILD_ROOT/%{_bindir}/runc
 %{_bindir}/runc
 
 %changelog
+* Mon Jan 06 2025 xulei <xulei@xfusion.com> - 1.1.3-32
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:Fix failed exec after systemctl daemon-reload
+
 * Tue Oct 08 2024 jingxiaolu<lujingxiao@huawei.com> - 1.1.3-31
 - Type:bugfix
 - CVE:NA
diff --git a/series.conf b/series.conf
index 67c4bba..d096989 100644
--- a/series.conf
+++ b/series.conf
@@ -57,3 +57,4 @@ patch/0056-runc-format-log-instead-panic-when-procError-missing.patch
 patch/0057-rootfs-consolidate-mountpoint-creation-logic.patch
 patch/0058-rootfs-try-to-scope-MkdirAll-to-stay-inside-the-root.patch
 patch/0059-runc-fix-can-t-set-cpuset-cpus-and-cpuset-mems-at-th.patch
+patch/0060-runc-fix-failed-exec-after-systemctl-daemon-reload.patch
-- 
Gitee