diff options
| author | CoprDistGit <infra@openeuler.org> | 2023-10-25 03:19:39 +0000 |
|---|---|---|
| committer | CoprDistGit <infra@openeuler.org> | 2023-10-25 03:19:39 +0000 |
| commit | 723a12433aa7309e1eb0618be08d9b9fea389b81 (patch) | |
| tree | 6e73a07585bfafeae4404d2247436ed13d337457 | |
| parent | e3a65d47f4dae59923d032065e9c335fcdd7a0a8 (diff) | |
automatic import of iSuladopeneuler22.03_LTS_SP2
37 files changed, 14277 insertions, 0 deletions
@@ -0,0 +1 @@ +/v2.1.3.tar.gz diff --git a/0001-2155-Use-reference-in-loop-in-listpodsandbox.patch b/0001-2155-Use-reference-in-loop-in-listpodsandbox.patch new file mode 100644 index 0000000..4446798 --- /dev/null +++ b/0001-2155-Use-reference-in-loop-in-listpodsandbox.patch @@ -0,0 +1,26 @@ +From 8dacc4a2740ed3ba99fab88324c50fa37274297d Mon Sep 17 00:00:00 2001 +From: xuxuepeng <xuxuepeng1@huawei.com> +Date: Tue, 29 Aug 2023 11:50:52 +0000 +Subject: [PATCH 01/33] !2155 Use reference in loop in listpodsandbox * Use + reference in loop in listpodsandbox + +--- + src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc +index 33b700f3..687f4e6d 100644 +--- a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc ++++ b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc +@@ -739,7 +739,7 @@ void PodSandboxManagerService::ListPodSandbox(const runtime::v1::PodSandboxFilte + + sandbox::SandboxManager::GetInstance()->ListAllSandboxes(filter, sandboxes); + +- for (const auto sandbox : sandboxes) { ++ for (const auto &sandbox : sandboxes) { + std::unique_ptr<runtime::v1::PodSandbox> pod(new runtime::v1::PodSandbox); + + pod->set_id(sandbox->GetId()); +-- +2.40.1 + diff --git a/0002-2156-Fix-sandbox-error-logging.patch b/0002-2156-Fix-sandbox-error-logging.patch new file mode 100644 index 0000000..b6914b4 --- /dev/null +++ b/0002-2156-Fix-sandbox-error-logging.patch @@ -0,0 +1,28 @@ +From cc6302549b722a5c309c90794afe27b2e7e7b29e Mon Sep 17 00:00:00 2001 +From: xuxuepeng <xuxuepeng1@huawei.com> +Date: Tue, 29 Aug 2023 13:18:13 +0000 +Subject: [PATCH 02/33] !2156 Fix sandbox error logging * Fix sandbox error + logging + +--- + src/daemon/sandbox/sandbox.cc | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/daemon/sandbox/sandbox.cc b/src/daemon/sandbox/sandbox.cc +index 2433e11b..968dae24 100644 +--- a/src/daemon/sandbox/sandbox.cc ++++ b/src/daemon/sandbox/sandbox.cc +@@ -581,8 +581,8 @@ auto Sandbox::Create(Errors &error) -> bool + + nret = util_mkdir_p(m_rootdir.c_str(), CONFIG_DIRECTORY_MODE); + if (nret != 0 && errno != EEXIST) { +- error.Errorf("Failed to create sandbox path %s", m_rootdir); +- SYSERROR("Failed to create sandbox path %s", m_rootdir); ++ error.Errorf("Failed to create sandbox path %s", m_rootdir.c_str()); ++ SYSERROR("Failed to create sandbox path %s", m_rootdir.c_str()); + return false; + } + #ifdef ENABLE_USERNS_REMAP +-- +2.40.1 + diff --git a/0003-2158-Use-crictl-v1.22.0-for-ci.patch b/0003-2158-Use-crictl-v1.22.0-for-ci.patch new file mode 100644 index 0000000..9b5d1b4 --- /dev/null +++ b/0003-2158-Use-crictl-v1.22.0-for-ci.patch @@ -0,0 +1,26 @@ +From 384940dee7ed5bcc01014520b94917f5782f996e Mon Sep 17 00:00:00 2001 +From: xuxuepeng <xuxuepeng1@huawei.com> +Date: Wed, 30 Aug 2023 03:36:45 +0000 +Subject: [PATCH 03/33] !2158 Use crictl v1.22.0 for ci * Use crictl v1.22.0 + for ci + +--- + CI/install_depends.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/CI/install_depends.sh b/CI/install_depends.sh +index ff919afe..bff825a8 100755 +--- a/CI/install_depends.sh ++++ b/CI/install_depends.sh +@@ -46,7 +46,7 @@ function make_crictl() + cd cri-tools + # crictl v1.18 cannot recognise the SecurityProfile seccomp of LinuxSandboxSecurityContext + # and the LinuxContainerSecurityContext.has_seccomp() always false +- git checkout v1.24.2 ++ git checkout v1.22.0 + make -j $nproc + echo "make cri-tools: $?" + cp ./build/bin/crictl ${builddir}/bin/ +-- +2.40.1 + diff --git a/0004-2162-Fix-rename-issue-for-id-manager.patch b/0004-2162-Fix-rename-issue-for-id-manager.patch new file mode 100644 index 0000000..93e099e --- /dev/null +++ b/0004-2162-Fix-rename-issue-for-id-manager.patch @@ -0,0 +1,113 @@ +From 0dbf21e22d51721e43fa2c1abecf30da271501c5 Mon Sep 17 00:00:00 2001 +From: xuxuepeng <xuxuepeng1@huawei.com> +Date: Thu, 31 Aug 2023 04:11:22 +0000 +Subject: [PATCH 04/33] !2162 Fix rename issue for id manager Merge pull + request !2162 from xuxuepeng/master + +--- + src/daemon/common/id_name_manager.c | 21 ++++++++++++++++++- + src/daemon/common/id_name_manager.h | 1 + + .../container_cb/execution_information.c | 12 +++++++++++ + src/daemon/sandbox/sandbox_manager.cc | 6 ++++-- + 4 files changed, 37 insertions(+), 3 deletions(-) + +diff --git a/src/daemon/common/id_name_manager.c b/src/daemon/common/id_name_manager.c +index e6b24798..3fc1c443 100644 +--- a/src/daemon/common/id_name_manager.c ++++ b/src/daemon/common/id_name_manager.c +@@ -382,4 +382,23 @@ bool id_name_manager_remove_entry(const char *id, const char *name) + } + + return ret; +-} +\ No newline at end of file ++} ++ ++bool id_name_manager_rename(const char *new_name, const char *old_name) ++{ ++ if (old_name == NULL || new_name == NULL) { ++ ERROR("Failed to rename empty name"); ++ return false; ++ } ++ ++ if (!try_add_name(new_name)) { ++ ERROR("Failed to add %s to name map", new_name); ++ return false; ++ } ++ ++ if (!try_remove_name(old_name)) { ++ WARN("Failed to remove %s from name map", old_name); ++ } ++ ++ return true; ++} +diff --git a/src/daemon/common/id_name_manager.h b/src/daemon/common/id_name_manager.h +index 3c9f6d45..09f0867e 100644 +--- a/src/daemon/common/id_name_manager.h ++++ b/src/daemon/common/id_name_manager.h +@@ -27,6 +27,7 @@ bool id_name_manager_add_entry_with_existing_id(const char *id, const char *name + bool id_name_manager_add_entry_with_new_id(const char *name, char **id); + bool id_name_manager_add_entry_with_new_id_and_name(char **id, char **name); + bool id_name_manager_remove_entry(const char *id, const char *name); ++bool id_name_manager_rename(const char *new_name, const char *old_name); + + #ifdef __cplusplus + } +diff --git a/src/daemon/executor/container_cb/execution_information.c b/src/daemon/executor/container_cb/execution_information.c +index 28480224..93e5032e 100644 +--- a/src/daemon/executor/container_cb/execution_information.c ++++ b/src/daemon/executor/container_cb/execution_information.c +@@ -60,6 +60,7 @@ + #include "utils_convert.h" + #include "utils_string.h" + #include "utils_verify.h" ++#include "id_name_manager.h" + + static int container_version_cb(const container_version_request *request, container_version_response **response) + { +@@ -1075,11 +1076,22 @@ static int container_rename(container_t *cont, const char *new_name) + goto out; + } + ++ if (!id_name_manager_rename(new_name, old_name)) { ++ ERROR("Failed to rename %s to %s in id-name manager", old_name, new_name); ++ isulad_set_error_message("Failed to rename %s to %s in id-name manager", old_name, new_name); ++ ret = -1; ++ goto out; ++ } ++ + if (!container_name_index_rename(new_name, old_name, id)) { + ERROR("Name %s is in use", new_name); + isulad_set_error_message("Conflict. The name \"%s\" is already in use by container %s. " + "You have to remove (or rename) that container to be able to reuse that name.", + new_name, new_name); ++ // restore name in id-name manager ++ if (!id_name_manager_rename(old_name, new_name)) { ++ ERROR("Failed to restore name from \"%s\" to \"%s\" in id-name manager", new_name, old_name); ++ } + ret = -1; + goto out; + } +diff --git a/src/daemon/sandbox/sandbox_manager.cc b/src/daemon/sandbox/sandbox_manager.cc +index 527a9aec..e258320a 100644 +--- a/src/daemon/sandbox/sandbox_manager.cc ++++ b/src/daemon/sandbox/sandbox_manager.cc +@@ -210,11 +210,13 @@ bool SandboxManager::IDNameManagerRemoveEntry(const std::string &id, const std:: + // Save the id and name of the sandbox to the map of the id_name_manager module + bool SandboxManager::IDNameManagerNewEntry(std::string &id, const std::string &name) + { +- __isula_auto_free char *tmpId = NULL; + bool ret = false; + if (id.empty()) { ++ __isula_auto_free char *tmpId = NULL; + ret = id_name_manager_add_entry_with_new_id(name.c_str(), &tmpId); +- id = tmpId; ++ if (tmpId != NULL) { ++ id = tmpId; ++ } + } else { + ret = id_name_manager_add_entry_with_existing_id(id.c_str(), name.c_str()); + } +-- +2.40.1 + diff --git a/0005-2163-add-bind-mount-file-lock.patch b/0005-2163-add-bind-mount-file-lock.patch new file mode 100644 index 0000000..78f91f1 --- /dev/null +++ b/0005-2163-add-bind-mount-file-lock.patch @@ -0,0 +1,936 @@ +From c1c5159675073450fe13906771cec6f666053380 Mon Sep 17 00:00:00 2001 +From: zhangxiaoyu <zhangxiaoyu58@huawei.com> +Date: Thu, 31 Aug 2023 13:14:02 +0000 +Subject: [PATCH 05/33] !2163 add bind mount file lock * add bind mount file + lock + +--- + src/cmd/isula/stream/cp.c | 66 ++++++- + src/cmd/isulad/main.c | 51 ++++++ + src/common/constants.h | 4 + + .../executor/container_cb/execution_stream.c | 23 ++- + src/daemon/modules/image/oci/oci_export.c | 13 +- + src/daemon/modules/image/oci/oci_load.c | 13 +- + .../graphdriver/devmapper/driver_devmapper.c | 12 +- + .../graphdriver/overlay2/driver_overlay2.c | 12 +- + src/utils/tar/isulad_tar.c | 16 +- + src/utils/tar/isulad_tar.h | 4 +- + src/utils/tar/util_archive.c | 163 +++++++++++++++--- + src/utils/tar/util_archive.h | 8 +- + 12 files changed, 332 insertions(+), 53 deletions(-) + +diff --git a/src/cmd/isula/stream/cp.c b/src/cmd/isula/stream/cp.c +index f0cd99c9..b1e3bbd6 100644 +--- a/src/cmd/isula/stream/cp.c ++++ b/src/cmd/isula/stream/cp.c +@@ -73,6 +73,44 @@ static void print_copy_from_container_error(const char *ops_err, const char *arc + } + } + ++static int client_get_root_dir(const isula_connect_ops *ops, const client_connect_config_t *config, char **root_dir) ++{ ++ int ret = 0; ++ struct isula_info_request request = { 0 }; ++ struct isula_info_response *response = NULL; ++ ++ response = util_common_calloc_s(sizeof(struct isula_info_response)); ++ if (response == NULL) { ++ COMMAND_ERROR("Info: Out of memory"); ++ return -1; ++ } ++ ++ if (!ops->container.info) { ++ COMMAND_ERROR("Unimplemented info op"); ++ ret = -1; ++ goto out; ++ } ++ ++ ret = ops->container.info(&request, response, (void *)config); ++ if (ret != 0) { ++ client_print_error(response->cc, response->server_errono, response->errmsg); ++ ret = -1; ++ goto out; ++ } ++ ++ if (response->isulad_root_dir == NULL) { ++ COMMAND_ERROR("None root dir"); ++ ret = -1; ++ goto out; ++ } ++ ++ *root_dir = util_strdup_s(response->isulad_root_dir); ++ ++out: ++ isula_info_response_free(response); ++ return ret; ++} ++ + static int client_copy_from_container(const struct client_arguments *args, const char *id, const char *srcpath, + const char *destpath) + { +@@ -84,6 +122,7 @@ static int client_copy_from_container(const struct client_arguments *args, const + char *archive_err = NULL; + char *ops_err = NULL; + char *resolved = NULL; ++ char *root_dir = NULL; + struct archive_copy_info *srcinfo = NULL; + client_connect_config_t config; + +@@ -92,18 +131,24 @@ static int client_copy_from_container(const struct client_arguments *args, const + COMMAND_ERROR("Unimplemented copy from container operation"); + return -1; + } ++ config = get_connect_config(args); ++ ++ ret = client_get_root_dir(ops, &config, &root_dir); ++ if (ret != 0) { ++ return -1; ++ } + + response = util_common_calloc_s(sizeof(struct isula_copy_from_container_response)); + if (response == NULL) { + ERROR("Event: Out of memory"); +- return -1; ++ ret = -1; ++ goto out; + } + + request.id = (char *)id; + request.runtime = args->runtime; + request.srcpath = (char *)srcpath; + +- config = get_connect_config(args); + ret = ops->container.copy_from_container(&request, response, &config); + if (ret) { + ops_err = (response->errmsg != NULL) ? util_strdup_s(response->errmsg) : NULL; +@@ -125,7 +170,7 @@ static int client_copy_from_container(const struct client_arguments *args, const + srcinfo->path = util_strdup_s(srcpath); + srcinfo->isdir = S_ISDIR(response->stat->mode); + +- nret = archive_copy_to(&response->reader, srcinfo, resolved, &archive_err); ++ nret = archive_copy_to(&response->reader, srcinfo, resolved, root_dir, &archive_err); + if (nret != 0) { + ret = nret; + } +@@ -137,6 +182,7 @@ static int client_copy_from_container(const struct client_arguments *args, const + + out: + print_copy_from_container_error(ops_err, archive_err, ret, args); ++ free(root_dir); + free(resolved); + free(archive_err); + free(ops_err); +@@ -167,6 +213,7 @@ static int client_copy_to_container(const struct client_arguments *args, const c + int nret = 0; + char *archive_err = NULL; + char *resolved = NULL; ++ char *root_dir = NULL; + struct archive_copy_info *srcinfo = NULL; + struct io_read_wrapper archive_reader = { 0 }; + client_connect_config_t config = { 0 }; +@@ -176,11 +223,18 @@ static int client_copy_to_container(const struct client_arguments *args, const c + COMMAND_ERROR("Unimplemented copy to container operation"); + return -1; + } ++ config = get_connect_config(args); ++ ++ ret = client_get_root_dir(ops, &config, &root_dir); ++ if (ret != 0) { ++ return -1; ++ } + + response = util_common_calloc_s(sizeof(struct isula_copy_to_container_response)); + if (response == NULL) { + ERROR("Event: Out of memory"); +- return -1; ++ ret = -1; ++ goto out; + } + + request.id = (char *)id; +@@ -199,7 +253,7 @@ static int client_copy_to_container(const struct client_arguments *args, const c + goto out; + } + +- nret = tar_resource(srcinfo, &archive_reader, &archive_err); ++ nret = tar_resource(srcinfo, root_dir, &archive_reader, &archive_err); + if (nret != 0) { + ret = -1; + goto out; +@@ -212,7 +266,6 @@ static int client_copy_to_container(const struct client_arguments *args, const c + request.reader.read = archive_reader.read; + request.reader.close = archive_reader.close; + +- config = get_connect_config(args); + ret = ops->container.copy_to_container(&request, response, &config); + + // archive reader close if copy to container failed +@@ -223,6 +276,7 @@ static int client_copy_to_container(const struct client_arguments *args, const c + + out: + print_copy_to_container_error(response, archive_err, ret, args); ++ free(root_dir); + free(resolved); + free(archive_err); + free_archive_copy_info(srcinfo); +diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c +index 681dcf03..b32b6626 100644 +--- a/src/cmd/isulad/main.c ++++ b/src/cmd/isulad/main.c +@@ -72,6 +72,7 @@ + #include "utils_file.h" + #include "utils_string.h" + #include "utils_verify.h" ++#include "path.h" + #include "volume_api.h" + #ifndef DISABLE_CLEANUP + #include "leftover_cleanup_api.h" +@@ -1383,6 +1384,50 @@ out: + return ret; + } + ++static int create_mount_flock_file(const struct service_arguments *args) ++{ ++ int nret = 0; ++ int fd = -1; ++ char path[PATH_MAX] = { 0 }; ++ char cleanpath[PATH_MAX] = { 0 }; ++ ++ nret = snprintf(path, PATH_MAX, "%s/%s", args->json_confs->graph, MOUNT_FLOCK_FILE_PATH); ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { ++ ERROR("Failed to snprintf"); ++ return -1; ++ } ++ ++ if (util_clean_path(path, cleanpath, sizeof(cleanpath)) == NULL) { ++ ERROR("clean path for %s failed", path); ++ return -1; ++ } ++ ++ if (util_fileself_exists(cleanpath)) { ++ int err = 0; ++ // recreate mount flock file ++ // and make file uid/gid and permission correct ++ if (!util_force_remove_file(cleanpath, &err)) { ++ ERROR("Failed to delete %s, error: %s. Please delete %s manually.", path, strerror(err), path); ++ return -1; ++ } ++ } ++ ++ fd = util_open(cleanpath, O_RDWR | O_CREAT, MOUNT_FLOCK_FILE_MODE); ++ if (fd < 0) { ++ ERROR("Failed to create file %s", cleanpath); ++ return -1; ++ } ++ close(fd); ++ ++ nret = util_set_file_group(cleanpath, args->json_confs->group); ++ if (nret < 0) { ++ ERROR("set group of the path %s failed", cleanpath); ++ return -1; ++ } ++ ++ return 0; ++} ++ + static int isulad_server_init_service() + { + int ret = -1; +@@ -1413,6 +1458,12 @@ static int isulad_server_init_service() + goto unlock_out; + } + ++ ret = create_mount_flock_file(args); ++ if (ret != 0) { ++ ERROR("Failed to create mount flock file"); ++ goto unlock_out; ++ } ++ + unlock_out: + if (isulad_server_conf_unlock()) { + ret = -1; +diff --git a/src/common/constants.h b/src/common/constants.h +index 409a83a1..d93bb464 100644 +--- a/src/common/constants.h ++++ b/src/common/constants.h +@@ -68,6 +68,8 @@ extern "C" { + + #define DEFAULT_HIGHEST_DIRECTORY_MODE 0755 + ++#define MOUNT_FLOCK_FILE_MODE 0660 ++ + #define ISULAD_CONFIG SYSCONFDIR_PREFIX"/etc/isulad" + + #define ISULAD_DAEMON_CONTAINER_CONTEXTS ISULAD_CONFIG "/container_contexts" +@@ -119,6 +121,8 @@ extern "C" { + #define OCI_VERSION "1.0.1" + #endif + ++#define MOUNT_FLOCK_FILE_PATH "isulad-chroot-mount.flock" ++ + #define OCI_IMAGE_GRAPH_ROOTPATH_NAME "storage" + + #ifdef ENABLE_GRPC_REMOTE_CONNECT +diff --git a/src/daemon/executor/container_cb/execution_stream.c b/src/daemon/executor/container_cb/execution_stream.c +index 32721e68..244ec6a0 100644 +--- a/src/daemon/executor/container_cb/execution_stream.c ++++ b/src/daemon/executor/container_cb/execution_stream.c +@@ -62,6 +62,7 @@ + #include "utils.h" + #include "utils_file.h" + #include "utils_verify.h" ++#include "isulad_config.h" + + #if defined (__ANDROID__) || defined(__MUSL__) + #define SIG_CANCEL_SIGNAL SIGUSR1 +@@ -442,6 +443,7 @@ static int archive_and_send_copy_data(const stream_func_wrapper *stream, + char *absbase = NULL; + char *err = NULL; + char *buf = NULL; ++ char *root_dir = NULL; + char cleaned[PATH_MAX + 2] = { 0 }; + struct io_read_wrapper reader = { 0 }; + char *tar_path = NULL; +@@ -474,9 +476,15 @@ static int archive_and_send_copy_data(const stream_func_wrapper *stream, + goto cleanup; + } + ++ root_dir = conf_get_isulad_rootdir(); ++ if (root_dir == NULL) { ++ ERROR("Failed to get isulad rootdir"); ++ goto cleanup; ++ } ++ + DEBUG("archive chroot tar stream container_fs(%s) srcdir(%s) relative(%s) srcbase(%s) absbase(%s)", + container_fs, srcdir, tar_path, srcbase, absbase); +- nret = archive_chroot_tar_stream(container_fs, tar_path, srcbase, absbase, &reader); ++ nret = archive_chroot_tar_stream(container_fs, tar_path, srcbase, absbase, root_dir, &reader); + if (nret != 0) { + ERROR("Archive %s failed", resolvedpath); + goto cleanup; +@@ -504,6 +512,7 @@ cleanup: + free(srcdir); + free(srcbase); + free(absbase); ++ free(root_dir); + if (reader.close != NULL) { + int cret = reader.close(reader.context, &err); + if (err != NULL) { +@@ -776,15 +785,25 @@ static int read_and_extract_archive(stream_func_wrapper *stream, const char *con + { + int ret = -1; + char *err = NULL; ++ char *root_dir = NULL; + struct io_read_wrapper content = { 0 }; + content.context = stream; + content.read = extract_stream_to_io_read; +- ret = archive_chroot_untar_stream(&content, container_fs, dstdir_in_container, src_rebase, dst_rebase, &err); ++ ++ root_dir = conf_get_isulad_rootdir(); ++ if (root_dir == NULL) { ++ ERROR("Failed to get isulad rootdir"); ++ isulad_set_error_message("Failed to get isulad rootdir"); ++ return -1; ++ } ++ ++ ret = archive_chroot_untar_stream(&content, container_fs, dstdir_in_container, src_rebase, dst_rebase, root_dir, &err); + if (ret != 0) { + ERROR("Can not untar to container: %s", (err != NULL) ? err : "unknown"); + isulad_set_error_message("Can not untar to container: %s", (err != NULL) ? err : "unknown"); + } + free(err); ++ free(root_dir); + return ret; + } + +diff --git a/src/daemon/modules/image/oci/oci_export.c b/src/daemon/modules/image/oci/oci_export.c +index e27ed6d8..6bfcf4d5 100644 +--- a/src/daemon/modules/image/oci/oci_export.c ++++ b/src/daemon/modules/image/oci/oci_export.c +@@ -23,6 +23,7 @@ + #include "util_archive.h" + #include "path.h" + #include "utils_file.h" ++#include "isulad_config.h" + + int oci_do_export(char *id, char *file) + { +@@ -30,6 +31,7 @@ int oci_do_export(char *id, char *file) + int ret2 = 0; + char *mount_point = NULL; + char *errmsg = NULL; ++ char *root_dir = NULL; + char cleanpath[PATH_MAX] = { 0 }; + + if (id == NULL || file == NULL) { +@@ -56,7 +58,15 @@ int oci_do_export(char *id, char *file) + return -1; + } + +- ret = archive_chroot_tar(mount_point, cleanpath, &errmsg); ++ root_dir = conf_get_isulad_rootdir(); ++ if (root_dir == NULL) { ++ ERROR("Failed to get isulad rootdir"); ++ isulad_set_error_message("Failed to get isulad rootdir"); ++ ret = -1; ++ goto out; ++ } ++ ++ ret = archive_chroot_tar(mount_point, cleanpath, root_dir, &errmsg); + if (ret != 0) { + ERROR("failed to export container %s to file %s: %s", id, cleanpath, errmsg); + isulad_set_error_message("Failed to export rootfs with error: %s", errmsg); +@@ -68,6 +78,7 @@ out: + mount_point = NULL; + free(errmsg); + errmsg = NULL; ++ free(root_dir); + + ret2 = storage_rootfs_umount(id, false); + if (ret2 != 0) { +diff --git a/src/daemon/modules/image/oci/oci_load.c b/src/daemon/modules/image/oci/oci_load.c +index 04a9f947..4385e55e 100644 +--- a/src/daemon/modules/image/oci/oci_load.c ++++ b/src/daemon/modules/image/oci/oci_load.c +@@ -41,6 +41,7 @@ + #include "utils_file.h" + #include "utils_verify.h" + #include "oci_image.h" ++#include "isulad_config.h" + + #define MANIFEST_BIG_DATA_KEY "manifest" + #define OCI_SCHEMA_VERSION 2 +@@ -1068,6 +1069,7 @@ int oci_do_load(const im_load_request *request) + char *digest = NULL; + char *dstdir = NULL; + char *err = NULL; ++ char *root_dir = NULL; + + if (request == NULL || request->file == NULL) { + ERROR("Invalid input arguments, cannot load image"); +@@ -1088,8 +1090,16 @@ int oci_do_load(const im_load_request *request) + goto out; + } + ++ root_dir = conf_get_isulad_rootdir(); ++ if (root_dir == NULL) { ++ ERROR("Failed to get isulad rootdir"); ++ isulad_try_set_error_message("Failed to get isulad rootdir"); ++ ret = -1; ++ goto out; ++ } ++ + options.whiteout_format = NONE_WHITEOUT_FORMATE; +- if (archive_unpack(&reader, dstdir, &options, &err) != 0) { ++ if (archive_unpack(&reader, dstdir, &options, root_dir, &err) != 0) { + ERROR("Failed to unpack to %s: %s", dstdir, err); + isulad_try_set_error_message("Failed to unpack to %s: %s", dstdir, err); + ret = -1; +@@ -1175,5 +1185,6 @@ out: + } + free(dstdir); + free(err); ++ free(root_dir); + return ret; + } +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c +index 998ea8c2..ecb62f79 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c +@@ -32,6 +32,7 @@ + #include "utils_file.h" + #include "utils_fs.h" + #include "utils_string.h" ++#include "isulad_config.h" + + struct io_read_wrapper; + +@@ -346,6 +347,7 @@ int devmapper_apply_diff(const char *id, const struct graphdriver *driver, const + int ret = 0; + struct archive_options options = { 0 }; + char *err = NULL; ++ char *root_dir = NULL; + + if (!util_valid_str(id) || driver == NULL || content == NULL) { + ERROR("invalid argument to apply diff with id(%s)", id); +@@ -366,8 +368,15 @@ int devmapper_apply_diff(const char *id, const struct graphdriver *driver, const + goto out; + } + ++ root_dir = conf_get_isulad_rootdir(); ++ if (root_dir == NULL) { ++ ERROR("Failed to get isulad rootdir"); ++ ret = -1; ++ goto umount_out; ++ } ++ + options.whiteout_format = REMOVE_WHITEOUT_FORMATE; +- if (archive_unpack(content, layer_fs, &options, &err) != 0) { ++ if (archive_unpack(content, layer_fs, &options, root_dir, &err) != 0) { + ERROR("devmapper: failed to unpack to %s: %s", layer_fs, err); + ret = -1; + goto umount_out; +@@ -384,6 +393,7 @@ out: + free_driver_mount_opts(mount_opts); + free(layer_fs); + free(err); ++ free(root_dir); + return ret; + } + +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c +index c5864c90..b177f594 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c +@@ -45,6 +45,7 @@ + #include "utils_timestamp.h" + #include "selinux_label.h" + #include "err_msg.h" ++#include "isulad_config.h" + #ifdef ENABLE_REMOTE_LAYER_STORE + #include "ro_symlink_maintain.h" + #endif +@@ -1886,6 +1887,7 @@ int overlay2_apply_diff(const char *id, const struct graphdriver *driver, const + char *layer_diff = NULL; + struct archive_options options = { 0 }; + char *err = NULL; ++ char *root_dir = NULL; + + if (id == NULL || driver == NULL || content == NULL) { + ERROR("invalid argument"); +@@ -1919,7 +1921,14 @@ int overlay2_apply_diff(const char *id, const struct graphdriver *driver, const + } + #endif + +- ret = archive_unpack(content, layer_diff, &options, &err); ++ root_dir = conf_get_isulad_rootdir(); ++ if (root_dir == NULL) { ++ ERROR("Failed to get isulad rootdir"); ++ ret = -1; ++ goto out; ++ } ++ ++ ret = archive_unpack(content, layer_diff, &options, root_dir ,&err); + if (ret != 0) { + ERROR("Failed to unpack to %s: %s", layer_diff, err); + ret = -1; +@@ -1928,6 +1937,7 @@ int overlay2_apply_diff(const char *id, const struct graphdriver *driver, const + + out: + free(err); ++ free(root_dir); + free(layer_dir); + free(layer_diff); + #ifdef ENABLE_USERNS_REMAP +diff --git a/src/utils/tar/isulad_tar.c b/src/utils/tar/isulad_tar.c +index 74176b12..24269c70 100644 +--- a/src/utils/tar/isulad_tar.c ++++ b/src/utils/tar/isulad_tar.c +@@ -385,7 +385,7 @@ cleanup: + } + + int archive_copy_to(const struct io_read_wrapper *content, const struct archive_copy_info *srcinfo, +- const char *dstpath, char **err) ++ const char *dstpath, const char *root_dir, char **err) + { + int ret = -1; + struct archive_copy_info *dstinfo = NULL; +@@ -393,7 +393,7 @@ int archive_copy_to(const struct io_read_wrapper *content, const struct archive_ + char *src_base = NULL; + char *dst_base = NULL; + +- if (err == NULL || dstpath == NULL || srcinfo == NULL || content == NULL) { ++ if (err == NULL || dstpath == NULL || srcinfo == NULL || content == NULL || root_dir == NULL) { + return -1; + } + +@@ -409,7 +409,7 @@ int archive_copy_to(const struct io_read_wrapper *content, const struct archive_ + goto cleanup; + } + +- ret = archive_chroot_untar_stream(content, dstdir, ".", src_base, dst_base, err); ++ ret = archive_chroot_untar_stream(content, dstdir, ".", src_base, dst_base, root_dir, err); + + cleanup: + free_archive_copy_info(dstinfo); +@@ -419,7 +419,7 @@ cleanup: + return ret; + } + +-static int tar_resource_rebase(const char *path, const char *rebase, struct io_read_wrapper *archive_reader, char **err) ++static int tar_resource_rebase(const char *path, const char *rebase, const char *root_dir, struct io_read_wrapper *archive_reader, char **err) + { + int ret = -1; + int nret; +@@ -438,7 +438,7 @@ static int tar_resource_rebase(const char *path, const char *rebase, struct io_r + } + + DEBUG("chroot tar stream srcdir(%s) srcbase(%s) rebase(%s)", srcdir, srcbase, rebase); +- nret = archive_chroot_tar_stream(srcdir, srcbase, srcbase, rebase, archive_reader); ++ nret = archive_chroot_tar_stream(srcdir, srcbase, srcbase, rebase, root_dir, archive_reader); + if (nret < 0) { + ERROR("Can not archive path: %s", path); + goto cleanup; +@@ -450,11 +450,11 @@ cleanup: + return ret; + } + +-int tar_resource(const struct archive_copy_info *info, struct io_read_wrapper *archive_reader, char **err) ++int tar_resource(const struct archive_copy_info *info, const char *root_dir, struct io_read_wrapper *archive_reader, char **err) + { +- if (info == NULL || archive_reader == NULL || err == NULL) { ++ if (info == NULL || root_dir == NULL || archive_reader == NULL || err == NULL) { + return -1; + } + +- return tar_resource_rebase(info->path, info->rebase_name, archive_reader, err); ++ return tar_resource_rebase(info->path, info->rebase_name, root_dir, archive_reader, err); + } +diff --git a/src/utils/tar/isulad_tar.h b/src/utils/tar/isulad_tar.h +index cdd9858a..414bb024 100644 +--- a/src/utils/tar/isulad_tar.h ++++ b/src/utils/tar/isulad_tar.h +@@ -43,10 +43,10 @@ struct archive_copy_info *copy_info_source_path(const char *path, bool follow_li + char *prepare_archive_copy(const struct archive_copy_info *srcinfo, const struct archive_copy_info *dstinfo, + char **src_base, char **dst_base, char **err); + +-int tar_resource(const struct archive_copy_info *info, struct io_read_wrapper *archive_reader, char **err); ++int tar_resource(const struct archive_copy_info *info, const char *root_dir, struct io_read_wrapper *archive_reader, char **err); + + int archive_copy_to(const struct io_read_wrapper *content, const struct archive_copy_info *srcinfo, +- const char *dstpath, char **err); ++ const char *dstpath, const char *root_dir, char **err); + + #ifdef __cplusplus + } +diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c +index 0fb7769b..d2fc5488 100644 +--- a/src/utils/tar/util_archive.c ++++ b/src/utils/tar/util_archive.c +@@ -33,10 +33,12 @@ + #include <netdb.h> + #include <sys/mount.h> + #include <sys/capability.h> ++#include <sys/file.h> + + #include <isula_libutils/log.h> + #include <isula_libutils/go_crc64.h> + #include <isula_libutils/storage_entry.h> ++#include <isula_libutils/auto_cleanup.h> + + #include "error.h" + #include "map.h" +@@ -83,6 +85,31 @@ static ssize_t read_content(struct archive *a, void *client_data, const void **b + return mydata->content->read(mydata->content->context, mydata->buff, sizeof(mydata->buff)); + } + ++static char *generate_flock_path(const char *root_dir) ++{ ++ int nret = 0; ++ char path[PATH_MAX] = { 0 }; ++ char cleanpath[PATH_MAX] = { 0 }; ++ ++ nret = snprintf(path, PATH_MAX, "%s/%s", root_dir, MOUNT_FLOCK_FILE_PATH); ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { ++ ERROR("Failed to snprintf"); ++ return NULL; ++ } ++ ++ if (util_clean_path(path, cleanpath, sizeof(cleanpath)) == NULL) { ++ ERROR("clean path for %s failed", path); ++ return NULL; ++ } ++ ++ if (!util_file_exists(cleanpath)) { ++ ERROR("flock file %s doesn't exist", cleanpath); ++ return NULL; ++ } ++ ++ return util_strdup_s(cleanpath); ++} ++ + static void do_disable_unneccessary_caps() + { + cap_t caps; +@@ -104,7 +131,58 @@ static void do_disable_unneccessary_caps() + cap_free(caps); + } + +-static int make_safedir_is_noexec(const char *dstdir, char **safe_dir) ++// Add flock when bind mount and make it private. ++// Because bind mount usually makes safedir shared mount point, ++// and sometimes it will cause "mount point explosion". ++// E.g. concurrently execute isula cp /tmp/<XXX-File> <CONTAINER-ID>:<CONTAINER-PAT> ++static int bind_mount_with_flock(const char *flock_path, const char *dstdir, const char *tmp_dir) ++{ ++ __isula_auto_close int fd = -1; ++ int ret = -1; ++ ++ fd = open(flock_path, O_RDWR | O_CLOEXEC); ++ if (fd < 0) { ++ SYSERROR("Failed to open file %s", flock_path); ++ return -1; ++ } ++ ++ if (flock(fd, LOCK_EX) != 0) { ++ SYSERROR("Failed to lock file %s", flock_path); ++ return -1; ++ } ++ ++ if (mount(dstdir, tmp_dir, "none", MS_BIND, NULL) != 0) { ++ SYSERROR("Mount safe dir failed"); ++ goto unlock_out; ++ } ++ ++ if (mount(tmp_dir, tmp_dir, "none", MS_BIND | MS_REMOUNT | MS_NOEXEC, NULL) != 0) { ++ SYSERROR("Mount safe dir failed"); ++ if (umount(tmp_dir) != 0) { ++ SYSERROR("Failed to umount target %s", tmp_dir); ++ } ++ goto unlock_out; ++ } ++ ++ // Change the propagation type. ++ if (mount("", tmp_dir, "", MS_PRIVATE, "") != 0) { ++ SYSERROR("Failed to change the propagation type"); ++ if (umount(tmp_dir) != 0) { ++ SYSERROR("Failed to umount target %s", tmp_dir); ++ } ++ goto unlock_out; ++ } ++ ++ ret = 0; ++ ++unlock_out: ++ if (flock(fd, LOCK_UN) != 0) { ++ SYSERROR("Failed to unlock file %s", flock_path); ++ } ++ return ret; ++} ++ ++static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, char **safe_dir) + { + struct stat buf; + char *isulad_tmpdir_env = NULL; +@@ -156,19 +234,8 @@ static int make_safedir_is_noexec(const char *dstdir, char **safe_dir) + return -1; + } + +- if (mount(dstdir, tmp_dir, "none", MS_BIND, NULL) != 0) { +- SYSERROR("Mount safe dir failed"); +- if (util_path_remove(tmp_dir) != 0) { +- ERROR("Failed to remove path %s", tmp_dir); +- } +- return -1; +- } +- +- if (mount(tmp_dir, tmp_dir, "none", MS_BIND | MS_REMOUNT | MS_NOEXEC, NULL) != 0) { +- SYSERROR("Mount safe dir failed"); +- if (umount(tmp_dir) != 0) { +- ERROR("Failed to umount target %s", tmp_dir); +- } ++ if (bind_mount_with_flock(flock_path, dstdir, tmp_dir) != 0) { ++ ERROR("Failed to bind mount from %s to %s with flock", dstdir, tmp_dir); + if (util_path_remove(tmp_dir) != 0) { + ERROR("Failed to remove path %s", tmp_dir); + } +@@ -723,7 +790,7 @@ static void set_child_process_pdeathsig(void) + } + + int archive_unpack(const struct io_read_wrapper *content, const char *dstdir, const struct archive_options *options, +- char **errmsg) ++ const char *root_dir, char **errmsg) + { + int ret = 0; + pid_t pid = -1; +@@ -731,12 +798,24 @@ int archive_unpack(const struct io_read_wrapper *content, const char *dstdir, co + int pipe_stderr[2] = { -1, -1 }; + char errbuf[BUFSIZ + 1] = { 0 }; + char *safe_dir = NULL; ++ char *flock_path = NULL; + +- if (make_safedir_is_noexec(dstdir, &safe_dir) != 0) { +- ERROR("Prepare safe dir failed"); ++ if (content == NULL || dstdir == NULL || options == NULL || root_dir == NULL) { + return -1; + } + ++ flock_path = generate_flock_path(root_dir); ++ if (flock_path == NULL) { ++ ERROR("Failed to generate flock path"); ++ return -1; ++ } ++ ++ if (make_safedir_is_noexec(flock_path, dstdir, &safe_dir) != 0) { ++ ERROR("Prepare safe dir failed"); ++ ret = -1; ++ goto cleanup; ++ } ++ + if (pipe2(pipe_stderr, O_CLOEXEC) != 0) { + ERROR("Failed to create pipe"); + ret = -1; +@@ -816,6 +895,7 @@ cleanup: + ERROR("Failed to remove path %s", safe_dir); + } + free(safe_dir); ++ free(flock_path); + return ret; + } + +@@ -1126,7 +1206,7 @@ static ssize_t fd_write(void *context, const void *data, size_t len) + return util_write_nointr(*(int *)context, data, len); + } + +-int archive_chroot_tar(char *path, char *file, char **errmsg) ++int archive_chroot_tar(const char *path, const char *file, const char *root_dir, char **errmsg) + { + struct io_write_wrapper pipe_context = { 0 }; + int ret = 0; +@@ -1136,12 +1216,24 @@ int archive_chroot_tar(char *path, char *file, char **errmsg) + char errbuf[BUFSIZ + 1] = { 0 }; + int fd = 0; + char *safe_dir = NULL; ++ char *flock_path = NULL; + +- if (make_safedir_is_noexec(path, &safe_dir) != 0) { +- ERROR("Prepare safe dir failed"); ++ if (path == NULL || file == NULL || root_dir == NULL) { ++ return -1; ++ } ++ ++ flock_path = generate_flock_path(root_dir); ++ if (flock_path == NULL) { ++ ERROR("Failed to generate flock path"); + return -1; + } + ++ if (make_safedir_is_noexec(flock_path, path, &safe_dir) != 0) { ++ ERROR("Prepare safe dir failed"); ++ ret = -1; ++ goto cleanup; ++ } ++ + if (pipe2(pipe_for_read, O_CLOEXEC) != 0) { + ERROR("Failed to create pipe"); + ret = -1; +@@ -1232,6 +1324,7 @@ cleanup: + ERROR("Failed to remove path %s", safe_dir); + } + free(safe_dir); ++ free(flock_path); + return ret; + } + +@@ -1352,7 +1445,7 @@ static int archive_context_close(void *context, char **err) + } + + int archive_chroot_untar_stream(const struct io_read_wrapper *context, const char *chroot_dir, const char *untar_dir, +- const char *src_base, const char *dst_base, char **errmsg) ++ const char *src_base, const char *dst_base, const char *root_dir, char **errmsg) + { + struct io_read_wrapper pipe_context = { 0 }; + int pipe_stream[2] = { -1, -1 }; +@@ -1370,12 +1463,19 @@ int archive_chroot_untar_stream(const struct io_read_wrapper *context, const cha + .dst_base = dst_base + }; + char *safe_dir = NULL; ++ char *flock_path = NULL; + +- if (make_safedir_is_noexec(chroot_dir, &safe_dir) != 0) { +- ERROR("Prepare safe dir failed"); ++ flock_path = generate_flock_path(root_dir); ++ if (flock_path == NULL) { ++ ERROR("Failed to generate flock path"); + return -1; + } + ++ if (make_safedir_is_noexec(flock_path, chroot_dir, &safe_dir) != 0) { ++ ERROR("Prepare safe dir failed"); ++ goto cleanup; ++ } ++ + if (pipe(pipe_stderr) != 0) { + ERROR("Failed to create pipe: %s", strerror(errno)); + goto cleanup; +@@ -1483,12 +1583,13 @@ cleanup: + ERROR("Failed to remove path %s", safe_dir); + } + free(safe_dir); ++ free(flock_path); + + return ret; + } + + int archive_chroot_tar_stream(const char *chroot_dir, const char *tar_path, const char *src_base, const char *dst_base, +- struct io_read_wrapper *reader) ++ const char *root_dir, struct io_read_wrapper *reader) + { + struct io_write_wrapper pipe_context = { 0 }; + int keepfds[] = { -1, -1, -1 }; +@@ -1498,12 +1599,19 @@ int archive_chroot_tar_stream(const char *chroot_dir, const char *tar_path, cons + pid_t pid; + struct archive_context *ctx = NULL; + char *safe_dir = NULL; ++ char *flock_path = NULL; + +- if (make_safedir_is_noexec(chroot_dir, &safe_dir) != 0) { +- ERROR("Prepare safe dir failed"); ++ flock_path = generate_flock_path(root_dir); ++ if (flock_path == NULL) { ++ ERROR("Failed to generate flock path"); + return -1; + } + ++ if (make_safedir_is_noexec(flock_path, chroot_dir, &safe_dir) != 0) { ++ ERROR("Prepare safe dir failed"); ++ goto free_out; ++ } ++ + if (pipe(pipe_stderr) != 0) { + ERROR("Failed to create pipe: %s", strerror(errno)); + goto free_out; +@@ -1607,6 +1715,7 @@ free_out: + close_archive_pipes_fd(pipe_stderr, 2); + close_archive_pipes_fd(pipe_stream, 2); + free(ctx); ++ free(flock_path); + if (safe_dir != NULL) { + if (umount(safe_dir) != 0) { + ERROR("Failed to umount target %s", safe_dir); +@@ -1848,4 +1957,4 @@ int archive_copy_oci_tar_split_and_ret_size(int src_fd, const char *dist_file, i + } + + return foreach_archive_entry(archive_entry_parse, src_fd, dist_file, ret_size); +-} +\ No newline at end of file ++} +diff --git a/src/utils/tar/util_archive.h b/src/utils/tar/util_archive.h +index 5cc2c5ec..8f0ab2a4 100644 +--- a/src/utils/tar/util_archive.h ++++ b/src/utils/tar/util_archive.h +@@ -45,17 +45,17 @@ struct archive_options { + }; + + int archive_unpack(const struct io_read_wrapper *content, const char *dstdir, const struct archive_options *options, +- char **errmsg); ++ const char *root_dir, char **errmsg); + + bool valid_archive_format(const char *file); + +-int archive_chroot_tar(char *path, char *file, char **errmsg); ++int archive_chroot_tar(const char *path, const char *file, const char *root_dir, char **errmsg); + + int archive_chroot_tar_stream(const char *chroot_dir, const char *tar_path, const char *src_base, +- const char *dst_base, struct io_read_wrapper *content); ++ const char *dst_base, const char *root_dir, struct io_read_wrapper *content); + int archive_chroot_untar_stream(const struct io_read_wrapper *content, const char *chroot_dir, + const char *untar_dir, const char *src_base, const char *dst_base, +- char **errmsg); ++ const char *root_dir, char **errmsg); + + int archive_copy_oci_tar_split_and_ret_size(int src_fd, const char *dist_file, int64_t *ret_size); + +-- +2.40.1 + diff --git a/0006-2168-fix-code-bug.patch b/0006-2168-fix-code-bug.patch new file mode 100644 index 0000000..a54eaf2 --- /dev/null +++ b/0006-2168-fix-code-bug.patch @@ -0,0 +1,1054 @@ +From f6c1ec5c8603124511c7a726a487757609a1d7a5 Mon Sep 17 00:00:00 2001 +From: zhangxiaoyu <zhangxiaoyu58@huawei.com> +Date: Tue, 5 Sep 2023 02:15:57 +0000 +Subject: [PATCH 06/33] !2168 fix code bug * fix code bug + +--- + src/daemon/common/events_format.c | 6 +- + src/daemon/common/selinux_label.c | 22 +- + src/daemon/common/selinux_label.h | 8 +- + src/daemon/config/isulad_config.c | 276 ++++++++++-------- + src/daemon/config/isulad_config.h | 62 ++-- + src/daemon/executor/container_cb/execution.c | 4 +- + .../executor/container_cb/execution_create.c | 2 +- + .../executor/container_cb/execution_network.c | 9 + + .../executor/container_cb/execution_stream.h | 6 +- + src/daemon/executor/container_cb/list.c | 4 +- + src/daemon/executor/image_cb/image_cb.c | 18 +- + 11 files changed, 233 insertions(+), 184 deletions(-) + +diff --git a/src/daemon/common/events_format.c b/src/daemon/common/events_format.c +index e5ceab92..514b060e 100644 +--- a/src/daemon/common/events_format.c ++++ b/src/daemon/common/events_format.c +@@ -83,7 +83,11 @@ struct isulad_events_format *dup_event(const struct isulad_events_format *event) + return NULL; + } + +- event_copy(event, out); ++ if (event_copy(event, out) != 0) { ++ ERROR("Failed to copy event"); ++ isulad_events_format_free(out); ++ return NULL; ++ } + + return out; + } +diff --git a/src/daemon/common/selinux_label.c b/src/daemon/common/selinux_label.c +index 585a5e35..e6527bd0 100644 +--- a/src/daemon/common/selinux_label.c ++++ b/src/daemon/common/selinux_label.c +@@ -247,7 +247,7 @@ static int get_current_label(char **content) + return read_con(path, content); + } + +-bool selinux_get_enable() ++bool selinux_get_enable(void) + { + bool enabled_set = false; + bool enabled = false; +@@ -295,7 +295,7 @@ bool selinux_get_enable() + } + + // just disable selinux support for iSulad +-void selinux_set_disabled() ++void selinux_set_disabled(void) + { + (void)set_state_enable(false); + } +@@ -376,9 +376,10 @@ int selinux_state_init(void) + return 0; + } + +-void selinux_state_free() ++void selinux_state_free(void) + { + do_selinux_state_free(g_selinux_state); ++ g_selinux_state = NULL; + } + + /* MCS already exists */ +@@ -986,6 +987,11 @@ int relabel(const char *path, const char *file_label, bool shared) + return 0; + } + ++ if (path == NULL) { ++ ERROR("Empty arguments"); ++ return -1; ++ } ++ + tmp_file_label = util_strdup_s(file_label); + if (is_exclude_relabel_path(path)) { + ERROR("SELinux relabeling of %s is not allowed", path); +@@ -1059,6 +1065,11 @@ int dup_security_opt(const char *src, char ***dst, size_t *len) + return 0; + } + ++ if (dst == NULL || len == NULL) { ++ ERROR("Empty arguments"); ++ return -1; ++ } ++ + context_t con = context_new(src); + if (con == NULL) { + ERROR("context new failed"); +@@ -1107,6 +1118,11 @@ out: + + int get_disable_security_opt(char ***labels, size_t *labels_len) + { ++ if (labels == NULL || labels_len == NULL) { ++ ERROR("Empty arguments"); ++ return -1; ++ } ++ + if (util_array_append(labels, "disable") != 0) { + ERROR("Failed to append label"); + return -1; +diff --git a/src/daemon/common/selinux_label.h b/src/daemon/common/selinux_label.h +index 625e94c3..4a3c03d4 100644 +--- a/src/daemon/common/selinux_label.h ++++ b/src/daemon/common/selinux_label.h +@@ -24,14 +24,14 @@ extern "C" { + #endif + + int selinux_state_init(void); +-void selinux_set_disabled(); +-bool selinux_get_enable(); +-int init_label(const char **label_opts, size_t label_opts_len, char **process_label, char **mount_label); ++void selinux_set_disabled(void); ++bool selinux_get_enable(void); ++int init_label(const char **label_opts, size_t label_opts_len, char **dst_process_label, char **dst_mount_label); + int relabel(const char *path, const char *file_label, bool shared); + int get_disable_security_opt(char ***labels, size_t *labels_len); + int dup_security_opt(const char *src, char ***dst, size_t *len); + char *selinux_format_mountlabel(const char *src, const char *mount_label); +-void selinux_state_free(); ++void selinux_state_free(void); + #ifdef __cplusplus + } + #endif +diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c +index 269ab310..f600f0cf 100644 +--- a/src/daemon/config/isulad_config.c ++++ b/src/daemon/config/isulad_config.c +@@ -125,7 +125,7 @@ out: + } + + /* isulad server conf wrlock */ +-int isulad_server_conf_wrlock() ++int isulad_server_conf_wrlock(void) + { + int ret = 0; + +@@ -138,7 +138,7 @@ int isulad_server_conf_wrlock() + } + + /* isulad server conf rdlock */ +-int isulad_server_conf_rdlock() ++int isulad_server_conf_rdlock(void) + { + int ret = 0; + +@@ -151,7 +151,7 @@ int isulad_server_conf_rdlock() + } + + /* isulad server conf unlock */ +-int isulad_server_conf_unlock() ++int isulad_server_conf_unlock(void) + { + int ret = 0; + +@@ -163,13 +163,13 @@ int isulad_server_conf_unlock() + return ret; + } + +-struct service_arguments *conf_get_server_conf() ++struct service_arguments *conf_get_server_conf(void) + { + return g_isulad_conf.server_conf; + } + + /* conf get isulad pidfile */ +-char *conf_get_isulad_pidfile() ++char *conf_get_isulad_pidfile(void) + { + char *filename = NULL; + struct service_arguments *conf = NULL; +@@ -191,7 +191,7 @@ out: + } + + /* conf get engine rootpath */ +-char *conf_get_engine_rootpath() ++char *conf_get_engine_rootpath(void) + { + char *epath = NULL; + char *rootpath = NULL; +@@ -238,7 +238,7 @@ int conf_get_cgroup_cpu_rt(int64_t *cpu_rt_period, int64_t *cpu_rt_runtime) + } + + conf = conf_get_server_conf(); +- if (conf == NULL) { ++ if (conf == NULL || conf->json_confs == NULL) { + (void)isulad_server_conf_unlock(); + return -1; + } +@@ -254,7 +254,7 @@ int conf_get_cgroup_cpu_rt(int64_t *cpu_rt_period, int64_t *cpu_rt_runtime) + } + + /* conf get graph checked flag file path */ +-char *conf_get_graph_check_flag_file() ++char *conf_get_graph_check_flag_file(void) + { + char *epath = NULL; + char *rootpath = NULL; +@@ -307,7 +307,7 @@ char *conf_get_routine_rootdir(const char *runtime) + } + + conf = conf_get_server_conf(); +- if (conf == NULL || conf->json_confs->graph == NULL) { ++ if (conf == NULL || conf->json_confs == NULL || conf->json_confs->graph == NULL) { + ERROR("Server conf is NULL or rootpath is NULL"); + goto out; + } +@@ -357,7 +357,7 @@ char *conf_get_routine_statedir(const char *runtime) + } + + conf = conf_get_server_conf(); +- if (conf == NULL || conf->json_confs->state == NULL) { ++ if (conf == NULL || conf->json_confs == NULL || conf->json_confs->state == NULL) { + goto out; + } + +@@ -460,7 +460,7 @@ out: + #endif + + /* conf get isulad rootdir */ +-char *conf_get_isulad_rootdir() ++char *conf_get_isulad_rootdir(void) + { + char *path = NULL; + struct service_arguments *conf = NULL; +@@ -470,7 +470,7 @@ char *conf_get_isulad_rootdir() + } + + conf = conf_get_server_conf(); +- if (conf == NULL || conf->json_confs->graph == NULL) { ++ if (conf == NULL || conf->json_confs == NULL || conf->json_confs->graph == NULL) { + goto out; + } + +@@ -482,7 +482,7 @@ out: + } + + /* conf get registry */ +-char **conf_get_registry_list() ++char **conf_get_registry_list(void) + { + int nret = 0; + size_t i; +@@ -495,7 +495,7 @@ char **conf_get_registry_list() + } + + conf = conf_get_server_conf(); +- if (conf == NULL || conf->json_confs->registry_mirrors_len == 0) { ++ if (conf == NULL || conf->json_confs == NULL || conf->json_confs->registry_mirrors_len == 0) { + goto out; + } + +@@ -518,7 +518,7 @@ out: + } + + /* conf get insecure registry */ +-char **conf_get_insecure_registry_list() ++char **conf_get_insecure_registry_list(void) + { + int nret = 0; + size_t i; +@@ -531,7 +531,7 @@ char **conf_get_insecure_registry_list() + } + + conf = conf_get_server_conf(); +- if (conf == NULL || conf->json_confs->insecure_registries_len == 0) { ++ if (conf == NULL || conf->json_confs == NULL || conf->json_confs->insecure_registries_len == 0) { + goto out; + } + +@@ -554,7 +554,7 @@ out: + } + + /* conf get isulad statedir */ +-char *conf_get_isulad_statedir() ++char *conf_get_isulad_statedir(void) + { + char *path = NULL; + struct service_arguments *conf = NULL; +@@ -564,7 +564,7 @@ char *conf_get_isulad_statedir() + } + + conf = conf_get_server_conf(); +- if (conf == NULL || conf->json_confs->state == NULL) { ++ if (conf == NULL || conf->json_confs == NULL || conf->json_confs->state == NULL) { + goto out; + } + +@@ -576,7 +576,7 @@ out: + } + + /* isulad monitor fifo name */ +-char *conf_get_isulad_monitor_fifo_path() ++char *conf_get_isulad_monitor_fifo_path(void) + { + int ret; + char fifo_file_path[PATH_MAX] = { 0 }; +@@ -631,7 +631,7 @@ static char *get_parent_mount_dir(char *graph) + } + + /* conf get isulad mount rootfs */ +-char *conf_get_isulad_mount_rootfs() ++char *conf_get_isulad_mount_rootfs(void) + { + char *path = NULL; + struct service_arguments *conf = NULL; +@@ -653,7 +653,7 @@ out: + } + + /* conf get isulad umask for containers */ +-char *conf_get_isulad_native_umask() ++char *conf_get_isulad_native_umask(void) + { + char *umask = NULL; + struct service_arguments *conf = NULL; +@@ -663,7 +663,7 @@ char *conf_get_isulad_native_umask() + } + + conf = conf_get_server_conf(); +- if (conf == NULL || conf->json_confs->native_umask == NULL) { ++ if (conf == NULL || conf->json_confs == NULL || conf->json_confs->native_umask == NULL) { + goto out; + } + +@@ -675,7 +675,7 @@ out: + } + + /* conf get isulad cgroup parent for containers */ +-char *conf_get_isulad_cgroup_parent() ++char *conf_get_isulad_cgroup_parent(void) + { + char *cgroup_parent = NULL; + struct service_arguments *conf = NULL; +@@ -685,7 +685,7 @@ char *conf_get_isulad_cgroup_parent() + } + + conf = conf_get_server_conf(); +- if (conf == NULL || conf->json_confs->cgroup_parent == NULL) { ++ if (conf == NULL || conf->json_confs == NULL || conf->json_confs->cgroup_parent == NULL) { + goto out; + } + +@@ -697,7 +697,7 @@ out: + } + + /* conf get isulad loglevel */ +-char *conf_get_isulad_loglevel() ++char *conf_get_isulad_loglevel(void) + { + char *loglevel = NULL; + struct service_arguments *conf = NULL; +@@ -707,7 +707,7 @@ char *conf_get_isulad_loglevel() + } + + conf = conf_get_server_conf(); +- if (conf == NULL || conf->json_confs->log_level == NULL) { ++ if (conf == NULL || conf->json_confs == NULL || conf->json_confs->log_level == NULL) { + goto out; + } + +@@ -725,7 +725,7 @@ char *get_log_file_helper(const struct service_arguments *conf, const char *suff + size_t len = 0; + int nret = 0; + +- if (suffix == NULL) { ++ if (conf == NULL || suffix == NULL) { + return NULL; + } + +@@ -757,7 +757,7 @@ out: + } + + /* conf get isulad log gather fifo path */ +-char *conf_get_isulad_log_gather_fifo_path() ++char *conf_get_isulad_log_gather_fifo_path(void) + { + #define LOG_GATHER_FIFO_NAME "/isulad_log_gather_fifo" + char *logfile = NULL; +@@ -796,7 +796,7 @@ out: + } + + /* conf get isulad log file */ +-char *conf_get_isulad_log_file() ++char *conf_get_isulad_log_file(void) + { + char *logfile = NULL; + struct service_arguments *conf = NULL; +@@ -818,7 +818,7 @@ out: + } + + /* conf get engine log file */ +-char *conf_get_engine_log_file() ++char *conf_get_engine_log_file(void) + { + char *logfile = NULL; + char *full_path = NULL; +@@ -885,7 +885,7 @@ int conf_get_daemon_log_config(char **loglevel, char **logdriver, char **engine_ + } + + /* conf get isulad logdriver */ +-char *conf_get_isulad_logdriver() ++char *conf_get_isulad_logdriver(void) + { + char *logdriver = NULL; + struct service_arguments *conf = NULL; +@@ -895,7 +895,7 @@ char *conf_get_isulad_logdriver() + } + + conf = conf_get_server_conf(); +- if (conf == NULL || conf->json_confs->log_driver == NULL) { ++ if (conf == NULL || conf->json_confs == NULL || conf->json_confs->log_driver == NULL) { + goto out; + } + +@@ -915,12 +915,17 @@ int conf_get_container_log_opts(isulad_daemon_configs_container_log **opts) + size_t i; + int ret = 0; + ++ if (opts == NULL) { ++ ERROR("Empty arguments"); ++ return -1; ++ } ++ + if (isulad_server_conf_rdlock() != 0) { + return -1; + } + + conf = conf_get_server_conf(); +- if (conf == NULL || conf->json_confs->container_log == NULL) { ++ if (conf == NULL || conf->json_confs == NULL || conf->json_confs->container_log == NULL) { + goto out; + } + work = conf->json_confs->container_log; +@@ -962,7 +967,7 @@ out: + } + + /* conf get image layer check flag */ +-bool conf_get_image_layer_check_flag() ++bool conf_get_image_layer_check_flag(void) + { + bool check_flag = false; + struct service_arguments *conf = NULL; +@@ -972,7 +977,7 @@ bool conf_get_image_layer_check_flag() + } + + conf = conf_get_server_conf(); +- if (conf == NULL) { ++ if (conf == NULL || conf->json_confs == NULL) { + goto out; + } + +@@ -984,7 +989,7 @@ out: + } + + /* conf get flag of use decrypted key to pull image */ +-bool conf_get_use_decrypted_key_flag() ++bool conf_get_use_decrypted_key_flag(void) + { + bool check_flag = true; + struct service_arguments *conf = NULL; +@@ -994,7 +999,7 @@ bool conf_get_use_decrypted_key_flag() + } + + conf = conf_get_server_conf(); +- if (conf == NULL || conf->json_confs->use_decrypted_key == NULL) { ++ if (conf == NULL || conf->json_confs == NULL || conf->json_confs->use_decrypted_key == NULL) { + goto out; + } + +@@ -1005,7 +1010,7 @@ out: + return check_flag; + } + +-bool conf_get_skip_insecure_verify_flag() ++bool conf_get_skip_insecure_verify_flag(void) + { + bool check_flag = false; + struct service_arguments *conf = NULL; +@@ -1015,7 +1020,7 @@ bool conf_get_skip_insecure_verify_flag() + } + + conf = conf_get_server_conf(); +- if (conf == NULL) { ++ if (conf == NULL || conf->json_confs == NULL) { + goto out; + } + +@@ -1026,69 +1031,86 @@ out: + return check_flag; + } + +-#define OCI_STR_ARRAY_DUP(src, dest, srclen, destlen, ret) \ +- do { \ +- if ((src) != NULL) { \ +- (dest) = util_str_array_dup((const char **)(src), (srclen)); \ +- if ((dest) == NULL) { \ +- (ret) = -1; \ +- goto out; \ +- } \ +- (destlen) = (srclen); \ +- } \ +- } while (0) +- +-#define HOOKS_ELEM_DUP_DEF(item) \ +- defs_hook *hooks_##item##_elem_dup(const defs_hook *src) \ +- { \ +- int ret = 0; \ +- defs_hook *dest = NULL; \ +- if (src == NULL) \ +- return NULL; \ +- dest = util_common_calloc_s(sizeof(defs_hook)); \ +- if (dest == NULL) \ +- return NULL; \ +- dest->path = util_strdup_s(src->path); \ +- OCI_STR_ARRAY_DUP(src->args, dest->args, src->args_len, dest->args_len, ret); \ +- OCI_STR_ARRAY_DUP(src->env, dest->env, src->env_len, dest->env_len, ret); \ +- dest->timeout = src->timeout; \ +- out: \ +- if (ret != 0 && dest != NULL) { \ +- free_defs_hook(dest); \ +- dest = NULL; \ +- } \ +- return dest; \ +- } +- +-/* HOOKS ELEM DUP DEF */ +-HOOKS_ELEM_DUP_DEF(prestart) +-/* HOOKS ELEM DUP DEF */ +-HOOKS_ELEM_DUP_DEF(poststart) +-/* HOOKS ELEM DUP DEF */ +-HOOKS_ELEM_DUP_DEF(poststop) +- +-#define HOOKS_ITEM_DUP_DEF(item) \ +- int hooks_##item##_dup(oci_runtime_spec_hooks *dest, const oci_runtime_spec_hooks *src) \ +- { \ +- int i = 0; \ +- dest->item = util_smart_calloc_s(sizeof(defs_hook *), (src->item##_len + 1)); \ +- if (dest->item == NULL) \ +- return -1; \ +- dest->item##_len = src->item##_len; \ +- for (; (size_t)i < src->item##_len; ++i) { \ +- dest->item[i] = hooks_##item##_elem_dup(src->item[i]); \ +- if (dest->item[i] == NULL) \ +- return -1; \ +- } \ +- return 0; \ +- } +- +-/* HOOKS ITEM DUP DEF */ +-HOOKS_ITEM_DUP_DEF(prestart) +-/* HOOKS ITEM DUP DEF */ +-HOOKS_ITEM_DUP_DEF(poststart) +-/* HOOKS ITEM DUP DEF */ +-HOOKS_ITEM_DUP_DEF(poststop) ++static defs_hook *hooks_elem_dup(const defs_hook *src) ++{ ++ defs_hook *dest = NULL; ++ ++ if (src == NULL) { ++ return NULL; ++ } ++ ++ dest = (defs_hook *)util_common_calloc_s(sizeof(defs_hook)); ++ if (dest == NULL) { ++ ERROR("Out of memory"); ++ return NULL; ++ } ++ ++ dest->path = util_strdup_s(src->path); ++ dest->timeout = src->timeout; ++ ++ if (src->args_len != 0) { ++ dest->args = util_str_array_dup((const char **)(src->args), src->args_len); ++ if (dest->args == NULL) { ++ ERROR("Failed to duplicate string array"); ++ goto err_out; ++ } ++ dest->args_len = src->args_len; ++ } ++ ++ if (src->env_len != 0) { ++ dest->env = util_str_array_dup((const char **)(src->env), src->env_len); ++ if (dest->env == NULL) { ++ ERROR("Failed to duplicate string array"); ++ goto err_out; ++ } ++ dest->env_len = src->env_len; ++ } ++ ++ return dest; ++ ++err_out: ++ free_defs_hook(dest); ++ return NULL; ++} ++ ++static int hooks_array_dup(const defs_hook **src, const size_t src_len, defs_hook ***dst, size_t *dst_len) ++{ ++ size_t i; ++ size_t tmp_len = 0; ++ defs_hook **tmp_dst = NULL; ++ ++ if (src_len > SIZE_MAX - 1) { ++ ERROR("Invalid hooks array length"); ++ return -1; ++ } ++ ++ tmp_dst = (defs_hook **)util_smart_calloc_s(sizeof(defs_hook *), src_len + 1); ++ if (tmp_dst == NULL) { ++ ERROR("Out of memory"); ++ return -1; ++ } ++ ++ for(i = 0; i < src_len; i++) { ++ tmp_dst[i] = hooks_elem_dup(src[i]); ++ if (tmp_dst[i] == NULL) { ++ ERROR("Failed to duplicate hooks element"); ++ goto err_out; ++ } ++ tmp_len++; ++ } ++ ++ *dst = tmp_dst; ++ *dst_len = tmp_len; ++ return 0; ++ ++err_out: ++ for(i = 0; i < tmp_len; i++) { ++ free_defs_hook(tmp_dst[i]); ++ } ++ free(tmp_dst); ++ ++ return -1; ++} + + /* hooks_dup */ + oci_runtime_spec_hooks *hooks_dup(const oci_runtime_spec_hooks *src) +@@ -1104,17 +1126,17 @@ oci_runtime_spec_hooks *hooks_dup(const oci_runtime_spec_hooks *src) + return NULL; + } + +- ret = hooks_prestart_dup(dest, src); ++ ret = hooks_array_dup((const defs_hook **)src->prestart, src->prestart_len, &dest->prestart, &dest->prestart_len); + if (ret != 0) { + goto out; + } + +- ret = hooks_poststart_dup(dest, src); ++ ret = hooks_array_dup((const defs_hook **)src->poststart, src->poststart_len, &dest->poststart, &dest->poststart_len); + if (ret != 0) { + goto out; + } + +- ret = hooks_poststop_dup(dest, src); ++ ret = hooks_array_dup((const defs_hook **)src->poststop, src->poststop_len, &dest->poststop, &dest->poststop_len); + + out: + if (ret != 0) { +@@ -1130,6 +1152,11 @@ int conf_get_isulad_hooks(oci_runtime_spec_hooks **phooks) + int ret = 0; + struct service_arguments *conf = NULL; + ++ if (phooks == NULL) { ++ ERROR("Empty arguments"); ++ return -1; ++ } ++ + if (isulad_server_conf_rdlock() != 0) { + return -1; + } +@@ -1184,7 +1211,7 @@ out: + } + + /* conf get start timeout */ +-unsigned int conf_get_start_timeout() ++unsigned int conf_get_start_timeout(void) + { + struct service_arguments *conf = NULL; + unsigned int ret = 0; +@@ -1204,7 +1231,7 @@ out: + return ret; + } + +-char *conf_get_default_runtime() ++char *conf_get_default_runtime(void) + { + struct service_arguments *conf = NULL; + char *result = NULL; +@@ -1226,7 +1253,7 @@ out: + return result; + } + +-char *conf_get_enable_plugins() ++char *conf_get_enable_plugins(void) + { + struct service_arguments *conf = NULL; + char *plugins = NULL; +@@ -1249,7 +1276,7 @@ out: + } + + #ifdef ENABLE_USERNS_REMAP +-char *conf_get_isulad_userns_remap() ++char *conf_get_isulad_userns_remap(void) + { + struct service_arguments *conf = NULL; + char *userns_remap = NULL; +@@ -1335,7 +1362,7 @@ int conf_get_cni_bin_dir(char ***dst) + } + + /* conf get websocket server listening port */ +-int32_t conf_get_websocket_server_listening_port() ++int32_t conf_get_websocket_server_listening_port(void) + { + int32_t port = 0; + struct service_arguments *conf = NULL; +@@ -1345,7 +1372,7 @@ int32_t conf_get_websocket_server_listening_port() + } + + conf = conf_get_server_conf(); +- if (conf == NULL) { ++ if (conf == NULL || conf->json_confs == NULL) { + goto out; + } + +@@ -1401,6 +1428,10 @@ int set_unix_socket_group(const char *socket, const char *group) + return -1; + } + ++ if (!util_has_prefix(socket, UNIX_SOCKET_PREFIX)) { ++ ERROR("Invalid unix socket: %s", socket); ++ return -1; ++ } + path = socket + strlen(UNIX_SOCKET_PREFIX); + + if (strlen(path) > PATH_MAX || realpath(path, rpath) == NULL) { +@@ -1430,15 +1461,6 @@ out: + return ret; + } + +-#define OVERRIDE_STRING_VALUE(dst, src) \ +- do { \ +- if ((src) != NULL && strlen((src)) != 0) { \ +- free((dst)); \ +- (dst) = (src); \ +- (src) = NULL; \ +- } \ +- } while (0) +- + static int string_array_append(char **suffix, size_t suffix_len, size_t *curr_len, char ***result) + { + if (suffix_len > 0) { +@@ -1463,6 +1485,11 @@ int parse_log_opts(struct service_arguments *args, const char *key, const char * + { + int ret = -1; + ++ if (args == NULL) { ++ ERROR("Empty arguments"); ++ return -1; ++ } ++ + if (key == NULL || value == NULL) { + return 0; + } +@@ -1682,6 +1709,11 @@ int merge_json_confs_into_global(struct service_arguments *args) + parser_error err = NULL; + int ret = 0; + ++ if (args == NULL) { ++ ERROR("Empty arguments"); ++ return -1; ++ } ++ + tmp_json_confs = isulad_daemon_configs_parse_file(ISULAD_DAEMON_JSON_CONF_FILE, NULL, &err); + if (tmp_json_confs == NULL) { + COMMAND_ERROR("Load isulad json config failed: %s", err != NULL ? err : ""); +@@ -1828,7 +1860,7 @@ static bool valid_isulad_daemon_constants(isulad_daemon_constants *config) + return true; + } + +-int init_isulad_daemon_constants() ++int init_isulad_daemon_constants(void) + { + parser_error err = NULL; + int ret = 0; +@@ -1855,7 +1887,7 @@ out: + return ret; + } + +-isulad_daemon_constants *get_isulad_daemon_constants() ++isulad_daemon_constants *get_isulad_daemon_constants(void) + { + return g_isulad_daemon_constants; + } +diff --git a/src/daemon/config/isulad_config.h b/src/daemon/config/isulad_config.h +index 92edd6e0..4fe1acdc 100644 +--- a/src/daemon/config/isulad_config.h ++++ b/src/daemon/config/isulad_config.h +@@ -42,43 +42,43 @@ char *conf_get_sandbox_rootpath(void); + char *conf_get_sandbox_statepath(void); + #endif + +-char *conf_get_isulad_pidfile(); +-char *conf_get_engine_rootpath(); ++char *conf_get_isulad_pidfile(void); ++char *conf_get_engine_rootpath(void); + char *conf_get_routine_rootdir(const char *runtime); + char *conf_get_routine_statedir(const char *runtime); +-char *conf_get_isulad_rootdir(); +-char *conf_get_isulad_statedir(); +-char *conf_get_isulad_mount_rootfs(); +-char *conf_get_isulad_loglevel(); +-char *conf_get_isulad_logdriver(); ++char *conf_get_isulad_rootdir(void); ++char *conf_get_isulad_statedir(void); ++char *conf_get_isulad_mount_rootfs(void); ++char *conf_get_isulad_loglevel(void); ++char *conf_get_isulad_logdriver(void); + int conf_get_daemon_log_config(char **loglevel, char **logdriver, char **engine_log_path); +-char *conf_get_isulad_log_gather_fifo_path(); ++char *conf_get_isulad_log_gather_fifo_path(void); + + int conf_get_cgroup_cpu_rt(int64_t *cpu_rt_period, int64_t *cpu_rt_runtime); + + int conf_get_container_log_opts(isulad_daemon_configs_container_log **opts); + +-char *conf_get_isulad_log_file(); +-char *conf_get_engine_log_file(); +-char *conf_get_enable_plugins(); ++char *conf_get_isulad_log_file(void); ++char *conf_get_engine_log_file(void); ++char *conf_get_enable_plugins(void); + #ifdef ENABLE_USERNS_REMAP +-char *conf_get_isulad_userns_remap(); ++char *conf_get_isulad_userns_remap(void); + #endif +-char *conf_get_cni_conf_dir(); ++char *conf_get_cni_conf_dir(void); + int conf_get_cni_bin_dir(char ***dst); +-int32_t conf_get_websocket_server_listening_port(); ++int32_t conf_get_websocket_server_listening_port(void); + + int save_args_to_conf(struct service_arguments *args); + + int set_unix_socket_group(const char *socket, const char *group); + +-int isulad_server_conf_wrlock(); ++int isulad_server_conf_wrlock(void); + +-int isulad_server_conf_rdlock(); ++int isulad_server_conf_rdlock(void); + +-int isulad_server_conf_unlock(); ++int isulad_server_conf_unlock(void); + +-struct service_arguments *conf_get_server_conf(); ++struct service_arguments *conf_get_server_conf(void); + + int get_system_cpu_usage(uint64_t *val); + +@@ -86,31 +86,31 @@ int conf_get_isulad_hooks(oci_runtime_spec_hooks **phooks); + + int conf_get_isulad_default_ulimit(host_config_ulimits_element ***ulimit); + +-unsigned int conf_get_start_timeout(); ++unsigned int conf_get_start_timeout(void); + +-char **conf_get_insecure_registry_list(); ++char **conf_get_insecure_registry_list(void); + +-char **conf_get_registry_list(); +-char *conf_get_isulad_native_umask(); ++char **conf_get_registry_list(void); ++char *conf_get_isulad_native_umask(void); + +-char *conf_get_isulad_cgroup_parent(); ++char *conf_get_isulad_cgroup_parent(void); + +-char *conf_get_default_runtime(); ++char *conf_get_default_runtime(void); + +-char *conf_get_graph_check_flag_file(); ++char *conf_get_graph_check_flag_file(void); + +-bool conf_get_image_layer_check_flag(); ++bool conf_get_image_layer_check_flag(void); + + int merge_json_confs_into_global(struct service_arguments *args); + +-bool conf_get_use_decrypted_key_flag(); +-bool conf_get_skip_insecure_verify_flag(); ++bool conf_get_use_decrypted_key_flag(void); ++bool conf_get_skip_insecure_verify_flag(void); + int parse_log_opts(struct service_arguments *args, const char *key, const char *value); + +-char *conf_get_isulad_monitor_fifo_path(); ++char *conf_get_isulad_monitor_fifo_path(void); + +-int init_isulad_daemon_constants(); +-isulad_daemon_constants *get_isulad_daemon_constants(); ++int init_isulad_daemon_constants(void); ++isulad_daemon_constants *get_isulad_daemon_constants(void); + + #ifdef __cplusplus + } +diff --git a/src/daemon/executor/container_cb/execution.c b/src/daemon/executor/container_cb/execution.c +index ca4061b4..dbfec59e 100644 +--- a/src/daemon/executor/container_cb/execution.c ++++ b/src/daemon/executor/container_cb/execution.c +@@ -912,8 +912,8 @@ static int container_kill_cb(const container_kill_request *request, container_ki + } + + if (!util_valid_signal((int)signal)) { +- isulad_set_error_message("Not supported signal %d", signal); +- ERROR("Not supported signal %d", signal); ++ isulad_set_error_message("Not supported signal %u", signal); ++ ERROR("Not supported signal %u", signal); + cc = ISULAD_ERR_EXEC; + goto pack_response; + } +diff --git a/src/daemon/executor/container_cb/execution_create.c b/src/daemon/executor/container_cb/execution_create.c +index c65aa281..9c097121 100644 +--- a/src/daemon/executor/container_cb/execution_create.c ++++ b/src/daemon/executor/container_cb/execution_create.c +@@ -706,7 +706,7 @@ out: + free(runtime_root); + free(runtime_stat); + if (ret != 0) { +- /* fail, do not use the input v2 spec, host spec and network settings, the memeory will be free by caller*/ ++ /* fail, do not use the input v2 spec, host spec and network settings, the memeory will be free by caller */ + if (cont != NULL) { + cont->common_config = NULL; + cont->hostconfig = NULL; +diff --git a/src/daemon/executor/container_cb/execution_network.c b/src/daemon/executor/container_cb/execution_network.c +index 1ff360f2..ce924332 100644 +--- a/src/daemon/executor/container_cb/execution_network.c ++++ b/src/daemon/executor/container_cb/execution_network.c +@@ -81,11 +81,20 @@ out: + + static int fopen_network(FILE **fp, char **file_path, const char *rootfs, const char *filename) + { ++ int64_t size = 0; ++ + if (util_realpath_in_scope(rootfs, filename, file_path) < 0) { + SYSERROR("Failed to get real path '%s' under rootfs '%s'", filename, rootfs); + isulad_set_error_message("Failed to get real path '%s' under rootfs '%s'", filename, rootfs); + return -1; + } ++ ++ size = util_file_size(*file_path); ++ if (size > REGULAR_FILE_SIZE) { ++ ERROR("Target file '%s', size exceed limit: %lld", *file_path, REGULAR_FILE_SIZE); ++ return -1; ++ } ++ + *fp = util_fopen(*file_path, "a+"); + if (*fp == NULL) { + SYSERROR("Failed to open %s", *file_path); +diff --git a/src/daemon/executor/container_cb/execution_stream.h b/src/daemon/executor/container_cb/execution_stream.h +index 227cc2c3..c0dba7d0 100644 +--- a/src/daemon/executor/container_cb/execution_stream.h ++++ b/src/daemon/executor/container_cb/execution_stream.h +@@ -1,6 +1,3 @@ +-#ifndef DAEMON_EXECUTOR_CONTAINER_CB_EXECUTION_STREAM_H +-#define DAEMON_EXECUTOR_CONTAINER_CB_EXECUTION_STREAM_H +- + /****************************************************************************** + * Copyright (c) Huawei Technologies Co., Ltd. 2017-2019. All rights reserved. + * iSulad licensed under the Mulan PSL v2. +@@ -16,6 +13,9 @@ + * Description: provide container list callback function definition + *********************************************************************************/ + ++#ifndef DAEMON_EXECUTOR_CONTAINER_CB_EXECUTION_STREAM_H ++#define DAEMON_EXECUTOR_CONTAINER_CB_EXECUTION_STREAM_H ++ + #include "callback.h" + + #ifdef __cplusplus +diff --git a/src/daemon/executor/container_cb/list.c b/src/daemon/executor/container_cb/list.c +index 539a1314..243eb4d2 100644 +--- a/src/daemon/executor/container_cb/list.c ++++ b/src/daemon/executor/container_cb/list.c +@@ -164,14 +164,14 @@ static int append_ids(const map_t *matches, char ***filtered_ids) + return 0; + } + +-static int insert_matched_id(char **ids, map_t *matches, void *value, size_t ids_len) ++static int insert_matched_id(char **ids, map_t *matches, bool *value, size_t ids_len) + { + size_t i; + + for (i = 0; i < ids_len; i++) { + container_t *cont = containers_store_get_by_prefix(ids[i]); + if (cont != NULL) { +- bool inserted = map_insert(matches, cont->common_config->id, value); ++ bool inserted = map_insert(matches, (void *)cont->common_config->id, (void *)value); + container_unref(cont); + if (!inserted) { + ERROR("Insert map failed: %s", ids[i]); +diff --git a/src/daemon/executor/image_cb/image_cb.c b/src/daemon/executor/image_cb/image_cb.c +index 124feb21..61fa29db 100644 +--- a/src/daemon/executor/image_cb/image_cb.c ++++ b/src/daemon/executor/image_cb/image_cb.c +@@ -597,7 +597,7 @@ static int trans_one_image(image_list_images_response *response, size_t image_in + goto out; + } + +- if (!unix_nanos_to_timestamp(created_nanos, ×tamp) != 0) { ++ if (!unix_nanos_to_timestamp(created_nanos, ×tamp)) { + ERROR("Failed to translate nanos to timestamp"); + ret = -1; + goto out; +@@ -673,19 +673,6 @@ out: + return ret; + } + +-static im_list_request *image_list_context_new(const image_list_images_request *request) +-{ +- im_list_request *ctx = NULL; +- +- ctx = util_common_calloc_s(sizeof(im_list_request)); +- if (ctx == NULL) { +- ERROR("Out of memory"); +- return NULL; +- } +- +- return ctx; +-} +- + #ifdef ENABLE_OCI_IMAGE + struct image_list_context { + struct filters_args *image_filters; +@@ -731,11 +718,12 @@ static im_list_request *fold_filter(const image_list_images_request *request) + { + im_list_request *ctx = NULL; + +- ctx = image_list_context_new(request); ++ ctx = (im_list_request *)util_common_calloc_s(sizeof(im_list_request)); + if (ctx == NULL) { + ERROR("Out of memory"); + goto error_out; + } ++ + #ifdef ENABLE_OCI_IMAGE + size_t i; + if (request->filters == NULL) { +-- +2.40.1 + diff --git a/0007-2171-Fix-nullptr-in-src-daemon-entry.patch b/0007-2171-Fix-nullptr-in-src-daemon-entry.patch new file mode 100644 index 0000000..f412e22 --- /dev/null +++ b/0007-2171-Fix-nullptr-in-src-daemon-entry.patch @@ -0,0 +1,1807 @@ +From 290758ba7ee8ce9b1696628ee207bceed847d2d3 Mon Sep 17 00:00:00 2001 +From: xuxuepeng <xuxuepeng1@huawei.com> +Date: Tue, 5 Sep 2023 11:10:11 +0000 +Subject: [PATCH 07/33] !2171 Fix nullptr in src/daemon/entry * !2160 Fix + nullptr in src/daemon/entry + +--- + .../cri/v1/cri_v1_runtime_image_service.cc | 29 ++++- + .../cri/v1/cri_v1_runtime_runtime_service.cc | 116 ++++++++++++++++- + .../cri/v1alpha/cri_runtime_image_service.cc | 29 ++++- + .../v1alpha/cri_runtime_runtime_service.cc | 118 +++++++++++++++++- + .../connect/grpc/grpc_containers_service.cc | 35 ++++++ + .../entry/connect/grpc/grpc_images_service.cc | 40 ++++++ + .../connect/grpc/grpc_server_tls_auth.cc | 4 + + .../connect/grpc/grpc_volumes_service.cc | 15 +++ + .../entry/connect/rest/rest_service_common.c | 12 +- + src/daemon/entry/cri/network_plugin.h | 10 +- + .../v1/v1_cri_container_manager_service.cc | 18 ++- + .../cri/v1/v1_cri_container_manager_service.h | 8 +- + .../cri/v1/v1_cri_image_manager_service.h | 4 +- + .../v1/v1_cri_image_manager_service_impl.cc | 12 +- + .../v1/v1_cri_image_manager_service_impl.h | 8 +- + .../v1/v1_cri_pod_sandbox_manager_service.cc | 6 +- + .../v1/v1_cri_pod_sandbox_manager_service.h | 2 +- + .../entry/cri/v1/v1_cri_runtime_service.h | 6 +- + .../cri/v1/v1_cri_runtime_service_impl.cc | 6 +- + .../cri/v1/v1_cri_runtime_service_impl.h | 6 +- + .../v1alpha/cri_container_manager_service.cc | 18 ++- + .../v1alpha/cri_container_manager_service.h | 8 +- + .../cri/v1alpha/cri_image_manager_service.h | 4 +- + .../v1alpha/cri_image_manager_service_impl.cc | 12 +- + .../v1alpha/cri_image_manager_service_impl.h | 8 +- + .../cri_pod_sandbox_manager_service.cc | 12 +- + .../v1alpha/cri_pod_sandbox_manager_service.h | 6 +- + .../entry/cri/v1alpha/cri_runtime_service.h | 8 +- + .../cri/v1alpha/cri_runtime_service_impl.cc | 8 +- + .../cri/v1alpha/cri_runtime_service_impl.h | 8 +- + 30 files changed, 471 insertions(+), 105 deletions(-) + +diff --git a/src/daemon/entry/connect/grpc/cri/v1/cri_v1_runtime_image_service.cc b/src/daemon/entry/connect/grpc/cri/v1/cri_v1_runtime_image_service.cc +index f3e745ff..ac62b6eb 100644 +--- a/src/daemon/entry/connect/grpc/cri/v1/cri_v1_runtime_image_service.cc ++++ b/src/daemon/entry/connect/grpc/cri/v1/cri_v1_runtime_image_service.cc +@@ -33,6 +33,11 @@ grpc::Status RuntimeV1ImageServiceImpl::PullImage(grpc::ServerContext *context, + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + EVENT("Event: {Object: CRI, Type: Pulling image %s}", request->image().image().c_str()); + + std::string imageRef = rService->PullImage(request->image(), request->auth(), error); +@@ -54,9 +59,14 @@ grpc::Status RuntimeV1ImageServiceImpl::ListImages(grpc::ServerContext *context, + std::vector<std::unique_ptr<runtime::v1::Image>> images; + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + INFO("Event: {Object: CRI, Type: Listing all images}"); + +- rService->ListImages(request->filter(), &images, error); ++ rService->ListImages(request->filter(), images, error); + if (!error.Empty()) { + ERROR("{Object: CRI, Type: Failed to list all images: %s}", error.GetMessage().c_str()); + return grpc::Status(grpc::StatusCode::UNKNOWN, error.GetMessage()); +@@ -82,6 +92,11 @@ grpc::Status RuntimeV1ImageServiceImpl::ImageStatus(grpc::ServerContext *context + std::unique_ptr<runtime::v1::Image> image_info = nullptr; + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + INFO("Event: {Object: CRI, Type: Statusing image %s}", request->image().image().c_str()); + + image_info = rService->ImageStatus(request->image(), error); +@@ -108,9 +123,14 @@ grpc::Status RuntimeV1ImageServiceImpl::ImageFsInfo(grpc::ServerContext *context + std::vector<std::unique_ptr<runtime::v1::FilesystemUsage>> usages; + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + INFO("Event: {Object: CRI, Type: Statusing image fs info}"); + +- rService->ImageFsInfo(&usages, error); ++ rService->ImageFsInfo(usages, error); + if (!error.Empty()) { + ERROR("{Object: CRI, Type: Failed to status image fs info: %s}", error.GetMessage().c_str()); + return grpc::Status(grpc::StatusCode::UNKNOWN, error.GetMessage()); +@@ -135,6 +155,11 @@ grpc::Status RuntimeV1ImageServiceImpl::RemoveImage(grpc::ServerContext *context + { + Errors error; + ++ if (request == nullptr) { ++ ERROR("Invalid arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + EVENT("Event: {Object: CRI, Type: Removing image %s}", request->image().image().c_str()); + + rService->RemoveImage(request->image(), error); +diff --git a/src/daemon/entry/connect/grpc/cri/v1/cri_v1_runtime_runtime_service.cc b/src/daemon/entry/connect/grpc/cri/v1/cri_v1_runtime_runtime_service.cc +index d897119d..b8d5746c 100644 +--- a/src/daemon/entry/connect/grpc/cri/v1/cri_v1_runtime_runtime_service.cc ++++ b/src/daemon/entry/connect/grpc/cri/v1/cri_v1_runtime_runtime_service.cc +@@ -51,6 +51,11 @@ grpc::Status RuntimeV1RuntimeServiceImpl::Version(grpc::ServerContext *context, + runtime::v1::VersionResponse *reply) + { + Errors error; ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + m_rService->Version(request->version(), reply, error); + if (!error.Empty()) { + return grpc::Status(grpc::StatusCode::UNKNOWN, error.GetMessage()); +@@ -65,6 +70,11 @@ grpc::Status RuntimeV1RuntimeServiceImpl::CreateContainer(grpc::ServerContext *c + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + EVENT("Event: {Object: CRI, Type: Creating Container}"); + + std::string responseID = +@@ -86,6 +96,11 @@ grpc::Status RuntimeV1RuntimeServiceImpl::StartContainer(grpc::ServerContext *co + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + EVENT("Event: {Object: CRI, Type: Starting Container: %s}", request->container_id().c_str()); + + m_rService->StartContainer(request->container_id(), error); +@@ -105,6 +120,11 @@ grpc::Status RuntimeV1RuntimeServiceImpl::StopContainer(grpc::ServerContext *con + { + Errors error; + ++ if (request == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + EVENT("Event: {Object: CRI, Type: Stopping Container: %s}", request->container_id().c_str()); + + m_rService->StopContainer(request->container_id(), (int64_t)request->timeout(), error); +@@ -124,6 +144,11 @@ grpc::Status RuntimeV1RuntimeServiceImpl::RemoveContainer(grpc::ServerContext *c + { + Errors error; + ++ if (request == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + EVENT("Event: {Object: CRI, Type: Removing Container: %s}", request->container_id().c_str()); + + m_rService->RemoveContainer(request->container_id(), error); +@@ -143,10 +168,15 @@ grpc::Status RuntimeV1RuntimeServiceImpl::ListContainers(grpc::ServerContext *co + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + INFO("Event: {Object: CRI, Type: Listing all Container}"); + + std::vector<std::unique_ptr<runtime::v1::Container>> containers; +- m_rService->ListContainers(request->has_filter() ? &request->filter() : nullptr, &containers, error); ++ m_rService->ListContainers(request->has_filter() ? &request->filter() : nullptr, containers, error); + if (!error.Empty()) { + ERROR("Object: CRI, Type: Failed to list all containers %s", error.GetMessage().c_str()); + return grpc::Status(grpc::StatusCode::UNKNOWN, error.GetMessage()); +@@ -172,6 +202,11 @@ grpc::Status RuntimeV1RuntimeServiceImpl::ContainerStats(grpc::ServerContext *co + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + INFO("Event: {Object: CRI, Type: Getting Container Stats: %s}", request->container_id().c_str()); + + std::unique_ptr<runtime::v1::ContainerStats> contStats = +@@ -193,10 +228,15 @@ grpc::Status RuntimeV1RuntimeServiceImpl::ListContainerStats(grpc::ServerContext + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + INFO("Event: {Object: CRI, Type: Listing all Container stats}"); + + std::vector<std::unique_ptr<runtime::v1::ContainerStats>> containers; +- m_rService->ListContainerStats(request->has_filter() ? &request->filter() : nullptr, &containers, error); ++ m_rService->ListContainerStats(request->has_filter() ? &request->filter() : nullptr, containers, error); + if (!error.Empty()) { + ERROR("Object: CRI, Type: Failed to list all containers stat %s", error.GetMessage().c_str()); + return grpc::Status(grpc::StatusCode::UNKNOWN, error.GetMessage()); +@@ -222,6 +262,11 @@ grpc::Status RuntimeV1RuntimeServiceImpl::ContainerStatus(grpc::ServerContext *c + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + INFO("Event: {Object: CRI, Type: Statusing Container: %s}", request->container_id().c_str()); + + std::unique_ptr<runtime::v1::ContainerStatus> contStatus = +@@ -243,6 +288,11 @@ grpc::Status RuntimeV1RuntimeServiceImpl::ExecSync(grpc::ServerContext *context, + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + WARN("Event: {Object: CRI, Type: sync execing Container: %s}", request->container_id().c_str()); + + m_rService->ExecSync(request->container_id(), request->cmd(), request->timeout(), reply, error); +@@ -262,6 +312,11 @@ grpc::Status RuntimeV1RuntimeServiceImpl::RunPodSandbox(grpc::ServerContext *con + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + EVENT("Event: {Object: CRI, Type: Running Pod}"); + + std::string responseID = m_rService->RunPodSandbox(request->config(), request->runtime_handler(), error); +@@ -282,6 +337,11 @@ grpc::Status RuntimeV1RuntimeServiceImpl::StopPodSandbox(grpc::ServerContext *co + { + Errors error; + ++ if (request == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + EVENT("Event: {Object: CRI, Type: Stopping Pod: %s}", request->pod_sandbox_id().c_str()); + + m_rService->StopPodSandbox(request->pod_sandbox_id(), error); +@@ -302,6 +362,11 @@ grpc::Status RuntimeV1RuntimeServiceImpl::RemovePodSandbox(grpc::ServerContext * + { + Errors error; + ++ if (request == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + EVENT("Event: {Object: CRI, Type: Removing Pod: %s}", request->pod_sandbox_id().c_str()); + + m_rService->RemovePodSandbox(request->pod_sandbox_id(), error); +@@ -322,6 +387,11 @@ grpc::Status RuntimeV1RuntimeServiceImpl::PodSandboxStatus(grpc::ServerContext * + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + INFO("Event: {Object: CRI, Type: Status Pod: %s}", request->pod_sandbox_id().c_str()); + + std::unique_ptr<runtime::v1::PodSandboxStatus> podStatus; +@@ -344,6 +414,11 @@ grpc::Status RuntimeV1RuntimeServiceImpl::ListPodSandbox(grpc::ServerContext *co + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + INFO("Event: {Object: CRI, Type: Listing all Pods}"); + + std::vector<std::unique_ptr<runtime::v1::PodSandbox>> pods; +@@ -373,6 +448,11 @@ grpc::Status RuntimeV1RuntimeServiceImpl::PodSandboxStats(grpc::ServerContext *c + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + INFO("Event: {Object: CRI, Type: Stats Pod: %s}", request->pod_sandbox_id().c_str()); + + std::unique_ptr<runtime::v1::PodSandboxStats> podStats; +@@ -396,10 +476,15 @@ RuntimeV1RuntimeServiceImpl::ListPodSandboxStats(grpc::ServerContext *context, + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + INFO("Event: {Object: CRI, Type: Listing Pods Stats}"); + + std::vector<std::unique_ptr<runtime::v1::PodSandboxStats>> podsStats; +- m_rService->ListPodSandboxStats(request->has_filter() ? &request->filter() : nullptr, &podsStats, error); ++ m_rService->ListPodSandboxStats(request->has_filter() ? &request->filter() : nullptr, podsStats, error); + if (!error.Empty()) { + ERROR("Object: CRI, Type: Failed to list pods stats: %s", error.GetCMessage()); + return grpc::Status(grpc::StatusCode::UNKNOWN, error.GetMessage()); +@@ -425,6 +510,11 @@ RuntimeV1RuntimeServiceImpl::UpdateContainerResources(grpc::ServerContext *conte + { + Errors error; + ++ if (request == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + WARN("Event: {Object: CRI, Type: Updating container resources: %s}", request->container_id().c_str()); + + m_rService->UpdateContainerResources(request->container_id(), request->linux(), error); +@@ -445,6 +535,11 @@ grpc::Status RuntimeV1RuntimeServiceImpl::Exec(grpc::ServerContext *context, + { + Errors error; + ++ if (request == nullptr || response == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + EVENT("Event: {Object: CRI, Type: execing Container: %s}", request->container_id().c_str()); + + m_rService->Exec(*request, response, error); +@@ -465,6 +560,11 @@ grpc::Status RuntimeV1RuntimeServiceImpl::Attach(grpc::ServerContext *context, + { + Errors error; + ++ if (request == nullptr || response == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + EVENT("Event: {Object: CRI, Type: attaching Container: %s}", request->container_id().c_str()); + + m_rService->Attach(*request, response, error); +@@ -486,6 +586,11 @@ RuntimeV1RuntimeServiceImpl::UpdateRuntimeConfig(grpc::ServerContext *context, + { + Errors error; + ++ if (request == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + EVENT("Event: {Object: CRI, Type: Updating Runtime Config}"); + + m_rService->UpdateRuntimeConfig(request->runtime_config(), error); +@@ -505,6 +610,11 @@ grpc::Status RuntimeV1RuntimeServiceImpl::Status(grpc::ServerContext *context, + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + INFO("Event: {Object: CRI, Type: Statusing daemon}"); + + std::unique_ptr<runtime::v1::RuntimeStatus> status = m_rService->Status(error); +diff --git a/src/daemon/entry/connect/grpc/cri/v1alpha/cri_runtime_image_service.cc b/src/daemon/entry/connect/grpc/cri/v1alpha/cri_runtime_image_service.cc +index b724e729..1353933b 100644 +--- a/src/daemon/entry/connect/grpc/cri/v1alpha/cri_runtime_image_service.cc ++++ b/src/daemon/entry/connect/grpc/cri/v1alpha/cri_runtime_image_service.cc +@@ -33,6 +33,11 @@ grpc::Status RuntimeImageServiceImpl::PullImage(grpc::ServerContext *context, + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + EVENT("Event: {Object: CRI, Type: Pulling image %s}", request->image().image().c_str()); + + std::string imageRef = rService->PullImage(request->image(), request->auth(), error); +@@ -54,9 +59,14 @@ grpc::Status RuntimeImageServiceImpl::ListImages(grpc::ServerContext *context, + std::vector<std::unique_ptr<runtime::v1alpha2::Image>> images; + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + INFO("Event: {Object: CRI, Type: Listing all images}"); + +- rService->ListImages(request->filter(), &images, error); ++ rService->ListImages(request->filter(), images, error); + if (!error.Empty()) { + ERROR("{Object: CRI, Type: Failed to list all images: %s}", error.GetMessage().c_str()); + return grpc::Status(grpc::StatusCode::UNKNOWN, error.GetMessage()); +@@ -82,6 +92,11 @@ grpc::Status RuntimeImageServiceImpl::ImageStatus(grpc::ServerContext *context, + std::unique_ptr<runtime::v1alpha2::Image> image_info = nullptr; + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + INFO("Event: {Object: CRI, Type: Statusing image %s}", request->image().image().c_str()); + + image_info = rService->ImageStatus(request->image(), error); +@@ -108,9 +123,14 @@ grpc::Status RuntimeImageServiceImpl::ImageFsInfo(grpc::ServerContext *context, + std::vector<std::unique_ptr<runtime::v1alpha2::FilesystemUsage>> usages; + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + INFO("Event: {Object: CRI, Type: Statusing image fs info}"); + +- rService->ImageFsInfo(&usages, error); ++ rService->ImageFsInfo(usages, error); + if (!error.Empty()) { + ERROR("{Object: CRI, Type: Failed to status image fs info: %s}", error.GetMessage().c_str()); + return grpc::Status(grpc::StatusCode::UNKNOWN, error.GetMessage()); +@@ -135,6 +155,11 @@ grpc::Status RuntimeImageServiceImpl::RemoveImage(grpc::ServerContext *context, + { + Errors error; + ++ if (request == nullptr) { ++ ERROR("Invalid arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + EVENT("Event: {Object: CRI, Type: Removing image %s}", request->image().image().c_str()); + + rService->RemoveImage(request->image(), error); +diff --git a/src/daemon/entry/connect/grpc/cri/v1alpha/cri_runtime_runtime_service.cc b/src/daemon/entry/connect/grpc/cri/v1alpha/cri_runtime_runtime_service.cc +index 28775554..ec3f01cd 100644 +--- a/src/daemon/entry/connect/grpc/cri/v1alpha/cri_runtime_runtime_service.cc ++++ b/src/daemon/entry/connect/grpc/cri/v1alpha/cri_runtime_runtime_service.cc +@@ -49,6 +49,11 @@ grpc::Status RuntimeRuntimeServiceImpl::Version(grpc::ServerContext *context, + runtime::v1alpha2::VersionResponse *reply) + { + Errors error; ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + m_rService->Version(request->version(), reply, error); + if (!error.Empty()) { + return grpc::Status(grpc::StatusCode::UNKNOWN, error.GetMessage()); +@@ -63,6 +68,11 @@ grpc::Status RuntimeRuntimeServiceImpl::CreateContainer(grpc::ServerContext *con + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + EVENT("Event: {Object: CRI, Type: Creating Container}"); + + std::string responseID = +@@ -84,6 +94,11 @@ grpc::Status RuntimeRuntimeServiceImpl::StartContainer(grpc::ServerContext *cont + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + EVENT("Event: {Object: CRI, Type: Starting Container: %s}", request->container_id().c_str()); + + m_rService->StartContainer(request->container_id(), error); +@@ -103,6 +118,11 @@ grpc::Status RuntimeRuntimeServiceImpl::StopContainer(grpc::ServerContext *conte + { + Errors error; + ++ if (request == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + EVENT("Event: {Object: CRI, Type: Stopping Container: %s}", request->container_id().c_str()); + + m_rService->StopContainer(request->container_id(), (int64_t)request->timeout(), error); +@@ -122,6 +142,11 @@ grpc::Status RuntimeRuntimeServiceImpl::RemoveContainer(grpc::ServerContext *con + { + Errors error; + ++ if (request == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + EVENT("Event: {Object: CRI, Type: Removing Container: %s}", request->container_id().c_str()); + + m_rService->RemoveContainer(request->container_id(), error); +@@ -141,10 +166,15 @@ grpc::Status RuntimeRuntimeServiceImpl::ListContainers(grpc::ServerContext *cont + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + INFO("Event: {Object: CRI, Type: Listing all Container}"); + + std::vector<std::unique_ptr<runtime::v1alpha2::Container>> containers; +- m_rService->ListContainers(request->has_filter() ? &request->filter() : nullptr, &containers, error); ++ m_rService->ListContainers(request->has_filter() ? &request->filter() : nullptr, containers, error); + if (!error.Empty()) { + ERROR("Object: CRI, Type: Failed to list all containers %s", error.GetMessage().c_str()); + return grpc::Status(grpc::StatusCode::UNKNOWN, error.GetMessage()); +@@ -170,6 +200,11 @@ grpc::Status RuntimeRuntimeServiceImpl::ContainerStats(grpc::ServerContext *cont + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + INFO("Event: {Object: CRI, Type: Getting Container Stats: %s}", request->container_id().c_str()); + + std::unique_ptr<runtime::v1alpha2::ContainerStats> contStats = +@@ -191,10 +226,15 @@ grpc::Status RuntimeRuntimeServiceImpl::ListContainerStats(grpc::ServerContext * + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + INFO("Event: {Object: CRI, Type: Listing all Container stats}"); + + std::vector<std::unique_ptr<runtime::v1alpha2::ContainerStats>> containers; +- m_rService->ListContainerStats(request->has_filter() ? &request->filter() : nullptr, &containers, error); ++ m_rService->ListContainerStats(request->has_filter() ? &request->filter() : nullptr, containers, error); + if (!error.Empty()) { + ERROR("Object: CRI, Type: Failed to list all containers stat %s", error.GetMessage().c_str()); + return grpc::Status(grpc::StatusCode::UNKNOWN, error.GetMessage()); +@@ -220,6 +260,11 @@ grpc::Status RuntimeRuntimeServiceImpl::ContainerStatus(grpc::ServerContext *con + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + INFO("Event: {Object: CRI, Type: Statusing Container: %s}", request->container_id().c_str()); + + std::unique_ptr<runtime::v1alpha2::ContainerStatus> contStatus = +@@ -241,6 +286,11 @@ grpc::Status RuntimeRuntimeServiceImpl::ExecSync(grpc::ServerContext *context, + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + WARN("Event: {Object: CRI, Type: sync execing Container: %s}", request->container_id().c_str()); + + m_rService->ExecSync(request->container_id(), request->cmd(), request->timeout(), reply, error); +@@ -260,6 +310,11 @@ grpc::Status RuntimeRuntimeServiceImpl::RunPodSandbox(grpc::ServerContext *conte + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + EVENT("Event: {Object: CRI, Type: Running Pod}"); + + std::string responseID = m_rService->RunPodSandbox(request->config(), request->runtime_handler(), error); +@@ -280,6 +335,11 @@ grpc::Status RuntimeRuntimeServiceImpl::StopPodSandbox(grpc::ServerContext *cont + { + Errors error; + ++ if (request == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + EVENT("Event: {Object: CRI, Type: Stopping Pod: %s}", request->pod_sandbox_id().c_str()); + + m_rService->StopPodSandbox(request->pod_sandbox_id(), error); +@@ -300,6 +360,11 @@ grpc::Status RuntimeRuntimeServiceImpl::RemovePodSandbox(grpc::ServerContext *co + { + Errors error; + ++ if (request == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + EVENT("Event: {Object: CRI, Type: Removing Pod: %s}", request->pod_sandbox_id().c_str()); + + m_rService->RemovePodSandbox(request->pod_sandbox_id(), error); +@@ -320,6 +385,11 @@ grpc::Status RuntimeRuntimeServiceImpl::PodSandboxStatus(grpc::ServerContext *co + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + INFO("Event: {Object: CRI, Type: Status Pod: %s}", request->pod_sandbox_id().c_str()); + + std::unique_ptr<runtime::v1alpha2::PodSandboxStatus> podStatus; +@@ -342,10 +412,15 @@ grpc::Status RuntimeRuntimeServiceImpl::ListPodSandbox(grpc::ServerContext *cont + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + INFO("Event: {Object: CRI, Type: Listing all Pods}"); + + std::vector<std::unique_ptr<runtime::v1alpha2::PodSandbox>> pods; +- m_rService->ListPodSandbox(request->has_filter() ? &request->filter() : nullptr, &pods, error); ++ m_rService->ListPodSandbox(request->has_filter() ? &request->filter() : nullptr, pods, error); + if (!error.Empty()) { + ERROR("Object: CRI, Type: Failed to list all pods: %s", error.GetMessage().c_str()); + return grpc::Status(grpc::StatusCode::UNKNOWN, error.GetMessage()); +@@ -370,6 +445,11 @@ grpc::Status RuntimeRuntimeServiceImpl::PodSandboxStats(grpc::ServerContext *con + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + INFO("Event: {Object: CRI, Type: Stats Pod: %s}", request->pod_sandbox_id().c_str()); + + std::unique_ptr<runtime::v1alpha2::PodSandboxStats> podStats; +@@ -393,10 +473,15 @@ RuntimeRuntimeServiceImpl::ListPodSandboxStats(grpc::ServerContext *context, + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + INFO("Event: {Object: CRI, Type: Listing Pods Stats}"); + + std::vector<std::unique_ptr<runtime::v1alpha2::PodSandboxStats>> podsStats; +- m_rService->ListPodSandboxStats(request->has_filter() ? &request->filter() : nullptr, &podsStats, error); ++ m_rService->ListPodSandboxStats(request->has_filter() ? &request->filter() : nullptr, podsStats, error); + if (!error.Empty()) { + ERROR("Object: CRI, Type: Failed to list pods stats: %s", error.GetCMessage()); + return grpc::Status(grpc::StatusCode::UNKNOWN, error.GetMessage()); +@@ -422,6 +507,11 @@ RuntimeRuntimeServiceImpl::UpdateContainerResources(grpc::ServerContext *context + { + Errors error; + ++ if (request == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + WARN("Event: {Object: CRI, Type: Updating container resources: %s}", request->container_id().c_str()); + + m_rService->UpdateContainerResources(request->container_id(), request->linux(), error); +@@ -442,6 +532,11 @@ grpc::Status RuntimeRuntimeServiceImpl::Exec(grpc::ServerContext *context, + { + Errors error; + ++ if (request == nullptr || response == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + EVENT("Event: {Object: CRI, Type: execing Container: %s}", request->container_id().c_str()); + + m_rService->Exec(*request, response, error); +@@ -462,6 +557,11 @@ grpc::Status RuntimeRuntimeServiceImpl::Attach(grpc::ServerContext *context, + { + Errors error; + ++ if (request == nullptr || response == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + EVENT("Event: {Object: CRI, Type: attaching Container: %s}", request->container_id().c_str()); + + m_rService->Attach(*request, response, error); +@@ -483,6 +583,11 @@ RuntimeRuntimeServiceImpl::UpdateRuntimeConfig(grpc::ServerContext *context, + { + Errors error; + ++ if (request == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + EVENT("Event: {Object: CRI, Type: Updating Runtime Config}"); + + m_rService->UpdateRuntimeConfig(request->runtime_config(), error); +@@ -502,6 +607,11 @@ grpc::Status RuntimeRuntimeServiceImpl::Status(grpc::ServerContext *context, + { + Errors error; + ++ if (request == nullptr || reply == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ + INFO("Event: {Object: CRI, Type: Statusing daemon}"); + + std::unique_ptr<runtime::v1alpha2::RuntimeStatus> status = m_rService->Status(error); +diff --git a/src/daemon/entry/connect/grpc/grpc_containers_service.cc b/src/daemon/entry/connect/grpc/grpc_containers_service.cc +index 76f597b5..ab3f6ab7 100644 +--- a/src/daemon/entry/connect/grpc/grpc_containers_service.cc ++++ b/src/daemon/entry/connect/grpc/grpc_containers_service.cc +@@ -430,6 +430,11 @@ Status ContainerServiceImpl::RemoteExec(ServerContext *context, + container_exec_request *container_req = nullptr; + container_exec_response *container_res = nullptr; + ++ if (context == nullptr || stream == nullptr) { ++ ERROR("Invalid arguments"); ++ return Status(StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + prctl(PR_SET_NAME, "ContRExec"); + + auto status = GrpcServerTlsAuth::auth(context, "container_exec_create"); +@@ -599,6 +604,11 @@ Status ContainerServiceImpl::Attach(ServerContext *context, ServerReaderWriter<A + sem_t sem_stderr; + int pipefd[2] = { -1, -1 }; + ++ if (context == nullptr || stream == nullptr) { ++ ERROR("Invalid arguments"); ++ return Status(StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + prctl(PR_SET_NAME, "ContAttach"); + + auto status = AttachInit(context, &cb, &container_req, &container_res, &sem_stderr, pipefd); +@@ -704,6 +714,11 @@ Status ContainerServiceImpl::Wait(ServerContext *context, const WaitRequest *req + container_wait_request *container_req = nullptr; + container_wait_response *container_res = nullptr; + ++ if (context == nullptr || request == nullptr || reply == nullptr) { ++ ERROR("Invalid arguments"); ++ return Status(StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + prctl(PR_SET_NAME, "ContWait"); + + auto status = GrpcServerTlsAuth::auth(context, "container_wait"); +@@ -738,6 +753,11 @@ Status ContainerServiceImpl::Events(ServerContext *context, const EventsRequest + isulad_events_request *isuladreq = nullptr; + stream_func_wrapper stream = { 0 }; + ++ if (context == nullptr || request == nullptr) { ++ ERROR("Invalid arguments"); ++ return Status(StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + prctl(PR_SET_NAME, "ContEvents"); + + auto status = GrpcServerTlsAuth::auth(context, "docker_events"); +@@ -776,6 +796,11 @@ Status ContainerServiceImpl::CopyFromContainer(ServerContext *context, const Cop + service_executor_t *cb = nullptr; + isulad_copy_from_container_request *isuladreq = nullptr; + ++ if (context == nullptr || request == nullptr) { ++ ERROR("Invalid arguments"); ++ return Status(StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + prctl(PR_SET_NAME, "ContCopyFrom"); + + auto status = GrpcServerTlsAuth::auth(context, "container_archive"); +@@ -820,6 +845,11 @@ ContainerServiceImpl::CopyToContainer(ServerContext *context, + service_executor_t *cb = nullptr; + container_copy_to_request *isuladreq = nullptr; + ++ if (context == nullptr) { ++ ERROR("Invalid arguments"); ++ return Status(StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + prctl(PR_SET_NAME, "ContCopyTo"); + + auto status = GrpcServerTlsAuth::auth(context, "container_archive"); +@@ -929,6 +959,11 @@ Status ContainerServiceImpl::Logs(ServerContext *context, const LogsRequest *req + struct isulad_logs_response *isulad_response = nullptr; + stream_func_wrapper stream = { 0 }; + ++ if (context == nullptr || request == nullptr) { ++ ERROR("Invalid arguments"); ++ return Status(StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + prctl(PR_SET_NAME, "ContLogs"); + + auto status = GrpcServerTlsAuth::auth(context, "container_logs"); +diff --git a/src/daemon/entry/connect/grpc/grpc_images_service.cc b/src/daemon/entry/connect/grpc/grpc_images_service.cc +index 903b92ca..5d3fac6b 100644 +--- a/src/daemon/entry/connect/grpc/grpc_images_service.cc ++++ b/src/daemon/entry/connect/grpc/grpc_images_service.cc +@@ -243,6 +243,11 @@ void ImagesServiceImpl::inspect_response_to_grpc(const image_inspect_response *r + + Status ImagesServiceImpl::List(ServerContext *context, const ListImagesRequest *request, ListImagesResponse *reply) + { ++ if (context == nullptr || request == nullptr || reply == nullptr) { ++ ERROR("Invalid arguments"); ++ return Status(StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + prctl(PR_SET_NAME, "ImageList"); + + auto status = GrpcServerTlsAuth::auth(context, "image_list"); +@@ -274,6 +279,11 @@ Status ImagesServiceImpl::List(ServerContext *context, const ListImagesRequest * + + Status ImagesServiceImpl::Delete(ServerContext *context, const DeleteImageRequest *request, DeleteImageResponse *reply) + { ++ if (context == nullptr || request == nullptr || reply == nullptr) { ++ ERROR("Invalid arguments"); ++ return Status(StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + prctl(PR_SET_NAME, "ImageDelete"); + + auto status = GrpcServerTlsAuth::auth(context, "image_delete"); +@@ -305,6 +315,11 @@ Status ImagesServiceImpl::Delete(ServerContext *context, const DeleteImageReques + + Status ImagesServiceImpl::Tag(ServerContext *context, const TagImageRequest *request, TagImageResponse *reply) + { ++ if (context == nullptr || request == nullptr || reply == nullptr) { ++ ERROR("Invalid arguments"); ++ return Status(StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + prctl(PR_SET_NAME, "ImageTag"); + + auto status = GrpcServerTlsAuth::auth(context, "image_tag"); +@@ -352,6 +367,11 @@ void ImagesServiceImpl::import_response_to_grpc(const image_import_response *res + + Status ImagesServiceImpl::Import(ServerContext *context, const ImportRequest *request, ImportResponse *reply) + { ++ if (context == nullptr || request == nullptr || reply == nullptr) { ++ ERROR("Invalid arguments"); ++ return Status(StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + prctl(PR_SET_NAME, "ImageImport"); + + auto status = GrpcServerTlsAuth::auth(context, "image_import"); +@@ -383,6 +403,11 @@ Status ImagesServiceImpl::Import(ServerContext *context, const ImportRequest *re + + Status ImagesServiceImpl::Load(ServerContext *context, const LoadImageRequest *request, LoadImageResponse *reply) + { ++ if (context == nullptr || request == nullptr || reply == nullptr) { ++ ERROR("Invalid arguments"); ++ return Status(StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + prctl(PR_SET_NAME, "ImageLoad"); + + auto status = GrpcServerTlsAuth::auth(context, "image_load"); +@@ -420,6 +445,11 @@ Status ImagesServiceImpl::Inspect(ServerContext *context, const InspectImageRequ + image_inspect_request *image_req = nullptr; + image_inspect_response *image_res = nullptr; + ++ if (context == nullptr || request == nullptr || reply == nullptr) { ++ ERROR("Invalid arguments"); ++ return Status(StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + prctl(PR_SET_NAME, "ImageInspect"); + + Status status = GrpcServerTlsAuth::auth(context, "image_inspect"); +@@ -494,6 +524,11 @@ int ImagesServiceImpl::image_logout_request_from_grpc(const LogoutRequest *grequ + + Status ImagesServiceImpl::Login(ServerContext *context, const LoginRequest *request, LoginResponse *reply) + { ++ if (context == nullptr || request == nullptr || reply == nullptr) { ++ ERROR("Invalid arguments"); ++ return Status(StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + prctl(PR_SET_NAME, "RegistryLogin"); + + auto status = GrpcServerTlsAuth::auth(context, "login"); +@@ -527,6 +562,11 @@ Status ImagesServiceImpl::Login(ServerContext *context, const LoginRequest *requ + + Status ImagesServiceImpl::Logout(ServerContext *context, const LogoutRequest *request, LogoutResponse *reply) + { ++ if (context == nullptr || request == nullptr || reply == nullptr) { ++ ERROR("Invalid arguments"); ++ return Status(StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + prctl(PR_SET_NAME, "RegistryLogout"); + + auto status = GrpcServerTlsAuth::auth(context, "logout"); +diff --git a/src/daemon/entry/connect/grpc/grpc_server_tls_auth.cc b/src/daemon/entry/connect/grpc/grpc_server_tls_auth.cc +index 968a6dfe..2656a9bf 100644 +--- a/src/daemon/entry/connect/grpc/grpc_server_tls_auth.cc ++++ b/src/daemon/entry/connect/grpc/grpc_server_tls_auth.cc +@@ -27,6 +27,10 @@ namespace GrpcServerTlsAuth { + Status auth(ServerContext *context, const std::string &action) + { + #ifdef ENABLE_GRPC_REMOTE_CONNECT ++ if (context == nullptr) { ++ return Status(StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + const std::multimap<grpc::string_ref, grpc::string_ref> &init_metadata = context->client_metadata(); + auto tls_mode_kv = init_metadata.find("tls_mode"); + if (tls_mode_kv == init_metadata.end()) { +diff --git a/src/daemon/entry/connect/grpc/grpc_volumes_service.cc b/src/daemon/entry/connect/grpc/grpc_volumes_service.cc +index 8b090486..004b57b2 100644 +--- a/src/daemon/entry/connect/grpc/grpc_volumes_service.cc ++++ b/src/daemon/entry/connect/grpc/grpc_volumes_service.cc +@@ -118,6 +118,11 @@ int VolumeServiceImpl::volume_prune_response_to_grpc(volume_prune_volume_respons + + Status VolumeServiceImpl::List(ServerContext *context, const ListVolumeRequest *request, ListVolumeResponse *reply) + { ++ if (context == nullptr || request == nullptr || reply == nullptr) { ++ ERROR("Invalid arguments"); ++ return Status(StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + auto status = GrpcServerTlsAuth::auth(context, "volume_list"); + if (!status.ok()) { + return status; +@@ -152,6 +157,11 @@ Status VolumeServiceImpl::List(ServerContext *context, const ListVolumeRequest * + Status VolumeServiceImpl::Remove(ServerContext *context, const RemoveVolumeRequest *request, + RemoveVolumeResponse *reply) + { ++ if (context == nullptr || request == nullptr || reply == nullptr) { ++ ERROR("Invalid arguments"); ++ return Status(StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + auto status = GrpcServerTlsAuth::auth(context, "volume_remove"); + if (!status.ok()) { + return status; +@@ -185,6 +195,11 @@ Status VolumeServiceImpl::Remove(ServerContext *context, const RemoveVolumeReque + + Status VolumeServiceImpl::Prune(ServerContext *context, const PruneVolumeRequest *request, PruneVolumeResponse *reply) + { ++ if (context == nullptr || request == nullptr || reply == nullptr) { ++ ERROR("Invalid arguments"); ++ return Status(StatusCode::INVALID_ARGUMENT, "Invalid arguments"); ++ } ++ + auto status = GrpcServerTlsAuth::auth(context, "volume_prune"); + if (!status.ok()) { + return status; +diff --git a/src/daemon/entry/connect/rest/rest_service_common.c b/src/daemon/entry/connect/rest/rest_service_common.c +index 54ac5c95..c4161d02 100644 +--- a/src/daemon/entry/connect/rest/rest_service_common.c ++++ b/src/daemon/entry/connect/rest/rest_service_common.c +@@ -26,7 +26,7 @@ + /* get body */ + int get_body(const evhtp_request_t *req, size_t *size_out, char **record_out) + { +- evbuf_t *buf = req->buffer_in; ++ evbuf_t *buf = NULL; + size_t read_count = 0; + size_t total = 0; + size_t content_len = 0; +@@ -34,6 +34,12 @@ int get_body(const evhtp_request_t *req, size_t *size_out, char **record_out) + char *body_p = NULL; + int ret = 0; + ++ if (req == NULL || size_out == NULL || record_out == NULL) { ++ ERROR("Invalid input arguments"); ++ return -1; ++ } ++ ++ buf = req->buffer_in; + content_len = (size_t)evbuffer_get_length(buf); + + if (content_len >= MAX_BODY_SIZE) { +@@ -81,6 +87,10 @@ empty: + /* evhtp send repsponse */ + void evhtp_send_response(evhtp_request_t *req, const char *responsedata, int rescode) + { ++ if (req == NULL || responsedata == NULL) { ++ ERROR("Invalid input arguments"); ++ return; ++ } + evhtp_headers_add_header(req->headers_out, evhtp_header_new("Content-Type", "application/json", 0, 0)); + evbuffer_add(req->buffer_out, responsedata, strlen(responsedata)); + evhtp_send_reply(req, rescode); +diff --git a/src/daemon/entry/cri/network_plugin.h b/src/daemon/entry/cri/network_plugin.h +index 09b0987a..3cb003ba 100644 +--- a/src/daemon/entry/cri/network_plugin.h ++++ b/src/daemon/entry/cri/network_plugin.h +@@ -30,11 +30,11 @@ const std::string POD_DISABLE_DEFAULT_NET_ANNOTATION_KEY = "network.alpha.kubern + class NetworkPluginConf { + public: + /* settings for net plugin */ +- NetworkPluginConf(const std::string &dockershimRootDirectory = "/var/lib/isulad/shim", +- const std::string &pluginConfDir = "/etc/cni/net.d/", +- const std::string &pluginBinDir = "/opt/cni/bin", const std::string &pluginName = "", +- const std::string &hairpinMode = "hairpin-veth", const std::string &nonMasqueradeCIDR = "", +- int32_t mtu = 1460) ++ explicit NetworkPluginConf(const std::string &dockershimRootDirectory = "/var/lib/isulad/shim", ++ const std::string &pluginConfDir = "/etc/cni/net.d/", ++ const std::string &pluginBinDir = "/opt/cni/bin", const std::string &pluginName = "", ++ const std::string &hairpinMode = "hairpin-veth", const std::string &nonMasqueradeCIDR = "", ++ int32_t mtu = 1460) + : m_dockershimRootDirectory(dockershimRootDirectory), + m_pluginConfDir(pluginConfDir), + m_pluginBinDir(pluginBinDir), +diff --git a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc +index ba95f684..ecb7ffbd 100644 +--- a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc ++++ b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc +@@ -653,7 +653,7 @@ void ContainerManagerService::ListContainersFromGRPC(const runtime::v1::Containe + } + + void ContainerManagerService::ListContainersToGRPC(container_list_response *response, +- std::vector<std::unique_ptr<runtime::v1::Container>> *containers, ++ std::vector<std::unique_ptr<runtime::v1::Container>> &containers, + Errors &error) + { + for (size_t i {}; i < response->containers_len; i++) { +@@ -700,12 +700,12 @@ void ContainerManagerService::ListContainersToGRPC(container_list_response *resp + CRIHelpersV1::ContainerStatusToRuntime(Container_Status(response->containers[i]->status)); + container->set_state(state); + +- containers->push_back(move(container)); ++ containers.push_back(move(container)); + } + } + + void ContainerManagerService::ListContainers(const runtime::v1::ContainerFilter *filter, +- std::vector<std::unique_ptr<runtime::v1::Container>> *containers, ++ std::vector<std::unique_ptr<runtime::v1::Container>> &containers, + Errors &error) + { + if (m_cb == nullptr || m_cb->container.list == nullptr) { +@@ -856,7 +856,7 @@ void ContainerManagerService::PackContainerStatsFilesystemUsage( + + void ContainerManagerService::ContainerStatsToGRPC( + container_stats_response *response, +- std::vector<std::unique_ptr<runtime::v1::ContainerStats>> *containerstats, Errors &error) ++ std::vector<std::unique_ptr<runtime::v1::ContainerStats>> &containerstats, Errors &error) + { + if (response == nullptr) { + return; +@@ -906,22 +906,18 @@ void ContainerManagerService::ContainerStatsToGRPC( + if (response->container_stats[i]->major_page_faults != 0u) { + container->mutable_memory()->mutable_major_page_faults()->set_value(response->container_stats[i]->major_page_faults); + } +- containerstats->push_back(std::move(container)); ++ containerstats.push_back(std::move(container)); + } + } + + void ContainerManagerService::ListContainerStats( + const runtime::v1::ContainerStatsFilter *filter, +- std::vector<std::unique_ptr<runtime::v1::ContainerStats>> *containerstats, Errors &error) ++ std::vector<std::unique_ptr<runtime::v1::ContainerStats>> &containerstats, Errors &error) + { + if (m_cb == nullptr || m_cb->container.stats == nullptr) { + error.SetError("Unimplemented callback"); + return; + } +- if (containerstats == nullptr) { +- error.SetError("Invalid arguments"); +- return; +- } + + container_stats_response *response { nullptr }; + container_stats_request *request = (container_stats_request *)util_common_calloc_s(sizeof(container_stats_request)); +@@ -998,7 +994,7 @@ auto ContainerManagerService::ContainerStats(const std::string &containerID, Err + goto cleanup; + } + +- ContainerStatsToGRPC(response, &contStatsVec, error); ++ ContainerStatsToGRPC(response, contStatsVec, error); + if (error.NotEmpty()) { + goto cleanup; + } +diff --git a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.h b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.h +index 83f4acbe..4f349829 100644 +--- a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.h ++++ b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.h +@@ -50,10 +50,10 @@ public: + void RemoveContainer(const std::string &containerID, Errors &error); + + void ListContainers(const runtime::v1::ContainerFilter *filter, +- std::vector<std::unique_ptr<runtime::v1::Container>> *containers, Errors &error); ++ std::vector<std::unique_ptr<runtime::v1::Container>> &containers, Errors &error); + + void ListContainerStats(const runtime::v1::ContainerStatsFilter *filter, +- std::vector<std::unique_ptr<runtime::v1::ContainerStats>> *containerstats, ++ std::vector<std::unique_ptr<runtime::v1::ContainerStats>> &containerstats, + Errors &error); + + auto ContainerStats(const std::string &containerID, Errors &error) +@@ -99,11 +99,11 @@ private: + void ListContainersFromGRPC(const runtime::v1::ContainerFilter *filter, container_list_request **request, + Errors &error); + void ListContainersToGRPC(container_list_response *response, +- std::vector<std::unique_ptr<runtime::v1::Container>> *pods, Errors &error); ++ std::vector<std::unique_ptr<runtime::v1::Container>> &pods, Errors &error); + auto PackContainerStatsFilter(const runtime::v1::ContainerStatsFilter *filter, + container_stats_request *request, Errors &error) -> int; + void ContainerStatsToGRPC(container_stats_response *response, +- std::vector<std::unique_ptr<runtime::v1::ContainerStats>> *containerstats, ++ std::vector<std::unique_ptr<runtime::v1::ContainerStats>> &containerstats, + Errors &error); + void PackContainerStatsAttributes(const char *id, std::unique_ptr<runtime::v1::ContainerStats> &container, + Errors &error); +diff --git a/src/daemon/entry/cri/v1/v1_cri_image_manager_service.h b/src/daemon/entry/cri/v1/v1_cri_image_manager_service.h +index 66af0abe..3a5fdf8c 100644 +--- a/src/daemon/entry/cri/v1/v1_cri_image_manager_service.h ++++ b/src/daemon/entry/cri/v1/v1_cri_image_manager_service.h +@@ -28,7 +28,7 @@ public: + virtual ~ImageManagerService() = default; + + virtual void ListImages(const runtime::v1::ImageFilter &filter, +- std::vector<std::unique_ptr<runtime::v1::Image>> *images, Errors &error) = 0; ++ std::vector<std::unique_ptr<runtime::v1::Image>> &images, Errors &error) = 0; + + virtual auto ImageStatus(const runtime::v1::ImageSpec &image, + Errors &error) -> std::unique_ptr<runtime::v1::Image> = 0; +@@ -38,7 +38,7 @@ public: + + virtual void RemoveImage(const runtime::v1::ImageSpec &image, Errors &error) = 0; + +- virtual void ImageFsInfo(std::vector<std::unique_ptr<runtime::v1::FilesystemUsage>> *usages, ++ virtual void ImageFsInfo(std::vector<std::unique_ptr<runtime::v1::FilesystemUsage>> &usages, + Errors &error) = 0; + }; + } // namespace CRIV1 +diff --git a/src/daemon/entry/cri/v1/v1_cri_image_manager_service_impl.cc b/src/daemon/entry/cri/v1/v1_cri_image_manager_service_impl.cc +index 763b6cd5..b74834fb 100644 +--- a/src/daemon/entry/cri/v1/v1_cri_image_manager_service_impl.cc ++++ b/src/daemon/entry/cri/v1/v1_cri_image_manager_service_impl.cc +@@ -133,7 +133,7 @@ auto ImageManagerServiceImpl::list_request_from_grpc(const runtime::v1::ImageFil + } + + void ImageManagerServiceImpl::list_images_to_grpc(im_list_response *response, +- std::vector<std::unique_ptr<runtime::v1::Image>> *images, ++ std::vector<std::unique_ptr<runtime::v1::Image>> &images, + Errors &error) + { + imagetool_images_list *list_images = response->images; +@@ -150,12 +150,12 @@ void ImageManagerServiceImpl::list_images_to_grpc(im_list_response *response, + + imagetool_image_summary *element = list_images->images[i]; + conv_image_to_grpc(element, image); +- images->push_back(move(image)); ++ images.push_back(move(image)); + } + } + + void ImageManagerServiceImpl::ListImages(const runtime::v1::ImageFilter &filter, +- std::vector<std::unique_ptr<runtime::v1::Image>> *images, Errors &error) ++ std::vector<std::unique_ptr<runtime::v1::Image>> &images, Errors &error) + { + im_list_request *request { nullptr }; + im_list_response *response { nullptr }; +@@ -331,7 +331,7 @@ cleanup: + } + + void ImageManagerServiceImpl::fs_info_to_grpc(im_fs_info_response *response, +- std::vector<std::unique_ptr<runtime::v1::FilesystemUsage>> *fs_infos, ++ std::vector<std::unique_ptr<runtime::v1::FilesystemUsage>> &fs_infos, + Errors & /*error*/) + { + imagetool_fs_info *got_fs_info = response->fs_info; +@@ -381,11 +381,11 @@ void ImageManagerServiceImpl::fs_info_to_grpc(im_fs_info_response *response, + fs_info->set_allocated_inodes_used(inodes_used); + } + +- fs_infos->push_back(std::move(fs_info)); ++ fs_infos.push_back(std::move(fs_info)); + } + } + +-void ImageManagerServiceImpl::ImageFsInfo(std::vector<std::unique_ptr<runtime::v1::FilesystemUsage>> *usages, ++void ImageManagerServiceImpl::ImageFsInfo(std::vector<std::unique_ptr<runtime::v1::FilesystemUsage>> &usages, + Errors &error) + { + im_fs_info_response *response { nullptr }; +diff --git a/src/daemon/entry/cri/v1/v1_cri_image_manager_service_impl.h b/src/daemon/entry/cri/v1/v1_cri_image_manager_service_impl.h +index 30e7c588..3f13a157 100644 +--- a/src/daemon/entry/cri/v1/v1_cri_image_manager_service_impl.h ++++ b/src/daemon/entry/cri/v1/v1_cri_image_manager_service_impl.h +@@ -30,7 +30,7 @@ public: + virtual ~ImageManagerServiceImpl() = default; + + void ListImages(const runtime::v1::ImageFilter &filter, +- std::vector<std::unique_ptr<runtime::v1::Image>> *images, Errors &error) override; ++ std::vector<std::unique_ptr<runtime::v1::Image>> &images, Errors &error) override; + + std::unique_ptr<runtime::v1::Image> ImageStatus(const runtime::v1::ImageSpec &image, + Errors &error) override; +@@ -40,7 +40,7 @@ public: + + void RemoveImage(const runtime::v1::ImageSpec &image, Errors &error) override; + +- void ImageFsInfo(std::vector<std::unique_ptr<runtime::v1::FilesystemUsage>> *usages, Errors &error) override; ++ void ImageFsInfo(std::vector<std::unique_ptr<runtime::v1::FilesystemUsage>> &usages, Errors &error) override; + + private: + int pull_request_from_grpc(const runtime::v1::ImageSpec *image, const runtime::v1::AuthConfig *auth, +@@ -48,7 +48,7 @@ private: + + int list_request_from_grpc(const runtime::v1::ImageFilter *filter, im_list_request **request, Errors &error); + +- void list_images_to_grpc(im_list_response *response, std::vector<std::unique_ptr<runtime::v1::Image>> *images, ++ void list_images_to_grpc(im_list_response *response, std::vector<std::unique_ptr<runtime::v1::Image>> &images, + Errors &error); + + int status_request_from_grpc(const runtime::v1::ImageSpec *image, im_summary_request **request, +@@ -57,7 +57,7 @@ private: + std::unique_ptr<runtime::v1::Image> status_image_to_grpc(im_summary_response *response, Errors &error); + + void fs_info_to_grpc(im_fs_info_response *response, +- std::vector<std::unique_ptr<runtime::v1::FilesystemUsage>> *fs_infos, Errors &error); ++ std::vector<std::unique_ptr<runtime::v1::FilesystemUsage>> &fs_infos, Errors &error); + + int remove_request_from_grpc(const runtime::v1::ImageSpec *image, im_rmi_request **request, Errors &error); + }; +diff --git a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc +index 687f4e6d..d57338c8 100644 +--- a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc ++++ b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc +@@ -915,7 +915,7 @@ void PodSandboxManagerService::PackagePodSandboxContainerStats( + runtime::v1::ContainerStatsFilter filter; + + filter.set_pod_sandbox_id(id); +- containerManager->ListContainerStats(&filter, &containerStats, error); ++ containerManager->ListContainerStats(&filter, containerStats, error); + if (error.NotEmpty()) { + error.Errorf("Failed to list container stats: %s", error.GetCMessage()); + return; +@@ -1140,7 +1140,7 @@ cleanup: + + void PodSandboxManagerService::ListPodSandboxStats(const runtime::v1::PodSandboxStatsFilter *filter, + const std::unique_ptr<ContainerManagerService> &containerManager, +- std::vector<std::unique_ptr<runtime::v1::PodSandboxStats>> *podsStats, ++ std::vector<std::unique_ptr<runtime::v1::PodSandboxStats>> &podsStats, + Errors &error) + { + std::vector<std::string> podSandboxIDs; +@@ -1165,7 +1165,7 @@ void PodSandboxManagerService::ListPodSandboxStats(const runtime::v1::PodSandbox + continue; + } + +- podsStats->push_back(move(podStats)); ++ podsStats.push_back(move(podStats)); + } + } + +diff --git a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.h b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.h +index ddab6f4e..99347fd8 100644 +--- a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.h ++++ b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.h +@@ -66,7 +66,7 @@ public: + + void ListPodSandboxStats(const runtime::v1::PodSandboxStatsFilter *filter, + const std::unique_ptr<ContainerManagerService> &containerManager, +- std::vector<std::unique_ptr<runtime::v1::PodSandboxStats>> *podsStats, ++ std::vector<std::unique_ptr<runtime::v1::PodSandboxStats>> &podsStats, + Errors &error); + + void PortForward(const runtime::v1::PortForwardRequest &req, runtime::v1::PortForwardResponse *resp, +diff --git a/src/daemon/entry/cri/v1/v1_cri_runtime_service.h b/src/daemon/entry/cri/v1/v1_cri_runtime_service.h +index cd7c52db..87394173 100644 +--- a/src/daemon/entry/cri/v1/v1_cri_runtime_service.h ++++ b/src/daemon/entry/cri/v1/v1_cri_runtime_service.h +@@ -43,10 +43,10 @@ public: + virtual void RemoveContainer(const std::string &containerID, Errors &error) = 0; + + virtual void ListContainers(const runtime::v1::ContainerFilter *filter, +- std::vector<std::unique_ptr<runtime::v1::Container>> *containers, Errors &error) = 0; ++ std::vector<std::unique_ptr<runtime::v1::Container>> &containers, Errors &error) = 0; + + virtual void ListContainerStats(const runtime::v1::ContainerStatsFilter *filter, +- std::vector<std::unique_ptr<runtime::v1::ContainerStats>> *containerstats, ++ std::vector<std::unique_ptr<runtime::v1::ContainerStats>> &containerstats, + Errors &error) = 0; + + virtual auto ContainerStats(const std::string &containerID, +@@ -80,7 +80,7 @@ public: + Errors &error) -> std::unique_ptr<runtime::v1::PodSandboxStats> = 0; + + virtual void ListPodSandboxStats(const runtime::v1::PodSandboxStatsFilter *filter, +- std::vector<std::unique_ptr<runtime::v1::PodSandboxStats>> *podsStats, ++ std::vector<std::unique_ptr<runtime::v1::PodSandboxStats>> &podsStats, + Errors &error) = 0; + + virtual void UpdateContainerResources(const std::string &containerID, +diff --git a/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.cc b/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.cc +index b6652f7d..67cda5ed 100644 +--- a/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.cc ++++ b/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.cc +@@ -57,7 +57,7 @@ void CRIRuntimeServiceImpl::RemoveContainer(const std::string &containerID, Erro + } + + void CRIRuntimeServiceImpl::ListContainers(const runtime::v1::ContainerFilter *filter, +- std::vector<std::unique_ptr<runtime::v1::Container>> *containers, ++ std::vector<std::unique_ptr<runtime::v1::Container>> &containers, + Errors &error) + { + m_containerManager->ListContainers(filter, containers, error); +@@ -65,7 +65,7 @@ void CRIRuntimeServiceImpl::ListContainers(const runtime::v1::ContainerFilter *f + + void CRIRuntimeServiceImpl::ListContainerStats( + const runtime::v1::ContainerStatsFilter *filter, +- std::vector<std::unique_ptr<runtime::v1::ContainerStats>> *containerstats, Errors &error) ++ std::vector<std::unique_ptr<runtime::v1::ContainerStats>> &containerstats, Errors &error) + { + m_containerManager->ListContainerStats(filter, containerstats, error); + } +@@ -145,7 +145,7 @@ auto CRIRuntimeServiceImpl::PodSandboxStats(const std::string &podSandboxID, Err + + void + CRIRuntimeServiceImpl::ListPodSandboxStats(const runtime::v1::PodSandboxStatsFilter *filter, +- std::vector<std::unique_ptr<runtime::v1::PodSandboxStats>> *podsStats, ++ std::vector<std::unique_ptr<runtime::v1::PodSandboxStats>> &podsStats, + Errors &error) + { + m_podSandboxManager->ListPodSandboxStats(filter, m_containerManager, podsStats, error); +diff --git a/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.h b/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.h +index 49272281..23866648 100644 +--- a/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.h ++++ b/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.h +@@ -45,10 +45,10 @@ public: + void RemoveContainer(const std::string &containerID, Errors &error) override; + + void ListContainers(const runtime::v1::ContainerFilter *filter, +- std::vector<std::unique_ptr<runtime::v1::Container>> *containers, Errors &error) override; ++ std::vector<std::unique_ptr<runtime::v1::Container>> &containers, Errors &error) override; + + void ListContainerStats(const runtime::v1::ContainerStatsFilter *filter, +- std::vector<std::unique_ptr<runtime::v1::ContainerStats>> *containerstats, ++ std::vector<std::unique_ptr<runtime::v1::ContainerStats>> &containerstats, + Errors &error) override; + + auto ContainerStats(const std::string &containerID, Errors &error) +@@ -82,7 +82,7 @@ public: + Errors &error) -> std::unique_ptr<runtime::v1::PodSandboxStats> override; + + void ListPodSandboxStats(const runtime::v1::PodSandboxStatsFilter *filter, +- std::vector<std::unique_ptr<runtime::v1::PodSandboxStats>> *podsStats, ++ std::vector<std::unique_ptr<runtime::v1::PodSandboxStats>> &podsStats, + Errors &error) override; + + void UpdateContainerResources(const std::string &containerID, +diff --git a/src/daemon/entry/cri/v1alpha/cri_container_manager_service.cc b/src/daemon/entry/cri/v1alpha/cri_container_manager_service.cc +index 569f339b..b4faab95 100644 +--- a/src/daemon/entry/cri/v1alpha/cri_container_manager_service.cc ++++ b/src/daemon/entry/cri/v1alpha/cri_container_manager_service.cc +@@ -671,7 +671,7 @@ void ContainerManagerService::ListContainersFromGRPC(const runtime::v1alpha2::Co + } + + void ContainerManagerService::ListContainersToGRPC(container_list_response *response, +- std::vector<std::unique_ptr<runtime::v1alpha2::Container>> *pods, ++ std::vector<std::unique_ptr<runtime::v1alpha2::Container>> &pods, + Errors &error) + { + for (size_t i {}; i < response->containers_len; i++) { +@@ -718,12 +718,12 @@ void ContainerManagerService::ListContainersToGRPC(container_list_response *resp + CRIHelpersV1Alpha::ContainerStatusToRuntime(Container_Status(response->containers[i]->status)); + container->set_state(state); + +- pods->push_back(move(container)); ++ pods.push_back(move(container)); + } + } + + void ContainerManagerService::ListContainers(const runtime::v1alpha2::ContainerFilter *filter, +- std::vector<std::unique_ptr<runtime::v1alpha2::Container>> *containers, ++ std::vector<std::unique_ptr<runtime::v1alpha2::Container>> &containers, + Errors &error) + { + if (m_cb == nullptr || m_cb->container.list == nullptr) { +@@ -874,7 +874,7 @@ void ContainerManagerService::PackContainerStatsFilesystemUsage( + + void ContainerManagerService::ContainerStatsToGRPC( + container_stats_response *response, +- std::vector<std::unique_ptr<runtime::v1alpha2::ContainerStats>> *containerstats, Errors &error) ++ std::vector<std::unique_ptr<runtime::v1alpha2::ContainerStats>> &containerstats, Errors &error) + { + if (response == nullptr) { + return; +@@ -924,22 +924,18 @@ void ContainerManagerService::ContainerStatsToGRPC( + if (response->container_stats[i]->major_page_faults != 0u) { + container->mutable_memory()->mutable_major_page_faults()->set_value(response->container_stats[i]->major_page_faults); + } +- containerstats->push_back(std::move(container)); ++ containerstats.push_back(std::move(container)); + } + } + + void ContainerManagerService::ListContainerStats( + const runtime::v1alpha2::ContainerStatsFilter *filter, +- std::vector<std::unique_ptr<runtime::v1alpha2::ContainerStats>> *containerstats, Errors &error) ++ std::vector<std::unique_ptr<runtime::v1alpha2::ContainerStats>> &containerstats, Errors &error) + { + if (m_cb == nullptr || m_cb->container.stats == nullptr) { + error.SetError("Unimplemented callback"); + return; + } +- if (containerstats == nullptr) { +- error.SetError("Invalid arguments"); +- return; +- } + + container_stats_response *response { nullptr }; + container_stats_request *request = (container_stats_request *)util_common_calloc_s(sizeof(container_stats_request)); +@@ -1016,7 +1012,7 @@ auto ContainerManagerService::ContainerStats(const std::string &containerID, Err + goto cleanup; + } + +- ContainerStatsToGRPC(response, &contStatsVec, error); ++ ContainerStatsToGRPC(response, contStatsVec, error); + if (error.NotEmpty()) { + goto cleanup; + } +diff --git a/src/daemon/entry/cri/v1alpha/cri_container_manager_service.h b/src/daemon/entry/cri/v1alpha/cri_container_manager_service.h +index ea22b1cd..f802d3bc 100644 +--- a/src/daemon/entry/cri/v1alpha/cri_container_manager_service.h ++++ b/src/daemon/entry/cri/v1alpha/cri_container_manager_service.h +@@ -47,10 +47,10 @@ public: + void RemoveContainer(const std::string &containerID, Errors &error); + + void ListContainers(const runtime::v1alpha2::ContainerFilter *filter, +- std::vector<std::unique_ptr<runtime::v1alpha2::Container>> *containers, Errors &error); ++ std::vector<std::unique_ptr<runtime::v1alpha2::Container>> &containers, Errors &error); + + void ListContainerStats(const runtime::v1alpha2::ContainerStatsFilter *filter, +- std::vector<std::unique_ptr<runtime::v1alpha2::ContainerStats>> *containerstats, ++ std::vector<std::unique_ptr<runtime::v1alpha2::ContainerStats>> &containerstats, + Errors &error); + + auto ContainerStats(const std::string &containerID, Errors &error) +@@ -97,11 +97,11 @@ private: + void ListContainersFromGRPC(const runtime::v1alpha2::ContainerFilter *filter, container_list_request **request, + Errors &error); + void ListContainersToGRPC(container_list_response *response, +- std::vector<std::unique_ptr<runtime::v1alpha2::Container>> *pods, Errors &error); ++ std::vector<std::unique_ptr<runtime::v1alpha2::Container>> &pods, Errors &error); + auto PackContainerStatsFilter(const runtime::v1alpha2::ContainerStatsFilter *filter, + container_stats_request *request, Errors &error) -> int; + void ContainerStatsToGRPC(container_stats_response *response, +- std::vector<std::unique_ptr<runtime::v1alpha2::ContainerStats>> *containerstats, ++ std::vector<std::unique_ptr<runtime::v1alpha2::ContainerStats>> &containerstats, + Errors &error); + void PackContainerStatsAttributes(const char *id, std::unique_ptr<runtime::v1alpha2::ContainerStats> &container, + Errors &error); +diff --git a/src/daemon/entry/cri/v1alpha/cri_image_manager_service.h b/src/daemon/entry/cri/v1alpha/cri_image_manager_service.h +index b6e506d5..9b2530ab 100644 +--- a/src/daemon/entry/cri/v1alpha/cri_image_manager_service.h ++++ b/src/daemon/entry/cri/v1alpha/cri_image_manager_service.h +@@ -28,7 +28,7 @@ public: + virtual ~ImageManagerService() = default; + + virtual void ListImages(const runtime::v1alpha2::ImageFilter &filter, +- std::vector<std::unique_ptr<runtime::v1alpha2::Image>> *images, Errors &error) = 0; ++ std::vector<std::unique_ptr<runtime::v1alpha2::Image>> &images, Errors &error) = 0; + + virtual auto ImageStatus(const runtime::v1alpha2::ImageSpec &image, + Errors &error) -> std::unique_ptr<runtime::v1alpha2::Image> = 0; +@@ -38,7 +38,7 @@ public: + + virtual void RemoveImage(const runtime::v1alpha2::ImageSpec &image, Errors &error) = 0; + +- virtual void ImageFsInfo(std::vector<std::unique_ptr<runtime::v1alpha2::FilesystemUsage>> *usages, ++ virtual void ImageFsInfo(std::vector<std::unique_ptr<runtime::v1alpha2::FilesystemUsage>> &usages, + Errors &error) = 0; + }; + } // namespace CRI +diff --git a/src/daemon/entry/cri/v1alpha/cri_image_manager_service_impl.cc b/src/daemon/entry/cri/v1alpha/cri_image_manager_service_impl.cc +index ad9e8ef1..3ff79ffc 100644 +--- a/src/daemon/entry/cri/v1alpha/cri_image_manager_service_impl.cc ++++ b/src/daemon/entry/cri/v1alpha/cri_image_manager_service_impl.cc +@@ -133,7 +133,7 @@ auto ImageManagerServiceImpl::list_request_from_grpc(const runtime::v1alpha2::Im + } + + void ImageManagerServiceImpl::list_images_to_grpc(im_list_response *response, +- std::vector<std::unique_ptr<runtime::v1alpha2::Image>> *images, ++ std::vector<std::unique_ptr<runtime::v1alpha2::Image>> &images, + Errors &error) + { + imagetool_images_list *list_images = response->images; +@@ -150,12 +150,12 @@ void ImageManagerServiceImpl::list_images_to_grpc(im_list_response *response, + + imagetool_image_summary *element = list_images->images[i]; + conv_image_to_grpc(element, image); +- images->push_back(move(image)); ++ images.push_back(move(image)); + } + } + + void ImageManagerServiceImpl::ListImages(const runtime::v1alpha2::ImageFilter &filter, +- std::vector<std::unique_ptr<runtime::v1alpha2::Image>> *images, Errors &error) ++ std::vector<std::unique_ptr<runtime::v1alpha2::Image>> &images, Errors &error) + { + im_list_request *request { nullptr }; + im_list_response *response { nullptr }; +@@ -331,7 +331,7 @@ cleanup: + } + + void ImageManagerServiceImpl::fs_info_to_grpc(im_fs_info_response *response, +- std::vector<std::unique_ptr<runtime::v1alpha2::FilesystemUsage>> *fs_infos, ++ std::vector<std::unique_ptr<runtime::v1alpha2::FilesystemUsage>> &fs_infos, + Errors & /*error*/) + { + imagetool_fs_info *got_fs_info = response->fs_info; +@@ -381,11 +381,11 @@ void ImageManagerServiceImpl::fs_info_to_grpc(im_fs_info_response *response, + fs_info->set_allocated_inodes_used(inodes_used); + } + +- fs_infos->push_back(std::move(fs_info)); ++ fs_infos.push_back(std::move(fs_info)); + } + } + +-void ImageManagerServiceImpl::ImageFsInfo(std::vector<std::unique_ptr<runtime::v1alpha2::FilesystemUsage>> *usages, ++void ImageManagerServiceImpl::ImageFsInfo(std::vector<std::unique_ptr<runtime::v1alpha2::FilesystemUsage>> &usages, + Errors &error) + { + im_fs_info_response *response { nullptr }; +diff --git a/src/daemon/entry/cri/v1alpha/cri_image_manager_service_impl.h b/src/daemon/entry/cri/v1alpha/cri_image_manager_service_impl.h +index b94f8908..edf482c9 100644 +--- a/src/daemon/entry/cri/v1alpha/cri_image_manager_service_impl.h ++++ b/src/daemon/entry/cri/v1alpha/cri_image_manager_service_impl.h +@@ -30,7 +30,7 @@ public: + virtual ~ImageManagerServiceImpl() = default; + + void ListImages(const runtime::v1alpha2::ImageFilter &filter, +- std::vector<std::unique_ptr<runtime::v1alpha2::Image>> *images, Errors &error) override; ++ std::vector<std::unique_ptr<runtime::v1alpha2::Image>> &images, Errors &error) override; + + std::unique_ptr<runtime::v1alpha2::Image> ImageStatus(const runtime::v1alpha2::ImageSpec &image, + Errors &error) override; +@@ -40,7 +40,7 @@ public: + + void RemoveImage(const runtime::v1alpha2::ImageSpec &image, Errors &error) override; + +- void ImageFsInfo(std::vector<std::unique_ptr<runtime::v1alpha2::FilesystemUsage>> *usages, Errors &error) override; ++ void ImageFsInfo(std::vector<std::unique_ptr<runtime::v1alpha2::FilesystemUsage>> &usages, Errors &error) override; + + private: + int pull_request_from_grpc(const runtime::v1alpha2::ImageSpec *image, const runtime::v1alpha2::AuthConfig *auth, +@@ -48,7 +48,7 @@ private: + + int list_request_from_grpc(const runtime::v1alpha2::ImageFilter *filter, im_list_request **request, Errors &error); + +- void list_images_to_grpc(im_list_response *response, std::vector<std::unique_ptr<runtime::v1alpha2::Image>> *images, ++ void list_images_to_grpc(im_list_response *response, std::vector<std::unique_ptr<runtime::v1alpha2::Image>> &images, + Errors &error); + + int status_request_from_grpc(const runtime::v1alpha2::ImageSpec *image, im_summary_request **request, +@@ -57,7 +57,7 @@ private: + std::unique_ptr<runtime::v1alpha2::Image> status_image_to_grpc(im_summary_response *response, Errors &error); + + void fs_info_to_grpc(im_fs_info_response *response, +- std::vector<std::unique_ptr<runtime::v1alpha2::FilesystemUsage>> *fs_infos, Errors &error); ++ std::vector<std::unique_ptr<runtime::v1alpha2::FilesystemUsage>> &fs_infos, Errors &error); + + int remove_request_from_grpc(const runtime::v1alpha2::ImageSpec *image, im_rmi_request **request, Errors &error); + }; +diff --git a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc +index d23e7754..c24c1f69 100644 +--- a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc ++++ b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc +@@ -1246,7 +1246,7 @@ void PodSandboxManagerService::ListPodSandboxFromGRPC(const runtime::v1alpha2::P + } + + void PodSandboxManagerService::ListPodSandboxToGRPC(container_list_response *response, +- std::vector<std::unique_ptr<runtime::v1alpha2::PodSandbox>> *pods, ++ std::vector<std::unique_ptr<runtime::v1alpha2::PodSandbox>> &pods, + bool filterOutReadySandboxes, Errors &error) + { + for (size_t i = 0; i < response->containers_len; i++) { +@@ -1272,12 +1272,12 @@ void PodSandboxManagerService::ListPodSandboxToGRPC(container_list_response *res + continue; + } + +- pods->push_back(std::move(pod)); ++ pods.push_back(std::move(pod)); + } + } + + void PodSandboxManagerService::ListPodSandbox(const runtime::v1alpha2::PodSandboxFilter *filter, +- std::vector<std::unique_ptr<runtime::v1alpha2::PodSandbox>> *pods, ++ std::vector<std::unique_ptr<runtime::v1alpha2::PodSandbox>> &pods, + Errors &error) + { + int ret = 0; +@@ -1464,7 +1464,7 @@ void PodSandboxManagerService::PackagePodSandboxContainerStats( + runtime::v1alpha2::ContainerStatsFilter filter; + + filter.set_pod_sandbox_id(id); +- containerManager->ListContainerStats(&filter, &containerStats, error); ++ containerManager->ListContainerStats(&filter, containerStats, error); + if (error.NotEmpty()) { + error.Errorf("Failed to list container stats: %s", error.GetCMessage()); + return; +@@ -1689,7 +1689,7 @@ cleanup: + + void PodSandboxManagerService::ListPodSandboxStats(const runtime::v1alpha2::PodSandboxStatsFilter *filter, + const std::unique_ptr<ContainerManagerService> &containerManager, +- std::vector<std::unique_ptr<runtime::v1alpha2::PodSandboxStats>> *podsStats, ++ std::vector<std::unique_ptr<runtime::v1alpha2::PodSandboxStats>> &podsStats, + Errors &error) + { + std::vector<std::string> podSandboxIDs; +@@ -1714,7 +1714,7 @@ void PodSandboxManagerService::ListPodSandboxStats(const runtime::v1alpha2::PodS + continue; + } + +- podsStats->push_back(move(podStats)); ++ podsStats.push_back(move(podStats)); + } + } + +diff --git a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.h b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.h +index 2f4505df..1a075f86 100644 +--- a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.h ++++ b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.h +@@ -57,7 +57,7 @@ public: + -> std::unique_ptr<runtime::v1alpha2::PodSandboxStatus>; + + void ListPodSandbox(const runtime::v1alpha2::PodSandboxFilter *filter, +- std::vector<std::unique_ptr<runtime::v1alpha2::PodSandbox>> *pods, Errors &error); ++ std::vector<std::unique_ptr<runtime::v1alpha2::PodSandbox>> &pods, Errors &error); + + auto PodSandboxStats(const std::string &podSandboxID, + const std::unique_ptr<ContainerManagerService> &containerManager, +@@ -65,7 +65,7 @@ public: + + void ListPodSandboxStats(const runtime::v1alpha2::PodSandboxStatsFilter *filter, + const std::unique_ptr<ContainerManagerService> &containerManager, +- std::vector<std::unique_ptr<runtime::v1alpha2::PodSandboxStats>> *podsStats, ++ std::vector<std::unique_ptr<runtime::v1alpha2::PodSandboxStats>> &podsStats, + Errors &error); + + void PortForward(const runtime::v1alpha2::PortForwardRequest &req, runtime::v1alpha2::PortForwardResponse *resp, +@@ -130,7 +130,7 @@ private: + void ListPodSandboxFromGRPC(const runtime::v1alpha2::PodSandboxFilter *filter, container_list_request **request, + bool *filterOutReadySandboxes, Errors &error); + void ListPodSandboxToGRPC(container_list_response *response, +- std::vector<std::unique_ptr<runtime::v1alpha2::PodSandbox>> *pods, ++ std::vector<std::unique_ptr<runtime::v1alpha2::PodSandbox>> &pods, + bool filterOutReadySandboxes, Errors &error); + void UpdatePodSandboxNetworkSettings(const std::string &id, const std::string &json, Errors &error); + auto GetNsenterPath(Errors &error) -> std::string; +diff --git a/src/daemon/entry/cri/v1alpha/cri_runtime_service.h b/src/daemon/entry/cri/v1alpha/cri_runtime_service.h +index d157237c..79f61a44 100644 +--- a/src/daemon/entry/cri/v1alpha/cri_runtime_service.h ++++ b/src/daemon/entry/cri/v1alpha/cri_runtime_service.h +@@ -43,10 +43,10 @@ public: + virtual void RemoveContainer(const std::string &containerID, Errors &error) = 0; + + virtual void ListContainers(const runtime::v1alpha2::ContainerFilter *filter, +- std::vector<std::unique_ptr<runtime::v1alpha2::Container>> *containers, Errors &error) = 0; ++ std::vector<std::unique_ptr<runtime::v1alpha2::Container>> &containers, Errors &error) = 0; + + virtual void ListContainerStats(const runtime::v1alpha2::ContainerStatsFilter *filter, +- std::vector<std::unique_ptr<runtime::v1alpha2::ContainerStats>> *containerstats, ++ std::vector<std::unique_ptr<runtime::v1alpha2::ContainerStats>> &containerstats, + Errors &error) = 0; + + virtual auto ContainerStats(const std::string &containerID, +@@ -74,13 +74,13 @@ public: + Errors &error) -> std::unique_ptr<runtime::v1alpha2::PodSandboxStatus> = 0; + + virtual void ListPodSandbox(const runtime::v1alpha2::PodSandboxFilter *filter, +- std::vector<std::unique_ptr<runtime::v1alpha2::PodSandbox>> *pods, Errors &error) = 0; ++ std::vector<std::unique_ptr<runtime::v1alpha2::PodSandbox>> &pods, Errors &error) = 0; + + virtual auto PodSandboxStats(const std::string &podSandboxID, + Errors &error) -> std::unique_ptr<runtime::v1alpha2::PodSandboxStats> = 0; + + virtual void ListPodSandboxStats(const runtime::v1alpha2::PodSandboxStatsFilter *filter, +- std::vector<std::unique_ptr<runtime::v1alpha2::PodSandboxStats>> *podsStats, ++ std::vector<std::unique_ptr<runtime::v1alpha2::PodSandboxStats>> &podsStats, + Errors &error) = 0; + + virtual void UpdateContainerResources(const std::string &containerID, +diff --git a/src/daemon/entry/cri/v1alpha/cri_runtime_service_impl.cc b/src/daemon/entry/cri/v1alpha/cri_runtime_service_impl.cc +index 778b0b69..d50e23e9 100644 +--- a/src/daemon/entry/cri/v1alpha/cri_runtime_service_impl.cc ++++ b/src/daemon/entry/cri/v1alpha/cri_runtime_service_impl.cc +@@ -57,7 +57,7 @@ void CRIRuntimeServiceImpl::RemoveContainer(const std::string &containerID, Erro + } + + void CRIRuntimeServiceImpl::ListContainers(const runtime::v1alpha2::ContainerFilter *filter, +- std::vector<std::unique_ptr<runtime::v1alpha2::Container>> *containers, ++ std::vector<std::unique_ptr<runtime::v1alpha2::Container>> &containers, + Errors &error) + { + m_containerManager->ListContainers(filter, containers, error); +@@ -65,7 +65,7 @@ void CRIRuntimeServiceImpl::ListContainers(const runtime::v1alpha2::ContainerFil + + void CRIRuntimeServiceImpl::ListContainerStats( + const runtime::v1alpha2::ContainerStatsFilter *filter, +- std::vector<std::unique_ptr<runtime::v1alpha2::ContainerStats>> *containerstats, Errors &error) ++ std::vector<std::unique_ptr<runtime::v1alpha2::ContainerStats>> &containerstats, Errors &error) + { + m_containerManager->ListContainerStats(filter, containerstats, error); + } +@@ -131,7 +131,7 @@ auto CRIRuntimeServiceImpl::PodSandboxStatus(const std::string &podSandboxID, Er + } + + void CRIRuntimeServiceImpl::ListPodSandbox(const runtime::v1alpha2::PodSandboxFilter *filter, +- std::vector<std::unique_ptr<runtime::v1alpha2::PodSandbox>> *pods, ++ std::vector<std::unique_ptr<runtime::v1alpha2::PodSandbox>> &pods, + Errors &error) + { + m_podSandboxManager->ListPodSandbox(filter, pods, error); +@@ -145,7 +145,7 @@ auto CRIRuntimeServiceImpl::PodSandboxStats(const std::string &podSandboxID, Err + + void + CRIRuntimeServiceImpl::ListPodSandboxStats(const runtime::v1alpha2::PodSandboxStatsFilter *filter, +- std::vector<std::unique_ptr<runtime::v1alpha2::PodSandboxStats>> *podsStats, ++ std::vector<std::unique_ptr<runtime::v1alpha2::PodSandboxStats>> &podsStats, + Errors &error) + { + m_podSandboxManager->ListPodSandboxStats(filter, m_containerManager, podsStats, error); +diff --git a/src/daemon/entry/cri/v1alpha/cri_runtime_service_impl.h b/src/daemon/entry/cri/v1alpha/cri_runtime_service_impl.h +index f2323524..23c8a400 100644 +--- a/src/daemon/entry/cri/v1alpha/cri_runtime_service_impl.h ++++ b/src/daemon/entry/cri/v1alpha/cri_runtime_service_impl.h +@@ -45,10 +45,10 @@ public: + void RemoveContainer(const std::string &containerID, Errors &error) override; + + void ListContainers(const runtime::v1alpha2::ContainerFilter *filter, +- std::vector<std::unique_ptr<runtime::v1alpha2::Container>> *containers, Errors &error) override; ++ std::vector<std::unique_ptr<runtime::v1alpha2::Container>> &containers, Errors &error) override; + + void ListContainerStats(const runtime::v1alpha2::ContainerStatsFilter *filter, +- std::vector<std::unique_ptr<runtime::v1alpha2::ContainerStats>> *containerstats, ++ std::vector<std::unique_ptr<runtime::v1alpha2::ContainerStats>> &containerstats, + Errors &error) override; + + auto ContainerStats(const std::string &containerID, Errors &error) +@@ -76,13 +76,13 @@ public: + -> std::unique_ptr<runtime::v1alpha2::PodSandboxStatus> override; + + void ListPodSandbox(const runtime::v1alpha2::PodSandboxFilter *filter, +- std::vector<std::unique_ptr<runtime::v1alpha2::PodSandbox>> *pods, Errors &error) override; ++ std::vector<std::unique_ptr<runtime::v1alpha2::PodSandbox>> &pods, Errors &error) override; + + auto PodSandboxStats(const std::string &podSandboxID, + Errors &error) -> std::unique_ptr<runtime::v1alpha2::PodSandboxStats> override; + + void ListPodSandboxStats(const runtime::v1alpha2::PodSandboxStatsFilter *filter, +- std::vector<std::unique_ptr<runtime::v1alpha2::PodSandboxStats>> *podsStats, ++ std::vector<std::unique_ptr<runtime::v1alpha2::PodSandboxStats>> &podsStats, + Errors &error) override; + + void UpdateContainerResources(const std::string &containerID, +-- +2.40.1 + diff --git a/0008-Add-vsock-support-for-exec.patch b/0008-Add-vsock-support-for-exec.patch new file mode 100644 index 0000000..3e029e5 --- /dev/null +++ b/0008-Add-vsock-support-for-exec.patch @@ -0,0 +1,1123 @@ +From ee941bd9f7520eb1160d6fb8a80cca2552f5d990 Mon Sep 17 00:00:00 2001 +From: xuxuepeng <xuxuepeng1@huawei.com> +Date: Thu, 7 Sep 2023 20:11:55 +0800 +Subject: [PATCH 08/33] Add vsock support for exec + +Signed-off-by: xuxuepeng <xuxuepeng1@huawei.com> +--- + src/daemon/modules/service/CMakeLists.txt | 4 + + .../modules/service/service_container.c | 90 +- + .../modules/service/vsock_io_handler.cc | 812 ++++++++++++++++++ + src/daemon/modules/service/vsock_io_handler.h | 46 + + src/daemon/sandbox/sandbox.cc | 21 + + src/daemon/sandbox/sandbox.h | 6 + + 6 files changed, 966 insertions(+), 13 deletions(-) + create mode 100644 src/daemon/modules/service/vsock_io_handler.cc + create mode 100644 src/daemon/modules/service/vsock_io_handler.h + +diff --git a/src/daemon/modules/service/CMakeLists.txt b/src/daemon/modules/service/CMakeLists.txt +index b0e9f04a..a7713c15 100644 +--- a/src/daemon/modules/service/CMakeLists.txt ++++ b/src/daemon/modules/service/CMakeLists.txt +@@ -5,6 +5,10 @@ if(NOT ENABLE_NATIVE_NETWORK) + list(REMOVE_ITEM local_service_srcs "${CMAKE_CURRENT_SOURCE_DIR}/service_network.c") + endif() + ++if(NOT ENABLE_CRI_API_V1) ++ list(REMOVE_ITEM local_service_srcs "${CMAKE_CURRENT_SOURCE_DIR}/vsock_io_handler.cc") ++endif() ++ + set(SERVICE_SRCS + ${local_service_srcs} + PARENT_SCOPE +diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c +index a9da669a..c4ee0223 100644 +--- a/src/daemon/modules/service/service_container.c ++++ b/src/daemon/modules/service/service_container.c +@@ -71,6 +71,7 @@ + #include "id_name_manager.h" + #ifdef ENABLE_CRI_API_V1 + #include "sandbox_ops.h" ++#include "vsock_io_handler.h" + #endif + + #define KATA_RUNTIME "kata-runtime" +@@ -2054,9 +2055,41 @@ out: + return ret; + } + +-static int exec_prepare_console(const container_t *cont, const container_exec_request *request, int stdinfd, +- struct io_write_wrapper *stdout_handler, struct io_write_wrapper *stderr_handler, +- char **fifos, char **fifopath, int *sync_fd, pthread_t *thread_id) ++#ifdef ENABLE_CRI_API_V1 ++static int exec_prepare_vsock(const container_t *cont, const container_exec_request *request, int stdinfd, ++ struct io_write_wrapper *stdout_handler, struct io_write_wrapper *stderr_handler, ++ char **vsockpaths, int *sync_fd, pthread_t *thread_id) ++{ ++ uint32_t cid; ++ const char *task_address = cont->common_config->sandbox_info->task_address; ++ if (!parse_vsock_path(task_address, &cid, NULL)) { ++ ERROR("Failed to parse vsock path %s", task_address); ++ return -1; ++ } ++ ++ if (!request->attach_stdin && !request->attach_stdout && !request->attach_stderr) { ++ return 0; ++ } ++ ++ if (create_daemon_vsockpaths(cont->common_config->sandbox_info->id, cid, request->attach_stdin, request->attach_stdout, ++ request->attach_stderr, vsockpaths) != 0) { ++ return -1; ++ } ++ ++ *sync_fd = eventfd(0, EFD_CLOEXEC); ++ if (*sync_fd < 0) { ++ SYSERROR("Failed to create eventfd"); ++ return -1; ++ } ++ ++ return start_vsock_io_copy(request->suffix, *sync_fd, false, request->stdin, request->stdout, request->stderr, stdinfd, ++ stdout_handler, stderr_handler, (const char **)vsockpaths, thread_id); ++} ++#endif ++ ++static int exec_prepare_fifo(const container_t *cont, const container_exec_request *request, int stdinfd, ++ struct io_write_wrapper *stdout_handler, struct io_write_wrapper *stderr_handler, ++ char **fifos, char **fifopath, int *sync_fd, pthread_t *thread_id) + { + int ret = 0; + const char *id = cont->common_config->id; +@@ -2070,7 +2103,7 @@ static int exec_prepare_console(const container_t *cont, const container_exec_re + + *sync_fd = eventfd(0, EFD_CLOEXEC); + if (*sync_fd < 0) { +- ERROR("Failed to create eventfd: %s", strerror(errno)); ++ SYSERROR("Failed to create eventfd"); + ret = -1; + goto out; + } +@@ -2084,6 +2117,26 @@ out: + return ret; + } + ++#ifdef ENABLE_CRI_API_V1 ++static bool is_vsock_supported(const container_t *cont) ++{ ++ return cont->common_config->sandbox_info != NULL && ++ is_vsock_path(cont->common_config->sandbox_info->task_address); ++} ++#endif ++ ++static int exec_prepare_console(const container_t *cont, const container_exec_request *request, int stdinfd, ++ struct io_write_wrapper *stdout_handler, struct io_write_wrapper *stderr_handler, ++ char **io_addresses, char **iopath, int *sync_fd, pthread_t *thread_id) ++{ ++#ifdef ENABLE_CRI_API_V1 ++ if (is_vsock_supported(cont)) { ++ return exec_prepare_vsock(cont, request, stdinfd, stdout_handler, stderr_handler, io_addresses, sync_fd, thread_id); ++ } ++#endif ++ return exec_prepare_fifo(cont, request, stdinfd, stdout_handler, stderr_handler, io_addresses, iopath, sync_fd, thread_id); ++} ++ + static void exec_container_end(container_exec_response *response, const container_t *cont, + const char *exec_id, uint32_t cc, + int exit_code, int sync_fd, pthread_t thread_id) +@@ -2117,6 +2170,17 @@ static void exec_container_end(container_exec_response *response, const containe + } + } + ++static void cleanup_exec_console_io(const container_t *cont, const char *fifopath, const char *io_addresses[]) ++{ ++#ifdef ENABLE_CRI_API_V1 ++ if (is_vsock_supported(cont)) { ++ delete_daemon_vsockpaths(cont->common_config->sandbox_info->id, io_addresses); ++ return; ++ } ++#endif ++ delete_daemon_fifos(fifopath, (const char **)io_addresses); ++} ++ + static int get_exec_user_info(const container_t *cont, const char *username, defs_process_user **puser) + { + int ret = 0; +@@ -2178,8 +2242,8 @@ int exec_container(const container_t *cont, const container_exec_request *reques + int sync_fd = -1; + uint32_t cc = ISULAD_SUCCESS; + char *id = NULL; +- char *fifos[3] = { NULL, NULL, NULL }; +- char *fifopath = NULL; ++ char *io_addresses[3] = { NULL, NULL, NULL }; ++ char *iopath = NULL; + pthread_t thread_id = 0; + defs_process_user *puser = NULL; + char exec_command[EVENT_ARGS_MAX] = { 0x00 }; +@@ -2237,13 +2301,13 @@ int exec_container(const container_t *cont, const container_exec_request *reques + } + } + +- if (exec_prepare_console(cont, request, stdinfd, stdout_handler, stderr_handler, fifos, &fifopath, &sync_fd, ++ if (exec_prepare_console(cont, request, stdinfd, stdout_handler, stderr_handler, io_addresses, &iopath, &sync_fd, + &thread_id)) { + cc = ISULAD_ERR_EXEC; + goto pack_response; + } + (void)isulad_monitor_send_container_event(id, EXEC_START, -1, 0, exec_command, NULL); +- if (do_exec_container(cont, cont->runtime, (char * const *)fifos, puser, request, &exit_code)) { ++ if (do_exec_container(cont, cont->runtime, (char * const *)io_addresses, puser, request, &exit_code)) { + cc = ISULAD_ERR_EXEC; + goto pack_response; + } +@@ -2253,11 +2317,11 @@ int exec_container(const container_t *cont, const container_exec_request *reques + + pack_response: + exec_container_end(response, cont, request->suffix, cc, exit_code, sync_fd, thread_id); +- delete_daemon_fifos(fifopath, (const char **)fifos); +- free(fifos[0]); +- free(fifos[1]); +- free(fifos[2]); +- free(fifopath); ++ cleanup_exec_console_io(cont, iopath, (const char **)io_addresses); ++ free(io_addresses[0]); ++ free(io_addresses[1]); ++ free(io_addresses[2]); ++ free(iopath); + free_defs_process_user(puser); + + return (cc == ISULAD_SUCCESS) ? 0 : -1; +diff --git a/src/daemon/modules/service/vsock_io_handler.cc b/src/daemon/modules/service/vsock_io_handler.cc +new file mode 100644 +index 00000000..efc74bc8 +--- /dev/null ++++ b/src/daemon/modules/service/vsock_io_handler.cc +@@ -0,0 +1,812 @@ ++/****************************************************************************** ++ * Copyright (c) Huawei Technologies Co., Ltd. 2023. All rights reserved. ++ * iSulad licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ * Author: xuxuepeng ++ * Create: 2023-09-04 ++ * Description: provide vsock io functions ++ ********************************************************************************/ ++#include "vsock_io_handler.h" ++ ++#include <stdio.h> ++#include <stdlib.h> ++#include <unistd.h> ++#include <stdbool.h> ++#include <string> ++#include <vector> ++#include <memory> ++#include <sys/socket.h> ++#include <fcntl.h> ++#include <linux/vm_sockets.h> ++#include <isula_libutils/log.h> ++ ++#include "console.h" ++#include "utils.h" ++#include "sandbox_manager.h" ++#include "sandbox.h" ++ ++const std::string VSOCK_PREFIX = "vsock://"; ++const int VSOCK_RETRY_INTERVAL = 1000; // 1000ms ++const int VSOCK_RETRY_TIMEOUT = 10000; // 10000ms ++const int MILLI_TO_MICRO = 1000; ++ ++bool is_vsock_path(const char *path) ++{ ++ if (path == NULL) { ++ return false; ++ } ++ std::string path_str = path; ++ if (path_str.find(VSOCK_PREFIX) == 0) { ++ return true; ++ } ++ ++ return false; ++} ++ ++bool parse_vsock_path(const char *vsock_path, uint32_t *cid, uint32_t *port) ++{ ++ uint32_t vsock_cid, vsock_port; ++ ++ if (!is_vsock_path(vsock_path)) { ++ ERROR("Invalid vsock path, %s", vsock_path); ++ return false; ++ } ++ std::string vsock_path_str = vsock_path; ++ std::string vsock_address = vsock_path_str.substr(VSOCK_PREFIX.size()); ++ if (vsock_address.empty()) { ++ ERROR("Invalid vsock address, %s", vsock_path); ++ return false; ++ } ++ ++ // split vsock_address by ':' ++ size_t col_pos = vsock_address.find(':'); ++ if (col_pos == std::string::npos) { ++ ERROR("Failed to find ':' in vsock address, %s", vsock_path); ++ return false; ++ } ++ ++ std::string cid_str = vsock_address.substr(0, col_pos); ++ if (util_safe_uint(cid_str.c_str(), &vsock_cid) != 0) { ++ ERROR("Failed to parse cid, %s", cid_str.c_str()); ++ return false; ++ } ++ ++ std::string port_str = vsock_address.substr(col_pos + 1); ++ if (util_safe_uint(port_str.c_str(), &vsock_port) != 0) { ++ ERROR("Failed to parse port, %s", port_str.c_str()); ++ return false; ++ } ++ ++ if (cid != NULL) { ++ *cid = vsock_cid; ++ } ++ ++ if (port != NULL) { ++ *port = vsock_port; ++ } ++ ++ return true; ++} ++ ++static int find_available_vsock_port_for_sandbox(const char *sandbox_id, uint32_t *port) ++{ ++ if (sandbox_id == NULL || port == NULL) { ++ ERROR("Invalid NULL sandbox id or port"); ++ return -1; ++ } ++ std::string sandbox_id_str = sandbox_id; ++ std::shared_ptr<sandbox::Sandbox> sandbox = sandbox::SandboxManager::GetInstance()->GetSandbox(sandbox_id_str); ++ if (sandbox == nullptr) { ++ ERROR("Failed to find sandbox %s", sandbox_id); ++ return -1; ++ } ++ ++ if (sandbox->FindAvailableVsockPort(*port)) { ++ return 0; ++ } ++ ++ ERROR("Failed to find available vsock port for sandbox %s", sandbox_id); ++ ++ return -1; ++} ++ ++static void release_vsock_port_for_sandbox(const char *sandbox_id, uint32_t port) ++{ ++ if (sandbox_id == NULL) { ++ return; ++ } ++ std::string sandbox_id_str = sandbox_id; ++ std::shared_ptr<sandbox::Sandbox> sandbox = sandbox::SandboxManager::GetInstance()->GetSandbox(sandbox_id_str); ++ if (sandbox == nullptr) { ++ return; ++ } ++ ++ sandbox->ReleaseVsockPort(port); ++} ++ ++static int set_flags(int fd, int flags) ++{ ++ int curflag; ++ int ret; ++ ++ curflag = fcntl(fd, F_GETFL, 0); ++ if (curflag < 0) { ++ SYSERROR("Failed to get flags for vsock fd"); ++ return -1; ++ } ++ ++ ret = fcntl(fd, F_SETFL, curflag | flags); ++ if (ret != 0) { ++ SYSERROR("Failed to set flags for vsock fd"); ++ return -1; ++ } ++ ++ return 0; ++} ++ ++static int vsock_connect(uint32_t cid, uint32_t port) ++{ ++ int fd = -1; ++ struct sockaddr_vm sa = { 0 }; ++ ++ fd = socket(AF_VSOCK, SOCK_STREAM, 0); ++ if (fd < 0) { ++ SYSERROR("Failed to create vsock socket"); ++ return -1; ++ } ++ ++ sa.svm_family = AF_VSOCK; ++ sa.svm_cid = cid; ++ sa.svm_port = port; ++ ++ if (connect(fd, (struct sockaddr *)&sa, sizeof(sa)) !=0) { ++ SYSERROR("Failed to connect vsock socket"); ++ close(fd); ++ return -1; ++ } ++ return fd; ++} ++ ++/* ++ * We setup connection as a client, so we need to wait the server to be ready. ++ * In the following function, we need to keep retrying until connection is established. ++ * The retrying time is 10s. ++ */ ++int vsock_open(const char *vsock_path, int *fdout, int flags) ++{ ++ int ret; ++ int fd = -1; ++ int retry = 0; ++ uint32_t cid; ++ uint32_t port; ++ ++ if (vsock_path == NULL || fdout == NULL) { ++ ERROR("Invalid NULL vsock path or fdout"); ++ return -1; ++ } ++ ++ if (!parse_vsock_path(vsock_path, &cid, &port)) { ++ ERROR("Failed to parse vsock path, %s", vsock_path); ++ return -1; ++ } ++ ++ DEBUG("Open vsock, cid %u, port %u", cid, port); ++ ++ while (retry < VSOCK_RETRY_TIMEOUT) { ++ fd = vsock_connect(cid, port); ++ if (fd >= 0) { ++ break; ++ } ++ DEBUG("Failed to connect vsock socket"); ++ retry += VSOCK_RETRY_INTERVAL; ++ usleep(VSOCK_RETRY_INTERVAL * MILLI_TO_MICRO); ++ } ++ ++ if (retry >= VSOCK_RETRY_TIMEOUT) { ++ ERROR("Failed to connect vsock socket, timeout"); ++ return -1; ++ } ++ ++ ret = set_flags(fd, flags); ++ if (ret < 0) { ++ ERROR("Failed to set flags for vsock fd"); ++ close(fd); ++ return -1; ++ } ++ ++ *fdout = fd; ++ return 0; ++} ++ ++static char *create_single_vsockpath(const char *sandbox_id, uint32_t cid) ++{ ++ uint32_t vsock_port; ++ ++ if (find_available_vsock_port_for_sandbox(sandbox_id, &vsock_port) != 0) { ++ ERROR("Failed to find available vsock port for sandbox %s", sandbox_id); ++ return NULL; ++ } ++ std::string vsock_address = VSOCK_PREFIX + std::to_string(cid) + ":" + std::to_string(vsock_port); ++ ++ DEBUG("Create vsock path %s for sandbox %s", vsock_address.c_str(), sandbox_id); ++ ++ return util_strdup_s(vsock_address.c_str()); ++} ++ ++int create_daemon_vsockpaths(const char *sandbox_id, uint32_t cid, bool attach_stdin, bool attach_stdout, ++ bool attach_stderr, char *vsockpaths[]) ++{ ++ int ret = -1; ++ ++ if (sandbox_id == NULL || vsockpaths == NULL) { ++ return -1; ++ } ++ if (attach_stdin) { ++ vsockpaths[0] = create_single_vsockpath(sandbox_id, cid); ++ if (vsockpaths[0] == NULL) { ++ goto errout; ++ } ++ } ++ ++ if (attach_stdout) { ++ vsockpaths[1] = create_single_vsockpath(sandbox_id, cid); ++ if (vsockpaths[1] == NULL) { ++ goto errout; ++ } ++ } ++ ++ if (attach_stderr) { ++ vsockpaths[2] = create_single_vsockpath(sandbox_id, cid); ++ if (vsockpaths[2] == NULL) { ++ goto errout; ++ } ++ } ++ ++ ret = 0; ++errout: ++ if (ret != 0) { ++ delete_daemon_vsockpaths(sandbox_id, (const char **)vsockpaths); ++ free(vsockpaths[0]); ++ free(vsockpaths[1]); ++ free(vsockpaths[2]); ++ vsockpaths[0] = NULL; ++ vsockpaths[1] = NULL; ++ vsockpaths[2] = NULL; ++ } ++ ++ return ret; ++} ++ ++static void delete_single_vsockpath(const char *sandbox_id, const char *vsockpath) ++{ ++ uint32_t cid; ++ uint32_t port; ++ ++ if (vsockpath == NULL) { ++ return; ++ } ++ if (!parse_vsock_path(vsockpath, &cid, &port)) { ++ ERROR("Failed to parse vsock path, %s", vsockpath); ++ return; ++ } ++ release_vsock_port_for_sandbox(sandbox_id, port); ++} ++ ++void delete_daemon_vsockpaths(const char *sandbox_id, const char *vsockpaths[]) ++{ ++ if (sandbox_id == NULL || vsockpaths == NULL) { ++ return; ++ } ++ if (vsockpaths[0] != NULL) { ++ delete_single_vsockpath(sandbox_id, vsockpaths[0]); ++ } ++ if (vsockpaths[1] != NULL) { ++ delete_single_vsockpath(sandbox_id, vsockpaths[1]); ++ } ++ if (vsockpaths[2] != NULL) { ++ delete_single_vsockpath(sandbox_id, vsockpaths[2]); ++ } ++} ++ ++enum IOFlowType{ ++ IO_SRC = 0, ++ IO_DST, ++ IO_FLOW_INVALID, ++}; ++ ++static ssize_t WriteToFIFO(void *context, const void *data, size_t len) ++{ ++ ssize_t ret; ++ int fd; ++ ++ fd = *(int *)context; ++ ret = util_write_nointr_in_total(fd, static_cast<const char *>(data), len); ++ if ((ret < 0) || (size_t)ret != len) { ++ SYSERROR("Failed to write %d", fd); ++ return -1; ++ } ++ return ret; ++} ++ ++static ssize_t WriteToFd(void *context, const void *data, size_t len) ++{ ++ ssize_t ret; ++ ++ ret = util_write_nointr(*(int *)context, static_cast<const char *>(data), len); ++ if (ret < 0 || (size_t)ret != len) { ++ SYSERROR("Failed to write"); ++ return -1; ++ } ++ return ret; ++} ++ ++class IOEntry { ++public: ++ IOEntry() ++ { ++ m_initialized = false; ++ m_fd = -1; ++ m_flags = 0; ++ m_flowType = IO_FLOW_INVALID; ++ } ++ ++ virtual ~IOEntry() = default; ++ ++ virtual int Init() = 0; ++ ++ bool Initialized() const ++ { ++ return m_initialized; ++ } ++ ++ virtual int GetFd() ++ { ++ if (!Initialized()) { ++ return -1; ++ } ++ return m_fd; ++ } ++ ++ virtual struct io_write_wrapper *GetWriter() ++ { ++ if (!Initialized()) { ++ return NULL; ++ } ++ if (m_flowType == IO_SRC) { ++ return NULL; ++ } ++ return &m_writer; ++ } ++ virtual std::string ToString() = 0; ++protected: ++ int m_flags; ++ bool m_initialized; ++ int m_fd; ++ struct io_write_wrapper m_writer; ++ IOFlowType m_flowType; ++}; ++ ++ ++ ++class IOFdEntry : public IOEntry { ++public: ++ IOFdEntry(int fd, IOFlowType flowType): IOEntry() ++ { ++ m_fd = fd; ++ m_flowType = flowType; ++ } ++ ++ ~IOFdEntry() override ++ { ++ if (m_initialized && m_fd >= 0) { ++ close(m_fd); ++ m_fd = -1; ++ } ++ } ++ ++ int Init() override ++ { ++ if (m_initialized) { ++ return 0; ++ } ++ if (m_flowType == IO_DST) { ++ m_writer.context = &m_fd; ++ m_writer.write_func = WriteToFd; ++ } ++ m_initialized = true; ++ return 0; ++ } ++ ++ std::string ToString() override ++ { ++ return "file descriptor " + std::to_string(m_fd); ++ } ++}; ++ ++class IOFifoEntry : public IOEntry { ++public: ++ IOFifoEntry(const char *path, int flags, IOFlowType flowType): IOEntry() ++ { ++ m_fifoPath = path; ++ m_flags = flags; ++ m_flowType = flowType; ++ } ++ ++ ~IOFifoEntry() override ++ { ++ if (m_initialized && m_fd >= 0) { ++ console_fifo_close(m_fd); ++ m_fd = -1; ++ } ++ } ++ ++ int Init() override ++ { ++ if (m_initialized) { ++ return 0; ++ } ++ ++ if (m_flowType == IO_SRC) { ++ if (console_fifo_open(m_fifoPath.c_str(), &m_fd, m_flags) != 0) { ++ ERROR("Failed to open fifo, %s", m_fifoPath.c_str()); ++ return -1; ++ } ++ } else { ++ if (console_fifo_open_withlock(m_fifoPath.c_str(), &m_fd, m_flags)) { ++ ERROR("Failed to open console fifo."); ++ return -1; ++ } ++ m_writer.context = &m_fd; ++ m_writer.write_func = WriteToFIFO; ++ } ++ m_initialized = true; ++ return 0; ++ } ++ ++ std::string ToString() override ++ { ++ return "FIFO " + m_fifoPath; ++ } ++private: ++ std::string m_fifoPath; ++}; ++ ++class IOVsockEntry : public IOEntry { ++public: ++ IOVsockEntry(const char *path, int flags, IOFlowType flowType): IOEntry() ++ { ++ m_vsockPath = path; ++ m_flags = flags; ++ m_flowType = flowType; ++ } ++ ++ ~IOVsockEntry() override ++ { ++ if (m_initialized && m_fd >= 0) { ++ close(m_fd); ++ m_fd = -1; ++ } ++ } ++ ++ int Init() override ++ { ++ if (m_initialized) { ++ return 0; ++ } ++ if (vsock_open(m_vsockPath.c_str(), &m_fd, m_flags) != 0) { ++ ERROR("Failed to open vsock, %s", m_vsockPath.c_str()); ++ return -1; ++ } ++ if (m_flowType != IO_SRC) { ++ m_writer.context = &m_fd; ++ m_writer.write_func = WriteToFd; ++ } ++ m_initialized = true; ++ return 0; ++ } ++ ++ std::string ToString() override ++ { ++ return "vsock " + m_vsockPath; ++ } ++private: ++ std::string m_vsockPath; ++}; ++ ++class IOFuncEntry : public IOEntry { ++public: ++ IOFuncEntry(struct io_write_wrapper *handler, IOFlowType flowType): IOEntry() ++ { ++ m_handler = handler; ++ m_flowType = flowType; ++ } ++ ++ ~IOFuncEntry() override ++ { ++ if (m_initialized && m_handler != NULL) { ++ if (m_handler->close_func != NULL) { ++ m_handler->close_func(m_handler->context, NULL); ++ } ++ m_handler = NULL; ++ } ++ } ++ ++ int Init() override ++ { ++ if (m_initialized) { ++ return 0; ++ } ++ if (m_flowType == IO_SRC) { ++ ERROR("IO func entry should not be used for stdin channel"); ++ return -1; ++ } ++ m_writer.context = m_handler->context; ++ m_writer.write_func = m_handler->write_func; ++ m_writer.close_func = m_handler->close_func; ++ m_initialized = true; ++ return 0; ++ } ++ ++ std::string ToString() override ++ { ++ return "IO func entry"; ++ } ++private: ++ struct io_write_wrapper *m_handler; ++}; ++ ++/** ++ * IOCopy defines the copy relationship between two IO. ++ * It defines source IOEntry to read data from, destination IOEntry to write data to, ++ * and the transfer channel type. ++ */ ++class IOCopy { ++public: ++ IOCopy(std::unique_ptr<IOEntry> src, std::unique_ptr<IOEntry> dst, transfer_channel_type channel) ++ { ++ m_src = std::move(src); ++ m_dst = std::move(dst); ++ m_channel = channel; ++ } ++ ~IOCopy() = default; ++ IOEntry &GetSrc() ++ { ++ return *m_src; ++ } ++ IOEntry &GetDst() ++ { ++ return *m_dst; ++ } ++ transfer_channel_type GetChannel() ++ { ++ return m_channel; ++ } ++private: ++ std::unique_ptr<IOEntry> m_src; ++ std::unique_ptr<IOEntry> m_dst; ++ transfer_channel_type m_channel; ++}; ++ ++class IOCopyCollection { ++public: ++ IOCopyCollection() = default; ++ ~IOCopyCollection() = default; ++ void AddIOCopy(std::unique_ptr<IOEntry> src, std::unique_ptr<IOEntry> dst, transfer_channel_type channel) ++ { ++ m_copies.push_back(std::unique_ptr<IOCopy>(new IOCopy(std::move(src), std::move(dst), channel))); ++ } ++ ++ int Init() ++ { ++ for (auto © : m_copies) { ++ if (copy->GetSrc().Init() != 0) { ++ ERROR("Failed to init src IO, %s", copy->GetSrc().ToString().c_str()); ++ return -1; ++ } ++ if (copy->GetDst().Init() != 0) { ++ ERROR("Failed to init dst IO, %s", copy->GetDst().ToString().c_str()); ++ return -1; ++ } ++ } ++ return 0; ++ } ++ ++ size_t Size() ++ { ++ return m_copies.size(); ++ } ++ ++ int *GetSrcFds() ++ { ++ size_t len = m_copies.size(); ++ int *fds = new int[len]; ++ for (size_t i = 0; i < len; i++) { ++ int fd = m_copies[i]->GetSrc().GetFd(); ++ if (fd < 0) { ++ ERROR("Invalid fd: %s", m_copies[i]->GetSrc().ToString().c_str()); ++ delete[] fds; ++ return NULL; ++ } ++ fds[i] = m_copies[i]->GetSrc().GetFd(); ++ } ++ return fds; ++ } ++ ++ struct io_write_wrapper *GetDstWriters() ++ { ++ size_t len = m_copies.size(); ++ struct io_write_wrapper *writers = new struct io_write_wrapper[len]; ++ for (size_t i = 0; i < len; i++) { ++ struct io_write_wrapper *writer = m_copies[i]->GetDst().GetWriter(); ++ if (writer == NULL) { ++ ERROR("Invalid writer: %s", m_copies[i]->GetDst().ToString().c_str()); ++ delete[] writers; ++ return NULL; ++ } ++ writers[i] = *writer; ++ } ++ return writers; ++ } ++ ++ transfer_channel_type *GetChannels() ++ { ++ size_t len = m_copies.size(); ++ transfer_channel_type *channels = new transfer_channel_type[len]; ++ for (size_t i = 0; i < len; i++) { ++ channels[i] = m_copies[i]->GetChannel(); ++ } ++ return channels; ++ } ++ ++private: ++ std::vector<std::unique_ptr<IOCopy>> m_copies; ++}; ++ ++/** ++ * IO Copy module basically connect two IO together, and copy data from one to another. ++ * For the IO between iSula/Websocket and iSulad, there are two forms: ++ * 1. FIFO: iSula/Websocket will create three fifo files for communication with iSulad. ++ * 2. FD and Callback: iSula/Websocket will use fd for input Channel with iSulad, ++ * and use callback for output and error Channel. ++ * The IO between iSulad and container could be different types, such as FIFO, VSOCK. ++ -------------------------------------------------------------------------------------- ++ | CHANNEL | iSula/Websocket iSulad container| ++ -------------------------------------------------------------------------------------- ++ | | fifoin | stdin_fd vsocks[0] | ++ | IN | RDWR --------> RD RDWR --------> RD | ++ -------------------------------------------------------------------------------------- ++ | | fifoout | stdout_handler vsocks[1] | ++ | OUT | RD <-------- WR RD <-------- WR | ++ -------------------------------------------------------------------------------------- ++ | | fifoerr stderr_handler vsocks[2] | ++ | ERR | RD <-------- WR RD <-------- WR | ++ -------------------------------------------------------------------------------------- ++*/ ++static void PrepareIOCopyCollection(const char *fifoin, const char *fifoout, const char *fifoerr, ++ int stdin_fd, struct io_write_wrapper *stdout_handler, struct io_write_wrapper *stderr_handler, ++ const char *vsocks[], IOCopyCollection &ioCollection) ++{ ++ if (fifoin != NULL) { ++ ioCollection.AddIOCopy(std::unique_ptr<IOEntry>(new IOFifoEntry(fifoin, O_RDONLY | O_NONBLOCK, IO_SRC)), ++ std::unique_ptr<IOEntry>(new IOVsockEntry(vsocks[0], O_WRONLY | O_NONBLOCK, IO_DST)), STDIN_CHANNEL); ++ } ++ if (fifoout != NULL) { ++ ioCollection.AddIOCopy(std::unique_ptr<IOEntry>(new IOVsockEntry(vsocks[1], O_RDONLY | O_NONBLOCK, IO_SRC)), ++ std::unique_ptr<IOEntry>(new IOFifoEntry(fifoout, O_WRONLY | O_NONBLOCK, IO_DST)), STDOUT_CHANNEL); ++ } ++ if (fifoerr != NULL) { ++ ioCollection.AddIOCopy(std::unique_ptr<IOEntry>(new IOVsockEntry(vsocks[2], O_RDONLY | O_NONBLOCK, IO_SRC)), ++ std::unique_ptr<IOEntry>(new IOFifoEntry(fifoerr, O_WRONLY | O_NONBLOCK, IO_DST)), STDERR_CHANNEL); ++ } ++ if (stdin_fd >= 0) { ++ ioCollection.AddIOCopy(std::unique_ptr<IOEntry>(new IOFdEntry(stdin_fd, IO_SRC)), ++ std::unique_ptr<IOEntry>(new IOVsockEntry(vsocks[0], O_WRONLY | O_NONBLOCK, IO_DST)), STDIN_CHANNEL); ++ } ++ if (stdout_handler != NULL) { ++ ioCollection.AddIOCopy(std::unique_ptr<IOEntry>(new IOVsockEntry(vsocks[1], O_RDONLY | O_NONBLOCK, IO_SRC)), ++ std::unique_ptr<IOEntry>(new IOFuncEntry(stdout_handler, IO_DST)), STDOUT_CHANNEL); ++ } ++ if (stderr_handler != NULL) { ++ ioCollection.AddIOCopy(std::unique_ptr<IOEntry>(new IOVsockEntry(vsocks[2], O_RDONLY | O_NONBLOCK, IO_SRC)), ++ std::unique_ptr<IOEntry>(new IOFuncEntry(stderr_handler, IO_DST)), STDERR_CHANNEL); ++ } ++} ++ ++struct IOCopyThreadArgs { ++ IOCopyCollection ioCollection; ++ int sync_fd; ++ bool detach; ++ std::string exec_id; ++ IOCopyThreadArgs() = default; ++ ~IOCopyThreadArgs() = default; ++}; ++ ++static void *IOCopyThread(void *arg) ++{ ++ if (arg == NULL) { ++ return NULL; ++ } ++ ++ std::unique_ptr<IOCopyThreadArgs> threadArg((struct IOCopyThreadArgs *)arg); ++ ++ if (threadArg->detach) { ++ if (pthread_detach(pthread_self()) != 0) { ++ CRIT("Set thread detach fail"); ++ return NULL; ++ } ++ } ++ ++ std::string tname = "IoCopy"; ++ if (!threadArg->exec_id.empty()) { ++ // The name of the thread cannot be longer than 16 bytes, ++ // so just use the first 4 bytes of exec_id as thread name. ++ tname = "IoCopy-" + threadArg->exec_id.substr(0, 4); ++ } ++ ++ (void)prctl(PR_SET_NAME, tname.c_str()); ++ ++ if (threadArg->ioCollection.Init() != 0) { ++ ERROR("Failed to init IO copy collection"); ++ return NULL; ++ } ++ ++ size_t len = threadArg->ioCollection.Size(); ++ if (len == 0) { ++ ERROR("No IO copy to be done"); ++ return NULL; ++ } ++ ++ std::unique_ptr<int[]> srcfds(threadArg->ioCollection.GetSrcFds()); ++ if (srcfds == NULL) { ++ ERROR("Failed to get src fds"); ++ return NULL; ++ } ++ ++ std::unique_ptr<struct io_write_wrapper[]> writers(threadArg->ioCollection.GetDstWriters()); ++ if (writers == NULL) { ++ ERROR("Failed to get dst writers"); ++ return NULL; ++ } ++ ++ std::unique_ptr<transfer_channel_type[]> channels(threadArg->ioCollection.GetChannels()); ++ if (channels == NULL) { ++ ERROR("Failed to get channels"); ++ return NULL; ++ } ++ ++ (void)console_loop_io_copy(threadArg->sync_fd, srcfds.get(), writers.get(), channels.get(), len); ++ return NULL; ++} ++ ++int start_vsock_io_copy(const char *exec_id, int sync_fd, bool detach, const char *fifoin, const char *fifoout, const char *fifoerr, ++ int stdin_fd, struct io_write_wrapper *stdout_handler, struct io_write_wrapper *stderr_handler, ++ const char *vsocks[], pthread_t *tid) ++{ ++ if (sync_fd < 0 || vsocks == NULL || tid == NULL) { ++ ERROR("Invalid NULL arguments"); ++ return -1; ++ } ++ ++ struct IOCopyThreadArgs *args = new IOCopyThreadArgs(); ++ args->sync_fd = sync_fd; ++ args->detach = detach; ++ if (exec_id != NULL) { ++ args->exec_id = exec_id; ++ } ++ ++ PrepareIOCopyCollection(fifoin, fifoout, fifoerr, stdin_fd, stdout_handler, stderr_handler, vsocks, args->ioCollection); ++ ++ int ret = pthread_create(tid, NULL, IOCopyThread, (void *)args); ++ if (ret != 0) { ++ CRIT("Thread creation failed"); ++ delete args; ++ } ++ ++ return ret; ++} +diff --git a/src/daemon/modules/service/vsock_io_handler.h b/src/daemon/modules/service/vsock_io_handler.h +new file mode 100644 +index 00000000..cc0c1dd0 +--- /dev/null ++++ b/src/daemon/modules/service/vsock_io_handler.h +@@ -0,0 +1,46 @@ ++/****************************************************************************** ++ * Copyright (c) Huawei Technologies Co., Ltd. 2023. All rights reserved. ++ * iSulad licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ * Author: xuxuepeng ++ * Create: 2023-09-04 ++ * Description: provide vsock io functions ++ ********************************************************************************/ ++ ++#ifndef DAEMON_MODULES_SERVICE_VSOCK_IO_H ++#define DAEMON_MODULES_SERVICE_VSOCK_IO_H ++ ++#include <stdint.h> ++#include <pthread.h> ++ ++#ifdef __cplusplus ++extern "C" ++{ ++#endif ++ ++bool is_vsock_path(const char *path); ++ ++bool parse_vsock_path(const char *vsock_path, uint32_t *cid, uint32_t *port); ++ ++int vsock_open(const char *vsock_path, int *fdout, int flags); ++ ++int create_daemon_vsockpaths(const char *sandbox_id, uint32_t cid, bool attach_stdin, bool attach_stdout, ++ bool attach_stderr, char *vsockpaths[]); ++ ++void delete_daemon_vsockpaths(const char *sandbox_id, const char *vsockpaths[]); ++ ++int start_vsock_io_copy(const char *exec_id, int sync_fd, bool detach, const char *fifoin, const char *fifoout, const char *fifoerr, ++ int stdin_fd, struct io_write_wrapper *stdout_handler, struct io_write_wrapper *stderr_handler, ++ const char *vsocks[], pthread_t *tid); ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#endif // DAEMON_MODULES_SERVICE_VSOCK_IO_H +diff --git a/src/daemon/sandbox/sandbox.cc b/src/daemon/sandbox/sandbox.cc +index 968dae24..94c2684a 100644 +--- a/src/daemon/sandbox/sandbox.cc ++++ b/src/daemon/sandbox/sandbox.cc +@@ -43,6 +43,8 @@ + namespace sandbox { + + const std::string SHM_MOUNT_POINT = "/dev/shm"; ++const uint32_t VSOCK_START_PORT = 2000; ++const uint32_t VSOCK_END_PORT = 65535; + + static int WriteDefaultSandboxHosts(const std::string &path, const std::string &hostname) + { +@@ -1014,6 +1016,25 @@ void Sandbox::SetNetworkSettings(const std::string &settings, Errors &error) + } + } + ++auto Sandbox::FindAvailableVsockPort(uint32_t &port) -> bool ++{ ++ std::unique_lock<std::mutex> lock(m_vsockPortsMutex); ++ for (uint32_t i = VSOCK_START_PORT; i < VSOCK_END_PORT; i++) { ++ if (m_vsockPorts.find(i) == m_vsockPorts.end()) { ++ m_vsockPorts.insert(i); ++ port = i; ++ return true; ++ } ++ } ++ return false; ++} ++ ++void Sandbox::ReleaseVsockPort(uint32_t port) ++{ ++ std::unique_lock<std::mutex> lock(m_vsockPortsMutex); ++ m_vsockPorts.erase(port); ++} ++ + auto Sandbox::GetTaskAddress() const -> const std::string & + { + return m_taskAddress; +diff --git a/src/daemon/sandbox/sandbox.h b/src/daemon/sandbox/sandbox.h +index 6ae2750f..0f135e70 100644 +--- a/src/daemon/sandbox/sandbox.h ++++ b/src/daemon/sandbox/sandbox.h +@@ -117,6 +117,8 @@ public: + auto UpdateStatsInfo(const StatsInfo &info) -> StatsInfo; + void SetNetworkReady(bool ready); + void SetNetworkMode(const std::string &networkMode); ++ auto FindAvailableVsockPort(uint32_t &port) -> bool; ++ void ReleaseVsockPort(uint32_t port); + auto CleanupSandboxFiles(Errors &error) -> bool; + + // Save to file +@@ -205,6 +207,10 @@ private: + + // it should select accroding to the config + std::shared_ptr<Controller> m_controller { nullptr }; ++ ++ // vsock ports ++ std::mutex m_vsockPortsMutex; ++ std::set<uint32_t> m_vsockPorts; + }; + + } // namespace sandbox +-- +2.40.1 + diff --git a/0009-remove-unneccessary-strerror.patch b/0009-remove-unneccessary-strerror.patch new file mode 100644 index 0000000..2d443b3 --- /dev/null +++ b/0009-remove-unneccessary-strerror.patch @@ -0,0 +1,2669 @@ +From 3536723347722180d8964edf7687bef6343edc77 Mon Sep 17 00:00:00 2001 +From: haozi007 <liuhao27@huawei.com> +Date: Mon, 4 Sep 2023 10:44:35 +0800 +Subject: [PATCH 09/33] remove unneccessary strerror + +1. use SYS-log to replace log; +2. remove unuseful strerror; + +Signed-off-by: haozi007 <liuhao27@huawei.com> +--- + src/cmd/isula/base/create.c | 4 +- + src/cmd/isula/base/start.c | 2 +- + src/cmd/isula/extend/export.c | 2 +- + src/cmd/isula/images/images.c | 2 +- + src/cmd/isula/images/import.c | 2 +- + src/cmd/isula/images/load.c | 2 +- + src/cmd/isula/images/login.c | 6 +- + src/cmd/isula/isula_host_spec.c | 2 +- + src/cmd/isula/stream/attach.c | 2 +- + src/cmd/isula/stream/exec.c | 4 +- + src/cmd/isulad/main.c | 18 +-- + src/daemon/common/cgroup.c | 4 +- + src/daemon/common/sysinfo.c | 6 +- + src/daemon/entry/connect/grpc/grpc_service.cc | 2 +- + src/daemon/entry/connect/rest/rest_service.c | 4 +- + .../entry/cri/streams/websocket/ws_server.cc | 8 +- + .../cri_pod_sandbox_manager_service.cc | 2 +- + src/daemon/executor/container_cb/execution.c | 8 +- + .../container_cb/execution_information.c | 2 +- + .../executor/container_cb/execution_stream.c | 20 +-- + .../container/container_gc/containers_gc.c | 4 +- + src/daemon/modules/container/container_unix.c | 2 +- + .../container/leftover_cleanup/cleanup.c | 2 +- + .../modules/container/supervisor/supervisor.c | 6 +- + src/daemon/modules/events/monitord.c | 8 +- + .../modules/events_sender/event_sender.c | 2 +- + .../modules/image/embedded/db/sqlite_common.c | 2 +- + src/daemon/modules/image/external/ext_image.c | 2 +- + .../modules/image/image_rootfs_handler.c | 4 +- + src/daemon/modules/image/oci/oci_load.c | 2 +- + .../modules/image/oci/registry/registry.c | 11 +- + .../graphdriver/devmapper/deviceset.c | 10 +- + .../graphdriver/devmapper/wrapper_devmapper.c | 4 +- + .../oci/storage/layer_store/layer_store.c | 10 +- + .../modules/image/oci/storage/storage.c | 2 +- + src/daemon/modules/image/oci/utils_images.c | 6 +- + src/daemon/modules/log/log_gather.c | 18 +-- + .../network/cni_operator/libcni/libcni_conf.c | 2 +- + .../modules/runtime/engines/lcr/lcr_rt_ops.c | 6 +- + .../modules/runtime/isula/isula_rt_ops.c | 10 +- + .../modules/runtime/shim/shim_rt_monitor.cc | 2 +- + src/daemon/modules/runtime/shim/shim_rt_ops.c | 4 +- + src/daemon/modules/service/io_handler.c | 4 +- + .../modules/service/service_container.c | 13 +- + src/daemon/modules/service/service_network.c | 6 +- + src/daemon/modules/spec/specs.c | 2 +- + src/daemon/modules/spec/specs_mount.c | 2 +- + src/daemon/modules/spec/verify.c | 6 +- + src/daemon/modules/volume/local.c | 12 +- + src/daemon/sandbox/sandbox.cc | 2 +- + src/utils/console/console.c | 16 +-- + src/utils/cutils/network_namespace.c | 2 +- + src/utils/cutils/path.c | 4 +- + src/utils/cutils/utils.c | 12 +- + src/utils/cutils/utils_aes.c | 16 +-- + src/utils/cutils/utils_base64.c | 4 +- + src/utils/cutils/utils_file.c | 80 ++++++------ + src/utils/cutils/utils_fs.c | 12 +- + src/utils/cutils/utils_port.c | 14 +-- + src/utils/cutils/utils_verify.c | 2 +- + src/utils/http/http.c | 2 +- + src/utils/sha256/sha256.c | 8 +- + src/utils/tar/isulad_tar.c | 12 +- + src/utils/tar/util_archive.c | 118 ++++++++---------- + src/utils/tar/util_gzip.c | 12 +- + 65 files changed, 282 insertions(+), 300 deletions(-) + +diff --git a/src/cmd/isula/base/create.c b/src/cmd/isula/base/create.c +index ecb197bc..aa90c5d6 100644 +--- a/src/cmd/isula/base/create.c ++++ b/src/cmd/isula/base/create.c +@@ -1945,7 +1945,7 @@ static int check_hook_spec_file(const char *hook_spec) + return -1; + } + if (stat(hook_spec, &hookstat)) { +- COMMAND_ERROR("Stat hook spec file failed: %s", strerror(errno)); ++ CMD_SYSERROR("Stat hook spec file failed"); + return -1; + } + if ((hookstat.st_mode & S_IFMT) != S_IFREG) { +@@ -1987,7 +1987,7 @@ static int create_check_rootfs(struct client_arguments *args) + if (args->create_rootfs != NULL) { + char real_path[PATH_MAX] = { 0 }; + if (realpath(args->create_rootfs, real_path) == NULL) { +- COMMAND_ERROR("Failed to get rootfs '%s': %s", args->create_rootfs, strerror(errno)); ++ CMD_SYSERROR("Failed to get rootfs '%s'.", args->create_rootfs); + ret = -1; + goto out; + } +diff --git a/src/cmd/isula/base/start.c b/src/cmd/isula/base/start.c +index ca3634e1..1d0f1256 100644 +--- a/src/cmd/isula/base/start.c ++++ b/src/cmd/isula/base/start.c +@@ -200,7 +200,7 @@ void client_wait_fifo_exit(const struct client_arguments *args) + void client_restore_console(bool reset_tty, const struct termios *oldtios, struct command_fifo_config *console_fifos) + { + if (reset_tty && tcsetattr(0, TCSAFLUSH, oldtios) < 0) { +- WARN("Failed to reset terminal properties: %s.", strerror(errno)); ++ SYSWARN("Failed to reset terminal properties."); + } + free_command_fifo_config(console_fifos); + sem_destroy(&g_console_waitopen_sem); +diff --git a/src/cmd/isula/extend/export.c b/src/cmd/isula/extend/export.c +index 68d17c82..d8f3574c 100644 +--- a/src/cmd/isula/extend/export.c ++++ b/src/cmd/isula/extend/export.c +@@ -114,7 +114,7 @@ int cmd_export_main(int argc, const char **argv) + int sret; + char cwd[PATH_MAX] = { 0 }; + if (!getcwd(cwd, sizeof(cwd))) { +- COMMAND_ERROR("get cwd failed:%s", strerror(errno)); ++ CMD_SYSERROR("get cwd failed"); + exit(ECOMMON); + } + sret = snprintf(file, sizeof(file), "%s/%s", cwd, g_cmd_export_args.file); +diff --git a/src/cmd/isula/images/images.c b/src/cmd/isula/images/images.c +index bff07f76..bd9dc18b 100644 +--- a/src/cmd/isula/images/images.c ++++ b/src/cmd/isula/images/images.c +@@ -65,7 +65,7 @@ static char *trans_time(int64_t created) + time_t created_time = (time_t)created; + + if (!localtime_r(&created_time, &t)) { +- ERROR("translate time for created failed: %s", strerror(errno)); ++ SYSERROR("translate time for created failed."); + return NULL; + } + +diff --git a/src/cmd/isula/images/import.c b/src/cmd/isula/images/import.c +index 7b6eb2a9..f28fe04c 100644 +--- a/src/cmd/isula/images/import.c ++++ b/src/cmd/isula/images/import.c +@@ -126,7 +126,7 @@ int cmd_import_main(int argc, const char **argv) + int len = 0; + + if (!getcwd(cwd, sizeof(cwd))) { +- COMMAND_ERROR("get cwd failed:%s", strerror(errno)); ++ CMD_SYSERROR("get cwd failed"); + exit(exit_code); + } + +diff --git a/src/cmd/isula/images/load.c b/src/cmd/isula/images/load.c +index 688edd02..314e5d5e 100644 +--- a/src/cmd/isula/images/load.c ++++ b/src/cmd/isula/images/load.c +@@ -150,7 +150,7 @@ int cmd_load_main(int argc, const char **argv) + int len; + + if (!getcwd(cwd, sizeof(cwd))) { +- COMMAND_ERROR("get cwd failed:%s", strerror(errno)); ++ CMD_SYSERROR("get cwd failed"); + exit(exit_code); + } + +diff --git a/src/cmd/isula/images/login.c b/src/cmd/isula/images/login.c +index c35cb579..1c3b06ea 100644 +--- a/src/cmd/isula/images/login.c ++++ b/src/cmd/isula/images/login.c +@@ -99,7 +99,7 @@ static int get_password_from_notty(struct client_arguments *args) + return -1; + } + if (n < 0) { +- COMMAND_ERROR("Get password from notty stdin failed: %s", strerror(errno)); ++ CMD_SYSERROR("Get password from notty stdin failed"); + return -1; + } + args->password = util_strdup_s(password); +@@ -126,7 +126,7 @@ static int get_auth_from_terminal(struct client_arguments *args) + COMMAND_ERROR("Error: Cannot perform an interactive login from a non TTY device"); + return -1; + } +- COMMAND_ERROR("Get username failed: %s", strerror(errno)); ++ CMD_SYSERROR("Get username failed"); + return -1; + } + args->username = util_strdup_s(username); +@@ -145,7 +145,7 @@ static int get_auth_from_terminal(struct client_arguments *args) + COMMAND_ERROR("Error: Cannot perform an interactive login from a non TTY device"); + return -1; + } +- COMMAND_ERROR("Get password failed: %s", strerror(errno)); ++ CMD_SYSERROR("Get password failed"); + return -1; + } + args->password = util_strdup_s(password); +diff --git a/src/cmd/isula/isula_host_spec.c b/src/cmd/isula/isula_host_spec.c +index 765c44c0..9fa08bd2 100644 +--- a/src/cmd/isula/isula_host_spec.c ++++ b/src/cmd/isula/isula_host_spec.c +@@ -771,7 +771,7 @@ uint64_t get_proc_mem_size(const char *item) + + fp = util_fopen("/proc/meminfo", "r"); + if (fp == NULL) { +- ERROR("Failed to open /proc/meminfo: %s", strerror(errno)); ++ SYSERROR("Failed to open /proc/meminfo"); + return sysmem_limit; + } + +diff --git a/src/cmd/isula/stream/attach.c b/src/cmd/isula/stream/attach.c +index 02c67e30..ff49af92 100644 +--- a/src/cmd/isula/stream/attach.c ++++ b/src/cmd/isula/stream/attach.c +@@ -376,7 +376,7 @@ static int client_attach(struct client_arguments *args, uint32_t *exit_code) + if (errno == ETIMEDOUT) { + COMMAND_ERROR("Wait container status timeout."); + } else { +- COMMAND_ERROR("Failed to wait sem: %s", strerror(errno)); ++ CMD_SYSERROR("Failed to wait sem"); + } + ret = ECOMMON; + goto out; +diff --git a/src/cmd/isula/stream/exec.c b/src/cmd/isula/stream/exec.c +index bd8bd49a..209610be 100644 +--- a/src/cmd/isula/stream/exec.c ++++ b/src/cmd/isula/stream/exec.c +@@ -356,7 +356,7 @@ static int remote_cmd_exec(const struct client_arguments *args, uint32_t *exit_c + + out: + if (reset_tty && tcsetattr(0, TCSAFLUSH, &oldtios) < 0) { +- WARN("Failed to reset terminal properties: %s.", strerror(errno)); ++ SYSWARN("Failed to reset terminal properties."); + } + if (response->exit_code != 0) { + *exit_code = response->exit_code; +@@ -387,7 +387,7 @@ out: + sem_destroy(&g_command_waitopen_sem); + sem_destroy(&g_command_waitexit_sem); + if (reset_tty && tcsetattr(0, TCSAFLUSH, &oldtios) < 0) { +- WARN("Failed to reset terminal properties: %s.", strerror(errno)); ++ SYSWARN("Failed to reset terminal properties."); + } + return ret; + } +diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c +index b32b6626..39cde6aa 100644 +--- a/src/cmd/isulad/main.c ++++ b/src/cmd/isulad/main.c +@@ -179,7 +179,7 @@ static int mount_rootfs_mnt_dir(const char *mountdir) + if (info == NULL) { + ret = mount(rootfsdir, rootfsdir, "bind", MS_BIND | MS_REC, NULL); + if (ret < 0) { +- ERROR("Failed to mount parent directory %s:%s", rootfsdir, strerror(errno)); ++ SYSERROR("Failed to mount parent directory %s.", rootfsdir); + goto out; + } + } +@@ -212,7 +212,7 @@ static int umount_rootfs_mnt_dir(const char *mntdir) + + ret = umount(dir); + if (ret < 0 && errno != EINVAL) { +- WARN("Failed to umount parent directory %s:%s", dir, strerror(errno)); ++ SYSWARN("Failed to umount parent directory %s.", dir); + goto out; + } + +@@ -252,7 +252,7 @@ static void clean_residual_files() + if (checked_flag == NULL) { + ERROR("Failed to get image checked flag file path"); + } else if (unlink_ignore_enoent(checked_flag)) { +- ERROR("Unlink file: %s error: %s", checked_flag, strerror(errno)); ++ SYSERROR("Unlink file: %s.", checked_flag); + } + free(checked_flag); + +@@ -261,7 +261,7 @@ static void clean_residual_files() + if (fname == NULL) { + ERROR("Failed to get isulad pid file path"); + } else if (unlink(fname) && errno != ENOENT) { +- WARN("Unlink file: %s error: %s", fname, strerror(errno)); ++ SYSWARN("Unlink file: %s.", fname); + } + free(fname); + } +@@ -472,7 +472,7 @@ int check_and_save_pid(const char *fn) + + ret = ftruncate(fd, 0); + if (ret != 0) { +- ERROR("Failed to truncate pid file:%s to 0: %s", fn, strerror(errno)); ++ SYSERROR("Failed to truncate pid file:%s to 0.", fn); + ret = -1; + goto out; + } +@@ -486,7 +486,7 @@ int check_and_save_pid(const char *fn) + + len = util_write_nointr(fd, pidbuf, strlen(pidbuf)); + if (len < 0 || (size_t)len != strlen(pidbuf)) { +- ERROR("Failed to write pid to file:%s: %s", fn, strerror(errno)); ++ SYSERROR("Failed to write pid to file:%s.", fn); + ret = -1; + } + out: +@@ -527,7 +527,7 @@ static int check_hook_spec_file(const char *hook_spec) + return -1; + } + if (stat(hook_spec, &hookstat)) { +- ERROR("Stat hook spec file failed: %s", strerror(errno)); ++ SYSERROR("Stat hook spec file failed."); + return -1; + } + if ((hookstat.st_mode & S_IFMT) != S_IFREG) { +@@ -589,7 +589,7 @@ static void update_isulad_rlimits() + limit.rlim_cur = RLIM_INFINITY; + limit.rlim_max = RLIM_INFINITY; + if (setrlimit(RLIMIT_CORE, &limit)) { +- SYSWARN("Can not set ulimit of RLIMIT_CORE"); ++ SYSWARN("Can not set ulimit of RLIMIT_CORE."); + } + } + +@@ -813,7 +813,7 @@ static int overlay_supports_selinux(bool *supported) + *supported = false; + fp = fopen("/proc/kallsyms", "re"); + if (fp == NULL) { +- ERROR("Failed to open /proc/kallsyms: %s", strerror(errno)); ++ SYSERROR("Failed to open /proc/kallsyms."); + return -1; + } + __fsetlocking(fp, FSETLOCKING_BYCALLER); +diff --git a/src/daemon/common/cgroup.c b/src/daemon/common/cgroup.c +index a351704b..2d1cabb2 100644 +--- a/src/daemon/common/cgroup.c ++++ b/src/daemon/common/cgroup.c +@@ -596,7 +596,7 @@ int common_get_cgroup_version(void) + struct statfs fs = { 0 }; + + if (statfs(CGROUP_MOUNTPOINT, &fs) != 0) { +- ERROR("failed to statfs %s: %s", CGROUP_MOUNTPOINT, strerror(errno)); ++ SYSERROR("failed to statfs %s", CGROUP_MOUNTPOINT); + return -1; + } + +@@ -649,7 +649,7 @@ static int cgroup2_enable_all() + ret = util_write_file(CGROUP2_SUBTREE_CONTROLLER_PATH, enable_controllers, strlen(enable_controllers), + DEFAULT_CGROUP_FILE_MODE); + if (ret != 0) { +- ERROR("write %s to %s failed: %s", enable_controllers, CGROUP2_SUBTREE_CONTROLLER_PATH, strerror(errno)); ++ SYSERROR("write %s to %s failed", enable_controllers, CGROUP2_SUBTREE_CONTROLLER_PATH); + goto out; + } + +diff --git a/src/daemon/common/sysinfo.c b/src/daemon/common/sysinfo.c +index c83ff12f..957b370b 100644 +--- a/src/daemon/common/sysinfo.c ++++ b/src/daemon/common/sysinfo.c +@@ -108,7 +108,7 @@ uint64_t get_default_total_mem_size(void) + + fp = util_fopen("/proc/meminfo", "r"); + if (fp == NULL) { +- ERROR("Failed to open /proc/meminfo: %s", strerror(errno)); ++ SYSERROR("Failed to open /proc/meminfo."); + return sysmem_limit; + } + +@@ -148,10 +148,10 @@ char *get_operating_system(void) + + fp = fopen(etcOsRelease, "r"); + if (fp == NULL) { +- INFO("Failed to open %s :%s", etcOsRelease, strerror(errno)); ++ SYSINFO("Failed to open %s.", etcOsRelease); + fp = fopen(altOsRelease, "r"); + if (fp == NULL) { +- ERROR("Failed to open %s :%s", altOsRelease, strerror(errno)); ++ SYSERROR("Failed to open %s.", altOsRelease); + goto out; + } + } +diff --git a/src/daemon/entry/connect/grpc/grpc_service.cc b/src/daemon/entry/connect/grpc/grpc_service.cc +index 5adfd964..4e1ae019 100644 +--- a/src/daemon/entry/connect/grpc/grpc_service.cc ++++ b/src/daemon/entry/connect/grpc/grpc_service.cc +@@ -117,7 +117,7 @@ public: + for (const auto &address : m_socketPath) { + if (address.find(UNIX_SOCKET_PREFIX) == 0) { + if (unlink(address.c_str() + strlen(UNIX_SOCKET_PREFIX)) < 0 && errno != ENOENT) { +- WARN("Failed to remove '%s':%s", address.c_str(), strerror(errno)); ++ SYSWARN("Failed to remove '%s'.", address.c_str()); + } + } + } +diff --git a/src/daemon/entry/connect/rest/rest_service.c b/src/daemon/entry/connect/rest/rest_service.c +index 818e729d..c73fed66 100644 +--- a/src/daemon/entry/connect/rest/rest_service.c ++++ b/src/daemon/entry/connect/rest/rest_service.c +@@ -149,7 +149,7 @@ int rest_server_init(const char *socket, daemon_shutdown_cb_t shutdown_cb) + } + + if (unlink(g_socketpath + strlen(UNIX_SOCKET_PREFIX)) < 0 && errno != ENOENT) { +- ERROR("Failed to remove '%s':%s, abort", strerror(errno), g_socketpath); ++ SYSERROR("Failed to remove '%s', abort", g_socketpath); + goto error_out; + } + +@@ -190,7 +190,7 @@ void rest_server_shutdown(void) + + if (g_socketpath != NULL) { + if (unlink(g_socketpath + strlen(UNIX_SOCKET_PREFIX)) < 0 && errno != ENOENT) { +- ERROR("Failed to remove '%s':%s", g_socketpath, strerror(errno)); ++ SYSERROR("Failed to remove '%s'.", g_socketpath); + } + } + } +diff --git a/src/daemon/entry/cri/streams/websocket/ws_server.cc b/src/daemon/entry/cri/streams/websocket/ws_server.cc +index 3bb619d8..972c971f 100644 +--- a/src/daemon/entry/cri/streams/websocket/ws_server.cc ++++ b/src/daemon/entry/cri/streams/websocket/ws_server.cc +@@ -133,7 +133,7 @@ int WebsocketServer::CreateContext() + newLimit.rlim_max = WS_ULIMIT_FDS; + int limited = prlimit(0, RLIMIT_NOFILE, &newLimit, &oldLimit); + if (limited != 0) { +- WARN("Can not set ulimit of RLIMIT_NOFILE: %s", strerror(errno)); ++ SYSWARN("Can not set ulimit of RLIMIT_NOFILE"); + } + m_context = lws_create_context(&info); + if (m_context == nullptr) { +@@ -142,7 +142,7 @@ int WebsocketServer::CreateContext() + } + if (limited == 0) { + if (setrlimit(static_cast<int>(RLIMIT_NOFILE), &oldLimit) != 0) { +- WARN("Can not set ulimit of RLIMIT_NOFILE: %s", strerror(errno)); ++ SYSWARN("Can not set ulimit of RLIMIT_NOFILE"); + } + } + +@@ -441,7 +441,7 @@ void WebsocketServer::Receive(int socketID, void *in, size_t len, bool complete) + DEBUG("Receive remaning stdin data with length %zu", len); + // Too much data may cause error 'resource temporarily unavaliable' by using 'write' + if (util_write_nointr_in_total(m_wsis[socketID]->pipes.at(1), static_cast<char *>(in), len) < 0) { +- ERROR("Sub write over! err msg: %s", strerror(errno)); ++ SYSERROR("Sub write over!"); + } + goto out; + } +@@ -458,7 +458,7 @@ void WebsocketServer::Receive(int socketID, void *in, size_t len, bool complete) + + if (*static_cast<char *>(in) == WebsocketChannel::STDINCHANNEL) { + if (util_write_nointr_in_total(m_wsis[socketID]->pipes.at(1), static_cast<char *>(in) + 1, len - 1) < 0) { +- ERROR("Sub write over! err msg: %s", strerror(errno)); ++ SYSERROR("Sub write over!"); + } + goto out; + } +diff --git a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc +index c24c1f69..6e8f40b9 100644 +--- a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc ++++ b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc +@@ -853,7 +853,7 @@ auto PodSandboxManagerService::ClearCniNetwork(const std::string &realSandboxID, + } + // umount netns when cni removed network successfully + if (remove_network_namespace(netnsPath.c_str()) != 0) { +- ERROR("Failed to umount directory %s:%s", netnsPath.c_str(), strerror(errno)); ++ SYSERROR("Failed to umount directory %s.", netnsPath.c_str()); + } + } + +diff --git a/src/daemon/executor/container_cb/execution.c b/src/daemon/executor/container_cb/execution.c +index dbfec59e..d3571b7f 100644 +--- a/src/daemon/executor/container_cb/execution.c ++++ b/src/daemon/executor/container_cb/execution.c +@@ -277,7 +277,7 @@ static int prepare_start_io(container_t *cont, const container_start_request *re + + *sync_fd = eventfd(0, EFD_CLOEXEC); + if (*sync_fd < 0) { +- ERROR("Failed to create eventfd: %s", strerror(errno)); ++ SYSERROR("Failed to create eventfd."); + ret = -1; + goto out; + } +@@ -344,13 +344,13 @@ static int maybe_create_cpu_realtime_file(int64_t value, const char *file, const + + fd = util_open(fpath, O_WRONLY | O_TRUNC | O_CREAT | O_CLOEXEC, 0700); + if (fd < 0) { +- ERROR("Failed to open file: %s: %s", fpath, strerror(errno)); ++ SYSERROR("Failed to open file: %s.", fpath); + isulad_set_error_message("Failed to open file: %s: %s", fpath, strerror(errno)); + return -1; + } + nwrite = util_write_nointr(fd, buf, strlen(buf)); + if (nwrite < 0 || (size_t)nwrite != strlen(buf)) { +- ERROR("Failed to write %s to %s: %s", buf, fpath, strerror(errno)); ++ SYSERROR("Failed to write %s to %s.", buf, fpath); + isulad_set_error_message("Failed to write '%s' to '%s': %s", buf, fpath, strerror(errno)); + return -1; + } +@@ -485,7 +485,7 @@ static void handle_start_io_thread_by_cc(uint32_t cc, int sync_fd, pthread_t thr + } else { + if (sync_fd >= 0) { + if (eventfd_write(sync_fd, 1) < 0) { +- ERROR("Failed to write eventfd: %s", strerror(errno)); ++ SYSERROR("Failed to write eventfd."); + } + } + if (thread_id > 0) { +diff --git a/src/daemon/executor/container_cb/execution_information.c b/src/daemon/executor/container_cb/execution_information.c +index 93e5032e..2f3d3627 100644 +--- a/src/daemon/executor/container_cb/execution_information.c ++++ b/src/daemon/executor/container_cb/execution_information.c +@@ -522,7 +522,7 @@ void execute_ps_command(char **args, const char *pid_args, size_t args_len) + + execvp("ps", params); + +- COMMAND_ERROR("Cannot get ps info with '%s':%s", pid_args, strerror(errno)); ++ CMD_SYSERROR("Cannot get ps info with '%s'.", pid_args); + + out: + exit(EXIT_FAILURE); +diff --git a/src/daemon/executor/container_cb/execution_stream.c b/src/daemon/executor/container_cb/execution_stream.c +index 244ec6a0..7e84cca3 100644 +--- a/src/daemon/executor/container_cb/execution_stream.c ++++ b/src/daemon/executor/container_cb/execution_stream.c +@@ -265,7 +265,7 @@ static int attach_prepare_console(const container_t *cont, const container_attac + + *sync_fd = eventfd(0, EFD_CLOEXEC); + if (*sync_fd < 0) { +- ERROR("Failed to create eventfd: %s", strerror(errno)); ++ SYSERROR("Failed to create eventfd."); + ret = -1; + goto out; + } +@@ -295,7 +295,7 @@ static void handle_attach_io_thread_by_cc(uint32_t cc, int sync_fd, pthread_t th + } else { + if (sync_fd >= 0) { + if (eventfd_write(sync_fd, 1) < 0) { +- ERROR("Failed to write eventfd: %s", strerror(errno)); ++ SYSERROR("Failed to write eventfd."); + } + } + if (thread_id > 0) { +@@ -535,7 +535,7 @@ static container_path_stat *do_container_stat_path(const char *rootpath, const c + + nret = lstat(resolvedpath, &st); + if (nret < 0) { +- ERROR("lstat %s: %s", resolvedpath, strerror(errno)); ++ SYSERROR("lstat %s failed.", resolvedpath); + isulad_set_error_message("lstat %s: %s", resolvedpath, strerror(errno)); + goto cleanup; + } +@@ -921,7 +921,7 @@ static int copy_to_container_check_path_valid(const container_t *cont, const cha + + nret = lstat(resolvedpath, &st); + if (nret < 0) { +- ERROR("lstat %s: %s", resolvedpath, strerror(errno)); ++ SYSERROR("lstat %s failed", resolvedpath); + isulad_set_error_message("lstat %s: %s", resolvedpath, strerror(errno)); + goto cleanup; + } +@@ -1092,11 +1092,11 @@ static int64_t do_read_log_file(const char *path, int64_t require_line, long pos + util_usleep_nointerupt(1000); + } + if (fp == NULL) { +- ERROR("open file: %s failed: %s", path, strerror(errno)); ++ SYSERROR("open file: %s failed.", path); + return -1; + } + if (pos > 0 && fseek(fp, pos, SEEK_SET) != 0) { +- ERROR("fseek to %ld failed: %s", pos, strerror(errno)); ++ SYSERROR("fseek to %ld failed.", pos); + read_lines = -1; + goto out; + } +@@ -1211,12 +1211,12 @@ static int do_tail_find(FILE *fp, int64_t require_line, int64_t *get_line, long + int ret = -1; + + if (fseek(fp, 0L, SEEK_END) != 0) { +- ERROR("Fseek failed: %s", strerror(errno)); ++ SYSERROR("Fseek failed"); + goto out; + } + len = ftell(fp); + if (len < 0) { +- ERROR("Ftell failed: %s", strerror(errno)); ++ SYSERROR("Ftell failed"); + goto out; + } + if (len < SECTION_SIZE) { +@@ -1228,7 +1228,7 @@ static int do_tail_find(FILE *fp, int64_t require_line, int64_t *get_line, long + } + while (true) { + if (fseek(fp, pos, SEEK_SET) != 0) { +- ERROR("Fseek failed: %s", strerror(errno)); ++ SYSERROR("Fseek failed"); + goto out; + } + read_size = fread(buffer, sizeof(char), (size_t)step_size, fp); +@@ -1275,7 +1275,7 @@ static int util_find_tail_position(const char *file_name, int64_t require_line, + + fp = util_fopen(file_name, "rb"); + if (fp == NULL) { +- ERROR("open file: %s failed: %s", file_name, strerror(errno)); ++ SYSERROR("open file: %s failed.", file_name); + return -1; + } + +diff --git a/src/daemon/modules/container/container_gc/containers_gc.c b/src/daemon/modules/container/container_gc/containers_gc.c +index 9feb6d3c..8d0647ab 100644 +--- a/src/daemon/modules/container/container_gc/containers_gc.c ++++ b/src/daemon/modules/container/container_gc/containers_gc.c +@@ -83,14 +83,14 @@ static int save_gc_config(const char *json_gc_config) + + fd = util_open(filename, O_CREAT | O_TRUNC | O_CLOEXEC | O_WRONLY, CONFIG_FILE_MODE); + if (fd == -1) { +- ERROR("Create file %s failed: %s", filename, strerror(errno)); ++ SYSERROR("Create file %s failed.", filename); + ret = -1; + goto out; + } + + nret = util_write_nointr(fd, json_gc_config, strlen(json_gc_config)); + if (nret < 0 || (size_t)nret != strlen(json_gc_config)) { +- ERROR("write %s failed: %s", filename, strerror(errno)); ++ SYSERROR("write %s failed.", filename); + ret = -1; + } + close(fd); +diff --git a/src/daemon/modules/container/container_unix.c b/src/daemon/modules/container/container_unix.c +index 07d9a0e8..e8c98441 100644 +--- a/src/daemon/modules/container/container_unix.c ++++ b/src/daemon/modules/container/container_unix.c +@@ -517,7 +517,7 @@ static int save_json_config_file(const char *id, const char *rootpath, const cha + + nret = util_atomic_write_file(filename, json_data, strlen(json_data), CONFIG_FILE_MODE, false); + if (nret != 0) { +- ERROR("Write file %s failed: %s", filename, strerror(errno)); ++ SYSERROR("Write file %s failed.", filename); + isulad_set_error_message("Write file '%s' failed: %s", filename, strerror(errno)); + ret = -1; + } +diff --git a/src/daemon/modules/container/leftover_cleanup/cleanup.c b/src/daemon/modules/container/leftover_cleanup/cleanup.c +index c86e3db9..9a38ffc2 100644 +--- a/src/daemon/modules/container/leftover_cleanup/cleanup.c ++++ b/src/daemon/modules/container/leftover_cleanup/cleanup.c +@@ -158,7 +158,7 @@ static bool walk_isulad_tmpdir_cb(const char *path_name, const struct dirent *su + + if (util_detect_mounted(tmpdir)) { + if (umount(tmpdir) != 0) { +- ERROR("Failed to umount target %s, error: %s", tmpdir, strerror(errno)); ++ SYSERROR("Failed to umount target %s", tmpdir); + } + } + +diff --git a/src/daemon/modules/container/supervisor/supervisor.c b/src/daemon/modules/container/supervisor/supervisor.c +index 3ce4ec1e..829e48b1 100644 +--- a/src/daemon/modules/container/supervisor/supervisor.c ++++ b/src/daemon/modules/container/supervisor/supervisor.c +@@ -104,7 +104,7 @@ char *container_exit_fifo_create(const char *cont_state_path) + + ret = mknod(fifo_path, S_IFIFO | S_IRUSR | S_IWUSR, (dev_t)0); + if (ret < 0 && errno != EEXIST) { +- ERROR("Failed to mknod exit monitor fifo %s: %s.", fifo_path, strerror(errno)); ++ SYSERROR("Failed to mknod exit monitor fifo %s.", fifo_path); + return NULL; + } + +@@ -128,7 +128,7 @@ int container_exit_fifo_open(const char *cont_exit_fifo) + + ret = util_open(cont_exit_fifo, O_RDONLY | O_NONBLOCK, 0); + if (ret < 0) { +- ERROR("Failed to open exit monitor FIFO %s: %s.", cont_exit_fifo, strerror(errno)); ++ SYSERROR("Failed to open exit monitor FIFO %s.", cont_exit_fifo); + ret = -1; + goto out; + } +@@ -324,7 +324,7 @@ restart: + if (ret == 0) { + goto restart; + } +- ERROR("Mainloop returned an error: %s", strerror(errno)); ++ SYSERROR("Mainloop returned an error"); + + epoll_loop_close(&g_supervisor_descr); + +diff --git a/src/daemon/modules/events/monitord.c b/src/daemon/modules/events/monitord.c +index 775fb9ab..9edded7a 100644 +--- a/src/daemon/modules/events/monitord.c ++++ b/src/daemon/modules/events/monitord.c +@@ -113,18 +113,18 @@ static void *monitored(void *arg) + mhandler.fifo_path = fifo_file_path; + + if (mknod(fifo_file_path, S_IFIFO | S_IRUSR | S_IWUSR, (dev_t)0) && errno != EEXIST) { +- ERROR("Create monitored fifo file failed: %s", strerror(errno)); ++ SYSERROR("Create monitored fifo file failed"); + goto err; + } + + mhandler.fifo_fd = util_open(fifo_file_path, O_RDWR | O_NONBLOCK | O_CLOEXEC, 0); + if (mhandler.fifo_fd == -1) { +- ERROR("Open monitored fifo file failed: %s", strerror(errno)); ++ SYSERROR("Open monitored fifo file failed"); + goto err; + } + + if (fcntl(mhandler.fifo_fd, F_SETPIPE_SZ, EVENTS_FIFO_SIZE) == -1) { +- ERROR("Set events fifo buffer size failed: %s\n", strerror(errno)); ++ SYSERROR("Set events fifo buffer size failed"); + goto err; + } + +@@ -150,7 +150,7 @@ static void *monitored(void *arg) + ret = epoll_loop(&descr, -1); + } while (ret == 0); + +- ERROR("Mainloop returned an error: %s", strerror(errno)); ++ SYSERROR("Mainloop returned an error"); + goto err2; + + err: +diff --git a/src/daemon/modules/events_sender/event_sender.c b/src/daemon/modules/events_sender/event_sender.c +index a3903f3e..13f3c3e3 100644 +--- a/src/daemon/modules/events_sender/event_sender.c ++++ b/src/daemon/modules/events_sender/event_sender.c +@@ -52,7 +52,7 @@ static void isulad_monitor_fifo_send(const struct monitord_msg *msg) + goto out; + } + +- ERROR("Failed to open fifo to send message: %s.", strerror(errno)); ++ SYSERROR("Failed to open fifo to send message."); + goto out; + } + +diff --git a/src/daemon/modules/image/embedded/db/sqlite_common.c b/src/daemon/modules/image/embedded/db/sqlite_common.c +index 42fdf6d9..89f834a0 100644 +--- a/src/daemon/modules/image/embedded/db/sqlite_common.c ++++ b/src/daemon/modules/image/embedded/db/sqlite_common.c +@@ -49,7 +49,7 @@ int db_sqlite_init(const char *dbpath) + goto cleanup; + } + if (chmod(dbpath, DEFAULT_SECURE_FILE_MODE) != 0) { +- ERROR("Change mode of db file failed: %s", strerror(errno)); ++ SYSERROR("Change mode of db file failed."); + goto cleanup; + } + return 0; +diff --git a/src/daemon/modules/image/external/ext_image.c b/src/daemon/modules/image/external/ext_image.c +index d918f4ce..10af82a3 100644 +--- a/src/daemon/modules/image/external/ext_image.c ++++ b/src/daemon/modules/image/external/ext_image.c +@@ -65,7 +65,7 @@ int ext_prepare_rf(const im_prepare_request *request, char **real_rootfs) + return -1; + } + if (realpath(request->rootfs, real_path) == NULL) { +- ERROR("Failed to clean rootfs path '%s': %s", request->rootfs, strerror(errno)); ++ SYSERROR("Failed to clean rootfs path '%s'", request->rootfs); + isulad_set_error_message("Failed to clean rootfs path '%s': %s", request->rootfs, strerror(errno)); + return -1; + } +diff --git a/src/daemon/modules/image/image_rootfs_handler.c b/src/daemon/modules/image/image_rootfs_handler.c +index 1275658e..1a3f4307 100644 +--- a/src/daemon/modules/image/image_rootfs_handler.c ++++ b/src/daemon/modules/image/image_rootfs_handler.c +@@ -434,7 +434,7 @@ static int read_user_file(const char *basefs, const char *user_path, FILE **stre + + *stream = util_fopen(real_path, "r"); + if (*stream == NULL) { +- WARN("Failed to open %s: %s", real_path, strerror(errno)); ++ SYSWARN("Failed to open %s.", real_path); + ret = 0; + goto out; + } +@@ -455,7 +455,7 @@ static int resolve_basefs(const char *basefs, char **resolved_basefs) + } + + if (stat(real_path, &s) < 0) { +- ERROR("stat failed, error: %s", strerror(errno)); ++ SYSERROR("stat failed."); + return -1; + } + +diff --git a/src/daemon/modules/image/oci/oci_load.c b/src/daemon/modules/image/oci/oci_load.c +index 4385e55e..d2efab81 100644 +--- a/src/daemon/modules/image/oci/oci_load.c ++++ b/src/daemon/modules/image/oci/oci_load.c +@@ -1045,7 +1045,7 @@ static char *oci_load_path_create() + } + + if (mkdtemp(tmp_dir) == NULL) { +- ERROR("make temporary dir failed: %s", strerror(errno)); ++ SYSERROR("make temporary dir failed"); + isulad_try_set_error_message("make temporary dir failed: %s", strerror(errno)); + ret = -1; + goto out; +diff --git a/src/daemon/modules/image/oci/registry/registry.c b/src/daemon/modules/image/oci/registry/registry.c +index 62d0c35e..5c660bc9 100644 +--- a/src/daemon/modules/image/oci/registry/registry.c ++++ b/src/daemon/modules/image/oci/registry/registry.c +@@ -445,7 +445,7 @@ static int add_cached_layer(char *blob_digest, char *file, thread_fetch_info *in + } + + if (link(src_file, file) != 0) { +- ERROR("link %s to %s failed: %s", src_file, file, strerror(errno)); ++ SYSERROR("link %s to %s failed", src_file, file); + ret = -1; + goto out; + } +@@ -1147,7 +1147,7 @@ static void set_cached_layers_info(char *blob_digest, char *diffid, int result, + continue; + } + if (link(src_file, elem->file) != 0) { +- ERROR("link %s to %s failed: %s", src_file, elem->file, strerror(errno)); ++ SYSERROR("link %s to %s failed", src_file, elem->file); + info->desc->cancel = true; + continue; + } +@@ -1429,8 +1429,7 @@ static void *register_layers_in_thread(void *arg) + // here we can't just break and cleanup resources because threads are running. + // desc is freed if we break and then isulad crash. sleep some time + // instead to avoid cpu full running and then retry. +- ERROR("condition wait for layer %zu to complete failed, ret %d, error: %s", i, cond_ret, +- strerror(errno)); ++ SYSERROR("condition wait for layer %zu to complete failed, ret %d", i, cond_ret); + sleep(10); + continue; + } +@@ -1615,7 +1614,7 @@ static int fetch_all(pull_descriptor *desc) + // here we can't just break and cleanup resources because threads are running. + // desc is freed if we break and then isulad crash. sleep some time + // instead to avoid cpu full running and then retry. +- ERROR("condition wait for all layers to complete failed, ret %d, error: %s", cond_ret, strerror(errno)); ++ SYSERROR("condition wait for all layers to complete failed, ret %d", cond_ret); + sleep(10); + continue; + } +@@ -1909,7 +1908,7 @@ static int prepare_pull_desc(pull_descriptor *desc, registry_pull_options *optio + } + + if (mkdtemp(blobpath) == NULL) { +- ERROR("make temporary direcory failed: %s", strerror(errno)); ++ SYSERROR("make temporary direcory failed"); + ret = -1; + goto out; + } +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c +index e2fcf37c..81e53ea7 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c +@@ -780,7 +780,7 @@ static int device_file_walk(struct device_set *devset) + } + + if (stat(fname, &st) != 0) { +- ERROR("devmapper: get %s stat error:%s", fname, strerror(errno)); ++ SYSERROR("devmapper: get %s stat failed", fname); + ret = -1; + goto out; + } +@@ -2202,7 +2202,7 @@ static int grow_fs(struct device_set *devset, image_devmapper_device_info *info) + + clean_mount: + if (umount2(FS_MOUNT_POINT, MNT_DETACH) < 0 && errno != EINVAL) { +- WARN("Failed to umount directory %s:%s", FS_MOUNT_POINT, strerror(errno)); ++ SYSWARN("Failed to umount directory %s", FS_MOUNT_POINT); + } + + out: +@@ -3148,7 +3148,7 @@ int unmount_device(const char *hash, const char *mount_path, struct device_set * + } + + if (umount2(mount_path, MNT_DETACH) < 0 && errno != EINVAL) { +- ERROR("Failed to umount directory %s:%s", mount_path, strerror(errno)); ++ SYSERROR("Failed to umount directory %s", mount_path); + ret = -1; + goto free_out; + } +@@ -3405,7 +3405,7 @@ static int umount_deactivate_dev_all(const struct device_set *devset) + } + + if (stat(fname, &st) != 0) { +- ERROR("devmapper: get %s stat error:%s", fname, strerror(errno)); ++ SYSERROR("devmapper: get %s stat failed", fname); + continue; + } + +@@ -3415,7 +3415,7 @@ static int umount_deactivate_dev_all(const struct device_set *devset) + } + + if (umount2(fname, MNT_DETACH) < 0 && errno != EINVAL) { +- ERROR("Failed to umount directory %s:%s", fname, strerror(errno)); ++ SYSERROR("Failed to umount directory %s", fname); + } + + device_info = lookup_device(devset, entry->d_name); +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c +index fc22bcfd..e91ddd1e 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c +@@ -448,7 +448,7 @@ void dev_udev_wait(uint32_t cookie) + } + + if (pthread_create(&tid, NULL, udev_wait_process, uwait) != 0) { +- ERROR("devmapper: create udev wait process thread error:%s", strerror(errno)); ++ SYSERROR("devmapper: create udev wait process thread error"); + free_udev_wait_pth_t(uwait); + return; + } +@@ -1191,7 +1191,7 @@ void dev_check_sem_set_stat(int *semusz, int *semmni) + } + + if (semctl(0, 0, SEM_INFO, &sinfo) != 0) { +- WARN("Get devmapper library version err:%s", strerror(errno)); ++ SYSWARN("Get devmapper library version err"); + return; + } + +diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c +index ae1aba9c..ddf3a62c 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c +@@ -1844,7 +1844,7 @@ static int file_crc64(char *file, uint64_t *crc, uint64_t policy) + + fd = util_open(file, O_RDONLY, 0); + if (fd < 0) { +- ERROR("Open file: %s, failed: %s", file, strerror(errno)); ++ SYSERROR("Open file: %s, failed", file); + return -1; + } + +@@ -1866,7 +1866,7 @@ static int file_crc64(char *file, uint64_t *crc, uint64_t policy) + while (true) { + size = util_read_nointr(fd, buffer, BLKSIZE); + if (size < 0) { +- ERROR("read file %s failed: %s", file, strerror(errno)); ++ SYSERROR("read file %s failed", file); + ret = -1; + break; + } else if (size == 0) { +@@ -1914,7 +1914,7 @@ static int valid_crc64(storage_entry *entry, char *rootfs) + if (fname != NULL && util_has_prefix(fname, ".wh.")) { + goto out; + } +- ERROR("stat file or dir: %s, failed: %s", file, strerror(errno)); ++ SYSERROR("stat file or dir: %s, failed", file); + ret = -1; + } else { + if (strlen(entry->payload) != PAYLOAD_CRC_LEN) { +@@ -1981,7 +1981,7 @@ static tar_split *new_tar_split(layer_t *l, const char *tspath) + + ts->tmp_file = fopen(path, "w+"); + if (ts->tmp_file == NULL) { +- ERROR("create tmpfile failed: %s", strerror(errno)); ++ SYSERROR("create tmpfile failed"); + ret = -1; + goto out; + } +@@ -2019,7 +2019,7 @@ static int next_tar_split_entry(tar_split *ts, storage_entry **entry) + if (errno == 0) { + *entry = NULL; + } else { +- ERROR("error read line from tar split: %s", strerror(errno)); ++ SYSERROR("error read line from tar split"); + ret = -1; + } + goto out; +diff --git a/src/daemon/modules/image/oci/storage/storage.c b/src/daemon/modules/image/oci/storage/storage.c +index 07c3830b..d5e79207 100644 +--- a/src/daemon/modules/image/oci/storage/storage.c ++++ b/src/daemon/modules/image/oci/storage/storage.c +@@ -1444,7 +1444,7 @@ static int do_add_checked_layer(const char *lid, int fd, map_t *checked_layers) + // save checked layer ids into file + nret = util_write_nointr(fd, buf, strlen(lid) + 1); + if (nret < 0 || (size_t)nret != strlen(lid) + 1) { +- ERROR("Write checked layer data failed: %s", strerror(errno)); ++ SYSERROR("Write checked layer data failed"); + ret = -1; + goto out; + } +diff --git a/src/daemon/modules/image/oci/utils_images.c b/src/daemon/modules/image/oci/utils_images.c +index ad7fe0f4..a233c2b1 100644 +--- a/src/daemon/modules/image/oci/utils_images.c ++++ b/src/daemon/modules/image/oci/utils_images.c +@@ -560,7 +560,7 @@ static int makesure_path_is_dir(char *path) + if (errno == ENOENT) { + return util_mkdir_p(path, TEMP_DIRECTORY_MODE); + } +- ERROR("lstat %s failed: %s", path, strerror(errno)); ++ SYSERROR("lstat %s failed.", path); + return -1; + } + +@@ -620,7 +620,7 @@ int makesure_isulad_tmpdir_perm_right(const char *root_dir) + } + + if (lstat(isulad_tmpdir, &st) != 0) { +- ERROR("lstat %s failed: %s", isulad_tmpdir, strerror(errno)); ++ SYSERROR("lstat %s failed.", isulad_tmpdir); + ret = -1; + goto out; + } +@@ -631,7 +631,7 @@ int makesure_isulad_tmpdir_perm_right(const char *root_dir) + ret = 0; + goto out; + } else { +- ERROR("lchown %s failed: %s", isulad_tmpdir, strerror(errno)); ++ SYSERROR("lchown %s failed", isulad_tmpdir); + } + + out: +diff --git a/src/daemon/modules/log/log_gather.c b/src/daemon/modules/log/log_gather.c +index 9b400f00..773526a8 100644 +--- a/src/daemon/modules/log/log_gather.c ++++ b/src/daemon/modules/log/log_gather.c +@@ -66,7 +66,7 @@ static int file_rotate_gz(const char *file_name, int i) + } + + if (rename(from_path, to_path) < 0 && errno != ENOENT) { +- WARN("Rename file: %s error: %s", from_path, strerror(errno)); ++ SYSWARN("Rename file: %s failed", from_path); + return -1; + } + +@@ -85,7 +85,7 @@ static int file_rotate_me(const char *file_name) + } + + if (rename(file_name, tmp_path) < 0 && errno != ENOENT) { +- WARN("Rename file: %s error: %s", file_name, strerror(errno)); ++ SYSWARN("Rename file: %s failed", file_name); + return -1; + } + +@@ -142,7 +142,7 @@ static int create_fifo() + + ret = mknod(g_fifo_path, S_IFIFO | S_IRUSR | S_IWUSR, (dev_t)0); + if (ret != 0 && errno != EEXIST) { +- COMMAND_ERROR("mknod failed: %s", strerror(errno)); ++ CMD_SYSERROR("mknod failed"); + } else { + ret = 0; + } +@@ -157,12 +157,12 @@ static int open_log(bool change_size) + + fd = util_open(g_fifo_path, O_RDWR | O_CLOEXEC, 0); + if (fd == -1) { +- COMMAND_ERROR("open fifo %s failed: %s", g_fifo_path, strerror(errno)); ++ CMD_SYSERROR("open fifo %s failed", g_fifo_path); + return fd; + } + + if (change_size && fcntl(fd, F_SETPIPE_SZ, LOG_FIFO_SIZE) == -1) { +- COMMAND_ERROR("set fifo buffer size failed: %s", strerror(errno)); ++ CMD_SYSERROR("set fifo buffer size failed"); + close(fd); + return -1; + } +@@ -262,7 +262,7 @@ void main_loop() + int len = (int)util_read_nointr(g_fifo_fd, rev_buf, REV_BUF_SIZE); + if (len < 0) { + if (ecount < 2) { +- COMMAND_ERROR("%d: Read message failed: %s", ecount++, strerror(errno)); ++ CMD_SYSERROR("%d: Read message failed", ecount++); + } + continue; + } +@@ -270,7 +270,7 @@ void main_loop() + + rev_buf[len] = '\0'; + if (g_save_log_op(rev_buf, (size_t)len) < 0) { +- COMMAND_ERROR("write message failed: %s", strerror(errno)); ++ CMD_SYSERROR("write message failed"); + } + } + } +@@ -289,14 +289,14 @@ static int log_file_open() + } + fd = util_open(g_log_file, O_CREAT | O_WRONLY | O_APPEND, g_log_mode); + if (fd == -1) { +- COMMAND_ERROR("Open %s failed: %s", g_log_file, strerror(errno)); ++ CMD_SYSERROR("Open %s failed", g_log_file); + ret = -1; + goto out; + } + + /* change log file mode to config, if log file exist and with different mode */ + if (fchmod(fd, g_log_mode) != 0) { +- COMMAND_ERROR("Change mode of log file: %s failed: %s", g_log_file, strerror(errno)); ++ CMD_SYSERROR("Change mode of log file: %s failed", g_log_file); + close(fd); + ret = -1; + goto out; +diff --git a/src/daemon/modules/network/cni_operator/libcni/libcni_conf.c b/src/daemon/modules/network/cni_operator/libcni/libcni_conf.c +index 7489f8f3..cad92ce8 100644 +--- a/src/daemon/modules/network/cni_operator/libcni/libcni_conf.c ++++ b/src/daemon/modules/network/cni_operator/libcni/libcni_conf.c +@@ -90,7 +90,7 @@ static char *do_get_cni_net_confs_json(const char *filename) + + content = util_read_text_file(filename); + if (content == NULL) { +- ERROR("Read file %s failed: %s", filename, strerror(errno)); ++ SYSERROR("Read file %s failed", filename); + } + + return content; +diff --git a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c +index 2b9cf39c..e985cfc1 100644 +--- a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c ++++ b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c +@@ -88,7 +88,7 @@ static int parse_container_pid(const char *S, pid_ppid_info_t *pid_info) + + num = sscanf(S, "%d %Lu %d %Lu", &pid_info->pid, &pid_info->start_time, &pid_info->ppid, &pid_info->pstart_time); + if (num != 4) { // args num to read is 4 +- ERROR("Call sscanf error: %s", errno ? strerror(errno) : ""); ++ SYSERROR("Call sscanf failed."); + return -1; + } + +@@ -210,7 +210,7 @@ static int remove_container_rootpath(const char *id, const char *root_path) + ret = util_recursive_rmdir(cont_root_path, 0); + if (ret != 0) { + const char *tmp_err = (errno != 0) ? strerror(errno) : "error"; +- ERROR("Failed to delete container's root directory %s: %s", cont_root_path, tmp_err); ++ SYSERROR("Failed to delete container's root directory %s.", cont_root_path); + isulad_set_error_message("Failed to delete container's root directory %s: %s", cont_root_path, tmp_err); + ret = -1; + goto out; +@@ -750,7 +750,7 @@ int rt_lcr_kill(const char *id, const char *runtime, const rt_kill_params_t *par + } else { + int ret = kill(params->pid, (int)params->signal); + if (ret < 0) { +- ERROR("Can not kill process (pid=%d) with signal %u: %s", params->pid, params->signal, strerror(errno)); ++ SYSERROR("Can not kill process (pid=%d) with signal %u.", params->pid, params->signal); + return -1; + } + } +diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c +index 5a62cc37..786071a7 100644 +--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c ++++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c +@@ -390,7 +390,7 @@ static bool shim_alive(const char *workdir) + + ret = kill(pid, 0); + if (ret != 0) { +- INFO("kill 0 shim-pid with error: %s", strerror(errno)); ++ SYSINFO("kill 0 shim-pid with error."); + } + return ret == 0; + } +@@ -780,7 +780,7 @@ static int shim_create(bool fg, const char *id, const char *workdir, const char + + pid = fork(); + if (pid < 0) { +- ERROR("Failed fork for shim parent %s", strerror(errno)); ++ SYSERROR("Failed fork for shim parent"); + close(shim_stderr_pipe[0]); + close(shim_stderr_pipe[1]); + close(shim_stdout_pipe[0]); +@@ -856,7 +856,7 @@ realexec: + + status = util_wait_for_pid_status(pid); + if (status < 0) { +- ERROR("Failed wait shim-parent %d exit %s", pid, strerror(errno)); ++ SYSERROR("Failed wait shim-parent %d exit", pid); + ret = -1; + goto out; + } +@@ -1699,7 +1699,7 @@ int rt_isula_exec_resize(const char *id, const char *runtime, const rt_exec_resi + } + + if (kill(pid, SIGWINCH) < 0) { +- ERROR("can't kill process (pid=%d) with signal %u: %s", pid, SIGWINCH, strerror(errno)); ++ SYSERROR("can't kill process (pid=%d) with signal %u", pid, SIGWINCH); + ret = -1; + goto out; + } +@@ -1727,7 +1727,7 @@ int rt_isula_kill(const char *id, const char *runtime, const rt_kill_params_t *p + } else { + int ret = kill(params->pid, (int)params->signal); + if (ret < 0) { +- ERROR("Can not kill process (pid=%d) with signal %u: %s", params->pid, params->signal, strerror(errno)); ++ SYSERROR("Can not kill process (pid=%d) with signal %u", params->pid, params->signal); + return -1; + } + } +diff --git a/src/daemon/modules/runtime/shim/shim_rt_monitor.cc b/src/daemon/modules/runtime/shim/shim_rt_monitor.cc +index 3b6274ea..f5178c26 100644 +--- a/src/daemon/modules/runtime/shim/shim_rt_monitor.cc ++++ b/src/daemon/modules/runtime/shim/shim_rt_monitor.cc +@@ -114,7 +114,7 @@ private: + + exit_fifo_fd = util_open(exit_fifo.c_str(), O_WRONLY | O_NONBLOCK, 0); + if (exit_fifo_fd < 0) { +- ERROR("Failed to open exit FIFO %s: %s.", exit_fifo.c_str(), strerror(errno)); ++ SYSERROR("Failed to open exit FIFO %s.", exit_fifo.c_str()); + return -1; + } + +diff --git a/src/daemon/modules/runtime/shim/shim_rt_ops.c b/src/daemon/modules/runtime/shim/shim_rt_ops.c +index 73d5de1c..d348dfe1 100644 +--- a/src/daemon/modules/runtime/shim/shim_rt_ops.c ++++ b/src/daemon/modules/runtime/shim/shim_rt_ops.c +@@ -210,7 +210,7 @@ static int shim_bin_v2_create(const char *runtime, const char *id, const char *w + + pid = fork(); + if (pid < 0) { +- ERROR("Failed to fork for shim parent %s", strerror(errno)); ++ SYSERROR("Failed to fork for shim parent"); + ret = -1; + goto out; + } +@@ -264,7 +264,7 @@ static int shim_bin_v2_create(const char *runtime, const char *id, const char *w + + status = util_wait_for_pid_status(pid); + if (status < 0) { +- ERROR("failed to wait shim-parent %d exit %s", pid, strerror(errno)); ++ SYSERROR("failed to wait shim-parent %d exit", pid); + ret = -1; + goto out; + } +diff --git a/src/daemon/modules/service/io_handler.c b/src/daemon/modules/service/io_handler.c +index 0cb9fda9..474fa650 100644 +--- a/src/daemon/modules/service/io_handler.c ++++ b/src/daemon/modules/service/io_handler.c +@@ -330,7 +330,7 @@ static ssize_t write_to_fifo(void *context, const void *data, size_t len) + fd = *(int *)context; + ret = util_write_nointr_in_total(fd, data, len); + if ((ret <= 0) || (ret != (ssize_t)len)) { +- ERROR("Failed to write %d: %s", fd, strerror(errno)); ++ SYSERROR("Failed to write %d", fd); + return -1; + } + return ret; +@@ -341,7 +341,7 @@ static ssize_t write_to_fd(void *context, const void *data, size_t len) + ssize_t ret; + ret = util_write_nointr(*(int *)context, data, len); + if (ret < 0 || (size_t)ret != len) { +- ERROR("Failed to write: %s", strerror(errno)); ++ SYSERROR("Failed to write"); + return -1; + } + return ret; +diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c +index c4ee0223..483670de 100644 +--- a/src/daemon/modules/service/service_container.c ++++ b/src/daemon/modules/service/service_container.c +@@ -575,7 +575,7 @@ static int umount_dev_tmpfs_for_system_container(const container_t *cont) + return -1; + } + if (umount(rootfs_dev_path) < 0 && errno != ENOENT) { +- WARN("Failed to umount dev tmpfs: %s, error: %s", rootfs_dev_path, strerror(errno)); ++ SYSWARN("Failed to umount dev tmpfs: %s", rootfs_dev_path); + } + } + return 0; +@@ -595,7 +595,7 @@ static int valid_mount_point(container_config_v2_common_config_mount_points_elem + } + + if (lstat(mp->source, &st) != 0) { +- ERROR("lstat %s: %s", mp->source, strerror(errno)); ++ SYSERROR("lstat %s failed", mp->source); + isulad_set_error_message("lstat %s: %s", mp->source, strerror(errno)); + return -1; + } +@@ -679,8 +679,7 @@ static void wait_exit_fifo(const char *id, const int exit_fifo_fd) + descr.timeout_cbdata = container_id; + nret = epoll_loop(&descr, WAIT_TIMEOUT); + if (nret != 0) { +- ERROR("Wait container %s 's monitor on fd %d error: %s", id, exit_fifo_fd, +- errno ? strerror(errno) : ""); ++ SYSERROR("Wait container %s 's monitor on fd %d failed", id, exit_fifo_fd); + goto out; + } + +@@ -1266,7 +1265,7 @@ static int do_delete_container(container_t *cont) + } + ret = util_recursive_rmdir(container_state, 0); + if (ret != 0) { +- ERROR("Failed to delete container's state directory %s: %s", container_state, strerror(errno)); ++ SYSERROR("Failed to delete container's state directory %s", container_state); + ret = -1; + goto out; + } +@@ -1399,7 +1398,7 @@ static int send_signal_to_process(pid_t pid, unsigned long long start_time, uint + } else { + int ret = kill(pid, (int)signal); + if (ret < 0) { +- ERROR("Can not kill process (pid=%d) with signal %u: %s", pid, signal, strerror(errno)); ++ SYSERROR("Can not kill process (pid=%d) with signal %u", pid, signal); + return -1; + } + } +@@ -2157,7 +2156,7 @@ static void exec_container_end(container_exec_response *response, const containe + } + if (sync_fd >= 0 && cc != ISULAD_SUCCESS) { + if (eventfd_write(sync_fd, 1) < 0) { +- ERROR("Failed to write eventfd: %s", strerror(errno)); ++ SYSERROR("Failed to write eventfd"); + } + } + if (thread_id > 0) { +diff --git a/src/daemon/modules/service/service_network.c b/src/daemon/modules/service/service_network.c +index c617852f..5502bcbd 100644 +--- a/src/daemon/modules/service/service_network.c ++++ b/src/daemon/modules/service/service_network.c +@@ -961,7 +961,7 @@ static int do_update_internal_file(const char *id, const char *file_path, + WARN("failed to write file %s in readonly file system", file_path); + ret = 0; + } else { +- ERROR("Failed to write file %s: %s", file_path, strerror(errno)); ++ SYSERROR("Failed to write file %s", file_path); + isulad_set_error_message("Failed to write file %s: %s", file_path, strerror(errno)); + ret = -1; + } +@@ -1179,7 +1179,7 @@ static int do_drop_internal_file(const char *id, const char *file_path, const de + WARN("failed to open file %s in readonly file system", file_path); + goto out; + } else { +- ERROR("Failed to open %s: %s", file_path, strerror(errno)); ++ SYSERROR("Failed to open %s", file_path); + isulad_set_error_message("Failed to open %s: %s", file_path, strerror(errno)); + ret = -1; + goto out; +@@ -1212,7 +1212,7 @@ static int do_drop_internal_file(const char *id, const char *file_path, const de + + ret = util_write_file(file_path, str, strlen(str), NETWORK_MOUNT_FILE_MODE); + if (ret != 0) { +- ERROR("Failed to write file %s: %s", file_path, strerror(errno)); ++ SYSERROR("Failed to write file %s", file_path); + isulad_set_error_message("Failed to write file %s: %s", file_path, strerror(errno)); + goto out; + } +diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c +index d5bb68f4..3454a8c6 100644 +--- a/src/daemon/modules/spec/specs.c ++++ b/src/daemon/modules/spec/specs.c +@@ -2405,7 +2405,7 @@ int save_oci_config(const char *id, const char *rootpath, const oci_runtime_spec + + if (util_atomic_write_file(file_path, json_container, strlen(json_container), DEFAULT_SECURE_FILE_MODE, false) != + 0) { +- ERROR("write json container failed: %s", strerror(errno)); ++ SYSERROR("write json container failed"); + ret = -1; + goto out_free; + } +diff --git a/src/daemon/modules/spec/specs_mount.c b/src/daemon/modules/spec/specs_mount.c +index dc1ca1f1..ade22a02 100644 +--- a/src/daemon/modules/spec/specs_mount.c ++++ b/src/daemon/modules/spec/specs_mount.c +@@ -1430,7 +1430,7 @@ static int copy_data_to_volume(char *base_fs, defs_mount *mnt) + if (errno == ENOENT) { + goto out; + } +- ERROR("stat for copy data to volume failed: %s", strerror(errno)); ++ SYSERROR("stat for copy data to volume failed"); + ret = -1; + goto out; + } +diff --git a/src/daemon/modules/spec/verify.c b/src/daemon/modules/spec/verify.c +index e384b8cc..6180b887 100644 +--- a/src/daemon/modules/spec/verify.c ++++ b/src/daemon/modules/spec/verify.c +@@ -248,7 +248,7 @@ static bool check_kernel_version_ge4() + + ret = uname(&uts); + if (ret < 0) { +- WARN("Can not get kernel version: %s", strerror(errno)); ++ SYSWARN("Can not get kernel version"); + } else { + /* greater or equal than 4.0.0, check first part is enough */ + return atoi(uts.release) >= 4; +@@ -1332,7 +1332,7 @@ static int get_source_mount(const char *src, char **srcpath, char **optional) + char *dname = NULL; + + if (realpath(src, real_path) == NULL) { +- ERROR("Failed to get real path for %s : %s", src, strerror(errno)); ++ SYSERROR("Failed to get real path for %s", src); + return -1; + } + +@@ -1535,7 +1535,7 @@ static int verify_custom_mount(defs_mount **mounts, size_t len) + #else + if (!util_file_exists(iter->source) && util_mkdir_p(iter->source, mode)) { + #endif +- ERROR("Failed to create directory '%s': %s", iter->source, strerror(errno)); ++ SYSERROR("Failed to create directory '%s'", iter->source); + isulad_try_set_error_message("Failed to create directory '%s': %s", iter->source, strerror(errno)); + ret = -1; + goto out; +diff --git a/src/daemon/modules/volume/local.c b/src/daemon/modules/volume/local.c +index 994ed96a..7f95757d 100644 +--- a/src/daemon/modules/volume/local.c ++++ b/src/daemon/modules/volume/local.c +@@ -165,7 +165,7 @@ static int init_volume_root_dir(struct volumes_info *vols_info, const char *root + + ret = util_mkdir_p(root_dir, LOCAL_VOLUME_ROOT_DIR_MODE); + if (ret != 0) { +- ERROR("create volume directory %s failed: %s", root_dir, strerror(errno)); ++ SYSERROR("create volume directory %s failed", root_dir); + goto out; + } + +@@ -229,7 +229,7 @@ static char *build_and_valid_data_dir(const char *root_dir, const char *name) + } + + if (lstat(tmp_dir, &st) != 0) { +- ERROR("lstat %s: %s", tmp_dir, strerror(errno)); ++ SYSERROR("lstat %s failed", tmp_dir); + ret = -1; + goto out; + } +@@ -388,7 +388,7 @@ static struct volume *volume_create_nolock(char *name) + + ret = util_mkdir_p(v->path, LOCAL_VOLUME_DIR_MODE); + if (ret != 0) { +- ERROR("failed to create %s for volume %s: %s", v->path, v->name, strerror(errno)); ++ SYSERROR("failed to create %s for volume %s", v->path, v->name); + goto out; + } + +@@ -556,14 +556,14 @@ static int remove_volume_dir(char *path) + // remain untouched if we remove the data directory failed. + ret = util_recursive_rmdir(path, 0); + if (ret != 0) { +- ERROR("failed to remove volume data dir %s: %s", path, strerror(errno)); ++ SYSERROR("failed to remove volume data dir %s", path); + isulad_try_set_error_message("failed to remove volume data dir %s: %s", path, strerror(errno)); + goto out; + } + + ret = util_recursive_rmdir(vol_dir, 0); + if (ret != 0) { +- ERROR("failed to remove volume dir %s: %s", vol_dir, strerror(errno)); ++ SYSERROR("failed to remove volume dir %s", vol_dir); + isulad_try_set_error_message("failed to remove volume dir %s: %s", vol_dir, strerror(errno)); + goto out; + } +@@ -586,7 +586,7 @@ static int volume_remove_nolock(char *name) + } + + if (remove_volume_dir(v->path) != 0) { +- ERROR("failed to remove volume dir %s: %s", v->path, strerror(errno)); ++ SYSERROR("failed to remove volume dir %s", v->path); + return -1; + } + +diff --git a/src/daemon/sandbox/sandbox.cc b/src/daemon/sandbox/sandbox.cc +index 94c2684a..d3fc7eea 100644 +--- a/src/daemon/sandbox/sandbox.cc ++++ b/src/daemon/sandbox/sandbox.cc +@@ -833,7 +833,7 @@ auto Sandbox::SaveNetworkSetting(Errors &error) -> bool + nret = util_atomic_write_file(path.c_str(), m_networkSettings.c_str(), m_networkSettings.length(), CONFIG_FILE_MODE, + false); + if (nret != 0) { +- ERROR("Failed to write file %s: %s", path.c_str(), strerror(errno)); ++ SYSERROR("Failed to write file %s", path.c_str()); + error.Errorf("Failed to write file %s: %s", path.c_str(), strerror(errno)); + return false; + } +diff --git a/src/utils/console/console.c b/src/utils/console/console.c +index a160d685..568832e8 100644 +--- a/src/utils/console/console.c ++++ b/src/utils/console/console.c +@@ -36,7 +36,7 @@ static ssize_t fd_write_function(void *context, const void *data, size_t len) + + ret = util_write_nointr_in_total(*(int *)context, data, len); + if ((ret <= 0) || (ret != (ssize_t)len)) { +- ERROR("Failed to write: %s", strerror(errno)); ++ SYSERROR("Failed to write"); + return -1; + } + return ret; +@@ -100,7 +100,7 @@ static int console_writer_write_data(const struct io_write_wrapper *writer, cons + } + ret = writer->write_func(writer->context, buf, (size_t)len); + if (ret <= 0 || ret != len) { +- ERROR("Failed to write, type: %d, expect: %zd, wrote: %zd, error: %s!", writer->io_type, len, ret, strerror(errno)); ++ SYSERROR("Failed to write, type: %d, expect: %zd, wrote: %zd!", writer->io_type, len, ret); + return -1; + } + return 0; +@@ -187,7 +187,7 @@ int console_fifo_name(const char *rundir, const char *subpath, const char *stdfl + if (do_mkdirp) { + ret = util_mkdir_p(fifo_path, CONSOLE_FIFO_DIRECTORY_MODE); + if (ret < 0) { +- COMMAND_ERROR("Unable to create console fifo directory %s: %s.", fifo_path, strerror(errno)); ++ CMD_SYSERROR("Unable to create console fifo directory %s.", fifo_path); + goto out; + } + } +@@ -215,7 +215,7 @@ int console_fifo_create(const char *fifo_path) + + ret = mknod(fifo_path, S_IFIFO | S_IRUSR | S_IWUSR, (dev_t)0); + if (ret < 0 && errno != EEXIST) { +- ERROR("Failed to mknod monitor fifo %s: %s.", fifo_path, strerror(errno)); ++ SYSERROR("Failed to mknod monitor fifo %s.", fifo_path); + return -1; + } + +@@ -265,7 +265,7 @@ int console_fifo_open(const char *fifo_path, int *fdout, int flags) + + fd = util_open(fifo_path, flags, (mode_t)0); + if (fd < 0) { +- ERROR("Failed to open fifo %s to send message: %s.", fifo_path, strerror(errno)); ++ SYSERROR("Failed to open fifo %s to send message.", fifo_path); + return -1; + } + +@@ -281,7 +281,7 @@ int console_fifo_open_withlock(const char *fifo_path, int *fdout, int flags) + + fd = util_open(fifo_path, flags, 0); + if (fd < 0) { +- WARN("Failed to open fifo %s to send message: %s.", fifo_path, strerror(errno)); ++ SYSWARN("Failed to open fifo %s to send message.", fifo_path); + return -1; + } + +@@ -411,12 +411,12 @@ int console_loop_with_std_fd(int stdinfd, int stdoutfd, int stderrfd, int fifoin + if (tty) { + ret = epoll_loop_add_handler(&descr, ts.stdin_reader, console_cb_tty_stdin_with_escape, &ts); + if (ret) { +- INFO("Add handler for stdinfd faied. with error %s", strerror(errno)); ++ SYSINFO("Add handler for stdinfd faied."); + } + } else { + ret = epoll_loop_add_handler(&descr, ts.stdin_reader, console_cb_stdio_copy, &ts); + if (ret) { +- INFO("Add handler for stdinfd faied. with error %s", strerror(errno)); ++ SYSINFO("Add handler for stdinfd faied."); + } + } + } +diff --git a/src/utils/cutils/network_namespace.c b/src/utils/cutils/network_namespace.c +index 212f0bd7..0e225d9b 100644 +--- a/src/utils/cutils/network_namespace.c ++++ b/src/utils/cutils/network_namespace.c +@@ -175,7 +175,7 @@ int remove_network_namespace(const char *netns_path) + } + + if (umount_network_namespace(netns_path) != 0) { +- ERROR("Failed to umount directory %s:%s", netns_path, strerror(errno)); ++ SYSERROR("Failed to umount directory %s", netns_path); + return -1; + } + +diff --git a/src/utils/cutils/path.c b/src/utils/cutils/path.c +index d586e981..51d73445 100644 +--- a/src/utils/cutils/path.c ++++ b/src/utils/cutils/path.c +@@ -698,7 +698,7 @@ static char *find_realpath(const char *path) + + ret = (int)readlink(iter_path, target, PATH_MAX - 1); + if (ret < 0) { +- ERROR("Failed to read link of %s: %s", iter_path, strerror(errno)); ++ SYSERROR("Failed to read link of %s.", iter_path); + goto out; + } + // is not absolutely path +@@ -745,7 +745,7 @@ int util_realpath_in_scope(const char *rootfs, const char *path, char **real_pat + + int nret = snprintf(full_path, sizeof(full_path), "%s%s", rootfs, path); + if (nret < 0 || (size_t)nret >= sizeof(full_path)) { +- ERROR("sprintf error: %s", strerror(errno)); ++ SYSERROR("sprintf failed"); + ret = -1; + goto out; + } +diff --git a/src/utils/cutils/utils.c b/src/utils/cutils/utils.c +index ecd530bc..d946694c 100644 +--- a/src/utils/cutils/utils.c ++++ b/src/utils/cutils/utils.c +@@ -480,7 +480,7 @@ proc_t *util_stat2proc(const char *s, size_t len) + num = sscanf(s, "%d (%15c", &p->pid, p->cmd); + #endif + if (num != 2) { +- ERROR("Call sscanf error: %s", errno ? strerror(errno) : ""); ++ SYSERROR("Call sscanf error"); + free(p); + return NULL; + } +@@ -495,7 +495,7 @@ proc_t *util_stat2proc(const char *s, size_t len) + &p->maj_flt, &p->cmaj_flt, &p->utime, &p->stime, &p->cutime, &p->cstime, &p->priority, &p->nice, + &p->timeout, &p->it_real_value, &p->start_time); + if (num != 20) { // max arg to read +- ERROR("Call sscanf error: %s", errno ? strerror(errno) : ""); ++ SYSERROR("Call sscanf error"); + free(p); + return NULL; + } +@@ -1159,7 +1159,7 @@ static int set_echo_back(bool echo_back) + struct termios old, new; + + if (tcgetattr(STDIN_FILENO, &old)) { +- ERROR("get tc attribute failed: %s\n", strerror(errno)); ++ SYSERROR("get tc attribute failed"); + return -1; + } + +@@ -1172,7 +1172,7 @@ static int set_echo_back(bool echo_back) + } + + if (tcsetattr(STDIN_FILENO, TCSANOW, &new)) { +- ERROR("set tc attribute failed: %s\n", strerror(errno)); ++ SYSERROR("set tc attribute failed"); + return -1; + } + +@@ -1498,7 +1498,7 @@ int util_normalized_host_os_arch(char **host_os, char **host_arch, char **host_v + } + + if (uname(&uts) < 0) { +- ERROR("Failed to read host arch and os: %s", strerror(errno)); ++ SYSERROR("Failed to read host arch and os"); + return -1; + } + +@@ -1655,7 +1655,7 @@ int util_create_shm_path(const char *spath, const int64_t shm_size) + + nret = mount("shm", spath, "tmpfs", MS_NOEXEC | MS_NODEV | MS_NOSUID, shmproperty); + if (nret < 0) { +- ERROR("Mount %s failed: %s", spath, strerror(errno)); ++ SYSERROR("Mount %s failed", spath); + return -1; + } + +diff --git a/src/utils/cutils/utils_aes.c b/src/utils/cutils/utils_aes.c +index 055a9538..2eecf2d6 100644 +--- a/src/utils/cutils/utils_aes.c ++++ b/src/utils/cutils/utils_aes.c +@@ -72,13 +72,13 @@ int util_aes_key(const char *key_file, bool create, unsigned char *aeskey) + } else { + fd = open(key_file, O_RDONLY); + if (fd < 0) { +- ERROR("open key file %s failed: %s", key_file, strerror(errno)); ++ SYSERROR("open key file %s failed", key_file); + ret = -1; + goto out; + } + + if (util_read_nointr(fd, aeskey, AES_256_CFB_KEY_LEN) != AES_256_CFB_KEY_LEN) { +- ERROR("read key file %s failed: %s", key_file, strerror(errno)); ++ SYSERROR("read key file %s failed", key_file); + ret = -1; + goto out; + } +@@ -163,14 +163,14 @@ int util_aes_encode(unsigned char *aeskey, unsigned char *bytes, size_t len, uns + evp_ret = EVP_EncryptInit(ctx, cipher, aeskey, iv); + #endif + if (evp_ret != 1) { +- ERROR("init evp decrypt failed, result %d: %s", evp_ret, strerror(errno)); ++ SYSERROR("init evp decrypt failed, result %d", evp_ret); + ret = -1; + goto out; + } + + evp_ret = EVP_EncryptUpdate(ctx, (*out) + AES_256_CFB_IV_LEN, &tmp_out_len, bytes, len); + if (evp_ret != 1) { +- ERROR("evp encrypt update failed, result %d: %s", evp_ret, strerror(errno)); ++ SYSERROR("evp encrypt update failed, result %d", evp_ret); + ret = -1; + goto out; + } +@@ -182,7 +182,7 @@ int util_aes_encode(unsigned char *aeskey, unsigned char *bytes, size_t len, uns + evp_ret = EVP_EncryptFinal(ctx, (*out) + AES_256_CFB_IV_LEN + tmp_out_len, &tmp_out_len); + #endif + if (evp_ret != 1) { +- ERROR("evp encrypt final failed, result %d: %s", evp_ret, strerror(errno)); ++ SYSERROR("evp encrypt final failed, result %d", evp_ret); + ret = -1; + goto out; + } +@@ -256,7 +256,7 @@ int util_aes_decode(unsigned char *aeskey, unsigned char *bytes, size_t len, uns + evp_ret = EVP_DecryptInit(ctx, cipher, aeskey, iv); + #endif + if (evp_ret != 1) { +- ERROR("init evp decrypt failed, result %d: %s", evp_ret, strerror(errno)); ++ SYSERROR("init evp decrypt failed, result %d", evp_ret); + ret = -1; + goto out; + } +@@ -264,7 +264,7 @@ int util_aes_decode(unsigned char *aeskey, unsigned char *bytes, size_t len, uns + expected_size = len - AES_256_CFB_IV_LEN; + evp_ret = EVP_DecryptUpdate(ctx, *out, &tmp_out_len, bytes + AES_256_CFB_IV_LEN, expected_size); + if (evp_ret != 1) { +- ERROR("evp decrypt update failed, result %d: %s", evp_ret, strerror(errno)); ++ SYSERROR("evp decrypt update failed, result %d", evp_ret); + ret = -1; + goto out; + } +@@ -276,7 +276,7 @@ int util_aes_decode(unsigned char *aeskey, unsigned char *bytes, size_t len, uns + evp_ret = EVP_DecryptFinal(ctx, (*out) + tmp_out_len, &tmp_out_len); + #endif + if (evp_ret != 1) { +- ERROR("evp decrypt final failed, result %d: %s", evp_ret, strerror(errno)); ++ SYSERROR("evp decrypt final failed, result %d", evp_ret); + ret = -1; + goto out; + } +diff --git a/src/utils/cutils/utils_base64.c b/src/utils/cutils/utils_base64.c +index 3871140e..78e5ae0d 100644 +--- a/src/utils/cutils/utils_base64.c ++++ b/src/utils/cutils/utils_base64.c +@@ -47,7 +47,7 @@ int util_base64_encode(unsigned char *bytes, size_t len, char **out) + } + + if (EVP_EncodeBlock((uint8_t *)(*out), (const uint8_t *)bytes, len) == 0) { +- ERROR("Encode base64 failed: %s", strerror(errno)); ++ SYSERROR("Encode base64 failed"); + free(encoded); + return -1; + } +@@ -78,7 +78,7 @@ int util_base64_decode(const char *input, size_t len, unsigned char **out, size_ + } + + if (EVP_DecodeBase64((uint8_t *)decoded, &decoded_size, decoded_size, (const uint8_t *)input, len) == 0) { +- ERROR("Decode base64 failed: %s", strerror(errno)); ++ SYSERROR("Decode base64 failed"); + free(decoded); + return -1; + } +diff --git a/src/utils/cutils/utils_file.c b/src/utils/cutils/utils_file.c +index 8480dd94..bc22ee95 100644 +--- a/src/utils/cutils/utils_file.c ++++ b/src/utils/cutils/utils_file.c +@@ -231,7 +231,7 @@ int util_mkdir_p_userns_remap(const char *dir, mode_t mode, const char *userns_r + if (*cur_dir) { + ret = mkdir(cur_dir, mode); + if (ret != 0 && (errno != EEXIST || !util_dir_exists(cur_dir))) { +- ERROR("failed to create directory '%s': %s", cur_dir, strerror(errno)); ++ SYSERROR("failed to create directory '%s'", cur_dir); + goto err_out; + } + if (ret == 0 && userns_remap != NULL && chown(cur_dir, host_uid, host_gid) != 0) { +@@ -318,14 +318,14 @@ bool util_force_remove_file(const char *fname, int *saved_errno) + if (saved_errno != NULL && *saved_errno == 0) { + *saved_errno = errno; + } +- WARN("Failed to delete %s: %s", fname, strerror(errno)); ++ SYSWARN("Failed to delete %s", fname); + + if (mark_file_mutable(fname) != 0) { + WARN("Failed to mark file mutable"); + } + + if (unlink(fname) != 0) { +- ERROR("Failed to delete \"%s\": %s", fname, strerror(errno)); ++ SYSERROR("Failed to delete \"%s\"", fname); + return false; + } + +@@ -711,7 +711,7 @@ int util_gzip_compressed(const char *filename, bool *gzip) + + f = fopen(filename, "rb"); + if (f == NULL) { +- ERROR("Failed to open file %s: %s", filename, strerror(errno)); ++ SYSERROR("Failed to open file %s", filename); + return -1; + } + +@@ -887,7 +887,7 @@ char *util_read_text_file(const char *path) + + readlen = fread(buf, 1, (size_t)len, filp); + if (((readlen < (size_t)len) && (!feof(filp))) || (readlen > (size_t)len)) { +- ERROR("Failed to read file %s, error: %s\n", path, strerror(errno)); ++ SYSERROR("Failed to read file %s.", path); + UTIL_FREE_AND_SET_NULL(buf); + goto err_out; + } +@@ -913,7 +913,7 @@ int64_t util_file_size(const char *filename) + } + + if (stat(filename, &st)) { +- WARN("stat file %s failed: %s", filename, strerror(errno)); ++ SYSWARN("stat file %s failed", filename); + return -1; + } + +@@ -932,7 +932,7 @@ int util_scan_subdirs(const char *directory, subdir_callback_t cb, void *context + + dir = opendir(directory); + if (dir == NULL) { +- ERROR("Failed to open directory: %s error:%s", directory, strerror(errno)); ++ SYSERROR("Failed to open directory: %s", directory); + return -1; + } + +@@ -967,7 +967,7 @@ int util_list_all_subdir(const char *directory, char ***out) + + dir = opendir(directory); + if (dir == NULL) { +- ERROR("Failed to open directory: %s error:%s", directory, strerror(errno)); ++ SYSERROR("Failed to open directory: %s", directory); + return -1; + } + direntp = readdir(dir); +@@ -1115,14 +1115,14 @@ int util_write_file(const char *fname, const char *content, size_t content_len, + } + dst_fd = util_open(fname, O_WRONLY | O_CREAT | O_TRUNC, mode); + if (dst_fd < 0) { +- ERROR("Creat file: %s, failed: %s", fname, strerror(errno)); ++ SYSERROR("Creat file: %s, failed", fname); + ret = -1; + goto free_out; + } + len = util_write_nointr(dst_fd, content, content_len); + if (len < 0 || ((size_t)len) != content_len) { + ret = -1; +- ERROR("Write file failed: %s", strerror(errno)); ++ SYSERROR("Write file failed"); + goto free_out; + } + free_out: +@@ -1141,7 +1141,7 @@ char *verify_file_and_get_real_path(const char *file) + return NULL; + } + if (realpath(file, resolved_path) == NULL) { +- ERROR("Failed to get realpath: %s , %s", resolved_path, strerror(errno)); ++ SYSERROR("Failed to get realpath: %s.", resolved_path); + return NULL; + } + +@@ -1171,33 +1171,33 @@ int util_copy_file(const char *src_file, const char *dst_file, mode_t mode) + } + nret = realpath(src_file, real_src_file); + if (nret == NULL) { +- ERROR("real path: %s, return: %s", src_file, strerror(errno)); ++ SYSERROR("real path: %s failed.", src_file); + ret = -1; + return ret; + } + src_fd = util_open(real_src_file, O_RDONLY, CONFIG_FILE_MODE); + if (src_fd < 0) { +- ERROR("Open src file: %s, failed: %s", real_src_file, strerror(errno)); ++ SYSERROR("Open src file: %s, failed", real_src_file); + ret = -1; + goto free_out; + } + dst_fd = util_open(dst_file, O_WRONLY | O_CREAT | O_TRUNC, mode); + if (dst_fd < 0) { +- ERROR("Creat file: %s, failed: %s", dst_file, strerror(errno)); ++ SYSERROR("Creat file: %s, failed", dst_file); + ret = -1; + goto free_out; + } + while (true) { + ssize_t len = util_read_nointr(src_fd, buf, BUFSIZE); + if (len < 0) { +- ERROR("Read src file failed: %s", strerror(errno)); ++ SYSERROR("Read src file failed"); + ret = -1; + goto free_out; + } else if (len == 0) { + break; + } + if (util_write_nointr(dst_fd, buf, (size_t)len) != len) { +- ERROR("Write file failed: %s", strerror(errno)); ++ SYSERROR("Write file failed"); + ret = -1; + goto free_out; + } +@@ -1489,7 +1489,7 @@ static int do_atomic_write_file(const char *fname, const char *content, size_t c + + dst_fd = util_open(fname, O_WRONLY | O_CREAT | O_TRUNC, mode); + if (dst_fd < 0) { +- ERROR("Creat file: %s, failed: %s", fname, strerror(errno)); ++ SYSERROR("Creat file: %s, failed", fname); + ret = -1; + goto free_out; + } +@@ -1497,7 +1497,7 @@ static int do_atomic_write_file(const char *fname, const char *content, size_t c + len = util_write_nointr(dst_fd, content, content_len); + if (len < 0 || ((size_t)len) != content_len) { + ret = -1; +- ERROR("Write file failed: %s", strerror(errno)); ++ SYSERROR("Write file failed"); + goto free_out; + } + +@@ -1673,7 +1673,7 @@ int util_proc_file_line_by_line(FILE *fp, read_line_callback_t cb, void *context + // end of file + if (errno != 0) { + ret = -1; +- ERROR("read line failed: %s", strerror(errno)); ++ SYSERROR("read line failed"); + } + goto out; + } +@@ -1761,7 +1761,7 @@ static int copy_own(char *copy_dst, struct stat *src_stat) + struct stat dst_stat = { 0 }; + + if (lstat(copy_dst, &dst_stat) != 0) { +- ERROR("lstat %s failed: %s", copy_dst, strerror(errno)); ++ SYSERROR("lstat %s failed", copy_dst); + return -1; + } + +@@ -1770,7 +1770,7 @@ static int copy_own(char *copy_dst, struct stat *src_stat) + return 0; + } + +- ERROR("lchown %s failed: %s", copy_dst, strerror(errno)); ++ SYSERROR("lchown %s failed", copy_dst); + + return ret; + } +@@ -1782,7 +1782,7 @@ static int copy_mode(char *copy_dst, struct stat *src_stat) + } + + if (chmod(copy_dst, src_stat->st_mode) != 0) { +- ERROR("chmod %s failed: %s", copy_dst, strerror(errno)); ++ SYSERROR("chmod %s failed", copy_dst); + return -1; + } + +@@ -1795,7 +1795,7 @@ static int copy_time(char *copy_dst, struct stat *src_stat) + + // copy_dst is absolute path, so first argment is ignored. + if (utimensat(0, copy_dst, tm, AT_SYMLINK_NOFOLLOW) != 0) { +- ERROR("failed to set time of %s: %s", copy_dst, strerror(errno)); ++ SYSERROR("failed to set time of %s", copy_dst); + return -1; + } + +@@ -1806,10 +1806,10 @@ static int set_one_xattr(char *copy_dst, char *key, char *value, ssize_t size) + { + if (lsetxattr(copy_dst, key, value, size, 0) != 0) { + if (errno == ENOTSUP) { +- DEBUG("ignore copy xattr %s of %s: %s", key, copy_dst, strerror(errno)); ++ SYSDEBUG("ignore copy xattr %s of %s", key, copy_dst); + return 0; + } +- ERROR("failed to set xattr %s of %s: %s", key, copy_dst, strerror(errno)); ++ SYSERROR("failed to set xattr %s of %s", key, copy_dst); + return -1; + } + +@@ -1831,10 +1831,10 @@ static int do_copy_xattrs(char *copy_dst, char *copy_src, char *xattrs, ssize_t + size = lgetxattr(copy_src, key, NULL, 0); + if (size < 0) { + if (errno == ENOTSUP) { +- DEBUG("ignore copy xattr %s of %s: %s", key, copy_src, strerror(errno)); ++ SYSDEBUG("ignore copy xattr %s of %s", key, copy_src); + continue; + } +- ERROR("failed to get xattr %s of %s: %s", key, copy_src, strerror(errno)); ++ SYSERROR("failed to get xattr %s of %s", key, copy_src); + ret = -1; + goto out; + } +@@ -1855,10 +1855,10 @@ static int do_copy_xattrs(char *copy_dst, char *copy_src, char *xattrs, ssize_t + + if (lgetxattr(copy_src, key, value, size) < 0) { + if (errno == ENOTSUP) { +- DEBUG("ignore copy xattr %s of %s: %s", key, copy_src, strerror(errno)); ++ SYSDEBUG("ignore copy xattr %s of %s", key, copy_src); + continue; + } +- ERROR("failed to get xattr %s of %s: %s", key, copy_src, strerror(errno)); ++ SYSERROR("failed to get xattr %s of %s", key, copy_src); + ret = -1; + goto out; + } +@@ -1884,10 +1884,10 @@ static int copy_xattrs(char *copy_dst, char *copy_src) + xattrs_len = llistxattr(copy_src, NULL, 0); + if (xattrs_len < 0) { + if (errno == ENOTSUP) { +- DEBUG("ignore copy xattrs of %s: %s", copy_src, strerror(errno)); ++ SYSDEBUG("ignore copy xattrs of %s", copy_src); + return 0; + } +- ERROR("failed to get xattrs length of %s: %s", copy_src, strerror(errno)); ++ SYSERROR("failed to get xattrs length of %s", copy_src); + return -1; + } + +@@ -1904,10 +1904,10 @@ static int copy_xattrs(char *copy_dst, char *copy_src) + + if (llistxattr(copy_src, xattrs, xattrs_len) < 0) { + if (errno == ENOTSUP) { +- DEBUG("ignore copy xattrs of %s: %s", copy_src, strerror(errno)); ++ SYSDEBUG("ignore copy xattrs of %s", copy_src); + goto out; + } +- ERROR("failed to list xattrs of %s: %s", copy_src, strerror(errno)); ++ SYSERROR("failed to list xattrs of %s", copy_src); + ret = -1; + goto out; + } +@@ -1953,7 +1953,7 @@ static int copy_folder(char *copy_dst, char *copy_src) + struct stat dst_stat = { 0 }; + + if (lstat(copy_src, &src_stat) != 0) { +- ERROR("stat %s failed: %s", copy_src, strerror(errno)); ++ SYSERROR("stat %s failed", copy_src); + return -1; + } + if (!S_ISDIR(src_stat.st_mode)) { +@@ -1963,7 +1963,7 @@ static int copy_folder(char *copy_dst, char *copy_src) + + if (lstat(copy_dst, &dst_stat) != 0) { + if (mkdir(copy_dst, src_stat.st_mode) != 0) { +- ERROR("failed to mkdir %s: %s", copy_dst, strerror(errno)); ++ SYSERROR("failed to mkdir %s", copy_dst); + return -1; + } + } else if (!S_ISDIR(dst_stat.st_mode)) { +@@ -1971,7 +1971,7 @@ static int copy_folder(char *copy_dst, char *copy_src) + return -1; + } else { + if (chmod(copy_dst, src_stat.st_mode) != 0) { +- ERROR("failed to chmod %s: %s", copy_dst, strerror(errno)); ++ SYSERROR("failed to chmod %s.", copy_dst); + return -1; + } + } +@@ -1988,7 +1988,7 @@ static int copy_regular(char *copy_dst, char *copy_src, struct stat *src_stat, m + target = map_search(inodes, (void *)(&(src_stat->st_ino))); + if (target != NULL) { + if (link(target, copy_dst) != 0) { +- ERROR("failed to link %s to %s: %s", target, copy_dst, strerror(errno)); ++ SYSERROR("failed to link %s to %s", target, copy_dst); + return -1; + } + return 0; +@@ -2008,12 +2008,12 @@ static int copy_symbolic(char *copy_dst, char *copy_src) + char link[PATH_MAX] = { 0 }; + + if (readlink(copy_src, link, sizeof(link)) < 0) { +- ERROR("readlink of %s failed: %s", copy_src, strerror(errno)); ++ SYSERROR("readlink of %s failed", copy_src); + return -1; + } + + if (symlink(link, copy_dst) != 0) { +- ERROR("create symbolic %s failed: %s", copy_dst, strerror(errno)); ++ SYSERROR("create symbolic %s failed", copy_dst); + return -1; + } + +@@ -2023,7 +2023,7 @@ static int copy_symbolic(char *copy_dst, char *copy_src) + static int copy_device(char *copy_dst, char *copy_src, struct stat *src_stat) + { + if (mknod(copy_dst, src_stat->st_mode, src_stat->st_dev) != 0) { +- ERROR("mknod %s failed: %s", copy_dst, strerror(errno)); ++ SYSERROR("mknod %s failed", copy_dst); + return -1; + } + return 0; +diff --git a/src/utils/cutils/utils_fs.c b/src/utils/cutils/utils_fs.c +index ae71f3ba..63f6d2aa 100644 +--- a/src/utils/cutils/utils_fs.c ++++ b/src/utils/cutils/utils_fs.c +@@ -449,7 +449,7 @@ static int do_real_mount(const char *src, const char *dst, const char *mtype, un + if (!is_remount(src, mntflags) || (mntdata != NULL && strcmp(mntdata, "") != 0)) { + ret = mount(src, dst, mtype, oflags, mntdata); + if (ret < 0) { +- ERROR("Failed to mount from %s to %s:%s", src, dst, strerror(errno)); ++ SYSERROR("Failed to mount from %s to %s", src, dst); + goto out; + } + } +@@ -458,7 +458,7 @@ static int do_real_mount(const char *src, const char *dst, const char *mtype, un + // Change the propagation type. + ret = mount("", dst, "", mntflags & PROPAGATION_FLAGS, ""); + if (ret < 0) { +- ERROR("Failed to change the propagation type of dst %s:%s", dst, strerror(errno)); ++ SYSERROR("Failed to change the propagation type of dst %s.", dst); + goto out; + } + } +@@ -467,7 +467,7 @@ static int do_real_mount(const char *src, const char *dst, const char *mtype, un + // Remount the bind to apply read only. + ret = mount("", dst, "", oflags | MS_REMOUNT, ""); + if (ret < 0) { +- ERROR("Failed to remount the bind to apply read only of dst %s:%s", dst, strerror(errno)); ++ SYSERROR("Failed to remount the bind to apply read only of dst %s.", dst); + goto out; + } + } +@@ -576,7 +576,7 @@ static int util_mount_from_handler(const char *src, const char *dst, const char + + ret = mount(src, dst, mtype, mntflags, mntdata); + if (ret < 0) { +- ERROR("Failed to mount from %s to %s:%s", src, dst, strerror(errno)); ++ SYSERROR("Failed to mount from %s to %s.", src, dst); + goto out; + } + out: +@@ -596,7 +596,7 @@ int util_mount_from(const char *base, const char *src, const char *dst, const ch + + pid = fork(); + if (pid == (pid_t) -1) { +- ERROR("Failed to fork: %s", strerror(errno)); ++ SYSERROR("Failed to fork"); + goto cleanup; + } + +@@ -652,7 +652,7 @@ bool util_check_readonly_fs(const char *path) + continue; + } + +- ERROR("Stat fs failed: %s", strerror(errno)); ++ SYSERROR("Stat fs failed"); + return false; + } + +diff --git a/src/utils/cutils/utils_port.c b/src/utils/cutils/utils_port.c +index 583a3509..fbe143ae 100644 +--- a/src/utils/cutils/utils_port.c ++++ b/src/utils/cutils/utils_port.c +@@ -984,12 +984,12 @@ static int do_close(int sock) + if (close(sock) == 0) { + return 0; + } +- WARN("close socket failed: %s, wait to retry: %zu\n", strerror(errno), i); ++ SYSWARN("close socket failed, wait to retry: %zu\n", i); + // wait 100us to retry + usleep(10000); + } + +- ERROR("close socket failed: %s", strerror(errno)); ++ SYSERROR("close socket failed"); + return -1; + } + +@@ -1006,12 +1006,12 @@ bool util_check_port_free(int port) + + sock = socket(AF_INET, SOCK_STREAM, 0); + if (sock < 0) { +- ERROR("get socket failed: %s", strerror(errno)); ++ SYSERROR("get socket failed"); + return false; + } + + if (bind(sock, (struct sockaddr *)&s_addr, sizeof(struct sockaddr_in)) < 0) { +- ERROR("bind port failed: %s\n", strerror(errno)); ++ SYSERROR("bind port failed"); + ret = false; + } + +@@ -1036,19 +1036,19 @@ int util_get_random_port() + + sock = socket(AF_INET, SOCK_STREAM, 0); + if (sock < 0) { +- ERROR("get socket failed: %s", strerror(errno)); ++ SYSERROR("get socket failed"); + return -1; + } + + if (bind(sock, (struct sockaddr *)&s_addr, sizeof(struct sockaddr_in)) < 0) { +- ERROR("bind port failed: %s\n", strerror(errno)); ++ SYSERROR("bind port failed"); + ret = -1; + goto out; + } + + s_len = sizeof(struct sockaddr_in); + if (getsockname(sock, (struct sockaddr *)&s_addr, &s_len) == -1) { +- ERROR("getsockname failed: %s\n", strerror(errno)); ++ SYSERROR("getsockname failed"); + ret = -1; + goto out; + } +diff --git a/src/utils/cutils/utils_verify.c b/src/utils/cutils/utils_verify.c +index 67313d70..2f10f278 100644 +--- a/src/utils/cutils/utils_verify.c ++++ b/src/utils/cutils/utils_verify.c +@@ -474,7 +474,7 @@ bool util_valid_file(const char *path, uint32_t fmod) + + nret = stat(path, &s); + if (nret < 0) { +- ERROR("stat failed, error: %s", strerror(errno)); ++ SYSERROR("stat failed"); + return false; + } + +diff --git a/src/utils/http/http.c b/src/utils/http/http.c +index 5e46766d..8b74f773 100644 +--- a/src/utils/http/http.c ++++ b/src/utils/http/http.c +@@ -333,7 +333,7 @@ static int ensure_path_file(char **rpath, void *output, bool resume, FILE **page + if (resume) { + mode = "a"; + if (stat(*rpath, &st) < 0) { +- ERROR("stat %s failed: %s", *rpath, strerror(errno)); ++ SYSERROR("stat %s failed", *rpath); + return -1; + } + *fsize = (size_t)st.st_size; +diff --git a/src/utils/sha256/sha256.c b/src/utils/sha256/sha256.c +index d8e044b4..54cc2862 100644 +--- a/src/utils/sha256/sha256.c ++++ b/src/utils/sha256/sha256.c +@@ -124,7 +124,7 @@ char *sha256_digest_file(const char *filename, bool isgzip) + stream = (void *)fopen(filename, "r"); + } + if (stream == NULL) { +- ERROR("open file %s failed: %s", filename, strerror(errno)); ++ SYSERROR("open file %s failed", filename); + return NULL; + } + +@@ -259,13 +259,13 @@ static char *cal_file_digest(const char *filename) + + fp = util_fopen(filename, "r"); + if (fp == NULL) { +- ERROR("failed to open file %s: %s", filename, strerror(errno)); ++ SYSERROR("failed to open file %s.", filename); + return NULL; + } + + digest = sha256_digest_file(filename, false); + if (digest == NULL) { +- ERROR("calc digest for file %s failed: %s", filename, strerror(errno)); ++ SYSERROR("calc digest for file %s failed", filename); + goto err_out; + } + +@@ -299,7 +299,7 @@ static char *cal_gzip_digest(const char *filename) + + digest = sha256_digest_file(filename, true); + if (digest == NULL) { +- ERROR("calc digest for file %s failed: %s", filename, strerror(errno)); ++ SYSERROR("calc digest for file %s failed", filename); + goto err_out; + } + +diff --git a/src/utils/tar/isulad_tar.c b/src/utils/tar/isulad_tar.c +index 24269c70..7218cca8 100644 +--- a/src/utils/tar/isulad_tar.c ++++ b/src/utils/tar/isulad_tar.c +@@ -113,7 +113,7 @@ static int resolve_host_source_path(const char *path, bool follow_link, char **r + + if (follow_link) { + if (realpath(path, real_path) == NULL) { +- ERROR("Can not get real path of %s: %s", real_path, strerror(errno)); ++ SYSERROR("Can not get real path of %s.", real_path); + format_errorf(err, "Can not get real path of %s: %s", real_path, strerror(errno)); + return -1; + } +@@ -130,7 +130,7 @@ static int resolve_host_source_path(const char *path, bool follow_link, char **r + goto cleanup; + } + if (realpath(dirpath, real_path) == NULL) { +- ERROR("Can not get real path of %s: %s", dirpath, strerror(errno)); ++ SYSERROR("Can not get real path of %s.", dirpath); + format_errorf(err, "Can not get real path of %s: %s", dirpath, strerror(errno)); + goto cleanup; + } +@@ -191,7 +191,7 @@ struct archive_copy_info *copy_info_source_path(const char *path, bool follow_li + + nret = lstat(resolved_path, &st); + if (nret < 0) { +- ERROR("lstat %s: %s", resolved_path, strerror(errno)); ++ SYSERROR("lstat %s failed", resolved_path); + format_errorf(err, "lstat %s: %s", resolved_path, strerror(errno)); + goto cleanup; + } +@@ -225,7 +225,7 @@ static int copy_info_destination_path_ret(struct archive_copy_info *info, struct + + ret = (int)readlink(iter_path, target, PATH_MAX); + if (ret < 0) { +- ERROR("Failed to read link of %s: %s", iter_path, strerror(errno)); ++ SYSERROR("Failed to read link of %s", iter_path); + format_errorf(err, "Failed to read link of %s: %s", iter_path, strerror(errno)); + goto cleanup; + } +@@ -258,7 +258,7 @@ static int copy_info_destination_path_ret(struct archive_copy_info *info, struct + if (ret != 0) { + char *dst_parent = NULL; + if (errno != ENOENT) { +- ERROR("Can not stat %s: %s", iter_path, strerror(errno)); ++ SYSERROR("Can not stat %s", iter_path); + format_errorf(err, "Can not stat %s: %s", iter_path, strerror(errno)); + goto cleanup; + } +@@ -428,7 +428,7 @@ static int tar_resource_rebase(const char *path, const char *rebase, const char + char *srcbase = NULL; + + if (lstat(path, &st) < 0) { +- ERROR("lstat %s: %s", path, strerror(errno)); ++ SYSERROR("lstat %s failed", path); + format_errorf(err, "lstat %s: %s", path, strerror(errno)); + return -1; + } +diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c +index d2fc5488..f34572ae 100644 +--- a/src/utils/tar/util_archive.c ++++ b/src/utils/tar/util_archive.c +@@ -343,7 +343,7 @@ static int copy_data(struct archive *ar, struct archive *aw) + } + r = archive_write_data_block(aw, buff, size, offset); + if (r < ARCHIVE_OK) { +- ERROR("tar extraction error: %s, %s", archive_error_string(aw), strerror(archive_errno(aw))); ++ ERROR("tar extraction error: %s", archive_error_string(aw)); + return r; + } + } +@@ -672,7 +672,7 @@ int archive_unpack_handler(const struct io_read_wrapper *content, const struct a + ret = archive_read_open(a, mydata, NULL, read_content, NULL); + if (ret != 0) { + ERROR("Failed to open archive: %s", archive_error_string(a)); +- fprintf(stderr, "Failed to open archive: %s", strerror(errno)); ++ fprintf(stderr, "Failed to open archive: %s", archive_error_string(a)); + ret = -1; + goto out; + } +@@ -688,9 +688,8 @@ int archive_unpack_handler(const struct io_read_wrapper *content, const struct a + } + + if (ret != ARCHIVE_OK) { +- ERROR("Warning reading tar header: %s, %s", archive_error_string(a), strerror(archive_errno(a))); +- (void)fprintf(stderr, "Warning reading tar header: %s, %s", archive_error_string(a), +- strerror(archive_errno(a))); ++ ERROR("Warning reading tar header: %s", archive_error_string(a)); ++ (void)fprintf(stderr, "Warning reading tar header: %s", archive_error_string(a)); + ret = -1; + goto out; + } +@@ -724,26 +723,23 @@ int archive_unpack_handler(const struct io_read_wrapper *content, const struct a + + ret = archive_write_header(ext, entry); + if (ret != ARCHIVE_OK) { +- ERROR("Fail to handle tar header: %s, %s", archive_error_string(ext), strerror(archive_errno(ext))); +- (void)fprintf(stderr, "Fail to handle tar header: %s, %s", archive_error_string(ext), +- strerror(archive_errno(ext))); ++ ERROR("Fail to handle tar header: %s", archive_error_string(ext)); ++ (void)fprintf(stderr, "Fail to handle tar header: %s", archive_error_string(ext)); + ret = -1; + goto out; + } else if (archive_entry_size(entry) > 0) { + ret = copy_data(a, ext); + if (ret != ARCHIVE_OK) { +- ERROR("Failed to do copy tar data: %s, %s", archive_error_string(ext), strerror(archive_errno(ext))); +- (void)fprintf(stderr, "Failed to do copy tar data: %s, %s", archive_error_string(ext), +- strerror(archive_errno(ext))); ++ ERROR("Failed to do copy tar data: %s", archive_error_string(ext)); ++ (void)fprintf(stderr, "Failed to do copy tar data: %s", archive_error_string(ext)); + ret = -1; + goto out; + } + } + ret = archive_write_finish_entry(ext); + if (ret != ARCHIVE_OK) { +- ERROR("Failed to freeing archive entry: %s, %s", archive_error_string(ext), strerror(archive_errno(ext))); +- (void)fprintf(stderr, "Failed to freeing archive entry: %s, %s", archive_error_string(ext), +- strerror(archive_errno(ext))); ++ ERROR("Failed to freeing archive entry: %s", archive_error_string(ext)); ++ (void)fprintf(stderr, "Failed to freeing archive entry: %s", archive_error_string(ext)); + ret = -1; + goto out; + } +@@ -824,7 +820,7 @@ int archive_unpack(const struct io_read_wrapper *content, const char *dstdir, co + + pid = fork(); + if (pid == (pid_t) -1) { +- ERROR("Failed to fork: %s", strerror(errno)); ++ SYSERROR("Failed to fork"); + goto cleanup; + } + +@@ -844,7 +840,7 @@ int archive_unpack(const struct io_read_wrapper *content, const char *dstdir, co + + // child process, dup2 pipe_for_read[1] to stderr, + if (dup2(pipe_stderr[1], 2) < 0) { +- ERROR("Dup fd error: %s", strerror(errno)); ++ SYSERROR("Dup fd error"); + ret = -1; + goto child_out; + } +@@ -876,7 +872,7 @@ child_out: + + ret = util_wait_for_pid(pid); + if (ret != 0) { +- ERROR("Wait archive_untar_handler failed with error:%s", strerror(errno)); ++ SYSERROR("Wait archive_untar_handler failed"); + fcntl(pipe_stderr[0], F_SETFL, O_NONBLOCK); + if (util_read_nointr(pipe_stderr[0], errbuf, BUFSIZ) < 0) { + ERROR("read error message from child failed"); +@@ -918,22 +914,21 @@ bool valid_archive_format(const char *file) + + ret = archive_read_support_filter_all(read_archive); + if (ret != ARCHIVE_OK) { +- ERROR("Failed to set archive read support filter all, result is %d, errmsg: %s, %s", ret, +- archive_error_string(read_archive), strerror(archive_errno(read_archive))); ++ ERROR("Failed to set archive read support filter all, result is %d, errmsg: %s", ret, ++ archive_error_string(read_archive)); + goto out; + } + + ret = archive_read_support_format_all(read_archive); + if (ret != ARCHIVE_OK) { +- ERROR("Failed to set archive read support format all, result is %d, errmsg: %s, %s", ret, +- archive_error_string(read_archive), strerror(archive_errno(read_archive))); ++ ERROR("Failed to set archive read support format all, result is %d, errmsg: %s", ret, ++ archive_error_string(read_archive)); + goto out; + } + + ret = archive_read_open_filename(read_archive, file, ARCHIVE_READ_BUFFER_SIZE); + if (ret != ARCHIVE_OK) { +- ERROR("Failed to open archive %s: %s, %s", file, archive_error_string(read_archive), +- strerror(archive_errno(read_archive))); ++ ERROR("Failed to open archive %s: %s", file, archive_error_string(read_archive)); + goto out; + } + +@@ -944,15 +939,13 @@ bool valid_archive_format(const char *file) + goto out; + } + if (ret != ARCHIVE_OK) { +- ERROR("Failed to read next header for file %s: %s, %s", file, archive_error_string(read_archive), +- strerror(archive_errno(read_archive))); ++ ERROR("Failed to read next header for file %s: %s", file, archive_error_string(read_archive)); + goto out; + } + + out: + if (archive_read_free(read_archive) != ARCHIVE_OK) { +- ERROR("Failed to free archive %s: %s, %s", file, archive_error_string(read_archive), +- strerror(archive_errno(read_archive))); ++ ERROR("Failed to free archive %s: %s", file, archive_error_string(read_archive)); + } + read_archive = NULL; + +@@ -979,19 +972,15 @@ static int copy_data_between_archives(struct archive *ar, struct archive *aw) + goto out; + } + if (size < 0) { +- ERROR("tar archive read result %d, error: %s, %s", ret, archive_error_string(ar), +- strerror(archive_errno(ar))); +- (void)fprintf(stderr, "tar archive read result %d, error: %s, %s", ret, archive_error_string(ar), +- strerror(archive_errno(ar))); ++ ERROR("tar archive read result %d, error: %s", ret, archive_error_string(ar)); ++ (void)fprintf(stderr, "tar archive read result %d, error: %s", ret, archive_error_string(ar)); + ret = ARCHIVE_FAILED; + goto out; + } + ret = archive_write_data(aw, buff, size); + if (ret < ARCHIVE_OK) { +- ERROR("tar archive write result %d, error: %s, %s", ret, archive_error_string(aw), +- strerror(archive_errno(aw))); +- (void)fprintf(stderr, "tar archive write result %d, error: %s, %s", ret, archive_error_string(aw), +- strerror(archive_errno(aw))); ++ ERROR("tar archive write result %d, error: %s", ret, archive_error_string(aw)); ++ (void)fprintf(stderr, "tar archive write result %d, error: %s", ret, archive_error_string(aw)); + goto out; + } + } +@@ -1064,8 +1053,8 @@ int tar_handler(struct archive *r, struct archive *w, const char *src_base, cons + } + + if (ret != ARCHIVE_OK) { +- ERROR("read from disk failed: %s, %s", archive_error_string(r), strerror(archive_errno(r))); +- (void)fprintf(stderr, "read from disk failed: %s, %s", archive_error_string(r), strerror(archive_errno(r))); ++ ERROR("read from disk failed: %s", archive_error_string(r)); ++ (void)fprintf(stderr, "read from disk failed: %s", archive_error_string(r)); + break; + } + +@@ -1083,37 +1072,34 @@ int tar_handler(struct archive *r, struct archive *w, const char *src_base, cons + } + ret = archive_write_header(w, entry); + if (ret != ARCHIVE_OK) { +- ERROR("Fail to write tar header: %s, %s\nlink:%s target:%s", archive_error_string(w), +- strerror(archive_errno(w)), archive_entry_pathname(entry), archive_entry_hardlink(entry)); +- (void)fprintf(stderr, "Fail to write tar header: %s, %s\nlink:%s target:%s\n", archive_error_string(w), +- strerror(archive_errno(w)), archive_entry_pathname(entry), archive_entry_hardlink(entry)); ++ ERROR("Fail to write tar header: %s.\nlink:%s target:%s", archive_error_string(w), ++ archive_entry_pathname(entry), archive_entry_hardlink(entry)); ++ (void)fprintf(stderr, "Fail to write tar header: %s.\nlink:%s target:%s\n", archive_error_string(w), ++ archive_entry_pathname(entry), archive_entry_hardlink(entry)); + break; + } + + if (archive_entry_size(entry) > 0) { + ret = copy_data_between_archives(r, w); + if (ret != ARCHIVE_OK) { +- ERROR("Failed to do copy data: %s, %s", archive_error_string(w), strerror(archive_errno(w))); +- (void)fprintf(stderr, "Failed to do copy data: %s, %s\n", archive_error_string(w), +- strerror(archive_errno(w))); ++ ERROR("Failed to do copy data: %s", archive_error_string(w)); ++ (void)fprintf(stderr, "Failed to do copy data: %s\n", archive_error_string(w)); + break; + } + } + + ret = archive_write_finish_entry(w); + if (ret != ARCHIVE_OK) { +- ERROR("Failed to freeing archive entry: %s, %s", archive_error_string(w), strerror(archive_errno(w))); +- (void)fprintf(stderr, "Failed to freeing archive entry: %s, %s\n", archive_error_string(w), +- strerror(archive_errno(w))); ++ ERROR("Failed to freeing archive entry: %s", archive_error_string(w)); ++ (void)fprintf(stderr, "Failed to freeing archive entry: %s\n", archive_error_string(w)); + break; + } + + if (archive_entry_filetype(entry) == AE_IFDIR) { + ret = archive_read_disk_descend(r); + if (ret != ARCHIVE_OK) { +- ERROR("read disk descend failed: %s, %s", archive_error_string(w), strerror(archive_errno(w))); +- (void)fprintf(stderr, "read disk descend failed: %s, %s\n", archive_error_string(w), +- strerror(archive_errno(w))); ++ ERROR("read disk descend failed: %s", archive_error_string(w)); ++ (void)fprintf(stderr, "read disk descend failed: %s\n", archive_error_string(w)); + break; + } + } +@@ -1169,9 +1155,8 @@ static int tar_all(const struct io_write_wrapper *writer, const char *tar_dir, c + archive_read_disk_set_behavior(r, ARCHIVE_READDISK_NO_TRAVERSE_MOUNTS); + ret = archive_read_disk_open(r, tar_dir); + if (ret != ARCHIVE_OK) { +- ERROR("open archive read failed: %s, %s", archive_error_string(r), strerror(archive_errno(r))); +- (void)fprintf(stderr, "open archive read failed: %s, %s\n", archive_error_string(r), +- strerror(archive_errno(r))); ++ ERROR("open archive read failed: %s", archive_error_string(r)); ++ (void)fprintf(stderr, "open archive read failed: %s\n", archive_error_string(r)); + goto out; + } + +@@ -1186,9 +1171,8 @@ static int tar_all(const struct io_write_wrapper *writer, const char *tar_dir, c + archive_write_set_options(w, "xattrheader=SCHILY"); + ret = archive_write_open(w, (void *)writer, NULL, stream_write_data, NULL); + if (ret != ARCHIVE_OK) { +- ERROR("open archive write failed: %s, %s", archive_error_string(w), strerror(archive_errno(w))); +- (void)fprintf(stderr, "open archive write failed: %s, %s\n", archive_error_string(w), +- strerror(archive_errno(w))); ++ ERROR("open archive write failed: %s", archive_error_string(w)); ++ (void)fprintf(stderr, "open archive write failed: %s\n", archive_error_string(w)); + goto out; + } + +@@ -1261,14 +1245,14 @@ int archive_chroot_tar(const char *path, const char *file, const char *root_dir, + + // child process, dup2 pipe_for_read[1] to stderr, + if (dup2(pipe_for_read[1], 2) < 0) { +- ERROR("Dup fd error: %s", strerror(errno)); ++ SYSERROR("Dup fd failed"); + ret = -1; + goto child_out; + } + + fd = open(file, TAR_DEFAULT_FLAG, TAR_DEFAULT_MODE); + if (fd < 0) { +- ERROR("Failed to open file %s for export: %s", file, strerror(errno)); ++ SYSERROR("Failed to open file %s for export", file); + fprintf(stderr, "Failed to open file %s for export: %s\n", file, strerror(errno)); + ret = -1; + goto child_out; +@@ -1477,17 +1461,17 @@ int archive_chroot_untar_stream(const struct io_read_wrapper *context, const cha + } + + if (pipe(pipe_stderr) != 0) { +- ERROR("Failed to create pipe: %s", strerror(errno)); ++ SYSERROR("Failed to create pipe"); + goto cleanup; + } + if (pipe(pipe_stream) != 0) { +- ERROR("Failed to create pipe: %s", strerror(errno)); ++ SYSERROR("Failed to create pipe"); + goto cleanup; + } + + pid = fork(); + if (pid == (pid_t) -1) { +- ERROR("Failed to fork: %s", strerror(errno)); ++ SYSERROR("Failed to fork"); + goto cleanup; + } + +@@ -1506,7 +1490,7 @@ int archive_chroot_untar_stream(const struct io_read_wrapper *context, const cha + + // child process, dup2 pipe_stderr[1] to stderr, + if (dup2(pipe_stderr[1], 2) < 0) { +- ERROR("Dup fd error: %s", strerror(errno)); ++ SYSERROR("Dup fd error"); + ret = -1; + goto child_out; + } +@@ -1562,7 +1546,7 @@ child_out: + while (read_len > 0) { + ssize_t writed_len = archive_context_write(ctx, buf, (size_t)read_len); + if (writed_len < 0) { +- DEBUG("Tar may exited: %s", strerror(errno)); ++ SYSDEBUG("Tar may exited"); + break; + } + read_len = context->read(context->context, buf, buf_len); +@@ -1613,17 +1597,17 @@ int archive_chroot_tar_stream(const char *chroot_dir, const char *tar_path, cons + } + + if (pipe(pipe_stderr) != 0) { +- ERROR("Failed to create pipe: %s", strerror(errno)); ++ SYSERROR("Failed to create pipe"); + goto free_out; + } + if (pipe(pipe_stream) != 0) { +- ERROR("Failed to create pipe: %s", strerror(errno)); ++ SYSERROR("Failed to create pipe"); + goto free_out; + } + + pid = fork(); + if (pid == (pid_t) -1) { +- ERROR("Failed to fork: %s", strerror(errno)); ++ SYSERROR("Failed to fork"); + goto free_out; + } + +@@ -1645,7 +1629,7 @@ int archive_chroot_tar_stream(const char *chroot_dir, const char *tar_path, cons + + // child process, dup2 pipe_stderr[1] to stderr, + if (dup2(pipe_stderr[1], 2) < 0) { +- ERROR("Dup fd error: %s", strerror(errno)); ++ SYSERROR("Dup fd error"); + ret = -1; + goto child_out; + } +diff --git a/src/utils/tar/util_gzip.c b/src/utils/tar/util_gzip.c +index bf649300..0c8c8372 100644 +--- a/src/utils/tar/util_gzip.c ++++ b/src/utils/tar/util_gzip.c +@@ -42,13 +42,13 @@ int util_gzip_z(const char *srcfile, const char *dstfile, const mode_t mode) + + srcfd = util_open(srcfile, O_RDONLY, SECURE_CONFIG_FILE_MODE); + if (srcfd < 0) { +- ERROR("Open src file: %s, failed: %s", srcfile, strerror(errno)); ++ SYSERROR("Open src file: %s, failed", srcfile); + return -1; + } + + stream = gzopen(dstfile, "w"); + if (stream == NULL) { +- ERROR("gzopen %s error: %s", dstfile, strerror(errno)); ++ SYSERROR("gzopen %s failed", dstfile); + close(srcfd); + return -1; + } +@@ -64,7 +64,7 @@ int util_gzip_z(const char *srcfile, const char *dstfile, const mode_t mode) + int n; + size = util_read_nointr(srcfd, buffer, BLKSIZE); + if (size < 0) { +- ERROR("read file %s failed: %s", srcfile, strerror(errno)); ++ SYSERROR("read file %s failed", srcfile); + ret = -1; + break; + } else if (size == 0) { +@@ -92,7 +92,7 @@ out: + free(buffer); + if (ret != 0) { + if (util_path_remove(dstfile) != 0) { +- ERROR("Remove file %s failed: %s", dstfile, strerror(errno)); ++ SYSERROR("Remove file %s failed", dstfile); + } + } + +@@ -115,7 +115,7 @@ int util_gzip_d(const char *srcfile, const FILE *dstfp) + + stream = gzopen(srcfile, "r"); + if (stream == NULL) { +- ERROR("gzopen %s failed: %s", srcfile, strerror(errno)); ++ SYSERROR("gzopen %s failed", srcfile); + return -1; + } + +@@ -142,7 +142,7 @@ int util_gzip_d(const char *srcfile, const FILE *dstfp) + size = fwrite(buffer, 1, n, (FILE *)dstfp); + if (size != n) { + ret = -1; +- ERROR("Write file failed: %s", strerror(errno)); ++ SYSERROR("Write file failed"); + break; + } + } +-- +2.40.1 + diff --git a/0010-do-not-report-low-level-error-to-user.patch b/0010-do-not-report-low-level-error-to-user.patch new file mode 100644 index 0000000..b86e5bf --- /dev/null +++ b/0010-do-not-report-low-level-error-to-user.patch @@ -0,0 +1,358 @@ +From ab03fdd4261ebc11f18e3b783dfc38558e5247b5 Mon Sep 17 00:00:00 2001 +From: haozi007 <liuhao27@huawei.com> +Date: Wed, 6 Sep 2023 10:45:37 +0800 +Subject: [PATCH 10/33] do not report low level error to user + +Signed-off-by: haozi007 <liuhao27@huawei.com> +--- + src/daemon/entry/cri/cri_helpers.cc | 4 ++-- + .../v1alpha/cri_container_manager_service.cc | 3 ++- + src/daemon/executor/container_cb/execution.c | 4 ++-- + .../executor/container_cb/execution_network.c | 17 ++++++++--------- + .../executor/container_cb/execution_stream.c | 4 ++-- + src/daemon/modules/container/container_unix.c | 2 +- + src/daemon/modules/image/external/ext_image.c | 4 ++-- + src/daemon/modules/image/oci/oci_load.c | 2 +- + .../modules/runtime/engines/lcr/lcr_rt_ops.c | 3 +-- + src/daemon/modules/service/service_container.c | 2 +- + src/daemon/modules/spec/verify.c | 2 +- + src/daemon/modules/volume/local.c | 8 ++++---- + src/utils/tar/isulad_tar.c | 16 ++++++++-------- + src/utils/tar/util_archive.c | 12 ++++++------ + 14 files changed, 41 insertions(+), 42 deletions(-) + +diff --git a/src/daemon/entry/cri/cri_helpers.cc b/src/daemon/entry/cri/cri_helpers.cc +index a80ec7d0..2e1096f5 100644 +--- a/src/daemon/entry/cri/cri_helpers.cc ++++ b/src/daemon/entry/cri/cri_helpers.cc +@@ -540,8 +540,8 @@ void RemoveContainerLogSymlink(const std::string &containerID, Errors &error) + if (path != nullptr) { + // Only remove the symlink when container log path is specified. + if (util_path_remove(path) != 0 && errno != ENOENT) { +- error.Errorf("Failed to remove container %s log symlink %s: %s", containerID.c_str(), path, +- strerror(errno)); ++ SYSERROR("Failed to remove container %s log symlink %s.", containerID.c_str(), path); ++ error.Errorf("Failed to remove container %s log symlink %s.", containerID.c_str(), path); + goto cleanup; + } + } +diff --git a/src/daemon/entry/cri/v1alpha/cri_container_manager_service.cc b/src/daemon/entry/cri/v1alpha/cri_container_manager_service.cc +index b4faab95..013b938a 100644 +--- a/src/daemon/entry/cri/v1alpha/cri_container_manager_service.cc ++++ b/src/daemon/entry/cri/v1alpha/cri_container_manager_service.cc +@@ -547,8 +547,9 @@ void ContainerManagerService::CreateContainerLogSymlink(const std::string &conta + WARN("Deleted previously existing symlink file: %s", path); + } + if (symlink(realPath, path) != 0) { ++ SYSERROR("failed to create symbolic link %s to the container log file %s for container %s", path, realPath, containerID.c_str()); + error.Errorf("failed to create symbolic link %s to the container log file %s for container %s: %s", path, +- realPath, containerID.c_str(), strerror(errno)); ++ realPath, containerID.c_str()); + goto cleanup; + } + } else { +diff --git a/src/daemon/executor/container_cb/execution.c b/src/daemon/executor/container_cb/execution.c +index d3571b7f..63d8143c 100644 +--- a/src/daemon/executor/container_cb/execution.c ++++ b/src/daemon/executor/container_cb/execution.c +@@ -345,13 +345,13 @@ static int maybe_create_cpu_realtime_file(int64_t value, const char *file, const + fd = util_open(fpath, O_WRONLY | O_TRUNC | O_CREAT | O_CLOEXEC, 0700); + if (fd < 0) { + SYSERROR("Failed to open file: %s.", fpath); +- isulad_set_error_message("Failed to open file: %s: %s", fpath, strerror(errno)); ++ isulad_set_error_message("Failed to open file: %s.", fpath); + return -1; + } + nwrite = util_write_nointr(fd, buf, strlen(buf)); + if (nwrite < 0 || (size_t)nwrite != strlen(buf)) { + SYSERROR("Failed to write %s to %s.", buf, fpath); +- isulad_set_error_message("Failed to write '%s' to '%s': %s", buf, fpath, strerror(errno)); ++ isulad_set_error_message("Failed to write '%s' to '%s'.", buf, fpath); + return -1; + } + +diff --git a/src/daemon/executor/container_cb/execution_network.c b/src/daemon/executor/container_cb/execution_network.c +index ce924332..a145e33a 100644 +--- a/src/daemon/executor/container_cb/execution_network.c ++++ b/src/daemon/executor/container_cb/execution_network.c +@@ -68,8 +68,8 @@ static int write_hostname_to_file(const char *rootfs, const char *hostname) + + ret = util_write_file(file_path, hostname, strlen(hostname), NETWORK_MOUNT_FILE_MODE); + if (ret) { +- SYSERROR("Failed to write %s", file_path); +- isulad_set_error_message("Failed to write %s: %s", file_path, strerror(errno)); ++ SYSERROR("Failed to write %s.", file_path); ++ isulad_set_error_message("Failed to write %s.", file_path); + goto out; + } + +@@ -97,8 +97,8 @@ static int fopen_network(FILE **fp, char **file_path, const char *rootfs, const + + *fp = util_fopen(*file_path, "a+"); + if (*fp == NULL) { +- SYSERROR("Failed to open %s", *file_path); +- isulad_set_error_message("Failed to open %s: %s", *file_path, strerror(errno)); ++ SYSERROR("Failed to open %s.", *file_path); ++ isulad_set_error_message("Failed to open %s.", *file_path); + return -1; + } + return 0; +@@ -169,8 +169,8 @@ static int write_content_to_file(const char *file_path, const char *content) + if (content != NULL) { + ret = util_write_file(file_path, content, strlen(content), NETWORK_MOUNT_FILE_MODE); + if (ret != 0) { +- SYSERROR("Failed to write file %s", file_path); +- isulad_set_error_message("Failed to write file %s: %s", file_path, strerror(errno)); ++ SYSERROR("Failed to write file %s.", file_path); ++ isulad_set_error_message("Failed to write file %s.", file_path); + return ret; + } + } +@@ -702,9 +702,8 @@ static int chown_network(const char *user_remap, const char *rootfs, const char + goto out; + } + if (chown(file_path, host_uid, host_gid) != 0) { +- SYSERROR("Failed to chown network file '%s' to %u:%u", filename, host_uid, host_gid); +- isulad_set_error_message("Failed to chown network file '%s' to %u:%u: %s", filename, host_uid, host_gid, +- strerror(errno)); ++ SYSERROR("Failed to chown network file '%s' to %u:%u.", filename, host_uid, host_gid); ++ isulad_set_error_message("Failed to chown network file '%s' to %u:%u.", filename, host_uid, host_gid); + ret = -1; + goto out; + } +diff --git a/src/daemon/executor/container_cb/execution_stream.c b/src/daemon/executor/container_cb/execution_stream.c +index 7e84cca3..aae9c234 100644 +--- a/src/daemon/executor/container_cb/execution_stream.c ++++ b/src/daemon/executor/container_cb/execution_stream.c +@@ -536,7 +536,7 @@ static container_path_stat *do_container_stat_path(const char *rootpath, const c + nret = lstat(resolvedpath, &st); + if (nret < 0) { + SYSERROR("lstat %s failed.", resolvedpath); +- isulad_set_error_message("lstat %s: %s", resolvedpath, strerror(errno)); ++ isulad_set_error_message("lstat %s failed.", resolvedpath); + goto cleanup; + } + +@@ -922,7 +922,7 @@ static int copy_to_container_check_path_valid(const container_t *cont, const cha + nret = lstat(resolvedpath, &st); + if (nret < 0) { + SYSERROR("lstat %s failed", resolvedpath); +- isulad_set_error_message("lstat %s: %s", resolvedpath, strerror(errno)); ++ isulad_set_error_message("lstat %s failed", resolvedpath); + goto cleanup; + } + +diff --git a/src/daemon/modules/container/container_unix.c b/src/daemon/modules/container/container_unix.c +index e8c98441..fa53a85f 100644 +--- a/src/daemon/modules/container/container_unix.c ++++ b/src/daemon/modules/container/container_unix.c +@@ -518,7 +518,7 @@ static int save_json_config_file(const char *id, const char *rootpath, const cha + nret = util_atomic_write_file(filename, json_data, strlen(json_data), CONFIG_FILE_MODE, false); + if (nret != 0) { + SYSERROR("Write file %s failed.", filename); +- isulad_set_error_message("Write file '%s' failed: %s", filename, strerror(errno)); ++ isulad_set_error_message("Write file '%s' failed.", filename); + ret = -1; + } + +diff --git a/src/daemon/modules/image/external/ext_image.c b/src/daemon/modules/image/external/ext_image.c +index 10af82a3..e1706469 100644 +--- a/src/daemon/modules/image/external/ext_image.c ++++ b/src/daemon/modules/image/external/ext_image.c +@@ -65,8 +65,8 @@ int ext_prepare_rf(const im_prepare_request *request, char **real_rootfs) + return -1; + } + if (realpath(request->rootfs, real_path) == NULL) { +- SYSERROR("Failed to clean rootfs path '%s'", request->rootfs); +- isulad_set_error_message("Failed to clean rootfs path '%s': %s", request->rootfs, strerror(errno)); ++ SYSERROR("Failed to clean rootfs path '%s'.", request->rootfs); ++ isulad_set_error_message("Failed to clean rootfs path '%s'.", request->rootfs); + return -1; + } + *real_rootfs = util_strdup_s(real_path); +diff --git a/src/daemon/modules/image/oci/oci_load.c b/src/daemon/modules/image/oci/oci_load.c +index d2efab81..5511a70c 100644 +--- a/src/daemon/modules/image/oci/oci_load.c ++++ b/src/daemon/modules/image/oci/oci_load.c +@@ -1046,7 +1046,7 @@ static char *oci_load_path_create() + + if (mkdtemp(tmp_dir) == NULL) { + SYSERROR("make temporary dir failed"); +- isulad_try_set_error_message("make temporary dir failed: %s", strerror(errno)); ++ isulad_try_set_error_message("make temporary dir failed"); + ret = -1; + goto out; + } +diff --git a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c +index e985cfc1..f61316d0 100644 +--- a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c ++++ b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c +@@ -209,9 +209,8 @@ static int remove_container_rootpath(const char *id, const char *root_path) + } + ret = util_recursive_rmdir(cont_root_path, 0); + if (ret != 0) { +- const char *tmp_err = (errno != 0) ? strerror(errno) : "error"; + SYSERROR("Failed to delete container's root directory %s.", cont_root_path); +- isulad_set_error_message("Failed to delete container's root directory %s: %s", cont_root_path, tmp_err); ++ isulad_set_error_message("Failed to delete container's root directory %s.", cont_root_path); + ret = -1; + goto out; + } +diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c +index 483670de..370ba059 100644 +--- a/src/daemon/modules/service/service_container.c ++++ b/src/daemon/modules/service/service_container.c +@@ -596,7 +596,7 @@ static int valid_mount_point(container_config_v2_common_config_mount_points_elem + + if (lstat(mp->source, &st) != 0) { + SYSERROR("lstat %s failed", mp->source); +- isulad_set_error_message("lstat %s: %s", mp->source, strerror(errno)); ++ isulad_set_error_message("lstat %s failed", mp->source); + return -1; + } + +diff --git a/src/daemon/modules/spec/verify.c b/src/daemon/modules/spec/verify.c +index 6180b887..92029cbd 100644 +--- a/src/daemon/modules/spec/verify.c ++++ b/src/daemon/modules/spec/verify.c +@@ -1536,7 +1536,7 @@ static int verify_custom_mount(defs_mount **mounts, size_t len) + if (!util_file_exists(iter->source) && util_mkdir_p(iter->source, mode)) { + #endif + SYSERROR("Failed to create directory '%s'", iter->source); +- isulad_try_set_error_message("Failed to create directory '%s': %s", iter->source, strerror(errno)); ++ isulad_try_set_error_message("Failed to create directory '%s'", iter->source); + ret = -1; + goto out; + } +diff --git a/src/daemon/modules/volume/local.c b/src/daemon/modules/volume/local.c +index 7f95757d..6c3354dc 100644 +--- a/src/daemon/modules/volume/local.c ++++ b/src/daemon/modules/volume/local.c +@@ -556,15 +556,15 @@ static int remove_volume_dir(char *path) + // remain untouched if we remove the data directory failed. + ret = util_recursive_rmdir(path, 0); + if (ret != 0) { +- SYSERROR("failed to remove volume data dir %s", path); +- isulad_try_set_error_message("failed to remove volume data dir %s: %s", path, strerror(errno)); ++ SYSERROR("failed to remove volume data dir %s.", path); ++ isulad_try_set_error_message("failed to remove volume data dir %s.", path); + goto out; + } + + ret = util_recursive_rmdir(vol_dir, 0); + if (ret != 0) { +- SYSERROR("failed to remove volume dir %s", vol_dir); +- isulad_try_set_error_message("failed to remove volume dir %s: %s", vol_dir, strerror(errno)); ++ SYSERROR("failed to remove volume dir %s.", vol_dir); ++ isulad_try_set_error_message("failed to remove volume dir %s.", vol_dir); + goto out; + } + +diff --git a/src/utils/tar/isulad_tar.c b/src/utils/tar/isulad_tar.c +index 7218cca8..bffbb43b 100644 +--- a/src/utils/tar/isulad_tar.c ++++ b/src/utils/tar/isulad_tar.c +@@ -114,7 +114,7 @@ static int resolve_host_source_path(const char *path, bool follow_link, char **r + if (follow_link) { + if (realpath(path, real_path) == NULL) { + SYSERROR("Can not get real path of %s.", real_path); +- format_errorf(err, "Can not get real path of %s: %s", real_path, strerror(errno)); ++ format_errorf(err, "Can not get real path of %s.", real_path); + return -1; + } + nret = get_rebase_name(path, real_path, resolved_path, rebase_name); +@@ -131,7 +131,7 @@ static int resolve_host_source_path(const char *path, bool follow_link, char **r + } + if (realpath(dirpath, real_path) == NULL) { + SYSERROR("Can not get real path of %s.", dirpath); +- format_errorf(err, "Can not get real path of %s: %s", dirpath, strerror(errno)); ++ format_errorf(err, "Can not get real path of %s.", dirpath); + goto cleanup; + } + nret = snprintf(resolved, sizeof(resolved), "%s/%s", real_path, basepath); +@@ -192,7 +192,7 @@ struct archive_copy_info *copy_info_source_path(const char *path, bool follow_li + nret = lstat(resolved_path, &st); + if (nret < 0) { + SYSERROR("lstat %s failed", resolved_path); +- format_errorf(err, "lstat %s: %s", resolved_path, strerror(errno)); ++ format_errorf(err, "lstat %s failed", resolved_path); + goto cleanup; + } + +@@ -225,8 +225,8 @@ static int copy_info_destination_path_ret(struct archive_copy_info *info, struct + + ret = (int)readlink(iter_path, target, PATH_MAX); + if (ret < 0) { +- SYSERROR("Failed to read link of %s", iter_path); +- format_errorf(err, "Failed to read link of %s: %s", iter_path, strerror(errno)); ++ SYSERROR("Failed to read link of %s.", iter_path); ++ format_errorf(err, "Failed to read link of %s.", iter_path); + goto cleanup; + } + // is not absolutely path +@@ -258,8 +258,8 @@ static int copy_info_destination_path_ret(struct archive_copy_info *info, struct + if (ret != 0) { + char *dst_parent = NULL; + if (errno != ENOENT) { +- SYSERROR("Can not stat %s", iter_path); +- format_errorf(err, "Can not stat %s: %s", iter_path, strerror(errno)); ++ SYSERROR("Can not stat %s.", iter_path); ++ format_errorf(err, "Can not stat %s.", iter_path); + goto cleanup; + } + +@@ -429,7 +429,7 @@ static int tar_resource_rebase(const char *path, const char *rebase, const char + + if (lstat(path, &st) < 0) { + SYSERROR("lstat %s failed", path); +- format_errorf(err, "lstat %s: %s", path, strerror(errno)); ++ format_errorf(err, "lstat %s failed", path); + return -1; + } + if (util_split_path_dir_entry(path, &srcdir, &srcbase) < 0) { +diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c +index f34572ae..82194654 100644 +--- a/src/utils/tar/util_archive.c ++++ b/src/utils/tar/util_archive.c +@@ -257,8 +257,8 @@ static int do_safe_chroot(const char *dstdir) + prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); + + if (chroot(dstdir) != 0) { +- SYSERROR("Failed to chroot to %s", dstdir); +- fprintf(stderr, "Failed to chroot to %s: %s", dstdir, strerror(errno)); ++ SYSERROR("Failed to chroot to %s.", dstdir); ++ fprintf(stderr, "Failed to chroot to %s.", dstdir); + return -1; + } + +@@ -846,15 +846,15 @@ int archive_unpack(const struct io_read_wrapper *content, const char *dstdir, co + } + + if (do_safe_chroot(safe_dir) != 0) { +- SYSERROR("Failed to chroot to %s", safe_dir); +- fprintf(stderr, "Failed to chroot to %s: %s", safe_dir, strerror(errno)); ++ SYSERROR("Failed to chroot to %s.", safe_dir); ++ fprintf(stderr, "Failed to chroot to %s.", safe_dir); + ret = -1; + goto child_out; + } + + if (chdir("/") != 0) { + SYSERROR("Failed to chroot to /"); +- fprintf(stderr, "Failed to chroot to /: %s", strerror(errno)); ++ fprintf(stderr, "Failed to chroot to /"); + ret = -1; + goto child_out; + } +@@ -1253,7 +1253,7 @@ int archive_chroot_tar(const char *path, const char *file, const char *root_dir, + fd = open(file, TAR_DEFAULT_FLAG, TAR_DEFAULT_MODE); + if (fd < 0) { + SYSERROR("Failed to open file %s for export", file); +- fprintf(stderr, "Failed to open file %s for export: %s\n", file, strerror(errno)); ++ fprintf(stderr, "Failed to open file %s for export\n", file); + ret = -1; + goto child_out; + } +-- +2.40.1 + diff --git a/0011-remove-usage-of-strerror-with-user-defined-errno.patch b/0011-remove-usage-of-strerror-with-user-defined-errno.patch new file mode 100644 index 0000000..c21de08 --- /dev/null +++ b/0011-remove-usage-of-strerror-with-user-defined-errno.patch @@ -0,0 +1,891 @@ +From 16a4b6f334e4e81615a71cf7930158fb1bee5a12 Mon Sep 17 00:00:00 2001 +From: haozi007 <liuhao27@huawei.com> +Date: Wed, 6 Sep 2023 15:05:29 +0800 +Subject: [PATCH 11/33] remove usage of strerror with user defined errno + +Signed-off-by: haozi007 <liuhao27@huawei.com> +--- + src/cmd/command_parser.c | 12 ++++++---- + src/cmd/isula/base/create.c | 3 ++- + src/cmd/isula/isula_host_spec.c | 9 ++++--- + src/cmd/isulad/main.c | 8 ++++--- + src/cmd/options/opt_ulimit.c | 6 +++-- + src/daemon/entry/cri/cni_network_plugin.cc | 9 ++++--- + src/daemon/entry/cri/sysctl_tools.c | 14 +++++++---- + .../v1/v1_cri_container_manager_service.cc | 4 ++-- + .../v1/v1_cri_pod_sandbox_manager_service.cc | 3 ++- + src/daemon/executor/network_cb/network_cb.c | 6 +++-- + src/daemon/modules/image/oci/oci_image.c | 6 +++-- + .../oci/storage/image_store/image_store.c | 6 +++-- + .../graphdriver/devmapper/deviceset.c | 19 +++++++++------ + .../storage/layer_store/graphdriver/driver.c | 9 ++++--- + .../graphdriver/overlay2/driver_overlay2.c | 17 ++++++++----- + .../oci/storage/layer_store/layer_store.c | 6 +++-- + .../remote_layer_support/remote_support.c | 6 +++-- + .../oci/storage/rootfs_store/rootfs_store.c | 6 +++-- + .../modules/image/oci/storage/storage.c | 6 +++-- + .../cni_operator/libcni/invoke/libcni_errno.c | 8 ------- + .../cni_operator/libcni/invoke/libcni_errno.h | 2 -- + .../cni_operator/libcni/libcni_cached.c | 3 ++- + .../modules/network/native/adaptor_native.c | 17 ++++++++----- + src/daemon/modules/plugin/plugin.c | 24 ++++++++++++------- + src/daemon/modules/service/service_network.c | 6 ++--- + src/daemon/sandbox/sandbox.cc | 8 ++++--- + src/utils/cutils/network_namespace.c | 3 ++- + src/utils/cutils/utils_file.c | 4 +++- + 28 files changed, 144 insertions(+), 86 deletions(-) + +diff --git a/src/cmd/command_parser.c b/src/cmd/command_parser.c +index ac353b40..1ad1d92b 100644 +--- a/src/cmd/command_parser.c ++++ b/src/cmd/command_parser.c +@@ -546,7 +546,8 @@ int command_convert_u16(command_option_t *option, const char *arg) + } + ret = util_safe_u16(arg, option->data); + if (ret != 0) { +- COMMAND_ERROR("Invalid value \"%s\" for flag --%s: %s", arg, option->large, strerror(-ret)); ++ errno = -ret; ++ CMD_SYSERROR("Invalid value \"%s\" for flag --%s", arg, option->large); + return EINVALIDARGS; + } + return 0; +@@ -561,7 +562,8 @@ int command_convert_llong(command_option_t *opt, const char *arg) + } + ret = util_safe_llong(arg, opt->data); + if (ret != 0) { +- COMMAND_ERROR("Invalid value \"%s\" for flag --%s: %s", arg, opt->large, strerror(-ret)); ++ errno = -ret; ++ CMD_SYSERROR("Invalid value \"%s\" for flag --%s", arg, opt->large); + return EINVALIDARGS; + } + return 0; +@@ -575,7 +577,8 @@ int command_convert_uint(command_option_t *opt, const char *arg) + } + ret = util_safe_uint(arg, opt->data); + if (ret != 0) { +- COMMAND_ERROR("Invalid value \"%s\" for flag --%s: %s", arg, opt->large, strerror(-ret)); ++ errno = -ret; ++ CMD_SYSERROR("Invalid value \"%s\" for flag --%s", arg, opt->large); + return EINVALIDARGS; + } + return 0; +@@ -590,7 +593,8 @@ int command_convert_int(command_option_t *option, const char *arg) + } + ret = util_safe_int(arg, option->data); + if (ret != 0) { +- COMMAND_ERROR("Invalid value \"%s\" for flag --%s: %s", arg, option->large, strerror(-ret)); ++ errno = -ret; ++ CMD_SYSERROR("Invalid value \"%s\" for flag --%s", arg, option->large); + return EINVALIDARGS; + } + return 0; +diff --git a/src/cmd/isula/base/create.c b/src/cmd/isula/base/create.c +index aa90c5d6..cd0d4abd 100644 +--- a/src/cmd/isula/base/create.c ++++ b/src/cmd/isula/base/create.c +@@ -2032,7 +2032,8 @@ static int create_check_hugetlbs(const struct client_arguments *args) + } + ret = util_parse_byte_size_string(limit, &limitvalue); + if (ret != 0) { +- COMMAND_ERROR("Invalid hugetlb limit:%s:%s", limit, strerror(-ret)); ++ errno = -ret; ++ CMD_SYSERROR("Invalid hugetlb limit:%s", limit); + free(dup); + ret = -1; + goto out; +diff --git a/src/cmd/isula/isula_host_spec.c b/src/cmd/isula/isula_host_spec.c +index 9fa08bd2..6f39588d 100644 +--- a/src/cmd/isula/isula_host_spec.c ++++ b/src/cmd/isula/isula_host_spec.c +@@ -66,7 +66,8 @@ static bool parse_restart_policy(const char *policy, host_config_restart_policy + } + nret = util_safe_int(dotpos, &(*rp)->maximum_retry_count); + if (nret != 0) { +- COMMAND_ERROR("Maximum retry count must be an integer: %s", strerror(-nret)); ++ errno = -nret; ++ CMD_SYSERROR("Maximum retry count must be an integer"); + goto cleanup; + } + } +@@ -724,7 +725,8 @@ static host_config_hugetlbs_element *pase_hugetlb_limit(const char *input) + + ret = util_parse_byte_size_string(limit_value, &tconverted); + if (ret != 0 || tconverted < 0) { +- COMMAND_ERROR("Parse limit value: %s failed:%s", limit_value, strerror(-ret)); ++ errno = -ret; ++ CMD_SYSERROR("Parse limit value: %s failed", limit_value); + goto free_out; + } + limit = (uint64_t)tconverted; +@@ -733,7 +735,8 @@ static host_config_hugetlbs_element *pase_hugetlb_limit(const char *input) + tconverted = 0; + ret = util_parse_byte_size_string(pagesize, &tconverted); + if (ret != 0 || tconverted < 0) { +- COMMAND_ERROR("Parse pagesize error.Invalid hugepage size: %s: %s", pagesize, strerror(-ret)); ++ errno = -ret; ++ CMD_SYSERROR("Parse pagesize error.Invalid hugepage size: %s", pagesize); + goto free_out; + } + page = (uint64_t)tconverted; +diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c +index 39cde6aa..8369f9e2 100644 +--- a/src/cmd/isulad/main.c ++++ b/src/cmd/isulad/main.c +@@ -632,8 +632,9 @@ static int parse_time_duration(const char *value, unsigned int *seconds) + *(num_str + len - 1) = '\0'; + ret = util_safe_uint(num_str, &tmp); + if (ret < 0) { +- ERROR("Illegal unsigned integer: %s", num_str); +- COMMAND_ERROR("Illegal unsigned integer:%s:%s", num_str, strerror(-ret)); ++ errno = -ret; ++ SYSERROR("Illegal unsigned integer: %s", num_str); ++ COMMAND_ERROR("Illegal unsigned integer:%s", num_str); + ret = -1; + goto out; + } +@@ -1407,7 +1408,8 @@ static int create_mount_flock_file(const struct service_arguments *args) + // recreate mount flock file + // and make file uid/gid and permission correct + if (!util_force_remove_file(cleanpath, &err)) { +- ERROR("Failed to delete %s, error: %s. Please delete %s manually.", path, strerror(err), path); ++ errno = err; ++ SYSERROR("Failed to delete %s. Please delete %s manually.", path, path); + return -1; + } + } +diff --git a/src/cmd/options/opt_ulimit.c b/src/cmd/options/opt_ulimit.c +index 55912a16..6853c0d9 100644 +--- a/src/cmd/options/opt_ulimit.c ++++ b/src/cmd/options/opt_ulimit.c +@@ -63,7 +63,8 @@ static int parse_soft_hard_ulimit(const char *val, char **limitvals, size_t limi + // parse soft + ret = util_safe_llong(limitvals[0], &converted); + if (ret < 0) { +- COMMAND_ERROR("Invalid ulimit soft value: \"%s\", parse int64 failed: %s", val, strerror(-ret)); ++ errno = -ret; ++ CMD_SYSERROR("Invalid ulimit soft value: \"%s\", parse int64 failed", val); + ret = -1; + goto out; + } +@@ -74,7 +75,8 @@ static int parse_soft_hard_ulimit(const char *val, char **limitvals, size_t limi + converted = 0; + ret = util_safe_llong(limitvals[1], &converted); + if (ret < 0) { +- COMMAND_ERROR("Invalid ulimit hard value: \"%s\", parse int64 failed: %s", val, strerror(-ret)); ++ errno = -ret; ++ CMD_SYSERROR("Invalid ulimit hard value: \"%s\", parse int64 failed", val); + ret = -1; + goto out; + } +diff --git a/src/daemon/entry/cri/cni_network_plugin.cc b/src/daemon/entry/cri/cni_network_plugin.cc +index 1c7fea2e..c186d185 100644 +--- a/src/daemon/entry/cri/cni_network_plugin.cc ++++ b/src/daemon/entry/cri/cni_network_plugin.cc +@@ -796,7 +796,8 @@ void CniNetworkPlugin::RLockNetworkMap(Errors &error) + int ret = pthread_rwlock_rdlock(&m_netsLock); + if (ret != 0) { + error.Errorf("Failed to get read lock"); +- ERROR("Get read lock failed: %s", strerror(ret)); ++ errno = ret; ++ SYSERROR("Get read lock failed"); + } + } + +@@ -805,7 +806,8 @@ void CniNetworkPlugin::WLockNetworkMap(Errors &error) + int ret = pthread_rwlock_wrlock(&m_netsLock); + if (ret != 0) { + error.Errorf("Failed to get write lock"); +- ERROR("Get write lock failed: %s", strerror(ret)); ++ errno = ret; ++ SYSERROR("Get write lock failed"); + } + } + +@@ -814,7 +816,8 @@ void CniNetworkPlugin::UnlockNetworkMap(Errors &error) + int ret = pthread_rwlock_unlock(&m_netsLock); + if (ret != 0) { + error.Errorf("Failed to unlock"); +- ERROR("Unlock failed: %s", strerror(ret)); ++ errno = ret; ++ SYSERROR("Unlock failed"); + } + } + +diff --git a/src/daemon/entry/cri/sysctl_tools.c b/src/daemon/entry/cri/sysctl_tools.c +index 847c36e9..ac4fb226 100644 +--- a/src/daemon/entry/cri/sysctl_tools.c ++++ b/src/daemon/entry/cri/sysctl_tools.c +@@ -22,6 +22,8 @@ + #include <unistd.h> + #include <limits.h> + ++#include <isula_libutils/log.h> ++ + #include "utils.h" + + int get_sysctl(const char *sysctl, char **err) +@@ -41,14 +43,16 @@ int get_sysctl(const char *sysctl, char **err) + ret = -1; + fd = util_open(fullpath, O_RDONLY, 0); + if (fd < 0) { +- if (asprintf(err, "Open %s failed: %s", sysctl, strerror(errno)) < 0) { ++ SYSWARN("Open %s failed", sysctl); ++ if (asprintf(err, "Open %s failed", sysctl) < 0) { + *err = util_strdup_s("Out of memory"); + } + goto free_out; + } + rsize = util_read_nointr(fd, buff, sizeof(buff) - 1); + if (rsize <= 0) { +- if (asprintf(err, "Read file failed: %s", strerror(errno)) < 0) { ++ SYSWARN("Read file: %s failed", sysctl); ++ if (asprintf(err, "Read file: %s failed", sysctl) < 0) { + *err = util_strdup_s("Out of memory"); + } + goto free_out; +@@ -93,14 +97,16 @@ int set_sysctl(const char *sysctl, int new_value, char **err) + ret = -1; + fd = util_open(fullpath, O_WRONLY, 0); + if (fd < 0) { +- if (asprintf(err, "Open %s failed: %s", sysctl, strerror(errno)) < 0) { ++ SYSWARN("Open %s failed", sysctl); ++ if (asprintf(err, "Open %s failed", sysctl) < 0) { + *err = util_strdup_s("Out of memory"); + } + goto free_out; + } + rsize = util_write_nointr(fd, buff, strlen(buff)); + if (rsize < 0 || (size_t)rsize != strlen(buff)) { +- if (asprintf(err, "Write new value failed: %s", strerror(errno)) < 0) { ++ SYSWARN("Write new value to %s failed", sysctl); ++ if (asprintf(err, "Write new value to %s failed", sysctl) < 0) { + *err = util_strdup_s("Out of memory"); + } + goto free_out; +diff --git a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc +index ecb7ffbd..daba21e4 100644 +--- a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc ++++ b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc +@@ -497,8 +497,8 @@ void ContainerManagerService::CreateContainerLogSymlink(const std::string &conta + WARN("Deleted previously existing symlink file: %s", path); + } + if (symlink(realPath, path) != 0) { +- error.Errorf("failed to create symbolic link %s to the container log file %s for container %s: %s", path, +- realPath, containerID.c_str(), strerror(errno)); ++ SYSERROR("failed to create symbolic link %s to the container log file %s for container %s", path, realPath, containerID.c_str()); ++ error.Errorf("failed to create symbolic link %s to the container log file %s for container %s", path, realPath, containerID.c_str()); + goto cleanup; + } + } else { +diff --git a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc +index d57338c8..41a02c54 100644 +--- a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc ++++ b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc +@@ -429,7 +429,8 @@ void PodSandboxManagerService::ClearCniNetwork(const std::shared_ptr<sandbox::Sa + + // umount netns when cni removed network successfully + if (remove_network_namespace(sandboxKey.c_str()) != 0) { +- error.Errorf("Failed to umount directory %s:%s", sandboxKey.c_str(), strerror(errno)); ++ SYSERROR("Failed to umount directory %s", sandboxKey.c_str()); ++ error.Errorf("Failed to umount directory %s", sandboxKey.c_str()); + } + } + +diff --git a/src/daemon/executor/network_cb/network_cb.c b/src/daemon/executor/network_cb/network_cb.c +index e4f9ce3f..d0f361d0 100644 +--- a/src/daemon/executor/network_cb/network_cb.c ++++ b/src/daemon/executor/network_cb/network_cb.c +@@ -43,7 +43,8 @@ static inline bool network_conflist_lock(enum lock_type type) + nret = pthread_rwlock_wrlock(&g_network_rwlock); + } + if (nret != 0) { +- ERROR("Lock network list failed: %s", strerror(nret)); ++ errno = nret; ++ SYSERROR("Lock network list failed"); + return false; + } + +@@ -56,7 +57,8 @@ static inline void network_conflist_unlock() + + nret = pthread_rwlock_unlock(&g_network_rwlock); + if (nret != 0) { +- FATAL("Unlock network list failed: %s", strerror(nret)); ++ errno = nret; ++ SYSERROR("Unlock network list failed"); + } + } + +diff --git a/src/daemon/modules/image/oci/oci_image.c b/src/daemon/modules/image/oci/oci_image.c +index 40e9a88f..4a48016b 100644 +--- a/src/daemon/modules/image/oci/oci_image.c ++++ b/src/daemon/modules/image/oci/oci_image.c +@@ -59,7 +59,8 @@ static inline bool oci_remote_lock(pthread_rwlock_t *remote_lock, bool writable) + nret = pthread_rwlock_rdlock(remote_lock); + } + if (nret != 0) { +- ERROR("Lock memory store failed: %s", strerror(nret)); ++ errno = nret; ++ SYSERROR("Lock memory store failed"); + return false; + } + +@@ -72,7 +73,8 @@ static inline void oci_remote_unlock(pthread_rwlock_t *remote_lock) + + nret = pthread_rwlock_unlock(remote_lock); + if (nret != 0) { +- FATAL("Unlock memory store failed: %s", strerror(nret)); ++ errno = nret; ++ SYSERROR("Unlock memory store failed"); + } + } + #endif +diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c +index e9adab1a..55e3bb97 100644 +--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c ++++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c +@@ -94,7 +94,8 @@ static inline bool image_store_lock(enum lock_type type) + nret = pthread_rwlock_wrlock(&g_image_store->rwlock); + } + if (nret != 0) { +- ERROR("Lock memory store failed: %s", strerror(nret)); ++ errno = nret; ++ SYSERROR("Lock memory store failed"); + return false; + } + +@@ -107,7 +108,8 @@ static inline void image_store_unlock() + + nret = pthread_rwlock_unlock(&g_image_store->rwlock); + if (nret != 0) { +- FATAL("Unlock memory store failed: %s", strerror(nret)); ++ errno = nret; ++ SYSERROR("Unlock memory store failed"); + } + } + +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c +index 81e53ea7..4f19c26d 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c +@@ -107,8 +107,9 @@ static int handle_dm_min_free_space(char *val, struct device_set *devset) + int ret = util_parse_percent_string(val, &converted); + + if (ret != 0 || converted >= 100) { +- ERROR("Invalid min free space: '%s': %s", val, strerror(-ret)); +- isulad_set_error_message("Invalid min free space: '%s': %s", val, strerror(-ret)); ++ errno = -ret; ++ SYSERROR("Invalid min free space: '%s'", val); ++ isulad_set_error_message("Invalid min free space: '%s'", val); + return -1; + } + devset->min_free_space_percent = (uint32_t)converted; +@@ -122,8 +123,9 @@ static int handle_dm_basesize(char *val, struct device_set *devset) + int ret = util_parse_byte_size_string(val, &converted); + + if (ret != 0) { +- ERROR("Invalid size: '%s': %s", val, strerror(-ret)); +- isulad_set_error_message("Invalid size: '%s': %s", val, strerror(-ret)); ++ errno = -ret; ++ SYSERROR("Invalid size: '%s'", val); ++ isulad_set_error_message("Invalid size: '%s'", val); + return -1; + } + if (converted <= 0) { +@@ -2722,7 +2724,8 @@ static int determine_driver_capabilities(const char *version, struct device_set + + ret = util_parse_byte_size_string(tmp_str[0], &major); + if (ret != 0) { +- ERROR("devmapper: invalid size: '%s': %s", tmp_str[0], strerror(-ret)); ++ errno = -ret; ++ SYSERROR("devmapper: invalid size: '%s'", tmp_str[0]); + ret = -1; + goto out; + } +@@ -2742,7 +2745,8 @@ static int determine_driver_capabilities(const char *version, struct device_set + + ret = util_parse_byte_size_string(tmp_str[1], &minor); + if (ret != 0) { +- ERROR("devmapper: invalid size: '%s': %s", tmp_str[1], strerror(-ret)); ++ errno = -ret; ++ SYSERROR("devmapper: invalid size: '%s'", tmp_str[1]); + ret = -1; + goto out; + } +@@ -2915,7 +2919,8 @@ static int parse_storage_opt(const json_map_string_string *opts, uint64_t *size) + + ret = util_parse_byte_size_string(opts->values[i], &converted); + if (ret != 0) { +- ERROR("Invalid size: '%s': %s", opts->values[i], strerror(-ret)); ++ errno = -ret; ++ SYSERROR("Invalid size: '%s'", opts->values[i]); + ret = -1; + goto out; + } +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c +index b83c63b1..b1790af1 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c +@@ -86,7 +86,8 @@ static inline bool driver_rd_lock() + + nret = pthread_rwlock_rdlock(&g_graphdriver->rwlock); + if (nret != 0) { +- ERROR("Lock driver memory store failed: %s", strerror(nret)); ++ errno = nret; ++ SYSERROR("Lock driver memory store failed"); + return false; + } + +@@ -99,7 +100,8 @@ static inline bool driver_wr_lock() + + nret = pthread_rwlock_wrlock(&g_graphdriver->rwlock); + if (nret != 0) { +- ERROR("Lock driver memory store failed: %s", strerror(nret)); ++ errno = nret; ++ SYSERROR("Lock driver memory store failed"); + return false; + } + +@@ -112,7 +114,8 @@ static inline void driver_unlock() + + nret = pthread_rwlock_unlock(&g_graphdriver->rwlock); + if (nret != 0) { +- FATAL("Unlock driver memory store failed: %s", strerror(nret)); ++ errno = nret; ++ SYSERROR("Unlock driver memory store failed"); + } + } + +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c +index b177f594..3b27076c 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c +@@ -134,7 +134,8 @@ static int overlay2_parse_options(struct graphdriver *driver, const char **optio + int64_t converted = 0; + ret = util_parse_byte_size_string(val, &converted); + if (ret != 0) { +- ERROR("Invalid size: '%s': %s", val, strerror(-ret)); ++ errno = -ret; ++ SYSERROR("Invalid size: '%s'", val); + ret = -1; + goto out; + } +@@ -143,7 +144,8 @@ static int overlay2_parse_options(struct graphdriver *driver, const char **optio + int64_t converted = 0; + ret = util_parse_byte_size_string(val, &converted); + if (ret != 0) { +- ERROR("Invalid size: '%s': %s", val, strerror(-ret)); ++ errno = -ret; ++ SYSERROR("Invalid size: '%s'", val); + ret = -1; + goto out; + } +@@ -152,7 +154,8 @@ static int overlay2_parse_options(struct graphdriver *driver, const char **optio + bool converted_bool = 0; + ret = util_str_to_bool(val, &converted_bool); + if (ret != 0) { +- ERROR("Invalid bool: '%s': %s", val, strerror(-ret)); ++ errno = -ret; ++ SYSERROR("Invalid bool: '%s'", val); + ret = -1; + goto out; + } +@@ -161,7 +164,8 @@ static int overlay2_parse_options(struct graphdriver *driver, const char **optio + bool converted_bool = 0; + ret = util_str_to_bool(val, &converted_bool); + if (ret != 0) { +- ERROR("Invalid bool: '%s': %s", val, strerror(-ret)); ++ errno = -ret; ++ SYSERROR("Invalid bool: '%s'", val); + ret = -1; + goto out; + } +@@ -830,8 +834,9 @@ static int set_layer_quota(const char *dir, const json_map_string_string *opts, + int64_t converted = 0; + ret = util_parse_byte_size_string(opts->values[i], &converted); + if (ret != 0) { +- ERROR("Invalid size: '%s': %s", opts->values[i], strerror(-ret)); +- isulad_set_error_message("Invalid quota size: '%s': %s", opts->values[i], strerror(-ret)); ++ errno = -ret; ++ SYSERROR("Invalid size: '%s'", opts->values[i]); ++ isulad_set_error_message("Invalid quota size: '%s'", opts->values[i]); + ret = -1; + goto out; + } +diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c +index ddf3a62c..8d8384b8 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c +@@ -98,7 +98,8 @@ static inline bool layer_store_lock(bool writable) + nret = pthread_rwlock_rdlock(&g_metadata.rwlock); + } + if (nret != 0) { +- ERROR("Lock memory store failed: %s", strerror(nret)); ++ errno = nret; ++ SYSERROR("Lock memory store failed"); + return false; + } + +@@ -111,7 +112,8 @@ static inline void layer_store_unlock() + + nret = pthread_rwlock_unlock(&g_metadata.rwlock); + if (nret != 0) { +- FATAL("Unlock memory store failed: %s", strerror(nret)); ++ errno = nret; ++ SYSERROR("Unlock memory store failed"); + } + } + +diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c +index 400678c4..1bac8dd5 100644 +--- a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c ++++ b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c +@@ -39,7 +39,8 @@ static inline bool remote_refresh_lock(pthread_rwlock_t *remote_lock, bool writa + nret = pthread_rwlock_rdlock(remote_lock); + } + if (nret != 0) { +- ERROR("Lock memory store failed: %s", strerror(nret)); ++ errno = nret; ++ SYSERROR("Lock memory store failed"); + return false; + } + +@@ -52,7 +53,8 @@ static inline void remote_refresh_unlock(pthread_rwlock_t *remote_lock) + + nret = pthread_rwlock_unlock(remote_lock); + if (nret != 0) { +- FATAL("Unlock memory store failed: %s", strerror(nret)); ++ errno = nret; ++ SYSERROR("Unlock memory store failed"); + } + } + +diff --git a/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.c b/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.c +index 1c5d2d84..ee1e15d0 100644 +--- a/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.c ++++ b/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.c +@@ -69,7 +69,8 @@ static inline bool rootfs_store_lock(enum lock_type type) + } + + if (nret != 0) { +- ERROR("Lock memory store failed: %s", strerror(nret)); ++ errno = nret; ++ SYSERROR("Lock memory store failed"); + return false; + } + +@@ -82,7 +83,8 @@ static inline void rootfs_store_unlock() + + nret = pthread_rwlock_unlock(&g_rootfs_store->rwlock); + if (nret != 0) { +- FATAL("Unlock memory store failed: %s", strerror(nret)); ++ errno = nret; ++ SYSERROR("Unlock memory store failed"); + } + } + +diff --git a/src/daemon/modules/image/oci/storage/storage.c b/src/daemon/modules/image/oci/storage/storage.c +index d5e79207..aa442ecf 100644 +--- a/src/daemon/modules/image/oci/storage/storage.c ++++ b/src/daemon/modules/image/oci/storage/storage.c +@@ -61,7 +61,8 @@ static inline bool storage_lock(pthread_rwlock_t *store_lock, bool writable) + nret = pthread_rwlock_rdlock(store_lock); + } + if (nret != 0) { +- ERROR("Lock memory store failed: %s", strerror(nret)); ++ errno = nret; ++ SYSERROR("Lock memory store failed"); + return false; + } + +@@ -74,7 +75,8 @@ static inline void storage_unlock(pthread_rwlock_t *store_lock) + + nret = pthread_rwlock_unlock(store_lock); + if (nret != 0) { +- FATAL("Unlock memory store failed: %s", strerror(nret)); ++ errno = nret; ++ SYSERROR("Unlock memory store failed"); + } + } + +diff --git a/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_errno.c b/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_errno.c +index efdcfbc7..977f9fbb 100644 +--- a/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_errno.c ++++ b/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_errno.c +@@ -30,14 +30,6 @@ const char * const g_INVOKE_ERR_MSGS[] = { + "Success" + }; + +-const char *get_invoke_err_msg(int errcode) +-{ +- if (errcode > (int)INK_ERR_MIN && errcode <= (int)INK_ERR_SUCCESS) { +- return g_INVOKE_ERR_MSGS[errcode - (int)INK_ERR_MIN]; +- } +- return strerror(errcode); +-} +- + const char * const g_CNI_WELL_KNOWN_ERR_MSGS[] = { + /* 0 */ + "Success", +diff --git a/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_errno.h b/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_errno.h +index 9f63e5f5..236bc6ef 100644 +--- a/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_errno.h ++++ b/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_errno.h +@@ -43,8 +43,6 @@ enum CNI_CUSTOM_ERROR { + CUSTOM_ERR_MAX, // max flag + }; + +-const char *get_invoke_err_msg(int errcode); +- + enum CNI_WELL_KNOW_ERROR { + CNI_ERR_UNKNOW = 0, + CNI_ERR_INCOMPATIBLE_CNI_VERSION, +diff --git a/src/daemon/modules/network/cni_operator/libcni/libcni_cached.c b/src/daemon/modules/network/cni_operator/libcni/libcni_cached.c +index 63ee6e10..17de527e 100644 +--- a/src/daemon/modules/network/cni_operator/libcni/libcni_cached.c ++++ b/src/daemon/modules/network/cni_operator/libcni/libcni_cached.c +@@ -276,7 +276,8 @@ int cni_cache_delete(const char *cache_dir, const char *net_name, const struct r + } + + if (!util_force_remove_file(file_path, &get_err)) { +- ERROR("Failed to delete %s, error: %s", file_path, strerror(get_err)); ++ errno = get_err; ++ SYSERROR("Failed to delete %s.", file_path); + } + + free(file_path); +diff --git a/src/daemon/modules/network/native/adaptor_native.c b/src/daemon/modules/network/native/adaptor_native.c +index 8bc386d1..8d403442 100644 +--- a/src/daemon/modules/network/native/adaptor_native.c ++++ b/src/daemon/modules/network/native/adaptor_native.c +@@ -86,7 +86,8 @@ static inline bool native_store_lock(enum lock_type type) + nret = pthread_rwlock_wrlock(&g_store.rwlock); + } + if (nret != 0) { +- ERROR("Lock network list failed: %s", strerror(nret)); ++ errno = nret; ++ SYSERROR("Lock network list failed"); + return false; + } + +@@ -99,7 +100,8 @@ static inline void native_store_unlock() + + nret = pthread_rwlock_unlock(&g_store.rwlock); + if (nret != 0) { +- FATAL("Unlock network list failed: %s", strerror(nret)); ++ errno = nret; ++ SYSERROR("Unlock network list failed"); + } + } + +@@ -113,7 +115,8 @@ static inline void native_network_lock(enum lock_type type, native_network *netw + nret = pthread_rwlock_wrlock(&network->rwlock); + } + if (nret != 0) { +- ERROR("Lock network list failed: %s", strerror(nret)); ++ errno = nret; ++ SYSERROR("Lock network list failed"); + } + } + +@@ -123,7 +126,8 @@ static inline void native_network_unlock(native_network *network) + + nret = pthread_rwlock_unlock(&network->rwlock); + if (nret != 0) { +- FATAL("Unlock network list failed: %s", strerror(nret)); ++ errno = nret; ++ SYSERROR("Unlock network list failed"); + } + } + +@@ -1944,8 +1948,9 @@ int native_config_remove(const char *name, char **res_name) + WARN("Failed to get %s file path", network->conflist->list->name); + isulad_append_error_message("Failed to get %s file path. ", network->conflist->list->name); + } else if (!util_force_remove_file(path, &get_err)) { +- WARN("Failed to delete %s, error: %s", path, strerror(get_err)); +- isulad_append_error_message("Failed to delete %s, error: %s. ", path, strerror(get_err)); ++ errno = get_err; ++ SYSWARN("Failed to delete %s.", path); ++ isulad_append_error_message("Failed to delete %s.", path); + } + + if (!map_remove(g_store.name_to_network, (void *)network->conflist->list->name)) { +diff --git a/src/daemon/modules/plugin/plugin.c b/src/daemon/modules/plugin/plugin.c +index b4d78dc9..c42cfd21 100644 +--- a/src/daemon/modules/plugin/plugin.c ++++ b/src/daemon/modules/plugin/plugin.c +@@ -409,7 +409,8 @@ static void pm_rdlock(void) + + errcode = pthread_rwlock_rdlock(&g_plugin_manager->pm_rwlock); + if (errcode != 0) { +- ERROR("Read lock failed: %s", strerror(errcode)); ++ errno = errcode; ++ SYSERROR("Read lock failed"); + } + } + +@@ -419,7 +420,8 @@ static void pm_wrlock(void) + + errcode = pthread_rwlock_wrlock(&g_plugin_manager->pm_rwlock); + if (errcode != 0) { +- ERROR("Write lock failed: %s", strerror(errcode)); ++ errno = errcode; ++ SYSERROR("Write lock failed"); + } + } + +@@ -429,7 +431,8 @@ static void pm_unlock(void) + + errcode = pthread_rwlock_unlock(&g_plugin_manager->pm_rwlock); + if (errcode != 0) { +- ERROR("Unlock failed: %s", strerror(errcode)); ++ errno = errcode; ++ SYSERROR("Unlock failed"); + } + } + +@@ -659,7 +662,8 @@ static void *plugin_manager_routine(void *arg) + + errcode = pthread_detach(pthread_self()); + if (errcode != 0) { +- ERROR("Detach thread failed: %s", strerror(errcode)); ++ errno = errcode; ++ SYSERROR("Detach thread failed"); + return NULL; + } + if (pm_init() < 0) { +@@ -716,7 +720,8 @@ static void plugin_rdlock(plugin_t *plugin) + + errcode = pthread_rwlock_rdlock(&plugin->lock); + if (errcode != 0) { +- ERROR("Plugin read lock failed: %s", strerror(errcode)); ++ errno = errcode; ++ SYSERROR("Plugin read lock failed"); + } + } + +@@ -726,7 +731,8 @@ static void plugin_wrlock(plugin_t *plugin) + + errcode = pthread_rwlock_wrlock(&plugin->lock); + if (errcode != 0) { +- ERROR("Plugin write lock failed: %s", strerror(errcode)); ++ errno = errcode; ++ SYSERROR("Plugin write lock failed"); + } + } + +@@ -736,7 +742,8 @@ static void plugin_unlock(plugin_t *plugin) + + errcode = pthread_rwlock_unlock(&plugin->lock); + if (errcode != 0) { +- ERROR("Plugin unlock failed: %s", strerror(errcode)); ++ errno = errcode; ++ SYSERROR("Plugin unlock failed"); + } + } + +@@ -758,7 +765,8 @@ plugin_t *plugin_new(const char *name, const char *addr) + + errcode = pthread_rwlock_init(&plugin->lock, NULL); + if (errcode != 0) { +- ERROR("Plugin init lock failed: %s", strerror(errcode)); ++ errno = errcode; ++ SYSERROR("Plugin init lock failed"); + goto bad; + } + plugin->name = util_strdup_s(name); +diff --git a/src/daemon/modules/service/service_network.c b/src/daemon/modules/service/service_network.c +index 5502bcbd..6754cf1a 100644 +--- a/src/daemon/modules/service/service_network.c ++++ b/src/daemon/modules/service/service_network.c +@@ -962,7 +962,7 @@ static int do_update_internal_file(const char *id, const char *file_path, + ret = 0; + } else { + SYSERROR("Failed to write file %s", file_path); +- isulad_set_error_message("Failed to write file %s: %s", file_path, strerror(errno)); ++ isulad_set_error_message("Failed to write file %s", file_path); + ret = -1; + } + +@@ -1180,7 +1180,7 @@ static int do_drop_internal_file(const char *id, const char *file_path, const de + goto out; + } else { + SYSERROR("Failed to open %s", file_path); +- isulad_set_error_message("Failed to open %s: %s", file_path, strerror(errno)); ++ isulad_set_error_message("Failed to open %s", file_path); + ret = -1; + goto out; + } +@@ -1213,7 +1213,7 @@ static int do_drop_internal_file(const char *id, const char *file_path, const de + ret = util_write_file(file_path, str, strlen(str), NETWORK_MOUNT_FILE_MODE); + if (ret != 0) { + SYSERROR("Failed to write file %s", file_path); +- isulad_set_error_message("Failed to write file %s: %s", file_path, strerror(errno)); ++ isulad_set_error_message("Failed to write file %s", file_path); + goto out; + } + +diff --git a/src/daemon/sandbox/sandbox.cc b/src/daemon/sandbox/sandbox.cc +index d3fc7eea..1723e95e 100644 +--- a/src/daemon/sandbox/sandbox.cc ++++ b/src/daemon/sandbox/sandbox.cc +@@ -817,7 +817,8 @@ auto Sandbox::SaveState(Errors &error) -> bool + + nret = util_atomic_write_file(path.c_str(), stateJson.c_str(), stateJson.length(), CONFIG_FILE_MODE, false); + if (nret != 0) { +- error.Errorf("Failed to write file %s: %s", path.c_str(), strerror(errno)); ++ SYSERROR("Failed to write file %s"); ++ error.Errorf("Failed to write file %s", path.c_str()); + return false; + } + +@@ -834,7 +835,7 @@ auto Sandbox::SaveNetworkSetting(Errors &error) -> bool + false); + if (nret != 0) { + SYSERROR("Failed to write file %s", path.c_str()); +- error.Errorf("Failed to write file %s: %s", path.c_str(), strerror(errno)); ++ error.Errorf("Failed to write file %s", path.c_str()); + return false; + } + +@@ -877,7 +878,8 @@ auto Sandbox::SaveMetadata(Errors &error) -> bool + + nret = util_atomic_write_file(path.c_str(), metadataJson.c_str(), metadataJson.length(), CONFIG_FILE_MODE, false); + if (nret != 0) { +- error.Errorf("Failed to write file %s: %s", path.c_str(), strerror(errno)); ++ SYSERROR("Failed to write file %s", path.c_str()); ++ error.Errorf("Failed to write file %s", path.c_str()); + return false; + } + return true; +diff --git a/src/utils/cutils/network_namespace.c b/src/utils/cutils/network_namespace.c +index 0e225d9b..c9838104 100644 +--- a/src/utils/cutils/network_namespace.c ++++ b/src/utils/cutils/network_namespace.c +@@ -231,7 +231,8 @@ int remove_network_namespace_file(const char *netns_path) + } + + if (!util_force_remove_file(netns_path, &get_err)) { +- ERROR("Failed to remove file %s, error: %s", netns_path, strerror(get_err)); ++ errno = get_err; ++ SYSERROR("Failed to remove file %s", netns_path); + return -1; + } + +diff --git a/src/utils/cutils/utils_file.c b/src/utils/cutils/utils_file.c +index bc22ee95..1a148b0b 100644 +--- a/src/utils/cutils/utils_file.c ++++ b/src/utils/cutils/utils_file.c +@@ -1061,7 +1061,9 @@ char *look_path(const char *file, char **err) + if (en == 0) { + return util_strdup_s(file); + } +- if (asprintf(err, "find exec %s : %s", file, strerror(en)) < 0) { ++ errno = en; ++ SYSERROR("find exec %s failed", file); ++ if (asprintf(err, "find exec %s failed", file) < 0) { + *err = util_strdup_s("Out of memory"); + } + return NULL; +-- +2.40.1 + diff --git a/0012-use-gmtime_r-to-replace-gmtime.patch b/0012-use-gmtime_r-to-replace-gmtime.patch new file mode 100644 index 0000000..fa81e9d --- /dev/null +++ b/0012-use-gmtime_r-to-replace-gmtime.patch @@ -0,0 +1,71 @@ +From ec04faff6fba052b5bb4ed0b090ae441f888ce5c Mon Sep 17 00:00:00 2001 +From: haozi007 <liuhao27@huawei.com> +Date: Wed, 6 Sep 2023 16:31:19 +0800 +Subject: [PATCH 12/33] use gmtime_r to replace gmtime + +Signed-off-by: haozi007 <liuhao27@huawei.com> +--- + src/utils/cutils/utils_timestamp.c | 14 ++++++-------- + 1 file changed, 6 insertions(+), 8 deletions(-) + +diff --git a/src/utils/cutils/utils_timestamp.c b/src/utils/cutils/utils_timestamp.c +index fee66ea8..8ae9e42a 100644 +--- a/src/utils/cutils/utils_timestamp.c ++++ b/src/utils/cutils/utils_timestamp.c +@@ -652,9 +652,9 @@ int64_t util_time_seconds_since(const char *in) + int32_t nanos = 0; + int64_t result = 0; + struct tm tm = { 0 }; +- struct tm *currentm = NULL; + struct types_timezone tz = { 0 }; + time_t currentime; ++ struct tm result_time = { 0 }; + + if (in == NULL || !strcmp(in, defaultContainerTime) || !strcmp(in, "-")) { + return 0; +@@ -666,13 +666,12 @@ int64_t util_time_seconds_since(const char *in) + } + + time(¤time); +- currentm = gmtime(¤time); +- if (currentm == NULL) { ++ if (gmtime_r(¤time, &result_time) == NULL) { + ERROR("Get time error"); + return 0; + } + +- result = get_minmus_time(currentm, &tm); ++ result = get_minmus_time(&result_time, &tm); + result = result + (int64_t)tz.hour * 3600 + (int64_t)tz.min * 60; + + if (result > 0) { +@@ -871,9 +870,9 @@ int util_time_format_duration(const char *in, char *out, size_t len) + int32_t nanos = 0; + int64_t result = 0; + struct tm tm = { 0 }; +- struct tm *currentm = NULL; + struct types_timezone tz = { 0 }; + time_t currentime = { 0 }; ++ struct tm result_time = { 0 }; + + if (out == NULL) { + return -1; +@@ -888,13 +887,12 @@ int util_time_format_duration(const char *in, char *out, size_t len) + } + + time(¤time); +- currentm = gmtime(¤time); +- if (currentm == NULL) { ++ if (gmtime_r(¤time, &result_time) == NULL) { + ERROR("Get time error"); + return -1; + } + +- result = get_minmus_time(currentm, &tm); ++ result = get_minmus_time(&result_time, &tm); + result = result + (int64_t)tz.hour * 3600 + (int64_t)tz.min * 60; + + if (result < 0 || !time_human_duration(result, out, len)) { +-- +2.40.1 + diff --git a/0013-improve-report-error-message-of-client.patch b/0013-improve-report-error-message-of-client.patch new file mode 100644 index 0000000..0321aa6 --- /dev/null +++ b/0013-improve-report-error-message-of-client.patch @@ -0,0 +1,72 @@ +From a446152d676cf5616784e3f8f80dea8fd2ac221a Mon Sep 17 00:00:00 2001 +From: haozi007 <liuhao27@huawei.com> +Date: Thu, 7 Sep 2023 14:34:01 +0800 +Subject: [PATCH 13/33] improve report error message of client + +Signed-off-by: haozi007 <liuhao27@huawei.com> +--- + src/daemon/executor/container_cb/execution_stream.c | 4 ++-- + src/daemon/modules/service/service_container.c | 2 +- + src/utils/tar/isulad_tar.c | 4 ++-- + 3 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/src/daemon/executor/container_cb/execution_stream.c b/src/daemon/executor/container_cb/execution_stream.c +index aae9c234..7db96b19 100644 +--- a/src/daemon/executor/container_cb/execution_stream.c ++++ b/src/daemon/executor/container_cb/execution_stream.c +@@ -536,7 +536,7 @@ static container_path_stat *do_container_stat_path(const char *rootpath, const c + nret = lstat(resolvedpath, &st); + if (nret < 0) { + SYSERROR("lstat %s failed.", resolvedpath); +- isulad_set_error_message("lstat %s failed.", resolvedpath); ++ isulad_set_error_message("Check %s failed, get more information from log.", resolvedpath); + goto cleanup; + } + +@@ -922,7 +922,7 @@ static int copy_to_container_check_path_valid(const container_t *cont, const cha + nret = lstat(resolvedpath, &st); + if (nret < 0) { + SYSERROR("lstat %s failed", resolvedpath); +- isulad_set_error_message("lstat %s failed", resolvedpath); ++ isulad_set_error_message("Check %s failed, get more information from log.", resolvedpath); + goto cleanup; + } + +diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c +index 370ba059..83d82201 100644 +--- a/src/daemon/modules/service/service_container.c ++++ b/src/daemon/modules/service/service_container.c +@@ -596,7 +596,7 @@ static int valid_mount_point(container_config_v2_common_config_mount_points_elem + + if (lstat(mp->source, &st) != 0) { + SYSERROR("lstat %s failed", mp->source); +- isulad_set_error_message("lstat %s failed", mp->source); ++ isulad_set_error_message("Check %s failed, get more information from log.", mp->source); + return -1; + } + +diff --git a/src/utils/tar/isulad_tar.c b/src/utils/tar/isulad_tar.c +index bffbb43b..2e61d823 100644 +--- a/src/utils/tar/isulad_tar.c ++++ b/src/utils/tar/isulad_tar.c +@@ -192,7 +192,7 @@ struct archive_copy_info *copy_info_source_path(const char *path, bool follow_li + nret = lstat(resolved_path, &st); + if (nret < 0) { + SYSERROR("lstat %s failed", resolved_path); +- format_errorf(err, "lstat %s failed", resolved_path); ++ format_errorf(err, "Check %s failed, get more information from log.", resolved_path); + goto cleanup; + } + +@@ -429,7 +429,7 @@ static int tar_resource_rebase(const char *path, const char *rebase, const char + + if (lstat(path, &st) < 0) { + SYSERROR("lstat %s failed", path); +- format_errorf(err, "lstat %s failed", path); ++ format_errorf(err, "Check %s failed, get more information from log.", path); + return -1; + } + if (util_split_path_dir_entry(path, &srcdir, &srcbase) < 0) { +-- +2.40.1 + diff --git a/0014-adapt-new-error-message-for-isula-cp.patch b/0014-adapt-new-error-message-for-isula-cp.patch new file mode 100644 index 0000000..f6b01d6 --- /dev/null +++ b/0014-adapt-new-error-message-for-isula-cp.patch @@ -0,0 +1,43 @@ +From aba6d26fe34b3bea5964bca25f081a240312f08b Mon Sep 17 00:00:00 2001 +From: haozi007 <liuhao27@huawei.com> +Date: Thu, 7 Sep 2023 14:41:48 +0800 +Subject: [PATCH 14/33] adapt new error message for isula cp + +Signed-off-by: haozi007 <liuhao27@huawei.com> +--- + CI/test_cases/container_cases/cp.sh | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/CI/test_cases/container_cases/cp.sh b/CI/test_cases/container_cases/cp.sh +index 7bec9170..e60ccbc2 100755 +--- a/CI/test_cases/container_cases/cp.sh ++++ b/CI/test_cases/container_cases/cp.sh +@@ -57,10 +57,10 @@ test_cp_file_from_container() + fi + rm -rf $dstfile + +- isula cp $containername:/etc/../etc/passwd/ $cpfiles 2>&1 | grep "Not a directory" ++ isula cp $containername:/etc/../etc/passwd/ $cpfiles 2>&1 | grep "get more information from log" + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to do copy" && ((ret++)) + +- isula cp $containername:/etc/nonexists $cpfiles 2>&1 | grep "No such file or directory" ++ isula cp $containername:/etc/nonexists $cpfiles 2>&1 | grep "get more information from log" + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to do copy" && ((ret++)) + + dstfile=$cpfiles/etc +@@ -146,10 +146,10 @@ test_cp_file_to_container() + isula cp /etc/passwd $containername:$cpfiles/nonexists/ 2>&1 | grep "no such directory" + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to do copy" && ((ret++)) + +- isula cp /etc/passwd $containername:$cpfiles/nonexists/nonexists 2>&1 | grep "No such file or directory" ++ isula cp /etc/passwd $containername:$cpfiles/nonexists/nonexists 2>&1 | grep "get more information from log" + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to do copy" && ((ret++)) + +- isula cp /etc/nonexists $containername:$cpfiles 2>&1 | grep "No such file or directory" ++ isula cp /etc/nonexists $containername:$cpfiles 2>&1 | grep "get more information from log" + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to do copy" && ((ret++)) + rm -rf $dstfile + +-- +2.40.1 + diff --git a/0015-2182-Add-mutex-for-container-list-in-sandbox.patch b/0015-2182-Add-mutex-for-container-list-in-sandbox.patch new file mode 100644 index 0000000..21d519c --- /dev/null +++ b/0015-2182-Add-mutex-for-container-list-in-sandbox.patch @@ -0,0 +1,58 @@ +From dcceff17d6c2e1c97cb18c65260edfd2d6a3a60a Mon Sep 17 00:00:00 2001 +From: xuxuepeng <xuxuepeng1@huawei.com> +Date: Tue, 12 Sep 2023 03:20:33 +0000 +Subject: [PATCH 15/33] !2182 Add mutex for container list in sandbox * Add + mutex for container list in sandbox + +--- + src/daemon/sandbox/sandbox.cc | 4 ++++ + src/daemon/sandbox/sandbox.h | 1 + + 2 files changed, 5 insertions(+) + +diff --git a/src/daemon/sandbox/sandbox.cc b/src/daemon/sandbox/sandbox.cc +index 1723e95e..f391e809 100644 +--- a/src/daemon/sandbox/sandbox.cc ++++ b/src/daemon/sandbox/sandbox.cc +@@ -131,6 +131,7 @@ auto Sandbox::GetRuntimeHandle() const -> const std::string & + + auto Sandbox::GetContainers() -> std::vector<std::string> + { ++ ReadGuard<RWMutex> lock(m_containersMutex); + return m_containers; + } + +@@ -394,16 +395,19 @@ void Sandbox::RemoveLabels(const std::string &key) + + void Sandbox::AddContainer(const std::string &id) + { ++ WriteGuard<RWMutex> lock(m_containersMutex); + m_containers.push_back(id); + } + + void Sandbox::SetConatiners(const std::vector<std::string> &cons) + { ++ WriteGuard<RWMutex> lock(m_containersMutex); + m_containers = cons; + } + + void Sandbox::RemoveContainer(const std::string &id) + { ++ WriteGuard<RWMutex> lock(m_containersMutex); + auto it = std::find(m_containers.begin(), m_containers.end(), id); + if (it != m_containers.end()) { + m_containers.erase(it); +diff --git a/src/daemon/sandbox/sandbox.h b/src/daemon/sandbox/sandbox.h +index 0f135e70..89350131 100644 +--- a/src/daemon/sandbox/sandbox.h ++++ b/src/daemon/sandbox/sandbox.h +@@ -200,6 +200,7 @@ private: + std::string m_networkSettings; + // container id lists + std::vector<std::string> m_containers; ++ RWMutex m_containersMutex; + // TOOD: m_sandboxConfig is a protobuf message, it can be converted to json string directly + // if save json string directly for sandbox recover, we need to consider hot + // upgrade between different CRI versions +-- +2.40.1 + diff --git a/0016-2180-fix-execlp-not-enough-args.patch b/0016-2180-fix-execlp-not-enough-args.patch new file mode 100644 index 0000000..8379cb5 --- /dev/null +++ b/0016-2180-fix-execlp-not-enough-args.patch @@ -0,0 +1,54 @@ +From e9c0fb3c72bd102f24afe247bb545df210fa9aee Mon Sep 17 00:00:00 2001 +From: zhangxiaoyu <zhangxiaoyu58@huawei.com> +Date: Tue, 12 Sep 2023 03:55:17 +0000 +Subject: [PATCH 16/33] !2180 fix execlp not enough args * fix execlp not + enough args + +--- + cmake/set_build_flags.cmake | 2 +- + test/fuzz/CMakeLists.txt | 2 +- + test/image/oci/oci_ut_common.cc | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/cmake/set_build_flags.cmake b/cmake/set_build_flags.cmake +index ba250cdc..09c85c65 100644 +--- a/cmake/set_build_flags.cmake ++++ b/cmake/set_build_flags.cmake +@@ -3,7 +3,7 @@ set(CMAKE_C_FLAGS "-fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -Wall -fP + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__FILENAME__='\"$(subst ${CMAKE_SOURCE_DIR}/,,$(abspath $<))\"'") + + if (GRPC_CONNECTOR) +- set(CMAKE_CXX_FLAGS "-fPIC -std=c++11 -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -Wall -Wno-error=deprecated-declarations") ++ set(CMAKE_CXX_FLAGS "-fPIC -std=c++17 -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -Wall -Wno-error=deprecated-declarations") + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -D__FILENAME__='\"$(subst ${CMAKE_SOURCE_DIR}/,,$(abspath $<))\"'") + endif() + set(CMAKE_SHARED_LINKER_FLAGS "-Wl,-E -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wtrampolines -shared -pthread") +diff --git a/test/fuzz/CMakeLists.txt b/test/fuzz/CMakeLists.txt +index 478a4012..617a168f 100644 +--- a/test/fuzz/CMakeLists.txt ++++ b/test/fuzz/CMakeLists.txt +@@ -34,7 +34,7 @@ MESSAGE(STATUS "GCLANG_PP_BINARY is set to ${GCLANG_PP_BINARY}") + SET(CMAKE_C_COMPILER "${GCLANG_BINARY}") + SET(CMAKE_CXX_COMPILER "${GCLANG_PP_BINARY}") + SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -g -O0 --coverage -fsanitize=fuzzer,address -fsanitize-coverage=indirect-calls,trace-cmp,trace-div,trace-gep") +-SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -g -O0 --coverage -std=c++11 -fsanitize=fuzzer,address -fsanitize-coverage=indirect-calls,trace-cmp,trace-div,trace-gep") ++SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -g -O0 --coverage -std=c++17 -fsanitize=fuzzer,address -fsanitize-coverage=indirect-calls,trace-cmp,trace-div,trace-gep") + SET(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}) + + SET(EXE0 test_volume_mount_spec_fuzz) +diff --git a/test/image/oci/oci_ut_common.cc b/test/image/oci/oci_ut_common.cc +index 1158ae85..9fa25d1c 100644 +--- a/test/image/oci/oci_ut_common.cc ++++ b/test/image/oci/oci_ut_common.cc +@@ -22,7 +22,7 @@ + + int execvp_success(const char *file, char * const argv[]) + { +- execlp("echo", "echo"); ++ execlp("echo", "echo", NULL); + return -1; + } + +-- +2.40.1 + diff --git a/0017-2135-modify-incorrect-variable-type.patch b/0017-2135-modify-incorrect-variable-type.patch new file mode 100644 index 0000000..7b74a9e --- /dev/null +++ b/0017-2135-modify-incorrect-variable-type.patch @@ -0,0 +1,200 @@ +From e7f21e04b8710ec60045ba26ebdda5ce8a0c0f09 Mon Sep 17 00:00:00 2001 +From: zhongtao <zhongtao17@huawei.com> +Date: Mon, 28 Aug 2023 06:46:10 +0000 +Subject: [PATCH 17/33] !2135 modify incorrect variable type * modify incorrect + variable type + +--- + src/client/connect/protocol_type.h | 2 +- + src/daemon/modules/image/oci/oci_load.c | 4 ++-- + src/daemon/modules/image/oci/registry/registry.c | 12 +++++++----- + .../oci/storage/layer_store/graphdriver/driver.c | 2 +- + .../image/oci/storage/layer_store/layer_store.c | 15 +++++++++------ + src/daemon/modules/image/oci/storage/storage.c | 2 +- + src/daemon/modules/image/oci/utils_images.c | 4 ++-- + src/daemon/modules/service/service_container.c | 2 +- + 8 files changed, 24 insertions(+), 19 deletions(-) + +diff --git a/src/client/connect/protocol_type.h b/src/client/connect/protocol_type.h +index 62d27c91..4206c50b 100644 +--- a/src/client/connect/protocol_type.h ++++ b/src/client/connect/protocol_type.h +@@ -244,7 +244,7 @@ typedef struct container_events_format { + char *opt; + char *id; + char **annotations; +- char annotations_len; ++ size_t annotations_len; + } container_events_format_t; + + typedef void (*container_events_callback_t)(const container_events_format_t *event); +diff --git a/src/daemon/modules/image/oci/oci_load.c b/src/daemon/modules/image/oci/oci_load.c +index 5511a70c..5e062d44 100644 +--- a/src/daemon/modules/image/oci/oci_load.c ++++ b/src/daemon/modules/image/oci/oci_load.c +@@ -164,7 +164,7 @@ static void oci_load_free_layer(load_layer_blob_t *l) + + static void oci_load_free_image(load_image_t *im) + { +- int i = 0; ++ size_t i = 0; + + if (im == NULL) { + return; +@@ -406,7 +406,7 @@ out: + + static int check_time_valid(oci_image_spec *conf) + { +- int i = 0; ++ size_t i = 0; + + if (!oci_valid_time(conf->created)) { + ERROR("Invalid created time %s", conf->created); +diff --git a/src/daemon/modules/image/oci/registry/registry.c b/src/daemon/modules/image/oci/registry/registry.c +index 5c660bc9..e0b46e2e 100644 +--- a/src/daemon/modules/image/oci/registry/registry.c ++++ b/src/daemon/modules/image/oci/registry/registry.c +@@ -655,18 +655,20 @@ static int register_layer(pull_descriptor *desc, size_t i) + + static int get_top_layer_index(pull_descriptor *desc, size_t *top_layer_index) + { +- int i = 0; ++ size_t i; + + if (desc == NULL || top_layer_index == NULL) { + ERROR("Invalid NULL pointer"); + return -1; + } +- +- for (i = desc->layers_len - 1; i >= 0; i--) { +- if (desc->layers[i].empty_layer) { ++ // iterate over the layers array in reverse order, starting from the last layer ++ // since i is an unsigned number, i traverses from layers_len to 1 ++ for (i = desc->layers_len; i > 0; i--) { ++ // the corresponding array index is [i - 1]: layers_len - 1 -> 0 ++ if (desc->layers[i - 1].empty_layer) { + continue; + } +- *top_layer_index = i; ++ *top_layer_index = i - 1; + return 0; + } + +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c +index b1790af1..fc2857b6 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c +@@ -345,7 +345,7 @@ int graphdriver_apply_diff(const char *id, const struct io_read_wrapper *content + container_inspect_graph_driver *graphdriver_get_metadata(const char *id) + { + int ret = -1; +- int i = 0; ++ size_t i = 0; + container_inspect_graph_driver *inspect_driver = NULL; + json_map_string_string *metadata = NULL; + +diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c +index 8d8384b8..6ea3c48b 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c +@@ -747,7 +747,7 @@ out: + static int insert_memory_stores(const char *id, const struct layer_opts *opts, layer_t *l) + { + int ret = 0; +- int i = 0; ++ size_t i = 0; + + if (!append_layer_into_list(l)) { + ret = -1; +@@ -788,9 +788,12 @@ clear_compress_digest: + (void)delete_digest_from_map(g_metadata.by_compress_digest, l->slayer->compressed_diff_digest, id); + } + clear_by_name: +- for (i = i - 1; i >= 0; i--) { +- if (!map_remove(g_metadata.by_name, (void *)opts->names[i])) { +- WARN("Remove name: %s failed", opts->names[i]); ++ // iterate over the names in reverse order, starting from the last name ++ // since i is an unsigned number, i traverses from inserted name len to 1 ++ for (; i > 0; i--) { ++ // the corresponding array index is [i - 1]: inserted name len - 1 -> 0 ++ if (!map_remove(g_metadata.by_name, (void *)opts->names[i - 1])) { ++ WARN("Remove name: %s failed", opts->names[i - 1]); + } + } + if (!map_remove(g_metadata.by_id, (void *)id)) { +@@ -1812,7 +1815,7 @@ void layer_store_exit() + static uint64_t payload_to_crc(char *payload) + { + int ret = 0; +- int i = 0; ++ size_t i = 0; + uint64_t crc = 0; + uint8_t *crc_sums = NULL; + size_t crc_sums_len = 0; +@@ -2232,7 +2235,7 @@ int remote_load_one_layer(const char *id) + { + int ret = 0; + layer_t *tl = NULL; +- int i = 0; ++ size_t i = 0; + + if (!layer_store_lock(true)) { + return -1; +diff --git a/src/daemon/modules/image/oci/storage/storage.c b/src/daemon/modules/image/oci/storage/storage.c +index aa442ecf..13f8bb53 100644 +--- a/src/daemon/modules/image/oci/storage/storage.c ++++ b/src/daemon/modules/image/oci/storage/storage.c +@@ -1538,7 +1538,7 @@ out: + + static bool is_rootfs_layer(const char *layer_id, const struct rootfs_list *all_rootfs) + { +- int j; ++ size_t j; + + if (all_rootfs == NULL || layer_id == NULL) { + return false; +diff --git a/src/daemon/modules/image/oci/utils_images.c b/src/daemon/modules/image/oci/utils_images.c +index a233c2b1..2c5656c6 100644 +--- a/src/daemon/modules/image/oci/utils_images.c ++++ b/src/daemon/modules/image/oci/utils_images.c +@@ -450,7 +450,7 @@ static char *convert_created_by(image_manifest_v1_compatibility *config) + int add_rootfs_and_history(const layer_blob *layers, size_t layers_len, const registry_manifest_schema1 *manifest, + docker_image_config_v2 *config) + { +- int i = 0; ++ size_t i = 0; + int ret = 0; + size_t history_index = 0; + parser_error err = NULL; +@@ -511,7 +511,7 @@ int add_rootfs_and_history(const layer_blob *layers, size_t layers_len, const re + + ret = util_array_append(&config->rootfs->diff_ids, layers[i].diff_id); + if (ret != 0) { +- ERROR("append diff id of layer %u to rootfs failed, diff id is %s", i, layers[i].diff_id); ++ ERROR("append diff id of layer %zu to rootfs failed, diff id is %s", i, layers[i].diff_id); + ret = -1; + goto out; + } +diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c +index 83d82201..1fa2559d 100644 +--- a/src/daemon/modules/service/service_container.c ++++ b/src/daemon/modules/service/service_container.c +@@ -320,7 +320,6 @@ static int write_env_content(const char *env_path, const char **env, size_t env_ + int fd = -1; + size_t i = 0; + ssize_t nret = 0; +- int env_max = 4096; + + ret = create_env_path_dir(env_path); + if (ret < 0) { +@@ -335,6 +334,7 @@ static int write_env_content(const char *env_path, const char **env, size_t env_ + } + if (env != NULL) { + for (i = 0; i < env_len; i++) { ++ size_t env_max = 4096; + if (strlen(env[i]) > env_max) { + ERROR("Env is too long"); + ret = -1; +-- +2.40.1 + diff --git a/0018-make-sure-the-input-parameter-is-not-empty-and-optim.patch b/0018-make-sure-the-input-parameter-is-not-empty-and-optim.patch new file mode 100644 index 0000000..59f63d7 --- /dev/null +++ b/0018-make-sure-the-input-parameter-is-not-empty-and-optim.patch @@ -0,0 +1,1575 @@ +From c6442b5805d39d8749a1016e2932543a130f16dc Mon Sep 17 00:00:00 2001 +From: zhongtao <zhongtao17@huawei.com> +Date: Fri, 25 Aug 2023 17:34:12 +0800 +Subject: [PATCH 18/33] make sure the input parameter is not empty and optimize + the code + +Signed-off-by: zhongtao <zhongtao17@huawei.com> +--- + src/daemon/modules/api/image_api.h | 2 +- + src/daemon/modules/image/external/ext_image.c | 8 ++- + src/daemon/modules/image/image.c | 47 +++++++++++----- + src/daemon/modules/image/image_spec_merge.c | 2 +- + .../modules/image/oci/oci_common_operators.c | 9 ++- + src/daemon/modules/image/oci/oci_image.c | 8 +-- + src/daemon/modules/image/oci/oci_image.h | 2 +- + src/daemon/modules/image/oci/oci_image_type.h | 42 -------------- + src/daemon/modules/image/oci/oci_import.c | 1 + + src/daemon/modules/image/oci/oci_load.c | 10 +--- + src/daemon/modules/image/oci/oci_load.h | 2 +- + src/daemon/modules/image/oci/oci_login.c | 2 +- + src/daemon/modules/image/oci/oci_logout.c | 2 +- + src/daemon/modules/image/oci/oci_pull.c | 4 +- + .../image/oci/registry/registry_apiv2.c | 2 +- + .../oci/storage/image_store/image_store.c | 45 ++++++++++++--- + .../oci/storage/image_store/image_store.h | 4 +- + .../graphdriver/devmapper/deviceset.c | 10 ++-- + .../graphdriver/devmapper/driver_devmapper.c | 4 +- + .../graphdriver/devmapper/wrapper_devmapper.c | 14 +++-- + .../graphdriver/devmapper/wrapper_devmapper.h | 8 +-- + .../graphdriver/overlay2/driver_overlay2.c | 17 +++--- + .../graphdriver/overlay2/driver_overlay2.h | 2 - + .../image/oci/storage/layer_store/layer.c | 2 +- + .../image/oci/storage/layer_store/layer.h | 2 +- + .../oci/storage/layer_store/layer_store.c | 55 ++++++++----------- + .../oci/storage/layer_store/layer_store.h | 8 +-- + .../remote_layer_support/image_remote_impl.c | 12 +++- + .../remote_layer_support/layer_remote_impl.c | 10 ++++ + .../overlay_remote_impl.c | 10 ++++ + .../remote_layer_support/remote_support.c | 5 ++ + .../ro_symlink_maintain.c | 11 +++- + .../oci/storage/rootfs_store/rootfs_store.c | 8 +-- + .../oci/storage/rootfs_store/rootfs_store.h | 6 +- + .../modules/image/oci/storage/storage.c | 35 ++++++++++-- + .../modules/image/oci/storage/storage.h | 6 +- + src/daemon/modules/image/oci/utils_images.c | 7 ++- + src/daemon/modules/image/oci/utils_images.h | 2 +- + src/utils/http/http.h | 2 + + .../oci/storage/layers/storage_driver_ut.cc | 10 +--- + .../oci/storage/layers/storage_layers_ut.cc | 34 ------------ + test/mocks/driver_overlay2_mock.cc | 8 --- + test/mocks/driver_overlay2_mock.h | 1 - + 43 files changed, 251 insertions(+), 230 deletions(-) + delete mode 100644 src/daemon/modules/image/oci/oci_image_type.h + +diff --git a/src/daemon/modules/api/image_api.h b/src/daemon/modules/api/image_api.h +index 4bb8d1a9..2f2c00a2 100644 +--- a/src/daemon/modules/api/image_api.h ++++ b/src/daemon/modules/api/image_api.h +@@ -239,7 +239,7 @@ typedef struct { + + int image_module_init(const isulad_daemon_configs *args); + +-void image_module_exit(); ++void image_module_exit(void); + + int im_get_container_filesystem_usage(const char *image_type, const char *id, imagetool_fs_info **fs_usage); + +diff --git a/src/daemon/modules/image/external/ext_image.c b/src/daemon/modules/image/external/ext_image.c +index e1706469..5b6b7298 100644 +--- a/src/daemon/modules/image/external/ext_image.c ++++ b/src/daemon/modules/image/external/ext_image.c +@@ -138,13 +138,17 @@ int ext_list_images(const im_list_request *request, imagetool_images_list **list + { + int ret = 0; + ++ if (request == NULL || list == NULL) { ++ ERROR("Empty request or list"); ++ return -1; ++ } ++ + *list = util_common_calloc_s(sizeof(imagetool_images_list)); + if (*list == NULL) { + ERROR("Memory out"); + ret = -1; +- goto out; + } +-out: ++ + return ret; + } + +diff --git a/src/daemon/modules/image/image.c b/src/daemon/modules/image/image.c +index 322ab67c..408ceea2 100644 +--- a/src/daemon/modules/image/image.c ++++ b/src/daemon/modules/image/image.c +@@ -374,8 +374,8 @@ int im_resolv_image_name(const char *image_type, const char *image_name, char ** + int ret = -1; + const struct bim_type *q = NULL; + +- if (image_type == NULL) { +- ERROR("Image type is required"); ++ if (image_type == NULL || image_name == NULL || resolved_name == NULL) { ++ ERROR("Image type image_name and resolved_name is required"); + goto out; + } + q = get_bim_by_type(image_type); +@@ -402,8 +402,8 @@ int im_get_filesystem_info(const char *image_type, im_fs_info_response **respons + int ret = -1; + const struct bim_type *q = NULL; + +- if (image_type == NULL) { +- ERROR("Image type is required"); ++ if (image_type == NULL || response == NULL) { ++ ERROR("Image type and response is required"); + goto out; + } + +@@ -419,7 +419,7 @@ int im_get_filesystem_info(const char *image_type, im_fs_info_response **respons + INFO("Event: {Object: get image filesystem info, Type: inspecting}"); + ret = q->ops->get_filesystem_info(response); + if (ret != 0) { +- if (response != NULL && *response != NULL) { ++ if (*response != NULL && (*response)->errmsg != NULL) { + ERROR("Get filesystem info failed: %s", (*response)->errmsg); + } else { + ERROR("Get filesystem info failed"); +@@ -439,7 +439,7 @@ int im_get_container_filesystem_usage(const char *image_type, const char *id, im + const struct bim_type *q = NULL; + im_container_fs_usage_request *request = NULL; + +- if (image_type == NULL || id == NULL) { ++ if (image_type == NULL || id == NULL || fs_usage == NULL) { + ERROR("Invalid input arguments"); + ret = -1; + goto out; +@@ -763,6 +763,12 @@ bool im_config_image_exist(const char *image_name) + { + const struct bim_type *bim_type = NULL; + ++ if (image_name == NULL) { ++ ERROR("Invalid input arguments"); ++ isulad_set_error_message("Invalid input arguments"); ++ return false; ++ } ++ + bim_type = bim_query(image_name); + if (bim_type == NULL) { + ERROR("Config image %s not exist", image_name); +@@ -778,7 +784,7 @@ int im_merge_image_config(const char *image_type, const char *image_name, contai + int ret = 0; + struct bim *bim = NULL; + +- if (container_spec == NULL || image_type == NULL) { ++ if (container_spec == NULL || image_name == NULL || image_type == NULL) { + ERROR("Invalid input arguments"); + ret = -1; + goto out; +@@ -905,7 +911,7 @@ int im_list_images(const im_list_request *ctx, im_list_response **response) + size_t i; + imagetool_images_list *images_tmp = NULL; + +- if (response == NULL) { ++ if (ctx == NULL || response == NULL) { + ERROR("Empty arguments"); + return -1; + } +@@ -982,6 +988,12 @@ static bool check_im_pull_args(const im_pull_request *req, im_pull_response * co + isulad_set_error_message("Empty image required"); + return false; + } ++ ++ if (req->type == NULL) { ++ ERROR("Empty type required"); ++ isulad_set_error_message("Empty type required"); ++ return false; ++ } + return true; + } + +@@ -1079,7 +1091,7 @@ int im_import_image(const im_import_request *request, char **id) + return -1; + } + +- if (request->file == NULL) { ++ if (request->file == NULL || request->tag == NULL) { + ERROR("Import image requires image tarball file path"); + isulad_set_error_message("Import image requires image tarball file path"); + goto pack_response; +@@ -1185,7 +1197,8 @@ int im_load_image(const im_load_request *request, im_load_response **response) + + ret = bim->ops->load_image(request); + if (ret != 0) { +- ERROR("Failed to load image from %s with tag %s and type %s", request->file, request->tag, request->type); ++ // request->tag may be empty ++ ERROR("Failed to load image from %s with type %s", request->file, request->type); + ret = -1; + goto pack_response; + } +@@ -1368,11 +1381,16 @@ int im_logout(const im_logout_request *request, im_logout_response **response) + int ret = -1; + struct bim *bim = NULL; + +- if (response == NULL) { ++ if (request == NULL || response == NULL) { + ERROR("Empty response"); + return -1; + } + ++ if (request->type == NULL || request->server == NULL) { ++ ERROR("Empty type or server"); ++ return -1; ++ } ++ + *response = util_common_calloc_s(sizeof(im_logout_response)); + if (*response == NULL) { + ERROR("Out of memory"); +@@ -1842,13 +1860,12 @@ char *im_get_rootfs_dir(const im_get_rf_dir_request *request) + char *dir = NULL; + struct bim *bim = NULL; + +- if (request->type == NULL) { ++ if (request == NULL || request->type == NULL) { + ERROR("Missing image type"); + return NULL; + } + + bim = bim_get(request->type, NULL, NULL, NULL); +- + if (bim == NULL) { + ERROR("Failed to init bim, image type:%s", request->type); + return NULL; +@@ -1916,7 +1933,7 @@ int image_module_init(const isulad_daemon_configs *args) + return bims_init(args); + } + +-void image_module_exit() ++void image_module_exit(void) + { + size_t i; + +@@ -2085,7 +2102,7 @@ int im_prepare_container_rootfs(const im_prepare_request *request, char **real_r + int nret = 0; + struct bim *bim = NULL; + +- if (request == NULL) { ++ if (request == NULL || real_rootfs == NULL) { + ERROR("Invalid input arguments"); + return -1; + } +diff --git a/src/daemon/modules/image/image_spec_merge.c b/src/daemon/modules/image/image_spec_merge.c +index e8cdae28..1e857bb7 100644 +--- a/src/daemon/modules/image/image_spec_merge.c ++++ b/src/daemon/modules/image/image_spec_merge.c +@@ -29,7 +29,7 @@ int image_spec_merge_env(const char **env, size_t env_len, container_config *con + char **im_kv = NULL; + char **custom_kv = NULL; + +- if (env == NULL || env_len == 0) { ++ if (env == NULL || env_len == 0 || container_spec == NULL) { + return 0; + } + +diff --git a/src/daemon/modules/image/oci/oci_common_operators.c b/src/daemon/modules/image/oci/oci_common_operators.c +index 83cccbe6..e15423e6 100644 +--- a/src/daemon/modules/image/oci/oci_common_operators.c ++++ b/src/daemon/modules/image/oci/oci_common_operators.c +@@ -57,7 +57,7 @@ char *oci_resolve_image_name(const char *name) + + int oci_get_user_conf(const char *basefs, host_config *hc, const char *userstr, defs_process_user *puser) + { +- if (basefs == NULL || puser == NULL) { ++ if (basefs == NULL || puser == NULL || hc == NULL) { + ERROR("Empty basefs or puser"); + return -1; + } +@@ -371,6 +371,11 @@ int oci_list_images(const im_list_request *request, imagetool_images_list **imag + int ret = 0; + struct filters_args *image_filters = NULL; + ++ if (request == NULL || images == NULL) { ++ ERROR("Empty request or images"); ++ return -1; ++ } ++ + if (request != NULL && request->image_filters != NULL) { + image_filters = request->image_filters; + } +@@ -408,7 +413,7 @@ int oci_summary_image(im_summary_request *request, im_summary_response *response + char *image_ref = NULL; + char *resolved_name = NULL; + +- if (response == NULL) { ++ if (request == NULL || response == NULL) { + ERROR("Invalid arguments"); + return -1; + } +diff --git a/src/daemon/modules/image/oci/oci_image.c b/src/daemon/modules/image/oci/oci_image.c +index 4a48016b..f712a446 100644 +--- a/src/daemon/modules/image/oci/oci_image.c ++++ b/src/daemon/modules/image/oci/oci_image.c +@@ -353,7 +353,7 @@ out: + return ret; + } + +-void oci_exit() ++void oci_exit(void) + { + storage_module_exit(); + free_oci_image_data(); +@@ -396,7 +396,7 @@ int oci_prepare_rf(const im_prepare_request *request, char **real_rootfs) + { + int ret = 0; + +- if (request == NULL) { ++ if (request == NULL || request->container_id == NULL) { + ERROR("Bim is NULL"); + return -1; + } +@@ -457,7 +457,7 @@ int oci_mount_rf(const im_mount_request *request) + { + char *mount_point = NULL; + +- if (request == NULL) { ++ if (request == NULL || request->name_id == NULL) { + ERROR("Invalid arguments"); + return -1; + } +@@ -796,7 +796,7 @@ int oci_export_rf(const im_export_request *request) + { + int ret = 0; + +- if (request == NULL) { ++ if (request == NULL || request->name_id == NULL) { + ERROR("Invalid input arguments"); + return -1; + } +diff --git a/src/daemon/modules/image/oci/oci_image.h b/src/daemon/modules/image/oci/oci_image.h +index c52c8a7b..07f10c8d 100644 +--- a/src/daemon/modules/image/oci/oci_image.h ++++ b/src/daemon/modules/image/oci/oci_image.h +@@ -41,7 +41,7 @@ struct oci_image_module_data { + struct oci_image_module_data *get_oci_image_data(void); + + int oci_init(const isulad_daemon_configs *args); +-void oci_exit(); ++void oci_exit(void); + + int oci_pull_rf(const im_pull_request *request, im_pull_response *response); + int oci_rmi(const im_rmi_request *request); +diff --git a/src/daemon/modules/image/oci/oci_image_type.h b/src/daemon/modules/image/oci/oci_image_type.h +deleted file mode 100644 +index f436a453..00000000 +--- a/src/daemon/modules/image/oci/oci_image_type.h ++++ /dev/null +@@ -1,42 +0,0 @@ +-/****************************************************************************** +- * Copyright (c) Huawei Technologies Co., Ltd. 2018-2019. All rights reserved. +- * iSulad licensed under the Mulan PSL v2. +- * You can use this software according to the terms and conditions of the Mulan PSL v2. +- * You may obtain a copy of Mulan PSL v2 at: +- * http://license.coscl.org.cn/MulanPSL2 +- * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR +- * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR +- * PURPOSE. +- * See the Mulan PSL v2 for more details. +- * Author: lifeng +- * Create: 2018-11-08 +- * Description: provide image type definition +- ******************************************************************************/ +- +-#ifndef DAEMON_MODULES_IMAGE_OCI_OCI_IMAGE_TYPE_H +-#define DAEMON_MODULES_IMAGE_OCI_OCI_IMAGE_TYPE_H +- +-#ifdef __cplusplus +-extern "C" { +-#endif +- +-/* AuthConfig contains authorization information for connecting to a registry */ +-typedef struct { +- char *username; +- char *password; +- char *auth; +- char *server_address; +- +- // IdentityToken is used to authenticate the user and get +- // an access token for the registry. +- char *identity_token; +- +- // RegistryToken is a bearer token to be sent to a registry +- char *registry_token; +-} auth_config; +- +-#ifdef __cplusplus +-} +-#endif +- +-#endif +diff --git a/src/daemon/modules/image/oci/oci_import.c b/src/daemon/modules/image/oci/oci_import.c +index 93179504..1e14a916 100644 +--- a/src/daemon/modules/image/oci/oci_import.c ++++ b/src/daemon/modules/image/oci/oci_import.c +@@ -268,6 +268,7 @@ static int create_manifest(import_desc *desc) + manifest->layers[0]->size = desc->compressed_size; + manifest->layers[0]->digest = util_strdup_s(desc->compressed_digest); + ++ // the image manifest schema version is v2 + manifest->schema_version = 2; + manifest->media_type = util_strdup_s(DOCKER_MANIFEST_SCHEMA2_JSON); + +diff --git a/src/daemon/modules/image/oci/oci_load.c b/src/daemon/modules/image/oci/oci_load.c +index 5e062d44..569c5346 100644 +--- a/src/daemon/modules/image/oci/oci_load.c ++++ b/src/daemon/modules/image/oci/oci_load.c +@@ -851,20 +851,17 @@ static int64_t get_layer_size_from_storage(char *chain_id_pre) + id = oci_load_without_sha256_prefix(chain_id_pre); + if (id == NULL) { + ERROR("Get chain id failed from value:%s", chain_id_pre); +- size = -1; +- goto out; ++ return -1; + } + + l = storage_layer_get(id); + if (l == NULL) { + ERROR("Layer with chain id:%s is not exist in store", id); +- size = -1; +- goto out; ++ return -1; + } + + size = l->compress_size; + +-out: + free_layer(l); + return size; + } +@@ -883,8 +880,7 @@ static int oci_load_set_manifest_info(load_image_t *im) + im->manifest = util_common_calloc_s(sizeof(oci_image_manifest)); + if (im->manifest == NULL) { + ERROR("Out of memory"); +- ret = -1; +- goto out; ++ return -1; + } + + im->manifest->schema_version = OCI_SCHEMA_VERSION; +diff --git a/src/daemon/modules/image/oci/oci_load.h b/src/daemon/modules/image/oci/oci_load.h +index e1e09067..53ca87d2 100644 +--- a/src/daemon/modules/image/oci/oci_load.h ++++ b/src/daemon/modules/image/oci/oci_load.h +@@ -1,5 +1,5 @@ + /****************************************************************************** +-* Copyright (c) Huawei Technologies Co., Ltd. 2019. All rights reserved. ++* Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * iSulad licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: +diff --git a/src/daemon/modules/image/oci/oci_login.c b/src/daemon/modules/image/oci/oci_login.c +index 22de9593..e9eec378 100644 +--- a/src/daemon/modules/image/oci/oci_login.c ++++ b/src/daemon/modules/image/oci/oci_login.c +@@ -1,5 +1,5 @@ + /****************************************************************************** +-* Copyright (c) Huawei Technologies Co., Ltd. 2019. All rights reserved. ++* Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * iSulad licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: +diff --git a/src/daemon/modules/image/oci/oci_logout.c b/src/daemon/modules/image/oci/oci_logout.c +index 02fdb126..f8a63220 100644 +--- a/src/daemon/modules/image/oci/oci_logout.c ++++ b/src/daemon/modules/image/oci/oci_logout.c +@@ -1,5 +1,5 @@ + /****************************************************************************** +-* Copyright (c) Huawei Technologies Co., Ltd. 2019. All rights reserved. ++* Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * iSulad licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: +diff --git a/src/daemon/modules/image/oci/oci_pull.c b/src/daemon/modules/image/oci/oci_pull.c +index 5b35ca2b..e7ff77df 100644 +--- a/src/daemon/modules/image/oci/oci_pull.c ++++ b/src/daemon/modules/image/oci/oci_pull.c +@@ -1,5 +1,5 @@ + /****************************************************************************** +-* Copyright (c) Huawei Technologies Co., Ltd. 2019. All rights reserved. ++* Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * iSulad licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: +@@ -70,7 +70,7 @@ out: + return ret; + } + +-static void update_option_insecure_registry(registry_pull_options *options, char **insecure_registries, char *host) ++static void update_option_insecure_registry(registry_pull_options *options, char **insecure_registries, const char *host) + { + char **registry = NULL; + +diff --git a/src/daemon/modules/image/oci/registry/registry_apiv2.c b/src/daemon/modules/image/oci/registry/registry_apiv2.c +index 048fac94..db4d311e 100644 +--- a/src/daemon/modules/image/oci/registry/registry_apiv2.c ++++ b/src/daemon/modules/image/oci/registry/registry_apiv2.c +@@ -632,7 +632,7 @@ static int split_head_body(char *file, char **http_head) + } + body += strlen(deli); + +- ret = util_write_file(file, body, strlen(body), 0600); ++ ret = util_write_file(file, body, strlen(body), BODY_FILE_MODE); + if (ret != 0) { + ERROR("rewrite body to file failed"); + ret = -1; +diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c +index 55e3bb97..b7e0f0cc 100644 +--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c ++++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c +@@ -146,7 +146,7 @@ static void free_image_store(image_store_t *store) + free(store); + } + +-void image_store_free() ++void image_store_free(void) + { + free_image_store(g_image_store); + g_image_store = NULL; +@@ -1185,6 +1185,11 @@ int image_store_set_big_data(const char *id, const char *key, const char *data) + return -1; + } + ++ if (id == NULL || data == NULL) { ++ ERROR("Empty id or data"); ++ return -1; ++ } ++ + if (g_image_store == NULL) { + ERROR("Image store is not ready"); + return -1; +@@ -1287,7 +1292,7 @@ int image_store_add_name(const char *id, const char *name) + size_t i; + + if (id == NULL || name == NULL) { +- ERROR("Invalid input paratemer: id(%s), name(%s)", id, name); ++ ERROR("Invalid input paratemer"); + return -1; + } + +@@ -1515,7 +1520,7 @@ int image_store_set_metadata(const char *id, const char *metadata) + image_t *img = NULL; + + if (id == NULL || metadata == NULL) { +- ERROR("Invalid paratemer: id(%s), metadata(%s)", id, metadata); ++ ERROR("Invalid paratemer"); + return -1; + } + +@@ -1664,7 +1669,6 @@ char *image_store_big_data(const char *id, const char *key) + } + + ret = get_data_path(img->simage->id, key, filename, sizeof(filename)); +- + if (ret != 0) { + ERROR("Failed to get big data file path: %s.", key); + goto out; +@@ -1809,7 +1813,7 @@ char *image_store_big_data_digest(const char *id, const char *key) + image_t *img = NULL; + char *digest = NULL; + +- if (key == NULL || strlen(key) == 0) { ++ if (key == NULL || strlen(key) == 0 || id == NULL) { + ERROR("Not a valid name for a big data item, can't retrieve image big data value for empty name"); + return NULL; + } +@@ -1854,8 +1858,8 @@ int image_store_big_data_names(const char *id, char ***names, size_t *names_len) + int ret = 0; + image_t *img = NULL; + +- if (id == NULL) { +- ERROR("Invalid parameter, id is NULL"); ++ if (id == NULL || names == NULL || names_len == NULL) { ++ ERROR("Invalid parameter"); + return -1; + } + +@@ -2724,7 +2728,7 @@ unlock: + return ret; + } + +-size_t image_store_get_images_number() ++size_t image_store_get_images_number(void) + { + size_t number = 0; + +@@ -3140,6 +3144,11 @@ int image_store_validate_manifest_schema_version_1(const char *path, bool *valid + char manifest_path[PATH_MAX] = { 0x00 }; + bool valid_v2_config = false; + ++ if (path == NULL || valid == NULL) { ++ ERROR("Empty path or valid"); ++ return -1; ++ } ++ + *valid = false; + nret = snprintf(manifest_path, sizeof(manifest_path), "%s/%s", path, IMAGE_DIGEST_BIG_DATA_KEY); + if (nret < 0 || (size_t)nret >= sizeof(manifest_path)) { +@@ -3698,6 +3707,11 @@ int remote_append_image_by_directory_with_lock(const char *id) + return -1; + } + ++ if (g_image_store == NULL) { ++ ERROR("Image store is not ready"); ++ return -1; ++ } ++ + if (!image_store_lock(EXCLUSIVE)) { + ERROR("Failed to lock remote image store when handle: %s", id); + return -1; +@@ -3732,6 +3746,11 @@ int remote_remove_image_from_memory_with_lock(const char *id) + return -1; + } + ++ if (g_image_store == NULL) { ++ ERROR("Image store is not ready"); ++ return -1; ++ } ++ + if (!image_store_lock(EXCLUSIVE)) { + ERROR("Failed to lock remote image store when handle: %s", id); + return -1; +@@ -3758,6 +3777,16 @@ char *remote_image_get_top_layer_from_json(const char *img_id) + storage_image *im = NULL; + parser_error err = NULL; + ++ if (img_id == NULL) { ++ ERROR("Empty img id"); ++ return NULL; ++ } ++ ++ if (g_image_store == NULL) { ++ ERROR("Image store is not ready"); ++ return NULL; ++ } ++ + nret = snprintf(image_path, sizeof(image_path), "%s/%s/%s", g_image_store->dir, img_id, IMAGE_JSON); + if (nret < 0 || (size_t)nret >= sizeof(image_path)) { + ERROR("Failed to get image path"); +diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.h b/src/daemon/modules/image/oci/storage/image_store/image_store.h +index 5164cc73..019a2881 100644 +--- a/src/daemon/modules/image/oci/storage/image_store/image_store.h ++++ b/src/daemon/modules/image/oci/storage/image_store/image_store.h +@@ -98,13 +98,13 @@ int image_store_set_image_size(const char *id, uint64_t size); + int image_store_get_all_images(imagetool_images_list *images_list); + + // On success, the number of the known images is returned. On failure, (size_t)-1 is returned +-size_t image_store_get_images_number(); ++size_t image_store_get_images_number(void); + + // Retrieves image file system info + int image_store_get_fs_info(imagetool_fs_info *fs_info); + + // Free memory of image store, but will not delete the persisted files +-void image_store_free(); ++void image_store_free(void); + + imagetool_image_summary *image_store_get_image_summary(const char *id); + +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c +index 4f19c26d..79541e54 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c +@@ -499,14 +499,14 @@ bool has_metadata(const char *hash, struct device_set *devset) + bool ret = true; + int nret = 0; + +- if (hash == NULL) { ++ if (hash == NULL || devset == NULL) { + return true; + } + + metadata_path = metadata_dir(devset); + if (metadata_path == NULL) { + ERROR("Failed to get meta data directory"); +- goto out; ++ return false; + } + + nret = snprintf(metadata_file, sizeof(metadata_file), "%s/%s", metadata_path, util_valid_str(hash) ? hash : "base"); +@@ -541,7 +541,7 @@ static image_devmapper_device_info *load_metadata(const struct device_set *devse + metadata_path = metadata_dir(devset); + if (metadata_path == NULL) { + ERROR("Failed to get meta data directory"); +- goto out; ++ return NULL; + } + + nret = snprintf(metadata_file, sizeof(metadata_file), "%s/%s", metadata_path, util_valid_str(hash) ? hash : "base"); +@@ -3076,7 +3076,7 @@ int mount_device(const char *hash, const char *path, const struct driver_mount_o + char *dev_fname = NULL; + char *options = NULL; + +- if (hash == NULL || path == NULL) { ++ if (hash == NULL || path == NULL || devset == NULL) { + ERROR("devmapper: invalid input params to mount device"); + return -1; + } +@@ -3236,7 +3236,7 @@ int export_device_metadata(struct device_metadata *dev_metadata, const char *has + char *dm_name = NULL; + devmapper_device_info_t *device_info = NULL; + +- if (hash == NULL || dev_metadata == NULL) { ++ if (hash == NULL || dev_metadata == NULL || devset == NULL) { + ERROR("Invalid input params"); + return -1; + } +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c +index ecb62f79..d62d3133 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c +@@ -198,7 +198,7 @@ int devmapper_rm_layer(const char *id, const struct graphdriver *driver) + } + + if (delete_device(id, false, driver->devset) != 0) { +- ERROR("failed to remove device %s", id); ++ ERROR("Failed to remove device %s", id); + return -1; + } + +@@ -624,7 +624,7 @@ int devmapper_clean_up(struct graphdriver *driver) + { + int ret = 0; + +- if (driver == NULL) { ++ if (driver == NULL || driver->devset == NULL || driver->home == NULL) { + ERROR("Invalid input param to cleanup devicemapper"); + return -1; + } +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c +index e91ddd1e..e22311f1 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c +@@ -192,7 +192,7 @@ cleanup: + return NULL; + } + +-char *dev_get_driver_version() ++char *dev_get_driver_version(void) + { + struct dm_task *dmt = NULL; + char *version = NULL; +@@ -234,7 +234,7 @@ cleanup: + } + + // dev_get_library_version return the device mapper library version +-char *dev_get_library_version() ++char *dev_get_library_version(void) + { + char version[128] = { 0 }; + +@@ -679,7 +679,7 @@ cleanup: + return ret; + } + +-bool udev_sync_supported() ++bool udev_sync_supported(void) + { + return dm_udev_get_sync_support() != 0; + } +@@ -705,7 +705,8 @@ int dev_create_device(const char *pool_fname, int device_id) + int ret = 0; + int nret = 0; + uint64_t sector = 0; +- char message[PATH_MAX] = { 0 }; // 临时字符缓冲区上限 ++ // temporary character buffer limit ++ char message[PATH_MAX] = { 0 }; + struct dm_task *dmt = NULL; + + if (pool_fname == NULL) { +@@ -1066,7 +1067,7 @@ static void log_cb(int level, const char *file, int line, int dm_errno_or_class, + free(buffer); + } + +-void log_with_errno_init() ++void log_with_errno_init(void) + { + dm_log_with_errno_init(log_cb); + } +@@ -1136,7 +1137,8 @@ int dev_set_transaction_id(const char *pool_name, uint64_t old_id, uint64_t new_ + int ret = 0; + int nret = 0; + uint64_t sector = 0; +- char message[PATH_MAX] = { 0 }; // 临时字符缓冲区上限 ++ // temporary character buffer limit ++ char message[PATH_MAX] = { 0 }; + struct dm_task *dmt = NULL; + + if (pool_name == NULL) { +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.h b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.h +index e8acebc0..01771a3b 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.h ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.h +@@ -96,11 +96,11 @@ int set_dev_dir(const char *dir); + + struct dm_task* task_create_named(int type, const char *name); + +-void log_with_errno_init(); ++void log_with_errno_init(void); + +-char *dev_get_driver_version(); ++char *dev_get_driver_version(void); + +-char *dev_get_library_version(); ++char *dev_get_library_version(void); + + int dev_get_status(uint64_t *start, uint64_t *length, char **target_type, char **params, const char *name); + +@@ -112,7 +112,7 @@ int dev_remove_device_deferred(const char *name); + + int dev_get_device_list(char ***list, size_t *length); + +-bool udev_sync_supported(); ++bool udev_sync_supported(void); + + bool udev_set_sync_support(bool enable); + +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c +index 3b27076c..ced30b96 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c +@@ -405,12 +405,6 @@ out: + return ret; + } + +-bool overlay2_is_quota_options(struct graphdriver *driver, const char *option) +-{ +- return strncmp(option, QUOTA_SIZE_OPTION, strlen(QUOTA_SIZE_OPTION)) == 0 || +- strncmp(option, QUOTA_BASESIZE_OPTIONS, strlen(QUOTA_BASESIZE_OPTIONS)) == 0; +-} +- + static int check_parent_valid(const char *parent, const struct graphdriver *driver) + { + int ret = 0; +@@ -1158,7 +1152,7 @@ int overlay2_rm_layer(const char *id, const struct graphdriver *driver) + struct stat stat_buf; + #endif + +- if (id == NULL || driver == NULL) { ++ if (id == NULL || driver == NULL || driver->home == NULL) { + ERROR("Invalid input arguments"); + return -1; + } +@@ -1844,6 +1838,11 @@ bool overlay2_layer_exists(const char *id, const struct graphdriver *driver) + char *layer_dir = NULL; + char *link_id = NULL; + ++ if (id == NULL || driver == NULL || driver->home == NULL) { ++ ERROR("Failed to verify overlay2 layer exists for empty id or driver"); ++ return false; ++ } ++ + layer_dir = util_path_join(driver->home, id); + if (layer_dir == NULL) { + ERROR("Failed to join layer dir:%s", id); +@@ -2075,7 +2074,7 @@ int overlay2_get_driver_status(const struct graphdriver *driver, struct graphdri + int nret = 0; + char tmp[MAX_INFO_LENGTH] = { 0 }; + +- if (driver == NULL || status == NULL) { ++ if (driver == NULL || status == NULL || driver->backing_fs == NULL) { + ERROR("Invalid input arguments"); + return -1; + } +@@ -2117,7 +2116,7 @@ int overlay2_clean_up(struct graphdriver *driver) + { + int ret = 0; + +- if (driver == NULL) { ++ if (driver == NULL || driver->home == NULL) { + ERROR("Invalid input arguments"); + ret = -1; + goto out; +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.h b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.h +index e14271b1..438c508e 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.h ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.h +@@ -35,8 +35,6 @@ extern "C" { + + int overlay2_init(struct graphdriver *driver, const char *driver_home, const char **options, size_t len); + +-bool overlay2_is_quota_options(struct graphdriver *driver, const char *option); +- + int overlay2_create_rw(const char *id, const char *parent, const struct graphdriver *driver, + struct driver_create_opts *create_opts); + +diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer.c b/src/daemon/modules/image/oci/storage/layer_store/layer.c +index 4baeb7c2..4beb3d10 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/layer.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/layer.c +@@ -46,7 +46,7 @@ void free_layer_t(layer_t *ptr) + free(ptr); + } + +-layer_t *create_empty_layer() ++layer_t *create_empty_layer(void) + { + layer_t *result = NULL; + int nret = 0; +diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer.h b/src/daemon/modules/image/oci/storage/layer_store/layer.h +index f2dad648..9387efe0 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/layer.h ++++ b/src/daemon/modules/image/oci/storage/layer_store/layer.h +@@ -43,7 +43,7 @@ typedef struct _layer_t_ { + uint64_t refcnt; + } layer_t; + +-layer_t *create_empty_layer(); ++layer_t *create_empty_layer(void); + + void free_layer_t(layer_t *ptr); + void layer_ref_inc(layer_t *layer); +diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c +index 6ea3c48b..3ffe0ca7 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c +@@ -117,7 +117,7 @@ static inline void layer_store_unlock() + } + } + +-void layer_store_cleanup() ++void layer_store_cleanup(void) + { + struct linked_list *item = NULL; + struct linked_list *next = NULL; +@@ -230,7 +230,7 @@ static inline void delete_g_layer_list_item(struct linked_list *item, bool rm_va + g_metadata.layers_list_len -= 1; + } + +-void remove_layer_list_tail() ++void remove_layer_list_tail(void) + { + struct linked_list *item = NULL; + +@@ -1231,18 +1231,6 @@ int layer_store_delete(const char *id) + return ret; + } + +-bool layer_store_exists(const char *id) +-{ +- layer_t *l = lookup_with_lock(id); +- +- if (l == NULL) { +- return false; +- } +- +- layer_ref_dec(l); +- return true; +-} +- + static void copy_json_to_layer(const layer_t *jl, struct layer *l) + { + if (jl->slayer == NULL) { +@@ -1354,7 +1342,7 @@ int layer_store_by_compress_digest(const char *digest, struct layer_list *resp) + { + int ret = 0; + +- if (resp == NULL) { ++ if (digest == NULL || resp == NULL) { + return -1; + } + +@@ -1367,22 +1355,6 @@ int layer_store_by_compress_digest(const char *digest, struct layer_list *resp) + return ret; + } + +-int layer_store_by_uncompress_digest(const char *digest, struct layer_list *resp) +-{ +- int ret = 0; +- +- if (resp == NULL) { +- return -1; +- } +- if (!layer_store_lock(false)) { +- return -1; +- } +- +- ret = layers_by_digest_map(g_metadata.by_uncompress_digest, digest, resp); +- layer_store_unlock(); +- return ret; +-} +- + struct layer *layer_store_lookup(const char *name) + { + struct layer *ret = NULL; +@@ -1492,6 +1464,10 @@ int layer_store_try_repair_lowers(const char *id) + layer_t *l = NULL; + int ret = 0; + ++ if (id == NULL) { ++ return -1; ++ } ++ + l = lookup_with_lock(id); + if (l == NULL) { + return -1; +@@ -1807,7 +1783,7 @@ free_out: + return -1; + } + +-void layer_store_exit() ++void layer_store_exit(void) + { + graphdriver_cleanup(); + } +@@ -2116,6 +2092,11 @@ int layer_store_check(const char *id) + int ret = 0; + char *rootfs = NULL; + ++ if (id == NULL) { ++ ERROR("Failed to do layer store check for Empty id"); ++ return -1; ++ } ++ + layer_t *l = lookup_with_lock(id); + if (l == NULL || l->slayer == NULL) { + ERROR("layer %s not found when checking integration", id); +@@ -2157,6 +2138,11 @@ int remote_layer_remove_memory_stores_with_lock(const char *id) + { + int ret = 0; + ++ if (id == NULL) { ++ ERROR("Failed to lock layer store for empty id"); ++ return -1; ++ } ++ + if (!layer_store_lock(true)) { + ERROR("Failed to lock layer store when handle: %s", id); + return -1; +@@ -2237,6 +2223,11 @@ int remote_load_one_layer(const char *id) + layer_t *tl = NULL; + size_t i = 0; + ++ if (id == NULL) { ++ ERROR("Failed to do remote load one layer for empty id"); ++ return -1; ++ } ++ + if (!layer_store_lock(true)) { + return -1; + } +diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.h b/src/daemon/modules/image/oci/storage/layer_store/layer_store.h +index be8c52dc..20287119 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.h ++++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.h +@@ -51,20 +51,18 @@ struct layer_opts { + }; + + int layer_store_init(const struct storage_module_init_options *conf); +-void layer_store_exit(); +-void layer_store_cleanup(); ++void layer_store_exit(void); ++void layer_store_cleanup(void); + +-void remove_layer_list_tail(); ++void remove_layer_list_tail(void); + int layer_store_create(const char *id, const struct layer_opts *opts, const struct io_read_wrapper *content, + char **new_id); + int layer_inc_hold_refs(const char *layer_id); + int layer_dec_hold_refs(const char *layer_id); + int layer_get_hold_refs(const char *layer_id, int *ref_num); + int layer_store_delete(const char *id); +-bool layer_store_exists(const char *id); + int layer_store_list(struct layer_list *resp); + int layer_store_by_compress_digest(const char *digest, struct layer_list *resp); +-int layer_store_by_uncompress_digest(const char *digest, struct layer_list *resp); + struct layer *layer_store_lookup(const char *name); + char *layer_store_mount(const char *id); + int layer_store_umount(const char *id, bool force); +diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/image_remote_impl.c b/src/daemon/modules/image/oci/storage/remote_layer_support/image_remote_impl.c +index b4a53ec1..07c4a5cc 100644 +--- a/src/daemon/modules/image/oci/storage/remote_layer_support/image_remote_impl.c ++++ b/src/daemon/modules/image/oci/storage/remote_layer_support/image_remote_impl.c +@@ -1,5 +1,5 @@ + /****************************************************************************** +- * Copyright (c) Huawei Technologies Co., Ltd. 2020-2023. All rights reserved. ++ * Copyright (c) Huawei Technologies Co., Ltd. 2023. All rights reserved. + * iSulad licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: +@@ -31,6 +31,11 @@ static map_t *image_byid_new = NULL; + + struct remote_image_data *remote_image_create(const char *remote_home, const char *remote_ro) + { ++ if (remote_home == NULL) { ++ ERROR("Empty remote home"); ++ return NULL; ++ } ++ + struct remote_image_data *data = util_common_calloc_s(sizeof(struct remote_image_data)); + if (data == NULL) { + ERROR("Out of memory"); +@@ -204,6 +209,11 @@ static int remote_image_add(void *data) + + void remote_image_refresh(struct remote_image_data *data) + { ++ if (data == NULL) { ++ ERROR("Skip refresh remote image for empty data"); ++ return; ++ } ++ + if (remote_dir_scan(data) != 0) { + ERROR("remote overlay failed to scan dir, skip refresh"); + return; +diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/layer_remote_impl.c b/src/daemon/modules/image/oci/storage/remote_layer_support/layer_remote_impl.c +index b1a1e944..7527f1e4 100644 +--- a/src/daemon/modules/image/oci/storage/remote_layer_support/layer_remote_impl.c ++++ b/src/daemon/modules/image/oci/storage/remote_layer_support/layer_remote_impl.c +@@ -31,6 +31,11 @@ static map_t *layer_byid_new = NULL; + + struct remote_layer_data *remote_layer_create(const char *layer_home, const char *layer_ro) + { ++ if (layer_home == NULL || layer_ro == NULL) { ++ ERROR("Empty layer home or layer ro"); ++ return NULL; ++ } ++ + struct remote_layer_data *data = util_common_calloc_s(sizeof(struct remote_layer_data)); + if (data == NULL) { + ERROR("Out of memory"); +@@ -232,6 +237,11 @@ static int remote_layer_add(struct remote_layer_data *data) + + void remote_layer_refresh(struct remote_layer_data *data) + { ++ if (data == NULL) { ++ ERROR("Skip refresh remote layer for empty data"); ++ return; ++ } ++ + if (remote_dir_scan(data) != 0) { + ERROR("remote layer failed to scan dir, skip refresh"); + return; +diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c b/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c +index e44c64ef..38d9b0ce 100644 +--- a/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c ++++ b/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c +@@ -37,6 +37,11 @@ static map_t *overlay_id_link = NULL; + + struct remote_overlay_data *remote_overlay_create(const char *remote_home, const char *remote_ro) + { ++ if (remote_home == NULL || remote_ro == NULL) { ++ ERROR("Empty remote home or remote ro"); ++ return NULL; ++ } ++ + struct remote_overlay_data *data = util_common_calloc_s(sizeof(struct remote_overlay_data)); + if (data == NULL) { + ERROR("Out of memory"); +@@ -341,6 +346,11 @@ static int remote_overlay_add(struct remote_overlay_data *data) + + void remote_overlay_refresh(struct remote_overlay_data *data) + { ++ if (data == NULL) { ++ ERROR("Skip refresh remote overlay for empty data"); ++ return; ++ } ++ + if (remote_dir_scan(data) != 0) { + ERROR("remote overlay failed to scan dir, skip refresh"); + return; +diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c +index 1bac8dd5..5bf9869b 100644 +--- a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c ++++ b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c +@@ -87,6 +87,11 @@ int remote_start_refresh_thread(pthread_rwlock_t *remote_lock) + pthread_t a_thread; + maintain_context ctx = get_maintain_context(); + ++ if (remote_lock == NULL) { ++ ERROR("Invalid remote lock"); ++ return -1; ++ } ++ + supporters.image_data = remote_image_create(ctx.image_home, NULL); + if (supporters.image_data == NULL) { + goto free_out; +diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c b/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c +index 4d234aab..ea40ae45 100644 +--- a/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c ++++ b/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c +@@ -37,6 +37,8 @@ static char *layer_home; + static char *overlay_ro_dir; + static char *overlay_home; + ++#define LAYER_RO_DIR_MODE 0700 ++ + int remote_image_init(const char *root_dir) + { + if (root_dir == NULL) { +@@ -67,7 +69,7 @@ int remote_layer_init(const char *root_dir) + ERROR("Failed join path when init remote layer maintainer"); + goto out; + } +- if (!util_file_exists(layer_ro_dir) && util_mkdir_p(layer_ro_dir, 0700) != 0) { ++ if (!util_file_exists(layer_ro_dir) && util_mkdir_p(layer_ro_dir, LAYER_RO_DIR_MODE) != 0) { + ERROR("Failed to create RO dir under overlay"); + goto out; + } +@@ -127,6 +129,11 @@ static int do_build_ro_dir(const char *home, const char *id) + int nret = 0; + int ret = 0; + ++ if (home == NULL || id == NULL) { ++ ERROR("Empty home or id"); ++ return -1; ++ } ++ + nret = asprintf(&ro_symlink, "%s/%s", home, id); + if (nret < 0 || nret > PATH_MAX) { + SYSERROR("Failed create ro layer dir sym link path"); +@@ -183,7 +190,7 @@ int do_remove_ro_dir(const char *home, const char *id) + int ret = 0; + int nret = 0; + +- if (id == NULL) { ++ if (home == NULL || id == NULL) { + return 0; + } + +diff --git a/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.c b/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.c +index ee1e15d0..7ed07029 100644 +--- a/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.c ++++ b/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.c +@@ -121,7 +121,7 @@ static void free_rootfs_store(rootfs_store_t *store) + free(store); + } + +-void rootfs_store_free() ++void rootfs_store_free(void) + { + free_rootfs_store(g_rootfs_store); + g_rootfs_store = NULL; +@@ -1085,7 +1085,7 @@ out: + return ret; + } + +-int rootfs_store_wipe() ++int rootfs_store_wipe(void) + { + int ret = 0; + char *id = NULL; +@@ -1125,7 +1125,7 @@ int rootfs_store_set_metadata(const char *id, const char *metadata) + cntrootfs_t *cntr = NULL; + + if (id == NULL || metadata == NULL) { +- ERROR("Invalid paratemer: id(%s), metadata(%s)", id, metadata); ++ ERROR("Invalid paratemer"); + return -1; + } + +@@ -1331,7 +1331,7 @@ out: + return ret; + } + +-char *rootfs_store_get_data_dir() ++char *rootfs_store_get_data_dir(void) + { + return util_strdup_s(g_rootfs_store->dir); + } +\ No newline at end of file +diff --git a/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.h b/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.h +index c23af091..63f3294b 100644 +--- a/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.h ++++ b/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.h +@@ -48,7 +48,7 @@ char *rootfs_store_lookup(const char *id); + int rootfs_store_delete(const char *id); + + // Remove records of all containers +-int rootfs_store_wipe(); ++int rootfs_store_wipe(void); + + // Updates the metadata associated with the item with the specified ID. + int rootfs_store_set_metadata(const char *id, const char *metadata); +@@ -66,10 +66,10 @@ storage_rootfs *rootfs_store_get_rootfs(const char *id); + int rootfs_store_get_all_rootfs(struct rootfs_list *all_rootfs); + + // Return rootfs store data dir +-char *rootfs_store_get_data_dir(); ++char *rootfs_store_get_data_dir(void); + + // Free memory of container store, but will not delete the persisted files +-void rootfs_store_free(); ++void rootfs_store_free(void); + + #ifdef __cplusplus + } +diff --git a/src/daemon/modules/image/oci/storage/storage.c b/src/daemon/modules/image/oci/storage/storage.c +index 13f8bb53..255ec89c 100644 +--- a/src/daemon/modules/image/oci/storage/storage.c ++++ b/src/daemon/modules/image/oci/storage/storage.c +@@ -194,6 +194,11 @@ int storage_inc_hold_refs(const char *layer_id) + { + int ret = 0; + ++ if (layer_id == NULL) { ++ ERROR("Empty layer id"); ++ return -1; ++ } ++ + if (!storage_lock(&g_storage_rwlock, true)) { + ERROR("Failed to lock image store when increase hold refs number for layer %s", layer_id); + return -1; +@@ -209,6 +214,11 @@ int storage_inc_hold_refs(const char *layer_id) + int storage_dec_hold_refs(const char *layer_id) + { + int ret = 0; ++ ++ if (layer_id == NULL) { ++ ERROR("Empty layer id"); ++ return -1; ++ } + + if (!storage_lock(&g_storage_rwlock, true)) { + ERROR("Failed to lock image store when decrease hold refs number for layer %s", layer_id); +@@ -284,6 +294,11 @@ struct layer_list *storage_layers_get_by_compress_digest(const char *digest) + int ret = 0; + struct layer_list *layers = NULL; + ++ if (digest == NULL) { ++ ERROR("Empty digest"); ++ return NULL; ++ } ++ + layers = util_common_calloc_s(sizeof(struct layer_list)); + if (layers == NULL) { + ERROR("Out of memory"); +@@ -539,7 +554,7 @@ char *storage_img_get_image_id(const char *img_name) + return image_store_lookup(img_name); + } + +-bool is_top_layer_of_other_image(const char *img_id, const imagetool_images_list *all_images, const char *layer_id) ++static bool is_top_layer_of_other_image(const char *img_id, const imagetool_images_list *all_images, const char *layer_id) + { + size_t i = 0; + +@@ -913,6 +928,11 @@ int storage_img_set_image_size(const char *image_id) + int ret = 0; + int64_t image_size = 0; + ++ if (image_id == NULL) { ++ ERROR("Empty image id"); ++ return -1; ++ } ++ + image_size = storage_img_cal_image_size(image_id); + if (image_size < 0) { + ERROR("Failed to get image %s size", image_id); +@@ -961,7 +981,7 @@ bool storage_image_exist(const char *image_or_id) + return image_store_exists(image_or_id); + } + +-size_t storage_get_img_count() ++size_t storage_get_img_count(void) + { + return image_store_get_images_number(); + } +@@ -1250,8 +1270,8 @@ int storage_rootfs_fs_usgae(const char *container_id, imagetool_fs_info *fs_info + } + + rootfs_info = rootfs_store_get_rootfs(container_id); +- if (rootfs_info == NULL) { +- ERROR("Failed to get rootfs %s info", container_id); ++ if (rootfs_info == NULL || rootfs_info->layer == NULL) { ++ ERROR("Failed to get valid rootfs %s info", container_id); + ret = -1; + goto out; + } +@@ -1278,7 +1298,7 @@ char *storage_rootfs_mount(const char *container_id) + } + + rootfs_info = rootfs_store_get_rootfs(container_id); +- if (rootfs_info == NULL) { ++ if (rootfs_info == NULL || rootfs_info->layer == NULL) { + ERROR("Failed to get rootfs %s info", container_id); + goto out; + } +@@ -1726,6 +1746,11 @@ container_inspect_graph_driver *storage_get_metadata_by_container_id(const char + storage_rootfs *rootfs_info = NULL; + container_inspect_graph_driver *container_metadata = NULL; + ++ if (id == NULL) { ++ ERROR("Empty id"); ++ return NULL; ++ } ++ + rootfs_info = rootfs_store_get_rootfs(id); + if (rootfs_info == NULL) { + ERROR("Failed to get rootfs %s info", id); +diff --git a/src/daemon/modules/image/oci/storage/storage.h b/src/daemon/modules/image/oci/storage/storage.h +index a761938c..718f7eff 100644 +--- a/src/daemon/modules/image/oci/storage/storage.h ++++ b/src/daemon/modules/image/oci/storage/storage.h +@@ -119,7 +119,7 @@ typedef struct storage_layer_create_opts { + + int storage_module_init(struct storage_module_init_options *opts); + +-void storage_module_exit(); ++void storage_module_exit(void); + + void free_storage_module_init_options(struct storage_module_init_options *opts); + +@@ -153,7 +153,7 @@ int storage_img_set_image_size(const char *image_id); + + char *storage_get_img_top_layer(const char *id); + +-size_t storage_get_img_count(); ++size_t storage_get_img_count(void); + + char *storage_img_get_image_id(const char *img_name); + +@@ -191,7 +191,7 @@ char *storage_rootfs_mount(const char *container_id); + + int storage_rootfs_umount(const char *container_id, bool force); + +-char *storage_rootfs_get_dir(); ++char *storage_rootfs_get_dir(void); + + container_inspect_graph_driver *storage_get_metadata_by_container_id(const char *id); + +diff --git a/src/daemon/modules/image/oci/utils_images.c b/src/daemon/modules/image/oci/utils_images.c +index 2c5656c6..f8fd1e73 100644 +--- a/src/daemon/modules/image/oci/utils_images.c ++++ b/src/daemon/modules/image/oci/utils_images.c +@@ -247,7 +247,7 @@ int oci_split_image_name(const char *image_name, char **host, char **name, char + return 0; + } + +-char *get_hostname_to_strip() ++char *get_hostname_to_strip(void) + { + char *name = NULL; + +@@ -320,6 +320,11 @@ char *make_big_data_base_name(const char *key) + char *base_name = NULL; + size_t name_size; + ++ if (key == NULL) { ++ ERROR("Empty key"); ++ return NULL; ++ } ++ + if (should_use_origin_name(key)) { + return util_strdup_s(key); + } +diff --git a/src/daemon/modules/image/oci/utils_images.h b/src/daemon/modules/image/oci/utils_images.h +index 97879e41..2238bb91 100644 +--- a/src/daemon/modules/image/oci/utils_images.h ++++ b/src/daemon/modules/image/oci/utils_images.h +@@ -57,7 +57,7 @@ int oci_split_search_name(const char *search_name, char **host, char **name); + + char *oci_get_isulad_tmpdir(const char *root_dir); + int makesure_isulad_tmpdir_perm_right(const char *root_dir); +-char *get_hostname_to_strip(); ++char *get_hostname_to_strip(void); + + char *oci_image_digest_pos(const char *name); + +diff --git a/src/utils/http/http.h b/src/utils/http/http.h +index cdd6d64f..02d56ba8 100644 +--- a/src/utils/http/http.h ++++ b/src/utils/http/http.h +@@ -107,6 +107,8 @@ struct http_get_options { + #define AUTHZ_UNIX_SOCK "/run/isulad/plugins/authz-broker.sock" + #define AUTHZ_REQUEST_URL "http://localhost/isulad.auth" + ++#define BODY_FILE_MODE 0600 ++ + /* http response code */ + enum http_response_code { + StatusContinue = 100, // RFC 7231, 6.2.1 +diff --git a/test/image/oci/storage/layers/storage_driver_ut.cc b/test/image/oci/storage/layers/storage_driver_ut.cc +index ae9f4df1..943fa073 100644 +--- a/test/image/oci/storage/layers/storage_driver_ut.cc ++++ b/test/image/oci/storage/layers/storage_driver_ut.cc +@@ -269,12 +269,4 @@ TEST_F(StorageDriverUnitTest, test_graphdriver_try_repair_lowers) + + std::string id { "1be74353c3d0fd55fb5638a52953e6f1bc441e5b1710921db9ec2aa202725569" }; + ASSERT_EQ(graphdriver_try_repair_lowers(id.c_str(), nullptr), 0); +-} +- +-TEST(StorageOverlay2QuotaOptionsTest, test_overlay2_is_quota_options) +-{ +- std::vector<std::string> options { "overlay2.size", "overlay2.basesize" }; +- for (auto option : options) { +- ASSERT_TRUE(overlay2_is_quota_options(nullptr, option.c_str())); +- } +-} ++} +\ No newline at end of file +diff --git a/test/image/oci/storage/layers/storage_layers_ut.cc b/test/image/oci/storage/layers/storage_layers_ut.cc +index fca37e83..73611fdc 100644 +--- a/test/image/oci/storage/layers/storage_layers_ut.cc ++++ b/test/image/oci/storage/layers/storage_layers_ut.cc +@@ -278,19 +278,6 @@ TEST_F(StorageLayersUnitTest, test_layers_load) + free_layer_list(layer_list); + } + +-TEST_F(StorageLayersUnitTest, test_layer_store_exists) +-{ +- if (!support_overlay) { +- return; +- } +- +- std::string id { "7db8f44a0a8e12ea4283e3180e98880007efbd5de2e7c98b67de9cdd4dfffb0b" }; +- std::string incorrectId { "50551ff67da98ab8540d7132" }; +- +- ASSERT_TRUE(layer_store_exists(id.c_str())); +- ASSERT_FALSE(layer_store_exists(incorrectId.c_str())); +-} +- + TEST_F(StorageLayersUnitTest, test_layer_store_create) + { + if (!support_overlay) { +@@ -337,24 +324,3 @@ TEST_F(StorageLayersUnitTest, test_layer_store_by_compress_digest) + + free_layer_list(layer_list); + } +- +-TEST_F(StorageLayersUnitTest, test_layer_store_by_uncompress_digest) +-{ +- if (!support_overlay) { +- return; +- } +- +- std::string uncompress { "sha256:9c27e219663c25e0f28493790cc0b88bc973ba3b1686355f221c38a36978ac63" }; +- std::string id { "9c27e219663c25e0f28493790cc0b88bc973ba3b1686355f221c38a36978ac63" }; +- struct layer_list *layer_list = (struct layer_list *)util_common_calloc_s(sizeof(struct layer_list)); +- +- ASSERT_EQ(layer_store_by_uncompress_digest(uncompress.c_str(), layer_list), 0); +- ASSERT_EQ(layer_list->layers_len, 1); +- +- struct layer **layers = layer_list->layers; +- ASSERT_STREQ(layers[0]->id, id.c_str()); +- ASSERT_STREQ(layers[0]->uncompressed_digest, uncompress.c_str()); +- ASSERT_EQ(layers[0]->uncompress_size, 1672256); +- +- free_layer_list(layer_list); +-} +diff --git a/test/mocks/driver_overlay2_mock.cc b/test/mocks/driver_overlay2_mock.cc +index 6f24dbcf..6892539d 100644 +--- a/test/mocks/driver_overlay2_mock.cc ++++ b/test/mocks/driver_overlay2_mock.cc +@@ -39,11 +39,3 @@ int overlay2_parse_options(struct graphdriver *driver, const char **options, siz + } + return -1; + } +- +-bool overlay2_is_quota_options(struct graphdriver *driver, const char *option) +-{ +- if (g_driver_overlay2_mock != nullptr) { +- return g_driver_overlay2_mock->Overlay2IsQuotaOptions(driver, option); +- } +- return false; +-} +diff --git a/test/mocks/driver_overlay2_mock.h b/test/mocks/driver_overlay2_mock.h +index 071e6287..f09b715a 100644 +--- a/test/mocks/driver_overlay2_mock.h ++++ b/test/mocks/driver_overlay2_mock.h +@@ -24,7 +24,6 @@ public: + virtual ~MockDriverOverlay2() = default; + MOCK_METHOD1(Overlay2Init, int(struct graphdriver *)); + MOCK_METHOD3(Overlay2ParseOptions, int(struct graphdriver *, const char **, size_t)); +- MOCK_METHOD2(Overlay2IsQuotaOptions, bool(struct graphdriver *, const char *)); + }; + + void MockDriverOverlay2_SetMock(MockDriverOverlay2* mock); +-- +2.40.1 + diff --git a/0019-remove-password-in-url-module-and-clean-sensitive-in.patch b/0019-remove-password-in-url-module-and-clean-sensitive-in.patch new file mode 100644 index 0000000..255cf28 --- /dev/null +++ b/0019-remove-password-in-url-module-and-clean-sensitive-in.patch @@ -0,0 +1,332 @@ +From 4adc923cfaf25142aa4cbb909d65c0f3a999cc02 Mon Sep 17 00:00:00 2001 +From: zhongtao <zhongtao17@huawei.com> +Date: Tue, 29 Aug 2023 11:41:26 +0800 +Subject: [PATCH 19/33] remove password in url module and clean sensitive info + in struct passwd + +Signed-off-by: zhongtao <zhongtao17@huawei.com> +--- + .../modules/image/image_rootfs_handler.c | 13 +- + src/utils/cpputils/url.cc | 144 +----------------- + src/utils/cpputils/url.h | 19 +-- + 3 files changed, 15 insertions(+), 161 deletions(-) + +diff --git a/src/daemon/modules/image/image_rootfs_handler.c b/src/daemon/modules/image/image_rootfs_handler.c +index 1a3f4307..a8036ab9 100644 +--- a/src/daemon/modules/image/image_rootfs_handler.c ++++ b/src/daemon/modules/image/image_rootfs_handler.c +@@ -85,6 +85,7 @@ static int proc_by_fpasswd(FILE *f_passwd, const char *user, defs_process_user * + char buf[BUFSIZ] = { 0 }; + struct passwd pw; + struct passwd *pwbufp = NULL; ++ int ret = -1; + + if (f_passwd != NULL) { + #if defined (__ANDROID__) || defined(__MUSL__) +@@ -116,7 +117,7 @@ static int proc_by_fpasswd(FILE *f_passwd, const char *user, defs_process_user * + if (errval != 0 && errval != ENOENT) { + ERROR("Failed to parse passwd file: Insufficient buffer space supplied"); + isulad_set_error_message("Failed to parse passwd file: Insufficient buffer space supplied"); +- return -1; ++ goto out; + } + if (!userfound && user != NULL) { + int uret = util_safe_llong(user, &n_user); +@@ -124,16 +125,20 @@ static int proc_by_fpasswd(FILE *f_passwd, const char *user, defs_process_user * + if (uret != 0) { + ERROR("Unable to find user '%s'", user); + isulad_set_error_message("Unable to find user '%s': no matching entries in passwd file", user); +- return -1; ++ goto out; + } + if (n_user < MINUID || n_user > MAXUID) { + uids_gids_range_err_log(); +- return -1; ++ goto out; + } + puser->uid = (uid_t)n_user; + } ++ ret = 0; + +- return 0; ++out: ++ memset(buf, 0, sizeof(buf)); ++ memset(pwbufp, 0, sizeof(struct passwd)); ++ return ret; + } + + static int append_additional_gids(gid_t gid, gid_t **additional_gids, size_t *len) +diff --git a/src/utils/cpputils/url.cc b/src/utils/cpputils/url.cc +index 117eba7e..baaded07 100644 +--- a/src/utils/cpputils/url.cc ++++ b/src/utils/cpputils/url.cc +@@ -266,12 +266,7 @@ std::string Escape(const std::string &s, const EncodeMode &mode) + + UserInfo *User(const std::string &username) noexcept + { +- return new UserInfo { username, "", false }; +-} +- +-UserInfo *UserPassword(const std::string &username, const std::string &password) noexcept +-{ +- return new UserInfo { username, password, true }; ++ return new UserInfo { username }; + } + + int Getscheme(const std::string &rawurl, std::string &scheme, std::string &path) +@@ -324,24 +319,6 @@ void Split(const std::string &s, const std::string &c, bool cutc, std::string &t + u = s.substr(i, s.size()); + } + +-URLDatum *Parse(const std::string &rawurl) +-{ +- std::string u, frag; +- Split(rawurl, "#", true, u, frag); +- auto *url = Parse(u, false); +- if (url == nullptr) { +- return nullptr; +- } +- if (frag.empty()) { +- return url; +- } +- url->SetFragment(Unescape(frag, EncodeMode::ENCODE_FRAGMENT)); +- if (url->GetFragment().empty()) { +- return nullptr; +- } +- return url; +-} +- + int SplitOffPossibleLeading(std::string &scheme, const std::string &rawurl, URLDatum *url, std::string &rest) + { + if (Getscheme(rawurl, scheme, rest) != 0) { +@@ -385,108 +362,6 @@ URLDatum *HandleNonBackslashPrefix(URLDatum *url, const std::string &scheme, con + return nullptr; + } + +-int SetURLDatumInfo(URLDatum *url, const std::string &scheme, bool viaRequest, std::string &rest) +-{ +- if ((!scheme.empty() || (!viaRequest && rest.substr(0, 3) == "///")) && rest.substr(0, 2) == "//") { +- std::string authority; +- Split(rest.substr(2, rest.size()), "/", false, authority, rest); +- std::string host = url->GetHost(); +- UserInfo *user = url->GetUser(); +- if (ParseAuthority(authority, &user, host)) { +- return -1; +- } +- url->SetHost(host); +- url->SetUser(user); +- } +- if (url->SetPath(rest)) { +- return -1; +- } +- url->SetScheme(scheme); +- return 0; +-} +- +-URLDatum *Parse(const std::string &rawurl, bool viaRequest) +-{ +- if (rawurl.empty() && viaRequest) { +- ERROR("empty url!"); +- return nullptr; +- } +- auto *url = new (std::nothrow) URLDatum; +- if (url == nullptr) { +- ERROR("Out of memory"); +- return nullptr; +- } +- if (rawurl == "*") { +- url->SetPathWithoutEscape("*"); +- return url; +- } +- std::string scheme = url->GetScheme(); +- std::string rest; +- if (SplitOffPossibleLeading(scheme, rawurl, url, rest) != 0) { +- return nullptr; +- } +- bool shouldRet = false; +- auto *tmpret = HandleNonBackslashPrefix(url, scheme, rest, viaRequest, shouldRet); +- if (shouldRet) { +- return tmpret; +- } +- if (SetURLDatumInfo(url, scheme, viaRequest, rest) != 0) { +- return nullptr; +- } +- return url; +-} +- +-int ParseAuthority(const std::string &authority, UserInfo **user, std::string &host) +-{ +- size_t i = authority.find("@"); +- if (i == std::string::npos) { +- if (ParseHost(authority, host) != 0) { +- *user = nullptr; +- host = ""; +- return -1; +- } +- } else { +- if (ParseHost(authority.substr(i + 1, authority.size()), host) != 0) { +- *user = nullptr; +- host = ""; +- return -1; +- } +- } +- if (i == std::string::npos) { +- *user = nullptr; +- return 0; +- } +- +- std::string userinfo = authority.substr(0, i); +- if (!ValidUserinfo(userinfo)) { +- *user = nullptr; +- host = ""; +- ERROR("net/url: invalid userinfo"); +- return -1; +- } +- if (userinfo.find(":") == std::string::npos) { +- userinfo = Unescape(userinfo, EncodeMode::ENCODE_USER_PASSWORD); +- if (userinfo.empty()) { +- *user = nullptr; +- host = ""; +- return -1; +- } +- *user = User(userinfo); +- } else { +- std::string servername, serverword; +- Split(userinfo, ":", true, servername, serverword); +- servername = Unescape(servername, EncodeMode::ENCODE_USER_PASSWORD); +- serverword = Unescape(serverword, EncodeMode::ENCODE_USER_PASSWORD); +- if (servername.empty() || serverword.empty()) { +- *user = nullptr; +- host = ""; +- return -1; +- } +- *user = UserPassword(servername, serverword); +- } +- return 0; +-} +- + int ParseHost(std::string host, std::string &out) + { + if (host.at(0) == '[') { +@@ -756,9 +631,6 @@ std::string UserInfo::String() const + std::string s; + if (!m_username.empty()) { + s = Escape(m_username, EncodeMode::ENCODE_USER_PASSWORD); +- if (m_passwordSet) { +- s += ":" + Escape(m_password, EncodeMode::ENCODE_USER_PASSWORD); +- } + } + return s; + } +@@ -766,11 +638,6 @@ std::string UserInfo::Username() const + { + return m_username; + } +-std::string UserInfo::Password(bool &set) const +-{ +- set = m_passwordSet; +- return m_password; +-} + + URLDatum::~URLDatum() + { +@@ -860,15 +727,6 @@ bool URLDatum::IsAbs() const + return (m_scheme != ""); + } + +-std::unique_ptr<URLDatum> URLDatum::UrlParse(const std::string &ref) +-{ +- auto *refurl = Parse(ref); +- if (refurl == nullptr) { +- return nullptr; +- } +- return ResolveReference(refurl); +-} +- + std::unique_ptr<URLDatum> URLDatum::ResolveReference(URLDatum *ref) + { + std::unique_ptr<URLDatum> url(new (std::nothrow) URLDatum(*ref)); +diff --git a/src/utils/cpputils/url.h b/src/utils/cpputils/url.h +index abbf20f4..3dd40079 100644 +--- a/src/utils/cpputils/url.h ++++ b/src/utils/cpputils/url.h +@@ -49,17 +49,13 @@ private: + + class UserInfo { + public: +- UserInfo(const std::string &u, const std::string &p, bool b) : m_username(u), m_password(p), +- m_passwordSet(b) {} ++ UserInfo(const std::string &u) : m_username(u) {} + ~UserInfo() = default; + std::string String() const; + std::string Username() const; +- std::string Password(bool &set) const; + + private: + std::string m_username; +- std::string m_password; +- bool m_passwordSet; + }; + + class URLDatum { +@@ -69,7 +65,6 @@ public: + std::string EscapedPath(); + std::string String(); + bool IsAbs() const; +- std::unique_ptr<URLDatum> UrlParse(const std::string &ref); + std::unique_ptr<URLDatum> ResolveReference(URLDatum *ref); + auto Query()->std::map<std::string, std::vector<std::string>>; + std::string RequestURI(); +@@ -88,7 +83,7 @@ public: + { + m_opaque = value; + } +- std::string GetOpaque() const ++ std::string GetOpaque() const + { + return m_opaque; + } +@@ -96,7 +91,7 @@ public: + { + m_user = value; + } +- UserInfo *GetUser() const ++ UserInfo *GetUser() const + { + return m_user; + } +@@ -128,7 +123,7 @@ public: + { + m_rawQuery = value; + } +- std::string GetRawQuery() const ++ std::string GetRawQuery() const + { + return m_rawQuery; + } +@@ -136,7 +131,7 @@ public: + { + m_fragment = value; + } +- std::string GetFragment() const ++ std::string GetFragment() const + { + return m_fragment; + } +@@ -163,13 +158,9 @@ std::string QueryUnescape(const std::string &s); + std::string Unescape(std::string s, const EncodeMode &mode); + std::string QueryEscape(const std::string &s); + std::string Escape(const std::string &s, const EncodeMode &mode); +-UserInfo *UserPassword(const std::string &username, const std::string &password) noexcept; + UserInfo *User(const std::string &username) noexcept; + int Getscheme(const std::string &rawurl, std::string &scheme, std::string &path); + void Split(const std::string &s, const std::string &c, bool cutc, std::string &t, std::string &u); +-URLDatum *Parse(const std::string &rawurl); +-URLDatum *Parse(const std::string &rawurl, bool viaRequest); +-int ParseAuthority(const std::string &authority, UserInfo **user, std::string &host); + int ParseHost(std::string host, std::string &out); + bool ValidEncodedPath(const std::string &s); + bool ValidOptionalPort(const std::string &port); +-- +2.40.1 + diff --git a/0020-2153-fix-codecheck.patch b/0020-2153-fix-codecheck.patch new file mode 100644 index 0000000..1cdd5a8 --- /dev/null +++ b/0020-2153-fix-codecheck.patch @@ -0,0 +1,447 @@ +From d9c60a7309f3616c1d9d0051ba338a8def37a538 Mon Sep 17 00:00:00 2001 +From: zhongtao <zhongtao17@huawei.com> +Date: Tue, 29 Aug 2023 09:38:53 +0000 +Subject: [PATCH 20/33] !2153 fix codecheck * fix codecheck + +--- + src/daemon/modules/image/embedded/load.c | 2 +- + src/daemon/modules/image/image.c | 4 +- + src/daemon/modules/image/oci/oci_login.h | 2 - + src/daemon/modules/image/oci/oci_logout.h | 2 - + .../oci/storage/image_store/image_store.c | 1 - + .../oci/storage/image_store/image_store.h | 2 - + .../graphdriver/devmapper/deviceset.c | 9 ++- + .../graphdriver/devmapper/deviceset.h | 5 +- + .../graphdriver/devmapper/driver_devmapper.h | 16 ++--- + .../graphdriver/devmapper/wrapper_devmapper.h | 2 - + .../storage/layer_store/graphdriver/driver.c | 2 +- + .../storage/layer_store/graphdriver/driver.h | 59 ++++++++----------- + .../graphdriver/overlay2/driver_overlay2.c | 3 - + .../graphdriver/overlay2/driver_overlay2.h | 8 +-- + .../graphdriver/quota/project_quota.h | 1 - + .../oci/storage/layer_store/layer_store.h | 4 -- + .../overlay_remote_impl.c | 1 - + .../remote_layer_support/remote_support.c | 2 +- + .../remote_layer_support/remote_support.h | 2 +- + .../oci/storage/rootfs_store/rootfs_store.h | 4 -- + 20 files changed, 46 insertions(+), 85 deletions(-) + +diff --git a/src/daemon/modules/image/embedded/load.c b/src/daemon/modules/image/embedded/load.c +index dc2aeba2..92ac42ad 100644 +--- a/src/daemon/modules/image/embedded/load.c ++++ b/src/daemon/modules/image/embedded/load.c +@@ -36,7 +36,7 @@ static char *replace_suffix_to_sgn(const char *file) + ERROR("invalid NULL param"); + return NULL; + } +- if (sizeof(".sgn") > SIZE_MAX - strlen(file)) { ++ if (strlen(file) > SIZE_MAX - sizeof(".sgn")) { + return NULL; + } + len = strlen(file) + sizeof(".sgn"); +diff --git a/src/daemon/modules/image/image.c b/src/daemon/modules/image/image.c +index 408ceea2..a14f2ac3 100644 +--- a/src/daemon/modules/image/image.c ++++ b/src/daemon/modules/image/image.c +@@ -784,7 +784,9 @@ int im_merge_image_config(const char *image_type, const char *image_name, contai + int ret = 0; + struct bim *bim = NULL; + +- if (container_spec == NULL || image_name == NULL || image_type == NULL) { ++ // there is no need to judge the image name as empty, ++ // because the image name of external type allows it to be empty. ++ if (container_spec == NULL || image_type == NULL) { + ERROR("Invalid input arguments"); + ret = -1; + goto out; +diff --git a/src/daemon/modules/image/oci/oci_login.h b/src/daemon/modules/image/oci/oci_login.h +index ab261ebd..acf6eeb6 100644 +--- a/src/daemon/modules/image/oci/oci_login.h ++++ b/src/daemon/modules/image/oci/oci_login.h +@@ -15,8 +15,6 @@ + #ifndef DAEMON_MODULES_IMAGE_OCI_OCI_LOGIN_H + #define DAEMON_MODULES_IMAGE_OCI_OCI_LOGIN_H + +-#include <stdbool.h> +- + #ifdef __cplusplus + extern "C" { + #endif +diff --git a/src/daemon/modules/image/oci/oci_logout.h b/src/daemon/modules/image/oci/oci_logout.h +index 81f0196c..c0a9bb8b 100644 +--- a/src/daemon/modules/image/oci/oci_logout.h ++++ b/src/daemon/modules/image/oci/oci_logout.h +@@ -15,8 +15,6 @@ + #ifndef DAEMON_MODULES_IMAGE_OCI_OCI_LOGOUT_H + #define DAEMON_MODULES_IMAGE_OCI_OCI_LOGOUT_H + +-#include <stdbool.h> +- + #ifdef __cplusplus + extern "C" { + #endif +diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c +index b7e0f0cc..f49f4707 100644 +--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c ++++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c +@@ -2123,7 +2123,6 @@ static int pack_repo_digest(char ***old_repo_digests, const char **image_tags, c + } + + for (i = 0; i < util_array_len((const char **)*repo_digests); i++) { +- bool value = true; + if (!map_replace(digest_map, (void *)(*repo_digests)[i], &value)) { + ERROR("Failed to insert pair to digest map: %s", (*repo_digests)[i]); + ret = -1; +diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.h b/src/daemon/modules/image/oci/storage/image_store/image_store.h +index 019a2881..4544f84b 100644 +--- a/src/daemon/modules/image/oci/storage/image_store/image_store.h ++++ b/src/daemon/modules/image/oci/storage/image_store/image_store.h +@@ -29,8 +29,6 @@ + #include "isula_libutils/imagetool_images_list.h" + #include "isula_libutils/imagetool_image_summary.h" + +-struct storage_module_init_options; +- + #ifdef __cplusplus + extern "C" { + #endif +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c +index 79541e54..4652c71a 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c +@@ -105,7 +105,6 @@ static int handle_dm_min_free_space(char *val, struct device_set *devset) + { + long converted = 0; + int ret = util_parse_percent_string(val, &converted); +- + if (ret != 0 || converted >= 100) { + errno = -ret; + SYSERROR("Invalid min free space: '%s'", val); +@@ -293,7 +292,8 @@ static char *deviceset_meta_file(const struct device_set *devset) + return file; + } + +-// get_dm_name return value format:container-253:0-409697-401641a00390ccd2b21eb464f5eb5a7b735c3731b717e7bffafe65971f4cb498 ++// get_dm_name return value format: ++// container-253:0-409697-401641a00390ccd2b21eb464f5eb5a7b735c3731b717e7bffafe65971f4cb498 + static char *get_dm_name(const struct device_set *devset, const char *hash) + { + int nret = 0; +@@ -312,7 +312,8 @@ static char *get_dm_name(const struct device_set *devset, const char *hash) + return util_strdup_s(buff); + } + +-// get_dev_name return value fromat:/dev/mapper/container-253:0-409697-401641a00390ccd2b21eb464f5eb5a7b735c3731b717e7bffafe65971f4cb498 ++// get_dev_name return value fromat: ++// /dev/mapper/container-253:0-409697-401641a00390ccd2b21eb464f5eb5a7b735c3731b717e7bffafe65971f4cb498 + static char *get_dev_name(const char *name) + { + return util_string_append(name, DEVMAPPER_DECICE_DIRECTORY); +@@ -2351,7 +2352,6 @@ static int setup_base_image(struct device_set *devset) + devmapper_device_info_t *device_info = NULL; + + device_info = lookup_device(devset, "base"); +- + // base image already exists. If it is initialized properly, do UUID + // verification and return. Otherwise remove image and set it up + // fresh. +@@ -2504,7 +2504,6 @@ static void cleanup_deleted_devices(struct graphdriver *driver) + goto unlock_driver; + } + +- + if (driver->devset->nr_deleted_devices == 0) { + DEBUG("devmapper: no devices to delete"); + goto unlock_devset; +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.h b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.h +index ec985e40..d7f7d184 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.h ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.h +@@ -23,10 +23,7 @@ + + #include "driver.h" + #include "metadata_store.h" +- +-struct device_set; +-struct driver_mount_opts; +-struct graphdriver; ++#include "devices_constants.h" + + #ifdef __cplusplus + extern "C" { +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.h b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.h +index 9ee020de..dca2d614 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.h ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.h +@@ -16,22 +16,18 @@ + #define DAEMON_MODULES_IMAGE_OCI_STORAGE_LAYER_STORE_GRAPHDRIVER_DEVMAPPER_DRIVER_DEVMAPPER_H + + #include <pthread.h> +-#include <isula_libutils/imagetool_fs_info.h> +-#include <isula_libutils/json_common.h> + #include <stdbool.h> + #include <stddef.h> + #include <stdint.h> ++#include <isula_libutils/imagetool_fs_info.h> ++#include <isula_libutils/json_common.h> ++#include <isula_libutils/image_devmapper_transaction.h> ++#include <isula_libutils/image_devmapper_deviceset_metadata.h> + + #include "driver.h" + #include "map.h" +-#include "isula_libutils/image_devmapper_transaction.h" +-#include "isula_libutils/image_devmapper_deviceset_metadata.h" +- +-struct driver_create_opts; +-struct driver_mount_opts; +-struct graphdriver; +-struct graphdriver_status; +-struct io_read_wrapper; ++#include "image_api.h" ++#include "io_wrapper.h" + + #ifdef __cplusplus + extern "C" { +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.h b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.h +index 01771a3b..4b2ae82b 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.h ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.h +@@ -24,8 +24,6 @@ + + #include "driver.h" + +-struct dm_task; +- + #ifdef __cplusplus + extern "C" { + #endif +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c +index fc2857b6..fb549bae 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c +@@ -1,5 +1,5 @@ + /****************************************************************************** +- * Copyright (c) Huawei Technologies Co., Ltd. 2017-2019. All rights reserved. ++ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * iSulad licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.h b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.h +index acd847cc..2fcfa12b 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.h ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.h +@@ -1,5 +1,5 @@ + /****************************************************************************** +- * Copyright (c) Huawei Technologies Co., Ltd. 2019. All rights reserved. ++ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * iSulad licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: +@@ -20,25 +20,42 @@ + #include <stddef.h> + #include <pthread.h> + #include <isula_libutils/imagetool_fs_info.h> ++#include <isula_libutils/container_inspect.h> ++#include <isula_libutils/json_common.h> + +-#include "isula_libutils/container_inspect.h" +-#include "isula_libutils/json_common.h" + #include "io_wrapper.h" + #include "driver_overlay2_types.h" + #include "devices_constants.h" + #include "storage.h" + #include "image_api.h" +-#include "isula_libutils/container_inspect.h" +- +-struct graphdriver_status; +-struct io_read_wrapper; +-struct storage_module_init_options; + + #ifdef __cplusplus + extern "C" { + #endif + +-struct graphdriver; ++struct graphdriver { ++ // common implement ++ const struct graphdriver_ops *ops; ++ const char *name; ++ const char *home; ++ char *backing_fs; ++ bool support_dtype; ++ ++ bool support_quota; ++#ifdef ENABLE_REMOTE_LAYER_STORE ++ bool enable_remote_layer; ++#endif ++ struct pquota_control *quota_ctrl; ++ ++ // options for overlay2 ++ struct overlay_options *overlay_opts; ++ ++ // options for device mapper ++ struct device_set *devset; ++ ++ // lock to protect graphdriver between cleanup and other operations ++ pthread_rwlock_t rwlock; ++}; + + struct driver_create_opts { + char *mount_label; +@@ -81,30 +98,6 @@ struct graphdriver_ops { + int (*get_layer_fs_info)(const char *id, const struct graphdriver *driver, imagetool_fs_info *fs_info); + }; + +-struct graphdriver { +- // common implement +- const struct graphdriver_ops *ops; +- const char *name; +- const char *home; +- char *backing_fs; +- bool support_dtype; +- +- bool support_quota; +-#ifdef ENABLE_REMOTE_LAYER_STORE +- bool enable_remote_layer; +-#endif +- struct pquota_control *quota_ctrl; +- +- // options for overlay2 +- struct overlay_options *overlay_opts; +- +- // options for device mapper +- struct device_set *devset; +- +- // lock to protect graphdriver between cleanup and other operations +- pthread_rwlock_t rwlock; +-}; +- + int graphdriver_init(const struct storage_module_init_options *opts); + + int graphdriver_create_rw(const char *id, const char *parent, struct driver_create_opts *create_opts); +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c +index ced30b96..7517dd43 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c +@@ -648,7 +648,6 @@ const static int check_lower_depth(const char *lowers_str) + + lowers_arr = util_string_split(lowers_str, ':'); + lowers_size = util_array_len((const char **)lowers_arr); +- + if (lowers_size > OVERLAY_LAYER_MAX_DEPTH) { + ERROR("Max depth exceeded %s", lowers_str); + ret = -1; +@@ -1274,7 +1273,6 @@ static int append_rel_empty_path(const char *id, char ***rel_lowers) + char *rel_path = NULL; + + rel_path = util_string_append("/empty", id); +- + if (util_array_append(rel_lowers, rel_path) != 0) { + SYSERROR("Can't append relative layer:%s", rel_path); + ret = -1; +@@ -2181,7 +2179,6 @@ int overlay2_repair_lowers(const char *id, const char *parent, const struct grap + lowers_str = read_layer_lower_file(layer_dir); + lowers_arr = util_string_split(lowers_str, ':'); + lowers_size = util_array_len((const char **)lowers_arr); +- + if (lowers_size != 0) { + if (check_lower_valid(driver->home, lowers_arr[0]) == 0) { + DEBUG("Try to repair layer %s, success check", id); +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.h b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.h +index 438c508e..444c0670 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.h ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.h +@@ -22,12 +22,8 @@ + #include <stdint.h> + + #include "driver.h" +- +-struct driver_create_opts; +-struct driver_mount_opts; +-struct graphdriver; +-struct graphdriver_status; +-struct io_read_wrapper; ++#include "image_api.h" ++#include "io_wrapper.h" + + #ifdef __cplusplus + extern "C" { +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.h b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.h +index 94230faa..6cda7456 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.h ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.h +@@ -33,7 +33,6 @@ + #include <fcntl.h> + #include <stdlib.h> + #include <inttypes.h> +-#include <linux/magic.h> + #include <linux/dqblk_xfs.h> + #include <errno.h> + #include <libgen.h> +diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.h b/src/daemon/modules/image/oci/storage/layer_store/layer_store.h +index 20287119..eba406d4 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.h ++++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.h +@@ -24,10 +24,6 @@ + #include "storage.h" + #include "io_wrapper.h" + +-struct io_read_wrapper; +-struct layer_list; +-struct storage_module_init_options; +- + #ifdef __cplusplus + extern "C" { + #endif +diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c b/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c +index 38d9b0ce..86e05ac2 100644 +--- a/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c ++++ b/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c +@@ -185,7 +185,6 @@ static int remove_one_remote_overlay_layer(struct remote_overlay_data *data, con + } + + link_id = (char *)map_search(overlay_id_link, (void *)overlay_id); +- + if (link_id == NULL) { + ERROR("Failed to find link id for overlay layer: %s", overlay_id); + ret = -1; +diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c +index 5bf9869b..eb919321 100644 +--- a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c ++++ b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c +@@ -1,5 +1,5 @@ + /****************************************************************************** +- * Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved. ++ * Copyright (c) Huawei Technologies Co., Ltd. 2023. All rights reserved. + * iSulad licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: +diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.h b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.h +index 30e3ebb0..545cbe49 100644 +--- a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.h ++++ b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.h +@@ -1,5 +1,5 @@ + /****************************************************************************** +- * Copyright (c) Huawei Technologies Co., Ltd. 2020-2023. All rights reserved. ++ * Copyright (c) Huawei Technologies Co., Ltd. 2023. All rights reserved. + * iSulad licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: +diff --git a/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.h b/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.h +index 63f3294b..d618c401 100644 +--- a/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.h ++++ b/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.h +@@ -24,10 +24,6 @@ + #include "storage.h" + #include "rootfs.h" + +-struct rootfs_list; +-struct storage_module_init_options; +-struct storage_rootfs_options; +- + #ifdef __cplusplus + extern "C" { + #endif +-- +2.40.1 + diff --git a/0021-2157-bugfix-for-memset.patch b/0021-2157-bugfix-for-memset.patch new file mode 100644 index 0000000..f95516b --- /dev/null +++ b/0021-2157-bugfix-for-memset.patch @@ -0,0 +1,25 @@ +From 14bc12be8e4219a78b877e60affd4f584ccab220 Mon Sep 17 00:00:00 2001 +From: zhongtao <zhongtao17@huawei.com> +Date: Tue, 29 Aug 2023 13:18:34 +0000 +Subject: [PATCH 21/33] !2157 bugfix for memset * bugfix for memset + +--- + src/daemon/modules/image/image_rootfs_handler.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/daemon/modules/image/image_rootfs_handler.c b/src/daemon/modules/image/image_rootfs_handler.c +index a8036ab9..ceea4f5b 100644 +--- a/src/daemon/modules/image/image_rootfs_handler.c ++++ b/src/daemon/modules/image/image_rootfs_handler.c +@@ -137,7 +137,7 @@ static int proc_by_fpasswd(FILE *f_passwd, const char *user, defs_process_user * + + out: + memset(buf, 0, sizeof(buf)); +- memset(pwbufp, 0, sizeof(struct passwd)); ++ memset(&pw, 0, sizeof(struct passwd)); + return ret; + } + +-- +2.40.1 + diff --git a/0022-2159-use-macros-to-isolate-the-password-option-of-lo.patch b/0022-2159-use-macros-to-isolate-the-password-option-of-lo.patch new file mode 100644 index 0000000..3306ba5 --- /dev/null +++ b/0022-2159-use-macros-to-isolate-the-password-option-of-lo.patch @@ -0,0 +1,223 @@ +From 0c0bc7a873cb5377aa0d5587c28d711a09f00811 Mon Sep 17 00:00:00 2001 +From: zhongtao <zhongtao17@huawei.com> +Date: Wed, 30 Aug 2023 09:56:29 +0000 +Subject: [PATCH 22/33] !2159 use macros to isolate the password option of + login and the plugin module * use macros to isolate the password option of + login and the plugin module + +--- + cmake/options.cmake | 14 ++++++++++ + src/cmd/isula/images/login.h | 28 +++++++++++++------ + src/cmd/isulad/main.c | 2 ++ + .../executor/container_cb/execution_create.c | 2 ++ + src/daemon/modules/CMakeLists.txt | 13 +++++++-- + src/daemon/modules/api/CMakeLists.txt | 3 ++ + .../container/container_events_handler.c | 2 ++ + .../modules/service/service_container.c | 4 +++ + 8 files changed, 57 insertions(+), 11 deletions(-) + +diff --git a/cmake/options.cmake b/cmake/options.cmake +index 5fc5c221..e733fd1c 100644 +--- a/cmake/options.cmake ++++ b/cmake/options.cmake +@@ -138,6 +138,20 @@ if (ENABLE_NATIVE_NETWORK OR ENABLE_GRPC) + set(ENABLE_NETWORK 1) + endif() + ++option(ENABLE_PLUGIN "enable plugin module" OFF) ++if (ENABLE_PLUGIN STREQUAL "ON") ++ add_definitions(-DENABLE_PLUGIN=1) ++ set(ENABLE_PLUGIN 1) ++ message("${Green}-- Enable plugin module${ColourReset}") ++endif() ++ ++option(ENABLE_LOGIN_PASSWORD_OPTION "enable login password option" ON) ++if (ENABLE_LOGIN_PASSWORD_OPTION STREQUAL "ON") ++ add_definitions(-DENABLE_LOGIN_PASSWORD_OPTION=1) ++ set(ENABLE_LOGIN_PASSWORD_OPTION 1) ++ message("${Green}-- Enable login password option${ColourReset}") ++endif() ++ + option(EANBLE_IMAGE_LIBARAY "create libisulad_image.so" ON) + if (EANBLE_IMAGE_LIBARAY STREQUAL "ON") + add_definitions(-DEANBLE_IMAGE_LIBARAY) +diff --git a/src/cmd/isula/images/login.h b/src/cmd/isula/images/login.h +index 5f9a676c..38829cba 100644 +--- a/src/cmd/isula/images/login.h ++++ b/src/cmd/isula/images/login.h +@@ -24,16 +24,28 @@ + extern "C" { + #endif + ++#ifdef ENABLE_LOGIN_PASSWORD_OPTION + #define LOGIN_OPTIONS(cmdargs) \ +- { CMD_OPT_TYPE_STRING_DUP, false, "username", 'u', &(cmdargs).username, "Username", NULL }, \ +- { CMD_OPT_TYPE_STRING_DUP, false, "password", 'p', &(cmdargs).password, "Password", NULL }, \ +- { CMD_OPT_TYPE_BOOL, \ +- false, \ +- "password-stdin", \ +- 0, \ +- &(cmdargs).password_stdin, \ +- "Take the password from stdin", \ ++ { CMD_OPT_TYPE_STRING_DUP, false, "username", 'u', &(cmdargs).username, "Username", NULL }, \ ++ { CMD_OPT_TYPE_STRING_DUP, false, "password", 'p', &(cmdargs).password, "Password", NULL }, \ ++ { CMD_OPT_TYPE_BOOL, \ ++ false, \ ++ "password-stdin", \ ++ 0, \ ++ &(cmdargs).password_stdin, \ ++ "Take the password from stdin", \ + NULL }, ++#else ++#define LOGIN_OPTIONS(cmdargs) \ ++ { CMD_OPT_TYPE_STRING_DUP, false, "username", 'u', &(cmdargs).username, "Username", NULL }, \ ++ { CMD_OPT_TYPE_BOOL, \ ++ false, \ ++ "password-stdin", \ ++ 0, \ ++ &(cmdargs).password_stdin, \ ++ "Take the password from stdin", \ ++ NULL }, ++#endif + + extern const char g_cmd_login_desc[]; + extern const char g_cmd_login_usage[]; +diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c +index 8369f9e2..4740f91a 100644 +--- a/src/cmd/isulad/main.c ++++ b/src/cmd/isulad/main.c +@@ -1685,10 +1685,12 @@ int main(int argc, char **argv) + goto failure; + } + ++#ifdef ENABLE_PLUGIN + if (start_plugin_manager()) { + ERROR("Failed to init plugin_manager"); + goto failure; + } ++#endif + + clock_gettime(CLOCK_MONOTONIC, &t_end); + use_time = (double)(t_end.tv_sec - t_start.tv_sec) * (double)1000000000 + (double)(t_end.tv_nsec - t_start.tv_nsec); +diff --git a/src/daemon/executor/container_cb/execution_create.c b/src/daemon/executor/container_cb/execution_create.c +index 9c097121..377aa1aa 100644 +--- a/src/daemon/executor/container_cb/execution_create.c ++++ b/src/daemon/executor/container_cb/execution_create.c +@@ -1499,6 +1499,7 @@ int container_create_cb(const container_create_request *request, container_creat + goto clean_netns; + } + ++#ifdef ENABLE_PLUGIN + /* modify oci_spec by plugin. */ + if (plugin_event_container_pre_create(id, oci_spec) != 0) { + ERROR("Plugin event pre create failed"); +@@ -1506,6 +1507,7 @@ int container_create_cb(const container_create_request *request, container_creat + cc = ISULAD_ERR_EXEC; + goto clean_netns; + } ++#endif + + host_channel = dup_host_channel(host_spec->host_channel); + if (prepare_host_channel(host_channel, host_spec->user_remap)) { +diff --git a/src/daemon/modules/CMakeLists.txt b/src/daemon/modules/CMakeLists.txt +index 5d13412b..a70c094f 100644 +--- a/src/daemon/modules/CMakeLists.txt ++++ b/src/daemon/modules/CMakeLists.txt +@@ -3,7 +3,6 @@ + aux_source_directory(${CMAKE_CURRENT_SOURCE_DIR} modules_top_srcs) + add_subdirectory(runtime) + add_subdirectory(image) +-add_subdirectory(plugin) + add_subdirectory(spec) + add_subdirectory(container) + add_subdirectory(log) +@@ -17,7 +16,6 @@ set(local_modules_srcs + ${modules_top_srcs} + ${RUNTIME_SRCS} + ${IMAGE_SRCS} +- ${PLUGIN_SRCS} + ${SPEC_SRCS} + ${MANAGER_SRCS} + ${LOG_GATHER_SRCS} +@@ -31,7 +29,6 @@ set(local_modules_incs + ${CMAKE_CURRENT_SOURCE_DIR} + ${RUNTIME_INCS} + ${IMAGE_INCS} +- ${PLUGIN_INCS} + ${SPEC_INCS} + ${MANAGER_INCS} + ${LOG_GATHER_INCS} +@@ -42,6 +39,16 @@ set(local_modules_incs + ${VOLUME_INCS} + ) + ++if (ENABLE_PLUGIN) ++ add_subdirectory(plugin) ++ list(APPEND local_modules_srcs ++ ${PLUGIN_SRCS} ++ ) ++ list(APPEND local_modules_incs ++ ${PLUGIN_INCS} ++ ) ++endif() ++ + set(MODULES_SRCS + ${local_modules_srcs} + PARENT_SCOPE +diff --git a/src/daemon/modules/api/CMakeLists.txt b/src/daemon/modules/api/CMakeLists.txt +index f577c45f..0735b25a 100644 +--- a/src/daemon/modules/api/CMakeLists.txt ++++ b/src/daemon/modules/api/CMakeLists.txt +@@ -9,3 +9,6 @@ set(MODULES_API_INCS + PARENT_SCOPE + ) + ++if (NOT ENABLE_PLUGIN) ++ list(REMOVE_ITEM MODULES_API_INCS "${CMAKE_CURRENT_SOURCE_DIR}/plugin_api.h") ++endif() +diff --git a/src/daemon/modules/container/container_events_handler.c b/src/daemon/modules/container/container_events_handler.c +index d78e6fc1..d56c2ee0 100644 +--- a/src/daemon/modules/container/container_events_handler.c ++++ b/src/daemon/modules/container/container_events_handler.c +@@ -155,7 +155,9 @@ static int container_state_changed(container_t *cont, const struct isulad_events + } else { + container_state_set_stopped(cont->state, (int)events->exit_status); + container_wait_stop_cond_broadcast(cont); ++#ifdef ENABLE_PLUGIN + plugin_event_container_post_stop(cont); ++#endif + } + + auto_remove = !should_restart && cont->hostconfig != NULL && cont->hostconfig->auto_remove; +diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c +index 1fa2559d..2d393f62 100644 +--- a/src/daemon/modules/service/service_container.c ++++ b/src/daemon/modules/service/service_container.c +@@ -807,12 +807,14 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo + open_stdin = cont->common_config->config->open_stdin; + } + ++#ifdef ENABLE_PLUGIN + if (plugin_event_container_pre_start(cont)) { + ERROR("Plugin event pre start failed "); + plugin_event_container_post_stop(cont); /* ignore error */ + ret = -1; + goto close_exit_fd; + } ++#endif + + #ifdef ENABLE_CRI_API_V1 + if (cont->common_config->sandbox_info != NULL && +@@ -1370,7 +1372,9 @@ int delete_container(container_t *cont, bool force) + } + } + ++#ifdef ENABLE_PLUGIN + plugin_event_container_post_remove(cont); ++#endif + + ret = do_delete_container(cont); + if (ret != 0) { +-- +2.40.1 + diff --git a/0023-2161-bugfix-for-api-cmakelist.patch b/0023-2161-bugfix-for-api-cmakelist.patch new file mode 100644 index 0000000..036eb08 --- /dev/null +++ b/0023-2161-bugfix-for-api-cmakelist.patch @@ -0,0 +1,25 @@ +From 6b02ac8055379fa0b907f5ed10c5bd974cade90f Mon Sep 17 00:00:00 2001 +From: zhongtao <zhongtao17@huawei.com> +Date: Thu, 31 Aug 2023 01:55:41 +0000 +Subject: [PATCH 23/33] !2161 bugfix for api cmakelist * bugfix for api + cmakelist + +--- + src/daemon/modules/api/CMakeLists.txt | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/src/daemon/modules/api/CMakeLists.txt b/src/daemon/modules/api/CMakeLists.txt +index 0735b25a..357566fa 100644 +--- a/src/daemon/modules/api/CMakeLists.txt ++++ b/src/daemon/modules/api/CMakeLists.txt +@@ -8,7 +8,3 @@ set(MODULES_API_INCS + ${CMAKE_CURRENT_SOURCE_DIR} + PARENT_SCOPE + ) +- +-if (NOT ENABLE_PLUGIN) +- list(REMOVE_ITEM MODULES_API_INCS "${CMAKE_CURRENT_SOURCE_DIR}/plugin_api.h") +-endif() +-- +2.40.1 + diff --git a/0024-2165-preventing-the-use-of-insecure-isulad-tmpdir-di.patch b/0024-2165-preventing-the-use-of-insecure-isulad-tmpdir-di.patch new file mode 100644 index 0000000..383dd43 --- /dev/null +++ b/0024-2165-preventing-the-use-of-insecure-isulad-tmpdir-di.patch @@ -0,0 +1,140 @@ +From 64f94112728f35ee76d56fa4cf6dc41bd5cd5d33 Mon Sep 17 00:00:00 2001 +From: zhongtao <zhongtao17@huawei.com> +Date: Sat, 2 Sep 2023 08:56:38 +0000 +Subject: [PATCH 24/33] !2165 preventing the use of insecure isulad tmpdir + directory * preventing the use of insecure isulad tmpdir directory + +--- + src/common/constants.h | 2 + + .../container/leftover_cleanup/cleanup.c | 66 ++++++++++++++++++- + src/daemon/modules/image/oci/utils_images.c | 10 +++ + 3 files changed, 77 insertions(+), 1 deletion(-) + +diff --git a/src/common/constants.h b/src/common/constants.h +index d93bb464..c0417263 100644 +--- a/src/common/constants.h ++++ b/src/common/constants.h +@@ -50,6 +50,8 @@ extern "C" { + + #define TEMP_DIRECTORY_MODE 0700 + ++#define ISULAD_TEMP_DIRECTORY_MODE 0660 ++ + #define CONSOLE_FIFO_DIRECTORY_MODE 0770 + + #define SOCKET_GROUP_DIRECTORY_MODE 0660 +diff --git a/src/daemon/modules/container/leftover_cleanup/cleanup.c b/src/daemon/modules/container/leftover_cleanup/cleanup.c +index 9a38ffc2..f24ec467 100644 +--- a/src/daemon/modules/container/leftover_cleanup/cleanup.c ++++ b/src/daemon/modules/container/leftover_cleanup/cleanup.c +@@ -13,6 +13,8 @@ + * Description: provide cleanup functions + *********************************************************************************/ + #include <sys/mount.h> ++#include <sys/stat.h> ++#include <unistd.h> + + #include "utils.h" + #include "utils_fs.h" +@@ -169,6 +171,67 @@ static bool walk_isulad_tmpdir_cb(const char *path_name, const struct dirent *su + return true; + } + ++static int isulad_tmpdir_security_check(const char *tmpdir) ++{ ++ struct stat st = { 0 }; ++ ++ if (lstat(tmpdir, &st) != 0) { ++ SYSERROR("Failed to lstat %s", tmpdir); ++ return -1; ++ } ++ ++ if (!S_ISDIR(st.st_mode)) { ++ return -1; ++ } ++ ++ if ((st.st_mode & 0777) != ISULAD_TEMP_DIRECTORY_MODE) { ++ return -1; ++ } ++ ++ if (st.st_uid != 0) { ++ return -1; ++ } ++ ++ if (S_ISLNK(st.st_mode)) { ++ return -1; ++ } ++ ++ return 0; ++} ++ ++static int recreate_tmpdir(const char *tmpdir) ++{ ++ int ret; ++ struct stat st = { 0 }; ++ ++ if (util_recursive_rmdir(tmpdir, 0)) { ++ ERROR("Failed to remove directory %s", tmpdir); ++ return -1; ++ } ++ ++ if (util_mkdir_p(tmpdir, ISULAD_TEMP_DIRECTORY_MODE)) { ++ ERROR("Failed to create directory %s", tmpdir); ++ return -1; ++ } ++ ++ if (lstat(tmpdir, &st) != 0) { ++ SYSERROR("Failed to lstat %s", tmpdir); ++ return -1; ++ } ++ ++ return ret; ++} ++ ++static int ensure_isulad_tmpdir_security(const char *tmpdir) ++{ ++ if (isulad_tmpdir_security_check(tmpdir) == 0) { ++ return 0; ++ } ++ ++ INFO("iSulad tmpdir does not meet security requirements, recreate it"); ++ return recreate_tmpdir(tmpdir); ++} ++ + static void cleanup_path(char *dir) + { + int nret; +@@ -186,7 +249,8 @@ static void cleanup_path(char *dir) + return; + } + +- if (!util_dir_exists(cleanpath)) { ++ // preventing the use of insecure isulad tmpdir directory ++ if (ensure_isulad_tmpdir_security(cleanpath) != 0) { + return; + } + +diff --git a/src/daemon/modules/image/oci/utils_images.c b/src/daemon/modules/image/oci/utils_images.c +index f8fd1e73..4342db5b 100644 +--- a/src/daemon/modules/image/oci/utils_images.c ++++ b/src/daemon/modules/image/oci/utils_images.c +@@ -630,6 +630,16 @@ int makesure_isulad_tmpdir_perm_right(const char *root_dir) + goto out; + } + ++ if ((st.st_mode & 0777) != TEMP_DIRECTORY_MODE) { ++ ret = -1; ++ goto out; ++ } ++ ++ if (S_ISLNK(st.st_mode)) { ++ ret = -1; ++ goto out; ++ } ++ + // chown to root + ret = lchown(isulad_tmpdir, 0, 0); + if (ret == 0 || (ret == EPERM && st.st_uid == 0 && st.st_gid == 0)) { +-- +2.40.1 + diff --git a/0025-2166-move-ensure_isulad_tmpdir_security-function-to-.patch b/0025-2166-move-ensure_isulad_tmpdir_security-function-to-.patch new file mode 100644 index 0000000..d061074 --- /dev/null +++ b/0025-2166-move-ensure_isulad_tmpdir_security-function-to-.patch @@ -0,0 +1,238 @@ +From c2af7f7d7f6b0f1aaa884204a037e8275092121a Mon Sep 17 00:00:00 2001 +From: zhongtao <zhongtao17@huawei.com> +Date: Sat, 2 Sep 2023 10:38:29 +0000 +Subject: [PATCH 25/33] !2166 move ensure_isulad_tmpdir_security function to + main.c * move ensure_isulad_tmpdir_security function to main.c + +--- + src/cmd/isulad/main.c | 101 ++++++++++++++++++ + .../container/leftover_cleanup/cleanup.c | 66 +----------- + src/utils/tar/util_archive.c | 2 +- + 3 files changed, 103 insertions(+), 66 deletions(-) + +diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c +index 4740f91a..e32fed6a 100644 +--- a/src/cmd/isulad/main.c ++++ b/src/cmd/isulad/main.c +@@ -1222,6 +1222,101 @@ out: + return ret; + } + ++static int isulad_tmpdir_security_check(const char *tmp_dir) ++{ ++ struct stat st = { 0 }; ++ ++ if (lstat(tmp_dir, &st) != 0) { ++ SYSERROR("Failed to lstat %s", tmp_dir); ++ return -1; ++ } ++ ++ if (!S_ISDIR(st.st_mode)) { ++ return -1; ++ } ++ ++ if ((st.st_mode & 0777) != ISULAD_TEMP_DIRECTORY_MODE) { ++ return -1; ++ } ++ ++ if (st.st_uid != 0) { ++ return -1; ++ } ++ ++ if (S_ISLNK(st.st_mode)) { ++ return -1; ++ } ++ ++ return 0; ++} ++ ++static int recreate_tmpdir(const char *tmp_dir) ++{ ++ if (util_recursive_rmdir(tmp_dir, 0) != 0) { ++ ERROR("Failed to remove directory %s", tmp_dir); ++ return -1; ++ } ++ ++ if (util_mkdir_p(tmp_dir, ISULAD_TEMP_DIRECTORY_MODE) != 0) { ++ ERROR("Failed to create directory %s", tmp_dir); ++ return -1; ++ } ++ ++ return 0; ++} ++ ++static int do_ensure_isulad_tmpdir_security(const char *isulad_tmp_dir) ++{ ++ int nret; ++ char tmp_dir[PATH_MAX] = { 0 }; ++ char cleanpath[PATH_MAX] = { 0 }; ++ ++ nret = snprintf(tmp_dir, PATH_MAX, "%s/isulad_tmpdir", isulad_tmp_dir); ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { ++ ERROR("Failed to snprintf"); ++ return -1; ++ } ++ ++ if (util_clean_path(tmp_dir, cleanpath, sizeof(cleanpath)) == NULL) { ++ ERROR("Failed to clean path for %s", tmp_dir); ++ return -1; ++ } ++ ++ if (isulad_tmpdir_security_check(cleanpath) == 0) { ++ return 0; ++ } ++ ++ INFO("iSulad tmpdir: %s does not meet security requirements, recreate it", isulad_tmp_dir); ++ return recreate_tmpdir(cleanpath); ++} ++ ++static int ensure_isulad_tmpdir_security() ++{ ++ char *isulad_tmp_dir = NULL; ++ ++ isulad_tmp_dir = getenv("ISULAD_TMPDIR"); ++ if (!util_valid_str(isulad_tmp_dir)) { ++ isulad_tmp_dir = "/tmp"; ++ } ++ ++ if (do_ensure_isulad_tmpdir_security(isulad_tmp_dir) != 0) { ++ ERROR("Failed to ensure the %s directory is a safe directory", isulad_tmp_dir); ++ return -1; ++ } ++ ++ if (strcmp(isulad_tmp_dir, "/tmp") == 0) { ++ return 0; ++ } ++ ++ // No matter whether ISULAD_TMPDIR is set or not, ++ // ensure the "/tmp" directory is a safe directory ++ if (do_ensure_isulad_tmpdir_security("/tmp") != 0) { ++ WARN("Failed to ensure the /tmp directory is a safe directory"); ++ } ++ ++ return 0; ++} ++ + static int isulad_server_init_common() + { + int ret = -1; +@@ -1261,6 +1356,12 @@ static int isulad_server_init_common() + goto out; + } + ++ // preventing the use of insecure isulad tmpdir directory ++ if (ensure_isulad_tmpdir_security() != 0) { ++ ERROR("Failed to ensure isulad tmpdir security"); ++ goto out; ++ } ++ + if (volume_init(args->json_confs->graph) != 0) { + ERROR("Failed to init volume"); + goto out; +diff --git a/src/daemon/modules/container/leftover_cleanup/cleanup.c b/src/daemon/modules/container/leftover_cleanup/cleanup.c +index f24ec467..9a38ffc2 100644 +--- a/src/daemon/modules/container/leftover_cleanup/cleanup.c ++++ b/src/daemon/modules/container/leftover_cleanup/cleanup.c +@@ -13,8 +13,6 @@ + * Description: provide cleanup functions + *********************************************************************************/ + #include <sys/mount.h> +-#include <sys/stat.h> +-#include <unistd.h> + + #include "utils.h" + #include "utils_fs.h" +@@ -171,67 +169,6 @@ static bool walk_isulad_tmpdir_cb(const char *path_name, const struct dirent *su + return true; + } + +-static int isulad_tmpdir_security_check(const char *tmpdir) +-{ +- struct stat st = { 0 }; +- +- if (lstat(tmpdir, &st) != 0) { +- SYSERROR("Failed to lstat %s", tmpdir); +- return -1; +- } +- +- if (!S_ISDIR(st.st_mode)) { +- return -1; +- } +- +- if ((st.st_mode & 0777) != ISULAD_TEMP_DIRECTORY_MODE) { +- return -1; +- } +- +- if (st.st_uid != 0) { +- return -1; +- } +- +- if (S_ISLNK(st.st_mode)) { +- return -1; +- } +- +- return 0; +-} +- +-static int recreate_tmpdir(const char *tmpdir) +-{ +- int ret; +- struct stat st = { 0 }; +- +- if (util_recursive_rmdir(tmpdir, 0)) { +- ERROR("Failed to remove directory %s", tmpdir); +- return -1; +- } +- +- if (util_mkdir_p(tmpdir, ISULAD_TEMP_DIRECTORY_MODE)) { +- ERROR("Failed to create directory %s", tmpdir); +- return -1; +- } +- +- if (lstat(tmpdir, &st) != 0) { +- SYSERROR("Failed to lstat %s", tmpdir); +- return -1; +- } +- +- return ret; +-} +- +-static int ensure_isulad_tmpdir_security(const char *tmpdir) +-{ +- if (isulad_tmpdir_security_check(tmpdir) == 0) { +- return 0; +- } +- +- INFO("iSulad tmpdir does not meet security requirements, recreate it"); +- return recreate_tmpdir(tmpdir); +-} +- + static void cleanup_path(char *dir) + { + int nret; +@@ -249,8 +186,7 @@ static void cleanup_path(char *dir) + return; + } + +- // preventing the use of insecure isulad tmpdir directory +- if (ensure_isulad_tmpdir_security(cleanpath) != 0) { ++ if (!util_dir_exists(cleanpath)) { + return; + } + +diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c +index 82194654..82e940a5 100644 +--- a/src/utils/tar/util_archive.c ++++ b/src/utils/tar/util_archive.c +@@ -220,7 +220,7 @@ static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, ch + } + + // ensure parent dir is exist +- if (util_mkdir_p(cleanpath, buf.st_mode) != 0) { ++ if (util_mkdir_p(cleanpath, ISULAD_TEMP_DIRECTORY_MODE) != 0) { + return -1; + } + +-- +2.40.1 + diff --git a/0026-2169-using-macros-to-isolate-isulad-s-enable_plugin-.patch b/0026-2169-using-macros-to-isolate-isulad-s-enable_plugin-.patch new file mode 100644 index 0000000..2e77a2d --- /dev/null +++ b/0026-2169-using-macros-to-isolate-isulad-s-enable_plugin-.patch @@ -0,0 +1,110 @@ +From 4e6473570e3a5cd59585818216218a7a512790a5 Mon Sep 17 00:00:00 2001 +From: zhongtao <zhongtao17@huawei.com> +Date: Mon, 4 Sep 2023 08:45:55 +0000 +Subject: [PATCH 26/33] !2169 using macros to isolate isulad's enable_plugin + configuration option * using macros to isolate isulad's enable_plugin + configuration option + +--- + src/cmd/isulad/isulad_commands.h | 15 +++++++++++---- + src/common/constants.h | 2 ++ + src/daemon/config/isulad_config.c | 4 ++++ + src/daemon/config/isulad_config.h | 2 ++ + 4 files changed, 19 insertions(+), 4 deletions(-) + +diff --git a/src/cmd/isulad/isulad_commands.h b/src/cmd/isulad/isulad_commands.h +index 6a8220cc..05d3551c 100644 +--- a/src/cmd/isulad/isulad_commands.h ++++ b/src/cmd/isulad/isulad_commands.h +@@ -78,6 +78,16 @@ int command_default_ulimit_append(command_option_t *option, const char *arg); + #define USERNS_REMAP_OPT(cmdargs) + #endif + ++#ifdef ENABLE_PLUGIN ++#define PLUGINS_OPT(cmdargs) \ ++ { CMD_OPT_TYPE_STRING_DUP, \ ++ false, "enable-plugins", 0, &(cmdargs)->json_confs->enable_plugins, \ ++ "Enable plugins for all containers", NULL \ ++ }, ++#else ++#define PLUGINS_OPT(cmdargs) ++#endif ++ + #ifdef ENABLE_GRPC_REMOTE_CONNECT + #define ISULAD_TLS_OPTIONS(cmdargs) \ + { CMD_OPT_TYPE_STRING_DUP, \ +@@ -326,10 +336,7 @@ int command_default_ulimit_append(command_option_t *option, const char *arg); + false, "cpu-rt-runtime", 0, &(cmdargs)->json_confs->cpu_rt_runtime, \ + "Limit CPU real-time runtime in microseconds for all containers", command_convert_llong \ + }, \ +- { CMD_OPT_TYPE_STRING_DUP, \ +- false, "enable-plugins", 0, &(cmdargs)->json_confs->enable_plugins, \ +- "Enable plugins for all containers", NULL \ +- }, \ ++ PLUGINS_OPT(cmdargs) \ + { CMD_OPT_TYPE_CALLBACK, \ + false, "cri-runtime", 0, (cmdargs), \ + "CRI runtime class transform", server_callback_cri_runtime \ +diff --git a/src/common/constants.h b/src/common/constants.h +index c0417263..f98fb930 100644 +--- a/src/common/constants.h ++++ b/src/common/constants.h +@@ -134,9 +134,11 @@ extern "C" { + + #define AUTH_PLUGIN "authz-broker" + ++#ifdef ENABLE_PLUGIN + #define ISULAD_ENABLE_PLUGINS "ISULAD_ENABLE_PLUGINS" + #define ISULAD_ENABLE_PLUGINS_SEPERATOR "," + #define ISULAD_ENABLE_PLUGINS_SEPERATOR_CHAR ',' ++#endif + + #ifdef ENABLE_NETWORK + #define ISULAD_CNI_NETWORK_CONF_FILE_PRE "isulacni-" +diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c +index f600f0cf..72722c30 100644 +--- a/src/daemon/config/isulad_config.c ++++ b/src/daemon/config/isulad_config.c +@@ -1253,6 +1253,7 @@ out: + return result; + } + ++#ifdef ENABLE_PLUGIN + char *conf_get_enable_plugins(void) + { + struct service_arguments *conf = NULL; +@@ -1274,6 +1275,7 @@ out: + (void)isulad_server_conf_unlock(); + return plugins; + } ++#endif + + #ifdef ENABLE_USERNS_REMAP + char *conf_get_isulad_userns_remap(void) +@@ -1739,7 +1741,9 @@ int merge_json_confs_into_global(struct service_arguments *args) + override_string_value(&args->json_confs->pidfile, &tmp_json_confs->pidfile); + // iSulad runtime execution options + override_string_value(&args->json_confs->hook_spec, &tmp_json_confs->hook_spec); ++#ifdef ENABLE_PLUGIN + override_string_value(&args->json_confs->enable_plugins, &tmp_json_confs->enable_plugins); ++#endif + #ifdef ENABLE_USERNS_REMAP + override_string_value(&args->json_confs->userns_remap, &tmp_json_confs->userns_remap); + #endif +diff --git a/src/daemon/config/isulad_config.h b/src/daemon/config/isulad_config.h +index 4fe1acdc..459ea331 100644 +--- a/src/daemon/config/isulad_config.h ++++ b/src/daemon/config/isulad_config.h +@@ -60,7 +60,9 @@ int conf_get_container_log_opts(isulad_daemon_configs_container_log **opts); + + char *conf_get_isulad_log_file(void); + char *conf_get_engine_log_file(void); ++#ifdef ENABLE_PLUGIN + char *conf_get_enable_plugins(void); ++#endif + #ifdef ENABLE_USERNS_REMAP + char *conf_get_isulad_userns_remap(void); + #endif +-- +2.40.1 + diff --git a/0027-2178-clean-path-for-fpath-and-verify-chain-id.patch b/0027-2178-clean-path-for-fpath-and-verify-chain-id.patch new file mode 100644 index 0000000..e24fafe --- /dev/null +++ b/0027-2178-clean-path-for-fpath-and-verify-chain-id.patch @@ -0,0 +1,87 @@ +From 6dcde807f5bba8ff1aa7d049856f3eddd4b0586f Mon Sep 17 00:00:00 2001 +From: zhongtao <zhongtao17@huawei.com> +Date: Sat, 9 Sep 2023 06:48:39 +0000 +Subject: [PATCH 27/33] !2178 clean path for fpath and verify chain id Merge + pull request !2178 from zhongtao/image + +--- + src/daemon/modules/image/oci/oci_load.c | 30 +++++++++++++++++-- + .../modules/image/oci/registry/registry.c | 2 +- + 2 files changed, 28 insertions(+), 4 deletions(-) + +diff --git a/src/daemon/modules/image/oci/oci_load.c b/src/daemon/modules/image/oci/oci_load.c +index 569c5346..fd707330 100644 +--- a/src/daemon/modules/image/oci/oci_load.c ++++ b/src/daemon/modules/image/oci/oci_load.c +@@ -27,8 +27,10 @@ + #include <stdlib.h> + #include <string.h> + #include <unistd.h> ++#include <linux/limits.h> + + #include "utils.h" ++#include "path.h" + #include "isula_libutils/log.h" + #include "util_archive.h" + #include "storage.h" +@@ -717,6 +719,9 @@ static int oci_load_set_layers_info(load_image_t *im, const image_manifest_items + } + + for (; i < conf->rootfs->diff_ids_len; i++) { ++ char *fpath = NULL; ++ char cleanpath[PATH_MAX] = { 0 }; ++ + im->layers[i] = util_common_calloc_s(sizeof(load_layer_blob_t)); + if (im->layers[i] == NULL) { + ERROR("Out of memory"); +@@ -724,12 +729,31 @@ static int oci_load_set_layers_info(load_image_t *im, const image_manifest_items + goto out; + } + +- im->layers[i]->fpath = util_path_join(dstdir, manifest->layers[i]); +- if (im->layers[i]->fpath == NULL) { +- ERROR("Path join failed"); ++ fpath = util_path_join(dstdir, manifest->layers[i]); ++ if (fpath == NULL) { ++ ERROR("Failed to join path"); ++ ret = -1; ++ goto out; ++ } ++ ++ if (util_clean_path(fpath, cleanpath, sizeof(cleanpath)) == NULL) { ++ ERROR("Failed to clean path for %s", fpath); ++ free(fpath); ++ ret = -1; ++ goto out; ++ } ++ ++ free(fpath); ++ ++ // verify whether the prefix of the path is dstdir to prevent illegal directories ++ if (strncmp(cleanpath, dstdir, strlen(dstdir)) != 0) { ++ ERROR("Illegal directory: %s", cleanpath); + ret = -1; + goto out; + } ++ ++ im->layers[i]->fpath = util_strdup_s(cleanpath); ++ + // The format is sha256:xxx + im->layers[i]->chain_id = oci_load_calc_chain_id(parent_chain_id_sha256, conf->rootfs->diff_ids[i]); + if (im->layers[i]->chain_id == NULL) { +diff --git a/src/daemon/modules/image/oci/registry/registry.c b/src/daemon/modules/image/oci/registry/registry.c +index e0b46e2e..35753c79 100644 +--- a/src/daemon/modules/image/oci/registry/registry.c ++++ b/src/daemon/modules/image/oci/registry/registry.c +@@ -600,7 +600,7 @@ static int register_layer(pull_descriptor *desc, size_t i) + return 0; + } + +- id = util_without_sha256_prefix(desc->layers[i].chain_id); ++ id = oci_image_id_from_digest(desc->layers[i].chain_id); + if (id == NULL) { + ERROR("layer %zu have NULL digest for image %s", i, desc->image_name); + return -1; +-- +2.40.1 + diff --git a/0028-2179-modify-the-permissions-of-tmpdir-and-file-lock-.patch b/0028-2179-modify-the-permissions-of-tmpdir-and-file-lock-.patch new file mode 100644 index 0000000..8f9ddac --- /dev/null +++ b/0028-2179-modify-the-permissions-of-tmpdir-and-file-lock-.patch @@ -0,0 +1,35 @@ +From a291302fe12e21207c30ebffebf852cb37aface4 Mon Sep 17 00:00:00 2001 +From: zhongtao <zhongtao17@huawei.com> +Date: Sat, 9 Sep 2023 08:11:06 +0000 +Subject: [PATCH 28/33] !2179 modify the permissions of tmpdir and file lock to + 600 Merge pull request !2179 from zhongtao/mode + +--- + src/common/constants.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/common/constants.h b/src/common/constants.h +index f98fb930..caf9b793 100644 +--- a/src/common/constants.h ++++ b/src/common/constants.h +@@ -50,7 +50,7 @@ extern "C" { + + #define TEMP_DIRECTORY_MODE 0700 + +-#define ISULAD_TEMP_DIRECTORY_MODE 0660 ++#define ISULAD_TEMP_DIRECTORY_MODE 0600 + + #define CONSOLE_FIFO_DIRECTORY_MODE 0770 + +@@ -70,7 +70,7 @@ extern "C" { + + #define DEFAULT_HIGHEST_DIRECTORY_MODE 0755 + +-#define MOUNT_FLOCK_FILE_MODE 0660 ++#define MOUNT_FLOCK_FILE_MODE 0600 + + #define ISULAD_CONFIG SYSCONFDIR_PREFIX"/etc/isulad" + +-- +2.40.1 + diff --git a/0029-image-ensure-id-of-loaded-and-pulled-image-is-valid.patch b/0029-image-ensure-id-of-loaded-and-pulled-image-is-valid.patch new file mode 100644 index 0000000..72b7774 --- /dev/null +++ b/0029-image-ensure-id-of-loaded-and-pulled-image-is-valid.patch @@ -0,0 +1,202 @@ +From 460c943125d9eca7cb4259d42c6c008a709e9dbe Mon Sep 17 00:00:00 2001 +From: haozi007 <liuhao27@huawei.com> +Date: Wed, 23 Aug 2023 15:42:42 +0800 +Subject: [PATCH 29/33] [image] ensure id of loaded and pulled image is valid + +Signed-off-by: haozi007 <liuhao27@huawei.com> +--- + src/daemon/modules/image/oci/oci_import.c | 14 ++++++++++--- + src/daemon/modules/image/oci/oci_load.c | 21 ++++++------------- + .../modules/image/oci/registry/registry.c | 8 ++++++- + src/daemon/modules/image/oci/utils_images.c | 17 ++++++++++++++- + src/daemon/modules/image/oci/utils_images.h | 3 +++ + src/utils/cutils/utils.h | 2 -- + src/utils/sha256/sha256.c | 1 - + 7 files changed, 43 insertions(+), 23 deletions(-) + +diff --git a/src/daemon/modules/image/oci/oci_import.c b/src/daemon/modules/image/oci/oci_import.c +index 1e14a916..0568c23f 100644 +--- a/src/daemon/modules/image/oci/oci_import.c ++++ b/src/daemon/modules/image/oci/oci_import.c +@@ -93,7 +93,7 @@ static int register_layer(import_desc *desc) + return -1; + } + +- id = util_without_sha256_prefix(desc->uncompressed_digest); ++ id = oci_image_id_from_digest(desc->uncompressed_digest); + if (id == NULL) { + ERROR("Invalid NULL param"); + return -1; +@@ -315,8 +315,16 @@ static int register_image(import_desc *desc) + opts.create_time = &desc->now_time; + opts.digest = desc->manifest_digest; + +- image_id = util_without_sha256_prefix(desc->config_digest); +- top_layer_id = util_without_sha256_prefix(desc->uncompressed_digest); ++ image_id = oci_image_id_from_digest(desc->config_digest); ++ if (image_id == NULL) { ++ ret = -1; ++ goto out; ++ } ++ top_layer_id = oci_image_id_from_digest(desc->uncompressed_digest); ++ if (top_layer_id == NULL) { ++ ret = -1; ++ goto out; ++ } + ret = storage_img_create(image_id, top_layer_id, NULL, &opts); + if (ret != 0) { + pre_top_layer = storage_get_img_top_layer(image_id); +diff --git a/src/daemon/modules/image/oci/oci_load.c b/src/daemon/modules/image/oci/oci_load.c +index fd707330..31ae3849 100644 +--- a/src/daemon/modules/image/oci/oci_load.c ++++ b/src/daemon/modules/image/oci/oci_load.c +@@ -290,16 +290,6 @@ out: + return full_digest; + } + +-static char *oci_load_without_sha256_prefix(char *digest) +-{ +- if (digest == NULL) { +- ERROR("Invalid digest NULL when strip sha256 prefix"); +- return NULL; +- } +- +- return digest + strlen(SHA256_PREFIX); +-} +- + static int registry_layer_from_tarball(const load_layer_blob_t *layer, const char *id, const char *parent) + { + int ret = 0; +@@ -345,7 +335,7 @@ static int oci_load_register_layers(load_image_t *desc) + } + + for (i = 0; i < desc->layers_len; i++) { +- id = oci_load_without_sha256_prefix(desc->layers[i]->chain_id); ++ id = oci_image_id_from_digest(desc->layers[i]->chain_id); + if (id == NULL) { + ERROR("layer %zu have NULL digest for image %s", i, desc->im_id); + ret = -1; +@@ -457,7 +447,7 @@ static int oci_load_create_image(load_image_t *desc, const char *dst_tag) + top_layer_index = desc->layers_len - 1; + opts.create_time = ×tamp; + opts.digest = desc->manifest_digest; +- top_layer_id = oci_load_without_sha256_prefix(desc->layers[top_layer_index]->chain_id); ++ top_layer_id = oci_image_id_from_digest(desc->layers[top_layer_index]->chain_id); + if (top_layer_id == NULL) { + ERROR("NULL top layer id found for image %s", desc->im_id); + ret = -1; +@@ -764,7 +754,7 @@ static int oci_load_set_layers_info(load_image_t *im, const image_manifest_items + } + parent_chain_id_sha256 = im->layers[i]->chain_id; + +- id = oci_load_without_sha256_prefix(im->layers[i]->chain_id); ++ id = oci_image_id_from_digest(im->layers[i]->chain_id); + if (id == NULL) { + ERROR("Wipe out sha256 prefix failed from layer with chain id : %s", im->layers[i]->chain_id); + ret = -1; +@@ -832,7 +822,8 @@ static load_image_t *oci_load_process_manifest(const image_manifest_items_elemen + goto out; + } + +- image_id = oci_load_without_sha256_prefix(image_digest); ++ // call util_valid_digest to ensure digest is valid, so image id is valid ++ image_id = oci_image_id_from_digest(image_digest); + if (image_id == NULL) { + ret = -1; + ERROR("Remove sha256 prefix error from image digest %s", image_digest); +@@ -872,7 +863,7 @@ static int64_t get_layer_size_from_storage(char *chain_id_pre) + return -1; + } + +- id = oci_load_without_sha256_prefix(chain_id_pre); ++ id = oci_image_id_from_digest(chain_id_pre); + if (id == NULL) { + ERROR("Get chain id failed from value:%s", chain_id_pre); + return -1; +diff --git a/src/daemon/modules/image/oci/registry/registry.c b/src/daemon/modules/image/oci/registry/registry.c +index 35753c79..4124281d 100644 +--- a/src/daemon/modules/image/oci/registry/registry.c ++++ b/src/daemon/modules/image/oci/registry/registry.c +@@ -877,7 +877,13 @@ static int register_image(pull_descriptor *desc) + + // lock when create image to make sure image content all exist + mutex_lock(&g_shared->image_mutex); +- image_id = util_without_sha256_prefix(desc->config.digest); ++ image_id = oci_image_id_from_digest(desc->config.digest); ++ if (image_id == NULL) { ++ ERROR("Invalid digest: %s", desc->config.digest); ++ isulad_try_set_error_message("invalid image digest: %s", desc->config.digest); ++ ret = -1; ++ goto out; ++ } + ret = create_image(desc, image_id, &reuse); + if (ret != 0) { + ERROR("create image %s failed", desc->image_name); +diff --git a/src/daemon/modules/image/oci/utils_images.c b/src/daemon/modules/image/oci/utils_images.c +index 4342db5b..f92ee59a 100644 +--- a/src/daemon/modules/image/oci/utils_images.c ++++ b/src/daemon/modules/image/oci/utils_images.c +@@ -691,4 +691,19 @@ int oci_split_search_name(const char *search_name, char **host, char **name) + + return 0; + } +-#endif +\ No newline at end of file ++#endif ++ ++char *oci_image_id_from_digest(char *digest) ++{ ++ if (digest == NULL) { ++ ERROR("Empty digest"); ++ return NULL; ++ } ++ ++ if (!util_valid_digest(digest)) { ++ ERROR("Load image with invalid digest: %s", digest); ++ return NULL; ++ } ++ ++ return digest + strlen(SHA256_PREFIX); ++} +diff --git a/src/daemon/modules/image/oci/utils_images.h b/src/daemon/modules/image/oci/utils_images.h +index 2238bb91..ea0fb20a 100644 +--- a/src/daemon/modules/image/oci/utils_images.h ++++ b/src/daemon/modules/image/oci/utils_images.h +@@ -61,6 +61,9 @@ char *get_hostname_to_strip(void); + + char *oci_image_digest_pos(const char *name); + ++// return a pointer to digest string without 'sha256:' prefix ++char *oci_image_id_from_digest(char *digest); ++ + #ifdef __cplusplus + } + #endif +diff --git a/src/utils/cutils/utils.h b/src/utils/cutils/utils.h +index 83b20e5e..3acf0698 100644 +--- a/src/utils/cutils/utils.h ++++ b/src/utils/cutils/utils.h +@@ -388,8 +388,6 @@ int util_generate_random_str(char *id, size_t len); + + int util_check_inherited_exclude_fds(bool closeall, int *fds_to_ignore, size_t len_fds); + +-char *util_without_sha256_prefix(char *digest); +- + int util_normalized_host_os_arch(char **host_os, char **host_arch, char **host_variant); + + int util_read_pid_ppid_info(uint32_t pid, pid_ppid_info_t *pid_info); +diff --git a/src/utils/sha256/sha256.c b/src/utils/sha256/sha256.c +index 54cc2862..4e692355 100644 +--- a/src/utils/sha256/sha256.c ++++ b/src/utils/sha256/sha256.c +@@ -388,7 +388,6 @@ char *sha256_full_digest_str(char *str) + char *util_without_sha256_prefix(char *digest) + { + if (digest == NULL || !util_has_prefix(digest, SHA256_PREFIX)) { +- ERROR("Invalid digest when strip sha256 prefix"); + return NULL; + } + +-- +2.40.1 + diff --git a/0030-mask-proxy-informations.patch b/0030-mask-proxy-informations.patch new file mode 100644 index 0000000..992f33c --- /dev/null +++ b/0030-mask-proxy-informations.patch @@ -0,0 +1,123 @@ +From ff67cabc3e3839ef4b539805ed54b5c826b6f446 Mon Sep 17 00:00:00 2001 +From: haozi007 <liuhao27@huawei.com> +Date: Mon, 4 Sep 2023 15:19:36 +0800 +Subject: [PATCH 30/33] mask proxy informations + +Signed-off-by: haozi007 <liuhao27@huawei.com> +--- + .../container_cb/execution_information.c | 86 ++++++++++++++++--- + 1 file changed, 74 insertions(+), 12 deletions(-) + +diff --git a/src/daemon/executor/container_cb/execution_information.c b/src/daemon/executor/container_cb/execution_information.c +index 2f3d3627..86bb2894 100644 +--- a/src/daemon/executor/container_cb/execution_information.c ++++ b/src/daemon/executor/container_cb/execution_information.c +@@ -176,24 +176,83 @@ out: + static int get_proxy_env(char **proxy, const char *type) + { + int ret = 0; +- char *tmp = NULL; +- +- *proxy = getenv(type); +- if (*proxy == NULL) { +- tmp = util_strings_to_upper(type); ++ int nret; ++ char *tmp_proxy = NULL; ++ char *col_pos = NULL; ++ char *at_pos = NULL; ++ size_t proxy_len; ++ const char *mask_str = "//xxxx:xxxx"; ++ ++ tmp_proxy = getenv(type); ++ if (tmp_proxy == NULL) { ++ char *tmp = util_strings_to_upper(type); + if (tmp == NULL) { + ERROR("Failed to upper string!"); +- ret = -1; +- goto out; +- } +- *proxy = getenv(tmp); +- if (*proxy == NULL) { +- *proxy = ""; ++ return -1; + } ++ tmp_proxy = getenv(tmp); ++ free(tmp); ++ } ++ ++ if (tmp_proxy == NULL) { ++ return 0; ++ } ++ ++ if (strlen(tmp_proxy) >= PATH_MAX) { ++ ERROR("Too long proxy string."); ++ return -1; ++ } ++ tmp_proxy = util_strdup_s(tmp_proxy); ++ ++ if (strcmp(NO_PROXY, type) == 0) { ++ *proxy = tmp_proxy; ++ return 0; ++ } ++ ++ // mask username and password of proxy ++ col_pos = strchr(tmp_proxy, ':'); ++ if (col_pos == NULL) { ++ ERROR("Invalid proxy."); ++ ret = -1; ++ goto out; ++ } ++ at_pos = strrchr(tmp_proxy, '@'); ++ if (at_pos == NULL) { ++ // no '@', represent no user information in proxy, ++ // just return original proxy ++ *proxy = tmp_proxy; ++ return 0; ++ } ++ ++ // first colon position must before than at position ++ if ((at_pos - col_pos) < 0) { ++ ret = -1; ++ goto out; + } + ++ // proxy with userinfo format like: 'http://xxx:xxx@xxxx.com' ++ // so masked proxy length = len(proxy) - (pos(@) - pos(:) + 1) + len(mask-str) + '\0' ++ proxy_len = strlen(tmp_proxy); ++ proxy_len -= (at_pos - tmp_proxy); ++ proxy_len += (col_pos - tmp_proxy) + 1; ++ proxy_len += strlen(mask_str) + 1; ++ *proxy = util_common_calloc_s(proxy_len); ++ if (*proxy == NULL) { ++ ERROR("Out of memory"); ++ ret = -1; ++ goto out; ++ } ++ *col_pos = '\0'; ++ nret = snprintf(*proxy, proxy_len, "%s:%s%s", tmp_proxy, mask_str, at_pos); ++ if (nret < 0 || nret >= proxy_len) { ++ ret = -1; ++ free(*proxy); ++ *proxy = NULL; ++ goto out; ++ } ++ + out: +- free(tmp); ++ util_free_sensitive_string(tmp_proxy); + return ret; + } + +@@ -340,6 +399,9 @@ static int isulad_info_cb(const host_info_request *request, host_info_response * + #endif + + pack_response: ++ free(http_proxy); ++ free(https_proxy); ++ free(no_proxy); + if (*response != NULL) { + (*response)->cc = cc; + } +-- +2.40.1 + diff --git a/0031-add-testcase-for-isula-info.patch b/0031-add-testcase-for-isula-info.patch new file mode 100644 index 0000000..d57e8cc --- /dev/null +++ b/0031-add-testcase-for-isula-info.patch @@ -0,0 +1,115 @@ +From e40f451f5b919ba4154cc6005439f6b4370a7ac3 Mon Sep 17 00:00:00 2001 +From: haozi007 <liuhao27@huawei.com> +Date: Mon, 4 Sep 2023 17:13:13 +0800 +Subject: [PATCH 31/33] add testcase for isula info + +Signed-off-by: haozi007 <liuhao27@huawei.com> +--- + CI/test_cases/container_cases/info.sh | 95 +++++++++++++++++++++++++++ + 1 file changed, 95 insertions(+) + create mode 100755 CI/test_cases/container_cases/info.sh + +diff --git a/CI/test_cases/container_cases/info.sh b/CI/test_cases/container_cases/info.sh +new file mode 100755 +index 00000000..e6c03a49 +--- /dev/null ++++ b/CI/test_cases/container_cases/info.sh +@@ -0,0 +1,95 @@ ++#!/bin/bash ++# ++# attributes: isula info operator ++# concurrent: YES ++# spend time: 1 ++ ++####################################################################### ++##- Copyright (c) Huawei Technologies Co., Ltd. 2023. All rights reserved. ++# - iSulad licensed under the Mulan PSL v2. ++# - You can use this software according to the terms and conditions of the Mulan PSL v2. ++# - You may obtain a copy of Mulan PSL v2 at: ++# - http://license.coscl.org.cn/MulanPSL2 ++# - THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++# - IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++# - PURPOSE. ++# - See the Mulan PSL v2 for more details. ++##- @Description:CI ++##- @Author: haozi007 ++##- @Create: 2023-09-04 ++####################################################################### ++ ++curr_path=$(dirname $(readlink -f "$0")) ++data_path=$(realpath $curr_path/../data) ++source ../helpers.sh ++ ++function do_test_t() ++{ ++ check_valgrind_log ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++)) ++ export http_proxy="http://test:123456@testproxy.com" ++ export https_proxy="http://test:123456@testproxy.com" ++ export no_proxy="127.0.0.1" ++ start_isulad_with_valgrind ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++)) ++ isula info | grep "Http Proxy" | grep "http://xxxx:xxxx@testproxy.com" ++ fn_check_eq "$?" "0" "check http proxy failed" ++ isula info | grep "Https Proxy" | grep "http://xxxx:xxxx@testproxy.com" ++ fn_check_eq "$?" "0" "check https proxy failed" ++ isula info | grep "No Proxy" | grep "127.0.0.1" ++ fn_check_eq "$?" "0" "check no proxy failed" ++ ++ check_valgrind_log ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++)) ++ export http_proxy="https://example.com" ++ export no_proxy="127.0.0.1" ++ start_isulad_with_valgrind ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++)) ++ isula info | grep "Http Proxy" | grep "https://example.com" ++ fn_check_eq "$?" "0" "check http proxy failed" ++ isula info | grep "No Proxy" | grep "127.0.0.1" ++ fn_check_eq "$?" "0" "check no proxy failed" ++ ++ check_valgrind_log ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++)) ++ export http_proxy="http//abc.com" ++ export no_proxy="127.0.0.1:localhost" ++ start_isulad_with_valgrind ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++)) ++ isula info | grep "Http Proxy" ++ fn_check_ne "$?" "0" "check http proxy failed" ++ isula info | grep "No Proxy" ++ fn_check_ne "$?" "0" "check no proxy failed" ++ ++ check_valgrind_log ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++)) ++ export http_proxy="http//xxxx@abc:abc.com" ++ export no_proxy="127.0.0.1" ++ start_isulad_with_valgrind ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++)) ++ isula info | grep "Http Proxy" ++ fn_check_ne "$?" "0" "check http proxy failed" ++ isula info | grep "No Proxy" ++ fn_check_ne "$?" "0" "check no proxy failed" ++ ++ check_valgrind_log ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++)) ++ unset https_proxy http_proxy no_proxy ++ start_isulad_with_valgrind ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++)) ++ isula info | grep "Http Proxy" ++ fn_check_ne "$?" "0" "check http proxy failed" ++ isula info | grep "No Proxy" ++ fn_check_ne "$?" "0" "check no proxy failed" ++ ++ return $TC_RET_T ++} ++ ++ret=0 ++ ++do_test_t ++if [ $? -ne 0 ];then ++ let "ret=$ret + 1" ++fi ++ ++show_result $ret "basic info" +-- +2.40.1 + diff --git a/0032-fix-oci-import-compile-error.patch b/0032-fix-oci-import-compile-error.patch new file mode 100644 index 0000000..625b5ba --- /dev/null +++ b/0032-fix-oci-import-compile-error.patch @@ -0,0 +1,25 @@ +From ff0bf5155c163c5230b3ac6d71e2dfc1ed6cfa01 Mon Sep 17 00:00:00 2001 +From: haozi007 <liuhao27@huawei.com> +Date: Tue, 12 Sep 2023 17:24:24 +0800 +Subject: [PATCH 32/33] fix oci import compile error + +Signed-off-by: haozi007 <liuhao27@huawei.com> +--- + src/daemon/modules/image/oci/oci_import.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/daemon/modules/image/oci/oci_import.c b/src/daemon/modules/image/oci/oci_import.c +index 0568c23f..058107a4 100644 +--- a/src/daemon/modules/image/oci/oci_import.c ++++ b/src/daemon/modules/image/oci/oci_import.c +@@ -33,6 +33,7 @@ + #include "utils_file.h" + #include "utils_timestamp.h" + #include "util_archive.h" ++#include "utils_images.h" + + #define IMPORT_COMMENT "Imported from tarball" + #define ROOTFS_TYPE "layers" +-- +2.40.1 + diff --git a/0033-2188-Support-both-C-11-and-C-17.patch b/0033-2188-Support-both-C-11-and-C-17.patch new file mode 100644 index 0000000..3e59bf9 --- /dev/null +++ b/0033-2188-Support-both-C-11-and-C-17.patch @@ -0,0 +1,60 @@ +From bfd1b325eb93083ce4478c28aa61101ac553b458 Mon Sep 17 00:00:00 2001 +From: xuxuepeng <xuxuepeng1@huawei.com> +Date: Wed, 13 Sep 2023 02:16:12 +0000 +Subject: [PATCH 33/33] !2188 Support both C++11 and C++17 * Support both C++11 + and C++17 + +--- + cmake/set_build_flags.cmake | 11 ++++++++++- + test/fuzz/CMakeLists.txt | 13 ++++++++++++- + 2 files changed, 22 insertions(+), 2 deletions(-) + +diff --git a/cmake/set_build_flags.cmake b/cmake/set_build_flags.cmake +index 09c85c65..38069791 100644 +--- a/cmake/set_build_flags.cmake ++++ b/cmake/set_build_flags.cmake +@@ -3,7 +3,16 @@ set(CMAKE_C_FLAGS "-fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -Wall -fP + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__FILENAME__='\"$(subst ${CMAKE_SOURCE_DIR}/,,$(abspath $<))\"'") + + if (GRPC_CONNECTOR) +- set(CMAKE_CXX_FLAGS "-fPIC -std=c++17 -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -Wall -Wno-error=deprecated-declarations") ++ include(CheckCXXCompilerFlag) ++ CHECK_CXX_COMPILER_FLAG("-std=c++17" COMPILER_SUPPORTS_CXX17) ++ if (COMPILER_SUPPORTS_CXX17) ++ message(STATUS "The compiler ${CMAKE_CXX_COMPILER} has C++17 support.") ++ set(CMAKE_CXX_VERSION "-std=c++17") ++ else() ++ message(STATUS "The compiler ${CMAKE_CXX_COMPILER} has no C++17 support. Use C++11.") ++ set(CMAKE_CXX_VERSION "-std=c++11") ++ endif() ++ set(CMAKE_CXX_FLAGS "-fPIC ${CMAKE_CXX_VERSION} -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -Wall -Wno-error=deprecated-declarations") + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -D__FILENAME__='\"$(subst ${CMAKE_SOURCE_DIR}/,,$(abspath $<))\"'") + endif() + set(CMAKE_SHARED_LINKER_FLAGS "-Wl,-E -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wtrampolines -shared -pthread") +diff --git a/test/fuzz/CMakeLists.txt b/test/fuzz/CMakeLists.txt +index 617a168f..0682ffa3 100644 +--- a/test/fuzz/CMakeLists.txt ++++ b/test/fuzz/CMakeLists.txt +@@ -34,7 +34,18 @@ MESSAGE(STATUS "GCLANG_PP_BINARY is set to ${GCLANG_PP_BINARY}") + SET(CMAKE_C_COMPILER "${GCLANG_BINARY}") + SET(CMAKE_CXX_COMPILER "${GCLANG_PP_BINARY}") + SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -g -O0 --coverage -fsanitize=fuzzer,address -fsanitize-coverage=indirect-calls,trace-cmp,trace-div,trace-gep") +-SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -g -O0 --coverage -std=c++17 -fsanitize=fuzzer,address -fsanitize-coverage=indirect-calls,trace-cmp,trace-div,trace-gep") ++ ++include(CheckCXXCompilerFlag) ++CHECK_CXX_COMPILER_FLAG("-std=c++17" COMPILER_SUPPORTS_CXX17) ++if (COMPILER_SUPPORTS_CXX17) ++ message(STATUS "The compiler ${CMAKE_CXX_COMPILER} has C++17 support.") ++ set(CMAKE_CXX_VERSION "-std=c++17") ++else() ++ message(STATUS "The compiler ${CMAKE_CXX_COMPILER} has no C++17 support. Use C++11.") ++ set(CMAKE_CXX_VERSION "-std=c++11") ++endif() ++ ++SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -g -O0 --coverage ${CMAKE_CXX_VERSION} -fsanitize=fuzzer,address -fsanitize-coverage=indirect-calls,trace-cmp,trace-div,trace-gep") + SET(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}) + + SET(EXE0 test_volume_mount_spec_fuzz) +-- +2.40.1 + diff --git a/6001-modify-daemon-json-default-runtime-to-runc.patch b/6001-modify-daemon-json-default-runtime-to-runc.patch new file mode 100644 index 0000000..fcc27ac --- /dev/null +++ b/6001-modify-daemon-json-default-runtime-to-runc.patch @@ -0,0 +1,52 @@ +From 4b35e4f4d39d3c4ea0caed90518e93cb1a805218 Mon Sep 17 00:00:00 2001 +From: zhangxiaoyu <zhangxiaoyu58@huawei.com> +Date: Mon, 14 Aug 2023 09:48:38 +0800 +Subject: [PATCH] modify daemon json default runtime to runc + +Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com> +--- + src/cmd/isula/base/create.h | 2 +- + src/cmd/isula/extend/stats.c | 1 - + src/contrib/config/daemon.json | 2 +- + 3 files changed, 2 insertions(+), 3 deletions(-) + +diff --git a/src/cmd/isula/base/create.h b/src/cmd/isula/base/create.h +index 0426158..6fff764 100644 +--- a/src/cmd/isula/base/create.h ++++ b/src/cmd/isula/base/create.h +@@ -332,7 +332,7 @@ extern "C" { + "runtime", \ + 'R', \ + &(cmdargs).runtime, \ +- "Runtime to use for containers(default: lcr)", \ ++ "Runtime to use for containers", \ + NULL }, \ + { CMD_OPT_TYPE_STRING_DUP, \ + false, \ +diff --git a/src/cmd/isula/extend/stats.c b/src/cmd/isula/extend/stats.c +index c11fe21..0448560 100644 +--- a/src/cmd/isula/extend/stats.c ++++ b/src/cmd/isula/extend/stats.c +@@ -41,7 +41,6 @@ struct client_arguments g_cmd_stats_args = { + .showall = false, + .nostream = false, + .original = false, +- .runtime = "lcr", + }; + + static struct isula_stats_response *g_oldstats = NULL; +diff --git a/src/contrib/config/daemon.json b/src/contrib/config/daemon.json +index f8cad24..711dda9 100644 +--- a/src/contrib/config/daemon.json ++++ b/src/contrib/config/daemon.json +@@ -1,6 +1,6 @@ + { + "group": "isula", +- "default-runtime": "lcr", ++ "default-runtime": "runc", + "graph": "/var/lib/isulad", + "state": "/var/run/isulad", + "log-level": "ERROR", +-- +2.25.1 + diff --git a/iSulad.spec b/iSulad.spec new file mode 100644 index 0000000..6cd9ab0 --- /dev/null +++ b/iSulad.spec @@ -0,0 +1,932 @@ +%global _version 2.1.3 +%global _release 2 +%global is_systemd 1 +%global enable_criv1 1 +%global enable_shimv2 1 +%global is_embedded 1 +%global cpp_std 17 + +Name: iSulad +Version: %{_version} +Release: %{_release} +Summary: Lightweight Container Runtime Daemon +License: Mulan PSL v2 +URL: https://gitee.com/openeuler/iSulad +Source: https://gitee.com/openeuler/iSulad/repository/archive/v%{version}.tar.gz +BuildRoot: {_tmppath}/iSulad-%{version} + +Patch0001: 0001-2155-Use-reference-in-loop-in-listpodsandbox.patch +Patch0002: 0002-2156-Fix-sandbox-error-logging.patch +Patch0003: 0003-2158-Use-crictl-v1.22.0-for-ci.patch +Patch0004: 0004-2162-Fix-rename-issue-for-id-manager.patch +Patch0005: 0005-2163-add-bind-mount-file-lock.patch +Patch0006: 0006-2168-fix-code-bug.patch +Patch0007: 0007-2171-Fix-nullptr-in-src-daemon-entry.patch +Patch0008: 0008-Add-vsock-support-for-exec.patch +Patch0009: 0009-remove-unneccessary-strerror.patch +Patch0010: 0010-do-not-report-low-level-error-to-user.patch +Patch0011: 0011-remove-usage-of-strerror-with-user-defined-errno.patch +Patch0012: 0012-use-gmtime_r-to-replace-gmtime.patch +Patch0013: 0013-improve-report-error-message-of-client.patch +Patch0014: 0014-adapt-new-error-message-for-isula-cp.patch +Patch0015: 0015-2182-Add-mutex-for-container-list-in-sandbox.patch +Patch0016: 0016-2180-fix-execlp-not-enough-args.patch +Patch0017: 0017-2135-modify-incorrect-variable-type.patch +Patch0018: 0018-make-sure-the-input-parameter-is-not-empty-and-optim.patch +Patch0019: 0019-remove-password-in-url-module-and-clean-sensitive-in.patch +Patch0020: 0020-2153-fix-codecheck.patch +Patch0021: 0021-2157-bugfix-for-memset.patch +Patch0022: 0022-2159-use-macros-to-isolate-the-password-option-of-lo.patch +Patch0023: 0023-2161-bugfix-for-api-cmakelist.patch +Patch0024: 0024-2165-preventing-the-use-of-insecure-isulad-tmpdir-di.patch +Patch0025: 0025-2166-move-ensure_isulad_tmpdir_security-function-to-.patch +Patch0026: 0026-2169-using-macros-to-isolate-isulad-s-enable_plugin-.patch +Patch0027: 0027-2178-clean-path-for-fpath-and-verify-chain-id.patch +Patch0028: 0028-2179-modify-the-permissions-of-tmpdir-and-file-lock-.patch +Patch0029: 0029-image-ensure-id-of-loaded-and-pulled-image-is-valid.patch +Patch0030: 0030-mask-proxy-informations.patch +Patch0031: 0031-add-testcase-for-isula-info.patch +Patch0032: 0032-fix-oci-import-compile-error.patch +Patch0033: 0033-2188-Support-both-C-11-and-C-17.patch +Patch6001: 6001-modify-daemon-json-default-runtime-to-runc.patch + +%ifarch x86_64 aarch64 +Provides: libhttpclient.so()(64bit) +Provides: libisula_client.so()(64bit) +Provides: libisulad_img.so()(64bit) +Provides: libisulad_tools.so()(64bit) +%endif + +%if 0%{?is_systemd} +# Systemd 230 and up no longer have libsystemd-journal +BuildRequires: pkgconfig(systemd) +Requires: systemd-units +%else +Requires(post): chkconfig +Requires(preun): chkconfig +# This is for /sbin/service +Requires(preun): initscripts +%endif + +%if 0%{?is_embedded} +BuildRequires: sqlite-devel +Requires: sqlite +%endif + +%if %{defined openeuler} +BuildRequires: gtest-devel gmock-devel +%endif + +%define lcrver_lower 2.1.2-0 +%define lcrver_upper 2.1.3-0 + +BuildRequires: libisula-devel > %{lcrver_lower} libisula-devel < %{lcrver_upper} +BuildRequires: cmake gcc-c++ yajl-devel lxc lxc-devel +BuildRequires: grpc grpc-plugins grpc-devel protobuf-devel +BuildRequires: libcurl libcurl-devel libarchive-devel device-mapper-devel +BuildRequires: http-parser-devel +BuildRequires: libseccomp-devel libcap-devel libselinux-devel libwebsockets libwebsockets-devel +BuildRequires: systemd-devel git +BuildRequires: libevhtp-devel libevent-devel +%if 0%{?enable_shimv2} +BuildRequires: lib-shim-v2 lib-shim-v2-devel +%endif + + +Requires: libisula > %{lcrver_lower} libisula < %{lcrver_upper} +Requires: grpc protobuf docker-runc +Requires: libcurl +Requires: http-parser libseccomp +Requires: libcap libselinux libwebsockets libarchive device-mapper +Requires: systemd +BuildRequires: libevhtp libevent +%if 0%{?enable_shimv2} +Requires: lib-shim-v2 +%endif + +%description +This is a umbrella project for gRPC-services based Lightweight Container +Runtime Daemon, written by C. + +%prep +%autosetup -n iSulad-v%{_version} -Sgit -p1 + +%build +mkdir -p build +cd build +%cmake \ + -DDEBUG=ON \ + -DCMAKE_SKIP_RPATH=TRUE \ + -DLIB_INSTALL_DIR=%{_libdir} \ + -DCMAKE_INSTALL_PREFIX=/usr \ +%if 0%{?enable_criv1} + -DENABLE_CRI_API_V1=ON \ + -DENABLE_SANDBOXER=ON \ +%endif +%if 0%{?enable_shimv2} + -DENABLE_SHIM_V2=ON \ +%endif +%if %{defined openeuler} + -DENABLE_UT=OFF \ +%endif + -DENABLE_GRPC_REMOTE_CONNECT=OFF \ + -DENABLE_GRPC=ON \ + -DCMAKE_CXX_STANDARD=%{cpp_std} \ + ../ + +sed -i "10 a\# undef linux" grpc/src/api/services/cri/v1alpha/api.pb.h +%if 0%{?enable_criv1} +sed -i "10 a\# undef linux" grpc/src/api/services/cri/v1/api_v1.pb.h +%endif + +%make_build + +%check +%if %{defined openeuler} +cd build +# registry_images_ut and volume_ut must run with root user +ctest -E "registry_images_ut|volume_ut" +%endif + +%install +rm -rf %{buildroot} +cd build +install -d $RPM_BUILD_ROOT/%{_libdir} +install -m 0755 ./src/libisula_client.so %{buildroot}/%{_libdir}/libisula_client.so +install -m 0755 ./src/utils/http/libhttpclient.so %{buildroot}/%{_libdir}/libhttpclient.so +install -m 0755 ./src/libisulad_tools.so %{buildroot}/%{_libdir}/libisulad_tools.so +install -m 0755 ./src/daemon/modules/image/libisulad_img.so %{buildroot}/%{_libdir}/libisulad_img.so + +install -d $RPM_BUILD_ROOT/%{_libdir}/pkgconfig +install -m 0640 ./conf/isulad.pc %{buildroot}/%{_libdir}/pkgconfig/isulad.pc + +install -d $RPM_BUILD_ROOT/%{_bindir} + +install -m 0755 ./src/isula %{buildroot}/%{_bindir}/isula +install -m 0755 ./src/isulad-shim %{buildroot}/%{_bindir}/isulad-shim + +install -m 0755 ./src/isulad %{buildroot}/%{_bindir}/isulad + +install -d $RPM_BUILD_ROOT/%{_includedir}/isulad +install -m 0644 ../src/daemon/modules/api/image_api.h %{buildroot}/%{_includedir}/isulad/image_api.h + +install -d $RPM_BUILD_ROOT/%{_sysconfdir}/isulad +install -m 0640 ../src/contrib/config/daemon.json %{buildroot}/%{_sysconfdir}/isulad/daemon.json +install -m 0440 ../src/contrib/config/daemon_constants.json %{buildroot}/%{_sysconfdir}/isulad/daemon_constants.json +install -m 0640 ../src/contrib/config/seccomp_default.json %{buildroot}/%{_sysconfdir}/isulad/seccomp_default.json + +install -d $RPM_BUILD_ROOT/%{_sysconfdir}/default/isulad +install -m 0640 ../src/contrib/config/config.json %{buildroot}/%{_sysconfdir}/default/isulad/config.json +install -m 0640 ../src/contrib/config/systemcontainer_config.json %{buildroot}/%{_sysconfdir}/default/isulad/systemcontainer_config.json +install -m 0550 ../src/contrib/sysmonitor/isulad-check.sh %{buildroot}/%{_sysconfdir}/default/isulad/isulad-check.sh + +mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sysmonitor/process +cp ../src/contrib/sysmonitor/isulad-monit $RPM_BUILD_ROOT/etc/sysmonitor/process + +install -d $RPM_BUILD_ROOT/%{_sysconfdir}/default/isulad/hooks +install -m 0640 ../src/contrib/config/hooks/default.json %{buildroot}/%{_sysconfdir}/default/isulad/hooks/default.json + +install -d $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig +install -p -m 0640 ../src/contrib/config/iSulad.sysconfig $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/iSulad + +%if 0%{?is_systemd} +install -d $RPM_BUILD_ROOT/%{_unitdir} +install -p -m 0640 ../src/contrib/init/isulad.service $RPM_BUILD_ROOT/%{_unitdir}/isulad.service +%else +install -d $RPM_BUILD_ROOT/%{_initddir} +install -p -m 0640 ../src/contrib/init/isulad.init $RPM_BUILD_ROOT/%{_initddir}/isulad.init +%endif + +%clean +rm -rf %{buildroot} + +%pre +# support update from lcrd to isulad, will remove in next version +if [ "$1" = "2" ]; then +%if 0%{?is_systemd} +systemctl stop lcrd &>/dev/null +systemctl disable lcrd &>/dev/null +if [ -e %{_sysconfdir}/isulad/daemon.json ];then + sed -i 's#/etc/default/lcrd/hooks#/etc/default/isulad/hooks#g' %{_sysconfdir}/isulad/daemon.json +fi +%else +/sbin/chkconfig --del lcrd &>/dev/null +%endif +fi + +%post +if ! getent group isula > /dev/null; then + groupadd --system isula +fi + +if [ "$1" = "1" ]; then +%if 0%{?is_systemd} +systemctl enable isulad +systemctl start isulad +%else +/sbin/chkconfig --add isulad +%endif +elif [ "$1" = "2" ]; then +%if 0%{?is_systemd} +# support update from lcrd to isulad, will remove in next version +if [ -e %{_unitdir}/lcrd.service.rpmsave ]; then + mv %{_unitdir}/lcrd.service.rpmsave %{_unitdir}/isulad.service + sed -i 's/lcrd/isulad/g' %{_unitdir}/isulad.service +fi +systemctl status isulad | grep 'Active:' | grep 'running' +if [ $? -eq 0 ]; then + systemctl restart isulad +else + systemctl start isulad +fi +%else +/sbin/service isulad status | grep 'Active:' | grep 'running' +if [ $? -eq 0 ]; then + /sbin/service isulad restart +fi +%endif +fi + +if ! getent group isula > /dev/null; then + groupadd --system isula +fi + +%preun +%if 0%{?is_systemd} +%systemd_preun isulad +%else +if [ $1 -eq 0 ] ; then + /sbin/service isulad stop >/dev/null 2>&1 + /sbin/chkconfig --del isulad +fi +%endif + +%postun +%if 0%{?is_systemd} +%systemd_postun_with_restart isulad +%else +if [ "$1" -ge "1" ] ; then + /sbin/service isulad condrestart >/dev/null 2>&1 || : +fi +%endif + +%files +%attr(0600,root,root) %{_sysconfdir}/sysmonitor/process/isulad-monit +%attr(0550,root,root) %{_sysconfdir}/default/isulad/isulad-check.sh +%defattr(0640,root,root,0750) +%{_sysconfdir}/isulad +%{_sysconfdir}/isulad/* +%{_sysconfdir}/default/* +%defattr(-,root,root,-) +%if 0%{?is_systemd} +%{_unitdir}/isulad.service +%attr(0640,root,root) %{_unitdir}/isulad.service +%else +%{_initddir}/isulad.init +%attr(0640,root,root) %{_initddir}/isulad.init +%endif +%{_includedir}/isulad/* +%attr(0755,root,root) %{_libdir}/pkgconfig +%attr(0640,root,root) %{_libdir}/pkgconfig/isulad.pc +%defattr(0755,root,root,0755) +%{_bindir}/* +%{_libdir}/* +%attr(0640,root,root) %{_sysconfdir}/sysconfig/iSulad +%attr(0640,root,root) %{_sysconfdir}/isulad/daemon.json + +%config(noreplace,missingok) %{_sysconfdir}/sysconfig/iSulad +%config(noreplace,missingok) %{_sysconfdir}/isulad/daemon.json +%if 0%{?is_systemd} +%config(noreplace,missingok) %{_unitdir}/isulad.service +%else +%config(noreplace,missingok) %{_initddir}/isulad.init +%endif + +%changelog +* Wed Sep 13 2023 xuxuepeng <xuxuepeng1@huawei.com> - 2.1.3-2 +- Type: update +- ID: NA +- SUG: NA +- DESC: Add vsock support for exec + +* Tue Aug 29 2023 xuxuepeng <xuxuepeng1@huawei.com> - 2.1.3-1 +- Type: update +- ID: NA +- SUG: NA +- DESC: update to v2.1.3 + +* Mon Aug 28 2023 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.1.2-8 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: modify lxc dependence to docker-runc dependence + +* Mon Aug 21 2023 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.1.2-7 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: enable grpc and fix compile failed + +* Wed Aug 09 2023 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.1.2-6 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: modify daemon json default runtime to runc + +* Thu Jul 20 2023 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.1.2-5 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: compile using c++17 + +* Mon May 29 2023 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.1.2-4 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: bugfix for memleak and malloc + +* Thu May 25 2023 zhongtao <zhongtao17@huawei.com> - 2.1.2-3 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: upgrade from upstream + +* Fri May 12 2023 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.1.2-2 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: fix remote grpc macro + +* Thu May 11 2023 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.1.2-1 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: update from upstream to update cri + +* Fri Mar 24 2023 wangrunze <wangrunze13@huawei.com> - 2.1.1-6 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: update from upstream to include remote feature + +* Thu Mar 16 2023 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.1.1-5 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: use CURLOPT_XFERINFOFUNCTION instead of deprecated CURLOPT_PROGRESSFUNCTION since curl 7.32.0 + +* Wed Feb 22 2023 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.1.1-4 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: upgrade from upstream + +* Thu Feb 16 2023 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.1.1-3 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: add check + +* Mon Feb 06 2023 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.1.1-2 +- Type: update +- ID: NA +- SUG: NA +- DESC: modify dependence from lcr to libisula + +* Mon Feb 06 2023 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.1.1-1 +- Type: update +- ID: NA +- SUG: NA +- DESC: update to v2.1.1 + +* Tue Jan 03 2023 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.18-1 +- Type: update +- ID: NA +- SUG: NA +- DESC: update to v2.0.18 + +* Thu Dec 22 2022 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.17-14 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: remove clean_module_fill_ctx for libisulad_img.so + +* Mon Dec 19 2022 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.17-13 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: update lcr dependence version + +* Fri Dec 16 2022 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.17-12 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: update from upstream + +* Tue Dec 06 2022 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.17-11 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: update from upstream + +* Mon Nov 28 2022 yangjiaqi <yangjiaqi16@huawei.com> - 2.0.17-10 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: remove chmod 751 permission for dirs by engine when user-remap enabled + +* Fri Nov 25 2022 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.17-9 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: add primary group to additional groups + +* Mon Nov 21 2022 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.17-8 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: fix cannot install isulad and unknown option + +* Wed Nov 16 2022 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.17-7 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: update tar package from source + +* Wed Nov 02 2022 wangrunze <wangrunze13@huawei.com> - 2.0.17-6 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: fix cleanup module memory leak + +* Tue Nov 01 2022 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.17-5 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: add ut and bugfix for device mapper and websocket + +* Mon Oct 31 2022 wujing <wujing50@huawei.com> - 2.0.17-4 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: sync from openEuler + +* Wed Oct 19 2022 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.17-3 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: add required package lcr clibcni lower and upper version + +* Mon Oct 10 2022 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.17-2 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: use epoll instead of select for wait_exit_fifo + +* Sun Oct 09 2022 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.17-1 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: update iSulad version to 2.0.17-1 + +* Thu Sep 29 2022 haozi007 <liuhao27@huawei.com> - 2.0.16-8 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: sync from openEuler + +* Tue Sep 20 2022 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.16-7 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: change libisulad_tools.so mode + +* Thu Sep 15 2022 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.16-6 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: shield upgrade error if lcrd not exist + +* Tue Sep 13 2022 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.16-5 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: calculate timezone by tm_gmtoff + +* Thu Sep 08 2022 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.16-4 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: invalid free default-runtime and cri-runtime after free json-confs + +* Wed Sep 07 2022 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.16-3 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: sycn patches from openeuler/iSulad + +* Tue Aug 30 2022 leizhongkai <leizhongkai@huawei.com> - 2.0.16-2 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: sync from upstream openeuler/iSulad + +* Tue Aug 23 2022 wangfengtu <wangfengtu@huawei.com> - 2.0.16-1 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: update iSulad version to 2.0.16-1 + +* Mon Aug 22 2022 zhongtao <zhongtao17@huawei.com> - 2.0.15-6 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: remove rpath by cmake + +* Wed Aug 17 2022 haozi007 <liuhao27@huawei.com> - 2.0.15-5 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: sycn patches from openeuler + +* Mon Aug 15 2022 wangfengtu <wangfengtu@huawei.com> - 2.0.15-4 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: change default umask to 0022 + +* Tue Aug 9 2022 haozi007 <liuhao27@huawei.com> - 2.0.15-3 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: sycn patches from openeuler + +* Mon Aug 1 2022 chengzeruizhi <chengzeruizhi@huawei.com> - 2.0.15-2 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: sycn patches from openeuler branch + +* Fri Jul 8 2022 haozi007 <liuhao27@huawei.com> - 2.0.15-1 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: update version to v2.0.15 + +* Fri Jul 8 2022 haozi007 <liuhao27@huawei.com> - 2.0.14-11 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: add limit to lcr version + +* Wed Jun 22 2022 yangjiaqi <yangjiaqi16@huawei.com> - 2.0.14-10 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: sync from upstream openeuler/iSulad + +* Tue Jun 21 2022 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.14-9 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: sync from upstream openeuler/iSulad + +* Wed Jun 15 2022 chengzeruizhi <chengzeruizhi@huawei.com> - 2.0.14-8 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: sync from upstream openeuler/iSulad + +* Tue May 31 2022 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.14-7 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: fix type convert, add null pointer check, remove unuse macro + +* Tue May 31 2022 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.14-6 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: fix different type convert and add check to arguments + +* Mon May 30 2022 chengzrz <chengzeruizhi@huawei.com> - 2.0.14-5 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: seccomp optimization + +* Fri May 27 2022 haozi007 <liuhao27@huawei.com> - 2.0.14-4 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: improve fuzz test for pw and gr parser + +* Tue May 24 2022 wangfengtu <wangfengtu@huawei.com> - 2.0.14-3 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: fix install error when android + +* Tue May 24 2022 wangfengtu <wangfengtu@huawei.com> - 2.0.14-2 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: do not mkdir of isulad if no controller found + +* Mon May 23 2022 haozi007 <liuhao27@huawei.com> - 2.0.14-1 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: update version to v2.0.14 + +* Mon May 16 2022 haozi007<liuhao27@huawei.com> - 2.0.13-5 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: sync from upstream openEuler/iSulad + +* Tue May 10 2022 hejunjie<hejunjie10@huawei.com> - 2.0.13-4 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: bionic adaptation, increase lcov coverage + +* Thu May 5 2022 hejunjie<hejunjie10@huawei.com> - 2.0.13-3 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: bionic adaptation for pwgr obj parser + +* Mon Apr 25 2022 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.13-2 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: sync from upstream + +* Mon Apr 18 2022 wangfengtu <wangfengtu@huawei.com> - 2.0.13-1 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: update version to v2.0.13 + +* Fri Mar 25 2022 wangfengtu <wangfengtu@huawei.com> - 2.0.12-1 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: update version to v2.0.12 + +* Thu Mar 17 2022 haozi007 <liuhao27@huawei.com> - 2.0.11-6 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: remove unnecessary error message + +* Thu Mar 17 2022 wangfengtu <wangfengtu@huawei.com> - 2.0.11-5 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: fix uid/gid error when load image + +* Wed Mar 09 2022 wangfengtu <wangfengtu@huawei.com> - 2.0.11-4 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: add provides of libisulad_tools.so + +* Thu Mar 03 2022 wangfengtu <wangfengtu@huawei.com> - 2.0.11-3 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: Add the function of isolating the user namespaces + +* Thu Mar 03 2022 wangfengtu <wangfengtu@huawei.com> - 2.0.11-2 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: add libisulad_tools.so + +* Thu Feb 24 2022 wangfengtu <wangfengtu@huawei.com> - 2.0.11-1 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: update version to v2.0.11 + +* Wed Jan 12 2022 wangfengtu <wangfengtu@huawei.com> - 2.0.10-15 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: fix compile error of isula-transform + +* Wed Jan 12 2022 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.10-14 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: fix compile error with grpc 1.41.x + +* Tue Jan 4 2022 wangfengtu <wangfengtu@huawei.com> - 2.0.10-13 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: fix compile error when building embedded image + +* Mon Dec 27 2021 wangfengtu <wangfengtu@huawei.com> - 2.0.10-12 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: sync patches from upstream + +* Thu Dec 09 2021 chengzeruizhi <chengzeruizhi@huawei.com> - 2.0.10-11 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: fixed a bug that occurs when starting a container in host mode + +* Thu Dec 09 2021 wangfengtu <wagnfengtu@huawei.com> - 2.0.10-10 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: remove dependance of sqlite + +* Mon Dec 06 2021 gaohuatao <gaohuatao@huawei.com> - 2.0.10-9 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: specify version + +* Fri Dec 03 2021 wangfengtu <wangfengtu@huawei.com> - 2.0.10-8 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: fix undefined reference to `service_arguments_free' in libisulad_img.so + +* Thu Dec 02 2021 wangfengtu <wangfengtu@huawei.com> - 2.0.10-7 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: sync patches from upstream + +* Tue Nov 23 2021 chengzeruizhi <chengzeruizhi@huawei.com> - 2.0.10-6 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: modify the procedure of running a pod + +* Fri Nov 19 2021 gaohuatao <gaohuatao@huawei.com> - 2.0.10-5 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: sync from upstream + +* Fri Nov 19 2021 wangfengtu <wangfengtu@huawei.com> - 2.0.10-4 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: fix memleak when use multiple --volumes-from + +* Tue Nov 16 2021 wujing <wujing50@huawei.com> - 2.0.10-3 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: add shimv2 build switch + +* Tue Nov 16 2021 wujing <wujing50@huawei.com> - 2.0.10-2 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: remove build platform restrictions + +* Tue Nov 09 2021 gaohuatao <gaohuatao@huawei.com> - 2.0.10-1 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: update from openeuler + +* Tue Oct 19 2021 wangfengtu <wangfengtu@huawei.com> - 2.0.9-20211019.121837.gitf067b3ce +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: strip sha256 prefix when decrease hold references + +* Fri Jun 25 2021 wujing <wujing50@huawei.com> - 2.0.9-20210625.165022.git5a088d9c +- Type: update to v2.0.9 +- ID: NA +- SUG: NA +- DESC: update from master + +* Tue May 18 2021 wangfengtu <wangfengtu@huawei.com> - 2.0.8-20210518.144540.git5288ed92 +- Type: sync from upstream +- ID: NA +- SUG: NA +- DESC: update from master + +* Fri Mar 26 2021 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.8-20210326.094027.gitac974aa6 +- Type: sync from upstream +- ID: NA +- SUG: NA +- DESC: update from master + +* Tue Mar 23 2021 haozi007 <liuhao27@huawei.com> - 20210323.094917.git7e6aa593 +- Type: sync from upstream +- ID: NA +- SUG: NA +- DESC: update from master + +* Tue Feb 2 2021 lifeng <lifeng68@huawei.com> - 2.0.8-20210202.153251.gite082dcf3 +- Type: sync from upstream +- ID: NA +- SUG: NA +- DESC: update from master + +* Mon Jan 18 2021 lifeng <lifeng68@huawei.com> - 2.0.8-20210118.195254.git077e10f2 +- Type: sync from upstream +- ID: NA +- SUG: NA +- DESC: update from master + +* Wed Dec 30 2020 lifeng <lifeng68@huawei.com> - 2.0.8-20201230.155843.git6557a6eb +- Type: update to v2.0.8 +- ID: NA +- SUG: NA +- DESC: update from master + +* Mon Dec 7 2020 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.7-20201207.151847.gita1fce123 +- Type: update +- ID: NA +- SUG: NA +- DESC: update from master + +* Sat Dec 5 2020 lifeng <lifeng68@huawei.com> - 2.0.7-20201205.145752.gita461cc51 +- Type: bugfix +- ID:NA +- SUG:NA +- DESC: ignore list containers errors + +* Thu Dec 3 2020 haozi007 <liuhao27@huawei.com> - 2.0.7-20201203.190902.git48f598fd +- Type:update from master +- ID:NA +- SUG:NA +- DESC: update from master + +* Sat Nov 28 2020 lifeng<lifeng68@huawei.com> - 2.0.7-20201128.095506.git1e1623a5 +- Type: bugfix +- ID:NA +- SUG:NA +- DESC: Mounts: only qsort the configed mounts and make possible to bind mount /proc and /sys/fs. +- related lxc PR fixed: +- 1.add check whether have /proc mounts entry, if has, skip the auto +- 2.mount cgroup before do mount entrys +- 3.pass if the mount on top of /proc and the source of the mount is a proc filesystem + +* Wed Nov 25 2020 wangfengtu<wangfengtu@huawei.com> - 2.0.7-20201125.165149.git7d150c3c +- Type: bugfix +- ID:NA +- SUG:NA +- DESC: update from openeuler + +* Wed Nov 25 2020 wangfengtu<wangfengtu@huawei.com> - 2.0.6-20201125.160534.git9fb5e75d +- Type: bugfix +- ID:NA +- SUG:NA +- DESC: fix rpath not work + +* Thu Nov 12 2020 gaohuatao<gaohuatao@huawei.com> - 2.0.6-20201112.193005.git8a6b73c8 +- Type: update from openeuler +- ID:NA +- SUG:NA +- DESC: update from openeuler + +* Wed Oct 14 2020 lifeng68<lifeng68@huawei.com> - 2.0.6-20201014.152749.gitc8a43925 +- Type: upgrade to v2.0.6 +- ID:NA +- SUG:NA +- DESC: upgrade to v2.0.6 + +* Fri Sep 18 2020 <lifeng68@huawei.com> - 2.0.5-20200918.112827.git9aea9b75 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC: modify log level to warn + +* Mon Sep 14 2020 <lifeng68@huawei.com> - 2.0.5-20200914.172527.gitae86920a +- Type:bugfix +- ID:NA +- SUG:NA +- DESC: remove unused config + +* Thu Sep 10 2020 <yangjiaqi11@huawei.com> - 2.0.5-20200910.144345.git71b1055b +- Type:enhancement +- ID:NA +- SUG:NA +- DESC: add chrpath + +* Fri Sep 04 2020 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.5-20200904.114315.gitff1761c3 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC: upgrade from v2.0.3 to v2.0.5 + +* Wed Sep 02 2020 YoungJQ <yangjiaqi11@huawei.com> - 2.0.3-20200902.114727.git6d945f26 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC: modify source0 address @@ -0,0 +1 @@ +7d4ca1eb02fad354cb45d3be254c1add v2.1.3.tar.gz |