summaryrefslogtreecommitdiff
path: root/0052-modify-the-default-value-of-ISULAD_TMPDIR-to-var-lib.patch
diff options
context:
space:
mode:
Diffstat (limited to '0052-modify-the-default-value-of-ISULAD_TMPDIR-to-var-lib.patch')
-rw-r--r--0052-modify-the-default-value-of-ISULAD_TMPDIR-to-var-lib.patch170
1 files changed, 170 insertions, 0 deletions
diff --git a/0052-modify-the-default-value-of-ISULAD_TMPDIR-to-var-lib.patch b/0052-modify-the-default-value-of-ISULAD_TMPDIR-to-var-lib.patch
new file mode 100644
index 0000000..cf0c729
--- /dev/null
+++ b/0052-modify-the-default-value-of-ISULAD_TMPDIR-to-var-lib.patch
@@ -0,0 +1,170 @@
+From 06d42781cbfc3d9baa7155b480e22b9f4164ab91 Mon Sep 17 00:00:00 2001
+From: zhongtao <zhongtao17@huawei.com>
+Date: Tue, 12 Dec 2023 20:24:57 +0800
+Subject: [PATCH 52/64] modify the default value of ISULAD_TMPDIR to
+ /var/lib/isulad
+
+Signed-off-by: zhongtao <zhongtao17@huawei.com>
+---
+ src/cmd/isulad/main.c | 13 +++++++------
+ src/common/constants.h | 2 ++
+ src/contrib/config/iSulad.sysconfig | 4 ++--
+ .../modules/container/leftover_cleanup/cleanup.c | 6 +++---
+ src/daemon/modules/image/oci/utils_images.c | 2 +-
+ src/utils/cutils/utils_verify.c | 5 +++++
+ src/utils/cutils/utils_verify.h | 2 ++
+ src/utils/tar/util_archive.c | 9 +++++----
+ 8 files changed, 27 insertions(+), 16 deletions(-)
+
+diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c
+index 95454e2a..d33e4004 100644
+--- a/src/cmd/isulad/main.c
++++ b/src/cmd/isulad/main.c
+@@ -1295,8 +1295,8 @@ static int ensure_isulad_tmpdir_security()
+ char *isulad_tmp_dir = NULL;
+
+ isulad_tmp_dir = getenv("ISULAD_TMPDIR");
+- if (!util_valid_str(isulad_tmp_dir)) {
+- isulad_tmp_dir = "/tmp";
++ if (!util_valid_isulad_tmpdir(isulad_tmp_dir)) {
++ isulad_tmp_dir = DEFAULT_ISULAD_TMPDIR;
+ }
+
+ if (do_ensure_isulad_tmpdir_security(isulad_tmp_dir) != 0) {
+@@ -1304,14 +1304,15 @@ static int ensure_isulad_tmpdir_security()
+ return -1;
+ }
+
+- if (strcmp(isulad_tmp_dir, "/tmp") == 0) {
++ if (strcmp(isulad_tmp_dir, DEFAULT_ISULAD_TMPDIR) == 0) {
+ return 0;
+ }
+
+ // No matter whether ISULAD_TMPDIR is set or not,
+- // ensure the "/tmp" directory is a safe directory
+- if (do_ensure_isulad_tmpdir_security("/tmp") != 0) {
+- WARN("Failed to ensure the /tmp directory is a safe directory");
++ // ensure the DEFAULT_ISULAD_TMPDIR directory is a safe directory
++ // TODO: if isula is no longer tarred in the future, we can delete it.
++ if (do_ensure_isulad_tmpdir_security(DEFAULT_ISULAD_TMPDIR) != 0) {
++ WARN("Failed to ensure the default ISULAD_TMPDIR : %s directory is a safe directory", DEFAULT_ISULAD_TMPDIR);
+ }
+
+ return 0;
+diff --git a/src/common/constants.h b/src/common/constants.h
+index 5f12ae25..27d4956e 100644
+--- a/src/common/constants.h
++++ b/src/common/constants.h
+@@ -129,6 +129,8 @@ extern "C" {
+
+ #define OCI_IMAGE_GRAPH_ROOTPATH_NAME "storage"
+
++#define DEFAULT_ISULAD_TMPDIR "/var/lib/isulad"
++
+ #ifdef ENABLE_GRPC_REMOTE_CONNECT
+ #define DEFAULT_TCP_HOST "tcp://localhost:2375"
+ #define DEFAULT_TLS_HOST "tcp://localhost:2376"
+diff --git a/src/contrib/config/iSulad.sysconfig b/src/contrib/config/iSulad.sysconfig
+index 43ba7cbd..25099480 100644
+--- a/src/contrib/config/iSulad.sysconfig
++++ b/src/contrib/config/iSulad.sysconfig
+@@ -22,5 +22,5 @@
+ #SYSMONITOR_OPTIONS='-H tcp://127.0.0.1:2375 --tlsverify --tlscacert=/root/.iSulad/ca.pem --tlscert=/root/.iSulad/cert.pem --tlskey=/root/.iSulad/key.pem'
+
+ # Location used for temporary files, such as those created by isula load and pull operations.
+-# Default is /var/tmp. Can be overridden by setting the following env variable.
+-# ISULAD_TMPDIR=/var/tmp
++# Default is /var/lib/isulad. Can be overridden by setting the following env variable.
++# ISULAD_TMPDIR=/var/lib/isulad
+diff --git a/src/daemon/modules/container/leftover_cleanup/cleanup.c b/src/daemon/modules/container/leftover_cleanup/cleanup.c
+index 9a38ffc2..af5f0eee 100644
+--- a/src/daemon/modules/container/leftover_cleanup/cleanup.c
++++ b/src/daemon/modules/container/leftover_cleanup/cleanup.c
+@@ -203,12 +203,12 @@ void do_isulad_tmpdir_cleaner(void)
+ char *isula_tmp_dir = NULL;
+
+ isula_tmp_dir = getenv("ISULAD_TMPDIR");
+- if (util_valid_str(isula_tmp_dir)) {
++ if (util_valid_isulad_tmpdir(isula_tmp_dir)) {
+ cleanup_path(isula_tmp_dir);
+ }
+ // No matter whether ISULAD_TMPDIR is set or not,
+- // clean up the "/tmp" directory to prevent the mount point from remaining
+- cleanup_path("/tmp");
++ // clean up the DEFAULT_ISULAD_TMPDIR directory to prevent the mount point from remaining
++ cleanup_path(DEFAULT_ISULAD_TMPDIR);
+
+ return;
+ }
+diff --git a/src/daemon/modules/image/oci/utils_images.c b/src/daemon/modules/image/oci/utils_images.c
+index f92ee59a..d94388bd 100644
+--- a/src/daemon/modules/image/oci/utils_images.c
++++ b/src/daemon/modules/image/oci/utils_images.c
+@@ -595,7 +595,7 @@ char *oci_get_isulad_tmpdir(const char *root_dir)
+ }
+
+ env_dir = getenv("ISULAD_TMPDIR");
+- if (util_valid_str(env_dir)) {
++ if (util_valid_isulad_tmpdir(env_dir)) {
+ isulad_tmpdir = util_path_join(env_dir, "isulad_tmpdir");
+ } else {
+ isulad_tmpdir = util_path_join(root_dir, "isulad_tmpdir");
+diff --git a/src/utils/cutils/utils_verify.c b/src/utils/cutils/utils_verify.c
+index f4ce3199..7f2db48b 100644
+--- a/src/utils/cutils/utils_verify.c
++++ b/src/utils/cutils/utils_verify.c
+@@ -744,6 +744,11 @@ bool util_valid_volume_name(const char *name)
+ return util_reg_match(patten, name) == 0;
+ }
+
++bool util_valid_isulad_tmpdir(const char *dir)
++{
++ return util_valid_str(dir) && strcmp(dir, "/tmp") != 0;
++}
++
+ #ifdef ENABLE_IMAGE_SEARCH
+ bool util_valid_search_name(const char *name)
+ {
+diff --git a/src/utils/cutils/utils_verify.h b/src/utils/cutils/utils_verify.h
+index 54d1ce71..bafd2a82 100644
+--- a/src/utils/cutils/utils_verify.h
++++ b/src/utils/cutils/utils_verify.h
+@@ -124,6 +124,8 @@ bool util_valid_sysctl(const char *sysctl_key);
+
+ bool util_valid_volume_name(const char *name);
+
++bool util_valid_isulad_tmpdir(const char *dir);
++
+ #ifdef ENABLE_IMAGE_SEARCH
+ bool util_valid_search_name(const char *name);
+ #endif
+diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c
+index 82e940a5..e8fad391 100644
+--- a/src/utils/tar/util_archive.c
++++ b/src/utils/tar/util_archive.c
+@@ -134,7 +134,7 @@ static void do_disable_unneccessary_caps()
+ // Add flock when bind mount and make it private.
+ // Because bind mount usually makes safedir shared mount point,
+ // and sometimes it will cause "mount point explosion".
+-// E.g. concurrently execute isula cp /tmp/<XXX-File> <CONTAINER-ID>:<CONTAINER-PAT>
++// E.g. concurrently execute isula cp DEFAULT_ISULAD_TMPDIR/<XXX-File> <CONTAINER-ID>:<CONTAINER-PAT>
+ static int bind_mount_with_flock(const char *flock_path, const char *dstdir, const char *tmp_dir)
+ {
+ __isula_auto_close int fd = -1;
+@@ -192,9 +192,10 @@ static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, ch
+ int nret;
+
+ isulad_tmpdir_env = getenv("ISULAD_TMPDIR");
+- if (!util_valid_str(isulad_tmpdir_env)) {
+- // if not setted isulad tmpdir, just use /tmp
+- isulad_tmpdir_env = "/tmp";
++ if (!util_valid_isulad_tmpdir(isulad_tmpdir_env)) {
++ INFO("if not setted isulad tmpdir or setted unvalid dir, use DEFAULT_ISULAD_TMPDIR");
++ // if not setted isulad tmpdir, just use DEFAULT_ISULAD_TMPDIR
++ isulad_tmpdir_env = DEFAULT_ISULAD_TMPDIR;
+ }
+
+ nret = snprintf(isula_tmpdir, PATH_MAX, "%s/isulad_tmpdir", isulad_tmpdir_env);
+--
+2.42.0
+
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-20 22:14:08 +0000