0052-modify-the-default-value-of-ISULAD_TMPDIR-to-var-lib.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170

From 06d42781cbfc3d9baa7155b480e22b9f4164ab91 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 12 Dec 2023 20:24:57 +0800
Subject: [PATCH 52/64] modify the default value of ISULAD_TMPDIR to
 /var/lib/isulad

Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
 src/cmd/isulad/main.c                               | 13 +++++++------
 src/common/constants.h                              |  2 ++
 src/contrib/config/iSulad.sysconfig                 |  4 ++--
 .../modules/container/leftover_cleanup/cleanup.c    |  6 +++---
 src/daemon/modules/image/oci/utils_images.c         |  2 +-
 src/utils/cutils/utils_verify.c                     |  5 +++++
 src/utils/cutils/utils_verify.h                     |  2 ++
 src/utils/tar/util_archive.c                        |  9 +++++----
 8 files changed, 27 insertions(+), 16 deletions(-)

diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c
index 95454e2a..d33e4004 100644
--- a/src/cmd/isulad/main.c
+++ b/src/cmd/isulad/main.c
@@ -1295,8 +1295,8 @@ static int ensure_isulad_tmpdir_security()
     char *isulad_tmp_dir = NULL;
 
     isulad_tmp_dir = getenv("ISULAD_TMPDIR");
-    if (!util_valid_str(isulad_tmp_dir)) {
-        isulad_tmp_dir = "/tmp";
+    if (!util_valid_isulad_tmpdir(isulad_tmp_dir)) {
+        isulad_tmp_dir = DEFAULT_ISULAD_TMPDIR;
     }
 
     if (do_ensure_isulad_tmpdir_security(isulad_tmp_dir) != 0) {
@@ -1304,14 +1304,15 @@ static int ensure_isulad_tmpdir_security()
         return -1;
     }
 
-    if (strcmp(isulad_tmp_dir, "/tmp") == 0) {
+    if (strcmp(isulad_tmp_dir, DEFAULT_ISULAD_TMPDIR) == 0) {
         return 0;
     }
 
     // No matter whether ISULAD_TMPDIR is set or not,
-    // ensure the "/tmp" directory is a safe directory
-    if (do_ensure_isulad_tmpdir_security("/tmp") != 0) {
-        WARN("Failed to ensure the /tmp directory is a safe directory");
+    // ensure the DEFAULT_ISULAD_TMPDIR directory is a safe directory
+    // TODO: if isula is no longer tarred in the future, we can delete it.
+    if (do_ensure_isulad_tmpdir_security(DEFAULT_ISULAD_TMPDIR) != 0) {
+        WARN("Failed to ensure the default ISULAD_TMPDIR : %s directory is a safe directory", DEFAULT_ISULAD_TMPDIR);
     }
 
     return 0;
diff --git a/src/common/constants.h b/src/common/constants.h
index 5f12ae25..27d4956e 100644
--- a/src/common/constants.h
+++ b/src/common/constants.h
@@ -129,6 +129,8 @@ extern "C" {
 
 #define OCI_IMAGE_GRAPH_ROOTPATH_NAME "storage"
 
+#define DEFAULT_ISULAD_TMPDIR "/var/lib/isulad"
+
 #ifdef ENABLE_GRPC_REMOTE_CONNECT
 #define DEFAULT_TCP_HOST "tcp://localhost:2375"
 #define DEFAULT_TLS_HOST "tcp://localhost:2376"
diff --git a/src/contrib/config/iSulad.sysconfig b/src/contrib/config/iSulad.sysconfig
index 43ba7cbd..25099480 100644
--- a/src/contrib/config/iSulad.sysconfig
+++ b/src/contrib/config/iSulad.sysconfig
@@ -22,5 +22,5 @@
 #SYSMONITOR_OPTIONS='-H tcp://127.0.0.1:2375 --tlsverify --tlscacert=/root/.iSulad/ca.pem --tlscert=/root/.iSulad/cert.pem --tlskey=/root/.iSulad/key.pem'
 
 # Location used for temporary files, such as those created by isula load and pull operations.
-# Default is /var/tmp. Can be overridden by setting the following env variable.
-# ISULAD_TMPDIR=/var/tmp
+# Default is /var/lib/isulad. Can be overridden by setting the following env variable.
+# ISULAD_TMPDIR=/var/lib/isulad
diff --git a/src/daemon/modules/container/leftover_cleanup/cleanup.c b/src/daemon/modules/container/leftover_cleanup/cleanup.c
index 9a38ffc2..af5f0eee 100644
--- a/src/daemon/modules/container/leftover_cleanup/cleanup.c
+++ b/src/daemon/modules/container/leftover_cleanup/cleanup.c
@@ -203,12 +203,12 @@ void do_isulad_tmpdir_cleaner(void)
     char *isula_tmp_dir = NULL;
 
     isula_tmp_dir = getenv("ISULAD_TMPDIR");
-    if (util_valid_str(isula_tmp_dir)) {
+    if (util_valid_isulad_tmpdir(isula_tmp_dir)) {
         cleanup_path(isula_tmp_dir);
     }
     // No matter whether ISULAD_TMPDIR is set or not,
-    // clean up the "/tmp" directory to prevent the mount point from remaining
-    cleanup_path("/tmp");
+    // clean up the DEFAULT_ISULAD_TMPDIR directory to prevent the mount point from remaining
+    cleanup_path(DEFAULT_ISULAD_TMPDIR);
 
     return;
 }
diff --git a/src/daemon/modules/image/oci/utils_images.c b/src/daemon/modules/image/oci/utils_images.c
index f92ee59a..d94388bd 100644
--- a/src/daemon/modules/image/oci/utils_images.c
+++ b/src/daemon/modules/image/oci/utils_images.c
@@ -595,7 +595,7 @@ char *oci_get_isulad_tmpdir(const char *root_dir)
     }
 
     env_dir = getenv("ISULAD_TMPDIR");
-    if (util_valid_str(env_dir)) {
+    if (util_valid_isulad_tmpdir(env_dir)) {
         isulad_tmpdir = util_path_join(env_dir, "isulad_tmpdir");
     } else {
         isulad_tmpdir = util_path_join(root_dir, "isulad_tmpdir");
diff --git a/src/utils/cutils/utils_verify.c b/src/utils/cutils/utils_verify.c
index f4ce3199..7f2db48b 100644
--- a/src/utils/cutils/utils_verify.c
+++ b/src/utils/cutils/utils_verify.c
@@ -744,6 +744,11 @@ bool util_valid_volume_name(const char *name)
     return util_reg_match(patten, name) == 0;
 }
 
+bool util_valid_isulad_tmpdir(const char *dir)
+{
+    return util_valid_str(dir) && strcmp(dir, "/tmp") != 0;
+}
+
 #ifdef ENABLE_IMAGE_SEARCH
 bool util_valid_search_name(const char *name)
 {
diff --git a/src/utils/cutils/utils_verify.h b/src/utils/cutils/utils_verify.h
index 54d1ce71..bafd2a82 100644
--- a/src/utils/cutils/utils_verify.h
+++ b/src/utils/cutils/utils_verify.h
@@ -124,6 +124,8 @@ bool util_valid_sysctl(const char *sysctl_key);
 
 bool util_valid_volume_name(const char *name);
 
+bool util_valid_isulad_tmpdir(const char *dir);
+
 #ifdef ENABLE_IMAGE_SEARCH
 bool util_valid_search_name(const char *name);
 #endif
diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c
index 82e940a5..e8fad391 100644
--- a/src/utils/tar/util_archive.c
+++ b/src/utils/tar/util_archive.c
@@ -134,7 +134,7 @@ static void do_disable_unneccessary_caps()
 // Add flock when bind mount and make it private.
 // Because bind mount usually makes safedir shared mount point,
 // and sometimes it will cause "mount point explosion".
-// E.g. concurrently execute isula cp /tmp/<XXX-File> <CONTAINER-ID>:<CONTAINER-PAT>
+// E.g. concurrently execute isula cp DEFAULT_ISULAD_TMPDIR/<XXX-File> <CONTAINER-ID>:<CONTAINER-PAT>
 static int bind_mount_with_flock(const char *flock_path, const char *dstdir, const char *tmp_dir)
 {
     __isula_auto_close int fd = -1;
@@ -192,9 +192,10 @@ static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, ch
     int nret;
 
     isulad_tmpdir_env = getenv("ISULAD_TMPDIR");
-    if (!util_valid_str(isulad_tmpdir_env)) {
-        // if not setted isulad tmpdir, just use /tmp
-        isulad_tmpdir_env = "/tmp";
+    if (!util_valid_isulad_tmpdir(isulad_tmpdir_env)) {
+        INFO("if not setted isulad tmpdir or setted unvalid dir, use DEFAULT_ISULAD_TMPDIR");
+        // if not setted isulad tmpdir, just use DEFAULT_ISULAD_TMPDIR
+        isulad_tmpdir_env = DEFAULT_ISULAD_TMPDIR;
     }
 
     nret = snprintf(isula_tmpdir, PATH_MAX, "%s/isulad_tmpdir", isulad_tmpdir_env);
-- 
2.42.0