automatic import of iSuladopeneuler24.03_LTS

1 files changed, 184 insertions, 0 deletions

diff --git a/0008-bug-fix-for-device-cgroup-ulimt-oci-update.patch b/0008-bug-fix-for-device-cgroup-ulimt-oci-update.patch
new file mode 100644
index 0000000..d433c46
--- /dev/null
+++ b/0008-bug-fix-for-device-cgroup-ulimt-oci-update.patch
@@ -0,0 +1,184 @@
+From fe3413bb8ebae90f29ce3cc02373f3fc2b5d2fd2 Mon Sep 17 00:00:00 2001
+From: jikai <jikai11@huawei.com>
+Date: Mon, 22 Jan 2024 20:19:29 +0800
+Subject: [PATCH 08/43] bug fix for device/cgroup/ulimt oci update
+
+Signed-off-by: jikai <jikai11@huawei.com>
+---
+ .../executor/container_cb/execution_create.c  |  7 ++-
+ src/daemon/modules/api/specs_api.h            |  4 ++
+ .../modules/service/service_container.c       | 18 +++---
+ src/daemon/modules/spec/specs.c               | 60 +++++++++++++++----
+ 4 files changed, 63 insertions(+), 26 deletions(-)
+
+diff --git a/src/daemon/executor/container_cb/execution_create.c b/src/daemon/executor/container_cb/execution_create.c
+index ca2a9163..e00afb68 100644
+--- a/src/daemon/executor/container_cb/execution_create.c
++++ b/src/daemon/executor/container_cb/execution_create.c
+@@ -533,12 +533,15 @@ static int merge_config_for_syscontainer(const container_create_request *request
+         value = request->rootfs;
+     }
+ 
+-    if (append_json_map_string_string(oci_spec->annotations, "rootfs.mount", value)) {
++    // should also update to container spec
++    if (append_json_map_string_string(container_spec->annotations, "rootfs.mount", value)
++        || append_json_map_string_string(oci_spec->annotations, "rootfs.mount", value)) {
+         ERROR("Realloc annotations failed");
+         ret = -1;
+         goto out;
+     }
+-    if (request->rootfs != NULL && append_json_map_string_string(oci_spec->annotations, "external.rootfs", "true")) {
++    if (request->rootfs != NULL && (append_json_map_string_string(container_spec->annotations, "external.rootfs", "true")
++        || append_json_map_string_string(oci_spec->annotations, "external.rootfs", "true"))) {
+         ERROR("Realloc annotations failed");
+         ret = -1;
+         goto out;
+diff --git a/src/daemon/modules/api/specs_api.h b/src/daemon/modules/api/specs_api.h
+index f5f6ad8b..f54c0d31 100644
+--- a/src/daemon/modules/api/specs_api.h
++++ b/src/daemon/modules/api/specs_api.h
+@@ -47,6 +47,10 @@ oci_runtime_spec *load_oci_config(const char *rootpath, const char *name);
+ 
+ oci_runtime_spec *default_spec(bool system_container);
+ 
++int update_oci_container_cgroups_path(const char *id, oci_runtime_spec *oci_spec, const host_config *host_spec);
++
++int update_oci_ulimit(oci_runtime_spec *oci_spec, const host_config *host_spec);
++
+ const oci_runtime_spec *get_readonly_default_oci_spec(bool system_container);
+ 
+ int spec_module_init(void);
+diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
+index 239783b8..a3606a82 100644
+--- a/src/daemon/modules/service/service_container.c
++++ b/src/daemon/modules/service/service_container.c
+@@ -693,26 +693,21 @@ out:
+ 
+ static int do_oci_spec_update(const char *id, oci_runtime_spec *oci_spec, container_config *container_spec, host_config *hostconfig)
+ {
+-    __isula_auto_free char *cgroup_parent = NULL;
+     int ret;
+ 
+-    // First renew annotations for oci spec, cgroup path, rootfs.mount, native.mask
+-    // for iSulad daemon might get updated
++    // Renew annotations for oci spec, cgroup path only,
++    // since lxc uses the "cgroup.dir" in oci annotations to create cgroup
++    // should ensure that container spec has the same annotations as oci spec
+     ret = update_spec_annotations(oci_spec, container_spec, hostconfig);
+     if (ret < 0) {
+         return -1;
+     }
+ 
+     // If isulad daemon cgroup parent updated, we should update this config into oci spec
+-    cgroup_parent = merge_container_cgroups_path(id, hostconfig);
+-    if (cgroup_parent == NULL) {
++    ret = update_oci_container_cgroups_path(id, oci_spec, hostconfig);
++    if (ret < 0) {
+         return -1;
+     }
+-    if (oci_spec->linux->cgroups_path != NULL && strcmp(oci_spec->linux->cgroups_path, cgroup_parent) != 0) {
+-        free(oci_spec->linux->cgroups_path);
+-        oci_spec->linux->cgroups_path = cgroup_parent;
+-        cgroup_parent = NULL;
+-    }
+ 
+     // For Linux.Resources, isula update will save changes into oci spec;
+     // so we just skip it;
+@@ -725,7 +720,8 @@ static int do_oci_spec_update(const char *id, oci_runtime_spec *oci_spec, contai
+     }
+ 
+     // If isulad daemon ulimit updated, we should update this config into oci spec.
+-    if (merge_global_ulimit(oci_spec) != 0) {
++    ret = update_oci_ulimit(oci_spec, hostconfig);
++    if (ret < 0) {
+         return -1;
+     }
+ 
+diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c
+index 62e340b1..464b4fb4 100644
+--- a/src/daemon/modules/spec/specs.c
++++ b/src/daemon/modules/spec/specs.c
+@@ -402,19 +402,8 @@ int update_spec_annotations(oci_runtime_spec *oci_spec, container_config *contai
+         return -1;
+     }
+ 
+-    /* add rootfs.mount */
+-    ret = add_rootfs_mount(container_spec);
+-    if (ret != 0) {
+-        ERROR("Failed to add rootfs mount");
+-        return -1;
+-    }
+-
+-    /* add native.umask */
+-    ret = add_native_umask(container_spec);
+-    if (ret != 0) {
+-        ERROR("Failed to add native umask");
+-        return -1;
+-    }
++    // other annotations will either not be updated after containers created
++    // or for rootfs mnt and umask, we do not support the update operation
+ 
+     if (merge_annotations(oci_spec, container_spec)) {
+         return -1;
+@@ -2302,6 +2291,27 @@ char *merge_container_cgroups_path(const char *id, const host_config *host_spec)
+     return util_path_join(path, id);
+ }
+ 
++int update_oci_container_cgroups_path(const char *id, oci_runtime_spec *oci_spec, const host_config *hostconfig)
++{
++    if (oci_spec == NULL || oci_spec->linux == NULL) {
++        ERROR("Invalid arguments");
++        return -1;
++    }
++
++    __isula_auto_free char *cgroup_parent = merge_container_cgroups_path(id, hostconfig);
++    if (cgroup_parent == NULL) {
++        return -1;
++    }
++
++    if (oci_spec->linux->cgroups_path != NULL && strcmp(oci_spec->linux->cgroups_path, cgroup_parent) != 0) {
++        free(oci_spec->linux->cgroups_path);
++        oci_spec->linux->cgroups_path = cgroup_parent;
++        cgroup_parent = NULL;
++    }
++
++    return 0;
++}
++
+ static int merge_oci_cgroups_path(const char *id, oci_runtime_spec *oci_spec, const host_config *host_spec)
+ {
+     if (id == NULL || oci_spec == NULL || host_spec == NULL) {
+@@ -2445,6 +2455,30 @@ out:
+     return ret;
+ }
+ 
++int update_oci_ulimit(oci_runtime_spec *oci_spec, const host_config *hostconfig) {
++    if (oci_spec == NULL || hostconfig == NULL) {
++        ERROR("Invalid arguments");
++        return -1;
++    }
++
++    size_t i = 0;
++    if (oci_spec->process != NULL) {
++        for (i = 0; i < oci_spec->process->rlimits_len; i++) {
++            free_defs_process_rlimits_element(oci_spec->process->rlimits[i]);
++            oci_spec->process->rlimits[i] = NULL;
++        }
++        free(oci_spec->process->rlimits);
++        oci_spec->process->rlimits = NULL;
++        oci_spec->process->rlimits_len = 0;
++    }
++
++    if (merge_conf_ulimits(oci_spec, hostconfig) != 0 || merge_global_ulimit(oci_spec) != 0) {
++        return -1;
++    }
++
++    return 0;
++}
++
+ /* read oci config */
+ oci_runtime_spec *load_oci_config(const char *rootpath, const char *name)
+ {
+-- 
+2.34.1
+