automatic import of iSuladopeneuler24.03_LTS

1 files changed, 72 insertions, 0 deletions

diff --git a/0120-get-realpath-before-ns-mountpoint-verification.patch b/0120-get-realpath-before-ns-mountpoint-verification.patch
new file mode 100644
index 0000000..3e607ca
--- /dev/null
+++ b/0120-get-realpath-before-ns-mountpoint-verification.patch
@@ -0,0 +1,72 @@
+From 6357caaf6bcf413b58e587fe3df5c508275713ee Mon Sep 17 00:00:00 2001
+From: zhongtao <zhongtao17@huawei.com>
+Date: Thu, 15 Aug 2024 19:21:19 +1400
+Subject: [PATCH 120/121] get realpath before ns mountpoint verification
+
+Signed-off-by: zhongtao <zhongtao17@huawei.com>
+---
+ .../entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc   | 9 +++++++--
+ .../entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc | 9 +++++++--
+ 2 files changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
+index 77faf48a..3ece885f 100644
+--- a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
++++ b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
+@@ -424,6 +424,7 @@ cleanup_sandbox:
+ 
+ void PodSandboxManagerService::ClearCniNetwork(const std::shared_ptr<sandbox::Sandbox> sandbox, Errors &error)
+ {
++    char real_path[PATH_MAX] = { 0 };
+     std::string networkMode = sandbox->GetNetMode();
+     if (!namespace_is_cni(networkMode.c_str()) || !sandbox->GetNetworkReady()) {
+         return;
+@@ -435,10 +436,14 @@ void PodSandboxManagerService::ClearCniNetwork(const std::shared_ptr<sandbox::Sa
+         return;
+     }
+ 
++    if (realpath(sandboxKey.c_str(), real_path) == NULL) {
++        ERROR("Failed to get %s realpath", sandboxKey.c_str());
++    }
++
+     // If the network namespace is not mounted, the network has been cleaned up
+     // and there is no need to call the cni plugin.
+-    if (!util_detect_mounted(sandboxKey.c_str())) {
+-        WARN("Network namespace %s not exist", sandboxKey.c_str());
++    if (strlen(real_path) != 0 && !util_detect_mounted(real_path)) {
++        ERROR("Network namespace %s not exist", real_path);
+         return;
+     }
+ 
+diff --git a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
+index 5590827e..1c343cda 100644
+--- a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
++++ b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
+@@ -826,6 +826,7 @@ auto PodSandboxManagerService::ClearCniNetwork(const std::string &realSandboxID,
+                                                /*error*/) -> int
+ {
+     Errors networkErr;
++    char real_path[PATH_MAX] = { 0 };
+ 
+     bool ready = GetNetworkReady(realSandboxID, networkErr);
+     if (hostNetwork || (!ready && networkErr.Empty())) {
+@@ -848,10 +849,14 @@ auto PodSandboxManagerService::ClearCniNetwork(const std::string &realSandboxID,
+         goto cleanup;
+     }
+ 
++    if (realpath(netnsPath.c_str(), real_path) == NULL) {
++        ERROR("Failed to get %s realpath", netnsPath.c_str());
++    }
++
+     // If the network namespace is not mounted, the network has been cleaned up
+     // and there is no need to call the cni plugin.
+-    if (!util_detect_mounted(netnsPath.c_str())) {
+-        WARN("Network namespace %s not exist", netnsPath.c_str());
++    if (strlen(real_path) != 0 && !util_detect_mounted(real_path)) {
++        ERROR("Network namespace %s not exist", real_path);
+         goto cleanup;
+     }
+ 
+-- 
+2.25.1
+