From e45819fcb4a96649a4030db7684f140d5ca46735 Mon Sep 17 00:00:00 2001
From: CoprDistGit <infra@openeuler.org>
Date: Tue, 3 Sep 2024 03:24:28 +0000
Subject: automatic import of iSulad

---
 0007-update-annotations-and-add-ci-cases.patch | 174 +++++++++++++++++++++++++
 1 file changed, 174 insertions(+)
 create mode 100644 0007-update-annotations-and-add-ci-cases.patch

(limited to '0007-update-annotations-and-add-ci-cases.patch')

diff --git a/0007-update-annotations-and-add-ci-cases.patch b/0007-update-annotations-and-add-ci-cases.patch
new file mode 100644
index 0000000..07b857e
--- /dev/null
+++ b/0007-update-annotations-and-add-ci-cases.patch
@@ -0,0 +1,174 @@
+From ed4b71b2027a6e9fdf15931fe93aa9e0bb3dc79d Mon Sep 17 00:00:00 2001
+From: leizhongkai <leizhongkai@huawei.com>
+Date: Wed, 31 Jan 2024 18:17:52 +0800
+Subject: [PATCH 07/43] update annotations and add ci cases
+
+Signed-off-by: leizhongkai <leizhongkai@huawei.com>
+---
+ .../container_cases/dev_cgroup_rule.sh        | 24 +++++++++++
+ src/daemon/modules/api/specs_api.h            |  2 +
+ .../modules/service/service_container.c       | 18 +++++++-
+ src/daemon/modules/spec/specs.c               | 41 ++++++++++++++++++-
+ 4 files changed, 82 insertions(+), 3 deletions(-)
+
+diff --git a/CI/test_cases/container_cases/dev_cgroup_rule.sh b/CI/test_cases/container_cases/dev_cgroup_rule.sh
+index 839a546c..5616d37a 100755
+--- a/CI/test_cases/container_cases/dev_cgroup_rule.sh
++++ b/CI/test_cases/container_cases/dev_cgroup_rule.sh
+@@ -29,6 +29,9 @@ function test_cpu_dev_cgoup_rule_spec()
+     local image="busybox"
+     local test="container device cgroup rule test with (${runtime}) => (${FUNCNAME[@]})"
+     local test_dev="/dev/testA"
++    local default_config="/etc/default/isulad/config.json"
++    local default_config_bak="/etc/default/isulad/config.json.bak"
++    local test_cgroup_parent="/testABC"
+ 
+     msg_info "${test} starting..."
+ 
+@@ -54,6 +57,27 @@ function test_cpu_dev_cgoup_rule_spec()
+     [[ $? -ne 0 ]] && [[ $cnt -le $priv_minor_88_cnt ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device minor failed" && ((ret++))
+     isula rm -f $priv_cid
+ 
++    def_cid=$(isula run -tid --runtime $runtime -m 10m $image /bin/sh)
++    [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - run container failed" && ((ret++))
++    cp $default_config $default_config_bak
++    sed -i '/"linux": {/a \ \t\t"devices": [\n\t\t{\n\t\t\t"type": "c",\n\t\t\t"path": "\/dev\/testABC",\n\t\t\t"major": 88,\n\t\t\t"minor": 88\n\t\t}\n\t\t],' $default_config
++    stop_isulad_without_valgrind
++    start_isulad_with_valgrind --cgroup-parent $test_cgroup_parent
++    [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++))
++    isula restart -t 0 $def_cid
++    [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - restart container failed" && ((ret++))
++    cat /sys/fs/cgroup/memory/$test_cgroup_parent/$def_cid/memory.limit_in_bytes | grep ^10485760$
++    [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - --cgroup-parent cannot work" && ((ret++))
++    cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$def_cid/config.json | grep "major\": 88" | wc -l)
++    [[ $? -ne 0 ]]&& [[ $cnt -ne 2 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device major failed" && ((ret++))
++    cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$def_cid/config.json | grep "minor\": 88" | wc -l)
++    [[ $? -ne 0 ]] && [[ $cnt -ne 2 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device minor failed" && ((ret++))
++    isula rm -f $def_cid
++    cp $default_config_bak $default_config
++    stop_isulad_without_valgrind
++    start_isulad_with_valgrind
++    [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++))
++
+     cid=$(isula run -tid --device "$test_dev:$test_dev" --runtime $runtime $image /bin/sh)
+     [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - run container failed" && ((ret++))
+     cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$cid/config.json | grep "major\": 88" | wc -l)
+diff --git a/src/daemon/modules/api/specs_api.h b/src/daemon/modules/api/specs_api.h
+index 7c904614..f5f6ad8b 100644
+--- a/src/daemon/modules/api/specs_api.h
++++ b/src/daemon/modules/api/specs_api.h
+@@ -41,6 +41,8 @@ int merge_share_namespace(oci_runtime_spec *oci_spec, const host_config *host_sp
+                           const container_config_v2_common_config *v2_spec,
+                           const container_network_settings *network_settings);
+ 
++int update_spec_annotations(oci_runtime_spec *oci_spec, container_config *container_spec, host_config *host_spec);
++
+ oci_runtime_spec *load_oci_config(const char *rootpath, const char *name);
+ 
+ oci_runtime_spec *default_spec(bool system_container);
+diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
+index 97f73768..239783b8 100644
+--- a/src/daemon/modules/service/service_container.c
++++ b/src/daemon/modules/service/service_container.c
+@@ -691,11 +691,18 @@ out:
+     epoll_loop_close(&descr);
+ }
+ 
+-static int do_oci_spec_update(const char *id, oci_runtime_spec *oci_spec, host_config *hostconfig)
++static int do_oci_spec_update(const char *id, oci_runtime_spec *oci_spec, container_config *container_spec, host_config *hostconfig)
+ {
+     __isula_auto_free char *cgroup_parent = NULL;
+     int ret;
+ 
++    // First renew annotations for oci spec, cgroup path, rootfs.mount, native.mask
++    // for iSulad daemon might get updated
++    ret = update_spec_annotations(oci_spec, container_spec, hostconfig);
++    if (ret < 0) {
++        return -1;
++    }
++
+     // If isulad daemon cgroup parent updated, we should update this config into oci spec
+     cgroup_parent = merge_container_cgroups_path(id, hostconfig);
+     if (cgroup_parent == NULL) {
+@@ -802,13 +809,20 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo
+     }
+ 
+     // Update possible changes
+-    nret = do_oci_spec_update(id, oci_spec, cont->hostconfig);
++    nret = do_oci_spec_update(id, oci_spec, cont->common_config->config, cont->hostconfig);
+     if (nret != 0) {
+         ERROR("Failed to update possible changes for oci spec");
+         ret = -1;
+         goto close_exit_fd;
+     }
+ 
++    nret = container_to_disk(cont);
++    if (nret != 0) {
++        ERROR("Failed to save container info to disk");
++        ret = -1;
++        goto close_exit_fd;
++    }
++
+     nret = setup_ipc_dirs(cont->hostconfig, cont->common_config);
+     if (nret != 0) {
+         ERROR("Failed to setup ipc dirs");
+diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c
+index cc49d85f..62e340b1 100644
+--- a/src/daemon/modules/spec/specs.c
++++ b/src/daemon/modules/spec/specs.c
+@@ -385,6 +385,44 @@ out:
+     return ret;
+ }
+ 
++int update_spec_annotations(oci_runtime_spec *oci_spec, container_config *container_spec, host_config *host_spec)
++{
++    int ret = 0;
++    if (oci_spec == NULL || container_spec == NULL || host_spec == NULL) {
++        return -1;
++    }
++
++    ret = make_sure_container_spec_annotations(container_spec);
++    if (ret < 0) {
++        return -1;
++    }
++
++    ret = make_annotations_cgroup_dir(container_spec, host_spec);
++    if (ret != 0) {
++        return -1;
++    }
++
++    /* add rootfs.mount */
++    ret = add_rootfs_mount(container_spec);
++    if (ret != 0) {
++        ERROR("Failed to add rootfs mount");
++        return -1;
++    }
++
++    /* add native.umask */
++    ret = add_native_umask(container_spec);
++    if (ret != 0) {
++        ERROR("Failed to add native umask");
++        return -1;
++    }
++
++    if (merge_annotations(oci_spec, container_spec)) {
++        return -1;
++    }
++
++    return 0;
++}
++
+ static int make_sure_oci_spec_root(oci_runtime_spec *oci_spec)
+ {
+     if (oci_spec->root == NULL) {
+@@ -2501,4 +2539,5 @@ int spec_module_init(void)
+         return -1;
+     }
+     return 0;
+-}
+\ No newline at end of file
++}
++
+-- 
+2.34.1
+
-- 
cgit v1.2.3