From e45819fcb4a96649a4030db7684f140d5ca46735 Mon Sep 17 00:00:00 2001
From: CoprDistGit <infra@openeuler.org>
Date: Tue, 3 Sep 2024 03:24:28 +0000
Subject: automatic import of iSulad

---
 ...ealpath-before-ns-mountpoint-verification.patch | 72 ++++++++++++++++++++++
 1 file changed, 72 insertions(+)
 create mode 100644 0120-get-realpath-before-ns-mountpoint-verification.patch

(limited to '0120-get-realpath-before-ns-mountpoint-verification.patch')

diff --git a/0120-get-realpath-before-ns-mountpoint-verification.patch b/0120-get-realpath-before-ns-mountpoint-verification.patch
new file mode 100644
index 0000000..3e607ca
--- /dev/null
+++ b/0120-get-realpath-before-ns-mountpoint-verification.patch
@@ -0,0 +1,72 @@
+From 6357caaf6bcf413b58e587fe3df5c508275713ee Mon Sep 17 00:00:00 2001
+From: zhongtao <zhongtao17@huawei.com>
+Date: Thu, 15 Aug 2024 19:21:19 +1400
+Subject: [PATCH 120/121] get realpath before ns mountpoint verification
+
+Signed-off-by: zhongtao <zhongtao17@huawei.com>
+---
+ .../entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc   | 9 +++++++--
+ .../entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc | 9 +++++++--
+ 2 files changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
+index 77faf48a..3ece885f 100644
+--- a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
++++ b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
+@@ -424,6 +424,7 @@ cleanup_sandbox:
+ 
+ void PodSandboxManagerService::ClearCniNetwork(const std::shared_ptr<sandbox::Sandbox> sandbox, Errors &error)
+ {
++    char real_path[PATH_MAX] = { 0 };
+     std::string networkMode = sandbox->GetNetMode();
+     if (!namespace_is_cni(networkMode.c_str()) || !sandbox->GetNetworkReady()) {
+         return;
+@@ -435,10 +436,14 @@ void PodSandboxManagerService::ClearCniNetwork(const std::shared_ptr<sandbox::Sa
+         return;
+     }
+ 
++    if (realpath(sandboxKey.c_str(), real_path) == NULL) {
++        ERROR("Failed to get %s realpath", sandboxKey.c_str());
++    }
++
+     // If the network namespace is not mounted, the network has been cleaned up
+     // and there is no need to call the cni plugin.
+-    if (!util_detect_mounted(sandboxKey.c_str())) {
+-        WARN("Network namespace %s not exist", sandboxKey.c_str());
++    if (strlen(real_path) != 0 && !util_detect_mounted(real_path)) {
++        ERROR("Network namespace %s not exist", real_path);
+         return;
+     }
+ 
+diff --git a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
+index 5590827e..1c343cda 100644
+--- a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
++++ b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
+@@ -826,6 +826,7 @@ auto PodSandboxManagerService::ClearCniNetwork(const std::string &realSandboxID,
+                                                /*error*/) -> int
+ {
+     Errors networkErr;
++    char real_path[PATH_MAX] = { 0 };
+ 
+     bool ready = GetNetworkReady(realSandboxID, networkErr);
+     if (hostNetwork || (!ready && networkErr.Empty())) {
+@@ -848,10 +849,14 @@ auto PodSandboxManagerService::ClearCniNetwork(const std::string &realSandboxID,
+         goto cleanup;
+     }
+ 
++    if (realpath(netnsPath.c_str(), real_path) == NULL) {
++        ERROR("Failed to get %s realpath", netnsPath.c_str());
++    }
++
+     // If the network namespace is not mounted, the network has been cleaned up
+     // and there is no need to call the cni plugin.
+-    if (!util_detect_mounted(netnsPath.c_str())) {
+-        WARN("Network namespace %s not exist", netnsPath.c_str());
++    if (strlen(real_path) != 0 && !util_detect_mounted(real_path)) {
++        ERROR("Network namespace %s not exist", real_path);
+         goto cleanup;
+     }
+ 
+-- 
+2.25.1
+
-- 
cgit v1.2.3