summaryrefslogtreecommitdiff
path: root/0147-add-no-pivot-root-support.patch
diff options
context:
space:
mode:
Diffstat (limited to '0147-add-no-pivot-root-support.patch')
-rw-r--r--0147-add-no-pivot-root-support.patch229
1 files changed, 229 insertions, 0 deletions
diff --git a/0147-add-no-pivot-root-support.patch b/0147-add-no-pivot-root-support.patch
new file mode 100644
index 0000000..6e29081
--- /dev/null
+++ b/0147-add-no-pivot-root-support.patch
@@ -0,0 +1,229 @@
+From 3a925ead33267d44cafd182a85e75c9c3ac25d58 Mon Sep 17 00:00:00 2001
+From: zhongtao <zhongtao17@huawei.com>
+Date: Wed, 6 Nov 2024 15:24:30 +0800
+Subject: [PATCH 147/156] add no pivot root support
+
+Signed-off-by: zhongtao <zhongtao17@huawei.com>
+---
+ cmake/options.cmake | 7 +++++++
+ src/cmd/isula/base/create.c | 7 +++++++
+ src/cmd/isula/base/create.h | 11 ++++++++++
+ src/cmd/isula/base/run.c | 3 +++
+ src/cmd/isula/client_arguments.h | 4 ++++
+ src/cmd/isula/isula_host_spec.c | 5 +++++
+ src/cmd/isula/isula_host_spec.h | 4 ++++
+ src/cmd/isulad-shim/process.c | 6 ++++++
+ src/daemon/modules/api/runtime_api.h | 1 +
+ .../modules/runtime/isula/isula_rt_ops.c | 3 +++
+ .../modules/service/service_container.c | 20 +++++++++++++++++++
+ 11 files changed, 71 insertions(+)
+
+diff --git a/cmake/options.cmake b/cmake/options.cmake
+index 41177fe0..15d7044a 100644
+--- a/cmake/options.cmake
++++ b/cmake/options.cmake
+@@ -168,6 +168,13 @@ if (ENABLE_NATIVE_NETWORK OR ENABLE_GRPC)
+ set(ENABLE_NETWORK 1)
+ endif()
+
++option(ENABLE_NO_PIVOT_ROOT "Enable no pivot root" ON)
++if (ENABLE_NO_PIVOT_ROOT STREQUAL "ON")
++ add_definitions(-DENABLE_NO_PIVOT_ROOT)
++ set(ENABLE_NO_PIVOT_ROOT 1)
++ message("${Green}-- Enable no pivot root${ColourReset}")
++endif()
++
+ option(ENABLE_PLUGIN "enable plugin module" OFF)
+ if (ENABLE_PLUGIN STREQUAL "ON")
+ add_definitions(-DENABLE_PLUGIN=1)
+diff --git a/src/cmd/isula/base/create.c b/src/cmd/isula/base/create.c
+index b04dddb5..7331676a 100644
+--- a/src/cmd/isula/base/create.c
++++ b/src/cmd/isula/base/create.c
+@@ -1292,6 +1292,10 @@ static isula_host_config_t *request_pack_host_config(const struct client_argumen
+ hostconfig->publish_all = args->custom_conf.publish_all;
+ #endif
+
++#ifdef ENABLE_NO_PIVOT_ROOT
++ hostconfig->no_pivot_root = args->custom_conf.no_pivot_root;
++#endif
++
+ return hostconfig;
+
+ error_out:
+@@ -1750,6 +1754,9 @@ int cmd_create_main(int argc, const char **argv)
+ COMMON_OPTIONS(g_cmd_create_args)
+ #ifdef ENABLE_NATIVE_NETWORK
+ CREATE_NETWORK_OPTIONS(g_cmd_create_args)
++#endif
++#ifdef ENABLE_NO_PIVOT_ROOT
++ NO_PIVOT_ROOT_OPTIONS(g_cmd_create_args)
+ #endif
+ };
+
+diff --git a/src/cmd/isula/base/create.h b/src/cmd/isula/base/create.h
+index 9eb471b4..b4205a88 100644
+--- a/src/cmd/isula/base/create.h
++++ b/src/cmd/isula/base/create.h
+@@ -39,6 +39,17 @@ extern "C" {
+ #define USERNS_OPT(cmdargs)
+ #endif
+
++#ifdef ENABLE_NO_PIVOT_ROOT
++#define NO_PIVOT_ROOT_OPTIONS(cmdargs) \
++ { CMD_OPT_TYPE_BOOL, \
++ false, \
++ "no-pivot", \
++ 0, \
++ &(cmdargs).custom_conf.no_pivot_root, \
++ "disable use of pivot-root (oci runtime only)", \
++ NULL },
++#endif
++
+ #define CREATE_OPTIONS(cmdargs) \
+ { \
+ CMD_OPT_TYPE_BOOL, \
+diff --git a/src/cmd/isula/base/run.c b/src/cmd/isula/base/run.c
+index 8d48244c..15e035c1 100644
+--- a/src/cmd/isula/base/run.c
++++ b/src/cmd/isula/base/run.c
+@@ -150,6 +150,9 @@ int cmd_run_main(int argc, const char **argv)
+ CREATE_EXTEND_OPTIONS(g_cmd_run_args) RUN_OPTIONS(g_cmd_run_args)
+ #ifdef ENABLE_NATIVE_NETWORK
+ CREATE_NETWORK_OPTIONS(g_cmd_run_args)
++#endif
++#ifdef ENABLE_NO_PIVOT_ROOT
++ NO_PIVOT_ROOT_OPTIONS(g_cmd_run_args)
+ #endif
+ };
+ isula_libutils_default_log_config(argv[0], &lconf);
+diff --git a/src/cmd/isula/client_arguments.h b/src/cmd/isula/client_arguments.h
+index 76d01122..debcc903 100644
+--- a/src/cmd/isula/client_arguments.h
++++ b/src/cmd/isula/client_arguments.h
+@@ -237,6 +237,10 @@ struct custom_configs {
+ /* publish a container's port to the host */
+ char **publish;
+ #endif
++
++#ifdef ENABLE_NO_PIVOT_ROOT
++ bool no_pivot_root;
++#endif
+ };
+
+ struct args_cgroup_resources {
+diff --git a/src/cmd/isula/isula_host_spec.c b/src/cmd/isula/isula_host_spec.c
+index 9e902ed9..4c2fefa4 100644
+--- a/src/cmd/isula/isula_host_spec.c
++++ b/src/cmd/isula/isula_host_spec.c
+@@ -1729,6 +1729,11 @@ int generate_hostconfig(const isula_host_config_t *srcconfig, char **hostconfigs
+ #ifdef ENABLE_NATIVE_NETWORK
+ dstconfig->port_bindings = srcconfig->port_bindings;
+ #endif
++
++#ifdef ENABLE_NO_PIVOT_ROOT
++ dstconfig->no_pivot_root = srcconfig->no_pivot_root;
++#endif
++
+ *hostconfigstr = host_config_generate_json(dstconfig, &ctx, &err);
+ #ifdef ENABLE_NATIVE_NETWORK
+ dstconfig->port_bindings = NULL;
+diff --git a/src/cmd/isula/isula_host_spec.h b/src/cmd/isula/isula_host_spec.h
+index 25a54236..f00526e4 100644
+--- a/src/cmd/isula/isula_host_spec.h
++++ b/src/cmd/isula/isula_host_spec.h
+@@ -163,6 +163,10 @@ typedef struct isula_host_config {
+ bool publish_all;
+ defs_map_string_object_port_bindings *port_bindings;
+ #endif
++
++#ifdef ENABLE_NO_PIVOT_ROOT
++ bool no_pivot_root;
++#endif
+ } isula_host_config_t;
+
+ int generate_hostconfig(const isula_host_config_t *srcconfig, char **hostconfigstr);
+diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c
+index 11903a5c..10d21565 100644
+--- a/src/cmd/isulad-shim/process.c
++++ b/src/cmd/isulad-shim/process.c
+@@ -1298,6 +1298,12 @@ static void get_runtime_cmd(process_t *p, const char *log_path, const char *pid_
+ params[i++] = "create";
+ params[i++] = "--bundle";
+ params[i++] = p->bundle;
++#ifdef ENABLE_NO_PIVOT_ROOT
++ if (getenv("ISULAD_RAMDISK") != NULL || p->state->no_pivot_root) {
++ params[i++] = "--no-pivot";
++ }
++#endif
++
+ }
+ params[i++] = "--pid-file";
+ params[i++] = pid_path;
+diff --git a/src/daemon/modules/api/runtime_api.h b/src/daemon/modules/api/runtime_api.h
+index bd170c30..930710ca 100644
+--- a/src/daemon/modules/api/runtime_api.h
++++ b/src/daemon/modules/api/runtime_api.h
+@@ -84,6 +84,7 @@ typedef struct _rt_create_params_t {
+ bool tty;
+ bool open_stdin;
+ const char *task_addr;
++ bool no_pivot_root;
+ } rt_create_params_t;
+
+ typedef struct _rt_start_params_t {
+diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
+index dc156154..e628c3fe 100644
+--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
++++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
+@@ -1209,6 +1209,9 @@ int rt_isula_create(const char *id, const char *runtime, const rt_create_params_
+ p.runtime_args_len = runtime_args_len;
+ p.attach_socket = attach_socket;
+ p.systemd_cgroup = conf_get_systemd_cgroup();
++#ifdef ENABLE_NO_PIVOT_ROOT
++ p.no_pivot_root = params->no_pivot_root;
++#endif
+ copy_process(&p, config->process);
+ copy_annotations(&p, config->annotations);
+
+diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
+index 4157c631..754c28ac 100644
+--- a/src/daemon/modules/service/service_container.c
++++ b/src/daemon/modules/service/service_container.c
+@@ -743,6 +743,23 @@ static int do_oci_spec_update(const char *id, oci_runtime_spec *oci_spec, contai
+ return 0;
+ }
+
++static bool pack_no_pivot_root(const container_t *cont)
++{
++ size_t i = 0;
++ bool ret = false;
++
++ ret = cont->hostconfig->no_pivot_root;
++ if (cont->common_config->config->annotations != NULL) {
++ for (i = 0; i < cont->common_config->config->annotations->len; i++) {
++ if (strcmp(cont->common_config->config->annotations->keys[i], "ISULAD_RAMDISK") == 0) {
++ ret = true;
++ break;
++ }
++ }
++ }
++ return ret;
++}
++
+ static int do_start_container(container_t *cont, const char *console_fifos[], bool reset_rm, pid_ppid_info_t *pid_info)
+ {
+ int ret = 0;
+@@ -906,6 +923,9 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo
+ create_params.exit_fifo = exit_fifo;
+ create_params.tty = tty;
+ create_params.open_stdin = open_stdin;
++#ifdef ENABLE_NO_PIVOT_ROOT
++ create_params.no_pivot_root = pack_no_pivot_root(cont);
++#endif
+ #ifdef ENABLE_CRI_API_V1
+ if (cont->common_config->sandbox_info != NULL) {
+ create_params.task_addr = cont->common_config->sandbox_info->task_address;
+--
+2.34.1
+
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-20 10:37:25 +0000