0147-add-no-pivot-root-support.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229

From 3a925ead33267d44cafd182a85e75c9c3ac25d58 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 6 Nov 2024 15:24:30 +0800
Subject: [PATCH 147/156] add no pivot root support

Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
 cmake/options.cmake                           |  7 +++++++
 src/cmd/isula/base/create.c                   |  7 +++++++
 src/cmd/isula/base/create.h                   | 11 ++++++++++
 src/cmd/isula/base/run.c                      |  3 +++
 src/cmd/isula/client_arguments.h              |  4 ++++
 src/cmd/isula/isula_host_spec.c               |  5 +++++
 src/cmd/isula/isula_host_spec.h               |  4 ++++
 src/cmd/isulad-shim/process.c                 |  6 ++++++
 src/daemon/modules/api/runtime_api.h          |  1 +
 .../modules/runtime/isula/isula_rt_ops.c      |  3 +++
 .../modules/service/service_container.c       | 20 +++++++++++++++++++
 11 files changed, 71 insertions(+)

diff --git a/cmake/options.cmake b/cmake/options.cmake
index 41177fe0..15d7044a 100644
--- a/cmake/options.cmake
+++ b/cmake/options.cmake
@@ -168,6 +168,13 @@ if (ENABLE_NATIVE_NETWORK OR ENABLE_GRPC)
     set(ENABLE_NETWORK 1)
 endif()
 
+option(ENABLE_NO_PIVOT_ROOT "Enable no pivot root" ON)
+if (ENABLE_NO_PIVOT_ROOT STREQUAL "ON")
+    add_definitions(-DENABLE_NO_PIVOT_ROOT)
+    set(ENABLE_NO_PIVOT_ROOT 1)
+    message("${Green}--  Enable no pivot root${ColourReset}")
+endif()
+
 option(ENABLE_PLUGIN "enable plugin module" OFF)
 if (ENABLE_PLUGIN STREQUAL "ON")
 	add_definitions(-DENABLE_PLUGIN=1)
diff --git a/src/cmd/isula/base/create.c b/src/cmd/isula/base/create.c
index b04dddb5..7331676a 100644
--- a/src/cmd/isula/base/create.c
+++ b/src/cmd/isula/base/create.c
@@ -1292,6 +1292,10 @@ static isula_host_config_t *request_pack_host_config(const struct client_argumen
     hostconfig->publish_all = args->custom_conf.publish_all;
 #endif
 
+#ifdef ENABLE_NO_PIVOT_ROOT
+    hostconfig->no_pivot_root = args->custom_conf.no_pivot_root;
+#endif
+
     return hostconfig;
 
 error_out:
@@ -1750,6 +1754,9 @@ int cmd_create_main(int argc, const char **argv)
         COMMON_OPTIONS(g_cmd_create_args)
 #ifdef ENABLE_NATIVE_NETWORK
         CREATE_NETWORK_OPTIONS(g_cmd_create_args)
+#endif
+#ifdef ENABLE_NO_PIVOT_ROOT
+        NO_PIVOT_ROOT_OPTIONS(g_cmd_create_args)
 #endif
     };
 
diff --git a/src/cmd/isula/base/create.h b/src/cmd/isula/base/create.h
index 9eb471b4..b4205a88 100644
--- a/src/cmd/isula/base/create.h
+++ b/src/cmd/isula/base/create.h
@@ -39,6 +39,17 @@ extern "C" {
 #define USERNS_OPT(cmdargs)
 #endif
 
+#ifdef ENABLE_NO_PIVOT_ROOT
+#define NO_PIVOT_ROOT_OPTIONS(cmdargs)          \
+    { CMD_OPT_TYPE_BOOL,                        \
+        false,                                  \
+        "no-pivot",                        \
+        0,                                      \
+        &(cmdargs).custom_conf.no_pivot_root,   \
+        "disable use of pivot-root (oci runtime only)", \
+        NULL },
+#endif
+
 #define CREATE_OPTIONS(cmdargs)                                                                                                                                   \
     {                                                                                                                                                             \
         CMD_OPT_TYPE_BOOL,                                                                                                                                        \
diff --git a/src/cmd/isula/base/run.c b/src/cmd/isula/base/run.c
index 8d48244c..15e035c1 100644
--- a/src/cmd/isula/base/run.c
+++ b/src/cmd/isula/base/run.c
@@ -150,6 +150,9 @@ int cmd_run_main(int argc, const char **argv)
         CREATE_EXTEND_OPTIONS(g_cmd_run_args) RUN_OPTIONS(g_cmd_run_args)
 #ifdef ENABLE_NATIVE_NETWORK
         CREATE_NETWORK_OPTIONS(g_cmd_run_args)
+#endif
+#ifdef ENABLE_NO_PIVOT_ROOT
+        NO_PIVOT_ROOT_OPTIONS(g_cmd_run_args)
 #endif
     };
     isula_libutils_default_log_config(argv[0], &lconf);
diff --git a/src/cmd/isula/client_arguments.h b/src/cmd/isula/client_arguments.h
index 76d01122..debcc903 100644
--- a/src/cmd/isula/client_arguments.h
+++ b/src/cmd/isula/client_arguments.h
@@ -237,6 +237,10 @@ struct custom_configs {
     /* publish a container's port to the host */
     char **publish;
 #endif
+
+#ifdef ENABLE_NO_PIVOT_ROOT
+    bool no_pivot_root;
+#endif
 };
 
 struct args_cgroup_resources {
diff --git a/src/cmd/isula/isula_host_spec.c b/src/cmd/isula/isula_host_spec.c
index 9e902ed9..4c2fefa4 100644
--- a/src/cmd/isula/isula_host_spec.c
+++ b/src/cmd/isula/isula_host_spec.c
@@ -1729,6 +1729,11 @@ int generate_hostconfig(const isula_host_config_t *srcconfig, char **hostconfigs
 #ifdef ENABLE_NATIVE_NETWORK
     dstconfig->port_bindings = srcconfig->port_bindings;
 #endif
+
+#ifdef ENABLE_NO_PIVOT_ROOT
+    dstconfig->no_pivot_root = srcconfig->no_pivot_root;
+#endif
+
     *hostconfigstr = host_config_generate_json(dstconfig, &ctx, &err);
 #ifdef ENABLE_NATIVE_NETWORK
     dstconfig->port_bindings = NULL;
diff --git a/src/cmd/isula/isula_host_spec.h b/src/cmd/isula/isula_host_spec.h
index 25a54236..f00526e4 100644
--- a/src/cmd/isula/isula_host_spec.h
+++ b/src/cmd/isula/isula_host_spec.h
@@ -163,6 +163,10 @@ typedef struct isula_host_config {
     bool publish_all;
     defs_map_string_object_port_bindings *port_bindings;
 #endif
+
+#ifdef ENABLE_NO_PIVOT_ROOT
+    bool no_pivot_root;
+#endif
 } isula_host_config_t;
 
 int generate_hostconfig(const isula_host_config_t *srcconfig, char **hostconfigstr);
diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c
index 11903a5c..10d21565 100644
--- a/src/cmd/isulad-shim/process.c
+++ b/src/cmd/isulad-shim/process.c
@@ -1298,6 +1298,12 @@ static void get_runtime_cmd(process_t *p, const char *log_path, const char *pid_
         params[i++] = "create";
         params[i++] = "--bundle";
         params[i++] = p->bundle;
+#ifdef ENABLE_NO_PIVOT_ROOT
+        if (getenv("ISULAD_RAMDISK") != NULL || p->state->no_pivot_root) {
+            params[i++] = "--no-pivot";
+        }
+#endif
+
     }
     params[i++] = "--pid-file";
     params[i++] = pid_path;
diff --git a/src/daemon/modules/api/runtime_api.h b/src/daemon/modules/api/runtime_api.h
index bd170c30..930710ca 100644
--- a/src/daemon/modules/api/runtime_api.h
+++ b/src/daemon/modules/api/runtime_api.h
@@ -84,6 +84,7 @@ typedef struct _rt_create_params_t {
     bool tty;
     bool open_stdin;
     const char *task_addr;
+    bool no_pivot_root;
 } rt_create_params_t;
 
 typedef struct _rt_start_params_t {
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index dc156154..e628c3fe 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -1209,6 +1209,9 @@ int rt_isula_create(const char *id, const char *runtime, const rt_create_params_
     p.runtime_args_len = runtime_args_len;
     p.attach_socket = attach_socket;
     p.systemd_cgroup = conf_get_systemd_cgroup();
+#ifdef ENABLE_NO_PIVOT_ROOT
+    p.no_pivot_root = params->no_pivot_root;
+#endif
     copy_process(&p, config->process);
     copy_annotations(&p, config->annotations);
 
diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
index 4157c631..754c28ac 100644
--- a/src/daemon/modules/service/service_container.c
+++ b/src/daemon/modules/service/service_container.c
@@ -743,6 +743,23 @@ static int do_oci_spec_update(const char *id, oci_runtime_spec *oci_spec, contai
     return 0;
 }
 
+static bool pack_no_pivot_root(const container_t *cont)
+{
+    size_t i = 0;
+    bool ret = false;
+
+    ret = cont->hostconfig->no_pivot_root;
+    if (cont->common_config->config->annotations != NULL) {
+        for (i = 0; i < cont->common_config->config->annotations->len; i++) {
+            if (strcmp(cont->common_config->config->annotations->keys[i], "ISULAD_RAMDISK") == 0) {
+                ret = true;
+                break;
+            }
+        }
+    }
+    return ret;
+}
+
 static int do_start_container(container_t *cont, const char *console_fifos[], bool reset_rm, pid_ppid_info_t *pid_info)
 {
     int ret = 0;
@@ -906,6 +923,9 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo
     create_params.exit_fifo = exit_fifo;
     create_params.tty = tty;
     create_params.open_stdin = open_stdin;
+#ifdef ENABLE_NO_PIVOT_ROOT
+    create_params.no_pivot_root = pack_no_pivot_root(cont);
+#endif
 #ifdef ENABLE_CRI_API_V1
     if (cont->common_config->sandbox_info != NULL) {
         create_params.task_addr = cont->common_config->sandbox_info->task_address;
-- 
2.34.1