From bb8a86534e70cc0c378583bac1a272e32527c0a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=AD=A6=E7=A7=AF=E8=B6=85?= Date: Thu, 17 Oct 2024 19:40:35 +0800 Subject: [PATCH] unify nri variable format and Align the release version (cherry picked from commit 32865fd57d85385ee84526d6b97d5e61531f6dd0) --- ...d-args-len-set-in-execute_lxc_attach.patch | 32 + 0016-add-nri-definitions.patch | 985 ++++++++++++++++++ 0017-add-struct-for-nri.patch | 60 ++ 0018-add-nri-def-in-host-config.patch | 59 ++ ...nvalid-usage-of-arrtibute-visibility.patch | 76 ++ 0020-unify-nri-variable-format.patch | 42 + lcr.spec | 32 +- 7 files changed, 1285 insertions(+), 1 deletion(-) create mode 100644 0015-fix-invalid-args-len-set-in-execute_lxc_attach.patch create mode 100644 0016-add-nri-definitions.patch create mode 100644 0017-add-struct-for-nri.patch create mode 100644 0018-add-nri-def-in-host-config.patch create mode 100644 0019-fix-invalid-usage-of-arrtibute-visibility.patch create mode 100644 0020-unify-nri-variable-format.patch diff --git a/0015-fix-invalid-args-len-set-in-execute_lxc_attach.patch b/0015-fix-invalid-args-len-set-in-execute_lxc_attach.patch new file mode 100644 index 0000000..ccb9487 --- /dev/null +++ b/0015-fix-invalid-args-len-set-in-execute_lxc_attach.patch @@ -0,0 +1,32 @@ +From 402f757eb53038d17c4b5ec48dbdd86df7006957 Mon Sep 17 00:00:00 2001 +From: jikai +Date: Mon, 8 Jul 2024 12:05:46 +0000 +Subject: [PATCH 15/20] fix invalid args len set in execute_lxc_attach + +Signed-off-by: jikai +--- + src/runtime/lcrcontainer_execute.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/src/runtime/lcrcontainer_execute.c b/src/runtime/lcrcontainer_execute.c +index 251fb85..e4cdcc1 100644 +--- a/src/runtime/lcrcontainer_execute.c ++++ b/src/runtime/lcrcontainer_execute.c +@@ -836,7 +836,13 @@ static void execute_lxc_attach(const char *name, const char *path, const struct + exit(EXIT_FAILURE); + } + +- args_len = args_len + request->args_len + request->env_len; ++ if (args_len > SIZE_MAX - request->args_len || request->env_len > SIZE_MAX / 2 ++ || args_len + request->args_len > SIZE_MAX - request->env_len * 2) { ++ COMMAND_ERROR("Too many arguments"); ++ exit(EXIT_FAILURE); ++ } ++ ++ args_len = args_len + request->args_len + request->env_len * 2; + + params = isula_smart_calloc_s(sizeof(char *), args_len); + if (params == NULL) { +-- +2.33.0 + diff --git a/0016-add-nri-definitions.patch b/0016-add-nri-definitions.patch new file mode 100644 index 0000000..307dd4e --- /dev/null +++ b/0016-add-nri-definitions.patch @@ -0,0 +1,985 @@ +From 2560ee5a4765d7e378eb906da2e84dc1d3202e30 Mon Sep 17 00:00:00 2001 +From: jikai +Date: Sat, 6 Jul 2024 03:14:43 +0000 +Subject: [PATCH 16/20] add nri definitions + +Signed-off-by: jikai +--- + src/json/schema/nri/configure-request.json | 15 ++++++ + src/json/schema/nri/configure-response.json | 9 ++++ + src/json/schema/nri/container-adjustment.json | 33 ++++++++++++ + src/json/schema/nri/container-eviction.json | 12 +++++ + src/json/schema/nri/container-update.json | 15 ++++++ + src/json/schema/nri/container.json | 51 +++++++++++++++++++ + .../schema/nri/create-container-request.json | 12 +++++ + .../schema/nri/create-container-response.json | 21 ++++++++ + src/json/schema/nri/hook.json | 18 +++++++ + src/json/schema/nri/hooks.json | 42 +++++++++++++++ + src/json/schema/nri/hugepage-limit.json | 12 +++++ + src/json/schema/nri/key-value.json | 12 +++++ + .../nri/linux-container-adjustment.json | 18 +++++++ + .../schema/nri/linux-container-update.json | 9 ++++ + src/json/schema/nri/linux-container.json | 27 ++++++++++ + src/json/schema/nri/linux-cpu.json | 27 ++++++++++ + src/json/schema/nri/linux-device-cgroup.json | 21 ++++++++ + src/json/schema/nri/linux-device.json | 27 ++++++++++ + src/json/schema/nri/linux-memory.json | 30 +++++++++++ + src/json/schema/nri/linux-namespace.json | 12 +++++ + src/json/schema/nri/linux-pod-sandbox.json | 27 ++++++++++ + src/json/schema/nri/linux-resources.json | 33 ++++++++++++ + src/json/schema/nri/mount.json | 18 +++++++ + src/json/schema/nri/pod-sandbox.json | 33 ++++++++++++ + src/json/schema/nri/posix-rlimit.json | 15 ++++++ + .../schema/nri/register-plugin-request.json | 12 +++++ + src/json/schema/nri/state-change-event.json | 15 ++++++ + .../schema/nri/stop-container-request.json | 12 +++++ + .../schema/nri/stop-container-response.json | 12 +++++ + src/json/schema/nri/synchronize-request.json | 18 +++++++ + src/json/schema/nri/synchronize-response.json | 12 +++++ + .../schema/nri/update-container-request.json | 15 ++++++ + .../schema/nri/update-container-response.json | 18 +++++++ + .../schema/nri/update-containers-request.json | 18 +++++++ + .../nri/update-containers-response.json | 12 +++++ + 35 files changed, 693 insertions(+) + create mode 100644 src/json/schema/nri/configure-request.json + create mode 100644 src/json/schema/nri/configure-response.json + create mode 100644 src/json/schema/nri/container-adjustment.json + create mode 100644 src/json/schema/nri/container-eviction.json + create mode 100644 src/json/schema/nri/container-update.json + create mode 100644 src/json/schema/nri/container.json + create mode 100644 src/json/schema/nri/create-container-request.json + create mode 100644 src/json/schema/nri/create-container-response.json + create mode 100644 src/json/schema/nri/hook.json + create mode 100644 src/json/schema/nri/hooks.json + create mode 100644 src/json/schema/nri/hugepage-limit.json + create mode 100644 src/json/schema/nri/key-value.json + create mode 100644 src/json/schema/nri/linux-container-adjustment.json + create mode 100644 src/json/schema/nri/linux-container-update.json + create mode 100644 src/json/schema/nri/linux-container.json + create mode 100644 src/json/schema/nri/linux-cpu.json + create mode 100644 src/json/schema/nri/linux-device-cgroup.json + create mode 100644 src/json/schema/nri/linux-device.json + create mode 100644 src/json/schema/nri/linux-memory.json + create mode 100644 src/json/schema/nri/linux-namespace.json + create mode 100644 src/json/schema/nri/linux-pod-sandbox.json + create mode 100644 src/json/schema/nri/linux-resources.json + create mode 100644 src/json/schema/nri/mount.json + create mode 100644 src/json/schema/nri/pod-sandbox.json + create mode 100644 src/json/schema/nri/posix-rlimit.json + create mode 100644 src/json/schema/nri/register-plugin-request.json + create mode 100644 src/json/schema/nri/state-change-event.json + create mode 100644 src/json/schema/nri/stop-container-request.json + create mode 100644 src/json/schema/nri/stop-container-response.json + create mode 100644 src/json/schema/nri/synchronize-request.json + create mode 100644 src/json/schema/nri/synchronize-response.json + create mode 100644 src/json/schema/nri/update-container-request.json + create mode 100644 src/json/schema/nri/update-container-response.json + create mode 100644 src/json/schema/nri/update-containers-request.json + create mode 100644 src/json/schema/nri/update-containers-response.json + +diff --git a/src/json/schema/nri/configure-request.json b/src/json/schema/nri/configure-request.json +new file mode 100644 +index 0000000..895d565 +--- /dev/null ++++ b/src/json/schema/nri/configure-request.json +@@ -0,0 +1,15 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "config": { ++ "type": "string" ++ }, ++ "runtime_name": { ++ "type": "string" ++ }, ++ "runtime_version": { ++ "type": "string" ++ } ++ } ++} +diff --git a/src/json/schema/nri/configure-response.json b/src/json/schema/nri/configure-response.json +new file mode 100644 +index 0000000..e18ef06 +--- /dev/null ++++ b/src/json/schema/nri/configure-response.json +@@ -0,0 +1,9 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "events": { ++ "$ref": "../defs.json#/definitions/int32" ++ } ++ } ++} +diff --git a/src/json/schema/nri/container-adjustment.json b/src/json/schema/nri/container-adjustment.json +new file mode 100644 +index 0000000..e656e66 +--- /dev/null ++++ b/src/json/schema/nri/container-adjustment.json +@@ -0,0 +1,33 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "annotations": { ++ "$ref": "../defs.json#/definitions/mapStringString" ++ }, ++ "mounts": { ++ "type": "array", ++ "items": { ++ "$ref": "mount.json" ++ } ++ }, ++ "env": { ++ "type": "array", ++ "items": { ++ "$ref": "key-value.json" ++ } ++ }, ++ "hooks": { ++ "$ref": "hooks.json" ++ }, ++ "linux": { ++ "$ref": "linux-container-adjustment.json" ++ }, ++ "rlimits": { ++ "type": "array", ++ "items": { ++ "$ref": "posix-rlimit.json" ++ } ++ } ++ } ++} +diff --git a/src/json/schema/nri/container-eviction.json b/src/json/schema/nri/container-eviction.json +new file mode 100644 +index 0000000..c7530c3 +--- /dev/null ++++ b/src/json/schema/nri/container-eviction.json +@@ -0,0 +1,12 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "container_id": { ++ "type": "string" ++ }, ++ "reason": { ++ "type": "string" ++ } ++ } ++} +diff --git a/src/json/schema/nri/container-update.json b/src/json/schema/nri/container-update.json +new file mode 100644 +index 0000000..b1fb034 +--- /dev/null ++++ b/src/json/schema/nri/container-update.json +@@ -0,0 +1,15 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "container_id": { ++ "type": "string" ++ }, ++ "linux": { ++ "$ref": "linux-container-update.json" ++ }, ++ "ignore_failure": { ++ "$ref": "../defs.json#/definitions/uint8" ++ } ++ } ++} +diff --git a/src/json/schema/nri/container.json b/src/json/schema/nri/container.json +new file mode 100644 +index 0000000..9a48765 +--- /dev/null ++++ b/src/json/schema/nri/container.json +@@ -0,0 +1,51 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "id": { ++ "type": "string" ++ }, ++ "pod_sandbox_id": { ++ "type": "string" ++ }, ++ "name": { ++ "type": "string" ++ }, ++ "state": { ++ "$ref": "../defs.json#/definitions/int32" ++ }, ++ "labels": { ++ "$ref": "../defs.json#/definitions/mapStringString" ++ }, ++ "annotations": { ++ "$ref": "../defs.json#/definitions/mapStringString" ++ }, ++ "args": { ++ "$ref": "../defs.json#/definitions/ArrayOfStrings" ++ }, ++ "env": { ++ "$ref": "../defs.json#/definitions/ArrayOfStrings" ++ }, ++ "mounts": { ++ "type": "array", ++ "items": { ++ "$ref": "mount.json" ++ } ++ }, ++ "hooks": { ++ "$ref": "hooks.json" ++ }, ++ "linux": { ++ "$ref": "linux-container.json" ++ }, ++ "pid": { ++ "$ref": "../defs.json#/definitions/uint32" ++ }, ++ "rlimits": { ++ "type": "array", ++ "items": { ++ "$ref": "posix-rlimit.json" ++ } ++ } ++ } ++} +diff --git a/src/json/schema/nri/create-container-request.json b/src/json/schema/nri/create-container-request.json +new file mode 100644 +index 0000000..1a9d17c +--- /dev/null ++++ b/src/json/schema/nri/create-container-request.json +@@ -0,0 +1,12 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "pod": { ++ "$ref": "pod-sandbox.json" ++ }, ++ "container": { ++ "$ref": "container.json" ++ } ++ } ++} +diff --git a/src/json/schema/nri/create-container-response.json b/src/json/schema/nri/create-container-response.json +new file mode 100644 +index 0000000..5f82ae5 +--- /dev/null ++++ b/src/json/schema/nri/create-container-response.json +@@ -0,0 +1,21 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "adjust": { ++ "$ref": "container-adjustment.json" ++ }, ++ "update": { ++ "type": "array", ++ "items": { ++ "$ref": "container-update.json" ++ } ++ }, ++ "evict": { ++ "type": "array", ++ "items": { ++ "$ref": "container-eviction.json" ++ } ++ } ++ } ++} +diff --git a/src/json/schema/nri/hook.json b/src/json/schema/nri/hook.json +new file mode 100644 +index 0000000..b7bb093 +--- /dev/null ++++ b/src/json/schema/nri/hook.json +@@ -0,0 +1,18 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "path": { ++ "type": "string" ++ }, ++ "args": { ++ "$ref": "../defs.json#/definitions/ArrayOfStrings" ++ }, ++ "env": { ++ "$ref": "../defs.json#/definitions/ArrayOfStrings" ++ }, ++ "timeout": { ++ "$ref": "../defs.json#/definitions/int64Pointer" ++ } ++ } ++} +diff --git a/src/json/schema/nri/hooks.json b/src/json/schema/nri/hooks.json +new file mode 100644 +index 0000000..c2a42a9 +--- /dev/null ++++ b/src/json/schema/nri/hooks.json +@@ -0,0 +1,42 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "prestart": { ++ "type": "array", ++ "items": { ++ "$ref": "hook.json" ++ } ++ }, ++ "create_runtime": { ++ "type": "array", ++ "items": { ++ "$ref": "hook.json" ++ } ++ }, ++ "create_container": { ++ "type": "array", ++ "items": { ++ "$ref": "hook.json" ++ } ++ }, ++ "start_container": { ++ "type": "array", ++ "items": { ++ "$ref": "hook.json" ++ } ++ }, ++ "poststart": { ++ "type": "array", ++ "items": { ++ "$ref": "hook.json" ++ } ++ }, ++ "poststop": { ++ "type": "array", ++ "items": { ++ "$ref": "hook.json" ++ } ++ } ++ } ++} +diff --git a/src/json/schema/nri/hugepage-limit.json b/src/json/schema/nri/hugepage-limit.json +new file mode 100644 +index 0000000..ce909ef +--- /dev/null ++++ b/src/json/schema/nri/hugepage-limit.json +@@ -0,0 +1,12 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "page_size": { ++ "type": "string" ++ }, ++ "limit": { ++ "$ref": "../defs.json#/definitions/uint64" ++ } ++ } ++} +diff --git a/src/json/schema/nri/key-value.json b/src/json/schema/nri/key-value.json +new file mode 100644 +index 0000000..f6eedc6 +--- /dev/null ++++ b/src/json/schema/nri/key-value.json +@@ -0,0 +1,12 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "key": { ++ "type": "string" ++ }, ++ "value": { ++ "type": "string" ++ } ++ } ++} +diff --git a/src/json/schema/nri/linux-container-adjustment.json b/src/json/schema/nri/linux-container-adjustment.json +new file mode 100644 +index 0000000..54d16e7 +--- /dev/null ++++ b/src/json/schema/nri/linux-container-adjustment.json +@@ -0,0 +1,18 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "devices": { ++ "type": "array", ++ "items": { ++ "$ref": "linux-device.json" ++ } ++ }, ++ "resources": { ++ "$ref": "linux-resources.json" ++ }, ++ "cgroups-path": { ++ "type": "string" ++ } ++ } ++} +diff --git a/src/json/schema/nri/linux-container-update.json b/src/json/schema/nri/linux-container-update.json +new file mode 100644 +index 0000000..ddc627d +--- /dev/null ++++ b/src/json/schema/nri/linux-container-update.json +@@ -0,0 +1,9 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "resources": { ++ "$ref": "linux-resources.json" ++ } ++ } ++} +diff --git a/src/json/schema/nri/linux-container.json b/src/json/schema/nri/linux-container.json +new file mode 100644 +index 0000000..72978db +--- /dev/null ++++ b/src/json/schema/nri/linux-container.json +@@ -0,0 +1,27 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "namespaces": { ++ "type": "array", ++ "items": { ++ "$ref": "linux-namespace.json" ++ } ++ }, ++ "devices": { ++ "type": "array", ++ "items": { ++ "$ref": "linux-device.json" ++ } ++ }, ++ "resources": { ++ "$ref": "linux-resources.json" ++ }, ++ "oom_score_adj": { ++ "$ref": "../defs.json#/definitions/int64Pointer" ++ }, ++ "cgroups_path": { ++ "type": "string" ++ } ++ } ++} +diff --git a/src/json/schema/nri/linux-cpu.json b/src/json/schema/nri/linux-cpu.json +new file mode 100644 +index 0000000..c8cdf95 +--- /dev/null ++++ b/src/json/schema/nri/linux-cpu.json +@@ -0,0 +1,27 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "shares": { ++ "$ref": "../defs.json#/definitions/uint64Pointer" ++ }, ++ "quota": { ++ "$ref": "../defs.json#/definitions/int64Pointer" ++ }, ++ "period": { ++ "$ref": "../defs.json#/definitions/uint64Pointer" ++ }, ++ "realtime_runtime": { ++ "$ref": "../defs.json#/definitions/int64Pointer" ++ }, ++ "realtime_period": { ++ "$ref": "../defs.json#/definitions/uint64Pointer" ++ }, ++ "cpus": { ++ "type": "string" ++ }, ++ "mems": { ++ "type": "string" ++ } ++ } ++} +diff --git a/src/json/schema/nri/linux-device-cgroup.json b/src/json/schema/nri/linux-device-cgroup.json +new file mode 100644 +index 0000000..feac3c8 +--- /dev/null ++++ b/src/json/schema/nri/linux-device-cgroup.json +@@ -0,0 +1,21 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "allow": { ++ "$ref": "../defs.json#/definitions/uint8" ++ }, ++ "type": { ++ "type": "string" ++ }, ++ "major": { ++ "$ref": "../defs.json#/definitions/int64Pointer" ++ }, ++ "minor": { ++ "$ref": "../defs.json#/definitions/int64Pointer" ++ }, ++ "access": { ++ "type": "string" ++ } ++ } ++} +diff --git a/src/json/schema/nri/linux-device.json b/src/json/schema/nri/linux-device.json +new file mode 100644 +index 0000000..a7db26e +--- /dev/null ++++ b/src/json/schema/nri/linux-device.json +@@ -0,0 +1,27 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "path": { ++ "type": "string" ++ }, ++ "type": { ++ "type": "string" ++ }, ++ "major": { ++ "$ref": "../defs.json#/definitions/int64" ++ }, ++ "minor": { ++ "$ref": "../defs.json#/definitions/int64" ++ }, ++ "file_mode": { ++ "$ref": "../defs.json#/definitions/uint32Pointer" ++ }, ++ "uid": { ++ "$ref": "../defs.json#/definitions/uint32Pointer" ++ }, ++ "gid": { ++ "$ref": "../defs.json#/definitions/uint32Pointer" ++ } ++ } ++} +diff --git a/src/json/schema/nri/linux-memory.json b/src/json/schema/nri/linux-memory.json +new file mode 100644 +index 0000000..a5a841f +--- /dev/null ++++ b/src/json/schema/nri/linux-memory.json +@@ -0,0 +1,30 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "limit": { ++ "$ref": "../defs.json#/definitions/int64Pointer" ++ }, ++ "reservation": { ++ "$ref": "../defs.json#/definitions/int64Pointer" ++ }, ++ "swap": { ++ "$ref": "../defs.json#/definitions/int64Pointer" ++ }, ++ "kernel": { ++ "$ref": "../defs.json#/definitions/int64Pointer" ++ }, ++ "kernel_tcp": { ++ "$ref": "../defs.json#/definitions/int64Pointer" ++ }, ++ "swappiness": { ++ "$ref": "../defs.json#/definitions/uint64Pointer" ++ }, ++ "disable_oom_killer": { ++ "$ref": "../defs.json#/definitions/uint8Pointer" ++ }, ++ "use_hierarchy": { ++ "$ref": "../defs.json#/definitions/uint8Pointer" ++ } ++ } ++} +diff --git a/src/json/schema/nri/linux-namespace.json b/src/json/schema/nri/linux-namespace.json +new file mode 100644 +index 0000000..9e1e386 +--- /dev/null ++++ b/src/json/schema/nri/linux-namespace.json +@@ -0,0 +1,12 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "type": { ++ "type": "string" ++ }, ++ "path": { ++ "type": "string" ++ } ++ } ++} +diff --git a/src/json/schema/nri/linux-pod-sandbox.json b/src/json/schema/nri/linux-pod-sandbox.json +new file mode 100644 +index 0000000..0c963be +--- /dev/null ++++ b/src/json/schema/nri/linux-pod-sandbox.json +@@ -0,0 +1,27 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "pod_overhead": { ++ "$ref": "linux-resources.json" ++ }, ++ "pod_resources": { ++ "$ref": "linux-resources.json" ++ }, ++ "cgroup_parent": { ++ "type": "string" ++ }, ++ "cgroups_path": { ++ "type": "string" ++ }, ++ "namespaces": { ++ "type": "array", ++ "items": { ++ "$ref": "linux-namespace.json" ++ } ++ }, ++ "resources": { ++ "$ref": "linux-resources.json" ++ } ++ } ++} +diff --git a/src/json/schema/nri/linux-resources.json b/src/json/schema/nri/linux-resources.json +new file mode 100644 +index 0000000..1d16960 +--- /dev/null ++++ b/src/json/schema/nri/linux-resources.json +@@ -0,0 +1,33 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "memory": { ++ "$ref": "linux-memory.json" ++ }, ++ "cpu": { ++ "$ref": "linux-cpu.json" ++ }, ++ "hugepage_limits": { ++ "type": "array", ++ "items": { ++ "$ref": "hugepage-limit.json" ++ } ++ }, ++ "blockio_class": { ++ "type": "string" ++ }, ++ "rdt_class": { ++ "type": "string" ++ }, ++ "unified": { ++ "$ref": "../defs.json#/definitions/mapStringString" ++ }, ++ "devices": { ++ "type": "array", ++ "items": { ++ "$ref": "linux-device-cgroup.json" ++ } ++ } ++ } ++} +diff --git a/src/json/schema/nri/mount.json b/src/json/schema/nri/mount.json +new file mode 100644 +index 0000000..ae9c666 +--- /dev/null ++++ b/src/json/schema/nri/mount.json +@@ -0,0 +1,18 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "destination": { ++ "type": "string" ++ }, ++ "type": { ++ "type": "string" ++ }, ++ "source": { ++ "type": "string" ++ }, ++ "options": { ++ "$ref": "../defs.json#/definitions/ArrayOfStrings" ++ } ++ } ++} +diff --git a/src/json/schema/nri/pod-sandbox.json b/src/json/schema/nri/pod-sandbox.json +new file mode 100644 +index 0000000..85a1284 +--- /dev/null ++++ b/src/json/schema/nri/pod-sandbox.json +@@ -0,0 +1,33 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "id": { ++ "type": "string" ++ }, ++ "name": { ++ "type": "string" ++ }, ++ "uid": { ++ "type": "string" ++ }, ++ "_namespace": { ++ "type": "string" ++ }, ++ "labels": { ++ "$ref": "../defs.json#/definitions/mapStringString" ++ }, ++ "annotations": { ++ "$ref": "../defs.json#/definitions/mapStringString" ++ }, ++ "runtime_handler": { ++ "type": "string" ++ }, ++ "linux": { ++ "$ref": "linux-pod-sandbox.json" ++ }, ++ "pid": { ++ "$ref": "../defs.json#/definitions/uint32" ++ } ++ } ++} +diff --git a/src/json/schema/nri/posix-rlimit.json b/src/json/schema/nri/posix-rlimit.json +new file mode 100644 +index 0000000..1ba8e20 +--- /dev/null ++++ b/src/json/schema/nri/posix-rlimit.json +@@ -0,0 +1,15 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "type": { ++ "type": "string" ++ }, ++ "hard": { ++ "$ref": "../defs.json#/definitions/uint64" ++ }, ++ "soft": { ++ "$ref": "../defs.json#/definitions/uint64" ++ } ++ } ++} +diff --git a/src/json/schema/nri/register-plugin-request.json b/src/json/schema/nri/register-plugin-request.json +new file mode 100644 +index 0000000..436264a +--- /dev/null ++++ b/src/json/schema/nri/register-plugin-request.json +@@ -0,0 +1,12 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "plugin_name": { ++ "type": "string" ++ }, ++ "plugin_idx": { ++ "type": "string" ++ } ++ } ++} +diff --git a/src/json/schema/nri/state-change-event.json b/src/json/schema/nri/state-change-event.json +new file mode 100644 +index 0000000..0131aeb +--- /dev/null ++++ b/src/json/schema/nri/state-change-event.json +@@ -0,0 +1,15 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "event": { ++ "$ref": "../defs.json#/definitions/int32" ++ }, ++ "pod": { ++ "$ref": "pod-sandbox.json" ++ }, ++ "container": { ++ "$ref": "container.json" ++ } ++ } ++} +diff --git a/src/json/schema/nri/stop-container-request.json b/src/json/schema/nri/stop-container-request.json +new file mode 100644 +index 0000000..1a9d17c +--- /dev/null ++++ b/src/json/schema/nri/stop-container-request.json +@@ -0,0 +1,12 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "pod": { ++ "$ref": "pod-sandbox.json" ++ }, ++ "container": { ++ "$ref": "container.json" ++ } ++ } ++} +diff --git a/src/json/schema/nri/stop-container-response.json b/src/json/schema/nri/stop-container-response.json +new file mode 100644 +index 0000000..bf535f6 +--- /dev/null ++++ b/src/json/schema/nri/stop-container-response.json +@@ -0,0 +1,12 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "update": { ++ "type": "array", ++ "items": { ++ "$ref": "container-update.json" ++ } ++ } ++ } ++} +diff --git a/src/json/schema/nri/synchronize-request.json b/src/json/schema/nri/synchronize-request.json +new file mode 100644 +index 0000000..689baff +--- /dev/null ++++ b/src/json/schema/nri/synchronize-request.json +@@ -0,0 +1,18 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "pods": { ++ "type": "array", ++ "items": { ++ "$ref": "pod-sandbox.json" ++ } ++ }, ++ "containers": { ++ "type": "array", ++ "items": { ++ "$ref": "container.json" ++ } ++ } ++ } ++} +diff --git a/src/json/schema/nri/synchronize-response.json b/src/json/schema/nri/synchronize-response.json +new file mode 100644 +index 0000000..bf535f6 +--- /dev/null ++++ b/src/json/schema/nri/synchronize-response.json +@@ -0,0 +1,12 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "update": { ++ "type": "array", ++ "items": { ++ "$ref": "container-update.json" ++ } ++ } ++ } ++} +diff --git a/src/json/schema/nri/update-container-request.json b/src/json/schema/nri/update-container-request.json +new file mode 100644 +index 0000000..782481c +--- /dev/null ++++ b/src/json/schema/nri/update-container-request.json +@@ -0,0 +1,15 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "pod": { ++ "$ref": "pod-sandbox.json" ++ }, ++ "container": { ++ "$ref": "container.json" ++ }, ++ "linux_resources": { ++ "$ref": "linux-resources.json" ++ } ++ } ++} +diff --git a/src/json/schema/nri/update-container-response.json b/src/json/schema/nri/update-container-response.json +new file mode 100644 +index 0000000..affee62 +--- /dev/null ++++ b/src/json/schema/nri/update-container-response.json +@@ -0,0 +1,18 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "update": { ++ "type": "array", ++ "items": { ++ "$ref": "container-update.json" ++ } ++ }, ++ "evict": { ++ "type": "array", ++ "items": { ++ "$ref": "container-eviction.json" ++ } ++ } ++ } ++} +diff --git a/src/json/schema/nri/update-containers-request.json b/src/json/schema/nri/update-containers-request.json +new file mode 100644 +index 0000000..affee62 +--- /dev/null ++++ b/src/json/schema/nri/update-containers-request.json +@@ -0,0 +1,18 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "update": { ++ "type": "array", ++ "items": { ++ "$ref": "container-update.json" ++ } ++ }, ++ "evict": { ++ "type": "array", ++ "items": { ++ "$ref": "container-eviction.json" ++ } ++ } ++ } ++} +diff --git a/src/json/schema/nri/update-containers-response.json b/src/json/schema/nri/update-containers-response.json +new file mode 100644 +index 0000000..361e134 +--- /dev/null ++++ b/src/json/schema/nri/update-containers-response.json +@@ -0,0 +1,12 @@ ++{ ++ "$schema": "http://json-schema.org/draft-04/schema#", ++ "type": "object", ++ "properties": { ++ "failed": { ++ "type": "array", ++ "items": { ++ "$ref": "container-update.json" ++ } ++ } ++ } ++} +-- +2.33.0 + diff --git a/0017-add-struct-for-nri.patch b/0017-add-struct-for-nri.patch new file mode 100644 index 0000000..e4561a2 --- /dev/null +++ b/0017-add-struct-for-nri.patch @@ -0,0 +1,60 @@ +From 0f032f9748bdf676355520fdd4d2e89f7a1c4c2f Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Fri, 14 Jun 2024 15:47:08 +0800 +Subject: [PATCH 17/20] add struct for nri + +Signed-off-by: zhongtao +--- + src/json/schema/container/create-request.json | 3 +++ + src/json/schema/isulad-daemon-configs.json | 21 +++++++++++++++++++ + 2 files changed, 24 insertions(+) + +diff --git a/src/json/schema/container/create-request.json b/src/json/schema/container/create-request.json +index 4d9d1ff..e19394d 100644 +--- a/src/json/schema/container/create-request.json ++++ b/src/json/schema/container/create-request.json +@@ -20,6 +20,9 @@ + "sandbox": { + "$ref": "sandbox-info.json" + }, ++ "adjust": { ++ "$ref": "../nri/container-adjustment.json" ++ }, + "hostconfig": { + "type": "string" + }, +diff --git a/src/json/schema/isulad-daemon-configs.json b/src/json/schema/isulad-daemon-configs.json +index cd8948a..7b148bd 100644 +--- a/src/json/schema/isulad-daemon-configs.json ++++ b/src/json/schema/isulad-daemon-configs.json +@@ -100,6 +100,27 @@ + "cni-conf-dir": { + "type": "string" + }, ++ "nri-support" : { ++ "type": "boolean" ++ }, ++ "disable-connections" : { ++ "type": "boolean" ++ }, ++ "plugin_config_path": { ++ "type": "string" ++ }, ++ "plugin_path": { ++ "type": "string" ++ }, ++ "nri_socket_path": { ++ "type": "string" ++ }, ++ "plugin_registration_timeout": { ++ "type": "uint64" ++ }, ++ "plugin_requst_timeout": { ++ "type": "uint64" ++ }, + "image-layer-check": { + "type": "boolean" + }, +-- +2.33.0 + diff --git a/0018-add-nri-def-in-host-config.patch b/0018-add-nri-def-in-host-config.patch new file mode 100644 index 0000000..99f01ac --- /dev/null +++ b/0018-add-nri-def-in-host-config.patch @@ -0,0 +1,59 @@ +From 86c8f125b55993be85ca6d0982d3036452481479 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Sun, 18 Aug 2024 04:31:18 +0800 +Subject: [PATCH 18/20] add nri def in host config + +Signed-off-by: zhongtao +--- + src/json/schema/host-config.json | 35 ++++++++++++++++++++++++++++++++ + 1 file changed, 35 insertions(+) + +diff --git a/src/json/schema/host-config.json b/src/json/schema/host-config.json +index 6af8021..a9679bd 100644 +--- a/src/json/schema/host-config.json ++++ b/src/json/schema/host-config.json +@@ -311,6 +311,41 @@ + "items": { + "type": "string" + } ++ }, ++ "NriDevices": { ++ "id": "https://opencontainers.org/schema/bundle/linux/devices", ++ "type": "array", ++ "items": { ++ "$ref": "defs.json#/definitions/Device" ++ } ++ }, ++ "NriRlimits": { ++ "id": "https://opencontainers.org/schema/bundle/linux/rlimits", ++ "type": "array", ++ "items": { ++ "id": "https://opencontainers.org/schema/bundle/linux/rlimits/0", ++ "type": "object", ++ "required": [ ++ "type", ++ "soft", ++ "hard" ++ ], ++ "properties": { ++ "hard": { ++ "id": "https://opencontainers.org/schema/bundle/linux/rlimits/0/hard", ++ "$ref": "defs.json#/definitions/uint64" ++ }, ++ "soft": { ++ "id": "https://opencontainers.org/schema/bundle/linux/rlimits/0/soft", ++ "$ref": "defs.json#/definitions/uint64" ++ }, ++ "type": { ++ "id": "https://opencontainers.org/schema/bundle/linux/rlimits/0/type", ++ "type": "string", ++ "pattern": "^RLIMIT_[A-Z]+$" ++ } ++ } ++ } + } + } + } +-- +2.33.0 + diff --git a/0019-fix-invalid-usage-of-arrtibute-visibility.patch b/0019-fix-invalid-usage-of-arrtibute-visibility.patch new file mode 100644 index 0000000..a1c37c7 --- /dev/null +++ b/0019-fix-invalid-usage-of-arrtibute-visibility.patch @@ -0,0 +1,76 @@ +From 57d2fe1b26429490b61d09dc8402024dc51b4386 Mon Sep 17 00:00:00 2001 +From: yuncang123 <1050706328@qq.com> +Date: Tue, 27 Aug 2024 14:39:33 +0800 +Subject: [PATCH 19/20] fix invalid usage of arrtibute'visibility' + +--- + src/runtime/lcrcontainer.h | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/src/runtime/lcrcontainer.h b/src/runtime/lcrcontainer.h +index d4cef39..4eedec9 100644 +--- a/src/runtime/lcrcontainer.h ++++ b/src/runtime/lcrcontainer.h +@@ -40,13 +40,13 @@ extern "C" { + + /* define console log config */ + +-__EXPORT__ struct lcr_console_config { ++struct lcr_console_config { + char *log_path; + unsigned int log_rotate; + char *log_file_size; + }; + +-__EXPORT__ struct blkio_stats { ++struct blkio_stats { + uint64_t read; + uint64_t write; + uint64_t total; +@@ -55,7 +55,7 @@ __EXPORT__ struct blkio_stats { + /* + * Store lcr container state + */ +-__EXPORT__ struct lcr_container_state { ++struct lcr_container_state { + /* Name of container */ + char *name; + /* State of container */ +@@ -92,14 +92,14 @@ typedef enum { + lcr_msg_exit_code, + } lcr_msg_type_t; + +-__EXPORT__ struct lcr_msg { ++struct lcr_msg { + lcr_msg_type_t type; + char name[NAME_MAX + 1]; + int value; + int pid; + }; + +-__EXPORT__ struct lcr_cgroup_resources { ++struct lcr_cgroup_resources { + uint64_t blkio_weight; + uint64_t cpu_shares; + uint64_t cpu_period; +@@ -150,7 +150,7 @@ __EXPORT__ bool lcr_create(const char *name, const char *lcrpath, void *oci_conf + * gid : user in which group + * additional_gids : Add additional groups to join + */ +-__EXPORT__ struct lcr_start_request { ++struct lcr_start_request { + const char *name; + const char *lcrpath; + +@@ -237,7 +237,7 @@ __EXPORT__ void lcr_free_console_config(struct lcr_console_config *config); + __EXPORT__ int lcr_log_init(const char *name, const char *file, const char *priority, + const char *prefix, int quiet, const char *lcrpath); + +-__EXPORT__ struct lcr_exec_request { ++struct lcr_exec_request { + const char *name; + const char *lcrpath; + +-- +2.33.0 + diff --git a/0020-unify-nri-variable-format.patch b/0020-unify-nri-variable-format.patch new file mode 100644 index 0000000..bfd88a2 --- /dev/null +++ b/0020-unify-nri-variable-format.patch @@ -0,0 +1,42 @@ +From 6fd7cdec3c383461695f45e96d59353c68ecf286 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Wed, 4 Sep 2024 10:38:08 +0800 +Subject: [PATCH 20/20] unify nri variable format + +Signed-off-by: zhongtao +--- + src/json/schema/isulad-daemon-configs.json | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/src/json/schema/isulad-daemon-configs.json b/src/json/schema/isulad-daemon-configs.json +index 7b148bd..e21c3cf 100644 +--- a/src/json/schema/isulad-daemon-configs.json ++++ b/src/json/schema/isulad-daemon-configs.json +@@ -106,19 +106,19 @@ + "disable-connections" : { + "type": "boolean" + }, +- "plugin_config_path": { ++ "plugin-config-path": { + "type": "string" + }, +- "plugin_path": { ++ "plugin-path": { + "type": "string" + }, +- "nri_socket_path": { ++ "nri-socket-path": { + "type": "string" + }, +- "plugin_registration_timeout": { ++ "plugin-registration-timeout": { + "type": "uint64" + }, +- "plugin_requst_timeout": { ++ "plugin-requst-timeout": { + "type": "uint64" + }, + "image-layer-check": { +-- +2.33.0 + diff --git a/lcr.spec b/lcr.spec index 10dafe1..2ec1ff1 100644 --- a/lcr.spec +++ b/lcr.spec @@ -1,5 +1,5 @@ %global _version 2.1.4 -%global _release 8 +%global _release 12 %global _inner_name isula_libutils %global enable_lxc 1 @@ -27,6 +27,12 @@ Patch0011: 0011-remove-lcr-created-spec-only-if-create-failed.patch Patch0012: 0012-Fix-info-inproper-data-type-for-timestamp.patch Patch0013: 0013-fix-bug-for-potential-config-seccomp-ocihook-write-e.patch Patch0014: 0014-add-codecheck-fix.patch +Patch0015: 0015-fix-invalid-args-len-set-in-execute_lxc_attach.patch +Patch0016: 0016-add-nri-definitions.patch +Patch0017: 0017-add-struct-for-nri.patch +Patch0018: 0018-add-nri-def-in-host-config.patch +Patch0019: 0019-fix-invalid-usage-of-arrtibute-visibility.patch +Patch0020: 0020-unify-nri-variable-format.patch %define lxcver_lower 4.0.3-2022102400 %define lxcver_upper 5.0.3 @@ -147,6 +153,30 @@ rm -rf %{buildroot} %{_includedir}/lcr/utils_compile.h %changelog +* Thu Oct 17 2024 wujichao - 2.1.4-12 +- Type:enhancement +- CVE:NA +- SUG:NA +- DESC:unify nri variable format + +* Tue Sep 3 2024 yuanchao<1050706328@qq.com> - 2.1.4-11 +- Type:enhancement +- CVE:NA +- SUG:NA +- DESC:fix invalid usage of arrtibute visibility + +* Mon Aug 19 2024 zhongtao - 2.1.4-10 +- Type:enhancement +- CVE:NA +- SUG:NA +- DESC:add nri def in host config + +* Fri Aug 16 2024 zhongtao - 2.1.4-9 +- Type:enhancement +- CVE:NA +- SUG:NA +- DESC:add nri struct definitions + * Tue June 11 2024 jikai - 2.1.4-8 - Type:enhancement - CVE:NA -- Gitee