From ed4b71b2027a6e9fdf15931fe93aa9e0bb3dc79d Mon Sep 17 00:00:00 2001
From: leizhongkai <[email protected]>
Date: Wed, 31 Jan 2024 18:17:52 +0800
Subject: [PATCH 07/43] update annotations and add ci cases

Signed-off-by: leizhongkai <[email protected]>
---
 .../container_cases/dev_cgroup_rule.sh        | 24 +++++++++++
 src/daemon/modules/api/specs_api.h            |  2 +
 .../modules/service/service_container.c       | 18 +++++++-
 src/daemon/modules/spec/specs.c               | 41 ++++++++++++++++++-
 4 files changed, 82 insertions(+), 3 deletions(-)

diff --git a/CI/test_cases/container_cases/dev_cgroup_rule.sh b/CI/test_cases/container_cases/dev_cgroup_rule.sh
index 839a546c..5616d37a 100755
--- a/CI/test_cases/container_cases/dev_cgroup_rule.sh
+++ b/CI/test_cases/container_cases/dev_cgroup_rule.sh
@@ -29,6 +29,9 @@ function test_cpu_dev_cgoup_rule_spec()
     local image="busybox"
     local test="container device cgroup rule test with (${runtime}) => (${FUNCNAME[@]})"
     local test_dev="/dev/testA"
+    local default_config="/etc/default/isulad/config.json"
+    local default_config_bak="/etc/default/isulad/config.json.bak"
+    local test_cgroup_parent="/testABC"
 
     msg_info "${test} starting..."
 
@@ -54,6 +57,27 @@ function test_cpu_dev_cgoup_rule_spec()
     [[ $? -ne 0 ]] && [[ $cnt -le $priv_minor_88_cnt ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device minor failed" && ((ret++))
     isula rm -f $priv_cid
 
+    def_cid=$(isula run -tid --runtime $runtime -m 10m $image /bin/sh)
+    [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - run container failed" && ((ret++))
+    cp $default_config $default_config_bak
+    sed -i '/"linux": {/a \ \t\t"devices": [\n\t\t{\n\t\t\t"type": "c",\n\t\t\t"path": "\/dev\/testABC",\n\t\t\t"major": 88,\n\t\t\t"minor": 88\n\t\t}\n\t\t],' $default_config
+    stop_isulad_without_valgrind
+    start_isulad_with_valgrind --cgroup-parent $test_cgroup_parent
+    [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++))
+    isula restart -t 0 $def_cid
+    [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - restart container failed" && ((ret++))
+    cat /sys/fs/cgroup/memory/$test_cgroup_parent/$def_cid/memory.limit_in_bytes | grep ^10485760$
+    [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - --cgroup-parent cannot work" && ((ret++))
+    cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$def_cid/config.json | grep "major\": 88" | wc -l)
+    [[ $? -ne 0 ]]&& [[ $cnt -ne 2 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device major failed" && ((ret++))
+    cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$def_cid/config.json | grep "minor\": 88" | wc -l)
+    [[ $? -ne 0 ]] && [[ $cnt -ne 2 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device minor failed" && ((ret++))
+    isula rm -f $def_cid
+    cp $default_config_bak $default_config
+    stop_isulad_without_valgrind
+    start_isulad_with_valgrind
+    [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++))
+
     cid=$(isula run -tid --device "$test_dev:$test_dev" --runtime $runtime $image /bin/sh)
     [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - run container failed" && ((ret++))
     cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$cid/config.json | grep "major\": 88" | wc -l)
diff --git a/src/daemon/modules/api/specs_api.h b/src/daemon/modules/api/specs_api.h
index 7c904614..f5f6ad8b 100644
--- a/src/daemon/modules/api/specs_api.h
+++ b/src/daemon/modules/api/specs_api.h
@@ -41,6 +41,8 @@ int merge_share_namespace(oci_runtime_spec *oci_spec, const host_config *host_sp
                           const container_config_v2_common_config *v2_spec,
                           const container_network_settings *network_settings);
 
+int update_spec_annotations(oci_runtime_spec *oci_spec, container_config *container_spec, host_config *host_spec);
+
 oci_runtime_spec *load_oci_config(const char *rootpath, const char *name);
 
 oci_runtime_spec *default_spec(bool system_container);
diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
index 97f73768..239783b8 100644
--- a/src/daemon/modules/service/service_container.c
+++ b/src/daemon/modules/service/service_container.c
@@ -691,11 +691,18 @@ out:
     epoll_loop_close(&descr);
 }
 
-static int do_oci_spec_update(const char *id, oci_runtime_spec *oci_spec, host_config *hostconfig)
+static int do_oci_spec_update(const char *id, oci_runtime_spec *oci_spec, container_config *container_spec, host_config *hostconfig)
 {
     __isula_auto_free char *cgroup_parent = NULL;
     int ret;
 
+    // First renew annotations for oci spec, cgroup path, rootfs.mount, native.mask
+    // for iSulad daemon might get updated
+    ret = update_spec_annotations(oci_spec, container_spec, hostconfig);
+    if (ret < 0) {
+        return -1;
+    }
+
     // If isulad daemon cgroup parent updated, we should update this config into oci spec
     cgroup_parent = merge_container_cgroups_path(id, hostconfig);
     if (cgroup_parent == NULL) {
@@ -802,13 +809,20 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo
     }
 
     // Update possible changes
-    nret = do_oci_spec_update(id, oci_spec, cont->hostconfig);
+    nret = do_oci_spec_update(id, oci_spec, cont->common_config->config, cont->hostconfig);
     if (nret != 0) {
         ERROR("Failed to update possible changes for oci spec");
         ret = -1;
         goto close_exit_fd;
     }
 
+    nret = container_to_disk(cont);
+    if (nret != 0) {
+        ERROR("Failed to save container info to disk");
+        ret = -1;
+        goto close_exit_fd;
+    }
+
     nret = setup_ipc_dirs(cont->hostconfig, cont->common_config);
     if (nret != 0) {
         ERROR("Failed to setup ipc dirs");
diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c
index cc49d85f..62e340b1 100644
--- a/src/daemon/modules/spec/specs.c
+++ b/src/daemon/modules/spec/specs.c
@@ -385,6 +385,44 @@ out:
     return ret;
 }
 
+int update_spec_annotations(oci_runtime_spec *oci_spec, container_config *container_spec, host_config *host_spec)
+{
+    int ret = 0;
+    if (oci_spec == NULL || container_spec == NULL || host_spec == NULL) {
+        return -1;
+    }
+
+    ret = make_sure_container_spec_annotations(container_spec);
+    if (ret < 0) {
+        return -1;
+    }
+
+    ret = make_annotations_cgroup_dir(container_spec, host_spec);
+    if (ret != 0) {
+        return -1;
+    }
+
+    /* add rootfs.mount */
+    ret = add_rootfs_mount(container_spec);
+    if (ret != 0) {
+        ERROR("Failed to add rootfs mount");
+        return -1;
+    }
+
+    /* add native.umask */
+    ret = add_native_umask(container_spec);
+    if (ret != 0) {
+        ERROR("Failed to add native umask");
+        return -1;
+    }
+
+    if (merge_annotations(oci_spec, container_spec)) {
+        return -1;
+    }
+
+    return 0;
+}
+
 static int make_sure_oci_spec_root(oci_runtime_spec *oci_spec)
 {
     if (oci_spec->root == NULL) {
@@ -2501,4 +2539,5 @@ int spec_module_init(void)
         return -1;
     }
     return 0;
-}
\ No newline at end of file
+}
+
-- 
2.34.1