diff --git a/CI/test_cases/container_cases/check_fd_leakage_of_isulad.bash b/CI/test_cases/container_cases/check_fd_leakage_of_isulad.bash index b66f03ea7699e287aa0d49c219e2a01c40336488..75c09293de48f3c9cb6a068522bc00f93ba22795 100755 --- a/CI/test_cases/container_cases/check_fd_leakage_of_isulad.bash +++ b/CI/test_cases/container_cases/check_fd_leakage_of_isulad.bash @@ -2,7 +2,7 @@ # # attributes: isulad inheritance fd # concurrent: NO -# spend time: 16 +# spend time: 14 ####################################################################### ##- @Copyright (C) Huawei Technologies., Ltd. 2020. All rights reserved. # - iSulad licensed under the Mulan PSL v2. diff --git a/CI/test_cases/container_cases/cni_test.bash b/CI/test_cases/container_cases/cni_test.bash index fc5341205e09507394ffa99c162b1e95279cb3c6..39359c60ed8a23cd7d2028aeea3b4f024ed31b84 100644 --- a/CI/test_cases/container_cases/cni_test.bash +++ b/CI/test_cases/container_cases/cni_test.bash @@ -2,7 +2,7 @@ # # attributes: isulad cri cni # concurrent: NA -# spend time: 45 +# spend time: 43 curr_path=$(dirname $(readlink -f "$0")) data_path=$(realpath $curr_path/criconfigs) @@ -41,9 +41,15 @@ function do_test_help() { msg_info "this is $0 do_test" - crictl images | grep busybox + crictl pull busybox if [ $? -ne 0 ]; then - msg_err "Failed to find busybox image" + msg_err "Failed to pull busybox image" + TC_RET_T=$(($TC_RET_T+1)) + fi + + crictl images | grep "mirrorgooglecontainers/pause-amd64" + if [ $? -ne 0 ]; then + msg_err "Failed to find mirrorgooglecontainers/pause-amd64 image" TC_RET_T=$(($TC_RET_T+1)) fi diff --git a/CI/test_cases/container_cases/create.bash b/CI/test_cases/container_cases/create.bash index 7bc9edec1de1aeb7b7099e3f994f5ebb645257c1..14290ed726114802d53452feae3cae6f03358fa2 100755 --- a/CI/test_cases/container_cases/create.bash +++ b/CI/test_cases/container_cases/create.bash @@ -2,7 +2,7 @@ # # attributes: isulad inheritance create # concurrent: YES -# spend time: 23 +# spend time: 5 ####################################################################### ##- @Copyright (C) Huawei Technologies., Ltd. 2020. All rights reserved. diff --git a/CI/test_cases/container_cases/create_mtab_test.bash b/CI/test_cases/container_cases/create_mtab_test.bash index e591ac8419095cf6e247349e8c0a44e942345f58..f079e45ee868da7f3b0174610ee70faaacfd4f07 100755 --- a/CI/test_cases/container_cases/create_mtab_test.bash +++ b/CI/test_cases/container_cases/create_mtab_test.bash @@ -2,7 +2,7 @@ # # attributes: isulad inheritance start # concurrent: YES -# spend time: 6 +# spend time: 2 ####################################################################### ##- @Copyright (C) Huawei Technologies., Ltd. 2020. All rights reserved. diff --git a/CI/test_cases/container_cases/export.bash b/CI/test_cases/container_cases/export.bash index c29e199440d2354a1740bd9552f7b298e5da7307..143be4c8fd7d47019dfdb39318973d2c639e66a0 100755 --- a/CI/test_cases/container_cases/export.bash +++ b/CI/test_cases/container_cases/export.bash @@ -2,7 +2,7 @@ # # attributes: isulad basic export container # concurrent: NA -# spend time: 5 +# spend time: 6 ####################################################################### ##- @Copyright (C) Huawei Technologies., Ltd. 2020. All rights reserved. @@ -47,6 +47,8 @@ function test_image_export() isula export -o nonexistdir/export.tar ${CONT} [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - export to nonexist directory success" && ((ret++)) + isula rm -f ${CONT} + msg_info "${test} finished with return ${ret}..." return ${ret} } diff --git a/CI/test_cases/container_cases/kill.bash b/CI/test_cases/container_cases/kill.bash index 01465b0ad5528e5661f327419e10fc3ad3c865c8..d09a48b0cfe267ca8d1b691aeadf4ea7460cc3be 100755 --- a/CI/test_cases/container_cases/kill.bash +++ b/CI/test_cases/container_cases/kill.bash @@ -2,7 +2,7 @@ # # attributes: isulad inheritance kill # concurrent: YES -# spend time: 4 +# spend time: 9 ####################################################################### ##- @Copyright (C) Huawei Technologies., Ltd. 2020. All rights reserved. diff --git a/CI/test_cases/container_cases/ps.bash b/CI/test_cases/container_cases/ps.bash index 728a34f15a8b05c6e5f2818a358d239e481d8d8e..def0a2e76bf6873dd1707d9a6b0646e91779572b 100755 --- a/CI/test_cases/container_cases/ps.bash +++ b/CI/test_cases/container_cases/ps.bash @@ -2,7 +2,7 @@ # # attributes: isulad inheritance ps list # concurrent: NO -# spend time: 13 +# spend time: 11 ####################################################################### ##- @Copyright (C) Huawei Technologies., Ltd. 2020. All rights reserved. diff --git a/CI/test_cases/container_cases/restart.bash b/CI/test_cases/container_cases/restart.bash index f87a922d2b528057c8e3e578fe8f2ea814fc5d9c..cf2c58218e6d9e90823e7009a14abdd1c3235c61 100755 --- a/CI/test_cases/container_cases/restart.bash +++ b/CI/test_cases/container_cases/restart.bash @@ -2,7 +2,7 @@ # # attributes: isulad inheritance restart # concurrent: YES -# spend time: 38 +# spend time: 32 ####################################################################### ##- @Copyright (C) Huawei Technologies., Ltd. 2020. All rights reserved. diff --git a/CI/test_cases/container_cases/restartpolicy.bash b/CI/test_cases/container_cases/restartpolicy.bash index f096b0b1e75c9607588a4b08c0ff5dc24004981f..0333e4fbe1bfede0e7d59f73ab69938907881401 100755 --- a/CI/test_cases/container_cases/restartpolicy.bash +++ b/CI/test_cases/container_cases/restartpolicy.bash @@ -2,7 +2,7 @@ # # attributes: isulad inheritance restartpolicy # concurrent: NO -# spend time: 25 +# spend time: 24 ####################################################################### ##- @Copyright (C) Huawei Technologies., Ltd. 2020. All rights reserved. diff --git a/CI/test_cases/container_cases/rm.bash b/CI/test_cases/container_cases/rm.bash index bb9e0895513a08cb8dc5abbfd83077bcc247a464..6990dd2d2a0b3a97276b5664bddfbb9ccc752efc 100755 --- a/CI/test_cases/container_cases/rm.bash +++ b/CI/test_cases/container_cases/rm.bash @@ -2,7 +2,7 @@ # # attributes: isulad inheritance rm # concurrent: YES -# spend time: 15 +# spend time: 12 ####################################################################### ##- @Copyright (C) Huawei Technologies., Ltd. 2020. All rights reserved. diff --git a/CI/test_cases/container_cases/run.bash b/CI/test_cases/container_cases/run.bash index 9d8e9e4af3ba1bc3656e7747a0c14b2743a24bd9..315b40ab223fd0b57fb044123a51035bb10e023f 100755 --- a/CI/test_cases/container_cases/run.bash +++ b/CI/test_cases/container_cases/run.bash @@ -2,7 +2,7 @@ # # attributes: isulad inheritance run # concurrent: YES -# spend time: 5 +# spend time: 3 ####################################################################### ##- @Copyright (C) Huawei Technologies., Ltd. 2020. All rights reserved. diff --git a/CI/test_cases/container_cases/share_ns_test.bash b/CI/test_cases/container_cases/share_ns_test.bash index 7a496630f321987e2c95b1354289d199031f716e..e9b6c7b671d459a1313221be7edda1ad79017e68 100755 --- a/CI/test_cases/container_cases/share_ns_test.bash +++ b/CI/test_cases/container_cases/share_ns_test.bash @@ -2,7 +2,7 @@ # # attributes: isulad share namepaces # concurrent: NO -# spend time: 45 +# spend time: 25 ####################################################################### ##- @Copyright (C) Huawei Technologies., Ltd. 2020. All rights reserved. @@ -36,14 +36,13 @@ function do_test_t() cid[$i]=`isula create -ti busybox /bin/sh` fn_check_eq "$?" "0" "create ${cid[$i]}" - msg=`isula run -tid ${arr_ns_type[$i]}="container:${cid[$i]}" busybox /bin/sh 2>&1` + msg=`isula run --name test1 -tid ${arr_ns_type[$i]}="container:${cid[$i]}" busybox /bin/sh 2>&1` echo $msg | grep "Can not join namespace of a non running container" fn_check_eq "$?" "0" "share ipc fail test" - isula rm -f ${cid[$i]} + isula rm -f test1 - rid[$i]=`isula run -tid busybox /bin/sh` - fn_check_eq "$?" "0" "run ${rid[$i]}" + isula rm -f ${cid[$i]} id=`isula run -tid busybox /bin/sh` fn_check_eq "$?" "0" "run $id" diff --git a/CI/test_cases/container_cases/update.bash b/CI/test_cases/container_cases/update.bash index 9e7bcf2595ab3b13eb9fe1cc99a18e4e053772be..27a7c11de3bedca332074fd55a90546ce7a6540b 100755 --- a/CI/test_cases/container_cases/update.bash +++ b/CI/test_cases/container_cases/update.bash @@ -2,7 +2,7 @@ # # attributes: isulad inheritance update # concurrent: YES -# spend time: 14 +# spend time: 15 ####################################################################### ##- @Copyright (C) Huawei Technologies., Ltd. 2020. All rights reserved. diff --git a/CI/test_cases/helpers.bash b/CI/test_cases/helpers.bash index dc82e8efc506c4149eabcdebef5a570ccb16ed8f..3df8c38555f0739651f6eded0871dca83ed6d83c 100755 --- a/CI/test_cases/helpers.bash +++ b/CI/test_cases/helpers.bash @@ -24,7 +24,7 @@ LCR_ROOT_PATH="/var/lib/isulad/engines/lcr" valgrind_log="/tmp/valgrind.log" ISUALD_LOG="/var/lib/isulad/isulad.log" -declare -r -i FAILURE=-1 +declare -r -i FAILURE=1 function cut_output_lines() { message=`$@ 2>&1` diff --git a/CI/test_cases/image_cases/image_inspect.bash b/CI/test_cases/image_cases/image_inspect.bash index b2c32e374797e1069858b014dc601bb57094f097..42ecae6bb13f329902f89a72b312753ba501504b 100755 --- a/CI/test_cases/image_cases/image_inspect.bash +++ b/CI/test_cases/image_cases/image_inspect.bash @@ -2,7 +2,7 @@ # # attributes: isulad basic image list ps inspect # concurrent: NA -# spend time: 8 +# spend time: 4 ####################################################################### ##- @Copyright (C) Huawei Technologies., Ltd. 2020. All rights reserved. diff --git a/CI/test_cases/image_cases/image_remove.bash b/CI/test_cases/image_cases/image_remove.bash index 15a4e0b23d359850104038ba3bbb13d5efda853a..f1d6035d2e6c6c95c84106456aaf64278d5fa303 100755 --- a/CI/test_cases/image_cases/image_remove.bash +++ b/CI/test_cases/image_cases/image_remove.bash @@ -2,7 +2,7 @@ # # attributes: isulad basic remove image # concurrent: NA -# spend time: 12 +# spend time: 8 ####################################################################### ##- @Copyright (C) Huawei Technologies., Ltd. 2020. All rights reserved. diff --git a/CI/test_cases/image_cases/image_tag.bash b/CI/test_cases/image_cases/image_tag.bash index 4875528f71d89bf6b4875dc78d3195d92cfa1c07..62fa4bdc2c60a71e78e629e3aa671903561268ff 100755 --- a/CI/test_cases/image_cases/image_tag.bash +++ b/CI/test_cases/image_cases/image_tag.bash @@ -2,7 +2,7 @@ # # attributes: isulad inheritance tag # concurrent: YES -# spend time: 59 +# spend time: 33 ####################################################################### ##- @Copyright (C) Huawei Technologies., Ltd. 2020. All rights reserved. diff --git a/CI/test_cases/image_cases/images_list.bash b/CI/test_cases/image_cases/images_list.bash index 5790201aacf46f4825be678f8e79cda192efc58d..3efd442aadc6640e9c9d5ac640bfe3ac84f6cade 100755 --- a/CI/test_cases/image_cases/images_list.bash +++ b/CI/test_cases/image_cases/images_list.bash @@ -2,7 +2,7 @@ # # attributes: isulad basic image # concurrent: NA -# spend time: 7 +# spend time: 11 ####################################################################### ##- @Copyright (C) Huawei Technologies., Ltd. 2020. All rights reserved. diff --git a/CI/test_cases/image_cases/img_fs_info.bash b/CI/test_cases/image_cases/img_fs_info.bash index a798ac59f178163e8826438fc32240252faca009..1ea16b34335ab6ffdc5e6d483bf8f38cc09fb4f5 100755 --- a/CI/test_cases/image_cases/img_fs_info.bash +++ b/CI/test_cases/image_cases/img_fs_info.bash @@ -2,7 +2,7 @@ # # attributes: isulad basic image # concurrent: NA -# spend time: 5 +# spend time: 3 ####################################################################### ##- @Copyright (C) Huawei Technologies., Ltd. 2020. All rights reserved. diff --git a/CI/test_cases/image_cases/registry.bash b/CI/test_cases/image_cases/registry.bash index 647bd3dfbeca4b90ce12508e5385fd57d19233c0..0cd13178a84a086bf12c1461e58251ec87e4d5bb 100755 --- a/CI/test_cases/image_cases/registry.bash +++ b/CI/test_cases/image_cases/registry.bash @@ -2,7 +2,7 @@ # # attributes: isulad inheritance version # concurrent: YES -# spend time: 22 +# spend time: 9 ####################################################################### ##- @Copyright (C) Huawei Technologies., Ltd. 2020. All rights reserved. diff --git a/src/image/oci/oci_load.c b/src/image/oci/oci_load.c index 845b4369e1405107fb01c9d6ae6c01a75ca86c2e..52360dff11fe3a0e46ab537babe4fced30b5e3c0 100644 --- a/src/image/oci/oci_load.c +++ b/src/image/oci/oci_load.c @@ -24,7 +24,7 @@ #define MANIFEST_BIG_DATA_KEY "manifest" #define OCI_SCHEMA_VERSION 2 -#define OCI_LOAD_TMP_DIR OCI_LOAD_TMP_WORK_DIR"/oci-image-load-XXXXXX" +#define OCI_LOAD_TMP_DIR OCI_LOAD_TMP_WORK_DIR "/oci-image-load-XXXXXX" static image_manifest_items_element **load_manifest(const char *fname, size_t *length) { @@ -358,6 +358,7 @@ static int oci_load_create_image(load_image_t *desc) struct storage_img_create_options opts = { 0 }; char *top_layer_id = NULL; char *pre_top_layer = NULL; + char *normalized_name = NULL; oci_image_spec *conf = NULL; types_timestamp_t timestamp = { 0 }; @@ -403,16 +404,25 @@ static int oci_load_create_image(load_image_t *desc) } for (; i < desc->repo_tags_len; i++) { - ret = storage_img_add_name(desc->im_id, desc->repo_tags[i]); + normalized_name = oci_normalize_image_name(desc->repo_tags[i]); + if (normalized_name == NULL) { + ret = -1; + ERROR("Failed to normalized name %s", desc->repo_tags[i]); + goto out; + } + ret = storage_img_add_name(desc->im_id, normalized_name); if (ret != 0) { ERROR("add image name failed"); goto out; } + free(normalized_name); + normalized_name = NULL; } out: free_oci_image_spec(conf); free(pre_top_layer); + free(normalized_name); return ret; } diff --git a/src/image/oci/registry/registry_apiv2.c b/src/image/oci/registry/registry_apiv2.c index 90839d2538ddb033f73033e12b008bb4604f7210..7397714131d534fccc7909ac1bf5dc0040c7272a 100644 --- a/src/image/oci/registry/registry_apiv2.c +++ b/src/image/oci/registry/registry_apiv2.c @@ -667,6 +667,7 @@ static int fetch_data(pull_descriptor *desc, char *path, char *file, char *conte if (strcmp(content_type, DOCKER_MANIFEST_SCHEMA1_PRETTYJWS) && digest != NULL) { if (!util_valid_digest_file(file, digest)) { ERROR("data from %s does not have digest %s", path, digest); + ret = -1; goto out; } } diff --git a/src/image/oci/storage/image_store/image_store.c b/src/image/oci/storage/image_store/image_store.c index 9e491e80725a1b3dca8fa54e2a963216852e7b15..aa399f04a823f255273a6a2e0b03db0773522b9a 100644 --- a/src/image/oci/storage/image_store/image_store.c +++ b/src/image/oci/storage/image_store/image_store.c @@ -1931,7 +1931,7 @@ bool image_store_exists(const char *id) img = lookup(id); if (img == NULL) { - ERROR("Image not known"); + ERROR("Image %s not known", id); ret = false; goto out; } diff --git a/src/services/execution/execute/execution_stream.c b/src/services/execution/execute/execution_stream.c index ba98a11300abfd70d3bbd2394a1e1981e4ee309d..48ebb822f37a873022019fa79d287f42820482b4 100644 --- a/src/services/execution/execute/execution_stream.c +++ b/src/services/execution/execute/execution_stream.c @@ -487,7 +487,7 @@ static defs_process *make_exec_process_spec(const container_config *container_sp } spec->terminal = request->tty; - spec->cwd = util_strdup_s(container_spec->working_dir ? container_spec->working_dir : "/"); + spec->cwd = util_strdup_s(util_valid_str(container_spec->working_dir) ? container_spec->working_dir : "/"); return spec; diff --git a/src/services/execution/spec/specs.c b/src/services/execution/spec/specs.c index 1518893023aa6481e58c1f2bbb8fa5915e645f7f..4f11931605099af0c123714e61b34b4d9c512411 100644 --- a/src/services/execution/spec/specs.c +++ b/src/services/execution/spec/specs.c @@ -49,31 +49,31 @@ #include "selinux_label.h" #ifndef CLONE_NEWUTS -#define CLONE_NEWUTS 0x04000000 +#define CLONE_NEWUTS 0x04000000 #endif #ifndef CLONE_NEWUSER -#define CLONE_NEWUSER 0x10000000 +#define CLONE_NEWUSER 0x10000000 #endif #ifndef CLONE_NEWNET -#define CLONE_NEWNET 0x40000000 +#define CLONE_NEWNET 0x40000000 #endif #ifndef CLONE_NEWNS -#define CLONE_NEWNS 0x00020000 +#define CLONE_NEWNS 0x00020000 #endif #ifndef CLONE_NEWPID -#define CLONE_NEWPID 0x20000000 +#define CLONE_NEWPID 0x20000000 #endif #ifndef CLONE_NEWIPC -#define CLONE_NEWIPC 0x08000000 +#define CLONE_NEWIPC 0x08000000 #endif #ifndef CLONE_NEWCGROUP -#define CLONE_NEWCGROUP 0x02000000 +#define CLONE_NEWCGROUP 0x02000000 #endif static int make_sure_oci_spec_annotations(oci_runtime_spec *oci_spec) @@ -274,7 +274,8 @@ static int add_native_umask(const container_config *container_spec) if (strcmp(container_spec->annotations->keys[i], ANNOTATION_UMAKE_KEY) == 0) { if (!is_valid_umask_value(container_spec->annotations->values[i])) { ERROR("native.umask option %s not supported", container_spec->annotations->values[i]); - isulad_set_error_message("native.umask option %s not supported", container_spec->annotations->values[i]); + isulad_set_error_message("native.umask option %s not supported", + container_spec->annotations->values[i]); ret = -1; } goto out; @@ -668,18 +669,16 @@ static int merge_hugetlbs(oci_runtime_spec *oci_spec, host_config_hugetlbs_eleme goto out; } - if (hugetlbs_len > SIZE_MAX / sizeof(defs_resources_hugepage_limits_element *) - - oci_spec->linux->resources->hugepage_limits_len) { + if (hugetlbs_len > + SIZE_MAX / sizeof(defs_resources_hugepage_limits_element *) - oci_spec->linux->resources->hugepage_limits_len) { ERROR("Too many hugetlbs to merge!"); ret = -1; goto out; } - old_size = oci_spec->linux->resources->hugepage_limits_len * + old_size = oci_spec->linux->resources->hugepage_limits_len * sizeof(defs_resources_hugepage_limits_element *); + new_size = (oci_spec->linux->resources->hugepage_limits_len + hugetlbs_len) * sizeof(defs_resources_hugepage_limits_element *); - new_size = (oci_spec->linux->resources->hugepage_limits_len + hugetlbs_len) - * sizeof(defs_resources_hugepage_limits_element *); - ret = mem_realloc((void **)&hugepage_limits_temp, new_size, - oci_spec->linux->resources->hugepage_limits, old_size); + ret = mem_realloc((void **)&hugepage_limits_temp, new_size, oci_spec->linux->resources->hugepage_limits, old_size); if (ret != 0) { ERROR("Failed to realloc memory for hugepage limits"); ret = -1; @@ -689,17 +688,17 @@ static int merge_hugetlbs(oci_runtime_spec *oci_spec, host_config_hugetlbs_eleme oci_spec->linux->resources->hugepage_limits = hugepage_limits_temp; for (i = 0; i < hugetlbs_len; i++) { - oci_spec->linux->resources->hugepage_limits[oci_spec->linux->resources->hugepage_limits_len] - = util_common_calloc_s(sizeof(defs_resources_hugepage_limits_element)); + oci_spec->linux->resources->hugepage_limits[oci_spec->linux->resources->hugepage_limits_len] = + util_common_calloc_s(sizeof(defs_resources_hugepage_limits_element)); if (oci_spec->linux->resources->hugepage_limits[oci_spec->linux->resources->hugepage_limits_len] == NULL) { ERROR("Failed to malloc memory for hugepage limits"); ret = -1; goto out; } - oci_spec->linux->resources->hugepage_limits[oci_spec->linux->resources->hugepage_limits_len]->limit - = hugetlbs[i]->limit; - oci_spec->linux->resources->hugepage_limits[oci_spec->linux->resources->hugepage_limits_len]->page_size - = util_strdup_s(hugetlbs[i]->page_size); + oci_spec->linux->resources->hugepage_limits[oci_spec->linux->resources->hugepage_limits_len]->limit = + hugetlbs[i]->limit; + oci_spec->linux->resources->hugepage_limits[oci_spec->linux->resources->hugepage_limits_len]->page_size = + util_strdup_s(hugetlbs[i]->page_size); oci_spec->linux->resources->hugepage_limits_len++; } out: @@ -896,8 +895,7 @@ out: return ret; } -static int merge_hostname(oci_runtime_spec *oci_spec, const host_config *host_spec, - container_config *container_spec) +static int merge_hostname(oci_runtime_spec *oci_spec, const host_config *host_spec, container_config *container_spec) { free(oci_spec->hostname); oci_spec->hostname = util_strdup_s(container_spec->hostname); @@ -1086,8 +1084,7 @@ out: return ret; } -static int do_merge_one_ulimit_override(const oci_runtime_spec *oci_spec, - defs_process_rlimits_element *rlimit) +static int do_merge_one_ulimit_override(const oci_runtime_spec *oci_spec, defs_process_rlimits_element *rlimit) { size_t j; bool exists = false; @@ -1386,8 +1383,8 @@ static int merge_share_namespace_helper(const oci_runtime_spec *oci_spec, const goto out; } - ret = mem_realloc((void **)&work_ns, (len + 1) * sizeof(defs_namespace_reference *), - (void *)work_ns, len * sizeof(defs_namespace_reference *)); + ret = mem_realloc((void **)&work_ns, (len + 1) * sizeof(defs_namespace_reference *), (void *)work_ns, + len * sizeof(defs_namespace_reference *)); if (ret != 0) { ERROR("Out of memory"); goto out; @@ -1480,7 +1477,7 @@ static int merge_working_dir(oci_runtime_spec *oci_spec, const char *working_dir { int ret = 0; - if (working_dir == NULL) { + if (!util_valid_str(working_dir)) { return 0; } @@ -1519,8 +1516,8 @@ static int change_tmpfs_mount_size(const oci_runtime_spec *oci_spec, int64_t mem if (strcmp("tmpfs", oci_spec->mounts[i]->type) != 0) { continue; } - if (strcmp("/run", oci_spec->mounts[i]->destination) == 0 || \ - strcmp("/run/lock", oci_spec->mounts[i]->destination) == 0 || \ + if (strcmp("/run", oci_spec->mounts[i]->destination) == 0 || + strcmp("/run/lock", oci_spec->mounts[i]->destination) == 0 || strcmp("/tmp", oci_spec->mounts[i]->destination) == 0) { ret = util_array_append(&oci_spec->mounts[i]->options, size_opt); if (ret != 0) { @@ -1687,9 +1684,8 @@ out: return ret; } -int parse_security_opt(const host_config *host_spec, bool *no_new_privileges, - char ***label_opts, size_t *label_opts_len, - char **seccomp_profile) +int parse_security_opt(const host_config *host_spec, bool *no_new_privileges, char ***label_opts, + size_t *label_opts_len, char **seccomp_profile) { int ret = 0; size_t i; @@ -1794,8 +1790,8 @@ static int handle_host_or_privileged_mode(host_config *hc) goto out; } - if (to_host_config_selinux_labels((const char **)labels, labels_len, - &hc->security_opt, &hc->security_opt_len) != 0) { + if (to_host_config_selinux_labels((const char **)labels, labels_len, &hc->security_opt, &hc->security_opt_len) != + 0) { ret = -1; goto out; } @@ -1805,8 +1801,8 @@ out: return ret; } -static int handle_ipc_pid_label(host_config *hc, const char **ipc_label, size_t ipc_label_len, - const char **pid_label, size_t pid_label_len) +static int handle_ipc_pid_label(host_config *hc, const char **ipc_label, size_t ipc_label_len, const char **pid_label, + size_t pid_label_len) { int ret = 0; size_t i; @@ -1824,8 +1820,8 @@ static int handle_ipc_pid_label(host_config *hc, const char **ipc_label, size_t goto out; } } - if (to_host_config_selinux_labels((const char **)pid_label, pid_label_len, - &hc->security_opt, &hc->security_opt_len) != 0) { + if (to_host_config_selinux_labels((const char **)pid_label, pid_label_len, &hc->security_opt, + &hc->security_opt_len) != 0) { ret = -1; goto out; } @@ -1882,8 +1878,8 @@ static int handle_connected_container_mode(host_config *hc) free(pid_process_label); } - if (handle_ipc_pid_label(hc, (const char **)ipc_label, ipc_label_len, - (const char **)pid_label, pid_label_len) != 0) { + if (handle_ipc_pid_label(hc, (const char **)ipc_label, ipc_label_len, (const char **)pid_label, pid_label_len) != + 0) { ret = -1; goto out; } @@ -1921,7 +1917,6 @@ static int generate_security_opt(host_config *hc) return handle_connected_container_mode(hc); } - static int merge_security_conf(oci_runtime_spec *oci_spec, host_config *host_spec, container_config_v2_common_config *v2_spec) { @@ -1950,8 +1945,7 @@ static int merge_security_conf(oci_runtime_spec *oci_spec, host_config *host_spe goto out; } - ret = parse_security_opt(host_spec, &no_new_privileges, &label_opts, - &label_opts_len, &seccomp_profile); + ret = parse_security_opt(host_spec, &no_new_privileges, &label_opts, &label_opts_len, &seccomp_profile); if (ret != 0) { ERROR("Failed to parse security opt"); goto out; @@ -1984,9 +1978,8 @@ out: return ret; } - -int merge_all_specs(host_config *host_spec, const char *real_rootfs, - container_config_v2_common_config *v2_spec, oci_runtime_spec *oci_spec) +int merge_all_specs(host_config *host_spec, const char *real_rootfs, container_config_v2_common_config *v2_spec, + oci_runtime_spec *oci_spec) { int ret = 0; @@ -2174,5 +2167,3 @@ out_free: free(json_container); return ret; } - -