containers: update oci-systemd-hook to 0.2.0

Updating to the latest oci-systemd-hook version. We also refresh the patches, specifically the selinux patch, for the updated context. The additional cgroups mount patch needed to be tweaks for new required parameters, but is otherwise unchanged. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
2025-07-19 20:59:41 +02:00 · 2019-07-03 13:18:08 +00:00 · 2019-07-03 13:18:08 +00:00 · 7394c154a9
commit 7394c154a9
parent cf875d9ee9
3 changed files with 31 additions and 26 deletions
--- a/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch
+++ b/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch
@ -1,6 +1,6 @@
-From f59cddcedd6535e0b809ec9b4e95672d34b41a16 Mon Sep 17 00:00:00 2001
+From f9c640fa1d4c14dfbd2bc40af91cb446ad373075 Mon Sep 17 00:00:00 2001
 From: Jason Wessel <jason.wessel@windriver.com>
-Date: Tue, 14 Nov 2017 07:41:41 -0800
+Date: Tue, 2 Jul 2019 20:51:08 +0000
 Subject: [PATCH] Add additional cgroup mounts from root NS automatically
 Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
@ -9,11 +9,11 @@ Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
 1 file changed, 45 insertions(+)
 diff --git a/src/systemdhook.c b/src/systemdhook.c
-index 78575ef..f735484 100644
+index 87a3585..5220c54 100644
 --- a/src/systemdhook.c
 +++ b/src/systemdhook.c
-@@ -238,6 +238,11 @@ static char *get_process_cgroup_subsystem_path(int pid, const char *subsystem) {
+@@ -281,6 +281,11 @@ static char *get_process_cgroup_subsystem_path(const char *id, int pid, const ch
- static int mount_cgroup(const char *rootfs, const char *options, char *systemd_path)
+ static int mount_cgroup(const char *id, const char *rootfs, const char *options, char *systemd_path)
 {
 	_cleanup_free_ char *cgroup_path = NULL;
 +	char *spath, *dpath;
@ -23,9 +23,9 @@ index 78575ef..f735484 100644
 +	int got;
 	if (asprintf(&cgroup_path, "%s/%s", rootfs, CGROUP_ROOT) < 0) {
- 		pr_perror("Failed to create path for %s", CGROUP_ROOT);
+ 		pr_perror("%s: Failed to create path for %s", id, CGROUP_ROOT);
-@@ -256,6 +261,46 @@ static int mount_cgroup(const char *rootfs, const char *options, char *systemd_p
+@@ -290,6 +295,46 @@ static int mount_cgroup(const char *id, const char *rootfs, const char *options,
- 		pr_perror("Failed to mkdir new dest: %s", systemd_path);
+ 		pr_perror("%s: Failed to mkdir new dest: %s", id, cgroup_path);
 		return -1;
 	}
 +	/* Create all additional cgroup mounts which are in the root namespace */
@ -59,7 +59,7 @@ index 78575ef..f735484 100644
 +				pr_perror("Failed to mkdir new dest: %s", dpath);
 +				return -1;
 +			}
-+			if (bind_mount(spath, dpath, false)) {
+			if (bind_mount(id, spath, dpath, false)) {
 +				pr_perror("Failed to bind mount %s on %s", spath, dpath);
 +				return -1;
 +			}
@ -68,9 +68,9 @@ index 78575ef..f735484 100644
 +		free(dpath);
 +	}
 +	closedir(dir);
- 	if (mount(cgroup_path, cgroup_path, "bind", MS_REMOUNT|MS_BIND|MS_RDONLY, "") == -1) {
+ 	/* Mount tmpfs at new cgroup directory */
- 		pr_perror("Failed to remount %s readonly", cgroup_path);
+ 	if (mount("tmpfs", cgroup_path, "tmpfs", MS_NODEV|MS_NOSUID, options) == -1) {
- 		return -1;
+ 		pr_perror("%s: Failed to mount tmpfs at %s", id, cgroup_path);
 -- 
-2.11.0
+2.19.1
--- a/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-selinux-drop-selinux-support.patch
+++ b/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-selinux-drop-selinux-support.patch
@ -8,9 +8,11 @@ Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
 src/systemdhook.c |   12 ------------
 1 file changed, 12 deletions(-)
--- a/src/systemdhook.c
+Index: git/src/systemdhook.c
-+++ b/src/systemdhook.c
+===================================================================
-@@ -16,7 +16,6 @@
+--- git.orig/src/systemdhook.c
 +++ git/src/systemdhook.c
@@ -17,7 +17,6 @@
 #include <errno.h>
 #include <inttypes.h>
 #include <linux/limits.h>
@ -18,25 +20,28 @@ Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
 #include <yajl/yajl_tree.h>
 #include <stdbool.h>
-@@ -129,9 +128,6 @@ static int chperm(const char *path, cons
+@@ -166,12 +165,6 @@
 				closedir(dir);
 				return -1;
 			}
-			if (setfilecon (full_path, label) < 0) {
+-			if (label != NULL && (strcmp("", label))) {
-				pr_perror("Failed to set context %s on %s", label, full_path);
+-				if ((is_selinux_enabled() > 0) && (setfilecon (full_path, label) < 0)) {
 -					pr_perror("%s: Failed to set context %s on %s", id, label, full_path);
 -				}
 -			}
- 
+-
 			if (doChown) {
 				/* Change uid and gid to something the container can handle */
-@@ -496,14 +492,6 @@ static int prestart(const char *rootfs,
+ 				if (chown(full_path, uid, gid) < 0 ) {
@@ -557,14 +550,6 @@
 				return -1;
 			}
 		}
 -
 -		if (strcmp("", mount_label)) {
-			rc = setfilecon(journal_dir, (security_context_t)mount_label);
+-			if ((is_selinux_enabled() > 0) &&
-			if (rc < 0) {
+-			    (setfilecon(journal_dir, (security_context_t)mount_label) < 0)) {
-				pr_perror("Failed to set journal dir selinux context");
+-				pr_perror("%s: Failed to set journal dir selinux context", id);
 -				return -1;
 -			}
 -		}
--- a/recipes-containers/oci-systemd-hook/oci-systemd-hook_git.bb
+++ b/recipes-containers/oci-systemd-hook/oci-systemd-hook_git.bb
@ -6,14 +6,14 @@ PRIORITY = "optional"
 DEPENDS = "yajl util-linux"
-SRCREV = "1ac958a4197a9ea52174812fc7d7d036af8140d3"
+SRCREV = "05e692346ca73e022754332a7da641230dae2ffe"
 SRC_URI = "git://github.com/projectatomic/oci-systemd-hook \
           file://0001-selinux-drop-selinux-support.patch \
           file://0001-configure-drop-selinux-support.patch \
           file://0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch \
 "
-PV = "0.0.1+git${SRCPV}"
+PV = "0.2.0+git${SRCPV}"
 S = "${WORKDIR}/git"
 inherit autotools pkgconfig