MIRRORS/meta-virtualization
1
0
Fork 0
mirror of git://git.yoctoproject.org/meta-virtualization.git synced 2025-07-19 20:59:41 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

lxc: update to 4.0.9

Browse Source 
Bumping lxc to a newer 4.0 -stable release.

We drop two patches that have been integrated to the upstream repo, but
otherwise, things are the same.

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
This commit is contained in:
Bruce Ashfield 2021-07-12 14:40:23 -04:00
parent 803e7080ce
commit baa8c9cd62
4 changed files with 29 additions and 128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
recipes-containers/lxc/files/commands-fix-check-for-seccomp-notify-support.patch
View File

@ -1,44 +0,0 @@
From a342b11fedb3010630de4909ca707ebdc0862060 Mon Sep 17 00:00:00 2001
From: Eneas U de Queiroz <cotequeiroz@gmail.com>
Date: Fri, 25 Dec 2020 13:54:14 -0300
Subject: [PATCH] commands: fix check for seccomp notify support
Use HAVE_SECCOMP_NOTIFY instead of HAVE_DECL_SECCOMP_NOTIFY_FD.
Currently the latter will be true if the declaration is found by
configure, even if 'configure --disable-seccomp' is used.
HAVE_SECCOMP_NOTIFY is defined in lxcseccomp.h if both HAVE_SECCOMP and
HAVE_DECL_SECCOMP_NOTIFY_FD are true, which is the correct behavior.
Upstream-status: submitted https://github.com/lxc/lxc/pull/3623
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
---
src/lxc/commands.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/lxc/commands.c b/src/lxc/commands.c
index a9a03ca2c..37d1abcef 100644
--- a/src/lxc/commands.c
+++ b/src/lxc/commands.c
@@ -501,7 +501,7 @@ static int lxc_cmd_get_devpts_fd_callback(int fd, struct lxc_cmd_req *req,
int lxc_cmd_get_seccomp_notify_fd(const char *name, const char *lxcpath)
{
-#if HAVE_DECL_SECCOMP_NOTIFY_FD
+#ifdef HAVE_SECCOMP_NOTIFY
int ret, stopped;
struct lxc_cmd_rr cmd = {
.req = {
@@ -526,7 +526,7 @@ static int lxc_cmd_get_seccomp_notify_fd_callback(int fd, struct lxc_cmd_req *re
struct lxc_handler *handler,
struct lxc_epoll_descr *descr)
{
-#if HAVE_DECL_SECCOMP_NOTIFY_FD
+#ifdef HAVE_SECCOMP_NOTIFY
struct lxc_cmd_rsp rsp = {
.ret = 0,
};
--
2.17.1

53
recipes-containers/lxc/files/configure-skip-libseccomp-tests-if-it-is-disabled.patch
View File

@ -1,53 +0,0 @@
From 67cd8bde2d46983df8fa9f647e9fc0b96370ec29 Mon Sep 17 00:00:00 2001
From: Eneas U de Queiroz <cotequeiroz@gmail.com>
Date: Sat, 16 Jan 2021 13:54:07 -0300
Subject: [PATCH] configure: skip libseccomp tests if it is disabled
Move the block checking for libseccomp api compatibility inside
AM_COND_IF([ENABLE_SECCOMP] ... ).
Upstream-Status: submitted [https://github.com/lxc/lxc/pull/3623]
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
---
configure.ac | 17 ++++++++---------
1 file changed, 8 insertions(+), 9 deletions(-)
diff --git a/configure.ac b/configure.ac
index f58487f5d..ce6363136 100644
--- a/configure.ac
+++ b/configure.ac
@@ -312,6 +312,14 @@ AM_COND_IF([ENABLE_SECCOMP],
AC_CHECK_LIB([seccomp], [seccomp_init],[],[AC_MSG_ERROR([You must install the seccomp development package in order to compile lxc])])
AC_SUBST([SECCOMP_LIBS], [-lseccomp])
])
+ # HAVE_SCMP_FILTER_CTX=1 will tell us we have libseccomp api >= 1.0.0
+ OLD_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS $SECCOMP_CFLAGS"
+ AC_CHECK_TYPES([scmp_filter_ctx], [], [], [[#include <seccomp.h>]])
+ AC_CHECK_DECLS([seccomp_notify_fd], [], [], [[#include <seccomp.h>]])
+ AC_CHECK_TYPES([struct seccomp_notif_sizes], [], [], [[#include <seccomp.h>]])
+ AC_CHECK_DECLS([seccomp_syscall_resolve_name_arch], [], [], [[#include <seccomp.h>]])
+ CFLAGS="$OLD_CFLAGS"
])
AC_MSG_CHECKING(for static libcap)
@@ -359,15 +367,6 @@ AM_COND_IF([ENABLE_CAP],
AC_CHECK_LIB(cap,cap_get_file, AC_DEFINE(LIBCAP_SUPPORTS_FILE_CAPABILITIES,1,[Have cap_get_file]),[],[])
AC_SUBST([CAP_LIBS], [-lcap])])
-# HAVE_SCMP_FILTER_CTX=1 will tell us we have libseccomp api >= 1.0.0
-OLD_CFLAGS="$CFLAGS"
-CFLAGS="$CFLAGS $SECCOMP_CFLAGS"
-AC_CHECK_TYPES([scmp_filter_ctx], [], [], [[#include <seccomp.h>]])
-AC_CHECK_DECLS([seccomp_notify_fd], [], [], [[#include <seccomp.h>]])
-AC_CHECK_TYPES([struct seccomp_notif_sizes], [], [], [[#include <seccomp.h>]])
-AC_CHECK_DECLS([seccomp_syscall_resolve_name_arch], [], [], [[#include <seccomp.h>]])
-CFLAGS="$OLD_CFLAGS"
-
AC_CHECK_HEADERS([linux/bpf.h], [
AC_CHECK_TYPES([struct bpf_cgroup_dev_ctx], [], [], [[#include <linux/bpf.h>]])
], [], [])
--
2.17.1

54
recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch
View File

@ -18,11 +18,11 @@ Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
src/tests/lxc-test-usernic.in | 2 +- src/tests/lxc-test-usernic.in | 2 +-
5 files changed, 5 insertions(+), 5 deletions(-) 5 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/tests/lxc-test-apparmor-mount b/src/tests/lxc-test-apparmor-mount Index: lxc-4.0.9/src/tests/lxc-test-apparmor-mount
index d21c948..9e1969b 100755 ===================================================================
--- a/src/tests/lxc-test-apparmor-mount --- lxc-4.0.9.orig/src/tests/lxc-test-apparmor-mount
+++ b/src/tests/lxc-test-apparmor-mount +++ lxc-4.0.9/src/tests/lxc-test-apparmor-mount
@@ -169,7 +169,7 @@ if [ -f /etc/lsb-release ]; then @@ -170,7 +170,7 @@
done done
fi fi
@ -31,11 +31,11 @@ index d21c948..9e1969b 100755
echo "test default confined container" echo "test default confined container"
run_cmd lxc-start -n $cname -d -lDEBUG -o "$logfile" run_cmd lxc-start -n $cname -d -lDEBUG -o "$logfile"
diff --git a/src/tests/lxc-test-autostart b/src/tests/lxc-test-autostart Index: lxc-4.0.9/src/tests/lxc-test-autostart
index e5b651b..d15b79b 100755 ===================================================================
--- a/src/tests/lxc-test-autostart --- lxc-4.0.9.orig/src/tests/lxc-test-autostart
+++ b/src/tests/lxc-test-autostart +++ lxc-4.0.9/src/tests/lxc-test-autostart
@@ -55,7 +55,7 @@ if [ -f /etc/lsb-release ]; then @@ -55,7 +55,7 @@
done done
fi fi
@ -44,11 +44,11 @@ index e5b651b..d15b79b 100755
CONTAINER_PATH=$(dirname $(lxc-info -n $CONTAINER_NAME -c lxc.rootfs.path -H) | sed -e 's/dir://') CONTAINER_PATH=$(dirname $(lxc-info -n $CONTAINER_NAME -c lxc.rootfs.path -H) | sed -e 's/dir://')
cp $CONTAINER_PATH/config $CONTAINER_PATH/config.bak cp $CONTAINER_PATH/config $CONTAINER_PATH/config.bak
diff --git a/src/tests/lxc-test-no-new-privs b/src/tests/lxc-test-no-new-privs Index: lxc-4.0.9/src/tests/lxc-test-no-new-privs
index 8642992..e72bdf0 100755 ===================================================================
--- a/src/tests/lxc-test-no-new-privs --- lxc-4.0.9.orig/src/tests/lxc-test-no-new-privs
+++ b/src/tests/lxc-test-no-new-privs +++ lxc-4.0.9/src/tests/lxc-test-no-new-privs
@@ -47,7 +47,7 @@ if type dpkg >/dev/null 2>&1; then @@ -49,7 +49,7 @@
ARCH=$(dpkg --print-architecture) ARCH=$(dpkg --print-architecture)
fi fi
@ -57,24 +57,24 @@ index 8642992..e72bdf0 100755
echo "lxc.no_new_privs = 1" >> /var/lib/lxc/c1/config echo "lxc.no_new_privs = 1" >> /var/lib/lxc/c1/config
lxc-start -n c1 lxc-start -n c1
diff --git a/src/tests/lxc-test-unpriv b/src/tests/lxc-test-unpriv Index: lxc-4.0.9/src/tests/lxc-test-unpriv
index 16ff12d..0958d48 100755 ===================================================================
--- a/src/tests/lxc-test-unpriv --- lxc-4.0.9.orig/src/tests/lxc-test-unpriv
+++ b/src/tests/lxc-test-unpriv +++ lxc-4.0.9/src/tests/lxc-test-unpriv
@@ -173,7 +173,7 @@ run_cmd mkdir -p $HDIR/.cache/lxc @@ -178,7 +178,7 @@
cp -R /var/cache/lxc/download $HDIR/.cache/lxc && \ cp -R /var/cache/lxc/download $HDIR/.cache/lxc && \
chown -R $TUSER: $HDIR/.cache/lxc chown -R $TUSER: $HDIR/.cache/lxc
-run_cmd lxc-create -t download -n c1 -- -d ubuntu -r $release -a $ARCH -run_cmd lxc-create -t download -n c1 -l trace -o "${UNPRIV_LOG}" -- -d ubuntu -r $release -a $ARCH
+run_cmd lxc-create -t download -n c1 -- --no-validate -d ubuntu -r $release -a $ARCH +run_cmd lxc-create -t download -n c1 -l trace -o "${UNPRIV_LOG}" -- --no-validate -d ubuntu -r $release -a $ARCH
# Make sure we can start it - twice # Make sure we can start it - twice
diff --git a/src/tests/lxc-test-usernic.in b/src/tests/lxc-test-usernic.in Index: lxc-4.0.9/src/tests/lxc-test-usernic.in
index 3e35008..f489286 100755 ===================================================================
--- a/src/tests/lxc-test-usernic.in --- lxc-4.0.9.orig/src/tests/lxc-test-usernic.in
+++ b/src/tests/lxc-test-usernic.in +++ lxc-4.0.9/src/tests/lxc-test-usernic.in
@@ -146,7 +146,7 @@ if [ -f /etc/lsb-release ]; then @@ -147,7 +147,7 @@
fi fi
# Create three containers # Create three containers

6
recipes-containers/lxc/lxc_4.0.6.bb → recipes-containers/lxc/lxc_4.0.9.bb
View File

@ -49,12 +49,10 @@ SRC_URI = "http://linuxcontainers.org/downloads/${BPN}/${BPN}-${PV}.tar.gz \
file://tests-add-no-validate-when-using-download-template.patch \ file://tests-add-no-validate-when-using-download-template.patch \
file://dnsmasq.conf \ file://dnsmasq.conf \
file://lxc-net \ file://lxc-net \
file://configure-skip-libseccomp-tests-if-it-is-disabled.patch \
file://commands-fix-check-for-seccomp-notify-support.patch \
" "
SRC_URI[md5sum] = "732571c7cb4ab845068afb227bf35256" SRC_URI[md5sum] = "365fcca985038910e19a1e0fff15ed07"
SRC_URI[sha256sum] = "9165dabc0bb6ef7f2fda2009aee90b20fbefe77ed8008347e9f06048eba1e463" SRC_URI[sha256sum] = "1fcf0610e9140eceb4be2334eb537bb9c5a213faea77c793ab3c62b86f37e52b"