The reason is that the generic code which handles reading lxc.rootfs.mount
always frees the old value if not NULL. So without this setting
lxc.rootfs.mount = /mnt causes segfault.
This is a backport for lxc-0.9.0 (dora) of the same fix found in
upstream's master, see commits 54c30e29 and 53f3f048.
Signed-off-by: Josep Puigdemont <josep.puigdemont@enea.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
All of the old RRECOMMENDS are confirmed to be handled via PACKAGECONFIG,
so we can clean up the recipe and remove commented out reference to the
old values.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
This pulls in a dependency on the checkpolicy compiler (native)
and adds --enable-xsmpolicy in do_configure when 'xsm'
DISTRO_FEATURE is present.
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Upstream patch to fix race condition between creating /boot and
installing the XSM policy. Race would cause policy to be written
to /boot instead of into the /boot directory if it didn't already
exist.
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
xen is not the right dependency for --with-libxl/--without-libxl, replace
it to libxl.
Signed-off-by: Yang Shi <yang.shi@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Add LAYERVERSION and LAYERDEPENDS, it needs depend on oe-core and
meta-networking layer.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The last line lacked a newline (usually '\n', aka CR or CRLF) in the
end, so there was a warning from git diff:
\ No newline at end of file
The last byte of the file should be a newline.
Note:
It seems that nothing is changed in this commit, but it does change the
end of the last line.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Updated linux kernel fragment to match defaults as defined in the 3.10 kernel's Kconfig files. If defaults were not specified, modules were were used unless required by another built-in option. As such, The core frontend drivers are included by default and the backend drivers are built as modules.
This allows privileged, PV, HVM, and PVHVM guests to work properly without additional kernel configuration or modules required in initramfs (from a Xen support perspective).
This also removes CONFIG_KVM_GUEST which was erroneously included previously.
Signed-off-by: Chris Patterson <cjp256@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The current behavior for libvirt containers is to
configure a set of "basic" mounts in the new container
environment by default. Some of these mounts, such as
securityfs or selinux, might not have kernel support on
all running platforms. The added patchset implements
proper handling for this case and makes some additional
cleanups and refactoring.
The patchset is taken from the upstream libvirt mailing
list. Please refer to:
https://www.redhat.com/archives/libvir-list/2013-October/msg00270.html
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
It make make sense to break this out into its own package in the
future for those that want to ship a monolithic policy without the
tools but for now we should at least get it in the flask package.
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
commit 6807238d87fd [Ensure securityfs is mounted readonly in
container] from upstream libvirt requires securityfs to be mounted,
always. Failing to use a kernel without SECURITYFS support results in
the following error when you attempt to start a lxc guest:
error : lxcContainerMountBasicFS:807 : Failed to mkdir securityfs: No
such file or directory Input/output error
Here we apply an upstream fix for this which allows you to use userns
support instead of SECURITYFS, by using <idmap> in your guest config.
A similar situation exists for SELINUX so here we are bringing in 2
more upstream commits, the first for context and the second, which
like the securityfs patch, doesn't force selinux to be mounted if
userns is used.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Cc: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Just a bit of clean up. I know xend is deprecated and hopefully no
one will use it but it should end up in the right package.
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
1.1.2 is available and fixes a number of issues with 1.1.1 (segfaults
and more).
Since 1.1.1 has been available for a while, with no significant issues
reported, I'm also removing the fallback 1.0.3 and 1.1.1 recipes with
this update.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Add recipe for 1.0.6 version. And, add status and reload commands into
init script.
Signed-off-by: Yang Shi <yang.shi@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
redefining THISDIR and using FILESPATH is no longer required in a
"modern" bbappend, and in fact breaks other layers that also patch
python.
Removing THISDIR and using FILESEXTRAPATHS_prepend fixes both issues.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
During the 1.1.1 uprev, a debug change of overly aggressive packaging
was left in place. The restores the previous packaging divisions.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The libvirt-python.inc manipulation of PACKAGECONFIG meant that the default
configuration options of the libvirt recipe never fired, since the variable
had an assignment and the lazy set of the configuration values never
applied to the build.
Moving the python PACKAGE_CONFIG options into the main recipe, and ensuring
that PACKAGE_CONFIG_${PN} is used for libvirt-python means that most builds
will now use the default configuration.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Updating to the 1.1.1 libvirt release. Changes from the 1.0.3 recipe include
a fix/workaround for the:
../src/.libs/libvirt.so: undefined reference to `virNetTLSInit'
That is seen on some machines. The current fix is to explicilty link against
the library which provides the definition. A smarter fix via libtool may
be possible, but was elusive at the time of writing this patch.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
In a systemd based build, /var/run is translated to /run. Since ovs doesn't
currently package this directory, it results in a QA error. Adding it to the
main ovs package fixes the QA issue and provides the proper runtime support.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
libvirt generates several python scripts using its python/generator.py
script. This uses the PYTHON variable, which in our case will be a
full path to the sysroot that will not exist on the target. For this
we are patching libvirt to allow for (but not require) TARGET_PYTHON
to be defined and used when generating these python scripts.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The iasl package is licensed under the Intel ACPI license. This is a
variation of the MIT license but with enough modification that we
don't want to mark it as MIT. Previously building this package would
warn about the missing license. With this change we are providing a
clear text copy of the license and calling this license out in the
iasl recipe to make the warning go away and to ensure we are clearly
defining this package's license information.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
RPM doesn't guarantee the order in which postinstalls are ran.
Added code to ensure the pki directory is initialized.
Signed-off-by: Mihai Prica <mihai.prica@intel.com>
Many LXC templates expect the cache directory to exist and use it without
necessarily checking if it exists. Normally the Makefile would create this
directory but since /var/cache is volatile we must use the volatile system to
create this directory at boot, or when the package is installed.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The commit "busybox: remove awk -F patch" missed the SRC_URI
update for the dropped patch.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The awk patch being carried by meta-virtualization is part of the
1.21.1 busybox release. So we can drop it from the bbappend.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
This is a bit ugly since ebtables isn't controlled via
--with/--without-PACKAGE but we can achieve the same result using the
cached path variable. Since there are no static hooks into ebtables it
doesn't get picked up via the automatic RDEPENDS so we also ensure
that we add the RDEPENDS explicitly here.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
As per the PACKAGECONFIG documentation "You can omit any argument you
like but must retain the separating commas".
If we do not retain the separating commas, we might get parsing
errors, or, worse, we will think we depend on many items that we do
not enable.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
If the user forgets to include the path portion of the URI, instead of
receiving an error message, libvirtd crashes.
So for example attempting to make this call will cause libvirtd to
fall over.
virsh -c qemu+ssh://root@my.host.com list
(forgetting the trailing /system after the host name)
The reason for the crash is that libvirtd is trying to output an error
message with a uninitialized variable. This problem is already fixed
in the upstream so applying this fix to our tree allows this issue to
be avoided.
Signed-off-by: Thomas Tai <thomas.tai@windriver.com>
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
libvirt relies on its Makefile's install rules to create several
directories in /var/run/libvirt. The use of ALLOW_EMPTY_ allows these
to be included in the RPM, however, they are cleared out at boot by
the volatile system. This causes issues since the libvirt runtime does
not check for the existence of these directories prior to attempting
to create files in them, resulting in errors. Here we add to the
volatiles allowing the required directories to be created at boot or
when the volatiles are updated.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Openvswitch is built with the assumption that the PYTHON and PERL
variables are common between the host and target. This can result in
improper paths used for script substitutions which in turn causes
scripts which will fail to run on the target and the generated
packages to have improper REQUIRES, making them impossible to
install. These are usually not an issue since python and perl are
found in the same location on the host and target, but there is no
guarantee of this so the possibility of failure exists. By explicitly
defining the location of the python and perl on the target we can
avoid these assumptions and possibility of failure.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
