There's compilation error when building lxc for ARM/ARM64 BSPs.
The error message is as below:
| ../git/src/lxc/cgroups/cgfsng.c🔢111: error: incompatible
type for argument 10 of 'sd_bus_call_method_asyncv'
The 10th argument is of type va_list but NULL is supplied, thus causing
compilation error.
So we use sd_bus_call_method_async to replace the asyncv one to
solve this issue.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
This is a significant update to lxc as autotools has been replaced
with meson.
Not all existing autotools options have meson equivalents, so there
may be differences in functionallity.
As part of this update, and unused features have been dropped, mainly
when the meson equivalent was not available.
Basic / core functionality has been tested with systemd, sysvinit
requires more work, and patches will be accepted to restore that
capability.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
We refresh our wget -> curl patch for context, but otherwise, no other
changes are required.
Bumping lxc to version lxc-4.0.12-8-g5ba5725cb, which comprises the following commits:
5ba5725cb cgroups: modify cgroup2 attach logic
1e4631641 ttys: ensure container_ttys= env variable is set correctly
8ef019a6c doc: Fix reverse allowlist/denylist in Japanese man page
f1c4a17e7 cgroups: log fd of newly created cgroup
f7446b4e1 cgroups: check that opened file descriptor is a cgroup filesystem
71ba7f656 doc: Fix reverse allowlist/denylist
f314419d1 lxc-checkconfig: Fix bashism
ca4c25c6e lxc-net: don't start by default inside lxc
7e37cc96b Release LXC 4.0.12
d678aa61e lxccontainer: allow xdev when creating the container dir
bc61d2354 github: Clear default ACL on /home
fb0e0b3dd github: add systemd-coredump
53e0d390c github: more detailed compilation instructions
db84a8b6b github: log system info
e9282b6a6 github: ensure system liblxc is wiped
ad8a3bd68 lxccontainer: properly wrap lxcapi_create()
bceb81cd2 build: simplify thread local storage handling
919da35b0 build: only enable LTO for regular builds
d0a1e9c44 lxccontainer: simplify partial file creation
62b5c0051 lxccontainer: improve create_partial()
bfe24cb6a lxccontainer: improve do_lxcapi_create()
1a5c236ac lxccontainer: improve do_lxcapi_save_config()
bae0d7196 conf: log termination status
4eb09aaad conf: improve userns_exec_mapped_root()
928943280 github: stop installing gnupg now that it's unused
7c70b0d14 lxc-download: Rely on HTTPS only
199d2077c Update README.md: Fix broken link (403 Forbidden)
0b6b230e3 attach: don't pointlessly call cgroup_init()
dbef704fb commands: log command during file descriptor retrieval
733f9c909 lxc-checkconfig.in: CONFIG_NF_NAT_IPV4 was removed from the kernel 2019-03-03
ce392e230 (trivial) Fix error message, failure was connect not bind
5628bff79 seccomp: close seccomp notifier fd in cleanup handler
1f2af83a9 seccomp: only guard seccomp notify behind HAVE_DECL_SECCOMP_NOTIFY_FD
9451303d5 api-extensions: don't advertise seccomp notify support if it's not compiled in
23d07c315 use 2 sysfs instances for sys:mixed
0dd3258bd Revert "api: ->save_config() doesn't need to create container dir"
93edd510a api: ->save_config() doesn't need to create container dir
28b2e04f1 cgroups: fix compiler warning
15515f9a3 Revert "initutils: use vfork() in lxc_container_init()"
41d2530d1 macro: ensure necessary io_uring flags are defined
fc4e948c9 autotools: Avoid multiple liblxc.so with --enable-pam
a616a311a build: refuse to compile with unsupported liburing version
93be4e512 tests: add lxc.proc.* test
d8027e49c tests: add lxc.sysctls.* test
6f580343e test: improve logging helpers
a10ff3418 conf: improve logging setting sysctl and /proc/<pid>/ parameters
334cf7beb conf: apply /proc/sys and /proc/<pid>/ parameters
1b74e01ad tests: include config.h
c36379431 build: move _FILE_OFFSET_BITS to common option
f24c234ee start: log signal name and number
4915c9112 process_utils: add signal_name() helper
78baec37d build: improve liburing support detection
1a102b310 mainloop: make ifdefs easier to follow
cf931928f Replace last occurence of 'which' with 'command -v'
1ec5939b4 Replace deprecated backticks with $() construct
fdfb4a13d Replace 'which' with 'command -v' in tests too
71743e811 start: check event loop type before closing fd
f69e6b4d3 mainloop: make sure that descr->ring is allocated
1a8895855 Replace 'which' with 'command -v'
9219277cc build: add io-uring-event-loop option
d04eb166c build: add static libcap to output
bc51048b7 confile: don't use path_simplify() on lxc.{execute,init}.cmd
48728e988 conf: add cgroup2, cgroup2:ro, cgroup2:force, cgroup2:ro:force options
4d3aad49d AUTHORS: Update to point to git history
e328a988e conf: handle kernels without or not using SMT
d40b0deb4 doc: fix typo in English lxc.container.conf(5)
49fab27fc doc: Add lxc.sched.core to Japanese lxc.container.conf(5)
1ad1cab80 doc: add loglevels to ja and ko common options
1505f0780 conf: make it more obvious how auto-mount flags are defined
429233cf0 criu: support restoring containers with pre-created veth devices
48e079bf3 Release LXC 4.0.11
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
These changes are the result of running the convert-spdx-licenses.py
oe-core script.
There's no impact to the build, but we will avoid issues when
interacting with core QA by the alignment.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
github is removing git:// access, and fetches will start experiencing
interruptions in service, and eventually will fail completely.
bitbake will also begin to warn on github src_uri's that don't use
https. So we convert the meta-virt instances to use protocol=https
(done using the oe-core contrib conversion script)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
update to 4.0.11
1.drop two patches that have been integrated to upstream repo.
2.drop tests-add-no-validate-when-using-download-template.patch
because it is no longer appropriate as the "download" has been
replaced with "busybox"
3.fix the apply failure of templates-use-curl-instead-of-wget.patch
4.update lxc from 4.0.10 to 4.0.11
Signed-off-by: Yanfei Xu <yanfei.xu@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Added fix_c_command.patch the -c command seems to be broken because
the passed context is ignored and always overwritten by the context
specified in the config file.
Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Sana Kazi <sanakazisk19@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
To more easily pull in fixes / backports from newer versions, switching
to git. This also allows bisecting and easier support when we run into
upgrade issues.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Enabled seccomp support for lxc.
Also added a patch to enable seccomp.profile only when compiled with
libseccomp. Currently, seccomp.profile is silently ignored. This
could lead to the false impression that the seccomp filter is
applied while it actually isn't.
Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
OEcore/bitbake are moving to use the clearer ":" as an overrides
separator.
This is pass one of updating the meta-virt recipes to use that
syntax.
This has only been minimally build/runtime tested, more changes
will be required for missed overrides, or incorrect conversions
Note: A recent bitbake is required:
commit 75fad23fc06c008a03414a1fc288a8614c6af9ca
Author: Richard Purdie <richard.purdie@linuxfoundation.org>
Date: Sun Jul 18 12:59:15 2021 +0100
bitbake: data_smart/parse: Allow ':' characters in variable/function names
It is becomming increasingly clear we need to find a way to show what
is/is not an override in our syntax. We need to do this in a way which
is clear to users, readable and in a way we can transition to.
The most effective way I've found to this is to use the ":" charater
to directly replace "_" where an override is being specified. This
includes "append", "prepend" and "remove" which are effectively special
override directives.
This patch simply adds the character to the parser so bitbake accepts
the value but maps it back to "_" internally so there is no behaviour
change.
This change is simple enough it could potentially be backported to older
version of bitbake meaning layers using the new syntax/markup could
work with older releases. Even if other no other changes are accepted
at this time and we don't backport, it does set us on a path where at
some point in future we could
require a more explict syntax.
I've tested this patch by converting oe-core/meta-yocto to the new
syntax for overrides (9000+ changes) and then seeing that builds
continue to work with this patch.
(Bitbake rev: 0dbbb4547cb2570d2ce607e9a53459df3c0ac284)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Bumping lxc to a newer 4.0 -stable release.
We drop two patches that have been integrated to the upstream repo, but
otherwise, things are the same.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The URI has been changed to 'https://linuxcontainers.org/downloads/lxc'
by the site maintainers recently. Updating the recipe to reflect the new
path.
Signed-off-by: Robi Buranyi <rburanyi@google.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating to the next minor revision in the LTS.
We also drop two patches that are included in the main repository
as partof this bump.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Ensure postinstall script for lxc-networking package can run at
build time for a read-only rootfs (with sysvinit).
Signed-off-by: Daniel Dragomir <Daniel.Dragomir@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Remove deprecated options in lxc*.service to silence below warning:
# systemctl status lxc
[snip]
/usr/lib/systemd/system/lxc.service:17: Standard output type syslog is obsolete, automatically updating to journal. Please update your unit file, and consider removing the setting altogether.
/usr/lib/systemd/system/lxc.service:18: Standard output type syslog is obsolete, automatically updating to journal. Please update your unit file, and consider removing the setting altogether.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Instead of disabling particular warnings, its better to use configure
switch, since some of these warnings could be compiler specific
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
While we are updating, we refresh one patch to remove fuzz, otherwise
there are no significant changes.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Since oe-core is upgrading gcc to 10.1, there is
a compile failure
...
|../../../lxc-4.0.2/src/lxc/cgroups/cgfsng.c:2100:10: error: writing
1 byte into a region of size 0 [-Werror=stringop-overflow=]
| 2100 | *slash = '\0';
...
Add gcc option `-Werror=stringop-overflow' to workaround the issue
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Python3.5 is no longer supported, update references to latest python version
using variables from python3-dir bbclass
Signed-off-by: Sai Hari Chandana Kalluri <chandana.kalluri@xilinx.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
License changes from lxc3.2.1 to lxc4.0.1:
1.File COPYING is renamed to LICENSE.LGPL2.1
2.Add a new file LICENSE.GPL2
Signed-off-by: Yanfei Xu <yanfei.xu@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The recent uprev of lxc left some fuzz in a patches. devtool refresh
cleans this up, and no runtime issues have been detected.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Update to the just released 4.0.1. And drop some patches contained
in this released.
Signed-off-by: Yanfei Xu <yanfei.xu@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
When Autotools makes configuration of LXC, the check of
the memfd_create() function fails because __stub_memfd_create and
__stub___memfd_create (The GNU C library defines this for functions
which it implements to always fail with ENOSYS) are defined in Glibc,
which leads to the fact that the macro HAVE_MEMFD_CREATE is not
defined and LXC provides defintion of the memfd_create() function as
static inline which in turn conflicts with a definition from
the <bits/mman-shared.h> file and causes an error:
| In file included from ../../../lxc-3.2.1/src/lxc/conf.c:79:
| <src_path>//lxc/syscall_wrappers.h:77:19: error: static declaration
| of 'memfd_create' follows non-static declaration
| | static inline int memfd_create(const char *name, unsigned int flags) {
| | ^~~~~~~~~~~~
| In file included from /usr/include/bits/mman-linux.h:111,
| from /usr/include/bits/mman.h:34,
| from /usr/include/sys/mman.h:41,
| from <src_path>/lxc-3.2.1/src/lxc/conf.c:42:
| /usr/include/bits/mman-shared.h:50:5: note: previous declaration
| of 'memfd_create' was here
| | int memfd_create (const char *__name, unsigned int __flags) __THROW;
| | ^~~~~~~~~~~~
Upstream PR: https://github.com/lxc/lxc/pull/3168 (merged)
Signed-off-by: Oleksii Kurochko <olkuroch@cisco.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The added patches allow to set the SELinux context for the session
keyring that is created by lxc. In addition it is possible to disable
the creation of a new session keyring completely.
Upstream PR: https://github.com/lxc/lxc/pull/3260 (merged)
If lxc is executed on a SELinux enabled system, these options can be
used to assign the expected label to the session keyring.
Signed-off-by: Maximilian Blenk <maximilian.blenk@bmw.de>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
When curl's MIT license is preferable to wget's GPLv3. Which it is in
several situations.
Change-Id: I72ee1ce66493c564557b73fae80f5219ef83af6d
Signed-off-by: Joakim Roubert <joakimr@axis.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
nl80211 device can't be moved to another namespace due to
e389f2afd8509(start: unify and simplify network creation), and lxc
community has fixed this issue with:
commit 3dd7829433f63b2ec1323a1f237efa7d67ea6e2b lxc upstream
This patch is grabbing the commit above, and should be abandoned with
lxc uprev afterwards.
See more details here: https://github.com/lxc/lxc/issues/3105
Signed-off-by: Yunguo Wei <yunguo.wei@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
This module is part of the perl package now and is shipped by default.
Signed-off-by: Oleksandr Kravchuk <oleksandr.kravchuk@pelagicore.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* Refresh patch to avoid fuzz warnings
* Update to 3.0.2 as lxc-destroy failed when
system boot in nfs rootfs in lxc 3.0.1 as below:
# lxc-destroy -n test9
lxc-destroy: test9: utils.c: _recursive_rmdir: 149 Failed to delete /var/lib/lxc/test9
lxc-destroy: test9: lxccontainer.c: container_destroy: 2946 Failed to destroy directory "/var/lib/lxc/test9" for "test9"
Destroying test9 failed
Update to 3.0.2 to fix the above issue
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
When runing:
lxc-create -t download -n test
The system reports that the getopt command can't find. This is because
the lxc-download template depends on getopt command. So add the runtime
depends on util-linux-getopt for lxc.
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
- Bug fix release
- Fixes gcc8 build failures
- Update patch for fuzz issues.
- remove --disable-python and --disable-lua as they have been removed
Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The tests are already built when we do_compile so we only need to copy
them to the ptest path and create a wrapper script to run them. This
has the added benefit of reducing the size of the lxc package.
We have to manipulate the test sources some to remove gpg validation
and a few other minor changes, none of which actually change what is
being tested (notes are provided in the associated commit logs).
The following are the ptest results currently acheived:
### Starting LXC ptest ###
./tests/lxc-test-api-reboot FAIL
./tests/lxc-test-apparmor SKIPPED
./tests/lxc-test-attach PASS
./tests/lxc-test-automount PASS
./tests/lxc-test-autostart PASS
./tests/lxc-test-cgpath PASS
./tests/lxc-test-cloneconfig PASS
./tests/lxc-test-clonetest PASS
./tests/lxc-test-concurrent PASS
./tests/lxc-test-config-jump-table PASS
./tests/lxc-test-console PASS
./tests/lxc-test-console-log PASS
./tests/lxc-test-containertests PASS
./tests/lxc-test-createconfig PASS
./tests/lxc-test-createtest PASS
./tests/lxc-test-criu-check-feature PASS
./tests/lxc-test-destroytest PASS
./tests/lxc-test-device-add-remove PASS
./tests/lxc-test-get_item PASS
./tests/lxc-test-getkeys PASS
./tests/lxc-test-list PASS
./tests/lxc-test-locktests PASS
./tests/lxc-test-lxcpath PASS
./tests/lxc-test-may-control PASS
./tests/lxc-test-no-new-privs PASS
./tests/lxc-test-parse-config-file PASS
./tests/lxc-test-raw-clone PASS
./tests/lxc-test-reboot PASS
./tests/lxc-test-rootfs PASS
./tests/lxc-test-saveconfig PASS
./tests/lxc-test-share-ns PASS
./tests/lxc-test-shortlived PASS
./tests/lxc-test-shutdowntest SKIPPED
./tests/lxc-test-snapshot PASS
./tests/lxc-test-startone PASS
./tests/lxc-test-state-server SKIPPED
./tests/lxc-test-utils PASS
Results:
PASSED = 33
FAILED = 1
SKIPPED = 3
(for details check individual test log in ./logs directory)
### LXC ptest complete ###
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
We have a new dependency on 'mountpoint' which is now called in the
download template script. We also hit an upstream bug due to improper
use of 'mktemp', so we apply a patch to fix this and sent the fix
upstream as well.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Update to the latest lxc release. This requires some minor patch
updates (fuzz and offset, not content) along with dropping a no longer
needed fix for gcc7 (gcc 7.3 is everywhere and is patched).
The ptests were already busted before the uprev so I was not able to
run them but I will follow up with a fix for this. I did run against
our usual usecases 'lxc-create', 'lxc-console', 'lxc-ls',
'lxc-destroy', 'lxc-start', 'lxc-execute', 'lxc-attach'... and there
were no issues (outcomes matched v2.0.8).
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Adding missing RDEPENDS on iptables, the lxc-net service will fail
without this. Use the new 'pkg_postinst_ontarget_' instead of failing
out to signal runtime postinst scripts, this conforms with the latest
expectation for bitbake. The interfaces file is specific to sysvinit
and unneeded for systemd so block the creation of these files only
when building for sysvinit.
Lastly add a default 'lxc-net' file. Since we have a separate
lxc-networking package we can complete it with this configuration
which is sourced by '/etc/default/lxc' (which is part of the core lxc
package). In doing this we are like Debian when the lxc-networking
package is not installed in the image, and like Ubuntu when it is.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Without this we get:
ERROR: Missing required tool: wget
When attempting to do something like:
lxc-create -n ubu -t download -- --no-validate -d ubuntu -r xenial
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
This was renamed back in v1.1.0 but I suppose most folks have been
buiding for systemd or were not using this functionality and it went
unnoticed.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
For some packages we include a -setup package which can be installed
as part of an image to complete a more comprehensive setup of the main
package. This is common for example in meta-cloud-services since many
OpenStack packages have extensive setup.
The -setup package for lxc did at one point do comprehensive setup but
over time this has been moved to the -networking package. Now the
-setup package is only being used as a container for the systemd
service files or sysvinit scripts. This can better be accomplished by
setting appropriate runlevels for the initscripts or disabling or
masking the systemd services (via SYSTEMD_AUTO_ENABLE).
This also fixes some confusion or what might be considered a bug
around -setup and -networking packages as the -setup package was
mopping up the lxc-net.service file, instead of it being included in
the -networking package.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
LXC is licensed under LGPLv2.1 not GPLv2. The COPYING file
referenced in the LXC recipe on all branches have the same content,
checksum and all define LICENSE="GPLv2" rather than "LGPLv2.1".
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
systemd unit dir can be customized by the distro (e.g. usrmerge), so
make sure the correct unit dir path is set on configure.
Signed-off-by: Ricardo Salveti <ricardo@opensourcefoundries.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
When attempting to create a container using
lxc-create -t download -n test -- no-validate --dist ubuntu --release \
xenial --arch amd64
the container creation will fail due to missing 'xz' and in the case
of 'tar' due to invalid options if the busybox version of 'tar' is
used.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
