51a891439b
We drop a patch that has been merged upsream, and also bump the
version to lxc-5.0.2, which comprises the following commits:
d57173681 Release LXC 5.0.2
17c85aac6 Fix build error on sparc64 caused by using the gold linker
b7dfb1312 lxc-default-cgns apparmor profile: allow overlay mounts
5cde898f4 lxc_user_nic: fix get_mtu() error handling
80553b5b4 Patching an incoming CVE (CVE-2022-47952)
1089f49c5 build: force linking against liblxc
0d2a03118 checkconfig: Fix filesystem capability check
e17429580 checkconfig: Tweak cgroup handling
4ab76611d checkconfig: Tweak layout
0bca9bb18 checkconfig: Hide version if no lxc-start
957e0a5d9 checkconfig: Fix mixed tabs/spaces
4916a16bd src/lxc/meson.build: fix build without apparmor
a330126b4 build: use cc.get_define to detect FS_CONFIG_* symbols
c89be8325 cgroups: fix cgroup layout detection in __initialize_cgroups
7802f3647 state: additional check in lxc_wait to prevent OOB
4b434bf52 cgroups: check snprintf retval in unpriv_systemd_create_scope
0eca8d2ea cgroups: fix buffer out-of-bounds access in enable_controllers_delegation
4ce8345d6 network: always initialize struct nl_handler
28a1591cd apparmor: properly check lxc_strmmap ret value
bd56c89ea github: fix coverity (add libpam-dev)
a1ead0dcc github: fix coverity build
9e35b3ecd conf: ensure mount tunnel is a dependent mount
2ff447445 apparmor: allow shared mounts in start-container.in
58e878209 conf: create separate peer group for container's root
06b4612ee cgroups: only allocate user namespace if we have to
2662959b8 cgroups: use userns_exec_full() during cgroup removal
4dcc84c6b README: remove lgtm
748720ceb tests: lxc-test-reboot: Fix build on ia64
5749e2e20 Unroll IN_SET since the max usage is 2 elements check
495b1bbf4 tests: lxc-test-checkpoint-restore: use trap to do cleanup
77e08b887 tools: lxc-destroy: update help message for --force
9165ff1ed lxc/attach: Detect EACCES from execvp and convert to 126 exit status
011faff36 lxc-attach: Fix lost return codes of spawned processes that are killed
931693945 Update README.md
a6287882e conf: allow cross-device links
8fa6d765a build(deps): bump actions/checkout from 2 to 3
e08c1b740 Update cifuzz.yml
0e9e64db8 fix error message when use tools with -? option
f1a61a5f0 use sd_bus_call_method_async to replace the asyncv one
ca863bd72 tree-wide: split open helpers into open_utils.h
02900160c build: prevent the inclusion of linux/mount.h with a hack
51b8763b0 mount_utils: remove conf.h include
460243f40 mount: move mount utilities from syscall_wrappers.h into mount_utils.h
d5d7e2036 tree-wide: minimize liburing.h inclusion
e2b8776bb meson: fix docbook2x detection
d1dfce9c5 tree-wide: use struct open_how directly
c9bca3326 tree-wide: use struct clone_args directly
497479ea3 tree-wide: wipe direct or indirect linux/mount.h inclusion
02f4bd00f build: check for FS_CONFIG_* header symbol in sys/mount.h
c222fb567 gitignore: Simplify
22e8a7941 meson.build: strip newline for variable assignments
d5600cf76 meson.build: strip newlines from git output
7d6b53438 src/lxc/meson.build: fix the static library path
1d5c7e771 build: drop build-time systemd dependency
59f69162c build: only build init.lxc.static if libcap is statically linkable
062c2d980 build: fix handling of dependancies to fix build on openSUSE
2a9743bba cgroups: fix -Waddress warning
e510d6bd8 build: detect sys/pidfd.h availability
b7b269680 build: detect where struct mount_attr is declared
5313e5048 meson.build: allow explicit distrosysconfdir
0539095ac Release LXC 5.0.1
a1329fefe README: update security mails
315d4cec6 meson.build: fix build without stack-protector
aba631cd4 meson.build: fix build with -Dcapabilities=false
c2ee9b440 src/lxc/log.h: fix STRERROR_R_CHAR_P
d441ee585 meson: add remaining still-in-use config checks
00a79876b Store mount options in correct variable
da0f35646 Fix off-by-one error constructing mount options
31bff905a add check for statvfs
242289b6b start: fix namespace sharing
41f602361 conf: fix append_ttyname()
ea4fd7f85 start: record inherited namespaces earlier to make it available for idmapped rootfs setup
e74fd55bc start: don't overwrite file descriptors during namespace preservation
dcfd75bb4 conf: log file descriptors on error during idmapped mount setup
c3e648700 fix for issue 4026: set broadcast to 0.0.0.0 for /31 and /32
cfcbdb75f use systemd dbus StartTransientUnit for unpriv cgroup2
28726f215 Fix uninitialized read in parse_cap when libcap is not used
d663495ee meson: Generate compile commands by iterating over an array
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|---|---|---|
| classes | ||
| conf | ||
| docs | ||
| dynamic-layers | ||
| files | ||
| lib/oeqa/runtime/cases | ||
| recipes-containers | ||
| recipes-core | ||
| recipes-demo | ||
| recipes-devtools | ||
| recipes-extended | ||
| recipes-graphics/xorg-xserver | ||
| recipes-kernel | ||
| recipes-networking | ||
| scripts/lib/wic/plugins/source | ||
| wic | ||
| .gitignore | ||
| COPYING.MIT | ||
| MAINTAINERS | ||
| meta-virt-roadmap.txt | ||
| README | ||
meta-virtualization
This layer provides support for building Xen, KVM, Libvirt, and associated packages necessary for constructing OE-based virtualized solutions.
The bbappend files for some recipes (e.g. linux-yocto) in this layer need to have 'virtualization' in DISTRO_FEATURES to have effect. To enable them, add in configuration file the following line.
DISTRO_FEATURES:append = " virtualization"
If meta-virtualization is included, but virtualization is not enabled as a distro feature a warning is printed at parse time:
You have included the meta-virtualization layer, but
'virtualization' has not been enabled in your DISTRO_FEATURES. Some bbappend files
may not take effect. See the meta-virtualization README for details on enabling
virtualization support.
If you know what you are doing, this warning can be disabled by setting the following variable in your configuration:
SKIP_META_VIRT_SANITY_CHECK = 1
Depending on your use case, there are other distro features in meta-virtualization that may also be enabled:
- xen: enables xen functionality in various packages (kernel, libvirt, etc)
- kvm: enables KVM configurations in the kernel and autoloads modules
- k8s: enables kubernets configurations in the kernel, tools and configuration
- aufs: enables aufs support in docker and linux-yocto
- x11: enable xen and libvirt functionality related to x11
- selinux: enables functionality in libvirt and lxc
- systemd: enable systemd services and unit files (for recipes for support)
- sysvinit: enable sysvinit scripts (for recipes with support)
- seccomp: enable seccomp support for packages that have the capability.
Dependencies
This layer depends on:
URI: git://github.com/openembedded/openembedded-core.git branch: master revision: HEAD prio: default
URI: git://github.com/openembedded/meta-openembedded.git branch: master revision: HEAD layers: meta-oe meta-networking meta-filesystems meta-python
BBFILE_PRIORITY_openembedded-layer = "4"
Required for Xen XSM policy: URI: git://git.yoctoproject.org/meta-selinux branch: master revision: HEAD prio: default
Required for Ceph: URI: git://git.yoctoproject.org/meta-cloud-services branch: master revision: HEAD prio: default
Required for cri-o: URI: git://github.com/advancedtelematic/meta-updater URI: git://git.yoctoproject.org/meta-selinux URI: git://git.yoctoproject.org/meta-security branch: master revision: HEAD prio: default
Community / Colaboration
Repository: https://git.yoctoproject.org/cgit/cgit.cgi/meta-virtualization/ Mailing list: https://lists.yoctoproject.org/g/meta-virtualization IRC: libera.chat #meta-virt channel
Maintenance
Send pull requests, patches, comments or questions to meta-virtualization@lists.yoctoproject.org
Maintainer: Bruce Ashfield bruce.ashfield@gmail.com see MAINTAINERS for more specific information
When sending single patches, please using something like: $ git send-email -1 -M --to meta-virtualization@lists.yoctoproject.org --subject-prefix='meta-virtualization][PATCH'
License
All metadata is MIT licensed unless otherwise stated. Source code included in tree for individual recipes is under the LICENSE stated in each recipe (.bb file) unless otherwise stated.