lxc: upgrade to version 1.1.2

This version has better support for unprivileged containers. Two patches are deleted as they are now included. One new patch is introduced to fix a file not found error at the install build step. Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
author: Jim Somerville <Jim.Somerville@windriver.com> 2015-07-09 09:58:28 -0400
committer: Bruce Ashfield <bruce.ashfield@windriver.com> 2015-07-14 14:32:07 -0400
commit: fb380fd60f31edf9786e1ad82c1e76eefad82697 (patch)
tree: 126edee52d6551362299a5a5382e15c26a862567 /recipes-containers
parent: a89c11a3d89601f6d8499bd7d0f265cf4512d772 (diff)
download: meta-virtualization-fb380fd60f31edf9786e1ad82c1e76eefad82697.tar.gz
4 files changed, 125 insertions, 154 deletions
diff --git a/recipes-containers/lxc/files/Generate-lxc-restore-net-properly.patch b/recipes-containers/lxc/files/Generate-lxc-restore-net-properly.patch
new file mode 100644
index 00000000..5adb730c
--- /dev/null
+++ b/recipes-containers/lxc/files/Generate-lxc-restore-net-properly.patch
@@ -0,0 +1,121 @@
+From e08f3573b3561f1f0490624f7ca95b7ccd8157cb Mon Sep 17 00:00:00 2001
+Message-Id: <e08f3573b3561f1f0490624f7ca95b7ccd8157cb.1435177418.git.Jim.Somerville@windriver.com>
+From: Jim Somerville <Jim.Somerville@windriver.com>
+Date: Wed, 24 Jun 2015 16:16:38 -0400
+Subject: [PATCH 1/1] Generate lxc-restore-net properly
+It's a script that should be run through the configure
+mechanism the same as the others.  We simply rename it
+to have a .in extension and add it to configure.ac .
+Also, by generating the script from a .in file, it gets
+placed into the build directory.  This plays nice with
+build systems that keep the src separate from the build
+directory.  Without this change, the install step won't
+find the lxc-restore-net script as it still just resides
+in the src directory and not in the build directory.
+Upstream-Status: Not applicable.  This script has already
+been rearchitected out of existence by
+cba98d127bf490b018a016b792ae05fd2d29c5ee:
+"c/r: use criu option instead of lxc-restore-net
+As of criu 1.5, the --veth-pair argument supports an additional parameter that
+is the bridge name to attach to. This enables us to get rid of the goofy
+action-script hack that passed bridge names as environment variables.
+This patch is on top of the systemd/lxcfs mount rework patch, as we probably
+want to wait to use 1.5 options until it has been out for a while and is in
+distros.
+Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
+Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>"
+Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
+---
+ configure.ac               |  1 +
+ src/lxc/lxc-restore-net    | 26 --------------------------
+ src/lxc/lxc-restore-net.in | 26 ++++++++++++++++++++++++++
+ 3 files changed, 27 insertions(+), 26 deletions(-)
+ delete mode 100755 src/lxc/lxc-restore-net
+ create mode 100755 src/lxc/lxc-restore-net.in
+diff --git a/configure.ac b/configure.ac
+index 574b2cd..4972803 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -768,6 +768,7 @@ AC_CONFIG_FILES([
+        src/lxc/legacy/lxc-ls
+        src/lxc/lxc.functions
+        src/lxc/version.h
+       src/lxc/lxc-restore-net
+        src/python-lxc/Makefile
+        src/python-lxc/setup.py
+ 
+diff --git a/src/lxc/lxc-restore-net b/src/lxc/lxc-restore-net
+deleted file mode 100755
+index 6ae3c19..0000000
+--- a/src/lxc/lxc-restore-net
+++ /dev/null
+@@ -1,26 +0,0 @@
+-#!/bin/sh
+-
+-set -e
+-
+-i=0
+-while true; do
+-       eval "bridge=\$LXC_CRIU_BRIDGE$i"
+-       eval "veth=\$LXC_CRIU_VETH$i"
+-
+-       if [ -z "$bridge" ] || [ -z "$veth" ]; then
+-               exit 0
+-       fi
+-
+-       if [ "$CRTOOLS_SCRIPT_ACTION" = "network-lock" ]; then
+-               brctl delif $bridge $veth
+-       fi
+-
+-       if [ "$CRTOOLS_SCRIPT_ACTION" = "network-unlock" ]; then
+-               brctl addif $bridge $veth
+-               ip link set dev $veth up
+-       fi
+-
+-       i=$((i+1))
+-done
+-
+-exit 1
+diff --git a/src/lxc/lxc-restore-net.in b/src/lxc/lxc-restore-net.in
+new file mode 100755
+index 0000000..6ae3c19
+--- /dev/null
+++ b/src/lxc/lxc-restore-net.in
+@@ -0,0 +1,26 @@
+#!/bin/sh
+
+set -e
+
+i=0
+while true; do
+       eval "bridge=\$LXC_CRIU_BRIDGE$i"
+       eval "veth=\$LXC_CRIU_VETH$i"
+
+       if [ -z "$bridge" ] || [ -z "$veth" ]; then
+               exit 0
+       fi
+
+       if [ "$CRTOOLS_SCRIPT_ACTION" = "network-lock" ]; then
+               brctl delif $bridge $veth
+       fi
+
+       if [ "$CRTOOLS_SCRIPT_ACTION" = "network-unlock" ]; then
+               brctl addif $bridge $veth
+               ip link set dev $veth up
+       fi
+
+       i=$((i+1))
+done
+
+exit 1
+-- 
+1.8.3.2
diff --git a/recipes-containers/lxc/files/lxc-helper-create-local-action-function.patch b/recipes-containers/lxc/files/lxc-helper-create-local-action-function.patch
deleted file mode 100644
index d1d31eea..00000000
--- a/recipes-containers/lxc/files/lxc-helper-create-local-action-function.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From aada9da49caca9e4a25764df2d2a2c11d9d95dbb Mon Sep 17 00:00:00 2001
-From: Bruce Ashfield <bruce.ashfield@windriver.com>
-Date: Fri, 10 Apr 2015 10:55:49 -0400
-Subject: [PATCH] lxc-helper: create local action() function
-Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
---
- config/init/sysvinit/lxc.in | 14 ++++++++++++++
- 1 file changed, 14 insertions(+)
-diff --git a/config/init/sysvinit/lxc.in b/config/init/sysvinit/lxc.in
-index 19c102e74c86..9f96a4f7496f 100644
--- a/config/init/sysvinit/lxc.in
-+++ b/config/init/sysvinit/lxc.in
-@@ -52,6 +52,20 @@ test ! -r "$sysconfdir"/sysconfig/lxc ||
- # Check for needed utility program
- [ -x "$bindir"/lxc-autostart ] || exit 1
- 
-+action()
-+{
-+    local STRING rc
-+
-+    STRING=$1
-+    echo -n "$STRING "
-+
-+    shift
-+    "$@" && success $"$STRING" || failure $"$STRING"
-+    rc=$?
-+
-+    return $rc
-+}
-+
- # If libvirtd is providing the bridge, it might not be
- # immediately available, so wait a bit for it before starting
- # up the containers or else any that use the bridge will fail
-- 
-2.1.0
diff --git a/recipes-containers/lxc/files/ppc-add-seccomp-support-for-lxc.patch b/recipes-containers/lxc/files/ppc-add-seccomp-support-for-lxc.patch
deleted file mode 100644
index 10555398..00000000
--- a/recipes-containers/lxc/files/ppc-add-seccomp-support-for-lxc.patch
+++ /dev/null
@@ -1,111 +0,0 @@
-From b4067426d58aec9b6cad7a4739793f3d90c5f189 Mon Sep 17 00:00:00 2001
-From: Bogdan Purcareata <bogdan.purcareata@freescale.com>
-Date: Thu, 12 Mar 2015 08:57:47 +0000
-Subject: [PATCH] seccomp: add ppc support
-This patch enables seccomp support for LXC containers running on PowerPC
-architectures. It is based on the latest PowerPC support added to libseccomp, on
-the working-ppc64 branch [1].
-Libseccomp has been tested on ppc, ppc64 and ppc64le architectures. LXC with
-seccomp support has been tested on ppc and ppc64 architectures, using the
-default seccomp policy example files delivered with the LXC package.
-[1] https://github.com/seccomp/libseccomp/commits/working-ppc64
-v2:
- add #ifdefs in get_new_ctx to fix builds on systems not having SCMP_ARCH_PPC*
-  defined
-Upstream-Status: Applied
-[https://github.com/lxc/lxc/commit/b4067426d58aec9b6cad7a4739793f3d90c5f189]
-Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
-Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
---
- src/lxc/seccomp.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 48 insertions(+)
-diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
-index 3ba6c9a..108faa0 100644
--- a/src/lxc/seccomp.c
-+++ b/src/lxc/seccomp.c
-@@ -121,6 +121,9 @@ enum lxc_hostarch_t {
-        lxc_seccomp_arch_i386,
-        lxc_seccomp_arch_amd64,
-        lxc_seccomp_arch_arm,
-+       lxc_seccomp_arch_ppc64,
-+       lxc_seccomp_arch_ppc64le,
-+       lxc_seccomp_arch_ppc,
-        lxc_seccomp_arch_unknown = 999,
- };
-@@ -137,6 +140,12 @@ int get_hostarch(void)
-                return lxc_seccomp_arch_amd64;
-        else if (strncmp(uts.machine, "armv7", 5) == 0)
-                return lxc_seccomp_arch_arm;
-+       else if (strncmp(uts.machine, "ppc64le", 7) == 0)
-+               return lxc_seccomp_arch_ppc64le;
-+       else if (strncmp(uts.machine, "ppc64", 5) == 0)
-+               return lxc_seccomp_arch_ppc64;
-+       else if (strncmp(uts.machine, "ppc", 3) == 0)
-+               return lxc_seccomp_arch_ppc;
-        return lxc_seccomp_arch_unknown;
- }
-@@ -150,6 +159,15 @@ scmp_filter_ctx get_new_ctx(enum lxc_hostarch_t n_arch, uint32_t default_policy_
-        case lxc_seccomp_arch_i386: arch = SCMP_ARCH_X86; break;
-        case lxc_seccomp_arch_amd64: arch = SCMP_ARCH_X86_64; break;
-        case lxc_seccomp_arch_arm: arch = SCMP_ARCH_ARM; break;
-+#ifdef SCMP_ARCH_PPC64LE
-+       case lxc_seccomp_arch_ppc64le: arch = SCMP_ARCH_PPC64LE; break;
-+#endif
-+#ifdef SCMP_ARCH_PPC64
-+       case lxc_seccomp_arch_ppc64: arch = SCMP_ARCH_PPC64; break;
-+#endif
-+#ifdef SCMP_ARCH_PPC
-+       case lxc_seccomp_arch_ppc: arch = SCMP_ARCH_PPC; break;
-+#endif
-        default: return NULL;
-        }
-@@ -343,6 +361,36 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
-                                cur_rule_arch = lxc_seccomp_arch_arm;
-                        }
- #endif
-+#ifdef SCMP_ARCH_PPC64LE
-+                       else if (strcmp(line, "[ppc64le]") == 0 ||
-+                                       strcmp(line, "[PPC64LE]") == 0) {
-+                               if (native_arch != lxc_seccomp_arch_ppc64le) {
-+                                       cur_rule_arch = lxc_seccomp_arch_unknown;
-+                                       continue;
-+                               }
-+                               cur_rule_arch = lxc_seccomp_arch_ppc64le;
-+                       }
-+#endif
-+#ifdef SCMP_ARCH_PPC64
-+                       else if (strcmp(line, "[ppc64]") == 0 ||
-+                                       strcmp(line, "[PPC64]") == 0) {
-+                               if (native_arch != lxc_seccomp_arch_ppc64) {
-+                                       cur_rule_arch = lxc_seccomp_arch_unknown;
-+                                       continue;
-+                               }
-+                               cur_rule_arch = lxc_seccomp_arch_ppc64;
-+                       }
-+#endif
-+#ifdef SCMP_ARCH_PPC
-+                       else if (strcmp(line, "[ppc]") == 0 ||
-+                                       strcmp(line, "[PPC]") == 0) {
-+                               if (native_arch != lxc_seccomp_arch_ppc) {
-+                                       cur_rule_arch = lxc_seccomp_arch_unknown;
-+                                       continue;
-+                               }
-+                               cur_rule_arch = lxc_seccomp_arch_ppc;
-+                       }
-+#endif
-                        else
-                                goto bad_arch;
--
-2.1.4
diff --git a/recipes-containers/lxc/lxc_1.0.7.bb b/recipes-containers/lxc/lxc_1.1.2.bb
index faa31b7d..77d226b3 100644
--- a/recipes-containers/lxc/lxc_1.0.7.bb
+++ b/recipes-containers/lxc/lxc_1.1.2.bb
@@ -27,17 +27,16 @@ SRC_URI = "http://linuxcontainers.org/downloads/${BPN}-${PV}.tar.gz \
        file://run-ptest \
        file://automake-ensure-VPATH-builds-correctly.patch \
        file://add-lxc.rebootsignal.patch \
-        file://lxc-helper-create-local-action-function.patch \
        file://document-lxc.rebootsignal.patch \
        file://lxc-busybox-use-lxc.rebootsignal-SIGTERM.patch \
-        file://ppc-add-seccomp-support-for-lxc.patch \
        file://lxc-fix-B-S.patch \
        file://lxc-busybox-add-OpenSSH-support.patch \
        file://make-some-OpenSSH-tools-optional.patch \
+        file://Generate-lxc-restore-net-properly.patch \
        "
-SRC_URI[md5sum] = "b48f468a9bef0e4e140dd723f0a65ad0"
+SRC_URI[md5sum] = "3ebadacf5fe8bfe689fd7a09812b682c"
-SRC_URI[sha256sum] = "3c0cb2d95d9d8a8d59c7189d237a45cde77f38ea180fbff2c148d59e176e9dab"
+SRC_URI[sha256sum] = "34ba517ffd7b38a14e5d12d56a4928b78602d56311d5f47c3ef90f4e714b9604"
 S = "${WORKDIR}/${BPN}-${PV}"
@@ -98,7 +97,7 @@ do_install_append() {
        if ${@base_contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then
            install -d ${D}${sysconfdir}/init.d
-            cp ${S}/config/init/sysvinit/lxc ${D}${sysconfdir}/init.d
+            install -m 755 config/init/sysvinit/lxc* ${D}${sysconfdir}/init.d
        fi
 }
author	Jim Somerville <Jim.Somerville@windriver.com>	2015-07-09 09:58:28 -0400
committer	Bruce Ashfield <bruce.ashfield@windriver.com>	2015-07-14 14:32:07 -0400
commit	fb380fd60f31edf9786e1ad82c1e76eefad82697 (patch)
tree	126edee52d6551362299a5a5382e15c26a862567 /recipes-containers
parent	a89c11a3d89601f6d8499bd7d0f265cf4512d772 (diff)
download	meta-virtualization-fb380fd60f31edf9786e1ad82c1e76eefad82697.tar.gz

diff --git a/recipes-containers/lxc/files/Generate-lxc-restore-net-properly.patch b/recipes-containers/lxc/files/Generate-lxc-restore-net-properly.patch new file mode 100644 index 00000000..5adb730c --- /dev/null +++ b/recipes-containers/lxc/files/Generate-lxc-restore-net-properly.patch
@@ -0,0 +1,121 @@
		1	From e08f3573b3561f1f0490624f7ca95b7ccd8157cb Mon Sep 17 00:00:00 2001
		2	Message-Id: <e08f3573b3561f1f0490624f7ca95b7ccd8157cb.1435177418.git.Jim.Somerville@windriver.com>
		3	From: Jim Somerville <Jim.Somerville@windriver.com>
		4	Date: Wed, 24 Jun 2015 16:16:38 -0400
		5	Subject: [PATCH 1/1] Generate lxc-restore-net properly
		6
		7	It's a script that should be run through the configure
		8	mechanism the same as the others. We simply rename it
		9	to have a .in extension and add it to configure.ac .
		10
		11	Also, by generating the script from a .in file, it gets
		12	placed into the build directory. This plays nice with
		13	build systems that keep the src separate from the build
		14	directory. Without this change, the install step won't
		15	find the lxc-restore-net script as it still just resides
		16	in the src directory and not in the build directory.
		17
		18	Upstream-Status: Not applicable. This script has already
		19	been rearchitected out of existence by
		20	cba98d127bf490b018a016b792ae05fd2d29c5ee:
		21	"c/r: use criu option instead of lxc-restore-net
		22
		23	As of criu 1.5, the --veth-pair argument supports an additional parameter that
		24	is the bridge name to attach to. This enables us to get rid of the goofy
		25	action-script hack that passed bridge names as environment variables.
		26
		27	This patch is on top of the systemd/lxcfs mount rework patch, as we probably
		28	want to wait to use 1.5 options until it has been out for a while and is in
		29	distros.
		30
		31	Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
		32	Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>"
		33
		34	Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
		35	---
		36	configure.ac \| 1 +
		37	src/lxc/lxc-restore-net \| 26 --------------------------
		38	src/lxc/lxc-restore-net.in \| 26 ++++++++++++++++++++++++++
		39	3 files changed, 27 insertions(+), 26 deletions(-)
		40	delete mode 100755 src/lxc/lxc-restore-net
		41	create mode 100755 src/lxc/lxc-restore-net.in
		42
		43	diff --git a/configure.ac b/configure.ac
		44	index 574b2cd..4972803 100644
		45	--- a/configure.ac
		46	+++ b/configure.ac
		47	@@ -768,6 +768,7 @@ AC_CONFIG_FILES([
		48	src/lxc/legacy/lxc-ls
		49	src/lxc/lxc.functions
		50	src/lxc/version.h
		51	+ src/lxc/lxc-restore-net
		52	src/python-lxc/Makefile
		53	src/python-lxc/setup.py
		54
		55	diff --git a/src/lxc/lxc-restore-net b/src/lxc/lxc-restore-net
		56	deleted file mode 100755
		57	index 6ae3c19..0000000
		58	--- a/src/lxc/lxc-restore-net
		59	+++ /dev/null
		60	@@ -1,26 +0,0 @@
		61	-#!/bin/sh
		62	-
		63	-set -e
		64	-
		65	-i=0
		66	-while true; do
		67	- eval "bridge=\$LXC_CRIU_BRIDGE$i"
		68	- eval "veth=\$LXC_CRIU_VETH$i"
		69	-
		70	- if [ -z "$bridge" ] \|\| [ -z "$veth" ]; then
		71	- exit 0
		72	- fi
		73	-
		74	- if [ "$CRTOOLS_SCRIPT_ACTION" = "network-lock" ]; then
		75	- brctl delif $bridge $veth
		76	- fi
		77	-
		78	- if [ "$CRTOOLS_SCRIPT_ACTION" = "network-unlock" ]; then
		79	- brctl addif $bridge $veth
		80	- ip link set dev $veth up
		81	- fi
		82	-
		83	- i=$((i+1))
		84	-done
		85	-
		86	-exit 1
		87	diff --git a/src/lxc/lxc-restore-net.in b/src/lxc/lxc-restore-net.in
		88	new file mode 100755
		89	index 0000000..6ae3c19
		90	--- /dev/null
		91	+++ b/src/lxc/lxc-restore-net.in
		92	@@ -0,0 +1,26 @@
		93	+#!/bin/sh
		94	+
		95	+set -e
		96	+
		97	+i=0
		98	+while true; do
		99	+ eval "bridge=\$LXC_CRIU_BRIDGE$i"
		100	+ eval "veth=\$LXC_CRIU_VETH$i"
		101	+
		102	+ if [ -z "$bridge" ] \|\| [ -z "$veth" ]; then
		103	+ exit 0
		104	+ fi
		105	+
		106	+ if [ "$CRTOOLS_SCRIPT_ACTION" = "network-lock" ]; then
		107	+ brctl delif $bridge $veth
		108	+ fi
		109	+
		110	+ if [ "$CRTOOLS_SCRIPT_ACTION" = "network-unlock" ]; then
		111	+ brctl addif $bridge $veth
		112	+ ip link set dev $veth up
		113	+ fi
		114	+
		115	+ i=$((i+1))
		116	+done
		117	+
		118	+exit 1
		119	--
		120	1.8.3.2
		121


diff --git a/recipes-containers/lxc/files/lxc-helper-create-local-action-function.patch b/recipes-containers/lxc/files/lxc-helper-create-local-action-function.patch deleted file mode 100644 index d1d31eea..00000000 --- a/recipes-containers/lxc/files/lxc-helper-create-local-action-function.patch +++ /dev/null
@@ -1,38 +0,0 @@
1	From aada9da49caca9e4a25764df2d2a2c11d9d95dbb Mon Sep 17 00:00:00 2001
2	From: Bruce Ashfield <bruce.ashfield@windriver.com>
3	Date: Fri, 10 Apr 2015 10:55:49 -0400
4	Subject: [PATCH] lxc-helper: create local action() function
5
6	Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
7	---
8	config/init/sysvinit/lxc.in \| 14 ++++++++++++++
9	1 file changed, 14 insertions(+)
10
11	diff --git a/config/init/sysvinit/lxc.in b/config/init/sysvinit/lxc.in
12	index 19c102e74c86..9f96a4f7496f 100644
13	--- a/config/init/sysvinit/lxc.in
14	+++ b/config/init/sysvinit/lxc.in
15	@@ -52,6 +52,20 @@ test ! -r "$sysconfdir"/sysconfig/lxc \|\|
16	# Check for needed utility program
17	[ -x "$bindir"/lxc-autostart ] \|\| exit 1
18
19	+action()
20	+{
21	+ local STRING rc
22	+
23	+ STRING=$1
24	+ echo -n "$STRING "
25	+
26	+ shift
27	+ "$@" && success $"$STRING" \|\| failure $"$STRING"
28	+ rc=$?
29	+
30	+ return $rc
31	+}
32	+
33	# If libvirtd is providing the bridge, it might not be
34	# immediately available, so wait a bit for it before starting
35	# up the containers or else any that use the bridge will fail
36	--
37	2.1.0
38


diff --git a/recipes-containers/lxc/files/ppc-add-seccomp-support-for-lxc.patch b/recipes-containers/lxc/files/ppc-add-seccomp-support-for-lxc.patch deleted file mode 100644 index 10555398..00000000 --- a/recipes-containers/lxc/files/ppc-add-seccomp-support-for-lxc.patch +++ /dev/null
@@ -1,111 +0,0 @@
1	From b4067426d58aec9b6cad7a4739793f3d90c5f189 Mon Sep 17 00:00:00 2001
2	From: Bogdan Purcareata <bogdan.purcareata@freescale.com>
3	Date: Thu, 12 Mar 2015 08:57:47 +0000
4	Subject: [PATCH] seccomp: add ppc support
5
6	This patch enables seccomp support for LXC containers running on PowerPC
7	architectures. It is based on the latest PowerPC support added to libseccomp, on
8	the working-ppc64 branch [1].
9
10	Libseccomp has been tested on ppc, ppc64 and ppc64le architectures. LXC with
11	seccomp support has been tested on ppc and ppc64 architectures, using the
12	default seccomp policy example files delivered with the LXC package.
13
14	[1] https://github.com/seccomp/libseccomp/commits/working-ppc64
15
16	v2:
17	- add #ifdefs in get_new_ctx to fix builds on systems not having SCMP_ARCH_PPC*
18	defined
19
20	Upstream-Status: Applied
21	[https://github.com/lxc/lxc/commit/b4067426d58aec9b6cad7a4739793f3d90c5f189]
22
23	Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
24	Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
25	---
26	src/lxc/seccomp.c \| 48 ++++++++++++++++++++++++++++++++++++++++++++++++
27	1 file changed, 48 insertions(+)
28
29	diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
30	index 3ba6c9a..108faa0 100644
31	--- a/src/lxc/seccomp.c
32	+++ b/src/lxc/seccomp.c
33	@@ -121,6 +121,9 @@ enum lxc_hostarch_t {
34	lxc_seccomp_arch_i386,
35	lxc_seccomp_arch_amd64,
36	lxc_seccomp_arch_arm,
37	+ lxc_seccomp_arch_ppc64,
38	+ lxc_seccomp_arch_ppc64le,
39	+ lxc_seccomp_arch_ppc,
40	lxc_seccomp_arch_unknown = 999,
41	};
42
43	@@ -137,6 +140,12 @@ int get_hostarch(void)
44	return lxc_seccomp_arch_amd64;
45	else if (strncmp(uts.machine, "armv7", 5) == 0)
46	return lxc_seccomp_arch_arm;
47	+ else if (strncmp(uts.machine, "ppc64le", 7) == 0)
48	+ return lxc_seccomp_arch_ppc64le;
49	+ else if (strncmp(uts.machine, "ppc64", 5) == 0)
50	+ return lxc_seccomp_arch_ppc64;
51	+ else if (strncmp(uts.machine, "ppc", 3) == 0)
52	+ return lxc_seccomp_arch_ppc;
53	return lxc_seccomp_arch_unknown;
54	}
55
56	@@ -150,6 +159,15 @@ scmp_filter_ctx get_new_ctx(enum lxc_hostarch_t n_arch, uint32_t default_policy_
57	case lxc_seccomp_arch_i386: arch = SCMP_ARCH_X86; break;
58	case lxc_seccomp_arch_amd64: arch = SCMP_ARCH_X86_64; break;
59	case lxc_seccomp_arch_arm: arch = SCMP_ARCH_ARM; break;
60	+#ifdef SCMP_ARCH_PPC64LE
61	+ case lxc_seccomp_arch_ppc64le: arch = SCMP_ARCH_PPC64LE; break;
62	+#endif
63	+#ifdef SCMP_ARCH_PPC64
64	+ case lxc_seccomp_arch_ppc64: arch = SCMP_ARCH_PPC64; break;
65	+#endif
66	+#ifdef SCMP_ARCH_PPC
67	+ case lxc_seccomp_arch_ppc: arch = SCMP_ARCH_PPC; break;
68	+#endif
69	default: return NULL;
70	}
71
72	@@ -343,6 +361,36 @@ static int parse_config_v2(FILE f, char line, struct lxc_conf *conf)
73	cur_rule_arch = lxc_seccomp_arch_arm;
74	}
75	#endif
76	+#ifdef SCMP_ARCH_PPC64LE
77	+ else if (strcmp(line, "[ppc64le]") == 0 \|\|
78	+ strcmp(line, "[PPC64LE]") == 0) {
79	+ if (native_arch != lxc_seccomp_arch_ppc64le) {
80	+ cur_rule_arch = lxc_seccomp_arch_unknown;
81	+ continue;
82	+ }
83	+ cur_rule_arch = lxc_seccomp_arch_ppc64le;
84	+ }
85	+#endif
86	+#ifdef SCMP_ARCH_PPC64
87	+ else if (strcmp(line, "[ppc64]") == 0 \|\|
88	+ strcmp(line, "[PPC64]") == 0) {
89	+ if (native_arch != lxc_seccomp_arch_ppc64) {
90	+ cur_rule_arch = lxc_seccomp_arch_unknown;
91	+ continue;
92	+ }
93	+ cur_rule_arch = lxc_seccomp_arch_ppc64;
94	+ }
95	+#endif
96	+#ifdef SCMP_ARCH_PPC
97	+ else if (strcmp(line, "[ppc]") == 0 \|\|
98	+ strcmp(line, "[PPC]") == 0) {
99	+ if (native_arch != lxc_seccomp_arch_ppc) {
100	+ cur_rule_arch = lxc_seccomp_arch_unknown;
101	+ continue;
102	+ }
103	+ cur_rule_arch = lxc_seccomp_arch_ppc;
104	+ }
105	+#endif
106	else
107	goto bad_arch;
108
109	--
110	2.1.4
111


diff --git a/recipes-containers/lxc/lxc_1.0.7.bb b/recipes-containers/lxc/lxc_1.1.2.bb index faa31b7d..77d226b3 100644 --- a/recipes-containers/lxc/lxc_1.0.7.bb +++ b/recipes-containers/lxc/lxc_1.1.2.bb
@@ -27,17 +27,16 @@ SRC_URI = "http://linuxcontainers.org/downloads/${BPN}-${PV}.tar.gz \
27	file://run-ptest \	27	file://run-ptest \
28	file://automake-ensure-VPATH-builds-correctly.patch \	28	file://automake-ensure-VPATH-builds-correctly.patch \
29	file://add-lxc.rebootsignal.patch \	29	file://add-lxc.rebootsignal.patch \
30	file://lxc-helper-create-local-action-function.patch \
31	file://document-lxc.rebootsignal.patch \	30	file://document-lxc.rebootsignal.patch \
32	file://lxc-busybox-use-lxc.rebootsignal-SIGTERM.patch \	31	file://lxc-busybox-use-lxc.rebootsignal-SIGTERM.patch \
33	file://ppc-add-seccomp-support-for-lxc.patch \
34	file://lxc-fix-B-S.patch \	32	file://lxc-fix-B-S.patch \
35	file://lxc-busybox-add-OpenSSH-support.patch \	33	file://lxc-busybox-add-OpenSSH-support.patch \
36	file://make-some-OpenSSH-tools-optional.patch \	34	file://make-some-OpenSSH-tools-optional.patch \
		35	file://Generate-lxc-restore-net-properly.patch \
37	"	36	"
38		37
39	SRC_URI[md5sum] = "b48f468a9bef0e4e140dd723f0a65ad0"	38	SRC_URI[md5sum] = "3ebadacf5fe8bfe689fd7a09812b682c"
40	SRC_URI[sha256sum] = "3c0cb2d95d9d8a8d59c7189d237a45cde77f38ea180fbff2c148d59e176e9dab"	39	SRC_URI[sha256sum] = "34ba517ffd7b38a14e5d12d56a4928b78602d56311d5f47c3ef90f4e714b9604"
41		40
42	S = "${WORKDIR}/${BPN}-${PV}"	41	S = "${WORKDIR}/${BPN}-${PV}"
43		42
@@ -98,7 +97,7 @@ do_install_append() {
98		97
99	if ${@base_contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then	98	if ${@base_contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then
100	install -d ${D}${sysconfdir}/init.d	99	install -d ${D}${sysconfdir}/init.d
101	cp ${S}/config/init/sysvinit/lxc ${D}${sysconfdir}/init.d	100	install -m 755 config/init/sysvinit/lxc* ${D}${sysconfdir}/init.d
102	fi	101	fi
103	}	102	}
104		103