diff options
Diffstat (limited to 'recipes-containers')
-rw-r--r-- | recipes-containers/lxc/files/commands-fix-check-for-seccomp-notify-support.patch | 44 | ||||
-rw-r--r-- | recipes-containers/lxc/files/configure-skip-libseccomp-tests-if-it-is-disabled.patch | 53 | ||||
-rw-r--r-- | recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch | 54 | ||||
-rw-r--r-- | recipes-containers/lxc/lxc_4.0.9.bb (renamed from recipes-containers/lxc/lxc_4.0.6.bb) | 6 |
4 files changed, 29 insertions, 128 deletions
diff --git a/recipes-containers/lxc/files/commands-fix-check-for-seccomp-notify-support.patch b/recipes-containers/lxc/files/commands-fix-check-for-seccomp-notify-support.patch deleted file mode 100644 index 391af381..00000000 --- a/recipes-containers/lxc/files/commands-fix-check-for-seccomp-notify-support.patch +++ /dev/null | |||
@@ -1,44 +0,0 @@ | |||
1 | From a342b11fedb3010630de4909ca707ebdc0862060 Mon Sep 17 00:00:00 2001 | ||
2 | From: Eneas U de Queiroz <cotequeiroz@gmail.com> | ||
3 | Date: Fri, 25 Dec 2020 13:54:14 -0300 | ||
4 | Subject: [PATCH] commands: fix check for seccomp notify support | ||
5 | |||
6 | Use HAVE_SECCOMP_NOTIFY instead of HAVE_DECL_SECCOMP_NOTIFY_FD. | ||
7 | Currently the latter will be true if the declaration is found by | ||
8 | configure, even if 'configure --disable-seccomp' is used. | ||
9 | |||
10 | HAVE_SECCOMP_NOTIFY is defined in lxcseccomp.h if both HAVE_SECCOMP and | ||
11 | HAVE_DECL_SECCOMP_NOTIFY_FD are true, which is the correct behavior. | ||
12 | |||
13 | Upstream-status: submitted https://github.com/lxc/lxc/pull/3623 | ||
14 | |||
15 | Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> | ||
16 | --- | ||
17 | src/lxc/commands.c | 4 ++-- | ||
18 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
19 | |||
20 | diff --git a/src/lxc/commands.c b/src/lxc/commands.c | ||
21 | index a9a03ca2c..37d1abcef 100644 | ||
22 | --- a/src/lxc/commands.c | ||
23 | +++ b/src/lxc/commands.c | ||
24 | @@ -501,7 +501,7 @@ static int lxc_cmd_get_devpts_fd_callback(int fd, struct lxc_cmd_req *req, | ||
25 | |||
26 | int lxc_cmd_get_seccomp_notify_fd(const char *name, const char *lxcpath) | ||
27 | { | ||
28 | -#if HAVE_DECL_SECCOMP_NOTIFY_FD | ||
29 | +#ifdef HAVE_SECCOMP_NOTIFY | ||
30 | int ret, stopped; | ||
31 | struct lxc_cmd_rr cmd = { | ||
32 | .req = { | ||
33 | @@ -526,7 +526,7 @@ static int lxc_cmd_get_seccomp_notify_fd_callback(int fd, struct lxc_cmd_req *re | ||
34 | struct lxc_handler *handler, | ||
35 | struct lxc_epoll_descr *descr) | ||
36 | { | ||
37 | -#if HAVE_DECL_SECCOMP_NOTIFY_FD | ||
38 | +#ifdef HAVE_SECCOMP_NOTIFY | ||
39 | struct lxc_cmd_rsp rsp = { | ||
40 | .ret = 0, | ||
41 | }; | ||
42 | -- | ||
43 | 2.17.1 | ||
44 | |||
diff --git a/recipes-containers/lxc/files/configure-skip-libseccomp-tests-if-it-is-disabled.patch b/recipes-containers/lxc/files/configure-skip-libseccomp-tests-if-it-is-disabled.patch deleted file mode 100644 index 43c91bab..00000000 --- a/recipes-containers/lxc/files/configure-skip-libseccomp-tests-if-it-is-disabled.patch +++ /dev/null | |||
@@ -1,53 +0,0 @@ | |||
1 | From 67cd8bde2d46983df8fa9f647e9fc0b96370ec29 Mon Sep 17 00:00:00 2001 | ||
2 | From: Eneas U de Queiroz <cotequeiroz@gmail.com> | ||
3 | Date: Sat, 16 Jan 2021 13:54:07 -0300 | ||
4 | Subject: [PATCH] configure: skip libseccomp tests if it is disabled | ||
5 | |||
6 | Move the block checking for libseccomp api compatibility inside | ||
7 | AM_COND_IF([ENABLE_SECCOMP] ... ). | ||
8 | |||
9 | Upstream-Status: submitted [https://github.com/lxc/lxc/pull/3623] | ||
10 | |||
11 | Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> | ||
12 | --- | ||
13 | configure.ac | 17 ++++++++--------- | ||
14 | 1 file changed, 8 insertions(+), 9 deletions(-) | ||
15 | |||
16 | diff --git a/configure.ac b/configure.ac | ||
17 | index f58487f5d..ce6363136 100644 | ||
18 | --- a/configure.ac | ||
19 | +++ b/configure.ac | ||
20 | @@ -312,6 +312,14 @@ AM_COND_IF([ENABLE_SECCOMP], | ||
21 | AC_CHECK_LIB([seccomp], [seccomp_init],[],[AC_MSG_ERROR([You must install the seccomp development package in order to compile lxc])]) | ||
22 | AC_SUBST([SECCOMP_LIBS], [-lseccomp]) | ||
23 | ]) | ||
24 | + # HAVE_SCMP_FILTER_CTX=1 will tell us we have libseccomp api >= 1.0.0 | ||
25 | + OLD_CFLAGS="$CFLAGS" | ||
26 | + CFLAGS="$CFLAGS $SECCOMP_CFLAGS" | ||
27 | + AC_CHECK_TYPES([scmp_filter_ctx], [], [], [[#include <seccomp.h>]]) | ||
28 | + AC_CHECK_DECLS([seccomp_notify_fd], [], [], [[#include <seccomp.h>]]) | ||
29 | + AC_CHECK_TYPES([struct seccomp_notif_sizes], [], [], [[#include <seccomp.h>]]) | ||
30 | + AC_CHECK_DECLS([seccomp_syscall_resolve_name_arch], [], [], [[#include <seccomp.h>]]) | ||
31 | + CFLAGS="$OLD_CFLAGS" | ||
32 | ]) | ||
33 | |||
34 | AC_MSG_CHECKING(for static libcap) | ||
35 | @@ -359,15 +367,6 @@ AM_COND_IF([ENABLE_CAP], | ||
36 | AC_CHECK_LIB(cap,cap_get_file, AC_DEFINE(LIBCAP_SUPPORTS_FILE_CAPABILITIES,1,[Have cap_get_file]),[],[]) | ||
37 | AC_SUBST([CAP_LIBS], [-lcap])]) | ||
38 | |||
39 | -# HAVE_SCMP_FILTER_CTX=1 will tell us we have libseccomp api >= 1.0.0 | ||
40 | -OLD_CFLAGS="$CFLAGS" | ||
41 | -CFLAGS="$CFLAGS $SECCOMP_CFLAGS" | ||
42 | -AC_CHECK_TYPES([scmp_filter_ctx], [], [], [[#include <seccomp.h>]]) | ||
43 | -AC_CHECK_DECLS([seccomp_notify_fd], [], [], [[#include <seccomp.h>]]) | ||
44 | -AC_CHECK_TYPES([struct seccomp_notif_sizes], [], [], [[#include <seccomp.h>]]) | ||
45 | -AC_CHECK_DECLS([seccomp_syscall_resolve_name_arch], [], [], [[#include <seccomp.h>]]) | ||
46 | -CFLAGS="$OLD_CFLAGS" | ||
47 | - | ||
48 | AC_CHECK_HEADERS([linux/bpf.h], [ | ||
49 | AC_CHECK_TYPES([struct bpf_cgroup_dev_ctx], [], [], [[#include <linux/bpf.h>]]) | ||
50 | ], [], []) | ||
51 | -- | ||
52 | 2.17.1 | ||
53 | |||
diff --git a/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch b/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch index 8caeb2ba..f335e796 100644 --- a/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch +++ b/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch | |||
@@ -18,11 +18,11 @@ Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> | |||
18 | src/tests/lxc-test-usernic.in | 2 +- | 18 | src/tests/lxc-test-usernic.in | 2 +- |
19 | 5 files changed, 5 insertions(+), 5 deletions(-) | 19 | 5 files changed, 5 insertions(+), 5 deletions(-) |
20 | 20 | ||
21 | diff --git a/src/tests/lxc-test-apparmor-mount b/src/tests/lxc-test-apparmor-mount | 21 | Index: lxc-4.0.9/src/tests/lxc-test-apparmor-mount |
22 | index d21c948..9e1969b 100755 | 22 | =================================================================== |
23 | --- a/src/tests/lxc-test-apparmor-mount | 23 | --- lxc-4.0.9.orig/src/tests/lxc-test-apparmor-mount |
24 | +++ b/src/tests/lxc-test-apparmor-mount | 24 | +++ lxc-4.0.9/src/tests/lxc-test-apparmor-mount |
25 | @@ -169,7 +169,7 @@ if [ -f /etc/lsb-release ]; then | 25 | @@ -170,7 +170,7 @@ |
26 | done | 26 | done |
27 | fi | 27 | fi |
28 | 28 | ||
@@ -31,11 +31,11 @@ index d21c948..9e1969b 100755 | |||
31 | 31 | ||
32 | echo "test default confined container" | 32 | echo "test default confined container" |
33 | run_cmd lxc-start -n $cname -d -lDEBUG -o "$logfile" | 33 | run_cmd lxc-start -n $cname -d -lDEBUG -o "$logfile" |
34 | diff --git a/src/tests/lxc-test-autostart b/src/tests/lxc-test-autostart | 34 | Index: lxc-4.0.9/src/tests/lxc-test-autostart |
35 | index e5b651b..d15b79b 100755 | 35 | =================================================================== |
36 | --- a/src/tests/lxc-test-autostart | 36 | --- lxc-4.0.9.orig/src/tests/lxc-test-autostart |
37 | +++ b/src/tests/lxc-test-autostart | 37 | +++ lxc-4.0.9/src/tests/lxc-test-autostart |
38 | @@ -55,7 +55,7 @@ if [ -f /etc/lsb-release ]; then | 38 | @@ -55,7 +55,7 @@ |
39 | done | 39 | done |
40 | fi | 40 | fi |
41 | 41 | ||
@@ -44,11 +44,11 @@ index e5b651b..d15b79b 100755 | |||
44 | CONTAINER_PATH=$(dirname $(lxc-info -n $CONTAINER_NAME -c lxc.rootfs.path -H) | sed -e 's/dir://') | 44 | CONTAINER_PATH=$(dirname $(lxc-info -n $CONTAINER_NAME -c lxc.rootfs.path -H) | sed -e 's/dir://') |
45 | cp $CONTAINER_PATH/config $CONTAINER_PATH/config.bak | 45 | cp $CONTAINER_PATH/config $CONTAINER_PATH/config.bak |
46 | 46 | ||
47 | diff --git a/src/tests/lxc-test-no-new-privs b/src/tests/lxc-test-no-new-privs | 47 | Index: lxc-4.0.9/src/tests/lxc-test-no-new-privs |
48 | index 8642992..e72bdf0 100755 | 48 | =================================================================== |
49 | --- a/src/tests/lxc-test-no-new-privs | 49 | --- lxc-4.0.9.orig/src/tests/lxc-test-no-new-privs |
50 | +++ b/src/tests/lxc-test-no-new-privs | 50 | +++ lxc-4.0.9/src/tests/lxc-test-no-new-privs |
51 | @@ -47,7 +47,7 @@ if type dpkg >/dev/null 2>&1; then | 51 | @@ -49,7 +49,7 @@ |
52 | ARCH=$(dpkg --print-architecture) | 52 | ARCH=$(dpkg --print-architecture) |
53 | fi | 53 | fi |
54 | 54 | ||
@@ -57,24 +57,24 @@ index 8642992..e72bdf0 100755 | |||
57 | echo "lxc.no_new_privs = 1" >> /var/lib/lxc/c1/config | 57 | echo "lxc.no_new_privs = 1" >> /var/lib/lxc/c1/config |
58 | 58 | ||
59 | lxc-start -n c1 | 59 | lxc-start -n c1 |
60 | diff --git a/src/tests/lxc-test-unpriv b/src/tests/lxc-test-unpriv | 60 | Index: lxc-4.0.9/src/tests/lxc-test-unpriv |
61 | index 16ff12d..0958d48 100755 | 61 | =================================================================== |
62 | --- a/src/tests/lxc-test-unpriv | 62 | --- lxc-4.0.9.orig/src/tests/lxc-test-unpriv |
63 | +++ b/src/tests/lxc-test-unpriv | 63 | +++ lxc-4.0.9/src/tests/lxc-test-unpriv |
64 | @@ -173,7 +173,7 @@ run_cmd mkdir -p $HDIR/.cache/lxc | 64 | @@ -178,7 +178,7 @@ |
65 | cp -R /var/cache/lxc/download $HDIR/.cache/lxc && \ | 65 | cp -R /var/cache/lxc/download $HDIR/.cache/lxc && \ |
66 | chown -R $TUSER: $HDIR/.cache/lxc | 66 | chown -R $TUSER: $HDIR/.cache/lxc |
67 | 67 | ||
68 | -run_cmd lxc-create -t download -n c1 -- -d ubuntu -r $release -a $ARCH | 68 | -run_cmd lxc-create -t download -n c1 -l trace -o "${UNPRIV_LOG}" -- -d ubuntu -r $release -a $ARCH |
69 | +run_cmd lxc-create -t download -n c1 -- --no-validate -d ubuntu -r $release -a $ARCH | 69 | +run_cmd lxc-create -t download -n c1 -l trace -o "${UNPRIV_LOG}" -- --no-validate -d ubuntu -r $release -a $ARCH |
70 | 70 | ||
71 | # Make sure we can start it - twice | 71 | # Make sure we can start it - twice |
72 | 72 | ||
73 | diff --git a/src/tests/lxc-test-usernic.in b/src/tests/lxc-test-usernic.in | 73 | Index: lxc-4.0.9/src/tests/lxc-test-usernic.in |
74 | index 3e35008..f489286 100755 | 74 | =================================================================== |
75 | --- a/src/tests/lxc-test-usernic.in | 75 | --- lxc-4.0.9.orig/src/tests/lxc-test-usernic.in |
76 | +++ b/src/tests/lxc-test-usernic.in | 76 | +++ lxc-4.0.9/src/tests/lxc-test-usernic.in |
77 | @@ -146,7 +146,7 @@ if [ -f /etc/lsb-release ]; then | 77 | @@ -147,7 +147,7 @@ |
78 | fi | 78 | fi |
79 | 79 | ||
80 | # Create three containers | 80 | # Create three containers |
diff --git a/recipes-containers/lxc/lxc_4.0.6.bb b/recipes-containers/lxc/lxc_4.0.9.bb index c9bf3d09..79072915 100644 --- a/recipes-containers/lxc/lxc_4.0.6.bb +++ b/recipes-containers/lxc/lxc_4.0.9.bb | |||
@@ -49,12 +49,10 @@ SRC_URI = "http://linuxcontainers.org/downloads/${BPN}/${BPN}-${PV}.tar.gz \ | |||
49 | file://tests-add-no-validate-when-using-download-template.patch \ | 49 | file://tests-add-no-validate-when-using-download-template.patch \ |
50 | file://dnsmasq.conf \ | 50 | file://dnsmasq.conf \ |
51 | file://lxc-net \ | 51 | file://lxc-net \ |
52 | file://configure-skip-libseccomp-tests-if-it-is-disabled.patch \ | ||
53 | file://commands-fix-check-for-seccomp-notify-support.patch \ | ||
54 | " | 52 | " |
55 | 53 | ||
56 | SRC_URI[md5sum] = "732571c7cb4ab845068afb227bf35256" | 54 | SRC_URI[md5sum] = "365fcca985038910e19a1e0fff15ed07" |
57 | SRC_URI[sha256sum] = "9165dabc0bb6ef7f2fda2009aee90b20fbefe77ed8008347e9f06048eba1e463" | 55 | SRC_URI[sha256sum] = "1fcf0610e9140eceb4be2334eb537bb9c5a213faea77c793ab3c62b86f37e52b" |
58 | 56 | ||
59 | 57 | ||
60 | 58 | ||