2 files changed, 91 insertions, 0 deletions
diff --git a/recipes-containers/podman/podman/0002-Define-ActKillThread-equal-to-ActKill.patch b/recipes-containers/podman/podman/0002-Define-ActKillThread-equal-to-ActKill.patch
new file mode 100644
index 00000000..ba51d4ac
--- /dev/null
+++ b/recipes-containers/podman/podman/0002-Define-ActKillThread-equal-to-ActKill.patch
@@ -0,0 +1,90 @@
+From f2aa0359bcc776239bda8a4eb84957b97ef55c35 Mon Sep 17 00:00:00 2001
+From: Tonis Tiigi <tonistiigi@gmail.com>
+Date: Fri, 28 Jan 2022 14:44:56 -0800
+Subject: [PATCH] Define ActKillThread equal to ActKill
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+These constants are equal in libseccomp but Go definitions
+were defined separately. This resulted in dead code that
+never executed due to identical case statements in switch.
+Go can usually detect these error cases and refuses to build
+but for some reason this detection doesn’t work with cgo+gcc.
+Clang detects the equal constants correctly and therefore
+libseccomp-golang builds with clang broke after ActKillThread
+was added.
+In order to fix the clang build only removal of the
+switch case is needed. But I assumed that the setter/getter
+logic is supposed to work for ActKillThread as well
+and only way to ensure that is to set them equal like they
+are in C.
+Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
+Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
+Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
+Signed-off-by: Paul Moore <paul@paul-moore.com>
+Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
+Upstream-status: Backport [https://github.com/seccomp/libseccomp-golang/commit/c35397d0ea8f285a0be78693bb2fd37b06952453]
+---
+ seccomp.go          | 8 ++++----
+ seccomp_internal.go | 4 ----
+ 2 files changed, 4 insertions(+), 8 deletions(-)
+diff --git a/seccomp.go b/seccomp.go
+index e9b92e2..32f6ab2 100644
+--- a/seccomp.go
+++ b/seccomp.go
+@@ -214,14 +214,14 @@ const (
+        // This action is only usable when libseccomp API level 3 or higher is
+        // supported.
+        ActLog ScmpAction = iota
+-       // ActKillThread kills the thread that violated the rule. It is the same as ActKill.
+-       // All other threads from the same thread group will continue to execute.
+-       ActKillThread ScmpAction = iota
+        // ActKillProcess kills the process that violated the rule.
+        // All threads in the thread group are also terminated.
+        // This action is only usable when libseccomp API level 3 or higher is
+        // supported.
+        ActKillProcess ScmpAction = iota
+       // ActKillThread kills the thread that violated the rule. It is the same as ActKill.
+       // All other threads from the same thread group will continue to execute.
+       ActKillThread = ActKill
+ )
+ 
+ const (
+@@ -394,7 +394,7 @@ func (a ScmpCompareOp) String() string {
+ // String returns a string representation of a seccomp match action
+ func (a ScmpAction) String() string {
+        switch a & 0xFFFF {
+-       case ActKill, ActKillThread:
+       case ActKillThread:
+                return "Action: Kill thread"
+        case ActKillProcess:
+                return "Action: Kill process"
+diff --git a/seccomp_internal.go b/seccomp_internal.go
+index 8dc7b29..8fc9914 100644
+--- a/seccomp_internal.go
+++ b/seccomp_internal.go
+@@ -612,8 +612,6 @@ func (a ScmpCompareOp) toNative() C.int {
+ func actionFromNative(a C.uint32_t) (ScmpAction, error) {
+        aTmp := a & 0xFFFF
+        switch a & 0xFFFF0000 {
+-       case C.C_ACT_KILL:
+-               return ActKill, nil
+        case C.C_ACT_KILL_PROCESS:
+                return ActKillProcess, nil
+        case C.C_ACT_KILL_THREAD:
+@@ -638,8 +636,6 @@ func actionFromNative(a C.uint32_t) (ScmpAction, error) {
+ // Only use with sanitized actions, no error handling
+ func (a ScmpAction) toNative() C.uint32_t {
+        switch a & 0xFFFF {
+-       case ActKill:
+-               return C.C_ACT_KILL
+        case ActKillProcess:
+                return C.C_ACT_KILL_PROCESS
+        case ActKillThread:
+-- 
+2.25.1
diff --git a/recipes-containers/podman/podman_git.bb b/recipes-containers/podman/podman_git.bb
index 73d3c931..2bbc4dc1 100644
--- a/recipes-containers/podman/podman_git.bb
+++ b/recipes-containers/podman/podman_git.bb
@@ -21,6 +21,7 @@ SRCREV = "cedbbfa543651a13055a1fe093a4d0a2a28ccdfd"
 SRC_URI = " \
    git://github.com/containers/libpod.git;branch=v4.1;protocol=https \
    file://0001-Rename-BUILDFLAGS-to-GOBUILDFLAGS.patch;patchdir=src/import \
+    file://0002-Define-ActKillThread-equal-to-ActKill.patch;patchdir=src/import/vendor/github.com/seccomp/libseccomp-golang \
    ${@bb.utils.contains('PACKAGECONFIG', 'rootless', 'file://00-podman-rootless.conf', '', d)} \
 "

diff --git a/recipes-containers/podman/podman/0002-Define-ActKillThread-equal-to-ActKill.patch b/recipes-containers/podman/podman/0002-Define-ActKillThread-equal-to-ActKill.patch new file mode 100644 index 00000000..ba51d4ac --- /dev/null +++ b/recipes-containers/podman/podman/0002-Define-ActKillThread-equal-to-ActKill.patch
@@ -0,0 +1,90 @@
		1	From f2aa0359bcc776239bda8a4eb84957b97ef55c35 Mon Sep 17 00:00:00 2001
		2	From: Tonis Tiigi <tonistiigi@gmail.com>
		3	Date: Fri, 28 Jan 2022 14:44:56 -0800
		4	Subject: [PATCH] Define ActKillThread equal to ActKill
		5	MIME-Version: 1.0
		6	Content-Type: text/plain; charset=UTF-8
		7	Content-Transfer-Encoding: 8bit
		8
		9	These constants are equal in libseccomp but Go definitions
		10	were defined separately. This resulted in dead code that
		11	never executed due to identical case statements in switch.
		12	Go can usually detect these error cases and refuses to build
		13	but for some reason this detection doesn’t work with cgo+gcc.
		14	Clang detects the equal constants correctly and therefore
		15	libseccomp-golang builds with clang broke after ActKillThread
		16	was added.
		17
		18	In order to fix the clang build only removal of the
		19	switch case is needed. But I assumed that the setter/getter
		20	logic is supposed to work for ActKillThread as well
		21	and only way to ensure that is to set them equal like they
		22	are in C.
		23
		24	Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
		25	Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
		26	Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
		27	Signed-off-by: Paul Moore <paul@paul-moore.com>
		28	Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
		29	Upstream-status: Backport [https://github.com/seccomp/libseccomp-golang/commit/c35397d0ea8f285a0be78693bb2fd37b06952453]
		30	---
		31	seccomp.go \| 8 ++++----
		32	seccomp_internal.go \| 4 ----
		33	2 files changed, 4 insertions(+), 8 deletions(-)
		34
		35	diff --git a/seccomp.go b/seccomp.go
		36	index e9b92e2..32f6ab2 100644
		37	--- a/seccomp.go
		38	+++ b/seccomp.go
		39	@@ -214,14 +214,14 @@ const (
		40	// This action is only usable when libseccomp API level 3 or higher is
		41	// supported.
		42	ActLog ScmpAction = iota
		43	- // ActKillThread kills the thread that violated the rule. It is the same as ActKill.
		44	- // All other threads from the same thread group will continue to execute.
		45	- ActKillThread ScmpAction = iota
		46	// ActKillProcess kills the process that violated the rule.
		47	// All threads in the thread group are also terminated.
		48	// This action is only usable when libseccomp API level 3 or higher is
		49	// supported.
		50	ActKillProcess ScmpAction = iota
		51	+ // ActKillThread kills the thread that violated the rule. It is the same as ActKill.
		52	+ // All other threads from the same thread group will continue to execute.
		53	+ ActKillThread = ActKill
		54	)
		55
		56	const (
		57	@@ -394,7 +394,7 @@ func (a ScmpCompareOp) String() string {
		58	// String returns a string representation of a seccomp match action
		59	func (a ScmpAction) String() string {
		60	switch a & 0xFFFF {
		61	- case ActKill, ActKillThread:
		62	+ case ActKillThread:
		63	return "Action: Kill thread"
		64	case ActKillProcess:
		65	return "Action: Kill process"
		66	diff --git a/seccomp_internal.go b/seccomp_internal.go
		67	index 8dc7b29..8fc9914 100644
		68	--- a/seccomp_internal.go
		69	+++ b/seccomp_internal.go
		70	@@ -612,8 +612,6 @@ func (a ScmpCompareOp) toNative() C.int {
		71	func actionFromNative(a C.uint32_t) (ScmpAction, error) {
		72	aTmp := a & 0xFFFF
		73	switch a & 0xFFFF0000 {
		74	- case C.C_ACT_KILL:
		75	- return ActKill, nil
		76	case C.C_ACT_KILL_PROCESS:
		77	return ActKillProcess, nil
		78	case C.C_ACT_KILL_THREAD:
		79	@@ -638,8 +636,6 @@ func actionFromNative(a C.uint32_t) (ScmpAction, error) {
		80	// Only use with sanitized actions, no error handling
		81	func (a ScmpAction) toNative() C.uint32_t {
		82	switch a & 0xFFFF {
		83	- case ActKill:
		84	- return C.C_ACT_KILL
		85	case ActKillProcess:
		86	return C.C_ACT_KILL_PROCESS
		87	case ActKillThread:
		88	--
		89	2.25.1
		90


diff --git a/recipes-containers/podman/podman_git.bb b/recipes-containers/podman/podman_git.bb index 73d3c931..2bbc4dc1 100644 --- a/recipes-containers/podman/podman_git.bb +++ b/recipes-containers/podman/podman_git.bb
@@ -21,6 +21,7 @@ SRCREV = "cedbbfa543651a13055a1fe093a4d0a2a28ccdfd"
21	SRC_URI = " \	21	SRC_URI = " \
22	git://github.com/containers/libpod.git;branch=v4.1;protocol=https \	22	git://github.com/containers/libpod.git;branch=v4.1;protocol=https \
23	file://0001-Rename-BUILDFLAGS-to-GOBUILDFLAGS.patch;patchdir=src/import \	23	file://0001-Rename-BUILDFLAGS-to-GOBUILDFLAGS.patch;patchdir=src/import \
		24	file://0002-Define-ActKillThread-equal-to-ActKill.patch;patchdir=src/import/vendor/github.com/seccomp/libseccomp-golang \
24	${@bb.utils.contains('PACKAGECONFIG', 'rootless', 'file://00-podman-rootless.conf', '', d)} \	25	${@bb.utils.contains('PACKAGECONFIG', 'rootless', 'file://00-podman-rootless.conf', '', d)} \
25	"	26	"
26		27