Hello community, here is the log from the commit of package lxc for openSUSE:Factory checked in at 2015-11-17 14:23:34 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/lxc (Old) and /work/SRC/openSUSE:Factory/.lxc.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lxc" Changes: -------- --- /work/SRC/openSUSE:Factory/lxc/lxc.changes 2015-10-17 16:39:01.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.lxc.new/lxc.changes 2015-11-17 14:23:35.000000000 +0100 @@ -1,0 +2,5 @@ +Tue Nov 17 09:52:17 UTC 2015 - [email protected] + +- Update to 1.1.5 + +------------------------------------------------------------------- Old: ---- lxc-1.1.4.tar.gz New: ---- lxc-1.1.5.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lxc.spec ++++++ --- /var/tmp/diff_new_pack.ILrlwC/_old 2015-11-17 14:23:36.000000000 +0100 +++ /var/tmp/diff_new_pack.ILrlwC/_new 2015-11-17 14:23:36.000000000 +0100 @@ -17,7 +17,7 @@ Name: lxc -Version: 1.1.4 +Version: 1.1.5 Release: 0 Url: http://linuxcontainers.org/ Summary: Userspace tools for the Linux kernel containers ++++++ lxc-1.1.4.tar.gz -> lxc-1.1.5.tar.gz ++++++ ++++ 4872 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/lxc-1.1.4/config/compile new/lxc-1.1.5/config/compile --- old/lxc-1.1.4/config/compile 2015-10-06 16:18:30.000000000 +0200 +++ new/lxc-1.1.5/config/compile 2015-11-09 17:26:02.000000000 +0100 @@ -3,7 +3,7 @@ scriptversion=2012-10-14.11; # UTC -# Copyright (C) 1999-2014 Free Software Foundation, Inc. +# Copyright (C) 1999-2013 Free Software Foundation, Inc. # Written by Tom Tromey <[email protected]>. # # This program is free software; you can redistribute it and/or modify diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/lxc-1.1.4/config/init/systemd/lxc-net.service.in new/lxc-1.1.5/config/init/systemd/lxc-net.service.in --- old/lxc-1.1.4/config/init/systemd/lxc-net.service.in 2015-10-06 16:18:16.000000000 +0200 +++ new/lxc-1.1.5/config/init/systemd/lxc-net.service.in 2015-11-09 17:25:59.000000000 +0100 @@ -1,6 +1,6 @@ [Unit] Description=LXC network bridge setup -After=network.target +After=network-online.target Before=lxc.service [Service] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/lxc-1.1.4/config/missing new/lxc-1.1.5/config/missing --- old/lxc-1.1.4/config/missing 2015-10-06 16:18:30.000000000 +0200 +++ new/lxc-1.1.5/config/missing 2015-11-09 17:26:02.000000000 +0100 @@ -3,7 +3,7 @@ scriptversion=2013-10-28.13; # UTC -# Copyright (C) 1996-2014 Free Software Foundation, Inc. +# Copyright (C) 1996-2013 Free Software Foundation, Inc. # Originally written by Fran,cois Pinard <[email protected]>, 1996. # This program is free software; you can redistribute it and/or modify diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/lxc-1.1.4/configure.ac new/lxc-1.1.5/configure.ac --- old/lxc-1.1.4/configure.ac 2015-10-06 16:18:16.000000000 +0200 +++ new/lxc-1.1.5/configure.ac 2015-11-09 17:25:59.000000000 +0100 @@ -3,7 +3,7 @@ m4_define([lxc_version_major], 1) m4_define([lxc_version_minor], 1) -m4_define([lxc_version_micro], 4) +m4_define([lxc_version_micro], 5) m4_define([lxc_version_beta], []) m4_define([lxc_version_base], [lxc_version_major.lxc_version_minor.lxc_version_micro]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/lxc-1.1.4/lxc.spec new/lxc-1.1.5/lxc.spec --- old/lxc-1.1.4/lxc.spec 2015-10-06 16:18:36.000000000 +0200 +++ new/lxc-1.1.5/lxc.spec 2015-11-09 17:26:20.000000000 +0100 @@ -60,7 +60,7 @@ %endif Name: lxc -Version: 1.1.4 +Version: 1.1.5 Release: %{?beta_rel:0.1.%{beta_rel}}%{?!beta_rel:%{norm_rel}}%{?dist} URL: http://linuxcontainers.org Source: http://linuxcontainers.org/downloads/%{name}-%{version}%{?beta_dot}.tar.gz diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/lxc-1.1.4/src/lxc/cgfs.c new/lxc-1.1.5/src/lxc/cgfs.c --- old/lxc-1.1.4/src/lxc/cgfs.c 2015-10-06 16:18:16.000000000 +0200 +++ new/lxc-1.1.5/src/lxc/cgfs.c 2015-11-09 17:25:59.000000000 +0100 @@ -1220,6 +1220,7 @@ info = find_info_for_subsystem(info, subsystem); if (!info) return NULL; + prune_init_scope(info->cgroup_path); return info->cgroup_path; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/lxc-1.1.4/src/lxc/cgmanager.c new/lxc-1.1.5/src/lxc/cgmanager.c --- old/lxc-1.1.4/src/lxc/cgmanager.c 2015-10-06 16:18:16.000000000 +0200 +++ new/lxc-1.1.5/src/lxc/cgmanager.c 2015-11-09 17:25:59.000000000 +0100 @@ -776,6 +776,7 @@ nerr = nih_error_get(); nih_free(nerr); } + prune_init_scope(cgroup); return cgroup; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/lxc-1.1.4/src/lxc/cgroup.c new/lxc-1.1.5/src/lxc/cgroup.c --- old/lxc-1.1.4/src/lxc/cgroup.c 2015-10-06 16:18:16.000000000 +0200 +++ new/lxc-1.1.5/src/lxc/cgroup.c 2015-11-09 17:25:59.000000000 +0100 @@ -194,3 +194,17 @@ { return ops->driver; } + +#define INIT_SCOPE "/init.scope" +void prune_init_scope(char *cg) +{ + char *point = cg + strlen(cg) - strlen(INIT_SCOPE); + if (point < cg) + return; + if (strcmp(point, INIT_SCOPE) == 0) { + if (point == cg) + *(point+1) = '\0'; + else + *point = '\0'; + } +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/lxc-1.1.4/src/lxc/cgroup.h new/lxc-1.1.5/src/lxc/cgroup.h --- old/lxc-1.1.4/src/lxc/cgroup.h 2015-10-06 16:18:16.000000000 +0200 +++ new/lxc-1.1.5/src/lxc/cgroup.h 2015-11-09 17:25:59.000000000 +0100 @@ -80,4 +80,6 @@ extern void cgroup_disconnect(void); extern cgroup_driver_t cgroup_driver(void); +extern void prune_init_scope(char *cg); + #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/lxc-1.1.4/src/lxc/conf.c new/lxc-1.1.5/src/lxc/conf.c --- old/lxc-1.1.4/src/lxc/conf.c 2015-10-06 16:18:16.000000000 +0200 +++ new/lxc-1.1.5/src/lxc/conf.c 2015-11-09 17:25:59.000000000 +0100 @@ -1815,13 +1815,185 @@ } } +static char *ovl_get_rootfs_dir(const char *rootfs_path, size_t *rootfslen) +{ + char *rootfsdir = NULL; + char *s1 = NULL; + char *s2 = NULL; + char *s3 = NULL; + + if (!rootfs_path || !rootfslen) + return NULL; + + s1 = strdup(rootfs_path); + if (!s1) + return NULL; + + if ((s2 = strstr(s1, ":/"))) { + s2 = s2 + 1; + if ((s3 = strstr(s2, ":/"))) + *s3 = '\0'; + rootfsdir = strdup(s2); + if (!rootfsdir) { + free(s1); + return NULL; + } + } + + if (!rootfsdir) + rootfsdir = s1; + else + free(s1); + + *rootfslen = strlen(rootfsdir); + + return rootfsdir; +} + +static int mount_entry_create_overlay_dirs(const struct mntent *mntent, + const struct lxc_rootfs *rootfs, + const char *lxc_name, + const char *lxc_path) +{ + char lxcpath[MAXPATHLEN]; + char *rootfsdir = NULL; + char *upperdir = NULL; + char *workdir = NULL; + char **opts = NULL; + int fret = -1; + int ret = 0; + size_t arrlen = 0; + size_t dirlen = 0; + size_t i; + size_t len = 0; + size_t rootfslen = 0; + + if (!rootfs->path || !lxc_name || !lxc_path) + goto err; + + opts = lxc_string_split(mntent->mnt_opts, ','); + if (opts) + arrlen = lxc_array_len((void **)opts); + else + goto err; + + for (i = 0; i < arrlen; i++) { + if (strstr(opts[i], "upperdir=") && (strlen(opts[i]) > (len = strlen("upperdir=")))) + upperdir = opts[i] + len; + else if (strstr(opts[i], "workdir=") && (strlen(opts[i]) > (len = strlen("workdir=")))) + workdir = opts[i] + len; + } + + ret = snprintf(lxcpath, MAXPATHLEN, "%s/%s", lxc_path, lxc_name); + if (ret < 0 || ret >= MAXPATHLEN) + goto err; + + rootfsdir = ovl_get_rootfs_dir(rootfs->path, &rootfslen); + if (!rootfsdir) + goto err; + + dirlen = strlen(lxcpath); + + /* We neither allow users to create upperdirs and workdirs outside the + * containerdir nor inside the rootfs. The latter might be debatable. */ + if (upperdir) + if ((strncmp(upperdir, lxcpath, dirlen) == 0) && (strncmp(upperdir, rootfsdir, rootfslen) != 0)) + if (mkdir_p(upperdir, 0755) < 0) { + WARN("Failed to create upperdir"); + } + + if (workdir) + if ((strncmp(workdir, lxcpath, dirlen) == 0) && (strncmp(workdir, rootfsdir, rootfslen) != 0)) + if (mkdir_p(workdir, 0755) < 0) { + WARN("Failed to create workdir"); + } + + fret = 0; + +err: + free(rootfsdir); + lxc_free_array((void **)opts, free); + return fret; +} + +static int mount_entry_create_aufs_dirs(const struct mntent *mntent, + const struct lxc_rootfs *rootfs, + const char *lxc_name, + const char *lxc_path) +{ + char lxcpath[MAXPATHLEN]; + char *rootfsdir = NULL; + char *scratch = NULL; + char *tmp = NULL; + char *upperdir = NULL; + char **opts = NULL; + int fret = -1; + int ret = 0; + size_t arrlen = 0; + size_t i; + size_t len = 0; + size_t rootfslen = 0; + + if (!rootfs->path || !lxc_name || !lxc_path) + goto err; + + opts = lxc_string_split(mntent->mnt_opts, ','); + if (opts) + arrlen = lxc_array_len((void **)opts); + else + goto err; + + for (i = 0; i < arrlen; i++) { + if (strstr(opts[i], "br=") && (strlen(opts[i]) > (len = strlen("br=")))) + tmp = opts[i] + len; + } + if (!tmp) + goto err; + + upperdir = strtok_r(tmp, ":=", &scratch); + if (!upperdir) + goto err; + + ret = snprintf(lxcpath, MAXPATHLEN, "%s/%s", lxc_path, lxc_name); + if (ret < 0 || ret >= MAXPATHLEN) + goto err; + + rootfsdir = ovl_get_rootfs_dir(rootfs->path, &rootfslen); + if (!rootfsdir) + goto err; + + /* We neither allow users to create upperdirs outside the containerdir + * nor inside the rootfs. The latter might be debatable. */ + if ((strncmp(upperdir, lxcpath, strlen(lxcpath)) == 0) && (strncmp(upperdir, rootfsdir, rootfslen) != 0)) + if (mkdir_p(upperdir, 0755) < 0) { + WARN("Failed to create upperdir"); + } + + fret = 0; + +err: + free(rootfsdir); + lxc_free_array((void **)opts, free); + return fret; +} + + static int mount_entry_create_dir_file(const struct mntent *mntent, - const char* path) + const char* path, const struct lxc_rootfs *rootfs, + const char *lxc_name, const char *lxc_path) { char *pathdirname = NULL; int ret = 0; FILE *pathfile = NULL; + if (strncmp(mntent->mnt_type, "overlay", 7) == 0) { + if (mount_entry_create_overlay_dirs(mntent, rootfs, lxc_name, lxc_path) < 0) + return -1; + } else if (strncmp(mntent->mnt_type, "aufs", 4) == 0) { + if (mount_entry_create_aufs_dirs(mntent, rootfs, lxc_name, lxc_path) < 0) + return -1; + } + if (hasmntopt(mntent, "create=dir")) { if (mkdir_p(path, 0755) < 0) { WARN("Failed to create mount target '%s'", path); @@ -1839,23 +2011,24 @@ if (!pathfile) { WARN("Failed to create mount target '%s'", path); ret = -1; - } - else + } else { fclose(pathfile); + } } free(pathdirname); return ret; } static inline int mount_entry_on_generic(struct mntent *mntent, - const char* path, const char *rootfs) + const char* path, const struct lxc_rootfs *rootfs, + const char *lxc_name, const char *lxc_path) { unsigned long mntflags; char *mntdata; int ret; bool optional = hasmntopt(mntent, "optional") != NULL; - ret = mount_entry_create_dir_file(mntent, path); + ret = mount_entry_create_dir_file(mntent, path, rootfs, lxc_name, lxc_path); if (ret < 0) return optional ? 0 : -1; @@ -1867,22 +2040,23 @@ return -1; } - ret = mount_entry(mntent->mnt_fsname, path, mntent->mnt_type, - mntflags, mntdata, optional, rootfs); + ret = mount_entry(mntent->mnt_fsname, path, mntent->mnt_type, mntflags, + mntdata, optional, + rootfs->path ? rootfs->mount : NULL); free(mntdata); - return ret; } static inline int mount_entry_on_systemfs(struct mntent *mntent) { - return mount_entry_on_generic(mntent, mntent->mnt_dir, NULL); + return mount_entry_on_generic(mntent, mntent->mnt_dir, NULL, NULL, NULL); } static int mount_entry_on_absolute_rootfs(struct mntent *mntent, const struct lxc_rootfs *rootfs, - const char *lxc_name) + const char *lxc_name, + const char *lxc_path) { char *aux; char path[MAXPATHLEN]; @@ -1924,27 +2098,29 @@ return -1; } - return mount_entry_on_generic(mntent, path, rootfs->mount); + return mount_entry_on_generic(mntent, path, rootfs, lxc_name, lxc_path); } static int mount_entry_on_relative_rootfs(struct mntent *mntent, - const char *rootfs) + const struct lxc_rootfs *rootfs, + const char *lxc_name, + const char *lxc_path) { char path[MAXPATHLEN]; int ret; /* relative to root mount point */ - ret = snprintf(path, sizeof(path), "%s/%s", rootfs, mntent->mnt_dir); + ret = snprintf(path, sizeof(path), "%s/%s", rootfs->mount, mntent->mnt_dir); if (ret >= sizeof(path)) { ERROR("path name too long"); return -1; } - return mount_entry_on_generic(mntent, path, rootfs); + return mount_entry_on_generic(mntent, path, rootfs, lxc_name, lxc_path); } static int mount_file_entries(const struct lxc_rootfs *rootfs, FILE *file, - const char *lxc_name) + const char *lxc_name, const char *lxc_path) { struct mntent mntent; char buf[4096]; @@ -1960,13 +2136,12 @@ /* We have a separate root, mounts are relative to it */ if (mntent.mnt_dir[0] != '/') { - if (mount_entry_on_relative_rootfs(&mntent, - rootfs->mount)) + if (mount_entry_on_relative_rootfs(&mntent, rootfs, lxc_name, lxc_path)) goto out; continue; } - if (mount_entry_on_absolute_rootfs(&mntent, rootfs, lxc_name)) + if (mount_entry_on_absolute_rootfs(&mntent, rootfs, lxc_name, lxc_path)) goto out; } @@ -1978,7 +2153,7 @@ } static int setup_mount(const struct lxc_rootfs *rootfs, const char *fstab, - const char *lxc_name) + const char *lxc_name, const char *lxc_path) { FILE *file; int ret; @@ -1992,7 +2167,7 @@ return -1; } - ret = mount_file_entries(rootfs, file, lxc_name); + ret = mount_file_entries(rootfs, file, lxc_name, lxc_path); endmntent(file); return ret; @@ -2020,7 +2195,7 @@ } static int setup_mount_entries(const struct lxc_rootfs *rootfs, struct lxc_list *mount, - const char *lxc_name) + const char *lxc_name, const char *lxc_path) { FILE *file; int ret; @@ -2029,7 +2204,7 @@ if (!file) return -1; - ret = mount_file_entries(rootfs, file, lxc_name); + ret = mount_file_entries(rootfs, file, lxc_name, lxc_path); fclose(file); return ret; @@ -3736,12 +3911,12 @@ return -1; } - if (setup_mount(&lxc_conf->rootfs, lxc_conf->fstab, name)) { + if (setup_mount(&lxc_conf->rootfs, lxc_conf->fstab, name, lxcpath)) { ERROR("failed to setup the mounts for '%s'", name); return -1; } - if (!lxc_list_empty(&lxc_conf->mount_list) && setup_mount_entries(&lxc_conf->rootfs, &lxc_conf->mount_list, name)) { + if (!lxc_list_empty(&lxc_conf->mount_list) && setup_mount_entries(&lxc_conf->rootfs, &lxc_conf->mount_list, name, lxcpath)) { ERROR("failed to setup the mount entries for '%s'", name); return -1; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/lxc-1.1.4/src/lxc/confile.c new/lxc-1.1.5/src/lxc/confile.c --- old/lxc-1.1.4/src/lxc/confile.c 2015-10-06 16:18:16.000000000 +0200 +++ new/lxc-1.1.5/src/lxc/confile.c 2015-11-09 17:25:59.000000000 +0100 @@ -2546,8 +2546,105 @@ } } +bool clone_update_unexp_ovl_paths(struct lxc_conf *conf, const char *oldpath, + const char *newpath, const char *oldname, + const char *newname, const char *ovldir) +{ + const char *key = "lxc.mount.entry"; + int ret; + char *lstart = conf->unexpanded_config; + char *lend; + char *p; + char *q; + size_t newdirlen = strlen(ovldir) + strlen(newpath) + strlen(newname) + 2; + size_t olddirlen = strlen(ovldir) + strlen(oldpath) + strlen(oldname) + 2; + char *olddir = alloca(olddirlen + 1); + char *newdir = alloca(newdirlen + 1); + + ret = snprintf(olddir, olddirlen + 1, "%s=%s/%s", ovldir, oldpath, oldname); + if (ret < 0 || ret >= olddirlen + 1) { + ERROR("Bug in %s", __func__); + return false; + } + ret = snprintf(newdir, newdirlen + 1, "%s=%s/%s", ovldir, newpath, newname); + if (ret < 0 || ret >= newdirlen + 1) { + ERROR("Bug in %s", __func__); + return false; + } + if (!conf->unexpanded_config) + return true; + while (*lstart) { + lend = strchr(lstart, '\n'); + if (!lend) + lend = lstart + strlen(lstart); + else + lend++; + if (strncmp(lstart, key, strlen(key)) != 0) + goto next; + p = strchr(lstart + strlen(key), '='); + if (!p) + goto next; + p++; + while (isblank(*p)) + p++; + if (p >= lend) + goto next; + /* Whenever an lxc.mount.entry entry is found in a line we check + * if the substring " overlay" or the substring " aufs" is + * present before doing any further work. We check for " + * overlay" and " aufs" since both substrings need to have at + * least one space before them in a valid overlay + * lxc.mount.entry (/A B overlay). When the space before is + * missing it is very likely that these substrings are part of a + * path or something else. (Checking q >= lend ensures that we + * only count matches in the current line.) */ + if ((!(q = strstr(p, " overlay")) || q >= lend) && (!(q = strstr(p, " aufs")) || q >= lend)) + goto next; + if (!(q = strstr(p, olddir)) || (q >= lend)) + goto next; + + /* replace the olddir with newdir */ + if (olddirlen >= newdirlen) { + size_t diff = olddirlen - newdirlen; + memcpy(q, newdir, newdirlen); + if (olddirlen != newdirlen) { + memmove(q + newdirlen, q + newdirlen + diff, + strlen(q) - newdirlen - diff + 1); + lend -= diff; + conf->unexpanded_len -= diff; + } + } else { + char *new; + size_t diff = newdirlen - olddirlen; + size_t oldlen = conf->unexpanded_len; + size_t newlen = oldlen + diff; + size_t poffset = q - conf->unexpanded_config; + new = realloc(conf->unexpanded_config, newlen + 1); + if (!new) { + ERROR("Out of memory"); + return false; + } + conf->unexpanded_len = newlen; + conf->unexpanded_alloced = newlen + 1; + new[newlen - 1] = '\0'; + lend = new + (lend - conf->unexpanded_config); + /* move over the remainder to make room for the newdir */ + memmove(new + poffset + newdirlen, + new + poffset + olddirlen, + oldlen - poffset - olddirlen + 1); + conf->unexpanded_config = new; + memcpy(new + poffset, newdir, newdirlen); + lend += diff; + } +next: + lstart = lend; + } + return true; +} + bool clone_update_unexp_hooks(struct lxc_conf *conf, const char *oldpath, - const char *newpath, const char *oldname, const char *newname) + const char *newpath, const char *oldname, + const char *newname) { const char *key = "lxc.hook"; int ret; @@ -2557,13 +2654,13 @@ char *olddir = alloca(olddirlen + 1); char *newdir = alloca(newdirlen + 1); - ret = snprintf(olddir, olddirlen+1, "%s/%s", oldpath, oldname); - if (ret < 0 || ret >= olddirlen+1) { + ret = snprintf(olddir, olddirlen + 1, "%s/%s", oldpath, oldname); + if (ret < 0 || ret >= olddirlen + 1) { ERROR("Bug in %s", __func__); return false; } - ret = snprintf(newdir, newdirlen+1, "%s/%s", newpath, newname); - if (ret < 0 || ret >= newdirlen+1) { + ret = snprintf(newdir, newdirlen + 1, "%s/%s", newpath, newname); + if (ret < 0 || ret >= newdirlen + 1) { ERROR("Bug in %s", __func__); return false; } @@ -2575,56 +2672,53 @@ lend = lstart + strlen(lstart); else lend++; - if (strncmp(lstart, key, strlen(key)) != 0) { - lstart = lend; - continue; - } - p = strchr(lstart+strlen(key), '='); - if (!p) { - lstart = lend; - continue; - } + if (strncmp(lstart, key, strlen(key)) != 0) + goto next; + p = strchr(lstart + strlen(key), '='); + if (!p) + goto next; p++; while (isblank(*p)) p++; - if (!*p) - return true; - if (strncmp(p, olddir, strlen(olddir)) != 0) { - lstart = lend; - continue; - } + if (p >= lend) + goto next; + if (strncmp(p, olddir, strlen(olddir)) != 0) + goto next; /* replace the olddir with newdir */ if (olddirlen >= newdirlen) { size_t diff = olddirlen - newdirlen; memcpy(p, newdir, newdirlen); if (olddirlen != newdirlen) { - memmove(lend-diff, lend, strlen(lend)+1); + memmove(p + newdirlen, p + newdirlen + diff, + strlen(p) - newdirlen - diff + 1); lend -= diff; conf->unexpanded_len -= diff; } - lstart = lend; } else { char *new; size_t diff = newdirlen - olddirlen; size_t oldlen = conf->unexpanded_len; size_t newlen = oldlen + diff; size_t poffset = p - conf->unexpanded_config; - new = realloc(conf->unexpanded_config, newlen); + new = realloc(conf->unexpanded_config, newlen + 1); if (!new) { ERROR("Out of memory"); return false; } conf->unexpanded_len = newlen; - new[newlen-1] = '\0'; + conf->unexpanded_alloced = newlen + 1; + new[newlen - 1] = '\0'; lend = new + (lend - conf->unexpanded_config); - /* move over the remainder, /$hookname\n$rest */ - memmove(new+poffset+newdirlen, - new+poffset+olddirlen, - oldlen-poffset-olddirlen); + /* move over the remainder to make room for the newdir */ + memmove(new + poffset + newdirlen, + new + poffset + olddirlen, + oldlen - poffset - olddirlen + 1); conf->unexpanded_config = new; - memcpy(new+poffset, newdir, newdirlen); - lstart = lend + diff; + memcpy(new + poffset, newdir, newdirlen); + lend += diff; } +next: + lstart = lend; } return true; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/lxc-1.1.4/src/lxc/confile.h new/lxc-1.1.5/src/lxc/confile.h --- old/lxc-1.1.4/src/lxc/confile.h 2015-10-06 16:18:16.000000000 +0200 +++ new/lxc-1.1.5/src/lxc/confile.h 2015-11-09 17:25:59.000000000 +0100 @@ -61,5 +61,8 @@ extern void clear_unexp_config_line(struct lxc_conf *conf, const char *key, bool rm_subkeys); extern bool clone_update_unexp_hooks(struct lxc_conf *conf, const char *oldpath, const char *newpath, const char *oldname, const char *newmame); +bool clone_update_unexp_ovl_paths(struct lxc_conf *conf, const char *oldpath, + const char *newpath, const char *oldname, + const char *newname, const char *ovldir); extern bool network_new_hwaddrs(struct lxc_conf *conf); #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/lxc-1.1.4/src/lxc/criu.c new/lxc-1.1.5/src/lxc/criu.c --- old/lxc-1.1.4/src/lxc/criu.c 2015-10-06 16:18:16.000000000 +0200 +++ new/lxc-1.1.5/src/lxc/criu.c 2015-11-09 17:25:59.000000000 +0100 @@ -178,7 +178,10 @@ veth = n->priv.veth_attr.pair; - ret = snprintf(buf, sizeof(buf), "%s=%s@%s", eth, veth, n->link); + if (n->link) + ret = snprintf(buf, sizeof(buf), "%s=%s@%s", eth, veth, n->link); + else + ret = snprintf(buf, sizeof(buf), "%s=%s", eth, veth); if (ret < 0 || ret >= sizeof(buf)) goto err; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/lxc-1.1.4/src/lxc/lxc_usernsexec.c new/lxc-1.1.5/src/lxc/lxc_usernsexec.c --- old/lxc-1.1.4/src/lxc/lxc_usernsexec.c 2015-10-06 16:18:16.000000000 +0200 +++ new/lxc-1.1.5/src/lxc/lxc_usernsexec.c 2015-11-09 17:25:59.000000000 +0100 @@ -74,8 +74,11 @@ exit(1); } -static void opentty(const char * tty) { - int i, fd, flags; +static void opentty(const char * tty, int which) { + int fd, flags; + + if (tty[0] == '\0') + return; fd = open(tty, O_RDWR | O_NONBLOCK); if (fd == -1) { @@ -90,13 +93,11 @@ return; } - for (i = 0; i < fd; i++) - close(i); - for (i = 0; i < 3; i++) - if (fd != i) - dup2(fd, i); - if (fd >= 3) + close(which); + if (fd != which) { + dup2(fd, which); close(fd); + } } // Code copy end @@ -265,7 +266,7 @@ { int c; unsigned long flags = CLONE_NEWUSER | CLONE_NEWNS; - char ttyname[256]; + char ttyname0[256], ttyname1[256], ttyname2[256]; int status; int ret; int pid; @@ -274,11 +275,25 @@ int pipe1[2], // child tells parent it has unshared pipe2[2]; // parent tells child it is mapped and may proceed - memset(ttyname, '\0', sizeof(ttyname)); - ret = readlink("/proc/self/fd/0", ttyname, sizeof(ttyname)); - if (ret < 0) { - perror("readlink on fd 0"); - exit(1); + memset(ttyname0, '\0', sizeof(ttyname0)); + memset(ttyname1, '\0', sizeof(ttyname1)); + memset(ttyname2, '\0', sizeof(ttyname2)); + if (isatty(0)) { + ret = readlink("/proc/self/fd/0", ttyname0, sizeof(ttyname0)); + if (ret < 0) { + perror("unable to open stdin."); + exit(1); + } + ret = readlink("/proc/self/fd/1", ttyname1, sizeof(ttyname1)); + if (ret < 0) { + printf("Warning: unable to open stdout, continuing."); + memset(ttyname1, '\0', sizeof(ttyname1)); + } + ret = readlink("/proc/self/fd/2", ttyname2, sizeof(ttyname2)); + if (ret < 0) { + printf("Warning: unable to open stderr, continueing."); + memset(ttyname2, '\0', sizeof(ttyname2)); + } } lxc_list_init(&active_map); @@ -315,7 +330,9 @@ close(pipe1[0]); close(pipe2[1]); - opentty(ttyname); + opentty(ttyname0, 0); + opentty(ttyname1, 1); + opentty(ttyname2, 2); ret = unshare(flags); if (ret < 0) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/lxc-1.1.4/src/lxc/lxccontainer.c new/lxc-1.1.5/src/lxc/lxccontainer.c --- old/lxc-1.1.4/src/lxc/lxccontainer.c 2015-10-06 16:18:16.000000000 +0200 +++ new/lxc-1.1.5/src/lxc/lxccontainer.c 2015-11-09 17:25:59.000000000 +0100 @@ -636,6 +636,10 @@ /* container exists */ if (!c) return false; + + /* If anything fails before we set error_num, we want an error in there */ + c->error_num = 1; + /* container has been setup */ if (!c->lxc_conf) return false; @@ -2772,6 +2776,102 @@ return ret; } +/* When we clone a container with overlay lxc.mount.entry entries we need to +* update absolute paths for upper- and workdir. This update is done in two +* locations: lxc_conf->unexpanded_config and lxc_conf->mount_list. Both updates +* are done independent of each other since lxc_conf->mountlist may container +* more mount entries (e.g. from other included files) than +* lxc_conf->unexpanded_config . */ +static int update_ovl_paths(struct lxc_conf *lxc_conf, const char *lxc_path, + const char *lxc_name, const char *newpath, + const char *newname) +{ + char new_upper[MAXPATHLEN]; + char new_work[MAXPATHLEN]; + char old_upper[MAXPATHLEN]; + char old_work[MAXPATHLEN]; + char *cleanpath = NULL; + int i; + int fret = -1; + int ret = 0; + struct lxc_list *iterator; + const char *ovl_dirs[] = {"br", "upperdir", "workdir"}; + + cleanpath = strdup(newpath); + if (!cleanpath) + goto err; + + remove_trailing_slashes(cleanpath); + + /* We have to update lxc_conf->unexpanded_config separately from + * lxc_conf->mount_list. */ + for (i = 0; i < sizeof(ovl_dirs) / sizeof(ovl_dirs[0]); i++) { + if (!clone_update_unexp_ovl_paths(lxc_conf, lxc_path, newpath, + lxc_name, newname, + ovl_dirs[i])) + goto err; + } + + ret = snprintf(old_work, MAXPATHLEN, "workdir=%s/%s", lxc_path, lxc_name); + if (ret < 0 || ret >= MAXPATHLEN) + goto err; + + ret = snprintf(new_work, MAXPATHLEN, "workdir=%s/%s", cleanpath, newname); + if (ret < 0 || ret >= MAXPATHLEN) + goto err; + + lxc_list_for_each(iterator, &lxc_conf->mount_list) { + char *mnt_entry = NULL; + char *new_mnt_entry = NULL; + char *tmp = NULL; + char *tmp_mnt_entry = NULL; + mnt_entry = iterator->elem; + + if (strstr(mnt_entry, "overlay")) + tmp = "upperdir"; + else if (strstr(mnt_entry, "aufs")) + tmp = "br"; + + if (!tmp) + continue; + + ret = snprintf(old_upper, MAXPATHLEN, "%s=%s/%s", tmp, lxc_path, lxc_name); + if (ret < 0 || ret >= MAXPATHLEN) + goto err; + + ret = snprintf(new_upper, MAXPATHLEN, "%s=%s/%s", tmp, cleanpath, newname); + if (ret < 0 || ret >= MAXPATHLEN) + goto err; + + if (strstr(mnt_entry, old_upper)) { + tmp_mnt_entry = lxc_string_replace(old_upper, new_upper, mnt_entry); + } + + if (strstr(mnt_entry, old_work)) { + if (tmp_mnt_entry) + new_mnt_entry = lxc_string_replace(old_work, new_work, tmp_mnt_entry); + else + new_mnt_entry = lxc_string_replace(old_work, new_work, mnt_entry); + } + + if (new_mnt_entry) { + free(iterator->elem); + iterator->elem = strdup(new_mnt_entry); + } else if (tmp_mnt_entry) { + free(iterator->elem); + iterator->elem = strdup(tmp_mnt_entry); + } + + free(new_mnt_entry); + free(tmp_mnt_entry); + } + + fret = 0; +err: + free(cleanpath); + return fret; +} + static struct lxc_container *do_lxcapi_clone(struct lxc_container *c, const char *newname, const char *lxcpath, int flags, const char *bdevtype, const char *bdevdata, uint64_t newsize, @@ -2887,6 +2987,10 @@ } } + // update absolute paths for overlay mount directories + if (update_ovl_paths(c2->lxc_conf, c->config_path, c->name, lxcpath, newname) < 0) + goto out; + // We've now successfully created c2's storage, so clear it out if we // fail after this storage_copied = 1; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/lxc-1.1.4/src/lxc/start.c new/lxc-1.1.5/src/lxc/start.c --- old/lxc-1.1.4/src/lxc/start.c 2015-10-06 16:18:16.000000000 +0200 +++ new/lxc-1.1.5/src/lxc/start.c 2015-11-09 17:25:59.000000000 +0100 @@ -117,14 +117,15 @@ } } -static int preserve_ns(int ns_fd[LXC_NS_MAX], int clone_flags) { +static int preserve_ns(int ns_fd[LXC_NS_MAX], int clone_flags, pid_t pid) { int i, saved_errno; char path[MAXPATHLEN]; for (i = 0; i < LXC_NS_MAX; i++) ns_fd[i] = -1; - if (access("/proc/self/ns", X_OK)) { + snprintf(path, MAXPATHLEN, "/proc/%d/ns", pid); + if (access(path, X_OK)) { WARN("Kernel does not support attach; preserve_ns ignored"); return 0; } @@ -132,7 +133,8 @@ for (i = 0; i < LXC_NS_MAX; i++) { if ((clone_flags & ns_info[i].clone_flag) == 0) continue; - snprintf(path, MAXPATHLEN, "/proc/self/ns/%s", ns_info[i].proc_name); + snprintf(path, MAXPATHLEN, "/proc/%d/ns/%s", pid, + ns_info[i].proc_name); ns_fd[i] = open(path, O_RDONLY | O_CLOEXEC); if (ns_fd[i] < 0) goto error; @@ -370,6 +372,7 @@ struct lxc_handler *lxc_init(const char *name, struct lxc_conf *conf, const char *lxcpath) { + int i; struct lxc_handler *handler; handler = malloc(sizeof(*handler)); @@ -383,6 +386,9 @@ handler->lxcpath = lxcpath; handler->pinfd = -1; + for (i = 0; i < LXC_NS_MAX; i++) + handler->nsfd[i] = -1; + lsm_init(); handler->name = strdup(name); @@ -473,10 +479,19 @@ void lxc_fini(const char *name, struct lxc_handler *handler) { + int i; + /* The STOPPING state is there for future cleanup code * which can take awhile */ lxc_set_state(name, handler, STOPPING); + + for (i = 0; i < LXC_NS_MAX; i++) { + if (handler->nsfd[i] != -1) { + close(handler->nsfd[i]); + handler->nsfd[i] = -1; + } + } lxc_set_state(name, handler, STOPPED); if (run_lxc_hooks(name, "post-stop", handler->conf, handler->lxcpath, NULL)) @@ -953,7 +968,7 @@ INFO("failed to pin the container's rootfs"); } - if (preserve_ns(saved_ns_fd, preserve_mask) < 0) + if (preserve_ns(saved_ns_fd, preserve_mask, getpid()) < 0) goto out_delete_net; if (attach_ns(handler->conf->inherit_ns_fd) < 0) goto out_delete_net; @@ -974,6 +989,11 @@ goto out_delete_net; } + if (preserve_ns(handler->nsfd, handler->clone_flags, handler->pid) < 0) { + ERROR("failed to store namespace references"); + goto out_delete_net; + } + if (attach_ns(saved_ns_fd)) WARN("failed to restore saved namespaces"); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/lxc-1.1.4/src/lxc/start.h new/lxc-1.1.5/src/lxc/start.h --- old/lxc-1.1.4/src/lxc/start.h 2015-10-06 16:18:16.000000000 +0200 +++ new/lxc-1.1.5/src/lxc/start.h 2015-11-09 17:25:59.000000000 +0100 @@ -75,6 +75,7 @@ void *cgroup_data; int ttysock[2]; // socketpair for child->parent tty fd passing bool backgrounded; // indicates whether should we close std{in,out,err} on start + int nsfd[LXC_NS_MAX]; }; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/lxc-1.1.4/src/lxc/utils.c new/lxc-1.1.5/src/lxc/utils.c --- old/lxc-1.1.4/src/lxc/utils.c 2015-10-06 16:18:16.000000000 +0200 +++ new/lxc-1.1.5/src/lxc/utils.c 2015-11-09 17:25:59.000000000 +0100 @@ -51,20 +51,25 @@ #define PR_SET_MM 35 #endif -#ifndef PR_SET_MM_ARG_START -#define PR_SET_MM_ARG_START 8 -#endif - -#ifndef PR_SET_MM_ARG_END -#define PR_SET_MM_ARG_END 9 -#endif - -#ifndef PR_SET_MM_ENV_START -#define PR_SET_MM_ENV_START 10 -#endif +#ifndef PR_SET_MM_MAP +#define PR_SET_MM_MAP 14 -#ifndef PR_SET_MM_ENV_END -#define PR_SET_MM_ENV_END 11 +struct prctl_mm_map { + uint64_t start_code; + uint64_t end_code; + uint64_t start_data; + uint64_t end_data; + uint64_t start_brk; + uint64_t brk; + uint64_t start_stack; + uint64_t arg_start; + uint64_t arg_end; + uint64_t env_start; + uint64_t env_end; + uint64_t *auxv; + uint32_t auxv_size; + uint32_t exe_fd; +}; #endif #ifndef O_PATH @@ -1347,7 +1352,15 @@ char buf[2048], *tmp; FILE *f; int i, len, ret = 0; - unsigned long arg_start, arg_end, env_start, env_end; + + /* We don't really need to know all of this stuff, but unfortunately + * PR_SET_MM_MAP requires us to set it all at once, so we have to + * figure it out anyway. + */ + unsigned long start_data, end_data, start_brk, start_code, end_code, + start_stack, arg_start, arg_end, env_start, env_end, + brk_val; + struct prctl_mm_map prctl_map; f = fopen_cloexec("/proc/self/stat", "r"); if (!f) { @@ -1360,23 +1373,42 @@ return -1; } - /* Skip the first 47 fields, column 48-51 are ARG_START and - * ARG_END. */ + /* Skip the first 25 fields, column 26-28 are start_code, end_code, + * and start_stack */ tmp = strchr(buf, ' '); - for (i = 0; i < 46; i++) { + for (i = 0; i < 24; i++) { if (!tmp) return -1; tmp = strchr(tmp+1, ' '); } - if (!tmp) return -1; - i = sscanf(tmp, "%lu %lu %lu %lu", &arg_start, &arg_end, &env_start, &env_end); - if (i != 4) { + i = sscanf(tmp, "%lu %lu %lu", &start_code, &end_code, &start_stack); + if (i != 3) return -1; + + /* Skip the next 19 fields, column 45-51 are start_data to arg_end */ + for (i = 0; i < 19; i++) { + if (!tmp) + return -1; + tmp = strchr(tmp+1, ' '); } + if (!tmp) + return -1; + + i = sscanf(tmp, "%lu %lu %lu %lu %lu %lu %lu", + &start_data, + &end_data, + &start_brk, + &arg_start, + &arg_end, + &env_start, + &env_end); + if (i != 7) + return -1; + /* Include the null byte here, because in the calculations below we * want to have room for it. */ len = strlen(title) + 1; @@ -1386,6 +1418,7 @@ if (len > env_end - arg_start) { arg_end = env_end; len = env_end - arg_start; + title[len-1] = '\0'; } else { /* Only truncate the environment if we're actually going to * overwrite part of it. */ @@ -1402,12 +1435,30 @@ } - strcpy((char*)arg_start, title); + brk_val = syscall(__NR_brk, 0); + + prctl_map = (struct prctl_mm_map) { + .start_code = start_code, + .end_code = end_code, + .start_stack = start_stack, + .start_data = start_data, + .end_data = end_data, + .start_brk = start_brk, + .brk = brk_val, + .arg_start = arg_start, + .arg_end = arg_end, + .env_start = env_start, + .env_end = env_end, + .auxv = NULL, + .auxv_size = 0, + .exe_fd = -1, + }; - ret |= prctl(PR_SET_MM, PR_SET_MM_ARG_START, arg_start, 0, 0); - ret |= prctl(PR_SET_MM, PR_SET_MM_ARG_END, arg_end, 0, 0); - ret |= prctl(PR_SET_MM, PR_SET_MM_ENV_START, env_start, 0, 0); - ret |= prctl(PR_SET_MM, PR_SET_MM_ENV_END, env_end, 0, 0); + ret = prctl(PR_SET_MM, PR_SET_MM_MAP, (long) &prctl_map, sizeof(prctl_map), 0); + if (ret == 0) + strcpy((char*)arg_start, title); + else + SYSERROR("setting cmdline failed"); return ret; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/lxc-1.1.4/src/lxc/version.h new/lxc-1.1.5/src/lxc/version.h --- old/lxc-1.1.4/src/lxc/version.h 2015-10-06 16:18:38.000000000 +0200 +++ new/lxc-1.1.5/src/lxc/version.h 2015-11-09 17:26:24.000000000 +0100 @@ -25,7 +25,7 @@ #define LXC_VERSION_MAJOR 1 #define LXC_VERSION_MINOR 1 -#define LXC_VERSION_MICRO 4 -#define LXC_VERSION "1.1.4" +#define LXC_VERSION_MICRO 5 +#define LXC_VERSION "1.1.5" #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/lxc-1.1.4/templates/lxc-archlinux.in new/lxc-1.1.5/templates/lxc-archlinux.in --- old/lxc-1.1.4/templates/lxc-archlinux.in 2015-10-06 16:18:16.000000000 +0200 +++ new/lxc-1.1.5/templates/lxc-archlinux.in 2015-11-09 17:25:59.000000000 +0100 @@ -103,6 +103,10 @@ -e 's/After=dev-%i.device/After=/' \ < /lib/systemd/system/getty\@.service \ > /etc/systemd/system/getty\@.service +# fix systemd-sysctl service +sed -e 's/^ConditionPathIsReadWrite=\/proc\/sys\/$/ConditionPathIsReadWrite=\/proc\/sys\/net\//' \ + -e 's/^ExecStart=\/usr\/lib\/systemd\/systemd-sysctl$/ExecStart=\/usr\/lib\/systemd\/systemd-sysctl --prefix net/' \ + -i /usr/lib/systemd/system/systemd-sysctl.service # initialize pacman keyring pacman-key --init pacman-key --populate archlinux diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/lxc-1.1.4/templates/lxc-ubuntu-cloud.in new/lxc-1.1.5/templates/lxc-ubuntu-cloud.in --- old/lxc-1.1.4/templates/lxc-ubuntu-cloud.in 2015-10-06 16:18:16.000000000 +0200 +++ new/lxc-1.1.5/templates/lxc-ubuntu-cloud.in 2015-11-09 17:25:59.000000000 +0100 @@ -200,7 +200,7 @@ while true do case "$1" in - -h|--help) usage $0 && exit 0;; + -h|--help) usage $0 && exit 1;; -p|--path) path=$2; shift 2;; -n|--name) name=$2; shift 2;; -F|--flush-cache) flushcache=1; shift 1;; @@ -293,9 +293,9 @@ if ! url1=`ubuntu-cloudimg-query $release $stream $arch --format "%{url}\n"`; then echo "There is no download available for release=$release, stream=$stream, arch=$arch" [ "$stream" = "daily" ] || echo "You may try with '--stream=daily'" - exit + exit 1 fi - url2=`echo $url1 | sed -e 's/.tar.gz/-root\0/'` + url2=`echo $url1 | sed -e 's/.tar.gz/-root\0/' -e 's/.tar.gz/.tar.xz/'` fi filename=`basename $url2` @@ -305,44 +305,6 @@ rm -f $filename } -buildcleanup() -{ - cd $rootfs - umount -l $cache/$xdir || true - rm -rf $cache -} - -# if the release doesn't have a *-rootfs.tar.gz, then create one from the -# cloudimg.tar.gz by extracting the .img, mounting it loopback, and creating -# a tarball from the mounted image. -build_root_tgz() -{ - url=$1 - filename=$2 - - xdir=`mktemp -d -p .` - tarname=`basename $url` - imgname="$release-*-cloudimg-$arch.img" - trap buildcleanup EXIT SIGHUP SIGINT SIGTERM - if [ $flushcache -eq 1 -o ! -f $cache/$tarname ]; then - rm -f $tarname - echo "Downloading cloud image from $url" - wget $url || { echo "Couldn't find cloud image $url."; exit 1; } - fi - echo "Creating new cached cloud image rootfs" - tar --wildcards -zxf "$tarname" "$imgname" - mount -o loop $imgname $xdir - (cd $xdir; tar --numeric-owner -cpzf "../$filename" .) - umount $xdir - rm -f $tarname $imgname - rmdir $xdir - echo "New cloud image cache created" - trap EXIT - trap SIGHUP - trap SIGINT - trap SIGTERM -} - do_extract_rootfs() { cd $cache @@ -353,7 +315,7 @@ trap wgetcleanup EXIT SIGHUP SIGINT SIGTERM if [ ! -f $filename ]; then - wget $url2 || build_root_tgz $url1 $filename + wget $url2 fi trap EXIT trap SIGHUP @@ -364,10 +326,10 @@ mkdir -p $rootfs cd $rootfs if [ $in_userns -eq 1 ]; then - tar --anchored --exclude="dev/*" --numeric-owner -xpzf "$cache/$filename" + tar --anchored --exclude="dev/*" --numeric-owner -xpJf "$cache/$filename" mkdir -p $rootfs/dev/pts/ else - tar --numeric-owner -xpzf "$cache/$filename" + tar --numeric-owner -xpJf "$cache/$filename" fi }
