commit lxc for openSUSE:Factory

Tue, 06 May 2025 07:42:56 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package lxc for openSUSE:Factory checked in 
at 2025-05-06 16:41:13
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/lxc (Old)
 and      /work/SRC/openSUSE:Factory/.lxc.new.30101 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "lxc"

Tue May  6 16:41:13 2025 rev:112 rq:1274696 version:6.0.4

Changes:
--------
--- /work/SRC/openSUSE:Factory/lxc/lxc.changes  2025-04-11 16:49:41.422567975 
+0200
+++ /work/SRC/openSUSE:Factory/.lxc.new.30101/lxc.changes       2025-05-06 
16:41:23.408081162 +0200
@@ -1,0 +2,6 @@
+Mon May  5 19:08:19 UTC 2025 - Richard Rahl <rra...@opensuse.org>
+
+- fix apparmor according to https://github.com/lxc/lxc/pull/4536
+  fix-apparmor.patch
+
+-------------------------------------------------------------------

New:
----
  fix-apparmor.patch

BETA DEBUG BEGIN:
  New:- fix apparmor according to https://github.com/lxc/lxc/pull/4536
  fix-apparmor.patch
BETA DEBUG END:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ lxc.spec ++++++
--- /var/tmp/diff_new_pack.VGf90Z/_old  2025-05-06 16:41:24.928145118 +0200
+++ /var/tmp/diff_new_pack.VGf90Z/_new  2025-05-06 16:41:24.932145286 +0200
@@ -29,6 +29,7 @@
 Source2:        %{name}.keyring
 Source3:        lxc-createconfig.in
 Source90:       openSUSE-apparmor.conf
+Patch0:         
https://github.com/lxc/lxc/commit/2663712e8fa8f37e0bb873185e2d4526dc644764.patch#/fix-apparmor.patch
 BuildRequires:  bash-completion
 BuildRequires:  cmake
 BuildRequires:  docbook2x

++++++ fix-apparmor.patch ++++++
>From 2663712e8fa8f37e0bb873185e2d4526dc644764 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgra...@stgraber.org>
Date: Sat, 5 Apr 2025 01:11:18 -0400
Subject: [PATCH] start: Re-introduce first SET_DUMPABLE call
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Without it, we're running into issues with complex hooks like nvidia.

Signed-off-by: Stéphane Graber <stgra...@stgraber.org>
---
 src/lxc/start.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/lxc/start.c b/src/lxc/start.c
index f28bceaba6..ee4bf4003b 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -1125,6 +1125,11 @@ static int do_start(void *data)
                if (!lxc_switch_uid_gid(nsuid, nsgid))
                        goto out_warn_father;
 
+               ret = prctl(PR_SET_DUMPABLE, prctl_arg(1), prctl_arg(0),
+                           prctl_arg(0), prctl_arg(0));
+               if (ret < 0)
+                       goto out_warn_father;
+
                /* set{g,u}id() clears deathsignal */
                ret = lxc_set_death_signal(SIGKILL, handler->monitor_pid, 
status_fd);
                if (ret < 0) {

Reply via email to