Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package lxd for openSUSE:Factory checked in at 2022-05-10 15:12:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/lxd (Old) and /work/SRC/openSUSE:Factory/.lxd.new.1538 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lxd" Tue May 10 15:12:42 2022 rev:42 rq:976038 version:5.1 Changes: -------- --- /work/SRC/openSUSE:Factory/lxd/lxd.changes 2021-12-13 20:50:35.200642225 +0100 +++ /work/SRC/openSUSE:Factory/.lxd.new.1538/lxd.changes 2022-05-10 15:13:01.071652289 +0200 @@ -1,0 +2,40 @@ +Thu May 5 04:27:43 UTC 2022 - Aleksa Sarai <asa...@suse.com> + +- Update to LXD 5.1. The full upstream changelog is available from: + https://discuss.linuxcontainers.org/t/lxd-5-1-has-been-released/13956 + boo#1199216 + + + Sysinfo system call interception + + lxc cluster role sub-command + * lxc storage volume info shows volume total size + + Configurable host network interface naming pattern + * Overrideable evacuation mode + * Setting profiles during an image copy +- Backport upstream patch to fix build on x32 systems. + + 0001-lxd-secommp-Fix-sysinfo-syscall-interception-on-32-b.patch +- Make CRIU a Recommends so that we can still use LXD on 32-bit openSUSE. + +------------------------------------------------------------------- +Thu May 5 03:31:24 UTC 2022 - Aleksa Sarai <asa...@suse.com> + +- Update to LXD 4.24. The full upstream changelog is available from: + https://discuss.linuxcontainers.org/t/lxd-4-24-has-been-released/13550 + boo#1199215 + + This is the last release before LXD 5.0 (which does not support the Leap 15.3 + kernel -- LXD 5.0 requires kernel 5.4 or newer). Thus this will be the last + LXD release for Leap 15.3. + + + lxc file mount and new files API + + Cluster event hub role + * Reworked lxc storage volume info + + AppArmor profiles for image extractors + + Grafana dashboard + + Degraded startup (missing disk) + + restricted.containers.interception project option + + core.metrics_authentication server option + + Network interface name and MTU in virtual machines + + I/O uring support for VM storage + + ipv4.neighbor_probe and ipv6.neighbor_probe NIC options + +------------------------------------------------------------------- Old: ---- lxd-4.21.tar.gz lxd-4.21.tar.gz.asc New: ---- 0001-lxd-secommp-Fix-sysinfo-syscall-interception-on-32-b.patch lxd-5.1.tar.gz lxd-5.1.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lxd.spec ++++++ --- /var/tmp/diff_new_pack.NKYbsv/_old 2022-05-10 15:13:02.115653605 +0200 +++ /var/tmp/diff_new_pack.NKYbsv/_new 2022-05-10 15:13:02.119653610 +0200 @@ -1,7 +1,7 @@ # # spec file for package lxd # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -34,7 +34,7 @@ %endif Name: lxd -Version: 4.21 +Version: 5.1 Release: 0 Summary: Container hypervisor based on LXC License: Apache-2.0 @@ -51,6 +51,8 @@ # Additional runtime configuration. Source200: %{name}.sysctl Source201: %{name}.dnsmasq +# OPENSUSE-UPSTREAM-FIX: Backport of <https://github.com/lxc/lxd/pull/10348>. +Patch1: 0001-lxd-secommp-Fix-sysinfo-syscall-interception-on-32-b.patch BuildRequires: fdupes BuildRequires: golang-packaging BuildRequires: libacl-devel @@ -61,19 +63,19 @@ BuildRequires: rsync BuildRequires: sqlite3-devel >= 3.25 BuildRequires: pkgconfig(libudev) -BuildRequires: pkgconfig(lxc) >= 3.0.0 +BuildRequires: pkgconfig(lxc) >= 4.0.0 # Due to a limitation in openSUSE's Go packaging we cannot have a BuildRequires -# for 'golang(API) >= 1.14' here, so just require 1.14 exactly. bsc#1172608 -BuildRequires: golang(API) = 1.15 +# for 'golang(API) >= 1.18' here, so just require 1.18 exactly. bsc#1172608 +BuildRequires: golang(API) = 1.18 # Needed to build dqlite and raft. BuildRequires: autoconf BuildRequires: libtool BuildRequires: pkgconfig(libuv) >= 1.8.0 +Requires: kernel-base >= 5.4 # Bits required for images and other things at runtime. Requires: acl Requires: ebtables BuildRequires: dnsmasq -Requires: criu >= 2.0 Requires: dnsmasq Requires: lxcfs Requires: lxcfs-hooks-lxc @@ -93,10 +95,10 @@ Requires: qemu-ui-spice-app %endif %ifarch %ix86 x86_64 -Requires: qemu-x86 +Requires: qemu-x86 >= 6.0 %endif %ifarch aarch64 %arm -Requires: qemu-arm +Requires: qemu-arm >= 6.0 %endif %endif # Storage backends -- we don't recommend ZFS since it's not *technically* a @@ -104,6 +106,9 @@ Recommends: lvm2 Recommends: btrfsprogs Recommends: thin-provisioning-tools +# CRIU is used for certain operations but is not necessary (and is no longer +# shipped on 32-bit openSUSE). +Recommends: criu >= 2.0 Suggests: zfs %description @@ -122,6 +127,8 @@ %prep %setup -q +# https://github.com/lxc/lxd/pull/10348 +%patch1 -p1 %build # Make sure any leftover go build caches are gone. ++++++ 0001-lxd-secommp-Fix-sysinfo-syscall-interception-on-32-b.patch ++++++ >From fd6845ddda3f80cdd24a8f94c42acce6bff0c41f Mon Sep 17 00:00:00 2001 From: Thomas Parrott <thomas.parr...@canonical.com> Date: Fri, 29 Apr 2022 11:12:48 +0100 Subject: [PATCH] lxd/secommp: Fix sysinfo syscall interception on 32 bit platforms Fixes #10347 Backport: <https://github.com/lxc/lxd/pull/10348> Signed-off-by: Thomas Parrott <thomas.parr...@canonical.com> --- lxd/seccomp/seccomp.go | 22 ++++++++++++++-------- lxd/seccomp/sysinfo.go | 13 +++++++++++++ lxd/seccomp/sysinfo_32.go | 19 +++++++++++++++++++ lxd/seccomp/sysinfo_64.go | 19 +++++++++++++++++++ 4 files changed, 65 insertions(+), 8 deletions(-) create mode 100644 lxd/seccomp/sysinfo.go create mode 100644 lxd/seccomp/sysinfo_32.go create mode 100644 lxd/seccomp/sysinfo_64.go diff --git a/lxd/seccomp/seccomp.go b/lxd/seccomp/seccomp.go index 03fee3c71a09..203d408a8286 100644 --- a/lxd/seccomp/seccomp.go +++ b/lxd/seccomp/seccomp.go @@ -1709,6 +1709,7 @@ func (s *Server) HandleSysinfoSyscall(c Instance, siov *Iovec) int { defer l.Debug("Handling sysinfo syscall") + // Pre-fill sysinfo struct with metrics from host system. info := unix.Sysinfo_t{} err := unix.Sysinfo(&info) if err != nil { @@ -1718,6 +1719,8 @@ func (s *Server) HandleSysinfoSyscall(c Instance, siov *Iovec) int { return 0 } + instMetrics := Sysinfo{} // Architecture independent place to hold instance metrics. + cg, err := cgroup.NewFileReadWriter(int(siov.msg.init_pid), liblxc.HasApiExtension("cgroup2")) if err != nil { l.Warn("Failed loading cgroup", logger.Ctx{"err": err, "pid": siov.msg.init_pid}) @@ -1735,7 +1738,7 @@ func (s *Server) HandleSysinfoSyscall(c Instance, siov *Iovec) int { return 0 } - info.Uptime = int64(time.Now().Sub(f.ModTime()).Seconds()) + instMetrics.Uptime = int64(time.Now().Sub(f.ModTime()).Seconds()) // Get instance process count. pids, err := cg.GetTotalProcesses() @@ -1746,7 +1749,7 @@ func (s *Server) HandleSysinfoSyscall(c Instance, siov *Iovec) int { return 0 } - info.Procs = uint16(pids) + instMetrics.Procs = uint16(pids) // Get instance memory stats. memStats, err := cg.GetMemoryStats() @@ -1760,9 +1763,9 @@ func (s *Server) HandleSysinfoSyscall(c Instance, siov *Iovec) int { for k, v := range memStats { switch k { case "shmem": - info.Sharedram = v + instMetrics.Sharedram = v case "cache": - info.Bufferram = v + instMetrics.Bufferram = v } } @@ -1784,8 +1787,8 @@ func (s *Server) HandleSysinfoSyscall(c Instance, siov *Iovec) int { return 0 } - info.Totalram = uint64(memoryLimit) - info.Freeram = info.Totalram - uint64(memoryUsage) - info.Bufferram + instMetrics.Totalram = uint64(memoryLimit) + instMetrics.Freeram = instMetrics.Totalram - uint64(memoryUsage) - instMetrics.Bufferram // Get instance swap info. if s.s.OS.CGInfo.Supports(cgroup.MemorySwapUsage, cg) { @@ -1805,14 +1808,17 @@ func (s *Server) HandleSysinfoSyscall(c Instance, siov *Iovec) int { return 0 } - info.Totalswap = uint64(swapLimit) - info.Freeswap = info.Totalswap - uint64(swapUsage) + instMetrics.Totalswap = uint64(swapLimit) + instMetrics.Freeswap = instMetrics.Totalswap - uint64(swapUsage) } // Get writable pointer to buffer of sysinfo syscall result. const sz = int(unsafe.Sizeof(info)) var b []byte = (*(*[sz]byte)(unsafe.Pointer(&info)))[:] + // Write instance metrics to native sysinfo struct. + instMetrics.ToNative(&info) + // Write sysinfo response into buffer. _, err = unix.Pwrite(siov.memFd, b, int64(siov.req.data.args[0])) if err != nil { diff --git a/lxd/seccomp/sysinfo.go b/lxd/seccomp/sysinfo.go new file mode 100644 index 000000000000..b255894af26e --- /dev/null +++ b/lxd/seccomp/sysinfo.go @@ -0,0 +1,13 @@ +package seccomp + +// Sysinfo architecture independent sysinfo struct. +type Sysinfo struct { + Uptime int64 + Totalram uint64 + Freeram uint64 + Sharedram uint64 + Bufferram uint64 + Totalswap uint64 + Freeswap uint64 + Procs uint16 +} diff --git a/lxd/seccomp/sysinfo_32.go b/lxd/seccomp/sysinfo_32.go new file mode 100644 index 000000000000..e52808300dd0 --- /dev/null +++ b/lxd/seccomp/sysinfo_32.go @@ -0,0 +1,19 @@ +//go:build 386 || arm || ppc || s390 || mips || mipsle + +package seccomp + +import ( + "golang.org/x/sys/unix" +) + +// ToNative fills fields from s into native fields. +func (s *Sysinfo) ToNative(n *unix.Sysinfo_t) { + n.Bufferram = uint32(s.Bufferram) + n.Freeram = uint32(s.Freeram) + n.Freeswap = uint32(s.Freeswap) + n.Procs = s.Procs + n.Sharedram = uint32(s.Sharedram) + n.Totalram = uint32(s.Totalram) + n.Totalswap = uint32(s.Totalswap) + n.Uptime = int32(s.Uptime) +} diff --git a/lxd/seccomp/sysinfo_64.go b/lxd/seccomp/sysinfo_64.go new file mode 100644 index 000000000000..84383b1c5a86 --- /dev/null +++ b/lxd/seccomp/sysinfo_64.go @@ -0,0 +1,19 @@ +//go:build amd64 || ppc64 || ppc64le || arm64 || s390x || mips64 || mips64le || riscv64 + +package seccomp + +import ( + "golang.org/x/sys/unix" +) + +// ToNative fills fields from s into native fields. +func (s *Sysinfo) ToNative(n *unix.Sysinfo_t) { + n.Bufferram = s.Bufferram + n.Freeram = s.Freeram + n.Freeswap = s.Freeswap + n.Procs = s.Procs + n.Sharedram = s.Sharedram + n.Totalram = s.Totalram + n.Totalswap = s.Totalswap + n.Uptime = s.Uptime +} -- 2.35.1 ++++++ lxd-4.21.tar.gz -> lxd-5.1.tar.gz ++++++ /work/SRC/openSUSE:Factory/lxd/lxd-4.21.tar.gz /work/SRC/openSUSE:Factory/.lxd.new.1538/lxd-5.1.tar.gz differ: char 12, line 1
