Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package lxc for openSUSE:Factory checked in at 2022-10-30 18:29:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/lxc (Old) and /work/SRC/openSUSE:Factory/.lxc.new.2275 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lxc" Sun Oct 30 18:29:14 2022 rev:103 rq:1032317 version:5.0.1 Changes: -------- --- /work/SRC/openSUSE:Factory/lxc/lxc.changes 2022-10-23 16:33:25.343303364 +0200 +++ /work/SRC/openSUSE:Factory/.lxc.new.2275/lxc.changes 2022-10-30 18:29:38.830647381 +0100 @@ -1,0 +2,29 @@ +Fri Oct 28 12:30:43 UTC 2022 - Aleksa Sarai <asa...@suse.com> + +- Update to LXC 5.0.1. boo#1204842 + Bugfixes: + * Fixed a mount issue resulting in container startup failure when host + bind-mounts were used + * Various meson packaging fixes especially around libcap detection + Major changes from LXC 5.0: + * Switch to meson build tooling. + * New cgroup configuration options. + * Time namespace support. + * VLAN support on veth devices. + * Configurable tx/rx queues on veth devices. +- Remove all of the missing_setuid warning logic -- all modern openSUSE + versions have the necessary permissions configuration and thus we don't need + to handle this case anymore. +- Backport <https://github.com/lxc/lxc/pull/4215> in order to fix the build on + openSUSE: + + OPENSUSE-0001-meson.build-allow-explicit-distrosysconfdir.patch + + OPENSUSE-0002-build-detect-where-struct-mount_attr-is-declared.patch + + OPENSUSE-0003-build-detect-sys-pidfd.h-availability.patch + + OPENSUSE-0004-cgroups-fix-Waddress-warning.patch + + OPENSUSE-0005-build-fix-handling-of-dependancies-to-fix-build-on-o.patch + + OPENSUSE-0006-build-only-build-init.lxc.static-if-libcap-is-static.patch + + OPENSUSE-0007-build-drop-build-time-systemd-dependency.patch +- Remove no longer needed backports: + - 0001-Backport-Commit-build-detect-where-struct-mount_attr.patch + +------------------------------------------------------------------- Old: ---- 0001-Backport-Commit-build-detect-where-struct-mount_attr.patch lxc-4.0.12.tar.gz lxc-4.0.12.tar.gz.asc missing_setuid.txt.in New: ---- OPENSUSE-0001-meson.build-allow-explicit-distrosysconfdir.patch OPENSUSE-0002-build-detect-where-struct-mount_attr-is-declared.patch OPENSUSE-0003-build-detect-sys-pidfd.h-availability.patch OPENSUSE-0004-cgroups-fix-Waddress-warning.patch OPENSUSE-0005-build-fix-handling-of-dependancies-to-fix-build-on-o.patch OPENSUSE-0006-build-only-build-init.lxc.static-if-libcap-is-static.patch OPENSUSE-0007-build-drop-build-time-systemd-dependency.patch lxc-5.0.1.tar.gz lxc-5.0.1.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lxc.spec ++++++ --- /var/tmp/diff_new_pack.PJSmvw/_old 2022-10-30 18:29:39.298649911 +0100 +++ /var/tmp/diff_new_pack.PJSmvw/_new 2022-10-30 18:29:39.302649932 +0100 @@ -1,7 +1,7 @@ # # spec file for package lxc # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,21 +21,9 @@ %define _sharedstatedir /var/lib %endif -# In later versions of openSUSE's permissions config, lxc-user-nic was -# whitelisted with a setuid bit enabled -- but in order to allow building on -# old distros we must not make it setuid on pre-15.1 distros. See bsc#988348. -%if 0%{suse_version} <= 1500 && 0%{?sle_version} < 150100 -%define old_permissions 1 -%endif -%define setuid_mode 0%{!?old_permissions:4}750 - -# XXX: Really should be included (in some form) in standard openSUSE macros. -# suse_install_update_message is useless for subpackages. -%define _updatemessagedir /var/adm/update-messages - %define shlib_version 1 Name: lxc -Version: 4.0.12 +Version: 5.0.1 Release: 0 URL: http://linuxcontainers.org/ Summary: Userspace tools for Linux kernel containers @@ -46,24 +34,31 @@ Source2: %{name}.keyring Source3: lxc-createconfig.in Source90: openSUSE-apparmor.conf -Source91: missing_setuid.txt.in -Patch0: 0001-Backport-Commit-build-detect-where-struct-mount_attr.patch -BuildRequires: automake +# Backport of <https://github.com/lxc/lxc/pull/4215>. +Patch10: OPENSUSE-0001-meson.build-allow-explicit-distrosysconfdir.patch +Patch11: OPENSUSE-0002-build-detect-where-struct-mount_attr-is-declared.patch +Patch12: OPENSUSE-0003-build-detect-sys-pidfd.h-availability.patch +Patch13: OPENSUSE-0004-cgroups-fix-Waddress-warning.patch +Patch14: OPENSUSE-0005-build-fix-handling-of-dependancies-to-fix-build-on-o.patch +Patch15: OPENSUSE-0006-build-only-build-init.lxc.static-if-libcap-is-static.patch +Patch16: OPENSUSE-0007-build-drop-build-time-systemd-dependency.patch +BuildRequires: bash-completion +BuildRequires: cmake +BuildRequires: docbook2x +BuildRequires: fdupes BuildRequires: gcc +BuildRequires: gcc-c++ BuildRequires: libapparmor-devel BuildRequires: libcap-devel BuildRequires: libgnutls-devel +BuildRequires: libseccomp-devel BuildRequires: libselinux-devel BuildRequires: libtool +BuildRequires: libxslt +BuildRequires: meson >= 0.61 BuildRequires: pam-devel BuildRequires: pkg-config -BuildRequires: libseccomp-devel -BuildRequires: bash-completion -BuildRequires: docbook-utils -BuildRequires: docbook2x -BuildRequires: fdupes -BuildRequires: libxslt -BuildRequires: pkgconfig(systemd) +BuildRequires: systemd-devel Requires: libcap-progs Requires: lxcfs Requires: lxcfs-hooks-lxc @@ -126,105 +121,82 @@ %description bash-completion Bash command line completion support for %{name}. +%package ja-doc +Summary: Japanese documentation for %{name} +License: LGPL-2.1-or-later +Group: System/Management +Requires: %{name} = %{version} +BuildArch: noarch + +%description ja-doc +Japanese language man pages for %{name}. + +%package ko-doc +Summary: Korean documentation for %{name} +License: LGPL-2.1-or-later +Group: System/Management +Requires: %{name} = %{version} +BuildArch: noarch + +%description ko-doc +Korean language man pages for %{name}. + %prep -%setup -%patch0 -p1 +%autosetup -p1 %build -./autogen.sh -%configure \ - --enable-pam \ - --enable-seccomp \ -%if 0%{?is_opensuse} && 0%{?suse_version} >= 1500 - --with-pamdir=%_pam_moduledir \ -%endif - --disable-static \ - --disable-examples \ - --disable-rpath \ - --disable-werror \ - --with-init-script=systemd \ - --with-systemdsystemunitdir=%{_unitdir} -make %{?_smp_mflags} - -# Ensure that shlib_version was correct. -lxc_api_version="$(echo "@LXC_ABI_MAJOR@" | ./config.status --file -)" -[ "$lxc_api_version" = "%{shlib_version}" ] +%meson \ + -D examples=false \ + -D tests=false \ + -D init-script=systemd \ + -D systemd-unitdir=%{_unitdir} \ + -D distrosysconfdir=default \ + -D pam-cgroup=true \ + -D runtime-path=%{_rundir} \ + %{nil} +%meson_build # openSUSE-specific templated files. -./config.status --file=lxc-createconfig:%{S:3} -./config.status --file=missing_setuid.txt:%{S:91} - -# Add an additional warning header if the distro is old enough that -# /etc/permissions should already be whitelisting lxc-user-nic. -%if ! 0%{?old_permissions} -patch missing_setuid.txt <<EOF ---- a/missing_setuid.txt -+++ b/missing_setuid.txt -@@ -0,0 +1,4 @@ -+NOTE: It appears you are running on a new-enough distribution that this warning -+ should not have appeared. If you are not using a "paranoid" profile, -+ please report this as a bug using <https://bugs.opensuse.org/>. -+ -EOF -%endif +# TODO: Switch this be done properly with meson (unfortunately meson doesn't +# have an equivalent to "config.status --file" (which lets you do variable +# replacement on arbitray files not included in the project config). +sed -i 's|@LXCTEMPLATEDIR@|%{_datadir}/lxc/templates|g' %{S:3} %install -%make_install +%meson_install install -d -m 0755 %{buildroot}%{_sharedstatedir}/%{name} # openSUSE-specific helpers and configuration. -install -D -m 0755 lxc-createconfig %{buildroot}%{_bindir}/lxc-createconfig +install -D -m 0755 %{S:3} %{buildroot}%{_bindir}/lxc-createconfig install -D -m 0644 %{S:90} %{buildroot}%{_datadir}/%{name}/config/common.conf.d/30-openSUSE-apparmor.conf # sysv-init compat wrappers. ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}-net -# Install bash-completion. Note that we have to install a symlink for every -# lxc-* command because bash-completion relies on the binary name to pick the -# bash-completion script. -install -D -m 0644 config/bash/lxc %{buildroot}%{_datadir}/bash-completion/completions/_%{name} -for bin in $(find src/lxc/lxc-* -executable -print0 | xargs -n1 -0 basename) -do - ln -s "_%{name}" "%{buildroot}%{_datadir}/bash-completion/completions/$bin" -done -# lxc installs bash-completion to the wrong location. -rm -f %{buildroot}%{_sysconfdir}/bash_completion.d/%{name}* - # Clean up. find %{buildroot} -type f -name '*.la' -delete +find %{buildroot} -type f -name '*.a' -delete %fdupes %{buildroot} %pre -%service_add_pre lxc@.service lxc.service lxc-net.service +%service_add_pre lxc@.service lxc.service lxc-net.service lxc-monitord.service %post #restart_on_update apparmor - but non-broken (bnc#853019) systemctl is-active -q apparmor && systemctl reload apparmor ||: -%service_add_post lxc@.service lxc.service lxc-net.service +%service_add_post lxc@.service lxc.service lxc-net.service lxc-monitord.service %preun -%service_del_preun lxc@.service lxc.service lxc-net.service +%service_del_preun lxc@.service lxc.service lxc-net.service lxc-monitord.service %postun -%service_del_postun lxc@.service lxc.service lxc-net.service +%service_del_postun lxc@.service lxc.service lxc-net.service lxc-monitord.service %post -n liblxc%{shlib_version} /sbin/ldconfig %set_permissions %{_libexecdir}/%{name}/lxc-user-nic -# Remove any existing update messages if we're reinstalling. I'm a bit -# surprised this isn't done automatically. We don't do this on postun because -# we should keep around past package update messages. -[ "$1" -gt 1 ] && \ - find %{_updatemessagedir} -xtype f \ - -name 'liblxc%{shlib_version}-%{version}-%{release}-*.txt' -delete - -# If lxc-user-nic doesn't have setuid we need to copy the update-message. -[ -u %{_libexecdir}/%{name}/lxc-user-nic ] || - cp %{_defaultdocdir}/liblxc%{shlib_version}/missing_setuid.txt \ - %{_updatemessagedir}/liblxc%{shlib_version}-%{version}-%{release}-missing_setuid.txt - %postun -n liblxc%{shlib_version} -p /sbin/ldconfig %verifyscript -n liblxc%{shlib_version} @@ -246,9 +218,7 @@ %{_sbindir}/rclxc %{_sbindir}/rclxc-net %{_mandir}/man[^3]/* -%{_unitdir}/%{name}.service -%{_unitdir}/%{name}-net.service -%{_unitdir}/%{name}@.service +%{_unitdir}/%{name}*.service # AppArmor profiles specifically for the lxc binaries. %config %{_sysconfdir}/apparmor.d/usr.bin.lxc-* @@ -278,7 +248,7 @@ %dir %{_sharedstatedir}/%{name} %{_libexecdir}/%{name}/ # Make sure lxc-user-nic has the right mode. -%attr(%{setuid_mode},root,kvm) %{_libexecdir}/%{name}/lxc-user-nic +%attr(04750,root,kvm) %{_libexecdir}/%{name}/lxc-user-nic # AppArmor profiles and templates related to LXC. %dir %{_sysconfdir}/apparmor.d/lxc @@ -287,11 +257,6 @@ %config %{_sysconfdir}/apparmor.d/lxc-* %config %{_sysconfdir}/apparmor.d/lxc/* -# In order to avoid fun issues with update-messages we store update-messages in -# docdir and then copy them in post to /var/adm/update-messages if it makes -# sense. -%doc missing_setuid.txt - %files -n liblxc-devel %defattr(-,root,root) %{_libdir}/lib%{name}.so @@ -302,4 +267,12 @@ %defattr(-,root,root) %{_datadir}/bash-completion/ +%files ja-doc +%defattr(-,root,root) +%{_mandir}/ja/ + +%files ko-doc +%defattr(-,root,root) +%{_mandir}/ko/ + %changelog ++++++ OPENSUSE-0001-meson.build-allow-explicit-distrosysconfdir.patch ++++++ >From 5313e50484c1f00d588dfbf108113a272784cff2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?= <congdan...@gmail.com> Date: Tue, 9 Aug 2022 22:24:09 +0700 Subject: [PATCH 1/7] meson.build: allow explicit distrosysconfdir MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Allows either: - Build inside minimal-and-clean chroot with neither /etc/sysconfig nor /etc/default available. - Cross Compile lxc from foreign distro, let's say host distro uses /etc/sysconfig and build distro uses /etc/default and vice versus. Signed-off-by: ??o??n Tr???n C??ng Danh <congdan...@gmail.com> --- meson.build | 8 ++++++-- meson_options.txt | 3 +++ 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/meson.build b/meson.build index 5d1bb36c12d2..95bf22372891 100644 --- a/meson.build +++ b/meson.build @@ -117,14 +117,18 @@ conf.set('SYSCONFDIR', sysconfdir) # Set sysconfdir fs = import('fs') -if fs.is_dir('/etc/sysconfig') +distrosysconfdir = get_option('distrosysconfdir') +if distrosysconfdir != '' + distrosysconfdir = join_paths(sysconfdir, distrosysconfdir) + conf.set('LXC_DISTRO_SYSCONF', distrosysconfdir) +elif fs.is_dir('/etc/sysconfig') distrosysconfdir = join_paths(sysconfdir, 'sysconfig') conf.set('LXC_DISTRO_SYSCONF', distrosysconfdir) elif fs.is_dir('/etc/default') distrosysconfdir = join_paths(sysconfdir, 'default') conf.set('LXC_DISTRO_SYSCONF', distrosysconfdir) else - distrosysconfdir = '' + error('"distrosysconfdir" is not set') endif # Cross-compile on Android. diff --git a/meson_options.txt b/meson_options.txt index 801ba4175c1d..7aefa2bd2e5b 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -112,3 +112,6 @@ option('thread-safety', type : 'boolean', value : 'true', # was --{disable,enable}-memfd-rexec in autotools option('memfd-rexec', type : 'boolean', value : 'true', description : 'whether to rexec the lxc-attach binary when attaching to a container') + +option('distrosysconfdir', type : 'string', value: '', + description: 'relative path to sysconfdir for distro default configuration') -- 2.38.0 ++++++ OPENSUSE-0002-build-detect-where-struct-mount_attr-is-declared.patch ++++++ >From b7b269680f4a773a54b274d7fbd1140fc32e1935 Mon Sep 17 00:00:00 2001 From: Christian Brauner <brau...@kernel.org> Date: Tue, 9 Aug 2022 16:14:25 +0200 Subject: [PATCH 2/7] build: detect where struct mount_attr is declared Fixes: #4176 Signed-off-by: Christian Brauner (Microsoft) <christian.brau...@ubuntu.com> --- meson.build | 30 ++++++++++++++++++++++++++++-- src/lxc/conf.c | 6 +++--- src/lxc/conf.h | 2 +- src/lxc/mount_utils.c | 6 +++--- src/lxc/syscall_wrappers.h | 12 ++++++++++-- 5 files changed, 45 insertions(+), 11 deletions(-) diff --git a/meson.build b/meson.build index 95bf22372891..735fca25622e 100644 --- a/meson.build +++ b/meson.build @@ -593,7 +593,6 @@ decl_headers = ''' foreach decl: [ '__aligned_u64', 'struct clone_args', - 'struct mount_attr', 'struct open_how', 'struct rtnl_link_stats64', ] @@ -613,7 +612,6 @@ foreach tuple: [ ['struct seccomp_notif_sizes'], ['struct clone_args'], ['__aligned_u64'], - ['struct mount_attr'], ['struct open_how'], ['struct rtnl_link_stats64'], ] @@ -633,6 +631,34 @@ foreach tuple: [ endif endforeach +## Types. +decl_headers = ''' +#include <sys/mount.h> +''' + +# We get -1 if the size cannot be determined +if cc.sizeof('struct mount_attr', prefix: decl_headers, args: '-D_GNU_SOURCE') > 0 + srcconf.set10('HAVE_' + 'struct mount_attr'.underscorify().to_upper(), true) + found_types += 'struct mount_attr (sys/mount.h)' +else + srcconf.set10('HAVE_' + 'struct mount_attr'.underscorify().to_upper(), false) + missing_types += 'struct mount_attr (sys/mount.h)' +endif + +## Types. +decl_headers = ''' +#include <linux/mount.h> +''' + +# We get -1 if the size cannot be determined +if cc.sizeof('struct mount_attr', prefix: decl_headers, args: '-D_GNU_SOURCE') > 0 + srcconf.set10('HAVE_UAPI_' + 'struct mount_attr'.underscorify().to_upper(), true) + found_types += 'struct mount_attr (linux/mount.h)' +else + srcconf.set10('HAVE_UAPI_' + 'struct mount_attr'.underscorify().to_upper(), false) + missing_types += 'struct mount_attr (linux/mount.h)' +endif + ## Headers. foreach ident: [ ['bpf', '''#include <sys/syscall.h> diff --git a/src/lxc/conf.c b/src/lxc/conf.c index ffbe74c2f6cb..4193cd07f52e 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -2885,7 +2885,7 @@ static int __lxc_idmapped_mounts_child(struct lxc_handler *handler, FILE *f) struct lxc_mount_options opts = {}; int dfd_from; const char *source_relative, *target_relative; - struct lxc_mount_attr attr = {}; + struct mount_attr attr = {}; ret = parse_lxc_mount_attrs(&opts, mntent.mnt_opts); if (ret < 0) @@ -3005,7 +3005,7 @@ static int __lxc_idmapped_mounts_child(struct lxc_handler *handler, FILE *f) /* Set propagation mount options. */ if (opts.attr.propagation) { - attr = (struct lxc_mount_attr) { + attr = (struct mount_attr) { .propagation = opts.attr.propagation, }; @@ -4109,7 +4109,7 @@ int lxc_idmapped_mounts_parent(struct lxc_handler *handler) for (;;) { __do_close int fd_from = -EBADF, fd_userns = -EBADF; - struct lxc_mount_attr attr = {}; + struct mount_attr attr = {}; struct lxc_mount_options opts = {}; ssize_t ret; diff --git a/src/lxc/conf.h b/src/lxc/conf.h index 7dc2f15b603c..772479f9e1be 100644 --- a/src/lxc/conf.h +++ b/src/lxc/conf.h @@ -223,7 +223,7 @@ struct lxc_mount_options { unsigned long mnt_flags; unsigned long prop_flags; char *data; - struct lxc_mount_attr attr; + struct mount_attr attr; char *raw_options; }; diff --git a/src/lxc/mount_utils.c b/src/lxc/mount_utils.c index bba75f933cc9..88dd73ee36b2 100644 --- a/src/lxc/mount_utils.c +++ b/src/lxc/mount_utils.c @@ -31,7 +31,7 @@ lxc_log_define(mount_utils, lxc); * setting in @attr_set, but must also specify MOUNT_ATTR__ATIME in the * @attr_clr field. */ -static inline void set_atime(struct lxc_mount_attr *attr) +static inline void set_atime(struct mount_attr *attr) { switch (attr->attr_set & MOUNT_ATTR__ATIME) { case MOUNT_ATTR_RELATIME: @@ -272,7 +272,7 @@ int create_detached_idmapped_mount(const char *path, int userns_fd, { __do_close int fd_tree_from = -EBADF; unsigned int open_tree_flags = OPEN_TREE_CLONE | OPEN_TREE_CLOEXEC; - struct lxc_mount_attr attr = { + struct mount_attr attr = { .attr_set = MOUNT_ATTR_IDMAP | attr_set, .attr_clr = attr_clr, .userns_fd = userns_fd, @@ -335,7 +335,7 @@ int __fd_bind_mount(int dfd_from, const char *path_from, __u64 o_flags_from, __u64 attr_clr, __u64 propagation, int userns_fd, bool recursive) { - struct lxc_mount_attr attr = { + struct mount_attr attr = { .attr_set = attr_set, .attr_clr = attr_clr, .propagation = propagation, diff --git a/src/lxc/syscall_wrappers.h b/src/lxc/syscall_wrappers.h index a5e98b565cb6..c8a7d0c7b700 100644 --- a/src/lxc/syscall_wrappers.h +++ b/src/lxc/syscall_wrappers.h @@ -18,6 +18,12 @@ #include "macro.h" #include "syscall_numbers.h" +#if HAVE_STRUCT_MOUNT_ATTR +#include <sys/mount.h> +#elif HAVE_UAPI_STRUCT_MOUNT_ATTR +#include <linux/mount.h> +#endif + #ifdef HAVE_LINUX_MEMFD_H #include <linux/memfd.h> #endif @@ -210,16 +216,18 @@ extern int fsmount(int fs_fd, unsigned int flags, unsigned int attr_flags); /* * mount_setattr() */ -struct lxc_mount_attr { +#if !HAVE_STRUCT_MOUNT_ATTR && !HAVE_UAPI_STRUCT_MOUNT_ATTR +struct mount_attr { __u64 attr_set; __u64 attr_clr; __u64 propagation; __u64 userns_fd; }; +#endif #if !HAVE_MOUNT_SETATTR static inline int mount_setattr(int dfd, const char *path, unsigned int flags, - struct lxc_mount_attr *attr, size_t size) + struct mount_attr *attr, size_t size) { return syscall(__NR_mount_setattr, dfd, path, flags, attr, size); } -- 2.38.0 ++++++ OPENSUSE-0003-build-detect-sys-pidfd.h-availability.patch ++++++ >From e510d6bd870c15fc509477343cb1268b9726caa6 Mon Sep 17 00:00:00 2001 From: Christian Brauner <brau...@kernel.org> Date: Tue, 9 Aug 2022 16:27:40 +0200 Subject: [PATCH 3/7] build: detect sys/pidfd.h availability Fixes: #4176 Signed-off-by: Christian Brauner (Microsoft) <christian.brau...@ubuntu.com> --- meson.build | 1 + src/lxc/process_utils.h | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/meson.build b/meson.build index 735fca25622e..c804b6f6ac6a 100644 --- a/meson.build +++ b/meson.build @@ -738,6 +738,7 @@ foreach tuple: [ ['sys/resource.h'], ['sys/memfd.h'], ['sys/personality.h'], + ['sys/pidfd.h'], ['sys/signalfd.h'], ['sys/timerfd.h'], ['pty.h'], diff --git a/src/lxc/process_utils.h b/src/lxc/process_utils.h index 9c15b15741b9..ed84741d0e45 100644 --- a/src/lxc/process_utils.h +++ b/src/lxc/process_utils.h @@ -15,6 +15,10 @@ #include <sys/syscall.h> #include <unistd.h> +#if HAVE_SYS_PIDFD_H +#include <sys/pidfd.h> +#endif + #include "compiler.h" #include "syscall_numbers.h" @@ -136,9 +140,11 @@ #endif /* waitid */ +#if !HAVE_SYS_PIDFD_H #ifndef P_PIDFD #define P_PIDFD 3 #endif +#endif #ifndef CLONE_ARGS_SIZE_VER0 #define CLONE_ARGS_SIZE_VER0 64 /* sizeof first published struct */ -- 2.38.0 ++++++ OPENSUSE-0004-cgroups-fix-Waddress-warning.patch ++++++ >From 2a9743bba63903b66331b0b90fe2c25784585b89 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai <cyp...@cyphar.com> Date: Fri, 28 Oct 2022 12:27:57 +1100 Subject: [PATCH 4/7] cgroups: fix -Waddress warning MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit While in principle the pointer could overflow, GCC 12 considers this to not be possible and issues the following warning: ../src/lxc/cgroups/cgfsng.c: In function ???__cgfsng_delegate_controllers???: ../src/lxc/cgroups/cgfsng.c:3306:21: warning: the comparison will always evaluate as ???true??? for the pointer operand in ???it + 8??? must not be NULL [-Waddress] 3306 | if ((it + 1) && *(it + 1)) | ^ This removes the only build warning triggered when building on openSUSE. Signed-off-by: Aleksa Sarai <cyp...@cyphar.com> --- src/lxc/cgroups/cgfsng.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c index ee4fc052fd61..0c70095b1e1a 100644 --- a/src/lxc/cgroups/cgfsng.c +++ b/src/lxc/cgroups/cgfsng.c @@ -3302,7 +3302,7 @@ static bool __cgfsng_delegate_controllers(struct cgroup_ops *ops, const char *cg (void)strlcat(add_controllers, "+", full_len + 1); (void)strlcat(add_controllers, *it, full_len + 1); - if ((it + 1) && *(it + 1)) + if (*(it + 1)) (void)strlcat(add_controllers, " ", full_len + 1); } @@ -3755,7 +3755,7 @@ static int __initialize_cgroups(struct cgroup_ops *ops, bool relative, * from the layout bitmask we created when parsing the cgroups. * * Keep the ordering in the switch otherwise the bistmask-based - * matching won't work. + * matching won't work. */ if (ops->cgroup_layout == CGROUP_LAYOUT_UNKNOWN) { switch (layout_mask) { -- 2.38.0 ++++++ OPENSUSE-0005-build-fix-handling-of-dependancies-to-fix-build-on-o.patch ++++++ >From 062c2d9803074c62e801f61d4957bbefa1e9398a Mon Sep 17 00:00:00 2001 From: Aleksa Sarai <cyp...@cyphar.com> Date: Fri, 28 Oct 2022 12:38:20 +1100 Subject: [PATCH 5/7] build: fix handling of dependancies to fix build on openSUSE Among other things, openSUSE places seccomp.h inside a non-default include directory (/usr/include/seccomp/seccomp.h) which revealed several issues with how dependencies were being handled previously. The most notable issue is that the include cflags of our build dependencies were not being provided to the recipes for static executables (yet they still expected access to the dependency headers). This also involved a minor cleanup of how these dependencies are collected, and added liburing to the set of private pkg-config libs (which I assume was an oversight?). Signed-off-by: Aleksa Sarai <cyp...@cyphar.com> --- meson.build | 84 +++++++++++++++++++---------------------- src/lxc/cmd/meson.build | 2 +- src/lxc/meson.build | 2 +- 3 files changed, 40 insertions(+), 48 deletions(-) diff --git a/meson.build b/meson.build index c804b6f6ac6a..0765c9b02cd3 100644 --- a/meson.build +++ b/meson.build @@ -22,6 +22,9 @@ cc = meson.get_compiler('c') pkgconfig = import('pkgconfig') pkgconfig_libs = [] +liblxc_dependencies = [] +oss_fuzz_dependencies = [] + # Version. liblxc_version = '1.7.0' version_data = configuration_data() @@ -254,6 +257,8 @@ if want_io_uring if cc.has_function('io_uring_prep_poll_add', prefix: '#include <liburing.h>', dependencies: liburing) == false error('liburing version does not support IORING_POLL_ADD_MULTI') endif + pkgconfig_libs += liburing + liblxc_dependencies += liburing srcconf.set10('HAVE_LIBURING', true) else @@ -289,7 +294,7 @@ if not want_sd_bus.disabled() has_sd_bus = false endif - if not cc.has_function('sd_bus_call_method_asyncv', prefix: '#include <systemd/sd-bus.h>', dependencies: libsystemd) + if not cc.has_function('sd_bus_call_method_asyncv', prefix: '#include <systemd/sd-bus.h>', dependencies: libsystemd) if not sd_bus_optional error('libsystemd misses required sd_bus_call_method_asyncv function') endif @@ -297,6 +302,13 @@ if not want_sd_bus.disabled() has_sd_bus = false endif + if has_sd_bus + liblxc_dependencies += libsystemd + if want_oss_fuzz + oss_fuzz_dependencies += libsystemd + endif + endif + srcconf.set10('HAVE_LIBSYSTEMD', has_sd_bus) else has_sd_bus = false @@ -348,12 +360,14 @@ endif ## Threads. threads = dependency('threads') +liblxc_dependencies += threads ## Seccomp. if want_seccomp libseccomp = dependency('libseccomp', required: false) srcconf.set10('HAVE_SECCOMP', libseccomp.found()) pkgconfig_libs += libseccomp + liblxc_dependencies += libseccomp if libseccomp.found() if libseccomp.version().version_compare('>=2.5.0') # https://github.com/seccomp/libseccomp/commit/dead12bc788b259b148cc4d93b970ef0bd602b1a @@ -380,7 +394,7 @@ if want_seccomp ] # We get -1 if the size cannot be determined - if cc.sizeof(decl, prefix: seccomp_headers, args: '-D_GNU_SOURCE') > 0 + if cc.sizeof(decl, prefix: seccomp_headers, args: '-D_GNU_SOURCE', dependencies: libseccomp) > 0 srcconf.set10('HAVE_' + decl.underscorify().to_upper(), true) else srcconf.set10('HAVE_' + decl.underscorify().to_upper(), false) @@ -396,6 +410,7 @@ if want_selinux libselinux = dependency('libselinux', required: false) srcconf.set10('HAVE_SELINUX', libselinux.found()) pkgconfig_libs += libselinux + liblxc_dependencies += libselinux else srcconf.set10('HAVE_SELINUX', false) endif @@ -404,6 +419,8 @@ endif if want_apparmor libapparmor = dependency('libapparmor', required: false) srcconf.set10('HAVE_APPARMOR', libapparmor.found()) + # We do not use the AppArmor library at runtime, so it's not in our pkg-config. + liblxc_dependencies += libapparmor else srcconf.set10('HAVE_APPARMOR', false) endif @@ -413,6 +430,7 @@ if want_openssl libopenssl = dependency('openssl', required: false) srcconf.set10('HAVE_OPENSSL', libopenssl.found()) pkgconfig_libs += libopenssl + liblxc_dependencies += libopenssl else srcconf.set10('HAVE_OPENSSL', false) endif @@ -429,6 +447,7 @@ if want_capabilities endif srcconf.set10('HAVE_LIBCAP', libcap.found()) pkgconfig_libs += libcap + liblxc_dependencies += libcap libcap_static = dependency('libcap', required: false, static: true) if not libcap_static.found() @@ -453,7 +472,6 @@ endif libutil = cc.find_library('util', required: false) -oss_fuzz_dependencies = [] if want_oss_fuzz srcconf.set10('FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION', true) srcconf.set10('RUN_ON_OSS_FUZZ', true) @@ -472,8 +490,14 @@ pkgconfig_libs += pam have = cc.has_function('fmemopen', prefix: '#include <stdio.h>', args: '-D_GNU_SOURCE') srcconf.set10('HAVE_FMEMOPEN', have) -have_openpty = cc.has_function('openpty', dependencies: libutil, prefix: '#include <pty.h>') -srcconf.set10('HAVE_OPENPTY', have_openpty) +have = cc.has_function('openpty', dependencies: libutil, prefix: '#include <pty.h>') +srcconf.set10('HAVE_OPENPTY', have) +if have + liblxc_dependencies += libutil + if want_oss_fuzz + oss_fuzz_dependencies += libutil + endif +endif have = cc.has_function('pthread_setcancelstate', prefix: '#include <pthread.h>') srcconf.set10('HAVE_PTHREAD_SETCANCELSTATE', have) @@ -598,7 +622,7 @@ foreach decl: [ ] # We get -1 if the size cannot be determined - if cc.sizeof(decl, prefix: decl_headers, args: '-D_GNU_SOURCE') > 0 + if cc.sizeof(decl, prefix: decl_headers, args: '-D_GNU_SOURCE', dependencies: liblxc_dependencies) > 0 srcconf.set10('HAVE_' + decl.underscorify().to_upper(), true) else srcconf.set10('HAVE_' + decl.underscorify().to_upper(), false) @@ -814,51 +838,19 @@ liblxc_includes = include_directories( 'src/lxc/cgroups', 'src/lxc/storage') +# Our static sub-project binaries don't (and in fact can't) link to our +# dependencies directly, but need access to the headers when compiling (most +# notably seccomp headers). +liblxc_dependency_headers = [] +foreach dep: liblxc_dependencies + liblxc_dependency_headers += dep.partial_dependency(compile_args: true) +endforeach + # Early sub-directories. subdir('src/include') subdir('src/lxc') subdir('src/lxc/pam') -# Library. -liblxc_dependencies = [ - threads, -] - -if want_seccomp - liblxc_dependencies += libseccomp -endif - -if want_capabilities - liblxc_dependencies += [libcap] -endif - -if want_openssl - liblxc_dependencies += [libopenssl] -endif - -if want_selinux - liblxc_dependencies += [libselinux] -endif - -if want_apparmor - liblxc_dependencies += [libapparmor] -endif - -if want_io_uring - liblxc_dependencies += [liburing] -endif - -if has_sd_bus - liblxc_dependencies += [libsystemd] -endif - -if have_openpty - liblxc_dependencies += [libutil] - if want_oss_fuzz - oss_fuzz_dependencies += [libutil] - endif -endif - liblxc_link_whole = [liblxc_static] liblxc = shared_library( diff --git a/src/lxc/cmd/meson.build b/src/lxc/cmd/meson.build index f84269ecbcab..e083130254bb 100644 --- a/src/lxc/cmd/meson.build +++ b/src/lxc/cmd/meson.build @@ -68,7 +68,7 @@ if sanitize == 'none' link_with: [liblxc_static], link_args: ['-static'], c_args: ['-DNO_LXC_CONF'], - dependencies: [libcap_static], + dependencies: [libcap_static] + liblxc_dependency_headers, install_dir: sbindir, install: true) endif diff --git a/src/lxc/meson.build b/src/lxc/meson.build index 38faf7f5ed54..86e86b87f6fc 100644 --- a/src/lxc/meson.build +++ b/src/lxc/meson.build @@ -152,7 +152,7 @@ liblxc_static = static_library( liblxc_sources + include_sources + netns_ifaddrs_sources, install: true, include_directories: liblxc_includes, - dependencies: [threads], + dependencies: [threads] + liblxc_dependency_headers, c_args: '-fvisibility=default') lxc_functions = configure_file( -- 2.38.0 ++++++ OPENSUSE-0006-build-only-build-init.lxc.static-if-libcap-is-static.patch ++++++ >From 59f69162caed3781d6737d2a4bc039e2205b8470 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai <cyp...@cyphar.com> Date: Fri, 28 Oct 2022 12:44:39 +1100 Subject: [PATCH 6/7] build: only build init.lxc.static if libcap is statically linkable Without setting this, the default build will fail if you don't have the static libcap library installed (on openSUSE this is packaged separately to libcap-devel). Signed-off-by: Aleksa Sarai <cyp...@cyphar.com> --- meson.build | 5 +++-- src/lxc/cmd/meson.build | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/meson.build b/meson.build index 0765c9b02cd3..93572975ebe4 100644 --- a/meson.build +++ b/meson.build @@ -460,12 +460,13 @@ int main(int argc, char *argv[]) { return 0; }; ''' if libcap_static.found() libcap_static_linkable = cc.links(code, args: '-static', dependencies: libcap_static) - srcconf.set10('HAVE_STATIC_LIBCAP', libcap_static_linkable) else - srcconf.set10('HAVE_STATIC_LIBCAP', false) + libcap_static_linkable = false endif + srcconf.set10('HAVE_STATIC_LIBCAP', libcap_static_linkable) else libcap_static = [] + libcap_static_linkable = false srcconf.set10('HAVE_LIBCAP', false) srcconf.set10('HAVE_STATIC_LIBCAP', false) endif diff --git a/src/lxc/cmd/meson.build b/src/lxc/cmd/meson.build index e083130254bb..238b91d0521b 100644 --- a/src/lxc/cmd/meson.build +++ b/src/lxc/cmd/meson.build @@ -60,7 +60,7 @@ cmd_lxc_update_config = configure_file( output: 'lxc-update-config') install_data(join_paths(project_build_root, 'src/lxc/cmd/lxc-update-config'), install_dir: bindir) -if sanitize == 'none' +if sanitize == 'none' and libcap_static_linkable cmd_programs += executable( 'init.lxc.static', cmd_lxc_init_sources, -- 2.38.0 ++++++ OPENSUSE-0007-build-drop-build-time-systemd-dependency.patch ++++++ >From 1d5c7e771c036e72a1c516f49b7d7aa1a9da4bb7 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai <cyp...@cyphar.com> Date: Fri, 28 Oct 2022 12:58:10 +1100 Subject: [PATCH 7/7] build: drop build-time systemd dependency On openSUSE, our packages are build in the Open Build Service which does not have a proper systemd installation that you can query to get the systemdunitdir. The simplest solution is to re-add the ability to explicitly set the systemdunitdir (as was previously possible with the autotools build system in pre-5.0 LXC). Signed-off-by: Aleksa Sarai <cyp...@cyphar.com> --- config/init/systemd/meson.build | 7 +++++-- meson_options.txt | 5 +++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/config/init/systemd/meson.build b/config/init/systemd/meson.build index 21e75650404d..7419010167b8 100644 --- a/config/init/systemd/meson.build +++ b/config/init/systemd/meson.build @@ -8,8 +8,11 @@ lxc_apparmor_load = configure_file( install_dir: lxclibexec) if 'systemd' in init_script - systemd = dependency('systemd') - systemd_system_unit_dir = systemd.get_variable('systemdsystemunitdir') + systemd_system_unit_dir = get_option('systemd-unitdir') + if systemd_system_unit_dir == '' + systemd = dependency('systemd') + systemd_system_unit_dir = systemd.get_variable('systemdsystemunitdir') + endif configure_file( configuration: conf, diff --git a/meson_options.txt b/meson_options.txt index 7aefa2bd2e5b..9803473d2f3c 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -18,6 +18,11 @@ option('init-script', type : 'array', choices : ['systemd', 'sysvinit', 'upstart'], value : ['systemd'], description : 'init script') +# was --systemd-unidir in autotools +# If set to "", the value is taken from the running systemd instance. +option('systemd-unitdir', type : 'string', value: '', + description : 'systemd system unit directory') + # was --{disable,enable}-liburing in autotools option('io-uring-event-loop', type: 'boolean', value: 'false', description: 'Enable io-uring based event loop') -- 2.38.0 ++++++ lxc-4.0.12.tar.gz -> lxc-5.0.1.tar.gz ++++++ ++++ 101005 lines of diff (skipped) ++++++ lxc-createconfig.in ++++++ --- /var/tmp/diff_new_pack.PJSmvw/_old 2022-10-30 18:29:39.646651791 +0100 +++ /var/tmp/diff_new_pack.PJSmvw/_new 2022-10-30 18:29:39.650651812 +0100 @@ -1,5 +1,4 @@ #!/bin/bash -# @configure_input@ # lxc: linux Container library #
