Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package lxc for openSUSE:Factory checked in
at 2024-07-16 22:03:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/lxc (Old)
and /work/SRC/openSUSE:Factory/.lxc.new.17339 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lxc"
Tue Jul 16 22:03:05 2024 rev:108 rq:1187673 version:6.0.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/lxc/lxc.changes 2024-05-01 14:58:12.897745682
+0200
+++ /work/SRC/openSUSE:Factory/.lxc.new.17339/lxc.changes 2024-07-16
22:03:12.355581153 +0200
@@ -1,0 +2,36 @@
+Sat Jul 13 11:14:49 UTC 2024 - Johannes Kastl
<opensuse_buildserv...@ojkastl.de>
+
+- update to 6.0.1:
+ The LXC team is pleased to announce the release of LXC 6.0.1!
+ This is the first bugfix release for LXC 6.0 which is supported
+ until June 2029.
+ As usual this bugfix releases focus on stability and hardening.
+ * Highlights
+ - Fixed some build tooling issues
+ - Fixed startup failures on system without IPv6 support
+ - Updated AppArmor rules to avoid potential warnings
+ * Detailed changelog
+ - meson: fix build on NixOS
+ - github: test the lxc multicall binary builds too
+ - lxc/network: handle non-existing sysctl /disable_ipv6
+ - network: netdev_configure_server_veth: reduce scope of
+ disable_ipv6_fd/path vars
+ - Update lxc-attach.sgml.in
+ - Update lxc-execute.sgml.in
+ - Update lxc-{attach,execute}.sgml.in
+ - Update lxc-execute.sgml.in
+ - lxc-local: fix use of LXC_PATH before init
+ - lxc-local: fix incorrect path to templates file
+ - lxc-local: remove check for template existence before
+ extraction
+ - apparmor: fix rule path pattern specification syntax
+ - apparmor: regenerate rules
+ - apparmor: use /{,} instead of /
+ - apparmor: regenerate rules
+ - github: start using ubuntu-24.04
+ - github: properly check apparmor profile changes
+ - lxc/storage/zfs: ignore false-positive use-after-free warning
+ - github: exclude clang & ubuntu-24.04 combination
+ - meson: fix build with -Dtools-multicall=true on NixOS
+
+-------------------------------------------------------------------
Old:
----
lxc-6.0.0.tar.gz
lxc-6.0.0.tar.gz.asc
New:
----
lxc-6.0.1.tar.gz
lxc-6.0.1.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ lxc.spec ++++++
--- /var/tmp/diff_new_pack.4QIVQT/_old 2024-07-16 22:03:13.959639652 +0200
+++ /var/tmp/diff_new_pack.4QIVQT/_new 2024-07-16 22:03:13.971640090 +0200
@@ -18,7 +18,7 @@
%define shlib_version 1
Name: lxc
-Version: 6.0.0
+Version: 6.0.1
Release: 0
URL: http://linuxcontainers.org/
Summary: Userspace tools for Linux kernel containers
++++++ lxc-6.0.0.tar.gz -> lxc-6.0.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lxc-6.0.0/.github/workflows/build.yml
new/lxc-6.0.1/.github/workflows/build.yml
--- old/lxc-6.0.0/.github/workflows/build.yml 2024-04-03 05:34:20.000000000
+0200
+++ new/lxc-6.0.1/.github/workflows/build.yml 2024-06-27 06:43:29.000000000
+0200
@@ -15,6 +15,11 @@
- clang
os:
- ubuntu-22.04
+ - ubuntu-24.04
+ # temporary workaround for
https://bugs.launchpad.net/ubuntu/+source/llvm-toolchain-18/+bug/2064187
+ exclude:
+ - compiler: clang
+ os: ubuntu-24.04
runs-on: ${{ matrix.os }}
steps:
- name: Checkout code
@@ -50,6 +55,7 @@
meson setup build \
-Dtests=true \
-Dpam-cgroup=true \
+ -Dtools-multicall=true \
-Dwerror=true \
-Db_lto_mode=default
ninja -C build
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lxc-6.0.0/.github/workflows/cifuzz.yml
new/lxc-6.0.1/.github/workflows/cifuzz.yml
--- old/lxc-6.0.0/.github/workflows/cifuzz.yml 2024-04-03 05:34:20.000000000
+0200
+++ new/lxc-6.0.1/.github/workflows/cifuzz.yml 2024-06-27 06:43:29.000000000
+0200
@@ -13,7 +13,7 @@
contents: read
jobs:
Fuzzing:
- runs-on: ubuntu-22.04
+ runs-on: ubuntu-24.04
if: github.repository == 'lxc/lxc'
strategy:
fail-fast: false
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lxc-6.0.0/.github/workflows/commits.yml
new/lxc-6.0.1/.github/workflows/commits.yml
--- old/lxc-6.0.0/.github/workflows/commits.yml 2024-04-03 05:34:20.000000000
+0200
+++ new/lxc-6.0.1/.github/workflows/commits.yml 2024-06-27 06:43:29.000000000
+0200
@@ -10,7 +10,7 @@
permissions:
pull-requests: read # for tim-actions/get-pr-commits to get list of
commits from the PR
name: Signed-off-by (DCO)
- runs-on: ubuntu-22.04
+ runs-on: ubuntu-24.04
steps:
- name: Get PR Commits
id: 'get-pr-commits'
@@ -27,7 +27,7 @@
permissions:
contents: none
name: Branch target
- runs-on: ubuntu-22.04
+ runs-on: ubuntu-24.04
steps:
- name: Check branch target
env:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lxc-6.0.0/.github/workflows/coverity.yml
new/lxc-6.0.1/.github/workflows/coverity.yml
--- old/lxc-6.0.0/.github/workflows/coverity.yml 2024-04-03
05:34:20.000000000 +0200
+++ new/lxc-6.0.1/.github/workflows/coverity.yml 2024-06-27
06:43:29.000000000 +0200
@@ -8,7 +8,7 @@
jobs:
test:
- runs-on: ubuntu-22.04
+ runs-on: ubuntu-24.04
steps:
- name: Checkout code
uses: actions/checkout@v4
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lxc-6.0.0/.github/workflows/static-analysis.yml
new/lxc-6.0.1/.github/workflows/static-analysis.yml
--- old/lxc-6.0.0/.github/workflows/static-analysis.yml 2024-04-03
05:34:20.000000000 +0200
+++ new/lxc-6.0.1/.github/workflows/static-analysis.yml 2024-06-27
06:43:29.000000000 +0200
@@ -7,7 +7,7 @@
jobs:
test:
- runs-on: ubuntu-22.04
+ runs-on: ubuntu-24.04
steps:
- name: Checkout code
uses: actions/checkout@v4
@@ -26,4 +26,5 @@
run: |
cd config/apparmor/
./lxc-generate-aa-rules.py container-rules.base > container-rules
+ cat abstractions/container-base.in container-rules >
abstractions/container-base
git diff --exit-code
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/lxc-6.0.0/config/apparmor/abstractions/container-base
new/lxc-6.0.1/config/apparmor/abstractions/container-base
--- old/lxc-6.0.0/config/apparmor/abstractions/container-base 2024-04-03
05:34:20.000000000 +0200
+++ new/lxc-6.0.1/config/apparmor/abstractions/container-base 2024-06-27
06:43:29.000000000 +0200
@@ -73,6 +73,7 @@
# block some other dangerous paths
deny @{PROC}/kcore rwklx,
deny @{PROC}/sysrq-trigger rwklx,
+ deny @{PROC}/acpi/** rwklx,
# deny writes in /sys except for /sys/fs/cgroup, also allow
# fusectl, securityfs and debugfs to be mounted there (read-only)
@@ -85,21 +86,20 @@
mount options=(rw, nosuid, nodev, noexec, remount) -> /sys/,
deny /sys/firmware/efi/efivars/** rwklx,
deny /sys/kernel/security/** rwklx,
- mount options=(move) /sys/fs/cgroup/cgmanager/ ->
/sys/fs/cgroup/cgmanager.lower/,
mount options=(ro, nosuid, nodev, noexec, remount, strictatime) ->
/sys/fs/cgroup/,
# deny reads from debugfs
deny /sys/kernel/debug/{,**} rwklx,
# allow paths to be made slave, shared, private or unbindable
- mount options=(rw,make-slave) -> **,
- mount options=(rw,make-rslave) -> **,
- mount options=(rw,make-shared) -> **,
- mount options=(rw,make-rshared) -> **,
- mount options=(rw,make-private) -> **,
- mount options=(rw,make-rprivate) -> **,
- mount options=(rw,make-unbindable) -> **,
- mount options=(rw,make-runbindable) -> **,
+ mount options=(rw,make-slave) -> /{,**},
+ mount options=(rw,make-rslave) -> /{,**},
+ mount options=(rw,make-shared) -> /{,**},
+ mount options=(rw,make-rshared) -> /{,**},
+ mount options=(rw,make-private) -> /{,**},
+ mount options=(rw,make-rprivate) -> /{,**},
+ mount options=(rw,make-unbindable) -> /{,**},
+ mount options=(rw,make-runbindable) -> /{,**},
# allow bind-mounts of anything except /proc, /sys and /dev
mount options=(rw,bind) /[^spd]*{,/**},
@@ -146,7 +146,6 @@
mount options=(rw,move) /s[^y]*{,/**},
mount options=(rw,move) /sy[^s]*{,/**},
mount options=(rw,move) /sys?*{,/**},
-
# generated by: lxc-generate-aa-rules.py container-rules.base
deny /proc/sys/[^kn]*{,/**} wklx,
deny /proc/sys/k[^e]*{,/**} wklx,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/lxc-6.0.0/config/apparmor/abstractions/container-base.in
new/lxc-6.0.1/config/apparmor/abstractions/container-base.in
--- old/lxc-6.0.0/config/apparmor/abstractions/container-base.in
2024-04-03 05:34:20.000000000 +0200
+++ new/lxc-6.0.1/config/apparmor/abstractions/container-base.in
2024-06-27 06:43:29.000000000 +0200
@@ -92,14 +92,14 @@
deny /sys/kernel/debug/{,**} rwklx,
# allow paths to be made slave, shared, private or unbindable
- mount options=(rw,make-slave) -> **,
- mount options=(rw,make-rslave) -> **,
- mount options=(rw,make-shared) -> **,
- mount options=(rw,make-rshared) -> **,
- mount options=(rw,make-private) -> **,
- mount options=(rw,make-rprivate) -> **,
- mount options=(rw,make-unbindable) -> **,
- mount options=(rw,make-runbindable) -> **,
+ mount options=(rw,make-slave) -> /{,**},
+ mount options=(rw,make-rslave) -> /{,**},
+ mount options=(rw,make-shared) -> /{,**},
+ mount options=(rw,make-rshared) -> /{,**},
+ mount options=(rw,make-private) -> /{,**},
+ mount options=(rw,make-rprivate) -> /{,**},
+ mount options=(rw,make-unbindable) -> /{,**},
+ mount options=(rw,make-runbindable) -> /{,**},
# allow bind-mounts of anything except /proc, /sys and /dev
mount options=(rw,bind) /[^spd]*{,/**},
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/lxc-6.0.0/config/apparmor/abstractions/start-container.in
new/lxc-6.0.1/config/apparmor/abstractions/start-container.in
--- old/lxc-6.0.0/config/apparmor/abstractions/start-container.in
2024-04-03 05:34:20.000000000 +0200
+++ new/lxc-6.0.1/config/apparmor/abstractions/start-container.in
2024-06-27 06:43:29.000000000 +0200
@@ -15,10 +15,10 @@
mount fstype=devpts -> /dev/pts/,
mount options=bind /dev/pts/ptmx/ -> /dev/ptmx/,
mount options=bind /dev/pts/** -> /dev/**,
- mount options=(rw, make-slave) -> **,
- mount options=(rw, make-rslave) -> **,
- mount options=(rw, make-shared) -> **,
- mount options=(rw, make-rshared) -> **,
+ mount options=(rw, make-slave) -> /{,**},
+ mount options=(rw, make-rslave) -> /{,**},
+ mount options=(rw, make-shared) -> /{,**},
+ mount options=(rw, make-rshared) -> /{,**},
mount fstype=debugfs,
mount fstype=fuse.*,
# allow pre-mount hooks to stage mounts under /var/lib/lxc/<container>/
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lxc-6.0.0/doc/ja/lxc-attach.sgml.in
new/lxc-6.0.1/doc/ja/lxc-attach.sgml.in
--- old/lxc-6.0.0/doc/ja/lxc-attach.sgml.in 2024-04-03 05:34:20.000000000
+0200
+++ new/lxc-6.0.1/doc/ja/lxc-attach.sgml.in 2024-06-27 06:43:29.000000000
+0200
@@ -353,10 +353,10 @@
<listitem>
<para>
<!--
- Executes the <replaceable>command</replaceable> with user ID
+ Executes the <replaceable>command</replaceable> with user ID (use
numerical value)
<replaceable>uid</replaceable> inside the container.
-->
- ã³ã³ããå
ã§ãã¦ã¼ã¶ ID <replaceable>uid</replaceable>
㧠<replaceable>command</replaceable> ãå®è¡ãã¾ãã
+ ã³ã³ããå
ã§ãã¦ã¼ã¶ ID <replaceable>uid</replaceable>
㧠<replaceable>command</replaceable>
ãå®è¡ãã¾ãï¼æ°å¤ã§æå®ï¼ã
</para>
</listitem>
</varlistentry>
@@ -368,10 +368,10 @@
<listitem>
<para>
<!--
- Executes the <replaceable>command</replaceable> with group ID
+ Executes the <replaceable>command</replaceable> with group ID (use
numerical value)
<replaceable>gid</replaceable> inside the container.
-->
- ã³ã³ããå
ã§ãã°ã«ã¼ã ID <replaceable>gid</replaceable>
㧠<replaceable>command</replaceable> ãå®è¡ãã¾ãã
+ ã³ã³ããå
ã§ãã°ã«ã¼ã ID <replaceable>gid</replaceable>
㧠<replaceable>command</replaceable>
ãå®è¡ãã¾ãï¼æ°å¤ã§æå®ï¼ã
</para>
</listitem>
</varlistentry>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lxc-6.0.0/doc/ja/lxc-execute.sgml.in
new/lxc-6.0.1/doc/ja/lxc-execute.sgml.in
--- old/lxc-6.0.0/doc/ja/lxc-execute.sgml.in 2024-04-03 05:34:20.000000000
+0200
+++ new/lxc-6.0.1/doc/ja/lxc-execute.sgml.in 2024-06-27 06:43:29.000000000
+0200
@@ -158,10 +158,10 @@
<listitem>
<para>
<!--
- Executes the <replaceable>command</replaceable> with user ID
+ Executes the <replaceable>command</replaceable> with user ID (use
numerical value)
<replaceable>uid</replaceable> inside the container.
-->
- ã³ã³ããå
ã§ãã¦ã¼ã¶ ID <replaceable>uid</replaceable>
㧠<replaceable>command</replaceable> ãå®è¡ãã¾ãã
+ ã³ã³ããå
ã§ãã¦ã¼ã¶ ID <replaceable>uid</replaceable>
㧠<replaceable>command</replaceable>
ãå®è¡ãã¾ãï¼æ°å¤ã§æå®ï¼ã
</para>
</listitem>
</varlistentry>
@@ -173,10 +173,10 @@
<listitem>
<para>
<!--
- Executes the <replaceable>command</replaceable> with group ID
+ Executes the <replaceable>command</replaceable> with group ID (use
numerical value)
<replaceable>gid</replaceable> inside the container.
-->
- ã³ã³ããå
ã§ãã°ã«ã¼ã ID <replaceable>gid</replaceable>
㧠<replaceable>command</replaceable> ãå®è¡ãã¾ãã
+ ã³ã³ããå
ã§ãã°ã«ã¼ã ID <replaceable>gid</replaceable>
㧠<replaceable>command</replaceable>
ãå®è¡ãã¾ãï¼æ°å¤ã§æå®ï¼ã
</para>
</listitem>
</varlistentry>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lxc-6.0.0/doc/lxc-attach.sgml.in
new/lxc-6.0.1/doc/lxc-attach.sgml.in
--- old/lxc-6.0.0/doc/lxc-attach.sgml.in 2024-04-03 05:34:20.000000000
+0200
+++ new/lxc-6.0.1/doc/lxc-attach.sgml.in 2024-06-27 06:43:29.000000000
+0200
@@ -266,7 +266,7 @@
</term>
<listitem>
<para>
- Executes the <replaceable>command</replaceable> with user ID
+ Executes the <replaceable>command</replaceable> with user ID (use
numerical value)
<replaceable>uid</replaceable> inside the container.
</para>
</listitem>
@@ -278,7 +278,7 @@
</term>
<listitem>
<para>
- Executes the <replaceable>command</replaceable> with group ID
+ Executes the <replaceable>command</replaceable> with group ID (use
numerical value)
<replaceable>gid</replaceable> inside the container.
</para>
</listitem>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lxc-6.0.0/doc/lxc-execute.sgml.in
new/lxc-6.0.1/doc/lxc-execute.sgml.in
--- old/lxc-6.0.0/doc/lxc-execute.sgml.in 2024-04-03 05:34:20.000000000
+0200
+++ new/lxc-6.0.1/doc/lxc-execute.sgml.in 2024-06-27 06:43:29.000000000
+0200
@@ -124,7 +124,7 @@
</term>
<listitem>
<para>
- Executes the <replaceable>command</replaceable> with user ID
+ Executes the <replaceable>command</replaceable> with user ID (use
numerical value)
<replaceable>uid</replaceable> inside the container.
</para>
</listitem>
@@ -136,7 +136,7 @@
</term>
<listitem>
<para>
- Executes the <replaceable>command</replaceable> with group ID
+ Executes the <replaceable>command</replaceable> with group ID (use
numerical value)
<replaceable>gid</replaceable> inside the container.
</para>
</listitem>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lxc-6.0.0/meson.build new/lxc-6.0.1/meson.build
--- old/lxc-6.0.0/meson.build 2024-04-03 05:34:20.000000000 +0200
+++ new/lxc-6.0.1/meson.build 2024-06-27 06:43:29.000000000 +0200
@@ -4,7 +4,7 @@
project(
'lxc',
'c',
- version: '6.0.0',
+ version: '6.0.1',
license: 'LGPLv2+',
default_options: [
'b_lto=true',
@@ -30,10 +30,10 @@
version_data = configuration_data()
version_data.set('LXC_VERSION_MAJOR', '6')
version_data.set('LXC_VERSION_MINOR', '0')
-version_data.set('LXC_VERSION_MICRO', '0')
+version_data.set('LXC_VERSION_MICRO', '1')
version_data.set('LXC_VERSION_BETA', '')
version_data.set('LXC_ABI', liblxc_version)
-version_data.set('LXC_DEVEL', '1')
+version_data.set('LXC_DEVEL', '0')
version_data.set('LXC_VERSION', meson.project_version())
# Path handling.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lxc-6.0.0/src/lxc/cmd/meson.build
new/lxc-6.0.1/src/lxc/cmd/meson.build
--- old/lxc-6.0.0/src/lxc/cmd/meson.build 2024-04-03 05:34:20.000000000
+0200
+++ new/lxc-6.0.1/src/lxc/cmd/meson.build 2024-06-27 06:43:29.000000000
+0200
@@ -46,7 +46,7 @@
'../string_utils.c',
'../string_utils.h') + include_sources
-cmd_lxc_monitord_sources = files('lxc_monitord.c') + include_sources +
netns_ifaddrs_sources
+cmd_lxc_monitord_sources = files('lxc_monitord.c')
cmd_lxc_user_nic_sources = files('lxc_user_nic.c') + cmd_common_sources +
netns_ifaddrs_sources
cmd_lxc_usernsexec_sources = files('lxc_usernsexec.c') + cmd_common_sources +
netns_ifaddrs_sources
@@ -88,8 +88,8 @@
'lxc-monitord',
cmd_lxc_monitord_sources,
include_directories: liblxc_includes,
- dependencies: liblxc_dep,
- link_with: [liblxc_static],
+ dependencies: liblxc_dependencies,
+ link_whole: [liblxc_static],
install: true,
install_dir: lxclibexec)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lxc-6.0.0/src/lxc/lsm/apparmor.c
new/lxc-6.0.1/src/lxc/lsm/apparmor.c
--- old/lxc-6.0.0/src/lxc/lsm/apparmor.c 2024-04-03 05:34:20.000000000
+0200
+++ new/lxc-6.0.1/src/lxc/lsm/apparmor.c 2024-06-27 06:43:29.000000000
+0200
@@ -113,14 +113,14 @@
" deny /sys/kernel/debug/{,**} rwklx,\n"
"\n"
" # allow paths to be made dependent, shared, private or unbindable\n"
-" mount options=(rw,make-slave) -> **,\n"
-" mount options=(rw,make-rslave) -> **,\n"
-" mount options=(rw,make-shared) -> **,\n"
-" mount options=(rw,make-rshared) -> **,\n"
-" mount options=(rw,make-private) -> **,\n"
-" mount options=(rw,make-rprivate) -> **,\n"
-" mount options=(rw,make-unbindable) -> **,\n"
-" mount options=(rw,make-runbindable) -> **,\n"
+" mount options=(rw,make-slave) -> /{,**},\n"
+" mount options=(rw,make-rslave) -> /{,**},\n"
+" mount options=(rw,make-shared) -> /{,**},\n"
+" mount options=(rw,make-rshared) -> /{,**},\n"
+" mount options=(rw,make-private) -> /{,**},\n"
+" mount options=(rw,make-rprivate) -> /{,**},\n"
+" mount options=(rw,make-unbindable) -> /{,**},\n"
+" mount options=(rw,make-runbindable) -> /{,**},\n"
"\n"
" # allow bind-mounts of anything except /proc, /sys and /dev\n"
" mount options=(rw,bind) /[^spd]*{,/**},\n"
@@ -336,14 +336,14 @@
" pivot_root,\n"
"\n"
" # Allow modifying mount propagation\n"
-" mount options=(rw,make-slave) -> **,\n"
-" mount options=(rw,make-rslave) -> **,\n"
-" mount options=(rw,make-shared) -> **,\n"
-" mount options=(rw,make-rshared) -> **,\n"
-" mount options=(rw,make-private) -> **,\n"
-" mount options=(rw,make-rprivate) -> **,\n"
-" mount options=(rw,make-unbindable) -> **,\n"
-" mount options=(rw,make-runbindable) -> **,\n"
+" mount options=(rw,make-slave) -> /{,**},\n"
+" mount options=(rw,make-rslave) -> /{,**},\n"
+" mount options=(rw,make-shared) -> /{,**},\n"
+" mount options=(rw,make-rshared) -> /{,**},\n"
+" mount options=(rw,make-private) -> /{,**},\n"
+" mount options=(rw,make-rprivate) -> /{,**},\n"
+" mount options=(rw,make-unbindable) -> /{,**},\n"
+" mount options=(rw,make-runbindable) -> /{,**},\n"
"\n"
" # Allow all bind-mounts\n"
" mount options=(rw,bind),\n"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lxc-6.0.0/src/lxc/network.c
new/lxc-6.0.1/src/lxc/network.c
--- old/lxc-6.0.0/src/lxc/network.c 2024-04-03 05:34:20.000000000 +0200
+++ new/lxc-6.0.1/src/lxc/network.c 2024-06-27 06:43:29.000000000 +0200
@@ -615,10 +615,10 @@
static int netdev_configure_server_veth(struct lxc_handler *handler, struct
lxc_netdev *netdev)
{
- int err, disable_ipv6_fd;
+ int err;
unsigned int mtu = 1500;
char *veth1, *veth2;
- char veth1buf[IFNAMSIZ], veth2buf[IFNAMSIZ], path[PATH_MAX];
+ char veth1buf[IFNAMSIZ], veth2buf[IFNAMSIZ];
err = validate_veth(netdev);
if (err)
@@ -714,6 +714,9 @@
}
if (!is_empty_string(netdev->link) && netdev->priv.veth_attr.mode ==
VETH_MODE_BRIDGE) {
+ char path[PATH_MAX];
+ __do_close int disable_ipv6_fd = -EBADF;
+
/* Disable link-local IPv6 addresses for the host's end of the
veth. */
snprintf(path, PATH_MAX,
"/proc/sys/net/ipv6/conf/%s/disable_ipv6", veth1);
disable_ipv6_fd = open(path, O_RDWR);
@@ -722,15 +725,15 @@
if (disable_ipv6_fd < 0 && errno != ENOENT) {
SYSERROR("Failed to disable IPv6 link-local addresses
for veth pair \"%s\"", veth1);
goto out_delete;
+ } else if (disable_ipv6_fd >= 0) {
+ err = write(disable_ipv6_fd, "1", 1);
+ if (err < 0) {
+ SYSERROR("Failed to disable IPv6 link-local
addresses for veth pair \"%s\"", veth1);
+ goto out_delete;
+ }
+ close(disable_ipv6_fd);
}
- err = write(disable_ipv6_fd, "1", 1);
- if (err < 0) {
- SYSERROR("Failed to disable IPv6 link-local addresses
for veth pair \"%s\"", veth1);
- goto out_delete;
- }
- close(disable_ipv6_fd);
-
if (!lxc_nic_exists(netdev->link)) {
SYSERROR("Failed to attach \"%s\" to bridge \"%s\",
bridge interface doesn't exist", veth1, netdev->link);
goto out_delete;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lxc-6.0.0/src/lxc/storage/zfs.c
new/lxc-6.0.1/src/lxc/storage/zfs.c
--- old/lxc-6.0.0/src/lxc/storage/zfs.c 2024-04-03 05:34:20.000000000 +0200
+++ new/lxc-6.0.1/src/lxc/storage/zfs.c 2024-06-27 06:43:29.000000000 +0200
@@ -500,12 +500,20 @@
*/
dataset_len = strlen(dataset);
len = 4 + dataset_len + 1 + strlen(cname) + 1;
+
+/* see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104069 */
+#pragma GCC diagnostic push
+#if defined __GNUC__ && __GNUC__ >= 12
+#pragma GCC diagnostic ignored "-Wuse-after-free"
+#endif
new->src = realloc(dataset, len);
if (!new->src) {
ERROR("Failed to reallocate memory");
free(dataset);
return -1;
}
+#pragma GCC diagnostic pop
+
memmove(new->src + 4, new->src, dataset_len);
memmove(new->src, "zfs:", 4);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lxc-6.0.0/src/lxc/tools/meson.build
new/lxc-6.0.1/src/lxc/tools/meson.build
--- old/lxc-6.0.0/src/lxc/tools/meson.build 2024-04-03 05:34:20.000000000
+0200
+++ new/lxc-6.0.1/src/lxc/tools/meson.build 2024-06-27 06:43:29.000000000
+0200
@@ -1,6 +1,7 @@
# SPDX-License-Identifier: LGPL-2.1+
-tools_common_sources = files('arguments.c', 'arguments.h') + include_sources +
netns_ifaddrs_sources
+tools_common_sources = files('arguments.c', 'arguments.h') + include_sources
+tools_common_sources_for_dynamic_link = tools_common_sources +
netns_ifaddrs_sources
tools_commands_dynamic_link = ['attach', 'autostart', 'cgroup', 'checkpoint',
'config',
'console', 'copy', 'create', 'destroy', 'device', 'execute', 'freeze',
@@ -15,7 +16,7 @@
foreach cmd : tools_commands_dynamic_link
public_programs += executable(
'lxc-' + cmd,
- files('lxc_' + cmd + '.c') + tools_common_sources +
liblxc_ext_sources,
+ files('lxc_' + cmd + '.c') + tools_common_sources_for_dynamic_link
+ liblxc_ext_sources,
dependencies: liblxc_dependencies,
include_directories: liblxc_includes,
c_args: ['-DNO_LXC_CONF'],
@@ -26,16 +27,16 @@
foreach cmd : tools_commands_static_link
public_programs += executable(
'lxc-' + cmd,
- files('lxc_' + cmd + '.c') + tools_common_sources,
+ files('lxc_' + cmd + '.c') + files('arguments.c', 'arguments.h'),
dependencies: liblxc_dependencies,
include_directories: liblxc_includes,
- link_with: [liblxc_static],
+ link_whole: [liblxc_static],
install: true)
endforeach
endif
if want_tools_multicall
- tools_all_sources = files('lxc_multicall.c') + tools_common_sources
+ tools_all_sources = files('lxc_multicall.c') + files('arguments.c',
'arguments.h')
foreach cmd : tools_commands
tools_all_sources += files('lxc_' + cmd + '.c')
endforeach
@@ -44,8 +45,8 @@
'lxc',
tools_all_sources,
include_directories: liblxc_includes,
- dependencies: liblxc_dep,
- link_with: [liblxc_static],
+ dependencies: liblxc_dependencies,
+ link_whole: [liblxc_static],
install: true)
if want_tools == false
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lxc-6.0.0/templates/lxc-local.in
new/lxc-6.0.1/templates/lxc-local.in
--- old/lxc-6.0.0/templates/lxc-local.in 2024-04-03 05:34:20.000000000
+0200
+++ new/lxc-6.0.1/templates/lxc-local.in 2024-06-27 06:43:29.000000000
+0200
@@ -18,7 +18,7 @@
COMPAT_LEVEL=5
EXCLUDES=""
-TEMPLATE_FILES="${LXC_PATH}/config"
+TEMPLATE_FILES=""
# Make sure the usual locations are in PATH
@@ -169,6 +169,14 @@
fi
}
+record_template_file() {
+ if [ -z "${TEMPLATE_FILES}" ]; then
+ TEMPLATE_FILES="$1"
+ else
+ TEMPLATE_FILES="${TEMPLATE_FILES};$1"
+ fi
+}
+
extract_config() {
# lxc-create will automatically create a config file at ${LXC_PATH}/config.
# This function extracts the network config, and any remaining lxc config
@@ -237,6 +245,7 @@
add_container_config
add_extra_config
add_network_config
+ record_template_file "${LXC_PATH}/config"
}
process_fstab() {
@@ -246,19 +255,18 @@
if [ -e "${fstab}" ]; then
echo "lxc.mount.fstab = ${LXC_PATH}/fstab" >> "${LXC_PATH}/config"
cp "${fstab}" "${LXC_PATH}/fstab"
- TEMPLATE_FILES="${TEMPLATE_FILES};${LXC_PATH}/fstab"
+ record_template_file "${LXC_PATH}/fstab"
fi
}
process_templates() {
# Look for extra templates
- template="$(relevant_file template)"
- if [ -e "${template}" ]; then
+ templates="$(relevant_file templates)"
+ if [ -e "${templates}" ]; then
while read -r line; do
fullpath="${LXC_ROOTFS}/${line}"
- [ ! -e "${fullpath}" ] && continue
- TEMPLATE_FILES="${TEMPLATE_FILES};${fullpath}"
- done < "${template}"
+ record_template_file "${fullpath}"
+ done < "${templates}"
fi
}
