[meta-virtualization][master][PATCH] lxc: Add lxc.init.groups config key

Wed, 15 Sep 2021 21:57:57 -0700 

The lxc init options for 4.0.9 and lxc.init.groups is missing.
Added add_lxc_init_groups_config_key.patch to fix this issue.

Signed-off-by: Sana Kazi <[email protected]>
Signed-off-by: Sana Kazi <[email protected]>
---
 .../add_lxc_init_groups_config_key.patch      | 144 ++++++++++++++++++
 recipes-containers/lxc/lxc_4.0.9.bb           |   1 +
 2 files changed, 145 insertions(+)
 create mode 100644 
recipes-containers/lxc/files/add_lxc_init_groups_config_key.patch

diff --git a/recipes-containers/lxc/files/add_lxc_init_groups_config_key.patch 
b/recipes-containers/lxc/files/add_lxc_init_groups_config_key.patch
new file mode 100644
index 0000000..b3521aa
--- /dev/null
+++ b/recipes-containers/lxc/files/add_lxc_init_groups_config_key.patch
@@ -0,0 +1,144 @@
+From 19b18b6970482e54489caf7cc5993c440c0a98b0 Mon Sep 17 00:00:00 2001
+From: Christian Brauner <[email protected]>
+Date: Mon, 14 Jun 2021 12:10:46 +0200
+Subject: [PATCH] confile: backport lxc.init.groups config key
+
+This is needed for lxcri.
+
+Fixes: #3862
+Signed-off-by: Christian Brauner <[email protected]>
+---
+ src/lxc/confile.c | 88 +++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 88 insertions(+)
+
+Upstream-Status: Backport 
[https://github.com/lxc/lxc/commit/19b18b6970482e54489caf7cc5993c440c0a98b0.patch]
+Comment: No change in any hunk
+Signed-off-by: Sana Kazi <[email protected]>
+
+diff --git a/src/lxc/confile.c b/src/lxc/confile.c
+index 76d9402626..8072d658a6 100644
+--- a/src/lxc/confile.c
++++ b/src/lxc/confile.c
+@@ -86,6 +86,7 @@ lxc_config_define(init_cmd);
+ lxc_config_define(init_cwd);
+ lxc_config_define(init_gid);
+ lxc_config_define(init_uid);
++lxc_config_define(init_groups);
+ lxc_config_define(jump_table_net);
+ lxc_config_define(keyring_session);
+ lxc_config_define(log_file);
+@@ -213,6 +214,7 @@ static struct lxc_config_t config_jump_table[] = {
+       { "lxc.include",                    true,  set_config_includefiles,     
          get_config_includefiles,               clr_config_includefiles,       
        },
+       { "lxc.init.cmd",                   true,  set_config_init_cmd,         
          get_config_init_cmd,                   clr_config_init_cmd,           
        },
+       { "lxc.init.gid",                   true,  set_config_init_gid,         
          get_config_init_gid,                   clr_config_init_gid,           
        },
++      { "lxc.init.groups",                true,  set_config_init_groups,      
          get_config_init_groups,                clr_config_init_groups,        
        },
+       { "lxc.init.uid",                   true,  set_config_init_uid,         
          get_config_init_uid,                   clr_config_init_uid,           
        },
+       { "lxc.init.cwd",                   true,  set_config_init_cwd,         
          get_config_init_cwd,                   clr_config_init_cwd,           
        },
+       { "lxc.keyring.session",            true,  set_config_keyring_session,  
          get_config_keyring_session,            clr_config_keyring_session     
        },
+@@ -1177,6 +1179,64 @@ static int set_config_init_gid(const char *key, const 
char *value,
+       return 0;
+ }
+ 
++static int set_config_init_groups(const char *key, const char *value,
++                                struct lxc_conf *lxc_conf, void *data)
++{
++      __do_free char *value_dup = NULL;
++      gid_t *init_groups = NULL;
++      size_t num_groups = 0;
++      size_t idx;
++      char *token;
++
++      if (lxc_config_value_empty(value))
++              return clr_config_init_groups(key, lxc_conf, NULL);
++
++      value_dup = strdup(value);
++      if (!value_dup)
++              return -ENOMEM;
++
++      lxc_iterate_parts(token, value_dup, ",")
++              num_groups++;
++
++      if (num_groups == INT_MAX)
++              return log_error_errno(-ERANGE, ERANGE, "Excessive number of 
supplementary groups specified");
++
++      /* This means the string wasn't empty and all we found was garbage. */
++      if (num_groups == 0)
++              return log_error_errno(-EINVAL, EINVAL, "No valid groups 
specified %s", value);
++
++      idx = lxc_conf->init_groups.size;
++      init_groups = realloc(lxc_conf->init_groups.list, sizeof(gid_t) * (idx 
+ num_groups));
++      if (!init_groups)
++              return ret_errno(ENOMEM);
++
++      /*
++       * Once the realloc() succeeded we need to hand control of the memory
++       * back to the config otherwise we risk a double-free when
++       * lxc_conf_free() is called.
++       */
++      lxc_conf->init_groups.list = init_groups;
++
++      /* Restore duplicated value so we can call lxc_iterate_parts() again. */
++      strcpy(value_dup, value);
++
++      lxc_iterate_parts(token, value_dup, ",") {
++              int ret;
++
++              gid_t group;
++
++              ret = lxc_safe_uint(token, &group);
++              if (ret)
++                      return log_error_errno(ret, -ret, "Failed to parse 
group %s", token);
++
++              init_groups[idx++] = group;
++      }
++
++      lxc_conf->init_groups.size += num_groups;
++
++      return 0;
++}
++
+ static int set_config_hooks(const char *key, const char *value,
+                           struct lxc_conf *lxc_conf, void *data)
+ {
+@@ -4174,6 +4234,26 @@ static int get_config_init_gid(const char *key, char 
*retv, int inlen,
+       return lxc_get_conf_int(c, retv, inlen, c->init_gid);
+ }
+ 
++static int get_config_init_groups(const char *key, char *retv, int inlen,
++                                struct lxc_conf *c, void *data)
++{
++      int fulllen = 0, len;
++
++      if (!retv)
++              inlen = 0;
++      else
++              memset(retv, 0, inlen);
++
++      if (c->init_groups.size == 0)
++              return 0;
++
++      for (int i = 0; i < c->init_groups.size; i++)
++              strprint(retv, inlen, "%s%d", (i > 0) ? "," : "",
++                       c->init_groups.list[i]);
++
++      return fulllen;
++}
++
+ static int get_config_ephemeral(const char *key, char *retv, int inlen,
+                               struct lxc_conf *c, void *data)
+ {
+@@ -4821,6 +4901,14 @@ static inline int clr_config_init_gid(const char *key, 
struct lxc_conf *c,
+       return 0;
+ }
+ 
++static inline int clr_config_init_groups(const char *key, struct lxc_conf *c,
++                                       void *data)
++{
++      c->init_groups.size = 0;
++      free_disarm(c->init_groups.list);
++      return 0;
++}
++
+ static inline int clr_config_ephemeral(const char *key, struct lxc_conf *c,
+                                      void *data)
+ {
diff --git a/recipes-containers/lxc/lxc_4.0.9.bb 
b/recipes-containers/lxc/lxc_4.0.9.bb
index 6720733..53f82d6 100644
--- a/recipes-containers/lxc/lxc_4.0.9.bb
+++ b/recipes-containers/lxc/lxc_4.0.9.bb
@@ -50,6 +50,7 @@ SRC_URI = 
"http://linuxcontainers.org/downloads/${BPN}/${BPN}-${PV}.tar.gz \
        file://dnsmasq.conf \
        file://lxc-net \
         file://enable_seccomp_profile_when_compiled_libseccomp.patch \
+        file://add_lxc_init_groups_config_key.patch \
        "
 
 SRC_URI[md5sum] = "365fcca985038910e19a1e0fff15ed07"
-- 
2.17.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#6775): 
https://lists.yoctoproject.org/g/meta-virtualization/message/6775
Mute This Topic: https://lists.yoctoproject.org/mt/85645369/21656
Group Owner: [email protected]
Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to