From: Bruce Ashfield <[email protected]> Bumping lxc to a newer 4.0 -stable release.
We drop two patches that have been integrated to the upstream repo, but otherwise, things are the same. Signed-off-by: Bruce Ashfield <[email protected]> (cherry picked from commit baa8c9cd62988121c39ae848cd967859fbbf5250) Signed-off-by: virendra thakur <[email protected]> --- ...fix-check-for-seccomp-notify-support.patch | 44 --------------- ...p-libseccomp-tests-if-it-is-disabled.patch | 53 ------------------ ...alidate-when-using-download-template.patch | 54 +++++++++---------- .../lxc/{lxc_4.0.6.bb => lxc_4.0.9.bb} | 6 +-- 4 files changed, 29 insertions(+), 128 deletions(-) delete mode 100644 recipes-containers/lxc/files/commands-fix-check-for-seccomp-notify-support.patch delete mode 100644 recipes-containers/lxc/files/configure-skip-libseccomp-tests-if-it-is-disabled.patch rename recipes-containers/lxc/{lxc_4.0.6.bb => lxc_4.0.9.bb} (96%) diff --git a/recipes-containers/lxc/files/commands-fix-check-for-seccomp-notify-support.patch b/recipes-containers/lxc/files/commands-fix-check-for-seccomp-notify-support.patch deleted file mode 100644 index 391af38..0000000 --- a/recipes-containers/lxc/files/commands-fix-check-for-seccomp-notify-support.patch +++ /dev/null @@ -1,44 +0,0 @@ -From a342b11fedb3010630de4909ca707ebdc0862060 Mon Sep 17 00:00:00 2001 -From: Eneas U de Queiroz <[email protected]> -Date: Fri, 25 Dec 2020 13:54:14 -0300 -Subject: [PATCH] commands: fix check for seccomp notify support - -Use HAVE_SECCOMP_NOTIFY instead of HAVE_DECL_SECCOMP_NOTIFY_FD. -Currently the latter will be true if the declaration is found by -configure, even if 'configure --disable-seccomp' is used. - -HAVE_SECCOMP_NOTIFY is defined in lxcseccomp.h if both HAVE_SECCOMP and -HAVE_DECL_SECCOMP_NOTIFY_FD are true, which is the correct behavior. - -Upstream-status: submitted https://github.com/lxc/lxc/pull/3623 - -Signed-off-by: Eneas U de Queiroz <[email protected]> ---- - src/lxc/commands.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/lxc/commands.c b/src/lxc/commands.c -index a9a03ca2c..37d1abcef 100644 ---- a/src/lxc/commands.c -+++ b/src/lxc/commands.c -@@ -501,7 +501,7 @@ static int lxc_cmd_get_devpts_fd_callback(int fd, struct lxc_cmd_req *req, - - int lxc_cmd_get_seccomp_notify_fd(const char *name, const char *lxcpath) - { --#if HAVE_DECL_SECCOMP_NOTIFY_FD -+#ifdef HAVE_SECCOMP_NOTIFY - int ret, stopped; - struct lxc_cmd_rr cmd = { - .req = { -@@ -526,7 +526,7 @@ static int lxc_cmd_get_seccomp_notify_fd_callback(int fd, struct lxc_cmd_req *re - struct lxc_handler *handler, - struct lxc_epoll_descr *descr) - { --#if HAVE_DECL_SECCOMP_NOTIFY_FD -+#ifdef HAVE_SECCOMP_NOTIFY - struct lxc_cmd_rsp rsp = { - .ret = 0, - }; --- -2.17.1 - diff --git a/recipes-containers/lxc/files/configure-skip-libseccomp-tests-if-it-is-disabled.patch b/recipes-containers/lxc/files/configure-skip-libseccomp-tests-if-it-is-disabled.patch deleted file mode 100644 index 43c91ba..0000000 --- a/recipes-containers/lxc/files/configure-skip-libseccomp-tests-if-it-is-disabled.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 67cd8bde2d46983df8fa9f647e9fc0b96370ec29 Mon Sep 17 00:00:00 2001 -From: Eneas U de Queiroz <[email protected]> -Date: Sat, 16 Jan 2021 13:54:07 -0300 -Subject: [PATCH] configure: skip libseccomp tests if it is disabled - -Move the block checking for libseccomp api compatibility inside -AM_COND_IF([ENABLE_SECCOMP] ... ). - -Upstream-Status: submitted [https://github.com/lxc/lxc/pull/3623] - -Signed-off-by: Eneas U de Queiroz <[email protected]> ---- - configure.ac | 17 ++++++++--------- - 1 file changed, 8 insertions(+), 9 deletions(-) - -diff --git a/configure.ac b/configure.ac -index f58487f5d..ce6363136 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -312,6 +312,14 @@ AM_COND_IF([ENABLE_SECCOMP], - AC_CHECK_LIB([seccomp], [seccomp_init],[],[AC_MSG_ERROR([You must install the seccomp development package in order to compile lxc])]) - AC_SUBST([SECCOMP_LIBS], [-lseccomp]) - ]) -+ # HAVE_SCMP_FILTER_CTX=1 will tell us we have libseccomp api >= 1.0.0 -+ OLD_CFLAGS="$CFLAGS" -+ CFLAGS="$CFLAGS $SECCOMP_CFLAGS" -+ AC_CHECK_TYPES([scmp_filter_ctx], [], [], [[#include <seccomp.h>]]) -+ AC_CHECK_DECLS([seccomp_notify_fd], [], [], [[#include <seccomp.h>]]) -+ AC_CHECK_TYPES([struct seccomp_notif_sizes], [], [], [[#include <seccomp.h>]]) -+ AC_CHECK_DECLS([seccomp_syscall_resolve_name_arch], [], [], [[#include <seccomp.h>]]) -+ CFLAGS="$OLD_CFLAGS" - ]) - - AC_MSG_CHECKING(for static libcap) -@@ -359,15 +367,6 @@ AM_COND_IF([ENABLE_CAP], - AC_CHECK_LIB(cap,cap_get_file, AC_DEFINE(LIBCAP_SUPPORTS_FILE_CAPABILITIES,1,[Have cap_get_file]),[],[]) - AC_SUBST([CAP_LIBS], [-lcap])]) - --# HAVE_SCMP_FILTER_CTX=1 will tell us we have libseccomp api >= 1.0.0 --OLD_CFLAGS="$CFLAGS" --CFLAGS="$CFLAGS $SECCOMP_CFLAGS" --AC_CHECK_TYPES([scmp_filter_ctx], [], [], [[#include <seccomp.h>]]) --AC_CHECK_DECLS([seccomp_notify_fd], [], [], [[#include <seccomp.h>]]) --AC_CHECK_TYPES([struct seccomp_notif_sizes], [], [], [[#include <seccomp.h>]]) --AC_CHECK_DECLS([seccomp_syscall_resolve_name_arch], [], [], [[#include <seccomp.h>]]) --CFLAGS="$OLD_CFLAGS" -- - AC_CHECK_HEADERS([linux/bpf.h], [ - AC_CHECK_TYPES([struct bpf_cgroup_dev_ctx], [], [], [[#include <linux/bpf.h>]]) - ], [], []) --- -2.17.1 - diff --git a/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch b/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch index 8caeb2b..f335e79 100644 --- a/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch +++ b/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch @@ -18,11 +18,11 @@ Signed-off-by: Mark Asselstine < [email protected]> src/tests/lxc-test-usernic.in | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) -diff --git a/src/tests/lxc-test-apparmor-mount b/src/tests/lxc-test-apparmor-mount -index d21c948..9e1969b 100755 ---- a/src/tests/lxc-test-apparmor-mount -+++ b/src/tests/lxc-test-apparmor-mount -@@ -169,7 +169,7 @@ if [ -f /etc/lsb-release ]; then +Index: lxc-4.0.9/src/tests/lxc-test-apparmor-mount +=================================================================== +--- lxc-4.0.9.orig/src/tests/lxc-test-apparmor-mount ++++ lxc-4.0.9/src/tests/lxc-test-apparmor-mount +@@ -170,7 +170,7 @@ done fi @@ -31,11 +31,11 @@ index d21c948..9e1969b 100755 echo "test default confined container" run_cmd lxc-start -n $cname -d -lDEBUG -o "$logfile" -diff --git a/src/tests/lxc-test-autostart b/src/tests/lxc-test-autostart -index e5b651b..d15b79b 100755 ---- a/src/tests/lxc-test-autostart -+++ b/src/tests/lxc-test-autostart -@@ -55,7 +55,7 @@ if [ -f /etc/lsb-release ]; then +Index: lxc-4.0.9/src/tests/lxc-test-autostart +=================================================================== +--- lxc-4.0.9.orig/src/tests/lxc-test-autostart ++++ lxc-4.0.9/src/tests/lxc-test-autostart +@@ -55,7 +55,7 @@ done fi @@ -44,11 +44,11 @@ index e5b651b..d15b79b 100755 CONTAINER_PATH=$(dirname $(lxc-info -n $CONTAINER_NAME -c lxc.rootfs.path -H) | sed -e 's/dir://') cp $CONTAINER_PATH/config $CONTAINER_PATH/config.bak -diff --git a/src/tests/lxc-test-no-new-privs b/src/tests/lxc-test-no-new-privs -index 8642992..e72bdf0 100755 ---- a/src/tests/lxc-test-no-new-privs -+++ b/src/tests/lxc-test-no-new-privs -@@ -47,7 +47,7 @@ if type dpkg >/dev/null 2>&1; then +Index: lxc-4.0.9/src/tests/lxc-test-no-new-privs +=================================================================== +--- lxc-4.0.9.orig/src/tests/lxc-test-no-new-privs ++++ lxc-4.0.9/src/tests/lxc-test-no-new-privs +@@ -49,7 +49,7 @@ ARCH=$(dpkg --print-architecture) fi @@ -57,24 +57,24 @@ index 8642992..e72bdf0 100755 echo "lxc.no_new_privs = 1" >> /var/lib/lxc/c1/config lxc-start -n c1 -diff --git a/src/tests/lxc-test-unpriv b/src/tests/lxc-test-unpriv -index 16ff12d..0958d48 100755 ---- a/src/tests/lxc-test-unpriv -+++ b/src/tests/lxc-test-unpriv -@@ -173,7 +173,7 @@ run_cmd mkdir -p $HDIR/.cache/lxc +Index: lxc-4.0.9/src/tests/lxc-test-unpriv +=================================================================== +--- lxc-4.0.9.orig/src/tests/lxc-test-unpriv ++++ lxc-4.0.9/src/tests/lxc-test-unpriv +@@ -178,7 +178,7 @@ cp -R /var/cache/lxc/download $HDIR/.cache/lxc && \ chown -R $TUSER: $HDIR/.cache/lxc --run_cmd lxc-create -t download -n c1 -- -d ubuntu -r $release -a $ARCH -+run_cmd lxc-create -t download -n c1 -- --no-validate -d ubuntu -r $release -a $ARCH +-run_cmd lxc-create -t download -n c1 -l trace -o "${UNPRIV_LOG}" -- -d ubuntu -r $release -a $ARCH ++run_cmd lxc-create -t download -n c1 -l trace -o "${UNPRIV_LOG}" -- --no-validate -d ubuntu -r $release -a $ARCH # Make sure we can start it - twice -diff --git a/src/tests/lxc-test-usernic.in b/src/tests/lxc-test-usernic.in -index 3e35008..f489286 100755 ---- a/src/tests/lxc-test-usernic.in -+++ b/src/tests/lxc-test-usernic.in -@@ -146,7 +146,7 @@ if [ -f /etc/lsb-release ]; then +Index: lxc-4.0.9/src/tests/lxc-test-usernic.in +=================================================================== +--- lxc-4.0.9.orig/src/tests/lxc-test-usernic.in ++++ lxc-4.0.9/src/tests/lxc-test-usernic.in +@@ -147,7 +147,7 @@ fi # Create three containers diff --git a/recipes-containers/lxc/lxc_4.0.6.bb b/recipes-containers/lxc/ lxc_4.0.9.bb similarity index 96% rename from recipes-containers/lxc/lxc_4.0.6.bb rename to recipes-containers/lxc/lxc_4.0.9.bb index c9bf3d0..7907291 100644 --- a/recipes-containers/lxc/lxc_4.0.6.bb +++ b/recipes-containers/lxc/lxc_4.0.9.bb @@ -49,12 +49,10 @@ SRC_URI = " http://linuxcontainers.org/downloads/${BPN}/${BPN}-${PV}.tar.gz \ file://tests-add-no-validate-when-using-download-template.patch \ file://dnsmasq.conf \ file://lxc-net \ - file://configure-skip-libseccomp-tests-if-it-is-disabled.patch \ - file://commands-fix-check-for-seccomp-notify-support.patch \ " -SRC_URI[md5sum] = "732571c7cb4ab845068afb227bf35256" -SRC_URI[sha256sum] = "9165dabc0bb6ef7f2fda2009aee90b20fbefe77ed8008347e9f06048eba1e463" +SRC_URI[md5sum] = "365fcca985038910e19a1e0fff15ed07" +SRC_URI[sha256sum] = "1fcf0610e9140eceb4be2334eb537bb9c5a213faea77c793ab3c62b86f37e52b" -- 2.17.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#8065): https://lists.yoctoproject.org/g/meta-virtualization/message/8065 Mute This Topic: https://lists.yoctoproject.org/mt/99007943/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
