From: sana kazi <[email protected]> Added fix_c_command.patch the -c command seems to be broken because the passed context is ignored and always overwritten by the context specified in the config file.
Signed-off-by: Sana Kazi <[email protected]> Signed-off-by: Sana Kazi <[email protected]> Signed-off-by: Bruce Ashfield <[email protected]> (cherry picked from commit 807506c777a45d805400ec6f47b45420e300c2e5) Signed-off-by: virendra thakur <[email protected]> --- .../lxc/files/fix_c_command.patch | 36 +++++++++++++++++++ recipes-containers/lxc/lxc_git.bb | 1 + 2 files changed, 37 insertions(+) create mode 100644 recipes-containers/lxc/files/fix_c_command.patch diff --git a/recipes-containers/lxc/files/fix_c_command.patch b/recipes-containers/lxc/files/fix_c_command.patch new file mode 100644 index 0000000..1ed8daf --- /dev/null +++ b/recipes-containers/lxc/files/fix_c_command.patch @@ -0,0 +1,36 @@ +From 9becf309a81806ef08acf9ca99ab95c1bcfa1f65 Mon Sep 17 00:00:00 2001 +From: Maximilian Blenk <[email protected]> +Date: Mon, 23 Aug 2021 15:39:28 +0200 +Subject: [PATCH] attach: Fix -c command + +Currently, the -c command (to set the selinux context) seems to be +broken because the passed context is ignored and always overwritten by +the context specified in the config file. The intention behind the -c +imho was to be able to manually overwrite this behavior. This patch +ensures that the selinux context will be set if passed via the command +line. + +Signed-off-by: Maximilian Blenk <[email protected]> +--- + src/lxc/tools/lxc_attach.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +Upstream-Status: Backport [ https://github.com/lxc/lxc/commit/9becf309a81806ef08acf9ca99ab95c1bcfa1f65.patch ] +Comment: No change in any hunk + +diff --git a/src/lxc/tools/lxc_attach.c b/src/lxc/tools/lxc_attach.c +index 0374d980b4..e6b388b20c 100644 +--- a/src/lxc/tools/lxc_attach.c ++++ b/src/lxc/tools/lxc_attach.c +@@ -379,7 +379,10 @@ int main(int argc, char *argv[]) + attach_options.gid = my_args.gid; + + // selinux_context will be NULL if not set +- attach_options.lsm_label = selinux_context; ++ if (selinux_context) { ++ attach_options.attach_flags |= LXC_ATTACH_LSM_LABEL; ++ attach_options.lsm_label = selinux_context; ++ } + + if (command.program) { + ret = c->attach_run_wait(c, &attach_options, command.program, diff --git a/recipes-containers/lxc/lxc_git.bb b/recipes-containers/lxc/ lxc_git.bb index 76e0493..f98cba0 100644 --- a/recipes-containers/lxc/lxc_git.bb +++ b/recipes-containers/lxc/lxc_git.bb @@ -50,6 +50,7 @@ SRC_URI = "git://github.com/lxc/lxc.git;branch=stable-4.0 \ file://dnsmasq.conf \ file://lxc-net \ file://enable_seccomp_profile_when_compiled_libseccomp.patch \ + file://fix_c_command.patch \ " SRCREV = "cec7cb14b2a4367d4cb21a90e1b90d0f98a9d874" -- 2.17.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#8068): https://lists.yoctoproject.org/g/meta-virtualization/message/8068 Mute This Topic: https://lists.yoctoproject.org/mt/99008088/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
