Hello community, here is the log from the commit of package lxc for openSUSE:Factory checked in at 2017-04-11 09:36:53 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/lxc (Old) and /work/SRC/openSUSE:Factory/.lxc.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lxc" Tue Apr 11 09:36:53 2017 rev:70 rq:483859 version:2.0.7 Changes: -------- --- /work/SRC/openSUSE:Factory/lxc/lxc.changes 2016-12-09 09:38:33.641620438 +0100 +++ /work/SRC/openSUSE:Factory/.lxc.new/lxc.changes 2017-04-11 09:36:58.458488200 +0200 @@ -1,0 +2,112 @@ +Thu Mar 30 06:31:37 UTC 2017 - [email protected] + +- fix for boo#1028264 + added patch 0003-CVE-2017-5985-Ensure-target-netns-is-caller-owned.patch + +------------------------------------------------------------------- +Wed Mar 29 20:01:55 UTC 2017 - [email protected] + +- backported two patches to get the package to build again for Tumbleweed + (applied only on tumbleweed aka suse_version >1315) + 0001-tree-wide-include-sys-sysmacros.h-directly.patch + 0002-tree-wide-include-sys-sysmacros.h-directly.patch + +------------------------------------------------------------------- +Fri Jan 27 19:10:11 UTC 2017 - [email protected] + +- all patches (00*.patch) are upstream already, thus deleted; patch lxc-aa_allow_incomplete-default.patch is now reworked and added as a drop-in file in /usr/share/lxc/config/common.conf.d/ + 0001-bdev-use-correct-overlay-module-name.patch + 0002-cleanup-tools-remove-name-from-lxc-top-usage-message.patch + 0003-cleanup-whitespaces-in-option-alignment-for-lxc-exec.patch + 0004-Use-full-GPG-fingerprint-instead-of-long-IDs.patch + 0005-tools-move-rcfile-to-the-common-options-list.patch + 0006-tools-set-configfile-after-load_config.patch + 0007-doc-add-rcfile-to-common-opts.patch + 0008-doc-Update-Korean-lxc-attach-1.patch + 0009-doc-Add-rcfile-to-Korean-common-opts.patch + 0010-doc-Add-rcfile-to-Japanese-common-opts.patch + 0011-tools-use-exit-EXIT_-everywhere.patch + 0012-tools-unify-exit-calls-outside-of-main.patch + 0013-utils-Add-mips-signalfd-syscall-numbers.patch + 0014-seccomp-Implement-MIPS-seccomp-handling.patch + 0015-seccomp-Add-mips-and-mips64-entries-to-lxc_config_pa.patch + 0016-seccomp-fix-strerror.patch + 0017-confile-add-more-archs-to-lxc_config_parse_arch.patch + 0018-seccomp-add-support-for-s390x.patch + 0019-seccomp-remove-double-include-and-order-includes.patch + 0020-seccomp-non-functional-changes.patch + 0021-templates-use-fd-9-instead-of-200.patch + 0022-templates-fedora-requires-openssl-binary.patch + 0023-tools-use-boolean-for-ret-in-lxc_device.c.patch + 0024-c-r-use-proc-self-tid-children-instead-of-pidfile.patch + 0025-c-r-Fix-pid_t-on-some-arches.patch + 0026-templates-Add-mips-hostarch-detection-to-debian.patch + 0027-cleanup-replace-tabs-wth-spaces-in-usage-strings.patch + lxc-aa_allow_incomplete-default.patch + 0001-attach-do-not-send-procfd-to-attached-process.patch + +------------------------------------------------------------------- +Tue Jan 24 15:51:26 UTC 2017 - [email protected] + +- update to version 2.0.7 + This is the seventh bugfix release for LXC 2.0. The main bugfixes in this release are: + - attach: Close lsm label file descriptor + - attach: Non-functional changes + - attach: Simplify lsm_openat() + - caps: Add lxc_cap_is_set() + - conf: attach: Save errno across call to close + - conf: Clearly report to either use drop or keep + - conf: criu: Add make_anonymous_mount_file() + - conf: Fix suggest_default_idmap() + - configure: Add --enable-gnutls option + - configure: Check for memfd_create() + - configure: Check whether gettid() is declared + - configure: Do not allow variable length arrays + - configure: Remove -Werror=vla + - configure: Use AC_HEADER_MAJOR to detect major()/minor()/makedev() + - conf: Non-functional changes + - conf: Remove thread-unsafe strsignal + improve log + - init: Add cgroupfs-mount to Should-Start/Stop sysvinit LSB headers + - log: Add lxc_unix_epoch_to_utc() + - log: Annotate lxc_unix_epoch_to_utc() + - log: Drop all timezone conversion functions + - log: Make sure that date is correctly formatted + - log: Use lxc_unix_epoch_to_utc() + - log: Use N/A if getpid() != gettid() when threaded + - log: Use thread-safe localtime_r() + - lvm: Supress warnings about leaked files + - lxccontainer: Log failure to send sig to init pid + - monitor: Add more logging + - monitor: Close mainloop on exit if we opened it + - monitor: Improve log + set log level to DEBUG + - monitor: Log which pipe fd is currently used + - monitor: Make lxc-monitord async signal safe + - monitor: Non-functional changes + - python3-lxc: Fix api_test.py on s390x + - start: Check for CAP_SETGID before setgroups() + - start: Fix execute and improve setgroups() calls + - state: Use async signal safe fun in lxc_wait() + - templates: lxc-debian: Don't try to get stuff from /usr/lib/systemd on the host + - templates: lxc-debian: Fix getty service startup + - templates: lxc-debian: Fix typo in calling dpkg with --print-foreign-architectures option + - templates: lxc-debian: Handle ppc hostarch -> powerpc + - templates: lxc-opensuse: Change openSUSE default release to Leap 42.2 + - templates: lxc-opensuse: Remove libgcc_s1 + - templates: lxc-opensuse: Remove poweroff.target -> sigpwr.target copy + - templates: lxc-opensuse: Set to be unconfined by AppArmor + - templates: lxc-opensuse: Update for Leap 42.2 + - tests; Don't cause test failures on cleanup errors + - tests: Skip unpriv tests on broken overlay module + - tools: Improve logging + - tools: lxc-start: Remove c->is_defined(c) check + - tools: lxc-start: Set configfile after load_config + - tools: Only check for O_RDONLY + - tree-wide: Random macro cleanups + - tree-wide: Remove any variable length arrays + - tree-wide: Sic semper assertis! + - utils: Add macro __LXC_NUMSTRLEN + - utils: Add uid, gid, group convenience wrappers + +- commented out the patches, as they no longer apply cleanly + +------------------------------------------------------------------- Old: ---- 0001-attach-do-not-send-procfd-to-attached-process.patch 0001-bdev-use-correct-overlay-module-name.patch 0002-cleanup-tools-remove-name-from-lxc-top-usage-message.patch 0003-cleanup-whitespaces-in-option-alignment-for-lxc-exec.patch 0004-Use-full-GPG-fingerprint-instead-of-long-IDs.patch 0005-tools-move-rcfile-to-the-common-options-list.patch 0006-tools-set-configfile-after-load_config.patch 0007-doc-add-rcfile-to-common-opts.patch 0008-doc-Update-Korean-lxc-attach-1.patch 0009-doc-Add-rcfile-to-Korean-common-opts.patch 0010-doc-Add-rcfile-to-Japanese-common-opts.patch 0011-tools-use-exit-EXIT_-everywhere.patch 0012-tools-unify-exit-calls-outside-of-main.patch 0013-utils-Add-mips-signalfd-syscall-numbers.patch 0014-seccomp-Implement-MIPS-seccomp-handling.patch 0015-seccomp-Add-mips-and-mips64-entries-to-lxc_config_pa.patch 0016-seccomp-fix-strerror.patch 0017-confile-add-more-archs-to-lxc_config_parse_arch.patch 0018-seccomp-add-support-for-s390x.patch 0019-seccomp-remove-double-include-and-order-includes.patch 0020-seccomp-non-functional-changes.patch 0021-templates-use-fd-9-instead-of-200.patch 0022-templates-fedora-requires-openssl-binary.patch 0023-tools-use-boolean-for-ret-in-lxc_device.c.patch 0024-c-r-use-proc-self-tid-children-instead-of-pidfile.patch 0025-c-r-Fix-pid_t-on-some-arches.patch 0026-templates-Add-mips-hostarch-detection-to-debian.patch 0027-cleanup-replace-tabs-wth-spaces-in-usage-strings.patch lxc-2.0.4.tar.gz lxc-aa_allow_incomplete-default.patch New: ---- 0001-tree-wide-include-sys-sysmacros.h-directly.patch 0002-tree-wide-include-sys-sysmacros.h-directly.patch 0003-CVE-2017-5985-Ensure-target-netns-is-caller-owned.patch lxc-2.0.7.tar.gz openSUSE_apparmor_mount.conf ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lxc.spec ++++++ --- /var/tmp/diff_new_pack.MuACMF/_old 2017-04-11 09:36:59.386357127 +0200 +++ /var/tmp/diff_new_pack.MuACMF/_new 2017-04-11 09:36:59.386357127 +0200 @@ -18,44 +18,21 @@ %define shlib_version 1 Name: lxc -Version: 2.0.4 +Version: 2.0.7 Release: 0 Url: http://linuxcontainers.org/ Summary: Userspace tools for Linux kernel containers License: LGPL-2.1+ Group: System/Management Source: http://linuxcontainers.org/downloads/%{name}-%{version}.tar.gz -Source1: README.SUSE -Source2: lxc-createconfig.in -Patch0001: 0001-bdev-use-correct-overlay-module-name.patch -Patch0002: 0002-cleanup-tools-remove-name-from-lxc-top-usage-message.patch -Patch0003: 0003-cleanup-whitespaces-in-option-alignment-for-lxc-exec.patch -Patch0004: 0004-Use-full-GPG-fingerprint-instead-of-long-IDs.patch -Patch0005: 0005-tools-move-rcfile-to-the-common-options-list.patch -Patch0006: 0006-tools-set-configfile-after-load_config.patch -Patch0007: 0007-doc-add-rcfile-to-common-opts.patch -Patch0008: 0008-doc-Update-Korean-lxc-attach-1.patch -Patch0009: 0009-doc-Add-rcfile-to-Korean-common-opts.patch -Patch0010: 0010-doc-Add-rcfile-to-Japanese-common-opts.patch -Patch0011: 0011-tools-use-exit-EXIT_-everywhere.patch -Patch0012: 0012-tools-unify-exit-calls-outside-of-main.patch -Patch0013: 0013-utils-Add-mips-signalfd-syscall-numbers.patch -Patch0014: 0014-seccomp-Implement-MIPS-seccomp-handling.patch -Patch0015: 0015-seccomp-Add-mips-and-mips64-entries-to-lxc_config_pa.patch -Patch0016: 0016-seccomp-fix-strerror.patch -Patch0017: 0017-confile-add-more-archs-to-lxc_config_parse_arch.patch -Patch0018: 0018-seccomp-add-support-for-s390x.patch -Patch0019: 0019-seccomp-remove-double-include-and-order-includes.patch -Patch0020: 0020-seccomp-non-functional-changes.patch -Patch0021: 0021-templates-use-fd-9-instead-of-200.patch -Patch0022: 0022-templates-fedora-requires-openssl-binary.patch -Patch0023: 0023-tools-use-boolean-for-ret-in-lxc_device.c.patch -Patch0024: 0024-c-r-use-proc-self-tid-children-instead-of-pidfile.patch -Patch0025: 0025-c-r-Fix-pid_t-on-some-arches.patch -Patch0026: 0026-templates-Add-mips-hostarch-detection-to-debian.patch -Patch0027: 0027-cleanup-replace-tabs-wth-spaces-in-usage-strings.patch -Patch0028: lxc-aa_allow_incomplete-default.patch -Patch0029: 0001-attach-do-not-send-procfd-to-attached-process.patch +Source1: lxc-createconfig.in +Source2: README.SUSE +Source3: openSUSE_apparmor_mount.conf +%if 0%{?suse_version} > 1315 +Patch0: 0001-tree-wide-include-sys-sysmacros.h-directly.patch +Patch1: 0002-tree-wide-include-sys-sysmacros.h-directly.patch +%endif +Patch2: 0003-CVE-2017-5985-Ensure-target-netns-is-caller-owned.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: docbook-utils @@ -119,35 +96,11 @@ %prep %setup -%patch0001 -p1 -%patch0002 -p1 -%patch0003 -p1 -%patch0004 -p1 -%patch0005 -p1 -%patch0006 -p1 -%patch0007 -p1 -%patch0008 -p1 -%patch0009 -p1 -%patch0010 -p1 -%patch0011 -p1 -%patch0012 -p1 -%patch0013 -p1 -%patch0014 -p1 -%patch0015 -p1 -%patch0016 -p1 -%patch0017 -p1 -%patch0018 -p1 -%patch0019 -p1 -%patch0020 -p1 -%patch0021 -p1 -%patch0022 -p1 -%patch0023 -p1 -%patch0024 -p1 -%patch0025 -p1 -%patch0026 -p1 -%patch0027 -p1 -%patch0028 -p1 -%patch0029 -p1 +%if 0%{?suse_version} > 1315 +%patch0 -p1 +%patch1 -p1 +%endif +%patch2 -p1 %build chmod 755 configure @@ -156,7 +109,8 @@ --with-init-script=systemd \ --with-systemdsystemunitdir=%{_unitdir} make %{?_smp_mflags} -cp %{SOURCE1} . +cp %{SOURCE2} . +cp %{SOURCE3} . rm -rf .doc mkdir -p .doc/examples cp doc/examples/*.conf .doc/examples @@ -166,10 +120,11 @@ install -d -m 755 %{buildroot}/var/lib/lxc find %buildroot -type f -name '*.la' -delete chmod u-s %{buildroot}/%{_libexecdir}/%{name}/lxc-user-nic -./config.status --file=%{buildroot}%{_bindir}/lxc-createconfig:%{S:2} +./config.status --file=%{buildroot}%{_bindir}/lxc-createconfig:%{S:1} chmod a+x %{buildroot}%{_bindir}/lxc-createconfig ln -s /usr/sbin/service %{buildroot}%{_sbindir}/rclxc ln -s /usr/sbin/service %{buildroot}%{_sbindir}/rclxc-net +%__cp %{SOURCE3} %{buildroot}/usr/share/lxc/config/common.conf.d/ %fdupes %{buildroot}/%{_datadir}/%{name}/config/ %pre ++++++ 0001-tree-wide-include-sys-sysmacros.h-directly.patch ++++++ >From 1750a26028f6e6543795fe6b1d26e8f241348390 Mon Sep 17 00:00:00 2001 From: Christian Brauner <[email protected]> Date: Mon, 20 Mar 2017 15:42:50 +0100 Subject: [PATCH] tree-wide: include <sys/sysmacros.h> directly Signed-off-by: Christian Brauner <[email protected]> Signed-off-by: Johannes Kastl <[email protected]> --- src/lxc/bdev/lxclvm.c | 4 +--- src/lxc/conf.c | 4 +--- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/src/lxc/bdev/lxclvm.c b/src/lxc/bdev/lxclvm.c index 75de17f6..bcd8be8f 100644 --- a/src/lxc/bdev/lxclvm.c +++ b/src/lxc/bdev/lxclvm.c @@ -29,6 +29,7 @@ #include <stdlib.h> #include <string.h> #include <unistd.h> +#include <sys/sysmacros.h> #include <sys/wait.h> #include "bdev.h" @@ -41,9 +42,6 @@ #ifdef MAJOR_IN_MKDEV # include <sys/mkdev.h> #endif -#ifdef MAJOR_IN_SYSMACROS -# include <sys/sysmacros.h> -#endif lxc_log_define(lxclvm, lxc); diff --git a/src/lxc/conf.c b/src/lxc/conf.c index 6b345256..a02a82b2 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -47,6 +47,7 @@ #include <sys/prctl.h> #include <sys/stat.h> #include <sys/socket.h> +#include <sys/sysmacros.h> #include <sys/syscall.h> #include <sys/types.h> #include <sys/utsname.h> @@ -56,9 +57,6 @@ #ifdef MAJOR_IN_MKDEV # include <sys/mkdev.h> #endif -#ifdef MAJOR_IN_SYSMACROS -# include <sys/sysmacros.h> -#endif #ifdef HAVE_STATVFS #include <sys/statvfs.h> -- 2.12.2 ++++++ 0002-tree-wide-include-sys-sysmacros.h-directly.patch ++++++ >From cef0cc991720bbf9ac9a8492a7aa7170daf17b07 Mon Sep 17 00:00:00 2001 From: Christian Brauner <[email protected]> Date: Tue, 21 Mar 2017 12:03:16 +0100 Subject: [PATCH] tree-wide: include <sys/sysmacros.h> directly Signed-off-by: Christian Brauner <[email protected]> Signed-off-by: Johannes Kastl <[email protected]> --- src/lxc/lxccontainer.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c index 0dbbf2c1..47869081 100644 --- a/src/lxc/lxccontainer.c +++ b/src/lxc/lxccontainer.c @@ -31,6 +31,7 @@ #include <stdio.h> #include <unistd.h> #include <arpa/inet.h> +#include <sys/sysmacros.h> #include <sys/mman.h> #include <sys/mount.h> #include <sys/syscall.h> @@ -64,9 +65,6 @@ #ifdef MAJOR_IN_MKDEV # include <sys/mkdev.h> #endif -#ifdef MAJOR_IN_SYSMACROS -# include <sys/sysmacros.h> -#endif #if HAVE_IFADDRS_H #include <ifaddrs.h> -- 2.12.2 ++++++ 0003-CVE-2017-5985-Ensure-target-netns-is-caller-owned.patch ++++++ >From d512bd5efb0e407eba350c4e649c464a65b712a3 Mon Sep 17 00:00:00 2001 From: Christian Brauner <[email protected]> Date: Sat, 28 Jan 2017 13:02:34 +0100 Subject: [PATCH] CVE-2017-5985: Ensure target netns is caller-owned Before this commit, lxc-user-nic could potentially have been tricked into operating on a network namespace over which the caller did not hold privilege. This commit ensures that the caller is privileged over the network namespace by temporarily dropping privilege. Launchpad: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1654676 Reported-by: Jann Horn <[email protected]> Signed-off-by: Christian Brauner <[email protected]> Signed-off-by: Johannes Kastl <[email protected]> --- src/lxc/lxc_user_nic.c | 119 ++++++++++++++++++++++++++++++++++++------------- 1 file changed, 87 insertions(+), 32 deletions(-) diff --git a/src/lxc/lxc_user_nic.c b/src/lxc/lxc_user_nic.c index 409a53a1..96dc3986 100644 --- a/src/lxc/lxc_user_nic.c +++ b/src/lxc/lxc_user_nic.c @@ -50,6 +50,14 @@ #include "utils.h" #include "network.h" +#define usernic_debug_stream(stream, format, ...) \ + do { \ + fprintf(stream, "%s: %d: %s: " format, __FILE__, __LINE__, \ + __func__, __VA_ARGS__); \ + } while (false) + +#define usernic_error(format, ...) usernic_debug_stream(stderr, format, __VA_ARGS__) + static void usage(char *me, bool fail) { fprintf(stderr, "Usage: %s lxcpath name pid type bridge nicname\n", me); @@ -670,68 +678,115 @@ again: } #define VETH_DEF_NAME "eth%d" - static int rename_in_ns(int pid, char *oldname, char **newnamep) { - int fd = -1, ofd = -1, ret, ifindex = -1; + uid_t ruid, suid, euid; + int fret = -1; + int fd = -1, ifindex = -1, ofd = -1, ret; bool grab_newname = false; ofd = lxc_preserve_ns(getpid(), "net"); if (ofd < 0) { - fprintf(stderr, "Failed opening network namespace path for '%d'.", getpid()); - return -1; + usernic_error("Failed opening network namespace path for '%d'.", getpid()); + return fret; } fd = lxc_preserve_ns(pid, "net"); if (fd < 0) { - fprintf(stderr, "Failed opening network namespace path for '%d'.", pid); - return -1; + usernic_error("Failed opening network namespace path for '%d'.", pid); + goto do_partial_cleanup; + } + + ret = getresuid(&ruid, &euid, &suid); + if (ret < 0) { + usernic_error("Failed to retrieve real, effective, and saved " + "user IDs: %s\n", + strerror(errno)); + goto do_partial_cleanup; + } + + ret = setns(fd, CLONE_NEWNET); + close(fd); + fd = -1; + if (ret < 0) { + usernic_error("Failed to setns() to the network namespace of " + "the container with PID %d: %s.\n", + pid, strerror(errno)); + goto do_partial_cleanup; } - if (setns(fd, 0) < 0) { - fprintf(stderr, "setns to container network namespace\n"); - goto out_err; + ret = setresuid(ruid, ruid, 0); + if (ret < 0) { + usernic_error("Failed to drop privilege by setting effective " + "user id and real user id to %d, and saved user " + "ID to 0: %s.\n", + ruid, strerror(errno)); + // COMMENT(brauner): It's ok to jump to do_full_cleanup here + // since setresuid() will succeed when trying to set real, + // effective, and saved to values they currently have. + goto do_full_cleanup; } - close(fd); fd = -1; + if (!*newnamep) { grab_newname = true; *newnamep = VETH_DEF_NAME; - if (!(ifindex = if_nametoindex(oldname))) { - fprintf(stderr, "failed to get netdev index\n"); - goto out_err; + + ifindex = if_nametoindex(oldname); + if (!ifindex) { + usernic_error("Failed to get netdev index: %s.\n", strerror(errno)); + goto do_full_cleanup; } } - if ((ret = lxc_netdev_rename_by_name(oldname, *newnamep)) < 0) { - fprintf(stderr, "Error %d renaming netdev %s to %s in container\n", ret, oldname, *newnamep); - goto out_err; + + ret = lxc_netdev_rename_by_name(oldname, *newnamep); + if (ret < 0) { + usernic_error("Error %d renaming netdev %s to %s in container.\n", ret, oldname, *newnamep); + goto do_full_cleanup; } + if (grab_newname) { - char ifname[IFNAMSIZ], *namep = ifname; + char ifname[IFNAMSIZ]; + char *namep = ifname; + if (!if_indextoname(ifindex, namep)) { - fprintf(stderr, "Failed to get new netdev name\n"); - goto out_err; + usernic_error("Failed to get new netdev name: %s.\n", strerror(errno)); + goto do_full_cleanup; } + *newnamep = strdup(namep); if (!*newnamep) - goto out_err; + goto do_full_cleanup; } - if (setns(ofd, 0) < 0) { - fprintf(stderr, "Error returning to original netns\n"); - close(ofd); - return -1; + + fret = 0; + +do_full_cleanup: + ret = setresuid(ruid, euid, suid); + if (ret < 0) { + usernic_error("Failed to restore privilege by setting effective " + "user id to %d, real user id to %d, and saved user " + "ID to %d: %s.\n", + ruid, euid, suid, strerror(errno)); + fret = -1; + // COMMENT(brauner): setns() should fail if setresuid() doesn't + // succeed but there's no harm in falling through; keeps the + // code cleaner. } - close(ofd); - return 0; + ret = setns(ofd, CLONE_NEWNET); + if (ret < 0) { + usernic_error("Failed to setns() to original network namespace " + "of PID %d: %s.\n", + ofd, strerror(errno)); + fret = -1; + } -out_err: - if (ofd >= 0) - close(ofd); - if (setns(ofd, 0) < 0) - fprintf(stderr, "Error returning to original network namespace\n"); +do_partial_cleanup: if (fd >= 0) close(fd); - return -1; + close(ofd); + + return fret; } /* -- 2.12.2 ++++++ lxc-2.0.4.tar.gz -> lxc-2.0.7.tar.gz ++++++ ++++ 51718 lines of diff (skipped) ++++++ openSUSE_apparmor_mount.conf ++++++ # workaround for lxc-start problem with apparmor lxc.aa_allow_incomplete = 1
