Hello community, here is the log from the commit of package lxc for openSUSE:Factory checked in at 2018-07-21 10:25:11 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/lxc (Old) and /work/SRC/openSUSE:Factory/.lxc.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lxc" Sat Jul 21 10:25:11 2018 rev:77 rq:624121 version:2.0.9 Changes: -------- --- /work/SRC/openSUSE:Factory/lxc/lxc.changes 2018-07-12 09:21:17.034596336 +0200 +++ /work/SRC/openSUSE:Factory/.lxc.new/lxc.changes 2018-07-21 10:25:16.266956744 +0200 @@ -1,0 +2,7 @@ +Thu Jul 19 12:56:36 UTC 2018 - [email protected] + +- Add upstream patch to fix container start up problems when AppArmor + is enabled (boo#1099239) + * 0001-apparmor-Allow-usr-lib-paths-for-mount-and-pivot_roo.patch + +------------------------------------------------------------------- New: ---- 0001-apparmor-Allow-usr-lib-paths-for-mount-and-pivot_roo.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lxc.spec ++++++ --- /var/tmp/diff_new_pack.VzYV41/_old 2018-07-21 10:25:16.730956632 +0200 +++ /var/tmp/diff_new_pack.VzYV41/_new 2018-07-21 10:25:16.730956632 +0200 @@ -30,6 +30,8 @@ Source3: lxc-createconfig.in Source4: README.SUSE Source5: openSUSE_apparmor_mount.conf +# PATCH-FIX-UPSTREAM: 0001-apparmor-Allow-usr-lib-paths-for-mount-and-pivot_roo.patch (boo#1099239) +Patch0: 0001-apparmor-Allow-usr-lib-paths-for-mount-and-pivot_roo.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: docbook-utils @@ -98,6 +100,7 @@ %prep %setup +%patch0 -p1 %build chmod 755 configure ++++++ 0001-apparmor-Allow-usr-lib-paths-for-mount-and-pivot_roo.patch ++++++ >From 733e3757603f37375bbd4a1b229e91a88036297f Mon Sep 17 00:00:00 2001 From: Markos Chandras <[email protected]> Date: Thu, 19 Jul 2018 12:12:13 +0100 Subject: [PATCH] apparmor: Allow /usr/lib* paths for mount and pivot_root openSUSE Leap 15 is using --libdir=/usr/lib64 when building for x86_64 so we need to allow this path in the apparmor profiles. Link: https://bugzilla.opensuse.org/show_bug.cgi?id=1099239 Signed-off-by: Markos Chandras <[email protected]> --- config/apparmor/abstractions/start-container | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/config/apparmor/abstractions/start-container b/config/apparmor/abstractions/start-container index fa64c278..414d058b 100644 --- a/config/apparmor/abstractions/start-container +++ b/config/apparmor/abstractions/start-container @@ -9,8 +9,8 @@ ptrace, # currently blocked by apparmor bug - mount -> /usr/lib/*/lxc/{**,}, - mount -> /usr/lib/lxc/{**,}, + mount -> /usr/lib*/*/lxc/{**,}, + mount -> /usr/lib*/lxc/{**,}, mount fstype=devpts -> /dev/pts/, mount options=bind /dev/pts/ptmx/ -> /dev/ptmx/, mount options=bind /dev/pts/** -> /dev/**, @@ -34,10 +34,10 @@ # This may look a bit redundant, however it appears we need all of # them if we want things to work properly on all combinations of kernel # and userspace parser... - pivot_root /usr/lib/lxc/, - pivot_root /usr/lib/*/lxc/, - pivot_root /usr/lib/lxc/**, - pivot_root /usr/lib/*/lxc/**, + pivot_root /usr/lib*/lxc/, + pivot_root /usr/lib*/*/lxc/, + pivot_root /usr/lib*/lxc/**, + pivot_root /usr/lib*/*/lxc/**, change_profile -> lxc-*, change_profile -> unconfined, -- 2.18.0
