Hello community, here is the log from the commit of package lxc for openSUSE:Factory checked in at 2016-08-03 11:44:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/lxc (Old) and /work/SRC/openSUSE:Factory/.lxc.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lxc" Changes: -------- --- /work/SRC/openSUSE:Factory/lxc/lxc.changes 2016-06-21 12:29:25.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.lxc.new/lxc.changes 2016-08-03 11:44:29.000000000 +0200 @@ -1,0 +2,45 @@ +Sat Jul 23 07:49:02 UTC 2016 - [email protected] + +- Abolish old macro use. Remove ancient %clean section. + Avoid sh invocation for simple ldconfig calls. + +------------------------------------------------------------------- +Sat Jul 9 11:38:48 UTC 2016 - [email protected] + +- add lxcfs dependency: lxc relies on lxcfs for a long time now to provide + container aware /proc files. The /sys/fs/cgroup part is slowly phased out + because we now have cgroup namespaces. + +------------------------------------------------------------------- +Sat Jul 9 06:01:58 UTC 2016 - [email protected] + +- Split into packages to follow best practice. + * lxc + * liblxc1 + * liblxc-devel + Also, we need liblxc1 to be separately installable from LXC for LXD. +- Tweak descriptions. + +------------------------------------------------------------------- +Thu Jul 7 21:57:24 UTC 2016 - [email protected] + +- Update to 2.0.3 (changes since 2.0.1): + * apparmor: Refresh generated file + * apparmor: add make-rslave to usr.bin.lxc-start + * apparmor: Allow bind-mounts and {r}shared/{r}private + * apparmor: allow mount move + * apparmor: Update mount states handling + * core: Drop lxc-devsetup as unneeded by current autodev + * core: Fix redefinition of struct in6_addr + * core: Include all lxcmntent.h function declarations on Bionic + * c/r: c/r: use criu's "full" mode for cgroups + * systemd: start containers in foreground when using the [email protected] + * templates: debian: Make sure init is installed + * templates: oracle: Fix console login + * templates: plamo: Fix various issues + * templates: ubuntu: Install apt-transport-https by default + * travis: ensure 'make install' doesn't fail + * travis: test VPATH builds + * upstart: Force lxc-instance to behave like a good Upstart client + +------------------------------------------------------------------- Old: ---- lxc-2.0.1.tar.gz New: ---- lxc-2.0.3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lxc.spec ++++++ --- /var/tmp/diff_new_pack.FZsDFk/_old 2016-08-03 11:44:30.000000000 +0200 +++ /var/tmp/diff_new_pack.FZsDFk/_new 2016-08-03 11:44:30.000000000 +0200 @@ -16,11 +16,12 @@ # +%define shlib_version 1 Name: lxc -Version: 2.0.1 +Version: 2.0.3 Release: 0 Url: http://linuxcontainers.org/ -Summary: Userspace tools for the Linux kernel containers +Summary: Userspace tools for Linux kernel containers License: LGPL-2.1+ Group: System/Management Source: http://linuxcontainers.org/downloads/%{name}-%{version}.tar.gz @@ -49,6 +50,7 @@ %endif Requires: /sbin/setcap +Requires: lxcfs Requires: rsync %{?systemd_requires} @@ -57,23 +59,35 @@ Recommends: criu >= 2.0 %description -It provides commands to create and manage containers. It contains a -full featured container with the isolation/virtualization of the pids, -the ipc, the utsname, the mount points, /proc, /sys, the network and it -takes into account the control groups. It is very light, flexible, and -provides a set of tools around the container like the monitoring with -asynchronous events notification, or the freeze of the container. This -package is useful to create Virtual Private Server, or to run isolated -applications like bash or sshd. +LXC provides commands to create and manage containers. Current LXC uses the +following kernel features to contain processes: +- Kernel namespaces (ipc, uts, mount, pid, network and user) +- Apparmor and SELinux profiles +- Seccomp policies +- Chroots (using pivot_root) +- Kernel capabilities +- CGroups (control groups) +LXC containers are often considered as something in the middle between a chroot +and a full fledged virtual machine. The goal of LXC is to create an environment +as close as possible to a standard Linux installation but without the need for a +separate kernel. -%package devel -Summary: Development library for lxc +%package -n liblxc%{shlib_version} +Summary: LXC container runtime library +License: LGPL-2.1 +Group: System/Libraries + +%description -n liblxc%{shlib_version} +Provides the LXC container runtime library. + +%package -n liblxc-devel +Summary: LXC container runtime library development files License: LGPL-2.1 Group: Development/Libraries/C and C++ -Requires: %name = %version +Requires: liblxc%{shlib_version} = %version -%description devel -Lxc header files and library needed for development of containers. +%description -n liblxc-devel +Provides the LXC container runtime library development files %prep %setup -q @@ -85,52 +99,62 @@ --disable-rpath \ --with-init-script=systemd \ --with-systemdsystemunitdir=%{_unitdir} -%__make %{?_smp_mflags} -%__cp %{SOURCE1} . -%__rm -rf .doc -%__mkdir_p .doc/examples -%__cp doc/examples/*.conf .doc/examples +make %{?_smp_mflags} +cp %{SOURCE1} . +rm -rf .doc +mkdir -p .doc/examples +cp doc/examples/*.conf .doc/examples %install -%makeinstall +%make_install install -d -m 755 %{buildroot}/var/lib/lxc find %buildroot -type f -name '*.la' -delete -chmod u-s %{buildroot}/usr/lib/lxc/lxc-user-nic +chmod u-s %{buildroot}/%{_libexecdir}/%{name}/lxc-user-nic ./config.status --file=%{buildroot}%{_bindir}/lxc-createconfig:%{S:2} chmod a+x %{buildroot}%{_bindir}/lxc-createconfig ln -s /usr/sbin/service %{buildroot}%{_sbindir}/rclxc ln -s /usr/sbin/service %{buildroot}%{_sbindir}/rclxc-net %fdupes %{buildroot}/%{_datadir}/%{name}/config/ -%clean -%__rm -rf %buildroot - %pre -%service_add_pre lxc.service lxc-net.service +%service_add_pre [email protected] lxc.service lxc-net.service %post -/sbin/ldconfig -%service_add_post lxc.service lxc-net.service +%service_add_post [email protected] lxc.service lxc-net.service %preun -%service_del_preun lxc.service lxc-net.service +%service_del_preun [email protected] lxc.service lxc-net.service %postun -/sbin/ldconfig -%service_del_postun lxc.service lxc-net.service +%service_del_postun [email protected] lxc.service lxc-net.service + +%post -n liblxc%{shlib_version} -p /sbin/ldconfig +%postun -n liblxc%{shlib_version} -p /sbin/ldconfig %files %defattr(-,root,root) -%doc AUTHORS MAINTAINERS COPYING README doc/FAQ.txt +%doc README doc/FAQ.txt %doc README.SUSE -%doc .doc/examples %dir %{_sysconfdir}/%{name}/ %config %{_sysconfdir}/%{name}/default.conf %config(noreplace) %{_sysconfdir}/default/%{name} -%{_libdir}/lib%{name}.so.* -%{_libexecdir}/%name -%{_libdir}/%name -%{_datadir}/%name + +# On non 64bit versions of SUSE {_libdir} will be /usr/lib and thus equivalent +# to {_libexecdir}. Hence, the next directive would install everything in +# /usr/lib but we want to exclude some files because they get installed +# together with the liblxc subpackage on which lxc depends. +%dir %{_libdir}/%{name} +%{_libdir}/%{name}/rootfs + +%dir %{_libexecdir}/%{name} +%{_libexecdir}/%{name}/hooks +%{_libexecdir}/%{name}/lxc-containers +%{_libexecdir}/%{name}/lxc-net +%exclude %{_libexecdir}/%{name}/lxc-apparmor-load +%exclude %{_libexecdir}/%{name}/lxc-monitord +%exclude %{_libexecdir}/%{name}/lxc-user-nic + +%{_datadir}/%{name} %dir /var/lib/lxc %{_bindir}/%{name}-* %{_sbindir}/init.lxc @@ -142,6 +166,13 @@ %_unitdir/%{name}@.service %python3_sitearch/%{name}/ %python3_sitearch/_%{name}* +%config %{_sysconfdir}/bash_completion.d/%{name} + +%files -n liblxc%{shlib_version} +%defattr(-,root,root) +%{_libdir}/lib%{name}.so.* +%doc AUTHORS MAINTAINERS COPYING +%doc .doc/examples %dir %{_sysconfdir}/apparmor.d %dir %{_sysconfdir}/apparmor.d/abstractions %dir %{_sysconfdir}/apparmor.d/abstractions/lxc @@ -154,12 +185,14 @@ %config %{_sysconfdir}/apparmor.d/lxc/lxc-default-with-mounting %config %{_sysconfdir}/apparmor.d/lxc/lxc-default-with-nesting %config %{_sysconfdir}/apparmor.d/usr.bin.lxc-start -%config %{_sysconfdir}/bash_completion.d/%{name} +%{_libexecdir}/%{name}/lxc-apparmor-load +%{_libexecdir}/%{name}/lxc-monitord +%{_libexecdir}/%{name}/lxc-user-nic -%files devel +%files -n liblxc-devel %defattr(-,root,root) -%{_includedir}/%name %{_libdir}/lib%{name}.so +%{_includedir}/%name %{_libdir}/pkgconfig/%{name}.pc %changelog ++++++ lxc-2.0.1.tar.gz -> lxc-2.0.3.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lxc-2.0.1/config/apparmor/Makefile.in new/lxc-2.0.3/config/apparmor/Makefile.in --- old/lxc-2.0.1/config/apparmor/Makefile.in 2016-05-16 22:38:44.000000000 +0200 +++ new/lxc-2.0.3/config/apparmor/Makefile.in 2016-06-28 21:39:33.000000000 +0200 @@ -403,8 +403,8 @@ maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -@ENABLE_APPARMOR_FALSE@uninstall-local: @ENABLE_APPARMOR_FALSE@install-data-local: +@ENABLE_APPARMOR_FALSE@uninstall-local: clean: clean-am clean-am: clean-generic mostlyclean-am diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lxc-2.0.1/config/apparmor/abstractions/container-base new/lxc-2.0.3/config/apparmor/abstractions/container-base --- old/lxc-2.0.1/config/apparmor/abstractions/container-base 2016-05-16 22:38:39.000000000 +0200 +++ new/lxc-2.0.3/config/apparmor/abstractions/container-base 2016-06-28 21:39:28.000000000 +0200 @@ -60,13 +60,6 @@ mount fstype=fuse, mount fstype=fuse.*, - # allow bind mount of /lib/init/fstab for lxcguest - mount options=(rw, bind) /lib/init/fstab.lxc/ -> /lib/init/fstab/, - - # allow bind mounts of /run/{,lock} to /var/run/{,lock} - mount options=(rw, bind) /run/ -> /var/run/, - mount options=(rw, bind) /run/lock/ -> /var/lock/, - # deny access under /proc/bus to avoid e.g. messing with pci devices directly deny @{PROC}/bus/** wklx, @@ -100,6 +93,53 @@ # deny reads from debugfs deny /sys/kernel/debug/{,**} rwklx, + # allow paths to be made slave, shared, private or unbindable + # FIXME: This currently doesn't work due to the apparmor parser treating those as allowing all mounts. +# mount options=(rw,make-slave) -> **, +# mount options=(rw,make-rslave) -> **, +# mount options=(rw,make-shared) -> **, +# mount options=(rw,make-rshared) -> **, +# mount options=(rw,make-private) -> **, +# mount options=(rw,make-rprivate) -> **, +# mount options=(rw,make-unbindable) -> **, +# mount options=(rw,make-runbindable) -> **, + + # allow bind-mounts of anything except /proc, /sys and /dev + mount options=(rw,bind) /[^spd]*{,/**}, + mount options=(rw,bind) /d[^e]*{,/**}, + mount options=(rw,bind) /de[^v]*{,/**}, + mount options=(rw,bind) /dev/.[^l]*{,/**}, + mount options=(rw,bind) /dev/.l[^x]*{,/**}, + mount options=(rw,bind) /dev/.lx[^c]*{,/**}, + mount options=(rw,bind) /dev/.lxc?*{,/**}, + mount options=(rw,bind) /dev/[^.]*{,/**}, + mount options=(rw,bind) /dev?*{,/**}, + mount options=(rw,bind) /p[^r]*{,/**}, + mount options=(rw,bind) /pr[^o]*{,/**}, + mount options=(rw,bind) /pro[^c]*{,/**}, + mount options=(rw,bind) /proc?*{,/**}, + mount options=(rw,bind) /s[^y]*{,/**}, + mount options=(rw,bind) /sy[^s]*{,/**}, + mount options=(rw,bind) /sys?*{,/**}, + + # allow moving mounts except for /proc, /sys and /dev + mount options=(rw,move) /[^spd]*{,/**}, + mount options=(rw,move) /d[^e]*{,/**}, + mount options=(rw,move) /de[^v]*{,/**}, + mount options=(rw,move) /dev/.[^l]*{,/**}, + mount options=(rw,move) /dev/.l[^x]*{,/**}, + mount options=(rw,move) /dev/.lx[^c]*{,/**}, + mount options=(rw,move) /dev/.lxc?*{,/**}, + mount options=(rw,move) /dev/[^.]*{,/**}, + mount options=(rw,move) /dev?*{,/**}, + mount options=(rw,move) /p[^r]*{,/**}, + mount options=(rw,move) /pr[^o]*{,/**}, + mount options=(rw,move) /pro[^c]*{,/**}, + mount options=(rw,move) /proc?*{,/**}, + mount options=(rw,move) /s[^y]*{,/**}, + mount options=(rw,move) /sy[^s]*{,/**}, + mount options=(rw,move) /sys?*{,/**}, + # generated by: lxc-generate-aa-rules.py container-rules.base deny /proc/sys/[^kn]*{,/**} wklx, deny /proc/sys/k[^e]*{,/**} wklx, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lxc-2.0.1/config/apparmor/abstractions/container-base.in new/lxc-2.0.3/config/apparmor/abstractions/container-base.in --- old/lxc-2.0.1/config/apparmor/abstractions/container-base.in 2016-05-16 22:38:39.000000000 +0200 +++ new/lxc-2.0.3/config/apparmor/abstractions/container-base.in 2016-06-28 21:39:28.000000000 +0200 @@ -60,13 +60,6 @@ mount fstype=fuse, mount fstype=fuse.*, - # allow bind mount of /lib/init/fstab for lxcguest - mount options=(rw, bind) /lib/init/fstab.lxc/ -> /lib/init/fstab/, - - # allow bind mounts of /run/{,lock} to /var/run/{,lock} - mount options=(rw, bind) /run/ -> /var/run/, - mount options=(rw, bind) /run/lock/ -> /var/lock/, - # deny access under /proc/bus to avoid e.g. messing with pci devices directly deny @{PROC}/bus/** wklx, @@ -100,3 +93,50 @@ # deny reads from debugfs deny /sys/kernel/debug/{,**} rwklx, + # allow paths to be made slave, shared, private or unbindable + # FIXME: This currently doesn't work due to the apparmor parser treating those as allowing all mounts. +# mount options=(rw,make-slave) -> **, +# mount options=(rw,make-rslave) -> **, +# mount options=(rw,make-shared) -> **, +# mount options=(rw,make-rshared) -> **, +# mount options=(rw,make-private) -> **, +# mount options=(rw,make-rprivate) -> **, +# mount options=(rw,make-unbindable) -> **, +# mount options=(rw,make-runbindable) -> **, + + # allow bind-mounts of anything except /proc, /sys and /dev + mount options=(rw,bind) /[^spd]*{,/**}, + mount options=(rw,bind) /d[^e]*{,/**}, + mount options=(rw,bind) /de[^v]*{,/**}, + mount options=(rw,bind) /dev/.[^l]*{,/**}, + mount options=(rw,bind) /dev/.l[^x]*{,/**}, + mount options=(rw,bind) /dev/.lx[^c]*{,/**}, + mount options=(rw,bind) /dev/.lxc?*{,/**}, + mount options=(rw,bind) /dev/[^.]*{,/**}, + mount options=(rw,bind) /dev?*{,/**}, + mount options=(rw,bind) /p[^r]*{,/**}, + mount options=(rw,bind) /pr[^o]*{,/**}, + mount options=(rw,bind) /pro[^c]*{,/**}, + mount options=(rw,bind) /proc?*{,/**}, + mount options=(rw,bind) /s[^y]*{,/**}, + mount options=(rw,bind) /sy[^s]*{,/**}, + mount options=(rw,bind) /sys?*{,/**}, + + # allow moving mounts except for /proc, /sys and /dev + mount options=(rw,move) /[^spd]*{,/**}, + mount options=(rw,move) /d[^e]*{,/**}, + mount options=(rw,move) /de[^v]*{,/**}, + mount options=(rw,move) /dev/.[^l]*{,/**}, + mount options=(rw,move) /dev/.l[^x]*{,/**}, + mount options=(rw,move) /dev/.lx[^c]*{,/**}, + mount options=(rw,move) /dev/.lxc?*{,/**}, + mount options=(rw,move) /dev/[^.]*{,/**}, + mount options=(rw,move) /dev?*{,/**}, + mount options=(rw,move) /p[^r]*{,/**}, + mount options=(rw,move) /pr[^o]*{,/**}, + mount options=(rw,move) /pro[^c]*{,/**}, + mount options=(rw,move) /proc?*{,/**}, + mount options=(rw,move) /s[^y]*{,/**}, + mount options=(rw,move) /sy[^s]*{,/**}, + mount options=(rw,move) /sys?*{,/**}, + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lxc-2.0.1/config/apparmor/abstractions/start-container new/lxc-2.0.3/config/apparmor/abstractions/start-container --- old/lxc-2.0.1/config/apparmor/abstractions/start-container 2016-05-16 22:38:39.000000000 +0200 +++ new/lxc-2.0.3/config/apparmor/abstractions/start-container 2016-06-28 21:39:28.000000000 +0200 @@ -15,6 +15,7 @@ mount options=bind /dev/pts/ptmx/ -> /dev/ptmx/, mount options=bind /dev/pts/** -> /dev/**, mount options=(rw, make-slave) -> **, + mount options=(rw, make-rslave) -> **, mount fstype=debugfs, # allow pre-mount hooks to stage mounts under /var/lib/lxc/<container>/ mount -> /var/lib/lxc/{**,}, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lxc-2.0.1/config/init/common/Makefile.am new/lxc-2.0.3/config/init/common/Makefile.am --- old/lxc-2.0.1/config/init/common/Makefile.am 2016-05-16 22:38:39.000000000 +0200 +++ new/lxc-2.0.3/config/init/common/Makefile.am 2016-06-28 21:39:28.000000000 +0200 @@ -1,2 +1,2 @@ -EXTRA_DIST = lxc-containers.in lxc-net.in lxc-devsetup -pkglibexec_SCRIPTS = lxc-containers lxc-net lxc-devsetup +EXTRA_DIST = lxc-containers.in lxc-net.in +pkglibexec_SCRIPTS = lxc-containers lxc-net diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lxc-2.0.1/config/init/common/Makefile.in new/lxc-2.0.3/config/init/common/Makefile.in --- old/lxc-2.0.1/config/init/common/Makefile.in 2016-05-16 22:38:44.000000000 +0200 +++ new/lxc-2.0.3/config/init/common/Makefile.in 2016-06-28 21:39:33.000000000 +0200 @@ -317,8 +317,8 @@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -EXTRA_DIST = lxc-containers.in lxc-net.in lxc-devsetup -pkglibexec_SCRIPTS = lxc-containers lxc-net lxc-devsetup +EXTRA_DIST = lxc-containers.in lxc-net.in +pkglibexec_SCRIPTS = lxc-containers lxc-net all: all-am .SUFFIXES: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lxc-2.0.1/config/init/common/lxc-devsetup new/lxc-2.0.3/config/init/common/lxc-devsetup --- old/lxc-2.0.1/config/init/common/lxc-devsetup 2016-05-16 22:38:39.000000000 +0200 +++ new/lxc-2.0.3/config/init/common/lxc-devsetup 1970-01-01 01:00:00.000000000 +0100 @@ -1,25 +0,0 @@ -#!/bin/sh - - -# lxc.devsetup - Setup host /dev for container /dev subdirectories. - -if [ ! -d /dev/.lxc ] -then - echo "Creating /dev/.lxc" - mkdir /dev/.lxc - chmod 755 /dev/.lxc -fi - -if grep -q "/dev devtmpfs " /proc/self/mounts -then - echo "/dev is devtmpfs" -else - echo "/dev is not devtmpfs - mounting tmpfs on .lxc" - mount -t tmpfs tmpfs /dev/.lxc -fi - -if [ ! -d /dev/.lxc/user ] -then - echo "Creating /dev/.lxc/user" - mkdir /dev/.lxc/user - chmod 1777 /dev/.lxc/user -fi diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lxc-2.0.1/config/init/systemd/Makefile.in new/lxc-2.0.3/config/init/systemd/Makefile.in --- old/lxc-2.0.1/config/init/systemd/Makefile.in 2016-05-16 22:38:44.000000000 +0200 +++ new/lxc-2.0.3/config/init/systemd/Makefile.in 2016-06-28 21:39:33.000000000 +0200 @@ -476,8 +476,8 @@ @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES) -@INIT_SCRIPT_SYSTEMD_FALSE@install-data-local: @INIT_SCRIPT_SYSTEMD_FALSE@uninstall-local: +@INIT_SCRIPT_SYSTEMD_FALSE@install-data-local: clean: clean-am clean-am: clean-generic mostlyclean-am diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lxc-2.0.1/config/init/systemd/lxc.service.in new/lxc-2.0.3/config/init/systemd/lxc.service.in --- old/lxc-2.0.1/config/init/systemd/lxc.service.in 2016-05-16 22:38:39.000000000 +0200 +++ new/lxc-2.0.3/config/init/systemd/lxc.service.in 2016-06-28 21:39:28.000000000 +0200 @@ -6,7 +6,6 @@ [Service] Type=oneshot RemainAfterExit=yes -ExecStartPre=@LIBEXECDIR@/lxc/lxc-devsetup ExecStartPre=@LIBEXECDIR@/lxc/lxc-apparmor-load ExecStart=@LIBEXECDIR@/lxc/lxc-containers start ExecStop=@LIBEXECDIR@/lxc/lxc-containers stop diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lxc-2.0.1/config/init/systemd/[email protected] new/lxc-2.0.3/config/init/systemd/[email protected] --- old/lxc-2.0.1/config/init/systemd/[email protected] 2016-05-16 22:38:39.000000000 +0200 +++ new/lxc-2.0.3/config/init/systemd/[email protected] 2016-06-28 21:39:28.000000000 +0200 @@ -9,7 +9,7 @@ KillMode=mixed KillSignal=SIGPWR TimeoutStopSec=120s -ExecStart=@BINDIR@/lxc-start -n %i +ExecStart=@BINDIR@/lxc-start -F -n %i # Environment=BOOTUP=serial # Environment=CONSOLETYPE=serial Delegate=yes diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lxc-2.0.1/config/init/sysvinit/lxc-containers.in new/lxc-2.0.3/config/init/sysvinit/lxc-containers.in --- old/lxc-2.0.1/config/init/sysvinit/lxc-containers.in 2016-05-16 22:38:39.000000000 +0200 +++ new/lxc-2.0.3/config/init/sysvinit/lxc-containers.in 2016-06-28 21:39:28.000000000 +0200 @@ -29,7 +29,6 @@ start() { # Setup host /dev for autodev containers. - @LIBEXECDIR@/lxc/lxc-devsetup log_daemon_msg "Starting LXC autoboot containers: " @LIBEXECDIR@/lxc/lxc-containers start } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lxc-2.0.1/config/init/upstart/Makefile.in new/lxc-2.0.3/config/init/upstart/Makefile.in --- old/lxc-2.0.1/config/init/upstart/Makefile.in 2016-05-16 22:38:44.000000000 +0200 +++ new/lxc-2.0.3/config/init/upstart/Makefile.in 2016-06-28 21:39:33.000000000 +0200 @@ -395,8 +395,8 @@ maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -@INIT_SCRIPT_UPSTART_FALSE@install-data-local: @INIT_SCRIPT_UPSTART_FALSE@uninstall-local: +@INIT_SCRIPT_UPSTART_FALSE@install-data-local: clean: clean-am clean-am: clean-generic mostlyclean-am diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lxc-2.0.1/config/init/upstart/lxc-instance.conf new/lxc-2.0.3/config/init/upstart/lxc-instance.conf --- old/lxc-2.0.1/config/init/upstart/lxc-instance.conf 2016-05-16 22:38:39.000000000 +0200 +++ new/lxc-2.0.3/config/init/upstart/lxc-instance.conf 2016-06-28 21:39:28.000000000 +0200 @@ -17,6 +17,4 @@ lxc-wait -s RUNNING -n $NAME -t 0 && { stop; exit 0; } || true end script -script - exec lxc-start -n $NAME -end script +exec lxc-start -F -n $NAME diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lxc-2.0.1/config/init/upstart/lxc.conf new/lxc-2.0.3/config/init/upstart/lxc.conf --- old/lxc-2.0.1/config/init/upstart/lxc.conf 2016-05-16 22:38:51.000000000 +0200 +++ new/lxc-2.0.3/config/init/upstart/lxc.conf 2016-06-28 21:39:47.000000000 +0200 @@ -45,9 +45,6 @@ fi fi - # Setup host /dev for autodev containers. - /usr/local/libexec/lxc/lxc-devsetup - [ "x$LXC_AUTO" = "xtrue" ] || exit 0 if [ -n "$BOOTGROUPS" ] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lxc-2.0.1/config/init/upstart/lxc.conf.in new/lxc-2.0.3/config/init/upstart/lxc.conf.in --- old/lxc-2.0.1/config/init/upstart/lxc.conf.in 2016-05-16 22:38:39.000000000 +0200 +++ new/lxc-2.0.3/config/init/upstart/lxc.conf.in 2016-06-28 21:39:28.000000000 +0200 @@ -45,9 +45,6 @@ fi fi - # Setup host /dev for autodev containers. - @LIBEXECDIR@/lxc/lxc-devsetup - [ "x$LXC_AUTO" = "xtrue" ] || exit 0 if [ -n "$BOOTGROUPS" ] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lxc-2.0.1/configure new/lxc-2.0.3/configure --- old/lxc-2.0.1/configure 2016-05-16 22:38:43.000000000 +0200 +++ new/lxc-2.0.3/configure 2016-06-28 21:39:32.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for lxc 2.0.1. +# Generated by GNU Autoconf 2.69 for lxc 2.0.3. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -577,8 +577,8 @@ # Identity of this package. PACKAGE_NAME='lxc' PACKAGE_TARNAME='lxc' -PACKAGE_VERSION='2.0.1' -PACKAGE_STRING='lxc 2.0.1' +PACKAGE_VERSION='2.0.3' +PACKAGE_STRING='lxc 2.0.3' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1453,7 +1453,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures lxc 2.0.1 to adapt to many kinds of systems. +\`configure' configures lxc 2.0.3 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1524,7 +1524,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of lxc 2.0.1:";; + short | recursive ) echo "Configuration of lxc 2.0.3:";; esac cat <<\_ACEOF @@ -1685,7 +1685,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -lxc configure 2.0.1 +lxc configure 2.0.3 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2150,7 +2150,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by lxc $as_me 2.0.1, which was +It was created by lxc $as_me 2.0.3, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2621,7 +2621,7 @@ fi fi -LXC_VERSION_BASE=2.0.1 +LXC_VERSION_BASE=2.0.3 @@ -2629,11 +2629,11 @@ LXC_VERSION_MINOR=0 -LXC_VERSION_MICRO=1 +LXC_VERSION_MICRO=3 LXC_VERSION_ABI=1.2.0 -LXC_VERSION=2.0.1 +LXC_VERSION=2.0.3 @@ -3154,7 +3154,7 @@ # Define the identity of the package. PACKAGE='lxc' - VERSION='2.0.1' + VERSION='2.0.3' cat >>confdefs.h <<_ACEOF @@ -10121,7 +10121,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by lxc $as_me 2.0.1, which was +This file was extended by lxc $as_me 2.0.3, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -10191,7 +10191,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -lxc config.status 2.0.1 +lxc config.status 2.0.3 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lxc-2.0.1/configure.ac new/lxc-2.0.3/configure.ac --- old/lxc-2.0.1/configure.ac 2016-05-16 22:38:39.000000000 +0200 +++ new/lxc-2.0.3/configure.ac 2016-06-28 21:39:28.000000000 +0200 @@ -3,7 +3,7 @@ m4_define([lxc_version_major], 2) m4_define([lxc_version_minor], 0) -m4_define([lxc_version_micro], 1) +m4_define([lxc_version_micro], 3) m4_define([lxc_version_beta], []) m4_define([lxc_version_abi], 1.2.0) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lxc-2.0.1/lxc.spec new/lxc-2.0.3/lxc.spec --- old/lxc-2.0.1/lxc.spec 2016-05-16 22:38:50.000000000 +0200 +++ new/lxc-2.0.3/lxc.spec 2016-06-28 21:39:47.000000000 +0200 @@ -60,7 +60,7 @@ %endif Name: lxc -Version: 2.0.1 +Version: 2.0.3 Release: %{?beta_rel:0.1.%{beta_rel}}%{?!beta_rel:%{norm_rel}}%{?dist} URL: http://linuxcontainers.org Source: http://linuxcontainers.org/downloads/%{name}-%{version}%{?beta_dot}.tar.gz @@ -275,7 +275,6 @@ %{_libexecdir}/%{name} %attr(4111,root,root) %{_libexecdir}/%{name}/lxc-user-nic %if %{with_systemd} -%attr(555,root,root) %{_libexecdir}/%{name}/lxc-devsetup %attr(555,root,root) %{_libexecdir}/%{name}/lxc-net %attr(555,root,root) %{_libexecdir}/%{name}/lxc-containers %endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lxc-2.0.1/lxc.spec.in new/lxc-2.0.3/lxc.spec.in --- old/lxc-2.0.1/lxc.spec.in 2016-05-16 22:38:39.000000000 +0200 +++ new/lxc-2.0.3/lxc.spec.in 2016-06-28 21:39:28.000000000 +0200 @@ -275,7 +275,6 @@ %{_libexecdir}/%{name} %attr(4111,root,root) %{_libexecdir}/%{name}/lxc-user-nic %if %{with_systemd} -%attr(555,root,root) %{_libexecdir}/%{name}/lxc-devsetup %attr(555,root,root) %{_libexecdir}/%{name}/lxc-net %attr(555,root,root) %{_libexecdir}/%{name}/lxc-containers %endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lxc-2.0.1/src/include/lxcmntent.h new/lxc-2.0.3/src/include/lxcmntent.h --- old/lxc-2.0.1/src/include/lxcmntent.h 2016-05-16 22:38:39.000000000 +0200 +++ new/lxc-2.0.3/src/include/lxcmntent.h 2016-06-28 21:39:28.000000000 +0200 @@ -36,15 +36,15 @@ extern struct mntent *getmntent_r (FILE *stream, struct mntent *mp, char *buffer, int bufsiz); #endif -#ifndef HAVE_SETMNTENT +#if !defined(HAVE_SETMNTENT) || IS_BIONIC FILE *setmntent (const char *file, const char *mode); #endif -#ifndef HAVE_ENDMNTENT +#if !defined(HAVE_ENDMNTENT) || IS_BIONIC int endmntent (FILE *stream); #endif -#ifndef HAVE_HASMNTOPT +#if !defined(HAVE_HASMNTOPT) || IS_BIONIC extern char *hasmntopt (const struct mntent *mnt, const char *opt); #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lxc-2.0.1/src/lxc/criu.c new/lxc-2.0.3/src/lxc/criu.c --- old/lxc-2.0.1/src/lxc/criu.c 2016-05-16 22:38:39.000000000 +0200 +++ new/lxc-2.0.3/src/lxc/criu.c 2016-06-28 21:39:28.000000000 +0200 @@ -135,7 +135,7 @@ /* The command line always looks like: * criu $(action) --tcp-established --file-locks --link-remap \ - * --manage-cgroups action-script foo.sh -D $(directory) \ + * --manage-cgroups=full action-script foo.sh -D $(directory) \ * -o $(directory)/$(action).log --ext-mount-map auto * --enable-external-sharing --enable-external-masters * --enable-fs hugetlbfs --enable-fs tracefs --ext-mount-map console:/dev/pts/n @@ -218,7 +218,7 @@ DECLARE_ARG("--tcp-established"); DECLARE_ARG("--file-locks"); DECLARE_ARG("--link-remap"); - DECLARE_ARG("--manage-cgroups"); + DECLARE_ARG("--manage-cgroups=full"); DECLARE_ARG("--ext-mount-map"); DECLARE_ARG("auto"); DECLARE_ARG("--enable-external-sharing"); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lxc-2.0.1/src/lxc/lxc_user_nic.c new/lxc-2.0.3/src/lxc/lxc_user_nic.c --- old/lxc-2.0.1/src/lxc/lxc_user_nic.c 2016-05-16 22:38:39.000000000 +0200 +++ new/lxc-2.0.3/src/lxc/lxc_user_nic.c 2016-06-28 21:39:28.000000000 +0200 @@ -41,7 +41,6 @@ #include <net/if.h> #include <net/if_arp.h> #include <netinet/in.h> -#include <linux/if_bridge.h> #include <linux/netlink.h> #include <linux/rtnetlink.h> #include <linux/sockios.h> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lxc-2.0.1/src/lxc/version.h new/lxc-2.0.3/src/lxc/version.h --- old/lxc-2.0.1/src/lxc/version.h 2016-05-16 22:38:54.000000000 +0200 +++ new/lxc-2.0.3/src/lxc/version.h 2016-06-28 21:39:51.000000000 +0200 @@ -25,8 +25,8 @@ #define LXC_VERSION_MAJOR 2 #define LXC_VERSION_MINOR 0 -#define LXC_VERSION_MICRO 1 +#define LXC_VERSION_MICRO 3 #define LXC_VERSION_ABI "1.2.0" -#define LXC_VERSION "2.0.1" +#define LXC_VERSION "2.0.3" #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lxc-2.0.1/templates/lxc-debian.in new/lxc-2.0.3/templates/lxc-debian.in --- old/lxc-2.0.1/templates/lxc-debian.in 2016-05-16 22:38:39.000000000 +0200 +++ new/lxc-2.0.3/templates/lxc-debian.in 2016-06-28 21:39:29.000000000 +0200 @@ -242,6 +242,7 @@ download_debian() { packages=\ +init,\ ifupdown,\ locales,\ libui-dialog-perl,\ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lxc-2.0.1/templates/lxc-oracle.in new/lxc-2.0.3/templates/lxc-oracle.in --- old/lxc-2.0.1/templates/lxc-oracle.in 2016-05-16 22:38:39.000000000 +0200 +++ new/lxc-2.0.3/templates/lxc-oracle.in 2016-06-28 21:39:29.000000000 +0200 @@ -145,21 +145,25 @@ # OL7 has systemd, no rc.sysinit if [ $container_release_major = "7" ]; then - # from mhw in the fedora template: We do need to disable the - # "ConditionalPathExists=/dev/tty0" line or no gettys are started on - # the ttys in the container. Lets do it in an override copy of the - # service so it can still pass rpm verifies and not be automatically - # updated by a new systemd version. - sed -e 's/^ConditionPathExists=/#LXC ConditionPathExists=/' \ - < $container_rootfs/usr/lib/systemd/system/getty\@.service \ - > $container_rootfs/etc/systemd/system/getty\@.service - # Setup getty service on the 4 ttys we are going to allow in the - # default config. Number should match lxc.tty - ( cd $container_rootfs/etc/systemd/system/getty.target.wants - for i in 1 2 3 4 ; do ln -sf ../getty\@.service getty@tty${i}.service; done ) - # We only want to spawn a getty on /dev/console in lxc, libvirt-lxc - # symlinks /dev/console to /dev/tty1 - sed -i '/Before=getty.target/a ConditionVirtualization=lxc' $container_rootfs/usr/lib/systemd/system/console-getty.service + # with newer systemd (OL7.2), getty service include container-getty.service + # let that be the one who manage the getty service instead + if [ ! -f $container_rootfs/usr/lib/systemd/system/[email protected] ]; then + # from mhw in the fedora template: We do need to disable the + # "ConditionalPathExists=/dev/tty0" line or no gettys are started on + # the ttys in the container. Lets do it in an override copy of the + # service so it can still pass rpm verifies and not be automatically + # updated by a new systemd version. + sed -e 's/^ConditionPathExists=/#LXC ConditionPathExists=/' \ + < $container_rootfs/usr/lib/systemd/system/getty\@.service \ + > $container_rootfs/etc/systemd/system/getty\@.service + # Setup getty service on the 4 ttys we are going to allow in the + # default config. Number should match lxc.tty + ( cd $container_rootfs/etc/systemd/system/getty.target.wants + for i in 1 2 3 4 ; do ln -sf ../getty\@.service getty@tty${i}.service; done ) + # We only want to spawn a getty on /dev/console in lxc, libvirt-lxc + # symlinks /dev/console to /dev/tty1 + sed -i '/Before=getty.target/a ConditionVirtualization=lxc' $container_rootfs/usr/lib/systemd/system/console-getty.service + fi # disable some systemd services, set default boot, sigpwr target rm -f $container_rootfs/usr/lib/systemd/system/sysinit.target.wants/kmod-static-nodes.service diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lxc-2.0.1/templates/lxc-plamo.in new/lxc-2.0.3/templates/lxc-plamo.in --- old/lxc-2.0.1/templates/lxc-plamo.in 2016-05-16 22:38:39.000000000 +0200 +++ new/lxc-2.0.3/templates/lxc-plamo.in 2016-06-28 21:39:29.000000000 +0200 @@ -49,7 +49,7 @@ CATEGORIES=${CATEGORIES-"00_base 01_minimum"} EXTRACTGRS=${EXTRACTGRS-""} IGNOREPKGS=${IGNOREPKGS-"grub kernel lilo linux_firmware microcode_ctl - cpufreqd cpufrequtils gpm"} + cpufreqd cpufrequtils gpm ntp kmod"} ADDONPKGS=${ADDONPKGS-"`echo contrib/Hamradio/{morse,qrq}`"} download_plamo() { @@ -222,6 +222,14 @@ sh /tmp/netconfig.rconly rm -f /tmp/netconfig.rconly sed -i '/cmdline/s/if/& false \&\&/' $rootfs/etc/rc.d/rc.inet1.tradnet + # /etc/rc.d/rc.inet2 + sed -i '/rpc.mountd/s/^/#/' $rootfs/etc/rc.d/rc.inet2 + sed -i '/modprobe/s/^/#/' $rootfs/etc/rc.d/rc.inet2 + # configure to start only the minimum of service + chmod 644 $rootfs/etc/rc.d/init.d/saslauthd + chmod 644 $rootfs/etc/rc.d/init.d/open-iscsi + rm -f $rootfs/etc/rc.d/init.d/postfix + rm -f $rootfs/var/log/initpkg/shadow return 0 } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lxc-2.0.1/templates/lxc-ubuntu.in new/lxc-2.0.3/templates/lxc-ubuntu.in --- old/lxc-2.0.1/templates/lxc-ubuntu.in 2016-05-16 22:38:39.000000000 +0200 +++ new/lxc-2.0.3/templates/lxc-ubuntu.in 2016-06-28 21:39:29.000000000 +0200 @@ -342,7 +342,7 @@ ;; esac - packages_template=${packages_template:-"ssh,vim"} + packages_template=${packages_template:-"apt-transport-https,ssh,vim"} debootstrap_parameters= # Try to guess a list of langpacks to install @@ -359,7 +359,7 @@ debootstrap_parameters="$debootstrap_parameters --variant=$variant" fi if [ "$variant" = 'minbase' ]; then - packages_template="${packages_template},sudo,ifupdown,isc-dhcp-client,apt-transport-https" + packages_template="${packages_template},sudo,ifupdown,isc-dhcp-client" fi echo "Installing packages in template: ${packages_template}"
