[arch-commits] Commit in slirp4netns/trunk (PKGBUILD pr153.patch)
Date: Wednesday, October 30, 2019 @ 13:10:24 Author: bpiotrowski Revision: 520981 0.4.2-1 Modified: slirp4netns/trunk/PKGBUILD Deleted: slirp4netns/trunk/pr153.patch -+ PKGBUILD| 26 +++-- pr153.patch | 114 -- 2 files changed, 15 insertions(+), 125 deletions(-) Modified: PKGBUILD === --- PKGBUILD2019-10-30 13:06:34 UTC (rev 520980) +++ PKGBUILD2019-10-30 13:10:24 UTC (rev 520981) @@ -2,30 +2,34 @@ pkgname=slirp4netns pkgdesc='User-mode networking for unprivileged network namespaces' -pkgver=0.4.1 -pkgrel=2 +pkgver=0.4.2 +pkgrel=1 arch=(x86_64) -url="https://github.com/rootless-containers/$pkgname"; +url="https://github.com/rootless-containers/slirp4netns"; license=(GPL2) depends=(glibc glib2 libcap libseccomp) -source=($pkgname-$pkgver.tar.gz::$url/archive/v${pkgver}.tar.gz -pr153.patch) -sha256sums=('75d2a7411cc2b3e341d8530228750bb1db06077b349d10fbdddbb582c27f8cfc' -'7ce56f88cdd941d786117c388a31669018b6c37fd27f3afe97f2c4369cd92fac') +makedepends=(git) +_commit=69153b0d1cb82216d6782179ff7c3c5e91c731a1 # tags/v0.4.2 +source=("git+$url#commit=$_commit") +sha256sums=('SKIP') +pkgver() { + cd $pkgname + git describe --tags | sed 's/^v//;s/-/+/g' +} + prepare() { - cd $pkgname-$pkgver - patch -p1 -i "$srcdir/pr153.patch" + cd $pkgname autoreconf -fi } build() { - cd $pkgname-$pkgver + cd $pkgname ./configure --prefix=/usr make } package() { - cd $pkgname-$pkgver + cd $pkgname make DESTDIR="$pkgdir" install } Deleted: pr153.patch === --- pr153.patch 2019-10-30 13:06:34 UTC (rev 520980) +++ pr153.patch 2019-10-30 13:10:24 UTC (rev 520981) @@ -1,114 +0,0 @@ -From a9c57a90817c10b256389d425ec715d311cceb76 Mon Sep 17 00:00:00 2001 -From: Giuseppe Scrivano -Date: Mon, 30 Sep 2019 21:11:09 +0200 -Subject: [PATCH 1/2] sandbox: do not propagate mounts to the parent ns - -when creating the sandbox, make sure the mounts are marked with -MS_SLAVE so that events are not propagated to other mount namespaces. - -Closes: https://github.com/containers/libpod/issues/4113 - -Signed-off-by: Giuseppe Scrivano - sandbox.c | 10 ++ - 1 file changed, 10 insertions(+) - -diff --git a/sandbox.c b/sandbox.c -index 05d29e8..256bf04 100644 a/sandbox.c -+++ b/sandbox.c -@@ -16,6 +16,11 @@ static int add_mount(const char *from, const char *to) - { - int ret; - -+ret = mount("", from, "", MS_SLAVE | MS_REC, NULL); -+if (ret < 0 && errno != EINVAL) { -+fprintf(stderr, "cannot make mount propagation slave %s\n", from); -+return ret; -+} - ret = mount(from, to, "", - MS_BIND | MS_REC | MS_SLAVE | MS_NOSUID | MS_NODEV | MS_NOEXEC, - NULL); -@@ -23,6 +28,11 @@ static int add_mount(const char *from, const char *to) - fprintf(stderr, "cannot bind mount %s to %s\n", from, to); - return ret; - } -+ret = mount("", to, "", MS_SLAVE | MS_REC, NULL); -+if (ret < 0) { -+fprintf(stderr, "cannot make mount propagation slave %s\n", to); -+return ret; -+} - ret = mount(from, to, "", - MS_REMOUNT | MS_BIND | MS_RDONLY | MS_NOSUID | MS_NODEV | - MS_NOEXEC, - -From 4c2e8c68205f5cacd96d49287584e647e483c6f9 Mon Sep 17 00:00:00 2001 -From: Giuseppe Scrivano -Date: Tue, 1 Oct 2019 09:29:47 +0200 -Subject: [PATCH 2/2] tests: --create-sandbox doesn't umount under /run - -Signed-off-by: Giuseppe Scrivano - Makefile.am | 1 + - tests/slirp4netns-no-unmount.sh | 29 + - tests/test-slirp4netns.sh | 2 ++ - 3 files changed, 32 insertions(+) - create mode 100755 tests/slirp4netns-no-unmount.sh - -diff --git a/Makefile.am b/Makefile.am -index 1298d38..7708820 100644 a/Makefile.am -+++ b/Makefile.am -@@ -16,6 +16,7 @@ EXTRA_DIST = \ - api.h \ - sandbox.h \ - seccompfilter.h \ -+ tests/slirp4netns-no-unmount.sh \ - vendor/libslirp/COPYRIGHT \ - vendor/libslirp/README.md \ - vendor/libslirp/src/bootp.h \ -diff --git a/tests/slirp4netns-no-unmount.sh b/tests/slirp4netns-no-unmount.sh -new file mode 100755 -index 000..6e8ed15 /dev/null -+++ b/tests/slirp4netns-no-unmount.sh -@@ -0,0 +1,29 @@ -+#!/bin/bash -+set -xeuo pipefail -+ -+. $(dirname $0)/common.sh -+ -+# it is a part of test-slirp4netns.sh -+# must run in a new mount namespace -+ -+mount -t tmpfs tmpfs /run -+mkdir /run/foo -+mount -t tmpfs tmpfs /run/foo -+mount --make-rshared /run -+ -+unshare -n sleep infinity & -+child=$! -+ -+wait_for_network_namespace $child -+ -+./slirp4netns --enable-sandbox --netns-type=path /proc/$child/ns/net tun11 & -+slirp_pid=$! -+ -+function cleanup { -+kill -9 $child $slirp_pid -+} -+trap cleanup EXIT -+ -+wa
[arch-commits] Commit in slirp4netns/trunk (PKGBUILD pr153.patch)
Date: Friday, October 4, 2019 @ 12:40:52 Author: bpiotrowski Revision: 512724 0.4.1-2: backport "sandbox: do not propagate mounts to the parent ns" Added: slirp4netns/trunk/pr153.patch Modified: slirp4netns/trunk/PKGBUILD -+ PKGBUILD|9 +++- pr153.patch | 114 ++ 2 files changed, 120 insertions(+), 3 deletions(-) Modified: PKGBUILD === --- PKGBUILD2019-10-04 12:39:43 UTC (rev 512723) +++ PKGBUILD2019-10-04 12:40:52 UTC (rev 512724) @@ -3,16 +3,19 @@ pkgname=slirp4netns pkgdesc='User-mode networking for unprivileged network namespaces' pkgver=0.4.1 -pkgrel=1 +pkgrel=2 arch=(x86_64) url="https://github.com/rootless-containers/$pkgname"; license=(GPL2) depends=(glibc glib2 libcap libseccomp) -source=($pkgname-$pkgver.tar.gz::$url/archive/v${pkgver}.tar.gz) -sha256sums=('75d2a7411cc2b3e341d8530228750bb1db06077b349d10fbdddbb582c27f8cfc') +source=($pkgname-$pkgver.tar.gz::$url/archive/v${pkgver}.tar.gz +pr153.patch) +sha256sums=('75d2a7411cc2b3e341d8530228750bb1db06077b349d10fbdddbb582c27f8cfc' +'7ce56f88cdd941d786117c388a31669018b6c37fd27f3afe97f2c4369cd92fac') prepare() { cd $pkgname-$pkgver + patch -p1 -i "$srcdir/pr153.patch" autoreconf -fi } Added: pr153.patch === --- pr153.patch (rev 0) +++ pr153.patch 2019-10-04 12:40:52 UTC (rev 512724) @@ -0,0 +1,114 @@ +From a9c57a90817c10b256389d425ec715d311cceb76 Mon Sep 17 00:00:00 2001 +From: Giuseppe Scrivano +Date: Mon, 30 Sep 2019 21:11:09 +0200 +Subject: [PATCH 1/2] sandbox: do not propagate mounts to the parent ns + +when creating the sandbox, make sure the mounts are marked with +MS_SLAVE so that events are not propagated to other mount namespaces. + +Closes: https://github.com/containers/libpod/issues/4113 + +Signed-off-by: Giuseppe Scrivano +--- + sandbox.c | 10 ++ + 1 file changed, 10 insertions(+) + +diff --git a/sandbox.c b/sandbox.c +index 05d29e8..256bf04 100644 +--- a/sandbox.c b/sandbox.c +@@ -16,6 +16,11 @@ static int add_mount(const char *from, const char *to) + { + int ret; + ++ret = mount("", from, "", MS_SLAVE | MS_REC, NULL); ++if (ret < 0 && errno != EINVAL) { ++fprintf(stderr, "cannot make mount propagation slave %s\n", from); ++return ret; ++} + ret = mount(from, to, "", + MS_BIND | MS_REC | MS_SLAVE | MS_NOSUID | MS_NODEV | MS_NOEXEC, + NULL); +@@ -23,6 +28,11 @@ static int add_mount(const char *from, const char *to) + fprintf(stderr, "cannot bind mount %s to %s\n", from, to); + return ret; + } ++ret = mount("", to, "", MS_SLAVE | MS_REC, NULL); ++if (ret < 0) { ++fprintf(stderr, "cannot make mount propagation slave %s\n", to); ++return ret; ++} + ret = mount(from, to, "", + MS_REMOUNT | MS_BIND | MS_RDONLY | MS_NOSUID | MS_NODEV | + MS_NOEXEC, + +From 4c2e8c68205f5cacd96d49287584e647e483c6f9 Mon Sep 17 00:00:00 2001 +From: Giuseppe Scrivano +Date: Tue, 1 Oct 2019 09:29:47 +0200 +Subject: [PATCH 2/2] tests: --create-sandbox doesn't umount under /run + +Signed-off-by: Giuseppe Scrivano +--- + Makefile.am | 1 + + tests/slirp4netns-no-unmount.sh | 29 + + tests/test-slirp4netns.sh | 2 ++ + 3 files changed, 32 insertions(+) + create mode 100755 tests/slirp4netns-no-unmount.sh + +diff --git a/Makefile.am b/Makefile.am +index 1298d38..7708820 100644 +--- a/Makefile.am b/Makefile.am +@@ -16,6 +16,7 @@ EXTRA_DIST = \ + api.h \ + sandbox.h \ + seccompfilter.h \ ++ tests/slirp4netns-no-unmount.sh \ + vendor/libslirp/COPYRIGHT \ + vendor/libslirp/README.md \ + vendor/libslirp/src/bootp.h \ +diff --git a/tests/slirp4netns-no-unmount.sh b/tests/slirp4netns-no-unmount.sh +new file mode 100755 +index 000..6e8ed15 +--- /dev/null b/tests/slirp4netns-no-unmount.sh +@@ -0,0 +1,29 @@ ++#!/bin/bash ++set -xeuo pipefail ++ ++. $(dirname $0)/common.sh ++ ++# it is a part of test-slirp4netns.sh ++# must run in a new mount namespace ++ ++mount -t tmpfs tmpfs /run ++mkdir /run/foo ++mount -t tmpfs tmpfs /run/foo ++mount --make-rshared /run ++ ++unshare -n sleep infinity & ++child=$! ++ ++wait_for_network_namespace $child ++ ++./slirp4netns --enable-sandbox --netns-type=path /proc/$child/ns/net tun11 & ++slirp_pid=$! ++ ++function cleanup { ++kill -9 $child $slirp_pid ++} ++trap cleanup EXIT ++ ++wait_for_network_device $child tun11 ++ ++findmnt /run/foo +diff --git a/tests/test-slirp4netns.sh b/tests/test-slirp4netns.sh +index 2586e7d..5ed0217 100755 +--- a/tests/test-slirp4netns.sh b/tests/test-slirp4netns.sh +@@ -67,3 +67,5 @@ wait_for_network_device $child tun11 + + nsenter --preserve-c