testing/lxd: upgrade to 3.22

2 files changed, 4 insertions, 279 deletions

diff --git a/testing/lxd/APKBUILD b/testing/lxd/APKBUILD
index 51a412d899..9f09895e03 100644
--- a/testing/lxd/APKBUILD
+++ b/testing/lxd/APKBUILD
@@ -1,8 +1,8 @@
 # Contributor: Carlo Landmeter <clandmeter@gmail.com>
 # Maintainer: Francesco Colista <fcolista@alpinelinux.org>
 pkgname=lxd
-pkgver=3.20
-pkgrel=1
+pkgver=3.22
+pkgrel=0
 pkgdesc="a container hypervisor and a new user experience for LXC"
 url="https://linuxcontainers.org/lxd/"
 arch="all !aarch64"
@@ -54,7 +54,6 @@ source="https://linuxcontainers.org/downloads/$pkgname/$pkgname-$pkgver.tar.gz
 	$pkgname.initd
 	lxd-dont-go-get.patch
 	add-missing-includes.patch
-	seccomp-checkfeature.patch
 	"
 # avoid conflict with system libsqlite3.so.0 by adding a soname prefix.
 # this makes lxd-libs provide so:lxd:libsqlite3.so.0 and lxd depend on
@@ -170,9 +169,8 @@ libs() {
 	rm -r "$pkgdir"/etc
 }
 
-sha512sums="c3ee844935eceb8b62364cbc4ca894c0145870ac44712fbd9ddae4b6baca6959f45d14475550392b504c6dccaeb848fe40f47629cf8f0554ff78c0bd18a8e077  lxd-3.20.tar.gz
+sha512sums="a91b225f24ca98b88da0f9c9be95cc30b40358a3ceee4c9409d7e67c9ff8841f453e4b13909f2ed8c46d1f10e8d8359563825a5fa04abb5659a3a5cda7252b75  lxd-3.22.tar.gz
 bc32c71f2ce10f508433e1e4651c08c18e8a17e9419a7ce391c0f127fc7cf378c665178926b35eae8813e290d9c5eab3ceb605679fd32efdf2cf98a57cee4127  lxd.confd
 94de0c0d5ab63463a929a4151359950b1117d0ada5ccf0944311cc70c6b6d4c437ccb4158734ab35db67bfb4abc437074c3f3515be4531f63adc74da21fefb5b  lxd.initd
 6bd42ac2571eb77fc3761f549bf77771fbfc4dad8934f9ccf6e421b2874ae5205345511d46f16f69b0b653e859d8019382c5da077db9cbb8149ae883d544215c  lxd-dont-go-get.patch
-c9291e7df7e7d62324d6f31460268b138eaeb7928b2aceb9e1763bc123c4410557a887847e441c03efb92642a6c39c8db6557e2af6a738ac46a9df93b5ac1d3b  add-missing-includes.patch
-05315726bd672361799a2cf295b982bb5010f35c8a6ac3c2ed49d276ecc5acf02f1243a3ecb528283c575ff3fd4f1ecb781c1a74a44a7f6edd94f8d4a5e49e6b  seccomp-checkfeature.patch"
+c9291e7df7e7d62324d6f31460268b138eaeb7928b2aceb9e1763bc123c4410557a887847e441c03efb92642a6c39c8db6557e2af6a738ac46a9df93b5ac1d3b  add-missing-includes.patch"
diff --git a/testing/lxd/seccomp-checkfeature.patch b/testing/lxd/seccomp-checkfeature.patch
deleted file mode 100644
index 96c9965d74..0000000000
--- a/testing/lxd/seccomp-checkfeature.patch
+++ /dev/null
@@ -1,273 +0,0 @@
-From 37b4d1576fe7fc68a1052da7d9ebebe7921800e7 Mon Sep 17 00:00:00 2001
-From: Christian Brauner <christian.brauner@ubuntu.com>
-Date: Wed, 5 Feb 2020 20:17:50 +0100
-Subject: [PATCH 1/4] lxd/main_checkfeature: add explicit _exit() even if it's
- not needed
-
-Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
----
- lxd/main_checkfeature.go | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/lxd/main_checkfeature.go b/lxd/main_checkfeature.go
-index 403dcfb231..42aae72f31 100644
---- a/lxd/main_checkfeature.go
-+++ b/lxd/main_checkfeature.go
-@@ -266,8 +266,11 @@ static void is_user_notification_continue_aware(void)
- 	if (pid < 0)
- 		return;
- 
--	if (pid == 0)
-+	if (pid == 0) {
- 		__do_user_notification_continue();
-+		// Should not be reached.
-+		_exit(EXIT_FAILURE);
-+	}
- 
- 	ret = waitpid(pid, &status, 0);
- 	if ((ret == pid) && WIFEXITED(status) && !WEXITSTATUS(status))
-
-From 445de54e319348b938cbe0d343ff092ad8c94226 Mon Sep 17 00:00:00 2001
-From: Christian Brauner <christian.brauner@ubuntu.com>
-Date: Wed, 5 Feb 2020 20:20:35 +0100
-Subject: [PATCH 2/4] lxd/main_checkfeature: s/exit()/_exit()/g
-
-Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
----
- lxd/main_checkfeature.go | 16 ++++++++--------
- 1 file changed, 8 insertions(+), 8 deletions(-)
-
-diff --git a/lxd/main_checkfeature.go b/lxd/main_checkfeature.go
-index 42aae72f31..77d80386be 100644
---- a/lxd/main_checkfeature.go
-+++ b/lxd/main_checkfeature.go
-@@ -178,11 +178,11 @@ __noreturn static void __do_user_notification_continue(void)
- 
- 	listener = user_trap_syscall(__NR_dup, SECCOMP_FILTER_FLAG_NEW_LISTENER);
- 	if (listener < 0)
--		exit(1);
-+		_exit(EXIT_FAILURE);
- 
- 	pid = fork();
- 	if (pid < 0)
--		exit(1);
-+		_exit(EXIT_FAILURE);
- 
- 	if (pid == 0) {
- 		int dup_fd, pipe_fds[2];
-@@ -192,21 +192,21 @@ __noreturn static void __do_user_notification_continue(void)
- 		// will be closed anyway.
- 		ret = pipe(pipe_fds);
- 		if (ret < 0)
--			exit(1);
-+			_exit(EXIT_FAILURE);
- 
- 		// O_CLOEXEC doesn't matter as we're in the child and we're
- 		// not going to exec.
- 		dup_fd = dup(pipe_fds[0]);
- 		if (dup_fd < 0)
--			exit(1);
-+			_exit(EXIT_FAILURE);
- 
- 		self = getpid();
- 
- 		ret = filecmp(self, self, pipe_fds[0], dup_fd);
- 		if (ret)
--			exit(2);
-+			_exit(EXIT_FAILURE);
- 
--		exit(0);
-+		_exit(EXIT_SUCCESS);
- 	}
- 
- 	pollfd.fd = listener;
-@@ -249,8 +249,8 @@ __noreturn static void __do_user_notification_continue(void)
- cleanup_wait:
- 	ret = waitpid(pid, &status, 0);
- 	if ((ret != pid) || !WIFEXITED(status) || WEXITSTATUS(status))
--		exit(1);
--	exit(0);
-+		_exit(EXIT_FAILURE);
-+	_exit(EXIT_SUCCESS);
- 
- cleanup_sigkill:
- 	kill(pid, SIGKILL);
-
-From 9e89729860828215070a03529c7bffcdd8683567 Mon Sep 17 00:00:00 2001
-From: Christian Brauner <christian.brauner@ubuntu.com>
-Date: Wed, 5 Feb 2020 20:26:11 +0100
-Subject: [PATCH 3/4] cgo: export wait_for_pid() helper
-
-to handle being interrupted by a signal in other parts of the codebase.
-
-Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
----
- lxd/main_checkfeature.go | 15 ++++++++-------
- lxd/main_forkproxy.go    | 19 +------------------
- lxd/main_nsexec.go       | 19 +++++++++++++++++++
- 3 files changed, 28 insertions(+), 25 deletions(-)
-
-diff --git a/lxd/main_checkfeature.go b/lxd/main_checkfeature.go
-index 77d80386be..aa50fa9fe6 100644
---- a/lxd/main_checkfeature.go
-+++ b/lxd/main_checkfeature.go
-@@ -17,10 +17,10 @@ import (
- #include <stdio.h>
- #include <stdlib.h>
- #include <sched.h>
-+#include <signal.h>
- #include <string.h>
- #include <sys/stat.h>
- #include <sys/types.h>
--#include <sys/wait.h>
- #include <unistd.h>
- #include <syscall.h>
- #include <linux/seccomp.h>
-@@ -39,6 +39,7 @@ __ro_after_init int seccomp_notify_aware = 0;
- __ro_after_init char errbuf[4096];
- 
- extern int can_inject_uevent(const char *uevent, size_t len);
-+extern int wait_for_pid(pid_t pid);
- 
- static int netns_set_nsid(int fd)
- {
-@@ -171,7 +172,7 @@ __noreturn static void __do_user_notification_continue(void)
- {
- 	pid_t pid;
- 	int ret;
--	int status, listener;
-+	int listener;
- 	struct seccomp_notif req = {};
- 	struct seccomp_notif_resp resp = {};
- 	struct pollfd pollfd;
-@@ -247,8 +248,8 @@ __noreturn static void __do_user_notification_continue(void)
- 	}
- 
- cleanup_wait:
--	ret = waitpid(pid, &status, 0);
--	if ((ret != pid) || !WIFEXITED(status) || WEXITSTATUS(status))
-+	ret = wait_for_pid(pid);
-+	if (ret)
- 		_exit(EXIT_FAILURE);
- 	_exit(EXIT_SUCCESS);
- 
-@@ -259,7 +260,7 @@ cleanup_sigkill:
- 
- static void is_user_notification_continue_aware(void)
- {
--	int ret, status;
-+	int ret;
- 	pid_t pid;
- 
- 	pid = fork();
-@@ -272,8 +273,8 @@ static void is_user_notification_continue_aware(void)
- 		_exit(EXIT_FAILURE);
- 	}
- 
--	ret = waitpid(pid, &status, 0);
--	if ((ret == pid) && WIFEXITED(status) && !WEXITSTATUS(status))
-+	ret = wait_for_pid(pid);
-+	if (!ret)
- 		seccomp_notify_aware = 2;
- }
- 
-diff --git a/lxd/main_forkproxy.go b/lxd/main_forkproxy.go
-index ec758b3a73..8bf38af7e4 100644
---- a/lxd/main_forkproxy.go
-+++ b/lxd/main_forkproxy.go
-@@ -41,6 +41,7 @@ import (
- extern char* advance_arg(bool required);
- extern void attach_userns(int pid);
- extern int dosetns(int pid, char *nstype);
-+extern int wait_for_pid(pid_t pid);
- 
- int whoami = -ESRCH;
- 
-@@ -59,24 +60,6 @@ static int switch_uid_gid(uint32_t uid, uint32_t gid)
- 	return 0;
- }
- 
--static int wait_for_pid(pid_t pid)
--{
--	int status, ret;
--
--again:
--	ret = waitpid(pid, &status, 0);
--	if (ret == -1) {
--		if (errno == EINTR)
--			goto again;
--		return -1;
--	}
--	if (ret != pid)
--		goto again;
--	if (!WIFEXITED(status) || WEXITSTATUS(status) != 0)
--		return -1;
--	return 0;
--}
--
- static int lxc_epoll_wait_nointr(int epfd, struct epoll_event* events,
- 				 int maxevents, int timeout)
- {
-diff --git a/lxd/main_nsexec.go b/lxd/main_nsexec.go
-index 5e98408f1e..79ce48570e 100644
---- a/lxd/main_nsexec.go
-+++ b/lxd/main_nsexec.go
-@@ -33,6 +33,7 @@ package main
- #include <string.h>
- #include <sys/stat.h>
- #include <sys/types.h>
-+#include <sys/wait.h>
- #include <unistd.h>
- 
- #include "include/memory_utils.h"
-@@ -51,6 +52,24 @@ char *cmdline_buf = NULL;
- char *cmdline_cur = NULL;
- ssize_t cmdline_size = -1;
- 
-+int wait_for_pid(pid_t pid)
-+{
-+	int status, ret;
-+
-+again:
-+	ret = waitpid(pid, &status, 0);
-+	if (ret == -1) {
-+		if (errno == EINTR)
-+			goto again;
-+		return -1;
-+	}
-+	if (ret != pid)
-+		goto again;
-+	if (!WIFEXITED(status) || WEXITSTATUS(status) != 0)
-+		return -1;
-+	return 0;
-+}
-+
- char* advance_arg(bool required) {
- 	while (*cmdline_cur != 0)
- 		cmdline_cur++;
-
-From 2df51307cf58fc7a046579ea693f13d9543baa73 Mon Sep 17 00:00:00 2001
-From: Christian Brauner <christian.brauner@ubuntu.com>
-Date: Wed, 5 Feb 2020 20:30:06 +0100
-Subject: [PATCH 4/4] lxd/main_checkfeature: close listener
-
-Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
----
- lxd/main_checkfeature.go | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/lxd/main_checkfeature.go b/lxd/main_checkfeature.go
-index aa50fa9fe6..a584b00e8a 100644
---- a/lxd/main_checkfeature.go
-+++ b/lxd/main_checkfeature.go
-@@ -170,9 +170,9 @@ static int filecmp(pid_t pid1, pid_t pid2, int fd1, int fd2)
- 
- __noreturn static void __do_user_notification_continue(void)
- {
-+	__do_close_prot_errno int listener = -EBADF;
- 	pid_t pid;
- 	int ret;
--	int listener;
- 	struct seccomp_notif req = {};
- 	struct seccomp_notif_resp resp = {};
- 	struct pollfd pollfd;