diff options
author | Francesco Colista <fcolista@alpinelinux.org> | 2020-03-08 11:17:58 +0000 |
---|---|---|
committer | Francesco Colista <fcolista@alpinelinux.org> | 2020-03-08 14:10:07 +0000 |
commit | a30e8df14bdeb3efab24292faef804236662492e (patch) | |
tree | 861cf1a5d29d96361dc021493c7662a9f03b4689 /testing/lxd | |
parent | 227a906e8dfd0eaea3c84547da3f59ce78f349c7 (diff) | |
download | aports-a30e8df14bdeb3efab24292faef804236662492e.tar.bz2 aports-a30e8df14bdeb3efab24292faef804236662492e.tar.xz |
testing/lxd: upgrade to 3.22
Diffstat (limited to 'testing/lxd')
-rw-r--r-- | testing/lxd/APKBUILD | 10 | ||||
-rw-r--r-- | testing/lxd/seccomp-checkfeature.patch | 273 |
2 files changed, 4 insertions, 279 deletions
diff --git a/testing/lxd/APKBUILD b/testing/lxd/APKBUILD index 51a412d899..9f09895e03 100644 --- a/testing/lxd/APKBUILD +++ b/testing/lxd/APKBUILD @@ -1,8 +1,8 @@ # Contributor: Carlo Landmeter <clandmeter@gmail.com> # Maintainer: Francesco Colista <fcolista@alpinelinux.org> pkgname=lxd -pkgver=3.20 -pkgrel=1 +pkgver=3.22 +pkgrel=0 pkgdesc="a container hypervisor and a new user experience for LXC" url="https://linuxcontainers.org/lxd/" arch="all !aarch64" @@ -54,7 +54,6 @@ source="https://linuxcontainers.org/downloads/$pkgname/$pkgname-$pkgver.tar.gz $pkgname.initd lxd-dont-go-get.patch add-missing-includes.patch - seccomp-checkfeature.patch " # avoid conflict with system libsqlite3.so.0 by adding a soname prefix. # this makes lxd-libs provide so:lxd:libsqlite3.so.0 and lxd depend on @@ -170,9 +169,8 @@ libs() { rm -r "$pkgdir"/etc } -sha512sums="c3ee844935eceb8b62364cbc4ca894c0145870ac44712fbd9ddae4b6baca6959f45d14475550392b504c6dccaeb848fe40f47629cf8f0554ff78c0bd18a8e077 lxd-3.20.tar.gz +sha512sums="a91b225f24ca98b88da0f9c9be95cc30b40358a3ceee4c9409d7e67c9ff8841f453e4b13909f2ed8c46d1f10e8d8359563825a5fa04abb5659a3a5cda7252b75 lxd-3.22.tar.gz bc32c71f2ce10f508433e1e4651c08c18e8a17e9419a7ce391c0f127fc7cf378c665178926b35eae8813e290d9c5eab3ceb605679fd32efdf2cf98a57cee4127 lxd.confd 94de0c0d5ab63463a929a4151359950b1117d0ada5ccf0944311cc70c6b6d4c437ccb4158734ab35db67bfb4abc437074c3f3515be4531f63adc74da21fefb5b lxd.initd 6bd42ac2571eb77fc3761f549bf77771fbfc4dad8934f9ccf6e421b2874ae5205345511d46f16f69b0b653e859d8019382c5da077db9cbb8149ae883d544215c lxd-dont-go-get.patch -c9291e7df7e7d62324d6f31460268b138eaeb7928b2aceb9e1763bc123c4410557a887847e441c03efb92642a6c39c8db6557e2af6a738ac46a9df93b5ac1d3b add-missing-includes.patch -05315726bd672361799a2cf295b982bb5010f35c8a6ac3c2ed49d276ecc5acf02f1243a3ecb528283c575ff3fd4f1ecb781c1a74a44a7f6edd94f8d4a5e49e6b seccomp-checkfeature.patch" +c9291e7df7e7d62324d6f31460268b138eaeb7928b2aceb9e1763bc123c4410557a887847e441c03efb92642a6c39c8db6557e2af6a738ac46a9df93b5ac1d3b add-missing-includes.patch" diff --git a/testing/lxd/seccomp-checkfeature.patch b/testing/lxd/seccomp-checkfeature.patch deleted file mode 100644 index 96c9965d74..0000000000 --- a/testing/lxd/seccomp-checkfeature.patch +++ /dev/null @@ -1,273 +0,0 @@ -From 37b4d1576fe7fc68a1052da7d9ebebe7921800e7 Mon Sep 17 00:00:00 2001 -From: Christian Brauner <christian.brauner@ubuntu.com> -Date: Wed, 5 Feb 2020 20:17:50 +0100 -Subject: [PATCH 1/4] lxd/main_checkfeature: add explicit _exit() even if it's - not needed - -Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> ---- - lxd/main_checkfeature.go | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/lxd/main_checkfeature.go b/lxd/main_checkfeature.go -index 403dcfb231..42aae72f31 100644 ---- a/lxd/main_checkfeature.go -+++ b/lxd/main_checkfeature.go -@@ -266,8 +266,11 @@ static void is_user_notification_continue_aware(void) - if (pid < 0) - return; - -- if (pid == 0) -+ if (pid == 0) { - __do_user_notification_continue(); -+ // Should not be reached. -+ _exit(EXIT_FAILURE); -+ } - - ret = waitpid(pid, &status, 0); - if ((ret == pid) && WIFEXITED(status) && !WEXITSTATUS(status)) - -From 445de54e319348b938cbe0d343ff092ad8c94226 Mon Sep 17 00:00:00 2001 -From: Christian Brauner <christian.brauner@ubuntu.com> -Date: Wed, 5 Feb 2020 20:20:35 +0100 -Subject: [PATCH 2/4] lxd/main_checkfeature: s/exit()/_exit()/g - -Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> ---- - lxd/main_checkfeature.go | 16 ++++++++-------- - 1 file changed, 8 insertions(+), 8 deletions(-) - -diff --git a/lxd/main_checkfeature.go b/lxd/main_checkfeature.go -index 42aae72f31..77d80386be 100644 ---- a/lxd/main_checkfeature.go -+++ b/lxd/main_checkfeature.go -@@ -178,11 +178,11 @@ __noreturn static void __do_user_notification_continue(void) - - listener = user_trap_syscall(__NR_dup, SECCOMP_FILTER_FLAG_NEW_LISTENER); - if (listener < 0) -- exit(1); -+ _exit(EXIT_FAILURE); - - pid = fork(); - if (pid < 0) -- exit(1); -+ _exit(EXIT_FAILURE); - - if (pid == 0) { - int dup_fd, pipe_fds[2]; -@@ -192,21 +192,21 @@ __noreturn static void __do_user_notification_continue(void) - // will be closed anyway. - ret = pipe(pipe_fds); - if (ret < 0) -- exit(1); -+ _exit(EXIT_FAILURE); - - // O_CLOEXEC doesn't matter as we're in the child and we're - // not going to exec. - dup_fd = dup(pipe_fds[0]); - if (dup_fd < 0) -- exit(1); -+ _exit(EXIT_FAILURE); - - self = getpid(); - - ret = filecmp(self, self, pipe_fds[0], dup_fd); - if (ret) -- exit(2); -+ _exit(EXIT_FAILURE); - -- exit(0); -+ _exit(EXIT_SUCCESS); - } - - pollfd.fd = listener; -@@ -249,8 +249,8 @@ __noreturn static void __do_user_notification_continue(void) - cleanup_wait: - ret = waitpid(pid, &status, 0); - if ((ret != pid) || !WIFEXITED(status) || WEXITSTATUS(status)) -- exit(1); -- exit(0); -+ _exit(EXIT_FAILURE); -+ _exit(EXIT_SUCCESS); - - cleanup_sigkill: - kill(pid, SIGKILL); - -From 9e89729860828215070a03529c7bffcdd8683567 Mon Sep 17 00:00:00 2001 -From: Christian Brauner <christian.brauner@ubuntu.com> -Date: Wed, 5 Feb 2020 20:26:11 +0100 -Subject: [PATCH 3/4] cgo: export wait_for_pid() helper - -to handle being interrupted by a signal in other parts of the codebase. - -Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> ---- - lxd/main_checkfeature.go | 15 ++++++++------- - lxd/main_forkproxy.go | 19 +------------------ - lxd/main_nsexec.go | 19 +++++++++++++++++++ - 3 files changed, 28 insertions(+), 25 deletions(-) - -diff --git a/lxd/main_checkfeature.go b/lxd/main_checkfeature.go -index 77d80386be..aa50fa9fe6 100644 ---- a/lxd/main_checkfeature.go -+++ b/lxd/main_checkfeature.go -@@ -17,10 +17,10 @@ import ( - #include <stdio.h> - #include <stdlib.h> - #include <sched.h> -+#include <signal.h> - #include <string.h> - #include <sys/stat.h> - #include <sys/types.h> --#include <sys/wait.h> - #include <unistd.h> - #include <syscall.h> - #include <linux/seccomp.h> -@@ -39,6 +39,7 @@ __ro_after_init int seccomp_notify_aware = 0; - __ro_after_init char errbuf[4096]; - - extern int can_inject_uevent(const char *uevent, size_t len); -+extern int wait_for_pid(pid_t pid); - - static int netns_set_nsid(int fd) - { -@@ -171,7 +172,7 @@ __noreturn static void __do_user_notification_continue(void) - { - pid_t pid; - int ret; -- int status, listener; -+ int listener; - struct seccomp_notif req = {}; - struct seccomp_notif_resp resp = {}; - struct pollfd pollfd; -@@ -247,8 +248,8 @@ __noreturn static void __do_user_notification_continue(void) - } - - cleanup_wait: -- ret = waitpid(pid, &status, 0); -- if ((ret != pid) || !WIFEXITED(status) || WEXITSTATUS(status)) -+ ret = wait_for_pid(pid); -+ if (ret) - _exit(EXIT_FAILURE); - _exit(EXIT_SUCCESS); - -@@ -259,7 +260,7 @@ cleanup_sigkill: - - static void is_user_notification_continue_aware(void) - { -- int ret, status; -+ int ret; - pid_t pid; - - pid = fork(); -@@ -272,8 +273,8 @@ static void is_user_notification_continue_aware(void) - _exit(EXIT_FAILURE); - } - -- ret = waitpid(pid, &status, 0); -- if ((ret == pid) && WIFEXITED(status) && !WEXITSTATUS(status)) -+ ret = wait_for_pid(pid); -+ if (!ret) - seccomp_notify_aware = 2; - } - -diff --git a/lxd/main_forkproxy.go b/lxd/main_forkproxy.go -index ec758b3a73..8bf38af7e4 100644 ---- a/lxd/main_forkproxy.go -+++ b/lxd/main_forkproxy.go -@@ -41,6 +41,7 @@ import ( - extern char* advance_arg(bool required); - extern void attach_userns(int pid); - extern int dosetns(int pid, char *nstype); -+extern int wait_for_pid(pid_t pid); - - int whoami = -ESRCH; - -@@ -59,24 +60,6 @@ static int switch_uid_gid(uint32_t uid, uint32_t gid) - return 0; - } - --static int wait_for_pid(pid_t pid) --{ -- int status, ret; -- --again: -- ret = waitpid(pid, &status, 0); -- if (ret == -1) { -- if (errno == EINTR) -- goto again; -- return -1; -- } -- if (ret != pid) -- goto again; -- if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) -- return -1; -- return 0; --} -- - static int lxc_epoll_wait_nointr(int epfd, struct epoll_event* events, - int maxevents, int timeout) - { -diff --git a/lxd/main_nsexec.go b/lxd/main_nsexec.go -index 5e98408f1e..79ce48570e 100644 ---- a/lxd/main_nsexec.go -+++ b/lxd/main_nsexec.go -@@ -33,6 +33,7 @@ package main - #include <string.h> - #include <sys/stat.h> - #include <sys/types.h> -+#include <sys/wait.h> - #include <unistd.h> - - #include "include/memory_utils.h" -@@ -51,6 +52,24 @@ char *cmdline_buf = NULL; - char *cmdline_cur = NULL; - ssize_t cmdline_size = -1; - -+int wait_for_pid(pid_t pid) -+{ -+ int status, ret; -+ -+again: -+ ret = waitpid(pid, &status, 0); -+ if (ret == -1) { -+ if (errno == EINTR) -+ goto again; -+ return -1; -+ } -+ if (ret != pid) -+ goto again; -+ if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) -+ return -1; -+ return 0; -+} -+ - char* advance_arg(bool required) { - while (*cmdline_cur != 0) - cmdline_cur++; - -From 2df51307cf58fc7a046579ea693f13d9543baa73 Mon Sep 17 00:00:00 2001 -From: Christian Brauner <christian.brauner@ubuntu.com> -Date: Wed, 5 Feb 2020 20:30:06 +0100 -Subject: [PATCH 4/4] lxd/main_checkfeature: close listener - -Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> ---- - lxd/main_checkfeature.go | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lxd/main_checkfeature.go b/lxd/main_checkfeature.go -index aa50fa9fe6..a584b00e8a 100644 ---- a/lxd/main_checkfeature.go -+++ b/lxd/main_checkfeature.go -@@ -170,9 +170,9 @@ static int filecmp(pid_t pid1, pid_t pid2, int fd1, int fd2) - - __noreturn static void __do_user_notification_continue(void) - { -+ __do_close_prot_errno int listener = -EBADF; - pid_t pid; - int ret; -- int listener; - struct seccomp_notif req = {}; - struct seccomp_notif_resp resp = {}; - struct pollfd pollfd; |