diff options
-rw-r--r-- | main/lxc/0001-Support-openvswitch-bridges.patch | 138 | ||||
-rw-r--r-- | main/lxc/0002-fix-typo.patch | 27 | ||||
-rw-r--r-- | main/lxc/0003-Update-the-openvswitch-bridge-attach-code.patch | 134 | ||||
-rw-r--r-- | main/lxc/APKBUILD | 30 |
4 files changed, 9 insertions, 320 deletions
diff --git a/main/lxc/0001-Support-openvswitch-bridges.patch b/main/lxc/0001-Support-openvswitch-bridges.patch deleted file mode 100644 index 09f91349f5..0000000000 --- a/main/lxc/0001-Support-openvswitch-bridges.patch +++ /dev/null @@ -1,138 +0,0 @@ -From 8acaf18100f3c974cd4a204d531fe0077e95829c Mon Sep 17 00:00:00 2001 -From: Serge Hallyn <serge.hallyn@ubuntu.com> -Date: Mon, 21 Jul 2014 17:48:55 -0500 -Subject: [PATCH 1/3] Support openvswitch bridges - -We detect whether ovs-vsctl is available. If so, then we support -adding network interfaces to openvswitch bridges with it. - -Note that with this patch, veths do not appear to be removed from the -openvswitch bridge. This seems a bug in openvswitch, as the veths -in fact do disappear from the system. If lxc is required to remove -the port from the bridge manually, that becomes more complicated -for unprivileged containers, as it would require a setuid-root -wrapper to be called at shutdown. - -Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> -(cherry picked from commit 0d2047716ad6967eb4714b2448a89593dc266cef) ---- - configure.ac | 11 +++++++++++ - src/lxc/Makefile.am | 4 ++++ - src/lxc/network.c | 43 +++++++++++++++++++++++++++++++++++++++++++ - 3 files changed, 58 insertions(+) - -diff --git a/configure.ac b/configure.ac -index 6ec5740..e0efae7 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -192,6 +192,16 @@ fi - - AM_CONDITIONAL([ENABLE_API_DOCS], [test "x$HAVE_DOXYGEN" != "x"]) - -+# Openvswitch -+AC_PATH_PROG([OVS_CTL_PATH],[ovs-vsctl]) -+if test "x$OVS_CTL_PATH" != "x"; then -+ enable_ovs="yes" -+ AS_AC_EXPAND(OVS_CTL_PATH, "$OVS_CTL_PATH") -+else -+ enable_ovs="no" -+fi -+AM_CONDITIONAL([HAVE_OVS], [test "x$enable_ovs" = "xyes"]) -+ - # Apparmor - AC_ARG_ENABLE([apparmor], - [AC_HELP_STRING([--enable-apparmor], [enable apparmor support [default=auto]])], -@@ -740,6 +750,7 @@ Environment: - - rpath: $enable_rpath - - GnuTLS: $enable_gnutls - - Bash integration: $enable_bash -+ - Openvswitch: $enable_ovs - - Security features: - - Apparmor: $enable_apparmor -diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am -index 92841aa..ddeb37e 100644 ---- a/src/lxc/Makefile.am -+++ b/src/lxc/Makefile.am -@@ -129,6 +129,10 @@ if ENABLE_APPARMOR - AM_CFLAGS += -DHAVE_APPARMOR - endif - -+if HAVE_OVS -+AM_CFLAGS += -DHAVE_OVS -DOVS_CTL_PATH=\"$(OVS_CTL_PATH)\" -+endif -+ - if ENABLE_CGMANAGER - AM_CFLAGS += -DHAVE_CGMANAGER - endif -diff --git a/src/lxc/network.c b/src/lxc/network.c -index a9900de..4270619 100644 ---- a/src/lxc/network.c -+++ b/src/lxc/network.c -@@ -48,6 +48,7 @@ - #include "nl.h" - #include "network.h" - #include "conf.h" -+#include "utils.h" - - #if HAVE_IFADDRS_H - #include <ifaddrs.h> -@@ -1170,6 +1171,45 @@ int lxc_ipv6_dest_add(int ifindex, struct in6_addr *dest) - return ip_route_dest_add(AF_INET6, ifindex, dest); - } - -+#ifdef HAVE_OVS -+static bool is_ovs_bridge(const char *bridge) -+{ -+ char brdirname[22 + IFNAMSIZ + 1] = {0}; -+ struct stat sb; -+ -+ snprintf(brdirname, 22 +IFNAMSIZ + 1, "/sys/class/net/%s/bridge", bridge); -+ if (stat(brdirname, &sb) == -1 && errno == ENOENT) -+ return true; -+ return false; -+} -+ -+static int attach_to_ovs_bridge(const char *bridge, const char *nic) -+{ -+ pid_t pid; -+ const char *progname; -+ -+ pid = fork(); -+ if (pid < 0) -+ return -1; -+ if (pid > 0) -+ return wait_for_pid(pid); -+ -+ progname = strrchr(OVS_CTL_PATH, '/'); -+ if (!progname) // not sane, should we just fail? -+ progname = OVS_CTL_PATH; -+ if (execl(OVS_CTL_PATH, progname, "add-port", bridge, nic, NULL)) -+ exit(1); -+ // not reached -+ exit(1); -+} -+#else -+static inline bool is_ovs_bridge(const char *bridge) { return false; } -+static inline int attach_to_ovs_bridge(const char *bridge, const char *nic) -+{ -+ retun -1; -+} -+#endif -+ - /* - * There is a lxc_bridge_attach, but no need of a bridge detach - * as automatically done by kernel when a netdev is deleted. -@@ -1186,6 +1226,9 @@ int lxc_bridge_attach(const char *bridge, const char *ifname) - if (!index) - return -EINVAL; - -+ if (is_ovs_bridge(bridge)) -+ return attach_to_ovs_bridge(bridge, ifname); -+ - fd = socket(AF_INET, SOCK_STREAM, 0); - if (fd < 0) - return -errno; --- -2.1.2 - diff --git a/main/lxc/0002-fix-typo.patch b/main/lxc/0002-fix-typo.patch deleted file mode 100644 index 828e6cb7e9..0000000000 --- a/main/lxc/0002-fix-typo.patch +++ /dev/null @@ -1,27 +0,0 @@ -From b63fcfdcdcb17474c5ee1a8a62c9a4618cac4410 Mon Sep 17 00:00:00 2001 -From: Serge Hallyn <serge.hallyn@ubuntu.com> -Date: Wed, 23 Jul 2014 10:19:24 -0500 -Subject: [PATCH 2/3] fix typo - -Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> -(cherry picked from commit f50b163d1d565a9c5f3fbab725b999c5746961ad) ---- - src/lxc/network.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/lxc/network.c b/src/lxc/network.c -index 4270619..dfab159 100644 ---- a/src/lxc/network.c -+++ b/src/lxc/network.c -@@ -1206,7 +1206,7 @@ static int attach_to_ovs_bridge(const char *bridge, const char *nic) - static inline bool is_ovs_bridge(const char *bridge) { return false; } - static inline int attach_to_ovs_bridge(const char *bridge, const char *nic) - { -- retun -1; -+ return -1; - } - #endif - --- -2.1.2 - diff --git a/main/lxc/0003-Update-the-openvswitch-bridge-attach-code.patch b/main/lxc/0003-Update-the-openvswitch-bridge-attach-code.patch deleted file mode 100644 index ff6085d686..0000000000 --- a/main/lxc/0003-Update-the-openvswitch-bridge-attach-code.patch +++ /dev/null @@ -1,134 +0,0 @@ -From 26e73e11dcf4c59f90dea06fa36749be06202d04 Mon Sep 17 00:00:00 2001 -From: Serge Hallyn <serge.hallyn@ubuntu.com> -Date: Fri, 22 Aug 2014 20:29:23 +0000 -Subject: [PATCH 3/3] Update the openvswitch bridge attach code -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -1. don't determine ovs-vsctl path at configure time, do it at runtime - -2. lxc-user-nic: set a sane path to protect from unpriv users - -Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> -Acked-by: Stéphane Graber <stgraber@ubuntu.com> -(cherry picked from commit 6ad22d063aa0fdbd77425acd7f9c9de79e5aff3e) ---- - configure.ac | 11 ----------- - src/lxc/Makefile.am | 4 ---- - src/lxc/lxc_user_nic.c | 5 +++++ - src/lxc/network.c | 20 +++++++------------- - 4 files changed, 12 insertions(+), 28 deletions(-) - -diff --git a/configure.ac b/configure.ac -index e0efae7..6ec5740 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -192,16 +192,6 @@ fi - - AM_CONDITIONAL([ENABLE_API_DOCS], [test "x$HAVE_DOXYGEN" != "x"]) - --# Openvswitch --AC_PATH_PROG([OVS_CTL_PATH],[ovs-vsctl]) --if test "x$OVS_CTL_PATH" != "x"; then -- enable_ovs="yes" -- AS_AC_EXPAND(OVS_CTL_PATH, "$OVS_CTL_PATH") --else -- enable_ovs="no" --fi --AM_CONDITIONAL([HAVE_OVS], [test "x$enable_ovs" = "xyes"]) -- - # Apparmor - AC_ARG_ENABLE([apparmor], - [AC_HELP_STRING([--enable-apparmor], [enable apparmor support [default=auto]])], -@@ -750,7 +740,6 @@ Environment: - - rpath: $enable_rpath - - GnuTLS: $enable_gnutls - - Bash integration: $enable_bash -- - Openvswitch: $enable_ovs - - Security features: - - Apparmor: $enable_apparmor -diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am -index ddeb37e..92841aa 100644 ---- a/src/lxc/Makefile.am -+++ b/src/lxc/Makefile.am -@@ -129,10 +129,6 @@ if ENABLE_APPARMOR - AM_CFLAGS += -DHAVE_APPARMOR - endif - --if HAVE_OVS --AM_CFLAGS += -DHAVE_OVS -DOVS_CTL_PATH=\"$(OVS_CTL_PATH)\" --endif -- - if ENABLE_CGMANAGER - AM_CFLAGS += -DHAVE_CGMANAGER - endif -diff --git a/src/lxc/lxc_user_nic.c b/src/lxc/lxc_user_nic.c -index 64e9d1a..b2a583c 100644 ---- a/src/lxc/lxc_user_nic.c -+++ b/src/lxc/lxc_user_nic.c -@@ -590,6 +590,11 @@ int main(int argc, char *argv[]) - char *vethname = NULL; - int pid; - -+ /* set a sane path, because we are setuid-root */ -+ if (setenv("PATH", "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", 1) < 0) { -+ fprintf(stderr, "Failed to set PATH, exiting\n"); -+ exit(1); -+ } - if ((me = get_username()) == NULL) { - fprintf(stderr, "Failed to get username\n"); - exit(1); -diff --git a/src/lxc/network.c b/src/lxc/network.c -index dfab159..32edfc4 100644 ---- a/src/lxc/network.c -+++ b/src/lxc/network.c -@@ -1171,7 +1171,6 @@ int lxc_ipv6_dest_add(int ifindex, struct in6_addr *dest) - return ip_route_dest_add(AF_INET6, ifindex, dest); - } - --#ifdef HAVE_OVS - static bool is_ovs_bridge(const char *bridge) - { - char brdirname[22 + IFNAMSIZ + 1] = {0}; -@@ -1186,7 +1185,12 @@ static bool is_ovs_bridge(const char *bridge) - static int attach_to_ovs_bridge(const char *bridge, const char *nic) - { - pid_t pid; -- const char *progname; -+ char *cmd; -+ -+ cmd = on_path("ovs-vsctl"); -+ if (!cmd) -+ return -1; -+ free(cmd); - - pid = fork(); - if (pid < 0) -@@ -1194,21 +1198,11 @@ static int attach_to_ovs_bridge(const char *bridge, const char *nic) - if (pid > 0) - return wait_for_pid(pid); - -- progname = strrchr(OVS_CTL_PATH, '/'); -- if (!progname) // not sane, should we just fail? -- progname = OVS_CTL_PATH; -- if (execl(OVS_CTL_PATH, progname, "add-port", bridge, nic, NULL)) -+ if (execlp("ovs-vsctl", "ovs-vsctl", "add-port", bridge, nic, NULL)) - exit(1); - // not reached - exit(1); - } --#else --static inline bool is_ovs_bridge(const char *bridge) { return false; } --static inline int attach_to_ovs_bridge(const char *bridge, const char *nic) --{ -- return -1; --} --#endif - - /* - * There is a lxc_bridge_attach, but no need of a bridge detach --- -2.1.2 - diff --git a/main/lxc/APKBUILD b/main/lxc/APKBUILD index 63b3a7d98c..35c10eda24 100644 --- a/main/lxc/APKBUILD +++ b/main/lxc/APKBUILD @@ -1,7 +1,7 @@ # Contributor: William Pitcock <nenolod@dereferenced.org> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=lxc -pkgver=1.0.7 +pkgver=1.1.0 _mypkgver=${pkgver/_rc/.rc} pkgrel=0 pkgdesc="linux containers - tools" @@ -10,7 +10,8 @@ arch="all" license="GPL" depends="bash" depends_dev="libcap-dev" -makedepends="$depends_dev lvm2 util-linux automake autoconf libtool lua5.2-dev" +makedepends="$depends_dev lvm2 util-linux automake autoconf libtool lua5.2-dev + linux-headers" install="" options="suid" subpackages="$pkgname-dev $pkgname-doc $pkgname-lvm lua5.2-lxc:_lua52 @@ -18,10 +19,6 @@ subpackages="$pkgname-dev $pkgname-doc $pkgname-lvm lua5.2-lxc:_lua52 source="https://github.com/lxc/lxc/archive/lxc-$_mypkgver.tar.gz version.patch lxc.initd - - 0001-Support-openvswitch-bridges.patch - 0002-fix-typo.patch - 0003-Update-the-openvswitch-bridge-attach-code.patch " _builddir="${srcdir}/lxc-lxc-${_mypkgver}" @@ -89,21 +86,12 @@ dev() { "$pkgdir"/usr/bin/ || return 1 } -md5sums="debba05a5d84b632d88a70c36cf97c03 lxc-1.0.7.tar.gz +md5sums="02a7865eede1cba5a6bb97c2f5e41b37 lxc-1.1.0.tar.gz 79e90616b5049a472ccdcb5b1dcdd8b1 version.patch -2c21cb054c7f373318e373cfa9e4f78c lxc.initd -0800600ea0e9a0a4eab5822e8f14d6a2 0001-Support-openvswitch-bridges.patch -82f16afb2cec1dfca66e4057daf02694 0002-fix-typo.patch -fc502befeee596d5a1cf78d4f294a3e9 0003-Update-the-openvswitch-bridge-attach-code.patch" -sha256sums="a0b1b09592e076e270dcb3ba004616d9ac3147f9de0b78ca39a30f8956b0a8f2 lxc-1.0.7.tar.gz +2c21cb054c7f373318e373cfa9e4f78c lxc.initd" +sha256sums="216e806f7e18e5bfbc782493a9e44fc255f24a587d6faee94cda848a0b949155 lxc-1.1.0.tar.gz b6d85fb23940d2511b3951de56b2532843c0e03ec1613548366361cc0c1a46b9 version.patch -97606cf912818f7ba099d72cb42b25fee44789c1bfd67f1c0150253e86dc6979 lxc.initd -a415aa17655788a49627eb2e06fd06b3f73dfea283a9c67c9bf7029430fcca88 0001-Support-openvswitch-bridges.patch -e6502aa038b18dc4dff7eea6d916215babb8ce775d7c79b2fb7669edcc23ea97 0002-fix-typo.patch -3a63dda403a2fab04fa5d2c9e7762efdcb911cbd913399b8226abdec6643fec9 0003-Update-the-openvswitch-bridge-attach-code.patch" -sha512sums="e6ff42a7b41177e1be0d2cd47d4c554565c7fc35355f3aa8aeba00d4adc7a0f364ecd060ddb6c97b2fe5968329c4e4c4b3cb022bffd2da145f30880f077264a8 lxc-1.0.7.tar.gz +97606cf912818f7ba099d72cb42b25fee44789c1bfd67f1c0150253e86dc6979 lxc.initd" +sha512sums="160da88d6dc96cd9f0679f948bfed057c024adcd459fa4b79e872d12284fa3774ac33a13923c6e150072886a371ccfcdf7ab2c4587efa7f6175fc91a67525c4a lxc-1.1.0.tar.gz e2ffcbf55447291a8434a4f37255c3a6a119bc4116c75d205006aa2b070bf6be28535cf6107bead14bbf64bf9fa415346ab544bd1c15e1add7d1c6380e6b2def version.patch -bcf73032f2c7d17d457bcd5405071a869dcdeef36ef6b9bf5e13f21d5b4c5e1548a09114dd032863ba91358b74b2a72598bf01e53520185492593c2f4db15ffc lxc.initd -636dc009496f8648ba10aec6b590c2d1f5db17bf76161fec2b38a7a994198d2ac9c1af7e342f4d3e695d53951b5309447f20155fb79e00489a2f5c0513d08d89 0001-Support-openvswitch-bridges.patch -dc5f5f230df91ea951e231aaedebab8217bcf6a676e2da88f4db3e0b36cdd922fb888c0f6a0eb34d5065add9c002b080c9ac687f9cd16875bd18d4f120f56d6e 0002-fix-typo.patch -c7089b58dc7c4d2fc8cb245c7eb43930bd9e821e136e5461c3f79af063c640076c07d92afd5675cc57bb832e85690d917b87b337d075505a65e154efa7c45bc0 0003-Update-the-openvswitch-bridge-attach-code.patch" +bcf73032f2c7d17d457bcd5405071a869dcdeef36ef6b9bf5e13f21d5b4c5e1548a09114dd032863ba91358b74b2a72598bf01e53520185492593c2f4db15ffc lxc.initd" |