diff options
Diffstat (limited to 'main/lxc/0003-Update-the-openvswitch-bridge-attach-code.patch')
| -rw-r--r-- | main/lxc/0003-Update-the-openvswitch-bridge-attach-code.patch | 134 |
1 files changed, 0 insertions, 134 deletions
diff --git a/main/lxc/0003-Update-the-openvswitch-bridge-attach-code.patch b/main/lxc/0003-Update-the-openvswitch-bridge-attach-code.patch deleted file mode 100644 index ff6085d686..0000000000 --- a/main/lxc/0003-Update-the-openvswitch-bridge-attach-code.patch +++ /dev/null @@ -1,134 +0,0 @@ -From 26e73e11dcf4c59f90dea06fa36749be06202d04 Mon Sep 17 00:00:00 2001 -From: Serge Hallyn <serge.hallyn@ubuntu.com> -Date: Fri, 22 Aug 2014 20:29:23 +0000 -Subject: [PATCH 3/3] Update the openvswitch bridge attach code -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -1. don't determine ovs-vsctl path at configure time, do it at runtime - -2. lxc-user-nic: set a sane path to protect from unpriv users - -Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> -Acked-by: Stéphane Graber <stgraber@ubuntu.com> -(cherry picked from commit 6ad22d063aa0fdbd77425acd7f9c9de79e5aff3e) ---- - configure.ac | 11 ----------- - src/lxc/Makefile.am | 4 ---- - src/lxc/lxc_user_nic.c | 5 +++++ - src/lxc/network.c | 20 +++++++------------- - 4 files changed, 12 insertions(+), 28 deletions(-) - -diff --git a/configure.ac b/configure.ac -index e0efae7..6ec5740 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -192,16 +192,6 @@ fi - - AM_CONDITIONAL([ENABLE_API_DOCS], [test "x$HAVE_DOXYGEN" != "x"]) - --# Openvswitch --AC_PATH_PROG([OVS_CTL_PATH],[ovs-vsctl]) --if test "x$OVS_CTL_PATH" != "x"; then -- enable_ovs="yes" -- AS_AC_EXPAND(OVS_CTL_PATH, "$OVS_CTL_PATH") --else -- enable_ovs="no" --fi --AM_CONDITIONAL([HAVE_OVS], [test "x$enable_ovs" = "xyes"]) -- - # Apparmor - AC_ARG_ENABLE([apparmor], - [AC_HELP_STRING([--enable-apparmor], [enable apparmor support [default=auto]])], -@@ -750,7 +740,6 @@ Environment: - - rpath: $enable_rpath - - GnuTLS: $enable_gnutls - - Bash integration: $enable_bash -- - Openvswitch: $enable_ovs - - Security features: - - Apparmor: $enable_apparmor -diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am -index ddeb37e..92841aa 100644 ---- a/src/lxc/Makefile.am -+++ b/src/lxc/Makefile.am -@@ -129,10 +129,6 @@ if ENABLE_APPARMOR - AM_CFLAGS += -DHAVE_APPARMOR - endif - --if HAVE_OVS --AM_CFLAGS += -DHAVE_OVS -DOVS_CTL_PATH=\"$(OVS_CTL_PATH)\" --endif -- - if ENABLE_CGMANAGER - AM_CFLAGS += -DHAVE_CGMANAGER - endif -diff --git a/src/lxc/lxc_user_nic.c b/src/lxc/lxc_user_nic.c -index 64e9d1a..b2a583c 100644 ---- a/src/lxc/lxc_user_nic.c -+++ b/src/lxc/lxc_user_nic.c -@@ -590,6 +590,11 @@ int main(int argc, char *argv[]) - char *vethname = NULL; - int pid; - -+ /* set a sane path, because we are setuid-root */ -+ if (setenv("PATH", "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", 1) < 0) { -+ fprintf(stderr, "Failed to set PATH, exiting\n"); -+ exit(1); -+ } - if ((me = get_username()) == NULL) { - fprintf(stderr, "Failed to get username\n"); - exit(1); -diff --git a/src/lxc/network.c b/src/lxc/network.c -index dfab159..32edfc4 100644 ---- a/src/lxc/network.c -+++ b/src/lxc/network.c -@@ -1171,7 +1171,6 @@ int lxc_ipv6_dest_add(int ifindex, struct in6_addr *dest) - return ip_route_dest_add(AF_INET6, ifindex, dest); - } - --#ifdef HAVE_OVS - static bool is_ovs_bridge(const char *bridge) - { - char brdirname[22 + IFNAMSIZ + 1] = {0}; -@@ -1186,7 +1185,12 @@ static bool is_ovs_bridge(const char *bridge) - static int attach_to_ovs_bridge(const char *bridge, const char *nic) - { - pid_t pid; -- const char *progname; -+ char *cmd; -+ -+ cmd = on_path("ovs-vsctl"); -+ if (!cmd) -+ return -1; -+ free(cmd); - - pid = fork(); - if (pid < 0) -@@ -1194,21 +1198,11 @@ static int attach_to_ovs_bridge(const char *bridge, const char *nic) - if (pid > 0) - return wait_for_pid(pid); - -- progname = strrchr(OVS_CTL_PATH, '/'); -- if (!progname) // not sane, should we just fail? -- progname = OVS_CTL_PATH; -- if (execl(OVS_CTL_PATH, progname, "add-port", bridge, nic, NULL)) -+ if (execlp("ovs-vsctl", "ovs-vsctl", "add-port", bridge, nic, NULL)) - exit(1); - // not reached - exit(1); - } --#else --static inline bool is_ovs_bridge(const char *bridge) { return false; } --static inline int attach_to_ovs_bridge(const char *bridge, const char *nic) --{ -- return -1; --} --#endif - - /* - * There is a lxc_bridge_attach, but no need of a bridge detach --- -2.1.2 - |