diff --git a/srcpkgs/lxc/patches/3dd7829433f63b2ec1323a1f237efa7d67ea6e2b.patch b/srcpkgs/lxc/patches/3dd7829433f63b2ec1323a1f237efa7d67ea6e2b.patch new file mode 100644 index 00000000000..189bb656e04 --- /dev/null +++ b/srcpkgs/lxc/patches/3dd7829433f63b2ec1323a1f237efa7d67ea6e2b.patch @@ -0,0 +1,91 @@ +From 3dd7829433f63b2ec1323a1f237efa7d67ea6e2b Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Fri, 26 Jul 2019 08:20:02 +0200 +Subject: [PATCH] network: restore ability to move nl80211 devices + +Closes #3105. +Signed-off-by: Christian Brauner +--- + src/lxc/network.c | 31 +++++++++++++++++-------------- + 1 file changed, 17 insertions(+), 14 deletions(-) + +diff --git src/lxc/network.c src/lxc/network.c +index 9755116ba1..7684f95918 100644 +--- src/lxc/network.c ++++ src/lxc/network.c +@@ -1248,22 +1248,21 @@ static int lxc_netdev_rename_by_name_in_netns(pid_t pid, const char *old, + static int lxc_netdev_move_wlan(char *physname, const char *ifname, pid_t pid, + const char *newname) + { +- char *cmd; ++ __do_free char *cmd = NULL; + pid_t fpid; +- int err = -1; + + /* Move phyN into the container. TODO - do this using netlink. + * However, IIUC this involves a bit more complicated work to talk to + * the 80211 module, so for now just call out to iw. + */ + cmd = on_path("iw", NULL); +- if (!cmd) +- goto out1; +- free(cmd); ++ if (!cmd) { ++ return -1; ++ } + + fpid = fork(); + if (fpid < 0) +- goto out1; ++ return -1; + + if (fpid == 0) { + char pidstr[30]; +@@ -1274,21 +1273,18 @@ static int lxc_netdev_move_wlan(char *physname, const char *ifname, pid_t pid, + } + + if (wait_for_pid(fpid)) +- goto out1; ++ return -1; + +- err = 0; + if (newname) +- err = lxc_netdev_rename_by_name_in_netns(pid, ifname, newname); ++ return lxc_netdev_rename_by_name_in_netns(pid, ifname, newname); + +-out1: +- free(physname); +- return err; ++ return 0; + } + + int lxc_netdev_move_by_name(const char *ifname, pid_t pid, const char* newname) + { ++ __do_free char *physname = NULL; + int index; +- char *physname; + + if (!ifname) + return -EINVAL; +@@ -3279,13 +3275,20 @@ int lxc_network_move_created_netdev_priv(struct lxc_handler *handler) + return 0; + + lxc_list_for_each(iterator, network) { ++ __do_free char *physname = NULL; + int ret; + struct lxc_netdev *netdev = iterator->elem; + + if (!netdev->ifindex) + continue; + +- ret = lxc_netdev_move_by_index(netdev->ifindex, pid, NULL); ++ if (netdev->type == LXC_NET_PHYS) ++ physname = is_wlan(netdev->link); ++ ++ if (physname) ++ ret = lxc_netdev_move_wlan(physname, netdev->link, pid, NULL); ++ else ++ ret = lxc_netdev_move_by_index(netdev->ifindex, pid, NULL); + if (ret) { + errno = -ret; + SYSERROR("Failed to move network device \"%s\" with ifindex %d to network namespace %d", diff --git a/srcpkgs/lxc/patches/6453ba565ed7e3be9b3c9fa74ac07cf8e06b9afc.patch b/srcpkgs/lxc/patches/6453ba565ed7e3be9b3c9fa74ac07cf8e06b9afc.patch new file mode 100644 index 00000000000..5098f20af90 --- /dev/null +++ b/srcpkgs/lxc/patches/6453ba565ed7e3be9b3c9fa74ac07cf8e06b9afc.patch @@ -0,0 +1,42 @@ +From 6453ba565ed7e3be9b3c9fa74ac07cf8e06b9afc Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Tue, 23 Jul 2019 16:41:46 +0200 +Subject: [PATCH] tree-wide: initialize all auto-cleanup variables + +Closes: #3101. +Signed-off-by: Christian Brauner +--- + src/lxc/cgroups/cgfsng.c | 2 +- + src/lxc/confile.c | 6 +++--- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git src/lxc/cgroups/cgfsng.c src/lxc/cgroups/cgfsng.c +index 87e12d2ddd..7b8fe6736f 100644 +--- src/lxc/cgroups/cgfsng.c ++++ src/lxc/cgroups/cgfsng.c +@@ -1260,7 +1260,7 @@ static int mkdir_eexist_on_last(const char *dir, mode_t mode) + + orig_len = strlen(dir); + do { +- __do_free char *makeme; ++ __do_free char *makeme = NULL; + int ret; + size_t cur_len; + +diff --git src/lxc/confile.c src/lxc/confile.c +index 36d62cbcac..c0cba7c547 100644 +--- src/lxc/confile.c ++++ src/lxc/confile.c +@@ -909,9 +909,9 @@ static int set_config_net_ipv6_gateway(const char *key, const char *value, + static int set_config_net_veth_ipv6_route(const char *key, const char *value, + struct lxc_conf *lxc_conf, void *data) + { +- __do_free char *valdup; +- __do_free struct lxc_inet6dev *inet6dev; +- __do_free struct lxc_list *list; ++ __do_free char *valdup = NULL; ++ __do_free struct lxc_inet6dev *inet6dev = NULL; ++ __do_free struct lxc_list *list = NULL; + int ret; + char *netmask, *slash; + struct lxc_netdev *netdev = data; diff --git a/srcpkgs/lxc/patches/7c3d3976fa4036fe5c260ca3a68376360e98e260.patch b/srcpkgs/lxc/patches/7c3d3976fa4036fe5c260ca3a68376360e98e260.patch new file mode 100644 index 00000000000..26029b42116 --- /dev/null +++ b/srcpkgs/lxc/patches/7c3d3976fa4036fe5c260ca3a68376360e98e260.patch @@ -0,0 +1,74 @@ +From 7c3d3976fa4036fe5c260ca3a68376360e98e260 Mon Sep 17 00:00:00 2001 +From: Julio Faracco +Date: Sat, 3 Aug 2019 02:16:13 -0300 +Subject: [PATCH] utils: Fix wrong integer of a function parameter. + +If SSL is enabled, utils will include function `do_sha1_hash()` to +generate a sha1 encrypted buffer. Last function argument of +`EVP_DigestFinal_ex()` requires a `unsigned int` but the current +parameter is an `integer` type. + +See error: +utils.c:350:38: error: passing 'int *' to parameter of type 'unsigned int *' converts between pointers to integer types with different sign + [-Werror,-Wpointer-sign] + EVP_DigestFinal_ex(mdctx, md_value, md_len); + ^~~~~~ +/usr/include/openssl/evp.h:549:49: note: passing argument to parameter 's' here + unsigned int *s); + +Signed-off-by: Julio Faracco +--- + src/lxc/lxccontainer.c | 3 ++- + src/lxc/utils.c | 4 ++-- + src/lxc/utils.h | 2 +- + 3 files changed, 5 insertions(+), 4 deletions(-) + +diff --git src/lxc/lxccontainer.c src/lxc/lxccontainer.c +index 52c38fd330..09d427a491 100644 +--- src/lxc/lxccontainer.c ++++ src/lxc/lxccontainer.c +@@ -1660,7 +1660,8 @@ static bool prepend_lxc_header(char *path, const char *t, char *const argv[]) + FILE *f; + int ret = -1; + #if HAVE_OPENSSL +- int i, md_len = 0; ++ int i; ++ unsigned int md_len = 0; + unsigned char md_value[EVP_MAX_MD_SIZE]; + char *tpath; + #endif +diff --git src/lxc/utils.c src/lxc/utils.c +index bf4a9c2cbd..9ddbabfc85 100644 +--- src/lxc/utils.c ++++ src/lxc/utils.c +@@ -333,7 +333,7 @@ int lxc_wait_for_pid_status(pid_t pid) + #ifdef HAVE_OPENSSL + #include + +-static int do_sha1_hash(const char *buf, int buflen, unsigned char *md_value, int *md_len) ++static int do_sha1_hash(const char *buf, int buflen, unsigned char *md_value, unsigned int *md_len) + { + EVP_MD_CTX *mdctx; + const EVP_MD *md; +@@ -353,7 +353,7 @@ static int do_sha1_hash(const char *buf, int buflen, unsigned char *md_value, in + return 0; + } + +-int sha1sum_file(char *fnam, unsigned char *digest, int *md_len) ++int sha1sum_file(char *fnam, unsigned char *digest, unsigned int *md_len) + { + char *buf; + int ret; +diff --git src/lxc/utils.h src/lxc/utils.h +index dd6404f0b3..c1667e8c4c 100644 +--- src/lxc/utils.h ++++ src/lxc/utils.h +@@ -99,7 +99,7 @@ extern int wait_for_pid(pid_t pid); + extern int lxc_wait_for_pid_status(pid_t pid); + + #if HAVE_OPENSSL +-extern int sha1sum_file(char *fnam, unsigned char *md_value, int *md_len); ++extern int sha1sum_file(char *fnam, unsigned char *md_value, unsigned int *md_len); + #endif + + /* initialize rand with urandom */ diff --git a/srcpkgs/lxc/patches/9c579205669cce54944e2c4f115e69ef18475bbe.patch b/srcpkgs/lxc/patches/9c579205669cce54944e2c4f115e69ef18475bbe.patch new file mode 100644 index 00000000000..df89fbf3747 --- /dev/null +++ b/srcpkgs/lxc/patches/9c579205669cce54944e2c4f115e69ef18475bbe.patch @@ -0,0 +1,30 @@ +From 9c579205669cce54944e2c4f115e69ef18475bbe Mon Sep 17 00:00:00 2001 +From: Tycho Andersen +Date: Tue, 23 Jul 2019 09:40:14 -0600 +Subject: [PATCH] pidfds: don't print a scary warning on ENOSYS + +Most kernels don't have this functionality yet, and so the warning is +printed a lot. Our people are scared of warnings, so let's make it INFO +instead in this case. + +Signed-off-by: Tycho Andersen +--- + src/lxc/start.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git src/lxc/start.c src/lxc/start.c +index e3f32f4cb8..e6544ea19c 100644 +--- src/lxc/start.c ++++ src/lxc/start.c +@@ -1641,7 +1641,10 @@ static int proc_pidfd_open(pid_t pid) + + /* Test whether we can send signals. */ + if (lxc_raw_pidfd_send_signal(proc_pidfd, 0, NULL, 0)) { +- SYSERROR("Failed to send signal through pidfd"); ++ if (errno != ENOSYS) ++ SYSERROR("Failed to send signal through pidfd"); ++ else ++ INFO("Sending signals through pidfds not supported on this kernel"); + return -1; + } + diff --git a/srcpkgs/lxc/patches/cpuset.patch b/srcpkgs/lxc/patches/cpuset.patch new file mode 100644 index 00000000000..eaf923d220e --- /dev/null +++ b/srcpkgs/lxc/patches/cpuset.patch @@ -0,0 +1,33 @@ +From b31d62b847a3ee013613795094cce4acc12345ef Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Sun, 28 Jul 2019 23:13:26 +0200 +Subject: [PATCH] cgroups: initialize cpuset properly + +Closes #3108. +Signed-off-by: Christian Brauner +--- + src/lxc/cgroups/cgfsng.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c +index 7b8fe6736f..c29c0958e9 100644 +--- src/lxc/cgroups/cgfsng.c ++++ src/lxc/cgroups/cgfsng.c +@@ -496,12 +496,12 @@ static bool cg_legacy_filter_and_set_cpus(char *path, bool am_initialized) + } + + if (!flipped_bit) { +- DEBUG("No isolated or offline cpus present in cpuset"); +- return true; ++ cpulist = lxc_cpumask_to_cpulist(possmask, maxposs); ++ TRACE("No isolated or offline cpus present in cpuset"); ++ } else { ++ cpulist = move_ptr(posscpus); ++ TRACE("Removed isolated or offline cpus from cpuset"); + } +- DEBUG("Removed isolated or offline cpus from cpuset"); +- +- cpulist = lxc_cpumask_to_cpulist(possmask, maxposs); + if (!cpulist) { + ERROR("Failed to create cpu list"); + return false; diff --git a/srcpkgs/lxc/patches/e4103cf63f3e24667680544303e7c7230b3d508c.patch b/srcpkgs/lxc/patches/e4103cf63f3e24667680544303e7c7230b3d508c.patch new file mode 100644 index 00000000000..56d4adb0013 --- /dev/null +++ b/srcpkgs/lxc/patches/e4103cf63f3e24667680544303e7c7230b3d508c.patch @@ -0,0 +1,122 @@ +From e4103cf63f3e24667680544303e7c7230b3d508c Mon Sep 17 00:00:00 2001 +From: Thomas Parrott +Date: Fri, 26 Jul 2019 16:14:18 +0100 +Subject: [PATCH] lxccontainer: do_lxcapi_detach_interface to support detaching + wlan devices + +Signed-off-by: Thomas Parrott +--- + src/lxc/attach.c | 2 +- + src/lxc/attach.h | 2 ++ + src/lxc/lxccontainer.c | 23 ++++++++++++++++++++++- + src/lxc/network.c | 4 ++-- + src/lxc/network.h | 4 ++++ + 5 files changed, 31 insertions(+), 4 deletions(-) + +diff --git src/lxc/attach.c src/lxc/attach.c +index 867aa91c0d..f63331edec 100644 +--- src/lxc/attach.c ++++ src/lxc/attach.c +@@ -213,7 +213,7 @@ static int lxc_attach_to_ns(pid_t pid, struct lxc_proc_context_info *ctx) + return 0; + } + +-static int lxc_attach_remount_sys_proc(void) ++int lxc_attach_remount_sys_proc(void) + { + int ret; + +diff --git src/lxc/attach.h src/lxc/attach.h +index c576aa9fca..ce7c461b33 100644 +--- src/lxc/attach.h ++++ src/lxc/attach.h +@@ -45,4 +45,6 @@ extern int lxc_attach(struct lxc_container *container, + lxc_attach_exec_t exec_function, void *exec_payload, + lxc_attach_options_t *options, pid_t *attached_process); + ++extern int lxc_attach_remount_sys_proc(void); ++ + #endif /* __LXC_ATTACH_H */ +diff --git src/lxc/lxccontainer.c src/lxc/lxccontainer.c +index d8efdc41c6..52c38fd330 100644 +--- src/lxc/lxccontainer.c ++++ src/lxc/lxccontainer.c +@@ -4793,6 +4793,7 @@ static bool do_lxcapi_detach_interface(struct lxc_container *c, + { + int ret; + pid_t pid, pid_outside; ++ __do_free char *physname = NULL; + + /* + * TODO - if this is a physical device, then we need am_host_unpriv. +@@ -4828,6 +4829,19 @@ static bool do_lxcapi_detach_interface(struct lxc_container *c, + _exit(EXIT_FAILURE); + } + ++ /* create new mount namespace for use with remounting /sys and is_wlan() below. */ ++ ret = unshare(CLONE_NEWNS); ++ if (ret < 0) { ++ ERROR("Failed to unshare mount namespace"); ++ _exit(EXIT_FAILURE); ++ } ++ ++ /* set / recursively as private so that mount propagation doesn't affect us. */ ++ if (mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, 0) < 0) { ++ ERROR("Failed to recursively set / as private in mount namespace"); ++ _exit(EXIT_FAILURE); ++ } ++ + ret = lxc_netdev_isup(ifname); + if (ret < 0) { + ERROR("Failed to determine whether network device \"%s\" is up", ifname); +@@ -4843,7 +4857,14 @@ static bool do_lxcapi_detach_interface(struct lxc_container *c, + } + } + +- ret = lxc_netdev_move_by_name(ifname, pid_outside, dst_ifname); ++ /* remount /sys so is_wlan() can check if this device is a wlan device. */ ++ lxc_attach_remount_sys_proc(); ++ physname = is_wlan(ifname); ++ if (physname) ++ ret = lxc_netdev_move_wlan(physname, ifname, pid_outside, dst_ifname); ++ else ++ ret = lxc_netdev_move_by_name(ifname, pid_outside, dst_ifname); ++ + /* -EINVAL means there is no netdev named as ifname. */ + if (ret < 0) { + if (ret == -EINVAL) +diff --git src/lxc/network.c src/lxc/network.c +index 7684f95918..65727f6b5a 100644 +--- src/lxc/network.c ++++ src/lxc/network.c +@@ -1172,7 +1172,7 @@ int lxc_netdev_move_by_index(int ifindex, pid_t pid, const char *ifname) + * will be passed to lxc_netdev_move_wlan() which will free it when done. + */ + #define PHYSNAME "/sys/class/net/%s/phy80211/name" +-static char *is_wlan(const char *ifname) ++char *is_wlan(const char *ifname) + { + __do_free char *path = NULL; + int i, ret; +@@ -1245,7 +1245,7 @@ static int lxc_netdev_rename_by_name_in_netns(pid_t pid, const char *old, + _exit(lxc_netdev_rename_by_name(old, new)); + } + +-static int lxc_netdev_move_wlan(char *physname, const char *ifname, pid_t pid, ++int lxc_netdev_move_wlan(char *physname, const char *ifname, pid_t pid, + const char *newname) + { + __do_free char *cmd = NULL; +diff --git src/lxc/network.h src/lxc/network.h +index acfd8a0532..8a86768d9e 100644 +--- src/lxc/network.h ++++ src/lxc/network.h +@@ -293,4 +293,8 @@ extern int lxc_netns_set_nsid(int netns_fd); + extern int lxc_netns_get_nsid(__s32 fd); + extern int lxc_create_network(struct lxc_handler *handler); + ++extern char *is_wlan(const char *ifname); ++extern int lxc_netdev_move_wlan(char *physname, const char *ifname, pid_t pid, ++ const char *newname); ++ + #endif /* __LXC_NETWORK_H */ diff --git a/srcpkgs/lxc/template b/srcpkgs/lxc/template index 5c06f4939fd..39d7b70a924 100644 --- a/srcpkgs/lxc/template +++ b/srcpkgs/lxc/template @@ -3,7 +3,7 @@ _desc="Linux Containers" pkgname=lxc version=3.2.1 -revision=1 +revision=2 build_style=gnu-configure configure_args="--enable-doc --enable-seccomp --enable-capabilities --enable-apparmor --with-distro=none