summaryrefslogtreecommitdiff
path: root/app-emulation/lxc
diff options
context:
space:
mode:
Diffstat (limited to 'app-emulation/lxc')
-rw-r--r--app-emulation/lxc/Manifest4
-rw-r--r--app-emulation/lxc/files/lxc-4.0.9-handle-kernels-with-CAP_SETFCAP.patch93
-rw-r--r--app-emulation/lxc/lxc-4.0.9-r1.ebuild174
3 files changed, 0 insertions, 271 deletions
diff --git a/app-emulation/lxc/Manifest b/app-emulation/lxc/Manifest
index 1d52dcc6c69e..bd8fcd842827 100644
--- a/app-emulation/lxc/Manifest
+++ b/app-emulation/lxc/Manifest
@@ -1,12 +1,8 @@
AUX lxc-2.0.5-omit-sysconfig.patch 259 BLAKE2B 977e151fbb8c9d98e89aaa5ee0426e64ab4286b4440af1582086a0ced8c6568efb470ccf68786da6ea52c82d1f4e81feac45bec411febc04fc31d108f05ccde2 SHA512 0aed9aca687accc6df79e97f48ab333043256e8ae68c8643f2b2452cc8013191238867d64ec71f7d399c59a43d3ba698b35d965090c5cb149b4f41302432e6e7
AUX lxc-3.0.0-bash-completion.patch 915 BLAKE2B 8bb879e391cec349d211b47d321c64ea091c8475ac9a8c4adfb45918c044f6c49d9b9bce546082907d696f697baf0870893c4427abeafa496db89f99190cd091 SHA512 2f3728fcf5e88eecc1ae05bf038ef83baa375194c5bef0d0ef68feaf4d8092cdd8efef6b3c27207c4abd28b085f087af517242c65747b47d0a8fa840f6b9d279
-AUX lxc-4.0.9-handle-kernels-with-CAP_SETFCAP.patch 3529 BLAKE2B 6a9ac29e1c38643383df135981a3893e8bea631af85271499f687614a3c779d5a2adfee7d20ca3eca5358ac8b123ee1c969af9d41b1d5bc85749a91937f1845d SHA512 62640563ec638b9a2c9e66c533a604585d8289b7f71362b70fb1110ec2e840b68758cc217b1953d181cd34e1b8881bb24ff7fca6d2c3145ac2b973d157d1a979
AUX lxc.initd.8 3669 BLAKE2B 50d41e0923ba26b9653ca3b5b559dd0905e61ec81969e709650fe7f1b26a4dcdc17158b7e449d666e2103047d9f196e53df8beca15fffd529fa8e743de97bd82 SHA512 1182b53a65399746f6d6bced0df5c1fde09c1ede4a28bfe95b5ed0bbd969d6f6423f63021d4b6f1dc62c7b2703f6963c03d881291650bdf21cfcf8432586c1b4
AUX lxc_at.service.4.0.0 284 BLAKE2B 1adc76b9861f2499b7b703f7076782a258f9b21a3d1e32b69334f753faca9ecd8c6fb2a03baf04698e765f079e73ee683434d8c7c6d3b3082427a6af74ab33b1 SHA512 4c2f9846ca60bb78df7e652309900c0e788b45d569f268a9e5b98842518542b35fce253e2aedeb0eded3d37274390988ef887b01d1d37859ccddf6225286b4bb
DIST lxc-4.0.10.tar.gz 1515002 BLAKE2B 2a5b94ad767c8a11a5c34d19f12d812bd284337045ad5021c80a5f69be608085ac465edde8c385cc558e45638c9f061793c0c9db616ccbe0614554b4fbf62005 SHA512 ec3ccf344a91b50b30985562c54ad93d2db2d29c24d31da8e3a69e801c8bd23c1560274c1850c39eb7e984940ba86d3ebae75db136320d6bbc5eb03bda4c5318
DIST lxc-4.0.10.tar.gz.asc 833 BLAKE2B 3dd6e8793d1b725ab9eb73d4fa78ce2767bf830fb70d6cc7052e70d2adbc46e4fcf6d986595322b64cb9c71417b801ef6ee3c7612c46dbeb10acba01a5bd69e0 SHA512 dd2d3ac4e066eca4e0358c9a2c371a227d3a0b5cf6e452fe34fa5c8cff46e25fa0555c9f707511a8603348fa969c1e7abf85ad7d27fdcaff613b733066861608
-DIST lxc-4.0.9.tar.gz 1500310 BLAKE2B 3796d36b6f76ec595dc28207e66ec9f5a7c1a39f5c5ebc851638c519be35f59b4ec06a71b2866cd8fef0a6140f61fd4b70c900f5a8ffd42d7da7a30d3ff59975 SHA512 4ef9d9efdd4118fdffde8b49c6ae71cf5eb060be51daaa4f4ceb804c743fbf3278e6518e6a694faefc720f2834f98ac48d67842d589a2120b8f7ec4c3b61fa84
-DIST lxc-4.0.9.tar.gz.asc 833 BLAKE2B 2d275c968831410d987aa7f8062f4e35ba15043f92f38fd3bdd6bf80964906741d05ccd93789132d421ee1c8778cec6a2e76c4f0eb2165cf0107261495fa6856 SHA512 4c90dfbdba90959ee8df5da8ca8b240f65ab03ab91637833c677e2a73592c09f9c5a55b9a261be6efb0888156c916223ff1aa9003b18d46e667908aaa550c944
EBUILD lxc-4.0.10.ebuild 4702 BLAKE2B 7e549ac644545bf600f8af1231a29c99b34d4c72e0b95f5eab3a0739ea2277e978abba2c00a66404e28a6dc4597fd3f6834d1aac8a46caa3d27902af114f9f7b SHA512 17c2d30d229e0c2c2909aeade12c06613c3b22ed291a12abd37d08cfcef22a4ebeac8864eaf76ead5e40d969bd88e468ef7eb7c439a02a63fb4db62982b81ff1
-EBUILD lxc-4.0.9-r1.ebuild 4745 BLAKE2B 24c899647ef171da052c4ba0a6b670896105a882560acdb63b21041ae253d44605cee6c624fd5ef2c65b29d215e6a8c1eb06b2cde4c5f5ba20a1c67e07024264 SHA512 3d58635170c9977b332336abd4efa8bef78263216fe186a29f8d405264421d668d6f2d82bc08d899987a8e42d289d8a7563c26b86d125992f92e33296730dd38
MISC metadata.xml 621 BLAKE2B 0af5fd56a744f9b684e2ad9a62a86f1c21f6c70599ed273062b0ce680e0452c5be34055434d8840f70e40d886abea8dae25a28c925e24b491f7307f792ebdeba SHA512 2155aca1c8020145709646fa8040db9eaa425fcfc430ebe77d1a09bda40b8f9c6b927a26ae3dc875e6022257fd0890bd6d22b5b7f2ba38f74d46daef6e80cd49
diff --git a/app-emulation/lxc/files/lxc-4.0.9-handle-kernels-with-CAP_SETFCAP.patch b/app-emulation/lxc/files/lxc-4.0.9-handle-kernels-with-CAP_SETFCAP.patch
deleted file mode 100644
index 6fba3c4154a4..000000000000
--- a/app-emulation/lxc/files/lxc-4.0.9-handle-kernels-with-CAP_SETFCAP.patch
+++ /dev/null
@@ -1,93 +0,0 @@
-From 91ad9b94bcd964adfbaa8d84d8f39304d39835d0 Mon Sep 17 00:00:00 2001
-From: Christian Brauner <christian.brauner@ubuntu.com>
-Date: Thu, 6 May 2021 18:16:45 +0200
-Subject: [PATCH] conf: handle kernels with CAP_SETFCAP
-
-LXC is being very clever and sometimes maps the caller's uid into the
-child userns. This means that the caller can technically write fscaps
-that are valid in the ancestor userns (which can be a security issue in
-some scenarios) so newer kernels require CAP_SETFCAP to do this. Until
-newuidmap/newgidmap are updated to account for this simply write the
-mapping directly in this case.
-
-Cc: stable-4.0
-Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
----
- src/lxc/conf.c | 25 ++++++++++++++++++++-----
- 1 file changed, 20 insertions(+), 5 deletions(-)
-
-diff --git a/src/lxc/conf.c b/src/lxc/conf.c
-index 72e21b5300..f388946970 100644
---- a/src/lxc/conf.c
-+++ b/src/lxc/conf.c
-@@ -2978,6 +2978,9 @@ static int lxc_map_ids_exec_wrapper(void *args)
- return -1;
- }
-
-+static struct id_map *find_mapped_hostid_entry(const struct lxc_list *idmap,
-+ unsigned id, enum idtype idtype);
-+
- int lxc_map_ids(struct lxc_list *idmap, pid_t pid)
- {
- int fill, left;
-@@ -2991,12 +2994,22 @@ int lxc_map_ids(struct lxc_list *idmap, pid_t pid)
- char mapbuf[STRLITERALLEN("new@idmap") + STRLITERALLEN(" ") +
- INTTYPE_TO_STRLEN(pid_t) + STRLITERALLEN(" ") +
- LXC_IDMAPLEN] = {0};
-- bool had_entry = false, use_shadow = false;
-+ bool had_entry = false, maps_host_root = false, use_shadow = false;
- int hostuid, hostgid;
-
- hostuid = geteuid();
- hostgid = getegid();
-
-+ /*
-+ * Check whether caller wants to map host root.
-+ * Due to a security fix newer kernels require CAP_SETFCAP when mapping
-+ * host root into the child userns as you would be able to write fscaps
-+ * that would be valid in the ancestor userns. Mapping host root should
-+ * rarely be the case but LXC is being clever in a bunch of cases.
-+ */
-+ if (find_mapped_hostid_entry(idmap, 0, ID_TYPE_UID))
-+ maps_host_root = true;
-+
- /* If new{g,u}idmap exists, that is, if shadow is handing out subuid
- * ranges, then insist that root also reserve ranges in subuid. This
- * will protected it by preventing another user from being handed the
-@@ -3014,7 +3027,9 @@ int lxc_map_ids(struct lxc_list *idmap, pid_t pid)
- else if (!gidmap)
- WARN("newgidmap is lacking necessary privileges");
-
-- if (uidmap > 0 && gidmap > 0) {
-+ if (maps_host_root) {
-+ INFO("Caller maps host root. Writing mapping directly");
-+ } else if (uidmap > 0 && gidmap > 0) {
- DEBUG("Functional newuidmap and newgidmap binary found");
- use_shadow = true;
- } else {
-@@ -4229,14 +4244,14 @@ static struct id_map *mapped_nsid_add(const struct lxc_conf *conf, unsigned id,
- return retmap;
- }
-
--static struct id_map *find_mapped_hostid_entry(const struct lxc_conf *conf,
-+static struct id_map *find_mapped_hostid_entry(const struct lxc_list *idmap,
- unsigned id, enum idtype idtype)
- {
- struct id_map *map;
- struct lxc_list *it;
- struct id_map *retmap = NULL;
-
-- lxc_list_for_each (it, &conf->id_map) {
-+ lxc_list_for_each (it, idmap) {
- map = it->elem;
- if (map->idtype != idtype)
- continue;
-@@ -4265,7 +4280,7 @@ static struct id_map *mapped_hostid_add(const struct lxc_conf *conf, uid_t id,
- return NULL;
-
- /* Reuse existing mapping. */
-- tmp = find_mapped_hostid_entry(conf, id, type);
-+ tmp = find_mapped_hostid_entry(&conf->id_map, id, type);
- if (tmp) {
- memcpy(entry, tmp, sizeof(*entry));
- } else {
diff --git a/app-emulation/lxc/lxc-4.0.9-r1.ebuild b/app-emulation/lxc/lxc-4.0.9-r1.ebuild
deleted file mode 100644
index 243fd583e982..000000000000
--- a/app-emulation/lxc/lxc-4.0.9-r1.ebuild
+++ /dev/null
@@ -1,174 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit autotools bash-completion-r1 linux-info flag-o-matic optfeature pam readme.gentoo-r1 systemd verify-sig
-
-DESCRIPTION="A userspace interface for the Linux kernel containment features"
-HOMEPAGE="https://linuxcontainers.org/ https://github.com/lxc/lxc"
-SRC_URI="https://linuxcontainers.org/downloads/lxc/${P}.tar.gz
- verify-sig? ( https://linuxcontainers.org/downloads/lxc/${P}.tar.gz.asc )"
-
-KEYWORDS="amd64 ~arm ~arm64 ~ppc64 x86"
-
-LICENSE="LGPL-3"
-SLOT="0"
-IUSE="apparmor +caps doc man pam selinux +ssl +tools verify-sig"
-
-RDEPEND="acct-group/lxc
- acct-user/lxc
- app-misc/pax-utils
- sys-apps/util-linux
- sys-libs/libcap
- sys-libs/libseccomp
- virtual/awk
- caps? ( sys-libs/libcap )
- pam? ( sys-libs/pam )
- selinux? ( sys-libs/libselinux )
- ssl? (
- dev-libs/openssl:0=
- )"
-DEPEND="${RDEPEND}
- >=sys-kernel/linux-headers-4
- apparmor? ( sys-apps/apparmor )"
-BDEPEND="doc? ( app-doc/doxygen )
- man? ( app-text/docbook-sgml-utils )
- verify-sig? ( app-crypt/openpgp-keys-linuxcontainers )"
-
-CONFIG_CHECK="~!NETPRIO_CGROUP
- ~CGROUPS
- ~CGROUP_CPUACCT
- ~CGROUP_DEVICE
- ~CGROUP_FREEZER
-
- ~CGROUP_SCHED
- ~CPUSETS
- ~IPC_NS
- ~MACVLAN
-
- ~MEMCG
- ~NAMESPACES
- ~NET_NS
- ~PID_NS
-
- ~POSIX_MQUEUE
- ~USER_NS
- ~UTS_NS
- ~VETH"
-
-ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER: needed to freeze containers"
-ERROR_MACVLAN="CONFIG_MACVLAN: needed for internal (inter-container) networking"
-ERROR_MEMCG="CONFIG_MEMCG: needed for memory resource control in containers"
-ERROR_NET_NS="CONFIG_NET_NS: needed for unshared network"
-ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE: needed for lxc-execute command"
-ERROR_UTS_NS="CONFIG_UTS_NS: needed to unshare hostnames and uname info"
-ERROR_VETH="CONFIG_VETH: needed for internal (host-to-container) networking"
-
-DOCS=( AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt )
-
-pkg_setup() {
- linux-info_pkg_setup
-}
-
-PATCHES=(
- "${FILESDIR}"/lxc-4.0.9-handle-kernels-with-CAP_SETFCAP.patch # bug 789012
- "${FILESDIR}"/${PN}-3.0.0-bash-completion.patch
- "${FILESDIR}"/${PN}-2.0.5-omit-sysconfig.patch # bug 558854
-)
-
-VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/linuxcontainers.asc
-
-src_prepare() {
- default
- eautoreconf
-}
-
-src_configure() {
- append-flags -fno-strict-aliasing
-
- local myeconfargs=(
- --bindir=/usr/bin
- --localstatedir=/var
- --sbindir=/usr/bin
-
- --with-config-path=/var/lib/lxc
- --with-distro=gentoo
- --with-init-script=systemd
- --with-rootfs-path=/var/lib/lxc/rootfs
- --with-runtime-path=/run
- --with-systemdsystemunitdir=$(systemd_get_systemunitdir)
-
- --disable-coverity-build
- --disable-dlog
- --disable-fuzzers
- --disable-mutex-debugging
- --disable-no-undefined
- --disable-rpath
- --disable-sanitizers
- --disable-tests
- --disable-werror
-
- --enable-bash
- --enable-commands
- --enable-memfd-rexec
- --enable-seccomp
- --enable-thread-safety
-
- $(use_enable apparmor)
- $(use_enable caps capabilities)
- $(use_enable doc api-docs)
- $(use_enable doc examples)
- $(use_enable man doc)
- $(use_enable pam)
- $(use_enable selinux)
- $(use_enable ssl openssl)
- $(use_enable tools)
-
- $(use_with pam pamdir $(getpam_mod_dir))
- )
-
- econf "${myeconfargs[@]}"
-}
-
-src_install() {
- default
-
- mv "${ED}"/usr/share/bash-completion/completions/${PN} "${ED}"/$(get_bashcompdir)/${PN}-start || die
- bashcomp_alias ${PN}-start \
- ${PN}-{attach,cgroup,copy,console,create,destroy,device,execute,freeze,info,monitor,snapshot,stop,unfreeze,wait}
-
- keepdir /etc/lxc /var/lib/lxc/rootfs /var/log/lxc
- rmdir "${D}"/var/cache/lxc "${D}"/var/cache || die "rmdir failed"
-
- find "${D}" -name '*.la' -delete -o -name '*.a' -delete || die
-
- # Gentoo-specific additions!
- newinitd "${FILESDIR}/${PN}.initd.8" ${PN}
-
- # Remember to compare our systemd unit file with the upstream one
- # config/init/systemd/lxc.service.in
- systemd_newunit "${FILESDIR}"/${PN}_at.service.4.0.0 "lxc@.service"
-
- DOC_CONTENTS="
- For openrc, there is an init script provided with the package.
- You should only need to symlink /etc/init.d/lxc to
- /etc/init.d/lxc.configname to start the container defined in
- /etc/lxc/configname.conf.
-
- Correspondingly, for systemd a service file lxc@.service is installed.
- Enable and start lxc@configname in order to start the container defined
- in /etc/lxc/configname.conf."
- DISABLE_AUTOFORMATTING=true
- readme.gentoo_create_doc
-}
-
-pkg_postinst() {
- readme.gentoo_print_elog
-
- elog "Please run 'lxc-checkconfig' to see optional kernel features."
- elog
- optfeature "automatic template scripts" app-emulation/lxc-templates
- optfeature "Debian-based distribution container image support" dev-util/debootstrap
- optfeature "snapshot & restore functionality" sys-process/criu
-}
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-29 18:47:28 +0000