lxc: update to 2.0.0

2.0.0 is released, and contains many of the patches we've been carrying for
1.x.

With this updated, we drop upstream backports (and submitted patches), and
refresh on patch. Otherwise, everything is the same.

Sanity tested on x86-64.

Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>

14 files changed, 8 insertions, 922 deletions

diff --git a/recipes-containers/lxc/files/add-lxc.rebootsignal.patch b/recipes-containers/lxc/files/add-lxc.rebootsignal.patch
deleted file mode 100644
index e54d188f..00000000
--- a/recipes-containers/lxc/files/add-lxc.rebootsignal.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-From dd267776ee265737520c2c661a51c2d29cf43cb0 Mon Sep 17 00:00:00 2001
-From: Bogdan Purcareata <bogdan.purcareata@freescale.com>
-Date: Mon, 16 Feb 2015 09:38:34 +0000
-Subject: [PATCH 10/12] add lxc.rebootsignal
-
-Following the model of f0f1d8c076ae93d8ecf735c2eeae471e27ca6abd, add a reboot
-signal for special init processes that work on something other than SIGINT.
-
-Upstream-Status: Accepted
-[https://github.com/lxc/lxc/commit/dd267776ee265737520c2c661a51c2d29cf43cb0]
-
-Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
-Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
----
- src/lxc/conf.h         |  1 +
- src/lxc/confile.c      | 14 ++++++++++++++
- src/lxc/lxccontainer.c |  5 ++++-
- 3 files changed, 19 insertions(+), 1 deletion(-)
-
-diff --git a/src/lxc/conf.h b/src/lxc/conf.h
-index afa5517..334ea70 100644
---- a/src/lxc/conf.h
-+++ b/src/lxc/conf.h
-@@ -323,6 +323,7 @@ struct lxc_conf {
-        int maincmd_fd;
-        int autodev;  // if 1, mount and fill a /dev at start
-        int haltsignal; // signal used to halt container
-+       int rebootsignal; // signal used to reboot container
-        int stopsignal; // signal used to hard stop container
-        int kmsg;  // if 1, create /dev/kmsg symlink
-        char *rcfile;   // Copy of the top level rcfile we read
-diff --git a/src/lxc/confile.c b/src/lxc/confile.c
-index 8544ac9..42d42e5 100644
---- a/src/lxc/confile.c
-+++ b/src/lxc/confile.c
-@@ -98,6 +98,7 @@ static int config_includefile(const char *, const char *, struct lxc_conf *);
- static int config_network_nic(const char *, const char *, struct lxc_conf *);
- static int config_autodev(const char *, const char *, struct lxc_conf *);
- static int config_haltsignal(const char *, const char *, struct lxc_conf *);
-+static int config_rebootsignal(const char *, const char *, struct lxc_conf *);
- static int config_stopsignal(const char *, const char *, struct lxc_conf *);
- static int config_start(const char *, const char *, struct lxc_conf *);
- static int config_group(const char *, const char *, struct lxc_conf *);
-@@ -158,6 +159,7 @@ static struct lxc_config_t config[] = {
-        { "lxc.include",              config_includefile          },
-        { "lxc.autodev",              config_autodev              },
-        { "lxc.haltsignal",           config_haltsignal           },
-+       { "lxc.rebootsignal",         config_rebootsignal         },
-        { "lxc.stopsignal",           config_stopsignal           },
-        { "lxc.start.auto",           config_start                },
-        { "lxc.start.delay",          config_start                },
-@@ -1268,6 +1270,18 @@ static int config_haltsignal(const char *key, const char *value,
-        return 0;
- }
- 
-+static int config_rebootsignal(const char *key, const char *value,
-+                            struct lxc_conf *lxc_conf)
-+{
-+       int sig_n = sig_parse(value);
-+
-+       if (sig_n < 0)
-+               return -1;
-+       lxc_conf->rebootsignal = sig_n;
-+
-+       return 0;
-+}
-+
- static int config_stopsignal(const char *key, const char *value,
-                          struct lxc_conf *lxc_conf)
- {
-diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
-index e02ee93..4422f4a 100644
---- a/src/lxc/lxccontainer.c
-+++ b/src/lxc/lxccontainer.c
-@@ -1363,6 +1363,7 @@ free_tpath:
- static bool lxcapi_reboot(struct lxc_container *c)
- {
-        pid_t pid;
-+       int rebootsignal = SIGINT;
- 
-        if (!c)
-                return false;
-@@ -1371,7 +1372,9 @@ static bool lxcapi_reboot(struct lxc_container *c)
-        pid = c->init_pid(c);
-        if (pid <= 0)
-                return false;
--       if (kill(pid, SIGINT) < 0)
-+       if (c->lxc_conf && c->lxc_conf->rebootsignal)
-+               rebootsignal = c->lxc_conf->rebootsignal;
-+       if (kill(pid, rebootsignal) < 0)
-                return false;
-        return true;
- 
--- 
-2.1.4
-
diff --git a/recipes-containers/lxc/files/document-lxc.rebootsignal.patch b/recipes-containers/lxc/files/document-lxc.rebootsignal.patch
deleted file mode 100644
index d1cce40f..00000000
--- a/recipes-containers/lxc/files/document-lxc.rebootsignal.patch
+++ /dev/null
@@ -1,140 +0,0 @@
-From baefc2176780b5e4527c1f86206c0ea72d80c8f5 Mon Sep 17 00:00:00 2001
-From: Bogdan Purcareata <bogdan.purcareata@freescale.com>
-Date: Tue, 10 Mar 2015 10:06:58 +0000
-Subject: [PATCH] document lxc.rebootsignal
-
-Also fix some minor indentation mishaps since we're here.
-
-Upstrem-Status: Backport [from LXC 1.1]
-[https://github.com/lxc/lxc/commit/936762f3fb6cf10e0756719f03aebe052d5c31a8]
-
-Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
-Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
----
- doc/lxc-stop.sgml.in           |  4 +-
- doc/lxc.container.conf.sgml.in | 86 ++++++++++++++++++++++++++----------------
- 2 files changed, 57 insertions(+), 33 deletions(-)
-
-diff --git a/doc/lxc-stop.sgml.in b/doc/lxc-stop.sgml.in
-index bc5e6a8..3c69fed 100644
---- a/doc/lxc-stop.sgml.in
-+++ b/doc/lxc-stop.sgml.in
-@@ -70,7 +70,9 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-       the container's init process, waiting up to 60 seconds for the container
-       to exit, and then returning. If the container fails to cleanly exit in
-       60 seconds, it will be sent the <command>lxc.stopsignal</command>
--      (defaults to SIGKILL) to force it to shut down.
-+      (defaults to SIGKILL) to force it to shut down. A request to reboot will
-+      send the <command>lxc.rebootsignal</command> (defaults to SIGINT) to the
-+      container's init process.
-     </para>
-        <para>
-        The <optional>-W</optional>, <optional>-r</optional>,
-diff --git a/doc/lxc.container.conf.sgml.in b/doc/lxc.container.conf.sgml.in
-index e98496d..1962528 100644
---- a/doc/lxc.container.conf.sgml.in
-+++ b/doc/lxc.container.conf.sgml.in
-@@ -158,46 +158,68 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-     <refsect2>
-       <title>Halt signal</title>
-       <para>
--    Allows one to specify signal name or number, sent by lxc-stop to the
--    container's init process to cleanly shutdown the container. Different
--    init systems could use different signals to perform clean shutdown
--    sequence. This option allows the signal to be specified in kill(1)
--    fashion, e.g. SIGPWR, SIGRTMIN+14, SIGRTMAX-10 or plain number. The
--    default signal is SIGPWR.
-+        Allows one to specify signal name or number, sent by lxc-stop to the
-+        container's init process to cleanly shutdown the container. Different
-+        init systems could use different signals to perform clean shutdown
-+        sequence. This option allows the signal to be specified in kill(1)
-+        fashion, e.g. SIGPWR, SIGRTMIN+14, SIGRTMAX-10 or plain number. The
-+        default signal is SIGPWR.
-       </para>
-       <variablelist>
--    <varlistentry>
--      <term>
--        <option>lxc.haltsignal</option>
--      </term>
--      <listitem>
--        <para>
--          specify the signal used to halt the container
--        </para>
--      </listitem>
--    </varlistentry>
-+        <varlistentry>
-+          <term>
-+            <option>lxc.haltsignal</option>
-+          </term>
-+          <listitem>
-+            <para>
-+              specify the signal used to halt the container
-+            </para>
-+          </listitem>
-+        </varlistentry>
-+      </variablelist>
-+    </refsect2>
-+
-+    <refsect2>
-+      <title>Reboot signal</title>
-+      <para>
-+        Allows one to specify signal name or number, sent by lxc-stop to
-+        reboot the container. This option allows signal to be specified in
-+        kill(1) fashion, e.g. SIGTERM, SIGRTMIN+14, SIGRTMAX-10 or plain number.
-+        The default signal is SIGINT.
-+          </para>
-+          <variablelist>
-+        <varlistentry>
-+          <term>
-+            <option>lxc.rebootsignal</option>
-+          </term>
-+          <listitem>
-+            <para>
-+              specify the signal used to reboot the container
-+            </para>
-+          </listitem>
-+        </varlistentry>
-       </variablelist>
-     </refsect2>
- 
-     <refsect2>
-       <title>Stop signal</title>
-       <para>
--    Allows one to specify signal name or number, sent by lxc-stop to forcibly
--    shutdown the container. This option allows signal to be specified in
--    kill(1) fashion, e.g. SIGKILL, SIGRTMIN+14, SIGRTMAX-10 or plain number.
--    The default signal is SIGKILL.
--      </para>
--      <variablelist>
--    <varlistentry>
--      <term>
--        <option>lxc.stopsignal</option>
--      </term>
--      <listitem>
--        <para>
--          specify the signal used to stop the container
--        </para>
--      </listitem>
--    </varlistentry>
-+        Allows one to specify signal name or number, sent by lxc-stop to forcibly
-+        shutdown the container. This option allows signal to be specified in
-+        kill(1) fashion, e.g. SIGKILL, SIGRTMIN+14, SIGRTMAX-10 or plain number.
-+        The default signal is SIGKILL.
-+          </para>
-+          <variablelist>
-+        <varlistentry>
-+          <term>
-+            <option>lxc.stopsignal</option>
-+          </term>
-+          <listitem>
-+            <para>
-+              specify the signal used to stop the container
-+            </para>
-+          </listitem>
-+        </varlistentry>
-       </variablelist>
-     </refsect2>
- 
--- 
-2.1.4
-
diff --git a/recipes-containers/lxc/files/lxc-busybox-Remove-warning-for-dynamically-linked-Bu.patch b/recipes-containers/lxc/files/lxc-busybox-Remove-warning-for-dynamically-linked-Bu.patch
deleted file mode 100644
index c0a810b1..00000000
--- a/recipes-containers/lxc/files/lxc-busybox-Remove-warning-for-dynamically-linked-Bu.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 07e4c41f2963d73b9aedd552c74f17a33e89f020 Mon Sep 17 00:00:00 2001
-From: Bogdan Purcareata <bogdan.purcareata@nxp.com>
-Date: Thu, 24 Mar 2016 11:54:27 +0000
-Subject: [PATCH] lxc-busybox: Remove warning for dynamically linked Busybox
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The warning has been present since commit 32b37181ea (with no purpose stated).
-Support for dynamically linked Busybox has been added since commit bf6cc73696.
-Haven't encountered any issues with dynamically linked Busybox in my last
-2 years' testing.
-
-Upstream-status: Accepted
-[https://github.com/lxc/lxc/commit/07e4c41f2963d73b9aedd552c74f17a33e89f020]
-
-Signed-off-by: Bogdan Purcareata <bogdan.purcareata@nxp.com>
-Acked-by: Stéphane Graber <stgraber@ubuntu.com>
----
- templates/lxc-busybox.in | 7 -------
- 1 file changed, 7 deletions(-)
-
-diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in
-index f547f9e..336fa12 100644
---- a/templates/lxc-busybox.in
-+++ b/templates/lxc-busybox.in
-@@ -304,13 +304,6 @@ configure_busybox()
-         return 1
-     fi
- 
--    file -L $(which busybox) | grep -q "statically linked"
--    if [ $? -ne 0 ]; then
--        echo "warning : busybox is not statically linked."
--        echo "warning : The template script may not correctly"
--        echo "warning : setup the container environment."
--    fi
--
-     # copy busybox in the rootfs
-     cp $(which busybox) $rootfs/bin
-     if [ $? -ne 0 ]; then
--- 
-1.9.1
-
diff --git a/recipes-containers/lxc/files/lxc-busybox-Touch-etc-fstab-in-the-container-rootfs.patch b/recipes-containers/lxc/files/lxc-busybox-Touch-etc-fstab-in-the-container-rootfs.patch
deleted file mode 100644
index 33862ddc..00000000
--- a/recipes-containers/lxc/files/lxc-busybox-Touch-etc-fstab-in-the-container-rootfs.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 6ab1ca0375feeb00070f0c0f9186551b08b1ee5e Mon Sep 17 00:00:00 2001
-From: Bogdan Purcareata <bogdan.purcareata@nxp.com>
-Date: Tue, 22 Mar 2016 13:33:57 +0000
-Subject: [PATCH] lxc-busybox: Touch /etc/fstab in the container rootfs
-
-Upstream-status: Accepted
-[https://github.com/lxc/lxc/commit/6ab1ca0375feeb00070f0c0f9186551b08b1ee5e]
-
-Signed-off-by: Bogdan Purcareata <bogdan.purcareata@nxp.com>
----
- templates/lxc-busybox.in | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in
-index c020e66..f547f9e 100644
---- a/templates/lxc-busybox.in
-+++ b/templates/lxc-busybox.in
-@@ -330,6 +330,9 @@ configure_busybox()
-     # relink /sbin/init
-     ln $rootfs/bin/busybox $rootfs/sbin/init
- 
-+    # /etc/fstab must exist for "mount -a"
-+    touch $rootfs/etc/fstab
-+
-     # passwd exec must be setuid
-     chmod +s $rootfs/bin/passwd
-     touch $rootfs/etc/shadow
--- 
-1.9.1
-
diff --git a/recipes-containers/lxc/files/lxc-busybox-add-OpenSSH-support.patch b/recipes-containers/lxc/files/lxc-busybox-add-OpenSSH-support.patch
deleted file mode 100644
index f2f332cb..00000000
--- a/recipes-containers/lxc/files/lxc-busybox-add-OpenSSH-support.patch
+++ /dev/null
@@ -1,246 +0,0 @@
-From ed52814c776963efdcc9dcda1ec26fc09930ef93 Mon Sep 17 00:00:00 2001
-From: Bogdan Purcareata <bogdan.purcareata@freescale.com>
-Date: Wed, 22 Apr 2015 14:53:32 +0000
-Subject: [PATCH] lxc-busybox: add OpenSSH support
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Add an additional template parameter for SSH support in the container. Currently
-this can be implemented using the Dropbear or OpenSSH utility. The respective
-tool needs to be available on the host Linux.
-
-If the parameter is omitted, the template will look for the Dropbear utility on
-the host and install it if it is available (legacy behavior).
-
-Adding OpenSSH support has been done following the model in the lxc-sshd
-template.
-
-Upstream-status: Accepted
-[https://github.com/lxc/lxc/commit/ed52814c776963efdcc9dcda1ec26fc09930ef93]
-
-Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
-Acked-by: Stéphane Graber <stgraber@ubuntu.com>
----
- templates/lxc-busybox.in | 169 ++++++++++++++++++++++++++++++++++++++---------
- 1 file changed, 139 insertions(+), 30 deletions(-)
-
-diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in
-index 7e05bd6..95961a3 100644
---- a/templates/lxc-busybox.in
-+++ b/templates/lxc-busybox.in
-@@ -22,6 +22,7 @@
- 
- LXC_MAPPED_UID=
- LXC_MAPPED_GID=
-+SSH=
- 
- # Make sure the usual locations are in PATH
- export PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin
-@@ -160,6 +161,116 @@ EOF
-     return $res
- }
- 
-+install_dropbear()
-+{
-+    # copy dropbear binary
-+    cp $(which dropbear) $rootfs/usr/sbin
-+    if [ $? -ne 0 ]; then
-+        echo "Failed to copy dropbear in the rootfs"
-+        return 1
-+    fi
-+
-+    # make symlinks to various ssh utilities
-+    utils="\
-+        $rootfs/usr/bin/dbclient \
-+        $rootfs/usr/bin/scp \
-+        $rootfs/usr/bin/ssh \
-+        $rootfs/usr/sbin/dropbearkey \
-+        $rootfs/usr/sbin/dropbearconvert \
-+    "
-+    echo $utils | xargs -n1 ln -s /usr/sbin/dropbear
-+
-+    # add necessary config files
-+    mkdir $rootfs/etc/dropbear
-+    dropbearkey -t rsa -f $rootfs/etc/dropbear/dropbear_rsa_host_key > /dev/null 2>&1
-+    dropbearkey -t dss -f $rootfs/etc/dropbear/dropbear_dss_host_key > /dev/null 2>&1
-+
-+    echo "'dropbear' ssh utility installed"
-+
-+    return 0
-+}
-+
-+install_openssh()
-+{
-+    # tools to be installed
-+    server_utils="sshd"
-+    client_utils="\
-+        ssh \
-+        scp \
-+        sftp \
-+        ssh-add \
-+        ssh-agent \
-+        ssh-keygen \
-+        ssh-keyscan \
-+        ssh-argv0 \
-+        ssh-copy-id \
-+        "
-+
-+    # new folders used by ssh
-+    ssh_tree="\
-+$rootfs/etc/ssh \
-+$rootfs/var/empty/sshd \
-+$rootfs/var/lib/empty/sshd \
-+$rootfs/var/run/sshd \
-+"
-+
-+    # create folder structure
-+    mkdir -p $ssh_tree
-+    if [ $? -ne 0 ]; then
-+        return 1
-+    fi
-+
-+    # copy binaries
-+    for bin in $server_utils $client_utils; do
-+        tool_path=`which $bin`
-+        cp $tool_path $rootfs/$tool_path
-+        if [ $? -ne 0 ]; then
-+            echo "Unable to copy $tool_path in the rootfs"
-+            return 1
-+        fi
-+    done
-+
-+    # add user and group
-+    cat <<EOF >> $rootfs/etc/passwd
-+sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
-+EOF
-+
-+    cat <<EOF >> $rootfs/etc/group
-+sshd:x:74:
-+EOF
-+
-+    # generate container keys
-+    ssh-keygen -t rsa -N "" -f $rootfs/etc/ssh/ssh_host_rsa_key >/dev/null 2>&1
-+    ssh-keygen -t dsa -N "" -f $rootfs/etc/ssh/ssh_host_dsa_key >/dev/null 2>&1
-+
-+    # by default setup root password with no password
-+    cat <<EOF > $rootfs/etc/ssh/sshd_config
-+Port 22
-+Protocol 2
-+HostKey /etc/ssh/ssh_host_rsa_key
-+HostKey /etc/ssh/ssh_host_dsa_key
-+UsePrivilegeSeparation yes
-+KeyRegenerationInterval 3600
-+ServerKeyBits 768
-+SyslogFacility AUTH
-+LogLevel INFO
-+LoginGraceTime 120
-+PermitRootLogin yes
-+StrictModes yes
-+RSAAuthentication yes
-+PubkeyAuthentication yes
-+IgnoreRhosts yes
-+RhostsRSAAuthentication no
-+HostbasedAuthentication no
-+PermitEmptyPasswords yes
-+ChallengeResponseAuthentication no
-+EOF
-+
-+    echo "'OpenSSH' utility installed"
-+
-+    return 0
-+}
-+
- configure_busybox()
- {
-     rootfs=$1
-@@ -230,34 +341,6 @@ EOF
-     lxc-unshare -s MOUNT -- /bin/sh < $CHPASSWD_FILE
-     rm $CHPASSWD_FILE
- 
--    # add ssh functionality if dropbear package available on host
--    which dropbear >/dev/null 2>&1
--    if [ $? -eq 0 ]; then
--        # copy dropbear binary
--        cp $(which dropbear) $rootfs/usr/sbin
--        if [ $? -ne 0 ]; then
--            echo "Failed to copy dropbear in the rootfs"
--            return 1
--        fi
--
--        # make symlinks to various ssh utilities
--        utils="\
--            $rootfs/usr/bin/dbclient \
--            $rootfs/usr/bin/scp \
--            $rootfs/usr/bin/ssh \
--            $rootfs/usr/sbin/dropbearkey \
--            $rootfs/usr/sbin/dropbearconvert \
--        "
--        echo $utils | xargs -n1 ln -s /usr/sbin/dropbear
--
--        # add necessary config files
--        mkdir $rootfs/etc/dropbear
--        dropbearkey -t rsa -f $rootfs/etc/dropbear/dropbear_rsa_host_key > /dev/null 2>&1
--        dropbearkey -t dss -f $rootfs/etc/dropbear/dropbear_dss_host_key > /dev/null 2>&1
--
--        echo "'dropbear' ssh utility installed"
--    fi
--
-     return 0
- }
- 
-@@ -315,12 +398,12 @@ remap_userns()
- usage()
- {
-     cat <<EOF
--$1 -h|--help -p|--path=<path>
-+$1 -h|--help -p|--path=<path> -s|--ssh={dropbear,openssh}
- EOF
-     return 0
- }
- 
--options=$(getopt -o hp:n: -l help,rootfs:,path:,name:,mapped-uid:,mapped-gid: -- "$@")
-+options=$(getopt -o hp:n:s: -l help,rootfs:,path:,name:,mapped-uid:,mapped-gid:,ssh: -- "$@")
- if [ $? -ne 0 ]; then
-     usage $(basename $0)
-     exit 1
-@@ -336,6 +419,7 @@ do
-         -n|--name)      name=$2; shift 2;;
-         --mapped-uid)   LXC_MAPPED_UID=$2; shift 2;;
-         --mapped-gid)   LXC_MAPPED_GID=$2; shift 2;;
-+        -s|--ssh)       SSH=$2; shift 2;;
-         --)             shift 1; break ;;
-         *)              break ;;
-     esac
-@@ -384,3 +468,28 @@ if [ $? -ne 0 ]; then
-     echo "failed to remap files to user"
-     exit 1
- fi
-+
-+if [ -n "$SSH" ]; then
-+    case "$SSH" in
-+        "dropbear")
-+            install_dropbear
-+            if [ $? -ne 0 ]; then
-+                echo "Unable to install 'dropbear' ssh utility"
-+                exit 1
-+            fi ;;
-+        "openssh")
-+            install_openssh
-+            if [ $? -ne 0 ]; then
-+                echo "Unable to install 'OpenSSH' utility"
-+                exit 1
-+            fi ;;
-+        *)
-+            echo "$SSH: unrecognized ssh utility"
-+            exit 1
-+    esac
-+else
-+    which dropbear >/dev/null 2>&1
-+    if [ $? -eq 0 ]; then
-+        install_dropbear
-+    fi
-+fi
--- 
-2.1.4
-
diff --git a/recipes-containers/lxc/files/lxc-busybox-use-lxc.rebootsignal-SIGTERM.patch b/recipes-containers/lxc/files/lxc-busybox-use-lxc.rebootsignal-SIGTERM.patch
deleted file mode 100644
index 2f4513ee..00000000
--- a/recipes-containers/lxc/files/lxc-busybox-use-lxc.rebootsignal-SIGTERM.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 22fb28a946397ec19b247efe170c15b263bf89af Mon Sep 17 00:00:00 2001
-From: Bogdan Purcareata <bogdan.purcareata@freescale.com>
-Date: Mon, 16 Feb 2015 09:38:36 +0000
-Subject: [PATCH 12/12] lxc-busybox: use lxc.rebootsignal = SIGTERM
-
-Otherwise lxc-stop -r has no effect on the container.
-
-Upstream-Status: Accepted
-[https://github.com/lxc/lxc/commit/22fb28a946397ec19b247efe170c15b263bf89af]
-
-Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
-Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
----
- templates/lxc-busybox.in | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in
-index 72531d6..7e05bd6 100644
---- a/templates/lxc-busybox.in
-+++ b/templates/lxc-busybox.in
-@@ -270,6 +270,7 @@ copy_configuration()
- grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config
- cat <<EOF >> $path/config
- lxc.haltsignal = SIGUSR1
-+lxc.rebootsignal = SIGTERM
- lxc.utsname = $name
- lxc.tty = 1
- lxc.pts = 1
--- 
-2.1.4
-
diff --git a/recipes-containers/lxc/files/lxc-fix-B-S.patch b/recipes-containers/lxc/files/lxc-fix-B-S.patch
index 3822655e..a776b4f8 100644
--- a/recipes-containers/lxc/files/lxc-fix-B-S.patch
+++ b/recipes-containers/lxc/files/lxc-fix-B-S.patch
@@ -1,16 +1,15 @@
-Index: lxc-1.0.7/config/init/upstart/Makefile.am
+Index: lxc-2.0.0/config/init/upstart/Makefile.am
 ===================================================================
---- lxc-1.0.7.orig/config/init/upstart/Makefile.am
-+++ lxc-1.0.7/config/init/upstart/Makefile.am
-@@ -3,9 +3,9 @@ EXTRA_DIST = lxc.conf lxc-instance.conf
+--- lxc-2.0.0.orig/config/init/upstart/Makefile.am
++++ lxc-2.0.0/config/init/upstart/Makefile.am
+@@ -3,9 +3,9 @@
  if INIT_SCRIPT_UPSTART
  install-upstart: lxc.conf lxc-instance.conf lxc-net.conf
         $(MKDIR_P) $(DESTDIR)$(sysconfdir)/init/
 -       $(INSTALL_DATA) lxc.conf $(DESTDIR)$(sysconfdir)/init/
--       $(INSTALL_DATA) lxc-instance.conf $(DESTDIR)$(sysconfdir)/init/
--       $(INSTALL_DATA) lxc-net.conf $(DESTDIR)$(sysconfdir)/init/
 +       $(INSTALL_DATA) $(srcdir)/lxc.conf $(DESTDIR)$(sysconfdir)/init/
-+       $(INSTALL_DATA) $(srcdir)/lxc-instance.conf $(DESTDIR)$(sysconfdir)/init/
+        $(INSTALL_DATA) $(srcdir)/lxc-instance.conf $(DESTDIR)$(sysconfdir)/init/
+-       $(INSTALL_DATA) lxc-net.conf $(DESTDIR)$(sysconfdir)/init/
 +       $(INSTALL_DATA) $(srcdir)/lxc-net.conf $(DESTDIR)$(sysconfdir)/init/
  
  uninstall-upstart:
diff --git a/recipes-containers/lxc/files/lxc-let-lxc-start-support-wlan-phys.patch b/recipes-containers/lxc/files/lxc-let-lxc-start-support-wlan-phys.patch
deleted file mode 100644
index 9146fd07..00000000
--- a/recipes-containers/lxc/files/lxc-let-lxc-start-support-wlan-phys.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From 4acc7a24e098445de502a6f59a8b3dff2cd8536d Mon Sep 17 00:00:00 2001
-From: fli <fupan.li@windriver.com>
-Date: Thu, 21 Apr 2016 19:07:10 -0700
-Subject: [PATCH] lxc: let lxc-start support wlan phys
-
-The commit: e5848d395cb <netdev_move_by_index: support wlan> only
-made netdev_move_by_name support wlan, instead of netdev_move_by_index.
-
-Given netdev_move_by_name is a wrapper of netdev_move_by_index, so here
-replacing all of the call to lxc_netdev_move_by_index with lxc_netdev_move_by_name
-to let lxc-start support wlan phys.
-
-Signed-off-by: fli <fupan.li@windriver.com>
----
- src/lxc/conf.c | 20 ++++++++++++++++----
- 1 file changed, 16 insertions(+), 4 deletions(-)
-
-diff --git a/src/lxc/conf.c b/src/lxc/conf.c
-index 034bdff..bcba0f1 100644
---- a/src/lxc/conf.c
-+++ b/src/lxc/conf.c
-@@ -2623,6 +2623,7 @@ void restore_phys_nics_to_netns(int netnsfd, struct lxc_conf *conf)
- {
-        int i, ret, oldfd;
-        char path[MAXPATHLEN];
-+       char ifname[IFNAMSIZ]; 
- 
-        if (netnsfd < 0)
-                return;
-@@ -2643,9 +2644,13 @@ void restore_phys_nics_to_netns(int netnsfd, struct lxc_conf *conf)
-        }
-        for (i=0; i<conf->num_savednics; i++) {
-                struct saved_nic *s = &conf->saved_nics[i];
--               if (lxc_netdev_move_by_index(s->ifindex, 1, NULL))
--                       WARN("Error moving nic index:%d back to host netns",
--                                       s->ifindex);
-+               /* retrieve the name of the interface */
-+               if (!if_indextoname(s->ifindex, ifname)) {
-+                       WARN("no interface corresponding to index '%d'", s->ifindex);
-+                       continue;
-+               }
-+               if (lxc_netdev_move_by_name(ifname, 1, NULL))
-+                       WARN("Error moving nic name:%s back to host netns", ifname);
-        }
-        if (setns(oldfd, 0) != 0)
-                SYSERROR("Failed to re-enter monitor's netns");
-@@ -3208,6 +3213,7 @@ int lxc_assign_network(struct lxc_list *network, pid_t pid)
- {
-        struct lxc_list *iterator;
-        struct lxc_netdev *netdev;
-+       char ifname[IFNAMSIZ];
-        int am_root = (getuid() == 0);
-        int err;
- 
-@@ -3228,7 +3234,13 @@ int lxc_assign_network(struct lxc_list *network, pid_t pid)
-                if (!netdev->ifindex)
-                        continue;
- 
--               err = lxc_netdev_move_by_index(netdev->ifindex, pid, NULL);
-+               /* retrieve the name of the interface */
-+               if (!if_indextoname(netdev->ifindex, ifname)) {
-+                       ERROR("no interface corresponding to index '%d'", netdev->ifindex);
-+                       return -1;
-+               }
-+
-+               err = lxc_netdev_move_by_name(ifname, pid, NULL);
-                if (err) {
-                        ERROR("failed to move '%s' to the container : %s",
-                              netdev->link, strerror(-err));
--- 
-2.7.4
-
diff --git a/recipes-containers/lxc/files/lxc_setup_fs-Create-dev-shm-folder-if-it-doesn-t-exi.patch b/recipes-containers/lxc/files/lxc_setup_fs-Create-dev-shm-folder-if-it-doesn-t-exi.patch
deleted file mode 100644
index 751a7ac6..00000000
--- a/recipes-containers/lxc/files/lxc_setup_fs-Create-dev-shm-folder-if-it-doesn-t-exi.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 81e3c9cf8b2f230d761738da28e9dc69fb90ec46 Mon Sep 17 00:00:00 2001
-From: Bogdan Purcareata <bogdan.purcareata@nxp.com>
-Date: Fri, 8 Jan 2016 15:38:44 +0000
-Subject: [PATCH] lxc_setup_fs: Create /dev/shm folder if it doesn't exist
-
-When running application containers with lxc-execute, /dev is
-populated only with device entries. Since /dev is a tmpfs mount in
-the container environment, the /dev/shm folder not being present is not
-a sufficient reason for the /dev/shm mount to fail.
-
-Create the /dev/shm directory if not present.
-
-Upstream-status: Accepted
-[https://github.com/lxc/lxc/commit/81e3c9cf8b2f230d761738da28e9dc69fb90ec46]
-
-Signed-off-by: Bogdan Purcareata <bogdan.purcareata@nxp.com>
-Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
----
- src/lxc/initutils.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/lxc/initutils.c b/src/lxc/initutils.c
-index 45df60f..8d9016c 100644
---- a/src/lxc/initutils.c
-+++ b/src/lxc/initutils.c
-@@ -47,6 +47,10 @@ extern void lxc_setup_fs(void)
-        if (mount_fs("proc", "/proc", "proc"))
-                INFO("failed to remount proc");
- 
-+       /* if /dev has been populated by us, /dev/shm does not exist */
-+       if (access("/dev/shm", F_OK) && mkdir("/dev/shm", 0777))
-+               INFO("failed to create /dev/shm");
-+
-        /* if we can't mount /dev/shm, continue anyway */
-        if (mount_fs("shmfs", "/dev/shm", "tmpfs"))
-                INFO("failed to mount /dev/shm");
--- 
-1.9.1
-
diff --git a/recipes-containers/lxc/files/make-some-OpenSSH-tools-optional.patch b/recipes-containers/lxc/files/make-some-OpenSSH-tools-optional.patch
deleted file mode 100644
index 2d287885..00000000
--- a/recipes-containers/lxc/files/make-some-OpenSSH-tools-optional.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 34be0d3cd8c4eaca9929470bc8bce5e74975bccf Mon Sep 17 00:00:00 2001
-From: Bogdan Purcareata <bogdan.purcareata@freescale.com>
-Date: Thu, 23 Apr 2015 08:33:00 +0000
-Subject: [PATCH] lxc-busybox: make some OpenSSH tools optional
-
-Currently, when installing OpenSSH in a Busybox container, the template searches
-for all the OpenSSH client binaries available in the Debian distro package. The
-included tools might differ from distro to distro, so make part of the tools
-optional. The mandatory tools, without which installing OpenSSH fails, are
-"sshd" for the server and "ssh" and "scp" for the client.
-
-Upstream-Status: Submitted
-[https://lists.linuxcontainers.org/pipermail/lxc-devel/2015-April/011696.html]
-
-Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
----
- templates/lxc-busybox.in | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in
-index 95961a3..17a3006 100644
---- a/templates/lxc-busybox.in
-+++ b/templates/lxc-busybox.in
-@@ -197,6 +197,8 @@ install_openssh()
-     client_utils="\
-         ssh \
-         scp \
-+        "
-+    client_optional_utils="\
-         sftp \
-         ssh-add \
-         ssh-agent \
-@@ -230,6 +232,13 @@ $rootfs/var/run/sshd \
-         fi
-     done
- 
-+    for bin in $client_optional_utils; do
-+        tool_path=`which $bin`
-+        if [ $? -eq 0 ]; then
-+            cp $tool_path $rootfs/$tool_path
-+        fi
-+    done
-+
-     # add user and group
-     cat <<EOF >> $rootfs/etc/passwd
- sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
--- 
-2.1.4
-
diff --git a/recipes-containers/lxc/files/mount_proc_if_needed-only-safe-mount-when-rootfs-is-.patch b/recipes-containers/lxc/files/mount_proc_if_needed-only-safe-mount-when-rootfs-is-.patch
deleted file mode 100644
index c3afd858..00000000
--- a/recipes-containers/lxc/files/mount_proc_if_needed-only-safe-mount-when-rootfs-is-.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From f267d6668e3a95cb2247accb169cf1bc7f8ffcab Mon Sep 17 00:00:00 2001
-From: Bogdan Purcareata <bogdan.purcareata@nxp.com>
-Date: Wed, 20 Jan 2016 10:53:57 +0000
-Subject: [PATCH] mount_proc_if_needed: only safe mount when rootfs is defined
-
-The safe_mount function was introduced in order to address CVE-2015-1335,
-one of the vulnerabilities being a mount with a symlink for the
-destination path. In scenarios such as lxc-execute with no rootfs, the
-destination path is the host /proc, which is previously mounted by the
-host, and is unmounted and mounted again in a new set of namespaces,
-therefore eliminating the need to check for it being a symlink.
-
-Mount the rootfs normally if the rootfs is NULL, keep the safe mount
-only for scenarios where a different rootfs is defined.
-
-Upstream-status: Accepted
-[https://github.com/lxc/lxc/commit/f267d6668e3a95cb2247accb169cf1bc7f8ffcab]
-
-Signed-off-by: Bogdan Purcareata <bogdan.purcareata@nxp.com>
-Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
----
- src/lxc/conf.c  |  1 +
- src/lxc/utils.c | 10 +++++++++-
- 2 files changed, 10 insertions(+), 1 deletion(-)
-
-diff --git a/src/lxc/conf.c b/src/lxc/conf.c
-index 632dde3..1e30c0c 100644
---- a/src/lxc/conf.c
-+++ b/src/lxc/conf.c
-@@ -3509,6 +3509,7 @@ int ttys_shift_ids(struct lxc_conf *c)
-        return 0;
- }
- 
-+/* NOTE: not to be called from inside the container namespace! */
- int tmp_proc_mount(struct lxc_conf *lxc_conf)
- {
-        int mounted;
-diff --git a/src/lxc/utils.c b/src/lxc/utils.c
-index 4e96a50..0bc7a20 100644
---- a/src/lxc/utils.c
-+++ b/src/lxc/utils.c
-@@ -1704,6 +1704,8 @@ int safe_mount(const char *src, const char *dest, const char *fstype,
-  *
-  * Returns < 0 on failure, 0 if the correct proc was already mounted
-  * and 1 if a new proc was mounted.
-+ *
-+ * NOTE: not to be called from inside the container namespace!
-  */
- int mount_proc_if_needed(const char *rootfs)
- {
-@@ -1737,8 +1739,14 @@ int mount_proc_if_needed(const char *rootfs)
-        return 0;
- 
- domount:
--       if (safe_mount("proc", path, "proc", 0, NULL, rootfs) < 0)
-+       if (!strcmp(rootfs,"")) /* rootfs is NULL */
-+               ret = mount("proc", path, "proc", 0, NULL);
-+       else
-+               ret = safe_mount("proc", path, "proc", 0, NULL, rootfs);
-+
-+       if (ret < 0)
-                return -1;
-+
-        INFO("Mounted /proc in container for security transition");
-        return 1;
- }
--- 
-1.9.1
-
diff --git a/recipes-containers/lxc/files/open_without_symlink-Account-when-prefix-is-empty-st.patch b/recipes-containers/lxc/files/open_without_symlink-Account-when-prefix-is-empty-st.patch
deleted file mode 100644
index 28f9889b..00000000
--- a/recipes-containers/lxc/files/open_without_symlink-Account-when-prefix-is-empty-st.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 01074e5b34719537cef474c6b81d4f55e6427639 Mon Sep 17 00:00:00 2001
-From: Bogdan Purcareata <bogdan.purcareata@nxp.com>
-Date: Fri, 8 Jan 2016 15:38:35 +0000
-Subject: [PATCH] open_without_symlink: Account when prefix is empty string
-
-In the current implementation, the open_without_symlink function
-will default to opening the root mount only if the passed rootfs
-prefix is null. It doesn't account for the case where this prefix
-is passed as an empty string.
-
-Properly handle this second case as well.
-
-Upstream-Status: Accepted
-[https://github.com/lxc/lxc/commit/01074e5b34719537cef474c6b81d4f55e6427639]
-
-Signed-off-by: Bogdan Purcareata <bogdan.purcareata@nxp.com>
-Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
----
- src/lxc/utils.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/lxc/utils.c b/src/lxc/utils.c
-index ed8c4c4..4e96a50 100644
---- a/src/lxc/utils.c
-+++ b/src/lxc/utils.c
-@@ -1575,7 +1575,7 @@ static int open_without_symlink(const char *target, const char *prefix_skip)
-        fulllen = strlen(target);
- 
-        /* make sure prefix-skip makes sense */
--       if (prefix_skip) {
-+       if (prefix_skip && strlen(prefix_skip) > 0) {
-                curlen = strlen(prefix_skip);
-                if (!is_subdir(target, prefix_skip, curlen)) {
-                        ERROR("WHOA there - target '%s' didn't start with prefix '%s'",
--- 
-1.9.1
-
diff --git a/recipes-containers/lxc/files/open_without_symlink-Don-t-SYSERROR-on-something-els.patch b/recipes-containers/lxc/files/open_without_symlink-Don-t-SYSERROR-on-something-els.patch
deleted file mode 100644
index 098ead7e..00000000
--- a/recipes-containers/lxc/files/open_without_symlink-Don-t-SYSERROR-on-something-els.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 88e078ba865b675f9a0dc61caa0732d7052593f8 Mon Sep 17 00:00:00 2001
-From: Christian Brauner <christian.brauner@mailbox.org>
-Date: Wed, 23 Mar 2016 16:37:09 +0100
-Subject: [PATCH] open_without_symlink: Don't SYSERROR on something else than
- ELOOP
-
-The open_without_symlink routine has been specifically created to prevent
-mounts with synlinks as source or destination. Keep SYSERROR'ing in that
-particular scenario, but leave error handling to calling functions for the
-other ones - e.g. optional bind mount when the source dir doesn't exist
-throws a nasty error.
-
-Upstream-status: Accepted
-[https://github.com/lxc/lxc/commit/88e078ba865b675f9a0dc61caa0732d7052593f8]
-
-Signed-off-by: Bogdan Purcareata <bogdan.purcareata@nxp.com>
----
- src/lxc/utils.c | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/src/lxc/utils.c b/src/lxc/utils.c
-index 6bee698..8e7ebbc 100644
---- a/src/lxc/utils.c
-+++ b/src/lxc/utils.c
-@@ -1621,8 +1621,6 @@ static int open_without_symlink(const char *target, const char *prefix_skip)
-                        errno = saved_errno;
-                        if (errno == ELOOP)
-                                SYSERROR("%s in %s was a symbolic link!", nextpath, target);
--                       else
--                               SYSERROR("Error examining %s in %s", nextpath, target);
-                        goto out;
-                }
-        }
-@@ -1667,8 +1665,11 @@ int safe_mount(const char *src, const char *dest, const char *fstype,
- 
-        destfd = open_without_symlink(dest, rootfs);
-        if (destfd < 0) {
--               if (srcfd != -1)
-+               if (srcfd != -1) {
-+                       saved_errno = errno;
-                        close(srcfd);
-+                       errno = saved_errno;
-+               }
-                return destfd;
-        }
- 
--- 
-1.9.1
-
diff --git a/recipes-containers/lxc/lxc_1.1.5.bb b/recipes-containers/lxc/lxc_2.0.0.bb
index 1864ef83..34aab38a 100644
--- a/recipes-containers/lxc/lxc_1.1.5.bb
+++ b/recipes-containers/lxc/lxc_2.0.0.bb
@@ -26,25 +26,13 @@ SRC_URI = "http://linuxcontainers.org/downloads/${BPN}-${PV}.tar.gz \
         file://runtest.patch \
         file://run-ptest \
         file://automake-ensure-VPATH-builds-correctly.patch \
-        file://add-lxc.rebootsignal.patch \
-        file://document-lxc.rebootsignal.patch \
-        file://lxc-busybox-use-lxc.rebootsignal-SIGTERM.patch \
         file://lxc-fix-B-S.patch \
-        file://lxc-busybox-add-OpenSSH-support.patch \
-        file://make-some-OpenSSH-tools-optional.patch \
         file://lxc-doc-upgrade-to-use-docbook-3.1-DTD.patch \
         file://logs-optionally-use-base-filenames-to-report-src-fil.patch \
-        file://open_without_symlink-Account-when-prefix-is-empty-st.patch \
-        file://lxc_setup_fs-Create-dev-shm-folder-if-it-doesn-t-exi.patch \
-        file://mount_proc_if_needed-only-safe-mount-when-rootfs-is-.patch \
-        file://open_without_symlink-Don-t-SYSERROR-on-something-els.patch \
-        file://lxc-busybox-Touch-etc-fstab-in-the-container-rootfs.patch \
-        file://lxc-busybox-Remove-warning-for-dynamically-linked-Bu.patch \
-        file://lxc-let-lxc-start-support-wlan-phys.patch \
         "
 
-SRC_URI[md5sum] = "dd9684dde0a58ed13f4f49c855b79a1a"
-SRC_URI[sha256sum] = "9588ad1b04e114ee7370f690c65131e28098b28d2521d97c73557d11897ed0be"
+SRC_URI[md5sum] = "04a7245a614cd3296b0ae9ceeeb83fbb"
+SRC_URI[sha256sum] = "5b737e114d8ef1feb193fba936d77a5697a7c8a10199a068cdd90d1bd27c10e4"
 
 S = "${WORKDIR}/${BPN}-${PV}"