14 files changed, 8 insertions, 922 deletions
diff --git a/recipes-containers/lxc/files/add-lxc.rebootsignal.patch b/recipes-containers/lxc/files/add-lxc.rebootsignal.patch
deleted file mode 100644
index e54d188f..00000000
--- a/recipes-containers/lxc/files/add-lxc.rebootsignal.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-From dd267776ee265737520c2c661a51c2d29cf43cb0 Mon Sep 17 00:00:00 2001
-From: Bogdan Purcareata <bogdan.purcareata@freescale.com>
-Date: Mon, 16 Feb 2015 09:38:34 +0000
-Subject: [PATCH 10/12] add lxc.rebootsignal
-Following the model of f0f1d8c076ae93d8ecf735c2eeae471e27ca6abd, add a reboot
-signal for special init processes that work on something other than SIGINT.
-Upstream-Status: Accepted
-[https://github.com/lxc/lxc/commit/dd267776ee265737520c2c661a51c2d29cf43cb0]
-Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
-Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
---
- src/lxc/conf.h         |  1 +
- src/lxc/confile.c      | 14 ++++++++++++++
- src/lxc/lxccontainer.c |  5 ++++-
- 3 files changed, 19 insertions(+), 1 deletion(-)
-diff --git a/src/lxc/conf.h b/src/lxc/conf.h
-index afa5517..334ea70 100644
--- a/src/lxc/conf.h
-+++ b/src/lxc/conf.h
-@@ -323,6 +323,7 @@ struct lxc_conf {
-        int maincmd_fd;
-        int autodev;  // if 1, mount and fill a /dev at start
-        int haltsignal; // signal used to halt container
-+       int rebootsignal; // signal used to reboot container
-        int stopsignal; // signal used to hard stop container
-        int kmsg;  // if 1, create /dev/kmsg symlink
-        char *rcfile;   // Copy of the top level rcfile we read
-diff --git a/src/lxc/confile.c b/src/lxc/confile.c
-index 8544ac9..42d42e5 100644
--- a/src/lxc/confile.c
-+++ b/src/lxc/confile.c
-@@ -98,6 +98,7 @@ static int config_includefile(const char *, const char *, struct lxc_conf *);
- static int config_network_nic(const char *, const char *, struct lxc_conf *);
- static int config_autodev(const char *, const char *, struct lxc_conf *);
- static int config_haltsignal(const char *, const char *, struct lxc_conf *);
-+static int config_rebootsignal(const char *, const char *, struct lxc_conf *);
- static int config_stopsignal(const char *, const char *, struct lxc_conf *);
- static int config_start(const char *, const char *, struct lxc_conf *);
- static int config_group(const char *, const char *, struct lxc_conf *);
-@@ -158,6 +159,7 @@ static struct lxc_config_t config[] = {
-        { "lxc.include",              config_includefile          },
-        { "lxc.autodev",              config_autodev              },
-        { "lxc.haltsignal",           config_haltsignal           },
-+       { "lxc.rebootsignal",         config_rebootsignal         },
-        { "lxc.stopsignal",           config_stopsignal           },
-        { "lxc.start.auto",           config_start                },
-        { "lxc.start.delay",          config_start                },
-@@ -1268,6 +1270,18 @@ static int config_haltsignal(const char *key, const char *value,
-        return 0;
- }
- 
-+static int config_rebootsignal(const char *key, const char *value,
-+                            struct lxc_conf *lxc_conf)
-+{
-+       int sig_n = sig_parse(value);
-+
-+       if (sig_n < 0)
-+               return -1;
-+       lxc_conf->rebootsignal = sig_n;
-+
-+       return 0;
-+}
-+
- static int config_stopsignal(const char *key, const char *value,
-                          struct lxc_conf *lxc_conf)
- {
-diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
-index e02ee93..4422f4a 100644
--- a/src/lxc/lxccontainer.c
-+++ b/src/lxc/lxccontainer.c
-@@ -1363,6 +1363,7 @@ free_tpath:
- static bool lxcapi_reboot(struct lxc_container *c)
- {
-        pid_t pid;
-+       int rebootsignal = SIGINT;
- 
-        if (!c)
-                return false;
-@@ -1371,7 +1372,9 @@ static bool lxcapi_reboot(struct lxc_container *c)
-        pid = c->init_pid(c);
-        if (pid <= 0)
-                return false;
-       if (kill(pid, SIGINT) < 0)
-+       if (c->lxc_conf && c->lxc_conf->rebootsignal)
-+               rebootsignal = c->lxc_conf->rebootsignal;
-+       if (kill(pid, rebootsignal) < 0)
-                return false;
-        return true;
- 
-- 
-2.1.4
diff --git a/recipes-containers/lxc/files/document-lxc.rebootsignal.patch b/recipes-containers/lxc/files/document-lxc.rebootsignal.patch
deleted file mode 100644
index d1cce40f..00000000
--- a/recipes-containers/lxc/files/document-lxc.rebootsignal.patch
+++ /dev/null
@@ -1,140 +0,0 @@
-From baefc2176780b5e4527c1f86206c0ea72d80c8f5 Mon Sep 17 00:00:00 2001
-From: Bogdan Purcareata <bogdan.purcareata@freescale.com>
-Date: Tue, 10 Mar 2015 10:06:58 +0000
-Subject: [PATCH] document lxc.rebootsignal
-Also fix some minor indentation mishaps since we're here.
-Upstrem-Status: Backport [from LXC 1.1]
-[https://github.com/lxc/lxc/commit/936762f3fb6cf10e0756719f03aebe052d5c31a8]
-Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
-Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
---
- doc/lxc-stop.sgml.in           |  4 +-
- doc/lxc.container.conf.sgml.in | 86 ++++++++++++++++++++++++++----------------
- 2 files changed, 57 insertions(+), 33 deletions(-)
-diff --git a/doc/lxc-stop.sgml.in b/doc/lxc-stop.sgml.in
-index bc5e6a8..3c69fed 100644
--- a/doc/lxc-stop.sgml.in
-+++ b/doc/lxc-stop.sgml.in
-@@ -70,7 +70,9 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-       the container's init process, waiting up to 60 seconds for the container
-       to exit, and then returning. If the container fails to cleanly exit in
-       60 seconds, it will be sent the <command>lxc.stopsignal</command>
-      (defaults to SIGKILL) to force it to shut down.
-+      (defaults to SIGKILL) to force it to shut down. A request to reboot will
-+      send the <command>lxc.rebootsignal</command> (defaults to SIGINT) to the
-+      container's init process.
-     </para>
-        <para>
-        The <optional>-W</optional>, <optional>-r</optional>,
-diff --git a/doc/lxc.container.conf.sgml.in b/doc/lxc.container.conf.sgml.in
-index e98496d..1962528 100644
--- a/doc/lxc.container.conf.sgml.in
-+++ b/doc/lxc.container.conf.sgml.in
-@@ -158,46 +158,68 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-     <refsect2>
-       <title>Halt signal</title>
-       <para>
-    Allows one to specify signal name or number, sent by lxc-stop to the
-    container's init process to cleanly shutdown the container. Different
-    init systems could use different signals to perform clean shutdown
-    sequence. This option allows the signal to be specified in kill(1)
-    fashion, e.g. SIGPWR, SIGRTMIN+14, SIGRTMAX-10 or plain number. The
-    default signal is SIGPWR.
-+        Allows one to specify signal name or number, sent by lxc-stop to the
-+        container's init process to cleanly shutdown the container. Different
-+        init systems could use different signals to perform clean shutdown
-+        sequence. This option allows the signal to be specified in kill(1)
-+        fashion, e.g. SIGPWR, SIGRTMIN+14, SIGRTMAX-10 or plain number. The
-+        default signal is SIGPWR.
-       </para>
-       <variablelist>
-    <varlistentry>
-      <term>
-        <option>lxc.haltsignal</option>
-      </term>
-      <listitem>
-        <para>
-          specify the signal used to halt the container
-        </para>
-      </listitem>
-    </varlistentry>
-+        <varlistentry>
-+          <term>
-+            <option>lxc.haltsignal</option>
-+          </term>
-+          <listitem>
-+            <para>
-+              specify the signal used to halt the container
-+            </para>
-+          </listitem>
-+        </varlistentry>
-+      </variablelist>
-+    </refsect2>
-+
-+    <refsect2>
-+      <title>Reboot signal</title>
-+      <para>
-+        Allows one to specify signal name or number, sent by lxc-stop to
-+        reboot the container. This option allows signal to be specified in
-+        kill(1) fashion, e.g. SIGTERM, SIGRTMIN+14, SIGRTMAX-10 or plain number.
-+        The default signal is SIGINT.
-+          </para>
-+          <variablelist>
-+        <varlistentry>
-+          <term>
-+            <option>lxc.rebootsignal</option>
-+          </term>
-+          <listitem>
-+            <para>
-+              specify the signal used to reboot the container
-+            </para>
-+          </listitem>
-+        </varlistentry>
-       </variablelist>
-     </refsect2>
- 
-     <refsect2>
-       <title>Stop signal</title>
-       <para>
-    Allows one to specify signal name or number, sent by lxc-stop to forcibly
-    shutdown the container. This option allows signal to be specified in
-    kill(1) fashion, e.g. SIGKILL, SIGRTMIN+14, SIGRTMAX-10 or plain number.
-    The default signal is SIGKILL.
-      </para>
-      <variablelist>
-    <varlistentry>
-      <term>
-        <option>lxc.stopsignal</option>
-      </term>
-      <listitem>
-        <para>
-          specify the signal used to stop the container
-        </para>
-      </listitem>
-    </varlistentry>
-+        Allows one to specify signal name or number, sent by lxc-stop to forcibly
-+        shutdown the container. This option allows signal to be specified in
-+        kill(1) fashion, e.g. SIGKILL, SIGRTMIN+14, SIGRTMAX-10 or plain number.
-+        The default signal is SIGKILL.
-+          </para>
-+          <variablelist>
-+        <varlistentry>
-+          <term>
-+            <option>lxc.stopsignal</option>
-+          </term>
-+          <listitem>
-+            <para>
-+              specify the signal used to stop the container
-+            </para>
-+          </listitem>
-+        </varlistentry>
-       </variablelist>
-     </refsect2>
- 
-- 
-2.1.4
diff --git a/recipes-containers/lxc/files/lxc-busybox-Remove-warning-for-dynamically-linked-Bu.patch b/recipes-containers/lxc/files/lxc-busybox-Remove-warning-for-dynamically-linked-Bu.patch
deleted file mode 100644
index c0a810b1..00000000
--- a/recipes-containers/lxc/files/lxc-busybox-Remove-warning-for-dynamically-linked-Bu.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 07e4c41f2963d73b9aedd552c74f17a33e89f020 Mon Sep 17 00:00:00 2001
-From: Bogdan Purcareata <bogdan.purcareata@nxp.com>
-Date: Thu, 24 Mar 2016 11:54:27 +0000
-Subject: [PATCH] lxc-busybox: Remove warning for dynamically linked Busybox
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-The warning has been present since commit 32b37181ea (with no purpose stated).
-Support for dynamically linked Busybox has been added since commit bf6cc73696.
-Haven't encountered any issues with dynamically linked Busybox in my last
-2 years' testing.
-Upstream-status: Accepted
-[https://github.com/lxc/lxc/commit/07e4c41f2963d73b9aedd552c74f17a33e89f020]
-Signed-off-by: Bogdan Purcareata <bogdan.purcareata@nxp.com>
-Acked-by: Stéphane Graber <stgraber@ubuntu.com>
---
- templates/lxc-busybox.in | 7 -------
- 1 file changed, 7 deletions(-)
-diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in
-index f547f9e..336fa12 100644
--- a/templates/lxc-busybox.in
-+++ b/templates/lxc-busybox.in
-@@ -304,13 +304,6 @@ configure_busybox()
-         return 1
-     fi
- 
-    file -L $(which busybox) | grep -q "statically linked"
-    if [ $? -ne 0 ]; then
-        echo "warning : busybox is not statically linked."
-        echo "warning : The template script may not correctly"
-        echo "warning : setup the container environment."
-    fi
-
-     # copy busybox in the rootfs
-     cp $(which busybox) $rootfs/bin
-     if [ $? -ne 0 ]; then
-- 
-1.9.1
diff --git a/recipes-containers/lxc/files/lxc-busybox-Touch-etc-fstab-in-the-container-rootfs.patch b/recipes-containers/lxc/files/lxc-busybox-Touch-etc-fstab-in-the-container-rootfs.patch
deleted file mode 100644
index 33862ddc..00000000
--- a/recipes-containers/lxc/files/lxc-busybox-Touch-etc-fstab-in-the-container-rootfs.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 6ab1ca0375feeb00070f0c0f9186551b08b1ee5e Mon Sep 17 00:00:00 2001
-From: Bogdan Purcareata <bogdan.purcareata@nxp.com>
-Date: Tue, 22 Mar 2016 13:33:57 +0000
-Subject: [PATCH] lxc-busybox: Touch /etc/fstab in the container rootfs
-Upstream-status: Accepted
-[https://github.com/lxc/lxc/commit/6ab1ca0375feeb00070f0c0f9186551b08b1ee5e]
-Signed-off-by: Bogdan Purcareata <bogdan.purcareata@nxp.com>
---
- templates/lxc-busybox.in | 3 +++
- 1 file changed, 3 insertions(+)
-diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in
-index c020e66..f547f9e 100644
--- a/templates/lxc-busybox.in
-+++ b/templates/lxc-busybox.in
-@@ -330,6 +330,9 @@ configure_busybox()
-     # relink /sbin/init
-     ln $rootfs/bin/busybox $rootfs/sbin/init
- 
-+    # /etc/fstab must exist for "mount -a"
-+    touch $rootfs/etc/fstab
-+
-     # passwd exec must be setuid
-     chmod +s $rootfs/bin/passwd
-     touch $rootfs/etc/shadow
-- 
-1.9.1
diff --git a/recipes-containers/lxc/files/lxc-busybox-add-OpenSSH-support.patch b/recipes-containers/lxc/files/lxc-busybox-add-OpenSSH-support.patch
deleted file mode 100644
index f2f332cb..00000000
--- a/recipes-containers/lxc/files/lxc-busybox-add-OpenSSH-support.patch
+++ /dev/null
@@ -1,246 +0,0 @@
-From ed52814c776963efdcc9dcda1ec26fc09930ef93 Mon Sep 17 00:00:00 2001
-From: Bogdan Purcareata <bogdan.purcareata@freescale.com>
-Date: Wed, 22 Apr 2015 14:53:32 +0000
-Subject: [PATCH] lxc-busybox: add OpenSSH support
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-Add an additional template parameter for SSH support in the container. Currently
-this can be implemented using the Dropbear or OpenSSH utility. The respective
-tool needs to be available on the host Linux.
-If the parameter is omitted, the template will look for the Dropbear utility on
-the host and install it if it is available (legacy behavior).
-Adding OpenSSH support has been done following the model in the lxc-sshd
-template.
-Upstream-status: Accepted
-[https://github.com/lxc/lxc/commit/ed52814c776963efdcc9dcda1ec26fc09930ef93]
-Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
-Acked-by: Stéphane Graber <stgraber@ubuntu.com>
---
- templates/lxc-busybox.in | 169 ++++++++++++++++++++++++++++++++++++++---------
- 1 file changed, 139 insertions(+), 30 deletions(-)
-diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in
-index 7e05bd6..95961a3 100644
--- a/templates/lxc-busybox.in
-+++ b/templates/lxc-busybox.in
-@@ -22,6 +22,7 @@
- 
- LXC_MAPPED_UID=
- LXC_MAPPED_GID=
-+SSH=
- 
- # Make sure the usual locations are in PATH
- export PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin
-@@ -160,6 +161,116 @@ EOF
-     return $res
- }
- 
-+install_dropbear()
-+{
-+    # copy dropbear binary
-+    cp $(which dropbear) $rootfs/usr/sbin
-+    if [ $? -ne 0 ]; then
-+        echo "Failed to copy dropbear in the rootfs"
-+        return 1
-+    fi
-+
-+    # make symlinks to various ssh utilities
-+    utils="\
-+        $rootfs/usr/bin/dbclient \
-+        $rootfs/usr/bin/scp \
-+        $rootfs/usr/bin/ssh \
-+        $rootfs/usr/sbin/dropbearkey \
-+        $rootfs/usr/sbin/dropbearconvert \
-+    "
-+    echo $utils | xargs -n1 ln -s /usr/sbin/dropbear
-+
-+    # add necessary config files
-+    mkdir $rootfs/etc/dropbear
-+    dropbearkey -t rsa -f $rootfs/etc/dropbear/dropbear_rsa_host_key > /dev/null 2>&1
-+    dropbearkey -t dss -f $rootfs/etc/dropbear/dropbear_dss_host_key > /dev/null 2>&1
-+
-+    echo "'dropbear' ssh utility installed"
-+
-+    return 0
-+}
-+
-+install_openssh()
-+{
-+    # tools to be installed
-+    server_utils="sshd"
-+    client_utils="\
-+        ssh \
-+        scp \
-+        sftp \
-+        ssh-add \
-+        ssh-agent \
-+        ssh-keygen \
-+        ssh-keyscan \
-+        ssh-argv0 \
-+        ssh-copy-id \
-+        "
-+
-+    # new folders used by ssh
-+    ssh_tree="\
-+$rootfs/etc/ssh \
-+$rootfs/var/empty/sshd \
-+$rootfs/var/lib/empty/sshd \
-+$rootfs/var/run/sshd \
-+"
-+
-+    # create folder structure
-+    mkdir -p $ssh_tree
-+    if [ $? -ne 0 ]; then
-+        return 1
-+    fi
-+
-+    # copy binaries
-+    for bin in $server_utils $client_utils; do
-+        tool_path=`which $bin`
-+        cp $tool_path $rootfs/$tool_path
-+        if [ $? -ne 0 ]; then
-+            echo "Unable to copy $tool_path in the rootfs"
-+            return 1
-+        fi
-+    done
-+
-+    # add user and group
-+    cat <<EOF >> $rootfs/etc/passwd
-+sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
-+EOF
-+
-+    cat <<EOF >> $rootfs/etc/group
-+sshd:x:74:
-+EOF
-+
-+    # generate container keys
-+    ssh-keygen -t rsa -N "" -f $rootfs/etc/ssh/ssh_host_rsa_key >/dev/null 2>&1
-+    ssh-keygen -t dsa -N "" -f $rootfs/etc/ssh/ssh_host_dsa_key >/dev/null 2>&1
-+
-+    # by default setup root password with no password
-+    cat <<EOF > $rootfs/etc/ssh/sshd_config
-+Port 22
-+Protocol 2
-+HostKey /etc/ssh/ssh_host_rsa_key
-+HostKey /etc/ssh/ssh_host_dsa_key
-+UsePrivilegeSeparation yes
-+KeyRegenerationInterval 3600
-+ServerKeyBits 768
-+SyslogFacility AUTH
-+LogLevel INFO
-+LoginGraceTime 120
-+PermitRootLogin yes
-+StrictModes yes
-+RSAAuthentication yes
-+PubkeyAuthentication yes
-+IgnoreRhosts yes
-+RhostsRSAAuthentication no
-+HostbasedAuthentication no
-+PermitEmptyPasswords yes
-+ChallengeResponseAuthentication no
-+EOF
-+
-+    echo "'OpenSSH' utility installed"
-+
-+    return 0
-+}
-+
- configure_busybox()
- {
-     rootfs=$1
-@@ -230,34 +341,6 @@ EOF
-     lxc-unshare -s MOUNT -- /bin/sh < $CHPASSWD_FILE
-     rm $CHPASSWD_FILE
- 
-    # add ssh functionality if dropbear package available on host
-    which dropbear >/dev/null 2>&1
-    if [ $? -eq 0 ]; then
-        # copy dropbear binary
-        cp $(which dropbear) $rootfs/usr/sbin
-        if [ $? -ne 0 ]; then
-            echo "Failed to copy dropbear in the rootfs"
-            return 1
-        fi
-
-        # make symlinks to various ssh utilities
-        utils="\
-            $rootfs/usr/bin/dbclient \
-            $rootfs/usr/bin/scp \
-            $rootfs/usr/bin/ssh \
-            $rootfs/usr/sbin/dropbearkey \
-            $rootfs/usr/sbin/dropbearconvert \
-        "
-        echo $utils | xargs -n1 ln -s /usr/sbin/dropbear
-
-        # add necessary config files
-        mkdir $rootfs/etc/dropbear
-        dropbearkey -t rsa -f $rootfs/etc/dropbear/dropbear_rsa_host_key > /dev/null 2>&1
-        dropbearkey -t dss -f $rootfs/etc/dropbear/dropbear_dss_host_key > /dev/null 2>&1
-
-        echo "'dropbear' ssh utility installed"
-    fi
-
-     return 0
- }
- 
-@@ -315,12 +398,12 @@ remap_userns()
- usage()
- {
-     cat <<EOF
-$1 -h|--help -p|--path=<path>
-+$1 -h|--help -p|--path=<path> -s|--ssh={dropbear,openssh}
- EOF
-     return 0
- }
- 
-options=$(getopt -o hp:n: -l help,rootfs:,path:,name:,mapped-uid:,mapped-gid: -- "$@")
-+options=$(getopt -o hp:n:s: -l help,rootfs:,path:,name:,mapped-uid:,mapped-gid:,ssh: -- "$@")
- if [ $? -ne 0 ]; then
-     usage $(basename $0)
-     exit 1
-@@ -336,6 +419,7 @@ do
-         -n|--name)      name=$2; shift 2;;
-         --mapped-uid)   LXC_MAPPED_UID=$2; shift 2;;
-         --mapped-gid)   LXC_MAPPED_GID=$2; shift 2;;
-+        -s|--ssh)       SSH=$2; shift 2;;
-         --)             shift 1; break ;;
-         *)              break ;;
-     esac
-@@ -384,3 +468,28 @@ if [ $? -ne 0 ]; then
-     echo "failed to remap files to user"
-     exit 1
- fi
-+
-+if [ -n "$SSH" ]; then
-+    case "$SSH" in
-+        "dropbear")
-+            install_dropbear
-+            if [ $? -ne 0 ]; then
-+                echo "Unable to install 'dropbear' ssh utility"
-+                exit 1
-+            fi ;;
-+        "openssh")
-+            install_openssh
-+            if [ $? -ne 0 ]; then
-+                echo "Unable to install 'OpenSSH' utility"
-+                exit 1
-+            fi ;;
-+        *)
-+            echo "$SSH: unrecognized ssh utility"
-+            exit 1
-+    esac
-+else
-+    which dropbear >/dev/null 2>&1
-+    if [ $? -eq 0 ]; then
-+        install_dropbear
-+    fi
-+fi
-- 
-2.1.4
diff --git a/recipes-containers/lxc/files/lxc-busybox-use-lxc.rebootsignal-SIGTERM.patch b/recipes-containers/lxc/files/lxc-busybox-use-lxc.rebootsignal-SIGTERM.patch
deleted file mode 100644
index 2f4513ee..00000000
--- a/recipes-containers/lxc/files/lxc-busybox-use-lxc.rebootsignal-SIGTERM.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 22fb28a946397ec19b247efe170c15b263bf89af Mon Sep 17 00:00:00 2001
-From: Bogdan Purcareata <bogdan.purcareata@freescale.com>
-Date: Mon, 16 Feb 2015 09:38:36 +0000
-Subject: [PATCH 12/12] lxc-busybox: use lxc.rebootsignal = SIGTERM
-Otherwise lxc-stop -r has no effect on the container.
-Upstream-Status: Accepted
-[https://github.com/lxc/lxc/commit/22fb28a946397ec19b247efe170c15b263bf89af]
-Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
-Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
---
- templates/lxc-busybox.in | 1 +
- 1 file changed, 1 insertion(+)
-diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in
-index 72531d6..7e05bd6 100644
--- a/templates/lxc-busybox.in
-+++ b/templates/lxc-busybox.in
-@@ -270,6 +270,7 @@ copy_configuration()
- grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config
- cat <<EOF >> $path/config
- lxc.haltsignal = SIGUSR1
-+lxc.rebootsignal = SIGTERM
- lxc.utsname = $name
- lxc.tty = 1
- lxc.pts = 1
-- 
-2.1.4
diff --git a/recipes-containers/lxc/files/lxc-fix-B-S.patch b/recipes-containers/lxc/files/lxc-fix-B-S.patch
index 3822655e..a776b4f8 100644
--- a/recipes-containers/lxc/files/lxc-fix-B-S.patch
+++ b/recipes-containers/lxc/files/lxc-fix-B-S.patch
@@ -1,16 +1,15 @@
-Index: lxc-1.0.7/config/init/upstart/Makefile.am
+Index: lxc-2.0.0/config/init/upstart/Makefile.am
 ===================================================================
--- lxc-1.0.7.orig/config/init/upstart/Makefile.am
+--- lxc-2.0.0.orig/config/init/upstart/Makefile.am
-+++ lxc-1.0.7/config/init/upstart/Makefile.am
+++ lxc-2.0.0/config/init/upstart/Makefile.am
-@@ -3,9 +3,9 @@ EXTRA_DIST = lxc.conf lxc-instance.conf
+@@ -3,9 +3,9 @@
 if INIT_SCRIPT_UPSTART
 install-upstart: lxc.conf lxc-instance.conf lxc-net.conf
        $(MKDIR_P) $(DESTDIR)$(sysconfdir)/init/
 -       $(INSTALL_DATA) lxc.conf $(DESTDIR)$(sysconfdir)/init/
-       $(INSTALL_DATA) lxc-instance.conf $(DESTDIR)$(sysconfdir)/init/
-       $(INSTALL_DATA) lxc-net.conf $(DESTDIR)$(sysconfdir)/init/
 +       $(INSTALL_DATA) $(srcdir)/lxc.conf $(DESTDIR)$(sysconfdir)/init/
-+       $(INSTALL_DATA) $(srcdir)/lxc-instance.conf $(DESTDIR)$(sysconfdir)/init/
+        $(INSTALL_DATA) $(srcdir)/lxc-instance.conf $(DESTDIR)$(sysconfdir)/init/
+-       $(INSTALL_DATA) lxc-net.conf $(DESTDIR)$(sysconfdir)/init/
 +       $(INSTALL_DATA) $(srcdir)/lxc-net.conf $(DESTDIR)$(sysconfdir)/init/
 
 uninstall-upstart:
diff --git a/recipes-containers/lxc/files/lxc-let-lxc-start-support-wlan-phys.patch b/recipes-containers/lxc/files/lxc-let-lxc-start-support-wlan-phys.patch
deleted file mode 100644
index 9146fd07..00000000
--- a/recipes-containers/lxc/files/lxc-let-lxc-start-support-wlan-phys.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From 4acc7a24e098445de502a6f59a8b3dff2cd8536d Mon Sep 17 00:00:00 2001
-From: fli <fupan.li@windriver.com>
-Date: Thu, 21 Apr 2016 19:07:10 -0700
-Subject: [PATCH] lxc: let lxc-start support wlan phys
-The commit: e5848d395cb <netdev_move_by_index: support wlan> only
-made netdev_move_by_name support wlan, instead of netdev_move_by_index.
-Given netdev_move_by_name is a wrapper of netdev_move_by_index, so here
-replacing all of the call to lxc_netdev_move_by_index with lxc_netdev_move_by_name
-to let lxc-start support wlan phys.
-Signed-off-by: fli <fupan.li@windriver.com>
---
- src/lxc/conf.c | 20 ++++++++++++++++----
- 1 file changed, 16 insertions(+), 4 deletions(-)
-diff --git a/src/lxc/conf.c b/src/lxc/conf.c
-index 034bdff..bcba0f1 100644
--- a/src/lxc/conf.c
-+++ b/src/lxc/conf.c
-@@ -2623,6 +2623,7 @@ void restore_phys_nics_to_netns(int netnsfd, struct lxc_conf *conf)
- {
-        int i, ret, oldfd;
-        char path[MAXPATHLEN];
-+       char ifname[IFNAMSIZ]; 
- 
-        if (netnsfd < 0)
-                return;
-@@ -2643,9 +2644,13 @@ void restore_phys_nics_to_netns(int netnsfd, struct lxc_conf *conf)
-        }
-        for (i=0; i<conf->num_savednics; i++) {
-                struct saved_nic *s = &conf->saved_nics[i];
-               if (lxc_netdev_move_by_index(s->ifindex, 1, NULL))
-                       WARN("Error moving nic index:%d back to host netns",
-                                       s->ifindex);
-+               /* retrieve the name of the interface */
-+               if (!if_indextoname(s->ifindex, ifname)) {
-+                       WARN("no interface corresponding to index '%d'", s->ifindex);
-+                       continue;
-+               }
-+               if (lxc_netdev_move_by_name(ifname, 1, NULL))
-+                       WARN("Error moving nic name:%s back to host netns", ifname);
-        }
-        if (setns(oldfd, 0) != 0)
-                SYSERROR("Failed to re-enter monitor's netns");
-@@ -3208,6 +3213,7 @@ int lxc_assign_network(struct lxc_list *network, pid_t pid)
- {
-        struct lxc_list *iterator;
-        struct lxc_netdev *netdev;
-+       char ifname[IFNAMSIZ];
-        int am_root = (getuid() == 0);
-        int err;
- 
-@@ -3228,7 +3234,13 @@ int lxc_assign_network(struct lxc_list *network, pid_t pid)
-                if (!netdev->ifindex)
-                        continue;
- 
-               err = lxc_netdev_move_by_index(netdev->ifindex, pid, NULL);
-+               /* retrieve the name of the interface */
-+               if (!if_indextoname(netdev->ifindex, ifname)) {
-+                       ERROR("no interface corresponding to index '%d'", netdev->ifindex);
-+                       return -1;
-+               }
-+
-+               err = lxc_netdev_move_by_name(ifname, pid, NULL);
-                if (err) {
-                        ERROR("failed to move '%s' to the container : %s",
-                              netdev->link, strerror(-err));
-- 
-2.7.4
diff --git a/recipes-containers/lxc/files/lxc_setup_fs-Create-dev-shm-folder-if-it-doesn-t-exi.patch b/recipes-containers/lxc/files/lxc_setup_fs-Create-dev-shm-folder-if-it-doesn-t-exi.patch
deleted file mode 100644
index 751a7ac6..00000000
--- a/recipes-containers/lxc/files/lxc_setup_fs-Create-dev-shm-folder-if-it-doesn-t-exi.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 81e3c9cf8b2f230d761738da28e9dc69fb90ec46 Mon Sep 17 00:00:00 2001
-From: Bogdan Purcareata <bogdan.purcareata@nxp.com>
-Date: Fri, 8 Jan 2016 15:38:44 +0000
-Subject: [PATCH] lxc_setup_fs: Create /dev/shm folder if it doesn't exist
-When running application containers with lxc-execute, /dev is
-populated only with device entries. Since /dev is a tmpfs mount in
-the container environment, the /dev/shm folder not being present is not
-a sufficient reason for the /dev/shm mount to fail.
-Create the /dev/shm directory if not present.
-Upstream-status: Accepted
-[https://github.com/lxc/lxc/commit/81e3c9cf8b2f230d761738da28e9dc69fb90ec46]
-Signed-off-by: Bogdan Purcareata <bogdan.purcareata@nxp.com>
-Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
---
- src/lxc/initutils.c | 4 ++++
- 1 file changed, 4 insertions(+)
-diff --git a/src/lxc/initutils.c b/src/lxc/initutils.c
-index 45df60f..8d9016c 100644
--- a/src/lxc/initutils.c
-+++ b/src/lxc/initutils.c
-@@ -47,6 +47,10 @@ extern void lxc_setup_fs(void)
-        if (mount_fs("proc", "/proc", "proc"))
-                INFO("failed to remount proc");
- 
-+       /* if /dev has been populated by us, /dev/shm does not exist */
-+       if (access("/dev/shm", F_OK) && mkdir("/dev/shm", 0777))
-+               INFO("failed to create /dev/shm");
-+
-        /* if we can't mount /dev/shm, continue anyway */
-        if (mount_fs("shmfs", "/dev/shm", "tmpfs"))
-                INFO("failed to mount /dev/shm");
-- 
-1.9.1
diff --git a/recipes-containers/lxc/files/make-some-OpenSSH-tools-optional.patch b/recipes-containers/lxc/files/make-some-OpenSSH-tools-optional.patch
deleted file mode 100644
index 2d287885..00000000
--- a/recipes-containers/lxc/files/make-some-OpenSSH-tools-optional.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 34be0d3cd8c4eaca9929470bc8bce5e74975bccf Mon Sep 17 00:00:00 2001
-From: Bogdan Purcareata <bogdan.purcareata@freescale.com>
-Date: Thu, 23 Apr 2015 08:33:00 +0000
-Subject: [PATCH] lxc-busybox: make some OpenSSH tools optional
-Currently, when installing OpenSSH in a Busybox container, the template searches
-for all the OpenSSH client binaries available in the Debian distro package. The
-included tools might differ from distro to distro, so make part of the tools
-optional. The mandatory tools, without which installing OpenSSH fails, are
-"sshd" for the server and "ssh" and "scp" for the client.
-Upstream-Status: Submitted
-[https://lists.linuxcontainers.org/pipermail/lxc-devel/2015-April/011696.html]
-Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
---
- templates/lxc-busybox.in | 9 +++++++++
- 1 file changed, 9 insertions(+)
-diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in
-index 95961a3..17a3006 100644
--- a/templates/lxc-busybox.in
-+++ b/templates/lxc-busybox.in
-@@ -197,6 +197,8 @@ install_openssh()
-     client_utils="\
-         ssh \
-         scp \
-+        "
-+    client_optional_utils="\
-         sftp \
-         ssh-add \
-         ssh-agent \
-@@ -230,6 +232,13 @@ $rootfs/var/run/sshd \
-         fi
-     done
- 
-+    for bin in $client_optional_utils; do
-+        tool_path=`which $bin`
-+        if [ $? -eq 0 ]; then
-+            cp $tool_path $rootfs/$tool_path
-+        fi
-+    done
-+
-     # add user and group
-     cat <<EOF >> $rootfs/etc/passwd
- sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
-- 
-2.1.4
diff --git a/recipes-containers/lxc/files/mount_proc_if_needed-only-safe-mount-when-rootfs-is-.patch b/recipes-containers/lxc/files/mount_proc_if_needed-only-safe-mount-when-rootfs-is-.patch
deleted file mode 100644
index c3afd858..00000000
--- a/recipes-containers/lxc/files/mount_proc_if_needed-only-safe-mount-when-rootfs-is-.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From f267d6668e3a95cb2247accb169cf1bc7f8ffcab Mon Sep 17 00:00:00 2001
-From: Bogdan Purcareata <bogdan.purcareata@nxp.com>
-Date: Wed, 20 Jan 2016 10:53:57 +0000
-Subject: [PATCH] mount_proc_if_needed: only safe mount when rootfs is defined
-The safe_mount function was introduced in order to address CVE-2015-1335,
-one of the vulnerabilities being a mount with a symlink for the
-destination path. In scenarios such as lxc-execute with no rootfs, the
-destination path is the host /proc, which is previously mounted by the
-host, and is unmounted and mounted again in a new set of namespaces,
-therefore eliminating the need to check for it being a symlink.
-Mount the rootfs normally if the rootfs is NULL, keep the safe mount
-only for scenarios where a different rootfs is defined.
-Upstream-status: Accepted
-[https://github.com/lxc/lxc/commit/f267d6668e3a95cb2247accb169cf1bc7f8ffcab]
-Signed-off-by: Bogdan Purcareata <bogdan.purcareata@nxp.com>
-Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
---
- src/lxc/conf.c  |  1 +
- src/lxc/utils.c | 10 +++++++++-
- 2 files changed, 10 insertions(+), 1 deletion(-)
-diff --git a/src/lxc/conf.c b/src/lxc/conf.c
-index 632dde3..1e30c0c 100644
--- a/src/lxc/conf.c
-+++ b/src/lxc/conf.c
-@@ -3509,6 +3509,7 @@ int ttys_shift_ids(struct lxc_conf *c)
-        return 0;
- }
- 
-+/* NOTE: not to be called from inside the container namespace! */
- int tmp_proc_mount(struct lxc_conf *lxc_conf)
- {
-        int mounted;
-diff --git a/src/lxc/utils.c b/src/lxc/utils.c
-index 4e96a50..0bc7a20 100644
--- a/src/lxc/utils.c
-+++ b/src/lxc/utils.c
-@@ -1704,6 +1704,8 @@ int safe_mount(const char *src, const char *dest, const char *fstype,
-  *
-  * Returns < 0 on failure, 0 if the correct proc was already mounted
-  * and 1 if a new proc was mounted.
-+ *
-+ * NOTE: not to be called from inside the container namespace!
-  */
- int mount_proc_if_needed(const char *rootfs)
- {
-@@ -1737,8 +1739,14 @@ int mount_proc_if_needed(const char *rootfs)
-        return 0;
- 
- domount:
-       if (safe_mount("proc", path, "proc", 0, NULL, rootfs) < 0)
-+       if (!strcmp(rootfs,"")) /* rootfs is NULL */
-+               ret = mount("proc", path, "proc", 0, NULL);
-+       else
-+               ret = safe_mount("proc", path, "proc", 0, NULL, rootfs);
-+
-+       if (ret < 0)
-                return -1;
-+
-        INFO("Mounted /proc in container for security transition");
-        return 1;
- }
-- 
-1.9.1
diff --git a/recipes-containers/lxc/files/open_without_symlink-Account-when-prefix-is-empty-st.patch b/recipes-containers/lxc/files/open_without_symlink-Account-when-prefix-is-empty-st.patch
deleted file mode 100644
index 28f9889b..00000000
--- a/recipes-containers/lxc/files/open_without_symlink-Account-when-prefix-is-empty-st.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 01074e5b34719537cef474c6b81d4f55e6427639 Mon Sep 17 00:00:00 2001
-From: Bogdan Purcareata <bogdan.purcareata@nxp.com>
-Date: Fri, 8 Jan 2016 15:38:35 +0000
-Subject: [PATCH] open_without_symlink: Account when prefix is empty string
-In the current implementation, the open_without_symlink function
-will default to opening the root mount only if the passed rootfs
-prefix is null. It doesn't account for the case where this prefix
-is passed as an empty string.
-Properly handle this second case as well.
-Upstream-Status: Accepted
-[https://github.com/lxc/lxc/commit/01074e5b34719537cef474c6b81d4f55e6427639]
-Signed-off-by: Bogdan Purcareata <bogdan.purcareata@nxp.com>
-Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
---
- src/lxc/utils.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/src/lxc/utils.c b/src/lxc/utils.c
-index ed8c4c4..4e96a50 100644
--- a/src/lxc/utils.c
-+++ b/src/lxc/utils.c
-@@ -1575,7 +1575,7 @@ static int open_without_symlink(const char *target, const char *prefix_skip)
-        fulllen = strlen(target);
- 
-        /* make sure prefix-skip makes sense */
-       if (prefix_skip) {
-+       if (prefix_skip && strlen(prefix_skip) > 0) {
-                curlen = strlen(prefix_skip);
-                if (!is_subdir(target, prefix_skip, curlen)) {
-                        ERROR("WHOA there - target '%s' didn't start with prefix '%s'",
-- 
-1.9.1
diff --git a/recipes-containers/lxc/files/open_without_symlink-Don-t-SYSERROR-on-something-els.patch b/recipes-containers/lxc/files/open_without_symlink-Don-t-SYSERROR-on-something-els.patch
deleted file mode 100644
index 098ead7e..00000000
--- a/recipes-containers/lxc/files/open_without_symlink-Don-t-SYSERROR-on-something-els.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 88e078ba865b675f9a0dc61caa0732d7052593f8 Mon Sep 17 00:00:00 2001
-From: Christian Brauner <christian.brauner@mailbox.org>
-Date: Wed, 23 Mar 2016 16:37:09 +0100
-Subject: [PATCH] open_without_symlink: Don't SYSERROR on something else than
- ELOOP
-The open_without_symlink routine has been specifically created to prevent
-mounts with synlinks as source or destination. Keep SYSERROR'ing in that
-particular scenario, but leave error handling to calling functions for the
-other ones - e.g. optional bind mount when the source dir doesn't exist
-throws a nasty error.
-Upstream-status: Accepted
-[https://github.com/lxc/lxc/commit/88e078ba865b675f9a0dc61caa0732d7052593f8]
-Signed-off-by: Bogdan Purcareata <bogdan.purcareata@nxp.com>
---
- src/lxc/utils.c | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-diff --git a/src/lxc/utils.c b/src/lxc/utils.c
-index 6bee698..8e7ebbc 100644
--- a/src/lxc/utils.c
-+++ b/src/lxc/utils.c
-@@ -1621,8 +1621,6 @@ static int open_without_symlink(const char *target, const char *prefix_skip)
-                        errno = saved_errno;
-                        if (errno == ELOOP)
-                                SYSERROR("%s in %s was a symbolic link!", nextpath, target);
-                       else
-                               SYSERROR("Error examining %s in %s", nextpath, target);
-                        goto out;
-                }
-        }
-@@ -1667,8 +1665,11 @@ int safe_mount(const char *src, const char *dest, const char *fstype,
- 
-        destfd = open_without_symlink(dest, rootfs);
-        if (destfd < 0) {
-               if (srcfd != -1)
-+               if (srcfd != -1) {
-+                       saved_errno = errno;
-                        close(srcfd);
-+                       errno = saved_errno;
-+               }
-                return destfd;
-        }
- 
-- 
-1.9.1
diff --git a/recipes-containers/lxc/lxc_1.1.5.bb b/recipes-containers/lxc/lxc_2.0.0.bb
index 1864ef83..34aab38a 100644
--- a/recipes-containers/lxc/lxc_1.1.5.bb
+++ b/recipes-containers/lxc/lxc_2.0.0.bb
@@ -26,25 +26,13 @@ SRC_URI = "http://linuxcontainers.org/downloads/${BPN}-${PV}.tar.gz \
        file://runtest.patch \
        file://run-ptest \
        file://automake-ensure-VPATH-builds-correctly.patch \
-        file://add-lxc.rebootsignal.patch \
-        file://document-lxc.rebootsignal.patch \
-        file://lxc-busybox-use-lxc.rebootsignal-SIGTERM.patch \
        file://lxc-fix-B-S.patch \
-        file://lxc-busybox-add-OpenSSH-support.patch \
-        file://make-some-OpenSSH-tools-optional.patch \
        file://lxc-doc-upgrade-to-use-docbook-3.1-DTD.patch \
        file://logs-optionally-use-base-filenames-to-report-src-fil.patch \
-        file://open_without_symlink-Account-when-prefix-is-empty-st.patch \
-        file://lxc_setup_fs-Create-dev-shm-folder-if-it-doesn-t-exi.patch \
-        file://mount_proc_if_needed-only-safe-mount-when-rootfs-is-.patch \
-        file://open_without_symlink-Don-t-SYSERROR-on-something-els.patch \
-        file://lxc-busybox-Touch-etc-fstab-in-the-container-rootfs.patch \
-        file://lxc-busybox-Remove-warning-for-dynamically-linked-Bu.patch \
-        file://lxc-let-lxc-start-support-wlan-phys.patch \
        "
-SRC_URI[md5sum] = "dd9684dde0a58ed13f4f49c855b79a1a"
+SRC_URI[md5sum] = "04a7245a614cd3296b0ae9ceeeb83fbb"
-SRC_URI[sha256sum] = "9588ad1b04e114ee7370f690c65131e28098b28d2521d97c73557d11897ed0be"
+SRC_URI[sha256sum] = "5b737e114d8ef1feb193fba936d77a5697a7c8a10199a068cdd90d1bd27c10e4"
 S = "${WORKDIR}/${BPN}-${PV}"