3 files changed, 2 insertions, 128 deletions
diff --git a/recipes-containers/lxc/files/busybox_template_mount_fstab_when_available.patch b/recipes-containers/lxc/files/busybox_template_mount_fstab_when_available.patch
deleted file mode 100644
index 74b4fdfa..00000000
--- a/recipes-containers/lxc/files/busybox_template_mount_fstab_when_available.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 12c3b43fbeacd9cc471adf565ecea3263e37e353 Mon Sep 17 00:00:00 2001
-From: Bogdan Purcareata <bogdan.purcareata@freescale.com>
-Date: Mon, 20 Oct 2014 15:56:54 -0400
-Subject: [PATCH] busybox template: mount fstab when available
-When running unprivileged, lxc-create will touch a fstab file, with bind-mounts
-for the ttys and other devices. Add this entry in the container config.
-Upstream-Status: Accepted
-[https://github.com/lxc/lxc/commit/12c3b43fbeacd9cc471adf565ecea3263e37e353]
-Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
-Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
---
- templates/lxc-busybox.in | 4 ++++
- 1 file changed, 4 insertions(+)
-diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in
-index ca2dd43..ee54a7a 100644
--- a/templates/lxc-busybox.in
-+++ b/templates/lxc-busybox.in
-@@ -301,6 +301,10 @@ EOF
-     done
-     echo "lxc.mount.entry = /sys/kernel/security sys/kernel/security none ro,bind,optional 0 0" >>$path/config
-     echo "lxc.mount.auto = proc:mixed sys" >>$path/config
-+
-+    if [ -f "$path/fstab" ]; then
-+        echo "lxc.mount = $path/fstab" >>$path/config
-+    fi
- }
- 
- remap_userns()
diff --git a/recipes-containers/lxc/files/busybox_template_support_for_unprivileged_containers.patch b/recipes-containers/lxc/files/busybox_template_support_for_unprivileged_containers.patch
deleted file mode 100644
index 4e9ab74f..00000000
--- a/recipes-containers/lxc/files/busybox_template_support_for_unprivileged_containers.patch
+++ /dev/null
@@ -1,92 +0,0 @@
-From a542dd3c1aca8b6674f631d625d888eb13ae3a4d Mon Sep 17 00:00:00 2001
-From: Bogdan Purcareata <bogdan.purcareata@freescale.com>
-Date: Mon, 20 Oct 2014 15:56:53 -0400
-Subject: [PATCH] busybox template: support for unprivileged containers
-Apply the changes found in templates/lxc-download to the busybox template as
-well. Change ownership of the config and fstab files to the unprivileged user,
-and the ownership of the rootfs to root in the new user namespace.
-Eliminate the "unsupported for userns" flag.
-Upstream-Status: Accepted
-[https://github.com/lxc/lxc/commit/a542dd3c1aca8b6674f631d625d888eb13ae3a4d]
-Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
-Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
---
- templates/lxc-busybox.in | 36 ++++++++++++++++++++++++++----------
- 1 file changed, 26 insertions(+), 10 deletions(-)
-diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in
-index 246e743..ca2dd43 100644
--- a/templates/lxc-busybox.in
-+++ b/templates/lxc-busybox.in
-@@ -20,15 +20,8 @@
- # License along with this library; if not, write to the Free Software
- # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- 
-# Detect use under userns (unsupported)
-for arg in "$@"; do
-    [ "$arg" = "--" ] && break
-    if [ "$arg" = "--mapped-uid" -o "$arg" = "--mapped-gid" ]; then
-        echo "This template can't be used for unprivileged containers." 1>&2
-        echo "You may want to try the \"download\" template instead." 1>&2
-        exit 1
-    fi
-done
-+LXC_MAPPED_UID=
-+LXC_MAPPED_GID=
- 
- # Make sure the usual locations are in PATH
- export PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin
-@@ -310,6 +303,21 @@ EOF
-     echo "lxc.mount.auto = proc:mixed sys" >>$path/config
- }
- 
-+remap_userns()
-+{
-+    path=$1
-+
-+    if [ -n "$LXC_MAPPED_UID" ] && [ "$LXC_MAPPED_UID" != "-1" ]; then
-+        chown $LXC_MAPPED_UID $path/config $path/fstab >/dev/null 2>&1
-+        chown -R root $path/rootfs >/dev/null 2>&1
-+    fi
-+
-+    if [ -n "$LXC_MAPPED_GID" ] && [ "$LXC_MAPPED_GID" != "-1" ]; then
-+        chgrp $LXC_MAPPED_GID $path/config $path/fstab >/dev/null 2>&1
-+        chgrp -R root $path/rootfs >/dev/null 2>&1
-+    fi
-+}
-+
- usage()
- {
-     cat <<EOF
-@@ -318,7 +326,7 @@ EOF
-     return 0
- }
- 
-options=$(getopt -o hp:n: -l help,rootfs:,path:,name: -- "$@")
-+options=$(getopt -o hp:n: -l help,rootfs:,path:,name:,mapped-uid:,mapped-gid: -- "$@")
- if [ $? -ne 0 ]; then
-     usage $(basename $0)
-     exit 1
-@@ -332,6 +340,8 @@ do
-         -p|--path)      path=$2; shift 2;;
-         --rootfs)       rootfs=$2; shift 2;;
-         -n|--name)      name=$2; shift 2;;
-+        --mapped-uid)   LXC_MAPPED_UID=$2; shift 2;;
-+        --mapped-gid)   LXC_MAPPED_GID=$2; shift 2;;
-         --)             shift 1; break ;;
-         *)              break ;;
-     esac
-@@ -374,3 +384,9 @@ if [ $? -ne 0 ]; then
-     echo "failed to write configuration file"
-     exit 1
- fi
-+
-+remap_userns $path
-+if [ $? -ne 0 ]; then
-+    echo "failed to remap files to user"
-+    exit 1
-+fi
diff --git a/recipes-containers/lxc/lxc_1.0.6.bb b/recipes-containers/lxc/lxc_1.0.7.bb
index e6ec68db..952c9262 100644
--- a/recipes-containers/lxc/lxc_1.0.6.bb
+++ b/recipes-containers/lxc/lxc_1.0.7.bb
@@ -26,12 +26,10 @@ SRC_URI = "http://linuxcontainers.org/downloads/${BPN}-${PV}.tar.gz \
        file://runtest.patch \
        file://run-ptest \
        file://automake-ensure-VPATH-builds-correctly.patch \
-        file://busybox_template_mount_fstab_when_available.patch \
-        file://busybox_template_support_for_unprivileged_containers.patch \
        "
-SRC_URI[md5sum] = "4aad3aee84b42faa194e44091d723a3b"
+SRC_URI[md5sum] = "b48f468a9bef0e4e140dd723f0a65ad0"
-SRC_URI[sha256sum] = "fc6bffa750f00daaa92aa33d719c1cc235146aa779ebd2a64a0c24423977cf14"
+SRC_URI[sha256sum] = "3c0cb2d95d9d8a8d59c7189d237a45cde77f38ea180fbff2c148d59e176e9dab"
 S = "${WORKDIR}/${BPN}-${PV}"

diff --git a/recipes-containers/lxc/files/busybox_template_mount_fstab_when_available.patch b/recipes-containers/lxc/files/busybox_template_mount_fstab_when_available.patch deleted file mode 100644 index 74b4fdfa..00000000 --- a/recipes-containers/lxc/files/busybox_template_mount_fstab_when_available.patch +++ /dev/null
@@ -1,32 +0,0 @@
1	From 12c3b43fbeacd9cc471adf565ecea3263e37e353 Mon Sep 17 00:00:00 2001
2	From: Bogdan Purcareata <bogdan.purcareata@freescale.com>
3	Date: Mon, 20 Oct 2014 15:56:54 -0400
4	Subject: [PATCH] busybox template: mount fstab when available
5
6	When running unprivileged, lxc-create will touch a fstab file, with bind-mounts
7	for the ttys and other devices. Add this entry in the container config.
8
9	Upstream-Status: Accepted
10	[https://github.com/lxc/lxc/commit/12c3b43fbeacd9cc471adf565ecea3263e37e353]
11
12	Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
13	Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
14	---
15	templates/lxc-busybox.in \| 4 ++++
16	1 file changed, 4 insertions(+)
17
18	diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in
19	index ca2dd43..ee54a7a 100644
20	--- a/templates/lxc-busybox.in
21	+++ b/templates/lxc-busybox.in
22	@@ -301,6 +301,10 @@ EOF
23	done
24	echo "lxc.mount.entry = /sys/kernel/security sys/kernel/security none ro,bind,optional 0 0" >>$path/config
25	echo "lxc.mount.auto = proc:mixed sys" >>$path/config
26	+
27	+ if [ -f "$path/fstab" ]; then
28	+ echo "lxc.mount = $path/fstab" >>$path/config
29	+ fi
30	}
31
32	remap_userns()


diff --git a/recipes-containers/lxc/files/busybox_template_support_for_unprivileged_containers.patch b/recipes-containers/lxc/files/busybox_template_support_for_unprivileged_containers.patch deleted file mode 100644 index 4e9ab74f..00000000 --- a/recipes-containers/lxc/files/busybox_template_support_for_unprivileged_containers.patch +++ /dev/null
@@ -1,92 +0,0 @@
1	From a542dd3c1aca8b6674f631d625d888eb13ae3a4d Mon Sep 17 00:00:00 2001
2	From: Bogdan Purcareata <bogdan.purcareata@freescale.com>
3	Date: Mon, 20 Oct 2014 15:56:53 -0400
4	Subject: [PATCH] busybox template: support for unprivileged containers
5
6	Apply the changes found in templates/lxc-download to the busybox template as
7	well. Change ownership of the config and fstab files to the unprivileged user,
8	and the ownership of the rootfs to root in the new user namespace.
9
10	Eliminate the "unsupported for userns" flag.
11
12	Upstream-Status: Accepted
13	[https://github.com/lxc/lxc/commit/a542dd3c1aca8b6674f631d625d888eb13ae3a4d]
14
15	Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
16	Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
17	---
18	templates/lxc-busybox.in \| 36 ++++++++++++++++++++++++++----------
19	1 file changed, 26 insertions(+), 10 deletions(-)
20
21	diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in
22	index 246e743..ca2dd43 100644
23	--- a/templates/lxc-busybox.in
24	+++ b/templates/lxc-busybox.in
25	@@ -20,15 +20,8 @@
26	# License along with this library; if not, write to the Free Software
27	# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
28
29	-# Detect use under userns (unsupported)
30	-for arg in "$@"; do
31	- [ "$arg" = "--" ] && break
32	- if [ "$arg" = "--mapped-uid" -o "$arg" = "--mapped-gid" ]; then
33	- echo "This template can't be used for unprivileged containers." 1>&2
34	- echo "You may want to try the \"download\" template instead." 1>&2
35	- exit 1
36	- fi
37	-done
38	+LXC_MAPPED_UID=
39	+LXC_MAPPED_GID=
40
41	# Make sure the usual locations are in PATH
42	export PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin
43	@@ -310,6 +303,21 @@ EOF
44	echo "lxc.mount.auto = proc:mixed sys" >>$path/config
45	}
46
47	+remap_userns()
48	+{
49	+ path=$1
50	+
51	+ if [ -n "$LXC_MAPPED_UID" ] && [ "$LXC_MAPPED_UID" != "-1" ]; then
52	+ chown $LXC_MAPPED_UID $path/config $path/fstab >/dev/null 2>&1
53	+ chown -R root $path/rootfs >/dev/null 2>&1
54	+ fi
55	+
56	+ if [ -n "$LXC_MAPPED_GID" ] && [ "$LXC_MAPPED_GID" != "-1" ]; then
57	+ chgrp $LXC_MAPPED_GID $path/config $path/fstab >/dev/null 2>&1
58	+ chgrp -R root $path/rootfs >/dev/null 2>&1
59	+ fi
60	+}
61	+
62	usage()
63	{
64	cat <<EOF
65	@@ -318,7 +326,7 @@ EOF
66	return 0
67	}
68
69	-options=$(getopt -o hp:n: -l help,rootfs:,path:,name: -- "$@")
70	+options=$(getopt -o hp:n: -l help,rootfs:,path:,name:,mapped-uid:,mapped-gid: -- "$@")
71	if [ $? -ne 0 ]; then
72	usage $(basename $0)
73	exit 1
74	@@ -332,6 +340,8 @@ do
75	-p\|--path) path=$2; shift 2;;
76	--rootfs) rootfs=$2; shift 2;;
77	-n\|--name) name=$2; shift 2;;
78	+ --mapped-uid) LXC_MAPPED_UID=$2; shift 2;;
79	+ --mapped-gid) LXC_MAPPED_GID=$2; shift 2;;
80	--) shift 1; break ;;
81	*) break ;;
82	esac
83	@@ -374,3 +384,9 @@ if [ $? -ne 0 ]; then
84	echo "failed to write configuration file"
85	exit 1
86	fi
87	+
88	+remap_userns $path
89	+if [ $? -ne 0 ]; then
90	+ echo "failed to remap files to user"
91	+ exit 1
92	+fi


diff --git a/recipes-containers/lxc/lxc_1.0.6.bb b/recipes-containers/lxc/lxc_1.0.7.bb index e6ec68db..952c9262 100644 --- a/recipes-containers/lxc/lxc_1.0.6.bb +++ b/recipes-containers/lxc/lxc_1.0.7.bb
@@ -26,12 +26,10 @@ SRC_URI = "http://linuxcontainers.org/downloads/${BPN}-${PV}.tar.gz \
26	file://runtest.patch \	26	file://runtest.patch \
27	file://run-ptest \	27	file://run-ptest \
28	file://automake-ensure-VPATH-builds-correctly.patch \	28	file://automake-ensure-VPATH-builds-correctly.patch \
29	file://busybox_template_mount_fstab_when_available.patch \
30	file://busybox_template_support_for_unprivileged_containers.patch \
31	"	29	"
32		30
33	SRC_URI[md5sum] = "4aad3aee84b42faa194e44091d723a3b"	31	SRC_URI[md5sum] = "b48f468a9bef0e4e140dd723f0a65ad0"
34	SRC_URI[sha256sum] = "fc6bffa750f00daaa92aa33d719c1cc235146aa779ebd2a64a0c24423977cf14"	32	SRC_URI[sha256sum] = "3c0cb2d95d9d8a8d59c7189d237a45cde77f38ea180fbff2c148d59e176e9dab"
35		33
36	S = "${WORKDIR}/${BPN}-${PV}"	34	S = "${WORKDIR}/${BPN}-${PV}"
37		35