2 files changed, 37 insertions, 0 deletions
diff --git a/recipes-containers/lxc/files/fix_c_command.patch b/recipes-containers/lxc/files/fix_c_command.patch
new file mode 100644
index 00000000..1ed8dafd
--- /dev/null
+++ b/recipes-containers/lxc/files/fix_c_command.patch
@@ -0,0 +1,36 @@
+From 9becf309a81806ef08acf9ca99ab95c1bcfa1f65 Mon Sep 17 00:00:00 2001
+From: Maximilian Blenk <Maximilian.Blenk@bmw.de>
+Date: Mon, 23 Aug 2021 15:39:28 +0200
+Subject: [PATCH] attach: Fix -c command
+Currently, the -c command (to set the selinux context) seems to be
+broken because the passed context is ignored and always overwritten by
+the context specified in the config file. The intention behind the -c
+imho was to be able to manually overwrite this behavior. This patch
+ensures that the selinux context will be set if passed via the command
+line.
+Signed-off-by: Maximilian Blenk <Maximilian.Blenk@bmw.de>
+---
+ src/lxc/tools/lxc_attach.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+Upstream-Status: Backport [https://github.com/lxc/lxc/commit/9becf309a81806ef08acf9ca99ab95c1bcfa1f65.patch]
+Comment: No change in any hunk
+diff --git a/src/lxc/tools/lxc_attach.c b/src/lxc/tools/lxc_attach.c
+index 0374d980b4..e6b388b20c 100644
+--- a/src/lxc/tools/lxc_attach.c
+++ b/src/lxc/tools/lxc_attach.c
+@@ -379,7 +379,10 @@ int main(int argc, char *argv[])
+                attach_options.gid = my_args.gid;
+ 
+        // selinux_context will be NULL if not set
+-       attach_options.lsm_label = selinux_context;
+       if (selinux_context) {
+               attach_options.attach_flags |= LXC_ATTACH_LSM_LABEL;
+               attach_options.lsm_label = selinux_context;
+       }
+ 
+        if (command.program) {
+                ret = c->attach_run_wait(c, &attach_options, command.program,
diff --git a/recipes-containers/lxc/lxc_git.bb b/recipes-containers/lxc/lxc_git.bb
index 76e04933..f98cba05 100644
--- a/recipes-containers/lxc/lxc_git.bb
+++ b/recipes-containers/lxc/lxc_git.bb
@@ -50,6 +50,7 @@ SRC_URI = "git://github.com/lxc/lxc.git;branch=stable-4.0 \
        file://dnsmasq.conf \
        file://lxc-net \
        file://enable_seccomp_profile_when_compiled_libseccomp.patch \
+        file://fix_c_command.patch \
        "
 SRCREV = "cec7cb14b2a4367d4cb21a90e1b90d0f98a9d874"

diff --git a/recipes-containers/lxc/files/fix_c_command.patch b/recipes-containers/lxc/files/fix_c_command.patch new file mode 100644 index 00000000..1ed8dafd --- /dev/null +++ b/recipes-containers/lxc/files/fix_c_command.patch
@@ -0,0 +1,36 @@
		1	From 9becf309a81806ef08acf9ca99ab95c1bcfa1f65 Mon Sep 17 00:00:00 2001
		2	From: Maximilian Blenk <Maximilian.Blenk@bmw.de>
		3	Date: Mon, 23 Aug 2021 15:39:28 +0200
		4	Subject: [PATCH] attach: Fix -c command
		5
		6	Currently, the -c command (to set the selinux context) seems to be
		7	broken because the passed context is ignored and always overwritten by
		8	the context specified in the config file. The intention behind the -c
		9	imho was to be able to manually overwrite this behavior. This patch
		10	ensures that the selinux context will be set if passed via the command
		11	line.
		12
		13	Signed-off-by: Maximilian Blenk <Maximilian.Blenk@bmw.de>
		14	---
		15	src/lxc/tools/lxc_attach.c \| 5 ++++-
		16	1 file changed, 4 insertions(+), 1 deletion(-)
		17
		18	Upstream-Status: Backport [https://github.com/lxc/lxc/commit/9becf309a81806ef08acf9ca99ab95c1bcfa1f65.patch]
		19	Comment: No change in any hunk
		20
		21	diff --git a/src/lxc/tools/lxc_attach.c b/src/lxc/tools/lxc_attach.c
		22	index 0374d980b4..e6b388b20c 100644
		23	--- a/src/lxc/tools/lxc_attach.c
		24	+++ b/src/lxc/tools/lxc_attach.c
		25	@@ -379,7 +379,10 @@ int main(int argc, char *argv[])
		26	attach_options.gid = my_args.gid;
		27
		28	// selinux_context will be NULL if not set
		29	- attach_options.lsm_label = selinux_context;
		30	+ if (selinux_context) {
		31	+ attach_options.attach_flags \|= LXC_ATTACH_LSM_LABEL;
		32	+ attach_options.lsm_label = selinux_context;
		33	+ }
		34
		35	if (command.program) {
		36	ret = c->attach_run_wait(c, &attach_options, command.program,


diff --git a/recipes-containers/lxc/lxc_git.bb b/recipes-containers/lxc/lxc_git.bb index 76e04933..f98cba05 100644 --- a/recipes-containers/lxc/lxc_git.bb +++ b/recipes-containers/lxc/lxc_git.bb
@@ -50,6 +50,7 @@ SRC_URI = "git://github.com/lxc/lxc.git;branch=stable-4.0 \
50	file://dnsmasq.conf \	50	file://dnsmasq.conf \
51	file://lxc-net \	51	file://lxc-net \
52	file://enable_seccomp_profile_when_compiled_libseccomp.patch \	52	file://enable_seccomp_profile_when_compiled_libseccomp.patch \
		53	file://fix_c_command.patch \
53	"	54	"
54		55
55	SRCREV = "cec7cb14b2a4367d4cb21a90e1b90d0f98a9d874"	56	SRCREV = "cec7cb14b2a4367d4cb21a90e1b90d0f98a9d874"