| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The poky/oe-core commit [glibc: Upgrade to 2.25 snapshot] brought with
it a change that has apparently been in the works for a while, to move
major() and minor() definitions from <sys/types.h> to
<sys/sysmacros.h>. This version of glibc took the step of adding a
warning about this change which results in the build failure of lxc
since we build with -Werror:
| lxclvm.c:139:13: error: In the GNU C Library, "major" is defined
| by <sys/sysmacros.h>. For historical compatibility, it is
| currently defined by <sys/types.h> as well, but we plan to
| remove this soon. To use "major", include <sys/sysmacros.h>
| directly. If you did not intend to use a system-defined macro
| "major", you should undefine it after including <sys/types.h>. [-Werror]
| major(statbuf.st_rdev), minor(statbuf.st_rdev));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Instead of dropping -Werror we are opting instead to apply the
upstream fix for this since it is available and applies relatively
cleanly.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
lxc's postinst will run populate-volatile.sh scripts,
which is provided by initscripts package, thus it's better
to add this rdepends.
Signed-off-by: fli <fupan.li@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
Bitbake reports a [debug-files] QA Issue for the following path:
packages-split/lxc/usr/lib/lxc/lxc/hooks/.debug/unmount-namespace
Signed-off-by: Igor Socec <igor.socec@pelagicore.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
getent is needed by lxc-net of lxc, but current system misses it,
so add glibc-utils to lxc's rdepend, fix this issue.
Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
If the lxc is compiled with gcc 5.2 -O2 optimization on arm,
lxc-console/lxc-stop command always produce segment fault.
The same issue also occurred on systemd: [YOCTO #8291]
For lxc, after several testing, it only needs to disable
schedule-insns2 to fix the segment fault issue.
Signed-off-by: fli <fupan.li@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Recent patch did deprecate a standard POSIX function [1].
This is the build error:
| ../../../lxc-2.0.0/src/lxc/cgfs.c: In function 'cgroup_rmdir':
| ../../../lxc-2.0.0/src/lxc/cgfs.c:172:2: error: 'readdir_r' is deprecated [-Werror=deprecated-declarations]
| while (!readdir_r(dir, &dirent, &direntp)) {
| ^
| In file included from ../../../lxc-2.0.0/src/lxc/cgfs.c:30:0:
| /.../build/tmp-glibc/sysroots/qemux86-64/usr/include/dirent.h:183:12: note: declared here
| extern int readdir_r (DIR *__restrict __dirp,
| ^
[1] https://www.sourceware.org/ml/libc-alpha/2016-02/msg00093.html
Signed-off-by: Anders Roxell <anders.roxell@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
| |
The 'base_contains' is now deprecated and only kept as a compatibility method. It will be removed in future releases.
Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
2.0.0 is released, and contains many of the patches we've been carrying for
1.x.
With this updated, we drop upstream backports (and submitted patches), and
refresh on patch. Otherwise, everything is the same.
Sanity tested on x86-64.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Recently the configure with python enabled has become the default here.
However, if the host doesn't have python3, configure fails with:
checking for a Python interpreter with version >= 3.2... none
configure: error: You must install python3
We have a python3 in the sysroot, but we need to inherit it for it to
be available for lxc's configure step.
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Cherry picked patch from lxc upstream commit:
f2e206ff47<lxc: let lxc-start support wlan phys>
to enable lxc-start command support wlan0 device
and make cube-essential support paththrough wlan
device from host to lxc containers.
Signed-off-by: fli <fupan.li@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
This is the latest stable release and includes many important bug
fixes as well as CVE fixes such as CVE-2015-1335.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
Warnings fixes:
- optional mounts when dirs not available
- busybox dynamically linked
- fstab not available in container
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@nxp.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Prior to poky commit 3d45853eef1269b455d840a60491802251368378
[python3: fix do_configure check platform triplet error] lxc's
configure scripts would fail to find python3 and would therefor
configure with python3 support disabled.
After poky integrated the above commit lxc can, and does, detect
python3 and attempts to configure with python support. Unfortunately
it would detect the host's python3 which it would use to run setup.py
and therefor get the host's include path etc. and ultimately fail to
build.
To fix this we make 'python' support configurable via a PACKAGECONFIG
and we default to not configuring with this support, to match our
previous configuration. We also fix things such that 'python' support
can be enabled in the PACKAGECONFIG and the build will complete
successfully, using our python3 and not the host's.
We might want to eventually enable the python support but since this
not only enables python extensions but even goes as far as turning
scripts like lxc-ls into python scripts, instead of shell scripts,
keeping it disabled for now is the minimally invasive approach.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
These patches address some warnings that LXC throws when running
an application container. They are currently applied in the official
repository.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@nxp.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
V1.1.4 includes a fix for CVE-2015-1335:
lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container
administrators to escape AppArmor confinement via a symlink attack on a (1)
mount target or (2) bind mount source.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1335
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Problem: Logs are nice in that they report the source file,
routine, and line number where an issue occurs. But the
file is printed as the absolute filename. Users do not
need to see a long spew of path directory names where the package
just happened to have been built on some host somewhere. It
can be confusing to anyone other than the developer.
Solution: Introduce a configure option to chop off all leading
directories so that just the source filename ie. basename is printed.
[ Upstream status: Not needed. These absolute filenames are a
consequence of poky/bitbake feeding the absolute filenames to
the compiler. If you build lxc outside of poky/bitbake, just
the basenames are fed to the compiler. ]
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
Uprev to 1.1.3
Remove Generate-lxc-restore-net-properly.patch since related code
has been removed.
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The networking configuration that is part of the lxc-setup package is
not appropriate for all use cases, or init systems.
To avoid having this configuration be pulled in by default, we create
an empty -networking package that handles the configuration. Images
can enable this step by including lxc-networking in the install package
list.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
docbook2man fails to build the man pages in poky
due to missing the ancient Davenport 3.0 DTD.
Poky meta has the Oasis 3.1 version so upgrade
to use that instead.
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This version has better support for unprivileged
containers.
Two patches are deleted as they are now included.
One new patch is introduced to fix a file not found error at
the install build step.
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
Add handling for distros with both systemd and sysvinit by passing
multiple init systems to configure with --with-init-script=
Signed-off-by: Erik Botö <erik.boto@pelagicore.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
Add command line parameter to create Busybox containers
with OpenSSH support. As a prerequisite, OpenSSH needs
to be installed on the host system.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
If lxc is built not in the source dir, upstart files will fail to be
installed, because of Makefile error.
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin@mentor.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To generate a proper systemd.service file we should use lxc's builtin
configuration option for the initscript type. To support both sysvinit
and systemd, we trigger off the DISTRO var and enable the proper init
system accordingly.
When properly configured, lxc will create helper scripts and install
the service file, so we can delete the explicit copy of the service
file and let the default rules trigger and install what is needed.
The helper files installed by lxc require a lsb function that is not
commonly available in the 'functions' library: "action". To ensure that
the helper scripts operate, we create a local action() routine with
the expected semantics.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
| |
Update the LXC recipe with the upstream-applied version of the patch.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Add the necessary bits to enable seccomp support for LXC running on PPC
architectures. libseccomp added support for PPC [1], yet to be applied to
Yocto/meta-security.
[1] https://github.com/seccomp/libseccomp/tree/working-ppc64
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
| |
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Busybox powered containers rely on a different signal for reboot - SIGTERM,
rather than the default SIGINT.
Apply the upstream support adding the infrastructure for defining a custom
reboot signal for a container, and default this signal to SIGTERM for Busybox
containers. The original patches have been applied on the upstream master LXC
branch, and required a minor backport.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Now that we have a lxc-setup package, we can start to define networking
and other out of the box configuration details for those that opt to
install it.
These are by no means complete, and won't work for everyone, but they are
a start.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
lxc comes with sysvinit and systemd initscripts that autostart
containers and check for required services. So we should be installing
and enabling them.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
| |
lxc 1.0.7 is available, and integrates two patches that we were carrying
against 1.0.6 .. so we do the update, and drop the two busybox patches.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
Add PACKAGECONFIG for 'selinux', otherwise there would be warnings like
below:
WARN: lxc: lxc rdepends on libselinux, but it isn't a build dependency?
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
Integrate 2 upstream patches that enable creating unprivileged Busybox
containers.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
Rework patch 5b57bf462b41142deae0479c06f4da8e0b66bb7e [lxc: fixup VPATH builds]
since the new version of LXC refactored one of the files and it no longer
applies. Provide a fix for what's left.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
| |
Also remove patch file that no longer applies.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
| |
Signed-off-by: Josep Puigdemont <josep.puigdemont@enea.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Split a ${PN}-template pkg to put ${datadir}/lxc/templates/, and debash in
${datadir}/lxc/hooks/* since the checkbashisms shows there are no bashism, so
use /bin/sh.
checkbashisms is from devscripts package:
http://packages.ubuntu.com/trusty/devscripts
Bash scripts:
lxc/usr/share/lxc/hooks/mountcgroups:#!/bin/bash
lxc/usr/share/lxc/hooks/ubuntu-cloud-prep:#!/bin/bash
lxc/usr/share/lxc/templates/lxc-debian:1:#!/bin/bash
lxc/usr/share/lxc/templates/lxc-openmandriva:1:#!/bin/bash
lxc/usr/share/lxc/templates/lxc-archlinux:1:#!/bin/bash
lxc/usr/share/lxc/templates/lxc-centos:1:#!/bin/bash
lxc/usr/share/lxc/templates/lxc-plamo:1:#!/bin/bash -eu
lxc/usr/share/lxc/templates/lxc-ubuntu-cloud:1:#!/bin/bash
lxc/usr/share/lxc/templates/lxc-opensuse:1:#!/bin/bash
lxc/usr/share/lxc/templates/lxc-gentoo:1:#!/bin/bash
lxc/usr/share/lxc/templates/lxc-altlinux:1:#!/bin/bash
lxc/usr/share/lxc/templates/lxc-sshd:1:#!/bin/bash
lxc/usr/share/lxc/templates/lxc-ubuntu:1:#!/bin/bash
lxc/usr/share/lxc/templates/lxc-cirros:1:#!/bin/bash
lxc/usr/share/lxc/templates/lxc-busybox:1:#!/bin/bash
lxc/usr/share/lxc/templates/lxc-fedora:1:#!/bin/bash
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
Update lxc to latest available version: 1.0.5
Remove already upstreamed patches.
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Poky commit 69b6eaca3d9b635e8a61a0fdbd814b558e91901d [autotools:
Enable separate builddir by default] enforced separate build
directories, which is supported by automake. Unfortunately lxc had a
few make directives which didn't take into account VPATH builds so
fixing them up here to allow the lxc build to complete successfully.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
| |
Signed-off-by: Mihaela Sendrea <mihaela.sendrea@enea.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
| |
Install lxc test suite and run it as ptest.
Signed-off-by: Mihaela Sendrea <mihaela.sendrea@enea.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Adding a couple of upstream fixes for lxc:
- follow symlinks when determining if Busybox is statically linked
- don't fail for lxc.network.type = none
- don't fail if no default macvlan mode is specified
More details are available in the individual patches.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
| |
Signed-off-by: Josep Puigdemont <josep.puigdemont@enea.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
| |
As reported by Chris Larson, the recipe went in, but not the patch.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The reason is that the generic code which handles reading lxc.rootfs.mount
always frees the old value if not NULL. So without this setting
lxc.rootfs.mount = /mnt causes segfault.
This is a backport for lxc-0.9.0 (dora) of the same fix found in
upstream's master, see commits 54c30e29 and 53f3f048.
Signed-off-by: Josep Puigdemont <josep.puigdemont@enea.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
autoconf-1.14 will fail to configure lxc with the following warning (and
hence error):
| automake: warnings are treated as errors
| src/lxc/Makefile.am:79: warning: source file '../include/openpty.c' is in a subdirectory,
| src/lxc/Makefile.am:79: but option 'subdir-objects' is disabled
So we tell autoconf that subdir objects are fine .. and the issue is solved.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
lxc's configure script makes use of pkg-config so we need to inherit
pkgconfig or else we may see an error like
./configure: line 5315: syntax error near unexpected token `PYTHONDEV,'
./configure: line 5315: ` PKG_CHECK_MODULES(PYTHONDEV, python3 >= \
3.2,,AC_MSG_ERROR([You must install python3-dev]))'
during configure.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
Without enabling INCLUDE_SUSv2 in busybox, we need to use head's -n argument,
rather than -#.
Signed-off-by: Christopher Larson <kergoth@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
BPN should be used in place of PN otherwise the fetcher will attempt
to download a file with the multilib prefix,and fail, and S will not
be what is expected, causing patching and other failures.
Signed-off-by: Mark Asselstine <asselsm@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Patch to fix interface netns transition when
assigning a physical interface to a container.
Pushed to the upstream LXC repo, to be included
in future versions of LXC.
Further details in included patch description.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
