From 807506c777a45d805400ec6f47b45420e300c2e5 Mon Sep 17 00:00:00 2001 From: sana kazi Date: Thu, 16 Sep 2021 10:36:53 +0530 Subject: lxc: Fix -c command for lxc-attach Added fix_c_command.patch the -c command seems to be broken because the passed context is ignored and always overwritten by the context specified in the config file. Signed-off-by: Sana Kazi Signed-off-by: Sana Kazi Signed-off-by: Bruce Ashfield --- recipes-containers/lxc/files/fix_c_command.patch | 36 ++++++++++++++++++++++++ recipes-containers/lxc/lxc_git.bb | 1 + 2 files changed, 37 insertions(+) create mode 100644 recipes-containers/lxc/files/fix_c_command.patch diff --git a/recipes-containers/lxc/files/fix_c_command.patch b/recipes-containers/lxc/files/fix_c_command.patch new file mode 100644 index 00000000..1ed8dafd --- /dev/null +++ b/recipes-containers/lxc/files/fix_c_command.patch @@ -0,0 +1,36 @@ +From 9becf309a81806ef08acf9ca99ab95c1bcfa1f65 Mon Sep 17 00:00:00 2001 +From: Maximilian Blenk +Date: Mon, 23 Aug 2021 15:39:28 +0200 +Subject: [PATCH] attach: Fix -c command + +Currently, the -c command (to set the selinux context) seems to be +broken because the passed context is ignored and always overwritten by +the context specified in the config file. The intention behind the -c +imho was to be able to manually overwrite this behavior. This patch +ensures that the selinux context will be set if passed via the command +line. + +Signed-off-by: Maximilian Blenk +--- + src/lxc/tools/lxc_attach.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +Upstream-Status: Backport [https://github.com/lxc/lxc/commit/9becf309a81806ef08acf9ca99ab95c1bcfa1f65.patch] +Comment: No change in any hunk + +diff --git a/src/lxc/tools/lxc_attach.c b/src/lxc/tools/lxc_attach.c +index 0374d980b4..e6b388b20c 100644 +--- a/src/lxc/tools/lxc_attach.c ++++ b/src/lxc/tools/lxc_attach.c +@@ -379,7 +379,10 @@ int main(int argc, char *argv[]) + attach_options.gid = my_args.gid; + + // selinux_context will be NULL if not set +- attach_options.lsm_label = selinux_context; ++ if (selinux_context) { ++ attach_options.attach_flags |= LXC_ATTACH_LSM_LABEL; ++ attach_options.lsm_label = selinux_context; ++ } + + if (command.program) { + ret = c->attach_run_wait(c, &attach_options, command.program, diff --git a/recipes-containers/lxc/lxc_git.bb b/recipes-containers/lxc/lxc_git.bb index 32159281..f5b5128b 100644 --- a/recipes-containers/lxc/lxc_git.bb +++ b/recipes-containers/lxc/lxc_git.bb @@ -50,6 +50,7 @@ SRC_URI = "git://github.com/lxc/lxc.git;branch=stable-4.0 \ file://dnsmasq.conf \ file://lxc-net \ file://enable_seccomp_profile_when_compiled_libseccomp.patch \ + file://fix_c_command.patch \ " SRCREV = "cec7cb14b2a4367d4cb21a90e1b90d0f98a9d874" -- cgit v1.2.3-54-g00ecf