| 1 |
commit: 190499d396a2eac96f71a02e4b9e65d1d169d0e7 |
| 2 |
Author: Joonas Niilola <juippis <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Fri Oct 29 07:11:32 2021 +0000 |
| 4 |
Commit: Joonas Niilola <juippis <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Fri Oct 29 07:14:27 2021 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=190499d3 |
| 7 |
|
| 8 |
app-emulation/lxc: add io-uring patches for 4.0.11 |
| 9 |
|
| 10 |
Bug: https://bugs.gentoo.org/820545 |
| 11 |
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org> |
| 12 |
|
| 13 |
.../lxc/files/lxc-4.0.11_p1-liburing-sync1.patch | 29 ++++ |
| 14 |
.../lxc/files/lxc-4.0.11_p1-liburing-sync2.patch | 28 +++ |
| 15 |
app-emulation/lxc/lxc-4.0.11_p1.ebuild | 188 +++++++++++++++++++++ |
| 16 |
3 files changed, 245 insertions(+) |
| 17 |
|
| 18 |
diff --git a/app-emulation/lxc/files/lxc-4.0.11_p1-liburing-sync1.patch b/app-emulation/lxc/files/lxc-4.0.11_p1-liburing-sync1.patch |
| 19 |
new file mode 100644 |
| 20 |
index 00000000000..cd497a75552 |
| 21 |
--- /dev/null |
| 22 |
+++ b/app-emulation/lxc/files/lxc-4.0.11_p1-liburing-sync1.patch |
| 23 |
@@ -0,0 +1,29 @@ |
| 24 |
+From aac3f106ff012e1d6835b20c250dcf09c364530c Mon Sep 17 00:00:00 2001 |
| 25 |
+From: Christian Brauner <christian.brauner@××××××.com> |
| 26 |
+Date: Thu, 28 Oct 2021 17:39:11 +0200 |
| 27 |
+Subject: [PATCH] mainloop: make sure that descr->ring is allocated |
| 28 |
+ |
| 29 |
+This is future proofing more than anything else. |
| 30 |
+ |
| 31 |
+Signed-off-by: Christian Brauner <christian.brauner@××××××.com> |
| 32 |
+--- |
| 33 |
+ src/lxc/mainloop.c | 6 ++++-- |
| 34 |
+ 1 file changed, 4 insertions(+), 2 deletions(-) |
| 35 |
+ |
| 36 |
+diff --git a/src/lxc/mainloop.c b/src/lxc/mainloop.c |
| 37 |
+index 7c8f5d86af..17a4d55293 100644 |
| 38 |
+--- a/src/lxc/mainloop.c |
| 39 |
++++ b/src/lxc/mainloop.c |
| 40 |
+@@ -515,8 +515,10 @@ void lxc_mainloop_close(struct lxc_async_descr *descr) |
| 41 |
+ |
| 42 |
+ if (descr->type == LXC_MAINLOOP_IO_URING) { |
| 43 |
+ #if HAVE_LIBURING |
| 44 |
+- io_uring_queue_exit(descr->ring); |
| 45 |
+- munmap(descr->ring, sizeof(struct io_uring)); |
| 46 |
++ if (descr->ring) { |
| 47 |
++ io_uring_queue_exit(descr->ring); |
| 48 |
++ munmap(descr->ring, sizeof(struct io_uring)); |
| 49 |
++ } |
| 50 |
+ #else |
| 51 |
+ ERROR("Unsupported io_uring mainloop"); |
| 52 |
+ #endif |
| 53 |
|
| 54 |
diff --git a/app-emulation/lxc/files/lxc-4.0.11_p1-liburing-sync2.patch b/app-emulation/lxc/files/lxc-4.0.11_p1-liburing-sync2.patch |
| 55 |
new file mode 100644 |
| 56 |
index 00000000000..33b8554193d |
| 57 |
--- /dev/null |
| 58 |
+++ b/app-emulation/lxc/files/lxc-4.0.11_p1-liburing-sync2.patch |
| 59 |
@@ -0,0 +1,28 @@ |
| 60 |
+From a585382b972c25ee8489147d94918d001ef439a7 Mon Sep 17 00:00:00 2001 |
| 61 |
+From: Christian Brauner <christian.brauner@××××××.com> |
| 62 |
+Date: Thu, 28 Oct 2021 17:39:42 +0200 |
| 63 |
+Subject: [PATCH] start: check event loop type before closing fd |
| 64 |
+ |
| 65 |
+Since this is a union we might otherwise stomp on io_uring mmap()ed |
| 66 |
+memory. |
| 67 |
+ |
| 68 |
+Fixes: #4016 |
| 69 |
+Signed-off-by: Christian Brauner <christian.brauner@××××××.com> |
| 70 |
+--- |
| 71 |
+ src/lxc/start.c | 3 ++- |
| 72 |
+ 1 file changed, 2 insertions(+), 1 deletion(-) |
| 73 |
+ |
| 74 |
+diff --git a/src/lxc/start.c b/src/lxc/start.c |
| 75 |
+index 8f7173ec8c..1a6046c7a4 100644 |
| 76 |
+--- a/src/lxc/start.c |
| 77 |
++++ b/src/lxc/start.c |
| 78 |
+@@ -629,7 +629,8 @@ int lxc_poll(const char *name, struct lxc_handler *handler) |
| 79 |
+ TRACE("Mainloop is ready"); |
| 80 |
+ |
| 81 |
+ ret = lxc_mainloop(&descr, -1); |
| 82 |
+- close_prot_errno_disarm(descr.epfd); |
| 83 |
++ if (descr.type == LXC_MAINLOOP_EPOLL) |
| 84 |
++ close_prot_errno_disarm(descr.epfd); |
| 85 |
+ if (ret < 0 || !handler->init_died) |
| 86 |
+ goto out_mainloop_console; |
| 87 |
+ |
| 88 |
|
| 89 |
diff --git a/app-emulation/lxc/lxc-4.0.11_p1.ebuild b/app-emulation/lxc/lxc-4.0.11_p1.ebuild |
| 90 |
new file mode 100644 |
| 91 |
index 00000000000..e7de06da0ae |
| 92 |
--- /dev/null |
| 93 |
+++ b/app-emulation/lxc/lxc-4.0.11_p1.ebuild |
| 94 |
@@ -0,0 +1,188 @@ |
| 95 |
+# Copyright 1999-2021 Gentoo Authors |
| 96 |
+# Distributed under the terms of the GNU General Public License v2 |
| 97 |
+ |
| 98 |
+EAPI=7 |
| 99 |
+ |
| 100 |
+inherit autotools bash-completion-r1 linux-info flag-o-matic optfeature pam readme.gentoo-r1 systemd verify-sig |
| 101 |
+ |
| 102 |
+DESCRIPTION="A userspace interface for the Linux kernel containment features" |
| 103 |
+HOMEPAGE="https://linuxcontainers.org/ https://github.com/lxc/lxc" |
| 104 |
+SRC_URI="https://linuxcontainers.org/downloads/lxc/${P/_p1}.tar.gz |
| 105 |
+ verify-sig? ( https://linuxcontainers.org/downloads/lxc/${P/_p1}.tar.gz.asc )" |
| 106 |
+ |
| 107 |
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86" |
| 108 |
+ |
| 109 |
+LICENSE="GPL-2 LGPL-2.1 LGPL-3" |
| 110 |
+SLOT="0" |
| 111 |
+IUSE="apparmor +caps doc io-uring man pam seccomp selinux +ssl +tools verify-sig" |
| 112 |
+ |
| 113 |
+RDEPEND="acct-group/lxc |
| 114 |
+ acct-user/lxc |
| 115 |
+ app-misc/pax-utils |
| 116 |
+ sys-apps/util-linux |
| 117 |
+ sys-libs/libcap |
| 118 |
+ virtual/awk |
| 119 |
+ caps? ( sys-libs/libcap ) |
| 120 |
+ io-uring? ( sys-libs/liburing:= ) |
| 121 |
+ pam? ( sys-libs/pam ) |
| 122 |
+ seccomp? ( sys-libs/libseccomp ) |
| 123 |
+ selinux? ( sys-libs/libselinux ) |
| 124 |
+ ssl? ( |
| 125 |
+ dev-libs/openssl:0= |
| 126 |
+ )" |
| 127 |
+DEPEND="${RDEPEND} |
| 128 |
+ >=sys-kernel/linux-headers-4 |
| 129 |
+ apparmor? ( sys-apps/apparmor )" |
| 130 |
+BDEPEND="virtual/pkgconfig |
| 131 |
+ doc? ( app-doc/doxygen[dot] ) |
| 132 |
+ man? ( app-text/docbook-sgml-utils ) |
| 133 |
+ verify-sig? ( app-crypt/openpgp-keys-linuxcontainers )" |
| 134 |
+ |
| 135 |
+CONFIG_CHECK="~!NETPRIO_CGROUP |
| 136 |
+ ~CGROUPS |
| 137 |
+ ~CGROUP_CPUACCT |
| 138 |
+ ~CGROUP_DEVICE |
| 139 |
+ ~CGROUP_FREEZER |
| 140 |
+ |
| 141 |
+ ~CGROUP_SCHED |
| 142 |
+ ~CPUSETS |
| 143 |
+ ~IPC_NS |
| 144 |
+ ~MACVLAN |
| 145 |
+ |
| 146 |
+ ~MEMCG |
| 147 |
+ ~NAMESPACES |
| 148 |
+ ~NET_NS |
| 149 |
+ ~PID_NS |
| 150 |
+ |
| 151 |
+ ~POSIX_MQUEUE |
| 152 |
+ ~USER_NS |
| 153 |
+ ~UTS_NS |
| 154 |
+ ~VETH" |
| 155 |
+ |
| 156 |
+ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER: needed to freeze containers" |
| 157 |
+ERROR_MACVLAN="CONFIG_MACVLAN: needed for internal (inter-container) networking" |
| 158 |
+ERROR_MEMCG="CONFIG_MEMCG: needed for memory resource control in containers" |
| 159 |
+ERROR_NET_NS="CONFIG_NET_NS: needed for unshared network" |
| 160 |
+ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE: needed for lxc-execute command" |
| 161 |
+ERROR_UTS_NS="CONFIG_UTS_NS: needed to unshare hostnames and uname info" |
| 162 |
+ERROR_VETH="CONFIG_VETH: needed for internal (host-to-container) networking" |
| 163 |
+ |
| 164 |
+DOCS=( AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt ) |
| 165 |
+ |
| 166 |
+pkg_setup() { |
| 167 |
+ linux-info_pkg_setup |
| 168 |
+} |
| 169 |
+ |
| 170 |
+PATCHES=( |
| 171 |
+ "${FILESDIR}"/${PN}-2.0.5-omit-sysconfig.patch # bug 558854 |
| 172 |
+ "${FILESDIR}"/${P}-liburing-sync1.patch #820545 |
| 173 |
+ "${FILESDIR}"/${P}-liburing-sync2.patch #820545 |
| 174 |
+) |
| 175 |
+ |
| 176 |
+VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/linuxcontainers.asc |
| 177 |
+ |
| 178 |
+S="${WORKDIR}/${PN}-${PV/_p1}" |
| 179 |
+ |
| 180 |
+src_prepare() { |
| 181 |
+ default |
| 182 |
+ |
| 183 |
+ export bashcompdir="/etc/bash_completion.d" |
| 184 |
+ eautoreconf |
| 185 |
+} |
| 186 |
+ |
| 187 |
+src_configure() { |
| 188 |
+ append-flags -fno-strict-aliasing |
| 189 |
+ |
| 190 |
+ local myeconfargs=( |
| 191 |
+ --bindir=/usr/bin |
| 192 |
+ --localstatedir=/var |
| 193 |
+ --sbindir=/usr/bin |
| 194 |
+ |
| 195 |
+ --with-config-path=/var/lib/lxc |
| 196 |
+ --with-distro=gentoo |
| 197 |
+ --with-init-script=systemd |
| 198 |
+ --with-rootfs-path=/var/lib/lxc/rootfs |
| 199 |
+ --with-runtime-path=/run |
| 200 |
+ --with-systemdsystemunitdir=$(systemd_get_systemunitdir) |
| 201 |
+ |
| 202 |
+ --disable-coverity-build |
| 203 |
+ --disable-dlog |
| 204 |
+ --disable-fuzzers |
| 205 |
+ --disable-mutex-debugging |
| 206 |
+ --disable-no-undefined |
| 207 |
+ --disable-rpath |
| 208 |
+ --disable-sanitizers |
| 209 |
+ --disable-tests |
| 210 |
+ --disable-werror |
| 211 |
+ |
| 212 |
+ --enable-bash |
| 213 |
+ --enable-commands |
| 214 |
+ --enable-memfd-rexec |
| 215 |
+ --enable-thread-safety |
| 216 |
+ |
| 217 |
+ $(use_enable apparmor) |
| 218 |
+ $(use_enable caps capabilities) |
| 219 |
+ $(use_enable doc api-docs) |
| 220 |
+ $(use_enable doc examples) |
| 221 |
+ $(use_enable io-uring liburing) |
| 222 |
+ $(use_enable man doc) |
| 223 |
+ $(use_enable pam) |
| 224 |
+ $(use_enable seccomp) |
| 225 |
+ $(use_enable selinux) |
| 226 |
+ $(use_enable ssl openssl) |
| 227 |
+ $(use_enable tools) |
| 228 |
+ |
| 229 |
+ $(use_with pam pamdir $(getpam_mod_dir)) |
| 230 |
+ ) |
| 231 |
+ |
| 232 |
+ econf "${myeconfargs[@]}" |
| 233 |
+} |
| 234 |
+ |
| 235 |
+src_install() { |
| 236 |
+ default |
| 237 |
+ |
| 238 |
+ # The main bash-completion file will collide with lxd, need to relocate and update symlinks. |
| 239 |
+ mkdir -p "${ED}"/$(get_bashcompdir) || die "Failed to create bashcompdir." |
| 240 |
+ mv "${ED}"/etc/bash_completion.d/lxc "${ED}"/$(get_bashcompdir)/lxc-start || die "Failed to relocate lxc bash-completion file." |
| 241 |
+ rm -r "${ED}"/etc/bash_completion.d || die "Failed to remove wrong bash_completion.d content." |
| 242 |
+ |
| 243 |
+ if use tools; then |
| 244 |
+ bashcomp_alias lxc-start lxc-{attach,cgroup,copy,console,create,destroy,device,execute,freeze,info,monitor,snapshot,stop,unfreeze,usernsexec,wait} |
| 245 |
+ else |
| 246 |
+ bashcomp_alias lxc-start lxc-usernsexec |
| 247 |
+ fi |
| 248 |
+ |
| 249 |
+ keepdir /etc/lxc /var/lib/lxc/rootfs /var/log/lxc |
| 250 |
+ rmdir "${D}"/var/cache/lxc "${D}"/var/cache || die "rmdir failed" |
| 251 |
+ |
| 252 |
+ find "${D}" -name '*.la' -delete -o -name '*.a' -delete || die |
| 253 |
+ |
| 254 |
+ # Gentoo-specific additions! |
| 255 |
+ newinitd "${FILESDIR}/lxc.initd.8" lxc |
| 256 |
+ |
| 257 |
+ # Remember to compare our systemd unit file with the upstream one |
| 258 |
+ # config/init/systemd/lxc.service.in |
| 259 |
+ systemd_newunit "${FILESDIR}"/lxc_at.service.4.0.0 "lxc@.service" |
| 260 |
+ |
| 261 |
+ DOC_CONTENTS=" |
| 262 |
+ For openrc, there is an init script provided with the package. |
| 263 |
+ You should only need to symlink /etc/init.d/lxc to |
| 264 |
+ /etc/init.d/lxc.configname to start the container defined in |
| 265 |
+ /etc/lxc/configname.conf. |
| 266 |
+ |
| 267 |
+ Correspondingly, for systemd a service file lxc@.service is installed. |
| 268 |
+ Enable and start lxc@configname in order to start the container defined |
| 269 |
+ in /etc/lxc/configname.conf." |
| 270 |
+ DISABLE_AUTOFORMATTING=true |
| 271 |
+ readme.gentoo_create_doc |
| 272 |
+} |
| 273 |
+ |
| 274 |
+pkg_postinst() { |
| 275 |
+ readme.gentoo_print_elog |
| 276 |
+ |
| 277 |
+ elog "Please run 'lxc-checkconfig' to see optional kernel features." |
| 278 |
+ elog |
| 279 |
+ optfeature "automatic template scripts" app-emulation/lxc-templates |
| 280 |
+ optfeature "Debian-based distribution container image support" dev-util/debootstrap |
| 281 |
+ optfeature "snapshot & restore functionality" sys-process/criu |
| 282 |
+} |
Archives