gentoo resync : 22.12.2021

5 files changed, 208 insertions, 0 deletions

diff --git a/app-containers/lxc/files/lxc-2.0.5-omit-sysconfig.patch b/app-containers/lxc/files/lxc-2.0.5-omit-sysconfig.patch
new file mode 100644
index 000000000000..3ec81356499e
--- /dev/null
+++ b/app-containers/lxc/files/lxc-2.0.5-omit-sysconfig.patch
@@ -0,0 +1,5 @@
+--- /config/Makefile.am.orig	2016-05-19 02:56:11.891113982 +0000
++++ /config/Makefile.am	2016-05-19 02:56:32.596115476 +0000
+@@ -1 +1 @@
+-SUBDIRS = apparmor bash etc init selinux templates yum sysconfig
++SUBDIRS = apparmor bash etc init selinux templates yum
diff --git a/app-containers/lxc/files/lxc-4.0.11_p1-liburing-sync1.patch b/app-containers/lxc/files/lxc-4.0.11_p1-liburing-sync1.patch
new file mode 100644
index 000000000000..cd497a755523
--- /dev/null
+++ b/app-containers/lxc/files/lxc-4.0.11_p1-liburing-sync1.patch
@@ -0,0 +1,29 @@
+From aac3f106ff012e1d6835b20c250dcf09c364530c Mon Sep 17 00:00:00 2001
+From: Christian Brauner <christian.brauner@ubuntu.com>
+Date: Thu, 28 Oct 2021 17:39:11 +0200
+Subject: [PATCH] mainloop: make sure that descr->ring is allocated
+
+This is future proofing more than anything else.
+
+Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
+---
+ src/lxc/mainloop.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/lxc/mainloop.c b/src/lxc/mainloop.c
+index 7c8f5d86af..17a4d55293 100644
+--- a/src/lxc/mainloop.c
++++ b/src/lxc/mainloop.c
+@@ -515,8 +515,10 @@ void lxc_mainloop_close(struct lxc_async_descr *descr)
+ 
+ 	if (descr->type == LXC_MAINLOOP_IO_URING) {
+ #if HAVE_LIBURING
+-		io_uring_queue_exit(descr->ring);
+-		munmap(descr->ring, sizeof(struct io_uring));
++		if (descr->ring) {
++			io_uring_queue_exit(descr->ring);
++			munmap(descr->ring, sizeof(struct io_uring));
++		}
+ #else
+ 		ERROR("Unsupported io_uring mainloop");
+ #endif
diff --git a/app-containers/lxc/files/lxc-4.0.11_p1-liburing-sync2.patch b/app-containers/lxc/files/lxc-4.0.11_p1-liburing-sync2.patch
new file mode 100644
index 000000000000..33b8554193d3
--- /dev/null
+++ b/app-containers/lxc/files/lxc-4.0.11_p1-liburing-sync2.patch
@@ -0,0 +1,28 @@
+From a585382b972c25ee8489147d94918d001ef439a7 Mon Sep 17 00:00:00 2001
+From: Christian Brauner <christian.brauner@ubuntu.com>
+Date: Thu, 28 Oct 2021 17:39:42 +0200
+Subject: [PATCH] start: check event loop type before closing fd
+
+Since this is a union we might otherwise stomp on io_uring mmap()ed
+memory.
+
+Fixes: #4016
+Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
+---
+ src/lxc/start.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/lxc/start.c b/src/lxc/start.c
+index 8f7173ec8c..1a6046c7a4 100644
+--- a/src/lxc/start.c
++++ b/src/lxc/start.c
+@@ -629,7 +629,8 @@ int lxc_poll(const char *name, struct lxc_handler *handler)
+ 	TRACE("Mainloop is ready");
+ 
+ 	ret = lxc_mainloop(&descr, -1);
+-	close_prot_errno_disarm(descr.epfd);
++	if (descr.type == LXC_MAINLOOP_EPOLL)
++		close_prot_errno_disarm(descr.epfd);
+ 	if (ret < 0 || !handler->init_died)
+ 		goto out_mainloop_console;
+ 
diff --git a/app-containers/lxc/files/lxc.initd.8 b/app-containers/lxc/files/lxc.initd.8
new file mode 100644
index 000000000000..727f6d504fb3
--- /dev/null
+++ b/app-containers/lxc/files/lxc.initd.8
@@ -0,0 +1,131 @@
+#!/sbin/openrc-run
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+CONTAINER=${SVCNAME#*.}
+
+LXC_PATH=`lxc-config lxc.lxcpath`
+
+lxc_get_configfile() {
+	if [ -f "${LXC_PATH}/${CONTAINER}.conf" ]; then
+		echo "${LXC_PATH}/${CONTAINER}.conf"
+	elif [ -f "${LXC_PATH}/${CONTAINER}/config" ]; then
+		echo "${LXC_PATH}/${CONTAINER}/config"
+	else
+		eerror "Unable to find a suitable configuration file."
+		eerror "If you set up the container in a non-standard"
+		eerror "location, please set the CONFIGFILE variable."
+		return 1
+	fi
+}
+
+[ $CONTAINER != $SVCNAME ] && CONFIGFILE=${CONFIGFILE:-$(lxc_get_configfile)}
+
+lxc_get_var() {
+	awk 'BEGIN { FS="[ \t]*=[ \t]*" } $1 == "'$1'" { print $2; exit }' ${CONFIGFILE}
+}
+
+lxc_get_net_link_type() {
+	awk 'BEGIN { FS="[ \t]*=[ \t]*"; _link=""; _type="" }
+		$1 == "lxc.network.type" {_type=$2;}
+		$1 == "lxc.network.link" {_link=$2;}
+		match($1, /lxc\.net\.[[:digit:]]+\.type/) {_type=$2;}
+		match($1, /lxc\.net\.[[:digit:]]+\.link/) {_link=$2;}
+		{if(_link != "" && _type != ""){
+			printf("%s:%s\n", _link, _type );
+			_link=""; _type="";
+		}; }' <${CONFIGFILE}
+}
+
+checkconfig() {
+	if [ ${CONTAINER} = ${SVCNAME} ]; then
+		eerror "You have to create an init script for each container:"
+		eerror " ln -s lxc /etc/init.d/lxc.container"
+		return 1
+	fi
+
+	# no need to output anything, the function takes care of that.
+	[ -z "${CONFIGFILE}" ] && return 1
+
+	utsname=$(lxc_get_var lxc.uts.name)
+	if [ -z "$utsname" ] ; then
+		utsname=$(lxc_get_var lxc.utsname)
+	fi
+
+	if [ "${CONTAINER}" != "${utsname}" ]; then
+	    eerror "You should use the same name for the service and the"
+	    eerror "container. Right now the container is called ${utsname}"
+	    return 1
+	fi
+}
+
+depend() {
+	# be quiet, since we have to run depend() also for the
+	# non-muxed init script, unfortunately.
+	checkconfig 2>/dev/null || return 0
+
+	config ${CONFIGFILE}
+	need localmount
+	use lxcfs
+
+	local _x _if
+	for _x in $(lxc_get_net_link_type); do
+		_if=${_x%:*}
+		case "${_x##*:}" in
+			# when the network type is set to phys, we can make use of a
+			# network service (for instance to set it up before we disable
+			# the net_admin capability), but we might also  not set it up
+			# at all on the host and leave the net_admin capable service
+			# to take care of it.
+			phys)	use net.${_if} ;;
+			*)	need net.${_if} ;;
+		esac
+	done
+}
+
+start() {
+	checkconfig || return 1
+	rm -f /var/log/lxc/${CONTAINER}.log
+
+	rootpath=$(lxc_get_var lxc.rootfs)
+
+	# Check the format of our init and the chroot's init, to see
+	# if we have to use linux32 or linux64; always use setarch
+	# when required, as that makes it easier to deal with
+	# x32-based containers.
+	case $(scanelf -BF '%a#f' ${rootpath}/sbin/init) in
+		EM_X86_64)	setarch=linux64;;
+		EM_386)		setarch=linux32;;
+	esac
+
+	ebegin "Starting LXC container ${CONTAINER}"
+	env -i ${setarch} $(which lxc-start) -n ${CONTAINER} -f ${CONFIGFILE} -d -o /var/log/lxc/${CONTAINER}.log
+	sleep 1
+
+	# lxc-start -d will _always_ report a correct startup, even if it
+	# failed, so rather than trust that, check that the cgroup exists.
+	# fix for LXC 3.1	
+
+	STATE="$(lxc-info -s -H ${CONTAINER})"
+	[ "$STATE" = "RUNNING" ]
+	
+	eend $?
+}
+
+stop() {
+	checkconfig || return 1
+
+	STATE="$(lxc-info -s -H ${CONTAINER})"
+	
+	if ! [ "$STATE" = "RUNNING" ]; then
+	    ewarn "${CONTAINER} doesn't seem to be started."
+	    return 0
+	fi
+
+	# 30s should be enough to shut everything down
+	# lxc-stop will return back anyway as soon as successful shutdown
+	# after 30s, lxc-stop sends SIGKILL (dirty shotdown)
+	ebegin "Stopping LXC container ${CONTAINER}"
+	lxc-stop -t 30 -n ${CONTAINER}
+	eend $?
+}
diff --git a/app-containers/lxc/files/lxc_at.service.4.0.0 b/app-containers/lxc/files/lxc_at.service.4.0.0
new file mode 100644
index 000000000000..b354bc53e080
--- /dev/null
+++ b/app-containers/lxc/files/lxc_at.service.4.0.0
@@ -0,0 +1,15 @@
+[Unit]
+Description=Linux Container %i
+After=network.target
+Wants=lxcfs.service
+
+[Service]
+Type=forking
+ExecStart=/usr/bin/lxc-start -d -n %i -p /run/lxc-%i.pid
+PIDFile=/run/lxc-%i.pid
+ExecStop=/usr/bin/lxc-stop -n %i
+Delegate=true
+TasksMax=32768
+
+[Install]
+WantedBy=multi-user.target