6 files changed, 479 insertions, 1 deletions
diff --git a/app-containers/Manifest.gz b/app-containers/Manifest.gz
index 99c16fdeb854..d1e2a08f513d 100644
--- a/app-containers/Manifest.gz
+++ b/app-containers/Manifest.gz
diff --git a/app-containers/apptainer/Manifest b/app-containers/apptainer/Manifest
index 8f7adecc3aa4..bc4f41ec31a8 100644
--- a/app-containers/apptainer/Manifest
+++ b/app-containers/apptainer/Manifest
@@ -1,4 +1,6 @@
 AUX apptainer-1.0.2-trim_upstream_cflags.patch 1142 BLAKE2B 7238229b70a8ac37f3401a163d19dc705adb6a4ab6355e4eaa386ad5c639bfc1443cf61507112a53b66816399ca5fe2c32de964dd602ea16c5dfbf9003343f8c SHA512 1351ee000274567bb5a63aa740fbc43510d84ccad42c9af0c555943b99d93d86a2b036801c1681b93548a874bda1bab3304c2bf0da83bbca102a71e82574a032
 DIST apptainer-1.0.3.tar.gz 11972174 BLAKE2B 7fb0602184d9d78ef0de224ec888a01e046d3d44cd79a3233bbb8eab276d9ee360810356a25f4ef05612e337b5a905334f528d5aa5bfa489d9910538719afd2c SHA512 93ebe5abce32f35d56fe7d0f818703961cb7f7115965bad387fc895a275d45b569efeecf57ab5778457732233caa57651cd011a3bcac5ed5aaf2dd665082d959
+DIST apptainer-1.1.0.tar.gz 12761996 BLAKE2B 60b145c68a4c2f7587cbefb94e28337e3f3c9cee51b0f07a024a313605e5cc087bcc0d2775bf83691aa5f5c6d5b84870697acd2e5b09e685f9e44ec766afde2b SHA512 ea7db1d4b9bc5b87542a044abc82f04759b09a676fb429bfb3f33c9a4eb01808f1c2c81e450e99a273b5c61a7df723680352ebc6a1124a6efc060bb85defe20f
 EBUILD apptainer-1.0.3.ebuild 1521 BLAKE2B 3b0303215058e2df69679003f9f1a0770a279a3b229a18ea92dabdf04e983be13504d6da0356dd4cc429b01adbd23168613ca5f37a604797d7bef52e4cb27f81 SHA512 03389ed0da23dd05a98d126dabf30f6f3154052aa03bc25f81607318d4e4cf190ed6d7425d01a8c3e043951952eb6e56ea401933e5b518abcf1eaf4dad31752c
+EBUILD apptainer-1.1.0.ebuild 2453 BLAKE2B ba3d96ffed78dd9b60b0ae69109a870d625918f21ab3147eb0fdb4614d3a5c71e13d6ffd3118441643554688bfdf23cd74bdefa7499c68a44e1658ce6c72eae9 SHA512 3dce29816981e44180a2d8593bc69970e4d9731a071fa2516eedfed60a24b360334b103130c55e1ca2ef9b2471bd228e4540864c3ce437ac93175a51f258e54f
 MISC metadata.xml 454 BLAKE2B 7891b6acae30424b8b6877166b856c1113a13e40ebec9051935df10a0650bf941f52d75bdb6a4258795e07b080082979469b8b8242d2ddd56c52f9c5b6759f0e SHA512 ef53c2dee45734f36403ab71549494f3c24707bc183353e4bd9c548a97b3ab5d7877f4fc9d311d9e86ab249cbdb379f0a1a211ee36afda99fd552f0a5cac30bb
diff --git a/app-containers/apptainer/apptainer-1.1.0.ebuild b/app-containers/apptainer/apptainer-1.1.0.ebuild
new file mode 100644
index 000000000000..3134281dcb06
--- /dev/null
+++ b/app-containers/apptainer/apptainer-1.1.0.ebuild
@@ -0,0 +1,90 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit linux-info toolchain-funcs
+
+DESCRIPTION="The container system for secure high-performance computing"
+HOMEPAGE="https://apptainer.org/"
+SRC_URI="https://github.com/apptainer/${PN}/releases/download/v${PV}/${P}.tar.gz"
+
+SLOT="0"
+LICENSE="BSD"
+KEYWORDS="~amd64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+IUSE="examples +network suid systemd"
+
+# Do not complain about CFLAGS etc. since go projects do not use them.
+QA_FLAGS_IGNORED='.*'
+
+DEPEND="app-crypt/gpgme
+	>=dev-lang/go-1.17.6
+	dev-libs/openssl
+	sys-apps/util-linux
+	sys-fs/cryptsetup
+	sys-fs/squashfs-tools
+	sys-libs/libseccomp
+	!suid? (
+		sys-fs/e2fsprogs[fuse]
+		sys-fs/squashfuse
+	)"
+RDEPEND="${DEPEND}
+	!sys-cluster/singularity"
+BDEPEND="virtual/pkgconfig"
+
+CONFIG_CHECK="~SQUASHFS"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.0.2-trim_upstream_cflags.patch
+)
+
+DOCS=( README.md CONTRIBUTORS.md CONTRIBUTING.md )
+
+src_configure() {
+	local myconfargs=(
+		-c "$(tc-getBUILD_CC)" \
+		-x "$(tc-getBUILD_CXX)" \
+		-C "$(tc-getCC)" \
+		-X "$(tc-getCXX)" \
+		--prefix="${EPREFIX}"/usr \
+		--sysconfdir="${EPREFIX}"/etc \
+		--runstatedir="${EPREFIX}"/run \
+		--localstatedir="${EPREFIX}"/var \
+		$(usex network "" "--without-network") \
+		$(use_with suid)
+	)
+	./mconfig -v ${myconfargs[@]} || die "Error invoking mconfig"
+}
+
+src_compile() {
+	emake -C builddir
+}
+
+src_install() {
+	emake DESTDIR="${D}" -C builddir install
+	keepdir /var/${PN}/mnt/session
+
+	if use systemd; then
+		sed -i -e '/systemd cgroups/ s/no/yes/' "${ED}"/etc/${PN}/${PN}.conf || die "Failed to enable systemd use in configuration"
+	else
+		sed -i -e '/systemd cgroups/ s/yes/no/' "${ED}"/etc/${PN}/${PN}.conf || die "Failed to disable systemd use in configuration"
+	fi
+
+	einstalldocs
+	if use examples; then
+		dodoc -r examples
+	fi
+}
+
+pkg_postinst() {
+	if ! use suid; then
+		local oldver
+		for oldver in ${REPLACING_VERSIONS}; do
+			if ver_test "${oldver}" -lt 1.1.0; then
+				ewarn "Since version 1.1.0 ${PN} no longer installs setuid-root components by default, relying on unprivileged user namespaces instead. For details, see https://apptainer.org/docs/admin/main/user_namespace.html"
+				ewarn "Make sure user namespaces (possibly except network ones for improved security) are enabled on your system, or re-enable installation of setuid root components by passing USE=suid to ${CATEGORY}/${PN}"
+				break
+			fi
+		done
+	fi
+}
diff --git a/app-containers/lxc/Manifest b/app-containers/lxc/Manifest
index ca74d73f3858..544c2a366f25 100644
--- a/app-containers/lxc/Manifest
+++ b/app-containers/lxc/Manifest
@@ -1,3 +1,4 @@
+AUX lxc-5.0.1-glibc-2.36.patch 12218 BLAKE2B 9e1deafda7989dda12ef3e986aca6e3aabc9bdbc1712b1a142530dafd2c55e61e56a0730fb720144b10e124addeef07abb3170bc763d4993b54c0eb1d0989cb8 SHA512 892e03cca0f55cc1f05f6fc7af34963f487bb1b42acac0a42dbc3a0546e74146f222005ca36f1490116ef121b3d787d802f2599ee1d694df667d6adc30475267
 AUX lxc-monitord.service.5.0.0 219 BLAKE2B 5be0ec2b7bd19d661dac97e5d067f0e6d1e297c22c4a642a0b2258003f632263e25349c6d190438f2886064f3202018a452a481e0fb9c9614a5eec5ffa306e39 SHA512 ab63db7a5e0470ac1001e7b05fcbcde3adbe422bdd1030c9e55cd3b1e69855efcf141174f48102ab304035cc4b3497bc569b0f7bc4b231851880872258b28e95
 AUX lxc-net.service.5.0.0 304 BLAKE2B bd7125d2f1401d249946f89e0f58966bc426adc09d5759564174d6a666797d687eb85e4b235ff761e1c1b9d87d133cd28fb12f27092da1b0bff2633d4f4fd704 SHA512 06bf3d233cc152d1b67f6c687c9b31bdd5f60e8664e6bcf4234e878cbf840437b82c1e1cf21cc4847f56b57d3ae664f9557264da4d3b3603bef8945a86658be9
 AUX lxc.initd.8 3669 BLAKE2B 50d41e0923ba26b9653ca3b5b559dd0905e61ec81969e709650fe7f1b26a4dcdc17158b7e449d666e2103047d9f196e53df8beca15fffd529fa8e743de97bd82 SHA512 1182b53a65399746f6d6bced0df5c1fde09c1ede4a28bfe95b5ed0bbd969d6f6423f63021d4b6f1dc62c7b2703f6963c03d881291650bdf21cfcf8432586c1b4
@@ -5,6 +6,6 @@ AUX lxc.service-5.0.0 527 BLAKE2B 44d1fca919615c1acb672baa7b77bd43680975782683ad
 AUX lxc_at.service.5.0.0 395 BLAKE2B b4a329964041a9b3017df80aedb73f296d60e0b78097c72e52b921de939246a45d07591535d3971458cee38bf4ddf84021af3f325bffac6db9ba7c4c78a48a5b SHA512 d896c2eb889b83a77041fcd51604bea11db65b8b494c9c063a72ed182006577ed49e2e2c0842353de4676b3fc1246508e5b7c669d797929818cccf485282d85c
 DIST lxc-5.0.1.tar.gz 973206 BLAKE2B 6d5cb1a03eb2612d0f8cb59783a64ec42bedd560cacfebf76383d9599dfc153e381f0e584a1c8c9a0b5b18a46bfb01863649dc5a019546e9ded6079b5ec69ddd SHA512 c87563b556aec83c93a7c62932217791e92da950cc76983f0d5e1d603fe1ae298a63fb5e88ec9ef5173846d579babb5acd0836679b915de00844bb9edf9c8d7e
 DIST lxc-5.0.1.tar.gz.asc 833 BLAKE2B f85df5fc5bd88a738042f622ee4191b99e0a8e07db7ceb5824d634bc451f4bf93c8b64d1c72d4899f639ad30bbc9ee82be292dbe310218fa20566ee00f9bb752 SHA512 09de4e74d174b54cf9240ca4ef4793b9f63355c65f610abffb40e6dc2dc9130380761a50725e4dcee39b421e4b51c874d141fe22d5ecfd7ad3af35f7ebec09a0
-EBUILD lxc-5.0.1-r1.ebuild 4939 BLAKE2B 51a7be72b0a4d438805a747815d7c11718e58c1007c8201a1de75b60546b9dfb08007a1942cef7b65c5a52b9324bd8d1160e8070678b9fc95b85f0ede88e8861 SHA512 8649adc25542d4f10ff3b857aa6a45d5cb8079e85b118a47596a6d4ced8a35692cf00064bfde13f5127f95c943d1ad7feaa44a8e8f29a013bf3173bd4f166698
+EBUILD lxc-5.0.1-r1.ebuild 4993 BLAKE2B 07ba0214f99ea52ebdb72e04b29a725a449c6b8ccc7fa3782eef9fbe6cce9319bd859e19125fa8ba1af9ec79155ced602ec895d66d7929633f8b9481635da472 SHA512 e62d2de786ff629b7efdeead45903cabb586b3fdcdf1f2a21d8c5eccf7e06f86420875c6447268a58ccc0161216f5b500876bbc07d7543f0c8d16c6022eb33ee
 EBUILD lxc-5.0.1.ebuild 4748 BLAKE2B 1fa18490e2fc1284ce509a04f5ca8c81802db2a3b479decc626470e775530e8b37a743133c1a8b8f82a25ec7f18c2c313bad43bf6fe2e7732c5bd3f608c81f53 SHA512 4aeb0b7179039fcb20198086cfcbdfa07bd20b8776b373c4c50baf1039b70f2c2004b5ce1471189d19d286a823be140ef3941c4b33a55f3de40346ae16a21686
 MISC metadata.xml 720 BLAKE2B b34cfe10fc45695ec1222335a166da834b2a5e9bb03c76b1ec174af7a6bdb23c5d0969c5d298e73c839df24aa156a6979bc643842a4608bdfff6052fba9908c1 SHA512 0f2948ca809aec73de20658710bdd5a6ce42188e39a37ea59a08379719dbfbaab3012b1ccbfa07e856fae76c8adb061ddab7bda4c05dfbf143f9bd3e0a20e800
diff --git a/app-containers/lxc/files/lxc-5.0.1-glibc-2.36.patch b/app-containers/lxc/files/lxc-5.0.1-glibc-2.36.patch
new file mode 100644
index 000000000000..e186c7fbb282
--- /dev/null
+++ b/app-containers/lxc/files/lxc-5.0.1-glibc-2.36.patch
@@ -0,0 +1,383 @@
+From c1115e1503bf955c97f4cf3b925a6a9f619764c3 Mon Sep 17 00:00:00 2001
+From: Christian Brauner <brauner@kernel.org>
+Date: Tue, 9 Aug 2022 16:14:25 +0200
+Subject: [PATCH 1/3] build: detect where struct mount_attr is declared
+
+Fixes: #4176
+Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
+---
+ meson.build                | 30 ++++++++++++++++++++++++++++--
+ src/lxc/conf.c             |  6 +++---
+ src/lxc/conf.h             |  2 +-
+ src/lxc/mount_utils.c      |  6 +++---
+ src/lxc/syscall_wrappers.h | 12 ++++++++++--
+ 5 files changed, 45 insertions(+), 11 deletions(-)
+
+diff --git a/meson.build b/meson.build
+index a145faf069..f679aabbc8 100644
+--- a/meson.build
++++ b/meson.build
+@@ -590,7 +590,6 @@ decl_headers = '''
+ foreach decl: [
+     '__aligned_u64',
+     'struct clone_args',
+-    'struct mount_attr',
+     'struct open_how',
+     'struct rtnl_link_stats64',
+ ]
+@@ -610,7 +609,6 @@ foreach tuple: [
+     ['struct seccomp_notif_sizes'],
+     ['struct clone_args'],
+     ['__aligned_u64'],
+-    ['struct mount_attr'],
+     ['struct open_how'],
+     ['struct rtnl_link_stats64'],
+ ]
+@@ -630,6 +628,34 @@ foreach tuple: [
+     endif
+ endforeach
+ 
++## Types.
++decl_headers = '''
++#include <sys/mount.h>
++'''
++
++# We get -1 if the size cannot be determined
++if cc.sizeof('struct mount_attr', prefix: decl_headers, args: '-D_GNU_SOURCE') > 0
++    srcconf.set10('HAVE_' + 'struct mount_attr'.underscorify().to_upper(), true)
++    found_types += 'struct mount_attr (sys/mount.h)'
++else
++    srcconf.set10('HAVE_' + 'struct mount_attr'.underscorify().to_upper(), false)
++    missing_types += 'struct mount_attr (sys/mount.h)'
++endif
++
++## Types.
++decl_headers = '''
++#include <linux/mount.h>
++'''
++
++# We get -1 if the size cannot be determined
++if cc.sizeof('struct mount_attr', prefix: decl_headers, args: '-D_GNU_SOURCE') > 0
++    srcconf.set10('HAVE_UAPI_' + 'struct mount_attr'.underscorify().to_upper(), true)
++    found_types += 'struct mount_attr (linux/mount.h)'
++else
++    srcconf.set10('HAVE_UAPI_' + 'struct mount_attr'.underscorify().to_upper(), false)
++    missing_types += 'struct mount_attr (linux/mount.h)'
++endif
++
+ ## Headers.
+ foreach ident: [
+     ['bpf',               '''#include <sys/syscall.h>
+diff --git a/src/lxc/conf.c b/src/lxc/conf.c
+index ffbe74c2f6..4193cd07f5 100644
+--- a/src/lxc/conf.c
++++ b/src/lxc/conf.c
+@@ -2885,7 +2885,7 @@ static int __lxc_idmapped_mounts_child(struct lxc_handler *handler, FILE *f)
+ 		struct lxc_mount_options opts = {};
+ 		int dfd_from;
+ 		const char *source_relative, *target_relative;
+-		struct lxc_mount_attr attr = {};
++		struct mount_attr attr = {};
+ 
+ 		ret = parse_lxc_mount_attrs(&opts, mntent.mnt_opts);
+ 		if (ret < 0)
+@@ -3005,7 +3005,7 @@ static int __lxc_idmapped_mounts_child(struct lxc_handler *handler, FILE *f)
+ 
+ 		/* Set propagation mount options. */
+ 		if (opts.attr.propagation) {
+-			attr = (struct lxc_mount_attr) {
++			attr = (struct mount_attr) {
+ 				.propagation = opts.attr.propagation,
+ 			};
+ 
+@@ -4109,7 +4109,7 @@ int lxc_idmapped_mounts_parent(struct lxc_handler *handler)
+ 
+ 	for (;;) {
+ 		__do_close int fd_from = -EBADF, fd_userns = -EBADF;
+-		struct lxc_mount_attr attr = {};
++		struct mount_attr attr = {};
+ 		struct lxc_mount_options opts = {};
+ 		ssize_t ret;
+ 
+diff --git a/src/lxc/conf.h b/src/lxc/conf.h
+index 7dc2f15b60..772479f9e1 100644
+--- a/src/lxc/conf.h
++++ b/src/lxc/conf.h
+@@ -223,7 +223,7 @@ struct lxc_mount_options {
+ 	unsigned long mnt_flags;
+ 	unsigned long prop_flags;
+ 	char *data;
+-	struct lxc_mount_attr attr;
++	struct mount_attr attr;
+ 	char *raw_options;
+ };
+ 
+diff --git a/src/lxc/mount_utils.c b/src/lxc/mount_utils.c
+index bba75f933c..88dd73ee36 100644
+--- a/src/lxc/mount_utils.c
++++ b/src/lxc/mount_utils.c
+@@ -31,7 +31,7 @@ lxc_log_define(mount_utils, lxc);
+  * setting in @attr_set, but must also specify MOUNT_ATTR__ATIME in the
+  * @attr_clr field.
+  */
+-static inline void set_atime(struct lxc_mount_attr *attr)
++static inline void set_atime(struct mount_attr *attr)
+ {
+ 	switch (attr->attr_set & MOUNT_ATTR__ATIME) {
+ 	case MOUNT_ATTR_RELATIME:
+@@ -272,7 +272,7 @@ int create_detached_idmapped_mount(const char *path, int userns_fd,
+ {
+ 	__do_close int fd_tree_from = -EBADF;
+ 	unsigned int open_tree_flags = OPEN_TREE_CLONE | OPEN_TREE_CLOEXEC;
+-	struct lxc_mount_attr attr = {
++	struct mount_attr attr = {
+ 		.attr_set	= MOUNT_ATTR_IDMAP | attr_set,
+ 		.attr_clr	= attr_clr,
+ 		.userns_fd	= userns_fd,
+@@ -335,7 +335,7 @@ int __fd_bind_mount(int dfd_from, const char *path_from, __u64 o_flags_from,
+ 		    __u64 attr_clr, __u64 propagation, int userns_fd,
+ 		    bool recursive)
+ {
+-	struct lxc_mount_attr attr = {
++	struct mount_attr attr = {
+ 		.attr_set	= attr_set,
+ 		.attr_clr	= attr_clr,
+ 		.propagation	= propagation,
+diff --git a/src/lxc/syscall_wrappers.h b/src/lxc/syscall_wrappers.h
+index a5e98b565c..c8a7d0c7b7 100644
+--- a/src/lxc/syscall_wrappers.h
++++ b/src/lxc/syscall_wrappers.h
+@@ -18,6 +18,12 @@
+ #include "macro.h"
+ #include "syscall_numbers.h"
+ 
++#if HAVE_STRUCT_MOUNT_ATTR
++#include <sys/mount.h>
++#elif HAVE_UAPI_STRUCT_MOUNT_ATTR
++#include <linux/mount.h>
++#endif
++
+ #ifdef HAVE_LINUX_MEMFD_H
+ #include <linux/memfd.h>
+ #endif
+@@ -210,16 +216,18 @@ extern int fsmount(int fs_fd, unsigned int flags, unsigned int attr_flags);
+ /*
+  * mount_setattr()
+  */
+-struct lxc_mount_attr {
++#if !HAVE_STRUCT_MOUNT_ATTR && !HAVE_UAPI_STRUCT_MOUNT_ATTR
++struct mount_attr {
+ 	__u64 attr_set;
+ 	__u64 attr_clr;
+ 	__u64 propagation;
+ 	__u64 userns_fd;
+ };
++#endif
+ 
+ #if !HAVE_MOUNT_SETATTR
+ static inline int mount_setattr(int dfd, const char *path, unsigned int flags,
+-				struct lxc_mount_attr *attr, size_t size)
++				struct mount_attr *attr, size_t size)
+ {
+ 	return syscall(__NR_mount_setattr, dfd, path, flags, attr, size);
+ }
+
+From ef1e0607b82e27350c2d677d649c6a0a9693fd40 Mon Sep 17 00:00:00 2001
+From: Christian Brauner <brauner@kernel.org>
+Date: Tue, 9 Aug 2022 16:27:40 +0200
+Subject: [PATCH 2/3] build: detect sys/pidfd.h availability
+
+Fixes: #4176
+Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
+---
+ meson.build             | 1 +
+ src/lxc/process_utils.h | 6 ++++++
+ 2 files changed, 7 insertions(+)
+
+diff --git a/meson.build b/meson.build
+index f679aabbc8..e999542336 100644
+--- a/meson.build
++++ b/meson.build
+@@ -735,6 +735,7 @@ foreach tuple: [
+     ['sys/resource.h'],
+     ['sys/memfd.h'],
+     ['sys/personality.h'],
++    ['sys/pidfd.h'],
+     ['sys/signalfd.h'],
+     ['sys/timerfd.h'],
+     ['pty.h'],
+diff --git a/src/lxc/process_utils.h b/src/lxc/process_utils.h
+index 9c15b15741..ed84741d0e 100644
+--- a/src/lxc/process_utils.h
++++ b/src/lxc/process_utils.h
+@@ -15,6 +15,10 @@
+ #include <sys/syscall.h>
+ #include <unistd.h>
+ 
++#if HAVE_SYS_PIDFD_H
++#include <sys/pidfd.h>
++#endif
++
+ #include "compiler.h"
+ #include "syscall_numbers.h"
+ 
+@@ -136,9 +140,11 @@
+ #endif
+ 
+ /* waitid */
++#if !HAVE_SYS_PIDFD_H
+ #ifndef P_PIDFD
+ #define P_PIDFD 3
+ #endif
++#endif
+ 
+ #ifndef CLONE_ARGS_SIZE_VER0
+ #define CLONE_ARGS_SIZE_VER0 64 /* sizeof first published struct */
+
+From cbabe8abf11e7e7fb49c123bae31efdd9bc8f1e8 Mon Sep 17 00:00:00 2001
+From: Christian Brauner <brauner@kernel.org>
+Date: Tue, 9 Aug 2022 17:19:40 +0200
+Subject: [PATCH 3/3] build: check for FS_CONFIG_* header symbol in sys/mount.h
+
+Fixes: #4176
+Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
+---
+ meson.build           | 59 +++++++++++++++++++++++++++++++++++++++++--
+ src/lxc/mount_utils.h | 16 ++++++++++++
+ 2 files changed, 73 insertions(+), 2 deletions(-)
+
+diff --git a/meson.build b/meson.build
+index e999542336..9f8a5de60c 100644
+--- a/meson.build
++++ b/meson.build
+@@ -639,8 +639,7 @@ if cc.sizeof('struct mount_attr', prefix: decl_headers, args: '-D_GNU_SOURCE') >
+     found_types += 'struct mount_attr (sys/mount.h)'
+ else
+     srcconf.set10('HAVE_' + 'struct mount_attr'.underscorify().to_upper(), false)
+-    missing_types += 'struct mount_attr (sys/mount.h)'
+-endif
++    missing_types += 'struct mount_attr (sys/mount.h)' endif
+ 
+ ## Types.
+ decl_headers = '''
+@@ -656,6 +655,62 @@ else
+     missing_types += 'struct mount_attr (linux/mount.h)'
+ endif
+ 
++if cc.has_header_symbol('sys/mount.h', 'FSCONFIG_SET_FLAG')
++    srcconf.set10('HAVE_' + 'FSCONFIG_SET_FLAG'.underscorify().to_upper(), true)
++    found_types += 'FSCONFIG_SET_FLAG'
++else
++    srcconf.set10('HAVE_' + 'FSCONFIG_SET_FLAG'.underscorify().to_upper(), false)
++    missing_types += 'FSCONFIG_SET_FLAG'
++endif
++
++if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_STRING')
++    srcconf.set10('HAVE_' + 'FS_CONFIG_SET_STRING'.underscorify().to_upper(), true)
++    found_types += 'FS_CONFIG_SET_STRING'
++else
++    srcconf.set10('HAVE_' + 'FS_CONFIG_SET_STRING'.underscorify().to_upper(), false)
++    missing_types += 'FS_CONFIG_SET_STRING'
++endif
++
++if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_BINARY')
++    srcconf.set10('HAVE_' + 'FS_CONFIG_SET_BINARY'.underscorify().to_upper(), true)
++    found_types += 'FS_CONFIG_SET_BINARY'
++else
++    srcconf.set10('HAVE_' + 'FS_CONFIG_SET_BINARY'.underscorify().to_upper(), false)
++    missing_types += 'FS_CONFIG_SET_BINARY'
++endif
++
++if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_PATH_EMPTY')
++    srcconf.set10('HAVE_' + 'FS_CONFIG_SET_PATH_EMPTY'.underscorify().to_upper(), true)
++    found_types += 'FS_CONFIG_SET_PATH_EMPTY'
++else
++    srcconf.set10('HAVE_' + 'FS_CONFIG_SET_PATH_EMPTY'.underscorify().to_upper(), false)
++    missing_types += 'FS_CONFIG_SET_PATH_EMPTY'
++endif
++
++if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_PATH_FD')
++    srcconf.set10('HAVE_' + 'FS_CONFIG_SET_PATH_FD'.underscorify().to_upper(), true)
++    found_types += 'FS_CONFIG_SET_PATH_FD'
++else
++    srcconf.set10('HAVE_' + 'FS_CONFIG_SET_PATH_FD'.underscorify().to_upper(), false)
++    missing_types += 'FS_CONFIG_SET_PATH_FD'
++endif
++
++if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_CMD_CREATE')
++    srcconf.set10('HAVE_' + 'FS_CONFIG_SET_CMD_CREATE'.underscorify().to_upper(), true)
++    found_types += 'FS_CONFIG_SET_CMD_CREATE'
++else
++    srcconf.set10('HAVE_' + 'FS_CONFIG_SET_CMD_CREATE'.underscorify().to_upper(), false)
++    missing_types += 'FS_CONFIG_SET_CMD_CREATE'
++endif
++
++if cc.has_header_symbol('sys/mount.h', 'FS_CONFIG_SET_CMD_RECONFIGURE')
++    srcconf.set10('HAVE_' + 'FS_CONFIG_SET_CMD_RECONFIGURE'.underscorify().to_upper(), true)
++    found_types += 'FS_CONFIG_SET_CMD_RECONFIGURE'
++else
++    srcconf.set10('HAVE_' + 'FS_CONFIG_SET_CMD_RECONFIGURE'.underscorify().to_upper(), false)
++    missing_types += 'FS_CONFIG_SET_CMD_RECONFIGURE'
++endif
++
+ ## Headers.
+ foreach ident: [
+     ['bpf',               '''#include <sys/syscall.h>
+diff --git a/src/lxc/mount_utils.h b/src/lxc/mount_utils.h
+index ea392672d8..fd34739459 100644
+--- a/src/lxc/mount_utils.h
++++ b/src/lxc/mount_utils.h
+@@ -82,37 +82,53 @@ struct lxc_rootfs;
+ #endif
+ 
+ /* fsconfig() commands */
++#if !HAVE_FSCONFIG_SET_FLAG
+ #ifndef FSCONFIG_SET_FLAG
+ #define FSCONFIG_SET_FLAG 0 /* Set parameter, supplying no value */
+ #endif
++#endif
+ 
++#if !HAVE_FSCONFIG_SET_STRING
+ #ifndef FSCONFIG_SET_STRING
+ #define FSCONFIG_SET_STRING 1 /* Set parameter, supplying a string value */
+ #endif
++#endif
+ 
++#if !HAVE_FSCONFIG_SET_BINARY
+ #ifndef FSCONFIG_SET_BINARY
+ #define FSCONFIG_SET_BINARY 2 /* Set parameter, supplying a binary blob value */
+ #endif
++#endif
+ 
++#if !HAVE_FSCONFIG_SET_PATH
+ #ifndef FSCONFIG_SET_PATH
+ #define FSCONFIG_SET_PATH 3 /* Set parameter, supplying an object by path */
+ #endif
++#endif
+ 
++#if !HAVE_FSCONFIG_SET_PATH_EMPTY
+ #ifndef FSCONFIG_SET_PATH_EMPTY
+ #define FSCONFIG_SET_PATH_EMPTY 4 /* Set parameter, supplying an object by (empty) path */
+ #endif
++#endif
+ 
++#if !HAVE_FSCONFIG_SET_FD
+ #ifndef FSCONFIG_SET_FD
+ #define FSCONFIG_SET_FD 5 /* Set parameter, supplying an object by fd */
+ #endif
++#endif
+ 
++#if !HAVE_FSCONFIG_CMD_CREATE
+ #ifndef FSCONFIG_CMD_CREATE
+ #define FSCONFIG_CMD_CREATE 6 /* Invoke superblock creation */
+ #endif
++#endif
+ 
++#if !FSCONFIG_CMD_RECONFIGURE
+ #ifndef FSCONFIG_CMD_RECONFIGURE
+ #define	FSCONFIG_CMD_RECONFIGURE 7	/* Invoke superblock reconfiguration */
+ #endif
++#endif
+ 
+ /* fsmount() flags */
+ #ifndef FSMOUNT_CLOEXEC
diff --git a/app-containers/lxc/lxc-5.0.1-r1.ebuild b/app-containers/lxc/lxc-5.0.1-r1.ebuild
index 3f264e03d0c1..7a9e415fda2a 100644
--- a/app-containers/lxc/lxc-5.0.1-r1.ebuild
+++ b/app-containers/lxc/lxc-5.0.1-r1.ebuild
@@ -67,6 +67,8 @@ VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/linuxcontainers.asc
 
 DOCS=( AUTHORS CONTRIBUTING MAINTAINERS README.md doc/FAQ.txt )
 
+PATCHES=( "${FILESDIR}"/lxc-5.0.1-glibc-2.36.patch )
+
 pkg_setup() {
 	linux-info_pkg_setup
 }