]>
git.proxmox.com Git - mirror_lxc.git/log
DarkGuySM [Sun, 2 Oct 2022 10:06:50 +0000 (15:36 +0530)]
Update README.md
Corrected grammar in readme.
Signed-off-by: DarkGuySM <78262720+DarkGuySM@users.noreply.github.com>
Stéphane Graber [Wed, 14 Sep 2022 15:06:17 +0000 (11:06 -0400)]
Merge pull request #4200 from brauner/2022-09-14.fixes
conf: allow cross-device links
Christian Brauner [Wed, 14 Sep 2022 14:21:20 +0000 (16:21 +0200)]
conf: allow cross-device links
Fixes: https://github.com/lxc/lxd/issues/10914
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Stéphane Graber [Mon, 12 Sep 2022 14:06:47 +0000 (10:06 -0400)]
Merge pull request #4197 from lxc/dependabot/github_actions/actions/checkout-3
build(deps): bump actions/checkout from 2 to 3
dependabot[bot] [Mon, 12 Sep 2022 13:31:52 +0000 (13:31 +0000)]
build(deps): bump actions/checkout from 2 to 3
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Stéphane Graber [Thu, 1 Sep 2022 18:07:52 +0000 (14:07 -0400)]
Merge pull request #4193 from sashashura/patch-1
GitHub Workflows security hardening
Alex [Thu, 1 Sep 2022 14:52:05 +0000 (15:52 +0100)]
Update cifuzz.yml
Signed-off-by: sashashura <93376818+sashashura@users.noreply.github.com>
Signed-off-by: Alex <93376818+sashashura@users.noreply.github.com>
Stéphane Graber [Thu, 1 Sep 2022 10:04:29 +0000 (06:04 -0400)]
Merge pull request #4192 from DriedYellowPeach/master
fix error message when use tools with -? option
Neil.wrz [Thu, 1 Sep 2022 09:13:03 +0000 (02:13 -0700)]
fix error message when use tools with -? option
Signed-off-by: Neil.wrz <wangrunze13@huawei.com>
Stéphane Graber [Wed, 17 Aug 2022 15:17:24 +0000 (11:17 -0400)]
Merge pull request #4177 from CameronNemo/meson-docbook2x
meson: fix docbook2x detection
Stéphane Graber [Wed, 17 Aug 2022 14:57:27 +0000 (10:57 -0400)]
Merge pull request #4184 from brauner/2022-08-17.fixes
tree-wide: include improvements
Christian Brauner [Wed, 17 Aug 2022 07:58:34 +0000 (09:58 +0200)]
tree-wide: split open helpers into open_utils.h
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 17 Aug 2022 07:48:32 +0000 (09:48 +0200)]
build: prevent the inclusion of linux/mount.h with a hack
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 17 Aug 2022 07:46:14 +0000 (09:46 +0200)]
mount_utils: remove conf.h include
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 17 Aug 2022 07:44:34 +0000 (09:44 +0200)]
mount: move mount utilities from syscall_wrappers.h into mount_utils.h
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 17 Aug 2022 07:39:25 +0000 (09:39 +0200)]
tree-wide: minimize liburing.h inclusion
because it brings in linux/fs.h and defines struct open_how.
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Cameron Nemo [Wed, 17 Aug 2022 03:30:39 +0000 (20:30 -0700)]
meson: fix docbook2x detection
docbook2man can sometimes be docbook2x and other times be docbook-utils.
Rather than compare paths, use version constraints to detect version.
Signed-off-by: Cameron Nemo <cam@nohom.org>
Stéphane Graber [Thu, 11 Aug 2022 18:22:33 +0000 (14:22 -0400)]
Merge pull request #4180 from sgn/meson-distroconfdir
meson.build: allow explicit distrosysconfdir
Stéphane Graber [Wed, 10 Aug 2022 13:25:21 +0000 (09:25 -0400)]
Merge pull request #4181 from brauner/2022-08-10.fixes
tree-wide: only rely on sys/ headers to avoid conflicts with linux/ headers
Christian Brauner [Wed, 10 Aug 2022 10:18:49 +0000 (12:18 +0200)]
tree-wide: use struct open_how directly
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 10 Aug 2022 10:03:54 +0000 (12:03 +0200)]
tree-wide: use struct clone_args directly
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 10 Aug 2022 09:42:52 +0000 (11:42 +0200)]
tree-wide: wipe direct or indirect linux/mount.h inclusion
It is incompatible with sys/mount.h and causes massive headaches.
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Đoàn Trần Công Danh [Tue, 9 Aug 2022 15:24:09 +0000 (22:24 +0700)]
meson.build: allow explicit distrosysconfdir
Allows either:
- Build inside minimal-and-clean chroot with neither
/etc/sysconfig nor /etc/default available.
- Cross Compile lxc from foreign distro,
let's say host distro uses /etc/sysconfig and build distro
uses /etc/default and vice versus.
Signed-off-by: Đoàn Trần Công Danh <congdanhqx@gmail.com>
Stéphane Graber [Tue, 9 Aug 2022 21:40:09 +0000 (17:40 -0400)]
Merge pull request #4179 from brauner/2022-08-09.fixes
build: fixes for glibc 2.36
Christian Brauner [Tue, 9 Aug 2022 15:19:40 +0000 (17:19 +0200)]
build: check for FS_CONFIG_* header symbol in sys/mount.h
Fixes: #4176
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 9 Aug 2022 14:27:40 +0000 (16:27 +0200)]
build: detect sys/pidfd.h availability
Fixes: #4176
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 9 Aug 2022 14:14:25 +0000 (16:14 +0200)]
build: detect where struct mount_attr is declared
Fixes: #4176
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 3 Aug 2022 07:55:30 +0000 (09:55 +0200)]
Merge pull request #4175 from stgraber/master
gitignore: Simplify
Stéphane Graber [Mon, 1 Aug 2022 21:45:52 +0000 (17:45 -0400)]
gitignore: Simplify
The move to meson has made it so that all rendered/built files are now
nicely self-contained. This lets us greatly simplify our gitignore,
effectively just ignoring release tarballs and the few usual temporary
files we may deal with during development.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Stéphane Graber [Mon, 25 Jul 2022 21:22:24 +0000 (17:22 -0400)]
Merge pull request #4173 from brauner/2022-07-25.lxc-usernsexec
lxc-usernsexec: allow to select which {g,u}id to switch to
Christian Brauner [Mon, 25 Jul 2022 20:25:55 +0000 (22:25 +0200)]
lxc-usernsexec: allow to select which {g,u}id to switch to
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 19 Jul 2022 08:29:41 +0000 (10:29 +0200)]
README: update security mails
Reported-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 14 Jul 2022 21:53:49 +0000 (22:53 +0100)]
Merge pull request #4168 from ffontaine/master
meson.build: fix build without stack-protector
Fabrice Fontaine [Thu, 14 Jul 2022 15:49:54 +0000 (17:49 +0200)]
meson.build: fix build without stack-protector
Move -fstack-protector-strong from possible_cc_flags to
possible_link_flags to avoid a build failure on toolchains without ssp
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Stéphane Graber [Thu, 14 Jul 2022 15:45:37 +0000 (11:45 -0400)]
Merge pull request #4167 from ffontaine/master
meson.build: fix build with -Dcapabilities=false
Fabrice Fontaine [Thu, 14 Jul 2022 15:03:40 +0000 (17:03 +0200)]
meson.build: fix build with -Dcapabilities=false
Define libcap_static to an empty array to avoid the following build
failure with -Dcapabilities=false:
output/build/lxc-5.0.0/src/lxc/cmd/meson.build:64:4: ERROR: Unknown variable "libcap_static".
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Christian Brauner [Thu, 14 Jul 2022 14:40:54 +0000 (15:40 +0100)]
Merge pull request #4166 from ffontaine/master
src/lxc/log.h: fix STRERROR_R_CHAR_P
Fabrice Fontaine [Thu, 14 Jul 2022 10:31:21 +0000 (12:31 +0200)]
src/lxc/log.h: fix STRERROR_R_CHAR_P
STRERROR_R_CHAR_P is always defined to 0 or 1 depending on the value of
have_func_strerror_r_char_p in meson.build so replace #ifdef by #if to
avoid a redefinition build failure if char *strerror_r is not defined
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Christian Brauner [Mon, 4 Jul 2022 11:22:37 +0000 (13:22 +0200)]
Merge pull request #4163 from Blub/meson/remaining-checks.2022-07-04
meson: add remaining still-in-use config checks
Wolfgang Bumiller [Mon, 4 Jul 2022 09:27:14 +0000 (11:27 +0200)]
meson: add remaining still-in-use config checks
These are all still in use in the code but have not been
added to meson.build when switching over from autoconf.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Christian Brauner [Mon, 4 Jul 2022 08:10:17 +0000 (10:10 +0200)]
Merge pull request #4151 from Teemperor/FixUninitRead
Fix uninitialized read in parse_cap when libcap is not used
Christian Brauner [Mon, 4 Jul 2022 07:23:02 +0000 (09:23 +0200)]
Merge pull request #4161 from srd424/patch-1
Fix errors constructing mount string when extra mount options supplied
srd424 [Sun, 3 Jul 2022 17:18:23 +0000 (18:18 +0100)]
Store mount options in correct variable
This was exposed by the fix in the previous commit.
Signed-off-by: srd424 <srd424@users.noreply.github.com>
srd424 [Sun, 3 Jul 2022 09:21:30 +0000 (10:21 +0100)]
Fix off-by-one error constructing mount options
This fixes a really subtle off-by-one error constructing overlay mount options if rootfs options are provided and modern overlayfs (i.e. requiring a workdir) is used. We need to allow for the extra "," required to separate the extra options when computing the length!
Signed-off-by: srd424 <srd424@users.noreply.github.com>
Christian Brauner [Fri, 1 Jul 2022 12:57:41 +0000 (14:57 +0200)]
Merge pull request #4159 from Blub/meson/statvfs
add check for statvfs
Wolfgang Bumiller [Fri, 1 Jul 2022 11:40:24 +0000 (13:40 +0200)]
Merge pull request #4158 from brauner/2022-07-01.fixes
start: fix namespace sharing
Wolfgang Bumiller [Fri, 1 Jul 2022 09:09:15 +0000 (11:09 +0200)]
add check for statvfs
we use HAVE_STATVFS in the code but with meson the check got
lost causing mount_entry to fail to remount some things such
as a bind mount of /dev/fuse via
lxc.mount.entry = /dev/fuse dev/fuse none bind,create=file 0 0
which would cause the following log messages:
DEBUG conf - ../src/lxc/conf.c:mount_entry:2416 - Remounting "/dev/fuse" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/fuse" to respect bind or remount options
ERROR conf - ../src/lxc/conf.c:mount_entry:2459 - Operation not permitted - Failed to mount "/dev/fuse" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/fuse"
note that the `Flags for ... were ...` line is not showing
up there, which depends on HAVE_STATVFS
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Christian Brauner [Fri, 1 Jul 2022 08:16:17 +0000 (10:16 +0200)]
Merge pull request #4147 from marcfiu/issue-4026
fix for issue #4026: set broadcast to 0.0.0.0 for /31 and /32
Christian Brauner [Fri, 1 Jul 2022 08:12:45 +0000 (10:12 +0200)]
start: fix namespace sharing
Fixes: #4134
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Stéphane Graber [Thu, 30 Jun 2022 15:20:26 +0000 (11:20 -0400)]
Merge pull request #4157 from brauner/2022-06-30.fixes
conf: fix append_ttyname()
Christian Brauner [Thu, 30 Jun 2022 10:48:01 +0000 (12:48 +0200)]
conf: fix append_ttyname()
We appended container_tty= and then used setenv(container_tty, ...)
resulting int container_tty=container_tty=.
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Stéphane Graber [Wed, 29 Jun 2022 17:09:48 +0000 (13:09 -0400)]
Merge pull request #4154 from brauner/2022-06-29.fixes
conf: startup fixes
Christian Brauner [Wed, 29 Jun 2022 16:31:37 +0000 (18:31 +0200)]
start: record inherited namespaces earlier to make it available for idmapped rootfs setup
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 29 Jun 2022 16:31:01 +0000 (18:31 +0200)]
start: don't overwrite file descriptors during namespace preservation
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 29 Jun 2022 16:29:52 +0000 (18:29 +0200)]
conf: log file descriptors on error during idmapped mount setup
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Marc E. Fiuczynski [Mon, 13 Jun 2022 12:43:14 +0000 (08:43 -0400)]
fix for issue 4026: set broadcast to 0.0.0.0 for /31 and /32
Signed-off-by: Marc E. Fiuczynski <mfiuczyn@akamai.com>
Christian Brauner [Tue, 21 Jun 2022 14:27:49 +0000 (16:27 +0200)]
Merge pull request #4153 from brauner/2022-06-21.unprivileged-cgroup2
use systemd dbus StartTransientUnit for unpriv cgroup2
Serge Hallyn [Tue, 21 Jun 2022 12:50:53 +0000 (14:50 +0200)]
use systemd dbus StartTransientUnit for unpriv cgroup2
If, when init'ing cgroups for a container start, we detect that we
are an unprivileged user on a unified-hierarchy-only system, then we
try to request systemd, through dbus api, to create a new scope for
us with delegation. Call the cgroup it creates for us P1. We then
create P1/init, move ourselves into there, so we can enable the
controllers for delegation to P1's children through P1/cgroup.subtree_control.
On attach, we try to request systemd attach us to the container's
scope. We can't do that ourselves in the normal case, as root owns
our login cgroups.
Create a new command api for the lxc monitor to tell lxc-attach the
systemd scope to which to attach.
Changelog:
* free cgroup_meta.systemd_scope in lxc_conf_free (Thanks Tycho)
* fix some indent
* address some (not all) of brauner's feedback
Signed-off-by: Serge Hallyn <serge@hallyn.com>
Raphael Isemann [Tue, 21 Jun 2022 11:10:40 +0000 (13:10 +0200)]
Fix uninitialized read in parse_cap when libcap is not used
fuzz-lxc-cgroup-init currently fails for me with the input
```
lxc.cap.keep=0
```
with this report:
```
==640655==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x833c77 in parse_cap /src/lxc/san_build/../src/lxc/conf.c:3161:6
#1 0xaa5fd6 in add_cap_entry /src/lxc/san_build/../src/lxc/confile.c:2462:9
#2 0x9eb69c in set_config_cap_keep /src/lxc/san_build/../src/lxc/confile.c:2503:8
#3 0x974a76 in parse_line /src/lxc/san_build/../src/lxc/confile.c:3115:9
#4 0xea8cac in lxc_file_for_each_line_mmap /src/lxc/san_build/../src/lxc/parse.c:123:9
#5 0x9700a1 in lxc_config_read /src/lxc/san_build/../src/lxc/confile.c:3192:9
#6 0x4a3b50 in LLVMFuzzerTestOneInput /src/lxc/san_build/../src/tests/fuzz-lxc-cgroup-init.c:40:8
#7 0x10556e3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
#8 0x1041372 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
#9 0x1046bbc in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9
#10 0x106f7b2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#11 0x7ffff7bc00b2 in __libc_start_main /build/glibc-sMfBJT/glibc-2.31/csu/../csu/libc-start.c:308:16
#12 0x420a9d in _start (/home/fuzzer/oss-fuzz/build/out/lxc/fuzz-lxc-cgroup-init+0x420a9d)
Uninitialized value was created by an allocation of 'last_cap' in the stack frame of function 'parse_cap'
#0 0x832e30 in parse_cap /src/lxc/san_build/../src/lxc/conf.c:3131
```
The reason is that without libcap we parse_cap ends up comparing two
uninitialized values. See the snippet below:
```
int parse_cap(const char *cap_name, __u32 *cap)
{
int ret;
unsigned int res;
__u32 last_cap;
[...]
ret = lxc_caps_last_cap(&last_cap); // NOTE: 1. Call here.
if (ret) // Not taken as dummy lxc_caps_last_cap returned 0.
return -1;
if ((__u32)res > last_cap) // last_cap is uninitialized.
return -1;
*cap = (__u32)res;
return 0;
}
```
Root cause seems to be that the dummy `lxc_caps_last_cap` returns 0 but
doesn't set the last_cap value. This patch just returns -1 as an error code
to avoid the uninitialized read.
Note: When reproducing the bug you need to compile with O0 and *not* with O1
otherwise you will not see the report.
Signed-off-by: Raphael Isemann <teemperor@gmail.com>
Christian Brauner [Sat, 18 Jun 2022 13:33:00 +0000 (15:33 +0200)]
Merge pull request #4149 from petris/lxc_multicall
tools: Provide multicall lxc binary
Stéphane Graber [Thu, 16 Jun 2022 20:41:05 +0000 (16:41 -0400)]
meson: Set DEVEL flag post release
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Stéphane Graber [Thu, 16 Jun 2022 19:20:14 +0000 (15:20 -0400)]
Release LXC 5.0.0
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Petr Malat [Wed, 15 Jun 2022 11:16:43 +0000 (13:16 +0200)]
tools: Provide multicall lxc binary
Create a binary, which embeds all lxc tools similar way as busybox
embeds its applets. This is handy for embedded systems as it saves
roughly 90% of the disk space.
To disable normal tools and use multicall binary exclusively use the
following meson setup options:
-Dtools=false -Dtools-multicall=true
Signed-off-by: Petr Malat <oss@malat.biz>
Petr Malat [Wed, 15 Jun 2022 13:59:30 +0000 (15:59 +0200)]
meson: Generate compile commands by iterating over an array
This makes it possible to add a new command without updating multiple
places in the meson file.
Signed-off-by: Petr Malat <oss@malat.biz>
Stéphane Graber [Tue, 14 Jun 2022 02:17:52 +0000 (22:17 -0400)]
Merge pull request #4148 from stgraber/master
meson: Fix bad strerror_r check
Stéphane Graber [Tue, 14 Jun 2022 01:27:46 +0000 (21:27 -0400)]
meson: Fix bad strerror_r check
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Stéphane Graber [Mon, 13 Jun 2022 14:12:07 +0000 (10:12 -0400)]
Merge pull request #4146 from brauner/2022-06-13.fixes
build: fixes
Christian Brauner [Mon, 13 Jun 2022 13:46:33 +0000 (15:46 +0200)]
build: map autotools options to meson options in meson_options.txt
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 13 Jun 2022 13:36:13 +0000 (15:36 +0200)]
README: reflect meson in the documentation
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 13 Jun 2022 13:31:36 +0000 (15:31 +0200)]
build: add missing memfd-rexec option
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 13 Jun 2022 11:46:15 +0000 (13:46 +0200)]
build: support thread-safety enforcement as option
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 13 Jun 2022 09:04:17 +0000 (11:04 +0200)]
build: use cc.links() to check for static libcap
Fixes: #4144
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Stéphane Graber [Thu, 9 Jun 2022 21:35:34 +0000 (17:35 -0400)]
Merge pull request #4142 from brauner/2022-06-09.build.fixes
tests: fix oss-fuzz port to meson
Christian Brauner [Thu, 9 Jun 2022 16:15:41 +0000 (18:15 +0200)]
oss-fuzz: cleanup build flags
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 9 Jun 2022 16:15:12 +0000 (18:15 +0200)]
oss-fuzz: ensure binaries are zipped
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 9 Jun 2022 16:14:45 +0000 (18:14 +0200)]
oss-fuzz: adapt options to oss-fuzz build
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 9 Jun 2022 16:14:13 +0000 (18:14 +0200)]
oss-fuzz: handle dependencies
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 9 Jun 2022 16:12:54 +0000 (18:12 +0200)]
build: separate oss-fuzz tests from regular test builds
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 9 Jun 2022 16:12:25 +0000 (18:12 +0200)]
github/workflows/cifuzz: update to Ubuntu 22.04
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 9 Jun 2022 16:11:37 +0000 (18:11 +0200)]
build: add oss-fuzz switch
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 9 Jun 2022 16:10:27 +0000 (18:10 +0200)]
build: add seccomp build option
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 9 Jun 2022 16:08:27 +0000 (18:08 +0200)]
build: fix build with various options turned off
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 9 Jun 2022 16:07:35 +0000 (18:07 +0200)]
build: tweak build flags
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Stéphane Graber [Thu, 9 Jun 2022 06:02:41 +0000 (02:02 -0400)]
Merge pull request #4141 from lxc/dependabot/github_actions/actions/upload-artifact-3
build(deps): bump actions/upload-artifact from 1 to 3
dependabot[bot] [Thu, 9 Jun 2022 06:01:55 +0000 (06:01 +0000)]
build(deps): bump actions/upload-artifact from 1 to 3
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 1 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v1...v3)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Stéphane Graber [Thu, 9 Jun 2022 06:01:31 +0000 (02:01 -0400)]
Merge pull request #4140 from turrisxyz/Dependabot-GitHub-Actions
chore: Included githubactions in the dependabot config
naveen [Thu, 9 Jun 2022 01:29:39 +0000 (01:29 +0000)]
chore: Included githubactions in the dependabot config
This should help with keeping the GitHub actions updated on new releases. This will also help with keeping it secure.
Dependabot helps in keeping the supply chain secure https://docs.github.com/en/code-security/dependabot
GitHub actions up to date https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot
https://github.com/ossf/scorecard/blob/main/docs/checks.md#dependency-update-tool
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
Christian Brauner [Wed, 8 Jun 2022 22:46:28 +0000 (00:46 +0200)]
Merge pull request #4139 from stgraber/master
Github workflow fixes
Stéphane Graber [Wed, 8 Jun 2022 21:46:50 +0000 (17:46 -0400)]
github: Fix compiler version task for coverity
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Stéphane Graber [Wed, 8 Jun 2022 21:44:08 +0000 (17:44 -0400)]
github: Fix bad syntax in cifuzz
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Christian Brauner [Wed, 8 Jun 2022 18:43:10 +0000 (20:43 +0200)]
Merge pull request #4137 from brauner/2022-06-08.stgraber.master
build: remove autotools and finish meson port
Christian Brauner [Wed, 8 Jun 2022 18:14:23 +0000 (20:14 +0200)]
github/workflows/sanitizers: port sanitizers builds to meson
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 8 Jun 2022 18:12:22 +0000 (20:12 +0200)]
github/workflows: port all workflows to Ubuntu 22.04
So we have a new enough meson version everywhere.
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 8 Jun 2022 18:10:52 +0000 (20:10 +0200)]
github/workflows/cifuzz: ensure necessary paths are added
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 8 Jun 2022 18:08:47 +0000 (20:08 +0200)]
github/workflows/build: remove sanitizer build
We have a separate workflow for this.
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 8 Jun 2022 18:07:21 +0000 (20:07 +0200)]
github/workflows/build: add -Db_lto_mode=default
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 8 Jun 2022 18:06:41 +0000 (20:06 +0200)]
github/workflows/build: install lvvm as well
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 8 Jun 2022 18:05:38 +0000 (20:05 +0200)]
oss-fuzz: more meson options
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 8 Jun 2022 18:03:59 +0000 (20:03 +0200)]
build: lxc-init doesn't need to build the whole config infra
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 8 Jun 2022 18:03:05 +0000 (20:03 +0200)]
build: add additional command line switches
In order to compile for fuzzers where we will need and want to turn a
bunch of things off add command line switches that allow us to do so.
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>