From d3bbd2a2505993830875e7a40e7efef2654942a9 Mon Sep 17 00:00:00 2001 From: Wolfgang Bumiller Date: Thu, 11 Jul 2019 12:11:27 +0200 Subject: [PATCH] bump compat to 11, fix reloading of lxc.service Add a patch to add an ExecReload for lxc.service, and use the new dh_installsystemd instead of the old dh_systemd_start. Signed-off-by: Wolfgang Bumiller --- debian/compat | 2 +- debian/lxc-pve.postinst | 2 ++ ...oad-to-lxc.service-to-only-reload-pr.patch | 25 +++++++++++++++++++ debian/patches/series | 1 + debian/rules | 5 ++-- 5 files changed, 32 insertions(+), 3 deletions(-) create mode 100644 debian/patches/pve/0009-init-add-ExecReload-to-lxc.service-to-only-reload-pr.patch diff --git a/debian/compat b/debian/compat index f599e28..b4de394 100644 --- a/debian/compat +++ b/debian/compat @@ -1 +1 @@ -10 +11 diff --git a/debian/lxc-pve.postinst b/debian/lxc-pve.postinst index b46e96d..5631b2d 100644 --- a/debian/lxc-pve.postinst +++ b/debian/lxc-pve.postinst @@ -14,6 +14,8 @@ case "$1" in # create subuid/subgui map for root # (to run unprivileged containers as root) usermod -v 100000-165535 -w 100000-165535 root + + deb-systemd-invoke reload-or-try-restart lxc.service ;; abort-upgrade|abort-remove|abort-deconfigure) diff --git a/debian/patches/pve/0009-init-add-ExecReload-to-lxc.service-to-only-reload-pr.patch b/debian/patches/pve/0009-init-add-ExecReload-to-lxc.service-to-only-reload-pr.patch new file mode 100644 index 0000000..7044ced --- /dev/null +++ b/debian/patches/pve/0009-init-add-ExecReload-to-lxc.service-to-only-reload-pr.patch @@ -0,0 +1,25 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Wolfgang Bumiller +Date: Wed, 10 Jul 2019 14:29:54 +0200 +Subject: [PATCH] init: add ExecReload to lxc.service to only reload profiles + +Signed-off-by: Wolfgang Bumiller +--- + config/init/systemd/lxc.service.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/config/init/systemd/lxc.service.in b/config/init/systemd/lxc.service.in +index 77541917e..e4c086e0a 100644 +--- a/config/init/systemd/lxc.service.in ++++ b/config/init/systemd/lxc.service.in +@@ -10,6 +10,7 @@ RemainAfterExit=yes + ExecStartPre=@LIBEXECDIR@/lxc/lxc-apparmor-load + ExecStart=@LIBEXECDIR@/lxc/lxc-containers start + ExecStop=@LIBEXECDIR@/lxc/lxc-containers stop ++ExecReload=@LIBEXECDIR@/lxc/lxc-apparmor-load + # Environment=BOOTUP=serial + # Environment=CONSOLETYPE=serial + Delegate=yes +-- +2.20.1 + diff --git a/debian/patches/series b/debian/patches/series index 8c979b3..978b064 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -6,6 +6,7 @@ pve/0005-PVE-Up-start-initutils-make-cgroupns-separation-leve.patch pve/0006-PVE-Config-namespace-separation.patch pve/0007-PVE-Up-possibility-to-run-lxc-monitord-as-a-regular-.patch pve/0008-PVE-Config-Disable-lxc.monitor-cgroup.patch +pve/0009-init-add-ExecReload-to-lxc.service-to-only-reload-pr.patch extra/0001-conf-use-SYSERROR-on-lxc_write_to_file-errors.patch extra/0002-Revert-conf-remove-extra-MS_BIND-with-sysfs-mixed.patch extra/0003-CVE-2019-5736-runC-rexec-callers-as-memfd.patch diff --git a/debian/rules b/debian/rules index fc40b0a..e7f3c41 100755 --- a/debian/rules +++ b/debian/rules @@ -37,5 +37,6 @@ override_dh_install: dh_apparmor -p lxc-pve --profile-name=lxc-containers dh_install --fail-missing -override_dh_systemd_start: - dh_systemd_start --no-restart-on-upgrade +override_dh_installsystemd: + dh_installsystemd -plxc-pve -r lxc-monitord.service lxc-net.service + dh_installsystemd -plxc-pve -r --no-restart-after-upgrade lxc.service -- 2.39.2