merge 2 fixups:

* Revert "conf: remove extra MS_BIND with sysfs:mixed"
    This should let privileged Ubuntu 14.04 containers boot
    again.

* conf: use SYSERROR on lxc_write_to_file errors
    Slightly more useful error output in a specific error
    case.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

diff --git a/debian/patches/extra/0001-conf-use-SYSERROR-on-lxc_write_to_file-errors.patch b/debian/patches/extra/0001-conf-use-SYSERROR-on-lxc_write_to_file-errors.patch
new file mode 100644 (file)
index 0000000..7daef14
--- /dev/null
+++ b/debian/patches/extra/0001-conf-use-SYSERROR-on-lxc_write_to_file-errors.patch
@@ -0,0 +1,39 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Wolfgang Bumiller <w.bumiller@proxmox.com>
+Date: Fri, 4 Jan 2019 12:05:49 +0100
+Subject: [PATCH] conf: use SYSERROR on lxc_write_to_file errors
+
+Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
+---
+ src/lxc/conf.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/lxc/conf.c b/src/lxc/conf.c
+index 3d0e4a19..0d86d66e 100644
+--- a/src/lxc/conf.c
++++ b/src/lxc/conf.c
+@@ -2681,8 +2681,8 @@ int setup_sysctl_parameters(struct lxc_list *sysctls)
+               ret = lxc_write_to_file(filename, elem->value,
+                                       strlen(elem->value), false, 0666);
+               if (ret < 0) {
+-                      ERROR("Failed to setup sysctl parameters %s to %s",
+-                            elem->key, elem->value);
++                      SYSERROR("Failed to setup sysctl parameters %s to %s",
++                               elem->key, elem->value);
+                       return -1;
+               }
+       }
+@@ -2716,8 +2716,8 @@ int setup_proc_filesystem(struct lxc_list *procs, pid_t pid)
+               ret = lxc_write_to_file(filename, elem->value,
+                                       strlen(elem->value), false, 0666);
+               if (ret < 0) {
+-                      ERROR("Failed to setup proc filesystem %s to %s",
+-                            elem->filename, elem->value);
++                      SYSERROR("Failed to setup proc filesystem %s to %s",
++                               elem->filename, elem->value);
+                       return -1;
+               }
+       }
+-- 
+2.11.0
+

diff --git a/debian/patches/extra/0002-Revert-conf-remove-extra-MS_BIND-with-sysfs-mixed.patch b/debian/patches/extra/0002-Revert-conf-remove-extra-MS_BIND-with-sysfs-mixed.patch
new file mode 100644 (file)
index 0000000..b7f7f48
--- /dev/null
+++ b/debian/patches/extra/0002-Revert-conf-remove-extra-MS_BIND-with-sysfs-mixed.patch
@@ -0,0 +1,31 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Wolfgang Bumiller <w.bumiller@proxmox.com>
+Date: Thu, 17 Jan 2019 09:16:16 +0100
+Subject: [PATCH] Revert "conf: remove extra MS_BIND with sysfs:mixed"
+
+This reverts commit 51a922baf724689ff3a0df938ca8975601c9c815.
+
+The above commit confuses the mountall unit of privileged
+Ubuntu 14.04 containers at startup so that they cannot
+finish booting.
+
+Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
+---
+ src/lxc/conf.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/lxc/conf.c b/src/lxc/conf.c
+index 0d86d66e..7263d0e1 100644
+--- a/src/lxc/conf.c
++++ b/src/lxc/conf.c
+@@ -690,6 +690,7 @@ static int lxc_mount_auto_mounts(struct lxc_conf *conf, int flags, struct lxc_ha
+               { LXC_AUTO_SYS_MASK,  LXC_AUTO_SYS_RW,     "sysfs",                                          "%r/sys",                     "sysfs", 0,                                               NULL },
+               { LXC_AUTO_SYS_MASK,  LXC_AUTO_SYS_RO,     "sysfs",                                          "%r/sys",                     "sysfs", MS_RDONLY,                                       NULL },
+               { LXC_AUTO_SYS_MASK,  LXC_AUTO_SYS_MIXED,  "sysfs",                                          "%r/sys",                     "sysfs", MS_NODEV|MS_NOEXEC|MS_NOSUID,                    NULL },
++              { LXC_AUTO_SYS_MASK,  LXC_AUTO_SYS_MIXED,  "%r/sys",                                         "%r/sys",                     NULL,    MS_BIND,                                         NULL },
+               { LXC_AUTO_SYS_MASK,  LXC_AUTO_SYS_MIXED,  NULL,                                             "%r/sys",                     NULL,    MS_REMOUNT|MS_BIND|MS_RDONLY,                    NULL },
+               { LXC_AUTO_SYS_MASK,  LXC_AUTO_SYS_MIXED,  "sysfs",                                          "%r/sys/devices/virtual/net", "sysfs", 0,                                               NULL },
+               { LXC_AUTO_SYS_MASK,  LXC_AUTO_SYS_MIXED,  "%r/sys/devices/virtual/net/devices/virtual/net", "%r/sys/devices/virtual/net", NULL,    MS_BIND,                                         NULL },
+-- 
+2.11.0
+

diff --git a/debian/patches/series b/debian/patches/series
index ed2f2fc97d022ed3e28a9118f08ea1514a65eeb2..2b7ee4cd046945a6ff44724a4bf324eefa77f090 100644 (file)
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,3 +6,5 @@ pve/0005-PVE-Up-start-initutils-make-cgroupns-separation-leve.patch
 pve/0006-PVE-Config-namespace-separation.patch
 pve/0007-PVE-Up-possibility-to-run-lxc-monitord-as-a-regular-.patch
 pve/0008-PVE-Config-Disable-lxc.monitor-cgroup.patch
+extra/0001-conf-use-SYSERROR-on-lxc_write_to_file-errors.patch
+extra/0002-Revert-conf-remove-extra-MS_BIND-with-sysfs-mixed.patch