update to lxc 6.0

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

diff --git a/debian/control b/debian/control
index 0b9fe38b8f9f70e98c8c0029cbaec7cea5c23d5f..f7167c01fcfec355ce56025c63590a9638ea7e75 100644 (file)
--- a/debian/control
+++ b/debian/control
@@ -10,6 +10,7 @@ Build-Depends: bash-completion,
                graphviz,
                libapparmor-dev,
                libcap-dev,
+               libdbus-1-dev,
                libgnutls28-dev,
                libseccomp-dev (>= 2.4~),
                linux-libc-dev,

diff --git a/debian/patches/extra/0001-apparmor-don-t-try-to-mmap-empty-files.patch b/debian/patches/extra/0001-apparmor-don-t-try-to-mmap-empty-files.patch
deleted file mode 100644 (file)
index 488393e..0000000
--- a/debian/patches/extra/0001-apparmor-don-t-try-to-mmap-empty-files.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Wolfgang Bumiller <w.bumiller@proxmox.com>
-Date: Mon, 27 Feb 2023 11:02:43 +0100
-Subject: [PATCH] apparmor: don't try to mmap empty files
-
-In case empty profile files linger somehow (eg. powerloss or
-oom killer etc. between creating and writing the file) we
-tried to use mmap() with a length of 0 which is invalid.
-Let's treat this as if it did not exist.
-
-Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
----
- src/lxc/lsm/apparmor.c | 14 ++++++++------
- 1 file changed, 8 insertions(+), 6 deletions(-)
-
-diff --git a/src/lxc/lsm/apparmor.c b/src/lxc/lsm/apparmor.c
-index 23af021aa..685d3b9ef 100644
---- a/src/lxc/lsm/apparmor.c
-+++ b/src/lxc/lsm/apparmor.c
-@@ -973,12 +973,14 @@ static int load_apparmor_profile(struct lsm_ops *ops, struct lxc_conf *conf, con
-                       goto out;
-               }
-               old_len = profile_sb.st_size;
--              old_content = lxc_strmmap(NULL, old_len, PROT_READ,
--                                        MAP_PRIVATE, profile_fd, 0);
--              if (old_content == MAP_FAILED) {
--                      SYSERROR("Failed to mmap old profile from %s",
--                               profile_path);
--                      goto out;
-+              if (old_len) {
-+                      old_content = lxc_strmmap(NULL, old_len, PROT_READ,
-+                                                MAP_PRIVATE, profile_fd, 0);
-+                      if (old_content == MAP_FAILED) {
-+                              SYSERROR("Failed to mmap old profile from %s",
-+                                       profile_path);
-+                              goto out;
-+                      }
-               }
-       } else if (errno != ENOENT) {
-               SYSERROR("Error reading old profile from %s", profile_path);
--- 
-2.30.2
-

diff --git a/debian/patches/pve/0001-PVE-Config-deny-rw-mounting-of-sys-and-proc.patch b/debian/patches/pve/0001-PVE-Config-deny-rw-mounting-of-sys-and-proc.patch
index d0255cdaca6ab24ab7b35b512304f6e2ae9dec2b..65eb7bc09d12580e9dfcf9cb0311fc042bedc2d3 100644 (file)
--- a/debian/patches/pve/0001-PVE-Config-deny-rw-mounting-of-sys-and-proc.patch
+++ b/debian/patches/pve/0001-PVE-Config-deny-rw-mounting-of-sys-and-proc.patch
@@ -1,7 +1,7 @@
 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
 Date: Wed, 9 Nov 2016 09:14:26 +0100
-Subject: [PATCH 2/3] PVE: [Config] deny rw mounting of /sys and /proc
+Subject: [PATCH 1/2] PVE: [Config] deny rw mounting of /sys and /proc
 
 Note that we don't actually make use of this anymore, since
 we switched to the generated profiles which already do this.
@@ -65,5 +65,5 @@ index 2606fb64c..3e61c62ea 100644
    # FIXME: This currently doesn't work due to the apparmor parser treating those as allowing all mounts.
  #  mount options=(rw,make-slave) -> **,
 -- 
-2.30.2
+2.39.2
 

diff --git a/debian/patches/pve/0002-PVE-Config-attach-always-use-getent.patch b/debian/patches/pve/0002-PVE-Config-attach-always-use-getent.patch
index 26f51629a59ccb4936024c2134afa71a480b78b3..457751b305674cdf17b55838877e202b56432d44 100644 (file)
--- a/debian/patches/pve/0002-PVE-Config-attach-always-use-getent.patch
+++ b/debian/patches/pve/0002-PVE-Config-attach-always-use-getent.patch
@@ -1,7 +1,7 @@
 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Wolfgang Bumiller <w.bumiller@proxmox.com>
 Date: Tue, 13 Aug 2019 13:57:22 +0200
-Subject: [PATCH 3/3] PVE: [Config] attach: always use getent
+Subject: [PATCH 2/2] PVE: [Config] attach: always use getent
 
 In debian buster, some libnss plugins (if installed) can
 cause getpwent to segfault instead of erroring out cleanly.
@@ -13,7 +13,7 @@ Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
  1 file changed, 2 insertions(+), 27 deletions(-)
 
 diff --git a/src/lxc/attach.c b/src/lxc/attach.c
-index f086e96c4..9969f2d8e 100644
+index 8f2f7a37c..a8684808c 100644
 --- a/src/lxc/attach.c
 +++ b/src/lxc/attach.c
 @@ -1843,45 +1843,21 @@ int lxc_attach_run_command(void *payload)
@@ -74,5 +74,5 @@ index f086e96c4..9969f2d8e 100644
        return -1;
  }
 -- 
-2.30.2
+2.39.2
 

diff --git a/debian/patches/series b/debian/patches/series
index 38251d7b21f1f357fa8c3e7121db5257c8bf520f..344756a4b9bbc589150a77bf0465b270a9cf230b 100644 (file)
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,2 @@
-extra/0001-apparmor-don-t-try-to-mmap-empty-files.patch
 pve/0001-PVE-Config-deny-rw-mounting-of-sys-and-proc.patch
 pve/0002-PVE-Config-attach-always-use-getent.patch

diff --git a/lxc b/lxc
index d571736812b89e195bee69b900fe09115a1e7e00..3dee5fb88c6f77496dbcab46f31bcd891c9ee4e0 160000 (submodule)
--- a/lxc
+++ b/lxc
@@ -1 +1 @@
-Subproject commit d571736812b89e195bee69b900fe09115a1e7e00
+Subproject commit 3dee5fb88c6f77496dbcab46f31bcd891c9ee4e0