bump compat to 11, fix reloading of lxc.service

Add a patch to add an ExecReload for lxc.service, and use
the new dh_installsystemd instead of the old
dh_systemd_start.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

diff --git a/debian/compat b/debian/compat
index f599e28b8ab0d8c9c57a486c89c4a5132dcbd3b2..b4de3947675361a7770d29b8982c407b0ec6b2a0 100644 (file)
--- a/debian/compat
+++ b/debian/compat
@@ -1 +1 @@
-10
+11

diff --git a/debian/lxc-pve.postinst b/debian/lxc-pve.postinst
index b46e96d906dc6f2de9ca40e19ce3801c5e3e926f..5631b2d7ff8e093bb6ac269f15641cc46b33465e 100644 (file)
--- a/debian/lxc-pve.postinst
+++ b/debian/lxc-pve.postinst
@@ -14,6 +14,8 @@ case "$1" in
        # create subuid/subgui map for root
        # (to run unprivileged containers as root)
        usermod -v 100000-165535 -w 100000-165535 root
+
+       deb-systemd-invoke reload-or-try-restart lxc.service
     ;;
 
     abort-upgrade|abort-remove|abort-deconfigure)

diff --git a/debian/patches/pve/0009-init-add-ExecReload-to-lxc.service-to-only-reload-pr.patch b/debian/patches/pve/0009-init-add-ExecReload-to-lxc.service-to-only-reload-pr.patch
new file mode 100644 (file)
index 0000000..7044ced
--- /dev/null
+++ b/debian/patches/pve/0009-init-add-ExecReload-to-lxc.service-to-only-reload-pr.patch
@@ -0,0 +1,25 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Wolfgang Bumiller <w.bumiller@proxmox.com>
+Date: Wed, 10 Jul 2019 14:29:54 +0200
+Subject: [PATCH] init: add ExecReload to lxc.service to only reload profiles
+
+Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
+---
+ config/init/systemd/lxc.service.in | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/config/init/systemd/lxc.service.in b/config/init/systemd/lxc.service.in
+index 77541917e..e4c086e0a 100644
+--- a/config/init/systemd/lxc.service.in
++++ b/config/init/systemd/lxc.service.in
+@@ -10,6 +10,7 @@ RemainAfterExit=yes
+ ExecStartPre=@LIBEXECDIR@/lxc/lxc-apparmor-load
+ ExecStart=@LIBEXECDIR@/lxc/lxc-containers start
+ ExecStop=@LIBEXECDIR@/lxc/lxc-containers stop
++ExecReload=@LIBEXECDIR@/lxc/lxc-apparmor-load
+ # Environment=BOOTUP=serial
+ # Environment=CONSOLETYPE=serial
+ Delegate=yes
+-- 
+2.20.1
+

diff --git a/debian/patches/series b/debian/patches/series
index 8c979b39e0b855144068fb583f0861e7dd4443e5..978b064c848efefee6f619c8c8d457131748ba44 100644 (file)
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,6 +6,7 @@ pve/0005-PVE-Up-start-initutils-make-cgroupns-separation-leve.patch
 pve/0006-PVE-Config-namespace-separation.patch
 pve/0007-PVE-Up-possibility-to-run-lxc-monitord-as-a-regular-.patch
 pve/0008-PVE-Config-Disable-lxc.monitor-cgroup.patch
+pve/0009-init-add-ExecReload-to-lxc.service-to-only-reload-pr.patch
 extra/0001-conf-use-SYSERROR-on-lxc_write_to_file-errors.patch
 extra/0002-Revert-conf-remove-extra-MS_BIND-with-sysfs-mixed.patch
 extra/0003-CVE-2019-5736-runC-rexec-callers-as-memfd.patch

diff --git a/debian/rules b/debian/rules
index fc40b0a126af222dc5a101cc481789403bdbdb3a..e7f3c416284ec4e3ca6a7519d0f9c84dd228b960 100755 (executable)
--- a/debian/rules
+++ b/debian/rules
@@ -37,5 +37,6 @@ override_dh_install:
        dh_apparmor -p lxc-pve --profile-name=lxc-containers
        dh_install --fail-missing
 
-override_dh_systemd_start:
-       dh_systemd_start --no-restart-on-upgrade
+override_dh_installsystemd:
+       dh_installsystemd -plxc-pve -r lxc-monitord.service lxc-net.service
+       dh_installsystemd -plxc-pve -r --no-restart-after-upgrade lxc.service