All of lore.kernel.org
 help / color / mirror / Atom feed
* [meta-virtualization][master][PATCH] lxc: Fix -c command for lxc-attach
@ 2021-09-15 10:47 sana kazi
  2021-09-15 15:29 ` Bruce Ashfield
  0 siblings, 1 reply; 2+ messages in thread
From: sana kazi @ 2021-09-15 10:47 UTC (permalink / raw)
  To: meta-virtualization; +Cc: Sana Kazi

Added fix_c_command.patch the -c command seems to be broken because
the passed context is ignored and always overwritten by the context
specified in the config file.

Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Sana Kazi <sanakazisk19@gmail.com>
---
 .../lxc/files/fix_c_command.patch             | 36 +++++++++++++++++++
 recipes-containers/lxc/lxc_4.0.9.bb           |  1 +
 2 files changed, 37 insertions(+)
 create mode 100644 recipes-containers/lxc/files/fix_c_command.patch

diff --git a/recipes-containers/lxc/files/fix_c_command.patch b/recipes-containers/lxc/files/fix_c_command.patch
new file mode 100644
index 0000000..1ed8daf
--- /dev/null
+++ b/recipes-containers/lxc/files/fix_c_command.patch
@@ -0,0 +1,36 @@
+From 9becf309a81806ef08acf9ca99ab95c1bcfa1f65 Mon Sep 17 00:00:00 2001
+From: Maximilian Blenk <Maximilian.Blenk@bmw.de>
+Date: Mon, 23 Aug 2021 15:39:28 +0200
+Subject: [PATCH] attach: Fix -c command
+
+Currently, the -c command (to set the selinux context) seems to be
+broken because the passed context is ignored and always overwritten by
+the context specified in the config file. The intention behind the -c
+imho was to be able to manually overwrite this behavior. This patch
+ensures that the selinux context will be set if passed via the command
+line.
+
+Signed-off-by: Maximilian Blenk <Maximilian.Blenk@bmw.de>
+---
+ src/lxc/tools/lxc_attach.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+Upstream-Status: Backport [https://github.com/lxc/lxc/commit/9becf309a81806ef08acf9ca99ab95c1bcfa1f65.patch]
+Comment: No change in any hunk
+
+diff --git a/src/lxc/tools/lxc_attach.c b/src/lxc/tools/lxc_attach.c
+index 0374d980b4..e6b388b20c 100644
+--- a/src/lxc/tools/lxc_attach.c
++++ b/src/lxc/tools/lxc_attach.c
+@@ -379,7 +379,10 @@ int main(int argc, char *argv[])
+ 		attach_options.gid = my_args.gid;
+ 
+ 	// selinux_context will be NULL if not set
+-	attach_options.lsm_label = selinux_context;
++	if (selinux_context) {
++		attach_options.attach_flags |= LXC_ATTACH_LSM_LABEL;
++		attach_options.lsm_label = selinux_context;
++	}
+ 
+ 	if (command.program) {
+ 		ret = c->attach_run_wait(c, &attach_options, command.program,
diff --git a/recipes-containers/lxc/lxc_4.0.9.bb b/recipes-containers/lxc/lxc_4.0.9.bb
index 6720733..c45ae5c 100644
--- a/recipes-containers/lxc/lxc_4.0.9.bb
+++ b/recipes-containers/lxc/lxc_4.0.9.bb
@@ -50,6 +50,7 @@ SRC_URI = "http://linuxcontainers.org/downloads/${BPN}/${BPN}-${PV}.tar.gz \
 	file://dnsmasq.conf \
 	file://lxc-net \
         file://enable_seccomp_profile_when_compiled_libseccomp.patch \
+        file://fix_c_command.patch \
 	"
 
 SRC_URI[md5sum] = "365fcca985038910e19a1e0fff15ed07"
-- 
2.17.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [meta-virtualization][master][PATCH] lxc: Fix -c command for lxc-attach
  2021-09-15 10:47 [meta-virtualization][master][PATCH] lxc: Fix -c command for lxc-attach sana kazi
@ 2021-09-15 15:29 ` Bruce Ashfield
  0 siblings, 0 replies; 2+ messages in thread
From: Bruce Ashfield @ 2021-09-15 15:29 UTC (permalink / raw)
  To: sana kazi; +Cc: meta-virtualization

Since this change is part of lxc 4.0.10, I did the version bump.

At the same time, I switched the recipe to _git (as I've wanted to for
a while), so I can more easily debug things.

I had a LOT of issues with the lxc-download template and images
servers, but I was able to verify basic functionality.

Can you rebase this series on top of master-next, and resend the second patch ?

Bruce

On Wed, Sep 15, 2021 at 6:47 AM sana kazi <sanakazisk19@gmail.com> wrote:
>
> Added fix_c_command.patch the -c command seems to be broken because
> the passed context is ignored and always overwritten by the context
> specified in the config file.
>
> Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
> Signed-off-by: Sana Kazi <sanakazisk19@gmail.com>
> ---
>  .../lxc/files/fix_c_command.patch             | 36 +++++++++++++++++++
>  recipes-containers/lxc/lxc_4.0.9.bb           |  1 +
>  2 files changed, 37 insertions(+)
>  create mode 100644 recipes-containers/lxc/files/fix_c_command.patch
>
> diff --git a/recipes-containers/lxc/files/fix_c_command.patch b/recipes-containers/lxc/files/fix_c_command.patch
> new file mode 100644
> index 0000000..1ed8daf
> --- /dev/null
> +++ b/recipes-containers/lxc/files/fix_c_command.patch
> @@ -0,0 +1,36 @@
> +From 9becf309a81806ef08acf9ca99ab95c1bcfa1f65 Mon Sep 17 00:00:00 2001
> +From: Maximilian Blenk <Maximilian.Blenk@bmw.de>
> +Date: Mon, 23 Aug 2021 15:39:28 +0200
> +Subject: [PATCH] attach: Fix -c command
> +
> +Currently, the -c command (to set the selinux context) seems to be
> +broken because the passed context is ignored and always overwritten by
> +the context specified in the config file. The intention behind the -c
> +imho was to be able to manually overwrite this behavior. This patch
> +ensures that the selinux context will be set if passed via the command
> +line.
> +
> +Signed-off-by: Maximilian Blenk <Maximilian.Blenk@bmw.de>
> +---
> + src/lxc/tools/lxc_attach.c | 5 ++++-
> + 1 file changed, 4 insertions(+), 1 deletion(-)
> +
> +Upstream-Status: Backport [https://github.com/lxc/lxc/commit/9becf309a81806ef08acf9ca99ab95c1bcfa1f65.patch]
> +Comment: No change in any hunk
> +
> +diff --git a/src/lxc/tools/lxc_attach.c b/src/lxc/tools/lxc_attach.c
> +index 0374d980b4..e6b388b20c 100644
> +--- a/src/lxc/tools/lxc_attach.c
> ++++ b/src/lxc/tools/lxc_attach.c
> +@@ -379,7 +379,10 @@ int main(int argc, char *argv[])
> +               attach_options.gid = my_args.gid;
> +
> +       // selinux_context will be NULL if not set
> +-      attach_options.lsm_label = selinux_context;
> ++      if (selinux_context) {
> ++              attach_options.attach_flags |= LXC_ATTACH_LSM_LABEL;
> ++              attach_options.lsm_label = selinux_context;
> ++      }
> +
> +       if (command.program) {
> +               ret = c->attach_run_wait(c, &attach_options, command.program,
> diff --git a/recipes-containers/lxc/lxc_4.0.9.bb b/recipes-containers/lxc/lxc_4.0.9.bb
> index 6720733..c45ae5c 100644
> --- a/recipes-containers/lxc/lxc_4.0.9.bb
> +++ b/recipes-containers/lxc/lxc_4.0.9.bb
> @@ -50,6 +50,7 @@ SRC_URI = "http://linuxcontainers.org/downloads/${BPN}/${BPN}-${PV}.tar.gz \
>         file://dnsmasq.conf \
>         file://lxc-net \
>          file://enable_seccomp_profile_when_compiled_libseccomp.patch \
> +        file://fix_c_command.patch \
>         "
>
>  SRC_URI[md5sum] = "365fcca985038910e19a1e0fff15ed07"
> --
> 2.17.1
>
>
> 
>


-- 
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-09-15 15:29 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-15 10:47 [meta-virtualization][master][PATCH] lxc: Fix -c command for lxc-attach sana kazi
2021-09-15 15:29 ` Bruce Ashfield

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.