update patches for lxc-4.0.12

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

debian/patches/pve/0001-allow-running-lxc-monitord-as-a-system-daemon.patch

@@ -18,10 +18,10 @@ Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
  5 files changed, 41 insertions(+), 12 deletions(-)
 
 diff --git a/.gitignore b/.gitignore
-index 5070196cc..9f34f9b1e 100644
+index fbe965b04..cd78e21cd 100644
 --- a/.gitignore
 +++ b/.gitignore
-@@ -124,6 +124,7 @@ config/bash/lxc
+@@ -126,6 +126,7 @@ config/bash/lxc
  config/init/common/lxc-containers
  config/init/common/lxc-net
  config/init/systemd/lxc-autostart-helper
@@ -60,10 +60,10 @@ index c448850d1..4a4fde5e7 100644
  
  pkglibexec_SCRIPTS = lxc-apparmor-load
 diff --git a/configure.ac b/configure.ac
-index e3a0c70bd..2bbf5dd4d 100644
+index f9fbd7273..079d0d990 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -909,6 +909,7 @@ AC_CONFIG_FILES([
+@@ -908,6 +908,7 @@ AC_CONFIG_FILES([
  	config/init/systemd/lxc.service
  	config/init/systemd/lxc@.service
  	config/init/systemd/lxc-net.service

debian/patches/pve/0002-introduce-lxc.cgroup.dir.-monitor-container-containe.patch

@@ -29,7 +29,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  2 files changed, 171 insertions(+)
 
 diff --git a/doc/lxc.container.conf.sgml.in b/doc/lxc.container.conf.sgml.in
-index 6c9271130..3bf62f082 100644
+index c1054ddbc..0fda37b5e 100644
 --- a/doc/lxc.container.conf.sgml.in
 +++ b/doc/lxc.container.conf.sgml.in
 @@ -1801,6 +1801,53 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
@@ -87,7 +87,7 @@ index 6c9271130..3bf62f082 100644
            <term>
              <option>lxc.cgroup.relative</option>
 diff --git a/src/lxc/confile.c b/src/lxc/confile.c
-index 213688060..23ed7837c 100644
+index 5cb3ecfac..0929ba165 100644
 --- a/src/lxc/confile.c
 +++ b/src/lxc/confile.c
 @@ -67,6 +67,9 @@ lxc_config_define(cap_keep);
@@ -159,7 +159,7 @@ index 213688060..23ed7837c 100644
  static int set_config_cgroup_relative(const char *key, const char *value,
  				      struct lxc_conf *lxc_conf, void *data)
  {
-@@ -3707,6 +3755,58 @@ static int get_config_cgroup_dir(const char *key, char *retv, int inlen,
+@@ -3711,6 +3759,58 @@ static int get_config_cgroup_dir(const char *key, char *retv, int inlen,
  	return fulllen;
  }
  
@@ -218,7 +218,7 @@ index 213688060..23ed7837c 100644
  static inline int get_config_cgroup_relative(const char *key, char *retv,
  					     int inlen, struct lxc_conf *lxc_conf,
  					     void *data)
-@@ -4568,6 +4668,30 @@ static int clr_config_cgroup_dir(const char *key, struct lxc_conf *lxc_conf,
+@@ -4572,6 +4672,30 @@ static int clr_config_cgroup_dir(const char *key, struct lxc_conf *lxc_conf,
  	return 0;
  }
  

debian/patches/pve/0003-doc-s-lxc.cgroup.container.namespace-lxc.cgroup.cont.patch

@@ -10,7 +10,7 @@ Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
  1 file changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/doc/lxc.container.conf.sgml.in b/doc/lxc.container.conf.sgml.in
-index 3bf62f082..490793ddb 100644
+index 0fda37b5e..988b846e4 100644
 --- a/doc/lxc.container.conf.sgml.in
 +++ b/doc/lxc.container.conf.sgml.in
 @@ -1813,7 +1813,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA

debian/patches/pve/0004-confile-coding-style-fixes-for-set_config_cgroup_con.patch

@@ -10,7 +10,7 @@ Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
  1 file changed, 3 insertions(+), 8 deletions(-)
 
 diff --git a/src/lxc/confile.c b/src/lxc/confile.c
-index 23ed7837c..c7e7887f3 100644
+index 0929ba165..0fdd4fa01 100644
 --- a/src/lxc/confile.c
 +++ b/src/lxc/confile.c
 @@ -1873,19 +1873,14 @@ static int set_config_cgroup_container_inner_dir(const char *key,

debian/patches/pve/0005-api-extensions-add-and-document-cgroup_advanced_isol.patch

@@ -11,7 +11,7 @@ Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
  2 files changed, 5 insertions(+)
 
 diff --git a/doc/api-extensions.md b/doc/api-extensions.md
-index cdf82f937..6f9e1621d 100644
+index 98686f9ed..fe1b1bdb7 100644
 --- a/doc/api-extensions.md
 +++ b/doc/api-extensions.md
 @@ -136,6 +136,10 @@ Retrieve the seccomp notifier fd from a running container.
@@ -26,13 +26,13 @@ index cdf82f937..6f9e1621d 100644
  
  Whether this LXC instance can handle idmapped mounts for the rootfs.
 diff --git a/src/lxc/api_extensions.h b/src/lxc/api_extensions.h
-index c2509207d..ae71ff18e 100644
+index d99adacbe..a10f2e5f3 100644
 --- a/src/lxc/api_extensions.h
 +++ b/src/lxc/api_extensions.h
-@@ -41,6 +41,7 @@ static char *api_extensions[] = {
+@@ -45,6 +45,7 @@ static char *api_extensions[] = {
- 	"devpts_fd",
  	"seccomp_notify_fd_active",
  	"seccomp_proxy_send_notify_fd",
+ #endif /* HAVE_DECL_SECCOMP_NOTIFY_FD */
 +	"cgroup_advanced_isolation",
  	"idmapped_mounts",
  	"idmapped_mounts_v2",

debian/patches/pve/0006-doc-Add-lxc.cgroup.dir.-monitor-container-container..patch

@@ -12,10 +12,10 @@ Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
  1 file changed, 57 insertions(+)
 
 diff --git a/doc/ja/lxc.container.conf.sgml.in b/doc/ja/lxc.container.conf.sgml.in
-index 05ae2f441..9ad6627ab 100644
+index c4d6c962e..0dd6dc487 100644
 --- a/doc/ja/lxc.container.conf.sgml.in
 +++ b/doc/ja/lxc.container.conf.sgml.in
-@@ -2389,6 +2389,63 @@ by KATOH Yasufumi <karma at jazz.email.ne.jp>
+@@ -2425,6 +2425,63 @@ by KATOH Yasufumi <karma at jazz.email.ne.jp>
              </para>
            </listitem>
          </varlistentry>

debian/patches/pve/0009-PVE-Config-attach-always-use-getent.patch

@@ -13,7 +13,7 @@ Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
  1 file changed, 2 insertions(+), 26 deletions(-)
 
 diff --git a/src/lxc/attach.c b/src/lxc/attach.c
-index cd526ab6b..845270ee5 100644
+index 77da7bb45..9b98d842b 100644
 --- a/src/lxc/attach.c
 +++ b/src/lxc/attach.c
 @@ -1841,12 +1841,8 @@ int lxc_attach_run_command(void *payload)

debian/patches/pve/0010-Revert-initutils-use-vfork-in-lxc_container_init.patch

@@ -1,30 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Wolfgang Bumiller <w.bumiller@proxmox.com>
-Date: Sat, 13 Nov 2021 18:20:13 +0100
-Subject: [PATCH lxc] Revert "initutils: use vfork() in lxc_container_init()"
-
-This reverts commit d65e5e492f740bbb50e3005f97420c3ddae3d595.
-
-With vfork the child process modifies the parent's memory,
-so the calls to `signal`, `fprintf` and regular `exit` may
-be dangerous and might cause conflicting states in the
-parent.
-
-Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
----
- src/lxc/initutils.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/lxc/initutils.c b/src/lxc/initutils.c
-index 24baecc88..72278c1f1 100644
---- a/src/lxc/initutils.c
-+++ b/src/lxc/initutils.c
-@@ -551,7 +551,7 @@ __noreturn int lxc_container_init(int argc, char *const *argv, bool quiet)
- 
- 	remove_self();
- 
--	pid = vfork();
-+	pid = fork();
- 	if (pid < 0)
- 		exit(EXIT_FAILURE);
- 

debian/patches/pve/0011-use-2-sysfs-instances-for-sys-mixed.patch

@@ -1,76 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Wolfgang Bumiller <w.bumiller@proxmox.com>
-Date: Fri, 3 Dec 2021 09:13:11 +0100
-Subject: [PATCH lxc] use 2 sysfs instances for sys:mixed
-
-In order to facilitate this, the default mount list's
-'destination' may now be NULL to mean that the source should
-be unmounted instead.
-
-Here's what we need to do:
-
-1) Ensure the first sysfs mount point is writable.
-2) Mount a read-only sysfs on /sys
-3) Bind devices/virtual/net *writably* into /sys
-
-We use /proc/sys as a staging directory for the first sysfs
-mount in read-write mode, then mount /sys r/o. Afterwards we
-bind the r/w devices/virtual/net and unmount the staging
-/proc/sys mount point.
-
-The staging directory would not be required with the new
-mount API, but this way we can support the old API and keep
-the general workflow in the `default_mounts`.
-
-Once we drop support for the old mount API, the
-default_mounts table could just get a subdirectory field to
-mount subdirectories directly.
-
-Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
----
- src/lxc/conf.c | 19 ++++++++++++++-----
- 1 file changed, 14 insertions(+), 5 deletions(-)
-
-diff --git a/src/lxc/conf.c b/src/lxc/conf.c
-index 8e068b8ac..c9ab285d8 100644
---- a/src/lxc/conf.c
-+++ b/src/lxc/conf.c
-@@ -708,9 +708,11 @@ static int lxc_mount_auto_mounts(struct lxc_handler *handler, int flags)
- 		{ LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_RW,    "proc",                                           "%r/proc",                    "proc",  MS_NODEV|MS_NOEXEC|MS_NOSUID,                    NULL, false },
- 		{ LXC_AUTO_SYS_MASK,  LXC_AUTO_SYS_RW,     "sysfs",                                          "%r/sys",                     "sysfs", 0,                                               NULL, false },
- 		{ LXC_AUTO_SYS_MASK,  LXC_AUTO_SYS_RO,     "sysfs",                                          "%r/sys",                     "sysfs", MS_RDONLY,                                       NULL, false },
-+		/* /proc/sys is used as a temporary staging directory for the read-write sysfs mount and unmounted after binding net */
-+		{ LXC_AUTO_SYS_MASK,  LXC_AUTO_SYS_MIXED,  "sysfs",                                          "%r/proc/sys",                "sysfs", MS_NOSUID|MS_NODEV|MS_NOEXEC,                    NULL, false },
- 		{ LXC_AUTO_SYS_MASK,  LXC_AUTO_SYS_MIXED,  "sysfs",                                          "%r/sys",                     "sysfs", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_NOEXEC,          NULL, false },
--		{ LXC_AUTO_SYS_MASK,  LXC_AUTO_SYS_MIXED,  "%r/sys/devices/virtual/net",                     "%r/sys/devices/virtual/net",  NULL,   MS_BIND,                                         NULL, false },
--		{ LXC_AUTO_SYS_MASK,  LXC_AUTO_SYS_MIXED,  NULL,                                             "%r/sys/devices/virtual/net",  NULL,   MS_REMOUNT|MS_NOSUID|MS_NODEV|MS_NOEXEC,         NULL, false },
-+		{ LXC_AUTO_SYS_MASK,  LXC_AUTO_SYS_MIXED,  "%r/proc/sys/devices/virtual/net",                "%r/sys/devices/virtual/net", NULL,    MS_BIND,                                         NULL, false },
-+		{ LXC_AUTO_SYS_MASK,  LXC_AUTO_SYS_MIXED,  "%r/proc/sys",                                    NULL,                         NULL,    0,                                               NULL, false },
- 		{ 0,                  0,                   NULL,                                             NULL,                         NULL,    0,                                               NULL, false }
- 	};
- 	struct lxc_conf *conf = handler->conf;
-@@ -778,14 +780,21 @@ static int lxc_mount_auto_mounts(struct lxc_handler *handler, int flags)
- 				return syserror_set(-ENOMEM, "Failed to create source path");
- 		}
- 
--		if (!default_mounts[i].destination)
--			return syserror_set(-EINVAL, "BUG: auto mounts destination %d was NULL", i);
--
- 		if (!has_cap_net_admin && default_mounts[i].requires_cap_net_admin) {
- 			TRACE("Container does not have CAP_NET_ADMIN. Skipping \"%s\" mount", default_mounts[i].source ?: "(null)");
- 			continue;
- 		}
- 
-+		if (!default_mounts[i].destination) {
-+			ret = umount2(source, MNT_DETACH);
-+			if (ret < 0)
-+				return log_error_errno(-1, errno,
-+						       "Failed to unmount \"%s\"",
-+						       source);
-+			TRACE("Unmounted automount \"%s\"", source);
-+			continue;
-+		}
-+
- 		/* will act like strdup if %r is not present */
- 		destination = lxc_string_replace("%r", rootfs->path ? rootfs->mount : "", default_mounts[i].destination);
- 		if (!destination)

debian/patches/series

@@ -7,5 +7,3 @@ pve/0006-doc-Add-lxc.cgroup.dir.-monitor-container-container..patch
 pve/0007-PVE-Config-lxc.service-start-after-a-potential-syslo.patch
 pve/0008-PVE-Config-deny-rw-mounting-of-sys-and-proc.patch
 pve/0009-PVE-Config-attach-always-use-getent.patch
-pve/0010-Revert-initutils-use-vfork-in-lxc_container_init.patch
-pve/0011-use-2-sysfs-instances-for-sys-mixed.patch