This is purely so that we can do static linking. Linking against
libsystemd makes that a challenge because while it's perfectly simple
to do, distros tend not to provide a libsystemd.a.
Tools that want to (a) link against liblxc and (b) have a statically
linked binary to bind into a minimal container are ill served by
this. So link against libdbus-1.
.github/workflows/build.yml: switch to dbus-1.
src/lxc/cgroups/cgfsng.c: replace the unpriv_systemd_create_scope(),
start_scope, and enter_scope() systemd code with dbus-1 code.
src/tests/oss-fuzz.sh: update from libsystemd-dev to libdbus-1-dev
src/tests/oss-fuzz.sh: disable dbus
.github/workflows/*: update from libsystemd-dev to libdbus-1-dev
meson.build and meson_options.txt: switch from sd_bus to dbus
lxc.spec.in: add dbus-1 to BuildRequires
Signed-off-by: Serge Hallyn <serge@hallyn.com>
Changelog: 03/13: use custom iter type so we can cleanup more easily...
Changelog: 03/13: initialize each dbus_iter to { 0 } as mihalicyn suggested.
We really need to split up our code into better chunks so we avoid all of this
duplicated compilation.
Fixes: https://github.com/lxc/lxc/issues/4249
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Unfortunately, builds using alpine:edge still break!
Apparently, run_command(...).stdout() must be strip()'ed for variable
assignments
Addendum to 60e292c64a
Fixes issue #4223
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
For some reason, openSUSE has a very strange layout in sys/mount.h where
the definition of all of the FS_CONFIG_* idents are present but are
ifdef'd out in such a way that they will never be defined in an actual
build:
#define FSOPEN_CLOEXEC 0x00000001
/* ... */
#ifndef FSOPEN_CLOEXEC
enum fsconfig_command
{
FSCONFIG_SET_FLAG = 0, /* Set parameter, supplying no value */
# define FSCONFIG_SET_FLAG FSCONFIG_SET_FLAG
/* ... */
};
#endif
Unfortunately, while cc.has_header_symbol is faster, it cannot handle
this which results in compilation errors on openSUSE because the
FS_CONFIG_* symbols are actually not defined when compiling even though
the ident is present in the header. Switching to cc.get_define fixes
this issue.
Fixes: cbabe8abf1 ("build: check for FS_CONFIG_* header symbol in sys/mount.h")
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
Without setting this, the default build will fail if you don't have the
static libcap library installed (on openSUSE this is packaged separately
to libcap-devel).
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
Among other things, openSUSE places seccomp.h inside a non-default
include directory (/usr/include/seccomp/seccomp.h) which revealed
several issues with how dependencies were being handled previously.
The most notable issue is that the include cflags of our build
dependencies were not being provided to the recipes for static
executables (yet they still expected access to the dependency headers).
This also involved a minor cleanup of how these dependencies are
collected, and added liburing to the set of private pkg-config libs
(which I assume was an oversight?).
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
The sd_bus_call_method_asyncv's 10th parameter is of type
va_list and supplying NULL when invoking it causes compilation
error. Just replace it with the async one.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
docbook2man can sometimes be docbook2x and other times be docbook-utils.
Rather than compare paths, use version constraints to detect version.
Signed-off-by: Cameron Nemo <cam@nohom.org>
Allows either:
- Build inside minimal-and-clean chroot with neither
/etc/sysconfig nor /etc/default available.
- Cross Compile lxc from foreign distro,
let's say host distro uses /etc/sysconfig and build distro
uses /etc/default and vice versus.
Signed-off-by: Đoàn Trần Công Danh <congdanhqx@gmail.com>
Move -fstack-protector-strong from possible_cc_flags to
possible_link_flags to avoid a build failure on toolchains without ssp
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Define libcap_static to an empty array to avoid the following build
failure with -Dcapabilities=false:
output/build/lxc-5.0.0/src/lxc/cmd/meson.build:64:4: ERROR: Unknown variable "libcap_static".
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
These are all still in use in the code but have not been
added to meson.build when switching over from autoconf.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
we use HAVE_STATVFS in the code but with meson the check got
lost causing mount_entry to fail to remount some things such
as a bind mount of /dev/fuse via
lxc.mount.entry = /dev/fuse dev/fuse none bind,create=file 0 0
which would cause the following log messages:
DEBUG conf - ../src/lxc/conf.c:mount_entry:2416 - Remounting "/dev/fuse" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/fuse" to respect bind or remount options
ERROR conf - ../src/lxc/conf.c:mount_entry:2459 - Operation not permitted - Failed to mount "/dev/fuse" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/fuse"
note that the `Flags for ... were ...` line is not showing
up there, which depends on HAVE_STATVFS
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
If, when init'ing cgroups for a container start, we detect that we
are an unprivileged user on a unified-hierarchy-only system, then we
try to request systemd, through dbus api, to create a new scope for
us with delegation. Call the cgroup it creates for us P1. We then
create P1/init, move ourselves into there, so we can enable the
controllers for delegation to P1's children through P1/cgroup.subtree_control.
On attach, we try to request systemd attach us to the container's
scope. We can't do that ourselves in the normal case, as root owns
our login cgroups.
Create a new command api for the lxc monitor to tell lxc-attach the
systemd scope to which to attach.
Changelog:
* free cgroup_meta.systemd_scope in lxc_conf_free (Thanks Tycho)
* fix some indent
* address some (not all) of brauner's feedback
Signed-off-by: Serge Hallyn <serge@hallyn.com>
Create a binary, which embeds all lxc tools similar way as busybox
embeds its applets. This is handy for embedded systems as it saves
roughly 90% of the disk space.
To disable normal tools and use multicall binary exclusively use the
following meson setup options:
-Dtools=false -Dtools-multicall=true
Signed-off-by: Petr Malat <oss@malat.biz>
In order to compile for fuzzers where we will need and want to turn a
bunch of things off add command line switches that allow us to do so.
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
