When installing LXC with the default options, a single non-symlink liblxc.so*
(e.g. liblxc.so.1.7.0) file is created:
```
$ ./autogen.sh && ./configure && make && \
rm -rf "$HOME/lxci" && make DESTDIR="$HOME/lxci" install && \
stat -c%N "$HOME/lxci/usr/local/lib/liblxc.so"*
[...]
'/home/someone/lxci/usr/local/lib/liblxc.so' -> 'liblxc.so.1'
'/home/someone/lxci/usr/local/lib/liblxc.so.1' -> 'liblxc.so.1.7.0'
'/home/someone/lxci/usr/local/lib/liblxc.so.1.7.0'
```
However, when automake>=1.16.5, and the `--enable-pam` option is used, two
non-symlink liblxc.so* (e.g. liblxc.so.1.0.0 and liblxc.so.1.7.0) are
erroneously created:
```
$ ./autogen.sh && ./configure --enable-pam && make && \
rm -rf "$HOME/lxci" && make DESTDIR="$HOME/lxci" install && \
stat -c%N "$HOME/lxci/usr/local/lib/liblxc.so"*
[...]
'/home/someone/lxci/usr/local/lib/liblxc.so' -> 'liblxc.so.1.0.0'
'/home/someone/lxci/usr/local/lib/liblxc.so.1' -> 'liblxc.so.1.0.0'
'/home/someone/lxci/usr/local/lib/liblxc.so.1.0.0'
'/home/someone/lxci/usr/local/lib/liblxc.so.1.7.0'
```
This is due to infighting between libtool's and LXC's versioning:
libtool creates liblxc.so.1.0.0, then LXC's `install-exec-local` hook in
`Makefile.am` moves it to liblxc.so.1.7.0. However, with `--enable-pam`, the
`install-libLTLIBRARIES` target is re-triggered after `install-pamLTLIBRARIES`,
which will create liblxc.so.1.0.0 again.
The bigger problem here is that the install for the pam_cgfs library is done on
the `data` phase of the automake install process instead of the `exec` phase
(https://www.gnu.org/software/automake/manual/html_node/The-Two-Parts-of-Install.html),
which gives `install-libLTLIBRARIES` a chance to run again after the
`install-exec-local` / `install-exec-hook` targets have already run.
To fix this, we add an "exec_" prefix to the pam_cgfs library to make it run
during the `exec` phase (see link above). We also consolidate the various hooks
in the `install-exec-hook` target, which runs after the whole install, avoiding
needing to manually specify the dependencies like in `install-exec-local`.
Signed-off-by: Joan Bruguera <joanbrugueram@gmail.com>
See https://github.com/koalaman/shellcheck/wiki/SC2006 for details.
Not only uses this the recommended construct, it also makes the code
more uniform as in many other places the $() construct was already used.
Signed-off-by: Diederik de Haas <didi.debian@cknow.org>
Users can choose to compile liblxc with io_uring support. This will
cause LXC to use io_uring instead of epoll.
We're using both, io_uring's one-shot and multi-shot poll mode depending
on the type of handler.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
With lto=thin the fuzzers fail as soon as they start with
```
ERROR: The size of coverage PC tables does not match the
number of instrumented PCs. This might be a compiler bug,
please contact the libFuzzer developers.
Also check https://bugs.llvm.org/show_bug.cgi?id=34636
for possible workarounds (tl;dr: don't use the old GNU ld)
```
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
The snippet is redundant because the build system automatically
passes the sanitizers flags set in AM_CFLAGS to the linker
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
Our detection for TLS wasn't working. Fix it.
Fixes: https://github.com/lxc/lxd/issues/8327
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Move the block checking for libseccomp api compatibility inside
AM_COND_IF([ENABLE_SECCOMP] ... ).
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This will be the central place for all process management helpers. This also
removes raw_syscalls.{c,h}.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
