Commit Graph

117 Commits

Author SHA1 Message Date
Stéphane Graber
cb8e38aca2
Release LXC 5.0.3
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
2023-07-25 18:00:11 -04:00
Stéphane Graber
d571736812
Release LXC 5.0.2
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2023-01-16 16:08:50 -05:00
Mathias Gibbens
17c85aac63
Fix build error on sparc64 caused by using the gold linker
Signed-off-by: Mathias Gibbens <gibmat@debian.org>
2023-01-16 16:06:26 -05:00
Christian Brauner
1089f49c58
build: force linking against liblxc
We really need to split up our code into better chunks so we avoid all of this
duplicated compilation.

Fixes: https://github.com/lxc/lxc/issues/4249
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
2023-01-06 17:15:12 -05:00
Aleksa Sarai
a330126b45
build: use cc.get_define to detect FS_CONFIG_* symbols
For some reason, openSUSE has a very strange layout in sys/mount.h where
the definition of all of the FS_CONFIG_* idents are present but are
ifdef'd out in such a way that they will never be defined in an actual
build:

  #define FSOPEN_CLOEXEC          0x00000001
  /* ... */
  #ifndef FSOPEN_CLOEXEC
  enum fsconfig_command
  {
    FSCONFIG_SET_FLAG       = 0,    /* Set parameter, supplying no value */
  # define FSCONFIG_SET_FLAG FSCONFIG_SET_FLAG
  /* ... */
  };
  #endif

Unfortunately, while cc.has_header_symbol is faster, it cannot handle
this which results in compilation errors on openSUSE because the
FS_CONFIG_* symbols are actually not defined when compiling even though
the ident is present in the header. Switching to cc.get_define fixes
this issue.

Fixes: cbabe8abf1 ("build: check for FS_CONFIG_* header symbol in sys/mount.h")
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2022-12-16 11:42:22 -05:00
Chen Qi
f1a61a5f05
use sd_bus_call_method_async to replace the asyncv one
The sd_bus_call_method_asyncv's 10th parameter is of type
va_list and supplying NULL when invoking it causes compilation
error. Just replace it with the async one.

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
2022-12-16 11:34:37 -05:00
Christian Brauner
02900160c8
build: prevent the inclusion of linux/mount.h with a hack
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
2022-12-16 11:32:59 -05:00
Cameron Nemo
e2b8776bbb
meson: fix docbook2x detection
docbook2man can sometimes be docbook2x and other times be docbook-utils.
Rather than compare paths, use version constraints to detect version.

Signed-off-by: Cameron Nemo <cam@nohom.org>
2022-12-16 11:32:51 -05:00
Christian Brauner
d1dfce9c59
tree-wide: use struct open_how directly
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
2022-12-16 11:32:49 -05:00
Christian Brauner
c9bca33263
tree-wide: use struct clone_args directly
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
2022-12-16 11:32:48 -05:00
Christian Brauner
497479ea3b
tree-wide: wipe direct or indirect linux/mount.h inclusion
It is incompatible with sys/mount.h and causes massive headaches.

Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
2022-12-16 11:32:46 -05:00
Christian Brauner
02f4bd00f5
build: check for FS_CONFIG_* header symbol in sys/mount.h
Fixes: #4176
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
2022-12-16 11:32:44 -05:00
Ramkumar Chinchani
22e8a7941f
meson.build: strip newline for variable assignments
Unfortunately, builds using alpine:edge still break!
Apparently, run_command(...).stdout() must be strip()'ed for variable
assignments

Addendum to d5600cf76a
Fixes issue #4223

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-11-23 19:54:53 +00:00
Ramkumar Chinchani
d5600cf76a
meson.build: strip newlines from git output
Fixes issue #4223

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-11-22 18:08:11 +00:00
Aleksa Sarai
59f69162ca
build: only build init.lxc.static if libcap is statically linkable
Without setting this, the default build will fail if you don't have the
static libcap library installed (on openSUSE this is packaged separately
to libcap-devel).

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2022-10-28 14:34:28 +11:00
Aleksa Sarai
062c2d9803
build: fix handling of dependancies to fix build on openSUSE
Among other things, openSUSE places seccomp.h inside a non-default
include directory (/usr/include/seccomp/seccomp.h) which revealed
several issues with how dependencies were being handled previously.

The most notable issue is that the include cflags of our build
dependencies were not being provided to the recipes for static
executables (yet they still expected access to the dependency headers).

This also involved a minor cleanup of how these dependencies are
collected, and added liburing to the set of private pkg-config libs
(which I assume was an oversight?).

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2022-10-28 14:34:27 +11:00
Christian Brauner
e510d6bd87
build: detect sys/pidfd.h availability
Fixes: #4176
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
2022-10-28 14:33:20 +11:00
Christian Brauner
b7b269680f
build: detect where struct mount_attr is declared
Fixes: #4176
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
2022-10-28 14:33:19 +11:00
Đoàn Trần Công Danh
5313e50484
meson.build: allow explicit distrosysconfdir
Allows either:

- Build inside minimal-and-clean chroot with neither
  /etc/sysconfig nor /etc/default available.
- Cross Compile lxc from foreign distro,
  let's say host distro uses /etc/sysconfig and build distro
  uses /etc/default and vice versus.

Signed-off-by: Đoàn Trần Công Danh <congdanhqx@gmail.com>
2022-10-28 14:33:19 +11:00
Stéphane Graber
0539095ac7
Release LXC 5.0.1
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2022-07-28 00:20:41 -04:00
Fabrice Fontaine
315d4cec61
meson.build: fix build without stack-protector
Move -fstack-protector-strong from possible_cc_flags to
possible_link_flags to avoid a build failure on toolchains without ssp

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
2022-07-25 18:12:45 -04:00
Fabrice Fontaine
aba631cd43
meson.build: fix build with -Dcapabilities=false
Define libcap_static to an empty array to avoid the following build
failure with -Dcapabilities=false:

output/build/lxc-5.0.0/src/lxc/cmd/meson.build:64:4: ERROR: Unknown variable "libcap_static".

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
2022-07-25 18:12:43 -04:00
Wolfgang Bumiller
d441ee5851
meson: add remaining still-in-use config checks
These are all still in use in the code but have not been
added to meson.build when switching over from autoconf.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2022-07-25 18:12:39 -04:00
Wolfgang Bumiller
31bff905ae
add check for statvfs
we use HAVE_STATVFS in the code but with meson the check got
lost causing mount_entry to fail to remount some things such
as a bind mount of /dev/fuse via

    lxc.mount.entry = /dev/fuse dev/fuse none bind,create=file 0 0

which would cause the following log messages:

    DEBUG    conf - ../src/lxc/conf.c:mount_entry:2416 - Remounting "/dev/fuse" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/fuse" to respect bind or remount options
    ERROR    conf - ../src/lxc/conf.c:mount_entry:2459 - Operation not permitted - Failed to mount "/dev/fuse" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/fuse"

note that the `Flags for ... were ...` line is not showing
up there, which depends on HAVE_STATVFS

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2022-07-25 18:12:32 -04:00
Serge Hallyn
cfcbdb75f0
use systemd dbus StartTransientUnit for unpriv cgroup2
If, when init'ing cgroups for a container start, we detect that we
are an unprivileged user on a unified-hierarchy-only system, then we
try to request systemd, through dbus api, to create a new scope for
us with delegation.  Call the cgroup it creates for us P1.  We then
create P1/init, move ourselves into there, so we can enable the
controllers for delegation to P1's children through P1/cgroup.subtree_control.

On attach, we try to request systemd attach us to the container's
scope.  We can't do that ourselves in the normal case, as root owns
our login cgroups.

Create a new command api for the lxc monitor to tell lxc-attach the
systemd scope to which to attach.

Changelog:
 * free cgroup_meta.systemd_scope in lxc_conf_free (Thanks Tycho)
 * fix some indent
 * address some (not all) of brauner's feedback

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2022-07-25 18:12:19 -04:00
Stéphane Graber
1f8c355727
Release LXC 5.0.0
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2022-06-16 16:40:04 -04:00
Stéphane Graber
9fea612230
meson: Fix bad strerror_r check
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2022-06-13 21:27:46 -04:00
Christian Brauner
493bf2ded8
build: add missing memfd-rexec option
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
2022-06-13 15:33:36 +02:00
Christian Brauner
0c4549a331
build: support thread-safety enforcement as option
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
2022-06-13 15:33:31 +02:00
Christian Brauner
de4543d8f8
build: use cc.links() to check for static libcap
Fixes: #4144
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
2022-06-13 11:04:17 +02:00
Christian Brauner
d42a3b1366
build: add oss-fuzz switch
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
2022-06-09 23:07:07 +02:00
Christian Brauner
0b9adfdad4
build: add seccomp build option
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
2022-06-09 23:07:07 +02:00
Christian Brauner
826391b2a2
build: fix build with various options turned off
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
2022-06-09 23:07:07 +02:00
Christian Brauner
abc5e6bb94
build: tweak build flags
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
2022-06-09 23:07:07 +02:00
Christian Brauner
575d0e34ae
build: add additional command line switches
In order to compile for fuzzers where we will need and want to turn a
bunch of things off add command line switches that allow us to do so.

Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
2022-06-08 20:03:05 +02:00
Stéphane Graber
cd3d65155b
meson: Always defined IS_BIONIC
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2022-06-08 01:00:51 -04:00
Stéphane Graber
4c96107d1e
meson: Always define HAVE_LIBURING
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2022-06-07 17:18:11 -04:00
Stéphane Graber
869deb9173
meson: seccomp is optional
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2022-06-07 17:18:10 -04:00
Stéphane Graber
f7de7d7adf
meson: Fix on shallow git trees
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2022-06-07 17:18:09 -04:00
Stéphane Graber
d5dff814ac
meson: Add bionic detection
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2022-06-07 17:18:08 -04:00
Stéphane Graber
e18dbec746
meson: Fix RPM spec variables
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2022-06-07 17:18:07 -04:00
Stéphane Graber
5055c73d91
meson: Skip static library when using sanitizer
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2022-06-07 17:18:04 -04:00
Stéphane Graber
8d77f43f5c
meson: Cleanup and fix includes
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2022-06-07 17:18:04 -04:00
Stéphane Graber
4dd5e0cf13
meson: Add coverity flag
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2022-06-07 17:18:03 -04:00
Stéphane Graber
9c562440e5
meson: Add RPM spec
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2022-06-02 16:50:01 -04:00
Stéphane Graber
eba7f7a6bc
meson: Rework configuration variables
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2022-06-02 16:50:00 -04:00
Stéphane Graber
f80af4e12b
meson: Export more variables to doc
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2022-06-02 16:49:58 -04:00
Stéphane Graber
299f3f80d2
meson: Export LXC_DISTRO_SYSCONF
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2022-06-02 16:49:58 -04:00
Stéphane Graber
6105cc7f53
meson: Add apparmor profiles
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2022-05-30 19:16:42 -04:00
Stéphane Graber
36a53f3026
meson: Add sysconfig
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2022-05-30 19:16:41 -04:00