Create default /etc/sub{uid,gid} files to use for unprivileged
containers.
Appearently these file are not generated/owned by any other OpenWRT
package or buildroot configuration setting.
If such a setting or package exists this commit should probably be
reverted an modified in an extra dependency for that setting/package.
In these default the range 100000-165535 is assigned to root
sub{uid,gid}.
Fix an issue that cause unprivileged containers to not boot if /proc and
/sys are mounted with the `noatime` option.
At boot time /proc and /sys are remounted with the `relatime` option
using a dedicated init.d script.
Bump to latest and update Makefile to use meson which is upstream's standard.
Deleted unneeded 010-Remove-distro-check.patch (reference to configure).
Build system: x86_64
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit d957a2293b)
The postinst script is sourced during image build, which causes the
follow failure:
/home/stijn/Development/OpenWrt/openwrt/build_dir/target-x86_64_musl/root-x86/etc/init.d/lxc-auto: line 3: /lib/functions.sh: No such file or directory
postinst script ./usr/lib/opkg/info/lxc-auto.postinst has failed with exit code 1
Sourcing /lib/functions.sh is not needed, as /etc/rc.common does so
already. Unfortunately removing that line from the init script is not
enough to fix the problem. The postinst script should also check
IPKG_INSTROOT. As these two changes are unrelated, they should go in
separate commits, and the solution to the image build problem is to
revert the commit that introduced the breakage.
This reverts commit 2cde10b950.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 039912dec5)
otherwise, a user would have to either manually run /etc/init.d/lxc-auto
boot or reboot the system to start using lxc.
originally committed in 2cde10b950
reverted in 039912dec5
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit 7da7356539)
otherwise, a user would have to either manually run /etc/init.d/lxc-auto
boot or reboot the system to start using lxc.
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit 2cde10b950)
Bump to latest upstream release and rebase:
010-Remove-distro-check.patch
025-remove-unsupported-option.patch
After updating ran `make package/lxc/refresh` to clean dirty patches
Build system: x86_64
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B
Signed-off-by: John Audia <graysky@archlinux.us>
If the user defines a $max_timeout of 30, the service will wait 30 seconds
before it considers lxc-stop complete even though lxc-stop might actually
finish much sooner. This introduces an unneeded delay.
This commit changes the behavior to check once per second to see when lxc-stop
actually stops doing so up to $max_timeout. It also slightly simplifies the
code with logic to append the -t $max_timeout to the script.
Signed-off-by: John Audia <graysky@archlinux.us>
I am unaware of any kernel currently provided that retains cgroup v1 support.
This patch removes these lines in /usr/share/lxc/config/common.conf to allow
for error free usage.
Providing common.conf as-is will result in failure to start. One solution is to
comment out the legacy lines.[1] This requires users to either provide a custom
version of this file on their builds or to manually edit it with each update.
Since many do not build their own, the first option is not available to them.
Manually editing the file with each update will cause a failure to start
containers set to auto-start upon rebooting into the update.
1. https://forum.openwrt.org/t/openwrt-arm64-quick-lxc-howto-guide-lms-in-debian-system-in-lxc-container/99835
Signed-off-by: John Audia <graysky@archlinux.us>
Remove getline patch. It seems to be for uClibc, which is no longer in
the tree.
Remove commands patch. Issue was fixed upstream. Same with the tests
patch.
Remove gpg patch. It's an upstream backport.
Refreshed others.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
By default, there was used sks-keyservers.net pool, which has invalid
SSL certificate and they also announced that their service is deprecate
and no longer maintained.
Use the same GPG server as LXC is using by default in the newer
releases.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
This fixes compiling lxc without seccomp support if libseccomp is
already installed to the staging dir. Patches were applied upstream.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Fix shellcheck SC2230
> which is non-standard. Use builtin 'command -v' instead.
Once applied to everything concerning OpenWrt we can disable the busybox
feature `which` and save 3.8kB.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Signed-off-by: Marijan Svalina <marijan.svalina@sartura.hr>
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
Fix that KERNEL_CGROUPS is enabled (selected) automatically along with
cgroups-mount
Replace "if PACKAGE_docker-ce" with a menu to avoid circular denpendency
issue involving PACKAGE_docker-ce, PACKAGE_cgroups-mount and
KERNEL_CGRUOPS
docker-ce, lxc: replace KERNEL_LXC_MISC with more specific options
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
The CONTRIBUTING.md requests an (or multiple) SPDX identifier for GPL
licenses. But a lot of packages did use a different, non-SPDX style with a
"+" at the end instead of "-or-later".
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Otherwise one gets a failure if the libraries (e.g. Python
header file) exist in the build system. Worse in some cases
is host headers being found if one doesn't specifically
disable a library search in autotools. It is especially
important that Python is disabled by default.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
LXC requires newuidmap and newguidmap with SUID to run unprivileged
containers. This package should help users make sure they are available.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Previous versions of LXC never compiled in gnutls support due to a bug in the
configure script. As other TLS implementations are not supported and the feature
was disabled in previous builds, disable it during configure.
See https://github.com/lxc/lxc/pull/1360 for details regarding the bug in the
autoconf of the previous versions.
Signed-off-by: Karl Vogel <karl.vogel@gmail.com>
This is the first bugfix release for LXC 2.1. Full list of changes can
be found here:
https://linuxcontainers.org/lxc/news/
Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
Bump LXC package from 1.1.5 to 2.1.0. Version 2.x includes many
improvements and optimizations.
https://linuxcontainers.org/lxc/news/
Some tools like lxc-top are rewritten in C and are no longer broken and
dependent on lua.
Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
fix Makefile chmod (644)
replace MD5SUM with HASH
add PKG_MIRROR_HASH when PKG_SOURCE_PROTO:=git
(PKG_SOURCE_PROTO:=svn tarballs are not reproducible for now)
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
Normally LXC uses /var/lib, but due to hack OpenWRT employs this is not an
option. But instead of introducing new top-level directory, FSH compatible /srv
can be used.
Signed-off-by: Michal Hrusecky <michal.hrusecky@nic.cz>
Standard LXC autostart is currently not working in OpenWrt,
therefore add our own autostart mechanism for now.
Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
Initialize ret to 0 so compiler no longer complains about
monitor.c: In function 'lxc_monitor_open':
monitor.c:212:5: error: 'ret' may be used uninitialized in this function [-Werror=maybe-uninitialized]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
seccomp was unconditionally disabled before.
Also a non-escaped newline in a place where it should be escaped
made the build process skip some CONFIGURE_ARGS.
Fix CONFIGURE_ARGS and add an option to allow building with seccomp.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Use the generic autoreconf facility to pickup proper variants of
autoconf, automake and libtool.
Remove the unneeded Build/Configure override.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>