1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115 | diff -Nru lxcfs-0.10/debian/changelog lxcfs-0.10/debian/changelog
--- lxcfs-0.10/debian/changelog 2015-11-18 16:11:48.000000000 -0600
+++ lxcfs-0.10/debian/changelog 2015-11-25 12:24:11.000000000 -0600
@@ -1,3 +1,11 @@
+lxcfs (0.10-0ubuntu2.3) wily-proposed; urgency=medium
+
+ * On upgrade, ask admin to reboot rather than restarting (LP: #1518117)
+ * debian/tests/exercise: Make test_confinement.sh executable
+ * Prune init slice in caller_may_see_dir() check. (LP: #1519079)
+
+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 25 Nov 2015 12:20:53 -0600
+
lxcfs (0.10-0ubuntu2.2) wily-proposed; urgency=medium
* Fix container reboot with systemd >= 226. (LP: #1514690)
diff -Nru lxcfs-0.10/debian/lxcfs.postinst lxcfs-0.10/debian/lxcfs.postinst
--- lxcfs-0.10/debian/lxcfs.postinst 1969-12-31 18:00:00.000000000 -0600
+++ lxcfs-0.10/debian/lxcfs.postinst 2015-11-19 17:30:22.000000000 -0600
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+set -e
+
+# This script can be called in the following ways:
+#
+# After the package was installed:
+# <postinst> configure <old-version>
+#
+#
+# If prerm fails during upgrade or fails on failed upgrade:
+# <old-postinst> abort-upgrade <new-version>
+#
+# If prerm fails during deconfiguration of a package:
+# <postinst> abort-deconfigure in-favour <new-package> <version>
+# removing <old-package> <version>
+#
+# If prerm fails during replacement due to conflict:
+# <postinst> abort-remove in-favour <new-package> <version>
+
+case "$1" in
+ configure)
+ # Request a reboot. If we restart lxcfs, all containers will
+ # stop working right.
+ [ -x /usr/share/update-notifier/notify-reboot-required ] && \
+ /usr/share/update-notifier/notify-reboot-required
+ ;;
+
+esac
+
+#DEBHELPER#
diff -Nru lxcfs-0.10/debian/patches/prune-init-slice.patch lxcfs-0.10/debian/patches/prune-init-slice.patch
--- lxcfs-0.10/debian/patches/prune-init-slice.patch 1969-12-31 18:00:00.000000000 -0600
+++ lxcfs-0.10/debian/patches/prune-init-slice.patch 2015-11-25 12:22:56.000000000 -0600
@@ -0,0 +1,26 @@
+commit ec3b236fe4fba6084b3a7f0b3f66428ca96718f9
+Author: Serge Hallyn <serge.hallyn@ubuntu.com>
+Date: Mon Nov 23 14:41:24 2015 -0600
+
+ caller_may_see_dir: prune init slice
+
+ Otherwise systemd is denied permission to see cgroups in
+ name=systemd in the container.
+
+ Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
+
+Index: lxcfs-0.10/lxcfs.c
+===================================================================
+--- lxcfs-0.10.orig/lxcfs.c
++++ lxcfs-0.10/lxcfs.c
+@@ -377,9 +377,9 @@ static bool caller_may_see_dir(pid_t pid
+ return true;
+
+ c2 = get_pid_cgroup(pid, contrl);
+-
+ if (!c2)
+ return false;
++ prune_init_slice(c2);
+
+ char *tcg = c2 + 1;
+ l1 = strlen(cg);
diff -Nru lxcfs-0.10/debian/patches/series lxcfs-0.10/debian/patches/series
--- lxcfs-0.10/debian/patches/series 2015-11-18 14:34:07.000000000 -0600
+++ lxcfs-0.10/debian/patches/series 2015-11-25 12:22:52.000000000 -0600
@@ -2,3 +2,4 @@
0002-fix-checking-of-parent-dirs.patch
0002-Fix-movepid-cve.patch
fix-systemd-reboot
+prune-init-slice.patch
diff -Nru lxcfs-0.10/debian/rules lxcfs-0.10/debian/rules
--- lxcfs-0.10/debian/rules 2015-11-11 06:23:35.000000000 -0600
+++ lxcfs-0.10/debian/rules 2015-11-19 17:30:49.000000000 -0600
@@ -11,6 +11,12 @@
%:
dh $@ --with autotools_dev --with autoreconf --with systemd
+override_dh_installinit:
+ dh_installinit --no-restart-on-upgrade
+
+override_dh_systemd_start:
+ dh_systemd_start --no-restart-on-upgrade lxcfs.service
+
override_dh_autoreconf:
[ -e m4 ] || mkdir m4
dh_autoreconf
diff -Nru lxcfs-0.10/debian/tests/exercise lxcfs-0.10/debian/tests/exercise
--- lxcfs-0.10/debian/tests/exercise 2015-09-03 18:38:40.000000000 -0500
+++ lxcfs-0.10/debian/tests/exercise 2015-11-25 12:20:51.000000000 -0600
@@ -1,6 +1,7 @@
#!/bin/sh
set -eu
+chmod ugo+x tests/test_confinement.sh
for testcase in tests/test_*; do
./${testcase}
done
|