snailed
/
void-packages
2
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Activity

lxc: fix AppArmor profile, force docbook2x format

This commit is contained in:
Cameron Nemo 2018-09-25 14:21:39 -07:00 committed by maxice8
parent 48ec0e4802
commit eb82a84b69
2 changed files with 52 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
srcpkgs/lxc/patches/apparmor-with-rootfs-mount.patch Normal file
View File

@ -0,0 +1,48 @@
diff --git config/apparmor/Makefile.am config/apparmor/Makefile.am
index 71dbe158..858f58dd 100644
--- config/apparmor/Makefile.am
+++ config/apparmor/Makefile.am
@@ -19,7 +19,7 @@ install-apparmor:
$(MKDIR_P) $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/
$(MKDIR_P) $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/
$(INSTALL_DATA) $(srcdir)/abstractions/container-base $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/
- $(INSTALL_DATA) $(srcdir)/abstractions/start-container $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/
+ $(INSTALL_DATA) abstractions/start-container $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/
$(INSTALL_DATA) $(srcdir)/profiles/lxc-default $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/
$(INSTALL_DATA) $(srcdir)/profiles/lxc-default-cgns $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/
$(INSTALL_DATA) $(srcdir)/profiles/lxc-default-with-mounting $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/
diff --git config/apparmor/abstractions/start-container config/apparmor/abstractions/start-container.in
similarity index 95%
rename from config/apparmor/abstractions/start-container
rename to config/apparmor/abstractions/start-container.in
index 3df9883e..f2b48235 100644
--- config/apparmor/abstractions/start-container
+++ config/apparmor/abstractions/start-container.in
@@ -11,6 +11,7 @@
# currently blocked by apparmor bug
mount -> /usr/lib*/*/lxc/{**,},
mount -> /usr/lib*/lxc/{**,},
+ mount -> @LXCROOTFSMOUNT@/{,**},
mount fstype=devpts -> /dev/pts/,
mount options=bind /dev/pts/ptmx/ -> /dev/ptmx/,
mount options=bind /dev/pts/** -> /dev/**,
@@ -38,6 +39,7 @@
pivot_root /usr/lib*/*/lxc/,
pivot_root /usr/lib*/lxc/**,
pivot_root /usr/lib*/*/lxc/**,
+ pivot_root @LXCROOTFSMOUNT@/{,**},
change_profile -> lxc-*,
change_profile -> lxc-**,
diff --git configure.ac configure.ac
index 92d6601d..a54bc332 100644
--- configure.ac
+++ configure.ac
@@ -714,6 +714,7 @@ AC_CONFIG_FILES([
config/Makefile
config/apparmor/Makefile
+ config/apparmor/abstractions/start-container
config/selinux/Makefile
config/bash/Makefile
config/bash/lxc

7
srcpkgs/lxc/template
View File

@ -3,7 +3,7 @@ _desc="Linux Containers"
pkgname=lxc
version=3.0.2
revision=2
revision=3
build_style=gnu-configure
configure_args="--enable-doc --enable-seccomp
--enable-capabilities --enable-apparmor --with-distro=none
@ -25,8 +25,9 @@ make_dirs="
/var/lxc/log 0755 root root"
pre_configure() {
sed -e 's|"\\"-//Davenport//DTD DocBook V3.0//EN\\""|"\\"-//OASIS//DTD DocBook XML\\" \\"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd\\""|' -i configure.ac
sed -e 's,docbook2x-man,docbook2man,g' -i configure.ac
# make sure the build uses the new docbook2x format,
# even though the command has the old "docbook2man" name
sed -e 's,xdocbook2man,xforcedocbook2x,g' -i configure.ac
./autogen.sh
}