[packages/lxcfs] new, version 2.0.2

Thu Aug 25 23:10:44 CEST 2016

commit 0c9c9e714dddcbd56a6dffc9d8b136be5df9600a
Author: Elan Ruusamäe <glen at delfi.ee>
Date:   Fri Aug 26 00:10:10 2016 +0300

    new, version 2.0.2
    
    based on opensuse package
    http://ftp.opensuse.org/repositories/Virtualization:/containers/openSUSE_Tumbleweed/src/lxcfs-2.0.2-6.1.src.rpm

 ...skip-empty-entries-under-proc-self-cgroup.patch |  60 +++++++++++
 lxcfs.spec                                         | 114 +++++++++++++++++++++
 2 files changed, 174 insertions(+)
---

diff --git a/lxcfs.spec b/lxcfs.spec
new file mode 100644
index 0000000..3f8ad8b
--- /dev/null
+++ b/lxcfs.spec
@@ -0,0 +1,114 @@
+Summary:	FUSE filesystem for LXC
+Name:		lxcfs
+Version:	2.0.2
+Release:	0.1
+License:	Apache v2.0
+Group:		Applications/System
+Source0:	https://linuxcontainers.org/downloads/lxcfs/%{name}-%{version}.tar.gz
+# Source0-md5:	fea9124c9d6d7370e12c4a3f0d405541
+URL:		https://linuxcontainers.org/lxcfs/
+Patch0:		0001-skip-empty-entries-under-proc-self-cgroup.patch
+BuildRequires:	help2man
+BuildRequires:	libfuse-devel
+BuildRequires:	pam-devel
+BuildRequires:	pkg-config
+BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)
+
+%define		_libexecdir	%{_prefix}/lib
+
+%description
+LXCFS is a simple userspace filesystem designed to work around some
+current limitations of the Linux kernel.
+
+Specifically, it's providing two main things:
+- A set of files which can be bind-mounted over their /proc originals
+  to provide CGroup-aware values.
+- A cgroupfs-like tree which is container aware.
+
+The code is pretty simple, written in C using libfuse and glib.
+
+The main driver for this work was the need to run systemd based
+containers as a regular unprivileged user while still allowing systemd
+inside the container to interact with cgroups.
+
+Now with the introduction of the cgroup namespace in the Linux kernel,
+that part is no longer necessary on recent kernels and focus is now on
+making containers feel more like a real independent system through the
+proc masking feature.
+
+%package -n pam-pam_cgfs
+Summary:	CGroup FS pam module
+Group:		Libraries
+
+%description -n pam-pam_cgfs
+When a user logs in, this pam module will create cgroups which the
+user may administer, either for all controllers or for any controllers
+listed on the command line.
+
+%prep
+%setup -q
+%patch0 -p1
+
+%build
+%configure \
+	--with-distro=suse \
+
+%{__make} %{?_smp_mflags}
+
+%install
+rm -rf $RPM_BUILD_ROOT
+%{__make} install \
+	DESTDIR=$RPM_BUILD_ROOT
+
+install -d $RPM_BUILD_ROOT{%{systemdunitdir},%{_libexecdir},%{_includedir}/%{name},%{_localstatedir}/lib/%{name}}
+
+cp -p config/init/systemd/*.service $RPM_BUILD_ROOT%{systemdunitdir}
+
+# The shared library liblxcfs.so used by lxcfs is not supposed to be used by
+# any other program. So we follow best practice and install it in
+# %{_prefix}/lib/lxcfs. Note that lxcfs *expects* liblxcfs.so to be found in
+# %{_prefix}/lib/lxcfs when it cannot find it in the lib.so path.
+install -p .libs/liblxcfs.so $RPM_BUILD_ROOT%{_libexecdir}
+rm $RPM_BUILD_ROOT%{_libdir}/liblxcfs.so*
+rm $RPM_BUILD_ROOT%{_libdir}/liblxcfs.la
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%if 0
+%pre
+%service_add_pre lxcfs.service
+
+%post
+%service_add_post lxcfs.service
+
+%preun
+%service_del_preun lxcfs.service
+
+%postun
+%service_del_postun lxcfs.service
+%endif
+
+%files
+%defattr(644,root,root,755)
+%doc AUTHORS ChangeLog README
+%attr(755,root,root) %{_bindir}/lxcfs
+%{_mandir}/man1/lxcfs.1*
+%{systemdunitdir}/lxcfs.service
+%dir %{_datadir}/%{name}
+%attr(755,root,root) %{_datadir}/%{name}/lxc.mount.hook
+%attr(755,root,root) %{_datadir}/%{name}/lxc.reboot.hook
+%dir %{_localstatedir}/lib/%{name}
+
+%{_datadir}/lxc/config/common.conf.d/00-lxcfs.conf
+
+# The lxcfs executable requires liblxcfs.so be installed. It calls dlopen() to
+# dynamically reload the shared library on upgrade. This is important. Do *not*
+# split into a separate package and do not turn this into a versioned shared
+# library! (This shared library allows lxcfs to be updated without having to
+# restart it which is good when you have important system containers running!)
+%{_libexecdir}/liblxcfs.so
+
+%files -n pam-pam_cgfs
+%defattr(644,root,root,755)
+/%{_lib}/security/pam_cgfs.so
diff --git a/0001-skip-empty-entries-under-proc-self-cgroup.patch b/0001-skip-empty-entries-under-proc-self-cgroup.patch
new file mode 100644
index 0000000..69466ef
--- /dev/null
+++ b/0001-skip-empty-entries-under-proc-self-cgroup.patch
@@ -0,0 +1,60 @@
+From a67719f64d07d7fee96b1e145a03659fe4db0c6e Mon Sep 17 00:00:00 2001
+From: Christian Brauner <cbrauner at suse.de>
+Date: Sat, 9 Jul 2016 13:19:06 +0200
+Subject: [PATCH] skip empty entries under /proc/self/cgroup
+
+If cgroupv2 is enabled either alone or together with legacy hierarchies
+/proc/self/cgroup can contain entries of the form:
+
+        0::/
+
+This will cause lxcfs to fail the cgroup mounts because it parses out the empty
+string "" and later on passes it to mount(). Let's skip such entries.
+
+Signed-off-by: Christian Brauner <cbrauner at suse.de>
+---
+ bindings.c | 8 ++++++++
+ lxcfs.c    | 8 ++++++++
+ 2 files changed, 16 insertions(+)
+
+diff --git a/bindings.c b/bindings.c
+index cb98e12..8186ca9 100644
+--- a/bindings.c
++++ b/bindings.c
+@@ -3951,6 +3951,14 @@ static void __attribute__((constructor)) collect_subsystems(void)
+ 			goto out;
+ 		*p2 = '\0';
+ 
++		/* With cgroupv2 /proc/self/cgroup can contain entries of the
++		 * form: 0::/ This will cause lxcfs to fail the cgroup mounts
++		 * because it parses out the empty string "" and later on passes
++		 * it to mount(). Let's skip such entries.
++		 */
++		if (!strcmp(p, ""))
++			continue;
++
+ 		if (!store_hierarchy(line, p))
+ 			goto out;
+ 	}
+diff --git a/lxcfs.c b/lxcfs.c
+index 7455267..1d19a10 100644
+--- a/lxcfs.c
++++ b/lxcfs.c
+@@ -859,6 +859,14 @@ static bool do_mount_cgroups(void)
+ 			goto out;
+ 		*p2 = '\0';
+ 
++		/* With cgroupv2 /proc/self/cgroup can contain entries of the
++		 * form: 0::/ This will cause lxcfs to fail the cgroup mounts
++		 * because it parses out the empty string "" and later on passes
++		 * it to mount(). Let's skip such entries.
++		 */
++		if (!strcmp(p, ""))
++			continue;
++
+ 		if (!do_mount_cgroup(p))
+ 			goto out;
+ 	}
+-- 
+2.8.4
+
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/lxcfs.git/commitdiff/0c9c9e714dddcbd56a6dffc9d8b136be5df9600a

