Added upstream patch to fix starting containers with complex hooks.
No existing patches needed to be rebased/simple version bump to 6.0.4.
Build system: x86/64
Build-tested: x86/64
Run-tested: x86/64
Signed-off-by: John Audia <therealgraysky@proton.me>
Users running unprivileged containers will need to create
/etc/subgid and /etc/subuid and want to have them preserved
across updates. This commit adds them to the default backup set.
Signed-off-by: John Audia <therealgraysky@proton.me>
Co-authored-by: Tianling Shen <cnsztl@gmail.com>
Modified 025-remove-unsupported-option.patch to both remove
the bsdtar command as it ends in errors, see below, and to
circumvent an error when extracting to overlayfs[1].
Error when extracting rootfs tarball with bsdtar:
tar --absolute-names --numeric-owner '--xattrs-include=*' -xpJf /var/cache/lxc//download/archlinux/current/amd64//default/rootfs.tar.xz -C /mnt/data/lxc/test/rootfs
./usr/bin/newgidmap: Cannot restore extended attributes on this system: Illegal byte sequence
lxc-create: test: ../src/lxc/lxccontainer.c: create_run_template: 1589 Failed to create container from template
lxc-create: test: ../src/lxc/tools/lxc_create.c: lxc_create_main: 318 Failed to create container test
1. https://github.com/openwrt/openwrt/issues/15888
Signed-off-by: John Audia <therealgraysky@proton.me>
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
Add gnu-tar as a dependency for lxc-create which is needed to
properly extract the root file system tarball. Without it,
symlink target of /bin/tar is busybox and it lacks proper
support to extract with xattrs. The default gnu-tar is actually
built without this support as well, but it is able to extract
the rootfs tarballs with a warning not an error which is not the
case with busybox which ends in an error.
Signed-off-by: John Audia <therealgraysky@proton.me>
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Several deps are missing based the output of lxc-checkconfig shown below
before this commit is applied.
CONFIG_IP_NF_TARGET_MASQUERADE and CONFIG_IP6_NF_TARGET_MASQUERADE are
only needed for lxc-net which we do not package.
% lxc-checkconfig | grep missing
Cgroup device: missing
CONFIG_IP_NF_TARGET_MASQUERADE: missing
CONFIG_IP6_NF_TARGET_MASQUERADE: missing
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: missing
FUSE (for use with lxcfs): missing
checkpoint restore: missing
CONFIG_UNIX_DIAG: missing
CONFIG_INET_DIAG: missing
CONFIG_PACKET_DIAG: missing
CONFIG_NETLINK_DIAG: missing
Additionally, two new patches have been added which remove checks for
options that OpenWrt currently does not package and can serve are
false positives for missing items from our kernel config, namely:
lxc-net and lxc-checkpoint
After applying this commit, below is the output showing that the kernel
config[1] should pass all tests for functionality:
% CONFIG=config ./lxc-checkconfig
LXC version 6.0.3
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled
Namespace limits:
cgroup: 383849
ipc: 383849
mnt: 383849
net: 383849
pid: 383849
time: 383849
user: 383849
uts: 383849
--- Control groups ---
Cgroups: enabled
Cgroup namespace: enabled
Cgroup v1 mount points:
Cgroup v2 mount points:
- /sys/fs/cgroup
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled
--- Misc ---
Veth pair device: enabled, loaded
Macvlan: enabled, not loaded
Vlan: enabled, not loaded
Bridges: enabled, loaded
Advanced netfilter: enabled, loaded
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled, not loaded
CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled, loaded
--- Checkpoint/Restore ---
checkpoint restore: missing
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: enabled
CONFIG_INET_DIAG: enabled
CONFIG_PACKET_DIAG: enabled
CONFIG_NETLINK_DIAG: enabled
File capabilities: enabled
1. Generated on 23-Feb-2025 running bcm27xx/bcm2712 on r28869+1
Signed-off-by: John Audia <therealgraysky@proton.me>
We do not package lxc-net or lxcfs so remove the lines within
lxc-checkconfig that looks forCONFIG_IP_NF_TARGET_MASQUERADE and
CONFIG_IP6_NF_TARGET_MASQUERADE which, as far as I know, is the only
part of lxc that needs them. Also remove the check for FUSE since we do
not pakcage lxcfs.
Without this commit, users will see these two as missing.
Signed-off-by: John Audia <therealgraysky@proton.me>
No patches needed to be rebased/simple version bump.
Build system: x86/64
Build-tested: x86/64
Run-tested: x86/64
Signed-off-by: John Audia <therealgraysky@proton.me>
No patches needed to be rebased, simple version bump.
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
Changelog: https://discuss.linuxcontainers.org/t/lxc-6-0-lts-has-been-released/19567
Required libdbus as a depends for liblxc. I verified that both
lxc-create and lxc-checkconfig work with the rebases to the
following patches but do please review:
020-lxc-checkconfig.patch
025-remove-unsupported-option.patch
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
The default runtime directory used by LXC is /run which doesn't exist
in OpenWrt. It causes errors like:
Failed to create lock for foo
lxc-create: foo: tools/lxc_create.c: main: 260 Failed to create lxc container
There has been workaround for that in the lxc-auto.init but it requires
installing "lxc-auto" package. Replacing that "ln -s" workaround with
Makefile specifying RUNTIME_PATH define allows using pure "lxc" in
OpenWrt (without the "lxc-auto").
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
See commit 5c545bdb "treewide: replace PKG_USE_MIPS16:=0 with
PKG_BUILD_FLAGS:=no-mips16" on the main repository.
Signed-off-by: Andre Heider <a.heider@gmail.com>
Bump to latest and update Makefile to use meson which is upstream's standard.
Deleted unneeded 010-Remove-distro-check.patch (reference to configure).
Build system: x86_64
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B
Signed-off-by: John Audia <therealgraysky@proton.me>
otherwise, a user would have to either manually run /etc/init.d/lxc-auto
boot or reboot the system to start using lxc.
originally committed in 2cde10b950
reverted in 039912dec5
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
The postinst script is sourced during image build, which causes the
follow failure:
/home/stijn/Development/OpenWrt/openwrt/build_dir/target-x86_64_musl/root-x86/etc/init.d/lxc-auto: line 3: /lib/functions.sh: No such file or directory
postinst script ./usr/lib/opkg/info/lxc-auto.postinst has failed with exit code 1
Sourcing /lib/functions.sh is not needed, as /etc/rc.common does so
already. Unfortunately removing that line from the init script is not
enough to fix the problem. The postinst script should also check
IPKG_INSTROOT. As these two changes are unrelated, they should go in
separate commits, and the solution to the image build problem is to
revert the commit that introduced the breakage.
This reverts commit 2cde10b950.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
otherwise, a user would have to either manually run /etc/init.d/lxc-auto
boot or reboot the system to start using lxc.
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
Bump to latest upstream release and rebase:
010-Remove-distro-check.patch
025-remove-unsupported-option.patch
After updating ran `make package/lxc/refresh` to clean dirty patches
Build system: x86_64
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B
Signed-off-by: John Audia <graysky@archlinux.us>
If the user defines a $max_timeout of 30, the service will wait 30 seconds
before it considers lxc-stop complete even though lxc-stop might actually
finish much sooner. This introduces an unneeded delay.
This commit changes the behavior to check once per second to see when lxc-stop
actually stops doing so up to $max_timeout. It also slightly simplifies the
code with logic to append the -t $max_timeout to the script.
Signed-off-by: John Audia <graysky@archlinux.us>
I am unaware of any kernel currently provided that retains cgroup v1 support.
This patch removes these lines in /usr/share/lxc/config/common.conf to allow
for error free usage.
Providing common.conf as-is will result in failure to start. One solution is to
comment out the legacy lines.[1] This requires users to either provide a custom
version of this file on their builds or to manually edit it with each update.
Since many do not build their own, the first option is not available to them.
Manually editing the file with each update will cause a failure to start
containers set to auto-start upon rebooting into the update.
1. https://forum.openwrt.org/t/openwrt-arm64-quick-lxc-howto-guide-lms-in-debian-system-in-lxc-container/99835
Signed-off-by: John Audia <graysky@archlinux.us>
Remove getline patch. It seems to be for uClibc, which is no longer in
the tree.
Remove commands patch. Issue was fixed upstream. Same with the tests
patch.
Remove gpg patch. It's an upstream backport.
Refreshed others.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
By default, there was used sks-keyservers.net pool, which has invalid
SSL certificate and they also announced that their service is deprecate
and no longer maintained.
Use the same GPG server as LXC is using by default in the newer
releases.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
This fixes compiling lxc without seccomp support if libseccomp is
already installed to the staging dir. Patches were applied upstream.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Fix shellcheck SC2230
> which is non-standard. Use builtin 'command -v' instead.
Once applied to everything concerning OpenWrt we can disable the busybox
feature `which` and save 3.8kB.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Fix that KERNEL_CGROUPS is enabled (selected) automatically along with
cgroups-mount
Replace "if PACKAGE_docker-ce" with a menu to avoid circular denpendency
issue involving PACKAGE_docker-ce, PACKAGE_cgroups-mount and
KERNEL_CGRUOPS
docker-ce, lxc: replace KERNEL_LXC_MISC with more specific options
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
The CONTRIBUTING.md requests an (or multiple) SPDX identifier for GPL
licenses. But a lot of packages did use a different, non-SPDX style with a
"+" at the end instead of "-or-later".
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Otherwise one gets a failure if the libraries (e.g. Python
header file) exist in the build system. Worse in some cases
is host headers being found if one doesn't specifically
disable a library search in autotools. It is especially
important that Python is disabled by default.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
