Patch in order to make capabilities work in lxc

ee0203c5 · Antoine Catton · 69b53acc · ee0203c5 · ee0203c5
Commit ee0203c5 authored Aug 02, 2012 by Antoine Catton
Hide whitespace changes
Inline Side-by-side

Showing with 61 additions and 0 deletions

component/lxc/buildout.cfg component/lxc/buildout.cfg +8 -0

component/lxc/cap_get_flag-fix.patch component/lxc/cap_get_flag-fix.patch +53 -0

No files found.
--- a/component/lxc/buildout.cfg
+++ b/component/lxc/buildout.cfg
@@ -22,6 +22,13 @@ filename = lxc-ls-fix.patch
 download-only = true
 md5sum = 28c155a554d4f4856351085494585c73

+[lxc-0.8.0-rc2-cap_get_flag-patch]
+recipe = hexagonit.recipe.download
+url = ${:_profile_base_location_}/${:filename}
+filename = cap_get_flag-fix.patch
+download-only = true
+md5sum = 8d3706a9bd60b6ebfea33998644b1a99
+
 [lxc-0.8]
 recipe = hexagonit.recipe.cmmi
 url = http://lxc.sourceforge.net/download/lxc/lxc-0.8.0-rc2.tar.gz
@@ -29,6 +36,7 @@ md5sum = 9bd6988542fd7dd198d056ef3a2db9f6
 patch-binary = ${patch:location}/bin/patch
 patch-options = -p1
 patches =
+  ${lxc-0.8.0-rc2-cap_get_flag-patch:location}/${lxc-0.8.0-rc2-cap_get_flag-patch:filename}
  ${lxc-0.8.0-rc2-libexecdir-patch:location}/${lxc-0.8.0-rc2-libexecdir-patch:filename}
  ${lxc-0.8.0-rc2-lxc-ls-patch:location}/${lxc-0.8.0-rc2-lxc-ls-patch:filename}
 environment =

--- a/component/lxc/cap_get_flag-fix.patch
+++ b/component/lxc/cap_get_flag-fix.patch
+commit 94767c5249b5802a894f6d84f6245ef86f50bff3
+Author: Serge Hallyn <serge.hallyn@ubuntu.com>
+Date:   Fri Jun 29 10:37:07 2012 -0500
+
+    Fix lxc's handling of CAP_LAST_CAP
+    
+    CAP_LAST_CAP in linux/capability.h doesn't always match what the kernel
+    actually supports.  If the kernel supports fewer capabilities, then a
+    cap_get_flag for an unsupported capability returns -EINVAL.
+    
+    Recognize that, and don't fail when initializing capabilities when this
+    happens, rather accept that we've reached the last capability.
+    
+    Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
+
+diff --git a/src/lxc/caps.c b/src/lxc/caps.c
+index 10a0b4a..c32e7e4 100644
+--- a/src/lxc/caps.c
+++ b/src/lxc/caps.c
+@@ -28,6 +28,7 @@
+ #include <limits.h>
+ #include <sys/prctl.h>
+ #include <sys/capability.h>
+#include <errno.h>
+ 
+ #include "log.h"
+ 
+@@ -90,6 +91,7 @@ int lxc_caps_up(void)
+ 	cap_t caps;
+ 	cap_value_t cap;
+ 	int ret;
+	int lastcap = 0;
+ 
+ 	/* when we are run as root, we don't want to play
+ 	 * with the capabilities */
+@@ -108,9 +110,15 @@ int lxc_caps_up(void)
+ 
+ 		ret = cap_get_flag(caps, cap, CAP_PERMITTED, &flag);
+ 		if (ret) {
+-			ERROR("failed to cap_get_flag: %m");
+-			goto out;
+			if (errno == EINVAL) {
+				INFO("Last supported cap was %d\n", cap-1);
+				break;
+			} else {
+				ERROR("failed to cap_get_flag: %m");
+				goto out;
+			}
+ 		}
+		lastcap = cap;
+ 
+ 		ret = cap_set_flag(caps, CAP_EFFECTIVE, 1, &cap, flag);
+ 		if (ret) {