From f36094bfb4412fadbd543f15315d710ddcbfb5dd337bebd4d7ff1ba8e51eac14 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 25 Jun 2021 10:06:07 +0000 Subject: [PATCH] Accepting request 902315 from home:cyphar:lxc - Add backport for which fixes a Leap-specific kernel backport bug (close_range(2) was backported but not the flags that it supported in the first version). boo#1186786 + boo1186786-0001-forkexec-handle-broken-close_range-backport-in-openS.patch OBS-URL: https://build.opensuse.org/request/show/902315 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/lxd?expand=0&rev=97 --- ...broken-close_range-backport-in-openS.patch | 33 +++++++++++++++++++ lxd.changes | 8 +++++ lxd.spec | 4 +++ 3 files changed, 45 insertions(+) create mode 100644 boo1186786-0001-forkexec-handle-broken-close_range-backport-in-openS.patch diff --git a/boo1186786-0001-forkexec-handle-broken-close_range-backport-in-openS.patch b/boo1186786-0001-forkexec-handle-broken-close_range-backport-in-openS.patch new file mode 100644 index 0000000..1edc4c5 --- /dev/null +++ b/boo1186786-0001-forkexec-handle-broken-close_range-backport-in-openS.patch @@ -0,0 +1,33 @@ +From a0c04ef1b99c94edb50084825365c2bab8dadb7c Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Thu, 17 Jun 2021 12:45:25 +0200 +Subject: [PATCH] forkexec: handle broken close_range() backport in openSUSE + Leap 15.3 + +Fixes: https://discuss.linuxcontainers.org/t/lxc-exec-results-in-error-failed-to-retrieve-pid-of-executing-child-process +Signed-off-by: Christian Brauner +--- + lxd/main_forkexec.go | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/lxd/main_forkexec.go b/lxd/main_forkexec.go +index 7cc5e8d7130c..574f25eeb988 100644 +--- a/lxd/main_forkexec.go ++++ b/lxd/main_forkexec.go +@@ -292,7 +292,12 @@ __attribute__ ((noinline)) static int __forkexec(void) + + ret = close_range(EXEC_PIPE_FD + 1, UINT_MAX, CLOSE_RANGE_UNSHARE); + if (ret) { +- if (errno == ENOSYS) ++ // Fallback to close_inherited() when the syscall is not ++ // available or when CLOSE_RANGE_UNSHARE isn't supported. ++ // On a regular kernel CLOSE_RANGE_UNSHARE should always be ++ // available but openSUSE Leap 15.3 seems to have a partial ++ // backport without CLOSE_RANGE_UNSHARE support. ++ if (errno == ENOSYS || errno == EINVAL) + ret = close_inherited(fds_to_ignore, ARRAY_SIZE(fds_to_ignore)); + } + if (ret) +-- +2.32.0 + diff --git a/lxd.changes b/lxd.changes index e85bb80..71745e7 100644 --- a/lxd.changes +++ b/lxd.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Fri Jun 25 09:59:23 UTC 2021 - Aleksa Sarai + +- Add backport for which fixes a + Leap-specific kernel backport bug (close_range(2) was backported but not the + flags that it supported in the first version). boo#1186786 + + boo1186786-0001-forkexec-handle-broken-close_range-backport-in-openS.patch + ------------------------------------------------------------------- Tue Jun 8 02:25:02 UTC 2021 - Aleksa Sarai diff --git a/lxd.spec b/lxd.spec index 64ca413..b735e9c 100644 --- a/lxd.spec +++ b/lxd.spec @@ -51,6 +51,8 @@ Source101: %{name}-config.yml # Additional runtime configuration. Source200: %{name}.sysctl Source201: %{name}.dnsmasq +# UPSTREAM-FIX: Backport of . boo#1186786 +Patch1: boo1186786-0001-forkexec-handle-broken-close_range-backport-in-openS.patch BuildRequires: fdupes BuildRequires: golang-packaging BuildRequires: libacl-devel @@ -122,6 +124,8 @@ Bash command line completion support for %{name}. %prep %setup -q +# boo#1186786 +%patch1 -p1 # Create fake "go mod"-like import paths. This is going to be really fun to # maintain but it's unfortunately necessary because openSUSE doesn't have nice