Accepting request 979627 from home:cyphar:lxc

- Update to LXD 5.2. The full upstream changelog is available from: https://discuss.linuxcontainers.org/t/lxd-5-2-has-been-released/14200 boo#1200002 + VPD information in resources API * Cross-project profile copy * HTTP streaming support in /dev/lxd API * Use of server-side filtering in CLI * Ceph librbd for virtual machines - Remove upstreamed patch: + 0001-lxd-secommp-Fix-sysinfo-syscall-interception-on-32-b.patch OBS-URL: https://build.opensuse.org/request/show/979627 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/lxd?expand=0&rev=110
2022-05-29 18:54:26 +00:00 · 2022-05-29 18:54:26 +00:00 · 3ac41b22c6
commit 3ac41b22c6
parent ee035bec7c
7 changed files with 35 additions and 198 deletions
--- a/0001-lxd-secommp-Fix-sysinfo-syscall-interception-on-32-b.patch
+++ b/0001-lxd-secommp-Fix-sysinfo-syscall-interception-on-32-b.patch
@ -1,174 +0,0 @@
 From fd6845ddda3f80cdd24a8f94c42acce6bff0c41f Mon Sep 17 00:00:00 2001
 From: Thomas Parrott <thomas.parrott@canonical.com>
 Date: Fri, 29 Apr 2022 11:12:48 +0100
 Subject: [PATCH] lxd/secommp: Fix sysinfo syscall interception on 32 bit
 platforms
 Fixes #10347
 Backport: <https://github.com/lxc/lxd/pull/10348>
 Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
 ---
 lxd/seccomp/seccomp.go    | 22 ++++++++++++++--------
 lxd/seccomp/sysinfo.go    | 13 +++++++++++++
 lxd/seccomp/sysinfo_32.go | 19 +++++++++++++++++++
 lxd/seccomp/sysinfo_64.go | 19 +++++++++++++++++++
 4 files changed, 65 insertions(+), 8 deletions(-)
 create mode 100644 lxd/seccomp/sysinfo.go
 create mode 100644 lxd/seccomp/sysinfo_32.go
 create mode 100644 lxd/seccomp/sysinfo_64.go
 diff --git a/lxd/seccomp/seccomp.go b/lxd/seccomp/seccomp.go
 index 03fee3c71a09..203d408a8286 100644
 --- a/lxd/seccomp/seccomp.go
 +++ b/lxd/seccomp/seccomp.go
@@ -1709,6 +1709,7 @@ func (s *Server) HandleSysinfoSyscall(c Instance, siov *Iovec) int {
 	defer l.Debug("Handling sysinfo syscall")
 +	// Pre-fill sysinfo struct with metrics from host system.
 	info := unix.Sysinfo_t{}
 	err := unix.Sysinfo(&info)
 	if err != nil {
@@ -1718,6 +1719,8 @@ func (s *Server) HandleSysinfoSyscall(c Instance, siov *Iovec) int {
 		return 0
 	}
 +	instMetrics := Sysinfo{} // Architecture independent place to hold instance metrics.
 +
 	cg, err := cgroup.NewFileReadWriter(int(siov.msg.init_pid), liblxc.HasApiExtension("cgroup2"))
 	if err != nil {
 		l.Warn("Failed loading cgroup", logger.Ctx{"err": err, "pid": siov.msg.init_pid})
@@ -1735,7 +1738,7 @@ func (s *Server) HandleSysinfoSyscall(c Instance, siov *Iovec) int {
 		return 0
 	}
 -	info.Uptime = int64(time.Now().Sub(f.ModTime()).Seconds())
 +	instMetrics.Uptime = int64(time.Now().Sub(f.ModTime()).Seconds())
 	// Get instance process count.
 	pids, err := cg.GetTotalProcesses()
@@ -1746,7 +1749,7 @@ func (s *Server) HandleSysinfoSyscall(c Instance, siov *Iovec) int {
 		return 0
 	}
 -	info.Procs = uint16(pids)
 +	instMetrics.Procs = uint16(pids)
 	// Get instance memory stats.
 	memStats, err := cg.GetMemoryStats()
@@ -1760,9 +1763,9 @@ func (s *Server) HandleSysinfoSyscall(c Instance, siov *Iovec) int {
 	for k, v := range memStats {
 		switch k {
 		case "shmem":
 -			info.Sharedram = v
 +			instMetrics.Sharedram = v
 		case "cache":
 -			info.Bufferram = v
 +			instMetrics.Bufferram = v
 		}
 	}
@@ -1784,8 +1787,8 @@ func (s *Server) HandleSysinfoSyscall(c Instance, siov *Iovec) int {
 		return 0
 	}
 -	info.Totalram = uint64(memoryLimit)
 -	info.Freeram = info.Totalram - uint64(memoryUsage) - info.Bufferram
 +	instMetrics.Totalram = uint64(memoryLimit)
 +	instMetrics.Freeram = instMetrics.Totalram - uint64(memoryUsage) - instMetrics.Bufferram
 	// Get instance swap info.
 	if s.s.OS.CGInfo.Supports(cgroup.MemorySwapUsage, cg) {
@@ -1805,14 +1808,17 @@ func (s *Server) HandleSysinfoSyscall(c Instance, siov *Iovec) int {
 			return 0
 		}
 -		info.Totalswap = uint64(swapLimit)
 -		info.Freeswap = info.Totalswap - uint64(swapUsage)
 +		instMetrics.Totalswap = uint64(swapLimit)
 +		instMetrics.Freeswap = instMetrics.Totalswap - uint64(swapUsage)
 	}
 	// Get writable pointer to buffer of sysinfo syscall result.
 	const sz = int(unsafe.Sizeof(info))
 	var b []byte = (*(*[sz]byte)(unsafe.Pointer(&info)))[:]
 +	// Write instance metrics to native sysinfo struct.
 +	instMetrics.ToNative(&info)
 +
 	// Write sysinfo response into buffer.
 	_, err = unix.Pwrite(siov.memFd, b, int64(siov.req.data.args[0]))
 	if err != nil {
 diff --git a/lxd/seccomp/sysinfo.go b/lxd/seccomp/sysinfo.go
 new file mode 100644
 index 000000000000..b255894af26e
 --- /dev/null
 +++ b/lxd/seccomp/sysinfo.go
@@ -0,0 +1,13 @@
 +package seccomp
 +
 +// Sysinfo architecture independent sysinfo struct.
 +type Sysinfo struct {
 +	Uptime    int64
 +	Totalram  uint64
 +	Freeram   uint64
 +	Sharedram uint64
 +	Bufferram uint64
 +	Totalswap uint64
 +	Freeswap  uint64
 +	Procs     uint16
 +}
 diff --git a/lxd/seccomp/sysinfo_32.go b/lxd/seccomp/sysinfo_32.go
 new file mode 100644
 index 000000000000..e52808300dd0
 --- /dev/null
 +++ b/lxd/seccomp/sysinfo_32.go
@@ -0,0 +1,19 @@
 +//go:build 386 || arm || ppc || s390 || mips || mipsle
 +
 +package seccomp
 +
 +import (
 +	"golang.org/x/sys/unix"
 +)
 +
 +// ToNative fills fields from s into native fields.
 +func (s *Sysinfo) ToNative(n *unix.Sysinfo_t) {
 +	n.Bufferram = uint32(s.Bufferram)
 +	n.Freeram = uint32(s.Freeram)
 +	n.Freeswap = uint32(s.Freeswap)
 +	n.Procs = s.Procs
 +	n.Sharedram = uint32(s.Sharedram)
 +	n.Totalram = uint32(s.Totalram)
 +	n.Totalswap = uint32(s.Totalswap)
 +	n.Uptime = int32(s.Uptime)
 +}
 diff --git a/lxd/seccomp/sysinfo_64.go b/lxd/seccomp/sysinfo_64.go
 new file mode 100644
 index 000000000000..84383b1c5a86
 --- /dev/null
 +++ b/lxd/seccomp/sysinfo_64.go
@@ -0,0 +1,19 @@
 +//go:build amd64 || ppc64 || ppc64le || arm64 || s390x || mips64 || mips64le || riscv64
 +
 +package seccomp
 +
 +import (
 +	"golang.org/x/sys/unix"
 +)
 +
 +// ToNative fills fields from s into native fields.
 +func (s *Sysinfo) ToNative(n *unix.Sysinfo_t) {
 +	n.Bufferram = s.Bufferram
 +	n.Freeram = s.Freeram
 +	n.Freeswap = s.Freeswap
 +	n.Procs = s.Procs
 +	n.Sharedram = s.Sharedram
 +	n.Totalram = s.Totalram
 +	n.Totalswap = s.Totalswap
 +	n.Uptime = s.Uptime
 +}
 -- 
 2.35.1
--- a/lxd-5.1.tar.gz
+++ b/lxd-5.1.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:319f4e93506e2144edaa280b0185fb37c4374cf7d7468a5e5c8c1b678189250a
 size 18017579
--- a/lxd-5.1.tar.gz.asc
+++ b/lxd-5.1.tar.gz.asc
@ -1,16 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCgAdFiEEYC9WdmPlk7y9FPM4xjiXTWR5LWcFAmJq60YACgkQxjiXTWR5
 LWcnZA/9E3XxPxLaFVnfT16kOYIFCZX50eyumUefcS+T5qhu19yX1MdvOC3ESLIn
 bSQjK/AVjL9UgNpQQTaMYkn1FWq1ZH6jdwzB6y4hBMcP7iE3BqihCoehZk0K+oC4
 sybqSimUqt491/HNSVdDChGTHhr2BVZRTLmAo46EdBueb4WYGyTzEiiSUM0cmMF5
 Af5/MjpuYfmVxr7DfbXeBibJzhpg6x5PzyYzRvC0hMAg2qrMYZMAWhJXXFFE3VCt
 QszrMriGbOcSqfSL0VqSjGgUJW7B0StVBQq16TkdhO+oBMUvfjTCm1e11uoWNN4p
 8PS6vA9yeNIjd2+UuubsG+gGssHhgKpMSDPt0bFZNMW7y6m7OwNk0W+CUgA1bxnK
 QPn3QFfi+QkmEUCLZjVLu/pQDH46fD1RUk1G0zYHdlnVJpUCM+sH4YbKwYDax/lS
 ZaL26ihG25sZw3fESermEAUSRS8q68HDWzDad0+YE4hnQscqFo8toNxNv/+8QHx/
 b6fQM6gaEIu43u/JqAJCURtIkW0aiSRI/vcZfGnPoFA77wbzCeA0DxGJURlFsP6Q
 hbVlmunKDzDKukO5w1zKJBOjiAj/aBElRR/iRvVmwCwwAPiBXhvpn6eamGTgJNsa
 UR2a5xew76JL1yQ4ug9yi0aObXh3gULd9XuY8E1Uu5Rk16vag9U=
 =rsCN
 -----END PGP SIGNATURE-----
--- a/lxd-5.2.tar.gz
+++ b/lxd-5.2.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:e22d2b34a1848d33b2080b2b1c82355afb6d36fdfe49e67f44b3749edbc02e4c
 size 18187041
--- a/lxd-5.2.tar.gz.asc
+++ b/lxd-5.2.tar.gz.asc
@ -0,0 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCgAdFiEEYC9WdmPlk7y9FPM4xjiXTWR5LWcFAmKP3nMACgkQxjiXTWR5
 LWfBAA//bD0OuQYP5BlAfULq/TwwRztwiqDxFwyUvg4S1a/z5UH2+YMGfnltuIDD
 d70hhGXTxGvA9ropDZqsiNx3nZ4624U5lWzEaJLbdrcn2fB+OJKhX8+UvzR93g48
 azlx4bgRmLFMJRY8NFSm5QvuptEnEhG/KNTWBLwZEqOpyyUw0R5q8wJz8pl43OtP
 ZS9VJ65dkpQTJStv074lqEXUMZg0MKFBhRBAIrZFTYeol+nx+bd2nLndY4aoIv/M
 uqb80x7O+Fs3agfknexO/LbP731Yn4GIF6asp2t4qB26gvaGafnGcquZqFtj/6yO
 rYFKGaTaUbAHkO4R9azB4EAORJHfPjFtcLy5mh3Mh+Ft5UPNJk/GqI2CKKx9ENgC
 vcHnVR1ToPGEXYqxjebMjHIHPALZc4pdsaCC+ziyZngkiOWv/orQ5Xa3JGwyVeUc
 4I2nV6RKBLyzS6YRKCfXswtAIDchI84WvfGZczQGP8jBE7qGn51ZY+WwV9X0IXpa
 m/iK3kNri6AU2LACyCTVA6c+SDH7MAN7iFfIv1GjissIotUouF8jnZudVjEEG8AG
 3qRsFfaxxyYDgkWpLs3DOkmzmiocPVi3KfLrPdDnRNblqtG9yTI7qN4kDtbSQNRd
 XuHPvW4qxzX8cBLqnzspOujjseylZJEoiftxeii05HBJmz+OWm4=
 =YU3B
 -----END PGP SIGNATURE-----
--- a/lxd.changes
+++ b/lxd.changes
@ -1,3 +1,18 @@
 -------------------------------------------------------------------
 Sun May 29 02:18:04 UTC 2022 - Aleksa Sarai <asarai@suse.com>
 - Update to LXD 5.2. The full upstream changelog is available from:
  https://discuss.linuxcontainers.org/t/lxd-5-2-has-been-released/14200
  boo#1200002
  + VPD information in resources API
  * Cross-project profile copy
  * HTTP streaming support in /dev/lxd API
  * Use of server-side filtering in CLI
  * Ceph librbd for virtual machines
 - Remove upstreamed patch:
  + 0001-lxd-secommp-Fix-sysinfo-syscall-interception-on-32-b.patch
 -------------------------------------------------------------------
 Thu May  5 04:27:43 UTC 2022 - Aleksa Sarai <asarai@suse.com>
--- a/lxd.spec
+++ b/lxd.spec
@ -34,7 +34,7 @@
 %endif
 Name:           lxd
-Version:        5.1
+Version:        5.2
 Release:        0
 Summary:        Container hypervisor based on LXC
 License:        Apache-2.0
@ -51,8 +51,6 @@ Source101:      %{name}-config.yml
 # Additional runtime configuration.
 Source200:      %{name}.sysctl
 Source201:      %{name}.dnsmasq
 # OPENSUSE-UPSTREAM-FIX: Backport of <https://github.com/lxc/lxd/pull/10348>.
 Patch1:         0001-lxd-secommp-Fix-sysinfo-syscall-interception-on-32-b.patch
 BuildRequires:  fdupes
 BuildRequires:  golang-packaging
 BuildRequires:  libacl-devel
@ -127,8 +125,6 @@ Bash command line completion support for %{name}.
 %prep
 %setup -q
 # https://github.com/lxc/lxd/pull/10348
 %patch1 -p1
 %build
 # Make sure any leftover go build caches are gone.