Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package incus for openSUSE:Factory checked in at 2025-05-30 14:40:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/incus (Old) and /work/SRC/openSUSE:Factory/.incus.new.25440 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "incus" Fri May 30 14:40:09 2025 rev:7 rq:1281355 version:6.12 Changes: -------- --- /work/SRC/openSUSE:Factory/incus/incus.changes 2025-04-30 19:03:38.608478046 +0200 +++ /work/SRC/openSUSE:Factory/.incus.new.25440/incus.changes 2025-05-30 17:21:40.478144123 +0200 @@ -1,0 +2,7 @@ +Thu May 22 15:03:34 UTC 2025 - Aleksa Sarai <asa...@suse.com> + +- Add backport of <https://github.com/lxc/incus/pull/2136> to fix a bug with + proxy devices using bind=container and listen=unix:... addresses. + + 0001-incusd-forkproxy-join-the-correct-mntns-for-listen.patch + +------------------------------------------------------------------- New: ---- 0001-incusd-forkproxy-join-the-correct-mntns-for-listen.patch BETA DEBUG BEGIN: New: proxy devices using bind=container and listen=unix:... addresses. + 0001-incusd-forkproxy-join-the-correct-mntns-for-listen.patch BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ incus.spec ++++++ --- /var/tmp/diff_new_pack.G1pERx/_old 2025-05-30 17:21:41.026166875 +0200 +++ /var/tmp/diff_new_pack.G1pERx/_new 2025-05-30 17:21:41.026166875 +0200 @@ -56,6 +56,8 @@ Source130: %{name}-config.yml # Additional runtime configuration. Source201: %{name}.dnsmasq +# FIX-UPSTREAM: Backport of <https://github.com/lxc/incus/pull/2136>. +Patch1: 0001-incusd-forkproxy-join-the-correct-mntns-for-listen.patch BuildRequires: fdupes BuildRequires: file BuildRequires: go >= 1.22.7 ++++++ 0001-incusd-forkproxy-join-the-correct-mntns-for-listen.patch ++++++ >From edd79a6d1c4ac3283b6816d795fe6d975e5af5e3 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai <cyp...@cyphar.com> Date: Thu, 22 May 2025 18:42:54 +1000 Subject: [PATCH] incusd/forkproxy: join the correct mntns for listen This was a copy-paste error introduced in commit 4494bad12c57 ("incusd/main_forkproxy: Join all namespaces at once"). The net result was that container-binding proxy devices with a unix listener would be in the wrong mount namespace and the unix socket would accidentally be created on the host. Fixes: 4494bad12c57 ("incusd/main_forkproxy: Join all namespaces at once") Signed-off-by: Aleksa Sarai <cyp...@cyphar.com> --- cmd/incusd/main_forkproxy.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/incusd/main_forkproxy.go b/cmd/incusd/main_forkproxy.go index 71880714bcc3..9e3c6ead2fec 100644 --- a/cmd/incusd/main_forkproxy.go +++ b/cmd/incusd/main_forkproxy.go @@ -141,7 +141,7 @@ void forkproxy(void) if (in_same_namespace(getpid(), listen_nsfd, "user") > 0) setns_flags |= CLONE_NEWUSER; - if (needs_mntns & CONNECT_NEEDS_MNTNS) + if (needs_mntns & LISTEN_NEEDS_MNTNS) setns_flags |= CLONE_NEWNS; if (!change_namespaces(listen_pidfd, listen_nsfd, setns_flags)) { -- 2.49.0
