Package: release.debian.org Severity: normal Tags: bookworm User: release.debian....@packages.debian.org Usertags: pu X-Debbugs-Cc: pkg-lxc-de...@lists.alioth.debian.org, gib...@debian.org Control: affects -1 + src:lxc
[ Reason ] The version of lxc in bookworm fails to create ephemeral copies of containers. This is affecting Debian users, as two different bugs have been reported in addition to an upstream bug report. A fix was merged into the upstream repo earlier today, and I have cherry-picked it into the packaging for unstable which I have just uploaded. I would like to get this fix into bookworm, as it is a regression compared to lxc in bullseye. [ Impact ] The version of lxc currently in bookworm cannot create ephemeral copies of containers. [ Tests ] The changes have been reviewed and accepted by the upstream developers. I have tested that creation of normal and ephemeral containers works as expected in bookworm with this patch. [ Risks ] Minor/none -- the specific variable being checked was fixed to be a more correct one that could never be NULL, which was the root cause of the bug. This does technically change the behavior of lxc by fixing the bug, but I don't think there is any risk of a regression in other lxc behavior. [ Checklist ] [*] *all* changes are documented in the d/changelog [*] I reviewed all changes and I approve them [*] attach debdiff against the package in (old)stable [*] the issue is verified as fixed in unstable [ Changes ] Cherry-pick and rebase upstream commit 0e932812ae2ac4dec58e413c0d95d581385b9756, which has been merged into the upstream repo. There is also renaming of the `bdev_type` variable to `__bdev_type` which was included in the upstream commit; I have left that in, so the changes to bookworm packaging can be a direct cherry- pick of the upstream fix. [ Other info ] The source debdiff is attached.
diff -Nru lxc-5.0.2/debian/changelog lxc-5.0.2/debian/changelog --- lxc-5.0.2/debian/changelog 2023-09-22 16:35:52.000000000 +0000 +++ lxc-5.0.2/debian/changelog 2023-11-30 01:17:33.000000000 +0000 @@ -1,3 +1,9 @@ +lxc (1:5.0.2-1+deb12u2) bookworm; urgency=medium + + * Cherry-pick upstream fix for creating ephemeral copies (See #1001713) + + -- Mathias Gibbens <gib...@debian.org> Thu, 30 Nov 2023 01:17:33 +0000 + lxc (1:5.0.2-1+deb12u1) bookworm; urgency=medium * Cherry-pick upstream "fix nftables syntax for IPv6 NAT" (Closes: #1049976) diff -Nru lxc-5.0.2/debian/patches/0101-cherry-pick-fix-ephemeral-copies.patch lxc-5.0.2/debian/patches/0101-cherry-pick-fix-ephemeral-copies.patch --- lxc-5.0.2/debian/patches/0101-cherry-pick-fix-ephemeral-copies.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-5.0.2/debian/patches/0101-cherry-pick-fix-ephemeral-copies.patch 2023-11-30 01:17:33.000000000 +0000 @@ -0,0 +1,155 @@ +From 0e932812ae2ac4dec58e413c0d95d581385b9756 Mon Sep 17 00:00:00 2001 +From: Christian Brauner <brau...@kernel.org> +Date: Wed, 29 Nov 2023 15:57:04 +0100 +Subject: [PATCH] conf: fix ephemeral copies + +Don't rely on rootfs->bdev_type because that may be NULL. Use storage->type +instead which can't be NULL. + +Co-Developed-by: Mathias Gibbens <gib...@debian.org> +Signed-off-by: Mathias Gibbens <gib...@debian.org> +Reported-by: Mathias Gibbens <gib...@debian.org> +Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com> +--- + src/lxc/conf.c | 21 ++++++++++++--------- + src/lxc/conf.h | 4 ++-- + src/lxc/confile.c | 4 ++-- + src/lxc/storage/storage.c | 4 ++-- + src/lxc/storage/storage.h | 2 +- + 5 files changed, 19 insertions(+), 16 deletions(-) + +diff --git a/src/lxc/conf.c b/src/lxc/conf.c +index 9158713..e338ed7 100644 +--- a/src/lxc/conf.c ++++ b/src/lxc/conf.c +@@ -536,16 +536,21 @@ int lxc_rootfs_init(struct lxc_conf *conf, bool userns) + struct stat st; + struct statfs stfs; + struct lxc_rootfs *rootfs = &conf->rootfs; ++ const char *type; + + ret = lxc_storage_prepare(conf); + if (ret) + return syserror_set(-EINVAL, "Failed to prepare rootfs storage"); ++ type = rootfs->storage->type; ++ ++ if (!type) ++ return syserror_set(-EINVAL, "Storage type neither set nor automatically detected"); + + if (!is_empty_string(rootfs->mnt_opts.userns_path)) { + if (!rootfs->path) + return syserror_set(-EINVAL, "Idmapped rootfs currently only supported with separate rootfs for container"); + +- if (rootfs->bdev_type && !strequal(rootfs->bdev_type, "dir")) ++ if (type && !strequal(type, "dir")) + return syserror_set(-EINVAL, "Idmapped rootfs currently only supports the \"dir\" storage driver"); + } + +@@ -555,14 +560,12 @@ int lxc_rootfs_init(struct lxc_conf *conf, bool userns) + if (userns) + return log_trace(0, "Not pinning because container runs in user namespace"); + +- if (rootfs->bdev_type) { +- if (strequal(rootfs->bdev_type, "overlay") || +- strequal(rootfs->bdev_type, "overlayfs")) +- return log_trace_errno(0, EINVAL, "Not pinning on stacking filesystem"); ++ if (strequal(type, "overlay") || ++ strequal(type, "overlayfs")) ++ return log_trace_errno(0, EINVAL, "Not pinning on stacking filesystem"); + +- if (strequal(rootfs->bdev_type, "zfs")) +- return log_trace_errno(0, EINVAL, "Not pinning on ZFS filesystem"); +- } ++ if (strequal(type, "zfs")) ++ return log_trace_errno(0, EINVAL, "Not pinning on ZFS filesystem"); + + dfd_path = open_at(-EBADF, rootfs->path, PROTECT_OPATH_FILE, 0, 0); + if (dfd_path < 0) +@@ -4829,8 +4832,8 @@ void lxc_conf_free(struct lxc_conf *conf) + if (current_config == conf) + current_config = NULL; + lxc_terminal_conf_free(&conf->console); ++ free(conf->rootfs.__bdev_type); + free(conf->rootfs.mount); +- free(conf->rootfs.bdev_type); + free(conf->rootfs.path); + put_lxc_rootfs(&conf->rootfs, true); + free(conf->logfile); +diff --git a/src/lxc/conf.h b/src/lxc/conf.h +index 82cb66a..ee07ac7 100644 +--- a/src/lxc/conf.h ++++ b/src/lxc/conf.h +@@ -233,7 +233,7 @@ struct lxc_mount_options { + * @path : the rootfs source (directory or device) + * @mount : where it is mounted + * @buf : static buffer to construct paths +- * @bev_type : optional backing store type ++ * @__bev_type : optional backing store type + * @managed : whether it is managed by LXC + * @dfd_mnt : fd for @mount + * @dfd_dev : fd for /dev of the container +@@ -251,7 +251,7 @@ struct lxc_rootfs { + int dfd_dev; + + char buf[PATH_MAX]; +- char *bdev_type; ++ char *__bdev_type; + bool managed; + struct lxc_mount_options mnt_opts; + struct lxc_storage *storage; +diff --git a/src/lxc/confile.c b/src/lxc/confile.c +index 7966d32..c52c866 100644 +--- a/src/lxc/confile.c ++++ b/src/lxc/confile.c +@@ -2795,14 +2795,14 @@ static int set_config_rootfs_path(const char *key, const char *value, + return ret_errno(ENOMEM); + + /* Split <storage type>:<container path> into <storage type> and +- * <container path>. Set "rootfs.bdev_type" to <storage type> and ++ * <container path>. Set "rootfs.__bdev_type" to <storage type> and + * "rootfs.path" to <container path>. + */ + tmp = strchr(dup, ':'); + if (tmp) { + *tmp = '\0'; + +- ret = set_config_path_item(&lxc_conf->rootfs.bdev_type, dup); ++ ret = set_config_path_item(&lxc_conf->rootfs.__bdev_type, dup); + if (ret < 0) + return ret_errno(ENOMEM); + +diff --git a/src/lxc/storage/storage.c b/src/lxc/storage/storage.c +index c840c68..097540a 100644 +--- a/src/lxc/storage/storage.c ++++ b/src/lxc/storage/storage.c +@@ -215,7 +215,7 @@ static const struct lxc_storage_type *storage_query(struct lxc_conf *conf) + size_t i; + const struct lxc_storage_type *bdev; + const char *path = conf->rootfs.path; +- const char *type = conf->rootfs.bdev_type; ++ const char *type = conf->rootfs.__bdev_type; + + bdev = get_storage_by_name(path, type); + if (bdev) +@@ -641,7 +641,7 @@ struct lxc_storage *storage_init(struct lxc_conf *conf) + bool storage_is_dir(struct lxc_conf *conf) + { + struct lxc_storage *orig; +- char *type = conf->rootfs.bdev_type; ++ const char *type = conf->rootfs.__bdev_type; + bool bret = false; + + if (type) +diff --git a/src/lxc/storage/storage.h b/src/lxc/storage/storage.h +index 001a39c..02d6a7f 100644 +--- a/src/lxc/storage/storage.h ++++ b/src/lxc/storage/storage.h +@@ -98,7 +98,7 @@ struct lxc_storage { + * trust the config file. If the config file key + * lxc.rootfs.path is set to <storage type>:<container path> + * the confile parser will have split this into <storage type> +- * and <container path> and set the <bdev_type> member in the ++ * and <container path> and set the <__bdev_type> member in the + * lxc_rootfs struct to <storage type> and the <path> member + * will be set to a clean <container path> without the <storage + * type> prefix. This is the new, clean way of handling storage diff -Nru lxc-5.0.2/debian/patches/series lxc-5.0.2/debian/patches/series --- lxc-5.0.2/debian/patches/series 2023-09-22 16:35:52.000000000 +0000 +++ lxc-5.0.2/debian/patches/series 2023-11-30 01:17:33.000000000 +0000 @@ -2,3 +2,4 @@ 0005-lxc.service-Starts-after-remote-fs.target.patch 0004-nesting-Extend-mount-permissions-in-apparmor-to-allo.patch 0100-fix-nftables-ipv6.patch +0101-cherry-pick-fix-ephemeral-copies.patch
signature.asc
Description: This is a digitally signed message part