diff --git a/debian/patches/pve/0001-PVE-Config-lxc.service-start-after-a-potential-syslo.patch b/debian/patches/pve/0001-PVE-Config-lxc.service-start-after-a-potential-syslo.patch index 09e74ff..ca7d598 100644 --- a/debian/patches/pve/0001-PVE-Config-lxc.service-start-after-a-potential-syslo.patch +++ b/debian/patches/pve/0001-PVE-Config-lxc.service-start-after-a-potential-syslo.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Wolfgang Bumiller Date: Fri, 10 Feb 2017 09:13:40 +0100 -Subject: [PATCH lxc] PVE: [Config] lxc.service: start after a potential +Subject: [PATCH 1/3] PVE: [Config] lxc.service: start after a potential syslog.service We could add this as a snippet from pve-container instead. @@ -23,3 +23,6 @@ index 397a6c4d0..6924374d9 100644 Wants=lxc-net.service Documentation=man:lxc-autostart man:lxc +-- +2.30.2 + diff --git a/debian/patches/pve/0002-PVE-Config-deny-rw-mounting-of-sys-and-proc.patch b/debian/patches/pve/0002-PVE-Config-deny-rw-mounting-of-sys-and-proc.patch index cdcfaad..d0255cd 100644 --- a/debian/patches/pve/0002-PVE-Config-deny-rw-mounting-of-sys-and-proc.patch +++ b/debian/patches/pve/0002-PVE-Config-deny-rw-mounting-of-sys-and-proc.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= Date: Wed, 9 Nov 2016 09:14:26 +0100 -Subject: [PATCH lxc] PVE: [Config] deny rw mounting of /sys and /proc +Subject: [PATCH 2/3] PVE: [Config] deny rw mounting of /sys and /proc Note that we don't actually make use of this anymore, since we switched to the generated profiles which already do this. @@ -64,3 +64,6 @@ index 2606fb64c..3e61c62ea 100644 # allow paths to be made slave, shared, private or unbindable # FIXME: This currently doesn't work due to the apparmor parser treating those as allowing all mounts. # mount options=(rw,make-slave) -> **, +-- +2.30.2 + diff --git a/debian/patches/pve/0003-PVE-Config-attach-always-use-getent.patch b/debian/patches/pve/0003-PVE-Config-attach-always-use-getent.patch index b328b9f..26f5162 100644 --- a/debian/patches/pve/0003-PVE-Config-attach-always-use-getent.patch +++ b/debian/patches/pve/0003-PVE-Config-attach-always-use-getent.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Wolfgang Bumiller Date: Tue, 13 Aug 2019 13:57:22 +0200 -Subject: [PATCH lxc] PVE: [Config] attach: always use getent +Subject: [PATCH 3/3] PVE: [Config] attach: always use getent In debian buster, some libnss plugins (if installed) can cause getpwent to segfault instead of erroring out cleanly. @@ -13,10 +13,10 @@ Signed-off-by: Wolfgang Bumiller 1 file changed, 2 insertions(+), 27 deletions(-) diff --git a/src/lxc/attach.c b/src/lxc/attach.c -index 77da7bb45..65c953298 100644 +index f086e96c4..9969f2d8e 100644 --- a/src/lxc/attach.c +++ b/src/lxc/attach.c -@@ -1841,45 +1841,21 @@ int lxc_attach_run_command(void *payload) +@@ -1843,45 +1843,21 @@ int lxc_attach_run_command(void *payload) int lxc_attach_run_shell(void* payload) { @@ -63,7 +63,7 @@ index 77da7bb45..65c953298 100644 if (user_shell) execlp(user_shell, user_shell, (char *)NULL); -@@ -1889,8 +1865,7 @@ int lxc_attach_run_shell(void* payload) +@@ -1891,8 +1867,7 @@ int lxc_attach_run_shell(void* payload) execlp("/bin/sh", "/bin/sh", (char *)NULL); SYSERROR("Failed to execute shell"); @@ -73,3 +73,6 @@ index 77da7bb45..65c953298 100644 return -1; } +-- +2.30.2 + diff --git a/debian/patches/series b/debian/patches/series index b5f1045..ee20ef5 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,8 +1,3 @@ -extra/0001-add-check-for-statvfs.patch -extra/0002-Fix-off-by-one-error-constructing-mount-options.patch -extra/0003-Store-mount-options-in-correct-variable.patch -extra/0004-Fix-uninitialized-read-in-parse_cap-when-libcap-is-n.patch -extra/0005-meson-add-remaining-still-in-use-config-checks.patch pve/0001-PVE-Config-lxc.service-start-after-a-potential-syslo.patch pve/0002-PVE-Config-deny-rw-mounting-of-sys-and-proc.patch pve/0003-PVE-Config-attach-always-use-getent.patch diff --git a/lxc b/lxc index 1f8c355..d571736 160000 --- a/lxc +++ b/lxc @@ -1 +1 @@ -Subproject commit 1f8c355727757b41964a7273f51d4f6b59531e02 +Subproject commit d571736812b89e195bee69b900fe09115a1e7e00