config/init/common/lxc-net.in | 6 +++-- config/init/systemd/lxc.service.in | 2 -- meson.build | 2 +- src/lxc/confile.c | 54 +++++++++++++++++++++++++------------- 4 files changed, 41 insertions(+), 23 deletions(-) diff --git a/config/init/common/lxc-net.in b/config/init/common/lxc-net.in index efee9b96f..1b0aad13e 100755 --- a/config/init/common/lxc-net.in +++ b/config/init/common/lxc-net.in @@ -25,6 +25,8 @@ LXC_IPV6_MASK="" LXC_IPV6_NETWORK="" LXC_IPV6_NAT="false" +RESTORECON="/sbin/restorecon" + [ ! -f $distrosysconfdir/lxc ] || . $distrosysconfdir/lxc use_nft() { @@ -144,8 +146,8 @@ start() { # can't write its pid into, so we restorecon it (to var_run_t) if [ ! -d "${varrun}" ]; then mkdir -p "${varrun}" - if command -v restorecon >/dev/null 2>&1; then - restorecon "${varrun}" + if [ -x ${RESTORECON} ]; then + ${RESTORECON} "${varrun}" fi fi diff --git a/config/init/systemd/lxc.service.in b/config/init/systemd/lxc.service.in index 397a6c4d0..d450b8bbd 100644 --- a/config/init/systemd/lxc.service.in +++ b/config/init/systemd/lxc.service.in @@ -7,10 +7,8 @@ Documentation=man:lxc-autostart man:lxc [Service] Type=oneshot RemainAfterExit=yes -ExecStartPre=@LIBEXECDIR@/lxc/lxc-apparmor-load ExecStart=@LIBEXECDIR@/lxc/lxc-containers start ExecStop=@LIBEXECDIR@/lxc/lxc-containers stop -ExecReload=@LIBEXECDIR@/lxc/lxc-apparmor-load # Environment=BOOTUP=serial # Environment=CONSOLETYPE=serial Delegate=yes diff --git a/meson.build b/meson.build index 1b2d6736d..7c0c6328c 100644 --- a/meson.build +++ b/meson.build @@ -26,7 +26,7 @@ liblxc_dependencies = [] oss_fuzz_dependencies = [] # Version. -liblxc_version = '1.7.0' +liblxc_version = '0.7.0' version_data = configuration_data() version_data.set('LXC_VERSION_MAJOR', '5') version_data.set('LXC_VERSION_MINOR', '0') diff --git a/src/lxc/confile.c b/src/lxc/confile.c index 7966d32e8..f4e5fce0a 100644 --- a/src/lxc/confile.c +++ b/src/lxc/confile.c @@ -1648,7 +1648,8 @@ static int set_config_apparmor_profile(const char *key, const char *value, #if HAVE_APPARMOR return set_config_string_item(&lxc_conf->lsm_aa_profile, value); #else - return syserror_set(-EINVAL, "Built without AppArmor support"); + SYSWARN("Built without AppArmor support"); + return 0; #endif } @@ -1674,7 +1675,8 @@ static int set_config_apparmor_allow_incomplete(const char *key, return 0; #else - return syserror_set(-EINVAL, "Built without AppArmor support"); + SYSWARN("Built without AppArmor support"); + return 0; #endif } @@ -1698,7 +1700,8 @@ static int set_config_apparmor_allow_nesting(const char *key, return 0; #else - return syserror_set(-EINVAL, "Built without AppArmor support"); + SYSWARN("Built without AppArmor support"); + return 0; #endif } @@ -1728,7 +1731,8 @@ static int set_config_apparmor_raw(const char *key, return 0; #else - return syserror_set(-EINVAL, "Built without AppArmor support"); + SYSWARN("Built without AppArmor support"); + return 0; #endif } @@ -1738,7 +1742,8 @@ static int set_config_selinux_context(const char *key, const char *value, #if HAVE_SELINUX return set_config_string_item(&lxc_conf->lsm_se_context, value); #else - return syserror_set(-EINVAL, "Built without SELinux support"); + SYSWARN("Built without SELinux support"); + return 0; #endif } @@ -1748,7 +1753,8 @@ static int set_config_selinux_context_keyring(const char *key, const char *value #if HAVE_SELINUX return set_config_string_item(&lxc_conf->lsm_se_keyring_context, value); #else - return syserror_set(-EINVAL, "Built without SELinux support"); + SYSWARN("Built without SELinux support"); + return 0; #endif } @@ -3816,7 +3822,8 @@ static int get_config_apparmor_profile(const char *key, char *retv, int inlen, #if HAVE_APPARMOR return lxc_get_conf_str(retv, inlen, c->lsm_aa_profile); #else - return syserror_set(-EINVAL, "Built without AppArmor support"); + SYSWARN("Built without AppArmor support"); + return 0; #endif } @@ -3827,7 +3834,8 @@ static int get_config_apparmor_allow_incomplete(const char *key, char *retv, #if HAVE_APPARMOR return lxc_get_conf_int(c, retv, inlen, c->lsm_aa_allow_incomplete); #else - return syserror_set(-EINVAL, "Built without AppArmor support"); + SYSWARN("Built without AppArmor support"); + return 0; #endif } @@ -3838,7 +3846,8 @@ static int get_config_apparmor_allow_nesting(const char *key, char *retv, #if HAVE_APPARMOR return lxc_get_conf_int(c, retv, inlen, c->lsm_aa_allow_nesting); #else - return syserror_set(-EINVAL, "Built without AppArmor support"); + SYSWARN("Built without AppArmor support"); + return 0; #endif } @@ -3862,7 +3871,8 @@ static int get_config_apparmor_raw(const char *key, char *retv, return fulllen; #else - return syserror_set(-EINVAL, "Built without AppArmor support"); + SYSWARN("Built without AppArmor support"); + return 0; #endif } @@ -3872,7 +3882,8 @@ static int get_config_selinux_context(const char *key, char *retv, int inlen, #if HAVE_SELINUX return lxc_get_conf_str(retv, inlen, c->lsm_se_context); #else - return syserror_set(-EINVAL, "Built without SELinux support"); + SYSWARN("Built without SELinux support"); + return 0; #endif } @@ -3882,7 +3893,8 @@ static int get_config_selinux_context_keyring(const char *key, char *retv, int i #if HAVE_SELINUX return lxc_get_conf_str(retv, inlen, c->lsm_se_keyring_context); #else - return syserror_set(-EINVAL, "Built without SELinux support"); + SYSWARN("Built without SELinux support"); + return 0; #endif } @@ -4858,7 +4870,8 @@ static inline int clr_config_apparmor_profile(const char *key, free_disarm(c->lsm_aa_profile); return 0; #else - return syserror_set(-EINVAL, "Built without AppArmor support"); + SYSWARN("Built without AppArmor support"); + return 0; #endif } @@ -4870,7 +4883,8 @@ static inline int clr_config_apparmor_allow_incomplete(const char *key, c->lsm_aa_allow_incomplete = 0; return 0; #else - return syserror_set(-EINVAL, "Built without AppArmor support"); + SYSWARN("Built without AppArmor support"); + return 0; #endif } @@ -4882,7 +4896,8 @@ static inline int clr_config_apparmor_allow_nesting(const char *key, c->lsm_aa_allow_nesting = 0; return 0; #else - return syserror_set(-EINVAL, "Built without AppArmor support"); + SYSWARN("Built without AppArmor support"); + return 0; #endif } @@ -4893,7 +4908,8 @@ static inline int clr_config_apparmor_raw(const char *key, #if HAVE_APPARMOR return lxc_clear_apparmor_raw(c); #else - return syserror_set(-EINVAL, "Built without AppArmor support"); + SYSWARN("Built without AppArmor support"); + return 0; #endif } @@ -4904,7 +4920,8 @@ static inline int clr_config_selinux_context(const char *key, free_disarm(c->lsm_se_context); return 0; #else - return syserror_set(-EINVAL, "Built without SELinux support"); + SYSWARN("Built without SELinux support"); + return 0; #endif } @@ -4915,7 +4932,8 @@ static inline int clr_config_selinux_context_keyring(const char *key, free_disarm(c->lsm_se_keyring_context); return 0; #else - return syserror_set(-EINVAL, "Built without SELinux support"); + SYSWARN("Built without SELinux support"); + return 0; #endif }