lxc: import v5.0.3

This is the default openwrt22.03 and openwrt23.05 version.

GitOrigin-RevId: a2bce07c4f1fd10bfabcedb0bce585713031436f

packages/utils/lxc/Config.in

@@ -0,0 +1,56 @@
+menu "Configuration"
+        depends on PACKAGE_lxc
+
+config LXC_KERNEL_OPTIONS
+	bool "Enable kernel support for LXC"
+	default n
+	select KERNEL_CGROUPS
+	select KERNEL_NAMESPACES
+	select KERNEL_DEVPTS_MULTIPLE_INSTANCES
+	select KERNEL_POSIX_MQUEUE
+	select KERNEL_CGROUP_SCHED
+	select KERNEL_FAIR_GROUP_SCHED
+	select KERNEL_RT_GROUP_SCHED
+	select KERNEL_CGROUP_CPUACCT
+	select KERNEL_MEMCG
+	select KERNEL_MEMCG_KMEM
+	select KERNEL_CPUSETS
+	select PACKAGE_kmod-ikconfig
+	help
+	  Select needed kernel options for LXC related utilities. Options
+	  include cgroups, namespaces and other miscellaneous options. These
+	  options unfortunately can not be installed as a module.
+
+config LXC_BUSYBOX_OPTIONS
+	bool "Enable busybox support for lxc-create tool"
+	default n
+	select BUSYBOX_CUSTOM
+	select BUSYBOX_CONFIG_HAVE_DOT_CONFIG
+	select BUSYBOX_CONFIG_FEATURE_SEAMLESS_XZ
+	select BUSYBOX_CONFIG_FEATURE_TAR_LONG_OPTIONS
+	select BUSYBOX_CONFIG_UNXZ
+	select BUSYBOX_CONFIG_XZ
+	select BUSYBOX_CONFIG_GETOPT
+	select BUSYBOX_CONFIG_FEATURE_GETOPT_LONG
+	select BUSYBOX_CONFIG_MOUNTPOINT
+	help
+	  Select needed busybox options for lxc-create utility. This include XZ tar
+	  compression, long option support for tar and built-in getopt support.
+
+config LXC_SECCOMP
+	bool "Enable support for seccomp in LXC"
+	default KERNEL_SECCOMP
+	depends on !arc
+	help
+	  Build LXC with support for seccomp filters.
+	  Select libseccomp which also pulls-in the needed kernel features.
+
+config LXC_NETWORKING
+	bool "Enable networking support for LXC containers"
+	default n
+	select PACKAGE_kmod-veth
+	select PACKAGE_kmod-macvlan
+	help
+	  Enable "veth pair device" and "macvlan"
+
+endmenu

packages/utils/lxc/Makefile

@@ -0,0 +1,275 @@
+#
+# Copyright (C) 2013-2015 OpenWrt.org
+# Copyright (C) 2020 Sartura
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=lxc
+PKG_VERSION:=5.0.3
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://linuxcontainers.org/downloads/lxc/
+PKG_HASH:=2693a4c654dcfdafb3aa95c262051d8122afa1b6f5cef1920221ebbdee934d07
+
+PKG_MAINTAINER:=Marko Ratkaj <markoratkaj@gmail.com>
+PKG_LICENSE:=LGPL-2.1-or-later BSD-2-Clause GPL-2.0
+PKG_LICENSE_FILES:=COPYING LICENSE.GPL2 LICENSE.LGPL2.1
+PKG_BUILD_FLAGS:=no-mips16
+
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/meson.mk
+
+MESON_ARGS += \
+	-Db_lto=$(if $(findstring mips,$(CONFIG_ARCH)),false,true) \
+	-Dwerror=false \
+	-Dinit-script=sysvinit \
+	-Dman=false \
+	-Dapparmor=false \
+	-Dselinux=false \
+	-Dseccomp=$(if $(CONFIG_LXC_SECCOMP),true,false) \
+	-Dexamples=false \
+	-Db_pie=true \
+	-Druntime-path=/var/run
+
+LXC_APPLETS_BIN += \
+	attach autostart cgroup copy config console create destroy device \
+	execute freeze info monitor snapshot start stop unfreeze unshare \
+	usernsexec wait top ls
+
+LXC_APPLETS_LIB += \
+	monitord user-nic
+
+LXC_SCRIPTS += \
+	checkconfig
+
+DEPENDS_APPLETS = +libpthread +libcap +liblxc
+
+DEPENDS_create = +lxc-configs +lxc-hooks +lxc-templates +flock +getopt
+
+define Package/lxc/Default
+  SECTION:=utils
+  CATEGORY:=Utilities
+  TITLE:=LXC userspace tools
+  URL:=https://linuxcontainers.org/
+  DEPENDS:=lxc
+endef
+
+define Package/lxc
+  $(call Package/lxc/Default)
+  DEPENDS:=@!arc
+  MENU:=1
+endef
+
+define Package/lxc-auto
+  $(call Package/lxc/Default)
+  TITLE:= (initscript)
+  DEPENDS+=+lxc-start +lxc-stop
+endef
+
+define Package/lxc-auto/postinst
+[ -n "$${IPKG_INSTROOT}" ] || [ "$${PKG_UPGRADE}" = 1 ] || /etc/init.d/lxc-auto boot
+endef
+
+define Package/lxc-auto/description
+ LXC is the userspace control package for Linux Containers, a lightweight
+ virtual system mechanism sometimes described as "chroot on steroids".
+ This package adds an initscript for starting and stopping the containers
+ on boot and shutdown.
+endef
+
+define Package/lxc-auto/conffiles
+/etc/config/lxc-auto
+endef
+
+define Package/lxc-unprivileged
+  $(call Package/lxc/Default)
+  TITLE:=Helper script for unprivileged containers support
+  DEPENDS+=+shadow-utils +shadow-newuidmap +shadow-newgidmap
+endef
+
+define Package/lxc-unprivileged/description
+ Support for unprivileged containers requires newuidmap and newguidmap.
+ This package makes sure they are available & have correct permissions.
+endef
+
+define Package/lxc-unprivileged/install
+	$(INSTALL_DIR) $(1)/etc/uci-defaults
+	$(INSTALL_DATA) ./files/lxc-unprivileged.defaults $(1)/etc/uci-defaults/lxc-unprivileged
+endef
+
+define Package/lxc/config
+  source "$(SOURCE)/Config.in"
+endef
+
+define Package/lxc/description
+ LXC is the userspace control package for Linux Containers, a lightweight
+ virtual system mechanism sometimes described as "chroot on steroids".
+endef
+
+define Package/lxc-common
+  $(call Package/lxc/Default)
+  TITLE:=LXC common files
+endef
+
+define Package/lxc-hooks
+  $(call Package/lxc/Default)
+  TITLE:=LXC virtual machine hooks
+endef
+
+define Package/lxc-templates
+  $(call Package/lxc/Default)
+  TITLE:=LXC virtual machine templates
+endef
+
+define Package/lxc-configs
+  $(call Package/lxc/Default)
+  TITLE:=LXC virtual machine common config files
+endef
+
+define Package/liblxc
+  $(call Package/lxc/Default)
+  SECTION:=libs
+  CATEGORY:=Libraries
+  TITLE:=LXC userspace library
+  DEPENDS+= +libcap +libpthread +LXC_SECCOMP:libseccomp +libopenssl
+endef
+
+define Package/lxc-init
+  $(call Package/lxc/Default)
+  TITLE:=LXC Lua bindings
+  DEPENDS+= +liblxc
+endef
+
+ifdef CONFIG_USE_MIPS16
+  TARGET_CFLAGS += -minterlink-mips16
+endif
+TARGET_LDFLAGS += -lgcc_eh
+
+define Build/InstallDev
+	$(INSTALL_DIR) $(1)/usr/include/lxc/
+	$(CP) \
+		$(PKG_INSTALL_DIR)/usr/include/lxc/* \
+		$(1)/usr/include/lxc/
+
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(CP) \
+		$(PKG_INSTALL_DIR)/usr/lib/liblxc.so* \
+		$(1)/usr/lib/
+
+	$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
+	$(CP) \
+		$(PKG_INSTALL_DIR)/usr/lib/pkgconfig/lxc.pc \
+		$(1)/usr/lib/pkgconfig/
+	$(SED) 's,/usr/include,$$$${prefix}/include,g' $(1)/usr/lib/pkgconfig/lxc.pc
+	$(SED) 's,/usr/lib,$$$${prefix}/lib,g' $(1)/usr/lib/pkgconfig/lxc.pc
+endef
+
+
+define Package/lxc/install
+	true
+endef
+
+define Package/lxc-auto/install
+	$(INSTALL_DIR) $(1)/etc/config $(1)/etc/init.d
+	$(INSTALL_CONF) ./files/lxc-auto.config $(1)/etc/config/lxc-auto
+	$(INSTALL_BIN) ./files/lxc-auto.init $(1)/etc/init.d/lxc-auto
+endef
+
+define Package/lxc-common/conffiles
+/etc/lxc/default.conf
+/etc/lxc/lxc.conf
+endef
+
+define Package/lxc-common/install
+	$(INSTALL_DIR) $(1)/usr/lib/lxc/rootfs
+	$(CP) \
+		$(PKG_INSTALL_DIR)/usr/lib/lxc/rootfs/README \
+		$(1)/usr/lib/lxc/rootfs/
+
+	$(INSTALL_DIR) $(1)/usr/share/lxc
+	$(CP) \
+		$(PKG_INSTALL_DIR)/usr/share/lxc/lxc.functions \
+		$(1)/usr/share/lxc/
+
+	$(INSTALL_DIR) $(1)/etc/lxc/
+	$(CP) \
+		$(PKG_INSTALL_DIR)/etc/lxc/default.conf \
+		$(1)/etc/lxc/default.conf
+
+	$(INSTALL_DIR) $(1)/etc/lxc/
+	$(CP) \
+		./files/lxc.conf \
+		$(1)/etc/lxc/lxc.conf
+
+	$(INSTALL_DIR) $(1)/srv/lxc/
+endef
+
+define Package/lxc-hooks/install
+	$(INSTALL_DIR) $(1)/usr/share/lxc/hooks
+	$(CP) \
+		$(PKG_INSTALL_DIR)/usr/share/lxc/hooks/* \
+		$(1)/usr/share/lxc/hooks/
+endef
+
+define Package/lxc-templates/install
+	$(INSTALL_DIR) $(1)/usr/share/lxc/templates/
+	$(CP) \
+		$(PKG_INSTALL_DIR)/usr/share/lxc/templates/lxc-* \
+		$(1)/usr/share/lxc/templates/
+endef
+
+define Package/lxc-configs/install
+	$(INSTALL_DIR) $(1)/usr/share/lxc/config/
+	$(CP) \
+		$(PKG_INSTALL_DIR)/usr/share/lxc/config/* \
+		$(1)/usr/share/lxc/config/
+endef
+
+define Package/liblxc/install
+	$(INSTALL_DIR) $(1)/usr/lib/
+	$(CP) \
+		$(PKG_INSTALL_DIR)/usr/lib/liblxc.so* \
+		$(1)/usr/lib/
+endef
+
+define Package/lxc-init/install
+	$(INSTALL_DIR) $(1)/sbin
+	$(CP) \
+		$(PKG_INSTALL_DIR)/usr/sbin/init.lxc \
+		$(1)/sbin/
+endef
+
+define GenPlugin
+  define Package/lxc-$(1)
+    $(call Package/lxc/Default)
+    TITLE:=Utility lxc-$(1) from the LXC userspace tools
+    DEPENDS+= +lxc-common $(2) $(DEPENDS_$(1))
+  endef
+
+  define Package/lxc-$(1)/install
+	$(INSTALL_DIR) $$(1)$(3)
+	$(INSTALL_BIN) \
+		$(PKG_INSTALL_DIR)$(3)/lxc-$(1) \
+		$$(1)$(3)/
+  endef
+
+  $$(eval $$(call BuildPackage,lxc-$(1)))
+endef
+
+$(eval $(call BuildPackage,lxc))
+$(eval $(call BuildPackage,lxc-common))
+$(eval $(call BuildPackage,lxc-hooks))
+$(eval $(call BuildPackage,lxc-configs))
+$(eval $(call BuildPackage,lxc-templates))
+$(eval $(call BuildPackage,liblxc))
+$(eval $(call BuildPackage,lxc-init))
+$(eval $(call BuildPackage,lxc-auto))
+$(eval $(call BuildPackage,lxc-unprivileged))
+$(foreach u,$(LXC_APPLETS_BIN),$(eval $(call GenPlugin,$(u),$(DEPENDS_APPLETS),"/usr/bin")))
+$(foreach u,$(LXC_APPLETS_LIB),$(eval $(call GenPlugin,$(u),$(DEPENDS_APPLETS),"/usr/libexec/lxc")))
+$(foreach u,$(LXC_SCRIPTS),$(eval $(call GenPlugin,$(u),,"/usr/bin")))

packages/utils/lxc/files/lxc-auto.config

@@ -0,0 +1,5 @@
+#config container
+	#option name container1
+	#option timeout 300
+	#list command '/bin/command --option'
+

packages/utils/lxc/files/lxc-auto.init

@@ -0,0 +1,73 @@
+#!/bin/sh /etc/rc.common
+
+. "${IPKG_INSTROOT}"/lib/functions.sh
+
+START=99
+STOP=00
+
+run_command() {
+	local command="$1"
+	$command
+}
+
+start_container() {
+	local cfg="$1"
+	local name
+
+	config_get name "$cfg" name
+	config_list_foreach "$cfg" command run_command
+	if [ -n "$name" ]; then
+		/usr/bin/lxc-start -n "$name"
+	fi
+}
+
+max_timeout=0
+
+stop_container() {
+	local cfg="$1"
+	local name timeout
+
+	config_get name "$cfg" name
+	config_get timeout "$cfg" timeout 300
+
+	if [ "$max_timeout" -lt "$timeout" ]; then
+		max_timeout=$timeout
+	fi
+
+	if [ -n "$name" ]; then
+		[ "$timeout" = "0" ] && postargs=" -t $max_timeout"
+		/usr/bin/lxc-stop -n "$name" "$postargs" &
+		export STOPPID=$!
+	fi
+}
+
+start() {
+	config_load lxc-auto
+	config_foreach start_container container
+}
+
+stop() {
+	config_load lxc-auto
+	config_foreach stop_container container
+	# ensure e.g. shutdown doesn't occur before maximum timeout on
+	# containers that are shutting down
+	if [ $max_timeout -gt 0 ]; then
+		for i in $(seq 1 $max_timeout); do
+			if [ -d /proc/"$STOPPID" ]; then
+				sleep 1s
+			else
+				return 0
+			fi
+		done
+	fi
+}
+
+#Export systemd cgroups
+boot() {
+	if [ ! -d /sys/fs/cgroup/systemd ]; then
+		mkdir -p /sys/fs/cgroup/systemd
+		mount -t cgroup -o rw,nosuid,nodev,noexec,relatime,none,name=systemd cgroup /sys/fs/cgroup/systemd
+	fi
+
+	start
+}

packages/utils/lxc/files/lxc-unprivileged.defaults

@@ -0,0 +1,4 @@
+#!/bin/sh
+
+chmod u+s /usr/bin/newuidmap && \
+chmod u+s /usr/bin/newgidmap

packages/utils/lxc/files/lxc.conf

@@ -0,0 +1 @@
+lxc.lxcpath = /srv/lxc

packages/utils/lxc/patches/020-lxc-checkconfig.patch

@@ -0,0 +1,20 @@
+--- a/src/lxc/cmd/lxc-checkconfig.in
++++ b/src/lxc/cmd/lxc-checkconfig.in
+@@ -4,6 +4,17 @@
+ # Allow environment variables to override config
+ : ${CONFIG:=/proc/config.gz}
+ : ${MODNAME:=configs}
++: ${ZGREP:=zgrep}
++: ${GUNZIP:=gunzip}
++
++if [ -z $(command -v $ZGREP) ] && ! [ -z $(command -v $GUNZIP) ] && [ -x $(command -v $GUNZIP) ] &&  [ -f $CONFIG ] && [ "$CONFIG" == "/proc/config.gz" ] ; then
++
++	CONFIG_NEW="/tmp/config-$(uname -r)"
++	$GUNZIP -c $CONFIG > $CONFIG_NEW
++	CONFIG=$CONFIG_NEW
++
++	GREP=grep
++fi
+ 
+ CAT="cat"
+ 

packages/utils/lxc/patches/021-remove-legacy-cgroup-support.patch

@@ -0,0 +1,38 @@
+--- a/config/templates/common.conf.in
++++ b/config/templates/common.conf.in
+@@ -15,35 +15,6 @@ lxc.cap.drop = mac_admin mac_override sy
+ # Ensure hostname is changed on clone
+ lxc.hook.clone = @LXCHOOKDIR@/clonehostname
+ 
+-# Default legacy cgroup configuration
+-#
+-# CGroup allowlist
+-lxc.cgroup.devices.deny = a
+-## Allow any mknod (but not reading/writing the node)
+-lxc.cgroup.devices.allow = c *:* m
+-lxc.cgroup.devices.allow = b *:* m
+-## Allow specific devices
+-### /dev/null
+-lxc.cgroup.devices.allow = c 1:3 rwm
+-### /dev/zero
+-lxc.cgroup.devices.allow = c 1:5 rwm
+-### /dev/full
+-lxc.cgroup.devices.allow = c 1:7 rwm
+-### /dev/tty
+-lxc.cgroup.devices.allow = c 5:0 rwm
+-### /dev/console
+-lxc.cgroup.devices.allow = c 5:1 rwm
+-### /dev/ptmx
+-lxc.cgroup.devices.allow = c 5:2 rwm
+-### /dev/random
+-lxc.cgroup.devices.allow = c 1:8 rwm
+-### /dev/urandom
+-lxc.cgroup.devices.allow = c 1:9 rwm
+-### /dev/pts/*
+-lxc.cgroup.devices.allow = c 136:* rwm
+-### fuse
+-lxc.cgroup.devices.allow = c 10:229 rwm
+-
+ # Default unified cgroup configuration
+ #
+ # CGroup allowlist

packages/utils/lxc/patches/025-remove-unsupported-option.patch

@@ -0,0 +1,24 @@
+--- a/templates/lxc-download.in
++++ b/templates/lxc-download.in
+@@ -384,20 +384,7 @@ fi
+ # Unpack the rootfs
+ echo "Unpacking the rootfs"
+ 
+-EXCLUDES=""
+-excludelist=$(relevant_file excludes)
+-if [ -f "${excludelist}" ]; then
+-  while read -r line; do
+-    EXCLUDES="${EXCLUDES} --exclude=${line}"
+-  done < "${excludelist}"
+-fi
+-
+-# Do not surround ${EXCLUDES} by quotes. This does not work. The solution could
+-# use array but this is not POSIX compliant. The only POSIX compliant solution
+-# is to use a function wrapper, but the latter can't be used here as the args
+-# are dynamic. We thus need to ignore the warning brought by shellcheck.
+-# shellcheck disable=SC2086
+-tar  --anchored ${EXCLUDES} --numeric-owner -xpJf "${LXC_CACHE_PATH}/rootfs.tar.xz" -C "${LXC_ROOTFS}"
++tar --numeric-owner -xpJf "${LXC_CACHE_PATH}/rootfs.tar.xz" -C "${LXC_ROOTFS}"
+ 
+ mkdir -p "${LXC_ROOTFS}/dev/pts/"
+