Package: lxc
Version: 1:2.0.5-1
Severity: wishlist
Tags: patch
Hi,
with this bug I want to propose a patch against the lxc source package
which splits out the lxc-unshare and lxc-usernsexec utilities into their
own binary package. It follows the rationale.
The lxc package currently contains the two tools lxc-unshare and
lxc-usernsexec. The only thing that these tools have in common with the
other lxc tools is that they are prefixed with "lxc-". They are not
manipulating any lxc containers. Still, these two binaries provide some
very powerful facilities which are so far unique in Debian: they allow
to easily enter a new user namespace and unshare several other
namespaces from within it. There exists the "unshare" utility from the
util-linux binary package, but that one doesn't offer all the
functionality that the lxc-unshare and lxc-usernsexec tools offer. One
important limitation of the unshare tool is, that it doesn't yet allow
mounting /proc which is a crucial drawback. So even though the
lxc-unshare tool is described as "mainly provided for testing purposes"
in its man page, it is so far the only tool in Debian which allows
easily setting up fully-fledged (including /proc) unprivileged chroots
from within shell scripts.
One problem right now is, that to acquire the lxc-unshare and
lxc-usernsexec utilities, one has to install the full lxc package. Due
to its dependencies, that can mean up to 95.5 MB of additional disk
space being required for 74 new packages. Even when installing with
--no-install-recommends, still 33.2 MB of additional disk space will be
used for 22 new packages. It would make things much more light-weight if
the two tools would live in their own binary package because that would
limit the amount of additionally required disk space to 1172 kB for just
5 more packages on top of a minimal installation.
The attached patch adds the lxc-userns-tools binary package. The name is
obviously free to be changed to something else. I also let the lxc
package depend on the lxc-userns-tools package. That way, existing users
of the lxc package will not see a difference in provided functionality.
The main overhead and complication that this patch adds are much longer
*.install files but since you are also using "dh_install --fail-missing"
there is no way that the list in lxc.install could become outdated in
the future without you noticing via a build failure.
What do you think?
cheers, josch
>From 8d642b4b6c32716e7d2669f27132f801d363bdd3 Mon Sep 17 00:00:00 2001
From: Johannes Schauer <jo...@debian.org>
Date: Thu, 8 Dec 2016 18:31:54 +0100
Subject: [PATCH] Move lxc-unshare and lxc-usernsexec to a new binary package
lxc-userns-tools
---
debian/changelog | 8 ++++
debian/control | 20 ++++++++-
debian/lxc-userns-tools.install | 8 ++++
debian/lxc.install | 98 ++++++++++++++++++++++++++++++++++++++++-
4 files changed, 131 insertions(+), 3 deletions(-)
create mode 100644 debian/lxc-userns-tools.install
diff --git a/debian/changelog b/debian/changelog
index 0fb245d..7fd7695 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+lxc (1:2.0.6-1.1) UNRELEASED; urgency=medium
+
+ * Non-maintainer upload.
+ * Move lxc-unshare and lxc-usernsexec to a new binary package
+ lxc-userns-tools (Closes: #XXXXXX)
+
+ -- Johannes Schauer <jo...@debian.org> Thu, 08 Dec 2016 18:30:50 +0100
+
lxc (1:2.0.6-1) unstable; urgency=high
* New upstream version 2.0.6
diff --git a/debian/control b/debian/control
index d2fd241..bb27a7d 100644
--- a/debian/control
+++ b/debian/control
@@ -34,7 +34,8 @@ Depends: liblxc1 (= ${binary:Version}),
${misc:Depends},
${shlibs:Depends},
${python3:Depends},
- lsb-base (>= 3.0-6)
+ lsb-base (>= 3.0-6),
+ lxc-userns-tools (= ${binary:Version})
Recommends: bridge-utils,
debootstrap,
dirmngr,
@@ -57,6 +58,23 @@ Description: Linux Containers userspace tools
daemon in a container, or to boot an entire "containerized" system, and to
manage and debug your containers.
+Package: lxc-userns-tools
+Architecture: linux-any
+Pre-Depends: ${misc:Pre-Depends}
+Depends: liblxc1 (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends}
+Recommends: uidmap
+Description: tools for Linux user namespace manipulation
+ Containers are insulated areas inside a system, which have their own namespace
+ for filesystem, network, PID, IPC, CPU and memory allocation and which can be
+ created using the Control Group and Namespace features included in the Linux
+ kernel.
+ .
+ This package provides the lxc-usernsexec and lxc-unshare tools which can be
+ used to run a task as root in a new user namespace and to unshare a set of
+ namespaces, respectively.
+
Package: lxc-dev
Section: libdevel
Architecture: linux-any
diff --git a/debian/lxc-userns-tools.install b/debian/lxc-userns-tools.install
new file mode 100644
index 0000000..6b8d3ce
--- /dev/null
+++ b/debian/lxc-userns-tools.install
@@ -0,0 +1,8 @@
+usr/bin/lxc-unshare
+usr/bin/lxc-usernsexec
+usr/share/man/ja/man1/lxc-unshare.1
+usr/share/man/ja/man1/lxc-usernsexec.1
+usr/share/man/ko/man1/lxc-unshare.1
+usr/share/man/ko/man1/lxc-usernsexec.1
+usr/share/man/man1/lxc-unshare.1
+usr/share/man/man1/lxc-usernsexec.1
diff --git a/debian/lxc.install b/debian/lxc.install
index dd76dae..6d08e2a 100644
--- a/debian/lxc.install
+++ b/debian/lxc.install
@@ -1,11 +1,105 @@
etc
lib
-usr/bin
+usr/bin/lxc-attach
+usr/bin/lxc-autostart
+usr/bin/lxc-cgroup
+usr/bin/lxc-checkconfig
+usr/bin/lxc-checkpoint
+usr/bin/lxc-config
+usr/bin/lxc-console
+usr/bin/lxc-copy
+usr/bin/lxc-create
+usr/bin/lxc-destroy
+usr/bin/lxc-device
+usr/bin/lxc-execute
+usr/bin/lxc-freeze
+usr/bin/lxc-info
+usr/bin/lxc-ls
+usr/bin/lxc-monitor
+usr/bin/lxc-snapshot
+usr/bin/lxc-start
+usr/bin/lxc-stop
+usr/bin/lxc-unfreeze
+usr/bin/lxc-wait
usr/lib/*/lxc/lxc-*
usr/lib/*/lxc/rootfs
usr/lib/*/lxc/hooks
usr/sbin
usr/share/doc
usr/share/lxc
-usr/share/man
+usr/share/man/ja/man1/lxc-attach.1
+usr/share/man/ja/man1/lxc-autostart.1
+usr/share/man/ja/man1/lxc-cgroup.1
+usr/share/man/ja/man1/lxc-checkconfig.1
+usr/share/man/ja/man1/lxc-checkpoint.1
+usr/share/man/ja/man1/lxc-config.1
+usr/share/man/ja/man1/lxc-console.1
+usr/share/man/ja/man1/lxc-copy.1
+usr/share/man/ja/man1/lxc-create.1
+usr/share/man/ja/man1/lxc-destroy.1
+usr/share/man/ja/man1/lxc-device.1
+usr/share/man/ja/man1/lxc-execute.1
+usr/share/man/ja/man1/lxc-freeze.1
+usr/share/man/ja/man1/lxc-info.1
+usr/share/man/ja/man1/lxc-ls.1
+usr/share/man/ja/man1/lxc-monitor.1
+usr/share/man/ja/man1/lxc-snapshot.1
+usr/share/man/ja/man1/lxc-start.1
+usr/share/man/ja/man1/lxc-stop.1
+usr/share/man/ja/man1/lxc-unfreeze.1
+usr/share/man/ja/man1/lxc-user-nic.1
+usr/share/man/ja/man1/lxc-wait.1
+usr/share/man/ja/man5
+usr/share/man/ja/man7
+usr/share/man/ko/
+usr/share/man/ko/man1/
+usr/share/man/ko/man1/lxc-attach.1
+usr/share/man/ko/man1/lxc-autostart.1
+usr/share/man/ko/man1/lxc-cgroup.1
+usr/share/man/ko/man1/lxc-checkconfig.1
+usr/share/man/ko/man1/lxc-checkpoint.1
+usr/share/man/ko/man1/lxc-config.1
+usr/share/man/ko/man1/lxc-console.1
+usr/share/man/ko/man1/lxc-copy.1
+usr/share/man/ko/man1/lxc-create.1
+usr/share/man/ko/man1/lxc-destroy.1
+usr/share/man/ko/man1/lxc-device.1
+usr/share/man/ko/man1/lxc-execute.1
+usr/share/man/ko/man1/lxc-freeze.1
+usr/share/man/ko/man1/lxc-info.1
+usr/share/man/ko/man1/lxc-ls.1
+usr/share/man/ko/man1/lxc-monitor.1
+usr/share/man/ko/man1/lxc-snapshot.1
+usr/share/man/ko/man1/lxc-start.1
+usr/share/man/ko/man1/lxc-stop.1
+usr/share/man/ko/man1/lxc-unfreeze.1
+usr/share/man/ko/man1/lxc-user-nic.1
+usr/share/man/ko/man1/lxc-wait.1
+usr/share/man/ko/man5
+usr/share/man/ko/man7
+usr/share/man/man1/
+usr/share/man/man1/lxc-attach.1
+usr/share/man/man1/lxc-autostart.1
+usr/share/man/man1/lxc-cgroup.1
+usr/share/man/man1/lxc-checkconfig.1
+usr/share/man/man1/lxc-checkpoint.1
+usr/share/man/man1/lxc-config.1
+usr/share/man/man1/lxc-console.1
+usr/share/man/man1/lxc-copy.1
+usr/share/man/man1/lxc-create.1
+usr/share/man/man1/lxc-destroy.1
+usr/share/man/man1/lxc-device.1
+usr/share/man/man1/lxc-execute.1
+usr/share/man/man1/lxc-freeze.1
+usr/share/man/man1/lxc-info.1
+usr/share/man/man1/lxc-ls.1
+usr/share/man/man1/lxc-monitor.1
+usr/share/man/man1/lxc-snapshot.1
+usr/share/man/man1/lxc-start.1
+usr/share/man/man1/lxc-stop.1
+usr/share/man/man1/lxc-unfreeze.1
+usr/share/man/man1/lxc-user-nic.1
+usr/share/man/man1/lxc-wait.1
+usr/share/man/man5
+usr/share/man/man7
var
--
2.9.3
