applied tested with an current archlinux CT template
On 3/16/18 9:12 AM, Wolfgang Bumiller wrote: > systemd-networkd keeps trying to use keyctl() and if it > refuses to work it is apparently a fatal error, so let's > make it think keyctl() support doesn't actually exist by > letting it always fail with ENOSYS. > > Signed-off-by: Wolfgang Bumiller <[email protected]> > --- > src/Makefile | 12 ++++++++++-- > src/PVE/LXC.pm | 12 +++++++----- > 2 files changed, 17 insertions(+), 7 deletions(-) > > diff --git a/src/Makefile b/src/Makefile > index 08d1f4d..f68eb5d 100644 > --- a/src/Makefile > +++ b/src/Makefile > @@ -9,7 +9,8 @@ DOCDIR=${PREFIX}/share/doc/${PACKAGE} > LXC_SCRIPT_DIR=${PREFIX}/share/lxc > LXC_TMPL_DIR=${LXC_SCRIPT_DIR}/templates > LXC_HOOK_DIR=${LXC_SCRIPT_DIR}/hooks > -LXC_COMMON_CONFIG_DIR=${LXC_SCRIPT_DIR}/config/common.conf.d > +LXC_CONFIG_DIR=${LXC_SCRIPT_DIR}/config > +LXC_COMMON_CONFIG_DIR=${LXC_CONFIG_DIR}/common.conf.d > SERVICEDIR=${DESTDIR}/lib/systemd/system > PODDIR=${DOCDIR}/pod > MAN1DIR=${MANDIR}/man1/ > @@ -32,7 +33,7 @@ check: test > make -C test > > .PHONY: install > -install: pct lxc-pve.conf lxc-pve-prestart-hook lxc-pve-autodev-hook > lxc-pve-poststop-hook lxcnetaddbr pct.1 pct.conf.5 pct.bash-completion > +install: pct lxc-pve.conf lxc-pve-prestart-hook lxc-pve-autodev-hook > lxc-pve-poststop-hook lxcnetaddbr pct.1 pct.conf.5 pct.bash-completion > pve-userns.seccomp > PVE_GENERATING_DOCS=1 perl -I. -T -e "use PVE::CLI::pct; > PVE::CLI::pct->verify_api();" > install -d ${SBINDIR} > install -m 0755 pct ${SBINDIR} > @@ -46,6 +47,8 @@ install: pct lxc-pve.conf lxc-pve-prestart-hook > lxc-pve-autodev-hook lxc-pve-pos > install -m 0755 lxc-pve-prestart-hook ${LXC_HOOK_DIR} > install -m 0755 lxc-pve-autodev-hook ${LXC_HOOK_DIR} > install -m 0755 lxc-pve-poststop-hook ${LXC_HOOK_DIR} > + install -d ${LXC_CONFIG_DIR} > + install -m 0644 pve-userns.seccomp ${LXC_CONFIG_DIR}/pve-userns.seccomp > install -d ${LXC_COMMON_CONFIG_DIR} > install -m 0644 lxc-pve.conf ${LXC_COMMON_CONFIG_DIR}/01-pve.conf > install -m 0644 -D pct.bash-completion ${BASHCOMPLDIR}/pct > @@ -64,6 +67,11 @@ install: pct lxc-pve.conf lxc-pve-prestart-hook > lxc-pve-autodev-hook lxc-pve-pos > install -m 0644 pve-reboot.conf ${SERVICEDIR}/[email protected]/ > install -m 0755 lxc-pve-reboot-trigger ${LXC_SCRIPT_DIR} > > +pve-userns.seccomp: /usr/share/lxc/config/common.seccomp > + cp $< $@ > + echo 'keyctl errno 38' >> $@ > + > + > .PHONY: test > test: > make -C test test > diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm > index a107ec2..5733843 100644 > --- a/src/PVE/LXC.pm > +++ b/src/PVE/LXC.pm > @@ -361,13 +361,15 @@ sub update_lxc_config { > > my $ostype = $conf->{ostype} || die "missing 'ostype' - internal error"; > > - my $inc ="/usr/share/lxc/config/$ostype.common.conf"; > - $inc ="/usr/share/lxc/config/common.conf" if !-f $inc; > + my $cfgpath = '/usr/share/lxc/config'; > + my $inc = "$cfgpath/$ostype.common.conf"; > + $inc ="$cfgpath/common.conf" if !-f $inc; > $raw .= "lxc.include = $inc\n"; > if ($unprivileged || $custom_idmap) { > - $inc = "/usr/share/lxc/config/$ostype.userns.conf"; > - $inc = "/usr/share/lxc/config/userns.conf" if !-f $inc; > - $raw .= "lxc.include = $inc\n" > + $inc = "$cfgpath/$ostype.userns.conf"; > + $inc = "$cfgpath/userns.conf" if !-f $inc; > + $raw .= "lxc.include = $inc\n"; > + $raw .= "lxc.seccomp.profile = $cfgpath/pve-userns.seccomp\n"; > } > > # WARNING: DO NOT REMOVE this without making sure that loop device nodes > _______________________________________________ pve-devel mailing list [email protected] https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
