packages/lxc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

lxc; add patches

Browse Source 
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
This commit is contained in:
zhangxiaoyu 2020-09-04 15:16:49 +08:00
parent 60801a7a67
commit 3eecf57843
5 changed files with 1877 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1214
0002-add-mount-label-for-rootfs.patch Normal file
View File

File diff suppressed because it is too large Load Diff

423
0003-format-code-and-verify-mount-mode.patch Normal file
View File

@ -0,0 +1,423 @@
From c0f37e083c49cfcb9441743a409fdee44d32d7c5 Mon Sep 17 00:00:00 2001
From: wujing <wujing50@huawei.com>
Date: Thu, 16 Jul 2020 16:39:35 +0800
Subject: [PATCH 3/5] format code and verify mount mode
Signed-off-by: wujing <wujing50@huawei.com>
---
src/lxc/lsm/apparmor.c | 14 +++
src/lxc/lsm/nop.c | 14 +++
src/lxc/lsm/selinux.c | 242 +++++++++++++++++++++--------------------
src/lxc/utils.c | 30 ++++-
4 files changed, 182 insertions(+), 118 deletions(-)
diff --git a/src/lxc/lsm/apparmor.c b/src/lxc/lsm/apparmor.c
index f251e5e7..591d37c2 100644
--- a/src/lxc/lsm/apparmor.c
+++ b/src/lxc/lsm/apparmor.c
@@ -1186,6 +1186,16 @@ static int apparmor_process_label_set(const char *inlabel, struct lxc_conf *conf
return 0;
}
+#ifdef HAVE_ISULAD
+static int apparmor_file_label_set(const char *path, const char *label) {
+ return 0;
+}
+
+static int apparmor_relabel(const char *path, const char *label, bool shared) {
+ return 0;
+}
+#endif
+
static struct lsm_drv apparmor_drv = {
.name = "AppArmor",
.enabled = apparmor_enabled,
@@ -1193,6 +1203,10 @@ static struct lsm_drv apparmor_drv = {
.process_label_set = apparmor_process_label_set,
.prepare = apparmor_prepare,
.cleanup = apparmor_cleanup,
+#ifdef HAVE_ISULAD
+ .file_label_set = apparmor_file_label_set,
+ .relabel = apparmor_relabel,
+#endif
};
struct lsm_drv *lsm_apparmor_drv_init(void)
diff --git a/src/lxc/lsm/nop.c b/src/lxc/lsm/nop.c
index 5b345b9a..188945d5 100644
--- a/src/lxc/lsm/nop.c
+++ b/src/lxc/lsm/nop.c
@@ -24,11 +24,25 @@ static int nop_enabled(void)
return 0;
}
+#ifdef HAVE_ISULAD
+static int nop_file_label_set(const char *path, const char *label) {
+ return 0;
+}
+
+static int nop_relabel(const char *path, const char *label, bool shared) {
+ return 0;
+}
+#endif
+
static struct lsm_drv nop_drv = {
.name = "nop",
.enabled = nop_enabled,
.process_label_get = nop_process_label_get,
.process_label_set = nop_process_label_set,
+#ifdef HAVE_ISULAD
+ .file_label_set = nop_file_label_set,
+ .relabel = nop_relabel,
+#endif
};
struct lsm_drv *lsm_nop_drv_init(void)
diff --git a/src/lxc/lsm/selinux.c b/src/lxc/lsm/selinux.c
index 5bc9843e..864b16be 100644
--- a/src/lxc/lsm/selinux.c
+++ b/src/lxc/lsm/selinux.c
@@ -106,6 +106,10 @@ static int selinux_file_label_set(const char *path, const char *label)
return 0;
}
+ if (!is_selinux_enabled()) {
+ return 0;
+ }
+
ret = lsetfilecon(path, label);
if (ret != 0) {
SYSERROR("Failed to setSELinux context to \"%s\": %s", label, path);
@@ -125,16 +129,16 @@ static int selinux_file_label_set(const char *path, const char *label)
*/
static bool is_exclude_relabel_path(const char *path)
{
- const char *exclude_path[] = { "/", "/usr", "/etc", "/tmp", "/home", "/run", "/var", "/root" };
- size_t i;
+ const char *exclude_path[] = { "/", "/usr", "/etc", "/tmp", "/home", "/run", "/var", "/root" };
+ size_t i;
- for (i = 0; i < sizeof(exclude_path) / sizeof(char *); i++) {
- if (strcmp(path, exclude_path[i]) == 0) {
- return true;
- }
- }
+ for (i = 0; i < sizeof(exclude_path) / sizeof(char *); i++) {
+ if (strcmp(path, exclude_path[i]) == 0) {
+ return true;
+ }
+ }
- return false;
+ return false;
}
/*
@@ -146,19 +150,19 @@ static bool is_exclude_relabel_path(const char *path)
*/
static int bad_prefix(const char *fpath)
{
- const char *bad_prefixes = "/usr";
+ const char *bad_prefixes = "/usr";
- if (fpath == NULL) {
- ERROR("Empty file path");
- return -1;
- }
+ if (fpath == NULL) {
+ ERROR("Empty file path");
+ return -1;
+ }
- if (strncmp(fpath, bad_prefixes, strlen(bad_prefixes)) == 0) {
- ERROR("relabeling content in %s is not allowed", bad_prefixes);
- return -1;
- }
+ if (strncmp(fpath, bad_prefixes, strlen(bad_prefixes)) == 0) {
+ ERROR("relabeling content in %s is not allowed", bad_prefixes);
+ return -1;
+ }
- return 0;
+ return 0;
}
/*
@@ -171,51 +175,51 @@ static int bad_prefix(const char *fpath)
*/
static int recurse_set_file_label(const char *basePath, const char *label)
{
- int ret = 0;
- DIR *dir = NULL;
- struct dirent *ptr = NULL;
- char base[PATH_MAX] = { 0 };
-
- if ((dir = opendir(basePath)) == NULL) {
- ERROR("Failed to Open dir: %s", basePath);
- return -1;
- }
-
- ret = lsetfilecon(basePath, label);
- if (ret != 0) {
- ERROR("Failed to set file label");
- goto out;
- }
-
- while ((ptr = readdir(dir)) != NULL) {
- if (strcmp(ptr->d_name, ".") == 0 || strcmp(ptr->d_name, "..") == 0) {
- continue;
- } else {
- int nret = snprintf(base, sizeof(base), "%s/%s", basePath, ptr->d_name);
- if (nret < 0 || nret >= sizeof(base)) {
- ERROR("Failed to get path");
- ret = -1;
- goto out;
- }
- if (ptr->d_type == DT_DIR) {
- ret = recurse_set_file_label(base, label);
- if (ret != 0) {
- ERROR("Failed to set dir label");
- goto out;
- }
- } else {
- ret = lsetfilecon(base, label);
- if (ret != 0) {
- ERROR("Failed to set file label");
- goto out;
- }
- }
- }
- }
+ int ret = 0;
+ DIR *dir = NULL;
+ struct dirent *ptr = NULL;
+ char base[PATH_MAX] = { 0 };
+
+ if ((dir = opendir(basePath)) == NULL) {
+ ERROR("Failed to Open dir: %s", basePath);
+ return -1;
+ }
+
+ ret = lsetfilecon(basePath, label);
+ if (ret != 0) {
+ ERROR("Failed to set file label");
+ goto out;
+ }
+
+ while ((ptr = readdir(dir)) != NULL) {
+ if (strcmp(ptr->d_name, ".") == 0 || strcmp(ptr->d_name, "..") == 0) {
+ continue;
+ } else {
+ int nret = snprintf(base, sizeof(base), "%s/%s", basePath, ptr->d_name);
+ if (nret < 0 || nret >= sizeof(base)) {
+ ERROR("Failed to get path");
+ ret = -1;
+ goto out;
+ }
+ if (ptr->d_type == DT_DIR) {
+ ret = recurse_set_file_label(base, label);
+ if (ret != 0) {
+ ERROR("Failed to set dir label");
+ goto out;
+ }
+ } else {
+ ret = lsetfilecon(base, label);
+ if (ret != 0) {
+ ERROR("Failed to set file label");
+ goto out;
+ }
+ }
+ }
+ }
out:
- closedir(dir);
- return ret;
+ closedir(dir);
+ return ret;
}
/*
@@ -231,33 +235,33 @@ out:
*/
static int selinux_chcon(const char *fpath, const char *label, bool recurse)
{
- struct stat s_buf;
-
- if (fpath == NULL) {
- ERROR("Empty file path");
- return -1;
- }
-
- if (label == NULL) {
- return 0;
- }
-
- if (bad_prefix(fpath) != 0) {
- return -1;
- }
- if (stat(fpath, &s_buf) != 0) {
- return -1;
- }
- if (recurse && S_ISDIR(s_buf.st_mode)) {
- return recurse_set_file_label(fpath, label);
- }
-
- if (lsetfilecon(fpath, label) != 0) {
- ERROR("Failed to set file label");
- return -1;
- }
-
- return 0;
+ struct stat s_buf;
+
+ if (fpath == NULL) {
+ ERROR("Empty file path");
+ return -1;
+ }
+
+ if (label == NULL) {
+ return 0;
+ }
+
+ if (bad_prefix(fpath) != 0) {
+ return -1;
+ }
+ if (stat(fpath, &s_buf) != 0) {
+ return -1;
+ }
+ if (recurse && S_ISDIR(s_buf.st_mode)) {
+ return recurse_set_file_label(fpath, label);
+ }
+
+ if (lsetfilecon(fpath, label) != 0) {
+ ERROR("Failed to set file label");
+ return -1;
+ }
+
+ return 0;
}
/*
@@ -273,37 +277,41 @@ static int selinux_chcon(const char *fpath, const char *label, bool recurse)
*/
static int selinux_relabel(const char *path, const char *label, bool shared)
{
- int ret = 0;
- char *tmp_file_label = NULL;
-
- if (label == NULL) {
- return 0;
- }
-
- tmp_file_label = strdup(label);
- if (is_exclude_relabel_path(path)) {
- ERROR("SELinux relabeling of %s is not allowed", path);
- ret = -1;
- goto out;
- }
-
- if (shared) {
- context_t c = context_new(label);
- context_range_set(c, "s0");
- free(tmp_file_label);
- tmp_file_label = strdup(context_str(c));
- context_free(c);
- }
-
- if (selinux_chcon(path, tmp_file_label, true) != 0) {
- ERROR("Failed to modify %s's selinux context: %s", path, tmp_file_label);
- ret = -1;
- goto out;
- }
+ int ret = 0;
+ char *tmp_file_label = NULL;
+
+ if (label == NULL) {
+ return 0;
+ }
+
+ if (!is_selinux_enabled()) {
+ return 0;
+ }
+
+ tmp_file_label = strdup(label);
+ if (is_exclude_relabel_path(path)) {
+ ERROR("SELinux relabeling of %s is not allowed", path);
+ ret = -1;
+ goto out;
+ }
+
+ if (shared) {
+ context_t c = context_new(label);
+ context_range_set(c, "s0");
+ free(tmp_file_label);
+ tmp_file_label = strdup(context_str(c));
+ context_free(c);
+ }
+
+ if (selinux_chcon(path, tmp_file_label, true) != 0) {
+ ERROR("Failed to modify %s's selinux context: %s", path, tmp_file_label);
+ ret = -1;
+ goto out;
+ }
out:
- free(tmp_file_label);
- return ret;
+ free(tmp_file_label);
+ return ret;
}
#endif
diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index 032176b1..5ec6117f 100644
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -1126,6 +1126,34 @@ static int receive_mount_options(const char *data, const char *mount_label,
return format_mount_label(data, mount_label, mnt_opts);
}
+
+static int relabel_bind_mount_source(const char *src, const char *fstype, const char *data, const char *mount_label)
+{
+ __do_free_string_list char **parts = NULL;
+ ssize_t parts_len;
+ ssize_t i;
+
+ if (data == NULL) {
+ return lsm_relabel(src, mount_label, false);
+ }
+
+ parts = lxc_string_split(data, ',');
+ if (parts == NULL) {
+ return -1;
+ }
+
+ parts_len = lxc_array_len((void **)parts);
+ for (i = 0; i < parts_len; i++) {
+ if (strcmp(parts[i], "z") == 0) {
+ return lsm_relabel(src, mount_label, true);
+ } else if (strcmp(parts[i], "Z") == 0) {
+ return lsm_relabel(src, mount_label, false);
+ }
+ }
+
+ return lsm_relabel(src, mount_label, false);
+}
+
#endif
/*
@@ -1227,7 +1255,7 @@ int safe_mount(const char *src, const char *dest, const char *fstype,
return -EINVAL;
}
- if (strcmp(fstype, "bind") == 0 && lsm_relabel(src, mount_label, false) != 0) {
+ if (strcmp(fstype, "bind") == 0 && relabel_bind_mount_source(src, fstype, (const char *)data, mount_label) != 0) {
ERROR("Failed to reabel %s with %s", src, mount_label);
return -EINVAL;
}
--
2.25.1

162
0004-Removes-the-definition-of-the-thread-attributes-obje.patch Normal file
View File

@ -0,0 +1,162 @@
From b1ef723b4f437aad3c0c0497174bc7d3444426cd Mon Sep 17 00:00:00 2001
From: wujing <wujing50@huawei.com>
Date: Mon, 20 Jul 2020 15:30:42 +0800
Subject: [PATCH 4/5] Removes the definition of the thread attributes object
Signed-off-by: wujing <wujing50@huawei.com>
---
src/lxc/attach.c | 1 +
src/lxc/conf.c | 1 +
src/lxc/lsm/selinux.c | 33 +++++++++++----------------------
src/lxc/start.c | 1 +
4 files changed, 14 insertions(+), 22 deletions(-)
diff --git a/src/lxc/attach.c b/src/lxc/attach.c
index 068cc5f8..b33ff632 100644
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -1188,6 +1188,7 @@ static int create_attach_timeout_thread(int64_t attach_timeout, pid_t pid)
pthread_attr_init(&attr);
pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
ret = pthread_create(&ptid, &attr, wait_attach_timeout, timeout_conf);
+ pthread_attr_destroy(&attr);
if (ret != 0) {
ERROR("Create attach wait timeout thread failed");
free(timeout_conf);
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 7e4af0a9..6a25b96a 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -4660,6 +4660,7 @@ static int run_ocihook_buffer(struct oci_hook_conf *oconf, const char *inmsg)
pthread_attr_init(&attr);
pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
err = pthread_create(&ptid, &attr, wait_ocihook_timeout, conf);
+ pthread_attr_destroy(&attr);
if (err != 0) {
ERROR("Create wait timeout thread failed");
free(conf);
diff --git a/src/lxc/lsm/selinux.c b/src/lxc/lsm/selinux.c
index 864b16be..ceac0889 100644
--- a/src/lxc/lsm/selinux.c
+++ b/src/lxc/lsm/selinux.c
@@ -100,8 +100,6 @@ static int selinux_process_label_set(const char *inlabel, struct lxc_conf *conf,
*/
static int selinux_file_label_set(const char *path, const char *label)
{
- int ret;
-
if (path == NULL || label == NULL || strcmp(label, "unconfined_t") == 0) {
return 0;
}
@@ -110,8 +108,7 @@ static int selinux_file_label_set(const char *path, const char *label)
return 0;
}
- ret = lsetfilecon(path, label);
- if (ret != 0) {
+ if (lsetfilecon(path, label) != 0) {
SYSERROR("Failed to setSELinux context to \"%s\": %s", label, path);
return -1;
}
@@ -176,7 +173,7 @@ static int bad_prefix(const char *fpath)
static int recurse_set_file_label(const char *basePath, const char *label)
{
int ret = 0;
- DIR *dir = NULL;
+ __do_closedir DIR *dir = NULL;
struct dirent *ptr = NULL;
char base[PATH_MAX] = { 0 };
@@ -188,7 +185,7 @@ static int recurse_set_file_label(const char *basePath, const char *label)
ret = lsetfilecon(basePath, label);
if (ret != 0) {
ERROR("Failed to set file label");
- goto out;
+ return ret;
}
while ((ptr = readdir(dir)) != NULL) {
@@ -198,28 +195,25 @@ static int recurse_set_file_label(const char *basePath, const char *label)
int nret = snprintf(base, sizeof(base), "%s/%s", basePath, ptr->d_name);
if (nret < 0 || nret >= sizeof(base)) {
ERROR("Failed to get path");
- ret = -1;
- goto out;
+ return -1;
}
if (ptr->d_type == DT_DIR) {
ret = recurse_set_file_label(base, label);
if (ret != 0) {
ERROR("Failed to set dir label");
- goto out;
+ return ret;
}
} else {
ret = lsetfilecon(base, label);
if (ret != 0) {
ERROR("Failed to set file label");
- goto out;
+ return ret;
}
}
}
}
-out:
- closedir(dir);
- return ret;
+ return 0;
}
/*
@@ -277,8 +271,7 @@ static int selinux_chcon(const char *fpath, const char *label, bool recurse)
*/
static int selinux_relabel(const char *path, const char *label, bool shared)
{
- int ret = 0;
- char *tmp_file_label = NULL;
+ __do_free char *tmp_file_label = NULL;
if (label == NULL) {
return 0;
@@ -291,8 +284,7 @@ static int selinux_relabel(const char *path, const char *label, bool shared)
tmp_file_label = strdup(label);
if (is_exclude_relabel_path(path)) {
ERROR("SELinux relabeling of %s is not allowed", path);
- ret = -1;
- goto out;
+ return -1;
}
if (shared) {
@@ -305,13 +297,10 @@ static int selinux_relabel(const char *path, const char *label, bool shared)
if (selinux_chcon(path, tmp_file_label, true) != 0) {
ERROR("Failed to modify %s's selinux context: %s", path, tmp_file_label);
- ret = -1;
- goto out;
+ return -1;
}
-out:
- free(tmp_file_label);
- return ret;
+ return 0;
}
#endif
diff --git a/src/lxc/start.c b/src/lxc/start.c
index 51d13254..ab47420f 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -2484,6 +2484,7 @@ static int create_start_timeout_thread(struct lxc_conf *conf, unsigned int start
pthread_attr_init(&attr);
pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
ret = pthread_create(&ptid, &attr, wait_start_timeout, timeout_conf);
+ pthread_attr_destroy(&attr);
if (ret != 0) {
ERROR("Create start wait timeout thread failed");
free(timeout_conf);
--
2.25.1

65
0005-solve-coredump-bug-caused-by-fstype-being-NULL-durin.patch Normal file
View File

@ -0,0 +1,65 @@
From 405b048dc82a8695b8a400524787243f3898cbd6 Mon Sep 17 00:00:00 2001
From: wujing <wujing50@huawei.com>
Date: Tue, 21 Jul 2020 17:30:17 +0800
Subject: [PATCH 5/5] solve coredump bug caused by fstype being NULL during
mount
Signed-off-by: wujing <wujing50@huawei.com>
---
src/lxc/lsm/selinux.c | 3 +--
src/lxc/utils.c | 7 ++++---
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/lxc/lsm/selinux.c b/src/lxc/lsm/selinux.c
index ceac0889..837a3da3 100644
--- a/src/lxc/lsm/selinux.c
+++ b/src/lxc/lsm/selinux.c
@@ -68,7 +68,6 @@ static int selinux_process_label_set(const char *inlabel, struct lxc_conf *conf,
label = inlabel ? inlabel : conf->lsm_se_context;
if (!label) {
-
label = DEFAULT_LABEL;
}
@@ -273,7 +272,7 @@ static int selinux_relabel(const char *path, const char *label, bool shared)
{
__do_free char *tmp_file_label = NULL;
- if (label == NULL) {
+ if (path == NULL || label == NULL) {
return 0;
}
diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index 5ec6117f..95c00cfe 100644
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -1230,7 +1230,7 @@ int safe_mount(const char *src, const char *dest, const char *fstype,
ret = mount(mntsrc, destbuf, fstype, flags, mnt_opts);
saved_errno = errno;
- if (ret < 0 && strcmp(fstype, "mqueue") == 0) {
+ if (ret < 0 && fstype != NULL && strcmp(fstype, "mqueue") == 0) {
INFO("older kernels don't support labeling of /dev/mqueue, retry without selinux context");
ret = mount(mntsrc, destbuf, fstype, flags, data);
saved_errno = errno;
@@ -1250,12 +1250,13 @@ int safe_mount(const char *src, const char *dest, const char *fstype,
}
#ifdef HAVE_ISULAD
- if (strcmp(fstype, "mqueue") == 0 && lsm_file_label_set(dest, mount_label) != 0) {
+ if (fstype != NULL && strcmp(fstype, "mqueue") == 0 && lsm_file_label_set(dest, mount_label) != 0) {
ERROR("Failed to set file label on %s", dest);
return -EINVAL;
}
- if (strcmp(fstype, "bind") == 0 && relabel_bind_mount_source(src, fstype, (const char *)data, mount_label) != 0) {
+ if (fstype != NULL && strcmp(fstype, "bind") == 0 &&
+ relabel_bind_mount_source(src, fstype, (const char *)data, mount_label) != 0) {
ERROR("Failed to reabel %s with %s", src, mount_label);
return -EINVAL;
}
--
2.25.1

20
lxc.spec
View File

@ -1,5 +1,4 @@
%global _release 2020071501 %global _release 2020090101
%global debug_package %{nil}
Name: lxc Name: lxc
Version: 4.0.3 Version: 4.0.3
@ -7,8 +6,12 @@ Release: %{_release}
Summary: Linux Containers userspace tools Summary: Linux Containers userspace tools
License: LGPLv2+ License: LGPLv2+
URL: https://github.com/lxc/lxc URL: https://github.com/lxc/lxc
Source0: lxc-4.0.3.tar.gz Source0: https://linuxcontainers.org/downloads/lxc/lxc-4.0.3.tar.gz
Patch9001: 0001-huawei-adapt-to-huawei-4.0.3.patch Patch9001: 0001-huawei-adapt-to-huawei-4.0.3.patch
Patch9002: 0002-add-mount-label-for-rootfs.patch
Patch9003: 0003-format-code-and-verify-mount-mode.patch
Patch9004: 0004-Removes-the-definition-of-the-thread-attributes-obje.patch
Patch9005: 0005-solve-coredump-bug-caused-by-fstype-being-NULL-durin.patch
BuildRequires: systemd-units git libtool graphviz docbook2X doxygen chrpath BuildRequires: systemd-units git libtool graphviz docbook2X doxygen chrpath
BuildRequires: pkgconfig(libseccomp) BuildRequires: pkgconfig(libseccomp)
@ -82,24 +85,21 @@ touch %{buildroot}%{_datadir}/%{name}/__pycache__/%{name}
for file in $(find %{buildroot}/usr/bin/lxc-* -type f -exec file {} ';' | grep "\<ELF\>" | grep -vE "*\.static" | awk -F ':' '{print $1}') for file in $(find %{buildroot}/usr/bin/lxc-* -type f -exec file {} ';' | grep "\<ELF\>" | grep -vE "*\.static" | awk -F ':' '{print $1}')
do do
strip --strip-debug ${file}
chrpath -d ${file} chrpath -d ${file}
done done
for file in $(find %{buildroot}/usr/sbin/* -type f -exec file {} ';' | grep "\<ELF\>" | grep -vE "*\.static" | awk -F ':' '{print $1}') for file in $(find %{buildroot}/usr/sbin/* -type f -exec file {} ';' | grep "\<ELF\>" | grep -vE "*\.static" | awk -F ':' '{print $1}')
do do
strip --strip-debug ${file}
chrpath -d ${file} chrpath -d ${file}
done done
for file in $(find %{buildroot}/usr/libexec/lxc/lxc-* -type f -exec file {} ';' | grep "\<ELF\>" | grep -vE "*\.static" | awk -F ':' '{print $1}') for file in $(find %{buildroot}/usr/libexec/lxc/lxc-* -type f -exec file {} ';' | grep "\<ELF\>" | grep -vE "*\.static" | awk -F ':' '{print $1}')
do do
strip --strip-debug ${file}
chrpath -d ${file} chrpath -d ${file}
done done
strip --strip-debug %{buildroot}/usr/lib64/liblxc.so
chrpath -d %{buildroot}/usr/lib64/liblxc.so chrpath -d %{buildroot}/usr/lib64/liblxc.so
chmod +x %{buildroot}/usr/lib64/liblxc.so
# docs # docs
mkdir -p %{buildroot}%{_pkgdocdir}/api mkdir -p %{buildroot}%{_pkgdocdir}/api
@ -184,6 +184,12 @@ make check
%{_mandir}/*/man7/%{name}* %{_mandir}/*/man7/%{name}*
%changelog %changelog
* Fri Sep 04 2020 zhangxiaoyu <zhangxiaoyu58@openeuler.org> - 4.0.3-2020090101
- Type:enhancement
- ID:NA
- SUG:NA
- DESC: add patches
* Mon Apr 20 2020 openEuler Buildteam <buildteam@openeuler.org> - 4.0.3-2020071501 * Mon Apr 20 2020 openEuler Buildteam <buildteam@openeuler.org> - 4.0.3-2020071501
- Type:enhancement - Type:enhancement
- ID:NA - ID:NA