From: John Audia Date: Thu, 9 Jan 2025 22:35:33 +0000 (-0500) Subject: lxc: add missing deps X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=ba7e4dccec3508c72bae7939d649b17aa9d4faaf;p=feed%2Fpackages.git lxc: add missing deps Several deps are missing based the output of lxc-checkconfig shown below before this commit is applied. CONFIG_IP_NF_TARGET_MASQUERADE and CONFIG_IP6_NF_TARGET_MASQUERADE are only needed for lxc-net which we do not package. % lxc-checkconfig | grep missing Cgroup device: missing CONFIG_IP_NF_TARGET_MASQUERADE: missing CONFIG_IP6_NF_TARGET_MASQUERADE: missing CONFIG_NETFILTER_XT_TARGET_CHECKSUM: missing FUSE (for use with lxcfs): missing checkpoint restore: missing CONFIG_UNIX_DIAG: missing CONFIG_INET_DIAG: missing CONFIG_PACKET_DIAG: missing CONFIG_NETLINK_DIAG: missing Additionally, two new patches have been added which remove checks for options that OpenWrt currently does not package and can serve are false positives for missing items from our kernel config, namely: lxc-net and lxc-checkpoint After applying this commit, below is the output showing that the kernel config[1] should pass all tests for functionality: % CONFIG=config ./lxc-checkconfig LXC version 6.0.3 --- Namespaces --- Namespaces: enabled Utsname namespace: enabled Ipc namespace: enabled Pid namespace: enabled User namespace: enabled Network namespace: enabled Namespace limits: cgroup: 383849 ipc: 383849 mnt: 383849 net: 383849 pid: 383849 time: 383849 user: 383849 uts: 383849 --- Control groups --- Cgroups: enabled Cgroup namespace: enabled Cgroup v1 mount points: Cgroup v2 mount points: - /sys/fs/cgroup Cgroup device: enabled Cgroup sched: enabled Cgroup cpu account: enabled Cgroup memory controller: enabled Cgroup cpuset: enabled --- Misc --- Veth pair device: enabled, loaded Macvlan: enabled, not loaded Vlan: enabled, not loaded Bridges: enabled, loaded Advanced netfilter: enabled, loaded CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled, not loaded CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled, loaded --- Checkpoint/Restore --- checkpoint restore: missing CONFIG_FHANDLE: enabled CONFIG_EVENTFD: enabled CONFIG_EPOLL: enabled CONFIG_UNIX_DIAG: enabled CONFIG_INET_DIAG: enabled CONFIG_PACKET_DIAG: enabled CONFIG_NETLINK_DIAG: enabled File capabilities: enabled 1. Generated on 23-Feb-2025 running bcm27xx/bcm2712 on r28869+1 Signed-off-by: John Audia --- diff --git a/utils/lxc/Config.in b/utils/lxc/Config.in index 53d7ba5fd7..3b5a78ed7a 100644 --- a/utils/lxc/Config.in +++ b/utils/lxc/Config.in @@ -8,6 +8,7 @@ config LXC_KERNEL_OPTIONS select KERNEL_NAMESPACES select KERNEL_DEVPTS_MULTIPLE_INSTANCES select KERNEL_POSIX_MQUEUE + select KERNEL_CGROUP_DEVICE select KERNEL_CGROUP_SCHED select KERNEL_FAIR_GROUP_SCHED select KERNEL_RT_GROUP_SCHED @@ -16,6 +17,7 @@ config LXC_KERNEL_OPTIONS select KERNEL_MEMCG_KMEM select KERNEL_CPUSETS select PACKAGE_kmod-ikconfig + select PACKAGE_kmod-unix-diag help Select needed kernel options for LXC related utilities. Options include cgroups, namespaces and other miscellaneous options. These @@ -50,6 +52,10 @@ config LXC_NETWORKING default n select PACKAGE_kmod-veth select PACKAGE_kmod-macvlan + select PACKAGE_kmod-inet-diag + select PACKAGE_kmod-ipt-checksum + select PACKAGE_kmod-netlink-diag + select PACKAGE_kmod-packet-diag help Enable "veth pair device" and "macvlan" diff --git a/utils/lxc/Makefile b/utils/lxc/Makefile index c59038d3b2..f343e7885e 100644 --- a/utils/lxc/Makefile +++ b/utils/lxc/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=lxc PKG_VERSION:=6.0.3 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://linuxcontainers.org/downloads/lxc/ diff --git a/utils/lxc/patches/010-lxc-checkconfig-remove-options-for-lxc-net.patch b/utils/lxc/patches/010-lxc-checkconfig-remove-options-for-lxc-net.patch new file mode 100644 index 0000000000..4423b4e451 --- /dev/null +++ b/utils/lxc/patches/010-lxc-checkconfig-remove-options-for-lxc-net.patch @@ -0,0 +1,19 @@ +--- a/src/lxc/cmd/lxc-checkconfig.in ++++ b/src/lxc/cmd/lxc-checkconfig.in +@@ -250,16 +250,10 @@ if { [ "${KVER_MAJOR}" -gt 3 ] && [ "${K + printf "CONFIG_NF_NAT_IPV6: " && is_enabled CONFIG_NF_NAT_IPV6 && is_probed nf_nat_ipv6 + fi + echo +-printf "CONFIG_IP_NF_TARGET_MASQUERADE: " && is_enabled CONFIG_IP_NF_TARGET_MASQUERADE && is_probed nf_nat_masquerade_ipv4 +-echo +-printf "CONFIG_IP6_NF_TARGET_MASQUERADE: " && is_enabled CONFIG_IP6_NF_TARGET_MASQUERADE && is_probed nf_nat_masquerade_ipv6 +-echo + printf "CONFIG_NETFILTER_XT_TARGET_CHECKSUM: " && is_enabled CONFIG_NETFILTER_XT_TARGET_CHECKSUM && is_probed xt_CHECKSUM + echo + printf "CONFIG_NETFILTER_XT_MATCH_COMMENT: " && is_enabled CONFIG_NETFILTER_XT_MATCH_COMMENT && is_probed xt_comment + echo +-printf "FUSE (for use with lxcfs): " && is_enabled CONFIG_FUSE_FS && is_probed fuse +-echo + + echo " + --- Checkpoint/Restore ---" diff --git a/utils/lxc/patches/015-lxc-checkconfig-remove-options-for-lxc-checkpoint.patch b/utils/lxc/patches/015-lxc-checkconfig-remove-options-for-lxc-checkpoint.patch new file mode 100644 index 0000000000..c69cdaf4bb --- /dev/null +++ b/utils/lxc/patches/015-lxc-checkconfig-remove-options-for-lxc-checkpoint.patch @@ -0,0 +1,12 @@ +--- a/src/lxc/cmd/lxc-checkconfig.in ++++ b/src/lxc/cmd/lxc-checkconfig.in +@@ -256,9 +256,6 @@ printf "CONFIG_NETFILTER_XT_MATCH_COMMEN + echo + + echo " +---- Checkpoint/Restore ---" +-printf "checkpoint restore: " && is_enabled CONFIG_CHECKPOINT_RESTORE +-echo + printf "CONFIG_FHANDLE: " && is_enabled CONFIG_FHANDLE + echo + printf "CONFIG_EVENTFD: " && is_enabled CONFIG_EVENTFD diff --git a/utils/lxc/patches/019-lxc-checkconfig-remove-options-for-lxc-net.patch b/utils/lxc/patches/019-lxc-checkconfig-remove-options-for-lxc-net.patch deleted file mode 100644 index 4423b4e451..0000000000 --- a/utils/lxc/patches/019-lxc-checkconfig-remove-options-for-lxc-net.patch +++ /dev/null @@ -1,19 +0,0 @@ ---- a/src/lxc/cmd/lxc-checkconfig.in -+++ b/src/lxc/cmd/lxc-checkconfig.in -@@ -250,16 +250,10 @@ if { [ "${KVER_MAJOR}" -gt 3 ] && [ "${K - printf "CONFIG_NF_NAT_IPV6: " && is_enabled CONFIG_NF_NAT_IPV6 && is_probed nf_nat_ipv6 - fi - echo --printf "CONFIG_IP_NF_TARGET_MASQUERADE: " && is_enabled CONFIG_IP_NF_TARGET_MASQUERADE && is_probed nf_nat_masquerade_ipv4 --echo --printf "CONFIG_IP6_NF_TARGET_MASQUERADE: " && is_enabled CONFIG_IP6_NF_TARGET_MASQUERADE && is_probed nf_nat_masquerade_ipv6 --echo - printf "CONFIG_NETFILTER_XT_TARGET_CHECKSUM: " && is_enabled CONFIG_NETFILTER_XT_TARGET_CHECKSUM && is_probed xt_CHECKSUM - echo - printf "CONFIG_NETFILTER_XT_MATCH_COMMENT: " && is_enabled CONFIG_NETFILTER_XT_MATCH_COMMENT && is_probed xt_comment - echo --printf "FUSE (for use with lxcfs): " && is_enabled CONFIG_FUSE_FS && is_probed fuse --echo - - echo " - --- Checkpoint/Restore ---"