From 78b97f3471c9a47a3935e1335681c13ebf989e50 Mon Sep 17 00:00:00 2001 From: Alexander Livenets Date: Fri, 10 Apr 2020 01:07:02 +0200 Subject: [PATCH 1/3] deps/softwarecontainer-dependencies.sh: Fix LXC installation Remove remaining LXC packages which are installed as a part of Ubuntu installation. Since LXC is installed manually, some remaining artifacts may break behavior of library and tools Signed-off-by: Alexander Livenets --- deps/softwarecontainer-dependencies.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/deps/softwarecontainer-dependencies.sh b/deps/softwarecontainer-dependencies.sh index e2ba8c9..8cd2b37 100755 --- a/deps/softwarecontainer-dependencies.sh +++ b/deps/softwarecontainer-dependencies.sh @@ -46,7 +46,8 @@ install libdbus-1-dev libglibmm-2.4-dev libglibmm-2.4 \ unzip bridge-utils lcov libjansson-dev libjansson4 \ dbus-x11 libcap-dev libtool python3-dev -apt-get remove --allow-downgrades --allow-remove-essential --allow-change-held-packages -fuy lxcfs lxc2 lxc-dev lxc-common +apt-get remove --allow-downgrades --allow-remove-essential --allow-change-held-packages -fuy lxcfs lxc2 lxc-dev lxc-common \ + liblxc-common liblxc-dev lxc1 liblxc1 lxc-templates lxc-tests lxc-utils # Download and install lxc rm -rf lxc From b3c965cbc50e25243563b3d7d09dac6a21f25270 Mon Sep 17 00:00:00 2001 From: Alexander Livenets Date: Fri, 17 Apr 2020 22:53:46 +0200 Subject: [PATCH 2/3] deps/softwarecontainer-dependencies.sh: Install python3-lxc manually python3-lxc Ubuntu package depends on LXC packages, therefore LXC of conflicting version will be installed. This commits fixes installation of python-lxc by installing it from source. Signed-off-by: Alexander Livenets --- deps/pytest-and-dbus-testing-dependencies.sh | 10 +++++++++- deps/softwarecontainer-dependencies.sh | 2 +- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/deps/pytest-and-dbus-testing-dependencies.sh b/deps/pytest-and-dbus-testing-dependencies.sh index 596e560..80c96e9 100755 --- a/deps/pytest-and-dbus-testing-dependencies.sh +++ b/deps/pytest-and-dbus-testing-dependencies.sh @@ -46,7 +46,7 @@ function install { } # Install both python2 and python3 versions -install python3-dbus python3-pip python3-lxc +install python3-dbus python3-pip install python-gobject python-dbus python-pip pip install pydbus @@ -57,3 +57,11 @@ pip3 install pydbus pip3 install pytest pip3 install psutil +# Download and install python3-lxc manually. +# python3-lxc Ubuntu package depends on LXC packages, therefore LXC of +# conflicting version will be installed +rm -rf python3-lxc +git clone git://github.com/lxc/python3-lxc -b python3-lxc-3.0.4 +cd python3-lxc + +python3 ./setup.py install diff --git a/deps/softwarecontainer-dependencies.sh b/deps/softwarecontainer-dependencies.sh index 8cd2b37..6207081 100755 --- a/deps/softwarecontainer-dependencies.sh +++ b/deps/softwarecontainer-dependencies.sh @@ -47,7 +47,7 @@ install libdbus-1-dev libglibmm-2.4-dev libglibmm-2.4 \ dbus-x11 libcap-dev libtool python3-dev apt-get remove --allow-downgrades --allow-remove-essential --allow-change-held-packages -fuy lxcfs lxc2 lxc-dev lxc-common \ - liblxc-common liblxc-dev lxc1 liblxc1 lxc-templates lxc-tests lxc-utils + liblxc-common liblxc-dev lxc1 liblxc1 lxc-templates lxc-tests lxc-utils python3-lxc # Download and install lxc rm -rf lxc From b3af3b69a7c21fe84b6916fa86b1acec0c1ed922 Mon Sep 17 00:00:00 2001 From: Alexander Livenets Date: Fri, 17 Apr 2020 22:54:47 +0200 Subject: [PATCH 3/3] softwarecontainer-dependencies.sh: lxc: Enable apparmor and seccomp Add `--enable-apparmor` and `--enable-seccomp` flags at LXC configuration stage AppArmor is required to allow to apply additional MAC restrictions to container described in AppArmor profile. seccomp is required to apply additional restrictions on system calls from container using seccomp syscall blacklist and whitelist. Signed-off-by: Alexander Livenets --- deps/softwarecontainer-dependencies.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/deps/softwarecontainer-dependencies.sh b/deps/softwarecontainer-dependencies.sh index 6207081..fc1717a 100755 --- a/deps/softwarecontainer-dependencies.sh +++ b/deps/softwarecontainer-dependencies.sh @@ -44,7 +44,8 @@ function install { # For softwarecontainer install libdbus-1-dev libglibmm-2.4-dev libglibmm-2.4 \ unzip bridge-utils lcov libjansson-dev libjansson4 \ - dbus-x11 libcap-dev libtool python3-dev + dbus-x11 libcap-dev libtool python3-dev \ + seccomp libseccomp-dev apt-get remove --allow-downgrades --allow-remove-essential --allow-change-held-packages -fuy lxcfs lxc2 lxc-dev lxc-common \ liblxc-common liblxc-dev lxc1 liblxc1 lxc-templates lxc-tests lxc-utils python3-lxc @@ -55,6 +56,6 @@ git clone git://github.com/lxc/lxc -b lxc-3.1.0 cd lxc ./autogen.sh -./configure --prefix=/usr --enable-capabilities --enable-python +./configure --prefix=/usr --enable-capabilities --enable-python --enable-apparmor --enable-seccomp make && make install