-
-
Notifications
You must be signed in to change notification settings - Fork 230
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix TPM fd leaks and OpenFGA patching issue #1469
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Stéphane Graber <[email protected]>
Signed-off-by: Stéphane Graber <[email protected]>
Now that we have a proper patch mechanism, move the patch logic into that and initialization logic into the initialization code path. Signed-off-by: Stéphane Graber <[email protected]>
stgraber
changed the title
incusd/instance/qemu: Set CLOEXEC for TPM sockets
Fix TPM fd leaks and OpenFGA patching issue
Dec 5, 2024
Signed-off-by: Stéphane Graber <[email protected]>
Sorry @bensmrs, this one will likely cause another small conflict with the scriptlet PR. |
hallyn
approved these changes
Dec 6, 2024
tmeijn
pushed a commit
to tmeijn/dotfiles
that referenced
this pull request
Dec 13, 2024
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [lxc/incus](https://github.com/lxc/incus) | minor | `v6.7.0` -> `v6.8.0` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>lxc/incus (lxc/incus)</summary> ### [`v6.8.0`](https://github.com/lxc/incus/releases/tag/v6.8.0): Incus 6.8 [Compare Source](lxc/incus@v6.7.0...v6.8.0) #### What's Changed - exec: Consume websocket pings for stderr by [@​stefanor](https://github.com/stefanor) in lxc/incus#1380 - incus-simplestreams: Add prune command by [@​presztak](https://github.com/presztak) in lxc/incus#1381 - internal/instance: Fix validation of volatile.cpu.nodes by [@​stgraber](https://github.com/stgraber) in lxc/incus#1394 - Add a function to clone map and use it where appropriate by [@​montag451](https://github.com/montag451) in lxc/incus#1397 - cgo/process_utils: fix 32bit builds by [@​brauner](https://github.com/brauner) in lxc/incus#1398 - Start using goimports by [@​stgraber](https://github.com/stgraber) in lxc/incus#1399 - instance/config: Mark user keys as live updatable by [@​stgraber](https://github.com/stgraber) in lxc/incus#1404 - incus/internal/server/instance/drivers/: Fix incorrect Vars file mapping in edk2 driver by [@​cmspam](https://github.com/cmspam) in lxc/incus#1406 - zfs: load keys for encrypted datasets during pool import by [@​cyphar](https://github.com/cyphar) in lxc/incus#1384 - incusd/instance: Lock image access by [@​stgraber](https://github.com/stgraber) in lxc/incus#1408 - incus/image: Make use of server-side alias handling by [@​stgraber](https://github.com/stgraber) in lxc/incus#1409 - incusd/cluster: Validate cluster HTTPS address on join too by [@​stgraber](https://github.com/stgraber) in lxc/incus#1411 - Remove metadata info from space usage calculation by [@​presztak](https://github.com/presztak) in lxc/incus#1417 - Add ability to set the initial owner of a custom volume by [@​presztak](https://github.com/presztak) in lxc/incus#1415 - Allow local live-migration between storage pools by [@​presztak](https://github.com/presztak) in lxc/incus#1410 - incus: Add aliases completion by [@​montag451](https://github.com/montag451) in lxc/incus#1385 - golangci: Add local prefixes for goimports by [@​breml](https://github.com/breml) in lxc/incus#1401 - client: invalidate simple streams cache by [@​breml](https://github.com/breml) in lxc/incus#1424 - incusd/instances_post: Fix cluster internal migrations by [@​stgraber](https://github.com/stgraber) in lxc/incus#1427 - Fix DHCP client keeping container up by [@​stgraber](https://github.com/stgraber) in lxc/incus#1430 - Add support for VGA console screenshots by [@​breml](https://github.com/breml) in lxc/incus#1431 - Add --reuse to incus image import by [@​presztak](https://github.com/presztak) in lxc/incus#1428 - Fix random ETag values due to map ordering by [@​stgraber](https://github.com/stgraber) in lxc/incus#1432 - incusd/task: Fix wait group logic (more entries than running tasks) by [@​stgraber](https://github.com/stgraber) in lxc/incus#1433 - Allow setting aliases during raw image upload by [@​stgraber](https://github.com/stgraber) in lxc/incus#1434 - Fixes an issue when copying a custom volume using the `--refresh` flag by [@​presztak](https://github.com/presztak) in lxc/incus#1437 - Openfga improvements by [@​stgraber](https://github.com/stgraber) in lxc/incus#1435 - doc/instance/properties: Add missing instance properties by [@​stgraber](https://github.com/stgraber) in lxc/incus#1439 - incusd/daemon_storage: Ensure corect symlinks for images/backups by [@​stgraber](https://github.com/stgraber) in lxc/incus#1441 - incusd/storage/lvm: Handle newer LVM by [@​stgraber](https://github.com/stgraber) in lxc/incus#1442 - Tweak rendering of manpage in doc by [@​stgraber](https://github.com/stgraber) in lxc/incus#1443 - incusd/storage/lvm: Require 512-bytes physical block size for VM images by [@​stgraber](https://github.com/stgraber) in lxc/incus#1444 - incusd: Fill ExpiryDate and remove LastUsedDate in volumeSnapshotToProtobuf by [@​presztak](https://github.com/presztak) in lxc/incus#1448 - incusd/device/tpm: Wait for swtpm to be ready by [@​stgraber](https://github.com/stgraber) in lxc/incus#1447 - incus: Improve completion for `file push` and `file pull` by [@​montag451](https://github.com/montag451) in lxc/incus#1445 - incusd/auth/tls: Restrict config access to non-admin by [@​stgraber](https://github.com/stgraber) in lxc/incus#1451 - incusd/storage: Handle default disk size in GetInstanceUsage by [@​stgraber](https://github.com/stgraber) in lxc/incus#1452 - incus: Improve completion for some file sub-commmands by [@​montag451](https://github.com/montag451) in lxc/incus#1453 - incus: Fix completion for `profile copy` by [@​montag451](https://github.com/montag451) in lxc/incus#1454 - incus: Add completion for `image alias` subcommands by [@​montag451](https://github.com/montag451) in lxc/incus#1457 - doc/installing: Update Fedora instructions by [@​stgraber](https://github.com/stgraber) in lxc/incus#1456 - Fix gap in validation of pre-existing certificates when switching to PKI mode by [@​stgraber](https://github.com/stgraber) in lxc/incus#1458 - doc/network_forwards: Split configuration into own table by [@​stgraber](https://github.com/stgraber) in lxc/incus#1460 - chore: Happy path on the left, early return by [@​breml](https://github.com/breml) in lxc/incus#1461 - incus: Fix completion for `image alias create` by [@​montag451](https://github.com/montag451) in lxc/incus#1459 - incus/top: Ignore CPU idle time by [@​stgraber](https://github.com/stgraber) in lxc/incus#1462 - incus: Display the alias expansion when execution of an alias fails by [@​montag451](https://github.com/montag451) in lxc/incus#1464 - lint: disallow restricted licenses in go-licenses by [@​breml](https://github.com/breml) in lxc/incus#1466 - chore: code structure, Go identifier shaddowing by [@​breml](https://github.com/breml) in lxc/incus#1465 - incus: Fix alias arguments handling by [@​montag451](https://github.com/montag451) in lxc/incus#1463 - incus/file/push Use SFTP client instead of file API by [@​HassanAlsamahi](https://github.com/HassanAlsamahi) in lxc/incus#1468 - Fix TPM fd leaks and OpenFGA patching issue by [@​stgraber](https://github.com/stgraber) in lxc/incus#1469 - Clarify device override syntax by [@​stgraber](https://github.com/stgraber) in lxc/incus#1471 - incusd/auth/openfga: refresh model before applying patches by [@​stgraber](https://github.com/stgraber) in lxc/incus#1472 - Add authorization scriptlet by [@​bensmrs](https://github.com/bensmrs) in lxc/incus#1412 - doc: add openSUSE installation instructions by [@​cyphar](https://github.com/cyphar) in lxc/incus#1475 - OCI image debugging improvements by [@​danbiagini](https://github.com/danbiagini) in lxc/incus#1478 - Add function checks to scriptlet validation by [@​bensmrs](https://github.com/bensmrs) in lxc/incus#1484 - incus/project: Fix handling of default (unset) project in `get-current` by [@​irhndt](https://github.com/irhndt) in lxc/incus#1476 - Translations update from Hosted Weblate by [@​weblate](https://github.com/weblate) in lxc/incus#1492 - Add `--force` flag to the console command by [@​presztak](https://github.com/presztak) in lxc/incus#1491 - Accept io.Writer in RenderTable by [@​breml](https://github.com/breml) in lxc/incus#1490 - doc/network_bridge: Fix missing escaping around variable by [@​irhndt](https://github.com/irhndt) in lxc/incus#1493 - incusd/cluster: Skip project restrictions during join by [@​stgraber](https://github.com/stgraber) in lxc/incus#1497 - incusd/instance/lxc: Skip instances without idmap allocation yet by [@​stgraber](https://github.com/stgraber) in lxc/incus#1495 - incusd/storage/drivers/common: Truncate/Discard ahead of sparse write by [@​stgraber](https://github.com/stgraber) in lxc/incus#1496 - Add AskPassword/AskPasswordOnce to Asker by [@​breml](https://github.com/breml) in lxc/incus#1499 - Add additional check to Cancel method for ConsoleShow operation by [@​presztak](https://github.com/presztak) in lxc/incus#1500 - Improve console disconnections by [@​stgraber](https://github.com/stgraber) in lxc/incus#1501 - Fix duplicate OVN load-balancer entries by [@​stgraber](https://github.com/stgraber) in lxc/incus#1502 - Improve SFTP performance by [@​stgraber](https://github.com/stgraber) in lxc/incus#1503 - incusd/instance_post: Expand profiles in scriptlet context by [@​stgraber](https://github.com/stgraber) in lxc/incus#1504 #### New Contributors - [@​stefanor](https://github.com/stefanor) made their first contribution in lxc/incus#1380 - [@​brauner](https://github.com/brauner) made their first contribution in lxc/incus#1398 - [@​cyphar](https://github.com/cyphar) made their first contribution in lxc/incus#1384 - [@​breml](https://github.com/breml) made their first contribution in lxc/incus#1401 - [@​danbiagini](https://github.com/danbiagini) made their first contribution in lxc/incus#1478 - [@​irhndt](https://github.com/irhndt) made their first contribution in lxc/incus#1476 **Full Changelog**: lxc/incus@v6.7.0...v6.8.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS42Mi42IiwidXBkYXRlZEluVmVyIjoiMzkuNjIuNiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiUmVub3ZhdGUgQm90Il19-->
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.