Issue: When a container's config (<container>/config) contains the lxc directive lxc.net.{n}.{type,eth} = <arg>, which is commented (IE: '# lxc.net.0.type = veth); the init script will load this comment as a dependency into the openrc dependency list even though the container will never use it. This *ONLY* occurs if the /etc/init.d/lxc script is used to start the container. This appears to be caused by function lxc_get_net_link_type() loading the config file and not-ignoring matching strings on lines which are comments. Starting the container with lxc-start has no issues.
Nice information, this looks like an upstream bug. Is there something that can be done for a fast-fix with the ebuilds?
(In reply to Joonas Niilola from comment #1) > Nice information, this looks like an upstream bug. Is there something that > can be done for a fast-fix with the ebuilds? If a patch could be created against /etc/init.d/lxc to ignore the comments in the configfile it reads before doing what it already does, it would fix the issue. I've spent some time fiddling with it again, and come up with a patch that I believe is correct, it only adds one grep command, I'm sure there's a way the existing awk command could be modified to do it all at once, but that's beyond my abilities (for how often dependencies are supposed to be regenerated, it also shouldn't matter). Hopefully I generated the diff correctly, if its wrong let me know and I'll try again.
Created attachment 865232 [details, diff] patch file for possible fix This file should be patched against the /etc/init.d/lxc file in app-containers/lxc-5.0.2
Sorry for the delay. The patch file is a bit hard to undersand, could you: cd /etc/init.d (or alternatively, to /var/db/repos/gentoo/app-containers/lxc/files) cp lxc.initd lxc.initd.orig (alternatively, cp lxc.initd.8 lxc.initd.8.orig) EDIT lxc.initd with your changes (alternatively, lxc.initd.8) diff -Naur lxc.initd.orig lxc.initd > /tmp/lxc-initd-diff.patch (alternatively, diff -Naur lxc.initd.8.orig lxc.initd.8) and upload that patch here? I fear I'll only mess up when using that.
Created attachment 865956 [details, diff] try2 fix patch file I have created a shortened patch file (fewer comments, same fix), and generated the patch files with the given arguments to diff. I also briefly retested the fix on one of my systems and found no issues. Change behavior: The container's config file is read through grep -v '^#' before being piped to the awk original command to extract the net type and bridge name. The unpatched version reads the container's config file directly into the awk command. The awk command itself does not look at the lines to see if they are commented, it only looks for the lxc.network.type and lxc.network.link strings in the text it is given (so #lxc.network.link looks the same as lxc.network.link etc). By adding the grep -v command in front, grep will drop all lines that start with '#' (which are comments). There are three issues with this (I see): 1) openrc dependency generation requires grep (no idea of the implications of this) 2) grep is called to read the config files when dependencies are read (this is slower?) 3) lines that start with space characters (EG: starting with ' #' vs'#') will be passed on to awk My thoughts on the issues are as follows: 1) Other init scripts on my system seem to use grep in similar ways 2) While slower, having grep read the config file vs the shell isn't much different, and it is only done when building the dependency graph, which should not be done often 3) Considering how the current script has been working (ignoring comments completely), ignoring 'malformed' comments doesn't seem like a huge problem IMO, The *CORRECT* way to patch this would be to make awk aware of the start of lines, and only try to match lines that don't start with '#' (or simply don't contain '#' at all? I'm not sure if that is safe). This way the init script still only needs the awk command to build dependencies. However, the awk command is already intimidating to me, and I'm not at all confident crafting an awk command that could do what's needed directly. Also apologies for the delay. :)
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4ea8cb23e60acb7f8ba8a86b737b66ac7d346852 commit 4ea8cb23e60acb7f8ba8a86b737b66ac7d346852 Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2023-07-26 05:31:18 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2023-07-26 05:31:18 +0000 app-containers/lxc: add 5.0.3 - add new openrc init.d script which fixes commented lines being injected into container's config. Closes: https://bugs.gentoo.org/909640 Signed-off-by: Joonas Niilola <juippis@gentoo.org> app-containers/lxc/Manifest | 2 + app-containers/lxc/files/lxc.initd.9 | 132 +++++++++++++++++++++++++++ app-containers/lxc/lxc-5.0.3.ebuild | 169 +++++++++++++++++++++++++++++++++++ 3 files changed, 303 insertions(+)
