From eb82a84b6979528da3f8f7b06d26d201da33ac9f Mon Sep 17 00:00:00 2001
From: Cameron Nemo <camerontnorman@gmail.com>
Date: Tue, 25 Sep 2018 14:21:39 -0700
Subject: [PATCH] lxc: fix AppArmor profile, force docbook2x format

---
 .../patches/apparmor-with-rootfs-mount.patch  | 48 +++++++++++++++++++
 srcpkgs/lxc/template                          |  7 +--
 2 files changed, 52 insertions(+), 3 deletions(-)
 create mode 100644 srcpkgs/lxc/patches/apparmor-with-rootfs-mount.patch

diff --git a/srcpkgs/lxc/patches/apparmor-with-rootfs-mount.patch b/srcpkgs/lxc/patches/apparmor-with-rootfs-mount.patch
new file mode 100644
index 00000000000..ceab576dd6d
--- /dev/null
+++ b/srcpkgs/lxc/patches/apparmor-with-rootfs-mount.patch
@@ -0,0 +1,48 @@
+diff --git config/apparmor/Makefile.am config/apparmor/Makefile.am
+index 71dbe158..858f58dd 100644
+--- config/apparmor/Makefile.am
++++ config/apparmor/Makefile.am
+@@ -19,7 +19,7 @@ install-apparmor:
+ 	$(MKDIR_P) $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/
+ 	$(MKDIR_P) $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/
+ 	$(INSTALL_DATA) $(srcdir)/abstractions/container-base $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/
+-	$(INSTALL_DATA) $(srcdir)/abstractions/start-container $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/
++	$(INSTALL_DATA) abstractions/start-container $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/
+ 	$(INSTALL_DATA) $(srcdir)/profiles/lxc-default $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/
+ 	$(INSTALL_DATA) $(srcdir)/profiles/lxc-default-cgns $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/
+ 	$(INSTALL_DATA) $(srcdir)/profiles/lxc-default-with-mounting $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/
+diff --git config/apparmor/abstractions/start-container config/apparmor/abstractions/start-container.in
+similarity index 95%
+rename from config/apparmor/abstractions/start-container
+rename to config/apparmor/abstractions/start-container.in
+index 3df9883e..f2b48235 100644
+--- config/apparmor/abstractions/start-container
++++ config/apparmor/abstractions/start-container.in
+@@ -11,6 +11,7 @@
+   # currently blocked by apparmor bug
+   mount -> /usr/lib*/*/lxc/{**,},
+   mount -> /usr/lib*/lxc/{**,},
++  mount -> @LXCROOTFSMOUNT@/{,**},
+   mount fstype=devpts -> /dev/pts/,
+   mount options=bind /dev/pts/ptmx/ -> /dev/ptmx/,
+   mount options=bind /dev/pts/** -> /dev/**,
+@@ -38,6 +39,7 @@
+   pivot_root /usr/lib*/*/lxc/,
+   pivot_root /usr/lib*/lxc/**,
+   pivot_root /usr/lib*/*/lxc/**,
++  pivot_root @LXCROOTFSMOUNT@/{,**},
+ 
+   change_profile -> lxc-*,
+   change_profile -> lxc-**,
+diff --git configure.ac configure.ac
+index 92d6601d..a54bc332 100644
+--- configure.ac
++++ configure.ac
+@@ -714,6 +714,7 @@ AC_CONFIG_FILES([
+ 
+ 	config/Makefile
+ 	config/apparmor/Makefile
++	config/apparmor/abstractions/start-container
+ 	config/selinux/Makefile
+ 	config/bash/Makefile
+ 	config/bash/lxc
diff --git a/srcpkgs/lxc/template b/srcpkgs/lxc/template
index 9364d24e316..3c909e7f6ef 100644
--- a/srcpkgs/lxc/template
+++ b/srcpkgs/lxc/template
@@ -3,7 +3,7 @@ _desc="Linux Containers"
 
 pkgname=lxc
 version=3.0.2
-revision=2
+revision=3
 build_style=gnu-configure
 configure_args="--enable-doc --enable-seccomp
  --enable-capabilities --enable-apparmor --with-distro=none
@@ -25,8 +25,9 @@ make_dirs="
 	/var/lxc/log 0755 root root"
 
 pre_configure() {
-	sed -e 's|"\\"-//Davenport//DTD DocBook V3.0//EN\\""|"\\"-//OASIS//DTD DocBook XML\\" \\"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd\\""|' -i configure.ac
-	sed -e 's,docbook2x-man,docbook2man,g' -i configure.ac
+	# make sure the build uses the new docbook2x format,
+	# even though the command has the old "docbook2man" name
+	sed -e 's,xdocbook2man,xforcedocbook2x,g' -i configure.ac
 	./autogen.sh
 }