[meta-virtualization][PATCH] lxc: don't allow named listening IPv6 address on lxcbrX network interface

meta-virtualization.lists.yoctoproject.org archive mirror
 help / color / mirror / Atom feed

* [meta-virtualization][PATCH] lxc: don't allow named listening IPv6 address on lxcbrX network interface
  2024-10-28  7:38 [meta-virtualization][PATCH] openvswitch: 3.3.2 Xiangyu Chen
@ 2024-10-28  7:38 ` Xiangyu Chen
  2024-10-31  3:55   ` Bruce Ashfield
  2024-11-02  4:04   ` Bruce Ashfield
  0 siblings, 2 replies; 5+ messages in thread
From: Xiangyu Chen @ 2024-10-28  7:38 UTC (permalink / raw)
  To: meta-virtualization

From: Xiangyu Chen <xiangyu.chen@windriver.com>

lxc-net enabled the IPv6 by default since v6.0.0[1], when named enabled on
system, the lxc-net which based on dnsmasq would fail to bind the IPv6
address on lxcbrX interface, that cause lxc cannot work correctly.

Add the lxc-net default v6 address to named.conf.option to tell named don't
bind and listen that address.

[1] https://github.com/lxc/lxc/commit/e8888344

Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
---
 recipes-core/bind/bind_virtualization.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-core/bind/bind_virtualization.inc b/recipes-core/bind/bind_virtualization.inc
index a6e39049..f942d7ad 100644
--- a/recipes-core/bind/bind_virtualization.inc
+++ b/recipes-core/bind/bind_virtualization.inc
@@ -1,4 +1,4 @@
 # Tell named not to bother listening on the IP address that lxc and libvirtd handles itself.
 do_install:append() {
-	sed -i -e 's,^\( *options *{\)$,\1\n\t// lxc and libvirtd would take care of this address itself\n\tlisten-on { ! 10.0.3.1; ! 192.168.122.1; any;};\n,' ${D}${sysconfdir}/bind/named.conf.options
+	sed -i -e 's,^\( *options *{\)$,\1\n\t// lxc and libvirtd would take care of this address itself\n\tlisten-on { ! 10.0.3.1; ! 192.168.122.1; any;};\n\tlisten-on-v6 { ! fc11:4514:1919:810::1; any;};\n,' ${D}${sysconfdir}/bind/named.conf.options
 }
-- 
2.35.5



^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [meta-virtualization][PATCH] lxc: don't allow named listening IPv6 address on lxcbrX network interface
  2024-10-28  7:38 ` [meta-virtualization][PATCH] lxc: don't allow named listening IPv6 address on lxcbrX network interface Xiangyu Chen
@ 2024-10-31  3:55   ` Bruce Ashfield
  2024-11-02  4:04   ` Bruce Ashfield
  1 sibling, 0 replies; 5+ messages in thread
From: Bruce Ashfield @ 2024-10-31  3:55 UTC (permalink / raw)
  To: xiangyu.chen; +Cc: meta-virtualization

[-- Attachment #1: Type: text/plain, Size: 2411 bytes --]

Thanks for the patch.

I injured my hand (so I couldn't type) and then had to do some release
preparation, but will get to merging his shortly.

Bruce

On Mon, Oct 28, 2024 at 3:36 AM Xiangyu Chen via lists.yoctoproject.org
<xiangyu.chen=eng.windriver.com@lists.yoctoproject.org> wrote:

> From: Xiangyu Chen <xiangyu.chen@windriver.com>
>
> lxc-net enabled the IPv6 by default since v6.0.0[1], when named enabled on
> system, the lxc-net which based on dnsmasq would fail to bind the IPv6
> address on lxcbrX interface, that cause lxc cannot work correctly.
>
> Add the lxc-net default v6 address to named.conf.option to tell named don't
> bind and listen that address.
>
> [1] https://github.com/lxc/lxc/commit/e8888344
>
> Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
> ---
>  recipes-core/bind/bind_virtualization.inc | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/recipes-core/bind/bind_virtualization.inc
> b/recipes-core/bind/bind_virtualization.inc
> index a6e39049..f942d7ad 100644
> --- a/recipes-core/bind/bind_virtualization.inc
> +++ b/recipes-core/bind/bind_virtualization.inc
> @@ -1,4 +1,4 @@
>  # Tell named not to bother listening on the IP address that lxc and
> libvirtd handles itself.
>  do_install:append() {
> -       sed -i -e 's,^\( *options *{\)$,\1\n\t// lxc and libvirtd would
> take care of this address itself\n\tlisten-on { ! 10.0.3.1; !
> 192.168.122.1; any;};\n,' ${D}${sysconfdir}/bind/named.conf.options
> +       sed -i -e 's,^\( *options *{\)$,\1\n\t// lxc and libvirtd would
> take care of this address itself\n\tlisten-on { ! 10.0.3.1; !
> 192.168.122.1; any;};\n\tlisten-on-v6 { ! fc11:4514:1919:810::1; any;};\n,'
> ${D}${sysconfdir}/bind/named.conf.options
>  }
> --
> 2.35.5
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#8938):
> https://lists.yoctoproject.org/g/meta-virtualization/message/8938
> Mute This Topic: https://lists.yoctoproject.org/mt/109253028/1050810
> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [
> bruce.ashfield@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>

-- 
- Thou shalt not follow the NULL pointer, for chaos and madness await thee
at its end
- "Use the force Harry" - Gandalf, Star Trek II

[-- Attachment #2: Type: text/html, Size: 4185 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [meta-virtualization][PATCH] lxc: don't allow named listening IPv6 address on lxcbrX network interface
  2024-10-28  7:38 ` [meta-virtualization][PATCH] lxc: don't allow named listening IPv6 address on lxcbrX network interface Xiangyu Chen
  2024-10-31  3:55   ` Bruce Ashfield
@ 2024-11-02  4:04   ` Bruce Ashfield
  1 sibling, 0 replies; 5+ messages in thread
From: Bruce Ashfield @ 2024-11-02  4:04 UTC (permalink / raw)
  To: xiangyu.chen; +Cc: meta-virtualization

merged to master (which will become styhead shortly)

Bruce

In message: [meta-virtualization][PATCH] lxc: don't allow named listening IPv6 address on lxcbrX network interface
on 28/10/2024 Xiangyu Chen via lists.yoctoproject.org wrote:

> From: Xiangyu Chen <xiangyu.chen@windriver.com>
> 
> lxc-net enabled the IPv6 by default since v6.0.0[1], when named enabled on
> system, the lxc-net which based on dnsmasq would fail to bind the IPv6
> address on lxcbrX interface, that cause lxc cannot work correctly.
> 
> Add the lxc-net default v6 address to named.conf.option to tell named don't
> bind and listen that address.
> 
> [1] https://github.com/lxc/lxc/commit/e8888344
> 
> Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
> ---
>  recipes-core/bind/bind_virtualization.inc | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/recipes-core/bind/bind_virtualization.inc b/recipes-core/bind/bind_virtualization.inc
> index a6e39049..f942d7ad 100644
> --- a/recipes-core/bind/bind_virtualization.inc
> +++ b/recipes-core/bind/bind_virtualization.inc
> @@ -1,4 +1,4 @@
>  # Tell named not to bother listening on the IP address that lxc and libvirtd handles itself.
>  do_install:append() {
> -	sed -i -e 's,^\( *options *{\)$,\1\n\t// lxc and libvirtd would take care of this address itself\n\tlisten-on { ! 10.0.3.1; ! 192.168.122.1; any;};\n,' ${D}${sysconfdir}/bind/named.conf.options
> +	sed -i -e 's,^\( *options *{\)$,\1\n\t// lxc and libvirtd would take care of this address itself\n\tlisten-on { ! 10.0.3.1; ! 192.168.122.1; any;};\n\tlisten-on-v6 { ! fc11:4514:1919:810::1; any;};\n,' ${D}${sysconfdir}/bind/named.conf.options
>  }
> -- 
> 2.35.5
> 

> 
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#8938): https://lists.yoctoproject.org/g/meta-virtualization/message/8938
> Mute This Topic: https://lists.yoctoproject.org/mt/109253028/1050810
> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [bruce.ashfield@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
> 



^ permalink raw reply	[flat|nested] 5+ messages in thread

* [meta-virtualization][PATCH] lxc: don't allow named listening IPv6 address on lxcbrX network interface
@ 2025-06-06  3:35 Xiangyu Chen
  2025-06-12 14:41 ` Bruce Ashfield
  0 siblings, 1 reply; 5+ messages in thread
From: Xiangyu Chen @ 2025-06-06  3:35 UTC (permalink / raw)
  To: meta-virtualization

From: Xiangyu Chen <xiangyu.chen@windriver.com>

lxc-net enabled the IPv6 by default since v6.0.0[1], when named enabled on
system, the lxc-net which based on dnsmasq would fail to bind the IPv6
address on lxcbrX interface, that cause lxc cannot work correctly.

LXC upstream changed the default v6 address again[2], we need to line up with
upstream. Updated the lxc-net default v6 address to named.conf.option to tell
named don't bind and listen that address.

Ref:

[1] https://github.com/lxc/lxc/commit/e8888344
[2] https://github.com/lxc/lxc/commit/31012d49

Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
---
 recipes-core/bind/bind_virtualization.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-core/bind/bind_virtualization.inc b/recipes-core/bind/bind_virtualization.inc
index f942d7ad..bb4e22b2 100644
--- a/recipes-core/bind/bind_virtualization.inc
+++ b/recipes-core/bind/bind_virtualization.inc
@@ -1,4 +1,4 @@
 # Tell named not to bother listening on the IP address that lxc and libvirtd handles itself.
 do_install:append() {
-	sed -i -e 's,^\( *options *{\)$,\1\n\t// lxc and libvirtd would take care of this address itself\n\tlisten-on { ! 10.0.3.1; ! 192.168.122.1; any;};\n\tlisten-on-v6 { ! fc11:4514:1919:810::1; any;};\n,' ${D}${sysconfdir}/bind/named.conf.options
+	sed -i -e 's,^\( *options *{\)$,\1\n\t// lxc and libvirtd would take care of this address itself\n\tlisten-on { ! 10.0.3.1; ! 192.168.122.1; any;};\n\tlisten-on-v6 { ! fc42:5009:ba4b:5ab0::1; any;};\n,' ${D}${sysconfdir}/bind/named.conf.options
 }
-- 
2.34.1



^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [meta-virtualization][PATCH] lxc: don't allow named listening IPv6 address on lxcbrX network interface
  2025-06-06  3:35 [meta-virtualization][PATCH] lxc: don't allow named listening IPv6 address on lxcbrX network interface Xiangyu Chen
@ 2025-06-12 14:41 ` Bruce Ashfield
  0 siblings, 0 replies; 5+ messages in thread
From: Bruce Ashfield @ 2025-06-12 14:41 UTC (permalink / raw)
  To: xiangyu.chen; +Cc: meta-virtualization

merged.

Bruce

In message: [meta-virtualization][PATCH] lxc: don't allow named listening IPv6 address on lxcbrX network interface
on 06/06/2025 Xiangyu Chen via lists.yoctoproject.org wrote:

> From: Xiangyu Chen <xiangyu.chen@windriver.com>
> 
> lxc-net enabled the IPv6 by default since v6.0.0[1], when named enabled on
> system, the lxc-net which based on dnsmasq would fail to bind the IPv6
> address on lxcbrX interface, that cause lxc cannot work correctly.
> 
> LXC upstream changed the default v6 address again[2], we need to line up with
> upstream. Updated the lxc-net default v6 address to named.conf.option to tell
> named don't bind and listen that address.
> 
> Ref:
> 
> [1] https://github.com/lxc/lxc/commit/e8888344
> [2] https://github.com/lxc/lxc/commit/31012d49
> 
> Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
> ---
>  recipes-core/bind/bind_virtualization.inc | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/recipes-core/bind/bind_virtualization.inc b/recipes-core/bind/bind_virtualization.inc
> index f942d7ad..bb4e22b2 100644
> --- a/recipes-core/bind/bind_virtualization.inc
> +++ b/recipes-core/bind/bind_virtualization.inc
> @@ -1,4 +1,4 @@
>  # Tell named not to bother listening on the IP address that lxc and libvirtd handles itself.
>  do_install:append() {
> -	sed -i -e 's,^\( *options *{\)$,\1\n\t// lxc and libvirtd would take care of this address itself\n\tlisten-on { ! 10.0.3.1; ! 192.168.122.1; any;};\n\tlisten-on-v6 { ! fc11:4514:1919:810::1; any;};\n,' ${D}${sysconfdir}/bind/named.conf.options
> +	sed -i -e 's,^\( *options *{\)$,\1\n\t// lxc and libvirtd would take care of this address itself\n\tlisten-on { ! 10.0.3.1; ! 192.168.122.1; any;};\n\tlisten-on-v6 { ! fc42:5009:ba4b:5ab0::1; any;};\n,' ${D}${sysconfdir}/bind/named.conf.options
>  }
> -- 
> 2.34.1
> 

> 
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#9273): https://lists.yoctoproject.org/g/meta-virtualization/message/9273
> Mute This Topic: https://lists.yoctoproject.org/mt/113498088/1050810
> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [bruce.ashfield@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
> 



^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2025-06-12 14:41 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-06-06  3:35 [meta-virtualization][PATCH] lxc: don't allow named listening IPv6 address on lxcbrX network interface Xiangyu Chen
2025-06-12 14:41 ` Bruce Ashfield
  -- strict thread matches above, loose matches on Subject: below --
2024-10-28  7:38 [meta-virtualization][PATCH] openvswitch: 3.3.2 Xiangyu Chen
2024-10-28  7:38 ` [meta-virtualization][PATCH] lxc: don't allow named listening IPv6 address on lxcbrX network interface Xiangyu Chen
2024-10-31  3:55   ` Bruce Ashfield
2024-11-02  4:04   ` Bruce Ashfield

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).