lxc: update to 3.0.2, enable apparmor

CVE-2018-6556

srcpkgs/lxc/patches/musl-strerror.patch

@@ -0,0 +1,97 @@
+diff --git configure.ac configure.ac
+index 19d9ea22..b2b2f71c 100644
+--- configure.ac
++++ configure.ac
+@@ -619,6 +619,12 @@ AC_HEADER_MAJOR
+ # Check for some syscalls functions
+ AC_CHECK_FUNCS([setns pivot_root sethostname unshare rand_r confstr faccessat gettid memfd_create])
+ 
++# Check for strerror_r() support. Defines:
++# - HAVE_STRERROR_R if available
++# - HAVE_DECL_STRERROR_R if defined
++# - STRERROR_R_CHAR_P if it returns char *
++AC_FUNC_STRERROR_R
++
+ # Check for some functions
+ AC_CHECK_LIB(pthread, main)
+ AC_CHECK_FUNCS(statvfs)
+@@ -676,6 +682,11 @@ if test "x$enable_werror" = "xyes"; then
+ 	CFLAGS="$CFLAGS -Werror -Wvla -std=gnu11"
+ fi
+ 
++AC_ARG_ENABLE([thread-safety],
++	[AC_HELP_STRING([--enable-thread-safety], [enforce thread-safety otherwise fail the build [default=yes]])],
++	[], [enable_thread_safety=yes])
++AM_CONDITIONAL([ENFORCE_THREAD_SAFETY], [test "x$enable_thread_safety" = "xyes"])
++
+ # Files requiring some variable expansion
+ AC_CONFIG_FILES([
+ 	Makefile
+@@ -919,4 +930,7 @@ Debugging:
+ 
+ Paths:
+  - Logs in configpath: $enable_configpath_log
++
++Thread-safety:
++ - enforce: $enable_thread_safety
+ EOF
+diff --git src/lxc/log.h src/lxc/log.h
+index 4654fd91..a7f72b4c 100644
+--- src/lxc/log.h
++++ src/lxc/log.h
+@@ -327,22 +327,40 @@ ATTR_UNUSED static inline void LXC_##LEVEL(struct lxc_log_locinfo* locinfo,	\
+ /*
+  * Helper macro to define errno string.
+  */
+-#if (_POSIX_C_SOURCE >= 200112L || _XOPEN_SOURCE >= 600) && !defined(_GNU_SOURCE) || IS_BIONIC
+-#define lxc_log_strerror_r                                               \
+-	char errno_buf[MAXPATHLEN / 2] = {"Failed to get errno string"}; \
+-	char *ptr = errno_buf;                                           \
+-	{                                                                \
+-		(void)strerror_r(errno, errno_buf, sizeof(errno_buf));   \
+-	}
++#if HAVE_STRERROR_R
++	#ifndef HAVE_DECL_STRERROR_R
++		#ifdef STRERROR_R_CHAR_P
++			char *strerror_r(int errnum, char *buf, size_t buflen);
++		#else
++			int strerror_r(int errnum, char *buf, size_t buflen);
++		#endif
++	#endif
++
++	#ifdef STRERROR_R_CHAR_P
++		#define lxc_log_strerror_r                                               \
++			char errno_buf[MAXPATHLEN / 2] = {"Failed to get errno string"}; \
++			char *ptr = NULL;                                                \
++			{                                                                \
++				ptr = strerror_r(errno, errno_buf, sizeof(errno_buf));   \
++				if (!ptr)                                                \
++					ptr = errno_buf;                                 \
++			}
++	#else
++		#define lxc_log_strerror_r                                               \
++			char errno_buf[MAXPATHLEN / 2] = {"Failed to get errno string"}; \
++			char *ptr = errno_buf;                                           \
++			{                                                                \
++				(void)strerror_r(errno, errno_buf, sizeof(errno_buf));   \
++			}
++	#endif
++#elif ENFORCE_THREAD_SAFETY
++	#error ENFORCE_THREAD_SAFETY was set but cannot be guaranteed
+ #else
+-#define lxc_log_strerror_r                                               \
+-	char errno_buf[MAXPATHLEN / 2] = {"Failed to get errno string"}; \
+-	char *ptr;                                                       \
+-	{                                                                \
+-		ptr = strerror_r(errno, errno_buf, sizeof(errno_buf));   \
+-		if (!ptr)                                                \
+-			ptr = errno_buf;                                 \
+-	}
++	#define lxc_log_strerror_r             \
++		char *ptr = NULL;              \
++		{                              \
++			ptr = strerror(errno); \
++		}
+ #endif
+ 
+ /*

srcpkgs/lxc/patches/musl-string.patch

@@ -1,5 +1,5 @@
---- src/lxc/parse.c	2018-03-28 04:48:26.000000000 +0300
-+++ src/lxc/parse.c	2018-05-07 21:07:45.737722549 +0300
+--- src/lxc/parse.c    2018-03-28 04:48:26.000000000 +0300
++++ src/lxc/parse.c    2018-05-07 21:07:45.737722549 +0300
 @@ -23,11 +23,11 @@
  
  #define _GNU_SOURCE

srcpkgs/lxc/template

@@ -2,21 +2,21 @@
 _desc="Linux Containers"
 
 pkgname=lxc
-version=3.0.1
-revision=2
+version=3.0.2
+revision=1
 build_style=gnu-configure
 configure_args="--enable-doc --enable-seccomp
- --enable-capabilities --disable-apparmor --with-distro=none
+ --enable-capabilities --enable-apparmor --with-distro=none
  --with-rootfs-path=/var/lxc/containers --with-log-path=/var/lxc/log"
 hostmakedepends="automake libtool pkg-config docbook2x"
-makedepends="libcap-devel libseccomp-devel gnutls-devel"
+makedepends="libcap-devel libseccomp-devel gnutls-devel libapparmor-devel"
 depends="xz gnupg"
 short_desc="${_desc} - utilities"
 maintainer="Juan RP <xtraeme@voidlinux.eu>"
 homepage="https://linuxcontainers.org"
 license="LGPL-2.1"
 distfiles="https://linuxcontainers.org/downloads/lxc-${version}.tar.gz"
-checksum=45986c49be1c048fa127bd3e7ea1bd3347e25765c008a09a2e4c233151a2d5db
+checksum=6ab7117b17066220da450c55ed77953998cf2336d415143b879554364af12f5c
 
 conf_files="/etc/lxc/default.conf"
 make_dirs="