Backport fixes from upstream, including one to not break host systems if lxc-start is launched in the old (pre-0.6.4) way. Thanks to Andrian Nord in bug #296030.

(Portage version: 2.2_rc56/cvs/Linux x86_64)

7 files changed, 541 insertions, 77 deletions

diff --git a/app-emulation/lxc/ChangeLog b/app-emulation/lxc/ChangeLog
index ed15375166c0..0785b60e6112 100644
--- a/app-emulation/lxc/ChangeLog
+++ b/app-emulation/lxc/ChangeLog
@@ -1,6 +1,17 @@
 # ChangeLog for app-emulation/lxc
 # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/lxc/ChangeLog,v 1.5 2009/11/25 12:16:28 flameeyes Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/lxc/ChangeLog,v 1.6 2009/12/07 11:39:11 flameeyes Exp $
+
+*lxc-0.6.4-r1 (07 Dec 2009)
+
+  07 Dec 2009; Diego E. Pettenò <flameeyes@gentoo.org>
+  -files/0.6.2-as-needed.patch, -lxc-0.6.3.ebuild, +lxc-0.6.4-r1.ebuild,
+  +files/lxc-0.6.4-fix-full-system.patch,
+  +files/lxc-0.6.4-lxc.network.pair.patch,
+  +files/lxc-0.6.4-move-rcfile.patch:
+  Backport fixes from upstream, including one to not break host systems if
+  lxc-start is launched in the old (pre-0.6.4) way. Thanks to Andrian Nord
+  in bug #296030.
 
   25 Nov 2009; Diego E. Pettenò <flameeyes@gentoo.org> lxc-0.6.4.ebuild,
   metadata.xml:
diff --git a/app-emulation/lxc/files/0.6.2-as-needed.patch b/app-emulation/lxc/files/0.6.2-as-needed.patch
deleted file mode 100644
index 45e6c4cfa7c9..000000000000
--- a/app-emulation/lxc/files/0.6.2-as-needed.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-diff -Naur lxc-0.6.2.orig/src/lxc/Makefile.am lxc-0.6.2/src/lxc/Makefile.am
---- lxc-0.6.2.orig/src/lxc/Makefile.am	2009-05-21 11:26:06.527984732 +0200
-+++ lxc-0.6.2/src/lxc/Makefile.am	2009-05-21 11:30:21.774641310 +0200
-@@ -1,7 +1,6 @@
- INCLUDES= -I$(top_srcdir)/src -DLXCPATH="\"@LXCPATH@\"" \
- 	  -DLXCBINDIR="\"$(bindir)\"" \
- 	  -DLXCLIBEXECDIR="\"$(libexecdir)\""
--AM_LDFLAGS= -lutil
- lib_LTLIBRARIES = liblxc.la
- pkginclude_HEADERS = \
- 		error.h \
-@@ -51,6 +50,7 @@
- 	cr_plugin_columbia.c lxc_plugin.h
- 
- liblxc_la_LDFLAGS = -release @PACKAGE_VERSION@
-+liblxc_la_LIBADD = -lutil
- 
- bin_SCRIPTS = \
- 	lxc-ps \
diff --git a/app-emulation/lxc/files/lxc-0.6.4-fix-full-system.patch b/app-emulation/lxc/files/lxc-0.6.4-fix-full-system.patch
new file mode 100644
index 000000000000..553bf20e08bd
--- /dev/null
+++ b/app-emulation/lxc/files/lxc-0.6.4-fix-full-system.patch
@@ -0,0 +1,44 @@
+From f2ae79a04567fb8c1181f4d3331d2b7a48889cf3 Mon Sep 17 00:00:00 2001
+From: Andrian Nord <nightnord@gmail.com>
+Date: Thu, 26 Nov 2009 15:46:25 +0000
+Subject: "Default" configuration may destroy host system
+
+If you're running (by mistake or typo) (via lxc-start) container that does not
+exists it will run with lxc.rootfs=/, meaning that /sbin/init will
+restart initialization procedure, efficiently messing host's system,
+that may lead to unpredictable results or even destroy (make inaccessible) host
+system (by reseting network configuration or something like that).
+
+(Actually, it _did_ destroy system of everyone who tested this).
+
+Actually, I finally lost any meaning of having such a feature for
+full-system containers. You may not use hosts's FS - it's described at
+above. You may not use some temporary directory - that's nonsense.
+
+This patch forbinds starting container via lxc-start without rcfile and
+custom start program, but probably it fixes only small part of problem.
+I really don't see much sense in such a feature without ability of
+overriding 'default' setting with command line switches. Anyway, default
+behaviour should be as save as possible.
+
+Signed-off-by: Andrian Nord <NightNord@gmail.com>
+Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
+---
+diff --git a/src/lxc/lxc_start.c b/src/lxc/lxc_start.c
+index b8d03e8..d2471eb 100644
+--- a/src/lxc/lxc_start.c
++++ b/src/lxc/lxc_start.c
+@@ -173,6 +173,11 @@ int main(int argc, char *argv[])
+ 		return err;
+ 	}
+ 
++	if (!rcfile && !strcmp("/sbin/init", args[0])) {
++		ERROR("no configuration file for '/sbin/init' (may crash the host)");
++		return err;
++	}
++
+ 	if (my_args.daemonize) {
+ 
+                 /* do not chdir as we want to open the log file,
+--
+cgit v0.8.3
diff --git a/app-emulation/lxc/files/lxc-0.6.4-lxc.network.pair.patch b/app-emulation/lxc/files/lxc-0.6.4-lxc.network.pair.patch
new file mode 100644
index 000000000000..9c7ab1ab2158
--- /dev/null
+++ b/app-emulation/lxc/files/lxc-0.6.4-lxc.network.pair.patch
@@ -0,0 +1,103 @@
+From 8634bc197f742267b2eabd8543265ba93177b529 Mon Sep 17 00:00:00 2001
+From: Michael Tokarev <mjt@tls.msk.ru>
+Date: Thu, 26 Nov 2009 15:46:23 +0000
+Subject: allow lxc.network.pair to specify host-side name for veth interface
+
+Currently we allocate veth device with random name on host side,
+so that things like firewall rules or accounting does not work
+at all.  Fix this by recognizing yet anothe keyword to specify
+the host-side device name: lxc.network.pair, and use it instead
+of random name if specified.
+
+Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
+Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
+---
+diff --git a/src/lxc/conf.c b/src/lxc/conf.c
+index 9c3a558..523270e 100644
+--- a/src/lxc/conf.c
++++ b/src/lxc/conf.c
+@@ -829,14 +829,19 @@ int lxc_conf_init(struct lxc_conf *conf)
+ 
+ static int instanciate_veth(struct lxc_netdev *netdev)
+ {
+-	char veth1[IFNAMSIZ];
++	char veth1buf[IFNAMSIZ], *veth1;
+ 	char veth2[IFNAMSIZ];
+ 	int ret = -1;
+ 
+-	snprintf(veth1, sizeof(veth1), "vethXXXXXX");
+-	snprintf(veth2, sizeof(veth2), "vethXXXXXX");
++	if (netdev->pair)
++		veth1 = netdev->pair;
++	else {
++		snprintf(veth1buf, sizeof(veth1buf), "vethXXXXXX");
++		mktemp(veth1buf);
++		veth1 = veth1buf;
++	}
+ 
+-	mktemp(veth1);
++	snprintf(veth2, sizeof(veth2), "vethXXXXXX");
+ 	mktemp(veth2);
+ 
+ 	if (!strlen(veth1) || !strlen(veth2)) {
+diff --git a/src/lxc/conf.h b/src/lxc/conf.h
+index 0b8d732..bb38206 100644
+--- a/src/lxc/conf.h
++++ b/src/lxc/conf.h
+@@ -73,6 +73,7 @@ struct lxc_route6 {
+  * Defines a structure to configure a network device
+  * @link   : lxc.network.link, name of bridge or host iface to attach if any
+  * @name   : lxc.network.name, name of iface on the container side
++ * @pair   : lxc.network.pair, name of host-side iface in case of veth etc
+  * @flags  : flag of the network device (IFF_UP, ... )
+  * @ipv4   : a list of ipv4 addresses to be set on the network device
+  * @ipv6   : a list of ipv6 addresses to be set on the network device
+@@ -83,6 +84,7 @@ struct lxc_netdev {
+ 	int ifindex;
+ 	char *link;
+ 	char *name;
++	char *pair;
+ 	char *hwaddr;
+ 	char *mtu;
+ 	struct lxc_list ipv4;
+diff --git a/src/lxc/confile.c b/src/lxc/confile.c
+index 39a8e2c..3a9a86d 100644
+--- a/src/lxc/confile.c
++++ b/src/lxc/confile.c
+@@ -49,6 +49,7 @@ static int config_network_type(const char *, char *, struct lxc_conf *);
+ static int config_network_flags(const char *, char *, struct lxc_conf *);
+ static int config_network_link(const char *, char *, struct lxc_conf *);
+ static int config_network_name(const char *, char *, struct lxc_conf *);
++static int config_network_pair(const char *, char *, struct lxc_conf *);
+ static int config_network_hwaddr(const char *, char *, struct lxc_conf *);
+ static int config_network_mtu(const char *, char *, struct lxc_conf *);
+ static int config_network_ipv4(const char *, char *, struct lxc_conf *);
+@@ -73,6 +74,7 @@ static struct config config[] = {
+ 	{ "lxc.network.flags",  config_network_flags  },
+ 	{ "lxc.network.link",   config_network_link   },
+ 	{ "lxc.network.name",   config_network_name   },
++	{ "lxc.network.pair",   config_network_pair   },
+ 	{ "lxc.network.hwaddr", config_network_hwaddr },
+ 	{ "lxc.network.mtu",    config_network_mtu    },
+ 	{ "lxc.network.ipv4",   config_network_ipv4   },
+@@ -221,6 +223,18 @@ static int config_network_name(const char *key, char *value,
+ 	return network_ifname(&netdev->name, value);
+ }
+ 
++static int config_network_pair(const char *key, char *value,
++			       struct lxc_conf *lxc_conf)
++{
++	struct lxc_netdev *netdev;
++
++	netdev = network_netdev(key, value, &lxc_conf->network);
++	if (!netdev)
++		return -1;
++
++	return network_ifname(&netdev->pair, value);
++}
++
+ static int config_network_hwaddr(const char *key, char *value,
+ 				 struct lxc_conf *lxc_conf)
+ {
+--
+cgit v0.8.3
diff --git a/app-emulation/lxc/files/lxc-0.6.4-move-rcfile.patch b/app-emulation/lxc/files/lxc-0.6.4-move-rcfile.patch
new file mode 100644
index 000000000000..6d2bb09843ea
--- /dev/null
+++ b/app-emulation/lxc/files/lxc-0.6.4-move-rcfile.patch
@@ -0,0 +1,305 @@
+From fae349da89b9ad063f0080970558b7f02ce233c2 Mon Sep 17 00:00:00 2001
+From: Daniel Lezcano <daniel.lezcano@free.fr>
+Date: Thu, 26 Nov 2009 15:46:24 +0000
+Subject: pass lxc_conf to the lxc_start function instead of the rcfile
+
+The rcfile is parsed in the lxc_start function. This is not the place
+to do that. Let's the caller to do that.
+
+In the meantime, we have the lxc_conf structure filled right before
+calling the lxc_start function so we can do some sanity check on the
+configuration to not break the system when we launch the container.
+
+Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> 
+---
+diff --git a/src/lxc/commands.c b/src/lxc/commands.c
+index 02239e5..4c48571 100644
+--- a/src/lxc/commands.c
++++ b/src/lxc/commands.c
+@@ -135,7 +135,7 @@ static int trigger_command(int fd, struct lxc_request *request,
+ static void command_fd_cleanup(int fd, struct lxc_handler *handler,
+ 			       struct lxc_epoll_descr *descr)
+ {
+-	lxc_console_remove_fd(fd, &handler->conf.tty_info);
++	lxc_console_remove_fd(fd, &handler->conf->tty_info);
+ 	lxc_mainloop_del_handler(descr, fd);
+ 	close(fd);
+ }
+diff --git a/src/lxc/console.c b/src/lxc/console.c
+index 52f6cec..96a6edd 100644
+--- a/src/lxc/console.c
++++ b/src/lxc/console.c
+@@ -98,7 +98,7 @@ extern int lxc_console_callback(int fd, struct lxc_request *request,
+ 			struct lxc_handler *handler)
+ {
+ 	int ttynum = request->data;
+-	struct lxc_tty_info *tty_info = &handler->conf.tty_info;
++	struct lxc_tty_info *tty_info = &handler->conf->tty_info;
+ 
+ 	if (ttynum > 0) {
+ 		if (ttynum > tty_info->nbtty)
+diff --git a/src/lxc/lxc.h b/src/lxc/lxc.h
+index 66cb3b8..8cf21c1 100644
+--- a/src/lxc/lxc.h
++++ b/src/lxc/lxc.h
+@@ -31,6 +31,7 @@ extern "C" {
+ #include <lxc/state.h>
+ 
+ struct lxc_msg;
++struct lxc_conf;
+ 
+ /**
+  Following code is for liblxc.
+@@ -44,7 +45,7 @@ struct lxc_msg;
+  * @argv     : an array of char * corresponding to the commande line
+  * Returns 0 on sucess, < 0 otherwise
+  */
+-extern int lxc_start(const char *name, char *const argv[], const char *rcfile);
++extern int lxc_start(const char *name, char *const argv[], struct lxc_conf *);
+ 
+ /*
+  * Stop the container previously started with lxc_start, all
+diff --git a/src/lxc/lxc_execute.c b/src/lxc/lxc_execute.c
+index 846a96f..40a4b93 100644
+--- a/src/lxc/lxc_execute.c
++++ b/src/lxc/lxc_execute.c
+@@ -31,10 +31,11 @@
+ #include <sys/stat.h>
+ #include <sys/param.h>
+ 
+-#include <lxc/log.h>
+-#include <lxc/confile.h>
+-#include <lxc/lxc.h>
+ 
++#include "lxc.h"
++#include "log.h"
++#include "conf.h"
++#include "confile.h"
+ #include "arguments.h"
+ #include "config.h"
+ 
+@@ -83,6 +84,7 @@ int main(int argc, char *argv[])
+ {
+ 	static char **args;
+ 	char *rcfile;
++	struct lxc_conf conf;
+ 
+ 	if (lxc_arguments_parse(&my_args, argc, argv))
+ 		return -1;
+@@ -111,6 +113,16 @@ int main(int argc, char *argv[])
+ 		}
+ 	}
+ 
+-	return lxc_start(my_args.name, args, my_args.rcfile);
++	if (lxc_conf_init(&conf)) {
++		ERROR("failed to initialze configuration");
++		return -1;
++	}
++
++	if (rcfile && lxc_config_read(rcfile, &conf)) {
++		ERROR("failed to read configuration file");
++		return -1;
++	}
++
++	return lxc_start(my_args.name, args, &conf);
+ }
+ 
+diff --git a/src/lxc/lxc_start.c b/src/lxc/lxc_start.c
+index cf87abf..b8d03e8 100644
+--- a/src/lxc/lxc_start.c
++++ b/src/lxc/lxc_start.c
+@@ -40,12 +40,13 @@
+ #include <netinet/in.h>
+ #include <net/if.h>
+ 
+-#include <lxc/lxc.h>
+-#include <lxc/log.h>
+-#include <lxc/utils.h>
+-
+-#include "arguments.h"
++#include "log.h"
++#include "lxc.h"
++#include "conf.h"
++#include "utils.h"
+ #include "config.h"
++#include "confile.h"
++#include "arguments.h"
+ 
+ lxc_log_define(lxc_start, lxc);
+ 
+@@ -132,6 +133,7 @@ int main(int argc, char *argv[])
+ 	};
+ 
+ 	char *rcfile = NULL;
++	struct lxc_conf conf;
+ 
+ 	if (lxc_arguments_parse(&my_args, argc, argv))
+ 		return err;
+@@ -161,6 +163,16 @@ int main(int argc, char *argv[])
+ 		}
+ 	}
+ 
++	if (lxc_conf_init(&conf)) {
++		ERROR("failed to initialze configuration");
++		return err;
++	}
++
++	if (rcfile && lxc_config_read(rcfile, &conf)) {
++		ERROR("failed to read configuration file");
++		return err;
++	}
++
+ 	if (my_args.daemonize) {
+ 
+                 /* do not chdir as we want to open the log file,
+@@ -187,7 +199,7 @@ int main(int argc, char *argv[])
+ 
+ 	save_tty(&tios);
+ 
+-	err = lxc_start(my_args.name, args, rcfile);
++	err = lxc_start(my_args.name, args, &conf);
+ 
+ 	restore_tty(&tios);
+ 
+diff --git a/src/lxc/start.c b/src/lxc/start.c
+index 7143421..7e9d924 100644
+--- a/src/lxc/start.c
++++ b/src/lxc/start.c
+@@ -230,7 +230,7 @@ static int console_init(char *console, size_t size)
+ 	return 0;
+ }
+ 
+-struct lxc_handler *lxc_init(const char *name, const char *rcfile)
++struct lxc_handler *lxc_init(const char *name, struct lxc_conf *conf)
+ {
+ 	struct lxc_handler *handler;
+ 
+@@ -240,36 +240,20 @@ struct lxc_handler *lxc_init(const char *name, const char *rcfile)
+ 
+ 	memset(handler, 0, sizeof(*handler));
+ 
++	handler->conf = conf;
++
+ 	/* Begin the set the state to STARTING*/
+ 	if (lxc_set_state(name, handler, STARTING)) {
+ 		ERROR("failed to set state '%s'", lxc_state2str(STARTING));
+ 		goto out_free;
+ 	}
+ 
+-	if (lxc_conf_init(&handler->conf)) {
+-		ERROR("failed to initialize the configuration");
+-		goto out_aborting;
+-	}
+-
+-	if (rcfile) {
+-		if (access(rcfile, F_OK)) {
+-			ERROR("failed to access '%s'", rcfile);
+-			goto out_aborting;
+-		}
+-
+-		if (lxc_config_read(rcfile, &handler->conf)) {
+-			ERROR("failed to read '%s'", rcfile);
+-			goto out_aborting;
+-		}
+-	}
+-
+-	if (console_init(handler->conf.console,
+-			 sizeof(handler->conf.console))) {
++	if (console_init(conf->console, sizeof(conf->console))) {
+ 		ERROR("failed to initialize the console");
+ 		goto out_aborting;
+ 	}
+ 
+-	if (lxc_create_tty(name, &handler->conf)) {
++	if (lxc_create_tty(name, conf)) {
+ 		ERROR("failed to create the ttys");
+ 		goto out_aborting;
+ 	}
+@@ -294,7 +278,7 @@ out:
+ 	return handler;
+ 
+ out_delete_tty:
+-	lxc_delete_tty(&handler->conf.tty_info);
++	lxc_delete_tty(&conf->tty_info);
+ out_aborting:
+ 	lxc_set_state(name, handler, ABORTING);
+ out_free:
+@@ -313,7 +297,7 @@ void lxc_fini(const char *name, struct lxc_handler *handler)
+ 	lxc_unlink_nsgroup(name);
+ 
+ 	if (handler) {
+-		lxc_delete_tty(&handler->conf.tty_info);
++		lxc_delete_tty(&handler->conf->tty_info);
+ 		free(handler);
+ 	}
+ 
+@@ -366,7 +350,7 @@ static int do_start(void *arg)
+ 	}
+ 
+ 	/* Setup the container, ip, names, utsname, ... */
+-	if (lxc_setup(name, &handler->conf)) {
++	if (lxc_setup(name, handler->conf)) {
+ 		ERROR("failed to setup the container");
+ 		goto out_warn_father;
+ 	}
+@@ -414,14 +398,14 @@ int lxc_spawn(const char *name, struct lxc_handler *handler, char *const argv[])
+ 	}
+ 
+ 	clone_flags = CLONE_NEWUTS|CLONE_NEWPID|CLONE_NEWIPC|CLONE_NEWNS;
+-	if (!lxc_list_empty(&handler->conf.network)) {
++	if (!lxc_list_empty(&handler->conf->network)) {
+ 
+ 		clone_flags |= CLONE_NEWNET;
+ 
+ 		/* that should be done before the clone because we will
+ 		 * fill the netdev index and use them in the child
+ 		 */
+-		if (lxc_create_network(&handler->conf.network)) {
++		if (lxc_create_network(&handler->conf->network)) {
+ 			ERROR("failed to create the network");
+ 			goto out_close;
+ 		}
+@@ -447,7 +431,7 @@ int lxc_spawn(const char *name, struct lxc_handler *handler, char *const argv[])
+ 
+ 	/* Create the network configuration */
+ 	if (clone_flags & CLONE_NEWNET) {
+-		if (lxc_assign_network(&handler->conf.network, handler->pid)) {
++		if (lxc_assign_network(&handler->conf->network, handler->pid)) {
+ 			ERROR("failed to create the configured network");
+ 			goto out_abort;
+ 		}
+@@ -486,13 +470,13 @@ out_abort:
+ 	goto out_close;
+ }
+ 
+-int lxc_start(const char *name, char *const argv[], const char *rcfile)
++int lxc_start(const char *name, char *const argv[], struct lxc_conf *conf)
+ {
+ 	struct lxc_handler *handler;
+ 	int err = -1;
+ 	int status;
+ 
+-	handler = lxc_init(name, rcfile);
++	handler = lxc_init(name, conf);
+ 	if (!handler) {
+ 		ERROR("failed to initialize the container");
+ 		return -1;
+diff --git a/src/lxc/start.h b/src/lxc/start.h
+index 3390411..ba55562 100644
+--- a/src/lxc/start.h
++++ b/src/lxc/start.h
+@@ -34,10 +34,10 @@ struct lxc_handler {
+ 	int sigfd;
+ 	char nsgroup[MAXPATHLEN];
+ 	sigset_t oldmask;
+-	struct lxc_conf conf;
++	struct lxc_conf *conf;
+ };
+ 
+-extern struct lxc_handler *lxc_init(const char *name, const char *rcfile);
++extern struct lxc_handler *lxc_init(const char *name, struct lxc_conf *);
+ extern int lxc_spawn(const char *name, struct lxc_handler *handler,
+ 		     char *const argv[]);
+ 
+--
+cgit v0.8.3
diff --git a/app-emulation/lxc/lxc-0.6.3.ebuild b/app-emulation/lxc/lxc-0.6.3.ebuild
deleted file mode 100644
index b05c600fd155..000000000000
--- a/app-emulation/lxc/lxc-0.6.3.ebuild
+++ /dev/null
@@ -1,57 +0,0 @@
-# Copyright 1999-2009 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/lxc/lxc-0.6.3.ebuild,v 1.2 2009/11/14 19:23:22 swegener Exp $
-
-EAPI="2"
-
-inherit autotools eutils linux-info
-
-DESCRIPTION="Linux Resource Containers Userspace Tools"
-HOMEPAGE="http://lxc.sourceforge.net/"
-SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz"
-LICENSE="LGPL-2.1"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE=""
-
-RDEPEND="sys-libs/libcap"
-DEPEND="${RDEPEND}
-	sys-kernel/linux-headers
-	app-text/docbook-sgml-utils"
-
-# TODO:
-# - add checks for the various kernel features which have to be enabled
-
-CONFIG_CHECK="CGROUPS CGROUP_NS NAMESPACES UTS_NS IPC_NS USER_NS PID_NS NET_NS"
-
-src_prepare() {
-	epatch "${FILESDIR}/0.6.2-as-needed.patch"
-	eautoreconf
-}
-
-src_configure() {
-	econf --localstatedir=/var --bindir=/usr/sbin --disable-static
-}
-
-src_install() {
-	emake DESTDIR="${D}" install || die "emake install failed"
-	dodoc AUTHORS ChangeLog CONTRIBUTING MAINTAINERS NEWS README TODO doc/FAQ.txt || die
-
-	# The default files installed in /etc/lxc are just samples;
-	# install them as documentation instead.
-	mv "${D}"/etc/lxc "${D}"/usr/share/doc/${PF}/config-examples || die
-	keepdir /etc/lxc /var/lib/lxc
-
-	rm "${D}"/usr/sbin/lxc-{setcap,ls}
-
-	find "${D}" -name '*.la' -delete
-}
-
-pkg_postinst() {
-	ewarn "You may have to enable more than the kernel features this ebuild"
-	ewarn "already checked for, depending on what you want to use."
-	elog "If you want network you definetely have to enable the veth module"
-	elog "and possibly also the macvlan (depending on how you want to do it)."
-	elog "If you want the to be able to freeze containers you will also want"
-	elog "the cgroup freezer."
-}
diff --git a/app-emulation/lxc/lxc-0.6.4-r1.ebuild b/app-emulation/lxc/lxc-0.6.4-r1.ebuild
new file mode 100644
index 000000000000..24ae5f97d000
--- /dev/null
+++ b/app-emulation/lxc/lxc-0.6.4-r1.ebuild
@@ -0,0 +1,77 @@
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/lxc/lxc-0.6.4-r1.ebuild,v 1.1 2009/12/07 11:39:11 flameeyes Exp $
+
+EAPI="2"
+
+inherit eutils linux-info versionator base
+
+DESCRIPTION="LinuX Containers userspace utilities"
+HOMEPAGE="http://lxc.sourceforge.net/"
+SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz"
+
+KEYWORDS="~amd64 ~x86"
+
+LICENSE="LGPL-3"
+SLOT="0"
+IUSE="+doc examples"
+
+RDEPEND="sys-libs/libcap"
+
+DEPEND="${RDEPEND}
+	doc? ( app-text/docbook-sgml-utils )
+	>=sys-kernel/linux-headers-2.6.29"
+
+CONFIG_CHECK="~CGROUPS
+	~CGROUP_NS ~CPUSETS ~CGROUP_CPUACCT
+	~RESOURCE_COUNTERS ~CGROUP_MEM_RES_CTLR
+	~CGROUP_SCHED
+
+	~NAMESPACES
+	~IPC_NS ~USER_NS ~PID_NS
+
+	~SECURITY_FILE_CAPABILITIES
+	~DEVPTS_MULTIPLE_INSTANCES
+	~CGROUP_FREEZER
+	~UTS_NS ~NET_NS
+	~VETH ~MACVLAN"
+
+ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES:	needed for pts inside container"
+
+ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER:	needed to freeze containers"
+
+ERROR_UTS_NS="CONFIG_UTS_NS:	needed to unshare hostnames and uname info"
+ERROR_NET_NS="CONFIG_NET_NS:	needed for unshared network"
+
+ERROR_VETH="CONFIG_VETH:	needed for internal (inter-container) networking"
+ERROR_MACVLAN="CONFIG_MACVLAN:	needed for internal (inter-container) networking"
+
+PATCHES=(
+	"${FILESDIR}"/${P}-lxc.network.pair.patch
+	"${FILESDIR}"/${P}-move-rcfile.patch
+	"${FILESDIR}"/${P}-fix-full-system.patch
+)
+
+src_configure() {
+	econf \
+		--localstatedir=/var \
+		--bindir=/usr/sbin \
+		--docdir=/usr/share/doc/${PF} \
+		--with-config-path=/etc/lxc	\
+		$(use_enable doc) \
+		$(use_enable examples) \
+		|| die "configure failed"
+}
+
+src_install() {
+	emake DESTDIR="${D}" install || die "install failed"
+
+	dodoc AUTHORS CONTRIBUTING MAINTAINERS \
+		NEWS TODO README doc/FAQ.txt || die "dodoc failed"
+
+	rm -r "${D}"/etc/lxc "${D}"/usr/sbin/lxc-{setcap,ls}
+
+	keepdir /etc/lxc
+
+	find "${D}" -name '*.la' -delete
+}