LXC 1.1.3 release announcement¶
14 Agt 2015
This is the third bugfix release for LXC 1.1.
Changes¶
Important:
- Security fix for CVE-2015-1331
- Security fix for CVE-2015-1334
- Fix an ABI regression in LXC 1.1 compared to LXC 1.0.
Fixing this unfortunately means that binaries built against LXC
1.1.0, 1.1.1 and 1.1.2 will need rebuilding against LXC 1.1.3.
This is however preferable to not having backward compatibility with
binaries built for LXC 1.0 and its bugfix releases.
Core:
- apparmor: Call /lib/apparmor/profile-load directly instead of the wrapper
- aufs: Support unprivileged containers
- bash: Use POSIX-compliant function names
- cgmanager: Respect lxc.cgroup.use
- cgmanager: Use listcontrollers instead of /proc/self/cgroups
- cgroup: Apply the memory restrictions in the right order
- clone: Properly handle filesystem capabilities
- clone: Properly handle hardlinks
- core: Container logging is now thread safe
- destroy: Properly remove btrfs subvolumes
- lua: Support Lua 5.3
- lxc-net: Fix several bugs
- lxc-net: Support IPv6
- lxc-net: Use iproute instead of ifconfig
- monitor: Fix race conditions in the monitor container interface
- network: Properly handle veth setup on reboot
- overlayfs: Create the workdir if missing
- seccomp: simplify the setup code and fix rule parsing
- start: Always close fds 0-2 when daemonized
- start: Better handle some daemonized startup failures
- start: Improve error message when lxc-init can't be found
- start: In userns, ignore umount failures for /proc
- start: When available, use /dev/loop-control to configure the loop devices
- systemd: Fix startup race condition between lxc-containers and lxc-net
- Several fixes for small memory leaks (thanks to Coverity)
- Various improvements to the checkpoint/restore feature
- Various documentation improvements
- Various tests improvements
Commands:
- lxc-autostart: Fix broken output when stdout isn't a tty
- lxc-checkconfig: support newer kernels
Templates:
- alpine: Fix /dev/shm handling
- alpine: Fix verification of the apk binary
- centos: Fix support for some version of yum
- debian: Fix debootrstap when GREP_OPTIONS is set
- debian: Fix errors when dbus isn't installed
- debian: Reconfigure locales
- debian: Skip the security mirror for unstable/sid
- fedora: Support secondary architectures
- fedora: Update to the old release repository for Fedora 20
- gentoo: Fix /dev/mqueue and /dev/shm handling
- opensuse: Use rpm to determine the build version
- oracle: Fix /dev/shm handling
Those stable fixes were brought to you by 31 individual contributors.
Downloads¶
The release tarballs may be found on our download page and we expect most distributions
will very soon ship a packaged version of LXC 1.1.3.
Should you be interested in individual changes or just looking at the detailed development history,
our stable branch is on GitHub.