News

LXC 4.0.10 has been released

17th of July 2021

Introduction

The LXC team is pleased to announce the release of LXC 4.0.10!

This is the tenth bugfix release for LXC 4.0 which is supported until June 2025.

Bugfixes

As usual this bugfix releases focus on stability and hardening. Some of the highlights for this release are:

  • Fix issues with less common architectures
  • Support for additional idmap mounts
  • nft support in lxc-net
  • Cleaner mount entries for sys:mixed
  • Switched GPG server to keyserver.ubuntu.com

The full list of commits is available below:

  • conf: handle kernels with CAP_SETFCAP
  • doc: document new idmap= option for lxc.rootfs.options
  • Skip rootfs pinning for ZFS roots.
  • Reflow ZFS check to follow the style of the overlayfs return.
  • confile: re-add aarch64 architecture
  • tests: add tests for supported architectures
  • tests: fix lxc-test-arch-parse for make dist
  • confile: convert AppArmor and SELinux confile parsing from errors to warnings
  • Merge pull request #3835 from brauner/2021-05-10.fixes.apparmor.stable-4.0
  • oss-fuzz: add basic cgroup_init()/cgroup_exit() fuzzing
  • cgroups: clean up cgroup_ops on initialization error
  • conf: allow xdev when setting up /dev
  • conf: don't unmount procfs and sysfs
  • conf: tweak rootfs handling
  • start: move idmapped mount setup later
  • tree-wide: s/parse_mntopts/parse_mntopts_legacy/
  • conf: rename struct mount_opt flag member s/flag/legacy_flag/
  • Skip rootfs pinning for read-only file system.
  • conf: support idmapped lxc.mount.entry entries
  • conf: add sequence when setting up idmapped mounts
  • confile: free mount data
  • conf: fix mount option parsing
  • cgroups: rework check whether legacy hierarchy is writable
  • conf: move file descriptor synchronization with child into single function
  • conf: move file descriptor synchronization with parent into single function
  • conf: use explicit signage in bit field
  • start: use barrier instead of wake/wait pair
  • start: reorder START_SYNC_POST_CONFIGURE
  • start: simplify startup synchronization
  • README: Update IRC
  • network: please broken compilers
  • Update lxc-net to support nftables
  • lxc: add lpthread to lxc.pc
  • lsm/apparmor: actually report an error when we fail to wire AppArmor profile
  • tools/lxc_autostart: fix failed count
  • api_extensions: introduce idmapped_mounts_v2 api extension
  • confile: backport lxc.init.groups config key
  • string utils: Make sure don't return uninitialized memory.
  • Add support for LISTEN_FDS environment variable.
  • common.conf: replace problematic terminology
  • seccomp: replace problematic terminology
  • tree-wide: remove problematic terminology
  • tree-wide: replace problematic terminology
  • tree-wide: replace problematic terminology
  • tree-wide: replace problematic terminology
  • cgroups: use stable ordering for co-mounted v1 controllers
  • When an item is added to an array, then the array is realloc()ed (to size+1), and the item is copied (strdup()) to the array. Thus, when an item is removed from an array, memory allocated for that item should be freed, successive items should be left-shifted and the array realloc()ed again (size-1).
  • Resize array in remove_from_array() and fix a crash
  • lxc-download: Switch GPG server
  • cgroups: verify that hierarchies are non-empty
  • When an item is added to an array, then the array is realloc()ed (to size+1), and the item is copied (strdup()) to the array. Thus, when an item is removed from an array, memory allocated for that item should be freed, successive items should be left-shifted and the array realloc()ed again (size-1).
  • execute: don't exec init, call it
  • initutils: use vfork() in lxc_container_init()
  • network: log network devices while sending
  • execute: ensure parent is notified about child exec and close all unneeded fds
  • initutils: close dirfd in error path
  • conf: improve read-only /sys with read-write /sys/devices/virtual/net
  • tests: add tests for read-only /sys with read-write /sys/devices/virtual/net
  • cgroups: handle funky cgroup layouts
  • terminal: ensure newlines are turned into newlines+carriage return for terminal output
  • cmd/lxc-checkconfig: list cgroup namespaces and rename confusing ns_cgroup entry
  • doc: Add eBPF-based device controller semantics to Japanese man page
  • doc: Append description of net type field
  • doc: Add new idmap= option to Japanese lxc.container.conf(5)
  • doc: Fix typo in English lxc.container.conf(5)
  • conf: userns.conf: include userns.conf.d
  • confile: allow including nonexisting directories
  • lxc_unshare: make mount table private
  • lxc_unshare: fix network device handling
  • file_utils: surface ENOENT when falling back to openat()
  • doc/common_options: add trace and alert loglevels
  • initutils: include pthread.h
  • start: fix logging message
  • sync: fix log message
  • terminal: log TIOCGPTPEER failure less alarmingly
  • af_unix: report error when no fd is to be sent
  • terminal: fix error handling

Support and upgrade

The LXC 4.0 branch is supported until June 2025. Only bugfixes and securitiy issues get included into the stable bugfix releases, so it's always safe and recommended to keep up and run the latest bugfix release.

Downloads

LXD 4.0.7 has been released

17th of July 2021

Introduction

The LXD team is pleased to announce the release of LXD 4.0.7!

This is the seventh bugfix release for LXD 4.0 which is supported until June 2025.

Bugfixes and improvements

This release includes a couple of months worth of bugfixes and minor improvements from the development branch.

Some of the highlights include:

  • Token based cluster join (lxc cluster add)
  • Cluster member description field
  • Configurable shutdown timeout (core.shutdown_timeout)
  • Trusted inbound proxy requestor information (core.https_trusted_proxy)
  • Cluster certificate update (lxc cluster update-certificate)
  • Cross-project custom storage volume copy/move
  • Detailed information on supported storage drivers (lxc info)
  • Requestor address in lifecycle events
  • Additional lifecycle events (full coverage)

Those are all smaller improvements backported from LXD feature releases which required no database changes or API behavior changes and were considered a sufficient usability improvement to backport to the LTS release.

The full list of commits is available below:

  • lxd/networks/utils: Log forkdns refresh task starting in networkUpdateForkdnsServersTask
  • lxd/db/node: Adds certificates table to local database
  • lxd/db/certificates: Adds GetCertificates function
  • lxd/db/certificates: Adds DeleteCertificateByNameAndType function
  • lxd/certificates: Fix import ordering
  • lxd/certificates: Updates updateCertificateCache to handle per-certificate upgrade
  • lxd/db/certificates: Adds ReplaceCertificates function
  • lxd/certificates: Updates updateCertificateCache to handle per-certificate upgrade
  • lxd/certificates: Adds updateCertificateCacheFromLocal function
  • lxd/certificates: Notify other cluster members of certificate update in doCertificateUpdate
  • lxd/certificates: Notify other cluster members of certificate deletion in certificateDelete
  • lxd/certificates: Allow certificate type change in doCertificateUpdate
  • lxd/certificates: cluster.ErrCertificateExists and serverCert usage in certificatesPost
  • lxd/daemon: Adds serverCert and serverCertInt vars
  • lxd/daemon: Updates State to populate serverCert
  • lxd/daemon: Load trusted server certs from local DB on startup using updateCertificateCacheFromLocal
  • lxd/daemon: Refresh cached trusted certificates when heartbeat node count changes in NodeRefreshTask
  • lxd/daemon: Pass d.serverCert and networkCert to startClusterTasks Add
  • lxd/daemon: Updates Authenticate to check trusted server certs
  • lxd/state: Updates NewState to have a serverCert and updateCertificateCache arg
  • lxd/state: Update tests with NewState usage
  • lxd/util/http: Updates CheckTrustState to use networkCert argument
  • lxd/cluster/notify: Update NewNotifier to accept networkCert and serverCert args
  • lxd/cluster/tls: Update tlsClientConfig to accept networkCert and serverCert
  • lxd/cluster/tls: Updates tlsCheckCert to accept networkCert and serverCert
  • lxd/cluster/connect: Adds ErrCertificateExists var
  • lxd/cluster/connect: Updates Connect to accept networkCert and serverCert args
  • lxd/cluster/connect: Updates SetupTrust to accept serverName arg
  • lxd/cluster/connect: Adds UpdateTrust function
  • lxd/cluster/connect: Updates HasConnectivity to accept networkCert and serverCert
  • lxd/cluster/events: Updates events functions to accept networkCert and serverCert
  • lxd/cluster/gateway: Store networkCert and serverCert in Gateway and update NewGateway
  • lxd/cluster/gateway: Updates HandlerFuncs to accept trustedCerts function
  • lxd/cluster/gateway: HasConnectivity usage
  • lxd/cluster/gateway: Update Reset to handle networkCert
  • lxd/cluster/gateway: tlsClientConfig usage
  • lxd/cluster/gateway: loadInfo usage
  • lxd/cluster/heartbeat: tlsClientConfig in Send and Heartbeat
  • lxd/cluster/upgrade: Updates NotifyUpgradeCompleted with networkCert and serverCert args
  • lxd/cluster/membership: Adds EnsureServerCertificateTrusted function
  • lxd/cluster/membership: Updates Bootstrap to store serverCert in trusted certificates table
  • lxd/cluster/membership: Update Join to handle per-server certificates
  • lxd/cluster/membership: Updates notifyNodesUpdate to handle serverCert
  • lxd/cluster/membership: HasConnectivity usage
  • lxd/cluster/membership: Update Purge to remove trusted server certificate
  • lxd/cluster: Update tests to work with changes
  • lxd/api: d.gateway.HandlerFuncs usage
  • lxd/api/cluster: Updates clusterPutJoin to handle per server certificates
  • lxd/api/cluster: d.gateway.Reset usage
  • lxd/api/cluster: Call updateCertificateCache in clusterNodeDelete after certificate removed
  • lxd/api/cluster/test: server name as cert name
  • lxd/main/init: state.NewState usage
  • lxd/main/init/interactive: cluster.SetupTrust usage and serverCert naming for consistency
  • lxd: cluster.NewNotifier usage
  • lxd: cluster.Connect and related function usage
  • lxd/patches: Adds patchClusteringServerCertTrust
  • lxd/certificates: NewNotifier usage
  • doc/clustering: Update guide to show that cluster.crt on bootstrap member should be used
  • test: Add check for trusted server certificate removal on cluster member removal
  • test: Update table count check to account for local certificates table
  • lxd/images: Specify image type during distribution
  • client/connection: Correct HTTPs to HTTPS in ConnectPublicLXD
  • lxd/operations: Clarify return values in comment on Render
  • lxd/db/operations: Adds GetOnlineNodesWithRunningOperationsOfType function
  • lxd/operations: Adds operationCancel function
  • lxd/operations: Adds operationsGetByType function
  • lxd/images: Updates imageValidSecret to accept projectName and opType arguments
  • lxd/images: projectName argument in createTokenResponse
  • lxd/images: imageValidSecret usage
  • lxd/operations: Updates operationsGet to use projectName when retrieving remote operations
  • lxd/operations: Updates operationsGetByType to use projectName when retrieving remote operations
  • lxd/instances: Swagger for logs
  • lxd/instances: Update error message
  • lxd/instances: Swagger for files
  • doc/rest-api: Refresh swagger YAML
  • shared/api: Add swagger metadata for instance exec
  • lxd/instances: Swagger for exec
  • lxd/swagger: Fix json name of metadata
  • shared/api: Add swagger metadata for instance state
  • lxd/instances: Swagger for state
  • shared/api: Add swagger metadata for instance console
  • lxd/instances: Swagger for console
  • shared/api: Add swagger metadata for instances
  • lxd/instances: Swagger for instance
  • doc/rest-api: Refresh swagger YAML
  • lxd/instance/qmp: Switch to query-cpus-fast
  • lxd/apparmor: Respect LXD_OVMF_PATH
  • lxd/daemon: Improved logging in NodeRefreshTask
  • lxd/db/operations: Import ordering
  • lxd/db/operations/types: Adds OperationClusterJoinToken type
  • lxd/db/operations: Replace GetOnlineNodesWithRunningOperationsOfType with GetOperationsOfType
  • lxd/operations: Updates operationCancel with correct remote address
  • lxd/operations: Fixes operationsGetByType to filter operations by type correctly
  • lxd/node/raft/test: Corrects typo
  • api: Adds clustering_join_token extension
  • shared/api/cluster: Adds ClusterMembersPost type
  • shared/api/cluster: Adds ClusterMemberJoinToken type
  • lxd/api/cluster: Adds clusterNodesPost handler
  • client/interfaces: Adds CreateClusterMember function to interface
  • client/lxd/cluster: Adds CreateClusterMember function
  • lxc/cluster: Add lxc cluster add command
  • lxd/certificates: Adds clusterMemberJoinTokenValid and clusterMemberJoinTokenDecode functions
  • lxd/certificates: Updates certificatesPost to check supplied password against active cluster join token operations
  • lxd/main/init/interactive: Adds join token support to askClustering
  • lxc/cluster: Adds cluster list-tokens command
  • lxc/cluster: Adds clusterJoinTokenOperationToAPI function
  • lxd/operations: Updates OperationClass.String() to use constants from shared/api
  • shared/api/operations: Adds operation class name constants
  • doc/clustering: Adds details on using the join token during adding cluster members
  • test: Adds overridable join secret to spawn_lxd_and_join_cluster
  • test: Adds join token tests to clustering_membership
  • test: Increase the offline thresholds to above 12 as heartbeat interval is hardcoded to 10
  • doc/rest-api: Refresh swagger YAML
  • Makefile: Set GO111MODULE=on for update-api swagger build
  • shared/api: Fix snapshot structs
  • lxc/config: Update following InstanceSnapshotPut fix
  • shared/api: Add swagger metadata for instance snapshots
  • lxd/instances: Swagger for snapshots
  • doc/rest-api: Refresh swagger YAML
  • shared/units: Add GetByteSizeStringIEC
  • api: clustering_description
  • shared/api: Add cluster member description
  • lxd: Expose cluster member description
  • Revert "test: Increase the offline thresholds to above 12 as heartbeat interval is hardcoded to 10"
  • api: Adds description back for clustering_join_token extension
  • lxd/images: Dont log error in autoSyncImagesTask when not clustered
  • lxd/images: Make logging consistent in autoSyncImagesTask
  • lxd/db/node: Display last heartbeat time in ToAPI
  • lxc: Add -f as shorthand for --format
  • lxd/devices: Allow user.XYZ
  • lxd/db/node: Updates SetNodeHeartbeat to return ErrNoSuchObject if row doesn't exist to be updated
  • lxd/db/query/retry: Use errors.Cause in Retry
  • lxd/cluster/heartbeat: Single call to time.Now() in heartbeat
  • lxd/cluster/heartbeat: Fixes bug in heartbeat that causes heartbeat round to be discarded if member removed during round
  • lxd/cluster/heartbeat: Keep error handling from g.currentRaftNodes together
  • lxd/cluster/heartbeat: Error logging consistency
  • lxd/cluster/heartbeat: Use contextual logging
  • lxd/cluster/events: Improve logging consistency in eventsUpdateListeners
  • lxd/task/group: Adds context arg to Start
  • lxd/task/start: Add context arg to Start
  • lxd/task: Start context usage
  • lxd/daemon: Updates Start functions usage by passing daemon context
  • lxd/images: Improve logging in imageSyncBetweenNodes
  • test: Add lxc cluster list before comparison in test_clustering_handover for visability into cluster state
  • test: Separate stop and publish commands in test_clustering_image_replication
  • lxd/main/init/interactive: Clear config.Cluster.ClusterPassword after setting up trust
  • lxd/images: Improve logging
  • lxd/api/1/0: Whitespace
  • lxd/api/1/0: Update d.gateway.HeartbeatOfflineThreshold when cluster.offline_threshold is changed
  • lxd/cluster/config: Add minThreshold to offlineThresholdValidator
  • lxd/cluster/gateway: Add HeartbeatOfflineThreshold var
  • lxd/cluster/heartbeat: Improve logging and errors in HeartbeatNode
  • lxd/cluster/heartbeat: Actually use taskCtx in HeartbeatNode for HTTP request base
  • lxd/cluster/heartbeat: Don't re-run Update as this throws away discovered node liveness times
  • lxd/cluster/heartbeat: tx.SetNodeHeartbeat to actual last heartbeat time
  • lxd/cluster/heartbeat: Update Send to support dynamic spread duration
  • lxd/cluster/heartbeat: Adds heartbeatInterval function
  • lxd/cluster/heartbeat: Updates HeartbeatTask to use gateway.heartbeatInterval
  • lxd/cluster/heartbeat: Removes heartbeatInterval constant
  • lxd/cluster/heartbeat: Updates heartbeat to use interval derived from offline threshold
  • lxd/daemon: Populate d.gateway.HeartbeatOfflineThreshold on init
  • lxd/daemon: Adds taskClusterHeartbeat var and populates it
  • lxd/cluster/heartbeat: Logging improvements
  • lxc: Update interactive editor fail message to indicate ctrl+c can be used to abort change
  • shared/api: Add swagger metadata for instance backups
  • lxd/instances: Swagger for backups
  • lxd: Support for reading cluster certificate from file
  • doc: cluster_certificate_path documentation
  • shared/api: Add swagger metadata for image metadata
  • lxd/instances: Swagger for instance metadata
  • doc/rest-api: Refresh swagger YAML
  • lxd/images: Fix typo in swagger
  • lxd/network/driver/bridge: Reuse consistent bridgeLink var rather than keep creating new vars
  • lxd/network/driver/bridge: Bring up vxlan tunnel link
  • lxd/network/driver/bridge: Use clearer naming for different link types
  • lxd/network/driver/bridge: Don't use Link suffix for var names that don't represent links
  • lxd/instances: Unmount shiftfs on startup failures
  • lxd/cluster: Add core.shutdown_timeout
  • lxd/api/cluster: Check if LXD closing down in rebalanceMemberRoles
  • lxd/api/cluster: Call rebalanceMemberRoles from internalClusterRaftNodeDelete
  • lxd/cluster/gateway: Logging improvements
  • lxd/daemon: Logging improvements
  • lxd/images: Logging improvements
  • shared/api: Add swagger metadata for instances
  • lxd/instances: Swagger for instances
  • doc/rest-api: Refresh swagger YAML
  • lxd/cluster/gateway: Add heartbeatCancelLock and heartbeatCancel vars
  • lxd/cluster/heartbeat: Introduces heartbeatMode type and constants for heartbeat modes
  • lxd/cluster/heartbeat: Updates heartbeat to accept mode argument
  • lxd/cluster/heartbeat: Make end of heartbeat log message include local address for clarity
  • lxd/cluster/heartbeat: Adds heartbeatRestart function
  • lxd/cluster: g.heartbeat() usage
  • lxd/cluster/gateway: Call g.heartbeatRestart from HandlerFuncs when handling a heartbeat
  • lxd/cluster/heartbeat/test: Fixes TestHeartbeat so that it waits for join notification heartbeats to occur
  • lxd/daemon/images: imageDownloadLock typo
  • lxd: Support for core.shotdown_timeout
  • doc: Add core.shutdown_timeout
  • lxd/storage/ceph: Always return VolumeUsage
  • doc/production-setup: Cover name leakage
  • lxd/apparmor/instance: Deref OVMF path
  • lxd/instance/drivers/driver/qemu: Adds one missing op.Done call and removes 2 unnecessary ones
  • lxd/instance/drivers/driver/qemu/templates: Correct comment on qemuPCIPhysical
  • lxd/instance/drivers/driver/qemu: Remove old pid file on start if exists
  • lxd/cluster/heartbeat: Fix heartbeatInterval()
  • lxd/instance/qemu: Support for security.devlxd default (true) value
  • doc/environment: Documents LXD_CONF and LXD_GLOBAL_CONF env vars
  • lxd/ip/link: MTU is an acronym and so should be uppercased in SetMtu function name
  • lxd/ip/link: Renames Mtu field to MTU as it is an acronym
  • lxd/device/device/utils/network: SetMTU usage
  • lxd/network/network/utils: Removes InterfaceSetMTU
  • lxd/network/network/utils: Adds InterfaceStatus function
  • lxd/device/infiniband/physical: SetMTU usage
  • lxd/device/infiniband/sriov: SetMTU usage
  • lxd/device/nic/macvlan: SetMTU usage
  • lxd/device/nic/physical: SetMTU usage
  • lxd/device/nic/sriov: SetMTU usage
  • lxd/network/driver/bridge: SetMTU usage
  • lxd/network/network/utils/sriov: Updates sriovGetFreeVFInterface to use InterfaceStatus
  • lxd/instances/get: Renames doContainersGet to doInstancesGet
  • lxd/instances/get: Remove some of the container specific terminology in doInstancesGet
  • lxd/instances/get: Remove potential source of nil pointer dereference panic in doInstancesGet
  • lxd/instance: Don't use RawOperation
  • lxc/storage: Fix bad merge
  • lxd/images: Remove unused function
  • i18n: Update translation templates
  • lxd/device/pci: Adds DeviceIOMMUGroup function
  • lxd/device/nic/physical: Pass pciIOMMUGroup number to VM driver
  • lxd/device/nic/sriov: Pass pciIOMMUGroup number to VM driver
  • lxd/instance/drivers/qmp/commands: Adds AddNIC function
  • lxd/instance/drivers/driver/qemu/templates: Remove NIC specific templates
  • lxd/instance/drivers/driver/qemu: Remove -chroot flag usage
  • lxd/instance/drivers/driver/qemu: Converts NICs to be added via QMP rather than static config
  • lxd/instance/qemu: queues is uint64
  • lxd/instance/drivers/driver/qemu: Don't set multifunction=off as this upsets ccw driver
  • lxd/operations: Remove code duplication
  • lxd/operations: Close forwarded websocket
  • shared/network: Fix channel handling in WebsocketProxy
  • client: Update for WebsocketProxy change
  • lxd/instance/drivers/qmp/commands: Adds Reset function
  • lxd/instance/drivers/driver/qemu: Updates getMonitorEventHandler to handle guest RESET events
  • lxd/instance/drivers/driver/qemu: Workaround QEMU bug that prevents QMP added devices from using their bootindex setting
  • lxc: Use consistent messaging when offering to respawn interactive editor
  • lxd/operations: Spacing
  • lxd/operations: Fix bug in operationsGet and operationsGetByType that was overwriting list entries with loop iterator pointer
  • lxc/cluster: Always use default project in list-tokens command
  • lxd/db: Expose database stand-by role on cluster members
  • lxd/main/init/interactive: Don't attempt to connect to all join token candidates
  • lxd/operations/operations: Use structured logging in Cancel
  • lxd/images: Include operation ID in error in imageValidSecret
  • lxd/certificates: Include operation ID in error in clusterMemberJoinTokenValid
  • lxd/api/cluster: Delete any existing join token operation for potential member in clusterNodesPost
  • shared/subprocess/proc: Add exit code to error message
  • lxd/images: Maintain image public indicator when copying to member in imageSyncBetweenNodes
  • lxd/images: Improve logging in imageSyncBetweenNodes
  • lxd/images: Improve error message in imageSyncBetweenNodes
  • lxd/daemon/images: Adds ImageDownloadArgs type
  • lxd/daemon/images: Updates ImageDownload to accept ImageDownloadArgs argument
  • lxd/images: Updates imgPostRemoteInfo to use d.ImageDownload
  • lxd/images: Updates imgPostURLInfo to use d.ImageDownload
  • lxd/images: Improves error message in imagesPost
  • lxd/images: Updates autoUpdateImage to use d.ImageDownload
  • lxd/instances/post: Updates createFromImage to use ImageDownload
  • lxd/images: Don't generate args for every member in imageSyncBetweenNodes
  • shared/subprocess/proc: Adds context support to Wait
  • lxd/instance/drivers/qemu: p.Wait() usage
  • lxd/network/driver/bridge: Check dnsmasq process remains running after being started
  • shared/subprocess: Fix tests to use p.Wait() with context
  • tests: Support for database stand-by role on cluster members
  • lxd/instance/drivers/qmp/commands: Improve comment on SendFile to aid searchability
  • lxd/instance/drivers/driver/qemu: Only add bootindex if bootIndexes is non-empty
  • lxd/instance/drivers/driver/qemu: bus name is populated later so these lines do nothing
  • lxd/instance/drivers/driver/qemu: Switch to using monitor.SendFile to pass macvlan file descriptor to QEMU
  • lxd/instance/drivers/driver/qemu: Updates addNetDevConfig to remove unused args and allow preconfiguring of port to be used
  • README: Update IRC
  • lxd-agent/main/agent: Log when rebooting
  • lxd-agent/main/agent: Mount shares after vsock listener
  • lxd/device/disk: VM directory share improvements
  • lxd/instance/drivers/driver/qemu/templates: Always use virtfs-proxy-helper for 9p disk directory shares
  • lxd/instance/drivers/driver/qemu: Return consistent error in setupNvram for missing EFI firmware file
  • lxd/instance/drivers/driver/qemu: Log where lxd-agent is being installed from in generateConfigShare
  • lxd/instance/drivers/driver/qemy: Always use virtfs-proxy-helper for 9p directory shares
  • lxd/device/disk: Populate readonly mount option even for block device type disks
  • lxd/instance/drivers/driver/qemu: Convert readonly mount option to readonly template boolean in addDriveConfig
  • lxd/instance/drivers/driver/qemu/templates: Add support for readonly block device disks
  • lxd/instance/drivers/driver/lxc: Add revert to deviceStart
  • lxd/instance/drivers/driver/lxc: Add revert to updateDevices
  • lxd/instance/drivers/driver/qemu: Add revert to updateDevices
  • lxd/instance/drivers/qmp/commands: Adds revert to AddNIC
  • lxd/device/disk: Add DiskVirtiofsdSockMountOpt constant
  • lxd/device/disk: Add vmVirtfsProxyHelperPaths and vmVirtiofsdPaths functions
  • lxd/device/disk: Update startVM to use d.vmVirtiofsdPaths and d.vmVirtfsProxyHelperPaths
  • lxd/device/disk: Comment improvement in startVM
  • lxd/device/disk: Check virtfs-proxy-helper has bound successfully in startVM
  • lxd/device/disk: d.vmVirtiofsdPaths and d.vmVirtfsProxyHelperPaths usage in stopVM
  • lxd/instance/drivers/driver/qemu: Update addDriveDirConfig to handle getting virtiofsd socket path from disk device mount options
  • lxd/instance/drivers/driver/qemu: Improve comments in addDriveDirConfig
  • lxd/instance/drivers/driver/qemu: Ensure bootindex is generated in a stable manner in deviceBootPriorities
  • shared/api: Support for lxc monitor --pretty lifecycle events
  • lxc: Support for lxc monitor --pretty lifecycle events
  • lxd/device/errors: Add UnsupportedError type and update ErrUnsupportedDevType to use it
  • lxd/device/device/utils/disk: Add DiskVMVirtiofsdStart and DiskVMVirtiofsdStop functions
  • lxd/device/disk: Remove unnecessary log context field in startVM
  • lxd/device/disk: Switch to using DiskVMVirtiofsdStart and DiskVMVirtiofsdStop functions for virtiofsd management
  • lxd/instance/drivers/driver/qemu: Switch to using device.DiskVMVirtiofsdStart and device.DiskVMVirtiofsdStop for config drive virtiofsd management
  • lxd/instance/drivers/driver/qemu: Add comment about 9p vs virtio-fs config drive shares in generateQemuConfigFile
  • lxd/instance/drivers/driver/qemu: Clean up comments in removeDiskDevices and removeUnixDevices
  • lxd/apparmor/instance/qemu: Allow rw access to instance devicesPath
  • lxd/apparmor/instance/qemu: Make the difference between external device paths and devices in the instance devices path clearer
  • lxd/instance/qemu: Remove duplicate key
  • lxd/apparmor/instance: Switch to externalDevPaths template var
  • lxd/apparmor/instance: Populate VM devicesPath var
  • lxd/instance/drivers/driver/qemu: Don't add config disk path in the instance's devices directory to the external devPaths var
  • lxc/publish: Fix ETag race condition
  • lxd/storage/drivers/driver/zfs/utils: Retry ZFS recursive delete command
  • tests: Test publishing ephemeral instance
  • lxd/device/device/utils/disk: Adds DiskMountClear function
  • lxd/instance/drivers/driver/qemu: Add configDriveMountPath and configDriveMountPathClear helper functions
  • lxd/instance/drivers/driver/qemu: Comment
  • lxd/instance/drivers/driver/qemu: Improve error in onStop
  • lxd/instance/drivers/driver/qemu: Call device.DiskVMVirtiofsdStop and d.configDriveMountPathClear in cleanupDevices
  • lxd/instance/drivers/driver/qemu: Bind mount config directory into instance devices directory as readonly
  • lxd/instance/drivers/driver/qemu: Clearer var naming in generateQemuConfigFile
  • lxd/instance/drivers/driver/qemu: Update 9p config drive share to use readonly bind mount in generateQemuConfigFile
  • lxd/instance/drivers/driver/qemu: addDriveDirConfig comment tweak
  • lxd/storage/drivers/driver/zfs/volumes: Retry zvol deactivation if ZFS ignores us in UnmountVolume
  • lxd/device/disk: Update startContainer to mount pool volume before calling createDevice
  • lxd/device/disk: Update startVM to mount directories as bind mounts
  • lxd/device/disk: Rename reverter argument to revert in mountPoolVolume for consistency
  • lxd/device/disk: Update createDevice to accept revert and pool volume source path override
  • lxd/device/disk: Ensure that host-side device mounts are cleaned up in postStop
  • lxd/device/disk: Rework wait for virtfs-proxy-helper socket in startVM for clarity
  • lxd/device/disk: Remove check that prevents use of virtiofsd for readonly disks in startVM
  • lxd/instance/drivers/driver/qemu: Remove check in addDriveDirConfig that prevents virtiofsd for readonly shares
  • doc: mention /var/snap/lxd/common/lxd for snap users
  • lxc cluster add shouldn't have any alias
  • lxd: print the join token on a separate line
  • tests: fix token extraction of lxc cluster add
  • i18n: Update translation templates
  • lxd/instance/qemu: Remove unused template
  • lxd/lxd: Record requestor as part of lifecycle events
  • lxd: Pass request to OperationCreate
  • lxd-agent: Pass request to OperationCreate
  • lxd/resources: Add swagger documentation for storage
  • shared/api: Add swagger metadata to storage pools
  • lxd/cluster: Add core.https_trusted_proxy
  • lxd/storage: Add swagger documentation for pools
  • shared/api: Split storage volume backup
  • shared/api: Add swagger metadata to storage volumes
  • lxd/storage/drivers/driver/zfs/volumes: Include unmount action in the revert hook returned from CreateVolumeFromBackup
  • lxd/storage/backend/lxd: Improve error context returned when applying imported root disk quota
  • lxd/instances/post: Improve post hook failed context in error
  • lxd/instance/drivers/driver/qemu: Adds start and stop debug logging
  • lxd/instance/drivers/driver/qemu: Clarifies return values of pid function
  • lxd/instance/drivers/driver/qemu: Updated d.pid usage
  • lxd/instance/drivers/driver/qemu: Comment clean up in Stop
  • lxd/instance/drivers/driver/qemu: Dont start device cleanup in onStop until QEMU process has ended
  • lxd/instance/drivers/driver/qemu: Increase max wait time for qemu process to exit
  • lxd/images: pass publish expiration date to Export(); fallback to metadata.yaml expiration date
  • lxd/instance/instance_interface.go: add expiration date parameter to Export()
  • lxd/instance/drivers/driver_lxc: Export(): handle expiration date
  • lxd/instance/drivers/driver_qemu: Export(): handle expiration date
  • lxd/instance/drivers/driver/qemu: Fix logger in onStop
  • lxd/cluster/heartbeat: Don't send heartbeat from member that doesn't know its own address
  • lxd/endpoints: Update endpoints Config doc
  • lxd/cluster/heartbeat: Get local cluster address from node.ClusterAddress in heartbeat
  • lxd/storage: Add swagger documentation for volumes
  • shared/api: Add swagger metadata for storage volume state
  • shared/api: Add swagger metadata for storage volume snapshots
  • lxd/storage: Add swagger documentation for volume snapshots
  • lxd/storage: Fix operation type for snapshot rename
  • shared/api: Add swagger metadata for storage volume backups
  • lxd/swagger: Remove partial coverage warning
  • lxd/swagger: Fix bad typing
  • doc/rest-api: Strip and point to swagger
  • doc/rest-api: Refresh swagger YAML
  • README: Add liblz4-dev dependency when building from source
  • doc: btrfs-tools was replaced by btrfs-progs after Bionic
  • doc: bzr isn't used anymore
  • doc/rest-api: Linkify API doc
  • lxd/device: Add and use ErrMissingVirtiofsd
  • lxd/endpoints: Support HAProxy protocol header
  • lxd: Support HAProxy protocol header
  • doc: Add core.https_trusted_proxy
  • api: server_trusted_proxy
  • lxd/instance/drivers/qmp/commands: Updates revert in AddNIC for consistency/clarity
  • lxd/instance/drivers/qmp/commands: Adds RemoveNIC function
  • lxd/instance/drivers/qmp/commands: Adds QueryPCI function and associated types
  • lxd/device/nic: Enable VM hotplug for macvlan, bridged, p2p, physical and sriov NIC types
  • lxd/instance/drivers/driver/common: Removes unnecessary check in runHooks
  • lxd/instance/drivers/driver/qemu/bus: Adds busDevicePortPrefix constant and uses it
  • lxd/instance/drivers/driver/qemu/templates: Uses busDevicePortPrefix constant indirectly
  • lxd/instance/drivers/driver/qemu: Allocate 4 additional PCI slots for hotplugging in generateQemuConfigFile
  • lxd/instance/drivers/driver/qemu: Adds qemuPCIDeviceIDStart constant
  • lxd/instance/drivers/driver/qemu: Update addCPUMemoryConfig to just return cpu count if nil stringbuilder supplied
  • lxd/instance/drivers/driver/qemu: Adds qemuNetDevIDPrefix and qemuDeviceIDPrefix constants
  • lxd/instance/drivers/driver/qemu: qemuDeviceIDPrefix and qemuNetDevIDPrefix usage
  • lxd/instance/drivers/driver/qemu: Adds deviceAttachNIC function
  • lxd/instance/drivers/driver/qemu: Handle hotplugging NICs by using d.deviceAttachNIC from deviceStart
  • lxd/instance/drivers/driver/qemu: Add revert to deviceStart
  • lxd/instance/drivers/driver/qemu: Adds deviceDetachNIC function
  • lxd/instance/drivers/driver/qemu: Updates deviceStop to hot unplug NICs
  • lxd/resources: Set RPM to 1 instead of 0 when rotational
  • include: add open_tree() and mount_setattr()
  • doc/projects: Remove white list term
  • Remove hang term
  • Remove white term
  • lxd/cluster/gateway: Remove black term
  • Remove dummy term
  • lxd/main/checkfeature: Remove dummy term
  • shared/idmap/shift/linux: Rename set_dummy_fs_ns_caps to spoof_fs_ns_caps
  • Remove sanity term
  • Replace Sanity Checks with Quick Checks
  • lxd/db: Update schema to apply removal of sanity term
  • lxd: use idmapped mounts
  • lxd: ensure absolute paths when hotplugging mounts
  • forkmount: update terminology
  • disk: allow the use of idmapped mounts
  • seccomp: handle idmapped mounts
  • lxd: split storage handling in startCommon() into separate helper
  • lxd: remove remaining DiskIdmap call in startCommon()
  • lxc/cluster: add command revoke-token to delete a cluster join token
  • test/suites/clustering: add tests for revoke-token
  • i18n: update translation templates
  • Makefile: Add "build" target
  • lxd/instance/drivers/driver/common: Adds Internal MAAS handling functions
  • lxd/instance/drivers/driver/lxc: Switch to common MAAS handling functions
  • lxd/instance/drivers/driver/qemu: Switch to common MAAS handling functions
  • lxd/instance/drivers/load: Add revert arg to create
  • lxd/instance/drivers/driver/common: Don't revert by calling inst.Delete() until after storage volume created in snapshotCommon
  • lxd/instance/drivers/driver/lxc: Add revert arg to lxcCreate and don't call d.Delete() in revert steps
  • lxd/instance/drivers/driver/qemu: Add revert arg to qemuCreate and don't call d.Delete() in revert steps
  • lxd/instance/instance/utils: Updates Create signature with revert arg
  • lxd/instance/instance/utils: Updates CreateInternal with a revert arg
  • lxd: instance.CreateInternal usage in tests
  • lxd/instance: Update instanceCreateAsEmpty to only revert with inst.Delete() after storage volume created
  • lxd/instance: Updates instanceCreateFromImage to only revert with inst.Delete() after storage volume created
  • lxd/instance: Updates instanceCreateAsCopy to only revert with inst.Delete() after storage volume created
  • lxd/api/internal: instance.CreateInternal revert usage in internalImport
  • lxd/instances/post: instance.CreateInternal usage in createFromMigration
  • lxd/migrate/instance: Adds revert arg to Do function to allow usage of instance.CreateInternal
  • lxd/migrate/instance: Add instance delete to revert after storage volume migration succeeded in Do
  • lxd/instances/post: Updates createFromMigration to pass revert to instance.CreateInternal
  • lxd/migrate/instance: Go var naming style suggestions
  • lxd: check for new idmapped mounts extension in LXC
  • lxd/storage/backend/lxd: Remove post hook resize from CreateInstanceFromBackup
  • lxd/storage/drivers/driver/common: Adds createVolumeFromBackupInstancePostHookResize function
  • lxd/storage/drivers/driver/btrfs/volumes: Updates CreateVolumeFromBackup to use createVolumeFromBackupInstancePostHookResize in generic post hook
  • lxd/storage/drivers/driver/ceph/volumes: Updates CreateVolumeFromBackup to use createVolumeFromBackupInstancePostHookResize in generic post hook
  • lxd/storage/drivers/driver/dir/volumes: Updates CreateVolumeFromBackup to use createVolumeFromBackupInstancePostHookResize in generic post hook
  • lxd/storage/drivers/driver/lvm/volumes: Updates CreateVolumeFromBackup to use createVolumeFromBackupInstancePostHookResize in generic post hook
  • lxd/storage/drivers/driver/zfs/volumes: Updates CreateVolumeFromBackup to use createVolumeFromBackupInstancePostHookResize in generic post hook
  • lxd/storage/drivers/driver/generic/vfs: Adds VMConfigDriveMountDir constant
  • lxd/storage/drivers/generic/vfs: Exclude config.mount directory in genericVFSBackupVolume
  • lxd/instance/drivers/driver/qemu: storageDrivers.VMConfigDriveMountDir usage
  • lxd/storage/drivers/utils: Adds force arg to shrinkFileSystem
  • lxd/storage/drivers: SetVolumeQuota comment consistency
  • lxd/storage/drivers/driver/ceph/volumes: shrinkFileSystem force arg usage
  • lxd/storage/drivers/driver/lvm/volumes: shrinkFileSystem force arg usage
  • lxd/storage/drivers/driver/common: runFiller comment improvement
  • lxd/storage/drivers/driver/common: Enable unsafe resize for container volumes in createVolumeFromBackupInstancePostHookResize
  • Revert "lxd/storage/backend/lxd: Remove post hook resize from CreateInstanceFromBackup"
  • Revert "lxd/storage/drivers/driver/btrfs/volumes: Updates CreateVolumeFromBackup to use createVolumeFromBackupInstancePostHookResize in generic post hook"
  • Revert "lxd/storage/drivers/driver/ceph/volumes: Updates CreateVolumeFromBackup to use createVolumeFromBackupInstancePostHookResize in generic post hook"
  • Revert "lxd/storage/drivers/driver/lvm/volumes: Updates CreateVolumeFromBackup to use createVolumeFromBackupInstancePostHookResize in generic post hook"
  • Revert "lxd/storage/drivers/driver/zfs/volumes: Updates CreateVolumeFromBackup to use createVolumeFromBackupInstancePostHookResize in generic post hook"
  • lxd/storage/drivers/driver/dir/volumes: Remove call to createVolumeFromBackupInstancePostHookResize
  • lxd/storage/drivers/volume: Add VolumePostHook type
  • lxd/storage/drivers: Update CreateVolumeFromBackup and associated function to use VolumePostHook type
  • lxd/revert/revert: Add Hook function type
  • lxd/storage/backend: Update CreateInstanceFromBackup signature to use revert.Hook
  • lxd/storage/drivers: Updates CreateVolumeFromBackup and associated function to use revert.Hook type
  • lxd/storage/drivers/volume: Remove allowUnsafeResize var
  • lxd/storage/drivers/volume: Add allowUnsafeResize arg to SetQuota and pass to SetVolumeQuota
  • lxd/storage/drivers/interface: Add allowUnsafeResize arg to SetVolumeQuota
  • lxd/storage/backend/lxd: Add allowUnsafeResize arg to function returned from imageFiller
  • lxd/storage/backend/lxd: b.driver.SetVolumeQuota usage
  • lxd/storage/utils: Adds allowUnsafeResize arg to ImageUnpack and pass to vol.SetQuota()
  • lxd/storage/drivers/utils: Adds allowUnsafeResize arg to ensureVolumeBlockFile
  • lxd/storage/drivers/generic/vfs: d.SetVolumeQuota allowUnsafeResize arg usage
  • lxd/storage/drivers/driver/btrfs/volumes: ensureVolumeBlockFile allowUnsafeResize arg usage and comment
  • lxd/storage/drivers/driver/btrfs/volumes: Adds allowUnsafeResize arg to SetVolumeQuota
  • lxd/storage/drivers/driver/ceph/volumes: Adds allowUnsafeResize arg to SetVolumeQuota
  • lxd/storage/drivers/driver/cephfs/volumes: Adds allowUnsafeResize arg to SetVolumeQuota
  • lxd/storage/drivers/driver/dir/volumes: Adds allowUnsafeResize arg to SetVolumeQuota
  • lxd/storage/drivers/driver/lvm/volumes: Adds allowUnsafeResize arg to SetVolumeQuota
  • lxd/storage/drivers/driver/zfs/volumes: Adds allowUnsafeResize arg to SetVolumeQuota
  • lxd/storage/drivers/driver/mock/volumes: Adds allowUnsafeResize arg to SetVolumeQuota
  • lxd/storage/drivers/driver/btrfs/volumes: d.SetVolumeQuota usage
  • lxd/storage/drivers/driver/ceph/volumes: d.SetVolumeQuota usage
  • lxd/storage/drivers/driver/dir/volumes: d.SetVolumeQuota usage
  • lxd/storage/drivers/driver/lvm/volumes: d.SetVolumeQuota usage
  • lxd/storage/drivers/driver/btrfs/mock: d.SetVolumeQuota usage
  • lxd/storage/drivers/driver/zfs/volumes: d.SetVolumeQuota usage
  • lxd/storage/drivers/driver/cephfs/volumes: d.SetVolumeQuota usage
  • lxd/storage/drivers/driver/types: Adds allowUnsafeResize arg to VolumeFiller's Fill function definition
  • lxd/storage/drivers/driver/lvm/utils: d.SetVolumeQuota usage
  • lxd/storage/drivers/driver/dir/volumes: ensureVolumeBlockFile usage and comment
  • lxd/storage/drivers/common: Updates runFiller to pass allowUnsafeResize arg to filler's Fill function as needed
  • lxd/storage/drivers/driver/common: Updates createVolumeFromBackupInstancePostHookResize to pass allowUnsafeResize to driver.SetVolumeQuota
  • lxd/storage/drivers/driver/common: Remove createVolumeFromBackupInstancePostHookResize
  • lxd/storage/drivers/generic/vfs: Error check Unmount in post hook from genericVFSBackupUnpack
  • lxd/storage/backend/lxd: Enable allowUnsafeResize for container imports in CreateInstanceFromBackup
  • lxd/init: Update for token based join
  • client: Simplify User-Agent logic
  • lxd/daemon: Add forwarded requestor to context
  • lxd/operations: Support forwarded requestor
  • lxd/cluster: Pass original requestor around
  • lxd: Pass request around
  • lxd/storage/drivers/driver/zfs/volumes: Fix bug with VM optimized import not returning filesystem volume post hook
  • lxd/daemon: updateCertificateCacheFromLocal usage
  • lxd/certificates: Removes unused cert arg from updateCertificateCacheFromLocal
  • lxd/request: Introduce new package
  • lxd: Use the new request package
  • lxd/device/nic/bridged: Allow using IP filtering with an unmanaged parent bridge
  • lxd/firewall/firewall/interface: Adds parentManaged arg to InstanceSetupBridgeFilter
  • lxd/firewall/drivers/drivers/nftables: InstanceSetupBridgeFilter signature
  • lxd/firewall/drivers/driver/xtables: Adds parentManaged arg to InstanceSetupBridgeFilter
  • lxd/firewall/drivers/drivers/xtables: Adds parentManaged arg to generateFilterIptablesRules
  • lxd/device/nic/bridged: Updates d.state.Firewall.InstanceSetupBridgeFilter usage to provide managed parent indicator
  • test: Include the managed bridge in the nic counters for bridged NIC filtering
  • test: Add test for unmanaged bridge IP filtering
  • lxd: update instructions for compilation from a release tarball
  • lxd/init: show the new default value for password authentication
  • doc/networks: Use n.n.n.n rather than a real IP 1.2.3.4 for example IP in systemd-resolve command
  • doc/networks: Adds guide on how to get systemd to configure systemd-resolved on lxdbr0 start up
  • api: clustering_update_cert
  • shared/api: Add ClusterCertificatePut
  • lxd/api: Add clusterCertificatePut
  • doc/rest-api: Refresh Swagger YAML
  • client: Add UpdateClusterCertificate
  • lxd/cluster: Add NetworkUpdateCert
  • lxc/cluster: Add update-certificate
  • i18n: Update translation templates
  • tests: Add cluster certificate update
  • doc/clustering: Add section on update-certificate
  • lxd/api/project: Error improvements in projectsPost
  • lxd/api/project: Comment ending consistency in projectsPost
  • lxd/api/project: Prevent project names that contain underscores in projectValidateName
  • lxd/api/project: Comment ending consistency in projectPost
  • lxd/api/project: Error improvements in projectPost
  • lxd/api/project: Validate new project name not current when renaming in projectPost
  • test: Add tests for banned underscore in project names during create and rename
  • main/init: Define poolType type and constants
  • main/init: Updates availableStorageDrivers to use poolType type and associated constants
  • lxd/main/init/auto: Updates RunAuto to use poolType and associated constants
  • main/init/interactive: Updates askStoragePool to use poolType and associated constants
  • lxd/main/init: Remove hard coded remote storage driver types in availableStorageDrivers
  • lxd/main/init/interactive: Fix possible confusing missing storage backends error in askStoragePool
  • lxd/main/init/interactive: Don't default to ceph if not available in askStoragePool
  • lxd/main/init/interactive: Use validate.Optional in askClustering
  • shared/validate/validate/test: Adds tests for Required and Optional
  • shared/validate/validate: Remove optional check in IsOneOf
  • lxd/api/project: validate.IsOneOf optional usage
  • lxd/storage: validate.IsOneOf optional usage
  • lxd/storage/pools/config: validate.IsOneOf optional usage
  • shared/instance: validate.IsOneOf optional usage
  • lxd/network: validate.IsOneOf optional usage
  • lxd/network/driver/bridge: More consistent use of validate.Optional for fan.underlay_subnet
  • lxd/device/nic: Return -1 for Mtu in State() for bridged and ovn NICs if host interface not available
  • shared/util: Fill Stderr in RunCommandWithFds
  • shared/archive: Handle newer unsquashfs errors
  • doc: fix cluster.https_address' description
  • forkexec: handle broken close_range() backport in openSUSE Leap 15.3
  • lxd/apparmor/instance: Move instance profile generation into new function instanceProfileGenerate
  • lxd/apparmor/instance: Rename InstanceParse to InstanceValidate
  • lxd/instance/drivers/driver/lxc: apparmor.InstanceValidate usage
  • lxd/instance/drivers/driver/qemu: Validate raw.apparmor if changed
  • doc/virtual-machines: Removes statement about VMs being considered experimental
  • lxd/network/driver/bridge: Surface dnsmasq specific start up errors via a warning log entry
  • client: Only retry target addresses if initial connection fails
  • shared/api: Support for lxc monitor --pretty operation events
  • lxc: Support for lxc monitor --pretty operation events
  • lxd/instance/instance/interface: Adds Error field to Info struct
  • lxd/instance/drivers/driver/lxc: Info.Error initialisation
  • lxd/instance/drivers/driver/qemu: Populates Info.Error
  • lxd/instance/drivers/driver/qemu: Adds detection of /dev/kvm in Info()
  • lxd/instance/drivers/driver/qemu: Add check for vhost_vsock in Info()
  • lxd/state/state: Removes NewState function
  • lxd/daemon: state.State usage
  • lxd/main/init: state.State usage
  • lxd/state/test: State usage
  • lxd/state/state: Move Context field first
  • lxd/state/state: Adds InstanceTypes field to State
  • lxd/instance/drivers/load: Adds supportedInstanceTypes cache and lock and adds SupportedInstanceTypes
  • lxd/instance/instance/interface: Adds Type field to Info
  • lxd/instance/drivers/driver/lxc: Populates Type in Info
  • lxd/instance/drivers/driver/qemu: Populates Type in Info
  • lxd/instance/drivers/load: Comment improvement
  • lxd/daemon: Usage of instanceDrivers.SupportedInstanceTypes() in State() and init()
  • lxd/api/1.0: instanceDrivers.SupportedInstanceTypes usage in api10Get
  • lxd/instance: Removes instanceDriversCacheVal and supporting functions
  • lxd/instance/instance/utils: Checks requested instance type is supported in CreateInternal
  • lxd/include: include sys/wait.h in macro.h
  • lxd/lifecycle: add lifecycle package
  • lxd/lifecycle/instance/snapshot: add instance_snapshot
  • lxd/lifecycle/instance/backup: add instance_backup
  • test: add lifecycle package to static analysis
  • lxd/events/events: change SendLifecycle to accept apt.EventLifecycle
  • lxd/instance/instance/interface: add Operation
  • lxd/instance/drivers/driver/common: add Operation
  • lxd/instance/drivers/driver/common: fix IsStateful comment typo
  • lxd/instance/drivers/driver/common: remove lifecycle function
  • lxd/instance/drivers/driver/lxc: use InstanceAction for lifecycle events
  • lxd/instance/drivers/driver/qemu: use InstanceAction for lifecycle events
  • lxd/backup/backup/utils: remove Lifecycle
  • lxd/backup/backup/instance: expose instance interface
  • lxd/backup: use InstanceAction for lifecycle events
  • lxd/backup/backup/instance: use InstanceAction for lifecycle events
  • lxd/lifecycle/network: add network
  • lxd/network/driver/common: use NetworkAction for lifecycle events
  • lxd/lifecycle/instance: add InstanceExec
  • lxd/instance/drivers/driver/lxc: handle Exec lifecycle events
  • lxd/instance/drivers/driver/qemu: handle Exec lifecycle events
  • lxd/lifecycle/instance: add InstanceConsole
  • lxd/instance/drivers/driver/lxc: handle Console lifecycle events
  • lxd/instance/drivers/driver/qemu: handle Console lifecycle events
  • lxd/lifecycle/profile: add profile lifecycle events
  • lxd/profiles: handle ProfileCreated lifecycle event
  • lxd/profiles: handle ProfileUpdated lifecycle event
  • lxd/profiles: handle ProfileRenamed lifecycle event
  • lxd/device/proxy: Don't write out pid file until process has started OK
  • lxd/instance/drivers/driver/lxc: Adds onStopOperationSetup function
  • lxd/instance/drivers/driver/lxc: Call d.onStopOperationSetup from onStopNS
  • lxd/instance/drivers/driver/lxc: Call d.onStopOperationSetup from onStop
  • lxd/instance/drivers/driver/lxc: Move IsRunning to before creating start operation lock
  • lxd/instance/drivers/driver/common: Move onStopOperationSetup from lxc driver and make generic
  • lxd/instance/drivers/driver/lxc: Make Start, Stop and Shutdown locking and logging consistent with qemu driver
  • lxd/instance/drivers/driver/qemu: Switch to d.onStopOperationSetup in onStop
  • lxd/instance/drivers/driver/qemu: Increase onStop wait timeout to 5 minutes
  • lxd/instance/drivers/driver/qemu: Comment consistency with lxc driver in Start
  • lxd/profiles: handle ProfileDeleted lifecycle event
  • lxd/lifecycle/instance/backup: add InstanceBackupRetrieved
  • lxd/instance/backup: handle InstanceBackupRetrieved lifecycle event
  • lxc/alias: workaround for subcommand errors
  • lxc/config: workaround for subcommand errors
  • lxc/config/metadata: workaround for subcommand errors
  • lxc/config/device: workaround for subcommand errors
  • lxc/config/template: workaround for subcommand errors
  • lxc/cluster: workaround for subcommand errors
  • lxc/image/alias: workaround for subcommand errors
  • lxc/operation: workaround for subcommand errors
  • lxc/project: workaround for subcommand errors
  • lxc/file: workaround for subcommand errors
  • lxc/remote: workaround for subcommand errors
  • lxc/profile: workaround for subcommand errors
  • lxc/storage: workaround for subcommand errors
  • lxc/storage/volume: workaround for subcommand errors
  • lxd/main/cluster: workaround for subcommand errors
  • lxd/main/forkuevent: workaround for subcommand errors
  • lxd/main/forkmount: workaround for subcommand errors
  • lxd/main/forkfile: workaround for subcommand errors
  • lxd/main/forknet: workaround for subcommand errors
  • lxd/db/generate/root: workaround for subcommand errors
  • lxd/db/generate/db: workaround for subcommand errors
  • lxc/config/trust: workaround for subcommand errors
  • lxc/image: workaround for subcommand errors
  • lxc/network: workaround for subcommand errors
  • lxd/firewall/drivers/drivers/xtables: Don't use ebtables --concurrent flag
  • lxd/lifecycle/project: add project lifecycle events
  • lxd/api/project: handle ProjectCreated lifecycle event
  • lxd/api/project: handle ProjectUpdated lifecycle event
  • lxd/api/project: handle ProjectRenamed lifecycle event
  • lxd/api/project: handle ProjectDeleted lifecycle event
  • lifecycle/instance: add InstanceFileRetrieved
  • lifecycle/instance: add InstanceFilePushed
  • lxd/instance: Fix error message
  • lxd/instance/drivers/driver/common: Improve error logging in restartCommon
  • lxd/instance/operationlock: Close chanDone after deleting operation from map in Done
  • lxd/instance/drivers/driver/qemu: Don't fully regenerate config driver on start in generateConfigShare
  • lxd/instance/drivers/driver/qemu: Remove config drive template files dir and regenerate
  • lifecycle/instance: add InstanceFileDeleted
  • lxd/instance/drivers/driver/qemu: handle InstanceFileRetrieved lifecycle event
  • lxd/instance/drivers/driver/qemu: handle InstanceFilePushed lifecycle event
  • lxd/instance/drivers/driver/qemu: handle InstanceFileDeleted lifecycle event
  • lxd/instance/drivers/driver/lxc: handle InstanceFileRetrieved lifecycle event
  • lxd/instance/drivers/driver/lxc: handle InstanceFilePushed lifecycle event
  • lxd/instance/drivers/driver/lxc: handle InstanceFileDeleted lifecycle event
  • lxd/endpoints: Deal with nil listener
  • doc/index.md: Update CGO_LDFLAGS_ALLOW
  • Makefile: Set CGO_LDFLAGS_ALLOW
  • lxd/instance: Fix snapshot etag
  • shared/api: Add Project to StorageVolumeSource
  • client: Support for copy/move custom storage volume between projects
  • lxd/storage: Support for copy/move custom storage volume between projects
  • lxd: Support for copy/move custom storage volume between projects
  • lxc/storage_volume: Support for copy/move custom storage volume between projects
  • api: storage_api_project
  • i18n: Update translation templates
  • lxd/api/project: use nil for lifecycle event context
  • lxd/api/project: use consistent renamed lifecycle event context field names
  • lxd/api/project: remove redundant new_name from lifecycle context
  • lxd/profiles: use nil for lifecycle event context
  • lxd/profiles: use consistent renamed lifecycle event context field names
  • lxd/profiles: remove redundant new_name from lifecycle context
  • lxd/request/request: add CreateRequestor
  • lxd/operations/operations: use CreateRequestor to create lifecycle requestor
  • lxd/lifecycle/network: accept api.EventLifecycleRequestor as parameter
  • lxd/lifecycle/project: accept api.EventLifecycleRequestor as parameter
  • lxd/lifecycle/profile: accept api.EventLifecycleRequestor as parameter
  • lxd/api/project: create requestor for lifecycle event
  • lxd/profiles: create requestor for lifecycle event
  • lxd/network/driver/common: remove create function and references
  • lxd/network/driver/bridge: remove create references
  • lxd/network/driver/common: remove lifecycle event handling
  • lxd/networks: use clusterRequest alias for lxd/cluster/request package
  • lxd/networks: add network lifecycle event handling with requestor
  • Revert "client: Only retry target addresses if initial connection fails"
  • lxd/lifecycle/profile: fix incorrect comments
  • lxd/lifecycle/project: fix incorrect comments
  • lxd/storage: Handled nil config map
  • Makefile: Tweak quoting
  • lxd/instances: Retry on autostart failure
  • lxd/instances: Rework instancesRestart
  • lxd/lifecycle/storage/pool: add storage_pool
  • lxd/storage/pools: use clusterRequest alias for lxd/cluster/request package
  • lxd/storage/pools: handle StoragePoolCreated lifecycle event
  • lxd/storage/pools: handle StoragePoolUpdated lifecycle event
  • lxd/storage/pools: handle StoragePoolDeleted lifecycle event
  • lxd/lifecycle/image: add image
  • lxd/lifecycle/image/alias: add image_alias
  • lxd/images: handle ImageCreated lifecycle event
  • lxd/daemon/images: handle ImageCreated lifecycle event
  • lxd/images: handle ImageDeleted lifecycle event
  • lxd/images: handle ImageUpdated lifecycle event
  • lxd/images: handle ImageAliasCreated lifecycle event
  • lxd/images: handle ImageAliasDeleted lifecycle event
  • lxd/images: handle ImageAliasUpdated lifecycle event
  • lxd/images: handle ImageAliasRenamed lifecycle event
  • lxd/images: handle ImageRetrieved lifecycle event
  • lxd/images: handle ImageRefreshed lifecycle event
  • lxd/images: add swagger comment for imageAliasDelete
  • doc/rest-api: Refresh Swagger YAML
  • lxd/instance: Fix instance volume DB entry on copy
  • lxd/main_init_interactive: only ask for server host name when no joining token was provided
  • lxd/lifecycle/cluster: add cluster
  • lxd/lifecycle/cluster/member: add cluster member
  • lxd/api/cluster: use clusterRequest alias for lxd/cluster/request package
  • lxd/api/cluster: handle ClusterEnabled lifecycle event
  • lxd/api/cluster: handle ClusterDisabled lifecycle event
  • lxd/api/cluster: handle ClusterTokenCreated lifecycle event
  • lxd/api/cluster: handle ClusterCertificateUpdated lifecycle event
  • lxd/api/cluster: handle ClusterMemberAdded lifecycle event
  • lxd/api/cluster: handle ClusterMemberUpdated lifecycle event
  • lxd/api/cluster: handle ClusterMemberRenamed lifecycle event
  • lxd/api/cluster: handle ClusterMemberRemoved lifecycle event
  • lxd/instances: Fixes potential crash in instancesRestart and improves logging
  • client/util: Updates remoteOperationError to accept slice of remoteOperationResult
  • client: remoteOperationError usage
  • shared/network: RFC3493Dialer spacing
  • shared: Moves lxd/cluster/isClientConnectionError to shared.IsConnectionError
  • client/lxd/instance: Only try remote operation on different URL on connection error
  • lxd/instance/drivers/driver/common: Adds isStartableStatusCode function
  • lxd/instance/drivers/driver/lxc: Switch to d.isStartableStatusCode in Start()
  • lxd/instance/drivers/driver/qemu: Switch to isStartableStatusCode in Start()
  • lxd/instance/drivers/driver/qemu: If QMP socket not responding and QEMU process still exists then return Error status code
  • lxd/ip: Support for 'bridge' and 'ip link show' commands
  • lxd/ip: Support for 'tc' command
  • lxd/device: Use ip package instead of 'tc' command
  • lxd/device: Use ip package instead of 'bridge' command
  • lxd/device: Use ip package instead of 'ip link' command
  • lxd/instance/drivers/driver/common: Adds instanceInitiated return boolean to onStopOperationSetup
  • lxd/instance/drivers/driver/lxc: Fix lifecycle shutdown event in onStop
  • lxd/instance/drivers/driver/qemu: Fix lifecycle shutdown event in onStop
  • lxd/instance/drivers/driver/lxc: Detect error status in Shutdown and return appropriate error
  • lxd/instance/drivers/driver/qemu: Detect error status in Shutdown and return appropriate error
  • lxd/instance/drivers/driver/qemu: Detect error status in Stop and forcefully kill qemu process if exists
  • lxd/instance/drivers/driver/qemu: Handle internal-error status from QEMU
  • lxd/instance/drivers/driver/qemu: Remove hung term from statusCode
  • lxd/instance/drivers/driver/lxc: Remove hung term from getLxcState
  • lxd/device/nic/bridged: Apply managed network validation checks when parent is set to a managed network
  • test/suites/clustering: Fix tests to expect that creating container connected to pending network is forbidden
  • tests: Update bridged NIC filtering tests to account for validation being improved
  • lxd/device/nic/bridged: Allow use of static IPs with managed network that has DHCP disabled if IP filtering is in use
  • lxd/device/nic/bridged: Ensure static IPs are specified when using IP filtering on unmanaged parent bridge
  • lxd/instance/drivers/driver/qemu: Adds pidWait function
  • lxd/instance/drivers/driver/qemu: Improve killQemuProcess to clarify its behaviour
  • lxd/db/instances: Adds InstanceFilterAllInstances function
  • lxd/db/instances/test: Updates tests with db.InstanceFilterAllInstances
  • lxd/device/nic/bridged: Improve error for specifying static IP when DHCP disabled
  • lxd/device/nic/bridged: Add checks to validateConfig for existing NICs with same IPs specified
  • lxd/operations/operations: add SetRequestor
  • lxd/lifecycle/storage/volume: add storage_volume
  • lxd/storage/drivers/volume: add Pool
  • lxd/storage/volumes: use empty operation with SetRequestor instead of nil
  • lxd/networks: Add DNS record for gateway
  • lxd/storage/backend/lxd: handle StorageVolumeCreated lifecycle event
  • lxd/storage/backend/lxd: handle StorageVolumeUpdated lifecycle event
  • lxd/storage/backend/lxd: handle StorageVolumeDeleted lifecycle event
  • lxd/storage/backend/lxd: handle StorageVolumeRenamed lifecycle event
  • lxd/storage/backend/lxd: handle StorageVolumeRestored lifecycle event
  • lxd/lifecycle/storage/volume/snapshot: add storage_volume_snapshot
  • lxd/storage/volumes/snapshot: use empty operation with SetRequestor instead of nil
  • lxd/storage/backend/lxd: handle StorageVolumeSnapshotCreated lifecycle event
  • lxd/storage/backend/lxd: handle StorageVolumeSnapshotRenamed lifecycle event
  • lxd/storage/backend/lxd: handle StorageVolumeSnapshotDeleted lifecycle event
  • lxd/storage/backend/lxd: handle StorageVolumeSnapshotUpdated lifecycle event
  • lxd/device/nic/bridged: Improve performance of duplicate IP check in validateConfig
  • test: Adds tests for duplicate static DHCP assignment
  • lxd/device/nic/bridged: Check for duplicate MAC address in validateConfig
  • test: Add tests for duplicate MAC address assignment for bridged NICs
  • test: fix copy and paste error in duplicate static DHCP assignment
  • lxd/main/cluster: fix the link in the "recover-from-quorum-loss" prompt
  • lxd/network/network/utils/sriov: Add mutex to SRIOVFindFreeVirtualFunction to prevent concurrent start races
  • doc: sort sysctl parameters
  • doc: /proc/sched_debug normal mode is 444 so make it 400
  • api: Adds server_instance_driver_operational extension
  • doc/production-setup: ulimits tuning doesn't apply to snap users
  • api: Adds server_supported_storage_drivers extension
  • shared/api/server: Adds ServerStorageDriverInfo and adds StorageSupportedDrivers field to ServerEnvironment
  • doc/rest-api: Refresh swagger YAML
  • lxd/storage: Populates supported storage drivers cache var
  • lxd/api/1.0: Updates readStoragePoolDriversCache usage and populates env.StorageSupportedDrivers
  • lxd/main/init: Use server Environment for supported storage drivers
  • lxd/lifecycle/certificate: add certificate
  • lxd/certificates: use clusterRequest alias for lxd/cluster/request package
  • lxd/certificates: handle CertificateCreated lifecycle event
  • lxd/certificates: handle CertificateUpdated lifecycle event
  • lxd/certificates: handle CertificateDeleted lifecycle event
  • lxd/lifecycle/config: add config
  • lxd/api/1.0: handle ConfigUpdated lifecycle event
  • lxd/lifecycle/instance/log: add instance_log
  • lxd/instance/logs: handle InstanceLogRetrieved lifecycle event
  • lxd/instance/logs: handle InstanceLogDeleted lifecycle event
  • lxd/lifecycle/instance/metadata: add instance_metadata
  • lxd/lifecycle/instance/metadata/template: add instance_metadata_template
  • lxd/instance/metadata: handle InstanceMetadataRetrieved lifecycle event
  • lxd/instance/metadata: handle InstanceMetadataUpdated lifecycle event
  • lxd/instance/metadata: handle InstanceMetadataTemplateRetrieved lifecycle event
  • lxd/instance/metadata: handle InstanceMetadataTemplateCreated lifecycle event
  • lxd/instance/metadata: handle InstanceMetadataTemplateDeleted lifecycle event
  • lxd/lifecycle/operation: add operation
  • lxd/operations: handle OperationCancelled lifecycle event
  • lxd/lifecycle/instance: add InstanceConsoleRetrieved and InstanceConsoleReset lifecycle events
  • lxd/instance/drivers/driver/lxc: handle InstanceConsoleReset and InstanceConsoleRetrieved lifecycle events
  • shared/api: Add Address field to EventLifecycleRequestor
  • docs/api-extensions: Fix typo
  • lxd/api/cluster: use 'members' as name for ClusterTokenCreated lifecycle event
  • lxd/lifecycle/certificate: include object in source for created lifecycle events
  • doc: add events.md
  • lxd/api/1.0: Wait until LXD fully started before applying API changes in doApi10UpdateTriggers
  • lxc/cluster: Fix bad format string
  • lxd/daemon: No need to call vmMonitor anymore as its served by devicesRegister
  • lxd/devices: Add logging to devicesRegister
  • lxd/instances: Remove unused vmMonitor
  • shared/instance: Adds volatile.last_state.vsock_id to validation
  • lxd/instance/drivers/driver/qemu: Adds volatile.last_state.vsock_id volatile key
  • doc/instances: Documents volatile.last_state.vsock_id key
  • client: Make staticcheck happy
  • lxd-p2c: Make staticcheck happy
  • lxc-to-lxd: Make staticcheck happy
  • lxd-agent: Make staticcheck happy
  • lxc: Make staticcheck happy
  • lxd/instance/instance/utils: Adds cleanLogDir bool argument to CreateInternal
  • lxd/request: Support for Address field
  • api: event_lifecycle_requestor_address
  • lxd: instance.CreateInternal usage
  • doc: Renames volatile.last_state.vsock_id to volatile.vsock_id
  • lxd/instance/drivers/driver/qemu: Renames volatile.last_state.vsock_id to volatile.vsock_id
  • shared/instance: Renames volatile.last_state.vsock_id to volatile.vsock_id
  • lxd/db/generate/file/write: add alternate build comment to generated files
  • Makefile: add go formatting for update-schema
  • lxd/node: Improve error handling
  • lxd/storage/ceph: Improve version parsing
  • i18n: Update translation templates
  • lxd/device: Fix duplicate MAC test
  • tests: Fix cluster networking test

Try it for yourself

Try the latest LXD release on our demo service.

Downloads

The release tarballs can be found on our download page.

Binary builds are also available for:

  • Linux: snap install lxd
  • MacOS: brew install lxc
  • Windows: choco install lxc

LXC/LXD/LXCFS 2.0 - End of Life announcement

14th of June 2021

Introduction

The 2.0 LTS branch has reached its end of life.

This affects the following projects:

  • LXC 2.0 (released 6th of April 2016)
  • LXCFS 2.0 (released 31st of March 2016)
  • LXD 2.0 (released 11th of April 2016)

After over 5 years of bugfixes and security maintenance, those releases have now reached the end of their supported lifetime.

Concretely, this means that we will not be issuing any new releases, that our stable branches will be closed and associated CI disabled.

All remaining users should upgrade to a supported release as soon as possible.

Long term support releases

Upstream commits to 5 years support for its LTS branches. Such branches exist for LXC, LXCFS and LXD and see bugfixes and security fixes backported to them.

No new features get added to those branches and only the latest LTS branch sees most bugfixes backported, once a new LTS branch is released, the previous one will only get security and critical bugfixes.

Currently supported releases

There are currently two remaining LTS releases, 3.0 with support lasting until June 2023 and 4.0 with support until June 2025.

Additionally, some projects (currently LXD) may have more frequent feature releases. Those do not get long term support and are usually only supported until the next one comes out.

LXC 4.0.9 LTS has been released

6th of May 2021

Introduction

The LXC team is pleased to announce the release of LXC 4.0.9!

This is the ninth bugfix release for LXC 4.0 which is supported until June 2025.

You may have noticed the sudden jump from 4.0.6 to 4.0.9, that's because 4.0.7 and 4.0.8 both included regressions that were reported by early users and were considered bad enough to require a new release.

The changelog below covers 4.0.6 to 4.0.9.

Bugfixes

As usual this bugfix releases focus on stability and hardening. Some of the highlights for this release are:

  • Testing improvements including fixes from oss-fuzz
  • Rework of the attach codepath
  • Cgroup handling rework

The full list of commits is available below:

  • commands: fix check for seccomp notify support
  • configure: skip libseccomp tests if it is disabled
  • conf: fix containers retaining CAP_NET_ADMIN
  • cgroups: fix cgroup mounting
  • lsm: remove obsolute comment about constructor
  • lxc_attach: include rexec conditionally
  • tree-wide: fix some header inclusions
  • initutils: fix missing includes
  • configure: support static binaries
  • autotools: enable static builds for tools
  • autotools: enable static builds for commands
  • tree-wide: fix compilation with-Wstrict-prototypes -Wold-style-definition
  • config: update ax_pthread.m4
  • configure: add AC_SYS_LARGEFILE checking
  • autotools: update build
  • file_utils: introduce read_file_at()
  • string_utils: add must_make_path_relative()
  • cgroups: coding style fixes
  • cgroups: rework cg_unified_init()
  • cgroups: detect and record cgroup2 freezer support
  • criu: handle cgroup2 freezer
  • mkdir -p /proc /sys on container startup
  • conf: fix coding style
  • conf: coding style fixes
  • conf: move proc and sys mountpoint creation int lxc_mount_auto_mounts()
  • attach: invert child/parent handling
  • attach: use __do_free cleanup macro for cwd
  • attach: tweak logging
  • attach: use __do_close for labelfd
  • attach: coding style fixes
  • attach: use free_disarm()
  • attach: s/attach_child_main/do_attach/g
  • attach: mark do_attach() as __noreturn
  • attach: make do_attach() void
  • attach: use close_prot_errno_disarm()
  • attach: add some DEBUG() logging to stdfd dpulication
  • cgroups: fix cgroup mounting
  • Merge pull request #3653 from brauner/2021-02-04/lxc-4.0.6-cgroup-mount-fix
  • utils: fix mount_at()
  • configure: fix static builds with clang-12 and LTO
  • cgroups: bpf fixes
  • croups: improve __do_bpf_program_free
  • cgroups: coding style fixes
  • cgroups: don't initiliaze NULL log
  • cgroups: ensure all memory is zeroed
  • cgroups: use zalloc
  • cgroups: tweak cgroup initialization
  • log: remove pointless inline
  • log: add lxc_log_get_fd()
  • seccomp: use lxc_log_get_fd()
  • log: rework lxc_log_get_level()
  • seccomp: use lxc_log_get_level()
  • cgroups: use bpf log when logging at trace level
  • log: add lxc_log_trace() helper
  • cgroups: use PTR_TO_U64()
  • cgroups: align methods
  • utils: use SYSTRACE() when logging stdio permission fixup failures
  • attach: log failues to dup2() with SYSDEBUG()
  • attach: fix logging for stdfd replacement
  • attach: fix error checking for dup2()
  • cgroups: initialize variable
  • commands_utils: don't leak memory
  • conf: use lxc_log_trace()
  • confile_utils: use lxc_log_trace()
  • rexec: check lseek() return value
  • attach: coding style fixes
  • attach: order variables correctly
  • lxc-attach: Enable setting the SELinux context
  • attach: require that LXC_ATTACH_LSM_LABEL is specified
  • attach: move lxc_proc_context_info to file local scope
  • attach: s/lxc_proc_context_info/attach_context/g
  • attach: rename attach_context helpers
  • attach: s/calloc/zalloc/g
  • attach: split attach_context into allocation and initialization
  • attach: move lxc_cmd_get_init_pid() int get_attach_context()
  • attach: move get_personality() into get_attach_context()
  • attach: move config init into get_attach_context()
  • attach: add get_attach_context_nsfds()
  • attach: s/lxc_proc_close_ns_fd/close_nsfds/g
  • attach: s/lxc_attach_drop_privs/drop_capabilities/g
  • lsm: s/lsm_init/lsm_init_static/g
  • attach: fix personality handling
  • attach: remove obsolete namespace check
  • attach: move getcwd() into tighter scope
  • attach: s/close/close_prot_errno_disarm/g
  • attach: move attach_clone_payload into tighter scope
  • attach: rename attach_clone_payload to attach_payload
  • attach: coding style fixes
  • sync: export sync_wait() and sync_wake()
  • sync: rename startup synchronization macros
  • attach: use sync_wait()/sync_wake() where applicable
  • attach: introduce sync_wait_pid() and sync_wake_pid()
  • sync: make all sync helpers return bool
  • attach: introduce sync_wait_fd() and sync_wake_fd()
  • attach: use dummy macros to make it easier to follow sync logic
  • attach: move new_cwd into tighter scope
  • attach: use STDIN_FILENO instead of hard-coding 0
  • attach: remove unneeded assignment
  • attach: rework attaching to namespace fds
  • attach: move to file descriptor-only interactions
  • attach: move to file descriptor only namespace interactions
  • attach: init file descriptors to -EBADF
  • cgroups: vet parameters more strictly
  • cgroups: use cleanup macro for consistency
  • attach: don't needless check for NULL
  • attach: file descriptors based LSM handling
  • attach: hardening through use of pidfds
  • lsm/apparmor: cleanup apparmor_process_label_set()
  • file_utils: add fdopenat()
  • attach: unifiy /proc//status parsing
  • attach: initialize init_pid field to -ESRCH
  • attach: move uid and gid handling to get_attach_context()
  • attach: simplify opening of /proc/self
  • attach: document attach_context
  • attach: stash host uid and host gid in attach_context
  • cgroups: remove pointless NULL checks
  • file_utils: add open_at()
  • syscall_wrappers: add PROTECT_LOOKUP, PROTECT_OPEN, PROTECT_LOOKUP_WITH_SYMLINKS, PROTECT_OPEN_WITH_TRAILING_SYMLINKS
  • attach: harden open calls
  • tree-wide: extend read_file_at()
  • lsm: harden read_file_at()
  • file_utils: remove O_NOFOLLOW from open_at() defaults
  • attach: file descriptor based fdinfo handling
  • attach: prevent UAF
  • attach: use correct put method
  • attach: stricter lookup semantics for fdopen_at() calls
  • attach: move file descriptor closing into attach_context_container()
  • attach: move loading seccomp as late as possible
  • memory_utils: add close_prot_errno_mov()
  • file_utils: harden lxc_open_dirfd()
  • file_utils: harden lxc_writeat()
  • cgroups: add unified_cgroup_fd() helper
  • cgroups: switch controller delegation to fd-only operations
  • macro: abuse ENOMEDIUM as ENOCGROUP2
  • file_utils: add lxc_read_try_buf_at()
  • cgroups: add cgroup_get()
  • lxccontainer: use cgroup_get()
  • cgroups: reorder cgroup_get() arguments
  • cgroups: add croup_set()
  • lxccontainer: use correct variable ordering
  • lxccontainer: use cgroup_set()
  • cgroups: move functions after methods
  • cgroups: annotate cgroup_get()/cgroup_set()
  • commands_utils: add lcx_cmd_notify_state_listeners()
  • freezer: use lxc_cmd_notify_state_listeners()
  • cgroups: add cgroup_freeze() and cgroup_unfreeze()
  • freezer: make methods return bool
  • lxccontainer: use cgroup_freeze() and cgroup_unfreeze()
  • cgroups: rewind() file before polling again
  • cgroups: remove unused conf argument
  • cgroups: vet parameters
  • lxccontainer: use correct error checks
  • cgroups: move down cgroup_attach()
  • cgroups: stricter argument vetting for cgroup_attach()
  • cgroups: return ENOCGROUP2 from cgroup_attach()
  • attach: check for ENOCGROUP2 explicitly
  • cgroups: switch back to returning ints
  • attach: explicitly close seccomp notifier fd
  • cgpath: add logging
  • commands: add missing lxc_cmd_get_limiting_cgroup2_fd() implementation
  • cgroups: use lxc_cmd_get_limiting_cgroup2_fd()
  • cgroups: export __cgroup_unfreeze() for use in commands
  • commands: use __cgroup_unfreeze() directly
  • freezer: remove lxc_cmd_freeze() and lxc_cmd_unfreeze() calls
  • test: add logging to device_add_remove
  • tests: support pure unified cgroup layouts in cgpath test
  • cgroups: improve parameter vetting
  • tests: check for NULL in device_add_remove
  • syscalls: add close_range()
  • rexec: mark all fds as close-on-exec if possible
  • conf: remove unnecessary syscall
  • conf: restrict open of dev/
  • conf: harden open in lxc_fill_autodev()
  • conf: fd-only operations in lxc_setup_dev_symlinks()
  • conf: restrict open for lxc_mount_rootfs()
  • conf: fd-only pivot root
  • conf: fd-only devtps setup
  • attach: attach to namespaces via pidfds
  • conf: coding style
  • conf: make lxc_create_tmp_proc_mount() static
  • conf: restrict open call in lxc_mount_rootfs()
  • conf: refactor transient procfs mounting
  • utils: harden __safe_mount_beneath_at()
  • cgroups: restricted fd-only controller mountpoint creation
  • cgroups: switch to fd-based cgroup mounting
  • attach: fix fallback logic when attaching to cgroups
  • cgroups: fix argument vetting in cgroup_attach()
  • cgroups: improve error handling and logging in cgroup_attach_leaf()
  • cgroups: restrict open calls in cgroup_attach_create_leaf()
  • utils: add mount_from_at()
  • conf: fix lxc_setup_dev_console()
  • conf: start stashing dfd to host's / during container setup
  • conf: restricted fd-only lxc_fill_autodev()
  • syscall_wrappers: fix PROTECT_OPEN_W macro
  • tree-wide: s/dev_mntpt_fd/dfd_dev/g
  • tree-wide: s/mntpt_fd/dfd_mnt/g
  • tree-wide: s/dfd_root_host/dfd_host/g
  • cgroups: check for correct error in __cg_unified_attach() from cgroup_attach()
  • attach: improve logging and terminology
  • utils: check for snprintf() error
  • utils: add lxc_drop_groups()
  • tree-wide: use lxc_drop_groups() instead of lxc_setgroups(0, NULL)
  • utils: rework lxc_setgroups()
  • confile: add lxc.init.groups to keep additional groups
  • attach: Add groups option to keep additional group IDs.
  • attach_options: initialize .groups
  • attach_options: use standard C pointer syntax
  • attach: use brackets around flag check
  • attach_options: use size_t for lxc_groups_t
  • conf: use lxc_groups_t directly
  • confile: handle appending init groups
  • mount_utils: move mount_at() and mount_from_at() over from utils.{c,h}
  • mount_utils: add extended helpers for new mount api
  • conf: switch mount_autodev() to new mount api
  • cgroups: switch tmpfs mounting to new mount api
  • cgroups: switch __cg_mount_direct() to use the new mount api
  • mount_utils: kill mount_at()
  • mount_utils: add support for bind-mounts through the new mount api
  • conf: use fd_bind_mount() in lxc_fill_autodev()
  • mount_utils: kill mount_from_at()
  • mount_utils: detect new mount api support
  • tree-wide: make use of new_mount_api() where it makes sense
  • mount_utils: initialize fd
  • attach: switch to simple mount()
  • mount_utils: kill mount_filesystem()
  • mount_utils: add locked flag helpers
  • conf: s/setup_mount()/setup_mount_fstab()/g
  • conf: kill PATH_MAX bytes
  • conf: don't pass struct lxc_conf
  • conf: kill PATH_MAX bytes
  • conf: kill PAT_MAX bytes
  • network: Add error message if iw couldn't be found
  • conf: rework rootfs pinning
  • mount_utils: s/OPEN_TREE_CLONE | OPEN_TREE_CLONE/OPEN_TREE_CLONE | OPEN_TREE_CLOEXEC/g
  • conf: fd-only tty setup
  • tests: add logging to lxc-test-unpriv
  • conf: kill PATH_MAX bytes
  • conf: kill PATH_MAX bytes
  • conf: fix memory leak
  • criu: mark cgroups methods specific to criu
  • criu: massage exec_criu()
  • criu: move logging under lxc_log_trace()
  • criu: use cleanup macro
  • criu: use cleanup macro when parsing mount data
  • criu: rework init pid retrieval
  • criu: warn about cgroup hierarchies without controllers
  • criu: lxc_init() already initializes cgroups
  • criu: handle new cgroup layout
  • cgroups: use brackets to have clear semantics for flags checking
  • cgroups: do not return early when entering monitor cgroups
  • cgroups: log monitor and transient process entering
  • cgroups: log container process entering
  • string_utils: add wrapper for snprintf()
  • cgroups: convert to strnprintf()
  • attach: convert to strnprintf()
  • commands_utils: convert to strnprintf()
  • conf: convert to strnprintf()
  • confile: convert to strnprintf()
  • confile_utils: convert to strnprintf()
  • criu: convert to strnprintf()
  • file_utils: convert to strnprintf()
  • log: convert to strnprintf()
  • lxccontainer: convert to strnprintf()
  • lxclock: convert to strnprintf()
  • monitor: convert to strnprintf()
  • mount_utils: convert to strnprintf()
  • network: convert to strnprintf()
  • rexec: convert to strnprintf()
  • seccomp: convert to strnprintf()
  • start: convert to strnprintf()
  • terminal: convert to strnprintf()
  • string_utils: convert to strnprintf()
  • utils: convert to strnprintf()
  • memory_utils: add close_move_fd()
  • string_utils: add proc_self_fd()
  • string_utils: add fdstr()
  • file_utils: add same_file_lax()
  • macro: add LXC_PROC_SELF_FD_LEN
  • conf: introduce lxc_bind_mount_console()
  • tree-wide: rework mount api support checks
  • attach: convert to strequal()
  • cgroups: convert to strequal()
  • conf: convert to strequal()
  • confile: convert to strequal()
  • confile_utils: convert to strequal()
  • criu: convert to strequal()
  • initutils: convert to strequal()
  • log: convert to strequal()
  • lsm: convert to strequal()
  • lxccontainer: convert to strequal()
  • network: convert to strequal()
  • seccomp: convert to strequal()
  • namespace: convert to strequal()
  • start: convert to strequal()
  • state: convert to strequal()
  • string_utils: convert to strequal()
  • terminal: convert to strequal()
  • utils: convert to strequal()
  • attach: convert to strequal()
  • cgroups: convert to strequal()
  • conf: convert to strequal()
  • confile: convert to strequal()
  • confile_utils: convert to strequal()
  • file_utils: convert to strequal()
  • freezer: convert to strequal()
  • lsm: convert to strequal()
  • lxccontainer: convert to strequal()
  • seccomp: convert to strequal()
  • utils: convert to strequal()
  • start: rework namespace preservation and path creation for hooks
  • network: expose namespace fd paths to network hooks
  • start: fix error handling and improve comment
  • start: improve namespace preservation
  • start: improve comments
  • start: improve comment in lxc_spawn()
  • cgroups: move cgns_supported() to cgroup utilities
  • conf: don't pass conf separately to lxc_mount_auto_mounts()
  • cgroups: pass handler to cgroup mount() method
  • cgroups: verify that we are actually running in cgroup namespace
  • cgroups: improve cgroup mounting
  • utils: add development helper to quickly dump a directories contents
  • cgroups: make clear that a flag argument is passed to cgroup mount functions
  • cgroups: don't strip LXC_AUTO_CGROUP_FORCE
  • cgroups: switch to flag-based checking
  • conf: remove wrong comment
  • cgroups: s/cg_mount_in_cgroup_namespace()/cgroupfs_mount()/g
  • cgroups: s/cg_mount_cgroup_full()/cgroupfs_bind_mount()/g
  • cgroups: fix flag checking in legacy mount paths
  • cgroups: strip LXC_AUTO_CGROUP_MIXED and LXC_AUTO_CGROUP_FULL_MIXED when cgroup namespaces are supported and used
  • cgroups: s/__cg_mount_direct()/__cgroupfs_mount()/g
  • cgroups: log early return
  • cgroupfs: rework cgroup2 mounting
  • confile: use set_config_path_item() for most cgroup layout modifiers
  • confile_utils: normalize paths in config items
  • confile: forbid walking upwards for confile items that modify cgroup layout
  • cgroups: s/cg_init()/__cgroup_init()/g
  • cgroups: stash host's cgroupfs file descriptor
  • cgroups: better document stashed file descriptors
  • cgroups: rework add_hierarchy()
  • cgroups: rework base cgroup parsing
  • confile: forbid absolute paths in config items that modify the cgroup layout
  • cgroups: fail when no cgroup hierarchies are found
  • cgroups: stash fds for the controller mountpoint and base cgroup path
  • cgroups: fd-based only cgroup creation
  • cgroups: rework legacy cpuset handling
  • cgroups: improve logging
  • string_utils: handle empty strings in must_make_path()
  • cgroups: allow "" base cgroup paths
  • cgroups: fix fd leaks
  • cgroups: rework how hierarchies are added
  • namespace: add missing \0 terminator
  • cgroups: prevent double-close
  • file_utils: move dup_cloexec() to header
  • cgroups: fd-only cgroup tree pruning
  • cgroups: remove obsolote cgroup_tree handling
  • cgroups: s/openat()/open_at()/g
  • cgroups: check correct variable
  • cgroups: rework unified controller delegation
  • start: delegate than move into the target cgroup
  • cgroups: reorder function arguments
  • cgroups: remove obsolote check
  • cgroups: rework cgroup tree removal on creation failure
  • cgroups: ensure leaf cgroup is correctly pruned on creation failure
  • cgroups: rework cgroup tree creation
  • cgroups: be stricter when creating payloads
  • cgroups: don't rely on absolute path
  • cgroups: don't move pivot cgroup under the monitor's cgroup
  • cgroups: ensure we don't remove cgroups we didn't create
  • cgroups: ensure we prune the limit dir
  • cgroups: simplify mount opening
  • cgroups: prevent NULL pointer deref
  • cgroups: log intermediate cleanup
  • cgroups: distinguish between tmpfs and unified based cgroup layouts file descriptors
  • cgroups: ensure that cgroup_root is initialized in legacy codepaths
  • cgroups: prevent cgroup mount type overwrite
  • cgroups: validate that only a single cgroup mount type is set
  • conf: use brackets to clarify check semantics
  • cgroups: use non-flag based checking now that we switched all codepaths over
  • cgroups: create controller directories if missing
  • cgroups: make it extremely obvious that we're transitioning from a flag to a type
  • cgroups: don't overwrite type
  • cgroups: fix error values
  • utils: fix print_r() debugging helper
  • cgroups: free correct path
  • cgroups: kill monitor_full_path
  • bpf: use cgroup fd directly instead of paths
  • conf: introduce lxc_bpf_devices_rule_t type
  • bpf: use return macros
  • bpf: align struct initialization
  • bpf: enable helpers to let caller replace existing bpf programs
  • cgroups: make device cgroups semantics clearer
  • cgroups: improve bpf device program handling
  • bpf: add helpers for better bpf device program management
  • cgroups: improve bpf device program management
  • commands: improve bpf device program management
  • commands: replace bpf program on update
  • macro: add swap helper
  • bpf: use __u32 not uint32_t
  • bpf: don't close invalid fd, simply swap
  • commands: rework bpf devices BPF_F_REPLACE codepath
  • bpf: rework bpf_program_cgroup_detach()
  • bpf: handling missing defines
  • bpf: vendor bpf headers
  • cgroups: remove compile-time bpf support detection
  • bpf: add and use bpf_cgroup_devices_attach() helper
  • bpf: let bpf_list_add_device() take the device list directly
  • bpf: fix return values in bpf_program_cgroup_attach()
  • compiler: fix fallthrough attribute
  • bpf: rework live device cgroup update
  • lxccontainer: fix reboot logging
  • memory_utils: add close_equal() and free_equal()
  • cgroups: use close_equal() and free_equal()
  • bpf: prevent double-close
  • bpf: make bpf_program_cgroup_attach() static
  • bpf: simplify bpf (device) program freeing
  • conf: use saner mode for console
  • start: fix non-daemonized and application containers
  • conf: don't log garbage
  • apparmor: clean up apparmor_process_label_get
  • apparmor: prefer /proc/.../attr/apparmor/current over legacy interface
  • file_utils: allow fd_to_buf() to fail for real
  • lsm: twek apparmor_process_label_get()
  • cgroups: ensure no garbage is returned
  • cgroups: make device cgroup handling smarter and simpler
  • commands: only update bpf device program if really needed
  • bpf: comment bpf_cgroup_devices_update()
  • bpf: fix typos
  • conf: improve lxc_clear_cgroups()
  • conf: expose lxc_clear_cgroup2_devices()
  • cgroups: tweak bpf_device_cgroup_prepare()
  • bpf: update device cgroup semantics
  • doc: add missing ".[controller file] suffix to lxc.cgroup{2}. key explanations
  • doc: epxlain eBPF-based device controller semantics
  • doc: tweak cgroup headline
  • string_utils: move lxc_iterate_parts()
  • cgroups: fix prune_init_scope()
  • cgroups: avoid additional variable for single access
  • cgroups: s/must_copy_string()/strdup()/g
  • cgroups: tweak lxc.cgroup.use handling in __cgroup_init()
  • cgroups: tweak return values
  • cgroups: simplify current cgroup retrieval on pure unified cgroup layouts
  • cgroups: s/basecginfo/cgroup_info/g
  • compiler: add likely() and unlikely() support
  • macro: add pointer error encoding support
  • memory_utils: adapt to new pointer error macros
  • cgroups: split out unified cgroup helpers
  • cgroups: rework cgroup initialization
  • cgroups: simplify string list handling
  • cgroups: split delegation checks into separate helpers
  • cgroups: s/add_hierarchy()/cgroup_hierarchy_add()/g
  • cgroups: remove unused helpers
  • cgroups: introduce cgroup hierarchy type
  • cgroups: simplify and fix mounting on non-cgroup namespace aware kernels
  • cgroups: rename cgroupfs mount fd
  • cgroups: s/container_base_path/at_base/g
  • cgroups: s/mountpoint/at_mnt/g
  • cgroups: s/cgfd_con/dfd_con/g
  • cgroups: s/cgfd_mon/dfd_mon/g
  • cgroups: s/cgfd_limit/dfd_lim/g
  • cgroups: s/container_full_path/path_con/g
  • cgroups: s/container_limit_path/path_lim/g
  • cgroups: move cgroup2 parameters into substruct
  • cgroups: s/cgroup2_chown/delegate/g
  • cgroups: improve utility controller handling
  • file_utils: tweak lxc_write_openat()
  • cgroups: fix cg_legacy_freeze() return type
  • cgroups: handle lxc.cgroup.use global parameter
  • memory_utils: fix close_equal()
  • cgroups: skip and warn about invalid file descriptors
  • cgroups: start stashing all fds
  • cgroups: close dfd_mon but keep dfd_con and dfd_lim open for all cgroup hierarchies
  • commands: explicitly number enums
  • commands: tweak validate_string_request()
  • af_unix: improve SCM_RIGHTS file descriptor retrieval
  • cgroups: add cgroup_fds() helper
  • state: never return NULL from lxc_state2str()
  • commands: be more explicit during command processing
  • commands: introduce lxc_cmd_rsp_send_reap()
  • commands: introduce rsp_one_fd()
  • commands: introduce rsp_many_fds()
  • commands: add LXC_CMD_GET_CGROUP_FD
  • cgroups: allow cgroup fd batch retrieval
  • macro: add min() macro
  • utils: add copy_struct_from_client()
  • log: add syswarn_set()
  • utils: add copy_struct_to_client()
  • commands: introduce LXC_CMD_GET_CGROUP_CTX
  • cgroups: introduce fd-only cgroup attach
  • commands: send ENOSYS response
  • commands: handle older clients elegantly
  • commands: lxc_cmd_add_state_client_callback()
  • attach: fix unsupported namespaces
  • af_unix: add comment about cast
  • attach: remove additional newline
  • commands: handle older clients gracefully
  • commands: verify expected file descriptors were sent
  • attach: fix namespace preservation
  • terminal: dumb logging down
  • attach: make fd sending more uniform
  • attach: handle new and old clients
  • commands: handle old clients for LXC_CMD_GET_CGROUP_CTX
  • commands: only deref once
  • af_unix: prevent oob writes
  • cgroups: fix error checking
  • commands: remove faulty use of access attribute
  • cgroups: fix braino during controller list creation
  • attach: be paranoid about file descriptors
  • cgroups: simple variable reordering
  • error_utils: move error helper to separate header
  • commands: tweak return values
  • error_utils: copy over Lennart's IN_SET()
  • cgroups: make use of ERRNO_IS_NOT_SUPPORTED()
  • cgroups: handle fallback gracefully
  • commands: fix alignment for lxc_cmd_get_cgroup_ctx()
  • commands: simplify lxc_cmd_get_cgroup_ctx()
  • commands: s/LIMITING/LIMIT/g and s/limiting/limit/g
  • commands: add LXC_CMD_GET_CGROUP_FD and LXC_CMD_GET_LIMIT_CGROUP_FD
  • cgroups: s/cgroup_layout/layout/g
  • commands: set rsp.ret to 0 for lxc_cmd_get_cgroup_ctx_callback()
  • file_utils: actually open the file for reading
  • commands: extend rsp_one_fd() to also handle additional data
  • commands: add LXC_CMD_GET_CGROUP_FD and LXC_CMD_GET_LIMIT_CGROUP_FD
  • commands: s/LXC_CMD_CONSOLE/LXC_CMD_GET_TTY_FD/g
  • commands: annotate array argument
  • commands: ensure that non-NULL and MAX_STATE is always passed
  • commands: use IN_SET() in lxc_cmd()
  • commands: switch to bool
  • commands: s/lxc_cmd_init()/lxc_server_init()/g
  • commands: add lxc_cmd_init() and lxc_cmd_data()
  • commands: port lxc_try_cmd() to new helpers
  • commands: port lxc_cmd_get_init_pid() to new helpers
  • commands: port lxc_cmd_get_init_pidfd() to new helpers
  • commands: port lxc_cmd_get_devpts_fd() to new helpers
  • commands: port lxc_cmd_get_seccomp_notify_fd() to new helpers
  • commands: port lxc_cmd_get_cgroup_ctx() to new helpers
  • commands: port lxc_cmd_get_clone_flags() to new helpers
  • commands: portlxc_cmd_get_cgroup_path_do() to new helpers
  • commands: port lxc_cmd_get_config_item() to new helpers
  • commands: port lxc_cmd_get_state() to new helpers
  • commands: port lxc_cmd_stop() to new helpers
  • commands: port lxc_get_tty_fd() to new helpers
  • commands: port lxc_cmd_get_name() to new helpers
  • commands: port lxc_cmd_get_lxcpath() to new helpers
  • commands: port lxc_cmd_add_state_client() to new helpers
  • commands: port lxc_cmd_add_bpf_device_cgropu() to new helpers
  • commands: port lxc_cmd_console_log() to new helpers
  • commands: port lxc_cmd_serve_state_clients() to new helpers
  • commands: port lxc_cmd_seccomp_notify_add_listener() to new helpers
  • commands: port lxc_cmd_freeze() to new helpers
  • commands: port lxc_cmd_unfreeze() to new helpers
  • commands: port lxc_cmd_get_cgroup_fd() to new helpers
  • commands: port lxc_cmd_get_limit_cgroup_fd() to new helpers
  • commands: port lxc_cmd_get_cgroup2_fd() to new helpers
  • commands: port lxc_cmd_get_limit_cgroup2_fd() to new helpers
  • commands: let lxc_cmd() return ssize_t to indicate that it returns not just 0 on success
  • macro: add hweight*() helpers
  • af_unix: allow caller and callee to negotiate expectations and reality
  • commands: rework lxc_cmd_rsp_recv() to make it more obvious
  • commands: improve lxc_cmd_get_tty_fd()
  • tests: add logging to lxc-test-lxc-attach
  • log: add some more log and return helpers
  • commands: use debug logging
  • commands: port misnamed functions to general style
  • commands: send ENOSYS response
  • commands: s/LIMITING/LIMIT/g and s/limiting/limit/g
  • commands: cleanup error handling and variable naming
  • commands: rsp_one_fd_{reap,keep}() and rsp_many_fds_reap()
  • commands: fix indentation
  • commands: unify fd retrieval commands
  • tree-wide: s/syerrno_set()/syserror_set()/g
  • tree-wide: start replacing instances of syserrno() with syserror()
  • tree-wide: replace remaining instances of syserrno() with syserror_ret()
  • log: mark logging helpers to use
  • tree-wide: use new logging helpers
  • tree-wide: replace old systrace logging helpers
  • tree-wide: replace old-style sysinfo logging return helper
  • network: make callback naming consistent and understandable
  • network: fix coding style in lxc_create_network_unpriv_exec()
  • confile_utils: ensure memory is zeroed
  • network: fix grammar
  • network: add lxc_network_info struct
  • network: handle name collisions when renaming network devices
  • network: use two passes through networks
  • conf: ease backports by carrying unused structs
  • network: carry some structs to ease backports
  • confile: initialize network struct
  • af_unix: vet all parameters
  • cgroup: do not fail if there are no writable heirarchies
  • attach_options: explicitly number enums
  • attach_options: fix whitespace error in LXC_ATTACH_NO_NEW_PRIVS
  • attach_options: add explicit defines for all enums
  • start: handle CLONE_PIDFD on arm64
  • conf: tweak comment about transient procfs mount
  • conf: simplify dependent mount logic
  • conf: ensure that procfs and sysfs are unmounted
  • conf: cleanup automounting
  • conf: simplify logging in lxc_mount_auto_mounts()
  • conf: add missing newline in lxc_mount_auto_mounts()
  • cgroups: ignore unused controllers
  • macro: define __aligned_u64 to handle kernels without such support
  • Switch to Github actions
  • github: Fix invalid syntax for coverity
  • rexec: don't close stderr
  • string_utils: provide a version of strchrnul() in case it's not available
  • include: fix typo
  • configure: fix strchrnul conditiona compilation
  • strchrnul: ignore increased required alignment warning
  • strchrnul: fix copy-paste braino
  • confile_utils: don't free netdev twice
  • conf: fix a memory leak
  • ci: turn on CIFuzz
  • confile: fix set_config_sysctl()
  • conf: reinitialize sysctl list after clearing it
  • confile_utils: delete netdev from list
  • list: add lxc_list_new() helper
  • confile: use lxc_list_new() everywhere
  • conf: use lxc_list_new() everywhere
  • oss-fuzz: make it possible to build the fuzzer without docker
  • network: handle name collisions when returning physical interfaces to host
  • fuzz: create tmpfiles in /tmp
  • README: add OSS-Fuzz/CIFuzz badges
  • fuzz: generate all the config keys and add them to the seed corpus
  • log: dont create log file for fuzz builds
  • log: don't create directories for fuzz builds
  • log: handle empty log name
  • confile: be stricter in config helpers
  • confile: don't leak memory when overwriting lxc.rootfs.options
  • confile_utils: fix real-time signal parsing
  • conf: prevent UAF in lxc_clear_limits()
  • confile_utils: improve network parser
  • string_utils: fix parse_byte_size_string()
  • log: avoid regressions for relative log paths
  • conf: don't leak list
  • confile: fix setting prlimits
  • string_utils: always memset buf in lxc_safe_int64_residual()
  • conf: reinitialize lists
  • confile_utils: free network list items
  • conf: coding style cleanups
  • confile: make string calculations in get_network_config_ops() more obvious
  • confile: use correct check for too large network lists
  • confile: improve network vetting
  • confile: fix a memory leak in set_config_net_hwaddr
  • confile: prevent recursion when parsing networks
  • ci: turn on ASan on CIFuzz
  • confile_utils: free list during lxc_remove_nic_by_idx()
  • confile: add missing prefix validation
  • confile: don't leak memory in case multiple shmounts are set
  • confile_utils: fix a signed integer overflow
  • oss-fuzz.sh: take SANITIZER into account
  • cifuzz: turn on UBsan
  • string_utils: handle overflow correct in parse_byte_size_string()
  • cifuzz: turn on MSan
  • string_utils: work around an MSan false positive
  • confile: safely clean previous value in set_config_net_ipv6_gateway()
  • confile: safely clean previous value in set_config_net_ipv4_gateway()
  • confile: vet keys more aggressively
  • confile: clear netdev on network type change
  • confile: cleanup set_config_net_hwaddr()
  • confile: cleanup set_config_net_mtu()
  • confile: cleanup set_config_net_script_up()
  • confile: cleanup set_config_net_script_down()
  • tests: fix two false negatives in parse_config_file()
  • tests: add another test for garbage config key
  • conf: fix thread_local support detection
  • lxccontainer: ensure second parameter to bsearch is never NULL
  • compiler: fix thread_local detection
  • oss-fuzz.sh: put the "lxc.net" keys in the seed corpus as well
  • autotools: remove --enable-{asan,ubsan} in favor of --enable-sanitizers
  • README: remove Travis and add Github actions badge
  • doc: Documented that net type field must come before other options on the net device
  • ci: stop passing --enable-ubsan
  • oss-fuzz.sh: get rid of the sed "no-undefined" kludge
  • ci: also build with ASan/UBsan
  • ci: enable PAM
  • build-system: make it compatible with ASan/UBsan/MSan
  • oss-fuzz: reject giant configs early
  • confile: don't jump into the global table twice
  • string_utils: switch to path_simplify()
  • confile: cap to last bit in set_config_net_ipv4_address()
  • lxc_user_nic: cleanup append_alloted()
  • lxc_user_nic: cleanup get_alloted()
  • string_utils: move to lxc-copy() sources
  • string_utils: ensure that errno is set on return
  • string_utils: use restrict for lxc_safe_int64_residual()
  • confile: simplify get_network_config_ops()
  • confile: fix lxc.namespace.share.[identifier]
  • confile: complain when LXC is built without selinux support
  • confile: complain when LXC is built without AppArmor support
  • conf: fix setups where /dev is outside of LXC's control
  • log: ensure we always return negative errno
  • templates/*.in: fixed PATH handling with spaces
  • oss-fuzz: fuzz lxc_config_define_add and lxc_config_define_load
  • confile: fix a memory leak lxc_config_define_add
  • cifuzz: fuzz longer
  • macro: ensure ret_errno() always returns negative
  • log: add error_ret()
  • confile: enforce maximum subkey length
  • github: Try to fix action naming
  • confile: make lxc_get_config() and lxc_get_config_net() always return non-NULL
  • conf: simplify idmaptool_on_path_and_privileged()
  • conf: don't report success when idmaptools lack all privilege
  • attach: don't return early when calculating namespaces via pidfd
  • Revert "rexec: mark all fds as close-on-exec if possible"
  • confile: make lxc_get_config() and lxc_get_config_net() always return non-NULL
  • tests: fix a memory leak in cgpath
  • tests: fix a memory leak in lxcpath
  • Revert "confile: make lxc_get_config() and lxc_get_config_net() always return non-NULL"
  • tests: fix a memory leak in cgpath
  • tests: fix a memory leak in attach
  • lxccontainer: fix container creation error paths
  • tests: switch to the "busybox" template in lxc-test-checkpoint-restore
  • tests: stop cutting off right square brackets in share_ns
  • tests: pass on ASAN/UBSAN options to several tests
  • error_utils: add missing macro.h include
  • configure: fix sanitizer compilation
  • process_utils: free stack after return
  • commands: don't needlessly allocate
  • apparmor: turn bytes into null-terminated strings before calling strcspn
  • ci: an attempt to run the tests under ASan/UBsan
  • ci: link lib[au]san with init.lxc.static statically
  • ci: switch to lxc-exercise from the lxc-ci repository
  • ci: get around https://github.com/lxc/lxc/issues/3798
  • ci: get around https://github.com/lxc/lxc/issues/3788
  • ci: prevent lxc-exercise from running indefinitely
  • ci: get around https://github.com/lxc/lxc/issues/3796
  • ci: turn on strict_string_checks
  • ci: build with -Wall -Werror
  • Revert "ci: get around https://github.com/lxc/lxc/issues/3796"
  • tests: free the buffer filled by lxc_cmd_rsp_recv
  • ci: make use of --enable-sanitizers instead of CFLAGS
  • autoconf: add AC_LANG_SOURCE to CC_CHECK_LDFLAGS
  • build-system: stop building init.lxc.static with sanitizers
  • ci: get rid of the -static-libasan stopgap
  • autoconf: stop passing -fsanitize=address via AM_LDFLAGS
  • seccomp: init and destroy notifier.cookie
  • conf: rework lxc specific mount option parsing
  • conf: add first, trivial support for idmapped mounts
  • confile: parse idmap= mount option for rootfs
  • mount_utils: add support for mount_setattr() syscall
  • storage: keep a reference to lxc_rootfs in lxc_storage
  • mount_utils: add helper to determine whether new mount api supports bind mounts
  • conf: support idmapping directories
  • mount_utils: add two detached mount helpers
  • start: documented idmapped mounts
  • conf: verify that the rootfs can support idmapped mounts
  • attach: visually separate pids from fds during initalization
  • attach: use correct lxc_namespace_t type
  • apparmor: handle on-exec
  • conf: tweak parse_lxc_mntopts()
  • conf: don't allow idmapped lxc.mount.{entry,fstab} just yet
  • strchrnul: include header
  • conf: include strchrnul for platforms that don't support it
  • Makefile: fix strchrnul() inclusion
  • getsubopt: use correct include
  • conf: better naming
  • conf: don't overrun dest buffer in parse_lxc_mntopts()
  • dir: fix rootfs mounting
  • configure: fix function detection
  • conf: stash lxc_storage into lxc_rootfs and bind to its lifetime
  • conf: move all mount options into struct lxc_mount_options
  • conf: s/lxc_rootfs_prepare/lxc_rootfs_init/g
  • conf: improve idmapped mounts support
  • build-system: add --enable-fuzzers
  • ci: switch to --enable-fuzzers
  • log: create log files in "fuzzing" mode if it's called outside fuzz targets
  • tests: run the fuzzers along with the other tests
  • build-system: turn off lto=thin when building the fuzzers
  • dir: use mnt_opts->data instead of mntdata
  • storage/dir: bdev->dest can't be empty
  • storage/dir: use clear error messages
  • storage/dir: retrieve proper source path later
  • storage/dir: use "source" and "target" as terms
  • storage/dir: source can't be empty
  • storage/dir: remove error handling down
  • storage/dir: cleanup mount code
  • api-extensions: add entry for idmapped_mounts
  • storage: fix dup_cloexec() call
  • cgroups: fix fallback attach codepath
  • oss-fuzz: always turn off logging on OSS-Fuzz
  • conf: fix console chmod error log messages
  • github: Run apt-get update in sanitizer test
  • github: remove the dh-* packages
  • github: also pass the j option to make
  • string_utils: get around GCC-11 false positives
  • confile: make per_name struct static
  • commands: log at debug not info level when receiving file descriptors
  • syscalls: wrap personality syscall if undefined
  • tree-wide: make personality codepaths unconditional
  • conf: tweak setup_personality()
  • conf: rework lxc_config_parse_arch()
  • attach_options: unbreak header
  • conf: add personality_t
  • attach: introduce explicit personality macro

Support and upgrade

The LXC 4.0 branch is supported until June 2025. Only bugfixes and securitiy issues get included into the stable bugfix releases, so it's always safe and recommended to keep up and run the latest bugfix release.

Downloads

LXC 4.0.6 LTS has been released

12th of January 2021

Introduction

The LXC team is pleased to announce the release of LXC 4.0.6!

This is the sixth bugfix release for LXC 4.0 which is supported until June 2025.

Bugfixes

As usual this bugfix releases focus on stability and hardening. Some of the highlights for this release are:

  • Improve handling for compatibility architectures for seccomp
  • Harden seccomp notifier implementation
  • Rework parsing of /proc/<pid>/mountinfo to handle kernel regression https://bugzilla.kernel.org/show_bug.cgi?id=209971
  • Improve network device restoration
  • Significantly cleanup and harden config file parsing
  • Support new capabilities CAP_PERFORM, CAP_BPF, and CAP_CHECKPOINT_RESTORE
  • Harden containers started without CAP_NET_ADMIN

The full list of commits is available below:

  • Update Japanese pam_cgfs(8) to reflect lack of support for pure cgroupv2
  • seccomp: Fix handling of pseudo syscalls and improve logging for rule processing.
  • seccomp: Avoid duplicate processing of rules for host native arch.
  • lxccontainer: fix lxc_config_item_is_supported
  • tests: Fix compilation with appamor enabled.
  • commands: don't deref after NULL check
  • utils: don't deref after NULL check
  • conf: check snprint return value
  • utils: check snprintf return value
  • seccomp: make seccomp notifier fd non-blocking
  • seccomp: log aborted system calls
  • attach: silence stdio permission adjust warnings
  • cgfsng: adjust log level to warn instead of error
  • parse: rework config parsing routine
  • conf: switch to fd_to_fd() when copying mountinfo
  • file_utils: fix config file parsing
  • commands_utils: fix lxc-wait
  • network: fix LXC_NET_NONE cleanup
  • macro: move MAX_GRBUF_SIZE
  • macro: bump MAX_GRBUF_SIZE to 2 mb
  • tree-wide: use call_cleaner(netns_freeifaddrs)
  • confile: clean up network configuration parsing
  • confile: clean up hooks
  • added standard resolver option to the lxc-download.in shell script
  • Restore interfaces to the correct namespace on error
  • confile: cleanup set_config_personality()
  • confile: cleanup set_config_pty_max()
  • confile: cleanup set_config_start()
  • confile: cleanup set_config_monitor()
  • confile: cleanup set_config_monitor_signal_pdeath()
  • confile: cleanup set_config_group()
  • confile: cleanup set_config_environment()
  • confile: cleanup set_config_tty_max()
  • confile: cleanup set_config_apparmor_allow_incomplete()
  • confile: cleanup set_config_apparmor_allow_nesting()
  • confile: cleanup set_config_apparmor_raw()
  • confile: cleanup set_config_log_file()
  • confile: cleanup set_config_log_level()
  • confile: cleanup set_config_log_level()
  • confile: cleanup set_config_signal_halt()
  • confile: cleanup set_config_signal_reboot()
  • confile: cleanup set_config_signal_stop()
  • confile: cleanup __set_config_cgroup_controller()
  • confile: cleanup set_config_cgroup_relative()
  • confile: cleanup set_config_prlimit()
  • confile: cleanup set_config_sysctl()
  • confile: cleanup set_config_proc()
  • confile: cleanup set_config_idmaps()
  • confile: cleanup set_config_mount_fstab()
  • confile: cleanup set_config_mount_auto()
  • confile: cleanup set_config_mount()
  • confile: cleanup set_config_cap_keep()
  • confile: cleanup set_config_cap_drop()
  • confile: cleanup set_config_console_rotate()
  • confile: cleanup set_config_console_buffer_size()
  • confile: cleanup set_config_console_size()
  • confile: cleanup append_unexp_config_line()
  • confile: cleanup do_includedir()
  • confile: cleanup set_config_rootfs_path()
  • confile: cleanup set_config_rootfs_options()
  • confile: cleanup set_config_uts_name()
  • confile: cleanup set_config_namespace_clone()
  • confile: cleanup set_config_namespace_keep()
  • confile: cleanup parse_line()
  • confile: cleanup parse_new_conf_line()
  • confile: cleanup lxc_config_define_add()
  • confile: cleanup lxc_config_parse_arch()
  • confile: cleanup lxc_fill_elevated_privileges()
  • confile: cleanup write_config()
  • confile: cleanup clone_update_unexp_ovl_paths()
  • confile: cleanup clone_update_unexp_hooks()
  • confile: cleanup set_config_ephemeral()
  • confile: cleanup set_config_log_syslog()
  • confile: set_config_no_new_privs()
  • confile: cleanup __get_config_cgroup_controller()
  • confile: cleanup get_config_idmaps()
  • confile: cleanup get_config_hooks()
  • confile: cleanup get_config_seccomp_allow_nesting()
  • confile: cleanup get_config_seccomp_notify_cookie()
  • confile: cleanup get_config_seccomp_notify_proxy()
  • confile: get_config_prlimit()
  • confile: cleanup get_config_sysctl()
  • confile: cleanup get_config_proc()
  • confile: cleanup clr_config_tty_dir()
  • confile: cleanup clr_config_apparmor_profile()
  • confile: cleanup clr_config_selinux_context()
  • confile: cleanup clr_config_selinux_context_keyring()
  • confile: cleanup clr_config_cgroup_dir()
  • confile: cleanup clr_config_log_file()
  • confile: cleanup clr_config_mount_fstab()
  • confile: cleanup clr_config_rootfs_path()
  • confile: cleanup clr_config_rootfs_mount()
  • confile: cleanup clr_config_rootfs_options()
  • confile: cleanup clr_config_uts_name()
  • confile: cleanup clr_config_console_path()
  • confile: cleanup clr_config_console_logfile()
  • confile: cleanup clr_config_seccomp_allow_nesting()
  • confile: cleanup clr_config_seccomp_notify_cookie()
  • confile: cleanup clr_config_seccomp_notify_proxy()
  • confile: cleanup clr_config_seccomp_notify_proxy()
  • confile: cleanup clr_config_log_syslog()
  • confile: cleanup clr_config_execute_cmd()
  • confile: cleanup clr_config_init_cmd()
  • confile: cleanup clr_config_init_cwd()
  • confile: cleanup get_config_includefiles()
  • confile: cleanup get_network_config_ops()
  • confile: cleanup clr_config_net_nic()
  • confile: cleanup clr_config_net_type()
  • confile: cleanup clr_config_net_name()
  • confile: cleanup clr_config_net_flags()
  • confile: cleanup clr_config_net_link()
  • confile: clr_config_net_l2proxy()
  • confile: cleanup clr_config_net_macvlan_mode()
  • confile: cleanup clr_config_net_ipvlan_mode()
  • confile: cleanup clr_config_net_ipvlan_isolation()
  • confile: cleanup clr_config_net_veth_mode()
  • confile: cleanup clr_config_net_veth_pair()
  • confile: cleanup clr_config_net_script_up()
  • confile: cleanup clr_config_net_script_down()
  • confile: cleanup clr_config_net_hwaddr()
  • confile: cleanup clr_config_net_mtu()
  • confile: cleanup clr_config_net_vlan_id()
  • confile: cleanup clr_config_net_ipv4_gateway()
  • confile: cleanup clr_config_net_ipv4_address()
  • confile: cleanup clr_config_net_veth_ipv4_route()
  • confile: cleanup clr_config_net_ipv6_gateway()
  • confile: cleanup clr_config_net_ipv6_address()
  • confile: cleanup clr_config_net_veth_ipv6_route()
  • confile: cleanup get_config_net_nic()
  • confile: cleanup get_config_net_type()
  • confile: cleanup get_config_net_flags()
  • confile: cleanup get_config_net_link()
  • confile: cleanup get_config_net_l2proxy()
  • confile: cleanup get_config_net_name()
  • confile: cleanup get_config_net_macvlan_mode()
  • confile: cleanup get_config_net_ipvlan_mode()
  • confile: cleanup get_config_net_ipvlan_isolation()
  • confile: cleanup get_config_net_veth_mode()
  • confile: cleanup get_config_net_veth_pair()
  • confile: cleanup get_config_net_script_up()
  • confile: cleanup get_config_net_script_down()
  • confile: cleanup get_config_net_hwaddr()
  • confile: cleanup get_config_net_mtu()
  • confile: cleanup get_config_net_vlan_id()
  • confile: cleanup get_config_net_ipv4_gateway()
  • confile: cleanup get_config_net_ipv4_address()
  • confile: cleanup get_config_net_veth_ipv4_route()
  • confile: cleanup get_config_net_ipv6_gateway()
  • confile: cleanup get_config_net_ipv6_address()
  • confile: cleanup get_config_net_veth_ipv6_route()
  • confile: lxc_list_subkeys()
  • confile: cleanup lxc_list_net()
  • confile_utils: cleanup parse_idmaps()
  • confile_utils: cleanup lxc_network_add()
  • confile_utils: cleanup lxc_get_netdev_by_idx()
  • confile_utils: cleanup lxc_remove_nic_by_idx()
  • confile_utils: cleanup lxc_free_networks()
  • confile_utils: cleanup lxc_veth_mode
  • confile_utils: cleanup lxc_veth_mode_to_flag()
  • confile_utils: cleanup lxc_veth_flag_to_mode()
  • confile_utils: cleanup lxc_macvlan_mode
  • confile_utils: cleanup lxc_macvlan_mode_to_flag()
  • confile_utils: cleanup lxc_macvlan_flag_to_mode()
  • confile_utils: cleanup lxc_ipvlan_mode
  • confile_utils: cleanup lxc_ipvlan_mode_to_flag()
  • confile_utils: cleanup lxc_ipvlan_flag_to_mode()
  • confile_utils: cleanup lxc_ipvlan_isolation
  • confile_utils: cleanup lxc_ipvlan_isolation_to_flag()
  • confile_utils: cleanup lxc_ipvlan_flag_to_isolation()
  • confile_utils: cleanup set_config_string_item()
  • confile_utils: cleanup set_config_string_item_max()
  • confile_utils: cleanup set_config_bool_item()
  • confile_utils: cleanup network_ifname()
  • confile_utils: cleanup new_hwaddr()
  • lxc: add cleanup helpers
  • confile_utils: cleanup lxc_container_name_to_pid()
  • confile_utils: cleanup lxc_inherit_namespace()
  • confile_utils: cleanup sig_num()
  • confile_utils: cleanup rt_sig_num()
  • confile_utils: cleanup sig_parse()
  • cmd/lxc_init: ignore return value
  • lxclock: logically dead code
  • lxclock: cleanup lxc_newlock()
  • lxclock: cleanup lxclock_name()
  • lxclock: cleanup lxclock()
  • lxclock: cleanup lxcunlock()
  • lxclock: cleanup lxc_putlock()
  • lxclock: cleanup dump_stacktrace()
  • lxclock: cleanup lxclock_name()
  • utils: cleanup get_rundir()
  • storage/lvm: cleanup do_lvm_create()
  • network: use empty initializer
  • storage/btrfs: add missing return
  • cgroups/cgfsng: remove logically dead code
  • utils: fix unchecked return value
  • conf: fix unchecked return value
  • confile: cleanup set_config_net_l2proxy()
  • confile_utils: cleanup strprint()
  • criu: cleanup load_tty_major_minor()
  • unmounted proc/sys/net if dropping CAP_NET_ADMIN Signed-off-by: Henry Zhang henryzhang99@gmail.com
  • conf: fix block-device based rootfs mounting
  • confile: cleanup set_config_hooks()
  • confile: don't accidently alter lxc.cgroup.dir
  • utils: allow cross-device resolution
  • cgroup2: move bpf device cgroup program to struct cgroup_ops
  • macro: use ascending order for capabilities
  • conf: define missing capabilities
  • conf: add new capabilities CAP_{BLOCK_SUSPEND,PERFMON,BPF,CAP_CHECKPOINT_RESTORE}
  • macro: define all capabilities
  • conf: add lxc_wants_cap() helper
  • conf: fix CAP_NET_ADMIN-based mount handling
  • Changed Version from 2.. to 4..
  • make lxc-net hermetic w.r.t. existing dnsmasq config

Support and upgrade

The LXC 4.0 branch is supported until June 2025. Only bugfixes and securitiy issues get included into the stable bugfix releases, so it's always safe and recommended to keep up and run the latest bugfix release.

Downloads

LXC 4.0.5 LTS has been released

22nd of October 2020

Introduction

The LXC team is pleased to announce the release of LXC 4.0.5!

This is the fifth bugfix release for LXC 4.0 which is supported until June 2025.

Bugfixes

Some of the highlights for this release are:

  • Support allocating PTS devices from within the container
  • Harden more path/mount handling logics
  • Rework LSM logic to limit initializer use

The full list of commits is available below:

  • terminal: safely allocate pts devices from inside the container
  • macro: define TIOCGPTPEER if missing
  • conf: use openat() instead of open_tree()
  • seccomp: don't close the mainloop, simply remove the handler
  • seccomp: add seccomp_notify_fd_active api extension
  • seccomp: send notify fd as part of the message
  • api-extension: add missing seccomp_proxy_send_notify_fd extension
  • Revert "templates/lxc-download.in: use GPG option --receive-keys instead of --recv-keys"
  • lxc-download: Fix retry loop
  • syscalls: add openat2()
  • utils: add safe_mount_beneath() based on openat2()
  • conf: switch mount_autodev() to new safe_mount_beneath() helper
  • cgfsng: use safe_mount_beneath()
  • utils: introduce safe_mount_beneath_at()
  • conf: stash file descriptor to root mountpoint in struct lxc_rootfs
  • conf: make use of stashed container mountpoint fd in mount_autodev()
  • file_utils: add exists_dir_at()
  • conf: harden lxc_fill_autodev() via save_mount_beneath_at()
  • conf: move /dev setup to be file descriptor based
  • terminal: harden terminal allocation
  • lsm: rework lsm handling
  • lsm: use atomic in ase we're used multi-threaded
  • lsm: remove the need for atomic operations
  • Updated documentation to reflect lack of support for pure cgroupv2
  • cgfsng: fix cgroup attach cgroup creation
  • remove deprecated options in lxc.service fixes #3527
  • Check only rootfs as filesystem type
  • cgroups: fix armhf builds
  • remove useless parameters
  • avoid a NULL pointer dereference in lxc-attach
  • terminal: introduce lxc_terminal_signal_sigmask_safe_blocked()
  • attach: use lxc_terminal_signal_sigmask_safe_blocked()
  • commands: don't fail if unfreeze fails
  • lxc-usernsexec: setgroups() similar to other places shouldn't fail on EPERM
  • Remove obsolete setting regarding the Standard Output
  • seccomp: Check if syscall is supported on compat architecture.
  • seccomp: log invalid seccomp notify ids
  • seccomp: improve default notification sending
  • seccomp: fix compilation on powerpc
  • sync: switch to new error helpers
  • sync: log synchronization states
  • start: improve devpts fd sending
  • conf: always send response to parent waiting for devptfs_fd
  • conf: account for early return when sending devpts fd

Support and upgrade

The LXC 4.0 branch is supported until June 2025. Only bugfixes and securitiy issues get included into the stable bugfix releases, so it's always safe and recommended to keep up and run the latest bugfix release.

Downloads

LXC 4.0.4 LTS has been released

4th of August 2020

Introduction

The LXC team is pleased to announce the release of LXC 4.0.4!

This is the fourth bugfix release for LXC 4.0 which is supported until June 2025.

Bugfixes

Some of the highlights for this release are:

  • Support for new Linux clone flags (clone into cgroup)
  • Support for new Linux VFS system calls
  • Internal symbols are now properly hidden from external consumers

The full list of commits is available below:

  • get the right path in get_cgroup command
  • lxc: support CLONE_INTO_CGROUP
  • start: initialize cgroup_fd
  • start: use __aligned_u64
  • attach: set no_new_privs flag after LSM label
  • templates/lxc-download.in: fix wrong if condition (use the result of the gpg command, not the result when executing the result of the gpg command)
  • templates/lxc-download.in: make shellcheck happy
  • templates/lxc-download.in: use GPG option --receive-keys instead of --recv-keys
  • cgroups: update terminology
  • cgroups: update terminology II
  • seccomp: support allowlist/denylist in profiles
  • cgroups: use empty {} to initialize struct
  • cgroup2_devices: fix access rule parsing
  • api-extensions: add seccomp_allow_deny_syntax extension
  • cgroups: fix bpf device program generation
  • cgroups: handle empty bpf log buffer
  • tree-wide: s/ptmx/ptx/g
  • tree-wide: s/pts/pty/g
  • openpty: fix faulty rename
  • openpty: improve implementation and handling of platforms without it
  • checkconfig: Show LXC version in output.
  • autotools: include COPYING file
  • Improve efficiency of lxc_ifname_alnum_case_sensitive
  • network: remove unused variable
  • compiler: add and use __hidden visbility
  • string_utils: make all helpers hidden
  • af_unix: hide unnecessary symbols
  • attach: hide unnecessary symbols
  • caps: hide unnecessary symbols
  • commands: hide unnecessary symbols
  • commands_utils: hide unnecessary symbols
  • conf: hide unnecessary symbols
  • Makefile.am: Fix typo
  • start: check correct flags when receiving network devices
  • lxc-ls: bugfixes
  • confile: hide unnecessary symbols
  • confile_utils: hide unnecessary symbols
  • criu: hide unnecessary symbols
  • error: hide unnecessary symbols
  • file_utils: hide unnecessary symbols
  • initutils: hide unnecessary symbols
  • log: hide unnecessary symbols
  • lxclock: hide unnecessary symbols
  • lxcseccomp: hide unnecessary symbols
  • mainloop: hide unnecessary symbols
  • monitor: hide unnecessary symbols
  • namespace: hide unnecessary symbols
  • network: hide unnecessary symbols
  • parse: hide unnecessary symbols
  • process_utils: hide unnecessary symbols
  • rexec: hide unnecessary symbols
  • ringbuf: hide unnecessary symbols
  • start: hide unnecessary symbols
  • state: hide unnecessary symbols
  • sync: hide unnecessary symbols
  • terminal: hide unnecessary symbols
  • utils: hide unnecessary symbols
  • uuid: hide unnecessary symbols
  • cgroups: hide unnecessary symbols
  • lsm: hide unnecessary symbols
  • arguments: hide unnecessary symbols
  • storage: hide unnecessary symbols
  • tree-wide: hide further unnecessary symbols
  • start: simplify gotos
  • apparmor: Allow ro remount of boot_id
  • syscalls: add fsopen()
  • syscalls: add fspick()
  • syscalls: add fsconfig()
  • syscalls: add fsmount()
  • mount_utils: add mount utils
  • mount_utils: add mount_filesystem() helper
  • attach: use new mount api
  • log: don't break logging by hiding symbols
  • Makefile: fix Makefile
  • selinux: remove security_context_t usage as it's deprecated
  • seccomp: remove seccomp fd from event loop after task exited
  • seccomp: add missing header
  • syscall: don't fail if __NR_signalfd is not defined
  • conf: ensure that the idmap pointer itself is freed

Support and upgrade

The LXC 4.0 branch is supported until June 2025. Only bugfixes and securitiy issues get included into the stable bugfix releases, so it's always safe and recommended to keep up and run the latest bugfix release.

Downloads

LXC 4.0.3 LTS has been released

29th of June 2020

Introduction

The LXC team is pleased to announce the release of LXC 4.0.3!

This is the third bugfix release for LXC 4.0 which is supported until June 2025.

Bugfixes

Some of the highlights for this release are:

  • Improvement to cgroupv1/cgroupv2 handling
  • Various improvements and tests for lxc-usernsexec

The full list of commits is available below:

  • apparmor: Allow boot_id
  • src/lxc/network: Fixes netlink attribute type 1 has an invalid length message
  • cgroups: ignore cgroup2 limits on non-cgroup2 layouts
  • common.conf: add cgroup2 default device limits
  • cgroups: premount cgroups on cgroup2-only systems
  • conf: introduce userns_exec_mapped_root()
  • conf: support console setup on containers without rootfs
  • terminal: remove unneeded if condition
  • gcc: add -Warray-bounds, -Wrestrict, -Wreturn-local-addr, -Wstringop-overflow
  • compiler: support new access attributes
  • tree-wide: this is all rather TODO than FIXME
  • yum: remove unused module
  • tools/lxc-ls: shutup lgtm
  • tools/lxc-ls: shut up lgtm more
  • confile: fix order independence of network keys
  • lxccontainer: small cleanup to lxc_check_inherited() calls
  • start: remove unused lxc_zero_handler()
  • lxccontainer: use close_prot_errno_disarm() on state_socket_pair
  • start: fix container reboot
  • start: cleanup file descriptor inheritance
  • log: cleanup syslog handling
  • console: only create detached mount when a console is requested
  • syscall_numbers: handle ia64 syscall numbers correctly
  • syscall_numbers: add clone3()
  • process_utils: introduce new process_utils.{c,h}
  • process_utils: add clone3() support
  • mainloop: add lxc_mainloop_add_handler_events
  • cgfsng: deduplicate freeze code
  • cgfsng: use EPOLLPRI when polling cgroup.events
  • process_utils: make lxc use clone3() whenever possible
  • network: restore old behavior
  • network: fix {mac,ip,v}lan device creation
  • bionic: s/lxc_raw_execveat()/execveat()/g
  • network: use __instantiate_ns_common() in instantiate_ns_phys() too
  • lxc-usernsexec: dumb down from error to warning message
  • lxc-usernsexec: don't fail on setgroups()
  • travis: Restrict coverity to gcc on bionic on amd64
  • introduce lxc.cgroup.dir.{monitor,container,container.inner}
  • cgroups: remove unused variable
  • cgroup isolation: handle devices cgroup early
  • improve LXC_CMD_GET_CGROUP compatibility
  • cgroups: be less alarming when creating cgroups
  • commands: make limiting cgroup callbacks unreachable
  • api_extensions: add "pidfd"
  • Add test of lxc-usernsexec
  • lxc-test-usernsexec: If user is root, then create and use non-root user.
  • .gitignore: Ignores COPYING file created by make
  • macro: Adds UINT_TO_PTR and PTR_TO_USHORT helpers
  • network: Adds check for bridge link interface existence in instantiate_veth
  • network: Updates netlink_open handling in lxc_ipvlan_create
  • network: Removes unused ip_proxy_args
  • cgroups: initialize lxc.pivot cpuset
  • conf: remove faulty flags
  • conf: always use target_fd in userns_exec_mapped_root()
  • conf: add some more logging to userns_exec_mapped_root()
  • conf: kill old chown_mapped_root()
  • lxccontainer: remove pointless string duplication
  • containertests: fix null pointer defereference
  • tree-wide: use "ptmx" and "pts" as terminal terms
  • tree-wide: wipe references to questionable apis from our public logs
  • tree-wide: use "primary" in networking code
  • network: Rename primary to master
  • openpty: adapt variable naming
  • CODING_STYLE: adapt code example
  • doc: update terminology
  • test: update terminology
  • lxccontainer: fix non-blocking container stop
  • lxc-net: Set broadcast
  • commands: don't flood logs

Support and upgrade

The LXC 4.0 branch is supported until June 2025. Only bugfixes and securitiy issues get included into the stable bugfix releases, so it's always safe and recommended to keep up and run the latest bugfix release.

Downloads

LXC 4.0.2 LTS has been released

16th of April 2020

Introduction

The LXC team is pleased to announce the release of LXC 4.0.2!

This is the second bugfix release for LXC 4.0 which is supported until June 2025.

Bugfixes

This release fixes a number of issues that were reported shortly following the original 4.0.0 and 4.0.1 releases. Some of the highlights include:

  • RISC-V 64bit support
  • Better group handling in lxc-user-nic
  • Seccomp syscall interception fix for newer kernels
  • CGroup v1 limits are now automatically skipped on v2 systems
  • Fix a variety of issues identified by the Coverity Scan service

The full list of commits is available below:

  • start: ensure all file descriptors are closed during exec
  • syscall_numbers: handle riscv
  • lxc_user_nic: simplify group retrieval
  • lxc_user_nic: continue when we failed to find a group
  • cgroups: whitespace fixes
  • seccomp: newer kernels require the buffer to be zeroed
  • network: Make it possible to set the mode of IPVLAN to L2
  • src/lxc/network: ipvlan comment and code style tweak
  • conf: tweak get_minimal_idmap()
  • conf: use macros all around in lxc_map_ids()
  • conf: move_ptr() in all cases in mapped_hostid_add()
  • lxc-update-config: Fix bad handling of lxc.logfile
  • tests/no-new-privs: Don't mess with /etc/lxc
  • cgroups: ignore legacy limits on pure cgroup2 systems
  • Fix lxc-oci template with loop backingstore
  • cgroup: fix wrong use of cgfd_con in cgroup_exit
  • travis: add back coverity
  • memory_utils: directly NULL ptr in free_disarm()
  • conf: fix tty cleanup
  • cgroups: do not pass NULL pointer
  • uuid: close fd
  • cgroups: fix cgroup2 devices
  • rexec: avoid double-close
  • cgroups: use correct NULL pointer check
  • conf: don't double free in get_minimal_idmap()
  • criu: make explicit that we're ignoring rmdir() return value
  • zfs: fix resource leak
  • commands: add additional check to lxc_cmd_sock_get_state()
  • network: log warning on network deconfiguration failures
  • log: restore non-local value
  • attach: move check for valid config earlier
  • rexec: free argv array on failure
  • conf: correctly cleanup memory in get_minimal_idmap()
  • log: set GNU_SOURCE as it might help coverity along
  • travis: coverity gets confused about the %m printf extension in glibc
  • cgroups: fix cgroup limit braino
  • configure: fix coverity builds

Support and upgrade

The LXC 4.0 branch is supported until June 2025. Only bugfixes and securitiy issues get included into the stable bugfix releases, so it's always safe and recommended to keep up and run the latest bugfix release.

Downloads

LXC 4.0.1 LTS has been released

6th of April 2020

Introduction

The LXC team is pleased to announce the release of LXC 4.0.1!

This is the first bugfix release for LXC 4.0 which is supported until June 2025.

Bugfixes

This release fixes a number of issues that were reported shortly following the original 4.0.0 release. Some of the highlights include:

  • Tweak systemd ordering (start after remote-fs.target)
  • Fix various issues around attach and cgroups
  • Fix shutdown timeout not working on pidfd systems
  • Fix cgroup issue on 4.9 kernel
  • Fix write issues in /dev/stdout

The full list of commits is available below:

  • lxc_init: move main() down
  • lxc_init: add missing O_CLOEXEC
  • [lxc.service] Starts after remote-fs.target to allow containers relying on remote FS to work
  • tree-wide: harden mount option parsing
  • dir: use cleanup macro in dir_mount()
  • dir: improve dir backend
  • cgroups: fix attaching to the unified cgroup
  • conf: rework and fix leak in userns_exec_1()
  • commands: log actual errno when lxc_cmd_get_cgroup2_fd() fails
  • cgroups: move pointer dereference after check
  • cgroups: rework __cg_unified_attach()
  • attach: use close_prot_errno_disarm()
  • cgroups: remove unused variable
  • cgroups: fix unified cgroup attach
  • fixup i/o handler return values
  • Revert "cgroups: fix unified cgroup attach"
  • conf: introduce and use userns_exec_minimal()
  • conf: simplify userns_exec_minimal()
  • cgroups: use hidden directory for attaching cgroup
  • cgroups: please compilers
  • monitor process exited by signal SIGKILL, clean cgroup resource by third party
  • cgroups: move check for valid monitor process up
  • cgroups: better helper naming
  • tree-wide: s/recursive_destroy/lxc_rm_rf/g
  • verify cgroup controller name
  • cgroups: handle older kernels (e.g. v4.9)
  • start: log error when failing to create cgroup
  • cgroups: send two attach fds
  • cgroups: send two fds to attach to unified cgroup
  • start: remove unnecessary check for valid cgroup_ops
  • init: add ExecReload to lxc.service to only reload profiles
  • apparmor: generate ro,bind,remount rule list
  • autotools: don't install run-coccinelle.sh
  • systemd: Add Documentation key
  • fix non-root user cannot write /dev/stdout
  • cgroups: fix "uninitialized transient_len" warning
  • utils: rework fix_stdio_permissions()
  • utils: use setres{u,g}id() in lxc_switch_uid_gid()
  • cgroups: fix build warning on GCC 7
  • lxccontainer: poll takes millisecond not seconds
  • Revert "start: remove unnecessary check for valid cgroup_ops"

Support and upgrade

The LXC 4.0 branch is supported until June 2025. Only bugfixes and securitiy issues get included into the stable bugfix releases, so it's always safe and recommended to keep up and run the latest bugfix release.

Downloads

LXC 4.0 LTS has been released

25th of March 2020

Introduction

The LXC team is pleased to announce the release of LXC 4.0.0!

This is the result of two years of work since the LXC 3.0.0 release and is the third LTS release for the LXC project. This release will be supported until June 2025.

Major changes

cgroups: Full cgroup2 support

LXC 4.0 now fully supports the unified cgroup hierarchy. For this to work the whole cgroup driver had to be rewritten. A consequence of this work is that the cgroup layout for LXC containers had to be changed. Older versions of LXC used the layout:

/sys/fs/cgroup/<controller>/<container-name>/

For example, in the legacy cgroup hierarchy the cpuset hierarchy would place the container 's init process into

/sys/fs/cgroup/cpuset/c1/

The supervising monitor process would stay in

/sys/fs/cgroup/cpuset/

LXC 4.0 uses the layout:

/sys/fs/cgroup/<controller>/lxc.payload.<container-name>/

For the cpuset controller in the legacy cgroup hierarchy for the container f2 the cgroup would be:

/sys/fs/cgroup/cpuset/lxc.payload.f2/

The monitor process now moves into a separate cgroup as well:

/sys/fs/cgroup/<controller>/lxc.monitor.<container-name>/

For our example this would be:

/sys/fs/cgroup/cpuset/lxc.monitor.f2/

The monitor's and the container's cgroup will be placed on the same level in the corresponding cgroup hierarchy. These changes apply to the legacy and the unified hierarchy alike and are not arbitrary. The new, unified cgroup hierarchy imposes specific restrictions where and how a process can be migrated in the cgroup hierarchy. The most important restriction is the leaf-node restriction. This means that only leaf nodes can contain live processes, i.e. if you have the following cgroup tree

/sys/fs/cgroup/a/f2-monitor/f2-container/

then only f2-container can contain live processes whereas non-leaf nodes a and f2-monitor do not. This has the consequence that the old cgroup layout LXC used where the monitor process would have lived in f2-monitor and the container's init process would have lived in f2-container is not possible anymore. The kernel disallows this layout. Instead, the monitor process and the container's init process need to be moved into two leaf-node cgroups on the same level in the cgroup hierarchy. This would mean for a container f2 the layout will be:

/sys/fs/cgroup/lxc.monitor.f2/

and

/sys/fs/cgroup/lxc.payload.f2/

The restrictions enforced by the unified cgroup hierarchy also mean, that in order to start fully unprivileged containers cooperation is needed on distributions that make use of an init system which manages cgroups. This applies to all distributions that use systemd as their init system. When a container is started from the shell via lxc-start or other means one either needs to be root to allow LXC to escape to the root cgroup or the init system needs to be instructed to delegate an empty cgroup. In such scenarios it is wise to set the configuration key lxc.cgroup.relative to 1 to prevent LXC from escaping to the root cgroup.

cgroups: Freezer support in CGroup2

As part of the cgroup2 support work for LXC 4.0 we also added support for cgroup2's implementation of the freezer controller which allows to poll until the cgroup is frozen or unfrozen making freezing and unfreezing container's way more reliable than before.

cgroups: eBPF device controller support in CGroup2

LXC 4.0 can now make proper use of the cgroup2 device controller. It will automatically create, load, and attach a eBPF program to the container's cgroup and supports dynamic additional and removal of rules. The configuration format is the same as for the legacy cgroup controller. Only the lxc.cgroup2.devices. prefix instead of the legacy lxc.cgroup.devices prefix needs to be used. LXC continues to support both black- and whitelists.

AppArmor: Deny access to /proc/acpi/**

The default AppArmor profile now denies access to /proc/acpi/ improving safety.

config: Add lxc.autodev.tmpfs.size configuration key

LXC supports creating a useable minimal /dev directory for the container by setting lxc.autodev = 1 in the container's config file. To do this LXC sets up a tmpfs mount on /dev. This tmpfs mount could not be restricted in prior releases. Now it is possible to set a limit on the size of the tmpfs mount by setting lxc.autodev.tmpfs.size to the number of bytes that the tmpfs should be restricted to use.

config: Add lxc.selinux.context.keyring key

This allows to specify the selinux context to be used for the keyring the container uses.

config: Add lxc.keyring.session

Setting this to 1 (default) will cause LXC to create a new session keyring.

file utils: Add fopen_cached() and fdopen_cached

These helpers first read a whole file and then make it available as a stream to be read via regular file-based libc apis. This makes LXC's handling of various files more robust where the underlying file can change while it is read.

api: Add new init_pidfd() member

LXC 4.0 fully supports the new pidfd kernel api the LXC team has merged in the upstream Linux kernel. The pidfd of the container's init process can be requested via c->init_pidfd(c).

memory utils: Add new cleanup api

LXC 4.0 expands the usage of the compiler's cleanup attribute by introducing new internal apis to define and call cleanup macros for complex resource allocations. We have had extremely positive results decreasing bugs around file descriptor and memory leaks significantly by switching to this new way of cleaning up resources.

lxc-usernsexec: Make it easy to map own uid

The lxc-usernsexec binary now finds a default mapping as specified in /etc/subuid and /etc/subgid and writes it via newuidmap and newgidmap.

seccomp: Add s390 support

LXC 4.0's seccomp implementation now supports s390 as architecture.

syscalls: Improve manual syscall implementations

Whenever a given syscall is not supported or exposed by the underlying C library of the system LXC will define syscall stubs for important syscalls or new features it deems extremely valuable. This used to be done by checking for __NR_<syscall-name> being defined. But __NR_<syscall-name> being defined depended on the correct headers for the currently running kernel LXC was compiled on being installed and would be problematic whenever LXC was compiled on a system running an older kernel but used or deployed on systems that use a new kernel. In such scenarios LXC could not make use of new kernel features even though it should. We now introduce definitions for __NR_<syscall-name> whenever the system does not define it already and it is an architecture we support (which is basically any architecture). This way we better handle kernel <-> header version mismatches and compilation <-> deployment kernel mismatches.

network: Improved network device creation and removal

We have reworked how network devices are created, tracked, moved between network namespaces, and are removed making low-level network management way more reliable.

network: Allow moving wireless devices

LXC allowed to move wireless network devices (nl80211) into containers. This was broken for a while. With 4.0 the ability to move wireless network devices is restored and improved.

Complete changelog

Here is a complete list of all changes in this release:

  • cgroups: fix attaching to the unified cgroup
  • dir: improve dir backend
  • dir: use cleanup macro in dir_mount()
  • tree-wide: harden mount option parsing
  • lxc_init: add missing O_CLOEXEC
  • lxc_init: move main() down
  • configure.ac: Reset devel flag post-release
  • make dist: add missing files
  • lxc-download: Pre-release bump of compat
  • conf: fix read-only bind mounts
  • utils: allow removal of immutable files
  • lxc-local: remove -l/--list from help
  • lvm: don't generate uuid for ext4 snapshots
  • lxc-update-config: handle lxc.rootfs.backend correctly
  • lxc_copy: only overmount overlay subdirectory with tmpfs
  • overlay: rewrite and simplify
  • lxc-user-nic: enable uid-marked veth devices for uids with 5 digits
  • network: introduce lxc_ifname_alnum_case_sensitive()
  • log: fix cmd logging
  • cgroups: simplify
  • ringbuf: fix cleanup operations
  • mainloop: cleanup
  • log: add missing variable and fix CMD_SYSINFO()
  • log: cleanup
  • log: add missing \
  • start: move reading seccomp profile after pre-start hook
  • lxc_user_nic: rework device creation
  • nl: improve how we surface errors
  • network: use cleanup macros
  • network: use cleanup attributes
  • network: cleanup galore
  • network: use is_empty_string() everywhere
  • network: fix ovs removal
  • log: use global variable to catch statements in loggers
  • cgroups: don't call statements from loggers
  • conf: flatten logic in mount_entry()
  • conf: don't accidently double-mount
  • network: fix moving network devices with custom name
  • network: introduce and use is_empty_string()
  • Makefile: fix typo
  • lxc-unshare: add syscall_wrappers.h to build requirements
  • tree-wide: introduce and use syscall number header
  • raw_syscalls: define __NR_pidfd_send_signal if missing
  • tools: fix -g -u parameters for lxc-execute and lxc-attach
  • ISSUE_TEMPLATE: fix -l -o order
  • lxc_user_nic: don't depend on MAP_FIXED
  • busybox: Mark mqueue optional
  • Auto-create /dev/shm and /dev/mqueue
  • busybox: Fix bad lxc.mount.entry
  • doc: Fix grammar
  • Trigger the mounting of shm file system
  • tree-wide: s/lxc_fini()/lxc_end()/g
  • tree-wide: remove "name" argument from lxc_{fini,abort}()
  • {_}lxc_start: remove "name" argument
  • start: add missing TRACE() call
  • start: better goto target naming in __lxc_start()
  • start: rework cleanup code in __lxc_start()
  • start: simplify lxc_init()
  • conf: don't wrap strings
  • tree-wide: remove last -1 fd initialization with cleanup macros in favor of -EBADF
  • tree-wide: s/__do_close_prot_errno/__do_close/g
  • memory_utils: adapt to new infrastructure
  • tree-wide: port cgroup cleanup to call_cleaner(cgroup_exit)
  • caps: port to call_cleaner() based cleanup
  • memory_utils: add call_cleaner() helper
  • travis: enable all architectures
  • travis: remove libgnutls-dev
  • utils: cleanup
  • file_utils: cleanup macros and improvements
  • api-extensions: use correct headings
  • api-extensions: document "network_veth_router" api extension
  • api-extensions: reflow "seccomp_allow_nesting" api extension
  • api-extensions: reflow "seccomp_notify" api extension
  • api-extensions: reflow "cgroup2_devices" extensions
  • api-extensions: reflow "cgroup2" api extension
  • api-extensions: add "pidfd" api extension
  • lxccontainer: switch to pidfd polling when shutting down containers
  • lxccontainer: switch to pidfds whenever possible
  • start: add ability to detect whether kernel supports pidfds
  • lxccontainer: add init_pidfd() API extension
  • commands: LXC_CMD_GET_INIT_PIDFD
  • lxccontainer.h: document seccomp_notify_fd()
  • commands: use LXC_CMD_REAP_CLIENT_FD in lxc_cmd_get_cgroup2_fd_callback()
  • commands: add ability to audit fd connection and cleanup path
  • doc: Fix typo
  • doc: Add keyring options to Japanese lxc.containers.conf(5)
  • commands: simplify lxc_cmd_fd_cleanup()
  • commands_utils: fix command socket hashing
  • af_unix: fix return value
  • start: cleanup file descriptor closing
  • commands: make sure to always close the client fd
  • commands: improve state client cleanup
  • commands: switch to pid_t to send around pid
  • share_ns: improve error handling
  • share_ns: improve error handling
  • file_utils: handle libcs without fmemopen()
  • cgroups: cleanup
  • cgfsng: use __do_free_string_list all over
  • file_utils: include stdio.h for fmemopen()
  • tests/share_ns: always call pthread_exit()
  • memory_utils: remove unneeded inclusion of mntent.h
  • cgroups: fix memory leak and simplify code
  • tests/share_ns: bugfixes
  • conf: cleanup
  • commands_utils: cleanup
  • commands: cleanup
  • tree-wide: more cleanup macros
  • lxccontainer: increase cleanup macro usage
  • autotools: fix lxc-init build with clang-10
  • tree-wide: improve logging
  • tree-wide: make files cloexec whenever possible
  • attach: cleanup various helpers
  • attach: use logging helpers when handling no new privileges
  • attach: use cleanup macros and logging helpers when fetching seccomp
  • attach: use LXC_INVALID_{G,U}ID macros
  • attach: use cleanup macros in lxc_attach_getpwshell()
  • attach: fix fd leak
  • attach: cleanup
  • cgroup2_devices: fix logic error
  • commands: remove unused variables
  • commands_utils: fix socket leak when adding state client
  • commands_utils: indicate taking ownership of state_client_fd in
  • lxc_add_state_client()
  • commands_utils: fix socket leak in when adding state client
  • af_unix: cleanup
  • network: Uses netlink for IP neighbour proxy management
  • utils: only move_fd() when fdopen() has been successful
  • api-extensions: document cgroup2_devices and cgroup2 api extensions
  • src/lxc/raw_syscalls.c: fix sparc assembly
  • cgroups: honor lxc.cgroup.pattern if set explicitly II
  • cgroups: honor lxc.cgroup.pattern if set explicitly
  • cgroups: remove unused method and cleanup cgroup_exit()
  • tree-wide: improve setgroups() dropping
  • lxclock: fix a small memory leak
  • container.conf: Document that order is important in config_jump_table
  • container.conf: Fix option ordering in config_jump_table
  • Currently lxc.selinux.context.keyring is placed after
  • container.conf: Fix off by 2 in option parsing
  • doc: Add doc for keyring options
  • container.conf: Add option to disable session keyring creation
  • container.conf: Add option to set keyring SELinux context
  • cgroups: fix default cgroup pattern
  • start: fix container killing logic
  • network: Restore fixed MTU functionality
  • test: increase timeout for api reboot tests
  • cgroup.c: fix memory leak at cgroup init failed
  • network: rework network device creation
  • network: fix network device removal
  • tests: log api reboot test failures
  • network: fix typ and formatting in comment
  • network: improve veth device creation
  • start: handle kernel header and kernel incompatability
  • tests: timeout after 60 seconds
  • mainloop: add missing \n
  • Suppress useless udhcpc directory
  • start: remove procfs pidfd support
  • create_run_template(): Double "will mount" in a comment
  • cmd: fix shebang
  • travis: enable -fsanitize=undefined
  • fd: only add valid fd to mainloop
  • seccomp: support s390 seccomp
  • api_extensions: advertise cgroup2 support
  • cgroups/cgfsng: do not prematurely close file descriptors
  • cgroups/cgfsng: improve cgroup creation and removal
  • cgroups/cgfsng: rework cgroup removal
  • cgroups/cgfsng: rework legacy cpuset handling
  • cgroupfs/cgfsng: pass cgroup to cg_legacy_handle_cpuset_hierarchy() as const char *
  • cgroups: use explicit unsigned type for bitfield
  • cgroups: flatten hierarchy
  • file_utils: use O_NOCTTY | O_NOFOLLOW
  • cgroups/devices: enable devpath semantics for cgroup2 device controller
  • cgroups/cgfsng: replace lxc_write_file()
  • cgroups/cgfsng: cgfsng_devices_activate()
  • cgroups/cgfsng: rework cgfsng_nrtasks()
  • cgroups/cgfsng: rework cgfsng_mount()
  • cgroups/cgfsng: rework cgfsng_chown()
  • cgroups/cgfsng: rework cgfsng_attach()
  • cgroups/cgfsng: rework cgfsng_setup_limits()
  • cgroups/cgfsng: rework cgfsng_setup_limits_legacy()
  • cgroups/cgfsng: rework cgfsng_{get,set}()
  • cgroups/cgfsng: rework cgfsng_unfreeze()
  • cgroups/cgfsng: rework cgfsng_get_hierarchies()
  • cgroups/cgfsng: rework cgfsng_num_hierarchies()
  • cgroups/cgfsng: rework cgfsng_escape()
  • cgroups/cgfsng: rework cgfsng_payload_enter()
  • cgroups/cgfsng: rework cgfsng_payload_create()
  • tree-wide: s/__unused/__lxc_unused/g
  • cgroups/cgfsng: rework cgroup attach
  • cgroups/cgfsng: don't dereference NULL-pointer
  • cgroups/cgfsng: log chown_cgroup_wrapper()
  • cgroups/cgfsng: rework cgroup2 unprivileged delegation
  • cgroups/cgfsng: rework cgfsng_{monitor,payload}_delegate_controllers()
  • cgroups/cgfsng: rework cgfsng_monitor_enter()
  • cgroups/cgfsng: rework cgfsng_monitor_create()
  • cgroups/cgfsng: rework cgfsng_monitor_destroy()
  • cgroups/cgfsng: rework cgfsng_payload_destroy()
  • log: remove unused compiler attribute
  • start: replace compiler attributes
  • log: replace compiler attributes
  • attach: replace closing helpers
  • compiler: add __unused attribute
  • {log, macro}: remove unused logging functions
  • lxccontainer: replace logging functions
  • confile_utils: replace logging functions
  • cgroups: rework return values of some functions
  • cgroups/cgroup2_devices: replace logging functions
  • cgroups/cgroup: replace logging functions
  • cgroups/cgfsng: replace logging functions
  • confile: replace logging helpers
  • network: replace logging helpers
  • commands: replace logging helpers
  • attach: s/minus_one_set_errno(/ret_set_errno(-1, /g
  • af_unix: s/minus_one_set_errno(/ret_set_errno(-1, /g
  • macro: add ret_errno()
  • log: rearrange
  • cgroup2: rework controller delegation
  • "busy" field set to -1 instead of 0
  • "busy" field set to 1 instead of 0
  • Init "busy" field to -1 as 0 is valid fd
  • config: Fix parsing of mount options
  • cgroups/devices: correctly verify bpf device useability in cgfsng_devices_activate()
  • cgroups: improve container cgroup attaching
  • lxc: switch to SPDX
  • commands: use logging return helpers
  • cgfsng: rework cgroup2 attach
  • cgroups/devices: do not log error when bpf device feature is not available
  • freezer: cleanup
  • cgroups/freezer: fix and improve cgroup2 freezer implementation
  • cgroups: add DEFAULT_MOUNTPOINT #define
  • cgroups/devices: use dedicated enums
  • cgroups/devices: introduce ebpf device cgroup global rule types
  • cgroups/devices: handle NULL
  • configure: enable -Wunused-but-set-variable
  • cgroups/cgfsng: implement cgroup2 device controller live update
  • conf: record cgroup2 devices in parsed format
  • cgroups/cgfsng: "atomically" replace bpf device programs
  • macro: remove unused macros
  • api_extension: add cgroup2_devices api extension
  • cgroups: add cgroup2 device controller support
  • cgfsng: return attach fail if container stopped
  • conf: fix memory leak for set config rootfs options
  • fix wrong order of bridge/nic in error message
  • Typo in a comment
  • tests: use /dev/loop-control instead of /dev/network_latency
  • configure.ac: fix build on toolchain without SSP
  • Update cgroup.h
  • terminal: prevent returning invalid pointer
  • terminal: make lxc_terminal_signal_fini() static
  • lxc-usernsexec: support easily mapping own uid
  • tests: add tests making sure the exit code is appropriate.
  • terminal: return NULL on error in terminal_signal_init
  • terminal: prevent memory leak for lxc_terminal_state
  • apparmor: Prevent writes to /proc/acpi/**
  • syscall_wrappers: rename internal memfd_create to memfd_create_lxc
  • lxc/tools/lxc/destroy: Restores error message on container destroy
  • Update lxc.containers.conf(5) in Japanese
  • Bad sgml/man translation
  • Add more info about lxc.start.order in Japanese man
  • Add autodev.tmpfs.size to Japanese lxc.container.conf(5)
  • lxc-destroy: send successful output messages to log info instead of error.
  • doc: Add more info about 'lxc.start.order'
  • update obsolete functions
  • Add autodev.tmpfs.size config parameter
  • start: handle setting pdeath signal in new pidns
  • start: pidfds obviously start - like any fd - at 0
  • Fix lxc-update-config in network.address
  • allow users to configure the option --enable-feature or --with-package, if an option is given run shell commands action-if-given
  • Set minimun autoconf version to 2.69 and change obsolete function AC_HELP_STRING for AS_HELP_STRING
  • doc: Add the lxc.net.[i].veth.mode option in Japanese lxc.container.conf(5)
  • doc: Add Japanese pam_cgfs(8) man page
  • doc: add man page for pam_cgfs
  • Ensures OpenSSL compatibility with older versions of EVP API.
  • utils: Copying source filename to avoid missing info.
  • cgroups: unify cgfsng_{un}freeze()
  • cgroups: initialize cgroup root directory - encore
  • cgroups: check for empty cgroups on freeze/unfreeze
  • cgroups: initialize cgroup root directory
  • [aa-profile] Deny access to /proc/acpi/**
  • lxc-attach: make sure exit status of command is returned
  • cgfsng: mount pure unified cgroup layout correctly
  • lxc-create: check absoule path for param '--dir'
  • cgroups: support cgroup2 freezer
  • attach: don't close stdout of getent
  • utils: Fix wrong integer of a function parameter.
  • try to fix search user instead of search substring
  • lxccontainer: do_lxcapi_detach_interface to support detaching wlan devices
  • cgroups: initialize cpuset properly
  • network: restore ability to move nl80211 devices
  • pidfds: don't print a scary warning on ENOSYS
  • tree-wide: initialize all auto-cleanup variables
  • suppress false-negative error in templates and nvidia hook
  • Container's specific file/directory names
  • Use file/directory names from macro.h
  • tree-wide: fix wrong copy-paste for licenses

Support and upgrade

LXC 4.0.0 will be supported until June 2025 and our current LTS release, LXC 3.0 will now switch to a slower maintenance pace, only getting critical bugfixes and security updates.

We strongly recommend all LXC users to plan an upgrade to the 4.0 branch.

Downloads

Contributors

The LXC 4.0.0 release was brought to you by a total of 30 contributors.

LXC 3.2.1 has been released

24th of July 2019

Introduction

The LXC team is pleased to announce the release of LXC 3.2.1!

Because of an issue in the 3.2.0 release process, we ended up having to roll a 3.2.1 release almost immediately, fixing an issue in the configure.ac file identifying the release as stable.

New features

seccomp: Support syscall forwarding to userspace

Newer kernels allow seccomp to forward intercepted syscalls to a dedicated file descriptor. These messages can be read, the syscall arguments inspected, and if found secure, a sufficiently privileged userspace process can perform the actions normally done by the kernel for the container. LXC introduces a new protocol to send and receive messages to another process. User can specify a unix socket address via lxc.seccomp.notify.proxy in the format unix:<path> to which LXC will forward the intercepted syscalls and will wait for an appropriate response. User can set a cookie via lxc.seccomp.notify.cookie that LXC will send back to process that reads forwarded syscalls. This will e.g. allow the listening process to identify which container sent a message. With this feature LXD e.g. supports device node creation via the mknod() and mknodat() system calls that are usually forbidden in containers for a well-defined set of secure devices.

Add lxc.seccomp.allow_nesting configuration key

This release adds the lxc.seccomp.allow_nesting api extension. If lxc.seccomp.allow_nesting is set to 1 then seccomp profiles will be stacked. This way nested containers can load their own seccomp policy on top of the policy that the outer container might have applied.

Networking: Add IPVLAN support

LXC has gained support for IPVLAN. Here is an example how to setup the network:

lxc.net[i].type=ipvlan
lxc.net[i].ipvlan.mode=[l3|l3s|l2] (defaults to l3)
lxc.net[i].ipvlan.flags=[bridge|private|vepa] (defaults to bridge)
lxc.net[i].link=eth0
lxc.net[i].flags=up

Networking: Add layer 2 (ARP/NDP) proxy mode

LXC now supports layer 2 ARP/NDP proxy mode. This can be enabled by using:

lxc.net.[i].l2proxy = [0,1] (defaults to 0)

Networking: Add gateway device route mode

LXC now supports specifying lxc.net.[i].ipv4.gateway and/or lxc.net.[i].ipv6.gateway with a value of dev. This will cause LXC to set a device route as default gateway.

Networking: Add support for static routes

This release introudces two new configuration keys

lxc.net.[i].veth.ipv4.route
lxc.net.[i].veth.ipv6.route

which allow users to set static routes on a veth type interfaces.

Networking: Add router veth mode

LXC has gained a new router mode for veth networking. This "router" mode will configure the host machine as a router for the container by adding static routes for the container's IPs on the host pointing to the container's host-side veth interface. It will also add static IP proxy entries of either the host's link interface IP or a statically set IP on the host-side veth interface to provide the container a gateway to the host.

Here is an example how to setup the network:

lxc.net.0.type = veth
lxc.net.0.veth.mode = router
lxc.net.0.link = eth0
lxc.net.0.flags = up
lxc.net.0.ipv4.address = 192.168.1.x/32
lxc.net.0.ipv6.address = 2a02:xxx:xxx:1::x/128
lxc.net.0.ipv4.gateway = auto
lxc.net.0.ipv6.gateway = auto
lxc.net.0.link = host-eth0
lxc.net.0.l2proxy = 1

This provides an ipvlan-like networking mode that has the following properties:

  • Works on older kernels.
  • Uses the host's routing table (and netfilter rules) to route packets (potentially out of different interfaces or between containers), unlike ipvlan.
  • Prevents containers from altering their IP.
  • Prevents broadcast/multicast traffic to/from containers.
  • Provides same MAC externally for all containers.
  • No bridge interface to manage.
  • Supports layer 3 only mode for setups where BGP (or other routing protocols) are running on the host to distribute container's IPs in the local routing table to the wider network.
  • Containers can optionally have IPs accessible on local LAN at layer 2 using the existing l2proxy and link settings.

pidfd: Add initial support for the new pidfd api

Newer kernel versions allow interaction with processes through process file descriptors (pidfds). This eliminates various race conditions when e.g. sending signals or retrieving process information. This LXC version make use of the pidfd_send_signal() syscall and the CLONE_PIDFD flag with the clone() syscall.

Hardening: Add more compiler based hardening

Over the last few releases we enabled options compilers provide to harden C codebases. This release enables:

-Wlogical-op
-Wmissing-include-dirs
-Wold-style-definition
-Winit-self
-Wfloat-equal
-Wsuggest-attribute=noreturn
-Werror=return-type
-Werror=incompatible-pointer-types
-Wformat=2
-Wimplicit-fallthrough=5
-Wshadow
-Wendif-labels
-Werror=overflow
-fdiagnostics-show-option
-fstack-protector-strong
-Werror=shift-count-overflow
-Werror=shift-overflow=2
-Wdate-time
-Wnested-externs
-fasynchronous-unwind-tables
-pipe
-fexceptions

Hardening: Remove all stack allocations

Stack-based memory allocations (e.g. through alloca()) can cause quite severe memory bugs. LXC has therefore removed all stack-based memory allocations and will not allow new code to add any.

Hardening: Add support for LGTM

LXC has gained support for the LGTM code analysis tool. We're happy that LXC's code is currently ranked as A+.

Hardening: Add support for coccinelle

LXC has gained support for the coccinelle code transformation tool. This allows us to automatically change code eliminating error caused by manually replacing e.g. deprecated functions such as alloca().

Hardening: Compiler based resource cleanup

The codebase will be slowly switched over to make user of cleanup attributes supported by compilers such as gcc and clang.

Hardening: Remove fgets() from the codebase

To improve security all uses of fgets() have been removed from the codebase. Use of this function in new code is strongly discouraged.

Hardening: Expand close-on-exec usage

All file descriptors that can be made close-on-exec are now close-on-exec.

Use /sys/kernel/cgroup/delegate file for cgroup v2

This file exports a list of the cgroups v2 files (one per line) that are delegatable (i.e., whose ownership should be changed to the user ID of the delegatee). LXC will use this to determine how to correctly delegate cgroups.

Handle layouts without cgroups

This lets LXC start containers on systems without writable cgroups.

Handle offline cpus in cpuset

In addition to removing isolated cpus from a container's cgroup LXC will now also remove offline cpus from the container's cpuset.

Generate new boot id for each container

LXC will now generate a new random boot id for each container and mount it to /proc/sys/kernel/random/boot_id. This will allow systemd to recognize the boots of each container.

Unified network creation

LXC has a new unified way of creating networks for privileged and unprivileged containers greatly simplifying the code.

Security: Fix for runC CVE-2019-5736

This release comes with a fix for the privileged container breakout discovered earlier this year. As per our policy we don't consider privileged containers root safe and thus LXC as not received a CVE for this. However, we still provide a fix in this release. For more details see this blog post.

Bugfixes

  • lxc-download: Pre-release bump of compat
  • seccomp: open memfd read-write
  • doc: Documents the lxc.net.[i].veth.mode option
  • network: Adds veth router mode static routes and proxy entries
  • network: Adds mode param (bridge, router) to veth network setting
  • lxc/log: Adds error_log_errno macro
  • doc: Add lxc.comp.notify.cookie to Japanese lxc.container.conf(5)
  • cgroup: check for non-empty conf
  • seccomp: coding style
  • af_unix: remove unused variable
  • seccomp: send caller pidfd along with proxied requests
  • seccomp: recvmsg with MSG_TRUNC
  • doc: document lxc.seccomp.notify.cookie
  • seccomp: defer reconnecting to the proxy
  • seccomp: keep retrying to reconnect to proxy
  • seccomp: send default response when there's no proxy
  • seccomp: retry connecting to the proxy once
  • seccomp: don't ignore syscalls when there's no proxy
  • seccomp: remove reconnect-loop
  • seccomp: use SOCK_SEQPACKET for the notify proxy
  • seccomp: assert that __reserved is 0 in notify responses
  • seccomp: update notify api
  • conf: add lxc.seccomp.notify.cookie
  • file_utils: add lxc_recvmsg_nointr_iov
  • af_unix: add lxc_unix_connect_type
  • af_unix: add lxc_abstract_unix_recv_fds_iov()
  • af_unix: add lxc_abstract_unix_send_fds_iov
  • pidf_send_signal: fix return value
  • lxccontainer: properly cleanup on mount injection failure
  • start: call lxc_find_gateway_addresses early
  • network: simplify lxc_network_move_created_netdev_priv()
  • network: send names for all non-trivial network types
  • network: record created_name for instantiate_phys()
  • network: simplify instantiate_phys()
  • network: record created_name for instantiate_vlan()
  • network: simplify instantiate_vlan()
  • network: record created_name for instantiate_ipvlan()
  • network: simplify instantiate_ipvlan()
  • network: stash created_name in instantiate_macvlan()
  • network: simplify instantiate_macvlan()
  • network: s/loDev/loop_device/g
  • cgroups: hande cpuset initialization race
  • network: remove faulty restriction
  • fix memory leak in do_storage_create
  • cgroups: move variable into tighter scope
  • cgroups: correctly order variables
  • cgroups: simplify cgfsng_nrtasks()
  • cgroups: simplify cgfsng_setup_limits()
  • cgfsng: fix memory leak in lxc_cpumask_to_cpulist
  • lxccontainer: rework seccomp notify api function
  • cgfsng: write cpuset.mems of correct ancestor
  • parse.c: fix fd leak from memfd_create
  • lxc.pc.in: add libs.private for static linking
  • Fixed file descriptor leak for network namespace
  • network: fix lxc_netdev_rename_by_index()
  • Switch from gnutls to openssl for sha1
  • doc: add a note about shared ns + LSMs to Japanese doc
  • seccomp: do not set SECCOMP_FILTER_FLAG_NEW_LISTENER
  • Centralize hook names
  • seccomp: add ifdefine for SECCOMP_FILTER_FLAG_NEW_LISTENER
  • seccomp: s/SCMP_FLTATR_NEW_LISTENER/SECCOMP_FILTER_FLAG_NEW_LISTENER/g
  • seccomp: s/HAVE_DECL_SECCOMP_NOTIF_GET_FD/HAVE_DECL_SECCOMP_NOTIFY_FD/g
  • seccomp: /sseccomp_notif_free/seccomp_notify_free/g
  • seccomp: s/seccomp_notif_alloc/seccomp_notify_alloc/g
  • seccomp: s/seccomp_notif_id_valid/seccomp_notify_id_valid/g
  • seccomp: s/seccomp_notif_send_resp/seccomp_notify_respond/g
  • seccomp: s/seccomp_notif_receive/seccomp_notify_receive/g
  • seccomp: s/seccomp_notif_get_fd/seccomp_notify_fd/g
  • seccomp: s/SCMP_ACT_USER_NOTIF/SCMP_ACT_NOTIFY/g
  • cgroups: prevent segfault
  • start: fix handler memory leak at lxc_init failed
  • lxc_usernsexec: continuing after unshare fails leads to confusing and misleading error messages
  • getgrgid_r fails with ERANGE if buffer is too small. Retry with a larger buffer.
  • lxc_clone: add a comment about stack size
  • lxc_clone: bump stack size to 8MB
  • configure: remove additional comma
  • lxccontainer: cleanup attach functions
  • attach: do not reload container
  • network: Fixes bug that stopped down hook from running for phys netdevs
  • network: move phys netdevs back to monitor's net ns rather than pid 1's
  • lxc_clone: get rid of some indirection
  • doc: add a little note about shared ns + LSMs
  • lxc_clone: pass non-stack allocated stack to clone
  • configure: handle checks when cross-compiling
  • Use %m instead of strerror() when available
  • Config: check for %m availability
  • initutils: Fix memleak on realloc failure
  • zfs: Fix return value on zfs_snapshot error
  • lvm: Fix return value if lvm_create_clone fails
  • criu: Remove unnecessary return after _exit()
  • criu: Use -v4 instead of -vvvvvv
  • Option --busybox-path instead of --bbpath
  • New --bbpath option and unecessary --rootfs checks
  • coding style: update
  • start: use CLONE_PIDFD
  • api: Adds the network_phys_macvlan_mtu extension
  • network: Restores phys device MTU on container shutdown
  • network: Adds mtu support for phys and macvlan types
  • raw_syscalls: simplify assembly
  • utils: improve switch_to_ns()
  • doc: Fix and improve Japanese translation
  • doc: Update Japanese lxc.container.conf(5)
  • network: Re-works veth gateway logic
  • network: Makes vlan network interfaces set mtu before upscript called
  • network: Adds custom mtu support for ipvlan interfaces
  • seccomp: document path calculation
  • compiler: add __returns_twice attribute
  • seccomp: send process memory fd
  • namespaces: allow a pathname to a nsfd for namespace to share
  • seccomp: ensure fields are set to 0
  • seccomp: remove alignment requirements
  • seccomp: notifier fixes
  • network: Makes some routing functions static
  • network: Fixes bug in macvlan mode selection
  • network: Fixes vlan hook script
  • network: Fixes a little typo in an error message
  • start: silence clang
  • Fix 'zfs get' command order
  • lxc-start: remove bad doc
  • netns_getifaddrs: adapt to kernel changes
  • configure: s/LDLAGS/LDFLAGS/
  • conf: do lxc.mount.entry mounts right after lxc.mount.fstab
  • raw_syscalls: lxc_raw_clone()
  • hooks/nvidia: handle spaces in NVIDIA_REQUIRE variables
  • storage: update zfs
  • storage: prevent unitialized variable warning
  • cgroups: fix potential nullderef
  • attach: use tighter scope for fd variable
  • fix: #2927 api doc generation fails under out of source build.
  • Fix monitor pdeathsig handling
  • Fix user namespace pdeathsig handling
  • network: fix network device removal
  • doc: Add the description of apparmor profile generation to man pages
  • doc: Add lxc.rootfs.managed to lxc.container.conf(5)
  • doc: Add lxc.cgroup.relative to lxc.container.conf(5)
  • lvm: Updates lvcreate to wipe signatures if supported, fallbacks to old command if not.
  • lxccontainer: check do_lxcapi_init_pid() for failure
  • start: fix parent PID passed to lxc_set_death_signal
  • utils: fix handling of PID namespaces in lxc_set_death_signal
  • btrfs: ensure \0 byte at end
  • Fix lxc.cgroup2. on cgroup2-only systems
  • conf: avoid compiler warning
  • confile: make parse_limit_value() static
  • confile_utils: make update_hwaddr() static
  • confile_utils: lxc_config_net_is_hwaddr()
  • cgroups: remove unused variables
  • attach: remove unused variable
  • Fix android compilation
  • CODING_STYLE: update
  • conf: remove unused variable
  • gpg: use proxy, if http_proxy is set
  • conf: simplify idmaptool_on_path_and_privileged
  • lxc-attach: switch to attach_run_wait
  • travis: run coccinelle
  • Fix existing mount target check
  • cve-2019-5736: add test
  • rexec: try sendfile() fallback to fd_to_fd()
  • [V2] rexec: handle legacy kernels
  • rexec: use __do_close_prot_errno
  • memory_utils: introduce __do_close_prot_errno
  • macro: introduce steal_fd()
  • commands: move declaration into tighter scope
  • start: move variable into tighter scope
  • mount: Cleanup allow over-mounting
  • mount: Allow over-mounting
  • network: do not log false friends
  • conf: do not log devpts umount2() failure
  • rexec: remove envp parsing in favour of environ
  • apparmor: Improve testing on apparmor python script
  • apparmor: catch config file opening error
  • rexec: make rexecution opt-in for library callers
  • include: add fexecve() for Android's Bionic
  • parse: handle \r
  • cgfsng: fix cgroup creation
  • coccinelle: use standard exit identifiers
  • coccinelle: s/while({1,true})/for(;;)/
  • lxc-init: exit with error on wait failure
  • start: prevent signed-issues
  • cgfsng: remove unnecessary check
  • commands: remove unnecessary check
  • caps: check uid and euid
  • memory_utils: add memory_utils.h
  • fix rpm packaging for bash completion directory.
  • cgroups: use of /sys/kernel/cgroup/delegate file
  • doc: Add lxc.seccomp.allow_nesting to Japanese lxc.container.conf(5)
  • prlimit: remove deprecated and unneeded header
  • compiler: remove deprecated and unneeded header
  • conf: append 0 0 to nesting helpers mount entries
  • Use BUSYBOX_EXE variable in configure_busybox()
  • conf: check for successful mount entry parse
  • Installation of default.script for udhcpc
  • Avoid double lxc-freeze/unfreeze
  • Update freezer.c
  • Handle alternative loop device location on Android
  • Fixing hooks functionality Android where 'sh' is placed under /system/bin
  • Fix memory leak in cgroup_exit
  • conf.c: fix memory leak and mount error
  • start: __lxc_start return -1 when start fails
  • network: prefix veth interface name with uid info
  • start: handle missing CLONE_NEWCGROUP
  • Fixing compile error when compiling for android
  • Merge pull request #2774 from hn/master
  • fix: unprivileged veth devices (e.g. vethFWABHX) never contain 'Z' character in the randomly generated device name part because for modulo one does not need to substract 1 from strlen().
  • cgfsng: do not free container_full_path on error
  • confile: add lxc.seccomp.allow_nesting
  • lxccontainer: fix container copy
  • conf: use SYSERROR on lxc_write_to_file errors
  • lxccontainer: fix mount api (mount_injection_file)
  • storage: do not destroy pre-existing rootfs
  • terminal: remove sigwinch command

Support and upgrade

LXC 3.2 isn't a LTS release and so will only be supported until such time as LXC 3.3 is released. We recommend users that need a stronger support commitment to stay on one of our LTS releases.

Downloads

LXC 1.0 - End of Life announcement

26th of June 2019

Introduction

The LXC 1.0 LTS branch has reached its end of life.

Released on the 20th of February 2014, it received over 5 years of bugfixes and security updates from the LXC team as part of our commitment to Long Term Stable releases.

With it reaching the end of its supported life, we will no longer be accepting fixes to the stable-1.0 branch, nor run CI on this branch.

All remaining users should upgrade to a supported release as soon as possible.

Long term support releases

LXC upstream commits to 5 years support for its LTS branches. Such branches exist for LXC, LXCFS and LXD and see bugfixes and security fixes backported to them.

No new features get added to those branches and only the latest LTS branch sees most bugfixes backported, once a new LTS branch is released, the previous one will only get security and critical bugfixes.

Migration paths

LXC 1.0 users can upgrade to LXC 2.0 LTS without any expected disruption nor configuration changes required.

Upgrading to LXC 3.0 LTS is also possible and doesn't require an intermediate upgrade to 2.0, however as 3.0 has a number of updated configuration options, you will need to run lxc-update-config and may need to manually handle some changes yourself.

Currently supported releases

There are currently 3 supported releases of LXC:

  • LXC 2.0 LTS (supported until June 2021)
  • LXC 3.0 LTS (supported until June 2023)
  • LXC 3.1 (feature release, end of life when 3.2 is released)

LXC 3.0.4 has been released

21st of June 2019

Introduction

The LXC team is pleased to announce the release of LXC 3.0.4!

As a stable bugfix release, no major changes have been done, instead focusing on bugfixes and minor usability improvements.

Highlights

Fix for runC CVE-2019-5736

This release comes with a fix for the privileged container breakout discovered earlier this year. As per our policy we don't consider privileged containers root safe and thus LXC as not received a CVE for this. However, we still provide a fix in this release. For more details see this blog post.

Prefix veth interface names with caller's uid

To make it easier for users to inspect veth devices LXC will now prefix the uid of the caller for the host veth device.

Improve using LXC on Android devices

This makes LXC look for standard tools in locations such as /system/bin that are specific to Android. Additionally, it is now possible to correctly allocate loop devices on Android.

Backport all compiler hardening options which are standard on current master.

This backports:

-fdiagnostics-color
-Wimplicit-fallthrough=5
-Wcast-align
-Wstrict-prototypes
-fno-strict-aliasing
-fstack-clash-protection
-fstack-protector-strong
--param=ssp-buffer-size=4
-g
--mcet -fcf-protection
-Werror=implicit-function-declaration
-Wlogical-op
-Wmissing-include-dirs 
-Wold-style-definition
-Winit-self
-Wfloat-equal
-Wsuggest-attribute=noreturn
-Werror=return-type
-Werror=incompatible-pointer-types
-Wformat=2
-Wshadow
-Wendif-labels
-Werror=overflow
-fdiagnostics-show-option
-Werror=shift-count-overflow
-Werror=shift-overflow=2
-Wdate-time
-Wnested-externs
-fasynchronous-unwind-tables
-pipe
-fexceptions
-z relro
-z now
Remove all stack allocation (alloca())

As is already the case on master, all stack allocations via alloca() have been wiped from the codebase to increase security.

Added support for LGTM

This adds support for the LGTM code quality checker.

Add support for coccinelle code transformation tool

This allows us to automatically detect, remove, or add code to the LXC codebase to improve security and reliability.

Compiler based resource cleanup

The codebase will be slowly switched over to make user of cleanup attributes supported by compilers such as gcc and clang.

Remove fgets() from the codebase

To improve security all uses of fgets() have been removed from the codebase. Use of this function in new code is strongly discouraged.

Improve cgroup2 handling

With this release cgroup2 layouts will be better supported.

Setup lxc.mount.entry right after lxc.mount.fstab

This allows us to unify the mounting logic in LXC.

Expand namespace sharing options

When inheriting a namespace a pathname to a namespace file descriptor can now be specified.

Expand close-on-exec usage

All file descriptors that can be made close-on-exec are now close-on-exec.

Support pidfd api

Newer kernel versions allow interaction with processes through process file descriptors (pidfds). This eliminates various race conditions when e.g. sending signals or retrieving process information. This LXC version make use of the pidfd_send_signal() syscall and the CLONE_PIDFD flag with the clone() syscall.

Bugfixes (LXC)

  • Fix cgroup deletion by not prematurely freeing the path to delete
  • Fix lxc-usernsexec when falling back to the default id mapping
  • Fix building LXC when the stack-protector option is not supported by the compiler
  • Remove various unused functions from the codebase
  • Make sure that lxc-cgroup gives output in all relevant cases
  • Remove the handler for the SIGWINCH signal from the internal command handler since this is now handled via signalfd
  • Fix copying containers by stripping the storage type prefix from the target path
  • Ensure that veth device names can container all ASCII alphabetical characters
  • Fix Android builds
  • Handle kernels that do not support CLONE_NEWCGROUP
  • Free memory used to record inherited namespaces
  • Remove various deprecated headers
  • Ensure lxc-init reports error in all failure paths
  • Make various functions static
  • Improve setting the parent death handling
  • Fix network device removal
  • Update zfs storage backend to new zfs tool syntax
  • Fix vlan device handling through upscripts
  • Dynamically allocate a stack for clone() and use standard 8MB stack size
  • Improve static linking
  • Ensure that the cgroup.mems value of the correct ancestor is initialized in the cpuset cgroup

Full commit list:

  • apparmor: allow various remount,bind options
  • Merge pull request #2758 from Blub/2018-12-17/stable-3.0/apparmor-bind-remount
  • cgfsng: do not free container_full_path on error
  • Merge pull request #2772 from brauner/2018-01-09/fix_cgroup_deletion_stable-3.0
  • caps: check uid and euid
  • Merge pull request #2830 from brauner/2019-02-08/capabilities_stable-3.0
  • CVE-2019-5736 (runC): rexec callers as memfd
  • include: add fexecve() for Android's Bionic
  • rexec: handle old kernels
  • lxc-usernsexec: fix default map functionality
  • fix install error when using --disable-commands option
  • Add template-options to help output
  • stringutils: include stdarg for va_list
  • configure.ac: fix build without stack-protector
  • storage: remove unused function
  • fix lxc-cgroup not giving output
  • tools: add newline to lxc-cgroup output
  • terminal: remove sigwinch command
  • Set c to NULL after freeing it
  • conf: use SYSERROR on lxc_write_to_file errors
  • Revert "Set c to NULL after freeing it"
  • lxccontainer: fix container copy
  • fix: unprivileged veth devices (e.g. vethFWABHX) never contain 'Z' character in the randomly generated device name part because for modulo one does not need to substract 1 from strlen().
  • Fixing compile error when compiling for android
  • start: handle missing CLONE_NEWCGROUP
  • network: prefix veth interface name with uid info
  • Revert "conf: remove extra MS_BIND with sysfs:mixed"
  • conf.c: fix memory leak and mount error
  • Fix memory leak in cgroup_exit
  • Fixing hooks functionality Android where 'sh' is placed under /system/bin
  • Handle alternative loop device location on Android
  • Avoid risk of "too far memory read"
  • Installation of default.script for udhcpc
  • conf: check for successful mount entry parse
  • Use BUSYBOX_EXE variable in configure_busybox()
  • Create /var/run
  • /etc/resolv.conf grows indefinitely
  • compiler: remove deprecated and unneeded header
  • prlimit: remove deprecated and unneeded header
  • More accurate error msg for template file
  • fix rpm packaging for bash completion directory.
  • compiler: -Wlogical-op hardening
  • compiler: -Wmissing-include-dirs hardening
  • compiler: -Wold-style-definition hardening
  • compiler: -Winit-self hardening
  • compiler: -Wfloat-equal hardening
  • compiler: -Wsuggest-attribute=noreturn hardening
  • compiler: -Werror=return-type hardening
  • compiler: -Werror=incompatible-pointer-types
  • compiler: -Wformat=2 hardening
  • compiler: set -Wimplicit-fallthrough to 5
  • compiler: -Wshadow hardening
  • compiler: -Wendif-labels hardening
  • compiler: -Werror=overflow hardening
  • compiler: -fdiagnostics-show-option
  • compiler: fix -fstack-protector-strong
  • compiler: -Werror=shift-count-overflow hardening
  • compiler: -Werror=shift-overflow=2 hardening
  • compiler: -Wdate-time hardening
  • compiler: -Wnested-externs hardening
  • lxcmntent: remove stack allocations
  • cgroups: remove stack allocations
  • lxc_user_nic: remove stack allocations
  • commands: remove stack allocations
  • commands_utils: remove stack allocations
  • conf: remove stack allocations
  • confile: remove stack allocations
  • lxccontainer: remove stack allocations
  • monitor: remove stack allocations
  • namespace: remove stack allocations
  • network: remove stack allocations
  • pam_cgfs: remove stack allocations
  • start: remove stack allocations
  • storage: remove stack allocations
  • string_utils: remove stack allocations
  • terminal: remove stack allocations
  • loop: remove stack allocations
  • lvm: remove stack allocations
  • nbd: remove stack allocations
  • rbd: remove stack allocations
  • overlay: remove stack allocations
  • lxc-unshare: remove stack allocations
  • README: add LGTM
  • commands: remove unnecessary check
  • cgfsng: remove unnecessary check
  • start: prevent signed-issues
  • lxc-init: exit with error on wait failure
  • coccinelle: add coccinelle support
  • coccinelle: s/while({1,true})/for(;;)/
  • coccinelle: use standard exit identifiers
  • parse: handle \r
  • compiler: fix wrong licensing
  • ringbuf.h: fix wrong licensing
  • syscall_wrappers: fix wrong licensing
  • string_utils.h: fix wrong licensing
  • apparmor: catch config file opening error
  • apparmor: Improve testing on apparmor python script
  • conf: do not log devpts umount2() failure
  • network: do not log false friends
  • start: move variable into tighter scope
  • af_unix: use __do_free
  • attach: use __do_free
  • cgroup_utils: use __do_free
  • lxc-init: use cleanup macros
  • lxc-user-nic: use cleanup macros
  • lxc-usernsexec: use cleanup macros
  • commands: move declaration into tighter scope
  • commands: cleanup macros in lxc_cmd_console()
  • macro: introduce steal_fd()
  • commands: use __do_close_prot_errno
  • commands: cleanup macros lxc_cmd()
  • commands: cleanup macros lxc_cmd_add_state_client
  • commands: cleanup macros lxc_cmd_accept()
  • commands: cleanup macros lxc_cmd_init
  • commands: cleanup macros lxc_cmd_init()
  • tree-wide: s/steal_fd/move_fd/g
  • cve-2019-5736: add test
  • commands_utils: auto close lxc_cmd_sock_get_state
  • commands_utils: auto free lxc_add_state_client
  • conf: auto free run_buffer
  • conf: cleanup macros run_script_argv
  • conf: cleanup macros pin_rootfs
  • conf: cleanup macros lxc_mount_auto_mounts
  • conf: cleanup macros lxc_chroot
  • conf: cleanup macros parse_mntopts
  • conf: cleanup macros parse_propagationopts
  • conf: cleanup macros mount_entry_create_dir_file
  • conf: cleanup macros mount_entry_on_generic
  • conf: cleanup macros setup_sysctl_parameters
  • conf: cleanup macros setup_proc_filesystem
  • conf: cleanup macros idmaptool_on_path_[...]
  • conf: cleanup macros remount_all_slave
  • conf: cleanup macros lxc_execute_bind_init
  • conf: cleanup macros get_minimal_idmap
  • conf: cleanup macros get{g,u}name
  • conf: cleanup macros suggest_default_idmap
  • travis: run coccinelle
  • travis: run coccinelle
  • attach: cleanup macros lxc_proc_close_ns_fd
  • attach: cleanup macros in_same_namespace
  • attach: cleanup macros lxc_put_attach_clone_[...]
  • attach: cleanup macros lxc_attach_terminal_[...]
  • .travis: give coverity one more try
  • .travis: remove coverity
  • lxc-attach: switch to attach_run_wait
  • conf: simplify idmaptool_on_path_and_privileged
  • conf: cleanup macros remount_all_slave
  • conf: cleanup macros lxc_chroot
  • conf: cleanup macros lxc_pivot_root
  • conf: cleanup macros lxc_fill_autodev
  • conf: cleanup macros make_anonymous_mount_file
  • conf: cleanup macros setup_mount_entries
  • conf: cleanup macros write_id_mapping
  • conf: cleanup macros suggest_default_idmap
  • attach: use move_fd in lxc_proc_close_ns_fd
  • gpg: use proxy, if http_proxy is set
  • conf: remove fgets() from run_buffer()
  • conf: remove fgets() from lxc_chroot()
  • initutils: remove fgets() from lxc_global_con[...]
  • initutils: remove fgets() from setproctitle()
  • conf: remove unused variable
  • confile: shut up gcc
  • CODING_STYLE: update
  • Fix android compilation
  • commands_utils.c: fix wrong licensing
  • commands_utils.h: fix wrong licensing
  • file_utils.c: fix wrong licensing
  • string_utils.c: fix wrong licensing
  • attach: remove unused variable
  • attacg: shut up gcc
  • lxccontainer: shut up gcc and remove unused variables.
  • network: shut up gcc.
  • monitor: shut up gcc.
  • start: shut up gcc.
  • storage: shut up gcc and remove unused variables.
  • cmd: shut up gcc.
  • confile_utils: lxc_config_net_is_hwaddr()
  • confile_utils: make update_hwaddr() static
  • confile: make parse_limit_value() static
  • conf: Fixes unitialised variable.
  • Revert "conf: Fixes unitialised variable."
  • conf: avoid compiler warning
  • Fix lxc.cgroup2. on cgroup2-only systems
  • hooks: drop namespace references before post-stop
  • btrfs: ensure \0 byte at end
  • compiler: -fasynchronous-unwind-tables hardening
  • compiler: -pipe
  • compiler: -fexceptions hardening
  • utils: fix handling of PID namespaces in lxc_set_death_signal
  • start: fix parent PID passed to lxc_set_death_signal
  • hardening: enable address sanitizer build
  • start: backport monitor_pid handling
  • cgfsng: fix cgroup2 handling
  • cgroups: fix potential nullderef
  • cgfsng: backport new cgroup handling logic
  • Merge pull request #2944 from brauner/lxc/stable-3.0
  • raw_syscalls: lxc_raw_clone()
  • hooks/nvidia: handle spaces in NVIDIA_REQUIRE variables
  • Travis: Adds -Wall and -Werror gcc flags to automatic build.
  • travis: Attempt to fix src/lxc/cmd/lxc_init.c:251: undefined reference to `pthread_sigmask
  • lvm: Updates lvcreate to wipe signatures if supported, fallbacks to old command if not.
  • network: fix network device removal
  • Fix user namespace pdeathsig handling
  • lxc-user-nic: small tweaks
  • doc: update lxc-user-nic manpage
  • lxc-user-nic: validate request
  • doc: update Japanese lxc-user-nic manpage
  • fix: #2927 api doc generation fails under out of source build.
  • storage: prevent unitialized variable warning
  • storage: update zfs
  • conf: do lxc.mount.entry mounts right after lxc.mount.fstab
  • netns_getifaddrs: adapt to kernel changes
  • lxc-start: remove bad doc
  • Fix 'zfs get' command order
  • commands: partially backport seccomp notify
  • af_unix: backport helper functions
  • start: silence clang
  • network: Fixes a little typo in an error message
  • network: Adds upscript handling for vlan network type
  • network: Fixes vlan hook script
  • tests: Updates .gitignore to ignore test build artefacts
  • network: Fixes bug in macvlan mode selection
  • seccomp: notifier fixes
  • namespaces: allow a pathname to a nsfd for namespace to share
  • tree-wide: make socket SOCK_CLOEXEC
  • compiler: add __returns_twice attribute
  • raw_syscalls: add initial support for pidfd_send_signal()
  • Devices created in rootfs instead of rootfs/dev
  • utils: improve switch_to_ns()
  • raw_syscalls: simplify assembly
  • clone: add infrastructure for CLONE_PIDFD
  • network: Adds mtu support for phys and macvlan types
  • namespace: support CLONE_PIDFD with lxc_clone()
  • network: Restores phys device MTU on container shutdown
  • start: use CLONE_PIDFD
  • Redirect error messages to stderr
  • coding style: update
  • New --bbpath option and unecessary --rootfs checks
  • lxccontainer: do not display if missing privileges
  • Option --busybox-path instead of --bbpath
  • criu: Use -v4 instead of -vvvvvv
  • criu: Remove unnecessary return after _exit()
  • lvm: Fix return value if lvm_create_clone fails
  • zfs: Fix return value on zfs_snapshot error
  • initutils: Fix memleak on realloc failure
  • Config: check for %m availability
  • Use %m instead of strerror() when available
  • Error prone semicolon
  • configure: handle checks when cross-compiling
  • network: move phys netdevs back to monitor's net ns rather than pid 1's
  • network: Fixes bug that stopped down hook from running for phys netdevs
  • attach: do not reload container
  • lxccontainer: cleanup attach functions
  • lxccontainer: remove unused function
  • start: remove unused label
  • configure: remove additional comma
  • lxc_clone: pass non-stack allocated stack to clone
  • doc: add a little note about shared ns + LSMs
  • lxc_clone: get rid of some indirection
  • cgroups: handle offline cpus in v1 hierarchy
  • fix issue 2765
  • lxc_clone: bump stack size to 8MB
  • lxc_clone: add a comment about stack size
  • getgrgid_r fails with ERANGE if buffer is too small. Retry with a larger buffer.
  • lxc_usernsexec: continuing after unshare fails leads to confusing and misleading error messages
  • start: fix handler memory leak at lxc_init failed
  • cgroups: prevent segfault
  • Make /tmp accessible to any user
  • proposed fix for #2892 - fix lxcbasename in lxc/lxccontainer.c
  • start: generate new boot id on container start
  • Centralize hook names
  • doc: add a note about shared ns + LSMs to Japanese doc
  • Switch from gnutls to openssl for sha1
  • network: fix lxc_netdev_rename_by_index()
  • Fixed file descriptor leak for network namespace
  • lxc.pc.in: add libs.private for static linking
  • parse.c: fix fd leak from memfd_create
  • cgfsng: write cpuset.mems of correct ancestor

Bugfixes (LXC templates)

  • Add new dependency for wget for lxc-slackware template
  • plamo: Workaround for building plamo 32bit 6.x container on current 7.x
  • plamo: Support https as download scheme and default to https

Bugfixes (python3 binding)

  • No changes in this release, version bump only

Support and upgrade

LXC 3.0.4 is supported until June 2023 and is our current LTS release, users are encouraged to update to the latest bugfix releases as they're made available.

Downloads

LXC 2.0.11 has been released

12th of March 2019 This is the eleventh bugfix release for LXC 2.0.

Note that LXC 2.0.10 was released a few days before 2.0.11 but the release tarball was missing some files and wasn't buildable on Android, so we ended up releasing 2.0.11 to address that.

The changelog below is for everything which happened between 2.0.9 and 2.0.11.

Security fixes

Fixes CVE-2018-6556

lxc-user-nic when asked to delete a network interface would unconditionally open a user provided path. This code path could be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). For more details see here.

Fixes CVE-2019-5736

This release fixes CVE-2019-5736. It is a major security issue afflicting all container runtimes and is exploitable when attaching to privileged containers. More details on the the bug and how it is fixed can be found here.

Main bugfixes

Allow attaching to undefined containers

For example the following sequence is now expected to work:

lxc-start -n <container-name> -f /path/to/conf \
-s 'lxc.id_map = u 0 100000 65536' \
-s 'lxc.id_map = g 0 100000 65536' \
-s 'lxc.rootfs = /path/to/rootfs' \
-s 'lxc.init_cmd = /path/to/initcmd'

Correctly handle namespace inheritance in attach

lxc_attach will now correctly distinguish between a caller specifying specific namespaces to attach to and a caller not requesting specific namespaces. The latter is taken by lxc_attach to mean that all namespaces will be attached. This also needs to include all inherited namespaces.

Allow the creation of testing and unstable Debian containers

Being able to create testing containers, regardless of what's the name of the next stable, is useful in several contexts, included but not limited to testing purposes. i.e. one won't need to explicitly switch to bullseye once buster is released to be able to continue tracking testing. While we are at it, let's also enable unstable, which is exactly the same as sid, but there is no reason for not being able to.

Enable container without CAP_SYS_ADMIN (cgroup handling)

In case cgroup namespaces are supported but we do not have CAP_SYS_ADMIN we need to mount cgroups for the container. This patch enables both privileged and unprivileged containers without CAP_SYS_ADMIN.

Improved cgroup2 handling

Since cgroup2 is becoming more common LXC 2.0.11 comes with a wide range of improvements in that area.

Support read-only mounts of cgroups

This is especially useful if the container lacks CAP_SYS_ADMIN and thus cannot remount.

Allow to exit from console via SIGTERM

This allows cleanly exiting a console session without control sequences. Instead SIGTERM can be sent to the affected process and it will cause LXC to cleanly terminate the console session.

Correctly calculate the number of arguments passed when running application containers

The number of arguments passed to exec was miscalculated under certain conditions. This release ensure that the correct number of arguments is calculated and passed to exec.

Remove all unneeded locking from the codebase

Older version of LXC used mutexes in various places to ensure thread-safety. Careful redesign of these codepaths has enabled us to remove all mutextes from the codebase. This has led to simplifications and speedups for various operations such as container start and stop.

Fix cgroup namespace preservation

This eliminates a race and makes sure that the cached file descriptor refers to the container's cgroup namespace and not to the hosts'.

Allow application to share the hosts' pid namespace

Prior versions of LXC did not allow to share the hosts' pid namespace. Starting with this bugfix release it is possible to do this correctly.

Correctly handle very short-lived application containers

Prior versions had trouble to correctly handle extremely short-lived application containers. For example, LXC could incorrectly report that a container is still running when it had already shut down due to a TOCTU and refuse to restart it. This caused unnecessary delay. Also, output of such short-lived containers written to stdout could get lost or truncated. This release fixes both issues.

Correctly handle containers where /proc has been mount with hidepid=1 or hidepid=2

In prior versions attaching to unprivileged containers as an unprivileged user with /proc mounted with hidepid=1 or hidepid=2 would fail since LXC could not retrieve needed information from /proc. This is now fixed.

Allow to force mount cgroups even when cgroup namespaces are supported

This lets users specify lxc.mount.auto = cgroup:mixed:force or lxc.mount.auto = cgroup:ro:force or lxc.mount.auto = cgroup:rw:force.

When cgroup namespaces are supported LXC will not mount cgroups for the container since it assumes that the init system will mount cgroups itself if it wants to. This assumption already broke when users wanted to run containers without CAP_SYS_ADMIN.

For example, systemd based containers wouldn't start since systemd needs to mount cgroups (named systemd hierarchy for legacy cgroups and the unified hierarchy for unified cgroups) to track processes. This problem was solved by detecting whether the container had CAP_SYS_ADMIN. If it didn't we performed the cgroup mounts for it.

However, there are more cases when we should be able to mount cgroups for the container when cgroup namespaces are supported:

  • init systems not mounting cgroups themselves: A init system that doesn't mount cgroups would not have cgroups available especially when combined with custom LSM profiles to prevent cgroup {u}mount()ing inside containers.
  • application containers: Application containers will usually not mount by cgroups themselves.
  • read-only cgroups: It is useful to be able to mount cgroups read-only to e.g. prevent changing cgroup limits from inside the container while at the same time allowing the applications to perform introspection on their own cgroups. This again is mostly useful for application containers. System containers running systemd will usually not work correctly when cgroups are mounted read-only.

Everything else

2.0.11 includes almost a year and a half of bugfixes cherry-picked from current LXC, the entire list can be found below.

  • tools: allow lxc-attach to undefined containers
  • utils: move memfd_create() definition
  • utils: add lxc_cloexec()
  • utils: add lxc_make_tmpfile()
  • utils: add lxc_getpagesize()
  • utils: add lxc_safe_long_long()
  • utils: parse_byte_size_string()
  • utils: add lxc_find_next_power2()
  • namespace: use lxc_getpagesize()
  • lxc-debian: allow creating testing and unstable
  • Call lxc_config_define_load from lxc_execute again
  • Fix typo in lxc-net script
  • Add missing lxc_container_put
  • lxc-debian: don't write C.* locales to /etc/locale.gen
  • attach: correctly handle namespace inheritance
  • cgfsng: fix cgroup2 detection
  • cgroups: enable container without CAP_SYS_ADMIN
  • lxc-start: remove unnecessary checks
  • start: close non-needed file descriptors
  • handler: make name argument const
  • start: close data socket in parent
  • monitor: do not log useless warnings
  • network: reap child in all cases
  • conf: reap child in all cases
  • storage: switch to ext4 as default filesystem
  • tools: fix help output of lxc-create
  • attach: handle namespace inheritance
  • cgroups/cgfsng: keep mountpoint intact
  • cgroups/cgfsng: cgfsns_chown() -> cgfsng_chown()
  • cgroups/cgfsng: support MS_READONLY with cgroup ns
  • log: check for i/o error with vsnprintf()
  • cgroupfs/cgfsng: tweak logging
  • cgroups/cgfsng: remove is_lxcfs()
  • cgroups/cgfsng: fix get_controllers() for cgroup2
  • cgroupfs/cgfsng: improve cgroup2 handling
  • config: remove SIGRTMIN+14 as lxc.signal.stop
  • commands: non-functional changes
  • console: non-functional changes
  • console: non-functional changes
  • lxc-test-unpriv: fix the overlayfs mount error
  • attach: allow attach with empty conf
  • tools/lxc_attach: removed api logging
  • console: fix console info message
  • Add missing dependency libunistring
  • cgroups/cgfsng: adapt to new cgroup2 delegation
  • console: report detach message on demand
  • lxccontainer: enable daemonized app containers
  • console: use correct escape sequence check
  • console: prepare for generic signal handler
  • console: exit mainloop on SIGTERM
  • commands: non-functional changes
  • lxccontainer: non-functional changes
  • commands: fix state socket implementation
  • lxc_init: set the control terminal in the child session
  • lxc-test-unpriv: check user existence before removing it
  • Fixed typo on lxc.spec.in
  • conf: move CAP_SYS_* definitions to utils.h
  • start.c: always switch uid and gid
  • Use AX_PTHREAD config script to detect pthread api
  • utils.h: Avoid duplicated sethostname implementation
  • tools/lxc_cgroup: remove internal logging
  • tools/lxc_autostart: remove internal logging
  • tools/lxc_clone: remove internal logging
  • tools/lxc_console: remove internal logging
  • tools/lxc_create: remove internal logging
  • tools/lxc_destroy: remove internal logging
  • tools/lxc_device: remove internal logging
  • tools/lxc_execute: removed internal logging
  • tools/lxc_freeze: remove internal logging
  • tools/lxc_info: removed internal logging
  • criu: detect veth name
  • lxccontainer: various container creation fixes
  • storage: remove unused declaration
  • tools/lxc_ls: remove internal logging
  • tools/lxc_copy: remove internal logging
  • tools/lxc_monitor: removed internal logging
  • tools/lxc_snapshot: removed internal logging
  • tools/lxc_start: removed internal logging
  • tools/lxc_stop: removed internal logging
  • tools/lxc_top: removed internal logging
  • tools/lxc_unfreeze: removed internal logging
  • tools/lxc_unshare: removed internal logging
  • tools/lxc_usernsexec: removed internal logging
  • tools/lxc_wait: removed internal logging
  • confile: fix memory leak
  • utils: declare sethostname() static inline
  • lxc_unshare: Add uid_mapping when creating userns
  • Update gentoo.moresecure.conf.
  • Add new dependency to Slackware template
  • Add bash completion to list backing store types for lxc-create -B - Backing Store types are hard-coded (Not sure how to get programmatically) - Closes #1236
  • Fix SETCOLOR_FAILURE evaluation
  • Insert missing "echo" after "is_enabled"
  • conf: prevent null pointer dereference
  • criu: initialize status
  • confile: remove dead assignment
  • criu: silence static analysis
  • attach: do not fail on non-existing namespaces
  • test: reenable Coverity integration
  • lxc_execute: properly figure out number of needed arguments
  • arguments: move to tools/ subdirectory
  • start: set loglevel correctly
  • commands: don't traverse whole list
  • commands: don't lock atomic operations
  • commands: don't lock the whole command
  • start: don't lock setting the state
  • commands: allow waiting for all states
  • test: add state server tests
  • commands: tweak locking
  • lxccontainer: restore non-blocking shutdown
  • commands: tell mainloop to reap client fd on error
  • commands: return -ECONNRESET to caller
  • execute: pass logfile to lxc-init
  • lxccontainer: handle execute containers correctly
  • lxc_init: move up to src/lxc
  • init: rework dumb init
  • lxc_init: add custom argument parser
  • tests: expand tests for shortlived init processes
  • coverity: #1425734
  • coverity: #1425735
  • coverity: #1425739
  • coverity: #1425929
  • coverity: #1425923
  • coverity: #1425922
  • coverity: #1425921
  • coverity: #1425895
  • coverity: #1425890
  • coverity: #1425889
  • coverity: #1425888
  • lxc: Distinguish pthread_mutex_unlock error messages
  • travis: Fix build failure
  • coverity: #1425893
  • coverity: #1425886
  • coverity: #1428855
  • coverity: #1425884
  • coverity: #1425883
  • coverity: #1425879
  • tools: block using lxc-execute without config file
  • conf: avoid spawning unnecessary subshells
  • coverity: #1425874 + cleanup
  • lxccontainer: only attach netns on netdev detach
  • lxccontainer: cleanup {attach,detach}_interface()
  • coverity: #1425870
  • coverity: #1425869
  • coverity: #1425867
  • coverity: #1425866
  • coverity: #1425863
  • coverity: #1425862
  • coverity: #1425860
  • coverity: #1425859
  • coverity: #1425858
  • coverity: #1425857
  • start: do not unconditionally dup std{in,out,err}
  • tools: exit success when lxc-execute is daemonized
  • start: fix cgroup namespace preservation
  • init: don't kill(-1) if we aren't in a pid ns
  • SHARE_NS options should be before OPT_USAGE
  • commands: fix race when open()/close() cmd socket
  • namespace: add lxc_raw_clone()
  • utils: use lxc_raw_clone() in run_command()
  • lxc_init: fix cgroup parsing
  • tests: s/lxc.init.cmd/lxc.init_cmd/g
  • commands_utils: add missing mutex
  • [monitor] wrong statement of break
  • cgfsng: Add new macro to print errors
  • attach: simplify significantly
  • attach: use lxc_raw_clone()
  • attach: handle /proc with hidepid={1,2} property
  • tests: expand lxc_raw_clone() tests
  • namespace: add lxc_raw_getpid()
  • tree-wide: s/getpid()/lxc_raw_getpid()/g
  • namespace: comment lxc_{raw_}clone()
  • namespace: add lxc_raw_clone_cb()
  • start: use lxc_raw_clone_cb() where possible
  • start: log closing cmd socket and STOPPED state
  • start: make us dumpable
  • start: simplify cgroup namespace preservation
  • start: fix death signal
  • start: handle setting death signal smarter
  • mainloop: add mainloop macros
  • mainloop: capture output of short-lived init procs
  • lxc_config: Add -h and --help flags handler
  • start: properly cleanup mainloop
  • console: do not allow non-pty devices on open()
  • mainloop: use epoll_create1(EPOLL_CLOEXEC)
  • conf: adapt idmap helpers
  • conf: adapt userns_exec_1()
  • conf{ile}: detect ns{g,u}id mapping for root
  • cgfsng: use init {g,u}id
  • conf: detect if devpts can be mounted with gid=5
  • gentoo: Add support for .xz tarballs
  • configure.ac: fix the check for static libcap
  • conf: write "deny" to /proc/[pid]/setgroups
  • conf: non-functional changes
  • conf: rework userns_exec_1()
  • cgfsng: only establish mapping once
  • Fix broken indentation
  • Include -devel suffix in version string
  • Add return check for 'lxc_cmd_get_name'
  • fix up lxc-usernsexec's exit status
  • add some idmap parsing error messages
  • confile: improve log messages
  • console: move pty creation to separate function
  • start: non-functional changes
  • console: add some pty helpers
  • attach: cleanup attach_child_main()
  • console: adapt lxc_console_mainloop_add()
  • console: add lxc_pty_map_ids()
  • attach: minor tweaks
  • tools: honor --console and --console-log
  • start: non-functional changes
  • console: set SFD_CLOEXEC on signal fd
  • lxc-alpine: allow retaining sys_ptrace per container
  • utils: do not rely on unitialized variable
  • test: log error on failure
  • utils: check suffix length
  • lxccontainer: restore blocking wait()
  • freezer: non-functional changes
  • commands: add LXC_CMD_SERVE_STATE_CLIENTS
  • start: don't log stop/continue for non-init processes
  • fix lxc_error_set_and_log to match the docs
  • lxc.init: correctly exit with the app's error code
  • remember the exit code from the init process
  • start: don't return false when the container's init exits nonzero
  • lxc-execute: actually exit with the status of the spawned task
  • set exit status to 1 in the unknown si_code case
  • console: cleanup
  • test: fix console tests
  • attach_options: reduce delta
  • attach: reduce delta
  • cgroups: reduce delta
  • bla
  • Revert commit "bla" with bad commit message
  • cgfsng: reduce delta
  • tools: fix android
  • Create console when the rootfs is NULL
  • unlink lxc-init
  • coverity: #1427668
  • coverity: #1427639
  • coverity: #1427638
  • coverity: #1427191
  • coverity: #1427190
  • coverity: #1426734
  • coverity: #1426694
  • start: fix mainloop cleanup goto statements
  • Modify .gitignore
  • Fix comments and add check in lxc_poll.
  • lsm: non-functional changes
  • lsm: add lsm_process_label_fd_get()
  • lsm: add lsm_process_label_set_at()
  • apparmor: do not call aa_change_profile()
  • autotools: do not link against libapparmor
  • network.c: Remove ip_forward_set and callers
  • [cgfsng] show wrong errno
  • better check for lock dir
  • better unprivileged detection
  • debian: Use iproute2 instead of iproute
  • tools: make "-n" optional
  • lsm: do not #ifdefine
  • debian: We must use iproute on wheezy
  • lxc-init: use SIGKILL after alarm timeout
  • monitor: send SIGTERM to the container when SIGHUP is received
  • lxc.init: ignore SIGHUP
  • cgroups: get controllers on the unified hierarchy
  • cgroups: cgfsng_create: handle unified hierarchy
  • cgroups: cgfsng_attach: handle unified hierarchy
  • cgroups: cgfsng_get: handle unified hierarchy
  • cgroups: cgfsng_set: handle unified hierarchy
  • cgroups: handle limits on the unified hierarchy
  • cgroups: more consistent naming
  • attach: set the container's environment variables
  • attach: non-functional changes
  • cgfsng: do MS_REMOUNT
  • cgfsng: non-functional changes
  • templates: CentOS fixes
  • cgroups: add check for lxc.cgroup.use
  • selinux: simplify check for default label
  • lsm: fix missing @ in function documentation
  • cgfsng: add required remount flags
  • define am_guest_unpriv
  • Restore most cases of am_guest_unpriv
  • coverity: #1429139
  • coverity: #1426734
  • coverity: #1425971
  • fix userns helper error handling
  • console: they are really not necessary
  • Modify .gitignore
  • Fix lxc-console hang
  • conf: support mount propagation
  • lxclock: remove pthread_atfork_handlers
  • cgfsng: simplifications and fixes
  • CONTRIBUTING: update
  • CODING_STYLE: add CODING_STYLE.md
  • cgroups: use correct mask for chmod()
  • CODING_STYLE: add section for str{n}cmp()
  • tests: remove lxc-test-ubuntu
  • utils: fix lxc_p{close,open}()
  • start: don't call close on invalid file descriptor
  • console: ensure that fd is marked EBADF
  • README: add coverity
  • confile: add "force" to cgroup:{mixed,ro,rw}
  • cgfsng: order includes
  • cgfsng: fully document struct hierarchy
  • cgfsng: fully document struct cgfsng_handler_data
  • cgfsng: fully document remaining variables
  • cgfsng: free_string_list()
  • cgfsng: cg_legacy_must_prefix_named()
  • cgfsng: move cg_legacy_must_prefix_named()
  • cgfsng: add me to authors
  • cgfsng: append_null_to_list()
  • cgfsng: string_in_list()
  • cgfsng: must_append_controller()
  • cgfsng: get_hierarchy()
  • cgfsng: lxc_cpumask()
  • cgfsng: lxc_cpumask_to_cpulist()
  • cgfsng: get_max_cpus()
  • cgfsng: cg_legacy_filter_and_set_cpus()
  • cgfsng: copy_parent_file()
  • cgfsng: cg_legacy_handle_cpuset_hierarchy()
  • cgfsng: controller_lists_intersect()
  • cgfsng: controller_list_is_dup()
  • cgfsng: controller_found()
  • cgfsng: all_controllers_found()
  • cgfsng: cg_hybrid_get_controllers()
  • cgfsng: cg_hybrid_get_mountpoint()
  • cgfsng: copy_to_eol()
  • cgfsng: controller_in_clist()
  • cgfsng: cg_hybrid_get_current_cgroup()
  • cgfsng: must_append_string()
  • cgfsng: trim()
  • cgfsng: lxc_cgfsng_print_hierarchies()
  • cgfsng: lxc_cgfsng_print_basecg_debuginfo()
  • cgfsng: cg_hybrid_init()
  • cgfsng: cg_is_pure_unified()
  • cgfsng: cg_unified_get_current_cgroup()
  • cgfsng: cgfsng_init()
  • cgfsng: recursive_destroy()
  • cgfsng: cg_unified_create_cgroup()
  • cgfsng: create_path_for_hierarchy()
  • cgfsng: remove_path_for_hierarchy()
  • cgfsng: cgfsng_create()
  • cgfsng: cgfsng_enter()
  • cgfsng: cgfsng_chown()
  • cgfsng: mount_cgroup_full()
  • cgfsng: cgfsng_mount()
  • cgfsng: recursive_count_nrtasks()
  • cgfsng: recursive_count_nrtasks()
  • cgfsng: cgfsng_escape()
  • cgfsng: build_full_cgpath_from_monitorpath()
  • cgfsng: __cg_unified_attach()
  • cgfsng: cgfsng_attach()
  • cgfsng: cgfsng_get()
  • cgfsng: cgfsng_set()
  • cgfsng: convert_devpath()
  • cgfsng: cg_legacy_set_data()
  • cgfsng: __cg_legacy_setup_limits()
  • lxccontainer: use wait_for_pid()
  • start: remove duplicate lxc_monitor_send_state()
  • tree-wide: remove locking around openpty()
  • {commands,start}: remove element from list first
  • start: use correct prefix for includes
  • start: print_top_failing_dir()
  • start: close_ns()
  • start: preserve_ns()
  • start: lxc_check_inherited()
  • start: signal_handler()
  • start: lxc_poll()
  • start: lxc_init_handler()
  • start: lxc_init()
  • start: lxc_abort()
  • start: start()
  • start: post_start()
  • start: lxc_destroy_container_on_signal()
  • start: do_destroy_container()
  • cgfsng: enable "force" for "cgroup-full"
  • confile: backport parts of network parsing
  • utils: add LXC_PROC_PID_FD_LEN
  • CVE 2018-6556: verify netns fd in lxc-user-nic
  • utils: include linux/types.h
  • cgfsng: fix off-by-one error
  • lxccontainer: do_lxcapi_start()
  • lxccontainer: do_lxcapi_create()
  • lxccontainer: do_lxcapi_get_interfaces()
  • lxccontainer: do_lxcapi_get_ips()
  • lxccontainer: do_lxcapi_clone()
  • lxccontainer: do_add_remove_node()
  • lxccontainer: do_lxcapi_detach_interface()
  • lxclock: {un}lock_mutex()
  • utils: lxc_popen()
  • utils: run_command()
  • network: lxc_create_network_unpriv_exec()
  • network: lxc_delete_network_unpriv_exec()
  • lxccontainer: config_file_exists()
  • lxccontainer: ongoing_create()
  • lxccontainer: create_partial()
  • lxccontainer: create_partial()
  • lxccontainer: lxc_container_free()
  • lxccontainer: lxc_container_{get,put}()
  • lxccontainer: do_lxcapi_is_defined()
  • lxccontainer: do_lxcapi_state()
  • lxccontainer: is_stopped()
  • lxccontainer: do_lxcapi_is_running()
  • lxccontainer: do_lxcapi_freeze()
  • lxccontainer: do_lxcapi_unfreeze()
  • lxccontainer: do_lxcapi_console_getfd()
  • lxccontainer: lxcapi_console()
  • lxccontainer: load_config_locked()
  • lxccontainer: do_lxcapi_load_config()
  • lxccontainer: do_lxcapi_want_daemonize()
  • lxccontainer: do_lxcapi_want_close_all_fds()
  • lxccontainer: do_lxcapi_wait()
  • lxccontainer: am_single_threaded()
  • lxccontainer: push_arg()
  • lxccontainer: split_init_cmd()
  • lxccontainer: free_init_cmd()
  • lxccontainer: lxcapi_start()
  • lxccontainer: lxcapi_startl()
  • lxccontainer: do_create_container_dir()
  • lxccontainer: create_container_dir()
  • criu: criu_version_ok()
  • criu: do_restore()
  • criu: du_dump()
  • cgfsng: fix get_hierarchy() for unified hierarchy
  • fix download template for /tmp as tmpfs or noexec
  • CODING_STYLE: add section about _exit()
  • commands: remove mutex from state client list
  • lxc-snapshot: fix segfault
  • lxc_init: don't mount filesystems
  • cgfsng: non-functional changes
  • mainloop: add LXC_MAINLOOP_ERROR
  • config: start with a full capability set
  • CODING_STYLE: remove duplicate _exit() entry
  • CODING_STYLE: clang-format
  • CODING_STYLE: arrays of structs
  • CODING_STYLE: add languages to highlight
  • Add a workaround for a build issue with old versions of libcap
  • usernsexec: init log fd
  • cgroups: don't escape if we're not real root
  • Revert "cgroups: don't escape if we're not real root"
  • conf: fix clang warning when building w/o libcap
  • fix handler use-after-free
  • Rename ifup/down and remove usless parameter passing
  • conf: simplify lxc_fill_autodev()
  • start: always make us dumpable
  • lxclock: use thread-safe OFD fcntl() locks
  • locktests: fix test suite
  • fix signal sending in lxc.init
  • lxc init: remove dead code
  • lxc init: coding style
  • utils: define __NR_setns if missing on old glibcs
  • conf: ret-try devpts mount without gid=5 on error
  • do_lxcapi_create: set umask
  • Fix the memory leak in cgfsng_attach
  • Fix memory leak in list_active_containers
  • coverity: #1435208
  • coverity: #1435207
  • coverity: #1435205
  • coverity: #1435198
  • lxccontainer: use thread-safe OFD locks
  • lxccontainer: non-functional changes
  • lxccontainer: do_lxcapi_is_running()
  • lxccontainer: do_lxcapi_freeze()
  • lxccontainer: do_lxcapi_unfreeze()
  • lxccontainer: non-functional changes
  • lxccontainer: non-functional changes
  • lxccontainer: non-functional changes
  • coverity: #1435263
  • fix logic for execute log file
  • execute: use static buffer
  • execute: do not check inherited fds again
  • lxc-unshare: add missing declaration
  • execute: account for -o path option count
  • genl: remove
  • coverity: #1425744
  • utils: account for terminating \0 byte
  • network: silence gcc-8
  • network: adhere to IFNAMSIZ limit
  • autodev: adapt to changes in Linux 4.18
  • strlcpy: add strlcpy() implementation
  • tree-wide: s/strncpy()/strlcpy()/g
  • CODING_STYLE: add section about using strlcpy()
  • tools: s/strncpy()/strlcpy()/g
  • Revert "tools: s/strncpy()/strlcpy()/g"
  • coverity: #1435604
  • coverity: #1435603
  • coverity: #1425836
  • coverity: #1248106
  • coverity: #1425844
  • config: allow read-write /sys in user namespace
  • capabilities: raise ambient capabilities
  • coverity: #1425802
  • lxc-init: skip signals that can't be caught
  • tree-wide: s/sigprocmask/pthread_sigmask()/g
  • utils: fix task_blocking_signal()
  • lxccontainer: fix fd leaks when sending signals
  • confile: order architectures
  • tools: fix lxc-create with global config value
  • tools: fix lxc-create with global config value II
  • coverity: #1435805
  • coverity: #1435803
  • utils: fix task_blocking_signal()
  • network: fix socket handle leak
  • conf: va_end was not called.
  • confile: improve strprint()
  • start: fix waitpid() blocking issue
  • start: log unknown info.si_code
  • tree-wide: handle EINTR in some read()/write()
  • conf: copy mountinfo for remount_all_slave()
  • support tls in cross-compile
  • Fix typo
  • coverity: #1425777
  • coverity: #1425779
  • coverity: #1425794
  • coverity: #1425795
  • coverity: #1425841
  • coverity: #1425849
  • coverity: #1425836
  • conf: only use newuidmap and newgidmap when necessary
  • arguments: improve some operations
  • coverity: #1425781
  • tools: restore lxc-create log behavior
  • fix getpwnam() thread safe issue
  • attach: fix double free
  • coverity: #1436916
  • fix getpwuid() thread safe issue
  • fix getgrgid() thread safe issue
  • coverity: #1437017
  • coverity: #1425778
  • coverity: #1425760
  • coverity: #1425766
  • coverity: #1425767
  • coverity: #1425768
  • storage: Resource leak
  • include: add getgrgid_r()
  • coverity: #1425770
  • coverity: #1425771
  • coverity: #1425789
  • coverity: #1425792
  • coverity: #1425793
  • coverity: #1425799
  • coverity: #1425810
  • coverity: #1425813
  • coverity: #1425818
  • coverity: #1425819
  • coverity: #1425824
  • coverity: #1425825
  • coverity: #1425837
  • coverity: #1425840
  • coverity: #1425846
  • coverity: #1425789
  • coverity: #1425855
  • coverity: #1437027
  • secure coding: strcpy => strlcpy
  • secure coding: network: strcpy => strlcpy
  • btrfs: fix btrfs_snapshot()
  • include: add strlcat() implementation
  • btrfs: fix get_btrfs_subvol_path()
  • secure coding: #2 strcpy => strlcpy
  • fix fd handle leak
  • fix pointer c is dereferenced after checking null
  • commands: simplify lxc_cmd()
  • monitor: change exit() => _exit() system call in child process
  • move some comments in lxc.spec.in
  • log: add lxc_log_strerror_r macro
  • log: account for Android's Bionic's strerror_r()
  • CODING_STYLE: add section about using strlcat()
  • coverity: #1425816
  • start: don't unconditionally open("/dev/null")
  • log: thread-safety backports
  • attach: simplify lxc_attach_getpwshell()
  • coverity: #1437936
  • coverity: #1437935
  • lxclock: change error log using strerror to SYSERROR
  • conf: the atime flags are locked in userns
  • coverity: #1438067
  • change log macro of error case from lxc_ambient_caps_up/down
  • nl: avoid NULL pointer dereference
  • conf: s/pipe()/pipe2()/g
  • conf: always close pipe in run_userns_fn()
  • criu: s/pipe()/pipe2()/
  • lxccontainer: cleanup do_lxcapi_get_interfaces()
  • lxccontainer: s/pipe()/pipe2()/g
  • cmd: s/pipe()/pipe2()/g
  • cmd: s/write()/lxc_write_nointr()/g
  • cmd: s/read()/lxc_read_nointr()/g
  • criu: s/read()/lxc_read_nointr()/g
  • criu: s/write()/lxc_write_nointr()/g
  • lxccontainer: s/write()/lxc_write_nointr()/g
  • lxccontainer: s/read()/lxc_read_nointr()/g
  • network: s/read()/lxc_read_nointr()/g
  • network: s/write()/lxc_write_nointr()/g
  • sync: s/read()/lxc_read_nointr()/g
  • sync: s/write()/lxc_write_nointr()/g
  • log: handle EINTR in read()
  • caps: handle EINTR in read()
  • coverity: #438136
  • READEM: update Serge's mail address
  • MAINTAINERS: add Wolfgang Bumiller
  • CONTRIBUTING: Update reference to kernel coding style
  • CONTRIBUTING: Link to latest online kernel docs
  • CONTRIBUTING: Direct readers to CODING_STYLE.md
  • CODING_STYLE: Mention kernel style in introduction
  • CONTRIBUTING: Add 'be' to fix grammar
  • CODING_STLYE: Simplify explanation for use of 'extern'
  • CODING_STLYE: Remove sections implied by 'kernel style'
  • CODING_STYLE: Fix non-uniform heading level
  • CODING_STYLE: Update section header format
  • autotools: add --{disable,enable}-thread-safety
  • attach: don't shutdown ipc socket in child
  • attach: report standard shell exit codes
  • storage: src cannot be truncated
  • commands: backport robust infrastructure
  • Fixing compile error when compiling for android
  • Fixing hooks functionality Android where 'sh' is placed under /system/bin
  • caps: check uid and euid
  • CVE-2019-5736 (runC): rexec callers as memfd
  • rexec: don't include non-existing header
  • utils: add missing sealing flags
  • include: add fexecve() for Android's Bionic
  • fexecve: remove unnecessary #ifdef
  • fexecve: use correct name
  • rexec: handle legacy kernels
  • cve-2019-5736: add test for rexec
  • change version to 2.0.10 in configure.ac
  • autotools: handle getgrgid_r on bionic
  • autotools: add memory_utils.h to Makefile.am
  • change version to 2.0.11 in configure.ac

Downloads

The release tarballs may be found on our download page and we expect most distributions will very soon ship a packaged version of LXC 2.0.11.

Should you be interested in individual changes or just looking at the detailed development history, our stable branch is on Github.

LXC 3.1 has been released

14th of December 2018

Introduction

The LXC team is pleased to announce the release of LXC 3.1.0!

This is an intermediary feature release and not one of our major LTS releases or LTS bugfix releases. We plan on doing more of those in the future, but note that support on those releases will be limited as we mostly focus on LTS for production environments.

New features

enable various remount options with AppArmor

Read-write bind mounts need to be restricted for some paths in order to avoid MAC restriction bypasses, but read-only bind mounts shouldn't have that problem. Additionally, combinations of nosuid, nodev and noexec flags shouldn't be a problem either and are required with newer systemd versions, so let's allow those as long as they're combined with ro,remount,bind.

Make use of the new socket option, NETLINK_DUMP_STRICT_CHK, that userspace can use via setsockopt() to request strict checking of headers and attributes on dump requests.

To get dump features such as kernel side filtering based on data in the header or attributes appended to the dump request, userspace must call setsockopt() for NETLINK_DUMP_STRICT_CHK and a non-zero value. This is necessary to make use of the IFA_TARGET_NETNSID property used to efficiently retrieve information from network namespaces by LXC.

allocate new keyring on startup

To isolate and protect the hosts keyring each LXC container will try to allocate a new keyring for itself on startup.

full cgroup2 support

LXC has supported cgroup2 for a while now without adhering to its strict delegation model. Now, LXC is ready to fully support it.

implement efficient way to retrieve network devices and addresses from containers

Based on kernel work done by the LXD team it is now possible to query a network namespace without having to perform costly fork() and setns() syscalls. Instead, the network namespace is identified by a network namespace identifier. As such a new network namespace aware version and very improved and safe version of getifaddrs() named netns_getifaddrs() is introduced that LXC uses. It is a strict superset of getifaddrs().

introduce lxc_has_api_extension() into the API

Going forward each new API addition will be given a unique name that can be passed to lxc_has_api_extension(). This is modeled after LXD's API extension checks. This allows API users to query the given LXC instance whether a given API extension is supported.

add lxc.cgroup.relative configuration key

This adds the new lxc.cgroup.relative config key. The key can be used to instruct LXC to never escape to the root cgroup. This makes it easy for users to adhere to restrictions enforced by cgroup2 and systemd. Specifically, this makes it possible to run LXC containers as systemd services.

allocate new network namespace identifier on startup

Each container will now have a unique network namespace identifier assigned on startup. This can be used by LXC to siginficantly speed up operations performed on network namespaces (e.g. network device configuration and retrieval).

add lxc.rootfs.managed configuration key

This introduces a new config key which can be used to indicate whether this LXC instance is managing the container storage. If LXC is not managing the storage then LXC will not modify the container storage. For example, an API call to c->destroy(c) will then run any destroy hooks but will not destroy the actual rootfs (Unless, of course, the hook does so behind LXC's back.).

removal of all VLAs

LXC is now compiled with -Wvla by default.

AppArmor profile generation

This copies lxd's AppArmor profile generation. This tries to detect features such as cgroup namespaces, AppArmor namespaces and stacking support, and has profile parts conditionally for unprivileged containers.

This introduces the following changes to the configuration: - lxc.apparmor.profile = generated The fixed value 'generated' will cause this functionality to be used, otherwise there should be no functional changes happening unless specifically requested with the next key. - lxc.apparmor.allow_nesting This is a boolean which, if enabled, causes the following changes: When generated AppArmor profiles are used, they will contain the necessary changes to allow creating a nested container. In addition to the usual mount points, /dev/.lxc/proc and /dev/.lxc/sys will contain procfs and sysfs mount points without the lxcfs overlays, which, if generated AppArmor profiles are being used, will not be read/writable directly. - lxc.apparmor.raw A list of raw AppArmor profile lines to append to the profile. Only valid when using generated profiles.

In order for apparmor_parser's cache to be of use, this adds a --with-apparmor-cache-dir ./configure option.

add mount injection api

This work has been done as part of the bachelor thesis of LizaTretyakova. The team is very happy and thankful for this outstanding work!

Being able to dynamically interact with mounts while a container is running has been a long-standing request from users and something we have supported in LXD for a long time now. This feature enables the following main use-cases: - Injecting a mount into a running container This lets users dynamically add mounts to a container. An example would be adding a new dedicated storage device to the container before it runs out of disk space. - Enabling device hotplug Interacting with mounts at container runtime is also necessary in order to add new devices to containers. Specifically, any privileged container that has dropped capabilities that would allow it to create device nodes (e.g. CAP_MKNOD) or any unprivileged container will not be able to create devices. This requires that such devices are created by a sufficiently privileged process on the host inside the host's namespaces and then injected as mounts into the container.

To this end two new API calls have been added:

int (*mount)(struct lxc_container *c, const char *source, const char *target,
                    const char *filesystemtype, unsigned long mountflags, const void *data,
                    struct lxc_mount *mnt);

int (*umount)(struct lxc_container *c, const char *target, unsigned long mountflags,
                      struct lxc_mount *mnt);

add lxc.monitor.signal.pdeath configuration key

Set the signal to be sent to the container's init when the lxc monitor exits. By default it is set to SIGKILL which will cause all container processes to be killed when the lxc monitor process dies. To ensure that containers stay alive even if lxc monitor dies set this to 0.

build a shared and static liblxc library

LXC will now by default build both a shared and a static library.

adapt to mknod() changes in Linux Kernel 4.18

Starting with commit

55956b59df33 ("vfs: Allow userns root to call mknod on owned filesystems.")

Linux will allow mknod() in user namespaces for userns root if CAP_MKNOD is available. However, these device nodes are useless since

static struct super_block *alloc_super(struct file_system_type *type, int flags,
                                       struct user_namespace *user_ns)
{
        /* <snip> */

        if (s->s_user_ns != &init_user_ns)
                s->s_iflags |= SB_I_NODEV;

        /* <snip> */
}

will set the SB_I_NODEV flag on the filesystem. When a device node created in non-init userns is open()ed the call chain will hit:

bool may_open_dev(const struct path *path)
{
        return !(path->mnt->mnt_flags & MNT_NODEV) &&
                !(path->mnt->mnt_sb->s_iflags & SB_I_NODEV);
}

which will cause an EPERM because the device node is located on an fs owned by non-init-userns and thus doesn't grant access to device nodes due to SB_I_NODEV. LXC has learned to correctly handle this case.

use execveat() to execute application containers

Application containers rely on a minimal init system to run their workloads. Instead of executing it by opening a file that is bind-mounted into the container simply pass a file descriptor to execveat(). This makes application container startup safer and simpler.

enable per-thread container name prefix when logging

Now each thread that runs a different container but shares a single log file can be identified by printing the name of the container into the log.

refactor cgroup handling

This replaces the constructor implementation of cgroup handling with a simpler, thread-safe on-demand model of cgroup driver initialization. Making the cgroup initialization code run in a constructor means that each time the shared library gets mapped the cgroup parsing code gets run. That was unnecessary overhead. The cleaner implementation is to allocate a cgroup driver on demand whenever it is needed.

raise ambient capabilities when running hooks

In very restricted containers (e.g. unprivileged containers that only run with a single mapping for a non-root user) it was not possible to perform operations that require privilege during startup. By raising ambient capabilities when a hook is run it is possible to preserve priviliges accross exec.

allow to mount /sys rw in unprivileged containers

With new kernel work done by the LXD team it is now possible to send uevents inside user namespaces. This means it is time to let udev run inside containers. A pre-condition for this is that /sys is mounted rw. If it is not udev will refuse to start.

add strlcpy() and strlcat() and deprecate strncpy() and strncat()

This makes string handling safer as strlcat() and strlcpy() always return a valid string and allow to properly check for truncation.

compiler based hardening

By default LXC will turn on variety of compiler hardening options such as:

-Wimplicit-fallthrough
-Wcast-align
-Wstrict-prototypes
-fstack-clash-protection
-fstack-protector-strong
--mcet -fcf-protection
-Werror=implicit-function-declaration

thread-safety improvements

The codebase has been further hardended to be useable in multi-threaded environments

seccomp: support architecture stacking

This allows to support e.g. the following use-case and more: - 64bit kernel and 64bit userspace running 32bit containers - 64bit kernel and 32bit userspace running 64bit containers - 64bit kernel and 64bit userspace running 32bit containers running 64bit containers - ...

support application containers without uid 0 in the container

This allows to start containers that do not have a mapping for uid 0 inside of the container. Here's an example config:

lxc.include = /usr/share/lxc/config/common.conf
lxc.include = /usr/share/lxc/config/userns.conf
lxc.arch = linux64
lxc.rootfs.path = dir:/home/brauner/.local/share/lxc/c1/rootfs
lxc.uts.name = c1
lxc.net.0.type = empty
lxc.hook.mount =

# Only map uid and gid 1000 on the host to uid and gid 1001 inside the container.
lxc.idmap = u 1001 1000 1
lxc.idmap = g 1001 1000 1

# Switch to uid and gid 1001 in the container.
lxc.init.uid = 1001
lxc.init.gid = 1001

support devpts mounts on kernels without gid mount option

Older kernels do not support the gid mount option to grant access to a specific group. LXC will now handle this case automatically and only add gid = 5 if the gid mount option is supported by the kernel.

Bugfixes

LXC 3.1.0 includes all the same bugfixes as LXC 3.0.1, 3.0.2 and 3.0.3.

Support and upgrade

LXC 3.1 isn't a LTS release and so will only be supported until such time as LXC 3.2 is released. We recommend users that need a stronger support commitment to stay on one of our LTS releases.

Downloads

LXC 3.0.3 has been released

23rd of November 2018

Introduction

The LXC team is pleased to announce the release of LXC 3.0.3!

As a stable bugfix release, no major changes have been done, instead focusing on bugfixes and minor usability improvements.

Highlights

  • Improved our default build flags to make use of compiler hardening
  • Added support for netlink strict property checking on newer kernels
  • Added support for new netlink interface/address netns API
  • Added handling of the kernel keyring on startup

Bugfixes (LXC)

  • CONTRIBUTING: Update reference to kernel coding style
  • CONTRIBUTING: Link to latest online kernel docs
  • CONTRIBUTING: Direct readers to CODING_STYLE.md
  • CODING_STYLE: Mention kernel style in introduction
  • CONTRIBUTING: Add 'be' to fix grammar
  • CODING_STLYE: Simplify explanation for use of 'extern'
  • CODING_STLYE: Remove sections implied by 'kernel style'
  • CODING_STYLE: Fix non-uniform heading level
  • CODING_STYLE: Update section header format
  • cmd: Use parenthesis around complex macro
  • cmd: Use 'void' instead of empty parameter list
  • cmd: Do not use braces for single statement block
  • cmd: Fix whitespace issues
  • cmd: Use 'const' for static string constant.
  • cmd: Remove unnecessary whitespace in string
  • cmd: Put trailing */ on a separate line
  • cmd: Remove typo'd semicolon
  • cmd: Do not use comparison to NULL
  • lxc_init: s/SYSDEBUG()/SYSERROR()/g in remove_self
  • tools: lxc-attach: add default log priority & cleanups
  • tools: lxc-cgroup: add default log priority & cleanups
  • tools: lxc-checkpoint: add default log priority & cleanups
  • tools: lxc-console: add default log priority & cleanups
  • tools: lxc-create: add default log priority & cleanups
  • tools: lxc-destroy: add default log priority & cleanups
  • tools: lxc-device: add default log priority & cleanups
  • tools: lxc-execute: add default log priority & cleanups
  • tools: lxc-start: add default log priority & cleanups
  • tools: lxc-stop: add default log priority & cleanups
  • tools: lxc-freeze: add default log priority & cleanups
  • tools: lxc-unfreeze: add default log priority & cleanups
  • storage_utils: move duplicated function from tools
  • tools: fix lxc-execute command parsing
  • lseek - integer overflow
  • cmd: lxc-user-nic: change log macro & cleanups
  • cmd: lxc-usernsexec reorder includes
  • cmd: move declarations to macro.h
  • cmd: use utils.{c,h} helpers in lxc-usernsexec
  • cmd: simplify lxc-usernsexec
  • cmd: use safe number parsers in lxc-usernsexec
  • macro: add missing headers
  • macro: add macvlan properties
  • tools: Indicate container startup failure
  • storage: exit() => _exit(). when exec is failed, child process needs to use _exit()
  • tools: lxc-wait: add default log priority & cleanups
  • conf: fix path/lxcpath mixups in tty setup
  • cmd: use goto for cleanup in lxc-usernsexec
  • cmd: Do not reassign variable before it is used
  • cmd: Reduce scope of 'count' variable
  • cmd: Fix format issues found by clang-format
  • list: fix indent
  • utils: split into {file,string}_utils.{c,h}
  • pam_cgfs: build from the same sources as liblxc
  • conf: fix devpts mounting when fully unprivileged
  • macro: s/rexit()/_exit()/g
  • attach: move struct declaration to top
  • macro: move macros from attach.c
  • Makefile: don't allow undefined symbols
  • autotools: check if compiler is new enough
  • log: handle strerror_r() versions
  • autotools: add --{disable,enable}-thread-safety
  • log: fail build on ENFORCE_THREAD_SAFETY error
  • {file,string}_utils: remove NO_LOG
  • initutils: remove useless comment
  • string_utils: remove unnecessary include
  • string_utils: remove unused headers
  • string_utils: add remove_trailing_slashes()
  • Makefile: remove last pam_cgfs special-casing
  • conf: add missing headers
  • Fix typo
  • ifaddrs: add safe implementation of getifaddrs()
  • Makefile: conditionalize ifaddrs.h inclusion
  • execute: skip lxc-init logging when unprivileged
  • execute: pass /proc/self/fd/
  • tests: cleanup get_item.c
  • build: fix musl
  • configure: reorder header checks
  • compiler: add compiler.h header
  • commands: return -1 on lxc_cmd_get_init_pid() err
  • tests: add basic.c
  • tests: cleanup Makefile
  • commands: ensure -1 is sent on EPIPE for init pid
  • macro: add LXC_AUDS_ADDR_LEN
  • macro: move LXC_CMD_DATA_MAX from commands.h
  • macro: add PTR_TO_INT() and INT_TO_PTR()
  • macro: add INTTYPE_TO_STRLEN()
  • caps: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
  • cgfsng: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
  • confile: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
  • log: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
  • lsm: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
  • macro: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
  • lxccontainer: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
  • monitor: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
  • network: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
  • string_utils: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
  • utils: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
  • tools: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
  • conf: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
  • tests: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
  • macro: final INTTYPE_TO_STRLEN() related cleanups
  • macro: coding style fixes
  • Makefile: correctly add ifaddrs to noinst_HEADERS
  • start: remove duplicate macros
  • caps: move macros to macro header
  • string_utils: use UINT64_MAX macro
  • tree-wide: use sizeof on static arrays
  • Revert "tree-wide: use sizeof on static arrays"
  • commands: pass around intmax_t
  • commands: assign before converting to pointer
  • macro: calculate buffer lengths correctly
  • Revert "Revert "tree-wide: use sizeof on static arrays""
  • macro: move MS_* macros
  • caps: fix illegal access to array bound
  • utils: defensive programming
  • nl: remove duplicated define
  • syntax error: mismatch brace
  • commands: better error message
  • file_utils: add lxc_recv_nointr()
  • commands: switch to setting errno and returning -1
  • log: do not clobber errno
  • log: save errno on strerror_r()
  • tree-wide: s/recv()/lxc_recv_nointr()/g
  • file_utils: add lxc_send_nointr()
  • tree-wide: s/send()/lxc_send_nointr()/g
  • nl: save errno on lxc_netns_set_nsid()
  • log: log_append_logfile() add new error path
  • lxccontainer: fix dereferenced pointer
  • lxc: fix build with --disable-werror
  • utils: improve get_ns_uid() and add get_ns_gid()
  • utils: improve lxc_switch_uid_gid()
  • log: support dlog
  • attach: handle id switching smarter
  • start: avoid unnecessary syscalls
  • utils: make lxc_setgroups() return bool
  • utils: make lxc_switch_uid_gid() return bool
  • lxccontainer: use correct pid_t type
  • conf: remove extra MS_BIND with sysfs:mixed
  • network: use correct type in lxc_netns_set_nsid()
  • network: add lxc_netns_get_nsid()
  • remove unused variables
  • file_utils: remove unused function
  • network: minor tweaks
  • add compile flags for dlog
  • log: add common functions
  • log: add additional info of dlog
  • attach: don't shutdown ipc socket in child
  • security: fix too wide or inconsistent non-owner permissions
  • attach: report standard shell exit codes
  • af_unix: add function to remove duplicated codes for set sockaddr
  • lxccontainer: remove locks from set_cgroup_item()
  • lxccontainer: remove locks from get_cgroup_item()
  • apparmor: account for specified rootfs path (closes #2617)
  • conf: realpath() uses null as second parameter to prevent buffer overflow
  • start: s/backgrounded/daemonize/g
  • cgfsng: mark ops with __cgfsng_ops__ attribute
  • autotools: add -Wimplicit-fallthrough
  • cgroup: rename container specific cgroup functions
  • cgroups: s/fullcgpath/container_full_path/g
  • cgroups: add missing string.h include
  • cgroups: s/base_cgroup/container_base_path/g
  • autotools: fix wrong AX_CHECK_COMPILE_FLAG test
  • compiler: s/__fallthrough__/__fallthrough/g
  • compiler: s/__noreturn__/__noreturn/g
  • cgfsng: s/__cgfsng_ops__/__cgfsng_ops/g
  • macro: add STRLITERALLEN() and STRARRAYLEN()
  • tree-wide: replace sizeof() with SIZEOF2STRLEN()
  • compiler: __attribute__((noreturn)) on bionic
  • autotools: support -Wcast-align
  • autotools: support -Wstrict-prototypes
  • network: add netns_getifaddrs() implementation
  • tree_wide: switch to netns_getifaddrs()
  • netns_ifaddrs: mark casts as safe
  • autotools: fix lxc_user_nic build
  • stop: Only freeze if freezer is available
  • doc: tweak documentation a little
  • cgfsng: set errno to ENOENT on get_hierarchy()
  • cgfsng: s/cgfsng_destroy/cgfsng_payload_destroy/g
  • cgfsng: s/25/INTTYPE_TO_STRLEN(pid_t)/g
  • compiler: fix __noreturn on bionic
  • compiler: add __hot attribute
  • netns_ifaddrs: fix missing include
  • autools: prevent dlog build on stable branch
  • tree-wide: fix includes to fix bionic builds
  • template: oci template supports for char user info
  • btrfs: fix btrfs containers
  • oci-template: Add logic for no /etc/passwd, group
  • configure: fix -Wimplicit-fallthrough check
  • utils: add lxc_setup_keyring()
  • autotools: support -z relro and -z now
  • netns_ifaddrs: handle IFLA_STATS{64} correctly
  • syscall_wrappers: add pivot_root()
  • raw_syscalls: add lxc_raw_execveat()
  • raw_syscalls: add lxc_raw_clone{_cb}()
  • raw_syscalls: add lxc_raw_getpid()
  • autotools: fix lxc init build
  • autotools: fix lxc-monitord build
  • autotools: fix lxc-user-nic build
  • autotools: fix lxc-usernsexec build
  • tests: add missing build dependencies
  • netns_ifaddrs: only use struct rtnl_link_stats64
  • cgroups: remove unnecessary line
  • netns_iaddrs: remove unused functions
  • parse: prefault config file with MAP_POPULATE
  • cgfsng: avoid tiny race window
  • utils: fix lxc_set_death_signal()
  • cgfsng: handle v1 cpuset hierarchy first
  • syscall_wrappers: move memfd_create()
  • syscall_wrappers: move setns()
  • syscall_wrappers: move sethostname()
  • syscall_wrappers: move unshare()
  • syscall_wrappers: move signalfd()
  • raw_syscalls: move lxc_raw_gettid()
  • tools: lxc-start: remove unused argument
  • tools: lxc-unshare: remove unnecessary initialization
  • parse: remove access() check
  • parse: report errors when failing config parsing
  • macro: add PATH_MAX
  • cmd: s/MAXPATHLEN/PATH_MAX/g
  • conf: s/MAXPATHLEN/PATH_MAX/g
  • confile: s/MAXPATHLEN/PATH_MAX/g
  • log: s/MAXPATHLEN/PATH_MAX/g
  • lxccontainer: s/MAXPATHLEN/PATH_MAX/g
  • macro: s/MAXPATHLEN/PATH_MAX/g
  • network: s/MAXPATHLEN/PATH_MAX/g
  • pam: s/MAXPATHLEN/PATH_MAX/g
  • start: s/MAXPATHLEN/PATH_MAX/g
  • terminal: s/MAXPATHLEN/PATH_MAX/g
  • utils: s/MAXPATHLEN/PATH_MAX/g
  • storage: s/MAXPATHLEN/PATH_MAX/g
  • tools: s/MAXPATHLEN/PATH_MAX/g
  • attach: reset signal mask
  • start: change log level
  • file_utils: fix too wide or inconsistent non-owner permissions
  • attach: fix missing pthread.h include
  • macro: add NETLINK_DUMP_STRICT_CHK
  • macro: add SOL_NETLINK
  • netns_ifaddrs: check for NETLINK_DUMP_STRICT_CHK
  • parse: do not mask failed parse
  • test: test invalid config keys
  • confile: remove unused variable
  • parse: fix uninitialized pointer access
  • fix rpm packaging error for static library
  • fix post section script error for rpm install
  • conf: log prlimit setup
  • conf: verify_start_hooks() after lxc.mount.entry
  • checkpoint: fix running do_dump()
  • monitor: log cleanups
  • monitor: checking name too long to make monitor sock name
  • commands_utils: improve code redundancy to make abstract unix socket name
  • monitor: fix coding standard
  • autools: use -fno-strict-aliasing
  • checkconfig: Handle missing kernel version
  • lxc-init: log to /dev/console
  • autotools: fix --disable-commands builds
  • string_utils: fix global buffer overflow issue
  • include: simplify strlcpy()
  • raw_syscalls: ensure function always returns value
  • confile: fix append_unexp_config_line()
  • parse: protect against config updates during parse
  • parse: fix uninitialized value
  • tree-wide: coding style fixes
  • start: simplify
  • autotools: compiler based hardening
  • coverity: update .travis.yml
  • coverity: update .travis.yml
  • coverity: update .travis.yml
  • coverity: update .travis.yml
  • coverity: update .travis.yml
  • confile: do not overwrite global variable
  • commands: simplify
  • cgfsng: move increment out of branch
  • monitord: do not hide global variable
  • tools/lxc_copy: do not hide global variable
  • tools/lxc_top: do not hide global variable
  • tools/lxc_info: do not hide global variable
  • state: remove tautological check
  • conf: remove tautological check
  • conf: use O_CLOEXEC in lxc_pivot_root()
  • conf: remove tautological check
  • lxccontainer: remove check from goto target
  • start: prevent values smaller 0
  • tools/lxc_stop: use correct check
  • cmd/lxc_init: do not hide global variable
  • coverity: #1440391
  • coverity: #1440389
  • coverity: #1426130
  • storage_utils: add error handling
  • storage_utils: cleanups
  • storage_utils: use _exit() instead of exit() in child process
  • parse: cleanups
  • dlog: inherit dlog fds
  • spelling: allocate
  • spelling: ambiguous
  • spelling: answer
  • spelling: architecture
  • spelling: array
  • spelling: asynchronous
  • spelling: backingstorage
  • spelling: capabilities
  • spelling: character
  • spelling: checkpoint
  • spelling: comma
  • spelling: command
  • spelling: committer
  • spelling: configuration
  • spelling: constant
  • spelling: container
  • spelling: control
  • spelling: convenience
  • spelling: could
  • spelling: describing
  • spelling: device
  • spelling: exiting
  • spelling: explicitly
  • spelling: feature
  • spelling: github
  • spelling: hierarchy
  • spelling: hoops
  • spelling: ifindices
  • spelling: implementations
  • spelling: inherited
  • spelling: initialize
  • spelling: javascript
  • spelling: keepdata
  • spelling: libraries
  • spelling: loglevel
  • spelling: namespace
  • spelling: otherwise
  • spelling: output
  • spelling: overlayfs
  • spelling: overridden
  • spelling: override
  • spelling: passphrase
  • spelling: perhaps
  • spelling: pertains
  • spelling: portion
  • spelling: potentially
  • spelling: returns
  • spelling: root
  • spelling: securityfs
  • spelling: snapshotting
  • spelling: specified
  • spelling: specify
  • spelling: subtracting
  • spelling: successfully
  • spelling: syscall
  • spelling: timeout
  • spelling: unsigned
  • spelling: userns
  • spelling: without
  • lxcmntent: coding rules
  • string_utils: coding rules
  • log: fix too wide or inconsistent non-owner permissions
  • coverity: move to separate branch
  • include: correctly include macro.h
  • Fix spacing error in namespace.c
  • caps: replace read with lxc_read_nointr
  • log: replace write with lxc_write_nointr
  • dlog: move match_dlog_fds()
  • conf: s/ty/tty/g
  • pam_cgfs: remove redundancy file utils
  • cgfs: remove redundancy utils
  • pam_cgfs: remove dependency from cap & log
  • utils: fix coding styles
  • utils: add errno logs for exception case
  • Adds -qq flags to lvcreate commands to avoid answer 'no' to ant questions the LVM subsystem asks to avoid hanging lxc-create command
  • utils: make keyring allocation failure non-fatal
  • autotools: fix lxc-{create,copy} build
  • cgfsng: remove freezer requirement
  • start: don't call cgroup_exit() twice

Bugfixes (LXC templates)

  • alpine: Make dropping setpcap optional
  • plamo: Update the default version to 7.x
  • sabayon: Don't fail on existing directories

Bugfixes (python3 binding)

  • No changes in this release, version bump only

Support and upgrade

LXC 3.0.3 is supported until June 2023 and is our current LTS release, users are encouraged to update to the latest bugfix releases as they're made available.

Downloads

LXC 3.0.2 has been released

21st of August 2018

Introduction

The LXC team is pleased to announce the release of LXC 3.0.2!

As a stable bugfix release, no major changes have been done, instead focusing on bugfixes and minor usability improvements.

Highlights

  • Adapt to changes in Linux 4.18 which allows to create but not to open devices nodes in user namespaces
  • Allocate network namespace id on container startup
  • Build a static liblxc This is helpful to efficiently retrieve network interfaces and their addresses via Netlink.
  • Hardened thread-safety across the whole codebase
  • Added efficient strlcpy() and strlcat() implementations to all instances of strncpy() and strncat() to make string handling more secure
  • The lxc-* tools (e.g. lxc-attach, lxc-start) share symbols with the liblxc shared library This significantly reduced the size of the codebase.
  • Tree-wide coding style fixes
CVE-2018-6556

This release fixes CVE-2018-6556 via commit CVE 2018-6556: verify netns fd in lxc-user-nic: lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path.

This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys).

Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.

Bugfixes (LXC)

  • fixed a range of bugs found by Coverity
  • lxc-usernsexec: cleanup and bugfixes
  • log: add CMD_SYSINFO()
  • log: add CMD_SYSERROR()
  • state: s/sleep()/nanosleep()/
  • lxclock: improve file locking
  • lxccontainer: improve file locking
  • lxccontainer: fix F_OFD_GETLK checks
  • netlink: add __netlink_{send,recv,transaction}
  • netns: allocate network namespace id
  • MAINTAINERS: add Wolfgang Bumiller
  • CVE 2018-6556: verify netns fd in lxc-user-nic
  • pam_cgfs: cleanups
  • log: add default log priority
  • tree-wide: pass unsigned long to prctl()
  • macro: add new macro header
  • conf: mount devpts without "max" on EINVAL
  • tree-wide: handle EINTR in read() and write()
  • tree-wide: replace pipe() with pipe2()
  • confile: split mount options into flags and data
  • conf: improve rootfs setup
  • autotools: default to -Wvla -std=gnu11
  • tree-wide: remove VLAs
  • tree-wide: replace strtok_r() with lxc_iterate_parts()
  • utils: add lxc_iterate_parts()
  • apparmor: allow start-container to change to lxc-**
  • apparmor: update current profiles
  • apparmor: Allow /usr/lib* paths for mount and pivot_root
  • conf: the atime flags are locked in userns
  • conf: handle partially functional device nodes
  • conf: create /dev directory
  • autotools: build both a shared and static liblxc
  • namespace: add api to convert namespaces to standard identifiers
  • tree-wide: set MSG_NOSIGNAL
  • tree-wide: use mknod() to create dummy files
  • cgfsng: respect lxc.cgroup.use
  • cgroups: remove is_crucial_cgroup_subsystem()
  • tree-wide: remove unneeded log prefixes
  • tests: cleanup all tests
  • terminal: set FD_CLOEXEC on pty file descriptors
  • conf: simplify lxc_setup_dev_console()
  • tools: rework tools
  • autodev: adapt to changes in Linux 4.18
  • log: change DEBUG, INFO, TRACE, NOTICE macro using strerror to SYS* macro
  • log: add lxc_log_strerror_r macro
  • network: unpriv lxc will run lxc.net.[i].script.up now
  • conf: only use newuidmap and newgidmap when necessary
  • autotools: support tls in cross-compile

Bugfixes (LXC templates)

  • fedora: support Fedora 28
  • templates: opensuse: Add support for openSUSE Leap 15
  • templates: opensuse: Drop support for EOL distributions
  • templates: lxc-opensuse.in: Ensure cache is fully populated
  • templates: lxc-opensuse.in: Fix openSUSE Leap 15 cache url

Bugfixes (python3 binding)

  • Fix typo in README.md

Support and upgrade

LXC 3.0.2 is supported until June 2023 and is our current LTS release, users are encouraged to update to the latest bugfix releases as they're made available.

Downloads

LXC 3.0.1 has been released

4th of June 2018

Introduction

The LXC team is pleased to announce the release of LXC 3.0.1!

As a stable bugfix release, no major changes have been done, instead focusing on bugfixes and minor usability improvements.

Highlights

  • Improvement in thread safety of various part of liblxc
  • Lots of bugfixes for issues identified by Coverity
  • Several improvements to Seccomp handling, especially related to personalities
  • Support for GCC 8

Bugfixes (LXC)

  • tools: fix unitialized variable
  • storage: fix lvm fs uuid generation
  • lxc-oci: fix Cmd/Entrypoint parsing
  • lxc-oci: make umoci less verbose
  • lxclock: use thread-safe OFD fcntl() locks
  • locktests: fix test suite
  • conf: ensure umounts don't propagate to host
  • doc: Tweak Japanese translation in lxc.container.conf(5)
  • fix signal sending in lxc.init
  • rootfs pinning: On NFS, make file hidden but don't delete it
  • conf: fix temporary file creation
  • ringbuf: fix temporary file creation
  • Fix compilation with static libcap and shared gnutls
  • attach: always drop supplementary groups
  • lxc init: remove dead code
  • storage/rsync: free memory on error
  • tools/utils: free memory on error
  • lxc init: coding style
  • utils: define __NR_setns if missing on old glibcs
  • attach: try to always drop supplementary groups
  • conf: ret-try devpts mount without gid=5 on error
  • execute: fix app containers without root mapping
  • conf: fix net type checks in run_script_argv()
  • seccomp: handle arch inversion
  • seccomp: handle all errors
  • seccomp: cleanup compat architecture handling
  • seccomp: improve logging
  • tools: document -d/--daemonize for lxc-execute
  • seccomp: non-functional changes
  • seccomp: handle arch inversion II
  • lxc-oci: mkdir the download directory
  • do_lxcapi_create: set umask
  • lxc/tools/lxc_monitor: include missing
  • pam-cgfs: ignore the system umask when creating the cgroup hierarchy
  • Also pass action scripts to CRIU on checkpointing
  • Fix the memory leak in cgfsng_attach
  • Fix memory leak in list_active_containers
  • Fix tool_utils.c build when HAVE_SETNS is unset
  • coverity: #1435210
  • coverity: #1435208
  • coverity: #1435207
  • coverity: #1435206
  • coverity: #1435205
  • coverity: #1435203
  • coverity: #1435200
  • coverity: #1435198
  • coverity: #1426734
  • lxccontainer: non-functional changes
  • lxccontainer: use thread-safe OFD locks
  • lxccontainer: non-functional changes
  • lxccontainer: do_lxcapi_is_running()
  • lxccontainer: do_lxcapi_freeze()
  • lxccontainer: do_lxcapi_unfreeze()
  • lxccontainer: non-functional changes
  • lxccontainer: use thread-safe open() + write()
  • lxccontainer: non-functional changes
  • lxccontainer: non-functional changes
  • lxccontainer: non-functional changes
  • coverity: #1435263
  • fix logic for execute log file
  • utils: add LXC_PROC_PID_FD_LEN
  • execute: use static buffer
  • execute: do not check inherited fds again
  • add some TRACE/ERROR reporting
  • execute: account for -o path option count
  • execute: set init_path when existing init is found
  • genl: remove
  • coverity: #1248104
  • coverity: #1248105
  • coverity: #1425744
  • utils: account for terminating \0 byte
  • confile: satisfy gcc-8
  • network: silence gcc-8
  • network: adhere to IFNAMSIZ limit
  • support case ignored suffix for sizes
  • utils: fix parse_byte_size_string() coding style
  • strlcpy: add strlcpy() implementation
  • tree-wide: s/strncpy()/strlcpy()/g
  • CODING_STYLE: add section about using strlcpy()
  • tools: s/strncpy()/strlcpy()/g
  • Revert "tools: s/strncpy()/strlcpy()/g"
  • tools: s/strncpy()/memcpy()/
  • doc: Add "-d/--daemon" option to Japanese lxc-execute(1)
  • doc: Fix size unit style in Japanese lxc.container.conf(5)
  • coverity: #1435604
  • coverity: #1435603
  • coverity: #1435602
  • coverity: #1425844
  • config: allow read-write /sys in user namespace
  • coverity: #1425836
  • coverity: #1248106
  • capabilities: raise ambient capabilities
  • coverity: #1425802
  • cgroups: refactor cgroup handling
  • cgroups: remove freezer_state()
  • seccomp: #ifdef SCMP_ARCH_AARCH64
  • conf: simplify write_id_mapping()
  • log: enable per-thread container name prefix
  • lxc-init: skip signals that can't be caught
  • execute: use execveat() syscall if supported
  • tools: only create log file when requested
  • seccomp: fix off-by-one error in array allocation for sscanf
  • seccomp: remove confusing comment line
  • seccomp: remove unnecessary memset
  • seccomp: fix type mismatch when parsing syscall arguments filters
  • lxcseccomp: cleanup header
  • seccomp: parse_config_v1()
  • utils: add remove_trailing_newlines()
  • seccomp: get_v2_default_action()
  • seccomp: get_action_name()
  • seccomp: get_v2_action()
  • seccomp: fix get_seccomp_arg_value()
  • seccomp: parse_v2_rules()
  • seccomp: move #ifdefines
  • seccomp: get_hostarch()
  • seccomp: scmp_filter_ctx get_new_ctx()
  • seccomp: do_resolve_add_rule()
  • seccomp: parse_config_v2()
  • seccomp: parse_config()
  • seccomp: lxc_read_seccomp_config()
  • tree-wide: s/sigprocmask/pthread_sigmask()/g
  • utils: fix task_blocking_signal()
  • lxccontainer: fix fd leaks when sending signals
  • confile: order architectures
  • start: log setns() failure
  • seccomp: leak fixup
  • seccomp: re-add action parse error handling
  • seccomp: refactor line handling of parse_config
  • seccomp: error on unrecognized actions
  • seccomp: lxc_read_seccomp_config()
  • seccomp: parse_v2_rules()
  • seccomp: make do_resolve_add_rule() more strict
  • tools: fix lxc-create with global config value
  • tools: fix lxc-create with global config value II
  • coverity: #1435806
  • coverity: #1435805
  • coverity: #1435803
  • coverity: #1435747
  • conf: non-functional changes
  • conf: make is_execute a boolean
  • conf: non-functional changes
  • conf: make close_all_fds a boolean
  • conf: reshuffle mount members
  • conf: simplify tty handling
  • conf: pts -> pty_max
  • conf: non-functional changes
  • utils: fix task_blocking_signal()
  • network: fix socket handle leak
  • start: do not init ns_clone_flags to -1
  • conf: ensure lxc_delete_tty() does not crash
  • start: add reboot macros
  • conf: make root idmap structs const
  • conf: make tmp_umount_proc bool
  • conf: non-functional changes
  • conf: va_end was not called.
  • confile: improve strprint()
  • change defines for return value of handlers
  • start: fix waitpid() blocking issue
  • start: log unknown info.si_code
  • tree-wide: fix mode of some files
  • confile_utils: apply strprint()
  • templates: actually create DOWNLOAD_TEMP directory
  • templates: fix download template
  • Patch lxc-update-config

Bugfixes (LXC templates)

  • sshd: Use lxc.autodev
  • sshd: Pass the container name to the init script

Support and upgrade

LXC 3.0.1 is supported until June 2023 and is our current LTS release, users are encouraged to update to the latest bugfix releases as they're made available.

Downloads

LXC 3.0.0 has been released

27th of March 2018

Introduction

The LXC team is pleased to announce the release of LXC 3.0.0!

This is the result of over 6 months of intense work since the LXC 2.1.0 release This is the third LTS release for the LXC project and will be supported until June 2023.

Major changes

All commands support lxc-start <container-name> syntax

The LXC tools now support passing the container name without the -n command line flag. For example, you can now run:

chb@conventiont|~
> lxc-start xenial

chb@conventiont|~
> lxc-info xenial
Name:           xenial
State:          RUNNING
PID:            12765
Memory use:     15.24 MiB
KMem use:       3.72 MiB
Link:           veth99VMO3
 TX bytes:      858 bytes
 RX bytes:      2.49 KiB
 Total bytes:   3.33 KiB

chb@conventiont|~
> lxc-attach xenial
root@xenial:/# exit

chb@conventiont|~
> lxc-stop xenial

asciicast

Removed support for all legacy configuration keys

All legacy configuration keys are unsupported from LXC 3.0 onwards. The full list of deprecated keys and their new counterparts can be gathered from the LXC 2.1 release announcement.

The lxc-update-config tool can be used to convert an older, now invalid, configuration to the new format.

Full support for the unified cgroup hierarchy including resource limits

We are pleased to announce that LXC will fully support the new unified cgroup hierarchy (or cgroup v2, cgroup2). To this end we also introduced a new configuration key lxc.cgroup2.[controller name] to configure cgroup limits on the unified cgroup hierarchy. For detailed information you can read this blogpost.

Removal of legacy cgmanager and cgfs cgroup drivers

LXC removed the cgmanager and cgfs legacy cgroup drivers cleaning up a lot of code in the process. For detailed information you can read this blogpost.

Splitting out templates and language bindings

LXC removes the legacy template-based container build system in favor of the new project distrobuilder. For detailed information you can read this blogpost.

Note that to simplify migration, the old template scripts and configuration files remain available in a separate repository and are released along with LXC 3.0.0 as lxc-templates.

The following templates remain in the LXC 3.0 tree and are fully supported: - lxc-busybox (mostly used for testing) This is a very minimal template which can be used to setup a busybox container. As long as the busybox binary is found you can always built yourself a very minimal privileged or unprivileged system or application container image; no networking or any other dependencies required. All you need to do is: lxc-create c3 -t busybox

[<img src='/uploads/default/original/1X/3719f8fe09f03069e3741d1ba64141f3d9540b54.png' alt='asciicast'>](https://asciinema.org/a/165788)
  • lxc-download (download our pre-built images) This template lets you download pre-built images from our image servers. This is likely what currently most users are using to create unprivileged containers.
  • lxc-local (import locally build images (e.g. from distrobuilder)) This is a new template which consumes standard LXC and LXD system container images. A container can be created with: lxc-create c1 -t local -- --metadata /path/to/meta.tar.xz --fstree /path/to/rootfs.tar.xz

where the --metadata flag needs to point to a file containing the metadata for the container. This is simply the standard meta.tar.xz file that comes with any pre-built LXC container image. The --fstree flag needs to point to a filesystem tree. Creating a container is then just:

asciicast

  • lxc-oci (use OCI application container images) This is the template which can be used to download and run OCI containers. Using it is as simple as: lxc-create c2 -t oci -- --url docker://alpine Here's another asciicast:

asciicast

Moving the cgroup PAM module into the LXC tree

LXC has always supported fully unprivileged containers, i.e. unprivileged containers run by unprivileged users. An important piece in doing so was a PAM module that created writable cgroups for unprivileged users. This has been moved from the LXCFS tree into the LXC tree itself to make it even easier for users to run fully unprivileged containers. For detailed information you can read this blogpost.

New OCI template

This adds support for creating application containers from OCI formats. Examples: - create a container from a local OCI layout in ../oci:

    sudo lxc-create -t oci -n a1 -- -u oci:../oci:alpine
  • create a container pulling from the docker hub.
    sudo lxc-create -t oci -n u1 -- -u docker://ubuntu
    

asciicast

The URL is specified in the same format as for skopeo copy.

Simple and efficient ringbuffer for console logging

LXC supports logging the container's console to a file. This had the unfortunate side effect of allowing a user in the container to effectively write as much data as they wanted on the host, possibly bypassing quotas in place for the container.

This basic implementation was also somewhat annoying to query, having to read a potentially huge file which wasn't reset on container restart.

LXC 3.0 now introduces a ringbuffer for console logging. This in-memory buffer is size-limited and can be queried through a new function in the LXC API. It can be reset at any time and can be dumped to disk on container shutdown.

Allow seccomp to filter syscalls based on arguments

In order to support filtering syscalls based on arguments the seccomp version 2 specification is extended to the following form:

syscall_name action [index,value,op,valueTwo] [index,value,op]...

where the arguments of the tuple [index,value,valueTwo,op] have the following meaning:

  1. index (uint32_t): The index of the syscall argument.
  2. value (uint64_t): The value for the syscall argument specified by "index".
  3. valueTwo (uint64_t, optional): The value for the syscall argument specified by "index". This optional value is only valid in conjunction with SCMP_CMP_MASKED_EQ.
  4. op (char *): The operator for the syscall argument. Valid operators are the constants

    • SCMP_CMP_NE or (!=)
    • SCMP_CMP_LE or (<=)
    • SCMP_CMP_EQ or (==)
    • SCMP_CMP_GE or (>=)
    • SCMP_CMP_GT or (>)
    • SCMP_CMP_MASKED_EQ or (&=)

    as defined by libseccomp >= v2.3.2. For convenience liblxc also understands the standard operator notation indicated in brackets after the libseccomp constants above as an equivalent notation. Note that it is legal to specify multiple entries for the same syscall.

An example for an extended seccomp version 2 profile is:

2
blacklist allow
reject_force_umount  # comment this to allow umount -f;  not recommended
[all]
kexec_load errno 1 [0,1,SCMP_CMP_LE][3,1,==][5,1,SCMP_CMP_MASKED_EQ,1]
open_by_handle_at errno 1
init_module errno 1
finit_module errno 1
delete_module errno 1
unshare errno 9 [0,0x10000000,SCMP_CMP_EQ]
unshare errno 2 [0,0x20000000,SCMP_CMP_EQ]

Support for daemonized app containers

LXC has been running application container through a minimal init system since its first release in 2008. PID namespaces expect a functional init system capable of handling signals and reaping exiting child processes. This is why application containers always run the application as the second process. New versions of LXC will now additionally allow you to run basically any process daemonized: asciicast

Remove all internal symbols from lxc-* tools

The lxc-* tools now only entirely rely on the public LXC API.

Handle /proc being mounted with the hidepid={1,2} property

This enables attaching to containers when the host's /proc filesystem was mounted with the hidepid={1,2} option which restricts access to /proc/PID directories.

Support mount propagation for mounts

This adds support for mount propagation (private, shared, slave, unbindable, rprivate, rshared, rslave, runbindable) to mount entries specified via lxc.mount.entry and lxc.mount.fstab.

Hardened thread-safety

  • removed all mutexes
  • replaced all calls to exit() in child processes with _exit()
  • replaced all F_SETLK, F_SETLKW, F_GETLK with F_OFD_SETLK, F_OFD_SETLKW, F_OFD_GETLK open file description locks If open file descriptions locks are not available LXC will fallback to BSD flock()s.

More details can be gathered from this blogpost.

Remove aufs storage driver

The aufs storage driver has been deprecated since LXC 2.1 and is now officially removed.

Coding style and code cleanups

Code cleanups have been performed widely across the codebase based on our written down coding style.

New Configuration Keys

lxc.cgroup2.[controller name]

Specify the control group value to be set on the unified cgroup shierarchy. The controller name is the literal name of the control group. The permitted names and the syntax of their values is not dictated by LXC, instead it depends on the features of the Linux kernel running at the time the container is started, for example, lxc.cgroup2.memory.high.

lxc.hook.version

To pass the arguments in new style via environment variables set to 1 otherwise set to 0 to pass them as arguments. This setting affects all hooks arguments that were traditionally passed as arguments to the script. Specifically, it affects the container name, section (e.g. 'lxc', 'net') and hook type (e.g. 'clone', 'mount', 'pre-mount') arguments. If new-style hooks are used then the arguments will be available as environment variables. The container name will be set in LXC_NAME. (This is set independently of the value used for this config item.) The section will be set LXC_HOOK_SECTION and the hook type will be set in LXC_HOOK_TYPE. It also affects how the paths to file descriptors referring to the container's namespaces are passed. If set to 1 then for each namespace a separate environment variable LXC_[NAMESPACE IDENTIFIER]_NS will be set. If set to 0 then the paths will be passed as arguments to the stop hook.

lxc.execute.cmd

Absolute path from container rootfs to the binary to run by default. This configuration options can be set to to specify the default binary for application container started via the execute() API call and accompanies the system container based lxc.init.cmd configuration key.

lxc.init.cwd

Absolute path inside the container to use as the working directory.

lxc.proc.[proc file name]

Specify the proc file name to be set. The file names available are those listed under the /proc/PID/ directory. For example, lxc.proc.oom_score_adj = 10.

lxc.console.buffer.size

Setting this option instructs LXC to allocate an in-memory ringbuffer. The container's console output will be written to the ringbuffer. Note that ringbuffer must be at least as big as a standard page size. When passed a value smaller than a single page size LXC will allocate a ringbuffer of a single page size. A page size is usually 4kB. The keyword auto will cause LXC to allocate a ringbuffer of 128kB. When manually specifying a size for the ringbuffer the value should be a power of 2 when converted to bytes. Valid size prefixes are kB, MB, GB. (Note that all conversions are based on multiples of 1024. That means kb == KiB, MB == MiB, GB == GiB.)

lxc.console.size

Setting this option instructs LXC to place a limit on the size of the console log file specified in lxc.console.logfile. Note that size of the log file must be at least as big as a standard page size. When passed a value smaller than a single page size LXC will set the size of log file to a single page size. A page size is usually 4kB. The keyword auto will cause LXC to place a limit of 128kB on the log file. When manually specifying a size for the log file the value should be a power of 2 when converted to bytes. Valid size prefixes are kB, MB, GB. (Note that all conversions are based on multiples of 1024. That means kb == KiB, MB == MiB, GB == GiB.) If users want to mirror the console ringbuffer on disk they should set lxc.console.size equal to lxc.console.buffer.size.

lxc.console.rotate

Whether to rotate the console logfile specified in lxc.console.logfile.

relative option for lxc.mount.entry

A mountpoint specified with the relative property set will be taken to be relative to the mounted container root. For instance,

lxc.mount.entry = /dev/null proc/kcore none bind,relative 0 0

Will expand dev/null to ${LXC_ROOTFS_MOUNT}/dev/null, and mount it to proc/kcore inside the container.

force property for cgroup mounts specified via lxc.mount.auto

cgroup:mixed:force:

The force option will cause LXC to perform the cgroup mounts for the container under all circumstances. Otherwise it is similar to cgroup:mixed. This is mainly useful when the cgroup namespaces are enabled where LXC will normally leave mounting cgroups to the init binary of the container since it is perfectly safe to do so.

cgroup:ro:force:

The force option will cause LXC to perform the cgroup mounts for the container under all circumstances. Otherwise it is similar to cgroup:ro. This is mainly useful when the cgroup namespaces are enabled where LXC will normally leave mounting cgroups to the init binary of the container since it is perfectly safe to do so.

cgroup:rw:force:

The force option will cause LXC to perform the cgroup mounts for the container under all circumstances. Otherwise it is similar to cgroup:rw. This is mainly useful when the cgroup namespaces are enabled where LXC will normally leave mounting cgroups to the init binary of the container since it is perfectly safe to do so.

cgroup-full:mixed:force:

The force option will cause LXC to perform the cgroup mounts for the container under all circumstances. Otherwise it is similar to cgroup-full:mixed. This is mainly useful when the cgroup namespaces are enabled where LXC will normally leave mounting cgroups to the init binary of the container since it is perfectly safe to do so.

cgroup-full:ro:force:

The force option will cause LXC to perform the cgroup mounts for the container under all circumstances. Otherwise it is similar to cgroup-full:ro. This is mainly useful when the cgroup namespaces are enabled where LXC will normally leave mounting cgroups to the init binary of the container since it is perfectly safe to do so.

cgroup-full:rw:force:

The force option will cause LXC to perform the cgroup mounts for the container under all circumstances. Otherwise it is similar to cgroup-full:rw. This is mainly useful when the cgroup namespaces are enabled where LXC will normally leave mounting cgroups to the init binary of the container since it is perfectly safe to do so.

lxc.namespace.clone

Specify namespaces which the container is supposed to be created with. The namespaces to create are specified as a space separated list. Each namespace must correspond to one of the standard namespace identifiers as seen in the /proc/PID/ns directory. When lxc.namespace.clone is not explicitly set all namespaces supported by the kernel and the current configuration will be used.

To create a new mount, net and ipc namespace set lxc.namespace.clone = mount net ipc.

lxc.namespace.keep

Specify namespaces which the container is supposed to inherit from the process that created it. The namespaces to keep are specified as a space separated list. Each namespace must correspond to one of the standard namespace identifiers as seen in the /proc/PID/ns directory. The lxc.namespace.keep is a blacklist option, i.e. it is useful when enforcing that containers must keep a specific set of namespaces.

To keep the network, user and ipc namespace set lxc.namespace.keep = user net ipc.

Note that sharing pid namespaces will likely not work with most init systems.

Note that if the container requests a new user namespace and the container wants to inherit the network namespace it needs to inherit the user namespace as well.

lxc.namespace.share.[namespace identifier]

Specify a namespace to inherit from another container or process. The [namespace identifier] suffix needs to be replaced with one of the namespaces that appear in the /proc/PID/ns directory.

To inherit the namespace from another process set the lxc.namespace.share.[namespace identifier] to the PID of the process, e.g. lxc.namespace.share.net = 42.

To inherit the namespace from another container set the lxc.namespace.share.[namespace identifier] to the name of the container, e.g. lxc.namespace.share.pid = c3.

To inherit the namespace from another container located in a different path than the standard LXC path set the lxc.namespace.share.[namespace identifier] to the full path to the container, e.g. lxc.namespace.share.user = /opt/c3.

In order to inherit namespaces the caller needs to have sufficient privilege over the process or container.

Note that sharing pid namespaces between system containers will likely not work with most init systems.

Note that if two processes are in different user namespaces and one process wants to inherit the other's network namespace it usually needs to inherit the user namespace as well.

lxc.sysctl.[kernel parameters name]

Specify the kernel parameters to be set. The parameters available are those listed under /proc/sys/. Note that not all sysctls are namespaced. Changing Non-namespaced sysctls will cause the system-wide setting to be modified. sysctl(8). If used with no value, LXC will clear the parameters specified up to this point.

lxc.hook.start-host

A hook to be run in the host's namespace after the container has been setup, and immediately before starting the container init.

This should satisfy several use cases. One example is support for CNI. For example, replace the network configuration in a root owned container with:

lxc.net.0.type = empty
lxc.hook.start-host = /bin/lxc-start-netns

where /bin/lxc-start-netns contains:

=================================

echo "starting" > /tmp/debug
ip link add host1 type veth peer name peer1
ip link set host1 master lxcbr0
ip link set host1 up
ip link set peer1 netns "${LXC_PID}"
=================================

The nic 'peer1' was placed into the container as expected. For this to work, we pass the container init's pid as LXC_PID in an environment variable, since lxc-info cannot work at that point.

API extensions

console_log()

A new API extension

    int console_log(struct lxc_container *c, struct lxc_console_log *log);

has been added that supports interacting with the newly added in-memory ringbuffer of the container. The following struct contains available arguments and return values:

struct lxc_console_log {
    /* Clear the console log. */
    bool clear;

    /* Retrieve the console log. */
    bool read;

    /* This specifies the maximum size to read from the ringbuffer. Setting
     * it to 0 means that the a read can be as big as the whole ringbuffer.
     * On return callers can check how many bytes were actually read.
     * If "read" and "clear" are set to false and a non-zero value is
     * specified then up to "read_max" bytes of data will be discarded from
     * the ringbuffer.
     */
    uint64_t *read_max;

    /* Data that was read from the ringbuffer. If "read_max" is 0 on return
     * "data" is invalid.
     */
    char *data;
};
reboot2()

This adds reboot2() as a new API extension. This function properly wait until a reboot succeeded. It takes a timeout argument. When set to > 0 reboot2() will block until the timeout is reached, if timeout is set to zero reboot2() will not block, if set to -1 reboot2() will block indefinitely.

MIGRATE_FEATURE_CHECK for CRIU `migrate() API call

For migration optimization features like pre-copy or post-copy migration the support cannot be determined by simply looking at the CRIU version. Features like that depend on the architecture/kernel/criu combination and CRIU offers a feature checking interface to query if it is supported.

This adds a LXC interface to query CRIU for those feature via the migrate() API call. For the recent pre-copy migration support in LXD this can be used to automatically detect if pre-copy migration should be used.

In addition to the existing migrate() API commands this adds a new command: MIGRATE_FEATURE_CHECK.

The struct migrate_opts is extended by the member features_to_check which is a bitmask defining which CRIU features should be queried.

Currently only querying the features FEATURE_MEM_TRACK and FEATURE_LAZY_PAGES are supported.

add LXC_ATTACH_TERMINAL to attach() API call

Allocation of a new terminal has been moved into the API itself. Callers can now set LXC_ATTACH_TERMINAL to request to be attached to a new terminal allocated from the host's devpts mount before attaching to the container.

Support and upgrade

LXC 3.0.0 will be supported until June 2023 and our current LTS release. LXC 2.0 will now join LXC 1.0 in only getting critical bugfixes and security updates.

We strongly recommend all LXC users to plan an upgrade to the 3.0 branch. Due to the transition of libpam-cgfs to LXC, this should be done at the same time as the upgrade to LXCFS 3.0 to avoid potential conflicts.

Downloads

Contributors

The LXC 3.0.0 release was brought to you by a total of 42 contributors.

LXC 2.1.1 has been released

19th of October 2017 This is the first bugfix release for LXC 2.1.

Bugfixes:

  • apparmor: Drop useless apparmor denies
  • cgfsng: Check whether we have a conf
  • cgfsng: Fail when limits fail to apply
  • conf: Error out on too many mappings
  • conf: Ignore lxc.kmsg and lxc.pivotdir
  • conf: Make update warning opt-in
  • conf: Preserve newlines in configuration file
  • conf: Remove dead assignments in parse_idmaps()
  • conf: Remove unnecessary zeroing
  • conf: Use the proper type for rlim_t, fixing build failure on x32.
  • console: Clean tty state + return 0 on peer exit
  • console: Remove dead assignments
  • core: Introduce userns_exec_full() and port the codebase to it
  • criu: Use correct check initialization check
  • doc: Add lxc.cgroup.dir to Japanese lxc.container.conf(5)
  • doc: Add lxc-update-config manpage
  • doc: Document missing env variables
  • doc: Fix regex-typo in Japanese and Korean lxc-monitor(1)
  • doc: Fix regex-typo in lxc-monitor.sgml.in
  • doc: Translate lxc(7) into Japanese
  • doc: Translate lxc-update-config(1) into Japanese
  • execute: Enable console & standard /dev symlinks
  • init: Become session leader
  • log: Fix a format string build failure on x32.
  • log: Prevent stack smashing
  • monitor: Remove dead assignment
  • network: Add missing checks for empty links
  • network: Clear ifindeces
  • network: Non-functional changes
  • network: Remove dead assignments
  • network: Use single helper to delete networks
  • start: Don't close inherited namespace fds
  • start: Move env setup before container setup
  • start: Pass LXC_LOG_LEVEL to hooks
  • start: Remove dead variable
  • start: Set environment variables correctly
  • start: Switch ids at last possible instance
  • storage: Avoid segfault on missing lxc.rootfs.path
  • storage: Fix typo in error message
  • storage/lvm: Fix thinpool logical volumes
  • storage/overlay: Do not write to invalid memory
  • storage/overlay: Fix use after free()
  • storage/zfs: Return error directly when zfs creation fails
  • template/alpine: Change file check to also check file size (-f => -s)
  • template/archlinux: Change locale "en-US.UTF-8" to "en_US.UTF-8"
  • template/debian: Don't force getty@ configuration
  • template/plamo: Delete unnecessary process during container shutdown
  • tests: Avoid NULL pointer dereference
  • tests: Remove dead assignments
  • tests: Support systemd hybrid cgroups
  • tools: Print "-devel" when LXC_DEVEL is true
  • tools/lxc-unshare: Do not pass NULL pointer
  • tools/lxc-update-config: Remove lxc.pivotdir and lxc.kmsg entries
  • tools/lxc-update-config: Strip lxc.rootfs.backend and properly handle IPv4 addresses
  • tools/lxc-user-nic: Remove double initialization
  • tools/lxc-usernsexec: Remove dead assignments
  • utils: Do not write to 0 sized buffer
  • utils: Duplicate stderr as well in lxc_popen()
  • utils: Fix lxc_popen()/lxc_pclose()
  • utils: Remove dead assignments in lxc_popen()

Downloads

The release tarballs may be found on our download page and we expect most distributions
will very soon ship a packaged version of LXC 2.1.1.

Should you be interested in individual changes or just looking at the detailed development history,
our stable branch is on Github.

LXC 2.0.9 release announcement

19th of October 2017 This is the nineth bugfix release for LXC 2.0.

Bugfixes:

  • apparmor: Allow containers to start in AppArmor namespaces
  • apparmor: Drop useless apparmor denies
  • caps: Move ifndef/define to the top
  • cgfsng: Fail when limits fail to apply
  • cgfsng: Log when we defer to cgfsng
  • cgfsng: Only output debug info when we set cgroup data
  • cgroups: Handle hybrid cgroup layouts
  • cgroups: Use tight scoping
  • cgroups: Workaround gcc-7 bug
  • commands: Abstract cmd socket handling + logging
  • commands: Add missing translation
  • commands: Delete meaningless comments
  • commands: Handle EINTR
  • commands: Make state server interface flexible
  • commands: Move lxc_make_abstract_socket_name()
  • commands: Rename to lxc_cmd_add_state_client()
  • commands: Fix typo
  • conf: Adapt to lxc-user-nic usage
  • conf: Add lxc_get_idmaps()
  • conf: Add userns_exec_full()
  • conf: Allow to clear all config items
  • conf: Allow to get lxc.autodev
  • conf: Allow to get lxc.haltsignal
  • conf: Allow to get lxc.kmsg
  • conf: Allow to get lxc.rebootsignal
  • conf: Allow to get lxc.stopsignal
  • conf: Allow writing uid mappings with euid != 0
  • conf: Avoid double-frees in userns_exec_1()
  • conf: Clear lxc.include
  • conf: Do not check for empty value twice
  • conf: Do not check union on wrong net type
  • conf: Do not deref null pointer
  • conf: Do not free static memory
  • conf: Do not log uninitialized memory
  • conf: Do not write out trailing spaces
  • conf: Don't send ttys when none are configured
  • conf: Dump lxc_get_config_item()
  • conf: Error out on too many mappings
  • conf: Fix bionic builds
  • conf: Fix build without libcap
  • conf: Fix tty creation
  • conf: Fix userns_exec_1()
  • conf: Free netdev->downscript
  • conf: Implement config item clear callback
  • conf: Improve lxc_map_ids()
  • conf: Improve tty shifting function
  • conf: Improve write_id_mapping()
  • conf: Increase lxc-user-nic buffer
  • conf: Log lxc-user-nic output
  • conf: lxc_listconfigs -> lxc_list_config_items
  • conf: Move clearing config items into one place
  • conf: Non-functional changes
  • conf: NOTICE() on mounts on container's /dev
  • conf: Performance tweaks
  • conf: Preserve newlines
  • conf: Properly parse lxc.idmap entries
  • conf: Record idmap that gets written
  • conf: Refactoring of most config parsing code
  • conf: Refactor network deletion
  • conf: Remove dead assignments in parse_idmaps()
  • conf: Remove dead mount code
  • conf: Rework lxc_map_ids()
  • conf: Rework userns_exec_1()
  • conf: Send ttys in batches of 2
  • conf: Switch API to new callback system
  • conf: Use a minimal {g,u}id map
  • conf: Use correct check on char array
  • conf: Use run_command for lxc-usernsexec
  • console: Clean tty state + return 0 on peer exit
  • console: DO NOT add the handles of adjust winsize when the 'stdin' is not a tty
  • console: Fix memory leak of 'lxc_tty_state'
  • console: Remove dead assignments
  • core: Do remount with the MS_REMOUNT flag when mounts with MS_RDONLY
  • core: Fix a format string build failure on x32
  • core: Fix includes for Android
  • core: Fix memory and resource leak
  • core: Fix some cppcheck warnings
  • core: Fix the bug of 'ts->stdoutfd' did not fill with parameters 'stdoutfd'
  • core: Include custom mntent for Android
  • core: Log function called in userns_exec_1()
  • core: Remove the __func__ macro
  • core: Remove the unused macro
  • core: Replace "priority" with "level"
  • core: Revert "Add a prefix to the lxc.pc"
  • core: root -> am_root
  • core: struct bdev -> struct lxc_storage
  • core: Update .gitignore
  • core: Use strerror(errno) instead of %m
  • criu: Add cmp_version()
  • criu: Use correct check initialization check
  • doc: Add CII Best Practices badge to README
  • doc: Add console behavior to Japanese lxc.container.conf(5)
  • doc: Document missing env variables
  • doc: Fix regex-typo in Japanese and Korean lxc-monitor(1)
  • doc: Fix regex-typo in lxc-monitor.sgml.in
  • doc: Reword id mapping restrictions when unpriv
  • doc: Rework README
  • doc: Tweak Japanese lxc.container.conf(5)
  • doc: Tweak lxc.container.conf a little
  • doc: Untabify Japanese lxc.container.conf(5)
  • doc: Update API documentation for get_config_item
  • execute: Enable console & standard /dev symlinks
  • init: Add comment for exclude 32 and 33 signals
  • init: Adjust include statements
  • init: Become session leader
  • init: Move initialization of act to outside of the loop
  • init: Report exec*() failure
  • init: Use lxc-stop to stop systemd service
  • liblxc: Make sure memory is free()ed
  • liblxc: Only spawn monitord on demand
  • liblxc: Remove 5s timeout on error
  • liblxc: Use snprintf()
  • liblxc: Use userns_exec_full()
  • lock: Non-functional changes
  • lock: Return the right error when open lock file failed
  • log: Prevent stack smashing
  • log: Switch to a new lxc_log_init function
  • monitor: Abstract lxc_abstract_unix_{send,recv}_fd for af_unix
  • monitor: Add lxc_cmd_state_server()
  • monitor: Add TRACE()ers
  • monitor: Delete unneccessory include file
  • monitor: Remove dead assignments
  • monitor: Remove the workaround-code for lxc_abstract_unix_connect
  • monitor: Remove unlink operation for af_unix
  • network: Add arg to config clear method
  • network: Add data arg to set callback
  • network: Add ifindex field for host veth device
  • network: Add lxc_log_configured_netdevs()
  • network: Add missing checks for empty links
  • network: Add network counter
  • network: Add warning when ignoring MTU
  • network: Clear ifindeces
  • network: Delete ovs for unprivileged networks
  • network: Document all fields in struct lxc_netdev
  • network: Don't delete net devs we didn't create
  • network: Fix grammar
  • network: Implement lxc_get_netdev_by_idx()
  • network: Log cleanup thread pid for openswitch
  • network: Log ifindex
  • network: Log ifindex for host side veth device
  • network: Log veth_attr.pair and veth_attr.veth1
  • network: Move config_value_empty() to confile_utils
  • network: Perform network validation at creation time
  • network: Remove allocation from lxc_mkifname()
  • network: Remove dead assignments
  • network: Remove netpipe
  • network: Retrieve correct names and ifindices
  • network: Retrieve the host's veth device ifindex
  • network: Rework network creation
  • network: Send ifindex for unpriv networks
  • network: Stop recording saved physical net devices
  • network: Use correct network device name
  • network: Use send()/recv()
  • network: Use single helper to delete networks
  • network: Use static memory for net device names
  • openvswitch: Delete ports intelligently
  • seccomp: Export the seccomp filter after load it into kernel successful
  • seccomp: Print action name in log
  • seccomp: s/n-new-privs/no-new-privs/g
  • seccomp: Update comment for function parse_config
  • start: Add lxc_free_handler()
  • start: Add lxc_init_handler()
  • start: Document all handler fields
  • start: Don't call lxc_map_ids() without id map
  • start: Don't close inherited namespace fds
  • start: Don't let data_sock users close the fd
  • start: Dup std{in,out,err} to pty slave
  • start: Ensure cgroups are cleaned up
  • start: Generalize lxc_check_inherited()
  • start: Log sending and receiving of tty fds
  • start: lxc_setup() after unshare(CLONE_NEWCGROUP)
  • start: Move env setup before container setup
  • start: Pass LXC_LOG_LEVEL to hooks
  • start: Pin rootfs when privileged
  • start: Remove dead variable
  • start: Send state to legacy lxc-monitord state server even if no state clients registered
  • start: Set environment variables correctly
  • start: Switch from SOCK_DGRAM to SOCK_STREAM
  • start: Switch ids at last possible instance
  • start: Use separate socket on daemonized start
  • start: Use userns_exec_full()
  • state: Remove lxc_rmstate declaration
  • storage: Add storage_utils.{c.h}
  • storage: Avoid segfault
  • storage: Default to orig type on identical paths
  • storage: Record output from mkfs.*
  • storage: Rename files "bdev" -> "storage"
  • storage: Use userns_exec_full()
  • storage/dir: Using 'add-required_remount_flags' function to add required flags
  • storage/loop: Detect loop file
  • storage/overlayfs: Fix wrong path
  • storage/overlay: Handle overlay for stable 2.0
  • template: Remove obsolete bind-mounts from userns.conf
  • template: Use "rsync -SHaAX" to copy the cached rootfs into place
  • template/alpine: Add support for ppc64le
  • template/alpine: Change file check to also check file size (-f => -s)
  • template/archlinux: Change locale "en-US.UTF-8" to "en_US.UTF-8"
  • template/centos: Add cronie to the pkg list
  • template/centos: Use altarch mirror for CentOS on arches other than i386 and x86_64
  • template/debian: Add aarch64 -> arm64 mapping
  • template/debian: Add buster as a valid release
  • template/debian: Don't force getty@ configuration
  • template/debian: Use deb.debian.org as the default Debian mirror
  • template/download: Fix syntax error
  • template/download: Sanitize script with shellcheck
  • template/opensuse: Add Tumbleweed as supported release
  • template/opensuse: Fix tumbleweed software selection
  • template/opensuse: getty.target.wants does not always exists
  • template/opensuse: Support leap 42.3
  • template/opensuse: Tumbleweed has no update repo
  • template/plamo: Delete unnecessary process during container shutdown
  • template/ubuntu: Check that there is netplan binary, rather than just just a config directory
  • template/ubuntu: Conditionally move upstart ssh job, as it is now optional
  • template/ubuntu: Support netplan in newer releases by default
  • tests: Adapt lxc-user-nic tests to new syntax
  • tests: Add corner-case tests for lxc_safe_{u}int()
  • tests: Add item clear and config file tests
  • tests: Add test script to test the ro option of lxc.rootfs.options
  • tests: Add unit tests for idmap parser
  • tests: Avoid NULL pointer dereference
  • tests: Compare return value to expected value whenever we can
  • tests: Define a network before checks
  • tests: Don't fail when no processes for the user exist
  • tests: Enforce all methods for config items
  • tests: Remove dead assignments
  • tests: Remove the temp container directory
  • tests: Shortlived daemonized containers
  • tests: Support systemd hybrid cgroups
  • tools: Add additional cgroup checks
  • tools: Print "-devel" when LXC_DEVEL is true
  • tools/lxc-attach: Allow for situations without /dev/tty
  • tools/lxc-checkconfig: Use "which"
  • tools/lxc-checkconfig: Add CONFIG_NETFILTER_XT_MATCH_COMMENT
  • tools/lxc-checkconfig: Add probe status checking
  • tools/lxc-execute: Print error message when failed
  • tools/lxc-ls: Return all containers by default
  • tools/lxc-monitord: Exit when receiving a quit command
  • tools/lxc-unshare: Do not pass NULL pointer
  • tools/lxc-user-nic: Add new {create,delete} subcommands
  • tools/lxc-user-nic: Check db before trying to delete
  • tools/lxc-user-nic: Fix adding database entries
  • tools/lxc-user-nic: Fix memleak
  • tools/lxc-user-nic: Free memory and check for error
  • tools/lxc-user-nic: Initialize vars to silence gcc-7
  • tools/lxc-user-nic: Keep lines from other {users,links}
  • tools/lxc-user-nic: Remove delta between master + stable
  • tools/lxc-user-nic: Remove double initialization
  • tools/lxc-user-nic: Rework renaming net devices
  • tools/lxc-user-nic: Simplify logic
  • tools/lxc-user-nic: Test privilege over netns on delete
  • tools/lxc-usernsexec: Remove dead assignments
  • travis: Fix builds
  • utils: Add has_fs_type() + is_fs_type()
  • utils: Add lxc_nic_exists()
  • utils: Add lxc_safe_ulong()
  • utils: Add run_command
  • utils: Close parent end in child process after fork
  • utils: Do not write to 0 sized buffer
  • utils: Duplicate stderr as well in lxc_popen()
  • utils: Fix lxc_mount_proc_if_needed()
  • utils: Fix lxc_popen()/lxc_pclose()
  • utils: Fix mem leak with realpath
  • utils: Fix num parsing functions
  • utils: Fix ppc64le builds
  • utils: Fix the way to detect blocking signal
  • utils: lxc_popen() remove dead assignments
  • utils: Move helpers from cgfsng.c to utils.{c,h}
  • utils: Rework lxc_deslashify()
  • utils: Switch to has_fs_type()
  • utils: Use 1LU otherwise we overflow
  • utils: Use access instead of stat

Downloads

The release tarballs may be found on our download page and we expect most distributions will very soon ship a packaged version of LXC 2.0.9.

Should you be interested in individual changes or just looking at the detailed development history, our stable branch is on GitHub.

LXC 1.0.11 release announcement

19th of October 2017 This is the eleventh bugfix release for LXC 1.0.

Bugfixes:

  • apparmor: Allow containers to start in AppArmor namespaces
  • apparmor: Drop useless apparmor denies
  • conf: Fix building without libcap
  • conf: Free netdev->downscript
  • conf: Improve write_id_mapping()
  • conf: Non-functional changes
  • conf: Refactor most of the parsing functions
  • console: Non-functional change
  • core: Remove the __func__ macro
  • core: Use strerror(errno) instead of %m
  • doc: Add CII Best Practices badge to README
  • doc: Add missing translations for commands
  • doc: Fix a typo
  • doc: Fix regex-typo in Japanese and Korean lxc-monitor(1)
  • doc: Fix regex-typo in lxc-monitor.sgml.in
  • doc: Reword idmap restrictions when unpriv
  • doc: Update API for get_config_item
  • doc: Update README
  • init: Add comment for exclude 32 and 33 signals
  • liblxc: Use snprintf()
  • lock: Non-functional changes
  • lock: Return the right error when open lock file failed
  • monitor: Remove unlink operation in af_unix
  • network: Adding warning for mtu ignoring
  • network: Non-functional changes
  • seccomp: Print action name in log
  • seccomp: s/n-new-privs/no-new-privs/g
  • seccomp: Update comment for function parse_config
  • state: Remove lxc_rmstate declaration
  • storage: Enable building with gcc7
  • template/archlinux: Change locale "en-US.UTF-8" to "en_US.UTF-8"
  • template/centos: Add cronie to the pkg list
  • template/centos: Use altarch mirror for CentOS on arches other than i386 and x86_64
  • template/debian: Add aarch64 -> arm64 mapping
  • template/debian: Add buster as a valid release
  • template/debian: Use deb.debian.org as the default Debian mirror
  • template/opensuse: getty.target.wants does not always exists
  • template/ubuntu: Conditionally move upstart ssh job, as it is now optional.
  • template: Use "rsync -SHaAX" to copy the cached rootfs into place
  • tests: Avoid NULL pointer dereference
  • tests: Remove temp lxcpath for attach testcase
  • tools/usernsexec: Remove dead assignments
  • tools: Use "which"
  • travis: Fix builds
  • utils: Close parent end in child process after fork
  • utils: Duplicate stderr as well in lxc_popen()
  • utils: Fix lxc_popen()/lxc_pclose()
  • utils: Fix mem leak with realpath
  • utils: Fix some cppcheck warnings
  • utils: Fix the bug of 'ts->stdoutfd' did not fill with parameters 'stdoutfd'
  • utils: Remove dead assignments in lxc_popen()

Downloads

The release tarballs may be found on our download page and we expect most distributions will very soon ship a packaged version of LXC 1.0.11.

Please note that LXC upstream strongly recommends 1.0 users to upgrade to the 2.0 LTS release. The 1.0 branch will keep being supported until June 2019, but at this point, only critical bugfixes and security updates will be backported.

Should you be interested in individual changes or just looking at the detailed development history, our stable branch is on GitHub.

LXC 2.1 release announcement

5th of September 2017 The LXC team is proud to announce the release of LXC 2.1. This release contains a lot of new features introduced since the release of LXC 2.0.

Note that this isn't a LTS release and we'll therefore only be supporting LXC 2.1 for a year. Production environments that require longer term support should remain on LXC 2.0 which is supported until June 2021.

New features

Resource limit support

Similar to requesting specific cgroup limits users can specify any limits for any resource the underlying kernel is aware of by prefixing the name of the limit with "lxc.prlimit." in the container's configuration file. For example, to request a limit on the number of processes and a specific nice value the configuration file for the container should contain the entries:

lxc.prlimit.nproc = unlimited
lxc.prlimit.nice = 4

Support for unprivileged openvswitch networks

It is now possible to define openvswitch networks as an unprivileged user:

lxc.net.0.type = veth
lxc.net.0.link = ovsbr0
lxc.net.0.flags = up
lxc.net.0.name = eth0

LXC 2.1. will take care to properly delete the host-side veth device from the openvswitch database on shutdown.

New lxc.cgroup.dir key

The lxc.cgroup.dir key lets users specify the name of the parent cgroup under which the container's cgroup will be created. Setting lxc.cgroup.dir will override the system-wide setting for lxc.cgroup.pattern.

For example, setting lxc.cgroup.dir = mycontainers for a container with lxc.uts.name = c1 will cause LXC to create the cgroups mycontainers/c1 for all controllers in the cgroup hierarchy.

Support for hybrid cgroup layout

Since the advent of cgroup v2 some init systems have decided to allow for a hybrid mode in which cgroup v1 per-controller hierarchies can be used simultaneously with an empty cgroup v2 hierarchy. Systems that use this hybrid mode usually have a cgroup layout similar to this one:

  /sys/fs/cgroup/blkio
  /sys/fs/cgroup/devices
  /sys/fs/cgroup/memory
  /sys/fs/cgroup/unified

Where the mountpoint /sys/fs/cgroup/unified usually indicates the presence of a cgroup v2 hierarchy. This can be confirmed by testing whether findmnt | grep cgroup2 returns a matching line. LXC 2.1 supports this hybrid mode.

Limiting the number of ptys a container can allocate

Setting lxc.pty.max will cause LXC to mount the container's devpts with the requested limit on the number of useable ptys. For example, setting lxc.pty.max = 10 will only allow the container to allocate 10 ptys. The default setting is 1024.

bool lxc_config_item_is_supported(const char *key) API extension

This function let's users query the liblxc whether a specific configuration item is supported for this library. This is particularly useful for embedded users that running versions of liblxc that come with significantly less configuration options than the standard liblxc library or liblxc's that have backported new configuration items.

New log API extension

struct lxc_log {
    const char *name;
    const char *lxcpath;
    const char *file;
    const char *level;
    const char *prefix;
    bool quiet;
};

/*!
 *\brief Initialize the log
 *
 *\param log lxc log configuration.
 */
int lxc_log_init(struct lxc_log *log);

/*!
 * \brief Close log file.
 */
void lxc_log_close(void);

These types and functions let users initialize LXC logging. This is useful for users who use the liblxc API directly.

Deprecation of lxc-monitord

Starting with LXC 2.1 the lxc-monitord binary is marked as deprecated. It is not required anymore to start daemonized containers. Instead, LXC 2.1 switches to an implementation using an abstract unix domain socketpair. This has the advantage of spawning one less processes on container startup which is important for highly threaded users such as LXD.

Also, testing the new implementation on heavy workloads has shown this solution to be more robust and reliable in every way.

lxc-copy create snapshots on tmpfs

Place an ephemeral container started with -e flag on a tmpfs. Restrictions are that you cannot request the data to be kept while placing the container on a tmpfs, that either overlay or aufs backing storage must be used, and that the storage backend of the original container must be a directory.

For ephemeral snapshots backed by overlay or aufs filesystems, a fresh tmpfs is mounted over the containers directory if the user requests it. This should be the easiest options. Anything else would require us to change the current mount-layout of overlay and aufs snapshots. A standard overlay or aufs snapshot clone currently has the layout:

        /var/lib/lxc/CLONE_SNAPSHOT/delta0      <-- upperdir
        /var/lib/lxc/CLONE_SNAPSHOT/rootfs
        /var/lib/lxc/CLONE_SNAPSHOT/olwork
        /var/lib/lxc/CLONE_SNAPSHOT/olwork/work <-- workdir

with the lowerdir being

        /var/lib/lxc/CLONE_PARENT/rootfs

The fact that upperdir and workdir are not placed in a common subfolder under the container directory has the consequence that we cannot simply mount a fresh tmpfs under upperdir and workdir because overlay expects them to be on the same filesystem.

Because we mount a fresh tmpfs over the directory of the container the updated /etc/hostname file created during the clone residing in the upperdir (currently named "delta0" by default) will be hidden.

Hence, if the user requests that the old name is not to be kept for the clone, we recreate this file on the tmpfs. This should be all that is required to restore the exact behaviour we would get with a normal clone. NOTE: If the container is rebooted all changes made to it are lost. This is not easy to prevent since each reboot remounts the rootfs again.

Configuration changes

A lot of configuration keys have been renamed to make the experience of configuring a container much more consistent. LXC 2.1 ensures that all keys that have subkeys are properly namespaces via the "." syntax.

Network configuration

The network configuration keys have all been given a new prefix. Some of them have also been renamed. From LXC 2.1. onwards network configuration keys using the "lxc.network" prefix are considered deprecated. They are replaced by network configuration keys using the new "lxc.net" prefix. Furthermore, defining network without indices is marked deprecated. Consider the following legacy network configuration:

lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = lxcbr0
lxc.network.name = wlp2s0

lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = lxcbr0
lxc.network.name = eno1

Would define two distinct networks. Starting with LXC 2.1 this should be replaced with:

lxc.net.0.type = veth
lxc.net.0.flags = up
lxc.net.0.link = lxcbr0
lxc.net.0.name = wlp2s0

lxc.net.1.type = veth
lxc.net.1.flags = up
lxc.net.1.link = lxcbr0
lxc.net.1.name = eno1

Defining networks only in this manner has the advantage of being consistent and order independent. This means an equivalent configuration for the two networks would be:

lxc.net.1.link = lxcbr0
lxc.net.0.name = wlp2s0
lxc.net.0.type = veth

lxc.net.1.type = veth
lxc.net.1.flags = up
lxc.net.0.flags = up
lxc.net.0.link = lxcbr0
lxc.net.1.name = eno1

Note that when using multiple definitions of the same key with the same index only the last one will be considered by LXC. This is in line with prior LXC version. For example:

lxc.net.2.link = lxcbr0
lxc.net.2.link = lxdbr0
lxc.net.2.link = br0
lxc.net.2.link = virbr0

would lead to LXC associating the network with virbr0 since it is the last key in the configuration.

Table of changed configuration keys

The following table lists the legacy configuration keys on the left side and their corresponding new keys on the right side. Keys that have been entirely removed will have "-" as entry in the "New Key" column and a comment saying "removed" in the "Comments" table.

Legacy Key                           | New Key                       | Comments
-------------------------------------|-------------------------------|---------
lxc.aa_profile                       | lxc.apparmor.profile          |
lxc.aa_allow_incomplete              | lxc.apparmor.allow_incomplete |
lxc.console                          | lxc.console.path              |
lxc.devttydir                        | lxc.tty.dir                   |
lxc.haltsignal                       | lxc.signal.halt               |
lxc.id_map                           | lxc.idmap                     |
lxc.init_cmd                         | lxc.init.cmd                  |
lxc.init_gid                         | lxc.init.gid                  |
lxc.init_uid                         | lxc.init.uid                  |
lxc.kmsg                             | -                             | removed
lxc.limit                            | lxc.prlimit                   |
lxc.logfile                          | lxc.log.file                  |
lxc.loglevel                         | lxc.log.level                 |
lxc.mount                            | lxc.mount.fstab               |
lxc.network                          | lxc.net                       |
lxc.network.                         | lxc.net.[i].                  |
lxc.network.flags                    | lxc.net.[i].flags             |
lxc.network.hwaddr                   | lxc.net.[i].hwaddr            |
lxc.network.ipv4                     | lxc.net.[i].ipv4.address      |
lxc.network.ipv4.gateway             | lxc.net.[i].ipv4.gateway      |
lxc.network.ipv6                     | lxc.net.[i].ipv6.address      |
lxc.network.ipv6.gateway             | lxc.net.[i].ipv6.gateway      |
lxc.network.link                     | lxc.net.[i].link              |
lxc.network.macvlan.mode             | lxc.net.[i].macvlan.mode      |
lxc.network.mtu                      | lxc.net.[i].mtu               |
lxc.network.name                     | lxc.net.[i].name              |
lxc.network.script.down              | lxc.net.[i].script.down       |
lxc.network.script.up                | lxc.net.[i].script.up         |
lxc.network.type                     | lxc.net.[i].type              |
lxc.network.veth.pair                | lxc.net.[i].veth.pair         |
lxc.network.vlan.id                  | lxc.net.[i].vlan.id           |
lxc.pivotdir                         | -                             | removed
lxc.pts                              | lxc.pty.max                   |
lxc.rebootsignal                     | lxc.signal.reboot             |
lxc.rootfs                           | lxc.rootfs.path               |
lxc.se_context                       | lxc.selinux.context           |
lxc.seccomp                          | lxc.seccomp.profile           |
lxc.stopsignal                       | lxc.signal.stop               |
lxc.syslog                           | lxc.log.syslog                |
lxc.tty                              | lxc.tty.max                   |
lxc.utsname                          | lxc.uts.name                  |

lxc-update-config script

LXC 2.1 comes with a new script lxc-update-config which can be used to upgrade existing legacy LXC configurations to valid LXC 2.1 configurations by simply passing

lxc-update-config -c /path/to/config

The script will create a backup of the legacy configuration file first. The name of the backup config file will by <original-config-file-name>.backup. The backup is made in case the upgrade does not yield a useable LXC 2.1 config file. After creating the backup the script will replace all legacy configuration keys with their new counterparts.

Deprecation warnings

LXC 2.1 intends to be fully backward compatible with respect to pre-2.1 configuration files. This specifically means that the presence of any deprecated keys should not prevent the container from being useable. However, LXC 2.1 will warn about the presence of any deprecated configuration keys. On container startup LXC 2.1 will warn once with the message:

The configuration file contains legacy configuration keys.
Please update your configuration file.

All users are advised to use the aforementioned lxc-update-config script to update their configuration files. If the container has logging enabled the log will contain warnings for each detected legacy configuration key. This is mostly useful for users who prefer to update their configuration files manually.

Changelog

  • Core:

    • af unix: allow for maximum socket name
    • af_unix: abstract lxc_abstract_unix_{send,recv}_fd
    • android: add prlimit implementation for 32bit
    • API: expose function lxc_log_init
    • API: add lxc_config_item_is_supported()
    • caps: add lxc_{proc,file}_cap_is_set()
    • cgroups: handle hybrid cgroup layouts
    • commands: handle EINTR
    • commands: add lxc_cmd_state_server()
    • commands: switch api to new callback system
    • conf: implement resource limits
    • conf: check for {filecaps,setuid} on new{g,u}idmap
    • conf: use bind-mount for /dev/ptmx
    • conf: add MS_LAZYTIME to mount options
    • conf: don't send ttys when none are configured
    • conf: send ttys in batches of 2
    • conf: log lxc-user-nic output
    • conf: refactor network deletion
    • conf: rework core functions
    • conf: improve lxc_map_ids()
    • conf: use minimal {g,u}id map
    • conf: allow writing uid mappings with euid != 0
    • conf: unstack all mounts atop /dev/console
    • conf{,ile}: warn user once about legacy config
    • confile: add lxc_get_idmaps()
    • confile: rework + extend callback system
    • confile: performance tweaks
    • confile: add "lxc.cgroup.dir"
    • confile: list namespaced keys
    • confile: lxc_getconfig() -> lxc_get_config()
    • confile: improve get_network_config_ops()
    • confile: move lxc_list_net()
    • confile: lxc_listconfigs -> lxc_list_config_items
    • confile: rework lxc_list_net()
    • confile: lxc.seccomp --> lxc.seccomp.profile
    • confile: lxc.pts --> lxc.pty.max
    • confile: lxc.tty --> lxc.tty.max
    • confile: lxc.net.ipv6 --> lxc.net.ipv6.address
    • confile: lxc.net.ipv4 --> lxc.net.ipv4.address
    • confile: lxc.mount --> lxc.mount.fstab
    • confile: lxc.console --> lxc.console.path
    • confile: lxc.rootfs --> lxc.rootfs.path
    • confile: deprecate lxc.rootfs.backend
    • confile: rename lxc.utsname to lxc.uts.name
    • confile: rename lxc.devttydir to lxc.tty.dir
    • confile: namespace lxc.signal keys
    • confile: namespace lxc.log keys
    • confile: namespace lxc.init keys
    • confile: rename lxc.limit to lxc.prlimit
    • confile: remove lxc.pivotdir
    • confile: remove lxc.kmsg
    • confile: properly namespace security keys
    • doc: adapt to new configuration keys
    • devpts: use max= option on mount
    • lsm/AppArmor: Allow containers to start in AppArmor namespaces
    • lxccontainer: clear whole indexed networks
    • lxccontainer: switch api to new callback system
    • lxc-init: report exec*() failure
    • lxc-user-nic: keep lines from other {users,links}
    • lxc-user-nic: fix adding database entries
    • lxc-user-nic: check db before trying to delete
    • lxc-user-nic: test privilege over netns on delete
    • lxc-user-nic: rework renaming net devices
    • lxc-user-nic: add new {create,delete} subcommands
    • monitor: simplify abstract socket logic
    • network: don't delete net devs we didn't create
    • network: remove allocation from lxc_mkifname()
    • network: remove netpipe
    • network: use correct network device name
    • network: stop recording saved physical net devices
    • network: retrieve correct names and ifindices
    • network: use static memory for net device names
    • network: retrieve the host's veth device ifindex
    • network: rework network creation
    • network: delete ovs for unprivileged networks
    • network: log ifindex
    • network: send ifindex for unpriv networks
    • network: return negative idx for legacy networks
    • network: test new network configuration parser
    • network: add new network parser
    • network: preserve backwards compatibility
    • network: add test-suite for configuration items
    • openvswitch: delete ports intelligently
    • README: add CII Best Practices badge to README
    • seccomp: set SCMP_FLTATR_ATL_TSKIP if available
    • start: generalize lxc_check_inherited()
    • start: use separate socket on daemonized start
    • start: switch from SOCK_DGRAM to SOCK_STREAM
    • start: don't let data_sock users close the fd
    • start: ensure cgroups are cleaned up
    • start: remove utmp watch
    • start: lxc_setup() after unshare(CLONE_NEWCGROUP)
    • start: dup std{in,out,err} to pty slave
    • start: add lxc_init_handler()
    • start: add lxc_free_handler()
    • start: pin rootfs when privileged
    • storage: add lxc_storage_get_path()
    • storage: add storage_utils.{c.h}
    • storage: add overlay as valid backend
    • storage: rename files "bdev" -> "storage"
    • storage/aufs: mark deprecated
    • storage/btrfs: rework btrfs storage driver
    • storage/loop: rework loop storage driver
    • storage/lvm: rework lvm backend
    • storage/overlay: rework overlay storage driver
    • storage/overlay: correctly restore from snapshot
    • storage/overlay: correctly handle dependency tracking
    • storage/rbd: rework rbd storage driver
    • storage/zfs: rework zfs storage driver
    • tests: add tests for lxc.cgroup.dir
    • test: add test to get subkeys
    • tests: add unit tests for idmap parser
    • tests: enforce all methods for config items
    • tree-wide: struct bdev -> struct lxc_storage
    • utils: add lxc_nic_exists()
    • utils: switch to has_fs_type()
    • utils: add has_fs_type() + is_fs_type()
    • utils: rework lxc_deslashify()
    • utils: lxc_make_abstract_socket_name()
    • utils: add lxc_safe_ulong()
    • utils: add lxc_unstack_mountpoint()
  • Template:

    • templates/Alpine: Add support for ppc64le
    • templates/Alpine: use dl-cdn.a.o as default mirror instead of random one
    • templates/Alpine: add community repository to default repositories
    • templates/CentOS: use altarch mirror for CentOS on arches other than i386 and x86_64
    • templates/CentOS: default to CentOS 7
    • templates/debian: Use deb.debian.org as the default Debian mirror
    • templates/debian: Add buster as a valid release
    • templates/opensuse: support leap 42.3
    • templates/opensuse: fix tumbleweed software selection
    • templates/opensuse: add Tumbleweed as supported release
    • templates/ubuntu: support netplan in newer releases by default
    • templates/ubuntu: conditionally move upstart ssh job, as it is now optional.
    • userns.conf: remove obsolete bind-mounts
  • Tools:

    • lxc-execute: print error message when failed
    • lxc-update-config: handle legacy networks
    • tools: add additional cgroup checks
    • tools: add lxc-update-config.in
    • tools/lxc-attach: allow for situations without /dev/tty
    • tools/lxc-checkconfig: Add CONFIG_NETFILTER_XT_MATCH_COMMENT
    • tools/lxc-checkconfig: verify new[ug]idmap are setuid-root
    • tools/lxc-ls: return all containers by default, new filter - list only defined containers.

Downloads

The release tarballs may be found on our download page and we expect most distributions will very soon ship a packaged version of LXC 2.1.

Should you be interested in individual changes or just looking at the detailed development history, our stable branch is on GitHub.

LXC 2.0.8 release announcement

11th of May 2017 This is the eighth bugfix release for LXC 2.0.

Important:

  • Security fix for CVE-2017-5985
  • All templates have been updated to not set default passwords anymore, instead requiring lxc-attach be used to configure users. This may affect some automated environments that were relying on our default (very much insecure) users.

Bugfixes:

  • Make lxc-start-ephemeral Python 3.2-compatible
  • Fix typo
  • Allow build without sys/capability.h
  • lxc-opensuse: fix default value for release code
  • util: always malloc for setproctitle
  • util: update setproctitle comments
  • confile: clear lxc.network..ipv{4,6} when empty
  • lxc_setup_tios(): Ignore SIGTTOU and SIGTTIN signals
  • Make lxc-net return non-zero on failure
  • seccomp: allow x32 guests on amd64 hosts.
  • Add HAVE_LIBCAP
  • c/r: only supply --ext-mount-map for bind mounts
  • Added 'mkdir -p' functionality in create_or_remove_cgroup
  • Use LXC_ROOTFS_MOUNT in clonehostname hook
  • squeeze is not a supported release anymore, drop the key
  • start: dumb down SIGCHLD from WARN() to NOTICE()
  • log: fix lxc_unix_epoch_to_utc()
  • cgfsng: make trim() safer
  • seccomp: set SCMP_FLTATR_ATL_TSKIP if available
  • lxc-user-nic: re-order #includes
  • lxc-user-nic: improve + bugfix
  • lxc-user-nic: delete link on failure
  • conf: only try to delete veth when privileged
  • Fix lxc-containers to support multiple bridges
  • Fix mixed tab/spaces in previous patch
  • lxc-alpine: use dl-cdn.a.o as default mirror instead of random one
  • lxc-checkconfig: verify new[ug]idmap are setuid-root
  • [templates] archlinux: resolve conflicting files
  • [templates] archlinux: noneed default_timezone variable
  • python3: Deal with potential NULL char*
  • lxc-download.in / allow setting keyserver from env
  • lxc-download.in / Document keyserver change in help
  • Change variable check to match existing style
  • tree-wide: include directly
  • conf/ile: make sure buffer is large enough
  • tree-wide: include directly
  • tests: Support running on IPv6 networks
  • tests: Kill containers (don't wait for shutdown)
  • Fix opening wrong file in suggest_default_idmap
  • do not set the root password in the debian template
  • do not set insecure passwords
  • don't set a default password for altlinux, gentoo, openmandriva and pld
  • tools: exit with return code of lxc_execute()
  • Keep veth.pair.name on network shutdown
  • Makefile: fix static clang init.lxc build
  • Avoid waiting for bridge interface if disabled in sysconfig/lxc | lxc-net via USE_LXC_BRIDGE
  • Increased buffer length in print_stats()
  • avoid assigning to a variable which is not POSIX shell proof (bug #1498)
  • remove obsolete note about api stability
  • conf: less error prone pointer access
  • conf: lxc_map_ids() non-functional changes
  • caps: add lxc_{proc,file}_cap_is_set()
  • conf: check for {filecaps,setuid} on new{g,u}idmap
  • conf: improve log when mounting rootfs
  • ls: simplify the judgment condition when list active containers
  • fix typo introduced in #1509
  • attach|unshare: fix the wrong comment
  • caps: skip file capability checks on android
  • autotools: check for cap_get_file
  • caps: return false if caps are not supported
  • conf: non-functional changes to setup_pts()
  • conf: use bind-mount for /dev/ptmx
  • conf: non-functional changes
  • utils: use loop device helpers from LXD
  • create ISSUE_TEMPLATE.md
  • cgroups: improve cgfsng debugging
  • issue template: fix typo
  • conf: close fd in lxc_setup_devpts()
  • conf: non-functional changes
  • utils: tweak lxc_mount_proc_if_needed()
  • Change sshd template to work with Ubuntu 17.04
  • conf: order mount options
  • conf: add MS_LAZYTIME to mount options
  • monitor: report errno on exec() error
  • af unix: allow for maximum socket name
  • commands: avoid NULL pointer dereference
  • commands: non-functional changes
  • lxccontainer: avoid NULL pointer dereference
  • monitor: simplify abstract socket logic
  • precise is not the latest LTS, let's use xenial instead
  • fix the wrong exit status
  • conf: non-functional changes lxc_fill_autodev()
  • conf: remove /dev/console from lxc_fill_autodev()
  • conf: non-functional changes lxc_setup()
  • conf: non-functional changes to console functions
  • conf: improve lxc_setup_dev_console()
  • conf: lxc_setup_ttydir_console()
  • config: remove /dev/console bind mount
  • doc: document console behavior
  • utils: add lxc_unstack_mountpoint()
  • conf: unstack all mounts atop /dev/console
  • console: fail when we cannot allocate peer tty
  • start: remove umount2()
  • conf: non-functional changes
  • utils: handle > 2^31 in lxc_unstack_mountpoint()
  • Install systemd units for CentOS
  • Merge ubuntu and debiancase
  • start: add crucial details about lxc_spawn()

Downloads

The release tarballs may be found on our download page and we expect most distributions will very soon ship a packaged version of LXC 2.0.8.

Should you be interested in individual changes or just looking at the detailed development history, our stable branch is on GitHub.

LXC 1.0.10 release announcement

11th of May 2017 This is the tenth bugfix release for LXC 1.0.

Important:

  • Security fix for CVE-2016-10124
  • Security fix for CVE-2017-5985

Bugfixes:

  • attach: simplify lsm_openat()
  • commands: improve logging
  • utils: add macro __LXC_NUMSTRLEN
  • tests; Don't cause test failures on cleanup errors
  • conf: clearly report to either use drop or keep
  • attach: close lsm label file descriptor
  • conf, attach: save errno across call to close
  • templates/lxc-debian.in: Fix typo in calling dpkg with --print-foreign-architectures option
  • templates/lxc-debian.in: handle ppc hostarch -> powerpc
  • Fix regression in errno handling cherry-pick
  • don't try to get stuff from /usr/lib/systemd on the host
  • lxc-opensuse: rm poweroff.target -> sigpwr.target copy
  • Add --enable-gnutls option
  • tests: skip unpriv tests on broken overlay module
  • Use AC_HEADER_MAJOR to detect major()/minor()/makedev()
  • Make lxc-start-ephemeral Python 3.2-compatible
  • systemd: enable delegate in service file
  • confile: clear lxc.network..ipv{4,6} when empty
  • seccomp: allow x32 guests on amd64 hosts.
  • squeeze is not a supported release anymore, drop the key
  • seccomp: set SCMP_FLTATR_ATL_TSKIP if available
  • lxc-checkconfig: verify new[ug]idmap are setuid-root
  • python3: Deal with potential NULL char*
  • lxc-download.in / allow setting keyserver from env
  • lxc-download.in / Document keyserver change in help
  • Change variable check to match existing style
  • tests: Support running on IPv6 networks
  • tests: Kill containers (don't wait for shutdown)
  • Fix opening wrong file in suggest_default_idmap
  • lxc_setup_tios(): Ignore SIGTTOU and SIGTTIN signals
  • Increased buffer length in print_stats()
  • remove obsolete note about api stability
  • conf: less error prone pointer access
  • create ISSUE_TEMPLATE.md
  • issue template: fix typo
  • conf: order mount options
  • commands: avoid NULL pointer dereference
  • commands: non-functional changes
  • lxccontainer: avoid NULL pointer dereference

Downloads

The release tarballs may be found on our download page and we expect most distributions will very soon ship a packaged version of LXC 1.0.10.

Please note that LXC upstream strongly recommends 1.0 users to upgrade to the 2.0 LTS release. The 1.0 branch will keep being supported until June 2019, but at this point, only critical bugfixes and security updates will be backported.

Should you be interested in individual changes or just looking at the detailed development history, our stable branch is on GitHub.

LXC 2.0.7 release announcement

23rd of January 2017 This is the seventh bugfix release for LXC 2.0.

The main bugfixes in this release are:

  • attach: Close lsm label file descriptor
  • attach: Non-functional changes
  • attach: Simplify lsm_openat()
  • caps: Add lxc_cap_is_set()
  • conf: attach: Save errno across call to close
  • conf: Clearly report to either use drop or keep
  • conf: criu: Add make_anonymous_mount_file()
  • conf: Fix suggest_default_idmap()
  • configure: Add --enable-gnutls option
  • configure: Check for memfd_create()
  • configure: Check whether gettid() is declared
  • configure: Do not allow variable length arrays
  • configure: Remove -Werror=vla
  • configure: Use AC_HEADER_MAJOR to detect major()/minor()/makedev()
  • conf: Non-functional changes
  • conf: Remove thread-unsafe strsignal + improve log
  • init: Add cgroupfs-mount to Should-Start/Stop sysvinit LSB headers
  • log: Add lxc_unix_epoch_to_utc()
  • log: Annotate lxc_unix_epoch_to_utc()
  • log: Drop all timezone conversion functions
  • log: Make sure that date is correctly formatted
  • log: Use lxc_unix_epoch_to_utc()
  • log: Use N/A if getpid() != gettid() when threaded
  • log: Use thread-safe localtime_r()
  • lvm: Suppress warnings about leaked files
  • lxccontainer: Log failure to send sig to init pid
  • monitor: Add more logging
  • monitor: Close mainloop on exit if we opened it
  • monitor: Improve log + set log level to DEBUG
  • monitor: Log which pipe fd is currently used
  • monitor: Make lxc-monitord async signal safe
  • monitor: Non-functional changes
  • python3-lxc: Fix api_test.py on s390x
  • start: Check for CAP_SETGID before setgroups()
  • start: Fix execute and improve setgroups() calls
  • state: Use async signal safe fun in lxc_wait()
  • templates: lxc-debian: Don't try to get stuff from /usr/lib/systemd on the host
  • templates: lxc-debian: Fix getty service startup
  • templates: lxc-debian: Fix typo in calling dpkg with --print-foreign-architectures option
  • templates: lxc-debian: Handle ppc hostarch -> powerpc
  • templates: lxc-opensuse: Change openSUSE default release to Leap 42.2
  • templates: lxc-opensuse: Remove libgcc_s1
  • templates: lxc-opensuse: Remove poweroff.target -> sigpwr.target copy
  • templates: lxc-opensuse: Set to be unconfined by AppArmor
  • templates: lxc-opensuse: Update for Leap 42.2
  • tests; Don't cause test failures on cleanup errors
  • tests: Skip unpriv tests on broken overlay module
  • tools: Improve logging
  • tools: lxc-start: Remove c->is_defined(c) check
  • tools: lxc-start: Set configfile after load_config
  • tools: Only check for O_RDONLY
  • tree-wide: Random macro cleanups
  • tree-wide: Remove any variable length arrays
  • tree-wide: Sic semper assertis!
  • utils: Add macro __LXC_NUMSTRLEN
  • utils: Add uid, gid, group convenience wrappers

Downloads

The release tarballs may be found on our download page and we expect most distributions will very soon ship a packaged version of LXC 2.0.7.

Should you be interested in individual changes or just looking at the detailed development history, our stable branch is on GitHub.

LXC 2.0.6 release announcement

23rd of November 2016 This is the sixth bugfix release for LXC 2.0.

Important:

  • Security fix for CVE-2016-8649

Bugfixes:

  • utils: make detect_ramfs_rootfs() return bool
  • tests: add test for detect_ramfs_rootfs()
  • add Documentation entries to lxc and lxc@ units
  • mark the python examples as having utf-8 encoding
  • log: sanity check the returned value from snprintf()
  • lxc-alpine: mount /dev/shm as tmpfs
  • archlinux: Do DHCP on eth0
  • archlinux: Fix resolving
  • Drop leftover references to lxc_strerror()
  • tests: fix image download for s390x
  • tools: fix coding style in lxc_attach
  • tools: make overlay valid backend
  • tools: better error reporting for lxc-start
  • alpine: Fix installing extra packages
  • lxc-alpine: do not drop setfcap
  • s390x: Fix seccomp handling of personalities
  • tools: correct the argument typo in lxc_copy
  • Use libtool for liblxc.so
  • c/r: use --external instead of --veth-pair
  • c/r: remember to increment netnr
  • c/r: add checkpoint/restore support for macvlan interfaces
  • ubuntu: Fix package upgrades requiring proc
  • c/r: drop duplicate hunk from macvlan case
  • c/r: use snprintf to compute device name
  • Tweak libtool handling to work with Android
  • tests: add lxc_error() and lxc_debug()
  • container start: clone newcgroup immediately
  • use python3_sitearch for including the python code
  • fix rpm build, include all built files, but only once
  • cgfs: fix invalid free()
  • find OpenSUSE's build also as obs-build
  • improve help text for --fancy and --fancy-format
  • improve wording of the help page for lxc-ls
  • cgfs: add print_cgfs_init_debuginfo()
  • cgfs: skip empty entries under /proc/self/cgroup
  • cgfs: explicitly check for NULL
  • tools: use correct exit code for lxc-stop
  • c/r: explicitly emit bind mounts as criu arguments
  • log: bump LXC_LOG_BUFFER_SIZE to 4096
  • conf: merge network namespace move & rename on shutdown
  • c/r: save criu's stdout during dump too
  • c/r: remove extra \ns from logs
  • c/r: fix off-by-one error
  • c/r: check state before doing a checkpoint/restore
  • start: CLONE_NEWCGROUP after we have setup cgroups
  • create symlink for /var/run
  • utils: add lxc_append_string()
  • cgroups: remove isolated cpus from cpuset.cpus
  • Update Ubuntu release name: add zesty and remove wily
  • templates: add squashfs support to lxc-ubuntu-cloud.in
  • cgroups: skip v2 hierarchy entry
  • also stop lxc-net in runlevels 0 and 6
  • add lxc.egg-info to gitignore
  • install bash completion where pkg-config tells us to
  • conf: do not use %m format specifier
  • debian: Don't depend on libui-dialog-perl
  • cgroups: use %zu format specifier to print size_t
  • lxc-checkpoint: automatically detect if --external or --veth-pair
  • cgroups: prevent segfault in cgfsng
  • utils: add lxc_preserve_ns()
  • start: add netnsfd to lxc_handler
  • conf: use lxc_preserve_ns()
  • attach: use lxc_preserve_ns()
  • lxc_user_nic: use lxc_preserve_ns()
  • conf, start: improve log output
  • conf: explicitly remove veth device from host
  • conf, start: be smarter when deleting networks
  • start, utils: improve preserve_ns()
  • start, error: improve log + non-functional changes
  • start, namespace: move ns_info to namespace.{c,h}
  • attach, utils: bugfixes
  • attach: use ns_info[LXC_NS_MAX] struct
  • namespace: always attach to user namespace first
  • cgroup: improve isolcpus handling
  • cgroups: handle non-existent isolcpus file
  • utils: add lxc_safe_uint()
  • tests: add unit tests for lxc_safe_uint()
  • utils: add lxc_safe_int()
  • tests: add unit tests for lxc_safe_int()
  • conf/ile: get ip prefix via lxc_safe_uint()
  • confile: use lxc_safe_u/int in config_init_{u,g}id
  • conf/ile: use lxc_safe_uint() in config_pts()
  • conf/ile: use lxc_safe_u/int() in config_start()
  • conf/ile: use lxc_safe_uint() in config_monitor()
  • conf/ile: use lxc_safe_uint() in config_tty()
  • conf/ile: use lxc_safe_uint() in config_kmsg()
  • conf/ile: avoid atoi in config_lsm_aa_incomplete()
  • conf/ile: use lxc_safe_uint() in config_autodev()
  • conf/ile: avoid atoi() in config_ephemeral()
  • utils: use lxc_safe_int()
  • lxc_monitord: use lxc_safe_int() && use exit()
  • start: use lxc_safe_int()
  • conf: use lxc_safe_{u}int()
  • tools/lxc_execute: use lxc_safe_uint()
  • tools/lxc_stop: use lxc_safe_uint()
  • utils: add lxc_safe_long()
  • tests: add unit tests for lxc_safe_long()
  • tools/lxc_stop: use lxc_safe_long()
  • tools/lxc_top: use lxc_safe_int()
  • tools/lxc_ls: use lxc_safe_uint()
  • tools/lxc_autostart: use lxc_safe_{int,long}()
  • tools/lxc_console: use lxc_safe_uint()
  • tools: replace non-standard namespace identifiers
  • Configure a static MAC address on the LXC bridge
  • tests: remove overflow tests
  • attach: do not send procfd to attached process

Downloads

The release tarballs may be found on our download page and we expect most distributions will very soon ship a packaged version of LXC 2.0.6.

Should you be interested in individual changes or just looking at the detailed development history, our stable branch is on GitHub.

LXC 1.0.9 release announcement

23rd of November 2016 This is the ninth bugfix release for LXC 1.0.

Important:

  • Security fix for CVE-2016-8649

Bugfixes:

  • doc: change "-t" option of lxc-create(1) to being required
  • ubuntu-cloud: Various fixes
  • coverity: avoid null pointer dereference in cgmanager
  • Use /usr/bin/env python3 instead of /usr/bin/python3 project-wide
  • Fetch Debian archive GPG keyrings when they're not available
  • seccomp: handle inverted arch
  • Better handle preserve_ns behavior
  • Revert "seccomp: handle inverted arch"
  • lxc_container struct: add comment about moving member fns
  • debian: Fix container creation on missing cache
  • lxc: let lxc-start support wlan phys
  • apparmor: support lxc.aa_profile = unchanged
  • seccomp: support 32-bit arm on arm64, and 32-bit ppc on ppc64
  • Conditional compilation for ARM and PPC
  • prune_init_cgroup: don't dereference NULL
  • fix 'lxc.mount.entry' key when clearing unexpanded config
  • Update get_item test after the lxc.mount.entry fix
  • Fix seccomp profile on attach of undefined container
  • Return immediately in save_phys_nics if not run as root Physical nic is not instantiated in lxc_create_network
  • lxc-checkconfig: remove zgrep dependency
  • Refactoring conditional directives.
  • Fix swap calculation
  • python-lxc: Call PyOS_AfterFork after attaching to a container
  • fix buffer overflow in ifaddrs.c
  • Documenting valueless lxc.cap.drop behaviour
  • NULL pointer deference if nlmsg_reserve() returns NULL for ifi
  • Don't try to change aa label if we are already apparmor-confined
  • coverity: preserve_ns returns bool, not int
  • apparmor: recognize 'unconfined' as unconfined.
  • bash completion: the 'have' command was deprecated in favor of '_have'
  • Set the right variable to NULL when unsetting ipv6_gateway
  • preserve inherited fds for stop hook
  • avoid printing null string in error message
  • Fix Comment inside Fedora Template
  • doc: Add valueless lxc.cap.drop behaviour to Japanese man page
  • Document clear behaviour of list options
  • fix lockpath removal in Python lxc-ls
  • Document network clear option
  • open_without_symlink: Account when prefix is empty string
  • lxc_setup_fs: Create /dev/shm folder if it doesn't exist
  • cgmanager: don't make tasks + cgroup.procs +x
  • cleanup: lxc_container::want_* comment descriptions
  • Fix echo statement inside fedora template
  • Use ${utsname} instead of ${UTSNAME} because latter variable is not defined.
  • Ignore any container with a name starting by '.'
  • increase /dev size to 500k ( issue #781)
  • cgfs: prune the init scope from paths
  • doc: add clear behaviour of list options to Japanese lxc.container.conf(5)
  • doc: Add network clear option to Japanese lxc.container.conf(5)
  • apparmor: allow binding /run/{,lock/} -> /var/run/{,lock/}
  • log.c:__lxc_log_set_file: fname cannot be null
  • log.c:__lxc_log_set_file: completely close log file when overriding
  • Allow sysfs remount by mountall
  • cgroups: do not fail if setting devices cgroup fails due to EPERM
  • cgfs: also check for EACCES when writing devices
  • lxc: cgfs: handle lxcfs
  • Fix typo in lxc manpage
  • cgfs: make sure we use valid cgroup mountpoints
  • cgfs: be less verbose
  • doc: improve Japanese lxc-attach(1)
  • doc: improve lxc-unshare(1)
  • open_without_symlink: Don't SYSERROR on something else than ELOOP
  • lxc-busybox: Touch /etc/fstab in the container rootfs
  • sync: add LXC_SYNC_ERROR to report errors from another process.
  • start: use LXC_SYNC_ERROR to report errors.
  • lxc-busybox: Remove warning for dynamically linked Busybox
  • Fix installation of out-of-tree (VPATH) builds
  • use httpredir.debian.org as the default Debian mirror
  • always provide a default mirror for debootstraping Ubuntu
  • lxc-ubuntu: Fix building on secondary architectures
  • update Debian release names
  • fix btrfs_recursive_destroy
  • store errno immediately after ioctl
  • fix spelling mistakes spotted by Debian's lintian
  • netlink_open: close socket on error
  • lxc_mount_auto_mounts(): free memory on failure
  • Ignore temporary files generated by doxygen
  • nicer date format and support for SOURCE_DATE_EPOCH in LXC_GENERATE_DATE
  • drop obsolete syslog.target from lxc.service.in
  • Update maintainers
  • Check if stdout is a terminal in lxc-checkconfig
  • Fixed - set PyErr when Container.__init__ fails
  • Added type to keys in lxc_list_nicconfigs
  • Force DHCP client to send hostname
  • sync: fail on unexpected message sizes
  • sync.c: use correct types
  • Added OR statement for cases of ID = rhel in RHEL 7+
  • Unshare netns after setting the userns mappings
  • Allow configuration file values to be quoted
  • Also allow fstype=fuse for fuse filesystems
  • Fix hostname in interface config for apline template
  • Fix redefinition of struct in6_addr
  • lxc-debian: make sure init is installed
  • plamo: Improve Plamo template
  • AppArmor: add make-rslave to usr.bin.lxc-start
  • Include all lxcmntent.h function declarations on Bionic
  • lxc-debian: fix regression when creating wheezy containers
  • Set up MTU for vlan-type interfaces.
  • templates: avoid noisy perl warnings caused by missing locales
  • Add a prefix to the lxc.pc
  • conf: set pty_info to NULL after free
  • apparmor: Refresh generated file
  • tools: add missing newline in lxc-create output
  • Use full GPG fingerprint instead of long IDs.
  • utils: Add mips signalfd syscall numbers
  • seccomp: Implement MIPS seccomp handling
  • seccomp: Add mips and mips64 entries to lxc_config_parse_arch
  • seccomp: fix strerror()
  • confile: add more archs to lxc_config_parse_arch()
  • seccomp: add support for s390x
  • seccomp: remove double include and order includes
  • seccomp: non functional changes
  • templates: fedora requires openssl binary
  • set FULL_PATH_NAMES=NO in doc/api/Doxyfile
  • console: use correct log name
  • lxczfs: small fixes
  • make rsync deal with sparse files efficiently
  • lxc-create -t debian fails on ppc64el arch
  • utils: fix lxc_string_split()
  • Fix spelling of CentOS in the templates
  • mark the python examples as having utf-8 encoding
  • log: sanity check the returned value from snprintf()
  • archlinux: Do DHCP on eth0
  • archlinux: Fix resolving
  • Drop leftover references to lxc_strerror().
  • s390x: Fix seccomp handling of personalities
  • ubuntu: Fix package upgrades requiring proc
  • use python3_sitearch for including the python code
  • cgfs: fix invalid free()
  • cgfs: add print_cgfs_init_debuginfo()
  • cgfs: skip empty entries under /proc/self/cgroup
  • tools: use correct exit code for lxc-stop
  • conf: merge network namespace move & rename on shutdown
  • create symlink for /var/run
  • cgfs: explicitly check for NULL
  • templates: add squashfs support to lxc-ubuntu-cloud.in
  • install bash completion where pkg-config tells us to
  • conf: do not use %m format specifier
  • debian: Don't depend on libui-dialog-perl
  • Replace 'index' by 'strchr' for Android build
  • tree-wide: replace readdir_r() with readdir()
  • attach: do not send procfd to attached process

Downloads

The release tarballs may be found on our download page and we expect most distributions will very soon ship a packaged version of LXC 1.0.9.

Please note that LXC upstream strongly recommends 1.0 users to upgrade to the 2.0 LTS release. The 1.0 branch will keep being supported until June 2019, but at this point, only critical bugfixes and security updates will be backported.

Should you be interested in individual changes or just looking at the detailed development history, our stable branch is on GitHub.

LXC 2.0.5 release announcement

5th of October 2016 This is the fifth bugfix release for LXC 2.0.

The main bugfixes in this release are:

  • Fix .gitignore after /tools/ split
  • Add lxc-test-utils to .gitignore
  • bdev: use correct overlay module name
  • cleanup: tools: remove --name from lxc-top usage message
  • cleanup: whitespaces in option alignment for lxc-execute
  • Use full GPG fingerprint instead of long IDs.
  • tools: move --rcfile to the common options list
  • tools: set configfile after load_config
  • doc: add --rcfile to common opts
  • doc: Update Korean lxc-attach(1)
  • doc: Add --rcfile to Korean common opts
  • doc: Add --rcfile to Japanese common opts
  • tools: use exit(EXIT_*) everywhere
  • tools: unify exit() calls outside of main()
  • utils: Add mips signalfd syscall numbers
  • seccomp: Implement MIPS seccomp handling
  • seccomp: Add mips and mips64 entries to lxc_config_parse_arch
  • seccomp: fix strerror()
  • confile: add more archs to lxc_config_parse_arch()
  • seccomp: add support for s390x
  • seccomp: remove double include and order includes
  • seccomp: non functional changes
  • templates: use fd 9 instead of 200
  • templates: fedora requires openssl binary
  • tools: use boolean for ret in lxc_device.c
  • c/r: use /proc/self/tid/children instead of pidfile
  • c/r: Fix pid_t on some arches
  • templates: Add mips hostarch detection to debian
  • cleanup: replace tabs wth spaces in usage strings
  • remove extra 'ret'
  • c/r: write status only after trying to parse the pid
  • set FULL_PATH_NAMES=NO in doc/api/Doxyfile
  • templates: rm halt.target -> sigpwr.target symlink
  • templates: remove creation of bogus directory
  • console: use correct log name
  • configure: add --disable-werror
  • tests: fix get_item tests
  • templates: use correct cron version in alpine template
  • c/r: zero a smaller than known migrate_opts struct
  • lxczfs: small fixes
  • c/r: free valid_opts if necessary
  • make rsync deal with sparse files efficiently
  • lxc-create -t debian fails on ppc64el arch
  • c/r: fix typo in comment
  • cgroup: add new functions for interacting with hierachies
  • utils: add lxc_deslashify
  • c/r: pass --cgroup-roots on checkpoint
  • cgroup: get rid of weird hack in cgfsng_escape
  • cgroup: drop cgroup_canonical_path
  • c/r: check that cgroup_num_hierarchies > 0
  • tools: do not add trailing spaces on lxc-ls -1
  • conf: retrieve mtu from netdev->link
  • conf: try to retrieve mtu from veth
  • c/r: detatch from controlling tty on restore
  • Fix null derefence if attach is called without access to any tty
  • utils: fix lxc_string_split()
  • tools: lxc_deslashify() handle special cases
  • tests: add unit tests for lxc_deslashify()
  • Fix for ALTLinux container creation in all branches
  • utils: lxc_deslashify() free memory
  • Fix spelling of CentOS in the templates
  • Define LXC_DEVEL to detect development releases
  • tools: lxc-checkconfig conditionalize devpts check

Downloads

The release tarballs may be found on our download page and we expect most distributions will very soon ship a packaged version of LXC 2.0.5.

Should you be interested in individual changes or just looking at the detailed development history, our stable branch is on GitHub.

End of life announcement for LXC 1.1

1st of September 2016 LXC 1.1 has now reached its end of life.

This means that the stable-1.1 branch is now closed and we will not be doing any more bugfix or security releases for this branch.

Anyone still on LXC 1.1 should upgrade to 2.0 as soon as possible.

As a reminder, we currently support the following releaes:

  • LXC 1.0.x until June 1st 2019
  • LXC 2.0.x until June 1st 2021

LXC 2.0.4 release announcement

15th of August 2016 This is the fourth bugfix release for LXC 2.0.

The main bugfixes in this release are:

  • core: Add a prefix to the lxc.pc
  • core: Add flag in mount_entry to skip NODEV in case of a persistent dev entry
  • core: Add missing cgroup namespace to ns_info struct
  • core: attach: setns instead of unshare in lxc-attach
  • core: bdev: Add subdirectories to search path
  • core: bdev: Be smarter about btrfs subvolume detection
  • core: cgfsng: Don't pre-calculate path
  • core: cgfsng: Fix is_lxcfs() and is_cgroupfs()
  • core: cgroups: Move cgroup files to common subfolder
  • core: conf: Set pty_info to NULL after free
  • core: Detect if we should send SIGRTMIN+3
  • core: Replace readdir_r() with readdir()
  • core: Set up MTU for vlan-type interfaces.
  • core: tools, tests: Reorganize repo
  • c/r: Add support for CRIU's --action-script
  • c/r: Add support for ghost-limit in CRIU
  • c/r: Drop in-flight connections during CRIU dump
  • c/r: Initialize migrate_opts properly
  • c/r: Make local function static
  • c/r: Replace tmpnam() with mkstemp()
  • c/r: Store criu version
  • c/r: Use PRIu64 format specifier
  • doc: Fix typo found by lintian
  • doc: Update Japanese lxc-attach(1)
  • doc: Update lxc-attach(1)
  • lxc-attach: Add -f option (rcfile)
  • lxc-attach: Cleanup whitespaces
  • lxc-create: Add missing newline in output
  • lxc-ls: Use correct runtime path
  • templates: alpine: Add support for new arch
  • templates: alpine: Mount tmpfs under /run
  • templates: debian: Add more quotes to variables (at least $rootfs should now be covered)
  • templates: debian: Avoid noisy perl warnings caused by missing locales
  • templates: debian: fix regression when creating wheezy containers
  • templates: debian: Make shellcheck (Ubuntu: 0.3.7-5 amd64) most possible happy
  • tests: Add unit tests for lxc_string_in_array()
  • tests: Add unit tests for lxc_string_replace()

Downloads

The release tarballs may be found on our download page and we expect most distributions will very soon ship a packaged version of LXC 2.0.4.

Should you be interested in individual changes or just looking at the detailed development history, our stable branch is on GitHub.

LXC 2.0.3 release announcement

28th of June 2016 This is the third bugfix release for LXC 2.0.

LXC 2.0.3 was released just minutes after LXC 2.0.2 as we spotted an incorrect AppArmor profile included in the LXC 2.0.2 release tarball.

The main bugfixes in this release are:

  • apparmor: Refresh generated file

Downloads

The release tarballs may be found on our download page and we expect most distributions will very soon ship a packaged version of LXC 2.0.3.

Should you be interested in individual changes or just looking at the detailed development history, our stable branch is on GitHub.

LXC 2.0.2 release announcement

28th of June 2016 This is the second bugfix release for LXC 2.0.

Please do not use LXC 2.0.2, instead use 2.0.3 which fixes an accidental regression in AppArmor coverage.

The main bugfixes in this release are:

  • apparmor: add make-rslave to usr.bin.lxc-start
  • apparmor: Allow bind-mounts and {r}shared/{r}private
  • apparmor: allow mount move
  • apparmor: Update mount states handling
  • core: Drop lxc-devsetup as unneeded by current autodev
  • core: Fix redefinition of struct in6_addr
  • core: Include all lxcmntent.h function declarations on Bionic
  • c/r: c/r: use criu's "full" mode for cgroups
  • systemd: start containers in foreground when using the lxc@.service
  • templates: debian: Make sure init is installed
  • templates: oracle: Fix console login
  • templates: plamo: Fix various issues
  • templates: ubuntu: Install apt-transport-https by default
  • travis: ensure 'make install' doesn't fail
  • travis: test VPATH builds
  • upstart: Force lxc-instance to behave like a good Upstart client

Downloads

The release tarballs may be found on our download page and we expect most distributions will very soon ship a packaged version of LXC 2.0.2.

Should you be interested in individual changes or just looking at the detailed development history, our stable branch is on GitHub.

LXC 2.0.1 release announcement

16th of May 2016 This is the first bugfix release for LXC 2.0.

The main bugfixes in this release are:

  • apparmor: Also allow fstype=fuse for fuse filesystems
  • attach: adapt lxc-attach tests & add test for pty logging
  • attach: don't fail attach on failure to setup a SIGWINCH handler.
  • attach: fix a variety of lxc-attach pts handling issues
  • attach: switch console pty to raw mode (fixes ncurses-based programs)
  • attach: use raw settings of ssh for pty
  • bindings: fixed python-lxc reference to var before assignment in create()
  • bindings: set PyErr when Container.__init__ fails
  • cgfsng: defer to cgfs if needed subsystems are not available
  • cgfsng: don't require that systemd subsystem be mounted
  • core: Added missing type to keys in lxc_list_nicconfigs
  • core: Allow configuration file values to be quoted
  • core: log: remove duplicate definitons and bump buffer size
  • core: sync: properly fail on unexpected message sizes
  • core: Unshare netns after setting the userns mappings (fixes ownership of /proc/net)
  • core: various fixes as reported by static analysis
  • c/r: add an option to use faster inotify support in CRIU
  • c/r: rearrange things to pass struct migrate_opts all the way down
  • doc: ignore temporary files generated by doxygen
  • doc: tweak manpage generation date to be compatible with reproducible builds
  • doc: update MAINTAINERS
  • doc: update to translated manpages
  • init: add missing lsb headers to sysvinit scripts
  • init: don't make sysv init scripts dependant on distribution specifics
  • init: drop obsolete syslog.target from lxc.service.in
  • lxc-attach: add logging option to manpage
  • lxc-checkconfig: better render when stdout isn't a terminal
  • lxc-create: fix -B best option
  • lxc-destroy: avoid double print
  • lxc-ls: use fewer syscalls when doing ipc
  • templates: Add apt-transport-https to minbase variant of Ubuntu template
  • templates: fix a typo in the capabilities name for Gentoo (sys_resource)
  • templates: logic fix in the Centos template for RHEL7+ support
  • templates: tweak Alpine DHCP configuration to send its hostname
  • templates: tweak to network configuration of the Oracle template

Downloads

The release tarballs may be found on our download page and we expect most distributions will very soon ship a packaged version of LXC 2.0.1.

Should you be interested in individual changes or just looking at the detailed development history, our stable branch is on GitHub.

LXC 2.0.0 release announcement

6th of April 2016 The LXC team is very pleased to announce the release of LXC 2.0!

Highlights

  • All main LXC commands have now been rewritten in C
    • lxc-ls
    • lxc-device
    • lxc-copy
  • New lxc-copy command taking over the role of lxc-clone and lxc-start-ephemeral
  • Much improved support for checkpoint/restore of containers
  • Completely reworked cgroup handling including support for the cgroup namespace
  • The various command line tools are now much more consistent
  • Re-organized storage backend implementation, including addition of a Ceph RBD backend
  • An enormous amount of bugfixes, most of which will be backported to 1.0 and 1.1 over the next few bugfix releases
  • The C API remains backward compatible with previous versions and is released as 1.2

This release was made possible by contributions (720 commits) from a total of 96 contributors.

New configuration options

  • lxc.ephemeral: Controls whether the container is ephemeral and so will be destroyed on shutdown
  • lxc.rebootsignal: Allows to override the signal sent for container reboot
  • lxc.hook.destroy: New hook being called on container destruction
  • lxc.hook.stop: Run in the host context with references to the containers just before namespace teardown
  • lxc.init_uid: Used by lxc-execute to set an alternative user
  • lxc.init_gid: Used by lxc-execute to set an alternative group
  • lxc.monitor.unshare: Allows unsharing the mount namespace prior to running any hook

New features

  • API:
    • API version is 1.2, fully backward compatible with 1.1 and 1.0
    • new symbols:
      • New migrate() symbol as an alternative to checkpoint() using a migrate_opts struct to simplify additions
    • python3
      • Support for passing the storage backend to create()
    • lua
      • Add support for get_ips()
      • Add support for get_interfaces()
      • Add support for rename()
  • Core:
    • cgfsng: New cgroup backend driver for recent Linux kernel
    • cgroup: Partial support for the new cgroup hierarchy
    • cgroup: Support for the cgroup namespace
    • checkpoint: Support checkpoint/restore of default LXC containers
    • checkpoint: Support checkpoint/restore of unprivileged containers
    • checkpoint: Support for the page server
    • config: lxc.aa_profile: Now supports an "unchanged" value
    • config: lxc.init_cmd: Now supports arguments
    • config: lxc.network.macvlan.mode: Added support for the "passthru" mode
    • config: lxc.rootfs.backend: Allows to override the storage backend (bypasses auto-detection)
    • config: New nesting.conf configuration file to setup container nesting
    • hooks: New LXC_CGNS_AWARE environment variable, set to 1 if LXC supports the cgroup namespace (the kernel however may not)
    • hooks: New LXC_SRC_NAME environment variable is set in clone hook with the original container name
    • hooks: New LXC_TARGET environment variable is set with the container goal (stop or reboot)
    • logging: Updated logging timestamps to be a bit more readable
    • lxc-usernet: Support for containers usning a veth interface without bridging
    • lxc-usernet: Support for group-based quotas (use the @ prefix)
    • network: The bridge interface MTU is now used as the default container interface MTU
    • start: The process title is now renamed to be easier to read
    • storage: New Ceph RBD storage backend
  • Documentation:
    • Korean translation of all the man pages
  • Commands:
    • lxc-attach: Use an intermediate pts device to prevent attacks against the parent shell
    • lxc-clone: Support for renaming containers
    • lxc-start-ephemeral: Support for changing bind-mount targets
  • Init systems:
    • systemd: Support for instanced service units
  • Templates
    • New ALTLinux template
    • New Slackware template
    • New SPARCLinux template
    • alpine: Support installing extra packages
    • debian: Default to just "main" enabled, allow enabling other repositories through argument
    • oracle: Set the timezone in the container
    • openssh: Add OpenSSH support
    • ubuntu: New -v option allowing the user to set the debootstrap variant
    • ubuntu-cloud: Support for vendor-data passthrough

Change in behavior

  • The lxc-autostart container startup order is now reversed (to be correct)
  • The new cgfsng cgroup backend is now the recommended backend
  • lxc.hook.post-stop failures are now fatal to container reboots

Note that several commands have been significantly reworked in this release. We don't consider our command line tools as stable ABI so you may need to test and adapt your scripts, or better, port them to use our stable C API or one of its bindings.

Deprecation warnings

The "lxc-clone" and "lxc-start-ephemeral" commands are now considered deprecated and to be replaced by the new lxc-copy. Those commands can still be built by using the --enable-legacy flag, however note that they will print a warning when used and that they will be removed from upcoming LXC releases.

Support

This is the second LXC Long Term Support release which we will be supporting until the 1st of June 2021. LXC 1.0, our previous Long Term Support release, is still supported until the 1st of June 2019. And lastly, the previous stable release, LXC 1.1 will go end of life on the 1st of September 2016.

Downloads

The release tarballs may be found on our download page and we expect most distributions will very soon ship a packaged version of LXC 2.0.0.

Should you be interested in individual changes or just looking at the detailed development history, our master branch is on GitHub.

LXC 1.1.5 release announcement

9th of November 2015 This is the fifth bugfix release for LXC 1.1.

Core:

  • Fix handling of process title rename (now only on >= 3.19 kernels)
  • Several improvements to overlayfs/aufs handling
    • Needed directories are created if missing
    • Better handling of absolute paths
    • Better handling of cloning overlayfs containers
  • Ignore trailing /init.scope in cgroup paths (needed for newer systemd)
  • Allow checkpoint/restore of containers using non-bridged veth devices
  • Properly initialize error_num (exit code tracking for the container)
  • lxc-usernsexec: Re-open fds 0,1,2 separately (only if stdin is a tty)

Init scripts:

  • lxc-net: Start after network-online.target

Commands:

  • lxc-start: Allow preserving the PID namespace too

Templates:

  • archlinux: Fix systemd-sysctl service
  • ubuntu-cloud: Use tar.xz tarballs by default (as tar.gz will soon be discontinued)
  • ubuntu-cloud: Always exit 1 on error

Downloads

The release tarballs may be found on our download page and we expect most distributions will very soon ship a packaged version of LXC 1.1.5.

Should you be interested in individual changes or just looking at the detailed development history, our stable branch is on GitHub.

LXC 1.0.8 release announcement

9th of November 2015 This is the eight bugfix release for LXC 1.0.

Important:

  • Security fix for CVE-2015-1331
  • Security fix for CVE-2015-1334

Core:

  • Add a nesting.conf which can be included to support nesting containers
  • Add support for CAP_AUDIT_READ and CAP_BLOCK_SUSPEND
  • Allow autodev without a rootfs
  • Also drop caps in unpriv containers
  • apparmor: Block access to /proc/kcore
  • apparmor: Fix slave bind mounts
  • apparmor: Sync with current git master
  • attach: use _exit() instead of exit() in the intermediate child process
  • aufs: Support unprivileged clone, mount
  • Call /lib/apparmor/profile-load directly instead of the wrapper
  • cgmanager: attach: never use 'all' controller
  • cgmanager: free line at end of check_supports_multiple_controllers
  • cgmanager: put unprivileged containers under $(curcgroup)/lxc/$(container0
  • Change lxc-clone to use 'rsync -aH' instead of just 'rsync -a' for cloning to fix Launchpad Bug #1441307.
  • clone_paths: use 'rootfs' for destination directory
  • config: add miscellaneous signals for lxc.*signal
  • daemonized start: exit children on failure, don't return
  • Define MS_REC and MS_SLAVE for Android in bdev.c
  • Define MS_RELATIME for Android
  • Define O_PATH and O_NOFOLLOW for Android
  • detect whether cgmanager_list_controllers is available
  • do_lxcap_stop: wait until container is stopped
  • don't close std* fd if opentty fails
  • Enable seccomp by default for unprivileged users.
  • Factorize handle of create=dir and create=file
  • Fix Android build due to missing constant
  • Fix automatic mounts without a rootfs
  • fix build on mpc85xx
  • Fix clearing IPv4/IPv6 addresses
  • Fix container creation without a rootfs
  • Fix control tty issues on attach
  • Fix /dev symlinks without a rootfs
  • Fix dropped fs caps when cloning a container
  • Fix error message when cannot find an lxc-init
  • Fix incomplete destruction of unprivileged ephemeral containers
  • Fix instantiation of multiple vlan interfaces with same id
  • Fix reversed args in mount call
  • Fix verification of start hook without a rootfs
  • Ignore trailing /init.scope in init cgroups
  • Init error_num to 1
  • init: Support older apparmor
  • In lxc.mount.auto, skip on ENONENT
  • lxc_monitor: fix memory leak on @fds and close fds
  • lxc_monitor: free @preg on error
  • lxc_mount_auto_mounts: fix weirdness
  • make cgmanager follow lxc.cgroup.use
  • Make LXC_CLONE_KEEPNAME work
  • Make mount_entry_create_*_dirs() more robust
  • Make overlayfs mounts work directly
  • Only mount /proc if needed, even without a rootfs
  • only re-open fds if stdin is a tty
  • Only use LOGPATH if lxcpath is unset or default
  • overlay: create workdir if it doesn't exist
  • pass on reboot flag and delete old veth on reboot
  • Prevent from error on umount /proc if userns are used.
  • Remove btrfs subvolumes
  • rpm: added dependency to lxc-libs to lxc package
  • seccomp: add aarch64 support
  • seccomp: add ppc support
  • seccomp: add rule to reject umount -f
  • seccomp: simplify and fix rule parsing
  • Skip control tty code for non-ttys
  • Sort the cgroup memory settings before applying
  • Support unprivileged ephemeral container using aufs
  • Tear down network devices during container halt
  • Uniformly nullify std fds
  • Use /dev/loop-control if it exists
  • Use 'overlay' as fs name when needed
  • use poll instead of select when possible
  • Use POSIX-compliant function names in bash completion
  • Use rdepends when non-thinpool LVM container is cloned
  • When creating container, save configuration if rootfs already exists

Documentation:

  • Add the note related mount in Japanese lxc.container.conf(5)
  • Add about zfs, aufs, overlayfs to '-s' option of lxc-clone(1)
  • Add doc for optional, create=dir and create=file in lxc.container.conf man
  • Add long option for -P in documentation
  • Add LXC-specific mount option in Japanese lxc.container.conf(5)
  • Add options of 'loop' backingstore to lxc-create(1)
  • Add -P lxcpath and --version to lxc-ls manpage
  • Add '--storage-type' option to lxc-start-ephemeral(1)
  • Add the description for -P and --version to English and Japanese lxc-ls(1)
  • Add the description for --version to English and Japanese common_options
  • Add the use of 'attach' to lxc-start-ephemeral(1)
  • clarify the description of the veth network type in the manpage.
  • Fix the mistranslation about lxc.group in Japanese lxc.container.conf(5)
  • Fresh CONTRIBUTING
  • Remove unnecessary common options from lxc-user-nic(1)
  • Translate untranslated section titles in Japanese man pages
  • Update MAINTAINERS
  • Update the description of -L option in lxc-autostart(1)
  • Update the description of the veth in the Japanese lxc.container.conf(5)

Bindings:

  • lua: Fix 5.3 compatibility code.
  • lua: fix crash on missing blkio
  • lua: Small fix for 5.3 compatibility.

Tests:

  • enable cgmanager support for Travis CI
  • lxc-test-apparmor: flush the pipe before exiting child
  • lxc-test-symlink: add a test using absolute symlink
  • Update Travis configuration
  • Use 'cgm listcontrollers' list rather than /proc/self/cgroups

Config:

  • lxc-net.conf: use +e at teardown

Templates:

  • lxc-alpine: avoid GNU BRE extensions for better portability
  • lxc-alpine: create /dev/shm before mounting
  • lxc-alpine: fix verification of apk.static binary
  • lxc-alpine: use getopt to parse options
  • lxc-alpine: use yaml for detection of latest release
  • lxc-altlinux: fix parsing of option "--clean": it takes no argument
  • lxc-altlinux: protect possibly unset variable with quotes for -z check
  • lxc-archlinux: Fix systemd-sysctl service
  • lxc-busybox: fix unprivileged containers
  • lxc-centos: Added a more reliable test for yum --releasever
  • lxc-{centos|fedora}: Respect --rootfs
  • lxc-centos: fix big big login delays in Centos 7
  • lxc-centos: Fix booting a Centos 6 container
  • lxc-centos: fix parsing of option "--clean": it takes no argument
  • lxc-centos: fix tab/space mixup in help text.
  • lxc-centos: pass releasever parameter to yum
  • lxc-centos: protect possibly unset variable with quotes for -z check
  • lxc-centos: use hostname for DHCP_HOSTNAME in ifcfg-eth0
  • lxc-debian: Alternative test for dpkg multiarch support
  • lxc-debian: debootstrap failed when $GREP_OPTIONS is set
  • lxc-debian: document "--clean" in the usage.
  • lxc-debian: Fixed errors if dbus is not installed
  • lxc-debian: fix parsing of option "--clean": it takes no argument.
  • lxc-debian: improve help text
  • lxc-debian: protect possibly unset variable with quotes for -z check
  • lxc-debian: reconfigure locales
  • lxc-debian: skip security updates for unstable/sid
  • lxc-debian: support stretch (Debian 9) images
  • lxc-debian: Test dpkg for multiarch support
  • lxc-download: fix typo in help text.
  • lxc-download: improve help text.
  • lxc-download: make --list more useful.
  • lxc-fedora: Add support for "--mask-tmp"
  • lxc-fedora: Default to 22 but use 20 squashfs
  • lxc-fedora: Default to Fedora 21 as 22 no longer uses yum
  • lxc-fedora: fix parsing of option "--clean": it takes no argument
  • lxc-fedora: In fedora21, the fedora-repos package is needed.
  • lxc-fedora: let help text fit into 80 columns
  • lxc-fedora: manage secondary architectures
  • lxc-fedora: protect possibly unset variable with quotes for -z check
  • lxc-fedora: when using systemd, set lxc.kmsg = 0 in the config
  • lxc-gentoo: Add a hwaddr if there is only one veth
  • lxc-gentoo: Add /dev/shm tmpfs mount entry
  • lxc-gentoo: Fix creation of dev/mqueue and dev/shm
  • lxc-gentoo: Fix the --auth-key flag
  • lxc-gentoo: Fix wget
  • lxc-openmandriva: fix parsing of option "--clean": it takes no argument
  • lxc-openmandriva: protect possibly unset variable with quotes in -z check
  • lxc-opensuse: default release changed to 13.1, as 12.3 reaches end-of-life soon
  • lxc-opensuse: Disable building openSUSE containers on 13.2/Tumbleweed only if wrong version of build package is installed
  • lxc-opensuse: fix parsing of option "--clean": it takes no argument
  • lxc-opensuse: protect possibly unset variable with quotes in -z check
  • lxc-opensuse: use rpm to determine build version
  • lxc-oracle: Fix /dev/shm
  • lxc-ubuntu-cloud: Never exit 0 when no container is created
  • lxc-ubuntu-cloud: Replace .tar.gz by .tar.xz and don't auto-generate missing tarballs
  • lxc-ubuntu: Drop lucid support and refresh releases list

Commands:

  • Fix grammar in some of the executables "NAME for name of the container" becomes "NAME of the container"
  • lxc-autostart: Fix broken output
  • lxc-checkconfig: Update to work with kernel versions > 3
  • lxc-create: Fix -h with absolute template path
  • lxc-create: Require --template be passed
  • lxc-destroy: actually work if underlying fs is overlayfs
  • lxc-start: added pid parameter
  • lxc-start-ephemeral: fix pep-8 and pyflakes3
  • lxc-start-ephemeral: handle the overlayfs workdir option (v2)
  • lxc-start-ephemeral: Parse passwd directly
  • lxc-usernsexec: reopen fds 0,1,2 separately

Those stable fixes were brought to you by 59 individual contributors.

Downloads

The release tarballs may be found on our download page and we expect most distributions will very soon ship a packaged version of LXC 1.0.8.

Should you be interested in individual changes or just looking at the detailed development history, our stable branch is on GitHub.

LXC 1.1.4 release announcement

6th of October 2015 This is the fourth bugfix release for LXC 1.1.

Important:

  • Security fix for CVE-2015-1335

Core:

  • Check for NULL pointers before calling setenv()
  • Factorize handle of create=dir and create=file
  • Refactor and factorize mount entries
  • Split handle of lxc.mount* with 3 functions
  • init: Support older apparmor
  • Make LXC_CLONE_KEEPNAME work
  • Fix automatic mounts without a rootfs
  • Fix container creation without a rootfs
  • Fix /dev symlinks without a rootfs
  • Allow autodev without a rootfs
  • Only mount /proc if needed, even without a rootfs
  • When creating container, save configuration if rootfs already exists
  • Fix verification of start hook without a rootfs
  • Tear down network devices during container halt
  • coverity: fix mount_entry_create_dir_file
  • Add a nesting.conf which can be included to support nesting containers
  • Fix reallocation calculation
  • Add bdev_destroy() and bdev_destroy_wrapper()
  • overlayfs_clone: rsync the mounted rootfs
  • lxc_rmdir_onedev: don't fail if path doesn't exist
  • overlayfs_mount: create delta dir if it doesn't exist
  • ovl_rsync: make sure to umount
  • Destroy bdevs using bdev_destroy() from bdev.h
  • Fix indentation
  • cmds: fix abstract socket length problem
  • coverity: drop second (redundant) block
  • Check return value of snprintf in mount_proc_if_needed()
  • Add CAP_AUDIT_READ
  • Add CAP_BLOCK_SUSPEND
  • Free allocated memory on failure (v2)
  • Define O_PATH and O_NOFOLLOW for Android
  • seccomp: add aarch64 support
  • lxc-test-symlink: add a test using absolute symlink
  • lxc_mount_auto_mounts: fix weirdness
  • Fix the type of i in lxc_mount_auto_mounts

Tools:

  • Fix grammar in some of the executables "NAME for name of the container" becomes "NAME of the container"
  • lxc-checkconfig: add some more config options
  • lxc-start-ephemeral: Parse passwd directly

Documentation:

  • Add long option for -P in documentation
  • Add doc for optional, create=dir and create=file in lxc.container.conf man
  • Update lxc.cgroup.use in lxc.system.conf(5)
  • Add the description of common options in lxc-destroy(1)
  • Add LXC-specific mount option in Japanese lxc.container.conf(5)

Templates:

  • lxc-debian: support stretch (Debian 9) images
  • lxc-debian: allow not including contrib/non-free
  • lxc-debian: Test dpkg for multiarch support
  • lxc-debian: Alternative test for dpkg multiarch support in lxc-debian template
  • lxc-ubuntu: ubuntu.common.conf: mount /dev/mqueue
  • lxc-debian: We should only check the kernel architecture.
  • lxc-alpine: avoid GNU BRE extensions for better portability
  • lxc-alpine: use getopt to parse options

Those stable fixes were brought to you by 14 individual contributors.

Downloads

The release tarballs may be found on our download page and we expect most distributions will very soon ship a packaged version of LXC 1.1.4.

Should you be interested in individual changes or just looking at the detailed development history, our stable branch is on GitHub.

LXC 1.1.3 release announcement

14th of August 2015 This is the third bugfix release for LXC 1.1.

Changes

Important:

  • Security fix for CVE-2015-1331
  • Security fix for CVE-2015-1334
  • Fix an ABI regression in LXC 1.1 compared to LXC 1.0. Fixing this unfortunately means that binaries built against LXC 1.1.0, 1.1.1 and 1.1.2 will need rebuilding against LXC 1.1.3. This is however preferable to not having backward compatibility with binaries built for LXC 1.0 and its bugfix releases.

Core:

  • apparmor: Call /lib/apparmor/profile-load directly instead of the wrapper
  • aufs: Support unprivileged containers
  • bash: Use POSIX-compliant function names
  • cgmanager: Respect lxc.cgroup.use
  • cgmanager: Use listcontrollers instead of /proc/self/cgroups
  • cgroup: Apply the memory restrictions in the right order
  • clone: Properly handle filesystem capabilities
  • clone: Properly handle hardlinks
  • core: Container logging is now thread safe
  • destroy: Properly remove btrfs subvolumes
  • lua: Support Lua 5.3
  • lxc-net: Fix several bugs
  • lxc-net: Support IPv6
  • lxc-net: Use iproute instead of ifconfig
  • monitor: Fix race conditions in the monitor container interface
  • network: Properly handle veth setup on reboot
  • overlayfs: Create the workdir if missing
  • seccomp: simplify the setup code and fix rule parsing
  • start: Always close fds 0-2 when daemonized
  • start: Better handle some daemonized startup failures
  • start: Improve error message when lxc-init can't be found
  • start: In userns, ignore umount failures for /proc
  • start: When available, use /dev/loop-control to configure the loop devices
  • systemd: Fix startup race condition between lxc-containers and lxc-net
  • Several fixes for small memory leaks (thanks to Coverity)
  • Various improvements to the checkpoint/restore feature
  • Various documentation improvements
  • Various tests improvements

Commands:

  • lxc-autostart: Fix broken output when stdout isn't a tty
  • lxc-checkconfig: support newer kernels

Templates:

  • alpine: Fix /dev/shm handling
  • alpine: Fix verification of the apk binary
  • centos: Fix support for some version of yum
  • debian: Fix debootrstap when GREP_OPTIONS is set
  • debian: Fix errors when dbus isn't installed
  • debian: Reconfigure locales
  • debian: Skip the security mirror for unstable/sid
  • fedora: Support secondary architectures
  • fedora: Update to the old release repository for Fedora 20
  • gentoo: Fix /dev/mqueue and /dev/shm handling
  • opensuse: Use rpm to determine the build version
  • oracle: Fix /dev/shm handling

Those stable fixes were brought to you by 31 individual contributors.

Downloads

The release tarballs may be found on our download page and we expect most distributions will very soon ship a packaged version of LXC 1.1.3.

Should you be interested in individual changes or just looking at the detailed development history, our stable branch is on GitHub.

LXC 1.1.2 release announcement

10th of April 2015 This is the second bugfix release for LXC 1.1.

Changes

  • core: Fix non-tty stdin during attach
  • core: Improved container logging
  • core: Fix cgroup handling for unprivileged containers
  • core: Properly destroy overlayfs based containers
  • core: Fix some multi-threading issues
  • core: Various fixes to checkpoint/restore with CRIU
  • docs: Various manpage updates
  • tests: Fix hang in apparmor test
  • centos: Properly detect the yum version
  • centos: Don't mistakenly change tty.conf of the host
  • gentoo: Fix /dev/shm handling

Those stable fixes were brought to you by 9 individual contributors.

Downloads

The release tarballs may be found on our download page and we expect most distributions will very soon ship a packaged version of LXC 1.1.2.

Should you be interested in individual changes or just looking at the detailed development history, our stable branch is on GitHub.

LXC 1.1.1 release announcement

16th of March 2015 This is the first bugfix release for LXC 1.1.

Changes

  • config: Allow FUSE access by default (instead of individually in most templates)
  • Make /proc/sys/net writable when using proc:mixed (required for network config)
  • Set the process title of backgrounded LXC to an identifiable name
  • Fix get_config_item with lxc.mount.auto
  • Fix some tty issues with attach
  • Add powerpc support to seccomp
  • oracle: Fix unprivileged lxc-console
  • centos: Fix unprivileged lxc-console
  • plamo: Change way to create objects under /dev in the container
  • lxc-top: Fix long container names rendering
  • LVM: Use rdepends for non-thinpool container clones
  • gentoo: Fix base image download
  • Various manpages update

Those stable fixes were brought to you by 13 individual contributors.

Downloads

The release tarballs may be found on our download page and we expect most distributions will very soon ship a packaged version of LXC 1.1.1.

Should you be interested in individual changes or just looking at the detailed development history, our stable branch is on GitHub.

LXC 1.1.0 release announcement

30th of January 2015 The LXC team is pleased to announce the release of LXC 1.1.

This release will be supported until January 2016 or 2 months after the next release of LXC, whichever comes last.

If you need a long-term supported version of LXC for use in production, we still strongly recommend you stick to LXC 1.0 which is supported with frequent stable releases until April 2019.

While not strictly required, it is recommended that LXC 1.1 be used with cgmanager 0.35 (or higher) and lxcfs 0.5 (or higher).

Highlights

LXC 1.1 introduces checkpoint/restore support for containers through CRIU. This allows to serialize the container running state to disk, for live migration or for later local restoration of the container.

Support for running systemd as the init system inside the container was also greatly improved and should now work by default both for privileged and unprivileged containers when combined with lxcfs and a recent systemd.

Init scripts have now all been updated to provide the same feature set, which means that a lxcbr0 bridge with a DHCP and DNS server (dnsmasq) is now the default for anyone using LXC. We currently provide init scripts for systemd, sysvinit and upstart.

This release was made possible by contributions from 84 developers.

New features

  • lxc-autostart: New -A/--ignore-auto flag (starts all containers)
  • lxc-ls: New "interface" field
  • centos/fedora: Added a root_password_expired environment variable (defaults to yes)
  • oracle: Allow installing from arbitrary yum repositories (including medias)
  • oracle: Add Oracle Linux 7 support
  • lxc-ls: Allow filtering containers by group even without --fancy
  • core: Add support for qcow2 images (through qemu-img)
  • lxc-autostart: Add support for the NULL group (any container with lxc.start.auto set to 1 but without a group)
  • core: Track an unexpanded version of the configuration as well as comments (improves formatting of the save configuration)
  • opensuse: Switch to using common configurations
  • core: Allow lxc.cap.keep be set to none
  • archlinux: Switch to using common configurations
  • ubuntu: use btrfs subvolumes and snapshots when available
  • seccomp: Set a default seccomp profile for all distros (blocks dangerous syscalls)
  • core: Add support for Openvswitch bridges
  • core: Add support for lxc.environment (sets extra environment variables)
  • init: Add identical support of systemd, upstart and sysvinit scripts
  • core: Add support for checkpoint and restore of containers using CRIU
  • core: Add a new aa_allow_incomplete flag to allow container startup with partial apparmor support
  • lxc-top: Now a C binary installed by default (was a lua script)
  • API: Addition of attach_interface and detach_interface
  • lxc-device: Now a C binary installed by default (was a python3 script)
  • lxc-config: Now supports querying lxc.cgroup.(use|pattern)
  • core: Add new lxc.init_cmd config option to override the default init command (/sbin/init/)
  • lxc-start-ephemeral: Add new --cdir option (copy-on-write mounts)
  • opensuse: Support multiple releases
  • core: lxc.include now allows including directories (includes all the files with a .conf suffix)
  • core: A new common.conf.d configuration directory is available for users and packages to drop configuration snippets to be applied to all containers
  • core: The container_ttys environment variable is now set by LXC

Change in behavior

  • lxc-create now requires be passed (-t), use "none" for the old behavior.
  • snapshots are now stored in the container's directory
  • lxc.arch for PER_LINUX32 is now output as i686
  • lxc-execute: lxc-init is now bind-mounted in the container if it can't be found
  • lxc-start: containers now start daemonized by default
  • core: pivot_root is now done without the use of lxc.pivotdir, as a result this option is now considered deprecated and will be removed in upcoming releases.
  • core: with the switch to daemonized containers by default, close-all-fds is also now the default.
  • core: lxc.autodev was reworked, it no longer uses /dev/lxc, instead mounting a tmpfs directly on the container's /dev, it also now works with unprivileged containers
  • core: lxc.autodev is now on by default (can be overriden with lxc.autodev=0)
  • core: lxc.kmsg is now disabled by default (can be overriden with lxc.kmsg=1)
  • core: clear_config_item now exclusively affects lists (lxc_list) entries. set_config_item should be used for anything else.
  • templates: All templates now use lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed (safe default configuration)

Downloads

The release tarballs may be found on our download page and we expect most distributions will very soon ship a packaged version of LXC 1.1.0, unless they decide to stick to the long term 1.0 release.

Should you be interested in individual changes or just looking at the detailed development history, our master branch is on GitHub.

LXC 1.0.7 release announcement

5th of December 2014 This is the seventh bugfix release for the LXC 1.0 series.

Changes

Core:

  • Include network prefix when ipv4/ipv6 keys are queried
  • apparmor: silence 'silent' mount denials
  • add file/func/line to debug info
  • apparmor: restrict signal and ptrace for processes
  • cgmanager: several fixes
  • lxc: don't call pivot_root if / is on a ramfs
  • fix lxc.mount.auto clearing
  • conf.c: Define MS_PRIVATE for Android
  • network: convert param ifname to const.
  • network: check result of if_nametoindex().
  • network: allow lxc_network_move_by_index() rename netdev in moving.
  • network: introduce a interface named lxc_netdev_isup().
  • lxccontainer.c: rename enter_to_ns to enter_net_ns
  • lxc_global_config_value can return the default lxc.cgroup.pattern whether root or non-root
  • do_rootfs_setup: fix return bugs
  • lxc-start: don't re-try to mount rootfs if we already did so
  • attach: don't use confstr(_CS_PATH)
  • lxc_global_config_value: simplify the theme
  • Fixed mismatch on ipvX gateway
  • attach: don't ignore sigint/sigkill if stdin is redirected
  • cgmanager: fix 'attach' with "all" controller support
  • lxc/utils: bugfix freed pointer return value
  • conf.c: change 'instanciate' to 'instantiate'
  • fix wrong nlmsg_len
  • Remounts bind mounts if read-only flag is provided
  • Allow lxc_clear_config_item to clear idmaps.
  • overlay and aufs clone_paths: be more robust
  • overlayfs: overlayfs.v22 or higher needs workdir option
  • Fix clone issues
  • Improve veth error cases logging
  • fixed typo in comment
  • audit: added capacity and reserve() to nlmsg
  • rmdir and lxc_unpriv returns non-negative error codes
  • typofixes - https://github.com/vlajos/misspell_fixer

Bindings:

  • add src/python-lxc/setup.py into .gitignore

Tests:

  • tests: Fix unpriv test
  • lxc-test-unpriv: don't clear out /etc/lxc/lxc-usernet
  • lxc-test-unpriv: test for different cgroups per subsystem
  • tests: try again when waitpid() sets errno as EINTR

Commands:

  • lxc_start: ERROR if container is already running.
  • lxc-start: return 0 rather than error if container is already running
  • Make legacy lxc-ls more robust
  • lxc_info: flush stdout before calling routines which may fork

Templates:

  • Fix typo in lxc-gentoo template
  • busybox template: support for unprivileged containers
  • busybox template: mount fstab when available
  • Fix another gentoo template typo
  • Create the apt proxy in the cache instead of the 1st container
  • lxc-plamo: mount tmpfs on /dev/shm
  • lxc-cirros: support creating+running unprivileged
  • Fix lxc-openmandriva.in typo.
  • Fix lxc-centos.in typo.
  • lxc-opensuse: Disable on 13.2
  • lxc-alpine: make sure /dev/shm is world writeable
  • lxc-alpine: create a default tty for console
  • lxc-debian: added support for package installation
  • lxc-debian: Fix default mirrors
  • lxc-debian: support systemd as PID 1
  • lxc-debian: adjust init system configurations
  • lxc-debian: mask both Wheezy and Jessie udev services
  • lxc-opensuse: Disabling builds on openSUSE Tumbleweed, detection improved.

Documentation:

  • Fix the lxc manpage a bit
  • lxc-create -t option is not optional
  • doc: Update kernel and cgroup info in Japanese lxc(7)
  • tabs/spaces consistency

Those stable fixes were brought to you by 27 individual contributors.

Downloads

The release tarballs may be found on our download page and we expect most distributions will very soon ship a packaged version of LXC 1.0.7.

Should you be interested in individual changes or just looking at the detailed development history, our stable branch is on GitHub.

LXC 1.0.6 release announcement

24th of September 2014 This is the sixth bugfix release for the LXC 1.0 series.

To make supporting both LXC 1.0 and the future LXC 1.1 easier, this version introduces the -F argument to lxc-start. This argument is a no-op as lxc-start is already running in the foreground by default, but as that behavior will change in LXC 1.1, introducing -F in 1.0 too allows for writing script which will work consistently on upgrades.

Changes

Core:

  • rootfs_is_blockdev: don't run if no rootfs is specified
  • confile: sanity-check netdev->type before setting netdev->priv elements
  • Fix typo in previous patch
  • Remove mention of mountcgroups in ubuntu.common config
  • remove mountcgroup hook entirely
  • Add SIGPWR support to lxc_init
  • Sysvinit script fixes
  • unprivileged containers: use next available nic name if unspecified
  • fix typo in btrfs error msg
  • apparmor: Allow slave bind mounts
  • provide an example SELinux policy for older releases
  • print a helpful message if creating unpriv container with no idmap
  • use non-thread-safe getpwuid and getpwgid for android
  • btrfs: support recursive subvolume deletion (v2)
  • fix '--log-priority' --> '--logpriority' in main
  • Fix a file descriptor leak in the daemonization
  • Fix a file descriptor leak in the monitord spawn
  • Ensure /dev/pts directory exists on pts setup
  • Do not allow snapshots of LVM backed containers
  • add lxc.console.logpath
  • coverity: don't use newname after null check
  • coverity: malloc the right size for btrs_node tree
  • introduce --with-distro=raspbian
  • cgmanager get/set: clean up child (v2)
  • Add extra debugging
  • Fix typo in the previous commit...
  • do_mount_entry: add nexec, nosuid, nodev, rdonly flags if needed at remount
  • command socket: use hash if needed
  • monitor: fix sockname calculation for long lxcpaths
  • show additional info if btrfs subvolume deletion fails (issue #315)
  • ignore SIGKILL (CTRL-C) and SIGQUIT (CTRL-) - issue #313
  • chmod container dir to 0770 (v2)
  • build: Fix support for split build and source dirs
  • mount_entry: use statvfs
  • lxc_mount_auto_mounts: honor existing nodev etc at remounts
  • statvfs: do nothing if statvfs does not exist (android/bionic)
  • Prevent compiler warning by initializing ifindex
  • build: don't remove configuration template on clean
  • build: Make setup.py run from srcdir to avoid distutils errors
  • handle hashed command socket names (v2)
  • lxc-cgm: fix issue with nested chowning
  • Report container exit status to monitord
  • support use of 'all' containers when cgmanager supports it
  • log: fix quiet mode
  • Fix build error(ISO C90 specs violation) in lxc.c
  • lxc_map_ids: don't do bogus chekc for newgidmap
  • lxc_map_ids: add a comment
  • clean autodev dir on container exit
  • As discussed on ML, do not clean autodev dir on reboot
  • Fix build failure due to slightly different rmdir
  • Fix presentation of IPv6 addresses and gateway

Commands:

  • lxc-start: Add -F (foreground) option

Templates:

  • all: Discontinue the use of in-line comments (stable)
  • all: Include hostname in DHCP requests
  • all: Switch from arch command to uname -m
  • altlinux: bugfixes
  • archlinux: Properly set default locale in /etc/locale.conf
  • centos template: prevent mingetty from calling vhangup(2)
  • download: Have wget retry 3 times
  • download: Make --keyserver actually work
  • gentoo: keep original uid/gid of files/dirs when installing
  • gentoo: Use portageq to determine portage distdir
  • plamo: keep original uid/gid of files/dirs when installing
  • plamo: bugfix template
  • ssh: send hostname to dhcp server
  • ubuntu: don't check for $rootfs/run/shm
  • ubuntu: add help string

Tests:

  • lxc-test-{unpriv,usernic.in}: make sure to chgrp as well
  • lxc-test-unpriv: test lxc-clone -s
  • tests: Call sync before testing a shutdown
  • tests: Copy the download cache when available [v2]
  • Fix the unprivileged tests cgroup management

Documentaiton:

  • doc: Mention that veth.pair is ignored for unpriv
  • doc: Add mention that veth.pair is ignored for unpriv in Japanese man
  • doc: Add -F option to Japanese lxc-start(1)
  • doc: Update the description of SELinux in Japanese lxc.container.conf(5)
  • doc: Add 'zfs' to the parameter of -B option in lxc-create(1)
  • doc: add lxc.console.logpath to Japanese lxc.container.conf(5)
  • doc: language correction
  • doc: Fix Japanese translation of lxc.container.conf(5)
  • doc: Add destroy option to lxc-snapshot(1)
  • doc: Add description about ignoring lxc.cgroup.use when using cgmanager

Those stable fixes were brought to you by 24 individual contributors.

Downloads

The release tarballs may be found on our download page and we expect most distributions will very soon ship a packaged version of LXC 1.0.6.

Should you be interested in individual changes or just looking at the detailed development history, our stable branch is on GitHub.

LXC 1.0.5 release announcement

14th of July 2014 This is the fifth bugfix release for the LXC 1.0 series.

seccomp profile

Outside of the usual bugfixes, this release also introduces one important change. For systems where LXC is built with seccomp support, containers will now have a seccomp profile enabled which will prevent calls to the following syscalls:

  • kexec_load
  • open_by_handle_at
  • init_module
  • finit_module,
  • delete_module.

This will amongst other things prevent exploits like the recently release "shocker" exploit.

This profile will be applied to any new or existing container that uses the new-style LXC configurations (using lxc.include of common configs), so currently the following distributions: centos, debian, fedora, gentoo, oracle, plamo and ubuntu.

You can turn this off by adding "lxc.seccomp =" in your container's configuration.

If you want to manually turn this on for a container which doesn't use the common config mechanism, you can add something like "lxc.seccomp = /usr/share/lxc/config/common.seccomp" to the container configuration.

Changes

Core:

  • core: Fix unprivileged containers to work with recent kernels.
  • core: Fix building with -Werror=maybe-uninitialized.
  • core: seccomp: Don't fail on unresolvable syscalls.
  • core: lxc-init: Don't force dropping capabilities.
  • core: configure: Split -lcap and -lselinux out of LIBS.
  • core: configure: Fix expansion of libexecdir.
  • core: seccomp: Support 'all' arch sections.
  • core: seccomp: Fix 32-bit rules.
  • core: seccomp: Enable a default filter for all templates.
  • core: Fix corruption in write_config.
  • core: attach: Fix querying for the current personality.
  • core: cgmanager: Have cgm_set and cgm_get use absolute paths when possible.
  • core: cgmanager: Make sure @value is null-terminated in cgm_get.
  • core: optimization of signal filtering/parsing code.
  • core: apparmor: Allow hugetlbfs by default (similar to tmpfs and restricted by the hugetlb cgroup controller).
  • core: Fix find_fstype_cb to ignore blank lines and comments.

Commands:

  • lxc-autostart: Actually respect -P when passed.
  • lxc-attach: Fix typo in usage.
  • lxc-start: propagate the container exit code.
  • lxc-stop: Fix incorrect timeout handling.
  • lxc-device: Support --version.
  • lxc-ls: Support --version.
  • lxc-start-ephemeral: Support --version.

Tests:

  • tests: Avoid the download template when possible.
  • tests: Don't fail when HOME isn't defined.
  • tests: apparmor: Always end messages with a newline.
  • tests: Clarify error message and fix return codes.
  • tests: lxc-test-ubuntu doesn't actually need bind9-host.

Templates:

  • lxc-debian: standardize formatting.
  • lxc-debian: fix formatting.

Bindings:

  • python3: Fix attach_wait and threads.

Those stable fixes were brought to you by 11 individual contributors.

Downloads

The release tarballs may be found on our download page and we expect most distributions will very soon ship a packaged version of LXC 1.0.5.

Should you be interested in individual changes or just looking at the detailed development history, our stable branch is on GitHub.

LXC 1.0.4 release announcement

13th of June 2014 This is the fourth bugfix release for the LXC 1.0 series.

Changes

Core:

  • core: Don't call nih_dbus_setup for cgmanager as it's only relevant when using a nih main loop, which we're not.
  • core: Fix uncheck realloc in lxc_info. (found by cppcheck)
  • core: At startup, manually mark every shared mount entry as slave.
  • core: Check for pre-existing /dev symlinks before attempting to create them.
  • core: Fix fd leak. (found by coverity).
  • core: Allow all iX86 strings for lxc.arch.
  • core: Fix building using clang 3.4.
  • core: Fix minor typo in .gitignore.
  • core: Add missing MAX_STACK_DEPTH define on MUTEX_DEBUGGING builds.
  • core: Don't mount /sys/fs/cgroup readonly as this breaks at least mountall.
  • core: Factor out capability parsing logic.
  • core: Tweak the default values of lxc.mount.auto for the cgroup and cgroup-full keys to adapt themselves depending on whether CAP_SYS_ADMIN has been dropped or not.
  • core: Support unprivileged create, clone and destroy with btrfs.
  • core: Support named subsystems with cgmanager.
  • core: Use absolute cgroup paths to switch cgroups at attach with cgmanager. This allows for unprivileged lxc-attach across user sessions of the same user.
  • core: Detect whether cgmanager supports name= subsystems.
  • core: Use the same ifndef/define format for all headers.
  • core: Fix bashism in lxc-devsetup.
  • core: Fix a null check after dereference (identified by coverity).
  • core: Export bdev_specs so that API users can actually use the functions taking it as an argument.
  • core: Don't destroy the container until we've made sure the requested snapshot actually exists.
  • core: Retrieve the container personality over the command interface rather than through /proc. This is required for unprivileged containers attach on the 3.15 kernel and higher as access to /proc/$$/personality is now restricted to root.
  • core: Fix invalid signal number comparison.
  • core: Don't let -lcgmanager end up in LIBS.
  • core: Correct invalid log message when keeping capabilities.
  • core: Fix a crash when attempting to snapshot an invalid container.
  • core: Make it possible for unprivileged containers started by root to mount block devices.
  • core: Improve startup failure mode to hide irrelevant error messages and suggest how to debug the failure.
  • core: Validate start hooks path before startup.
  • core: Log the whole cgroup path on failure.
  • apparmor: Allow writes to sem* and msg*. sysctls

Documentation:

  • doc: Fix typo in lxc-clone man page.
  • doc: Fix puncation marks in Japanese man pages.
  • doc: Fix typo in lxc-ls manpage.
  • doc: Correct license on some files and fix FSF address.
  • doc: Document lxc.mount.entry relative target.
  • doc: Remove TODO file with old items.
  • doc: Fix reference to renamed manpage.
  • doc: Update japanese documentation to be in sync with the english one.

Commands:

  • lxc-create: Make "none" bdev type work as documented.
  • lxc-execute: Fix a memory leak on the exit path.
  • lxc-ls: Fix running against nested containers without python support.
  • lxc-user-nic: Don't crash on missing bridge.
  • lxc-autostart: Backport the autoboot/autostart change.
    This is required to resolve problems with autostart on
    systemd systems at least.
    
    This change adds support for the NULL group in the -g
    option (identified as a comma without any group name).
    Add a new special "onboot" group and set the init
    scripts (sysvinit, systemd and upstart) to all start
    both the NULL and onboot group.
    
    This won't cause any visible change to existing users
    unless they were already using an "onboot" group that wasn't
    auto-started at boot time.
    

Templates:

  • alpine template: Set correct lxc_arch for x86.
  • archlinux template: Add sigpwr handler.
  • archlinux template: Fix lxc.root for btrfs backend.
  • download template: Retry the GPG setup step 3 times.
  • fedora template: Correct some systemd target setups.
  • oracle template: Use db_load from inside the container.
  • oracle template: Fix warnings/errors from some rpm scriptlets.
  • oracle template: Fix lxc-patch.py to be 644 (fixes rpmlint warning).
  • oracle template: Add pts/[1-4] to securetty for libvirt-lxc.
  • oracle template: Set the hostname on systemd systems.
  • oracle template: Fix ssh login under libvirt-lxc.
  • plamo template: Don't attempt to configure wireless interfaces.
  • sshd template: Use correct lxc-init path.

Bindings:

  • python3: Slight tweaks to the .py files to work with the unofficial python2.7 binding.
  • python3: Don't fail network test if hwaddr isn't set by the template.
  • python3: Don't require a template name be passed to create().
  • python3: Don't crash on invalid global config keys.
  • python3: Fix crash in snapshot().

Tests:

  • tests: Make sure we join all the right cgroups.
  • tests: Workaround race condition in lxc-test-autostart.

Those stable fixes were brought to you by 14 individual contributors.

Downloads

The release tarballs may be found on our download page and we expect most distributions will very soon ship a packaged version of LXC 1.0.4.

Should you be interested in individual changes or just looking at the detailed development history, our stable branch is on GitHub.

LXC 1.0.3 release announcement

8th of April 2014 This is the third bugfix release for the LXC 1.0 series.

Changes

Core:

  • core: Always initialize netpipe in lxc_spawn.
  • core: Move lxc-monitord.log to LOGPATH instead of LXCPATH.
  • core: Make monitord more resilient to unexpected termination.
  • core: Move lxc-init to /sbin/init.lxc instead of the architecture/distro specific multiarch path. Use path lookup to find it in the container rather than using an hardcoded path.
  • core: Set macvlan default mode to private.
  • core: Check whether rootfs is shared before running the pre-mount hooks.
  • apparmor: Update the profiles for current upstream apparmor. This includes tweak to the pivot_root targets and the addition of the ptrace and signal stanzas. Users of older apparmor versions may want to comment the dbus, ptrace and signal stanzas if the parser fails to parse the profile.
  • apparmor: Use an intermediary profile which allows for easier generation of complex rules. This discovered a few problems with the existing profile which has now been fixed. Most of /proc/sys is now properly blocked with exceptions for kernel/shm/, net/, kernel/domainname and kernel/hostname.
  • apparmor: block cgroupfs by default in the with-nesting profile, users should now be using cgmanager which doesn't required this.
  • cgmanager: Fix a small cgm_get bug when len == 0.
  • lxc-info: Don't print duplicate lines.
  • sysvinit script: Fix wait_for_bridge to better parse default.conf
  • tools: Don't exit -1, instead use more conventional and consistent exit codes 0 on success, 1 on failure with some (now documented) exceptions for lxc-start.

Templates:

  • archlinux template: Add debugging info for missing network link.
  • archlinux template: Various fixes and cleanups.
  • centos template: Properly set lxc.arch.
  • download template: Make it a bit more resilient to download failures.
  • fedora template: Properly set lxc.arch.
  • gentoo template: Make sure sshd is started.
  • gentoo template: Fix lack of generated locales.
  • gentoo template: Fix lxc-console by setting up a tty.
  • oracle template: Fix upgrade problems by introducing a patch script that's run on upgrade.

Tests:

  • tests: Add a test for the apparmor profiles.
  • tests: Bump timeouts to fix occasional failures on slow ARM builders.
  • tests: Always propagate http_proxy and https_proxy.

Downloads

The release tarballs may be found on our download page and we expect most distributions will very soon ship a packaged version of LXC 1.0.3.

Should you be interested in individual changes or just looking at the detailed development history, our stable branch is on GitHub.

LXC 1.0.2 release announcement

27th of March 2014 This is the second bugfix release for the LXC 1.0 series.

Changes

Core:

  • core: Fix parsing lxc.netwotk.type = none
  • core: Fix race on shutdown causing SIGPIPE being sent to the caller
  • core: Attempt to move back all "phys" NICs on shutdown
  • core: fix stdin,stdout,stderr fds to use the container's own
  • core: Fix typo in newgidmap check
  • core: Fix {get|clear}_config_item with lxc.mount.auto
  • core: Fix a leak of netnsfd
  • core: Don't trigger SYSERROR for optional mounts
  • cgmanager: Mutex cgmanager access to avoid races, corruptions and crashes when using threads.
  • cgmanager: Make failure to connect to the daemon a DEBUG instead of ERROR (as we fallback to cgfs in that case)
  • cgmanager: Avoid stray dbus connection
  • cgmanager: Don't attempt to delete invalid cgroups

Commands:

  • lxc-ls: Performance optimization for nesting
  • lxc-ls: Fix memory reporting when swap is enabled
  • lxc-ls: Update help to contain all supports columns

Documentation:

  • man: Update lxc-create manpage to cover the "best" backing store
  • man: Update lxc-autostart to document -a and -g

Tests:

  • tests: Don't hardcode the cgroup list
  • tests: Daemonize in startone (silences the test)
  • tests: Support running solely with cgmanager
  • tests: Use busybox when possible (speeds up tests)
  • tests: Fix fd leak in test-concurent

Templates:

  • templates: Update to consistent userns device list
  • busybox template: Don't fail when busybox is a symlink
  • centos template: Shutdown on SIGPWR
  • centos template: Use a sane default for localtime
  • debian template: Symlink /etc/mtab to /proc/mounts
  • debian template: Don't eat the argument after -c
  • fedora template: Shutdown on SIGPWR
  • fedora template: Use a sane default for localtime
  • fedora template: Fix building i686 containers on x86_64
  • opensuse template: Fix syntax error

Downloads

The release tarballs may be found on our download page and we expect most distributions will very soon ship a packaged version of LXC 1.0.2.

Should you be interested in individual changes or just looking at the detailed development history, our stable branch is on GitHub.

LXC 1.0.1 release announcement

6th of March 2014 This is the first bugfix release for the LXC 1.0 series.

Changes

Core:

  • core: Detect the use of rshared / and properly work around it. This fixes LXC on systemd systems where the mount table would be duplicated in the container and lxc-attach wouldn't attach to the container's rootfs.
  • core: Don't crash on invalid lxc.id_map
  • core: Fix attaching when extra cgroups were setup after the container started
  • core: Fix crash when rebooting container with phys interfaces
  • core: Better detect and report permission problems
  • core: Use common code for any unprivileged action, using newuidmap/newgidmap if available and only falling back to straight writes to uid_map/gid_map if they're not and the user is root.
  • core: Fix btrfs snapshot restore
  • core: Fix race in the cloning code potentially leading to data loss
  • core: Don't double-map the root uid/gid
  • core: Fix snapshot restore for overlayfs
  • core: Put logging variables in TLS

Other:

  • apparmor: Stop using on-exec for profile changes as it's been proven unreliable on overlayfs at least
  • bash completion: Remove wrong shebang
  • cgmanager: Don't keep an active connection after container start
  • cgmanager: Fix to work with threads
  • doc: Update README
  • lua: Respect --prefix
  • lxc-create: Fix the dir backend to actually respect --dir
  • lxc-device: Properly support wlan devices
  • lxc-ls: Fix --nesting function to work with unprivileged containers
  • lxc-start-ephemeral: Set the tmpfs as 0755 instead of 0777
  • python3: Export missing get_global_config_item function
  • seccomp: Catch violations by init
  • systemd: Fix unit file location
  • templates: Detect system containers inside unprivileged containers (lxc-download)
  • tests: Fix potential hang in lxc-test-concurent
  • upstart: Don't forward requests for LXC_DOMAIN (dnsmasq)

Downloads

The release tarballs may be found on our download page and we expect most distributions will very soon ship a packaged version of LXC 1.0.1.

Should you be interested in individual changes or just looking at the detailed development history, our stable branch is on GitHub.

LXC 1.0.0 release announcement

20th of February 2014

Introduction

It's with great pleasure that the LXC team is announcing the release of LXC 1.0!

This release is a significant milestone for us as it marks the first release we consider to be production ready. It features a wide variety of improvements to container security, a consistent set of tools, updated documentation and an API with multiple bindings.

Over 60 people contributed their time to this release, making it the best LXC release yet! The result of all that work can be seen used in areas as diverse as individual laptops, cellphones and cloud instances. And we are confident that with LXC 1.0, we will see LXC's usage expand even more and be used for a lot of new and exciting projects.

Downloads

The release tarballs may be found on our download page and we expect most distributions will very soon ship a packaged version of LXC 1.0.

Should you be interested in individual changes or just looking at the detailed development history, our main repository is on GitHub.

New features

LXC 1.0 is the result of 10 months of development and over a thousand commits, including a major rework of the way LXC is structured. It's therefore near impossible to come up with a comprehensive list of changes in this release, however here are some highlights:

  • Support for fully unprivileged containers
  • Public stable API (liblxc1)
  • Official API bindings for lua and python3 (in tree)
  • Official API bindings for Go and Ruby (out of tree)
  • Flexible backingstore system with support for:
    • standard directories (default)
    • btrfs
    • zfs
    • lvm
    • loop devices
    • aufs
    • overlayfs
  • Support for cloning and snapshotting containers
  • A reduced but more complete set of command line tools
  • Updated, more complete documentation
  • A new way of creating containers based on centrally generated images
  • Templates letting you create containers running most popular distributions

A series of blog posts introducing you to LXC and highlighting some of LXC 1.0's new features may be found here.

LXC 1.0 moving forward

LXC 1.0 is the first production ready release of LXC and it comes with a commitment from upstream to maintain it until at least Ubuntu 14.04 LTS reaches end of life in April 2019. That's slightly over 5 years of support!

We will be maintaining a separate stable branch and will cherry-pick and backport fixes as appropriate. It's expected that we will have frequent bugfix releases of 1.0 so distributions can simply use those and save themselves the trouble of having to manually follow our stable branch.

Bug reports and contact information

Bug reports should be filed on GitHub or if you do not wish to create an account, by e-mail to the appropriate mailing-list. The same goes for your patches. We tend to prefer patches sent to lxc-devel but we also accept pull request directly on GitHub.

LXC 1.0 is also the first release after the change of project maintainers which occurred in September 2013. We'd like to thank Daniel Lezcano for all the great work and efforts he's put in LXC over the years and wish him the best of luck in his new projects!

The current projects maintainers are Serge Hallyn, Stéphane Graber and Christian Brauner