Go to Table of Contents

Back to the news overview

LXC 1.0.9 release announcement

23rd of November 2016
This is the ninth bugfix release for LXC 1.0.

Important:

  • Security fix for CVE-2016-8649

Bugfixes:

  • doc: change "-t" option of lxc-create(1) to being required
  • ubuntu-cloud: Various fixes
  • coverity: avoid null pointer dereference in cgmanager
  • Use /usr/bin/env python3 instead of /usr/bin/python3 project-wide
  • Fetch Debian archive GPG keyrings when they're not available
  • seccomp: handle inverted arch
  • Better handle preserve_ns behavior
  • Revert "seccomp: handle inverted arch"
  • lxc_container struct: add comment about moving member fns
  • debian: Fix container creation on missing cache
  • lxc: let lxc-start support wlan phys
  • apparmor: support lxc.aa_profile = unchanged
  • seccomp: support 32-bit arm on arm64, and 32-bit ppc on ppc64
  • Conditional compilation for ARM and PPC
  • prune_init_cgroup: don't dereference NULL
  • fix 'lxc.mount.entry' key when clearing unexpanded config
  • Update get_item test after the lxc.mount.entry fix
  • Fix seccomp profile on attach of undefined container
  • Return immediately in save_phys_nics if not run as root Physical nic is not instantiated in lxc_create_network
  • lxc-checkconfig: remove zgrep dependency
  • Refactoring conditional directives.
  • Fix swap calculation
  • python-lxc: Call PyOS_AfterFork after attaching to a container
  • fix buffer overflow in ifaddrs.c
  • Documenting valueless lxc.cap.drop behaviour
  • NULL pointer deference if nlmsg_reserve() returns NULL for ifi
  • Don't try to change aa label if we are already apparmor-confined
  • coverity: preserve_ns returns bool, not int
  • apparmor: recognize 'unconfined' as unconfined.
  • bash completion: the 'have' command was deprecated in favor of '_have'
  • Set the right variable to NULL when unsetting ipv6_gateway
  • preserve inherited fds for stop hook
  • avoid printing null string in error message
  • Fix Comment inside Fedora Template
  • doc: Add valueless lxc.cap.drop behaviour to Japanese man page
  • Document clear behaviour of list options
  • fix lockpath removal in Python lxc-ls
  • Document network clear option
  • open_without_symlink: Account when prefix is empty string
  • lxc_setup_fs: Create /dev/shm folder if it doesn't exist
  • cgmanager: don't make tasks + cgroup.procs +x
  • cleanup: lxc_container::want_* comment descriptions
  • Fix echo statement inside fedora template
  • Use ${utsname} instead of ${UTSNAME} because latter variable is not defined.
  • Ignore any container with a name starting by '.'
  • increase /dev size to 500k ( issue #781)
  • cgfs: prune the init scope from paths
  • doc: add clear behaviour of list options to Japanese lxc.container.conf(5)
  • doc: Add network clear option to Japanese lxc.container.conf(5)
  • apparmor: allow binding /run/{,lock/} -> /var/run/{,lock/}
  • log.c:__lxc_log_set_file: fname cannot be null
  • log.c:__lxc_log_set_file: completely close log file when overriding
  • Allow sysfs remount by mountall
  • cgroups: do not fail if setting devices cgroup fails due to EPERM
  • cgfs: also check for EACCES when writing devices
  • lxc: cgfs: handle lxcfs
  • Fix typo in lxc manpage
  • cgfs: make sure we use valid cgroup mountpoints
  • cgfs: be less verbose
  • doc: improve Japanese lxc-attach(1)
  • doc: improve lxc-unshare(1)
  • open_without_symlink: Don't SYSERROR on something else than ELOOP
  • lxc-busybox: Touch /etc/fstab in the container rootfs
  • sync: add LXC_SYNC_ERROR to report errors from another process.
  • start: use LXC_SYNC_ERROR to report errors.
  • lxc-busybox: Remove warning for dynamically linked Busybox
  • Fix installation of out-of-tree (VPATH) builds
  • use httpredir.debian.org as the default Debian mirror
  • always provide a default mirror for debootstraping Ubuntu
  • lxc-ubuntu: Fix building on secondary architectures
  • update Debian release names
  • fix btrfs_recursive_destroy
  • store errno immediately after ioctl
  • fix spelling mistakes spotted by Debian's lintian
  • netlink_open: close socket on error
  • lxc_mount_auto_mounts(): free memory on failure
  • Ignore temporary files generated by doxygen
  • nicer date format and support for SOURCE_DATE_EPOCH in LXC_GENERATE_DATE
  • drop obsolete syslog.target from lxc.service.in
  • Update maintainers
  • Check if stdout is a terminal in lxc-checkconfig
  • Fixed - set PyErr when Container.__init__ fails
  • Added type to keys in lxc_list_nicconfigs
  • Force DHCP client to send hostname
  • sync: fail on unexpected message sizes
  • sync.c: use correct types
  • Added OR statement for cases of ID = rhel in RHEL 7+
  • Unshare netns after setting the userns mappings
  • Allow configuration file values to be quoted
  • Also allow fstype=fuse for fuse filesystems
  • Fix hostname in interface config for apline template
  • Fix redefinition of struct in6_addr
  • lxc-debian: make sure init is installed
  • plamo: Improve Plamo template
  • AppArmor: add make-rslave to usr.bin.lxc-start
  • Include all lxcmntent.h function declarations on Bionic
  • lxc-debian: fix regression when creating wheezy containers
  • Set up MTU for vlan-type interfaces.
  • templates: avoid noisy perl warnings caused by missing locales
  • Add a prefix to the lxc.pc
  • conf: set pty_info to NULL after free
  • apparmor: Refresh generated file
  • tools: add missing newline in lxc-create output
  • Use full GPG fingerprint instead of long IDs.
  • utils: Add mips signalfd syscall numbers
  • seccomp: Implement MIPS seccomp handling
  • seccomp: Add mips and mips64 entries to lxc_config_parse_arch
  • seccomp: fix strerror()
  • confile: add more archs to lxc_config_parse_arch()
  • seccomp: add support for s390x
  • seccomp: remove double include and order includes
  • seccomp: non functional changes
  • templates: fedora requires openssl binary
  • set FULL_PATH_NAMES=NO in doc/api/Doxyfile
  • console: use correct log name
  • lxczfs: small fixes
  • make rsync deal with sparse files efficiently
  • lxc-create -t debian fails on ppc64el arch
  • utils: fix lxc_string_split()
  • Fix spelling of CentOS in the templates
  • mark the python examples as having utf-8 encoding
  • log: sanity check the returned value from snprintf()
  • archlinux: Do DHCP on eth0
  • archlinux: Fix resolving
  • Drop leftover references to lxc_strerror().
  • s390x: Fix seccomp handling of personalities
  • ubuntu: Fix package upgrades requiring proc
  • use python3_sitearch for including the python code
  • cgfs: fix invalid free()
  • cgfs: add print_cgfs_init_debuginfo()
  • cgfs: skip empty entries under /proc/self/cgroup
  • tools: use correct exit code for lxc-stop
  • conf: merge network namespace move & rename on shutdown
  • create symlink for /var/run
  • cgfs: explicitly check for NULL
  • templates: add squashfs support to lxc-ubuntu-cloud.in
  • install bash completion where pkg-config tells us to
  • conf: do not use %m format specifier
  • debian: Don't depend on libui-dialog-perl
  • Replace 'index' by 'strchr' for Android build
  • tree-wide: replace readdir_r() with readdir()
  • attach: do not send procfd to attached process

Downloads

The release tarballs may be found on our download page and we expect most distributions
will very soon ship a packaged version of LXC 1.0.9.

Please note that LXC upstream strongly recommends 1.0 users to upgrade to the 2.0 LTS release.
The 1.0 branch will keep being supported until June 2019, but at this point,
only critical bugfixes and security updates will be backported.

Should you be interested in individual changes or just looking at the detailed development history,
our stable branch is on GitHub.

Contents