SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for lxc-2.0.9-1.105.x86_64.rpm :

* Tue Oct 31 2017 opensuse_buildserviceAATTojkastl.de- update to version 2.0.9 Bugfixes:
* apparmor: Allow containers to start in AppArmor namespaces
* apparmor: Drop useless apparmor denies
* caps: Move ifndef/define to the top
* cgfsng: Fail when limits fail to apply
* cgfsng: Log when we defer to cgfsng
* cgfsng: Only output debug info when we set cgroup data
* cgroups: Handle hybrid cgroup layouts
* cgroups: Use tight scoping
* cgroups: Workaround gcc-7 bug
* commands: Abstract cmd socket handling + logging
* commands: Add missing translation
* commands: Delete meaningless comments
* commands: Handle EINTR
* commands: Make state server interface flexible
* commands: Move lxc_make_abstract_socket_name()
* commands: Rename to lxc_cmd_add_state_client()
* commonds: Fix typo
* conf: Adapt to lxc-user-nic usage
* conf: Add lxc_get_idmaps()
* conf: Add userns_exec_full()
* conf: Allow to clear all config items
* conf: Allow to get lxc.autodev
* conf: Allow to get lxc.haltsignal
* conf: Allow to get lxc.kmsg
* conf: Allow to get lxc.rebootsignal
* conf: Allow to get lxc.stopsignal
* conf: Allow writing uid mappings with euid != 0
* conf: Avoid double-frees in userns_exec_1()
* conf: Clear lxc.include
* conf: Do not check for empty value twice
* conf: Do not check union on wrong net type
* conf: Do not deref null pointer
* conf: Do not free static memory
* conf: Do not log uninitialized memory
* conf: Do not write out trailing spaces
* conf: Don\'t send ttys when none are configured
* conf: Dump lxc_get_config_item()
* conf: Error out on too many mappings
* conf: Fix bionic builds
* conf: Fix build without libcap
* conf: Fix tty creation
* conf: Fix userns_exec_1()
* conf: Free netdev->downscript
* conf: Implement config item clear callback
* conf: Improve lxc_map_ids()
* conf: Improve tty shifting function
* conf: Improve write_id_mapping()
* conf: Increase lxc-user-nic buffer
* conf: Log lxc-user-nic output
* conf: lxc_listconfigs -> lxc_list_config_items
* conf: Move clearing config items into one place
* conf: Non-functional changes
* conf: NOTICE() on mounts on container\'s /dev
* conf: Performance tweaks
* conf: Preserve newlines
* conf: Properly parse lxc.idmap entries
* conf: Record idmap that gets written
* conf: Refactoring of most config parsing code
* conf: Refactor network deletion
* conf: Remove dead assignments in parse_idmaps()
* conf: Remove dead mount code
* conf: Rework lxc_map_ids()
* conf: Rework userns_exec_1()
* conf: Send ttys in batches of 2
* conf: Switch API to new callback system
* conf: Use a minimal {g,u}id map
* conf: Use correct check on char array
* conf: Use run_command for lxc-usernsexec
* console: Clean tty state + return 0 on peer exit
* console: DO NOT add the handles of adjust winsize when the \'stdin\' is not a tty
* console: Fix memory leak of \'lxc_tty_state\'
* console: Remove dead assignments
* core: Do remount with the MS_REMOUNT flag when mounts with MS_RDONLY
* core: Fix a format string build failure on x32
* core: Fix includes for Android
* core: Fix memory and resource leak
* core: Fix some cppcheck warnings
* core: Fix the bug of \'ts->stdoutfd\' did not fill with parameters \'stdoutfd\'
* core: Include custom mntent for Android
* core: Log function called in userns_exec_1()
* core: Remove the __func__ macro
* core: Remove the unused macro
* core: Replace \"priority\" with \"level\"
* core: Revert \"Add a prefix to the lxc.pc\"
* core: root -> am_root
* core: struct bdev -> struct lxc_storage
* core: Update .gitignore
* core: Use strerror(errno) instead of %m
* criu: Add cmp_version()
* criu: Use correct check initialization check
* doc: Add CII Best Practices badge to README
* doc: Add console behavior to Japanese lxc.container.conf(5)
* doc: Document missing env variables
* doc: Fix regex-typo in Japanese and Korean lxc-monitor(1)
* doc: Fix regex-typo in lxc-monitor.sgml.in
* doc: Reword id mapping restrictions when unpriv
* doc: Rework README
* doc: Tweak Japanese lxc.container.conf(5)
* doc: Tweak lxc.container.conf a little
* doc: Untabify Japanese lxc.container.conf(5)
* doc: Update API documentation for get_config_item
* execute: Enable console & standard /dev symlinks
* init: Add comment for exclude 32 and 33 signals
* init: Adjust include statements
* init: Become session leader
* init: Move initialization of act to outside of the loop
* init: Report exec
*() failure
* init: Use lxc-stop to stop systemd service
* liblxc: Make sure memory is free()ed
* liblxc: Only spawn monitord on demand
* liblxc: Remove 5s timeout on error
* liblxc: Use snprintf()
* liblxc: Use userns_exec_full()
* lock: Non-functional changes
* lock: Return the right error when open lock file failed
* log: Prevent stack smashing
* log: Switch to a new lxc_log_init function
* monitor: Abstract lxc_abstract_unix_{send,recv}_fd for af_unix
* monitor: Add lxc_cmd_state_server()
* monitor: Add TRACE()ers
* monitor: Delete unneccessory include file
* monitor: Remove dead assignments
* monitor: Remove the workaround-code for lxc_abstract_unix_connect
* monitor: Remove unlink operation for af_unix
* network: Add arg to config clear method
* network: Add data arg to set callback
* network: Add ifindex field for host veth device
* network: Add lxc_log_configured_netdevs()
* network: Add missing checks for empty links
* network: Add network counter
* network: Add warning when ignoring MTU
* network: Clear ifindeces
* network: Delete ovs for unprivileged networks
* network: Document all fields in struct lxc_netdev
* network: Don\'t delete net devs we didn\'t create
* network: Fix grammar
* network: Implement lxc_get_netdev_by_idx()
* network: Log cleanup thread pid for openswitch
* network: Log ifindex
* network: Log ifindex for host side veth device
* network: Log veth_attr.pair and veth_attr.veth1
* network: Move config_value_empty() to confile_utils
* network: Perform network validation at creation time
* network: Remove allocation from lxc_mkifname()
* network: Remove dead assignments
* network: Remove netpipe
* network: Retrieve correct names and ifindices
* network: Retrieve the host\'s veth device ifindex
* network: Rework network creation
* network: Send ifindex for unpriv networks
* network: Stop recording saved physical net devices
* network: Use correct network device name
* network: Use send()/recv()
* network: Use single helper to delete networks
* network: Use static memory for net device names
* openvswitch: Delete ports intelligently
* seccomp: Export the seccomp filter after load it into kernel successful
* seccomp: Print action name in log
* seccomp: s/n-new-privs/no-new-privs/g
* seccomp: Update comment for function parse_config
* start: Add lxc_free_handler()
* start: Add lxc_init_handler()
* start: Document all handler fields
* start: Don\'t call lxc_map_ids() without id map
* start: Don\'t close inherited namespace fds
* start: Don\'t let data_sock users close the fd
* start: Dup std{in,out,err} to pty slave
* start: Ensure cgroups are cleaned up
* start: Generalize lxc_check_inherited()
* start: Log sending and receiving of tty fds
* start: lxc_setup() after unshare(CLONE_NEWCGROUP)
* start: Move env setup before container setup
* start: Pass LXC_LOG_LEVEL to hooks
* start: Pin rootfs when privileged
* start: Remove dead variable
* start: Send state to legacy lxc-monitord state server even if no state clients registered
* start: Set environment variables correctly
* start: Switch from SOCK_DGRAM to SOCK_STREAM
* start: Switch ids at last possible instance
* start: Use separate socket on daemonized start
* start: Use userns_exec_full()
* state: Remove lxc_rmstate declaration
* storage: Add storage_utils.{c.h}
* storage: Avoid segfault
* storage: Default to orig type on identical paths
* storage: Record output from mkfs.
*
* storage: Rename files \"bdev\" -> \"storage\"
* storage: Use userns_exec_full()
* storage/dir: Using \'add-required_remount_flags\' function to add required flags
* storage/loop: Detect loop file
* storage/overlayfs: Fix wrong path
* storage/overlay: Handle overlay for stable 2.0
* template: Remove obsolete bind-mounts from userns.conf
* template: Use \"rsync -SHaAX\" to copy the cached rootfs into place
* template/alpine: Add support for ppc64le
* template/alpine: Change file check to also check file size (-f => -s)
* template/archlinux: Change locale \"en-US.UTF-8\" to \"en_US.UTF-8\"
* template/centos: Add cronie to the pkg list
* template/centos: Use altarch mirror for CentOS on arches other than i386 and x86_64
* template/debian: Add aarch64 -> arm64 mapping
* template/debian: Add buster as a valid release
* template/debian: Don\'t force gettyAATT configuration
* template/debian: Use deb.debian.org as the default Debian mirror
* template/download: Fix syntax error
* template/download: Sanitize script with shellcheck
* template/opensuse: Add Tumbleweed as supported release
* template/opensuse: Fix tumbleweed software selection
* template/opensuse: getty.target.wants does not always exists
* template/opensuse: Support leap 42.3
* template/opensuse: Tumbleweed has no update repo
* template/plamo: Delete unnecessary process during container shutdown
* template/ubuntu: Check that there is netplan binary, rather than just just a config directory
* template/ubuntu: Conditionally move upstart ssh job, as it is now optional
* template/ubuntu: Support netplan in newer releases by default
* tests: Adapt lxc-user-nic tests to new syntax
* tests: Add corner-case tests for lxc_safe_{u}int()
* tests: Add item clear and config file tests
* tests: Add test script to test the ro option of lxc.rootfs.options
* tests: Add unit tests for idmap parser
* tests: Avoid NULL pointer dereference
* tests: Compare return value to expected value whenever we can
* tests: Define a network before checks
* tests: Don\'t fail when no processes for the user exist
* tests: Enforce all methods for config items
* tests: Remove dead assignments
* tests: Remove the temp container directory
* tests: Shortlived daemonized containers
* tests: Support systemd hybrid cgroups
* tools: Add additional cgroup checks
* tools: Print \"-devel\" when LXC_DEVEL is true
* tools: Use \"which\"
* tools/lxc-attach: Allow for situations without /dev/tty
* tools/lxc-checkconfig: Add CONFIG_NETFILTER_XT_MATCH_COMMENT
* tools/lxc-checkconfig: Add probe status checking
* tools/lxc-execute: Print error message when failed
* tools/lxc-ls: Return all containers by default
* tools/lxc-monitord: Exit when receiving a quit command
* tools/lxc-unshare: Do not pass NULL pointer
* tools/lxc-user-nic: Add new {create,delete} subcommands
* tools/lxc-user-nic: Check db before trying to delete
* tools/lxc-user-nic: Fix adding database entries
* tools/lxc-user-nic: Fix memleak
* tools/lxc-user-nic: Free memory and check for error
* tools/lxc-user-nic: Initialize vars to silence gcc-7
* tools/lxc-user-nic: Keep lines from other {users,links}
* tools/lxc-user-nic: Remove delta between master + stable
* tools/lxc-user-nic: Remove double initialization
* tools/lxc-user-nic: Rework renaming net devices
* tools/lxc-user-nic: Simplify logic
* tools/lxc-user-nic: Test privilege over netns on delete
* tools/lxc-usernsexec: Remove dead assignments
* travis: Fix builds
* utils: Add has_fs_type() + is_fs_type()
* utils: Add lxc_nic_exists()
* utils: Add lxc_safe_ulong()
* utils: Add run_command
* utils: Close parent end in child process after fork
* utils: Do not write to 0 sized buffer
* utils: Duplicate stderr as well in lxc_popen()
* utils: Fix lxc_mount_proc_if_needed()
* utils: Fix lxc_popen()/lxc_pclose()
* utils: Fix mem leak with realpath
* utils: Fix num parsing functions
* utils: Fix ppc64le builds
* utils: Fix the way to detect blocking signal
* utils: lxc_popen() remove dead assignments
* utils: Move helpers from cgfsng.c to utils.{c,h}
* utils: Rework lxc_deslashify()
* utils: Switch to has_fs_type()
* utils: Use 1LU otherwise we overflow
* utils: Use access instead of stat
* Sun Sep 17 2017 opensuse_buildserviceAATTojkastl.de- fixed tumbleweed %if-condition, so builds on 13.2 should work again now
* Thu Sep 14 2017 opensuse_buildserviceAATTojkastl.de- added workaround for Tumbleweed gcc7 bug bsc#1041291
* Mon May 15 2017 kastlAATTsuse- update to version 2.0.8 Important: Security fix for CVE-2017-5985 All templates have been updated to not set default passwords anymore, instead requiring lxc-attach be used to configure users. This may affect some automated environments that were relying on our default (very much insecure) users. Bugfixes: Make lxc-start-ephemeral Python 3.2-compatible Fix typo Allow build without sys/capability.h lxc-opensuse: fix default value for release code util: always malloc for setproctitle util: update setproctitle comments confile: clear lxc.network..ipv{4,6} when empty lxc_setup_tios(): Ignore SIGTTOU and SIGTTIN signals Make lxc-net return non-zero on failure seccomp: allow x32 guests on amd64 hosts. Add HAVE_LIBCAP c/r: only supply --ext-mount-map for bind mounts Added \'mkdir -p\' functionality in create_or_remove_cgroup Use LXC_ROOTFS_MOUNT in clonehostname hook squeeze is not a supported release anymore, drop the key start: dumb down SIGCHLD from WARN() to NOTICE() log: fix lxc_unix_epoch_to_utc() cgfsng: make trim() safer seccomp: set SCMP_FLTATR_ATL_TSKIP if available lxc-user-nic: re-order #includes lxc-user-nic: improve + bugfix lxc-user-nic: delete link on failure conf: only try to delete veth when privileged Fix lxc-containers to support multiple bridges Fix mixed tab/spaces in previous patch lxc-alpine: use dl-cdn.a.o as default mirror instead of random one lxc-checkconfig: verify new[ug]idmap are setuid-root [templates] archlinux: resolve conflicting files [templates] archlinux: noneed default_timezone variable python3: Deal with potential NULL char
* lxc-download.in / allow setting keyserver from env lxc-download.in / Document keyserver change in help Change variable check to match existing style tree-wide: include directly conf/ile: make sure buffer is large enough tree-wide: include directly tests: Support running on IPv6 networks tests: Kill containers (don\'t wait for shutdown) Fix opening wrong file in suggest_default_idmap do not set the root password in the debian template do not set insecure passwords don\'t set a default password for altlinux, gentoo, openmandriva and pld tools: exit with return code of lxc_execute() Keep veth.pair.name on network shutdown Makefile: fix static clang init.lxc build Avoid waiting for bridge interface if disabled in sysconfig/lxc | lxc-net via USE_LXC_BRIDGE Increased buffer length in print_stats() avoid assigning to a variable which is not POSIX shell proof (bug #1498) remove obsolete note about api stability conf: less error prone pointer access conf: lxc_map_ids() non-functional changes caps: add lxc_{proc,file}_cap_is_set() conf: check for {filecaps,setuid} on new{g,u}idmap conf: improve log when mounting rootfs ls: simplify the judgment condition when list active containers fix typo introduced in #1509 attach|unshare: fix the wrong comment caps: skip file capability checks on android autotools: check for cap_get_file caps: return false if caps are not supported conf: non-functional changes to setup_pts() conf: use bind-mount for /dev/ptmx conf: non-functional changes utils: use loop device helpers from LXD create ISSUE_TEMPLATE.md cgroups: improve cgfsng debugging issue template: fix typo conf: close fd in lxc_setup_devpts() conf: non-functional changes utils: tweak lxc_mount_proc_if_needed() Change sshd template to work with Ubuntu 17.04 conf: order mount options conf: add MS_LAZYTIME to mount options monitor: report errno on exec() error af unix: allow for maximum socket name commands: avoid NULL pointer dereference commands: non-functional changes lxccontainer: avoid NULL pointer dereference monitor: simplify abstract socket logic precise is not the latest LTS, let\'s use xenial instead fix the wrong exit status conf: non-functional changes lxc_fill_autodev() conf: remove /dev/console from lxc_fill_autodev() conf: non-functional changes lxc_setup() conf: non-functional changes to console functions conf: improve lxc_setup_dev_console() conf: lxc_setup_ttydir_console() config: remove /dev/console bind mount doc: document console behavior utils: add lxc_unstack_mountpoint() conf: unstack all mounts atop /dev/console console: fail when we cannot allocate peer tty start: remove umount2() conf: non-functional changes utils: handle > 2^31 in lxc_unstack_mountpoint() Install systemd units for CentOS Merge ubuntu and debiancase start: add crucial details about lxc_spawn() Deleted patches that have been included upstream: - 0010-tree-wide-include-sys-sysmacros.h-directly.patch - 0011-tree-wide-include-sys-sysmacros.h-directly.patch
* Wed Mar 29 2017 opensuse_buildserviceAATTojkastl.de- backported two patches to get the package to build again for Tumbleweed (applied only on tumbleweed aka suse_version >1315) 0010-tree-wide-include-sys-sysmacros.h-directly.patch 0011-tree-wide-include-sys-sysmacros.h-directly.patch
* Tue Jan 24 2017 opensuse_buildserviceAATTojkastl.de- update to version 2.0.7 This is the seventh bugfix release for LXC 2.0. The main bugfixes in this release are: - attach: Close lsm label file descriptor - attach: Non-functional changes - attach: Simplify lsm_openat() - caps: Add lxc_cap_is_set() - conf: attach: Save errno across call to close - conf: Clearly report to either use drop or keep - conf: criu: Add make_anonymous_mount_file() - conf: Fix suggest_default_idmap() - configure: Add --enable-gnutls option - configure: Check for memfd_create() - configure: Check whether gettid() is declared - configure: Do not allow variable length arrays - configure: Remove -Werror=vla - configure: Use AC_HEADER_MAJOR to detect major()/minor()/makedev() - conf: Non-functional changes - conf: Remove thread-unsafe strsignal + improve log - init: Add cgroupfs-mount to Should-Start/Stop sysvinit LSB headers - log: Add lxc_unix_epoch_to_utc() - log: Annotate lxc_unix_epoch_to_utc() - log: Drop all timezone conversion functions - log: Make sure that date is correctly formatted - log: Use lxc_unix_epoch_to_utc() - log: Use N/A if getpid() != gettid() when threaded - log: Use thread-safe localtime_r() - lvm: Supress warnings about leaked files - lxccontainer: Log failure to send sig to init pid - monitor: Add more logging - monitor: Close mainloop on exit if we opened it - monitor: Improve log + set log level to DEBUG - monitor: Log which pipe fd is currently used - monitor: Make lxc-monitord async signal safe - monitor: Non-functional changes - python3-lxc: Fix api_test.py on s390x - start: Check for CAP_SETGID before setgroups() - start: Fix execute and improve setgroups() calls - state: Use async signal safe fun in lxc_wait() - templates: lxc-debian: Don\'t try to get stuff from /usr/lib/systemd on the host - templates: lxc-debian: Fix getty service startup - templates: lxc-debian: Fix typo in calling dpkg with --print-foreign-architectures option - templates: lxc-debian: Handle ppc hostarch -> powerpc - templates: lxc-opensuse: Change openSUSE default release to Leap 42.2 - templates: lxc-opensuse: Remove libgcc_s1 - templates: lxc-opensuse: Remove poweroff.target -> sigpwr.target copy - templates: lxc-opensuse: Set to be unconfined by AppArmor - templates: lxc-opensuse: Update for Leap 42.2 - tests; Don\'t cause test failures on cleanup errors - tests: Skip unpriv tests on broken overlay module - tools: Improve logging - tools: lxc-start: Remove c->is_defined(c) check - tools: lxc-start: Set configfile after load_config - tools: Only check for O_RDONLY - tree-wide: Random macro cleanups - tree-wide: Remove any variable length arrays - tree-wide: Sic semper assertis! - utils: Add macro __LXC_NUMSTRLEN - utils: Add uid, gid, group convenience wrappers
  
ICM