Changelog for
lxc-2.1.1-1.2.i586.rpm :
Tue Oct 31 13:00:00 2017 opensuse_buildserviceAATTojkastl.de
- This is the first bugfix release for LXC 2.1.
Bugfixes:
* apparmor: Drop useless apparmor denies
* cgfsng: Check whether we have a conf
* cgfsng: Fail when limits fail to apply
* conf: Error out on too many mappings
* conf: Ignore lxc.kmsg and lxc.pivotdir
* conf: Make update warning opt-in
* conf: Preserve newlines in configuration file
* conf: Remove dead assignments in parse_idmaps()
* conf: Remove unnecessary zeroing
* conf: Use the proper type for rlim_t, fixing build failure on x32.
* console: Clean tty state + return 0 on peer exit
* console: Remove dead assignments
* core: Introduce userns_exec_full() and port the codebase to it
* criu: Use correct check initialization check
* doc: Add lxc.cgroup.dir to Japanese lxc.container.conf(5)
* doc: Add lxc-update-config manpage
* doc: Document missing env variables
* doc: Fix regex-typo in Japanese and Korean lxc-monitor(1)
* doc: Fix regex-typo in lxc-monitor.sgml.in
* doc: Translate lxc(7) into Japanese
* doc: Translate lxc-update-config(1) into Japanese
* execute: Enable console & standard /dev symlinks
* init: Become session leader
* log: Fix a format string build failure on x32.
* log: Prevent stack smashing
* monitor: Remove dead assignment
* network: Add missing checks for empty links
* network: Clear ifindeces
* network: Non-functional changes
* network: Remove dead assignments
* network: Use single helper to delete networks
* start: Don\'t close inherited namespace fds
* start: Move env setup before container setup
* start: Pass LXC_LOG_LEVEL to hooks
* start: Remove dead variable
* start: Set environment variables correctly
* start: Switch ids at last possible instance
* storage: Avoid segfault on missing lxc.rootfs.path
* storage: Fix typo in error message
* storage/lvm: Fix thinpool logical volumes
* storage/overlay: Do not write to invalid memory
* storage/overlay: Fix use after free()
* storage/zfs: Return error directly when zfs creation fails
* template/alpine: Change file check to also check file size (-f => -s)
* template/archlinux: Change locale \"en-US.UTF-8\" to \"en_US.UTF-8\"
* template/debian: Don\'t force gettyAATT configuration
* template/plamo: Delete unnecessary process during container shutdown
* tests: Avoid NULL pointer dereference
* tests: Remove dead assignments
* tests: Support systemd hybrid cgroups
* tools: Print \"-devel\" when LXC_DEVEL is true
* tools/lxc-unshare: Do not pass NULL pointer
* tools/lxc-update-config: Remove lxc.pivotdir and lxc.kmsg entries
* tools/lxc-update-config: Strip lxc.rootfs.backend and properly handle IPv4 addresses
* tools/lxc-user-nic: Remove double initialization
* tools/lxc-usernsexec: Remove dead assignments
* utils: Do not write to 0 sized buffer
* utils: Duplicate stderr as well in lxc_popen()
* utils: Fix lxc_popen()/lxc_pclose()
* utils: Remove dead assignments in lxc_popen()
Sun Sep 17 14:00:00 2017 opensuse_buildserviceAATTojkastl.de
- extended GCC7 workaround to allow builds
Thu Sep 14 14:00:00 2017 opensuse_buildserviceAATTojkastl.de
- added %if to use /etc/default/lxc or /etc/sysconfig/lxc, depending on Suse-or-Not
Wed Sep 13 14:00:00 2017 opensuse_buildserviceAATTojkastl.de
- update to LXC 2.1
New Features:
- Resource limit support
- Support for unprivileged openvswitch networks
- New lxc.cgroup.dir key
- Support for hybrid cgroup layout
- Limiting the number of ptys a container can allocate
- bool lxc_config_item_is_supported(const char
*key) API extension
- New log API extension
- Deprecation of lxc-monitord
- lxc-copy create snapshots on tmpfs
Configuration changes:
- Network configuration
- Table of changed configuration keys (see release notes on https://linuxcontainers.org/lxc/news/)
- lxc-update-config script
- Deprecation warnings
Changelog
Core:
- af unix: allow for maximum socket name
- af_unix: abstract lxc_abstract_unix_{send,recv}_fd
- android: add prlimit implementation for 32bit
- API: expose function lxc_log_init
- API: add lxc_config_item_is_supported()
- caps: add lxc_{proc,file}_cap_is_set()
- cgroups: handle hybrid cgroup layouts
- commands: handle EINTR
- commands: add lxc_cmd_state_server()
- commands: switch api to new callback system
- conf: implement resource limits
- conf: check for {filecaps,setuid} on new{g,u}idmap
- conf: use bind-mount for /dev/ptmx
- conf: add MS_LAZYTIME to mount options
- conf: don\'t send ttys when none are configured
- conf: send ttys in batches of 2
- conf: log lxc-user-nic output
- conf: refactor network deletion
- conf: rework core functions
- conf: improve lxc_map_ids()
- conf: use minimal {g,u}id map
- conf: allow writing uid mappings with euid != 0
- conf: unstack all mounts atop /dev/console
- conf{,ile}: warn user once about legacy config
- confile: add lxc_get_idmaps()
- confile: rework + extend callback system
- confile: performance tweaks
- confile: add \"lxc.cgroup.dir\"
- confile: list namespaced keys
- confile: lxc_getconfig() -> lxc_get_config()
- confile: improve get_network_config_ops()
- confile: move lxc_list_net()
- confile: lxc_listconfigs -> lxc_list_config_items
- confile: rework lxc_list_net()
- confile: lxc.seccomp --> lxc.seccomp.profile
- confile: lxc.pts --> lxc.pty.max
- confile: lxc.tty --> lxc.tty.max
- confile: lxc.net.ipv6 --> lxc.net.ipv6.address
- confile: lxc.net.ipv4 --> lxc.net.ipv4.address
- confile: lxc.mount --> lxc.mount.fstab
- confile: lxc.console --> lxc.console.path
- confile: lxc.rootfs --> lxc.rootfs.path
- confile: deprecate lxc.rootfs.backend
- confile: rename lxc.utsname to lxc.uts.name
- confile: rename lxc.devttydir to lxc.tty.dir
- confile: namespace lxc.signal keys
- confile: namespace lxc.log keys
- confile: namespace lxc.init keys
- confile: rename lxc.limit to lxc.prlimit
- confile: remove lxc.pivotdir
- confile: remove lxc.kmsg
- confile: properly namespace security keys
- doc: adapt to new configuration keys
- devpts: use max= option on mount
- lsm/AppArmor: Allow containers to start in AppArmor namespaces
- lxccontainer: clear whole indexed networks
- lxccontainer: switch api to new callback system
- lxc-init: report exec
*() failure
- lxc-user-nic: keep lines from other {users,links}
- lxc-user-nic: fix adding database entries
- lxc-user-nic: check db before trying to delete
- lxc-user-nic: test privilege over netns on delete
- lxc-user-nic: rework renaming net devices
- lxc-user-nic: add new {create,delete} subcommands
- monitor: simplify abstract socket logic
- network: don\'t delete net devs we didn\'t create
- network: remove allocation from lxc_mkifname()
- network: remove netpipe
- network: use correct network device name
- network: stop recording saved physical net devices
- network: retrieve correct names and ifindices
- network: use static memory for net device names
- network: retrieve the host\'s veth device ifindex
- network: rework network creation
- network: delete ovs for unprivileged networks
- network: log ifindex
- network: send ifindex for unpriv networks
- network: return negative idx for legacy networks
- network: test new network configuration parser
- network: add new network parser
- network: preserve backwards compatibility
- network: add test-suite for configuration items
- openvswitch: delete ports intelligently
- README: add CII Best Practices badge to README
- seccomp: set SCMP_FLTATR_ATL_TSKIP if available
- start: generalize lxc_check_inherited()
- start: use separate socket on daemonized start
- start: switch from SOCK_DGRAM to SOCK_STREAM
- start: don\'t let data_sock users close the fd
- start: ensure cgroups are cleaned up
- start: remove utmp watch
- start: lxc_setup() after unshare(CLONE_NEWCGROUP)
- start: dup std{in,out,err} to pty slave
- start: add lxc_init_handler()
- start: add lxc_free_handler()
- start: pin rootfs when privileged
- storage: add lxc_storage_get_path()
- storage: add storage_utils.{c.h}
- storage: add overlay as valid backend
- storage: rename files \"bdev\" -> \"storage\"
- storage/aufs: mark deprecated
- storage/btrfs: rework btrfs storage driver
- storage/loop: rework loop storage driver
- storage/lvm: rework lvm backend
- storage/overlay: rework overlay storage driver
- storage/overlay: correctly restore from snapshot
- storage/overlay: correctly handle dependency tracking
- storage/rbd: rework rbd storage driver
- storage/zfs: rework zfs storage driver
- tests: add tests for lxc.cgroup.dir
- test: add test to get subkeys
- tests: add unit tests for idmap parser
- tests: enforce all methods for config items
- tree-wide: struct bdev -> struct lxc_storage
- utils: add lxc_nic_exists()
- utils: switch to has_fs_type()
- utils: add has_fs_type() + is_fs_type()
- utils: rework lxc_deslashify()
- utils: lxc_make_abstract_socket_name()
- utils: add lxc_safe_ulong()
- utils: add lxc_unstack_mountpoint()
Template:
- templates/Alpine: Add support for ppc64le
- templates/Alpine: use dl-cdn.a.o as default mirror instead of random one
- templates/Alpine: add community repository to default repositories
- templates/CentOS: use altarch mirror for CentOS on arches other than i386 and x86_64
- templates/CentOS: default to CentOS 7
- templates/debian: Use deb.debian.org as the default Debian mirror
- templates/debian: jessie and stretch keyring support
- templates/debian: Add buster as a valid release
- templates/opensuse: support leap 42.3
- templates/opensuse: fix tumbleweed software selection
- templates/opensuse: add Tumbleweed as supported release
- templates/ubuntu: support netplan in newer releases by default
- templates/ubuntu: conditionally move upstart ssh job, as it is now optional.
- userns.conf: remove obsolete bind-mounts
Tools:
- lxc-execute: print error message when failed
- lxc-update-config: handle legacy networks
- tools: add additional cgroup checks
- tools: add lxc-update-config.in
- tools/lxc-attach: allow for situations without /dev/tty
- tools/lxc-checkconfig: Add CONFIG_NETFILTER_XT_MATCH_COMMENT
- tools/lxc-checkconfig: verify new[ug]idmap are setuid-root
- tools/lxc-ls: return all containers by default, new filter - list only defined containers.
Mon May 15 14:00:00 2017 kastlAATTsuse
- update to version 2.0.8
Important:
Security fix for CVE-2017-5985
All templates have been updated to not set default passwords anymore, instead requiring lxc-attach be used to configure users.
This may affect some automated environments that were relying on our default (very much insecure) users.
Bugfixes:
Make lxc-start-ephemeral Python 3.2-compatible
Fix typo
Allow build without sys/capability.h
lxc-opensuse: fix default value for release code
util: always malloc for setproctitle
util: update setproctitle comments
confile: clear lxc.network..ipv{4,6} when empty
lxc_setup_tios(): Ignore SIGTTOU and SIGTTIN signals
Make lxc-net return non-zero on failure
seccomp: allow x32 guests on amd64 hosts.
Add HAVE_LIBCAP
c/r: only supply --ext-mount-map for bind mounts
Added \'mkdir -p\' functionality in create_or_remove_cgroup
Use LXC_ROOTFS_MOUNT in clonehostname hook
squeeze is not a supported release anymore, drop the key
start: dumb down SIGCHLD from WARN() to NOTICE()
log: fix lxc_unix_epoch_to_utc()
cgfsng: make trim() safer
seccomp: set SCMP_FLTATR_ATL_TSKIP if available
lxc-user-nic: re-order #includes
lxc-user-nic: improve + bugfix
lxc-user-nic: delete link on failure
conf: only try to delete veth when privileged
Fix lxc-containers to support multiple bridges
Fix mixed tab/spaces in previous patch
lxc-alpine: use dl-cdn.a.o as default mirror instead of random one
lxc-checkconfig: verify new[ug]idmap are setuid-root
[templates] archlinux: resolve conflicting files
[templates] archlinux: noneed default_timezone variable
python3: Deal with potential NULL char
*
lxc-download.in / allow setting keyserver from env
lxc-download.in / Document keyserver change in help
Change variable check to match existing style
tree-wide: include directly
conf/ile: make sure buffer is large enough
tree-wide: include directly
tests: Support running on IPv6 networks
tests: Kill containers (don\'t wait for shutdown)
Fix opening wrong file in suggest_default_idmap
do not set the root password in the debian template
do not set insecure passwords
don\'t set a default password for altlinux, gentoo, openmandriva and pld
tools: exit with return code of lxc_execute()
Keep veth.pair.name on network shutdown
Makefile: fix static clang init.lxc build
Avoid waiting for bridge interface if disabled in sysconfig/lxc | lxc-net via USE_LXC_BRIDGE
Increased buffer length in print_stats()
avoid assigning to a variable which is not POSIX shell proof (bug #1498)
remove obsolete note about api stability
conf: less error prone pointer access
conf: lxc_map_ids() non-functional changes
caps: add lxc_{proc,file}_cap_is_set()
conf: check for {filecaps,setuid} on new{g,u}idmap
conf: improve log when mounting rootfs
ls: simplify the judgment condition when list active containers
fix typo introduced in #1509
attach|unshare: fix the wrong comment
caps: skip file capability checks on android
autotools: check for cap_get_file
caps: return false if caps are not supported
conf: non-functional changes to setup_pts()
conf: use bind-mount for /dev/ptmx
conf: non-functional changes
utils: use loop device helpers from LXD
create ISSUE_TEMPLATE.md
cgroups: improve cgfsng debugging
issue template: fix typo
conf: close fd in lxc_setup_devpts()
conf: non-functional changes
utils: tweak lxc_mount_proc_if_needed()
Change sshd template to work with Ubuntu 17.04
conf: order mount options
conf: add MS_LAZYTIME to mount options
monitor: report errno on exec() error
af unix: allow for maximum socket name
commands: avoid NULL pointer dereference
commands: non-functional changes
lxccontainer: avoid NULL pointer dereference
monitor: simplify abstract socket logic
precise is not the latest LTS, let\'s use xenial instead
fix the wrong exit status
conf: non-functional changes lxc_fill_autodev()
conf: remove /dev/console from lxc_fill_autodev()
conf: non-functional changes lxc_setup()
conf: non-functional changes to console functions
conf: improve lxc_setup_dev_console()
conf: lxc_setup_ttydir_console()
config: remove /dev/console bind mount
doc: document console behavior
utils: add lxc_unstack_mountpoint()
conf: unstack all mounts atop /dev/console
console: fail when we cannot allocate peer tty
start: remove umount2()
conf: non-functional changes
utils: handle > 2^31 in lxc_unstack_mountpoint()
Install systemd units for CentOS
Merge ubuntu and debiancase
start: add crucial details about lxc_spawn()
Deleted patches that have been included upstream:
- 0010-tree-wide-include-sys-sysmacros.h-directly.patch
- 0011-tree-wide-include-sys-sysmacros.h-directly.patch
Wed Mar 29 14:00:00 2017 opensuse_buildserviceAATTojkastl.de
- backported two patches to get the package to build again for Tumbleweed
(applied only on tumbleweed aka suse_version >1315)
0010-tree-wide-include-sys-sysmacros.h-directly.patch
0011-tree-wide-include-sys-sysmacros.h-directly.patch
Tue Jan 24 13:00:00 2017 opensuse_buildserviceAATTojkastl.de
- update to version 2.0.7
This is the seventh bugfix release for LXC 2.0. The main bugfixes in this release are:
- attach: Close lsm label file descriptor
- attach: Non-functional changes
- attach: Simplify lsm_openat()
- caps: Add lxc_cap_is_set()
- conf: attach: Save errno across call to close
- conf: Clearly report to either use drop or keep
- conf: criu: Add make_anonymous_mount_file()
- conf: Fix suggest_default_idmap()
- configure: Add --enable-gnutls option
- configure: Check for memfd_create()
- configure: Check whether gettid() is declared
- configure: Do not allow variable length arrays
- configure: Remove -Werror=vla
- configure: Use AC_HEADER_MAJOR to detect major()/minor()/makedev()
- conf: Non-functional changes
- conf: Remove thread-unsafe strsignal + improve log
- init: Add cgroupfs-mount to Should-Start/Stop sysvinit LSB headers
- log: Add lxc_unix_epoch_to_utc()
- log: Annotate lxc_unix_epoch_to_utc()
- log: Drop all timezone conversion functions
- log: Make sure that date is correctly formatted
- log: Use lxc_unix_epoch_to_utc()
- log: Use N/A if getpid() != gettid() when threaded
- log: Use thread-safe localtime_r()
- lvm: Supress warnings about leaked files
- lxccontainer: Log failure to send sig to init pid
- monitor: Add more logging
- monitor: Close mainloop on exit if we opened it
- monitor: Improve log + set log level to DEBUG
- monitor: Log which pipe fd is currently used
- monitor: Make lxc-monitord async signal safe
- monitor: Non-functional changes
- python3-lxc: Fix api_test.py on s390x
- start: Check for CAP_SETGID before setgroups()
- start: Fix execute and improve setgroups() calls
- state: Use async signal safe fun in lxc_wait()
- templates: lxc-debian: Don\'t try to get stuff from /usr/lib/systemd on the host
- templates: lxc-debian: Fix getty service startup
- templates: lxc-debian: Fix typo in calling dpkg with --print-foreign-architectures option
- templates: lxc-debian: Handle ppc hostarch -> powerpc
- templates: lxc-opensuse: Change openSUSE default release to Leap 42.2
- templates: lxc-opensuse: Remove libgcc_s1
- templates: lxc-opensuse: Remove poweroff.target -> sigpwr.target copy
- templates: lxc-opensuse: Set to be unconfined by AppArmor
- templates: lxc-opensuse: Update for Leap 42.2
- tests; Don\'t cause test failures on cleanup errors
- tests: Skip unpriv tests on broken overlay module
- tools: Improve logging
- tools: lxc-start: Remove c->is_defined(c) check
- tools: lxc-start: Set configfile after load_config
- tools: Only check for O_RDONLY
- tree-wide: Random macro cleanups
- tree-wide: Remove any variable length arrays
- tree-wide: Sic semper assertis!
- utils: Add macro __LXC_NUMSTRLEN
- utils: Add uid, gid, group convenience wrappers
Sat Nov 26 13:00:00 2016 opensuse_buildserviceAATTojkastl.de
- deleted patch 0003-Changed-shebang-in-src-python-lxc-examples-api_test..patch
- adapted patches 0002 to 0005 to work with version 2.0.6
Sat Nov 26 13:00:00 2016 opensuse_buildserviceAATTojkastl.de
- added libtool as BuildRequires on
*SUSE
Sat Nov 26 13:00:00 2016 opensuse_buildserviceAATTojkastl.de
- Update to version 2.0.6
Important:
Security fix for CVE-2016-8649
Bugfixes:
utils: make detect_ramfs_rootfs() return bool
tests: add test for detect_ramfs_rootfs()
add Documentation entries to lxc and lxcAATT units
mark the python examples as having utf-8 encoding
log: sanity check the returned value from snprintf()
lxc-alpine: mount /dev/shm as tmpfs
archlinux: Do DHCP on eth0
archlinux: Fix resolving
Drop leftover references to lxc_strerror()
tests: fix image download for s390x
tools: fix coding style in lxc_attach
tools: make overlay valid backend
tools: better error reporting for lxc-start
alpine: Fix installing extra packages
lxc-alpine: do not drop setfcap
s390x: Fix seccomp handling of personalities
tools: correct the argument typo in lxc_copy
Use libtool for liblxc.so
c/r: use --external instead of --veth-pair
c/r: remember to increment netnr
c/r: add checkpoint/restore support for macvlan interfaces
ubuntu: Fix package upgrades requiring proc
c/r: drop duplicate hunk from macvlan case
c/r: use snprintf to compute device name
Tweak libtool handling to work with Android
tests: add lxc_error() and lxc_debug()
container start: clone newcgroup immediately
use python3_sitearch for including the python code
fix rpm build, include all built files, but only once
cgfs: fix invalid free()
find OpenSUSE\'s build also as obs-build
improve help text for --fancy and --fancy-format
improve wording of the help page for lxc-ls
cgfs: add print_cgfs_init_debuginfo()
cgfs: skip empty entries under /proc/self/cgroup
cgfs: explicitly check for NULL
tools: use correct exit code for lxc-stop
c/r: explicitly emit bind mounts as criu arguments
log: bump LXC_LOG_BUFFER_SIZE to 4096
conf: merge network namespace move & rename on shutdown
c/r: save criu\'s stdout during dump too
c/r: remove extra \
s from logs
c/r: fix off-by-one error
c/r: check state before doing a checkpoint/restore
start: CLONE_NEWCGROUP after we have setup cgroups
create symlink for /var/run
utils: add lxc_append_string()
cgroups: remove isolated cpus from cpuset.cpus
Update Ubuntu release name: add zesty and remove wily
templates: add squashfs support to lxc-ubuntu-cloud.in
cgroups: skip v2 hierarchy entry
also stop lxc-net in runlevels 0 and 6
add lxc.egg-info to gitignore
install bash completion where pkg-config tells us to
conf: do not use %m format specifier
debian: Don\'t depend on libui-dialog-perl
cgroups: use %zu format specifier to print size_t
lxc-checkpoint: automatically detect if --external or --veth-pair
cgroups: prevent segfault in cgfsng
utils: add lxc_preserve_ns()
start: add netnsfd to lxc_handler
conf: use lxc_preserve_ns()
attach: use lxc_preserve_ns()
lxc_user_nic: use lxc_preserve_ns()
conf, start: improve log output
conf: explicitly remove veth device from host
conf, start: be smarter when deleting networks
start, utils: improve preserve_ns()
start, error: improve log + non-functional changes
start, namespace: move ns_info to namespace.{c,h}
attach, utils: bugfixes
attach: use ns_info[LXC_NS_MAX] struct
namespace: always attach to user namespace first
cgroup: improve isolcpus handling
cgroups: handle non-existent isolcpus file
utils: add lxc_safe_uint()
tests: add unit tests for lxc_safe_uint()
utils: add lxc_safe_int()
tests: add unit tests for lxc_safe_int()
conf/ile: get ip prefix via lxc_safe_uint()
confile: use lxc_safe_u/int in config_init_{u,g}id
conf/ile: use lxc_safe_uint() in config_pts()
conf/ile: use lxc_safe_u/int() in config_start()
conf/ile: use lxc_safe_uint() in config_monitor()
conf/ile: use lxc_safe_uint() in config_tty()
conf/ile: use lxc_safe_uint() in config_kmsg()
conf/ile: avoid atoi in config_lsm_aa_incomplete()
conf/ile: use lxc_safe_uint() in config_autodev()
conf/ile: avoid atoi() in config_ephemeral()
utils: use lxc_safe_int()
lxc_monitord: use lxc_safe_int() && use exit()
start: use lxc_safe_int()
conf: use lxc_safe_{u}int()
tools/lxc_execute: use lxc_safe_uint()
tools/lxc_stop: use lxc_safe_uint()
utils: add lxc_safe_long()
tests: add unit tests for lxc_safe_long()
tools/lxc_stop: use lxc_safe_long()
tools/lxc_top: use lxc_safe_int()
tools/lxc_ls: use lxc_safe_uint()
tools/lxc_autostart: use lxc_safe_{int,long}()
tools/lxc_console: use lxc_safe_uint()
tools: replace non-standard namespace identifiers
Configure a static MAC address on the LXC bridge
tests: remove overflow tests
attach: do not send procfd to attached process
Sat Nov 26 13:00:00 2016 opensuse_buildserviceAATTojkastl.de
- delete patch 0002-replaced-she-bangs-containing-usr-bin-python3-with-t.patch
- split up the deleted patch in single patches to make it easier to maintain
- 0002-Changed-shebang-in-src-lxc-tools-lxc-start-ephemeral.patch
- 0003-Changed-shebang-in-src-python-lxc-examples-api_test..patch
- 0004-Changed-shebang-in-src-python-lxc-examples-pyconsole.patch
- 0005-Changed-shebang-in-src-python-lxc-examples-pyconsole.patch
- 0006-Changed-shebang-in-src-src-python-lxc-setup.py.in-to.patch
Fri Oct 7 14:00:00 2016 opensuse_buildserviceAATTojkastl.de
- update to version 2.0.5
This is the fifth bugfix release for LXC 2.0. The main bugfixes in this release are:
Fix .gitignore after /tools/ split
Add lxc-test-utils to .gitignore
bdev: use correct overlay module name
cleanup: tools: remove --name from lxc-top usage message
cleanup: whitespaces in option alignment for lxc-execute
Use full GPG fingerprint instead of long IDs.
tools: move --rcfile to the common options list
tools: set configfile after load_config
doc: add --rcfile to common opts
doc: Update Korean lxc-attach(1)
doc: Add --rcfile to Korean common opts
doc: Add --rcfile to Japanese common opts
tools: use exit(EXIT_
*) everywhere
tools: unify exit() calls outside of main()
utils: Add mips signalfd syscall numbers
seccomp: Implement MIPS seccomp handling
seccomp: Add mips and mips64 entries to lxc_config_parse_arch
seccomp: fix strerror()
confile: add more archs to lxc_config_parse_arch()
seccomp: add support for s390x
seccomp: remove double include and order includes
seccomp: non functional changes
templates: use fd 9 instead of 200
templates: fedora requires openssl binary
tools: use boolean for ret in lxc_device.c
c/r: use /proc/self/tid/children instead of pidfile
c/r: Fix pid_t on some arches
templates: Add mips hostarch detection to debian
cleanup: replace tabs wth spaces in usage strings
remove extra \'ret\'
c/r: write status only after trying to parse the pid
set FULL_PATH_NAMES=NO in doc/api/Doxyfile
templates: rm halt.target -> sigpwr.target symlink
templates: remove creation of bogus directory
console: use correct log name
configure: add --disable-werror
tests: fix get_item tests
templates: use correct cron version in alpine template
c/r: zero a smaller than known migrate_opts struct
lxczfs: small fixes
c/r: free valid_opts if necessary
make rsync deal with sparse files efficiently
lxc-create -t debian fails on ppc64el arch
c/r: fix typo in comment
cgroup: add new functions for interacting with hierachies
utils: add lxc_deslashify
c/r: pass --cgroup-roots on checkpoint
cgroup: get rid of weird hack in cgfsng_escape
cgroup: drop cgroup_canonical_path
c/r: check that cgroup_num_hierarchies > 0
tools: do not add trailing spaces on lxc-ls -1
conf: retrieve mtu from netdev->link
conf: try to retrieve mtu from veth
c/r: detatch from controlling tty on restore
Fix null derefence if attach is called without access to any tty
utils: fix lxc_string_split()
tools: lxc_deslashify() handle special cases
tests: add unit tests for lxc_deslashify()
Fix for ALTLinux container creation in all branches
utils: lxc_deslashify() free memory
Fix spelling of CentOS in the templates
Define LXC_DEVEL to detect development releases
tools: lxc-checkconfig conditionalize devpts check
Wed Aug 17 14:00:00 2016 opensuse_buildserviceAATTojkastl.de
- adapted patch 0002-replaced-she-bangs-containing-usr-bin-python3-with-t.patch to work with lxc version 2.0.4
Wed Aug 17 14:00:00 2016 opensuse_buildserviceAATTojkastl.de
- update to version 2.0.4
The main bugfixes in this release are:
core: Add a prefix to the lxc.pc
core: Add flag in mount_entry to skip NODEV in case of a persistent dev entry
core: Add missing cgroup namespace to ns_info struct
core: attach: setns instead of unshare in lxc-attach
core: bdev: Add subdirectories to search path
core: bdev: Be smarter about btrfs subvolume detection
core: cgfsng: Don\'t pre-calculate path
core: cgfsng: Fix is_lxcfs() and is_cgroupfs()
core: cgroups: Move cgroup files to common subfolder
core: conf: Set pty_info to NULL after free
core: Detect if we should send SIGRTMIN+3
core: Replace readdir_r() with readdir()
core: Set up MTU for vlan-type interfaces.
core: tools, tests: Reorganize repo
c/r: Add support for CRIU\'s --action-script
c/r: Add support for ghost-limit in CRIU
c/r: Drop in-flight connections during CRIU dump
c/r: Initialize migrate_opts properly
c/r: Make local function static
c/r: Replace tmpnam() with mkstemp()
c/r: Store criu version
c/r: Use PRIu64 format specifier
doc: Fix typo found by lintian
doc: Update Japanese lxc-attach(1)
doc: Update lxc-attach(1)
lxc-attach: Add -f option (rcfile)
lxc-attach: Cleanup whitespaces
lxc-create: Add missing newline in output
lxc-ls: Use correct runtime path
templates: alpine: Add support for new arch
templates: alpine: Mount tmpfs under /run
templates: debian: Add more quotes to variables (at least $rootfs should now be covered)
templates: debian: Avoid noisy perl warnings caused by missing locales
templates: debian: fix regression when creating wheezy containers
templates: debian: Make shellcheck (Ubuntu: 0.3.7-5 amd64) most possible happy
tests: Add unit tests for lxc_string_in_array()
tests: Add unit tests for lxc_string_replace()
Wed Jun 29 14:00:00 2016 opensuse_buildserviceAATTojkastl.de
- update to version 2.0.3
The main bugfixes in version 2.0.3 are:
- apparmor: Refresh generated file
The main bugfixes in version 2.0.2 were:
- apparmor: add make-rslave to usr.bin.lxc-start
- apparmor: Allow bind-mounts and {r}shared/{r}private
- apparmor: allow mount move
- apparmor: Update mount states handling
- core: Drop lxc-devsetup as unneeded by current autodev
- core: Fix redefinition of struct in6_addr
- core: Include all lxcmntent.h function declarations on Bionic
- c/r: c/r: use criu\'s \"full\" mode for cgroups
- systemd: start containers in foreground when using the lxcAATT.service
- templates: debian: Make sure init is installed
- templates: oracle: Fix console login
- templates: plamo: Fix various issues
- templates: ubuntu: Install apt-transport-https by default
- travis: ensure \'make install\' doesn\'t fail
- travis: test VPATH builds
- upstart: Force lxc-instance to behave like a good Upstart client
Tue Jun 28 14:00:00 2016 opensuse_buildserviceAATTojkastl.de
- lxc-devsetup was dropped from the package, thus now removed from %files section
Tue Jun 28 14:00:00 2016 opensuse_buildserviceAATTojkastl.de
- update to version 2.0.2
(changelog not yet available)
Sat May 28 14:00:00 2016 opensuse_buildserviceAATTojkastl.de
- removed dependency on libcap on
*SUSE, as libcap does not provide this any more and libcap-devel should pull in all needed packages
Tue May 17 14:00:00 2016 opensuse_buildserviceAATTojkastl.de
- bugfix release 2.0.1
apparmor: Also allow fstype=fuse for fuse filesystems
attach: adapt lxc-attach tests & add test for pty logging
attach: don\'t fail attach on failure to setup a SIGWINCH handler.
attach: fix a variety of lxc-attach pts handling issues
attach: switch console pty to raw mode (fixes ncurses-based programs)
attach: use raw settings of ssh for pty
bindings: fixed python-lxc reference to var before assignment in create()
bindings: set PyErr when Container.__init__ fails
cgfsng: defer to cgfs if needed subsystems are not available
cgfsng: don\'t require that systemd subsystem be mounted
core: Added missing type to keys in lxc_list_nicconfigs
core: Allow configuration file values to be quoted
core: log: remove duplicate definitons and bump buffer size
core: sync: properly fail on unexpected message sizes
core: Unshare netns after setting the userns mappings (fixes ownership of /proc/net)
core: various fixes as reported by static analysis
c/r: add an option to use faster inotify support in CRIU
c/r: rearrange things to pass struct migrate_opts all the way down
doc: ignore temporary files generated by doxygen
doc: tweak manpage generation date to be compatible with reproducible builds
doc: update MAINTAINERS
doc: update to translated manpages
init: add missing lsb headers to sysvinit scripts
init: don\'t make sysv init scripts dependant on distribution specifics
init: drop obsolete syslog.target from lxc.service.in
lxc-attach: add logging option to manpage
lxc-checkconfig: better render when stdout isn\'t a terminal
lxc-create: fix -B best option
lxc-destroy: avoid double print
lxc-ls: use fewer syscalls when doing ipc
templates: Add apt-transport-https to minbase variant of Ubuntu template
templates: fix a typo in the capabilities name for Gentoo (sys_resource)
templates: logic fix in the Centos template for RHEL7+ support
templates: tweak Alpine DHCP configuration to send its hostname
templates: tweak to network configuration of the Oracle template
Thu Apr 7 14:00:00 2016 opensuse_buildserviceAATTojkastl.de
- Released Version 2.0.0
Highlights
All main LXC commands have now been rewritten in C
lxc-ls
lxc-device
lxc-copy
New lxc-copy command taking over the role of lxc-clone and lxc-start-ephemeral
Much improved support for checkpoint/restore of containers
Completely reworked cgroup handling including support for the cgroup namespace
The various command line tools are now much more consistent
Re-organized storage backend implementation, including addition of a Ceph RBD backend
An enormous amount of bugfixes, most of which will be backported to 1.0 and 1.1 over the next few bugfix releases
The C API remains backward compatible with previous versions and is released as 1.2
New configuration options
lxc.ephemeral: Controls whether the container is ephemeral and so will be destroyed on shutdown
lxc.rebootsignal: Allows to override the signal sent for container reboot
lxc.hook.destroy: New hook being called on container destruction
lxc.hook.stop: Run in the host context with references to the containers just before namespace teardown
lxc.init_uid: Used by lxc-execute to set an alternative user
lxc.init_gid: Used by lxc-execute to set an alternative group
lxc.monitor.unshare: Allows unsharing the mount namespace prior to running any hook
New features
API:
API version is 1.2, fully backward compatible with 1.1 and 1.0
new symbols:
New migrate() symbol as an alternative to checkpoint() using a migrate_opts struct to simplify additions
python3
Support for passing the storage backend to create()
lua
Add support for get_ips()
Add support for get_interfaces()
Add support for rename()
Core:
cgfsng: New cgroup backend driver for recent Linux kernel
cgroup: Partial support for the new cgroup hierarchy
cgroup: Support for the cgroup namespace
checkpoint: Support checkpoint/restore of default LXC containers
checkpoint: Support checkpoint/restore of unprivileged containers
checkpoint: Support for the page server
config: lxc.aa_profile: Now supports an \"unchanged\" value
config: lxc.init_cmd: Now supports arguments
config: lxc.network.macvlan.mode: Added support for the \"passthru\" mode
config: lxc.rootfs.backend: Allows to override the storage backend (bypasses auto-detection)
config: New nesting.conf configuration file to setup container nesting
hooks: New LXC_CGNS_AWARE environment variable, set to 1 if LXC supports the cgroup namespace (the kernel however may not)
hooks: New LXC_SRC_NAME environment variable is set in clone hook with the original container name
hooks: New LXC_TARGET environment variable is set with the container goal (stop or reboot)
logging: Updated logging timestamps to be a bit more readable
lxc-usernet: Support for containers usning a veth interface without bridging
lxc-usernet: Support for group-based quotas (use the AATT prefix)
network: The bridge interface MTU is now used as the default container interface MTU
start: The process title is now renamed to be easier to read
storage: New Ceph RBD storage backend
Documentation:
Korean translation of all the man pages
Commands:
lxc-attach: Use an intermediate pts device to prevent attacks against the parent shell
lxc-clone: Support for renaming containers
lxc-start-ephemeral: Support for changing bind-mount targets
Init systems:
systemd: Support for instanced service units
Templates
New ALTLinux template
New Slackware template
New SPARCLinux template
alpine: Support installing extra packages
debian: Default to just \"main\" enabled, allow enabling other repositories through argument
oracle: Set the timezone in the container
openssh: Add OpenSSH support
ubuntu: New -v option allowing the user to set the debootstrap variant
ubuntu-cloud: Support for vendor-data passthrough
Change in behavior¶
The lxc-autostart container startup order is now reversed (to be correct)
The new cgfsng cgroup backend is now the recommended backend
lxc.hook.post-stop failures are now fatal to container reboots
Fri Apr 1 14:00:00 2016 opensuse_buildserviceAATTojkastl.de
- update to version 2.0.0.rc15
Wed Mar 30 14:00:00 2016 opensuse_buildserviceAATTojkastl.de
- update to version 2.0.0.rc14
Wed Mar 23 13:00:00 2016 opensuse_buildserviceAATTojkastl.de
- update to version 2.0.0.rc13
Tue Mar 22 13:00:00 2016 opensuse_buildserviceAATTojkastl.de
- update to version 2.0.0.rc12
Fri Mar 18 13:00:00 2016 opensuse_buildserviceAATTojkastl.de
- defined macro for /etc/sysconfig or /etc/default on openSUSE or CentOS, to get the lxc-net file in the right place
Fri Mar 18 13:00:00 2016 opensuse_buildserviceAATTojkastl.de
- update to version 2.0.0.rc11
Sat Mar 12 13:00:00 2016 opensuse_buildserviceAATTojkastl.de
- update to version 2.0.0.rc10
Wed Mar 9 13:00:00 2016 opensuse_buildserviceAATTojkastl.de
- update to version 2.0.0.rc9
Sun Mar 6 13:00:00 2016 opensuse_buildserviceAATTojkastl.de
- update to version 2.0.0.rc5
Sat Feb 27 13:00:00 2016 opensuse_buildserviceAATTojkastl.de
- update to version 2.0.0.rc4
Thu Feb 25 13:00:00 2016 opensuse_buildserviceAATTojkastl.de
- version update to 2.0.0.rc3
Mon Feb 22 13:00:00 2016 opensuse_buildserviceAATTojkastl.de
- update to 2.0.0 RC2
Thu Feb 18 13:00:00 2016 opensuse_buildserviceAATTojkastl.de
- update to version 2.0.0~rc1
Mon Feb 1 13:00:00 2016 opensuse_buildserviceAATTojkastl.de
- changed patch 0002-replaced-she-bangs-containing-usr-bin-python3-with-t.patch, so it does not change the python3 package name in the lxc-opensuse template, only files containing the /usr/bin/python3.4 shebang
Mon Feb 1 13:00:00 2016 opensuse_buildserviceAATTojkastl.de
- update to version 2.0.0-beta2
Tue Dec 22 13:00:00 2015 opensuse_buildserviceAATTojkastl.de
- small changes to spec: %if-condition \'%if 0%{?fedora} < 15 || 0%{?rhel} < 7\' does not work reliably, as this fires when fedora or rhel are not defined
Tue Dec 22 13:00:00 2015 opensuse_buildserviceAATTojkastl.de
- preparation for release of lxc 2.0:
* added tarball for beta1
* changed version to 2.0.0
* set beta_rel to beta1
Sat Dec 19 13:00:00 2015 opensuse_buildserviceAATTojkastl.de
- changed rpm macro %{defined rhel} to 0%{rhel} >= 7 to only use python stuff on CentOS/RHEL 7 or newer
Mon Dec 14 13:00:00 2015 opensuse_buildserviceAATTojkastl.de
- changed rpm macro \'centos_version\' to \'rhel\' to allow building for RHEL as well (untested)
Sat Dec 12 13:00:00 2015 opensuse_buildserviceAATTojkastl.de
- added patches and modified spec, to allow building on CentOS_7 where python3 is only available from EPEL as package python34 containing /usr/bin/python3.4
* 0001-fixing-PKG_CHECK_MODULES-to-work-with-python-3.4-on-.patch
* 0002-replaced-she-bangs-containing-usr-bin-python3-with-t.patch
Thu Nov 12 13:00:00 2015 opensuse_buildserviceAATTojkastl.de
- update to version 1.1.5
Core:
* Fix handling of process title rename (now only on >= 3.19 kernels)
* Several improvements to overlayfs/aufs handling
* Needed directories are created if missing
* Better handling of absolute paths
* Better handling of cloning overlayfs containers
* Ignore trailing /init.scope in cgroup paths (needed for newer systemd)
* Allow checkpoint/restore of containers using non-bridged veth devices
* Properly initialize error_num (exit code tracking for the container)
* lxc-usernsexec: Re-open fds 0,1,2 separately (only if stdin is a tty)
Init scripts:
* lxc-net: Start after network-online.target
Commands:
* lxc-start: Allow preserving the PID namespace too
Templates:
* archlinux: Fix systemd-sysctl service
* ubuntu-cloud: Use tar.xz tarballs by default (as tar.gz will soon be discontinued)
* ubuntu-cloud: Always exit 1 on error
plus earlier changes from versions 1.1.3 and 1.1.4
Sat Apr 18 14:00:00 2015 opensuse_buildserviceAATTojkastl.de
- update to version 1.1.2
* core: Fix non-tty stdin during attach
* core: Improved container logging
* core: Fix cgroup handling for unprivileged containers
* core: Properly destroy overlayfs based containers
* core: Fix some multi-threading issues
* core: Various fixes to checkpoint/restore with CRIU
* docs: Various manpage updates
* tests: Fix hang in apparmor test
* centos: Properly detect the yum version
* centos: Don\'t mistakenly change tty.conf of the host
* gentoo: Fix /dev/shm handling
- update to version 1.1.1
* config: Allow FUSE access by default (instead of individually in most templates)
* Make /proc/sys/net writable when using proc:mixed (required for network config)
* Set the process title of backgrounded LXC to an identifiable name
* Fix get_config_item with lxc.mount.auto
* Fix some tty issues with attach
* Add powerpc support to seccomp
* oracle: Fix unprivileged lxc-console
* centos: Fix unprivileged lxc-console
* plamo: Change way to create objects under /dev in the container
* lxc-top: Fix long container names rendering
* LVM: Use rdepends for non-thinpool container clones
* gentoo: Fix base image download
* Various manpages update
Tue Feb 3 13:00:00 2015 opensuse_buildserviceAATTojkastl.de
- restart boot.apparmor service after installation; restart code taken from apparmor package
Mon Feb 2 13:00:00 2015 opensuse_buildserviceAATTojkastl.de
- apparmor-parser is now required in 2.9 or higher, as lxc makes heavy use of abstractions
Fri Jan 30 13:00:00 2015 opensuse_buildserviceAATTojkastl.de
- Update to version 1.1.0
LXC 1.1 introduces checkpoint/restore support for containers through CRIU.
This allows to serialize the container running state to disk, for live migration or for later local restoration of the container.
Support for running systemd as the init system inside the container was also greatly improved and should now work by default both for privileged and unprivileged containers when combined with lxcfs and a recent systemd.
Init scripts have now all been updated to provide the same feature set, which means that a lxcbr0 bridge with a DHCP and DNS server (dnsmasq) is now the default for anyone using LXC.
We currently provide init scripts for systemd, sysvinit and upstart.
New features
* lxc-autostart: New -A/--ignore-auto flag (starts all containers)
* lxc-ls: New \"interface\" field
* centos/fedora: Added a root_password_expired environment variable (defaults to yes)
* oracle: Allow installing from arbitrary yum repositories (including medias)
* oracle: Add Oracle Linux 7 support
* lxc-ls: Allow filtering containers by group even without --fancy
* core: Add support for qcow2 images (through qemu-img)
* lxc-autostart: Add support for the NULL group (any container with lxc.start.auto set to 1 but without a group)
* core: Track an unexpanded version of the configuration as well as comments (improves formatting of the save configuration)
* opensuse: Switch to using common configurations
* core: Allow lxc.cap.keep be set to none
* archlinux: Switch to using common configurations
* ubuntu: use btrfs subvolumes and snapshots when available
* seccomp: Set a default seccomp profile for all distros (blocks dangerous syscalls)
* core: Add support for Openvswitch bridges
* core: Add support for lxc.environment (sets extra environment variables)
* init: Add identical support of systemd, upstart and sysvinit scripts
* core: Add support for checkpoint and restore of containers using CRIU
* core: Add a new aa_allow_incomplete flag to allow container startup with partial apparmor support
* lxc-lua: Now a C binary installed by default (was a lua script)
* API: Addition of attach_interface and detach_interface
* lxc-device: Now a C binary installed by default (was a python3 script)
* lxc-config: Now supports querying lxc.cgroup.(use|pattern)
* core: Add new lxc.init_cmd config option to override the default init command (/sbin/init)
* lxc-start-ephemeral: Add new --cdir option (copy-on-write mounts)
* opensuse: Support multiple releases
* core: lxc.include now allows including directories (includes all the files with a .conf suffix)
* core: A new common.conf.d configuration directory is available for users and packages to drop configuration snippets to be applied to all containers
* core: The container_ttys environment variable is now set by LXC
Change in behavior
* lxc-create now requires be passed (-t), use \"none\" for the old behavior.
* snapshots are now stored in the container\'s directory
* lxc.arch for PER_LINUX32 is now output as i686
* lxc-execute: lxc-init is now bind-mounted in the container if it can\'t be found
* lxc-start: containers now start daemonized by default
* core: pivot_root is now done with the use of lxc.pivotdir, as a result this option is now considered deprecated and will be removed in upcoming releases.
* core: with the switch to daemonized containers by default, close-all-fds is also now the default.
* core: lxc.autodev was reworked, it no longer uses /dev/lxc, instead mounting a tmpfs directly on the container\'s /dev, it also now works with unprivileged containers
* core: lxc.autodev is now on by default (can be overriden with lxc.autodev=0)
* core: lxc.kmsg is now disabled by default (can be overriden with lxc.kmsg=1)
* core: clear_config_item now exclusively affects lists (lxc_list) entries. set_config_item should be used for anything else.
* templates: All templates now use lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed (safe default configuration)
Tue Jan 27 13:00:00 2015 opensuse_buildserviceAATTojkastl.de
- slight adjustments to spec
Tue Jan 27 13:00:00 2015 opensuse_buildserviceAATTojkastl.de
- Update to 1.1.0~rc3
Mon Jan 26 13:00:00 2015 opensuse_buildserviceAATTojkastl.de
- Update to version 1.1.1~rc2
Fri Jan 23 13:00:00 2015 opensuse_buildserviceAATTojkastl.de
- added openSUSE_apparmor_mount.conf to allow running containers by setting lxc.aa_allow_incomplete = 1, as the apparmor patches regarding mount are not in the upstream kernel
Fri Jan 23 13:00:00 2015 opensuse_buildserviceAATTojkastl.de
- added dependency on correct lxc-libs version to the spec
Fri Jan 23 13:00:00 2015 opensuse_buildserviceAATTojkastl.de
- enabled python support, so lxc-ls does not lose functionality
Thu Jan 22 13:00:00 2015 opensuse_buildserviceAATTojkastl.de
- changed version to reflect rc1 correctly: 1.1.0~rc1
Thu Jan 22 13:00:00 2015 opensuse_buildserviceAATTojkastl.de
- changed release to include rc1
Thu Jan 22 13:00:00 2015 opensuse_buildserviceAATTojkastl.de
- update to 1.1.0-rc1
Fri Jan 16 13:00:00 2015 opensuse_buildserviceAATTojkastl.de
- openSUSE/SUSE related stuff without version check, except systemd-related things
Tue Dec 16 13:00:00 2014 opensuse_buildserviceAATTojkastl.de
- added excludes for rc
*links to avoid double packaging warnings
Tue Dec 16 13:00:00 2014 opensuse_buildserviceAATTojkastl.de
- Adding rclxc and rclxc-net links correctly
Tue Dec 16 13:00:00 2014 opensuse_buildserviceAATTojkastl.de
- Some Fedora/RHEL version require libcgroup, but the %if was not working properly. Fixed.
Tue Dec 16 13:00:00 2014 opensuse_buildserviceAATTojkastl.de
- systemd stuff including %preun and more stuff in %postun
Tue Dec 16 13:00:00 2014 opensuse_buildserviceAATTojkastl.de
- spec adjusted to version from upstream
Mon Dec 15 13:00:00 2014 opensuse_buildserviceAATTojkastl.de
- small changes to spec, to build correctly on 12.3
Tue Dec 9 13:00:00 2014 opensuse_buildserviceAATTojkastl.de
- changed spec to build on opensuse
- fixed suse-filelist-forbidden-move-to-usr error
Mon Dec 8 13:00:00 2014 opensuse_buildserviceAATTojkastl.de
- created new package for lxc 1.1, now with alpha3