Changelog for
lxc-2.1.1-2.24.x86_64.rpm :
* Tue Oct 31 2017 opensuse_buildserviceAATTojkastl.de- This is the first bugfix release for LXC 2.1. Bugfixes:
* apparmor: Drop useless apparmor denies
* cgfsng: Check whether we have a conf
* cgfsng: Fail when limits fail to apply
* conf: Error out on too many mappings
* conf: Ignore lxc.kmsg and lxc.pivotdir
* conf: Make update warning opt-in
* conf: Preserve newlines in configuration file
* conf: Remove dead assignments in parse_idmaps()
* conf: Remove unnecessary zeroing
* conf: Use the proper type for rlim_t, fixing build failure on x32.
* console: Clean tty state + return 0 on peer exit
* console: Remove dead assignments
* core: Introduce userns_exec_full() and port the codebase to it
* criu: Use correct check initialization check
* doc: Add lxc.cgroup.dir to Japanese lxc.container.conf(5)
* doc: Add lxc-update-config manpage
* doc: Document missing env variables
* doc: Fix regex-typo in Japanese and Korean lxc-monitor(1)
* doc: Fix regex-typo in lxc-monitor.sgml.in
* doc: Translate lxc(7) into Japanese
* doc: Translate lxc-update-config(1) into Japanese
* execute: Enable console & standard /dev symlinks
* init: Become session leader
* log: Fix a format string build failure on x32.
* log: Prevent stack smashing
* monitor: Remove dead assignment
* network: Add missing checks for empty links
* network: Clear ifindeces
* network: Non-functional changes
* network: Remove dead assignments
* network: Use single helper to delete networks
* start: Don\'t close inherited namespace fds
* start: Move env setup before container setup
* start: Pass LXC_LOG_LEVEL to hooks
* start: Remove dead variable
* start: Set environment variables correctly
* start: Switch ids at last possible instance
* storage: Avoid segfault on missing lxc.rootfs.path
* storage: Fix typo in error message
* storage/lvm: Fix thinpool logical volumes
* storage/overlay: Do not write to invalid memory
* storage/overlay: Fix use after free()
* storage/zfs: Return error directly when zfs creation fails
* template/alpine: Change file check to also check file size (-f => -s)
* template/archlinux: Change locale \"en-US.UTF-8\" to \"en_US.UTF-8\"
* template/debian: Don\'t force gettyAATT configuration
* template/plamo: Delete unnecessary process during container shutdown
* tests: Avoid NULL pointer dereference
* tests: Remove dead assignments
* tests: Support systemd hybrid cgroups
* tools: Print \"-devel\" when LXC_DEVEL is true
* tools/lxc-unshare: Do not pass NULL pointer
* tools/lxc-update-config: Remove lxc.pivotdir and lxc.kmsg entries
* tools/lxc-update-config: Strip lxc.rootfs.backend and properly handle IPv4 addresses
* tools/lxc-user-nic: Remove double initialization
* tools/lxc-usernsexec: Remove dead assignments
* utils: Do not write to 0 sized buffer
* utils: Duplicate stderr as well in lxc_popen()
* utils: Fix lxc_popen()/lxc_pclose()
* utils: Remove dead assignments in lxc_popen()
* Sun Sep 17 2017 opensuse_buildserviceAATTojkastl.de- extended GCC7 workaround to allow builds
* Thu Sep 14 2017 opensuse_buildserviceAATTojkastl.de- added %if to use /etc/default/lxc or /etc/sysconfig/lxc, depending on Suse-or-Not
* Wed Sep 13 2017 opensuse_buildserviceAATTojkastl.de- update to LXC 2.1 New Features: - Resource limit support - Support for unprivileged openvswitch networks - New lxc.cgroup.dir key - Support for hybrid cgroup layout - Limiting the number of ptys a container can allocate - bool lxc_config_item_is_supported(const char
*key) API extension - New log API extension - Deprecation of lxc-monitord - lxc-copy create snapshots on tmpfs Configuration changes: - Network configuration - Table of changed configuration keys (see release notes on https://linuxcontainers.org/lxc/news/) - lxc-update-config script - Deprecation warnings Changelog Core: - af unix: allow for maximum socket name - af_unix: abstract lxc_abstract_unix_{send,recv}_fd - android: add prlimit implementation for 32bit - API: expose function lxc_log_init - API: add lxc_config_item_is_supported() - caps: add lxc_{proc,file}_cap_is_set() - cgroups: handle hybrid cgroup layouts - commands: handle EINTR - commands: add lxc_cmd_state_server() - commands: switch api to new callback system - conf: implement resource limits - conf: check for {filecaps,setuid} on new{g,u}idmap - conf: use bind-mount for /dev/ptmx - conf: add MS_LAZYTIME to mount options - conf: don\'t send ttys when none are configured - conf: send ttys in batches of 2 - conf: log lxc-user-nic output - conf: refactor network deletion - conf: rework core functions - conf: improve lxc_map_ids() - conf: use minimal {g,u}id map - conf: allow writing uid mappings with euid != 0 - conf: unstack all mounts atop /dev/console - conf{,ile}: warn user once about legacy config - confile: add lxc_get_idmaps() - confile: rework + extend callback system - confile: performance tweaks - confile: add \"lxc.cgroup.dir\" - confile: list namespaced keys - confile: lxc_getconfig() -> lxc_get_config() - confile: improve get_network_config_ops() - confile: move lxc_list_net() - confile: lxc_listconfigs -> lxc_list_config_items - confile: rework lxc_list_net() - confile: lxc.seccomp --> lxc.seccomp.profile - confile: lxc.pts --> lxc.pty.max - confile: lxc.tty --> lxc.tty.max - confile: lxc.net.ipv6 --> lxc.net.ipv6.address - confile: lxc.net.ipv4 --> lxc.net.ipv4.address - confile: lxc.mount --> lxc.mount.fstab - confile: lxc.console --> lxc.console.path - confile: lxc.rootfs --> lxc.rootfs.path - confile: deprecate lxc.rootfs.backend - confile: rename lxc.utsname to lxc.uts.name - confile: rename lxc.devttydir to lxc.tty.dir - confile: namespace lxc.signal keys - confile: namespace lxc.log keys - confile: namespace lxc.init keys - confile: rename lxc.limit to lxc.prlimit - confile: remove lxc.pivotdir - confile: remove lxc.kmsg - confile: properly namespace security keys - doc: adapt to new configuration keys - devpts: use max= option on mount - lsm/AppArmor: Allow containers to start in AppArmor namespaces - lxccontainer: clear whole indexed networks - lxccontainer: switch api to new callback system - lxc-init: report exec
*() failure - lxc-user-nic: keep lines from other {users,links} - lxc-user-nic: fix adding database entries - lxc-user-nic: check db before trying to delete - lxc-user-nic: test privilege over netns on delete - lxc-user-nic: rework renaming net devices - lxc-user-nic: add new {create,delete} subcommands - monitor: simplify abstract socket logic - network: don\'t delete net devs we didn\'t create - network: remove allocation from lxc_mkifname() - network: remove netpipe - network: use correct network device name - network: stop recording saved physical net devices - network: retrieve correct names and ifindices - network: use static memory for net device names - network: retrieve the host\'s veth device ifindex - network: rework network creation - network: delete ovs for unprivileged networks - network: log ifindex - network: send ifindex for unpriv networks - network: return negative idx for legacy networks - network: test new network configuration parser - network: add new network parser - network: preserve backwards compatibility - network: add test-suite for configuration items - openvswitch: delete ports intelligently - README: add CII Best Practices badge to README - seccomp: set SCMP_FLTATR_ATL_TSKIP if available - start: generalize lxc_check_inherited() - start: use separate socket on daemonized start - start: switch from SOCK_DGRAM to SOCK_STREAM - start: don\'t let data_sock users close the fd - start: ensure cgroups are cleaned up - start: remove utmp watch - start: lxc_setup() after unshare(CLONE_NEWCGROUP) - start: dup std{in,out,err} to pty slave - start: add lxc_init_handler() - start: add lxc_free_handler() - start: pin rootfs when privileged - storage: add lxc_storage_get_path() - storage: add storage_utils.{c.h} - storage: add overlay as valid backend - storage: rename files \"bdev\" -> \"storage\" - storage/aufs: mark deprecated - storage/btrfs: rework btrfs storage driver - storage/loop: rework loop storage driver - storage/lvm: rework lvm backend - storage/overlay: rework overlay storage driver - storage/overlay: correctly restore from snapshot - storage/overlay: correctly handle dependency tracking - storage/rbd: rework rbd storage driver - storage/zfs: rework zfs storage driver - tests: add tests for lxc.cgroup.dir - test: add test to get subkeys - tests: add unit tests for idmap parser - tests: enforce all methods for config items - tree-wide: struct bdev -> struct lxc_storage - utils: add lxc_nic_exists() - utils: switch to has_fs_type() - utils: add has_fs_type() + is_fs_type() - utils: rework lxc_deslashify() - utils: lxc_make_abstract_socket_name() - utils: add lxc_safe_ulong() - utils: add lxc_unstack_mountpoint() Template: - templates/Alpine: Add support for ppc64le - templates/Alpine: use dl-cdn.a.o as default mirror instead of random one - templates/Alpine: add community repository to default repositories - templates/CentOS: use altarch mirror for CentOS on arches other than i386 and x86_64 - templates/CentOS: default to CentOS 7 - templates/debian: Use deb.debian.org as the default Debian mirror - templates/debian: jessie and stretch keyring support - templates/debian: Add buster as a valid release - templates/opensuse: support leap 42.3 - templates/opensuse: fix tumbleweed software selection - templates/opensuse: add Tumbleweed as supported release - templates/ubuntu: support netplan in newer releases by default - templates/ubuntu: conditionally move upstart ssh job, as it is now optional. - userns.conf: remove obsolete bind-mounts Tools: - lxc-execute: print error message when failed - lxc-update-config: handle legacy networks - tools: add additional cgroup checks - tools: add lxc-update-config.in - tools/lxc-attach: allow for situations without /dev/tty - tools/lxc-checkconfig: Add CONFIG_NETFILTER_XT_MATCH_COMMENT - tools/lxc-checkconfig: verify new[ug]idmap are setuid-root - tools/lxc-ls: return all containers by default, new filter - list only defined containers.
* Mon May 15 2017 kastlAATTsuse- update to version 2.0.8 Important: Security fix for CVE-2017-5985 All templates have been updated to not set default passwords anymore, instead requiring lxc-attach be used to configure users. This may affect some automated environments that were relying on our default (very much insecure) users. Bugfixes: Make lxc-start-ephemeral Python 3.2-compatible Fix typo Allow build without sys/capability.h lxc-opensuse: fix default value for release code util: always malloc for setproctitle util: update setproctitle comments confile: clear lxc.network..ipv{4,6} when empty lxc_setup_tios(): Ignore SIGTTOU and SIGTTIN signals Make lxc-net return non-zero on failure seccomp: allow x32 guests on amd64 hosts. Add HAVE_LIBCAP c/r: only supply --ext-mount-map for bind mounts Added \'mkdir -p\' functionality in create_or_remove_cgroup Use LXC_ROOTFS_MOUNT in clonehostname hook squeeze is not a supported release anymore, drop the key start: dumb down SIGCHLD from WARN() to NOTICE() log: fix lxc_unix_epoch_to_utc() cgfsng: make trim() safer seccomp: set SCMP_FLTATR_ATL_TSKIP if available lxc-user-nic: re-order #includes lxc-user-nic: improve + bugfix lxc-user-nic: delete link on failure conf: only try to delete veth when privileged Fix lxc-containers to support multiple bridges Fix mixed tab/spaces in previous patch lxc-alpine: use dl-cdn.a.o as default mirror instead of random one lxc-checkconfig: verify new[ug]idmap are setuid-root [templates] archlinux: resolve conflicting files [templates] archlinux: noneed default_timezone variable python3: Deal with potential NULL char
* lxc-download.in / allow setting keyserver from env lxc-download.in / Document keyserver change in help Change variable check to match existing style tree-wide: include directly conf/ile: make sure buffer is large enough tree-wide: include directly tests: Support running on IPv6 networks tests: Kill containers (don\'t wait for shutdown) Fix opening wrong file in suggest_default_idmap do not set the root password in the debian template do not set insecure passwords don\'t set a default password for altlinux, gentoo, openmandriva and pld tools: exit with return code of lxc_execute() Keep veth.pair.name on network shutdown Makefile: fix static clang init.lxc build Avoid waiting for bridge interface if disabled in sysconfig/lxc | lxc-net via USE_LXC_BRIDGE Increased buffer length in print_stats() avoid assigning to a variable which is not POSIX shell proof (bug #1498) remove obsolete note about api stability conf: less error prone pointer access conf: lxc_map_ids() non-functional changes caps: add lxc_{proc,file}_cap_is_set() conf: check for {filecaps,setuid} on new{g,u}idmap conf: improve log when mounting rootfs ls: simplify the judgment condition when list active containers fix typo introduced in #1509 attach|unshare: fix the wrong comment caps: skip file capability checks on android autotools: check for cap_get_file caps: return false if caps are not supported conf: non-functional changes to setup_pts() conf: use bind-mount for /dev/ptmx conf: non-functional changes utils: use loop device helpers from LXD create ISSUE_TEMPLATE.md cgroups: improve cgfsng debugging issue template: fix typo conf: close fd in lxc_setup_devpts() conf: non-functional changes utils: tweak lxc_mount_proc_if_needed() Change sshd template to work with Ubuntu 17.04 conf: order mount options conf: add MS_LAZYTIME to mount options monitor: report errno on exec() error af unix: allow for maximum socket name commands: avoid NULL pointer dereference commands: non-functional changes lxccontainer: avoid NULL pointer dereference monitor: simplify abstract socket logic precise is not the latest LTS, let\'s use xenial instead fix the wrong exit status conf: non-functional changes lxc_fill_autodev() conf: remove /dev/console from lxc_fill_autodev() conf: non-functional changes lxc_setup() conf: non-functional changes to console functions conf: improve lxc_setup_dev_console() conf: lxc_setup_ttydir_console() config: remove /dev/console bind mount doc: document console behavior utils: add lxc_unstack_mountpoint() conf: unstack all mounts atop /dev/console console: fail when we cannot allocate peer tty start: remove umount2() conf: non-functional changes utils: handle > 2^31 in lxc_unstack_mountpoint() Install systemd units for CentOS Merge ubuntu and debiancase start: add crucial details about lxc_spawn() Deleted patches that have been included upstream: - 0010-tree-wide-include-sys-sysmacros.h-directly.patch - 0011-tree-wide-include-sys-sysmacros.h-directly.patch
* Wed Mar 29 2017 opensuse_buildserviceAATTojkastl.de- backported two patches to get the package to build again for Tumbleweed (applied only on tumbleweed aka suse_version >1315) 0010-tree-wide-include-sys-sysmacros.h-directly.patch 0011-tree-wide-include-sys-sysmacros.h-directly.patch
* Tue Jan 24 2017 opensuse_buildserviceAATTojkastl.de- update to version 2.0.7 This is the seventh bugfix release for LXC 2.0. The main bugfixes in this release are: - attach: Close lsm label file descriptor - attach: Non-functional changes - attach: Simplify lsm_openat() - caps: Add lxc_cap_is_set() - conf: attach: Save errno across call to close - conf: Clearly report to either use drop or keep - conf: criu: Add make_anonymous_mount_file() - conf: Fix suggest_default_idmap() - configure: Add --enable-gnutls option - configure: Check for memfd_create() - configure: Check whether gettid() is declared - configure: Do not allow variable length arrays - configure: Remove -Werror=vla - configure: Use AC_HEADER_MAJOR to detect major()/minor()/makedev() - conf: Non-functional changes - conf: Remove thread-unsafe strsignal + improve log - init: Add cgroupfs-mount to Should-Start/Stop sysvinit LSB headers - log: Add lxc_unix_epoch_to_utc() - log: Annotate lxc_unix_epoch_to_utc() - log: Drop all timezone conversion functions - log: Make sure that date is correctly formatted - log: Use lxc_unix_epoch_to_utc() - log: Use N/A if getpid() != gettid() when threaded - log: Use thread-safe localtime_r() - lvm: Supress warnings about leaked files - lxccontainer: Log failure to send sig to init pid - monitor: Add more logging - monitor: Close mainloop on exit if we opened it - monitor: Improve log + set log level to DEBUG - monitor: Log which pipe fd is currently used - monitor: Make lxc-monitord async signal safe - monitor: Non-functional changes - python3-lxc: Fix api_test.py on s390x - start: Check for CAP_SETGID before setgroups() - start: Fix execute and improve setgroups() calls - state: Use async signal safe fun in lxc_wait() - templates: lxc-debian: Don\'t try to get stuff from /usr/lib/systemd on the host - templates: lxc-debian: Fix getty service startup - templates: lxc-debian: Fix typo in calling dpkg with --print-foreign-architectures option - templates: lxc-debian: Handle ppc hostarch -> powerpc - templates: lxc-opensuse: Change openSUSE default release to Leap 42.2 - templates: lxc-opensuse: Remove libgcc_s1 - templates: lxc-opensuse: Remove poweroff.target -> sigpwr.target copy - templates: lxc-opensuse: Set to be unconfined by AppArmor - templates: lxc-opensuse: Update for Leap 42.2 - tests; Don\'t cause test failures on cleanup errors - tests: Skip unpriv tests on broken overlay module - tools: Improve logging - tools: lxc-start: Remove c->is_defined(c) check - tools: lxc-start: Set configfile after load_config - tools: Only check for O_RDONLY - tree-wide: Random macro cleanups - tree-wide: Remove any variable length arrays - tree-wide: Sic semper assertis! - utils: Add macro __LXC_NUMSTRLEN - utils: Add uid, gid, group convenience wrappers
* Sat Nov 26 2016 opensuse_buildserviceAATTojkastl.de- deleted patch 0003-Changed-shebang-in-src-python-lxc-examples-api_test..patch- adapted patches 0002 to 0005 to work with version 2.0.6
* Sat Nov 26 2016 opensuse_buildserviceAATTojkastl.de- added libtool as BuildRequires on
*SUSE
* Sat Nov 26 2016 opensuse_buildserviceAATTojkastl.de- Update to version 2.0.6 Important: Security fix for CVE-2016-8649 Bugfixes: utils: make detect_ramfs_rootfs() return bool tests: add test for detect_ramfs_rootfs() add Documentation entries to lxc and lxcAATT units mark the python examples as having utf-8 encoding log: sanity check the returned value from snprintf() lxc-alpine: mount /dev/shm as tmpfs archlinux: Do DHCP on eth0 archlinux: Fix resolving Drop leftover references to lxc_strerror() tests: fix image download for s390x tools: fix coding style in lxc_attach tools: make overlay valid backend tools: better error reporting for lxc-start alpine: Fix installing extra packages lxc-alpine: do not drop setfcap s390x: Fix seccomp handling of personalities tools: correct the argument typo in lxc_copy Use libtool for liblxc.so c/r: use --external instead of --veth-pair c/r: remember to increment netnr c/r: add checkpoint/restore support for macvlan interfaces ubuntu: Fix package upgrades requiring proc c/r: drop duplicate hunk from macvlan case c/r: use snprintf to compute device name Tweak libtool handling to work with Android tests: add lxc_error() and lxc_debug() container start: clone newcgroup immediately use python3_sitearch for including the python code fix rpm build, include all built files, but only once cgfs: fix invalid free() find OpenSUSE\'s build also as obs-build improve help text for --fancy and --fancy-format improve wording of the help page for lxc-ls cgfs: add print_cgfs_init_debuginfo() cgfs: skip empty entries under /proc/self/cgroup cgfs: explicitly check for NULL tools: use correct exit code for lxc-stop c/r: explicitly emit bind mounts as criu arguments log: bump LXC_LOG_BUFFER_SIZE to 4096 conf: merge network namespace move & rename on shutdown c/r: save criu\'s stdout during dump too c/r: remove extra \
s from logs c/r: fix off-by-one error c/r: check state before doing a checkpoint/restore start: CLONE_NEWCGROUP after we have setup cgroups create symlink for /var/run utils: add lxc_append_string() cgroups: remove isolated cpus from cpuset.cpus Update Ubuntu release name: add zesty and remove wily templates: add squashfs support to lxc-ubuntu-cloud.in cgroups: skip v2 hierarchy entry also stop lxc-net in runlevels 0 and 6 add lxc.egg-info to gitignore install bash completion where pkg-config tells us to conf: do not use %m format specifier debian: Don\'t depend on libui-dialog-perl cgroups: use %zu format specifier to print size_t lxc-checkpoint: automatically detect if --external or --veth-pair cgroups: prevent segfault in cgfsng utils: add lxc_preserve_ns() start: add netnsfd to lxc_handler conf: use lxc_preserve_ns() attach: use lxc_preserve_ns() lxc_user_nic: use lxc_preserve_ns() conf, start: improve log output conf: explicitly remove veth device from host conf, start: be smarter when deleting networks start, utils: improve preserve_ns() start, error: improve log + non-functional changes start, namespace: move ns_info to namespace.{c,h} attach, utils: bugfixes attach: use ns_info[LXC_NS_MAX] struct namespace: always attach to user namespace first cgroup: improve isolcpus handling cgroups: handle non-existent isolcpus file utils: add lxc_safe_uint() tests: add unit tests for lxc_safe_uint() utils: add lxc_safe_int() tests: add unit tests for lxc_safe_int() conf/ile: get ip prefix via lxc_safe_uint() confile: use lxc_safe_u/int in config_init_{u,g}id conf/ile: use lxc_safe_uint() in config_pts() conf/ile: use lxc_safe_u/int() in config_start() conf/ile: use lxc_safe_uint() in config_monitor() conf/ile: use lxc_safe_uint() in config_tty() conf/ile: use lxc_safe_uint() in config_kmsg() conf/ile: avoid atoi in config_lsm_aa_incomplete() conf/ile: use lxc_safe_uint() in config_autodev() conf/ile: avoid atoi() in config_ephemeral() utils: use lxc_safe_int() lxc_monitord: use lxc_safe_int() && use exit() start: use lxc_safe_int() conf: use lxc_safe_{u}int() tools/lxc_execute: use lxc_safe_uint() tools/lxc_stop: use lxc_safe_uint() utils: add lxc_safe_long() tests: add unit tests for lxc_safe_long() tools/lxc_stop: use lxc_safe_long() tools/lxc_top: use lxc_safe_int() tools/lxc_ls: use lxc_safe_uint() tools/lxc_autostart: use lxc_safe_{int,long}() tools/lxc_console: use lxc_safe_uint() tools: replace non-standard namespace identifiers Configure a static MAC address on the LXC bridge tests: remove overflow tests attach: do not send procfd to attached process
* Sat Nov 26 2016 opensuse_buildserviceAATTojkastl.de- delete patch 0002-replaced-she-bangs-containing-usr-bin-python3-with-t.patch- split up the deleted patch in single patches to make it easier to maintain - 0002-Changed-shebang-in-src-lxc-tools-lxc-start-ephemeral.patch - 0003-Changed-shebang-in-src-python-lxc-examples-api_test..patch - 0004-Changed-shebang-in-src-python-lxc-examples-pyconsole.patch - 0005-Changed-shebang-in-src-python-lxc-examples-pyconsole.patch - 0006-Changed-shebang-in-src-src-python-lxc-setup.py.in-to.patch
* Fri Oct 07 2016 opensuse_buildserviceAATTojkastl.de- update to version 2.0.5 This is the fifth bugfix release for LXC 2.0. The main bugfixes in this release are: Fix .gitignore after /tools/ split Add lxc-test-utils to .gitignore bdev: use correct overlay module name cleanup: tools: remove --name from lxc-top usage message cleanup: whitespaces in option alignment for lxc-execute Use full GPG fingerprint instead of long IDs. tools: move --rcfile to the common options list tools: set configfile after load_config doc: add --rcfile to common opts doc: Update Korean lxc-attach(1) doc: Add --rcfile to Korean common opts doc: Add --rcfile to Japanese common opts tools: use exit(EXIT_
*) everywhere tools: unify exit() calls outside of main() utils: Add mips signalfd syscall numbers seccomp: Implement MIPS seccomp handling seccomp: Add mips and mips64 entries to lxc_config_parse_arch seccomp: fix strerror() confile: add more archs to lxc_config_parse_arch() seccomp: add support for s390x seccomp: remove double include and order includes seccomp: non functional changes templates: use fd 9 instead of 200 templates: fedora requires openssl binary tools: use boolean for ret in lxc_device.c c/r: use /proc/self/tid/children instead of pidfile c/r: Fix pid_t on some arches templates: Add mips hostarch detection to debian cleanup: replace tabs wth spaces in usage strings remove extra \'ret\' c/r: write status only after trying to parse the pid set FULL_PATH_NAMES=NO in doc/api/Doxyfile templates: rm halt.target -> sigpwr.target symlink templates: remove creation of bogus directory console: use correct log name configure: add --disable-werror tests: fix get_item tests templates: use correct cron version in alpine template c/r: zero a smaller than known migrate_opts struct lxczfs: small fixes c/r: free valid_opts if necessary make rsync deal with sparse files efficiently lxc-create -t debian fails on ppc64el arch c/r: fix typo in comment cgroup: add new functions for interacting with hierachies utils: add lxc_deslashify c/r: pass --cgroup-roots on checkpoint cgroup: get rid of weird hack in cgfsng_escape cgroup: drop cgroup_canonical_path c/r: check that cgroup_num_hierarchies > 0 tools: do not add trailing spaces on lxc-ls -1 conf: retrieve mtu from netdev->link conf: try to retrieve mtu from veth c/r: detatch from controlling tty on restore Fix null derefence if attach is called without access to any tty utils: fix lxc_string_split() tools: lxc_deslashify() handle special cases tests: add unit tests for lxc_deslashify() Fix for ALTLinux container creation in all branches utils: lxc_deslashify() free memory Fix spelling of CentOS in the templates Define LXC_DEVEL to detect development releases tools: lxc-checkconfig conditionalize devpts check
* Wed Aug 17 2016 opensuse_buildserviceAATTojkastl.de- adapted patch 0002-replaced-she-bangs-containing-usr-bin-python3-with-t.patch to work with lxc version 2.0.4
* Wed Aug 17 2016 opensuse_buildserviceAATTojkastl.de- update to version 2.0.4 The main bugfixes in this release are: core: Add a prefix to the lxc.pc core: Add flag in mount_entry to skip NODEV in case of a persistent dev entry core: Add missing cgroup namespace to ns_info struct core: attach: setns instead of unshare in lxc-attach core: bdev: Add subdirectories to search path core: bdev: Be smarter about btrfs subvolume detection core: cgfsng: Don\'t pre-calculate path core: cgfsng: Fix is_lxcfs() and is_cgroupfs() core: cgroups: Move cgroup files to common subfolder core: conf: Set pty_info to NULL after free core: Detect if we should send SIGRTMIN+3 core: Replace readdir_r() with readdir() core: Set up MTU for vlan-type interfaces. core: tools, tests: Reorganize repo c/r: Add support for CRIU\'s --action-script c/r: Add support for ghost-limit in CRIU c/r: Drop in-flight connections during CRIU dump c/r: Initialize migrate_opts properly c/r: Make local function static c/r: Replace tmpnam() with mkstemp() c/r: Store criu version c/r: Use PRIu64 format specifier doc: Fix typo found by lintian doc: Update Japanese lxc-attach(1) doc: Update lxc-attach(1) lxc-attach: Add -f option (rcfile) lxc-attach: Cleanup whitespaces lxc-create: Add missing newline in output lxc-ls: Use correct runtime path templates: alpine: Add support for new arch templates: alpine: Mount tmpfs under /run templates: debian: Add more quotes to variables (at least $rootfs should now be covered) templates: debian: Avoid noisy perl warnings caused by missing locales templates: debian: fix regression when creating wheezy containers templates: debian: Make shellcheck (Ubuntu: 0.3.7-5 amd64) most possible happy tests: Add unit tests for lxc_string_in_array() tests: Add unit tests for lxc_string_replace()
* Wed Jun 29 2016 opensuse_buildserviceAATTojkastl.de- update to version 2.0.3 The main bugfixes in version 2.0.3 are: - apparmor: Refresh generated file The main bugfixes in version 2.0.2 were: - apparmor: add make-rslave to usr.bin.lxc-start - apparmor: Allow bind-mounts and {r}shared/{r}private - apparmor: allow mount move - apparmor: Update mount states handling - core: Drop lxc-devsetup as unneeded by current autodev - core: Fix redefinition of struct in6_addr - core: Include all lxcmntent.h function declarations on Bionic - c/r: c/r: use criu\'s \"full\" mode for cgroups - systemd: start containers in foreground when using the lxcAATT.service - templates: debian: Make sure init is installed - templates: oracle: Fix console login - templates: plamo: Fix various issues - templates: ubuntu: Install apt-transport-https by default - travis: ensure \'make install\' doesn\'t fail - travis: test VPATH builds - upstart: Force lxc-instance to behave like a good Upstart client
* Tue Jun 28 2016 opensuse_buildserviceAATTojkastl.de- lxc-devsetup was dropped from the package, thus now removed from %files section
* Tue Jun 28 2016 opensuse_buildserviceAATTojkastl.de- update to version 2.0.2 (changelog not yet available)
* Sat May 28 2016 opensuse_buildserviceAATTojkastl.de- removed dependency on libcap on
*SUSE, as libcap does not provide this any more and libcap-devel should pull in all needed packages
* Tue May 17 2016 opensuse_buildserviceAATTojkastl.de- bugfix release 2.0.1 apparmor: Also allow fstype=fuse for fuse filesystems attach: adapt lxc-attach tests & add test for pty logging attach: don\'t fail attach on failure to setup a SIGWINCH handler. attach: fix a variety of lxc-attach pts handling issues attach: switch console pty to raw mode (fixes ncurses-based programs) attach: use raw settings of ssh for pty bindings: fixed python-lxc reference to var before assignment in create() bindings: set PyErr when Container.__init__ fails cgfsng: defer to cgfs if needed subsystems are not available cgfsng: don\'t require that systemd subsystem be mounted core: Added missing type to keys in lxc_list_nicconfigs core: Allow configuration file values to be quoted core: log: remove duplicate definitons and bump buffer size core: sync: properly fail on unexpected message sizes core: Unshare netns after setting the userns mappings (fixes ownership of /proc/net) core: various fixes as reported by static analysis c/r: add an option to use faster inotify support in CRIU c/r: rearrange things to pass struct migrate_opts all the way down doc: ignore temporary files generated by doxygen doc: tweak manpage generation date to be compatible with reproducible builds doc: update MAINTAINERS doc: update to translated manpages init: add missing lsb headers to sysvinit scripts init: don\'t make sysv init scripts dependant on distribution specifics init: drop obsolete syslog.target from lxc.service.in lxc-attach: add logging option to manpage lxc-checkconfig: better render when stdout isn\'t a terminal lxc-create: fix -B best option lxc-destroy: avoid double print lxc-ls: use fewer syscalls when doing ipc templates: Add apt-transport-https to minbase variant of Ubuntu template templates: fix a typo in the capabilities name for Gentoo (sys_resource) templates: logic fix in the Centos template for RHEL7+ support templates: tweak Alpine DHCP configuration to send its hostname templates: tweak to network configuration of the Oracle template
* Thu Apr 07 2016 opensuse_buildserviceAATTojkastl.de- Released Version 2.0.0 Highlights All main LXC commands have now been rewritten in C lxc-ls lxc-device lxc-copy New lxc-copy command taking over the role of lxc-clone and lxc-start-ephemeral Much improved support for checkpoint/restore of containers Completely reworked cgroup handling including support for the cgroup namespace The various command line tools are now much more consistent Re-organized storage backend implementation, including addition of a Ceph RBD backend An enormous amount of bugfixes, most of which will be backported to 1.0 and 1.1 over the next few bugfix releases The C API remains backward compatible with previous versions and is released as 1.2 New configuration options lxc.ephemeral: Controls whether the container is ephemeral and so will be destroyed on shutdown lxc.rebootsignal: Allows to override the signal sent for container reboot lxc.hook.destroy: New hook being called on container destruction lxc.hook.stop: Run in the host context with references to the containers just before namespace teardown lxc.init_uid: Used by lxc-execute to set an alternative user lxc.init_gid: Used by lxc-execute to set an alternative group lxc.monitor.unshare: Allows unsharing the mount namespace prior to running any hook New features API: API version is 1.2, fully backward compatible with 1.1 and 1.0 new symbols: New migrate() symbol as an alternative to checkpoint() using a migrate_opts struct to simplify additions python3 Support for passing the storage backend to create() lua Add support for get_ips() Add support for get_interfaces() Add support for rename() Core: cgfsng: New cgroup backend driver for recent Linux kernel cgroup: Partial support for the new cgroup hierarchy cgroup: Support for the cgroup namespace checkpoint: Support checkpoint/restore of default LXC containers checkpoint: Support checkpoint/restore of unprivileged containers checkpoint: Support for the page server config: lxc.aa_profile: Now supports an \"unchanged\" value config: lxc.init_cmd: Now supports arguments config: lxc.network.macvlan.mode: Added support for the \"passthru\" mode config: lxc.rootfs.backend: Allows to override the storage backend (bypasses auto-detection) config: New nesting.conf configuration file to setup container nesting hooks: New LXC_CGNS_AWARE environment variable, set to 1 if LXC supports the cgroup namespace (the kernel however may not) hooks: New LXC_SRC_NAME environment variable is set in clone hook with the original container name hooks: New LXC_TARGET environment variable is set with the container goal (stop or reboot) logging: Updated logging timestamps to be a bit more readable lxc-usernet: Support for containers usning a veth interface without bridging lxc-usernet: Support for group-based quotas (use the AATT prefix) network: The bridge interface MTU is now used as the default container interface MTU start: The process title is now renamed to be easier to read storage: New Ceph RBD storage backend Documentation: Korean translation of all the man pages Commands: lxc-attach: Use an intermediate pts device to prevent attacks against the parent shell lxc-clone: Support for renaming containers lxc-start-ephemeral: Support for changing bind-mount targets Init systems: systemd: Support for instanced service units Templates New ALTLinux template New Slackware template New SPARCLinux template alpine: Support installing extra packages debian: Default to just \"main\" enabled, allow enabling other repositories through argument oracle: Set the timezone in the container openssh: Add OpenSSH support ubuntu: New -v option allowing the user to set the debootstrap variant ubuntu-cloud: Support for vendor-data passthrough Change in behavior¶ The lxc-autostart container startup order is now reversed (to be correct) The new cgfsng cgroup backend is now the recommended backend lxc.hook.post-stop failures are now fatal to container reboots
* Fri Apr 01 2016 opensuse_buildserviceAATTojkastl.de- update to version 2.0.0.rc15
* Wed Mar 30 2016 opensuse_buildserviceAATTojkastl.de- update to version 2.0.0.rc14
* Wed Mar 23 2016 opensuse_buildserviceAATTojkastl.de- update to version 2.0.0.rc13
* Tue Mar 22 2016 opensuse_buildserviceAATTojkastl.de- update to version 2.0.0.rc12
* Fri Mar 18 2016 opensuse_buildserviceAATTojkastl.de- defined macro for /etc/sysconfig or /etc/default on openSUSE or CentOS, to get the lxc-net file in the right place
* Fri Mar 18 2016 opensuse_buildserviceAATTojkastl.de- update to version 2.0.0.rc11
* Sat Mar 12 2016 opensuse_buildserviceAATTojkastl.de- update to version 2.0.0.rc10
* Wed Mar 09 2016 opensuse_buildserviceAATTojkastl.de- update to version 2.0.0.rc9
* Sun Mar 06 2016 opensuse_buildserviceAATTojkastl.de- update to version 2.0.0.rc5
* Sat Feb 27 2016 opensuse_buildserviceAATTojkastl.de- update to version 2.0.0.rc4
* Thu Feb 25 2016 opensuse_buildserviceAATTojkastl.de- version update to 2.0.0.rc3
* Mon Feb 22 2016 opensuse_buildserviceAATTojkastl.de- update to 2.0.0 RC2
* Thu Feb 18 2016 opensuse_buildserviceAATTojkastl.de- update to version 2.0.0~rc1
* Mon Feb 01 2016 opensuse_buildserviceAATTojkastl.de- changed patch 0002-replaced-she-bangs-containing-usr-bin-python3-with-t.patch, so it does not change the python3 package name in the lxc-opensuse template, only files containing the /usr/bin/python3.4 shebang
* Mon Feb 01 2016 opensuse_buildserviceAATTojkastl.de- update to version 2.0.0-beta2
* Tue Dec 22 2015 opensuse_buildserviceAATTojkastl.de- small changes to spec: %if-condition \'%if 0%{?fedora} < 15 || 0%{?rhel} < 7\' does not work reliably, as this fires when fedora or rhel are not defined
* Tue Dec 22 2015 opensuse_buildserviceAATTojkastl.de- preparation for release of lxc 2.0:
* added tarball for beta1
* changed version to 2.0.0
* set beta_rel to beta1
* Sat Dec 19 2015 opensuse_buildserviceAATTojkastl.de- changed rpm macro %{defined rhel} to 0%{rhel} >= 7 to only use python stuff on CentOS/RHEL 7 or newer
* Mon Dec 14 2015 opensuse_buildserviceAATTojkastl.de- changed rpm macro \'centos_version\' to \'rhel\' to allow building for RHEL as well (untested)
* Sat Dec 12 2015 opensuse_buildserviceAATTojkastl.de- added patches and modified spec, to allow building on CentOS_7 where python3 is only available from EPEL as package python34 containing /usr/bin/python3.4
* 0001-fixing-PKG_CHECK_MODULES-to-work-with-python-3.4-on-.patch
* 0002-replaced-she-bangs-containing-usr-bin-python3-with-t.patch
* Thu Nov 12 2015 opensuse_buildserviceAATTojkastl.de- update to version 1.1.5 Core:
* Fix handling of process title rename (now only on >= 3.19 kernels)
* Several improvements to overlayfs/aufs handling
* Needed directories are created if missing
* Better handling of absolute paths
* Better handling of cloning overlayfs containers
* Ignore trailing /init.scope in cgroup paths (needed for newer systemd)
* Allow checkpoint/restore of containers using non-bridged veth devices
* Properly initialize error_num (exit code tracking for the container)
* lxc-usernsexec: Re-open fds 0,1,2 separately (only if stdin is a tty) Init scripts:
* lxc-net: Start after network-online.target Commands:
* lxc-start: Allow preserving the PID namespace too Templates:
* archlinux: Fix systemd-sysctl service
* ubuntu-cloud: Use tar.xz tarballs by default (as tar.gz will soon be discontinued)
* ubuntu-cloud: Always exit 1 on error plus earlier changes from versions 1.1.3 and 1.1.4
* Sat Apr 18 2015 opensuse_buildserviceAATTojkastl.de- update to version 1.1.2
* core: Fix non-tty stdin during attach
* core: Improved container logging
* core: Fix cgroup handling for unprivileged containers
* core: Properly destroy overlayfs based containers
* core: Fix some multi-threading issues
* core: Various fixes to checkpoint/restore with CRIU
* docs: Various manpage updates
* tests: Fix hang in apparmor test
* centos: Properly detect the yum version
* centos: Don\'t mistakenly change tty.conf of the host
* gentoo: Fix /dev/shm handling- update to version 1.1.1
* config: Allow FUSE access by default (instead of individually in most templates)
* Make /proc/sys/net writable when using proc:mixed (required for network config)
* Set the process title of backgrounded LXC to an identifiable name
* Fix get_config_item with lxc.mount.auto
* Fix some tty issues with attach
* Add powerpc support to seccomp
* oracle: Fix unprivileged lxc-console
* centos: Fix unprivileged lxc-console
* plamo: Change way to create objects under /dev in the container
* lxc-top: Fix long container names rendering
* LVM: Use rdepends for non-thinpool container clones
* gentoo: Fix base image download
* Various manpages update
* Tue Feb 03 2015 opensuse_buildserviceAATTojkastl.de- restart boot.apparmor service after installation; restart code taken from apparmor package
* Mon Feb 02 2015 opensuse_buildserviceAATTojkastl.de- apparmor-parser is now required in 2.9 or higher, as lxc makes heavy use of abstractions
* Fri Jan 30 2015 opensuse_buildserviceAATTojkastl.de- Update to version 1.1.0 LXC 1.1 introduces checkpoint/restore support for containers through CRIU. This allows to serialize the container running state to disk, for live migration or for later local restoration of the container. Support for running systemd as the init system inside the container was also greatly improved and should now work by default both for privileged and unprivileged containers when combined with lxcfs and a recent systemd. Init scripts have now all been updated to provide the same feature set, which means that a lxcbr0 bridge with a DHCP and DNS server (dnsmasq) is now the default for anyone using LXC. We currently provide init scripts for systemd, sysvinit and upstart. New features
* lxc-autostart: New -A/--ignore-auto flag (starts all containers)
* lxc-ls: New \"interface\" field
* centos/fedora: Added a root_password_expired environment variable (defaults to yes)
* oracle: Allow installing from arbitrary yum repositories (including medias)
* oracle: Add Oracle Linux 7 support
* lxc-ls: Allow filtering containers by group even without --fancy
* core: Add support for qcow2 images (through qemu-img)
* lxc-autostart: Add support for the NULL group (any container with lxc.start.auto set to 1 but without a group)
* core: Track an unexpanded version of the configuration as well as comments (improves formatting of the save configuration)
* opensuse: Switch to using common configurations
* core: Allow lxc.cap.keep be set to none
* archlinux: Switch to using common configurations
* ubuntu: use btrfs subvolumes and snapshots when available
* seccomp: Set a default seccomp profile for all distros (blocks dangerous syscalls)
* core: Add support for Openvswitch bridges
* core: Add support for lxc.environment (sets extra environment variables)
* init: Add identical support of systemd, upstart and sysvinit scripts
* core: Add support for checkpoint and restore of containers using CRIU
* core: Add a new aa_allow_incomplete flag to allow container startup with partial apparmor support
* lxc-lua: Now a C binary installed by default (was a lua script)
* API: Addition of attach_interface and detach_interface
* lxc-device: Now a C binary installed by default (was a python3 script)
* lxc-config: Now supports querying lxc.cgroup.(use|pattern)
* core: Add new lxc.init_cmd config option to override the default init command (/sbin/init)
* lxc-start-ephemeral: Add new --cdir option (copy-on-write mounts)
* opensuse: Support multiple releases
* core: lxc.include now allows including directories (includes all the files with a .conf suffix)
* core: A new common.conf.d configuration directory is available for users and packages to drop configuration snippets to be applied to all containers
* core: The container_ttys environment variable is now set by LXC Change in behavior
* lxc-create now requires be passed (-t), use \"none\" for the old behavior.
* snapshots are now stored in the container\'s directory
* lxc.arch for PER_LINUX32 is now output as i686
* lxc-execute: lxc-init is now bind-mounted in the container if it can\'t be found
* lxc-start: containers now start daemonized by default
* core: pivot_root is now done with the use of lxc.pivotdir, as a result this option is now considered deprecated and will be removed in upcoming releases.
* core: with the switch to daemonized containers by default, close-all-fds is also now the default.
* core: lxc.autodev was reworked, it no longer uses /dev/lxc, instead mounting a tmpfs directly on the container\'s /dev, it also now works with unprivileged containers
* core: lxc.autodev is now on by default (can be overriden with lxc.autodev=0)
* core: lxc.kmsg is now disabled by default (can be overriden with lxc.kmsg=1)
* core: clear_config_item now exclusively affects lists (lxc_list) entries. set_config_item should be used for anything else.
* templates: All templates now use lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed (safe default configuration)
* Tue Jan 27 2015 opensuse_buildserviceAATTojkastl.de- slight adjustments to spec
* Tue Jan 27 2015 opensuse_buildserviceAATTojkastl.de- Update to 1.1.0~rc3
* Mon Jan 26 2015 opensuse_buildserviceAATTojkastl.de- Update to version 1.1.1~rc2
* Fri Jan 23 2015 opensuse_buildserviceAATTojkastl.de- added openSUSE_apparmor_mount.conf to allow running containers by setting lxc.aa_allow_incomplete = 1, as the apparmor patches regarding mount are not in the upstream kernel
* Fri Jan 23 2015 opensuse_buildserviceAATTojkastl.de- added dependency on correct lxc-libs version to the spec
* Fri Jan 23 2015 opensuse_buildserviceAATTojkastl.de- enabled python support, so lxc-ls does not lose functionality
* Thu Jan 22 2015 opensuse_buildserviceAATTojkastl.de- changed version to reflect rc1 correctly: 1.1.0~rc1
* Thu Jan 22 2015 opensuse_buildserviceAATTojkastl.de- changed release to include rc1
* Thu Jan 22 2015 opensuse_buildserviceAATTojkastl.de- update to 1.1.0-rc1
* Fri Jan 16 2015 opensuse_buildserviceAATTojkastl.de- openSUSE/SUSE related stuff without version check, except systemd-related things
* Tue Dec 16 2014 opensuse_buildserviceAATTojkastl.de- added excludes for rc
*links to avoid double packaging warnings
* Tue Dec 16 2014 opensuse_buildserviceAATTojkastl.de- Adding rclxc and rclxc-net links correctly
* Tue Dec 16 2014 opensuse_buildserviceAATTojkastl.de- Some Fedora/RHEL version require libcgroup, but the %if was not working properly. Fixed.
* Tue Dec 16 2014 opensuse_buildserviceAATTojkastl.de- systemd stuff including %preun and more stuff in %postun
* Tue Dec 16 2014 opensuse_buildserviceAATTojkastl.de- spec adjusted to version from upstream
* Mon Dec 15 2014 opensuse_buildserviceAATTojkastl.de- small changes to spec, to build correctly on 12.3
* Tue Dec 09 2014 opensuse_buildserviceAATTojkastl.de- changed spec to build on opensuse- fixed suse-filelist-forbidden-move-to-usr error
* Mon Dec 08 2014 opensuse_buildserviceAATTojkastl.de- created new package for lxc 1.1, now with alpha3