SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for lxc-2.0.11-1.9.x86_64.rpm :

* Thu Mar 05 2020 Johannes Kastl - update to 2.0.11 Note that LXC 2.0.10 was released a few days before 2.0.11 but the release tarball was missing some files and wasn\'t buildable on Android, so we ended up releasing 2.0.11 to address that. The changelog below is for everything which happened between 2.0.9 and 2.0.11.
* Security fixes - Fixes CVE-2018-6556 lxc-user-nic when asked to delete a network interface would unconditionally open a user provided path. This code path could be used by an unprivileged user to check for the existence of a path which they wouldn\'t otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). For more details see here. - Fixes CVE-2019-5736 This release fixes CVE-2019-5736. It is a major security issue afflicting all container runtimes and is exploitable when attaching to privileged containers. More details on the the bug and how it is fixed can be found here.
* Main bugfixes - Allow attaching to undefined containers For example the following sequence is now expected to work: lxc-start -n -f /path/to/conf \\ - s \'lxc.id_map = u 0 100000 65536\' \\ - s \'lxc.id_map = g 0 100000 65536\' \\ - s \'lxc.rootfs = /path/to/rootfs\' \\ - s \'lxc.init_cmd = /path/to/initcmd\' - Correctly handle namespace inheritance in attach lxc_attach will now correctly distinguish between a caller specifying specific namespaces to attach to and a caller not requesting specific namespaces. The latter is taken by lxc_attach to mean that all namespaces will be attached. This also needs to include all inherited namespaces. - Allow the creation of testing and unstable Debian containers Being able to create testing containers, regardless of what\'s the name of the next stable, is useful in several contexts, included but not limited to testing purposes. i.e. one won\'t need to explicitly switch to bullseye once buster is released to be able to continue tracking testing. While we are at it, let\'s also enable unstable, which is exactly the same as sid, but there is no reason for not being able to. - Enable container without CAP_SYS_ADMIN (cgroup handling) In case cgroup namespaces are supported but we do not have CAP_SYS_ADMIN we need to mount cgroups for the container. This patch enables both privileged and unprivileged containers without CAP_SYS_ADMIN. - Improved cgroup2 handling Since cgroup2 is becoming more common LXC 2.0.11 comes with a wide range of improvements in that area. - Support read-only mounts of cgroups This is especially useful if the container lacks CAP_SYS_ADMIN and thus cannot remount. - Allow to exit from console via SIGTERM This allows cleanly exiting a console session without control sequences. Instead SIGTERM can be sent to the affected process and it will cause LXC to cleanly terminate the console session. - Correctly calculate the number of arguments passed when running application containers The number of arguments passed to exec was miscalculated under certain conditions. This release ensure that the correct number of arguments is calculated and passed to exec. - Remove all unneeded locking from the codebase Older version of LXC used mutexes in various places to ensure thread-safety. Careful redesign of these codepaths has enabled us to remove all mutextes from the codebase. This has led to simplifications and speedups for various operations such as container start and stop. - Fix cgroup namespace preservation This eliminates a race and makes sure that the cached file descriptor refers to the container\'s cgroup namespace and not to the hosts\'. - Allow application to share the hosts\' pid namespace Prior versions of LXC did not allow to share the hosts\' pid namespace. Starting with this bugfix release it is possible to do this correctly. - Correctly handle very short-lived application containers Prior versions had trouble to correctly handle extremely short-lived application containers. For example, LXC could incorrectly report that a container is still running when it had already shut down due to a TOCTU and refuse to restart it. This caused unnecessary delay. Also, output of such short-lived containers written to stdout could get lost or truncated. This release fixes both issues. - Correctly handle containers where /proc has been mount with hidepid=1 or hidepid=2 In prior versions attaching to unprivileged containers as an unprivileged user with /proc mounted with hidepid=1 or hidepid=2 would fail since LXC could not retrieve needed information from /proc. This is now fixed. - Allow to force mount cgroups even when cgroup namespaces are supported This lets users specify lxc.mount.auto = cgroup:mixed:force or lxc.mount.auto = cgroup:ro:force or lxc.mount.auto = cgroup:rw:force. When cgroup namespaces are supported LXC will not mount cgroups for the container since it assumes that the init system will mount cgroups itself if it wants to. This assumption already broke when users wanted to run containers without CAP_SYS_ADMIN. For example, systemd based containers wouldn\'t start since systemd needs to mount cgroups (named systemd hierarchy for legacy cgroups and the unified hierarchy for unified cgroups) to track processes. This problem was solved by detecting whether the container had CAP_SYS_ADMIN. If it didn\'t we performed the cgroup mounts for it. However, there are more cases when we should be able to mount cgroups for the container when cgroup namespaces are supported: - init systems not mounting cgroups themselves: A init system that doesn\'t mount cgroups would not have cgroups available especially when combined with custom LSM profiles to prevent cgroup {u}mount()ing inside containers. - application containers: Application containers will usually not mount by cgroups themselves. - read-only cgroups: It is useful to be able to mount cgroups read-only to e.g. prevent changing cgroup limits from inside the container while at the same time allowing the applications to perform introspection on their own cgroups. This again is mostly useful for application containers. System containers running systemd will usually not work correctly when cgroups are mounted read-only. - Everything else 2.0.11 includes almost a year and a half of bugfixes cherry-picked from current LXC, the entire list can be found below. - tools: allow lxc-attach to undefined containers - utils: move memfd_create() definition - utils: add lxc_cloexec() - utils: add lxc_make_tmpfile() - utils: add lxc_getpagesize() - utils: add lxc_safe_long_long() - utils: parse_byte_size_string() - utils: add lxc_find_next_power2() - namespace: use lxc_getpagesize() - lxc-debian: allow creating testing and unstable - Call lxc_config_define_load from lxc_execute again - Fix typo in lxc-net script - Add missing lxc_container_put - lxc-debian: don\'t write C.
* locales to /etc/locale.gen - attach: correctly handle namespace inheritance - cgfsng: fix cgroup2 detection - cgroups: enable container without CAP_SYS_ADMIN - lxc-start: remove unnecessary checks - start: close non-needed file descriptors - handler: make name argument const - start: close data socket in parent - monitor: do not log useless warnings - network: reap child in all cases - conf: reap child in all cases - storage: switch to ext4 as default filesystem - tools: fix help output of lxc-create - attach: handle namespace inheritance - cgroups/cgfsng: keep mountpoint intact - cgroups/cgfsng: cgfsns_chown() -> cgfsng_chown() - cgroups/cgfsng: support MS_READONLY with cgroup ns - log: check for i/o error with vsnprintf() - cgroupfs/cgfsng: tweak logging - cgroups/cgfsng: remove is_lxcfs() - cgroups/cgfsng: fix get_controllers() for cgroup2 - cgroupfs/cgfsng: improve cgroup2 handling - config: remove SIGRTMIN+14 as lxc.signal.stop - commands: non-functional changes - console: non-functional changes - console: non-functional changes - lxc-test-unpriv: fix the overlayfs mount error - attach: allow attach with empty conf - tools/lxc_attach: removed api logging - console: fix console info message - Add missing dependency libunistring - cgroups/cgfsng: adapt to new cgroup2 delegation - console: report detach message on demand - lxccontainer: enable daemonized app containers - console: use correct escape sequence check - console: prepare for generic signal handler - console: exit mainloop on SIGTERM - commands: non-functional changes - lxccontainer: non-functional changes - commands: fix state socket implementation - lxc_init: set the control terminal in the child session - lxc-test-unpriv: check user existence before removing it - Fixed typo on lxc.spec.in - conf: move CAP_SYS_
* definitions to utils.h - start.c: always switch uid and gid - Use AX_PTHREAD config script to detect pthread api - utils.h: Avoid duplicated sethostname implementation - tools/lxc_cgroup: remove internal logging - tools/lxc_autostart: remove internal logging - tools/lxc_clone: remove internal logging - tools/lxc_console: remove internal logging - tools/lxc_create: remove internal logging - tools/lxc_destroy: remove internal logging - tools/lxc_device: remove internal logging - tools/lxc_execute: removed internal logging - tools/lxc_freeze: remove internal logging - tools/lxc_info: removed internal logging - criu: detect veth name - lxccontainer: various container creation fixes - storage: remove unused declaration - tools/lxc_ls: remove internal logging - tools/lxc_copy: remove internal logging - tools/lxc_monitor: removed internal logging - tools/lxc_snapshot: removed internal logging - tools/lxc_start: removed internal logging - tools/lxc_stop: removed internal logging - tools/lxc_top: removed internal logging - tools/lxc_unfreeze: removed internal logging - tools/lxc_unshare: removed internal logging - tools/lxc_usernsexec: removed internal logging - tools/lxc_wait: removed internal logging - confile: fix memory leak - utils: declare sethostname() static inline - lxc_unshare: Add uid_mapping when creating userns - Update gentoo.moresecure.conf. - Add new dependency to Slackware template - Add bash completion to list backing store types for lxc-create -B - Backing Store types are hard-coded (Not sure how to get programmatically) - Closes #1236 - Fix SETCOLOR_FAILURE evaluation - Insert missing \"echo\" after \"is_enabled\" - conf: prevent null pointer dereference - criu: initialize status - confile: remove dead assignment - criu: silence static analysis - attach: do not fail on non-existing namespaces - test: reenable Coverity integration - lxc_execute: properly figure out number of needed arguments - arguments: move to tools/ subdirectory - start: set loglevel correctly - commands: don\'t traverse whole list - commands: don\'t lock atomic operations - commands: don\'t lock the whole command - start: don\'t lock setting the state - commands: allow waiting for all states - test: add state server tests - commands: tweak locking - lxccontainer: restore non-blocking shutdown - commands: tell mainloop to reap client fd on error - commands: return -ECONNRESET to caller - execute: pass logfile to lxc-init - lxccontainer: handle execute containers correctly - lxc_init: move up to src/lxc - init: rework dumb init - lxc_init: add custom argument parser - tests: expand tests for shortlived init processes - coverity: #1425734 - coverity: #1425735 - coverity: #1425739 - coverity: #1425929 - coverity: #1425923 - coverity: #1425922 - coverity: #1425921 - coverity: #1425895 - coverity: #1425890 - coverity: #1425889 - coverity: #1425888 - lxc: Distinguish pthread_mutex_unlock error messages - travis: Fix build failure - coverity: #1425893 - coverity: #1425886 - coverity: #1428855 - coverity: #1425884 - coverity: #1425883 - coverity: #1425879 - tools: block using lxc-execute without config file - conf: avoid spawning unnecessary subshells - coverity: #1425874 + cleanup - lxccontainer: only attach netns on netdev detach - lxccontainer: cleanup {attach,detach}_interface() - coverity: #1425870 - coverity: #1425869 - coverity: #1425867 - coverity: #1425866 - coverity: #1425863 - coverity: #1425862 - coverity: #1425860 - coverity: #1425859 - coverity: #1425858 - coverity: #1425857 - start: do not unconditionally dup std{in,out,err} - tools: exit success when lxc-execute is daemonized - start: fix cgroup namespace preservation - init: don\'t kill(-1) if we aren\'t in a pid ns - SHARE_NS options should be before OPT_USAGE - commands: fix race when open()/close() cmd socket - namespace: add lxc_raw_clone() - utils: use lxc_raw_clone() in run_command() - lxc_init: fix cgroup parsing - tests: s/lxc.init.cmd/lxc.init_cmd/g - commands_utils: add missing mutex - [monitor] wrong statement of break - cgfsng: Add new macro to print errors - attach: simplify significantly - attach: use lxc_raw_clone() - attach: handle /proc with hidepid={1,2} property - tests: expand lxc_raw_clone() tests - namespace: add lxc_raw_getpid() - tree-wide: s/getpid()/lxc_raw_getpid()/g - namespace: comment lxc_{raw_}clone() - namespace: add lxc_raw_clone_cb() - start: use lxc_raw_clone_cb() where possible - start: log closing cmd socket and STOPPED state - start: make us dumpable - start: simplify cgroup namespace preservation - start: fix death signal - start: handle setting death signal smarter - mainloop: add mainloop macros - mainloop: capture output of short-lived init procs - lxc_config: Add -h and --help flags handler - start: properly cleanup mainloop - console: do not allow non-pty devices on open() - mainloop: use epoll_create1(EPOLL_CLOEXEC) - conf: adapt idmap helpers - conf: adapt userns_exec_1() - conf{ile}: detect ns{g,u}id mapping for root - cgfsng: use init {g,u}id - conf: detect if devpts can be mounted with gid=5 - gentoo: Add support for .xz tarballs - configure.ac: fix the check for static libcap - conf: write \"deny\" to /proc/[pid]/setgroups - conf: non-functional changes - conf: rework userns_exec_1() - cgfsng: only establish mapping once - Fix broken indentation - Include -devel suffix in version string - Add return check for \'lxc_cmd_get_name\' - fix up lxc-usernsexec\'s exit status - add some idmap parsing error messages - confile: improve log messages - console: move pty creation to separate function - start: non-functional changes - console: add some pty helpers - attach: cleanup attach_child_main() - console: adapt lxc_console_mainloop_add() - console: add lxc_pty_map_ids() - attach: minor tweaks - tools: honor --console and --console-log - start: non-functional changes - console: set SFD_CLOEXEC on signal fd - lxc-alpine: allow retaining sys_ptrace per container - utils: do not rely on unitialized variable - test: log error on failure - utils: check suffix length - lxccontainer: restore blocking wait() - freezer: non-functional changes - commands: add LXC_CMD_SERVE_STATE_CLIENTS - start: don\'t log stop/continue for non-init processes - fix lxc_error_set_and_log to match the docs - lxc.init: correctly exit with the app\'s error code - remember the exit code from the init process - start: don\'t return false when the container\'s init exits nonzero - lxc-execute: actually exit with the status of the spawned task - set exit status to 1 in the unknown si_code case - console: cleanup - test: fix console tests - attach_options: reduce delta - attach: reduce delta - cgroups: reduce delta - bla - Revert commit \"bla\" with bad commit message - cgfsng: reduce delta - tools: fix android - Create console when the rootfs is NULL - unlink lxc-init - coverity: #1427668 - coverity: #1427639 - coverity: #1427638 - coverity: #1427191 - coverity: #1427190 - coverity: #1426734 - coverity: #1426694 - start: fix mainloop cleanup goto statements - Modify .gitignore - Fix comments and add check in lxc_poll. - lsm: non-functional changes - lsm: add lsm_process_label_fd_get() - lsm: add lsm_process_label_set_at() - apparmor: do not call aa_change_profile() - autotools: do not link against libapparmor - network.c: Remove ip_forward_set and callers - [cgfsng] show wrong errno - better check for lock dir - better unprivileged detection - debian: Use iproute2 instead of iproute - tools: make \"-n\" optional - lsm: do not #ifdefine - debian: We must use iproute on wheezy - lxc-init: use SIGKILL after alarm timeout - monitor: send SIGTERM to the container when SIGHUP is received - lxc.init: ignore SIGHUP - cgroups: get controllers on the unified hierarchy - cgroups: cgfsng_create: handle unified hierarchy - cgroups: cgfsng_attach: handle unified hierarchy - cgroups: cgfsng_get: handle unified hierarchy - cgroups: cgfsng_set: handle unified hierarchy - cgroups: handle limits on the unified hierarchy - cgroups: more consistent naming - attach: set the container\'s environment variables - attach: non-functional changes - cgfsng: do MS_REMOUNT - cgfsng: non-functional changes - templates: CentOS fixes - cgroups: add check for lxc.cgroup.use - selinux: simplify check for default label - lsm: fix missing AATT in function documentation - cgfsng: add required remount flags - define am_guest_unpriv - Restore most cases of am_guest_unpriv - coverity: #1429139 - coverity: #1426734 - coverity: #1425971 - fix userns helper error handling - console: they are really not necessary - Modify .gitignore - Fix lxc-console hang - conf: support mount propagation - lxclock: remove pthread_atfork_handlers - cgfsng: simplifications and fixes - CONTRIBUTING: update - CODING_STYLE: add CODING_STYLE.md - cgroups: use correct mask for chmod() - CODING_STYLE: add section for str{n}cmp() - tests: remove lxc-test-ubuntu - utils: fix lxc_p{close,open}() - start: don\'t call close on invalid file descriptor - console: ensure that fd is marked EBADF - README: add coverity - confile: add \"force\" to cgroup:{mixed,ro,rw} - cgfsng: order includes - cgfsng: fully document struct hierarchy - cgfsng: fully document struct cgfsng_handler_data - cgfsng: fully document remaining variables - cgfsng: free_string_list() - cgfsng: cg_legacy_must_prefix_named() - cgfsng: move cg_legacy_must_prefix_named() - cgfsng: add me to authors - cgfsng: append_null_to_list() - cgfsng: string_in_list() - cgfsng: must_append_controller() - cgfsng: get_hierarchy() - cgfsng: lxc_cpumask() - cgfsng: lxc_cpumask_to_cpulist() - cgfsng: get_max_cpus() - cgfsng: cg_legacy_filter_and_set_cpus() - cgfsng: copy_parent_file() - cgfsng: cg_legacy_handle_cpuset_hierarchy() - cgfsng: controller_lists_intersect() - cgfsng: controller_list_is_dup() - cgfsng: controller_found() - cgfsng: all_controllers_found() - cgfsng: cg_hybrid_get_controllers() - cgfsng: cg_hybrid_get_mountpoint() - cgfsng: copy_to_eol() - cgfsng: controller_in_clist() - cgfsng: cg_hybrid_get_current_cgroup() - cgfsng: must_append_string() - cgfsng: trim() - cgfsng: lxc_cgfsng_print_hierarchies() - cgfsng: lxc_cgfsng_print_basecg_debuginfo() - cgfsng: cg_hybrid_init() - cgfsng: cg_is_pure_unified() - cgfsng: cg_unified_get_current_cgroup() - cgfsng: cgfsng_init() - cgfsng: recursive_destroy() - cgfsng: cg_unified_create_cgroup() - cgfsng: create_path_for_hierarchy() - cgfsng: remove_path_for_hierarchy() - cgfsng: cgfsng_create() - cgfsng: cgfsng_enter() - cgfsng: cgfsng_chown() - cgfsng: mount_cgroup_full() - cgfsng: cgfsng_mount() - cgfsng: recursive_count_nrtasks() - cgfsng: recursive_count_nrtasks() - cgfsng: cgfsng_escape() - cgfsng: build_full_cgpath_from_monitorpath() - cgfsng: __cg_unified_attach() - cgfsng: cgfsng_attach() - cgfsng: cgfsng_get() - cgfsng: cgfsng_set() - cgfsng: convert_devpath() - cgfsng: cg_legacy_set_data() - cgfsng: __cg_legacy_setup_limits() - lxccontainer: use wait_for_pid() - start: remove duplicate lxc_monitor_send_state() - tree-wide: remove locking around openpty() - {commands,start}: remove element from list first - start: use correct prefix for includes - start: print_top_failing_dir() - start: close_ns() - start: preserve_ns() - start: lxc_check_inherited() - start: signal_handler() - start: lxc_poll() - start: lxc_init_handler() - start: lxc_init() - start: lxc_abort() - start: start() - start: post_start() - start: lxc_destroy_container_on_signal() - start: do_destroy_container() - cgfsng: enable \"force\" for \"cgroup-full\" - confile: backport parts of network parsing - utils: add LXC_PROC_PID_FD_LEN - CVE 2018-6556: verify netns fd in lxc-user-nic - utils: include linux/types.h - cgfsng: fix off-by-one error - lxccontainer: do_lxcapi_start() - lxccontainer: do_lxcapi_create() - lxccontainer: do_lxcapi_get_interfaces() - lxccontainer: do_lxcapi_get_ips() - lxccontainer: do_lxcapi_clone() - lxccontainer: do_add_remove_node() - lxccontainer: do_lxcapi_detach_interface() - lxclock: {un}lock_mutex() - utils: lxc_popen() - utils: run_command() - network: lxc_create_network_unpriv_exec() - network: lxc_delete_network_unpriv_exec() - lxccontainer: config_file_exists() - lxccontainer: ongoing_create() - lxccontainer: create_partial() - lxccontainer: create_partial() - lxccontainer: lxc_container_free() - lxccontainer: lxc_container_{get,put}() - lxccontainer: do_lxcapi_is_defined() - lxccontainer: do_lxcapi_state() - lxccontainer: is_stopped() - lxccontainer: do_lxcapi_is_running() - lxccontainer: do_lxcapi_freeze() - lxccontainer: do_lxcapi_unfreeze() - lxccontainer: do_lxcapi_console_getfd() - lxccontainer: lxcapi_console() - lxccontainer: load_config_locked() - lxccontainer: do_lxcapi_load_config() - lxccontainer: do_lxcapi_want_daemonize() - lxccontainer: do_lxcapi_want_close_all_fds() - lxccontainer: do_lxcapi_wait() - lxccontainer: am_single_threaded() - lxccontainer: push_arg() - lxccontainer: split_init_cmd() - lxccontainer: free_init_cmd() - lxccontainer: lxcapi_start() - lxccontainer: lxcapi_startl() - lxccontainer: do_create_container_dir() - lxccontainer: create_container_dir() - criu: criu_version_ok() - criu: do_restore() - criu: du_dump() - cgfsng: fix get_hierarchy() for unified hierarchy - fix download template for /tmp as tmpfs or noexec - CODING_STYLE: add section about _exit() - commands: remove mutex from state client list - lxc-snapshot: fix segfault - lxc_init: don\'t mount filesystems - cgfsng: non-functional changes - mainloop: add LXC_MAINLOOP_ERROR - config: start with a full capability set - CODING_STYLE: remove duplicate _exit() entry - CODING_STYLE: clang-format - CODING_STYLE: arrays of structs - CODING_STYLE: add languages to highlight - Add a workaround for a build issue with old versions of libcap - usernsexec: init log fd - cgroups: don\'t escape if we\'re not real root - Revert \"cgroups: don\'t escape if we\'re not real root\" - conf: fix clang warning when building w/o libcap - fix handler use-after-free - Rename ifup/down and remove usless parameter passing - conf: simplify lxc_fill_autodev() - start: always make us dumpable - lxclock: use thread-safe OFD fcntl() locks - locktests: fix test suite - fix signal sending in lxc.init - lxc init: remove dead code - lxc init: coding style - utils: define __NR_setns if missing on old glibcs - conf: ret-try devpts mount without gid=5 on error - do_lxcapi_create: set umask - Fix the memory leak in cgfsng_attach - Fix memory leak in list_active_containers - coverity: #1435208 - coverity: #1435207 - coverity: #1435205 - coverity: #1435198 - lxccontainer: use thresafe OFD locks - lxccontainer: non-functional changes - lxccontainer: do_lxcapi_is_running() - lxccontainer: do_lxcapi_freeze() - lxccontainer: do_lxcapi_unfreeze() - lxccontainer: non-functional changes - lxccontainer: non-functional changes - lxccontainer: non-functional changes - coverity: #1435263 - fix logic for execute log file - execute: use static buffer - execute: do not check inherited fds again - lxc-unshare: add missing declaration - execute: account for -o path option count - genl: remove - coverity: #1425744 - utils: account for terminating \\0 byte - network: silence gcc-8 - network: adhere to IFNAMSIZ limit - autodev: adapt to changes in Linux 4.18 - strlcpy: add strlcpy() implementation - tree-wide: s/strncpy()/strlcpy()/g - CODING_STYLE: add section about using strlcpy() - tools: s/strncpy()/strlcpy()/g - Revert \"tools: s/strncpy()/strlcpy()/g\" - coverity: #1435604 - coverity: #1435603 - coverity: #1425836 - coverity: #1248106 - coverity: #1425844 - config: allow read-write /sys in user namespace - capabilities: raise ambient capabilities - coverity: #1425802 - lxc-init: skip signals that can\'t be caught - tree-wide: s/sigprocmask/pthread_sigmask()/g - utils: fix task_blocking_signal() - lxccontainer: fix fd leaks when sending signals - confile: order architectures - tools: fix lxc-create with global config value - tools: fix lxc-create with global config value II - coverity: #1435805 - coverity: #1435803 - utils: fix task_blocking_signal() - network: fix socket handle leak - conf: va_end was not called. - confile: improve strprint() - start: fix waitpid() blocking issue - start: log unknown info.si_code - tree-wide: handle EINTR in some read()/write() - conf: copy mountinfo for remount_all_slave() - support tls in cross-compile - Fix typo - coverity: #1425777 - coverity: #1425779 - coverity: #1425794 - coverity: #1425795 - coverity: #1425841 - coverity: #1425849 - coverity: #1425836 - conf: only use newuidmap and newgidmap when necessary - arguments: improve some operations - coverity: #1425781 - tools: restore lxc-create log behavior - fix getpwnam() thread safe issue - attach: fix double free - coverity: #1436916 - fix getpwuid() thread safe issue - fix getgrgid() thread safe issue - coverity: #1437017 - coverity: #1425778 - coverity: #1425760 - coverity: #1425766 - coverity: #1425767 - coverity: #1425768 - storage: Resource leak - include: add getgrgid_r() - coverity: #1425770 - coverity: #1425771 - coverity: #1425789 - coverity: #1425792 - coverity: #1425793 - coverity: #1425799 - coverity: #1425810 - coverity: #1425813 - coverity: #1425818 - coverity: #1425819 - coverity: #1425824 - coverity: #1425825 - coverity: #1425837 - coverity: #1425840 - coverity: #1425846 - coverity: #1425789 - coverity: #1425855 - coverity: #1437027 - secure coding: strcpy => strlcpy - secure coding: network: strcpy => strlcpy - btrfs: fix btrfs_snapshot() - include: add strlcat() implementation - btrfs: fix get_btrfs_subvol_path() - secure coding: #2 strcpy => strlcpy - fix fd handle leak - fix pointer c is dereferenced after checking null - commands: simplify lxc_cmd() - monitor: change exit() => _exit() system call in child process - move some comments in lxc.spec.in - log: add lxc_log_strerror_r macro - log: account for Android\'s Bionic\'s strerror_r() - CODING_STYLE: add section about using strlcat() - coverity: #1425816 - start: don\'t unconditionally open(\"/dev/null\") - log: thread-safety backports - attach: simplify lxc_attach_getpwshell() - coverity: #1437936 - coverity: #1437935 - lxclock: change error log using strerror to SYSERROR - conf: the atime flags are locked in userns - coverity: #1438067 - change log macro of error case from lxc_ambient_caps_up/down - nl: avoid NULL pointer dereference - conf: s/pipe()/pipe2()/g - conf: always close pipe in run_userns_fn() - criu: s/pipe()/pipe2()/ - lxccontainer: cleanup do_lxcapi_get_interfaces() - lxccontainer: s/pipe()/pipe2()/g - cmd: s/pipe()/pipe2()/g - cmd: s/write()/lxc_write_nointr()/g - cmd: s/read()/lxc_read_nointr()/g - criu: s/read()/lxc_read_nointr()/g - criu: s/write()/lxc_write_nointr()/g - lxccontainer: s/write()/lxc_write_nointr()/g - lxccontainer: s/read()/lxc_read_nointr()/g - network: s/read()/lxc_read_nointr()/g - network: s/write()/lxc_write_nointr()/g - sync: s/read()/lxc_read_nointr()/g - sync: s/write()/lxc_write_nointr()/g - log: handle EINTR in read() - caps: handle EINTR in read() - coverity: #438136 - READEM: update Serge\'s mail address - MAINTAINERS: add Wolfgang Bumiller - CONTRIBUTING: Update reference to kernel coding style - CONTRIBUTING: Link to latest online kernel docs - CONTRIBUTING: Direct readers to CODING_STYLE.md - CODING_STYLE: Mention kernel style in introduction - CONTRIBUTING: Add \'be\' to fix grammar - CODING_STLYE: Simplify explanation for use of \'extern\' - CODING_STLYE: Remove sections implied by \'kernel style\' - CODING_STYLE: Fix non-uniform heading level - CODING_STYLE: Update section header format - autotools: add --{disable,enable}-thread-safety - attach: don\'t shutdown ipc socket in child - attach: report standard shell exit codes - storage: src cannot be truncated - commands: backport robust infrastructure - Fixing compile error when compiling for android - Fixing hooks functionality Android where \'sh\' is placed under /system/bin - caps: check uid and euid - CVE-2019-5736 (runC): rexec callers as memfd - rexec: don\'t include non-existing header - utils: add missing sealing flags - include: add fexecve() for Android\'s Bionic - fexecve: remove unnecessary #ifdef - fexecve: use correct name - rexec: handle legacy kernels - cve-2019-5736: add test for rexec - change version to 2.0.10 in configure.ac - autotools: handle getgrgid_r on bionic - autotools: add memory_utils.h to Makefile.am - change version to 2.0.11 in configure.ac
* Tue Oct 31 2017 opensuse_buildserviceAATTojkastl.de- update to version 2.0.9 Bugfixes:
* apparmor: Allow containers to start in AppArmor namespaces
* apparmor: Drop useless apparmor denies
* caps: Move ifndef/define to the top
* cgfsng: Fail when limits fail to apply
* cgfsng: Log when we defer to cgfsng
* cgfsng: Only output debug info when we set cgroup data
* cgroups: Handle hybrid cgroup layouts
* cgroups: Use tight scoping
* cgroups: Workaround gcc-7 bug
* commands: Abstract cmd socket handling + logging
* commands: Add missing translation
* commands: Delete meaningless comments
* commands: Handle EINTR
* commands: Make state server interface flexible
* commands: Move lxc_make_abstract_socket_name()
* commands: Rename to lxc_cmd_add_state_client()
* commonds: Fix typo
* conf: Adapt to lxc-user-nic usage
* conf: Add lxc_get_idmaps()
* conf: Add userns_exec_full()
* conf: Allow to clear all config items
* conf: Allow to get lxc.autodev
* conf: Allow to get lxc.haltsignal
* conf: Allow to get lxc.kmsg
* conf: Allow to get lxc.rebootsignal
* conf: Allow to get lxc.stopsignal
* conf: Allow writing uid mappings with euid != 0
* conf: Avoid double-frees in userns_exec_1()
* conf: Clear lxc.include
* conf: Do not check for empty value twice
* conf: Do not check union on wrong net type
* conf: Do not deref null pointer
* conf: Do not free static memory
* conf: Do not log uninitialized memory
* conf: Do not write out trailing spaces
* conf: Don\'t send ttys when none are configured
* conf: Dump lxc_get_config_item()
* conf: Error out on too many mappings
* conf: Fix bionic builds
* conf: Fix build without libcap
* conf: Fix tty creation
* conf: Fix userns_exec_1()
* conf: Free netdev->downscript
* conf: Implement config item clear callback
* conf: Improve lxc_map_ids()
* conf: Improve tty shifting function
* conf: Improve write_id_mapping()
* conf: Increase lxc-user-nic buffer
* conf: Log lxc-user-nic output
* conf: lxc_listconfigs -> lxc_list_config_items
* conf: Move clearing config items into one place
* conf: Non-functional changes
* conf: NOTICE() on mounts on container\'s /dev
* conf: Performance tweaks
* conf: Preserve newlines
* conf: Properly parse lxc.idmap entries
* conf: Record idmap that gets written
* conf: Refactoring of most config parsing code
* conf: Refactor network deletion
* conf: Remove dead assignments in parse_idmaps()
* conf: Remove dead mount code
* conf: Rework lxc_map_ids()
* conf: Rework userns_exec_1()
* conf: Send ttys in batches of 2
* conf: Switch API to new callback system
* conf: Use a minimal {g,u}id map
* conf: Use correct check on char array
* conf: Use run_command for lxc-usernsexec
* console: Clean tty state + return 0 on peer exit
* console: DO NOT add the handles of adjust winsize when the \'stdin\' is not a tty
* console: Fix memory leak of \'lxc_tty_state\'
* console: Remove dead assignments
* core: Do remount with the MS_REMOUNT flag when mounts with MS_RDONLY
* core: Fix a format string build failure on x32
* core: Fix includes for Android
* core: Fix memory and resource leak
* core: Fix some cppcheck warnings
* core: Fix the bug of \'ts->stdoutfd\' did not fill with parameters \'stdoutfd\'
* core: Include custom mntent for Android
* core: Log function called in userns_exec_1()
* core: Remove the __func__ macro
* core: Remove the unused macro
* core: Replace \"priority\" with \"level\"
* core: Revert \"Add a prefix to the lxc.pc\"
* core: root -> am_root
* core: struct bdev -> struct lxc_storage
* core: Update .gitignore
* core: Use strerror(errno) instead of %m
* criu: Add cmp_version()
* criu: Use correct check initialization check
* doc: Add CII Best Practices badge to README
* doc: Add console behavior to Japanese lxc.container.conf(5)
* doc: Document missing env variables
* doc: Fix regex-typo in Japanese and Korean lxc-monitor(1)
* doc: Fix regex-typo in lxc-monitor.sgml.in
* doc: Reword id mapping restrictions when unpriv
* doc: Rework README
* doc: Tweak Japanese lxc.container.conf(5)
* doc: Tweak lxc.container.conf a little
* doc: Untabify Japanese lxc.container.conf(5)
* doc: Update API documentation for get_config_item
* execute: Enable console & standard /dev symlinks
* init: Add comment for exclude 32 and 33 signals
* init: Adjust include statements
* init: Become session leader
* init: Move initialization of act to outside of the loop
* init: Report exec
*() failure
* init: Use lxc-stop to stop systemd service
* liblxc: Make sure memory is free()ed
* liblxc: Only spawn monitord on demand
* liblxc: Remove 5s timeout on error
* liblxc: Use snprintf()
* liblxc: Use userns_exec_full()
* lock: Non-functional changes
* lock: Return the right error when open lock file failed
* log: Prevent stack smashing
* log: Switch to a new lxc_log_init function
* monitor: Abstract lxc_abstract_unix_{send,recv}_fd for af_unix
* monitor: Add lxc_cmd_state_server()
* monitor: Add TRACE()ers
* monitor: Delete unneccessory include file
* monitor: Remove dead assignments
* monitor: Remove the workaround-code for lxc_abstract_unix_connect
* monitor: Remove unlink operation for af_unix
* network: Add arg to config clear method
* network: Add data arg to set callback
* network: Add ifindex field for host veth device
* network: Add lxc_log_configured_netdevs()
* network: Add missing checks for empty links
* network: Add network counter
* network: Add warning when ignoring MTU
* network: Clear ifindeces
* network: Delete ovs for unprivileged networks
* network: Document all fields in struct lxc_netdev
* network: Don\'t delete net devs we didn\'t create
* network: Fix grammar
* network: Implement lxc_get_netdev_by_idx()
* network: Log cleanup thread pid for openswitch
* network: Log ifindex
* network: Log ifindex for host side veth device
* network: Log veth_attr.pair and veth_attr.veth1
* network: Move config_value_empty() to confile_utils
* network: Perform network validation at creation time
* network: Remove allocation from lxc_mkifname()
* network: Remove dead assignments
* network: Remove netpipe
* network: Retrieve correct names and ifindices
* network: Retrieve the host\'s veth device ifindex
* network: Rework network creation
* network: Send ifindex for unpriv networks
* network: Stop recording saved physical net devices
* network: Use correct network device name
* network: Use send()/recv()
* network: Use single helper to delete networks
* network: Use static memory for net device names
* openvswitch: Delete ports intelligently
* seccomp: Export the seccomp filter after load it into kernel successful
* seccomp: Print action name in log
* seccomp: s/n-new-privs/no-new-privs/g
* seccomp: Update comment for function parse_config
* start: Add lxc_free_handler()
* start: Add lxc_init_handler()
* start: Document all handler fields
* start: Don\'t call lxc_map_ids() without id map
* start: Don\'t close inherited namespace fds
* start: Don\'t let data_sock users close the fd
* start: Dup std{in,out,err} to pty slave
* start: Ensure cgroups are cleaned up
* start: Generalize lxc_check_inherited()
* start: Log sending and receiving of tty fds
* start: lxc_setup() after unshare(CLONE_NEWCGROUP)
* start: Move env setup before container setup
* start: Pass LXC_LOG_LEVEL to hooks
* start: Pin rootfs when privileged
* start: Remove dead variable
* start: Send state to legacy lxc-monitord state server even if no state clients registered
* start: Set environment variables correctly
* start: Switch from SOCK_DGRAM to SOCK_STREAM
* start: Switch ids at last possible instance
* start: Use separate socket on daemonized start
* start: Use userns_exec_full()
* state: Remove lxc_rmstate declaration
* storage: Add storage_utils.{c.h}
* storage: Avoid segfault
* storage: Default to orig type on identical paths
* storage: Record output from mkfs.
*
* storage: Rename files \"bdev\" -> \"storage\"
* storage: Use userns_exec_full()
* storage/dir: Using \'add-required_remount_flags\' function to add required flags
* storage/loop: Detect loop file
* storage/overlayfs: Fix wrong path
* storage/overlay: Handle overlay for stable 2.0
* template: Remove obsolete bind-mounts from userns.conf
* template: Use \"rsync -SHaAX\" to copy the cached rootfs into place
* template/alpine: Add support for ppc64le
* template/alpine: Change file check to also check file size (-f => -s)
* template/archlinux: Change locale \"en-US.UTF-8\" to \"en_US.UTF-8\"
* template/centos: Add cronie to the pkg list
* template/centos: Use altarch mirror for CentOS on arches other than i386 and x86_64
* template/debian: Add aarch64 -> arm64 mapping
* template/debian: Add buster as a valid release
* template/debian: Don\'t force gettyAATT configuration
* template/debian: Use deb.debian.org as the default Debian mirror
* template/download: Fix syntax error
* template/download: Sanitize script with shellcheck
* template/opensuse: Add Tumbleweed as supported release
* template/opensuse: Fix tumbleweed software selection
* template/opensuse: getty.target.wants does not always exists
* template/opensuse: Support leap 42.3
* template/opensuse: Tumbleweed has no update repo
* template/plamo: Delete unnecessary process during container shutdown
* template/ubuntu: Check that there is netplan binary, rather than just just a config directory
* template/ubuntu: Conditionally move upstart ssh job, as it is now optional
* template/ubuntu: Support netplan in newer releases by default
* tests: Adapt lxc-user-nic tests to new syntax
* tests: Add corner-case tests for lxc_safe_{u}int()
* tests: Add item clear and config file tests
* tests: Add test script to test the ro option of lxc.rootfs.options
* tests: Add unit tests for idmap parser
* tests: Avoid NULL pointer dereference
* tests: Compare return value to expected value whenever we can
* tests: Define a network before checks
* tests: Don\'t fail when no processes for the user exist
* tests: Enforce all methods for config items
* tests: Remove dead assignments
* tests: Remove the temp container directory
* tests: Shortlived daemonized containers
* tests: Support systemd hybrid cgroups
* tools: Add additional cgroup checks
* tools: Print \"-devel\" when LXC_DEVEL is true
* tools: Use \"which\"
* tools/lxc-attach: Allow for situations without /dev/tty
* tools/lxc-checkconfig: Add CONFIG_NETFILTER_XT_MATCH_COMMENT
* tools/lxc-checkconfig: Add probe status checking
* tools/lxc-execute: Print error message when failed
* tools/lxc-ls: Return all containers by default
* tools/lxc-monitord: Exit when receiving a quit command
* tools/lxc-unshare: Do not pass NULL pointer
* tools/lxc-user-nic: Add new {create,delete} subcommands
* tools/lxc-user-nic: Check db before trying to delete
* tools/lxc-user-nic: Fix adding database entries
* tools/lxc-user-nic: Fix memleak
* tools/lxc-user-nic: Free memory and check for error
* tools/lxc-user-nic: Initialize vars to silence gcc-7
* tools/lxc-user-nic: Keep lines from other {users,links}
* tools/lxc-user-nic: Remove delta between master + stable
* tools/lxc-user-nic: Remove double initialization
* tools/lxc-user-nic: Rework renaming net devices
* tools/lxc-user-nic: Simplify logic
* tools/lxc-user-nic: Test privilege over netns on delete
* tools/lxc-usernsexec: Remove dead assignments
* travis: Fix builds
* utils: Add has_fs_type() + is_fs_type()
* utils: Add lxc_nic_exists()
* utils: Add lxc_safe_ulong()
* utils: Add run_command
* utils: Close parent end in child process after fork
* utils: Do not write to 0 sized buffer
* utils: Duplicate stderr as well in lxc_popen()
* utils: Fix lxc_mount_proc_if_needed()
* utils: Fix lxc_popen()/lxc_pclose()
* utils: Fix mem leak with realpath
* utils: Fix num parsing functions
* utils: Fix ppc64le builds
* utils: Fix the way to detect blocking signal
* utils: lxc_popen() remove dead assignments
* utils: Move helpers from cgfsng.c to utils.{c,h}
* utils: Rework lxc_deslashify()
* utils: Switch to has_fs_type()
* utils: Use 1LU otherwise we overflow
* utils: Use access instead of stat
* Sun Sep 17 2017 opensuse_buildserviceAATTojkastl.de- fixed tumbleweed %if-condition, so builds on 13.2 should work again now
* Thu Sep 14 2017 opensuse_buildserviceAATTojkastl.de- added workaround for Tumbleweed gcc7 bug bsc#1041291
* Mon May 15 2017 kastlAATTsuse- update to version 2.0.8 Important: Security fix for CVE-2017-5985 All templates have been updated to not set default passwords anymore, instead requiring lxc-attach be used to configure users. This may affect some automated environments that were relying on our default (very much insecure) users. Bugfixes: Make lxc-start-ephemeral Python 3.2-compatible Fix typo Allow build without sys/capability.h lxc-opensuse: fix default value for release code util: always malloc for setproctitle util: update setproctitle comments confile: clear lxc.network..ipv{4,6} when empty lxc_setup_tios(): Ignore SIGTTOU and SIGTTIN signals Make lxc-net return non-zero on failure seccomp: allow x32 guests on amd64 hosts. Add HAVE_LIBCAP c/r: only supply --ext-mount-map for bind mounts Added \'mkdir -p\' functionality in create_or_remove_cgroup Use LXC_ROOTFS_MOUNT in clonehostname hook squeeze is not a supported release anymore, drop the key start: dumb down SIGCHLD from WARN() to NOTICE() log: fix lxc_unix_epoch_to_utc() cgfsng: make trim() safer seccomp: set SCMP_FLTATR_ATL_TSKIP if available lxc-user-nic: re-order #includes lxc-user-nic: improve + bugfix lxc-user-nic: delete link on failure conf: only try to delete veth when privileged Fix lxc-containers to support multiple bridges Fix mixed tab/spaces in previous patch lxc-alpine: use dl-cdn.a.o as default mirror instead of random one lxc-checkconfig: verify new[ug]idmap are setuid-root [templates] archlinux: resolve conflicting files [templates] archlinux: noneed default_timezone variable python3: Deal with potential NULL char
* lxc-download.in / allow setting keyserver from env lxc-download.in / Document keyserver change in help Change variable check to match existing style tree-wide: include directly conf/ile: make sure buffer is large enough tree-wide: include directly tests: Support running on IPv6 networks tests: Kill containers (don\'t wait for shutdown) Fix opening wrong file in suggest_default_idmap do not set the root password in the debian template do not set insecure passwords don\'t set a default password for altlinux, gentoo, openmandriva and pld tools: exit with return code of lxc_execute() Keep veth.pair.name on network shutdown Makefile: fix static clang init.lxc build Avoid waiting for bridge interface if disabled in sysconfig/lxc | lxc-net via USE_LXC_BRIDGE Increased buffer length in print_stats() avoid assigning to a variable which is not POSIX shell proof (bug #1498) remove obsolete note about api stability conf: less error prone pointer access conf: lxc_map_ids() non-functional changes caps: add lxc_{proc,file}_cap_is_set() conf: check for {filecaps,setuid} on new{g,u}idmap conf: improve log when mounting rootfs ls: simplify the judgment condition when list active containers fix typo introduced in #1509 attach|unshare: fix the wrong comment caps: skip file capability checks on android autotools: check for cap_get_file caps: return false if caps are not supported conf: non-functional changes to setup_pts() conf: use bind-mount for /dev/ptmx conf: non-functional changes utils: use loop device helpers from LXD create ISSUE_TEMPLATE.md cgroups: improve cgfsng debugging issue template: fix typo conf: close fd in lxc_setup_devpts() conf: non-functional changes utils: tweak lxc_mount_proc_if_needed() Change sshd template to work with Ubuntu 17.04 conf: order mount options conf: add MS_LAZYTIME to mount options monitor: report errno on exec() error af unix: allow for maximum socket name commands: avoid NULL pointer dereference commands: non-functional changes lxccontainer: avoid NULL pointer dereference monitor: simplify abstract socket logic precise is not the latest LTS, let\'s use xenial instead fix the wrong exit status conf: non-functional changes lxc_fill_autodev() conf: remove /dev/console from lxc_fill_autodev() conf: non-functional changes lxc_setup() conf: non-functional changes to console functions conf: improve lxc_setup_dev_console() conf: lxc_setup_ttydir_console() config: remove /dev/console bind mount doc: document console behavior utils: add lxc_unstack_mountpoint() conf: unstack all mounts atop /dev/console console: fail when we cannot allocate peer tty start: remove umount2() conf: non-functional changes utils: handle > 2^31 in lxc_unstack_mountpoint() Install systemd units for CentOS Merge ubuntu and debiancase start: add crucial details about lxc_spawn() Deleted patches that have been included upstream: - 0010-tree-wide-include-sys-sysmacros.h-directly.patch - 0011-tree-wide-include-sys-sysmacros.h-directly.patch
* Wed Mar 29 2017 opensuse_buildserviceAATTojkastl.de- backported two patches to get the package to build again for Tumbleweed (applied only on tumbleweed aka suse_version >1315) 0010-tree-wide-include-sys-sysmacros.h-directly.patch 0011-tree-wide-include-sys-sysmacros.h-directly.patch
* Tue Jan 24 2017 opensuse_buildserviceAATTojkastl.de- update to version 2.0.7 This is the seventh bugfix release for LXC 2.0. The main bugfixes in this release are: - attach: Close lsm label file descriptor - attach: Non-functional changes - attach: Simplify lsm_openat() - caps: Add lxc_cap_is_set() - conf: attach: Save errno across call to close - conf: Clearly report to either use drop or keep - conf: criu: Add make_anonymous_mount_file() - conf: Fix suggest_default_idmap() - configure: Add --enable-gnutls option - configure: Check for memfd_create() - configure: Check whether gettid() is declared - configure: Do not allow variable length arrays - configure: Remove -Werror=vla - configure: Use AC_HEADER_MAJOR to detect major()/minor()/makedev() - conf: Non-functional changes - conf: Remove thread-unsafe strsignal + improve log - init: Add cgroupfs-mount to Should-Start/Stop sysvinit LSB headers - log: Add lxc_unix_epoch_to_utc() - log: Annotate lxc_unix_epoch_to_utc() - log: Drop all timezone conversion functions - log: Make sure that date is correctly formatted - log: Use lxc_unix_epoch_to_utc() - log: Use N/A if getpid() != gettid() when threaded - log: Use thread-safe localtime_r() - lvm: Supress warnings about leaked files - lxccontainer: Log failure to send sig to init pid - monitor: Add more logging - monitor: Close mainloop on exit if we opened it - monitor: Improve log + set log level to DEBUG - monitor: Log which pipe fd is currently used - monitor: Make lxc-monitord async signal safe - monitor: Non-functional changes - python3-lxc: Fix api_test.py on s390x - start: Check for CAP_SETGID before setgroups() - start: Fix execute and improve setgroups() calls - state: Use async signal safe fun in lxc_wait() - templates: lxc-debian: Don\'t try to get stuff from /usr/lib/systemd on the host - templates: lxc-debian: Fix getty service startup - templates: lxc-debian: Fix typo in calling dpkg with --print-foreign-architectures option - templates: lxc-debian: Handle ppc hostarch -> powerpc - templates: lxc-opensuse: Change openSUSE default release to Leap 42.2 - templates: lxc-opensuse: Remove libgcc_s1 - templates: lxc-opensuse: Remove poweroff.target -> sigpwr.target copy - templates: lxc-opensuse: Set to be unconfined by AppArmor - templates: lxc-opensuse: Update for Leap 42.2 - tests; Don\'t cause test failures on cleanup errors - tests: Skip unpriv tests on broken overlay module - tools: Improve logging - tools: lxc-start: Remove c->is_defined(c) check - tools: lxc-start: Set configfile after load_config - tools: Only check for O_RDONLY - tree-wide: Random macro cleanups - tree-wide: Remove any variable length arrays - tree-wide: Sic semper assertis! - utils: Add macro __LXC_NUMSTRLEN - utils: Add uid, gid, group convenience wrappers
* Sat Nov 26 2016 opensuse_buildserviceAATTojkastl.de- deleted patch 0003-Changed-shebang-in-src-python-lxc-examples-api_test..patch- adapted patches 0002 to 0005 to work with version 2.0.6
* Sat Nov 26 2016 opensuse_buildserviceAATTojkastl.de- added libtool as BuildRequires on
*SUSE
* Sat Nov 26 2016 opensuse_buildserviceAATTojkastl.de- Update to version 2.0.6 Important: Security fix for CVE-2016-8649 Bugfixes: utils: make detect_ramfs_rootfs() return bool tests: add test for detect_ramfs_rootfs() add Documentation entries to lxc and lxcAATT units mark the python examples as having utf-8 encoding log: sanity check the returned value from snprintf() lxc-alpine: mount /dev/shm as tmpfs archlinux: Do DHCP on eth0 archlinux: Fix resolving Drop leftover references to lxc_strerror() tests: fix image download for s390x tools: fix coding style in lxc_attach tools: make overlay valid backend tools: better error reporting for lxc-start alpine: Fix installing extra packages lxc-alpine: do not drop setfcap s390x: Fix seccomp handling of personalities tools: correct the argument typo in lxc_copy Use libtool for liblxc.so c/r: use --external instead of --veth-pair c/r: remember to increment netnr c/r: add checkpoint/restore support for macvlan interfaces ubuntu: Fix package upgrades requiring proc c/r: drop duplicate hunk from macvlan case c/r: use snprintf to compute device name Tweak libtool handling to work with Android tests: add lxc_error() and lxc_debug() container start: clone newcgroup immediately use python3_sitearch for including the python code fix rpm build, include all built files, but only once cgfs: fix invalid free() find OpenSUSE\'s build also as obs-build improve help text for --fancy and --fancy-format improve wording of the help page for lxc-ls cgfs: add print_cgfs_init_debuginfo() cgfs: skip empty entries under /proc/self/cgroup cgfs: explicitly check for NULL tools: use correct exit code for lxc-stop c/r: explicitly emit bind mounts as criu arguments log: bump LXC_LOG_BUFFER_SIZE to 4096 conf: merge network namespace move & rename on shutdown c/r: save criu\'s stdout during dump too c/r: remove extra \
s from logs c/r: fix off-by-one error c/r: check state before doing a checkpoint/restore start: CLONE_NEWCGROUP after we have setup cgroups create symlink for /var/run utils: add lxc_append_string() cgroups: remove isolated cpus from cpuset.cpus Update Ubuntu release name: add zesty and remove wily templates: add squashfs support to lxc-ubuntu-cloud.in cgroups: skip v2 hierarchy entry also stop lxc-net in runlevels 0 and 6 add lxc.egg-info to gitignore install bash completion where pkg-config tells us to conf: do not use %m format specifier debian: Don\'t depend on libui-dialog-perl cgroups: use %zu format specifier to print size_t lxc-checkpoint: automatically detect if --external or --veth-pair cgroups: prevent segfault in cgfsng utils: add lxc_preserve_ns() start: add netnsfd to lxc_handler conf: use lxc_preserve_ns() attach: use lxc_preserve_ns() lxc_user_nic: use lxc_preserve_ns() conf, start: improve log output conf: explicitly remove veth device from host conf, start: be smarter when deleting networks start, utils: improve preserve_ns() start, error: improve log + non-functional changes start, namespace: move ns_info to namespace.{c,h} attach, utils: bugfixes attach: use ns_info[LXC_NS_MAX] struct namespace: always attach to user namespace first cgroup: improve isolcpus handling cgroups: handle non-existent isolcpus file utils: add lxc_safe_uint() tests: add unit tests for lxc_safe_uint() utils: add lxc_safe_int() tests: add unit tests for lxc_safe_int() conf/ile: get ip prefix via lxc_safe_uint() confile: use lxc_safe_u/int in config_init_{u,g}id conf/ile: use lxc_safe_uint() in config_pts() conf/ile: use lxc_safe_u/int() in config_start() conf/ile: use lxc_safe_uint() in config_monitor() conf/ile: use lxc_safe_uint() in config_tty() conf/ile: use lxc_safe_uint() in config_kmsg() conf/ile: avoid atoi in config_lsm_aa_incomplete() conf/ile: use lxc_safe_uint() in config_autodev() conf/ile: avoid atoi() in config_ephemeral() utils: use lxc_safe_int() lxc_monitord: use lxc_safe_int() && use exit() start: use lxc_safe_int() conf: use lxc_safe_{u}int() tools/lxc_execute: use lxc_safe_uint() tools/lxc_stop: use lxc_safe_uint() utils: add lxc_safe_long() tests: add unit tests for lxc_safe_long() tools/lxc_stop: use lxc_safe_long() tools/lxc_top: use lxc_safe_int() tools/lxc_ls: use lxc_safe_uint() tools/lxc_autostart: use lxc_safe_{int,long}() tools/lxc_console: use lxc_safe_uint() tools: replace non-standard namespace identifiers Configure a static MAC address on the LXC bridge tests: remove overflow tests attach: do not send procfd to attached process
* Sat Nov 26 2016 opensuse_buildserviceAATTojkastl.de- delete patch 0002-replaced-she-bangs-containing-usr-bin-python3-with-t.patch- split up the deleted patch in single patches to make it easier to maintain - 0002-Changed-shebang-in-src-lxc-tools-lxc-start-ephemeral.patch - 0003-Changed-shebang-in-src-python-lxc-examples-api_test..patch - 0004-Changed-shebang-in-src-python-lxc-examples-pyconsole.patch - 0005-Changed-shebang-in-src-python-lxc-examples-pyconsole.patch - 0006-Changed-shebang-in-src-src-python-lxc-setup.py.in-to.patch
* Fri Oct 07 2016 opensuse_buildserviceAATTojkastl.de- update to version 2.0.5 This is the fifth bugfix release for LXC 2.0. The main bugfixes in this release are: Fix .gitignore after /tools/ split Add lxc-test-utils to .gitignore bdev: use correct overlay module name cleanup: tools: remove --name from lxc-top usage message cleanup: whitespaces in option alignment for lxc-execute Use full GPG fingerprint instead of long IDs. tools: move --rcfile to the common options list tools: set configfile after load_config doc: add --rcfile to common opts doc: Update Korean lxc-attach(1) doc: Add --rcfile to Korean common opts doc: Add --rcfile to Japanese common opts tools: use exit(EXIT_
*) everywhere tools: unify exit() calls outside of main() utils: Add mips signalfd syscall numbers seccomp: Implement MIPS seccomp handling seccomp: Add mips and mips64 entries to lxc_config_parse_arch seccomp: fix strerror() confile: add more archs to lxc_config_parse_arch() seccomp: add support for s390x seccomp: remove double include and order includes seccomp: non functional changes templates: use fd 9 instead of 200 templates: fedora requires openssl binary tools: use boolean for ret in lxc_device.c c/r: use /proc/self/tid/children instead of pidfile c/r: Fix pid_t on some arches templates: Add mips hostarch detection to debian cleanup: replace tabs wth spaces in usage strings remove extra \'ret\' c/r: write status only after trying to parse the pid set FULL_PATH_NAMES=NO in doc/api/Doxyfile templates: rm halt.target -> sigpwr.target symlink templates: remove creation of bogus directory console: use correct log name configure: add --disable-werror tests: fix get_item tests templates: use correct cron version in alpine template c/r: zero a smaller than known migrate_opts struct lxczfs: small fixes c/r: free valid_opts if necessary make rsync deal with sparse files efficiently lxc-create -t debian fails on ppc64el arch c/r: fix typo in comment cgroup: add new functions for interacting with hierachies utils: add lxc_deslashify c/r: pass --cgroup-roots on checkpoint cgroup: get rid of weird hack in cgfsng_escape cgroup: drop cgroup_canonical_path c/r: check that cgroup_num_hierarchies > 0 tools: do not add trailing spaces on lxc-ls -1 conf: retrieve mtu from netdev->link conf: try to retrieve mtu from veth c/r: detatch from controlling tty on restore Fix null derefence if attach is called without access to any tty utils: fix lxc_string_split() tools: lxc_deslashify() handle special cases tests: add unit tests for lxc_deslashify() Fix for ALTLinux container creation in all branches utils: lxc_deslashify() free memory Fix spelling of CentOS in the templates Define LXC_DEVEL to detect development releases tools: lxc-checkconfig conditionalize devpts check
* Wed Aug 17 2016 opensuse_buildserviceAATTojkastl.de- adapted patch 0002-replaced-she-bangs-containing-usr-bin-python3-with-t.patch to work with lxc version 2.0.4
* Wed Aug 17 2016 opensuse_buildserviceAATTojkastl.de- update to version 2.0.4 The main bugfixes in this release are: core: Add a prefix to the lxc.pc core: Add flag in mount_entry to skip NODEV in case of a persistent dev entry core: Add missing cgroup namespace to ns_info struct core: attach: setns instead of unshare in lxc-attach core: bdev: Add subdirectories to search path core: bdev: Be smarter about btrfs subvolume detection core: cgfsng: Don\'t pre-calculate path core: cgfsng: Fix is_lxcfs() and is_cgroupfs() core: cgroups: Move cgroup files to common subfolder core: conf: Set pty_info to NULL after free core: Detect if we should send SIGRTMIN+3 core: Replace readdir_r() with readdir() core: Set up MTU for vlan-type interfaces. core: tools, tests: Reorganize repo c/r: Add support for CRIU\'s --action-script c/r: Add support for ghost-limit in CRIU c/r: Drop in-flight connections during CRIU dump c/r: Initialize migrate_opts properly c/r: Make local function static c/r: Replace tmpnam() with mkstemp() c/r: Store criu version c/r: Use PRIu64 format specifier doc: Fix typo found by lintian doc: Update Japanese lxc-attach(1) doc: Update lxc-attach(1) lxc-attach: Add -f option (rcfile) lxc-attach: Cleanup whitespaces lxc-create: Add missing newline in output lxc-ls: Use correct runtime path templates: alpine: Add support for new arch templates: alpine: Mount tmpfs under /run templates: debian: Add more quotes to variables (at least $rootfs should now be covered) templates: debian: Avoid noisy perl warnings caused by missing locales templates: debian: fix regression when creating wheezy containers templates: debian: Make shellcheck (Ubuntu: 0.3.7-5 amd64) most possible happy tests: Add unit tests for lxc_string_in_array() tests: Add unit tests for lxc_string_replace()
* Wed Jun 29 2016 opensuse_buildserviceAATTojkastl.de- update to version 2.0.3 The main bugfixes in version 2.0.3 are: - apparmor: Refresh generated file The main bugfixes in version 2.0.2 were: - apparmor: add make-rslave to usr.bin.lxc-start - apparmor: Allow bind-mounts and {r}shared/{r}private - apparmor: allow mount move - apparmor: Update mount states handling - core: Drop lxc-devsetup as unneeded by current autodev - core: Fix redefinition of struct in6_addr - core: Include all lxcmntent.h function declarations on Bionic - c/r: c/r: use criu\'s \"full\" mode for cgroups - systemd: start containers in foreground when using the lxcAATT.service - templates: debian: Make sure init is installed - templates: oracle: Fix console login - templates: plamo: Fix various issues - templates: ubuntu: Install apt-transport-https by default - travis: ensure \'make install\' doesn\'t fail - travis: test VPATH builds - upstart: Force lxc-instance to behave like a good Upstart client
* Tue Jun 28 2016 opensuse_buildserviceAATTojkastl.de- lxc-devsetup was dropped from the package, thus now removed from %files section
* Tue Jun 28 2016 opensuse_buildserviceAATTojkastl.de- update to version 2.0.2 (changelog not yet available)
* Sat May 28 2016 opensuse_buildserviceAATTojkastl.de- removed dependency on libcap on
*SUSE, as libcap does not provide this any more and libcap-devel should pull in all needed packages
* Tue May 17 2016 opensuse_buildserviceAATTojkastl.de- bugfix release 2.0.1 apparmor: Also allow fstype=fuse for fuse filesystems attach: adapt lxc-attach tests & add test for pty logging attach: don\'t fail attach on failure to setup a SIGWINCH handler. attach: fix a variety of lxc-attach pts handling issues attach: switch console pty to raw mode (fixes ncurses-based programs) attach: use raw settings of ssh for pty bindings: fixed python-lxc reference to var before assignment in create() bindings: set PyErr when Container.__init__ fails cgfsng: defer to cgfs if needed subsystems are not available cgfsng: don\'t require that systemd subsystem be mounted core: Added missing type to keys in lxc_list_nicconfigs core: Allow configuration file values to be quoted core: log: remove duplicate definitons and bump buffer size core: sync: properly fail on unexpected message sizes core: Unshare netns after setting the userns mappings (fixes ownership of /proc/net) core: various fixes as reported by static analysis c/r: add an option to use faster inotify support in CRIU c/r: rearrange things to pass struct migrate_opts all the way down doc: ignore temporary files generated by doxygen doc: tweak manpage generation date to be compatible with reproducible builds doc: update MAINTAINERS doc: update to translated manpages init: add missing lsb headers to sysvinit scripts init: don\'t make sysv init scripts dependant on distribution specifics init: drop obsolete syslog.target from lxc.service.in lxc-attach: add logging option to manpage lxc-checkconfig: better render when stdout isn\'t a terminal lxc-create: fix -B best option lxc-destroy: avoid double print lxc-ls: use fewer syscalls when doing ipc templates: Add apt-transport-https to minbase variant of Ubuntu template templates: fix a typo in the capabilities name for Gentoo (sys_resource) templates: logic fix in the Centos template for RHEL7+ support templates: tweak Alpine DHCP configuration to send its hostname templates: tweak to network configuration of the Oracle template
* Thu Apr 07 2016 opensuse_buildserviceAATTojkastl.de- Released Version 2.0.0 Highlights All main LXC commands have now been rewritten in C lxc-ls lxc-device lxc-copy New lxc-copy command taking over the role of lxc-clone and lxc-start-ephemeral Much improved support for checkpoint/restore of containers Completely reworked cgroup handling including support for the cgroup namespace The various command line tools are now much more consistent Re-organized storage backend implementation, including addition of a Ceph RBD backend An enormous amount of bugfixes, most of which will be backported to 1.0 and 1.1 over the next few bugfix releases The C API remains backward compatible with previous versions and is released as 1.2 New configuration options lxc.ephemeral: Controls whether the container is ephemeral and so will be destroyed on shutdown lxc.rebootsignal: Allows to override the signal sent for container reboot lxc.hook.destroy: New hook being called on container destruction lxc.hook.stop: Run in the host context with references to the containers just before namespace teardown lxc.init_uid: Used by lxc-execute to set an alternative user lxc.init_gid: Used by lxc-execute to set an alternative group lxc.monitor.unshare: Allows unsharing the mount namespace prior to running any hook New features API: API version is 1.2, fully backward compatible with 1.1 and 1.0 new symbols: New migrate() symbol as an alternative to checkpoint() using a migrate_opts struct to simplify additions python3 Support for passing the storage backend to create() lua Add support for get_ips() Add support for get_interfaces() Add support for rename() Core: cgfsng: New cgroup backend driver for recent Linux kernel cgroup: Partial support for the new cgroup hierarchy cgroup: Support for the cgroup namespace checkpoint: Support checkpoint/restore of default LXC containers checkpoint: Support checkpoint/restore of unprivileged containers checkpoint: Support for the page server config: lxc.aa_profile: Now supports an \"unchanged\" value config: lxc.init_cmd: Now supports arguments config: lxc.network.macvlan.mode: Added support for the \"passthru\" mode config: lxc.rootfs.backend: Allows to override the storage backend (bypasses auto-detection) config: New nesting.conf configuration file to setup container nesting hooks: New LXC_CGNS_AWARE environment variable, set to 1 if LXC supports the cgroup namespace (the kernel however may not) hooks: New LXC_SRC_NAME environment variable is set in clone hook with the original container name hooks: New LXC_TARGET environment variable is set with the container goal (stop or reboot) logging: Updated logging timestamps to be a bit more readable lxc-usernet: Support for containers usning a veth interface without bridging lxc-usernet: Support for group-based quotas (use the AATT prefix) network: The bridge interface MTU is now used as the default container interface MTU start: The process title is now renamed to be easier to read storage: New Ceph RBD storage backend Documentation: Korean translation of all the man pages Commands: lxc-attach: Use an intermediate pts device to prevent attacks against the parent shell lxc-clone: Support for renaming containers lxc-start-ephemeral: Support for changing bind-mount targets Init systems: systemd: Support for instanced service units Templates New ALTLinux template New Slackware template New SPARCLinux template alpine: Support installing extra packages debian: Default to just \"main\" enabled, allow enabling other repositories through argument oracle: Set the timezone in the container openssh: Add OpenSSH support ubuntu: New -v option allowing the user to set the debootstrap variant ubuntu-cloud: Support for vendor-data passthrough Change in behavior¶ The lxc-autostart container startup order is now reversed (to be correct) The new cgfsng cgroup backend is now the recommended backend lxc.hook.post-stop failures are now fatal to container reboots
* Fri Apr 01 2016 opensuse_buildserviceAATTojkastl.de- update to version 2.0.0.rc15
* Wed Mar 30 2016 opensuse_buildserviceAATTojkastl.de- update to version 2.0.0.rc14
* Wed Mar 23 2016 opensuse_buildserviceAATTojkastl.de- update to version 2.0.0.rc13
* Tue Mar 22 2016 opensuse_buildserviceAATTojkastl.de- update to version 2.0.0.rc12
* Fri Mar 18 2016 opensuse_buildserviceAATTojkastl.de- defined macro for /etc/sysconfig or /etc/default on openSUSE or CentOS, to get the lxc-net file in the right place
* Fri Mar 18 2016 opensuse_buildserviceAATTojkastl.de- update to version 2.0.0.rc11
* Sat Mar 12 2016 opensuse_buildserviceAATTojkastl.de- update to version 2.0.0.rc10
* Wed Mar 09 2016 opensuse_buildserviceAATTojkastl.de- update to version 2.0.0.rc9
* Sun Mar 06 2016 opensuse_buildserviceAATTojkastl.de- update to version 2.0.0.rc5
* Sat Feb 27 2016 opensuse_buildserviceAATTojkastl.de- update to version 2.0.0.rc4
* Thu Feb 25 2016 opensuse_buildserviceAATTojkastl.de- version update to 2.0.0.rc3
* Mon Feb 22 2016 opensuse_buildserviceAATTojkastl.de- update to 2.0.0 RC2
* Thu Feb 18 2016 opensuse_buildserviceAATTojkastl.de- update to version 2.0.0~rc1
* Mon Feb 01 2016 opensuse_buildserviceAATTojkastl.de- changed patch 0002-replaced-she-bangs-containing-usr-bin-python3-with-t.patch, so it does not change the python3 package name in the lxc-opensuse template, only files containing the /usr/bin/python3.4 shebang
* Mon Feb 01 2016 opensuse_buildserviceAATTojkastl.de- update to version 2.0.0-beta2
* Tue Dec 22 2015 opensuse_buildserviceAATTojkastl.de- small changes to spec: %if-condition \'%if 0%{?fedora} < 15 || 0%{?rhel} < 7\' does not work reliably, as this fires when fedora or rhel are not defined
* Tue Dec 22 2015 opensuse_buildserviceAATTojkastl.de- preparation for release of lxc 2.0:
* added tarball for beta1
* changed version to 2.0.0
* set beta_rel to beta1
* Sat Dec 19 2015 opensuse_buildserviceAATTojkastl.de- changed rpm macro %{defined rhel} to 0%{rhel} >= 7 to only use python stuff on CentOS/RHEL 7 or newer
* Mon Dec 14 2015 opensuse_buildserviceAATTojkastl.de- changed rpm macro \'centos_version\' to \'rhel\' to allow building for RHEL as well (untested)
* Sat Dec 12 2015 opensuse_buildserviceAATTojkastl.de- added patches and modified spec, to allow building on CentOS_7 where python3 is only available from EPEL as package python34 containing /usr/bin/python3.4
* 0001-fixing-PKG_CHECK_MODULES-to-work-with-python-3.4-on-.patch
* 0002-replaced-she-bangs-containing-usr-bin-python3-with-t.patch
* Thu Nov 12 2015 opensuse_buildserviceAATTojkastl.de- update to version 1.1.5 Core:
* Fix handling of process title rename (now only on >= 3.19 kernels)
* Several improvements to overlayfs/aufs handling
* Needed directories are created if missing
* Better handling of absolute paths
* Better handling of cloning overlayfs containers
* Ignore trailing /init.scope in cgroup paths (needed for newer systemd)
* Allow checkpoint/restore of containers using non-bridged veth devices
* Properly initialize error_num (exit code tracking for the container)
* lxc-usernsexec: Re-open fds 0,1,2 separately (only if stdin is a tty) Init scripts:
* lxc-net: Start after network-online.target Commands:
* lxc-start: Allow preserving the PID namespace too Templates:
* archlinux: Fix systemd-sysctl service
* ubuntu-cloud: Use tar.xz tarballs by default (as tar.gz will soon be discontinued)
* ubuntu-cloud: Always exit 1 on error plus earlier changes from versions 1.1.3 and 1.1.4
* Sat Apr 18 2015 opensuse_buildserviceAATTojkastl.de- update to version 1.1.2
* core: Fix non-tty stdin during attach
* core: Improved container logging
* core: Fix cgroup handling for unprivileged containers
* core: Properly destroy overlayfs based containers
* core: Fix some multi-threading issues
* core: Various fixes to checkpoint/restore with CRIU
* docs: Various manpage updates
* tests: Fix hang in apparmor test
* centos: Properly detect the yum version
* centos: Don\'t mistakenly change tty.conf of the host
* gentoo: Fix /dev/shm handling- update to version 1.1.1
* config: Allow FUSE access by default (instead of individually in most templates)
* Make /proc/sys/net writable when using proc:mixed (required for network config)
* Set the process title of backgrounded LXC to an identifiable name
* Fix get_config_item with lxc.mount.auto
* Fix some tty issues with attach
* Add powerpc support to seccomp
* oracle: Fix unprivileged lxc-console
* centos: Fix unprivileged lxc-console
* plamo: Change way to create objects under /dev in the container
* lxc-top: Fix long container names rendering
* LVM: Use rdepends for non-thinpool container clones
* gentoo: Fix base image download
* Various manpages update
* Tue Feb 03 2015 opensuse_buildserviceAATTojkastl.de- restart boot.apparmor service after installation; restart code taken from apparmor package
* Mon Feb 02 2015 opensuse_buildserviceAATTojkastl.de- apparmor-parser is now required in 2.9 or higher, as lxc makes heavy use of abstractions
* Fri Jan 30 2015 opensuse_buildserviceAATTojkastl.de- Update to version 1.1.0 LXC 1.1 introduces checkpoint/restore support for containers through CRIU. This allows to serialize the container running state to disk, for live migration or for later local restoration of the container. Support for running systemd as the init system inside the container was also greatly improved and should now work by default both for privileged and unprivileged containers when combined with lxcfs and a recent systemd. Init scripts have now all been updated to provide the same feature set, which means that a lxcbr0 bridge with a DHCP and DNS server (dnsmasq) is now the default for anyone using LXC. We currently provide init scripts for systemd, sysvinit and upstart. New features
* lxc-autostart: New -A/--ignore-auto flag (starts all containers)
* lxc-ls: New \"interface\" field
* centos/fedora: Added a root_password_expired environment variable (defaults to yes)
* oracle: Allow installing from arbitrary yum repositories (including medias)
* oracle: Add Oracle Linux 7 support
* lxc-ls: Allow filtering containers by group even without --fancy
* core: Add support for qcow2 images (through qemu-img)
* lxc-autostart: Add support for the NULL group (any container with lxc.start.auto set to 1 but without a group)
* core: Track an unexpanded version of the configuration as well as comments (improves formatting of the save configuration)
* opensuse: Switch to using common configurations
* core: Allow lxc.cap.keep be set to none
* archlinux: Switch to using common configurations
* ubuntu: use btrfs subvolumes and snapshots when available
* seccomp: Set a default seccomp profile for all distros (blocks dangerous syscalls)
* core: Add support for Openvswitch bridges
* core: Add support for lxc.environment (sets extra environment variables)
* init: Add identical support of systemd, upstart and sysvinit scripts
* core: Add support for checkpoint and restore of containers using CRIU
* core: Add a new aa_allow_incomplete flag to allow container startup with partial apparmor support
* lxc-lua: Now a C binary installed by default (was a lua script)
* API: Addition of attach_interface and detach_interface
* lxc-device: Now a C binary installed by default (was a python3 script)
* lxc-config: Now supports querying lxc.cgroup.(use|pattern)
* core: Add new lxc.init_cmd config option to override the default init command (/sbin/init)
* lxc-start-ephemeral: Add new --cdir option (copy-on-write mounts)
* opensuse: Support multiple releases
* core: lxc.include now allows including directories (includes all the files with a .conf suffix)
* core: A new common.conf.d configuration directory is available for users and packages to drop configuration snippets to be applied to all containers
* core: The container_ttys environment variable is now set by LXC Change in behavior
* lxc-create now requires be passed (-t), use \"none\" for the old behavior.
* snapshots are now stored in the container\'s directory
* lxc.arch for PER_LINUX32 is now output as i686
* lxc-execute: lxc-init is now bind-mounted in the container if it can\'t be found
* lxc-start: containers now start daemonized by default
* core: pivot_root is now done with the use of lxc.pivotdir, as a result this option is now considered deprecated and will be removed in upcoming releases.
* core: with the switch to daemonized containers by default, close-all-fds is also now the default.
* core: lxc.autodev was reworked, it no longer uses /dev/lxc, instead mounting a tmpfs directly on the container\'s /dev, it also now works with unprivileged containers
* core: lxc.autodev is now on by default (can be overriden with lxc.autodev=0)
* core: lxc.kmsg is now disabled by default (can be overriden with lxc.kmsg=1)
* core: clear_config_item now exclusively affects lists (lxc_list) entries. set_config_item should be used for anything else.
* templates: All templates now use lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed (safe default configuration)
* Tue Jan 27 2015 opensuse_buildserviceAATTojkastl.de- slight adjustments to spec
* Tue Jan 27 2015 opensuse_buildserviceAATTojkastl.de- Update to 1.1.0~rc3
* Mon Jan 26 2015 opensuse_buildserviceAATTojkastl.de- Update to version 1.1.1~rc2
* Fri Jan 23 2015 opensuse_buildserviceAATTojkastl.de- added openSUSE_apparmor_mount.conf to allow running containers by setting lxc.aa_allow_incomplete = 1, as the apparmor patches regarding mount are not in the upstream kernel
* Fri Jan 23 2015 opensuse_buildserviceAATTojkastl.de- added dependency on correct lxc-libs version to the spec
* Fri Jan 23 2015 opensuse_buildserviceAATTojkastl.de- enabled python support, so lxc-ls does not lose functionality
* Thu Jan 22 2015 opensuse_buildserviceAATTojkastl.de- changed version to reflect rc1 correctly: 1.1.0~rc1
* Thu Jan 22 2015 opensuse_buildserviceAATTojkastl.de- changed release to include rc1
* Thu Jan 22 2015 opensuse_buildserviceAATTojkastl.de- update to 1.1.0-rc1
* Fri Jan 16 2015 opensuse_buildserviceAATTojkastl.de- openSUSE/SUSE related stuff without version check, except systemd-related things
* Tue Dec 16 2014 opensuse_buildserviceAATTojkastl.de- added excludes for rc
*links to avoid double packaging warnings
* Tue Dec 16 2014 opensuse_buildserviceAATTojkastl.de- Adding rclxc and rclxc-net links correctly
* Tue Dec 16 2014 opensuse_buildserviceAATTojkastl.de- Some Fedora/RHEL version require libcgroup, but the %if was not working properly. Fixed.
* Tue Dec 16 2014 opensuse_buildserviceAATTojkastl.de- systemd stuff including %preun and more stuff in %postun
* Tue Dec 16 2014 opensuse_buildserviceAATTojkastl.de- spec adjusted to version from upstream
* Mon Dec 15 2014 opensuse_buildserviceAATTojkastl.de- small changes to spec, to build correctly on 12.3
* Tue Dec 09 2014 opensuse_buildserviceAATTojkastl.de- changed spec to build on opensuse- fixed suse-filelist-forbidden-move-to-usr error
* Mon Dec 08 2014 opensuse_buildserviceAATTojkastl.de- created new package for lxc 1.1, now with alpha3
  
ICM