Changelog for
lxc-6.0.0-1.1.x86_64.rpm :
* Sun Apr 14 2024 Johannes Kastl
- fix builds on 15.5 or 5.5
* Sun Apr 14 2024 Johannes Kastl - update to 6.0.0: The LXC team is pleased to announce the release of LXC 6.0 LTS! This is the result of two years of work since the LXC 5.0 release and is the sixth LTS release for the LXC project. This release will be supported until June 2029.
* New multi-call binary¶ A new tools-multicall=true configuration option can be used to produce a single lxc binary which can then have all other lxc-XYZ commands be symlinked to. This allows for a massive disk space reduction, particularly useful for embedded platforms.
* Add a set_timeout function to the library A new set_timeout function is available on the main lxc_container struct and allow for setting a global timeout for interactions with the LXC monitor. Prior to this, there was no timeout, leading to potential deadlocks as there\'s also no way to cancel an monitor request. As a result of adding this new symbol to the library, we have bumped the liblxc symbol version to 1.8.0.
* LXC bridge now has IPV6 enabled The default lxcbr0 bridge now comes with IPv6 enabled by default, using an IPv6 ULA subnet. Support for uid/gid selection in lxc-usernsexec The lxc-usernsexec tool now has both -u and -g options to control what resulting UID and GID (respectively) the user wishes to use (defaulting to 0/0).
* Improvements to lxc-checkconfig lxc-checkconfig now only shows the version if lxc-start is present (rather than failing). Additionally, it\'s seen a number of other cosmetic improvements as well as now listing the maximum number of allowed namespaces for every namespace type.
* Support for squashfs OCI images The built-in oci container template can now handle squashfs compressed OCI images through the use of atomfs.
* Switched from systemd\'s dbus to dbus-1 LXC now uses libdbus-1 for DBus interactions with systemd rather than using libsystemd. The reason for this change is that libdbus-1 is readily available for static builds.
* Removed Upstart support Support for the Upstart init system has finally been removed from LXC. This shouldn\'t really affect anyone at this stage and allowed for cleaning up some logic and config files from our repository.
* Mon Jul 31 2023 Dirk Müller - update to 5.0.3:
* Fix nftables syntax for IPv6 NAT
* Added support for squashfs OCI images
* Fixes when running LXC with io_uring + detailed changelog at https://discuss.linuxcontainers.org/t/lxc-5-0-3-lts-has-been-released/17708
* Tue May 02 2023 Dominique Leuenberger - Update to version 5.0.2: + Fix a variety of build issues resulting from the switch to meson. + lxc-attach: Fix missing return codes. + core: Setup peer group for container\'s root. + checkconfig: Make output more useful on modern kernels. + lxc-user-nic: Fix issue resulting in leaking file existence to unprivileged users (CVE-2022-47952, boo#1206779).- Drop upstream fixed patches: + OPENSUSE-0001-meson.build-allow-explicit-distrosysconfdir.patch + OPENSUSE-0002-build-detect-where-struct-mount_attr-is-declared.patch + OPENSUSE-0003-build-detect-sys-pidfd.h-availability.patch + OPENSUSE-0004-cgroups-fix-Waddress-warning.patch + OPENSUSE-0005-build-fix-handling-of-dependancies-to-fix-build-on-o.patch + OPENSUSE-0006-build-only-build-init.lxc.static-if-libcap-is-static.patch + OPENSUSE-0007-build-drop-build-time-systemd-dependency.patch + UPSTREAM-4187.patch
* Mon Nov 07 2022 Guillaume GARDET - Add patch to fix build on Arm:
* UPSTREAM-4187.patch- Refresh OPENSUSE-0005-build-fix-handling-of-dependancies-to-fix-build-on-o.patch due to the new patch
* Fri Oct 28 2022 Aleksa Sarai - Update to LXC 5.0.1. boo#1204842 Bugfixes:
* Fixed a mount issue resulting in container startup failure when host bind-mounts were used
* Various meson packaging fixes especially around libcap detection Major changes from LXC 5.0:
* Switch to meson build tooling.
* New cgroup configuration options.
* Time namespace support.
* VLAN support on veth devices.
* Configurable tx/rx queues on veth devices.- Remove all of the missing_setuid warning logic -- all modern openSUSE versions have the necessary permissions configuration and thus we don\'t need to handle this case anymore.- Backport in order to fix the build on openSUSE: + OPENSUSE-0001-meson.build-allow-explicit-distrosysconfdir.patch + OPENSUSE-0002-build-detect-where-struct-mount_attr-is-declared.patch + OPENSUSE-0003-build-detect-sys-pidfd.h-availability.patch + OPENSUSE-0004-cgroups-fix-Waddress-warning.patch + OPENSUSE-0005-build-fix-handling-of-dependancies-to-fix-build-on-o.patch + OPENSUSE-0006-build-only-build-init.lxc.static-if-libcap-is-static.patch + OPENSUSE-0007-build-drop-build-time-systemd-dependency.patch- Remove no longer needed backports: - 0001-Backport-Commit-build-detect-where-struct-mount_attr.patch
* Wed Oct 19 2022 Johannes Kastl - re-enable FORTIFY_SOURCE=3- add patch 0001-Backport-Commit-build-detect-where-struct-mount_attr.patch This patch backports the fix from https://github.com/lxc/lxc/pull/4179/commits/c1115e1503bf955c97f4cf3b925a6a9f619764c3 The patch fixes the code so builds are no longer failing due to gcc errors -Werror=implicit-function-declaration and - Werror=incompatible-pointer-types
* Wed Oct 19 2022 Aleksa Sarai - Always build with seccomp support on every architecture. boo#1199963
* Sun Sep 25 2022 Johannes Kastl - fix build by using FORTIFY_SOURCE=2
* Sun Jun 05 2022 munix9AATTgooglemail.com- Fix Tumbleweed build.
* Tue Feb 22 2022 Johannes Kastl - update to 4.0.12: Bugfixes¶
* Fixed CRIU restoration of containers with pre-created veth interfaces
* Fixed issue with kernels lacking SMT support
* Extended cgroup2 config options in lxc.mount.auto (cgroup2)
* lxc-download now relies on HTTPS for validation (avoids GPG issues)- drop patch 0003-templates-lxc-download.in-use-GPG-option-receive-key.patch as upstream remove the GPG functionality
* Tue Feb 22 2022 Johannes Kastl - update to 4.0.11: Bugfixes
* Core scheduling support (lxc.sched.core)
* riscv64 support in lxc.arch
* Significantly improved bash completion profile
* Greater use of the new VFS mount API (when supported by the kernel)
* Fix containers with empty network namespaces
* Handle kernels that lack TIOCGPTPEER
* Improve CPU bitmask/id handling (handle skipped CPU numbers)
* Reworked the tests to run offline
* Tue Oct 12 2021 Johannes Kastl - use --withpamdir and use pam macros to fix UsrMerge problems- update to 4.0.10 Bugfixes
* Fix issues with less common architectures
* Support for additional idmap mounts
* nft support in lxc-net
* Cleaner mount entries for sys:mixed
* Switched GPG server to keyserver.ubuntu.com
* Mon May 31 2021 Johannes Kastl - fix wrong Source URLs in spec
* Mon May 24 2021 Johannes Kastl -update to 4.0.9:
* You may have noticed the sudden jump from 4.0.6 to 4.0.9, that\'s because 4.0.7 and 4.0.8 both included regressions that were reported by early users and were considered bad enough to require a new release.
* Testing improvements including fixes from oss-fuzz
* Rework of the attach codepath
* Cgroup handling rework
* for full list of changes see https://discuss.linuxcontainers.org/t/lxc-4-0-9-lts-has-been-released/10999
* Mon May 24 2021 Johannes Kastl - update to 4.0.6:
* Improve handling for compatibility architectures for seccomp
* Harden seccomp notifier implementation
* Rework parsing of /proc//mountinfo to handle kernel regression https://bugzilla.kernel.org/show_bug.cgi?id=209971
* Improve network device restoration
* Significantly cleanup and harden config file parsing
* Support new capabilities CAP_PERFORM, CAP_BPF, and CAP_CHECKPOINT_RESTORE
* Harden containers started without CAP_NET_ADMIN
* for full list of changes see https://discuss.linuxcontainers.org/t/lxc-4-0-6-lts-has-been-released/9926