LXC 3.0.3 has been released

lxc
release

(Stéphane Graber) #1

Introduction

The LXC team is pleased to announce the release of LXC 3.0.3!

As a stable bugfix release, no major changes have been done, instead focusing on bugfixes and minor usability improvements.

Highlights

  • Improved our default build flags to make use of compiler hardening
  • Added support for netlink strict property checking on newer kernels
  • Added support for new netlink interface/address netns API
  • Added handling of the kernel keyring on startup

Bugfixes (LXC)

  • CONTRIBUTING: Update reference to kernel coding style
  • CONTRIBUTING: Link to latest online kernel docs
  • CONTRIBUTING: Direct readers to CODING_STYLE.md
  • CODING_STYLE: Mention kernel style in introduction
  • CONTRIBUTING: Add ‘be’ to fix grammar
  • CODING_STLYE: Simplify explanation for use of ‘extern’
  • CODING_STLYE: Remove sections implied by ‘kernel style’
  • CODING_STYLE: Fix non-uniform heading level
  • CODING_STYLE: Update section header format
  • cmd: Use parenthesis around complex macro
  • cmd: Use ‘void’ instead of empty parameter list
  • cmd: Do not use braces for single statement block
  • cmd: Fix whitespace issues
  • cmd: Use ‘const’ for static string constant.
  • cmd: Remove unnecessary whitespace in string
  • cmd: Put trailing */ on a separate line
  • cmd: Remove typo’d semicolon
  • cmd: Do not use comparison to NULL
  • lxc_init: s/SYSDEBUG()/SYSERROR()/g in remove_self
  • tools: lxc-attach: add default log priority & cleanups
  • tools: lxc-cgroup: add default log priority & cleanups
  • tools: lxc-checkpoint: add default log priority & cleanups
  • tools: lxc-console: add default log priority & cleanups
  • tools: lxc-create: add default log priority & cleanups
  • tools: lxc-destroy: add default log priority & cleanups
  • tools: lxc-device: add default log priority & cleanups
  • tools: lxc-execute: add default log priority & cleanups
  • tools: lxc-start: add default log priority & cleanups
  • tools: lxc-stop: add default log priority & cleanups
  • tools: lxc-freeze: add default log priority & cleanups
  • tools: lxc-unfreeze: add default log priority & cleanups
  • storage_utils: move duplicated function from tools
  • tools: fix lxc-execute command parsing
  • lseek - integer overflow
  • cmd: lxc-user-nic: change log macro & cleanups
  • cmd: lxc-usernsexec reorder includes
  • cmd: move declarations to macro.h
  • cmd: use utils.{c,h} helpers in lxc-usernsexec
  • cmd: simplify lxc-usernsexec
  • cmd: use safe number parsers in lxc-usernsexec
  • macro: add missing headers
  • macro: add macvlan properties
  • tools: Indicate container startup failure
  • storage: exit() => _exit(). when exec is failed, child process needs to use _exit()
  • tools: lxc-wait: add default log priority & cleanups
  • conf: fix path/lxcpath mixups in tty setup
  • cmd: use goto for cleanup in lxc-usernsexec
  • cmd: Do not reassign variable before it is used
  • cmd: Reduce scope of ‘count’ variable
  • cmd: Fix format issues found by clang-format
  • list: fix indent
  • utils: split into {file,string}_utils.{c,h}
  • pam_cgfs: build from the same sources as liblxc
  • conf: fix devpts mounting when fully unprivileged
  • macro: s/rexit()/_exit()/g
  • attach: move struct declaration to top
  • macro: move macros from attach.c
  • Makefile: don’t allow undefined symbols
  • autotools: check if compiler is new enough
  • log: handle strerror_r() versions
  • autotools: add --{disable,enable}-thread-safety
  • log: fail build on ENFORCE_THREAD_SAFETY error
  • {file,string}_utils: remove NO_LOG
  • initutils: remove useless comment
  • string_utils: remove unnecessary include
  • string_utils: remove unused headers
  • string_utils: add remove_trailing_slashes()
  • Makefile: remove last pam_cgfs special-casing
  • conf: add missing headers
  • Fix typo
  • ifaddrs: add safe implementation of getifaddrs()
  • Makefile: conditionalize ifaddrs.h inclusion
  • execute: skip lxc-init logging when unprivileged
  • execute: pass /proc/self/fd/
  • tests: cleanup get_item.c
  • build: fix musl
  • configure: reorder header checks
  • compiler: add compiler.h header
  • commands: return -1 on lxc_cmd_get_init_pid() err
  • tests: add basic.c
  • tests: cleanup Makefile
  • commands: ensure -1 is sent on EPIPE for init pid
  • macro: add LXC_AUDS_ADDR_LEN
  • macro: move LXC_CMD_DATA_MAX from commands.h
  • macro: add PTR_TO_INT() and INT_TO_PTR()
  • macro: add INTTYPE_TO_STRLEN()
  • caps: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
  • cgfsng: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
  • confile: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
  • log: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
  • lsm: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
  • macro: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
  • lxccontainer: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
  • monitor: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
  • network: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
  • string_utils: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
  • utils: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
  • tools: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
  • conf: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
  • tests: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
  • macro: final INTTYPE_TO_STRLEN() related cleanups
  • macro: coding style fixes
  • Makefile: correctly add ifaddrs to noinst_HEADERS
  • start: remove duplicate macros
  • caps: move macros to macro header
  • string_utils: use UINT64_MAX macro
  • tree-wide: use sizeof on static arrays
  • Revert “tree-wide: use sizeof on static arrays”
  • commands: pass around intmax_t
  • commands: assign before converting to pointer
  • macro: calculate buffer lengths correctly
  • Revert “Revert “tree-wide: use sizeof on static arrays””
  • macro: move MS_* macros
  • caps: fix illegal access to array bound
  • utils: defensive programming
  • nl: remove duplicated define
  • syntax error: mismatch brace
  • commands: better error message
  • file_utils: add lxc_recv_nointr()
  • commands: switch to setting errno and returning -1
  • log: do not clobber errno
  • log: save errno on strerror_r()
  • tree-wide: s/recv()/lxc_recv_nointr()/g
  • file_utils: add lxc_send_nointr()
  • tree-wide: s/send()/lxc_send_nointr()/g
  • nl: save errno on lxc_netns_set_nsid()
  • log: log_append_logfile() add new error path
  • lxccontainer: fix dereferenced pointer
  • lxc: fix build with --disable-werror
  • utils: improve get_ns_uid() and add get_ns_gid()
  • utils: improve lxc_switch_uid_gid()
  • log: support dlog
  • attach: handle id switching smarter
  • start: avoid unnecessary syscalls
  • utils: make lxc_setgroups() return bool
  • utils: make lxc_switch_uid_gid() return bool
  • lxccontainer: use correct pid_t type
  • conf: remove extra MS_BIND with sysfs:mixed
  • network: use correct type in lxc_netns_set_nsid()
  • network: add lxc_netns_get_nsid()
  • remove unused variables
  • file_utils: remove unused function
  • network: minor tweaks
  • add compile flags for dlog
  • log: add common functions
  • log: add additional info of dlog
  • attach: don’t shutdown ipc socket in child
  • security: fix too wide or inconsistent non-owner permissions
  • attach: report standard shell exit codes
  • af_unix: add function to remove duplicated codes for set sockaddr
  • lxccontainer: remove locks from set_cgroup_item()
  • lxccontainer: remove locks from get_cgroup_item()
  • apparmor: account for specified rootfs path (closes #2617)
  • conf: realpath() uses null as second parameter to prevent buffer overflow
  • start: s/backgrounded/daemonize/g
  • cgfsng: mark ops with __cgfsng_ops__ attribute
  • autotools: add -Wimplicit-fallthrough
  • cgroup: rename container specific cgroup functions
  • cgroups: s/fullcgpath/container_full_path/g
  • cgroups: add missing string.h include
  • cgroups: s/base_cgroup/container_base_path/g
  • autotools: fix wrong AX_CHECK_COMPILE_FLAG test
  • compiler: s/__fallthrough__/__fallthrough/g
  • compiler: s/__noreturn__/__noreturn/g
  • cgfsng: s/__cgfsng_ops__/__cgfsng_ops/g
  • macro: add STRLITERALLEN() and STRARRAYLEN()
  • tree-wide: replace sizeof() with SIZEOF2STRLEN()
  • compiler: __attribute__((noreturn)) on bionic
  • autotools: support -Wcast-align
  • autotools: support -Wstrict-prototypes
  • network: add netns_getifaddrs() implementation
  • tree_wide: switch to netns_getifaddrs()
  • netns_ifaddrs: mark casts as safe
  • autotools: fix lxc_user_nic build
  • stop: Only freeze if freezer is available
  • doc: tweak documentation a little
  • cgfsng: set errno to ENOENT on get_hierarchy()
  • cgfsng: s/cgfsng_destroy/cgfsng_payload_destroy/g
  • cgfsng: s/25/INTTYPE_TO_STRLEN(pid_t)/g
  • compiler: fix __noreturn on bionic
  • compiler: add __hot attribute
  • netns_ifaddrs: fix missing include
  • autools: prevent dlog build on stable branch
  • tree-wide: fix includes to fix bionic builds
  • template: oci template supports for char user info
  • btrfs: fix btrfs containers
  • oci-template: Add logic for no /etc/passwd, group
  • configure: fix -Wimplicit-fallthrough check
  • utils: add lxc_setup_keyring()
  • autotools: support -z relro and -z now
  • netns_ifaddrs: handle IFLA_STATS{64} correctly
  • syscall_wrappers: add pivot_root()
  • raw_syscalls: add lxc_raw_execveat()
  • raw_syscalls: add lxc_raw_clone{_cb}()
  • raw_syscalls: add lxc_raw_getpid()
  • autotools: fix lxc init build
  • autotools: fix lxc-monitord build
  • autotools: fix lxc-user-nic build
  • autotools: fix lxc-usernsexec build
  • tests: add missing build dependencies
  • netns_ifaddrs: only use struct rtnl_link_stats64
  • cgroups: remove unnecessary line
  • netns_iaddrs: remove unused functions
  • parse: prefault config file with MAP_POPULATE
  • cgfsng: avoid tiny race window
  • utils: fix lxc_set_death_signal()
  • cgfsng: handle v1 cpuset hierarchy first
  • syscall_wrappers: move memfd_create()
  • syscall_wrappers: move setns()
  • syscall_wrappers: move sethostname()
  • syscall_wrappers: move unshare()
  • syscall_wrappers: move signalfd()
  • raw_syscalls: move lxc_raw_gettid()
  • tools: lxc-start: remove unused argument
  • tools: lxc-unshare: remove unnecessary initialization
  • parse: remove access() check
  • parse: report errors when failing config parsing
  • macro: add PATH_MAX
  • cmd: s/MAXPATHLEN/PATH_MAX/g
  • conf: s/MAXPATHLEN/PATH_MAX/g
  • confile: s/MAXPATHLEN/PATH_MAX/g
  • log: s/MAXPATHLEN/PATH_MAX/g
  • lxccontainer: s/MAXPATHLEN/PATH_MAX/g
  • macro: s/MAXPATHLEN/PATH_MAX/g
  • network: s/MAXPATHLEN/PATH_MAX/g
  • pam: s/MAXPATHLEN/PATH_MAX/g
  • start: s/MAXPATHLEN/PATH_MAX/g
  • terminal: s/MAXPATHLEN/PATH_MAX/g
  • utils: s/MAXPATHLEN/PATH_MAX/g
  • storage: s/MAXPATHLEN/PATH_MAX/g
  • tools: s/MAXPATHLEN/PATH_MAX/g
  • attach: reset signal mask
  • start: change log level
  • file_utils: fix too wide or inconsistent non-owner permissions
  • attach: fix missing pthread.h include
  • macro: add NETLINK_DUMP_STRICT_CHK
  • macro: add SOL_NETLINK
  • netns_ifaddrs: check for NETLINK_DUMP_STRICT_CHK
  • parse: do not mask failed parse
  • test: test invalid config keys
  • confile: remove unused variable
  • parse: fix uninitialized pointer access
  • fix rpm packaging error for static library
  • fix post section script error for rpm install
  • conf: log prlimit setup
  • conf: verify_start_hooks() after lxc.mount.entry
  • checkpoint: fix running do_dump()
  • monitor: log cleanups
  • monitor: checking name too long to make monitor sock name
  • commands_utils: improve code redundancy to make abstract unix socket name
  • monitor: fix coding standard
  • autools: use -fno-strict-aliasing
  • checkconfig: Handle missing kernel version
  • lxc-init: log to /dev/console
  • autotools: fix --disable-commands builds
  • string_utils: fix global buffer overflow issue
  • include: simplify strlcpy()
  • raw_syscalls: ensure function always returns value
  • confile: fix append_unexp_config_line()
  • parse: protect against config updates during parse
  • parse: fix uninitialized value
  • tree-wide: coding style fixes
  • start: simplify
  • autotools: compiler based hardening
  • coverity: update .travis.yml
  • coverity: update .travis.yml
  • coverity: update .travis.yml
  • coverity: update .travis.yml
  • coverity: update .travis.yml
  • confile: do not overwrite global variable
  • commands: simplify
  • cgfsng: move increment out of branch
  • monitord: do not hide global variable
  • tools/lxc_copy: do not hide global variable
  • tools/lxc_top: do not hide global variable
  • tools/lxc_info: do not hide global variable
  • state: remove tautological check
  • conf: remove tautological check
  • conf: use O_CLOEXEC in lxc_pivot_root()
  • conf: remove tautological check
  • lxccontainer: remove check from goto target
  • start: prevent values smaller 0
  • tools/lxc_stop: use correct check
  • cmd/lxc_init: do not hide global variable
  • coverity: #1440391
  • coverity: #1440389
  • coverity: #1426130
  • storage_utils: add error handling
  • storage_utils: cleanups
  • storage_utils: use _exit() instead of exit() in child process
  • parse: cleanups
  • dlog: inherit dlog fds
  • spelling: allocate
  • spelling: ambiguous
  • spelling: answer
  • spelling: architecture
  • spelling: array
  • spelling: asynchronous
  • spelling: backingstorage
  • spelling: capabilities
  • spelling: character
  • spelling: checkpoint
  • spelling: comma
  • spelling: command
  • spelling: committer
  • spelling: configuration
  • spelling: constant
  • spelling: container
  • spelling: control
  • spelling: convenience
  • spelling: could
  • spelling: describing
  • spelling: device
  • spelling: exiting
  • spelling: explicitly
  • spelling: feature
  • spelling: github
  • spelling: hierarchy
  • spelling: hoops
  • spelling: ifindices
  • spelling: implementations
  • spelling: inherited
  • spelling: initialize
  • spelling: javascript
  • spelling: keepdata
  • spelling: libraries
  • spelling: loglevel
  • spelling: namespace
  • spelling: otherwise
  • spelling: output
  • spelling: overlayfs
  • spelling: overridden
  • spelling: override
  • spelling: passphrase
  • spelling: perhaps
  • spelling: pertains
  • spelling: portion
  • spelling: potentially
  • spelling: returns
  • spelling: root
  • spelling: securityfs
  • spelling: snapshotting
  • spelling: specified
  • spelling: specify
  • spelling: subtracting
  • spelling: successfully
  • spelling: syscall
  • spelling: timeout
  • spelling: unsigned
  • spelling: userns
  • spelling: without
  • lxcmntent: coding rules
  • string_utils: coding rules
  • log: fix too wide or inconsistent non-owner permissions
  • coverity: move to separate branch
  • include: correctly include macro.h
  • Fix spacing error in namespace.c
  • caps: replace read with lxc_read_nointr
  • log: replace write with lxc_write_nointr
  • dlog: move match_dlog_fds()
  • conf: s/ty/tty/g
  • pam_cgfs: remove redundancy file utils
  • cgfs: remove redundancy utils
  • pam_cgfs: remove dependency from cap & log
  • utils: fix coding styles
  • utils: add errno logs for exception case
  • Adds -qq flags to lvcreate commands to avoid answer ‘no’ to ant questions the LVM subsystem asks to avoid hanging lxc-create command
  • utils: make keyring allocation failure non-fatal
  • autotools: fix lxc-{create,copy} build
  • cgfsng: remove freezer requirement
  • start: don’t call cgroup_exit() twice

Bugfixes (LXC templates)

  • alpine: Make dropping setpcap optional
  • plamo: Update the default version to 7.x
  • sabayon: Don’t fail on existing directories

Bugfixes (python3 binding)

  • No changes in this release, version bump only

Support and upgrade

LXC 3.0.3 is supported until June 2023 and is our current LTS release, users are encouraged to update to the latest bugfix releases as they’re made available.

Downloads


(Stéphane Graber) #2