LXC 4.0.1 LTS has been released

Introduction

The LXC team is pleased to announce the release of LXC 4.0.1!

This is the first bugfix release for LXC 4.0 which is supported until June 2025.

Bugfixes

This release fixes a number of issues that were reported shortly following the original 4.0.0 release. Some of the highlights include:

  • Tweak systemd ordering (start after remote-fs.target)
  • Fix various issues around attach and cgroups
  • Fix shutdown timeout not working on pidfd systems
  • Fix cgroup issue on 4.9 kernel
  • Fix write issues in /dev/stdout

The full list of commits is available below:

Detailed changelog
  • lxc_init: move main() down
  • lxc_init: add missing O_CLOEXEC
  • [lxc.service] Starts after remote-fs.target to allow containers relying on remote FS to work
  • tree-wide: harden mount option parsing
  • dir: use cleanup macro in dir_mount()
  • dir: improve dir backend
  • cgroups: fix attaching to the unified cgroup
  • conf: rework and fix leak in userns_exec_1()
  • commands: log actual errno when lxc_cmd_get_cgroup2_fd() fails
  • cgroups: move pointer dereference after check
  • cgroups: rework __cg_unified_attach()
  • attach: use close_prot_errno_disarm()
  • cgroups: remove unused variable
  • cgroups: fix unified cgroup attach
  • fixup i/o handler return values
  • Revert “cgroups: fix unified cgroup attach”
  • conf: introduce and use userns_exec_minimal()
  • conf: simplify userns_exec_minimal()
  • cgroups: use hidden directory for attaching cgroup
  • cgroups: please compilers
  • monitor process exited by signal SIGKILL, clean cgroup resource by third party
  • cgroups: move check for valid monitor process up
  • cgroups: better helper naming
  • tree-wide: s/recursive_destroy/lxc_rm_rf/g
  • verify cgroup controller name
  • cgroups: handle older kernels (e.g. v4.9)
  • start: log error when failing to create cgroup
  • cgroups: send two attach fds
  • cgroups: send two fds to attach to unified cgroup
  • start: remove unnecessary check for valid cgroup_ops
  • init: add ExecReload to lxc.service to only reload profiles
  • apparmor: generate ro,bind,remount rule list
  • autotools: don’t install run-coccinelle.sh
  • systemd: Add Documentation key
  • fix non-root user cannot write /dev/stdout
  • cgroups: fix “uninitialized transient_len” warning
  • utils: rework fix_stdio_permissions()
  • utils: use setres{u,g}id() in lxc_switch_uid_gid()
  • cgroups: fix build warning on GCC 7
  • lxccontainer: poll takes millisecond not seconds
  • Revert “start: remove unnecessary check for valid cgroup_ops”

Support and upgrade

The LXC 4.0 branch is supported until June 2025.
Only bugfixes and securitiy issues get included into the stable bugfix releases, so it’s always safe and recommended to keep up and run the latest bugfix release.

Downloads