Weekly Update Templates (7).png960×540 47.8 KB

Introduction

The highlight of this past week was the release of LXD 3.14 on Thursday following a few days of last minute debugging and small improvements.

Of note were improvements to syscall interception which can now be experienced by users of the LXD edge snap. Improvements there included allowing overlayfs whiteout file creation and support for the mknodat syscall allowing for more complex uses of Docker inside of LXD containers.

Quite a number of fixes around networking and clustered DNS also got merged ahead of that release, which should significantly improve the reliability of network interface hotplug and DNS record forwarding within LXD clusters.

@stgraber participated in the Montreal Snapcraft Summit last week, working on improving the LXD snap and spending time with folks at Travis-CI to improve their integration with LXD.

Upcoming events

• Linux Security Summit - San Diego
  • Dates: August 19-21
  • Attendees: @brauner, @hallyn, @stgraber and @tych0
• Open Source Summit - San Diego
  • Dates: August 21-23
  • Attendees: @brauner, @hallyn, @stgraber and @tych0
  • Talks:
    • Getting started with LXD and system containers (workshop)
    • New container kernel features
• Linux Plumbers Conference - Lisbon
  • Dates: August 21-23
  • Attendees: @brauner and @stgraber
  • Talks:
    • Containers micro-conference
• Kernel Recipes - Paris
  • Dates: September 25-27, 2019
  • Attendees: @brauner
  • Talks:
    • pidfds: Process file descriptors on Linux

Ongoing projects

The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.

• Isolated networking
• Rework of internal LXD storage handling
• Dqlite 1.0
• Various kernel work
• Stable release work for LXC, LXCFS and LXD

Upstream changes

The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.

LXD

• network: physical and macvlan nictype MTU support
• networks: Maintain DNS clustered mode config during LXD init and node changes
• doc: IPVLAN doc tweaks for gateway and DNS nameservers
• main_forkdns: Ensures forkdns remains running when LXD exits
• main_forkdns: Restores usage output text when running with no arguments
• seccomp: Fix building and overlayfs witheout
• seccomp: handle mknodat
• lxd/volumes: Allow quota on ext4
• networks: Save & restore container routes on network start
• forkmknod: attach to mntns when task is chrooted
• lxd/patches: Fix handling of containers-snapshots
• lxd/storage/btrfs: Fix qgroup handling
• seccomp: define __NR_mknod if missing
• seccomp: rework missing syscall number definitions

LXC

• seccomp: align with upstream libseccomp
• seccomp: s/SCMP_FLTATR_NEW_LISTENER/SECCOMP_FILTER_FLAG_NEW_LISTENER/g
• seccomp: add ifdefine for SECCOMP_FILTER_FLAG_NEW_LISTENER
• Centralize hook names
• seccomp: do not set SECCOMP_FILTER_FLAG_NEW_LISTENER
• doc: add a note about shared ns + LSMs to Japanese doc
• Switch from gnutls to openssl for sha1
• network: fix lxc_netdev_rename_by_index()
• Fixed file descriptor leak for network namespace

LXCFS

• Nothing to report this week

Distrobuilder

• Nothing to report this week

Distribution work

This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.

Ubuntu

• Nothing to report this week

Snap

• Added libseccomp to the edge snap
• Bumped ZFS to 0.8
• Bumped ZFS to 0.8.1
• Updated to LXD 3.14
• Cherry-picked upstream bugfixes