Weekly status for the weeks of the 22nd to the 28th of July.
Introduction
This past week has seen the release of LXC 3.2.1 and LXCFS 3.1.2, the release notes of which will follow this week.
Since then 2 regressions in LXC have been fixed related to passing NL 802.11 WiFi devices into containers and CPU sets.
LXCFS 3.1.2 also contains a fix for a regression relating to a new option structure that caused LXCFS to crash during certain upgrade scenarios.
On the LXD side there was continued improvements on the seccomp filtering feature, as well as a new disk property shift which was added to allow shifts overlay to be enabled. Shiftfs allows for dynamic UID/GID ‘shifting’ between host and container, allowing for quicker container creation when using unprivileged containers (avoiding the need to change ownership of all files in an image to the container’s UID/GID).
As part of the ongoing device handling re-work in LXD, all nic device handling has now been re-organised into a single code interface to make nic setup and tear down of different types of nic devices more manageable. We have have also made the validation of the device config more thorough so that only config keys relevant to the nic device being configured are allowed. The result of this is that if you are changing a nic type you may have to provide multiple config keys in one operation rather than multiple individual operations so that the config is never in an invalid state.
To make this easier, we have also made the device set command accept multiple config options in the form of key=value in the same form as the device add command.
On the distrobuilder side, 2 new community contributed distributions have been added; Void Linux and Funtoo Linux.
Upcoming events
- Linux Security Summit - San Diego
- Open Source Summit - San Diego
- Linux Plumbers Conference - Lisbon
-
Kernel Recipes - Paris
- Dates: September 25-27, 2019
- Attendees: @brauner
- Talks:
Ongoing projects
The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.
- Rework of internal LXD device handling
- Rework of internal LXD storage handling
- Ubuntu Core 18 support in distrobuilder
- Cloud-init for all distrobuilder images
- Various kernel work
- Stable release work for LXC, LXCFS and LXD
Upstream changes
The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.
LXD
- Device Interface NIC implementation
- forksyscall: introduce acquire_basic_creds()
- tests: Avoid event forwarding race condition
- checkfeature: ifdef SECCOMP_GET_ACTION_AVAIL
- test: Ensures SR-IOV tests remove all containers
- lxd/seccomp: Only define Go arch (and include elf)
- Add
shiftproperty on disk devices - shared/osarch: Add more aliases
- Various MAAS related fixes
- Rework all the
setcommands to allow key=value
LXC
- tree-wide: initialize all auto-cleanup variables
- pidfds: don’t print a scary warning on ENOSYS
- network: restore ability to move nl80211 devices
- cgroups: initialize cpuset properly
LXCFS
Distrobuilder
Distribution work
This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.
Ubuntu
- Nothing to report this week
Snap
- Nothing to report this week