Weekly status for the weeks of the 19th August to the 25th of August.
Introduction
This past week saw @brauner and @stgraber present at both the Linux Security Summit and Open Source Summit in San Diego, California.
LWN covered the Linux Security Summit talk here: https://lwn.net/Articles/796700/
On the development side, this past week has been a continuation of the LXD schema cleanup and devices being ported over to the new framework, with some additional improvements to Infiniband, Bridged and SR-IOV type devices.
Infiniband devices now support having a ‘short form’ MAC address specified that is 8 bytes of hex characters, e.g. lxc config device set c1 ib0 hwaddr 11:22:33:44:55:66:77:88. When specifying MAC addresses in this short form, rather than change the parent device’s entire MAC address (as it would if you specified the existing long form 20 byte variant) instead it will keep the first 12 bytes of the parent device’s MAC address the same and only change the last 8 bytes. The reason for this is that the first 12 bytes of an Infiniband MAC addresses are made up of identifiers related to the network the port is connected to (such as subnet and queue) which cannot be changed directly. By allowing a short form MAC address one can change the last 8 bytes of a device’s MAC address even if you don’t know which device is going to be selected by LXD (such as in the case of using Infiniband SR-IOV).
The 6 byte MAC address for Ethernet devices is also now validated for all other device types and is required to be lower case, e.g. lxc config device set c1 eth0 hwaddr 11:22:33:aa:bb:cc.
There was also a change to the behaviour that occurs when DHCP is disabled on a managed network. Previously when DHCP was disabled on a managed network by, for example, removing the IP address of the bridge interface, this would leave existing DHCP leases stored on disk. This had the effect of preventing any containers that were already running with a DHCP release from being able to be deleted or have their bridged device removed (as the DHCP release process couldn’t progress). Now when DHCP is disabled on a bridge interface the leases file is removed.
Upcoming events
-
Linux Plumbers Conference - Lisbon
- Dates: September 9-11, 2019
- Attendees: @brauner @stgraber @sforshee @tyhicks
- Talks:
- [Containers micro-conference] (organizers)](https://linuxplumbersconf.org/event/4/sessions/57/#20190910)
- System call interception
-
Kernel Recipes - Paris
- Dates: September 25-27, 2019
- Attendees: @brauner
- Talks:
- Open Source Summit - Europe - Lyon
- Linux Security Summit - Europe - Lyon
Ongoing projects
The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.
- Rework of internal LXD device handling
- Rework of internal LXD storage handling
- Distrobuilder 1.0 release
- Various kernel work
- Stable release work for LXC, LXCFS and LXD
Upstream changes
The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.
LXD
- New snapshot tables
- Device Infiniband resources package
- container/lxc: Removes volatile device keys when device is removed
- lxd/infiniband: Workaround weird sysfs behavior
- Device MAC improvements
- dnsmasq version check fix with different locales
- Fixes some issues with unix inotify
- Allow bridged device removal when DHCP disabled on parent network
- Makefile: Fix sqlite manifest path
- Fix selecting NULL description columns
- Adapt to new dqlite api
- lxd/storage/zfs: Fix error reporting
LXC
LXCFS
- macro: fix lxcfs_{error,debug,v} build error when VA_ARGS is empty
- fix container run pid host mode /proc/stat error log
Distrobuilder
Distribution work
This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.
Ubuntu
- Nothing to report this week
Snap
- Updated packaging for libco
- Cherry-picked upstream bugfixes
