Weekly status #112

Weekly status for the weeks of the 19th August to the 25th of August.


This past week saw @brauner and @stgraber present at both the Linux Security Summit and Open Source Summit in San Diego, California.

LWN covered the Linux Security Summit talk here: https://lwn.net/Articles/796700/

On the development side, this past week has been a continuation of the LXD schema cleanup and devices being ported over to the new framework, with some additional improvements to Infiniband, Bridged and SR-IOV type devices.

Infiniband devices now support having a ‘short form’ MAC address specified that is 8 bytes of hex characters, e.g. lxc config device set c1 ib0 hwaddr 11:22:33:44:55:66:77:88. When specifying MAC addresses in this short form, rather than change the parent device’s entire MAC address (as it would if you specified the existing long form 20 byte variant) instead it will keep the first 12 bytes of the parent device’s MAC address the same and only change the last 8 bytes. The reason for this is that the first 12 bytes of an Infiniband MAC addresses are made up of identifiers related to the network the port is connected to (such as subnet and queue) which cannot be changed directly. By allowing a short form MAC address one can change the last 8 bytes of a device’s MAC address even if you don’t know which device is going to be selected by LXD (such as in the case of using Infiniband SR-IOV).

The 6 byte MAC address for Ethernet devices is also now validated for all other device types and is required to be lower case, e.g. lxc config device set c1 eth0 hwaddr 11:22:33:aa:bb:cc.

There was also a change to the behaviour that occurs when DHCP is disabled on a managed network. Previously when DHCP was disabled on a managed network by, for example, removing the IP address of the bridge interface, this would leave existing DHCP leases stored on disk. This had the effect of preventing any containers that were already running with a DHCP release from being able to be deleted or have their bridged device removed (as the DHCP release process couldn’t progress). Now when DHCP is disabled on a bridge interface the leases file is removed.

Upcoming events

Ongoing projects

The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.

  • Rework of internal LXD device handling
  • Rework of internal LXD storage handling
  • Distrobuilder 1.0 release
  • Various kernel work
  • Stable release work for LXC, LXCFS and LXD

Upstream changes

The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.





Distribution work

This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.


  • Nothing to report this week


  • Updated packaging for libco
  • Cherry-picked upstream bugfixes

when lxd 3.0.4 get upload to deb repo ?

When I have some time to deal with the paperwork associated with this :frowning:

There is no security fixes in 3.0.4 and it’s readily available as a snap so it’s reasonably low priority to push those bugfix releases through (and I’m traveling a lot around this time of year which isn’t helping).

understand, but proxy device mem leak still annoying :slightly_smiling_face: