Weekly status for the weeks of the 26th August to the 1st of September.
Introduction
This past week has seen the DQLITE 1.0 release along with it’s own web site launch. DQLITE is the distributed SQLITE database engine used in LXD for clustering and developed by the LXD team. However it is a separate project that is not tied to LXD. This release means the API for DQLITE is now stable.
On the LXD side, as well as the ongoing work to migrate the disk device type to the new device framework, changes were also made to update LXD to work with the DQLITE API changes in the 1.0 release.
An updated AppArmor profile was added to prevent containers from writing to /proc/acpi/**
when running privileged containers.
A bug was fixed in the 3.0 LTS branch that prevented the proxy device from starting in TCP mode when run inside the snap.
On the LXC side, as well as adding the same AppAmor profile update as LXD above, there was also support added for the cgroup2 freezer and a regression fixed in lxc-attach
to ensure the exit status is returned.
On the distrobuilder new documentation has been added to the project to make it more accessible for new and existing users.
Upcoming events
-
Linux Plumbers Conference - Lisbon
- Dates: September 9-11, 2019
- Attendees: @brauner @stgraber @sforshee @tyhicks
- Talks:
- [Containers micro-conference] (organizers)](https://linuxplumbersconf.org/event/4/sessions/57/#20190910)
- System call interception
-
Kernel Recipes - Paris
- Dates: September 25-27, 2019
- Attendees: @brauner
- Talks:
- Open Source Summit - Europe - Lyon
- Linux Security Summit - Europe - Lyon
Ongoing projects
The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.
- Rework of internal LXD device handling
- Rework of internal LXD storage handling
- Distrobuilder 1.0 release
- Various kernel work
- Stable release work for LXC, LXCFS and LXD
Upstream changes
The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.
LXD
- forkproxy: Fixes bug where proxy wouldn’t start in snap environment
- Adapt to new go dqlite api
- lxd/apparmor: Prevent writes to /proc/acpi/**
- Add basic auth example
- Adapt to changed dqlite.New() signature, not requiring NodeInfo anymore
LXC
- Use file/directory names from macro.h
- suppress false-negative error in templates and nvidia hook
- try to fix search user instead of search substring
- [aa-profile] Deny access to /proc/acpi/**
- cgroups: support cgroup2 freezer
- lxc-attach: make sure exit status of command is returned
- cgroups: initialize cgroup root directory
- cgroup: bugfixes
LXCFS
- Nothing to report this week
Distrobuilder
- shared: Remove source.ignore_release
- Add documentation
- doc: Make readthedocs ready to use
- doc: Add configuration for readthedocs
- doc: Use source.variant for Ubuntu Core
Distribution work
This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.
Ubuntu
- Nothing to report this week
Snap
- Nothing to report this week