Weekly status #150

Weekly status for the week of the 25th May to the 31st of May.



For LXD, this past week has seen several new features added.

Firstly the routed NIC type has gained support for the limits configuration keys that have previously only been available for bridged and p2p NIC types. The following keys can now be set on the NIC:

limits.ingress	string	-	no	I/O limit in bit/s for incoming traffic (various suffixes supported, see below)
limits.egress	string	-	no	I/O limit in bit/s for outgoing traffic (various suffixes supported, see below)
limits.max	string	-	no	Same as modifying both limits.ingress and limits.egress

The lxc network list command now outputs the IPv4 and IPv6 address of each network in the list where available.

For those using LXD with the RBAC service, LXD now supports using RBAC’s notification API to flush the cache when something has changed, meaning that changes are reflected in LXD sooner than using the previous polling approach.

A database query trace tool has been added which can be enabled by starting LXD with --debug --trace database which will then log all queries being executed.

We have also started changing LXD’s internal fork processes to using pidfs where available to remove the change of operating on the incorrect process when the system is under heavy contention. This week has seen the internal forkfile process moved over to using pidfs.

There have also been the usual bug fixes and resilience improvements.

Starting with storage, LXD now supports using VM images that are larger than the default 10GB block volume size (if volume.size is not set). However we will still refuse to unpack a VM image that is larger than the specified volume.size on a pool, as this setting provides protection against unpacking unexpectedly large images and filling your storage pool. Additionally when unpacking a VM image we now use qemu-img dd rather than qemu-img convert to convert the qcow2 image to raw. This is because we have found that using qemu-img convert can cause kernel instabilities when using ZFS or LVM ontop of a loopback file.

On the network side, several improvements to the way that we detect whether to use iptables or nftables for firewalling have been added. First, a bug that caused a hang when starting LXD when using iptables with a large ruleset has been fixed. We have also improved detection for nftables when running on systems that appear to support nftables at first, but when you actually try to create an nftable rule it fails. We now detect this scenario and treat it as nftables not supported.

The subprocess package has also had a go routine leak fixed. And a hang when backing up an instance and specifying an invalid compression method has been fixed as well.

The uevent injection feature has been fixed to work properly with udev for hotplugging devices.

Finally, the resources API has gained additional support for some aarch64 systems.


On the LXCFS front, a memory leak has been fixed which was primarily affecting users who have set lxcfs.loadavg=true.

Contribute to LXD

Ever wanted to contribute to LXD but not sure where to start?
We’ve recently gone through some effort to properly tag issues suitable for new contributors on Github: Easy issues for new contributors

Upcoming events

Ongoing projects

The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.

  • Virtual machine support
  • Distrobuilder Windows support
  • Various kernel work
  • Stable release work for LXC, LXCFS and LXD

Upstream changes

The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.





  • Nothing to report this week

Distribution work

This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.


  • Nothing to report this week


  • Cherry-picked upstream LXD bugfixes
  • Cherry-picked upstream LXC bugfixes
  • Cherry-picked upstream LXCFS bugfixes