Weekly status #155

Weekly status for the week of the 29th of June to the 5th of July.


The highlight of the past week was the release of LXD 4.3 and LXCFS 4.0.4. Please see the release notes for more information.


Virtual machines have gained support for the /dev/lxd device this past week. We also improved the way that memory is pinned to CPU in NUMA environments. Also memory related, we now detect and passthrough a hugetlbfs instance mount point if available.

VMs now allow the same custom volume to be concurrently used in multiple VMs (however this requires the filesystem being used to support concurrent use). Ephemeral VM support was also added.

On the clustering side, we have now added support for failure domains. This allows one to specify which failure domain a voting member belongs to, so that when a node is lost, a replacement node will be chosen from the same failure domain (if possible). This reduces the chance that losing a physical failure domain (such as power circuit, availability zone or VM host) can result in the database losing quorum and going offline.

LXC image exporting now supports exporting to /tmp when installed from the snap package.

Project names are now better validated to avoid situations where a project name (containing spaces) can cause issues with some underlying subsystems.

We now filter selinux xattr when rsyncing container (if supported by rsync) to avoid issues when copying containers when running selinux on the host.

The whitelist & blacklist terminology for the security.syscalls.* settings have been replaced with “allow” and “deny” equivalent settings.


On the LXC side, support for cloning directly into a cgroup has been added.

A fix has been added to attach to set PR_SET_NO_NEW_PRIVS after the LSM label has been added, to make consistent with normal container startup.

Terminology updates to change whitelist & blacklist settings to allowlist and denylist have been added, whilst maintaining support for the existing settings.

The lxc-download template has also some improvements with regards to gpg response handling.

An issue attaching BPF programs in a pure cgroupv2 environment has been fixed.


The Ubuntu example has been updated to use Focal.

Contribute to LXD

Ever wanted to contribute to LXD but not sure where to start?
We’ve recently gone through some effort to properly tag issues suitable for new contributors on Github: Easy issues for new contributors

Upcoming events

  • Nothing to report this week

Ongoing projects

The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.

  • Virtual machine support
  • Distrobuilder Windows support
  • Various kernel work
  • Stable release work for LXC, LXCFS and LXD

Upstream changes

The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.




  • Nothing to report this week


Distribution work

This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.


  • Nothing to report this week


  • Updated to LXD 4.3
  • Updated nft to 0.9.6
  • Cherry-picked upstream LXD bugfixes
  • Added NUMA support to QEMU build
  • Added some logic to handle Ubuntu Core appliances