Weekly status for the week of the 14th of September to the 20th of September.
Introduction
The highlight of the past week was the release of LXD 4.6. Please see the release notes for more information.
LXD
LXD projects gained a new setting called features.networks which enables the creation of OVN networks in projects.
On the container front, support for UID/GID unshifting ACL flags on files has been added.
On the VM front, we are now running Qemu with an AppArmor profile for improved security. Also, an issue with VM snapshots on BTRFS causing transferred disk images to be unbootable has been fixed.
Also on the storage front, an issue that prevented creating EXT4 filesystem volumes on non-glibc systems with a recent version of mkfs.ext4 due to argument ordering differences has been fixed.
On the networking front, an fix that we added in LXD 4.5 to skip IPv4 address with a /32 subnet when searching for the address of the node when generating the fan address from the underlay subnet when using fan networking introduced a larger issue when running LXD on GCP as all GCP interfaces use /32 subnets. So we have reverted the fix and now skip IPs on the lo interface (which should also cover the use-case for the original fix).
The recently introduced AppArmor profile for forkproxy was blocking users who use UNIX sockets, this has now been fixed.
LXC
On the LXC front, an issue that appeared to make stopping containers fail on systems that don’t have the freezer cgroup has been fixed. And a change was made to lxc-usernsexec that fixes an issue if the setgroups() call fails (which is similar to how it is already handled in the rest of the code base).
Contribute to LXD
Ever wanted to contribute to LXD but not sure where to start?
We’ve recently gone through some effort to properly tag issues suitable for new contributors on Github: Easy issues for new contributors
Upcoming events
- Nothing to report this week
Ongoing projects
The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.
- Distrobuilder Windows support
- Virtual networks in LXD
- Various kernel work
- Stable release work for LXC, LXCFS and LXD
Upstream changes
The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.
LXD
- Network: Adds features.networks project feature for OVN networks
- Network: Adds initial project support to networks
- db: Handle NULL storage_volume description column in patch 34
- Storage: Corrects argument order of mkfs in makeFSType for wider compatibility
- Network: Reverts ovn.name and ovn.ovs_bridge settings and defers network start until after cluster pre-join phase
- instancetarwrite: fix vfs caps and ACL unshifting
- Don’t translate command names
- Initial apparmor profile for qemu
- Storage: Switch to threads locking mode and writeback cache mode for VMs on BTRFS
- Update qemu profile
- Container: Fix export crash when shiftfs is in use
- lxc: Better handle arguments
- AppArmor: Fix invalid aa profile generation when lxd binary has changed/gone
- lxc: Unbundle sortorder
- Images: Handle downloading images from other cluster nodes across projects
- Bash completion
- lxd/instance/qemu: Fix mem device naming
- Improve proxy doc a little
- s/descriptros/descriptors/
- Network: Skip lo interface addresses when deriving a fan overlay address
- lxd/apparmor: Allow unix sockets binding
LXC
- commands: don’t fail if unfreeze fails
- lxc-usernsexec: setgroups() similar to other places shouldn’t fail on…
LXCFS
- Nothing to report this week
Distrobuilder
- Nothing to report this week
Distribution work
This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.
Ubuntu
- Nothing to report this week
Snap
- Cherry-pick some pre-4.6 fixes
- Updated for 4.6
- Cherry-pick upstream bugfixes