Weekly status #184


Weekly status for the weeks of the 1st of February to the 7th of February.

Introduction

The highlight of the past week was the release of both LXD 4.11 and LXD 4.0.5 LTS

The LXD 4.0.5 release is part of the 4.0 LTS series which is supported until June 2025.
Please see the release notes for more information.

LXD

In addition to the releases, there has also been a focus on API improvements, with the following changes:

  • Storage volume state API was added and associated usage column in lxc storage volume list command. See LXD 4.11 release notes notes for more info.
  • The /1.0/storage-pools/{pool}/volumes/{type}/{name} API endpoint now no longer accepts modifying a snapshot volume’s description. This is a left over behaviour from an earlier version of the lxc client tool. Instead to edit a snapshot volume’s description one should use the /1.0/storage-pools/{pool}/volumes/{type}/{name}/snapshots/{snapshotName} API endpoint.
  • The URLs generated by LXD for downloading images have been sanitised to improve compatibility with third party image servers (such as S3).
  • The LXD client package has had SetInstanceMetadata renamed to UpdateInstanceMetadata to align with other function names, and UpdateInstanceTemplateFile has been removed, as CreateInstanceTemplateFile is equivalent.
  • Missing PATCH API endpoints have been implemented.
  • Improvements to PCI and USB address parsing in the resources API.

On the VM front we have also added improvements for our Qemu QMP protocol handling to lay the foundations for stateful stop of a VM, as well as fixing a crash with virtiofsd when sharing a directory between the host and a VM with CPU limits in place due to an inconsistent use of ram and memfd.

An improvement to the LXD container’s default seccomp filter was added to block openat2 syscalls when seccomp syscall supervision is enabled. And a potential scenario where LXD could leave zombie processes around when an attach to a container fails has been fixed.

LXC

Work has started to switch all of LXC to only operate on file descriptors instead of paths whenever possible. This work will be ongoing over a couple of weeks or months and will focus on making extensive use of the new lookup restrictions that openat2() provides. The goal is to enable LXC to always do lookups and file or directory creations relative to a well-known and safe starting point and scope all further path resolution beneath this safe starting point, returning an error when an escape is detected. Part of this work is the switch to the new mount api which allows for file-descriptor based mounting.

Youtube channel

We’ve started a Youtube channel with live streams covering LXD releases and its use in the wider ecosystem.

You may want to give it a watch and/or subscribe for more content in the coming weeks.

Contribute to LXD

Ever wanted to contribute to LXD but not sure where to start?
We’ve recently gone through some effort to properly tag issues suitable for new contributors on Github: Easy issues for new contributors

Upcoming events

  • Nothing to report this week

Ongoing projects

The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.

  • Distrobuilder Windows support
  • Virtual networks in LXD
  • Various kernel work
  • Stable release work for LXC, LXCFS and LXD

Upstream changes

The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.

LXD

LXC

LXCFS

  • Nothing to report this week

Distrobuilder

  • Nothing to report this week

Distribution work

This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.

Ubuntu

  • Nothing to report this week

Snap

  • lxd: Bump to 4.11
  • libnftnl: Bump to 1.1.9
  • nftables: Bump to 0.9.8
  • nvidia: Bump to 1.3.2
  • ovs: Bump to 2.14.1
  • sqlite: Bump to 3.34.1
  • squashfs: Bump to 1.0.4
  • zfs: Bump to 2.0.2
  • lxd: Cherry-pick upstream bugfixes