Weekly status for the week of the 30th of July to the 5th of August.
Introduction
A lot has happened this week, we started by switching dqlite implementation in LXD to the new one @freeekanayaka has been working on for the past few months.
This required changes to our CI, packaging and Makefile to handle it but the result is up to 10x database performance in some cases (mostly for clusters).
We followed that up with quite a few bugfixes, including better handling for host shutdown in clusters, spent a while figuring out how to handle file capabilities during remapping and added progress reporting to a few more lxc subcommands.
On the LXC side, we’ve been busy preparing for a security update, more details below and doing a number of other bugfixes.
@brauner also wrote a blog post about file capabilities on Linux and in containers.
LXC security issue (CVE-2018-6556)
A security fix for LXC was released earlier today, this affects:
- LXC 2.0.9 and higher
- LXC 3.0.0 and higher
Description of the issue:
lxc-user-nic (setuid) when asked to delete a network interface will
unconditionally open a user provided path.This code path may be used by an unprivileged user to check for
the existence of a path which they wouldn’t otherwise be able to reach.It may also be used to trigger side effects by causing a (read-only) open
of special kernel files (ptmx, proc, sys).
This was reported to us by Matthias Gerstner from SUSE and @brauner on the LXC team took care of finding a workable solution and
preparing the needed updates.
Fixes:
- stable-2.0: CVE 2018-6556: verify netns fd in lxc-user-nic · lxc/lxc@5eb4542 · GitHub
- stable-3.0: CVE 2018-6556: verify netns fd in lxc-user-nic · lxc/lxc@c1cf54e · GitHub
- master: CVE 2018-6556: verify netns fd in lxc-user-nic · lxc/lxc@f26dc12 · GitHub
Linux distributions were privately notified with about a week notice and
so should have security updates ready for this already, or will shortly.
We will not be issuing emergency release tarballs for this issue so if
you’re maintaining your own build, you should be cherry-picking one of
the fixes above. We do however intend to release LXC 3.0.2 very shortly
which will include this fix among other traditional bugfixes.
References:
- Bug #1783591 “lxc-user-nic allows unprivileged users to open arb...” : Bugs : lxc package : Ubuntu
- 988348 – (CVE-2018-6556) VUL-0: CVE-2018-6556: lxc: enable setuid bit on lxc-user-nic
Upcoming conferences and events
- Open Source Summit North America - Vancouver, BC (August 29-31)
- Linux Plumbers Conference - Vancouver, BC (November 13-15)
Getting started with LXD workshop in Vancouver
@brauner and @stgraber will be giving a “Getting started with LXD” workshop as part of the Open Source Summit North America conference in Vancouver, BC.
Details can be found here: http://sched.co/FANz
Ongoing projects
The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.
- LXD projects
- Add support for custom volume snapshots
- Improve integration with macaroon/candid
- Switching distribution building over to distrobuilder
- Improved clustering performance
- Various kernel work
- Stable release work for LXC, LXCFS and LXD
Upstream changes
The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.
LXD
- Switched to the new dqlite implementation
- Fixed bad argument parsing in
lxc storage - Fixed logging in new dqlite implementation
- Improved shutdown logic for cluster nodes
- Tweaked Makefile to support downloading dependencies
- Fixed support for --syslog in LXD
- Fixed handling of xattrs in tar/rsync
- Fixed snapshot deletion logic to not flush DHCP leases
- Tweaked xattrs logic when extracting tarballs
- Added logic to shift fscaps
- Fixed some typos in LXD cluster errors
- Switched
lxd initto using the new cluster join API - Tweaked fscaps shifting logic to deal with big endian systems
- Renamed
lxc remote set-defaulttolxc remote switchand reworked cluster targeting in client - Added progress reporting to
lxc fileandlxc import - Fixed xattr.h import to work on more distributions
LXC
- Added a default log priority and cleaned up some logging code
- Updated the Japanese documentation of network type=none
- Fixed a coverity-identified issue
- Moved macros to a single header file
- Fixed argument handling to prctl
- Fixed a few more coverity-identified issues
- Fixed an endless loop in the busybox template
- Released security fixes for CVE-2018-6556
LXCFS
- Nothing to report this week
Distrobuilder
- Nothing to report this week
Distribution work
This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.
Ubuntu
- Nothing to report this week
Snap
- Fixed a number of issues related to core snap updates
- Updated to new dqlite API
- Added basic support for overriding LXD_DIR
- Fixed timezone handling