Weekly status for the weeks of the 22nd to the 28th of April.
Introduction
This past week saw the completion of our integration work between LXD and Canonical’s RBAC (Role Based Access Control) service.
We also started the integration work between LXD and LXC’s new seccomp notifier so we can selectively intercept and process select system calls in LXD.
The cluster API also got a small extension to allow for direct copy of containers within a cluster without the need to externally initiate a migration. This will make many container copies faster on clusters.
On the LXC side, some work is happening to add more networking options, this led to a number of bugfixes and improvements to the existing networking code, including fixing some of the networking hooks and adding support for routes to containers.
The main focus now is on finishing a few remaining features and performance improvements ahead of LXD 3.13 next week.
Ongoing projects
The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.
- Rework of internal LXD storage handling
- Syscall interception in LXC/LXD
- Dqlite 1.0
- Various kernel work
- Stable release work for LXC, LXCFS and LXD
Upstream changes
The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.
LXD
- Added support for Canonical RBAC
- Cleaned up handling of API endpoints
- Added some missing packages to our documentation
- Added detection logic for the seccomp userspace notification
- Fixed feature negotiation in migration
- Cleaned up more API endpoints
- Replaced old Command internal struct with APIEndpoint
- Updated more API endpoints
- Fixed cluster image replication across projects
- Improved UUID regeneration on CEPH
- Added support for direct
copy
within a cluster - Made adding certificates more robust
- Fixed
lxc copy
to not strip volatile keys on refresh - Fixed handling of snapshot settings in profiles
LXC
- Added initial support for the seccomp user notification target
- Fixed ‘zfs get’ command order
- Added veth static routes feature
- Fixed a little typo in an error message
- Added hook handling for vlan network type
- Fixed vlan hook script
- Updated .gitignore to ignore test build artefacts
- Cleaned up some of the current seccomp logic
- Fixed a bug in macvlan mode selection
- Added missing doc entries for seccomp related API extensions
- Made some routing functions static
- Fixed some bugs with the seccomp notifier
LXCFS
Distrobuilder
Distribution work
This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.
Ubuntu
- Nothing to report this week
Snap
- Added xfs_repair to the snap