LXD Weekly Status 12
Stéphane Graber
on 28 August 2017
This article originally appeared at the Linux Containers forum
Introduction
This week saw the release of LXD 2.17 and it’s now quickly rolling out to our users.
We’re still very busy with preparation work for LXC 2.1 with a tentative release date of Monday next week.
A lot of work has gone into our snap package, including Open vSwitch support, a number of new configuration options and debug options. We’ve issued a Call for testing on Friday and effectively consider our snap package to be equivalent to our traditional native package.
The rest of the week was spent working on bugfixes and various code refactoring as needed by current feature work.
Open Source Summit Europe
Christian Brauner (@brauner) and Stéphane Graber (@stgraber) will both be present at the Open Source Summit Europe in Prague this October.
We have a number of LXD and system containers talk there too!
- “Mixing CGroup v1 and CGroup v2” by Christian
- “System containers” by Christian
- “Containers in a hostile environment” by Stéphane
- “GPU, USB, NICs and other physical devices in containers” by Stéphane
Upcoming conferences
- Open Source Summit North America (Los Angeles, September 2017)
- Linux Plumbers (Los Angeles, September 2017) (CFP for Linux Plumbers)
- Linux Security Summit (Los Angeles, September 2017)
- Open Source Summit Europe (Prague, October 2017)
Ongoing projects
The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.
- External authentication support for LXD servers
- LXD performance measurement and regression tracking
- Preparation for LXC 2.1
- Snap package improvements.
Upstream changes
The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.
LXD
- Refactored more internal code.
- Added support for the renamed “lxc.idmap” liblxc key.
- Fixed host path handling when running in a snap environment.
- Fixed device ordering in generated liblxc configuration.
- Added a link to the release notes to our README.
- Updated our Docker in LXD documentation.
- Fixed a race in static leases configuration.
- Fixed “lxd” group handling when /etc/group has a lot of members.
- Fixed a bug preventing LXD live migration.
- Added support for the mainline apparmor namespace syntax.
LXC
- More LXC 2.1 preparation work1.
- Added support for a new “lxc.cgroup.dir” configuration option1.
- Changed the Debian template to use deb.debian.org by default.
LXCFS
- Nothing to report this week
Distribution work
This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.
Ubuntu
- LXD 2.0.10-0ubuntu1~ubuntu16.04.2 was uploaded to Ubuntu 16.04 in the “proposed” pocket. This fixes an issue in the image updating code. The package will be released to all Ubuntu 16.04 LTS users on Tuesday.
- LXD 2.17-0ubuntu1 was uploaded to Ubuntu 17.10 and our PPAs. This is the initial upload for the new LXD 2.17 release.
- LXD 2.17-0ubuntu2 was uploaded to Ubuntu 17.10 and our PPAs. This contains a number of bugfixes which were included upstream after the 2.17 release.
- LXCFS 2.0.7-0ubuntu5 was uploaded to Ubuntu 17.10 and our PPAs. This was a packaging-only upload with no user visible changes in content.
- LXC 2.0.8-0ubuntu6 was uploaded to Ubuntu 17.10 and our PPAs. This adds support for mixed cgroup configurations as needed by recent systemd releases.
Snap
- Open vSwitch support was added.
- Log output was cleaned up a bit.
- When moving from a kernel with partial AppArmor support back to a fully supported kernel, the lxc.aa_allow_incomplete is now automatically cleared.
- Our internal copy of /etc is now using the same generation code as we use for /run
- A number of configuration options are now available through “snap set”.
- Fixed some permission problems with the “lxc” command.
- Reworked a number of our wrappers to use a common structure.
- Updated the systemd restart condition to match the Debian package.
- Bumped the startup timeout all the way to 10min (to allow for long SSL generation and container startup).
- Added support for “systemctl reload snap.lxd.daemon”.
- Made it possible to temporarily override the LXD binary used by the snap.
This will be used for the custom debug binaries we sometimes provide our users. - Fixed lxcfs integration when using nested containers.
- Updated our detection code to properly detect snap auto-updates.
Ubuntu cloud
Ubuntu offers all the training, software infrastructure, tools, services and support you need for your public and private clouds.
Newsletter signup
Related posts
A comprehensive guide to NIS2 Compliance: Part 2 – Understanding NIS2 requirements
In my previous blog, we ran through what NIS2 is and who it applies to. In this second part of the series, I’ll break down the main requirements you’ll find...
A comprehensive guide to NIS2 Compliance: Part 1 – Understanding NIS2 and its scope
The EU NIS2 directive, which calls for strengthening cybersecurity across the European Union, is now active in all member states. Join me for this 3-part blog...
Rsync remote code execution and related vulnerability fixes available
Canonical’s security team has released updates of the rsync packages for all supported Ubuntu releases. The updates remediate CVE-2024-12084, CVE-2024-12085,...