-
lxc (3.0.3-0ubuntu1~18.10.1) cosmic; urgency=medium
* New upstream bugfix release (LP: #1804755):
- CONTRIBUTING: Update reference to kernel coding style
- CONTRIBUTING: Link to latest online kernel docs
- CONTRIBUTING: Direct readers to CODING_STYLE.md
- CODING_STYLE: Mention kernel style in introduction
- CONTRIBUTING: Add 'be' to fix grammar
- CODING_STLYE: Simplify explanation for use of 'extern'
- CODING_STLYE: Remove sections implied by 'kernel style'
- CODING_STYLE: Fix non-uniform heading level
- CODING_STYLE: Update section header format
- cmd: Use parenthesis around complex macro
- cmd: Use 'void' instead of empty parameter list
- cmd: Do not use braces for single statement block
- cmd: Fix whitespace issues
- cmd: Use 'const' for static string constant.
- cmd: Remove unnecessary whitespace in string
- cmd: Put trailing */ on a separate line
- cmd: Remove typo'd semicolon
- cmd: Do not use comparison to NULL
- lxc_init: s/SYSDEBUG()/SYSERROR()/g in remove_self
- tools: lxc-attach: add default log priority & cleanups
- tools: lxc-cgroup: add default log priority & cleanups
- tools: lxc-checkpoint: add default log priority & cleanups
- tools: lxc-console: add default log priority & cleanups
- tools: lxc-create: add default log priority & cleanups
- tools: lxc-destroy: add default log priority & cleanups
- tools: lxc-device: add default log priority & cleanups
- tools: lxc-execute: add default log priority & cleanups
- tools: lxc-start: add default log priority & cleanups
- tools: lxc-stop: add default log priority & cleanups
- tools: lxc-freeze: add default log priority & cleanups
- tools: lxc-unfreeze: add default log priority & cleanups
- storage_utils: move duplicated function from tools
- tools: fix lxc-execute command parsing
- lseek - integer overflow
- cmd: lxc-user-nic: change log macro & cleanups
- cmd: lxc-usernsexec reorder includes
- cmd: move declarations to macro.h
- cmd: use utils.{c,h} helpers in lxc-usernsexec
- cmd: simplify lxc-usernsexec
- cmd: use safe number parsers in lxc-usernsexec
- macro: add missing headers
- macro: add macvlan properties
- tools: Indicate container startup failure
- storage: exit() => _exit(). when exec is failed
- tools: lxc-wait: add default log priority & cleanups
- conf: fix path/lxcpath mixups in tty setup
- cmd: use goto for cleanup in lxc-usernsexec
- cmd: Do not reassign variable before it is used
- cmd: Reduce scope of 'count' variable
- cmd: Fix format issues found by clang-format
- list: fix indent
- utils: split into {file,string}_utils.{c,h}
- pam_cgfs: build from the same sources as liblxc
- conf: fix devpts mounting when fully unprivileged
- macro: s/rexit()/_exit()/g
- attach: move struct declaration to top
- macro: move macros from attach.c
- Makefile: don't allow undefined symbols
- autotools: check if compiler is new enough
- log: handle strerror_r() versions
- autotools: add --{disable,enable}-thread-safety
- log: fail build on ENFORCE_THREAD_SAFETY error
- {file,string}_utils: remove NO_LOG
- initutils: remove useless comment
- string_utils: remove unnecessary include
- string_utils: remove unused headers
- string_utils: add remove_trailing_slashes()
- Makefile: remove last pam_cgfs special-casing
- conf: add missing headers
- Fix typo
- ifaddrs: add safe implementation of getifaddrs()
- Makefile: conditionalize ifaddrs.h inclusion
- execute: skip lxc-init logging when unprivileged
- execute: pass /proc/self/fd/<nr>
- tests: cleanup get_item.c
- build: fix musl
- configure: reorder header checks
- compiler: add compiler.h header
- commands: return -1 on lxc_cmd_get_init_pid() err
- tests: add basic.c
- tests: cleanup Makefile
- commands: ensure -1 is sent on EPIPE for init pid
- macro: add LXC_AUDS_ADDR_LEN
- macro: move LXC_CMD_DATA_MAX from commands.h
- macro: add PTR_TO_INT() and INT_TO_PTR()
- macro: add INTTYPE_TO_STRLEN()
- caps: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
- cgfsng: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
- confile: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
- log: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
- lsm: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
- macro: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
- lxccontainer: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
- monitor: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
- network: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
- string_utils: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
- utils: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
- tools: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
- conf: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
- tests: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
- macro: final INTTYPE_TO_STRLEN() related cleanups
- macro: coding style fixes
- Makefile: correctly add ifaddrs to noinst_HEADERS
- start: remove duplicate macros
- caps: move macros to macro header
- string_utils: use UINT64_MAX macro
- tree-wide: use sizeof on static arrays
- Revert "tree-wide: use sizeof on static arrays"
- commands: pass around intmax_t
- commands: assign before converting to pointer
- macro: calculate buffer lengths correctly
- Revert "Revert "tree-wide: use sizeof on static arrays""
- macro: move MS_* macros
- caps: fix illegal access to array bound
- utils: defensive programming
- nl: remove duplicated define
- syntax error: mismatch brace
- commands: better error message
- file_utils: add lxc_recv_nointr()
- commands: switch to setting errno and returning -1
- log: do not clobber errno
- log: save errno on strerror_r()
- tree-wide: s/recv()/lxc_recv_nointr()/g
- file_utils: add lxc_send_nointr()
- tree-wide: s/send()/lxc_send_nointr()/g
- nl: save errno on lxc_netns_set_nsid()
- log: log_append_logfile() add new error path
- lxccontainer: fix dereferenced pointer
- lxc: fix build with --disable-werror
- utils: improve get_ns_uid() and add get_ns_gid()
- utils: improve lxc_switch_uid_gid()
- log: support dlog
- attach: handle id switching smarter
- start: avoid unnecessary syscalls
- utils: make lxc_setgroups() return bool
- utils: make lxc_switch_uid_gid() return bool
- lxccontainer: use correct pid_t type
- conf: remove extra MS_BIND with sysfs:mixed
- network: use correct type in lxc_netns_set_nsid()
- network: add lxc_netns_get_nsid()
- remove unused variables
- file_utils: remove unused function
- network: minor tweaks
- add compile flags for dlog
- log: add common functions
- log: add additional info of dlog
- attach: don't shutdown ipc socket in child
- security: fix too wide or inconsistent non-owner permissions
- attach: report standard shell exit codes
- af_unix: add function to remove duplicated codes for set sockaddr
- lxccontainer: remove locks from set_cgroup_item()
- lxccontainer: remove locks from get_cgroup_item()
- apparmor: account for specified rootfs path (closes #2617)
- conf: realpath() uses null as second parameter to prevent buffer overflow
- start: s/backgrounded/daemonize/g
- cgfsng: mark ops with \_\_cgfsng_ops\_\_ attribute
- autotools: add -Wimplicit-fallthrough
- cgroup: rename container specific cgroup functions
- cgroups: s/fullcgpath/container_full_path/g
- cgroups: add missing string.h include
- cgroups: s/base_cgroup/container_base_path/g
- autotools: fix wrong AX_CHECK_COMPILE_FLAG test
- compiler: s/\_\_fallthrough\_\_/\_\_fallthrough/g
- compiler: s/\_\_noreturn\_\_/\_\_noreturn/g
- cgfsng: s/\_\_cgfsng_ops\_\_/\_\_cgfsng_ops/g
- macro: add STRLITERALLEN() and STRARRAYLEN()
- tree-wide: replace sizeof() with SIZEOF2STRLEN()
- compiler: \_\_attribute\_\_((noreturn)) on bionic
- autotools: support -Wcast-align
- autotools: support -Wstrict-prototypes
- network: add netns_getifaddrs() implementation
- tree_wide: switch to netns_getifaddrs()
- netns_ifaddrs: mark casts as safe
- autotools: fix lxc_user_nic build
- stop: Only freeze if freezer is available
- doc: tweak documentation a little
- cgfsng: set errno to ENOENT on get_hierarchy()
- cgfsng: s/cgfsng_destroy/cgfsng_payload_destroy/g
- cgfsng: s/25/INTTYPE_TO_STRLEN(pid_t)/g
- compiler: fix \_\_noreturn on bionic
- compiler: add \_\_hot attribute
- netns_ifaddrs: fix missing include
- autools: prevent dlog build on stable branch
- tree-wide: fix includes to fix bionic builds
- template: oci template supports for char user info
- btrfs: fix btrfs containers
- oci-template: Add logic for no /etc/passwd, group
- configure: fix -Wimplicit-fallthrough check
- utils: add lxc_setup_keyring()
- autotools: support -z relro and -z now
- netns_ifaddrs: handle IFLA_STATS{64} correctly
- syscall_wrappers: add pivot_root()
- raw_syscalls: add lxc_raw_execveat()
- raw_syscalls: add lxc_raw_clone{_cb}()
- raw_syscalls: add lxc_raw_getpid()
- autotools: fix lxc init build
- autotools: fix lxc-monitord build
- autotools: fix lxc-user-nic build
- autotools: fix lxc-usernsexec build
- tests: add missing build dependencies
- netns_ifaddrs: only use struct rtnl_link_stats64
- cgroups: remove unnecessary line
- netns_iaddrs: remove unused functions
- parse: prefault config file with MAP_POPULATE
- cgfsng: avoid tiny race window
- utils: fix lxc_set_death_signal()
- cgfsng: handle v1 cpuset hierarchy first
- syscall_wrappers: move memfd_create()
- syscall_wrappers: move setns()
- syscall_wrappers: move sethostname()
- syscall_wrappers: move unshare()
- syscall_wrappers: move signalfd()
- raw_syscalls: move lxc_raw_gettid()
- tools: lxc-start: remove unused argument
- tools: lxc-unshare: remove unnecessary initialization
- parse: remove access() check
- parse: report errors when failing config parsing
- macro: add PATH_MAX
- cmd: s/MAXPATHLEN/PATH_MAX/g
- conf: s/MAXPATHLEN/PATH_MAX/g
- confile: s/MAXPATHLEN/PATH_MAX/g
- log: s/MAXPATHLEN/PATH_MAX/g
- lxccontainer: s/MAXPATHLEN/PATH_MAX/g
- macro: s/MAXPATHLEN/PATH_MAX/g
- network: s/MAXPATHLEN/PATH_MAX/g
- pam: s/MAXPATHLEN/PATH_MAX/g
- start: s/MAXPATHLEN/PATH_MAX/g
- terminal: s/MAXPATHLEN/PATH_MAX/g
- utils: s/MAXPATHLEN/PATH_MAX/g
- storage: s/MAXPATHLEN/PATH_MAX/g
- tools: s/MAXPATHLEN/PATH_MAX/g
- attach: reset signal mask
- start: change log level
- file_utils: fix too wide or inconsistent non-owner permissions
- attach: fix missing pthread.h include
- macro: add NETLINK_DUMP_STRICT_CHK
- macro: add SOL_NETLINK
- netns_ifaddrs: check for NETLINK_DUMP_STRICT_CHK
- parse: do not mask failed parse
- test: test invalid config keys
- confile: remove unused variable
- parse: fix uninitialized pointer access
- fix rpm packaging error for static library
- fix post section script error for rpm install
- conf: log prlimit setup
- conf: verify_start_hooks() after lxc.mount.entry
- checkpoint: fix running do_dump()
- monitor: log cleanups
- monitor: checking name too long to make monitor sock name
- commands_utils: improve code redundancy to make abstract unix socket name
- monitor: fix coding standard
- autools: use -fno-strict-aliasing
- checkconfig: Handle missing kernel version
- lxc-init: log to /dev/console
- autotools: fix --disable-commands builds
- string_utils: fix global buffer overflow issue
- include: simplify strlcpy()
- raw_syscalls: ensure function always returns value
- confile: fix append_unexp_config_line()
- parse: protect against config updates during parse
- parse: fix uninitialized value
- tree-wide: coding style fixes
- start: simplify
- autotools: compiler based hardening
- coverity: update .travis.yml
- coverity: update .travis.yml
- coverity: update .travis.yml
- coverity: update .travis.yml
- coverity: update .travis.yml
- confile: do not overwrite global variable
- commands: simplify
- cgfsng: move increment out of branch
- monitord: do not hide global variable
- tools/lxc_copy: do not hide global variable
- tools/lxc_top: do not hide global variable
- tools/lxc_info: do not hide global variable
- state: remove tautological check
- conf: remove tautological check
- conf: use O_CLOEXEC in lxc_pivot_root()
- conf: remove tautological check
- lxccontainer: remove check from goto target
- start: prevent values smaller 0
- tools/lxc_stop: use correct check
- cmd/lxc_init: do not hide global variable
- coverity: #1440391
- coverity: #1440389
- coverity: #1426130
- storage_utils: add error handling
- storage_utils: cleanups
- storage_utils: use _exit() instead of exit() in child process
- parse: cleanups
- dlog: inherit dlog fds
- spelling: allocate
- spelling: ambiguous
- spelling: answer
- spelling: architecture
- spelling: array
- spelling: asynchronous
- spelling: backingstorage
- spelling: capabilities
- spelling: character
- spelling: checkpoint
- spelling: comma
- spelling: command
- spelling: committer
- spelling: configuration
- spelling: constant
- spelling: container
- spelling: control
- spelling: convenience
- spelling: could
- spelling: describing
- spelling: device
- spelling: exiting
- spelling: explicitly
- spelling: feature
- spelling: github
- spelling: hierarchy
- spelling: hoops
- spelling: ifindices
- spelling: implementations
- spelling: inherited
- spelling: initialize
- spelling: javascript
- spelling: keepdata
- spelling: libraries
- spelling: loglevel
- spelling: namespace
- spelling: otherwise
- spelling: output
- spelling: overlayfs
- spelling: overridden
- spelling: override
- spelling: passphrase
- spelling: perhaps
- spelling: pertains
- spelling: portion
- spelling: potentially
- spelling: returns
- spelling: root
- spelling: securityfs
- spelling: snapshotting
- spelling: specified
- spelling: specify
- spelling: subtracting
- spelling: successfully
- spelling: syscall
- spelling: timeout
- spelling: unsigned
- spelling: userns
- spelling: without
- lxcmntent: coding rules
- string_utils: coding rules
- log: fix too wide or inconsistent non-owner permissions
- coverity: move to separate branch
- include: correctly include macro.h
- Fix spacing error in namespace.c
- caps: replace read with lxc_read_nointr
- log: replace write with lxc_write_nointr
- dlog: move match_dlog_fds()
- conf: s/ty/tty/g
- pam_cgfs: remove redundancy file utils
- cgfs: remove redundancy utils
- pam_cgfs: remove dependency from cap & log
- utils: fix coding styles
- utils: add errno logs for exception case
- Adds -qq flags to lvcreate commands
- utils: make keyring allocation failure non-fatal
- autotools: fix lxc-{create,copy} build
- cgfsng: remove freezer requirement
- start: don't call cgroup_exit() twice
* Bump standards to 4.2.0
- Update lintian overrides
-- Stéphane Graber <email address hidden> Thu, 22 Nov 2018 23:49:34 -0500
-
lxc (3.0.2-0ubuntu4) cosmic; urgency=medium
* Cherry-pick upstream fixes:
- 0024-commands-return-1-on-lxc_cmd_get_init_pid-err.patch
-- Stéphane Graber <email address hidden> Sat, 25 Aug 2018 00:49:17 -0400
-
lxc (3.0.2-0ubuntu3) cosmic; urgency=medium
* Run autoreconf during autopkgtest.
-- Stéphane Graber <email address hidden> Fri, 24 Aug 2018 15:24:19 -0400
-
lxc (3.0.2-0ubuntu2) cosmic; urgency=medium
* Cherry-pick upstream fixes:
- 0022-execute-skip-lxc-init-logging-when-unprivileged.patch
- 0023-execute-pass-proc-self-fd-nr.patch
-- Stéphane Graber <email address hidden> Thu, 23 Aug 2018 12:33:49 -0400
-
lxc (3.0.2-0ubuntu1) cosmic; urgency=medium
* New upstream bugfix release (LP: #1788457):
- CVE 2018-6556: verify netns fd in lxc-user-nic
- fixed a range of bugs found by Coverity
- lxc-usernsexec: cleanup and bugfixes
- log: add CMD_SYSINFO()
- log: add CMD_SYSERROR()
- state: s/sleep()/nanosleep()/
- lxclock: improve file locking
- lxccontainer: improve file locking
- lxccontainer: fix F_OFD_GETLK checks
- netlink: add __netlink_{send,recv,transaction}
- netns: allocate network namespace id
- MAINTAINERS: add Wolfgang Bumiller
- pam_cgfs: cleanups
- log: add default log priority
- tree-wide: pass unsigned long to prctl()
- macro: add new macro header
- conf: mount devpts without “max” on EINVAL
- tree-wide: handle EINTR in read() and write()
- tree-wide: replace pipe() with pipe2()
- confile: split mount options into flags and data
- conf: improve rootfs setup
- autotools: default to -Wvla -std=gnu11
- tree-wide: remove VLAs
- tree-wide: replace strtok_r() with lxc_iterate_parts()
- utils: add lxc_iterate_parts()
- apparmor: allow start-container to change to lxc-**
- apparmor: update current profiles
- apparmor: Allow /usr/lib* paths for mount and pivot_root
- conf: the atime flags are locked in userns
- conf: handle partially functional device nodes
- conf: create /dev directory
- autotools: build both a shared and static liblxc
- namespace: add api to convert namespaces to standard identifiers
- tree-wide: set MSG_NOSIGNAL
- tree-wide: use mknod() to create dummy files
- cgfsng: respect lxc.cgroup.use
- cgroups: remove is_crucial_cgroup_subsystem()
- tree-wide: remove unneeded log prefixes
- tests: cleanup all tests
- terminal: set FD_CLOEXEC on pty file descriptors
- conf: simplify lxc_setup_dev_console()
- tools: rework tools
- autodev: adapt to changes in Linux 4.18
- log: change DEBUG, INFO, TRACE, NOTICE macro using strerror to SYS* macro
- log: add lxc_log_strerror_r macro
- network: unpriv lxc will run lxc.net.[i].script.up now
- conf: only use newuidmap and newgidmap when necessary
- autotools: support tls in cross-compile
* Cherry-pick upstream fixes:
- 0002-tools-fix-lxc-execute-command-parsing.patch
- 0003-lseek-integer-overflow.patch
- 0004-cmd-lxc-usernsexec-reorder-includes.patch
- 0005-cmd-move-declarations-to-macro.h.patch
- 0006-cmd-use-utils.-c-h-helpers-in-lxc-usernsexec.patch
- 0007-cmd-simplify-lxc-usernsexec.patch
- 0008-cmd-use-safe-number-parsers-in-lxc-usernsexec.patch
- 0009-tools-Indicate-container-startup-failure.patch
- 0010-conf-fix-path-lxcpath-mixups-in-tty-setup.patch
- 0011-cmd-use-goto-for-cleanup-in-lxc-usernsexec.patch
- 0012-utils-split-into-file-string-_utils.-c-h.patch
- 0013-pam_cgfs-build-from-the-same-sources-as-liblxc.patch
- 0014-conf-fix-devpts-mounting-when-fully-unprivileged.patch
- 0015-macro-s-rexit-_exit-g.patch
- 0016-Makefile-don-t-allow-undefined-symbols.patch
- 0017-autotools-check-if-compiler-is-new-enough.patch
- 0018-log-handle-strerror_r-versions.patch
- 0019-autotools-add-disable-enable-thread-safety.patch
- 0020-log-fail-build-on-ENFORCE_THREAD_SAFETY-error.patch
- 0021-macro-add-missing-headers.patch
* Bump standards to 4.2.0
- Update lintian overrides
* Include new .a file into liblxc-dev
* Override GPG keyserver in autopkgtest
-- Stéphane Graber <email address hidden> Wed, 22 Aug 2018 11:26:07 -0400
-
lxc (3.0.1-0ubuntu2) cosmic; urgency=medium
* SECURITY UPDATE: lxc-user-nic allows for open() of arbitrary paths
(LP: #1783591)
- Ensure that the provided path is a netns reference
- CVE-2018-6556
-- Stéphane Graber <email address hidden> Wed, 01 Aug 2018 00:03:10 -0400
-
lxc (3.0.1-0ubuntu1) cosmic; urgency=medium
* New upstream bugfix release:
- tools: fix unitialized variable
- storage: fix lvm fs uuid generation
- lxc-oci: fix Cmd/Entrypoint parsing
- lxc-oci: make umoci less verbose
- lxclock: use thread-safe OFD fcntl() locks
- locktests: fix test suite
- conf: ensure umounts don’t propagate to host
- doc: Tweak Japanese translation in lxc.container.conf(5)
- fix signal sending in lxc.init
- rootfs pinning: On NFS, make file hidden but don’t delete it
- conf: fix temporary file creation
- ringbuf: fix temporary file creation
- Fix compilation with static libcap and shared gnutls
- attach: always drop supplementary groups
- lxc init: remove dead code
- storage/rsync: free memory on error
- tools/utils: free memory on error
- lxc init: coding style
- utils: define __NR_setns if missing on old glibcs
- attach: try to always drop supplementary groups
- conf: ret-try devpts mount without gid=5 on error
- execute: fix app containers without root mapping
- conf: fix net type checks in run_script_argv()
- seccomp: handle arch inversion
- seccomp: handle all errors
- seccomp: cleanup compat architecture handling
- seccomp: improve logging
- tools: document -d/–daemonize for lxc-execute
- seccomp: non-functional changes
- seccomp: handle arch inversion II
- lxc-oci: mkdir the download directory
- do_lxcapi_create: set umask
- lxc/tools/lxc_monitor: include missing <stddef.h>
- pam-cgfs: ignore the system umask when creating the cgroup hierarchy
- Also pass action scripts to CRIU on checkpointing
- Fix the memory leak in cgfsng_attach
- Fix memory leak in list_active_containers
- Fix tool_utils.c build when HAVE_SETNS is unset
- coverity: #1435210
- coverity: #1435208
- coverity: #1435207
- coverity: #1435206
- coverity: #1435205
- coverity: #1435203
- coverity: #1435200
- coverity: #1435198
- coverity: #1426734
- lxccontainer: non-functional changes
- lxccontainer: use thread-safe OFD locks
- lxccontainer: non-functional changes
- lxccontainer: do_lxcapi_is_running()
- lxccontainer: do_lxcapi_freeze()
- lxccontainer: do_lxcapi_unfreeze()
- lxccontainer: non-functional changes
- lxccontainer: use thread-safe open() + write()
- lxccontainer: non-functional changes
- lxccontainer: non-functional changes
- lxccontainer: non-functional changes
- coverity: #1435263
- fix logic for execute log file
- utils: add LXC_PROC_PID_FD_LEN
- execute: use static buffer
- execute: do not check inherited fds again
- add some TRACE/ERROR reporting
- execute: account for -o path option count
- execute: set init_path when existing init is found
- genl: remove
- coverity: #1248104
- coverity: #1248105
- coverity: #1425744
- utils: account for terminating \0 byte
- confile: satisfy gcc-8
- network: silence gcc-8
- network: adhere to IFNAMSIZ limit
- support case ignored suffix for sizes
- utils: fix parse_byte_size_string() coding style
- strlcpy: add strlcpy() implementation
- tree-wide: s/strncpy()/strlcpy()/g
- CODING_STYLE: add section about using strlcpy()
- tools: s/strncpy()/strlcpy()/g
- Revert “tools: s/strncpy()/strlcpy()/g”
- tools: s/strncpy()/memcpy()/
- doc: Add “-d/–daemon” option to Japanese lxc-execute(1)
- doc: Fix size unit style in Japanese lxc.container.conf(5)
- coverity: #1435604
- coverity: #1435603
- coverity: #1435602
- coverity: #1425844
- config: allow read-write /sys in user namespace
- coverity: #1425836
- coverity: #1248106
- capabilities: raise ambient capabilities
- coverity: #1425802
- cgroups: refactor cgroup handling
- cgroups: remove freezer_state()
- seccomp: #ifdef SCMP_ARCH_AARCH64
- conf: simplify write_id_mapping()
- log: enable per-thread container name prefix
- lxc-init: skip signals that can’t be caught
- execute: use execveat() syscall if supported
- tools: only create log file when requested
- seccomp: fix off-by-one error in array allocation for sscanf
- seccomp: remove confusing comment line
- seccomp: remove unnecessary memset
- seccomp: fix type mismatch when parsing syscall arguments filters
- lxcseccomp: cleanup header
- seccomp: parse_config_v1()
- utils: add remove_trailing_newlines()
- seccomp: get_v2_default_action()
- seccomp: get_action_name()
- seccomp: get_v2_action()
- seccomp: fix get_seccomp_arg_value()
- seccomp: parse_v2_rules()
- seccomp: move #ifdefines
- seccomp: get_hostarch()
- seccomp: scmp_filter_ctx get_new_ctx()
- seccomp: do_resolve_add_rule()
- seccomp: parse_config_v2()
- seccomp: parse_config()
- seccomp: lxc_read_seccomp_config()
- tree-wide: s/sigprocmask/pthread_sigmask()/g
- utils: fix task_blocking_signal()
- lxccontainer: fix fd leaks when sending signals
- confile: order architectures
- start: log setns() failure
- seccomp: leak fixup
- seccomp: re-add action parse error handling
- seccomp: refactor line handling of parse_config
- seccomp: error on unrecognized actions
- seccomp: lxc_read_seccomp_config()
- seccomp: parse_v2_rules()
- seccomp: make do_resolve_add_rule() more strict
- tools: fix lxc-create with global config value
- tools: fix lxc-create with global config value II
- coverity: #1435806
- coverity: #1435805
- coverity: #1435803
- coverity: #1435747
- conf: non-functional changes
- conf: make is_execute a boolean
- conf: non-functional changes
- conf: make close_all_fds a boolean
- conf: reshuffle mount members
- conf: simplify tty handling
- conf: pts -> pty_max
- conf: non-functional changes
- utils: fix task_blocking_signal()
- network: fix socket handle leak
- start: do not init ns_clone_flags to -1
- conf: ensure lxc_delete_tty() does not crash
- start: add reboot macros
- conf: make root idmap structs const
- conf: make tmp_umount_proc bool
- conf: non-functional changes
- conf: va_end was not called.
- confile: improve strprint()
- change defines for return value of handlers
- start: fix waitpid() blocking issue
- start: log unknown info.si_code
- tree-wide: fix mode of some files
- confile_utils: apply strprint()
- templates: actually create DOWNLOAD_TEMP directory
- templates: fix download template
- Patch lxc-update-config
* Bump standard to 4.1.4
-- Stéphane Graber <email address hidden> Tue, 05 Jun 2018 17:05:49 -0400
-
lxc (3.0.0-0ubuntu2) bionic; urgency=medium
* Add missing breaks/replaces for lxc-init moving from lxc1 to
liblxc-common (LP: #1760609).
-- Stéphane Graber <email address hidden> Mon, 02 Apr 2018 11:56:45 -0400
