lxc (1:4.0.6-0ubuntu1) hirsute; urgency=medium
* New upstream bugfix release (4.0.6):
- Improve handling for compatibility architectures for seccomp
- Harden seccomp notifier implementation
- Rework parsing of /proc/<pid>/mountinfo to handle kernel regression
- Improve network device restoration
- Significantly cleanup and harden config file parsing
- Support new capabilities CAP_PERFORM, CAP_BPF, and CAP_CHECKPOINT_RESTORE
- Harden containers started without CAP_NET_ADMIN
* New upstream bugfix release (4.0.5):
- Support allocating PTS devices from within the container
- Harden more path/mount handling logics
- Rework LSM logic to limit initializer use
* Cherry-pick upstream fixes:
- 0002-commands-fix-check-for-seccomp-notify-support.patch
- 0003-configure-skip-libseccomp-tests-if-it-is-disabled.patch
- 0004-conf-fix-containers-retaining-CAP_NET_ADMIN.patch
- 0005-cgroups-fix-cgroup-mounting.patch
- 0006-lsm-remove-obsolute-comment-about-constructor.patch
- 0007-lxc_attach-include-rexec-conditionally.patch
- 0008-tree-wide-fix-some-header-inclusions.patch
- 0009-initutils-fix-missing-includes.patch
- 0010-configure-support-static-binaries.patch
- 0011-autotools-enable-static-builds-for-tools.patch
- 0012-autotools-enable-static-builds-for-commands.patch
- 0013-tree-wide-fix-compilation-with-Wstrict-prototypes-Wo.patch
- 0014-config-update-ax_pthread.m4.patch
- 0015-configure-add-AC_SYS_LARGEFILE-checking.patch
- 0016-autotools-update-build.patch
- 0017-file_utils-introduce-read_file_at.patch
- 0018-string_utils-add-must_make_path_relative.patch
- 0019-cgroups-coding-style-fixes.patch
- 0020-cgroups-rework-cg_unified_init.patch
- 0021-cgroups-detect-and-record-cgroup2-freezer-support.patch
- 0022-criu-handle-cgroup2-freezer.patch
- 0023-mkdir-p-proc-sys-on-container-startup.patch
- 0024-conf-fix-coding-style.patch
- 0025-conf-coding-style-fixes.patch
- 0026-conf-move-proc-and-sys-mountpoint-creation-int-lxc_m.patch
- 0027-attach-invert-child-parent-handling.patch
- 0028-attach-use-__do_free-cleanup-macro-for-cwd.patch
- 0029-attach-tweak-logging.patch
- 0030-attach-use-__do_close-for-labelfd.patch
- 0031-attach-coding-style-fixes.patch
- 0032-attach-use-free_disarm.patch
- 0033-attach-s-attach_child_main-do_attach-g.patch
- 0034-attach-mark-do_attach-as-__noreturn.patch
- 0035-attach-make-do_attach-void.patch
- 0036-attach-use-close_prot_errno_disarm.patch
- 0037-attach-add-some-DEBUG-logging-to-stdfd-dpulication.patch
- 0038-cgroups-fix-cgroup-mounting.patch
- 0039-utils-fix-mount_at.patch
- 0040-configure-fix-static-builds-with-clang-12-and-LTO.patch
- 0041-cgroups-bpf-fixes.patch
- 0042-croups-improve-__do_bpf_program_free.patch
- 0043-cgroups-coding-style-fixes.patch
- 0044-cgroups-don-t-initiliaze-NULL-log.patch
- 0045-cgroups-ensure-all-memory-is-zeroed.patch
- 0046-cgroups-use-zalloc.patch
- 0047-cgroups-tweak-cgroup-initialization.patch
- 0048-log-remove-pointless-inline.patch
- 0049-log-add-lxc_log_get_fd.patch
- 0050-seccomp-use-lxc_log_get_fd.patch
- 0051-log-rework-lxc_log_get_level.patch
- 0052-seccomp-use-lxc_log_get_level.patch
- 0053-cgroups-use-bpf-log-when-logging-at-trace-level.patch
- 0054-log-add-lxc_log_trace-helper.patch
- 0055-cgroups-use-PTR_TO_U64.patch
- 0056-cgroups-align-methods.patch
- 0057-utils-use-SYSTRACE-when-logging-stdio-permission-fix.patch
- 0058-attach-log-failues-to-dup2-with-SYSDEBUG.patch
- 0059-attach-fix-logging-for-stdfd-replacement.patch
- 0060-attach-fix-error-checking-for-dup2.patch
- 0061-cgroups-initialize-variable.patch
- 0062-commands_utils-don-t-leak-memory.patch
- 0063-conf-use-lxc_log_trace.patch
- 0064-confile_utils-use-lxc_log_trace.patch
- 0065-rexec-check-lseek-return-value.patch
-- Stéphane Graber <email address hidden> Thu, 11 Feb 2021 16:34:13 -0500
