Package "lxc"
| Name: |
lxc
|
Description: |
Transitional package - lxc -> lxc-utils
|
| Latest version: |
3.0.3-0ubuntu1~18.04.3 |
| Release: |
bionic (18.04) |
| Level: |
updates |
| Repository: |
universe |
| Homepage: |
https://linuxcontainers.org |
Links
Download "lxc"
Other versions of "lxc" in Bionic
Packages in group
Deleted packages are displayed in grey.
Changelog
|
lxc (3.0.3-0ubuntu1~18.04.3) bionic; urgency=medium
* Fix tests issue by avoiding falling back to inexistent trusty LXC images
and using the bionic ones (LP: #1939537)
|
| Source diff to previous version |
| 1939537 |
Tests in ubuntu_lxc failed with \ |
|
|
lxc (3.0.3-0ubuntu1~18.04.1) bionic; urgency=medium
* New upstream bugfix release (LP: #1804755):
- CONTRIBUTING: Update reference to kernel coding style
- CONTRIBUTING: Link to latest online kernel docs
- CONTRIBUTING: Direct readers to CODING_STYLE.md
- CODING_STYLE: Mention kernel style in introduction
- CONTRIBUTING: Add 'be' to fix grammar
- CODING_STLYE: Simplify explanation for use of 'extern'
- CODING_STLYE: Remove sections implied by 'kernel style'
- CODING_STYLE: Fix non-uniform heading level
- CODING_STYLE: Update section header format
- cmd: Use parenthesis around complex macro
- cmd: Use 'void' instead of empty parameter list
- cmd: Do not use braces for single statement block
- cmd: Fix whitespace issues
- cmd: Use 'const' for static string constant.
- cmd: Remove unnecessary whitespace in string
- cmd: Put trailing */ on a separate line
- cmd: Remove typo'd semicolon
- cmd: Do not use comparison to NULL
- lxc_init: s/SYSDEBUG()/SYSERROR()/g in remove_self
- tools: lxc-attach: add default log priority & cleanups
- tools: lxc-cgroup: add default log priority & cleanups
- tools: lxc-checkpoint: add default log priority & cleanups
- tools: lxc-console: add default log priority & cleanups
- tools: lxc-create: add default log priority & cleanups
- tools: lxc-destroy: add default log priority & cleanups
- tools: lxc-device: add default log priority & cleanups
- tools: lxc-execute: add default log priority & cleanups
- tools: lxc-start: add default log priority & cleanups
- tools: lxc-stop: add default log priority & cleanups
- tools: lxc-freeze: add default log priority & cleanups
- tools: lxc-unfreeze: add default log priority & cleanups
- storage_utils: move duplicated function from tools
- tools: fix lxc-execute command parsing
- lseek - integer overflow
- cmd: lxc-user-nic: change log macro & cleanups
- cmd: lxc-usernsexec reorder includes
- cmd: move declarations to macro.h
- cmd: use utils.{c,h} helpers in lxc-usernsexec
- cmd: simplify lxc-usernsexec
- cmd: use safe number parsers in lxc-usernsexec
- macro: add missing headers
- macro: add macvlan properties
- tools: Indicate container startup failure
- storage: exit() => _exit(). when exec is failed
- tools: lxc-wait: add default log priority & cleanups
- conf: fix path/lxcpath mixups in tty setup
- cmd: use goto for cleanup in lxc-usernsexec
- cmd: Do not reassign variable before it is used
- cmd: Reduce scope of 'count' variable
- cmd: Fix format issues found by clang-format
- list: fix indent
- utils: split into {file,string}_utils.{c,h}
- pam_cgfs: build from the same sources as liblxc
- conf: fix devpts mounting when fully unprivileged
- macro: s/rexit()/_exit()/g
- attach: move struct declaration to top
- macro: move macros from attach.c
- Makefile: don't allow undefined symbols
- autotools: check if compiler is new enough
- log: handle strerror_r() versions
- autotools: add --{disable,enable}-thread-safety
- log: fail build on ENFORCE_THREAD_SAFETY error
- {file,string}_utils: remove NO_LOG
- initutils: remove useless comment
- string_utils: remove unnecessary include
- string_utils: remove unused headers
- string_utils: add remove_trailing_slashes()
- Makefile: remove last pam_cgfs special-casing
- conf: add missing headers
- Fix typo
- ifaddrs: add safe implementation of getifaddrs()
- Makefile: conditionalize ifaddrs.h inclusion
- execute: skip lxc-init logging when unprivileged
- execute: pass /proc/self/fd/<nr>
- tests: cleanup get_item.c
- build: fix musl
- configure: reorder header checks
- compiler: add compiler.h header
- commands: return -1 on lxc_cmd_get_init_pid() err
- tests: add basic.c
- tests: cleanup Makefile
- commands: ensure -1 is sent on EPIPE for init pid
- macro: add LXC_AUDS_ADDR_LEN
- macro: move LXC_CMD_DATA_MAX from commands.h
- macro: add PTR_TO_INT() and INT_TO_PTR()
- macro: add INTTYPE_TO_STRLEN()
- caps: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
- cgfsng: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
- confile: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
- log: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
- lsm: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
- macro: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
- lxccontainer: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
- monitor: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
- network: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
- string_utils: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
- utils: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
- tools: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
- conf: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
- tests: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
- macro: final INTTYPE_TO_STRLEN() related cleanups
- macro: coding style fixes
- Makefile: correctly add ifaddrs to noinst_HEADERS
- start: remove duplicate macros
- caps: move macros to macro header
- string_utils: use UINT64_MAX macro
- tree-wide: use sizeof on static arrays
- Revert "tree-wide: use sizeof on static arrays"
- commands: pass around intmax_t
- commands: assign before converting to pointer
- macro: calculate buffer lengths correctly
- Revert "Revert "tree-wide: use sizeof on static arrays""
- macro: move MS_* macros
- caps: fix illegal access to array bound
- utils: defensive programming
- nl: remove duplicated define
- syntax error: mismatch brace
- commands: better error message
- file_utils: add lxc_recv_nointr()
- commands: switch to setting errno and returning -1
- log: do not clobber errno
- log: save errno on strerror_r()
- tree-wide: s/recv()
|
| Source diff to previous version |
| 1804755 |
SRU of LXC 3.0.3 (upstream bugfix release) |
|
|
lxc (3.0.2-0ubuntu1~18.04.1) bionic; urgency=medium
* New upstream bugfix release (LP: #1788457):
- CVE 2018-6556: verify netns fd in lxc-user-nic
- fixed a range of bugs found by Coverity
- lxc-usernsexec: cleanup and bugfixes
- log: add CMD_SYSINFO()
- log: add CMD_SYSERROR()
- state: s/sleep()/nanosleep()/
- lxclock: improve file locking
- lxccontainer: improve file locking
- lxccontainer: fix F_OFD_GETLK checks
- netlink: add __netlink_{send,recv,transaction}
- netns: allocate network namespace id
- MAINTAINERS: add Wolfgang Bumiller
- pam_cgfs: cleanups
- log: add default log priority
- tree-wide: pass unsigned long to prctl()
- macro: add new macro header
- conf: mount devpts without “max” on EINVAL
- tree-wide: handle EINTR in read() and write()
- tree-wide: replace pipe() with pipe2()
- confile: split mount options into flags and data
- conf: improve rootfs setup
- autotools: default to -Wvla -std=gnu11
- tree-wide: remove VLAs
- tree-wide: replace strtok_r() with lxc_iterate_parts()
- utils: add lxc_iterate_parts()
- apparmor: allow start-container to change to lxc-**
- apparmor: update current profiles
- apparmor: Allow /usr/lib* paths for mount and pivot_root
- conf: the atime flags are locked in userns
- conf: handle partially functional device nodes
- conf: create /dev directory
- autotools: build both a shared and static liblxc
- namespace: add api to convert namespaces to standard identifiers
- tree-wide: set MSG_NOSIGNAL
- tree-wide: use mknod() to create dummy files
- cgfsng: respect lxc.cgroup.use
- cgroups: remove is_crucial_cgroup_subsystem()
- tree-wide: remove unneeded log prefixes
- tests: cleanup all tests
- terminal: set FD_CLOEXEC on pty file descriptors
- conf: simplify lxc_setup_dev_console()
- tools: rework tools
- autodev: adapt to changes in Linux 4.18
- log: change DEBUG, INFO, TRACE, NOTICE macro using strerror to SYS* macro
- log: add lxc_log_strerror_r macro
- network: unpriv lxc will run lxc.net.[i].script.up now
- conf: only use newuidmap and newgidmap when necessary
- autotools: support tls in cross-compile
* Cherry-pick upstream fixes:
- 0002-tools-fix-lxc-execute-command-parsing.patch
- 0003-lseek-integer-overflow.patch
- 0004-cmd-lxc-usernsexec-reorder-includes.patch
- 0005-cmd-move-declarations-to-macro.h.patch
- 0006-cmd-use-utils.-c-h-helpers-in-lxc-usernsexec.patch
- 0007-cmd-simplify-lxc-usernsexec.patch
- 0008-cmd-use-safe-number-parsers-in-lxc-usernsexec.patch
- 0009-tools-Indicate-container-startup-failure.patch
- 0010-conf-fix-path-lxcpath-mixups-in-tty-setup.patch
- 0011-cmd-use-goto-for-cleanup-in-lxc-usernsexec.patch
- 0012-utils-split-into-file-string-_utils.-c-h.patch
- 0013-pam_cgfs-build-from-the-same-sources-as-liblxc.patch
- 0014-conf-fix-devpts-mounting-when-fully-unprivileged.patch
- 0015-macro-s-rexit-_exit-g.patch
- 0016-Makefile-don-t-allow-undefined-symbols.patch
- 0017-autotools-check-if-compiler-is-new-enough.patch
- 0018-log-handle-strerror_r-versions.patch
- 0019-autotools-add-disable-enable-thread-safety.patch
- 0020-log-fail-build-on-ENFORCE_THREAD_SAFETY-error.patch
- 0021-macro-add-missing-headers.patch
- 0022-execute-skip-lxc-init-logging-when-unprivileged.patch
- 0023-execute-pass-proc-self-fd-nr.patch
- 0024-commands-return-1-on-lxc_cmd_get_init_pid-err.patch
* Bump standards to 4.2.0
- Update lintian overrides
* Include new .a file into liblxc-dev
* Override GPG keyserver in autopkgtest
* Run autoreconf during autopkgtest
-- Stéphane Graber <email address hidden> Mon, 10 Sep 2018 14:43:52 -0400
|
| Source diff to previous version |
| 1788457 |
SRU of LXC 3.0.2 (upstream bugfix release) |
|
|
lxc (3.0.1-0ubuntu1~18.04.2) bionic-security; urgency=medium
* SECURITY UPDATE: lxc-user-nic allows for open() of arbitrary paths
(LP: #1783591)
- Ensure that the provided path is a netns reference
- CVE-2018-6556
-- Stéphane Graber <email address hidden> Wed, 01 Aug 2018 00:03:10 -0400
|
| Source diff to previous version |
| 1783591 |
lxc-user-nic allows unprivileged users to open arbitrary files |
| CVE-2018-6556 |
lxc-user-nic allows unprivileged users to open arbitrary files |
|
|
lxc (3.0.1-0ubuntu1~18.04.1) bionic; urgency=medium
* New upstream bugfix release (LP: #1775283):
- tools: fix unitialized variable
- storage: fix lvm fs uuid generation
- lxc-oci: fix Cmd/Entrypoint parsing
- lxc-oci: make umoci less verbose
- lxclock: use thread-safe OFD fcntl() locks
- locktests: fix test suite
- conf: ensure umounts don’t propagate to host
- doc: Tweak Japanese translation in lxc.container.conf(5)
- fix signal sending in lxc.init
- rootfs pinning: On NFS, make file hidden but don’t delete it
- conf: fix temporary file creation
- ringbuf: fix temporary file creation
- Fix compilation with static libcap and shared gnutls
- attach: always drop supplementary groups
- lxc init: remove dead code
- storage/rsync: free memory on error
- tools/utils: free memory on error
- lxc init: coding style
- utils: define __NR_setns if missing on old glibcs
- attach: try to always drop supplementary groups
- conf: ret-try devpts mount without gid=5 on error
- execute: fix app containers without root mapping
- conf: fix net type checks in run_script_argv()
- seccomp: handle arch inversion
- seccomp: handle all errors
- seccomp: cleanup compat architecture handling
- seccomp: improve logging
- tools: document -d/–daemonize for lxc-execute
- seccomp: non-functional changes
- seccomp: handle arch inversion II
- lxc-oci: mkdir the download directory
- do_lxcapi_create: set umask
- lxc/tools/lxc_monitor: include missing <stddef.h>
- pam-cgfs: ignore the system umask when creating the cgroup hierarchy
- Also pass action scripts to CRIU on checkpointing
- Fix the memory leak in cgfsng_attach
- Fix memory leak in list_active_containers
- Fix tool_utils.c build when HAVE_SETNS is unset
- coverity: #1435210
- coverity: #1435208
- coverity: #1435207
- coverity: #1435206
- coverity: #1435205
- coverity: #1435203
- coverity: #1435200
- coverity: #1435198
- coverity: #1426734
- lxccontainer: non-functional changes
- lxccontainer: use thread-safe OFD locks
- lxccontainer: non-functional changes
- lxccontainer: do_lxcapi_is_running()
- lxccontainer: do_lxcapi_freeze()
- lxccontainer: do_lxcapi_unfreeze()
- lxccontainer: non-functional changes
- lxccontainer: use thread-safe open() + write()
- lxccontainer: non-functional changes
- lxccontainer: non-functional changes
- lxccontainer: non-functional changes
- coverity: #1435263
- fix logic for execute log file
- utils: add LXC_PROC_PID_FD_LEN
- execute: use static buffer
- execute: do not check inherited fds again
- add some TRACE/ERROR reporting
- execute: account for -o path option count
- execute: set init_path when existing init is found
- genl: remove
- coverity: #1248104
- coverity: #1248105
- coverity: #1425744
- utils: account for terminating \0 byte
- confile: satisfy gcc-8
- network: silence gcc-8
- network: adhere to IFNAMSIZ limit
- support case ignored suffix for sizes
- utils: fix parse_byte_size_string() coding style
- strlcpy: add strlcpy() implementation
- tree-wide: s/strncpy()/strlcpy()/g
- CODING_STYLE: add section about using strlcpy()
- tools: s/strncpy()/strlcpy()/g
- Revert “tools: s/strncpy()/strlcpy()/g”
- tools: s/strncpy()/memcpy()/
- doc: Add “-d/–daemon” option to Japanese lxc-execute(1)
- doc: Fix size unit style in Japanese lxc.container.conf(5)
- coverity: #1435604
- coverity: #1435603
- coverity: #1435602
- coverity: #1425844
- config: allow read-write /sys in user namespace
- coverity: #1425836
- coverity: #1248106
- capabilities: raise ambient capabilities
- coverity: #1425802
- cgroups: refactor cgroup handling
- cgroups: remove freezer_state()
- seccomp: #ifdef SCMP_ARCH_AARCH64
- conf: simplify write_id_mapping()
- log: enable per-thread container name prefix
- lxc-init: skip signals that can’t be caught
- execute: use execveat() syscall if supported
- tools: only create log file when requested
- seccomp: fix off-by-one error in array allocation for sscanf
- seccomp: remove confusing comment line
- seccomp: remove unnecessary memset
- seccomp: fix type mismatch when parsing syscall arguments filters
- lxcseccomp: cleanup header
- seccomp: parse_config_v1()
- utils: add remove_trailing_newlines()
- seccomp: get_v2_default_action()
- seccomp: get_action_name()
- seccomp: get_v2_action()
- seccomp: fix get_seccomp_arg_value()
- seccomp: parse_v2_rules()
- seccomp: move #ifdefines
- seccomp: get_hostarch()
- seccomp: scmp_filter_ctx get_new_ctx()
- seccomp: do_resolve_add_rule()
- seccomp: parse_config_v2()
- seccomp: parse_config()
- seccomp: lxc_read_seccomp_config()
- tree-wide: s/sigprocmask/pthread_sigmask()/g
- utils: fix task_blocking_signal()
- lxccontainer: fix fd leaks when sending signals
- confile: order architectures
- start: log setns() failure
- seccomp: leak fixup
- seccomp: re-add action parse error handling
- seccomp: refactor line handling of parse_config
- seccomp: error on unrecognized actions
- seccomp: lxc_read_seccomp_config()
- seccomp: parse_v2_rules()
- seccomp: make do_resolve_add_rule() more strict
- tools: fix lxc-create with global config value
- tools: fix lxc-create with global config value II
- coverity: #1435806
- coverity: #1435805
- coverity: #1435803
- coverity: #1435747
- conf: non-functional changes
- conf: make is_execute a boolean
- conf: non-functional changes
- conf: make close_all_fds a boolean
- conf: reshuffle mount members
- conf: simplify tty handling
- conf: pts -> pty_max
- conf: non-
|
| 1775283 |
SRU of LXC 3.0.1 (upstream bugfix release) |
|
About
-
Send Feedback to @ubuntu_updates
