[meta-virtualization] LXC 3.1 in thud?

Nordqvist, Therese TNordqvist at luxoft.com
Thu Feb 7 02:42:01 PST 2019


Hello,


I have looked through the release notes for both the 3.0.3 and the 3.1.0 releases.

We have tested both the thud and master branches for meta-virtualization and it turns out we do not need the LXC 3.1.0 features or the 3.0.3 bugfixes for our project (at this time).

It is more of a case of "nice to have the same version of LXC on both thud and master" for us.


I am including a list of changes for the LXC releases in case someone else sees something they need.


Highlights for 3.0.3 (bugfixes):

 * Improved our default build flags to make use of compiler hardening
 * Added support for netlink strict property checking on newer kernels
 * Added support for new netlink interface/address netns API
 * Added handling of the kernel keyring on startup


Summary of features added in 3.1.0:

 * enable various remount options with AppArmor

 * support NETLINK_DUMP_STRICT_CHK

 * allocate new keyring on startup

 * full cgroup2 support

 * implement efficient way to retrieve network devices and addresses from containers

 * introduce lxc_has_api_extension() into the API

 * add lxc.cgroup.relative configuration key

 * allocate new network namespace identifier on startup

 * add lxc.rootfs.managed configuration key

 * removal of all VLAs

 * AppArmor profile generation

 * add mount injection api

 * add lxc.monitor.signal.pdeath configuration key

 * build a shared and static liblxc library

 * adapt to mknod() changes in Linux Kernel 4.18

 * use execveat() to execute application containers

 * enable per-thread container name prefix when logging

 * refactor cgroup handling

 * raise ambient capabilities when running hooks

 * allow to mount /sys rw in unprivileged containers

 * add strlcpy() and strlcat() and deprecate strncpy() and strncat()

 * compiler based hardening

 * thread-safety improvements

 * support application containers without uid 0 in the container

 * support devpts mounts on kernels without gid mount option



Best regards,
Therese Nordqvist
Software Engineer

Luxoft Sweden AB
Östra Hamngatan 16
411 09 Gothenburg
Sweden

M: +46 732 332464
E: TNordqvist at luxoft.com

luxoft.com

Registered Office Gothenburg, Sweden
Registration No. 556780-4199


________________________________
From: Bruce Ashfield <bruce.ashfield at gmail.com>
Sent: Wednesday, February 6, 2019 10:01 PM
To: Nordqvist, Therese
Cc: meta-virtualization at yoctoproject.org
Subject: Re: [meta-virtualization] LXC 3.1 in thud?

On Tue, Feb 5, 2019 at 10:22 AM Nordqvist, Therese
<TNordqvist at luxoft.com> wrote:
>
> Hello,
>
>
> I'm working in a project which uses meta-virtualization (http://pelux.io), do you know if there are any plans to include the LXC bump to 3.1.0 in the thud branch?

There currently aren't any plans to do a version bump in Thud. We tend
to leave the versions as-is in the maintained branches.
It looks like thud is missing the 3.0.3 and 3.1.x bumps that we have
in master, so there are at least two patches missing.

That being said, the missing version bumps are relatively minor and
are bug fixes/small changes to the project.

What feature are you looking for in particular ? Can you summarize the
changes between the versions and send
it to the list ? That way everyone can see the requested change to the
released branch and object if they think
there will be impacts.

Cheers,

Bruce

>
> https://git.yoctoproject.org/cgit/cgit.cgi/meta-virtualization/commit/?id=2387a8876e4aaa52143a623ae5000cf064e55a64
>
>
> If you are interesting in our github repo: https://github.com/Pelagicore/pelux-manifests
>
>
> Best regards,
> Therese Nordqvist
> Software Engineer
>
> Luxoft Sweden AB
> Östra Hamngatan 16
> 411 09 Gothenburg
> Sweden
>
> M: +46 732 332464
> E: TNordqvist at luxoft.com
>
> luxoft.com
>
> Registered Office Gothenburg, Sweden
> Registration No. 556780-4199
>
> ________________________________
>
> This e-mail and any attachment(s) are intended only for the recipient(s) named above and others who have been specifically authorized to receive them. They may contain confidential information. If you are not the intended recipient, please do not read this email or its attachment(s). Furthermore, you are hereby notified that any dissemination, distribution or copying of this e-mail and any attachment(s) is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender by replying to this e-mail and then delete this e-mail and any attachment(s) or copies thereof from your system. Thank you.
> --
> _______________________________________________
> meta-virtualization mailing list
> meta-virtualization at yoctoproject.org
> https://lists.yoctoproject.org/listinfo/meta-virtualization



--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II

________________________________

This e-mail and any attachment(s) are intended only for the recipient(s) named above and others who have been specifically authorized to receive them. They may contain confidential information. If you are not the intended recipient, please do not read this email or its attachment(s). Furthermore, you are hereby notified that any dissemination, distribution or copying of this e-mail and any attachment(s) is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender by replying to this e-mail and then delete this e-mail and any attachment(s) or copies thereof from your system. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/meta-virtualization/attachments/20190207/fd220588/attachment-0001.html>


More information about the meta-virtualization mailing list