[lxc/lxc] 8ab6ad: lxc/conf,start: fix setting container_ttys environ...
2 views
Skip to first unread message
![dependabot[bot]'s profile photo](https://lh3.googleusercontent.com/a/default-user=s40-c)
dependabot[bot]
Aug 12, 2025, 11:26:35 PMAug 12
to lxc-...@lists.linuxcontainers.org
Branch: refs/heads/stable-6.0
Home: https://github.com/lxc/lxc
Commit: 8ab6ad25b596e02a37f9578175991fc6e7dc7420
https://github.com/lxc/lxc/commit/8ab6ad25b596e02a37f9578175991fc6e7dc7420
Author: Roman Azarenko <roman.az...@genexis.eu>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M src/lxc/conf.c
M src/lxc/start.c
Log Message:
-----------
lxc/conf,start: fix setting container_ttys environment variable
Commit eae44ce19931 ("conf: fix append_ttyname()") changed the format
of `conf->ttys.tty_names`, where the `container_ttys=` prefix was
removed.
This seems to have been taken into account in `lxc_create_ttys()` in
`src/lxc/conf.c`, however that's not enough. `do_start()` in
`src/lxc/start.c` clears the environment, and then does `putenv(...)`
directly on the value of `tty_names`. As it no longer has the
`container_ttys=` prefix, this call doesn't have the intended effect.
This behaviour is also confirmed via `ltrace` when doing `lxc-start`:
[pid 53587] liblxc.so.1->setenv("container_ttys", "pts/1 pts/2 pts/3 pts/4", 1) = 0
[pid 53587] liblxc.so.1->clearenv(0, 1, 0, 0) = 0
[pid 53587] liblxc.so.1->putenv("container=lxc") = 0
[pid 53587] liblxc.so.1->putenv("pts/1 pts/2 pts/3 pts/4") = 0
Given that `do_start()` clears the environment anyway, there is no
reason for another `setenv()` call in `lxc_create_ttys()`, and a fix
is required for `putenv()` in `do_start()`.
Change the `putenv()` call to `setenv()` in `do_start()` to account
for the change of format in `conf->ttys.tty_names`. Remove extraneous
`setenv()` from `lxc_create_ttys()`.
Fixes #4198
Fixes: eae44ce19931 ("conf: fix append_ttyname()")
Signed-off-by: Roman Azarenko <roman.az...@genexis.eu>
Commit: 1541bd8f2e125a9fc8896e2a6ddd5dbd0413ea2f
https://github.com/lxc/lxc/commit/1541bd8f2e125a9fc8896e2a6ddd5dbd0413ea2f
Author: Ian Merin <Ian....@ncipher.com>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M src/lxc/attach.c
M src/lxc/lsm/apparmor.c
Log Message:
-----------
re-add onexec for apparmor, move label assumption until after container has been setup for attach
Signed-off-by: Ian Merin <Ian....@ncipher.com>
Commit: cbe34bcc2fbcd8ad685514f97392e84ffe8acf75
https://github.com/lxc/lxc/commit/cbe34bcc2fbcd8ad685514f97392e84ffe8acf75
Author: Serge Hallyn <se...@hallyn.com>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M src/tests/aa.c
Log Message:
-----------
apparmor test: add an overlay container start
make sure that when we start an overlay container, the
init pid is aa-confined.
Signed-off-by: Serge Hallyn <se...@hallyn.com>
Commit: e35133a543f9b789180c9e0c4ccd86c57880f719
https://github.com/lxc/lxc/commit/e35133a543f9b789180c9e0c4ccd86c57880f719
Author: Simon Deziel <simon....@canonical.com>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M meson.build
Log Message:
-----------
meson.build: remove quirk for Ubuntu 14.04 libcap-dev
After some research, it seems that Ubuntu 14.10's libcap-dev package corrected
the mistake and shiped the `.pc` file.
Both Ubuntu releases are very old now so remove the workaround.
Signed-off-by: Simon Deziel <simon....@canonical.com>
Commit: b12d1bf8967ec56cff4b8fb65cecf5ad0636db74
https://github.com/lxc/lxc/commit/b12d1bf8967ec56cff4b8fb65cecf5ad0636db74
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M src/tests/lxc-test-apparmor-generated
Log Message:
-----------
src/tests/lxc-test-apparmor-generated: enable test
Remove "exit 0" at the beginning of a test to make it actually run.
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: 601576a088d61ce7fb1dcc6ebf3ce359c565c975
https://github.com/lxc/lxc/commit/601576a088d61ce7fb1dcc6ebf3ce359c565c975
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M src/tests/lxc-test-apparmor-mount
Log Message:
-----------
src/tests/lxc-test-apparmor-mount: prevent fail on cleanup path
/run/user/$(id -u $TUSER) is a mountpoint for tmpfs, rm -rf
may fail with EBUSY errno. We should mask it and prevent test from marked
as failed because of this.
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: e6bce2a2df73209080ac4be3dfa9f00587342782
https://github.com/lxc/lxc/commit/e6bce2a2df73209080ac4be3dfa9f00587342782
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M src/tests/lxc-test-unpriv
Log Message:
-----------
src/tests/lxc-test-unpriv: prevent fail on cleanup path
/run/user/$(id -u $TUSER) is a mountpoint for tmpfs, rm -rf
may fail with EBUSY errno. We should mask it and prevent test from marked
as failed because of this.
Also add set -x to make debugging easier in case of failures.
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: c42951b71d927b7e95381a62c82e57b22c097729
https://github.com/lxc/lxc/commit/c42951b71d927b7e95381a62c82e57b22c097729
Author: Stéphane Graber <stgr...@stgraber.org>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M src/lxc/conf.c
Log Message:
-----------
conf: Add support for "move" mount flag
Signed-off-by: Stéphane Graber <stgr...@stgraber.org>
Commit: 859f736f09b28dfed3f49fb6e3e643ba2dceb768
https://github.com/lxc/lxc/commit/859f736f09b28dfed3f49fb6e3e643ba2dceb768
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M src/lxc/conf.c
M src/lxc/macro.h
M src/lxc/mount_utils.h
Log Message:
-----------
lxc/conf: support nosymfollow mount flag
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: 9041ae31379d74656b1b19aa81010e3dcb17a8d3
https://github.com/lxc/lxc/commit/9041ae31379d74656b1b19aa81010e3dcb17a8d3
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M src/lxc/conf.c
Log Message:
-----------
lxc/conf: support flag kind of mount options in lxc.mount.entry options
Currently, if user wants to use a flag-like mount option in lxc.mount.entry,
for example "userxattr" with overlayfs then it will be silently ignored.
Let's fix that by making parse_vfs_attr() to process all mount options.
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: ab55d52a526696fa4529f95b5566674cf656d8f7
https://github.com/lxc/lxc/commit/ab55d52a526696fa4529f95b5566674cf656d8f7
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M src/tests/oss-fuzz.sh
Log Message:
-----------
src/tests/oss-fuzz: pin meson to 1.7.2 to workaround build failures
See also
https://github.com/google/oss-fuzz/pull/13286/commits/093b2480ce44c38c2418c20df2212f56b9e7fbd2
Thanks to Evgeny Vereshchagin
Fixes: #4551
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: e9980ac905ce4cc11748e7ddbb9d5236815c2028
https://github.com/lxc/lxc/commit/e9980ac905ce4cc11748e7ddbb9d5236815c2028
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M src/lxc/attach.c
M src/lxc/lsm/apparmor.c
Log Message:
-----------
Revert "re-add onexec for apparmor, move label assumption until after container has been setup for attach"
This reverts commit 50dee37cfe3201ed51f477356f81941c960a5511.
Fixes: #4553
Bisected-by: Simon Deziel <simon....@canonical.com>
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: e4cddef06f49aeea01cf8965cd7d19ac9a48d54d
https://github.com/lxc/lxc/commit/e4cddef06f49aeea01cf8965cd7d19ac9a48d54d
Author: Mathias Gibbens <gib...@debian.org>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M config/bash/_lxc.in
M src/lxc/confile.c
M src/tests/arch_parse.c
Log Message:
-----------
Add loong64 to list of recognized architectures
Debian refers to the loong architecture as "loong64".
Signed-off-by: Mathias Gibbens <gib...@debian.org>
Commit: 4da694582cd4ad416579bdfac34f4e66640fc4d6
https://github.com/lxc/lxc/commit/4da694582cd4ad416579bdfac34f4e66640fc4d6
Author: Roman Azarenko <roman.az...@genexis.eu>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M meson.build
Log Message:
-----------
meson.build: set `LXC_DISTRO_SYSCONF` when `-Dspecfile=true`
Before the change, the `setup` meson step would fail when disabling the
`install-init-files` option:
$ meson setup -Dinstall-init-files=false build
<snip>
meson.build:936:44: ERROR: Entry LXC_DISTRO_SYSCONF not in configuration data.
This is because setting the `LXC_DISTRO_SYSCONF` option is conditional
and requires `install-init-files` to be enabled.
Meanwhile the `specfile` option (default enabled) also requires the
variable above, resulting in a failure when it is unset.
Amend the conditional to also set `LXC_DISTRO_SYSCONF` when `specfile`
option is `true`.
Fixes: 872db5424363 ("build: add more options for customizing install")
Signed-off-by: Roman Azarenko <roman.az...@genexis.eu>
Commit: 85c5312be6f64e45b1c008467ca4e676f386a8f9
https://github.com/lxc/lxc/commit/85c5312be6f64e45b1c008467ca4e676f386a8f9
Author: Li Lu <14874...@qq.com>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M meson.build
Log Message:
-----------
meson.build: fix checks for fsconfig and calls
move Headers checks up to Calls. keep fsconfig checks on openSUSE #4176
Signed-off-by: Li Lu <14874...@qq.com>
Commit: 032290ec8cb922e77734f5563e88686583ad051f
https://github.com/lxc/lxc/commit/032290ec8cb922e77734f5563e88686583ad051f
Author: DreamConnected <14874...@qq.com>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M meson.build
Log Message:
-----------
meson.build: use has_header_symbol() instead of get_define() to improve compatibility
Signed-off-by: DreamConnected <14874...@qq.com>
Commit: 7111f9d83b8068542b22223228eca853f47df5f2
https://github.com/lxc/lxc/commit/7111f9d83b8068542b22223228eca853f47df5f2
Author: Li Lu <14874...@qq.com>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M meson.build
M src/lxc/process_utils.h
Log Message:
-----------
lxc/process_utils.h: use strsignal() or sys_siglist[] for Non-GNU distros
use strsignal() for Non-GNU and sys_siglist[] for nothing, even if sys_siglist[] has been marked as deprecated by Glibc
Signed-off-by: Li Lu <14874...@qq.com>
Commit: 98ebede63c587badf2bc77c1ba8c50dbf4db7d68
https://github.com/lxc/lxc/commit/98ebede63c587badf2bc77c1ba8c50dbf4db7d68
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M src/lxc/lxccontainer.c
M src/lxc/utils.c
M src/lxc/utils.h
Log Message:
-----------
lxc/lxccontainer: stop printing misleading errors in enter_net_ns()
In enter_net_ns() we try to enter network namespace at first, before
entering a user namespace to support inherited netns case properly.
It is expected to get EPERM for unprivileged container with non-shared
network namespace at first try. Let's take this into account
and stop misleading users with these error messages.
Link: https://discuss.linuxcontainers.org/t/lxc-ls-fancy-command-shows-operation-not-permitted/24080
Fixes: 3011e79f92ef ("lxccontainer: fix enter_net_ns helper to work when netns is inherited")
Fixes: #4560
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: 0bf6aedf0801b7da5d464cbb935be9b125ac9ba8
https://github.com/lxc/lxc/commit/0bf6aedf0801b7da5d464cbb935be9b125ac9ba8
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M src/tests/lxc-test-rootfs
Log Message:
-----------
tests/lxc-test-rootfs: add idmapped rootfs testcase
I've discovered that we have no test coverage for rootfs
"lxc.rootfs.options = idmap=container" at all.
Let's add this basic test at least.
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: 7a94d11d97da2c5daf61f7a02d2fa7df3e1d9388
https://github.com/lxc/lxc/commit/7a94d11d97da2c5daf61f7a02d2fa7df3e1d9388
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M src/tests/lxc-test-snapdeps
Log Message:
-----------
tests/lxc-test-snapdeps: try to load overlay kernel module
We don't want test to be skipped just because overlay module
isn't loaded yet.
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: 97eeb8a9a682cc95d7bc41e260f90276447d4e8b
https://github.com/lxc/lxc/commit/97eeb8a9a682cc95d7bc41e260f90276447d4e8b
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M src/lxc/network.c
Log Message:
-----------
lxc/network: null-terminate ifname string in lxc_network_recv_name_and_ifindex_from_child()
Fixes: Coverity 1486538
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: 93a06e70f7cba452d0e43c006bf01d8fa85218cd
https://github.com/lxc/lxc/commit/93a06e70f7cba452d0e43c006bf01d8fa85218cd
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M src/lxc/conf.c
Log Message:
-----------
lxc/conf: do not leak opts.data memory in __lxc_idmapped_mounts_child()
Fixes: Coverity 1641425
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: a0fb994a5e6040a1db8e6a6e863c964755cc75c6
https://github.com/lxc/lxc/commit/a0fb994a5e6040a1db8e6a6e863c964755cc75c6
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M .github/workflows/builds.yml
M .github/workflows/coverity.yml
M .github/workflows/tests.yml
Log Message:
-----------
build(deps): bump actions/checkout from 4 to 5
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <sup...@github.com>
Compare: https://github.com/lxc/lxc/compare/b185e523fc43...a0fb994a5e60
To unsubscribe from these emails, change your notification settings at https://github.com/lxc/lxc/settings/notifications
Home: https://github.com/lxc/lxc
Commit: 8ab6ad25b596e02a37f9578175991fc6e7dc7420
https://github.com/lxc/lxc/commit/8ab6ad25b596e02a37f9578175991fc6e7dc7420
Author: Roman Azarenko <roman.az...@genexis.eu>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M src/lxc/conf.c
M src/lxc/start.c
Log Message:
-----------
lxc/conf,start: fix setting container_ttys environment variable
Commit eae44ce19931 ("conf: fix append_ttyname()") changed the format
of `conf->ttys.tty_names`, where the `container_ttys=` prefix was
removed.
This seems to have been taken into account in `lxc_create_ttys()` in
`src/lxc/conf.c`, however that's not enough. `do_start()` in
`src/lxc/start.c` clears the environment, and then does `putenv(...)`
directly on the value of `tty_names`. As it no longer has the
`container_ttys=` prefix, this call doesn't have the intended effect.
This behaviour is also confirmed via `ltrace` when doing `lxc-start`:
[pid 53587] liblxc.so.1->setenv("container_ttys", "pts/1 pts/2 pts/3 pts/4", 1) = 0
[pid 53587] liblxc.so.1->clearenv(0, 1, 0, 0) = 0
[pid 53587] liblxc.so.1->putenv("container=lxc") = 0
[pid 53587] liblxc.so.1->putenv("pts/1 pts/2 pts/3 pts/4") = 0
Given that `do_start()` clears the environment anyway, there is no
reason for another `setenv()` call in `lxc_create_ttys()`, and a fix
is required for `putenv()` in `do_start()`.
Change the `putenv()` call to `setenv()` in `do_start()` to account
for the change of format in `conf->ttys.tty_names`. Remove extraneous
`setenv()` from `lxc_create_ttys()`.
Fixes #4198
Fixes: eae44ce19931 ("conf: fix append_ttyname()")
Signed-off-by: Roman Azarenko <roman.az...@genexis.eu>
Commit: 1541bd8f2e125a9fc8896e2a6ddd5dbd0413ea2f
https://github.com/lxc/lxc/commit/1541bd8f2e125a9fc8896e2a6ddd5dbd0413ea2f
Author: Ian Merin <Ian....@ncipher.com>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M src/lxc/attach.c
M src/lxc/lsm/apparmor.c
Log Message:
-----------
re-add onexec for apparmor, move label assumption until after container has been setup for attach
Signed-off-by: Ian Merin <Ian....@ncipher.com>
Commit: cbe34bcc2fbcd8ad685514f97392e84ffe8acf75
https://github.com/lxc/lxc/commit/cbe34bcc2fbcd8ad685514f97392e84ffe8acf75
Author: Serge Hallyn <se...@hallyn.com>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M src/tests/aa.c
Log Message:
-----------
apparmor test: add an overlay container start
make sure that when we start an overlay container, the
init pid is aa-confined.
Signed-off-by: Serge Hallyn <se...@hallyn.com>
Commit: e35133a543f9b789180c9e0c4ccd86c57880f719
https://github.com/lxc/lxc/commit/e35133a543f9b789180c9e0c4ccd86c57880f719
Author: Simon Deziel <simon....@canonical.com>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M meson.build
Log Message:
-----------
meson.build: remove quirk for Ubuntu 14.04 libcap-dev
After some research, it seems that Ubuntu 14.10's libcap-dev package corrected
the mistake and shiped the `.pc` file.
Both Ubuntu releases are very old now so remove the workaround.
Signed-off-by: Simon Deziel <simon....@canonical.com>
Commit: b12d1bf8967ec56cff4b8fb65cecf5ad0636db74
https://github.com/lxc/lxc/commit/b12d1bf8967ec56cff4b8fb65cecf5ad0636db74
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M src/tests/lxc-test-apparmor-generated
Log Message:
-----------
src/tests/lxc-test-apparmor-generated: enable test
Remove "exit 0" at the beginning of a test to make it actually run.
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: 601576a088d61ce7fb1dcc6ebf3ce359c565c975
https://github.com/lxc/lxc/commit/601576a088d61ce7fb1dcc6ebf3ce359c565c975
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M src/tests/lxc-test-apparmor-mount
Log Message:
-----------
src/tests/lxc-test-apparmor-mount: prevent fail on cleanup path
/run/user/$(id -u $TUSER) is a mountpoint for tmpfs, rm -rf
may fail with EBUSY errno. We should mask it and prevent test from marked
as failed because of this.
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: e6bce2a2df73209080ac4be3dfa9f00587342782
https://github.com/lxc/lxc/commit/e6bce2a2df73209080ac4be3dfa9f00587342782
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M src/tests/lxc-test-unpriv
Log Message:
-----------
src/tests/lxc-test-unpriv: prevent fail on cleanup path
/run/user/$(id -u $TUSER) is a mountpoint for tmpfs, rm -rf
may fail with EBUSY errno. We should mask it and prevent test from marked
as failed because of this.
Also add set -x to make debugging easier in case of failures.
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: c42951b71d927b7e95381a62c82e57b22c097729
https://github.com/lxc/lxc/commit/c42951b71d927b7e95381a62c82e57b22c097729
Author: Stéphane Graber <stgr...@stgraber.org>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M src/lxc/conf.c
Log Message:
-----------
conf: Add support for "move" mount flag
Signed-off-by: Stéphane Graber <stgr...@stgraber.org>
Commit: 859f736f09b28dfed3f49fb6e3e643ba2dceb768
https://github.com/lxc/lxc/commit/859f736f09b28dfed3f49fb6e3e643ba2dceb768
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M src/lxc/conf.c
M src/lxc/macro.h
M src/lxc/mount_utils.h
Log Message:
-----------
lxc/conf: support nosymfollow mount flag
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: 9041ae31379d74656b1b19aa81010e3dcb17a8d3
https://github.com/lxc/lxc/commit/9041ae31379d74656b1b19aa81010e3dcb17a8d3
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M src/lxc/conf.c
Log Message:
-----------
lxc/conf: support flag kind of mount options in lxc.mount.entry options
Currently, if user wants to use a flag-like mount option in lxc.mount.entry,
for example "userxattr" with overlayfs then it will be silently ignored.
Let's fix that by making parse_vfs_attr() to process all mount options.
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: ab55d52a526696fa4529f95b5566674cf656d8f7
https://github.com/lxc/lxc/commit/ab55d52a526696fa4529f95b5566674cf656d8f7
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M src/tests/oss-fuzz.sh
Log Message:
-----------
src/tests/oss-fuzz: pin meson to 1.7.2 to workaround build failures
See also
https://github.com/google/oss-fuzz/pull/13286/commits/093b2480ce44c38c2418c20df2212f56b9e7fbd2
Thanks to Evgeny Vereshchagin
Fixes: #4551
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: e9980ac905ce4cc11748e7ddbb9d5236815c2028
https://github.com/lxc/lxc/commit/e9980ac905ce4cc11748e7ddbb9d5236815c2028
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M src/lxc/attach.c
M src/lxc/lsm/apparmor.c
Log Message:
-----------
Revert "re-add onexec for apparmor, move label assumption until after container has been setup for attach"
This reverts commit 50dee37cfe3201ed51f477356f81941c960a5511.
Fixes: #4553
Bisected-by: Simon Deziel <simon....@canonical.com>
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: e4cddef06f49aeea01cf8965cd7d19ac9a48d54d
https://github.com/lxc/lxc/commit/e4cddef06f49aeea01cf8965cd7d19ac9a48d54d
Author: Mathias Gibbens <gib...@debian.org>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M config/bash/_lxc.in
M src/lxc/confile.c
M src/tests/arch_parse.c
Log Message:
-----------
Add loong64 to list of recognized architectures
Debian refers to the loong architecture as "loong64".
Signed-off-by: Mathias Gibbens <gib...@debian.org>
Commit: 4da694582cd4ad416579bdfac34f4e66640fc4d6
https://github.com/lxc/lxc/commit/4da694582cd4ad416579bdfac34f4e66640fc4d6
Author: Roman Azarenko <roman.az...@genexis.eu>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M meson.build
Log Message:
-----------
meson.build: set `LXC_DISTRO_SYSCONF` when `-Dspecfile=true`
Before the change, the `setup` meson step would fail when disabling the
`install-init-files` option:
$ meson setup -Dinstall-init-files=false build
<snip>
meson.build:936:44: ERROR: Entry LXC_DISTRO_SYSCONF not in configuration data.
This is because setting the `LXC_DISTRO_SYSCONF` option is conditional
and requires `install-init-files` to be enabled.
Meanwhile the `specfile` option (default enabled) also requires the
variable above, resulting in a failure when it is unset.
Amend the conditional to also set `LXC_DISTRO_SYSCONF` when `specfile`
option is `true`.
Fixes: 872db5424363 ("build: add more options for customizing install")
Signed-off-by: Roman Azarenko <roman.az...@genexis.eu>
Commit: 85c5312be6f64e45b1c008467ca4e676f386a8f9
https://github.com/lxc/lxc/commit/85c5312be6f64e45b1c008467ca4e676f386a8f9
Author: Li Lu <14874...@qq.com>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M meson.build
Log Message:
-----------
meson.build: fix checks for fsconfig and calls
move Headers checks up to Calls. keep fsconfig checks on openSUSE #4176
Signed-off-by: Li Lu <14874...@qq.com>
Commit: 032290ec8cb922e77734f5563e88686583ad051f
https://github.com/lxc/lxc/commit/032290ec8cb922e77734f5563e88686583ad051f
Author: DreamConnected <14874...@qq.com>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M meson.build
Log Message:
-----------
meson.build: use has_header_symbol() instead of get_define() to improve compatibility
Signed-off-by: DreamConnected <14874...@qq.com>
Commit: 7111f9d83b8068542b22223228eca853f47df5f2
https://github.com/lxc/lxc/commit/7111f9d83b8068542b22223228eca853f47df5f2
Author: Li Lu <14874...@qq.com>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M meson.build
M src/lxc/process_utils.h
Log Message:
-----------
lxc/process_utils.h: use strsignal() or sys_siglist[] for Non-GNU distros
use strsignal() for Non-GNU and sys_siglist[] for nothing, even if sys_siglist[] has been marked as deprecated by Glibc
Signed-off-by: Li Lu <14874...@qq.com>
Commit: 98ebede63c587badf2bc77c1ba8c50dbf4db7d68
https://github.com/lxc/lxc/commit/98ebede63c587badf2bc77c1ba8c50dbf4db7d68
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M src/lxc/lxccontainer.c
M src/lxc/utils.c
M src/lxc/utils.h
Log Message:
-----------
lxc/lxccontainer: stop printing misleading errors in enter_net_ns()
In enter_net_ns() we try to enter network namespace at first, before
entering a user namespace to support inherited netns case properly.
It is expected to get EPERM for unprivileged container with non-shared
network namespace at first try. Let's take this into account
and stop misleading users with these error messages.
Link: https://discuss.linuxcontainers.org/t/lxc-ls-fancy-command-shows-operation-not-permitted/24080
Fixes: 3011e79f92ef ("lxccontainer: fix enter_net_ns helper to work when netns is inherited")
Fixes: #4560
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: 0bf6aedf0801b7da5d464cbb935be9b125ac9ba8
https://github.com/lxc/lxc/commit/0bf6aedf0801b7da5d464cbb935be9b125ac9ba8
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M src/tests/lxc-test-rootfs
Log Message:
-----------
tests/lxc-test-rootfs: add idmapped rootfs testcase
I've discovered that we have no test coverage for rootfs
"lxc.rootfs.options = idmap=container" at all.
Let's add this basic test at least.
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: 7a94d11d97da2c5daf61f7a02d2fa7df3e1d9388
https://github.com/lxc/lxc/commit/7a94d11d97da2c5daf61f7a02d2fa7df3e1d9388
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M src/tests/lxc-test-snapdeps
Log Message:
-----------
tests/lxc-test-snapdeps: try to load overlay kernel module
We don't want test to be skipped just because overlay module
isn't loaded yet.
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: 97eeb8a9a682cc95d7bc41e260f90276447d4e8b
https://github.com/lxc/lxc/commit/97eeb8a9a682cc95d7bc41e260f90276447d4e8b
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M src/lxc/network.c
Log Message:
-----------
lxc/network: null-terminate ifname string in lxc_network_recv_name_and_ifindex_from_child()
Fixes: Coverity 1486538
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: 93a06e70f7cba452d0e43c006bf01d8fa85218cd
https://github.com/lxc/lxc/commit/93a06e70f7cba452d0e43c006bf01d8fa85218cd
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M src/lxc/conf.c
Log Message:
-----------
lxc/conf: do not leak opts.data memory in __lxc_idmapped_mounts_child()
Fixes: Coverity 1641425
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: a0fb994a5e6040a1db8e6a6e863c964755cc75c6
https://github.com/lxc/lxc/commit/a0fb994a5e6040a1db8e6a6e863c964755cc75c6
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M .github/workflows/builds.yml
M .github/workflows/coverity.yml
M .github/workflows/tests.yml
Log Message:
-----------
build(deps): bump actions/checkout from 4 to 5
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <sup...@github.com>
Compare: https://github.com/lxc/lxc/compare/b185e523fc43...a0fb994a5e60
To unsubscribe from these emails, change your notification settings at https://github.com/lxc/lxc/settings/notifications
Reply all
Reply to author
Forward
0 new messages