[lxc/lxc] c0b40f: Add description for unprivileged containers to Jap...
0 views
Skip to first unread message
Serge Hallyn
Apr 29, 2026, 8:46:12 PMApr 29
to lxc-...@lists.linuxcontainers.org
Branch: refs/heads/stable-6.0
Home: https://github.com/lxc/lxc
Commit: c0b40fb734bfc58dafdb889f94f6a18d2c56a4ee
https://github.com/lxc/lxc/commit/c0b40fb734bfc58dafdb889f94f6a18d2c56a4ee
Author: KATOH Yasufumi <ka...@jazz.email.ne.jp>
Date: 2026-04-30 (Thu, 30 Apr 2026)
Changed paths:
M doc/ja/lxc.sgml.in
Log Message:
-----------
Add description for unprivileged containers to Japanese man page
Update for f085a8c
Signed-off-by: KATOH Yasufumi <ka...@jazz.email.ne.jp>
Commit: 4fb358e16a00153ad949aad15f659e4c520411fd
https://github.com/lxc/lxc/commit/4fb358e16a00153ad949aad15f659e4c520411fd
Author: KATOH Yasufumi <ka...@jazz.email.ne.jp>
Date: 2026-04-30 (Thu, 30 Apr 2026)
Changed paths:
M doc/ja/lxc-create.sgml.in
Log Message:
-----------
Add --rbuser to Japanese lxc-create(1)
Update for 9799eba
Signed-off-by: KATOH Yasufumi <ka...@jazz.email.ne.jp>
Commit: 6181360a1f8670df6eef6320f2d67d6bff972828
https://github.com/lxc/lxc/commit/6181360a1f8670df6eef6320f2d67d6bff972828
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date: 2026-04-30 (Thu, 30 Apr 2026)
Changed paths:
M .github/workflows/builds.yml
M .github/workflows/fuzzing.yml
Log Message:
-----------
build(deps): bump actions/upload-artifact from 6 to 7
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v6...v7)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-version: '7'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <sup...@github.com>
Commit: 8e640611ca56c3bf5dec074aa380e6d96be1029d
https://github.com/lxc/lxc/commit/8e640611ca56c3bf5dec074aa380e6d96be1029d
Author: Stéphane Graber <stgr...@stgraber.org>
Date: 2026-04-30 (Thu, 30 Apr 2026)
Changed paths:
M src/lxc/utils.c
Log Message:
-----------
utils: Add quotes around exec arguments
Reported-by: Korantin Auguste
Signed-off-by: Stéphane Graber <stgr...@stgraber.org>
Commit: 95e5d7bcea7ce38ade88767f647aa791656082f6
https://github.com/lxc/lxc/commit/95e5d7bcea7ce38ade88767f647aa791656082f6
Author: Stéphane Graber <stgr...@stgraber.org>
Date: 2026-04-30 (Thu, 30 Apr 2026)
Changed paths:
M src/lxc/utils.c
Log Message:
-----------
utils: Update buffer size to account for quotes
Signed-off-by: Stéphane Graber <stgr...@stgraber.org>
Commit: ef1439cca92d4864b2c35aa97ea3c78bf07c4206
https://github.com/lxc/lxc/commit/ef1439cca92d4864b2c35aa97ea3c78bf07c4206
Author: Stéphane Graber <stgr...@stgraber.org>
Date: 2026-04-30 (Thu, 30 Apr 2026)
Changed paths:
M src/lxc/utils.c
Log Message:
-----------
utils: Only single quote our own arguments
The user provided hook command may contain its own quoting, so keep that
one as is and only put quotes around the extra arguments that we control
ourselves.
Signed-off-by: Stéphane Graber <stgr...@stgraber.org>
Commit: 7496acdb92ccaa7f3049903a1a3093747d4b1872
https://github.com/lxc/lxc/commit/7496acdb92ccaa7f3049903a1a3093747d4b1872
Author: Alex Davis <alex...@yahoo.com>
Date: 2026-04-30 (Thu, 30 Apr 2026)
Changed paths:
M meson.build
Log Message:
-----------
Fix issue where pidfd_ functions were not being detected during meson setup.
Signed-off-by: Alex Davis <alex...@yahoo.com>
Commit: 1a13f4c9601218b7c6ddf64b0d73dcd359c23dcf
https://github.com/lxc/lxc/commit/1a13f4c9601218b7c6ddf64b0d73dcd359c23dcf
Author: Alex Davis <alex...@yahoo.com>
Date: 2026-04-30 (Thu, 30 Apr 2026)
Changed paths:
M meson.build
Log Message:
-----------
Fix issue where memfd functions were not being detected during meson setup.
Signed-off-by: Alex Davis <alex...@yahoo.com>
Commit: 329eb92ae50d3ee5526b4abaf98d923d30e97a62
https://github.com/lxc/lxc/commit/329eb92ae50d3ee5526b4abaf98d923d30e97a62
Author: akash-hadke <akash...@bmwtechworks.in>
Date: 2026-04-30 (Thu, 30 Apr 2026)
Changed paths:
M src/tests/mount_injection.c
Log Message:
-----------
tests: mount_injection: ensure cleanup on test failure
The mount_injection test was exiting immediately on failure without
calling lxc_teardown_shmount(), leaving /tmp/mount_injection_test
mounted and causing "Device or resource busy" errors when trying to
remove it.
Store the test result and ensure lxc_teardown_shmount() is always
called before exiting, even when tests fail.
Signed-off-by: akash-hadke <akash...@bmwtechworks.in>
Commit: 64b14dddf0464a597c65a5bd313f3b2b89698da4
https://github.com/lxc/lxc/commit/64b14dddf0464a597c65a5bd313f3b2b89698da4
Author: Alex Davis <alex...@yahoo.com>
Date: 2026-04-30 (Thu, 30 Apr 2026)
Changed paths:
M src/lxc/cgroups/cgfsng.c
Log Message:
-----------
cgroups: Skip systemd dbus logic when not using systemd
Signed-off-by: Alex Davis <alex...@yahoo.com>
Commit: cc6c03b50225b722a119b584a982c0460893cfd0
https://github.com/lxc/lxc/commit/cc6c03b50225b722a119b584a982c0460893cfd0
Author: Pierre-Elliott Bécue <p...@debian.org>
Date: 2026-04-30 (Thu, 30 Apr 2026)
Changed paths:
M config/apparmor/profiles/lxc-default-with-nesting
Log Message:
-----------
[nesting] Extend mount permissions in apparmor to allow systemd services' restrictions to work
These options allow systemd security features to work. In particular
cases, it helps with systemd-logind and program like this
It's only added in nesting profile as nesting implies some leniency
anyway. It would pose more risks in privileged or
unprivileged-without-nesting situations.
mount options=(rw,rbind) -> /run/systemd/mount-rootfs/,
mount options=(rw,rbind) -> /run/systemd/mount-rootfs/**,
mount options=(rw,rbind) -> /run/systemd/unit-root/,
mount options=(rw,rbind) -> /run/systemd/unit-root/**,
mount options=(rw,rshared) -> /,
mount options=(rw,nosuid,nodev,noexec) proc -> /run/systemd/unit-root/proc/,
Signed-off-by: Pierre-Elliott Bécue <p...@debian.org>
Commit: 9244a8d3224e7cd411ffc36b34af9ab8516241b7
https://github.com/lxc/lxc/commit/9244a8d3224e7cd411ffc36b34af9ab8516241b7
Author: Alexander Mikhalitsyn <aleksandr....@futurfusion.io>
Date: 2026-04-30 (Thu, 30 Apr 2026)
Changed paths:
M src/tests/get_item.c
M src/tests/lxc-test-checkpoint-restore
M src/tests/parse_config_file.c
Log Message:
-----------
tests: use lxc.cgroup2 instead of lxc.cgroup
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@futurfusion.io>
Commit: bdb2317b78b5fc09993a8e6bb971fc56e57af37d
https://github.com/lxc/lxc/commit/bdb2317b78b5fc09993a8e6bb971fc56e57af37d
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2026-04-30 (Thu, 30 Apr 2026)
Changed paths:
M src/lxc/lsm/apparmor.c
Log Message:
-----------
apparmor: allow nosymfollow remounts
We need this for new versions of systemd, because it heavily uses
MS_NOSYMFOLLOW these days.
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: 3a0823558334b8d0ace4d8e13c213c6176e0935f
https://github.com/lxc/lxc/commit/3a0823558334b8d0ace4d8e13c213c6176e0935f
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2026-04-30 (Thu, 30 Apr 2026)
Changed paths:
M config/apparmor/abstractions/container-base.in
Log Message:
-----------
apparmor: allow nosymfollow remounts
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: 1767f6bf400f3a2a49e7d4cdd061cc648e086b89
https://github.com/lxc/lxc/commit/1767f6bf400f3a2a49e7d4cdd061cc648e086b89
Author: Mathias Gibbens <gib...@debian.org>
Date: 2026-04-30 (Thu, 30 Apr 2026)
Changed paths:
M src/tests/lxc-test-lxc-attach
Log Message:
-----------
tests/lxc-test-lxc-attach: Increase sleep time
On riscv64 architectures, a single second sleep doesn't appear to be
sufficient to work around the busybox pipe closure bug, and the test
hangs forever. Increase to three seconds.
Signed-off-by: Mathias Gibbens <gib...@debian.org>
Commit: faf07d2cf11ed0178ec7b800a172ceb45a64fdf0
https://github.com/lxc/lxc/commit/faf07d2cf11ed0178ec7b800a172ceb45a64fdf0
Author: Serge Hallyn <se...@hallyn.com>
Date: 2026-04-30 (Thu, 30 Apr 2026)
Changed paths:
M src/lxc/storage/lvm.c
Log Message:
-----------
lvm.c: make sure tp gets freed
tp is __do_free. However, when we detect that it is not a thinpool,
we set it to NULL, so that it can't get freed on exit.
coverity id 1461741
Signed-off-by: Serge Hallyn <se...@hallyn.com>
Commit: 252d8361733e9ff149637b1feab4a5d1ab048098
https://github.com/lxc/lxc/commit/252d8361733e9ff149637b1feab4a5d1ab048098
Author: Serge Hallyn <se...@hallyn.com>
Date: 2026-04-30 (Thu, 30 Apr 2026)
Changed paths:
M src/lxc/storage/storage.c
Log Message:
-----------
Don't leak an open fd
The dfd_idmapped was being dup'd, but not freed.
If we ever change it so that storage_put closes the dfd_idmapped
fd, then we'll want to un-do this. For now, this is a kludgy way
to avoid leaking the open fd, but should work.
The new_rootfs->dfd_idmapped gets dup'd from
c->lxc_conf->rootfs.dfd_idmapped. new_rootfs eventually gets
assigned to new->rootfs (where new is a struct storage, usually
called 'bdev'). From here there are error paths which free the
bdev and return NULL, and a success path that returns bdev. But
neither the error path nor the caller do anything really with the
bdev, and storage_put() doesn't close that fd.
So close the dfd_idmapped in both paths.
Coverity id: 1641426
Signed-off-by: Serge Hallyn <se...@hallyn.com>
Commit: 9a68e2e134a1886aaa084129a3e065cee2d40ed9
https://github.com/lxc/lxc/commit/9a68e2e134a1886aaa084129a3e065cee2d40ed9
Author: Serge E. Hallyn <se...@hallyn.com>
Date: 2026-04-30 (Thu, 30 Apr 2026)
Changed paths:
M src/lxc/cmd/lxc_user_nic.c
Log Message:
-----------
lxc-user-nic: clarify and fix
Some variable names were a bit confusing in find_line and cull_entries.
Rename and document, and fix the flows using these.
It's possible that a more maintainable approach, long term, would be
to break these up differently: have one function create a neat
in memory data structure representing the files, and have the paths
currently using find_line and cull_entries peek into the data structures.
But i think this is pretty clear.
This fixes CVE-2026-39402
Signed-off-by: Serge E. Hallyn <se...@hallyn.com>
Reviewed-by: Alexander Mikhalitsyn <aleksandr....@futurfusion.io>
Commit: 5c5afa6e5e11926079ff632172d6f43c712fbe0e
https://github.com/lxc/lxc/commit/5c5afa6e5e11926079ff632172d6f43c712fbe0e
Author: Serge E. Hallyn <se...@hallyn.com>
Date: 2026-04-30 (Thu, 30 Apr 2026)
Changed paths:
A src/tests/lxc-test-usernic-2.in
M src/tests/meson.build
Log Message:
-----------
usernic: add a test for ovs port deletion permission
Signed-off-by: Serge E. Hallyn <se...@hallyn.com>
Reviewed-by: Alexander Mikhalitsyn <aleksandr....@futurfusion.io>
Compare: https://github.com/lxc/lxc/compare/2597434ae247...5c5afa6e5e11
To unsubscribe from these emails, change your notification settings at https://github.com/lxc/lxc/settings/notifications
Home: https://github.com/lxc/lxc
Commit: c0b40fb734bfc58dafdb889f94f6a18d2c56a4ee
https://github.com/lxc/lxc/commit/c0b40fb734bfc58dafdb889f94f6a18d2c56a4ee
Author: KATOH Yasufumi <ka...@jazz.email.ne.jp>
Date: 2026-04-30 (Thu, 30 Apr 2026)
Changed paths:
M doc/ja/lxc.sgml.in
Log Message:
-----------
Add description for unprivileged containers to Japanese man page
Update for f085a8c
Signed-off-by: KATOH Yasufumi <ka...@jazz.email.ne.jp>
Commit: 4fb358e16a00153ad949aad15f659e4c520411fd
https://github.com/lxc/lxc/commit/4fb358e16a00153ad949aad15f659e4c520411fd
Author: KATOH Yasufumi <ka...@jazz.email.ne.jp>
Date: 2026-04-30 (Thu, 30 Apr 2026)
Changed paths:
M doc/ja/lxc-create.sgml.in
Log Message:
-----------
Add --rbuser to Japanese lxc-create(1)
Update for 9799eba
Signed-off-by: KATOH Yasufumi <ka...@jazz.email.ne.jp>
Commit: 6181360a1f8670df6eef6320f2d67d6bff972828
https://github.com/lxc/lxc/commit/6181360a1f8670df6eef6320f2d67d6bff972828
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date: 2026-04-30 (Thu, 30 Apr 2026)
Changed paths:
M .github/workflows/builds.yml
M .github/workflows/fuzzing.yml
Log Message:
-----------
build(deps): bump actions/upload-artifact from 6 to 7
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v6...v7)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-version: '7'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <sup...@github.com>
Commit: 8e640611ca56c3bf5dec074aa380e6d96be1029d
https://github.com/lxc/lxc/commit/8e640611ca56c3bf5dec074aa380e6d96be1029d
Author: Stéphane Graber <stgr...@stgraber.org>
Date: 2026-04-30 (Thu, 30 Apr 2026)
Changed paths:
M src/lxc/utils.c
Log Message:
-----------
utils: Add quotes around exec arguments
Reported-by: Korantin Auguste
Signed-off-by: Stéphane Graber <stgr...@stgraber.org>
Commit: 95e5d7bcea7ce38ade88767f647aa791656082f6
https://github.com/lxc/lxc/commit/95e5d7bcea7ce38ade88767f647aa791656082f6
Author: Stéphane Graber <stgr...@stgraber.org>
Date: 2026-04-30 (Thu, 30 Apr 2026)
Changed paths:
M src/lxc/utils.c
Log Message:
-----------
utils: Update buffer size to account for quotes
Signed-off-by: Stéphane Graber <stgr...@stgraber.org>
Commit: ef1439cca92d4864b2c35aa97ea3c78bf07c4206
https://github.com/lxc/lxc/commit/ef1439cca92d4864b2c35aa97ea3c78bf07c4206
Author: Stéphane Graber <stgr...@stgraber.org>
Date: 2026-04-30 (Thu, 30 Apr 2026)
Changed paths:
M src/lxc/utils.c
Log Message:
-----------
utils: Only single quote our own arguments
The user provided hook command may contain its own quoting, so keep that
one as is and only put quotes around the extra arguments that we control
ourselves.
Signed-off-by: Stéphane Graber <stgr...@stgraber.org>
Commit: 7496acdb92ccaa7f3049903a1a3093747d4b1872
https://github.com/lxc/lxc/commit/7496acdb92ccaa7f3049903a1a3093747d4b1872
Author: Alex Davis <alex...@yahoo.com>
Date: 2026-04-30 (Thu, 30 Apr 2026)
Changed paths:
M meson.build
Log Message:
-----------
Fix issue where pidfd_ functions were not being detected during meson setup.
Signed-off-by: Alex Davis <alex...@yahoo.com>
Commit: 1a13f4c9601218b7c6ddf64b0d73dcd359c23dcf
https://github.com/lxc/lxc/commit/1a13f4c9601218b7c6ddf64b0d73dcd359c23dcf
Author: Alex Davis <alex...@yahoo.com>
Date: 2026-04-30 (Thu, 30 Apr 2026)
Changed paths:
M meson.build
Log Message:
-----------
Fix issue where memfd functions were not being detected during meson setup.
Signed-off-by: Alex Davis <alex...@yahoo.com>
Commit: 329eb92ae50d3ee5526b4abaf98d923d30e97a62
https://github.com/lxc/lxc/commit/329eb92ae50d3ee5526b4abaf98d923d30e97a62
Author: akash-hadke <akash...@bmwtechworks.in>
Date: 2026-04-30 (Thu, 30 Apr 2026)
Changed paths:
M src/tests/mount_injection.c
Log Message:
-----------
tests: mount_injection: ensure cleanup on test failure
The mount_injection test was exiting immediately on failure without
calling lxc_teardown_shmount(), leaving /tmp/mount_injection_test
mounted and causing "Device or resource busy" errors when trying to
remove it.
Store the test result and ensure lxc_teardown_shmount() is always
called before exiting, even when tests fail.
Signed-off-by: akash-hadke <akash...@bmwtechworks.in>
Commit: 64b14dddf0464a597c65a5bd313f3b2b89698da4
https://github.com/lxc/lxc/commit/64b14dddf0464a597c65a5bd313f3b2b89698da4
Author: Alex Davis <alex...@yahoo.com>
Date: 2026-04-30 (Thu, 30 Apr 2026)
Changed paths:
M src/lxc/cgroups/cgfsng.c
Log Message:
-----------
cgroups: Skip systemd dbus logic when not using systemd
Signed-off-by: Alex Davis <alex...@yahoo.com>
Commit: cc6c03b50225b722a119b584a982c0460893cfd0
https://github.com/lxc/lxc/commit/cc6c03b50225b722a119b584a982c0460893cfd0
Author: Pierre-Elliott Bécue <p...@debian.org>
Date: 2026-04-30 (Thu, 30 Apr 2026)
Changed paths:
M config/apparmor/profiles/lxc-default-with-nesting
Log Message:
-----------
[nesting] Extend mount permissions in apparmor to allow systemd services' restrictions to work
These options allow systemd security features to work. In particular
cases, it helps with systemd-logind and program like this
It's only added in nesting profile as nesting implies some leniency
anyway. It would pose more risks in privileged or
unprivileged-without-nesting situations.
mount options=(rw,rbind) -> /run/systemd/mount-rootfs/,
mount options=(rw,rbind) -> /run/systemd/mount-rootfs/**,
mount options=(rw,rbind) -> /run/systemd/unit-root/,
mount options=(rw,rbind) -> /run/systemd/unit-root/**,
mount options=(rw,rshared) -> /,
mount options=(rw,nosuid,nodev,noexec) proc -> /run/systemd/unit-root/proc/,
Signed-off-by: Pierre-Elliott Bécue <p...@debian.org>
Commit: 9244a8d3224e7cd411ffc36b34af9ab8516241b7
https://github.com/lxc/lxc/commit/9244a8d3224e7cd411ffc36b34af9ab8516241b7
Author: Alexander Mikhalitsyn <aleksandr....@futurfusion.io>
Date: 2026-04-30 (Thu, 30 Apr 2026)
Changed paths:
M src/tests/get_item.c
M src/tests/lxc-test-checkpoint-restore
M src/tests/parse_config_file.c
Log Message:
-----------
tests: use lxc.cgroup2 instead of lxc.cgroup
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@futurfusion.io>
Commit: bdb2317b78b5fc09993a8e6bb971fc56e57af37d
https://github.com/lxc/lxc/commit/bdb2317b78b5fc09993a8e6bb971fc56e57af37d
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2026-04-30 (Thu, 30 Apr 2026)
Changed paths:
M src/lxc/lsm/apparmor.c
Log Message:
-----------
apparmor: allow nosymfollow remounts
We need this for new versions of systemd, because it heavily uses
MS_NOSYMFOLLOW these days.
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: 3a0823558334b8d0ace4d8e13c213c6176e0935f
https://github.com/lxc/lxc/commit/3a0823558334b8d0ace4d8e13c213c6176e0935f
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2026-04-30 (Thu, 30 Apr 2026)
Changed paths:
M config/apparmor/abstractions/container-base.in
Log Message:
-----------
apparmor: allow nosymfollow remounts
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: 1767f6bf400f3a2a49e7d4cdd061cc648e086b89
https://github.com/lxc/lxc/commit/1767f6bf400f3a2a49e7d4cdd061cc648e086b89
Author: Mathias Gibbens <gib...@debian.org>
Date: 2026-04-30 (Thu, 30 Apr 2026)
Changed paths:
M src/tests/lxc-test-lxc-attach
Log Message:
-----------
tests/lxc-test-lxc-attach: Increase sleep time
On riscv64 architectures, a single second sleep doesn't appear to be
sufficient to work around the busybox pipe closure bug, and the test
hangs forever. Increase to three seconds.
Signed-off-by: Mathias Gibbens <gib...@debian.org>
Commit: faf07d2cf11ed0178ec7b800a172ceb45a64fdf0
https://github.com/lxc/lxc/commit/faf07d2cf11ed0178ec7b800a172ceb45a64fdf0
Author: Serge Hallyn <se...@hallyn.com>
Date: 2026-04-30 (Thu, 30 Apr 2026)
Changed paths:
M src/lxc/storage/lvm.c
Log Message:
-----------
lvm.c: make sure tp gets freed
tp is __do_free. However, when we detect that it is not a thinpool,
we set it to NULL, so that it can't get freed on exit.
coverity id 1461741
Signed-off-by: Serge Hallyn <se...@hallyn.com>
Commit: 252d8361733e9ff149637b1feab4a5d1ab048098
https://github.com/lxc/lxc/commit/252d8361733e9ff149637b1feab4a5d1ab048098
Author: Serge Hallyn <se...@hallyn.com>
Date: 2026-04-30 (Thu, 30 Apr 2026)
Changed paths:
M src/lxc/storage/storage.c
Log Message:
-----------
Don't leak an open fd
The dfd_idmapped was being dup'd, but not freed.
If we ever change it so that storage_put closes the dfd_idmapped
fd, then we'll want to un-do this. For now, this is a kludgy way
to avoid leaking the open fd, but should work.
The new_rootfs->dfd_idmapped gets dup'd from
c->lxc_conf->rootfs.dfd_idmapped. new_rootfs eventually gets
assigned to new->rootfs (where new is a struct storage, usually
called 'bdev'). From here there are error paths which free the
bdev and return NULL, and a success path that returns bdev. But
neither the error path nor the caller do anything really with the
bdev, and storage_put() doesn't close that fd.
So close the dfd_idmapped in both paths.
Coverity id: 1641426
Signed-off-by: Serge Hallyn <se...@hallyn.com>
Commit: 9a68e2e134a1886aaa084129a3e065cee2d40ed9
https://github.com/lxc/lxc/commit/9a68e2e134a1886aaa084129a3e065cee2d40ed9
Author: Serge E. Hallyn <se...@hallyn.com>
Date: 2026-04-30 (Thu, 30 Apr 2026)
Changed paths:
M src/lxc/cmd/lxc_user_nic.c
Log Message:
-----------
lxc-user-nic: clarify and fix
Some variable names were a bit confusing in find_line and cull_entries.
Rename and document, and fix the flows using these.
It's possible that a more maintainable approach, long term, would be
to break these up differently: have one function create a neat
in memory data structure representing the files, and have the paths
currently using find_line and cull_entries peek into the data structures.
But i think this is pretty clear.
This fixes CVE-2026-39402
Signed-off-by: Serge E. Hallyn <se...@hallyn.com>
Reviewed-by: Alexander Mikhalitsyn <aleksandr....@futurfusion.io>
Commit: 5c5afa6e5e11926079ff632172d6f43c712fbe0e
https://github.com/lxc/lxc/commit/5c5afa6e5e11926079ff632172d6f43c712fbe0e
Author: Serge E. Hallyn <se...@hallyn.com>
Date: 2026-04-30 (Thu, 30 Apr 2026)
Changed paths:
A src/tests/lxc-test-usernic-2.in
M src/tests/meson.build
Log Message:
-----------
usernic: add a test for ovs port deletion permission
Signed-off-by: Serge E. Hallyn <se...@hallyn.com>
Reviewed-by: Alexander Mikhalitsyn <aleksandr....@futurfusion.io>
Compare: https://github.com/lxc/lxc/compare/2597434ae247...5c5afa6e5e11
To unsubscribe from these emails, change your notification settings at https://github.com/lxc/lxc/settings/notifications
Reply all
Reply to author
Forward
0 new messages