LXC 1.1.4 发布,此版本更新内容如下:
重要改进
Security fix for CVE-2015-1335
核心改进
Check for NULL pointers before calling setenv()
Factorize handle of create=dir and create=file
Refactor and factorize mount entries
Split handle of lxc.mount* with 3 functions
init: Support older apparmor
Make LXC_CLONE_KEEPNAME work
Fix automatic mounts without a rootfs
Fix container creation without a rootfs
Fix /dev symlinks without a rootfs
Allow autodev without a rootfs
Only mount /proc if needed, even without a rootfs
When creating container, save configuration if rootfs already exists
Fix verification of start hook without a rootfs
Tear down network devices during container halt
coverity: fix mount_entry_create_dir_file
Add a nesting.conf which can be included to support nesting containers
Fix reallocation calculation
Add bdev_destroy() and bdev_destroy_wrapper()
overlayfs_clone: rsync the mounted rootfs
lxc_rmdir_onedev: don't fail if path doesn't exist
overlayfs_mount: create delta dir if it doesn't exist
ovl_rsync: make sure to umount
Destroy bdevs using bdev_destroy() from bdev.h
Fix indentation
cmds: fix abstract socket length problem
coverity: drop second (redundant) block
Check return value of snprintf in mount_proc_if_needed()
Add CAP_AUDIT_READ
Add CAP_BLOCK_SUSPEND
Free allocated memory on failure (v2)
Define O_PATH and O_NOFOLLOW for Android
seccomp: add aarch64 support
lxc-test-symlink: add a test using absolute symlink
lxc_mount_auto_mounts: fix weirdness
Fix the type of i in lxc_mount_auto_mounts
工具:
Fix grammar in some of the executables "NAME for name of the container" becomes "NAME of the container"
lxc-checkconfig: add some more config options
lxc-start-ephemeral: Parse passwd directly
文档:
Add long option for -P in documentation
Add doc for optional, create=dir and create=file in lxc.container.conf man
Update lxc.cgroup.use in lxc.system.conf(5)
Add the description of common options in lxc-destroy(1)
Add LXC-specific mount option in Japanese lxc.container.conf(5)
模板:
lxc-debian: support stretch (Debian 9) images
lxc-debian: allow not including contrib/non-free
lxc-debian: Test dpkg for multiarch support
lxc-debian: Alternative test for dpkg multiarch support in lxc-debian template
lxc-ubuntu: ubuntu.common.conf: mount /dev/mqueue
lxc-debian: We should only check the kernel architecture.
lxc-alpine: avoid GNU BRE extensions for better portability
lxc-alpine: use getopt to parse options
这些稳定修复是 14 为个人贡献者完成的。
下载:https://linuxcontainers.org/lxc/downloads
LXC 项目由一个 Linux 内核补丁和一些 userspace 工具组成。这些 userspace 工具使用由补丁增加的内核新特性,提供一套简化的工具来维护容器。
来自:开源中国社区
