[MIR] lxd
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lxd (Ubuntu) |
Fix Released
|
High
|
Unassigned |
Bug Description
[Availability]
In universe since 15.04 and available for all architectures. Using golang for those architectures it supports and gccgo for the rest.
[Rationale]
LXD is a new container manager based on liblxc which offers a REST API to manage containers and container images across multiple hosts.
It's developed by Canonical and the LinuxContainers community and meant to become the new one to interact with LXC containers, both locally and at scale. As a result, we want it as widely available and supported as LXC itself.
It's planned for LXD to become pre-installed in cloud images as well as snappy images. In this configuration, LXD will be socket activated to limit resource usage on systems that don't actively use it and it will not be listening on any network port by default.
[Security]
LXD hasn't had any security issue so far.
The LXD daemon runs as root, containers spawned by it are then typically running unprivileged with apparmor, seccomp, capabilities and cgroup restrictions through the use of LXC.
The LXD daemon listens to a local unix socket, only accessible to members of the lxd group. Through that unix socket it's then possible to get the daemon to bind a tcp port for network operations.
[Quality assurance]
LXD basically just works when it's installed, the daemon is auto-started through socket activation and any member of the admin or sudo group is granted access to lxd upon installation.
There are no debconf prompts in the lxd packages.
Upstream is pretty much only made of Ubuntu developers so we expect a very good relationship here. As it stands, there aren't any serious bug with LXD in Ubuntu.
The package is actively maintained in Ubuntu by upstream, it's not in Debian.
LXD isn't tied to any specific hardware.
The testsuite cannot be run at package build time due to strict requirements on kernel, network and root access.
A debian watch file is included to track new releases.
[Dependencies]
LXD build-depends on golang which is currently subject to a separate MIR.
[Standards compliance]
LXD complies with the current Debian standards.
[Maintenance]
Upstream is maintaining the Ubuntu packages as well as various daily builds and backports.
[Background information]
Nothing special to report.
Related branches
Changed in lxd (Ubuntu): | |
importance: | Undecided → Critical |
status: | New → Confirmed |
Changed in lxd (Ubuntu): | |
importance: | Critical → High |
This depends on the golang portion of bug #1267393 *or* depends on lxd being built with gccgo on all arches.