[FFe] LXC 4.0.0 LTS
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lxc (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
LXC 4.0 LTS will be tagged in the next week or so.
LXC in Ubuntu is currently in universe as its main user is a snap nowadays (LXD) and builds directly from the upstream versions.
We haven't written the changelog yet, but one thing worth noting is that it is 100% backward compatible, we do not break API and don't need to rebuild any of the rdepend for it.
The main reason to want it in 20.04 LTS is because LXC 4.0 is itself an LTS with a matching 5 years of support. It also adds support for cgroupv2 which we expect to become more and more needed in the coming months/years.
It'd be great if the release team could make a decision based on this already, if not, I will update the bug with the changelog and diff once we do have the release out.
The release announcement finally got pushed out here: https:/ /discuss. linuxcontainers .org/t/ lxc-4-0- lts-has- been-released/ 7182
The main new features are: tmpfs.size configuration key context. keyring key
- cgroups: Full cgroup2 support
- cgroups: Freezer support in CGroup2
- cgroups: eBPF device controller support in CGroup2
- config: Add lxc.autodev.
- config: Add lxc.selinux.
- config: Add lxc.keyring.session
- file utils: Add fopen_cached() and fdopen_cached
- api: Add new init_pidfd() member
- memory utils: Add new cleanup api
- lxc-usernsexec: Make it easy to map own uid
- seccomp: Add s390 support
- syscalls: Improve manual syscall implementations
- network: Improved network device creation and removal
- network: Allow moving wireless devices
Only one symbol was added compared to 3.2.1:
- init_pidfd (to retrieve the pidfd of the init process)
And a total of 5 since 3.0.0: api_extension (to check whether particular feature/options are present)
- mount (to inject mounts into a running container)
- umount (to remove mounts from a running container)
- seccomp_notify_fd (to support syscall interception)
- init_pidfd (to retrieve the pidfd of the init process)
- lxc_has_
No rebuilds are needed and all reverse dependencies of liblxc are know to work properly.
LXC upstream has auto-generated PPAs that are used on all of our CI systems (running 18.04) so we have been testing those upgrades continuously and don't expect any issue.
No configuration keys were removed in this release (unlike 3.0) and so no config updates are required for our users. Existing 3.0 users can upgrade to 4.0, running containers will keep working and the default configurations used by 4.0 are even backward compatible to 3.0, so a downgrade is even an option if needed.
As mentioned above, the main benefit of getting 4.0 in Ubuntu is to get the 5 years of upstream security updates. Even though LXC is in universe, it's still quite widely used and actively maintained in Ubuntu by us.
It's also worth noting that we've had all LXD users running the LXD snap run LXC 4.0 for the past week with only one regression found in the attach logic. This has since been fixed and will be cherry-picked in the package that's to be uploaded to Ubuntu.
We realize we're getting late in the cycle, ideally we'd like this uploaded as soon as possible so it can get built, go through autopkgtest and land in the archive as soon as the freeze lifts (if it's covered by the freeze at all, not sure).