This bug was fixed in the package lxc - 3.0.1-0ubuntu1~18.04.1
--------------- lxc (3.0.1-0ubuntu1~18.04.1) bionic; urgency=medium
* New upstream bugfix release (LP: #1775283): - tools: fix unitialized variable - storage: fix lvm fs uuid generation - lxc-oci: fix Cmd/Entrypoint parsing - lxc-oci: make umoci less verbose - lxclock: use thread-safe OFD fcntl() locks - locktests: fix test suite - conf: ensure umounts don’t propagate to host - doc: Tweak Japanese translation in lxc.container.conf(5) - fix signal sending in lxc.init - rootfs pinning: On NFS, make file hidden but don’t delete it - conf: fix temporary file creation - ringbuf: fix temporary file creation - Fix compilation with static libcap and shared gnutls - attach: always drop supplementary groups - lxc init: remove dead code - storage/rsync: free memory on error - tools/utils: free memory on error - lxc init: coding style - utils: define __NR_setns if missing on old glibcs - attach: try to always drop supplementary groups - conf: ret-try devpts mount without gid=5 on error - execute: fix app containers without root mapping - conf: fix net type checks in run_script_argv() - seccomp: handle arch inversion - seccomp: handle all errors - seccomp: cleanup compat architecture handling - seccomp: improve logging - tools: document -d/–daemonize for lxc-execute - seccomp: non-functional changes - seccomp: handle arch inversion II - lxc-oci: mkdir the download directory - do_lxcapi_create: set umask - lxc/tools/lxc_monitor: include missing <stddef.h> - pam-cgfs: ignore the system umask when creating the cgroup hierarchy - Also pass action scripts to CRIU on checkpointing - Fix the memory leak in cgfsng_attach - Fix memory leak in list_active_containers - Fix tool_utils.c build when HAVE_SETNS is unset - coverity: #1435210 - coverity: #1435208 - coverity: #1435207 - coverity: #1435206 - coverity: #1435205 - coverity: #1435203 - coverity: #1435200 - coverity: #1435198 - coverity: #1426734 - lxccontainer: non-functional changes - lxccontainer: use thread-safe OFD locks - lxccontainer: non-functional changes - lxccontainer: do_lxcapi_is_running() - lxccontainer: do_lxcapi_freeze() - lxccontainer: do_lxcapi_unfreeze() - lxccontainer: non-functional changes - lxccontainer: use thread-safe open() + write() - lxccontainer: non-functional changes - lxccontainer: non-functional changes - lxccontainer: non-functional changes - coverity: #1435263 - fix logic for execute log file - utils: add LXC_PROC_PID_FD_LEN - execute: use static buffer - execute: do not check inherited fds again - add some TRACE/ERROR reporting - execute: account for -o path option count - execute: set init_path when existing init is found - genl: remove - coverity: #1248104 - coverity: #1248105 - coverity: #1425744 - utils: account for terminating \0 byte - confile: satisfy gcc-8 - network: silence gcc-8 - network: adhere to IFNAMSIZ limit - support case ignored suffix for sizes - utils: fix parse_byte_size_string() coding style - strlcpy: add strlcpy() implementation - tree-wide: s/strncpy()/strlcpy()/g - CODING_STYLE: add section about using strlcpy() - tools: s/strncpy()/strlcpy()/g - Revert “tools: s/strncpy()/strlcpy()/g” - tools: s/strncpy()/memcpy()/ - doc: Add “-d/–daemon” option to Japanese lxc-execute(1) - doc: Fix size unit style in Japanese lxc.container.conf(5) - coverity: #1435604 - coverity: #1435603 - coverity: #1435602 - coverity: #1425844 - config: allow read-write /sys in user namespace - coverity: #1425836 - coverity: #1248106 - capabilities: raise ambient capabilities - coverity: #1425802 - cgroups: refactor cgroup handling - cgroups: remove freezer_state() - seccomp: #ifdef SCMP_ARCH_AARCH64 - conf: simplify write_id_mapping() - log: enable per-thread container name prefix - lxc-init: skip signals that can’t be caught - execute: use execveat() syscall if supported - tools: only create log file when requested - seccomp: fix off-by-one error in array allocation for sscanf - seccomp: remove confusing comment line - seccomp: remove unnecessary memset - seccomp: fix type mismatch when parsing syscall arguments filters - lxcseccomp: cleanup header - seccomp: parse_config_v1() - utils: add remove_trailing_newlines() - seccomp: get_v2_default_action() - seccomp: get_action_name() - seccomp: get_v2_action() - seccomp: fix get_seccomp_arg_value() - seccomp: parse_v2_rules() - seccomp: move #ifdefines - seccomp: get_hostarch() - seccomp: scmp_filter_ctx get_new_ctx() - seccomp: do_resolve_add_rule() - seccomp: parse_config_v2() - seccomp: parse_config() - seccomp: lxc_read_seccomp_config() - tree-wide: s/sigprocmask/pthread_sigmask()/g - utils: fix task_blocking_signal() - lxccontainer: fix fd leaks when sending signals - confile: order architectures - start: log setns() failure - seccomp: leak fixup - seccomp: re-add action parse error handling - seccomp: refactor line handling of parse_config - seccomp: error on unrecognized actions - seccomp: lxc_read_seccomp_config() - seccomp: parse_v2_rules() - seccomp: make do_resolve_add_rule() more strict - tools: fix lxc-create with global config value - tools: fix lxc-create with global config value II - coverity: #1435806 - coverity: #1435805 - coverity: #1435803 - coverity: #1435747 - conf: non-functional changes - conf: make is_execute a boolean - conf: non-functional changes - conf: make close_all_fds a boolean - conf: reshuffle mount members - conf: simplify tty handling - conf: pts -> pty_max - conf: non-functional changes - utils: fix task_blocking_signal() - network: fix socket handle leak - start: do not init ns_clone_flags to -1 - conf: ensure lxc_delete_tty() does not crash - start: add reboot macros - conf: make root idmap structs const - conf: make tmp_umount_proc bool - conf: non-functional changes - conf: va_end was not called. - confile: improve strprint() - change defines for return value of handlers - start: fix waitpid() blocking issue - start: log unknown info.si_code - tree-wide: fix mode of some files - confile_utils: apply strprint() - templates: actually create DOWNLOAD_TEMP directory - templates: fix download template - Patch lxc-update-config
* Bump standard to 4.1.4
-- Stéphane Graber <email address hidden> Tue, 05 Jun 2018 17:05:49 -0400
This bug was fixed in the package lxc - 3.0.1-0ubuntu1~ 18.04.1
--------------- 0ubuntu1~ 18.04.1) bionic; urgency=medium
lxc (3.0.1-
* New upstream bugfix release (LP: #1775283): conf(5) lxc_monitor: include missing <stddef.h> containers is_running( ) unfreeze( ) size_string( ) coding style )/strlcpy( )/g )/strlcpy( )/g )/strlcpy( )/g” )/memcpy( )/ conf(5) trailing_ newlines( ) default_ action( ) arg_value( ) add_rule( ) seccomp_ config( ) pthread_ sigmask( )/g signal( ) seccomp_ config( ) add_rule( ) more strict signal( )
- tools: fix unitialized variable
- storage: fix lvm fs uuid generation
- lxc-oci: fix Cmd/Entrypoint parsing
- lxc-oci: make umoci less verbose
- lxclock: use thread-safe OFD fcntl() locks
- locktests: fix test suite
- conf: ensure umounts don’t propagate to host
- doc: Tweak Japanese translation in lxc.container.
- fix signal sending in lxc.init
- rootfs pinning: On NFS, make file hidden but don’t delete it
- conf: fix temporary file creation
- ringbuf: fix temporary file creation
- Fix compilation with static libcap and shared gnutls
- attach: always drop supplementary groups
- lxc init: remove dead code
- storage/rsync: free memory on error
- tools/utils: free memory on error
- lxc init: coding style
- utils: define __NR_setns if missing on old glibcs
- attach: try to always drop supplementary groups
- conf: ret-try devpts mount without gid=5 on error
- execute: fix app containers without root mapping
- conf: fix net type checks in run_script_argv()
- seccomp: handle arch inversion
- seccomp: handle all errors
- seccomp: cleanup compat architecture handling
- seccomp: improve logging
- tools: document -d/–daemonize for lxc-execute
- seccomp: non-functional changes
- seccomp: handle arch inversion II
- lxc-oci: mkdir the download directory
- do_lxcapi_create: set umask
- lxc/tools/
- pam-cgfs: ignore the system umask when creating the cgroup hierarchy
- Also pass action scripts to CRIU on checkpointing
- Fix the memory leak in cgfsng_attach
- Fix memory leak in list_active_
- Fix tool_utils.c build when HAVE_SETNS is unset
- coverity: #1435210
- coverity: #1435208
- coverity: #1435207
- coverity: #1435206
- coverity: #1435205
- coverity: #1435203
- coverity: #1435200
- coverity: #1435198
- coverity: #1426734
- lxccontainer: non-functional changes
- lxccontainer: use thread-safe OFD locks
- lxccontainer: non-functional changes
- lxccontainer: do_lxcapi_
- lxccontainer: do_lxcapi_freeze()
- lxccontainer: do_lxcapi_
- lxccontainer: non-functional changes
- lxccontainer: use thread-safe open() + write()
- lxccontainer: non-functional changes
- lxccontainer: non-functional changes
- lxccontainer: non-functional changes
- coverity: #1435263
- fix logic for execute log file
- utils: add LXC_PROC_PID_FD_LEN
- execute: use static buffer
- execute: do not check inherited fds again
- add some TRACE/ERROR reporting
- execute: account for -o path option count
- execute: set init_path when existing init is found
- genl: remove
- coverity: #1248104
- coverity: #1248105
- coverity: #1425744
- utils: account for terminating \0 byte
- confile: satisfy gcc-8
- network: silence gcc-8
- network: adhere to IFNAMSIZ limit
- support case ignored suffix for sizes
- utils: fix parse_byte_
- strlcpy: add strlcpy() implementation
- tree-wide: s/strncpy(
- CODING_STYLE: add section about using strlcpy()
- tools: s/strncpy(
- Revert “tools: s/strncpy(
- tools: s/strncpy(
- doc: Add “-d/–daemon” option to Japanese lxc-execute(1)
- doc: Fix size unit style in Japanese lxc.container.
- coverity: #1435604
- coverity: #1435603
- coverity: #1435602
- coverity: #1425844
- config: allow read-write /sys in user namespace
- coverity: #1425836
- coverity: #1248106
- capabilities: raise ambient capabilities
- coverity: #1425802
- cgroups: refactor cgroup handling
- cgroups: remove freezer_state()
- seccomp: #ifdef SCMP_ARCH_AARCH64
- conf: simplify write_id_mapping()
- log: enable per-thread container name prefix
- lxc-init: skip signals that can’t be caught
- execute: use execveat() syscall if supported
- tools: only create log file when requested
- seccomp: fix off-by-one error in array allocation for sscanf
- seccomp: remove confusing comment line
- seccomp: remove unnecessary memset
- seccomp: fix type mismatch when parsing syscall arguments filters
- lxcseccomp: cleanup header
- seccomp: parse_config_v1()
- utils: add remove_
- seccomp: get_v2_
- seccomp: get_action_name()
- seccomp: get_v2_action()
- seccomp: fix get_seccomp_
- seccomp: parse_v2_rules()
- seccomp: move #ifdefines
- seccomp: get_hostarch()
- seccomp: scmp_filter_ctx get_new_ctx()
- seccomp: do_resolve_
- seccomp: parse_config_v2()
- seccomp: parse_config()
- seccomp: lxc_read_
- tree-wide: s/sigprocmask/
- utils: fix task_blocking_
- lxccontainer: fix fd leaks when sending signals
- confile: order architectures
- start: log setns() failure
- seccomp: leak fixup
- seccomp: re-add action parse error handling
- seccomp: refactor line handling of parse_config
- seccomp: error on unrecognized actions
- seccomp: lxc_read_
- seccomp: parse_v2_rules()
- seccomp: make do_resolve_
- tools: fix lxc-create with global config value
- tools: fix lxc-create with global config value II
- coverity: #1435806
- coverity: #1435805
- coverity: #1435803
- coverity: #1435747
- conf: non-functional changes
- conf: make is_execute a boolean
- conf: non-functional changes
- conf: make close_all_fds a boolean
- conf: reshuffle mount members
- conf: simplify tty handling
- conf: pts -> pty_max
- conf: non-functional changes
- utils: fix task_blocking_
- network: fix socket handle leak
- start: do not init ns_clone_flags to -1
- conf: ensure lxc_delete_tty() does not crash
- start: add reboot macros
- conf: make root idmap structs const
- conf: make tmp_umount_proc bool
- conf: non-functional changes
- conf: va_end was not called.
- confile: improve strprint()
- change defines for return value of handlers
- start: fix waitpid() blocking issue
- start: log unknown info.si_code
- tree-wide: fix mode of some files
- confile_utils: apply strprint()
- templates: actually create DOWNLOAD_TEMP directory
- templates: fix download template
- Patch lxc-update-config
* Bump standard to 4.1.4
-- Stéphane Graber <email address hidden> Tue, 05 Jun 2018 17:05:49 -0400