Comment 18 for bug 1481507
Revision history for this message
| Jon Grimm (jgrimm) wrote Re: [Bug 1481507] Re: [MIR] lxd | #18 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Thanks Steve! Seems quite reasonable.
On Oct 14, 2015 7:41 PM, "Steve Langasek" <email address hidden>
wrote:
> I have repromoted the lxd binary packages to main, while leaving the
> source in universe, so that these can be included in images while the
> golang MIR is being finalized.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https:/
>
> Title:
> [MIR] lxd
>
> Status in lxd package in Ubuntu:
> Fix Committed
>
> Bug description:
> [Availability]
> In universe since 15.04 and available for all architectures. Using
> golang for those architectures it supports and gccgo for the rest.
>
> [Rationale]
> LXD is a new container manager based on liblxc which offers a REST API
> to manage containers and container images across multiple hosts.
>
> It's developed by Canonical and the LinuxContainers community and
> meant to become the new one to interact with LXC containers, both
> locally and at scale. As a result, we want it as widely available and
> supported as LXC itself.
>
> It's planned for LXD to become pre-installed in cloud images as well
> as snappy images. In this configuration, LXD will be socket activated
> to limit resource usage on systems that don't actively use it and it
> will not be listening on any network port by default.
>
> [Security]
> LXD hasn't had any security issue so far.
>
> The LXD daemon runs as root, containers spawned by it are then
> typically running unprivileged with apparmor, seccomp, capabilities
> and cgroup restrictions through the use of LXC.
>
> The LXD daemon listens to a local unix socket, only accessible to
> members of the lxd group. Through that unix socket it's then possible
> to get the daemon to bind a tcp port for network operations.
>
> [Quality assurance]
> LXD basically just works when it's installed, the daemon is auto-started
> through socket activation and any member of the admin or sudo group is
> granted access to lxd upon installation.
>
> There are no debconf prompts in the lxd packages.
>
> Upstream is pretty much only made of Ubuntu developers so we expect a
> very good relationship here. As it stands, there aren't any serious
> bug with LXD in Ubuntu.
>
> The package is actively maintained in Ubuntu by upstream, it's not in
> Debian.
>
> LXD isn't tied to any specific hardware.
>
> The testsuite cannot be run at package build time due to strict
> requirements on kernel, network and root access.
>
> A debian watch file is included to track new releases.
>
> [Dependencies]
>
> LXD build-depends on golang which is currently subject to a separate
> MIR.
>
> [Standards compliance]
>
> LXD complies with the current Debian standards.
>
> [Maintenance]
>
> Upstream is maintaining the Ubuntu packages as well as various daily
> builds and backports.
>
> [Background information]
> Nothing special to report.
>
> To manage notifications about this bug go to:
> https:/
>