Skip to content

update to 7.0 #55

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
DreamConnected merged 29 commits into from
May 1, 2026
Merged

update to 7.0 #55

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
29 commits
Select commit Hold shift + click to select a range
dc85f47
lxc/cgroups: drop cgroup1 freezer support
mihalicyn Apr 21, 2026
8c8da5e
lxc/cgroup: drop cgroup1 device cgroup support
mihalicyn Apr 21, 2026
b4e5786
lxc/cgroups: drop special handling logic for cgroup1 cpuset controller
mihalicyn Apr 21, 2026
1462022
lxc/cgroups: drop cgroup1 mounting logic
mihalicyn Apr 21, 2026
358a660
lxc/conf: drop cgroup1 config options (lxc.cgroup.*)
mihalicyn Apr 21, 2026
2d51b77
tests: use lxc.cgroup2 instead of lxc.cgroup
mihalicyn Apr 21, 2026
5ead0bb
config/templates: don't use cgroup1 settings
mihalicyn Apr 21, 2026
45c1dea
lxc/cgroups: warn if non-unified cgroup layout detected
mihalicyn Apr 21, 2026
89b4c18
doc: mention that legacy/hybrid hierarchy support is dropped
mihalicyn Apr 21, 2026
b0b65ba
Merge pull request #4671 from mihalicyn/remove_cgroup1
stgraber Apr 22, 2026
555c80b
lxc/start: assume CLONE_PIDFD and clone3 are supported
mihalicyn Apr 22, 2026
d8e9d4d
lxc: assume fsopen/open_tree/mount_setattr syscalls are supported
mihalicyn Apr 22, 2026
4380d21
Merge pull request #4672 from mihalicyn/assume_new_enough_kernel
stgraber Apr 22, 2026
2f60da6
apparmor: allow nosymfollow remounts
mihalicyn Jul 25, 2024
0153a78
apparmor: allow nosymfollow remounts
mihalicyn Jul 25, 2024
116abab
Merge pull request #4466 from mihalicyn/apparmor_nosymfollow
stgraber Apr 23, 2026
f1540aa
lsm/apparmor: allow binfmt_misc RW mounts
FernandoPicazo Sep 6, 2025
282b60e
Merge pull request #4673 from mihalicyn/binfmt_rw_mount
stgraber Apr 23, 2026
8c92f43
tests/lxc-test-lxc-attach: Increase sleep time
gibmat Apr 25, 2026
16f6c89
Merge pull request #4674 from gibmat/extend-test-sleep-riscv64
stgraber Apr 25, 2026
071cd4c
lvm.c: make sure tp gets freed
hallyn Apr 26, 2026
7b1a5ea
Don't leak an open fd
hallyn Apr 26, 2026
da651f1
Merge pull request #4677 from hallyn/2026-04-28/leakfd
stgraber Apr 28, 2026
35faadf
Merge pull request #4676 from hallyn/2026-04-28/tp
stgraber Apr 28, 2026
1974ca4
lxc-user-nic: clarify and fix
hallyn Apr 21, 2026
20acae8
usernic: add a test for ovs port deletion permission
hallyn Apr 21, 2026
5c26ff0
Merge pull request #4678 from stgraber/security
stgraber Apr 29, 2026
6231633
Release LXC 7.0.0
stgraber Apr 29, 2026
d787c1a
meson: Set DEVEL flag post release
stgraber Apr 3, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletions config/apparmor/abstractions/container-base.in
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -128,6 +128,24 @@
mount options=(ro,remount,bind,noexec,nodev),
mount options=(ro,remount,bind,nodev,nosuid),
mount options=(ro,remount,bind,nosuid,noexec,nodev),
mount options=(ro,remount,bind,noatime),
mount options=(ro,remount,bind,noatime,nodev),
mount options=(ro,remount,bind,noatime,noexec),
mount options=(ro,remount,bind,noatime,nosuid),
mount options=(ro,remount,bind,noatime,noexec,nodev),
mount options=(ro,remount,bind,noatime,nosuid,nodev),
mount options=(ro,remount,bind,noatime,nosuid,noexec),
mount options=(ro,remount,bind,noatime,nosuid,noexec,nodev),
mount options=(ro,remount,bind,nosuid,noexec,strictatime),
mount options=(ro,remount,nosuid,noexec,strictatime),
mount options=(ro,remount,bind,nosymfollow),
mount options=(ro,remount,bind,nosymfollow,nodev),
mount options=(ro,remount,bind,nosymfollow,noexec),
mount options=(ro,remount,bind,nosymfollow,nosuid),
mount options=(ro,remount,bind,nosymfollow,noexec,nodev),
mount options=(ro,remount,bind,nosymfollow,nosuid,nodev),
mount options=(ro,remount,bind,nosymfollow,nosuid,noexec),
mount options=(ro,remount,bind,nosymfollow,nosuid,noexec,nodev),

# allow moving mounts except for /proc, /sys and /dev
mount options=(rw,move) /[^spd]*{,/**},
Expand Down
29 changes: 0 additions & 29 deletions config/templates/common.conf.in
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,35 +15,6 @@ lxc.cap.drop = mac_admin mac_override sys_time sys_module sys_rawio
# Ensure hostname is changed on clone
lxc.hook.clone = @LXCHOOKDIR@/clonehostname

# Default legacy cgroup configuration
#
# CGroup allowlist
lxc.cgroup.devices.deny = a
## Allow any mknod (but not reading/writing the node)
lxc.cgroup.devices.allow = c *:* m
lxc.cgroup.devices.allow = b *:* m
## Allow specific devices
### /dev/null
lxc.cgroup.devices.allow = c 1:3 rwm
### /dev/zero
lxc.cgroup.devices.allow = c 1:5 rwm
### /dev/full
lxc.cgroup.devices.allow = c 1:7 rwm
### /dev/tty
lxc.cgroup.devices.allow = c 5:0 rwm
### /dev/console
lxc.cgroup.devices.allow = c 5:1 rwm
### /dev/ptmx
lxc.cgroup.devices.allow = c 5:2 rwm
### /dev/random
lxc.cgroup.devices.allow = c 1:8 rwm
### /dev/urandom
lxc.cgroup.devices.allow = c 1:9 rwm
### /dev/pts/*
lxc.cgroup.devices.allow = c 136:* rwm
### fuse
lxc.cgroup.devices.allow = c 10:229 rwm

# Default unified cgroup configuration
#
# CGroup allowlist
Expand Down
5 changes: 0 additions & 5 deletions config/templates/userns.conf.in
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,5 @@
# CAP_SYS_ADMIN in init-user-ns is required for cgroup.devices
#
# Default legacy cgroup configuration
#
lxc.cgroup.devices.deny =
lxc.cgroup.devices.allow =

# Default unified cgroup configuration
#
lxc.cgroup2.devices.deny =
Expand Down
3 changes: 2 additions & 1 deletion doc/lxc.container.conf.sgml.in
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1558,7 +1558,8 @@
ignore <option>lxc.cgroup.</option> settings on systems that only use
the unified hierarchy. Conversely, it will ignore
<option>lxc.cgroup2.</option> options on systems that only use legacy
hierarchies.
hierarchies. <option>lxc.cgroup.</option> (legacy and hybrid hierarchy)
support is dropped.
</para>

<para>
Expand Down
6 changes: 3 additions & 3 deletions meson.build
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
project(
'lxc',
'c',
version: '6.0.0',
version: '7.0.0',
license: 'LGPLv2+',
default_options: [
'b_lto=true',
Expand All @@ -26,9 +26,9 @@ liblxc_dependencies = []
oss_fuzz_dependencies = []

# Version.
liblxc_version = '1.8.0'
liblxc_version = '1.9.0'
version_data = configuration_data()
version_data.set('LXC_VERSION_MAJOR', '6')
version_data.set('LXC_VERSION_MAJOR', '7')
version_data.set('LXC_VERSION_MINOR', '0')
version_data.set('LXC_VERSION_MICRO', '0')
version_data.set('LXC_VERSION_BETA', '')
Expand Down
Loading
Loading