lxc 1.0.8-0ubuntu0.3~ubuntu12.04.1 source package in Ubuntu
Changelog
lxc (1.0.8-0ubuntu0.3~ubuntu12.04.1) precise-backports; urgency=medium * No-change backport to precise (LP: #1528403) lxc (1.0.8-0ubuntu0.3) trusty; urgency=medium * Cherry-pick from upstream: - Fix preserve_ns to work on < 3.8 kernels. (LP: #1516971) lxc (1.0.8-0ubuntu0.2) trusty; urgency=medium * Cherry-pick from upstream: - Fix ubuntu-cloud template to detect compression algorithm instead of hardcoding xz. Also update list of supported releases and use trusty as the fallback release. (LP: #1515463) * Update lxc-tests description to make it clear that this package is meant to be used by developers and by automated testing. lxc (1.0.8-0ubuntu0.1) trusty; urgency=medium * New upstream bugfix release. (MRE tracking bug: LP: #1514623) (LP: #1429140) - Changelog at: https://linuxcontainers.org/lxc/news/ * Drop proxy detection from the autopkgtest exercise script. * Add patch: - 0001-Trusty-Swap-out-the-CVE-2015-1335-fix-with-the-trust.patch This is a patch by Serge Hallyn to cope with the trusty 3.13 kernel. It updates the upstream CVE fix to the version which trusty ended up with after the few round of fixes. lxc (1.0.7-0ubuntu0.10) trusty; urgency=medium * Update the /proc/self/mountinfo no-symlink verification to accomodate recursive mounts. (LP: #1509752) lxc (1.0.7-0ubuntu0.9) trusty; urgency=medium * Update previous patch to include some extra apparmor rules. (LP: #1504781) lxc (1.0.7-0ubuntu0.8) trusty; urgency=medium * Update AppArmor profile from stable-1.0 branch which should fix the current test failures with the proposed 3.13 kernel. (LP: #1504781) lxc (1.0.7-0ubuntu0.7) trusty-security; urgency=medium * REGRESSION FIX UPDATE: - Avoid /./ (LP: #1501491) lxc (1.0.7-0ubuntu0.6) trusty-security; urgency=medium * Fix breakage of some configurations where // ends up in the mount target. (LP: #1501310) (LP: #1476662) lxc (1.0.7-0ubuntu0.5) trusty-security; urgency=medium * SECURITY UPDATE: Arbitrary host file access and AppArmor confinement breakout via lxc-start following symlinks while setting up mounts within a malicious container (LP: #1476662). - debian/patches/0003-CVE-2015-1335.patch: block mounts to paths containing symlinks and block bind mounts from relative paths containing symlinks. Patch from upstream. - CVE-2015-1335 lxc (1.0.7-0ubuntu0.2) trusty-security; urgency=medium * SECURITY UPDATE: Arbitrary file creation via unintentional symlink following when accessing an LXC lock file (LP: #1470842) - debian/patches/0001-CVE-2015-1331.patch: Use /run/lxc/lock, rather than /run/lock/lxc, as /run and /run/lxc is only writable by root. Based on patch from upstream. - CVE-2015-1131 * SECURITY UPDATE: Container AppArmor/SELinux confinement breakout via lxc-attach using a potentially malicious container proc filesystem to initialize confinement (LP: #1475050) - debian/patches/0002-CVE-2015-1334.patch: Use the host's proc filesystem to set up AppArmor profile and SELinux domain transitions during lxc-attach. Based on patch from upstream. - CVE-2015-1334 lxc (1.0.7-0ubuntu0.1) trusty; urgency=medium * New upstream bugfix release. (MRE tracking bug: LP: #1404039) - Changelog at: https://linuxcontainers.org/lxc/news/ * Update debian/rules apparmor handling to match Ubuntu 14.10 lxc (1.0.6-0ubuntu0.1) trusty; urgency=medium * New upstream bugfix release. (MRE tracking bug: LP: #1373619) - Changelog at: https://linuxcontainers.org/news/ * Include the SELinux examples. lxc (1.0.5-0ubuntu0.1) trusty; urgency=medium * New upstream bugfix release. (MRE tracking bug: LP: #1341638) - Changelog at: https://linuxcontainers.org/news/ * Sync packaging with utopic: - Enable ppc64el adt as we now have ppc64el images available for download. lxc (1.0.4-0ubuntu0.1) trusty; urgency=medium * New upstream bugfix release. (MRE trackaging bug LP: #1329932) - Drop all existing patches (all applied upstream). - Fix lxc-attach failing from a different login session. (LP: #1315052) - Fix wrong cgroup on login to container. (LP: #1315521) * Cherry-pick upstream (stable branch) commits to fix testsuite under adt: - tests: Avoid the download template when possible - tests: Don't fail when HOME isn't defined - tests: apparmor: Always end with a newline * Sync packaging with utopic: - Depend on either cgmanager or cgroup-lite and recommend cgmanager. This should ensure systems get cgmanager by default even if cgroup-lite is already installed, yet makes it possible for the user to remove cgmanager if they really want to. - Remove hardcoded dependency on apparmor, instead generate it from rules so that the source package can be backported without changes (the right apparmor version will be picked up based on the release number). - Do not start lxc-instance in postinst without any instance specified, as that is an invalid request. lxc (1.0.3-0ubuntu3) trusty; urgency=medium * Add a dependency on the new apparmor to make sure we have the new parser around before we attempt to load a profile requiring the new stanza support. (LP: #1304167) lxc (1.0.3-0ubuntu2) trusty; urgency=medium * Cherry-pick upstream fix for cgmanager integration. (LP: #1303649) lxc (1.0.3-0ubuntu1) trusty; urgency=medium * New upstream bugfix release. * Drop debian/patches/apparmor-signal-ptrace.patch, now upstream. lxc (1.0.2-0ubuntu2) trusty; urgency=medium * updates for AppArmor signal and ptrace mediation (LP: #1298611) - debian/patches/apparmor-signal-ptrace.patch: add signal and ptrace rules to abstractions/container-base and abstractions/start-container - debian/rules: remove signal and ptrace rules for Ubuntu releases earlier than 14.04 LTS lxc (1.0.2-0ubuntu1) trusty; urgency=medium * New upstream bugfix release. * Update packaging from daily branch. - Build-depend on libcgmanager-dev - Build-depend on libseccomp-dev for armhf too - Move rsync dependency from lxc to liblxc1 - Stop recommending cgroup-lite | cgroup-bin (replace by cgmanager) - Stop recommending libcap2-bin (lxc-setcap was dropped ages ago) - Stop recommending openssl from lxc (only used by templates) - Move uidmap recommend from lxc to liblxc1 - Recommend busybox-static for lxc-templates - Add cgmanager as a dependency of liblxc1 - Enable cgmanager support in LXC (LP: #1279048) - Drop cgroup-lite test suite dependency. - Update testsuite runner to work inside an unprivileged container. - Update testsuite runner to work in the LXC CI environment. lxc (1.0.1-0ubuntu1) trusty; urgency=medium * New upstream bugfix release. (LP: #1246094, LP: #1277466) Changelog at: https://linuxcontainers.org/news * Add xz-utils to lxc-templates' dependencies. lxc (1.0.0-0ubuntu4) trusty; urgency=medium * Tweak autopkgtest proxy detection to hopefully detect the right proxy on the armhf testers... lxc (1.0.0-0ubuntu3) trusty; urgency=medium * Add debootstrap to autopkgtest dependencies. lxc (1.0.0-0ubuntu2) trusty; urgency=medium * Update autopkgtest script to detect: - ppc64el - running in a container - running on an older kernel lxc (1.0.0-0ubuntu1) trusty; urgency=medium * New upstream release (1.0.0). * Replace liblxc0 by liblxc1. lxc (1.0.0~rc4-0ubuntu1) trusty; urgency=medium * New upstream release (1.0.0~rc4). lxc (1.0.0~rc3-0ubuntu1) trusty; urgency=medium * New upstream release (1.0.0~rc3). lxc (1.0.0~rc1-0ubuntu2) trusty; urgency=medium * Re-add adt proxy workaround, it should have been fixed in adt but apparently it's not, so keep hardcoding the right values for now. lxc (1.0.0~rc1-0ubuntu1) trusty; urgency=medium * New upstream release (1.0.0~rc1). * Drop dont_crash_log_init.patch: upstreamed * Drop adt proxy workaround (fixed in adt). * Make lxc-templates arch:any since unfortunately lxc-sshd hardcodes some paths... lxc (1.0.0~beta4-0ubuntu2) trusty; urgency=medium * debian/patches/dont_crash_log_init.patch: don't crash if no name is passed to lxc_log_init(), such as is the case with lxc-autostart. (LP: #1277450) lxc (1.0.0~beta4-0ubuntu1) trusty; urgency=medium * New upstream release (1.0.0~beta4). (LP: #1273769) * Move uidmap from Depends to Recommends. * Drop duplicate python3 cflags (LP: #1272948) * Tweak adt to use a proxy server. lxc (1.0.0~beta3-0ubuntu1) trusty; urgency=medium * New upstream release (1.0.0~beta3). * Drop Build-conflict and instead pass --disable-lua. * Update autopkgtests to dynamically run all upstream tests. * Create /etc/lxc/lxc-usernet if missing. * Apparmor profiles and upstart jobs are now upstream (drop from packaging). * Bash completetion is now upstream. * Update lintian overrides. * DEPRECATED: lxc-aa-custom-profile has been dropped, instead use the examples in the default configuration file. * DEPRECATED: lxc-list has been dropped. Use "lxc-ls -f" instead. * DEPRECATED: lxc-halt has been dropped. Use "lxc-stop" instead. lxc (1.0.0~beta2-0ubuntu2) trusty; urgency=medium * Build python3 extension for all supported python versions. LP: #127236. * Build-conflict with lua5.2*, the packaging is not ready for it. lxc (1.0.0~beta2-0ubuntu1) trusty; urgency=medium * New upstream release (1.0.0~beta2). * Removed patches (no remaining): - 0000-add-autostart.patch - 0001-fix-lxc-usernsexec-regression.patch * Update packaging for upstream's implementation of autostart. * Allow dbus in lxc-start apparmor profile (needed by the avahi hook). lxc (1.0.0~beta1-0ubuntu3) trusty; urgency=medium * Add lxc-container-with-mounting apparmor profile. * Add iptables rules to always allow DHCP and DNS from the containers to the host. lxc (1.0.0~beta1-0ubuntu2) trusty; urgency=medium * d/p/0001-fix-lxc-usernsexec-regression.patch: fix a regression breaking lxc-usernsexec and, through that, all unprivileged container use. lxc (1.0.0~beta1-0ubuntu1) trusty; urgency=medium * New upstream release (1.0.0~beta1). * Removed patches: - 0001-lxcapi_clone-set-the-right-environment-variable-for-.patch - 0002-don-t-fail-lxc-init-if-we-couldn-t-mount-proc.patch lxc (1.0.0~alpha3-0ubuntu8) trusty; urgency=low * Add iptables rule to fix checksum of udp packets for dhcp (LP: #930962) lxc (1.0.0~alpha3-0ubuntu7) trusty; urgency=low * Add a lxc-default-with-mounting profile which allows the container to mount block filesystems. (LP: #1257389) lxc (1.0.0~alpha3-0ubuntu6) trusty; urgency=low * lxc-net: detect whether iptables -w flag is supported, so that backports won't be broken. lxc (1.0.0~alpha3-0ubuntu5) trusty; urgency=low * Add -w to iptables calls in lxc-net (LP: #1257117) lxc (1.0.0~alpha3-0ubuntu4) trusty; urgency=low * Build-depend on libgnutls-dev for template checksuming. lxc (1.0.0~alpha3-0ubuntu3) trusty; urgency=low * d/p/0002-don-t-fail-lxc-init-if-we-couldn-t-mount-proc.patch: fix failure to run lxc-init when lxc.cap.drop=sys_admin. (LP: #1253669) lxc (1.0.0~alpha3-0ubuntu2) trusty; urgency=low * Cherry-pick fix for lxc-clone hook script environment variable. 0001-lxcapi_clone-set-the-right-environment-variable-for-.patch (LP: #1253573) lxc (1.0.0~alpha3-0ubuntu1) trusty; urgency=low * New upstream release (1.0.0~alpha3). * Removed patches: - 0001-debian-template-set-hwaddr - 0002-lxc-start-if-we-pass-in-a-config-file-then-don-t-use.patch - get_rid_of_lxcpath_anon_idea.patch lxc (1.0.0~alpha2-0ubuntu6) trusty; urgency=low * d/p/0002-lxc-start-if-we-pass-in-a-config-file-then-don-t-use.patch fix lxc-start -with -f option to not use multiple configuration files (LP: #1251352) lxc (1.0.0~alpha2-0ubuntu5) trusty; urgency=low [ Serge Hallyn] * debian/rules and debian/lxc.postinst: set /var/lib/lxc and /var/cache/lxc to be perms 700. That prevents unprivileged users from running setuid-root applications. Install that way by default, and for any previous versions, update the permissions. After this version, respect the user's choice. (LP: #1244635) [ Stéphane Graber ] * Allow lxc.conf to start even if LXC_AUTO=false so that other jobs can depend on it. Also make sure we always load our apparmor profiles. (LP: #1227937) lxc (1.0.0~alpha2-0ubuntu4) trusty; urgency=low * get_rid_of_lxcpath_anon_idea.patch: allow lxc-stop and lxc-attach to work more easily with containers started with a custom config (-f). (LP: #1244301) lxc (1.0.0~alpha2-0ubuntu3) trusty; urgency=low * Fix syntax error in upstart job. lxc (1.0.0~alpha2-0ubuntu2) trusty; urgency=low * Set lxcpath in lxc-instance, that should make the containers visible in lxc-ls and other tools again. (LP: #1242074) lxc (1.0.0~alpha2-0ubuntu1) trusty; urgency=low * New upstream release (1.0.0~alpha2). * Removed patches: - 0002-pin_rootfs-be-quiet-and-don-t-fail-container-start.patch - 0003-move-monitor-fifo-and-monitor-sock-to-run.patch - 0004-hash-lxcname-for-use-in-monitor-unix-socket-sun_path.patch - 0005-ignore-ability-to-init-lxc-monitord.log.patch - 0006-add-pstore-to-container-fstab.patch - 0007-apparmor.c-drop-newline-when-reading-current-profile.patch - 0008-Fix-crasher-in-get_ips.patch - 0009-lxc-ubuntu-cloud-pass-numeric-owner-and-p-to-untar.patch - 0010-lxc-ubuntu-cloud-Cope-with-spaces-in-paths.patch - 0011-ubuntu-cloud-prep-hook-fix-debug-helper-to-not-inapp.patch * Change website to new URL (http://linuxcontainers.org). * Build with the test binaries and introduce a new lxc-tests package. * Don't build any of the binary packages on !linux. * Enable SELinux support. * Add watch file. -- Stéphane Graber <email address hidden> Mon, 21 Dec 2015 19:40:10 -0500
Upload details
- Uploaded by:
- Stéphane Graber
- Uploaded to:
- Precise
- Original maintainer:
- Ubuntu Developers
- Architectures:
- linux-any
- Section:
- admin
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
lxc_1.0.8.orig.tar.gz | 788.8 KiB | afce5d85e5d79fcc940fa372e40adc26f7c5fe538b4d7c4a371dc8995cef9083 |
lxc_1.0.8-0ubuntu0.3~ubuntu12.04.1.debian.tar.gz | 53.2 KiB | cacef032fefb6a2dec43c6f07e3e5548836b04c075c077b5a2467d426efeaea2 |
lxc_1.0.8-0ubuntu0.3~ubuntu12.04.1.dsc | 2.2 KiB | 5f5a576f99cc88591812381ec6e1d2580a380ac2ae1a8fc86f3a835872630456 |
Available diffs
Binary packages built by this source
- liblxc1: Linux Containers userspace tools (library)
Containers are insulated areas inside a system, which have their own namespace
for filesystem, network, PID, IPC, CPU and memory allocation and which can be
created using the Control Group and Namespace features included in the Linux
kernel.
.
This package contains the libraries.
- liblxc1-dbgsym: debug symbols for package liblxc1
Containers are insulated areas inside a system, which have their own namespace
for filesystem, network, PID, IPC, CPU and memory allocation and which can be
created using the Control Group and Namespace features included in the Linux
kernel.
.
This package contains the libraries.
- lxc: Linux Containers userspace tools
Containers are insulated areas inside a system, which have their own namespace
for filesystem, network, PID, IPC, CPU and memory allocation and which can be
created using the Control Group and Namespace features included in the Linux
kernel.
.
This package provides the lxc-* tools, which can be used to start a single
daemon in a container, or to boot an entire "containerized" system, and to
manage and debug your containers.
- lxc-dbg: Linux Containers userspace tools (debug)
Containers are insulated areas inside a system, which have their own namespace
for filesystem, network, PID, IPC, CPU and memory allocation and which can be
created using the Control Group and Namespace features included in the Linux
kernel.
.
This package contains the debugging symbols.
- lxc-dbgsym: debug symbols for package lxc
Containers are insulated areas inside a system, which have their own namespace
for filesystem, network, PID, IPC, CPU and memory allocation and which can be
created using the Control Group and Namespace features included in the Linux
kernel.
.
This package provides the lxc-* tools, which can be used to start a single
daemon in a container, or to boot an entire "containerized" system, and to
manage and debug your containers.
- lxc-dev: Linux Containers userspace tools (development)
Containers are insulated areas inside a system, which have their own namespace
for filesystem, network, PID, IPC, CPU and memory allocation and which can be
created using the Control Group and Namespace features included in the Linux
kernel.
.
This package contains the development files.
- lxc-templates: Linux Containers userspace tools (templates)
Containers are insulated areas inside a system, which have their own namespace
for filesystem, network, PID, IPC, CPU and memory allocation and which can be
created using the Control Group and Namespace features included in the Linux
kernel.
.
This package contains the templates.
- lxc-tests: Linux Containers userspace tools (test binaries)
Containers are insulated areas inside a system, which have their own namespace
for filesystem, network, PID, IPC, CPU and memory allocation and which can be
created using the Control Group and Namespace features included in the Linux
kernel.
.
This package contains the test binaries. Those binaries are primarily
used for autopkgtest and by some developers. They are not meant to be
installed on regular user systems.
- lxc-tests-dbgsym: debug symbols for package lxc-tests
Containers are insulated areas inside a system, which have their own namespace
for filesystem, network, PID, IPC, CPU and memory allocation and which can be
created using the Control Group and Namespace features included in the Linux
kernel.
.
This package contains the test binaries. Those binaries are primarily
used for autopkgtest and by some developers. They are not meant to be
installed on regular user systems.
- python3-lxc: Linux Containers userspace tools (Python 3.x bindings)
Containers are insulated areas inside a system, which have their own namespace
for filesystem, network, PID, IPC, CPU and memory allocation and which can be
created using the Control Group and Namespace features included in the Linux
kernel.
.
This package contains the Python 3.x bindings.
- python3-lxc-dbgsym: debug symbols for package python3-lxc
Containers are insulated areas inside a system, which have their own namespace
for filesystem, network, PID, IPC, CPU and memory allocation and which can be
created using the Control Group and Namespace features included in the Linux
kernel.
.
This package contains the Python 3.x bindings.