diff -Nru lxd-2.21/debian/changelog lxd-2.21/debian/changelog --- lxd-2.21/debian/changelog 2017-12-22 22:37:16.000000000 +0000 +++ lxd-2.21/debian/changelog 2018-02-08 04:23:37.000000000 +0000 @@ -1,10 +1,37 @@ -lxd (2.21-0ubuntu2~17.10.1) artful-backports; urgency=medium +lxd (2.21-0ubuntu3~17.10.1) artful-backports; urgency=medium * Backport to Artful. * Reduce liblxc dependency to >= 2.0.0~. * Build using Go 1.9 backport. - -- Stéphane Graber Fri, 22 Dec 2017 17:37:16 -0500 + -- Stéphane Graber Wed, 07 Feb 2018 23:23:37 -0500 + +lxd (2.21-0ubuntu3) bionic; urgency=medium + + * Cherry-pick upstream bugfixes: + - 0004-storage-btrfs-Fix-handling-of-UUID-based-mounts.patch + - 0005-lxd-containers-No-slahses-in-snapshot-names.patch + - 0006-lxd-storage-Don-t-allow-slashes-in-pool-or-volume-na.patch + - 0007-lxd-init-Strip-leading-and-trailing-spaces.patch + - 0008-console-Don-t-prevent-setting-lxc.console.logfile.patch + - 0009-console-Fix-version-check-in-log-API.patch + - 0010-lxd-containers-Don-t-drop-the-description.patch + - 0011-network-Serialize-network-creation.patch + - 0012-storage-Serialize-storage-pool-creation.patch + - 0013-lxd-containers-Fix-container-shutdown-on-exit.patch + - 0014-fix-parsing-for-container-name-tab-completion.patch + - 0015-lxc-file-Fix-edit-in-a-snap-environment.patch + - 0016-correct-mistake-in-help.patch + - 0017-lxc-client-return-errArgs-on-empty-pool.patch + - 0018-networks-Drop-all-firewall-rules-when-disabled.patch + - 0019-container_lxc-ensure-container-is-initialized.patch + - 0020-migrate-check-pre-dump-only-on-live-migration.patch + - 0021-shared-hostpath-Also-check-SNAP_NAME.patch + - 0022-shared-hostpath-Properly-handle-prefix-check.patch + - 0023-lxc-config-Fix-metadata-edit.patch + - 0024-containers-Default-to-pids-cgroup-for-fork-bomb-miti.patch + + -- Stéphane Graber Fri, 02 Feb 2018 14:27:13 +0100 lxd (2.21-0ubuntu2) bionic; urgency=medium diff -Nru lxd-2.21/debian/.git-dpm lxd-2.21/debian/.git-dpm --- lxd-2.21/debian/.git-dpm 2017-12-22 20:19:10.000000000 +0000 +++ lxd-2.21/debian/.git-dpm 2018-02-02 13:26:55.000000000 +0000 @@ -1,6 +1,6 @@ # see git-dpm(1) from git-dpm package -120a4b6661bdb131918cad489af619a7efc20604 -120a4b6661bdb131918cad489af619a7efc20604 +1f243bfd6d16bc690c59e43dcbd140c078a80cb2 +1f243bfd6d16bc690c59e43dcbd140c078a80cb2 27176ef637c8a642c498006c2fed309e282b2332 27176ef637c8a642c498006c2fed309e282b2332 lxd_2.21.orig.tar.gz diff -Nru lxd-2.21/debian/patches/0004-storage-btrfs-Fix-handling-of-UUID-based-mounts.patch lxd-2.21/debian/patches/0004-storage-btrfs-Fix-handling-of-UUID-based-mounts.patch --- lxd-2.21/debian/patches/0004-storage-btrfs-Fix-handling-of-UUID-based-mounts.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxd-2.21/debian/patches/0004-storage-btrfs-Fix-handling-of-UUID-based-mounts.patch 2018-02-02 13:26:55.000000000 +0000 @@ -0,0 +1,59 @@ +From 2b93789c99db0c5fe9f32ce8b1c4b580ebf36172 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?St=C3=A9phane=20Graber?= +Date: Tue, 2 Jan 2018 18:18:58 +0100 +Subject: storage/btrfs: Fix handling of UUID-based mounts +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Closes #4121 + +Signed-off-by: Stéphane Graber +--- + lxd/storage_btrfs.go | 19 ++++++++++++++++--- + 1 file changed, 16 insertions(+), 3 deletions(-) + +diff --git a/lxd/storage_btrfs.go b/lxd/storage_btrfs.go +index 20a2dd45..1218ee27 100644 +--- a/lxd/storage_btrfs.go ++++ b/lxd/storage_btrfs.go +@@ -108,7 +108,12 @@ func (s *storageBtrfs) StoragePoolCreate() error { + s.pool.Config["volatile.initial_source"] = s.pool.Config["source"] + + isBlockDev := false +- source := shared.HostPath(s.pool.Config["source"]) ++ ++ source := s.pool.Config["source"] ++ if strings.HasPrefix(source, "/") { ++ source = shared.HostPath(s.pool.Config["source"]) ++ } ++ + if source == "" { + source = filepath.Join(shared.VarPath("disks"), fmt.Sprintf("%s.img", s.pool.Name)) + s.pool.Config["source"] = source +@@ -259,7 +264,11 @@ func (s *storageBtrfs) StoragePoolCreate() error { + func (s *storageBtrfs) StoragePoolDelete() error { + logger.Infof("Deleting BTRFS storage pool \"%s\".", s.pool.Name) + +- source := shared.HostPath(s.pool.Config["source"]) ++ source := s.pool.Config["source"] ++ if strings.HasPrefix(source, "/") { ++ source = shared.HostPath(s.pool.Config["source"]) ++ } ++ + if source == "" { + return fmt.Errorf("no \"source\" property found for the storage pool") + } +@@ -324,7 +333,11 @@ func (s *storageBtrfs) StoragePoolDelete() error { + func (s *storageBtrfs) StoragePoolMount() (bool, error) { + logger.Debugf("Mounting BTRFS storage pool \"%s\".", s.pool.Name) + +- source := shared.HostPath(s.pool.Config["source"]) ++ source := s.pool.Config["source"] ++ if strings.HasPrefix(source, "/") { ++ source = shared.HostPath(s.pool.Config["source"]) ++ } ++ + if source == "" { + return false, fmt.Errorf("no \"source\" property found for the storage pool") + } diff -Nru lxd-2.21/debian/patches/0005-lxd-containers-No-slahses-in-snapshot-names.patch lxd-2.21/debian/patches/0005-lxd-containers-No-slahses-in-snapshot-names.patch --- lxd-2.21/debian/patches/0005-lxd-containers-No-slahses-in-snapshot-names.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxd-2.21/debian/patches/0005-lxd-containers-No-slahses-in-snapshot-names.patch 2018-02-02 13:26:55.000000000 +0000 @@ -0,0 +1,77 @@ +From 330026da6c06878d4116f2de07499ac207aa8302 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?St=C3=A9phane=20Graber?= +Date: Tue, 2 Jan 2018 18:33:37 +0100 +Subject: lxd/containers: No slahses in snapshot names +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Stéphane Graber +--- + lxc/snapshot.go | 8 -------- + lxd/container_snapshot.go | 11 +++++++++++ + 2 files changed, 11 insertions(+), 8 deletions(-) + +diff --git a/lxc/snapshot.go b/lxc/snapshot.go +index dd3f0a88..bcd59b8b 100644 +--- a/lxc/snapshot.go ++++ b/lxc/snapshot.go +@@ -1,10 +1,7 @@ + package main + + import ( +- "fmt" +- + "github.com/lxc/lxd/lxc/config" +- "github.com/lxc/lxd/shared" + "github.com/lxc/lxd/shared/api" + "github.com/lxc/lxd/shared/gnuflag" + "github.com/lxc/lxd/shared/i18n" +@@ -48,11 +45,6 @@ func (c *snapshotCmd) run(conf *config.Config, args []string) error { + snapname = args[1] + } + +- // we don't allow '/' in snapshot names +- if shared.IsSnapshot(snapname) { +- return fmt.Errorf(i18n.G("'/' not allowed in snapshot name")) +- } +- + remote, name, err := conf.ParseRemote(args[0]) + if err != nil { + return err +diff --git a/lxd/container_snapshot.go b/lxd/container_snapshot.go +index fec770b5..07ea5268 100644 +--- a/lxd/container_snapshot.go ++++ b/lxd/container_snapshot.go +@@ -7,6 +7,7 @@ import ( + "io/ioutil" + "net/http" + "strconv" ++ "strings" + + "github.com/gorilla/mux" + +@@ -92,6 +93,11 @@ func containerSnapshotsPost(d *Daemon, r *http.Request) Response { + req.Name = fmt.Sprintf("snap%d", i) + } + ++ // Validate the name ++ if strings.Contains(req.Name, "/") { ++ return BadRequest(fmt.Errorf("Snapshot names may not contain slashes")) ++ } ++ + fullName := name + + shared.SnapshotDelimiter + + req.Name +@@ -244,6 +250,11 @@ func snapshotPost(d *Daemon, r *http.Request, sc container, containerName string + return BadRequest(err) + } + ++ // Validate the name ++ if strings.Contains(newName, "/") { ++ return BadRequest(fmt.Errorf("Snapshot names may not contain slashes")) ++ } ++ + fullName := containerName + shared.SnapshotDelimiter + newName + + // Check that the name isn't already in use diff -Nru lxd-2.21/debian/patches/0006-lxd-storage-Don-t-allow-slashes-in-pool-or-volume-na.patch lxd-2.21/debian/patches/0006-lxd-storage-Don-t-allow-slashes-in-pool-or-volume-na.patch --- lxd-2.21/debian/patches/0006-lxd-storage-Don-t-allow-slashes-in-pool-or-volume-na.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxd-2.21/debian/patches/0006-lxd-storage-Don-t-allow-slashes-in-pool-or-volume-na.patch 2018-02-02 13:26:55.000000000 +0000 @@ -0,0 +1,65 @@ +From 152e87df9cc068c36847eb9a1aba2ac92975364c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?St=C3=A9phane=20Graber?= +Date: Tue, 2 Jan 2018 18:44:04 +0100 +Subject: lxd/storage: Don't allow slashes in pool or volume names +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Closes: #4127 + +Signed-off-by: Stéphane Graber +--- + lxd/storage_pools.go | 4 ++++ + lxd/storage_volumes.go | 9 +++++++++ + 2 files changed, 13 insertions(+) + +diff --git a/lxd/storage_pools.go b/lxd/storage_pools.go +index b08e0125..6d4d80bc 100644 +--- a/lxd/storage_pools.go ++++ b/lxd/storage_pools.go +@@ -73,6 +73,10 @@ func storagePoolsPost(d *Daemon, r *http.Request) Response { + return BadRequest(fmt.Errorf("No name provided")) + } + ++ if strings.Contains(req.Name, "/") { ++ return BadRequest(fmt.Errorf("Storage pool names may not contain slashes")) ++ } ++ + if req.Driver == "" { + return BadRequest(fmt.Errorf("No driver provided")) + } +diff --git a/lxd/storage_volumes.go b/lxd/storage_volumes.go +index 32bdd955..480029c4 100644 +--- a/lxd/storage_volumes.go ++++ b/lxd/storage_volumes.go +@@ -5,6 +5,7 @@ import ( + "fmt" + "net/http" + "strconv" ++ "strings" + + "github.com/gorilla/mux" + "github.com/lxc/lxd/lxd/db" +@@ -154,6 +155,10 @@ func storagePoolVolumesTypePost(d *Daemon, r *http.Request) Response { + return BadRequest(fmt.Errorf("No name provided")) + } + ++ if strings.Contains(req.Name, "/") { ++ return BadRequest(fmt.Errorf("Storage volume names may not contain slashes")) ++ } ++ + // Check that the user gave use a storage volume type for the storage + // volume we are about to create. + if req.Type == "" { +@@ -213,6 +218,10 @@ func storagePoolVolumeTypePost(d *Daemon, r *http.Request) Response { + return BadRequest(fmt.Errorf("No name provided")) + } + ++ if strings.Contains(req.Name, "/") { ++ return BadRequest(fmt.Errorf("Storage volume names may not contain slashes")) ++ } ++ + // We currently only allow to create storage volumes of type + // storagePoolVolumeTypeCustom. So check, that nothing else was + // requested. diff -Nru lxd-2.21/debian/patches/0007-lxd-init-Strip-leading-and-trailing-spaces.patch lxd-2.21/debian/patches/0007-lxd-init-Strip-leading-and-trailing-spaces.patch --- lxd-2.21/debian/patches/0007-lxd-init-Strip-leading-and-trailing-spaces.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxd-2.21/debian/patches/0007-lxd-init-Strip-leading-and-trailing-spaces.patch 2018-02-02 13:26:55.000000000 +0000 @@ -0,0 +1,27 @@ +From 5544f7956073d38457371f0fcc85c0c404d91a11 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?St=C3=A9phane=20Graber?= +Date: Tue, 2 Jan 2018 18:47:15 +0100 +Subject: lxd/init: Strip leading and trailing spaces +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Closes: #4125 + +Signed-off-by: Stéphane Graber +--- + shared/cmd/context.go | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/shared/cmd/context.go b/shared/cmd/context.go +index 0caa946b..251a5240 100644 +--- a/shared/cmd/context.go ++++ b/shared/cmd/context.go +@@ -161,6 +161,7 @@ func (c *Context) invalidInput() { + func (c *Context) readAnswer(defaultAnswer string) string { + answer, _ := c.stdin.ReadString('\n') + answer = strings.TrimSuffix(answer, "\n") ++ answer = strings.TrimSpace(answer) + if answer == "" { + answer = defaultAnswer + } diff -Nru lxd-2.21/debian/patches/0008-console-Don-t-prevent-setting-lxc.console.logfile.patch lxd-2.21/debian/patches/0008-console-Don-t-prevent-setting-lxc.console.logfile.patch --- lxd-2.21/debian/patches/0008-console-Don-t-prevent-setting-lxc.console.logfile.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxd-2.21/debian/patches/0008-console-Don-t-prevent-setting-lxc.console.logfile.patch 2018-02-02 13:26:55.000000000 +0000 @@ -0,0 +1,38 @@ +From 19909db9da4d966705b2b2728fc1adcf301ee9cb Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?St=C3=A9phane=20Graber?= +Date: Fri, 5 Jan 2018 14:58:22 -0500 +Subject: console: Don't prevent setting lxc.console.logfile +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The preferred option is certainly for users to use the console +ringbuffer and console API, but if they wish to use the old school +logfile, that's not going to break LXD. + +This also unbreaks existing users that set this key and anyone who's not +running liblxc from git. + +Signed-off-by: Stéphane Graber +--- + lxd/container_lxc.go | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go +index c5163e4d..ef06a75e 100644 +--- a/lxd/container_lxc.go ++++ b/lxd/container_lxc.go +@@ -210,12 +210,8 @@ func lxcValidConfig(rawLxc string) error { + return fmt.Errorf("Setting lxc.logfile is not allowed") + } + +- if key == "lxc.console.logfile" { +- return fmt.Errorf("Setting lxc.console.logfile is not allowed") +- } +- + if key == "lxc.syslog" || key == "lxc.log.syslog" { +- return fmt.Errorf("Setting lxc.syslog is not allowed") ++ return fmt.Errorf("Setting lxc.log.syslog is not allowed") + } + + if key == "lxc.ephemeral" { diff -Nru lxd-2.21/debian/patches/0009-console-Fix-version-check-in-log-API.patch lxd-2.21/debian/patches/0009-console-Fix-version-check-in-log-API.patch --- lxd-2.21/debian/patches/0009-console-Fix-version-check-in-log-API.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxd-2.21/debian/patches/0009-console-Fix-version-check-in-log-API.patch 2018-02-02 13:26:55.000000000 +0000 @@ -0,0 +1,59 @@ +From 16be43562232be899199349cdc016ad578bc51f2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?St=C3=A9phane=20Graber?= +Date: Fri, 5 Jan 2018 15:00:02 -0500 +Subject: console: Fix version check in log API +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Stéphane Graber +--- + lxd/container_console.go | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +diff --git a/lxd/container_console.go b/lxd/container_console.go +index 07ef18b4..3f1216df 100644 +--- a/lxd/container_console.go ++++ b/lxd/container_console.go +@@ -320,16 +320,16 @@ func containerConsolePost(d *Daemon, r *http.Request) Response { + } + + func containerConsoleLogGet(d *Daemon, r *http.Request) Response { ++ if !util.RuntimeLiblxcVersionAtLeast(3, 0, 0) { ++ return BadRequest(fmt.Errorf("Querying the console buffer requires liblxc >= 3.0")) ++ } ++ + name := mux.Vars(r)["name"] + c, err := containerLoadByName(d.State(), name) + if err != nil { + return SmartError(err) + } + +- if util.RuntimeLiblxcVersionAtLeast(3, 0, 0) { +- return BadRequest(fmt.Errorf("Querying the console buffer requires liblxc >= 3.0")) +- } +- + ent := fileResponseEntry{} + if !c.IsRunning() { + // Hand back the contents of the console ringbuffer logfile. +@@ -367,16 +367,16 @@ func containerConsoleLogGet(d *Daemon, r *http.Request) Response { + } + + func containerConsoleLogDelete(d *Daemon, r *http.Request) Response { ++ if !util.RuntimeLiblxcVersionAtLeast(3, 0, 0) { ++ return BadRequest(fmt.Errorf("Clearing the console buffer requires liblxc >= 3.0")) ++ } ++ + name := mux.Vars(r)["name"] + c, err := containerLoadByName(d.State(), name) + if err != nil { + return SmartError(err) + } + +- if util.RuntimeLiblxcVersionAtLeast(3, 0, 0) { +- return BadRequest(fmt.Errorf("Clearing the console buffer requires liblxc >= 3.0")) +- } +- + truncateConsoleLogFile := func(path string) error { + // Check that this is a regular file. We don't want to try and unlink + // /dev/stderr or /dev/null or something. diff -Nru lxd-2.21/debian/patches/0010-lxd-containers-Don-t-drop-the-description.patch lxd-2.21/debian/patches/0010-lxd-containers-Don-t-drop-the-description.patch --- lxd-2.21/debian/patches/0010-lxd-containers-Don-t-drop-the-description.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxd-2.21/debian/patches/0010-lxd-containers-Don-t-drop-the-description.patch 2018-02-02 13:26:55.000000000 +0000 @@ -0,0 +1,64 @@ +From d3ecf1c3b72bbdbc168ae8106e29fd952a7aeb4b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?St=C3=A9phane=20Graber?= +Date: Mon, 8 Jan 2018 01:33:32 -0500 +Subject: lxd/containers: Don't drop the description +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Closes #4143 + +Signed-off-by: Stéphane Graber +--- + lxd/container_lxc.go | 2 ++ + lxd/patches.go | 1 + + lxd/profiles_utils.go | 4 +++- + 3 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go +index ef06a75e..236123b5 100644 +--- a/lxd/container_lxc.go ++++ b/lxd/container_lxc.go +@@ -2967,6 +2967,7 @@ func (c *containerLXC) Restore(sourceContainer container, stateful bool) error { + Devices: sourceContainer.LocalDevices(), + Ephemeral: sourceContainer.IsEphemeral(), + Profiles: sourceContainer.Profiles(), ++ Description: sourceContainer.Description(), + } + + err = c.Update(args, false) +@@ -3312,6 +3313,7 @@ func (c *containerLXC) ConfigKeySet(key string, value string) error { + Devices: c.localDevices, + Ephemeral: c.ephemeral, + Profiles: c.profiles, ++ Description: c.description, + } + + return c.Update(args, false) +diff --git a/lxd/patches.go b/lxd/patches.go +index 187b9c03..79367d5a 100644 +--- a/lxd/patches.go ++++ b/lxd/patches.go +@@ -1777,6 +1777,7 @@ func updatePoolPropertyForAllObjects(d *Daemon, poolName string, allcontainers [ + LastUsedDate: c.LastUsedDate(), + Name: c.Name(), + Profiles: c.Profiles(), ++ Description: c.Description(), + } + + if c.IsSnapshot() { +diff --git a/lxd/profiles_utils.go b/lxd/profiles_utils.go +index 2a36f24d..9d0c3e0d 100644 +--- a/lxd/profiles_utils.go ++++ b/lxd/profiles_utils.go +@@ -114,7 +114,9 @@ func doProfileUpdate(d *Daemon, name string, id int64, profile *api.Profile, req + Ephemeral: c.IsEphemeral(), + Config: c.LocalConfig(), + Devices: c.LocalDevices(), +- Profiles: c.Profiles()}, true) ++ Profiles: c.Profiles(), ++ Description: c.Description(), ++ }, true) + + if err != nil { + failures[c.Name()] = err diff -Nru lxd-2.21/debian/patches/0011-network-Serialize-network-creation.patch lxd-2.21/debian/patches/0011-network-Serialize-network-creation.patch --- lxd-2.21/debian/patches/0011-network-Serialize-network-creation.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxd-2.21/debian/patches/0011-network-Serialize-network-creation.patch 2018-02-02 13:26:55.000000000 +0000 @@ -0,0 +1,45 @@ +From fdd8660489946497de459c1e0e1b22a472237cb5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?St=C3=A9phane=20Graber?= +Date: Mon, 8 Jan 2018 21:31:58 -0500 +Subject: network: Serialize network creation +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Stéphane Graber +--- + lxd/networks.go | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/lxd/networks.go b/lxd/networks.go +index 7e78acea..fb765995 100644 +--- a/lxd/networks.go ++++ b/lxd/networks.go +@@ -11,6 +11,7 @@ import ( + "os/exec" + "strconv" + "strings" ++ "sync" + + "github.com/gorilla/mux" + log "github.com/lxc/lxd/shared/log15" +@@ -24,6 +25,9 @@ import ( + "github.com/lxc/lxd/shared/version" + ) + ++// Lock to prevent concurent networks creation ++var networkCreateLock sync.Mutex ++ + // API endpoints + func networksGet(d *Daemon, r *http.Request) Response { + recursionStr := r.FormValue("recursion") +@@ -59,6 +63,9 @@ func networksGet(d *Daemon, r *http.Request) Response { + } + + func networksPost(d *Daemon, r *http.Request) Response { ++ networkCreateLock.Lock() ++ defer networkCreateLock.Unlock() ++ + req := api.NetworksPost{} + + // Parse the request diff -Nru lxd-2.21/debian/patches/0012-storage-Serialize-storage-pool-creation.patch lxd-2.21/debian/patches/0012-storage-Serialize-storage-pool-creation.patch --- lxd-2.21/debian/patches/0012-storage-Serialize-storage-pool-creation.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxd-2.21/debian/patches/0012-storage-Serialize-storage-pool-creation.patch 2018-02-02 13:26:55.000000000 +0000 @@ -0,0 +1,47 @@ +From b7b0048a12e56560255373d4acb5b73a0c540f2a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?St=C3=A9phane=20Graber?= +Date: Mon, 8 Jan 2018 21:32:20 -0500 +Subject: storage: Serialize storage pool creation +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Closes #4150 + +Signed-off-by: Stéphane Graber +--- + lxd/storage_pools.go | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/lxd/storage_pools.go b/lxd/storage_pools.go +index 6d4d80bc..a676cdca 100644 +--- a/lxd/storage_pools.go ++++ b/lxd/storage_pools.go +@@ -6,6 +6,7 @@ import ( + "net/http" + "strconv" + "strings" ++ "sync" + + "github.com/gorilla/mux" + "github.com/lxc/lxd/lxd/db" +@@ -14,6 +15,9 @@ import ( + "github.com/lxc/lxd/shared/version" + ) + ++// Lock to prevent concurent storage pools creation ++var storagePoolCreateLock sync.Mutex ++ + // /1.0/storage-pools + // List all storage pools. + func storagePoolsGet(d *Daemon, r *http.Request) Response { +@@ -60,6 +64,9 @@ func storagePoolsGet(d *Daemon, r *http.Request) Response { + // /1.0/storage-pools + // Create a storage pool. + func storagePoolsPost(d *Daemon, r *http.Request) Response { ++ storagePoolCreateLock.Lock() ++ defer storagePoolCreateLock.Unlock() ++ + req := api.StoragePoolsPost{} + + // Parse the request. diff -Nru lxd-2.21/debian/patches/0013-lxd-containers-Fix-container-shutdown-on-exit.patch lxd-2.21/debian/patches/0013-lxd-containers-Fix-container-shutdown-on-exit.patch --- lxd-2.21/debian/patches/0013-lxd-containers-Fix-container-shutdown-on-exit.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxd-2.21/debian/patches/0013-lxd-containers-Fix-container-shutdown-on-exit.patch 2018-02-02 13:26:55.000000000 +0000 @@ -0,0 +1,35 @@ +From c6f5b000fa650614ddaeaf31c294416d643434f7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?St=C3=A9phane=20Graber?= +Date: Tue, 9 Jan 2018 00:51:30 -0500 +Subject: lxd/containers: Fix container shutdown on exit +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Closes #4130 + +Signed-off-by: Stéphane Graber +--- + lxd/containers.go | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/lxd/containers.go b/lxd/containers.go +index 6a27d0fa..800ff5f2 100644 +--- a/lxd/containers.go ++++ b/lxd/containers.go +@@ -236,13 +236,13 @@ func containersShutdown(s *state.State) error { + + // Stop the container + wg.Add(1) +- go func() { ++ go func(c container, lastState string) { + c.Shutdown(time.Second * time.Duration(timeoutSeconds)) + c.Stop(false) + c.ConfigKeySet("volatile.last_state.power", lastState) + + wg.Done() +- }() ++ }(c, lastState) + } else { + c.ConfigKeySet("volatile.last_state.power", lastState) + } diff -Nru lxd-2.21/debian/patches/0014-fix-parsing-for-container-name-tab-completion.patch lxd-2.21/debian/patches/0014-fix-parsing-for-container-name-tab-completion.patch --- lxd-2.21/debian/patches/0014-fix-parsing-for-container-name-tab-completion.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxd-2.21/debian/patches/0014-fix-parsing-for-container-name-tab-completion.patch 2018-02-02 13:26:55.000000000 +0000 @@ -0,0 +1,29 @@ +From 895b57b267b95f4a51794c2bce488dd52eb9b9bf Mon Sep 17 00:00:00 2001 +From: Alberto Donato +Date: Wed, 10 Jan 2018 23:47:48 +0100 +Subject: fix parsing for container name tab-completion + +Signed-off-by: Alberto Donato +--- + config/bash/lxd-client | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/config/bash/lxd-client b/config/bash/lxd-client +index e74dd8d9..fbbefbcd 100644 +--- a/config/bash/lxd-client ++++ b/config/bash/lxd-client +@@ -6,11 +6,11 @@ _have lxc && { + local state=$1 + local keys=$2 + +- local cmd="lxc list --fast" +- [ -n "$state" ] && cmd="$cmd | grep -E '$state'" ++ local cmd="lxc list --format=csv --columns=ns" ++ [ -n "$state" ] && cmd="$cmd | grep -E '$state$'" + + COMPREPLY=( $( compgen -W \ +- "$( eval $cmd | grep -Ev '(\+--|NAME)' | awk '{print $2}' ) $keys" "$cur" ) ++ "$( eval $cmd | cut -d, -f1 ) $keys" "$cur" ) + ) + } + diff -Nru lxd-2.21/debian/patches/0015-lxc-file-Fix-edit-in-a-snap-environment.patch lxd-2.21/debian/patches/0015-lxc-file-Fix-edit-in-a-snap-environment.patch --- lxd-2.21/debian/patches/0015-lxc-file-Fix-edit-in-a-snap-environment.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxd-2.21/debian/patches/0015-lxc-file-Fix-edit-in-a-snap-environment.patch 2018-02-02 13:26:55.000000000 +0000 @@ -0,0 +1,35 @@ +From b932df0b93e546c4f3bafd6b3d9ce2c97db7efc1 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?St=C3=A9phane=20Graber?= +Date: Wed, 10 Jan 2018 22:16:29 -0500 +Subject: lxc/file: Fix edit in a snap environment +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Stéphane Graber +--- + lxc/file.go | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/lxc/file.go b/lxc/file.go +index 545982d9..d0b5cb12 100644 +--- a/lxc/file.go ++++ b/lxc/file.go +@@ -577,7 +577,7 @@ func (c *fileCmd) edit(conf *config.Config, args []string) error { + fname := f.Name() + f.Close() + os.Remove(fname) +- defer os.Remove(fname) ++ defer os.Remove(shared.HostPath(fname)) + + // Extract current value + err = c.pull(conf, append([]string{args[0]}, fname)) +@@ -585,7 +585,7 @@ func (c *fileCmd) edit(conf *config.Config, args []string) error { + return err + } + +- _, err = shared.TextEditor(fname, []byte{}) ++ _, err = shared.TextEditor(shared.HostPath(fname), []byte{}) + if err != nil { + return err + } diff -Nru lxd-2.21/debian/patches/0016-correct-mistake-in-help.patch lxd-2.21/debian/patches/0016-correct-mistake-in-help.patch --- lxd-2.21/debian/patches/0016-correct-mistake-in-help.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxd-2.21/debian/patches/0016-correct-mistake-in-help.patch 2018-02-02 13:26:55.000000000 +0000 @@ -0,0 +1,26 @@ +From c8610217143c918ed0e3efb1a3e99e22a47e2431 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marcin=20Miko=C5=82ajczak?= +Date: Thu, 11 Jan 2018 21:49:39 +0000 +Subject: correct mistake in help +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Marcin Mikołajczak +--- + lxc/storage.go | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lxc/storage.go b/lxc/storage.go +index 75e2b1b3..111122ac 100644 +--- a/lxc/storage.go ++++ b/lxc/storage.go +@@ -117,7 +117,7 @@ lxc storage volume delete [:] + Delete a storage volume on a storage pool. + + lxc storage volume edit [:] +- Edit storage pool, either by launching external editor or reading STDIN. ++ Edit storage volume, either by launching external editor or reading STDIN. + + lxc storage volume attach [:] [device name] + Attach a storage volume to the specified container. diff -Nru lxd-2.21/debian/patches/0017-lxc-client-return-errArgs-on-empty-pool.patch lxd-2.21/debian/patches/0017-lxc-client-return-errArgs-on-empty-pool.patch --- lxd-2.21/debian/patches/0017-lxc-client-return-errArgs-on-empty-pool.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxd-2.21/debian/patches/0017-lxc-client-return-errArgs-on-empty-pool.patch 2018-02-02 13:26:55.000000000 +0000 @@ -0,0 +1,25 @@ +From 33143f7a7f0a2806e4897fde2d10080456220c3a Mon Sep 17 00:00:00 2001 +From: David Negreira +Date: Fri, 12 Jan 2018 22:33:52 +0100 +Subject: lxc client: return errArgs on empty pool + +Signed-off-by: David Negreira +--- + lxc/storage.go | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/lxc/storage.go b/lxc/storage.go +index 111122ac..5f294761 100644 +--- a/lxc/storage.go ++++ b/lxc/storage.go +@@ -772,6 +772,10 @@ func (c *storageCmd) doStoragePoolVolumesList(conf *config.Config, remote string + return err + } + ++ if pool == "" { ++ return errArgs ++ } ++ + volumes, err := client.GetStoragePoolVolumes(pool) + if err != nil { + return err diff -Nru lxd-2.21/debian/patches/0018-networks-Drop-all-firewall-rules-when-disabled.patch lxd-2.21/debian/patches/0018-networks-Drop-all-firewall-rules-when-disabled.patch --- lxd-2.21/debian/patches/0018-networks-Drop-all-firewall-rules-when-disabled.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxd-2.21/debian/patches/0018-networks-Drop-all-firewall-rules-when-disabled.patch 2018-02-02 13:26:55.000000000 +0000 @@ -0,0 +1,35 @@ +From ea52911784deb8b84d7f0e5b7749355d94a445bf Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?St=C3=A9phane=20Graber?= +Date: Tue, 16 Jan 2018 15:15:37 +0200 +Subject: networks: Drop all firewall rules when disabled +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Stéphane Graber +--- + lxd/networks.go | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/lxd/networks.go b/lxd/networks.go +index fb765995..9bab7a1f 100644 +--- a/lxd/networks.go ++++ b/lxd/networks.go +@@ -726,7 +726,7 @@ func (n *network) Start() error { + + // Configure IPv4 firewall (includes fan) + if n.config["bridge.mode"] == "fan" || !shared.StringInSlice(n.config["ipv4.address"], []string{"", "none"}) { +- if n.config["ipv4.dhcp"] == "" || shared.IsTrue(n.config["ipv4.dhcp"]) { ++ if (n.config["ipv4.dhcp"] == "" || shared.IsTrue(n.config["ipv4.dhcp"])) && (n.config["ipv4.firewall"] == "" || shared.IsTrue(n.config["ipv4.firewall"])) { + // Setup basic iptables overrides for DHCP/DNS + rules := [][]string{ + {"ipv4", n.name, "", "INPUT", "-i", n.name, "-p", "udp", "--dport", "67", "-j", "ACCEPT"}, +@@ -890,7 +890,7 @@ func (n *network) Start() error { + + // Update the dnsmasq config + dnsmasqCmd = append(dnsmasqCmd, []string{fmt.Sprintf("--listen-address=%s", ip.String()), "--enable-ra"}...) +- if n.config["ipv6.dhcp"] == "" || shared.IsTrue(n.config["ipv6.dhcp"]) { ++ if (n.config["ipv6.dhcp"] == "" || shared.IsTrue(n.config["ipv6.dhcp"])) && (n.config["ipv6.firewall"] == "" || shared.IsTrue(n.config["ipv6.firewall"])) { + // Setup basic iptables overrides for DHCP/DNS + rules := [][]string{ + {"ipv6", n.name, "", "INPUT", "-i", n.name, "-p", "udp", "--dport", "546", "-j", "ACCEPT"}, diff -Nru lxd-2.21/debian/patches/0019-container_lxc-ensure-container-is-initialized.patch lxd-2.21/debian/patches/0019-container_lxc-ensure-container-is-initialized.patch --- lxd-2.21/debian/patches/0019-container_lxc-ensure-container-is-initialized.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxd-2.21/debian/patches/0019-container_lxc-ensure-container-is-initialized.patch 2018-02-02 13:26:55.000000000 +0000 @@ -0,0 +1,26 @@ +From fc3ac3d87224b4f2984cffd3ab2b9d0b15b95130 Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Thu, 18 Jan 2018 11:58:49 +0100 +Subject: container_lxc: ensure container is initialized + +Signed-off-by: Christian Brauner +Reported-by: Thomas Hipp +--- + lxd/container_lxc.go | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go +index 236123b5..74d48f76 100644 +--- a/lxd/container_lxc.go ++++ b/lxd/container_lxc.go +@@ -4798,6 +4798,10 @@ func (c *containerLXC) Migrate(args *CriuMigrationArgs) error { + } + } + } else if args.cmd == lxc.MIGRATE_FEATURE_CHECK { ++ err := c.initLXC(true) ++ if err != nil { ++ return err ++ } + + opts := lxc.MigrateOptions{ + FeaturesToCheck: args.features, diff -Nru lxd-2.21/debian/patches/0020-migrate-check-pre-dump-only-on-live-migration.patch lxd-2.21/debian/patches/0020-migrate-check-pre-dump-only-on-live-migration.patch --- lxd-2.21/debian/patches/0020-migrate-check-pre-dump-only-on-live-migration.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxd-2.21/debian/patches/0020-migrate-check-pre-dump-only-on-live-migration.patch 2018-02-02 13:26:55.000000000 +0000 @@ -0,0 +1,27 @@ +From e134ef5237c29cb2af51907f67ae615be245b3d8 Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Thu, 18 Jan 2018 12:16:43 +0100 +Subject: migrate: check pre-dump only on live migration + +Signed-off-by: Christian Brauner +--- + lxd/migrate.go | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/lxd/migrate.go b/lxd/migrate.go +index a1bc655f..6bedadcb 100644 +--- a/lxd/migrate.go ++++ b/lxd/migrate.go +@@ -611,7 +611,11 @@ func (s *migrationSourceWs) Do(migrateOp *operation) error { + } + } + +- use_pre_dumps, max_iterations := s.checkForPreDumpSupport() ++ use_pre_dumps := false ++ max_iterations := 0 ++ if s.live { ++ use_pre_dumps, max_iterations = s.checkForPreDumpSupport() ++ } + + // The protocol says we have to send a header no matter what, so let's + // do that, but then immediately send an error. diff -Nru lxd-2.21/debian/patches/0021-shared-hostpath-Also-check-SNAP_NAME.patch lxd-2.21/debian/patches/0021-shared-hostpath-Also-check-SNAP_NAME.patch --- lxd-2.21/debian/patches/0021-shared-hostpath-Also-check-SNAP_NAME.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxd-2.21/debian/patches/0021-shared-hostpath-Also-check-SNAP_NAME.patch 2018-02-02 13:26:55.000000000 +0000 @@ -0,0 +1,29 @@ +From 9fc976c59c3c5e2a1a9933512f37762d8eb38b32 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?St=C3=A9phane=20Graber?= +Date: Sat, 20 Jan 2018 22:56:47 +0200 +Subject: shared/hostpath: Also check SNAP_NAME +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Closes #4183 + +Signed-off-by: Stéphane Graber +--- + shared/util.go | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/shared/util.go b/shared/util.go +index e039905f..08884bf6 100644 +--- a/shared/util.go ++++ b/shared/util.go +@@ -116,7 +116,8 @@ func HostPath(path string) string { + + // Check if we're running in a snap package + snap := os.Getenv("SNAP") +- if snap == "" { ++ snapName := os.Getenv("SNAP_NAME") ++ if snap == "" || snapName != "lxd" { + return path + } + diff -Nru lxd-2.21/debian/patches/0022-shared-hostpath-Properly-handle-prefix-check.patch lxd-2.21/debian/patches/0022-shared-hostpath-Properly-handle-prefix-check.patch --- lxd-2.21/debian/patches/0022-shared-hostpath-Properly-handle-prefix-check.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxd-2.21/debian/patches/0022-shared-hostpath-Properly-handle-prefix-check.patch 2018-02-02 13:26:55.000000000 +0000 @@ -0,0 +1,28 @@ +From f6be2f40c7f934099d734099211f510d11d58792 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?St=C3=A9phane=20Graber?= +Date: Sat, 20 Jan 2018 22:58:38 +0200 +Subject: shared/hostpath: Properly handle prefix check +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Closes #4181 + +Signed-off-by: Stéphane Graber +--- + shared/util.go | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/shared/util.go b/shared/util.go +index 08884bf6..814cca5c 100644 +--- a/shared/util.go ++++ b/shared/util.go +@@ -139,7 +139,7 @@ func HostPath(path string) string { + + // Check if the path is already snap-aware + for _, prefix := range []string{"/dev", "/snap", "/var/snap", "/var/lib/snapd"} { +- if strings.HasPrefix(path, prefix) { ++ if path == prefix || strings.HasPrefix(path, fmt.Sprintf("%s/", prefix)) { + return path + } + } diff -Nru lxd-2.21/debian/patches/0023-lxc-config-Fix-metadata-edit.patch lxd-2.21/debian/patches/0023-lxc-config-Fix-metadata-edit.patch --- lxd-2.21/debian/patches/0023-lxc-config-Fix-metadata-edit.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxd-2.21/debian/patches/0023-lxc-config-Fix-metadata-edit.patch 2018-02-02 13:26:55.000000000 +0000 @@ -0,0 +1,29 @@ +From 9772d6744d7ba592dd1bad49ce499c697bcb1435 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?St=C3=A9phane=20Graber?= +Date: Tue, 30 Jan 2018 10:42:56 -0500 +Subject: lxc/config: Fix metadata edit +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Stéphane Graber +--- + lxc/config.go | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/lxc/config.go b/lxc/config.go +index 0c6d194c..a955fdcb 100644 +--- a/lxc/config.go ++++ b/lxc/config.go +@@ -1321,9 +1321,10 @@ func (c *configCmd) doContainerMetadataEdit(client lxd.ContainerServer, name str + } + + for { ++ metadata := api.ImageMetadata{} + err = yaml.Unmarshal(content, &metadata) + if err == nil { +- err = client.SetContainerMetadata(name, *metadata, etag) ++ err = client.SetContainerMetadata(name, metadata, etag) + } + + // Respawn the editor diff -Nru lxd-2.21/debian/patches/0024-containers-Default-to-pids-cgroup-for-fork-bomb-miti.patch lxd-2.21/debian/patches/0024-containers-Default-to-pids-cgroup-for-fork-bomb-miti.patch --- lxd-2.21/debian/patches/0024-containers-Default-to-pids-cgroup-for-fork-bomb-miti.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxd-2.21/debian/patches/0024-containers-Default-to-pids-cgroup-for-fork-bomb-miti.patch 2018-02-02 13:26:55.000000000 +0000 @@ -0,0 +1,52 @@ +From 1f243bfd6d16bc690c59e43dcbd140c078a80cb2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?St=C3=A9phane=20Graber?= +Date: Fri, 2 Feb 2018 10:52:51 +0100 +Subject: containers: Default to pids cgroup for fork bomb mitigation +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Stéphane Graber +--- + lxd/container_lxc.go | 28 +++++++++++++++++----------- + 1 file changed, 17 insertions(+), 11 deletions(-) + +diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go +index 74d48f76..4030763d 100644 +--- a/lxd/container_lxc.go ++++ b/lxd/container_lxc.go +@@ -2516,17 +2516,23 @@ func (c *containerLXC) Stop(stateful bool) error { + return err + } + +- // Attempt to freeze the container first, helps massively with fork bombs +- freezer := make(chan bool, 1) +- go func() { +- c.Freeze() +- freezer <- true +- }() +- +- select { +- case <-freezer: +- case <-time.After(time.Second * 5): +- c.Unfreeze() ++ // Fork-bomb mitigation, prevent forking from this point on ++ if c.state.OS.CGroupPidsController { ++ // Attempt to disable forking new processes ++ c.CGroupSet("pids.max", "0") ++ } else { ++ // Attempt to freeze the container ++ freezer := make(chan bool, 1) ++ go func() { ++ c.Freeze() ++ freezer <- true ++ }() ++ ++ select { ++ case <-freezer: ++ case <-time.After(time.Second * 5): ++ c.Unfreeze() ++ } + } + + if err := c.c.Stop(); err != nil { diff -Nru lxd-2.21/debian/patches/series lxd-2.21/debian/patches/series --- lxd-2.21/debian/patches/series 2017-12-22 20:19:10.000000000 +0000 +++ lxd-2.21/debian/patches/series 2018-02-02 13:26:55.000000000 +0000 @@ -1,3 +1,24 @@ 0001-containers-Fix-device-names-containing-slashes.patch 0002-lxd-containers-Fix-tc-egress-rules.patch 0003-lxc-exec-Fix-typo.patch +0004-storage-btrfs-Fix-handling-of-UUID-based-mounts.patch +0005-lxd-containers-No-slahses-in-snapshot-names.patch +0006-lxd-storage-Don-t-allow-slashes-in-pool-or-volume-na.patch +0007-lxd-init-Strip-leading-and-trailing-spaces.patch +0008-console-Don-t-prevent-setting-lxc.console.logfile.patch +0009-console-Fix-version-check-in-log-API.patch +0010-lxd-containers-Don-t-drop-the-description.patch +0011-network-Serialize-network-creation.patch +0012-storage-Serialize-storage-pool-creation.patch +0013-lxd-containers-Fix-container-shutdown-on-exit.patch +0014-fix-parsing-for-container-name-tab-completion.patch +0015-lxc-file-Fix-edit-in-a-snap-environment.patch +0016-correct-mistake-in-help.patch +0017-lxc-client-return-errArgs-on-empty-pool.patch +0018-networks-Drop-all-firewall-rules-when-disabled.patch +0019-container_lxc-ensure-container-is-initialized.patch +0020-migrate-check-pre-dump-only-on-live-migration.patch +0021-shared-hostpath-Also-check-SNAP_NAME.patch +0022-shared-hostpath-Properly-handle-prefix-check.patch +0023-lxc-config-Fix-metadata-edit.patch +0024-containers-Default-to-pids-cgroup-for-fork-bomb-miti.patch