Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

liblxc1-4.0.5-bp153.1.1 RPM for armv7hl

From OpenSuSE Ports Leap 15.3 for armv7hl

Name: liblxc1 Distribution: SUSE Linux Enterprise 15 SP3
Version: 4.0.5 Vendor: openSUSE
Release: bp153.1.1 Build date: Sun Feb 14 00:01:40 2021
Group: System/Libraries Build host: obs-arm-5
Size: 4335355 Source RPM: lxc-4.0.5-bp153.1.1.src.rpm
Packager: https://bugs.opensuse.org
Url: http://linuxcontainers.org/
Summary: LXC container runtime library
This package provides the LXC container runtime library.

Provides

Requires

License

LGPL-2.1-only

Changelog

* Thu Nov 05 2020 Dirk Mueller <dmueller@suse.com>
  - update to 4.0.5:
    * Support allocating PTS devices from within the container
    * Harden more path/mount handling logics
    * Rework LSM logic to limit initializer use
    * for full list of changes see
    https://discuss.linuxcontainers.org/t/lxc-4-0-5-lts-has-been-released/9269
  - remove 0001-templates-lxc-download.in-fix-wrong-if-condition-use.patch,
    0002-templates-lxc-download.in-make-shellcheck-happy.patch (upstream)
* Wed Jul 08 2020 Johannes Kastl <kastl@b1-systems.de>
  - add patches from upstream:
    * 0001-templates-lxc-download.in-fix-wrong-if-condition-use.patch
    * 0002-templates-lxc-download.in-make-shellcheck-happy.patch
    * 0003-templates-lxc-download.in-use-GPG-option-receive-key.patch
* Tue May 12 2020 Pavol Cupka <palica@liguros.net>
  - Update to LXC 4.0.2
    - https://discuss.linuxcontainers.org/t/lxc-4-0-2-lts-has-been-released/7449
* Tue Apr 14 2020 Paolo Stivanin <info@paolostivanin.com>
  - Update to LXC 4.0.1:
    + Tweak systemd ordering (start after remote-fs.target)
    + Fix various issues around attach and cgroups
    + Fix shutdown timeout not working on pidfd systems
    + Fix cgroup issue on 4.9 kernel
    + Fix write issues in /dev/stdout
  - Remove 0001-autotools-don-t-install-run-coccinelle.sh.patch
  - Remove 0002-cgroups-fix-uninitialized-transient_len-warning.patch
  - Remove 0003-cgroups-fix-build-warning-on-GCC-7.patch
* Tue Apr 07 2020 Aleksa Sarai <asarai@suse.com>
  - Fix mis-use of %suse_version when we actually want to check against
    %sle_version when determining whether lxc-user-nic should be setuid.
* Thu Apr 02 2020 Aleksa Sarai <asarai@suse.com>
  - Add backport of https://github.com/lxc/lxc/pull/3347 and
    https://github.com/lxc/lxc/pull/3349 to fix builds on Leap.
    + 0002-cgroups-fix-uninitialized-transient_len-warning.patch
    + 0003-cgroups-fix-build-warning-on-GCC-7.patch
* Wed Apr 01 2020 Aleksa Sarai <asarai@suse.com>
  - Update to LXC 4.0.0. The full upstream changelog is available from:
    https://discuss.linuxcontainers.org/t/lxc-4-0-lts-has-been-released/7182
    Related to the LXD 4.0.0 update (boo#1168338).
    + cgroups: Full cgroup2 support
    + cgroups: Freezer support in CGroup2
    + cgroups: eBPF device controller support in CGroup2
    + AppArmor: Deny access to /proc/acpi/**
    + config: Add lxc.autodev.tmpfs.size configuration key
    + config: Add lxc.selinux.context.keyring key
    + config: Add lxc.keyring.session
    + seccomp: Add s390 support
    * network: Improved network device creation and removal
    + network: Allow moving wireless devices
  - Add backport of patch to fix build:
    + 0001-autotools-don-t-install-run-coccinelle.sh.patch
  - Remove upstreamed patches:
    - lxc-3.2.1-cgroups-init-cpuset-properly.patch
    - 0001-tree-wide-initialize-all-auto-cleanup-variables.patch
* Mon Feb 03 2020 Dominique Leuenberger <dimstar@opensuse.org>
  - BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to
    shortcut through the -mini flavors.
* Sun Feb 02 2020 Aleksa Sarai <asarai@suse.com>
  - Fix bash-completion paths to match the binary names (and to avoid conflicts
    with LXD). boo#1162426
* Mon Nov 11 2019 Pavol Cupka <palica@liguros.net>
  - adding a patch to fix "Containers fail to start regression lxc 3.2"
    - patch name: lxc-3.2.1-cgroups-init-cpuset-properly.patch
    - upstream issue - https://github.com/lxc/lxc/issues/3108
* Thu Sep 12 2019 Aleksa Sarai <asarai@suse.com>
  - Add backport of https://github.com/lxc/lxc/pull/3102 to fix build failures on
    openSUSE Leap.
    + 0001-tree-wide-initialize-all-auto-cleanup-variables.patch
  - Update to lxc 3.2.1. The changelog can be found at
    https://discuss.linuxcontainers.org/t/lxc-3-2-1-has-been-released/5322
    + seccomp: support syscall forwarding to userspace
    + add lxc.seccomp.allow_nesting
    + pidfd: Add initial support for the new pidfd api
    * Many hardening improvements.
    * Use /sys/kernel/cgroup/delegate file for cgroup v2.
    * Fix CVE-2019-5736 equivalent bug.
* Sat Apr 20 2019 Aleksa Sarai <asarai@suse.com>
  - Rework /var/adm/update-messages handling to be far less complicated, and more
    packaging-friendly (by update-messages be owned by the rpm) as well as
    storing the update message in a autoconf-templated source file.
* Wed Apr 10 2019 Dirk Mueller <dmueller@suse.com>
  - fix apparmor dropin to be compatible with LXC 3.1.0 (bsc#1131762)
* Sun Apr 07 2019 Aleksa Sarai <asarai@suse.com>
  - Avoid wrong permissions warning by conditionally setting the setuid bit based
    on what version of permissions is available in that distribution (makes no
    difference but results in less confusion to users).
* Mon Apr 01 2019 Aleksa Sarai <asarai@suse.com>
  - Fix builds on SLE12, by depending on apparmor-profiles instead of
    apparmor-abstractions. In addition, remove the Requires on abstractions.
* Fri Mar 29 2019 Jan Engelhardt <jengelh@inai.de>
  - Trim project history from package description.
* Tue Mar 26 2019 Aleksa Sarai <asarai@suse.com>
  - Update to LXC 3.1.0. The changelog is far too long to include here, please
    look at the changelogs posted on https://linuxcontainers.org/. boo#1131762
    * Includes fixes for CVE-2019-5736 bsc#1122185.
    + pam_cgfs is now provided by this package, since upstream has moved the
      sources to LXC (it used to be part of lxcfs).
    * All of the patches have been upstreamed or are no longer relevant:
    - 0001-apparmor-Allow-usr-lib-paths-for-mount-and-pivot_roo.patch
    - 0001-utils-add-LXC_PROC_PID_FD_LEN.patch
    - 0001-lxc-user-nic-verify-file-descriptor-stable-2.0.patch
    - 0001-Backport-autodev-fix-from-lxc-master.patch
    - 0001-PyOS_AfterFork-python3.7.patch
  - Add a warning if lxc-user-nic is not setuid after set_permissions, to ensure
    users actually read the warning (which means we get to remove README.SUSE).
    It also supports people using paranoid mode, which is why it's done in
    post-install and isn't packaged. boo#988348
  - Quite a lot of the runtime helpers and configuration have been moved to
    liblxc, in order to allow LXD to make use of them (because, in truth, they
    were always a requirement of liblxc and not just the lxc-* tools).
  - Add workaround for pre-15 distros, where _sharedstatedir was inexplicably
    /usr/com, to use the correct directory of /var/lib.
* Tue Mar 26 2019 Aleksa Sarai <asarai@suse.com>
  - Rework packaging to be a more modern openSUSE-style.
* Mon Feb 04 2019 Bjoern Voigt <bjoernv@arcor.de>
  - compilation fixed for Python 3.7
    (PyOS_AfterFork() replaced with PyOS_AfterFork_Child())
    added patch 0001-PyOS_AfterFork-python3.7.patch
* Sat Sep 15 2018 Johannes Kastl <kastl@b1-systems.de>
  - fix for bsc#988348 (lxc: enable setuid bit on lxc-user-nic)
    - do not remove setuid bit for lxc-user-nic on releases with suse_version >=1550
    - remove setuid stuff from README.SUSE on releases with suse_version >=1550
* Fri Sep 14 2018 Johannes Kastl <kastl@b1-systems.de>
  - move bash completion file from /etc/bash_completion.d/lxc to
    /usr/share/bash-completion/completions/ to avoid warning
* Mon Aug 27 2018 bernd-obs@wachter.fi
  - 0001-Backport-autodev-fix-from-lxc-master.patch: fix unprivileged
    lxc containers on kernel >= 4.18
* Fri Aug 03 2018 matthias.gerstner@suse.com
  - 0001-utils-add-LXC_PROC_PID_FD_LEN.patch: prerequisite for applying the
    next patch
  - 0001-lxc-user-nic-verify-file-descriptor-stable-2.0.patch: fix information
    leak and possible open() side effects accessible to regular users via
    lxc-user-nic (bsc#988348, CVE-2018-6556)
* Thu Jul 19 2018 mchandras@suse.de
  - Add upstream patch to fix container start up problems when AppArmor
    is enabled (boo#1099239)
    * 0001-apparmor-Allow-usr-lib-paths-for-mount-and-pivot_roo.patch
* Wed Jun 13 2018 dcassany@suse.com
  - Make use of %license macro
* Tue Oct 31 2017 opensuse_buildservice@ojkastl.de
  - update to version 2.0.9
    Bugfixes:
    * apparmor: Allow containers to start in AppArmor namespaces
    * apparmor: Drop useless apparmor denies
    * caps: Move ifndef/define to the top
    * cgfsng: Fail when limits fail to apply
    * cgfsng: Log when we defer to cgfsng
    * cgfsng: Only output debug info when we set cgroup data
    * cgroups: Handle hybrid cgroup layouts
    * cgroups: Use tight scoping
    * cgroups: Workaround gcc-7 bug
    * commands: Abstract cmd socket handling + logging
    * commands: Add missing translation
    * commands: Delete meaningless comments
    * commands: Handle EINTR
    * commands: Make state server interface flexible
    * commands: Move lxc_make_abstract_socket_name()
    * commands: Rename to lxc_cmd_add_state_client()
    * commonds: Fix typo
    * conf: Adapt to lxc-user-nic usage
    * conf: Add lxc_get_idmaps()
    * conf: Add userns_exec_full()
    * conf: Allow to clear all config items
    * conf: Allow to get lxc.autodev
    * conf: Allow to get lxc.haltsignal
    * conf: Allow to get lxc.kmsg
    * conf: Allow to get lxc.rebootsignal
    * conf: Allow to get lxc.stopsignal
    * conf: Allow writing uid mappings with euid != 0
    * conf: Avoid double-frees in userns_exec_1()
    * conf: Clear lxc.include
    * conf: Do not check for empty value twice
    * conf: Do not check union on wrong net type
    * conf: Do not deref null pointer
    * conf: Do not free static memory
    * conf: Do not log uninitialized memory
    * conf: Do not write out trailing spaces
    * conf: Don't send ttys when none are configured
    * conf: Dump lxc_get_config_item()
    * conf: Error out on too many mappings
    * conf: Fix bionic builds
    * conf: Fix build without libcap
    * conf: Fix tty creation
    * conf: Fix userns_exec_1()
    * conf: Free netdev->downscript
    * conf: Implement config item clear callback
    * conf: Improve lxc_map_ids()
    * conf: Improve tty shifting function
    * conf: Improve write_id_mapping()
    * conf: Increase lxc-user-nic buffer
    * conf: Log lxc-user-nic output
    * conf: lxc_listconfigs -> lxc_list_config_items
    * conf: Move clearing config items into one place
    * conf: Non-functional changes
    * conf: NOTICE() on mounts on container's /dev
    * conf: Performance tweaks
    * conf: Preserve newlines
    * conf: Properly parse lxc.idmap entries
    * conf: Record idmap that gets written
    * conf: Refactoring of most config parsing code
    * conf: Refactor network deletion
    * conf: Remove dead assignments in parse_idmaps()
    * conf: Remove dead mount code
    * conf: Rework lxc_map_ids()
    * conf: Rework userns_exec_1()
    * conf: Send ttys in batches of 2
    * conf: Switch API to new callback system
    * conf: Use a minimal {g,u}id map
    * conf: Use correct check on char array
    * conf: Use run_command for lxc-usernsexec
    * console: Clean tty state + return 0 on peer exit
    * console: DO NOT add the handles of adjust winsize when the 'stdin' is not a tty
    * console: Fix memory leak of 'lxc_tty_state'
    * console: Remove dead assignments
    * core: Do remount with the MS_REMOUNT flag when mounts with MS_RDONLY
    * core: Fix a format string build failure on x32
    * core: Fix includes for Android
    * core: Fix memory and resource leak
    * core: Fix some cppcheck warnings
    * core: Fix the bug of 'ts->stdoutfd' did not fill with parameters 'stdoutfd'
    * core: Include custom mntent for Android
    * core: Log function called in userns_exec_1()
    * core: Remove the __func__ macro
    * core: Remove the unused macro
    * core: Replace "priority" with "level"
    * core: Revert "Add a prefix to the lxc.pc"
    * core: root -> am_root
    * core: struct bdev -> struct lxc_storage
    * core: Update .gitignore
    * core: Use strerror(errno) instead of %m
    * criu: Add cmp_version()
    * criu: Use correct check initialization check
    * doc: Add CII Best Practices badge to README
    * doc: Add console behavior to Japanese lxc.container.conf(5)
    * doc: Document missing env variables
    * doc: Fix regex-typo in Japanese and Korean lxc-monitor(1)
    * doc: Fix regex-typo in lxc-monitor.sgml.in
    * doc: Reword id mapping restrictions when unpriv
    * doc: Rework README
    * doc: Tweak Japanese lxc.container.conf(5)
    * doc: Tweak lxc.container.conf a little
    * doc: Untabify Japanese lxc.container.conf(5)
    * doc: Update API documentation for get_config_item
    * execute: Enable console & standard /dev symlinks
    * init: Add comment for exclude 32 and 33 signals
    * init: Adjust include statements
    * init: Become session leader
    * init: Move initialization of act to outside of the loop
    * init: Report exec*() failure
    * init: Use lxc-stop to stop systemd service
    * liblxc: Make sure memory is free()ed
    * liblxc: Only spawn monitord on demand
    * liblxc: Remove 5s timeout on error
    * liblxc: Use snprintf()
    * liblxc: Use userns_exec_full()
    * lock: Non-functional changes
    * lock: Return the right error when open lock file failed
    * log: Prevent stack smashing
    * log: Switch to a new lxc_log_init function
    * monitor: Abstract lxc_abstract_unix_{send,recv}_fd for af_unix
    * monitor: Add lxc_cmd_state_server()
    * monitor: Add TRACE()ers
    * monitor: Delete unneccessory include file
    * monitor: Remove dead assignments
    * monitor: Remove the workaround-code for lxc_abstract_unix_connect
    * monitor: Remove unlink operation for af_unix
    * network: Add arg to config clear method
    * network: Add data arg to set callback
    * network: Add ifindex field for host veth device
    * network: Add lxc_log_configured_netdevs()
    * network: Add missing checks for empty links
    * network: Add network counter
    * network: Add warning when ignoring MTU
    * network: Clear ifindeces
    * network: Delete ovs for unprivileged networks
    * network: Document all fields in struct lxc_netdev
    * network: Don't delete net devs we didn't create
    * network: Fix grammar
    * network: Implement lxc_get_netdev_by_idx()
    * network: Log cleanup thread pid for openswitch
    * network: Log ifindex
    * network: Log ifindex for host side veth device
    * network: Log veth_attr.pair and veth_attr.veth1
    * network: Move config_value_empty() to confile_utils
    * network: Perform network validation at creation time
    * network: Remove allocation from lxc_mkifname()
    * network: Remove dead assignments
    * network: Remove netpipe
    * network: Retrieve correct names and ifindices
    * network: Retrieve the host's veth device ifindex
    * network: Rework network creation
    * network: Send ifindex for unpriv networks
    * network: Stop recording saved physical net devices
    * network: Use correct network device name
    * network: Use send()/recv()
    * network: Use single helper to delete networks
    * network: Use static memory for net device names
    * openvswitch: Delete ports intelligently
    * seccomp: Export the seccomp filter after load it into kernel successful
    * seccomp: Print action name in log
    * seccomp: s/n-new-privs/no-new-privs/g
    * seccomp: Update comment for function parse_config
    * start: Add lxc_free_handler()
    * start: Add lxc_init_handler()
    * start: Document all handler fields
    * start: Don't call lxc_map_ids() without id map
    * start: Don't close inherited namespace fds
    * start: Don't let data_sock users close the fd
    * start: Dup std{in,out,err} to pty slave
    * start: Ensure cgroups are cleaned up
    * start: Generalize lxc_check_inherited()
    * start: Log sending and receiving of tty fds
    * start: lxc_setup() after unshare(CLONE_NEWCGROUP)
    * start: Move env setup before container setup
    * start: Pass LXC_LOG_LEVEL to hooks
    * start: Pin rootfs when privileged
    * start: Remove dead variable
    * start: Send state to legacy lxc-monitord state server even if no state clients registered
    * start: Set environment variables correctly
    * start: Switch from SOCK_DGRAM to SOCK_STREAM
    * start: Switch ids at last possible instance
    * start: Use separate socket on daemonized start
    * start: Use userns_exec_full()
    * state: Remove lxc_rmstate declaration
    * storage: Add storage_utils.{c.h}
    * storage: Avoid segfault
    * storage: Default to orig type on identical paths
    * storage: Record output from mkfs.*
    * storage: Rename files "bdev" -> "storage"
    * storage: Use userns_exec_full()
    * storage/dir: Using 'add-required_remount_flags' function to add required flags
    * storage/loop: Detect loop file
    * storage/overlayfs: Fix wrong path
    * storage/overlay: Handle overlay for stable 2.0
    * template: Remove obsolete bind-mounts from userns.conf
    * template: Use "rsync -SHaAX" to copy the cached rootfs into place
    * template/alpine: Add support for ppc64le
    * template/alpine: Change file check to also check file size (-f => -s)
    * template/archlinux: Change locale "en-US.UTF-8" to "en_US.UTF-8"
    * template/centos: Add cronie to the pkg list
    * template/centos: Use altarch mirror for CentOS on arches other than i386 and x86_64
    * template/debian: Add aarch64 -> arm64 mapping
    * template/debian: Add buster as a valid release
    * template/debian: Don't force getty@ configuration
    * template/debian: Use deb.debian.org as the default Debian mirror
    * template/download: Fix syntax error
    * template/download: Sanitize script with shellcheck
    * template/opensuse: Add Tumbleweed as supported release
    * template/opensuse: Fix tumbleweed software selection
    * template/opensuse: getty.target.wants does not always exists
    * template/opensuse: Support leap 42.3
    * template/opensuse: Tumbleweed has no update repo
    * template/plamo: Delete unnecessary process during container shutdown
    * template/ubuntu: Check that there is netplan binary, rather than just just a config directory
    * template/ubuntu: Conditionally move upstart ssh job, as it is now optional
    * template/ubuntu: Support netplan in newer releases by default
    * tests: Adapt lxc-user-nic tests to new syntax
    * tests: Add corner-case tests for lxc_safe_{u}int()
    * tests: Add item clear and config file tests
    * tests: Add test script to test the ro option of lxc.rootfs.options
    * tests: Add unit tests for idmap parser
    * tests: Avoid NULL pointer dereference
    * tests: Compare return value to expected value whenever we can
    * tests: Define a network before checks
    * tests: Don't fail when no processes for the user exist
    * tests: Enforce all methods for config items
    * tests: Remove dead assignments
    * tests: Remove the temp container directory
    * tests: Shortlived daemonized containers
    * tests: Support systemd hybrid cgroups
    * tools: Add additional cgroup checks
    * tools: Print "-devel" when LXC_DEVEL is true
    * tools: Use "which"
    * tools/lxc-attach: Allow for situations without /dev/tty
    * tools/lxc-checkconfig: Add CONFIG_NETFILTER_XT_MATCH_COMMENT
    * tools/lxc-checkconfig: Add probe status checking
    * tools/lxc-execute: Print error message when failed
    * tools/lxc-ls: Return all containers by default
    * tools/lxc-monitord: Exit when receiving a quit command
    * tools/lxc-unshare: Do not pass NULL pointer
    * tools/lxc-user-nic: Add new {create,delete} subcommands
    * tools/lxc-user-nic: Check db before trying to delete
    * tools/lxc-user-nic: Fix adding database entries
    * tools/lxc-user-nic: Fix memleak
    * tools/lxc-user-nic: Free memory and check for error
    * tools/lxc-user-nic: Initialize vars to silence gcc-7
    * tools/lxc-user-nic: Keep lines from other {users,links}
    * tools/lxc-user-nic: Remove delta between master + stable
    * tools/lxc-user-nic: Remove double initialization
    * tools/lxc-user-nic: Rework renaming net devices
    * tools/lxc-user-nic: Simplify logic
    * tools/lxc-user-nic: Test privilege over netns on delete
    * tools/lxc-usernsexec: Remove dead assignments
    * travis: Fix builds
    * utils: Add has_fs_type() + is_fs_type()
    * utils: Add lxc_nic_exists()
    * utils: Add lxc_safe_ulong()
    * utils: Add run_command
    * utils: Close parent end in child process after fork
    * utils: Do not write to 0 sized buffer
    * utils: Duplicate stderr as well in lxc_popen()
    * utils: Fix lxc_mount_proc_if_needed()
    * utils: Fix lxc_popen()/lxc_pclose()
    * utils: Fix mem leak with realpath
    * utils: Fix num parsing functions
    * utils: Fix ppc64le builds
    * utils: Fix the way to detect blocking signal
    * utils: lxc_popen() remove dead assignments
    * utils: Move helpers from cgfsng.c to utils.{c,h}
    * utils: Rework lxc_deslashify()
    * utils: Switch to has_fs_type()
    * utils: Use 1LU otherwise we overflow
    * utils: Use access instead of stat
* Tue Sep 12 2017 opensuse_buildservice@ojkastl.de
  - removed ldconfig from lxc %post section
* Fri Sep 01 2017 mchandras@suse.de
  - Fix libcap-progs dependency. The 'setcap' binary is located in /sbin
    instead of /usr/sbin but it's best to depend on the actual package
    instead since the location might change in the future.
* Wed Aug 30 2017 opensuse_buildservice@ojkastl.de
  - removed apparmor-rpm-macros again, as it is not needed for the current %post solution
* Wed Aug 30 2017 opensuse_buildservice@ojkastl.de
  - added Requires for apparmor-abstractions and BuildRequires for apparmor-rpm-macros to apply the fix for boo#1036360
* Wed Aug 30 2017 opensuse_buildservice@ojkastl.de
  - added correct reload of apparmor to %post
* Tue Jul 04 2017 opensuse_buildservice@ojkastl.de
  - added workaround for #bsc1041291 to allow builds on Tumbleweed with gcc7, until this bug in gcc7 is fixed...
* Tue May 16 2017 opensuse_buildservice@ojkastl.de
  - Update to version 2.0.8
    * Security fix for CVE-2017-5985
    * All templates have been updated to not set default passwords anymore, instead requiring lxc-attach be used to configure users.
    * This may affect some automated environments that were relying on our default (very much insecure) users.
    Bugfixes:
      Make lxc-start-ephemeral Python 3.2-compatible
      Fix typo
      Allow build without sys/capability.h
      lxc-opensuse: fix default value for release code
      util: always malloc for setproctitle
      util: update setproctitle comments
      confile: clear lxc.network..ipv{4,6} when empty
      lxc_setup_tios(): Ignore SIGTTOU and SIGTTIN signals
      Make lxc-net return non-zero on failure
      seccomp: allow x32 guests on amd64 hosts.
      Add HAVE_LIBCAP
      c/r: only supply --ext-mount-map for bind mounts
      Added 'mkdir -p' functionality in create_or_remove_cgroup
      Use LXC_ROOTFS_MOUNT in clonehostname hook
      squeeze is not a supported release anymore, drop the key
      start: dumb down SIGCHLD from WARN() to NOTICE()
      log: fix lxc_unix_epoch_to_utc()
      cgfsng: make trim() safer
      seccomp: set SCMP_FLTATR_ATL_TSKIP if available
      lxc-user-nic: re-order #includes
      lxc-user-nic: improve + bugfix
      lxc-user-nic: delete link on failure
      conf: only try to delete veth when privileged
      Fix lxc-containers to support multiple bridges
      Fix mixed tab/spaces in previous patch
      lxc-alpine: use dl-cdn.a.o as default mirror instead of random one
      lxc-checkconfig: verify new[ug]idmap are setuid-root
      [templates] archlinux: resolve conflicting files
      [templates] archlinux: noneed default_timezone variable
      python3: Deal with potential NULL char*
      lxc-download.in / allow setting keyserver from env
      lxc-download.in / Document keyserver change in help
      Change variable check to match existing style
      tree-wide: include directly
      conf/ile: make sure buffer is large enough
      tree-wide: include directly
      tests: Support running on IPv6 networks
      tests: Kill containers (don't wait for shutdown)
      Fix opening wrong file in suggest_default_idmap
      do not set the root password in the debian template
      do not set insecure passwords
      don't set a default password for altlinux, gentoo, openmandriva and pld
      tools: exit with return code of lxc_execute()
      Keep veth.pair.name on network shutdown
      Makefile: fix static clang init.lxc build
      Avoid waiting for bridge interface if disabled in sysconfig/lxc | lxc-net via USE_LXC_BRIDGE
      Increased buffer length in print_stats()
      avoid assigning to a variable which is not POSIX shell proof (bug #1498)
      remove obsolete note about api stability
      conf: less error prone pointer access
      conf: lxc_map_ids() non-functional changes
      caps: add lxc_{proc,file}_cap_is_set()
      conf: check for {filecaps,setuid} on new{g,u}idmap
      conf: improve log when mounting rootfs
      ls: simplify the judgment condition when list active containers
      fix typo introduced in #1509
      attach|unshare: fix the wrong comment
      caps: skip file capability checks on android
      autotools: check for cap_get_file
      caps: return false if caps are not supported
      conf: non-functional changes to setup_pts()
      conf: use bind-mount for /dev/ptmx
      conf: non-functional changes
      utils: use loop device helpers from LXD
      create ISSUE_TEMPLATE.md
      cgroups: improve cgfsng debugging
      issue template: fix typo
      conf: close fd in lxc_setup_devpts()
      conf: non-functional changes
      utils: tweak lxc_mount_proc_if_needed()
      Change sshd template to work with Ubuntu 17.04
      conf: order mount options
      conf: add MS_LAZYTIME to mount options
      monitor: report errno on exec() error
      af unix: allow for maximum socket name
      commands: avoid NULL pointer dereference
      commands: non-functional changes
      lxccontainer: avoid NULL pointer dereference
      monitor: simplify abstract socket logic
      precise is not the latest LTS, let's use xenial instead
      fix the wrong exit status
      conf: non-functional changes lxc_fill_autodev()
      conf: remove /dev/console from lxc_fill_autodev()
      conf: non-functional changes lxc_setup()
      conf: non-functional changes to console functions
      conf: improve lxc_setup_dev_console()
      conf: lxc_setup_ttydir_console()
      config: remove /dev/console bind mount
      doc: document console behavior
      utils: add lxc_unstack_mountpoint()
      conf: unstack all mounts atop /dev/console
      console: fail when we cannot allocate peer tty
      start: remove umount2()
      conf: non-functional changes
      utils: handle > 2^31 in lxc_unstack_mountpoint()
      Install systemd units for CentOS
      Merge ubuntu and debiancase
      start: add crucial details about lxc_spawn()
  - Deleted patches that have been backported before:
    - 0003-CVE-2017-5985-Ensure-target-netns-is-caller-owned.patch
    - 0001-tree-wide-include-sys-sysmacros.h-directly.patch
    - 0002-tree-wide-include-sys-sysmacros.h-directly.patch
  - added signature verification
* Fri Apr 07 2017 jengelh@inai.de
  - Replace %__cp by cp
* Thu Mar 30 2017 opensuse_buildservice@ojkastl.de
  - fix for boo#1028264
    added patch 0003-CVE-2017-5985-Ensure-target-netns-is-caller-owned.patch
* Wed Mar 29 2017 opensuse_buildservice@ojkastl.de
  - backported two patches to get the package to build again for Tumbleweed
    (applied only on tumbleweed aka suse_version >1315)
    0001-tree-wide-include-sys-sysmacros.h-directly.patch
    0002-tree-wide-include-sys-sysmacros.h-directly.patch
* Fri Jan 27 2017 opensuse_buildservice@ojkastl.de
  - all patches (00*.patch) are upstream already, thus deleted; patch lxc-aa_allow_incomplete-default.patch is now reworked and added as a drop-in file in /usr/share/lxc/config/common.conf.d/
    0001-bdev-use-correct-overlay-module-name.patch
    0002-cleanup-tools-remove-name-from-lxc-top-usage-message.patch
    0003-cleanup-whitespaces-in-option-alignment-for-lxc-exec.patch
    0004-Use-full-GPG-fingerprint-instead-of-long-IDs.patch
    0005-tools-move-rcfile-to-the-common-options-list.patch
    0006-tools-set-configfile-after-load_config.patch
    0007-doc-add-rcfile-to-common-opts.patch
    0008-doc-Update-Korean-lxc-attach-1.patch
    0009-doc-Add-rcfile-to-Korean-common-opts.patch
    0010-doc-Add-rcfile-to-Japanese-common-opts.patch
    0011-tools-use-exit-EXIT_-everywhere.patch
    0012-tools-unify-exit-calls-outside-of-main.patch
    0013-utils-Add-mips-signalfd-syscall-numbers.patch
    0014-seccomp-Implement-MIPS-seccomp-handling.patch
    0015-seccomp-Add-mips-and-mips64-entries-to-lxc_config_pa.patch
    0016-seccomp-fix-strerror.patch
    0017-confile-add-more-archs-to-lxc_config_parse_arch.patch
    0018-seccomp-add-support-for-s390x.patch
    0019-seccomp-remove-double-include-and-order-includes.patch
    0020-seccomp-non-functional-changes.patch
    0021-templates-use-fd-9-instead-of-200.patch
    0022-templates-fedora-requires-openssl-binary.patch
    0023-tools-use-boolean-for-ret-in-lxc_device.c.patch
    0024-c-r-use-proc-self-tid-children-instead-of-pidfile.patch
    0025-c-r-Fix-pid_t-on-some-arches.patch
    0026-templates-Add-mips-hostarch-detection-to-debian.patch
    0027-cleanup-replace-tabs-wth-spaces-in-usage-strings.patch
    lxc-aa_allow_incomplete-default.patch
    0001-attach-do-not-send-procfd-to-attached-process.patch
* Tue Jan 24 2017 opensuse_buildservice@ojkastl.de
  - update to version 2.0.7
    This is the seventh bugfix release for LXC 2.0. The main bugfixes in this release are:
    - attach: Close lsm label file descriptor
    - attach: Non-functional changes
    - attach: Simplify lsm_openat()
    - caps: Add lxc_cap_is_set()
    - conf: attach: Save errno across call to close
    - conf: Clearly report to either use drop or keep
    - conf: criu: Add make_anonymous_mount_file()
    - conf: Fix suggest_default_idmap()
    - configure: Add --enable-gnutls option
    - configure: Check for memfd_create()
    - configure: Check whether gettid() is declared
    - configure: Do not allow variable length arrays
    - configure: Remove -Werror=vla
    - configure: Use AC_HEADER_MAJOR to detect major()/minor()/makedev()
    - conf: Non-functional changes
    - conf: Remove thread-unsafe strsignal + improve log
    - init: Add cgroupfs-mount to Should-Start/Stop sysvinit LSB headers
    - log: Add lxc_unix_epoch_to_utc()
    - log: Annotate lxc_unix_epoch_to_utc()
    - log: Drop all timezone conversion functions
    - log: Make sure that date is correctly formatted
    - log: Use lxc_unix_epoch_to_utc()
    - log: Use N/A if getpid() != gettid() when threaded
    - log: Use thread-safe localtime_r()
    - lvm: Supress warnings about leaked files
    - lxccontainer: Log failure to send sig to init pid
    - monitor: Add more logging
    - monitor: Close mainloop on exit if we opened it
    - monitor: Improve log + set log level to DEBUG
    - monitor: Log which pipe fd is currently used
    - monitor: Make lxc-monitord async signal safe
    - monitor: Non-functional changes
    - python3-lxc: Fix api_test.py on s390x
    - start: Check for CAP_SETGID before setgroups()
    - start: Fix execute and improve setgroups() calls
    - state: Use async signal safe fun in lxc_wait()
    - templates: lxc-debian: Don't try to get stuff from /usr/lib/systemd on the host
    - templates: lxc-debian: Fix getty service startup
    - templates: lxc-debian: Fix typo in calling dpkg with --print-foreign-architectures option
    - templates: lxc-debian: Handle ppc hostarch -> powerpc
    - templates: lxc-opensuse: Change openSUSE default release to Leap 42.2
    - templates: lxc-opensuse: Remove libgcc_s1
    - templates: lxc-opensuse: Remove poweroff.target -> sigpwr.target copy
    - templates: lxc-opensuse: Set to be unconfined by AppArmor
    - templates: lxc-opensuse: Update for Leap 42.2
    - tests; Don't cause test failures on cleanup errors
    - tests: Skip unpriv tests on broken overlay module
    - tools: Improve logging
    - tools: lxc-start: Remove c->is_defined(c) check
    - tools: lxc-start: Set configfile after load_config
    - tools: Only check for O_RDONLY
    - tree-wide: Random macro cleanups
    - tree-wide: Remove any variable length arrays
    - tree-wide: Sic semper assertis!
    - utils: Add macro __LXC_NUMSTRLEN
    - utils: Add uid, gid, group convenience wrappers
  - commented out the patches, as they no longer apply cleanly
* Tue Dec 06 2016 cbosdonnat@suse.com
  - CVE-2016-8649: lxc: guest escape via ptrace of lxc-attach (bsc#1010933).
    0001-attach-do-not-send-procfd-to-attached-process.patch
* Mon Sep 19 2016 schwab@suse.de
  - setcap has been moved to /usr/sbin (boo#998326).
* Wed Aug 31 2016 cbrauner@suse.de
  - update lxc to 2.0.4
  - add 0001-bdev-use-correct-overlay-module-name.patch
  - add 0002-cleanup-tools-remove-name-from-lxc-top-usage-message.patch
  - add 0003-cleanup-whitespaces-in-option-alignment-for-lxc-exec.patch
  - add 0004-Use-full-GPG-fingerprint-instead-of-long-IDs.patch
  - add 0005-tools-move-rcfile-to-the-common-options-list.patch
  - add 0006-tools-set-configfile-after-load_config.patch
  - add 0007-doc-add-rcfile-to-common-opts.patch
  - add 0008-doc-Update-Korean-lxc-attach-1.patch
  - add 0009-doc-Add-rcfile-to-Korean-common-opts.patch
  - add 0010-doc-Add-rcfile-to-Japanese-common-opts.patch
  - add 0011-tools-use-exit-EXIT_-everywhere.patch
  - add 0012-tools-unify-exit-calls-outside-of-main.patch
  - add 0013-utils-Add-mips-signalfd-syscall-numbers.patch
  - add 0014-seccomp-Implement-MIPS-seccomp-handling.patch
  - add 0015-seccomp-Add-mips-and-mips64-entries-to-lxc_config_pa.patch
  - add 0016-seccomp-fix-strerror.patch
  - add 0017-confile-add-more-archs-to-lxc_config_parse_arch.patch
  - add 0018-seccomp-add-support-for-s390x.patch
  - add 0019-seccomp-remove-double-include-and-order-includes.patch
  - add 0020-seccomp-non-functional-changes.patch
  - add 0021-templates-use-fd-9-instead-of-200.patch
  - add 0022-templates-fedora-requires-openssl-binary.patch
  - add 0023-tools-use-boolean-for-ret-in-lxc_device.c.patch
  - add 0024-c-r-use-proc-self-tid-children-instead-of-pidfile.patch
  - add 0025-c-r-Fix-pid_t-on-some-arches.patch
  - add 0026-templates-Add-mips-hostarch-detection-to-debian.patch
  - add 0027-cleanup-replace-tabs-wth-spaces-in-usage-strings.patch
* Sat Jul 23 2016 jengelh@inai.de
  - Abolish old macro use. Remove ancient %clean section.
    Avoid sh invocation for simple ldconfig calls.
* Sat Jul 09 2016 cbrauner@suse.de
  - add lxcfs dependency: lxc relies on lxcfs for a long time now to provide
    container aware /proc files. The /sys/fs/cgroup part is slowly phased out
    because we now have cgroup namespaces.
* Sat Jul 09 2016 cbrauner@suse.de
  - Split into packages to follow best practice.
    * lxc
    * liblxc1
    * liblxc-devel
    Also, we need liblxc1 to be separately installable from LXC for LXD.
  - Tweak descriptions.
* Thu Jul 07 2016 cbrauner@suse.de
  - Update to 2.0.3 (changes since 2.0.1):
    * apparmor: Refresh generated file
    * apparmor: add make-rslave to usr.bin.lxc-start
    * apparmor: Allow bind-mounts and {r}shared/{r}private
    * apparmor: allow mount move
    * apparmor: Update mount states handling
    * core: Drop lxc-devsetup as unneeded by current autodev
    * core: Fix redefinition of struct in6_addr
    * core: Include all lxcmntent.h function declarations on Bionic
    * c/r: c/r: use criu's "full" mode for cgroups
    * systemd: start containers in foreground when using the lxc@.service
    * templates: debian: Make sure init is installed
    * templates: oracle: Fix console login
    * templates: plamo: Fix various issues
    * templates: ubuntu: Install apt-transport-https by default
    * travis: ensure 'make install' doesn't fail
    * travis: test VPATH builds
    * upstart: Force lxc-instance to behave like a good Upstart client
* Fri Jun 10 2016 tiwai@suse.de
  - Update to 2.0.1:
    Lots of fixes and enhancements.
    https://linuxcontainers.org/lxc/news/#lxc-201-release-announcement-16th-of-may-2016
  - Add criu to recommends for C/R support
  - Add a workaround for lxc-start failure without apparmor:
    lxc-aa_allow_incomplete-default.patch
  - Drop obsoleted patch:
    lxc-1.0.7-fix-bashisms.patch
* Tue Nov 17 2015 t1loc@opensuse.org
  - Update to 1.1.5
* Wed Oct 07 2015 t1loc@opensuse.org
  - Remove attach-mount-a-sane-prox-for-LSM-setup.patch
* Wed Oct 07 2015 t1loc@opensuse.org
  - Update to 1.1.4
    * Remove CVE-2015-1331-lxclock-use-run-lxc-lock-rather-than-r.patch
    * Remove CVE-2015-1334-Don-t-use-the-container-s-proc-during-.patch
    * Remove CVE-2015-1335-Protecti-container-mounts-against-symlinks.patch
    * Remove templates-lxc-opensuse-use-rpm-to-determine-build-ve.patch
      Now integrated into the current version
* Thu Oct 01 2015 cbosdonnat@suse.com
  - Added CVE-2015-1335-Protecti-container-mounts-against-symlinks.patch
    (bsc#946744)
* Wed Aug 05 2015 jslaby@suse.com
  - Added templates-lxc-opensuse-use-rpm-to-determine-build-ve.patch
* Thu Jul 23 2015 jslaby@suse.com
  - Added CVE-2015-1331-lxclock-use-run-lxc-lock-rather-than-r.patch
    (bnc#938522)
  - Added attach-mount-a-sane-prox-for-LSM-setup.patch (bnc#938523)
  - Added CVE-2015-1334-Don-t-use-the-container-s-proc-during-.patch
    (bnc#938523)
* Tue Jul 21 2015 jslaby@suse.com
  - update to 1.1.2
  - Removed 0001-added-upstream-action-fallback-create-directory-loca.patch
  - Removed 0003-lxc-opensuse-template-now-understands-release-argume.patch
  - Removed 0004-lxc-opensuse.in-Added-explanation-on-how-to-use-the-.patch
  - Removed 0005-lxc-opensuse.in-Check-if-given-argument-is-a-valid-r.patch
  - Removed 0006-lxc-opensuse-default-release-changed-to-13.1-as-12.3.patch
  - Removed 0007-lxc-opensuse-Disabling-builds-on-13.2-Tumbleweed-onl.patch
* Sat Dec 27 2014 Led <ledest@gmail.com>
  - fix bashisms in lxc-autostart-helper script
  - add patches:
    + lxc-1.0.7-fix-bashisms.patch
* Wed Dec 17 2014 opensuse_buildservice@ojkastl.de
  - Improved error message
* Wed Dec 17 2014 opensuse_buildservice@ojkastl.de
  - Disabling builds on 13.2/Tumbleweed only, if build version before 20141120
    Patch 0007-lxc-opensuse-Disabling-builds-on-13.2-Tumbleweed-onl.patch
* Fri Dec 12 2014 opensuse_buildservice@ojkastl.de
  - lxc-opensuse default release changed to 13.1, as 12.3 reaches end-of-life soon
    Patch 0006-lxc-opensuse-default-release-changed-to-13.1-as-12.3.patch
* Sun Dec 07 2014 opensuse_buildservice@ojkastl.de
  - patch 0002-Disable-building-opensuse-containers-on-openSUSE13.2.patch has been sent upstream and is included in version 1.0.7
* Sat Dec 06 2014 opensuse_buildservice@ojkastl.de
  - update to version 1.0.7
    Core:
    Include network prefix when ipv4/ipv6 keys are queried
    apparmor: silence 'silent' mount denials
    add file/func/line to debug info
    apparmor: restrict signal and ptrace for processes
    cgmanager: several fixes
    lxc: don't call pivot_root if / is on a ramfs
    fix lxc.mount.auto clearing
    conf.c: Define MS_PRIVATE for Android
    network: convert param ifname to const.
    network: check result of if_nametoindex().
    network: allow lxc_network_move_by_index() rename netdev in moving.
    network: introduce a interface named lxc_netdev_isup().
    lxccontainer.c: rename enter_to_ns to enter_net_ns
    lxc_global_config_value can return the default lxc.cgroup.pattern whether root or non-root
    do_rootfs_setup: fix return bugs
    lxc-start: don't re-try to mount rootfs if we already did so
    attach: don't use confstr(_CS_PATH)
    lxc_global_config_value: simplify the theme
    Fixed mismatch on ipvX gateway
    attach: don't ignore sigint/sigkill if stdin is redirected
    cgmanager: fix 'attach' with "all" controller support
    lxc/utils: bugfix freed pointer return value
    conf.c: change 'instanciate' to 'instantiate'
    fix wrong nlmsg_len
    Remounts bind mounts if read-only flag is provided
    Allow lxc_clear_config_item to clear idmaps.
    overlay and aufs clone_paths: be more robust
    overlayfs: overlayfs.v22 or higher needs workdir option
    Fix clone issues
    Improve veth error cases logging
    fixed typo in comment
    audit: added capacity and reserve() to nlmsg
    rmdir and lxc_unpriv returns non-negative error codes
    typofixes - https://github.com/vlajos/misspell_fixer
    Bindings:
    add src/python-lxc/setup.py into .gitignore
    Tests:
      tests: Fix unpriv test
      lxc-test-unpriv: don't clear out /etc/lxc/lxc-usernet
      lxc-test-unpriv: test for different cgroups per subsystem
      tests: try again when waitpid() sets errno as EINTR
    Commands:
    lxc_start: ERROR if container is already running.
    lxc-start: return 0 rather than error if container is already running
    Make legacy lxc-ls more robust
    lxc_info: flush stdout before calling routines which may fork
    Templates:
    Fix typo in lxc-gentoo template
    busybox template: support for unprivileged containers
    busybox template: mount fstab when available
    Fix another gentoo template typo
    Create the apt proxy in the cache instead of the 1st container
    lxc-plamo: mount tmpfs on /dev/shm
    lxc-cirros: support creating+running unprivileged
    Fix lxc-openmandriva.in typo.
    Fix lxc-centos.in typo.
    lxc-opensuse: Disable on 13.2
    lxc-alpine: make sure /dev/shm is world writeable
    lxc-alpine: create a default tty for console
    lxc-debian: added support for package installation
    lxc-debian: Fix default mirrors
    lxc-debian: support systemd as PID 1
    lxc-debian: adjust init system configurations
    lxc-debian: mask both Wheezy and Jessie udev services
    lxc-opensuse: Disabling builds on openSUSE Tumbleweed, detection improved.
    Documentation:
    Fix the lxc manpage a bit
    lxc-create -t option is not optional
    doc: Update kernel and cgroup info in Japanese lxc(7)
    tabs/spaces consistency
* Sat Nov 29 2014 opensuse_buildservice@ojkastl.de
  - changed patch 0002 to work on newer Tumbleweed snapshots, where os-release does not contain 'Harlequin' anymore
* Wed Nov 26 2014 opensuse_buildservice@ojkastl.de
  - backported the patches from upstream, so that the opensuse template now accepts releases as arguments, and it is possible to install 12.3, 13.1 or 13.2
    * 0003-lxc-opensuse-template-now-understands-release-argume.patch
    * 0004-lxc-opensuse.in-Added-explanation-on-how-to-use-the-.patch
    * 0005-lxc-opensuse.in-Check-if-given-argument-is-a-valid-r.patch
* Wed Nov 19 2014 opensuse_buildservice@ojkastl.de
  - Added 0002-Disable-building-opensuse-containers-on-openSUSE13.2.patch
    Disable building opensuse containers on openSUSE 13.2 due to changed
    build behaviour (bsc#905638)
* Mon Oct 27 2014 opensuse_buildservice@ojkastl.de
  - added 0001-added-upstream-action-fallback-create-directory-loca.patch
    * adds action fallback available upstream
    * creates directory /run/lock/subsys/ if not available
  - deleted 0001-systemd-Ensure-action-is-defined.patch

Files

/etc/apparmor.d/abstractions/lxc
/etc/apparmor.d/abstractions/lxc/container-base
/etc/apparmor.d/abstractions/lxc/start-container
/etc/apparmor.d/lxc
/etc/apparmor.d/lxc-containers
/etc/apparmor.d/lxc/lxc-default
/etc/apparmor.d/lxc/lxc-default-cgns
/etc/apparmor.d/lxc/lxc-default-with-mounting
/etc/apparmor.d/lxc/lxc-default-with-nesting
/usr/lib/liblxc.so.1
/usr/lib/liblxc.so.1.7.0
/usr/lib/lxc
/usr/lib/lxc/hooks
/usr/lib/lxc/hooks/unmount-namespace
/usr/lib/lxc/lxc-apparmor-load
/usr/lib/lxc/lxc-containers
/usr/lib/lxc/lxc-monitord
/usr/lib/lxc/lxc-net
/usr/lib/lxc/lxc-user-nic
/usr/lib/lxc/rootfs
/usr/lib/lxc/rootfs/README
/usr/share/doc/packages/liblxc1
/usr/share/doc/packages/liblxc1/AUTHORS
/usr/share/doc/packages/liblxc1/MAINTAINERS
/usr/share/doc/packages/liblxc1/missing_setuid.txt
/usr/share/licenses/liblxc1
/usr/share/licenses/liblxc1/COPYING
/var/lib/lxc


Generated by rpm2html 1.8.1

Fabrice Bellet, Fri Sep 9 18:22:27 2022