[Group.of.nepali.translators] [Bug 1881588] Re: pre-seeding lxd on Core appliances breaks console-conf user creation

[Stéphane Graber]

cat /var/lib/snapd/state.json | jq .data.auth.users

^ this would be interesting to see as my understanding is that this
being "null" means managed is false whereas if it shows something, then
managed is true

** Changed in: snapd
   Status: New => Invalid

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1881588

Title:
  pre-seeding lxd on Core appliances breaks console-conf user creation

Status in snapd:
  Invalid
Status in subiquity:
  In Progress
Status in subiquity package in Ubuntu:
  Invalid
Status in subiquity source package in Xenial:
  Confirmed
Status in subiquity source package in Bionic:
  Confirmed

Bug description:
  when seeding appliance images with lxd, user creation gets impossible.

  console-conf skips the user creation, system-user assertions do not
  work either because there is already a user exisiting in the image.

  the tty screen shows instructions to log in with "lxd@"
  ...

  since the lxd user is a special case hack in Ubuntu Core images, "snap
  create-user ..." should probably learn to ignore its existence ...

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1881588/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1881588] Re: pre-seeding lxd on Core appliances breaks console-conf user creation

[Stéphane Graber]

Let's re-open the snapd side of this then.

** Changed in: snapd
   Status: Invalid => New

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1881588

Title:
  pre-seeding lxd on Core appliances breaks console-conf user creation

Status in snapd:
  New
Status in subiquity:
  In Progress
Status in subiquity package in Ubuntu:
  Invalid
Status in subiquity source package in Xenial:
  Confirmed
Status in subiquity source package in Bionic:
  Confirmed

Bug description:
  when seeding appliance images with lxd, user creation gets impossible.

  console-conf skips the user creation, system-user assertions do not
  work either because there is already a user exisiting in the image.

  the tty screen shows instructions to log in with "lxd@"
  ...

  since the lxd user is a special case hack in Ubuntu Core images, "snap
  create-user ..." should probably learn to ignore its existence ...

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1881588/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1734410] Re: systemd: handle undelegated cgroup2 hierarchy

[Stéphane Graber]

There is no /sys/fs/cgroup/unified on xenial, closing.

** Changed in: systemd (Ubuntu Xenial)
   Status: Incomplete => Invalid

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1734410

Title:
  systemd: handle undelegated cgroup2 hierarchy

Status in systemd package in Ubuntu:
  Fix Released
Status in systemd source package in Xenial:
  Invalid
Status in systemd source package in Zesty:
  Won't Fix
Status in systemd source package in Artful:
  Fix Released
Status in systemd source package in Bionic:
  Fix Released

Bug description:
  [Impact]

   * When a container is presented with a unified cgroup hierarchy,
  which is not properly delegated, systemd should not attempt (and fail)
  to use. This improves compatibility of xenial containers running on
  unified cgroup hierarchy hosts.

  [Test Case]

   * Xenial containers should boot, with non-writable unified cgroup
  hierarchy hosts.

  [Regression Potential]

   * unified cgroup hierarchy is not in use by default on xenial hosts,
  thus this is forward compatibility improvment with e.g. bionic hosts
  running xenial containers.

  [Other Info]
   
   * Original bug report

  Hey everyone,

  Current systemd versions all fail when the unified cgroup hierarchy is
  not-writable. This is especially problematic in containers where the
  systemd administrator might decide to not delegate the unified
  hierarchy or when running with a liblxc driver that doesn't yet know
  how to handle the unified cgroup hierarchy. I've pushed patches to
  systemd upstream that let systemd ingnore the non-delegated unified
  hierarchy. The relevant commits are:

  e07aefbd675b651f8d45b5fb458f2747b04d6e04
  2d56b80a1855836abf1d7458394c345ad9d55382
  1ff654e28b7b8e7d0a0be33522a84069ac6b07c0

  These patches will be in 236 but should be backported from xenial
  upwards.

  Christian

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1734410/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1645037] Re: apparmor_parser hangs indefinitely when called by multiple threads

[Stéphane Graber]

** No longer affects: apparmor (Ubuntu)

** No longer affects: linux (Ubuntu Xenial)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1645037

Title:
  apparmor_parser hangs indefinitely when called by multiple threads

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Yakkety:
  Won't Fix
Status in linux source package in Zesty:
  Fix Released

Bug description:
  This bug surfaced when starting ~50 LXC container with LXD in parallel
  multiple times:

  # Create the containers
  for c in c foo{1..50}; do lxc launch images:ubuntu/xenial $c; done

  # Exectute this loop multiple times until you observe errors.
  for c in c foo{1..50}; do lxc restart $c & done

  After this you can

  ps aux | grep apparmor

  and you should see output similar to:

  root 19774  0.0  0.0  12524  1116 pts/1S+   20:14   0:00 
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache 
/var/lib/lxd/security/apparmor/profiles/lxd-foo30
  root 19775  0.0  0.0  12524  1208 pts/1S+   20:14   0:00 
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache 
/var/lib/lxd/security/apparmor/profiles/lxd-foo26
  root 19776  0.0  0.0  13592  3224 pts/1D+   20:14   0:00 
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache 
/var/lib/lxd/security/apparmor/profiles/lxd-foo30
  root 19778  0.0  0.0  13592  3384 pts/1D+   20:14   0:00 
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache 
/var/lib/lxd/security/apparmor/profiles/lxd-foo26
  root 19780  0.0  0.0  12524  1208 pts/1S+   20:14   0:00 
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache 
/var/lib/lxd/security/apparmor/profiles/lxd-foo43
  root 19782  0.0  0.0  12524  1208 pts/1S+   20:14   0:00 
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache 
/var/lib/lxd/security/apparmor/profiles/lxd-foo34
  root 19783  0.0  0.0  13592  3388 pts/1D+   20:14   0:00 
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache 
/var/lib/lxd/security/apparmor/profiles/lxd-foo43
  root 19784  0.0  0.0  13592  3252 pts/1D+   20:14   0:00 
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache 
/var/lib/lxd/security/apparmor/profiles/lxd-foo34
  root 19794  0.0  0.0  12524  1208 pts/1S+   20:14   0:00 
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache 
/var/lib/lxd/security/apparmor/profiles/lxd-foo25
  root 19795  0.0  0.0  13592  3256 pts/1D+   20:14   0:00 
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache 
/var/lib/lxd/security/apparmor/profiles/lxd-foo25

  apparmor_parser remains stuck even after all LXC/LXD commands have
  exited.

  dmesg output yields lines like:

  [41902.815174] audit: type=1400 audit(1480191089.678:43):
  apparmor="STATUS" operation="profile_load" profile="unconfined" name
  ="lxd-foo30_" pid=12545 comm="apparmor_parser"

  and cat /proc/12545/stack shows:

  [] aa_remove_profiles+0x88/0x270
  21:19   brauner  [] profile_remove+0x144/0x2e0
  21:19   brauner  [] __vfs_write+0x18/0x40
  21:19   brauner  [] vfs_write+0xb8/0x1b0
  21:19   brauner  [] SyS_write+0x55/0xc0
  21:19   brauner  [] entry_SYSCALL_64_fastpath+0x1e/0xa8
  21:19   brauner  [] 0x

  This looks like a potential kernel bug.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1645037/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1607796] Re: snap-confine regression when running commands as root

[Stéphane Graber]

** Changed in: snap-confine (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1607796

Title:
  snap-confine regression when running commands as root

Status in snap-confine:
  Fix Released
Status in snap-confine package in Ubuntu:
  Fix Released
Status in snap-confine source package in Xenial:
  Fix Released

Bug description:
  [Impact]

  Snaps (even in running in devmode) cannot put any files in the /root
  directory.

  This bug is fixed by adding /root to a list of directories that are
  bind mounted and thus visible to snaps in their execution environment.

  For more information about the execution environment, please see this
  article http://www.zygoon.pl/2016/08/snap-execution-environment.html

  [Test Case]

  The test case can be found here:

  https://github.com/snapcore/snap-confine/blob/master/spread-
  tests/regression/lp-1607796/task.yaml

  The test case is ran automatically for each pull request and for each final 
release. It can be reproduced manually by executing the shell commands listed 
in the prepare/execute/restore phases manually.
  The commands there assume that snapd and snap-confine are installed.
  No other additional setup is necessary.

  [Regression Potential]

   * Regression potential is minimal as the fix simply adds another
  directory to a list of directories that needs to be bind mounted.

  * The fix was tested on Ubuntu via spread and on several other
  distributions successfully.

  [Other Info]

  * This bug is a part of a major SRU that brings snap-confine in Ubuntu
  16.04 in line with the current upstream release 1.0.41.

  * This bug was included in an earlier SRU and is now fixed in Ubuntu.
  I am updating the template here to ensure that the process is fully
  documented from 1.0.38 all the way up to the current upstream release
  1.0.41.

  * snap-confine is technically an integral part of snapd which has an
  SRU exception and is allowed to introduce new features and take
  advantage of accelerated procedure. For more information see
  https://wiki.ubuntu.com/SnapdUpdates

  == # Pre-SRU bug description follows # ==

  root@edfu:~# lxd.lxc list
  +--+-+--+--++---+
  | NAME |  STATE  | IPV4 | IPV6 |TYPE| SNAPSHOTS |
  +--+-+--+--++---+
  | blah | STOPPED |  |  | PERSISTENT | 0 |
  +--+-+--+--++---+

  root@edfu:~# dpkg -l | grep core-launcher
  ii  ubuntu-core-launcher   1.0.27.1amd64  
  Launcher for ubuntu-core (snappy) apps

  root@edfu:~# sudo apt install ubuntu-core-launcher
  Reading package lists... Done
  Building dependency tree
  Reading state information... Done
  The following additional packages will be installed:
    snap-confine
  The following NEW packages will be installed:
    snap-confine
  The following packages will be upgraded:
    ubuntu-core-launcher
  1 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
  Need to get 23.1 kB of archives.
  After this operation, 51.2 kB of additional disk space will be used.
  Do you want to continue? [Y/n]
  Get:1 http://us.archive.ubuntu.com//ubuntu xenial-proposed/main amd64 
ubuntu-core-launcher amd64 1.0.38-0ubuntu0.16.04.3 [2,696 B]
  Get:2 http://us.archive.ubuntu.com//ubuntu xenial-proposed/main amd64 
snap-confine amd64 1.0.38-0ubuntu0.16.04.3 [20.4 kB]
  Fetched 23.1 kB in 0s (0 B/s)
  (Reading database ... 101267 files and directories currently installed.)
  Preparing to unpack 
.../ubuntu-core-launcher_1.0.38-0ubuntu0.16.04.3_amd64.deb ...
  Unpacking ubuntu-core-launcher (1.0.38-0ubuntu0.16.04.3) over (1.0.27.1) ...
  Selecting previously unselected package snap-confine.
  Preparing to unpack .../snap-confine_1.0.38-0ubuntu0.16.04.3_amd64.deb ...
  Unpacking snap-confine (1.0.38-0ubuntu0.16.04.3) ...
  Processing triggers for man-db (2.7.5-1) ...
  Setting up snap-confine (1.0.38-0ubuntu0.16.04.3) ...
  Setting up ubuntu-core-launcher (1.0.38-0ubuntu0.16.04.3) ...
  Removing obsolete conffile /etc/apparmor.d/usr.bin.ubuntu-core-launcher ...

  root@edfu:~# lxd.lxc list
  error: mkdir /root/snap: read-only file system

  So looks like /root/snap isn't bind-mounted anymore. I also had to set
  HOME for my daemon to point to /tmp as apparently that's not set
  anymore either, causing HOME in my daemon to resolve to / which
  obviously is read-only.

To manage notifications about this bug go to:
https://bugs.launchpad.net/snap-confine/+bug/1607796/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.t

[Group.of.nepali.translators] [Bug 1618683] Re: pivot_root or mounts setup breaks unshare of userns

[Stéphane Graber]

** Changed in: snap-confine (Ubuntu Xenial)
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1618683

Title:
  pivot_root or mounts setup breaks unshare of userns

Status in snap-confine:
  Fix Released
Status in snap-confine package in Ubuntu:
  Fix Released
Status in snap-confine source package in Xenial:
  Fix Released

Bug description:
  [Impact]

  Snap-Confine uses pivot_root internally. The particular way in which
  this is done is somewhat tricky and in effect we used to "leak" the
  old root filesystem. This caused the kernel to assume our process is
  unsafe and cannot use user namespaces.

  The fix includes using unmount2(2) with MNT_DETACH to detach/unmount
  the old root filesystem.

  For more information about the execution environment, please see this
  article http://www.zygoon.pl/2016/08/snap-execution-environment.html

  [Test Case]

  The test case can be found here:

  https://github.com/snapcore/snap-confine/blob/master/spread-
  tests/regression/lp-1618683/task.yaml

  The test case is ran automatically for each pull request and for each final 
release. It can be reproduced manually by executing the shell commands listed 
in the prepare/execute/restore phases manually.
  The commands there assume that snapd and snap-confine are installed.
  No other additional setup is necessary.

  [Regression Potential]

   * Regression potential is minimal. Experienced member of the LXD
  development team (Stephane Graber) has reported this issue and
  recommended the fix that we've applied. The same approach is used by
  LXD.

  * The fix was tested on Ubuntu with spread, successfully.

  [Other Info]

  * This bug is a part of a major SRU that brings snap-confine in Ubuntu
  16.04 in line with the current upstream release 1.0.41.

  * snap-confine is technically an integral part of snapd which has an
  SRU exception and is allowed to introduce new features and take
  advantage of accelerated procedure. For more information see
  https://wiki.ubuntu.com/SnapdUpdates

  == # Pre-SRU bug description follows # ==

  Starting around the time ubuntu-core-launcher was transitioned to
  snap-confine, unsharing a user namespace became impossible.

  This is obviously a pretty big deal for LXD.

  I've confirmed that this isn't apparmor, seccomp or capabilities
  getting in the way and I think I tracked it down to a poor
  implementation of the chroot/pivot_root feature in snap-confine.

  There is no code in snap-confine to umount the paths outside of the
  pivot target. This means the snap mount table then contains a whole
  lot of unreachable mounts which will be stuck there forever.

  This causes us to trip the chroot detection code in the kernel as
  there are more than one root mount point and a ton of completely
  unreachable mount entries which makes the kernel think we're in an
  unsafe environment for a user namespace to be created.

  Strace of the current launcher to a basic binary (lxd --help): 
http://paste.ubuntu.com/23114432/
  The mount table for a running LXD process is now: 
http://paste.ubuntu.com/23114471/

  This is also very wasteful, especially considering that snap-confine
  creates a new namespace for every single command but more importantly,
  it's going to create a bunch of weird issues on systems using snapd,
  including potential data loss.

  That's because not unmounting unused mount entries (anything outside
  of your pivot dir), keeps an active reference to them in the kernel.
  This effectively means that none of those mounts can really be
  unmounted on the host. The host mount entry will disappear on umount,
  but attempting to mount again will fail with "already mounted".

  It also means that any non-persistent device (USB stick) will never
  get properly unmounted which may cause data loss.

To manage notifications about this bug go to:
https://bugs.launchpad.net/snap-confine/+bug/1618683/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1648143] Re: tor in lxd: apparmor="DENIED" operation="change_onexec" namespace="root//CONTAINERNAME_" profile="unconfined" name="system_tor"

[Stéphane Graber]

** Changed in: apparmor (Ubuntu)
   Status: Confirmed => Invalid

** No longer affects: apparmor (Ubuntu Xenial)

** No longer affects: apparmor (Ubuntu Yakkety)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1648143

Title:
  tor in lxd: apparmor="DENIED" operation="change_onexec"
  namespace="root//CONTAINERNAME_" profile="unconfined"
  name="system_tor"

Status in apparmor package in Ubuntu:
  Invalid
Status in linux package in Ubuntu:
  Fix Released
Status in tor package in Ubuntu:
  Invalid
Status in linux source package in Xenial:
  Fix Released
Status in tor source package in Xenial:
  Invalid
Status in linux source package in Yakkety:
  Fix Released
Status in tor source package in Yakkety:
  Invalid

Bug description:
  Environment:
  

  Distribution: ubuntu
  Distribution version: 16.10
  lxc info:
  apiextensions:

  storage_zfs_remove_snapshots
  container_host_shutdown_timeout
  container_syscall_filtering
  auth_pki
  container_last_used_at
  etag
  patch
  usb_devices
  https_allowed_credentials
  image_compression_algorithm
  directory_manipulation
  container_cpu_time
  storage_zfs_use_refquota
  storage_lvm_mount_options
  network
  profile_usedby
  container_push
  apistatus: stable
  apiversion: "1.0"
  auth: trusted
  environment:
  addresses:
  163.172.48.149:8443
  172.20.10.1:8443
  172.20.11.1:8443
  172.20.12.1:8443
  172.20.22.1:8443
  172.20.21.1:8443
  10.8.0.1:8443
  architectures:
  x86_64
  i686
  certificate: |
  -BEGIN CERTIFICATE-
  -END CERTIFICATE-
  certificatefingerprint: 
3048baa9f20d316f60a6c602452b58409a6d9e2c3218897e8de7c7c72af0179b
  driver: lxc
  driverversion: 2.0.5
  kernel: Linux
  kernelarchitecture: x86_64
  kernelversion: 4.8.0-27-generic
  server: lxd
  serverpid: 32694
  serverversion: 2.4.1
  storage: btrfs
  storageversion: 4.7.3
  config:
  core.https_address: '[::]:8443'
  core.trust_password: true

  Container: ubuntu 16.10

  
  Issue description
  --

  
  tor can't start in a non privileged container

  
  Logs from the container:
  -

  Dec 7 15:03:00 anonymous tor[302]: Configuration was valid
  Dec 7 15:03:00 anonymous systemd[303]: tor@default.service: Failed at step 
APPARMOR spawning /usr/bin/tor: No such file or directory
  Dec 7 15:03:00 anonymous systemd[1]: tor@default.service: Main process 
exited, code=exited, status=231/APPARMOR
  Dec 7 15:03:00 anonymous systemd[1]: Failed to start Anonymizing overlay 
network for TCP.
  Dec 7 15:03:00 anonymous systemd[1]: tor@default.service: Unit entered failed 
state.
  Dec 7 15:03:00 anonymous systemd[1]: tor@default.service: Failed with result 
'exit-code'.
  Dec 7 15:03:00 anonymous systemd[1]: tor@default.service: Service hold-off 
time over, scheduling restart.
  Dec 7 15:03:00 anonymous systemd[1]: Stopped Anonymizing overlay network for 
TCP.
  Dec 7 15:03:00 anonymous systemd[1]: tor@default.service: Failed to reset 
devices.list: Operation not permitted
  Dec 7 15:03:00 anonymous systemd[1]: Failed to set devices.allow on 
/system.slice/system-tor.slice/tor@default.service: Operation not permitted
  Dec 7 15:03:00 anonymous systemd[1]: message repeated 6 times: [ Failed to 
set devices.allow on /system.slice/system-tor.slice/tor@default.service: 
Operation not permitted]
  Dec 7 15:03:00 anonymous systemd[1]: Couldn't stat device 
/run/systemd/inaccessible/chr
  Dec 7 15:03:00 anonymous systemd[1]: Couldn't stat device 
/run/systemd/inaccessible/blk
  Dec 7 15:03:00 anonymous systemd[1]: Failed to set devices.allow on 
/system.slice/system-tor.slice/tor@default.service: Operation not permitted


  Logs from the host
  

  audit: type=1400 audit(1481119378.856:6950): apparmor="DENIED" 
operation="change_onexec" info="label not found" error=-2 
namespace="root//lxd-anonymous_" profile="unconfined" name="system_tor" 
  pid=12164 comm="(tor)"

  
  Steps to reproduce
  -

  install ubuntu container 16.10 on a ubuntu 16.10 host
  install tor in the container
  Launch tor

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1648143/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1709536] Re: snapd 2.26.14 on ubuntu-core won't start in containers anymore

[Stéphane Graber]

** Changed in: layer-snap
   Status: New => Invalid

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1709536

Title:
  snapd 2.26.14 on ubuntu-core won't start in containers anymore

Status in Snap Layer:
  Invalid
Status in snapd:
  Fix Released
Status in systemd package in Ubuntu:
  Fix Released
Status in systemd source package in Xenial:
  Fix Released
Status in systemd source package in Artful:
  Fix Released

Bug description:
  [Impact]

  Systemd treats a failure to apply the requested Nice value as critical
  to unit startup.

  Unprivileged LXD containers do not allow the use of negative nice
  values. snapd will fail to start inside containers now that snapd uses
  a negative Nice value.

  Aug 09 05:54:37 core systemd[1]: snapd.service: Main process exited, 
code=exited, status=201/NICE
  Aug 09 05:54:37 core systemd[1]: snapd.service: Unit entered failed state.
  Aug 09 05:54:37 core systemd[1]: snapd.service: Failed with result 
'exit-code'.

  The fix is for systemd to ignore permission errors when attempting to
  setup such custom nice values in containers.

  I have confirmed that setting up a unit override by hand which sets
  Nice = 0 does resolve the problem.

  [Test Case]

  Boot a Xenial image in lxd:

  $ lxc launch xenial x1
  $ lxc exec x1 -- systemctl --state=failed

  Observe failures for snapd :

  ● snapd.service loaded failed failed Snappy daemon
  ● snapd.socket loaded failed failed Socket activation for snapp

  Install updated systemd from -proposed and get status: (lxc exec
   reboot; lxc exec  systemctl status)

  State: running
  Jobs: 0 queued
  Failed: 0 units

  [Regression Potential]

  Services will now run with a Nice value other than what was specified
  in the unit if it cannot be changed for some reason.

To manage notifications about this bug go to:
https://bugs.launchpad.net/layer-snap/+bug/1709536/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1527374] Re: CVE-2015-8709

[Stéphane Graber]

** No longer affects: lxc (Ubuntu)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1527374

Title:
  CVE-2015-8709

Status in linux package in Ubuntu:
  Fix Released
Status in linux-armadaxp package in Ubuntu:
  Confirmed
Status in linux-flo package in Ubuntu:
  Confirmed
Status in linux-goldfish package in Ubuntu:
  Confirmed
Status in linux-lts-quantal package in Ubuntu:
  Won't Fix
Status in linux-lts-raring package in Ubuntu:
  Won't Fix
Status in linux-lts-saucy package in Ubuntu:
  Won't Fix
Status in linux-lts-utopic package in Ubuntu:
  Fix Released
Status in linux-lts-vivid package in Ubuntu:
  Fix Released
Status in linux-lts-wily package in Ubuntu:
  Fix Released
Status in linux-lts-xenial package in Ubuntu:
  New
Status in linux-mako package in Ubuntu:
  Confirmed
Status in linux-manta package in Ubuntu:
  Confirmed
Status in linux-raspi2 package in Ubuntu:
  Fix Released
Status in linux-snapdragon package in Ubuntu:
  New
Status in linux-ti-omap4 package in Ubuntu:
  Confirmed
Status in linux source package in Precise:
  Invalid
Status in linux-lts-trusty source package in Precise:
  Fix Released
Status in linux source package in Trusty:
  Fix Released
Status in linux source package in Vivid:
  Fix Released
Status in linux source package in Wily:
  Fix Released
Status in linux source package in Xenial:
  Fix Released

Bug description:
  ** DISPUTED ** kernel/ptrace.c in the Linux kernel through 4.4.1
  mishandles uid and gid mappings, which allows local users to gain
  privileges by establishing a user namespace, waiting for a root
  process to enter that namespace with an unsafe uid or gid, and then
  using the ptrace system call.  NOTE: the vendor states "there is no
  kernel bug here."

  Break-Fix: - local-2015-8709

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1527374/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1510108] Re: pre-installed lxc in cloud-image means loss of access to 10.0.X.0/24

[Stéphane Graber]

** No longer affects: lxc (Ubuntu Wily)

** No longer affects: lxc (Ubuntu Xenial)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1510108

Title:
  pre-installed lxc in cloud-image means loss of access to 10.0.X.0/24

Status in lxc package in Ubuntu:
  Triaged

Bug description:
  Bug 1509414 describes fallout of inclusion of lxc in cloud images.  The 
initial inclusion caused 2 issues:
   a.) containers created by 'lxc -t ubuntu-cloud' and 'lxd import-images 
ubuntu wily' had completely broken networking
   b.) all cloud images would have lost access to 10.0.3.0/24 networks.

  The fix that went in fixes 'a' above.  By default, containers created
  for lxd and lxc will now work as expected.

  This bug is opened to address the much less severe 'b'.

  Now, on first boot lxc-net selects a network in the 10.0.X.0/24 to
  give to the lxcbr0 bridge.  It selects the network by simply looking
  for the first available N where there .  That code can be seen prior
  to fix in debian/lxc.preinst [1] and after fix in config/init/common
  /lxc-net.in [2].  Generally speaking it looks for local ip addresses
  on the targeted network.  That code is fairly simplistic.  There are
  definitely cases where it can pick a network that would be used by
  this system.  The result is that traffic destined for that network
  will be sent to the lxcbr0 rather than out of the system to wherever
  it should go.

  The suggested fix would be to make that code run on 'lxc' or 'lxd'
  usage rather than on instance boot.  By doing so, we reduce the set of
  users possibly affected from all cloud-image users to all users of lxc
  or lxd.

  Note, all users of lxd and lxc have been affected by this bug since at
  least 14.04.

  --
  [1]  
https://github.com/lxc/lxc-pkg-ubuntu/blob/dpm-wily/debian/lxc.preinst#L55
  [2]  
https://github.com/lxc/lxc-pkg-ubuntu/blob/dpm-wily/config/init/common/lxc-net.in

  Related bugs:
* bug  1509414: pre-installed lxc in cloud image produces broken lxc (and 
later lxd) containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1510108/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1816642] Re: SRU of LXC 2.0.11

[Stéphane Graber]

Adding go-lxc to this as the fixes in 2.0.11 ended up showing bugs in
go-lxc's test logic, so we'll have to cherry-pick a couple of fixes from
upstream to have it be happy and give us a meaningful test result.

** Also affects: golang-gopkg-lxc-go-lxc.v2 (Ubuntu)
   Importance: Undecided
   Status: New

** Changed in: golang-gopkg-lxc-go-lxc.v2 (Ubuntu)
   Status: New => Fix Released

** Changed in: golang-gopkg-lxc-go-lxc.v2 (Ubuntu Trusty)
   Status: New => Triaged

** Changed in: golang-gopkg-lxc-go-lxc.v2 (Ubuntu Xenial)
   Status: New => In Progress

** Changed in: golang-gopkg-lxc-go-lxc.v2 (Ubuntu Xenial)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

** Changed in: golang-gopkg-lxc-go-lxc.v2 (Ubuntu Trusty)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1816642

Title:
  SRU of LXC 2.0.11

Status in golang-gopkg-lxc-go-lxc.v2 package in Ubuntu:
  Fix Released
Status in lxc package in Ubuntu:
  Fix Released
Status in golang-gopkg-lxc-go-lxc.v2 source package in Trusty:
  Triaged
Status in lxc source package in Trusty:
  Triaged
Status in golang-gopkg-lxc-go-lxc.v2 source package in Xenial:
  In Progress
Status in lxc source package in Xenial:
  Fix Committed

Bug description:
  LXC upstream has released a new bugfix release for the LXC 2.0 LTS branch.
  This is version 2.0.10. Ubuntu never received 2.0.9 as an SRU, so the 
changelog for both of them can be found below:

  LXC 2.0.11:
   - autotools: handle getgrgid_r on bionic
   - autotools: add memory_utils.h to Makefile.am
   - change version to 2.0.11 in configure.ac

  LXC 2.0.10:
   - tools: allow lxc-attach to undefined containers
   - utils: move memfd_create() definition
   - utils: add lxc_cloexec()
   - utils: add lxc_make_tmpfile()
   - utils: add lxc_getpagesize()
   - utils: add lxc_safe_long_long()
   - utils: parse_byte_size_string()
   - utils: add lxc_find_next_power2()
   - namespace: use lxc_getpagesize()
   - lxc-debian: allow creating `testing` and `unstable`
   - Call lxc_config_define_load from lxc_execute again
   - Fix typo in lxc-net script
   - Add missing lxc_container_put
   - lxc-debian: don't write C.* locales to /etc/locale.gen
   - attach: correctly handle namespace inheritance
   - cgfsng: fix cgroup2 detection
   - cgroups: enable container without CAP_SYS_ADMIN
   - lxc-start: remove unnecessary checks
   - start: close non-needed file descriptors
   - handler: make name argument const
   - start: close data socket in parent
   - monitor: do not log useless warnings
   - network: reap child in all cases
   - conf: reap child in all cases
   - storage: switch to ext4 as default filesystem
   - tools: fix help output of lxc-create
   - attach: handle namespace inheritance
   - cgroups/cgfsng: keep mountpoint intact
   - cgroups/cgfsng: cgfsns_chown() -> cgfsng_chown()
   - cgroups/cgfsng: support MS_READONLY with cgroup ns
   - log: check for i/o error with vsnprintf()
   - cgroupfs/cgfsng: tweak logging
   - cgroups/cgfsng: remove is_lxcfs()
   - cgroups/cgfsng: fix get_controllers() for cgroup2
   - cgroupfs/cgfsng: improve cgroup2 handling
   - config: remove SIGRTMIN+14 as lxc.signal.stop
   - commands: non-functional changes
   - console: non-functional changes
   - console: non-functional changes
   - lxc-test-unpriv: fix the overlayfs mount error
   - attach: allow attach with empty conf
   - tools/lxc_attach: removed api logging
   - console: fix console info message
   - Add missing dependency libunistring
   - cgroups/cgfsng: adapt to new cgroup2 delegation
   - console: report detach message on demand
   - lxccontainer: enable daemonized app containers
   - console: use correct escape sequence check
   - console: prepare for generic signal handler
   - console: exit mainloop on SIGTERM
   - commands: non-functional changes
   - lxccontainer: non-functional changes
   - commands: fix state socket implementation
   - lxc_init: set the control terminal in the child session
   - lxc-test-unpriv: check user existence before removing it
   - Fixed typo on lxc.spec.in
   - conf: move CAP_SYS_* definitions to utils.h
   - start.c: always switch uid and gid
   - Use AX_PTHREAD config script to detect pthread api
   - utils.h: Avoid duplicated sethostname implementation
   - tools/lxc_cgroup: remove internal logging
   - tools/lxc_autostart: remove internal logging
   - tools/lxc_clone: remove internal logging
   - tools/lxc_console: remove internal logging
   - tools/lxc_create: remove internal logging
   - tools/lxc_destroy: remove internal logging
   - tools/lxc_device: remove internal logging
   - tools/lxc_execute: removed internal logging
   - tools/lxc_freeze: remove internal logging
   - tools/lxc_info: removed internal lo

[Group.of.nepali.translators] [Bug 1816642] [NEW] SRU of LXC 2.0.10

[Stéphane Graber]

Public bug reported:

LXC upstream has released a new bugfix release for the LXC 2.0 LTS branch.
This is version 2.0.10. Ubuntu never received 2.0.9 as an SRU, so the changelog 
for both of them can be found below:

LXC 2.0.10:
 - tools: allow lxc-attach to undefined containers
 - utils: move memfd_create() definition
 - utils: add lxc_cloexec()
 - utils: add lxc_make_tmpfile()
 - utils: add lxc_getpagesize()
 - utils: add lxc_safe_long_long()
 - utils: parse_byte_size_string()
 - utils: add lxc_find_next_power2()
 - namespace: use lxc_getpagesize()
 - lxc-debian: allow creating `testing` and `unstable`
 - Call lxc_config_define_load from lxc_execute again
 - Fix typo in lxc-net script
 - Add missing lxc_container_put
 - lxc-debian: don't write C.* locales to /etc/locale.gen
 - attach: correctly handle namespace inheritance
 - cgfsng: fix cgroup2 detection
 - cgroups: enable container without CAP_SYS_ADMIN
 - lxc-start: remove unnecessary checks
 - start: close non-needed file descriptors
 - handler: make name argument const
 - start: close data socket in parent
 - monitor: do not log useless warnings
 - network: reap child in all cases
 - conf: reap child in all cases
 - storage: switch to ext4 as default filesystem
 - tools: fix help output of lxc-create
 - attach: handle namespace inheritance
 - cgroups/cgfsng: keep mountpoint intact
 - cgroups/cgfsng: cgfsns_chown() -> cgfsng_chown()
 - cgroups/cgfsng: support MS_READONLY with cgroup ns
 - log: check for i/o error with vsnprintf()
 - cgroupfs/cgfsng: tweak logging
 - cgroups/cgfsng: remove is_lxcfs()
 - cgroups/cgfsng: fix get_controllers() for cgroup2
 - cgroupfs/cgfsng: improve cgroup2 handling
 - config: remove SIGRTMIN+14 as lxc.signal.stop
 - commands: non-functional changes
 - console: non-functional changes
 - console: non-functional changes
 - lxc-test-unpriv: fix the overlayfs mount error
 - attach: allow attach with empty conf
 - tools/lxc_attach: removed api logging
 - console: fix console info message
 - Add missing dependency libunistring
 - cgroups/cgfsng: adapt to new cgroup2 delegation
 - console: report detach message on demand
 - lxccontainer: enable daemonized app containers
 - console: use correct escape sequence check
 - console: prepare for generic signal handler
 - console: exit mainloop on SIGTERM
 - commands: non-functional changes
 - lxccontainer: non-functional changes
 - commands: fix state socket implementation
 - lxc_init: set the control terminal in the child session
 - lxc-test-unpriv: check user existence before removing it
 - Fixed typo on lxc.spec.in
 - conf: move CAP_SYS_* definitions to utils.h
 - start.c: always switch uid and gid
 - Use AX_PTHREAD config script to detect pthread api
 - utils.h: Avoid duplicated sethostname implementation
 - tools/lxc_cgroup: remove internal logging
 - tools/lxc_autostart: remove internal logging
 - tools/lxc_clone: remove internal logging
 - tools/lxc_console: remove internal logging
 - tools/lxc_create: remove internal logging
 - tools/lxc_destroy: remove internal logging
 - tools/lxc_device: remove internal logging
 - tools/lxc_execute: removed internal logging
 - tools/lxc_freeze: remove internal logging
 - tools/lxc_info: removed internal logging
 - criu: detect veth name
 - lxccontainer: various container creation fixes
 - storage: remove unused declaration
 - tools/lxc_ls: remove internal logging
 - tools/lxc_copy: remove internal logging
 - tools/lxc_monitor: removed internal logging
 - tools/lxc_snapshot: removed internal logging
 - tools/lxc_start: removed internal logging
 - tools/lxc_stop: removed internal logging
 - tools/lxc_top: removed internal logging
 - tools/lxc_unfreeze: removed internal logging
 - tools/lxc_unshare: removed internal logging
 - tools/lxc_usernsexec: removed internal logging
 - tools/lxc_wait: removed internal logging
 - confile: fix memory leak
 - utils: declare sethostname() static inline
 - lxc_unshare: Add uid_mapping when creating userns
 - Update gentoo.moresecure.conf.
 - Add new dependency to Slackware template
 - Add bash completion to list backing store types for lxc-create -B - Backing 
Store types are hard-coded (Not sure how to get programmatically) - Closes #1236
 - Fix SETCOLOR_FAILURE evaluation
 - Insert missing "echo" after "is_enabled"
 - conf: prevent null pointer dereference
 - criu: initialize status
 - confile: remove dead assignment
 - criu: silence static analysis
 - attach: do not fail on non-existing namespaces
 - test: reenable Coverity integration
 - lxc_execute: properly figure out number of needed arguments
 - arguments: move to tools/ subdirectory
 - start: set loglevel correctly
 - commands: don't traverse whole list
 - commands: don't lock atomic operations
 - commands: don't lock the whole command
 - start: don't lock setting the state
 - commands: allow waiting for all states
 - test: add state server tests
 - commands: tweak locking
 - lxccontainer: restore non-blocking shutdown
 - commands: tell mainloop to r

[Group.of.nepali.translators] [Bug 1804753] Re: SRU of LXCFS 3.0.3 (upstream bugfix release)

[Stéphane Graber]

** Changed in: lxcfs (Ubuntu Xenial)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1804753

Title:
  SRU of LXCFS 3.0.3 (upstream bugfix release)

Status in lxcfs package in Ubuntu:
  Fix Released
Status in lxcfs source package in Xenial:
  Fix Released
Status in lxcfs source package in Bionic:
  Fix Released
Status in lxcfs source package in Cosmic:
  Fix Released
Status in lxcfs source package in Disco:
  Fix Released

Bug description:
  LXCFS upstream released LXCFS 3.0.3 as a bugfix release with following
  changelog:

   - bindings: prevent double free
   - tests: include missing sys/sysmacros.h header

  Just like Ubuntu itself, upstream releases long term support releases,
  as is 3.0 and then periodic point releases including all the
  accumulated bugfixes.

  Only the latest upstream release gets full support from the upstream
  developers, everyone else is expected to first update to it before
  receiving any kind of support.

  This should qualify under the minor upstream bugfix release allowance
  of the SRU policy, letting us SRU this without paperwork for every
  single change included in this upstream release.

  Once the SRU hits -updates, we will be backporting this to xenial-
  backports as well, making sure we have the same version everywhere.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/1804753/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1804755] Re: SRU of LXC 3.0.3 (upstream bugfix release)

[Stéphane Graber]

** Changed in: lxc (Ubuntu Xenial)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1804755

Title:
  SRU of LXC 3.0.3 (upstream bugfix release)

Status in lxc package in Ubuntu:
  Fix Released
Status in lxc source package in Xenial:
  Fix Released
Status in lxc source package in Bionic:
  Fix Released
Status in lxc source package in Cosmic:
  Fix Released
Status in lxc source package in Disco:
  Fix Released

Bug description:
  LXC upstream released LXC 3.0.3 as a bugfix release with following
  changelog:

   - CONTRIBUTING: Update reference to kernel coding style
   - CONTRIBUTING: Link to latest online kernel docs
   - CONTRIBUTING: Direct readers to CODING_STYLE.md
   - CODING_STYLE: Mention kernel style in introduction
   - CONTRIBUTING: Add 'be' to fix grammar
   - CODING_STLYE: Simplify explanation for use of 'extern'
   - CODING_STLYE: Remove sections implied by 'kernel style'
   - CODING_STYLE: Fix non-uniform heading level
   - CODING_STYLE: Update section header format
   - cmd: Use parenthesis around complex macro
   - cmd: Use 'void' instead of empty parameter list
   - cmd: Do not use braces for single statement block
   - cmd: Fix whitespace issues
   - cmd: Use 'const' for static string constant.
   - cmd: Remove unnecessary whitespace in string
   - cmd: Put trailing */ on a separate line
   - cmd: Remove typo'd semicolon
   - cmd: Do not use comparison to NULL
   - lxc_init: s/SYSDEBUG()/SYSERROR()/g in remove_self
   - tools: lxc-attach: add default log priority & cleanups
   - tools: lxc-cgroup: add default log priority & cleanups
   - tools: lxc-checkpoint: add default log priority & cleanups
   - tools: lxc-console: add default log priority & cleanups
   - tools: lxc-create: add default log priority & cleanups
   - tools: lxc-destroy: add default log priority & cleanups
   - tools: lxc-device: add default log priority & cleanups
   - tools: lxc-execute: add default log priority & cleanups
   - tools: lxc-start: add default log priority & cleanups
   - tools: lxc-stop: add default log priority & cleanups
   - tools: lxc-freeze: add default log priority & cleanups
   - tools: lxc-unfreeze: add default log priority & cleanups
   - storage_utils: move duplicated function from tools
   - tools: fix lxc-execute command parsing
   - lseek - integer overflow
   - cmd: lxc-user-nic: change log macro & cleanups
   - cmd: lxc-usernsexec reorder includes
   - cmd: move declarations to macro.h
   - cmd: use utils.{c,h} helpers in lxc-usernsexec
   - cmd: simplify lxc-usernsexec
   - cmd: use safe number parsers in lxc-usernsexec
   - macro: add missing headers
   - macro: add macvlan properties
   - tools: Indicate container startup failure
   - storage: exit() => _exit(). when exec is failed, child process needs to 
use _exit()
   - tools: lxc-wait: add default log priority & cleanups
   - conf: fix path/lxcpath mixups in tty setup
   - cmd: use goto for cleanup in lxc-usernsexec
   - cmd: Do not reassign variable before it is used
   - cmd: Reduce scope of 'count' variable
   - cmd: Fix format issues found by clang-format
   - list: fix indent
   - utils: split into {file,string}_utils.{c,h}
   - pam_cgfs: build from the same sources as liblxc
   - conf: fix devpts mounting when fully unprivileged
   - macro: s/rexit()/_exit()/g
   - attach: move struct declaration to top
   - macro: move macros from attach.c
   - Makefile: don't allow undefined symbols
   - autotools: check if compiler is new enough
   - log: handle strerror_r() versions
   - autotools: add --{disable,enable}-thread-safety
   - log: fail build on ENFORCE_THREAD_SAFETY error
   - {file,string}_utils: remove NO_LOG
   - initutils: remove useless comment
   - string_utils: remove unnecessary include
   - string_utils: remove unused headers
   - string_utils: add remove_trailing_slashes()
   - Makefile: remove last pam_cgfs special-casing
   - conf: add missing headers
   - Fix typo
   - ifaddrs: add safe implementation of getifaddrs()
   - Makefile: conditionalize ifaddrs.h inclusion
   - execute: skip lxc-init logging when unprivileged
   - execute: pass /proc/self/fd/
   - tests: cleanup get_item.c
   - build: fix musl
   - configure: reorder header checks
   - compiler: add compiler.h header
   - commands: return -1 on lxc_cmd_get_init_pid() err
   - tests: add basic.c
   - tests: cleanup Makefile
   - commands: ensure -1 is sent on EPIPE for init pid
   - macro: add LXC_AUDS_ADDR_LEN
   - macro: move LXC_CMD_DATA_MAX from commands.h
   - macro: add PTR_TO_INT() and INT_TO_PTR()
   - macro: add INTTYPE_TO_STRLEN()
   - caps: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
   - cgfsng: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
   - confile: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
   - log: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
   - lsm: s/LXC_NUMSTR

[Group.of.nepali.translators] [Bug 1804876] Re: SRU of LXD 3.0.3

[Stéphane Graber]

** Changed in: lxd (Ubuntu Xenial)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1804876

Title:
  SRU of LXD 3.0.3

Status in lxd package in Ubuntu:
  Invalid
Status in lxd source package in Xenial:
  Fix Released
Status in lxd source package in Bionic:
  Fix Released

Bug description:
  LXD upstream released LXD 3.0.3 as a bugfix release with following
  changelog:

   - doc: add note about ignoring mount options
   - shared/idmap: test fcaps support
   - Add a few missing rows.Close() calls
   - lxd/patches: Profiles are in the cluster db
   - lxd/storage/ceph: Only freeze container if running
   - lxc: Only target if --target is passed
   - shared: Return decompressor in DetectCompression
   - lxd/containers: Don't return nil on Storage calls
   - tests: Fix mode of proxy.sh
   - shared/api: Don't re-define fields
   - lxd/storage/btrfs: Fix clearing quotas
   - lxd/containers: Also use apply_quota for CEPH
   - lxd/containers: Simplify and fix pool update logic
   - Add NodeIsOutdated() db API to check is a node is outdated
   - Trigger whatever is in the LXD_CLUSTER_UPDATE var is node is outdated
   - lxd/images: Add missing cleanup code
   - lxd/containers: Fix bad function name
   - tests: Avoid err == nil pattern
   - lxd: Don't mask database errors
   - Honor the CC environment variable when invoking go install
   - client: Avoid err == nil pattern
   - lxd/profiles: Don't list snapshots in UsedBy
   - Make database queries timeout after 10s if cluster db is unavail
   - tests: Fix pki with newer easyrsa
   - lxd/db: Fix internal DB test
   - doc: Fix and improve the description
   - operations: return true if operation is done before timeout
   - lxd/containers: Avoid root device name conflict
   - lxd/import: Add root disk if needed
   - global: Advertise rsync features
   - lxd/db: Use NoSuchObject consistently
   - proxy: Only log errors
   - lxd/import: Don't delete container on import failure
   - i18n: Update translation templates
   - Support --domain flag for lxc remote
   - Add configurable macaroon expiry
   - Support Candid domain validation
   - Update Candid docs
   - Update i18n
   - lxd: Rename API endpoints
   - network_linux: add netns_getifaddrs()
   - main_checkfeature: check kernel for netnsid support
   - network: add NetworkGetCounters()
   - container_lxc: switch to NetnsGetifaddrs()
   - shared: Add network state API
   - api: Add extended cluster join API
   - lxd/init: Fix struct conflict
   - lxc: Identify snapshots when listed
   - shared/version: Support detecting ChromeOS versions
   - lxd/containers: Force bring up of SRIOV parent
   - netns_getifaddrs: fix argument passing
   - netnsid_getifaddrs: fix check for netnsid support
   - doc: Fix storage API endpoints
   - container_lxc: handle network retrieval smarter
   - shared: Add storage volume snapshot support
   - client: Add storage volume snapshot support
   - netns_getifaddrs: don't print useless info
   - shared/api: Fix StorageVolumeSource struct
   - Makefile: Set LDFLAGS for dqlite
   - lxd: Fix handling of CGroup-V2 systems
   - tree-wide: pass -std=gnu11 -Wvla
   - lxd/containers: Rework exec FD handling
   - Added optional ?target= to /containers POST documentation
   - lxd/storage/lvm: Don't un-necessarily start/stop storage
   - lxd/storage/ceph: Don't un-necessarily mount snapshots
   - lxd/containers: Fix cleanup on create failure
   - shared/network: Don't crash on VPN devices
   - lxd/containers: Fix bad nvidia information parsing
   - netns_getifaddrs: fix network stats retrieval
   - network: Fix counters on non-ethernet interfaces
   - doc: Add configuration for readthedocs
   - storage: Fix error strings
   - lxd/storage/btrfs: Don't fail deleting pools on misisng disk
   - Split code in 2 seperate files
   - network: provide #ifdefs for RTM_* requests
   - Document LVM support for storage quotas
   - candid: Cleanup code a bit
   - network: fix netns_get_nsid() signature
   - apparmor: Allow cgroupv2 in cgns
   - candid: Fix client when using https candid server
   - lxd-p2c: Fix static build
   - config: Add support for PEM encrypted keys
   - lxc: Setup password helper
   - lxc/config: Only setup needed connection args
   - lxc/config: More TLS optimizations
   - i18n: Update translation templates
   - macro: add SOL_NETLINK
   - macro: add NETLINK_DUMP_STRICT_CHK
   - netns_ifaddrs: check for NETLINK_DUMP_STRICT_CHK
   - Fix Potential Event Race
   - devices: Fix bad disk limits
   - Fix root disk limits on container startup
   - checkfeature: Rework structure
   - checkfeature: simplify is_netnsid_aware() check
   - checkfeature: Avoid double line break
   - checkfeature: dial logging down from to debug
   - lxc/progress: Add terminal detection
   - doc: Rework backup documentation
   - client

[Group.of.nepali.translators] [Bug 1804876] [NEW] SRU of LXD 3.0.3

[Stéphane Graber]

 Improve error reporting when creating a container
 - Change ContainerStorageRead() to take a container object instead of its name
 - Improve error messages around LVM volume creation
 - Change Storage.ContainerUmount to accept a container vs a container name
 - lxd/init: Update for current client package
 - lxc/progress: Don't print empty lines
 - candid: Improve domain validation and pubkey
 - lxd/images: Fix parsing of public property
 - client: Always use the "do()" wrapper
 - client: Fix URLs with missing project/target
 - Improve error messages
 - lxd/containers: Fix cluster shutdown
 - i18n: Update Japanese translation
 - idmap: use global variable for vfs3 fcaps support
 - checkfeature: check for vfs3 fscaps support
 - lxd/db: Fix bad limits.cpu
 - shared: Add limits.cpu validator
 - doc: add the appropriate titles to some documents
 - shared/network: Allow TLS1.3
 - global: Implement LXD_INSECURE_TLS env variable
 - netns_getifaddrs: simplify
 - Fix bad check for recursive mounts
 - Prevent event listeners from lying around even after Disconnect()
 - client: Support creating project-bound container using an image on another 
node
 - client: Filter lifecycle and operations events by project
 - client: Make container backups code honor projects
 - client: Make GET /profiles return only profiles for the project
 - Bump Go versions and use '.x' to always get latest patch versions
 - Update build instruction
 - doc: Bump to 1.10 or higher everywhere
 - Don't expire lxd.log by accident
 - lxd/storage: Fix importing preseed dump
 - lxd/migration: Use current idmap instead of next
 - lxd/db: Send raft/dqlite logging to debug
 - lxd/daemon: Clarify early loggging
 - checkfeature: Don't log error on missing feature
 - lxd/daemon: Improve logging of inherited fds
 - shared/logging: Improve logfile output
 - lxd/daemon: Don't mention MAAS unless configured
 - exec: Expose command, env and mode in metadata
 - client: Fix cancelation of image download
 - Detect and shrink large boltdb files
 - lxd/daemon: Fix build
 - loop: retry on EBUSY
 - lxd/storage: Improve loop device errors
 - lxd/containers: Detect root disk pool changes
 - doc: Update cloud-init network documentation
 - client: Fix error handling in operations
 - lxd/containers: Prevent duplicate profiles
 - lxc/copy: --container-only is meaningless for snapshots
 - shared/api: Add support for incremental container copy
 - client: Add support for incremental container copy
 - doc: Add kernel.keys.maxkeys to production-setup
 - lxd/storage/dir: Don't fail when quota are set
 - lxd: Handle AppArmor policy cache directory
 - test: Support AppArmor policy cache directory
 - lxd/containers: Respect optional=true for disks
 - use empty usb vendorid to pass through all usb devices
 - doc: Add usb_optional_vendorid API extension
 - lxc/image: Fix rootfs file handling on snap
 - lxd/containers: Properly clear static leases
 - shared/api: Support copy between projects
 - client: Support copy between projects
 - lxc/config: Allow overriding the current project
 - rsync: Tweak transfer options (delete & compress)
 - lxd/daemon: Improve logging of kernel features
 - lxd: Register background tasks as operations
 - lxc: Switch all progress op handling to cancelable
 - Increase go-dqlite client timeout when not-clustered
 - lxd: Rework task handling
 - lxd/migration: Fix CRIU rsync option negotiation
 - lxd/storage/btrfs: Tweak errors
 - lxd/init: Better handle disk sizes
 - lxd/db: Avoid un-needed query on container move
 - i18n: Update translation templates
 - Add StorageVolumeIsAvailable to check if a Ceph volume can be attached
 - Wire StorageVolumeIsAvailable to containerValidDevices
 - Add integration test

Just like Ubuntu itself, upstream releases long term support releases,
as is 3.0 and then periodic point releases including all the accumulated
bugfixes.

Only the latest upstream release gets full support from the upstream
developers, everyone else is expected to first update to it before
receiving any kind of support.

This should qualify under the minor upstream bugfix release allowance of
the SRU policy, letting us SRU this without paperwork for every single
change included in this upstream release.

Once the SRU hits -updates, we will be backporting this to xenial-
backports as well, making sure we have the same version everywhere.

** Affects: lxd (Ubuntu)
 Importance: Medium
 Assignee: Stéphane Graber (stgraber)
     Status: Invalid

** Affects: lxd (Ubuntu Xenial)
 Importance: Medium
 Assignee: Stéphane Graber (stgraber)
     Status: Triaged

** Affects: lxd (Ubuntu Bionic)
 Importance: Medium
 Assignee: Stéphane Graber (stgraber)
 Status: In Progress

** Also affects: lxd (Ubuntu Bionic)
   Importance: Undecided
   Status: New

** Also affects: lxd (Ubuntu Disco)
   Importance: Undecided
   Status: New

** Also affects: lxd (Ubuntu Xenial)
   Importance: Undecided
   

[Group.of.nepali.translators] [Bug 1788280] Re: SRU of LXD 3.0.2

[Stéphane Graber]

** Changed in: lxd (Ubuntu Xenial)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1788280

Title:
  SRU of LXD 3.0.2

Status in lxd package in Ubuntu:
  Fix Released
Status in lxd source package in Xenial:
  Fix Released
Status in lxd source package in Bionic:
  Fix Released
Status in lxd source package in Cosmic:
  Fix Released

Bug description:
  LXD upstream released LXD 3.0.2 as a bugfix release with following
  changelog:

   - container: containerCreateAsCopy() update pool
   - forkmount: ignore ENOENT and EINVAL on umount2()
   - nsexec: simplify attach_userns()
   - Fall back to alternate way of detecting minor version of Nvidia driver if 
needed
   - lxd/maas: Make error more readable
   - lxd-p2c: Send rsync output to stderr
   - lxd/migration: Don't pass -vP to a hidden rsync
   - lxc: Properly handle --target in copy and move
   - memory: fix format string
   - lxc/move: Support config and profile overrides
   - i18n: Update translation templates
   - exec: fix format string
   - images: fix format string
   - migrate: remove debug residuals
   - lvm: fix format string
   - db: fix format string
   - nsexec: prevent fd leak
   - Fix the storage_pool_id filter from the WHERE clause of StoragePoolsConfig
   - Fix lints
   - Extract cmdInit.ApplyConfig into a separete initApplyConfig function
   - Split initApplyConfig into initDataNodeApply and initDataClusterApply
   - Fix broken alternate TLS server cert in integration tests
   - lxd/containers: Don't update MAAS for snapshots
   - lxd/maas: Allow starting with MAAS offline
   - Enable tcp KeepAlive
   - lxd/cluster: Improve error on bad target
   - reader: Handle EINTR
   - allow uidmaps to be parsed from alternate roots
   - lxd/storage/zfs: Improve defaults
   - test: Fix static analysis
   - Allow identity mappings for unprivileged containers
   - container: adapt allowedUnprivilegedOnlyMap()
   - shared: Dereference directory symlinks
   - lxd,shared: Move parseNumberFromFile to shared
   - lxc/network: Add --format option to list
   - lxd/db: Don't hang after bad request
   - lxd/apparmor: Allow ro bind-mounts and remounts
   - idmap: support skipping directories
   - lxd: Properly set containerArgs in all cases
   - lxd/storage: Fix PATCH on storage pools
   - container: use lxcSetConfigItem() for lxc.log.file
   - lxc/cluster: Remove bad alias
   - lxd/storage: Fix volume creation API
   - tests: Add alternative TCP port finder
   - doc: Document hostname requirements
   - networks: Support stateful DHCPv6 with prefixes longer than /64
   - lxd/networks: Skip DHCP mangle if firewall off
   - network: do not print writer struct on error
   - lxd/patches: Force a one-time config re-gen
   - storage pools: move structs
   - storage volumes: move structs
   - images: move structs
   - client: Export OperationWait
   - lxd/cluster: Only restart local containers
   - images: consistenly name command structs
   - cluster: move structs
   - api 1.0: move struct
   - api internal: move structs
   - certificates: move structs
   - events: move structs
   - operations: move structs
   - profiles: move structs
   - resources: move structs
   - container logs: move structs
   - container post: move structs
   - lxd/storage/btrfs: Fix recursive snapshots
   - lxd/cluster: Fix attaching CEPH custom volumes
   - lxd/storage: Fix double quoting
   - Reduce the frequency of raft snapshots
   - lxd/storage/ceph: Don't keep snapshots mounted
   - util linux: add abstract unix socket helpers
   - proxy: Rework to match master
   - lxd: Cleanup logging
   - lxd: Improve error messages
   - proxy: Properly handle relay errors
   - lxd/certificates: Log password failures
   - proxy: handle full socket buffer
   - gpu: special case passing all GPUs
   - gpu: don't fail during parse
   - gpu: handle cards among Nvidia devices
   - gpu: fix Nvidia minor index parsing
   - lxd/containers: Fix removing NVIDIA containers
   - doc: Add links to REST API
   - doc: Fix storage volume examples
   - lxd/operations: Forward to right cluster node
   - lxc/{copy,move}: Allow overriding device config
   - i18n: Update translations
   - tests: Perform a lazy umount in case of errors
   - lxd/networks: Improve dnsmasq leases cleanup
   - migration: fix cross version migrations
   - doc: Note that default profile cannot be deleted/renamed
   - lxc/profile: Fix "get" command
   - lxd: Prevent renaming/deletion of the default profile
   - test: Test default profile renaming/deletion
   - Fix "neighbour: ndisc_cache: neighbor table overflow"
   - lxd: Fix StoragePoolVolumesGetNames
   - lxd/apparmor: Fix typo in nesting profile
   - lxd/patches: Make config re-gen fault tollerant
   - fix links in api-extension
   - lxd/db: Fix handling of NetworkConfigClear
   - lxd/networks: Fix PATCH o

[Group.of.nepali.translators] [Bug 1788457] Re: SRU of LXC 3.0.2 (upstream bugfix release)

[Stéphane Graber]

** Changed in: lxc (Ubuntu Xenial)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1788457

Title:
  SRU of LXC 3.0.2 (upstream bugfix release)

Status in lxc package in Ubuntu:
  Fix Released
Status in lxc source package in Xenial:
  Fix Released
Status in lxc source package in Bionic:
  Fix Released
Status in lxc source package in Cosmic:
  Fix Released

Bug description:
  LXC upstream released LXC 3.0.2 as a bugfix release with following changelog:
  - CVE 2018-6556: verify netns fd in lxc-user-nic
  - fixed a range of bugs found by Coverity
  - lxc-usernsexec: cleanup and bugfixes
  - log: add CMD_SYSINFO()
  - log: add CMD_SYSERROR()
  - state: s/sleep()/nanosleep()/
  - lxclock: improve file locking
  - lxccontainer: improve file locking
  - lxccontainer: fix F_OFD_GETLK checks
  - netlink: add __netlink_{send,recv,transaction}
  - netns: allocate network namespace id
  - MAINTAINERS: add Wolfgang Bumiller
  - pam_cgfs: cleanups
  - log: add default log priority
  - tree-wide: pass unsigned long to prctl()
  - macro: add new macro header
  - conf: mount devpts without “max” on EINVAL
  - tree-wide: handle EINTR in read() and write()
  - tree-wide: replace pipe() with pipe2()
  - confile: split mount options into flags and data
  - conf: improve rootfs setup
  - autotools: default to -Wvla -std=gnu11
  - tree-wide: remove VLAs
  - tree-wide: replace strtok_r() with lxc_iterate_parts()
  - utils: add lxc_iterate_parts()
  - apparmor: allow start-container to change to lxc-**
  - apparmor: update current profiles
  - apparmor: Allow /usr/lib* paths for mount and pivot_root
  - conf: the atime flags are locked in userns
  - conf: handle partially functional device nodes
  - conf: create /dev directory
  - autotools: build both a shared and static liblxc
  - namespace: add api to convert namespaces to standard identifiers
  - tree-wide: set MSG_NOSIGNAL
  - tree-wide: use mknod() to create dummy files
  - cgfsng: respect lxc.cgroup.use
  - cgroups: remove is_crucial_cgroup_subsystem()
  - tree-wide: remove unneeded log prefixes
  - tests: cleanup all tests
  - terminal: set FD_CLOEXEC on pty file descriptors
  - conf: simplify lxc_setup_dev_console()
  - tools: rework tools
  - autodev: adapt to changes in Linux 4.18
  - log: change DEBUG, INFO, TRACE, NOTICE macro using strerror to SYS* 
macro
  - log: add lxc_log_strerror_r macro
  - network: unpriv lxc will run lxc.net.[i].script.up now
  - conf: only use newuidmap and newgidmap when necessary
  - autotools: support tls in cross-compile

  Just like Ubuntu itself, upstream releases long term support releases,
  as is 3.0 and then periodic point releases including all the
  accumulated bugfixes.

  Only the latest upstream release gets full support from the upstream
  developers, everyone else is expected to first update to it before
  receiving any kind of support.

  This should qualify under the minor upstream bugfix release allowance
  of the SRU policy, letting us SRU this without paperwork for every
  single change included in this upstream release.

  Once the SRU hits -updates, we will be backporting this to xenial-
  backports as well, making sure we have the same version everywhere.

  [Test case]
  lxc has autopkgtests which will assert that the binaries built in -proposed 
are functional.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1788457/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1788232] Re: SRU of LXCFS 3.0.2 (upstream bugfix release)

[Stéphane Graber]

** Changed in: lxcfs (Ubuntu Xenial)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1788232

Title:
  SRU of LXCFS 3.0.2 (upstream bugfix release)

Status in lxcfs package in Ubuntu:
  Fix Released
Status in lxcfs source package in Xenial:
  Fix Released
Status in lxcfs source package in Bionic:
  Fix Released
Status in lxcfs source package in Cosmic:
  Fix Released

Bug description:
  LXCFS upstream released LXCFS 3.0.2 as a bugfix release with following
  changelog:

  - travis: add coverity support
  - travis: fix .travis.yml
  - meminfo: read shmem from cgroup parameter memory.stat
  - meminfo: set ShmemHugePages and ShmemPmdMapped to zero
  - bindings: better logging for write_string()

  
  Just like Ubuntu itself, upstream releases long term support releases, as is 
3.0 and then periodic point releases including all the accumulated bugfixes.

  Only the latest upstream release gets full support from the upstream
  developers, everyone else is expected to first update to it before
  receiving any kind of support.

  This should qualify under the minor upstream bugfix release allowance
  of the SRU policy, letting us SRU this without paperwork for every
  single change included in this upstream release.

  Once the SRU hits -updates, we will be backporting this to xenial-
  backports as well, making sure we have the same version everywhere.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/1788232/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1789746] Re: getxattr: always handle namespaced attributes

[Stéphane Graber]

** Changed in: linux (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1789746

Title:
  getxattr: always handle namespaced attributes

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  Fix Released
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Cosmic:
  Fix Released

Bug description:
  
  == SRU Justification ==
  When running in a container with a user namespace, if you call getxattr
  with name = "system.posix_acl_access" and size % 8 != 4, then getxattr
  silently skips the user namespace fixup that it normally does resulting in
  un-fixed-up data being returned.
  This is caused by posix_acl_fix_xattr_to_user() being passed the total
  buffer size and not the actual size of the xattr as returned by
  vfs_getxattr().

  I have pushed a commit upstream that fixes this bug:

  
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=82c9a927bc5df6e06b72d206d24a9d10cced4eb5

  This commit passes the actual length of the xattr as returned by
  vfs_getxattr() down.

  A reproducer for the issue is:

    touch acl_posix

    setfacl -m user:0:rwx acl_posix

  and the compile:

    #define _GNU_SOURCE
    #include 
    #include 
    #include 
    #include 
    #include 
    #include 
    #include 

    /* Run in user namespace with nsuid 0 mapped to uid != 0 on the host. */
    int main(int argc, void **argv)
    {
    ssize_t ret1, ret2;
    char buf1[128], buf2[132];
    int fret = EXIT_SUCCESS;
    char *file;

    if (argc < 2) {
    fprintf(stderr,
    "Please specify a file with "
    "\"system.posix_acl_access\" permissions set\n");
    _exit(EXIT_FAILURE);
    }
    file = argv[1];

    ret1 = getxattr(file, "system.posix_acl_access",
    buf1, sizeof(buf1));
    if (ret1 < 0) {
    fprintf(stderr, "%s - Failed to retrieve "
    "\"system.posix_acl_access\" "
    "from \"%s\"\n", strerror(errno), file);
    _exit(EXIT_FAILURE);
    }

    ret2 = getxattr(file, "system.posix_acl_access",
    buf2, sizeof(buf2));
    if (ret2 < 0) {
    fprintf(stderr, "%s - Failed to retrieve "
    "\"system.posix_acl_access\" "
    "from \"%s\"\n", strerror(errno), file);
    _exit(EXIT_FAILURE);
    }

    if (ret1 != ret2) {
    fprintf(stderr, "The value of \"system.posix_acl_"
    "access\" for file \"%s\" changed "
    "between two successive calls\n", file);
    _exit(EXIT_FAILURE);
    }

    for (ssize_t i = 0; i < ret2; i++) {
    if (buf1[i] == buf2[i])
    continue;

    fprintf(stderr,
    "Unexpected different in byte %zd: "
    "%02x != %02x\n", i, buf1[i], buf2[i]);
    fret = EXIT_FAILURE;
    }

    if (fret == EXIT_SUCCESS)
    fprintf(stderr, "Test passed\n");
    else
    fprintf(stderr, "Test failed\n");

    _exit(fret);
    }
  and run:

    ./tester acl_posix

  On a non-fixed up kernel this should return something like:

    root@c1:/# ./t
    Unexpected different in byte 16: ffa0 != 00
    Unexpected different in byte 17: ff86 != 00
    Unexpected different in byte 18: 01 != 00

  and on a fixed kernel:

    root@c1:~# ./t
    Test passed

  
  == Fix ==
  82c9a927bc5d ("getxattr: use correct xattr length")

  == Regression Potential ==
  Low.  One liner that passes the actual length of the xattr as returned by
  vfs_getxattr() down.

  == Test Case ==
  A test kernel was built with this patch and tested by the original bug 
reporter.
  The bug reporter states the test kernel resolved the bug.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1789746/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1789746] Re: getxattr: always handle namespaced attributes

[Stéphane Graber]

** Changed in: linux (Ubuntu Cosmic)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1789746

Title:
  getxattr: always handle namespaced attributes

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  Fix Committed
Status in linux source package in Bionic:
  Fix Committed
Status in linux source package in Cosmic:
  Fix Released

Bug description:
  
  == SRU Justification ==
  When running in a container with a user namespace, if you call getxattr
  with name = "system.posix_acl_access" and size % 8 != 4, then getxattr
  silently skips the user namespace fixup that it normally does resulting in
  un-fixed-up data being returned.
  This is caused by posix_acl_fix_xattr_to_user() being passed the total
  buffer size and not the actual size of the xattr as returned by
  vfs_getxattr().

  I have pushed a commit upstream that fixes this bug:

  
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=82c9a927bc5df6e06b72d206d24a9d10cced4eb5

  This commit passes the actual length of the xattr as returned by
  vfs_getxattr() down.

  A reproducer for the issue is:

    touch acl_posix

    setfacl -m user:0:rwx acl_posix

  and the compile:

    #define _GNU_SOURCE
    #include 
    #include 
    #include 
    #include 
    #include 
    #include 
    #include 

    /* Run in user namespace with nsuid 0 mapped to uid != 0 on the host. */
    int main(int argc, void **argv)
    {
    ssize_t ret1, ret2;
    char buf1[128], buf2[132];
    int fret = EXIT_SUCCESS;
    char *file;

    if (argc < 2) {
    fprintf(stderr,
    "Please specify a file with "
    "\"system.posix_acl_access\" permissions set\n");
    _exit(EXIT_FAILURE);
    }
    file = argv[1];

    ret1 = getxattr(file, "system.posix_acl_access",
    buf1, sizeof(buf1));
    if (ret1 < 0) {
    fprintf(stderr, "%s - Failed to retrieve "
    "\"system.posix_acl_access\" "
    "from \"%s\"\n", strerror(errno), file);
    _exit(EXIT_FAILURE);
    }

    ret2 = getxattr(file, "system.posix_acl_access",
    buf2, sizeof(buf2));
    if (ret2 < 0) {
    fprintf(stderr, "%s - Failed to retrieve "
    "\"system.posix_acl_access\" "
    "from \"%s\"\n", strerror(errno), file);
    _exit(EXIT_FAILURE);
    }

    if (ret1 != ret2) {
    fprintf(stderr, "The value of \"system.posix_acl_"
    "access\" for file \"%s\" changed "
    "between two successive calls\n", file);
    _exit(EXIT_FAILURE);
    }

    for (ssize_t i = 0; i < ret2; i++) {
    if (buf1[i] == buf2[i])
    continue;

    fprintf(stderr,
    "Unexpected different in byte %zd: "
    "%02x != %02x\n", i, buf1[i], buf2[i]);
    fret = EXIT_FAILURE;
    }

    if (fret == EXIT_SUCCESS)
    fprintf(stderr, "Test passed\n");
    else
    fprintf(stderr, "Test failed\n");

    _exit(fret);
    }
  and run:

    ./tester acl_posix

  On a non-fixed up kernel this should return something like:

    root@c1:/# ./t
    Unexpected different in byte 16: ffa0 != 00
    Unexpected different in byte 17: ff86 != 00
    Unexpected different in byte 18: 01 != 00

  and on a fixed kernel:

    root@c1:~# ./t
    Test passed

  
  == Fix ==
  82c9a927bc5d ("getxattr: use correct xattr length")

  == Regression Potential ==
  Low.  One liner that passes the actual length of the xattr as returned by
  vfs_getxattr() down.

  == Test Case ==
  A test kernel was built with this patch and tested by the original bug 
reporter.
  The bug reporter states the test kernel resolved the bug.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1789746/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1788232] [NEW] SRU of LXCFS 3.0.2 (upstream bugfix release)

[Stéphane Graber]

Public bug reported:

LXCFS upstream released LXCFS 3.0.2 as a bugfix release with following
changelog:

- travis: add coverity support
- travis: fix .travis.yml
- meminfo: read shmem from cgroup parameter memory.stat
- meminfo: set ShmemHugePages and ShmemPmdMapped to zero
- bindings: better logging for write_string()


Just like Ubuntu itself, upstream releases long term support releases, as is 
3.0 and then periodic point releases including all the accumulated bugfixes.

Only the latest upstream release gets full support from the upstream
developers, everyone else is expected to first update to it before
receiving any kind of support.

This should qualify under the minor upstream bugfix release allowance of
the SRU policy, letting us SRU this without paperwork for every single
change included in this upstream release.

Once the SRU hits -updates, we will be backporting this to xenial-
backports as well, making sure we have the same version everywhere.

** Affects: lxcfs (Ubuntu)
 Importance: Medium
 Assignee: Stéphane Graber (stgraber)
 Status: In Progress

** Affects: lxcfs (Ubuntu Xenial)
 Importance: Medium
 Assignee: Stéphane Graber (stgraber)
 Status: Triaged

** Affects: lxcfs (Ubuntu Bionic)
 Importance: Medium
 Assignee: Stéphane Graber (stgraber)
 Status: Triaged

** Affects: lxcfs (Ubuntu Cosmic)
 Importance: Medium
 Assignee: Stéphane Graber (stgraber)
 Status: In Progress

** Changed in: lxcfs (Ubuntu)
   Status: New => Triaged

** Changed in: lxcfs (Ubuntu)
   Importance: Undecided => Medium

** Also affects: lxcfs (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: lxcfs (Ubuntu Cosmic)
   Importance: Medium
   Status: Triaged

** Also affects: lxcfs (Ubuntu Bionic)
   Importance: Undecided
   Status: New

** Changed in: lxcfs (Ubuntu Xenial)
   Status: New => Triaged

** Changed in: lxcfs (Ubuntu Bionic)
   Status: New => Triaged

** Changed in: lxcfs (Ubuntu Bionic)
   Importance: Undecided => Medium

** Changed in: lxcfs (Ubuntu Xenial)
   Importance: Undecided => Medium

** Changed in: lxcfs (Ubuntu Xenial)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

** Changed in: lxcfs (Ubuntu Bionic)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

** Changed in: lxcfs (Ubuntu Cosmic)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

** Changed in: lxcfs (Ubuntu Cosmic)
   Status: Triaged => In Progress

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1788232

Title:
  SRU of LXCFS 3.0.2 (upstream bugfix release)

Status in lxcfs package in Ubuntu:
  In Progress
Status in lxcfs source package in Xenial:
  Triaged
Status in lxcfs source package in Bionic:
  Triaged
Status in lxcfs source package in Cosmic:
  In Progress

Bug description:
  LXCFS upstream released LXCFS 3.0.2 as a bugfix release with following
  changelog:

  - travis: add coverity support
  - travis: fix .travis.yml
  - meminfo: read shmem from cgroup parameter memory.stat
  - meminfo: set ShmemHugePages and ShmemPmdMapped to zero
  - bindings: better logging for write_string()

  
  Just like Ubuntu itself, upstream releases long term support releases, as is 
3.0 and then periodic point releases including all the accumulated bugfixes.

  Only the latest upstream release gets full support from the upstream
  developers, everyone else is expected to first update to it before
  receiving any kind of support.

  This should qualify under the minor upstream bugfix release allowance
  of the SRU policy, letting us SRU this without paperwork for every
  single change included in this upstream release.

  Once the SRU hits -updates, we will be backporting this to xenial-
  backports as well, making sure we have the same version everywhere.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/1788232/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1785499] [NEW] Make squashfs-tools in Xenial in sync with Bionic and Cosmic

[Stéphane Graber]

Public bug reported:

squashfs-tools upstream hasn't changed in a while but a number of
bugfixes are applied through packaging in Debian and Ubuntu.

The bionic and cosmic versions right now are identical but xenial is
missing a few fixes which is a problem for the LXD snap among other
things.

Looking at debian/series/patches, the fixes currently missing in the xenial 
version are:
 - 0007-fix-2GB-limit-in-mksquashfs.patch
 - 0008-preserve_file_capabilities.patch

I'll attach test cases for both of those below and then will prepare an
SRU that effectively makes the source package identical to what we have
in bionic, minus the different changelog.

This should be pretty safe considering both Ubuntu and Debian have been
shipping those two patches for a while and the fs caps one is going to
be pretty important moving forward as we're discussing having Ubuntu
ship with fscaps by default.

** Affects: squashfs-tools (Ubuntu)
 Importance: Undecided
 Status: Fix Released

** Affects: squashfs-tools (Ubuntu Xenial)
 Importance: High
 Assignee: Stéphane Graber (stgraber)
 Status: Triaged

** Also affects: squashfs-tools (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: squashfs-tools (Ubuntu Xenial)
   Status: New => Triaged

** Changed in: squashfs-tools (Ubuntu)
   Status: New => Fix Released

** Changed in: squashfs-tools (Ubuntu Xenial)
   Importance: Undecided => High

** Changed in: squashfs-tools (Ubuntu Xenial)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1785499

Title:
  Make squashfs-tools in Xenial in sync with Bionic and Cosmic

Status in squashfs-tools package in Ubuntu:
  Fix Released
Status in squashfs-tools source package in Xenial:
  Triaged

Bug description:
  squashfs-tools upstream hasn't changed in a while but a number of
  bugfixes are applied through packaging in Debian and Ubuntu.

  The bionic and cosmic versions right now are identical but xenial is
  missing a few fixes which is a problem for the LXD snap among other
  things.

  Looking at debian/series/patches, the fixes currently missing in the xenial 
version are:
   - 0007-fix-2GB-limit-in-mksquashfs.patch
   - 0008-preserve_file_capabilities.patch

  I'll attach test cases for both of those below and then will prepare
  an SRU that effectively makes the source package identical to what we
  have in bionic, minus the different changelog.

  This should be pretty safe considering both Ubuntu and Debian have
  been shipping those two patches for a while and the fs caps one is
  going to be pretty important moving forward as we're discussing having
  Ubuntu ship with fscaps by default.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/squashfs-tools/+bug/1785499/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1780227] Re: locking sockets broken due to missing AppArmor socket mediation patches

[Stéphane Graber]

Ok, thanks for the update. I've now updated the bug once again to move
all the tasks over to the kernel. Can you attach the kernel patch here
when you can, I'm sure some of the subscribers may want to test this
ahead of the Ubuntu kernel fixes :)

** Changed in: linux (Ubuntu)
   Importance: Undecided => Critical

** Changed in: linux (Ubuntu Xenial)
   Importance: Undecided => Critical

** Changed in: linux (Ubuntu Bionic)
   Importance: Undecided => Critical

** Changed in: linux (Ubuntu)
   Status: Invalid => Triaged

** Changed in: linux (Ubuntu Xenial)
   Status: Invalid => Triaged

** Changed in: linux (Ubuntu Bionic)
   Status: Invalid => Triaged

** Changed in: apparmor (Ubuntu)
   Status: Triaged => Invalid

** Changed in: apparmor (Ubuntu Xenial)
   Status: Triaged => Invalid

** Changed in: apparmor (Ubuntu Bionic)
   Status: Triaged => Invalid

** Changed in: apparmor (Ubuntu)
 Assignee: John Johansen (jjohansen) => (unassigned)

** Changed in: apparmor (Ubuntu Xenial)
 Assignee: John Johansen (jjohansen) => (unassigned)

** Changed in: apparmor (Ubuntu Bionic)
 Assignee: John Johansen (jjohansen) => (unassigned)

** Changed in: linux (Ubuntu)
 Assignee: (unassigned) => John Johansen (jjohansen)

** Changed in: linux (Ubuntu Xenial)
 Assignee: (unassigned) => John Johansen (jjohansen)

** Changed in: linux (Ubuntu Bionic)
 Assignee: (unassigned) => John Johansen (jjohansen)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1780227

Title:
  locking sockets broken due to missing AppArmor socket mediation
  patches

Status in apparmor package in Ubuntu:
  Invalid
Status in linux package in Ubuntu:
  Triaged
Status in apparmor source package in Xenial:
  Invalid
Status in linux source package in Xenial:
  Triaged
Status in apparmor source package in Bionic:
  Invalid
Status in linux source package in Bionic:
  Triaged

Bug description:
  Hey,

  Newer systemd makes use of locks placed on AF_UNIX sockets created
  with the socketpair() syscall to synchronize various bits and pieces
  when isolating services. On kernels prior to 4.18 that do not have
  backported the AppArmor socket mediation patchset this will cause the
  locks to be denied with EACCESS. This causes systemd to be broken in
  LXC and LXD containers that do not run unconfined which is a pretty
  big deal. We have seen various bug reports related to this. See for
  example [1] and [2].

  If feasible it would be excellent if we could backport the socket
  mediation patchset to all LTS kernels. Afaict, this should be 4.4 and
  4.15. This will unbreak a whole range of use-cases.

  The socket mediation patchset is available here:
  
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=80a17a5f501ea048d86f81d629c94062b76610d4

  
  [1]: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1575779
  [2]: https://github.com/systemd/systemd/issues/9493

  Thanks!
  Christian

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1780227/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1780227] Re: locking sockets broken due to missing AppArmor socket mediation patches

[Stéphane Graber]

Per discussion above:
 - Closing the kernel tasks
 - Raising priority on apparmor tasks to Critical (to match what kernel had)
 - Assigning to jjohansen as the AppArmor maintainer

As we care about xenial, bionic and cosmic, we need point releases (or 
cherry-pick) for:
 - AppArmor 2.10 (2.10.95 in xenial)
 - AppArmor 2.12 (2.12 in bionic and cosmic)

John: Any ETA for those two point releases or pointer to a commit which
we could SRU on its own?

For now our focus is obviously on getting this resolved in Ubuntu as
soon as possible, since it's breaking a number of systemd services that
are now (18.04) shipping with more confinement than in the past. The
same issue is also currently preventing us from starting newer Fedora
and Arch containers on Ubuntu.

Our standard response so far has been to tell users to turn off AppArmor
for those containers, but it's obviously not an answer we like to give
(I'm sure you'll agree).

** Changed in: linux (Ubuntu)
   Status: Triaged => Invalid

** Changed in: linux (Ubuntu Xenial)
   Status: Triaged => Invalid

** Changed in: linux (Ubuntu Bionic)
   Status: Triaged => Invalid

** Changed in: apparmor (Ubuntu)
   Status: New => Triaged

** Changed in: apparmor (Ubuntu Xenial)
   Status: New => Triaged

** Changed in: apparmor (Ubuntu Bionic)
   Status: New => Triaged

** Changed in: apparmor (Ubuntu)
   Importance: Undecided => Critical

** Changed in: apparmor (Ubuntu Xenial)
   Importance: Undecided => Critical

** Changed in: apparmor (Ubuntu Bionic)
   Importance: Undecided => Critical

** Changed in: linux (Ubuntu)
   Importance: Critical => Undecided

** Changed in: linux (Ubuntu Xenial)
   Importance: High => Undecided

** Changed in: linux (Ubuntu Bionic)
   Importance: High => Undecided

** Changed in: apparmor (Ubuntu)
 Assignee: (unassigned) => John Johansen (jjohansen)

** Changed in: apparmor (Ubuntu Xenial)
 Assignee: (unassigned) => John Johansen (jjohansen)

** Changed in: apparmor (Ubuntu Bionic)
 Assignee: (unassigned) => John Johansen (jjohansen)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1780227

Title:
  locking sockets broken due to missing AppArmor socket mediation
  patches

Status in apparmor package in Ubuntu:
  Triaged
Status in linux package in Ubuntu:
  Invalid
Status in apparmor source package in Xenial:
  Triaged
Status in linux source package in Xenial:
  Invalid
Status in apparmor source package in Bionic:
  Triaged
Status in linux source package in Bionic:
  Invalid

Bug description:
  Hey,

  Newer systemd makes use of locks placed on AF_UNIX sockets created
  with the socketpair() syscall to synchronize various bits and pieces
  when isolating services. On kernels prior to 4.18 that do not have
  backported the AppArmor socket mediation patchset this will cause the
  locks to be denied with EACCESS. This causes systemd to be broken in
  LXC and LXD containers that do not run unconfined which is a pretty
  big deal. We have seen various bug reports related to this. See for
  example [1] and [2].

  If feasible it would be excellent if we could backport the socket
  mediation patchset to all LTS kernels. Afaict, this should be 4.4 and
  4.15. This will unbreak a whole range of use-cases.

  The socket mediation patchset is available here:
  
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=80a17a5f501ea048d86f81d629c94062b76610d4

  
  [1]: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1575779
  [2]: https://github.com/systemd/systemd/issues/9493

  Thanks!
  Christian

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1780227/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1775271] Re: SRU of LXCFS 3.0.1 (upstream bugfix release)

[Stéphane Graber]

** Changed in: lxcfs (Ubuntu Xenial)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1775271

Title:
  SRU of LXCFS 3.0.1 (upstream bugfix release)

Status in lxcfs package in Ubuntu:
  Fix Released
Status in lxcfs source package in Xenial:
  Fix Released
Status in lxcfs source package in Bionic:
  Fix Released
Status in lxcfs source package in Cosmic:
  Fix Released

Bug description:
  LXCFS upstream released LXCFS 3.0.1 as a bugfix release with following 
changelog:
  - Add support for the nonempty FUSE mount option

  Just like Ubuntu itself, upstream releases long term support releases,
  as is 3.0 and then periodic point releases including all the
  accumulated bugfixes.

  Only the latest upstream release gets full support from the upstream
  developers, everyone else is expected to first update to it before
  receiving any kind of support.

  This should qualify under the minor upstream bugfix release allowance
  of the SRU policy, letting us SRU this without paperwork for every
  single change included in this upstream release.

  Once the SRU hits -updates, we will be backporting this to xenial-
  backports as well, making sure we have the same version everywhere.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/1775271/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1775290] Re: SRU of LXD 3.0.1 (upstream bugfix release)

[Stéphane Graber]

** Changed in: lxd (Ubuntu Xenial)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1775290

Title:
  SRU of LXD 3.0.1 (upstream bugfix release)

Status in lxd package in Ubuntu:
  Fix Released
Status in lxd source package in Xenial:
  Fix Released
Status in lxd source package in Bionic:
  Fix Released
Status in lxd source package in Cosmic:
  Fix Released

Bug description:
  LXD upstream released LXD 3.0.1 as a bugfix release with following changelog:
  - lxc: Fix mistakenly hidden commands
  - i18n: Update translation templates
  - lxd/migration: Pre-validate profiles
  - client: Improve remote operation errors
  - Fix some typos and wording.
  - Wording fix.
  - lxc/image: Fix crash due to bad arg parsing
  - lxd: add missing limits.h include
  - lxd/init: Fix --auto with network config
  - lxc: Consistent naming of clustering terms
  - i18n: Update translation templates
  - lxc/file: Fix pushing files to remote
  - lxd/init: Don’t setup a remote storage pool by default
  - Fix lxd init failing to join cluster interactively with existing zfs 
pool
  - lxc/query: Fix -d and -X
  - lxc/help: Make help respect --all too
  - Fix typo in help of “lxc network”
  - Properly filter node-level storage configs by pool ID
  - i18n: Update translation templates
  - lxd/init: Consistency
  - Make new gofmt happy
  - lxc/file: Allow using -r to follow symlinks
  - Replace juju/idmclient with CanonicalLtd/candidclient
  - lxc/config: Fix adding trust cert on snap
  - lxc/alias: Fix example in help message
  - i18n: Update translation templates
  - client: Introduce LXD_SOCKET
  - Makefile: Add a manifest
  - containers: fix snapshot deletion
  - lxc/init: Add missing --no-profiles
  - i18n: Update translations
  - lxc/file: Fix pull target logic
  - doc: Fix example in userns-idmap
  - devices: fail if Nvidia device minor is missing
  - Add db.ContainersNodeList
  - storage: createContainerMountpoint() fix perms
  - ceph: s/0755/0711/g
  - lvm: s/0755/0711/g
  - storage utils: s/0755/0711/g
  - zfs: s/0755/0711/g
  - patches: add “storage_api_path_permissions”
  - sys/fs: s/MkdirAll/Mkdir/g
  - btrfs: fix permissions
  - Pass a logger to raft-http
  - Add new cluster.Promote function
  - Add new cluster.Rebalance function
  - Notify the cluster leader after a node removal, so it can rebalance
  - Add integration test
  - doc: Tweak backup.md
  - lxd/init: Require root for interactive cluster join
  - Disable flaky unit tests for now
  - Log the error that made Daemon.Init() fail
  - client: Expose http URL in ConnectionInfo
  - lxc/query: Add support for non-JSON endpoints
  - Handle empty query strings
  - Support reading queries from standard in
  - Support passing multiple queries
  - Rename database files
  - Support querying both local and global database
  - Update integration tests
  - Normalize name of images_aliases table
  - Add query.Dump helper to dump schema and data
  - Add support for dump command in lxd sql
  - lxd/containers: Fix lxc.net 1 check
  - doc/backup.md: update snap path
  - Add lxc cluster enable command
  - Fix command description formatting
  - Update .pot files
  - Use an isolated LXD instance in integration tests
  - Start a container in the integration test
  - Address style comments
  - add LXD_UNPRIVILEGED_ONLY to disallow privileged containers.
  - lxd: tweak LXD_UNPRIVILEGED_ONLY
  - doc: add LXD_UNPRIVILEGED_ONLY
  - tests: add tests for LXD_UNPRIVILEGED_ONLY
  - Reword errors when LXD_UNPRIVILEGED_ONLY is set
  - lxd/containers: Allow sending progress
  - lxc/rename: Deal with remote renames
  - lxd/db: Don’t crash on empty queries
  - lxd/sql: Drop custom table renderer
  - lxd/network: Fix fan subnet calculation logic
  - Update translations from weblate
  - lxc/main: Fix remote caching
  - lxc/storage_volumes: Various fixes
  - tests: Add extra cleanup code
  - lxd/storage: Also set zfs.pool_name on upgrade
  - migration: fix btrfs live migration
  - lxd/containers: Fix broken unix hotplug logic
  - lxc/list: Reduce number of API calls
  - Make the interaction betwean lxd daemon and waitready non-blocking
  - Increase logging during startup
  - Remove log alias for waitready
  - Remove log alias for db.OpenCluster
  - Make Unavailable accept an error parameter
  - Add a new Schema.File() method to load extra queries from a file
  - Add support for patch.local.sql and patch.global.sql
  - Add integration te

[Group.of.nepali.translators] [Bug 1775283] Re: SRU of LXC 3.0.1 (upstream bugfix release)

[Stéphane Graber]

** Changed in: lxc (Ubuntu Xenial)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1775283

Title:
  SRU of LXC 3.0.1 (upstream bugfix release)

Status in lxc package in Ubuntu:
  Fix Released
Status in lxc source package in Xenial:
  Fix Released
Status in lxc source package in Bionic:
  Fix Released
Status in lxc source package in Cosmic:
  Fix Released

Bug description:
  LXC upstream released LXC 3.0.1 as a bugfix release with following changelog:
  - tools: fix unitialized variable
  - storage: fix lvm fs uuid generation
  - lxc-oci: fix Cmd/Entrypoint parsing
  - lxc-oci: make umoci less verbose
  - lxclock: use thread-safe OFD fcntl() locks
  - locktests: fix test suite
  - conf: ensure umounts don’t propagate to host
  - doc: Tweak Japanese translation in lxc.container.conf(5)
  - fix signal sending in lxc.init
  - rootfs pinning: On NFS, make file hidden but don’t delete it
  - conf: fix temporary file creation
  - ringbuf: fix temporary file creation
  - Fix compilation with static libcap and shared gnutls
  - attach: always drop supplementary groups
  - lxc init: remove dead code
  - storage/rsync: free memory on error
  - tools/utils: free memory on error
  - lxc init: coding style
  - utils: define __NR_setns if missing on old glibcs
  - attach: try to always drop supplementary groups
  - conf: ret-try devpts mount without gid=5 on error
  - execute: fix app containers without root mapping
  - conf: fix net type checks in run_script_argv()
  - seccomp: handle arch inversion
  - seccomp: handle all errors
  - seccomp: cleanup compat architecture handling
  - seccomp: improve logging
  - tools: document -d/–daemonize for lxc-execute
  - seccomp: non-functional changes
  - seccomp: handle arch inversion II
  - lxc-oci: mkdir the download directory
  - do_lxcapi_create: set umask
  - lxc/tools/lxc_monitor: include missing 
  - pam-cgfs: ignore the system umask when creating the cgroup hierarchy
  - Also pass action scripts to CRIU on checkpointing
  - Fix the memory leak in cgfsng_attach
  - Fix memory leak in list_active_containers
  - Fix tool_utils.c build when HAVE_SETNS is unset
  - coverity: #1435210
  - coverity: #1435208
  - coverity: #1435207
  - coverity: #1435206
  - coverity: #1435205
  - coverity: #1435203
  - coverity: #1435200
  - coverity: #1435198
  - coverity: #1426734
  - lxccontainer: non-functional changes
  - lxccontainer: use thread-safe OFD locks
  - lxccontainer: non-functional changes
  - lxccontainer: do_lxcapi_is_running()
  - lxccontainer: do_lxcapi_freeze()
  - lxccontainer: do_lxcapi_unfreeze()
  - lxccontainer: non-functional changes
  - lxccontainer: use thread-safe open() + write()
  - lxccontainer: non-functional changes
  - lxccontainer: non-functional changes
  - lxccontainer: non-functional changes
  - coverity: #1435263
  - fix logic for execute log file
  - utils: add LXC_PROC_PID_FD_LEN
  - execute: use static buffer
  - execute: do not check inherited fds again
  - add some TRACE/ERROR reporting
  - execute: account for -o path option count
  - execute: set init_path when existing init is found
  - genl: remove
  - coverity: #1248104
  - coverity: #1248105
  - coverity: #1425744
  - utils: account for terminating \0 byte
  - confile: satisfy gcc-8
  - network: silence gcc-8
  - network: adhere to IFNAMSIZ limit
  - support case ignored suffix for sizes
  - utils: fix parse_byte_size_string() coding style
  - strlcpy: add strlcpy() implementation
  - tree-wide: s/strncpy()/strlcpy()/g
  - CODING_STYLE: add section about using strlcpy()
  - tools: s/strncpy()/strlcpy()/g
  - Revert “tools: s/strncpy()/strlcpy()/g”
  - tools: s/strncpy()/memcpy()/
  - doc: Add “-d/–daemon” option to Japanese lxc-execute(1)
  - doc: Fix size unit style in Japanese lxc.container.conf(5)
  - coverity: #1435604
  - coverity: #1435603
  - coverity: #1435602
  - coverity: #1425844
  - config: allow read-write /sys in user namespace
  - coverity: #1425836
  - coverity: #1248106
  - capabilities: raise ambient capabilities
  - coverity: #1425802
  - cgroups: refactor cgroup handling
  - cgroups: remove freezer_state()
  - seccomp: #ifdef SCMP_ARCH_AARCH64
  - conf: simplify write_id_mapping()
  - log: enable per-thread container name prefix
  - lxc-init: skip signals that can’t be caught
  - execute: use execveat() syscall if supported
  - tools: only create log file when requested
  - seccom

[Group.of.nepali.translators] [Bug 1775290] [NEW] SRU of LXD 3.0.1 (upstream bugfix release)

[Stéphane Graber]

 command/info command/
- lxd/init: Explain password less behavior
- Make waitready less verbose
- devices: clone mode of device
- lxd/init: Have --auto setup networkng if missing
- container_lxc: fix optional property for disk devs
- test: Fix busybox image
- lxc/action: Fix pause
- lxd/callhook: Respect LXD_SOCKET environment variable
- forkfile: only open O_RDWR if necessary
- Consider a copy to be local only when not clustered
- Add integration tests
- api: Add backup structs
- client: Implement backup functionality
- shared: Implement RunCommandWithFds
- btrfs: add doContainerCreate()
- btrfs: add doContainerSnapshotCreate()
- ceph: ensure fs consistency when snapshotting
- ceph: ensure fs consistency when restoring
- ceph: add doContainerCreate()
- ceph: add doContainerMount()
- lvm: add doContainerMount()
- zfs: add doContainerMount()
- zfs: add do*() helpers
- lvm: use internal pool name
- lxd-p2c: Handle target URL smarter
- lxd-p2c: Ignore missing arg errors
- lxd-p2c: Delete containers on failure
- lxd-p2c: Better report rsync errors
- lxd-p2c: Allow overriding rsync args
- Serialize reads to the cluster database
- doc: Fix typo in api-extensions
- Redirect container/snapshost publish API requests to the relevant node
- gpu: fallback to default device mode
- Improve error messages and docs about node-specific config keys
- Avoid wrapping long lines
- lxd-p2c: Add rsync version check
- lvm: s/LXDPool/LXDThinPool/g
- Extract expandConfigFromProfiles from expandConfig to avoid db calls
- Broadcast profile changes to other cluster nodes
- lvm: use LXD pool name
- tests: Reduce ceph pg_num down to 1
- lxc-to-lxd: Respect LXD_SOCKET environment variable
- Manually release the liblxc structs
- Drop manual GC calls
- lxd/containers: Fix fd leak in metadata

Just like Ubuntu itself, upstream releases long term support releases,
as is 3.0 and then periodic point releases including all the accumulated
bugfixes.

Only the latest upstream release gets full support from the upstream
developers, everyone else is expected to first update to it before
receiving any kind of support.

This should qualify under the minor upstream bugfix release allowance of
the SRU policy, letting us SRU this without paperwork for every single
change included in this upstream release.

Once the SRU hits -updates, we will be backporting this to xenial-
backports as well, making sure we have the same version everywhere.

** Affects: lxd (Ubuntu)
 Importance: High
 Assignee: Stéphane Graber (stgraber)
 Status: Fix Released

** Affects: lxd (Ubuntu Xenial)
 Importance: High
 Assignee: Stéphane Graber (stgraber)
 Status: Triaged

** Affects: lxd (Ubuntu Bionic)
 Importance: High
 Assignee: Stéphane Graber (stgraber)
 Status: In Progress

** Affects: lxd (Ubuntu Cosmic)
 Importance: High
 Assignee: Stéphane Graber (stgraber)
 Status: Fix Released

** Also affects: lxd (Ubuntu Cosmic)
   Importance: Undecided
   Status: New

** Also affects: lxd (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: lxd (Ubuntu Bionic)
   Importance: Undecided
   Status: New

** Changed in: lxd (Ubuntu Cosmic)
   Status: New => Fix Released

** Changed in: lxd (Ubuntu Xenial)
   Status: New => Triaged

** Changed in: lxd (Ubuntu Bionic)
   Status: New => In Progress

** Changed in: lxd (Ubuntu Xenial)
   Importance: Undecided => High

** Changed in: lxd (Ubuntu Bionic)
   Importance: Undecided => High

** Changed in: lxd (Ubuntu Cosmic)
   Importance: Undecided => High

** Changed in: lxd (Ubuntu Xenial)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

** Changed in: lxd (Ubuntu Bionic)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

** Changed in: lxd (Ubuntu Cosmic)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1775290

Title:
  SRU of LXD 3.0.1 (upstream bugfix release)

Status in lxd package in Ubuntu:
  Fix Released
Status in lxd source package in Xenial:
  Triaged
Status in lxd source package in Bionic:
  In Progress
Status in lxd source package in Cosmic:
  Fix Released

Bug description:
  LXD upstream released LXD 3.0.1 as a bugfix release with following changelog:
  - lxc: Fix mistakenly hidden commands
  - i18n: Update translation templates
  - lxd/migration: Pre-validate profiles
  - client: Improve remote operation errors
  - Fix some typos and wording.
  - Wording fix.
  - lxc/image: Fix crash due to bad arg parsing
  - lxd: add missing limits.h include
  - lxd/init: Fix

[Group.of.nepali.translators] [Bug 1775283] [NEW] SRU of LXC 3.0.1

[Stéphane Graber]

()
- tree-wide: s/sigprocmask/pthread_sigmask()/g
- utils: fix task_blocking_signal()
- lxccontainer: fix fd leaks when sending signals
- confile: order architectures
- start: log setns() failure
- seccomp: leak fixup
- seccomp: re-add action parse error handling
- seccomp: refactor line handling of parse_config
- seccomp: error on unrecognized actions
- seccomp: lxc_read_seccomp_config()
- seccomp: parse_v2_rules()
- seccomp: make do_resolve_add_rule() more strict
- tools: fix lxc-create with global config value
- tools: fix lxc-create with global config value II
- coverity: #1435806
- coverity: #1435805
- coverity: #1435803
- coverity: #1435747
- conf: non-functional changes
- conf: make is_execute a boolean
- conf: non-functional changes
- conf: make close_all_fds a boolean
- conf: reshuffle mount members
- conf: simplify tty handling
- conf: pts -> pty_max
- conf: non-functional changes
- utils: fix task_blocking_signal()
- network: fix socket handle leak
- start: do not init ns_clone_flags to -1
- conf: ensure lxc_delete_tty() does not crash
- start: add reboot macros
- conf: make root idmap structs const
- conf: make tmp_umount_proc bool
- conf: non-functional changes
- conf: va_end was not called.
- confile: improve strprint()
- change defines for return value of handlers
- start: fix waitpid() blocking issue
- start: log unknown info.si_code
- tree-wide: fix mode of some files
- confile_utils: apply strprint()
- templates: actually create DOWNLOAD_TEMP directory
- templates: fix download template
- Patch lxc-update-config

Just like Ubuntu itself, upstream releases long term support releases,
as is 3.0 and then periodic point releases including all the accumulated
bugfixes.

Only the latest upstream release gets full support from the upstream
developers, everyone else is expected to first update to it before
receiving any kind of support.

This should qualify under the minor upstream bugfix release allowance of
the SRU policy, letting us SRU this without paperwork for every single
change included in this upstream release.

Once the SRU hits -updates, we will be backporting this to xenial-
backports as well, making sure we have the same version everywhere.

** Affects: lxc (Ubuntu)
 Importance: High
 Assignee: Stéphane Graber (stgraber)
 Status: Fix Released

** Affects: lxc (Ubuntu Xenial)
 Importance: High
 Assignee: Stéphane Graber (stgraber)
 Status: Triaged

** Affects: lxc (Ubuntu Bionic)
 Importance: High
 Assignee: Stéphane Graber (stgraber)
 Status: In Progress

** Affects: lxc (Ubuntu Cosmic)
 Importance: High
 Assignee: Stéphane Graber (stgraber)
 Status: Fix Released

** Also affects: lxc (Ubuntu Cosmic)
   Importance: Undecided
   Status: New

** Also affects: lxc (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: lxc (Ubuntu Bionic)
   Importance: Undecided
   Status: New

** Changed in: lxc (Ubuntu Xenial)
   Importance: Undecided => High

** Changed in: lxc (Ubuntu Bionic)
   Importance: Undecided => High

** Changed in: lxc (Ubuntu Cosmic)
   Importance: Undecided => High

** Changed in: lxc (Ubuntu Xenial)
   Status: New => Triaged

** Changed in: lxc (Ubuntu Bionic)
   Status: New => In Progress

** Changed in: lxc (Ubuntu Cosmic)
   Status: New => Fix Released

** Changed in: lxc (Ubuntu Xenial)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

** Changed in: lxc (Ubuntu Bionic)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

** Changed in: lxc (Ubuntu Cosmic)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1775283

Title:
  SRU of LXC 3.0.1

Status in lxc package in Ubuntu:
  Fix Released
Status in lxc source package in Xenial:
  Triaged
Status in lxc source package in Bionic:
  In Progress
Status in lxc source package in Cosmic:
  Fix Released

Bug description:
  LXC upstream released LXC 3.0.1 as a bugfix release with following changelog:
  - tools: fix unitialized variable
  - storage: fix lvm fs uuid generation
  - lxc-oci: fix Cmd/Entrypoint parsing
  - lxc-oci: make umoci less verbose
  - lxclock: use thread-safe OFD fcntl() locks
  - locktests: fix test suite
  - conf: ensure umounts don’t propagate to host
  - doc: Tweak Japanese translation in lxc.container.conf(5)
  - fix signal sending in lxc.init
  - rootfs pinning: On NFS, make file hidden but don’t delete it
  - conf: fix temporary file creation
  - ringbuf: fix temporary file creation
  - Fix compilation with static libcap an

[Group.of.nepali.translators] [Bug 1775271] [NEW] SRU of LXCFS 3.0.1 (upstream bugfix release)

[Stéphane Graber]

Public bug reported:

LXCFS upstream released LXCFS 3.0.1 as a bugfix release with following 
changelog:
- Add support for the nonempty FUSE mount option

Just like Ubuntu itself, upstream releases long term support releases,
as is 3.0 and then periodic point releases including all the accumulated
bugfixes.

Only the latest upstream release gets full support from the upstream
developers, everyone else is expected to first update to it before
receiving any kind of support.

This should qualify under the minor upstream bugfix release allowance of
the SRU policy, letting us SRU this without paperwork for every single
change included in this upstream release.

Once the SRU hits -updates, we will be backporting this to xenial-
backports as well, making sure we have the same version everywhere.

** Affects: lxcfs (Ubuntu)
 Importance: Medium
 Assignee: Stéphane Graber (stgraber)
 Status: Fix Released

** Affects: lxcfs (Ubuntu Xenial)
 Importance: Medium
 Assignee: Stéphane Graber (stgraber)
 Status: Triaged

** Affects: lxcfs (Ubuntu Bionic)
 Importance: Medium
 Assignee: Stéphane Graber (stgraber)
 Status: In Progress

** Affects: lxcfs (Ubuntu Cosmic)
 Importance: Medium
 Assignee: Stéphane Graber (stgraber)
 Status: Fix Released

** Also affects: lxcfs (Ubuntu Cosmic)
   Importance: Undecided
   Status: New

** Also affects: lxcfs (Ubuntu Bionic)
   Importance: Undecided
   Status: New

** Also affects: lxcfs (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: lxcfs (Ubuntu Cosmic)
   Status: New => Fix Released

** Changed in: lxcfs (Ubuntu Xenial)
   Status: New => Triaged

** Changed in: lxcfs (Ubuntu Bionic)
   Status: New => In Progress

** Changed in: lxcfs (Ubuntu Xenial)
   Importance: Undecided => Medium

** Changed in: lxcfs (Ubuntu Bionic)
   Importance: Undecided => Medium

** Changed in: lxcfs (Ubuntu Cosmic)
   Importance: Undecided => Medium

** Changed in: lxcfs (Ubuntu Xenial)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

** Changed in: lxcfs (Ubuntu Bionic)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

** Changed in: lxcfs (Ubuntu Cosmic)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1775271

Title:
  SRU of LXCFS 3.0.1 (upstream bugfix release)

Status in lxcfs package in Ubuntu:
  Fix Released
Status in lxcfs source package in Xenial:
  Triaged
Status in lxcfs source package in Bionic:
  In Progress
Status in lxcfs source package in Cosmic:
  Fix Released

Bug description:
  LXCFS upstream released LXCFS 3.0.1 as a bugfix release with following 
changelog:
  - Add support for the nonempty FUSE mount option

  Just like Ubuntu itself, upstream releases long term support releases,
  as is 3.0 and then periodic point releases including all the
  accumulated bugfixes.

  Only the latest upstream release gets full support from the upstream
  developers, everyone else is expected to first update to it before
  receiving any kind of support.

  This should qualify under the minor upstream bugfix release allowance
  of the SRU policy, letting us SRU this without paperwork for every
  single change included in this upstream release.

  Once the SRU hits -updates, we will be backporting this to xenial-
  backports as well, making sure we have the same version everywhere.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/1775271/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1731698] Re: [SRU] Tor 0.2.9.13 and 0.3.0.12

[Stéphane Graber]

Sorry about the delay. I've added the tasks for Xenial and Artful. We're
going to ignore Zesty due to its EOL.

@Simon are you planning on bumping those to the releases that have been
released since?

If so, I'll wait a bit before uploading those, if not, let me know and
I'll upload those.

** Also affects: tor (Ubuntu Artful)
   Importance: Undecided
   Status: New

** Also affects: tor (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: tor (Ubuntu)
   Status: Confirmed => Fix Released

** Changed in: tor (Ubuntu Xenial)
   Status: New => Triaged

** Changed in: tor (Ubuntu Artful)
   Status: New => Triaged

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1731698

Title:
  [SRU] Tor 0.2.9.13 and 0.3.0.12

Status in tor package in Ubuntu:
  Fix Released
Status in tor source package in Xenial:
  Triaged
Status in tor source package in Artful:
  Triaged

Bug description:
  Micro versions of Tor were recently released to address some security
  problems (CVE-2017-0380/TROVE-2017-008) and crashes. The new releases
  also include directory authority changes.

  [Test Case]

  1) Setup Tor:
  $ sudo apt-get install tor

  2) Check if the Tor network is usable:
  $ torsocks wget -qO - https://ifconfig.co
  192.0.2.1

  3) Check that the IP returned by https://ifconfig.co is NOT the one
 assigned by you ISP.

  4) If you got a different IP it means wget used the Tor network
  successfully

  5) Repeat with the -proposed package

  
  [Regression Potential]

  Unfortunately, I don't know what regression could be introduced by
  those micro version upgrades (0.2.9.11->0.2.9.13 and
  0.3.0.10->0.3.0.12). Debian shipped 0.2.9.12 some time ago and I
  didn't find any regression in their bug tracker. Unfortunately, Debian
  no longer ship the 0.3.0.x branch as they moved to 0.3.1.x so the
  version in Artful saw less "in the wild" testing.

  I also looked at the upstream bug tracker and didn't find any relevant
  regression introduced by those new versions.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tor/+bug/1731698/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1737020] [NEW] Regression in "lxd init" behavior in 2.0.11

[Stéphane Graber]

Public bug reported:

This is an SRU tracking bug for the fixes to two "lxd init" regressions
in LXD 2.0.11.

1) Missing question about the ZFS pool name when creating a new pool.
2) Missing question about the LXD bridge configuration.

Both of those are part of our interactive workflow so didn't trip our
automated testing and unfortunately didn't trip our manual testing
either as were mostly focused on upgrades rather than validating that
the initial configuration tool was asking all the expected questions.

This SRU should be rushed as those two issues make the initial
configuration of LXD inconsistent with documentation and quite a bit
harder for users to do.

# Testcase
Install LXD 2.0.11 on a clean system, run "lxd init", select "zfs" as the 
storage backend and accept to create a new pool. Confirm that you get asked for 
the pool name. Then later, check that you're asked to configure the LXD bridge 
and that answering yes causes a set of debconf prompts to show up.

# Regression potential
This only applies to new installations and has been manually tested already 
alongside the old LXD 2.0.10 to confirm that the behavior is now identical.

There is the possibility that we missed another regression in that code,
but this fix would still be a good improvement.

** Affects: lxd (Ubuntu)
 Importance: Undecided
 Status: Invalid

** Affects: lxd (Ubuntu Xenial)
 Importance: Critical
 Status: Triaged

** Changed in: lxd (Ubuntu)
   Status: New => Triaged

** Changed in: lxd (Ubuntu)
   Status: Triaged => Invalid

** Also affects: lxd (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: lxd (Ubuntu Xenial)
   Status: New => Triaged

** Changed in: lxd (Ubuntu Xenial)
   Importance: Undecided => Critical

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1737020

Title:
  Regression in "lxd init" behavior in 2.0.11

Status in lxd package in Ubuntu:
  Invalid
Status in lxd source package in Xenial:
  Triaged

Bug description:
  This is an SRU tracking bug for the fixes to two "lxd init"
  regressions in LXD 2.0.11.

  1) Missing question about the ZFS pool name when creating a new pool.
  2) Missing question about the LXD bridge configuration.

  Both of those are part of our interactive workflow so didn't trip our
  automated testing and unfortunately didn't trip our manual testing
  either as were mostly focused on upgrades rather than validating that
  the initial configuration tool was asking all the expected questions.

  This SRU should be rushed as those two issues make the initial
  configuration of LXD inconsistent with documentation and quite a bit
  harder for users to do.

  # Testcase
  Install LXD 2.0.11 on a clean system, run "lxd init", select "zfs" as the 
storage backend and accept to create a new pool. Confirm that you get asked for 
the pool name. Then later, check that you're asked to configure the LXD bridge 
and that answering yes causes a set of debconf prompts to show up.

  # Regression potential
  This only applies to new installations and has been manually tested already 
alongside the old LXD 2.0.10 to confirm that the behavior is now identical.

  There is the possibility that we missed another regression in that
  code, but this fix would still be a good improvement.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1737020/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1724861] Re: lxd 2.0.10-0ubuntu1~16.04.2 ADT test failure with linux-hwe-edge 4.13.0-16.19~16.04.3

[Stéphane Graber]

** Changed in: lxd (Ubuntu Xenial)
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1724861

Title:
  lxd 2.0.10-0ubuntu1~16.04.2 ADT test failure with linux-hwe-edge
  4.13.0-16.19~16.04.3

Status in lxd package in Ubuntu:
  Fix Released
Status in lxd source package in Xenial:
  Fix Released

Bug description:
  [Impact]

  Currently the DKMS package fails to install in supported custom
  kernels that are based on 4.11 or 4.13. That includes the current 4.11
  hwe-edge and the upcoming 4.13 hwe-edge kernels and some of the custom
  and cloud kernels as well.

  [Test Case]

  Install the DKMS package with the 4.13 hwe-edge kernel from -proposed.
  The package installation should proceed without any errors.

  [Regression Potential]

  Although new patches were added, the regression risk is very low since
  the new changes are conditionally compiled based on the kernel
  version.

  Besides that the new package was tested with the following kernels in
  an amd64 environment:

  - linux-generic 4.4
  - linux-hwe 4.10
  - linux-hwe-edge 4.11
  - linux-hwe-edge 4.13 (from xenial-proposed)
  - linux-azure 4.11
  - linux-azure-edge 4.13 (which is in process of getting promoted to
xenial-proposed)

  [Original description]

  Testing failed on:
  amd64: 
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-xenial/xenial/amd64/l/lxd/20171018_120755_dbca9@/log.gz
  i386: 
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-xenial/xenial/i386/l/lxd/20171018_121800_dbca9@/log.gz
  ppc64el: 
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-xenial/xenial/ppc64el/l/lxd/20171018_121146_dbca9@/log.gz

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1724861/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1727373] Re: SRU of LXCFS 2.0.8 (upstream bugfix release)

[Stéphane Graber]

** Changed in: lxcfs (Ubuntu Trusty)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1727373

Title:
  SRU of LXCFS 2.0.8 (upstream bugfix release)

Status in lxcfs package in Ubuntu:
  Fix Released
Status in lxcfs source package in Trusty:
  Fix Released
Status in lxcfs source package in Xenial:
  Fix Released
Status in lxcfs source package in Zesty:
  Fix Released
Status in lxcfs source package in Artful:
  Fix Released

Bug description:
  LXCFS upstream released LXCFS 2.0.8 as a bugfix release with following 
changelog:
   - bindings: Add mountpoint for unified hierarchy
   - bindings: Calculate uptime via proc//stat
   - bindings: Revert virtualization of 'btime' field due to regressions in ps
   - doc: Update README
   - init: Add cgroupfs-mount to Should-Start/Stop sysvinit LSB headers
   - lib: Add common fallback dlopen for liblxcfs.so
   - lib: Fix the installation directory for liblxcfs to ${libdir}/lxcfs
   - pam: Add a 'all' option for -c
   - pam: Chown cgroup.procs file on unified hierarchy
   - pam: Report back when we find a unified hierarchy
   - tests: Fix invalid comparison
   - uptime: Fix a problem with subsequent reads

  
  Just like Ubuntu itself, upstream releases long term support releases, as is 
2.0 and then periodic point releases including all the accumulated bugfixes.

  Only the latest upstream release gets full support from the upstream
  developers, everyone else is expected to first update to it before
  receiving any kind of support.

  This should qualify under the minor upstream bugfix release allowance
  of the SRU policy, letting us SRU this without paperwork for every
  single change included in this upstream release.

  Once the SRU hits -updates, we will be backporting this to trusty-
  backports as well, making sure we have the same version everywhere.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/1727373/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1731146] [NEW] SRU of LXD 2.0.11 (upstream bugfix release)

[Stéphane Graber]

n subuid
- tests: Also measure batch startup time in perf.sh
- tests: bump image auto update limit to 20min
- tests: Clear database state in the mock daemon after each lxdSuiteTest
- tests: Don't attempt to finger public remotes
- tests: Don't attempt to finger public remotes
- tests: Don't copy running lvm/ceph containers
- tests: Fix bad raw.lxc test
- tests: Fix dependency check
- tests: Fix image_auto_update test
- tests: Fix image expiry test
- tests: Fix shell return value masking
- tests: Function to include storage backends helpers
- tests: include lvm in image auto update
- tests: More apparmor presence checking
- tests: Refactor cleanup functions
- tests: Setup basic channel handler for triggers
- tests: Skip apparmor tests when no kernel support
- tests: Split out lxc and lxd related helper functions
- tests: Split out network-related helper functions
- tests: Split out storage-related helper functions
- tests: Split out test setup related helper functions
- tests: Support running individual testify test suites
- tests: Switch to new storage helpers
- tests: Update perf.sh to "lxd-benchmark launch"
- tests: use "--force" everywhere on stop
- tests: Use in-memory db for tests (makes them faster)
- tests: Use testimage for perf testing
- tests: Validate that the right busybox is present
- tests: Wait up to 2 minutes for image updates


Just like Ubuntu itself, upstream releases long term support releases, as is 
2.0 and then periodic point releases including all the accumulated bugfixes.

Only the latest upstream release gets full support from the upstream
developers, everyone else is expected to first update to it before
receiving any kind of support.

This should qualify under the minor upstream bugfix release allowance of
the SRU policy, letting us SRU this without paperwork for every single
change included in this upstream release.

Once the SRU hits -updates, we will be backporting this to trusty-
backports as well, making sure we have the same version everywhere.

** Affects: lxd (Ubuntu)
 Importance: Undecided
 Status: Invalid

** Affects: lxd (Ubuntu Trusty)
 Importance: Undecided
 Assignee: Stéphane Graber (stgraber)
 Status: Triaged

** Affects: lxd (Ubuntu Xenial)
 Importance: Undecided
 Assignee: Stéphane Graber (stgraber)
 Status: In Progress

** Changed in: lxd (Ubuntu)
   Status: New => Invalid

** Also affects: lxd (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: lxd (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Changed in: lxd (Ubuntu Trusty)
   Status: New => In Progress

** Changed in: lxd (Ubuntu Trusty)
   Status: In Progress => Triaged

** Changed in: lxd (Ubuntu Xenial)
   Status: New => In Progress

** Changed in: lxd (Ubuntu Trusty)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

** Changed in: lxd (Ubuntu Xenial)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1731146

Title:
  SRU of LXD 2.0.11 (upstream bugfix release)

Status in lxd package in Ubuntu:
  Invalid
Status in lxd source package in Trusty:
  Triaged
Status in lxd source package in Xenial:
  In Progress

Bug description:
  LXD upstream released LXD 2.0.11 as a bugfix release with following changelog:
  - It's now possible to interrupt image downloads
  - Added a new security.idmap.base config key
(overrides the base uid/gid of the container)
  - Added support for delta image downloads
  - Implemented instance types as a proxy for resource limits
  - The user-agent string was expanded to include OS and kernel information
  - The client library and related code is now kept in sync with master
  - The command line client has been ported to the new client library

  - client: Add CancelTarget to RemoteOperation
  - client: Add CreateContainerFromImage function
  - client: Added insecureSkipVerify flag the ConnectionArgs struct
  - client: Add extra exec option to block on I/O
  - client: Add GetServerResources()
  - client: Add GetStoragePoolResources()
  - client: Add image_create_aliases backward compat
  - client: Add RenameStoragePoolVolume()
  - client: Allow canceling image download from LXDs
  - client: Allow specifying base http client
  - client: Cleanup code duplication in image download code
  - client: Commonize error handling
  - client: Don't live migrate stopped containers
  - client: Drop experimental tag from new client
  - client: Fail if source isn't listening on network
  - client: Fix crash i

[Group.of.nepali.translators] [Bug 1693340] Re: SRU of LXD 2.0.10 (upstream bugfix release)

[Stéphane Graber]

** Changed in: lxd (Ubuntu Trusty)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1693340

Title:
  SRU of LXD 2.0.10 (upstream bugfix release)

Status in lxd package in Ubuntu:
  Invalid
Status in lxd source package in Trusty:
  Fix Released
Status in lxd source package in Xenial:
  Fix Released

Bug description:
  LXD upstream released LXD 2.0.10 as a bugfix release with following changelog:
  - client: Backported the new client library and ported some of the
internal commands over to it
  - lxc: Add a manpage command
  - lxc: Allow --version to be passed with any command
  - lxc: Reworked all help messages in the client to work with help2man
  - lxd: AppArmor namespacing is now also enabled for privileged containers

  - build: Add debug logging
  - client: Fix profile list
  - client: Remove unneeded condition
  - doc: Add instructions to grow ZFS loop
  - doc: Add note about escaping btrfs qgroups
  - doc: Add note about restricting access to kernel ring buffer
  - doc: Extract containers documentation to containers.md
  - doc: Extract profiles documentation to profiles.md
  - doc: Extract server documentation to server.md
  - doc: Fix badly named example device
  - doc: Fix broken table
  - doc: Note that LXD assumes full control over the pool
  - doc: Update configuration.md with links to other documents
  - doc: Update README.md for new API client
  - extra/lxc-to-lxd: Don't crash on missing mount file
  - extra/lxc-to-lxd: Typo in description of --move-rootfs
  - extra/vagrant: Trailing whitespace
  - global: Fix error handling in all filepath.Walk calls
  - global: Fix a number of typos
  - global: Forward user-agent and other headers on redirect
  - global: Replace file Chmod() with os.Chmod()
  - global: Use containerGetParentAndSnapshotName()
  - global: Use RunCommand everywhere
  - lxc: Don't include spaces in translated strings
  - lxc: Improve batch mode
  - lxc: Make help/usage a bit more consistent
  - lxc: Move common functions/types to utils.go
  - lxc: Properly clear transfer stats on error
  - lxc: Rework for better manpages
  - lxc/config: Add new config handling code
  - lxc/config: Always use "simplestreams" for images:
  - lxc/config: Fix path handling
  - lxc/config: Fix SaveConfig's DeepCopy call
  - lxc/copy: Improve error handling
  - lxc/copy: Return the source error too
  - lxc/copy: Simplify
  - lxc/copy: Wait asynchronously
  - lxc/image: Show the alias description
  - lxc/image: Trailing whitespace
  - lxc/init: Drop unnecessary else statement
  - lxc/list: Document list format options
  - lxc/list: Fix regression in json output
  - lxc/list: Move common data extraction to a helper function
  - lxc/profile: Properly implement "profile unset"
  - lxc/publish: Wait for the conainer to be running
  - lxc/remote: Show the fingerprint as string not hex
  - lxc/utils: Implement progress tracking for operations
  - lxd: Drop use of logger.Log when not needed
  - lxd/apparmor: Fix AppArmor stack handling with nesting
  - lxd/containers: Add containerGetParentAndSnapshotName()
  - lxd/containers: Added soft limit in initLXD()
  - lxd/containers: Added soft memory limit even when hard is selected
  - lxd/containers: Add extra validation for unix-block/unix-char
  - lxd/containers: Add function to detect root disk device
  - lxd/containers: Allow for stable host interface names
  - lxd/containers: Clarify uid/gid error
  - lxd/containers: Cleanup root device validation
  - lxd/containers: Disable IPv6 on host side veth when bridged
  - lxd/containers: Don't ignore snapshot deletion failures
  - lxd/containers: Don't parse id ranges as int32
  - lxd/containers: Don't report migration success on failure
  - lxd/containers: Don't use FindProcess, just pass exec.Cmd
  - lxd/containers: Find current max snapshot value
  - lxd/containers: Fix bad root device detection code
  - lxd/containers: Fix base image tracking
  - lxd/containers: Fix concurent read/write to s.conns in exec
  - lxd/containers: Fix error handling on FileRemove
  - lxd/containers: Fix handling of devices with minor>255
  - lxd/containers: Fix override of Devices during copy
  - lxd/containers: Fix soft limit logic to use float64
  - lxd/containers: Initialize idmap on demand
  - lxd/containers: Kill forkexec on abnormal websocket closure
  - lxd/containers: Path may only be used by one disk
  - lxd/containers: Properly invalidate the idmap cache
  - lxd/containers: Properly revert memory limits on failure
  

[Group.of.nepali.translators] [Bug 1727373] Re: SRU of LXCFS 2.0.8 (upstream bugfix release)

[Stéphane Graber]

And uploaded bionic, zesty and xenial now.

** Changed in: lxcfs (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1727373

Title:
  SRU of LXCFS 2.0.8 (upstream bugfix release)

Status in lxcfs package in Ubuntu:
  Fix Released
Status in lxcfs source package in Trusty:
  New
Status in lxcfs source package in Xenial:
  In Progress
Status in lxcfs source package in Zesty:
  In Progress
Status in lxcfs source package in Artful:
  In Progress

Bug description:
  LXCFS upstream released LXCFS 2.0.8 as a bugfix release with following 
changelog:
   - bindings: Add mountpoint for unified hierarchy
   - bindings: Calculate uptime via proc//stat
   - bindings: Revert virtualization of 'btime' field due to regressions in ps
   - doc: Update README
   - init: Add cgroupfs-mount to Should-Start/Stop sysvinit LSB headers
   - lib: Add common fallback dlopen for liblxcfs.so
   - lib: Fix the installation directory for liblxcfs to ${libdir}/lxcfs
   - pam: Add a 'all' option for -c
   - pam: Chown cgroup.procs file on unified hierarchy
   - pam: Report back when we find a unified hierarchy
   - tests: Fix invalid comparison
   - uptime: Fix a problem with subsequent reads

  
  Just like Ubuntu itself, upstream releases long term support releases, as is 
2.0 and then periodic point releases including all the accumulated bugfixes.

  Only the latest upstream release gets full support from the upstream
  developers, everyone else is expected to first update to it before
  receiving any kind of support.

  This should qualify under the minor upstream bugfix release allowance
  of the SRU policy, letting us SRU this without paperwork for every
  single change included in this upstream release.

  Once the SRU hits -updates, we will be backporting this to trusty-
  backports as well, making sure we have the same version everywhere.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/1727373/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1727373] [NEW] SRU of LXCFS 2.0.8 (upstream bugfix release)

[Stéphane Graber]

Public bug reported:

LXCFS upstream released LXCFS 2.0.8 as a bugfix release with following 
changelog:
 - bindings: Add mountpoint for unified hierarchy
 - bindings: Calculate uptime via proc//stat
 - bindings: Revert virtualization of 'btime' field due to regressions in ps
 - doc: Update README
 - init: Add cgroupfs-mount to Should-Start/Stop sysvinit LSB headers
 - lib: Add common fallback dlopen for liblxcfs.so
 - lib: Fix the installation directory for liblxcfs to ${libdir}/lxcfs
 - pam: Add a 'all' option for -c
 - pam: Chown cgroup.procs file on unified hierarchy
 - pam: Report back when we find a unified hierarchy
 - tests: Fix invalid comparison
 - uptime: Fix a problem with subsequent reads


Just like Ubuntu itself, upstream releases long term support releases, as is 
2.0 and then periodic point releases including all the accumulated bugfixes.

Only the latest upstream release gets full support from the upstream
developers, everyone else is expected to first update to it before
receiving any kind of support.

This should qualify under the minor upstream bugfix release allowance of
the SRU policy, letting us SRU this without paperwork for every single
change included in this upstream release.

Once the SRU hits -updates, we will be backporting this to trusty-
backports as well, making sure we have the same version everywhere.

** Affects: lxcfs (Ubuntu)
 Importance: Undecided
 Status: New

** Affects: lxcfs (Ubuntu Trusty)
 Importance: Undecided
 Status: New

** Affects: lxcfs (Ubuntu Xenial)
 Importance: Undecided
 Status: In Progress

** Affects: lxcfs (Ubuntu Zesty)
 Importance: Undecided
 Status: In Progress

** Affects: lxcfs (Ubuntu Artful)
 Importance: Undecided
 Status: In Progress

** Also affects: lxcfs (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: lxcfs (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Also affects: lxcfs (Ubuntu Artful)
   Importance: Undecided
   Status: New

** Also affects: lxcfs (Ubuntu Zesty)
   Importance: Undecided
   Status: New

** Changed in: lxcfs (Ubuntu Zesty)
   Status: New => In Progress

** Changed in: lxcfs (Ubuntu Xenial)
   Status: New => In Progress

** Changed in: lxcfs (Ubuntu Artful)
   Status: New => In Progress

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1727373

Title:
  SRU of LXCFS 2.0.8 (upstream bugfix release)

Status in lxcfs package in Ubuntu:
  New
Status in lxcfs source package in Trusty:
  New
Status in lxcfs source package in Xenial:
  In Progress
Status in lxcfs source package in Zesty:
  In Progress
Status in lxcfs source package in Artful:
  In Progress

Bug description:
  LXCFS upstream released LXCFS 2.0.8 as a bugfix release with following 
changelog:
   - bindings: Add mountpoint for unified hierarchy
   - bindings: Calculate uptime via proc//stat
   - bindings: Revert virtualization of 'btime' field due to regressions in ps
   - doc: Update README
   - init: Add cgroupfs-mount to Should-Start/Stop sysvinit LSB headers
   - lib: Add common fallback dlopen for liblxcfs.so
   - lib: Fix the installation directory for liblxcfs to ${libdir}/lxcfs
   - pam: Add a 'all' option for -c
   - pam: Chown cgroup.procs file on unified hierarchy
   - pam: Report back when we find a unified hierarchy
   - tests: Fix invalid comparison
   - uptime: Fix a problem with subsequent reads

  
  Just like Ubuntu itself, upstream releases long term support releases, as is 
2.0 and then periodic point releases including all the accumulated bugfixes.

  Only the latest upstream release gets full support from the upstream
  developers, everyone else is expected to first update to it before
  receiving any kind of support.

  This should qualify under the minor upstream bugfix release allowance
  of the SRU policy, letting us SRU this without paperwork for every
  single change included in this upstream release.

  Once the SRU hits -updates, we will be backporting this to trusty-
  backports as well, making sure we have the same version everywhere.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/1727373/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1724861] Re: lxd 2.0.10-0ubuntu1~16.04.2 ADT test failure with linux-hwe-edge 4.13.0-16.19~16.04.3

[Stéphane Graber]

We're releasing LXD 2.0.11 today which will include this particular fix,
so that should fix this.

** Also affects: lxd (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: lxd (Ubuntu)
   Status: New => Fix Released

** Changed in: lxd (Ubuntu Xenial)
   Status: New => In Progress

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1724861

Title:
  lxd 2.0.10-0ubuntu1~16.04.2 ADT test failure with linux-hwe-edge
  4.13.0-16.19~16.04.3

Status in lxd package in Ubuntu:
  Fix Released
Status in lxd source package in Xenial:
  In Progress

Bug description:
  Testing failed on:
  amd64: 
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-xenial/xenial/amd64/l/lxd/20171018_120755_dbca9@/log.gz
  i386: 
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-xenial/xenial/i386/l/lxd/20171018_121800_dbca9@/log.gz
  ppc64el: 
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-xenial/xenial/ppc64el/l/lxd/20171018_121146_dbca9@/log.gz

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1724861/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1709920] Re: criu is not built for arm64

[Stéphane Graber]

Is that patchset something that can actually be applied on the much much
older CRIU we have in those releases? It doesn't really feel that way to
me.

Also, please note that CRIU is in universe so that'd be a best
effort/community work.

** Changed in: criu (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1709920

Title:
  criu is not built for arm64

Status in criu package in Ubuntu:
  Fix Released
Status in criu source package in Xenial:
  New
Status in criu source package in Zesty:
  New
Status in criu package in Debian:
  Fix Released

Bug description:
  The criu package has source code for arch/aarch64, but arm64 is not
  listed in the control file so LP does not attempt to build it.

  At least for artful, adding arm64 to the supported list in
  debian/control is sufficient for the build to succeed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/criu/+bug/1709920/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1686036] Re: mountpoint remains in use after restore snapshot

[Stéphane Graber]

** Changed in: lxd (Ubuntu Xenial)
   Status: Triaged => Fix Released

** No longer affects: lxd (Ubuntu Yakkety)

** Changed in: lxd (Ubuntu Zesty)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1686036

Title:
  mountpoint remains in use after restore snapshot

Status in lxd package in Ubuntu:
  Fix Released
Status in lxd source package in Xenial:
  Fix Released
Status in lxd source package in Zesty:
  Fix Released
Status in lxd source package in Artful:
  Fix Released

Bug description:
  uname -a
  Linux lxd2-chel1 4.4.0-72-generic #93-Ubuntu SMP Fri Mar 31 14:07:41 UTC 2017 
x86_64 x86_64 x86_64 GNU/Linux

  lxd: 2.12-0ubuntu3~ubuntu16.04.1~ppa1
  zfsutils-linux: 0.6.5.6-0ubuntu16

  # lsb_release -a
  No LSB modules are available.
  Distributor ID: Ubuntu
  Description:Ubuntu 16.04.2 LTS
  Release:16.04
  Codename:   xenial

  after restore container from shapshot cannot add new snapshot or restore again
  until restart container

  example:

  
  # lxc image list
  
+---+--++--++-+--+
  | ALIAS | FINGERPRINT  | PUBLIC | DESCRIPTION 
 |  ARCH  |  SIZE   | UPLOAD DATE  |
  
+---+--++--++-+--+
  | debian/jessie | ba43812c4cb9 | no | Debian jessie amd64 
(20170423_22:42) | x86_64 | 94.14MB | Apr 24, 2017 at 9:07am (UTC) |
  
+---+--++--++-+--+

  # lxc launch debian/jessie
  Creating popular-kitten

  The container you are starting doesn't have any network attached to it.
To create a new network, use: lxc network create
To attach a network to a container, use: lxc network attach

  Starting popular-kitten

  
  # lxc info popular-kitten
  Name: popular-kitten
  Remote: unix:/var/lib/lxd/unix.socket
  Architecture: x86_64
  Created: 2017/04/25 07:17 UTC
  Status: Running
  Type: persistent
  Profiles: default
  Pid: 6965
  Ips:
lo:   inet127.0.0.1
lo:   inet6   ::1
  Resources:
Processes: 7
Disk usage:
  root: 1.48MB
CPU usage:
  CPU usage (in seconds): 25
Memory usage:
  Memory (current): 16.22MB
  Memory (peak): 23.01MB
Network usage:
  lo:
Bytes received: 0B
Bytes sent: 0B
Packets received: 0
Packets sent: 0

  # lxc profile show default
  config: {}
  description: Default LXD profile
  devices:
root:
  path: /
  pool: main-pool
  type: disk
  name: default
  used_by:
  - /1.0/containers/popular-kitten
  # lxc snapshot popular-kitten

  # zfs get mounted main-pool/containers/popular-kitten 
  NAME PROPERTY  VALUESOURCE
  main-pool/containers/popular-kitten  mounted   yes  -

  # zfs get mounted main-pool/snapshots/popular-kitten 
  NAMEPROPERTY  VALUESOURCE
  main-pool/snapshots/popular-kitten  mounted   yes  -

  # lxc restore popular-kitten snap0

  # zfs get mounted main-pool/snapshots/popular-kitten
  NAMEPROPERTY  VALUESOURCE
  main-pool/snapshots/popular-kitten  mounted   yes  -

  # zfs get mounted main-pool/containers/popular-kitten
  NAME PROPERTY  VALUESOURCE
  main-pool/containers/popular-kitten  mounted   no   -

  # lxc snapshot popular-kitten 
  error: Failed to mount ZFS filesystem: filesystem 
'main-pool/containers/popular-kitten' is already mounted
  cannot mount 'main-pool/containers/popular-kitten': mountpoint or dataset is 
busy

  # lxc restore popular-kitten snap0
  error: Failed to mount ZFS filesystem: filesystem 
'main-pool/containers/popular-kitten' is already mounted
  cannot mount 'main-pool/containers/popular-kitten': mountpoint or dataset is 
busy

  but container still work:

  # lxc info popular-kitten
  Name: popular-kitten
  Remote: unix:/var/lib/lxd/unix.socket
  Architecture: x86_64
  Created: 2017/04/25 07:17 UTC
  Status: Running
  ...

  # lxc exec popular-kitten bash
  root@popular-kitten:~# uptime
   07:34:06 up 8 min,  0 users,  load average: 0.00, 0.02, 0.03

  after restart container:

  # lxc restart popular-kitten

  # zfs get mounted main-pool/containers/popular-kitten
  NAME PROPERTY  VALUESOURCE
  main-pool/containers/popular-kitten  mounted   yes  -

  
  on another server this problem missmatch:

  # lsb_release -a
  No LSB modules are available.
  Distributor ID: Ubuntu
  Description:Ubuntu 16.10
  Release:16.10
  Codename:   yakkety

  # lx

[Group.of.nepali.translators] [Bug 1635079] Re: Properly rotate /var/log/lxd/lxd.log every 24 hours

[Stéphane Graber]

** Changed in: lxd (Ubuntu Xenial)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1635079

Title:
  Properly rotate /var/log/lxd/lxd.log every 24 hours

Status in lxd package in Ubuntu:
  Fix Released
Status in lxd source package in Xenial:
  Fix Released

Bug description:
  /var/log/lxd/lxd.log currently isn't rotated, which means that on very
  busy systems, it can eat up a lot of disk space, even with the pretty
  limited logging that we do by default.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1635079/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1611078] Re: Support snaps inside of lxd containers

[Stéphane Graber]

** Changed in: lxd (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1611078

Title:
  Support snaps inside of lxd containers

Status in Snappy:
  Fix Released
Status in apparmor package in Ubuntu:
  Fix Released
Status in linux package in Ubuntu:
  Fix Released
Status in lxd package in Ubuntu:
  Fix Released
Status in apparmor source package in Xenial:
  Fix Released
Status in linux source package in Xenial:
  Fix Released
Status in lxd source package in Xenial:
  Fix Released
Status in apparmor source package in Yakkety:
  Fix Released
Status in linux source package in Yakkety:
  Fix Released
Status in lxd source package in Yakkety:
  Fix Released

Bug description:
  I tried following the instructions on snapcraft.io and got a failure.
  See the output below.  I've also attached the relevant output from
  running "journalctl -xe".

  uname: Linux 3.19.0-65-generic x86_64
  release: Ubuntu 16.04
  package: snapd 2.11+0.16.04

  Notably, I'm running this in an LXD container (version: 2.0.0.rc9).

  -

  $ sudo snap install hello-world
  64.75 MB / 64.75 MB 
[==]
 100.00 % 2.85 MB/s 

  error: cannot perform the following tasks:
  - Mount snap "ubuntu-core" (122) ([start snap-ubuntu\x2dcore-122.mount] 
failed with exit status 1: Job for snap-ubuntu\x2dcore-122.mount failed. See 
"systemctl status "snap-ubuntu\\x2dcore-122.mount"" and "journalctl -xe" for 
details.
  )
  $ ls -la /snap
  total 4K
  drwxr-xr-x 3 root root 4096 Aug  8 17:49 ubuntu-core
  $ ls -la /snap/ubuntu-core/
  total 4K
  drwxr-xr-x 2 root root 4096 Aug  8 17:49 122
  $ ls -la /snap/ubuntu-core/122/
  total 0K
  $ systemctl status "snap-ubuntu\\x2dcore-122.mount"
  ● snap-ubuntu\x2dcore-122.mount - Mount unit for ubuntu-core
 Loaded: loaded (/etc/systemd/system/snap-ubuntu\x2dcore-122.mount; 
enabled; vendor preset: enabled)
 Active: failed (Result: exit-code) since Mon 2016-08-08 17:49:36 UTC; 6min 
ago
  Where: /snap/ubuntu-core/122
   What: /var/lib/snapd/snaps/ubuntu-core_122.snap
Process: 31781 ExecMount=/bin/mount 
/var/lib/snapd/snaps/ubuntu-core_122.snap /snap/ubuntu-core/122 -t squashfs 
(code=exited, status=32)

  Aug 08 17:49:35 my-host systemd[1]: Mounting Mount unit for ubuntu-core...
  Aug 08 17:49:35 my-host mount[31781]: mount: /snap/ubuntu-core/122: mount 
failed: Unknown error -1
  Aug 08 17:49:36 my-host systemd[1]: snap-ubuntu\x2dcore-122.mount: Mount 
process exited, code=exited status=32
  Aug 08 17:49:36 my-host systemd[1]: Failed to mount Mount unit for 
ubuntu-core.
  Aug 08 17:49:36 my-host systemd[1]: snap-ubuntu\x2dcore-122.mount: Unit 
entered failed state.

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1611078/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1710753] Re: Please upgrade Xenial/Zesty to use the latest LTS point release of Tor (0.2.9)

[Stéphane Graber]

** Also affects: tor (Ubuntu Zesty)
   Importance: Undecided
   Status: New

** Also affects: tor (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: tor (Ubuntu)
   Status: Confirmed => Fix Released

** Changed in: tor (Ubuntu Xenial)
   Status: New => Triaged

** Changed in: tor (Ubuntu Zesty)
   Status: New => Triaged

** Changed in: tor (Ubuntu Xenial)
   Importance: Undecided => Medium

** Changed in: tor (Ubuntu Zesty)
   Importance: Undecided => Medium

** Changed in: tor (Ubuntu Xenial)
 Assignee: (unassigned) => Simon Déziel (sdeziel)

** Changed in: tor (Ubuntu Zesty)
 Assignee: (unassigned) => Simon Déziel (sdeziel)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1710753

Title:
  Please upgrade Xenial/Zesty to use the latest LTS point release of Tor
  (0.2.9)

Status in tor package in Ubuntu:
  Fix Released
Status in tor source package in Xenial:
  Triaged
Status in tor source package in Zesty:
  Triaged

Bug description:
  Currently, Zesty ships with Tor 0.2.9.10 but the latest point release
  is 0.2.9.11 [1]. Xenial is shipping 0.2.7.6 while the 0.2.7 branch
  reached its end of life on August 1st 2017 [2].

  Since Tor is a security sensitive package, tracking upstream point
  releases for that LTS branch would keep Ubuntu users safe.

  1: https://gitweb.torproject.org/tor.git/plain/ReleaseNotes?id=tor-0.2.9.11
  2: 
https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/CoreTorReleases

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tor/+bug/1710753/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1602192] Re: when starting many LXD containers, they start failing to boot with "Too many open files"

[Stéphane Graber]

** Also affects: lxd (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Description changed:

- Reported by Uros Jovanovic here: https://bugs.launchpad.net/juju-
- core/+bug/1593828/comments/18
+ == SRU
+ === Rationale
+ LXD containers using systemd will use a very large amount of inotify watches. 
This means that a system will typically run out of global watches with as 
little as 15 Ubuntu 16.04 containers.
+ 
+ An easy fix for the issue is to bump the number of user watches up to
+ 1024, making it possible to run around 100 containers before hitting the
+ limit again.
+ 
+ To do so, LXD is now shipping a sysctl.d file which bumps that
+ particular limit on systems that have LXD installed.
+ 
+ === Testcase
+ 1) Upgrade LXD
+ 2) Spawn about 50 Ubuntu 16.04 containers ("lxc launch ubuntu:16.04")
+ 3) Check that they all get an IP address ("lxc list"), that's a pretty good 
sign that they booted properly
+ 
+ === Regression potential
+ Not expecting anything here. Juju has shipped a similar configuration for a 
while now and so have the LXD feature releases.
+ 
+ We pretty much just forgot to include this particular change in our LTS
+ packaging branch
+ 
+ 
+ == Original bug report
+ Reported by Uros Jovanovic here: 
https://bugs.launchpad.net/juju-core/+bug/1593828/comments/18
  
  "...
  However, if you bootstrap LXD and do:
  
  juju bootstrap localxd lxd --upload-tools
  for i in {1..30}; do juju deploy ubuntu ubuntu$i; sleep 90; done
  
  Somewhere between 10-20-th deploy fails with machine in pending state
  (nothin useful in logs) and none of the new deploys after that first
  pending succeeds. Might be a different bug, but it's easy to verify with
  running that for loop.
  
  So, this particular error was not in my logs, but the controller still
  ends up unable to provision at least 30 machines ..."
  
  I can reproduce this. Looking on the failed machine I can see that jujud
  isn't running, which is why juju considers the machine not up, and in
  fact nothing of juju seems to be installed. There's nothing about juju
  in /var/log.
  
  Comparing cloud-init-output.log between a stuck-pending machine and one
  which has started up fine, they both start with some key-generation
  messages, but the successful machine then has the line:
  
  Cloud-init v. 0.7.7 running 'init' at Tue, 12 Jul 2016 08:32:00 +.
  Up 4.0 seconds.
  
  ...and then a whole lot of juju-installation gubbins, while the failed
  machine log just stops.

** Changed in: lxd (Ubuntu Xenial)
   Status: New => Triaged

** Changed in: lxd (Ubuntu Xenial)
   Status: Triaged => In Progress

** Changed in: lxd (Ubuntu Xenial)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1602192

Title:
  when starting many LXD containers, they start failing to boot with
  "Too many open files"

Status in lxd package in Ubuntu:
  Fix Released
Status in lxd source package in Xenial:
  In Progress

Bug description:
  == SRU
  === Rationale
  LXD containers using systemd will use a very large amount of inotify watches. 
This means that a system will typically run out of global watches with as 
little as 15 Ubuntu 16.04 containers.

  An easy fix for the issue is to bump the number of user watches up to
  1024, making it possible to run around 100 containers before hitting
  the limit again.

  To do so, LXD is now shipping a sysctl.d file which bumps that
  particular limit on systems that have LXD installed.

  === Testcase
  1) Upgrade LXD
  2) Spawn about 50 Ubuntu 16.04 containers ("lxc launch ubuntu:16.04")
  3) Check that they all get an IP address ("lxc list"), that's a pretty good 
sign that they booted properly

  === Regression potential
  Not expecting anything here. Juju has shipped a similar configuration for a 
while now and so have the LXD feature releases.

  We pretty much just forgot to include this particular change in our
  LTS packaging branch

  
  == Original bug report
  Reported by Uros Jovanovic here: 
https://bugs.launchpad.net/juju-core/+bug/1593828/comments/18

  "...
  However, if you bootstrap LXD and do:

  juju bootstrap localxd lxd --upload-tools
  for i in {1..30}; do juju deploy ubuntu ubuntu$i; sleep 90; done

  Somewhere between 10-20-th deploy fails with machine in pending state
  (nothin useful in logs) and none of the new deploys after that first
  pending succeeds. Might be a different bug, but it's easy to verify
  with running that for loop.

  So, this particular error was not in my logs, but the controller still
  ends up unable to provision at least 30 machines ..."

  I can reproduce this. Looking on the failed machine I can see that
  jujud isn't running, which is why juju considers the machine not up,
  and in fact nothing of juju seems to be installed. There's nothing
  about juju in /var/l

[Group.of.nepali.translators] [Bug 1712455] [NEW] LXD 2.0.10 doesn't properly auto-update images

[Stéphane Graber]

Public bug reported:

A number of issues interfere with LXD 2.0.10's ability to update images:
 - The auto_update flag doesn't properly get set on newly downloaded images
 - The cached flag doesn't get properly copied when an image gets refreshed

The combination of those means that LXD effectively only updates images
when a user requests a new container. This at least means that there is
no security impact from this, but this also slows things down quite a
bit and is certainly not the expected behavior.

This fix cherry-picks two upstream fixes that resolve the two
highlighted issues and applies an extra change which will automatically
restore the auto_update flag for any image that is marked as "cached" in
the store.

== Rationale
LXD regressed in its background update code, leading to most LXD hosts storing 
stale images and only refreshing them when a user asks for a new container to 
be created.

This is pretty different from the expected behavior of LXD refreshing
all its images every 6 hours.

The fix restores the old behavior and attempts to reset the update flag
on images which are supposed to auto-update.

== Test case
1) Setup two LXD hosts on LXD 2.0.10
2) On the first LXD host, copy an image ("lxc image copy ubuntu:16.04 local: 
--alias blah")
3) Add teh first LXD host as a remote to the second LXD host
4) Create a container on the second LXD host using ("lxc init :blah c1")
5) On the first host, change the target of the alias ("lxc image copy 
ubuntu:14.04 local: --alias blah")
6) On the second host, look at the content of the image store ("lxc image list")
7) On the second host, restart LXD ("systemctl restart lxd")
8) On the second host, confirm that LXD is done starting ("tail -f 
/var/log/lxd/lxd.log")
9) On the second host, look at the content of the image store again ("lxc image 
list")

On a properly functionaling LXD, at step 9) you'll see the new image in
the image store with the old one gone. On a broken LXD, the initial
image is there and there's no sign of the new one.

== Regression potential
The changes being pushed here are coming from existing LXD releases (2.16) so 
have seen significant use already. The main risk I can think of is in the DB 
patch that's included in this change.

That code is very restrictive and will only set the auto-update flag on
an image which is marked as cached (was automatically downloaded) and
has a known source (as required for auto-update).

This will not fix images which have been already updated by LXD through
container launch as those will have lost their cached flag due to the
other bug we're fixing here, but attempting to fix those would just be
guesswork as any information on how the image ended up in the store is
lost at that point.

** Affects: lxd (Ubuntu)
 Importance: Undecided
 Status: Fix Released

** Affects: lxd (Ubuntu Trusty)
     Importance: Undecided
 Status: New

** Affects: lxd (Ubuntu Xenial)
 Importance: High
 Assignee: Stéphane Graber (stgraber)
 Status: In Progress

** Also affects: lxd (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Also affects: lxd (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: lxd (Ubuntu)
   Status: New => Fix Released

** Changed in: lxd (Ubuntu Xenial)
   Status: New => In Progress

** Changed in: lxd (Ubuntu Xenial)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

** Changed in: lxd (Ubuntu Xenial)
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1712455

Title:
  LXD 2.0.10 doesn't properly auto-update images

Status in lxd package in Ubuntu:
  Fix Released
Status in lxd source package in Trusty:
  New
Status in lxd source package in Xenial:
  In Progress

Bug description:
  A number of issues interfere with LXD 2.0.10's ability to update images:
   - The auto_update flag doesn't properly get set on newly downloaded images
   - The cached flag doesn't get properly copied when an image gets refreshed

  The combination of those means that LXD effectively only updates
  images when a user requests a new container. This at least means that
  there is no security impact from this, but this also slows things down
  quite a bit and is certainly not the expected behavior.

  This fix cherry-picks two upstream fixes that resolve the two
  highlighted issues and applies an extra change which will
  automatically restore the auto_update flag for any image that is
  marked as "cached" in the store.

  == Rationale
  LXD regressed in its background update code, leading to most LXD hosts 
storing stale images and only refreshing them when a user asks for a new 
container to 

[Group.of.nepali.translators] [Bug 1567557] Re: Performance degradation of "zfs clone"

[Stéphane Graber]

** No longer affects: lxd (Ubuntu Xenial)

** No longer affects: lxd (Ubuntu Zesty)

** No longer affects: lxd (Ubuntu Artful)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1567557

Title:
  Performance degradation of "zfs clone"

Status in Native ZFS for Linux:
  New
Status in zfs-linux package in Ubuntu:
  Fix Released
Status in zfs-linux source package in Xenial:
  Fix Committed
Status in zfs-linux source package in Zesty:
  Fix Committed
Status in zfs-linux source package in Artful:
  Fix Released

Bug description:
  [SRU Justification]

  Creating tens of hundreds of clones can be prohibitively slow. The
  underlying mechanism to gather clone information is using a 16K buffer
  which limits performance.  Also, the initial assumption is to pass in
  zero sized buffer to   the underlying ioctl() to get an idea of the
  size of the buffer required to fetch information back to userspace.
  If we bump the initial buffer to a larger size then we reduce the need
  for two ioctl calls which improves performance.

  [Fix]
  Bump initial buffer size from 16K to 256K

  [Regression Potential]
  This is minimal as this is just a tweak in the initial buffer size and larger 
sizes are handled correctly by ZFS since they are normally used on the second 
ioctl() call once we have established the size of the buffer required from the 
first ioctl() call. Larger initial buffers just remove the need for the initial 
size estimation for most cases where the number of clones is less than ~5000.  
There is a risk that a larger buffer size could lead to a ENOMEM issue when 
allocating the buffer, but the size of buffer used is still trivial for modern 
large 64 bit servers running ZFS.

  [Test case]
  Create 4000 clones. With the fix this takes 35-40% less time than without the 
fix. See the example test.sh script as an example of how to create this many 
clones.


  
  --

  I've been running some scale tests for LXD and what I've noticed is
  that "zfs clone" gets slower and slower as the zfs filesystem is
  getting busier.

  It feels like "zfs clone" requires some kind of pool-wide lock or
  something and so needs for all operations to complete before it can
  clone a new filesystem.

  A basic LXD scale test with btrfs vs zfs shows what I mean, see below
  for the reports.

  The test is run on a completely dedicated physical server with the
  pool on a dedicated SSD, the exact same machine and SSD was used for
  the btrfs test.

  The zfs filesystem is configured with those settings:
   - relatime=on
   - sync=disabled
   - xattr=sa

  So it shouldn't be related to pending sync() calls...

  The workload in this case is ultimately 1024 containers running busybox as 
their init system and udhcpc grabbing an IP.
  The problem gets significantly worse if spawning busier containers, say a 
full Ubuntu system.

  === zfs ===
  root@edfu:~# /home/ubuntu/lxd-benchmark spawn --count=1024 
--image=images:alpine/edge/amd64 --privileged=true
  Test environment:
    Server backend: lxd
    Server version: 2.0.0.rc8
    Kernel: Linux
    Kernel architecture: x86_64
    Kernel version: 4.4.0-16-generic
    Storage backend: zfs
    Storage version: 5
    Container backend: lxc
    Container version: 2.0.0.rc15

  Test variables:
    Container count: 1024
    Container mode: privileged
    Image: images:alpine/edge/amd64
    Batches: 128
    Batch size: 8
    Remainder: 0

  [Apr  3 06:42:51.170] Importing image into local store: 
64192037277800298d8c19473c055868e0288b039349b1c6579971fe99fdbac7
  [Apr  3 06:42:52.657] Starting the test
  [Apr  3 06:42:53.994] Started 8 containers in 1.336s
  [Apr  3 06:42:55.521] Started 16 containers in 2.864s
  [Apr  3 06:42:58.632] Started 32 containers in 5.975s
  [Apr  3 06:43:05.399] Started 64 containers in 12.742s
  [Apr  3 06:43:20.343] Started 128 containers in 27.686s
  [Apr  3 06:43:57.269] Started 256 containers in 64.612s
  [Apr  3 06:46:09.112] Started 512 containers in 196.455s
  [Apr  3 06:58:19.309] Started 1024 containers in 926.652s
  [Apr  3 06:58:19.309] Test completed in 926.652s

  === btrfs ===
  Test environment:
    Server backend: lxd
    Server version: 2.0.0.rc8
    Kernel: Linux
    Kernel architecture: x86_64
    Kernel version: 4.4.0-16-generic
    Storage backend: btrfs
    Storage version: 4.4
    Container backend: lxc
    Container version: 2.0.0.rc15

  Test variables:
    Container count: 1024
    Container mode: privileged
    Image: images:alpine/edge/amd64
    Batches: 128
    Batch size: 8
    Remainder: 0

  [Apr  3 07:42:12.053] Importing image into local store: 
64192037277800298d8c19473c055868e0288b039349b1c6579971fe99fdbac7
  [Apr  3 07:42:13.351] Starting the test
  [Apr  3 07:42:14.793] Started 8 containers in 1.442s
  [Apr  3 07:42:16.495] Started 16 conta

[Group.of.nepali.translators] [Bug 1567557] Re: Performance degradation of "zfs clone"

[Stéphane Graber]

** No longer affects: lxd (Ubuntu)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1567557

Title:
  Performance degradation of "zfs clone"

Status in Native ZFS for Linux:
  New
Status in zfs-linux package in Ubuntu:
  Fix Released
Status in lxd source package in Xenial:
  New
Status in zfs-linux source package in Xenial:
  Fix Committed
Status in lxd source package in Zesty:
  New
Status in zfs-linux source package in Zesty:
  Fix Committed
Status in lxd source package in Artful:
  Confirmed
Status in zfs-linux source package in Artful:
  Fix Released

Bug description:
  [SRU Justification]

  Creating tens of hundreds of clones can be prohibitively slow. The
  underlying mechanism to gather clone information is using a 16K buffer
  which limits performance.  Also, the initial assumption is to pass in
  zero sized buffer to   the underlying ioctl() to get an idea of the
  size of the buffer required to fetch information back to userspace.
  If we bump the initial buffer to a larger size then we reduce the need
  for two ioctl calls which improves performance.

  [Fix]
  Bump initial buffer size from 16K to 256K

  [Regression Potential]
  This is minimal as this is just a tweak in the initial buffer size and larger 
sizes are handled correctly by ZFS since they are normally used on the second 
ioctl() call once we have established the size of the buffer required from the 
first ioctl() call. Larger initial buffers just remove the need for the initial 
size estimation for most cases where the number of clones is less than ~5000.  
There is a risk that a larger buffer size could lead to a ENOMEM issue when 
allocating the buffer, but the size of buffer used is still trivial for modern 
large 64 bit servers running ZFS.

  [Test case]
  Create 4000 clones. With the fix this takes 35-40% less time than without the 
fix. See the example test.sh script as an example of how to create this many 
clones.


  
  --

  I've been running some scale tests for LXD and what I've noticed is
  that "zfs clone" gets slower and slower as the zfs filesystem is
  getting busier.

  It feels like "zfs clone" requires some kind of pool-wide lock or
  something and so needs for all operations to complete before it can
  clone a new filesystem.

  A basic LXD scale test with btrfs vs zfs shows what I mean, see below
  for the reports.

  The test is run on a completely dedicated physical server with the
  pool on a dedicated SSD, the exact same machine and SSD was used for
  the btrfs test.

  The zfs filesystem is configured with those settings:
   - relatime=on
   - sync=disabled
   - xattr=sa

  So it shouldn't be related to pending sync() calls...

  The workload in this case is ultimately 1024 containers running busybox as 
their init system and udhcpc grabbing an IP.
  The problem gets significantly worse if spawning busier containers, say a 
full Ubuntu system.

  === zfs ===
  root@edfu:~# /home/ubuntu/lxd-benchmark spawn --count=1024 
--image=images:alpine/edge/amd64 --privileged=true
  Test environment:
    Server backend: lxd
    Server version: 2.0.0.rc8
    Kernel: Linux
    Kernel architecture: x86_64
    Kernel version: 4.4.0-16-generic
    Storage backend: zfs
    Storage version: 5
    Container backend: lxc
    Container version: 2.0.0.rc15

  Test variables:
    Container count: 1024
    Container mode: privileged
    Image: images:alpine/edge/amd64
    Batches: 128
    Batch size: 8
    Remainder: 0

  [Apr  3 06:42:51.170] Importing image into local store: 
64192037277800298d8c19473c055868e0288b039349b1c6579971fe99fdbac7
  [Apr  3 06:42:52.657] Starting the test
  [Apr  3 06:42:53.994] Started 8 containers in 1.336s
  [Apr  3 06:42:55.521] Started 16 containers in 2.864s
  [Apr  3 06:42:58.632] Started 32 containers in 5.975s
  [Apr  3 06:43:05.399] Started 64 containers in 12.742s
  [Apr  3 06:43:20.343] Started 128 containers in 27.686s
  [Apr  3 06:43:57.269] Started 256 containers in 64.612s
  [Apr  3 06:46:09.112] Started 512 containers in 196.455s
  [Apr  3 06:58:19.309] Started 1024 containers in 926.652s
  [Apr  3 06:58:19.309] Test completed in 926.652s

  === btrfs ===
  Test environment:
    Server backend: lxd
    Server version: 2.0.0.rc8
    Kernel: Linux
    Kernel architecture: x86_64
    Kernel version: 4.4.0-16-generic
    Storage backend: btrfs
    Storage version: 4.4
    Container backend: lxc
    Container version: 2.0.0.rc15

  Test variables:
    Container count: 1024
    Container mode: privileged
    Image: images:alpine/edge/amd64
    Batches: 128
    Batch size: 8
    Remainder: 0

  [Apr  3 07:42:12.053] Importing image into local store: 
64192037277800298d8c19473c055868e0288b039349b1c6579971fe99fdbac7
  [Apr  3 07:42:13.351] Starting the test
  [Apr  3 07:42:14.793] Started 8 containers

[Group.of.nepali.translators] [Bug 1691911] Re: SRU of LXC 2.0.8

[Stéphane Graber]

** Changed in: lxc (Ubuntu Zesty)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1691911

Title:
  SRU of LXC 2.0.8

Status in lxc package in Ubuntu:
  Fix Released
Status in lxc source package in Trusty:
  New
Status in lxc source package in Xenial:
  Fix Released
Status in lxc source package in Yakkety:
  Fix Released
Status in lxc source package in Zesty:
  Fix Released
Status in lxc source package in Artful:
  Fix Released

Bug description:
  LXC upstream released LXC 2.0.8 as a bugfix release with following changelog:
  - Security fix for CVE-2017-5985 (previously fixed in Ubuntu)

  - All templates have been updated to not set default passwords anymore,
instead requiring lxc-attach be used to configure users.

This may affect some automated environments that were relying on our
default (very much insecure) users.

  - Make lxc-start-ephemeral Python 3.2-compatible
  - Fix typo
  - Allow build without sys/capability.h
  - lxc-opensuse: fix default value for release code
  - util: always malloc for setproctitle
  - util: update setproctitle comments
  - confile: clear lxc.network..ipv{4,6} when empty
  - lxc_setup_tios(): Ignore SIGTTOU and SIGTTIN signals
  - Make lxc-net return non-zero on failure
  - seccomp: allow x32 guests on amd64 hosts.
  - Add HAVE_LIBCAP
  - c/r: only supply --ext-mount-map for bind mounts
  - Added 'mkdir -p' functionality in create_or_remove_cgroup
  - Use LXC_ROOTFS_MOUNT in clonehostname hook
  - squeeze is not a supported release anymore, drop the key
  - start: dumb down SIGCHLD from WARN() to NOTICE()
  - log: fix lxc_unix_epoch_to_utc()
  - cgfsng: make trim() safer
  - seccomp: set SCMP_FLTATR_ATL_TSKIP if available
  - lxc-user-nic: re-order #includes
  - lxc-user-nic: improve + bugfix
  - lxc-user-nic: delete link on failure
  - conf: only try to delete veth when privileged
  - Fix lxc-containers to support multiple bridges
  - Fix mixed tab/spaces in previous patch
  - lxc-alpine: use dl-cdn.a.o as default mirror instead of random one
  - lxc-checkconfig: verify new[ug]idmap are setuid-root
  - [templates] archlinux: resolve conflicting files
  - [templates] archlinux: noneed default_timezone variable
  - python3: Deal with potential NULL char*
  - lxc-download.in / allow setting keyserver from env
  - lxc-download.in / Document keyserver change in help
  - Change variable check to match existing style
  - tree-wide: include directly
  - conf/ile: make sure buffer is large enough
  - tree-wide: include directly
  - tests: Support running on IPv6 networks
  - tests: Kill containers (don't wait for shutdown)
  - Fix opening wrong file in suggest_default_idmap
  - do not set the root password in the debian template
  - do not set insecure passwords
  - don't set a default password for altlinux, gentoo, openmandriva and pld
  - tools: exit with return code of lxc_execute()
  - Keep veth.pair.name on network shutdown
  - Makefile: fix static clang init.lxc build
  - Avoid waiting for bridge interface if disabled in sysconfig/lxc
  - Increased buffer length in print_stats()
  - avoid assigning to a variable which is not POSIX shell proof (bug #1498)
  - remove obsolete note about api stability
  - conf: less error prone pointer access
  - conf: lxc_map_ids() non-functional changes
  - caps: add lxc_{proc,file}_cap_is_set()
  - conf: check for {filecaps,setuid} on new{g,u}idmap
  - conf: improve log when mounting rootfs
  - ls: simplify the judgment condition when list active containers
  - fix typo introduced in #1509
  - attach|unshare: fix the wrong comment
  - caps: skip file capability checks on android
  - autotools: check for cap_get_file
  - caps: return false if caps are not supported
  - conf: non-functional changes to setup_pts()
  - conf: use bind-mount for /dev/ptmx
  - conf: non-functional changes
  - utils: use loop device helpers from LXD
  - create ISSUE_TEMPLATE.md
  - cgroups: improve cgfsng debugging
  - issue template: fix typo
  - conf: close fd in lxc_setup_devpts()
  - conf: non-functional changes
  - utils: tweak lxc_mount_proc_if_needed()
  - Change sshd template to work with Ubuntu 17.04
  - conf: order mount options
  - conf: add MS_LAZYTIME to mount options
  - monitor: report errno on exec() error
  - af unix: allow for maximum socket name
  - commands: avoid NULL pointer dereference
  - commands: non-functional changes
  - lxccontainer: avoid NULL pointer dereference
  - monitor: simplify abstract soc

[Group.of.nepali.translators] [Bug 1686036] Re: mountpoint remains in use after restore snapshot

[Stéphane Graber]

xenial, yakkety and zesty will get the fix when we backport LXD 2.14.

Is LXD 2.0.x also affected? If so, I'm not sure we have a fix for it in
2.0.10, so we'd need a fix in stable-2.0 upstream so that 2.0.11 can
have it.

** Changed in: lxd (Ubuntu Artful)
   Status: Fix Committed => Fix Released

** Changed in: lxd (Ubuntu Zesty)
   Status: New => Triaged

** Changed in: lxd (Ubuntu Yakkety)
   Status: New => Triaged

** Changed in: lxd (Ubuntu Xenial)
   Status: New => Triaged

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1686036

Title:
  mountpoint remains in use after restore snapshot

Status in lxd package in Ubuntu:
  Fix Released
Status in lxd source package in Xenial:
  Triaged
Status in lxd source package in Yakkety:
  Triaged
Status in lxd source package in Zesty:
  Triaged
Status in lxd source package in Artful:
  Fix Released

Bug description:
  uname -a
  Linux lxd2-chel1 4.4.0-72-generic #93-Ubuntu SMP Fri Mar 31 14:07:41 UTC 2017 
x86_64 x86_64 x86_64 GNU/Linux

  lxd: 2.12-0ubuntu3~ubuntu16.04.1~ppa1
  zfsutils-linux: 0.6.5.6-0ubuntu16

  # lsb_release -a
  No LSB modules are available.
  Distributor ID: Ubuntu
  Description:Ubuntu 16.04.2 LTS
  Release:16.04
  Codename:   xenial

  after restore container from shapshot cannot add new snapshot or restore again
  until restart container

  example:

  
  # lxc image list
  
+---+--++--++-+--+
  | ALIAS | FINGERPRINT  | PUBLIC | DESCRIPTION 
 |  ARCH  |  SIZE   | UPLOAD DATE  |
  
+---+--++--++-+--+
  | debian/jessie | ba43812c4cb9 | no | Debian jessie amd64 
(20170423_22:42) | x86_64 | 94.14MB | Apr 24, 2017 at 9:07am (UTC) |
  
+---+--++--++-+--+

  # lxc launch debian/jessie
  Creating popular-kitten

  The container you are starting doesn't have any network attached to it.
To create a new network, use: lxc network create
To attach a network to a container, use: lxc network attach

  Starting popular-kitten

  
  # lxc info popular-kitten
  Name: popular-kitten
  Remote: unix:/var/lib/lxd/unix.socket
  Architecture: x86_64
  Created: 2017/04/25 07:17 UTC
  Status: Running
  Type: persistent
  Profiles: default
  Pid: 6965
  Ips:
lo:   inet127.0.0.1
lo:   inet6   ::1
  Resources:
Processes: 7
Disk usage:
  root: 1.48MB
CPU usage:
  CPU usage (in seconds): 25
Memory usage:
  Memory (current): 16.22MB
  Memory (peak): 23.01MB
Network usage:
  lo:
Bytes received: 0B
Bytes sent: 0B
Packets received: 0
Packets sent: 0

  # lxc profile show default
  config: {}
  description: Default LXD profile
  devices:
root:
  path: /
  pool: main-pool
  type: disk
  name: default
  used_by:
  - /1.0/containers/popular-kitten
  # lxc snapshot popular-kitten

  # zfs get mounted main-pool/containers/popular-kitten 
  NAME PROPERTY  VALUESOURCE
  main-pool/containers/popular-kitten  mounted   yes  -

  # zfs get mounted main-pool/snapshots/popular-kitten 
  NAMEPROPERTY  VALUESOURCE
  main-pool/snapshots/popular-kitten  mounted   yes  -

  # lxc restore popular-kitten snap0

  # zfs get mounted main-pool/snapshots/popular-kitten
  NAMEPROPERTY  VALUESOURCE
  main-pool/snapshots/popular-kitten  mounted   yes  -

  # zfs get mounted main-pool/containers/popular-kitten
  NAME PROPERTY  VALUESOURCE
  main-pool/containers/popular-kitten  mounted   no   -

  # lxc snapshot popular-kitten 
  error: Failed to mount ZFS filesystem: filesystem 
'main-pool/containers/popular-kitten' is already mounted
  cannot mount 'main-pool/containers/popular-kitten': mountpoint or dataset is 
busy

  # lxc restore popular-kitten snap0
  error: Failed to mount ZFS filesystem: filesystem 
'main-pool/containers/popular-kitten' is already mounted
  cannot mount 'main-pool/containers/popular-kitten': mountpoint or dataset is 
busy

  but container still work:

  # lxc info popular-kitten
  Name: popular-kitten
  Remote: unix:/var/lib/lxd/unix.socket
  Architecture: x86_64
  Created: 2017/04/25 07:17 UTC
  Status: Running
  ...

  # lxc exec popular-kitten bash
  root@popular-kitten:~# uptime
   07:34:06 up 8 min,  0 users,  load average: 0.00, 0.02, 0.03

  after restart container:

  # lxc restart popular-kitten

  # zfs get mounted main-pool/containers/popu

[Group.of.nepali.translators] [Bug 1693340] [NEW] SRU of LXD 2.0.10 (upstream bugfix release)

[Stéphane Graber]

Public bug reported:

LXD upstream released LXD 2.0.10 as a bugfix release with following changelog:
- client: Backported the new client library and ported some of the
  internal commands over to it
- lxc: Add a manpage command
- lxc: Allow --version to be passed with any command
- lxc: Reworked all help messages in the client to work with help2man
- lxd: AppArmor namespacing is now also enabled for privileged containers

- build: Add debug logging
- client: Fix profile list
- client: Remove unneeded condition
- doc: Add instructions to grow ZFS loop
- doc: Add note about escaping btrfs qgroups
- doc: Add note about restricting access to kernel ring buffer
- doc: Extract containers documentation to containers.md
- doc: Extract profiles documentation to profiles.md
- doc: Extract server documentation to server.md
- doc: Fix badly named example device
- doc: Fix broken table
- doc: Note that LXD assumes full control over the pool
- doc: Update configuration.md with links to other documents
- doc: Update README.md for new API client
- extra/lxc-to-lxd: Don't crash on missing mount file
- extra/lxc-to-lxd: Typo in description of --move-rootfs
- extra/vagrant: Trailing whitespace
- global: Fix error handling in all filepath.Walk calls
- global: Fix a number of typos
- global: Forward user-agent and other headers on redirect
- global: Replace file Chmod() with os.Chmod()
- global: Use containerGetParentAndSnapshotName()
- global: Use RunCommand everywhere
- lxc: Don't include spaces in translated strings
- lxc: Improve batch mode
- lxc: Make help/usage a bit more consistent
- lxc: Move common functions/types to utils.go
- lxc: Properly clear transfer stats on error
- lxc: Rework for better manpages
- lxc/config: Add new config handling code
- lxc/config: Always use "simplestreams" for images:
- lxc/config: Fix path handling
- lxc/config: Fix SaveConfig's DeepCopy call
- lxc/copy: Improve error handling
- lxc/copy: Return the source error too
- lxc/copy: Simplify
- lxc/copy: Wait asynchronously
- lxc/image: Show the alias description
- lxc/image: Trailing whitespace
- lxc/init: Drop unnecessary else statement
- lxc/list: Document list format options
- lxc/list: Fix regression in json output
- lxc/list: Move common data extraction to a helper function
- lxc/profile: Properly implement "profile unset"
- lxc/publish: Wait for the conainer to be running
- lxc/remote: Show the fingerprint as string not hex
- lxc/utils: Implement progress tracking for operations
- lxd: Drop use of logger.Log when not needed
- lxd/apparmor: Fix AppArmor stack handling with nesting
- lxd/containers: Add containerGetParentAndSnapshotName()
- lxd/containers: Added soft limit in initLXD()
- lxd/containers: Added soft memory limit even when hard is selected
- lxd/containers: Add extra validation for unix-block/unix-char
- lxd/containers: Add function to detect root disk device
- lxd/containers: Allow for stable host interface names
- lxd/containers: Clarify uid/gid error
- lxd/containers: Cleanup root device validation
- lxd/containers: Disable IPv6 on host side veth when bridged
- lxd/containers: Don't ignore snapshot deletion failures
- lxd/containers: Don't parse id ranges as int32
- lxd/containers: Don't report migration success on failure
- lxd/containers: Don't use FindProcess, just pass exec.Cmd
- lxd/containers: Find current max snapshot value
- lxd/containers: Fix bad root device detection code
- lxd/containers: Fix base image tracking
- lxd/containers: Fix concurent read/write to s.conns in exec
- lxd/containers: Fix error handling on FileRemove
- lxd/containers: Fix handling of devices with minor>255
- lxd/containers: Fix override of Devices during copy
- lxd/containers: Fix soft limit logic to use float64
- lxd/containers: Initialize idmap on demand
- lxd/containers: Kill forkexec on abnormal websocket closure
- lxd/containers: Path may only be used by one disk
- lxd/containers: Properly invalidate the idmap cache
- lxd/containers: Properly revert memory limits on failure
- lxd/containers: Properly validate architectures
- lxd/containers: Set default values for USER, HOME and LANG
- lxd/containers: This condition has already been deal
- lxd/containers: Use int64 for uid and gid everywhere
- lxd/containers: Validate container idmap as early as possible
- lxd/containers: Validate expanded configuration after root setup
- lxd/containers: Validate the expanded config at container create
- lxd/daemon: Check for the validity of the id maps at startup
- lxd/daemon: Fix some race conditions
- lxd/daemon: Mount a tmpfs under devlxd
- lxd/daemon: s/Default map/Available map/
   

[Group.of.nepali.translators] [Bug 1691911] [NEW] SRU of LXC 2.0.8

[Stéphane Graber]

Public bug reported:

LXC upstream released LXC 2.0.8 as a bugfix release with following changelog:
- Security fix for CVE-2017-5985 (previously fixed in Ubuntu)

- All templates have been updated to not set default passwords anymore,
  instead requiring lxc-attach be used to configure users.

  This may affect some automated environments that were relying on our
  default (very much insecure) users.

- Make lxc-start-ephemeral Python 3.2-compatible
- Fix typo
- Allow build without sys/capability.h
- lxc-opensuse: fix default value for release code
- util: always malloc for setproctitle
- util: update setproctitle comments
- confile: clear lxc.network..ipv{4,6} when empty
- lxc_setup_tios(): Ignore SIGTTOU and SIGTTIN signals
- Make lxc-net return non-zero on failure
- seccomp: allow x32 guests on amd64 hosts.
- Add HAVE_LIBCAP
- c/r: only supply --ext-mount-map for bind mounts
- Added 'mkdir -p' functionality in create_or_remove_cgroup
- Use LXC_ROOTFS_MOUNT in clonehostname hook
- squeeze is not a supported release anymore, drop the key
- start: dumb down SIGCHLD from WARN() to NOTICE()
- log: fix lxc_unix_epoch_to_utc()
- cgfsng: make trim() safer
- seccomp: set SCMP_FLTATR_ATL_TSKIP if available
- lxc-user-nic: re-order #includes
- lxc-user-nic: improve + bugfix
- lxc-user-nic: delete link on failure
- conf: only try to delete veth when privileged
- Fix lxc-containers to support multiple bridges
- Fix mixed tab/spaces in previous patch
- lxc-alpine: use dl-cdn.a.o as default mirror instead of random one
- lxc-checkconfig: verify new[ug]idmap are setuid-root
- [templates] archlinux: resolve conflicting files
- [templates] archlinux: noneed default_timezone variable
- python3: Deal with potential NULL char*
- lxc-download.in / allow setting keyserver from env
- lxc-download.in / Document keyserver change in help
- Change variable check to match existing style
- tree-wide: include directly
- conf/ile: make sure buffer is large enough
- tree-wide: include directly
- tests: Support running on IPv6 networks
- tests: Kill containers (don't wait for shutdown)
- Fix opening wrong file in suggest_default_idmap
- do not set the root password in the debian template
- do not set insecure passwords
- don't set a default password for altlinux, gentoo, openmandriva and pld
- tools: exit with return code of lxc_execute()
- Keep veth.pair.name on network shutdown
- Makefile: fix static clang init.lxc build
- Avoid waiting for bridge interface if disabled in sysconfig/lxc
- Increased buffer length in print_stats()
- avoid assigning to a variable which is not POSIX shell proof (bug #1498)
- remove obsolete note about api stability
- conf: less error prone pointer access
- conf: lxc_map_ids() non-functional changes
- caps: add lxc_{proc,file}_cap_is_set()
- conf: check for {filecaps,setuid} on new{g,u}idmap
- conf: improve log when mounting rootfs
- ls: simplify the judgment condition when list active containers
- fix typo introduced in #1509
- attach|unshare: fix the wrong comment
- caps: skip file capability checks on android
- autotools: check for cap_get_file
- caps: return false if caps are not supported
- conf: non-functional changes to setup_pts()
- conf: use bind-mount for /dev/ptmx
- conf: non-functional changes
- utils: use loop device helpers from LXD
- create ISSUE_TEMPLATE.md
- cgroups: improve cgfsng debugging
- issue template: fix typo
- conf: close fd in lxc_setup_devpts()
- conf: non-functional changes
- utils: tweak lxc_mount_proc_if_needed()
- Change sshd template to work with Ubuntu 17.04
- conf: order mount options
- conf: add MS_LAZYTIME to mount options
- monitor: report errno on exec() error
- af unix: allow for maximum socket name
- commands: avoid NULL pointer dereference
- commands: non-functional changes
- lxccontainer: avoid NULL pointer dereference
- monitor: simplify abstract socket logic
- precise is not the latest LTS, let's use xenial instead
- fix the wrong exit status
- conf: non-functional changes lxc_fill_autodev()
- conf: remove /dev/console from lxc_fill_autodev()
- conf: non-functional changes lxc_setup()
- conf: non-functional changes to console functions
- conf: improve lxc_setup_dev_console()
- conf: lxc_setup_ttydir_console()
- config: remove /dev/console bind mount
- doc: document console behavior
- utils: add lxc_unstack_mountpoint()
- conf: unstack all mounts atop /dev/console
- console: fail when we cannot allocate peer tty
- start: remove umount2()
- conf: non-functional changes
- utils: handle > 2^31 in lxc_unstack_mountpoint()
- Install systemd units for CentOS
- Merge ub

[Group.of.nepali.translators] [Bug 1691239] [NEW] SRU of LXCFS 2.0.7 (upstream bugfix release)

[Stéphane Graber]

Public bug reported:

LXCFS upstream released LXCFS 2.0.7 as a bugfix release with following 
changelog:
 - Remove unused variable
 - Also check next variable for NULL on cg_rmdir
 - virtualize the 'btime' field of /proc/stat
 - cleanup: return false instead of NULL as bool
 - Limit memswlimit by TotalSwap
 - pam_cgfs: remove dead assignment
 - pam_cgfs: return created directly
 - pam_cgfs: make sure that **p is not NULL
 - bindings: Want space for ints? Call sizeof(int)!
 - pam_cgfs: make trim() safer
 - pam_cgfs: error out on failure in cgv2_init()
 - pam_cgfs: remove dead assignment
 - bindings: implement guest nice
 - bindings: increase reserved buffer size a little

Just like Ubuntu itself, upstream releases long term support releases,
as is 2.0 and then periodic point releases including all the accumulated
bugfixes.

Only the latest upstream release gets full support from the upstream
developers, everyone else is expected to first update to it before
receiving any kind of support.

This bugfix release has already been uploaded to Zesty and automatically
backported in the upstream PPAs for all Ubuntu releases. So far without
any reported regression.

This should qualify under the minor upstream bugfix release allowance of
the SRU policy, letting us SRU this without paperwork for every single
change included in this upstream release.

Once the SRU hits -updates, we will be backporting this to trusty-
backports as well, making sure we have the same version everywhere.

** Affects: lxcfs (Ubuntu)
 Importance: Undecided
 Status: Fix Released

** Affects: lxcfs (Ubuntu Trusty)
 Importance: Undecided
 Status: Triaged

** Affects: lxcfs (Ubuntu Xenial)
 Importance: Undecided
 Status: Triaged

** Affects: lxcfs (Ubuntu Yakkety)
 Importance: Undecided
 Status: Triaged

** Affects: lxcfs (Ubuntu Zesty)
 Importance: Undecided
 Status: Triaged

** Affects: lxcfs (Ubuntu Artful)
 Importance: Undecided
 Status: Fix Released

** Also affects: lxcfs (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: lxcfs (Ubuntu Yakkety)
   Importance: Undecided
   Status: New

** Also affects: lxcfs (Ubuntu Artful)
   Importance: Undecided
   Status: New

** Also affects: lxcfs (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Also affects: lxcfs (Ubuntu Zesty)
   Importance: Undecided
   Status: New

** Changed in: lxcfs (Ubuntu Artful)
   Status: New => Fix Released

** Changed in: lxcfs (Ubuntu Zesty)
   Status: New => Triaged

** Changed in: lxcfs (Ubuntu Yakkety)
   Status: New => Triaged

** Changed in: lxcfs (Ubuntu Xenial)
   Status: New => Triaged

** Changed in: lxcfs (Ubuntu Trusty)
   Status: New => Triaged

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1691239

Title:
  SRU of LXCFS 2.0.7 (upstream bugfix release)

Status in lxcfs package in Ubuntu:
  Fix Released
Status in lxcfs source package in Trusty:
  Triaged
Status in lxcfs source package in Xenial:
  Triaged
Status in lxcfs source package in Yakkety:
  Triaged
Status in lxcfs source package in Zesty:
  Triaged
Status in lxcfs source package in Artful:
  Fix Released

Bug description:
  LXCFS upstream released LXCFS 2.0.7 as a bugfix release with following 
changelog:
   - Remove unused variable
   - Also check next variable for NULL on cg_rmdir
   - virtualize the 'btime' field of /proc/stat
   - cleanup: return false instead of NULL as bool
   - Limit memswlimit by TotalSwap
   - pam_cgfs: remove dead assignment
   - pam_cgfs: return created directly
   - pam_cgfs: make sure that **p is not NULL
   - bindings: Want space for ints? Call sizeof(int)!
   - pam_cgfs: make trim() safer
   - pam_cgfs: error out on failure in cgv2_init()
   - pam_cgfs: remove dead assignment
   - bindings: implement guest nice
   - bindings: increase reserved buffer size a little

  Just like Ubuntu itself, upstream releases long term support releases,
  as is 2.0 and then periodic point releases including all the
  accumulated bugfixes.

  Only the latest upstream release gets full support from the upstream
  developers, everyone else is expected to first update to it before
  receiving any kind of support.

  This bugfix release has already been uploaded to Zesty and
  automatically backported in the upstream PPAs for all Ubuntu releases.
  So far without any reported regression.

  This should qualify under the minor upstream bugfix release allowance
  of the SRU policy, letting us SRU this without paperwork for every
  single change included in this upstream release.

  Once the SRU hits -updates, we will be backporting this to trusty-
  backports as well, making sure we have the same version everywhere.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu

[Group.of.nepali.translators] [Bug 1675163] Re: Don't attempt to create devices in LXC containers

[Stéphane Graber]

** No longer affects: makedev (Ubuntu Vivid)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1675163

Title:
  Don't attempt to create devices in LXC containers

Status in makedev package in Ubuntu:
  Triaged
Status in makedev source package in Precise:
  Triaged
Status in makedev source package in Trusty:
  Triaged
Status in makedev source package in Xenial:
  Triaged
Status in makedev source package in Yakkety:
  Triaged
Status in makedev source package in Zesty:
  Triaged

Bug description:
  Right now the "makedev" postinst script will attempt to create a
  number of devices in /dev, failing the package upgrade should any of
  those mknod calls fail.

  LXC containers, especially unprivileged ones do not allow the use of
  mknod, making it impossible to upgrade makedev in those containers and
  preventing Ubuntu release upgrades.

  The fix is quite simple, detect that we are running in an LXC
  container and skip the rest of the postinst script as is done in a
  number of other cases.

  = SRU
  == Rationale
  This issue prevents release to release upgrades in unprivileged LXC 
containers when makedev is part of the upgraded set. This is currently visible 
when upgrading from Ubuntu 12.04 to Ubuntu 14.04.

  == Testcase
  Install the new package in an unprivileged container. With LXD, simply use 
"lxc launch ubuntu: test" to create the container.

  Prior to this fix, the upgrade will fail on some mknod errors, after
  it, it'll go on after printing a message indicating that LXC was
  detected.

  == Regression potential
  The detection logic is based on PID 1's environment containing a 
container=lxc entry. If a non-LXC system somehow had that set, it'd lead to the 
makedev upgrade no longer creating extra devices. This is unlikely to really 
matter though since the system is clearly already functioning properly at that 
point.

  Similarly, some privileged LXC containers can be configured in a way
  where mknod is possible, this update will still disable the postinst
  for those cases as short of attempting every mknod ahead of time,
  there is no reliable way to detect any seccomp or apparmor policy in
  play.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/makedev/+bug/1675163/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1667406] Re: Wrongly capitalized field names in JSON output of "lxc list"

[Stéphane Graber]

** Changed in: lxd (Ubuntu Trusty)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1667406

Title:
  Wrongly capitalized field names in JSON output of "lxc list"

Status in lxd package in Ubuntu:
  Fix Released
Status in lxd source package in Trusty:
  Fix Released
Status in lxd source package in Xenial:
  Fix Released

Bug description:
  This only affects LXD 2.0.9 in Ubuntu right now.

  # Rationale
  LXD 2.0.9 regressed JSON output of "lxc list" when compared to LXD 2.0.8 by 
having a few fields be now capitalized.

  # Testcase
   - lxc launch ubuntu:16.04 xen
   - lxc list --format=json | grep Snapshots
   - Upgrade
   - lxc list --format=json | grep Snapshots

  ("Snapshots" is meant to be "snapshots")

  # Regression potential
  The commit only fixes the name of the two affected fields. It's unlikely that 
someone is already relying on the wrongly capitalized name and it's certainly 
worth fixing the regression for people scripting LXD.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1667406/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1667406] [NEW] Wrongly capitalized field names in JSON output of "lxc list"

[Stéphane Graber]

Public bug reported:

This only affects LXD 2.0.9 in Ubuntu right now.

# Rationale
LXD 2.0.9 regressed JSON output of "lxc list" when compared to LXD 2.0.8 by 
having a few fields be now capitalized.

# Testcase
 - lxc launch ubuntu:16.04 xen
 - lxc list --format=json | grep Snapshots
 - Upgrade
 - lxc list --format=json | grep Snapshots

("Snapshots" is meant to be "snapshots")

# Regression potential
The commit only fixes the name of the two affected fields. It's unlikely that 
someone is already relying on the wrongly capitalized name and it's certainly 
worth fixing the regression for people scripting LXD.

** Affects: lxd (Ubuntu)
 Importance: Undecided
 Status: Fix Released

** Affects: lxd (Ubuntu Trusty)
 Importance: High
 Status: Triaged

** Affects: lxd (Ubuntu Xenial)
 Importance: High
 Status: In Progress

** Also affects: lxd (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Also affects: lxd (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: lxd (Ubuntu)
   Status: New => Fix Released

** Changed in: lxd (Ubuntu Trusty)
   Status: New => Triaged

** Changed in: lxd (Ubuntu Xenial)
   Status: New => Triaged

** Changed in: lxd (Ubuntu Trusty)
   Importance: Undecided => High

** Changed in: lxd (Ubuntu Xenial)
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1667406

Title:
  Wrongly capitalized field names in JSON output of "lxc list"

Status in lxd package in Ubuntu:
  Fix Released
Status in lxd source package in Trusty:
  Triaged
Status in lxd source package in Xenial:
  In Progress

Bug description:
  This only affects LXD 2.0.9 in Ubuntu right now.

  # Rationale
  LXD 2.0.9 regressed JSON output of "lxc list" when compared to LXD 2.0.8 by 
having a few fields be now capitalized.

  # Testcase
   - lxc launch ubuntu:16.04 xen
   - lxc list --format=json | grep Snapshots
   - Upgrade
   - lxc list --format=json | grep Snapshots

  ("Snapshots" is meant to be "snapshots")

  # Regression potential
  The commit only fixes the name of the two affected fields. It's unlikely that 
someone is already relying on the wrongly capitalized name and it's certainly 
worth fixing the regression for people scripting LXD.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1667406/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1660844] Re: SRU of LXC 2.0.7 (upstream bugfix release)

[Stéphane Graber]

** Changed in: lxc (Ubuntu Trusty)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1660844

Title:
  SRU of LXC 2.0.7 (upstream bugfix release)

Status in lxc package in Ubuntu:
  Fix Released
Status in lxc source package in Trusty:
  Fix Released
Status in lxc source package in Xenial:
  Fix Released
Status in lxc source package in Yakkety:
  Fix Released

Bug description:
  LXC upstream released LXC 2.0.7 as a bugfix release with following changelog:
   - attach: Close lsm label file descriptor
   - attach: Non-functional changes
   - attach: Simplify lsm_openat()
   - caps: Add lxc_cap_is_set()
   - conf: attach: Save errno across call to close
   - conf: Clearly report to either use drop or keep
   - conf: criu: Add make_anonymous_mount_file()
   - conf: Fix suggest_default_idmap()
   - configure: Add --enable-gnutls option
   - configure: Check for memfd_create()
   - configure: Check whether gettid() is declared
   - configure: Do not allow variable length arrays
   - configure: Remove -Werror=vla
   - configure: Use AC_HEADER_MAJOR to detect major()/minor()/makedev()
   - conf: Non-functional changes
   - conf: Remove thread-unsafe strsignal + improve log
   - init: Add cgroupfs-mount to Should-Start/Stop sysvinit LSB headers
   - log: Add lxc_unix_epoch_to_utc()
   - log: Annotate lxc_unix_epoch_to_utc()
   - log: Drop all timezone conversion functions
   - log: Make sure that date is correctly formatted
   - log: Use lxc_unix_epoch_to_utc()
   - log: Use N/A if getpid() != gettid() when threaded
   - log: Use thread-safe localtime_r()
   - lvm: Suppress warnings about leaked files
   - lxccontainer: Log failure to send sig to init pid
   - monitor: Add more logging
   - monitor: Close mainloop on exit if we opened it
   - monitor: Improve log + set log level to DEBUG
   - monitor: Log which pipe fd is currently used
   - monitor: Make lxc-monitord async signal safe
   - monitor: Non-functional changes
   - python3-lxc: Fix api_test.py on s390x
   - start: Check for CAP_SETGID before setgroups()
   - start: Fix execute and improve setgroups() calls
   - state: Use async signal safe fun in lxc_wait()
   - templates: lxc-debian: Don't try to get stuff from /usr/lib/systemd on the 
host
   - templates: lxc-debian: Fix getty service startup
   - templates: lxc-debian: Fix typo in calling dpkg with 
--print-foreign-architectures option
   - templates: lxc-debian: Handle ppc hostarch -> powerpc
   - templates: lxc-opensuse: Change openSUSE default release to Leap 42.2
   - templates: lxc-opensuse: Remove libgcc_s1
   - templates: lxc-opensuse: Remove poweroff.target -> sigpwr.target copy
   - templates: lxc-opensuse: Set to be unconfined by AppArmor
   - templates: lxc-opensuse: Update for Leap 42.2
   - tests; Don't cause test failures on cleanup errors
   - tests: Skip unpriv tests on broken overlay module
   - tools: Improve logging
   - tools: lxc-start: Remove c->is_defined(c) check
   - tools: lxc-start: Set configfile after load_config
   - tools: Only check for O_RDONLY
   - tree-wide: Random macro cleanups
   - tree-wide: Remove any variable length arrays
   - tree-wide: Sic semper assertis!
   - utils: Add macro __LXC_NUMSTRLEN
   - utils: Add uid, gid, group convenience wrappers

  Just like Ubuntu itself, upstream releases long term support releases,
  as is 2.0 and then periodic point releases including all the
  accumulated bugfixes.

  Only the latest upstream release gets full support from the upstream
  developers, everyone else is expected to first update to it before
  receiving any kind of support.

  This bugfix release has already been uploaded to Zesty and
  automatically backported in the upstream PPAs for all Ubuntu releases.
  So far without any reported regression.

  This should qualify under the minor upstream bugfix release allowance
  of the SRU policy, letting us SRU this without paperwork for every
  single change included in this upstream release.

  Once the SRU hits -updates, we will be backporting this to trusty-
  backports as well, making sure we have the same version everywhere.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1660844/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1660850] Re: SRU of LXCFS 2.0.6 (upstream bugfix release)

[Stéphane Graber]

** Changed in: lxcfs (Ubuntu Trusty)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1660850

Title:
  SRU of LXCFS 2.0.6 (upstream bugfix release)

Status in lxcfs package in Ubuntu:
  Fix Released
Status in lxcfs source package in Trusty:
  Fix Released
Status in lxcfs source package in Xenial:
  Fix Released
Status in lxcfs source package in Yakkety:
  Fix Released

Bug description:
  LXCFS upstream released LXCFS 2.0.6 as a bugfix release with following 
changelog:
   - Fix swap values with nested cgroups
   - tests: Fix run on ppc64el
   - Fix wrong scanning of memory.stat

  Just like Ubuntu itself, upstream releases long term support releases,
  as is 2.0 and then periodic point releases including all the
  accumulated bugfixes.

  Only the latest upstream release gets full support from the upstream
  developers, everyone else is expected to first update to it before
  receiving any kind of support.

  This bugfix release has already been uploaded to Zesty and
  automatically backported in the upstream PPAs for all Ubuntu releases.
  So far without any reported regression.

  This should qualify under the minor upstream bugfix release allowance
  of the SRU policy, letting us SRU this without paperwork for every
  single change included in this upstream release.

  Once the SRU hits -updates, we will be backporting this to trusty-
  backports as well, making sure we have the same version everywhere.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/1660850/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1660850] [NEW] SRU of LXCFS 2.0.6 (upstream bugfix release)

[Stéphane Graber]

Public bug reported:

LXCFS upstream released LXCFS 2.0.6 as a bugfix release with following 
changelog:
 - Fix swap values with nested cgroups
 - tests: Fix run on ppc64el
 - Fix wrong scanning of memory.stat

Just like Ubuntu itself, upstream releases long term support releases,
as is 2.0 and then periodic point releases including all the accumulated
bugfixes.

Only the latest upstream release gets full support from the upstream
developers, everyone else is expected to first update to it before
receiving any kind of support.

This bugfix release has already been uploaded to Zesty and automatically
backported in the upstream PPAs for all Ubuntu releases. So far without
any reported regression.

This should qualify under the minor upstream bugfix release allowance of
the SRU policy, letting us SRU this without paperwork for every single
change included in this upstream release.

Once the SRU hits -updates, we will be backporting this to trusty-
backports as well, making sure we have the same version everywhere.

** Affects: lxcfs (Ubuntu)
 Importance: Undecided
 Status: Fix Released

** Affects: lxcfs (Ubuntu Trusty)
 Importance: Medium
 Assignee: Stéphane Graber (stgraber)
 Status: Triaged

** Affects: lxcfs (Ubuntu Xenial)
 Importance: Medium
 Assignee: Stéphane Graber (stgraber)
 Status: In Progress

** Affects: lxcfs (Ubuntu Yakkety)
 Importance: Medium
 Assignee: Stéphane Graber (stgraber)
 Status: In Progress

** Also affects: lxcfs (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Also affects: lxcfs (Ubuntu Yakkety)
   Importance: Undecided
   Status: New

** Also affects: lxcfs (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: lxcfs (Ubuntu)
   Status: New => Fix Released

** Changed in: lxcfs (Ubuntu Yakkety)
   Status: New => In Progress

** Changed in: lxcfs (Ubuntu Xenial)
   Status: New => In Progress

** Changed in: lxcfs (Ubuntu Trusty)
   Status: New => Triaged

** Changed in: lxcfs (Ubuntu Trusty)
   Importance: Undecided => Medium

** Changed in: lxcfs (Ubuntu Xenial)
   Importance: Undecided => Medium

** Changed in: lxcfs (Ubuntu Yakkety)
   Importance: Undecided => Medium

** Changed in: lxcfs (Ubuntu Trusty)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

** Changed in: lxcfs (Ubuntu Xenial)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

** Changed in: lxcfs (Ubuntu Yakkety)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1660850

Title:
  SRU of LXCFS 2.0.6 (upstream bugfix release)

Status in lxcfs package in Ubuntu:
  Fix Released
Status in lxcfs source package in Trusty:
  Triaged
Status in lxcfs source package in Xenial:
  In Progress
Status in lxcfs source package in Yakkety:
  In Progress

Bug description:
  LXCFS upstream released LXCFS 2.0.6 as a bugfix release with following 
changelog:
   - Fix swap values with nested cgroups
   - tests: Fix run on ppc64el
   - Fix wrong scanning of memory.stat

  Just like Ubuntu itself, upstream releases long term support releases,
  as is 2.0 and then periodic point releases including all the
  accumulated bugfixes.

  Only the latest upstream release gets full support from the upstream
  developers, everyone else is expected to first update to it before
  receiving any kind of support.

  This bugfix release has already been uploaded to Zesty and
  automatically backported in the upstream PPAs for all Ubuntu releases.
  So far without any reported regression.

  This should qualify under the minor upstream bugfix release allowance
  of the SRU policy, letting us SRU this without paperwork for every
  single change included in this upstream release.

  Once the SRU hits -updates, we will be backporting this to trusty-
  backports as well, making sure we have the same version everywhere.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/1660850/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1660844] [NEW] SRU of LXC 2.0.7 (upstream bugfix release)

[Stéphane Graber]

Public bug reported:

LXC upstream released LXC 2.0.7 as a bugfix release with following changelog:
 - attach: Close lsm label file descriptor
 - attach: Non-functional changes
 - attach: Simplify lsm_openat()
 - caps: Add lxc_cap_is_set()
 - conf: attach: Save errno across call to close
 - conf: Clearly report to either use drop or keep
 - conf: criu: Add make_anonymous_mount_file()
 - conf: Fix suggest_default_idmap()
 - configure: Add --enable-gnutls option
 - configure: Check for memfd_create()
 - configure: Check whether gettid() is declared
 - configure: Do not allow variable length arrays
 - configure: Remove -Werror=vla
 - configure: Use AC_HEADER_MAJOR to detect major()/minor()/makedev()
 - conf: Non-functional changes
 - conf: Remove thread-unsafe strsignal + improve log
 - init: Add cgroupfs-mount to Should-Start/Stop sysvinit LSB headers
 - log: Add lxc_unix_epoch_to_utc()
 - log: Annotate lxc_unix_epoch_to_utc()
 - log: Drop all timezone conversion functions
 - log: Make sure that date is correctly formatted
 - log: Use lxc_unix_epoch_to_utc()
 - log: Use N/A if getpid() != gettid() when threaded
 - log: Use thread-safe localtime_r()
 - lvm: Suppress warnings about leaked files
 - lxccontainer: Log failure to send sig to init pid
 - monitor: Add more logging
 - monitor: Close mainloop on exit if we opened it
 - monitor: Improve log + set log level to DEBUG
 - monitor: Log which pipe fd is currently used
 - monitor: Make lxc-monitord async signal safe
 - monitor: Non-functional changes
 - python3-lxc: Fix api_test.py on s390x
 - start: Check for CAP_SETGID before setgroups()
 - start: Fix execute and improve setgroups() calls
 - state: Use async signal safe fun in lxc_wait()
 - templates: lxc-debian: Don't try to get stuff from /usr/lib/systemd on the 
host
 - templates: lxc-debian: Fix getty service startup
 - templates: lxc-debian: Fix typo in calling dpkg with 
--print-foreign-architectures option
 - templates: lxc-debian: Handle ppc hostarch -> powerpc
 - templates: lxc-opensuse: Change openSUSE default release to Leap 42.2
 - templates: lxc-opensuse: Remove libgcc_s1
 - templates: lxc-opensuse: Remove poweroff.target -> sigpwr.target copy
 - templates: lxc-opensuse: Set to be unconfined by AppArmor
 - templates: lxc-opensuse: Update for Leap 42.2
 - tests; Don't cause test failures on cleanup errors
 - tests: Skip unpriv tests on broken overlay module
 - tools: Improve logging
 - tools: lxc-start: Remove c->is_defined(c) check
 - tools: lxc-start: Set configfile after load_config
 - tools: Only check for O_RDONLY
 - tree-wide: Random macro cleanups
 - tree-wide: Remove any variable length arrays
 - tree-wide: Sic semper assertis!
 - utils: Add macro __LXC_NUMSTRLEN
 - utils: Add uid, gid, group convenience wrappers

Just like Ubuntu itself, upstream releases long term support releases,
as is 2.0 and then periodic point releases including all the accumulated
bugfixes.

Only the latest upstream release gets full support from the upstream
developers, everyone else is expected to first update to it before
receiving any kind of support.

This bugfix release has already been uploaded to Zesty and automatically
backported in the upstream PPAs for all Ubuntu releases. So far without
any reported regression.

This should qualify under the minor upstream bugfix release allowance of
the SRU policy, letting us SRU this without paperwork for every single
change included in this upstream release.

Once the SRU hits -updates, we will be backporting this to trusty-
backports as well, making sure we have the same version everywhere.

** Affects: lxc (Ubuntu)
 Importance: Undecided
 Status: Fix Released

** Affects: lxc (Ubuntu Trusty)
 Importance: Medium
 Assignee: Stéphane Graber (stgraber)
 Status: Triaged

** Affects: lxc (Ubuntu Xenial)
 Importance: Medium
 Assignee: Stéphane Graber (stgraber)
 Status: In Progress

** Affects: lxc (Ubuntu Yakkety)
 Importance: Medium
 Assignee: Stéphane Graber (stgraber)
 Status: In Progress

** Also affects: lxc (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Also affects: lxc (Ubuntu Yakkety)
   Importance: Undecided
   Status: New

** Also affects: lxc (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: lxc (Ubuntu)
   Status: New => Fix Released

** Changed in: lxc (Ubuntu Trusty)
   Status: New => In Progress

** Changed in: lxc (Ubuntu Trusty)
   Status: In Progress => Triaged

** Changed in: lxc (Ubuntu Xenial)
   Status: New => In Progress

** Changed in: lxc (Ubuntu Yakkety)
   Status: New => In Progress

** Changed in: lxc (Ubuntu Xenial)
   Importance: Undecided => Medium

** Changed in: lxc (Ubuntu Yakkety)
   Importance: Undecided => Medium

** Changed in: lxc (Ubuntu Trusty)
   Importance: Undecided => Medium

** Changed in: lxc (Ubuntu Trusty)
     Assignee: (unassigned) => Stéphane

[Group.of.nepali.translators] [Bug 1660506] [NEW] SRU of LXD 2.0.9 (upstream bugfix release)

[Stéphane Graber]

 Move REST API to new package: godoc
 - shared: Move REST API to new package: image
 - shared: Move REST API to new package: network
 - shared: Move REST API to new package: operation
 - shared: Move REST API to new package: profile
 - shared: Move REST API to new package: response
 - shared: Move REST API to new package: server
 - shared: Move REST API to new package: status
 - shared: Move WebsocketUpgrader to network.go
 - shared: Remove GroupName function and add UserId one
 - shared: Rename idmapset_test_linux.go to idmapset_linux_test.go
 - shared: Support absolute file transfer tracking
 - shared/idmapset: Drop debugging code
 - shared/idmapset: Fix intersection test
 - shared/logging: Introduce our own formatter
 - shared/logging: Make PrintStack print at the Error level
 - shared/simplestreams: Don't depend on custom http handler
 - shared/simplestreams: Pass UserAgent as argument
 - shared/util: Add Int64InSlice()
 - shared/util: GetByteSizeString() take precision argument
 - shared/util: Improve byte parsing
 - shared/util: ParseByteSizeString() deal with bytes
 - tests: Don't ignore errors in db tests
 - tests: Fix bad variable name
 - tests: Fix deadcode to work with new upstream
 - tests: Fix shellcheck being confused by cd
 - tests: Fix standalone remote test
 - tests: Shorten test name to fit on Jenkins
 - tests: Simplify testsuite spawn code
 - tests: Test lxd shutdown
 - tests: Use lxc restart instead of reboot

Just like Ubuntu itself, upstream releases long term support releases,
as is 2.0 and then periodic point releases including all the accumulated
bugfixes.

Only the latest upstream release gets full support from the upstream
developers, everyone else is expected to first update to it before
receiving any kind of support.

This should qualify under the minor upstream bugfix release allowance of
the SRU policy, letting us SRU this without paperwork for every single
change included in this upstream release.

Once the SRU hits -updates, we will be backporting this to trusty-
backports as well, making sure we have the same version everywhere.

** Affects: lxd (Ubuntu)
 Importance: Undecided
 Status: Invalid

** Affects: lxd (Ubuntu Xenial)
 Importance: Undecided
 Assignee: Stéphane Graber (stgraber)
 Status: In Progress

** Also affects: lxd (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: lxd (Ubuntu)
   Status: New => Invalid

** Changed in: lxd (Ubuntu Xenial)
   Status: New => In Progress

** Changed in: lxd (Ubuntu Xenial)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1660506

Title:
  SRU of LXD 2.0.9 (upstream bugfix release)

Status in lxd package in Ubuntu:
  Invalid
Status in lxd source package in Xenial:
  In Progress

Bug description:
  LXD upstream released LXD 2.0.6 as a bugfix release with following changelog:
   - Exec sessions being killed by a signal will now report the signal number 
as part of their exit  code.
   - VLAN device types are now properly reported in the API and client.
   - The client will now show the date an image was last used at (in lxc image 
info).
   - The client will now let you delete multiple images at once.
   - LXD is now using Weblate for its translations.

   - client: Add a done signal to Monitor API
   - client: Better handle http errors
   - client: Commonize update methods
   - doc: Add Documentation on Network Configuration via cloud-init
   - doc: Added reference to godoc to README.md
   - doc: Update README.md for CI and Weblate status
   - extra/lxc-to-lxd: Add more unsupported config keys
   - extra/lxc-to-lxd: All properties must be strings
   - extra/lxc-to-lxd: Copy the rootfs by default, don't move it
   - extra/lxc-to-lxd: Show nicer error on missing python3-lxc
   - extra/lxc-to-lxd: Switch to using a config whitelist
   - global: Fix typos
   - global: "gofmt -s" run
   - lxc: Better handle timestamps
   - lxc: Make help messages more consistent
   - lxc: Properly check yaml errors
   - lxc/init: Fix example
   - lxc/init: Properly replace args list
   - lxc/launch: Just use init.go's flags()
   - lxc/list: Sort IPv4 and IPv6 addresses
   - lxc/remote: Update help
   - lxd-bridge: Add ip6tables filter rules
   - lxd-bridge: DHCP happens over UDP only
   - lxd-bridge: Make IPv4 firewalling optional (default is enabled)
   - lxd/containers: Add basic logging to container creation
   - lxd/containers: Allow passing in-memory buffers to a FileResponse
   - lxd/containers: Also call setgroups when attaching to the container
   - lxd/containers: Avoid race condition in network fill function
   - lxd/containers: Blacklist lxc.syslog and lxc.ephemeral in raw.lxc
   - lxd/containers: Detect background tasks to allow clean ex

[Group.of.nepali.translators] [Bug 1653725] Re: lxc-android-config not starting on ubuntu-touch/staging/* xenial-based images after lxc upgrade

[Stéphane Graber]

** Also affects: lxc (Ubuntu Zesty)
   Importance: High
 Assignee: Christian Brauner (cbrauner)
   Status: Fix Committed

** Also affects: lxc-android-config (Ubuntu Zesty)
   Importance: High
   Status: New

** Also affects: lxc (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: lxc-android-config (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: lxc (Ubuntu Yakkety)
   Importance: Undecided
   Status: New

** Also affects: lxc-android-config (Ubuntu Yakkety)
   Importance: Undecided
   Status: New

** No longer affects: lxc-android-config (Ubuntu)

** Changed in: lxc (Ubuntu Yakkety)
   Status: New => Triaged

** Changed in: lxc (Ubuntu Xenial)
   Status: New => Triaged

** Changed in: lxc (Ubuntu Yakkety)
   Importance: Undecided => High

** Changed in: lxc (Ubuntu Xenial)
   Importance: Undecided => High

** Also affects: lxc (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Changed in: lxc (Ubuntu Trusty)
   Status: New => Triaged

** Changed in: lxc (Ubuntu Trusty)
   Importance: Undecided => Medium

** Changed in: lxc (Ubuntu Xenial)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

** Changed in: lxc (Ubuntu Yakkety)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

** No longer affects: lxc-android-config (Ubuntu Xenial)

** No longer affects: lxc-android-config (Ubuntu Yakkety)

** No longer affects: lxc-android-config (Ubuntu Zesty)

** Changed in: lxc (Ubuntu Trusty)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1653725

Title:
  lxc-android-config not starting on ubuntu-touch/staging/* xenial-based
  images after lxc upgrade

Status in Canonical System Image:
  Confirmed
Status in lxc package in Ubuntu:
  Fix Committed
Status in lxc source package in Trusty:
  Triaged
Status in lxc source package in Xenial:
  Triaged
Status in lxc source package in Yakkety:
  Triaged
Status in lxc source package in Zesty:
  Fix Committed

Bug description:
  As in topic. Since the 20161217 rootfs, after upgrade of lxc from
  2.0.5-0ubuntu1~ubuntu16.04.3 to 2.0.6-0ubuntu1~ubuntu16.04.1 the lxc-
  android-config service does not start - making the devices unbootable.

  The syslog only states this:

  Jan  3 10:50:30 ubuntu-phablet systemd[1]: Starting LXC Android Config and 
Container Initialization...
  Jan  3 10:50:30 ubuntu-phablet kernel: [5.790810] (3)[1:systemd]SLEEP_EN 
= 0x1
  Jan  3 10:50:30 ubuntu-phablet systemd[1]: Starting Light Display Manager...
  Jan  3 10:50:30 ubuntu-phablet systemd-udevd[672]: Could not generate 
persistent MAC address for ifb0: No such file or directory
  Jan  3 10:50:30 ubuntu-phablet systemd-udevd[684]: Could not generate 
persistent MAC address for ifb1: No such file or directory
  Jan  3 10:50:30 ubuntu-phablet lxc-start[1220]: You lack access to 
/var/lib/lxc
  Jan  3 10:50:30 ubuntu-phablet systemd[1]: lxc-android-config.service: 
Control process exited, code=exited status=1
  Jan  3 10:50:30 ubuntu-phablet systemd[1]: Failed to start LXC Android Config 
and Container Initialization.
  Jan  3 10:50:30 ubuntu-phablet systemd[1]: Dependency failed for 
force-mtp.service.
  Jan  3 10:50:30 ubuntu-phablet systemd[1]: force-mtp.service: Job 
force-mtp.service/start failed with result 'dependency'.
  Jan  3 10:50:30 ubuntu-phablet systemd[1]: lxc-android-config.service: Unit 
entered failed state.
  Jan  3 10:50:30 ubuntu-phablet systemd[1]: lxc-android-config.service: Failed 
with result 'exit-code'.

  This makes all of our frieza and cooler devices useless for testing
  purposes.

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1653725/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1652117] Re: sbuild-launchpad-chroot doesn't detect current overlayfs

[Stéphane Graber]

** No longer affects: sbuild-launchpad-chroot (Ubuntu Xenial)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1652117

Title:
  sbuild-launchpad-chroot doesn't detect current overlayfs

Status in sbuild-launchpad-chroot package in Ubuntu:
  Triaged
Status in sbuild-launchpad-chroot source package in Yakkety:
  Triaged
Status in sbuild-launchpad-chroot source package in Zesty:
  Triaged

Bug description:
  With the switch from out of tree overlayfs to in-tree overlay, sbuild-
  launchpad-chroot must be updated to properly detect both of those,
  otherwise users end up with a "directory" type chroot that doesn't use
  unioning and so looses a few of the useful features provided by this
  tool.

  # Rationale
  New kernel doesn't have a "overlayfs" module, it's now called "overlay".
  Both names should be used in the detection code.

  # Test case
   - Before upgrade
 - sbuild-launchpad-chroot create -n test -s xenial -a amd64
 - Check that /etc/schroot/chroot.d/test doesn't contain "union-type"
 - sbuild-launchpad-chroot remove -n test
   - After upgrade
 - sbuild-launchpad-chroot create -n test -s xenial -a amd64
 - Check that /etc/schroot/chroot.d/test contains "union-type"
 - sbuild-launchpad-chroot remove -n test

  # Regression potential
  Not much, this won't affect anyone who has existing chroots, it only affects 
new chroots and re-introduces the behavior that people have been expecting up 
until the time where the overlayfs driver was removed from the kernel.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sbuild-launchpad-chroot/+bug/1652117/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1647012] Re: SRU of LXCFS 2.0.5 (upstream bugfix release)

[Stéphane Graber]

** Changed in: lxcfs (Ubuntu Trusty)
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1647012

Title:
  SRU of LXCFS 2.0.5 (upstream bugfix release)

Status in lxcfs package in Ubuntu:
  Fix Released
Status in lxcfs source package in Trusty:
  Fix Released
Status in lxcfs source package in Xenial:
  Fix Released
Status in lxcfs source package in Yakkety:
  Fix Released

Bug description:
  LXCFS upstream released LXCFS 2.0.5 as a bugfix release with following 
changelog:
- Add Documentation key to systemd unit
- bindings: allow getattr on O_WRONLY files
- bindings: remove noop check
- fix Active/Inactive /proc/meminfo
- macro: add header for shared macros
- pam_cgfs: reimplement and add cgroupfs v2 support
- pam_cgfs: re-use cgroups that already belong to us
- pam_cgfs: handle cgroupfs v1 cpuset controller
- pam_cgfs: improve logging
- cgroups: handle non-existent isolcpus file

  Just like Ubuntu itself, upstream releases long term support releases,
  as is 2.0 and then periodic point releases including all the
  accumulated bugfixes.

  Only the latest upstream release gets full support from the upstream
  developers, everyone else is expected to first update to it before
  receiving any kind of support.

  This bugfix release has already been uploaded to Zesty and
  automatically backported in the upstream PPAs for all Ubuntu releases.
  So far without any reported regression.

  This should qualify under the minor upstream bugfix release allowance
  of the SRU policy, letting us SRU this without paperwork for every
  single change included in this upstream release.

  Once the SRU hits -updates, we will be backporting this to trusty-
  backports as well, making sure we have the same version everywhere.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/1647012/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1647010] Re: SRU of LXC 2.0.6 (upstream bugfix release)

[Stéphane Graber]

** Changed in: lxc (Ubuntu Trusty)
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1647010

Title:
  SRU of LXC 2.0.6 (upstream bugfix release)

Status in lxc package in Ubuntu:
  Fix Released
Status in lxc source package in Trusty:
  Fix Released
Status in lxc source package in Xenial:
  Fix Released
Status in lxc source package in Yakkety:
  Fix Released

Bug description:
  LXC upstream released LXC 2.0.5 as a bugfix release with following changelog:
  - Security fix for CVE-2016-8649
  - utils: make detect_ramfs_rootfs() return bool
  - tests: add test for detect_ramfs_rootfs()
  - add Documentation entries to lxc and lxc@ units
  - mark the python examples as having utf-8 encoding
  - log: sanity check the returned value from snprintf()
  - lxc-alpine: mount /dev/shm as tmpfs
  - archlinux: Do DHCP on eth0
  - archlinux: Fix resolving
  - Drop leftover references to lxc_strerror()
  - tests: fix image download for s390x
  - tools: fix coding style in lxc_attach
  - tools: make overlay valid backend
  - tools: better error reporting for lxc-start
  - alpine: Fix installing extra packages
  - lxc-alpine: do not drop setfcap
  - s390x: Fix seccomp handling of personalities
  - tools: correct the argument typo in lxc_copy
  - Use libtool for liblxc.so
  - c/r: use --external instead of --veth-pair
  - c/r: remember to increment netnr
  - c/r: add checkpoint/restore support for macvlan interfaces
  - ubuntu: Fix package upgrades requiring proc
  - c/r: drop duplicate hunk from macvlan case
  - c/r: use snprintf to compute device name
  - Tweak libtool handling to work with Android
  - tests: add lxc_error() and lxc_debug()
  - container start: clone newcgroup immediately
  - use python3_sitearch for including the python code
  - fix rpm build, include all built files, but only once
  - cgfs: fix invalid free()
  - find OpenSUSE's build also as obs-build
  - improve help text for --fancy and --fancy-format
  - improve wording of the help page for lxc-ls
  - cgfs: add print_cgfs_init_debuginfo()
  - cgfs: skip empty entries under /proc/self/cgroup
  - cgfs: explicitly check for NULL
  - tools: use correct exit code for lxc-stop
  - c/r: explicitly emit bind mounts as criu arguments
  - log: bump LXC_LOG_BUFFER_SIZE to 4096
  - conf: merge network namespace move & rename on shutdown
  - c/r: save criu's stdout during dump too
  - c/r: remove extra \ns from logs
  - c/r: fix off-by-one error
  - c/r: check state before doing a checkpoint/restore
  - start: CLONE_NEWCGROUP after we have setup cgroups
  - create symlink for /var/run
  - utils: add lxc_append_string()
  - cgroups: remove isolated cpus from cpuset.cpus
  - Update Ubuntu release name: add zesty and remove wily
  - templates: add squashfs support to lxc-ubuntu-cloud.in
  - cgroups: skip v2 hierarchy entry
  - also stop lxc-net in runlevels 0 and 6
  - add lxc.egg-info to gitignore
  - install bash completion where pkg-config tells us to
  - conf: do not use %m format specifier
  - debian: Don't depend on libui-dialog-perl
  - cgroups: use %zu format specifier to print size_t
  - lxc-checkpoint: automatically detect if --external or --veth-pair
  - cgroups: prevent segfault in cgfsng
  - utils: add lxc_preserve_ns()
  - start: add netnsfd to lxc_handler
  - conf: use lxc_preserve_ns()
  - attach: use lxc_preserve_ns()
  - lxc_user_nic: use lxc_preserve_ns()
  - conf, start: improve log output
  - conf: explicitly remove veth device from host
  - conf, start: be smarter when deleting networks
  - start, utils: improve preserve_ns()
  - start, error: improve log + non-functional changes
  - start, namespace: move ns_info to namespace.{c,h}
  - attach, utils: bugfixes
  - attach: use ns_info[LXC_NS_MAX] struct
  - namespace: always attach to user namespace first
  - cgroup: improve isolcpus handling
  - cgroups: handle non-existent isolcpus file
  - utils: add lxc_safe_uint()
  - tests: add unit tests for lxc_safe_uint()
  - utils: add lxc_safe_int()
  - tests: add unit tests for lxc_safe_int()
  - conf/ile: get ip prefix via lxc_safe_uint()
  - confile: use lxc_safe_u/int in config_init_{u,g}id
  - conf/ile: use lxc_safe_uint() in config_pts()
  - conf/ile: use lxc_safe_u/int() in config_start()
  - conf/ile: use lxc_safe_uint() in config_monitor()
  - conf/ile: use lxc_safe_uint() in config_tty()
  - conf/ile: use lxc_safe_uint() in config_kmsg()
  - conf/ile: avoid atoi in config_lsm_aa_incomplete()
  - con

[Group.of.nepali.translators] [Bug 1644377] Re: SRU of LXD 2.0.8 (upstream bugfix release)

[Stéphane Graber]

** Changed in: lxd (Ubuntu Trusty)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1644377

Title:
  SRU of LXD 2.0.8 (upstream bugfix release)

Status in lxd package in Ubuntu:
  Invalid
Status in lxd source package in Trusty:
  Fix Released
Status in lxd source package in Xenial:
  Fix Released

Bug description:
  LXD upstream released LXD 2.0.6 as a bugfix release with following changelog:
   - Support for container specific uid/gid maps (see userns-idmap.md)
   - appveyor: Add config to git (Issue #2537)
   - appveyor: Cleanup appveyor.yml before modifications
   - appveyor: Create archive with platform specifier in its name
   - appveyor: Do verbose testing for test names and timings
   - appveyor: Publish compiled binaries for download
   - client: Rework progress handling
   - doc: Add hacking guide (debugging.md)
   - doc: Add official Windows support in README
   - doc: Bump liblxc version required in README
   - doc: Sort API endpoints in rest-api.md
   - doc: Update README to specify docker installation details
   - doc: Update requirements, we actually require 2.0.0 or higher
   - doc: Use consistent method ordering in rest-api.md
   - extra/bash: Allow dash in parameters to lxc-client bash-completion
   - extra/bash: Fix _lxd_profiles in lxc-client bash-completion
   - extra/lxc-to-lxd: Better output with no container
   - extra/lxc-to-lxd: Check that source path exists (disk) (Issue #2572)
   - extra/lxc-to-lxd: Consistent logging
   - extra/lxc-to-lxd: Don't fail dry-run with runnning containers
   - extra/lxc-to-lxd: Drop dependency on pylxd
   - extra/lxc-to-lxd: Fix lxdpath handling
   - extra/lxc-to-lxd: Formatting
   - extra/lxc-to-lxd: Migrate lxc.aa_profile if set
   - extra/lxc-to-lxd: Print summary and proper exit code
   - lxc/copy: Don't use the operation as a marker of success
   - lxc/copy: Wait on the source operation too
   - lxc/delete: update help text
   - lxc/exec: Set term to "dumb" on windows (Issue #2288)
   - lxc/finger: update help text
   - lxc: Fix tests on Windows/Mac
   - lxc/list: Fix typo in help message
   - lxc/remote: Fix remote add with Go tip
   - lxc/restore: update help text
   - lxc: Use .yaml as the yaml extension in examples
   - lxd/certificates: Export all documented certificate fields
   - lxd/containers: Add /snap/bin to PATH even if only /snap exists
   - lxd/containers: Also clean up apparmor stuff in OnStart when something 
fails
   - lxd/containers: Attach to userns on file operations
   - lxd/containers: Be more verbose on mkdir failure
   - lxd/containers: Better handle concurent stop/shutdown
   - lxd/containers: Catch and return more errors in OnStop
   - lxd/containers: Clarify container delete failure error
   - lxd/containers: Don't destroy ephemeral container on restart (Issue #2555)
   - lxd/containers: Don't double delete ephemeral containers
   - lxd/containers: Don't show invalid logs
   - lxd/containers: Fix forkmount to work with 4.8 and higher
   - lxd/containers: Fix invalid filename of metadata on export (Issue #2467)
   - lxd/containers: Improve config validation on update
   - lxd/containers: Improve container error handling
   - lxd/containers: Improve container locking mechanism (Issue #2612)
   - lxd/containers: log OnStart/OnStop hook errors
   - lxd/containers: More reliable container autostart (Issue #2469)
   - lxd/containers: Only load kernel modules if not loaded
   - lxd/containers: Properly validate CPU allowance
   - lxd/containers: Properly validate memory limits (Issue #2483)
   - lxd/containers: Record the err from go-lxc
   - lxd/containers: Remove legacy code from OnStop
   - lxd/containers: Remove unused code
   - lxd/containers: Save properties on publish
   - lxd/containers: Set LXC loglevel to match daemon (Issue #2528)
   - lxd/containers: Skip leading whitespace in raw.lxc
   - lxd/containers: Start storage when necessary in stateful start
   - lxd/containers: Timeout container freeze on stop
   - lxd/images: Detect out of disk space unpack errors (Issue #2201)
   - lxd/images: Don't make unnecessary image copies (Issue #2508)
   - lxd/images: Don't update images at all if interval is 0
   - lxd/images: Store the simplestreams cache to disk (Issue #2487)
   - lxd/init: Detect zfs kernel support
   - lxd/init: Ignore ZFS if in a container
   - lxd/main: Immediately exit when no DB in activateifneeded
   - lxd/migration: Fix a race for collecting logs
   - lxd/migration: Remove debugging by file creation
   - lxd/migration: Start migration storage at the right time (Issue #2505)
   - lxd/storage: Fix 10s delay on removing used ZFS images (Issue #2617)
   - lxd/storage: Freeze before copying in dir backend
   - lxd/storage: Simplify rsync code
   - shared/certificates: Be more thorough when parsing ip addr
   - sha

[Group.of.nepali.translators] [Bug 1647017] Re: [SRU] Update xenial and yakkety to match zesty version

[Stéphane Graber]

Local test rebuild worked fine, autopkgtest looks happy, releasing.

** Changed in: lxd (Ubuntu Yakkety)
   Status: Triaged => Fix Released

** Tags removed: verification-needed
** Tags added: verification-done

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1647017

Title:
  [SRU] Update xenial and yakkety to match zesty version

Status in golang-gopkg-lxc-go-lxc.v2 package in Ubuntu:
  Fix Released
Status in lxd package in Ubuntu:
  Fix Released
Status in golang-gopkg-lxc-go-lxc.v2 source package in Xenial:
  Fix Released
Status in golang-gopkg-lxc-go-lxc.v2 source package in Yakkety:
  Fix Released
Status in lxd source package in Yakkety:
  Fix Released

Bug description:
  == Rationale ==
  Update go-lxc to match in all supported Ubuntu releases. This includes adding 
a couple more bindings related to attach which will be used as the basis for an 
attach bugfix in the upcoming LXD bugfix release.

  == Test case ==
  Current LXD from the target series and the current upstream LXD should be 
rebuilt against this and the testsuite run. This on top of the autopkgtests 
included in the go-lxc package will validate that this didn't cause regressions 
and that the new bindings work properly (as used in current upstream LXD).

  == Regression potential ==
  go-lxc is only used by LXD at this point and LXD CI runs against the latest 
go-lxc upstream. This is also the version of go-lxc which is in the current 
development release and so has effectively received the most stress testing by 
LXD upstream.

  The risk of regression is therefore very low and the content of this
  new snapshot is basically limited to clean additions or
  straightforward bugfixes.


  go-lxc is used by LXD as the way to interact with liblxc.
  As a result, upstream changes for it are usually restricted to bugfixes or 
minor improvements (for things like CRIU support). To make our lives easier, we 
like to keep go-lxc in sync in all supported Ubuntu releases to match the LXC 
version that we also keep in sync there.

  To do so, we need to SRU a new version of go-lxc to xenial and yakkety, with 
the following upstream changelog:
   - bindings C: check for LXC_DEVEL in version.h file
   - bindings go: check for LXC_DEVEL in version.h
   - lxc-binding: add binding for c->attach()
   - container: add RunCommandNoWait()
   - lxc_test: add test for RunCommandNoWait()
   - Move LXC_DEVEL define to after version.h include
   - c/r: make sure container is running before doing a dump
   - container, error: return correct error
   - Fix TestRunCommandNoWait failure
   - tests: Skip architecture test on !x86
   - tests: Make skip messages consistent
   - Run "go fmt"

  The xenial SRU will not require any extra work. The next LXD upload
  will simply pick up the new go-lxc at build time.

  For the yakkety SRU, we will need to upload a no change rebuild of LXD
  to build against the new go-lxc and we'll need them both to be
  released at the same time. That's because of the addition of the
  "attach()" function which changes the Go shared library hash.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/golang-gopkg-lxc-go-lxc.v2/+bug/1647017/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1647017] Re: [SRU] Update xenial and yakkety to match zesty version

[Stéphane Graber]

** Changed in: golang-gopkg-lxc-go-lxc.v2 (Ubuntu Yakkety)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1647017

Title:
  [SRU] Update xenial and yakkety to match zesty version

Status in golang-gopkg-lxc-go-lxc.v2 package in Ubuntu:
  Fix Released
Status in lxd package in Ubuntu:
  Fix Released
Status in golang-gopkg-lxc-go-lxc.v2 source package in Xenial:
  Fix Released
Status in golang-gopkg-lxc-go-lxc.v2 source package in Yakkety:
  Fix Released
Status in lxd source package in Yakkety:
  Fix Released

Bug description:
  == Rationale ==
  Update go-lxc to match in all supported Ubuntu releases. This includes adding 
a couple more bindings related to attach which will be used as the basis for an 
attach bugfix in the upcoming LXD bugfix release.

  == Test case ==
  Current LXD from the target series and the current upstream LXD should be 
rebuilt against this and the testsuite run. This on top of the autopkgtests 
included in the go-lxc package will validate that this didn't cause regressions 
and that the new bindings work properly (as used in current upstream LXD).

  == Regression potential ==
  go-lxc is only used by LXD at this point and LXD CI runs against the latest 
go-lxc upstream. This is also the version of go-lxc which is in the current 
development release and so has effectively received the most stress testing by 
LXD upstream.

  The risk of regression is therefore very low and the content of this
  new snapshot is basically limited to clean additions or
  straightforward bugfixes.


  go-lxc is used by LXD as the way to interact with liblxc.
  As a result, upstream changes for it are usually restricted to bugfixes or 
minor improvements (for things like CRIU support). To make our lives easier, we 
like to keep go-lxc in sync in all supported Ubuntu releases to match the LXC 
version that we also keep in sync there.

  To do so, we need to SRU a new version of go-lxc to xenial and yakkety, with 
the following upstream changelog:
   - bindings C: check for LXC_DEVEL in version.h file
   - bindings go: check for LXC_DEVEL in version.h
   - lxc-binding: add binding for c->attach()
   - container: add RunCommandNoWait()
   - lxc_test: add test for RunCommandNoWait()
   - Move LXC_DEVEL define to after version.h include
   - c/r: make sure container is running before doing a dump
   - container, error: return correct error
   - Fix TestRunCommandNoWait failure
   - tests: Skip architecture test on !x86
   - tests: Make skip messages consistent
   - Run "go fmt"

  The xenial SRU will not require any extra work. The next LXD upload
  will simply pick up the new go-lxc at build time.

  For the yakkety SRU, we will need to upload a no change rebuild of LXD
  to build against the new go-lxc and we'll need them both to be
  released at the same time. That's because of the addition of the
  "attach()" function which changes the Go shared library hash.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/golang-gopkg-lxc-go-lxc.v2/+bug/1647017/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1647312] Re: Containers don't restart after clean host shutdown

[Stéphane Graber]

** Changed in: lxd (Ubuntu Trusty)
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1647312

Title:
  Containers don't restart after clean host shutdown

Status in lxd package in Ubuntu:
  In Progress
Status in lxd source package in Trusty:
  Fix Released
Status in lxd source package in Xenial:
  Fix Released

Bug description:
  LXD is supposed to record the containers state on host shutdown and
  restore them to their previous state on restart.

  A change in LXD 2.6.2 and LXD 2.0.8 regressed this, so now containers
  need to be manually started after reboot.

  Upstream bug report: https://github.com/lxc/lxd/issues/2686
  Upstream fix: https://github.com/lxc/lxd/pull/2687

  This will need to be SRUed very quickly.

  # SRU paperwork
  ## Rationale
  Regresses "lxd shutdown".

  ## Test case
   - lxc launch ubuntu:16.04 abc
   - lxd shutdown
   - ps aux | grep -q abc && echo "FAIL, container still running"
   - lxc finger
   - lxc list | grep abc | grep RUNNING

  ## Regression potential
  Fix is pretty straightforward and specific to this issue. A test was also 
added as part of this, so it's very unlikely that anything else would be 
affected by this fix.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1647312/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1647312] [NEW] Containers don't restart after clean host shutdown

[Stéphane Graber]

Public bug reported:

LXD is supposed to record the containers state on host shutdown and
restore them to their previous state on restart.

A change in LXD 2.6.2 and LXD 2.0.8 regressed this, so now containers
need to be manually started after reboot.

Upstream bug report: https://github.com/lxc/lxd/issues/2686
Upstream fix: https://github.com/lxc/lxd/pull/2687

This will need to be SRUed very quickly.

# SRU paperwork
## Rationale
Regresses "lxd shutdown".

## Test case
 - lxc launch ubuntu:16.04 abc
 - lxd shutdown
 - ps aux | grep -q abc && echo "FAIL, container still running"
 - lxc finger
 - lxc list | grep abc | grep RUNNING

## Regression potential
Fix is pretty straightforward and specific to this issue. A test was also added 
as part of this, so it's very unlikely that anything else would be affected by 
this fix.

** Affects: lxd (Ubuntu)
 Importance: High
 Status: In Progress

** Affects: lxd (Ubuntu Trusty)
 Importance: High
 Status: In Progress

** Affects: lxd (Ubuntu Xenial)
 Importance: High
 Status: In Progress

** Also affects: lxd (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: lxd (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Changed in: lxd (Ubuntu Trusty)
   Status: New => In Progress

** Changed in: lxd (Ubuntu Xenial)
   Status: New => In Progress

** Changed in: lxd (Ubuntu Xenial)
   Importance: Undecided => High

** Changed in: lxd (Ubuntu Trusty)
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1647312

Title:
  Containers don't restart after clean host shutdown

Status in lxd package in Ubuntu:
  In Progress
Status in lxd source package in Trusty:
  In Progress
Status in lxd source package in Xenial:
  In Progress

Bug description:
  LXD is supposed to record the containers state on host shutdown and
  restore them to their previous state on restart.

  A change in LXD 2.6.2 and LXD 2.0.8 regressed this, so now containers
  need to be manually started after reboot.

  Upstream bug report: https://github.com/lxc/lxd/issues/2686
  Upstream fix: https://github.com/lxc/lxd/pull/2687

  This will need to be SRUed very quickly.

  # SRU paperwork
  ## Rationale
  Regresses "lxd shutdown".

  ## Test case
   - lxc launch ubuntu:16.04 abc
   - lxd shutdown
   - ps aux | grep -q abc && echo "FAIL, container still running"
   - lxc finger
   - lxc list | grep abc | grep RUNNING

  ## Regression potential
  Fix is pretty straightforward and specific to this issue. A test was also 
added as part of this, so it's very unlikely that anything else would be 
affected by this fix.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1647312/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1647017] [NEW] [SRU] Update xenial and yakkety to match zesty version

[Stéphane Graber]

Public bug reported:

go-lxc is used by LXD as the way to interact with liblxc.
As a result, upstream changes for it are usually restricted to bugfixes or 
minor improvements (for things like CRIU support). To make our lives easier, we 
like to keep go-lxc in sync in all supported Ubuntu releases to match the LXC 
version that we also keep in sync there.

To do so, we need to SRU a new version of go-lxc to xenial and yakkety, with 
the following upstream changelog:
 - bindings C: check for LXC_DEVEL in version.h file
 - bindings go: check for LXC_DEVEL in version.h
 - lxc-binding: add binding for c->attach()
 - container: add RunCommandNoWait()
 - lxc_test: add test for RunCommandNoWait()
 - Move LXC_DEVEL define to after version.h include
 - c/r: make sure container is running before doing a dump
 - container, error: return correct error
 - Fix TestRunCommandNoWait failure
 - tests: Skip architecture test on !x86
 - tests: Make skip messages consistent
 - Run "go fmt"

The xenial SRU will not require any extra work. The next LXD upload will
simply pick up the new go-lxc at build time.

For the yakkety SRU, we will need to upload a no change rebuild of LXD
to build against the new go-lxc and we'll need them both to be released
at the same time. That's because of the addition of the "attach()"
function which changes the Go shared library hash.

** Affects: golang-gopkg-lxc-go-lxc.v2 (Ubuntu)
 Importance: Undecided
 Status: Fix Released

** Affects: lxd (Ubuntu)
 Importance: Undecided
 Status: Fix Released

** Affects: golang-gopkg-lxc-go-lxc.v2 (Ubuntu Xenial)
 Importance: Undecided
 Assignee: Stéphane Graber (stgraber)
 Status: In Progress

** Affects: golang-gopkg-lxc-go-lxc.v2 (Ubuntu Yakkety)
 Importance: Undecided
 Assignee: Stéphane Graber (stgraber)
 Status: In Progress

** Affects: lxd (Ubuntu Yakkety)
 Importance: Undecided
 Assignee: Stéphane Graber (stgraber)
 Status: Triaged

** Changed in: golang-gopkg-lxc-go-lxc.v2 (Ubuntu)
   Status: New => Fix Released

** Also affects: golang-gopkg-lxc-go-lxc.v2 (Ubuntu Yakkety)
   Importance: Undecided
   Status: New

** Also affects: golang-gopkg-lxc-go-lxc.v2 (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: lxd (Ubuntu)
   Importance: Undecided
   Status: New

** No longer affects: lxd (Ubuntu Xenial)

** Changed in: lxd (Ubuntu)
   Status: New => Invalid

** Changed in: lxd (Ubuntu)
   Status: Invalid => Fix Released

** Changed in: lxd (Ubuntu Yakkety)
   Status: New => In Progress

** Changed in: golang-gopkg-lxc-go-lxc.v2 (Ubuntu Yakkety)
   Status: New => In Progress

** Changed in: golang-gopkg-lxc-go-lxc.v2 (Ubuntu Xenial)
   Status: New => In Progress

** Changed in: lxd (Ubuntu Yakkety)
   Status: In Progress => Triaged

** Changed in: golang-gopkg-lxc-go-lxc.v2 (Ubuntu Xenial)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

** Changed in: golang-gopkg-lxc-go-lxc.v2 (Ubuntu Yakkety)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

** Changed in: lxd (Ubuntu Yakkety)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1647017

Title:
  [SRU] Update xenial and yakkety to match zesty version

Status in golang-gopkg-lxc-go-lxc.v2 package in Ubuntu:
  Fix Released
Status in lxd package in Ubuntu:
  Fix Released
Status in golang-gopkg-lxc-go-lxc.v2 source package in Xenial:
  In Progress
Status in golang-gopkg-lxc-go-lxc.v2 source package in Yakkety:
  In Progress
Status in lxd source package in Yakkety:
  Triaged

Bug description:
  go-lxc is used by LXD as the way to interact with liblxc.
  As a result, upstream changes for it are usually restricted to bugfixes or 
minor improvements (for things like CRIU support). To make our lives easier, we 
like to keep go-lxc in sync in all supported Ubuntu releases to match the LXC 
version that we also keep in sync there.

  To do so, we need to SRU a new version of go-lxc to xenial and yakkety, with 
the following upstream changelog:
   - bindings C: check for LXC_DEVEL in version.h file
   - bindings go: check for LXC_DEVEL in version.h
   - lxc-binding: add binding for c->attach()
   - container: add RunCommandNoWait()
   - lxc_test: add test for RunCommandNoWait()
   - Move LXC_DEVEL define to after version.h include
   - c/r: make sure container is running before doing a dump
   - container, error: return correct error
   - Fix TestRunCommandNoWait failure
   - tests: Skip architecture test on !x86
   - tests: Make skip messages consistent
   - Run "go fmt"

  The xenial SRU will not require any extra work. The next LXD upload
  will simply pick up the new go-l

[Group.of.nepali.translators] [Bug 1647012] [NEW] SRU of LXCFS 2.0.5 (upstream bugfix release)

[Stéphane Graber]

Public bug reported:

LXCFS upstream released LXCFS 2.0.5 as a bugfix release with following 
changelog:
  - Add Documentation key to systemd unit
  - bindings: allow getattr on O_WRONLY files
  - bindings: remove noop check
  - fix Active/Inactive /proc/meminfo
  - macro: add header for shared macros
  - pam_cgfs: reimplement and add cgroupfs v2 support
  - pam_cgfs: re-use cgroups that already belong to us
  - pam_cgfs: handle cgroupfs v1 cpuset controller
  - pam_cgfs: improve logging
  - cgroups: handle non-existent isolcpus file

Just like Ubuntu itself, upstream releases long term support releases,
as is 2.0 and then periodic point releases including all the accumulated
bugfixes.

Only the latest upstream release gets full support from the upstream
developers, everyone else is expected to first update to it before
receiving any kind of support.

This bugfix release has already been uploaded to Zesty and automatically
backported in the upstream PPAs for all Ubuntu releases. So far without
any reported regression.

This should qualify under the minor upstream bugfix release allowance of
the SRU policy, letting us SRU this without paperwork for every single
change included in this upstream release.

Once the SRU hits -updates, we will be backporting this to trusty-
backports as well, making sure we have the same version everywhere.

** Affects: lxcfs (Ubuntu)
 Importance: Undecided
 Status: Fix Released

** Affects: lxcfs (Ubuntu Trusty)
 Importance: Undecided
 Assignee: Stéphane Graber (stgraber)
 Status: In Progress

** Affects: lxcfs (Ubuntu Xenial)
 Importance: Undecided
 Assignee: Stéphane Graber (stgraber)
 Status: In Progress

** Affects: lxcfs (Ubuntu Yakkety)
 Importance: Undecided
 Assignee: Stéphane Graber (stgraber)
 Status: In Progress

** Also affects: lxcfs (Ubuntu Yakkety)
   Importance: Undecided
   Status: New

** Also affects: lxcfs (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: lxcfs (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Changed in: lxcfs (Ubuntu Trusty)
   Status: New => In Progress

** Changed in: lxcfs (Ubuntu Xenial)
   Status: New => In Progress

** Changed in: lxcfs (Ubuntu Yakkety)
   Status: New => In Progress

** Changed in: lxcfs (Ubuntu Trusty)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

** Changed in: lxcfs (Ubuntu Xenial)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

** Changed in: lxcfs (Ubuntu Yakkety)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1647012

Title:
  SRU of LXCFS 2.0.5 (upstream bugfix release)

Status in lxcfs package in Ubuntu:
  Fix Released
Status in lxcfs source package in Trusty:
  In Progress
Status in lxcfs source package in Xenial:
  In Progress
Status in lxcfs source package in Yakkety:
  In Progress

Bug description:
  LXCFS upstream released LXCFS 2.0.5 as a bugfix release with following 
changelog:
- Add Documentation key to systemd unit
- bindings: allow getattr on O_WRONLY files
- bindings: remove noop check
- fix Active/Inactive /proc/meminfo
- macro: add header for shared macros
- pam_cgfs: reimplement and add cgroupfs v2 support
- pam_cgfs: re-use cgroups that already belong to us
- pam_cgfs: handle cgroupfs v1 cpuset controller
- pam_cgfs: improve logging
- cgroups: handle non-existent isolcpus file

  Just like Ubuntu itself, upstream releases long term support releases,
  as is 2.0 and then periodic point releases including all the
  accumulated bugfixes.

  Only the latest upstream release gets full support from the upstream
  developers, everyone else is expected to first update to it before
  receiving any kind of support.

  This bugfix release has already been uploaded to Zesty and
  automatically backported in the upstream PPAs for all Ubuntu releases.
  So far without any reported regression.

  This should qualify under the minor upstream bugfix release allowance
  of the SRU policy, letting us SRU this without paperwork for every
  single change included in this upstream release.

  Once the SRU hits -updates, we will be backporting this to trusty-
  backports as well, making sure we have the same version everywhere.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/1647012/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1647010] [NEW] SRU of LXC 2.0.6 (upstream bugfix release)

[Stéphane Graber]

ure a static MAC address on the LXC bridge
- tests: remove overflow tests
- attach: do not send procfd to attached process

Just like Ubuntu itself, upstream releases long term support releases,
as is 2.0 and then periodic point releases including all the accumulated
bugfixes.

Only the latest upstream release gets full support from the upstream
developers, everyone else is expected to first update to it before
receiving any kind of support.

This bugfix release has already been uploaded to Zesty and automatically
backported in the upstream PPAs for all Ubuntu releases. So far without
any reported regression.

This should qualify under the minor upstream bugfix release allowance of
the SRU policy, letting us SRU this without paperwork for every single
change included in this upstream release.

Once the SRU hits -updates, we will be backporting this to trusty-
backports as well, making sure we have the same version everywhere.

** Affects: lxc (Ubuntu)
 Importance: Undecided
 Status: Fix Released

** Affects: lxc (Ubuntu Trusty)
 Importance: Undecided
     Assignee: Stéphane Graber (stgraber)
 Status: In Progress

** Affects: lxc (Ubuntu Xenial)
 Importance: Undecided
     Assignee: Stéphane Graber (stgraber)
 Status: In Progress

** Affects: lxc (Ubuntu Yakkety)
 Importance: Undecided
     Assignee: Stéphane Graber (stgraber)
 Status: In Progress

** Also affects: lxc (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: lxc (Ubuntu Yakkety)
   Importance: Undecided
   Status: New

** Also affects: lxc (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Changed in: lxc (Ubuntu Trusty)
   Status: New => In Progress

** Changed in: lxc (Ubuntu Xenial)
   Status: New => In Progress

** Changed in: lxc (Ubuntu Yakkety)
   Status: New => In Progress

** Changed in: lxc (Ubuntu Trusty)
     Assignee: (unassigned) => Stéphane Graber (stgraber)

** Changed in: lxc (Ubuntu Xenial)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

** Changed in: lxc (Ubuntu Yakkety)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1647010

Title:
  SRU of LXC 2.0.6 (upstream bugfix release)

Status in lxc package in Ubuntu:
  Fix Released
Status in lxc source package in Trusty:
  In Progress
Status in lxc source package in Xenial:
  In Progress
Status in lxc source package in Yakkety:
  In Progress

Bug description:
  LXC upstream released LXC 2.0.5 as a bugfix release with following changelog:
  - Security fix for CVE-2016-8649
  - utils: make detect_ramfs_rootfs() return bool
  - tests: add test for detect_ramfs_rootfs()
  - add Documentation entries to lxc and lxc@ units
  - mark the python examples as having utf-8 encoding
  - log: sanity check the returned value from snprintf()
  - lxc-alpine: mount /dev/shm as tmpfs
  - archlinux: Do DHCP on eth0
  - archlinux: Fix resolving
  - Drop leftover references to lxc_strerror()
  - tests: fix image download for s390x
  - tools: fix coding style in lxc_attach
  - tools: make overlay valid backend
  - tools: better error reporting for lxc-start
  - alpine: Fix installing extra packages
  - lxc-alpine: do not drop setfcap
  - s390x: Fix seccomp handling of personalities
  - tools: correct the argument typo in lxc_copy
  - Use libtool for liblxc.so
  - c/r: use --external instead of --veth-pair
  - c/r: remember to increment netnr
  - c/r: add checkpoint/restore support for macvlan interfaces
  - ubuntu: Fix package upgrades requiring proc
  - c/r: drop duplicate hunk from macvlan case
  - c/r: use snprintf to compute device name
  - Tweak libtool handling to work with Android
  - tests: add lxc_error() and lxc_debug()
  - container start: clone newcgroup immediately
  - use python3_sitearch for including the python code
  - fix rpm build, include all built files, but only once
  - cgfs: fix invalid free()
  - find OpenSUSE's build also as obs-build
  - improve help text for --fancy and --fancy-format
  - improve wording of the help page for lxc-ls
  - cgfs: add print_cgfs_init_debuginfo()
  - cgfs: skip empty entries under /proc/self/cgroup
  - cgfs: explicitly check for NULL
  - tools: use correct exit code for lxc-stop
  - c/r: explicitly emit bind mounts as criu arguments
  - log: bump LXC_LOG_BUFFER_SIZE to 4096
  - conf: merge network namespace move & rename on shutdown
  - c/r: save criu's stdout during dump too
  - c/r: remove extra \ns from logs
  - c/r: fix off-by-one error
  - c/r: check state before doing a checkpoint/restore
  - start:

[Group.of.nepali.translators] [Bug 1632144] Re: SRU of LXC 2.0.5 (upstream bugfix release)

[Stéphane Graber]

** Changed in: lxc (Ubuntu Trusty)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1632144

Title:
  SRU of LXC 2.0.5 (upstream bugfix release)

Status in lxc package in Ubuntu:
  Fix Released
Status in lxc source package in Trusty:
  Fix Released
Status in lxc source package in Xenial:
  Fix Released

Bug description:
  LXC upstream released LXC 2.0.5 as a bugfix release with following changelog:
- Fix .gitignore after /tools/ split
- Add lxc-test-utils to .gitignore
- bdev: use correct overlay module name
- cleanup: tools: remove --name from lxc-top usage message
- cleanup: whitespaces in option alignment for lxc-execute
- Use full GPG fingerprint instead of long IDs.
- tools: move --rcfile to the common options list
- tools: set configfile after load_config
- doc: add --rcfile to common opts
- doc: Update Korean lxc-attach(1)
- doc: Add --rcfile to Korean common opts
- doc: Add --rcfile to Japanese common opts
- tools: use exit(EXIT_*) everywhere
- tools: unify exit() calls outside of main()
- utils: Add mips signalfd syscall numbers
- seccomp: Implement MIPS seccomp handling
- seccomp: Add mips and mips64 entries to lxc_config_parse_arch
- seccomp: fix strerror()
- confile: add more archs to lxc_config_parse_arch()
- seccomp: add support for s390x
- seccomp: remove double include and order includes
- seccomp: non functional changes
- templates: use fd 9 instead of 200
- templates: fedora requires openssl binary
- tools: use boolean for ret in lxc_device.c
- c/r: use /proc/self/tid/children instead of pidfile
- c/r: Fix pid_t on some arches
- templates: Add mips hostarch detection to debian
- cleanup: replace tabs wth spaces in usage strings
- remove extra 'ret'
- c/r: write status only after trying to parse the pid
- set FULL_PATH_NAMES=NO in doc/api/Doxyfile
- templates: rm halt.target -> sigpwr.target symlink
- templates: remove creation of bogus directory
- console: use correct log name
- configure: add --disable-werror
- tests: fix get_item tests
- templates: use correct cron version in alpine template
- c/r: zero a smaller than known migrate_opts struct
- lxczfs: small fixes
- c/r: free valid_opts if necessary
- make rsync deal with sparse files efficiently
- lxc-create -t debian fails on ppc64el arch
- c/r: fix typo in comment
- cgroup: add new functions for interacting with hierachies
- utils: add lxc_deslashify
- c/r: pass --cgroup-roots on checkpoint
- cgroup: get rid of weird hack in cgfsng_escape
- cgroup: drop cgroup_canonical_path
- c/r: check that cgroup_num_hierarchies > 0
- tools: do not add trailing spaces on lxc-ls -1
- conf: retrieve mtu from netdev->link
- conf: try to retrieve mtu from veth
- c/r: detatch from controlling tty on restore
- Fix null derefence if attach is called without access to any tty
- utils: fix lxc_string_split()
- tools: lxc_deslashify() handle special cases
- tests: add unit tests for lxc_deslashify()
- Fix for ALTLinux container creation in all branches
- utils: lxc_deslashify() free memory
- Fix spelling of CentOS in the templates
- Define LXC_DEVEL to detect development releases
- tools: lxc-checkconfig conditionalize devpts check

  Just like Ubuntu itself, upstream releases long term support releases,
  as is 2.0 and then periodic point releases including all the
  accumulated bugfixes.

  Only the latest upstream release gets full support from the upstream
  developers, everyone else is expected to first update to it before
  receiving any kind of support.

  This bugfix release has already been uploaded to Yakkety and
  automatically backported in the upstream PPAs for all Ubuntu releases.
  So far without any reported regression.

  This should qualify under the minor upstream bugfix release allowance
  of the SRU policy, letting us SRU this without paperwork for every
  single change included in this upstream release.

  Once the SRU hits -updates, we will be backporting this to trusty-
  backports as well, making sure we have the same version everywhere.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1632144/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1645037] Re: apparmor_parser hangs indefinitely when called by multiple threads

[Stéphane Graber]

This has been confirmed to affect both the 4.4 and 4.8 kernels.

** Project changed: apparmor => apparmor (Ubuntu)

** Also affects: linux (Ubuntu)
   Importance: Undecided
   Status: New

** Also affects: apparmor (Ubuntu Zesty)
   Importance: Undecided
   Status: New

** Also affects: linux (Ubuntu Zesty)
   Importance: Undecided
   Status: New

** Also affects: apparmor (Ubuntu Yakkety)
   Importance: Undecided
   Status: New

** Also affects: linux (Ubuntu Yakkety)
   Importance: Undecided
   Status: New

** Also affects: apparmor (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: linux (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: linux (Ubuntu Xenial)
   Status: New => Triaged

** Changed in: linux (Ubuntu Yakkety)
   Status: New => Triaged

** Changed in: linux (Ubuntu Zesty)
   Status: New => Triaged

** No longer affects: apparmor (Ubuntu Xenial)

** No longer affects: apparmor (Ubuntu Yakkety)

** No longer affects: apparmor (Ubuntu Zesty)

** Changed in: apparmor (Ubuntu)
   Status: New => Triaged

** Changed in: apparmor (Ubuntu)
 Assignee: (unassigned) => John Johansen (jjohansen)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1645037

Title:
  apparmor_parser hangs indefinitely when called by multiple threads

Status in apparmor package in Ubuntu:
  Triaged
Status in linux package in Ubuntu:
  Triaged
Status in linux source package in Xenial:
  Triaged
Status in linux source package in Yakkety:
  Triaged
Status in linux source package in Zesty:
  Triaged

Bug description:
  This bug surfaced when starting ~50 LXC container with LXD in parallel
  multiple times:

  # Create the containers
  for c in c foo{1..50}; do lxc launch images:ubuntu/xenial $c; done

  # Exectute this loop multiple times until you observe errors.
  for c in c foo{1..50}; do lxc restart $c & done

  After this you can

  ps aux | grep apparmor

  and you should see output similar to:

  root 19774  0.0  0.0  12524  1116 pts/1S+   20:14   0:00 
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache 
/var/lib/lxd/security/apparmor/profiles/lxd-foo30
  root 19775  0.0  0.0  12524  1208 pts/1S+   20:14   0:00 
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache 
/var/lib/lxd/security/apparmor/profiles/lxd-foo26
  root 19776  0.0  0.0  13592  3224 pts/1D+   20:14   0:00 
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache 
/var/lib/lxd/security/apparmor/profiles/lxd-foo30
  root 19778  0.0  0.0  13592  3384 pts/1D+   20:14   0:00 
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache 
/var/lib/lxd/security/apparmor/profiles/lxd-foo26
  root 19780  0.0  0.0  12524  1208 pts/1S+   20:14   0:00 
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache 
/var/lib/lxd/security/apparmor/profiles/lxd-foo43
  root 19782  0.0  0.0  12524  1208 pts/1S+   20:14   0:00 
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache 
/var/lib/lxd/security/apparmor/profiles/lxd-foo34
  root 19783  0.0  0.0  13592  3388 pts/1D+   20:14   0:00 
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache 
/var/lib/lxd/security/apparmor/profiles/lxd-foo43
  root 19784  0.0  0.0  13592  3252 pts/1D+   20:14   0:00 
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache 
/var/lib/lxd/security/apparmor/profiles/lxd-foo34
  root 19794  0.0  0.0  12524  1208 pts/1S+   20:14   0:00 
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache 
/var/lib/lxd/security/apparmor/profiles/lxd-foo25
  root 19795  0.0  0.0  13592  3256 pts/1D+   20:14   0:00 
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache 
/var/lib/lxd/security/apparmor/profiles/lxd-foo25

  apparmor_parser remains stuck even after all LXC/LXD commands have
  exited.

  dmesg output yields lines like:

  [41902.815174] audit: type=1400 audit(1480191089.678:43):
  apparmor="STATUS" operation="profile_load" profile="unconfined" name
  ="lxd-foo30_" pid=12545 comm="apparmor_parser"

  and cat /proc/12545/stack shows:

  [] aa_remove_profiles+0x88/0x270
  21:19   brauner  [] profile_remove+0x144/0x2e0
  21:19   brauner  [] __vfs_write+0x18/0x40
  21:19   brauner  [] vfs_write+0xb8/0x1b0
  21:19   brauner  [] SyS_write+0x55/0xc0
  21:19   brauner  [] entry_SYSCALL_64_fastpath+0x1e/0xa8
  21:19   brauner  [] 0x

  This looks like a potential kernel bug.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1645037/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More 

[Group.of.nepali.translators] [Bug 1632152] Re: SRU of LXD 2.0.5 (upstream bugfix release)

[Stéphane Graber]

** Changed in: lxd (Ubuntu Trusty)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1632152

Title:
  SRU of LXD 2.0.5 (upstream bugfix release)

Status in lxd package in Ubuntu:
  Invalid
Status in lxd source package in Trusty:
  Fix Released
Status in lxd source package in Xenial:
  Fix Released

Bug description:
  LXD upstream released LXD 2.0.5 as a bugfix release with following changelog:
- Support for AppArmor namespacing and stacking
- Rework LXD daemon logging to be cleaner and more generally useful
- "lxc info CONTAINER" now shows the name of the remote for the container
- Client errors now include the remote the container is on
- /snap/bin is included to PATH if present in the container
- doc: Add txqueuelen tweak.
- doc: Clarify that user_subvol_rm_allowed is needed for btrfs nesting
- doc: Fix the table style of environment.md
- doc: Fix typos in production-setup.md
- doc: Remove trailing spaces in production-setup.md
- doc: Spacing cleanup
- extras: Containers state checking for start, stop and exec commands
- extras: Fixed container convert from LXC to LXD
- fuidshift: expand symlinks to last path component
- lxc: Drop unused httpAddr property
- lxc/exec: Document lxc exec -- args
- lxc/exec: Use os.LookupEnv from go 1.5 to find environment vars
- lxc: Fix spacing alignment in config.go's examples
- lxc/help: Send error to stdout
- lxd/apparmor: Be less restrictive when unprivileged
- lxd-bridge: Fail on dnsmasq failure
- lxd-bridge: Fix crash in lxd-bridge-proxy
- lxd: Consistently handle name conflicts
- lxd/container: Allow unsetting any config key
- lxd/container_lxc: handle xattrs
- lxd/container: Retry generating petnames
- lxd/container: Return an error on "restart" without force when paused
- lxd/container: Rework container operation locking
- lxd/daemon: Do our own socket activation
- lxd/db: Fix int64 handling
- lxd/db: Make a database backup on schema updates
- lxd/db: Rework DB schema updates
- lxd/image: Fix support for lzma alone file format
- lxd/image: Tweak squashfs for low-memory systems
- lxd/init: Change default host to all (::)
- lxd/init: Change validation functions for consistency
- lxd/init: Default to "dir" when "zfs" isn't available
- lxd/init: Don't fail when passed "all" as an IP
- lxd/init: Enable compression on new zfs pools
- lxd/init: Fix listed default value for ZFS pool
- lxd/init: use more intelligent logic for partition sizing
- lxd/migration: Fix copying across different CoW based backend
- lxd/migration: Also show warnings on c/r errors
- lxd/migration: Bump ghost limit
- lxd/migration: Don't use ActionScript if it's not available
- lxd/migration: Preserve snapshot configuration
- lxd/migration: Resume dumped container on failed restore
- lxd/migration: Use liblxc's new preserves_inodes feature
- lxd/network: Detect bonds
- lxd/network: Detect openvswitch
- lxd/network: Fix networkIsInUse
- lxd/network: Move and rename isOnBridge
- lxd/profile: Cleaner error on existing profile name
- lxd/profile: Properly cleanup on profile removal
- lxd/storage: Copy everything on container copy
- lxd/storage: Extra checks and config for ZFS pools
- Makefile: Don't recursively include test deps
- README: Add AppVeyor badge (Windows testing)
- shared: Add GetOwner stub for Windows
- shared: Generate client certificate with proper extended usage info
- shared: Make TestReaderToChannel transfer smaller
- shared: New RunCommand wrapper function
- tests: Add a test to make sure we don't accidentally include new deps
- tests: add test for GetAllXattr()
- tests: Fix apparmor version check
- tests: Fix for newer shellcheck
- tests: Force UTC timezone
- tests: Only check leftovers on active LXD
- tests: skip tests when xatts are not supported

  Just like Ubuntu itself, upstream releases long term support releases,
  as is 2.0 and then periodic point releases including all the
  accumulated bugfixes.

  Only the latest upstream release gets full support from the upstream
  developers, everyone else is expected to first update to it before
  receiving any kind of support.

  This bugfix release has already been uploaded to Yakkety and
  automatically backported in the upstream PPAs for all Ubuntu releases.
  So far without any reported regression.

  This should qualify under the minor upstream bugfix release allowance
  of the SRU policy, letting us SRU this without paperwork for every
  single change included in this upstream release.

  Once the SRU hits -updates, we will be backporting this to trusty-
  backports a

[Group.of.nepali.translators] [Bug 1644377] [NEW] SRU of LXD 2.0.6 (upstream bugfix release)

[Stéphane Graber]

stream release gets full support from the upstream
developers, everyone else is expected to first update to it before
receiving any kind of support.

This should qualify under the minor upstream bugfix release allowance of
the SRU policy, letting us SRU this without paperwork for every single
change included in this upstream release.

Once the SRU hits -updates, we will be backporting this to trusty-
backports as well, making sure we have the same version everywhere.

** Affects: lxd (Ubuntu)
 Importance: Undecided
 Status: Invalid

** Affects: lxd (Ubuntu Trusty)
 Importance: Undecided
 Assignee: Stéphane Graber (stgraber)
 Status: Triaged

** Affects: lxd (Ubuntu Xenial)
 Importance: Undecided
 Assignee: Stéphane Graber (stgraber)
 Status: In Progress

** Changed in: lxd (Ubuntu)
   Status: New => Invalid

** Also affects: lxd (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: lxd (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Changed in: lxd (Ubuntu Trusty)
   Status: New => In Progress

** Changed in: lxd (Ubuntu Xenial)
   Status: New => In Progress

** Changed in: lxd (Ubuntu Trusty)
   Status: In Progress => Triaged

** Changed in: lxd (Ubuntu Trusty)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

** Changed in: lxd (Ubuntu Xenial)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1644377

Title:
  SRU of LXD 2.0.6 (upstream bugfix release)

Status in lxd package in Ubuntu:
  Invalid
Status in lxd source package in Trusty:
  Triaged
Status in lxd source package in Xenial:
  In Progress

Bug description:
  LXD upstream released LXD 2.0.6 as a bugfix release with following changelog:
   - Support for container specific uid/gid maps (see userns-idmap.md)
   - appveyor: Add config to git (Issue #2537)
   - appveyor: Cleanup appveyor.yml before modifications
   - appveyor: Create archive with platform specifier in its name
   - appveyor: Do verbose testing for test names and timings
   - appveyor: Publish compiled binaries for download
   - client: Rework progress handling
   - doc: Add hacking guide (debugging.md)
   - doc: Add official Windows support in README
   - doc: Bump liblxc version required in README
   - doc: Sort API endpoints in rest-api.md
   - doc: Update README to specify docker installation details
   - doc: Update requirements, we actually require 2.0.0 or higher
   - doc: Use consistent method ordering in rest-api.md
   - extra/bash: Allow dash in parameters to lxc-client bash-completion
   - extra/bash: Fix _lxd_profiles in lxc-client bash-completion
   - extra/lxc-to-lxd: Better output with no container
   - extra/lxc-to-lxd: Check that source path exists (disk) (Issue #2572)
   - extra/lxc-to-lxd: Consistent logging
   - extra/lxc-to-lxd: Don't fail dry-run with runnning containers
   - extra/lxc-to-lxd: Drop dependency on pylxd
   - extra/lxc-to-lxd: Fix lxdpath handling
   - extra/lxc-to-lxd: Formatting
   - extra/lxc-to-lxd: Migrate lxc.aa_profile if set
   - extra/lxc-to-lxd: Print summary and proper exit code
   - lxc/copy: Don't use the operation as a marker of success
   - lxc/copy: Wait on the source operation too
   - lxc/delete: update help text
   - lxc/exec: Set term to "dumb" on windows (Issue #2288)
   - lxc/finger: update help text
   - lxc: Fix tests on Windows/Mac
   - lxc/list: Fix typo in help message
   - lxc/remote: Fix remote add with Go tip
   - lxc/restore: update help text
   - lxc: Use .yaml as the yaml extension in examples
   - lxd/certificates: Export all documented certificate fields
   - lxd/containers: Add /snap/bin to PATH even if only /snap exists
   - lxd/containers: Also clean up apparmor stuff in OnStart when something 
fails
   - lxd/containers: Attach to userns on file operations
   - lxd/containers: Be more verbose on mkdir failure
   - lxd/containers: Better handle concurent stop/shutdown
   - lxd/containers: Catch and return more errors in OnStop
   - lxd/containers: Clarify container delete failure error
   - lxd/containers: Don't destroy ephemeral container on restart (Issue #2555)
   - lxd/containers: Don't double delete ephemeral containers
   - lxd/containers: Don't show invalid logs
   - lxd/containers: Fix forkmount to work with 4.8 and higher
   - lxd/containers: Fix invalid filename of metadata on export (Issue #2467)
   - lxd/containers: Improve config validation on update
   - lxd/containers: Improve container error handling
   - lxd/containers: Improve container locking mechanism (Issue #2612)
   - lxd/containers: log OnStart/OnStop hook errors
   - lxd/containers: More reliable container autostart (Issue #2469)
   - lxd/containers: Only load kernel modules if

[Group.of.nepali.translators] [Bug 1635639] Re: Seccomp error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x

[Stéphane Graber]

** Changed in: lxc (Ubuntu Zesty)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1635639

Title:
  Seccomp  error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x

Status in juju-ci-tools:
  Fix Released
Status in lxc package in Ubuntu:
  Fix Released
Status in lxc source package in Xenial:
  Fix Released
Status in lxc source package in Yakkety:
  Fix Released
Status in lxc source package in Zesty:
  Fix Released

Bug description:
  ## SRU paperwork
  ### Rationale
  LXC 2.0.5 added support for Seccomp on the s390x architecture for those 
kernels that support it. Unfortunately the personality handling for s390x is 
wrong and results in the profile being setup twice, causing a failure to start 
the container.

  This effectively means that LXC 2.0.5 fails out of the box on s390x.

  ### Test case
  With LXC:
   - lxc-start -n some-container -F

  With LXD:
   - lxc start some-container

  ### Regression potential
  Our own testing shows that the fix works perfectly fine. The code change 
itself only affects s390x (under ifdef) so can't possibly affect the other 
architectures.

  The worst that can happen should this fix be wrong is either status
  quo (container won't start) or having the container start without
  seccomp support (status quo when compared to 2.0.4).


  ## Original bug report
  The s390x host used to Juju testing spontaneously broke today.
  The disk filled up, we restarted so that we could remove unused
  kernels. We discovered that lxc1 cannot create containers any more.

  $ sudo lxc-create -t ubuntu-cloud -n curtis -- -r xenial -a s390x

  $ sudo lxc-start -o lxc.log -n curtis
  lxc-start: tools/lxc_start.c: main: 344 The container failed to start.
  lxc-start: tools/lxc_start.c: main: 346 To get more details, run the 
container in foreground mode.
  lxc-start: tools/lxc_start.c: main: 348 Additional information can be 
obtained by setting the --logfile and --logpriority options.

  $ cat lxc.log
    lxc-start 20161020121833.069 ERRORlxc_seccomp - 
seccomp.c:get_new_ctx:224 - Seccomp error -17 (File exists) adding arch: 15
    lxc-start 20161020121833.069 ERRORlxc_start - start.c:lxc_init:430 
- failed loading seccomp policy
    lxc-start 20161020121833.069 ERRORlxc_start - 
start.c:__lxc_start:1313 - failed to initialize the container
    lxc-start 20161020121838.075 ERRORlxc_start_ui - 
tools/lxc_start.c:main:344 - The container failed to start.
    lxc-start 20161020121838.075 ERRORlxc_start_ui - 
tools/lxc_start.c:main:346 - To get more details, run the container in 
foreground mode.
    lxc-start 20161020121838.075 ERRORlxc_start_ui - 
tools/lxc_start.c:main:348 - Additional information can be obtained by setting 
the --logfile and --logpriority options.

  #  sinzui: checking when s390x seccomp support was added to the
  # kernel, to see if it's just a missing config in our kernel that'd fix that
  # cleanly or if we'd need it backported to 4.4 which would be a bit more
  # annoying
  #  sinzui: config-4.4.0-45-generic is what you're running right?
  #  stgraber uname-a says 4.4.0-45-generic
  # stgraber> sinzui: you can workaround it by putting a file
  # with lxc.seccomp=
  # in /usr/share/lxc/config/common.conf.d/, that should get you going again

  WORK AROUND for LXC 1
  # on the s390x-slave
  sudo vim /usr/share/lxc/config/common.conf.d/10-secomp-hack.conf
  $ cat /usr/share/lxc/config/common.conf.d/10-secomp-hack.conf
  # Advised to stgraber to add this file after seeing lxc-start fail with
  # lxc-start 20161020121833.069 ERRORlxc_seccomp - seccomp.
  lxc.seccomp=

To manage notifications about this bug go to:
https://bugs.launchpad.net/juju-ci-tools/+bug/1635639/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1628289] Update Released

[Stéphane Graber]

The verification of the Stable Release Update for squashfuse has
completed successfully and the package has now been released to
-updates.  Subsequently, the Ubuntu Stable Release Updates Team is being
unsubscribed and will not receive messages about this bug report.  In
the event that you encounter a regression using the package from
-updates please report a new bug using ubuntu-bug and tag the bug report
regression-update so we can easily find any regressions.

** Changed in: squashfuse (Ubuntu)
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1628289

Title:
  snapd should depend on squashfuse (for use in containers)

Status in Snappy:
  New
Status in squashfuse package in Ubuntu:
  Fix Released
Status in squashfuse source package in Xenial:
  Fix Released

Bug description:
  We're finally making progress on the apparmor stacking and snapd in
  container front. The next LXD release will include the needed support
  as will the kernel soon afterwards.

  With that, one can finally get snaps to install inside containers, but
  for any of it to work, squashfuse must be present in the container so
  that snapd can use it to mount the filesystem.

  squashfuse is in the archive and I've contributed support to snapd a
  while back, so all that should be needed is for the snapd package to
  be updated to depend or at least recommend squashfuse.

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1628289/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1632152] [NEW] SRU of LXD 2.0.5 (upstream bugfix release)

[Stéphane Graber]

Public bug reported:

LXD upstream released LXD 2.0.5 as a bugfix release with following changelog:
  - Support for AppArmor namespacing and stacking
  - Rework LXD daemon logging to be cleaner and more generally useful
  - "lxc info CONTAINER" now shows the name of the remote for the container
  - Client errors now include the remote the container is on
  - /snap/bin is included to PATH if present in the container
  - doc: Add txqueuelen tweak.
  - doc: Clarify that user_subvol_rm_allowed is needed for btrfs nesting
  - doc: Fix the table style of environment.md
  - doc: Fix typos in production-setup.md
  - doc: Remove trailing spaces in production-setup.md
  - doc: Spacing cleanup
  - extras: Containers state checking for start, stop and exec commands
  - extras: Fixed container convert from LXC to LXD
  - fuidshift: expand symlinks to last path component
  - lxc: Drop unused httpAddr property
  - lxc/exec: Document lxc exec -- args
  - lxc/exec: Use os.LookupEnv from go 1.5 to find environment vars
  - lxc: Fix spacing alignment in config.go's examples
  - lxc/help: Send error to stdout
  - lxd/apparmor: Be less restrictive when unprivileged
  - lxd-bridge: Fail on dnsmasq failure
  - lxd-bridge: Fix crash in lxd-bridge-proxy
  - lxd: Consistently handle name conflicts
  - lxd/container: Allow unsetting any config key
  - lxd/container_lxc: handle xattrs
  - lxd/container: Retry generating petnames
  - lxd/container: Return an error on "restart" without force when paused
  - lxd/container: Rework container operation locking
  - lxd/daemon: Do our own socket activation
  - lxd/db: Fix int64 handling
  - lxd/db: Make a database backup on schema updates
  - lxd/db: Rework DB schema updates
  - lxd/image: Fix support for lzma alone file format
  - lxd/image: Tweak squashfs for low-memory systems
  - lxd/init: Change default host to all (::)
  - lxd/init: Change validation functions for consistency
  - lxd/init: Default to "dir" when "zfs" isn't available
  - lxd/init: Don't fail when passed "all" as an IP
  - lxd/init: Enable compression on new zfs pools
  - lxd/init: Fix listed default value for ZFS pool
  - lxd/init: use more intelligent logic for partition sizing
  - lxd/migration: Fix copying across different CoW based backend
  - lxd/migration: Also show warnings on c/r errors
  - lxd/migration: Bump ghost limit
  - lxd/migration: Don't use ActionScript if it's not available
  - lxd/migration: Preserve snapshot configuration
  - lxd/migration: Resume dumped container on failed restore
  - lxd/migration: Use liblxc's new preserves_inodes feature
  - lxd/network: Detect bonds
  - lxd/network: Detect openvswitch
  - lxd/network: Fix networkIsInUse
  - lxd/network: Move and rename isOnBridge
  - lxd/profile: Cleaner error on existing profile name
  - lxd/profile: Properly cleanup on profile removal
  - lxd/storage: Copy everything on container copy
  - lxd/storage: Extra checks and config for ZFS pools
  - Makefile: Don't recursively include test deps
  - README: Add AppVeyor badge (Windows testing)
  - shared: Add GetOwner stub for Windows
  - shared: Generate client certificate with proper extended usage info
  - shared: Make TestReaderToChannel transfer smaller
  - shared: New RunCommand wrapper function
  - tests: Add a test to make sure we don't accidentally include new deps
  - tests: add test for GetAllXattr()
  - tests: Fix apparmor version check
  - tests: Fix for newer shellcheck
  - tests: Force UTC timezone
  - tests: Only check leftovers on active LXD
  - tests: skip tests when xatts are not supported

Just like Ubuntu itself, upstream releases long term support releases,
as is 2.0 and then periodic point releases including all the accumulated
bugfixes.

Only the latest upstream release gets full support from the upstream
developers, everyone else is expected to first update to it before
receiving any kind of support.

This bugfix release has already been uploaded to Yakkety and
automatically backported in the upstream PPAs for all Ubuntu releases.
So far without any reported regression.

This should qualify under the minor upstream bugfix release allowance of
the SRU policy, letting us SRU this without paperwork for every single
change included in this upstream release.

Once the SRU hits -updates, we will be backporting this to trusty-
backports as well, making sure we have the same version everywhere.

** Affects: lxd (Ubuntu)
 Importance: Undecided
 Status: Invalid

** Affects: lxd (Ubuntu Trusty)
 Importance: Undecided
 Assignee: Stéphane Graber (stgraber)
 Status: Triaged

** Affects: lxd (Ubuntu Xenial)
 Importance: Undecided
 Assignee: Stéphane Graber (stgraber)
 Status: In Progress

** Changed in: lxd (Ubuntu)
   Status: New => Invalid

** Also affects: lxd (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: lxd (

[Group.of.nepali.translators] [Bug 1632144] [NEW] SRU of LXC 2.0.5 (upstream bugfix release)

[Stéphane Graber]

Public bug reported:

LXC upstream released LXC 2.0.5 as a bugfix release with following changelog:
  - Fix .gitignore after /tools/ split
  - Add lxc-test-utils to .gitignore
  - bdev: use correct overlay module name
  - cleanup: tools: remove --name from lxc-top usage message
  - cleanup: whitespaces in option alignment for lxc-execute
  - Use full GPG fingerprint instead of long IDs.
  - tools: move --rcfile to the common options list
  - tools: set configfile after load_config
  - doc: add --rcfile to common opts
  - doc: Update Korean lxc-attach(1)
  - doc: Add --rcfile to Korean common opts
  - doc: Add --rcfile to Japanese common opts
  - tools: use exit(EXIT_*) everywhere
  - tools: unify exit() calls outside of main()
  - utils: Add mips signalfd syscall numbers
  - seccomp: Implement MIPS seccomp handling
  - seccomp: Add mips and mips64 entries to lxc_config_parse_arch
  - seccomp: fix strerror()
  - confile: add more archs to lxc_config_parse_arch()
  - seccomp: add support for s390x
  - seccomp: remove double include and order includes
  - seccomp: non functional changes
  - templates: use fd 9 instead of 200
  - templates: fedora requires openssl binary
  - tools: use boolean for ret in lxc_device.c
  - c/r: use /proc/self/tid/children instead of pidfile
  - c/r: Fix pid_t on some arches
  - templates: Add mips hostarch detection to debian
  - cleanup: replace tabs wth spaces in usage strings
  - remove extra 'ret'
  - c/r: write status only after trying to parse the pid
  - set FULL_PATH_NAMES=NO in doc/api/Doxyfile
  - templates: rm halt.target -> sigpwr.target symlink
  - templates: remove creation of bogus directory
  - console: use correct log name
  - configure: add --disable-werror
  - tests: fix get_item tests
  - templates: use correct cron version in alpine template
  - c/r: zero a smaller than known migrate_opts struct
  - lxczfs: small fixes
  - c/r: free valid_opts if necessary
  - make rsync deal with sparse files efficiently
  - lxc-create -t debian fails on ppc64el arch
  - c/r: fix typo in comment
  - cgroup: add new functions for interacting with hierachies
  - utils: add lxc_deslashify
  - c/r: pass --cgroup-roots on checkpoint
  - cgroup: get rid of weird hack in cgfsng_escape
  - cgroup: drop cgroup_canonical_path
  - c/r: check that cgroup_num_hierarchies > 0
  - tools: do not add trailing spaces on lxc-ls -1
  - conf: retrieve mtu from netdev->link
  - conf: try to retrieve mtu from veth
  - c/r: detatch from controlling tty on restore
  - Fix null derefence if attach is called without access to any tty
  - utils: fix lxc_string_split()
  - tools: lxc_deslashify() handle special cases
  - tests: add unit tests for lxc_deslashify()
  - Fix for ALTLinux container creation in all branches
  - utils: lxc_deslashify() free memory
  - Fix spelling of CentOS in the templates
  - Define LXC_DEVEL to detect development releases
  - tools: lxc-checkconfig conditionalize devpts check

Just like Ubuntu itself, upstream releases long term support releases,
as is 2.0 and then periodic point releases including all the accumulated
bugfixes.

Only the latest upstream release gets full support from the upstream
developers, everyone else is expected to first update to it before
receiving any kind of support.

This bugfix release has already been uploaded to Yakkety and
automatically backported in the upstream PPAs for all Ubuntu releases.
So far without any reported regression.

This should qualify under the minor upstream bugfix release allowance of
the SRU policy, letting us SRU this without paperwork for every single
change included in this upstream release.

Once the SRU hits -updates, we will be backporting this to trusty-
backports as well, making sure we have the same version everywhere.

** Affects: lxc (Ubuntu)
 Importance: Undecided
 Status: Fix Released

** Affects: lxc (Ubuntu Trusty)
 Importance: Undecided
 Assignee: Stéphane Graber (stgraber)
 Status: Triaged

** Affects: lxc (Ubuntu Xenial)
 Importance: Undecided
 Assignee: Stéphane Graber (stgraber)
 Status: In Progress

** Changed in: lxc (Ubuntu)
   Status: New => Fix Released

** Also affects: lxc (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: lxc (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Changed in: lxc (Ubuntu Trusty)
   Status: New => Triaged

** Changed in: lxc (Ubuntu Xenial)
   Status: New => In Progress

** Changed in: lxc (Ubuntu Trusty)
     Assignee: (unassigned) => Stéphane Graber (stgraber)

** Changed in: lxc (Ubuntu Xenial)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1632144

Title:
  SRU of LXC 2.0.5 (upstream bugfix release)

Status in lxc package i

[Group.of.nepali.translators] [Bug 1615099] Re: SRU of LXC 2.0.4 (upstream bugfix release)

[Stéphane Graber]

** Changed in: lxc (Ubuntu Trusty)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1615099

Title:
  SRU of LXC 2.0.4 (upstream bugfix release)

Status in lxc package in Ubuntu:
  Fix Released
Status in lxc source package in Trusty:
  Fix Released
Status in lxc source package in Xenial:
  Fix Released

Bug description:
  LXC upstream released LXC 2.0.4 as a bugfix release with following changelog:
  - core: Add a prefix to the lxc.pc
  - core: Add flag in mount_entry to skip NODEV in case of a
persistent dev entry
  - core: Add missing cgroup namespace to ns_info struct
  - core: attach: setns instead of unshare in lxc-attach
  - core: bdev: Add subdirectories to search path
  - core: bdev: Be smarter about btrfs subvolume detection
  - core: cgfsng: Don't pre-calculate path
  - core: cgfsng: Fix is_lxcfs() and is_cgroupfs()
  - core: cgroups: Move cgroup files to common subfolder
  - core: conf: Set pty_info to NULL after free
  - core: Detect if we should send SIGRTMIN+3
  - core: Replace readdir_r() with readdir()
  - core: Set up MTU for vlan-type interfaces.
  - core: tools, tests: Reorganize repo
  - c/r: Add support for CRIU's --action-script
  - c/r: Add support for ghost-limit in CRIU
  - c/r: Drop in-flight connections during CRIU dump
  - c/r: Initialize migrate_opts properly
  - c/r: Make local function static
  - c/r: Replace tmpnam() with mkstemp()
  - c/r: Store criu version
  - c/r: Use PRIu64 format specifier
  - doc: Fix typo found by lintian
  - doc: Update Japanese lxc-attach(1)
  - doc: Update lxc-attach(1)
  - lxc-attach: Add -f option (rcfile)
  - lxc-attach: Cleanup whitespaces
  - lxc-create: Add missing newline in output
  - lxc-ls: Use correct runtime path
  - templates: alpine: Add support for new arch
  - templates: alpine: Mount tmpfs under /run
  - templates: debian: Add more quotes to variables (at least $rootfs
should now be covered)
  - templates: debian: Avoid noisy perl warnings caused by missing locales
  - templates: debian: fix regression when creating wheezy containers
  - templates: debian: Make shellcheck (Ubuntu: 0.3.7-5 amd64) most
possible happy
  - tests: Add unit tests for lxc_string_in_array()
  - tests: Add unit tests for lxc_string_replace()

  
  Just like Ubuntu itself, upstream releases long term support releases, as is 
2.0 and then periodic point releases including all the accumulated bugfixes.

  Only the latest upstream release gets full support from the upstream
  developers, everyone else is expected to first update to it before
  receiving any kind of support.

  This bugfix release has already been uploaded to Yakkety and
  automatically backported in the upstream PPAs for all Ubuntu releases.
  So far without any reported regression.

  This should qualify under the minor upstream bugfix release allowance
  of the SRU policy, letting us SRU this without paperwork for every
  single change included in this upstream release.

  Once the SRU hits -updates, we will be backporting this to trusty-
  backports as well, making sure we have the same version everywhere.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1615099/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1615109] Re: SRU of LXCFS 2.0.3 (upstream bugfix release)

[Stéphane Graber]

** Changed in: lxcfs (Ubuntu Trusty)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1615109

Title:
  SRU of LXCFS 2.0.3 (upstream bugfix release)

Status in lxcfs package in Ubuntu:
  Fix Released
Status in lxcfs source package in Trusty:
  Fix Released
Status in lxcfs source package in Xenial:
  Fix Released

Bug description:
  LXCFS upstream released LXC 2.0.3 as a bugfix release with following 
changelog:
   - Skip empty entries under /proc/self/cgroup
   - Setup and use a minimal chroot and mount namespace for cgroup mounts
   - Code cleanup and minor refactoring

  Just like Ubuntu itself, upstream releases long term support releases,
  as is 2.0 and then periodic point releases including all the
  accumulated bugfixes.

  Only the latest upstream release gets full support from the upstream
  developers, everyone else is expected to first update to it before
  receiving any kind of support.

  This bugfix release has already been uploaded to Yakkety and
  automatically backported in the upstream PPAs for all Ubuntu releases.
  So far without any reported regression.

  This should qualify under the minor upstream bugfix release allowance
  of the SRU policy, letting us SRU this without paperwork for every
  single change included in this upstream release.

  Once the SRU hits -updates, we will be backporting this to trusty-
  backports as well, making sure we have the same version everywhere.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/1615109/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1632140] [NEW] SRU of LXCFS 2.0.4 (upstream bugfix release)

[Stéphane Graber]

Public bug reported:

LXCFS upstream released LXCFS 2.0.4 as a bugfix release with following 
changelog:
  - Fix test_reload for lxcfs chroot
  - Virtualize more of the meminfo fields
  - pam: fix race in cgroup creation
  - meminfo: don't show negative swapfree
  - bindings: improve debugging
  - bindings: use openat fd for fstatat(), unlinkat()
  - bindings: close open fds on error
  - bindings: grant access to /var/lib/lxcfs
  - bindings: enable access to /var/lib/lxcfs/cgroup
  - bindings: allow access to /var/lib/lxcfs/proc
  - lxcfs, bindings: show "." and ".." dir entries
  - lxcfs: better fs behavior on /var/lib/lxcfs
  - bindings: non functional changes
  - bindings: set errno in pick_controller_from_path()
  - bindings: more consistent fs behavior
  - add pld linux support
  - don't use argv[0] in usage output
  - bindings: revert cgroup check
  - bindings: improve returned errnos
  - bindings: make rmdir behave more consistently
  - libtool: do not link lxcfs against liblxcfs
  - bindings, lxcfs: improve debugging
  - bindings: fix debug macro
  - autotools: add -avoid-version
  - bindings: restore original working directory
  - bindings: add function to check fs type
  - bindings: agnostic naming
  - bindings: use chroot() on ramfs
  - bindings: fix type weirdness with statfs f_type
  - bindings: make pivot_enter() contain all its code

Just like Ubuntu itself, upstream releases long term support releases,
as is 2.0 and then periodic point releases including all the accumulated
bugfixes.

Only the latest upstream release gets full support from the upstream
developers, everyone else is expected to first update to it before
receiving any kind of support.

This bugfix release has already been uploaded to Yakkety and
automatically backported in the upstream PPAs for all Ubuntu releases.
So far without any reported regression.

This should qualify under the minor upstream bugfix release allowance of
the SRU policy, letting us SRU this without paperwork for every single
change included in this upstream release.

Once the SRU hits -updates, we will be backporting this to trusty-
backports as well, making sure we have the same version everywhere.

** Affects: lxcfs (Ubuntu)
 Importance: Undecided
 Status: Fix Released

** Affects: lxcfs (Ubuntu Trusty)
 Importance: Undecided
 Assignee: Stéphane Graber (stgraber)
 Status: Triaged

** Affects: lxcfs (Ubuntu Xenial)
 Importance: Undecided
 Assignee: Stéphane Graber (stgraber)
 Status: In Progress

** Changed in: lxcfs (Ubuntu)
   Status: New => Fix Released

** Also affects: lxcfs (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: lxcfs (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Changed in: lxcfs (Ubuntu Xenial)
   Status: New => In Progress

** Changed in: lxcfs (Ubuntu Xenial)
     Assignee: (unassigned) => Stéphane Graber (stgraber)

** Changed in: lxcfs (Ubuntu Trusty)
   Status: New => Triaged

** Changed in: lxcfs (Ubuntu Trusty)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

** Description changed:

- LXCFS upstream released LXC 2.0.4 as a bugfix release with following 
changelog:
-   - Fix test_reload for lxcfs chroot
-   - Virtualize more of the meminfo fields
-   - pam: fix race in cgroup creation
-   - meminfo: don't show negative swapfree
-   - bindings: improve debugging
-   - bindings: use openat fd for fstatat(), unlinkat()
-   - bindings: close open fds on error
-   - bindings: grant access to /var/lib/lxcfs
-   - bindings: enable access to /var/lib/lxcfs/cgroup
-   - bindings: allow access to /var/lib/lxcfs/proc
-   - lxcfs, bindings: show "." and ".." dir entries
-   - lxcfs: better fs behavior on /var/lib/lxcfs
-   - bindings: non functional changes
-   - bindings: set errno in pick_controller_from_path()
-   - bindings: more consistent fs behavior
-   - add pld linux support
-   - don't use argv[0] in usage output
-   - bindings: revert cgroup check
-   - bindings: improve returned errnos
-   - bindings: make rmdir behave more consistently
-   - libtool: do not link lxcfs against liblxcfs
-   - bindings, lxcfs: improve debugging
-   - bindings: fix debug macro
-   - autotools: add -avoid-version
-   - bindings: restore original working directory
-   - bindings: add function to check fs type
-   - bindings: agnostic naming
-   - bindings: use chroot() on ramfs
-   - bindings: fix type weirdness with statfs f_type
-   - bindings: make pivot_enter() contain all its code
+ LXCFS upstream released LXCFS 2.0.4 as a bugfix release with following 
changelog:
+   - Fix test_reload for lxcfs chroot
+   - Virtualize more of the meminfo fields
+   - pam: fix race in cgroup creation
+   - meminfo: don't show negative swapfree
+   - bindings: improve debugging
+   - bindings: use openat fd for fstatat(), unlinkat()
+   - bindings: close open fds on error

[Group.of.nepali.translators] [Bug 1621557] Re: Refresh go-lxc in Xenial for upcoming LXD stable release

[Stéphane Graber]

** Patch added: "go-lxc.debdiff"
   
https://bugs.launchpad.net/ubuntu/+source/golang-gopkg-lxc-go-lxc.v2/+bug/1621557/+attachment/4736970/+files/go-lxc.debdiff

** Changed in: golang-gopkg-lxc-go-lxc.v2 (Ubuntu)
   Status: New => Fix Released

** Also affects: golang-gopkg-lxc-go-lxc.v2 (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: golang-gopkg-lxc-go-lxc.v2 (Ubuntu Xenial)
   Status: New => In Progress

** Changed in: golang-gopkg-lxc-go-lxc.v2 (Ubuntu Xenial)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

** Changed in: golang-gopkg-lxc-go-lxc.v2 (Ubuntu Xenial)
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1621557

Title:
  Refresh go-lxc in Xenial for upcoming LXD stable release

Status in golang-gopkg-lxc-go-lxc.v2 package in Ubuntu:
  Fix Released
Status in golang-gopkg-lxc-go-lxc.v2 source package in Xenial:
  In Progress

Bug description:
  Hello,

  The next LXD stable release (2.0.5) will be depending on a couple of
  recent additions to the go-lxc package. Those additions export a few
  more flags from CRIU that liblxc support which allow fixing a large
  number of race conditions around live migration.

  So while those extra flags may count as features as far as go-lxc is
  concerned, they are needed for bugfixes to LXD.

  lxd is the only downstream user of go-lxc in the archive and those
  changes are perfectly backward compatible so out of archive packages
  will not break with this.

  The version we'd like to get in Xenial has now been in Yakkety for
  over a month.

  Changelog from 0.0~git20160405.0.85d46fc-0ubuntu2 to 
0.0~git20160803.0.f8a6938-0ubuntu1:
   - BUGFIX: removed definition check at restore
   - BUGFIX: fixed restore from checkpoint (was always failing)
   - EXTRA FLAG: c/r: add support for liblxc's ghost_limit
   - EXTRA FLAG: c/r: add support for liblxc's action_script
   - BUGFIX: actually send the predump dir through
   - EXTRA FLAG: c/r: add support for lxc's preserves_inodes
   - CLEANUP: remove commented out code
   - BUGFIX: Silence go get warning

  Debdiff attached.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/golang-gopkg-lxc-go-lxc.v2/+bug/1621557/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1619767] Re: Session load command is broken

[Stéphane Graber]

** Also affects: ltt-control (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Changed in: ltt-control (Ubuntu)
   Status: New => Fix Released

** Changed in: ltt-control (Ubuntu Trusty)
   Status: New => In Progress

** No longer affects: ltt-control (Ubuntu Trusty)

** Also affects: ltt-control (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: ltt-control (Ubuntu Xenial)
   Status: New => In Progress

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1619767

Title:
  Session load command is broken

Status in ltt-control package in Ubuntu:
  Fix Released
Status in ltt-control source package in Xenial:
  In Progress

Bug description:
  [Impact]

  Loading a saved lttng session is currently impossible because of a
  missing file in the package. Trying to load a session results in the
  following error:

  root@session:~# lttng load toto
  I/O warning : failed to load external entity 
"/usr/share/xml/lttng/session.xsd"
  XML Error: Failed to locate the main schema resource at 
'/usr/share/xml/lttng/session.xsd'.
  Error: XSD parsing failed
  Error: Invalid session configuration

  
  [Test Case]

   * Install lttng

apt-get install lttng-tools

   * Create, save and delete a session

lttng create mysession
lttng enable-event -u -a
lttng save mysession
lttng destroy mysession

   * Load the saved session

lttng load mysession

* Loading the session should succeed.

  
  [Regression Potential] 

   * Regression is very unlikely, we are only adding a missing file to
  the package.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ltt-control/+bug/1619767/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1615109] [NEW] SRU of LXCFS 2.0.3 (upstream bugfix release)

[Stéphane Graber]

Public bug reported:

LXCFS upstream released LXC 2.0.3 as a bugfix release with following changelog:
 - Skip empty entries under /proc/self/cgroup
 - Setup and use a minimal chroot and mount namespace for cgroup mounts
 - Code cleanup and minor refactoring

Just like Ubuntu itself, upstream releases long term support releases,
as is 2.0 and then periodic point releases including all the accumulated
bugfixes.

Only the latest upstream release gets full support from the upstream
developers, everyone else is expected to first update to it before
receiving any kind of support.

This bugfix release has already been uploaded to Yakkety and
automatically backported in the upstream PPAs for all Ubuntu releases.
So far without any reported regression.

This should qualify under the minor upstream bugfix release allowance of
the SRU policy, letting us SRU this without paperwork for every single
change included in this upstream release.

Once the SRU hits -updates, we will be backporting this to trusty-
backports as well, making sure we have the same version everywhere.

** Affects: lxcfs (Ubuntu)
 Importance: Undecided
 Status: Fix Released

** Affects: lxcfs (Ubuntu Trusty)
 Importance: Undecided
 Assignee: Stéphane Graber (stgraber)
 Status: Triaged

** Affects: lxcfs (Ubuntu Xenial)
 Importance: Undecided
 Assignee: Stéphane Graber (stgraber)
 Status: Triaged

** Changed in: lxcfs (Ubuntu)
   Status: New => Fix Released

** Also affects: lxcfs (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: lxcfs (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Changed in: lxcfs (Ubuntu Trusty)
   Status: New => Triaged

** Changed in: lxcfs (Ubuntu Xenial)
   Status: New => Triaged

** Changed in: lxcfs (Ubuntu Trusty)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

** Changed in: lxcfs (Ubuntu Xenial)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1615109

Title:
  SRU of LXCFS 2.0.3 (upstream bugfix release)

Status in lxcfs package in Ubuntu:
  Fix Released
Status in lxcfs source package in Trusty:
  Triaged
Status in lxcfs source package in Xenial:
  Triaged

Bug description:
  LXCFS upstream released LXC 2.0.3 as a bugfix release with following 
changelog:
   - Skip empty entries under /proc/self/cgroup
   - Setup and use a minimal chroot and mount namespace for cgroup mounts
   - Code cleanup and minor refactoring

  Just like Ubuntu itself, upstream releases long term support releases,
  as is 2.0 and then periodic point releases including all the
  accumulated bugfixes.

  Only the latest upstream release gets full support from the upstream
  developers, everyone else is expected to first update to it before
  receiving any kind of support.

  This bugfix release has already been uploaded to Yakkety and
  automatically backported in the upstream PPAs for all Ubuntu releases.
  So far without any reported regression.

  This should qualify under the minor upstream bugfix release allowance
  of the SRU policy, letting us SRU this without paperwork for every
  single change included in this upstream release.

  Once the SRU hits -updates, we will be backporting this to trusty-
  backports as well, making sure we have the same version everywhere.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/1615109/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1597544] Re: SRU of LXD 2.0.3 (upstream bugfix release)

[Stéphane Graber]

** Changed in: lxd (Ubuntu Trusty)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1597544

Title:
  SRU of LXD 2.0.3 (upstream bugfix release)

Status in lxd package in Ubuntu:
  Fix Released
Status in lxd source package in Trusty:
  Fix Released
Status in lxd source package in Xenial:
  New

Bug description:
  LXD upstream released LXC 2.0.1 as a bugfix release with following changelog:
  - extras: Better bash completion coverage
  - client/delete: Allow -f as a shortcut of --force
  - client/info: Include the certificate fingerprint in server info
(Issue #2098)
  - client/info: Show remote in the --show-log example provided on error
  - core: Add squashfs support as needed by newer Ubuntu images
  - core: Tweak TLS cipher list a bit to allow browsers to talk to LXD
(Issue #2034)
  - daemon/container: Setup /dev/fuse by default
  - client: Better handle connection errors
  - client: Check all alias args to support subcommand aliases (Issue #2095)
  - client/file: Don't modify file permissions on edit
  - client/image: Use the daemon provided fingerprint on image copy
(Issue #2162)
  - client: Normalize the URLs in the client (Issue #2112)
  - client/remote: Fix a panic in 'remote add' (Issue #2089)
  - client/remote: Fix parsing of :
  - core: Better handle PEM decoding errors (Issue #2119)
  - core: Check for zero byte send in ReaderToChannel (Issue #2072)
  - core: Fix a concurrent websocket write crash
  - core: Use default buffer size for WebsocketUpgrader
  - daemon: Add missing linebreak to lxd help
  - daemon/api: Set Location on sync POST requests (Issue #2092)
  - daemon/btrfs: Fix failure to restore on btrfs (Issue #2058)
  - daemon/certificate: Fail to add an existing certificate
  - daemon/config: Allow "none" as compression algorithm (regression fix)
  - daemon/container: Add target path to rootfs tarball in image
export (Issue #1980)
  - daemon/container: Better handle bind mounts
  - daemon/container: GET of a nonexistent file now 404s (Issue #2059)
  - daemon/container: Make devices cgroup config more readable
  - daemon/containers: Improve error message on disk setup failure
  - daemon/container: Use defer to undo changes on failed update
  - daemon/db: Don't try to chmod zfs.img when testing db upgrades
  - daemon/db: Don't try to update /var/lib/lxd/containers in go tests
  - daemon/init: Actually unset the storage keys
  - daemon/lvm: Don't call lvextend with recent LVM versions
  - daemon/migration: Setup some buffering for zfs/btrfs send
  - daemon/migration: Simplify checkpoint/restore code everywhere
  - daemon/migration: switch to the new LXC migrate API
  - daemon/zfs: Improve block device detection
  - daemon/zfs: Mount if not mounted (Issue #1888)
  - doc: Clarify ZFS snapshot shortcomings (Issue #2055)
  - doc: Drop JSON example from configuration.md
  - doc: Fix certificates JSON examples to cover all fields
  - doc: Fix typo in "unix-block" description
  - doc: Improve shared folder documentation (README) (Issue #2123)
  - lxd/patches: Add support for one-time patches
(separate from DB schema updates)
  - Makefile: go get has become worse, now need 3 runs
  - Makefile: Update repository URL for xgettext-go
  - migration: Consolidate error handling
  - test: 201 is a valid return code for alias creation
  - test: Add a test for ReaderToChannel
  - test: Add test for "lxc file edit" target file owner and permission

  Just like Ubuntu itself, upstream releases long term support releases,
  as is 2.0 and then periodic point releases including all the
  accumulated bugfixes.

  Only the latest upstream release gets full support from the upstream
  developers, everyone else is expected to first update to it before
  receiving any kind of support.

  This bugfix release has already been uploaded to Yakkety and
  automatically backported in the upstream PPAs for all Ubuntu releases.
  So far without any reported regression.

  This should qualify under the minor upstream bugfix release allowance
  of the SRU policy, letting us SRU this without paperwork for every
  single change included in this upstream release.

  Once the SRU hits -updates, we will be backporting this to trusty-
  backports as well, making sure we have the same version everywhere.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1597544/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : ht

[Group.of.nepali.translators] [Bug 1582891] Re: SRU of LXD 2.0.1 (upstream bugfix release)

[Stéphane Graber]

** Changed in: lxd (Ubuntu Trusty)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1582891

Title:
  SRU of LXD 2.0.1 (upstream bugfix release)

Status in lxd package in Ubuntu:
  Fix Released
Status in lxd source package in Trusty:
  Fix Released
Status in lxd source package in Xenial:
  Fix Released

Bug description:
  LXD upstream released LXC 2.0.1 as a bugfix release with following changelog:
   - Don't fail to start when shmounts can't be mounted, instead fail container 
startup
   - Invalidate the simplestreams cache on proxy change
   - Write the container's config file on start to the log path directly
   - Fix crash in list due to empty responses (Issue #1903)
   - Fail when removing non-existent profiles (Issue #1886)
   - Document --alias to image import (Issue #1900)
   - Fix "lxc start" and "lxc stop" options (stateful/stateless)
   - Give better error on invalid source stream (simplestreams)
   - Add basic REST API usage example to README.md
   - Fix typo in lxc stop --help
   - Convert lxc-to-lxd to stable supported pylxd API (Issue #1901)
   - Properly log image update failures
   - Better validate and rollback bad images (Issue #1913)
   - Send operation return value through SmartError
   - Fix basic filtering in lxc list (Issue #1917)
   - Tell the user how to launch a container on first start (Issue #1931)
   - Redirect "remote" to "remote:" when not conflicting (Issue #1931)
   - Don't load the LXC config for snapshots (Issue #1935)
   - list: Allow filtering by unset key (Issue #1917)
   - Fix example in lxc launch
   - Update Japanese translation and other po files
   - Fall back to cpuset.cpus on older kernels (Issue #1929)
   - Properly validate the server configuration keys (Issue #1939)
   - Fix daemonConfig handling of storage
   - Don't remove config file on forkmigrate
   - Fix config handling following config validation change
   - Fixed Markdown syntax in documentation
   - Don't fail early when removing disks (Issue #1964)
   - Don't recursively delete devices
   - Don't fail when some unix devices fail to be deleted
   - Use the same config checks for unix-char and unix-block
   - Allow removing when fs object no longer exists (Issue #1967)
   - Do proper logfile expiry (Issue #1966)
   - Make logging a bit more consistent
   - Don't ignore zfs errors
   - Properly update the mode, uid and gid on existing files (Issue #1975)
   - Detect invalid certificate files (Issue #1977)
   - Fix broken apparmor status check
   - Allow on/off as boolean strings
   - Properly validate the container configuration keys (Issue #1940)
   - Don't mask rsync transfer errors
   - Move execPath to a global variable
   - Use custom netcat instead of nc -U for rsync over websocket (Issue #1944)
   - Fix wrong state dir path in migration
   - Don't fail deleting images when the storage delete fails
   - Improve messages in the Japanese translation
   - Add more checks for the criu binary
   - Rework (live) migration tests
   - Make it explicit in documentation that devices on create are optional
   - Properly record the source of all image copies (Issue #2010)
   - Don't mark containers as ERROR while being created (Issue #1988)
   - Cleanup events sent for operations (Issue #1992)
   - Fix ZFS refcounting issues (Issue #1916 and Issue #2013)
   - Propagate snapshot config when copying a snapshot (Issue #2017)
   - Implement lxc config show for snapshots
   - Add Unix socket example to REST API usage.

  Just like Ubuntu itself, upstream releases long term support releases,
  as is 2.0 and then periodic point releases including all the
  accumulated bugfixes.

  Only the latest upstream release gets full support from the upstream
  developers, everyone else is expected to first update to it before
  receiving any kind of support.

  
  This bugfix release has already been uploaded to Yakkety and automatically 
backported in the upstream PPAs for all Ubuntu releases. So far without any 
reported regression.


  This should qualify under the minor upstream bugfix release allowance
  of the SRU policy, letting us SRU this without paperwork for every
  single change included in this upstream release.

  
  Once the SRU hits -updates, we will be backporting this to trusty-backports 
as well, making sure we have the same version everywhere.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1582891/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1597544] [NEW] SRU of LXD 2.0.3 (upstream bugfix release)

[Stéphane Graber]

Public bug reported:

LXD upstream released LXC 2.0.1 as a bugfix release with following changelog:
- extras: Better bash completion coverage
- client/delete: Allow -f as a shortcut of --force
- client/info: Include the certificate fingerprint in server info
  (Issue #2098)
- client/info: Show remote in the --show-log example provided on error
- core: Add squashfs support as needed by newer Ubuntu images
- core: Tweak TLS cipher list a bit to allow browsers to talk to LXD
  (Issue #2034)
- daemon/container: Setup /dev/fuse by default
- client: Better handle connection errors
- client: Check all alias args to support subcommand aliases (Issue #2095)
- client/file: Don't modify file permissions on edit
- client/image: Use the daemon provided fingerprint on image copy
  (Issue #2162)
- client: Normalize the URLs in the client (Issue #2112)
- client/remote: Fix a panic in 'remote add' (Issue #2089)
- client/remote: Fix parsing of :
- core: Better handle PEM decoding errors (Issue #2119)
- core: Check for zero byte send in ReaderToChannel (Issue #2072)
- core: Fix a concurrent websocket write crash
- core: Use default buffer size for WebsocketUpgrader
- daemon: Add missing linebreak to lxd help
- daemon/api: Set Location on sync POST requests (Issue #2092)
- daemon/btrfs: Fix failure to restore on btrfs (Issue #2058)
- daemon/certificate: Fail to add an existing certificate
- daemon/config: Allow "none" as compression algorithm (regression fix)
- daemon/container: Add target path to rootfs tarball in image
  export (Issue #1980)
- daemon/container: Better handle bind mounts
- daemon/container: GET of a nonexistent file now 404s (Issue #2059)
- daemon/container: Make devices cgroup config more readable
- daemon/containers: Improve error message on disk setup failure
- daemon/container: Use defer to undo changes on failed update
- daemon/db: Don't try to chmod zfs.img when testing db upgrades
- daemon/db: Don't try to update /var/lib/lxd/containers in go tests
- daemon/init: Actually unset the storage keys
- daemon/lvm: Don't call lvextend with recent LVM versions
- daemon/migration: Setup some buffering for zfs/btrfs send
- daemon/migration: Simplify checkpoint/restore code everywhere
- daemon/migration: switch to the new LXC migrate API
- daemon/zfs: Improve block device detection
- daemon/zfs: Mount if not mounted (Issue #1888)
- doc: Clarify ZFS snapshot shortcomings (Issue #2055)
- doc: Drop JSON example from configuration.md
- doc: Fix certificates JSON examples to cover all fields
- doc: Fix typo in "unix-block" description
- doc: Improve shared folder documentation (README) (Issue #2123)
- lxd/patches: Add support for one-time patches
  (separate from DB schema updates)
- Makefile: go get has become worse, now need 3 runs
- Makefile: Update repository URL for xgettext-go
- migration: Consolidate error handling
- test: 201 is a valid return code for alias creation
- test: Add a test for ReaderToChannel
- test: Add test for "lxc file edit" target file owner and permission

Just like Ubuntu itself, upstream releases long term support releases,
as is 2.0 and then periodic point releases including all the accumulated
bugfixes.

Only the latest upstream release gets full support from the upstream
developers, everyone else is expected to first update to it before
receiving any kind of support.

This bugfix release has already been uploaded to Yakkety and
automatically backported in the upstream PPAs for all Ubuntu releases.
So far without any reported regression.

This should qualify under the minor upstream bugfix release allowance of
the SRU policy, letting us SRU this without paperwork for every single
change included in this upstream release.

Once the SRU hits -updates, we will be backporting this to trusty-
backports as well, making sure we have the same version everywhere.

** Affects: lxd (Ubuntu)
 Importance: Undecided
 Status: Fix Released

** Affects: lxd (Ubuntu Trusty)
 Importance: Undecided
 Status: New

** Affects: lxd (Ubuntu Xenial)
 Importance: Undecided
 Status: New

** Also affects: lxd (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: lxd (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Changed in: lxd (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1597544

Title:
  SRU of LXD 2.0.3 (upstream bugfix release)

Status in lxd package in Ubuntu:
  Fix Released
Status in lxd source package in Trusty:
  New
Status in lxd source package in Xenial:
  New

Bug description:
  LXD upstream released LXC 2.0.1 as 

[Group.of.nepali.translators] [Bug 1597523] Re: SRU of LXC 2.0.13(upstream bugfix release)

[Stéphane Graber]

** Changed in: lxc (Ubuntu Trusty)
   Status: New => Fix Released

** Summary changed:

- SRU of LXC 2.0.13(upstream bugfix release)
+ SRU of LXC 2.0.3 (upstream bugfix release)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1597523

Title:
  SRU of LXC 2.0.3 (upstream bugfix release)

Status in lxc package in Ubuntu:
  Fix Released
Status in lxc source package in Trusty:
  Fix Released
Status in lxc source package in Xenial:
  New

Bug description:
  LXC upstream released LXC 2.0.2 & 2.0.3 as bugfix releases with following 
changelog:
   - apparmor: Refresh generated file
   - apparmor: add make-rslave to usr.bin.lxc-start
   - apparmor: Allow bind-mounts and {r}shared/{r}private
   - apparmor: allow mount move
   - apparmor: Update mount states handling
   - core: Drop lxc-devsetup as unneeded by current autodev
   - core: Fix redefinition of struct in6_addr
   - core: Include all lxcmntent.h function declarations on Bionic
   - c/r: c/r: use criu's "full" mode for cgroups
   - systemd: start containers in foreground when using the lxc@.service
   - templates: debian: Make sure init is installed
   - templates: oracle: Fix console login
   - templates: plamo: Fix various issues
   - templates: ubuntu: Install apt-transport-https by default
   - travis: ensure 'make install' doesn't fail
   - travis: test VPATH builds
   - upstart: Force lxc-instance to behave like a good Upstart client

  Just like Ubuntu itself, upstream releases long term support releases,
  as is 2.0 and then periodic point releases including all the
  accumulated bugfixes.

  Only the latest upstream release gets full support from the upstream
  developers, everyone else is expected to first update to it before
  receiving any kind of support.

  This bugfix release has already been uploaded to Yakkety and
  automatically backported in the upstream PPAs for all Ubuntu releases.
  So far without any reported regression.

  This should qualify under the minor upstream bugfix release allowance
  of the SRU policy, letting us SRU this without paperwork for every
  single change included in this upstream release.

  Once the SRU hits -updates, we will be backporting this to trusty-
  backports as well, making sure we have the same version everywhere.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1597523/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1582889] Re: SRU of LXCFS 2.0.1 (upstream bugfix release)

[Stéphane Graber]

** Changed in: lxcfs (Ubuntu Trusty)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1582889

Title:
  SRU of LXCFS 2.0.1 (upstream bugfix release)

Status in lxcfs package in Ubuntu:
  Fix Released
Status in lxcfs source package in Trusty:
  Fix Released
Status in lxcfs source package in Xenial:
  Fix Released

Bug description:
  LXCFS upstream released LXC 2.0.1 as a bugfix release with following 
changelog:
   - Fix cpuinfo on s390x.
   - Use recursive cgroup values in diskstats.
   - Allow traversal (rx) to controller directories.
   - Fix do_mount_cgroups() crash on failure.
   - Better error handling in a number of path processing functions.
   - Better error handling in swap calculation.

  Just like Ubuntu itself, upstream releases long term support releases,
  as is 2.0 and then periodic point releases including all the
  accumulated bugfixes.

  Only the latest upstream release gets full support from the upstream
  developers, everyone else is expected to first update to it before
  receiving any kind of support.

  
  This bugfix release has already been uploaded to Yakkety and automatically 
backported in the upstream PPAs for all Ubuntu releases. So far without any 
reported regression.


  This should qualify under the minor upstream bugfix release allowance
  of the SRU policy, letting us SRU this without paperwork for every
  single change included in this upstream release.

  
  Once the SRU hits -updates, we will be backporting this to trusty-backports 
as well, making sure we have the same version everywhere.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/1582889/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1582887] Re: SRU of LXC 2.0.1 (upstream bugfix release)

[Stéphane Graber]

** Changed in: lxc (Ubuntu Trusty)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1582887

Title:
  SRU of LXC 2.0.1 (upstream bugfix release)

Status in lxc package in Ubuntu:
  Fix Released
Status in lxc source package in Trusty:
  Fix Released
Status in lxc source package in Xenial:
  Fix Released

Bug description:
  LXC upstream released LXC 2.0.1 as a bugfix release with following changelog:
   - apparmor: Also allow fstype=fuse for fuse filesystems
   - attach: adapt lxc-attach tests & add test for pty logging
   - attach: don't fail attach on failure to setup a SIGWINCH handler.
   - attach: fix a variety of lxc-attach pts handling issues
   - attach: switch console pty to raw mode (fixes ncurses-based programs)
   - attach: use raw settings of ssh for pty
   - bindings: fixed python-lxc reference to var before assignment in create()
   - bindings: set PyErr when Container.__init__ fails
   - cgfsng: defer to cgfs if needed subsystems are not available
   - cgfsng: don't require that systemd subsystem be mounted
   - core: Added missing type to keys in lxc_list_nicconfigs
   - core: Allow configuration file values to be quoted
   - core: log: remove duplicate definitons and bump buffer size
   - core: sync: properly fail on unexpected message sizes
   - core: Unshare netns after setting the userns mappings (fixes ownership of 
/proc/net)
   - core: various fixes as reported by static analysis
   - c/r: add an option to use faster inotify support in CRIU
   - c/r: rearrange things to pass struct migrate_opts all the way down
   - doc: ignore temporary files generated by doxygen
   - doc: tweak manpage generation date to be compatible with reproducible 
builds
   - doc: update MAINTAINERS
   - doc: update to translated manpages
   - init: add missing lsb headers to sysvinit scripts
   - init: don't make sysv init scripts dependant on distribution specifics
   - init: drop obsolete syslog.target from lxc.service.in
   - lxc-attach: add logging option to manpage
   - lxc-checkconfig: better render when stdout isn't a terminal
   - lxc-create: fix -B best option
   - lxc-destroy: avoid double print
   - lxc-ls: use fewer syscalls when doing ipc
   - templates: Add apt-transport-https to minbase variant of Ubuntu template
   - templates: fix a typo in the capabilities name for Gentoo (sys_resource)
   - templates: logic fix in the Centos template for RHEL7+ support
   - templates: tweak Alpine DHCP configuration to send its hostname
   - templates: tweak to network configuration of the Oracle template

  Just like Ubuntu itself, upstream releases long term support releases,
  as is 2.0 and then periodic point releases including all the
  accumulated bugfixes.

  Only the latest upstream release gets full support from the upstream
  developers, everyone else is expected to first update to it before
  receiving any kind of support.

  
  This bugfix release has already been uploaded to Yakkety and automatically 
backported in the upstream PPAs for all Ubuntu releases. So far without any 
reported regression.


  This should qualify under the minor upstream bugfix release allowance
  of the SRU policy, letting us SRU this without paperwork for every
  single change included in this upstream release.

  
  Once the SRU hits -updates, we will be backporting this to trusty-backports 
as well, making sure we have the same version everywhere.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1582887/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1597493] Re: SRU of LXCFS 2.0.2 (upstream bugfix release)

[Stéphane Graber]

** Changed in: lxcfs (Ubuntu Trusty)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1597493

Title:
  SRU of LXCFS 2.0.2 (upstream bugfix release)

Status in lxcfs package in Ubuntu:
  Fix Released
Status in lxcfs source package in Trusty:
  Fix Released
Status in lxcfs source package in Xenial:
  Fix Committed

Bug description:
  LXCFS upstream released LXC 2.0.2 as a bugfix release with following 
changelog:
   - Don't build pam/ when --with-pamdir=none
   - libpam_cgfs: Don't create new path if we are under 
/user.slice/user-$uid.slice

  Just like Ubuntu itself, upstream releases long term support releases,
  as is 2.0 and then periodic point releases including all the
  accumulated bugfixes.

  Only the latest upstream release gets full support from the upstream
  developers, everyone else is expected to first update to it before
  receiving any kind of support.

  This bugfix release has already been uploaded to Yakkety and
  automatically backported in the upstream PPAs for all Ubuntu releases.
  So far without any reported regression.

  This should qualify under the minor upstream bugfix release allowance
  of the SRU policy, letting us SRU this without paperwork for every
  single change included in this upstream release.

  Once the SRU hits -updates, we will be backporting this to trusty-
  backports as well, making sure we have the same version everywhere.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/1597493/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1597523] [NEW] SRU of LXC 2.0.13(upstream bugfix release)

[Stéphane Graber]

Public bug reported:

LXC upstream released LXC 2.0.2 & 2.0.3 as bugfix releases with following 
changelog:
 - apparmor: Refresh generated file
 - apparmor: add make-rslave to usr.bin.lxc-start
 - apparmor: Allow bind-mounts and {r}shared/{r}private
 - apparmor: allow mount move
 - apparmor: Update mount states handling
 - core: Drop lxc-devsetup as unneeded by current autodev
 - core: Fix redefinition of struct in6_addr
 - core: Include all lxcmntent.h function declarations on Bionic
 - c/r: c/r: use criu's "full" mode for cgroups
 - systemd: start containers in foreground when using the lxc@.service
 - templates: debian: Make sure init is installed
 - templates: oracle: Fix console login
 - templates: plamo: Fix various issues
 - templates: ubuntu: Install apt-transport-https by default
 - travis: ensure 'make install' doesn't fail
 - travis: test VPATH builds
 - upstart: Force lxc-instance to behave like a good Upstart client

Just like Ubuntu itself, upstream releases long term support releases,
as is 2.0 and then periodic point releases including all the accumulated
bugfixes.

Only the latest upstream release gets full support from the upstream
developers, everyone else is expected to first update to it before
receiving any kind of support.

This bugfix release has already been uploaded to Yakkety and
automatically backported in the upstream PPAs for all Ubuntu releases.
So far without any reported regression.

This should qualify under the minor upstream bugfix release allowance of
the SRU policy, letting us SRU this without paperwork for every single
change included in this upstream release.

Once the SRU hits -updates, we will be backporting this to trusty-
backports as well, making sure we have the same version everywhere.

** Affects: lxc (Ubuntu)
 Importance: Undecided
 Status: Fix Released

** Affects: lxc (Ubuntu Trusty)
 Importance: Undecided
 Status: New

** Affects: lxc (Ubuntu Xenial)
 Importance: Undecided
 Status: New

** Also affects: lxc (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: lxc (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Changed in: lxc (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1597523

Title:
  SRU of LXC 2.0.13(upstream bugfix release)

Status in lxc package in Ubuntu:
  Fix Released
Status in lxc source package in Trusty:
  New
Status in lxc source package in Xenial:
  New

Bug description:
  LXC upstream released LXC 2.0.2 & 2.0.3 as bugfix releases with following 
changelog:
   - apparmor: Refresh generated file
   - apparmor: add make-rslave to usr.bin.lxc-start
   - apparmor: Allow bind-mounts and {r}shared/{r}private
   - apparmor: allow mount move
   - apparmor: Update mount states handling
   - core: Drop lxc-devsetup as unneeded by current autodev
   - core: Fix redefinition of struct in6_addr
   - core: Include all lxcmntent.h function declarations on Bionic
   - c/r: c/r: use criu's "full" mode for cgroups
   - systemd: start containers in foreground when using the lxc@.service
   - templates: debian: Make sure init is installed
   - templates: oracle: Fix console login
   - templates: plamo: Fix various issues
   - templates: ubuntu: Install apt-transport-https by default
   - travis: ensure 'make install' doesn't fail
   - travis: test VPATH builds
   - upstart: Force lxc-instance to behave like a good Upstart client

  Just like Ubuntu itself, upstream releases long term support releases,
  as is 2.0 and then periodic point releases including all the
  accumulated bugfixes.

  Only the latest upstream release gets full support from the upstream
  developers, everyone else is expected to first update to it before
  receiving any kind of support.

  This bugfix release has already been uploaded to Yakkety and
  automatically backported in the upstream PPAs for all Ubuntu releases.
  So far without any reported regression.

  This should qualify under the minor upstream bugfix release allowance
  of the SRU policy, letting us SRU this without paperwork for every
  single change included in this upstream release.

  Once the SRU hits -updates, we will be backporting this to trusty-
  backports as well, making sure we have the same version everywhere.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1597523/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1597493] [NEW] SRU of LXCFS 2.0.2 (upstream bugfix release)

[Stéphane Graber]

Public bug reported:

LXCFS upstream released LXC 2.0.2 as a bugfix release with following changelog:
 - Don't build pam/ when --with-pamdir=none
 - libpam_cgfs: Don't create new path if we are under 
/user.slice/user-$uid.slice

Just like Ubuntu itself, upstream releases long term support releases,
as is 2.0 and then periodic point releases including all the accumulated
bugfixes.

Only the latest upstream release gets full support from the upstream
developers, everyone else is expected to first update to it before
receiving any kind of support.

This bugfix release has already been uploaded to Yakkety and
automatically backported in the upstream PPAs for all Ubuntu releases.
So far without any reported regression.

This should qualify under the minor upstream bugfix release allowance of
the SRU policy, letting us SRU this without paperwork for every single
change included in this upstream release.

Once the SRU hits -updates, we will be backporting this to trusty-
backports as well, making sure we have the same version everywhere.

** Affects: lxcfs (Ubuntu)
 Importance: Undecided
 Status: Fix Released

** Affects: lxcfs (Ubuntu Trusty)
 Importance: Undecided
 Status: New

** Affects: lxcfs (Ubuntu Xenial)
 Importance: Undecided
 Status: New

** Changed in: lxcfs (Ubuntu)
   Status: New => Fix Released

** Also affects: lxcfs (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: lxcfs (Ubuntu Trusty)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1597493

Title:
  SRU of LXCFS 2.0.2 (upstream bugfix release)

Status in lxcfs package in Ubuntu:
  Fix Released
Status in lxcfs source package in Trusty:
  New
Status in lxcfs source package in Xenial:
  New

Bug description:
  LXCFS upstream released LXC 2.0.2 as a bugfix release with following 
changelog:
   - Don't build pam/ when --with-pamdir=none
   - libpam_cgfs: Don't create new path if we are under 
/user.slice/user-$uid.slice

  Just like Ubuntu itself, upstream releases long term support releases,
  as is 2.0 and then periodic point releases including all the
  accumulated bugfixes.

  Only the latest upstream release gets full support from the upstream
  developers, everyone else is expected to first update to it before
  receiving any kind of support.

  This bugfix release has already been uploaded to Yakkety and
  automatically backported in the upstream PPAs for all Ubuntu releases.
  So far without any reported regression.

  This should qualify under the minor upstream bugfix release allowance
  of the SRU policy, letting us SRU this without paperwork for every
  single change included in this upstream release.

  Once the SRU hits -updates, we will be backporting this to trusty-
  backports as well, making sure we have the same version everywhere.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/1597493/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1582889] [NEW] SRU of LXCFS 2.0.1 (upstream bugfix release)

[Stéphane Graber]

Public bug reported:

LXCFS upstream released LXC 2.0.1 as a bugfix release with following changelog:
 - Fix cpuinfo on s390x.
 - Use recursive cgroup values in diskstats.
 - Allow traversal (rx) to controller directories.
 - Fix do_mount_cgroups() crash on failure.
 - Better error handling in a number of path processing functions.
 - Better error handling in swap calculation.

Just like Ubuntu itself, upstream releases long term support releases,
as is 2.0 and then periodic point releases including all the accumulated
bugfixes.

Only the latest upstream release gets full support from the upstream
developers, everyone else is expected to first update to it before
receiving any kind of support.


This bugfix release has already been uploaded to Yakkety and automatically 
backported in the upstream PPAs for all Ubuntu releases. So far without any 
reported regression.


This should qualify under the minor upstream bugfix release allowance of
the SRU policy, letting us SRU this without paperwork for every single
change included in this upstream release.


Once the SRU hits -updates, we will be backporting this to trusty-backports as 
well, making sure we have the same version everywhere.

** Affects: lxcfs (Ubuntu)
 Importance: Undecided
 Status: Fix Released

** Affects: lxcfs (Ubuntu Trusty)
 Importance: Undecided
 Assignee: Stéphane Graber (stgraber)
 Status: Triaged

** Affects: lxcfs (Ubuntu Xenial)
 Importance: Undecided
 Assignee: Stéphane Graber (stgraber)
 Status: In Progress

** Also affects: lxcfs (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: lxcfs (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Changed in: lxcfs (Ubuntu)
   Status: New => Fix Released

** Changed in: lxcfs (Ubuntu Trusty)
   Status: New => Triaged

** Changed in: lxcfs (Ubuntu Xenial)
   Status: New => In Progress

** Changed in: lxcfs (Ubuntu Trusty)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

** Changed in: lxcfs (Ubuntu Xenial)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1582889

Title:
  SRU of LXCFS 2.0.1 (upstream bugfix release)

Status in lxcfs package in Ubuntu:
  Fix Released
Status in lxcfs source package in Trusty:
  Triaged
Status in lxcfs source package in Xenial:
  In Progress

Bug description:
  LXCFS upstream released LXC 2.0.1 as a bugfix release with following 
changelog:
   - Fix cpuinfo on s390x.
   - Use recursive cgroup values in diskstats.
   - Allow traversal (rx) to controller directories.
   - Fix do_mount_cgroups() crash on failure.
   - Better error handling in a number of path processing functions.
   - Better error handling in swap calculation.

  Just like Ubuntu itself, upstream releases long term support releases,
  as is 2.0 and then periodic point releases including all the
  accumulated bugfixes.

  Only the latest upstream release gets full support from the upstream
  developers, everyone else is expected to first update to it before
  receiving any kind of support.

  
  This bugfix release has already been uploaded to Yakkety and automatically 
backported in the upstream PPAs for all Ubuntu releases. So far without any 
reported regression.


  This should qualify under the minor upstream bugfix release allowance
  of the SRU policy, letting us SRU this without paperwork for every
  single change included in this upstream release.

  
  Once the SRU hits -updates, we will be backporting this to trusty-backports 
as well, making sure we have the same version everywhere.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/1582889/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1582891] [NEW] SRU of LXD 2.0.1 (upstream bugfix release)

[Stéphane Graber]

Public bug reported:

LXD upstream released LXC 2.0.1 as a bugfix release with following changelog:
 - Don't fail to start when shmounts can't be mounted, instead fail container 
startup
 - Invalidate the simplestreams cache on proxy change
 - Write the container's config file on start to the log path directly
 - Fix crash in list due to empty responses (Issue #1903)
 - Fail when removing non-existent profiles (Issue #1886)
 - Document --alias to image import (Issue #1900)
 - Fix "lxc start" and "lxc stop" options (stateful/stateless)
 - Give better error on invalid source stream (simplestreams)
 - Add basic REST API usage example to README.md
 - Fix typo in lxc stop --help
 - Convert lxc-to-lxd to stable supported pylxd API (Issue #1901)
 - Properly log image update failures
 - Better validate and rollback bad images (Issue #1913)
 - Send operation return value through SmartError
 - Fix basic filtering in lxc list (Issue #1917)
 - Tell the user how to launch a container on first start (Issue #1931)
 - Redirect "remote" to "remote:" when not conflicting (Issue #1931)
 - Don't load the LXC config for snapshots (Issue #1935)
 - list: Allow filtering by unset key (Issue #1917)
 - Fix example in lxc launch
 - Update Japanese translation and other po files
 - Fall back to cpuset.cpus on older kernels (Issue #1929)
 - Properly validate the server configuration keys (Issue #1939)
 - Fix daemonConfig handling of storage
 - Don't remove config file on forkmigrate
 - Fix config handling following config validation change
 - Fixed Markdown syntax in documentation
 - Don't fail early when removing disks (Issue #1964)
 - Don't recursively delete devices
 - Don't fail when some unix devices fail to be deleted
 - Use the same config checks for unix-char and unix-block
 - Allow removing when fs object no longer exists (Issue #1967)
 - Do proper logfile expiry (Issue #1966)
 - Make logging a bit more consistent
 - Don't ignore zfs errors
 - Properly update the mode, uid and gid on existing files (Issue #1975)
 - Detect invalid certificate files (Issue #1977)
 - Fix broken apparmor status check
 - Allow on/off as boolean strings
 - Properly validate the container configuration keys (Issue #1940)
 - Don't mask rsync transfer errors
 - Move execPath to a global variable
 - Use custom netcat instead of nc -U for rsync over websocket (Issue #1944)
 - Fix wrong state dir path in migration
 - Don't fail deleting images when the storage delete fails
 - Improve messages in the Japanese translation
 - Add more checks for the criu binary
 - Rework (live) migration tests
 - Make it explicit in documentation that devices on create are optional
 - Properly record the source of all image copies (Issue #2010)
 - Don't mark containers as ERROR while being created (Issue #1988)
 - Cleanup events sent for operations (Issue #1992)
 - Fix ZFS refcounting issues (Issue #1916 and Issue #2013)
 - Propagate snapshot config when copying a snapshot (Issue #2017)
 - Implement lxc config show for snapshots
 - Add Unix socket example to REST API usage.

Just like Ubuntu itself, upstream releases long term support releases,
as is 2.0 and then periodic point releases including all the accumulated
bugfixes.

Only the latest upstream release gets full support from the upstream
developers, everyone else is expected to first update to it before
receiving any kind of support.


This bugfix release has already been uploaded to Yakkety and automatically 
backported in the upstream PPAs for all Ubuntu releases. So far without any 
reported regression.


This should qualify under the minor upstream bugfix release allowance of
the SRU policy, letting us SRU this without paperwork for every single
change included in this upstream release.


Once the SRU hits -updates, we will be backporting this to trusty-backports as 
well, making sure we have the same version everywhere.

** Affects: lxd (Ubuntu)
 Importance: Undecided
 Status: Fix Released

** Affects: lxd (Ubuntu Trusty)
 Importance: Undecided
 Assignee: Stéphane Graber (stgraber)
 Status: Triaged

** Affects: lxd (Ubuntu Xenial)
 Importance: Undecided
 Assignee: Stéphane Graber (stgraber)
 Status: In Progress

** Also affects: lxd (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: lxd (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Changed in: lxd (Ubuntu)
   Status: New => Fix Released

** Changed in: lxd (Ubuntu Trusty)
   Status: New => Triaged

** Changed in: lxd (Ubuntu Xenial)
       Status: New => In Progress

** Changed in: lxd (Ubuntu Trusty)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

** Changed in: lxd (Ubuntu Xenial)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, whic

[Group.of.nepali.translators] [Bug 1582887] [NEW] SRU of LXC 2.0.1 (upstream bugfix release)

[Stéphane Graber]

Public bug reported:

LXC upstream released LXC 2.0.1 as a bugfix release with following changelog:
 - apparmor: Also allow fstype=fuse for fuse filesystems
 - attach: adapt lxc-attach tests & add test for pty logging
 - attach: don't fail attach on failure to setup a SIGWINCH handler.
 - attach: fix a variety of lxc-attach pts handling issues
 - attach: switch console pty to raw mode (fixes ncurses-based programs)
 - attach: use raw settings of ssh for pty
 - bindings: fixed python-lxc reference to var before assignment in create()
 - bindings: set PyErr when Container.__init__ fails
 - cgfsng: defer to cgfs if needed subsystems are not available
 - cgfsng: don't require that systemd subsystem be mounted
 - core: Added missing type to keys in lxc_list_nicconfigs
 - core: Allow configuration file values to be quoted
 - core: log: remove duplicate definitons and bump buffer size
 - core: sync: properly fail on unexpected message sizes
 - core: Unshare netns after setting the userns mappings (fixes ownership of 
/proc/net)
 - core: various fixes as reported by static analysis
 - c/r: add an option to use faster inotify support in CRIU
 - c/r: rearrange things to pass struct migrate_opts all the way down
 - doc: ignore temporary files generated by doxygen
 - doc: tweak manpage generation date to be compatible with reproducible builds
 - doc: update MAINTAINERS
 - doc: update to translated manpages
 - init: add missing lsb headers to sysvinit scripts
 - init: don't make sysv init scripts dependant on distribution specifics
 - init: drop obsolete syslog.target from lxc.service.in
 - lxc-attach: add logging option to manpage
 - lxc-checkconfig: better render when stdout isn't a terminal
 - lxc-create: fix -B best option
 - lxc-destroy: avoid double print
 - lxc-ls: use fewer syscalls when doing ipc
 - templates: Add apt-transport-https to minbase variant of Ubuntu template
 - templates: fix a typo in the capabilities name for Gentoo (sys_resource)
 - templates: logic fix in the Centos template for RHEL7+ support
 - templates: tweak Alpine DHCP configuration to send its hostname
 - templates: tweak to network configuration of the Oracle template

Just like Ubuntu itself, upstream releases long term support releases,
as is 2.0 and then periodic point releases including all the accumulated
bugfixes.

Only the latest upstream release gets full support from the upstream
developers, everyone else is expected to first update to it before
receiving any kind of support.


This bugfix release has already been uploaded to Yakkety and automatically 
backported in the upstream PPAs for all Ubuntu releases. So far without any 
reported regression.


This should qualify under the minor upstream bugfix release allowance of
the SRU policy, letting us SRU this without paperwork for every single
change included in this upstream release.


Once the SRU hits -updates, we will be backporting this to trusty-backports as 
well, making sure we have the same version everywhere.

** Affects: lxc (Ubuntu)
 Importance: Undecided
 Status: Fix Released

** Affects: lxc (Ubuntu Trusty)
 Importance: Undecided
 Assignee: Stéphane Graber (stgraber)
 Status: Triaged

** Affects: lxc (Ubuntu Xenial)
 Importance: Undecided
 Assignee: Stéphane Graber (stgraber)
 Status: In Progress

** Also affects: lxc (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: lxc (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Changed in: lxc (Ubuntu)
   Status: New => Fix Released

** Changed in: lxc (Ubuntu Trusty)
   Status: New => In Progress

** Changed in: lxc (Ubuntu Trusty)
   Status: In Progress => Triaged

** Changed in: lxc (Ubuntu Xenial)
   Status: New => In Progress

** Changed in: lxc (Ubuntu Trusty)
     Assignee: (unassigned) => Stéphane Graber (stgraber)

** Changed in: lxc (Ubuntu Xenial)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1582887

Title:
  SRU of LXC 2.0.1 (upstream bugfix release)

Status in lxc package in Ubuntu:
  Fix Released
Status in lxc source package in Trusty:
  Triaged
Status in lxc source package in Xenial:
  In Progress

Bug description:
  LXC upstream released LXC 2.0.1 as a bugfix release with following changelog:
   - apparmor: Also allow fstype=fuse for fuse filesystems
   - attach: adapt lxc-attach tests & add test for pty logging
   - attach: don't fail attach on failure to setup a SIGWINCH handler.
   - attach: fix a variety of lxc-attach pts handling issues
   - attach: switch console pty to raw mode (fixes ncurses-based programs)
   - attach: use raw settings of ssh for pty
   - bindings: fixed python-lxc reference to var before assignment in create()