新闻 LXC 1.1.4 发布，Linux 容器工具 下载

LXC 1.1.4 发布，此版本更新内容如下：

重要改进

• 
  Security fix for CVE-2015-1335
  

核心改进

• 
  Check for NULL pointers before calling setenv()
  
  
• 
  Factorize handle of create=dir and create=file
  
  
• 
  Refactor and factorize mount entries
  
  
• 
  Split handle of lxc.mount* with 3 functions
  
  
• 
  init: Support older apparmor
  
  
• 
  Make LXC_CLONE_KEEPNAME work
  
  
• 
  Fix automatic mounts without a rootfs
  
  
• 
  Fix container creation without a rootfs
  
  
• 
  Fix /dev symlinks without a rootfs
  
  
• 
  Allow autodev without a rootfs
  
  
• 
  Only mount /proc if needed, even without a rootfs
  
  
• 
  When creating container, save configuration if rootfs already exists
  
  
• 
  Fix verification of start hook without a rootfs
  
  
• 
  Tear down network devices during container halt
  
  
• 
  coverity: fix mount_entry_create_dir_file
  
  
• 
  Add a nesting.conf which can be included to support nesting containers
  
  
• 
  Fix reallocation calculation
  
  
• 
  Add bdev_destroy() and bdev_destroy_wrapper()
  
  
• 
  overlayfs_clone: rsync the mounted rootfs
  
  
• 
  lxc_rmdir_onedev: don't fail if path doesn't exist
  
  
• 
  overlayfs_mount: create delta dir if it doesn't exist
  
  
• 
  ovl_rsync: make sure to umount
  
  
• 
  Destroy bdevs using bdev_destroy() from bdev.h
  
  
• 
  Fix indentation
  
  
• 
  cmds: fix abstract socket length problem
  
  
• 
  coverity: drop second (redundant) block
  
  
• 
  Check return value of snprintf in mount_proc_if_needed()
  
  
• 
  Add CAP_AUDIT_READ
  
  
• 
  Add CAP_BLOCK_SUSPEND
  
  
• 
  Free allocated memory on failure (v2)
  
  
• 
  Define O_PATH and O_NOFOLLOW for Android
  
  
• 
  seccomp: add aarch64 support
  
  
• 
  lxc-test-symlink: add a test using absolute symlink
  
  
• 
  lxc_mount_auto_mounts: fix weirdness
  
  
• 
  Fix the type of i in lxc_mount_auto_mounts
  

工具：

• 
  Fix grammar in some of the executables "NAME for name of the container" becomes "NAME of the container"
  
  
• 
  lxc-checkconfig: add some more config options
  
  
• 
  lxc-start-ephemeral: Parse passwd directly
  

文档：

• 
  Add long option for -P in documentation
  
  
• 
  Add doc for optional, create=dir and create=file in lxc.container.conf man
  
  
• 
  Update lxc.cgroup.use in lxc.system.conf(5)
  
  
• 
  Add the description of common options in lxc-destroy(1)
  
  
• 
  Add LXC-specific mount option in Japanese lxc.container.conf(5)
  

模板：

• 
  lxc-debian: support stretch (Debian 9) images
  
  
• 
  lxc-debian: allow not including contrib/non-free
  
  
• 
  lxc-debian: Test dpkg for multiarch support
  
  
• 
  lxc-debian: Alternative test for dpkg multiarch support in lxc-debian template
  
  
• 
  lxc-ubuntu: ubuntu.common.conf: mount /dev/mqueue
  
  
• 
  lxc-debian: We should only check the kernel architecture.
  
  
• 
  lxc-alpine: avoid GNU BRE extensions for better portability
  
  
• 
  lxc-alpine: use getopt to parse options
  

这些稳定修复是 14 为个人贡献者完成的。

下载：https://linuxcontainers.org/lxc/downloads

LXC 项目由一个 Linux 内核补丁和一些 userspace 工具组成。这些 userspace 工具使用由补丁增加的内核新特性，提供一套简化的工具来维护容器。


LXC 1.1.4 发布，Linux 容器工具下载地址