Weekly status for the week of 3rd June to 9th June.
Introduction
Last week, LXD received several updates, including bug fixes, code refactoring, and enhancements to the documentation. In addition, LXD UI has been updated to 0.8.1
(see LXD UI release page for all the changes).
Bugfixes
-
Fixed an issue where DNS resoultion service (dnsmasq) of the managed
bridge
would respond to external requests if the bridge’s IP(s) are reachable from an externally connected network. Now, DNS resolution service responds only to requests originating from internal network. -
Previously, when a restricted TLS client without access to the default project called
lxc project list
, LXD might return an error that caused an unexpected panic (nil pointer dereference) during filtering of used-by URLs. Now, instead of returning an error, the system will return the correct used-by URLs. As a consequence of the fix, when listing resources in a project that the client does not have access to, the system will show an empty list rather than returning a Forbidden error. -
Fixed an issue where adding a disk with a name longer than 27 bytes would result in an error. Too long names are now hashed and trimmed to the name length limit. Names that fit within the length limit remain un-hashed.
All changes
The items listed below is all of the work which happened over the past week and which will be included in the next release.
LXD
- Network: Block external req to
bridge
managed dns service - Seccomp: Tighten container capability checks a bit to align with kernel behaviour
- Update metrics.md Changed /common/tls to /current/tls for metrics.crt, metrics.key & server.crt location
- Test: Run server config auth checks with actual passwords
- Remove unused prameters
- Handle long device names when creating QEMU device tags
- fix(deps): update github.com/openfga/language/pkg/go digest to f5fc1d6
- build(deps): bump github.com/go-acme/lego/v4 from 4.16.1 to 4.17.3
- build(deps): bump github.com/jaypipes/pcidb from 1.0.0 to 1.0.1
- build(deps): bump github.com/go-acme/lego/v4 from 4.16.1 to 4.17.3
- build(deps): bump github.com/jaypipes/pcidb from 1.0.0 to 1.0.1
- Doc: update the build framework
- Auth: Allow getting a TLS permission checker when filtering used-by URLs
- Automatic IP allocation follow up
- Update grafana.md with additional details on setting loki.instance key value.
- Refactor: Unexport all methods defined on private receivers in the
lxc
package. - doc: update the documentation for the doc framework
- lxd/apparmor/lxc: Fix rule syntax - from Incus
- Doc: some more cleanup
- Auth: Untangle auth entity types and functions from the driver implementations
- doc/Makefile.sp: replace subshell by command group
- lxd/apparmor/lxc: Tweak rule syntax
- Backports (stable-5.21)
- doc/server: add UI instructions for configuring server settings
- doc/images: replace distrobuilder with LXD image builder
- doc: add notes to files from the starter pack that should not be edited
- lxd/apparmor/lxc: remove dup mount options rules
- Backports (stable-5.21)
- lxd/apparmor/lxc: reorganize mount options rules for priv containers
- Temporarily replace the vulnerable
square/go-jose.v2
bygo-jose/v2
- Remove the
cloud-init
way of installing the LXD agent - Revert “github: run code-tests with 1.21 to avoid swagger crash”
LXD UI
We are adding the currently authenticated user to the main navigation. Adding a manifest.json in the root directory, so you can install LXD-UI as a progressive web application in your operating system via the URL bar.
- feat: Improving tests by using text assertion
- feat: Added 2 storage e2e test to increase coverage.
- chore(deps): update internal dependencies
- fix(docs) use doc link titles as link text in case they are available from the object.inv.txt content
- Implementation of LXD PWA with a dynamic start_url"
- Indicate logged-in-user-email in Navigation bar.
- fix(instance) optimize wire handling in graphic console from upstream
- feat(permission) more detailed error message when user has no access to a project or the project is not found. fixes #783
LXD Charm
Distribution work
This section is used to track the work done in downstream Linux distributions to ship the latest LXD as well as work to get various software to work properly inside containers.
Ubuntu
- Nothing to report this week.