Weekly status for the week of 29th July to 4th August.
Introduction
LXD received several bug fixes and features this past week. Notably, some AppArmor issues that were preventing unprivileged Ubuntu Oracular containers from starting (due to their use of systemd v256) were addressed in the latest/stable
channel and will be included in the next release as well as being backported to the 5.21/stable
channel. Thanks to all contributors.
Prevent accidental start of instances
LXD now supports a new security configuration option security.protection.start
, which prevents instances from being started. Setting this option on a running instance will not stop it but will prevent it from starting again once stopped.
lxc config set <instance_name> security.protection.start=true
Documentation: How to manage instances - Start an instance
Live migration with attached storage volumes (from Incus)
LXD now supports live migration of instances with additional volumes, but only if the volumes are on remote storage pools.
Documentation: How to move existing LXD instances between servers - Live migration
Bugfixes
-
Fixed fine-grained authorization for storage volumes and buckets in clustered LXD. The issue was caused by the storage volume’s location not being included in the URL, leading to permission checks failing.
-
Fixed an issue where certain events, such as attaching a device to a virtual machine, would fail if a virtual machine is missing LXD agent. (from Incus)
-
Fixed an issue where a deadlock occurred if snapshot creation failed due to a full root disk on ZFS, which prevented instance metadata to be updated with a new snapshot.
-
Enabled extended attributes for the virtiofs daemon when mounting a disk device to an instance.
-
Fixed an issue where an image upload failed during instance conversion with
lxd-migrate
if the instance volume was created on a directory storage pool.
All changes
The items listed below is all of the work which happened over the past week and which will be included in the next release.
LXD
- Auth: Add storage volume and bucket location to URL in access check
- Instance: Fix deadlock during failed snapshot creation
- Live migration with attached storage volumes (from Incus)
- Add
security.protection.start
to optionally prevent instance start up - VM: Add support for extended attributes for virtiofs shares
- fix(deps): update github.com/openfga/api/proto digest to 7e5be7b
- fix(deps): update module github.com/go-jose/go-jose/v4 to v4.0.4
- doc: Update rhsrvany link and fix code blocks
- build(deps): bump github.com/go-macaroon-bakery/macaroon-bakery/v3 from 3.0.1 to 3.0.2
- build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.3 to 4.0.4
- lxd/seccomp: fix bpf syscall number for arm64
- lxd/include: update bpf header files
- Device: Use -o flag for xattr mode of virtiofsd for
disk
device - Entity type refactor (simplified)
- lxd: Ensure file is created when receiving raw image
- lxd: Add tracker for qemu-img progress (from Incus)
- VM: Don’t fail event sending on missing agent (from Incus)
- Backports (stable-5.21)
- gomod: Update dependencies
- lxd/zfs: Always try to wait for device path to appear (from Incus)
- lxd/firewall/drivers: Fix netprio error message
LXD UI
- fix(disk) preserve devices.root.size.state key on instance configuration update
- fix: publish image from snapshot created in a project that is not the default project
- update: add support for instance_create_start api extension [WD-13645]
- fix: add type checks in linting script [WD-13573]
- fix: invalidate query cache when creating custom storage volume [WD-13879]
LXD Charm
- Nothing to report this week
Distribution work
This section is used to track the work done in downstream Linux distributions to ship the latest LXD as well as work to get various software to work properly inside containers.
Ubuntu
- Nothing to report this week.