Weekly status for the week of 23rd October to 29th October.

Introduction

This past week LXD landed support for OpenFGA authorization, and the ability to copy and move custom storage volumes with a single API call within clusters.

LXD highlights

Features

• Add support for OpenFGA authorization.
• Support copying and moving custom storage volumes with a single API call in clusters.

Improvements

• Enable TLS verification for Loki if a CA certificate is provided.

Bug fixes

• Fixed a bug in the CLI where snapshots couldn’t be copied if the target contained a remote.
• Fixed an issue where storage limits were not applied when a container was started.

All changes

The items listed below is all of the work which happened over the past week and which will be included in the next release.

LXD

• OpenFGA authorization driver
• doc/networking/firewall: add more restrictive UFW rules
• Authorization refactor in preparation for fine-grained authorization
• Support server side copy/move of custom storage volumes in clusters
• loki: enable TLS verification if a CA cert is provided
• Doc updates 5.19
• Candid + RBAC test suite
• shared/cliconfig: Nicer error on missing socket
• Doc: remove undesired content
• lxd/instance/drivers: Check running status with InitPID for cgroups
• Ensure the remote connection using simplestreams is valid before adding it
• Exec: Log error from io.Copy
• readme: reference Ubuntu’s LXD security page
• Revert “Ensure the remote connection using simplestreams is valid before adding it”
• Require destination name when copying an instance on the same server
• doc: temporarily ignore MAAS links
• Authentication method constants
• Refactors projectParam for use outside of lxd directory
• Drop GetTLSConfig() unused args
• test/suites: Unsets RBAC configuration after test.
• lxd/instance/driver/qemu: replace sha1 by sha256 in blockNodeName()
• lxd: Exec wrapper improvements
• lxd/cluster/config: Add missing bool default values
• lxd/storage_volumes: Fix calls to QueryParam
• test/suites: Fixes wait_no_operations helper.
• lxd/patches: Ensure renaming is only done on cluster leader
• gomod: Switch UUID package
• lxc/network forward: Fix typo port to ports.

LXD Charm

• Improve error reporting
• Update instructions for Juju 3.x

Distribution work

This section is used to track the work done in downstream Linux distributions to ship the latest LXD as well as work to get various software to work properly inside containers.

Ubuntu

• Nothing to report this week.

Snap

• Nothing to report this week.