openSUSE Recommended Update: Recommended update to lxc ______________________________________________________________________________ Announcement ID: openSUSE-RU-2022:0139-1 Rating: low References: Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: lxc was updated to 4.0.12: Bugfixes: * Fixed CRIU restoration of containers with pre-created veth interfaces * Fixed issue with kernels lacking SMT support * Extended cgroup2 config options in lxc.mount.auto (cgroup2) * lxc-download now relies on HTTPS for validation (avoids GPG issues) Update to 4.0.11: Bugfixes: * Core scheduling support (lxc.sched.core) * riscv64 support in lxc.arch * Significantly improved bash completion profile * Greater use of the new VFS mount API (when supported by the kernel) * Fix containers with empty network namespaces * Handle kernels that lack TIOCGPTPEER * Improve CPU bitmask/id handling (handle skipped CPU numbers) * Reworked the tests to run offline use --withpamdir and use pam macros to fix UsrMerge problems Update to 4.0.10: Bugfixes: * Fix issues with less common architectures * Support for additional idmap mounts * nft support in lxc-net * Cleaner mount entries for sys:mixed * Switched GPG server to keyserver.ubuntu.com Update to 4.0.9: * You may have noticed the sudden jump from 4.0.6 to 4.0.9, that's because 4.0.7 and 4.0.8 both included regressions that were reported by early users and were considered bad enough to require a new release. * Testing improvements including fixes from oss-fuzz * Rework of the attach codepath * Cgroup handling rework * for full list of changes see https://discuss.linuxcontainers.org/t/lxc-4-0-9-lts-has-been-released/10999 Update to 4.0.6: * Improve handling for compatibility architectures for seccomp * Harden seccomp notifier implementation * Rework parsing of /proc/<pid>/mountinfo to handle kernel regression https://bugzilla.kernel.org/show_bug.cgi?id=209971 * Improve network device restoration * Significantly cleanup and harden config file parsing * Support new capabilities CAP_PERFORM, CAP_BPF, and CAP_CHECKPOINT_RESTORE * Harden containers started without CAP_NET_ADMIN * for full list of changes see https://discuss.linuxcontainers.org/t/lxc-4-0-6-lts-has-been-released/9926 Patch Instructions: To install this openSUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-2022-139=1 Package List: - openSUSE Leap 15.3 (aarch64 i586 ppc64le s390x x86_64): liblxc-devel-4.0.12-lp153.2.3.1 liblxc1-4.0.12-lp153.2.3.1 liblxc1-debuginfo-4.0.12-lp153.2.3.1 lxc-4.0.12-lp153.2.3.1 lxc-debuginfo-4.0.12-lp153.2.3.1 lxc-debugsource-4.0.12-lp153.2.3.1 pam_cgfs-4.0.12-lp153.2.3.1 pam_cgfs-debuginfo-4.0.12-lp153.2.3.1 - openSUSE Leap 15.3 (noarch): lxc-bash-completion-4.0.12-lp153.2.3.1 References: