[lxc-devel] About to tag alpha-2

Wed Oct 1 15:27:11 UTC 2014

On Wed, Oct 01, 2014 at 08:03:54AM -0400, Michael H. Warfield wrote:
> On Tue, 2014-09-30 at 18:00 -0400, Michael H. Warfield wrote:
> > On Tue, 2014-09-30 at 15:56 -0400, Stéphane Graber wrote:
> > > Hey everyone,
> > 
> > > So just wanted to let you know that current git master is the alpha-2
> > > candidate.
> > 
> > > If you have some time today/tonight, please grab git master and test it
> > > to find any major issue which we shouldn't release alpha-2 with.
> > 
> > We have two open buzilla reports, one at Debian and one at Fedora that
> > are flagged as security issues due to fixed, predicatable, user ids and
> > passwords in the containers created from the live templates.  Can we get
> > these issues addressed?  In a distro, that would be a hard stop critical
> > dependency.  I would throw a blocker on that alone just to get two
> > security reports off our desks.

I agree we want to see that addressed by the time we release 1.1, but
for alpha-2 I don't think this is a blocker since it's not a regression.
Rushing the fix however may cause regressions.

> > 
> > > If there's no report of such issue by tomorrow morning, I'll tag alpha-2
> > > and then we'll resume landing changes into git master.
> > 
> > > Thanks everyone who's contributed to LXC 1.1 so far and sorry for not
> > > releasing an alpha earlier, I'd been postponing most of it due for the
> > > systemd changes and those took longer to figure out than expected.
> 
> > Surprise, surprise...  Has the lxc.kmsg thing and systemd-journald going
> > rogue been sorted?  Dwight has had it covered in Oracle and I'm trying
> > to cover it in a pending patch for Fedora and CentOS.  Is there anything
> > I've missed or Dwight has missed in the rpm camps (Oracle, Fedora,
> > CentOS, SUSE)?
> 
> Oh, duh...  You are referring to the init script and rpm fixes that I
> put together as the "systemd" changes.  I wasn't thinking clearly about
> that last night since it was.  Disregard that last remark, yeah.
> 
> My last set of changes for the templates is also systemd related er the
> systemd-journald problem.

Right, for alpha-2, the main thing I cared about was getting the init
scripts to work. I know that systemd inside a container is still a mess
for a variety of reasons (journald, apparmor, unprivileged containers,
...) and we're slowly progressing on all of those.

So far, I haven't heard of any regression in alpha-2 so I'll probably
tag it in the next couple of hours. We'll hopefully get Ubuntu 14.10 to
ship with alpha-2 (albeit with the daemonize change reverted to avoid
causing last minute regressions) and get some more exposure from that.

I expect over the next few months, we'll be pushing quite a bit on the
systemd front as Ubuntu needs to start working with it too which for us
means that we need to get the container upgrade from an upstart
environment to a systemd environment working and we also need systemd to
work unprivileged.

I suspect most of that will be done through patching of systemd itself
rather than through ugly hacks in LXC, we'll just have to see how much
of that we can get upstream (Ubuntu and Debian work together for systemd
packaging, so hopefully that'll help push things a bit).

> 
> > Regards,
> > Mike
> 
> Regards,
> Mike
> -- 
> Michael H. Warfield (AI4NB) | (770) 978-7061 |  mhw at WittsEnd.com
>    /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
>    NIC whois: MHW9          | An optimist believes we live in the best of all
>  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
> 

> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20141001/14b5d733/attachment.sig>