LXC 2.0.0/2.0.1 发布,Linux 容器工具


4月份,LXC发布了LXC 2.0 包含很多新特性,5月16日,LXC 2.0.1发布,修补了一些bug。

LXC 2.0.0 新特性如下:


  • All main LXC commands have now been rewritten in C

    • lxc-ls

    • lxc-device

    • lxc-copy

  • New lxc-copy command taking over the role of lxc-clone and lxc-start-ephemeral

  • Much improved support for checkpoint/restore of containers

  • Completely reworked cgroup handling including support for the cgroup namespace

  • The various command line tools are now much more consistent

  • Re-organized storage backend implementation, including addition of a Ceph RBD backend

  • An enormous amount of bugfixes, most of which will be backported to 1.0 and 1.1 over the next few bugfix releases

  • The C API remains backward compatible with previous versions and is released as 1.2

This release was made possible by contributions (720 commits) from a total of 96 contributors.


  • lxc.ephemeral: Controls whether the container is ephemeral and so will be destroyed on shutdown

  • lxc.rebootsignal: Allows to override the signal sent for container reboot

  • lxc.hook.destroy: New hook being called on container destruction

  • lxc.hook.stop: Run in the host context with references to the containers just before namespace teardown

  • lxc.init_uid: Used by lxc-execute to set an alternative user

  • lxc.init_gid: Used by lxc-execute to set an alternative group

  • lxc.monitor.unshare: Allows unsharing the mount namespace prior to running any hook


  • API:

    • Add support for get_ips()

    • Add support for get_interfaces()

    • Add support for rename()

    • Support for passing the storage backend to create()

    • New migrate() symbol as an alternative to checkpoint() using a migrate_opts struct to simplify additions

    • API version is 1.2, fully backward compatible with 1.1 and 1.0

    • new symbols:

    • python3

    • lua

  • Core:

    • cgfsng: New cgroup backend driver for recent Linux kernel

    • cgroup: Partial support for the new cgroup hierarchy

    • cgroup: Support for the cgroup namespace

    • checkpoint: Support checkpoint/restore of default LXC containers

    • checkpoint: Support checkpoint/restore of unprivileged containers

    • checkpoint: Support for the page server

    • config: lxc.aa_profile: Now supports an "unchanged" value

    • config: lxc.init_cmd: Now supports arguments

    • config: lxc.network.macvlan.mode: Added support for the "passthru" mode

    • config: lxc.rootfs.backend: Allows to override the storage backend (bypasses auto-detection)

    • config: New nesting.conf configuration file to setup container nesting

    • hooks: New LXC_CGNS_AWARE environment variable, set to 1 if LXC supports the cgroup namespace (the kernel however may not)

    • hooks: New LXC_SRC_NAME environment variable is set in clone hook with the original container name

    • hooks: New LXC_TARGET environment variable is set with the container goal (stop or reboot)

    • logging: Updated logging timestamps to be a bit more readable

    • lxc-usernet: Support for containers usning a veth interface without bridging

    • lxc-usernet: Support for group-based quotas (use the @ prefix)

    • network: The bridge interface MTU is now used as the default container interface MTU

    • start: The process title is now renamed to be easier to read

    • storage: New Ceph RBD storage backend

  • Documentation:

    • Korean translation of all the man pages

  • Commands:

    • lxc-attach: Use an intermediate pts device to prevent attacks against the parent shell

    • lxc-clone: Support for renaming containers

    • lxc-start-ephemeral: Support for changing bind-mount targets

  • Init systems:

    • systemd: Support for instanced service units

  • Templates

    • New ALTLinux template

    • New Slackware template

    • New SPARCLinux template

    • alpine: Support installing extra packages

    • debian: Default to just "main" enabled, allow enabling other repositories through argument

    • oracle: Set the timezone in the container

    • openssh: Add OpenSSH support

    • ubuntu: New -v option allowing the user to set the debootstrap variant

    • ubuntu-cloud: Support for vendor-data passthrough

LXC 2.0.1 改进的地方如下:


  • apparmor: Also allow fstype=fuse for fuse filesystems

  • attach: adapt lxc-attach tests & add test for pty logging

  • attach: don't fail attach on failure to setup a SIGWINCH handler.

  • attach: fix a variety of lxc-attach pts handling issues

  • attach: switch console pty to raw mode (fixes ncurses-based programs)

  • attach: use raw settings of ssh for pty

  • bindings: fixed python-lxc reference to var before assignment in create()

  • bindings: set PyErr when Container.__init__ fails

  • cgfsng: defer to cgfs if needed subsystems are not available

  • cgfsng: don't require that systemd subsystem be mounted

  • core: Added missing type to keys in lxc_list_nicconfigs

  • core: Allow configuration file values to be quoted

  • core: log: remove duplicate definitons and bump buffer size

  • core: sync: properly fail on unexpected message sizes

  • core: Unshare netns after setting the userns mappings (fixes ownership of /proc/net)

  • core: various fixes as reported by static analysis

  • c/r: add an option to use faster inotify support in CRIU

  • c/r: rearrange things to pass struct migrate_opts all the way down

  • doc: ignore temporary files generated by doxygen

  • doc: tweak manpage generation date to be compatible with reproducible builds

  • doc: update MAINTAINERS

  • doc: update to translated manpages

  • init: add missing lsb headers to sysvinit scripts

  • init: don't make sysv init scripts dependant on distribution specifics

  • init: drop obsolete syslog.target from lxc.service.in

  • lxc-attach: add logging option to manpage

  • lxc-checkconfig: better render when stdout isn't a terminal

  • lxc-create: fix -B best option

  • lxc-destroy: avoid double print

  • lxc-ls: use fewer syscalls when doing ipc

  • templates: Add apt-transport-https to minbase variant of Ubuntu template

  • templates: fix a typo in the capabilities name for Gentoo (sys_resource)

  • templates: logic fix in the Centos template for RHEL7+ support

  • templates: tweak Alpine DHCP configuration to send its hostname

  • templates: tweak to network configuration of the Oracle template

