[MIR] lxc
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lxc (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
Binary package hint: lxc
The LXC team would like the MIR team to reconsider promotion of LXC to main.
The reason is that since the last request back in Lucid, the kernel has had a lot of time to stabilize and improve for the various calls used by lxc.
We also added apparmor confinement by default a few cycles ago.
LXC is used by quite a lot of people and is the default backend for JuJu charms development.
Serge Hallyn and myself are active upstream contributors and maintainers of the staging branch, so issues tend to be resolved very quickly.
We've also been maintaining LXC in precise and quantal very actively, by SRUing every fix that lands in the development release and offering backports for more complex features.
The staging LXC git tree is automatically imported on Launchpad and daily builds for precise, quantal and raring are triggered automatically.
Upstream itself only contains a limited set of test, mostly around the newly introduced liblxc API, however, Serge maintains a separate integration testing branch which we run before upload and will be integrated into autopkgtest and into the upstream dailies once we have some time to do so.
For build-depends: The only build-deps not currently in main is libseccomp for which I'll be filing a separate MIR (bug 1082431) . LXC itself doesn't strictly require this library but the feature is rather nice to have, so I think we should get it promoted too.
I believe all the dependencies are already in main (outside of libseccomp and lxc itself).
LXC doesn't ship any daemon or setuid binary by default, some people choose to mark some of the binaries as setuid or grant extra capabilities, but we don't recommend doing so and don't do it by default.
The LXC package provides two upstart jobs, one to automatically start containers at boot time (if marked as auto-started) and another to setup a "lxcbr0" bridge with a dnsmasq DHCP server running on it, similar to libvirt's virbr0.
Our package isn't usually in sync or even merged with Debian because of disagreements with the Debian maintainer. Our package tends to be much closer to upstream and the upstream staging branch.
We currently carry a lot of patches in our package, but all of them are direct cherry-picks from the staging branch. As a result, as soon as upstream tags 0.9~alpha1, we are expecting to be down to just 4-5 patches remaining.
Changed in lxc (Ubuntu): | |
assignee: | nobody → Martin Pitt (pitti) |
Changed in lxc (Ubuntu): | |
status: | Won't Fix → New |
description: | updated |
description: | updated |
Changed in lxc (Ubuntu): | |
assignee: | nobody → Jamie Strandboge (jdstrand) |
Changed in lxc (Ubuntu): | |
status: | New → Confirmed |
status: | Confirmed → Triaged |
importance: | Undecided → Wishlist |
Changed in lxc (Ubuntu): | |
status: | Triaged → New |
Changed in lxc (Ubuntu): | |
assignee: | Jamie Strandboge (jdstrand) → Seth Arnold (seth-arnold) |
Changed in lxc (Ubuntu): | |
status: | New → Fix Released |
I spoke with Kees, and he said that he keeps finding security problems in lxc every time he looks at it, and that it's still too young and immature to be put into an LTS. So this should be reconsidered for 10.10.