https://discuss.linuxcontainers.org/t/lxc-4-0-10-has-been-released/11618

LXC 4.0.10 has been released

17th of July 2021
Introduction¶
The LXC team is pleased to announce the release of LXC 4.0.10!
This is the tenth bugfix release for LXC 4.0 which is supported until June 2025.
Bugfixes¶
As usual this bugfix releases focus on stability and hardening. Some of the highlights for this release are:

Fix issues with less common architectures
Support for additional idmap mounts
nft support in lxc-net
Cleaner mount entries for sys:mixed
Switched GPG server to keyserver.ubuntu.com

The full list of commits is available below:

conf: handle kernels with CAP_SETFCAP
doc: document new idmap= option for lxc.rootfs.options
Skip rootfs pinning for ZFS roots.
Reflow ZFS check to follow the style of the overlayfs return.
confile: re-add aarch64 architecture
tests: add tests for supported architectures
tests: fix lxc-test-arch-parse for make dist
confile: convert AppArmor and SELinux confile parsing from errors to warnings
Merge pull request #3835 from brauner/2021-05-10.fixes.apparmor.stable-4.0
oss-fuzz: add basic cgroup_init()/cgroup_exit() fuzzing
cgroups: clean up cgroup_ops on initialization error
conf: allow xdev when setting up /dev
conf: don't unmount procfs and sysfs
conf: tweak rootfs handling
start: move idmapped mount setup later
tree-wide: s/parse_mntopts/parse_mntopts_legacy/
conf: rename struct mount_opt flag member s/flag/legacy_flag/
Skip rootfs pinning for read-only file system.
conf: support idmapped lxc.mount.entry entries
conf: add sequence when setting up idmapped mounts
confile: free mount data
conf: fix mount option parsing
cgroups: rework check whether legacy hierarchy is writable
conf: move file descriptor synchronization with child into single function
conf: move file descriptor synchronization with parent into single function
conf: use explicit signage in bit field
start: use barrier instead of wake/wait pair
start: reorder START_SYNC_POST_CONFIGURE
start: simplify startup synchronization
README: Update IRC
network: please broken compilers
Update lxc-net to support nftables
lxc: add lpthread to lxc.pc
lsm/apparmor: actually report an error when we fail to wire AppArmor profile
tools/lxc_autostart: fix failed count
api_extensions: introduce idmapped_mounts_v2 api extension
confile: backport lxc.init.groups config key
string utils: Make sure don't return uninitialized memory.
Add support for LISTEN_FDS environment variable.
common.conf: replace problematic terminology
seccomp: replace problematic terminology
tree-wide: remove problematic terminology
tree-wide: replace problematic terminology
tree-wide: replace problematic terminology
tree-wide: replace problematic terminology
cgroups: use stable ordering for co-mounted v1 controllers
When an item is added to an array, then the array is realloc()ed (to size+1), and the item is copied (strdup()) to the array. Thus, when an item is removed from an array, memory allocated for that item should be freed, successive items should be left-shifted and the array realloc()ed again (size-1).
Resize array in remove_from_array() and fix a crash
lxc-download: Switch GPG server
cgroups: verify that hierarchies are non-empty
When an item is added to an array, then the array is realloc()ed (to size+1), and the item is copied (strdup()) to the array. Thus, when an item is removed from an array, memory allocated for that item should be freed, successive items should be left-shifted and the array realloc()ed again (size-1).
execute: don't exec init, call it
initutils: use vfork() in lxc_container_init()
network: log network devices while sending
execute: ensure parent is notified about child exec and close all unneeded fds
initutils: close dirfd in error path
conf: improve read-only /sys with read-write /sys/devices/virtual/net
tests: add tests for read-only /sys with read-write /sys/devices/virtual/net
cgroups: handle funky cgroup layouts
terminal: ensure newlines are turned into newlines+carriage return for terminal output
cmd/lxc-checkconfig: list cgroup namespaces and rename confusing ns_cgroup entry
doc: Add eBPF-based device controller semantics to Japanese man page
doc: Append description of net type field
doc: Add new idmap= option to Japanese lxc.container.conf(5)
doc: Fix typo in English lxc.container.conf(5)
conf: userns.conf: include userns.conf.d
confile: allow including nonexisting directories
lxc_unshare: make mount table private
lxc_unshare: fix network device handling
file_utils: surface ENOENT when falling back to openat()
doc/common_options: add trace and alert loglevels
initutils: include pthread.h
start: fix logging message
sync: fix log message
terminal: log TIOCGPTPEER failure less alarmingly
af_unix: report error when no fd is to be sent
terminal: fix error handling

Support and upgrade¶
The LXC 4.0 branch is supported until June 2025.
Only bugfixes and securitiy issues get included into the stable bugfix releases, so it's always safe and recommended to keep up and run the latest bugfix release.
Downloads¶

Main release tarball: lxc-4.0.10.tar.gz
GPG signature: lxc-4.0.10.tar.gz.asc

Linux Container容器是一种内核虚拟化技术，可以提供轻量级的虚拟化，以便隔离进程和资源。

暂无

暂无