Merge pull request #4615 from chackoj-1204/meson-build-enable-api-docs

Add Meson option for enabling API documentation generation with Doxygen

Merge pull request #4625 from lxc/dependabot/github_actions/actions/upload-artifact-6

build(deps): bump actions/upload-artifact from 5 to 6

build(deps): bump actions/upload-artifact from 5 to 6

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5 to 6.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Merge pull request #4622 from Rahik-Sikder/lxc_create_rbd_user_option

added "--rbduser" option in "lxc-create -B rbd"

added doc for --rbduser

Signed-off-by: Rahik-Sikder <sikder.rahik@gmail.com>

added "--rbduser" option in "lxc-create -B rbd"

Co-developed-by: Rahik Sikder <sikder.rahik@gmail.com>
Co-developed-by: Jake Chacko <chackoj1204@gmail.com>
Signed-off-by: Rahik-Sikder <sikder.rahik@gmail.com>

Merge pull request #4621 from James-Featherston/issue-4577

Add checks for "lxc-net fails when kernel has no IPv6"

Merge pull request #4620 from yangh/run-dir-xdg

Fallback to XDG_RUNTIME_DIR when /run not found

Fallback to XDG_RUNTIME_DIR when /run not found

Instead of return null immediately when RUNTIME_PATH
not found, fallback to XDG_RUNTIME_DIR or HOME.

Signed-off-by: Hong YANG <hong.yang3@nio.com>

Merge pull request #4618 from yangh/main

checkonfig: Fixed compatible with toybox/gunzip

checkonfig: Fixed compatible with toybox/gunzip

gunzip in Android/toybox has no -q option.

Signed-off-by: Hong YANG <hong.yang3@nio.com>

Merge pull request #4617 from James-Featherston/issue-4580

Fix "initializer-string for character array is too long, array size is 16 but initializer has size 17" compile error with clang 21

Initial changes without testing

Signed-off-by: jamesfeatherston <jamesfeatherston@utexas.edu>

Enumerated all values in array

Signed-off-by: jamesfeatherston <jamesfeatherston@utexas.edu>

meson: add meson option for running doxygen in build

Co-developed-by: Jake Chacko <chackoj1204@gmail.com>
Co-developed-by: Rahik Sikder <sikder.rahik@gmail.com>
Signed-off-by: Jake Chacko <chackoj1204@gmail.com>

Merge pull request #4601 from FernandoPicazo/unfreeze_fix

Ensure do_lxcapi_unfreeze returns false when getstate errors

Merge pull request #4614 from jaeyoonjung/pr.musl2

build: Check if P_PIDFD is defined

build: Check if P_PIDFD is defined

It is defined in enum 'idtype_t' in some environment in which causes an
error like:
../git/src/lxc/process_utils.h:144:17: error: expected identifier before numeric constant
  144 | #define P_PIDFD 3
      |                 ^

Signed-off-by: Jaeyoon Jung <jaeyoon.jung@lge.com>

Merge pull request #4610 from lxc/dependabot/github_actions/actions/checkout-6

build(deps): bump actions/checkout from 5 to 6

build(deps): bump actions/checkout from 5 to 6

Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Ensure do_lxcapi_unfreeze returns false when getstate errors

Signed-off-by: Fernando Picazo <fernando.picazo@outlook.com>

Merge pull request #4609 from ThomasLamprecht/apparmor-no-proc-sys-restrictions-if-nested

apparmor: skip /proc and /sys restrictions if nesting is enabled

apparmor: skip /proc and /sys restrictions if nesting is enabled

If nesting is enabled, it's already possible to mount your own
instance of both procfs and sysfs inside the container, so protecting
the "original" ones at /proc and /sys makes no sense, but breaks
certain nested container setups.

See: https://github.com/lxc/incus/pull/2624/commits/1fbe4bffb9748cc3b07aaf5db310d463c1e827d0

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

Merge pull request #4602 from arrowd/spec-fix

Update lxc.spec.in to use meson

Update lxc.spec.in to use meson

Signed-off-by: Gleb Popov <6yearold@gmail.com>

Merge pull request #4598 from gibmat/fix-apparmor-abstraction-generation

Fix meson build generation of apparmor container-base

config/apparmor/abstractions: Drop manually generated container-base file

Signed-off-by: Mathias Gibbens <gibmat@debian.org>

config/apparmor/abstractions: Fix meson build generation of container-base

Previously, abstractions/container-base was a hand-generated concatenation of
two different files, abstractions/container-base.in and container-rules. This
was confusing, since the meson configuration didn't actually create
abstractions/container-base from abstractions/container-base.in. Now, the
previously manual step of creating abstractions/container-base is part of the
meson configure step.

Signed-off-by: Mathias Gibbens <gibmat@debian.org>

Merge pull request #4599 from lxc/dependabot/github_actions/actions/upload-artifact-5

build(deps): bump actions/upload-artifact from 4 to 5

build(deps): bump actions/upload-artifact from 4 to 5

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Merge pull request #4596 from hallyn/2025-10-25/packaging

builds workflow: make .orig.tar.gz unique per build

builds workflow: make .orig.tar.gz unique per build

This way we can actually post the result to ppa for
various releases.

The package version previously was something like

6.0.0-0+daily~noble~202510260402

and now becomes

6.0.0~daily~noble~202510260402

So we s/-0+/~/ .  This way, we can use an orig tarball
named lxc_6.0.0~daily~jammy~202510260402.orig.tar.gz.
With the -0 after the version, debuild would only look
for lxc_6.0.0.orig.tar.gz.  6.0.0~daily will still be older
than any 6.0.0-0 or 6.0.0-1 that might legitimately get
pushed into the release.

Signed-off-by: Serge Hallyn <serge@hallyn.com>

Merge pull request #4569 from Container-On-Android/features

add MFD_NOEXEC_SEAL or MFD_EXEC by default if it‘s available

Merge pull request #4595 from stgraber/main

github: Drop focal source packages

github: Drop focal source packages

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>

add MFD_EXEC and MFD_NOEXEC_SEAL flag to memfd_create

Signed-off-by: DreamConnected <1487442471@qq.com>
Co-Authored-By: Danny Lin <danny@kdrag0n.dev>

Merge pull request #4592 from stgraber/main

start: Only include linux/landlock.h when landlock is enabled

start: Only include linux/landlock.h when landlock is enabled

Closes #4591

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>

Merge pull request #4590 from stribika/main

Automatically detect compression format in the lxc-local template

Automatically detect compression format in the lxc-local template

Signed-off-by: Stribik András <andras@stribik.technology>

Merge pull request #4581 from kadinsayani/fix/create-mount-target

lxccontainer: check if target exists before remove in create_mount_target()

lxccontainer: check if target exists before remove in create_mount_target()

Signed-off-by: Kadin Sayani <kadin.sayani@canonical.com>

Merge pull request #4589 from rsyring/log-file-perms

Standardize log file create mode to 0640

Standardize log file create mode to 0640

refs: https://github.com/lxc/lxc/issues/4588
Signed-off-by: Randy Syring <randy@syrings.us>

Merge pull request #4584 from tenforward/japanese

doc: add lxc.environment.{runtime,hooks} in Japanese man page

doc: add lxc.environment.{runtime,hooks} in Japanese man page

Update for e0290fa

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

Merge pull request #4583 from vishwasudupa/main

Enable systemd to create /var/lib/lxc at runtime with StateDirectory

Enable systemd to create /var/lib/lxc at runtime with StateDirectory

This change adds the StateDirectory= directive in the systemd
unit file to ensure that the /var/lib/lxc directory is
automatically created and managed by systemd during service startup.

The StateDirectory= option instructs systemd to create a persistent
state directory under /var/lib/. This is particularly useful in
scenarios where the directory may be missing at first boot — such as
on OSTree-based Linux distributions, which typically ship with
empty /var directory as part of their immutable root filesystem.

By adding StateDirectory=lxc, systemd will handle the creation of
/var/lib/lxc on first boot, ensuring that the service can start
reliably even when the directory is not present initially.

Signed-off-by: Vishwas Udupa <vudupa@qti.qualcomm.com>
Co-developed-by: Raghuvarya S <raghuvar@qti.qualcomm.com>

Merge pull request #4582 from Filiprogrammer/conf-env-split

conf: split `lxc.environment` into `runtime` and `hooks`

doc: add lxc.environment.{runtime, hooks}

Signed-off-by: Filip Schauer <f.schauer@proxmox.com>

api_extensions: add environment_runtime_hooks extension

Signed-off-by: Filip Schauer <f.schauer@proxmox.com>

conf: split `lxc.environment` into `runtime` and `hooks`

Introduce `lxc.environment.runtime` to set environment variables only
for the container init process and `lxc.environment.hooks` to set
environment variables only for hooks. Leave the original
`lxc.environment` unchanged. It still applies to everything.

Signed-off-by: Filip Schauer <f.schauer@proxmox.com>

Merge pull request #4579 from stgraber/main

Implement initial protection of LXC monitor using Landlock

github: Enable landlock in tests

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>

start: Add Landlock restrictions to monitor

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>

start: Make lxc_handler mainloop to run in thread

This allows applying Landlock restrictions just to the monitor handler.

Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

meson: Add optional landlock protection for monitor

This introduces a new optional security feature to the LXC monitor process.

With this enabled, the monitor API used for communication between the
CLI (or other clients) and the container monitor will now run in a
dedicated thread and have a Landlock policy applied to that thread.

The thread trick is required as the monitor process is also responsible
for running post-stop tasks (hooks) which need full privileges as well
as also handling full container reboots which similarly require full
privileges.

The policy is pretty simple at this point. It allows access to /dev/pts,
/dev/ptmx and /sys/fs/cgroup as those are the few paths that the monior
actually needs to open (as opposed to just handing out existing
filedescriptors).

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>

commands: Fix indent

Mix of tab and spaces was making things a bit hard to read.

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>

Merge pull request #4578 from kadinsayani/fix/broken-readme-link

README: update links

README: update links

Signed-off-by: Kadin Sayani <kadin.sayani@canonical.com>

Rename CONTRIBUTING to CONTRIBUTING.md

Signed-off-by: Alessio Attilio <226562783+SigAttilio@users.noreply.github.com>

README: Fix CI links

Signed-off-by: Alessio Attilio <226562783+SigAttilio@users.noreply.github.com>

Merge pull request #4571 from lxc/dependabot/github_actions/actions/checkout-5

build(deps): bump actions/checkout from 4 to 5

build(deps): bump actions/checkout from 4 to 5

Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Merge pull request #4567 from mihalicyn/various_fixes_jul2025

A bunch of fixes (Jul 2025)

Merge pull request #4565 from Container-On-Android/features

lxc/process_utils.h: use strsignal() or sys_siglist[] for Non-GNU dis…

lxc/conf: do not leak opts.data memory in __lxc_idmapped_mounts_child()

Fixes: Coverity 1641425
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

lxc/network: null-terminate ifname string in lxc_network_recv_name_and_ifindex_from_child()

Fixes: Coverity 1486538
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

tests/lxc-test-snapdeps: try to load overlay kernel module

We don't want test to be skipped just because overlay module
isn't loaded yet.

Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

tests/lxc-test-rootfs: add idmapped rootfs testcase

I've discovered that we have no test coverage for rootfs
"lxc.rootfs.options = idmap=container" at all.

Let's add this basic test at least.

Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

Merge pull request #4566 from mihalicyn/enter_net_ns_errors_fix

lxc/lxccontainer: stop printing misleading errors in enter_net_ns()

lxc/lxccontainer: stop printing misleading errors in enter_net_ns()

In enter_net_ns() we try to enter network namespace at first, before
entering a user namespace to support inherited netns case properly.
It is expected to get EPERM for unprivileged container with non-shared
network namespace at first try. Let's take this into account
and stop misleading users with these error messages.

Link: https://discuss.linuxcontainers.org/t/lxc-ls-fancy-command-shows-operation-not-permitted/24080
Fixes: 3011e79f92ef ("lxccontainer: fix enter_net_ns helper to work when netns is inherited")
Fixes: #4560
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

lxc/process_utils.h: use strsignal() or sys_siglist[] for Non-GNU distros

use strsignal() for Non-GNU and sys_siglist[] for nothing, even if sys_siglist[] has been marked as deprecated by Glibc

Signed-off-by: Li Lu <1487442471@qq.com>

Merge pull request #4564 from Container-On-Android/fix/meson.build

meson.build: fix checks for fsconfig and calls

meson.build: use has_header_symbol() instead of get_define() to improve compatibility

Signed-off-by: DreamConnected <1487442471@qq.com>

meson.build: fix checks for fsconfig and calls

move Headers checks up to Calls. keep fsconfig checks on openSUSE #4176

Signed-off-by: Li Lu <1487442471@qq.com>

Merge pull request #4557 from RomanGenexis/meson-specfile-distrosysconfdir

meson.build: set `LXC_DISTRO_SYSCONF` when `-Dspecfile=true`

meson.build: set `LXC_DISTRO_SYSCONF` when `-Dspecfile=true`

Before the change, the `setup` meson step would fail when disabling the
`install-init-files` option:

$ meson setup -Dinstall-init-files=false build
<snip>
meson.build:936:44: ERROR: Entry LXC_DISTRO_SYSCONF not in configuration data.

This is because setting the `LXC_DISTRO_SYSCONF` option is conditional
and requires `install-init-files` to be enabled.

Meanwhile the `specfile` option (default enabled) also requires the
variable above, resulting in a failure when it is unset.

Amend the conditional to also set `LXC_DISTRO_SYSCONF` when `specfile`
option is `true`.

Fixes: 872db5424363 ("build: add more options for customizing install")
Signed-off-by: Roman Azarenko <roman.azarenko+gh@genexis.eu>

Merge pull request #4555 from gibmat/add-loong64-personality

Add loong64 to list of recognized architectures

Add loong64 to list of recognized architectures

Debian refers to the loong architecture as "loong64".

Signed-off-by: Mathias Gibbens <gibmat@debian.org>

Merge pull request #4554 from mihalicyn/no-new-privs-regression-fix

Revert (delay assumption of apparmor labels) to fix a regression

Revert "re-add onexec for apparmor, move label assumption until after container has been setup for attach"

This reverts commit 50dee37cfe3201ed51f477356f81941c960a5511.

Fixes: #4553
Bisected-by: Simon Deziel <simon.deziel@canonical.com>
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

Merge pull request #4552 from mihalicyn/fix_fuzzing_stuff

src/tests/oss-fuzz: pin meson to 1.7.2 to workaround build failures

src/tests/oss-fuzz: pin meson to 1.7.2 to workaround build failures

See also
https://github.com/google/oss-fuzz/pull/13286/commits/093b2480ce44c38c2418c20df2212f56b9e7fbd2

Thanks to Evgeny Vereshchagin

Fixes: #4551
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

Merge pull request #4547 from mihalicyn/mnt_opts_parsing_impr

Mount options (lxc.mount.entry) handling improvements

lxc/conf: support flag kind of mount options in lxc.mount.entry options

Currently, if user wants to use a flag-like mount option in lxc.mount.entry,
for example "userxattr" with overlayfs then it will be silently ignored.

Let's fix that by making parse_vfs_attr() to process all mount options.

Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

lxc/conf: support nosymfollow mount flag

Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

Merge pull request #4550 from stgraber/main

conf: Add support for "move" mount flag

conf: Add support for "move" mount flag

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>

Merge pull request #4549 from mihalicyn/lxc-ci-enable-more-tests

re-enable some tests

src/tests/lxc-test-unpriv: prevent fail on cleanup path

/run/user/$(id -u $TUSER) is a mountpoint for tmpfs, rm -rf
may fail with EBUSY errno. We should mask it and prevent test from marked
as failed because of this.

Also add set -x to make debugging easier in case of failures.

Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

src/tests/lxc-test-apparmor-mount: prevent fail on cleanup path

/run/user/$(id -u $TUSER) is a mountpoint for tmpfs, rm -rf
may fail with EBUSY errno. We should mask it and prevent test from marked
as failed because of this.

Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

src/tests/lxc-test-apparmor-generated: enable test

Remove "exit 0" at the beginning of a test to make it actually run.

Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

Merge pull request #4548 from simondeziel/ubuntu-14.04

meson.build: remove quirk for Ubuntu 14.04 libcap-dev

meson.build: remove quirk for Ubuntu 14.04 libcap-dev

After some research, it seems that Ubuntu 14.10's libcap-dev package corrected
the mistake and shiped the `.pc` file.

Both Ubuntu releases are very old now so remove the workaround.

Signed-off-by: Simon Deziel <simon.deziel@canonical.com>

Merge pull request #4539 from ianmerin/main

delay assumption of apparmor labels

apparmor test: add an overlay container start

make sure that when we start an overlay container, the
init pid is aa-confined.

Signed-off-by: Serge Hallyn <serge@hallyn.com>

re-add onexec for apparmor, move label assumption until after container has been setup for attach

Signed-off-by: Ian Merin <Ian.Merin@ncipher.com>

Merge pull request #4544 from RomanGenexis/4198-fix-container-ttys-env

lxc/conf,start: fix setting container_ttys environment variable

lxc/conf,start: fix setting container_ttys environment variable

Commit eae44ce19931 ("conf: fix append_ttyname()") changed the format
of `conf->ttys.tty_names`, where the `container_ttys=` prefix was
removed.

This seems to have been taken into account in `lxc_create_ttys()` in
`src/lxc/conf.c`, however that's not enough. `do_start()` in
`src/lxc/start.c` clears the environment, and then does `putenv(...)`
directly on the value of `tty_names`. As it no longer has the
`container_ttys=` prefix, this call doesn't have the intended effect.

This behaviour is also confirmed via `ltrace` when doing `lxc-start`:

[pid 53587] liblxc.so.1->setenv("container_ttys", "pts/1 pts/2 pts/3 pts/4", 1) = 0
[pid 53587] liblxc.so.1->clearenv(0, 1, 0, 0)                                   = 0
[pid 53587] liblxc.so.1->putenv("container=lxc")                                = 0
[pid 53587] liblxc.so.1->putenv("pts/1 pts/2 pts/3 pts/4")                      = 0

Given that `do_start()` clears the environment anyway, there is no
reason for another `setenv()` call in `lxc_create_ttys()`, and a fix
is required for `putenv()` in `do_start()`.

Change the `putenv()` call to `setenv()` in `do_start()` to account
for the change of format in `conf->ttys.tty_names`. Remove extraneous
`setenv()` from `lxc_create_ttys()`.

Fixes #4198

Fixes: eae44ce19931 ("conf: fix append_ttyname()")
Signed-off-by: Roman Azarenko <roman.azarenko+gh@genexis.eu>