Debian Patches
Status for lxc/1:5.0.2-1+deb12u4
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0004-apparmor.d-Sets-container-base-accordingly-to-container-base.in.patch | [apparmor.d] Sets container-base accordingly to container-base.in | Pierre-Elliott Bécue <peb@debian.org> | no | 2019-08-05 | ||
| 0005-lxc.service-Starts-after-remote-fs.target.patch | [lxc.service] Starts after remote-fs.target | Pierre-Elliott Bécue <peb@debian.org> | no | 2019-08-05 | ||
| 0004-nesting-Extend-mount-permissions-in-apparmor-to-allo.patch | [nesting] Extend mount permissions in apparmor to allow systemd services' restrictions to work These options allow systemd security features to work. In particular cases, it helps with systemd-logind and program like this It's only added in nesting profile as it could pose security risks on privileged containers. mount options=(rw,rbind) -> /run/systemd/unit-root/, mount options=(rw,rbind) -> /run/systemd/unit-root/**, mount options=(rw,rshared) -> /, mount options=(rw,nosuid,nodev,noexec) proc -> /run/systemd/unit-root/proc/, |
Pierre-Elliott Bécue <peb@debian.org> | no | 2022-08-01 | ||
| 0100-fix-nftables-ipv6.patch | lxc-net.in: fix nftables syntax for IPv6 NAT The nftables masquarade rule for IPv6 was using the IPv4 syntax. This resulted in the following error when starting the lxc-net.service with LXC_IPV6_NAT="true" and nftables: Feb 11 18:54:54 pc lxc-net[4936]: Error: conflicting protocols specified: ip6 vs. ip Feb 11 18:54:54 pc lxc-net[4936]: ^^^^^^^^ Feb 11 18:54:54 pc lxc-net[4917]: Failed to setup lxc-net. Feb 11 18:54:54 pc systemd[1]: lxc-net.service: Main process exited, code=exited, status=1/FAILURE Feb 11 18:54:54 pc systemd[1]: lxc-net.service: Failed with result 'exit-code'. Feb 11 18:54:54 pc systemd[1]: Failed to start LXC network bridge setup. |
Quentin Lyons <36303164+n0p90@users.noreply.github.com> | no | 2023-02-12 | ||
| 0101-cherry-pick-fix-ephemeral-copies.patch | conf: fix ephemeral copies Don't rely on rootfs->bdev_type because that may be NULL. Use storage->type instead which can't be NULL. |
Christian Brauner <brauner@kernel.org> | no | 2023-11-29 | ||
| 0102-cherry-pick-fix-null-pointer-dereference.patch | Avoid null pointer dereference when using shared rootfs. rootfs->storage not set by lxc_storage_prepare when using a shared rootfs. | Steven Galgano <sgalgano@adjacentlink.com> | no | 2024-10-14 | ||
| 0103-cherry-pick-CVE-2026-39402.patch | lxc-user-nic: clarify and fix Some variable names were a bit confusing in find_line and cull_entries. Rename and document, and fix the flows using these. It's possible that a more maintainable approach, long term, would be to break these up differently: have one function create a neat in memory data structure representing the files, and have the paths currently using find_line and cull_entries peek into the data structures. But i think this is pretty clear. This fixes CVE-2026-39402 |
"Serge E. Hallyn" <serge@hallyn.com> | no | 2026-04-20 |
All known versions for source package 'lxc'
- 1:7.0.0-1 (forky, sid)
- 1:6.0.4-4+deb13u3 (trixie)
- 1:5.0.2-1+deb12u4 (bookworm)