Announcement

https://discuss.linuxcontainers.org/t/lxc-7-0-lts-has-been-released/26612

What's Changed

• meson: fix build on NixOS by @mihalicyn in #4428
• Don't fail veth creation if ipv6 is disabled by @mihalicyn in #4432
• Update lxc-attach.sgml.in by @MMFuba in #4442
• Update lxc-execute.sgml.in by @MMFuba in #4441
• Update lxc-{attach,execute}.sgml.in by @tenforward in #4446
• lxc-local: fix broken templates processing by @jacobmcnamee in #4450
• Apparmor profiles syntax fixes by @mihalicyn in #4452
• AppArmor fixup by @mihalicyn in #4456
• Update GitHub Actions to use Ubuntu 24.04 by @mihalicyn in #4453
• meson: fix build with -Dtools-multicall=true on NixOS by @mihalicyn in #4459
• Reduce logging for newuidmap/newgidmap by @stgraber in #4463
• Exit 0 when there's no error by @Jip-Hop in #4462
• doc: Fix definitions of get_config_path and set_config_path by @stgraber in #4472
• README: Update security contact by @stgraber in #4475
• fix possible clang compile error on AARCH by @yuncang123 in #4481
• Add suppport for PuzzleFS images in the oci template by @ariel-miculas in #4483
• meson.build: add -ffat-lto-objects by @hallyn in #4482
• create_run_template: don't use txtuid and txtguid out of scope by @hallyn in #4487
• Avoid null pointer dereference when using shared rootfs by @sgalgano in #4488
• meson: fix minor typo by @tttuuu888 in #4493
• lxc-net: Replace random IPv6 subnet by @stgraber in #4495
• network config of unprivileged containers is not shown by @ElJeffe in #4497
• init.lxc: Tweak signal handling by @stgraber in #4503
• fix return code of recursive all of cgroup_tree_prune by @gjaekel in #4491
• Github Actions improvements by @stgraber in #4506
• • LXC attach should exit on SIGCHLD by @asainkujovic in #4509
• confile-vlanid: undefined is not a zero value by @asainkujovic in #4510
• dbus: replace hardcoded dbus address with environment variable by @sdanailo-42 in #4511
• conf: useful logging for capabilities by @sdanailo-42 in #4512
• lxc/attach: Revert "- LXC attach should exit on SIGCHLD" by @mihalicyn in #4517
• config-bcast: fix incorrect broadcast address calculation by @irnes in #4523
• github: Switch to native arm64 runners by @stgraber in #4524
• Added LXC_IPV6_ENABLE option for lxc-net to enable or disable IPv6 by @mathiasaerts in #4521
• sysconfig/lxc: remove false comment by @Managor in #4527
• Switch to new MAC address prefix by @stgraber in #4530
• github: Add packaging workflow by @stgraber in #4532
• A bunch of small fixes by @mihalicyn in #4533
• lxc/start: do prctl(PR_SET_DUMPABLE) after last uid/gid switch by @mihalicyn in #4535
• start: Re-introduce first SET_DUMPABLE call by @stgraber in #4536
• Remove bionic/android support by @stgraber in #4537
• meson_options.txt: don't use str when defining bool default values by @simondeziel in #4540
• selinux: fix typo (AppArmor) by @hallyn in #4543
• lxc/conf,start: fix setting container_ttys environment variable by @RomanGenexis in #4544
• delay assumption of apparmor labels by @ianmerin in #4539
• meson.build: remove quirk for Ubuntu 14.04 libcap-dev by @simondeziel in #4548
• re-enable some tests by @mihalicyn in #4549
• conf: Add support for "move" mount flag by @stgraber in #4550
• Mount options (lxc.mount.entry) handling improvements by @mihalicyn in #4547
• src/tests/oss-fuzz: pin meson to 1.7.2 to workaround build failures by @mihalicyn in #4552
• Revert (delay assumption of apparmor labels) to fix a regression by @mihalicyn in #4554
• Add loong64 to list of recognized architectures by @gibmat in #4555
• meson.build: set LXC_DISTRO_SYSCONF when -Dspecfile=true by @RomanGenexis in #4557
• meson.build: fix checks for fsconfig and calls by @DreamConnected in #4564
• lxc/lxccontainer: stop printing misleading errors in enter_net_ns() by @mihalicyn in #4566
• lxc/process_utils.h: use strsignal() or sys_siglist[] for Non-GNU dis… by @DreamConnected in #4565
• A bunch of fixes (Jul 2025) by @mihalicyn in #4567
• build(deps): bump actions/checkout from 4 to 5 by @dependabot[bot] in #4571
• README: update links by @kadinsayani in #4578
• Implement initial protection of LXC monitor using Landlock by @stgraber in #4579
• conf: split lxc.environment into runtime and hooks by @Filiprogrammer in #4582
• Enable systemd to create /var/lib/lxc at runtime with StateDirectory by @vishwasudupa in #4583
• doc: add lxc.environment.{runtime,hooks} in Japanese man page by @tenforward in #4584
• Standardize log file create mode to 0640 by @rsyring in #4589
• lxccontainer: check if target exists before remove in create_mount_target() by @kadinsayani in #4581
• Automatically detect compression format in the lxc-local template by @stribika in #4590
• start: Only include linux/landlock.h when landlock is enabled by @stgraber in #4592
• github: Drop focal source packages by @stgraber in #4595
• add MFD_NOEXEC_SEAL or MFD_EXEC by default if it‘s available by @DreamConnected in #4569
• builds workflow: make .orig.tar.gz unique per build by @hallyn in #4596
• build(deps): bump actions/upload-artifact from 4 to 5 by @dependabot[bot] in #4599
• Fix meson build generation of apparmor container-base by @gibmat in #4598
• Update lxc.spec.in to use meson by @arrowd in #4602
• apparmor: skip /proc and /sys restrictions if nesting is enabled by @ThomasLamprecht in #4609
• build(deps): bump actions/checkout from 5 to 6 by @dependabot[bot] in #4610
• build: Check if P_PIDFD is defined by @jaeyoonjung in #4614
• Ensure do_lxcapi_unfreeze returns false when getstate errors by @FernandoPicazo in #4601
• Fix "initializer-string for character array is too long, array size is 16 but initializer has size 17" compile error with clang 21 by @James-Featherston in #4617
• checkonfig: Fixed compatible with toybox/gunzip by @yangh in #4618
• Fallback to XDG_RUNTIME_DIR when /run not found by @yangh in #4620
• Add checks for "lxc-net fails when kernel has no IPv6" by @James-Featherston in #4621
• added "--rbduser" option in "lxc-create -B rbd" by @Rahik-Sikder in #4622
• build(deps): bump actions/upload-artifact from 5 to 6 by @dependabot[bot] in #4625
• Add Meson option for enabling API documentation generation with Doxygen by @chackoj-1204 in #4615
• Fix "lxc-copy with overlayfs throws an error" by @James-Featherston in #4624
• Do not ignore lxc.init.groups when using userns by @Filiprogrammer in #4626
• Added documentation on unprivileged LXC containers by @chackoj-1204 in #4616
• cgfsng: fix reboots when using dbus by @hallyn in #4628
• Improve the dbus scope creation error handling by @hallyn in #4629
• Improve build flow in #4574
• github: test io_uring-based event loop by @mihalicyn in #4631
• lxc-attach: fix data corruption during heavy IO on PTS by @mihalicyn in #4633
• src/confile: fix values of lxc.cap.keep and lxc.cap.drop by @DreamConnected in #4634
• lxc: added support OpenRC init system by @GermanAizek in #4636
• meson.build: fix openat2 include typo, fix with glibc-2.43 +FORTIFY by @juippis in #4642
• meson.build: fix open_how include with glibc-2.43+ by @DreamConnected in #4645
• lxc/network: save/restore physical network interfaces altnames by @mihalicyn in #4649
• lxc/network: define netlink uAPI constants for link properties by @mihalicyn in #4650
• cmd/lxc-user-nic: prevent OOB read in name_is_in_groupnames by @mihalicyn in #4651
• Update Japanese man pages by @tenforward in #4653
• build(deps): bump actions/upload-artifact from 6 to 7 by @dependabot[bot] in #4654
• utils: Add quotes around exec arguments by @stgraber in #4659
• utils: Update buffer size to account for quotes by @stgraber in #4660
• Fix issue where pidfd_ functions were not being detected during meson… by @alex14641 in #4658
• Fix issue where memfd functions were not being detected during meson setup. by @alex14641 in #4665
• tests: mount_injection: ensure cleanup on test failure by @akash-hadke in #4639
• Fix issue where lxc-start takes a long time to start up on a cgroup v2 system without systemd. by @alex14641 in #4666
• [nesting] Extend mount permissions in apparmor to allow systemd servi… by @P-EB in #4668
• remove cgroup1 support by @mihalicyn in #4671
• assume CLONE_PIDFD, clone3, new mount api are supported by @mihalicyn in #4672
• apparmor: allow nosymfollow remounts by @mihalicyn in #4466
• lsm/apparmor: allow binfmt_misc RW mounts by @mihalicyn in #4673
• tests/lxc-test-lxc-attach: Increase sleep time by @gibmat in #4674
• Don't leak an open fd by @hallyn in #4677
• lvm.c: make sure tp gets freed by @hallyn in #4676
• Fix security issue with lxc-user-nic and OpenVswitch networks by @stgraber in #4678

New Contributors

• @MMFuba made their first contribution in #4442
• @Jip-Hop made their first contribution in #4462
• @yuncang123 made their first contribution in #4481
• @sgalgano made their first contribution in #4488
• @tttuuu888 made their first contribution in #4493
• @asainkujovic made their first contribution in #4509
• @sdanailo-42 made their first contribution in #4511
• @irnes made their first contribution in #4523
• @mathiasaerts made their first contribution in #4521
• @Managor made their first contribution in #4527
• @RomanGenexis made their first contribution in #4544
• @ianmerin made their first contribution in #4539
• @DreamConnected made their first contribution in #4564
• @kadinsayani made their first contribution in #4578
• @Filiprogrammer made their first contribution in #4582
• @vishwasudupa made their first contribution in #4583
• @rsyring made their first contribution in #4589
• @stribika made their first contribution in #4590
• @arrowd made their first contribution in #4602
• @jaeyoonjung made their first contribution in #4614
• @FernandoPicazo made their first contribution in #4601
• @James-Featherston made their first contribution in #4617
• @yangh made their first contribution in #4618
• @Rahik-Sikder made their first contribution in #4622
• @chackoj-1204 made their first contribution in #4615
• @GermanAizek made their first contribution in #4636
• @juippis made their first contribution in #4642
• @alex14641 made their first contribution in #4658
• @akash-hadke made their first contribution in #4639

Full Changelog: v6.0.0...v7.0.0