config/apparmor/abstractions/container-base | 3 1 + 2 - 0 !
1 file changed, 1 insertion(+), 2 deletions(-)

 [apparmor.d] sets container-base accordingly to container-base.in

config/init/systemd/lxc.service.in | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [lxc.service] starts after remote-fs.target

lxc.pc.in | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 lxc.pc.in: removes @dlog_libs@ which is not expanded upon build

src/lxc/cgroups/cgfsng.c | 2 1 + 1 - 0 !
src/lxc/conf.c | 34 17 + 17 - 0 !
src/lxc/conf.h | 4 2 + 2 - 0 !
3 files changed, 20 insertions(+), 20 deletions(-)

 conf: fix containers retaining cap_net_admin

Historically, /proc/sys/net is rw when proc:mixed is used as a proc
mount parameter. This was broken somewhere in lxc 4, and this patch
fixed it.

templates/lxc-download.in | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 lxc-download: switch gpg server
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit

Signed-off-by: Stphane Graber <stgraber@ubuntu.com>

src/lxc/cmd/lxc_user_nic.c | 15 6 + 9 - 0 !
1 file changed, 6 insertions(+), 9 deletions(-)

 [patch] patching an incoming cve (cve-2022-47952)

lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may
allow local users to infer whether any file exists, even within a
protected directory tree, because "Failed to open" often indicates
that a file does not exist, whereas "does not refer to a network
namespace path" often indicates that a file exists. NOTE: this is