- Avoid wrong permissions warning by conditionally setting the setuid bit based
on what version of permissions is available in that distribution (makes no
difference but results in less confusion to users).
- Fix builds on SLE12, by depending on apparmor-profiles instead of
apparmor-abstractions. In addition, remove the Requires on abstractions.
- Trim project history from package description.
- Update to LXC 3.1.0. The changelog is far too long to include here, please
look at the changelogs posted on https://linuxcontainers.org/. boo#1131762
* Includes fixes for CVE-2019-5736 bsc#1122185.
+ pam_cgfs is now provided by this package, since upstream has moved the
sources to LXC (it used to be part of lxcfs).
* All of the patches have been upstreamed or are no longer relevant:
- 0001-apparmor-Allow-usr-lib-paths-for-mount-and-pivot_roo.patch
- 0001-utils-add-LXC_PROC_PID_FD_LEN.patch
- 0001-lxc-user-nic-verify-file-descriptor-stable-2.0.patch
- 0001-Backport-autodev-fix-from-lxc-master.patch
- 0001-PyOS_AfterFork-python3.7.patch
- Add a warning if lxc-user-nic is not setuid after set_permissions, to ensure
users actually read the warning (which means we get to remove README.SUSE).
It also supports people using paranoid mode, which is why it's done in
post-install and isn't packaged. boo#988348
- Quite a lot of the runtime helpers and configuration have been moved to
liblxc, in order to allow LXD to make use of them (because, in truth, they
were always a requirement of liblxc and not just the lxc-* tools).
- Add workaround for pre-15 distros, where _sharedstatedir was inexplicably
/usr/com, to use the correct directory of /var/lib.
- Rework packaging to be a more modern openSUSE-style.