lxc (1:3.1.0+really3.0.3-6) unstable; urgency=medium

  LXC 3 got some significant changes from LXC 2.

   1. The configuration files use different variables. A userland script
      lxc-update-config is available to update automatically your
      configuration files. An automatic update is possible and offered by
      debconf during the upgrade of lxc version < 3.0.2 to lxc version >=
      3.0.2. Mind that this update will only work for privileged containers
      with configurations present in /var/lib/lxc/*/config and any other
      container will not be updated.
   2. AppArmor support in Debian has increased, thus preventing some systemd
      isolation features to work in LXC 3.0.X. Debian has backported some
      patches from LXC 3.1 that, along with some configurations in a
      container, will allow systemd isolation features to work.

      The required configuration parameters are the ones which follow:
        lxc.apparmor.profile = generated
        lxc.apparmor.allow_nesting = 1

      These parameters are provided in the `/etc/lxc/default.conf` file
      shipped with LXC 3. Hence, any newly created container will have these
      parameters set properly, except if you alter the aforementioned file.

      WARNING: Note that with these parameters, unprivileged containers won't
      be able to start. lxc.apparmor.profile must be set to either
      'unconfined' or to 'lxc-container-default-cgns'. This can be done either
      in the unprivileged container configuration file or in the user's
      .config/lxc/default.conf file.
   3. lxc-templates is deprecated by upstream. The new way of building
      containers is via their distrobuilder software. This software isn't in
      Debian Buster, and thus, we still provide lxc-templates. If you relied
      on it (eg, with lxc.include parameter in some configuration file), you
      should install lxc-templates in case it doesn't come by itself (via
      recommends). Otherwise you may experience issues after the upgrade.

 -- Pierre-Elliott Bécue <peb@debian.org>  Sat, 09 Mar 2019 13:09:05 +0100

lxc (1:1.1.5-1) unstable; urgency=medium

  LXC before 1.1 did silently ignore lxc.aa_profile if the kernel did
  not have the AppArmor mount feature (by checking for the existence of
  /sys/kernel/security/apparmor/features/mount/mask).

  As of LXC 1.1 it will error out with the following message in the log:
  Incomplete AppArmor support in your kernel
  If you really want to start this container, set
  lxc.aa_allow_incomplete = 1 in your container configuration file

  Debian does not ship with AppArmor enabled in the kernel by default,
  so this should not affect default installs. However if you have enabled
  AppArmor, your containers will fail to start after the upgrade.

  Please add "lxc.aa_allow_incomplete = 1" to your configuration to
  start AppArmor-secured containers until we have full support in the
  kernel.

 -- Evgeni Golov <evgeni@debian.org>  Sun, 31 Jan 2016 18:22:40 -0200

