Status of LXC in Stretch?

[Claudio Kuenzler <ck@claudiokuenzler.com>]

Dear all, LXC maintainers,

It seems that there hasn't been much going on concerning the LXC package(s) in Debian 9 Stretch. The version is stuck at 2.0.7 without any patches backported since Jan 2018. Yet there are known (important) bugs which break LXC on Stretch.

For example when using cgroup resource limits, bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888647 occurs, which at the end is a bug in the used libpam-cgfs package.

Even in backports there is the following note in the changelog of the lxcfs package:

lxcfs (2.0.8-1~bpo9+1) stretch-backports; urgency=medium

  * Team upload
  * Rebuild for stretch-backports.
  * This backport release is an alternative to 2.0.7-1 that has a couple of
    issues, and shouldn't have reached stable.
    See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867619 for more
    intel.

 -- Pierre-Elliott Bécue <peb@debian.org>  Sat, 17 Nov 2018 09:01:07 +0100

In bug #888647 as well as in a discussion on linuxcontainers.org (https://discuss.linuxcontainers.org/t/failed-creating-cgroups/272/10) a possible solution is to remove the Debian package of libpam-cgfs and instead install the Ubuntu package. Really?!

Although this workaround seems to work for some, it doesn't work for others including the author of the last comment in bug #888647.

Meanwhile LXC 2.0.9 is out since October 2017 (yes, 2017). Instead of keeping a bugged 2.0.7, wouldn't it be better to include the latest upstream version of the 2.0 LTS branch?

Note: LXC itself works fine for privileged containers _without_ resource lmits. But as soon as resource limits are used, this bug comes in place and breaks LXC.

What's the current status with LXC and its related packages in Debian Stretch? Can we expect a new upstream release, a bugfix or a new version (3.0 LTS) made available in backports?

Thanks in advance for letting us know.