Mark Laing
Mark Laing
While working on https://github.com/canonical/lxd/pull/13886, I added an extra query to many image and image alias endpoints to resolve the effective project for images, as required for authorization checks. For all...
See https://github.com/canonical/lxd/pull/13846#discussion_r1701870013_ We'll need a DB patch to fix this.
The PKI tests use `easyrsa` for issuing certificates. We may need to use another tool for this if ECDSA is not supported by `easyrsa`. > At some point, we should...
When a nested LXD downloads an image, if the image can be found on the host and it is public or cached, it is downloaded over the `devlxd` socket. Currently...
As a user with access to project A and project B, I should be able to launch an instance in project B while specifying an image in project A. For...
The underlying cause of this bug was that general filtering of used-by URLs makes the assumption that the `can_view` entitlement is available for all entity types. It is a fair...
We're not checking that the LXD server is automatically trusted if the client has a CA certificate verifying the server certificate. See https://github.com/canonical/lxd/pull/14149#discussion_r1796914995_
As part of the [TLS fine-grained authorization specification](https://discourse.ubuntu.com/t/tls-fine-grained-authorization/48497), pending TLS identities must be pruned when their associated token expires. This pull request adds logic to the `autoRemoveExpiredTokens` task such that...
Hi :wave: firstly, thank you for this great library! LXD is a hypervisor for system containers and VMs. It can be clustered to give a private cloud like experience. When...
Adds a slice of secrets to the database for encrypting OIDC credential cookies.