Today we got a notification mail from OpenVZ community and SolusVM developer about several critical bugs of vzctl latest release (3.0.25-1). A bug has been found that causes a segfault in vzctl. This bug will cause several functions in SolusVM not to work properly.
Descriptions
Solus Virtual Manager (SolusVM) is a powerful GUI based VPS management system with full OpenVZ, Xen Paravirtualization and Xen HVM support. SolusVM allows you and your clients to manage a VPS cluster with security & ease.
OpenVZ is container-based virtualization for Linux. OpenVZ creates multiple secure, isolated containers (otherwise known as VEs or VPSs) on a single physical server.
Vzctl is the primary OpenVZ container management tool, has for some reason made it into the stable branch of the OpenVZ repository without being fully tested.
Version
3.0.25-1
Impact
If you have this version (3.0.25-1) installed, your containers may have access to the full amount of host memory and tun/tap will not function within the container.
Patch
OpenVZ not yet provided a full patch for this issue.
How temporary to fix this issue?
The bug is not in SolusVM, but the standard OpenVZ tools. Use the instructions below to downgrade vzctl if you have version 3.0.25-1 installed.
Check the version of vzctl you have installed:
rpm -qa | grep vzctl
Remove version 3.0.25-1:
yum remove vzctl vzctl-lib
Download and install version 3.0.24-1:
For a 64bit host:
cd /tmp wget http://download.openvz.org/utils/vzctl/3.0.24/vzctl-3.0.24-1.x86_64.rpm wget http://download.openvz.org/utils/vzctl/3.0.24/vzctl-lib-3.0.24-1.x86_64.rpm rpm -ihv vzctl-3.0.24-1.x86_64.rpm vzctl-lib-3.0.24-1.x86_64.rpm
For a 32bit host:
cd /tmp wget http://download.openvz.org/utils/vzctl/3.0.24/vzctl-3.0.24-1.i386.rpm wget http://download.openvz.org/utils/vzctl/3.0.24/vzctl-lib-3.0.24-1.i386.rpm rpm -ihv vzctl-3.0.24-1i386.rpm vzctl-lib-3.0.24-1.i386.rpm
If you have the memory issue with any vps you will need to reboot the vps to set the correct memory.
Tips
Also if you don’t want vzctl to be upgraded automatically with the yum update command do the following :
edit /etc/yum.conf
vi /etc/yum.conf
add the following line in [main] section:
exclude=vzctl*
do this temporarily until a new fixed vzctl will be released
References:
- http://wiki.solusvm.com/index.php/OpenVZ_Bugs
- http://www.wjunction.com/showthread.php?p=587573
