OpenVZ Vzctl 3.0.25-1 Critical Bug

Today we got a notification mail from OpenVZ community and SolusVM developer about several critical bugs of vzctl latest release (3.0.25-1).  A bug has been found that causes a segfault in vzctl. This bug will cause several functions in SolusVM not to work properly.

Descriptions

Solus Virtual Manager (SolusVM) is a powerful GUI based VPS management system with full OpenVZ, Xen Paravirtualization and Xen HVM support. SolusVM allows you and your clients to manage a VPS cluster with security & ease.

OpenVZ is container-based virtualization for Linux. OpenVZ creates multiple secure, isolated containers (otherwise known as VEs or VPSs) on a single physical server.

Vzctl is the primary OpenVZ container management tool, has for some reason made it into the stable branch of the OpenVZ repository without being fully tested.

Version

3.0.25-1

Impact

If you have this version (3.0.25-1) installed, your containers may have access to the full amount of host memory and tun/tap will not function within the container.

Patch

OpenVZ not yet provided a full patch for this issue.

How temporary to fix this issue?

The bug is not in SolusVM, but the standard OpenVZ tools. Use the instructions below to downgrade vzctl if you have version 3.0.25-1 installed.

Check the version of vzctl you have installed:

rpm -qa | grep vzctl

Remove version 3.0.25-1:

yum remove vzctl vzctl-lib

Download and install version 3.0.24-1:

For a 64bit host:

cd /tmp
wget http://download.openvz.org/utils/vzctl/3.0.24/vzctl-3.0.24-1.x86_64.rpm
wget http://download.openvz.org/utils/vzctl/3.0.24/vzctl-lib-3.0.24-1.x86_64.rpm
rpm -ihv vzctl-3.0.24-1.x86_64.rpm vzctl-lib-3.0.24-1.x86_64.rpm

For a 32bit host:

cd /tmp
wget http://download.openvz.org/utils/vzctl/3.0.24/vzctl-3.0.24-1.i386.rpm
wget http://download.openvz.org/utils/vzctl/3.0.24/vzctl-lib-3.0.24-1.i386.rpm
rpm -ihv vzctl-3.0.24-1i386.rpm vzctl-lib-3.0.24-1.i386.rpm

If you have the memory issue with any vps you will need to reboot the vps to set the correct memory.

Tips

Also if you don’t want vzctl to be upgraded automatically with the yum update command do the following :
edit /etc/yum.conf

vi /etc/yum.conf

add the following line in [main] section:

exclude=vzctl*

do this temporarily until a new fixed vzctl will be released

References:

  • http://wiki.solusvm.com/index.php/OpenVZ_Bugs
  • http://www.wjunction.com/showthread.php?p=587573

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>