Bug#655385: [squeeze openvz] "Cannot allocate memory" when doing "cat /proc/self/mountinfo" inside a vm
On Jun 28, 2012, at 7:18 , Ola Lundqvist wrote:
> I do not know if there is much point in that. We can do that of course
> but as we soon have a new release without those kernels I do not
> really see the benefit of doing so.
As long as the Debian Squeeze kernels are actively maintained serious regressions and/or security issues within OpenVZ should be addressed as well. I don't care about small functionality issues since most of the OpenVZ users are accustomed to them by now, but if something breaks this needs to be addressed.
If you don't do this, please drop the kernels altogether so that people can build an alternate repository and don't get led into the false assumption that Debian is taking care of them. The half-assed approach you propose is hurting more than it helps.
Rationale:
* The bug can lead to easy denial of service attacks from unprivileged users within containers
* The (unverified?) fix for this bug is a 4 line diff.
* Wheezy Puppet includes code that reads /proc/self/mountinfo causing puppet-managed Wheezy containers on Squeeze OpenVZ hosts to exhibit the DoS scenario outlined above.
all the best,
Michael
Reply to: