Synopsis: A new Parallels Virtuozzo Containers for Linux 4.7 kernel update addressing security, performance, and stability issues. Product: Parallels Virtuozzo Containers for Linux 4.7 Keywords: 'bugfix' 'stability' 'security'
This document provides information on the new Parallels Virtuozzo Containers for Linux 4.7 kernel, version 2.6.32-042stab088.4.
1. About This Update
2. Update Description
3. Obtaining the New Kernel
1. ABOUT THIS UPDATE
The current update for the Parallels Virtuozzo Containers for Linux 4.7 kernel provides a new kernel based on the Red Hat Enterprise Linux 6.5 kernel (2.6.32-431.11.2.el6). The updated kernel includes a number of security, performance, and stability fixes.
2. UPDATE DESCRIPTION
This update includes the following fixes and improvements:
- Configuring native (mainstream) bridges could cause a Hardware Node crash. (OVZ# 2924, PSBM-25830)
Note: This issue does not affect Parallels bridged networks used with Containers and Virtual Machines in Parallels Cloud Server 6.0, Parallels Server Bare Metal 5.0 and Parallels Virtuozzo Containers 4.7 for Linux.
- Simultaneous mounting and unmounting of ploop images could lead to a situation when a ploop device was marked as busy while not being used by any of the mounted images. This could cause some Container operations to fail, including backup, migration, and new Containers creation. (PSBM-25102)
- The checkpointing code responsible for restoring shared pending signals was fixed. Restoring a Container many times in a row can no longer lead to restore failures caused by errors in checkpointing. (PSBM-25828)
- Incorrect error handling of the ploop deltas merge operation could lead to the inability to mount and use ploop images until the Hardware Node reboots. This could happen, for example, when the ploop snapshot could not be removed due to a disk I/O error. (PSBM-25252)
- Online resize of a ploop with non-standard blocks per group setting of the internal ext4 filesystem could lead to a kernel panic. (PSBM-24924, OVZ# 2911)
- A kernel crash could occur in devpts_pty_kill() if a directory entry allocation failed while opening the ptmx device. (PSBM-25317)
- Support for nested network namespaces has been added. (PSBM-24124) Note: Nested network namespaces are supported in the host operating system only, Containers cannot have nested network namespaces.
- netfilter kernel modules can now automatically be loaded on the Hardware Node in case they are requested inside a Container. This feature eliminates possible online migration failures in case the destination Node does not have the netfilter modules used inside the migrated Container loaded in RAM. (PSBM-23615)
- Netlink sockets used for communication between the kernel and user space are not accounted for Containers anymore. (PCLIN-32387)
- Under certain circumstances, online migration of a Container with alive but not bound UNIX sockets could lead to a kernel panic. (PSBM-25115)
- Container's network interfaces statistics can no longer be damaged during online migration. (PSBM-22876)
3. OBTAINING THE NEW KERNEL
You can download and install this kernel update using the vzup2date utility included in the Parallels Virtuozzo Containers for Linux 4.7 distribution set.
Copyright (c) 1999-2014 Parallels IP Holdings GmbH and its affiliates. All rights reserved.