On Fri, Nov 27, 2009 at 02:47:34PM +0000, Scott Dowdle wrote: > I just noticed this: > > http://www.openwall.com/Owl/ > > I haven't used Openwall myself but I'm guessing someone from Openwall might > be on this mailing list. If so, please introduce yourself.
Well, yes, someone else from Openwall forwarded your message to me, so I have joined specifically to provide an "authoritative" response to you. I am leading the project. If you'd like a more complete introduction, you can check out my bio here - http://openwall.info/wiki/people/solar/bio > What kernel version/branch are you guys using? We use the "rhel5" branch. As Thorsten has correctly pointed out (thanks!), our snapshots released on November 23 use 128.2.1.el5.028stab064.8 with some additional changes by us. OpenVZ's 164.2.1.el5.028stab066.7 was not yet released on the 23rd, so we could not use it yet (although we knew it was about to be released). Speaking of the "additional changes by us", they include some ports of RHEL security fixes beyond 128.2.1 (July), effectively up to 128.7.1 (August), some more security fixes (that did not get into Red Hat's 128.7.1 yet), as well as non-security stuff such as the default size of tmpfs fix/change that is now also implemented in 028stab066.7. Our changes also include stuff that was neither pulled from anywhere nor accepted by any of the upstreams yet - this includes a change to allow us to run klogd as non-root, a change to allow for booting off degraded software RAID even when the RAID device is configured on the kernel's command-line, and reversal of Red Hat's change of default for panic_on_oops (after a brief discussion with them regarding their rationale). Overall, our patch is tiny - just a few simple but important changes. So, in a sense (especially as it relates to security fixes), the kernel on our 11/23 ISOs is half way from 128.2.1.el5.028stab064.8 to 164.2.1.el5.028stab066.7. Indeed, we're planning on updating to 164.2.1.el5.028stab066.7 (again with additional changes), likely in December. The 11/23 ISO snapshots are the very first ones including OpenVZ integration, so we focused on reaching this major milestone and moving forward rather than on making sure we include all relevant patches into the kernel right away (which would result in us duplicating the effort of OpenVZ folks on their 028stab066 release, which they were working on at the time). I hope this response helps, and I hope I did not make it too detailed. ;-) Some additional links: The 11/23 announcement: http://www.openwall.com/lists/announce/2009/11/23/1 Getting started with Owl's OpenVZ support: http://openwall.info/wiki/Owl/usage-examples/OpenVZ/getting-started (probably too basic for this list's members, although our support of containers even while CD/DVD-booted could be of use for demonstrating or trying out OpenVZ features) Some recent Q & A about Owl and the kernel in Russian: http://www.opennet.ru/opennews/art.shtml?num=24395 (unfortunately, Google translates the above page incorrectly, in some cases reversing the meaning, so I only recommend it for those who can read Russian natively) Thank you for your interest in our stuff. We'd appreciate feedback. Alexander _______________________________________________ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
