Hi All, guess you are aware of recent security vulnerability CVE-2019-5736: potential breakage of container isolation via symlinks to /proc/self/exe.
https://virtuozzosupport.force.com/s/article/000017636 We've built full vzkernel for OpenVZ users: https://download.openvz.org/virtuozzo/factory/x86_64/os/Packages/v/vzkernel-3.10.0-862.20.2.vz7.73.27.x86_64.rpm The kernel is based on stable kernel released as a part of Virtuozzo Infrastructure Platform product: https://www.virtuozzo.com/products/virtuozzo-infrastructure-platform.html http://repo.virtuozzo.com/vz-platform/releases/2.5/x86_64/os/Packages/v/ + includes fixes provided via ReadyKernel for this kernel up to now: https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-73.24-72.0-1.vl7/ The kernel is based on stable kernel and passed basic validation. -- Best regards, Konstantin Khorenko, Virtuozzo Linux Kernel Team _______________________________________________ Users mailing list Users@openvz.org https://lists.openvz.org/mailman/listinfo/users
