Hello, Sergey!
Another assumption: if you use vzctl-4.7.x and have NETFILTER [1]
parameter set to "stateless" in container's config file then try to
change it to "full".
Best regards,
Nikolay.
[1]
https://github.com/kolyshkin/vzctl/commit/9b8afa654945acc6d3bd782f622aaf9c54e4e87b
On 05/14/
Bonjour Sergey,
HOST: /etc/vz/vz.conf, could be your IPTABLES definition Wrong??
IPTABLES="ipt_state ipt_conntrack ipt_LOG ipt_REJECT ipt_tos ipt_limit
ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss
ipt_ttl ipt_length"
Quoting Sergey Ivanov :
Hi,
I need help with openvz s
Hi,
I need help with openvz setup.
Here is the problem. In VE I have:
---
# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport
We are receiving a lot of inquiries as to what is the status of OpenVZ
kernel
with respect to CVE-2014-0196. This email summarizes our knowledge as of
now.
1. RHEL5-based OpenVZ kernels (028stabXXX) are not affected.
2. RHEL6-based OpenVZ kernels (042stabXXX) released during last 12 months
are
Greetings,
I've seen some users (in IRC) asking about the status of CVE-2014-0196 in the
RHEL6-based OpenVZ kernel. I believe the bug that is CVE-2014-0196 was added
with 2.6.31-rc4 Linux mainline kernel and since the RHEL6 kernel is based on
2.6.32, it is vulnerable.
Red Hat has a statement
