[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#903603: ssh upgrade breaks in some openvz container

On Sun, Jul 22, 2018 at 11:40:40AM +0100, Colin Watson wrote:
> Do you know of a good support/bug contact for OpenVZ?  I'm not familiar
> with it at all, and I think we need some idea of what the problem is
> there before we even have a clue about what a reasonable workaround in
> OpenSSH might be.  (Disabling the sandbox doesn't count as reasonable
> here, at least not long-term.)  Have you asked the hosting provider if
> they know what might be going on, or if they have an upstream they could
> ask?  Presumably somebody maintains this kernel.

I grabbed the kernel source in question from
https://wiki.openvz.org/Download/kernel/rhel6/042stab127.2 (there are a
few newer versions, but it's apparently fairly recent and none of the
newer ones mention anything about resource limits).  I can't see
anything in the implementation of setrlimit that could plausibly make it
return EINVAL here, unless, I don't know, there's some silent type
mismatch or something.  What architecture is the container?

I think you do need to ask OpenVZ people about this first, though.  I'm
not closing this bug since obviously it's bad for sshd's sandbox to stop
working, but we need somebody who knows the OpenVZ kernel to tell us
what a decent workaround might be (and maybe it's just a straight-up
OpenVZ kernel bug and doesn't require a change in OpenSSH at all).

-- 
Colin Watson                                       [cjwatson@debian.org]
Reply to: