Package: vzctl Version: 3.0.22-14 Severity: normal Tags: patch Hi,
/etc/init.d/vz currently only checks for the presence of /proc/vz to determine whether it should run or not. However, /proc/vz actually exists inside the containers as well, and as such is not a sufficient check. If /etc/init.d/vz is present inside a container, then its stop action will attempt to unmount the container's root filesystem, failing and in turn killing all processes inside the container (/etc/init.d/vz:453). This also makes it impossible to uninstall the vzctl package from a container without editing the initscript directly. Thus, instead of checking for the presence of /proc/vz, the initscript should (additionally or instead) check for the presence of some VE0-only feature, such as /dev/vzctl or /proc/vz/version. Attached is a patch additionally checking for the presence of /dev/vzctl and calling check_kernel() before stop_ves(). Thanks -- System Information: Debian Release: 5.0.6 APT prefers stable APT policy: (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.26-2-openvz-686 (SMP w/8 CPU cores) Locale: LANG=el_GR.UTF-8, LC_CTYPE=el_GR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages vzctl depends on: ii iproute 20080725-2 networking and traffic control too ii libc6 2.7-18lenny4 GNU C Library: Shared libraries ii vzquota 3.0.11-1 server virtualization solution - q Versions of packages vzctl recommends: ii rsync 3.0.3-2 fast remote file copy program (lik Versions of packages vzctl suggests: pn linux-patch-openvz <none> (no description available) -- no debconf information
--- etc/init.d/vz.orig 2010-09-20 16:37:44.000000000 +0300 +++ etc/init.d/vz 2010-09-20 16:37:52.000000000 +0300 @@ -166,6 +166,9 @@ if ! test -d /proc/vz ; then print_failure "Running kernel is not OpenVZ kernel." exit 1 + elif ! test -c /dev/vzctl ; then + print_failure "Running kernel is OpenVZ, but we are inside a container." + exit 1 fi } @@ -553,6 +556,8 @@ { local mod + check_kernel + if ! lockfile $LOCKFILE; then __echo "OpenVZ is locked" print_failure