Quoting Tim Gardner ([email protected]): > On 06/01/2011 12:57 PM, Serge Hallyn wrote: > >Hi, > > > >vsftpd spawns a network namespace in response to each client connection. > >Lucid kernel is slow to release network namespaces, which results, in > >bug 720095, in an easy remote DOS. The maverick kernel has a fix for > >this, but it is hard to cherrypick. > > > >The bug was resolved by compiling the lucid kernel without > >CONFIG_NET_NS. I'm emailing to ask that we reconsider that solution. > > > >Turning off CONFIG_NET_NS prevents libvirt from creating all containers > >(lxc:///), and prevents lxc from creating most useful containers, > >resulting in bug 790863. There is the workaround of installing the > >backported kernel, but I don't believe that will satiate users who > >really want LTS stability. For those users, we are effectively telling > >them that they cannot use containers until 12/04. > > > > What is wrong with suggesting the use of LTS backported kernels? The > UDS decision to support these kernels until the next LTS should > provide the same level of stability. We (the kernel team) are very
I guess that depends on how LTS customers feel about "potential of regressions, but supported" versus "the only updates will be security updates." I hadn't realized that the LTS backported kernsl are supported. I thought it was less formal than that. I'll leave it sit here, then. Thanks again. -serge -- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
