Details
-
Type:
Bug
-
Status: Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Fix Version/s: Vz7.0-Update14
-
Component/s: Containers::Kernel
-
Security Level: Public
-
Environment:3.10.0-1062.4.2.vz7.116.7
-
External issue URL:
Description
>Description of problem:
There was a resolved bugOVZ-6600 but the problem is still here, description:
Long ago there was a bug in OpenVZ bugzilla (OVZ-5192) where we decided to allow host to view connections of all Containers on the node.
Containers were still be able to see only their own connections.
During rebase to RHEL7 the check has been mistakenly put under ifdef NETNS_REFCNT_DEBUG which is not used/set => as far i understand any Container was able to see connections of all Containers on the node.
>Steps to Reproduce:
1. run "netstat -n" on host
>Actual results: Only shows connections to host
>Expected results: Show connections to host and guests
>Host OS: 3.10.0-1062.4.2.vz7.116.7
>Guest OS: Any
There was a resolved bug
Long ago there was a bug in OpenVZ bugzilla (
Containers were still be able to see only their own connections.
During rebase to RHEL7 the check has been mistakenly put under ifdef NETNS_REFCNT_DEBUG which is not used/set => as far i understand any Container was able to see connections of all Containers on the node.
>Steps to Reproduce:
1. run "netstat -n" on host
>Actual results: Only shows connections to host
>Expected results: Show connections to host and guests
>Host OS: 3.10.0-1062.4.2.vz7.116.7
>Guest OS: Any
