Release 1.1.7-1/1.1.6-1 includes the following changes:
Overview
This release includes the latest Centos kernel and bug fixes for CloakFS, iothrottled, and cpud's new parameters. Shorly after releasing 1.1.6-1, a memory leak causing severe load spikes was discovered. We removed the release the same day and resolved the issue. The memory leak bug was caused by our code refactoring efforts in cloakfs to support kernels 3.12 or greater.
CloakFS
- 1.1.7-1 memory leak fix. The leak caused severe load spikes.
- New features: (These were available in the 1.1.5-1 release)
- Hide system processes like root, nobody, mysql, etc. (default set to on)
- Hide any directory or file from any user. We include scripts to hide /etc/passwd, /etc/named.conf, and /var/log, but you can use custom scripts with our parameter to hide any other directory or file. (default set to off)
- Block users from running root suid programs. (default set to off)
- To enable features disabled by default, follow the steps found here: Enable New CloakFS Features
- Bug fix for resellers that own several hundred resellers. This improves lookup rule process speeds.
- Bug fix for /etc/passwd cloaking to uncloak all application uids (make visible to the user). Faster etc_passwd_handler script.
blstat
- 1.1.7-1 Fixed several bugs that were causing inaccuracies in the data reporting.
Kernel
Latest CentOS 6.5 Kernel: 2.6.32-431.11.2.el6
MySQL
Added MySQL versions 5.5.37 and 5.6.17
CPUD
- 1.1.7-1 bug fix for cpud not restarting and getting stuck in D state.
- Added new parameters for suspending cpu throttling when memory is low. This feature is helpful when cpud is throttling a lot of memory consuming program threads like MySQL. In this scenario, it's better to suspend cpu throttling and wait for some of the memory to free up before turning cpu throttling back on. The free_mem_jail_off/on _threshold memory parameters suspend cpu throttling when both memory page cache drops below the specified "off" values and then resumes jailing when both are above the "on" values. The specified values are in megabytes.
Example: free_mem_jail_off_threshold memory=768 cache=768 free_mem_jail_on_threshold memory=1536 cache=1536
Add these parameters to /etc/betterlinux/cpud.conf.d/cpanel.conf or betterlinux.conf and restart cpud: (commenting them out will turn them off)
service cpud restart
IOTHROTTLED
Fixed a memory leak.
cPanel Configs
No changes.
Upgrading BetterLinux:
Run this:
yum --disableexcludes=all upgrade betterlinux\*
Then run this to regenerate configuration files: (Warning: This overwrites existing configuration files. Move any changes you want to keep to a custom .conf file.)
/etc/betterlinux/cpanel/bl-cphooks --init
Then reboot your system.
Changelog for BetterLinux Release 1.1.7-1/1.1.6-1
CPUD and CLOAKFS:
commit 8801332855dfd7098bad456e5cf7e099a9f6f2f1 Author: Fred Clift Date: Mon Apr 28 10:13:13 2014 -0600
new per-user caching of more complicated passwd files for cloak_file
commit 18525a5c68ae65ad005da814e5d3d1e3d877e1fc Author: Andrea Righi Date: Fri Apr 25 15:54:39 2014 +0200
disable "jailing off when memory is critically low" by default Signed-off-by: Andrea Righi
commit e4dca3adacbc30abcd076ea7756a41aaa15db446 Author: Fred Clift Date: Thu Apr 24 17:31:27 2014 -0600
add reseller passwd file entries for passwd handler
commit 27b632f9611055b499e37afb8c8a83e39c4df9f1 Author: Fred Clift Date: Wed Apr 23 11:27:23 2014 -0600
more specific regex for self-entry in passwd file
commit 4b9652d2cd259fd7d70e761fcd92409789d7e808 Author: Fred Clift Date: Tue Apr 22 16:02:23 2014 -0600
new improved passwd file handler script with helper
commit 0d429f8fbd27d472daefd64851d4077da14119c2 Author: David Date: Mon Apr 7 11:28:57 2014 -0600
Use fork/exec instead of popen() in bl_cloak.
commit 9c36d67608e5772c2d45273304689981bbc34ddb Author: David Date: Wed Apr 2 15:57:52 2014 -0600
Change free_mem_jail_off_threshold and free_mem_jail_on_threshold config options to use free memory and used cache values instead of free memory and free swap. Examples: free_mem_jail_off_threshold memory=768 cache=768 free_mem_jail_on_threshold memory=1536 cache=1536 When free memory and used cache both fall below the free_mem_jail_off_threshold values then jailed is turned off. It remains offuntil one or the other goes above the free_mem_jail_on_threshold values.
commit 14007975cd2852d0590348ca216a32aa8484973c Author: David Date: Wed Apr 2 13:50:12 2014 -0600
Use fork/exec instead of popen() in bl_cloak.
commit 75040cf09e4fe1b2ce2236e226f77a36337aff2f Author: David Date: Mon Mar 31 10:50:26 2014 -0600
Remove references to cgroup-uid module.
commit 8beb30c563b6626d6c34774d760e3af2b10c2742 Author: David Date: Fri Mar 28 14:22:16 2014 -0600
Print a warning when encountering deprecated config options.
commit 551301187fd150a300fdca9a386e113dfd3d2a5c Author: David Date: Wed Mar 26 13:55:31 2014 -0600
Add "require_both" option to "free_mem_jail_off_threshold" and "free_mem_jail_off_threshold_pct" config command.
commit 722c431281dbacffd7e0c44148ae94357ea5eed2 Author: David Date: Tue Mar 25 15:59:06 2014 -0600
Fix bug in low memoyr jailing on/off code.
commit 0aea2fcac37a4083ab4354bafad87279cc1d5c79 Author: David Date: Tue Mar 25 15:36:01 2014 -0600
Add free_mem_jail_off_threshold_pct and free_mem_jail_on_threshold_pct tunables.
commit 1a35946366dd97e94b468347b9df6825e6b1418e Author: David Date: Mon Mar 24 15:09:55 2014 -0600
Fix jail reduction/expansion failure log messages to indicate correctly the number of cores.
commit 759508e992dcd15366a4f4d3feeebed9b85f667c Author: David Date: Mon Mar 24 13:30:31 2014 -0600
syntax changes to free_mem_jail_on_threshold and free_mem_jail_off_threshold.
commit 6eb8cac2d4c0f5fda877755264ec68cd96d65e87 Author: David Date: Fri Mar 21 15:51:46 2014 -0600
Change syntax of free_mem_jail_off_threshold and free_mem_jail_on_threshold.
IOTHROTTLED:
commit 0fdcaf48dfcfb3620daac6e707dcdfe7ab5538ca Author: Andrea Righi Date: Thu Apr 3 22:57:40 2014 +0200
fix format string build warning Signed-off-by: Andrea Righi
commit 1ea25ecefb83e2bcd5f93abbfe91a11a14de6116 Author: Andrea Righi Date: Thu Apr 3 18:40:19 2014 +0200
fix: correctly attach non-throttled PIDs to the root cgroup Correctly attach PIDs to the root cgroup when they are not assigned to any cgroup. Signed-off-by: Andrea Righi
CPANEL CONFIGS:
No changes
KERNEL:
commit e2e55e5905c2c0ebd9a8049d7afcf1acb987a364 Author: Andrea Righi Date: Thu May 1 08:57:26 2014 -0600
cloakfs: fix a bug that prevents root from seeing /proc subdirectories Signed-off-by: Andrea Righi
commit e6c19fb46bc5c810e9190a734cfaa8803e15e298 Author: Andrea Righi Date: Wed Apr 30 15:05:30 2014 -0600
kernel 3.12: apply cloakfs-v17 Add a cache to speed up cloak_list_loookup() even more. Signed-off-by: Andrea Righi
commit 3a3e3532eeb30eb011f67430050f3550c6001dc3 Author: Jerry James Date: Tue Apr 29 17:04:19 2014 -0600
Port our patches to the RHEL 7 beta kernel. Changes to the dedicated and userblame modules were also necessary to support this new kernel, due to changes in the way IPv6 addresses are handled. Signed-off-by: Jerry James
commit 1f1557d7aa43ea242f5e50ed85dd105e9dd0c02a Author: Andrea Righi Date: Tue Apr 29 14:33:05 2014 -0600
centos6-2.6.32-279.22.1.el6: apply cloakfs-v17 Add a cache to speed up cloak_list_loookup() even more. Signed-off-by: Andrea Righi
commit ec63648e7ff249483ac83374a7664440eb4f3741 Author: Andrea Righi Date: Tue Apr 29 10:20:37 2014 -0600
cloakfs: fix: use the right pid_group notifier callback function address Signed-off-by: Andrea Righi
commit 9d492fa5d0df4cbefbd31419f94cc9824636a2d7 Author: Andrea Righi Date: Mon Apr 28 17:20:58 2014 -0600
klibgrp: export register/unregister_pid_group_notifier Export register/unregister_pid_group_notifier to use them from other modules. Signed-off-by: Andrea Righi
commit 2436360ff8c32248d8465aa018e1f1c167e4af0d Author: Andrea Righi Date: Mon Apr 28 17:11:36 2014 -0600
cloakfs: fix undeclared variable bug Signed-off-by: Andrea Righi
commit 55816fc1ffe42e33e55d145fcea42210dbe28616 Author: Jerry James Date: Mon Apr 28 17:01:14 2014 -0600
Cloakfs module: really, really, really fix the build bug. Really. Signed-off-by: Jerry James
commit ce075d4b08a6cdc9cc975e012a0ab937198b6fbf Author: Andrea Righi Date: Mon Apr 28 16:37:57 2014 -0600
cloakfs: fix a build bug introduced with e1d3366 Signed-off-by: Andrea Righi
commit 38946afb5f782170be9b7531ef5fd2fb7f1a71fb Author: Andrea Righi Date: Mon Apr 28 15:39:09 2014 -0600
fix build bugs introduced with e1d336 Signed-off-by: Andrea Righi
commit e1d3366ef6fcf531e74a1e1f65f0283b437e15d5 Author: Andrea Righi Date: Mon Apr 28 15:01:02 2014 -0600
centos6-2.6.32-431.11.2.el6: apply cloakfs-v17 Add a cache to speed up cloak_list_loookup() even more.
Signed-off-by: Andrea Righi
commit e7b82350a14144cc35d59b467ca34824554d5be9 Author: Andrea Righi Date: Mon Apr 28 14:46:31 2014 -0600
klibgrp: pid_group notifier Add a feature that allows to detect when groups configuration changes. Other components can register a callback that will be executed every time a new group is added or removed. This is mostly used to invalidate/refresh caches inside other klibgrp-dependant components. Signed-off-by: Andrea Righi
commit 71693243d693c87f50acd9ad6e41bdf39efb0bce Author: Jerry James Date: Mon Apr 28 11:45:38 2014 -0600
Update the 3.4, 3.10, and 3.12 patch sets to the latest versions of those kernels, requiring minor patch adjustments. Signed-off-by: Jerry James
commit aa79320ff2dc4d0e79d228f1ffc4e590c625206d Author: Jerry James Date: Mon Apr 28 11:45:00 2014 -0600
Port cloakfs-v16.patch to the Debian kernel patch set.
Signed-off-by: Jerry James
commit 8e63be19883176d687abd993dac8d5b5533e843f Author: Andrea Righi Date: Mon Apr 28 07:54:52 2014 -0600
kernel 3.4: apply cloakfs-v16 Improve performance of cloak_list_lookup() and cloak_list_lookup_file(). Signed-off-by: Andrea Righi
commit 6c97332ef791e17160e913e6f9f0c85abace34f6 Author: Andrea Righi Date: Mon Apr 28 07:44:26 2014 -0600
kernel 3.12: apply cloakfs-v16 Improve performance of cloak_list_lookup() and cloak_list_lookup_file(). Signed-off-by: Andrea Righi
commit b5bfff9a5a2948db6e03a3dd28ee6c20ee15aae5 Author: Jerry James Date: Fri Apr 25 11:11:29 2014 -0600
Cloakfs module: more CONFIG_COMPAT fixes.
Signed-off-by: Jerry James
commit b6188e88bb70110c18d1b19883784a29db81562c Author: Andrea Righi Date: Fri Apr 25 19:08:45 2014 +0200
centos6-2.6.32-279.22.1.el6: apply cloakfs-v16 Improve performance of cloak_list_lookup() and cloak_list_lookup_file().
Signed-off-by: Andrea Righi
commit 7d61322cbab7eccaf5418734ed5ab042241a9e8a Author: Andrea Righi Date: Fri Apr 25 19:02:10 2014 +0200
centos6-2.6.32-358.23.2.el6: apply cloakfs-v16 Improve performance of cloak_list_lookup() and cloak_list_lookup_file(). Signed-off-by: Andrea Righi
commit 038394ab27817d110a2ce1c26385deef619b2641 Author: Jerry James Date: Fri Apr 25 10:30:11 2014 -0600
Cloakfs module: move the CONFIG_COMPAT handling from cloakfs_gpl.c to cloakfs.h to fix a build failure on 32-bit systems.
Signed-off-by: Jerry James
commit 37762ed8876c4fdf479e5f457be7c8cf405a59ed Author: Andrea Righi Date: Thu Apr 24 20:18:07 2014 +0200
centos6-2.6.32-431.11.2.el6: fix another build bug introduced with 7c4e64f
Signed-off-by: Andrea Righi
commit faaccd8ad62f2ffaf5d147256a506dfaec8b6f88 Author: Andrea Righi Date: Thu Apr 24 20:12:36 2014 +0200
centos6-2.6.32-431.11.2.el6: fix build bug introduced with 7c4e64f
Signed-off-by: Andrea Righi
commit 7c4e64f8fd9eeb35e74248ca02c98429028c4a6d Author: Andrea Righi Date: Thu Apr 24 20:00:04 2014 +0200
kernel centos6-2.6.32-431.11.2.el6: add cloakfs-v16 Improve performance of cloak_list_lookup() and cloak_list_lookup_file(). Signed-off-by: Andrea Righi
commit 1708a9e0e5a85ca268967441577a467dd915113a Author: David Date: Fri Apr 18 11:15:45 2014 -0600
New version of cloakfs patch (cloakfs-v15.patch)>
commit 6afdfbe2ea5633177a1d70e705e49f7e8872ff06 Author: David Date: Thu Apr 17 15:41:31 2014 -0600
New version of cloakfs patch (cloakfs-v15.patch). With improvements to cloakfs rule lookup.
commit bf469748e4a0b526103fa89f6308a79be118072b Author: Andrea Righi Date: Thu Apr 17 19:32:23 2014 +0200
restore 2.6.32 patch set Signed-off-by: Andrea Righi
commit 2b6db748b12b15eeaaf6f628989682a8111d3236 Author: Andrea Righi Date: Thu Apr 17 19:31:15 2014 +0200
cgroup-io-throttle: fix a potential vfs_read() hang issue Signed-off-by: Andrea Righi
commit ab00e6afb87573167e4ea1366e4109dfc734705c Author: Andrea Righi Date: Thu Apr 17 11:09:36 2014 +0200
kernel 3.4: cgroup-io-throttle: fix typo Signed-off-by: Andrea Righi
commit 8c15b71c8d332b5415d48b8568b15f0d3022859d Author: Andrea Righi Date: Wed Apr 16 18:16:51 2014 +0200
klibgrp: bump up version string Signed-off-by: Andrea Righi
commit 243c1327705af0c08e5f90952034e144b7f36531 Author: Andrea Righi Date: Wed Apr 16 15:03:50 2014 +0200
klibgrp: allow to define a custom hash function with bl_hlist hashes Signed-off-by: Andrea Righi
commit d731dff3ea250643d17556e830b7798582a50641 Author: Andrea Righi Date: Wed Apr 16 12:51:59 2014 +0200
klibgrp: speed up grp_from_name() Speed up performance of grp_from_name using a hash list to perform name -> group lookups. Signed-off-by: Andrea Righi
commit 8d58091b1460c7230811aa6d2dfb57d3e55fa3ec Author: Andrea Righi Date: Wed Apr 16 12:14:44 2014 +0200
klibgrp: generalize the hlist module Generalize the hlist implemention to support hash lists of generic items (numbers, strings, pointers, etc.). Signed-off-by: Andrea Righi
commit 1d3bf4dfa25321333ff5efd10439ca9ba653fc5e Author: Andrea Righi Date: Wed Apr 16 12:00:50 2014 +0200
klibgrp: fix a memory leak bug in pid_group Signed-off-by: Andrea Righi
commit 251e1c8be7ab0011760f67f02e70199d5feb08b0 Author: David Date: Tue Apr 15 15:02:01 2014 -0600
Use more data in cloakfs hash, going from 4 to 8 chars.
commit 88bc874728bdacc7ee9f85aec867d0d6be3b44e8 Author: Andrea Righi Date: Wed Apr 9 15:04:26 2014 +0200
kernel 3.x: fix cloak_file redirection Correctly redirect accesses of cloaked files to the target files into the bl_cloak FUSE filesystem. Also rebase all 3.x patches to the latest longerm kernels. Signed-off-by: Andrea Righi
commit 40a186c3fb827b4cfe51995f7137581773a4d820 Author: Andrea Righi Date: Fri Apr 4 14:59:18 2014 +0200
byok/configs: add a .config for 3.2.56 Signed-off-by: Andrea Righi
commit 3e363575c3e322d525fee14866353a5ed373957d Author: Andrea Righi Date: Fri Apr 4 14:57:20 2014 +0200
BYOK: configs: add some new kernels .config Signed-off-by: Andrea Righi
commit 165f8df66df04408ee2415364b99b2fea8cfffef Author: Andrea Righi Date: Fri Apr 4 13:07:27 2014 +0200
drop kernel 2.6.32.61-grsec Signed-off-by: Andrea Righi
commit 320538a5153db1f792b9c333c1b60081f42b3f1b Author: Andrea Righi Date: Fri Apr 4 13:06:32 2014 +0200
cgroup-io-throttle-v6.20: correctly throttle mmap and splice I/O Signed-off-by: Andrea Righi
commit 67f60506172e4c4912dc9b746270c92f8492f256 Author: Andrea Righi Date: Fri Apr 4 01:35:42 2014 +0200
3.12: fix a soft lockup bug in cgroup-io-throttle-v6.20 This bug has been added in hierarcy cgroup iterations while porting the patch to 3.12. Fix by using proper iteration loops. Signed-off-by: Andrea Righi
commit 877befd67f78f5321427b842aad7f9f158ecbb99 Author: Andrea Righi Date: Thu Apr 3 22:32:08 2014 +0200
3.2: update cgroup-io-throttle to v6.20 Push READ throttling up to VFS layer to avoid priority inversion issues. Signed-off-by: Andrea Righi
commit 740e18494e87897d764ed195f76326e46820ad64 Author: Andrea Righi Date: Thu Apr 3 22:52:11 2014 +0200
3.10: update cgroup-io-throttle to v6.20 Push READ throttling up to VFS layer to avoid priority inversion issues. Signed-off-by: Andrea Righi
commit 1627114392f79e36e4487c26dc8561af343412c7 Author: Andrea Righi Date: Thu Apr 3 22:21:58 2014 +0200
3.12: update cgroup-io-throttle to v6.20 Push READ throttling up to VFS layer to avoid priority inversion issues. Signed-off-by: Andrea Righi
commit 02aad65e946d4fbccdc48db817b284af82c158b3 Author: Andrea Righi Date: Thu Apr 3 22:13:50 2014 +0200
3.4: remove old patch cgroup-io-throttle-v6.19 Signed-off-by: Andrea Righi
commit 92f4d70721eba8954722c08a7a43cbd2e5b3cfab Author: Andrea Righi Date: Thu Apr 3 22:01:20 2014 +0200
3.4: update cgroup-io-throttle to v6.20 Push READ throttling up to VFS layer to avoid priority inversion issues. Signed-off-by: Andrea Righi
commit 473967c789b16a46d0c8ae3895f0453bcda58096 Author: Andrea Righi Date: Thu Apr 3 22:09:12 2014 +0200
centos6-2.6.32-431.11.2.el6: fix a build bug Signed-off-by: Andrea Righi
commit 6078ac67f1686554aff911bad36640f97683572a Author: Andrea Righi Date: Thu Apr 3 21:21:02 2014 +0200
centos6-2.6.32-279.22.1.el6: update cgroup-io-throttle to v6.20 Push READ throttling up to VFS layer to avoid priority inversion issues. Signed-off-by: Andrea Righi
commit 5854ed4c69f3c12c87a693acf9887e8ca1844373 Author: Andrea Righi Date: Thu Apr 3 21:12:20 2014 +0200
centos6-2.6.32-358.23.2.el6: update cgroup-io-throttle to v6.20 Push READ throttling up to VFS layer to avoid priority inversion issues. Signed-off-by: Andrea Righi
commit 2bc81ffe5850211a6db489a74e7855fdb74ed725 Author: Andrea Righi Date: Thu Apr 3 20:58:41 2014 +0200
centos6-2.6.32-431.11.2.el6: update cgroup-io-throttle to v6.20 Push READ throttling up to VFS layer to avoid priority inversion issues. Signed-off-by: Andrea Righi
commit 10dd1c3655eadfce30a134f3dbf2a929ffadc0cf Author: Andrea Righi Date: Tue Apr 1 13:22:10 2014 +0200
cloakfs: fix NULL pointer dereference with kernel 3.12 In bl_getdents() we need to use bl_filldir() to fill the bl_getdents_callback buffer, instead of bl_fillonedir, otherwise we may get some NULL pointer dereference bugs. Fix by using the correct filler function. Signed-off-by: Andrea Righi
commit 3f869a760a2e939857b667a0833b50bb52132cf5 Author: Andrea Righi Date: Mon Mar 31 15:48:36 2014 +0200
cloakfs: fix missing include Signed-off-by: Andrea Righi
commit 67bde50e584dc9a7345708c7f1a80f5231afd737 Author: Andrea Righi Date: Fri Mar 28 21:10:17 2014 +0100
cloakfs: code refactoring to support kernels >= 3.12 Signed-off-by: Andrea Righi
commit fa2a1c16535ef7d68b20d6a03a36b5f1c23309c9 Author: Jerry James Date: Fri Mar 28 08:36:34 2014 -0600
Remove CONFIG_CGROUP_UID=y from our configuration additions, now that the cgroup-uid patch is gone. Signed-off-by: Jerry James
commit 485418f8a06f3a78d8da39231d082f4a682884a7 Author: Jerry James Date: Wed Mar 26 08:55:08 2014 -0600
Port our CentOS 6.5 patches to kernel-2.6.32-431.11.2.el6. Signed-off-by: Jerry James
commit 4a6f7ec62be2ca95da577ab40b777b96a59c6f41 Author: Jerry James Date: Fri Mar 21 14:18:15 2014 -0600
Remove the cgroup-uid patch from the CentOS 7 patchset. Signed-off-by: Jerry James
commit abb8a244bffc4deb2e17d2834a7fcb55aa9f490e Author: Jerry James Date: Fri Mar 21 14:15:11 2014 -0600
Update the CentOS 6.4 patchset series file to reflect the removal of the cgroup-uid patch. Signed-off-by: Jerry James <jamesjer@betterlinux.com.
commit 298318d7c5282ef457536b7d9907fef6d8a14fdd Author: Jerry James Date: Fri Mar 21 11:19:59 2014 -0600
Remove the cgroup-uid patch from the 3.2 patch set. Signed-off-by: Jerry James
|