Beta: cagefs 5.2-1, liblve 1.2-1.4, python-cllib 1-3

This is mostly a bug fix beta release, but it adds one major change. Now .cagefs file in user directories is created under end user ownership. That should solve the issue that some customers had when moving accounts from server to server.

cagefs 5.2-1
  • .cagefs will be created under end-user ownership
  • detect of posgesql socket directory and create symlink if needed
  • cagefsctl: on update, don't follow sysmlinks that go to excluded path
  • do not chmod symlinks, unlink file and create directory instead
  • cPanel: ensure that PHP Selector settings are not lost after transfer of account
  • bugfix: do not create .cagefs directory for disabled users
  • spec: added dependency to python-cllib package
liblve 1.2-1.4

  • Implemented secureio library to prevent possible race conditions
  • .cagefs now owned by user
  • bugfix: correct mounting for directories specified in
  • code clean up in parse_mp function
python-cllib 1-3
  • implemented common library for secureio to be used across different CL projects
To update:

$ yum update cagefs --enablerepo=cloudlinux-updates-testing

Latest CloudLinux 6.4 templates are available from OnApp

CloudLinux 6.4 templates for were updated to latest verion. You can find templates with:
  • CloudLinux + cPanel
  • CloudLinux + DirectAdmin
  • CloudLinux + Plesk

Beta: alt-php update

Several updates for PHP available:

  • PHP 5.5.5
  • PHP 5.4.21
  • Added xcache3 for PHP 5.5
  • Updated Litespeed API to 6.3
  • Updated xcache3 to 3.1.0
  • Updated IonCube Loader to 4.4.4
  • Updated pear-phpunit packages
  • Updated pear-symfony2 to 2.3.6
  • Updated uri_template to 1.0
  • Updated timezonedb to 2013.6
  • Updated ZendOpCache to work with LiteSpeed
  • Build cUrl extension as static
To update:
$ yum groupinstall alt-php --enablerepo=cloudlinux-updates-testing

CloudLinux 5.10 released

New version of CloudLinux 5.10 had been released. The new version puts us in line with RedHat 5.10.
You can update using:

$ yum update

ISO images had been updated as well.

Beta: CL6 and Hybrid kernel 2.6.32-458.18.1.lve1.2.41

This is not our typical beta update. This is major update with lots of changes and bug fixes. We have merged some of the work we were doing for the past 6 months, so be careful running it on production servers.

  • new liblve ABI 1.2 was added to separate modules with lve_set_root and without it
  • Use less fine-grained locking to avoid data corruption
  • Add lustre debug log for crashdump. Add pid info into lustre debugs
  • Added lve_set_fail_val API
  • 32-bit ioctl support for 64-bit kernels
  • Init LVE on first execution in kthread instead of event
  • Add build id + git hash into modinfo
  • New vfs namespace implementation
  • rework of lve tags code
  • Enter into LVE for specific binaries on exec, managed using /proc/lve/enter (experimental)
  • Allow setting user limits by uid>0 threads which are not in LVE (experimental)
  • initial commit to support lve in different openvz containers (not working, for future implementation)
  • bugfix: prevent race condition that would allow to for thread to run indefinitely after LVE had been destroyed
  • bugfix: version tag LVE_0_8 for symbols without versions
  • bugfix: clear rh_reserved on fork()
  • bugfix: Fix panic when accessing kernel API instance before init.
  • bugfix: Fix wrong search in kapi array
  • bugfix: lve_ns_lock might not be initialized when destroing non-initialized lve
  • bugfix: change fail_value type from uint32_t to unsigned long
  • bugfix: 0 instead of NULL in lve_call(lve_init_threads_init,...
  • bugfix: Fail injection checks
  • bugfix: inc refcount for ub0
  • bugfix: change ioctl to unlocked_ioctl(to avoid lock_kernel)
  • bugfix: idle poll test race with do_softirq()

To update CL6 servers:

$ yum install kernel-2.6.32-458.18.1.lve1.2.41.el6 kmod-lve-1.2-43.el6 --enablerepo=cloudlinux-updates-testing

To update Hybrid servers:
$ yum install kernel-2.6.32-458.18.1.lve1.2.41.el5h kmod-lve-1.2-43.el5h --enablerepo=cloudlinux-hybrid-testing

Beta: PHP Selector 5.1 added, 5.5 updated

We have added PHP 5.1 to the choice of PHP versions available with PHP selector.

  • PHP 5.1 added
  • PHP 5.5 update fixed not to remove php55 entry from PHP Selector config file
  • Added sourceguardian extension for PHP 4.4
  • Updated sourceguardian extension to 9.5
  • Updated ioncube-loader extension to 4.4.3
To update:
$ yum groupupdate alt-php --enablerepo=cloudlinux-updates-testing

lve-utils 1.3-12 released

We are releasing new version of lve-utils 1.3-12 to production.
This update relates to CLN downtime last week. Previous version of lve-utils would run a license check every 12 hours on the hour. Due to differences in timezones it was spread around -- but we had big enough concentration of servers in two time zones that would sometimes cause overload of the CLN. That created cascading problem, as servers licensed by IP would try to re-license, which would significantly add to a load problem. The problem snowballed this Tuesday, causing CLN downtime.

While we are adding safety checks and optimizations into CLN, we want to fix the cron job issue in lve-utils.
Now, when cron job is installed, the time to run is randomly selected.
Additionally, we have switched to one check per day instead of two.

  • Randomly select the time to run cloudlinux-cron cronjob
  • Spec file clean up

To update to new version of lve-utils, please, run:
$ yum update lve-utils

beta: mod_suphp 0.7.2

We have prepared mod_suphp 0.7.2 RPM that updates suPHP to latest version.
This is not for cPanel customers (as EasyApache builds suPHP from sources).

This release fixes a security issue that was introduced with the 0.7.0 release. This issue affected the source-highlighting feature and could only be exploited, if the suPHP_PHPPath option was set. In this case local users which could create or edit .htaccess files could possibly execute arbitrary code with the privileges of the user the webserver was running as.

This RPM packages two binaries. One compiled with 'paranoid' option, and another one compiled with 'owner' option.
Paranoid version of binary installed by default (as always). That is the version that requires suPHP_ settings in apache vhost configs.

To update, run:
$ yum update mod_suphp --enablerepo=cloudlinux-updates-testing

Beta: mod_fcgid 2.3.9

This is a beta release of mod_fcgid. As we have large number of customers using this module, we wanted to update it to latest version, instead of tracking what is in RHEL repositories. If you are running mod_fcgid from our repo on multiple servers -- please, try it to make sure it doesn't break any of your settings.
While it should be backwards compatible with previous versions, there is a possibility of regression

  • SECURITY: Fix possible heap buffer overwrite CVE-2013-4365 (
  • Add experimental cmake-based build system for Windows.
  • Correctly parse quotation and escaped spaces in FcgidWrapper and the AAA Authenticator/Authorizor/Access directives' command line argument as currently documented.
  • Honor quoted FcgidCmdOptions arguments (notably for InitialEnv assignments).
  • Conform script response parsing with mod_cgid and ensure no response body is sent when ap_meets_conditions() determines that request conditions are met.
  • Improve logging in access control hook functions.
  • Avoid making internal sub-requests and processing Location headers when in FCGI_AUTHORIZER mode, as the auth hook functions already treat Location headers returned by scripts as an error sinc redirections are not meaningful in this mode.
To update:
$ yum update mod_fcgid --enablerepo=cloudlinux-updates-testing

Beta: cagefs 5.1-7

New beta version of CageFS is available. It introduces few minor fixes.

  • proxyexecd service: call 'killall -s 9 proxyexec' when 'killproc proxyexec' failed
  • cPanel: add logic for detect EasyApache dir
  • Plesk: exclude horde_sysuser from CageFS

To update:
$ yum update cagefs --enablerepo=cloudlinux-updates-testing

beta: lve-utils 1.3-12

One of the causes for CLN downtime this week was release of lve-utils 1.3 on October 1st. That release introduced a license check that would run via cron job every 12 hours. The way it was implemented - it would run every 12 hours on the hour. So we had significant spike on the hour, every hour. Due to differences in timezones it was spread around -- but we had big enough concentration of servers in two time zones that would sometimes cause overload of the CLN. That in case created cascading problem, as servers licensed by IP would try to re-license, which would significantly add to a load problem. The problem snowballed this Tuesday, causing CLN downtime.
While we are adding safety checks and optimizations into CLN, we want to also fix this cron job issue in lve-utils.
Now, when cron job is installed, the time to run is randomly selected. We also switched to one check per day instead of to.

  • Randomly select the time to run cloudlinux-cron cronjob
  • Spec file clean up
To update to new version of lve-utils, please, run:
$ yum update lve-utils --enablerepo=cloudlinux-updates-testing

We are experiencing issues with CLN

We are currently experiencing issues with our CLN network. You might not be able to register/remove servers, and have sporadic issues with yum.
We are working to fix the issue.

Update: 9:07PM EST, Oct 8, 2013

CLN functionality should be restored for wast majority of people. You should see no issues with yum or adding / removing servers.
if you continue to have issues with yum and you are licensed via IP license (no activation key), please do following:

$ /usr/sbin/rhn_check
If there is no output --> that means that is unrelated issue/your system is checking in. Submit a ticket to support if you need help with it.
If you do get an error, run:
$ /usr/sbin/clnreg_ks --force

If that doesn't help, please contact our support with following information:
Server access details
Server IP for which license was issued
Error messages you are getting
You can submit tickets at

bsock update to 0.09-4

Tonight we have released update for bsock module, that is needed by CageFS to execute applications by proxy. This is used for things like sendmail, some formmail scripts, and when accessing URL.
There was a bug in that release that caused proxyexecd not to restart.
Just now we have released a fix for that version - bsock-0.09-4.

  • proxyexec.c: added PWD environment variable
  • bsock.spec: update bsock in cagefs-skeleton and restart proxyexecd service in posttrans
  • bsock.spec: fix dependencies
To update to that version, please run:
$ yum clean metadata --enablerepo=cloudlinux-updates-testing --disableplugin=rhnplugin; yum update bsock bsock-libs --enablerepo=cloudlinux-updates-testing --disableplugin=rhnplugin

beta: lve-stats 0.10-12

New beta version of lve-stats is available. This version optimizes statistics collection in centralized MySQL database.

  • Added separate compacting for each server for the master algorithm to prevent execution of one long transaction which can be killed by the MySQL
To update:
$ yum update lve-stats --enablerepo=cloudlinux-updates-testing

Beta: CL6 and Hybrid Kernel 2.6.32-458.18.1.lve1.2.40.el6

New beta kernel is available. It is a rebase to upstream kernel 042stab082.3 that fixes several NFS, scheduler and file system related bugs.

To update CL6 servers
$ yum install kernel-2.6.32-458.18.1.lve1.2.40.el6 kmod-lve-1.2-42.el6 --enablerepo=cloudlinux-updates-testing

To update Hybrid servers
$ yum install kernel-2.6.32-458.18.1.lve1.2.40.el5h kmod-lve-1.2-42.el5h --enablerepo=cloudlinux-hybrid-testing

CloudLinux Images for AWS updated to 6.4

CloudLinux images for AWS were updated. Three images are available available at this moment:
  • CloudLinux 6.4 minimal
  • CloudLinux 6.4 with cPanel
  • CloudLinux 6.4 with Plesk
cPanel and Plesk images include CageFS, PHP Selector and MySQL Governor pre-configured.

You can find images here:

lvemanager update - version 0.7-1.26

New version of lvemanager 0.7-1.26 fixes the issue with cl-quota cronjob.

  • Fixed batch quota processing
  • Optimized generation of inode quota usage file
To update:
$ yum update lvemanager

Updates for lvemanager, lve-utils and lve-stats

The new production version of lvemanager brings inode limits and license checking.

lvemanager 0.7-1.23
  • inode limits
  • [cPanel] bugfix: correctly display user limits
  • [ISPmanager] bugfix: correctly define minlevel
  • [ISPmanager] bugfix: change file permissions for plugin files
  • [cPanel] Added inodes quota support
  • [cPanel] Added CloudLinux license check
  • [cPanel] Added set-user, delete-user actions for JSON interface
lveutils 1.3-2
  • cldetect --get-admin-email: prints control panel admin email
  • cldetect --update-license: updates license information
  • cldetect --check-license: check license information
  • cldetect --update-new-key: updates license with a new activation key
  • Added license check in a cron job
  • Added check for liblve init
  • bugfix: jsonhandler returns error in non-json format on kernel check
  • Added cron job for processing inodes limits
  • Implemented lvectl set-user, list-user, delete-user
  • Removed processcpaneluserspackages and lveutils-cpanel-cron
  • Moved processpaneluserspackages and lveutils-panel-cron
  • detect HostingNG platform
  • [ISPmanager] bugfix: added missing command line argument --list-packages for gitispuserspackages
lve-stats 0.10-11
  • lvechart: memory usage restricted to 500MB
  • lvechart: polyline data moved to temp files
  • bugfix: correctly parse lvestats & lvestats.readonly
  • lvechart: added BSD::Resource module presence check
To update:

$yum update lveutils lvemanager lve-stats

Beta: PHP 5.4 and 5.5 update for PHP Selector

We have updated PHP 5.4 and 5.5 for PHP Selector (alt-php).

  • PHP 5.4.20
  • PHP 5.5.4
  • added php-mysql modules for MySQL-5.6
  • updated PEAR Symfony2 to 2.3.4
  • updated mongo to 1.4.4
  • updated eio to 1.2.3
To update:

$ yum groupupdate alt-php --enablerepo=cloudlinux-updates-testing

Beta: Updates for lvemanager, lve-utils and lve-stats

This is a new round of beta to fix few more bugs that were detected or introduced in the last beta version

lvemanager 0.7-1.23

  • bugfix: inodes - correctly handle case when no inodes data is not available for user
  • performance optimization for inodes processing
  • cPanel bugfix: correctly display user limits
  • ISPmanager bugfix: correctly define minlevel
  • ISPmanager bugfix: change file permissions for plugin files
lveutils 1.3-9
  • ISPmanager bugfix: added missing command line argument --list-packages for gitispuserspackages
lve-stats 0.10-11
  • lvechart: memory usage restriction raised to 500 MB
  • lvechart: added BSD::Resource module presence check

To update:
$ yum update lvemanager lve-stats lve-utils --enablerepo=cloudlinux-updates-testing

MySQL 5.5 for MySQL Governor Issue Follow Up

As many of you might be aware, we have released MySQL 5.5 update that broke mysqli compatibility for many customers. Here I want to explain what happens, and the steps we are planning to take to prevent such things from happening in the future.

Sequence of events:
  • A new patch was applied to MySQL 5.5 that fixed backward compatibility with libmysqlclient16 library experienced by one customer
  • The patch was tested on customer's server
  • MySQL was pushed into MySQL Governor repositories
  • It was automatically downloaded and installed by yum update or upcp running on customer's server
  • The update caused compatibility issues with mysqli php extension, resulting in multiple websites being down
  • Within 30 minutes of us understanding what happened, we have removed new MySQL from repository and provided advisory on how to fix the issue. Yet, significant number of customers had updated by that time.
Here are is what we consider to have caused the problem for so many systems:

  • MySQL package should have gone through beta process first. We consider MySQL governor to be a beta overall, and we beta test most software we release. Beta testing requires administrators to manually install the update version of software. It limits the number of systems where updates are executed, and makes sure that administrator knows what caused the issue. It allows admins with multiple systems to test new software on one or two servers, before it is unleashed on all their servers.
  • Incomplete testing was done on MySQL package. Developer decided that given how small patch is, full testing is not required
  • No announcement went out about the change.
Here is what we plan to do to address the identified issues:

  • We will split MySQL governor repositories into beta and stable repositories
  • Beta repository will be disabled by default. Stable repository will be enabled
  • All new versions of MySQL packages will go into beta repositories, and to update to beta version, user would have to run: --update-mysql-beta
  • Such beta releases will be announced via our blog and mailing list
  • Once we are confident in a new version -- we will move it to stable
  • This process will continue once MySQL Governor will be moved to stable channel itself
  • We will create automated tests for building php using EasyApache that will run on each build
  • We will create php page that will try to use new MySQL build using mysqli and make it part of automated testing
  • All versions of alt-php will be tested using this page as well against new MySQL build.
The ETA for repository changes is 2 weeks
The ETA for full cycle automated testing is 6 week.

I would like to welcome any feedback and recommendations regarding the issue and the approach we are taking to prevent such issues from happening again.

CL6 and Hybrid kernel 2.6.32-458.18.1.lve1.2.39 moved to production

New kernel for CL6 and hybrid servers has been moved to production channels. It features rebase to latest upstream kernel.


To update CL6 and hybrid serves:
$ yum update kernel kmod-lve

Beta: MySQL 5.5 and 5.6 update for MySQL governor

Recent update of MySQL 5.5 and 5.6 has broken mysqli php library for quite a number of our customers.
We quickly removed the update, and provides steps to roll back. Yet, it did cause downtime for a number of our customers.
In the past two days we repackages MySQL and made sure it works correctly -- so now it is again safe to install MySQL Governor and update MySQL software.

Installation instructions are available here:

At this moment we are doing review of our processes related to MySQL governor software. By the end of this week we are planning to provide you with a complete explanation of what happened, and what kind of processes we are adding in place to prevent such issues in the future.

Beta: MySQL Governor 1.0-29

New version of MySQL governor had been added. This is a major update that brings some new features that should improve MySQL Governor significantly. Among changes:
  • Two different modes of operations - always running MySQL queries inside user's LVE and running MySQL queries inside user's LVE only when restricted. More info...
  • Ability to kill off slow queries
  • db user to linux user map file
  • MySQL 5.6 support

  • MySQL 5.6 support
  • Slow query logging
  • Slow query killing
  • (bugfix) dbctl list segfault
  • (bugfix) governor crash when processling large number of queries
  • Added abuser and all restrict modes
  • on restrict mode has been deprecated, single should be used instead
  • Rewrote parts of MySQL Governor to act as MySQL/MariaDB plugin
  • Improved error message when governor stopped
  • added delay on start for dbtop
  • (bugfix) dbtop - prevent garbage being outputed
  • Automatically generate dbuser-map for cPanel
  • Added wget requirement for db governor package.
  • (bugfix) MySQL Governor + Plesk installation

To install:
$ yum install governor-mysql --enablerepo=cloudlinux-updates-testing
$ /usr/share/lve/dbgovernor/ --install

To upgrade:
$ yum update governor-mysql --enablerepo=cloudlinux-updates-testing
$ /usr/share/lve/dbgovernor/ --install (for making dbuser-map file)

Beta: CageFS, LVEManager, lve-stats, lve-utils and liblve updated

We have prepared quite a number of improvements across the board. Most of them are bug fixes or functionality improvements needed to make things work 'right'.

Change Log:
CageFS 5.1-6
  • bugfix: added locking, and unbuffering for crontab script inside cagefs
  • bugfix: Plesk - support for php.ini for subdomains/additional domains
  • per user virtual mount points
  • added cagefsctl command line option to create virtual mount points
  • bugfix: added dependency on tmpwatch
  • bugfix: don't process users in exclude list in all cases
  • bugfix: on update check directory permissions and copy them if needed
  • optimize processing of directories on update - don't check twice
  • create wrapper for proxy.command even if file is not in conf.d
  • all error messages are sent to stderr
  • cagefs.server logging now includes user and command info
lvemanager 0.7-19
  • bugfix: ISPmanager - Fixed html display
  • cl-quota: support for multiple home directories
  • cl-quota: code rewrite
  • cl-quota cron jobs moved from lve-utils to lvemanager package
lve-utils 1.3-8
  • bugfix: don't calculate the length of CP name if CP wasn't detected
  • detect HostingNG platform
  • remove cl-quota cron jobs
lve-stats 0.10-10
  • lvechart: memory usage restricted to 100MB
  • lvechart: polyline data moved to temp files
  • bugfix: correctly parse lvestats & lvestats.readonly
liblve 1.2-0.9
  • support for virtual mount points
To update:
$ yum update cagefs lvemanager --enablerepo=cloudlinux-updates-testing

Pages: Prev. | 1 | ... | 4 | 5 | 6 | 7 | 8 | ... | 21 | Next