# Define the kmod package name here. %define kmod_name lve # Do not sign module by default %bcond_with modsign %if %{?rhel} >= 9 %{!?kepoch: %define kepoch 0} %else %{!?kepoch: %define kepoch 1} %endif %if %{?rhel} == 9 %{!?kmod_kernel_version: %define kmod_kernel_version 5.14.0-427.13.1.el9_4} %endif %if "%{?dist}" == ".el8h" %{!?kmod_kernel_version: %define kmod_kernel_version 5.14.0-427.13.1.el8h} %endif %if %{?rhel} == 8 %{!?kmod_kernel_version: %define kmod_kernel_version 4.18.0-513.5.1.lve.el8} %endif %if "%{?dist}" == ".el7h" %{!?kmod_kernel_version: %define kmod_kernel_version 4.18.0-513.5.1.lve.el7h} %endif %if %{?rhel} == 7 %{!?kmod_kernel_version: %define kmod_kernel_version 3.10.0-962.3.2.lve1.5.63.el7} %endif %if "%{?dist}" == ".el7h" || %{?rhel} >= 8 %define kdot "+" %else %define kdot "." %endif Name: %{kmod_name}-kmod Epoch: %{kepoch} Version: 2.1 Release: 31%{?dist} Group: System Environment/Kernel License: GPLv2 Summary: %{kmod_name} kernel module(s) URL: https://cloudlinux.com/ Source0: %{name}-%{version}.tar.bz2 Source1: kmodtool-lve Source2: kmod.pre ExclusiveArch: i686 x86_64 Conflicts: cagefs < 7.4.12-1 %if %{?rhel} >= 9 Requires: kmod >= 1:28-7%{?dist}.cloudlinux.1 %endif %if %{?rhel} >= 8 Requires: tuned-profiles-cloudlinux >= 0.2-5 %endif %if %{?rhel} == 8 Requires: kmod >= 2:25-19%{?dist}.cloudlinux.2 %endif %if "%{?dist}" == ".el7h" Requires: kmod >= 2:25-19%{?dist}.cloudlinux.2 %endif %global kernel_source() %{_usrsrc}/kernels/%{kmod_kernel_version}%{kdot}%{_arch} BuildRequires: autoconf automake git BuildRequires: perl redhat-rpm-config %if %{?rhel} > 7 BuildRequires: kernel-rpm-macros %endif BuildRequires: kernel BuildRequires: kernel-devel = %{epoch}:%{kmod_kernel_version} BuildRequires: kernel-debug-devel = %{epoch}:%{kmod_kernel_version} %if %{with modsign} BuildRequires: cl-modsign %endif %if "%{?dist}" == ".el7h" BuildRequires: devtoolset-8, devtoolset-8-toolchain %else %if "%{?dist}" == ".el6h" || %{?rhel} == 7 # want to build a debug kernel package BuildRequires: devtoolset-7, devtoolset-7-toolchain %endif %endif %kernel_module_package -s %{SOURCE1} -p %{SOURCE2} -n %{kmod_name} %kernel_module_package -s %{SOURCE1} -p %{SOURCE2} -n %{kmod_name} debug %description CloudLinux Lightweight Virtual Environment (LVE) kernel module. %prep %if "%{?dist}" == ".el7h" source scl_source enable llvm-toolset-10.0 || : source scl_source enable devtoolset-8 || : %endif %setup -q -n %{name}-%{version} sed -i "s/@SWV@/%{version}/" src/mod_info.h.in sed -i "s/@GIT@/%{release}/" src/mod_info.h.in ./autogen.sh set -- * mkdir base_build debug_build cp -a "$@" base_build cp -a "$@" debug_build pushd base_build ./configure --with-kernel=%{_usrsrc}/kernels/%{kernel_version} popd > /dev/null pushd debug_build ./configure --with-kernel=%{_usrsrc}/kernels/%{kernel_version}%{kdot}debug popd > /dev/null %build mkdir base debug %if "%{?dist}" == ".el7h" source scl_source enable llvm-toolset-7 || : source scl_source enable devtoolset-8 || : %endif pushd base_build/src >/dev/null %{__make} popd %if %{?rhel} == 7 #debug build want a kasan with new gcc source scl_source enable devtoolset-7 || : %endif pushd debug_build/src %{__make} popd >/dev/null %install export INSTALL_MOD_PATH=$RPM_BUILD_ROOT export INSTALL_MOD_DIR=extra/%{kmod_name}-%{version}-%{release} pushd base_build/src %{__make} install popd pushd debug_build/src %{__make} install popd find $RPM_BUILD_ROOT -name 'modules*' -exec rm -f {} \; %clean %{__rm} -rf %{buildroot} %changelog * Thu Jun 13 2024 Rostyslav Tulchii - 2.1-31 - CLKRN-1589: perform enter/exit protection based on the pid value of the locked task * Thu May 30 2024 Rostyslav Tulchii - 2.1-30 - CLKRN-1580: read total_*_anon memory to account total resseller usage correctly * Thu May 16 2024 Rostyslav Tulchii - 2.1-29 - CLKRN-1574: rebuild kmodlve with Alma key for CL9 * Fri May 10 2024 Rostyslav Tulchii - 2.1-28 - CLKRN-1559: check if the ptr is invalid in lve_do_renameat2_trace hook - CLKRN-1566: improved restrictions on accessing another mnt ns * Thu May 02 2024 Rostyslav Tulchii - 2.1-27 - CLKRN-1523: increase kernel build version for CL9.4 * Wed Apr 17 2024 Rostyslav Tulchii - 2.1-26 - CLKRN-1546: always block cgroup move in a multithreaded app - CLKRN-1547: stringify more lve_enter flags - CLKRN-1541: do not kill unkillable tasks from de_thread() - CLKRN-1542: do not allow to interrupt lve_unlink() - CLKRN-1457: fixed XFS_QMOPT_FORCE_RES for cl9 kernels * Fri Mar 22 2024 Rostyslav Tulchii - 2.1-25 - CLKRN-1516: tag list handling for Ubuntu * Wed Mar 20 2024 Rostyslav Tulchii - 2.1-24 - CLKRN-1488: rework security_* hooks - CLOS-2484: suppress the warning for nonexistent 90-cloudlinux.conf in the script * Tue Jan 30 2024 cloudlinuxui - 2.1-23 - KCARE-14154: New AlmaLinux 9 kernel: 5.14.0-362.18.1.el9_3 * Mon Dec 25 2023 Rostyslav Tulchii - 2.1-22 - CLKRN-1455: change kernel (cl9) building version for 5.14.0-362.13.1.el9_3 - CLKRN-1203: switch back to using rh_reserved for tag links - CLKRN-1439: reduce warnings from external cgroup moves * Thu Nov 16 2023 Rostyslav Tulchii - 2.1-21 - CLKRN-1411: use monotonic clock for iolimits * Thu Nov 09 2023 Rostyslav Tulchii - 2.1-20 - CLKRN-1414: updated spec for CL9.3 * Thu Nov 09 2023 Rostyslav Tulchii - 2.1-19 - KMODLVE-600: iolimits events support for CL8/9 - KMODLVE-601: tag get/put events support - CLKRN-1406: revert some changes related to prod_net_disable2 - made the behaviour obliged - CLKRN-1355: symlink owner protection fixes for CL9 - CLKRN-1399: improved fs.protected_symlinks_create option to close the SecureLink creating vulnerability * Mon Oct 23 2023 Rostyslav Tulchii - 2.1-18 - CLKRN-1371: fixed kernel.proc_disable_net & introduced kernel.proc_disable_net2 - CLKRN-1386: adapt kmodlve building with FEAT_LINK_PROT == 0 * Wed Jul 05 2023 Rostyslav Tulchii - 2.1-17 - CLKRN-1210: make new page cache accounting default for new installations - CLKRN-1089: do not account page cache memory in lve stats output * Thu Jun 15 2023 Anton Mikaiev - 2.1-16 - CLKRN-1176: added patch to fix ttypushback vulnerability - CLKRN-1195: bumped kernel version for building (cl8) for debug kernel compatibility - CLKRN-1093: allow freezable sleep in kmodlve * Wed May 10 2023 Linar Nadeev - 2.1-15 - CLKRN-1181: New Alma 9 kernel: -5.14.0-284.11.1.el9_2 - KMODLVE-594: Prepare kmod-lve for kernel 9.2 build - KMODLVE-596: fix cgroup stat parsing * Tue Mar 28 2023 Rostyslav Tulchii - 2.1-14 - CLKRN-1153: bump cl9 kernel version for module building - KMODLVE-587: enable access to ipv4 and ipv6 entries - KMODLVE-588: always update ppos in defaults_next * Mon Jan 09 2023 Rostyslav Tulchii - 2.1-13 - KMODLVE-584: adapt symlink-protection for CL9 * Tue Jan 03 2023 Rostyslav Tulchii - 2.1-12 - KB-253: added new dependency to kmod * Wed Dec 28 2022 Rostyslav Tulchii - 2.1-11 - KMODLVE-579: filemon fixes for CL9 - KMODLVE-582: user_ptrace should not be hooked in CL7 * Wed Dec 28 2022 Rostyslav Tulchii - 2.1-10 - KMODLVE-579: filemon fixes for CL9 - KMODLVE-578: added dependency to tuned-profiles-cloudlinux that brings needed kernel params - KMODLVE-580: fixed redundant obsoletes for cl9 - KMODLVE-581: added kmod dependency for cl9 - KMODLVE-566: do not allow lve creation during lvp_destroy - CLKRN-1092: fix build for CL7 * Tue Dec 20 2022 Rostyslav Tulchii - 2.1-9 - KMODLVE-577: added forgotten lseek handlers to not crash kmodlve on CL9 - KMODLVE-567: connect the ovz mark out event to the kmodlve callback * Wed Dec 14 2022 Rostyslav Tulchii - 2.1-8 - KMODLVE-576: writeback hook support for 9.1 kernels * Tue Nov 29 2022 Rostyslav Tulchii - 2.1-7 - KB-239: bump build kernel version for cl9 to 9.1 - KB-239: fixed pde_data naming (cl9.1) * Wed Nov 23 2022 Rostyslav Tulchii - 2.1-6 - KRNTSTNG-235: added the dependency for the new kmod with weak-updates fix - KB-232: bump a kernel version for kmodlve building - KMODLVE-558: fixed race between dc events flushing tasks - KMODLVE-564: fixed a replica of the nameidata structure - KMODLVE-526: lve_setuid_enter trace event * Tue Sep 27 2022 Denis Kirjanov - 2.1-5 - KMODLVE-550 Cannot resolve search_binary_handler - KMODLVE-538: CL9 iolimits support - KMODLVE-521 cl9 support - CLKRN-1016: prioritize lve creates - KRNTSTNG-243: enable coverage for CONFIG_GCOV_KERNEL kernels - Revert "KRNTSTNG-235: Add override command for kmodlve into depmod config." - KRNTSTNG-235: Add override command for kmodlve into depmod config. * Wed Jun 01 2022 Denis Kirjanov - 2.1-4 - KMODLVE-591: user_ptrace checks should account CAP_SYS_PTRACE * Thu May 5 2022 Anatoly Stepanov - 2.1-3 - KMODLVE-515: add missing path_put in lve_namespace_set_root - KMODLVE-516: network-manager has no access to mtu - KMODLVE-512: get rid of "may_detach_mount" mode - CLKRN-957: don't touch an empty new parent path to avoid crashes - KMODLVE-510: fixed datacycle UNLINK event for 5.4.0 kernel * Tue Mar 29 2022 Denis Kirjanov - 2.1-2 - KMODLVE-483: fix compilation error for Ubuntu - KMODLVE-508: replace immutable cgroups with rmdir hooks - KMODLVE-483: fix compilation error under CL7 - KMODLVE-483: fix compilation error under CL8 - KMODLVE-483: fix issues in symlink move protection - KMODLVE-484: new symlink create protection implementation - KMODLVE-483: rewrite symlink move protection - KMODLVE-481: rewrite symlink owner check protection - KMODLVE-506: reimplement iolimits latency for CL8 * Tue Feb 15 2022 Denis Kirjanov - 2.1-1 - KMODLVE-500: improve lve_get_pid_info logging - KMODLVE-492 usrc: fix wrong line size. - KMODLVE-488 dkms: fix dkms warnings - KMODLVE-491 fix license for the kmod - KMODLVE-490 build: fix cagefs-lve deps - KMODLVE-489 build: fix macro include. - KMODLVE-487: wrong pmem fault counter for CL8 - KMODLVE-342: net_stat should have a header - KMODLVE-452 build: fix deps for 7h - KMODLVE-452: changed .el8 with %{?dist} for 7h - KMODLVE-482: edit the rpm spec - KMODLVE-482 build: fix dependes - KMODLVE-444 fix liblve build * Thu Dec 16 2021 Denis Kirjanov - 2.1 - KMODLVE-445 replace a lsm with hooks - KMODLVE-470: don't restrict root process from traversing symlinks - KMODLVE-446 add dkms port. - KMODLVE-444 pylve with python3.9 - KMODLVE-444 fix gcc-9 errors - KMODLVE-447 prepare for debian build - KMODLVE-444: build fixes - KMODLVE-444: unify symlink protection implementation macros - KMODLVE-444: fix compilation error in symlink code for CL8 - KMODLVE-469: a typo in configure.ac - KMODLVE-444 configure checks - KMODLVE-444: a typo in configure.ac - KMODLVE-444 feature defines - KMODLVE-462: linux/kdebug.h is needed for register_die_notifer() - KMODLVE-444 get rid RHEL6 code - KMODLVE-444 force_sig replacement - KMODLVE-444 rework recursive check - KMODLVE-444 build fixes - KMODLVE-444 out openvz configure - KMODLVE-461: register usage cleanup - KMODLVE-460: unused label removal - CLKRN-859: added CAP_SYS_ADMIN capability allowing ptrace children * Mon Dec 13 2021 Denis Kirjanov - 2.0-40 - KMODLVE-463: tc does not work properly with class major 0x0 - KMODLVE-478: add missing LVE_API_* directives into setuid feature - CLKRN-859: added CAP_SYS_ADMIN capability allowing ptrace children * Thu Nov 22 2021 Denis Kirjanov - 2.0-39 - KMODLVE-470: don't restrict root process from traversing symlinks - KMODLVE-461: register usage cleanup - KMODLVE-460: unused label removal - CLKRN-859: added CAP_SYS_ADMIN capability allowing ptrace children - KMODLVE-478: add missing LVE_API_* directives into setuid feature * Thu Oct 14 2021 Denis Kirjanov - 2.0-38 - KMODLVE-456: user_ptrace and user_ptrace_self sysctls for CL8/7h * Thu Sep 16 2021 Denis Kirjanov - 2.0-37 - KMODLVE-448: don't load the module if there's no CONFIG_SECURITY_PATH defined - KMODLVE-450: datacycle cannot flush ids > 65535 - CLKRN-821: datacycle path names should be mangled * Mon Aug 02 2021 Denis Kirjanov - 2.0-36 - CLKRN-803: fixed searching for modules to avoid broken weak-modules links * Thu Jul 29 2021 Denis Kirjanov - 2.0-35 - Bump version (build with 4.10.0-305.10.2.2) * Wed Jul 21 2021 Denis Kirjanov - 2.0-34 - KMODLVE-434: avoid using audit-reusename in symlink path lookup * Wed Jun 23 2021 Denis Kirjanov - 2.0-33 - KMODLVE-424: fix incorrect IO throttling accounting for CL7 - KMODLVE-431: whitelist nf_conntrack_max - KMODLVE-430: add missing LVE_API_ENTER/EXIT directives - KMODLVE-417: fine-grained options for lve_enter * Mon Jun 14 2021 Rostyslav Tulchii - 2.0-32 - KB-141: release module for 8.4 * Fri Jun 11 2021 Denis Kirjanov - 2.0-31 - KMODLVE-429: added depenency to lve package (must be >= 2.0-2) - KMODLVE-416: build fixes for 8.4 - KMODLVE-421: incorrect db_governor/sql start order - Revert "CLKRN-736: fix kmod-qa 0102-procfs_protection on CL7h/8" - CLKRN-758: allow access to /proc//fd/* symlinks - KMODLVE-413: do not lock parent dir i_mutex/i_rwsem twice - KMODLVE-340 reapply 8.2 install fixes * Wed Mar 31 2021 Denis Kirjanov - 2.0-30 - KB-115: build 2.0-30 - KMODLVE-407: release path after symlink lookup for CL7 lsm - CLKRN-741: adapt datacycle fsnotify hook on unlink/rmdir events to 8.2 - KMODLVE-399: move exec handler to the new hook infra - CLKRN-736: fix kmod-qa 0102-procfs_protection on CL7h/8 - KMODLVE-410: properly handle lve_leave_pid() errors * Tue Mar 30 2021 Denis Kirjanov - 2.0-29 - KMODLVE-405: a false fault injection is triggered due to a typo * Wed Mar 24 2021 Denis Kirjanov - 2.0-28 - KMODLVE-402 lvp0 destroy wait - KMODLVE-403: allow lve to be cleaned up on error - KMODLVE-401: setup buildsys-pre-build to delete liblve sources during kmod-lve building - KB-115 fix cl7h install - KMODLVE-393: lve_enter fault injection points for testing - CLKRN-697: datacycle does not provide polling - KMODLVE-400: fix symlink option bug * Tue Mar 09 2021 Denis Kirjanov - 2.0-27 - KMODLVE-393: lve cgroup rmdir fails with -EBUSY - KMODLVE-398: don't use ref-style in RCU-lookup - KMODLVE-395: fix module searching during lve service restart - KMODLVE-392: wrong assignment in get_avenrun handler * Thu Feb 25 2021 Denis Kirjanov - 2.0-26 - KMODLVE-392 fix load avg calculation for userland. - KMODLVE-394: resolve AB-BA deadlock between __set_page_dirty() and lve_io_account() - KMODLVE-392: loadavg for root should be fully accounted * Mon Feb 08 2021 Denis Kirjanov - 2.0-25 - KMODLVE-375 simplify an lvp default unlink - KMODLVE-389 fix debug output - KMODLVE-379 out of bound access - KMODLVE-384: reduce memory consumption by lve procfs - KMODLVE-382: fix for permissions of /proc//task//io file * Wed Jan 13 2021 Denis Kirjanov - 2.0-24 - KMODLVE-380: enable sleep in hooks and avoid calling the hooked func - KMODLVE-385: prevent jump out of the container's root via procfs symlinks - KMODLVE-383: do not cpu-starve in __lve_init - CLKRN-659: fix procfs access - KMODLVE-377: use module_mutex when resolving names - KMODLVE-374: remove trace_printk() calls - KMODLVE-353: lve_enter_pid_flags() API call - KMODLVE-373: do not kill unkillable threads in lve_enter * Wed Nov 11 2020 Denis Kirjanov - 2.0-23 - KMODLVE-370: lvp creating problem on kmodlve 2.0 - KMODLVE-367: Investigate issue with unavailability to create LVE - KMODLVE-363: whitelist the task_sched_stat - KMODLVE-363: make task_sched_stat global, add missing removal code - CLKRN-640: enable procfs code only for CL8 * Mon Nov 02 2020 Vladislav Fomin - 2.0-22 - KMODLVE-330: BUG: sleeping function called from invalid context - KMODLVE-355: Fix ftrace hooks cleanup path - KMODLVE-358: CL6h 1.5-39 loading module problem - KMODLVE-361: disable BUG_ON(1) in LVE removal code - KMODLVE-348: limit warnings output - CLKRN-635: implement an ability to hide /proc/net{tcp,udp,unix} - CLKRN-640: add "modules" to the proc whitelist - KMODLVE-354: disallow to disable 'ftrace_enabled' parameter - KMODLVE-363: add ability to account CPU/IO throttling time - KMODLVE-366: check link_body properly * Wed Sep 09 2020 Vladislav Fomin - 2.0-21 - KMODLVE-343: reimplement port limit - KMODLVE-339: build cleanup of export - KMODLVE-339: add missing net.o - KMODLVE-349: do iolimit check in an atomic way * Mon Aug 10 2020 Denis Kirjanov - 2.0-18 - KMODLVE-344: generic packet mark - CLKRN-619: fix kmodlve srcversion printing - KMODLVE-345: prevent "readlink" if symlink is protected - KMODLVE-346: iolock vs pagelock deadlock in CL7h/8 - KMODLVE-339: fix wrong ifdefs for lve sysctl calls - KMODLVE-339 cl7: fix cl7 (openvz7) based for master - CLKRN-595: added scripts for processing kernel logs (for sentry) and updating srcversion - KMODLVE-340 build: fix build with cl8.2 * Mon Jul 06 2020 Denis Kirjanov - 2.0-17 - KMODLVE-331: reset link depth and total limit before lookup a path - KMODLVE-327: /proc/lve/defaults crashes without .stop handler - KMODLVE-334: properly truncate events output - KMODLVE-335: a debug patch to get more context info on error - KMODLVE-336: avoid scheduling under radix tree preload - KMODLVE-337: limit maximum link count to avoid kernel stack overflow - KMODLVE-296: readonly part of the datacycle patch - KB-75: build kmodlve debuginfo packages - CLKRN-595: added printing kmodlve srcversion on oops - KMODLVE-328: make filemon compatible with RHEL 8.2 * Thu May 21 2020 Anatoly Stepanov - 2.0-16 KMODLVE-322: resolve credentials issue when entering a cgorup * Fri Apr 24 2020 Vladislav Fomin - 2.0-15 - CLKRN-559: /proc/diskstats not readable for super_gid - CLKRN-575: fix false-negative cases in symlink protection - KMODLVE-256: rework an reseller init / destroy to avoid LA spikes after CageFS remount - KMODLVE-264: avoid potentially panic with procfs access in reseller destroy case * Wed Feb 12 2020 Vladislav Fomin - 2.0-14 - KB-67: lve updating issue * Mon Feb 3 2020 Vladislav Fomin d - 2.0-13 - KMODLVE-307: check security_path_symlink symbol in runtime * Mon Jan 20 2020 Vladislav Fomin d - 2.0-12 - KMODLVE-302: lvp proc init order - KMODLVE-299: process only links w/relative path - KMODLVE-298: make io stats available for reading on CL8 - KMODLVE-286: tighten locking logic - KMODLVE-283: CL7 fixes to make work - KMODLVE-269: don't access to error pointerd * Mon Dec 23 2019 Vladislav Fomin - 2.0-11 - KMODLVE-288: always init lve ns from lve service * Thu Dec 5 2019 Vladislav Fomin - 2.0-10 - KMODLVE-291: save new loadavg values for the newer 7h kernels - KMODLVE-47: fix panic - KMODLVE-47: cl7 build fix * Wed Dec 4 2019 Vladislav Fomin - 2.0-9 - KMODLVE-47: add ability to namespace setup based on script executing - KMODLVE-292: preserve task's original umask when entering LVE - KMODLVE-281: task bound symlink protection * Thu Nov 21 2019 Vladislav Fomin - 2.0-8 - KMODLVE-291: loadavg support for the newer 7h kernels * Thu Nov 14 2019 Vladislav Fomin - 2.0-7 - KMODLVE-286: safer locking for switch tags - KMODLVE-284: lsm proc_can_see_other_uid behavior wrong - KMODLVE-280: loadavg for EL8 kernels - KMODLVE-266: scheduling under rwlock - KMODLVE-277: don't print error if cannot lower the physmem limit - KMODLVE-274" right order to destoy slabs - KMODLVE-278: adopt task migration debug for EL8 - KMODLVE-279: move xfs and ext4 softdeps to common code - KMODLVE-214: Update copyright info - KMODLVE-268: improve message for race - KMODLVE-255: additional debugging for lve integrity - CLKRN-479: careful cgroups removal for CL7 - CLKRN-402: Mark lve_ub as NULL, if we can't create UBC - CLKRN-402: put KMEM-related code under ifdef - CLKRN-535: consider file descriptor dup case * Tue Sep 3 2019 Vladislav Fomin - 2.0-6 - KMODLVE-272: return missing inode_rmdir LSM hook - KMODLVE-274: lve_struct slab should be destroyed when ready * Mon Sep 2 2019 Vladislav Fomin - 2.0-5 - KMODLVE-257: get the base path mnt from nameidata - KMODLVE-182: failcnt accounting for el8 - KMODLVE-272 don't use security_path if possible * Fri Aug 16 2019 Denis Kirjanov - 2.0-4 - KMODLVE-271: lookup kmodlve in weak-updates dir * Wed Aug 14 2019 Denis Kirjanov - 2.0-3 - KMODLVE-167: filechange API, part 3 - KMODLVE-247 procfs access fix - KMODLVE-0000 uapi cleanup - KMODLVE-263: create vs destroy race - KMODLVE-167: filechange API, part 4 - KMODLVE-259: do not spam with killer fault messages - KMODLVE-205: protect LVE cgroups from external removal - KMODLVE-257: use current mount ns root during symlink target lookup * Fri Jun 14 2019 Vladislav Fomin - 2.0-2 - KMODLVE-247: enable symlink owner check by default - KMODLVE-252: replace filename_lookup with exported variant * Thu Jun 6 2019 Vladislav Fomin - 2.0-1 - KMODLVE-250: reload sysctl settings upon module start