Netfilter conntrack module is used during checkpoint (which is done on node) so the modules get autoloaded but in case of migration the restore starts inside veX so we need to allow the conntrack to be requested from ve context. Thus add them into whitelist.
Initially missed them in ebc70d73717f592c89ad992f77587d9e118bbee6. https://jira.sw.ru/browse/PSBM-47359 CC: Vladimir Davydov <vdavy...@virtuozzo.com> CC: Konstantin Khorenko <khore...@virtuozzo.com> CC: Andrey Vagin <ava...@openvz.org> CC: Pavel Emelyanov <xe...@virtuozzo.com> Signed-off-by: Cyrill Gorcunov <gorcu...@virtuozzo.com> --- kernel/kmod.c | 2 ++ 1 file changed, 2 insertions(+) Index: linux-pcs7.git/kernel/kmod.c =================================================================== --- linux-pcs7.git.orig/kernel/kmod.c +++ linux-pcs7.git/kernel/kmod.c @@ -392,6 +392,8 @@ static const char * const ve0_allowed_mo /* nfnetlink */ "net-pf-16-proto-12", /* PF_NETLINK, NETLINK_NETFILTER */ + "nfnetlink-subsys-1", /* NFNL_SUBSYS_CTNETLINK */ + "nfnetlink-subsys-2", /* NFNL_SUBSYS_CTNETLINK_EXP */ /* unix_diag */ "net-pf-16-proto-4-type-1", /* PF_NETLINK, NETLINK_SOCK_DIAG, AF_LOCAL */ _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel
