The commit is pushed to "branch-rh7-3.10.0-327.18.2.vz7.14.x-ovz" and will
appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-327.18.2.vz7.14.5
------>
commit a8ef72a3c2ea4be45efd3acff5dca260097d7d2b
Author: Cyrill Gorcunov <gorcu...@virtuozzo.com>
Date: Mon May 23 12:30:53 2016 +0400
ve/kmod: Allow netfilter conntrack inside VE
Netfilter conntrack module is used during checkpoint (which
is done on node) so the modules get autoloaded but in case
of migration the restore starts inside veX so we need to allow
the conntrack to be requested from ve context. Thus add them
into whitelist.
Initially missed them in ebc70d73717f592c89ad992f77587d9e118bbee6.
https://jira.sw.ru/browse/PSBM-47359
CC: Vladimir Davydov <vdavy...@virtuozzo.com>
CC: Konstantin Khorenko <khore...@virtuozzo.com>
CC: Andrey Vagin <ava...@openvz.org>
CC: Pavel Emelyanov <xe...@virtuozzo.com>
Signed-off-by: Cyrill Gorcunov <gorcu...@virtuozzo.com>
---
kernel/kmod.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/kernel/kmod.c b/kernel/kmod.c
index be5fbbf..14879c5 100644
--- a/kernel/kmod.c
+++ b/kernel/kmod.c
@@ -392,6 +392,8 @@ static const char * const ve0_allowed_mod[] = {
/* nfnetlink */
"net-pf-16-proto-12", /* PF_NETLINK, NETLINK_NETFILTER */
+ "nfnetlink-subsys-1", /* NFNL_SUBSYS_CTNETLINK */
+ "nfnetlink-subsys-2", /* NFNL_SUBSYS_CTNETLINK_EXP */
/* unix_diag */
"net-pf-16-proto-4-type-1", /* PF_NETLINK, NETLINK_SOCK_DIAG,
AF_LOCAL */
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel
