[RHEL7,COMMIT] ve/bridge: handle netlink messages AF_BRIDGE / RTM_[GSD]ETLINK sent from inside a Container

Submitted by Konstantin Khorenko on Feb. 28, 2020, 10:05 a.m.

Details

Message ID 202002281005.01SA5Tfi029973@finist-ce7.sw.ru
State New
Series "enable running Kubernetes inside a Container"
Headers show

Commit Message

Konstantin Khorenko Feb. 28, 2020, 10:05 a.m.
The commit is pushed to "branch-rh7-3.10.0-1062.12.1.vz7.131.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1062.12.1.vz7.131.5
------>
commit 469c61c3a7c8e9a04684f7281b20dfadf26b0f5e
Author: Konstantin Khorenko <khorenko@virtuozzo.com>
Date:   Fri Feb 28 13:05:29 2020 +0300

    ve/bridge: handle netlink messages AF_BRIDGE / RTM_[GSD]ETLINK sent from inside a Container
    
    Weave network pluging for Kubernetes configures bridge via netlink,
    so need to allow appropriate netlink messages if sent inside a
    Container.
    
    https://jira.sw.ru/browse/PSBM-92107
    
    Signed-off-by: Konstantin Khorenko <khorenko@virtuozzo.com>
---
 kernel/ve/ve.c | 3 +++
 1 file changed, 3 insertions(+)

Patch hide | download patch | download mbox

diff --git a/kernel/ve/ve.c b/kernel/ve/ve.c
index f3970e8ef0f6a..b423a96766794 100644
--- a/kernel/ve/ve.c
+++ b/kernel/ve/ve.c
@@ -221,6 +221,9 @@  int vz_security_family_check(struct net *net, int family, int type)
 				case RTM_NEWNEIGH:
 				case RTM_DELNEIGH:
 				case RTM_GETNEIGH:
+				case RTM_GETLINK:
+				case RTM_DELLINK:
+				case RTM_SETLINK:
 					return 0;
 			}
 	default: