| Message ID | 201704260819.v3Q8JeGN001746@finist_cl7.x64_64.work.ct |
|---|---|
| State | New |
| Series | "net/ipvs: allow IPVS in CT" |
| Headers | show
Delivered-To: criupatchwork@gmail.com Received: from gmail-imap.l.google.com [64.233.162.108] by patchwork.criu.org with IMAP (fetchmail-6.3.26) for <root@localhost> (single-drop); Wed, 26 Apr 2017 10:22:59 +0200 (CEST) Received: by 10.100.181.168 with SMTP id r37csp188207pjb; Wed, 26 Apr 2017 01:22:55 -0700 (PDT) X-Received: by 10.99.97.4 with SMTP id v4mr31007054pgb.171.1493194975728; Wed, 26 Apr 2017 01:22:55 -0700 (PDT) Return-Path: <devel-bounces@openvz.org> Received: from mail.openvz.org (mail.openvz.org. [195.214.232.140]) by mx.google.com with ESMTPS id h2si19121272pli.322.2017.04.26.01.22.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 26 Apr 2017 01:22:55 -0700 (PDT) Received-SPF: pass (google.com: domain of devel-bounces@openvz.org designates 195.214.232.140 as permitted sender) client-ip=195.214.232.140; Authentication-Results: mx.google.com; spf=pass (google.com: domain of devel-bounces@openvz.org designates 195.214.232.140 as permitted sender) smtp.mailfrom=devel-bounces@openvz.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=virtuozzo.com Received: from mail.openvz.org (localhost [127.0.0.1]) by mail.openvz.org (8.14.4/8.14.4) with ESMTP id v3Q8KKwA022056; Wed, 26 Apr 2017 01:20:20 -0700 Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01lp0210.outbound.protection.outlook.com [213.199.154.210]) by mail.openvz.org (8.14.4/8.14.4) with ESMTP id v3Q8K2Ye022045 for <devel@openvz.org>; Wed, 26 Apr 2017 01:20:02 -0700 Received: from DB6PR0801CA0044.eurprd08.prod.outlook.com (10.169.219.12) by HE1PR08MB0426.eurprd08.prod.outlook.com (10.161.116.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1047.13; Wed, 26 Apr 2017 08:19:44 +0000 Received: from HE1EUR01FT028.eop-EUR01.prod.protection.outlook.com (2a01:111:f400:7e1f::204) by DB6PR0801CA0044.outlook.office365.com (2603:10a6:4:2b::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1061.12 via Frontend Transport; Wed, 26 Apr 2017 08:19:43 +0000 Authentication-Results: spf=pass (sender IP is 195.214.232.25) smtp.mailfrom=virtuozzo.com; openvz.org; dkim=none (message not signed) header.d=none;openvz.org; dmarc=temperror action=none header.from=virtuozzo.com; Received-SPF: Pass (protection.outlook.com: domain of virtuozzo.com designates 195.214.232.25 as permitted sender) receiver=protection.outlook.com; client-ip=195.214.232.25; helo=relay.sw.ru; Received: from relay.sw.ru (195.214.232.25) by HE1EUR01FT028.mail.protection.outlook.com (10.152.0.157) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.1.1047.9 via Frontend Transport; Wed, 26 Apr 2017 08:19:41 +0000 Received: from finist_cl7.x64_64.work.ct (msk-vpn.virtuozzo.com [195.214.232.6]) by relay.sw.ru (8.13.4/8.13.4) with ESMTP id v3Q8Jedp020247 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 26 Apr 2017 11:19:40 +0300 (MSK) Received: from finist_cl7.x64_64.work.ct (localhost [127.0.0.1]) by finist_cl7.x64_64.work.ct (8.14.7/8.14.7) with ESMTP id v3Q8JeO9001747; Wed, 26 Apr 2017 12:19:40 +0400 Received: (from khorenko@localhost) by finist_cl7.x64_64.work.ct (8.14.7/8.14.7/Submit) id v3Q8JeGN001746; Wed, 26 Apr 2017 12:19:40 +0400 Date: Wed, 26 Apr 2017 12:19:40 +0400 Message-ID: <201704260819.v3Q8JeGN001746@finist_cl7.x64_64.work.ct> X-Authentication-Warning: finist_cl7.x64_64.work.ct: khorenko set sender to khorenko@virtuozzo.com using -f From: Konstantin Khorenko <khorenko@virtuozzo.com> To: Pavel Tikhomirov <ptikhomirov@virtuozzo.com> In-Reply-To: <20170425155954.27911-2-ptikhomirov@virtuozzo.com> X-EOPAttributedMessage: 0 X-Forefront-Antispam-Report: CIP:195.214.232.25; IPV:CAL; SCL:-1; CTRY:RU; EFV:NLI; SFV:SKN; SFS:; DIR:INB; SFP:; SCL:-1; SRVR:HE1PR08MB0426; H:relay.sw.ru; FPR:; SPF:None; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; HE1EUR01FT028; 1:9XRGi99lRZPnCzcEcwj14RY8k5ebpinS9jNblMP7bmU6fUteAWxcFiHAarEZ1oS9wcMTZ/EUezhuW2KHF0SGCmMDkA82tczHJmeSYg3GCR9uDWkXDCNDl/Tn8YO10JCf8GDMEFN+oiHgcIQ0XLIAQaVaW/0XSPhBoILCpe8nDaNssiXMGkaZxJBQvNgXL0YraNAB78Np0hwqEv8N1O9z+jbOsisOpMIRIzle88kvqD1pn/b0+D4KGDiWOrIN3sx2U5n8NrH4+7zNKUOe873S6oMsoPQ0LvTPEao/Erf3rdxFCJ/yt3Kvvs5IqiuvwwzTIDpETE3NCdJNHF3Hys8Mff/OfnEujQf892GiXYjSPz6AzioVyNG4MkLDyzClI/is083VEmS6NR0AsxC0K/nEf2mk/mgC7BCs6IBdvj5OVB8qdj6cbIoztYNNipiIUU7wyIxnLY+J0bHy64eoe3wPJ2GmfDNDBRMN080w2DKzTg5U+qMS47m3sfV+STAaWGExRGA5E4fLiFtX4Wk5TDVvzw== MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: 6a696cf4-d73c-40b5-af1f-08d48c7cfd03 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(201703131423075)(201703031133081)(201702281549075); SRVR:HE1PR08MB0426; X-Microsoft-Exchange-Diagnostics: 1; HE1PR08MB0426; 3:YmAMqhoocKBccB7xrggTX4Cq4yDRZeykYcCh5lvmIVX2K4sMM3+6rtIJ0zM7p3/FXQbL8gcyxWuvaB73GcTkzs/iMrucwizVK/NYZZoSf0MoQlmgmUagPknA5hycjdhapLyWQ1KRs2MAwS+Ejw/X6fzkp3WT98GtjiMHKdjT2VntxKCjHtuPhSkwVHJHmCcLroBkEB3s2XkzTWNY716y5GVhR/60luiuhMRABwck5GQbFs9l2NyqVl/7EfoeqzQWJTAc5ifAA5eyfbD3o87r7abwlBmkC4j90KNbR2f54IkrMx5MmbHr5ln4Zj8HGSbQZH7acprIXUOpMa2lSvM/gZIz2Vt9Gq8AS6Sm9Nqg71Iwf+3vgD76q6kiWiXhAjcIYP7eYW02Zqc9WmRiIGCRMo6ZlL2u9NG8p/R6nBquJDKeoH773vuBWYsW+OvIqN9XQOSKBWUNG6y32mClC3o8BH8WdwEOlGdKx+SjZjmM+a0Qt3GmmS4R7bscJiBPf3AQ X-Microsoft-Exchange-Diagnostics: 1; HE1PR08MB0426; 25:T16QyVHjBbeFTQOIh2LPp4acs7zZSSWpPXfsvTrUQ9sq1rsMLeUKrEptRrKZNsPOabfSCAKcFQP2TC67naPhLxiuqoFSiUafE21OPeti6aiPe/QHJ8sQbemRWmXoVM+kEFkMRvMK7N27rj5FyfvaaVF7WHnTIS/OGmrEOEOgI95K2GwADHdau0DpU/R/wdgYUjNntQXntFN811AVUBSMSOBd6wpIKGRTGPrsrjZ8sUKRQZXgdzEZzQnsJvN01byxs7yPTJzPSUxBJUrQwOcRKqt+uyFINQBTfsL9FFbLWnOzDm9SbE5pa5dNyNasBTDYeMF6oQ3I2GkeTasTuQlo9rBqyPiatnn+4ogNF93h7ch4nkk3b5N3F+yZUUeGbnTm5ykrrpjApBSPk5db6SCbUQJ9/QYCi5ZKQWNOhjjq1fi3lbOfiVJYj1DFcagwGpgieUfoqCddVORTX81TblUg5Q==; 31:RtJ0yY7m3NZSa00MSdbxH2jOuY1DHI9PdF3kczryBSR3K/2j9vSO5VKoP+NQkO7tNjO7dxMi3IFjbxRmZyuZziHuBaOdnvMhLc6L2hUKsPZ1QESZTCVQTTdHof92LJFXX8+WEwQr4qqB9MhAnlUjXdaetxM2X8pJKXeWrSd5HJRvjKUUE6zQJV/jSN0dMItBm0Ny+bAo+BApJ5dbwqEb3AyInHcQ7ZDjM9uvPR2Jae/to8SVeFb2tVKtpBiWGk00EiMWYt50P4PlmVree4HqMZcgNUYJs05S8j3DyCKpC2HJeCRl/lZnH6Cr4+NpHqZ3O4LmvhvEAy3MyaKh+CdA6g== X-Microsoft-Exchange-Diagnostics: 1; HE1PR08MB0426; 20:igviKsUV5I5j/9rMb/h7mNTmkPoJtYNItyDrNNQS7KaZM0685MeP85ywqlt6nK88eBtWlpDjifPZiEE0paikkbtUlLmnkkfAg6oQdQhDj4tmvZOvd1fgiwoaghyk1EZZk0qVPrISmj6nYdSq9sV77P1/N1X8ttyGXFLUXnKEZzWkg8el8QjW2MyJgRM+0aNEpb6hsXIt79awqICon0A1ylbi8vPrOiP9v6PBHoi6HuaVUcqhcHoa3Fk5lCKELI2O4dfCW2pR6ZQvTmO1KolxPO2G/FT6+K3OZNtRvGrE5WTsRTKVIlRnYcO3/9vU150C1x5NBW+5g0C9pYzX3LwBPKgkxZfmXiCUu6wOX2B7WBboG+SXgWGPDLde/O78CMZ2A4jMHmdeIVYHLGIA4mpPVX7IRc30pbD1ML8Rp6M6czilcd1mtN3EWW7jqYM1k0oN7KDTus4wZsYrVrbMCQge3/ByVsii1S1FgV1GNb8Iaesc1LITDBB3jzuFocIXCPuW9pY3DkiJR1GmiHDgYb5kjA== X-Exchange-Antispam-Report-Test: UriScan:(215187933766430); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(9101521199)(601004)(2401047)(13013025)(8121501046)(13023025)(13020025)(93006095)(93004095)(10201501046)(3002001); SRVR:HE1PR08MB0426; BCL:0; PCL:0; RULEID:; SRVR:HE1PR08MB0426; X-Microsoft-Exchange-Diagnostics: 1; HE1PR08MB0426; 4:yuKYb9V2Q9CvLq7o9AG3hSY/Sndj38JKsSXpoguR+VUmALzlkMS6nwCHbPFKNCjhF32GSMMuOn7lULFc1HnqDiX9Qwk3aj761abiLq+38ag6+7VFfZc9/NBDnur2tpkqaPZ46f43RCGqMXWyaMRe7zxeeQoNVYIXljiFWtWRkrorTSArGc7cqKNNyh1HILfSnVqEGdL5QidGNvyOxkZbZf2JzgCnhD9Ao7VWzz/Wk9Rqn/Br3gPnlpzJLORjtMmBdRwW9x07wKSmPUZ92WLVonBmR9ZxPGdvtikzwv+P+Z/w8I7zF1uy8Lqwo2RvFBTMSF2zaxiZRbVbphr7LElumCww4nAKe5pqCDSk/4/LS0KsyHKEUSs665h4/RY48JnXe07YGbs5XPmZeeLUCuSW13yXFer9MTUSmCg4xLxGNqJ1bJSj0EJnXaGMiw588r/nyGQsYnGk9WjA7ExQ8YazANxK2kvTDcmGL4m2Qg2eYsFyYW6OJewhyjBnG0JCLIN1gGHf6LvPHVjaVFXHvntWB4OhvZbDwiEpAzITVQIxqwo=; 23:tHoj786jiJshGZJk80Uj5TaxSIUMIdLOfHOnZBa4N4veupMmHbYSgC4oq17CZzBMV7HY1jGM11mL34JW+TXBAgEVS+hTEpAR0mpim5q+H8w+W0GXMNPzl1+txma12x24ptNgNx1idDzfWMm2Jq6SkjPnIDE7ZnrmSjdt4+e38OLHhsUQTHhw27NI93T3GjlY X-Microsoft-Exchange-Diagnostics: 1; HE1PR08MB0426; 6:OSho+DcMuadxNGnGsCHLOxbufMtpzrQchCBOjkhXz0LkBSKoLgxv2hA1O+waqKovm+Lu6Z+Uul+XxYYMtmf8UIl79k8JXfaDwNM1PNDJM38ffCtNa60f312husL9/EZMrLUSwN6vOVx3KVhGP9WeoQznvJ1kuV6tumGYYRLWLI2D2vamlfOZv06udyIsIH7IcmntssHGfR7XkB5DHqEN3qdZfgpUxL+tjU1ciJQcI7eQicP8uzkX0F3B6RQV/vOjBe8mOqHz1IOFmnDsPDAw7vu1W+LFPJeDiUF/oj1qCnksKxP222yGZzq3XyzP1id01A1ZQjz+/Kj77d3wTD8Kh8bsjP64P/z0b8Y/gzVJfpdZamvmj3sX7w/QWwef79TgNfN95y4kII6VVGpaU9l32hAidov7pr5Kzu5qWnJ/1zJjUwc97KX523Hrt5IaZRM/; 5:foam6aKu5kapqQhB3XSnrQW9/hBo2h7/oAlikI525XjSsANxbQWLVQczRVz+HvyCs00XU4RXwCCs2Puv2uqlJvOfytCzGtAgXfsQoRCZdKqlHsKJBoEuAla82uXpQYwxJwom7p207LDWX+AN2juVQQ==; 24:1at5J7b0CviVH7jdAN3pL7ntcZ223t5QQPoj0H5X4PNJ1wINq1wRSnMDekEhrHayIFYcgqIA/qf9dlPQe+3d7nMjGldYXQv2VAv+4mB1Y5s= SpamDiagnosticOutput: 1:2 SpamDiagnosticMetadata: 2b2090aae5154f77b71484475de18b04 X-Microsoft-Exchange-Diagnostics: 1; HE1PR08MB0426; 7:U4m/d2GbSMa+iFd9RDoqFLa+sTk4XJg+gzQ3Txfkbtk98+fETYJK3PakBKFWx/5yWprASw6ymmgYz2ZG9bbrWb/KacfoYDdOUnRrDevo2igpC1J9kBDZHtou+/81lBBEwmJ0FNB0G3QOlMb8GpaCXQVTC2v7Nkpz7JuBwh4bsTGD6Vn/NylxAhqdHceUmvcr9tvSYJS5/SoPbC5tjInLpqq6dJMhMYceFTD0KlPsA4Eod/8UzCoEKzLjVyaTCdeWtGmCwz8PR8Zq6P3w4lUDaMEzdTumWy7m/w3Mlxc+Qw32wfTpCOUj7W8g0QgPjjWOsrG+4PZqUQGZwp0hb3mbYE6zMc51pxyLbyfhHeOuRN/xR93AZXk4keudlPQ3TmS7Ko6hxiCsLlT/4EXMpsOYgg==; 20:5e+qvxDowZRQ4y6wl1OkaITlqAWr+L813yzUxGRnJCJWk2bCJ3alh9UVmoHR/dB64thQuSX1f3CWMlhHuBLkhnbfip2ee/uUxknpin2J4sS1Q2OM0fOSBhuRVmJZBijCRmIR39jSLfFhh2bJ1oJNbLfP0QZRyKBLCAOB/3mDUco= X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Apr 2017 08:19:41.0730 (UTC) X-MS-Exchange-CrossTenant-Id: 0bc7f26d-0264-416e-a6fc-8352af79c58f X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=0bc7f26d-0264-416e-a6fc-8352af79c58f; Ip=[195.214.232.25]; Helo=[relay.sw.ru] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR08MB0426 X-MS-Exchange-CrossPremises-OriginalClientIPAddress: 195.214.232.25 X-MS-Exchange-CrossPremises-SCL: -1 X-MS-Exchange-CrossPremises-AuthSource: HE1EUR01FT028.eop-EUR01.prod.protection.outlook.com X-MS-Exchange-CrossPremises-AuthAs: Anonymous X-MS-Exchange-CrossPremises-AVStamp-Service: 1.0 X-MS-Exchange-CrossPremises-Antispam-ScanContext: DIR:Originating; SFV:SKN; SKIP:0; X-MS-Exchange-CrossPremises-Processed-By-Journaling: Journal Agent X-OrganizationHeadersPreserved: HE1PR08MB0426.eurprd08.prod.outlook.com Cc: OpenVZ devel <devel@openvz.org> Subject: [Devel] [PATCH RHEL7 COMMIT] ve/sysctl/net: allow net.ipv4.vs.* in CT init userns X-BeenThere: devel@openvz.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OpenVZ development <devel.openvz.org> List-Unsubscribe: <https://lists.openvz.org/mailman/options/devel>, <mailto:devel-request@openvz.org?subject=unsubscribe> List-Archive: <http://lists.openvz.org/pipermail/devel/> List-Post: <mailto:devel@openvz.org> List-Help: <mailto:devel-request@openvz.org?subject=help> List-Subscribe: <https://lists.openvz.org/mailman/listinfo/devel>, <mailto:devel-request@openvz.org?subject=subscribe> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: devel-bounces@openvz.org Errors-To: devel-bounces@openvz.org |
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c index 0d8330f..db4563d 100644 --- a/net/netfilter/ipvs/ip_vs_ctl.c +++ b/net/netfilter/ipvs/ip_vs_ctl.c @@ -3723,7 +3723,7 @@ static int __net_init ip_vs_control_net_init_sysctl(struct net *net) return -ENOMEM; /* Don't export sysctls to unprivileged users */ - if (net->user_ns != &init_user_ns) + if (ve_net_hide_sysctl(net)) tbl[0].procname = NULL; } else tbl = vs_vars;
The commit is pushed to "PSBM-63883-Docker-Swarm" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git after rh7-3.10.0-514.16.1.vz7.30.7 ------> commit f086c287d5f9cd2746a2d0d1c315f8b566dc9542 Author: Pavel Tikhomirov <ptikhomirov@virtuozzo.com> Date: Wed Apr 26 12:19:39 2017 +0400 ve/sysctl/net: allow net.ipv4.vs.* in CT init userns Patchset description: net/ipvs: allow IPVS in CT Allowing IPVS to CT root may be unsafe, we still need to check it, it is about 20k lines of code. If ip_vs module is not loaded on host ipvs will not work in CT as all other modules depend on it. So in default situation this changes nothing. We need it for docker-swarm for cluster network balansing to work. https://jira.sw.ru/browse/PSBM-63883 Pavel Tikhomirov (3): ve/sysctl/net: allow net.ipv4.vs.* in CT init userns netlink: allow IPVS netlink messages to CT init userns net/ipvs: allow IPVS modules autoload in CT ============================================= This patch description: Swarm uses ipvs to route and balanse external traffic to cluster nodes. Swarm wants to enable /proc/sys/net/ipv4/vs/conntrack in CT for it's packets being SNATed by ipvs. https://jira.sw.ru/browse/PSBM-63883 Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com> Reviewed-by: Andrew Vagin <avagin@virtuozzo.com> --- net/netfilter/ipvs/ip_vs_ctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)