Message ID | 1495106594-960-1-git-send-email-khorenko@virtuozzo.com |
---|---|
State | New |
Series | "ve/kmod/ebtable: allow to autoload ebtable_* modules from inside a CT" |
Headers | show
Delivered-To: criupatchwork@gmail.com Received: from gmail-imap.l.google.com [64.233.162.108] by patchwork.criu.org with IMAP (fetchmail-6.3.26) for <root@localhost> (single-drop); Thu, 18 May 2017 13:25:45 +0200 (CEST) Received: by 10.100.181.142 with SMTP id r14csp611794pjb; Thu, 18 May 2017 04:25:42 -0700 (PDT) X-Received: by 10.84.149.102 with SMTP id b35mr4236622plh.151.1495106742771; Thu, 18 May 2017 04:25:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1495106742; cv=none; d=google.com; s=arc-20160816; b=tNDzS/tWzGJhPOcvy0jLxvtW+gfdSObToBWf+GSx19ASU0mhIT7y/NLon/d6InuXuc JcDpu0DZMad2pjKnsfKaqwwbtCWdpnVAReqh5lF0RSagM4UU7l86HlWwd1JeykYKzrME B6K/GRNaOlNKFlw+c7OvV4QurYQK7TqxToDtzgEnu/vimrmSM4u+o2C2VLAYbecN0S0C Fz/7R6qh2ZRHoSAtoOJrSCQD7QREtQRkiTUoB9as1++mwRYjQ7+wDeFZgWfM9sM8qizt cVt24n2DQx6JAU5f9c4MIpjn9Kc+yAIr/zBrTR/RmWX+4lcsDi+V7xK1MBgop++A//8x WTpA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :cc:spamdiagnosticmetadata:spamdiagnosticoutput:mime-version :message-id:date:to:from:arc-authentication-results; bh=+ZKB0+bQvpTM+Gi5HBEyvX5O35Y8SzFuh08yksGCmio=; b=Ey7BXjg9rqzUVBcxHPPK7JYJKfEI1xGGQC2kkA+OHLuTN9WTxE+DDOa0AOfRaizrtv TPh09Mj2qZF/wANSOTjR7oGpPPImpL39JdkxkhV2D1ZV5U07hhf2YduGp8F0+uZHrrwd VUrZ4AGOzy4h3QpPPjAgHk/9pRlJU3qWQRrRAwyrCB1qSs7pd0lErzHnd1hQGdenVjAT eJXV/0omVgv6KOBg+U2VgHKGu13hzcxsEFHzLqs0jblMAks7aMjoxgRFS20AhCb18hmN qOG33yoLfcjoKZQyL8fhX4Y2Ul3poFDh5CD5KZiBJABEStxecovg7dGM4laqVGNR1NpO RVQw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of devel-bounces@openvz.org designates 195.214.232.140 as permitted sender) smtp.mailfrom=devel-bounces@openvz.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=virtuozzo.com Return-Path: <devel-bounces@openvz.org> Received: from mail.openvz.org (mail.openvz.org. [195.214.232.140]) by mx.google.com with ESMTPS id 67si4986759pfe.140.2017.05.18.04.25.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 18 May 2017 04:25:42 -0700 (PDT) Received-SPF: pass (google.com: domain of devel-bounces@openvz.org designates 195.214.232.140 as permitted sender) client-ip=195.214.232.140; Authentication-Results: mx.google.com; spf=pass (google.com: domain of devel-bounces@openvz.org designates 195.214.232.140 as permitted sender) smtp.mailfrom=devel-bounces@openvz.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=virtuozzo.com Received: from mail.openvz.org (localhost [127.0.0.1]) by mail.openvz.org (8.14.4/8.14.4) with ESMTP id v4IBNV2k015497; Thu, 18 May 2017 04:23:36 -0700 Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01lp0215.outbound.protection.outlook.com [213.199.154.215]) by mail.openvz.org (8.14.4/8.14.4) with ESMTP id v4IBNUQI015494 for <devel@openvz.org>; Thu, 18 May 2017 04:23:30 -0700 Received: from HE1PR0801CA0018.eurprd08.prod.outlook.com (2603:10a6:3:6::28) by HE1PR0801MB1788.eurprd08.prod.outlook.com (2603:10a6:3:88::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1084.16; Thu, 18 May 2017 11:23:17 +0000 Received: from DB5EUR01FT010.eop-EUR01.prod.protection.outlook.com (2a01:111:f400:7e02::202) by HE1PR0801CA0018.outlook.office365.com (2603:10a6:3:6::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1101.14 via Frontend Transport; Thu, 18 May 2017 11:23:17 +0000 Authentication-Results: spf=pass (sender IP is 195.214.232.25) smtp.mailfrom=virtuozzo.com; openvz.org; dkim=none (message not signed) header.d=none; openvz.org; dmarc=pass action=none header.from=virtuozzo.com; Received-SPF: Pass (protection.outlook.com: domain of virtuozzo.com designates 195.214.232.25 as permitted sender) receiver=protection.outlook.com; client-ip=195.214.232.25; helo=relay.sw.ru; Received: from relay.sw.ru (195.214.232.25) by DB5EUR01FT010.mail.protection.outlook.com (10.152.4.136) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.1.1075.5 via Frontend Transport; Thu, 18 May 2017 11:23:16 +0000 Received: from finist_cl7.x64_64.work.ct (msk-vpn.virtuozzo.com [195.214.232.6]) by relay.sw.ru (8.13.4/8.13.4) with ESMTP id v4IBNF5i029922 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 18 May 2017 14:23:15 +0300 (MSK) Received: from finist_cl7.x64_64.work.ct (localhost [127.0.0.1]) by finist_cl7.x64_64.work.ct (8.14.7/8.14.7) with ESMTP id v4IBNFqs000998; Thu, 18 May 2017 15:23:15 +0400 Received: (from khorenko@localhost) by finist_cl7.x64_64.work.ct (8.14.7/8.14.7/Submit) id v4IBNEIY000997; Thu, 18 May 2017 15:23:14 +0400 X-Authentication-Warning: finist_cl7.x64_64.work.ct: khorenko set sender to khorenko@virtuozzo.com using -f From: Konstantin Khorenko <khorenko@virtuozzo.com> To: <ktkhai@virtuozzo.com> Date: Thu, 18 May 2017 15:23:14 +0400 Message-ID: <1495106594-960-1-git-send-email-khorenko@virtuozzo.com> X-Mailer: git-send-email 1.8.3.1 X-EOPAttributedMessage: 0 X-Forefront-Antispam-Report: CIP:195.214.232.25; IPV:CAL; SCL:-1; CTRY:RU; EFV:NLI; SFV:SKN; SFS:; DIR:INB; SFP:; SCL:-1; SRVR:HE1PR0801MB1788; H:relay.sw.ru; FPR:; SPF:None; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; DB5EUR01FT010; 1:/et5JZGFR1CqG1iShHz0EQddGsheD2a+jrfBAGy9gtsoB/gzCcb8G+a8odlLwVeRh+59By8+XSXs+oPFxrcX7ykn04r/jsYqRvksulyy+8XidkxTrv9l0PrEZUbJcYtc7wY3kILbNz7PxtVk/SnQQPHo+QJB1PV4Ts/TufkmyPpgDFdtXgYJ+vtZ5fjW/Aj6Ef8yde2wQQmqGd2pcTLNqSW2TKfdoCRPhEWn7hIRg8O4Zx1XensGGbdFB8t6+HXA1mYO/zhWTktOSLNtF/yYnMCSVaqv3AQAVTIaKN3vGweALeF14FcgEw83Mgjo9tQ6PKWl/lccjxE9OiqQD7fyJpQJkf8Ek3aFuW6tQWBKtIDO5bGbS5HzZV4Fg9Smh2hgL1NWOZQ8Z/OuZE3Z7QQe0qfHunK6IuJjOcI8kkhl6vaB7FjwlHLmaCgMwagSYxs48c9fvFKYnGjK4DFEtXOkSR2hVb+sHTNER+1Wz/PPJ1TfmDhQdqEHUrB69ccdw6SK4JeTRmu/J+Q/ik50PsCMUA== MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 71faeca1-c575-421d-d8f9-08d49de047e0 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(8251501002)(2017030254075)(201703131423075)(201703031133081); SRVR:HE1PR0801MB1788; X-Microsoft-Exchange-Diagnostics: 1; HE1PR0801MB1788; 3:7cGGomVcUGCMukUpengip4yMj3dNcdsO31/ZtUCwp3oU47oGnRgV2k+uXU38guJObP/vdWXfoQ1zlo0kpRgaCW5krZaZHLERNpD8Gq/72SHCKenX5uX+7o+hVZYDjXGWPe04AyNMOd3B5RzUcbYdGjxIAaspxINqi9fS2DgVXJNKjtyJMrEORR0XpNphXqgCoAWCYd/ukdqfPAEizJgfgSuKleFLw+lapFIRjxBw3wtIg9qAi71VnZlxrl7tpcDfQbE7alACZruxtG/VbSHUhcPTWDjccKV2YAQEZdC7/p0srCuJJp44Bl6BPRIAL/hA/fyc+elyEkMzvm7XfTLUhldwAMKFz7O1HZUKu0lZy7Nv58UMzfqsYH959h5lXiqieioHZNhXbV+A2jpJV2prN6akg8ieKMmtpC8TAwNy70GdJadgaa4WTfZTnPezg7Zj79RQmBGasZHq42iDsA/Ym1RZt7a3ghwU9+qPJ3ZmUE0Hs1z0aamRl/4HZHZKVl+V X-Microsoft-Exchange-Diagnostics: 1; HE1PR0801MB1788; 25:HnB/szLFzrsDQxFiJT6pvHyVWgx744vEoBQG4Q33lXBWZU8uYM5zC0ocUO/03pyKjAIIutEpDkgol1QMEzh/tIriUI3iLyX+uKYerOibSrWQXjX2Ag080IAMwVCYleySYvcU4REllRF1v4xosi8xcQRYvus/w4p3I0hqf81Gu6p983LHI6+ZRJ0o+890zhku0X6TcWQyH+4hlBSgvleToEUy/LH59X3RPmBU9m0iWFQDcXrYZeBnB1wzRQoDRAt0c7666qTYh+zHCEzg5NdFZhiPX1xPjISNFZd7XS90ZAQj2qKNiAUnFqvuh1eU0r35et32lvosTR8SzE3anACZFOwKxzYxYt9EN47rUTVRhUWZdJkpR+J++al151dmFBdNbjajSn6KHv3+ATvQNCq/ImDKb1InD3d+6UF+4ucavuPdW0Nb3p+9dYvUBtGe7E937lrHlVbu6duZt0wa8sex7N/5Tii694bhe7OSPl9Sh3M=; 31:h3e5SkC7fe/mD2y5pOjBHXrxPaZmoscOvAIm6YweCOy1aBNoT/yG81BbpJCOI4jG6jCtwMaMFrAcvRdk+NzBEJtGyMLOaqJvZLPHHEFgPKaJqugwtb5nv1xEBTx0QxaZgNaTO44kjKGlr0fxXDyZ+zxKSL4StJT4/asjAy/TvA479SsJMc8zGkCkaawIhHth6iDp/aGXbS9Kp6lSqFR+BtERYP7mVeGB0nsZjfFhoMwnDIXq4Cf/0wBlnz5aVYq7WjbpATmjkKDOQvVpCL3z92l2AopDUMurowJU5fsQzNFz8zJ63LDgz4pmyuNRlDnO X-Microsoft-Exchange-Diagnostics: 1; HE1PR0801MB1788; 20:C7lFcJTB6lP3n7MLjsGcJ96MqNYDdYF/wOaKy5tEftumRmLhWLxoGKfEOqQAisX+rJ5akG4cOg0B4dm6DUgCuYa28ljBpsGFYmlNu9Fwg9nRng73YmL0FQ9SdNVszf2Ik7wAROYlZancDSalRSEb+0Cxa9WS1HMAJKGuWXiMX0bVYiVaAXyPx/D9of9KqCP4GOMAcXO2DM/2Ddko+4YV4DtTCTQk9wGLfRzkPGNZ4wDDeIAgTaicOhqXVgOxBlK9NG0ho4txGJyEb1Ukyf490xoHRiWX189d8HmCkZWPA/UpN5Ky8GtsMVsPcT31Eh9XEp1UkpziKrYRVbvDac05OYc894PLgDvA2ztvv8iIRSFmppbqLCG/pr9YHaHilOqXCeKZ2b6lDrpt14Pi2oes3oFu9hu1hIhkgDqapv5757PWT0vZ35JScJbhWV4UHpIkjtX7wizL3zZGo6cRlONtZlKXv+hHqdK3X9DkiA7r7ktAbDS40GQAZ1PVLEngcPPsKRUubdXGU0q9xBtZrqPWzg== X-Exchange-Antispam-Report-Test: UriScan:(215187933766430)(17755550239193); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(9101521199)(601004)(2401047)(13020025)(13023025)(8121501046)(13013025)(10201501046)(93006095)(93004095)(3002001); SRVR:HE1PR0801MB1788; BCL:0; PCL:0; RULEID:; SRVR:HE1PR0801MB1788; X-Microsoft-Exchange-Diagnostics: 1; HE1PR0801MB1788; 4:G4lQ5r/3WHjIXoLEE8EKqpozLAkyyNwze6t+hrfbBqgbs5A2Vj6vlHXb/MeoxJgk1A8WVBGqrm3tjpWHaZDdKqK5XhZcgv0vUjRdrEykf1Ok9v/0KFfhg4wuRXU0A/QDgz6hP8IazcLWdn4yFdlSfYB3a83CnL4VazZ8hfIQHGY51d/caTV8F/uzhXSMq39jMXwjMRPccr16m0dUn6Y1IGn3ss/7owhxzAmkPoiu+sKKSl8ciSgqdhNgRwsuFfPol+e+mi8AaEOOZmbs5/eobNXebd/KsO01lvMAeHswJT+37XuH+0EIKksiz5nxR9beVtvx3AUKrNrtYtE74m5Wey1sgBwGWas/8s9E6HPSWo3g/giowk4OU5WN1PR6t4FUI+b1DCjLjPOVzFIn73Sm6lP7CzZ0UEPNmq6WpJaO6yzSEgktkpeYXG9NI/NFvnKgIkanwGC/Ht/lVu967NM+ubpQQd5Ktts7qfAvLx0vJPdKOZTgf/G7dwIlWRFkVEXLTOARLVrD6ZRXS0HYkA50UGUkKD+oBYZl+85bqOsFs27v9mlIX878Oog+jaExZ8Tw; 23:6561zU9ayyHZjDvAfOgaW6/rRoQ6Iip2w0dov7QenngtlD0KDJRIurOLhvypqsDewNMOt9nVBHaPKeUZdZUNIA9Lku4EER9riQ3PC4lPm3iIfZeddca2eJkwqw539MTE+gqi1D6u5JipEWdZwsWmVauvBQ03vUY84fwKafXywlJGK0kJywYWfWiYNYGCmT06 X-Microsoft-Exchange-Diagnostics: 1; HE1PR0801MB1788; 6:lA5+eB5TqLSs6kjon7iDS5AhcNosjrcbojapD92R60L56JwEOF5KntjubHJSGz8IubzZkpfFnpmcoq32qXlfcJe6oqyuMVJNhn9zjeeJA1oknjF+89sySp8f3uR5cwgtpqdZIQnjX7zjvaEgU9Txf46vlIw4gSoHzkK58YQ6Mm+MRWh9UM3sog8QSyBgt32XkRZyrlyXCezcAGkrJfc6b1gzgX2vgg/DpqNrgp+Lu66pdNaL8l8ky72KhZcxn5C+mgccQh5cap4QKezaQZzq4azb/yejSXqpPuP1sma8l4kwlqKCT5i/RDaKeh807QAxts6IEjUjEh+UIwpLMQY2JopStNntKxtm++wuUu/lmCa1KEd0dL4FXosR0orqVFb6mtOAAtCOhQYtwsIZ5i0ip7AShcadOHtYHOVNobLsSyXnomuNwjJKEKTGi8e+juJW; 5:4Hn9B8gFDLcTXTx9Gl74OPfNpUyPl2VIn/q4MpWMi0hkMbNyPJ6+YyAQfN3Y/fgc159j3+qqEErznqdlp4vvdAk4PrDkOp25pXe/sreSPez5I7b0z9WxBPJPlXqicP+Eb0i3Wqbua1ggbrUjE2uPjQ==; 24:REOOacO6A90t+wNGWoB9pFXhNksUD3Mjaehq1a5NWKuySV8P51TSAZ5fHYylxrlpv66P4dTSjOTcpSHSBRCFDjGD7zcla5RHBZnv11mnhw0= SpamDiagnosticOutput: 1:2 SpamDiagnosticMetadata: 2b2090aae5154f77b71484475de18b04 X-Microsoft-Exchange-Diagnostics: 1; HE1PR0801MB1788; 7:rYiF4JH8eeXdfLXbnZYpKCc7pIbnsd62Vx+r+MPm9L5fDa+QkYuIbjpv5IdNjmX7XdU9vELqtrniOH8tOKx0bd/EA+3r88k2AK6AR8q9WXH4WQW383fQK7fsxZFxrZBFc4rbRANqyLSeDXdLuk417kte+IJlAk/V/AYMOGR6y2ZpveFUNQLrpzUl7FO/PWQ1HtfQYKauxP7skRUFGRh0sEEjXwKwrJCThFFKkhrJC8g3F4PkYB4r8KQHLrtshvoKW0aL+SrKvRy+VhMi5CBDsPbeExJqRkJo1AM+4MIJ/Rfc/BquJ324ef0nwdW6661tN+50swsHh69Bq0PTo/OTnUIx5dtxy0aNE9yPFMm5l9IkDLfNmIx0zL8VY+bfxeKQA8smT/Xdtcq1HIE1Df4wTw==; 20:ZfCviwEJiJWx+U5QEVMTCurDHYxi2rnQxc8E9kz2/oVtgkWo1BrCVReHJiA0YjCptw62DxSfDOzYHDSktrxvD3aB00G+memxhEMeuRgnTPgHYoiJtA27M0xalTBCp6CcoYZM0NdgNIJqtD3fAuzt6/NXg9nl1DvO//Q2UZ6SKKU= X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 May 2017 11:23:16.6329 (UTC) X-MS-Exchange-CrossTenant-Id: 0bc7f26d-0264-416e-a6fc-8352af79c58f X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=0bc7f26d-0264-416e-a6fc-8352af79c58f; Ip=[195.214.232.25]; Helo=[relay.sw.ru] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0801MB1788 X-MS-Exchange-CrossPremises-OriginalClientIPAddress: 195.214.232.25 X-MS-Exchange-CrossPremises-SCL: -1 X-MS-Exchange-CrossPremises-AuthSource: DB5EUR01FT010.eop-EUR01.prod.protection.outlook.com X-MS-Exchange-CrossPremises-AuthAs: Anonymous X-MS-Exchange-CrossPremises-TransportTrafficType: Email X-MS-Exchange-CrossPremises-TransportTrafficSubType: X-MS-Exchange-CrossPremises-Antispam-ScanContext: DIR:Originating; SFV:SKN; SKIP:0; X-MS-Exchange-CrossPremises-Processed-By-Journaling: Journal Agent X-OrganizationHeadersPreserved: HE1PR0801MB1788.eurprd08.prod.outlook.com Cc: devel@openvz.org Subject: [Devel] [PATCH rh7] ve/kmod/ebtable: allow to autoload ebtable_* modules from inside a CT X-BeenThere: devel@openvz.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OpenVZ development <devel.openvz.org> List-Unsubscribe: <https://lists.openvz.org/mailman/options/devel>, <mailto:devel-request@openvz.org?subject=unsubscribe> List-Archive: <http://lists.openvz.org/pipermail/devel/> List-Post: <mailto:devel@openvz.org> List-Help: <mailto:devel-request@openvz.org?subject=help> List-Subscribe: <https://lists.openvz.org/mailman/listinfo/devel>, <mailto:devel-request@openvz.org?subject=subscribe> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: devel-bounces@openvz.org Errors-To: devel-bounces@openvz.org |
diff --git a/kernel/kmod.c b/kernel/kmod.c index 16b64ca..bb7671b 100644 --- a/kernel/kmod.c +++ b/kernel/kmod.c @@ -365,8 +365,8 @@ static inline int module_payload_iptable_allowed(const char *module) if (!strncmp("arpt_", module, 5)) return 1; - /* The rest of ebt_* modules */ - if (!strncmp("ebt_", module, 4)) + /* The rest of ebt* modules */ + if (!strncmp("ebt", module, 3)) return 1; /* The rest of nft- modules */
On 18.05.2017 14:23, Konstantin Khorenko wrote: > Currently we allow to autoload ebt_* modules upon request from inside a Container but there are several ebtables_* modules to be allowed as well, thus allow all ebt* modules for that. > > (Default CentOS7.3 firewalld service inside a CT complains on that) > > https://jira.sw.ru/browse/PSBM-66435 > > Signed-off-by: Konstantin Khorenko <khorenko@virtuozzo.com> Acked-by: Kirill Tkhai <ktkhai@virtuozzo.com> > --- > kernel/kmod.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/kernel/kmod.c b/kernel/kmod.c > index 16b64ca..bb7671b 100644 > --- a/kernel/kmod.c > +++ b/kernel/kmod.c > @@ -365,8 +365,8 @@ static inline int module_payload_iptable_allowed(const char *module) > if (!strncmp("arpt_", module, 5)) > return 1; > > - /* The rest of ebt_* modules */ > - if (!strncmp("ebt_", module, 4)) > + /* The rest of ebt* modules */ > + if (!strncmp("ebt", module, 3)) > return 1; > > /* The rest of nft- modules */ >
Currently we allow to autoload ebt_* modules upon request from inside a Container but there are several ebtables_* modules to be allowed as well, thus allow all ebt* modules for that. (Default CentOS7.3 firewalld service inside a CT complains on that) https://jira.sw.ru/browse/PSBM-66435 Signed-off-by: Konstantin Khorenko <khorenko@virtuozzo.com> --- kernel/kmod.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)