[Devel] [PATCH RH9 10/20] ve/kmod/whitelist: Allow netfilter/ipset modules autoload from inside a CT

Fri, 08 Oct 2021 06:54:31 -0700 

From: Pavel Tikhomirov <ptikhomi...@virtuozzo.com>

I forgot to allow in CT autoload of needed modules, so do:
ip_set_list_set
ip_set_hash_netiface
ip_set_hash_ipportnet
ip_set_hash_netport
ip_set_hash_net
ip_set_hash_ipportip
ip_set_hash_ipport
ip_set_hash_ip
ip_set_bitmap_port
ip_set_bitmap_ipmac
ip_set_bitmap_ip
ip_set

https://jira.sw.ru/browse/PSBM-46102

Signed-off-by: Pavel Tikhomirov <ptikhomi...@virtuozzo.com>

(cherry picked from vz7 commit
 1af0b905877a ("ve/netfilter/ipset: allow modules autoload"))

Signed-off-by: Konstantin Khorenko <khore...@virtuozzo.com>
---
 kernel/kmod.c |   14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/kernel/kmod.c b/kernel/kmod.c
index be0908452d7b..6acc4d943283 100644
--- a/kernel/kmod.c
+++ b/kernel/kmod.c
@@ -260,6 +260,20 @@ static const char * const ve0_allowed_mod[] = {
        /* netlink_diag */
        "net-pf-16-proto-4-type-16",    /* PF_NETLINK, NETLINK_SOCK_DIAG, 
AF_NETLINK */
 
+       /* ip_set */
+       "nfnetlink-subsys-6",           /* NFNL_SUBSYS_IPSET */
+       "ip_set_bitmap:ip",
+       "ip_set_bitmap:ip,mac",
+       "ip_set_bitmap:port",
+       "ip_set_hash:ip",
+       "ip_set_hash:ip,port",
+       "ip_set_hash:ip,port,ip",
+       "ip_set_hash:net",
+       "ip_set_hash:net,port",
+       "ip_set_hash:ip,port,net",
+       "ip_set_hash:net,iface",
+       "ip_set_list:set",
+
        "rtnl-link-dummy",
        "rtnl-link-vxlan",
 


_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel

Reply via email to