From: Konstantin Khorenko <khore...@virtuozzo.com>
A Container with CentOS 8 inside uses nft by default and
iptables work in a legacy mode, for that "nft_compat" is
required, so allow its autoload.
[CT]# iptables -A INPUT -m tos --tos Minimize-Cost -j REJECT
iptables v1.8.2 (nf_tables): Couldn't load match
`tos':No such file or directory
https://jira.sw.ru/browse/PSBM-98948
Signed-off-by: Konstantin Khorenko <khore...@virtuozzo.com>
Acked-by: Andrey Ryabinin <aryabi...@virtuozzo.com>
(cherry picked from vz7 commit f247ccddb3f9 ("ve/kmod: allow
"nft_compat" module autoload from inside a Container"))
Signed-off-by: Konstantin Khorenko <khore...@virtuozzo.com>
---
kernel/kmod.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/kernel/kmod.c b/kernel/kmod.c
index f79970fa75e1..3a445d4e2734 100644
--- a/kernel/kmod.c
+++ b/kernel/kmod.c
@@ -253,6 +253,7 @@ static const char * const ve0_allowed_mod[] = {
"nfnetlink-subsys-2", /* NFNL_SUBSYS_CTNETLINK_EXP */
"nfnetlink-subsys-3", /* NFNL_SUBSYS_QUEUE */
"nfnetlink-subsys-10", /* nf_tables */
+ "nfnetlink-subsys-11", /* nft_compat */
/* unix_diag */
"net-pf-16-proto-4-type-1", /* PF_NETLINK, NETLINK_SOCK_DIAG,
AF_LOCAL */
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel
