net: allow AF_ALG sockets inside a Container

Konstantin Khorenko Thu, 15 Jun 2023 09:52:22 -0700

Starting RHEL9.2 kernel build fails inside a Container on sha512hmac
execution, looks like libkcapi is rewritten to use AF_ALG sockets which
are disabled inside a Container.


AF_ALG sockets are per netns so let's allow using them inside a
Container.

https://jira.vzint.dev/browse/PSBM-147375

Signed-off-by: Konstantin Khorenko <khore...@virtuozzo.com>
---
 kernel/ve/ve.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/kernel/ve/ve.c b/kernel/ve/ve.c
index c0535d7836d6..70e588b7df4c 100644
--- a/kernel/ve/ve.c
+++ b/kernel/ve/ve.c
@@ -358,6 +358,7 @@ int vz_security_family_check(struct net *net, int family, 
int type)
        case PF_INET6:
        case PF_PPPOX:
        case PF_KEY:
+       case PF_ALG:
                return 0;
        case PF_BRIDGE:
                if (type)
-- 
2.24.3

_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel

[Devel] [PATCH rh7 3/6] ve/net: allow AF_ALG sockets inside a Container

Reply via email to