[Debian] Re: lenny updates (networking)
Ola Lundqvist
ola at inguza.com
Mon Mar 16 07:47:39 EDT 2009
Hi Kir
Quoting Kir Kolyshkin <kir at openvz.org>:
> Ola Lundqvist wrote:
[...]
>>> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=ce67d5b4cc85fa0c6a6d226d436276ab307ae041
>>> iptables: setup init iptables mask before net initialization
>>> Trivial fix for IPv6 iptables in container. Not an ABI breaker.
>>> Attached as 0042*
>>>
>>
>> IPv6 is not really working in the current version. However this is
>> an improvement to the current state.
>> Not sure it should be included. I have added to my test build but I
>> think I need advice from Dann here.
>>
>
> So we can either disable IPv6 in config or fix it. It's up to you/Dann
> to decide. I'd go with fixing.
I tend to agree.
> Speaking of IPv6, we also have a bunch of patches for ipv6 conntracks
> in containers which I haven't sent since it looks more like a new
> functionality rather than a bugfix.
If it is new functionality, then it can not go in. However if it is
fixes (>= important) then it should go in. So if you see any important
ones please let me know.
>>
>>> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=fffc6ffba65ec0b12aeb89f2e4a448785298aa75
>>> net: set ve context when init/exit method is called
>>> Attached as 0043*
>>>
>>
>> Security issue?
>>
>
> No. Deadlocks/leaks on VE stop.
I personally consider deadlock as a denial of service. However this
can only be done by root. On the other hand I assume it is still
important to fix it.
[...]
Best regards,
// Ola
--
--- Inguza Technology AB --- MSc in Information Technology ----
/ ola at inguza.com Annebergsslingan 37 \
| opal at debian.org 654 65 KARLSTAD |
| http://inguza.com/ Mobile: +46 (0)70-332 1551 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
More information about the Debian
mailing list