[Debian] Re: lenny updates
Kir Kolyshkin
kir at openvz.org
Mon Mar 16 14:46:27 EDT 2009
Yet one more important fix while we're at it.
This fixes udev in a container, OpenVZ bug #1195. Not a security fix but
quite important functionality issue since many distros rely on udev by
default nowdays.
-------------- next part --------------
>From 5dcfcf5defb9a1037de717f56a54f8cbb461e96d Mon Sep 17 00:00:00 2001
From: Konstantin Khlebnikov <khlebnikov at openvz.org>
Date: Tue, 10 Mar 2009 15:55:35 +0300
Subject: [PATCH] NETLINK: disable netns broadcast filtering
There only one uevent_sock in init_net for all VE.
Broadcasts allready filtered by exec_env compare, drop netns check.
http://bugzilla.openvz.org/show_bug.cgi?id=1195
http://git.openvz.org/?p=linux-2.6.24-openvz;a=commit;h=0474535acfde6a
Signed-off-by: Alexey Dobriyan <adobriyan at openvz.org>
Signed-off-by: Konstantin Khlebnikov <khlebnikov at openvz.org>
Signed-off-by: Pavel Emelyanov <xemul at openvz.org>
---
net/netlink/af_netlink.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index d30766c..84e9f7c 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -971,8 +971,10 @@ static inline int do_one_broadcast(struct sock *sk,
if (!ve_accessible_strict(get_exec_env(), sk->owner_env))
goto out;
+#ifndef CONFIG_VE
if (!net_eq(sock_net(sk), p->net))
goto out;
+#endif
if (p->failure) {
netlink_overrun(sk);
--
1.6.0.6
More information about the Debian
mailing list