[Devel] [PATCH RH7] enable ipproto_icmp inside containers
Vasily Averin
vvs at virtuozzo.com
Thu Jun 23 05:08:53 PDT 2016
iputils-ping 20150815 fails inside containers
because socket(PF_INET, SOCK_DGRAM, IPPROTO_ICMP)
is restricted by vz_security_protocol_check()
The patch enables creation of such sockets inside containers.
By default sys_socket still fails
because default setting of sysctl net.ipv4.ping_group_range,
however it's enough for iputils-ping 20150815.
its fallback handles this situation
and successfully creates RAW socket.
According to ptikhomirov@ this sysctl will be enabled inside conaintes soon,
and in future it will be saved/restored by criu.
https://bugs.openvz.org/browse/OVZ-6744
Signed-off-by: Vasily Averin <vvs at virtuozzo.com>
More information about the Devel
mailing list