[Devel] [PATCH RHEL7 COMMIT] ve/kmod: Add modules to whitelist for c/r sake
Konstantin Khorenko
khorenko at virtuozzo.com
Tue May 10 09:19:38 PDT 2016
The commit is pushed to "branch-rh7-3.10.0-327.10.1.vz7.12.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-327.10.1.vz7.12.17
------>
commit e0914131eeb08e6b1953c682be05b9fbcf185f1f
Author: Cyrill Gorcunov <gorcunov at virtuozzo.com>
Date: Tue May 10 20:19:31 2016 +0400
ve/kmod: Add modules to whitelist for c/r sake
When doing checpoint/restore during migration we use netlink
sockets with diag functionality to fetch various information
we need. In particular when restoring on the machine where
say netfilter modules are not loaded we fail with
| [root at s175 ~]# less /vz/dump/rst-iVS9OC-16.05.04-22.32/criu_restore.11.log
| (00.151066) 1: Running ip addr restore
| RTNETLINK answers: File exists
| RTNETLINK answers: File exists
| (00.152641) 1: Running ip route restore
| (00.175144) 1: Running ip route restore
| (00.184676) 1: Running ip rule delete
| (00.186448) 1: Running ip rule delete
| (00.188191) 1: Running ip rule delete
| (00.190054) 1: Running ip rule restore
| (00.191964) 1: Running iptables-restore for iptables-restore
| (00.200958) 1: Running ip6tables-restore for ip6tables-restore
| >(00.203833) 1: Error (net.c:466): Can't open rtnl sock for net dump: Protocol not supported
| (00.229107) Error (cr-restore.c:1407): 15091 killed by signal 9: Killed
| (00.229192) Switching to new ns to clean ghosts
| (00.241142) uns: calling exit_usernsd (-1, 1)
| (00.241173) uns: daemon calls 0x454950 (15085, -1, 1)
| (00.241188) uns: `- daemon exits w/ 0
| (00.241570) uns: daemon stopped
| (00.241584) Error (cr-restore.c:2248): Restoring FAILED
which stands for the following criu code
| sk = socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER);
| if (sk < 0) {
| pr_perror("Can't open rtnl sock for net dump");
| goto out_img;
| }
because the nfnetlink module is not loaded on the destination machine
we're failing. If we would have been running on node the module would
be uploaded automatically but restore happens in veX context where modules
can't be uploaded.
Thus add modules needed for c/r into whitelist, so the criu will
upload them automatically.
https://jira.sw.ru/browse/PSBM-46789
CC: Vladimir Davydov <vdavydov at virtuozzo.com>
CC: Konstantin Khorenko <khorenko at virtuozzo.com>
CC: Andrey Vagin <avagin at openvz.org>
CC: Pavel Emelyanov <xemul at virtuozzo.com>
Signed-off-by: Cyrill Gorcunov <gorcunov at virtuozzo.com>
---
kernel/kmod.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/kernel/kmod.c b/kernel/kmod.c
index 26b0c33..8df0959 100644
--- a/kernel/kmod.c
+++ b/kernel/kmod.c
@@ -377,7 +377,16 @@ static inline int module_payload_iptable_allowed(const char *module)
/* ve0 allowed modules */
static const char * const ve0_allowed_mod[] = {
- "binfmt_misc"
+ "binfmt_misc",
+ "netlink_diag",
+ "inet_diag",
+ "tcp_diag",
+ "udp_diag",
+ "unix_diag",
+ "af_packet_diag",
+ "nfnetlink",
+ "nf_conntrack",
+ "nf_conntrack_netlink",
};
/*
More information about the Devel
mailing list