[Devel] [PATCH rh7] kmod: Change modules whitelist to fit their aliases

Cyrill Gorcunov gorcunov at virtuozzo.com
Tue May 17 08:11:40 PDT 2016 

When we do call for specifed sockets such as netlink netfilter,
dialog sockets and such we imply that the kernel will autoload
them. But previously (e0914131eeb08e6b1953c682be05b9fbcf185f1f)
I put module names instead of their alises used in net subsystem
to determinate which module to load on socket/protocol types.

Fix it putting proper names here.

Thanks to Vladimir to point the problem.

https://jira.sw.ru/browse/PSBM-46789

CC: Vladimir Davydov <vdavydov at virtuozzo.com>
CC: Konstantin Khorenko <khorenko at virtuozzo.com>
CC: Andrey Vagin <avagin at openvz.org>
CC: Pavel Emelyanov <xemul at virtuozzo.com>
Signed-off-by: Cyrill Gorcunov <gorcunov at virtuozzo.com>
---
 kernel/kmod.c |   32 +++++++++++++++++++++++---------
 1 file changed, 23 insertions(+), 9 deletions(-)

Index: linux-pcs7.git/kernel/kmod.c
===================================================================
--- linux-pcs7.git.orig/kernel/kmod.c
+++ linux-pcs7.git/kernel/kmod.c
@@ -378,15 +378,29 @@ static inline int module_payload_iptable
 /* ve0 allowed modules */
 static const char * const ve0_allowed_mod[] = {
 	"binfmt_misc",
-	"netlink_diag",
-	"inet_diag",
-	"tcp_diag",
-	"udp_diag",
-	"unix_diag",
-	"af_packet_diag",
-	"nfnetlink",
-	"nf_conntrack",
-	"nf_conntrack_netlink",
+
+	/* inet_diag, inet6_diag  */
+	"net-pf-16-proto-4-type-2",	/* PF_NETLINK, NETLINK_SOCK_DIAG, AF_INET */
+	"net-pf-16-proto-4-type-10",	/* PF_NETLINK, NETLINK_SOCK_DIAG, AF_INET6 */
+
+	/* tcp_diag */
+	"net-pf-16-proto-4-type-2-6",	/* PF_NETLINK, NETLINK_SOCK_DIAG, AF_INET - IPPROTO_TCP */
+
+	/* udp_diag */
+	"net-pf-16-proto-4-type-2-17",	/* PF_NETLINK, NETLINK_SOCK_DIAG, AF_INET - IPPROTO_UDP */
+	"net-pf-16-proto-4-type-2-136",	/* PF_NETLINK, NETLINK_SOCK_DIAG, AF_INET - IPPROTO_UDPLITE */
+
+	/* nfnetlink  */
+	"net-pf-16-proto-12",		/* PF_NETLINK, NETLINK_NETFILTER */
+
+	/* unix_diag */
+	"net-pf-16-proto-4-type-1",	/* PF_NETLINK, NETLINK_SOCK_DIAG, AF_LOCAL */
+
+	/* af_packet_diag */
+	"net-pf-16-proto-4-type-17",	/* PF_NETLINK, NETLINK_SOCK_DIAG, AF_PACKET */
+
+	/* netlink_diag */
+	"net-pf-16-proto-4-type-16",	/* PF_NETLINK, NETLINK_SOCK_DIAG, AF_NETLINK */
 };
 
 /*

More information about the Devel mailing list