[Devel] [PATCH rh7] kmod: Change modules whitelist to fit their aliases
Vladimir Davydov
vdavydov at virtuozzo.com
Tue May 17 08:57:09 PDT 2016
On Tue, May 17, 2016 at 06:11:40PM +0300, Cyrill Gorcunov wrote:
> When we do call for specifed sockets such as netlink netfilter,
> dialog sockets and such we imply that the kernel will autoload
> them. But previously (e0914131eeb08e6b1953c682be05b9fbcf185f1f)
> I put module names instead of their alises used in net subsystem
> to determinate which module to load on socket/protocol types.
>
> Fix it putting proper names here.
>
> Thanks to Vladimir to point the problem.
>
> https://jira.sw.ru/browse/PSBM-46789
>
> CC: Vladimir Davydov <vdavydov at virtuozzo.com>
> CC: Konstantin Khorenko <khorenko at virtuozzo.com>
> CC: Andrey Vagin <avagin at openvz.org>
> CC: Pavel Emelyanov <xemul at virtuozzo.com>
> Signed-off-by: Cyrill Gorcunov <gorcunov at virtuozzo.com>
Reviewed-by: Vladimir Davydov <vdavydov at virtuozzo.com>
> ---
> kernel/kmod.c | 32 +++++++++++++++++++++++---------
> 1 file changed, 23 insertions(+), 9 deletions(-)
>
> Index: linux-pcs7.git/kernel/kmod.c
> ===================================================================
> --- linux-pcs7.git.orig/kernel/kmod.c
> +++ linux-pcs7.git/kernel/kmod.c
> @@ -378,15 +378,29 @@ static inline int module_payload_iptable
> /* ve0 allowed modules */
> static const char * const ve0_allowed_mod[] = {
> "binfmt_misc",
> - "netlink_diag",
> - "inet_diag",
> - "tcp_diag",
> - "udp_diag",
> - "unix_diag",
> - "af_packet_diag",
> - "nfnetlink",
> - "nf_conntrack",
> - "nf_conntrack_netlink",
> +
> + /* inet_diag, inet6_diag */
> + "net-pf-16-proto-4-type-2", /* PF_NETLINK, NETLINK_SOCK_DIAG, AF_INET */
> + "net-pf-16-proto-4-type-10", /* PF_NETLINK, NETLINK_SOCK_DIAG, AF_INET6 */
> +
> + /* tcp_diag */
> + "net-pf-16-proto-4-type-2-6", /* PF_NETLINK, NETLINK_SOCK_DIAG, AF_INET - IPPROTO_TCP */
> +
> + /* udp_diag */
> + "net-pf-16-proto-4-type-2-17", /* PF_NETLINK, NETLINK_SOCK_DIAG, AF_INET - IPPROTO_UDP */
> + "net-pf-16-proto-4-type-2-136", /* PF_NETLINK, NETLINK_SOCK_DIAG, AF_INET - IPPROTO_UDPLITE */
> +
> + /* nfnetlink */
> + "net-pf-16-proto-12", /* PF_NETLINK, NETLINK_NETFILTER */
> +
> + /* unix_diag */
> + "net-pf-16-proto-4-type-1", /* PF_NETLINK, NETLINK_SOCK_DIAG, AF_LOCAL */
> +
> + /* af_packet_diag */
> + "net-pf-16-proto-4-type-17", /* PF_NETLINK, NETLINK_SOCK_DIAG, AF_PACKET */
> +
> + /* netlink_diag */
> + "net-pf-16-proto-4-type-16", /* PF_NETLINK, NETLINK_SOCK_DIAG, AF_NETLINK */
> };
>
> /*
More information about the Devel
mailing list