[Devel] [PATCH RHEL7 COMMIT] ve/kmod: Change modules whitelist to fit their aliases

Konstantin Khorenko khorenko at virtuozzo.com
Tue May 17 09:29:23 PDT 2016 

The commit is pushed to "branch-rh7-3.10.0-327.18.2.vz7.14.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-327.18.2.vz7.14.3
------>
commit ebc70d73717f592c89ad992f77587d9e118bbee6
Author: Cyrill Gorcunov <gorcunov at virtuozzo.com>
Date:   Tue May 17 20:29:23 2016 +0400

    ve/kmod: Change modules whitelist to fit their aliases
    
    When we do call for specifed sockets such as netlink netfilter,
    dialog sockets and such we imply that the kernel will autoload
    them. But previously (e0914131eeb08e6b1953c682be05b9fbcf185f1f
    "ve/kmod: Add modules to whitelist for c/r sake")
    I put module names instead of their alises used in net subsystem
    to determinate which module to load on socket/protocol types.
    
    Fix it putting proper names here.
    
    Thanks to Vladimir to point the problem.
    
    https://jira.sw.ru/browse/PSBM-46789
    
    CC: Konstantin Khorenko <khorenko at virtuozzo.com>
    CC: Andrey Vagin <avagin at openvz.org>
    CC: Pavel Emelyanov <xemul at virtuozzo.com>
    Signed-off-by: Cyrill Gorcunov <gorcunov at virtuozzo.com>
    Reviewed-by: Vladimir Davydov <vdavydov at virtuozzo.com>
---
 kernel/kmod.c | 32 +++++++++++++++++++++++---------
 1 file changed, 23 insertions(+), 9 deletions(-)

diff --git a/kernel/kmod.c b/kernel/kmod.c
index 8df0959..be5fbbf 100644
--- a/kernel/kmod.c
+++ b/kernel/kmod.c
@@ -378,15 +378,29 @@ static inline int module_payload_iptable_allowed(const char *module)
 /* ve0 allowed modules */
 static const char * const ve0_allowed_mod[] = {
 	"binfmt_misc",
-	"netlink_diag",
-	"inet_diag",
-	"tcp_diag",
-	"udp_diag",
-	"unix_diag",
-	"af_packet_diag",
-	"nfnetlink",
-	"nf_conntrack",
-	"nf_conntrack_netlink",
+
+	/* inet_diag, inet6_diag  */
+	"net-pf-16-proto-4-type-2",	/* PF_NETLINK, NETLINK_SOCK_DIAG, AF_INET */
+	"net-pf-16-proto-4-type-10",	/* PF_NETLINK, NETLINK_SOCK_DIAG, AF_INET6 */
+
+	/* tcp_diag */
+	"net-pf-16-proto-4-type-2-6",	/* PF_NETLINK, NETLINK_SOCK_DIAG, AF_INET - IPPROTO_TCP */
+
+	/* udp_diag */
+	"net-pf-16-proto-4-type-2-17",	/* PF_NETLINK, NETLINK_SOCK_DIAG, AF_INET - IPPROTO_UDP */
+	"net-pf-16-proto-4-type-2-136",	/* PF_NETLINK, NETLINK_SOCK_DIAG, AF_INET - IPPROTO_UDPLITE */
+
+	/* nfnetlink  */
+	"net-pf-16-proto-12",		/* PF_NETLINK, NETLINK_NETFILTER */
+
+	/* unix_diag */
+	"net-pf-16-proto-4-type-1",	/* PF_NETLINK, NETLINK_SOCK_DIAG, AF_LOCAL */
+
+	/* af_packet_diag */
+	"net-pf-16-proto-4-type-17",	/* PF_NETLINK, NETLINK_SOCK_DIAG, AF_PACKET */
+
+	/* netlink_diag */
+	"net-pf-16-proto-4-type-16",	/* PF_NETLINK, NETLINK_SOCK_DIAG, AF_NETLINK */
 };
 
 /*

More information about the Devel mailing list