[Devel] [PATCH 0/3] net/ipvs: allow IPVS in CT
Pavel Tikhomirov
ptikhomirov at virtuozzo.com
Tue Apr 25 08:59:51 PDT 2017
Allowing IPVS to CT root may be unsafe, we still need to check it,
it is about 20k lines of code. If ip_vs module is not loaded on host
ipvs will not work in CT as all other modules depend on it. So in
default situation these does not change anything.
We need it for docker-swarm for cluster network balansing to work.
https://jira.sw.ru/browse/PSBM-63883
Pavel Tikhomirov (3):
ve/sysctl/net: allow net.ipv4.vs.* in CT init userns
netlink: allow IPVS netlink messages to CT init userns
net/ipvs: allow IPVS modules autoload in CT
include/linux/netlink.h | 1 +
include/uapi/linux/genetlink.h | 1 +
kernel/kmod.c | 16 ++++++++++++++++
net/netfilter/ipvs/ip_vs_ctl.c | 34 +++++++++++++++++-----------------
net/netlink/af_netlink.c | 19 +++++++++++++++++++
net/netlink/genetlink.c | 4 ++++
6 files changed, 58 insertions(+), 17 deletions(-)
--
2.9.3
More information about the Devel
mailing list