[Devel] [PATCH 0/3] net/ipvs: allow IPVS in CT
Andrew Vagin
avagin at virtuozzo.com
Tue Apr 25 11:39:20 PDT 2017
Reviewed-by: Andrew Vagin <avagin at virtuozzo.com>
On Tue, Apr 25, 2017 at 06:59:51PM +0300, Pavel Tikhomirov wrote:
> Allowing IPVS to CT root may be unsafe, we still need to check it,
> it is about 20k lines of code. If ip_vs module is not loaded on host
> ipvs will not work in CT as all other modules depend on it. So in
> default situation these does not change anything.
>
> We need it for docker-swarm for cluster network balansing to work.
>
> https://jira.sw.ru/browse/PSBM-63883
>
> Pavel Tikhomirov (3):
> ve/sysctl/net: allow net.ipv4.vs.* in CT init userns
> netlink: allow IPVS netlink messages to CT init userns
> net/ipvs: allow IPVS modules autoload in CT
>
> include/linux/netlink.h | 1 +
> include/uapi/linux/genetlink.h | 1 +
> kernel/kmod.c | 16 ++++++++++++++++
> net/netfilter/ipvs/ip_vs_ctl.c | 34 +++++++++++++++++-----------------
> net/netlink/af_netlink.c | 19 +++++++++++++++++++
> net/netlink/genetlink.c | 4 ++++
> 6 files changed, 58 insertions(+), 17 deletions(-)
>
> --
> 2.9.3
>
More information about the Devel
mailing list