[Devel] [PATCH v2] netfilter: check per-ve netfilter status on actual operation
Andrey Ryabinin
aryabinin at virtuozzo.com
Fri Jul 21 16:32:54 MSK 2017
On 07/21/2017 04:29 PM, Stanislav Kinsburskiy wrote:
>>> @@ -1424,6 +1428,9 @@ int ip_getsockopt(struct sock *sk, int level,
>>> if (get_user(len, optlen))
>>> return -EFAULT;
>>>
>>> + if (!ve_ipt_permitted(net, VE_IP_FILTER))
>>> + return -ENOENT;
>>
>> And the same err here ?
>>
>
> Not sure about this.
> With current netfilter "disablement" ENOENT is returned:
>
> 4425 getsockopt(3, SOL_IP, 0x40 /* IP_??? */, 0x7ffee5fcd1e0, 0x7ffee5fcd1d4) = -1 ENOENT (No such file or directory)
>
> So, this error ion the patch tries to mimic old behavior.
>
Ok
More information about the Devel
mailing list