[Devel] [PATCH RHEL7 COMMIT] ve/kmod: enable autoload for iptables security tables from inside CT
Konstantin Khorenko
khorenko at virtuozzo.com
Mon Nov 11 18:39:12 MSK 2019
The commit is pushed to "branch-rh7-3.10.0-1062.4.1.vz7.115.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1062.4.1.vz7.115.12
------>
commit 90ba582358d192d875bdb50888d29baeca870e7c
Author: Vasily Averin <vvs at virtuozzo.com>
Date: Mon Nov 11 18:39:10 2019 +0300
ve/kmod: enable autoload for iptables security tables from inside CT
Patch enables autoload of iptable_security and ip6table_security from
inside containers.
It decreases number of errors generated during firewalld start.
https://jira.sw.ru/browse/PSBM-98212
Signed-by: Vasily Averin <vvs at virtuozzo.com>
---
kernel/kmod.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/kernel/kmod.c b/kernel/kmod.c
index 26edbca07cba..bd6d199189b7 100644
--- a/kernel/kmod.c
+++ b/kernel/kmod.c
@@ -208,12 +208,14 @@ static struct {
{ "ip6_tables", VE_IP_IPTABLES6 },
{ "iptable_filter", VE_IP_FILTER },
{ "iptable_raw", VE_IP_IPTABLES },
+ { "iptable_security", VE_IP_IPTABLES },
{ "iptable_nat", VE_IP_NAT },
{ "iptable_mangle", VE_IP_MANGLE },
{ "ip6table_filter", VE_IP_FILTER6 },
{ "ip6table_nat", VE_IP_NAT },
{ "ip6table_mangle", VE_IP_MANGLE6 },
{ "ip6table_raw", VE_IP_IPTABLES6 },
+ { "ip6table_security", VE_IP_IPTABLES6 },
{ "xt_CONNMARK", VE_NF_CONNTRACK|VE_IP_CONNTRACK },
{ "xt_CONNSECMARK", VE_NF_CONNTRACK|VE_IP_CONNTRACK },
More information about the Devel
mailing list