[Devel] [PATCH rh8 18/28] ve/kmod/whitelist: Allow netfilter/ipset modules autoload from inside a CT
Konstantin Khorenko
khorenko at virtuozzo.com
Tue Apr 13 11:25:28 MSK 2021
From: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
I forgot to allow in CT autoload of needed modules, so do:
ip_set_list_set
ip_set_hash_netiface
ip_set_hash_ipportnet
ip_set_hash_netport
ip_set_hash_net
ip_set_hash_ipportip
ip_set_hash_ipport
ip_set_hash_ip
ip_set_bitmap_port
ip_set_bitmap_ipmac
ip_set_bitmap_ip
ip_set
https://jira.sw.ru/browse/PSBM-46102
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
(cherry picked from vz7 commit
1af0b905877a ("ve/netfilter/ipset: allow modules autoload"))
Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
---
kernel/kmod.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/kernel/kmod.c b/kernel/kmod.c
index 697811c5a9f2..f1fef8de5d44 100644
--- a/kernel/kmod.c
+++ b/kernel/kmod.c
@@ -262,6 +262,20 @@ static const char * const ve0_allowed_mod[] = {
/* netlink_diag */
"net-pf-16-proto-4-type-16", /* PF_NETLINK, NETLINK_SOCK_DIAG, AF_NETLINK */
+ /* ip_set */
+ "nfnetlink-subsys-6", /* NFNL_SUBSYS_IPSET */
+ "ip_set_bitmap:ip",
+ "ip_set_bitmap:ip,mac",
+ "ip_set_bitmap:port",
+ "ip_set_hash:ip",
+ "ip_set_hash:ip,port",
+ "ip_set_hash:ip,port,ip",
+ "ip_set_hash:net",
+ "ip_set_hash:net,port",
+ "ip_set_hash:ip,port,net",
+ "ip_set_hash:net,iface",
+ "ip_set_list:set",
+
"rtnl-link-dummy",
"rtnl-link-vxlan",
--
2.28.0
More information about the Devel
mailing list