[Devel] [PATCH RH9 18/20] ve/kmod/whitelist: Enable autoload for iptables security tables from inside CT

Kirill Tkhai ktkhai at virtuozzo.com
Fri Oct 8 12:52:07 MSK 2021


From: Vasily Averin <vvs at virtuozzo.com>

Patch enables autoload of iptable_security and ip6table_security from
inside containers.

It decreases number of errors generated during firewalld start.

https://jira.sw.ru/browse/PSBM-98212

Signed-by: Vasily Averin <vvs at virtuozzo.com>

(cherry picked from vz7 commit 77a471044478 ("ve/kmod: enable autoload
for iptables security tables from inside CT")

Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
---
 kernel/kmod.c |    2 ++
 1 file changed, 2 insertions(+)

diff --git a/kernel/kmod.c b/kernel/kmod.c
index 3a445d4e2734..f3bd4afb81e1 100644
--- a/kernel/kmod.c
+++ b/kernel/kmod.c
@@ -206,10 +206,12 @@ static const char * const ve0_allowed_mod[] = {
 	"ip6_tables",
 	"iptable_filter",
 	"iptable_raw",
+	"iptable_security",
 	"iptable_nat",
 	"iptable_mangle",
 	"ip6table_filter",
 	"ip6table_raw",
+	"ip6table_security",
 	"ip6table_nat",
 	"ip6table_mangle",
 




More information about the Devel mailing list