[Devel] [PATCH RH9 18/20] ve/kmod/whitelist: Enable autoload for iptables security tables from inside CT
Kirill Tkhai
ktkhai at virtuozzo.com
Fri Oct 8 12:52:07 MSK 2021
From: Vasily Averin <vvs at virtuozzo.com>
Patch enables autoload of iptable_security and ip6table_security from
inside containers.
It decreases number of errors generated during firewalld start.
https://jira.sw.ru/browse/PSBM-98212
Signed-by: Vasily Averin <vvs at virtuozzo.com>
(cherry picked from vz7 commit 77a471044478 ("ve/kmod: enable autoload
for iptables security tables from inside CT")
Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
---
kernel/kmod.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/kernel/kmod.c b/kernel/kmod.c
index 3a445d4e2734..f3bd4afb81e1 100644
--- a/kernel/kmod.c
+++ b/kernel/kmod.c
@@ -206,10 +206,12 @@ static const char * const ve0_allowed_mod[] = {
"ip6_tables",
"iptable_filter",
"iptable_raw",
+ "iptable_security",
"iptable_nat",
"iptable_mangle",
"ip6table_filter",
"ip6table_raw",
+ "ip6table_security",
"ip6table_nat",
"ip6table_mangle",
More information about the Devel
mailing list