[Devel] [PATCH RHEL7 COMMIT] ve/net: allow AF_ALG sockets inside a Container
Konstantin Khorenko
khorenko at virtuozzo.com
Thu Jun 15 20:04:56 MSK 2023
The commit is pushed to "branch-rh7-3.10.0-1160.90.1.vz7.200.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1160.90.1.vz7.200.1
------>
commit a44caa808d1aed65aab2cbead7388039da2b742c
Author: Konstantin Khorenko <khorenko at virtuozzo.com>
Date: Wed Jun 7 19:41:44 2023 +0300
ve/net: allow AF_ALG sockets inside a Container
Starting RHEL9.2 kernel build fails inside a Container on sha512hmac
execution, looks like libkcapi is rewritten to use AF_ALG sockets which
are disabled inside a Container.
AF_ALG sockets are per netns so let's allow using them inside a
Container.
https://jira.vzint.dev/browse/PSBM-147375
Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
---
kernel/ve/ve.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/kernel/ve/ve.c b/kernel/ve/ve.c
index c0535d7836d6..70e588b7df4c 100644
--- a/kernel/ve/ve.c
+++ b/kernel/ve/ve.c
@@ -358,6 +358,7 @@ int vz_security_family_check(struct net *net, int family, int type)
case PF_INET6:
case PF_PPPOX:
case PF_KEY:
+ case PF_ALG:
return 0;
case PF_BRIDGE:
if (type)
More information about the Devel
mailing list