[Devel] [PATCH RHEL9 COMMIT] ve/net: allow AF_ALG sockets inside a Container
Konstantin Khorenko
khorenko at virtuozzo.com
Thu Jun 15 20:19:05 MSK 2023
The commit is pushed to "branch-rh9-5.14.0-284.11.1.vz9.25.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh9-5.14.0-284.11.1.el9
------>
commit e7c0368c4724833970cc03ba43531e5d7e0fe348
Author: Konstantin Khorenko <khorenko at virtuozzo.com>
Date: Wed Jun 7 19:41:44 2023 +0300
ve/net: allow AF_ALG sockets inside a Container
Starting RHEL9.2 kernel build fails inside a Container on sha512hmac
execution, looks like libkcapi is rewritten to use AF_ALG sockets which
are disabled inside a Container.
AF_ALG sockets are per netns so let's allow using them inside a
Container.
https://jira.vzint.dev/browse/PSBM-147375
Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
---
kernel/ve/ve.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/kernel/ve/ve.c b/kernel/ve/ve.c
index c56e0849fa3b..27841e409f90 100644
--- a/kernel/ve/ve.c
+++ b/kernel/ve/ve.c
@@ -197,6 +197,7 @@ int vz_security_family_check(struct net *net, int family, int type)
case PF_INET6:
case PF_PPPOX:
case PF_KEY:
+ case PF_ALG:
return 0;
case PF_BRIDGE:
switch (type) {
More information about the Devel
mailing list