forwarded 638609 http://bugzilla.openvz.org/show_bug.cgi?id=1981 thanks
Hi Michael Thanks for the bug-report. I have forwarded this to upstream as you can see in http://bugzilla.openvz.org/show_bug.cgi?id=1981 Best regards, // Ola On Sat, Aug 20, 2011 at 10:54:46AM +0200, Michael Renner wrote: > Package: linux-image-2.6.32-5-openvz-amd64 > Version: 2.6.32-35 > Severity: normal > > When using OpenVZ the iptables "raw" table gets leaked to containers. This is > problematic when using OpenVZs checkpointing feature since every restore of a > container invokes iptables-restore in the container with the set of rules > which > existed during the checkpoint process. > > If a container was checkpointed with the "raw" table visible and the kernel of > the hardware node/CT0 doesn't have iptable_raw loaded anymore the > iptables-restore in the container will fail, causing the restore to abort. > This will manifest in the dreaded and non-descript error: > > > Error: undump failed: Invalid argument > Restoring failed: > Error: iptables-restore exited with 2 > Error: Most probably some iptables modules are not loaded > Error: rst_restore_net: -22 > > > You can find a demonstration of this behavior at > http://nopaste.narf.at/show/778/. > > The "raw" table should be completely hidden in containers to > prevent such problems, even more so because it's not even allowed > within containers; OpenVZ only allows the "filter" and "mangle" tables > to be used within containers. > > > > -- System Information: > Debian Release: 6.0.2 > APT prefers stable-updates > APT policy: (500, 'stable-updates'), (500, 'stable') > Architecture: amd64 (x86_64) > > Kernel: Linux 2.6.32-5-openvz-amd64 (SMP w/8 CPU cores) > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/bash > > > > -- > To UNSUBSCRIBE, email to [email protected] > with a subject of "unsubscribe". Trouble? Contact [email protected] > Archive: > http://lists.debian.org/[email protected] > > -- --------------------- Ola Lundqvist --------------------------- / [email protected] Annebergsslingan 37 \ | [email protected] 654 65 KARLSTAD | | http://inguza.com/ +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / --------------------------------------------------------------- -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
