The commit is pushed to "branch-rh7-3.10.0-327.10.1.vz7.12.x-ovz" and will
appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-327.10.1.vz7.12.7
------>
commit 70e21af0a2117bb9f564c570bc965e07da899c8d
Author: Konstantin Khorenko <[email protected]>
Date: Tue Apr 12 14:29:17 2016 +0400
Revert "ve/ipset: prohibit ipset from the inside CT"
This reverts commit 5c2acb86f7bf5031b0fb30c719b5931596f08f87.
We are going to port ipset virtualization patches =>
no need to disable using ipset functionality inside Containers.
https://jira.sw.ru/browse/PSBM-45281
Signed-off-by: Pavel Tikhomirov <[email protected]>
--
Best regards,
Konstantin Khorenko,
Virtuozzo Linux Kernel Team
On 04/01/2016 05:10 PM, Pavel Tikhomirov wrote:
This reverts commit 5c2acb86f7bf5031b0fb30c719b5931596f08f87.
https://jira.sw.ru/browse/PSBM-45281
Signed-off-by: Pavel Tikhomirov <[email protected]>
---
net/netfilter/nfnetlink.c | 7 -------
1 file changed, 7 deletions(-)
diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
index d2de992..e009087 100644
--- a/net/netfilter/nfnetlink.c
+++ b/net/netfilter/nfnetlink.c
@@ -368,7 +368,6 @@ static void nfnetlink_rcv_batch(struct sk_buff *skb, struct
nlmsghdr *nlh,
static void nfnetlink_rcv(struct sk_buff *skb)
{
struct nlmsghdr *nlh = nlmsg_hdr(skb);
- struct net *net = sock_net(skb->sk);
int msglen;
if (nlh->nlmsg_len < NLMSG_HDRLEN ||
@@ -380,12 +379,6 @@ static void nfnetlink_rcv(struct sk_buff *skb)
return;
}
- if (net->owner_ve != get_ve0() &&
- NFNL_SUBSYS_ID(nlh->nlmsg_type) == NFNL_SUBSYS_IPSET) {
- netlink_ack(skb, nlh, -EPERM);
- return;
- }
-
if (nlh->nlmsg_type == NFNL_MSG_BATCH_BEGIN) {
struct nfgenmsg *nfgenmsg;
_______________________________________________
Devel mailing list
[email protected]
https://lists.openvz.org/mailman/listinfo/devel
