The commit is pushed to "branch-rh7-3.10.0-1062.1.2.vz7.114.x-ovz" and will
appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1062.1.2.vz7.114.5
------>
commit ff6496ddc93042cf391b4ea039c9358bff019c4e
Author: Andrey Ryabinin <[email protected]>
Date: Tue Oct 15 18:54:55 2019 +0300
ve/net/netfilter/core: Don't allow container to crash the kernel.
The expression BUG_ON(!ve_is_super(get_exec_env())); basically
says that we allow to crash the kernel if we are in container.
This doesn't make any sense, remove this idiocy.
https://jira.sw.ru/browse/PSBM-98211
Signed-off-by: Andrey Ryabinin <[email protected]>
---
net/netfilter/core.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/net/netfilter/core.c b/net/netfilter/core.c
index 4406dc135f42..e149910a5a2a 100644
--- a/net/netfilter/core.c
+++ b/net/netfilter/core.c
@@ -74,8 +74,6 @@ int nf_register_hook(struct nf_hook_ops *reg)
struct nf_hook_ops *elem;
int err;
- BUG_ON(!ve_is_super(get_exec_env()));
-
err = mutex_lock_interruptible(&nf_hook_mutex);
if (err < 0)
return err;
@@ -94,8 +92,6 @@ EXPORT_SYMBOL(nf_register_hook);
void nf_unregister_hook(struct nf_hook_ops *reg)
{
- BUG_ON(!ve_is_super(get_exec_env()));
-
mutex_lock(&nf_hook_mutex);
list_del_rcu(®->list);
mutex_unlock(&nf_hook_mutex);
_______________________________________________
Devel mailing list
[email protected]
https://lists.openvz.org/mailman/listinfo/devel
