'vz_security_protocol_check' is a part of socket creation routine. Socket creation can be split into separate stages: - family validation and family specific object creation - protocol validation and protocol specific object creation First family argument is validated. If family is ok, then the code can proceeds to further work with protocol agrument.
As part of family validation procedure for containers vz_security_family_check is called. If family is not supported in container environment and the current context is container the function returns with -EAFNOSUPPORT code. As part of protocol validation procedure for containers vz_security_protocol_check is called. If protocol is not supported in container environment and the current context is container the function CURRENTLY returns with -EAFNOSUPPORT code, although by context of the current socket preparation step it should instead return -EPROTONOSUPPORT. https://jira.sw.ru/browse/PSBM-104225 Signed-off-by: Valeriy Vdovin <[email protected]> --- kernel/ve/ve.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/ve/ve.c b/kernel/ve/ve.c index bf9f06d..a94d9cf 100644 --- a/kernel/ve/ve.c +++ b/kernel/ve/ve.c @@ -1059,7 +1059,7 @@ int vz_security_protocol_check(struct net *net, int protocol) case IPPROTO_SCTP: return 0; default: - return -EAFNOSUPPORT; + return -EPROTONOSUPPORT; } } EXPORT_SYMBOL_GPL(vz_security_protocol_check); -- 1.8.3.1 _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
