[Devel] [PATCH RH7] ve/netns: fix counting of network namespaces limits

If net_alloc fails we leak netns_avail_nr counter when it should be incremented back. Fixes commit a408265ce710 ("ve/netns: limit number of network namespaces per container") Signed-off-by: Pavel Tikhomirov --- net/core/net_namespace.c | 1 + 1 file changed, 1

[Devel] [PATCH RH7] ve/net: partially return ms permission check for ethtool commands

"!ve_capable(CAP_NET_ADMIN)" does not actually cover some cases which "!ns_capable(net->user_ns, CAP_NET_ADMIN)" covered, because if net namespace is from host the latter gives us EPERM if we are from CT, but the former will allow access for CT root. The change is fine as: >From host's security

[Devel] [PATCH RHEL7 COMMIT] Revert "Kconfig: disable SELinux"

The commit is pushed to "branch-rh7-3.10.0-693.11.6.vz7.42.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git after rh7-3.10.0-693.11.6.vz7.42.1 --> commit f18e96e8cabd5cdab762f7db9b5521294e5a96f3 Author: Konstantin Khorenko Date: Tue Jan 16

Re: [Devel] [PATCH RFC 0/5] Shrink big fdtable on criu restore

On Fri, Jan 12, 2018 at 06:45:58PM +0300, Kirill Tkhai wrote: > Hi, > > this patchset allows to avoid memory overuse introduced > by service fds on criu restore. The solution is simple: > smartly check for closed fd number, and shrink fdtable > if this could be made. The checks are happen in