Re: lenny updates (networking)
Hi Kir
Quoting Kir Kolyshkin <kir@openvz.org>:
Ola Lundqvist wrote:
[...]
http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=ce67d5b4cc85fa0c6a6d226d436276ab307ae041
iptables: setup init iptables mask before net initialization
Trivial fix for IPv6 iptables in container. Not an ABI breaker.
Attached as 0042*
IPv6 is not really working in the current version. However this is
an improvement to the current state.
Not sure it should be included. I have added to my test build but I
think I need advice from Dann here.
So we can either disable IPv6 in config or fix it. It's up to you/Dann
to decide. I'd go with fixing.
I tend to agree.
Speaking of IPv6, we also have a bunch of patches for ipv6 conntracks
in containers which I haven't sent since it looks more like a new
functionality rather than a bugfix.
If it is new functionality, then it can not go in. However if it is
fixes (>= important) then it should go in. So if you see any important
ones please let me know.
http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=fffc6ffba65ec0b12aeb89f2e4a448785298aa75
net: set ve context when init/exit method is called
Attached as 0043*
Security issue?
No. Deadlocks/leaks on VE stop.
I personally consider deadlock as a denial of service. However this
can only be done by root. On the other hand I assume it is still
important to fix it.
[...]
Best regards,
// Ola
--
--- Inguza Technology AB --- MSc in Information Technology ----
/ ola@inguza.com Annebergsslingan 37 \
| opal@debian.org 654 65 KARLSTAD |
| http://inguza.com/ Mobile: +46 (0)70-332 1551 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
Reply to: