[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: lenny updates (networking)

Hi Kir

Quoting Kir Kolyshkin <kir@openvz.org>:

Ola Lundqvist wrote:
iptables: setup init iptables mask before net initialization
Trivial fix for IPv6 iptables in container. Not an ABI breaker.
Attached as 0042*

IPv6 is not really working in the current version. However this is an improvement to the current state. Not sure it should be included. I have added to my test build but I think I need advice from Dann here.

So we can either disable IPv6 in config or fix it. It's up to you/Dann
to decide. I'd go with fixing.

I tend to agree.

Speaking of IPv6, we also have a bunch of patches for ipv6 conntracks
in containers which I haven't sent since it looks more like a new
functionality rather than a bugfix.

If it is new functionality, then it can not go in. However if it is fixes (>= important) then it should go in. So if you see any important ones please let me know.

net: set ve context when init/exit method is called
Attached as 0043*

Security issue?

No. Deadlocks/leaks on VE stop.

I personally consider deadlock as a denial of service. However this can only be done by root. On the other hand I assume it is still important to fix it.


Best regards,

// Ola

 --- Inguza Technology AB --- MSc in Information Technology ----
/  ola@inguza.com                    Annebergsslingan 37        \
|  opal@debian.org                   654 65 KARLSTAD            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /

Reply to: