Commits
Konstantin Khorenko authored 2de980dd472
ve/net/core: allow to call setsockopt(SO_SNDBUFFORCE) from Containers "nft" util (in CentOS 8 environment) does use setsockopt(SO_SNDBUFFORCE) unconditionally, so we have to allow it from inside a Container. At the same time we don't want to allow a Container to set too much memory for a socket, so just threat SO_SNDBUFFORCE like SO_SNDBUF if called inside a Container. Simple rule to test: # nft add rule filter INPUT ct state related,established accept https://jira.sw.ru/browse/PSBM-98794 Signed-off-by: Konstantin Khorenko <khorenko@virtuozzo.com> Acked-by: Andrey Ryabinin <aryabinin@virtuozzo.com>