Commits
Cyrill Gorcunov authored and Pavel Emelyanov committed 451c01314a0
iptables: Tables should be checked for permission via mask only The sequence of module loading is not controllable by the kernel anymore (due to KSYM removal). As result we may fail testing if dependant module is already loaded(allowed for usage via config) at moment of granting the module permissions to run in particular VE. Instead the _MOD bits are used as flags pointing out that netns is borrowing some resources and we need to release them at exit (we can't just fail in netns init/fini routines otherwise VE would not start at all). Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@openvz.org>