On 17/01/11 22:23, Christian Hofstädtler wrote: > Thanks for the suggestion. I've now rebuilt the kernel with the patch > applied, but it still doesn't work for me. > > Still seeing this in strace ip6tables -nL: > > socket(PF_INET6, SOCK_RAW, IPPROTO_RAW) = 3 > getsockopt(3, SOL_IPV6, 0x40 /* IPV6_??? */, 0x7fffd59065f0, > 0x7fffd5906658) = -1 EPERM (Operation not permitted) > close(3) = 0
Hi Christian, I don't see how else that return value might occur. My only guess is that something went wrong when you patched and built a new kernel. The Debian kernel build system is complicated, especially when building alternate flavours like openvz. Maybe the changes weren't include in the resulting ip6_tables.ko module. If it's any help, for Debian amd64 openvz kernel 2.6.32-29 my patched ip6_tables.ko turned out to be 33440 bytes, sha256sum 7341439857edf1fa8db353e805df197b6c202838799a0e14b5594cf42a80035b The original, unpatched module was 33360 bytes, sha256sum bf3ea26b107447114943bcb4dffe436c26bac784a26c1cd2da5ad1924811529c I extracted the Debian linux-2.6 source and saved the patch into this directory: debian/patches/features/all/openvz/ And I added a suitable entry to this file, after all the other openvz patches indicated by featureset=openvz : debian/patches/series/*-extra (filename depends on package version) Then I mostly followed this guide from step 6 onwards (but building amd64_openvz_amd64 instead) : http://wiki.debian.org/HowToRebuildAnOfficialDebianKernelPackage Much easier than a kernel patch+rebuild, there seems to be an easy workaround for this bug which does functionally the same thing as the patch, but maybe has some other unintended consequences, I don't know: vzctl set 1001 --capability net_admin:on --save After stopping and starting the VE it should then be able to use ip6tables. Regards, -- Steven Chamberlain ste...@pyro.eu.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
