| commit | 9446ab34ace256e5e470c5aa221d46e544ad895e | [log] [tgz] |
|---|---|---|
| author | Vasily Averin <vvs@virtuozzo.com> | Fri Sep 25 11:56:02 2020 +0300 |
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | Sun Oct 04 21:08:25 2020 +0200 |
| tree | d713cfca44e780cd30cc0929ae16acc67acf572d | |
| parent | 82ec6630f9fcd129ebd839a6c862d0dbffe9eafc [diff] |
netfilter: ipset: enable memory accounting for ipset allocations Currently netadmin inside non-trusted container can quickly allocate whole node's memory via request of huge ipset hashtable. Other ipset-related memory allocations should be restricted too. v2: fixed typo ALLOC -> ACCOUNT Signed-off-by: Vasily Averin <vvs@virtuozzo.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>