projects
/
platform
/
kernel
/
linux-starfive.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
netfilter: ipvs: make global sysctl readonly in non-init netns
[platform/kernel/linux-starfive.git]
/
net
/
netfilter
/
ipvs
/
ip_vs_ctl.c
diff --git
a/net/netfilter/ipvs/ip_vs_ctl.c
b/net/netfilter/ipvs/ip_vs_ctl.c
index
c250970
..
29ec3ef
100644
(file)
--- a/
net/netfilter/ipvs/ip_vs_ctl.c
+++ b/
net/netfilter/ipvs/ip_vs_ctl.c
@@
-4090,6
+4090,11
@@
static int __net_init ip_vs_control_net_init_sysctl(struct netns_ipvs *ipvs)
tbl[idx++].data = &ipvs->sysctl_conn_reuse_mode;
tbl[idx++].data = &ipvs->sysctl_schedule_icmp;
tbl[idx++].data = &ipvs->sysctl_ignore_tunneled;
tbl[idx++].data = &ipvs->sysctl_conn_reuse_mode;
tbl[idx++].data = &ipvs->sysctl_schedule_icmp;
tbl[idx++].data = &ipvs->sysctl_ignore_tunneled;
+#ifdef CONFIG_IP_VS_DEBUG
+ /* Global sysctls must be ro in non-init netns */
+ if (!net_eq(net, &init_net))
+ tbl[idx++].mode = 0444;
+#endif
ipvs->sysctl_hdr = register_net_sysctl(net, "net/ipv4/vs", tbl);
if (ipvs->sysctl_hdr == NULL) {
ipvs->sysctl_hdr = register_net_sysctl(net, "net/ipv4/vs", tbl);
if (ipvs->sysctl_hdr == NULL) {