X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=net%2Fnetfilter%2Fipvs%2Fip_vs_ctl.c;h=29ec3ef63edc7a6b59b37bd0eb5e95b25e32bf57;hb=174c376278949c44aad89c514a6b5db6cee8db59;hp=c25097092a060bf579edec4ac9638edb4f6fd569;hpb=a482c5e00a9b5a194085bcd372ac36141028becb;p=platform%2Fkernel%2Flinux-starfive.git

diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index c250970..29ec3ef 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -4090,6 +4090,11 @@ static int __net_init ip_vs_control_net_init_sysctl(struct netns_ipvs *ipvs)
 	tbl[idx++].data = &ipvs->sysctl_conn_reuse_mode;
 	tbl[idx++].data = &ipvs->sysctl_schedule_icmp;
 	tbl[idx++].data = &ipvs->sysctl_ignore_tunneled;
+#ifdef CONFIG_IP_VS_DEBUG
+	/* Global sysctls must be ro in non-init netns */
+	if (!net_eq(net, &init_net))
+		tbl[idx++].mode = 0444;
+#endif
 
 	ipvs->sysctl_hdr = register_net_sysctl(net, "net/ipv4/vs", tbl);
 	if (ipvs->sysctl_hdr == NULL) {