diff options
author | Eric W. Biederman <ebiederm@xmission.com> | 2012-11-16 03:03:10 +0000 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2012-11-18 20:33:00 -0500 |
commit | c027aab4a6b1fe2541090ac04bee8ad246aeef70 (patch) | |
tree | e53b0a69cba2bd4476812f06e97986bcdfb0195c /net/ipv6/icmp.c | |
parent | 276996fda0f33bd5e5e028c426f852ecd119372b (diff) | |
download | linux-c027aab4a6b1fe2541090ac04bee8ad246aeef70.tar.gz linux-c027aab4a6b1fe2541090ac04bee8ad246aeef70.tar.bz2 linux-c027aab4a6b1fe2541090ac04bee8ad246aeef70.zip |
net: Enable some sysctls that are safe for the userns root
- Enable the per device ipv4 sysctls:
net/ipv4/conf/<if>/forwarding
net/ipv4/conf/<if>/mc_forwarding
net/ipv4/conf/<if>/accept_redirects
net/ipv4/conf/<if>/secure_redirects
net/ipv4/conf/<if>/shared_media
net/ipv4/conf/<if>/rp_filter
net/ipv4/conf/<if>/send_redirects
net/ipv4/conf/<if>/accept_source_route
net/ipv4/conf/<if>/accept_local
net/ipv4/conf/<if>/src_valid_mark
net/ipv4/conf/<if>/proxy_arp
net/ipv4/conf/<if>/medium_id
net/ipv4/conf/<if>/bootp_relay
net/ipv4/conf/<if>/log_martians
net/ipv4/conf/<if>/tag
net/ipv4/conf/<if>/arp_filter
net/ipv4/conf/<if>/arp_announce
net/ipv4/conf/<if>/arp_ignore
net/ipv4/conf/<if>/arp_accept
net/ipv4/conf/<if>/arp_notify
net/ipv4/conf/<if>/proxy_arp_pvlan
net/ipv4/conf/<if>/disable_xfrm
net/ipv4/conf/<if>/disable_policy
net/ipv4/conf/<if>/force_igmp_version
net/ipv4/conf/<if>/promote_secondaries
net/ipv4/conf/<if>/route_localnet
- Enable the global ipv4 sysctl:
net/ipv4/ip_forward
- Enable the per device ipv6 sysctls:
net/ipv6/conf/<if>/forwarding
net/ipv6/conf/<if>/hop_limit
net/ipv6/conf/<if>/mtu
net/ipv6/conf/<if>/accept_ra
net/ipv6/conf/<if>/accept_redirects
net/ipv6/conf/<if>/autoconf
net/ipv6/conf/<if>/dad_transmits
net/ipv6/conf/<if>/router_solicitations
net/ipv6/conf/<if>/router_solicitation_interval
net/ipv6/conf/<if>/router_solicitation_delay
net/ipv6/conf/<if>/force_mld_version
net/ipv6/conf/<if>/use_tempaddr
net/ipv6/conf/<if>/temp_valid_lft
net/ipv6/conf/<if>/temp_prefered_lft
net/ipv6/conf/<if>/regen_max_retry
net/ipv6/conf/<if>/max_desync_factor
net/ipv6/conf/<if>/max_addresses
net/ipv6/conf/<if>/accept_ra_defrtr
net/ipv6/conf/<if>/accept_ra_pinfo
net/ipv6/conf/<if>/accept_ra_rtr_pref
net/ipv6/conf/<if>/router_probe_interval
net/ipv6/conf/<if>/accept_ra_rt_info_max_plen
net/ipv6/conf/<if>/proxy_ndp
net/ipv6/conf/<if>/accept_source_route
net/ipv6/conf/<if>/optimistic_dad
net/ipv6/conf/<if>/mc_forwarding
net/ipv6/conf/<if>/disable_ipv6
net/ipv6/conf/<if>/accept_dad
net/ipv6/conf/<if>/force_tllao
- Enable the global ipv6 sysctls:
net/ipv6/bindv6only
net/ipv6/icmp/ratelimit
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6/icmp.c')
-rw-r--r-- | net/ipv6/icmp.c | 7 |
1 files changed, 1 insertions, 6 deletions
diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c index d77dc1e2a42b..b4a9fd51dae7 100644 --- a/net/ipv6/icmp.c +++ b/net/ipv6/icmp.c @@ -967,14 +967,9 @@ struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net) sizeof(ipv6_icmp_table_template), GFP_KERNEL); - if (table) { + if (table) table[0].data = &net->ipv6.sysctl.icmpv6_time; - /* Don't export sysctls to unprivileged users */ - if (net->user_ns != &init_user_ns) - table[0].procname = NULL; - } - return table; } #endif |