The commit is pushed to "branch-rh8-4.18.0-240.1.1.vz8.5.x-ovz" and will appear
at https://src.openvz.org/scm/ovz/vzkernel.git
after rh8-4.18.0-240.1.1.vz8.5.34
------>
commit 8f00304e702065dea0b6552ade2274e215c399f2
Author: Vasily Averin <[email protected]>
Date: Wed Jun 2 19:48:05 2021 +0300
net: export "net/*/neigh/*/*" sysctls for Container
Weave Kubernetes plugin requires tuning of
/proc/sys/net/ipv4/neigh/weave/base_reachable_time in particular,
so let's export neighbour sysctls as well.
https://jira.sw.ru/browse/PSBM-92107
Signed-off-by: Konstantin Khorenko <[email protected]>
(cherry picked from vz7 commit 8499e3458f18 ("net: export "net/*/neigh/*/*"
sysctls for Container"))
Signed-off-by: Vasily Averin <[email protected]>
---
net/core/neighbour.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index 95090d1e8197..14458e50b99b 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -3589,8 +3589,8 @@ int neigh_sysctl_register(struct net_device *dev, struct
neigh_parms *p,
neigh_proc_base_reachable_time;
}
- /* Don't export sysctls to unprivileged users */
- if (neigh_parms_net(p)->user_ns != &init_user_ns)
+ /* Export sysctls only to root userns on the host and inside a
Container */
+ if (ve_net_hide_sysctl(neigh_parms_net(p)))
t->neigh_vars[0].procname = NULL;
switch (neigh_parms_family(p)) {
_______________________________________________
Devel mailing list
[email protected]
https://lists.openvz.org/mailman/listinfo/devel
