Gitweb:     
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c48dad7ecd84eac92afbe02bd69fca9983a65a56
Commit:     c48dad7ecd84eac92afbe02bd69fca9983a65a56
Parent:     d8a5ec672768c3cf4d51d7a63fc071520afa1617
Author:     Eric W. Biederman <[EMAIL PROTECTED]>
AuthorDate: Wed Sep 12 13:58:02 2007 +0200
Committer:  David S. Miller <[EMAIL PROTECTED]>
CommitDate: Wed Oct 10 16:49:13 2007 -0700

    [NET]: Disable netfilter sockopts when not in the initial network namespace
    
    Until we support multiple network namespaces with netfilter only allow
    netfilter configuration in the initial network namespace.
    
    Signed-off-by: Eric W. Biederman <[EMAIL PROTECTED]>
    Signed-off-by: David S. Miller <[EMAIL PROTECTED]>
---
 net/netfilter/nf_sockopt.c |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/net/netfilter/nf_sockopt.c b/net/netfilter/nf_sockopt.c
index e32761c..aa28315 100644
--- a/net/netfilter/nf_sockopt.c
+++ b/net/netfilter/nf_sockopt.c
@@ -69,6 +69,9 @@ static int nf_sockopt(struct sock *sk, int pf, int val,
        struct nf_sockopt_ops *ops;
        int ret;
 
+       if (sk->sk_net != &init_net)
+               return -ENOPROTOOPT;
+
        if (mutex_lock_interruptible(&nf_sockopt_mutex) != 0)
                return -EINTR;
 
@@ -125,6 +128,10 @@ static int compat_nf_sockopt(struct sock *sk, int pf, int 
val,
        struct nf_sockopt_ops *ops;
        int ret;
 
+       if (sk->sk_net != &init_net)
+               return -ENOPROTOOPT;
+
+
        if (mutex_lock_interruptible(&nf_sockopt_mutex) != 0)
                return -EINTR;
 
-
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to