Commit:     7c76509d0da99f29289b9b7ab134791e45d49b15
Parent:     e71e0349eb32bc438fa80d8990c6f3592967d111
Author:     Daniel Lezcano <[EMAIL PROTECTED]>
AuthorDate: Thu Jan 10 02:57:43 2008 -0800
Committer:  David S. Miller <[EMAIL PROTECTED]>
CommitDate: Mon Jan 28 15:01:19 2008 -0800

    [NETNS][IPV6]: Make mld_max_msf readonly in other namespaces.
    The mld_max_msf protects the system with a maximum allowed multicast
    source filters. Making this variable per namespace can be potentially
    an problem if someone inside a namespace set it to a big value, that
    will impact the whole system including other namespaces.
    I don't see any benefits to have it per namespace for now, so in order
    to keep a directory entry in a newly created namespace, I make it
    read-only when we are not in the initial network namespace.
    Signed-off-by: Daniel Lezcano <[EMAIL PROTECTED]>
    Signed-off-by: David S. Miller <[EMAIL PROTECTED]>
 net/ipv6/sysctl_net_ipv6.c |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/net/ipv6/sysctl_net_ipv6.c b/net/ipv6/sysctl_net_ipv6.c
index ae3cfd1..d223159 100644
--- a/net/ipv6/sysctl_net_ipv6.c
+++ b/net/ipv6/sysctl_net_ipv6.c
@@ -122,6 +122,12 @@ static int ipv6_sysctl_net_init(struct net *net)
        ipv6_table[5].data = &net->ipv6.sysctl.frags.timeout;
        ipv6_table[6].data = &net->ipv6.sysctl.frags.secret_interval;
+       /* We don't want this value to be per namespace, it should be global
+          to all namespaces, so make it read-only when we are not in the
+          init network namespace */
+       if (net != &init_net)
+               ipv6_table[7].mode = 0444;
        net->ipv6.sysctl.table = register_net_sysctl_table(net, 
        if (!net->ipv6.sysctl.table)
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at

Reply via email to