Commit 34ac2573 authored by Pavel Emelyanov's avatar Pavel Emelyanov Committed by David S. Miller

ipv6: Register some net/ipv6/ core sysctls at read-only root.

There are some sysctls left to be switched to read-only,
but they are all in ipv6, so complete with them.
Signed-off-by: default avatarPavel Emelyanov <xemul@openvz.org>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 7d291ebb
...@@ -37,6 +37,10 @@ static ctl_table ipv6_table_template[] = { ...@@ -37,6 +37,10 @@ static ctl_table ipv6_table_template[] = {
.mode = 0644, .mode = 0644,
.proc_handler = &proc_dointvec .proc_handler = &proc_dointvec
}, },
{ .ctl_name = 0 }
};
static ctl_table ipv6_table[] = {
{ {
.ctl_name = NET_IPV6_MLD_MAX_MSF, .ctl_name = NET_IPV6_MLD_MAX_MSF,
.procname = "mld_max_msf", .procname = "mld_max_msf",
...@@ -80,12 +84,6 @@ static int ipv6_sysctl_net_init(struct net *net) ...@@ -80,12 +84,6 @@ static int ipv6_sysctl_net_init(struct net *net)
ipv6_table[2].data = &net->ipv6.sysctl.bindv6only; ipv6_table[2].data = &net->ipv6.sysctl.bindv6only;
/* We don't want this value to be per namespace, it should be global
to all namespaces, so make it read-only when we are not in the
init network namespace */
if (net != &init_net)
ipv6_table[3].mode = 0444;
net->ipv6.sysctl.table = register_net_sysctl_table(net, net_ipv6_ctl_path, net->ipv6.sysctl.table = register_net_sysctl_table(net, net_ipv6_ctl_path,
ipv6_table); ipv6_table);
if (!net->ipv6.sysctl.table) if (!net->ipv6.sysctl.table)
...@@ -126,12 +124,29 @@ static struct pernet_operations ipv6_sysctl_net_ops = { ...@@ -126,12 +124,29 @@ static struct pernet_operations ipv6_sysctl_net_ops = {
.exit = ipv6_sysctl_net_exit, .exit = ipv6_sysctl_net_exit,
}; };
static struct ctl_table_header *ip6_header;
int ipv6_sysctl_register(void) int ipv6_sysctl_register(void)
{ {
return register_pernet_subsys(&ipv6_sysctl_net_ops); int err = -ENOMEM;;
ip6_header = register_net_sysctl_rotable(net_ipv6_ctl_path, ipv6_table);
if (ip6_header == NULL)
goto out;
err = register_pernet_subsys(&ipv6_sysctl_net_ops);
if (err)
goto err_pernet;
out:
return err;
err_pernet:
unregister_net_sysctl_table(ip6_header);
goto out;
} }
void ipv6_sysctl_unregister(void) void ipv6_sysctl_unregister(void)
{ {
unregister_net_sysctl_table(ip6_header);
unregister_pernet_subsys(&ipv6_sysctl_net_ops); unregister_pernet_subsys(&ipv6_sysctl_net_ops);
} }
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment