| [PATCH 10/11] SUNRPC: allow debug flags modifications only from init_net [message #44558 is a reply to message #44548] |
Wed, 14 December 2011 10:47   |
Stanislav Kinsbursky
Messages: 683
Registered: October 2011
|
Senior Member |
|
|
Debug flags are global (i.e. fo all namespaces). So probably, it is better to
restrict write access and allow it only to processes with "init_net" network
namespace.
Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com>
---
net/sunrpc/sysctl.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/net/sunrpc/sysctl.c b/net/sunrpc/sysctl.c
index eda80cf..224b075 100644
--- a/net/sunrpc/sysctl.c
+++ b/net/sunrpc/sysctl.c
@@ -156,7 +156,8 @@ proc_dodebug(ctl_table *table, int write,
return -EINVAL;
while (left && isspace(*s))
left--, s++;
- *(unsigned int *) table->data = value;
+ if (net_eq(current->nsproxy->net_ns, &init_net))
+ *(unsigned int *) table->data = value;
/* Display the RPC tasks on writing to rpc_debug */
if (strcmp(table->procname, "rpc_debug") == 0)
rpc_show_tasks(&init_net);
|
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
