[NET] sysctl: make the sys.net.core sysctls per-namespace

Making them per-namespace is required for the following two reasons: First, some ctl values have a per-namespace meaning. Second, making them writable from the sub-namespace is an isolation hole. So I introduce the pernet operations to create these tables. For init_net I use the existing statically declared tables, for sub-namespace they are duplicated and the write bits are removed from the mode. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2025-06-17 20:25:19 +00:00 · 2007-12-08 00:09:24 -08:00 · 2007-12-08 00:09:24 -08:00 · 024626e36d
commit 024626e36d
parent cbbb90e68c
2 changed files with 48 additions and 5 deletions
--- a/include/net/net_namespace.h
+++ b/include/net/net_namespace.h
@ -37,6 +37,9 @@ struct net {

 	struct sock 		*rtnl;			/* rtnetlink socket */

+	/* core sysctls */
+	struct ctl_table_header	*sysctl_core_hdr;
+
 	/* List of all packet sockets. */
 	rwlock_t		packet_sklist_lock;
 	struct hlist_head	packet_sklist;