[Devel] [PATCH 10/11] SUNRPC: allow debug flags modifications only from init_net

Stanislav Kinsbursky Wed, 14 Dec 2011 02:48:06 -0800

Debug flags are global (i.e. fo all namespaces). So probably, it is better to
restrict write access and allow it only to processes with "init_net" network
namespace.


Signed-off-by: Stanislav Kinsbursky <skinsbur...@parallels.com>

---
 net/sunrpc/sysctl.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/net/sunrpc/sysctl.c b/net/sunrpc/sysctl.c
index eda80cf..224b075 100644
--- a/net/sunrpc/sysctl.c
+++ b/net/sunrpc/sysctl.c
@@ -156,7 +156,8 @@ proc_dodebug(ctl_table *table, int write,
                        return -EINVAL;
                while (left && isspace(*s))
                        left--, s++;
-               *(unsigned int *) table->data = value;
+               if (net_eq(current->nsproxy->net_ns, &init_net))
+                       *(unsigned int *) table->data = value;
                /* Display the RPC tasks on writing to rpc_debug */
                if (strcmp(table->procname, "rpc_debug") == 0)
                        rpc_show_tasks(&init_net);

_______________________________________________
Devel mailing list
Devel@openvz.org
https://openvz.org/mailman/listinfo/devel

[Devel] [PATCH 10/11] SUNRPC: allow debug flags modifications only from init_net

Reply via email to