From: Vasily Averin <v...@virtuozzo.com> Weave Kubernetes plugin requires tuning of /proc/sys/net/ipv4/neigh/weave/base_reachable_time in particular,
so let's export neighbour sysctls as well. https://jira.sw.ru/browse/PSBM-92107 Signed-off-by: Konstantin Khorenko <khore...@virtuozzo.com> (cherry picked from vz7 commit 8499e3458f18 ("net: export "net/*/neigh/*/*" sysctls for Container")) Signed-off-by: Vasily Averin <v...@virtuozzo.com> (cherry-picked from vz8 commit 6d32047a144d ("net: export "net/*/neigh/*/*" sysctls for Container")) Signed-off-by: Nikita Yushchenko <nikita.yushche...@virtuozzo.com> --- net/core/neighbour.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/net/core/neighbour.c b/net/core/neighbour.c index 53e85c70c6e5..5941bb6f2367 100644 --- a/net/core/neighbour.c +++ b/net/core/neighbour.c @@ -21,6 +21,7 @@ #include <linux/socket.h> #include <linux/netdevice.h> #include <linux/proc_fs.h> +#include <linux/ve.h> #ifdef CONFIG_SYSCTL #include <linux/sysctl.h> #endif @@ -3679,8 +3680,8 @@ int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p, neigh_proc_base_reachable_time; } - /* Don't export sysctls to unprivileged users */ - if (neigh_parms_net(p)->user_ns != &init_user_ns) + /* Export sysctls only to root userns on the host and inside a Container */ + if (ve_net_hide_sysctl(neigh_parms_net(p))) t->neigh_vars[0].procname = NULL; switch (neigh_parms_family(p)) { -- 2.30.2 _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel
