From: Jann Horn
Date: Sat, 22 Oct 2016 23:23:42 +0200
> On Thu, Oct 20, 2016 at 02:37:47PM -0400, David Miller wrote:
>> From: Pablo Neira Ayuso
>> Date: Thu, 20 Oct 2016 20:22:24 +0200
>>
>> > On Sat, Sep 24, 2016 at 12:21:04AM +0200, Jann Horn wrote:
>> >> This prevents the modification of nf
On Thu, Oct 20, 2016 at 02:37:47PM -0400, David Miller wrote:
> From: Pablo Neira Ayuso
> Date: Thu, 20 Oct 2016 20:22:24 +0200
>
> > On Sat, Sep 24, 2016 at 12:21:04AM +0200, Jann Horn wrote:
> >> This prevents the modification of nf_conntrack_max in unprivileged network
> >> namespaces. For unp
From: Pablo Neira Ayuso
Date: Thu, 20 Oct 2016 20:22:24 +0200
> On Sat, Sep 24, 2016 at 12:21:04AM +0200, Jann Horn wrote:
>> This prevents the modification of nf_conntrack_max in unprivileged network
>> namespaces. For unprivileged network namespaces, ip_conntrack_max is kept
>> as a readonly sy
On Sat, Sep 24, 2016 at 12:21:04AM +0200, Jann Horn wrote:
> This prevents the modification of nf_conntrack_max in unprivileged network
> namespaces. For unprivileged network namespaces, ip_conntrack_max is kept
> as a readonly sysctl in order to minimize potential compatibility issues.
>
> This p
This prevents the modification of nf_conntrack_max in unprivileged network
namespaces. For unprivileged network namespaces, ip_conntrack_max is kept
as a readonly sysctl in order to minimize potential compatibility issues.
This patch should apply cleanly to the net tree.
Signed-off-by: Jann Horn
