From patchwork Wed Dec 14 11:46:02 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stanislav Kinsbursky X-Patchwork-Id: 131341 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 9D9DD1007D5 for ; Wed, 14 Dec 2011 21:46:54 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757017Ab1LNKqf (ORCPT ); Wed, 14 Dec 2011 05:46:35 -0500 Received: from mailhub.sw.ru ([195.214.232.25]:37567 "EHLO relay.sw.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756987Ab1LNKqS (ORCPT ); Wed, 14 Dec 2011 05:46:18 -0500 Received: from localhost6.localdomain6 ([10.30.20.35]) by relay.sw.ru (8.13.4/8.13.4) with ESMTP id pBEAk27L023013; Wed, 14 Dec 2011 13:46:03 +0300 (MSK) Subject: [PATCH 10/11] SUNRPC: allow debug flags modifications only from init_net To: Trond.Myklebust@netapp.com From: Stanislav Kinsbursky Cc: linux-nfs@vger.kernel.org, xemul@parallels.com, neilb@suse.de, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, jbottomley@parallels.com, bfields@fieldses.org, davem@davemloft.net, devel@openvz.org Date: Wed, 14 Dec 2011 14:46:02 +0300 Message-ID: <20111214104602.3991.91169.stgit@localhost6.localdomain6> In-Reply-To: <20111214103602.3991.20990.stgit@localhost6.localdomain6> References: <20111214103602.3991.20990.stgit@localhost6.localdomain6> User-Agent: StGit/0.15 MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Debug flags are global (i.e. fo all namespaces). So probably, it is better to restrict write access and allow it only to processes with "init_net" network namespace. Signed-off-by: Stanislav Kinsbursky --- net/sunrpc/sysctl.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/net/sunrpc/sysctl.c b/net/sunrpc/sysctl.c index eda80cf..224b075 100644 --- a/net/sunrpc/sysctl.c +++ b/net/sunrpc/sysctl.c @@ -156,7 +156,8 @@ proc_dodebug(ctl_table *table, int write, return -EINVAL; while (left && isspace(*s)) left--, s++; - *(unsigned int *) table->data = value; + if (net_eq(current->nsproxy->net_ns, &init_net)) + *(unsigned int *) table->data = value; /* Display the RPC tasks on writing to rpc_debug */ if (strcmp(table->procname, "rpc_debug") == 0) rpc_show_tasks(&init_net);