From patchwork Mon Feb 15 10:11:32 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Nikolay Borisov <kernel@kyup.com>
X-Patchwork-Id: 582811
X-Patchwork-Delegate: pablo@netfilter.org
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 4880B14030E
	for <incoming@patchwork.ozlabs.org>;
	Mon, 15 Feb 2016 21:11:49 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752765AbcBOKLq (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Mon, 15 Feb 2016 05:11:46 -0500
Received: from mail-wm0-f42.google.com ([74.125.82.42]:38821 "EHLO
	mail-wm0-f42.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752755AbcBOKLn (ORCPT
	<rfc822;netfilter-devel@vger.kernel.org>);
	Mon, 15 Feb 2016 05:11:43 -0500
Received: by mail-wm0-f42.google.com with SMTP id a4so48815019wme.1
	for <netfilter-devel@vger.kernel.org>;
	Mon, 15 Feb 2016 02:11:42 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=JguJcVxZdm2zEXnBoHSbBiASnx+sPwYunDLCFfdOcRs=;
	b=fYAdl7tiHsLihhqmSV4YKL+Y9Wd5AAKrVerUPVTRDQUl01BIhKleBPxy/7hz4/kFMK
	gBGPsJ3QVzRr+oOnkg9T+wASUa6WDRe0ibJi/4CS0mFo4co+etPISIs/OrZPG5wnUOaJ
	If8mHFp40QX0fAKKJ6tnA16QEZ/a/ZuzOZxixcu5fdYCdetdoum++15QWC04kZ4gRCVV
	hGEHUnM9Q4doMyiOrMwq8R9kRT6vlQKnkxCyb82f9XZrZ1BPI3pOFc7FVjGCH1GN8Dny
	3J/45LCjLryqcdqkIeZWsjT/6IpJyeIahtISpngh+bIsz/LSk5hkP7zfr5/V4LONZ1EV
	86jg==
X-Gm-Message-State: 
 AG10YOT7RfX1IfJ25T0VidDJWRmIiohW05KRnKx4v2fTvUVc37610BkfHedDQTA3rW2aJ9EM
X-Received: by 10.28.156.73 with SMTP id f70mr12724106wme.52.1455531102223;
	Mon, 15 Feb 2016 02:11:42 -0800 (PST)
Received: from localhost.localdomain (admins.1h.com. [82.118.240.130])
	by smtp.gmail.com with ESMTPSA id
	79sm14991014wmo.7.2016.02.15.02.11.41
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Mon, 15 Feb 2016 02:11:41 -0800 (PST)
From: Nikolay Borisov <kernel@kyup.com>
To: davem@davemloft.net
Cc: netfilter-devel@vger.kernel.org, ebiederm@xmission.com,
	pabeni@redhat.com, jmorris@namei.org, netdev@vger.kernel.org
Subject: [PATCH 6/6] net: Export ip fragment sysctl to unprivileged users
Date: Mon, 15 Feb 2016 12:11:32 +0200
Message-Id: <1455531092-23184-7-git-send-email-kernel@kyup.com>
X-Mailer: git-send-email 1.7.1
In-Reply-To: <1455531092-23184-1-git-send-email-kernel@kyup.com>
References: <1455531092-23184-1-git-send-email-kernel@kyup.com>
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

Now that all the ip fragmentation related sysctls are namespaceified
there is no reason to hide them anymore from "root" users inside
containers.

Signed-off-by: Nikolay Borisov <kernel@kyup.com>
---
 net/ipv4/ip_fragment.c | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
index 957161413335..efbd47d1a531 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -789,10 +789,6 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net)
 		table[1].extra2 = &net->ipv4.frags.high_thresh;
 		table[2].data = &net->ipv4.frags.timeout;
 		table[3].data = &net->ipv4.frags.max_dist;
-
-		/* Don't export sysctls to unprivileged users */
-		if (net->user_ns != &init_user_ns)
-			table[0].procname = NULL;
 	}
 
 	hdr = register_net_sysctl(net, "net/ipv4", table);