From: Eric W. Biederman Date: Sat, 19 Oct 2013 23:27:35 +0000 (-0700) Subject: ipv4: Allow unprivileged users to use per net sysctls X-Git-Url: https://git.karo-electronics.de/?a=commitdiff_plain;h=fd2d5356d90211f98ea3624263e37c4142b41edd;p=linux-beck.git ipv4: Allow unprivileged users to use per net sysctls Allow unprivileged users to use: /proc/sys/net/ipv4/icmp_echo_ignore_all /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts /proc/sys/net/ipv4/icmp_ignore_bogus_error_response /proc/sys/net/ipv4/icmp_errors_use_inbound_ifaddr /proc/sys/net/ipv4/icmp_ratelimit /proc/sys/net/ipv4/icmp_ratemask /proc/sys/net/ipv4/ping_group_range /proc/sys/net/ipv4/tcp_ecn /proc/sys/net/ipv4/ip_local_ports_range These are occassionally handy and after a quick review I don't see any problems with unprivileged users using them. Signed-off-by: "Eric W. Biederman" Signed-off-by: David S. Miller --- diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c index 3a05e8123235..d5b1390eebbe 100644 --- a/net/ipv4/sysctl_net_ipv4.c +++ b/net/ipv4/sysctl_net_ipv4.c @@ -847,10 +847,6 @@ static __net_init int ipv4_sysctl_init_net(struct net *net) /* Update the variables to point into the current struct net */ for (i = 0; i < ARRAY_SIZE(ipv4_net_table) - 1; i++) table[i].data += (void *)net - (void *)&init_net; - - /* Don't export sysctls to unprivileged users */ - if (net->user_ns != &init_user_ns) - table[0].procname = NULL; } /*