#include <linux/if_tr.h>
#endif
-struct ctl_table net_table[] = {
- {
- .ctl_name = NET_CORE,
- .procname = "core",
- .mode = 0555,
- .child = core_table,
- },
-#ifdef CONFIG_INET
- {
- .ctl_name = NET_IPV4,
- .procname = "ipv4",
- .mode = 0555,
- .child = ipv4_table
- },
-#endif
-#ifdef CONFIG_TR
- {
- .ctl_name = NET_TR,
- .procname = "token-ring",
- .mode = 0555,
- .child = tr_table,
- },
-#endif
- { 0 },
-};
-
static struct list_head *
net_ctl_header_lookup(struct ctl_table_root *root, struct nsproxy *namespaces)
{
.lookup = net_ctl_header_lookup,
};
+static LIST_HEAD(net_sysctl_ro_tables);
+static struct list_head *net_ctl_ro_header_lookup(struct ctl_table_root *root,
+ struct nsproxy *namespaces)
+{
+ return &net_sysctl_ro_tables;
+}
+
+static int net_ctl_ro_header_perms(struct ctl_table_root *root,
+ struct nsproxy *namespaces, struct ctl_table *table)
+{
+ if (namespaces->net_ns == &init_net)
+ return table->mode;
+ else
+ return table->mode & ~0222;
+}
+
+static struct ctl_table_root net_sysctl_ro_root = {
+ .lookup = net_ctl_ro_header_lookup,
+ .permissions = net_ctl_ro_header_perms,
+};
+
static int sysctl_net_init(struct net *net)
{
INIT_LIST_HEAD(&net->sysctl_table_headers);
if (ret)
goto out;
register_sysctl_root(&net_sysctl_root);
+ register_sysctl_root(&net_sysctl_ro_root);
out:
return ret;
}
}
EXPORT_SYMBOL_GPL(register_net_sysctl_table);
+struct ctl_table_header *register_net_sysctl_rotable(const
+ struct ctl_path *path, struct ctl_table *table)
+{
+ return __register_sysctl_paths(&net_sysctl_ro_root,
+ &init_nsproxy, path, table);
+}
+EXPORT_SYMBOL_GPL(register_net_sysctl_rotable);
+
void unregister_net_sysctl_table(struct ctl_table_header *header)
{
- return unregister_sysctl_table(header);
+ unregister_sysctl_table(header);
}
EXPORT_SYMBOL_GPL(unregister_net_sysctl_table);