]> err.no Git - linux-2.6/commitdiff
ipv6: Register some net/ipv6/ core sysctls at read-only root.
authorPavel Emelyanov <xemul@openvz.org>
Mon, 19 May 2008 20:53:30 +0000 (13:53 -0700)
committerDavid S. Miller <davem@davemloft.net>
Mon, 19 May 2008 20:53:30 +0000 (13:53 -0700)
There are some sysctls left to be switched to read-only,
but they are all in ipv6, so complete with them.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv6/sysctl_net_ipv6.c

index 3804dcbbfab0f46cc0cfcfd852482e4eb529e312..5c99274558bf40412b738c4c71484c2a082e7029 100644 (file)
@@ -37,6 +37,10 @@ static ctl_table ipv6_table_template[] = {
                .mode           = 0644,
                .proc_handler   = &proc_dointvec
        },
+       { .ctl_name = 0 }
+};
+
+static ctl_table ipv6_table[] = {
        {
                .ctl_name       = NET_IPV6_MLD_MAX_MSF,
                .procname       = "mld_max_msf",
@@ -80,12 +84,6 @@ static int ipv6_sysctl_net_init(struct net *net)
 
        ipv6_table[2].data = &net->ipv6.sysctl.bindv6only;
 
-       /* We don't want this value to be per namespace, it should be global
-          to all namespaces, so make it read-only when we are not in the
-          init network namespace */
-       if (net != &init_net)
-               ipv6_table[3].mode = 0444;
-
        net->ipv6.sysctl.table = register_net_sysctl_table(net, net_ipv6_ctl_path,
                                                           ipv6_table);
        if (!net->ipv6.sysctl.table)
@@ -126,12 +124,29 @@ static struct pernet_operations ipv6_sysctl_net_ops = {
        .exit = ipv6_sysctl_net_exit,
 };
 
+static struct ctl_table_header *ip6_header;
+
 int ipv6_sysctl_register(void)
 {
-       return register_pernet_subsys(&ipv6_sysctl_net_ops);
+       int err = -ENOMEM;;
+
+       ip6_header = register_net_sysctl_rotable(net_ipv6_ctl_path, ipv6_table);
+       if (ip6_header == NULL)
+               goto out;
+
+       err = register_pernet_subsys(&ipv6_sysctl_net_ops);
+       if (err)
+               goto err_pernet;
+out:
+       return err;
+
+err_pernet:
+       unregister_net_sysctl_table(ip6_header);
+       goto out;
 }
 
 void ipv6_sysctl_unregister(void)
 {
+       unregister_net_sysctl_table(ip6_header);
        unregister_pernet_subsys(&ipv6_sysctl_net_ops);
 }