[rh7,5/8] net: export "net/*/neigh/*/*" sysctls for Container

Submitted by Konstantin Khorenko on Feb. 21, 2020, 4:07 p.m.

Details

Message ID 20200221160731.16888-6-khorenko@virtuozzo.com
State New
Series "enable running Kubernetes inside a Container"
Headers show

Commit Message

Konstantin Khorenko Feb. 21, 2020, 4:07 p.m.
Weave Kubernetes plugin requires tuning of
/proc/sys/net/ipv4/neigh/weave/base_reachable_time in particular,

so let's export neighbour sysctls as well.

https://jira.sw.ru/browse/PSBM-92107

Signed-off-by: Konstantin Khorenko <khorenko@virtuozzo.com>
---
 net/core/neighbour.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Patch hide | download patch | download mbox

diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index fe11e1042c2b3..e85975a8bddfb 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -3201,8 +3201,8 @@  int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p,
 			neigh_proc_base_reachable_time;
 	}
 
-	/* Don't export sysctls to unprivileged users */
-	if (neigh_parms_net(p)->user_ns != &init_user_ns)
+	/* Export sysctls only to root userns on the host and inside a Container */
+	if (ve_net_hide_sysctl(neigh_parms_net(p)))
 		t->neigh_vars[0].procname = NULL;
 
 	switch (neigh_parms_family(p)) {