ipv4: Allow unprivileged users to use per net sysctls

Allow unprivileged users to use: /proc/sys/net/ipv4/icmp_echo_ignore_all /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts /proc/sys/net/ipv4/icmp_ignore_bogus_error_response /proc/sys/net/ipv4/icmp_errors_use_inbound_ifaddr /proc/sys/net/ipv4/icmp_ratelimit /proc/sys/net/ipv4/icmp_ratemask /proc/sys/net/ipv4/ping_group_range /proc/sys/net/ipv4/tcp_ecn /proc/sys/net/ipv4/ip_local_ports_range These are occassionally handy and after a quick review I don't see any problems with unprivileged users using them. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Eric W. Biederman <ebiederm@xmission.com> 2013-10-19 16:27:35 -0700
committer: David S. Miller <davem@davemloft.net> 2013-10-21 18:43:03 -0400
commit: fd2d5356d90211f98ea3624263e37c4142b41edd (patch)
tree: f1f3b7615bf5db88cb29c5e9d89161717415d06f /net/ipv4
parent: 0a6fa23dcb10eeb21adfd9955f7030f952a8122d (diff)
1 files changed, 0 insertions, 4 deletions
diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
index 3a05e8123235..d5b1390eebbe 100644
--- a/net/ipv4/sysctl_net_ipv4.c
+++ b/net/ipv4/sysctl_net_ipv4.c
@@ -847,10 +847,6 @@ static __net_init int ipv4_sysctl_init_net(struct net *net)
 		/* Update the variables to point into the current struct net */
 		for (i = 0; i < ARRAY_SIZE(ipv4_net_table) - 1; i++)
 			table[i].data += (void *)net - (void *)&init_net;
-
-		/* Don't export sysctls to unprivileged users */
-		if (net->user_ns != &init_user_ns)
-			table[0].procname = NULL;
 	}
 
 	/*
author	Eric W. Biederman <ebiederm@xmission.com>	2013-10-19 16:27:35 -0700
committer	David S. Miller <davem@davemloft.net>	2013-10-21 18:43:03 -0400
commit	fd2d5356d90211f98ea3624263e37c4142b41edd (patch)
tree	f1f3b7615bf5db88cb29c5e9d89161717415d06f /net/ipv4
parent	0a6fa23dcb10eeb21adfd9955f7030f952a8122d (diff)