net: Kill register_sysctl_rotable
authorEric W. Biederman <ebiederm@xmission.com>
Thu, 19 Apr 2012 13:22:55 +0000 (13:22 +0000)
committerDavid S. Miller <davem@davemloft.net>
Sat, 21 Apr 2012 01:21:17 +0000 (21:21 -0400)
register_sysctl_rotable never caught on as an interesting way to
register sysctls.  My take on the situation is that what we want are
sysctls that we can only see in the initial network namespace.  What we
have implemented with register_sysctl_rotable are sysctls that we can
see in all of the network namespaces and can only change in the initial
network namespace.

That is a very silly way to go.  Just register the network sysctls
in the initial network namespace and we don't have any weird special
cases to deal with.

The sysctls affected are:
/proc/sys/net/ipv4/ipfrag_secret_interval
/proc/sys/net/ipv4/ipfrag_max_dist
/proc/sys/net/ipv6/ip6frag_secret_interval
/proc/sys/net/ipv6/mld_max_msf

I really don't expect anyone will miss them if they can't read them in a
child user namespace.

CC: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Acked-by: Pavel Emelyanov <xemul@parallels.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/net/net_namespace.h
net/core/sysctl_net_core.c
net/ipv4/ip_fragment.c
net/ipv6/reassembly.c
net/ipv6/sysctl_net_ipv6.c
net/sysctl_net.c

index 767dcd401e574dfc8b51fa8b200d87982123e33d..6413fcb53cd1402ce34f3a3510404d62bee48e33 100644 (file)
@@ -290,8 +290,6 @@ static inline int net_sysctl_init(void) { return 0; }
 #endif
 extern struct ctl_table_header *register_net_sysctl_table(struct net *net,
        const struct ctl_path *path, struct ctl_table *table);
-extern struct ctl_table_header *register_net_sysctl_rotable(
-       const struct ctl_path *path, struct ctl_table *table);
 extern struct ctl_table_header *register_net_sysctl(struct net *net,
        const char *path, struct ctl_table *table);
 extern void unregister_net_sysctl_table(struct ctl_table_header *header);
index 247c69b7cfc23bacc22b2f377bd982d5020c4c0b..8f67633b484e5059660ba77ab77ce29934b43c61 100644 (file)
@@ -258,7 +258,7 @@ static __init int sysctl_core_init(void)
        static struct ctl_table empty[1];
 
        kmemleak_not_leak(register_sysctl_paths(net_core_path, empty));
-       register_net_sysctl_rotable(net_core_path, net_core_table);
+       register_net_sysctl(&init_net, "net/core", net_core_table);
        return register_pernet_subsys(&sysctl_core_ops);
 }
 
index 631f596d5d700cd8479a6526713f5c1a74c08dd5..6a2f85cd440e9beade74472d966cd804a34be730 100644 (file)
@@ -807,7 +807,7 @@ static void __net_exit ip4_frags_ns_ctl_unregister(struct net *net)
 
 static void ip4_frags_ctl_register(void)
 {
-       register_net_sysctl_rotable(net_ipv4_ctl_path, ip4_frags_ctl_table);
+       register_net_sysctl(&init_net, "net/ipv4", ip4_frags_ctl_table);
 }
 #else
 static inline int ip4_frags_ns_ctl_register(struct net *net)
index 9447bd69873af6b7bb8979547eab9bd7624b6bd4..42f4f7c0948a1fdc0cb07dd656512701294096f2 100644 (file)
@@ -674,7 +674,7 @@ static struct ctl_table_header *ip6_ctl_header;
 
 static int ip6_frags_sysctl_register(void)
 {
-       ip6_ctl_header = register_net_sysctl_rotable(net_ipv6_ctl_path,
+       ip6_ctl_header = register_net_sysctl(&init_net, "net/ipv6",
                        ip6_frags_ctl_table);
        return ip6_ctl_header == NULL ? -ENOMEM : 0;
 }
index 166a57c47d39cd4707bc48ad541afd23c34b12d1..06f21e5ad361a01214c4746a1987e02eec7f0397 100644 (file)
@@ -140,7 +140,7 @@ int ipv6_sysctl_register(void)
 {
        int err = -ENOMEM;
 
-       ip6_header = register_net_sysctl_rotable(net_ipv6_ctl_path, ipv6_rotable);
+       ip6_header = register_net_sysctl(&init_net, "net/ipv6", ipv6_rotable);
        if (ip6_header == NULL)
                goto out;
 
index ce97237b653f35a1380fe8432bdfa3df6535d60e..2b8d1d9509873ee9dc60e970bdcdaa3b3c43ffc3 100644 (file)
@@ -59,19 +59,6 @@ static struct ctl_table_root net_sysctl_root = {
        .permissions = net_ctl_permissions,
 };
 
-static int net_ctl_ro_header_perms(struct ctl_table_root *root,
-               struct nsproxy *namespaces, struct ctl_table *table)
-{
-       if (net_eq(namespaces->net_ns, &init_net))
-               return table->mode;
-       else
-               return table->mode & ~0222;
-}
-
-static struct ctl_table_root net_sysctl_ro_root = {
-       .permissions = net_ctl_ro_header_perms,
-};
-
 static int __net_init sysctl_net_init(struct net *net)
 {
        setup_sysctl_set(&net->sysctls, &net_sysctl_root, is_seen);
@@ -103,8 +90,6 @@ __init int net_sysctl_init(void)
        ret = register_pernet_subsys(&sysctl_pernet_ops);
        if (ret)
                goto out;
-       setup_sysctl_set(&net_sysctl_ro_root.default_set, &net_sysctl_ro_root, NULL);
-       register_sysctl_root(&net_sysctl_ro_root);
        register_sysctl_root(&net_sysctl_root);
 out:
        return ret;
@@ -117,14 +102,6 @@ struct ctl_table_header *register_net_sysctl_table(struct net *net,
 }
 EXPORT_SYMBOL_GPL(register_net_sysctl_table);
 
-struct ctl_table_header *register_net_sysctl_rotable(const
-               struct ctl_path *path, struct ctl_table *table)
-{
-       return __register_sysctl_paths(&net_sysctl_ro_root.default_set,
-                                       path, table);
-}
-EXPORT_SYMBOL_GPL(register_net_sysctl_rotable);
-
 struct ctl_table_header *register_net_sysctl(struct net *net,
        const char *path, struct ctl_table *table)
 {