#include <linux/stat.h>
#include <linux/sysctl.h>
-#include "../arch/s390/appldata/appldata.h"
#include "../fs/xfs/linux-2.6/xfs_sysctl.h"
#include <linux/sunrpc/debug.h>
#include <linux/string.h>
{ KERN_NODENAME, "hostname" },
{ KERN_DOMAINNAME, "domainname" },
+#ifdef CONFIG_SECURITY_CAPABILITIES
{ KERN_CAP_BSET, "cap-bound" },
+#endif /* def CONFIG_SECURITY_CAPABILITIES */
+
{ KERN_PANIC, "panic" },
{ KERN_REALROOTDEV, "real-root-dev" },
{ KERN_PTY, "pty", trans_pty_table },
{ KERN_NGROUPS_MAX, "ngroups_max" },
- { KERN_SPARC_SCONS_PWROFF, "scons_poweroff" },
+ { KERN_SPARC_SCONS_PWROFF, "scons-poweroff" },
{ KERN_HZ_TIMER, "hz_timer" },
{ KERN_UNKNOWN_NMI_PANIC, "unknown_nmi_panic" },
{ KERN_BOOTLOADER_TYPE, "bootloader_type" },
{ VM_PANIC_ON_OOM, "panic_on_oom" },
{ VM_VDSO_ENABLED, "vdso_enabled" },
{ VM_MIN_SLAB, "min_slab_ratio" },
- { VM_CMM_PAGES, "cmm_pages" },
- { VM_CMM_TIMED_PAGES, "cmm_timed_pages" },
- { VM_CMM_TIMEOUT, "cmm_timeout" },
{}
};
{}
};
-
-static struct trans_ctl_table trans_net_ipv4_vs_table[] = {
- { NET_IPV4_VS_AMEMTHRESH, "amemthresh" },
- { NET_IPV4_VS_DEBUG_LEVEL, "debug_level" },
- { NET_IPV4_VS_AMDROPRATE, "am_droprate" },
- { NET_IPV4_VS_DROP_ENTRY, "drop_entry" },
- { NET_IPV4_VS_DROP_PACKET, "drop_packet" },
- { NET_IPV4_VS_SECURE_TCP, "secure_tcp" },
- { NET_IPV4_VS_TO_ES, "timeout_established" },
- { NET_IPV4_VS_TO_SS, "timeout_synsent" },
- { NET_IPV4_VS_TO_SR, "timeout_synrecv" },
- { NET_IPV4_VS_TO_FW, "timeout_finwait" },
- { NET_IPV4_VS_TO_TW, "timeout_timewait" },
- { NET_IPV4_VS_TO_CL, "timeout_close" },
- { NET_IPV4_VS_TO_CW, "timeout_closewait" },
- { NET_IPV4_VS_TO_LA, "timeout_lastack" },
- { NET_IPV4_VS_TO_LI, "timeout_listen" },
- { NET_IPV4_VS_TO_SA, "timeout_synack" },
- { NET_IPV4_VS_TO_UDP, "timeout_udp" },
- { NET_IPV4_VS_TO_ICMP, "timeout_icmp" },
- { NET_IPV4_VS_CACHE_BYPASS, "cache_bypass" },
- { NET_IPV4_VS_EXPIRE_NODEST_CONN, "expire_nodest_conn" },
- { NET_IPV4_VS_EXPIRE_QUIESCENT_TEMPLATE, "expire_quiescent_template" },
- { NET_IPV4_VS_SYNC_THRESHOLD, "sync_threshold" },
- { NET_IPV4_VS_NAT_ICMP_SEND, "nat_icmp_send" },
- { NET_IPV4_VS_LBLC_EXPIRE, "lblc_expiration" },
- { NET_IPV4_VS_LBLCR_EXPIRE, "lblcr_expiration" },
- {}
-};
-
static struct trans_ctl_table trans_net_neigh_vars_table[] = {
{ NET_NEIGH_MCAST_SOLICIT, "mcast_solicit" },
{ NET_NEIGH_UCAST_SOLICIT, "ucast_solicit" },
{ NET_IPV4_ROUTE, "route", trans_net_ipv4_route_table },
/* NET_IPV4_FIB_HASH unused */
{ NET_IPV4_NETFILTER, "netfilter", trans_net_ipv4_netfilter_table },
- { NET_IPV4_VS, "vs", trans_net_ipv4_vs_table },
{ NET_IPV4_TCP_TIMESTAMPS, "tcp_timestamps" },
{ NET_IPV4_TCP_WINDOW_SCALING, "tcp_window_scaling" },
{}
};
-static struct trans_ctl_table trans_net_ax25_table[] = {
+static struct trans_ctl_table trans_net_ax25_param_table[] = {
{ NET_AX25_IP_DEFAULT_MODE, "ip_default_mode" },
{ NET_AX25_DEFAULT_MODE, "ax25_default_mode" },
{ NET_AX25_BACKOFF_TYPE, "backoff_type" },
{}
};
+static struct trans_ctl_table trans_net_ax25_table[] = {
+ { 0, NULL, trans_net_ax25_param_table },
+ {}
+};
+
static struct trans_ctl_table trans_net_bridge_table[] = {
{ NET_BRIDGE_NF_CALL_ARPTABLES, "bridge-nf-call-arptables" },
{ NET_BRIDGE_NF_CALL_IPTABLES, "bridge-nf-call-iptables" },
{ NET_IPV6_IP6FRAG_TIME, "ip6frag_time" },
{ NET_IPV6_IP6FRAG_SECRET_INTERVAL, "ip6frag_secret_interval" },
{ NET_IPV6_MLD_MAX_MSF, "mld_max_msf" },
+ { 2088 /* IPQ_QMAX */, "ip6_queue_maxlen" },
{}
};
{}
};
+static struct trans_ctl_table trans_net_irda_table[] = {
+ { NET_IRDA_DISCOVERY, "discovery" },
+ { NET_IRDA_DEVNAME, "devname" },
+ { NET_IRDA_DEBUG, "debug" },
+ { NET_IRDA_FAST_POLL, "fast_poll_increase" },
+ { NET_IRDA_DISCOVERY_SLOTS, "discovery_slots" },
+ { NET_IRDA_DISCOVERY_TIMEOUT, "discovery_timeout" },
+ { NET_IRDA_SLOT_TIMEOUT, "slot_timeout" },
+ { NET_IRDA_MAX_BAUD_RATE, "max_baud_rate" },
+ { NET_IRDA_MIN_TX_TURN_TIME, "min_tx_turn_time" },
+ { NET_IRDA_MAX_TX_DATA_SIZE, "max_tx_data_size" },
+ { NET_IRDA_MAX_TX_WINDOW, "max_tx_window" },
+ { NET_IRDA_MAX_NOREPLY_TIME, "max_noreply_time" },
+ { NET_IRDA_WARN_NOREPLY_TIME, "warn_noreply_time" },
+ { NET_IRDA_LAP_KEEPALIVE_TIME, "lap_keepalive_time" },
+ {}
+};
+
static struct trans_ctl_table trans_net_table[] = {
{ NET_CORE, "core", trans_net_core_table },
/* NET_ETHER not used */
{ NET_UNIX, "unix", trans_net_unix_table },
{ NET_IPV4, "ipv4", trans_net_ipv4_table },
{ NET_IPX, "ipx", trans_net_ipx_table },
- { NET_ATALK, "atalk", trans_net_atalk_table },
+ { NET_ATALK, "appletalk", trans_net_atalk_table },
{ NET_NETROM, "netrom", trans_net_netrom_table },
{ NET_AX25, "ax25", trans_net_ax25_table },
{ NET_BRIDGE, "bridge", trans_net_bridge_table },
{ NET_ROSE, "rose", trans_net_rose_table },
{ NET_IPV6, "ipv6", trans_net_ipv6_table },
{ NET_X25, "x25", trans_net_x25_table },
- { NET_TR, "tr", trans_net_tr_table },
+ { NET_TR, "token-ring", trans_net_tr_table },
{ NET_DECNET, "decnet", trans_net_decnet_table },
/* NET_ECONET not used */
{ NET_SCTP, "sctp", trans_net_sctp_table },
{ NET_LLC, "llc", trans_net_llc_table },
{ NET_NETFILTER, "netfilter", trans_net_netfilter_table },
{ NET_DCCP, "dccp", trans_net_dccp_table },
+ { NET_IRDA, "irda", trans_net_irda_table },
+ { 2089, "nf_conntrack_max" },
{}
};
{}
};
-static struct trans_ctl_table trans_appldata_table[] = {
- { CTL_APPLDATA_TIMER, "timer" },
- { CTL_APPLDATA_INTERVAL, "interval" },
- { CTL_APPLDATA_OS, "os" },
- { CTL_APPLDATA_NET_SUM, "net_sum" },
- { CTL_APPLDATA_MEM, "mem" },
- {}
-
-};
-
static struct trans_ctl_table trans_s390dbf_table[] = {
{ 5678 /* CTL_S390DBF_STOPPABLE */, "debug_stoppable" },
{ 5679 /* CTL_S390DBF_ACTIVE */, "debug_active" },
{ CTL_ABI, "abi" },
/* CTL_CPU not used */
{ CTL_ARLAN, "arlan", trans_arlan_table },
- { CTL_APPLDATA, "appldata", trans_appldata_table },
{ CTL_S390DBF, "s390dbf", trans_s390dbf_table },
{ CTL_SUNRPC, "sunrpc", trans_sunrpc_table },
{ CTL_PM, "pm", trans_pm_table },
}
}
-static struct ctl_table *sysctl_check_lookup(struct ctl_table *table)
+static struct ctl_table *sysctl_check_lookup(struct nsproxy *namespaces,
+ struct ctl_table *table)
{
struct ctl_table_header *head;
struct ctl_table *ref, *test;
depth = sysctl_depth(table);
- for (head = sysctl_head_next(NULL); head;
- head = sysctl_head_next(head)) {
+ for (head = __sysctl_head_next(namespaces, NULL); head;
+ head = __sysctl_head_next(namespaces, head)) {
cur_depth = depth;
ref = head->ctl_table;
repeat:
printk(KERN_ERR "sysctl table check failed: ");
sysctl_print_path(table);
printk(" %s\n", *fail);
+ dump_stack();
}
*fail = str;
}
-static int sysctl_check_dir(struct ctl_table *table)
+static int sysctl_check_dir(struct nsproxy *namespaces,
+ struct ctl_table *table)
{
struct ctl_table *ref;
int error;
error = 0;
- ref = sysctl_check_lookup(table);
+ ref = sysctl_check_lookup(namespaces, table);
if (ref) {
int match = 0;
- if (table->procname && ref->procname &&
- (strcmp(table->procname, ref->procname) == 0))
+ if ((!table->procname && !ref->procname) ||
+ (table->procname && ref->procname &&
+ (strcmp(table->procname, ref->procname) == 0)))
match++;
- if (table->ctl_name && ref->ctl_name &&
- (table->ctl_name == ref->ctl_name))
+ if ((!table->ctl_name && !ref->ctl_name) ||
+ (table->ctl_name && ref->ctl_name &&
+ (table->ctl_name == ref->ctl_name)))
match++;
if (match != 2) {
return error;
}
-static void sysctl_check_leaf(struct ctl_table *table, const char **fail)
+static void sysctl_check_leaf(struct nsproxy *namespaces,
+ struct ctl_table *table, const char **fail)
{
struct ctl_table *ref;
- ref = sysctl_check_lookup(table);
+ ref = sysctl_check_lookup(namespaces, table);
if (ref && (ref != table))
set_fail(fail, table, "Sysctl already exists");
}
(strcmp(table->procname, ref->procname) != 0)))
set_fail(fail, table, "procname does not match binary path procname");
- if (ref->ctl_name &&
- (!table->ctl_name || table->ctl_name != ref->ctl_name))
+ if (ref->ctl_name && table->ctl_name &&
+ (table->ctl_name != ref->ctl_name))
set_fail(fail, table, "ctl_name does not match binary path ctl_name");
}
}
-int sysctl_check_table(struct ctl_table *table)
+int sysctl_check_table(struct nsproxy *namespaces, struct ctl_table *table)
{
int error = 0;
for (; table->ctl_name || table->procname; table++) {
set_fail(&fail, table, "Directory with extra1");
if (table->extra2)
set_fail(&fail, table, "Directory with extra2");
- if (sysctl_check_dir(table))
- set_fail(&fail, table, "Inconsistent directory");
+ if (sysctl_check_dir(namespaces, table))
+ set_fail(&fail, table, "Inconsistent directory names");
} else {
if ((table->strategy == sysctl_data) ||
(table->strategy == sysctl_string) ||
(table->strategy == sysctl_ms_jiffies) ||
(table->proc_handler == proc_dostring) ||
(table->proc_handler == proc_dointvec) ||
+#ifdef CONFIG_SECURITY_CAPABILITIES
(table->proc_handler == proc_dointvec_bset) ||
+#endif /* def CONFIG_SECURITY_CAPABILITIES */
(table->proc_handler == proc_dointvec_minmax) ||
(table->proc_handler == proc_dointvec_jiffies) ||
(table->proc_handler == proc_dointvec_userhz_jiffies) ||
if (!table->maxlen)
set_fail(&fail, table, "No maxlen");
}
- if ((table->strategy == sysctl_intvec) ||
- (table->proc_handler == proc_dointvec_minmax) ||
- (table->proc_handler == proc_doulongvec_minmax) ||
+ if ((table->proc_handler == proc_doulongvec_minmax) ||
(table->proc_handler == proc_doulongvec_ms_jiffies_minmax)) {
- if (!table->extra1)
- set_fail(&fail, table, "No min");
- if (!table->extra2)
- set_fail(&fail, table, "No max");
+ if (table->maxlen > sizeof (unsigned long)) {
+ if (!table->extra1)
+ set_fail(&fail, table, "No min");
+ if (!table->extra2)
+ set_fail(&fail, table, "No max");
+ }
}
+#ifdef CONFIG_SYSCTL_SYSCALL
if (table->ctl_name && !table->strategy)
set_fail(&fail, table, "Missing strategy");
+#endif
#if 0
if (!table->ctl_name && table->strategy)
set_fail(&fail, table, "Strategy without ctl_name");
#endif
+#ifdef CONFIG_PROC_FS
if (table->procname && !table->proc_handler)
set_fail(&fail, table, "No proc_handler");
+#endif
#if 0
if (!table->procname && table->proc_handler)
set_fail(&fail, table, "proc_handler without procname");
#endif
- sysctl_check_leaf(table, &fail);
+ sysctl_check_leaf(namespaces, table, &fail);
}
sysctl_check_bin_path(table, &fail);
if (fail) {
error = -EINVAL;
}
if (table->child)
- error |= sysctl_check_table(table->child);
+ error |= sysctl_check_table(namespaces, table->child);
}
return error;
}