* Begun April 1, 1996, Mike Shaver.
* Added /proc/sys/net directories for each protocol family. [MS]
*
- * $Log: sysctl_net.c,v $
* Revision 1.2 1996/05/08 20:24:40 shaver
* Added bits for NET_BRIDGE and the NET_IPV4_ARP stuff and
* NET_IPV4_IP_FORWARD.
#include <linux/if_tr.h>
#endif
-struct ctl_table net_table[] = {
-#ifdef CONFIG_INET
- {
- .ctl_name = NET_IPV4,
- .procname = "ipv4",
- .mode = 0555,
- .child = ipv4_table
- },
-#endif
-#ifdef CONFIG_TR
- {
- .ctl_name = NET_TR,
- .procname = "token-ring",
- .mode = 0555,
- .child = tr_table,
- },
-#endif
- { 0 },
-};
-
-static struct list_head *
+static struct ctl_table_set *
net_ctl_header_lookup(struct ctl_table_root *root, struct nsproxy *namespaces)
{
- return &namespaces->net_ns->sysctl_table_headers;
+ return &namespaces->net_ns->sysctls;
+}
+
+static int is_seen(struct ctl_table_set *set)
+{
+ return ¤t->nsproxy->net_ns->sysctls == set;
+}
+
+/* Return standard mode bits for table entry. */
+static int net_ctl_permissions(struct ctl_table_root *root,
+ struct nsproxy *nsproxy,
+ struct ctl_table *table)
+{
+ /* Allow network administrator to have same access as root. */
+ if (capable(CAP_NET_ADMIN)) {
+ int mode = (table->mode >> 6) & 7;
+ return (mode << 6) | (mode << 3) | mode;
+ }
+ return table->mode;
}
static struct ctl_table_root net_sysctl_root = {
.lookup = net_ctl_header_lookup,
+ .permissions = net_ctl_permissions,
+};
+
+static int net_ctl_ro_header_perms(struct ctl_table_root *root,
+ struct nsproxy *namespaces, struct ctl_table *table)
+{
+ if (net_eq(namespaces->net_ns, &init_net))
+ return table->mode;
+ else
+ return table->mode & ~0222;
+}
+
+static struct ctl_table_root net_sysctl_ro_root = {
+ .permissions = net_ctl_ro_header_perms,
};
static int sysctl_net_init(struct net *net)
{
- INIT_LIST_HEAD(&net->sysctl_table_headers);
+ setup_sysctl_set(&net->sysctls,
+ &net_sysctl_ro_root.default_set,
+ is_seen);
return 0;
}
static void sysctl_net_exit(struct net *net)
{
- WARN_ON(!list_empty(&net->sysctl_table_headers));
+ WARN_ON(!list_empty(&net->sysctls.list));
return;
}
if (ret)
goto out;
register_sysctl_root(&net_sysctl_root);
+ setup_sysctl_set(&net_sysctl_ro_root.default_set, NULL, NULL);
+ register_sysctl_root(&net_sysctl_ro_root);
out:
return ret;
}
}
EXPORT_SYMBOL_GPL(register_net_sysctl_table);
+struct ctl_table_header *register_net_sysctl_rotable(const
+ struct ctl_path *path, struct ctl_table *table)
+{
+ return __register_sysctl_paths(&net_sysctl_ro_root,
+ &init_nsproxy, path, table);
+}
+EXPORT_SYMBOL_GPL(register_net_sysctl_rotable);
+
void unregister_net_sysctl_table(struct ctl_table_header *header)
{
- return unregister_sysctl_table(header);
+ unregister_sysctl_table(header);
}
EXPORT_SYMBOL_GPL(unregister_net_sysctl_table);
git://ftp.safe.ca / safe / jmp / linux-2.6 / blobdiff