Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6

[linux-3.10.git] / net / sysctl_net.c

diff --git a/net/sysctl_net.c b/net/sysctl_net.c
index 007c1a6708ee4652dd97a9f21c45f407b75327f0..ca84212cfbfede9c42f4b99cdd484149b6bc0471 100644 (file)
--- a/net/sysctl_net.c
+++ b/net/sysctl_net.c
@@ -29,47 +29,59 @@
 #include <linux/if_tr.h>
 #endif
 
-static struct list_head *
+static struct ctl_table_set *
 net_ctl_header_lookup(struct ctl_table_root *root, struct nsproxy *namespaces)
 {
-       return &namespaces->net_ns->sysctl_table_headers;
+       return &namespaces->net_ns->sysctls;
 }
 
-static struct ctl_table_root net_sysctl_root = {
-       .lookup = net_ctl_header_lookup,
-};
+static int is_seen(struct ctl_table_set *set)
+{
+       return &current->nsproxy->net_ns->sysctls == set;
+}
 
-static LIST_HEAD(net_sysctl_ro_tables);
-static struct list_head *net_ctl_ro_header_lookup(struct ctl_table_root *root,
-               struct nsproxy *namespaces)
+/* Return standard mode bits for table entry. */
+static int net_ctl_permissions(struct ctl_table_root *root,
+                              struct nsproxy *nsproxy,
+                              struct ctl_table *table)
 {
-       return &net_sysctl_ro_tables;
+       /* Allow network administrator to have same access as root. */
+       if (capable(CAP_NET_ADMIN)) {
+               int mode = (table->mode >> 6) & 7;
+               return (mode << 6) | (mode << 3) | mode;
+       }
+       return table->mode;
 }
 
+static struct ctl_table_root net_sysctl_root = {
+       .lookup = net_ctl_header_lookup,
+       .permissions = net_ctl_permissions,
+};
+
 static int net_ctl_ro_header_perms(struct ctl_table_root *root,
                struct nsproxy *namespaces, struct ctl_table *table)
 {
-       if (namespaces->net_ns == &init_net)
+       if (net_eq(namespaces->net_ns, &init_net))
                return table->mode;
        else
                return table->mode & ~0222;
 }
 
 static struct ctl_table_root net_sysctl_ro_root = {
-       .lookup = net_ctl_ro_header_lookup,
        .permissions = net_ctl_ro_header_perms,
 };
 
-static int sysctl_net_init(struct net *net)
+static int __net_init sysctl_net_init(struct net *net)
 {
-       INIT_LIST_HEAD(&net->sysctl_table_headers);
+       setup_sysctl_set(&net->sysctls,
+                        &net_sysctl_ro_root.default_set,
+                        is_seen);
        return 0;
 }
 
-static void sysctl_net_exit(struct net *net)
+static void __net_exit sysctl_net_exit(struct net *net)
 {
-       WARN_ON(!list_empty(&net->sysctl_table_headers));
-       return;
+       WARN_ON(!list_empty(&net->sysctls.list));
 }
 
 static struct pernet_operations sysctl_pernet_ops = {
@@ -84,6 +96,7 @@ static __init int sysctl_init(void)
        if (ret)
                goto out;
        register_sysctl_root(&net_sysctl_root);
+       setup_sysctl_set(&net_sysctl_ro_root.default_set, NULL, NULL);
        register_sysctl_root(&net_sysctl_ro_root);
 out:
        return ret;