• E
    net: Enable some sysctls that are safe for the userns root · c027aab4
    Eric W. Biederman 提交于
    - Enable the per device ipv4 sysctls:
       net/ipv4/conf/<if>/forwarding
       net/ipv4/conf/<if>/mc_forwarding
       net/ipv4/conf/<if>/accept_redirects
       net/ipv4/conf/<if>/secure_redirects
       net/ipv4/conf/<if>/shared_media
       net/ipv4/conf/<if>/rp_filter
       net/ipv4/conf/<if>/send_redirects
       net/ipv4/conf/<if>/accept_source_route
       net/ipv4/conf/<if>/accept_local
       net/ipv4/conf/<if>/src_valid_mark
       net/ipv4/conf/<if>/proxy_arp
       net/ipv4/conf/<if>/medium_id
       net/ipv4/conf/<if>/bootp_relay
       net/ipv4/conf/<if>/log_martians
       net/ipv4/conf/<if>/tag
       net/ipv4/conf/<if>/arp_filter
       net/ipv4/conf/<if>/arp_announce
       net/ipv4/conf/<if>/arp_ignore
       net/ipv4/conf/<if>/arp_accept
       net/ipv4/conf/<if>/arp_notify
       net/ipv4/conf/<if>/proxy_arp_pvlan
       net/ipv4/conf/<if>/disable_xfrm
       net/ipv4/conf/<if>/disable_policy
       net/ipv4/conf/<if>/force_igmp_version
       net/ipv4/conf/<if>/promote_secondaries
       net/ipv4/conf/<if>/route_localnet
    
    - Enable the global ipv4 sysctl:
       net/ipv4/ip_forward
    
    - Enable the per device ipv6 sysctls:
       net/ipv6/conf/<if>/forwarding
       net/ipv6/conf/<if>/hop_limit
       net/ipv6/conf/<if>/mtu
       net/ipv6/conf/<if>/accept_ra
       net/ipv6/conf/<if>/accept_redirects
       net/ipv6/conf/<if>/autoconf
       net/ipv6/conf/<if>/dad_transmits
       net/ipv6/conf/<if>/router_solicitations
       net/ipv6/conf/<if>/router_solicitation_interval
       net/ipv6/conf/<if>/router_solicitation_delay
       net/ipv6/conf/<if>/force_mld_version
       net/ipv6/conf/<if>/use_tempaddr
       net/ipv6/conf/<if>/temp_valid_lft
       net/ipv6/conf/<if>/temp_prefered_lft
       net/ipv6/conf/<if>/regen_max_retry
       net/ipv6/conf/<if>/max_desync_factor
       net/ipv6/conf/<if>/max_addresses
       net/ipv6/conf/<if>/accept_ra_defrtr
       net/ipv6/conf/<if>/accept_ra_pinfo
       net/ipv6/conf/<if>/accept_ra_rtr_pref
       net/ipv6/conf/<if>/router_probe_interval
       net/ipv6/conf/<if>/accept_ra_rt_info_max_plen
       net/ipv6/conf/<if>/proxy_ndp
       net/ipv6/conf/<if>/accept_source_route
       net/ipv6/conf/<if>/optimistic_dad
       net/ipv6/conf/<if>/mc_forwarding
       net/ipv6/conf/<if>/disable_ipv6
       net/ipv6/conf/<if>/accept_dad
       net/ipv6/conf/<if>/force_tllao
    
    - Enable the global ipv6 sysctls:
       net/ipv6/bindv6only
       net/ipv6/icmp/ratelimit
    Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com>
    Signed-off-by: NDavid S. Miller <davem@davemloft.net>
    c027aab4
addrconf.c 118.2 KB