Re: [PATCH net-next v3 2/2] ipvs: allow some sysctls in non-init user namespaces

On Fri, May 3, 2024 at 3:06 PM Julian Anastasov wrote:> > > Hello, > > On Thu, 18 Apr 2024, Alexander Mikhalitsyn wrote: > > > Let's make all IPVS sysctls writtable even when > > network namespace is owned by non-initial user namespace. > > > > Let's make a few sysctls to be read-only for

Re: [PATCH net-next v3 2/2] ipvs: allow some sysctls in non-init user namespaces

Hello, On Thu, 18 Apr 2024, Alexander Mikhalitsyn wrote: > Let's make all IPVS sysctls writtable even when > network namespace is owned by non-initial user namespace. > > Let's make a few sysctls to be read-only for non-privileged users: > - sync_qlen_max > - sync_sock_size > -

Re: [PATCH net-next v3 2/2] ipvs: allow some sysctls in non-init user namespaces

Hello, On Thu, 18 Apr 2024, Alexander Mikhalitsyn wrote: > Let's make all IPVS sysctls writtable even when > network namespace is owned by non-initial user namespace. > > Let's make a few sysctls to be read-only for non-privileged users: > - sync_qlen_max > - sync_sock_size > -

[PATCH net-next v3 2/2] ipvs: allow some sysctls in non-init user namespaces

Let's make all IPVS sysctls writtable even when network namespace is owned by non-initial user namespace. Let's make a few sysctls to be read-only for non-privileged users: - sync_qlen_max - sync_sock_size - run_estimation - est_cpulist - est_nice I'm trying to be conservative with this to