[Devel] [PATCH vz7 5/5] nf_conntrack: expose "nf_conntrack_events*" in contaners

Stanislav Kinsburskiy Tue, 06 Oct 2015 10:52:54 -0700

From: Stanislav Kinsburskiy <skinsbur...@parallels.com>

Signed-off-by: Stanislav Kinsburskiy <skinsbur...@parallels.com>
---
 net/netfilter/nf_conntrack_ecache.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


diff --git a/net/netfilter/nf_conntrack_ecache.c 
b/net/netfilter/nf_conntrack_ecache.c
index 1df1761..c605daa 100644
--- a/net/netfilter/nf_conntrack_ecache.c
+++ b/net/netfilter/nf_conntrack_ecache.c
@@ -199,7 +199,7 @@ static int nf_conntrack_event_init_sysctl(struct net *net)
        table[1].data = &net->ct.sysctl_events_retry_timeout;
 
        /* Don't export sysctls to unprivileged users */
-       if (net->user_ns != &init_user_ns)
+       if (nf_conntrack_hide_sysctl(net))
                table[0].procname = NULL;
 
        net->ct.event_sysctl_header =

_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel

[Devel] [PATCH vz7 5/5] nf_conntrack: expose "nf_conntrack_events*" in contaners

Reply via email to