From: Stanislav Kinsburskiy <[email protected]> Series: This series brings to vz7 all the nf_conntrack sysctl's, which are available in vz6.
https://jira.sw.ru/browse/PSBM-40044 Signed-off-by: Stanislav Kinsburskiy <[email protected]> Reviewed-by: Kirill Tkhai <[email protected]> (cherry picked from commit 6db3cbd5731999e1225640cc7a45fcdace022f92) VZ 8 rebase part https://jira.sw.ru/browse/PSBM-127783 Signed-off-by: Alexander Mikhalitsyn <[email protected]> --- net/netfilter/nf_conntrack_acct.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nf_conntrack_acct.c b/net/netfilter/nf_conntrack_acct.c index 1d66de5151b2..593f6c853d4c 100644 --- a/net/netfilter/nf_conntrack_acct.c +++ b/net/netfilter/nf_conntrack_acct.c @@ -15,10 +15,12 @@ #include <linux/kernel.h> #include <linux/moduleparam.h> #include <linux/export.h> +#include <linux/ve.h> #include <net/netfilter/nf_conntrack.h> #include <net/netfilter/nf_conntrack_extend.h> #include <net/netfilter/nf_conntrack_acct.h> +#include <net/netfilter/nf_conntrack_core.h> static bool nf_ct_acct __read_mostly; @@ -76,7 +78,7 @@ static int nf_conntrack_acct_init_sysctl(struct net *net) table[0].data = &net->ct.sysctl_acct; /* Don't export sysctls to unprivileged users */ - if (net->user_ns != &init_user_ns) + if (ve_net_hide_sysctl(net)) table[0].procname = NULL; net->ct.acct_sysctl_header = register_net_sysctl(net, "net/netfilter", -- 2.28.0 _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
