The mld_max_msf protects the system with a maximum allowed multicast
source filters. Making this variable per namespace can be potentially
an problem if someone inside a namespace set it to a big value, that
will impact the whole system including other namespaces.
I don't see any benefits to have it per namespace for now, so in order
to keep a directory entry in a newly created namespace, I make it
read-only when we are not in the initial network namespace.
Signed-off-by: Daniel Lezcano <[EMAIL PROTECTED]>
---
net/ipv6/sysctl_net_ipv6.c | 3 +++
1 file changed, 3 insertions(+)
Index: net-2.6.25/net/ipv6/sysctl_net_ipv6.c
===================================================================
--- net-2.6.25.orig/net/ipv6/sysctl_net_ipv6.c
+++ net-2.6.25/net/ipv6/sysctl_net_ipv6.c
@@ -122,6 +122,9 @@ static int ipv6_sysctl_net_init(struct n
ipv6_table[5].data = &net->ipv6.sysctl.frags.timeout;
ipv6_table[6].data = &net->ipv6.sysctl.frags.secret_interval;
+ if (net != &init_net)
+ ipv6_table[7].mode = 0444;
+
ipv6_frag_sysctl_init(net);
net->ipv6.sysctl.bindv6only = 0;
--
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
