91535d7a130ad29649310ef72ef93a6711994e8f76576f19d1eba2f9.patch - chromiumos/third_party/kernel-rebase-patches - Git at Google

 From 9815fcaefd33bbebe1859512784a6b935ddcb733 Mon Sep 17 00:00:00 2001
 From: Kevin Cernekee <cernekee@chromium.org>
 Date: Thu, 30 Jun 2016 20:49:37 -0700
 Subject: [PATCH] CHROMIUM: Export /proc/sys/net/core/android_paranoid in user
  namespaces

 This knob requires special treatment because we depend on it being
 available inside the container.  When user namespaces were enabled,
 the other knob (somaxconn) vanished.

 BUG=b:27932716
 TEST=`android-sh -c "ls /proc/sys/net/core"`

 Signed-off-by: Kevin Cernekee <cernekee@chromium.org>
 Reviewed-on: https://chromium-review.googlesource.com/362672
 Reviewed-by: Guenter Roeck <groeck@google.com>

 (cherry picked from commit 42721a768f86a1cf7d318b59fa03ba69fa10fb3b)

 Change-Id: I22c29fc29ad774c2a70ce9f9148141974dab39e7
 Signed-off-by: Taoyu Li <taoyl@google.com>
 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/2213510
 Tested-by: Taoyu Li <taoyl@chromium.org>
 Reviewed-by: Guenter Roeck <groeck@chromium.org>
 Commit-Queue: Taoyu Li <taoyl@chromium.org>
 Auto-Submit: Taoyu Li <taoyl@chromium.org>
 ---
  net/core/sysctl_net_core.c | 17 ++++++++++-------
  1 file changed, 10 insertions(+), 7 deletions(-)

 diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
 index a9b92490842e87f567b06aeab1d57c7e25c9c104..22d86f59f1bc70faa1e0d1f101b7f3fa365aa4b8 100644
 --- a/net/core/sysctl_net_core.c
 +++ b/net/core/sysctl_net_core.c
 @@ -599,20 +599,20 @@ static struct ctl_table net_core_table[] = {

  static struct ctl_table netns_core_table[] = {
  	{
 -		.procname	= "somaxconn",
 -		.data		= &init_net.core.sysctl_somaxconn,
 +		.procname	= "android_paranoid",
 +		.data		= &init_net.core.sysctl_android_paranoid,
  		.maxlen		= sizeof(int),
  		.mode		= 0644,
  		.extra1		= SYSCTL_ZERO,
 +		.extra2		= SYSCTL_ONE,
  		.proc_handler	= proc_dointvec_minmax
  	},
  	{
 -		.procname	= "android_paranoid",
 -		.data		= &init_net.core.sysctl_android_paranoid,
 +		.procname	= "somaxconn",
 +		.data		= &init_net.core.sysctl_somaxconn,
  		.maxlen		= sizeof(int),
  		.mode		= 0644,
  		.extra1		= SYSCTL_ZERO,
 -		.extra2		= SYSCTL_ONE,
  		.proc_handler	= proc_dointvec_minmax
  	},
  	{
 @@ -655,9 +655,12 @@ static __net_init int sysctl_core_net_init(struct net *net)
  		for (tmp = tbl; tmp->procname; tmp++)
  			tmp->data += (char *)net - (char *)&init_net;

 -		/* Don't export any sysctls to unprivileged users */
 +		/* Don't export sysctls other than android_paranoid
 +		 * to unprivileged users
 +		 */
  		if (net->user_ns != &init_user_ns) {
 -			tbl[0].procname = NULL;
 +			tbl[1].procname = NULL;
 +			tbl[2].procname = NULL;
  		}
  	}

 --
 2.38.1.584.g0f3c55d4c2-goog
	From 9815fcaefd33bbebe1859512784a6b935ddcb733 Mon Sep 17 00:00:00 2001
	From: Kevin Cernekee <cernekee@chromium.org>
	Date: Thu, 30 Jun 2016 20:49:37 -0700
	Subject: [PATCH] CHROMIUM: Export /proc/sys/net/core/android_paranoid in user
	namespaces

	This knob requires special treatment because we depend on it being
	available inside the container. When user namespaces were enabled,
	the other knob (somaxconn) vanished.

	BUG=b:27932716
	TEST=`android-sh -c "ls /proc/sys/net/core"`

	Signed-off-by: Kevin Cernekee <cernekee@chromium.org>
	Reviewed-on: https://chromium-review.googlesource.com/362672
	Reviewed-by: Guenter Roeck <groeck@google.com>

	(cherry picked from commit 42721a768f86a1cf7d318b59fa03ba69fa10fb3b)

	Change-Id: I22c29fc29ad774c2a70ce9f9148141974dab39e7
	Signed-off-by: Taoyu Li <taoyl@google.com>
	Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/2213510
	Tested-by: Taoyu Li <taoyl@chromium.org>
	Reviewed-by: Guenter Roeck <groeck@chromium.org>
	Commit-Queue: Taoyu Li <taoyl@chromium.org>
	Auto-Submit: Taoyu Li <taoyl@chromium.org>
	---
	net/core/sysctl_net_core.c \| 17 ++++++++++-------
	1 file changed, 10 insertions(+), 7 deletions(-)

	diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
	index a9b92490842e87f567b06aeab1d57c7e25c9c104..22d86f59f1bc70faa1e0d1f101b7f3fa365aa4b8 100644
	--- a/net/core/sysctl_net_core.c
	+++ b/net/core/sysctl_net_core.c
	@@ -599,20 +599,20 @@ static struct ctl_table net_core_table[] = {

	static struct ctl_table netns_core_table[] = {
	{
	- .procname = "somaxconn",
	- .data = &init_net.core.sysctl_somaxconn,
	+ .procname = "android_paranoid",
	+ .data = &init_net.core.sysctl_android_paranoid,
	.maxlen = sizeof(int),
	.mode = 0644,
	.extra1 = SYSCTL_ZERO,
	+ .extra2 = SYSCTL_ONE,
	.proc_handler = proc_dointvec_minmax
	},
	{
	- .procname = "android_paranoid",
	- .data = &init_net.core.sysctl_android_paranoid,
	+ .procname = "somaxconn",
	+ .data = &init_net.core.sysctl_somaxconn,
	.maxlen = sizeof(int),
	.mode = 0644,
	.extra1 = SYSCTL_ZERO,
	- .extra2 = SYSCTL_ONE,
	.proc_handler = proc_dointvec_minmax
	},
	{
	@@ -655,9 +655,12 @@ static __net_init int sysctl_core_net_init(struct net *net)
	for (tmp = tbl; tmp->procname; tmp++)
	tmp->data += (char )net - (char )&init_net;

	- /* Don't export any sysctls to unprivileged users */
	+ /* Don't export sysctls other than android_paranoid
	+ * to unprivileged users
	+ */
	if (net->user_ns != &init_user_ns) {
	- tbl[0].procname = NULL;
	+ tbl[1].procname = NULL;
	+ tbl[2].procname = NULL;
	}
	}

	--
	2.38.1.584.g0f3c55d4c2-goog