summaryrefslogtreecommitdiff
path: root/net/netfilter
diff options
context:
space:
mode:
authorMax Krummenacher <max.krummenacher@toradex.com>2021-11-04 16:45:40 +0100
committerMax Krummenacher <max.krummenacher@toradex.com>2021-11-04 16:45:40 +0100
commit4a0abd7dd466276ee3fdf79b54f05f845f7d8844 (patch)
treefc43c16f111b65876c05e227fbd76e76604acf33 /net/netfilter
parentf8e718054f4421d11638e370b933ccc6c77466ed (diff)
parente0018f4c9325b36ae75a591d54879bf9a9f41a26 (diff)
Merge tag 'v4.4.291' into toradex_vf_4.4-nexttoradex_vf_4.4-nexttoradex_vf_4.4
This is the 4.4.291 stable release Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
Diffstat (limited to 'net/netfilter')
-rw-r--r--net/netfilter/Kconfig2
-rw-r--r--net/netfilter/ipvs/ip_vs_ctl.c5
2 files changed, 6 insertions, 1 deletions
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index 4692782b5280..c244711a0b91 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -71,7 +71,7 @@ config NF_CONNTRACK_MARK
config NF_CONNTRACK_SECMARK
bool 'Connection tracking security mark support'
depends on NETWORK_SECMARK
- default m if NETFILTER_ADVANCED=n
+ default y if NETFILTER_ADVANCED=n
help
This option enables security markings to be applied to
connections. Typically they are copied to connections from
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 1adbcdda2158..dccaa816c17b 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -3922,6 +3922,11 @@ static int __net_init ip_vs_control_net_init_sysctl(struct netns_ipvs *ipvs)
tbl[idx++].data = &ipvs->sysctl_conn_reuse_mode;
tbl[idx++].data = &ipvs->sysctl_schedule_icmp;
tbl[idx++].data = &ipvs->sysctl_ignore_tunneled;
+#ifdef CONFIG_IP_VS_DEBUG
+ /* Global sysctls must be ro in non-init netns */
+ if (!net_eq(net, &init_net))
+ tbl[idx++].mode = 0444;
+#endif
ipvs->sysctl_hdr = register_net_sysctl(net, "net/ipv4/vs", tbl);
if (ipvs->sysctl_hdr == NULL) {
generated by cgit v1.2.3 (git 2.0.4) at 2024-04-19 15:59:32 +0000