diff options
author | Max Krummenacher <max.krummenacher@toradex.com> | 2021-11-04 16:45:40 +0100 |
---|---|---|
committer | Max Krummenacher <max.krummenacher@toradex.com> | 2021-11-04 16:45:40 +0100 |
commit | 4a0abd7dd466276ee3fdf79b54f05f845f7d8844 (patch) | |
tree | fc43c16f111b65876c05e227fbd76e76604acf33 /net/netfilter | |
parent | f8e718054f4421d11638e370b933ccc6c77466ed (diff) | |
parent | e0018f4c9325b36ae75a591d54879bf9a9f41a26 (diff) |
Merge tag 'v4.4.291' into toradex_vf_4.4-nexttoradex_vf_4.4-nexttoradex_vf_4.4
This is the 4.4.291 stable release
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
Diffstat (limited to 'net/netfilter')
-rw-r--r-- | net/netfilter/Kconfig | 2 | ||||
-rw-r--r-- | net/netfilter/ipvs/ip_vs_ctl.c | 5 |
2 files changed, 6 insertions, 1 deletions
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig index 4692782b5280..c244711a0b91 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig @@ -71,7 +71,7 @@ config NF_CONNTRACK_MARK config NF_CONNTRACK_SECMARK bool 'Connection tracking security mark support' depends on NETWORK_SECMARK - default m if NETFILTER_ADVANCED=n + default y if NETFILTER_ADVANCED=n help This option enables security markings to be applied to connections. Typically they are copied to connections from diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c index 1adbcdda2158..dccaa816c17b 100644 --- a/net/netfilter/ipvs/ip_vs_ctl.c +++ b/net/netfilter/ipvs/ip_vs_ctl.c @@ -3922,6 +3922,11 @@ static int __net_init ip_vs_control_net_init_sysctl(struct netns_ipvs *ipvs) tbl[idx++].data = &ipvs->sysctl_conn_reuse_mode; tbl[idx++].data = &ipvs->sysctl_schedule_icmp; tbl[idx++].data = &ipvs->sysctl_ignore_tunneled; +#ifdef CONFIG_IP_VS_DEBUG + /* Global sysctls must be ro in non-init netns */ + if (!net_eq(net, &init_net)) + tbl[idx++].mode = 0444; +#endif ipvs->sysctl_hdr = register_net_sysctl(net, "net/ipv4/vs", tbl); if (ipvs->sysctl_hdr == NULL) { |