net: Don't export sysctls to unprivileged users

[linux-2.6-block.git] / net / netfilter / ipvs / ip_vs_lblc.c

diff --git a/net/netfilter/ipvs/ip_vs_lblc.c b/net/netfilter/ipvs/ip_vs_lblc.c
index cbd37489ac77bfabaa78bb8811a3f34c35829ed1..d742aa9780ec30445a46d8c50e9445ce83f2054b 100644 (file)
--- a/net/netfilter/ipvs/ip_vs_lblc.c
+++ b/net/netfilter/ipvs/ip_vs_lblc.c
@@ -560,6 +560,11 @@ static int __net_init __ip_vs_lblc_init(struct net *net)
                                                GFP_KERNEL);
                if (ipvs->lblc_ctl_table == NULL)
                        return -ENOMEM;
+
+               /* Don't export sysctls to unprivileged users */
+               if (net->user_ns != &init_user_ns)
+                       ipvs->lblc_ctl_table[0].procname = NULL;
+
        } else
                ipvs->lblc_ctl_table = vs_vars_table;
        ipvs->sysctl_lblc_expiration = DEFAULT_EXPIRATION;
@@ -569,7 +574,7 @@ static int __net_init __ip_vs_lblc_init(struct net *net)
                register_net_sysctl(net, "net/ipv4/vs", ipvs->lblc_ctl_table);
        if (!ipvs->lblc_ctl_header) {
                if (!net_eq(net, &init_net))
-                       kfree(ipvs->lblc_ctl_table);
+                       kfree(ipvs->lblc_ctl_table);\
                return -ENOMEM;
        }