]> Pileus Git - ~andy/linux/blobdiff - net/netfilter/nf_conntrack_acct.c
projects / ~andy / linux / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
ipmr/ip6mr: advertise mfc stats via rtnetlink
[~andy/linux] / net / netfilter / nf_conntrack_acct.c
diff --git a/net/netfilter/nf_conntrack_acct.c b/net/netfilter/nf_conntrack_acct.c
index d61e0782a797db1d4f4548ef583108f08272b6f4..7df424e2d10cf6146e7c3b38eaf0bf86a2bb0544 100644 (file)
--- a/net/netfilter/nf_conntrack_acct.c
+++ b/net/netfilter/nf_conntrack_acct.c
@@ -69,6 +69,10 @@ static int nf_conntrack_acct_init_sysctl(struct net *net)
 
        table[0].data = &net->ct.sysctl_acct;
 
+       /* Don't export sysctls to unprivileged users */
+       if (net->user_ns != &init_user_ns)
+               table[0].procname = NULL;
+
        net->ct.acct_sysctl_header = register_net_sysctl(net, "net/netfilter",
                                                         table);
        if (!net->ct.acct_sysctl_header) {
Andy's Linux Kernel repo