[Devel] [PATCH RHEL7 COMMIT] ve/net_ns: move net_access_allowed definition under CONFIG_NET_NS

Wed Nov 25 02:17:04 PST 2015

The commit is pushed to "branch-rh7-3.10.0-229.7.2.vz7.9.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-229.7.2.vz7.9.13
------>
commit 7664490711e981da2a903ebb0c4f164c06e5e944
Author: Stanislav Kinsburskiy <skinsbursky at virtuozzo.com>
Date:   Wed Nov 25 14:17:04 2015 +0400

    ve/net_ns: move net_access_allowed definition under CONFIG_NET_NS
    
    It was under NETNS_REFCNT_DEBUG by mistake.
    
    khorenko@: The original logic of the code was to allow
    Containers to see (netstat) only own connections, while
    the Host should be able to see connections of all Containers.
    
    https://jira.sw.ru/browse/PSBM-41530
    https://bugs.openvz.org/browse/OVZ-6600
    https://bugs.openvz.org/browse/OVZ-5192
    
    Signed-off-by: Stanislav Kinsburskiy <skinsbursky at virtuozzo.com>
---
 include/net/net_namespace.h | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h
index 6559905..ea17176 100644
--- a/include/net/net_namespace.h
+++ b/include/net/net_namespace.h
@@ -208,6 +208,11 @@ int net_eq(const struct net *net1, const struct net *net2)
 
 extern void net_drop_ns(void *);
 
+/* Returns whether curr can mess with net's objects */
+static inline int net_access_allowed(const struct net *net, const struct net *curr)
+{
+	return net_eq(curr, &init_net) || net_eq(curr, net);
+}
 #else
 
 static inline struct net *get_net(struct net *net)
@@ -231,6 +236,11 @@ int net_eq(const struct net *net1, const struct net *net2)
 }
 
 #define net_drop_ns NULL
+
+static inline int net_access_allowed(const struct net *net, const struct net *curr)
+{
+	return 1;
+}
 #endif
 
 
@@ -248,11 +258,6 @@ static inline void release_net(struct net *net)
 		atomic_dec(&net->use_count);
 }
 
-/* Returns whether curr can mess with net's objects */
-static inline int net_access_allowed(const struct net *net, const struct net *curr)
-{
-	return net_eq(curr, &init_net) || net_eq(curr, net);
-}
 #else
 static inline struct net *hold_net(struct net *net)
 {
@@ -262,11 +267,6 @@ static inline struct net *hold_net(struct net *net)
 static inline void release_net(struct net *net)
 {
 }
-
-static inline int net_access_allowed(const struct net *net, const struct net *curr)
-{
-	return 1;
-}
 #endif
 
 #ifdef CONFIG_NET_NS
