[Devel] [PATCH RHEL7 COMMIT] net: export "net/*/neigh/*/*" sysctls for Container

[Konstantin Khorenko]

The commit is pushed to "branch-rh7-3.10.0-1062.12.1.vz7.131.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1062.12.1.vz7.131.5
------>
commit 6fa35d9083245dcb3435c61573b27308e3afb22f
Author: Konstantin Khorenko <khorenko at virtuozzo.com>
Date:   Fri Feb 28 13:05:29 2020 +0300

    net: export "net/*/neigh/*/*" sysctls for Container
    
    Weave Kubernetes plugin requires tuning of
    /proc/sys/net/ipv4/neigh/weave/base_reachable_time in particular,
    
    so let's export neighbour sysctls as well.
    
    https://jira.sw.ru/browse/PSBM-92107
    
    Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
---
 net/core/neighbour.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index fe11e1042c2b3..e85975a8bddfb 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -3201,8 +3201,8 @@ int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p,
 			neigh_proc_base_reachable_time;
 	}
 
-	/* Don't export sysctls to unprivileged users */
-	if (neigh_parms_net(p)->user_ns != &init_user_ns)
+	/* Export sysctls only to root userns on the host and inside a Container */
+	if (ve_net_hide_sysctl(neigh_parms_net(p)))
 		t->neigh_vars[0].procname = NULL;
 
 	switch (neigh_parms_family(p)) {