[Devel] [PATCH RH9 08/16] ve/sysctl/net: allow "net.unix.max_dgram_qlen" sysctl in CT init userns

Pavel Tikhomirov ptikhomirov at virtuozzo.com
Tue Sep 28 15:40:58 MSK 2021


The sysctl is virtualized and we had it available in VZ6 CT, also skbs
in unix socket's queue are accounted in memcg as GFP_KERNEL_ACCOUNT.

With default sysctl value (10), messages from systemd journald could miss
syslog log.

https://jira.sw.ru/browse/PSBM-54530

Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
Reviewed-by: Cyrill Gorcunov <gorcunov at openvz.org>

(cherry picked from commit e365fd5bb2312d17d0e9dd6db9804e5fbaf2044f)
Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>

(cherry picked from vz8 commit fc29b8b2da0918e28be2e4b3a53ff44d6a6e4b3c)
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
---
 net/unix/sysctl_net_unix.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/unix/sysctl_net_unix.c b/net/unix/sysctl_net_unix.c
index c09bea89151b..614f8140fa31 100644
--- a/net/unix/sysctl_net_unix.c
+++ b/net/unix/sysctl_net_unix.c
@@ -8,6 +8,7 @@
 #include <linux/mm.h>
 #include <linux/slab.h>
 #include <linux/sysctl.h>
+#include <linux/ve.h>
 
 #include <net/af_unix.h>
 
@@ -31,7 +32,7 @@ int __net_init unix_sysctl_register(struct net *net)
 		goto err_alloc;
 
 	/* Don't export sysctls to unprivileged users */
-	if (net->user_ns != &init_user_ns)
+	if (ve_net_hide_sysctl(net))
 		table[0].procname = NULL;
 
 	table[0].data = &net->unx.sysctl_max_dgram_qlen;
-- 
2.31.1



More information about the Devel mailing list