ipv4: Allow unprivileged users to use per net sysctls

Allow unprivileged users to use:
/proc/sys/net/ipv4/icmp_echo_ignore_all
/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
/proc/sys/net/ipv4/icmp_ignore_bogus_error_response
/proc/sys/net/ipv4/icmp_errors_use_inbound_ifaddr
/proc/sys/net/ipv4/icmp_ratelimit
/proc/sys/net/ipv4/icmp_ratemask
/proc/sys/net/ipv4/ping_group_range
/proc/sys/net/ipv4/tcp_ecn
/proc/sys/net/ipv4/ip_local_ports_range

These are occassionally handy and after a quick review I don't see
any problems with unprivileged users using them.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

1 files changed, 0 insertions, 4 deletions

diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
index 3a05e8123235..d5b1390eebbe 100644
--- a/net/ipv4/sysctl_net_ipv4.c
+++ b/net/ipv4/sysctl_net_ipv4.c
@@ -847,10 +847,6 @@ static __net_init int ipv4_sysctl_init_net(struct net *net)
                 /* Update the variables to point into the current struct net */
                 for (i = 0; i < ARRAY_SIZE(ipv4_net_table) - 1; i++)
                         table[i].data += (void *)net - (void *)&init_net;
-
-                /* Don't export sysctls to unprivileged users */
-                if (net->user_ns != &init_user_ns)
-                        table[0].procname = NULL;
         }
 
         /*