| From bbd7d411498cfb6f1ab216417e14a2fda2747beb Mon Sep 17 00:00:00 2001 |
| From: Romain Francoise <romain@orebokech.com> |
| Date: Mon, 17 Jan 2011 07:59:18 +0000 |
| Subject: ipv6: Silence privacy extensions initialization |
| |
| From: Romain Francoise <romain@orebokech.com> |
| |
| commit 2fdc1c8093255f9da877d7b9ce3f46c2098377dc upstream. |
| |
| When a network namespace is created (via CLONE_NEWNET), the loopback |
| interface is automatically added to the new namespace, triggering a |
| printk in ipv6_add_dev() if CONFIG_IPV6_PRIVACY is set. |
| |
| This is problematic for applications which use CLONE_NEWNET as |
| part of a sandbox, like Chromium's suid sandbox or recent versions of |
| vsftpd. On a busy machine, it can lead to thousands of useless |
| "lo: Disabled Privacy Extensions" messages appearing in dmesg. |
| |
| It's easy enough to check the status of privacy extensions via the |
| use_tempaddr sysctl, so just removing the printk seems like the most |
| sensible solution. |
| |
| Signed-off-by: Romain Francoise <romain@orebokech.com> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| --- |
| net/ipv6/addrconf.c | 3 --- |
| 1 file changed, 3 deletions(-) |
| |
| --- a/net/ipv6/addrconf.c |
| +++ b/net/ipv6/addrconf.c |
| @@ -407,9 +407,6 @@ static struct inet6_dev * ipv6_add_dev(s |
| dev->type == ARPHRD_TUNNEL6 || |
| dev->type == ARPHRD_SIT || |
| dev->type == ARPHRD_NONE) { |
| - printk(KERN_INFO |
| - "%s: Disabled Privacy Extensions\n", |
| - dev->name); |
| ndev->cnf.use_tempaddr = -1; |
| } else { |
| in6_dev_hold(ndev); |
