Commit 2fdc1c80 authored by Romain Francoise's avatar Romain Francoise Committed by David S. Miller
Browse files

ipv6: Silence privacy extensions initialization 



When a network namespace is created (via CLONE_NEWNET), the loopback
interface is automatically added to the new namespace, triggering a
printk in ipv6_add_dev() if CONFIG_IPV6_PRIVACY is set.

This is problematic for applications which use CLONE_NEWNET as
part of a sandbox, like Chromium's suid sandbox or recent versions of
vsftpd. On a busy machine, it can lead to thousands of useless
"lo: Disabled Privacy Extensions" messages appearing in dmesg.

It's easy enough to check the status of privacy extensions via the
use_tempaddr sysctl, so just removing the printk seems like the most
sensible solution.

Signed-off-by: default avatarRomain Francoise <romain@orebokech.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 6aefc522

net/ipv6/addrconf.c

+0 −3
Original line number Diff line number Diff line
@@ -420,9 +420,6 @@ static struct inet6_dev * ipv6_add_dev(struct net_device *dev) 
	    dev->type == ARPHRD_TUNNEL6 ||

	    dev->type == ARPHRD_SIT ||

	    dev->type == ARPHRD_NONE) {

		printk(KERN_INFO

		       "%s: Disabled Privacy Extensions\n",

		       dev->name);

		ndev->cnf.use_tempaddr = -1;

	} else {

		in6_dev_hold(ndev);

CRA Git | Maintained and supported by SUSTech CRA and CCSE