• Romain Francoise's avatar
    ipv6: Silence privacy extensions initialization · 2fdc1c80
    Romain Francoise authored
    When a network namespace is created (via CLONE_NEWNET), the loopback
    interface is automatically added to the new namespace, triggering a
    printk in ipv6_add_dev() if CONFIG_IPV6_PRIVACY is set.
    
    This is problematic for applications which use CLONE_NEWNET as
    part of a sandbox, like Chromium's suid sandbox or recent versions of
    vsftpd. On a busy machine, it can lead to thousands of useless
    "lo: Disabled Privacy Extensions" messages appearing in dmesg.
    
    It's easy enough to check the status of privacy extensions via the
    use_tempaddr sysctl, so just removing the printk seems like the most
    sensible solution.
    Signed-off-by: default avatarRomain Francoise <romain@orebokech.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    2fdc1c80
addrconf.c 114 KB