From ce7dbb45a0965b9d99a734e4b4f541e7580e9b5b Mon Sep 17 00:00:00 2001
From: dyoung <dyoung@NetBSD.org>
Date: Sun, 30 Aug 2009 02:03:58 +0000
Subject: [PATCH] Stop the admin from creating nodes under
 net.inet.ip.interfaces or net.inet.ip.interfaces.<ifname>.

---
 sys/netinet/in_selsrc.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/sys/netinet/in_selsrc.c b/sys/netinet/in_selsrc.c
index 876148b20837..39551db49019 100644
--- a/sys/netinet/in_selsrc.c
+++ b/sys/netinet/in_selsrc.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: in_selsrc.c,v 1.6 2007/12/04 10:33:11 dyoung Exp $	*/
+/*	$NetBSD: in_selsrc.c,v 1.7 2009/08/30 02:03:58 dyoung Exp $	*/
 
 /*-
  * Copyright (c) 2005 David Young.  All rights reserved.
@@ -35,7 +35,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: in_selsrc.c,v 1.6 2007/12/04 10:33:11 dyoung Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in_selsrc.c,v 1.7 2009/08/30 02:03:58 dyoung Exp $");
 
 #include "opt_inet.h"
 #include "opt_inet_conf.h"
@@ -508,7 +508,7 @@ in_domifattach_sysctl(struct in_ifsysctl *isc)
 	const struct sysctlnode *rnode;
 
 	if ((rc = sysctl_createv(&isc->isc_log, 0, NULL, &rnode,
-	                         CTLFLAG_READWRITE, CTLTYPE_NODE,
+	                         CTLFLAG_READONLY, CTLTYPE_NODE,
 				 "interfaces", NULL,
 				 NULL, 0, NULL, 0,
 				 CTL_NET, PF_INET, IPPROTO_IP, CTL_CREATE,
@@ -518,7 +518,7 @@ in_domifattach_sysctl(struct in_ifsysctl *isc)
 		return NULL;
 	}
 	if ((rc = sysctl_createv(&isc->isc_log, 0, &rnode, &rnode,
-	                         CTLFLAG_READWRITE, CTLTYPE_NODE,
+	                         CTLFLAG_READONLY, CTLTYPE_NODE,
 				 isc->isc_ifp->if_xname,
 				 SYSCTL_DESCR("interface ip options"),
 				 NULL, 0, NULL, 0, CTL_CREATE, CTL_EOL)) != 0) {