From: Jakub Kicinski <kuba@kernel.org>
To: Anjali Kulkarni <anjali.k.kulkarni@oracle.com>
Cc: "davem@davemloft.net" <davem@davemloft.net>,
"edumazet@google.com" <edumazet@google.com>,
"pabeni@redhat.com" <pabeni@redhat.com>,
"zbr@ioremap.net" <zbr@ioremap.net>,
"brauner@kernel.org" <brauner@kernel.org>,
"johannes@sipsolutions.net" <johannes@sipsolutions.net>,
"ecree.xilinx@gmail.com" <ecree.xilinx@gmail.com>,
"leon@kernel.org" <leon@kernel.org>,
"keescook@chromium.org" <keescook@chromium.org>,
"socketcan@hartkopp.net" <socketcan@hartkopp.net>,
"petrm@nvidia.com" <petrm@nvidia.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>
Subject: Re: [PATCH v3 6/7] netlink: Add multicast group level permissions
Date: Fri, 31 Mar 2023 11:13:25 -0700 [thread overview]
Message-ID: <20230331111325.5703499b@kernel.org> (raw)
In-Reply-To: <F49500D6-203F-428C-920A-EA43468A4448@oracle.com>
On Fri, 31 Mar 2023 17:48:18 +0000 Anjali Kulkarni wrote:
> > On Mar 31, 2023, at 10:24 AM, Jakub Kicinski <kuba@kernel.org> wrote:
> > On Fri, 31 Mar 2023 17:00:27 +0000 Anjali Kulkarni wrote:
> >> Are you suggesting adding something like a new struct proto_ops for
> >> the connector family? I have not looked into that, though that would
> >> seem like a lot of work, and also I have not seen any infra structure
> >> to call into protocol specific bind from netlink bind?
> >
> > Where you're adding a release callback in patch 2 - there's a bind
> > callback already three lines above. What am I missing?
> Ah yes, that one is actually meant to be used for adding(bind) and
> deleting(unbind) multicast group memberships. So it is also called
> from setsockopt() - so I think just checking for root access
> permission changes the semantics of what it is meant to be used for?
> Besides we would need to change some of that ordering there (check
> for permissions & netlink_bind call) and changing it for all users of
> netlink might not be a good idea…?
AFAICT genetlink uses that callback in the way I'm suggesting already
(see genl_bind()) so if you can spot a bug or a problem - we need to
fix it :S
next prev parent reply other threads:[~2023-03-31 18:13 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-29 18:25 [PATCH v3 0/7] Process connector bug fixes & enhancements Anjali Kulkarni
2023-03-29 18:25 ` [PATCH v3 1/7] netlink: Reverse the patch which removed filtering Anjali Kulkarni
2023-03-29 18:25 ` [PATCH v3 2/7] netlink: Add new netlink_release function Anjali Kulkarni
2023-03-29 18:25 ` [PATCH v3 3/7] connector/cn_proc: Add filtering to fix some bugs Anjali Kulkarni
2023-03-29 18:25 ` [PATCH v3 4/7] connector/cn_proc: Test code for proc connector Anjali Kulkarni
2023-03-29 18:25 ` [PATCH v3 5/7] connector/cn_proc: Performance improvements Anjali Kulkarni
2023-03-29 18:25 ` [PATCH v3 6/7] netlink: Add multicast group level permissions Anjali Kulkarni
2023-03-31 6:39 ` Jakub Kicinski
2023-03-31 17:00 ` Anjali Kulkarni
2023-03-31 17:24 ` Jakub Kicinski
2023-03-31 17:48 ` Anjali Kulkarni
2023-03-31 18:13 ` Jakub Kicinski [this message]
2023-03-31 18:38 ` Anjali Kulkarni
2023-03-29 18:25 ` [PATCH v3 7/7] connector/cn_proc: Allow non-root users access Anjali Kulkarni
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230331111325.5703499b@kernel.org \
--to=kuba@kernel.org \
--cc=anjali.k.kulkarni@oracle.com \
--cc=brauner@kernel.org \
--cc=davem@davemloft.net \
--cc=ecree.xilinx@gmail.com \
--cc=edumazet@google.com \
--cc=johannes@sipsolutions.net \
--cc=keescook@chromium.org \
--cc=leon@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=petrm@nvidia.com \
--cc=socketcan@hartkopp.net \
--cc=zbr@ioremap.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.