[PATCH net-next 1/6][NETNS]: Introduce sysctl root for read-only net sysctls.

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Pavel Emelyanov <xemul@openvz.org>
To: David Miller <davem@davemloft.net>
Cc: Linux Netdev List <netdev@vger.kernel.org>
Subject: [PATCH net-next 1/6][NETNS]: Introduce sysctl root for read-only net sysctls.
Date: Mon, 19 May 2008 19:52:43 +0400	[thread overview]
Message-ID: <4831A24B.1080807@openvz.org> (raw)
In-Reply-To: <4831A1D6.4090503@openvz.org>

This one stores all ctl-heads in one list and restricts the
permissions not give write access to non-init net namespaces.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>

---
 include/net/net_namespace.h |    3 +++
 net/sysctl_net.c            |   30 ++++++++++++++++++++++++++++++
 2 files changed, 33 insertions(+), 0 deletions(-)

diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h
index aa540e6..8df751b 100644
--- a/include/net/net_namespace.h
+++ b/include/net/net_namespace.h
@@ -201,8 +201,11 @@ extern void unregister_pernet_gen_device(int id, struct pernet_operations *);
 struct ctl_path;
 struct ctl_table;
 struct ctl_table_header;
+
 extern struct ctl_table_header *register_net_sysctl_table(struct net *net,
 	const struct ctl_path *path, struct ctl_table *table);
+extern struct ctl_table_header *register_net_sysctl_rotable(
+	const struct ctl_path *path, struct ctl_table *table);
 extern void unregister_net_sysctl_table(struct ctl_table_header *header);
 
 #endif /* __NET_NET_NAMESPACE_H */
diff --git a/net/sysctl_net.c b/net/sysctl_net.c
index b4f0525..d8e7916 100644
--- a/net/sysctl_net.c
+++ b/net/sysctl_net.c
@@ -40,6 +40,27 @@ static struct ctl_table_root net_sysctl_root = {
 	.lookup = net_ctl_header_lookup,
 };
 
+static LIST_HEAD(net_sysctl_ro_tables);
+static struct list_head *net_ctl_ro_header_lookup(struct ctl_table_root *root,
+		struct nsproxy *namespaces)
+{
+	return &net_sysctl_ro_tables;
+}
+
+static int net_ctl_ro_header_perms(struct ctl_table_root *root,
+		struct nsproxy *namespaces, struct ctl_table *table)
+{
+	if (namespaces->net_ns == &init_net)
+		return table->mode;
+	else
+		return table->mode & ~0222;
+}
+
+static struct ctl_table_root net_sysctl_ro_root = {
+	.lookup = net_ctl_ro_header_lookup,
+	.permissions = net_ctl_ro_header_perms,
+};
+
 static int sysctl_net_init(struct net *net)
 {
 	INIT_LIST_HEAD(&net->sysctl_table_headers);
@@ -64,6 +85,7 @@ static __init int sysctl_init(void)
 	if (ret)
 		goto out;
 	register_sysctl_root(&net_sysctl_root);
+	register_sysctl_root(&net_sysctl_ro_root);
 out:
 	return ret;
 }
@@ -80,6 +102,14 @@ struct ctl_table_header *register_net_sysctl_table(struct net *net,
 }
 EXPORT_SYMBOL_GPL(register_net_sysctl_table);
 
+struct ctl_table_header *register_net_sysctl_rotable(const
+		struct ctl_path *path, struct ctl_table *table)
+{
+	return __register_sysctl_paths(&net_sysctl_ro_root,
+			&init_nsproxy, path, table);
+}
+EXPORT_SYMBOL_GPL(register_net_sysctl_rotable);
+
 void unregister_net_sysctl_table(struct ctl_table_header *header)
 {
 	unregister_sysctl_table(header);
-- 
1.5.3.4

next prev parent reply	other threads:[~2008-05-19 15:55 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-05-19 15:50 [PATCH net-next 0/6][NETNS]: Revisit read-only-in-namespaces sysctls Pavel Emelyanov
2008-05-19 15:52 ` Pavel Emelyanov [this message]
2008-05-19 20:53   ` [PATCH net-next 1/6][NETNS]: Introduce sysctl root for read-only net sysctls David Miller
2008-05-19 15:55 ` [PATCH net-next 2/6][NETNS]: Register net/core/ sysctls at read-only root Pavel Emelyanov
2008-05-19 20:53   ` David Miller
2008-05-19 15:58 ` [PATCH net-next 3/6][FRAGS]: Rename sysctl-related functions/variables Pavel Emelyanov
2008-05-19 20:53   ` David Miller
2008-05-19 16:02 ` [PATCH net-next 4/6][IP6FRAGS]: Handle error, returned from register_pernet_subsys Pavel Emelyanov
2008-05-19 20:54   ` David Miller
2008-05-19 16:04 ` [PATCH net-next 5/6][FRAGS]: Register some ctls at read-only root Pavel Emelyanov
2008-05-19 20:54   ` David Miller
2008-05-19 16:06 ` [PATCH net-next 6/6][IPV6]: Register some net/ipv6/ core sysctls " Pavel Emelyanov
2008-05-19 20:54   ` David Miller

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:aa540e6 dfblob:8df751b dfblob:b4f0525 dfblob:d8e7916 )
 OR (
bs:"[PATCH net-next 1/6][NETNS]: Introduce sysctl root for read-only net sysctls." )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4831A24B.1080807@openvz.org \
    --to=xemul@openvz.org \
    --cc=davem@davemloft.net \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.