From: ebiederm@xmission.com (Eric W. Biederman)
To: Christian Brauner <christian.brauner@canonical.com>
Cc: Jiri Benc <jbenc@redhat.com>,
Christian Brauner <christian.brauner@ubuntu.com>,
netdev@vger.kernel.org, ktkhai@virtuozzo.com,
stephen@networkplumber.org, w.bumiller@proxmox.com,
nicolas.dichtel@6wind.com, linux-kernel@vger.kernel.org,
dsahern@gmail.com, davem@davemloft.net
Subject: Re: [PATCH net 1/1 v3] rtnetlink: require unique netns identifier
Date: Wed, 07 Feb 2018 09:20:32 -0600 [thread overview]
Message-ID: <878tc4g727.fsf@xmission.com> (raw)
In-Reply-To: <20180207115050.GA29047@gmail.com> (Christian Brauner's message of "Wed, 7 Feb 2018 12:50:51 +0100")
Christian Brauner <christian.brauner@canonical.com> writes:
> On Wed, Feb 07, 2018 at 12:19:25PM +0100, Jiri Benc wrote:
>> On Tue, 6 Feb 2018 14:19:02 +0100, Christian Brauner wrote:
>> > +/* Verify that rtnetlink requests supporting network namespace ids
>> > + * do not pass additional properties potentially referring to different
>> > + * network namespaces.
>> > + */
>> > +static int rtnl_ensure_unique_netns(struct nlattr *tb[],
>> > + struct netlink_ext_ack *extack)
>> > +{
>> > + /* Requests without network namespace ids have been able to specify
>> > + * multiple properties referring to different network namespaces so
>> > + * don't regress them.
>> > + */
>> > + if (!tb[IFLA_IF_NETNSID])
>> > + return 0;
>>
>> I agree with Eric that we should enforce this also for the existing
>> pid/fd attributes.
>
> Yes, I would prefer this too but in the Linux spirit of never regressing
> userspace I was afraid that there might already be userspace
> applications that stick a pid and an fd at the same time into an
> rtnetlink request. If we are ok with potentially breaking them then we
> should just go for it. It is definitely the cleaner solution.
Odds are low that anything does anything so silly. If we accidentally
cause a regression then we fix it. Unless you have reason to suspect
someone actually does something silly we should be good.
Eric
prev parent reply other threads:[~2018-02-07 15:20 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-06 13:19 [PATCH net 0/1 v3] rtnetlink: require unique netns identifier Christian Brauner
2018-02-06 13:19 ` [PATCH net 1/1 " Christian Brauner
2018-02-07 11:19 ` Jiri Benc
2018-02-07 11:50 ` Christian Brauner
2018-02-07 15:20 ` Eric W. Biederman [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=878tc4g727.fsf@xmission.com \
--to=ebiederm@xmission.com \
--cc=christian.brauner@canonical.com \
--cc=christian.brauner@ubuntu.com \
--cc=davem@davemloft.net \
--cc=dsahern@gmail.com \
--cc=jbenc@redhat.com \
--cc=ktkhai@virtuozzo.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=nicolas.dichtel@6wind.com \
--cc=stephen@networkplumber.org \
--cc=w.bumiller@proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.