From: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman)
To: netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Cc: Linux Containers
<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>,
David Miller <davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>
Subject: [REVIEW][PATCH 0/21] User namespace changes to the networking stack.
Date: Mon, 13 Aug 2012 13:07:10 -0700 [thread overview]
Message-ID: <87ehnav9n5.fsf@xmission.com> (raw)
This is a modest set of changes against the current networking stack to
enable basic user namespace support. Allowing the code to compile with
user namespaces enabled and removing the assumption that there is only
the initial user namespace.
Work to relax the privilege checks in the networking stack from
"capable(CAP_NET_ADMIN)" or "capable(CAP_NET_RAW)" to
"ns_capable(net->user_ns, CAP_NET_ADMIN)" or
"ns_capable(net->user_ns, CAP_NET_RAW)" allowing root in a user
namespace to control a network namespace will come later.
David there are just enough interdependencies between the user namespace
bits that I intend to merge them all through my user namespace tree.
After the review is complete I will add these patches to my for-next
branch of my user-namespace.git tree where I do not intend to rebase.
If it make sense to pull these into net-next to avoid or reduce
conflicts that should not be a problem.
A current snapshot of my development tree for people who are interested
in seeing the entire picture is at:
git.kernel.org:/pub/scm/linux/kernel/git/ebiederm/user-namespace.git userns-always-map-user-v46
Eric W. Biederman (21):
userns: Convert net/core/scm.c to use kuids and kgids
userns: Convert __dev_set_promiscuity to use kuids in audit logs
userns: Convert sock_i_uid to return a kuid_t
userns: Allow USER_NS and NET simultaneously in Kconfig
userns: Make seq_file's user namespace accessible
userns: Print out socket uids in a user namespace aware fashion.
userns: Use kgids for sysctl_ping_group_range
net ip6 flowlabel: Make owner a union of struct pid * and kuid_t
pidns: Export free_pid_ns
userns: Convert net/ax25 to use kuid_t where appropriate
netlink: Make the sending netlink socket availabe in NETLINK_CB
userns: Implement sk_user_ns
userns: Teach inet_diag to work with user namespaces
userns: nfnetlink_log: Report socket uids in the log sockets user namespace
net sched: Pass the skb into change so it can access NETLINK_CB
userns: Convert cls_flow to work with user namespaces enabled
userns: Convert xt_LOG to print socket kuids and kgids as uids and gids
userns xt_recent: Specify the owner/group of ip_list_perms in the initial user namespace
userns: xt_owner: Add basic user namespace support.
userns: Make the airo wireless driver use kuids for proc uids and gids
userns: Convert tun/tap to use kuid and kgid where appropriate
drivers/net/tun.c | 46 ++++++++++++++++++++++++++-----------
drivers/net/wireless/airo.c | 48 +++++++++++++++++++++++----------------
fs/seq_file.c | 4 +++
include/linux/inet_diag.h | 1 +
include/linux/netlink.h | 1 +
include/linux/seq_file.h | 14 +++++++++++
include/net/ax25.h | 4 +-
include/net/ipv6.h | 5 +++-
include/net/netns/ipv4.h | 3 +-
include/net/sch_generic.h | 3 +-
include/net/sock.h | 11 ++++++++-
include/net/tcp.h | 3 +-
init/Kconfig | 18 --------------
kernel/pid.c | 1 +
kernel/pid_namespace.c | 2 +
net/appletalk/atalk_proc.c | 3 +-
net/ax25/ax25_uid.c | 21 +++++++++++-----
net/core/dev.c | 7 +++--
net/core/scm.c | 31 ++++++++++++++++++------
net/core/sock.c | 10 ++++----
net/ipv4/inet_diag.c | 21 ++++++++++++-----
net/ipv4/ping.c | 22 +++++++----------
net/ipv4/raw.c | 4 ++-
net/ipv4/sysctl_net_ipv4.c | 42 ++++++++++++++++++++++------------
net/ipv4/tcp_ipv4.c | 6 ++--
net/ipv4/udp.c | 4 ++-
net/ipv4/udp_diag.c | 5 +++-
net/ipv6/ip6_flowlabel.c | 50 +++++++++++++++++++++++++++++++++++-----
net/ipv6/raw.c | 3 +-
net/ipv6/tcp_ipv6.c | 6 ++--
net/ipv6/udp.c | 3 +-
net/ipx/ipx_proc.c | 3 +-
net/key/af_key.c | 2 +-
net/llc/llc_proc.c | 2 +-
net/netfilter/nfnetlink_log.c | 14 ++++++++---
net/netfilter/xt_LOG.c | 16 ++++++++-----
net/netfilter/xt_owner.c | 30 +++++++++++++++++++-----
net/netfilter/xt_recent.c | 13 +++++++++-
net/netlink/af_netlink.c | 6 +++-
net/packet/af_packet.c | 2 +-
net/phonet/socket.c | 6 +++-
net/sched/cls_api.c | 2 +-
net/sched/cls_basic.c | 3 +-
net/sched/cls_cgroup.c | 3 +-
net/sched/cls_flow.c | 19 +++++++++++----
net/sched/cls_fw.c | 3 +-
net/sched/cls_route.c | 3 +-
net/sched/cls_rsvp.h | 3 +-
net/sched/cls_tcindex.c | 3 +-
net/sched/cls_u32.c | 3 +-
net/sctp/proc.c | 6 +++-
51 files changed, 368 insertions(+), 176 deletions(-)
Eric
WARNING: multiple messages have this Message-ID (diff)
From: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman)
To: <netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Cc: Linux Containers
<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>,
David Miller <davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>
Subject: [REVIEW][PATCH 0/21] User namespace changes to the networking stack.
Date: Mon, 13 Aug 2012 13:07:10 -0700 [thread overview]
Message-ID: <87ehnav9n5.fsf@xmission.com> (raw)
This is a modest set of changes against the current networking stack to
enable basic user namespace support. Allowing the code to compile with
user namespaces enabled and removing the assumption that there is only
the initial user namespace.
Work to relax the privilege checks in the networking stack from
"capable(CAP_NET_ADMIN)" or "capable(CAP_NET_RAW)" to
"ns_capable(net->user_ns, CAP_NET_ADMIN)" or
"ns_capable(net->user_ns, CAP_NET_RAW)" allowing root in a user
namespace to control a network namespace will come later.
David there are just enough interdependencies between the user namespace
bits that I intend to merge them all through my user namespace tree.
After the review is complete I will add these patches to my for-next
branch of my user-namespace.git tree where I do not intend to rebase.
If it make sense to pull these into net-next to avoid or reduce
conflicts that should not be a problem.
A current snapshot of my development tree for people who are interested
in seeing the entire picture is at:
git.kernel.org:/pub/scm/linux/kernel/git/ebiederm/user-namespace.git userns-always-map-user-v46
Eric W. Biederman (21):
userns: Convert net/core/scm.c to use kuids and kgids
userns: Convert __dev_set_promiscuity to use kuids in audit logs
userns: Convert sock_i_uid to return a kuid_t
userns: Allow USER_NS and NET simultaneously in Kconfig
userns: Make seq_file's user namespace accessible
userns: Print out socket uids in a user namespace aware fashion.
userns: Use kgids for sysctl_ping_group_range
net ip6 flowlabel: Make owner a union of struct pid * and kuid_t
pidns: Export free_pid_ns
userns: Convert net/ax25 to use kuid_t where appropriate
netlink: Make the sending netlink socket availabe in NETLINK_CB
userns: Implement sk_user_ns
userns: Teach inet_diag to work with user namespaces
userns: nfnetlink_log: Report socket uids in the log sockets user namespace
net sched: Pass the skb into change so it can access NETLINK_CB
userns: Convert cls_flow to work with user namespaces enabled
userns: Convert xt_LOG to print socket kuids and kgids as uids and gids
userns xt_recent: Specify the owner/group of ip_list_perms in the initial user namespace
userns: xt_owner: Add basic user namespace support.
userns: Make the airo wireless driver use kuids for proc uids and gids
userns: Convert tun/tap to use kuid and kgid where appropriate
drivers/net/tun.c | 46 ++++++++++++++++++++++++++-----------
drivers/net/wireless/airo.c | 48 +++++++++++++++++++++++----------------
fs/seq_file.c | 4 +++
include/linux/inet_diag.h | 1 +
include/linux/netlink.h | 1 +
include/linux/seq_file.h | 14 +++++++++++
include/net/ax25.h | 4 +-
include/net/ipv6.h | 5 +++-
include/net/netns/ipv4.h | 3 +-
include/net/sch_generic.h | 3 +-
include/net/sock.h | 11 ++++++++-
include/net/tcp.h | 3 +-
init/Kconfig | 18 --------------
kernel/pid.c | 1 +
kernel/pid_namespace.c | 2 +
net/appletalk/atalk_proc.c | 3 +-
net/ax25/ax25_uid.c | 21 +++++++++++-----
net/core/dev.c | 7 +++--
net/core/scm.c | 31 ++++++++++++++++++------
net/core/sock.c | 10 ++++----
net/ipv4/inet_diag.c | 21 ++++++++++++-----
net/ipv4/ping.c | 22 +++++++----------
net/ipv4/raw.c | 4 ++-
net/ipv4/sysctl_net_ipv4.c | 42 ++++++++++++++++++++++------------
net/ipv4/tcp_ipv4.c | 6 ++--
net/ipv4/udp.c | 4 ++-
net/ipv4/udp_diag.c | 5 +++-
net/ipv6/ip6_flowlabel.c | 50 +++++++++++++++++++++++++++++++++++-----
net/ipv6/raw.c | 3 +-
net/ipv6/tcp_ipv6.c | 6 ++--
net/ipv6/udp.c | 3 +-
net/ipx/ipx_proc.c | 3 +-
net/key/af_key.c | 2 +-
net/llc/llc_proc.c | 2 +-
net/netfilter/nfnetlink_log.c | 14 ++++++++---
net/netfilter/xt_LOG.c | 16 ++++++++-----
net/netfilter/xt_owner.c | 30 +++++++++++++++++++-----
net/netfilter/xt_recent.c | 13 +++++++++-
net/netlink/af_netlink.c | 6 +++-
net/packet/af_packet.c | 2 +-
net/phonet/socket.c | 6 +++-
net/sched/cls_api.c | 2 +-
net/sched/cls_basic.c | 3 +-
net/sched/cls_cgroup.c | 3 +-
net/sched/cls_flow.c | 19 +++++++++++----
net/sched/cls_fw.c | 3 +-
net/sched/cls_route.c | 3 +-
net/sched/cls_rsvp.h | 3 +-
net/sched/cls_tcindex.c | 3 +-
net/sched/cls_u32.c | 3 +-
net/sctp/proc.c | 6 +++-
51 files changed, 368 insertions(+), 176 deletions(-)
Eric
next reply other threads:[~2012-08-13 20:07 UTC|newest]
Thread overview: 82+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-13 20:07 Eric W. Biederman [this message]
2012-08-13 20:07 ` [REVIEW][PATCH 0/21] User namespace changes to the networking stack Eric W. Biederman
[not found] ` <87ehnav9n5.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-08-13 20:18 ` [PATCH 01/21] userns: Convert net/core/scm.c to use kuids and kgids Eric W. Biederman
2012-08-13 20:18 ` Eric W. Biederman
2012-08-13 20:18 ` Eric W. Biederman
[not found] ` <1344889115-21610-1-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-08-13 20:18 ` [PATCH 02/21] userns: Convert __dev_set_promiscuity to use kuids in audit logs Eric W. Biederman
2012-08-13 20:18 ` Eric W. Biederman
2012-08-13 20:18 ` Eric W. Biederman
2012-08-13 20:18 ` [PATCH 03/21] userns: Convert sock_i_uid to return a kuid_t Eric W. Biederman
2012-08-13 20:18 ` Eric W. Biederman
2012-08-13 20:18 ` Eric W. Biederman
2012-08-13 20:18 ` [PATCH 04/21] userns: Allow USER_NS and NET simultaneously in Kconfig Eric W. Biederman
2012-08-13 20:18 ` Eric W. Biederman
2012-08-13 20:18 ` Eric W. Biederman
2012-08-13 20:18 ` [PATCH 05/21] userns: Make seq_file's user namespace accessible Eric W. Biederman
2012-08-13 20:18 ` Eric W. Biederman
2012-08-13 20:18 ` Eric W. Biederman
2012-08-13 20:18 ` [PATCH 06/21] userns: Print out socket uids in a user namespace aware fashion Eric W. Biederman
2012-08-13 20:18 ` Eric W. Biederman
2012-08-13 20:18 ` Eric W. Biederman
[not found] ` <1344889115-21610-6-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-08-13 20:26 ` Rémi Denis-Courmont
2012-08-13 20:26 ` Rémi Denis-Courmont
[not found] ` <201208132326.35045.remi-AzDNUFsAnHasTnJN9+BGXg@public.gmane.org>
2012-08-15 4:47 ` Eric W. Biederman
2012-08-15 4:47 ` Eric W. Biederman
2012-08-15 3:22 ` Vlad Yasevich
2012-08-15 3:22 ` Vlad Yasevich
2012-08-13 20:18 ` [PATCH 07/21] userns: Use kgids for sysctl_ping_group_range Eric W. Biederman
2012-08-13 20:18 ` Eric W. Biederman
2012-08-13 20:18 ` Eric W. Biederman
[not found] ` <1344889115-21610-7-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-08-20 18:09 ` Vasiliy Kulikov
2012-08-20 18:09 ` Vasiliy Kulikov
2012-08-13 20:18 ` [PATCH 08/21] net ip6 flowlabel: Make owner a union of struct pid * and kuid_t Eric W. Biederman
2012-08-13 20:18 ` Eric W. Biederman
2012-08-13 20:18 ` Eric W. Biederman
2012-08-13 20:18 ` [PATCH 09/21] pidns: Export free_pid_ns Eric W. Biederman
2012-08-13 20:18 ` Eric W. Biederman
2012-08-13 20:18 ` Eric W. Biederman
2012-08-13 20:18 ` [PATCH 10/21] userns: Convert net/ax25 to use kuid_t where appropriate Eric W. Biederman
2012-08-13 20:18 ` [PATCH 11/21] netlink: Make the sending netlink socket availabe in NETLINK_CB Eric W. Biederman
2012-08-13 20:18 ` Eric W. Biederman
2012-08-13 20:18 ` Eric W. Biederman
2012-08-13 20:18 ` [PATCH 12/21] userns: Implement sk_user_ns Eric W. Biederman
2012-08-13 20:18 ` Eric W. Biederman
2012-08-13 20:18 ` Eric W. Biederman
2012-08-13 20:18 ` [PATCH 13/21] userns: Teach inet_diag to work with user namespaces Eric W. Biederman
2012-08-13 20:18 ` Eric W. Biederman
2012-08-13 20:18 ` Eric W. Biederman
[not found] ` <1344889115-21610-13-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-08-14 8:35 ` Pavel Emelyanov
2012-08-14 8:35 ` Pavel Emelyanov
2012-08-13 20:18 ` [PATCH 14/21] userns: nfnetlink_log: Report socket uids in the log sockets user namespace Eric W. Biederman
2012-08-13 20:18 ` Eric W. Biederman
2012-08-13 20:18 ` Eric W. Biederman
2012-08-13 20:18 ` [PATCH 15/21] net sched: Pass the skb into change so it can access NETLINK_CB Eric W. Biederman
2012-08-13 20:18 ` Eric W. Biederman
2012-08-13 20:18 ` Eric W. Biederman
[not found] ` <1344889115-21610-15-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-08-15 8:11 ` Jamal Hadi Salim
2012-08-15 8:11 ` Jamal Hadi Salim
2012-08-13 20:18 ` [PATCH 16/21] userns: Convert cls_flow to work with user namespaces enabled Eric W. Biederman
2012-08-13 20:18 ` Eric W. Biederman
2012-08-13 20:18 ` Eric W. Biederman
2012-08-13 20:18 ` [PATCH 17/21] userns: Convert xt_LOG to print socket kuids and kgids as uids and gids Eric W. Biederman
2012-08-13 20:18 ` Eric W. Biederman
2012-08-13 20:18 ` Eric W. Biederman
2012-08-13 20:18 ` [PATCH 18/21] userns xt_recent: Specify the owner/group of ip_list_perms in the initial user namespace Eric W. Biederman
2012-08-13 20:18 ` Eric W. Biederman
2012-08-13 20:18 ` Eric W. Biederman
2012-08-13 20:18 ` [PATCH 19/21] userns: xt_owner: Add basic user namespace support Eric W. Biederman
2012-08-13 20:18 ` Eric W. Biederman
2012-08-13 20:18 ` Eric W. Biederman
2012-08-13 20:18 ` [PATCH 20/21] userns: Make the airo wireless driver use kuids for proc uids and gids Eric W. Biederman
2012-08-13 20:18 ` Eric W. Biederman
2012-08-13 20:18 ` Eric W. Biederman
2012-08-13 20:18 ` [PATCH 21/21] userns: Convert tun/tap to use kuid and kgid where appropriate Eric W. Biederman
2012-08-13 20:18 ` Eric W. Biederman
2012-08-13 20:18 ` Eric W. Biederman
2012-08-13 20:18 ` [PATCH 10/21] userns: Convert net/ax25 to use kuid_t " Eric W. Biederman
2012-08-15 0:12 ` [REVIEW][PATCH 0/21] User namespace changes to the networking stack David Miller
[not found] ` <20120814.171203.1784557890475348401.davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>
2012-08-15 0:47 ` Eric W. Biederman
2012-08-15 6:37 ` Eric W. Biederman
[not found] ` <87boicfyo9.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-08-25 1:42 ` David Miller
[not found] ` <20120824.214237.2157641321364380276.davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>
2012-08-25 3:46 ` Eric W. Biederman
2012-08-15 0:47 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ehnav9n5.fsf@xmission.com \
--to=ebiederm-as9lmozglivwk0htik3j/w@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org \
--cc=netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.