From mboxrd@z Thu Jan 1 00:00:00 1970 From: Vasiliy Kulikov Subject: Re: [PATCH 07/21] userns: Use kgids for sysctl_ping_group_range Date: Mon, 20 Aug 2012 22:09:23 +0400 Message-ID: <20120820180923.GA13669@cachalot> References: <87ehnav9n5.fsf@xmission.com> <1344889115-21610-1-git-send-email-ebiederm@xmission.com> <1344889115-21610-7-git-send-email-ebiederm@xmission.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Cc: netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org, linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, David Miller To: "Eric W. Biederman" Return-path: Content-Disposition: inline In-Reply-To: <1344889115-21610-7-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org List-Id: netdev.vger.kernel.org On Mon, Aug 13, 2012 at 13:18 -0700, Eric W. Biederman wrote: > From: "Eric W. Biederman" > > - Store sysctl_ping_group_range as a paire of kgid_t values > instead of a pair of gid_t values. > - Move the kgid conversion work from ping_init_sock into ipv4_ping_group_range > - For invalid cases reset to the default disabled state. > > With the kgid_t conversion made part of the original value sanitation > from userspace understand how the code will react becomes clearer > and it becomes possible to set the sysctl ping group range from > something other than the initial user namespace. > > Cc: Vasiliy Kulikov > Signed-off-by: Eric W. Biederman Looks good. Acked-by: Vasiliy Kulikov Thanks, -- Vasiliy Kulikov http://www.openwall.com - bringing security into open computing environments