Message ID | 1359685860-29636-3-git-send-email-gaofeng@cn.fujitsu.com |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
On Fri, Feb 01, 2013 at 10:30:59AM +0800, Gao feng wrote: > since the mdb table is belong to bridge device,and the > bridge device can only be seen in one netns. > So it's safe to allow unprivileged user which is the > creator of userns and netns to modify the mdb table. > > Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> > --- > net/bridge/br_mdb.c | 3 --- > 1 file changed, 3 deletions(-) > > diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c > index acc9f4c..38991e0 100644 > --- a/net/bridge/br_mdb.c > +++ b/net/bridge/br_mdb.c > @@ -272,9 +272,6 @@ static int br_mdb_parse(struct sk_buff *skb, struct nlmsghdr *nlh, > struct net_device *dev; > int err; > > - if (!capable(CAP_NET_ADMIN)) > - return -EPERM; > - I'm wondering why this doesn't follow the: ... - if (!capable(CAP_NET_ADMIN)) + if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) pattern like the rest of the changes you provided. Perhaps I'm neglecting something but it looks wrong to remove the CAP_NET_ADMIN check entirely. Cheers, -Matt Helsley -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 2013/02/01 11:46, Matt Helsley wrote: > On Fri, Feb 01, 2013 at 10:30:59AM +0800, Gao feng wrote: >> since the mdb table is belong to bridge device,and the >> bridge device can only be seen in one netns. >> So it's safe to allow unprivileged user which is the >> creator of userns and netns to modify the mdb table. >> >> Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> >> --- >> net/bridge/br_mdb.c | 3 --- >> 1 file changed, 3 deletions(-) >> >> diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c >> index acc9f4c..38991e0 100644 >> --- a/net/bridge/br_mdb.c >> +++ b/net/bridge/br_mdb.c >> @@ -272,9 +272,6 @@ static int br_mdb_parse(struct sk_buff *skb, struct nlmsghdr *nlh, >> struct net_device *dev; >> int err; >> >> - if (!capable(CAP_NET_ADMIN)) >> - return -EPERM; >> - > > I'm wondering why this doesn't follow the: > > ... > - if (!capable(CAP_NET_ADMIN)) > + if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) > > pattern like the rest of the changes you provided. Perhaps I'm > neglecting something but it looks wrong to remove the CAP_NET_ADMIN > check entirely. > rtnetlink_rcv_msg has done this job,in commit dfc47ef8639facd77210e74be831943c2fdd9c74 Eric change capable to ns_capable in rtnetlink_rcv_msg and Push capable(CAP_NET_ADMIN) into the rtnl methods.So we only need to do is remove this capable in br_mdb_parse. Thanks! -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Fri, Feb 01, 2013 at 11:59:03AM +0800, Gao feng wrote: > On 2013/02/01 11:46, Matt Helsley wrote: > > On Fri, Feb 01, 2013 at 10:30:59AM +0800, Gao feng wrote: > >> since the mdb table is belong to bridge device,and the > >> bridge device can only be seen in one netns. > >> So it's safe to allow unprivileged user which is the > >> creator of userns and netns to modify the mdb table. > >> > >> Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> > >> --- > >> net/bridge/br_mdb.c | 3 --- > >> 1 file changed, 3 deletions(-) > >> > >> diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c > >> index acc9f4c..38991e0 100644 > >> --- a/net/bridge/br_mdb.c > >> +++ b/net/bridge/br_mdb.c > >> @@ -272,9 +272,6 @@ static int br_mdb_parse(struct sk_buff *skb, struct nlmsghdr *nlh, > >> struct net_device *dev; > >> int err; > >> > >> - if (!capable(CAP_NET_ADMIN)) > >> - return -EPERM; > >> - > > > > I'm wondering why this doesn't follow the: > > > > ... > > - if (!capable(CAP_NET_ADMIN)) > > + if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) > > > > pattern like the rest of the changes you provided. Perhaps I'm > > neglecting something but it looks wrong to remove the CAP_NET_ADMIN > > check entirely. > > > > rtnetlink_rcv_msg has done this job,in commit dfc47ef8639facd77210e74be831943c2fdd9c74 > Eric change capable to ns_capable in rtnetlink_rcv_msg and Push capable(CAP_NET_ADMIN) > into the rtnl methods.So we only need to do is remove this capable in br_mdb_parse. > > Thanks! OK, thanks! Cheers, -Matt -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
From: Gao feng <gaofeng@cn.fujitsu.com> Date: Fri, 1 Feb 2013 10:30:59 +0800 > since the mdb table is belong to bridge device,and the > bridge device can only be seen in one netns. > So it's safe to allow unprivileged user which is the > creator of userns and netns to modify the mdb table. > > Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> Applied. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c index acc9f4c..38991e0 100644 --- a/net/bridge/br_mdb.c +++ b/net/bridge/br_mdb.c @@ -272,9 +272,6 @@ static int br_mdb_parse(struct sk_buff *skb, struct nlmsghdr *nlh, struct net_device *dev; int err; - if (!capable(CAP_NET_ADMIN)) - return -EPERM; - err = nlmsg_parse(nlh, sizeof(*bpm), tb, MDBA_SET_ENTRY, NULL); if (err < 0) return err;
since the mdb table is belong to bridge device,and the bridge device can only be seen in one netns. So it's safe to allow unprivileged user which is the creator of userns and netns to modify the mdb table. Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> --- net/bridge/br_mdb.c | 3 --- 1 file changed, 3 deletions(-)