Re: [PATCH] netlink: Add netns check on taps

From: Kevin Cernekee
Date: Tue Dec 05 2017 - 22:15:33 EST

Next message: Jason Wang: "Re: [PATCH] ptr_ring: add barriers"
Previous message: Dave Chinner: "Re: [PATCH v4 72/73] xfs: Convert mru cache to XArray"
In reply to: David Ahern: "Re: [PATCH] netlink: Add netns check on taps"
Next in thread: David Miller: "Re: [PATCH] netlink: Add netns check on taps"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Dec 5, 2017 at 6:19 PM, David Ahern <dsahern@xxxxxxxxx> wrote:
>> + if (!net_eq(dev_net(dev), sock_net(sk)) &&
>> + !net_eq(dev_net(dev), &init_net)) {
>
> Why is init_net special? Seems like snooping should be limited to the
> namespace you are in.

Depends how important it is to preserve the current "typical use case"
behavior, where the root user in the init netns can see all netlink
traffic on the system.

Next message: Jason Wang: "Re: [PATCH] ptr_ring: add barriers"
Previous message: Dave Chinner: "Re: [PATCH v4 72/73] xfs: Convert mru cache to XArray"
In reply to: David Ahern: "Re: [PATCH] netlink: Add netns check on taps"
Next in thread: David Miller: "Re: [PATCH] netlink: Add netns check on taps"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]