lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 28 Apr 2018 23:25:01 -0500 From: ebiederm@...ssion.com (Eric W. Biederman) To: Christian Brauner <christian.brauner@...ntu.com> Cc: davem@...emloft.net, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, avagin@...tuozzo.com, ktkhai@...tuozzo.com, serge@...lyn.com, gregkh@...uxfoundation.org Subject: Re: [PATCH net-next 0/2 v4] netns: uevent filtering Christian Brauner <christian.brauner@...ntu.com> writes: > Hey everyone, > > This is the new approach to uevent filtering as discussed (see the > threads in [1], [2], and [3]). It only contains *non-functional > changes*. > > This series deals with with fixing up uevent filtering logic: > - uevent filtering logic is simplified > - locking time on uevent_sock_list is minimized > - tagged and untagged kobjects are handled in separate codepaths > - permissions for userspace are fixed for network device uevents in > network namespaces owned by non-initial user namespaces > Udev is now able to see those events correctly which it wasn't before. > For example, moving a physical device into a network namespace not > owned by the initial user namespaces before gave: > > root@...1:~# udevadm --debug monitor -k > calling: monitor > monitor will print the received events for: > KERNEL - the kernel uevent > > sender uid=65534, message ignored > sender uid=65534, message ignored > sender uid=65534, message ignored > sender uid=65534, message ignored > sender uid=65534, message ignored > > and now after the discussion and solution in [3] correctly gives: > > root@...1:~# udevadm --debug monitor -k > calling: monitor > monitor will print the received events for: > KERNEL - the kernel uevent > > KERNEL[625.301042] add /devices/pci0000:00/0000:00:02.0/0000:01:00.1/net/enp1s0f1 (net) > KERNEL[625.301109] move /devices/pci0000:00/0000:00:02.0/0000:01:00.1/net/enp1s0f1 (net) > KERNEL[625.301138] move /devices/pci0000:00/0000:00:02.0/0000:01:00.1/net/eth1 (net) > KERNEL[655.333272] remove /devices/pci0000:00/0000:00:02.0/0000:01:00.1/net/eth1 (net) > > Thanks! > Christian > > [1]: https://lkml.org/lkml/2018/4/4/739 > [2]: https://lkml.org/lkml/2018/4/26/767 > [3]: https://lkml.org/lkml/2018/4/26/738 Again ovearall ack. One last nit that might be worth addressing. Acked-by: "Eric W. Biederman" <ebiederm@...ssion.com> Eric
Powered by blists - more mailing lists