LKML Archive on
 help / color / Atom feed
From: Tyler Hicks <>
To: Greg Kroah-Hartman <>,
	Tejun Heo <>,
	"David S. Miller" <>,
	Stephen Hemminger <>
Cc: Dmitry Torokhov <>,
	"Eric W. Biederman" <>,,,,
	Linux Containers <>
Subject: [PATCH v2 net-next 0/7] Make /sys/class/net per net namespace objects belong to container
Date: Fri, 13 Jul 2018 16:05:42 +0000
Message-ID: <> (raw)

This is a revival of an older patch set from Dmitry Torokhov:

Here's Dmitry's description:

 There are objects in /sys hierarchy (/sys/class/net/) that logically
 belong to a namespace/container. Unfortunately all sysfs objects start
 their life belonging to global root, and while we could change
 ownership manually, keeping tracks of all objects that come and go is
 cumbersome. It would be better if kernel created them using correct
 uid/gid from the beginning. 

 This series changes kernfs to allow creating object's with arbitrary
 uid/gid, adds get_ownership() callback to ktype structure so subsystems
 could supply their own logic (likely tied to namespace support) for
 determining ownership of kobjects, and adjusts sysfs code to make use
 of this information. Lastly net-sysfs is adjusted to make sure that
 objects in net namespace are owned by the root user from the owning
 user namespace.

 Note that we do not adjust ownership of objects moved into a new
 namespace (as when moving a network device into a container) as
 userspace can easily do it.

I'm reviving this patch set because we would like this feature for
system containers. One specific use case that we have is that libvirt is
unable to configure its bridge device inside of a system container due
to the bridge files in /sys/class/net/ being owned by init root instead
of container root. The last two patches in this set are patches that
I've added to Dmitry's original set to allow such configuration of the
bridge device.

Eric had previously provided feedback that he didn't favor these changes
affecting all layers of the stack and that most of the changes could
remain local to drivers/base/core.c. That feedback is certainly sensible
but I wanted to send out v2 of the patch set without making that large
of a change since quite a bit of time has passed and the bridge changes
in the last patch of this set shows that not all of the changes will be
local to drivers/base/core.c. I'm happy to make the changes if the
original request still stands.

I've verified that all of the bridge related files affected by patch 7
have proper access control checks for CAP_NET_ADMIN inside of the
user namespace. I have *not* yet verified that all of the network
device related sysfs files affected by patch 5 have proper access
control checks. I was working under the assumption that those code paths
already were verified when the first iteration of the patches were sent

* Changes since v1:
  - Patch 1 was forward ported to use idr instead of ida for the inode
  - Patch 5 was forward ported around the ro_after_init changes
  - Patch 5 received a build failure fix for !CONFIG_SYSFS
  - Patch 6 and 7 are new



             reply index

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-07-13 16:05 Tyler Hicks [this message]
2018-07-13 16:05 ` [PATCH net-next v2 1/7] kernfs: allow creating kernfs objects with arbitrary uid/gid Tyler Hicks
2018-07-17  1:04   ` kbuild test robot
2018-07-13 16:05 ` [PATCH net-next v2 2/7] sysfs, kobject: allow creating kobject belonging to arbitrary users Tyler Hicks
2018-07-13 16:05 ` [PATCH net-next v2 3/7] kobject: kset_create_and_add() - fetch ownership info from parent Tyler Hicks
2018-07-13 16:05 ` [PATCH net-next v2 4/7] driver core: set up ownership of class devices in sysfs Tyler Hicks
2018-07-13 16:05 ` [PATCH net-next v2 5/7] net-sysfs: make sure objects belong to contrainer's owner Tyler Hicks
2018-07-13 16:05 ` [PATCH net-next v2 6/7] net: Create reusable function for getting ownership info of sysfs inodes Tyler Hicks
2018-07-19 14:36   ` Christian Brauner
2018-07-20 21:58     ` Tyler Hicks
2018-07-13 16:05 ` [PATCH net-next v2 7/7] bridge: make sure objects belong to container's owner Tyler Hicks
2018-07-16 20:58 ` [PATCH v2 net-next 0/7] Make /sys/class/net per net namespace objects belong to container David Miller
2018-07-18  4:17 ` David Miller
2018-07-18  4:41   ` David Miller
2018-07-19  1:07     ` Tyler Hicks

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \ \ \ \ \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

LKML Archive on

Archives are clonable:
	git clone --mirror lkml/git/0.git
	git clone --mirror lkml/git/1.git
	git clone --mirror lkml/git/2.git
	git clone --mirror lkml/git/3.git
	git clone --mirror lkml/git/4.git
	git clone --mirror lkml/git/5.git
	git clone --mirror lkml/git/6.git
	git clone --mirror lkml/git/7.git
	git clone --mirror lkml/git/8.git
	git clone --mirror lkml/git/9.git
	git clone --mirror lkml/git/10.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 lkml lkml/ \
	public-inbox-index lkml

Example config snippet for mirrors

Newsgroup available over NNTP:

AGPL code for this site: git clone