From mboxrd@z Thu Jan 1 00:00:00 1970 From: ebiederm@xmission.com (Eric W. Biederman) Subject: Re: [PATCH net-next 0/2 v5] netns: uevent filtering Date: Mon, 30 Apr 2018 10:55:55 -0500 Message-ID: <87fu3cbsdw.fsf@xmission.com> References: <20180429104412.22445-1-christian.brauner@ubuntu.com> Mime-Version: 1.0 Content-Type: text/plain Cc: davem@davemloft.net, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, avagin@virtuozzo.com, ktkhai@virtuozzo.com, serge@hallyn.com, gregkh@linuxfoundation.org To: Christian Brauner Return-path: In-Reply-To: <20180429104412.22445-1-christian.brauner@ubuntu.com> (Christian Brauner's message of "Sun, 29 Apr 2018 12:44:10 +0200") Sender: linux-kernel-owner@vger.kernel.org List-Id: netdev.vger.kernel.org Christian Brauner writes: > Hey everyone, > > This is the new approach to uevent filtering as discussed (see the > threads in [1], [2], and [3]). It only contains *non-functional > changes*. > > This series deals with with fixing up uevent filtering logic: > - uevent filtering logic is simplified > - locking time on uevent_sock_list is minimized > - tagged and untagged kobjects are handled in separate codepaths > - permissions for userspace are fixed for network device uevents in > network namespaces owned by non-initial user namespaces > Udev is now able to see those events correctly which it wasn't before. > For example, moving a physical device into a network namespace not > owned by the initial user namespaces before gave: > > root@xen1:~# udevadm --debug monitor -k > calling: monitor > monitor will print the received events for: > KERNEL - the kernel uevent > > sender uid=65534, message ignored > sender uid=65534, message ignored > sender uid=65534, message ignored > sender uid=65534, message ignored > sender uid=65534, message ignored > > and now after the discussion and solution in [3] correctly gives: > > root@xen1:~# udevadm --debug monitor -k > calling: monitor > monitor will print the received events for: > KERNEL - the kernel uevent > > KERNEL[625.301042] add /devices/pci0000:00/0000:00:02.0/0000:01:00.1/net/enp1s0f1 (net) > KERNEL[625.301109] move /devices/pci0000:00/0000:00:02.0/0000:01:00.1/net/enp1s0f1 (net) > KERNEL[625.301138] move /devices/pci0000:00/0000:00:02.0/0000:01:00.1/net/eth1 (net) > KERNEL[655.333272] remove /devices/pci0000:00/0000:00:02.0/0000:01:00.1/net/eth1 (net) > > Thanks! > Christian > > [1]: https://lkml.org/lkml/2018/4/4/739 > [2]: https://lkml.org/lkml/2018/4/26/767 > [3]: https://lkml.org/lkml/2018/4/26/738 Acked-by: "Eric W. Biederman" > > Christian Brauner (2): > uevent: add alloc_uevent_skb() helper > netns: restrict uevents > > lib/kobject_uevent.c | 178 ++++++++++++++++++++++++++++++------------- > 1 file changed, 126 insertions(+), 52 deletions(-) Eric