Hello Debian kernel team, I have recently gone about ensuring that all 'net' sysctls are properly isolated within kernel network namespaces. In doing so, I fixed three Linux kernel bugs in mainline and backported to all relevant LTS kernels.
The README on this GitHub project should provide all relevant information about the motivation, bugs, and fixes: https://github.com/JonathonReinhart/linux-netns-sysctl-verify I have confirmed the the following Debian kernels exhibit these bugs: Debian 9.13 (stretch): 4.9.0-15-amd64 #1 SMP Debian 4.9.258-1 (2021-03-08) -- "Bug 1" Debian 10.9 (buster): 4.19.0-16-amd64 #1 SMP Debian 4.19.181-1 (2021-03-19) -- "Bug 1" and "Bug 3" Debian 11 (bullseye): 5.10.28 -- I haven't yet tested, but this presumably exhibits "Bug 1", "Bug 2", and "Bug 3" Since these kernels track upstream, I'm assuming they will get rolled into the next release of each. Are these the correct places to track? 4.19 stable updates https://salsa.debian.org/kernel-team/linux/-/merge_requests/343 5.10 stable updates -- I'm assuming this is what will make it into the bullseye release. https://salsa.debian.org/kernel-team/linux/-/merge_requests/364 Should I assume there will be no updates to the 4.9.0 kernel? BTW: I'd just like to acknowledge the request-for-help. I can't promise any time right now, but this is on my radar :-) Thank you, Jonathon Reinhart
