On Fri, Feb 5, 2016 at 5:20 PM, Tycho Andersen <tycho.ander...@canonical.com> wrote: > Operations with the GENL_ADMIN_PERM flag fail permissions checks because > this flag means we call netlink_capable, which uses the init user ns. > > Instead, let's introduce a new flag, GENL_UNS_ADMIN_PERM for operations > which should be allowed inside a user namespace. > > The motivation for this is to be able to run openvswitch in unprivileged > containers. I've tested this and it seems to work, but I really have no > idea about the security consequences of this patch, so thoughts would be > much appreciated. > > v2: use the GENL_UNS_ADMIN_PERM flag instead of a check in each function > v3: use separate ifs for UNS_ADMIN_PERM and ADMIN_PERM, instead of one > massive one > > Reported-by: James Page <james.p...@canonical.com> > Signed-off-by: Tycho Andersen <tycho.ander...@canonical.com> > CC: Eric Biederman <ebied...@xmission.com> > CC: Pravin Shelar <pshe...@ovn.org> > CC: Justin Pettit <jpet...@nicira.com> > CC: "David S. Miller" <da...@davemloft.net> > --- > include/uapi/linux/genetlink.h | 1 + > net/netlink/genetlink.c | 4 ++++ > net/openvswitch/datapath.c | 20 ++++++++++---------- > 3 files changed, 15 insertions(+), 10 deletions(-) > Looks good.
Acked-by: Pravin B Shelar <pshe...@ovn.org>
