From: Dmitry Torokhov <dmitry.torok...@gmail.com> Date: Wed, 10 Aug 2016 14:35:59 -0700
> Currently [almost] all /proc objects belong to the global root, even if > data belongs to a given namespace within a container and (at least for > sysctls) we work around permssions checks to allow container's root to > access the data. > > This series changes ownership of net namespace /proc objects > (/proc/net/self/* and /proc/sys/net/*) to be container's root and not > global root when there exists mapping for container's root in user > namespace. > > This helps when running Android CTS in a container, but I think it makes > sense regardless. > > Changes from V1: > > - added fix for crash when !CONFIG_NET_NS (new patch #1) > - addressed Eric'c comments for error handling style in patch #3 and > added his Ack > - adjusted patch #2 to use the same style of erro handling > - sent out as series instead of separate patches Series applied to net-next, thanks.
