> +BPF_CALL_1(bpf_get_socket_uid, struct sk_buff *, skb)
> +{
> + struct sock *sk = sk_to_full_sk(skb->sk);
> + kuid_t kuid;
> +
> + if (!sk || !sk_fullsock(sk))
> + return overflowuid;
> + kuid = sock_net_uid(sock_net(sk), sk);
> + return from_kuid_munged(&init_user_ns, kuid);
Ideally, this would be the user namespace relative to the BPF program.
With no such association stored, using init_user_ns is fine. But if we
define it as such now, we cannot change it to resolve userns later.
We could associate a BPF program with the userns of the process that
loads the program. And expose bpf_prog state to external functions,
for instance through a perpcu local variable.
Also, unconditionally using init_user_ns will allow a process
sandboxed in a user namespace to learn its uid in the initns. If the
initns is not its parentns, this may be a new capability.
