| Message ID | 20211210204023.2595573-1-joannekoong@fb.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | cec16052d5a774035fc6da19cb9d09106356bbef |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | [net-next,v2] net: Enable max_dgram_qlen unix sysctl to be configurable by non-init user namespaces | expand |
Hello: This patch was applied to netdev/net-next.git (master) by David S. Miller <davem@davemloft.net>: On Fri, 10 Dec 2021 12:40:23 -0800 you wrote: > This patch enables the "/proc/sys/net/unix/max_dgram_qlen" sysctl to be > exposed to non-init user namespaces. max_dgram_qlen is used as the default > "sk_max_ack_backlog" value for when a unix socket is created. > > Currently, when a networking namespace is initialized, its unix sysctls > are exposed only if the user namespace that "owns" it is the init user > namespace. If there is an non-init user namespace that "owns" a networking > namespace (for example, in the case after we call clone() with both > CLONE_NEWUSER and CLONE_NEWNET set), the sysctls are hidden from view > and not configurable. > > [...] Here is the summary with links: - [net-next,v2] net: Enable max_dgram_qlen unix sysctl to be configurable by non-init user namespaces https://git.kernel.org/netdev/net-next/c/cec16052d5a7 You are awesome, thank you!
diff --git a/net/unix/sysctl_net_unix.c b/net/unix/sysctl_net_unix.c index c09bea89151b..01d44e2598e2 100644 --- a/net/unix/sysctl_net_unix.c +++ b/net/unix/sysctl_net_unix.c @@ -30,10 +30,6 @@ int __net_init unix_sysctl_register(struct net *net) if (table == NULL) goto err_alloc; - /* Don't export sysctls to unprivileged users */ - if (net->user_ns != &init_user_ns) - table[0].procname = NULL; - table[0].data = &net->unx.sysctl_max_dgram_qlen; net->unx.ctl = register_net_sysctl(net, "net/unix", table); if (net->unx.ctl == NULL)
This patch enables the "/proc/sys/net/unix/max_dgram_qlen" sysctl to be exposed to non-init user namespaces. max_dgram_qlen is used as the default "sk_max_ack_backlog" value for when a unix socket is created. Currently, when a networking namespace is initialized, its unix sysctls are exposed only if the user namespace that "owns" it is the init user namespace. If there is an non-init user namespace that "owns" a networking namespace (for example, in the case after we call clone() with both CLONE_NEWUSER and CLONE_NEWNET set), the sysctls are hidden from view and not configurable. Exposing the unix sysctl is safe because any changes made to it will be limited in scope to the networking namespace the non-init user namespace "owns" and has privileges over (changes won't affect any other net namespace). There is also no possibility of a non-privileged user namespace messing up the net namespace sysctls it shares with its parent user namespace. When a new user namespace is created without unsharing the network namespace (eg calling clone() with CLONE_NEWUSER), the new user namespace shares its parent's network namespace. Write access is protected by the mode set in the sysctl's ctl_table (and enforced by procfs). Here in the case of "max_dgram_qlen", 0644 is set; only the user owner has write access. v1 -> v2: * Add more detail to commit message, specify the "/proc/sys/net/unix/max_dgram_qlen" sysctl in commit message. Signed-off-by: Joanne Koong <joannekoong@fb.com> --- net/unix/sysctl_net_unix.c | 4 ---- 1 file changed, 4 deletions(-)