AcoSail/kernel_optimize_test
8
0
Fork 0
forked from luck/tmp_suning_uos_patched
Code Pull Requests Activity
d9b2203e5a
kernel_optimize_test/net/batman-adv
History
Linus Lüssing ebe9c978d9 batman-adv: allow netlink usage in unprivileged containers 
[ Upstream commit 9057d6c23e7388ee9d037fccc9a7bc8557ce277b ]

Currently, creating a batman-adv interface in an unprivileged LXD
container and attaching secondary interfaces to it with "ip" or "batctl"
works fine. However all batctl debug and configuration commands
fail:

  root@container:~# batctl originators
  Error received: Operation not permitted
  root@container:~# batctl orig_interval
  1000
  root@container:~# batctl orig_interval 2000
  root@container:~# batctl orig_interval
  1000

To fix this change the generic netlink permissions from GENL_ADMIN_PERM
to GENL_UNS_ADMIN_PERM. This way a batman-adv interface is fully
maintainable as root from within a user namespace, from an unprivileged
container.

All except one batman-adv netlink setting are per interface and do not
leak information or change settings from the host system and are
therefore save to retrieve or modify as root from within an unprivileged
container.

"batctl routing_algo" / BATADV_CMD_GET_ROUTING_ALGOS is the only
exception: It provides the batman-adv kernel module wide default routing
algorithm. However it is read-only from netlink and an unprivileged
container is still not allowed to modify
/sys/module/batman_adv/parameters/routing_algo. Instead it is advised to
use the newly introduced "batctl if create routing_algo RA_NAME" /
IFLA_BATADV_ALGO_NAME to set the routing algorithm on interface
creation, which already works fine in an unprivileged container.

Cc: Tycho Andersen <tycho@tycho.pizza>
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-01-27 10:54:11 +01:00
..
bat_algo.c batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
bat_algo.h batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
bat_iv_ogm.c batman-adv: Avoid WARN_ON timing related checks 2021-06-23 14:42:41 +02:00
bat_iv_ogm.h batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
bat_v_elp.c batman-adv: Migrate to linux/prandom.h 2020-08-18 19:39:54 +02:00
bat_v_elp.h batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
bat_v_ogm.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-09-04 21:28:59 -07:00
bat_v_ogm.h batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
bat_v.c batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
bat_v.h batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
bitarray.c batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
bitarray.h batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
bridge_loop_avoidance.c net: batman-adv: fix error handling 2021-11-02 19:48:22 +01:00
bridge_loop_avoidance.h batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh 2020-09-15 10:05:24 +02:00
debugfs.c batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
debugfs.h batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
distributed-arp-table.c batman-adv: Fix typos and grammar in documentation 2020-06-26 10:36:30 +02:00
distributed-arp-table.h batman-adv: remove unused inline function batadv_arp_change_timeout 2020-04-24 15:22:41 +02:00
fragmentation.c batman-adv: Don't always reallocate the fragmentation skb head 2020-11-27 08:02:55 +01:00
fragmentation.h batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
gateway_client.c batman-adv: Avoid uninitialized chaddr when handling DHCP 2020-08-18 19:40:03 +02:00
gateway_client.h batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
gateway_common.c batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
gateway_common.h batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
hard-interface.c batman-adv: Consider fragmentation for needed_headroom 2020-11-27 08:02:55 +01:00
hard-interface.h batman-adv: Drop unused function batadv_hardif_remove_interfaces() 2020-08-18 19:39:53 +02:00
hash.c batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
hash.h batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
icmp_socket.c batadv_socket_read(): get rid of pointless access_ok() 2020-05-20 20:31:33 -04:00
icmp_socket.h batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
Kconfig batman-adv: Disable CONFIG_BATMAN_ADV_SYSFS by default 2020-01-01 00:57:07 +01:00
log.c batman-adv: set .owner to THIS_MODULE 2020-11-15 11:43:56 +01:00
log.h batman-adv: Fix typos and grammar in documentation 2020-06-26 10:36:30 +02:00
main.c net: batman-adv: fix error handling 2021-11-02 19:48:22 +01:00
main.h batman-adv: Start new development cycle 2020-08-18 19:39:53 +02:00
Makefile batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
multicast.c batman-adv: mcast: don't send link-local multicast to mcast routers 2022-01-11 15:25:00 +01:00
multicast.h batman-adv: mcast: don't send link-local multicast to mcast routers 2022-01-11 15:25:00 +01:00
netlink.c batman-adv: allow netlink usage in unprivileged containers 2022-01-27 10:54:11 +01:00
netlink.h batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
network-coding.c net: batman-adv: fix error handling 2021-11-02 19:48:22 +01:00
network-coding.h batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
originator.c batman-adv: Fix typos and grammar in documentation 2020-06-26 10:36:30 +02:00
originator.h batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
routing.c batman-adv: mcast/TT: fix wrongly dropped or rerouted packets 2020-09-05 08:45:46 +02:00
routing.h batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
send.c batman-adv: Drop repeated words in comments 2020-08-18 19:39:54 +02:00
send.h batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
soft-interface.c batman-adv: mcast: don't send link-local multicast to mcast routers 2022-01-11 15:25:00 +01:00
soft-interface.h batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
sysfs.c batman-adv: Fix refcnt leak in batadv_store_throughput_override 2020-04-21 10:08:05 +02:00
sysfs.h batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
tp_meter.c batman-adv: Fix typos and grammar in documentation 2020-06-26 10:36:30 +02:00
tp_meter.h batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
trace.c batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
trace.h batman-adv: trace: Drop unneeded types.h include 2020-04-21 10:07:31 +02:00
translation-table.c net: batman-adv: fix error handling 2021-11-02 19:48:22 +01:00
translation-table.h batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
tvlv.c batman-adv: Fix typos and grammar in documentation 2020-06-26 10:36:30 +02:00
tvlv.h batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
types.h batman-adv: types.h: delete duplicated words 2020-08-18 19:39:53 +02:00