Commit 2342fd7e146f05edeb13feb03490c13a1bdab2e0
Committed by
David S. Miller
David S. Miller
1 parent
f145049a06
Exists in
master
and in
4 other branches
[NETNS]: Allow to create sockets in non-initial namespace.
Allow to create sockets in the namespace if the protocol ok with this. Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Showing 1 changed file with 21 additions and 3 deletions Side-by-side Diff
net/ipv4/af_inet.c
| ... | ... | @@ -243,6 +243,23 @@ |
| 243 | 243 | } |
| 244 | 244 | EXPORT_SYMBOL(build_ehash_secret); |
| 245 | 245 | |
| 246 | +static inline int inet_netns_ok(struct net *net, int protocol) | |
| 247 | +{ | |
| 248 | + int hash; | |
| 249 | + struct net_protocol *ipprot; | |
| 250 | + | |
| 251 | + if (net == &init_net) | |
| 252 | + return 1; | |
| 253 | + | |
| 254 | + hash = protocol & (MAX_INET_PROTOS - 1); | |
| 255 | + ipprot = rcu_dereference(inet_protos[hash]); | |
| 256 | + | |
| 257 | + if (ipprot == NULL) | |
| 258 | + /* raw IP is OK */ | |
| 259 | + return 1; | |
| 260 | + return ipprot->netns_ok; | |
| 261 | +} | |
| 262 | + | |
| 246 | 263 | /* |
| 247 | 264 | * Create an inet socket. |
| 248 | 265 | */ |
| ... | ... | @@ -259,9 +276,6 @@ |
| 259 | 276 | int try_loading_module = 0; |
| 260 | 277 | int err; |
| 261 | 278 | |
| 262 | - if (net != &init_net) | |
| 263 | - return -EAFNOSUPPORT; | |
| 264 | - | |
| 265 | 279 | if (sock->type != SOCK_RAW && |
| 266 | 280 | sock->type != SOCK_DGRAM && |
| 267 | 281 | !inet_ehash_secret) |
| ... | ... | @@ -318,6 +332,10 @@ |
| 318 | 332 | |
| 319 | 333 | err = -EPERM; |
| 320 | 334 | if (answer->capability > 0 && !capable(answer->capability)) |
| 335 | + goto out_rcu_unlock; | |
| 336 | + | |
| 337 | + err = -EAFNOSUPPORT; | |
| 338 | + if (!inet_netns_ok(net, protocol)) | |
| 321 | 339 | goto out_rcu_unlock; |
| 322 | 340 | |
| 323 | 341 | sock->ops = answer->ops; |