07 Oct, 2013
1 commit
-
Modify the code to use current_euid(), and in_egroup_p, as in done
in fs/proc/proc_sysctl.c:test_perm()Cc: stable@vger.kernel.org
Reviewed-by: Eric Sandeen
Reported-by: Eric Sandeen
Signed-off-by: "Eric W. Biederman"
Signed-off-by: Linus Torvalds
19 Nov, 2012
3 commits
-
Get rid of duplicate code in net_ctl_permissions and fix the comment.
Signed-off-by: Zhao Hongjiang
Signed-off-by: Eric W. Biederman
Signed-off-by: David S. Miller -
- Allow anyone with CAP_NET_ADMIN rights in the user namespace of the
the netowrk namespace to change sysctls.
- Allow anyone the uid of the user namespace root the same
permissions over the network namespace sysctls as the global root.
- Allow anyone with gid of the user namespace root group the same
permissions over the network namespace sysctl as the global root group.Signed-off-by: "Eric W. Biederman"
Signed-off-by: David S. Miller -
- Current is implicitly avaiable so passing current->nsproxy isn't useful.
- The ctl_table_header is needed to find how the sysctl table is connected
to the rest of sysctl.
- ctl_table_root is avaiable in the ctl_table_header so no need to it.With these changes it becomes possible to write a version of
net_sysctl_permission that takes into account the network namespace of
the sysctl table, an important feature in extending the user namespace.Acked-by: Serge Hallyn
Signed-off-by: "Eric W. Biederman"
Signed-off-by: David S. Miller
16 May, 2012
1 commit
-
We are going to delete the Token ring support. This removes any
special processing in the core networking for token ring, (aside
from net/tr.c itself), leaving the drivers and remaining tokenring
support present but inert.The mass removal of the drivers and net/tr.c will be in a separate
commit, so that the history of these files that we still care
about won't have the giant deletion tied into their history.Signed-off-by: Paul Gortmaker
21 Apr, 2012
5 commits
-
All of the users have been converted to use registera_net_sysctl so we
no longer need register_net_sysctl.Signed-off-by: Eric W. Biederman
Acked-by: Pavel Emelyanov
Signed-off-by: David S. Miller -
register_sysctl_rotable never caught on as an interesting way to
register sysctls. My take on the situation is that what we want are
sysctls that we can only see in the initial network namespace. What we
have implemented with register_sysctl_rotable are sysctls that we can
see in all of the network namespaces and can only change in the initial
network namespace.That is a very silly way to go. Just register the network sysctls
in the initial network namespace and we don't have any weird special
cases to deal with.The sysctls affected are:
/proc/sys/net/ipv4/ipfrag_secret_interval
/proc/sys/net/ipv4/ipfrag_max_dist
/proc/sys/net/ipv6/ip6frag_secret_interval
/proc/sys/net/ipv6/mld_max_msfI really don't expect anyone will miss them if they can't read them in a
child user namespace.CC: Pavel Emelyanov
Signed-off-by: Eric W. Biederman
Acked-by: Pavel Emelyanov
Signed-off-by: David S. Miller -
If the netfilter code is modified to use register_net_sysctl_table the
kernel fails to boot because the per net sysctl infrasturce is not setup
soon enough. So to avoid races call net_sysctl_init from sock_init().Signed-off-by: Eric W. Biederman
Acked-by: Pavel Emelyanov
Signed-off-by: David S. Miller -
Implementation limitations of the sysctl core won't let /proc/sys/net
reside in a network namespace. /proc/sys/net at least must be registered
as a normal sysctl. So register /proc/sys/net early as an empty directory
to guarantee we don't violate this constraint and hit bugs in the sysctl
implementation.Signed-off-by: Eric W. Biederman
Acked-by: Pavel Emelyanov
Signed-off-by: David S. Miller -
Right now all of the networking sysctl registrations are running in a
compatibiity mode. The natvie sysctl registration api takes a cstring
for a path and a simple ctl_table. Implement register_net_sysctl so
that we can register network sysctls without needing to use
compatiblity code in the sysctl core.Switching from a ctl_path to a cstring results in less boiler plate
and denser code that is a little easier to read.I would simply have changed the arguments to register_net_sysctl_table
instead of keeping two functions in parallel but gcc will allow a
ctl_path pointer to be passed to a char * pointer with only issuing a
warning resulting in completely incorrect code can be built. Since I
have to change the function name I am taking advantage of the situation
to let both register_net_sysctl and register_net_sysctl_table live for a
short time in parallel which makes clean conversion patches a bit easier
to read and write.Signed-off-by: Eric W. Biederman
Acked-by: Pavel Emelyanov
Signed-off-by: David S. Miller
25 Jan, 2012
5 commits
-
An nsproxy argument here has always been awkard and now the nsproxy argument
is completely unnecessary so remove it, replacing it with the set we want
the registered tables to show up in.Signed-off-by: Eric W. Biederman
-
Add a ctl_table_root pointer to ctl_table set so it is easy to
go from a ctl_table_set to a ctl_table_root.Signed-off-by: Eric W. Biederman
-
In sysctl_net register the two networking roots in the proper order.
In register_sysctl walk the sysctl sets in the reverse order of the
sysctl roots.Remove parent from ctl_table_set and setup_sysctl_set as it is no
longer needed.Signed-off-by: Eric W. Biederman
-
This adds a small helper retire_sysctl_set to remove the intimate knowledge about
the how a sysctl_set is implemented from net/sysct_net.cSigned-off-by: Eric W. Biederman
-
Simplify the code by treating the base sysctl table like any other
sysctl table and register it with register_sysctl_table.To ensure this table is registered early enough to avoid problems
call sysctl_init from proc_sys_init.Rename sysctl_net.c:sysctl_init() to net_sysctl_init() to avoid
name conflicts now that kernel/sysctl.c:sysctl_init() is no longer
static.Signed-off-by: Eric W. Biederman
01 Nov, 2011
1 commit
-
These files are non modular, but need to export symbols using
the macros now living in export.h -- call out the include so
that things won't break when we remove the implicit presence
of module.h from everywhere.Signed-off-by: Paul Gortmaker
18 May, 2010
1 commit
-
This patch removes from net/ (but not any netfilter files)
all the unnecessary return; statements that precede the
last closing brace of void functions.It does not remove the returns that are immediately
preceded by a label as gcc doesn't like that.Done via:
$ grep -rP --include=*.[ch] -l "return;\n}" net/ | \
xargs perl -i -e 'local $/ ; while (<>) { s/\n[ \t\n]+return;\n}/\n}/g; print; }'Signed-off-by: Joe Perches
Signed-off-by: David S. Miller
18 Jan, 2010
1 commit
-
__net_init/__net_exit are apparently not going away, so use them
to full extent.In some cases __net_init was removed, because it was called from
__net_exit code.Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller
16 Mar, 2009
1 commit
-
Signed-off-by: Cyrill Gorcunov
Acked-by: Daniel Lezcano
Signed-off-by: Patrick McHardy
28 Jul, 2008
1 commit
-
Piss-poor sysctl registration API strikes again, film at 11...
What we really need is _pathname_ required to be present in already
registered table, so that kernel could warn about bad order. That's the
next target for sysctl stuff (and generally saner and more explicit
order of initialization of ipv[46] internals wouldn't hurt either).For the time being, here are full fixups required by ..._rotable()
stuff; we make per-net sysctl sets descendents of "ro" one and make sure
that sufficient skeleton is there before we start registering per-net
sysctls.Signed-off-by: Al Viro
Signed-off-by: Linus Torvalds
27 Jul, 2008
1 commit
-
New object: set of sysctls [currently - root and per-net-ns].
Contains: pointer to parent set, list of tables and "should I see this set?"
method (->is_seen(set)).
Current lists of tables are subsumed by that; net-ns contains such a beast.
->lookup() for ctl_table_root returns pointer to ctl_table_set instead of
that to ->list of that ctl_table_set.[folded compile fixes by rdd for configs without sysctl]
Signed-off-by: Al Viro
26 Jul, 2008
1 commit
-
Extend the permission check for networking sysctl's to allow modification
when current process has CAP_NET_ADMIN capability and is not root. This
version uses the until now unused permissions hook to override the mode
value for /proc/sys/net if accessed by a user with capabilities.Found while working with Quagga. It is impossible to turn forwarding
on/off through the command interface because Quagga uses secure coding
practice of dropping privledges during initialization and only raising via
capabilities when necessary. Since the dameon has reset real/effective
uid after initialization, all attempts to access /proc/sys/net variables
will fail.Signed-off-by: Stephen Hemminger
Acked-by: "Eric W. Biederman"
Cc: Chris Wright
Cc: Alexey Dobriyan
Cc: Andrew Morgan
Cc: Pavel Emelyanov
Cc: "David S. Miller"
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
12 Jun, 2008
1 commit
-
This patch removes CVS keywords that weren't updated for a long time
from comments.Signed-off-by: Adrian Bunk
Signed-off-by: David S. Miller
20 May, 2008
1 commit
-
This one stores all ctl-heads in one list and restricts the
permissions not give write access to non-init net namespaces.Signed-off-by: Pavel Emelyanov
Signed-off-by: David S. Miller
01 May, 2008
1 commit
-
drivers/net/8390.c:37:2: warning: returning void-valued expression
drivers/net/bnx2.c:1635:3: warning: returning void-valued expression
drivers/net/xen-netfront.c:1806:2: warning: returning void-valued expression
net/ipv4/tcp_hybla.c:105:3: warning: returning void-valued expression
net/ipv4/tcp_vegas.c:171:3: warning: returning void-valued expression
net/ipv4/tcp_veno.c:123:3: warning: returning void-valued expression
net/sysctl_net.c:85:2: warning: returning void-valued expressionSigned-off-by: Harvey Harrison
Acked-by: Alan Cox
Signed-off-by: David S. Miller
29 Jan, 2008
5 commits
-
I have removed all the entries from this table (core_table,
ipv4_table and tr_table), so now we can safely drop it.Signed-off-by: Pavel Emelyanov
Signed-off-by: David S. Miller -
The same thing for token-ring - use ctl paths and get
rid of external references on the tr_table.Unfortunately, I couldn't split this patch into cleanup and
use-the-paths parts.As a lame excuse I can say, that the cleanup is just moving
the tr_table from one file to another - closet to a single
variable, that this ctl table tunes. Since the source file
becomes empty after the move, I remove it.Signed-off-by: Pavel Emelyanov
Signed-off-by: David S. Miller -
This is the same as I did for the net/core/ table in the
second patch in his series: use the paths and isolate the
whole table in the .c file.Signed-off-by: Pavel Emelyanov
Signed-off-by: David S. Miller -
Using ctl paths we can put all the stuff, related to net/core/
sysctl table, into one file and remove all the references on it.As a good side effect this hides the "core_table" name from
the global scope :)Signed-off-by: Pavel Emelyanov
Signed-off-by: David S. Miller -
The user interface is: register_net_sysctl_table and
unregister_net_sysctl_table. Very much like the current
interface except there is a network namespace parameter.With this any sysctl registered with register_net_sysctl_table
will only show up to tasks in the same network namespace.All other sysctls continue to be globally visible.
Signed-off-by: Eric W. Biederman
Cc: Serge Hallyn
Cc: Daniel Lezcano
Cc: Cedric Le Goater
Cc: Pavel Emelyanov
Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
01 Jul, 2006
1 commit
-
Signed-off-by: Jörn Engel
Signed-off-by: Adrian Bunk
06 Jun, 2006
1 commit
-
The /proc/sys/net/ethernet directory has been sitting empty for more than
10 years! Time to eliminate it!Signed-off-by: Jes Sorensen
Signed-off-by: Andrew Morton
Signed-off-by: David S. Miller
04 Oct, 2005
1 commit
-
During the build for ARM machine type "fortunet", this error occurred:
CC net/sysctl_net.o
net/sysctl_net.c:36: error: 'core_table' undeclared here (not in a function)It appears that the following configuration settings cause this error
due to a missing include:
CONFIG_SYSCTL=y
CONFIG_NET=y
# CONFIG_INET is not setcore_table appears to be declared in net/sock.h. if CONFIG_INET were
defined, net/sock.h would have been included via:
sysctl_net.c -> net/ip.h -> linux/ip.h -> net/sock.hso include it directly.
Signed-off-by: Russell King
Signed-off-by: David S. Miller
30 Aug, 2005
1 commit
-
Of this type, mostly:
CHECK net/ipv6/netfilter.c
net/ipv6/netfilter.c:96:12: warning: symbol 'ipv6_netfilter_init' was not declared. Should it be static?
net/ipv6/netfilter.c:101:6: warning: symbol 'ipv6_netfilter_fini' was not declared. Should it be static?Signed-off-by: Arnaldo Carvalho de Melo
Signed-off-by: David S. Miller
17 Apr, 2005
1 commit
-
Initial git repository build. I'm not bothering with the full history,
even though we have it. We can create a separate "historical" git
archive of that later if we want to, and in the meantime it's about
3.2GB when imported into git - space that would just make the early
git days unnecessarily complicated, when we don't have a lot of good
infrastructure for it.Let it rip!
