mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-02 15:18:19 +00:00
Code Issues Releases Wiki Activity
linux-stable/net
History
Krister Johansen 4548b683b7 Introduce a sysctl that modifies the value of PROT_SOCK. 
Add net.ipv4.ip_unprivileged_port_start, which is a per namespace sysctl
that denotes the first unprivileged inet port in the namespace.  To
disable all privileged ports set this to zero.  It also checks for
overlap with the local port range.  The privileged and local range may
not overlap.

The use case for this change is to allow containerized processes to bind
to priviliged ports, but prevent them from ever being allowed to modify
their container's network configuration.  The latter is accomplished by
ensuring that the network namespace is not a child of the user
namespace.  This modification was needed to allow the container manager
to disable a namespace's priviliged port restrictions without exposing
control of the network namespace to processes in the user namespace.

Signed-off-by: Krister Johansen <kjlx@templeofstupid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-01-24 12:10:51 -05:00
..
6lowpan 6lowpan: use rb_entry() 2017-01-22 16:46:13 -05:00
9p
802 Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
8021q net: make ndo_get_stats64 a void function 2017-01-08 17:51:44 -05:00
appletalk
atm net: atm: Fix warnings in net/atm/lec.c when !CONFIG_PROC_FS 2016-12-28 15:11:32 -05:00
ax25 ax25: Fix segfault after sock connection timeout 2017-01-16 14:39:58 -05:00
batman-adv net: Remove usage of net_device last_rx member 2017-01-18 17:22:49 -05:00
bluetooth Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2016-12-16 10:24:44 -08:00
bridge bridge: sparse fixes in br_ip6_multicast_alloc_query() 2017-01-17 15:22:05 -05:00
caif net: caif: Remove unused stats member from struct chnl_net 2017-01-19 11:45:21 -05:00
can ktime: Cleanup ktime_set() usage 2016-12-25 17:21:22 +01:00
ceph libceph: remove now unused finish_request() wrapper 2016-12-14 22:39:08 +01:00
core net: remove duplicate code. 2017-01-20 12:22:25 -05:00
dcb net: dcb: set error code on failures 2016-12-03 23:54:25 -05:00
dccp inet: drop ->bind_conflict 2017-01-18 13:04:28 -05:00
decnet Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
dns_resolver
dsa net: dsa: Remove hwmon support 2017-01-20 14:42:51 -05:00
ethernet
hsr
ieee802154 Makefile: drop -D__CHECK_ENDIAN__ from cflags 2016-12-16 00:13:43 +02:00
ipv4 Introduce a sysctl that modifies the value of PROT_SOCK. 2017-01-24 12:10:51 -05:00
ipv6 Introduce a sysctl that modifies the value of PROT_SOCK. 2017-01-24 12:10:51 -05:00
ipx ktime: Get rid of the union 2016-12-25 17:21:22 +01:00
irda Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
iucv net/af_iucv: don't use paged skbs for TX on HiperSockets 2017-01-10 21:08:29 -05:00
kcm
key
l2tp net: make ndo_get_stats64 a void function 2017-01-08 17:51:44 -05:00
l3mdev
lapb Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
llc
mac80211 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-01-17 15:19:37 -05:00
mac802154 ktime: Cleanup ktime_set() usage 2016-12-25 17:21:22 +01:00
mpls mpls: Packet stats 2017-01-17 14:38:43 -05:00
ncsi
netfilter Introduce a sysctl that modifies the value of PROT_SOCK. 2017-01-24 12:10:51 -05:00
netlabel netlabel: add CALIPSO to the list of built-in protocols 2017-01-06 22:20:45 -05:00
netlink netlink: do not enter direct reclaim from netlink_trim() 2017-01-16 13:39:35 -05:00
netrom
nfc
openvswitch Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-01-17 15:19:37 -05:00
packet packet: pdiag_put_ring() should return TX_RING info for TPACKET_V3 2017-01-10 21:02:42 -05:00
phonet
qrtr net: qrtr: Mark 'buf' as little endian 2017-01-10 20:45:04 -05:00
rds RDS: validate the requested traces user input against max supported 2017-01-06 22:14:26 -05:00
rfkill rfkill: Add rfkill-any LED trigger 2017-01-09 11:40:33 +01:00
rose Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
rxrpc rxrpc: Allow listen(sock, 0) to be used to disable listening 2017-01-09 11:10:02 +00:00
sched fq_codel: Avoid regenerating skb flow hash unless necessary 2017-01-20 12:15:14 -05:00
sctp Introduce a sysctl that modifies the value of PROT_SOCK. 2017-01-24 12:10:51 -05:00
smc smc: ETH_ALEN as memcpy length for mac addresses 2017-01-12 09:47:01 -05:00
strparser
sunrpc svcrdma: avoid duplicate dma unmapping during error recovery 2017-01-12 16:14:47 -05:00
switchdev
tipc tipc: make replicast a user selectable option 2017-01-20 12:10:17 -05:00
unix Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
vmw_vsock Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-12-17 20:17:04 -08:00
wimax
wireless Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-01-17 15:19:37 -05:00
x25 Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
xfrm ktime: Cleanup ktime_set() usage 2016-12-25 17:21:22 +01:00
compat.c net: Assert at build time the assumptions we make about the CMSG header. 2017-01-04 13:24:19 -05:00
Kconfig Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-01-11 14:43:39 -05:00
Makefile smc: establish new socket family 2017-01-09 16:07:38 -05:00
socket.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-01-11 14:43:39 -05:00
sysctl_net.c