mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-11-01 00:48:50 +00:00
Code Issues Releases Wiki Activity
linux-stable/net
History
Jonathon Reinhart 2671fa4dc0 netfilter: conntrack: Make global sysctls readonly in non-init netns 
These sysctls point to global variables:
- NF_SYSCTL_CT_MAX (&nf_conntrack_max)
- NF_SYSCTL_CT_EXPECT_MAX (&nf_ct_expect_max)
- NF_SYSCTL_CT_BUCKETS (&nf_conntrack_htable_size_user)

Because their data pointers are not updated to point to per-netns
structures, they must be marked read-only in a non-init_net ns.
Otherwise, changes in any net namespace are reflected in (leaked into)
all other net namespaces. This problem has existed since the
introduction of net namespaces.

The current logic marks them read-only only if the net namespace is
owned by an unprivileged user (other than init_user_ns).

Commit d0febd81ae ("netfilter: conntrack: re-visit sysctls in
unprivileged namespaces") "exposes all sysctls even if the namespace is
unpriviliged." Since we need to mark them readonly in any case, we can
forego the unprivileged user check altogether.

Fixes: d0febd81ae ("netfilter: conntrack: re-visit sysctls in unprivileged namespaces")
Signed-off-by: Jonathon Reinhart <Jonathon.Reinhart@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-04-12 13:27:11 -07:00
..
6lowpan 6lowpan: Fix some typos in nhc_udp.c 2021-03-24 17:52:11 -07:00
9p net: 9p: Correct function names in the kerneldoc comments 2021-03-28 17:56:56 -07:00
802
8021q net: bridge: resolve forwarding path for VLAN tag actions in bridge devices 2021-03-24 12:48:38 -07:00
appletalk appletalk: Fix skb allocation size in loopback case 2021-02-12 16:40:28 -08:00
atm
ax25 net/ax25: Delete obsolete TODO file 2021-03-30 16:54:50 -07:00
batman-adv Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-04-09 20:48:35 -07:00
bluetooth Bluetooth: Allow Microsoft extension to indicate curve validation 2021-04-08 12:26:34 +02:00
bpf bpf: selftests: Add kfunc_call test 2021-03-26 20:41:52 -07:00
bpfilter
bridge netfilter: ebtables: use net_generic infra 2021-04-06 00:34:52 +02:00
caif net: caif: Use netif_rx_any_context(). 2021-02-15 13:21:48 -08:00
can can: isotp: fix msg_namelen values depending on CAN_REQUIRED_SIZE 2021-03-29 09:51:43 +02:00
ceph net: ceph: Fix a typo in osdmap.c 2021-03-25 17:05:07 -07:00
core Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-04-09 20:48:35 -07:00
dcb
dccp net: dccp: use net_generic storage 2021-04-09 16:34:56 -07:00
decnet net/decnet: Delete obsolete TODO file 2021-03-30 16:54:50 -07:00
dns_resolver
dsa Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-04-09 20:48:35 -07:00
ethernet ethernet: avoid retpoline overhead on TEB (GENEVE, NvGRE, VxLAN) GRO 2021-03-18 19:51:12 -07:00
ethtool ethtool: wire in generic SFP module access 2021-04-11 16:34:56 -07:00
hsr Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-04-09 20:48:35 -07:00
ieee802154 net: remove the new_ifindex argument from dev_change_net_namespace 2021-04-07 14:43:28 -07:00
ife
ipv4 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-04-09 20:48:35 -07:00
ipv6 net: seg6: trivial fix of a spelling mistake in comment 2021-04-12 13:17:09 -07:00
iucv iucv: af_iucv.c: Couple of typo fixes 2021-03-28 17:31:13 -07:00
kcm kcm: kcmsock.c: Couple of typo fixes 2021-03-28 17:31:13 -07:00
key
l2tp net: l2tp: Fix a typo 2021-03-22 13:17:49 -07:00
l3mdev l3mdev: Correct function names in the kerneldoc comments 2021-03-28 17:56:55 -07:00
lapb net: lapb: Make "lapb_t1timer_running" able to detect an already running timer 2021-03-23 14:14:50 -07:00
llc llc: llc_core.c: COuple of typo fixes 2021-03-28 17:31:13 -07:00
mac80211 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-04-09 20:48:35 -07:00
mac802154 net: mac802154: Fix general protection fault 2021-04-06 22:42:16 +02:00
mpls net: avoid infinite loop in mpls_gso_segment when mpls_hlen == 0 2021-03-09 16:12:20 -08:00
mptcp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-04-09 20:48:35 -07:00
ncsi Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-04-09 20:48:35 -07:00
netfilter netfilter: conntrack: Make global sysctls readonly in non-init netns 2021-04-12 13:27:11 -07:00
netlabel netlabel: Correct function name netlbl_mgmt_add() in the kerneldoc comments 2021-03-28 17:56:55 -07:00
netlink mptcp: avoid lock_fast usage in accept path 2021-02-12 16:31:46 -08:00
netrom
nfc Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-04-09 20:48:35 -07:00
nsh
openvswitch Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-04-09 20:48:35 -07:00
packet net/packet: Fix a typo in af_packet.c 2021-03-24 17:52:11 -07:00
phonet
psample psample: Add additional metadata attributes 2021-03-14 15:00:43 -07:00
qrtr Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-04-09 20:48:35 -07:00
rds Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-04-09 20:48:35 -07:00
rfkill rfkill: revert back to old userspace API by default 2021-04-08 10:14:45 +02:00
rose net: rose: Fix fall-through warnings for Clang 2021-03-10 12:45:15 -08:00
rxrpc rxrpc: Fix dependency on IPv6 in udp tunnel config 2021-02-12 16:42:05 -08:00
sched Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-04-09 20:48:35 -07:00
sctp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-04-09 20:48:35 -07:00
smc net: smc: Remove repeated struct declaration 2021-04-01 15:52:38 -07:00
strparser
sunrpc Miscellaneous NFSD fixes for v5.12-rc. 2021-03-16 10:22:50 -07:00
switchdev net: bridge: propagate extack through switchdev_port_attr_set 2021-02-14 17:38:11 -08:00
tipc Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-04-09 20:48:35 -07:00
tls skmsg: Extract __tcp_bpf_recvmsg() and tcp_bpf_wait_data() 2021-04-01 10:56:14 -07:00
unix
vmw_vsock net: vsock: Fix a typo 2021-03-28 17:52:51 -07:00
wireless Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-04-09 20:48:35 -07:00
x25 af_x25.c: Fix a spello 2021-03-28 17:31:13 -07:00
xdp bpf, xdp: Restructure redirect actions 2021-03-10 01:06:34 +01:00
xfrm Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-04-09 20:48:35 -07:00
compat.c
devres.c
Kconfig net: add CONFIG_PCPU_DEV_REFCNT 2021-03-19 13:38:46 -07:00
Makefile
socket.c net: Fix a misspell in socket.c 2021-03-25 16:56:27 -07:00
sysctl_net.c net: Ensure net namespace isolation of sysctls 2021-04-12 13:27:11 -07:00