linux-stable

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-08-27 19:29:37 +00:00

No description

Find a file

Linus Lüssing c7e4004b38 batman-adv: allow netlink usage in unprivileged containers [ Upstream commit `9057d6c23e` ] Currently, creating a batman-adv interface in an unprivileged LXD container and attaching secondary interfaces to it with "ip" or "batctl" works fine. However all batctl debug and configuration commands fail: root@container:~# batctl originators Error received: Operation not permitted root@container:~# batctl orig_interval 1000 root@container:~# batctl orig_interval 2000 root@container:~# batctl orig_interval 1000 To fix this change the generic netlink permissions from GENL_ADMIN_PERM to GENL_UNS_ADMIN_PERM. This way a batman-adv interface is fully maintainable as root from within a user namespace, from an unprivileged container. All except one batman-adv netlink setting are per interface and do not leak information or change settings from the host system and are therefore save to retrieve or modify as root from within an unprivileged container. "batctl routing_algo" / BATADV_CMD_GET_ROUTING_ALGOS is the only exception: It provides the batman-adv kernel module wide default routing algorithm. However it is read-only from netlink and an unprivileged container is still not allowed to modify /sys/module/batman_adv/parameters/routing_algo. Instead it is advised to use the newly introduced "batctl if create routing_algo RA_NAME" / IFLA_BATADV_ALGO_NAME to set the routing algorithm on interface creation, which already works fine in an unprivileged container. Cc: Tycho Andersen <tycho@tycho.pizza> Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue> Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> Signed-off-by: Sasha Levin <sashal@kernel.org>		2022-01-27 09:19:41 +01:00
arch	ARM: shmobile: rcar-gen2: Add missing of_node_put()	2022-01-27 09:19:40 +01:00
block	block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2)	2021-12-14 14:49:02 +01:00
certs	certs: Trigger creation of RSA module signing key if it's not an RSA key	2021-09-15 09:47:29 +02:00
crypto	crypto: pcrypt - Delay write to padata->info	2021-11-17 09:48:40 +01:00
Documentation	Input: i8042 - add deferred probe support	2022-01-05 12:37:43 +01:00
drivers	drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR	2022-01-27 09:19:40 +01:00
fs	fs: dlm: filter user dlm messages for kernel locks	2022-01-27 09:19:40 +01:00
include	mm_zone: add function to check if managed dma zone exists	2022-01-27 09:19:28 +01:00
init	kbuild: add CONFIG_LD_IS_LLD	2021-06-30 08:47:44 -04:00
ipc	shm: extend forced shm destroy to support objects from several IPC nses	2021-12-01 09:23:35 +01:00
kernel	rcu/exp: Mark current CPU as exp-QS in IPI loop second pass	2022-01-27 09:19:33 +01:00
lib	siphash: use _unaligned version by default	2021-12-08 09:01:12 +01:00
LICENSES	LICENSES: Rename other to deprecated	2019-05-03 06:34:32 -06:00
mm	shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode	2022-01-27 09:19:29 +01:00
net	batman-adv: allow netlink usage in unprivileged containers	2022-01-27 09:19:41 +01:00
samples	samples/kretprobes: Fix return value if register_kretprobe() failed	2021-11-17 09:48:39 +01:00
scripts	recordmcount.pl: fix typo in s390 mcount regex	2022-01-05 12:37:44 +01:00
security	selinux: fix potential memleak in selinux_add_opt()	2022-01-27 09:19:35 +01:00
sound	ASoC: samsung: idma: Check of ioremap return value	2022-01-27 09:19:39 +01:00
tools	bpftool: Enable line buffering for stdout	2022-01-27 09:19:35 +01:00
usr	initramfs: restore default compression behavior	2020-04-08 09:08:38 +02:00
virt	KVM: do not shrink halt_poll_ns below grow_start	2021-10-09 14:39:50 +02:00
.clang-format	clang-format: Update with the latest for_each macro list	2019-08-31 10:00:51 +02:00
.cocciconfig
.get_maintainer.ignore	Opt out of scripts/get_maintainer.pl	2019-05-16 10:53:40 -07:00
.gitattributes
.gitignore	Modules updates for v5.4	2019-09-22 10:34:46 -07:00
.mailmap	ARM: SoC fixes	2019-11-10 13:41:59 -08:00
COPYING
CREDITS	MAINTAINERS: Remove Simon as Renesas SoC Co-Maintainer	2019-10-10 08:12:51 -07:00
Kbuild	kbuild: do not descend to ./Kbuild when cleaning	2019-08-21 21:03:58 +09:00
Kconfig	docs: kbuild: convert docs to ReST and rename to *.rst	2019-06-14 14:21:21 -06:00
MAINTAINERS	Documentation/llvm: add documentation on building w/ Clang/LLVM	2020-08-26 10:40:46 +02:00
Makefile	Linux 5.4.173	2022-01-20 09:19:19 +01:00
README	Drop all 00-INDEX files from Documentation/	2018-09-09 15:08:58 -06:00

README

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.