Re: [PATCH bpf 2/4] nsfs: add an ioctl to discover the network namespace cookie

From: Lorenz Bauer
Date: Tue Mar 02 2021 - 05:12:36 EST

Next message: Michal Hocko: "Re: possible deadlock in sk_clone_lock"
Previous message: Muchun Song: "Re: [External] Re: [PATCH] mm: memcontrol: fix kernel stack account"
In reply to: Christian Brauner: "Re: [PATCH bpf 2/4] nsfs: add an ioctl to discover the network namespace cookie"
Next in thread: Christian Brauner: "Re: [PATCH bpf 2/4] nsfs: add an ioctl to discover the network namespace cookie"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 1 Mar 2021 at 10:04, Christian Brauner
<christian.brauner@xxxxxxxxxx> wrote:
>
> Hey Lorenz,
>
> Just to make sure: is it intentional that any user can retrieve the
> cookie associated with any network namespace, i.e. you don't require any
> form of permission checking in the owning user namespace of the network
> namespace?
>
> Christian

Hi Christian,

I've decided to drop the patch set for now, but that was my intention, yes. Is
there a downside I'm not aware of?

Lorenz

--
Lorenz Bauer | Systems Engineer
6th Floor, County Hall/The Riverside Building, SE1 7PB, UK

www.cloudflare.com

Next message: Michal Hocko: "Re: possible deadlock in sk_clone_lock"
Previous message: Muchun Song: "Re: [External] Re: [PATCH] mm: memcontrol: fix kernel stack account"
In reply to: Christian Brauner: "Re: [PATCH bpf 2/4] nsfs: add an ioctl to discover the network namespace cookie"
Next in thread: Christian Brauner: "Re: [PATCH bpf 2/4] nsfs: add an ioctl to discover the network namespace cookie"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]