Re: [PATCH net] rtnetlink: Require CAP_NET_ADMIN in link netns for changelink.

Next message: Nazle Asmade, Muhammad Nazim Amirul: "Re: [PATCH v2] net: stmmac: Improve Tx timer arm logic further"
Previous message: Alexandre Courbot: "Re: [PATCH v6 0/7] gpu: nova-core: run unload sequence upon unbinding"
In reply to: Kuniyuki Iwashima: "Re: [PATCH net] rtnetlink: Require CAP_NET_ADMIN in link netns for changelink."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Maoyi Xie

Date: Fri May 29 2026 - 02:53:03 EST

Hi Kuniyuki,

> > > Do all other callers of ->get_link_net(), dev_get_iflink_dev()
> > > and batadv_getlink_net(), require the same capability check ?
> >
> > No. Those are read paths.
>
> See how netif_change_proto_down() uses dev_get_iflink_dev().

Thanks for catching that. You're right, "all read paths" was too
broad. netif_change_proto_down() is a mutation function and it calls
dev_get_iflink_dev() inside its logic.

I read through it. The resolved iflink_dev is only used there to test
reachability (the !iflink_dev return) and to read
netif_carrier_ok(iflink_dev) for the carrier_on conditional. The
mutations (proto_down, carrier_off/on) target dev, which is in the
caller's netns and was cap checked at the rtnl setlink entry. So I do
not see a parallel cap gap on that path.

If you agree, I would like to keep this series scoped to the
rtnl_changelink path Xiao reported. The per-type cap check on
t->net->user_ns mirrors 8b484efd5cb4. If you see another angle on the
dev_get_iflink_dev() callers, please tell me and I will look again.

Thanks,
Maoyi