[PATCH net-next 0/2] net: devmem: allow bind-rx from non-init user namespaces
From: Bobby Eshleman
Date: Mon Jun 01 2026 - 15:24:44 EST
NETDEV_CMD_BIND_RX is GENL_ADMIN_PERM, which checks CAP_NET_ADMIN
against init_user_ns. With netkit and netns support for devmem, it is
now useful to let workloads holding CAP_NET_ADMIN only in their own
user_ns issue bind-rx for a netns owned by that user_ns.
The first patch switches the flag to GENL_UNS_ADMIN_PERM so the check uses
the target netns's owning user_ns. Init remains permitted.
The second patch just adds test cases. They are identical to
nk_devmem.py tests, but using a non-init userns.
Signed-off-by: Bobby Eshleman <bobbyeshleman@xxxxxxxx>
---
Bobby Eshleman (2):
net: devmem: allow bind-rx from non-init user namespaces
selftests: drv-net: add userns devmem RX test
Documentation/netlink/specs/netdev.yaml | 2 +-
net/core/netdev-genl-gen.c | 2 +-
tools/testing/selftests/drivers/net/hw/Makefile | 1 +
tools/testing/selftests/drivers/net/hw/config | 1 +
.../selftests/drivers/net/hw/lib/py/__init__.py | 4 +-
.../selftests/drivers/net/hw/userns_devmem.py | 48 +++++++++++++
tools/testing/selftests/drivers/net/lib/py/env.py | 8 ++-
tools/testing/selftests/net/lib/py/__init__.py | 4 +-
tools/testing/selftests/net/lib/py/netns.py | 79 ++++++++++++++++++++++
tools/testing/selftests/net/lib/py/utils.py | 7 +-
10 files changed, 146 insertions(+), 10 deletions(-)
---
base-commit: 0906c117f81c2ae6e6dbfa82719f79c75e1c9325
change-id: 20260529-nl-prov-491a85c020b0
Best regards,
--
Bobby Eshleman <bobbyeshleman@xxxxxxxx>