Re: [PATCH v3 6/7] netlink: Add multicast group level permissions

From: Jakub Kicinski
Date: Fri Mar 31 2023 - 02:39:56 EST

Next message: Tony Lindgren: "Re: [PATCH v2] dt-bindings: omap: Convert omap.txt to yaml"
Previous message: Yang, Weijiang: "Re: [RFC PATCH 0/7] SVM guest shadow stack support"
In reply to: Anjali Kulkarni: "[PATCH v3 6/7] netlink: Add multicast group level permissions"
Next in thread: Anjali Kulkarni: "Re: [PATCH v3 6/7] netlink: Add multicast group level permissions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 29 Mar 2023 11:25:42 -0700 Anjali Kulkarni wrote:
> A new field perm_groups is added in netlink_sock to store the protocol's
> multicast group access permissions. This is to allow for a more fine
> grained access control than just at the protocol level. These
> permissions can be supplied by the protocol via the netlink_kernel_cfg.
> A new function netlink_multicast_allowed() is added, which checks if
> the protocol's multicast group has non-root access before allowing bind.

Is there a reason this is better than implementing .bind
in the connector family and filtering there?

Next message: Tony Lindgren: "Re: [PATCH v2] dt-bindings: omap: Convert omap.txt to yaml"
Previous message: Yang, Weijiang: "Re: [RFC PATCH 0/7] SVM guest shadow stack support"
In reply to: Anjali Kulkarni: "[PATCH v3 6/7] netlink: Add multicast group level permissions"
Next in thread: Anjali Kulkarni: "Re: [PATCH v3 6/7] netlink: Add multicast group level permissions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]