Re: [PATCH] netfilter: Record uid and gid in xt_AUDIT

From: Florian Westphal
Date: Thu Oct 10 2024 - 21:27:32 EST

Next message: CK Hu (胡俊光): "Re: [PATCH v1 01/10] dt-bindings: media: mediatek: add camsys device"
Previous message: Chenyuan Yang: "Re: [Linux Kernel Bug] memory leak in ubi_attach"
In reply to: Richard Weinberger: "Re: [PATCH] netfilter: Record uid and gid in xt_AUDIT"
Next in thread: Richard Weinberger: "Re: [PATCH] netfilter: Record uid and gid in xt_AUDIT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Richard Weinberger <richard@xxxxxxxxxxxxx> wrote:
> Maybe I have wrong expectations.
> e.g. I expected that sock_net_uid() will return 1000 when
> uid 1000 does something like: unshare -Umr followed by a veth connection
> to the host (initial user/net namespace).
> Shouldn't on the host side a forwarded skb have a ->dev that belongs uid
> 1000's net namespace?

You mean skb->sk? dev doesn't make much sense in this context to me.
Else, please clarify.

ip stack orphans incoming skbs, i.e. skb->sk is gone, see skb_orphan()
call in ip_rcv_core(). So when packet enters init_net prerouting hook,
association with originating netns or sk is not present anymore.

Next message: CK Hu (胡俊光): "Re: [PATCH v1 01/10] dt-bindings: media: mediatek: add camsys device"
Previous message: Chenyuan Yang: "Re: [Linux Kernel Bug] memory leak in ubi_attach"
In reply to: Richard Weinberger: "Re: [PATCH] netfilter: Record uid and gid in xt_AUDIT"
Next in thread: Richard Weinberger: "Re: [PATCH] netfilter: Record uid and gid in xt_AUDIT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]