Re: [PATCH] netfilter: Record uid and gid in xt_AUDIT

From: Richard Weinberger
Date: Fri Oct 11 2024 - 09:12:58 EST

Next message: Catalin Marinas: "Re: [PATCH v6 02/11] arm64: Detect if in a realm and set RIPAS RAM"
Previous message: Mike Rapoport: "Re: [linux-next:master] [x86/module] 6661cae1aa: WARNING:at_arch/x86/mm/pat/set_memory.c:#__cpa_process_fault"
In reply to: Florian Westphal: "Re: [PATCH] netfilter: Record uid and gid in xt_AUDIT"
Next in thread: Paul Moore: "Re: [PATCH] netfilter: Record uid and gid in xt_AUDIT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Am Freitag, 11. Oktober 2024, 03:27:13 CEST schrieb Florian Westphal:
> Richard Weinberger <richard@xxxxxxxxxxxxx> wrote:
> > Maybe I have wrong expectations.
> > e.g. I expected that sock_net_uid() will return 1000 when
> > uid 1000 does something like: unshare -Umr followed by a veth connection
> > to the host (initial user/net namespace).
> > Shouldn't on the host side a forwarded skb have a ->dev that belongs uid
> > 1000's net namespace?
>
> You mean skb->sk? dev doesn't make much sense in this context to me.
> Else, please clarify.

Well, this was a brain fart on my side.
I wondered about the sock_net_uid(net, NULL) case and wrongly assumed
that a skb I see in the outer namespace can have a skb->dev from another
namespace.
It would be awesome to have some information about
the originating net namespace.

Thanks,
//richard

--
sigma star gmbh | Eduard-Bodem-Gasse 6, 6020 Innsbruck, AUT
UID/VAT Nr: ATU 66964118 | FN: 374287y

Next message: Catalin Marinas: "Re: [PATCH v6 02/11] arm64: Detect if in a realm and set RIPAS RAM"
Previous message: Mike Rapoport: "Re: [linux-next:master] [x86/module] 6661cae1aa: WARNING:at_arch/x86/mm/pat/set_memory.c:#__cpa_process_fault"
In reply to: Florian Westphal: "Re: [PATCH] netfilter: Record uid and gid in xt_AUDIT"
Next in thread: Paul Moore: "Re: [PATCH] netfilter: Record uid and gid in xt_AUDIT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]