Re: [PATCH net] vlan: prevent cross-netns promisc/allmulti propagation

Next message: Tengda Wu: "[PATCH v4] rethook: Remove the running task check in rethook_find_ret_addr()"
Previous message: lizhi2: "[PATCH net-next v8 2/6] dt-bindings: ethernet: eswin: add EIC7700 eth1 RX clock inversion variant"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jakub Kicinski

Date: Tue Jun 09 2026 - 21:37:33 EST

On Sun, 7 Jun 2026 19:35:28 +0800 Yizhou Zhao wrote:
> vlan_dev_change_rx_flags() propagates IFF_PROMISC and IFF_ALLMULTI
> changes from a VLAN device to its real device. If the VLAN device has
> been moved to another network namespace, a user with CAP_NET_ADMIN in
> that namespace can toggle these flags on the VLAN device and change the
> promiscuity/allmulti counters on the real device in the original
> namespace.

I'd think that's expected. There's a higher chance this patch will
break someone's intentional setup than prevent an issue...

If anyone on the list disagrees please speak up
--
pw-bot: reject