net: make net namespace sysctls belong to container's owner

If net namespace is attached to a user namespace let's make container's
root owner of sysctls affecting said network namespace instead of global
root.

This also allows us to clean up net_ctl_permissions() because we do not
need to fudge permissions anymore for the container's owner since it now
owns the objects in question.

Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

1 files changed, 4 insertions, 0 deletions

diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
index 697e160c78d0..d82cb6011e77 100644
--- a/include/linux/sysctl.h
+++ b/include/linux/sysctl.h
@@ -25,6 +25,7 @@
 #include <linux/rcupdate.h>
 #include <linux/wait.h>
 #include <linux/rbtree.h>
+#include <linux/uidgid.h>
 #include <uapi/linux/sysctl.h>
 
 /* For the /proc/sys support */
@@ -157,6 +158,9 @@ struct ctl_table_root {
         struct ctl_table_set default_set;
         struct ctl_table_set *(*lookup)(struct ctl_table_root *root,
                                            struct nsproxy *namespaces);
+        void (*set_ownership)(struct ctl_table_header *head,
+                              struct ctl_table *table,
+                              kuid_t *uid, kgid_t *gid);
         int (*permissions)(struct ctl_table_header *head, struct ctl_table *table);
 };