[NET]: Modify all rtnetlink methods to only work in the initial namespace (v2)

Before I can enable rtnetlink to work in all network namespaces I need to be certain that something won't break. So this patch deliberately disables all of the rtnletlink methods in everything except the initial network namespace. After the methods have been audited this extra check can be disabled. Changes from v1: - added IPv6 addrlabel protection Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author: Denis V. Lunev <den@openvz.org> 2007-11-30 08:21:31 -0500
committer: David S. Miller <davem@davemloft.net> 2008-01-28 17:54:24 -0500
commit: b854272b3c732316676e9128f7b9e6f1e1ff88b0 (patch)
tree: c90c74b9ec068453881f1173da4c57d6bb00a7d9 /net/core/fib_rules.c
parent: ad5d20a63940fcfb40af76ba06148f36d5d0b433 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/net/core/fib_rules.c b/net/core/fib_rules.c
index 848132b6cb73..3b20b6f0982e 100644
--- a/net/core/fib_rules.c
+++ b/net/core/fib_rules.c
@@ -228,6 +228,9 @@ static int fib_nl_newrule(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg)
        struct nlattr *tb[FRA_MAX+1];
        int err = -EINVAL, unresolved = 0;
+        if (net != &init_net)
+                return -EINVAL;
        if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*frh)))
                goto errout;
@@ -358,12 +361,16 @@ errout:
 static int fib_nl_delrule(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg)
 {
+        struct net *net = skb->sk->sk_net;
        struct fib_rule_hdr *frh = nlmsg_data(nlh);
        struct fib_rules_ops *ops = NULL;
        struct fib_rule *rule, *tmp;
        struct nlattr *tb[FRA_MAX+1];
        int err = -EINVAL;
+        if (net != &init_net)
+                return -EINVAL;
        if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*frh)))
                goto errout;
@@ -539,9 +546,13 @@ skip:
 static int fib_nl_dumprule(struct sk_buff *skb, struct netlink_callback *cb)
 {
+        struct net *net = skb->sk->sk_net;
        struct fib_rules_ops *ops;
        int idx = 0, family;
+        if (net != &init_net)
+                return -EINVAL;
        family = rtnl_msg_family(cb->nlh);
        if (family != AF_UNSPEC) {
                /* Protocol specific dump request */
author	Denis V. Lunev <den@openvz.org>	2007-11-30 08:21:31 -0500
committer	David S. Miller <davem@davemloft.net>	2008-01-28 17:54:24 -0500
commit	b854272b3c732316676e9128f7b9e6f1e1ff88b0 (patch)
tree	c90c74b9ec068453881f1173da4c57d6bb00a7d9 /net/core/fib_rules.c
parent	ad5d20a63940fcfb40af76ba06148f36d5d0b433 (diff)