diff options
| author | Andrey Vagin <avagin@openvz.org> | 2016-10-24 21:29:13 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2016-10-31 10:56:36 -0400 |
| commit | c62cce2caee558e18aa05c01c2fd3b40f07174f2 (patch) | |
| tree | f652d443eb8394c24772bcee4cf15f3a1a6586f1 /net/socket.c | |
| parent | 2a43ca0aa9084c41aaa1006fbf22155b2e94babf (diff) | |
net: add an ioctl to get a socket network namespace
Each socket operates in a network namespace where it has been created,
so if we want to dump and restore a socket, we have to know its network
namespace.
We have a socket_diag to get information about sockets, it doesn't
report sockets which are not bound or connected.
This patch introduces a new socket ioctl, which is called SIOCGSKNS
and used to get a file descriptor for a socket network namespace.
A task must have CAP_NET_ADMIN in a target network namespace to
use this ioctl.
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Andrei Vagin <avagin@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/socket.c')
| -rw-r--r-- | net/socket.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/net/socket.c b/net/socket.c index 5a9bf5ee2464..970a7ea3fc4a 100644 --- a/net/socket.c +++ b/net/socket.c | |||
| @@ -877,6 +877,11 @@ static long sock_do_ioctl(struct net *net, struct socket *sock, | |||
| 877 | * what to do with it - that's up to the protocol still. | 877 | * what to do with it - that's up to the protocol still. |
| 878 | */ | 878 | */ |
| 879 | 879 | ||
| 880 | static struct ns_common *get_net_ns(struct ns_common *ns) | ||
| 881 | { | ||
| 882 | return &get_net(container_of(ns, struct net, ns))->ns; | ||
| 883 | } | ||
| 884 | |||
| 880 | static long sock_ioctl(struct file *file, unsigned cmd, unsigned long arg) | 885 | static long sock_ioctl(struct file *file, unsigned cmd, unsigned long arg) |
| 881 | { | 886 | { |
| 882 | struct socket *sock; | 887 | struct socket *sock; |
| @@ -945,6 +950,13 @@ static long sock_ioctl(struct file *file, unsigned cmd, unsigned long arg) | |||
| 945 | err = dlci_ioctl_hook(cmd, argp); | 950 | err = dlci_ioctl_hook(cmd, argp); |
| 946 | mutex_unlock(&dlci_ioctl_mutex); | 951 | mutex_unlock(&dlci_ioctl_mutex); |
| 947 | break; | 952 | break; |
| 953 | case SIOCGSKNS: | ||
| 954 | err = -EPERM; | ||
| 955 | if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) | ||
| 956 | break; | ||
| 957 | |||
| 958 | err = open_related_ns(&net->ns, get_net_ns); | ||
| 959 | break; | ||
| 948 | default: | 960 | default: |
| 949 | err = sock_do_ioctl(net, sock, cmd, arg); | 961 | err = sock_do_ioctl(net, sock, cmd, arg); |
| 950 | break; | 962 | break; |
| @@ -3093,6 +3105,7 @@ static int compat_sock_ioctl_trans(struct file *file, struct socket *sock, | |||
| 3093 | case SIOCSIFVLAN: | 3105 | case SIOCSIFVLAN: |
| 3094 | case SIOCADDDLCI: | 3106 | case SIOCADDDLCI: |
| 3095 | case SIOCDELDLCI: | 3107 | case SIOCDELDLCI: |
| 3108 | case SIOCGSKNS: | ||
| 3096 | return sock_ioctl(file, cmd, arg); | 3109 | return sock_ioctl(file, cmd, arg); |
| 3097 | 3110 | ||
| 3098 | case SIOCGIFFLAGS: | 3111 | case SIOCGIFFLAGS: |