[NET]: Modify all rtnetlink methods to only work in the initial namespace (v2)

Before I can enable rtnetlink to work in all network namespaces I need to be certain that something won't break. So this patch deliberately disables all of the rtnletlink methods in everything except the initial network namespace. After the methods have been audited this extra check can be disabled. Changes from v1: - added IPv6 addrlabel protection Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author: Denis V. Lunev <den@openvz.org> 2007-11-30 08:21:31 -0500
committer: David S. Miller <davem@davemloft.net> 2008-01-28 17:54:24 -0500
commit: b854272b3c732316676e9128f7b9e6f1e1ff88b0 (patch)
tree: c90c74b9ec068453881f1173da4c57d6bb00a7d9 /net/core/rtnetlink.c
parent: ad5d20a63940fcfb40af76ba06148f36d5d0b433 (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index fed95a323b28..4edc3dac4ccd 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -703,6 +703,9 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
        int s_idx = cb->args[0];
        struct net_device *dev;
+        if (net != &init_net)
+                return 0;
        idx = 0;
        for_each_netdev(net, dev) {
                if (idx < s_idx)
@@ -905,6 +908,9 @@ static int rtnl_setlink(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
        struct nlattr *tb[IFLA_MAX+1];
        char ifname[IFNAMSIZ];
+        if (net != &init_net)
+                return -EINVAL;
        err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFLA_MAX, ifla_policy);
        if (err < 0)
                goto errout;
@@ -953,6 +959,9 @@ static int rtnl_dellink(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
        struct nlattr *tb[IFLA_MAX+1];
        int err;
+        if (net != &init_net)
+                return -EINVAL;
        err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFLA_MAX, ifla_policy);
        if (err < 0)
                return err;
@@ -1034,6 +1043,9 @@ static int rtnl_newlink(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
        struct nlattr *linkinfo[IFLA_INFO_MAX+1];
        int err;
+        if (net != &init_net)
+                return -EINVAL;
 #ifdef CONFIG_KMOD
 replay:
 #endif
@@ -1160,6 +1172,9 @@ static int rtnl_getlink(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg)
        struct sk_buff *nskb;
        int err;
+        if (net != &init_net)
+                return -EINVAL;
        err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFLA_MAX, ifla_policy);
        if (err < 0)
                return err;
@@ -1195,9 +1210,13 @@ errout:
 static int rtnl_dump_all(struct sk_buff *skb, struct netlink_callback *cb)
 {
+        struct net *net = skb->sk->sk_net;
        int idx;
        int s_idx = cb->family;
+        if (net != &init_net)
+                return 0;
        if (s_idx == 0)
                s_idx = 1;
        for (idx=1; idx<NPROTO; idx++) {
author	Denis V. Lunev <den@openvz.org>	2007-11-30 08:21:31 -0500
committer	David S. Miller <davem@davemloft.net>	2008-01-28 17:54:24 -0500
commit	b854272b3c732316676e9128f7b9e6f1e1ff88b0 (patch)
tree	c90c74b9ec068453881f1173da4c57d6bb00a7d9 /net/core/rtnetlink.c
parent	ad5d20a63940fcfb40af76ba06148f36d5d0b433 (diff)