[NET]: Modify all rtnetlink methods to only work in the initial namespace (v2)

Before I can enable rtnetlink to work in all network namespaces I need to be certain that something won't break. So this patch deliberately disables all of the rtnletlink methods in everything except the initial network namespace. After the methods have been audited this extra check can be disabled. Changes from v1: - added IPv6 addrlabel protection Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author: Denis V. Lunev <den@openvz.org> 2007-11-30 08:21:31 -0500
committer: David S. Miller <davem@davemloft.net> 2008-01-28 17:54:24 -0500
commit: b854272b3c732316676e9128f7b9e6f1e1ff88b0 (patch)
tree: c90c74b9ec068453881f1173da4c57d6bb00a7d9 /net/ipv4/devinet.c
parent: ad5d20a63940fcfb40af76ba06148f36d5d0b433 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
index b42f74617bac..c0eb26a0d0bc 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -441,6 +441,7 @@ struct in_ifaddr *inet_ifa_byprefix(struct in_device *in_dev, __be32 prefix,
 static int inet_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
 {
+        struct net *net = skb->sk->sk_net;
        struct nlattr *tb[IFA_MAX+1];
        struct in_device *in_dev;
        struct ifaddrmsg *ifm;
@@ -449,6 +450,9 @@ static int inet_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg
        ASSERT_RTNL();
+        if (net != &init_net)
+                return -EINVAL;
        err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFA_MAX, ifa_ipv4_policy);
        if (err < 0)
                goto errout;
@@ -560,10 +564,14 @@ errout:
 static int inet_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
 {
+        struct net *net = skb->sk->sk_net;
        struct in_ifaddr *ifa;
        ASSERT_RTNL();
+        if (net != &init_net)
+                return -EINVAL;
        ifa = rtm_to_ifaddr(nlh);
        if (IS_ERR(ifa))
                return PTR_ERR(ifa);
@@ -1174,12 +1182,16 @@ nla_put_failure:
 static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
 {
+        struct net *net = skb->sk->sk_net;
        int idx, ip_idx;
        struct net_device *dev;
        struct in_device *in_dev;
        struct in_ifaddr *ifa;
        int s_ip_idx, s_idx = cb->args[0];
+        if (net != &init_net)
+                return 0;
        s_ip_idx = ip_idx = cb->args[1];
        idx = 0;
        for_each_netdev(&init_net, dev) {
author	Denis V. Lunev <den@openvz.org>	2007-11-30 08:21:31 -0500
committer	David S. Miller <davem@davemloft.net>	2008-01-28 17:54:24 -0500
commit	b854272b3c732316676e9128f7b9e6f1e1ff88b0 (patch)
tree	c90c74b9ec068453881f1173da4c57d6bb00a7d9 /net/ipv4/devinet.c
parent	ad5d20a63940fcfb40af76ba06148f36d5d0b433 (diff)