[NET]: Modify all rtnetlink methods to only work in the initial namespace (v2)

Before I can enable rtnetlink to work in all network namespaces I need
to be certain that something won't break.  So this patch deliberately
disables all of the rtnletlink methods in everything except the
initial network namespace.  After the methods have been audited this
extra check can be disabled.

Changes from v1:
- added IPv6 addrlabel protection

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

1 files changed, 4 insertions, 0 deletions

diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index a21021bf1409..1d2839571d2f 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -2527,6 +2527,7 @@ nla_put_failure:
 
 static int inet_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr* nlh, void *arg)
 {
+        struct net *net = in_skb->sk->sk_net;
         struct rtmsg *rtm;
         struct nlattr *tb[RTA_MAX+1];
         struct rtable *rt = NULL;
@@ -2536,6 +2537,9 @@ static int inet_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr* nlh, void
         int err;
         struct sk_buff *skb;
 
+        if (net != &init_net)
+                return -EINVAL;
+
         err = nlmsg_parse(nlh, sizeof(*rtm), tb, RTA_MAX, rtm_ipv4_policy);
         if (err < 0)
                 goto errout;