diff options
| author | David S. Miller <davem@davemloft.net> | 2012-08-24 18:54:37 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2012-08-24 18:54:37 -0400 |
| commit | e6acb384807406c1a6ad3ddc91191f7658e63b7a (patch) | |
| tree | 7906d1bb402ac30e4efaa1bc6451b1c7a4b6e768 /net/sched | |
| parent | 255e87657a84e21986e5d9070f3dee4aa8d1d531 (diff) | |
| parent | 898132ae76d1aeb52301f10e8795c34fbb54e853 (diff) | |
Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
This is an initial merge in of Eric Biederman's work to start adding
user namespace support to the networking.
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/sched')
| -rw-r--r-- | net/sched/cls_api.c | 2 | ||||
| -rw-r--r-- | net/sched/cls_basic.c | 3 | ||||
| -rw-r--r-- | net/sched/cls_cgroup.c | 3 | ||||
| -rw-r--r-- | net/sched/cls_flow.c | 19 | ||||
| -rw-r--r-- | net/sched/cls_fw.c | 3 | ||||
| -rw-r--r-- | net/sched/cls_route.c | 3 | ||||
| -rw-r--r-- | net/sched/cls_rsvp.h | 3 | ||||
| -rw-r--r-- | net/sched/cls_tcindex.c | 3 | ||||
| -rw-r--r-- | net/sched/cls_u32.c | 3 |
9 files changed, 29 insertions, 13 deletions
diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c index 6dd1131f2ec1..dc3ef5aef355 100644 --- a/net/sched/cls_api.c +++ b/net/sched/cls_api.c | |||
| @@ -319,7 +319,7 @@ replay: | |||
| 319 | } | 319 | } |
| 320 | } | 320 | } |
| 321 | 321 | ||
| 322 | err = tp->ops->change(tp, cl, t->tcm_handle, tca, &fh); | 322 | err = tp->ops->change(skb, tp, cl, t->tcm_handle, tca, &fh); |
| 323 | if (err == 0) { | 323 | if (err == 0) { |
| 324 | if (tp_created) { | 324 | if (tp_created) { |
| 325 | spin_lock_bh(root_lock); | 325 | spin_lock_bh(root_lock); |
diff --git a/net/sched/cls_basic.c b/net/sched/cls_basic.c index 590960a22a77..344a11b342e5 100644 --- a/net/sched/cls_basic.c +++ b/net/sched/cls_basic.c | |||
| @@ -162,7 +162,8 @@ errout: | |||
| 162 | return err; | 162 | return err; |
| 163 | } | 163 | } |
| 164 | 164 | ||
| 165 | static int basic_change(struct tcf_proto *tp, unsigned long base, u32 handle, | 165 | static int basic_change(struct sk_buff *in_skb, |
| 166 | struct tcf_proto *tp, unsigned long base, u32 handle, | ||
| 166 | struct nlattr **tca, unsigned long *arg) | 167 | struct nlattr **tca, unsigned long *arg) |
| 167 | { | 168 | { |
| 168 | int err; | 169 | int err; |
diff --git a/net/sched/cls_cgroup.c b/net/sched/cls_cgroup.c index 7743ea8d1d38..91de66695b4a 100644 --- a/net/sched/cls_cgroup.c +++ b/net/sched/cls_cgroup.c | |||
| @@ -151,7 +151,8 @@ static const struct nla_policy cgroup_policy[TCA_CGROUP_MAX + 1] = { | |||
| 151 | [TCA_CGROUP_EMATCHES] = { .type = NLA_NESTED }, | 151 | [TCA_CGROUP_EMATCHES] = { .type = NLA_NESTED }, |
| 152 | }; | 152 | }; |
| 153 | 153 | ||
| 154 | static int cls_cgroup_change(struct tcf_proto *tp, unsigned long base, | 154 | static int cls_cgroup_change(struct sk_buff *in_skb, |
| 155 | struct tcf_proto *tp, unsigned long base, | ||
| 155 | u32 handle, struct nlattr **tca, | 156 | u32 handle, struct nlattr **tca, |
| 156 | unsigned long *arg) | 157 | unsigned long *arg) |
| 157 | { | 158 | { |
diff --git a/net/sched/cls_flow.c b/net/sched/cls_flow.c index ccd08c8dc6a7..ce82d0cb1b47 100644 --- a/net/sched/cls_flow.c +++ b/net/sched/cls_flow.c | |||
| @@ -193,15 +193,19 @@ static u32 flow_get_rtclassid(const struct sk_buff *skb) | |||
| 193 | 193 | ||
| 194 | static u32 flow_get_skuid(const struct sk_buff *skb) | 194 | static u32 flow_get_skuid(const struct sk_buff *skb) |
| 195 | { | 195 | { |
| 196 | if (skb->sk && skb->sk->sk_socket && skb->sk->sk_socket->file) | 196 | if (skb->sk && skb->sk->sk_socket && skb->sk->sk_socket->file) { |
| 197 | return skb->sk->sk_socket->file->f_cred->fsuid; | 197 | kuid_t skuid = skb->sk->sk_socket->file->f_cred->fsuid; |
| 198 | return from_kuid(&init_user_ns, skuid); | ||
| 199 | } | ||
| 198 | return 0; | 200 | return 0; |
| 199 | } | 201 | } |
| 200 | 202 | ||
| 201 | static u32 flow_get_skgid(const struct sk_buff *skb) | 203 | static u32 flow_get_skgid(const struct sk_buff *skb) |
| 202 | { | 204 | { |
| 203 | if (skb->sk && skb->sk->sk_socket && skb->sk->sk_socket->file) | 205 | if (skb->sk && skb->sk->sk_socket && skb->sk->sk_socket->file) { |
| 204 | return skb->sk->sk_socket->file->f_cred->fsgid; | 206 | kgid_t skgid = skb->sk->sk_socket->file->f_cred->fsgid; |
| 207 | return from_kgid(&init_user_ns, skgid); | ||
| 208 | } | ||
| 205 | return 0; | 209 | return 0; |
| 206 | } | 210 | } |
| 207 | 211 | ||
| @@ -347,7 +351,8 @@ static const struct nla_policy flow_policy[TCA_FLOW_MAX + 1] = { | |||
| 347 | [TCA_FLOW_PERTURB] = { .type = NLA_U32 }, | 351 | [TCA_FLOW_PERTURB] = { .type = NLA_U32 }, |
| 348 | }; | 352 | }; |
| 349 | 353 | ||
| 350 | static int flow_change(struct tcf_proto *tp, unsigned long base, | 354 | static int flow_change(struct sk_buff *in_skb, |
| 355 | struct tcf_proto *tp, unsigned long base, | ||
| 351 | u32 handle, struct nlattr **tca, | 356 | u32 handle, struct nlattr **tca, |
| 352 | unsigned long *arg) | 357 | unsigned long *arg) |
| 353 | { | 358 | { |
| @@ -386,6 +391,10 @@ static int flow_change(struct tcf_proto *tp, unsigned long base, | |||
| 386 | 391 | ||
| 387 | if (fls(keymask) - 1 > FLOW_KEY_MAX) | 392 | if (fls(keymask) - 1 > FLOW_KEY_MAX) |
| 388 | return -EOPNOTSUPP; | 393 | return -EOPNOTSUPP; |
| 394 | |||
| 395 | if ((keymask & (FLOW_KEY_SKUID|FLOW_KEY_SKGID)) && | ||
| 396 | sk_user_ns(NETLINK_CB(in_skb).ssk) != &init_user_ns) | ||
| 397 | return -EOPNOTSUPP; | ||
| 389 | } | 398 | } |
| 390 | 399 | ||
| 391 | err = tcf_exts_validate(tp, tb, tca[TCA_RATE], &e, &flow_ext_map); | 400 | err = tcf_exts_validate(tp, tb, tca[TCA_RATE], &e, &flow_ext_map); |
diff --git a/net/sched/cls_fw.c b/net/sched/cls_fw.c index 8384a4797240..4075a0aef2aa 100644 --- a/net/sched/cls_fw.c +++ b/net/sched/cls_fw.c | |||
| @@ -233,7 +233,8 @@ errout: | |||
| 233 | return err; | 233 | return err; |
| 234 | } | 234 | } |
| 235 | 235 | ||
| 236 | static int fw_change(struct tcf_proto *tp, unsigned long base, | 236 | static int fw_change(struct sk_buff *in_skb, |
| 237 | struct tcf_proto *tp, unsigned long base, | ||
| 237 | u32 handle, | 238 | u32 handle, |
| 238 | struct nlattr **tca, | 239 | struct nlattr **tca, |
| 239 | unsigned long *arg) | 240 | unsigned long *arg) |
diff --git a/net/sched/cls_route.c b/net/sched/cls_route.c index 44f405cb9aaf..c10d57bf98f2 100644 --- a/net/sched/cls_route.c +++ b/net/sched/cls_route.c | |||
| @@ -427,7 +427,8 @@ errout: | |||
| 427 | return err; | 427 | return err; |
| 428 | } | 428 | } |
| 429 | 429 | ||
| 430 | static int route4_change(struct tcf_proto *tp, unsigned long base, | 430 | static int route4_change(struct sk_buff *in_skb, |
| 431 | struct tcf_proto *tp, unsigned long base, | ||
| 431 | u32 handle, | 432 | u32 handle, |
| 432 | struct nlattr **tca, | 433 | struct nlattr **tca, |
| 433 | unsigned long *arg) | 434 | unsigned long *arg) |
diff --git a/net/sched/cls_rsvp.h b/net/sched/cls_rsvp.h index 18ab93ec8d7e..494bbb90924a 100644 --- a/net/sched/cls_rsvp.h +++ b/net/sched/cls_rsvp.h | |||
| @@ -416,7 +416,8 @@ static const struct nla_policy rsvp_policy[TCA_RSVP_MAX + 1] = { | |||
| 416 | [TCA_RSVP_PINFO] = { .len = sizeof(struct tc_rsvp_pinfo) }, | 416 | [TCA_RSVP_PINFO] = { .len = sizeof(struct tc_rsvp_pinfo) }, |
| 417 | }; | 417 | }; |
| 418 | 418 | ||
| 419 | static int rsvp_change(struct tcf_proto *tp, unsigned long base, | 419 | static int rsvp_change(struct sk_buff *in_skb, |
| 420 | struct tcf_proto *tp, unsigned long base, | ||
| 420 | u32 handle, | 421 | u32 handle, |
| 421 | struct nlattr **tca, | 422 | struct nlattr **tca, |
| 422 | unsigned long *arg) | 423 | unsigned long *arg) |
diff --git a/net/sched/cls_tcindex.c b/net/sched/cls_tcindex.c index fe29420d0b0e..a1293b4ab7a1 100644 --- a/net/sched/cls_tcindex.c +++ b/net/sched/cls_tcindex.c | |||
| @@ -332,7 +332,8 @@ errout: | |||
| 332 | } | 332 | } |
| 333 | 333 | ||
| 334 | static int | 334 | static int |
| 335 | tcindex_change(struct tcf_proto *tp, unsigned long base, u32 handle, | 335 | tcindex_change(struct sk_buff *in_skb, |
| 336 | struct tcf_proto *tp, unsigned long base, u32 handle, | ||
| 336 | struct nlattr **tca, unsigned long *arg) | 337 | struct nlattr **tca, unsigned long *arg) |
| 337 | { | 338 | { |
| 338 | struct nlattr *opt = tca[TCA_OPTIONS]; | 339 | struct nlattr *opt = tca[TCA_OPTIONS]; |
diff --git a/net/sched/cls_u32.c b/net/sched/cls_u32.c index d45373fb00b9..c7c27bc91b5a 100644 --- a/net/sched/cls_u32.c +++ b/net/sched/cls_u32.c | |||
| @@ -544,7 +544,8 @@ errout: | |||
| 544 | return err; | 544 | return err; |
| 545 | } | 545 | } |
| 546 | 546 | ||
| 547 | static int u32_change(struct tcf_proto *tp, unsigned long base, u32 handle, | 547 | static int u32_change(struct sk_buff *in_skb, |
| 548 | struct tcf_proto *tp, unsigned long base, u32 handle, | ||
| 548 | struct nlattr **tca, | 549 | struct nlattr **tca, |
| 549 | unsigned long *arg) | 550 | unsigned long *arg) |
| 550 | { | 551 | { |