aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2007-09-12 07:05:38 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2007-10-10 19:49:09 -0400
commitb4b510290b056b86611757ce1175a230f1080f53 (patch)
tree7bd1d45855ac7457be6d50338c60751f19e436d9 /security
parente9dc86534051b78e41e5b746cccc291b57a3a311 (diff)
[NET]: Support multiple network namespaces with netlink
Each netlink socket will live in exactly one network namespace, this includes the controlling kernel sockets. This patch updates all of the existing netlink protocols to only support the initial network namespace. Request by clients in other namespaces will get -ECONREFUSED. As they would if the kernel did not have the support for that netlink protocol compiled in. As each netlink protocol is updated to be multiple network namespace safe it can register multiple kernel sockets to acquire a presence in the rest of the network namespaces. The implementation in af_netlink is a simple filter implementation at hash table insertion and hash table look up time. Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'security')
-rw-r--r--security/selinux/netlink.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/security/selinux/netlink.c b/security/selinux/netlink.c
index f49046de63a2..b59871d74dad 100644
--- a/security/selinux/netlink.c
+++ b/security/selinux/netlink.c
@@ -17,6 +17,7 @@
17#include <linux/skbuff.h> 17#include <linux/skbuff.h>
18#include <linux/netlink.h> 18#include <linux/netlink.h>
19#include <linux/selinux_netlink.h> 19#include <linux/selinux_netlink.h>
20#include <net/net_namespace.h>
20 21
21static struct sock *selnl; 22static struct sock *selnl;
22 23
@@ -104,8 +105,8 @@ void selnl_notify_policyload(u32 seqno)
104 105
105static int __init selnl_init(void) 106static int __init selnl_init(void)
106{ 107{
107 selnl = netlink_kernel_create(NETLINK_SELINUX, SELNLGRP_MAX, NULL, NULL, 108 selnl = netlink_kernel_create(&init_net, NETLINK_SELINUX,
108 THIS_MODULE); 109 SELNLGRP_MAX, NULL, NULL, THIS_MODULE);
109 if (selnl == NULL) 110 if (selnl == NULL)
110 panic("SELinux: Cannot create netlink socket."); 111 panic("SELinux: Cannot create netlink socket.");
111 netlink_set_nonroot(NETLINK_SELINUX, NL_NONROOT_RECV); 112 netlink_set_nonroot(NETLINK_SELINUX, NL_NONROOT_RECV);