FEX-Emu/linux
1
0
Fork 0
mirror of https://github.com/FEX-Emu/linux.git synced 2025-01-23 02:47:06 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
linux/net
History
Philip Whineray f13f2aeed1 netfilter: Set /proc/net entries owner to root in namespace 
Various files are owned by root with 0440 permission. Reading them is
impossible in an unprivileged user namespace, interfering with firewall
tools. For instance, iptables-save relies on /proc/net/ip_tables_names
contents to dump only loaded tables.

This patch assigned ownership of the following files to root in the
current namespace:

- /proc/net/*_tables_names
- /proc/net/*_tables_matches
- /proc/net/*_tables_targets
- /proc/net/nf_conntrack
- /proc/net/nf_conntrack_expect
- /proc/net/netfilter/nfnetlink_log

A mapping for root must be available, so this order should be followed:

unshare(CLONE_NEWUSER);
/* Setup the mapping */
unshare(CLONE_NEWNET);

Signed-off-by: Philip Whineray <phil@firehol.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-11-25 13:54:09 +01:00
..
6lowpan
6lowpan: put mcast compression in an own function
2015-10-21 00:49:25 +02:00
9p
IB/cma: Add support for network namespaces
2015-10-28 12:32:48 -04:00
802
8021q
vlan: Do not put vlan headers back on bridge and macvlan ports
2015-11-17 14:38:35 -05:00
appletalk
atm
atm: deal with setting entry before mkip was called
2015-09-17 22:13:32 -07:00
ax25
batman-adv
batman-adv: turn batadv_neigh_node_get() into local function
2015-08-27 20:15:34 +02:00
bluetooth
Bluetooth: L2CAP: Add missing checks for invalid LE DCID
2015-11-05 04:04:15 +01:00
bridge
netfilter-bridge: layout of if statements
2015-11-23 17:54:41 +01:00
caif
net: caif: convert to using IFF_NO_QUEUE
2015-08-18 11:55:07 -07:00
can
can: avoid using timeval for uapi
2015-10-13 17:42:34 +02:00
ceph
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client
2015-11-13 09:24:40 -08:00
core
net: IPv6 fib lookup tracepoint
2015-11-22 11:54:10 -05:00
dcb
net/dcb: make dcbnl.c explicitly non-modular
2015-10-09 07:52:27 -07:00
dccp
tcp/dccp: fix ireq->pktopts race
2015-11-02 15:38:26 -05:00
decnet
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
2015-10-17 14:28:03 +02:00
dns_resolver
KEYS: Merge the type-specific data with the payload data
2015-10-21 15:18:36 +01:00
dsa
net: dsa: use switchdev obj for VLAN add/del ops
2015-11-01 15:56:11 -05:00
ethernet
net: help compiler generate better code in eth_get_headlen
2015-09-28 22:51:15 -07:00
hsr
net: hsr: convert to using IFF_NO_QUEUE
2015-08-18 11:55:07 -07:00
ieee802154
net: fix percpu memory leaks
2015-11-02 22:47:14 -05:00
ipv4
netfilter: remove duplicate include
2015-11-23 17:54:43 +01:00
ipv6
netfilter: ipv6: avoid nf_iterate recursion
2015-11-23 17:54:45 +01:00
ipx
irda
TTY/Serial driver patches for 4.4-rc1
2015-11-04 21:35:12 -08:00
iucv
s390/iucv: do not use arrays as argument
2015-09-21 16:03:04 -07:00
key
af_key: fix two typos
2015-10-23 03:05:19 -07:00
l2tp
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2015-10-02 07:21:25 -07:00
l3mdev
net: Add netif_is_l3_slave
2015-10-07 04:27:43 -07:00
lapb
llc
tcp: fix recv with flags MSG_WAITALL | MSG_PEEK
2015-07-27 01:06:53 -07:00
mac80211
mac80211: document sleep requirements for channel context ops
2015-11-03 11:15:48 +01:00
mac802154
mac802154: llsec: use kzfree
2015-10-21 00:49:24 +02:00
mpls
mpls: reduce memory usage of routes
2015-10-27 19:52:59 -07:00
netfilter
netfilter: Set /proc/net entries owner to root in namespace
2015-11-25 13:54:09 +01:00
netlabel
netlink
mm, page_alloc: distinguish between being unable to sleep, unwilling to sleep and avoiding waking kswapd
2015-11-06 17:50:42 -08:00
netrom
nfc
NFC: nci: non-static functions can not be inline
2015-10-28 06:44:45 +01:00
openvswitch
netfilter: ipv6: avoid nf_iterate recursion
2015-11-23 17:54:45 +01:00
packet
packet: Use PAGE_ALIGNED macro
2015-11-17 15:25:44 -05:00
phonet
rds
Merge branch 'akpm' (patches from Andrew)
2015-11-07 14:32:45 -08:00
rfkill
rfkill: Copy "all" global state to other types
2015-09-04 14:26:56 +02:00
rose
rxrpc
mm, page_alloc: distinguish between being unable to sleep, unwilling to sleep and avoiding waking kswapd
2015-11-06 17:50:42 -08:00
sched
net_sched: em_meta: use skb_to_full_sk() helper
2015-11-08 20:56:39 -05:00
sctp
sctp: translate host order to network order when setting a hmacid
2015-11-15 18:27:27 -05:00
sunrpc
Mainly smaller bugfixes and cleanup. We're still finding some bugs from
2015-11-11 20:11:28 -08:00
switchdev
switchdev: respect SKIP_EOPNOTSUPP flag in case there is no recursion
2015-11-03 13:39:21 -05:00
tipc
tipc: eliminate remnants of hungarian notation
2015-11-20 14:06:10 -05:00
unix
af_unix: take receive queue lock while appending new skb
2015-11-17 15:25:45 -05:00
vmw_vsock
VSOCK: call sk->sk_data_ready() on accept()
2015-11-04 22:03:10 -05:00
wimax
net:wimax: Fix doucble word "the the" in networking.xml
2015-08-09 22:43:52 -07:00
wireless
cfg80211: allow AID/listen interval changes for unassociated station
2015-11-03 11:20:29 +01:00
x25
xfrm
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next
2015-10-30 20:51:56 +09:00
compat.c
Kconfig
net: Introduce L3 Master device abstraction
2015-09-29 20:40:32 -07:00
Makefile
net: Introduce L3 Master device abstraction
2015-09-29 20:40:32 -07:00
socket.c
net: Drop unlikely before IS_ERR(_OR_NULL)
2015-09-29 15:15:40 +02:00
sysctl_net.c
net: sysctl: fix a kmemleak warning
2015-10-23 06:22:08 -07:00