diff options
author | Dmitry Torokhov | 2016-08-10 14:36:02 -0700 |
---|---|---|
committer | David S. Miller | 2016-08-14 21:08:58 -0700 |
commit | e79c6a4fc923eed2bdd3b716e0f01414847db90a (patch) | |
tree | ad2cc7b3534b8767f507caf65b093fe4fca43fa9 /include/linux/sysctl.h | |
parent | c110486f6cb240f36ec143cad6628d52c071f529 (diff) |
net: make net namespace sysctls belong to container's owner
If net namespace is attached to a user namespace let's make container's
root owner of sysctls affecting said network namespace instead of global
root.
This also allows us to clean up net_ctl_permissions() because we do not
need to fudge permissions anymore for the container's owner since it now
owns the objects in question.
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/linux/sysctl.h')
-rw-r--r-- | include/linux/sysctl.h | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h index 697e160c78d0..d82cb6011e77 100644 --- a/include/linux/sysctl.h +++ b/include/linux/sysctl.h @@ -25,6 +25,7 @@ #include <linux/rcupdate.h> #include <linux/wait.h> #include <linux/rbtree.h> +#include <linux/uidgid.h> #include <uapi/linux/sysctl.h> /* For the /proc/sys support */ @@ -157,6 +158,9 @@ struct ctl_table_root { struct ctl_table_set default_set; struct ctl_table_set *(*lookup)(struct ctl_table_root *root, struct nsproxy *namespaces); + void (*set_ownership)(struct ctl_table_header *head, + struct ctl_table *table, + kuid_t *uid, kgid_t *gid); int (*permissions)(struct ctl_table_header *head, struct ctl_table *table); }; |