Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753299AbdHNMqL (ORCPT <rfc822;w@1wt.eu>);
        Mon, 14 Aug 2017 08:46:11 -0400
Received: from mail-io0-f173.google.com ([209.85.223.173]:37860 "EHLO
        mail-io0-f173.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1753144AbdHNMqI (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 14 Aug 2017 08:46:08 -0400
MIME-Version: 1.0
In-Reply-To: <d0d2f76d-fb23-0688-0038-51582a374c8e@windriver.com>
References: <20170814071640.289327-1-fupan.li@windriver.com>
 <6EC96C1E-CE98-4CF1-B1B2-1CEC9DBC36EA@holtmann.org> <d0d2f76d-fb23-0688-0038-51582a374c8e@windriver.com>
From: Szymon Janc <szymon.janc@codecoup.pl>
Date: Mon, 14 Aug 2017 14:46:07 +0200
Message-ID: <CAAEJBhKY-8G_9-cwi6HpLBmbFhyBKCnYJ+yvBy_nXxy9G66Wvw@mail.gmail.com>
Subject: Re: [PATCH] net/bluetooth: make bluetooth socket can be created in
 net namespace
To: fupan <fupan.li@windriver.com>
Cc: Marcel Holtmann <marcel@holtmann.org>,
        "Gustavo F. Padovan" <gustavo@padovan.org>,
        Johan Hedberg <johan.hedberg@gmail.com>,
        Bluez mailing list <linux-bluetooth@vger.kernel.org>,
        linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by nfs id v7ECkIuo001008
Content-Length: 2175
Lines: 61

Hi,

On 14 August 2017 at 11:45, fupan <fupan.li@windriver.com> wrote:
> On 2017/8/14 17:30, Marcel Holtmann wrote:
>>
>> Hi Fupan,
>>
>>> By now kernel only supported creating bluetooth socket in init_net
>>> net namespace, which made bluetooth device cannot be accessed in
>>> containers, this patch made bluetooth socket can be created in
>>> net namespaces to fix this issue.
>>>
>>> Signed-off-by: Fupan Li <fupan.li@windriver.com>
>>> ---
>>> net/bluetooth/af_bluetooth.c | 2 +-
>>> net/bluetooth/bnep/sock.c    | 4 ++--
>>> net/bluetooth/cmtp/sock.c    | 4 ++--
>>> net/bluetooth/hci_sock.c     | 4 ++--
>>> net/bluetooth/hidp/sock.c    | 4 ++--
>>> net/bluetooth/l2cap_sock.c   | 4 ++--
>>> net/bluetooth/rfcomm/core.c  | 2 +-
>>> net/bluetooth/rfcomm/sock.c  | 4 ++--
>>> net/bluetooth/sco.c          | 4 ++--
>>> 9 files changed, 16 insertions(+), 16 deletions(-)
>>>
>>> diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c
>>> index 91e3ba280706..eec5ac17faee 100644
>>> --- a/net/bluetooth/af_bluetooth.c
>>> +++ b/net/bluetooth/af_bluetooth.c
>>> @@ -113,7 +113,7 @@ static int bt_sock_create(struct net *net, struct
>>> socket *sock, int proto,
>>> {
>>>         int err;
>>>
>>> -       if (net != &init_net)
>>> +       if (!net_eq(net, current->nsproxy->net_ns))
>>>                 return -EAFNOSUPPORT;
>>
>> before I apply such a patch, what is the actual change here. What impact
>> does this have? Are things like Bluetooth mgmt sockets still operating
>> correctly after this? We have no support for move a Bluetooth controller
>> into a container. The Bluetooth hardware is global.
>
> Hi， Marcel
>
> This patch hasn't nothing to do with the Bluetooth hardware, the hardware is
> still global.
> But before you apply this patch, you cannot access the bluetooth hardware in
> a container,
> since you cannot create a bluetooth socket if you are not in the init_net
> namespace.
> After applying this patch, you can access the bluetooth hardware both in the
> init_net namespace
> and containers.

Does this mean one could sniff BT traffic from container? Or control
BT hw from multiple containers?

-- 
pozdrawiam
Szymon K. Janc