Received: by 10.192.165.148 with SMTP id m20csp537397imm; Fri, 27 Apr 2018 03:26:58 -0700 (PDT) X-Google-Smtp-Source: AB8JxZpz0mQGkBiwh7tEUpW3ixTi09l1+zUnc0ltYctrvcWZfJ/IhbXUKsNratePFTeqXuW0mto5 X-Received: by 2002:a17:902:5709:: with SMTP id k9-v6mr1725915pli.165.1524824818162; Fri, 27 Apr 2018 03:26:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524824818; cv=none; d=google.com; s=arc-20160816; b=wD729rqGv82ONLaQO8X1TIUld1+dcMATABFnjNjYm5gW0JEAj7lz/7bk1fkAjtId+r ZC0utsiYt9XarW0FTkqxLNQWp8izpeIPXU7k6NJDPWON7RSnAOKhlSFkwD8xQxLI5QAj ob/pA/7K2cI/Ms5D3/5ETlZ2HIGJhOECdLJoonz7g94wOnxmxBjol32UnwdRzMi95l50 JR8uvicFOs5uPeRjn2wjoJ3YkN20EkAav9wHfn3GH7bRgiNQ8QhON2aW5H+gSOrmGCUl yJxwDF0cYvEsCKud19bFbAphDc/anNoEpC+/GqKhWC4V18Fu4xE6JfXUmrQI4eAZcuoZ tJ0g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :arc-authentication-results; bh=V70ocO4NjNsTiKx44lIDPiNHPUOsJIKQfMf5UO6eqR0=; b=mLEhLtYUHO5Db0gcqOCQTPQMeZq5pCGw5TSjGrdUoL69wYYx1UyMVAXXRMGvEay826 v92GKN6thzUr+iBm7sHoFxVAInAbSW1iilldBj73zf5TCuyHJt4xfuClf6LBNv0VU6Y2 y8vxn35Ft7H5GJycatpVV8Jl6Myy2mWjuNpF8SrXCPZBGzEmx6d5QdNvugIpbqPSpuDc OWNZpEckJm/2xwtSoxwEioLArDZn2kxrTq/iSPMGKjyzB05+pxA+hYwqQJulG4AP+tpt G2pehripH3eAh7da74SYCo0zfPsCHB8nuQq3I0ccTyKL7nzTN/0ihJWoHiQjRC4AQJIA 9k0Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c2si1029037pfh.215.2018.04.27.03.26.43; Fri, 27 Apr 2018 03:26:58 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932668AbeD0KZb (ORCPT + 99 others); Fri, 27 Apr 2018 06:25:31 -0400 Received: from mail-wm0-f66.google.com ([74.125.82.66]:51634 "EHLO mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932610AbeD0KZ3 (ORCPT ); Fri, 27 Apr 2018 06:25:29 -0400 Received: by mail-wm0-f66.google.com with SMTP id j4so1789040wme.1; Fri, 27 Apr 2018 03:25:28 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=V70ocO4NjNsTiKx44lIDPiNHPUOsJIKQfMf5UO6eqR0=; b=hWeBiSfkY5snL/eYL2yC2GbtLHSJf0nhlrDZbddYqSzB8g/VA92AU755LHW0zpr7vq 2ibCeYlAIL66g7LxCrbhRom6SODAjETFsHTe78PEwQBPuzlq/gyL0ogjtFGRGCgvtYs5 G0tjfCC+X0PCnUW7928RGfAM54sQ5wWDy9o2gHFBI1Uq8PY87JnTj1fj1TZlwJlM2qc7 ZfNdNLneJO0y09FSMcVhaOZsFzD5bX937p1VmA5+Pb5rNyjEvPjOlTdCPPqD0QcsW5Y9 jQLJREdRLBsMbI5KHlrUABeG5S+OqwqwHDs/IsJYgboHi2PIgVyIFnPjeA8N2uWLXlqB wqCg== X-Gm-Message-State: ALQs6tDHN3mCySnzdN7rYWs/NnOHhfAlWrs3Biayge24C+Mf7Bb8lXNp z16+zvIRdezu8ZZa6Y6SCpg= X-Received: by 10.28.147.83 with SMTP id v80mr958311wmd.91.1524824727900; Fri, 27 Apr 2018 03:25:27 -0700 (PDT) Received: from localhost.localdomain (u-087-c104.eap.uni-tuebingen.de. [134.2.87.104]) by smtp.gmail.com with ESMTPSA id 135sm792099wmx.21.2018.04.27.03.25.26 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 27 Apr 2018 03:25:26 -0700 (PDT) From: Christian Brauner To: ebiederm@xmission.com, davem@davemloft.net, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Cc: avagin@virtuozzo.com, ktkhai@virtuozzo.com, serge@hallyn.com, gregkh@linuxfoundation.org, Christian Brauner Subject: [PATCH net-next 0/2] netns: uevent filtering Date: Fri, 27 Apr 2018 12:23:04 +0200 Message-Id: <20180427102306.8617-1-christian.brauner@ubuntu.com> X-Mailer: git-send-email 2.17.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hey everyone, This is the new approach to uevent filtering as discussed (see the threads in [1], [2], and [3]). This series deals with with fixing up uevent filtering logic: - uevent filtering logic is simplified - locking time on uevent_sock_list is minimized - tagged and untagged kobjects are handled in separate codepaths - permissions for userspace are fixed for network device uevents in network namespaces owned by non-initial user namespaces Udev is now able to see those events correctly which it wasn't before. For example, moving a physical device into a network namespace not owned by the initial user namespaces before gave: root@xen1:~# udevadm --debug monitor -k calling: monitor monitor will print the received events for: KERNEL - the kernel uevent sender uid=65534, message ignored sender uid=65534, message ignored sender uid=65534, message ignored sender uid=65534, message ignored sender uid=65534, message ignored and now after the discussion and solution in [3] correctly gives: root@xen1:~# udevadm --debug monitor -k calling: monitor monitor will print the received events for: KERNEL - the kernel uevent KERNEL[625.301042] add /devices/pci0000:00/0000:00:02.0/0000:01:00.1/net/enp1s0f1 (net) KERNEL[625.301109] move /devices/pci0000:00/0000:00:02.0/0000:01:00.1/net/enp1s0f1 (net) KERNEL[625.301138] move /devices/pci0000:00/0000:00:02.0/0000:01:00.1/net/eth1 (net) KERNEL[655.333272] remove /devices/pci0000:00/0000:00:02.0/0000:01:00.1/net/eth1 (net) Thanks! Christian [1]: https://lkml.org/lkml/2018/4/4/739 [2]: https://lkml.org/lkml/2018/4/26/767 [3]: https://lkml.org/lkml/2018/4/26/738 Christian Brauner (2): uevent: add alloc_uevent_skb() helper netns: restrict uevents lib/kobject_uevent.c | 175 ++++++++++++++++++++++++++++++------------- 1 file changed, 123 insertions(+), 52 deletions(-) -- 2.17.0