Received: by 10.192.165.148 with SMTP id m20csp2107887imm; Sat, 28 Apr 2018 12:23:30 -0700 (PDT) X-Google-Smtp-Source: AB8JxZo3XX88v/hdYZSeiBH9zx6kMrZZSx3b9gOxi5fu44aCZyLMcBDNFrIK6neoZtJx405HOisb X-Received: by 2002:a63:345:: with SMTP id 66-v6mr5874366pgd.98.1524943410239; Sat, 28 Apr 2018 12:23:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524943410; cv=none; d=google.com; s=arc-20160816; b=MZjeJ9Zk67D8XUHXHohHG/I46xhEjchHkRSTly+0jhcouKy/866fsQPI6BuhyP2lPX +bKrTL8BWmYR18ZuvY2+7VoBPanfa56hkpc9K4hyKwcf2nfOCVT4mHT1GoVLTxcLUgyk XQ0Nh8i8qDkWsfPMSDOywYFERVIRNAab4bMd65obSFi5FN5okbQK/EbLXX0SfLD6oIZt ax4E5M9GKsU6vVYO/JcVge8pE7yOstdn2CxYFTFFh0Lb3o0vL/Luy4Gc9xeaDsoeNk7s VrBP1jpBhqhOvG9STjzRsqD+ovH0vGj3f7seyf35EBc5tPwQqHCdk40wVerGTFJiV1z2 tDGg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :arc-authentication-results; bh=gv0NkPiM9qWp82J3+glvchwO5qJiu0H4d+WEOYBgDwk=; b=Goil5EWjkl3uDOVSTsx8lNWJ4/2PFLa02nXC0Yjpz92VwdyPtnxY6C48EPEMdwjz++ Na0Abtmh5WVJBMGtRxMdR7n0i+TWDTPGv8qlmj5Md8NeK16H5HpXPIF9nE8wdKGAPyZC g9lCpdJV+JvdZAJfs0nG/Sc9sVRb9bOkgNJmIvzgmRm1MOv6a8AXHxVOSWnoKYoYH93s iXuucF6BfZzuxQ+aZBtm02LRRX2AE/dxlXaV+H9x8G+rSnNIZGUgbydUVXxGKF7mOwLF SFJ/kF9Gkv5+8o5fR7aL76FE+IhwgmFItNbx7H24uWgHGVo59DWq/JYmAP6jmOF2yCfl 9K5A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a2-v6si3926690plp.316.2018.04.28.12.23.16; Sat, 28 Apr 2018 12:23:30 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751463AbeD1TUl (ORCPT + 99 others); Sat, 28 Apr 2018 15:20:41 -0400 Received: from mail-wr0-f176.google.com ([209.85.128.176]:39093 "EHLO mail-wr0-f176.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751079AbeD1TUj (ORCPT ); Sat, 28 Apr 2018 15:20:39 -0400 Received: by mail-wr0-f176.google.com with SMTP id q3-v6so4622749wrj.6; Sat, 28 Apr 2018 12:20:39 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=gv0NkPiM9qWp82J3+glvchwO5qJiu0H4d+WEOYBgDwk=; b=jBquZn17WaRzPk5Cwxgx7RhIILCEo/MO71z2TYEMR4fmsNouc5JXtd7DJ29q5Wkh/v od59xjGsa+h5lJjtzgrRqf7rgQiFRW0fOQk3tB/KQt9/2jVddJta63B7a8j0mccSiTsU +6MzvjmZ0eMHsY2RrByoCynmxgbt5rt/9QDzPEGOn9iffZ1GfqD7gBV3KskZscAa6OUA p9wvy/JLb01dyO9IdPo9Jt6GmgYrVs+mRmTzvGohxyoOPmIRu3hVhx25UCWeyxzYkk98 8R9watYujjR3E3ZkADGv2Rxmj/Zj8qo2vq7Erm6HoyrqKkJRpbWevZTYfFpH+KaRHjoI 9h7Q== X-Gm-Message-State: ALQs6tCK+wbh7SO/OA++4xjx1ggByvCeZebYmbK+5ED/ExkxXs0VDzHW gghxeub4wCwHz4PvSCRdS1E= X-Received: by 2002:adf:9444:: with SMTP id 62-v6mr4723326wrq.264.1524943238241; Sat, 28 Apr 2018 12:20:38 -0700 (PDT) Received: from localhost.localdomain ([2a02:8070:8895:9700:b0c9:237:9998:dabc]) by smtp.gmail.com with ESMTPSA id o9-v6sm4450807wrn.74.2018.04.28.12.20.36 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 28 Apr 2018 12:20:37 -0700 (PDT) From: Christian Brauner To: ebiederm@xmission.com, davem@davemloft.net, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Cc: avagin@virtuozzo.com, ktkhai@virtuozzo.com, serge@hallyn.com, gregkh@linuxfoundation.org, Christian Brauner Subject: [PATCH net-next 0/2 v4] netns: uevent filtering Date: Sat, 28 Apr 2018 21:20:23 +0200 Message-Id: <20180428192025.2075-1-christian.brauner@ubuntu.com> X-Mailer: git-send-email 2.17.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hey everyone, This is the new approach to uevent filtering as discussed (see the threads in [1], [2], and [3]). It only contains *non-functional changes*. This series deals with with fixing up uevent filtering logic: - uevent filtering logic is simplified - locking time on uevent_sock_list is minimized - tagged and untagged kobjects are handled in separate codepaths - permissions for userspace are fixed for network device uevents in network namespaces owned by non-initial user namespaces Udev is now able to see those events correctly which it wasn't before. For example, moving a physical device into a network namespace not owned by the initial user namespaces before gave: root@xen1:~# udevadm --debug monitor -k calling: monitor monitor will print the received events for: KERNEL - the kernel uevent sender uid=65534, message ignored sender uid=65534, message ignored sender uid=65534, message ignored sender uid=65534, message ignored sender uid=65534, message ignored and now after the discussion and solution in [3] correctly gives: root@xen1:~# udevadm --debug monitor -k calling: monitor monitor will print the received events for: KERNEL - the kernel uevent KERNEL[625.301042] add /devices/pci0000:00/0000:00:02.0/0000:01:00.1/net/enp1s0f1 (net) KERNEL[625.301109] move /devices/pci0000:00/0000:00:02.0/0000:01:00.1/net/enp1s0f1 (net) KERNEL[625.301138] move /devices/pci0000:00/0000:00:02.0/0000:01:00.1/net/eth1 (net) KERNEL[655.333272] remove /devices/pci0000:00/0000:00:02.0/0000:01:00.1/net/eth1 (net) Thanks! Christian [1]: https://lkml.org/lkml/2018/4/4/739 [2]: https://lkml.org/lkml/2018/4/26/767 [3]: https://lkml.org/lkml/2018/4/26/738 Christian Brauner (2): uevent: add alloc_uevent_skb() helper netns: restrict uevents lib/kobject_uevent.c | 180 ++++++++++++++++++++++++++++++------------- 1 file changed, 128 insertions(+), 52 deletions(-) -- 2.17.0