Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp3342985imm; Fri, 20 Jul 2018 14:59:09 -0700 (PDT) X-Google-Smtp-Source: AAOMgpdL6yIIdR0G1yB73Ix2Ro4Lb9qLC3A6059X2vA2n0u62iyJGR5AXEs7ovMMO2h5Cs5l8TNC X-Received: by 2002:a17:902:988c:: with SMTP id s12-v6mr3618424plp.199.1532123949032; Fri, 20 Jul 2018 14:59:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1532123949; cv=none; d=google.com; s=arc-20160816; b=NewDytNaukY+pcw4Q9/HzlbCak2vfwhLSa6c/bN/5/bUHsp91i6ew/RWYq9ClynCIo K9Mqk2sCSdofQcacrQxDaOOmMxIxhfczuPhLrPzDsEC5eBkzk/vOT1DuOLE6H1rYOmn5 /Vofaam34l5XVF9PMkzC8AZN63Caxzl2L/4wqR54VHItrL3sxZ+80NRHFGznVidtaX10 vqk/LCFzL09Ok0AUwThN/vH/Ex6nUtlehwSl1jImS4giexKp7C/rcDMTYODwlpUI7A49 AE6QYnky4PdRXD7PO8caAnY9XR27djRhva1BpkpDO3HEERYit9ROkYpPs2v8pbVCvKbP wRwQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=zCwqxK24y8QVy5P7J9kwav+yRv+Gnos6QyPtIfFYiqY=; b=pJ+w1e37NMGMUvkl/5WVSw38LjCOPh9ItE8RfRJt4Rct3jvzarP+Z9a2pmX53BwZLn sA/cv1tIpxcLm45XtOh2Iz41pdUQDdlbJyk5QKs0kh7Z1dkKX9XGIj006oPkAeWI2ZCa m+7BQLR/Q2TDWQaVaneUeoITqpJm9m6UR1AZ41d7w9rsHei/Cdmr+wa1dJDlODRiXSZx 5YTnMB8fIJGrcK9MjxhpYiP5lAWoS2VoggATnG67eguTDr8+R4xyVj02ei14GMcHsTaU 0LjXZ0dte0Iqo+DAwL3yxReIT8+crw8Z1ZaRB2MwXx3+tfd+zjPZ7QNGyjwTJyiP3a/v mvdw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a21-v6si2581378pfo.68.2018.07.20.14.58.54; Fri, 20 Jul 2018 14:59:09 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731971AbeGTWsC (ORCPT + 99 others); Fri, 20 Jul 2018 18:48:02 -0400 Received: from youngberry.canonical.com ([91.189.89.112]:37672 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728214AbeGTWsC (ORCPT ); Fri, 20 Jul 2018 18:48:02 -0400 Received: from 2.general.tyhicks.us.vpn ([10.172.64.53] helo=sec.l.tihix.com) by youngberry.canonical.com with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1fgdPH-0004ZT-R8; Fri, 20 Jul 2018 21:57:48 +0000 From: Tyler Hicks To: Greg Kroah-Hartman , Tejun Heo , "David S. Miller" , Stephen Hemminger Cc: Dmitry Torokhov , "Eric W. Biederman" , linux-kernel@vger.kernel.org, netdev@vger.kernel.org, bridge@lists.linux-foundation.org, Linux Containers Subject: [PATCH net-next v3 8/8] bridge: make sure objects belong to container's owner Date: Fri, 20 Jul 2018 21:56:54 +0000 Message-Id: <1532123814-1109-9-git-send-email-tyhicks@canonical.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1532123814-1109-1-git-send-email-tyhicks@canonical.com> References: <1532123814-1109-1-git-send-email-tyhicks@canonical.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org When creating various bridge objects in /sys/class/net/... make sure that they belong to the container's owner instead of global root (if they belong to a container/namespace). Signed-off-by: Tyler Hicks --- net/bridge/br_if.c | 9 +++++++++ net/bridge/br_private.h | 2 ++ net/bridge/br_sysfs_if.c | 5 ++--- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c index 05e42d86882d..e7c8d55212aa 100644 --- a/net/bridge/br_if.c +++ b/net/bridge/br_if.c @@ -26,6 +26,7 @@ #include #include #include +#include #include "br_private.h" @@ -204,11 +205,19 @@ static void release_nbp(struct kobject *kobj) kfree(p); } +static void brport_get_ownership(struct kobject *kobj, kuid_t *uid, kgid_t *gid) +{ + struct net_bridge_port *p = kobj_to_brport(kobj); + + net_ns_get_ownership(dev_net(p->dev), uid, gid); +} + static struct kobj_type brport_ktype = { #ifdef CONFIG_SYSFS .sysfs_ops = &brport_sysfs_ops, #endif .release = release_nbp, + .get_ownership = brport_get_ownership, }; static void destroy_nbp(struct net_bridge_port *p) diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h index 5216a524b537..cf0005d2a4d0 100644 --- a/net/bridge/br_private.h +++ b/net/bridge/br_private.h @@ -283,6 +283,8 @@ struct net_bridge_port { u16 group_fwd_mask; }; +#define kobj_to_brport(obj) container_of(obj, struct net_bridge_port, kobj) + #define br_auto_port(p) ((p)->flags & BR_AUTO_MASK) #define br_promisc_port(p) ((p)->flags & BR_PROMISC) diff --git a/net/bridge/br_sysfs_if.c b/net/bridge/br_sysfs_if.c index f99c5bf5c906..ab4c7f8adf68 100644 --- a/net/bridge/br_sysfs_if.c +++ b/net/bridge/br_sysfs_if.c @@ -249,13 +249,12 @@ static const struct brport_attribute *brport_attrs[] = { }; #define to_brport_attr(_at) container_of(_at, struct brport_attribute, attr) -#define to_brport(obj) container_of(obj, struct net_bridge_port, kobj) static ssize_t brport_show(struct kobject *kobj, struct attribute *attr, char *buf) { struct brport_attribute *brport_attr = to_brport_attr(attr); - struct net_bridge_port *p = to_brport(kobj); + struct net_bridge_port *p = kobj_to_brport(kobj); if (!brport_attr->show) return -EINVAL; @@ -268,7 +267,7 @@ static ssize_t brport_store(struct kobject *kobj, const char *buf, size_t count) { struct brport_attribute *brport_attr = to_brport_attr(attr); - struct net_bridge_port *p = to_brport(kobj); + struct net_bridge_port *p = kobj_to_brport(kobj); ssize_t ret = -EINVAL; char *endp; unsigned long val; -- 2.7.4