Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp4376428pxb; Tue, 2 Mar 2021 13:38:44 -0800 (PST) X-Google-Smtp-Source: ABdhPJyVLu0tbBlTcl328uvcmYRNxJslFxlUfVhi2BtigEbdn0TVtCreE881qshbJPUTvqXNRbav X-Received: by 2002:a17:906:b286:: with SMTP id q6mr22802356ejz.422.1614721124473; Tue, 02 Mar 2021 13:38:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614721124; cv=none; d=google.com; s=arc-20160816; b=czUNFH0hSkWbi3dt8eI9PLBYp5gqhOSF0WLnOWaE+7A5OKxcUglnWe5yl6TmLwy8Zc bFl37ffq7ZUf0JPGeUaTc26UAvhKNuY+1XL1AB4UFJ1lulNw6cOOR7K7p9Uwfw7Mj7QH lbaVE09hEJ2fUDdxAc2c5PxHsBXqRD3BQsO5muNCijX4d0nAKHMLpeJc50ckMqEw5jwY ycyXy+ohNQZWbcRhdI6WPmO2vY6d8uCmaEeyxaR0Ac2u5+YNdLNSsPfDACgoukxgZ+kr ml53Vca8TSVchiMjHvr2KsAS0QKY9UcSr8HvapicrOmOSCxMP5696iQMIsEz9kV0O4Eo ok5w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=7kcgL94+L1tIXT1R8vfU9UzdbVrMKYIDLcHvPGal+1A=; b=QF57wC/498/LmO+/xzVDigCJKsBCNpK19ThKEFCUnXWwXQ9xilvBlsZC2GeLpAelME XAeOOld7DyONh6RlLTZwG3PkTt0FoNhN0fn6Osxa9Jfq5LDVgv0lzjkzH83oWrDasroZ rAVi3kuJW/Ek6wn4rLl30EyPpz9hnugOMfBetgK113UqjGHF6Y1nYOMPKS2Xio5L56CW 4gEbc79M5h9I/hLuVyzlMtO37WvS8/TypEz5ojkU14Lgj4RIbPxjiByqSmVVtTO75gDR /X1f80VLIxNfYQipJ/1HJIudF2zNW00iC4oSSpQcRtIRyZwdnHXLKTOCWgg7sw9pqpY6 +mGA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@cloudflare.com header.s=google header.b=SurN3sWH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cloudflare.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z1si13918815edp.254.2021.03.02.13.38.21; Tue, 02 Mar 2021 13:38:44 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@cloudflare.com header.s=google header.b=SurN3sWH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cloudflare.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1349512AbhCBKEZ (ORCPT + 99 others); Tue, 2 Mar 2021 05:04:25 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33618 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1379116AbhCBJsO (ORCPT ); Tue, 2 Mar 2021 04:48:14 -0500 Received: from mail-lj1-x22f.google.com (mail-lj1-x22f.google.com [IPv6:2a00:1450:4864:20::22f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 45114C06178A for ; Tue, 2 Mar 2021 01:47:23 -0800 (PST) Received: by mail-lj1-x22f.google.com with SMTP id m11so22252707lji.10 for ; Tue, 02 Mar 2021 01:47:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=7kcgL94+L1tIXT1R8vfU9UzdbVrMKYIDLcHvPGal+1A=; b=SurN3sWHWBPKkLlGNZc6rYyjJtp8AA/I2oXOTORAolb7hFvo7bfaUhEMmYnvL9t/eV lX70eBcFbTYDzPxYJFrDwpr1iGSt7PkyTCRxzAkSHJR8OMWI5IkYUuKCCG2ZTlt0f2kO IRqX8Vh8c1GRXIZ4HZUGAXxuD7wo4pek3aQ6k= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=7kcgL94+L1tIXT1R8vfU9UzdbVrMKYIDLcHvPGal+1A=; b=LPe6UsTyVb7GSDa+jIQ4XqPgCUHz8SzbszyRjRqtwJJTAOCjfr087G1jCFblfWrUfn MDskf2DRxHf6bW1JbPfYGNssXR/gNDvThJfbQnPeNWC1P1BzBAxZDiHnE2XeN3Y0j4J5 npOf5u60RbtYSuW7vkf5fGhfLRYapLxFv9CdFhf64hPR3n/NkTezs+ZuG2Y0Bp1fw27p rV3BRLXQupR610EtQNbteZ5jy3feUHJL1l7DsMbqNxLCapOTP+ZyyZ2e4fBam8u85tiP ok11uaxzlHFS2dl8HDts9Jk4v9CiSWfoCieqBCI90sHLCHX7Iw5umzBMF2oABxgZPjn/ yCcg== X-Gm-Message-State: AOAM532FBeDeBDfEKUCvHWvNpCvIdl9LB7Zh18Q/kAS9TjAva9gwgoUA 9qozAv2dzoHAp19touNyZy2aLEWxil7SyWe38jt7mA== X-Received: by 2002:a05:651c:1318:: with SMTP id u24mr11838773lja.426.1614678441745; Tue, 02 Mar 2021 01:47:21 -0800 (PST) MIME-Version: 1.0 References: <20210210120425.53438-1-lmb@cloudflare.com> <20210210120425.53438-3-lmb@cloudflare.com> <20210301100420.slnjvzql6el4jlfj@wittgenstein> In-Reply-To: <20210301100420.slnjvzql6el4jlfj@wittgenstein> From: Lorenz Bauer Date: Tue, 2 Mar 2021 09:47:10 +0000 Message-ID: Subject: Re: [PATCH bpf 2/4] nsfs: add an ioctl to discover the network namespace cookie To: Christian Brauner Cc: Alexander Viro , "David S. Miller" , Jakub Kicinski , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , kernel-team , Linux API , linux-fsdevel@vger.kernel.org, LKML , Networking , bpf Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 1 Mar 2021 at 10:04, Christian Brauner wrote: > > Hey Lorenz, > > Just to make sure: is it intentional that any user can retrieve the > cookie associated with any network namespace, i.e. you don't require any > form of permission checking in the owning user namespace of the network > namespace? > > Christian Hi Christian, I've decided to drop the patch set for now, but that was my intention, yes. Is there a downside I'm not aware of? Lorenz -- Lorenz Bauer | Systems Engineer 6th Floor, County Hall/The Riverside Building, SE1 7PB, UK www.cloudflare.com