Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp8104475ybi;
        Tue, 9 Jul 2019 09:15:25 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzDliXXBhXbaBh7GN+W/Nirxdck/LM8AFrFkBjOYLIYsRBxWh8RBKhAjdWt241/AvHxFt/Y
X-Received: by 2002:a17:902:704c:: with SMTP id h12mr31799548plt.318.1562688925395;
        Tue, 09 Jul 2019 09:15:25 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1562688925; cv=none;
        d=google.com; s=arc-20160816;
        b=Hs+NG9qSyn+7ngtmS2U14l1pGA4MTexmCxJxKpMxPm2I3JxARnuCKb9pP38NW2+vS8
         ql78mU5zFs/FO3T7I5vlueDn3tAM29kdBb14kUJfETZPLThxOlNPM4a+x9oqvs0OoXrG
         Yqq91N6s8FpRJQu++8YWaIg0+cwD8SAB6E9E8e2UcEtW117PzTjUKESNRPzw9s7FOSeC
         4+iOhmYmPE3b8yZFU1Mxsg8X8pny47FZSMfeonkqBXQvd/E97zCSePBQMP1nvzIrVewl
         2TQjlDCQpDbe273a211U4vd4DVYY24gin7gZVteVANTQTMRTXYdno1xP36tu4E4zFfrf
         crcQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=KUNGTPNDMgfEpLhKjmyiUciITiVh7HckcdF97PGn3cM=;
        b=oRbFyNY9j7xFRew6rj3txjQyvD8dNaHnLS+5tvViPSBKVrwzHRpsR9hsp7TcyrvZ62
         BDET7v3r8UuPCAyanQwbe7sa/fO4uj5kvwGVR93IeT2LPNJfXMTQDOVPjHiZJs7pjyCs
         r00gMCfnVtquTRky1PUkppQivTAekUNGcEzm+XsizH6qng8UQ2blTgh1XE0WJtaWA4kY
         W7hC1Zo5+Y2ZrMgCVJg80vDlE4CF++G68r0x9yRd/88m/5TeJYftfPzr1hY1MkkUvR6b
         OhxFpYu6FnPS86kJEMF3z8ZSOR8soyTe7owEym9VDSg0yO5U34vLHuKVQFMcg7ypYYau
         QJPw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id y6si21085738pgv.210.2019.07.09.09.15.11;
        Tue, 09 Jul 2019 09:15:25 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726346AbfGIQO6 (ORCPT <rfc822;cvimail81@gmail.com> + 99 others);
        Tue, 9 Jul 2019 12:14:58 -0400
Received: from helcar.hmeau.com ([216.24.177.18]:60940 "EHLO deadmen.hmeau.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1725816AbfGIQO5 (ORCPT <rfc822;linux-crypto@vger.kernel.org>);
        Tue, 9 Jul 2019 12:14:57 -0400
Received: from gondobar.mordor.me.apana.org.au ([192.168.128.4] helo=gondobar)
        by deadmen.hmeau.com with esmtps (Exim 4.89 #2 (Debian))
        id 1hkslc-0004cd-HB; Wed, 10 Jul 2019 00:14:56 +0800
Received: from herbert by gondobar with local (Exim 4.89)
        (envelope-from <herbert@gondor.apana.org.au>)
        id 1hkslY-0002UP-NI; Wed, 10 Jul 2019 00:14:52 +0800
Date:   Wed, 10 Jul 2019 00:14:52 +0800
From:   Herbert Xu <herbert@gondor.apana.org.au>
To:     Ondrej Mosnacek <omosnace@redhat.com>
Cc:     linux-crypto@vger.kernel.org, netdev@vger.kernel.org,
        "David S . Miller" <davem@davemloft.net>,
        Stephan Mueller <smueller@chronox.de>,
        Steffen Klassert <steffen.klassert@secunet.com>,
        Don Zickus <dzickus@redhat.com>
Subject: Re: [PATCH] crypto: user - make NETLINK_CRYPTO work inside netns
Message-ID: <20190709161452.54gxs7fwif7hs7dx@gondor.apana.org.au>
References: <20190709111124.31127-1-omosnace@redhat.com>
 <20190709143832.hej23rahmb4basy6@gondor.apana.org.au>
 <CAFqZXNs2XysEWVzmfXSczH-+oX5iwwRC3+9fL3tWYEfDRbqLig@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAFqZXNs2XysEWVzmfXSczH-+oX5iwwRC3+9fL3tWYEfDRbqLig@mail.gmail.com>
User-Agent: NeoMutt/20170113 (1.7.2)
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

On Tue, Jul 09, 2019 at 05:28:35PM +0200, Ondrej Mosnacek wrote:
>
> I admit I'm not an expert on Linux namespaces, but aren't you
> confusing network and user namespaces? Unless I'm mistaken, these
> changes only affect _network_ namespaces (which only isolate the
> network stuff itself) and the semantics of the netlink_capable(skb,
> CAP_NET_ADMIN) calls remain unchanged - they check if the opener of
> the socket has the CAP_NET_ADMIN capability within the global _user_
> namespace.

Good point.  I think your patch should be OK then.

Thanks,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt