path: root/net/netlink/genetlink.c
diff options
authorTycho Andersen <>2016-02-05 09:20:52 -0700
committerDavid S. Miller <>2016-02-11 09:53:19 -0500
commit4a92602aa1cd5bbaeedbd9536ff992f7d26fe9d1 (patch)
tree0c1fc8a9c5f393a08cd34c6c02544643eaf0681d /net/netlink/genetlink.c
parent4456ed04ea44b800d691b18c14a68ec9894d2aca (diff)
openvswitch: allow management from inside user namespaces
Operations with the GENL_ADMIN_PERM flag fail permissions checks because this flag means we call netlink_capable, which uses the init user ns. Instead, let's introduce a new flag, GENL_UNS_ADMIN_PERM for operations which should be allowed inside a user namespace. The motivation for this is to be able to run openvswitch in unprivileged containers. I've tested this and it seems to work, but I really have no idea about the security consequences of this patch, so thoughts would be much appreciated. v2: use the GENL_UNS_ADMIN_PERM flag instead of a check in each function v3: use separate ifs for UNS_ADMIN_PERM and ADMIN_PERM, instead of one massive one Reported-by: James Page <> Signed-off-by: Tycho Andersen <> CC: Eric Biederman <> CC: Pravin Shelar <> CC: Justin Pettit <> CC: "David S. Miller" <> Acked-by: Pravin B Shelar <> Signed-off-by: David S. Miller <>
Diffstat (limited to 'net/netlink/genetlink.c')
1 files changed, 4 insertions, 0 deletions
diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c
index f830326b3b1d..0ffd721126e7 100644
--- a/net/netlink/genetlink.c
+++ b/net/netlink/genetlink.c
@@ -580,6 +580,10 @@ static int genl_family_rcv_msg(struct genl_family *family,
!netlink_capable(skb, CAP_NET_ADMIN))
return -EPERM;
+ if ((ops->flags & GENL_UNS_ADMIN_PERM) &&
+ !netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN))
+ return -EPERM;
if ((nlh->nlmsg_flags & NLM_F_DUMP) == NLM_F_DUMP) {
int rc;