net: Add variants of capable for use on netlink messages
[ Upstream commit aa4cf9452f469f16cea8c96283b641b4576d4a7b ] netlink_net_capable - The common case use, for operations that are safe on a network namespace netlink_capable - For operations that are only known to be safe for the global root netlink_ns_capable - The general case of capable used to handle special cases __netlink_ns_capable - Same as netlink_ns_capable except taking a netlink_skb_parms instead of the skbuff of a netlink message. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
parent
c35b4e287f
commit
738f378d77
|
@ -144,4 +144,11 @@ static inline int netlink_dump_start(struct sock *ssk, struct sk_buff *skb,
|
|||
return __netlink_dump_start(ssk, skb, nlh, control);
|
||||
}
|
||||
|
||||
bool __netlink_ns_capable(const struct netlink_skb_parms *nsp,
|
||||
struct user_namespace *ns, int cap);
|
||||
bool netlink_ns_capable(const struct sk_buff *skb,
|
||||
struct user_namespace *ns, int cap);
|
||||
bool netlink_capable(const struct sk_buff *skb, int cap);
|
||||
bool netlink_net_capable(const struct sk_buff *skb, int cap);
|
||||
|
||||
#endif /* __LINUX_NETLINK_H */
|
||||
|
|
|
@ -1219,6 +1219,71 @@ retry:
|
|||
return err;
|
||||
}
|
||||
|
||||
/**
|
||||
* __netlink_ns_capable - General netlink message capability test
|
||||
* @nsp: NETLINK_CB of the socket buffer holding a netlink command from userspace.
|
||||
* @user_ns: The user namespace of the capability to use
|
||||
* @cap: The capability to use
|
||||
*
|
||||
* Test to see if the opener of the socket we received the message
|
||||
* from had when the netlink socket was created and the sender of the
|
||||
* message has has the capability @cap in the user namespace @user_ns.
|
||||
*/
|
||||
bool __netlink_ns_capable(const struct netlink_skb_parms *nsp,
|
||||
struct user_namespace *user_ns, int cap)
|
||||
{
|
||||
return sk_ns_capable(nsp->sk, user_ns, cap);
|
||||
}
|
||||
EXPORT_SYMBOL(__netlink_ns_capable);
|
||||
|
||||
/**
|
||||
* netlink_ns_capable - General netlink message capability test
|
||||
* @skb: socket buffer holding a netlink command from userspace
|
||||
* @user_ns: The user namespace of the capability to use
|
||||
* @cap: The capability to use
|
||||
*
|
||||
* Test to see if the opener of the socket we received the message
|
||||
* from had when the netlink socket was created and the sender of the
|
||||
* message has has the capability @cap in the user namespace @user_ns.
|
||||
*/
|
||||
bool netlink_ns_capable(const struct sk_buff *skb,
|
||||
struct user_namespace *user_ns, int cap)
|
||||
{
|
||||
return __netlink_ns_capable(&NETLINK_CB(skb), user_ns, cap);
|
||||
}
|
||||
EXPORT_SYMBOL(netlink_ns_capable);
|
||||
|
||||
/**
|
||||
* netlink_capable - Netlink global message capability test
|
||||
* @skb: socket buffer holding a netlink command from userspace
|
||||
* @cap: The capability to use
|
||||
*
|
||||
* Test to see if the opener of the socket we received the message
|
||||
* from had when the netlink socket was created and the sender of the
|
||||
* message has has the capability @cap in all user namespaces.
|
||||
*/
|
||||
bool netlink_capable(const struct sk_buff *skb, int cap)
|
||||
{
|
||||
return netlink_ns_capable(skb, &init_user_ns, cap);
|
||||
}
|
||||
EXPORT_SYMBOL(netlink_capable);
|
||||
|
||||
/**
|
||||
* netlink_net_capable - Netlink network namespace message capability test
|
||||
* @skb: socket buffer holding a netlink command from userspace
|
||||
* @cap: The capability to use
|
||||
*
|
||||
* Test to see if the opener of the socket we received the message
|
||||
* from had when the netlink socket was created and the sender of the
|
||||
* message has has the capability @cap over the network namespace of
|
||||
* the socket we received the message from.
|
||||
*/
|
||||
bool netlink_net_capable(const struct sk_buff *skb, int cap)
|
||||
{
|
||||
return netlink_ns_capable(skb, sock_net(skb->sk)->user_ns, cap);
|
||||
}
|
||||
EXPORT_SYMBOL(netlink_net_capable);
|
||||
|
||||
static inline int netlink_allowed(const struct socket *sock, unsigned int flag)
|
||||
{
|
||||
return (nl_table[sock->sk->sk_protocol].flags & flag) ||
|
||||
|
|
Loading…
Reference in New Issue