net: Add variants of capable for use on on sockets
sk_net_capable - The common case, operations that are safe in a network namespace. sk_capable - Operations that are not known to be safe in a network namespace sk_ns_capable - The general case for special cases. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
a53b72c83a
commit
a3b299da86
|
@ -2255,6 +2255,11 @@ int sock_get_timestampns(struct sock *, struct timespec __user *);
|
||||||
int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len, int level,
|
int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len, int level,
|
||||||
int type);
|
int type);
|
||||||
|
|
||||||
|
bool sk_ns_capable(const struct sock *sk,
|
||||||
|
struct user_namespace *user_ns, int cap);
|
||||||
|
bool sk_capable(const struct sock *sk, int cap);
|
||||||
|
bool sk_net_capable(const struct sock *sk, int cap);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Enable debug/info messages
|
* Enable debug/info messages
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -145,6 +145,55 @@
|
||||||
static DEFINE_MUTEX(proto_list_mutex);
|
static DEFINE_MUTEX(proto_list_mutex);
|
||||||
static LIST_HEAD(proto_list);
|
static LIST_HEAD(proto_list);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* sk_ns_capable - General socket capability test
|
||||||
|
* @sk: Socket to use a capability on or through
|
||||||
|
* @user_ns: The user namespace of the capability to use
|
||||||
|
* @cap: The capability to use
|
||||||
|
*
|
||||||
|
* Test to see if the opener of the socket had when the socket was
|
||||||
|
* created and the current process has the capability @cap in the user
|
||||||
|
* namespace @user_ns.
|
||||||
|
*/
|
||||||
|
bool sk_ns_capable(const struct sock *sk,
|
||||||
|
struct user_namespace *user_ns, int cap)
|
||||||
|
{
|
||||||
|
return file_ns_capable(sk->sk_socket->file, user_ns, cap) &&
|
||||||
|
ns_capable(user_ns, cap);
|
||||||
|
}
|
||||||
|
EXPORT_SYMBOL(sk_ns_capable);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* sk_capable - Socket global capability test
|
||||||
|
* @sk: Socket to use a capability on or through
|
||||||
|
* @cap: The global capbility to use
|
||||||
|
*
|
||||||
|
* Test to see if the opener of the socket had when the socket was
|
||||||
|
* created and the current process has the capability @cap in all user
|
||||||
|
* namespaces.
|
||||||
|
*/
|
||||||
|
bool sk_capable(const struct sock *sk, int cap)
|
||||||
|
{
|
||||||
|
return sk_ns_capable(sk, &init_user_ns, cap);
|
||||||
|
}
|
||||||
|
EXPORT_SYMBOL(sk_capable);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* sk_net_capable - Network namespace socket capability test
|
||||||
|
* @sk: Socket to use a capability on or through
|
||||||
|
* @cap: The capability to use
|
||||||
|
*
|
||||||
|
* Test to see if the opener of the socket had when the socke was created
|
||||||
|
* and the current process has the capability @cap over the network namespace
|
||||||
|
* the socket is a member of.
|
||||||
|
*/
|
||||||
|
bool sk_net_capable(const struct sock *sk, int cap)
|
||||||
|
{
|
||||||
|
return sk_ns_capable(sk, sock_net(sk)->user_ns, cap);
|
||||||
|
}
|
||||||
|
EXPORT_SYMBOL(sk_net_capable);
|
||||||
|
|
||||||
|
|
||||||
#ifdef CONFIG_MEMCG_KMEM
|
#ifdef CONFIG_MEMCG_KMEM
|
||||||
int mem_cgroup_sockets_init(struct mem_cgroup *memcg, struct cgroup_subsys *ss)
|
int mem_cgroup_sockets_init(struct mem_cgroup *memcg, struct cgroup_subsys *ss)
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in New Issue