Kn = _kernfs_create_file(parent_kn, rft->name, rft->mode, +++ -146,6 +146,7 static int rdtgroup_add_file(struct kernfs_node *parent_kn, struct rftype *rft) a/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c The "simple" kernfs_create_file() and kernfs_create_dir() are left aloneĪnd always create objects belonging to the global root. Kernfs_create_dir_ns() and kernfs_create_file_ns() with uid/gid arguments. Uid/gid instead of always using GLOBAL_ROOT_UID/GID by extending This change allows creating kernfs files and directories with arbitrary ` (7 subsequent siblings) 8 siblings, 0 replies 10+ messages in thread 21:56 ` sysfs, kobject: allow creating kobject belonging to arbitrary users Tyler Hicks 21:56 Make /sys/class/net per net namespace objects belong to container Tyler 21:56 ` Tyler Hicks * kernfs: allow creating kernfs objects with arbitrary uid/gid Verifying CAP_NET_ADMIN in the network namespace but that it doesn't I think that this should probablyīe fixed in order to be consistent with what netdev_store() does by Today in that init root is able to write to the attributes without It's the same situation that those devices have Network namespace that the device belongs to, can write to thoseĭevice attributes. It means thatĬontainer root, rather than specifically CAP_NET_ADMIN inside of the Qmi_wwan_sysfs_attrs) but I think this is acceptable. Sysfs_grcan_attrs, ican3_sysfs_attrs, cdc_ncm_sysfs_attrs, Their store operations (per_bond_attrs, at91_sysfs_attrs, There are quite a few affectedĪttributes that don't have any capable()/ns_capable() checks in
#Gid global Patch#
I've looked at all sysfs attributes affected by this patch set andįeel comfortable about the changes. That it isn't a dangerous function to reuse Initialize uid and gid, even when the network namespace is NULL, so Patches 6 and 7 were updated to make net_ns_get_ownership() always + Maybe I'm being too cautious here but the restriction can always
Patch 5 is a new patch that prevents tx_maxrate from being written Sysfs.h since the patch removed all other uses of the function Patch 2 was updated to drop the declaration of sysfs_add_file() from Patch 1 received build failure fixes in Added my Co-Developed-by and Signed-off-by tags to all of Dmitry's In the last patch of this set shows that not all of the changes will be Of a change since quite a bit of time has passed and the bridge changes That feedback is certainly sensibleīut I wanted to send out v2 of the patch set without making that large I've added to Dmitry's original set to allow such configuration of theĮric had previously provided feedback that he didn't favor these changesĪffecting all layers of the stack and that most of the changes could The last two patches in this set are patches that To the bridge files in /sys/class/net/ being owned by init root instead Unable to configure its bridge device inside of a system container due One specific use case that we have is that libvirt is I'm reviving this patch set because we would like this feature for Namespace (as when moving a network device into a container) as Note that we do not adjust ownership of objects moved into a new Objects in net namespace are owned by the root user from the owning
Lastly net-sysfs is adjusted to make sure that
#Gid global code#
Uid/gid, adds get_ownership() callback to ktype structure so subsystemsĬould supply their own logic (likely tied to namespace support) forĭetermining ownership of kobjects, and adjusts sysfs code to make use
#Gid global series#
This series changes kernfs to allow creating object's with arbitrary It would be better if kernel created them using correct Ownership manually, keeping tracks of all objects that come and go isĬumbersome. Their life belonging to global root, and while we could change There are objects in /sys hierarchy (/sys/class/net/) that logicallyīelong to a namespace/container.
This is a revival of an older patch set from Dmitry submission of v2 is Dmitry's description: Miller, Stephen HemmingerĬc: Dmitry Torokhov, Eric W. To: Greg Kroah-Hartman, Tejun Heo, David S. ` (8 more replies) 0 siblings, 9 replies 10+ messages in thread 21:56 ` kernfs: allow creating kernfs objects with arbitrary uid/gid Tyler Hicks
#Gid global archive#
Make /sys/class/net per net namespace objects belong to container LKML Archive on help / color / mirror / Atom feed * Make /sys/class/net per net namespace objects belong to container 21:56 Tyler Hicks
0 kommentar(er)
