Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a3b299da authored by Eric W. Biederman's avatar Eric W. Biederman Committed by David S. Miller
Browse files

net: Add variants of capable for use on on sockets 



sk_net_capable - The common case, operations that are safe in a network namespace.
sk_capable - Operations that are not known to be safe in a network namespace
sk_ns_capable - The general case for special cases.

Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent a53b72c8

include/net/sock.h

+5 −0
Original line number Diff line number Diff line
@@ -2255,6 +2255,11 @@ int sock_get_timestampns(struct sock *, struct timespec __user *); 
int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len, int level,

		       int type);



bool sk_ns_capable(const struct sock *sk,

		   struct user_namespace *user_ns, int cap);

bool sk_capable(const struct sock *sk, int cap);

bool sk_net_capable(const struct sock *sk, int cap);



/*

 *	Enable debug/info messages

 */

net/core/sock.c

+49 −0
Original line number Diff line number Diff line
@@ -145,6 +145,55 @@ 
static DEFINE_MUTEX(proto_list_mutex);

static LIST_HEAD(proto_list);



/**

 * sk_ns_capable - General socket capability test

 * @sk: Socket to use a capability on or through

 * @user_ns: The user namespace of the capability to use

 * @cap: The capability to use

 *

 * Test to see if the opener of the socket had when the socket was

 * created and the current process has the capability @cap in the user

 * namespace @user_ns.

 */

bool sk_ns_capable(const struct sock *sk,

		   struct user_namespace *user_ns, int cap)

{

	return file_ns_capable(sk->sk_socket->file, user_ns, cap) &&

		ns_capable(user_ns, cap);

}

EXPORT_SYMBOL(sk_ns_capable);



/**

 * sk_capable - Socket global capability test

 * @sk: Socket to use a capability on or through

 * @cap: The global capbility to use

 *

 * Test to see if the opener of the socket had when the socket was

 * created and the current process has the capability @cap in all user

 * namespaces.

 */

bool sk_capable(const struct sock *sk, int cap)

{

	return sk_ns_capable(sk, &init_user_ns, cap);

}

EXPORT_SYMBOL(sk_capable);



/**

 * sk_net_capable - Network namespace socket capability test

 * @sk: Socket to use a capability on or through

 * @cap: The capability to use

 *

 * Test to see if the opener of the socket had when the socke was created

 * and the current process has the capability @cap over the network namespace

 * the socket is a member of.

 */

bool sk_net_capable(const struct sock *sk, int cap)

{

	return sk_ns_capable(sk, sock_net(sk)->user_ns, cap);

}

EXPORT_SYMBOL(sk_net_capable);





#ifdef CONFIG_MEMCG_KMEM

int mem_cgroup_sockets_init(struct mem_cgroup *memcg, struct cgroup_subsys *ss)

{