Re: [PATCH] openvswitch: allow management from inside user namespaces

On Fri, Jan 29, 2016 at 8:37 AM, Tycho Andersen wrote: > Hi Eric, > > Thanks for the review. > > On Fri, Jan 29, 2016 at 08:29:55AM -0600, Eric W. Biederman wrote: >> Tycho Andersen writes: >> >> > Operations with the GENL_ADMIN_PERM flag fail permissions checks because >> > this flag means we ca

Re: [PATCH] openvswitch: allow management from inside user namespaces

Hi Eric, Thanks for the review. On Fri, Jan 29, 2016 at 08:29:55AM -0600, Eric W. Biederman wrote: > Tycho Andersen writes: > > > Operations with the GENL_ADMIN_PERM flag fail permissions checks because > > this flag means we call netlink_capable, which uses the init user ns. > > > > Instead, l

Re: [PATCH] openvswitch: allow management from inside user namespaces

Tycho Andersen writes: > Operations with the GENL_ADMIN_PERM flag fail permissions checks because > this flag means we call netlink_capable, which uses the init user ns. > > Instead, let's do permissions checks in each function, but use the netlink > socket's user ns instead of the initial one, t

[PATCH] openvswitch: allow management from inside user namespaces

Operations with the GENL_ADMIN_PERM flag fail permissions checks because this flag means we call netlink_capable, which uses the init user ns. Instead, let's do permissions checks in each function, but use the netlink socket's user ns instead of the initial one, to allow management of openvswitch