Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1448979224.3359384.454695137.2DC07EE8@webmail.messagingengine.com>
Date: Tue, 01 Dec 2015 15:13:44 +0100
From: Hannes Frederic Sowa <hannes@...essinduktion.org>
To: "Eric W. Biederman" <ebiederm@...ssion.com>,
 David Miller <davem@...emloft.net>
Cc: Richard Weinberger <richard@....at>, netdev@...r.kernel.org,
 linux-kernel@...r.kernel.org, kernel-hardening@...ts.openwall.com,
 bridge@...ts.linux-foundation.org,
 Stephen Hemminger <stephen@...workplumber.org>,
 Kees Cook <keescook@...omium.org>
Subject: Re: [PATCH net] bridge: Only call /sbin/bridge-stp for the initial
 network namespace

On Mon, Nov 30, 2015, at 22:38, Eric W. Biederman wrote:
> Signed-off-by: "Eric W. Biederman" <ebiederm@...ssion.com>
> ---
>  net/bridge/br_stp_if.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/net/bridge/br_stp_if.c b/net/bridge/br_stp_if.c
> index 5396ff08af32..742fa89528ab 100644
> --- a/net/bridge/br_stp_if.c
> +++ b/net/bridge/br_stp_if.c
> @@ -142,7 +142,9 @@ static void br_stp_start(struct net_bridge *br)
>  	char *envp[] = { NULL };
>  	struct net_bridge_port *p;
>  
> -       r = call_usermodehelper(BR_STP_PROG, argv, envp, UMH_WAIT_PROC);
> +       r = -ENOENT;
> +       if (dev_net(br->dev) == &init_net)

net_eq ?

> +               r = call_usermodehelper(BR_STP_PROG, argv, envp,
> UMH_WAIT_PROC);
>  
>  	spin_lock_bh(&br->lock);
>  

Otherwise, ack, so far.

As our /sys interfaces directories are tagged by the net namespace it
would actually make sense to run bridge-stp automatically in another
name space.

Bye,
Hannes

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.