git.baikalelectronics.ru Git - kernel.git/commit

author	Eric W. Biederman <ebiederm@xmission.com>
	Fri, 16 Nov 2012 03:02:57 +0000 (03:02 +0000)
committer	David S. Miller <davem@davemloft.net>
	Mon, 19 Nov 2012 01:30:55 +0000 (20:30 -0500)
commit	21cdabb8a4da0eedcd484506bff82d2833499acf
tree	73c874c9e1c5c328d198c15d79eff0ad4bbd52af	tree \| snapshot
parent	0dd3a0918aef11eeb3826f601fb93f41e399a980	commit \| diff

userns: make each net (net_ns) belong to a user_ns

The user namespace which creates a new network namespace owns that
namespace and all resources created in it. This way we can target
capability checks for privileged operations against network resources to
the user_ns which created the network namespace in which the resource
lives. Privilege to the user namespace which owns the network
namespace, or any parent user namespace thereof, provides the same
privilege to the network resource.

This patch is reworked from a version originally by
Serge E. Hallyn <serge.hallyn@canonical.com>

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

include/net/net_namespace.h		diff \| blob \| history
kernel/nsproxy.c		diff \| blob \| history
net/core/net_namespace.c		diff \| blob \| history