On 06/02, Bobby Eshleman wrote: > NETDEV_CMD_BIND_RX is GENL_ADMIN_PERM, which checks CAP_NET_ADMIN > against init_user_ns. With netkit and netns support for devmem, it is > now useful to let workloads holding CAP_NET_ADMIN only in their own > user_ns issue bind-rx for a netns owned by that user_ns. > > The first patch switches the flag to GENL_UNS_ADMIN_PERM so the check > uses the target netns's owning user_ns. Init remains permitted. > > The second patch just adds test cases. They are identical to > nk_devmem.py tests, but using a non-init userns. > > Signed-off-by: Bobby Eshleman <[email protected]> > --- > Changes in v2: > - some pylint fixes > - fixed import issue > - Link to v1: > https://lore.kernel.org/all/[email protected]/
Acked-by: Stanislav Fomichev <[email protected]>
