On Fri, Feb 5, 2016 at 5:20 PM, Tycho Andersen
wrote:
> Operations with the GENL_ADMIN_PERM flag fail permissions checks because
> this flag means we call netlink_capable, which uses the init user ns.
>
> Instead, let's introduce a new flag, GENL_UNS_ADMIN_PERM for
From: Tycho Andersen
Date: Fri, 5 Feb 2016 09:20:52 -0700
> Operations with the GENL_ADMIN_PERM flag fail permissions checks because
> this flag means we call netlink_capable, which uses the init user ns.
>
> Instead, let's introduce a new flag,
Operations with the GENL_ADMIN_PERM flag fail permissions checks because
this flag means we call netlink_capable, which uses the init user ns.
Instead, let's introduce a new flag, GENL_UNS_ADMIN_PERM for operations
which should be allowed inside a user namespace.
The motivation for this is to be