Re: [PATCH net-next v2 0/2] net: devmem: allow bind-rx from non-init user namespaces

Next message: Ackerley Tng: "Re: [PATCH] KVM: guest_memfd: Elaborate on how release() vs. get_pfn() is safe against UAF"
Previous message: Andreas Kemnade: "Re: [PATCH 2/2] ARM: dts: ti: Add specific compatibles for SCM conf nodes"
In reply to: Bobby Eshleman: "[PATCH net-next v2 2/2] selftests: drv-net: add userns devmem RX test"
Next in thread: patchwork-bot+netdevbpf: "Re: [PATCH net-next v2 0/2] net: devmem: allow bind-rx from non-init user namespaces"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Stanislav Fomichev

Date: Wed Jun 03 2026 - 11:29:17 EST

On 06/02, Bobby Eshleman wrote:
> NETDEV_CMD_BIND_RX is GENL_ADMIN_PERM, which checks CAP_NET_ADMIN
> against init_user_ns. With netkit and netns support for devmem, it is
> now useful to let workloads holding CAP_NET_ADMIN only in their own
> user_ns issue bind-rx for a netns owned by that user_ns.
>
> The first patch switches the flag to GENL_UNS_ADMIN_PERM so the check
> uses the target netns's owning user_ns. Init remains permitted.
>
> The second patch just adds test cases. They are identical to
> nk_devmem.py tests, but using a non-init userns.
>
> Signed-off-by: Bobby Eshleman <bobbyeshleman@xxxxxxxx>
> ---
> Changes in v2:
> - some pylint fixes
> - fixed import issue
> - Link to v1: https://lore.kernel.org/all/20260601-nl-prov-v1-0-9bc57d6ca3f3@xxxxxxxx/

Acked-by: Stanislav Fomichev <sdf@xxxxxxxxxxx>