This series fixes two issues in the vsock network namespace support
recently introduced by commit eafb64f40ca4 ("vsock: add netns to vsock
core").Patch 1 fixes `child_ns_mode` being always hardcoded to "global" for new namespaces, breaking propagation of the "local" mode through nested namespaces. Patch 2 prevents a "local" namespace from switching `child_ns_mode` to "global", which would allow nested namespaces to escape vsock isolation and access global CIDs. Stefano Garzarella (2): vsock: fix child netns mode initialization vsock: prevent child netns mode switch from local to global net/vmw_vsock/af_vsock.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) -- 2.53.0
