Christian Brauner <christian.brau...@ubuntu.com> writes: > --- > lib/kobject_uevent.c | 140 ++++++++++++++++++++++++++++++------------- > 1 file changed, 99 insertions(+), 41 deletions(-) > > diff --git a/lib/kobject_uevent.c b/lib/kobject_uevent.c > index c3cb110f663b..d8ce5e6d83af 100644 > --- a/lib/kobject_uevent.c > +++ b/lib/kobject_uevent.c > > +static int uevent_net_broadcast_tagged(struct sock *usk, > + struct kobj_uevent_env *env, > + const char *action_string, > + const char *devpath) > +{ > + struct user_namespace *owning_user_ns = sock_net(usk)->user_ns; > + struct sk_buff *skb = NULL; > + int ret; > + > + skb = alloc_uevent_skb(env, action_string, devpath); > + if (!skb) > + return -ENOMEM; > + > + /* fix credentials */ > + if (owning_user_ns != &init_user_ns) {
Nit: This test is just a performance optimization as such is not necessary. That is we can safely unconditionally set the credentials this way. > + struct netlink_skb_parms *parms = &NETLINK_CB(skb); > + kuid_t root_uid; > + kgid_t root_gid; > + > + /* fix uid */ > + root_uid = make_kuid(owning_user_ns, 0); > + if (!uid_valid(root_uid)) > + root_uid = GLOBAL_ROOT_UID; > + parms->creds.uid = root_uid; > + > + /* fix gid */ > + root_gid = make_kgid(owning_user_ns, 0); > + if (!gid_valid(root_gid)) > + root_gid = GLOBAL_ROOT_GID; > + parms->creds.gid = root_gid; > + } > + > + ret = netlink_broadcast(usk, skb, 0, 1, GFP_KERNEL); > + /* ENOBUFS should be handled in userspace */ > + if (ret == -ENOBUFS || ret == -ESRCH) > + ret = 0; > + > + return ret; > +} > +#endif