Re:Re: [PATCH net-next] net: Remove useless function skb_header_release

At 2017-09-21 05:30:46, "David Miller" <da...@davemloft.net> wrote: >From: gfree.w...@vip.163.com >Date: Tue, 19 Sep 2017 22:32:48 +0800 > >> From: Gao Feng <gfree.w...@vip.163.com> >> >> There is no one which would invokes the function skb_header

Re:Re: [PATCH net-next] net: Remove useless function skb_header_release

At 2017-09-21 05:30:46, "David Miller" wrote: >From: gfree.w...@vip.163.com >Date: Tue, 19 Sep 2017 22:32:48 +0800 > >> From: Gao Feng >> >> There is no one which would invokes the function skb_header_release. >> So just remove it now. >> >&

Re: [PATCH] net: avoid uninitialized variable

On Thu, Oct 27, 2016 at 11:56 AM, zhongjiang wrote: > From: zhong jiang > > when I compiler the newest kernel, I hit the following error with > Werror=may-uninitalized. > > net/core/flow_dissector.c: In function ?._skb_flow_dissect? >

Re: [PATCH] net: avoid uninitialized variable

On Thu, Oct 27, 2016 at 11:56 AM, zhongjiang wrote: > From: zhong jiang > > when I compiler the newest kernel, I hit the following error with > Werror=may-uninitalized. > > net/core/flow_dissector.c: In function ?._skb_flow_dissect? > include/uapi/linux/swab.h:100:46: error: ?.lan?.may be used

Re: [PATCH net] rps: flow_dissector: Fix uninitialized flow_keys used in __skb_get_hash possibly

On Wed, Aug 31, 2016 at 12:14 PM, Eric Dumazet <eric.duma...@gmail.com> wrote: > On Wed, 2016-08-31 at 10:56 +0800, f...@ikuai8.com wrote: >> From: Gao Feng <f...@ikuai8.com> >> >> The original codes depend on that the function parameters are evaluated from >

Re: [PATCH net] rps: flow_dissector: Fix uninitialized flow_keys used in __skb_get_hash possibly

On Wed, Aug 31, 2016 at 12:14 PM, Eric Dumazet wrote: > On Wed, 2016-08-31 at 10:56 +0800, f...@ikuai8.com wrote: >> From: Gao Feng >> >> The original codes depend on that the function parameters are evaluated from >> left to right. But the parameter's evaluatio

Re: [PATCH audit-next 2/2] Audit: make audit netlink socket net namespace unaware

On 01/17/2014 06:29 AM, Serge E. Hallyn wrote: > Quoting Gao feng (gaof...@cn.fujitsu.com): >> Add a compare function which always return true for >> audit netlink socket, this will cause audit netlink >> sockets netns unaware, and no matter which netns the >> user

Re: [PATCH audit-next 2/2] Audit: make audit netlink socket net namespace unaware

On 01/17/2014 06:29 AM, Serge E. Hallyn wrote: Quoting Gao feng (gaof...@cn.fujitsu.com): Add a compare function which always return true for audit netlink socket, this will cause audit netlink sockets netns unaware, and no matter which netns the user space audit netlink sockets belong

[PATCH audit-next 2/2] Audit: make audit netlink socket net namespace unaware

per-netns audit kernel side socket(audit_sock), it's pain to depend on and get reference of netns for auditns. Signed-off-by: Gao feng --- kernel/audit.c | 6 ++ 1 file changed, 6 insertions(+) diff --git a/kernel/audit.c b/kernel/audit.c index b62153a..2ac6212 100644 --- a/kernel/audit.c

[PATCH audit-next 1/2] audit: revert commit listen in all network namespaces

will make things easy and we needn't to consider the complicate cases. Signed-off-by: Gao feng --- kernel/audit.c | 61 ++ kernel/audit.h | 4 2 files changed, 10 insertions(+), 55 deletions(-) diff --git a/kernel/audit.c b/kernel/aud

[PATCH audit-next 1/2] audit: revert commit listen in all network namespaces

things easy and we needn't to consider the complicate cases. Signed-off-by: Gao feng gaof...@cn.fujitsu.com --- kernel/audit.c | 61 ++ kernel/audit.h | 4 2 files changed, 10 insertions(+), 55 deletions(-) diff --git a/kernel/audit.c b

[PATCH audit-next 2/2] Audit: make audit netlink socket net namespace unaware

per-netns audit kernel side socket(audit_sock), it's pain to depend on and get reference of netns for auditns. Signed-off-by: Gao feng gaof...@cn.fujitsu.com --- kernel/audit.c | 6 ++ 1 file changed, 6 insertions(+) diff --git a/kernel/audit.c b/kernel/audit.c index b62153a..2ac6212 100644

Re: [PATCH 1/2] audit: print error message when fail to create audit socket

On 01/08/2014 08:53 AM, Andrew Morton wrote: > On Tue, 17 Dec 2013 11:10:41 +0800 Gao feng wrote: > >> print the error message and then return -ENOMEM. >> >> ... >> >> --- a/kernel/audit.c >> +++ b/kernel/audit.c >> @@ -1083,12 +1083,11 @@ stat

Re: [PATCH 1/2] audit: print error message when fail to create audit socket

On 01/08/2014 08:53 AM, Andrew Morton wrote: On Tue, 17 Dec 2013 11:10:41 +0800 Gao feng gaof...@cn.fujitsu.com wrote: print the error message and then return -ENOMEM. ... --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1083,12 +1083,11 @@ static int __net_init audit_net_init(struct net

Re: [RFC PATCH net-next 0/4] net_cls for sys container

On 01/06/2014 03:54 PM, Libo Chen wrote: > On 2014/1/3 13:20, Cong Wang wrote: >> On Thu, Jan 2, 2014 at 7:11 PM, Libo Chen >> wrote: >>> Hi guys, >>> >>> Now, lxc created with veth can not be under control by >>> cls_cgroup. >>> >>> the former discussion: >>>

Re: [RFC PATCH net-next 0/4] net_cls for sys container

On 01/06/2014 03:54 PM, Libo Chen wrote: On 2014/1/3 13:20, Cong Wang wrote: On Thu, Jan 2, 2014 at 7:11 PM, Libo Chen clbchenlibo.c...@huawei.com wrote: Hi guys, Now, lxc created with veth can not be under control by cls_cgroup. the former discussion:

Re: [RFC Part1 PATCH 00/20 v2] Add namespace support for audit

On 12/24/2013 07:47 AM, Richard Guy Briggs wrote: > On 13/12/09, Gao feng wrote: >> On 12/07/2013 05:31 AM, Serge E. Hallyn wrote: >>> Quoting Gao feng (gaof...@cn.fujitsu.com): > >>>> The main target of this patchset is allowing user in audit >>>> nam

Re: [RFC Part1 PATCH 00/20 v2] Add namespace support for audit

On 12/21/2013 05:15 AM, Serge E. Hallyn wrote: > Quoting Gao feng (gaof...@cn.fujitsu.com): >> On 12/11/2013 04:36 AM, Serge E. Hallyn wrote: >>> Quoting Eric Paris (epa...@redhat.com): >>>> On Tue, 2013-12-10 at 10:51 -0600, Serge Hallyn wrote: >>>>

Re: [RFC Part1 PATCH 00/20 v2] Add namespace support for audit

On 12/21/2013 05:15 AM, Serge E. Hallyn wrote: Quoting Gao feng (gaof...@cn.fujitsu.com): On 12/11/2013 04:36 AM, Serge E. Hallyn wrote: Quoting Eric Paris (epa...@redhat.com): On Tue, 2013-12-10 at 10:51 -0600, Serge Hallyn wrote: Quoting Gao feng (gaof...@cn.fujitsu.com): On 12/10/2013 02

Re: [RFC Part1 PATCH 00/20 v2] Add namespace support for audit

On 12/24/2013 07:47 AM, Richard Guy Briggs wrote: On 13/12/09, Gao feng wrote: On 12/07/2013 05:31 AM, Serge E. Hallyn wrote: Quoting Gao feng (gaof...@cn.fujitsu.com): The main target of this patchset is allowing user in audit namespace to generate the USER_MSG type of audit message, some

Re: [PATCH] audit: listen in all network namespaces

On 12/20/2013 11:11 AM, Eric Paris wrote: > On Fri, 2013-12-20 at 10:46 +0800, Gao feng wrote: >> On 12/20/2013 02:40 AM, Eric Paris wrote: >>> On Thu, 2013-12-19 at 11:59 +0800, Gao feng wrote: >>>> On 07/17/2013 04:32 AM, Richard Guy Briggs wrote: >

Re: [PATCH] audit: listen in all network namespaces

On 12/20/2013 02:40 AM, Eric Paris wrote: > On Thu, 2013-12-19 at 11:59 +0800, Gao feng wrote: >> On 07/17/2013 04:32 AM, Richard Guy Briggs wrote: >>> Convert audit from only listening in init_net to use >>> register_pernet_subsys() >>> to dynami

Re: [PATCH] audit: fix build error when disable audit

On 12/20/2013 09:40 AM, Richard Guy Briggs wrote: > On 13/12/20, Gao feng wrote: >> On 12/20/2013 09:19 AM, Richard Guy Briggs wrote: >>> On 13/12/19, Gao feng wrote: >>>> On 12/19/2013 10:34 AM, Gao feng wrote: >>>>> kernel/capability.c: In function ‘

Re: [PATCH] audit: fix build error when disable audit

On 12/20/2013 09:19 AM, Richard Guy Briggs wrote: > On 13/12/19, Gao feng wrote: >> On 12/19/2013 10:34 AM, Gao feng wrote: >>> kernel/capability.c: In function ‘SYSC_capset’: >>> kernel/capability.c:280:2: warning: passing argument 1 of >>> ‘audit_log_capset

Re: [PATCH] audit: listen in all network namespaces

On 12/20/2013 02:40 AM, Eric Paris wrote: > On Thu, 2013-12-19 at 11:59 +0800, Gao feng wrote: >> On 07/17/2013 04:32 AM, Richard Guy Briggs wrote: >>> Convert audit from only listening in init_net to use >>> register_pernet_subsys() >>> to dynami

Re: [PATCH] audit: listen in all network namespaces

On 12/20/2013 02:40 AM, Eric Paris wrote: On Thu, 2013-12-19 at 11:59 +0800, Gao feng wrote: On 07/17/2013 04:32 AM, Richard Guy Briggs wrote: Convert audit from only listening in init_net to use register_pernet_subsys() to dynamically manage the netlink socket list. Signed-off-by: Richard

Re: [PATCH] audit: fix build error when disable audit

On 12/20/2013 09:19 AM, Richard Guy Briggs wrote: On 13/12/19, Gao feng wrote: On 12/19/2013 10:34 AM, Gao feng wrote: kernel/capability.c: In function ‘SYSC_capset’: kernel/capability.c:280:2: warning: passing argument 1 of ‘audit_log_capset’ makes integer from pointer without a cast

Re: [PATCH] audit: fix build error when disable audit

On 12/20/2013 09:40 AM, Richard Guy Briggs wrote: On 13/12/20, Gao feng wrote: On 12/20/2013 09:19 AM, Richard Guy Briggs wrote: On 13/12/19, Gao feng wrote: On 12/19/2013 10:34 AM, Gao feng wrote: kernel/capability.c: In function ‘SYSC_capset’: kernel/capability.c:280:2: warning: passing

Re: [PATCH] audit: listen in all network namespaces

On 12/20/2013 02:40 AM, Eric Paris wrote: On Thu, 2013-12-19 at 11:59 +0800, Gao feng wrote: On 07/17/2013 04:32 AM, Richard Guy Briggs wrote: Convert audit from only listening in init_net to use register_pernet_subsys() to dynamically manage the netlink socket list. Signed-off-by: Richard

Re: [PATCH] audit: listen in all network namespaces

On 12/20/2013 11:11 AM, Eric Paris wrote: On Fri, 2013-12-20 at 10:46 +0800, Gao feng wrote: On 12/20/2013 02:40 AM, Eric Paris wrote: On Thu, 2013-12-19 at 11:59 +0800, Gao feng wrote: On 07/17/2013 04:32 AM, Richard Guy Briggs wrote: we have to store audit_sock into auditns(auditns

Re: [PATCH] audit: listen in all network namespaces

, and no matter which netns the user space audit netlink sockets belong to, they all can find out and communicate with audit_sock. This gets rid of the necessary to create per-netns audit kernel side socket(audit_sock), it's pain to depend on and get reference of netns for auditns. Signed-o

Re: [PATCH] audit: fix build error when disable audit

On 12/19/2013 10:34 AM, Gao feng wrote: > kernel/capability.c: In function ‘SYSC_capset’: > kernel/capability.c:280:2: warning: passing argument 1 of ‘audit_log_capset’ > makes integer from pointer without a cast [enabled by default] > audit_log_capset(new, current_cred()); >

[PATCH] audit: fix build error when disable audit

()); ^ In file included from kernel/capability.c:10:0: include/linux/audit.h:400:20: note: declared here static inline void audit_log_capset(pid_t pid, const struct cred *new, ^ make[1]: *** [kernel/capability.o] Error 1 Signed-off-by: Gao feng --- include/linux/audit.h | 4 ++-- 1

[PATCH] audit: fix build error when disable audit

()); ^ In file included from kernel/capability.c:10:0: include/linux/audit.h:400:20: note: declared here static inline void audit_log_capset(pid_t pid, const struct cred *new, ^ make[1]: *** [kernel/capability.o] Error 1 Signed-off-by: Gao feng gaof...@cn.fujitsu.com --- include

Re: [PATCH] audit: fix build error when disable audit

On 12/19/2013 10:34 AM, Gao feng wrote: kernel/capability.c: In function ‘SYSC_capset’: kernel/capability.c:280:2: warning: passing argument 1 of ‘audit_log_capset’ makes integer from pointer without a cast [enabled by default] audit_log_capset(new, current_cred()); ^ In file included

Re: [PATCH] audit: listen in all network namespaces

, and no matter which netns the user space audit netlink sockets belong to, they all can find out and communicate with audit_sock. This gets rid of the necessary to create per-netns audit kernel side socket(audit_sock), it's pain to depend on and get reference of netns for auditns. Signed-off-by: Gao

[PATCH 1/2] audit: print error message when fail to create audit socket

print the error message and then return -ENOMEM. Signed-off-by: Gao feng --- kernel/audit.c | 9 - 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/kernel/audit.c b/kernel/audit.c index 2a0ed0b..041b951 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1083,12 +1083,11

[PATCH 2/2] audit: fix incorrect set of audit_sock

be released anytime, so the audit_sock may point to invalid socket. this patch sets the audit_sock to the kernel side audit netlink socket. Signed-off-by: Gao feng --- kernel/audit.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/audit.c b/kernel/audit.c index 041b951

[PATCH 2/2] audit: fix incorrect set of audit_sock

be released anytime, so the audit_sock may point to invalid socket. this patch sets the audit_sock to the kernel side audit netlink socket. Signed-off-by: Gao feng gaof...@cn.fujitsu.com --- kernel/audit.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/audit.c b/kernel

[PATCH 1/2] audit: print error message when fail to create audit socket

print the error message and then return -ENOMEM. Signed-off-by: Gao feng gaof...@cn.fujitsu.com --- kernel/audit.c | 9 - 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/kernel/audit.c b/kernel/audit.c index 2a0ed0b..041b951 100644 --- a/kernel/audit.c +++ b/kernel/audit.c

Re: [RFC Part1 PATCH 00/20 v2] Add namespace support for audit

On 12/11/2013 04:36 AM, Serge E. Hallyn wrote: > Quoting Eric Paris (epa...@redhat.com): >> On Tue, 2013-12-10 at 10:51 -0600, Serge Hallyn wrote: >>> Quoting Gao feng (gaof...@cn.fujitsu.com): >>>> On 12/10/2013 02:26 AM, Serge Hallyn wrote: >>>>

Re: [RFC Part1 PATCH 00/20 v2] Add namespace support for audit

On 12/11/2013 04:36 AM, Serge E. Hallyn wrote: Quoting Eric Paris (epa...@redhat.com): On Tue, 2013-12-10 at 10:51 -0600, Serge Hallyn wrote: Quoting Gao feng (gaof...@cn.fujitsu.com): On 12/10/2013 02:26 AM, Serge Hallyn wrote: Quoting Gao feng (gaof...@cn.fujitsu.com): On 12/07/2013 06:12

Re: [RFC Part1 PATCH 00/20 v2] Add namespace support for audit

On 12/10/2013 02:26 AM, Serge Hallyn wrote: > Quoting Gao feng (gaof...@cn.fujitsu.com): >> On 12/07/2013 06:12 AM, Serge E. Hallyn wrote: >>> Quoting Gao feng (gaof...@cn.fujitsu.com): >>>> Hi >>>> >>>> On 10/24/2013 03:31 PM, Gao feng wrote:

Re: [RFC Part1 PATCH 00/20 v2] Add namespace support for audit

On 12/10/2013 02:26 AM, Serge Hallyn wrote: Quoting Gao feng (gaof...@cn.fujitsu.com): On 12/07/2013 06:12 AM, Serge E. Hallyn wrote: Quoting Gao feng (gaof...@cn.fujitsu.com): Hi On 10/24/2013 03:31 PM, Gao feng wrote: Here is the v1 patchset: http://lwn.net/Articles/549546/ The main

Re: [PATCH 18/20] audit: add new message type AUDIT_CREATE_NS

On 12/10/2013 01:53 AM, Serge Hallyn wrote: > Quoting Gao feng (gaof...@cn.fujitsu.com): >> On 12/07/2013 06:10 AM, Serge E. Hallyn wrote: >>> Quoting Gao feng (gaof...@cn.fujitsu.com): >>>> Since there is no more place for flags of clone system call. >>>

Re: [PATCH 18/20] audit: add new message type AUDIT_CREATE_NS

On 12/10/2013 01:53 AM, Serge Hallyn wrote: Quoting Gao feng (gaof...@cn.fujitsu.com): On 12/07/2013 06:10 AM, Serge E. Hallyn wrote: Quoting Gao feng (gaof...@cn.fujitsu.com): Since there is no more place for flags of clone system call. we need to find a way to create audit namespace

Re: [RFC Part1 PATCH 00/20 v2] Add namespace support for audit

Hi Serge, Thanks for your comments! On 12/07/2013 05:31 AM, Serge E. Hallyn wrote: > Quoting Gao feng (gaof...@cn.fujitsu.com): >> Here is the v1 patchset: http://lwn.net/Articles/549546/ >> >> The main target of this patchset is allowing user in audit >> namespace to

Re: [RFC Part1 PATCH 00/20 v2] Add namespace support for audit

On 12/07/2013 06:12 AM, Serge E. Hallyn wrote: > Quoting Gao feng (gaof...@cn.fujitsu.com): >> Hi >> >> On 10/24/2013 03:31 PM, Gao feng wrote: >>> Here is the v1 patchset: http://lwn.net/Articles/549546/ >>> >>> The main target of this patchset is

Re: [PATCH 18/20] audit: add new message type AUDIT_CREATE_NS

On 12/07/2013 06:10 AM, Serge E. Hallyn wrote: > Quoting Gao feng (gaof...@cn.fujitsu.com): >> Since there is no more place for flags of clone system call. >> we need to find a way to create audit namespace. >> >> this patch add a new type of message AUDIT_CREATE_NS. &

Re: [PATCH 16/20] audit: allow GET, SET, USER MSG operations in audit namespace

On 12/07/2013 06:00 AM, Serge E. Hallyn wrote: > Quoting Gao feng (gaof...@cn.fujitsu.com): >> 1, remove the permission check of pid namespace. it's no reason >>to deny un-init pid namespace to operate audit subsystem. >> >> 2, only allow init user namespa

Re: [PATCH 16/20] audit: allow GET, SET, USER MSG operations in audit namespace

On 12/07/2013 06:00 AM, Serge E. Hallyn wrote: Quoting Gao feng (gaof...@cn.fujitsu.com): 1, remove the permission check of pid namespace. it's no reason to deny un-init pid namespace to operate audit subsystem. 2, only allow init user namespace and init audit namespace to operate list

Re: [PATCH 18/20] audit: add new message type AUDIT_CREATE_NS

On 12/07/2013 06:10 AM, Serge E. Hallyn wrote: Quoting Gao feng (gaof...@cn.fujitsu.com): Since there is no more place for flags of clone system call. we need to find a way to create audit namespace. this patch add a new type of message AUDIT_CREATE_NS. user space can create new audit

Re: [RFC Part1 PATCH 00/20 v2] Add namespace support for audit

On 12/07/2013 06:12 AM, Serge E. Hallyn wrote: Quoting Gao feng (gaof...@cn.fujitsu.com): Hi On 10/24/2013 03:31 PM, Gao feng wrote: Here is the v1 patchset: http://lwn.net/Articles/549546/ The main target of this patchset is allowing user in audit namespace to generate the USER_MSG type

Re: [RFC Part1 PATCH 00/20 v2] Add namespace support for audit

Hi Serge, Thanks for your comments! On 12/07/2013 05:31 AM, Serge E. Hallyn wrote: Quoting Gao feng (gaof...@cn.fujitsu.com): Here is the v1 patchset: http://lwn.net/Articles/549546/ The main target of this patchset is allowing user in audit namespace to generate the USER_MSG type of audit

Re: [RFC Part1 PATCH 00/20 v2] Add namespace support for audit

Hi On 10/24/2013 03:31 PM, Gao feng wrote: > Here is the v1 patchset: http://lwn.net/Articles/549546/ > > The main target of this patchset is allowing user in audit > namespace to generate the USER_MSG type of audit message, > some userspace tools need to generate audit message, o

Re: [RFC Part1 PATCH 00/20 v2] Add namespace support for audit

Hi On 10/24/2013 03:31 PM, Gao feng wrote: Here is the v1 patchset: http://lwn.net/Articles/549546/ The main target of this patchset is allowing user in audit namespace to generate the USER_MSG type of audit message, some userspace tools need to generate audit message, or these tools

Re: [PATCH] nsproxy: Check to make sure count is truly zero before freeing

On 11/19/2013 08:04 AM, Steven Rostedt wrote: > > I'll start out saying that this email was a complete oops. I only kept > it around for reference, as this didn't fix the bug we were seeing, and > I used this email to just document what I initially thought. > Can you describe the panic

Re: [PATCH] nsproxy: Check to make sure count is truly zero before freeing

On 11/19/2013 08:04 AM, Steven Rostedt wrote: I'll start out saying that this email was a complete oops. I only kept it around for reference, as this didn't fix the bug we were seeing, and I used this email to just document what I initially thought. Can you describe the panic situation and

Re: [REVIEW][PATCH 1/2] userns: Better restrictions on when proc and sysfs can be mounted

On 11/15/2013 12:54 PM, Eric W. Biederman wrote: > Gao feng writes: > >> On 11/15/2013 12:54 AM, Andy Lutomirski wrote: >>> On Thu, Nov 14, 2013 at 3:10 AM, Gao feng wrote: >>>> On 11/13/2013 03:26 PM, Gao feng wrote: >>>>> On 11/09/2013 01:42

Re: [REVIEW][PATCH 1/2] userns: Better restrictions on when proc and sysfs can be mounted

On 11/15/2013 12:54 AM, Andy Lutomirski wrote: > On Thu, Nov 14, 2013 at 3:10 AM, Gao feng wrote: >> On 11/13/2013 03:26 PM, Gao feng wrote: >>> On 11/09/2013 01:42 PM, Eric W. Biederman wrote: >>>> Right now I would rather not have the empty directory except

Re: [PATCH] userns: allow privileged user to operate locked mount

On 11/15/2013 07:50 AM, Eric W. Biederman wrote: > Gao feng writes: > >> Privileged user should have rights to mount/umount/move >> these even locked mount. > > Hmm. This is pretty much a can't happen case, as the only exist in mount > namespaces where the globa

Re: [REVIEW][PATCH 1/2] userns: Better restrictions on when proc and sysfs can be mounted

On 11/13/2013 03:26 PM, Gao feng wrote: > On 11/09/2013 01:42 PM, Eric W. Biederman wrote: >> Gao feng writes: >> >>> On 11/02/2013 02:06 PM, Gao feng wrote: >>>> Hi Eric, >>>> >>>> On 08/28/2013 05:44 AM, Eric W. Biederman wrote: >&g

Re: [REVIEW][PATCH 1/2] userns: Better restrictions on when proc and sysfs can be mounted

On 11/13/2013 03:26 PM, Gao feng wrote: On 11/09/2013 01:42 PM, Eric W. Biederman wrote: Gao feng gaof...@cn.fujitsu.com writes: On 11/02/2013 02:06 PM, Gao feng wrote: Hi Eric, On 08/28/2013 05:44 AM, Eric W. Biederman wrote: Rely on the fact that another flavor of the filesystem

Re: [PATCH] userns: allow privileged user to operate locked mount

On 11/15/2013 07:50 AM, Eric W. Biederman wrote: Gao feng gaof...@cn.fujitsu.com writes: Privileged user should have rights to mount/umount/move these even locked mount. Hmm. This is pretty much a can't happen case, as the only exist in mount namespaces where the global root isn't

Re: [REVIEW][PATCH 1/2] userns: Better restrictions on when proc and sysfs can be mounted

On 11/15/2013 12:54 AM, Andy Lutomirski wrote: On Thu, Nov 14, 2013 at 3:10 AM, Gao feng gaof...@cn.fujitsu.com wrote: On 11/13/2013 03:26 PM, Gao feng wrote: On 11/09/2013 01:42 PM, Eric W. Biederman wrote: Right now I would rather not have the empty directory exception than remove this code

Re: [REVIEW][PATCH 1/2] userns: Better restrictions on when proc and sysfs can be mounted

On 11/15/2013 12:54 PM, Eric W. Biederman wrote: Gao feng gaof...@cn.fujitsu.com writes: On 11/15/2013 12:54 AM, Andy Lutomirski wrote: On Thu, Nov 14, 2013 at 3:10 AM, Gao feng gaof...@cn.fujitsu.com wrote: On 11/13/2013 03:26 PM, Gao feng wrote: On 11/09/2013 01:42 PM, Eric W. Biederman

[PATCH] userns: allow privileged user to operate locked mount

Privileged user should have rights to mount/umount/move these even locked mount. Signed-off-by: Gao feng --- fs/namespace.c | 14 ++ 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/fs/namespace.c b/fs/namespace.c index da5c494..7097fc7 100644 --- a/fs/namespace.c

Re: [REVIEW][PATCH 1/2] userns: Better restrictions on when proc and sysfs can be mounted

On 11/09/2013 01:42 PM, Eric W. Biederman wrote: > Gao feng writes: > >> On 11/02/2013 02:06 PM, Gao feng wrote: >>> Hi Eric, >>> >>> On 08/28/2013 05:44 AM, Eric W. Biederman wrote: >>>> >>>> Rely on the fact that another flavor of

Re: [REVIEW][PATCH 1/2] userns: Better restrictions on when proc and sysfs can be mounted

On 11/09/2013 01:42 PM, Eric W. Biederman wrote: Gao feng gaof...@cn.fujitsu.com writes: On 11/02/2013 02:06 PM, Gao feng wrote: Hi Eric, On 08/28/2013 05:44 AM, Eric W. Biederman wrote: Rely on the fact that another flavor of the filesystem is already mounted and do not rely on state

[PATCH] userns: allow privileged user to operate locked mount

Privileged user should have rights to mount/umount/move these even locked mount. Signed-off-by: Gao feng gaof...@cn.fujitsu.com --- fs/namespace.c | 14 ++ 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/fs/namespace.c b/fs/namespace.c index da5c494..7097fc7 100644

Re: [REVIEW][PATCH 1/2] userns: Better restrictions on when proc and sysfs can be mounted

On 11/02/2013 02:06 PM, Gao feng wrote: > Hi Eric, > > On 08/28/2013 05:44 AM, Eric W. Biederman wrote: >> >> Rely on the fact that another flavor of the filesystem is already >> mounted and do not rely on state in the user namespace. >> >> Verify that the m

Re: [REVIEW][PATCH 1/2] userns: Better restrictions on when proc and sysfs can be mounted

On 11/02/2013 02:06 PM, Gao feng wrote: Hi Eric, On 08/28/2013 05:44 AM, Eric W. Biederman wrote: Rely on the fact that another flavor of the filesystem is already mounted and do not rely on state in the user namespace. Verify that the mounted filesystem is not covered in any significant

Re: [RFC Part1 PATCH 00/20 v2] Add namespace support for audit

On 11/06/2013 03:14 AM, Richard Guy Briggs wrote: > On Tue, Nov 05, 2013 at 04:56:55PM +0800, Gao feng wrote: >> On 11/05/2013 04:11 PM, Li Zefan wrote: >>> On 2013/11/5 15:52, Gao feng wrote: >>>> On 11/05/2013 03:51 PM, Gao feng wrote: >>>>> Ping...

Re: [RFC Part1 PATCH 00/20 v2] Add namespace support for audit

On 11/06/2013 03:14 AM, Richard Guy Briggs wrote: On Tue, Nov 05, 2013 at 04:56:55PM +0800, Gao feng wrote: On 11/05/2013 04:11 PM, Li Zefan wrote: On 2013/11/5 15:52, Gao feng wrote: On 11/05/2013 03:51 PM, Gao feng wrote: Ping... I want to catch up the merge window.. Even if your

Re: [RFC Part1 PATCH 00/20 v2] Add namespace support for audit

On 11/05/2013 04:11 PM, Li Zefan wrote: > On 2013/11/5 15:52, Gao feng wrote: >> On 11/05/2013 03:51 PM, Gao feng wrote: >>> Ping... >>> >> >> I want to catch up the merge window.. >> > > Even if your patches are accepted by a certain maint

Re: [RFC Part1 PATCH 00/20 v2] Add namespace support for audit

On 11/05/2013 04:11 PM, Li Zefan wrote: On 2013/11/5 15:52, Gao feng wrote: On 11/05/2013 03:51 PM, Gao feng wrote: Ping... I want to catch up the merge window.. Even if your patches are accepted by a certain maintainer immediately, he will in no doubt queue them for 3.14. Yes, you

Re: [RFC Part1 PATCH 00/20 v2] Add namespace support for audit

On 11/05/2013 03:51 PM, Gao feng wrote: > Ping... > I want to catch up the merge window.. > On 10/31/2013 11:52 AM, Gao feng wrote: >> Hi Eric Paris, >> >> Can you give me some comments? >> >> You think the tying audit namespace to user namespace is

Re: [RFC Part1 PATCH 00/20 v2] Add namespace support for audit

Ping... On 10/31/2013 11:52 AM, Gao feng wrote: > Hi Eric Paris, > > Can you give me some comments? > > You think the tying audit namespace to user namespace is a bad idea, > so this patchset doesn't assign auditns to userns and introduce an > new audit netlink type to

Re: [RFC Part1 PATCH 00/20 v2] Add namespace support for audit

Ping... On 10/31/2013 11:52 AM, Gao feng wrote: Hi Eric Paris, Can you give me some comments? You think the tying audit namespace to user namespace is a bad idea, so this patchset doesn't assign auditns to userns and introduce an new audit netlink type to help to create audit namespace

Re: [RFC Part1 PATCH 00/20 v2] Add namespace support for audit

On 11/05/2013 03:51 PM, Gao feng wrote: Ping... I want to catch up the merge window.. On 10/31/2013 11:52 AM, Gao feng wrote: Hi Eric Paris, Can you give me some comments? You think the tying audit namespace to user namespace is a bad idea, so this patchset doesn't assign auditns

Re: [REVIEW][PATCH 1/2] userns: Better restrictions on when proc and sysfs can be mounted

Hi Eric, On 08/28/2013 05:44 AM, Eric W. Biederman wrote: > > Rely on the fact that another flavor of the filesystem is already > mounted and do not rely on state in the user namespace. > > Verify that the mounted filesystem is not covered in any significant > way. I would love to verify that

Re: [REVIEW][PATCH 1/2] userns: Better restrictions on when proc and sysfs can be mounted

Hi Eric, On 08/28/2013 05:44 AM, Eric W. Biederman wrote: Rely on the fact that another flavor of the filesystem is already mounted and do not rely on state in the user namespace. Verify that the mounted filesystem is not covered in any significant way. I would love to verify that the

[PATCH v2] audit: remove useless code in audit_enable

Since kernel parameter is operated before initcall, so the audit_initialized must be AUDIT_UNINITIALIZED or DISABLED in audit_enable. Signed-off-by: Gao feng --- kernel/audit.c | 13 ++--- 1 file changed, 2 insertions(+), 11 deletions(-) change from v1: convert "printk(KERN

[PATCH v2] audit: remove useless code in audit_enable

Since kernel parameter is operated before initcall, so the audit_initialized must be AUDIT_UNINITIALIZED or DISABLED in audit_enable. Signed-off-by: Gao feng gaof...@cn.fujitsu.com --- kernel/audit.c | 13 ++--- 1 file changed, 2 insertions(+), 11 deletions(-) change from v1: convert

Re: [RFC Part1 PATCH 00/20 v2] Add namespace support for audit

of net namespaces have ability to send/ receive audit netlink message. I may miss some points, if you find there are some shortage or loophole, please let me know. Thanks! On 10/24/2013 03:31 PM, Gao feng wrote: > Here is the v1 patchset: http://lwn.net/Articles/549546/ > > The ma

Re: [RFC Part1 PATCH 00/20 v2] Add namespace support for audit

of net namespaces have ability to send/ receive audit netlink message. I may miss some points, if you find there are some shortage or loophole, please let me know. Thanks! On 10/24/2013 03:31 PM, Gao feng wrote: Here is the v1 patchset: http://lwn.net/Articles/549546/ The main target

[PATCH 15/20] audit: Log audit pid config change in audit namespace

This patch allow to log audit config change in audit namespace. Signed-off-by: Gao feng --- kernel/audit.c | 18 +- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/kernel/audit.c b/kernel/audit.c index 92da21d..095f54d 100644 --- a/kernel/audit.c +++ b/kernel

[PATCH 03/20] audit: make audit_skb_queue per audit namespace

This patch makes audit_skb_queue per audit namespace, Since we haven't finished the preparations, only allow user to attach/detach skb to the queue of init_audit_ns. Signed-off-by: Gao feng --- include/linux/audit_namespace.h | 3 +++ kernel/audit.c | 18 +- 2

[PATCH 06/20] audit: make kauditd_task per audit namespace

kauditd_task is used to send audit netlink messages to the user space auditd process. Because the netlink messages are per audit namespace, we should make kaudit_task per auditns to operate the right netlink skb. Signed-off-by: Gao feng --- include/linux/audit_namespace.h | 12

[PATCH 01/20] Audit: make audit netlink socket net namespace unaware

per-netns audit kernel side socket(audit_sock), it's pain to depend on and get reference of netns for auditns. Signed-off-by: Gao feng --- kernel/audit.c | 6 ++ 1 file changed, 6 insertions(+) diff --git a/kernel/audit.c b/kernel/audit.c index 7b0e23a..468950b 100644 --- a/kernel/audit.c

[PATCH 09/20] audit: make audit_backlog_wait per audit namespace

Tasks are added to audit_backlog_wait when the audit_skb_queue of audit namespace is full, so audit_backlog_wait should be per audit namespace too. Signed-off-by: Gao feng --- include/linux/audit_namespace.h | 1 + kernel/audit.c | 11 +-- 2 files changed, 6 insertions

[PATCH 12/20] audit: use proper audit_namespace in kauditd_thread

Signed-off-by: Gao feng --- kernel/audit.c | 34 +- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/kernel/audit.c b/kernel/audit.c index 5524deb..b203017 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -338,11 +338,11 @@ static int

[PATCH 05/20] audit: make audit_pid per audit namespace

-by: Gao feng --- include/linux/audit_namespace.h | 2 ++ kernel/audit.c | 43 ++--- kernel/audit.h | 5 ++--- kernel/auditsc.c| 6 +++--- 4 files changed, 39 insertions(+), 17 deletions(-) diff --git a/include

[PATCH 02/20] audit: introduce configure option CONFIG_AUDIT_NS

Signed-off-by: Gao feng --- include/linux/audit_namespace.h | 51 + include/linux/nsproxy.h | 11 + init/Kconfig| 10 kernel/Makefile | 2 +- kernel/audit_namespace.c| 8 +++

[PATCH 04/20] audit: make audit_skb_hold_queue per audit namespace

This patch makes audit_skb_hold_queue per audit namespace. Signed-off-by: Gao feng --- include/linux/audit_namespace.h | 3 +++ kernel/audit.c | 12 +--- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/include/linux/audit_namespace.h b/include/linux

[RFC Part1 PATCH 00/20 v2] Add namespace support for audit

in order to get more comments, so I can keep on improving namespace support for audit. Gao feng (20): Audit: make audit netlink socket net namespace unaware audit: introduce configure option CONFIG_AUDIT_NS audit: make audit_skb_queue per audit namespace audit: make audit_skb_hold_queue per

[PATCH 10/20] audit: allow un-init audit ns to change pid and portid only

Only these two vars are namespace aware. Signed-off-by: Gao feng --- kernel/audit.c | 26 -- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/kernel/audit.c b/kernel/audit.c index d7a0993..2132929 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -685,16

[PATCH 11/20] audit: use proper audit namespace in audit_receive_msg

Signed-off-by: Gao feng --- kernel/audit.c | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/kernel/audit.c b/kernel/audit.c index 2132929..5524deb 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -662,11 +662,11 @@ static int audit_receive_msg(struct sk_buff *skb

[PATCH 13/20] audit: introduce new audit logging interface for audit namespace

This interface audit_log_start_ns and audit_log_end_ns will be used for logging audit logs in audit namespace. Signed-off-by: Gao feng --- include/linux/audit.h | 26 +-- kernel/audit.c| 92 ++- 2 files changed, 77 insertions

[PATCH 08/20] audit: make kaudit_wait queue per audit namespace

kauditd_task is added to the wait queue kaudit_wait when there is no audit message being generated in audit namespace, so the kaudit_wait should be per audit namespace too. Signed-off-by: Gao feng --- include/linux/audit_namespace.h | 2 ++ kernel/audit.c | 8 2 files

  1   2   3   4   5   >