Lines Matching +full:i +full:- +full:leak +full:- +full:current
1 // SPDX-License-Identifier: GPL-2.0-only
2 /* -*- linux-c -*-
33 return ¤t->nsproxy->net_ns->sysctls; in net_ctl_header_lookup()
38 return ¤t->nsproxy->net_ns->sysctls == set; in is_seen()
45 struct net *net = container_of(head->set, struct net, sysctls); in net_ctl_permissions()
48 if (ns_capable_noaudit(net->user_ns, CAP_NET_ADMIN)) { in net_ctl_permissions()
49 int mode = (table->mode >> 6) & 7; in net_ctl_permissions()
53 return table->mode; in net_ctl_permissions()
60 struct net *net = container_of(head->set, struct net, sysctls); in net_ctl_set_ownership()
64 ns_root_uid = make_kuid(net->user_ns, 0); in net_ctl_set_ownership()
68 ns_root_gid = make_kgid(net->user_ns, 0); in net_ctl_set_ownership()
81 setup_sysctl_set(&net->sysctls, &net_sysctl_root, is_seen); in sysctl_net_init()
87 retire_sysctl_set(&net->sysctls); in sysctl_net_exit()
99 int ret = -ENOMEM; in net_sysctl_init()
118 /* Verify that sysctls for non-init netns are safe by either:
119 * 1) being read-only, or
121 * data segment, and rather into the heap where a per-net object was
131 for (size_t i = 0; i < table_size && ent->procname; ent++, i++) { in ensure_safe_net_sysctl() local
136 ent->procname, ent->mode, ent->proc_handler, ent->data); in ensure_safe_net_sysctl()
139 if ((ent->mode & 0222) == 0) { in ensure_safe_net_sysctl()
145 addr = (unsigned long)ent->data; in ensure_safe_net_sysctl()
154 * data, then it's probably a netns leak. in ensure_safe_net_sysctl()
157 path, ent->procname, where, ent->data); in ensure_safe_net_sysctl()
160 ent->mode &= ~0222; in ensure_safe_net_sysctl()
176 for (count = 0 ; count < table_size && entry->procname; entry++, count++) in register_net_sysctl_sz()
179 return __register_sysctl_table(&net->sysctls, path, table, count); in register_net_sysctl_sz()