[Devel] [PATCH] netfilter: allow adding matches from the container initial user namespace
Kirill Tkhai
ktkhai at virtuozzo.com
Tue Jun 6 11:47:08 MSK 2017
On 05.06.2017 21:05, Stanislav Kinsburskiy wrote:
> https://jira.sw.ru/browse/PSBM-43609
>
> Signed-off-by: Stanislav Kinsburskiy <skinsbursky at virtuozzo.com>
Acked-by: Kirill Tkhai <ktkhai at virtuozzo.com>
> ---
> net/netfilter/xt_owner.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/netfilter/xt_owner.c b/net/netfilter/xt_owner.c
> index 79558fe..942cce1 100644
> --- a/net/netfilter/xt_owner.c
> +++ b/net/netfilter/xt_owner.c
> @@ -83,7 +83,7 @@ static int owner_check(const struct xt_mtchk_param *par)
>
> /* For now only allow adding matches from the initial user namespace */
> if ((info->match & (XT_OWNER_UID|XT_OWNER_GID)) &&
> - (current_user_ns() != &init_user_ns))
> + !current_user_ns_initial())
> return -EINVAL;
> return 0;
> }
>
More information about the Devel
mailing list