Lines Matching +full:i +full:- +full:leak +full:- +full:current
1 // SPDX-License-Identifier: GPL-2.0-only
2 /* -*- linux-c -*-
33 return ¤t->nsproxy->net_ns->sysctls; in net_ctl_header_lookup()
38 return ¤t->nsproxy->net_ns->sysctls == set; in is_seen()
45 struct net *net = container_of(head->set, struct net, sysctls); in net_ctl_permissions()
48 if (ns_capable_noaudit(net->user_ns, CAP_NET_ADMIN)) { in net_ctl_permissions()
49 int mode = (table->mode >> 6) & 7; in net_ctl_permissions()
53 return table->mode; in net_ctl_permissions()
59 struct net *net = container_of(head->set, struct net, sysctls); in net_ctl_set_ownership()
63 ns_root_uid = make_kuid(net->user_ns, 0); in net_ctl_set_ownership()
67 ns_root_gid = make_kgid(net->user_ns, 0); in net_ctl_set_ownership()
80 setup_sysctl_set(&net->sysctls, &net_sysctl_root, is_seen); in sysctl_net_init()
86 retire_sysctl_set(&net->sysctls); in sysctl_net_exit()
98 int ret = -ENOMEM; in net_sysctl_init()
117 /* Verify that sysctls for non-init netns are safe by either:
118 * 1) being read-only, or
120 * data segment, and rather into the heap where a per-net object was
130 for (size_t i = 0; i < table_size; ent++, i++) { in ensure_safe_net_sysctl() local
135 ent->procname, ent->mode, ent->proc_handler, ent->data); in ensure_safe_net_sysctl()
138 if ((ent->mode & 0222) == 0) { in ensure_safe_net_sysctl()
144 addr = (unsigned long)ent->data; in ensure_safe_net_sysctl()
153 * data, then it's probably a netns leak. in ensure_safe_net_sysctl()
156 path, ent->procname, where, ent->data); in ensure_safe_net_sysctl()
159 ent->mode &= ~0222; in ensure_safe_net_sysctl()
171 return __register_sysctl_table(&net->sysctls, path, table, table_size); in register_net_sysctl_sz()