Messages in this thread
|
On Tue, Dec 5, 2017 at 6:19 PM, David Ahern <dsahern@gmail.com> wrote:
>> + if (!net_eq(dev_net(dev), sock_net(sk)) &&
>> + !net_eq(dev_net(dev), &init_net)) {
>
> Why is init_net special? Seems like snooping should be limited to the
> namespace you are in.
Depends how important it is to preserve the current "typical use case"
behavior, where the root user in the init netns can see all netlink
traffic on the system.
©2003-2020 Jasper Spaans|hosted at Digital Ocean and my Meterkast|Read the blog