NAK: [PATCH][SRU][Disco] ipv4: enable route flushing in network namespaces

Tyler Hicks tyhicks at canonical.com
Wed Sep 25 13:38:43 UTC 2019 

On 2019-09-25 10:47:29, Stefan Bader wrote:
> On 06.09.19 15:03, Christian Brauner wrote:
> > BugLink: https://bugs.launchpad.net/bugs/1836912
> > 
> > Tools such as vpnc try to flush routes when run inside network
> > namespaces by writing 1 into /proc/sys/net/ipv4/route/flush. This
> > currently does not work because flush is not enabled in non-initial
> > network namespaces.
> > Since routes are per network namespace it is safe to enable
> > /proc/sys/net/ipv4/route/flush in there.
> > 
> > Link: https://github.com/lxc/lxd/issues/4257
> > Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
> > Signed-off-by: David S. Miller <davem at davemloft.net>
> 
> From (cherry picked/backported)?

Christian sent a second version of this patch that contained the cherry
picked line:

 https://lists.ubuntu.com/archives/kernel-team/2019-September/103672.html

I've already given my ack to that patch so lets just nack this one.

> Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>

I'll expand on this part of Stefan's request since it might not be
obvious.

Christian, we always inject our Signed-off-by line when submitting a
patch for inclusion in Ubuntu kernels. This is true even for patches
where you are the upstream author.

The easiest way to get this right is to use the following command:

 $ git cherry-pick -xse <commit>

It adds a "(cherry picked from commit <commit>)" line and also adds your
S-O-B.

One notable exception to this rule is when you have to make adjustments
to the patch in order to get it to apply. In that case, you must
manually change the words "cherry picked" to "backported" resulting in
"(backported from commit <commit>)".

Tyler

> 
> > ---
> >  net/ipv4/route.c | 12 ++++++++----
> >  1 file changed, 8 insertions(+), 4 deletions(-)
> > 
> > diff --git a/net/ipv4/route.c b/net/ipv4/route.c
> > index 3c89ca325947..4b1ec9710a32 100644
> > --- a/net/ipv4/route.c
> > +++ b/net/ipv4/route.c
> > @@ -3077,9 +3077,11 @@ static struct ctl_table ipv4_route_table[] = {
> >  	{ }
> >  };
> >  
> > +static const char ipv4_route_flush_procname[] = "flush";
> > +
> >  static struct ctl_table ipv4_route_flush_table[] = {
> >  	{
> > -		.procname	= "flush",
> > +		.procname	= ipv4_route_flush_procname,
> >  		.maxlen		= sizeof(int),
> >  		.mode		= 0200,
> >  		.proc_handler	= ipv4_sysctl_rtcache_flush,
> > @@ -3097,9 +3099,11 @@ static __net_init int sysctl_route_net_init(struct net *net)
> >  		if (!tbl)
> >  			goto err_dup;
> >  
> > -		/* Don't export sysctls to unprivileged users */
> > -		if (net->user_ns != &init_user_ns)
> > -			tbl[0].procname = NULL;
> > +		/* Don't export non-whitelisted sysctls to unprivileged users */
> > +		if (net->user_ns != &init_user_ns) {
> > +			if (tbl[0].procname != ipv4_route_flush_procname)
> > +				tbl[0].procname = NULL;
> > +		}
> >  	}
> >  	tbl[0].extra1 = net;
> >  
> > 
> 
> 




> -- 
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

More information about the kernel-team mailing list