netns sysctl isolation
Krzysztof Kozlowski
krzysztof.kozlowski at canonical.com
Wed May 26 14:07:14 UTC 2021
On 25/05/2021 01:11, Jonathon Reinhart wrote:
> Hello Ubuntu kernel team,
>
> I have recently gone about ensuring that all 'net' sysctls are
> properly isolated within kernel network namespaces. In doing so, I
> fixed three Linux kernel bugs in mainline and backported to all
> relevant LTS kernels.
>
> The README on this GitHub project should provide all relevant
> information about the motivation, bugs, and fixes:
> https://github.com/JonathonReinhart/linux-netns-sysctl-verify
>
> I have confirmed the the following Ubuntu kernels exhibit these bugs:
>
> Ubuntu 18.04 (bionic) 4.15.0-143-generic exhibits "Bug 1", and "Bug 3".
> Ubuntu 20.04 (focal): 5.4.0-73-generic exhibits "Bug 1", and "Bug 3".
> Ubuntu 20.10 (groovy) 5.8.0-53-generic exhibits "Bug 1", "Bug 2", and "Bug 3".
> Ubuntu 21.04 (hirsute) 5.11.0-17-generic exhibis "Bug 1", "Bug 2", and "Bug 3".
>
> My questions for you
Hi Jonathon,
Thanks for letting us now, we appreciate it. Nice work upstream!
> What is the best way to go about getting these fixes backported to the
> Ubuntu kernels?
>
> Is this something the Ubuntu kernel team will pick up on their own?
> (I'm guessing not, since these kernels don't track upstream stable.)
The kernels which follow LTS will get it via upstream stable. For the
kernels we maintain, we will likely take it manually from the upstream
however separate submission/fix is also highly welcomed.
> Is this something the kernel team can handle with the provided
> information, or should I submit patches? If the latter, are these the
> kernels for which I should submit patches? And are they submitted to
> this mailing list?
It would be great if you could submit the patches to us by following
Ubuntu Stable Release Update process:
https://wiki.ubuntu.com/StableReleaseUpdates
This requires:
1. A Bug in Launchpad (see SRU Bug Template in link above)
2. Backported patches (via cherry-pick) sent with cover letter following
the process here:
https://wiki.ubuntu.com/Kernel/Dev/StablePatchFormat
a. Proper SRU title,
b. Buglink at the beginning,
c. "(cherry-picked|backported) from commit" - depending whether this was
clean cherry-pick or some more work was needed (nice to explain what
additional work was done in case of backport)
See "Complete Examples" for cover letter and actual patch.
Such help from your side is greatly valued. :)
Best regards,
Krzysztof
More information about the kernel-team
mailing list