• Eric W. Biederman's avatar
    userns: make each net (net_ns) belong to a user_ns · 038e7332
    Eric W. Biederman authored
    The user namespace which creates a new network namespace owns that
    namespace and all resources created in it.  This way we can target
    capability checks for privileged operations against network resources to
    the user_ns which created the network namespace in which the resource
    lives.  Privilege to the user namespace which owns the network
    namespace, or any parent user namespace thereof, provides the same
    privilege to the network resource.
    
    This patch is reworked from a version originally by
    Serge E. Hallyn <serge.hallyn@canonical.com>
    Acked-by: default avatarSerge Hallyn <serge.hallyn@canonical.com>
    Signed-off-by: default avatarEric W. Biederman <ebiederm@xmission.com>
    038e7332
net_namespace.c 14.6 KB