Commit 2342fd7e authored by Denis V. Lunev's avatar Denis V. Lunev Committed by David S. Miller
Browse files

[NETNS]: Allow to create sockets in non-initial namespace. 



Allow to create sockets in the namespace if the protocol ok with this.

Signed-off-by: default avatarDenis V. Lunev <den@openvz.org>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent f145049a

net/ipv4/af_inet.c

+21 −3
Original line number Diff line number Diff line
@@ -243,6 +243,23 @@ void build_ehash_secret(void) 
}

EXPORT_SYMBOL(build_ehash_secret);



static inline int inet_netns_ok(struct net *net, int protocol)

{

	int hash;

	struct net_protocol *ipprot;



	if (net == &init_net)

		return 1;



	hash = protocol & (MAX_INET_PROTOS - 1);

	ipprot = rcu_dereference(inet_protos[hash]);



	if (ipprot == NULL)

		/* raw IP is OK */

		return 1;

	return ipprot->netns_ok;

}



/*

 *	Create an inet socket.

 */
@@ -259,9 +276,6 @@ static int inet_create(struct net *net, struct socket *sock, int protocol) 
	int try_loading_module = 0;

	int err;



	if (net != &init_net)

		return -EAFNOSUPPORT;



	if (sock->type != SOCK_RAW &&

	    sock->type != SOCK_DGRAM &&

	    !inet_ehash_secret)
@@ -320,6 +334,10 @@ static int inet_create(struct net *net, struct socket *sock, int protocol) 
	if (answer->capability > 0 && !capable(answer->capability))

		goto out_rcu_unlock;



	err = -EAFNOSUPPORT;

	if (!inet_netns_ok(net, protocol))

		goto out_rcu_unlock;



	sock->ops = answer->ops;

	answer_prot = answer->prot;

	answer_no_check = answer->no_check;