linux

mainlining shenanigans

Go to file

Vincent Bernat c427bfec18 net: core: enable SO_BINDTODEVICE for non-root users Currently, SO_BINDTODEVICE requires CAP_NET_RAW. This change allows a non-root user to bind a socket to an interface if it is not already bound. This is useful to allow an application to bind itself to a specific VRF for outgoing or incoming connections. Currently, an application wanting to manage connections through several VRF need to be privileged. Previously, IP_UNICAST_IF and IPV6_UNICAST_IF were added for Wine (`76e21053b5` and `c4062dfc42`) specifically for use by non-root processes. However, they are restricted to sendmsg() and not usable with TCP. Allowing SO_BINDTODEVICE would allow TCP clients to get the same privilege. As for TCP servers, outside the VRF use case, SO_BINDTODEVICE would only further restrict connections a server could accept. When an application is restricted to a VRF (with `ip vrf exec`), the socket is bound to an interface at creation and therefore, a non-privileged call to SO_BINDTODEVICE to escape the VRF fails. When an application bound a socket to SO_BINDTODEVICE and transmit it to a non-privileged process through a Unix socket, a tentative to change the bound device also fails. Before: >>> import socket >>> s=socket.socket(socket.AF_INET, socket.SOCK_STREAM) >>> s.setsockopt(socket.SOL_SOCKET, socket.SO_BINDTODEVICE, b"dummy0") Traceback (most recent call last): File "<stdin>", line 1, in <module> PermissionError: [Errno 1] Operation not permitted After: >>> import socket >>> s=socket.socket(socket.AF_INET, socket.SOCK_STREAM) >>> s.setsockopt(socket.SOL_SOCKET, socket.SO_BINDTODEVICE, b"dummy0") >>> s.setsockopt(socket.SOL_SOCKET, socket.SO_BINDTODEVICE, b"dummy0") Traceback (most recent call last): File "<stdin>", line 1, in <module> PermissionError: [Errno 1] Operation not permitted Signed-off-by: Vincent Bernat <vincent@bernat.ch> Reviewed-by: David Ahern <dsahern@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>		2020-04-02 17:46:43 -07:00
arch	x86: get rid of 'errret' argument to __get_user_xyz() macross	2020-03-31 18:23:47 -07:00
block	Merge branch 'efi-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip	2020-03-30 16:13:08 -07:00
certs	certs: Add wrapper function to check blacklisted binary hash	2019-11-12 12:25:50 +11:00
crypto	Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity	2020-02-20 15:15:16 -08:00
Documentation	dt-bindings: net: mvusb: Fix example errors	2020-04-01 11:26:03 -07:00
drivers	net: stmmac: xgmac: Fix VLAN register handling	2020-04-02 07:04:45 -07:00
fs	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next	2020-03-31 17:29:33 -07:00
include	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next	2020-03-31 17:29:33 -07:00
init	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next	2020-03-31 17:29:33 -07:00
ipc	Revert "ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem()"	2020-02-21 11:22:15 -08:00
kernel	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next	2020-03-31 17:29:33 -07:00
lib	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next	2020-03-31 17:29:33 -07:00
LICENSES	LICENSES: Rename other to deprecated	2019-05-03 06:34:32 -06:00
mm	arm64 updates for 5.7:	2020-03-31 10:05:01 -07:00
net	net: core: enable SO_BINDTODEVICE for non-root users	2020-04-02 17:46:43 -07:00
samples	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next	2020-03-31 17:29:33 -07:00
scripts	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next	2020-03-31 17:29:33 -07:00
security	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next	2020-03-31 17:29:33 -07:00
sound	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next	2020-03-31 17:29:33 -07:00
tools	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next	2020-03-31 17:29:33 -07:00
usr	initramfs: restore default compression behavior	2020-03-17 09:50:37 +09:00
virt	irqchip/gic-v4.1: Move doorbell management to the GICv4 abstraction layer	2020-03-24 12:15:51 +00:00
.clang-format	clang-format: Update with the latest for_each macro list	2020-03-06 21:50:05 +01:00
.cocciconfig
.get_maintainer.ignore	Opt out of scripts/get_maintainer.pl	2019-05-16 10:53:40 -07:00
.gitattributes	.gitattributes: use 'dts' diff driver for dts files	2019-12-04 19:44:11 -08:00
.gitignore	selftest/lkdtm: Use local .gitignore	2020-03-02 08:39:39 -07:00
.mailmap	media updates for v5.7-rc1	2020-03-30 13:42:05 -07:00
COPYING	COPYING: state that all contributions really are covered by this file	2020-02-10 13:32:20 -08:00
CREDITS	MAINTAINERS: Hand MIPS over to Thomas	2020-02-24 22:43:18 -08:00
Kbuild	kbuild: rename hostprogs-y/always to hostprogs/always-y	2020-02-04 01:53:07 +09:00
Kconfig	docs: kbuild: convert docs to ReST and rename to *.rst	2019-06-14 14:21:21 -06:00
MAINTAINERS	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next	2020-03-31 17:29:33 -07:00
Makefile	Kbuild updates for v5.7	2020-03-31 16:03:39 -07:00
README	Drop all 00-INDEX files from Documentation/	2018-09-09 15:08:58 -06:00

README

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.