iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4548b683b7
linux/net/sctp
History
Krister Johansen 4548b683b7 Introduce a sysctl that modifies the value of PROT_SOCK. 
Add net.ipv4.ip_unprivileged_port_start, which is a per namespace sysctl
that denotes the first unprivileged inet port in the namespace.  To
disable all privileged ports set this to zero.  It also checks for
overlap with the local port range.  The privileged and local range may
not overlap.

The use case for this change is to allow containerized processes to bind
to priviliged ports, but prevent them from ever being allowed to modify
their container's network configuration.  The latter is accomplished by
ensuring that the network namespace is not a child of the user
namespace.  This modification was needed to allow the container manager
to disable a namespace's priviliged port restrictions without exposing
control of the network namespace to processes in the user namespace.

Signed-off-by: Krister Johansen <kjlx@templeofstupid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-01-24 12:10:51 -05:00
..
associola.c sctp: add sockopt SCTP_ENABLE_STREAM_RESET 2017-01-18 14:55:10 -05:00
auth.c sctp: use IS_ENABLED() instead of checking for built-in or module 2016-09-10 21:19:11 -07:00
bind_addr.c sctp: not copying duplicate addrs to the assoc's bind address list 2016-12-20 14:15:45 -05:00
chunk.c sctp: refactor sctp_datamsg_from_user 2016-12-29 14:44:03 -05:00
debug.c
endpointola.c sctp: add reconf_enable in asoc ep and netns 2017-01-18 14:55:10 -05:00
input.c sctp: add pr_debug for tracking asocs not found 2016-12-28 14:26:17 -05:00
inqueue.c sctp: rename WORD_TRUNC/ROUND macros 2016-09-22 03:13:26 -04:00
ipv6.c sctp: simplify addr copy 2016-12-28 14:06:31 -05:00
Kconfig sctp: add the sctp_diag.c file 2016-04-15 17:29:36 -04:00
Makefile sctp: prepare asoc stream for stream reconf 2017-01-06 21:07:26 -05:00
objcnt.c sctp: prepare asoc stream for stream reconf 2017-01-06 21:07:26 -05:00
offload.c sctp: fix GSO for IPv6 2016-07-16 22:02:09 -07:00
output.c sctp: remove return value from sctp_packet_init/config 2016-12-28 14:06:31 -05:00
outqueue.c sctp: implement sender-side procedures for SSN Reset Request Parameter 2017-01-18 14:55:11 -05:00
primitive.c sctp: add stream reconf primitive 2017-01-18 14:55:10 -05:00
probe.c net: sctp: Convert log timestamps to be y2038 safe 2016-03-01 17:18:44 -05:00
proc.c net: Suppress the "Comparison to NULL could be written" warnings 2016-09-30 01:50:45 -04:00
protocol.c sctp: add reconf_enable in asoc ep and netns 2017-01-18 14:55:10 -05:00
sctp_diag.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-10-02 22:20:41 -04:00
sm_make_chunk.c sctp: add reconf_enable in asoc ep and netns 2017-01-18 14:55:10 -05:00
sm_sideeffect.c sctp: add stream reconf timer 2017-01-18 14:55:10 -05:00
sm_statefuns.c sctp: add stream reconf primitive 2017-01-18 14:55:10 -05:00
sm_statetable.c sctp: add stream reconf primitive 2017-01-18 14:55:10 -05:00
socket.c Introduce a sysctl that modifies the value of PROT_SOCK. 2017-01-24 12:10:51 -05:00
stream.c sctp: implement sender-side procedures for SSN Reset Request Parameter 2017-01-18 14:55:11 -05:00
sysctl.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-01-11 23:55:43 -05:00
transport.c sctp: add stream reconf timer 2017-01-18 14:55:10 -05:00
tsnmap.c
ulpevent.c sctp: rename WORD_TRUNC/ROUND macros 2016-09-22 03:13:26 -04:00
ulpqueue.c sctp: prepare asoc stream for stream reconf 2017-01-06 21:07:26 -05:00