netns: enable to inherit devconf from current netns

The goal is to be able to inherit the initial devconf parameters from the
current netns, ie the netns where this new netns has been created.

This is useful in a containers environment where /proc/sys is read only.
For example, if a pod is created with specifics devconf parameters and has
the capability to create netns, the user expects to get the same parameters
than his 'init_net', which is not the real init_net in this case.

Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/Documentation/admin-guide/sysctl/net.rst b/Documentation/admin-guide/sysctl/net.rst
index 2ad1b77a7182be00198f418d1291b3925c8e11c7..42cd04bca5486766b0122431fd57d4ef408abfc0 100644 (file)
--- a/Documentation/admin-guide/sysctl/net.rst
+++ b/Documentation/admin-guide/sysctl/net.rst
@@ -339,7 +339,9 @@ settings from init_net and for IPv6 we reset all settings to default.
 
 If set to 1, both IPv4 and IPv6 settings are forced to inherit from
 current ones in init_net. If set to 2, both IPv4 and IPv6 settings are
-forced to reset to their default values.
+forced to reset to their default values. If set to 3, both IPv4 and IPv6
+settings are forced to inherit from current ones in the netns where this
+new netns has been created.
 
 Default : 0  (for compatibility reasons)
 

diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
index 0ddb13a6282b009f3e229bc1a5f64fe740a163a1..b109cc8a6dd848167e034ebf1361a8482f09123d 100644 (file)
--- a/net/core/sysctl_net_core.c
+++ b/net/core/sysctl_net_core.c
@@ -23,6 +23,7 @@
 #include <net/pkt_sched.h>
 
 static int two __maybe_unused = 2;
+static int three = 3;
 static int min_sndbuf = SOCK_MIN_SNDBUF;
 static int min_rcvbuf = SOCK_MIN_RCVBUF;
 static int max_skb_frags = MAX_SKB_FRAGS;
@@ -39,6 +40,7 @@ EXPORT_SYMBOL(sysctl_fb_tunnels_only_for_init_net);
  *     IPv6: reset all settings to default
  * 1 - Both inherit all current settings from init_net
  * 2 - Both reset all settings to default
+ * 3 - Both inherit all settings from current netns
  */
 int sysctl_devconf_inherit_init_net __read_mostly;
 EXPORT_SYMBOL(sysctl_devconf_inherit_init_net);
@@ -553,7 +555,7 @@ static struct ctl_table net_core_table[] = {
                .mode           = 0644,
                .proc_handler   = proc_dointvec_minmax,
                .extra1         = SYSCTL_ZERO,
-               .extra2         = &two,
+               .extra2         = &three,
        },
        {
                .procname       = "high_order_alloc_disable",

diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
index fc94f82f82c7c482098c697f35317b6ae34f45b3..f048d0a188b7d6744b57eb17e9b2438d800f4d9d 100644 (file)
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -2666,11 +2666,24 @@ static __net_init int devinet_init_net(struct net *net)
        tbl[0].extra2 = net;
 #endif
 
-       if ((!IS_ENABLED(CONFIG_SYSCTL) ||
-            sysctl_devconf_inherit_init_net != 2) &&
-           !net_eq(net, &init_net)) {
-               memcpy(all, init_net.ipv4.devconf_all, sizeof(ipv4_devconf));
-               memcpy(dflt, init_net.ipv4.devconf_dflt, sizeof(ipv4_devconf_dflt));
+       if (!net_eq(net, &init_net)) {
+               if (IS_ENABLED(CONFIG_SYSCTL) &&
+                   sysctl_devconf_inherit_init_net == 3) {
+                       /* copy from the current netns */
+                       memcpy(all, current->nsproxy->net_ns->ipv4.devconf_all,
+                              sizeof(ipv4_devconf));
+                       memcpy(dflt,
+                              current->nsproxy->net_ns->ipv4.devconf_dflt,
+                              sizeof(ipv4_devconf_dflt));
+               } else if (!IS_ENABLED(CONFIG_SYSCTL) ||
+                          sysctl_devconf_inherit_init_net != 2) {
+                       /* inherit == 0 or 1: copy from init_net */
+                       memcpy(all, init_net.ipv4.devconf_all,
+                              sizeof(ipv4_devconf));
+                       memcpy(dflt, init_net.ipv4.devconf_dflt,
+                              sizeof(ipv4_devconf_dflt));
+               }
+               /* else inherit == 2: use compiled values */
        }
 
 #ifdef CONFIG_SYSCTL

diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index fd885f06c4ed61423c576b98ad12789986cf7f7e..ab7e839753aed197217f69abbdb64610e9c09392 100644 (file)
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -6991,9 +6991,26 @@ static int __net_init addrconf_init_net(struct net *net)
                goto err_alloc_dflt;
 
        if (IS_ENABLED(CONFIG_SYSCTL) &&
-           sysctl_devconf_inherit_init_net == 1 && !net_eq(net, &init_net)) {
-               memcpy(all, init_net.ipv6.devconf_all, sizeof(ipv6_devconf));
-               memcpy(dflt, init_net.ipv6.devconf_dflt, sizeof(ipv6_devconf_dflt));
+           !net_eq(net, &init_net)) {
+               switch (sysctl_devconf_inherit_init_net) {
+               case 1:  /* copy from init_net */
+                       memcpy(all, init_net.ipv6.devconf_all,
+                              sizeof(ipv6_devconf));
+                       memcpy(dflt, init_net.ipv6.devconf_dflt,
+                              sizeof(ipv6_devconf_dflt));
+                       break;
+               case 3: /* copy from the current netns */
+                       memcpy(all, current->nsproxy->net_ns->ipv6.devconf_all,
+                              sizeof(ipv6_devconf));
+                       memcpy(dflt,
+                              current->nsproxy->net_ns->ipv6.devconf_dflt,
+                              sizeof(ipv6_devconf_dflt));
+                       break;
+               case 0:
+               case 2:
+                       /* use compiled values */
+                       break;
+               }
        }
 
        /* these will be inherited by all namespaces */