Thread (12 messages) 12 messages, 3 authors, 2023-03-10
STALE1209d
Revisions (11)
  1. v1 current
  2. v1 [diff vs current]
  3. v2 [diff vs current]
  4. v3 [diff vs current]
  5. v4 [diff vs current]
  6. v5 [diff vs current]
  7. v6 [diff vs current]
  8. v7 [diff vs current]
  9. v8 [diff vs current]
  10. v9 [diff vs current]
  11. v10 [diff vs current]

[PATCH 4/5] connector/cn_proc: Allow non-root users access

From: Anjali Kulkarni <hidden>
Date: 2023-03-09 03:21:03
Also in: lkml
Subsystem: networking drivers, the rest · Maintainers: Andrew Lunn, "David S. Miller", Eric Dumazet, Jakub Kicinski, Paolo Abeni, Linus Torvalds

The patch allows non-root users to receive cn proc connector
notifications, as anyone can normally get process start/exit status from
/proc. The reason for not allowing non-root users to receive multicast
messages is long gone, as described in this thread:
https://linux-kernel.vger.kernel.narkive.com/CpJFcnra/multicast-netlink-for-non-root-process

Also, many other netlink protocols allow non-root users to receive multicast
messages, and there is no reason to discriminate against CONNECTOR.

Reason we need this change is we need to run our DB application as a 
non-root user.

Signed-off-by: Anjali Kulkarni <redacted>
---
 drivers/connector/cn_proc.c   | 7 -------
 drivers/connector/connector.c | 1 +
 2 files changed, 1 insertion(+), 7 deletions(-)
diff --git a/drivers/connector/cn_proc.c b/drivers/connector/cn_proc.c
index ef3820b43b5c..03ba70f07113 100644
--- a/drivers/connector/cn_proc.c
+++ b/drivers/connector/cn_proc.c
@@ -376,12 +376,6 @@ static void cn_proc_mcast_ctl(struct cn_msg *msg,
 	    !task_is_in_init_pid_ns(current))
 		return;
 
-	/* Can only change if privileged. */
-	if (!__netlink_ns_capable(nsp, &init_user_ns, CAP_NET_ADMIN)) {
-		err = EPERM;
-		goto out;
-	}
-
 	if (msg->len == sizeof(mc_op))
 		mc_op = *((enum proc_cn_mcast_op *)msg->data);
 	else
@@ -414,7 +408,6 @@ static void cn_proc_mcast_ctl(struct cn_msg *msg,
 		break;
 	}
 
-out:
 	cn_proc_ack(err, msg->seq, msg->ack);
 }
 
diff --git a/drivers/connector/connector.c b/drivers/connector/connector.c
index 1b7851b1aa0f..136a9f38a063 100644
--- a/drivers/connector/connector.c
+++ b/drivers/connector/connector.c
@@ -251,6 +251,7 @@ static int cn_init(void)
 {
 	struct cn_dev *dev = &cdev;
 	struct netlink_kernel_cfg cfg = {
+		.flags = NL_CFG_F_NONROOT_RECV,
 		.groups	= CN_NETLINK_USERS + 0xf,
 		.input	= cn_rx_skb,
 	};
-- 
2.39.2
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help