[PATCH net-next v2 0/2] net: devmem: allow bind-rx from non-init user namespaces
From: Bobby Eshleman <hidden>
Date: 2026-06-03 01:37:52
Also in:
linux-kselftest, lkml
NETDEV_CMD_BIND_RX is GENL_ADMIN_PERM, which checks CAP_NET_ADMIN against init_user_ns. With netkit and netns support for devmem, it is now useful to let workloads holding CAP_NET_ADMIN only in their own user_ns issue bind-rx for a netns owned by that user_ns. The first patch switches the flag to GENL_UNS_ADMIN_PERM so the check uses the target netns's owning user_ns. Init remains permitted. The second patch just adds test cases. They are identical to nk_devmem.py tests, but using a non-init userns. Signed-off-by: Bobby Eshleman <redacted> --- Changes in v2: - some pylint fixes - fixed import issue - Link to v1: https://lore.kernel.org/all/20260601-nl-prov-v1-0-9bc57d6ca3f3@meta.com/ (local) --- Bobby Eshleman (2): net: devmem: allow bind-rx from non-init user namespaces selftests: drv-net: add userns devmem RX test Documentation/netlink/specs/netdev.yaml | 2 +- net/core/netdev-genl-gen.c | 2 +- tools/testing/selftests/drivers/net/hw/Makefile | 1 + tools/testing/selftests/drivers/net/hw/config | 1 + .../selftests/drivers/net/hw/lib/py/__init__.py | 4 +- .../selftests/drivers/net/hw/userns_devmem.py | 49 ++++++++++++++ .../selftests/drivers/net/lib/py/__init__.py | 4 +- tools/testing/selftests/drivers/net/lib/py/env.py | 8 ++- tools/testing/selftests/net/lib/py/__init__.py | 4 +- tools/testing/selftests/net/lib/py/netns.py | 75 +++++++++++++++++++++- tools/testing/selftests/net/lib/py/utils.py | 7 +- 11 files changed, 144 insertions(+), 13 deletions(-) --- base-commit: 0906c117f81c2ae6e6dbfa82719f79c75e1c9325 change-id: 20260529-nl-prov-491a85c020b0 Best regards, -- Bobby Eshleman [off-list ref]