RDMA/nldev: Check CAP_NET_RAW in user namespace for QP modify - wireguard-linux

diff options

author	Parav Pandit <parav@nvidia.com>	2025-06-26 21:58:11 +0300
committer	Leon Romanovsky <leon@kernel.org>	2025-07-02 05:11:44 -0400
commit	28ea058a2979f063d4b756c5d82d885fc16f5ca2 (patch)
tree	445896c5447c40553fd6b3a94c8ae4f5e91d26ec /tools/perf/scripts/python
parent	RDMA/mlx5: Check CAP_NET_RAW in user namespace for devx create (diff)
download	wireguard-linux-28ea058a2979f063d4b756c5d82d885fc16f5ca2.tar.xz wireguard-linux-28ea058a2979f063d4b756c5d82d885fc16f5ca2.zip

RDMA/nldev: Check CAP_NET_RAW in user namespace for QP modify

Currently, the capability check is done in the default init_user_ns user namespace. When a process runs in a non default user namespace, such check fails. Due to this when a process is running using Podman, it fails to modify the QP. Since the RDMA device is a resource within a network namespace, use the network namespace associated with the RDMA device to determine its owning user namespace. Fixes: 0cadb4db79e1 ("RDMA/uverbs: Restrict usage of privileged QKEYs") Signed-off-by: Parav Pandit <parav@nvidia.com> Link: https://patch.msgid.link/099eb263622ccdd27014db7e02fec824a3307829.1750963874.git.leon@kernel.org Signed-off-by: Leon Romanovsky <leon@kernel.org>

Diffstat (limited to 'tools/perf/scripts/python')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: