1 // SPDX-License-Identifier: GPL-2.0-only
3 * sysctl_net.c: sysctl interface to net subsystem.
5 * Begun April 1, 1996, Mike Shaver.
6 * Added /proc/sys/net directories for each protocol family. [MS]
8 * Revision 1.2 1996/05/08 20:24:40 shaver
9 * Added bits for NET_BRIDGE and the NET_IPV4_ARP stuff and
10 * NET_IPV4_IP_FORWARD.
16 #include <linux/export.h>
17 #include <linux/sysctl.h>
18 #include <linux/nsproxy.h>
27 #include <linux/if_ether.h>
30 static struct ctl_table_set *
31 net_ctl_header_lookup(struct ctl_table_root *root)
33 return ¤t->nsproxy->net_ns->sysctls;
36 static int is_seen(struct ctl_table_set *set)
38 return ¤t->nsproxy->net_ns->sysctls == set;
41 /* Return standard mode bits for table entry. */
42 static int net_ctl_permissions(struct ctl_table_header *head,
43 struct ctl_table *table)
45 struct net *net = container_of(head->set, struct net, sysctls);
47 /* Allow network administrator to have same access as root. */
48 if (ns_capable_noaudit(net->user_ns, CAP_NET_ADMIN)) {
49 int mode = (table->mode >> 6) & 7;
50 return (mode << 6) | (mode << 3) | mode;
56 static void net_ctl_set_ownership(struct ctl_table_header *head,
57 struct ctl_table *table,
58 kuid_t *uid, kgid_t *gid)
60 struct net *net = container_of(head->set, struct net, sysctls);
64 ns_root_uid = make_kuid(net->user_ns, 0);
65 if (uid_valid(ns_root_uid))
68 ns_root_gid = make_kgid(net->user_ns, 0);
69 if (gid_valid(ns_root_gid))
73 static struct ctl_table_root net_sysctl_root = {
74 .lookup = net_ctl_header_lookup,
75 .permissions = net_ctl_permissions,
76 .set_ownership = net_ctl_set_ownership,
79 static int __net_init sysctl_net_init(struct net *net)
81 setup_sysctl_set(&net->sysctls, &net_sysctl_root, is_seen);
85 static void __net_exit sysctl_net_exit(struct net *net)
87 retire_sysctl_set(&net->sysctls);
90 static struct pernet_operations sysctl_pernet_ops = {
91 .init = sysctl_net_init,
92 .exit = sysctl_net_exit,
95 static struct ctl_table_header *net_header;
96 __init int net_sysctl_init(void)
98 static struct ctl_table empty[1];
100 /* Avoid limitations in the sysctl implementation by
101 * registering "/proc/sys/net" as an empty directory not in a
104 net_header = register_sysctl("net", empty);
107 ret = register_pernet_subsys(&sysctl_pernet_ops);
113 unregister_sysctl_table(net_header);
118 /* Verify that sysctls for non-init netns are safe by either:
119 * 1) being read-only, or
120 * 2) having a data pointer which points outside of the global kernel/module
121 * data segment, and rather into the heap where a per-net object was
124 static void ensure_safe_net_sysctl(struct net *net, const char *path,
125 struct ctl_table *table)
127 struct ctl_table *ent;
129 pr_debug("Registering net sysctl (net %p): %s\n", net, path);
130 for (ent = table; ent->procname; ent++) {
134 pr_debug(" procname=%s mode=%o proc_handler=%ps data=%p\n",
135 ent->procname, ent->mode, ent->proc_handler, ent->data);
137 /* If it's not writable inside the netns, then it can't hurt. */
138 if ((ent->mode & 0222) == 0) {
139 pr_debug(" Not writable by anyone\n");
143 /* Where does data point? */
144 addr = (unsigned long)ent->data;
145 if (is_module_address(addr))
147 else if (is_kernel_core_data(addr))
152 /* If it is writable and points to kernel/module global
153 * data, then it's probably a netns leak.
155 WARN(1, "sysctl %s/%s: data points to %s global data: %ps\n",
156 path, ent->procname, where, ent->data);
158 /* Make it "safe" by dropping writable perms */
163 struct ctl_table_header *register_net_sysctl(struct net *net,
164 const char *path, struct ctl_table *table)
166 if (!net_eq(net, &init_net))
167 ensure_safe_net_sysctl(net, path, table);
169 return __register_sysctl_table(&net->sysctls, path, table);
171 EXPORT_SYMBOL_GPL(register_net_sysctl);
173 void unregister_net_sysctl_table(struct ctl_table_header *header)
175 unregister_sysctl_table(header);
177 EXPORT_SYMBOL_GPL(unregister_net_sysctl_table);