RDMA/uverbs: Check CAP_NET_RAW in user namespace for RAW QP create - kernel

diff options

author	Parav Pandit <[email protected]>	2025-06-26 18:58:08 +0000
committer	Leon Romanovsky <[email protected]>	2025-07-01 09:21:44 +0000
commit	a6dca091ba7646ff5304af660c94fa51b6696476 (patch)
tree	fd1ad9d15603b35bcdd2003be2efc64852a2db00 /drivers/infiniband/hw/mlx5/devx.c
parent	RDMA/uverbs: Check CAP_NET_RAW in user namespace for QP create (diff)
download	kernel-a6dca091ba7646ff5304af660c94fa51b6696476.tar.gz kernel-a6dca091ba7646ff5304af660c94fa51b6696476.zip

RDMA/uverbs: Check CAP_NET_RAW in user namespace for RAW QP create

Currently, the capability check is done in the default init_user_ns user namespace. When a process runs in a non default user namespace, such check fails. Due to this when a process is running using Podman, it fails to create the QP. Since the RDMA device is a resource within a network namespace, use the network namespace associated with the RDMA device to determine its owning user namespace. Fixes: 6d1e7ba241e9 ("IB/uverbs: Introduce create/destroy QP commands over ioctl") Signed-off-by: Parav Pandit <[email protected]> Link: https://patch.msgid.link/7b6b87505ccc28a1f7b4255af94d898d2df0fff5.1750963874.git.leon@kernel.org Signed-off-by: Leon Romanovsky <[email protected]>

Diffstat (limited to 'drivers/infiniband/hw/mlx5/devx.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: