From: Jakub Kicinski <kuba@kernel.org>
Date: Fri, 13 Feb 2026 20:28:40 +0000 (-0800)
Subject: Merge branch 'vsock-fix-child-netns-mode-initialization-and-restriction'
X-Git-Tag: v7.0-rc1~44^2~37
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=36e838630c111a510f47e49d559bd26aba7d9a1b;p=thirdparty%2Fkernel%2Flinux.git

Merge branch 'vsock-fix-child-netns-mode-initialization-and-restriction'

Stefano Garzarella says:

====================
vsock: fix child netns mode initialization and restriction

This series fixes two issues in the vsock network namespace support
recently introduced by commit eafb64f40ca4 ("vsock: add netns to vsock
core").

Patch 1 fixes `child_ns_mode` being always hardcoded to "global" for new
namespaces, breaking propagation of the "local" mode through nested
namespaces.

Patch 2 prevents a "local" namespace from switching `child_ns_mode` to
"global", which would allow nested namespaces to escape vsock isolation
and access global CIDs.
====================

Link: https://patch.msgid.link/20260212205916.97533-1-sgarzare@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
---

36e838630c111a510f47e49d559bd26aba7d9a1b