From: Jakub Kicinski <kuba@kernel.org>
Date: Sat, 6 Jun 2026 01:10:33 +0000 (-0700)
Subject: Merge branch 'net-devmem-allow-bind-rx-from-non-init-user-namespaces'
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=50d578d639b8de2d23b8052138b92a1b9c33dcfb;p=thirdparty%2Fkernel%2Flinux.git

Merge branch 'net-devmem-allow-bind-rx-from-non-init-user-namespaces'

Bobby Eshleman says:

====================
net: devmem: allow bind-rx from non-init user namespaces

NETDEV_CMD_BIND_RX is GENL_ADMIN_PERM, which checks CAP_NET_ADMIN
against init_user_ns. With netkit and netns support for devmem, it is
now useful to let workloads holding CAP_NET_ADMIN only in their own
user_ns issue bind-rx for a netns owned by that user_ns.

The first patch switches the flag to GENL_UNS_ADMIN_PERM so the check
uses the target netns's owning user_ns. Init remains permitted.

The second patch just adds test cases. They are identical to
nk_devmem.py tests, but using a non-init userns.
====================

Link: https://patch.msgid.link/20260602-nl-prov-v2-0-ad721142c641@meta.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
---

50d578d639b8de2d23b8052138b92a1b9c33dcfb