Re: [PATCH] net/bluetooth: make bluetooth socket can be created in net namespace

Szymon Janc <szymon.janc@xxxxxxxxxxx> · Mon, 14 Aug 2017 14:46:07 +0200

Hi,

On 14 August 2017 at 11:45, fupan <fupan.li@xxxxxxxxxxxxx> wrote:
> On 2017/8/14 17:30, Marcel Holtmann wrote:
>>
>> Hi Fupan,
>>
>>> By now kernel only supported creating bluetooth socket in init_net
>>> net namespace, which made bluetooth device cannot be accessed in
>>> containers, this patch made bluetooth socket can be created in
>>> net namespaces to fix this issue.
>>>
>>> Signed-off-by: Fupan Li <fupan.li@xxxxxxxxxxxxx>
>>> ---
>>> net/bluetooth/af_bluetooth.c | 2 +-
>>> net/bluetooth/bnep/sock.c    | 4 ++--
>>> net/bluetooth/cmtp/sock.c    | 4 ++--
>>> net/bluetooth/hci_sock.c     | 4 ++--
>>> net/bluetooth/hidp/sock.c    | 4 ++--
>>> net/bluetooth/l2cap_sock.c   | 4 ++--
>>> net/bluetooth/rfcomm/core.c  | 2 +-
>>> net/bluetooth/rfcomm/sock.c  | 4 ++--
>>> net/bluetooth/sco.c          | 4 ++--
>>> 9 files changed, 16 insertions(+), 16 deletions(-)
>>>
>>> diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c
>>> index 91e3ba280706..eec5ac17faee 100644
>>> --- a/net/bluetooth/af_bluetooth.c
>>> +++ b/net/bluetooth/af_bluetooth.c
>>> @@ -113,7 +113,7 @@ static int bt_sock_create(struct net *net, struct
>>> socket *sock, int proto,
>>> {
>>>         int err;
>>>
>>> -       if (net != &init_net)
>>> +       if (!net_eq(net, current->nsproxy->net_ns))
>>>                 return -EAFNOSUPPORT;
>>
>> before I apply such a patch, what is the actual change here. What impact
>> does this have? Are things like Bluetooth mgmt sockets still operating
>> correctly after this? We have no support for move a Bluetooth controller
>> into a container. The Bluetooth hardware is global.
>
> Hi， Marcel
>
> This patch hasn't nothing to do with the Bluetooth hardware, the hardware is
> still global.
> But before you apply this patch, you cannot access the bluetooth hardware in
> a container,
> since you cannot create a bluetooth socket if you are not in the init_net
> namespace.
> After applying this patch, you can access the bluetooth hardware both in the
> init_net namespace
> and containers.

Does this mean one could sniff BT traffic from container? Or control
BT hw from multiple containers?

-- 
pozdrawiam
Szymon K. Janc
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html