Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > Currently, NETLINK_CRYPTO works only in the init network namespace. It > doesn't make much sense to cut it out of the other network namespaces, > so do the minor plumbing work necessary to make it work in any network > namespace. Code inspired by net/core/sock_diag.c. > > Tested using kcapi-dgst from libkcapi [1]: > Before: > # unshare -n kcapi-dgst -c sha256 </dev/null | wc -c > libkcapi - Error: Netlink error: sendmsg failed > libkcapi - Error: Netlink error: sendmsg failed > libkcapi - Error: NETLINK_CRYPTO: cannot obtain cipher information for hmac(sha512) (is required crypto_user.c patch missing? see documentation) > 0 > > After: > # unshare -n kcapi-dgst -c sha256 </dev/null | wc -c > 32 > > [1] https://github.com/smuellerDD/libkcapi > > Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx> > --- > crypto/crypto_user_base.c | 37 +++++++++++++++++++--------- > crypto/crypto_user_stat.c | 4 ++- > include/crypto/internal/cryptouser.h | 2 -- > include/net/net_namespace.h | 3 +++ > 4 files changed, 31 insertions(+), 15 deletions(-) Patch applied. Thanks. -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt