mirror of
https://github.com/linuxkit/linuxkit.git
synced 2025-10-31 11:00:04 +00:00
c12eafeeb2
In particular this contains 1be7107fbe18eed3e319 ("mm: larger stack
guard gap, between vmas") which is a fix for CVE-2017-1000364.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
32 lines
929 B
Diff
32 lines
929 B
Diff
From 38d1c8303b17a7f5907ba6a95409f472b08d6a7f Mon Sep 17 00:00:00 2001
|
|
From: Ian Campbell <ian.campbell@docker.com>
|
|
Date: Mon, 4 Apr 2016 14:50:10 +0100
|
|
Subject: [PATCH 15/44] VSOCK: Only allow host network namespace to use
|
|
AF_VSOCK.
|
|
|
|
The VSOCK addressing schema does not really lend itself to simply creating an
|
|
alternative end point address within a namespace.
|
|
|
|
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
|
|
---
|
|
net/vmw_vsock/af_vsock.c | 3 +++
|
|
1 file changed, 3 insertions(+)
|
|
|
|
diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c
|
|
index 17dbbe64cd73..1bb1b016e945 100644
|
|
--- a/net/vmw_vsock/af_vsock.c
|
|
+++ b/net/vmw_vsock/af_vsock.c
|
|
@@ -1852,6 +1852,9 @@ static const struct proto_ops vsock_stream_ops = {
|
|
static int vsock_create(struct net *net, struct socket *sock,
|
|
int protocol, int kern)
|
|
{
|
|
+ if (!net_eq(net, &init_net))
|
|
+ return -EAFNOSUPPORT;
|
|
+
|
|
if (!sock)
|
|
return -EINVAL;
|
|
|
|
--
|
|
2.13.0
|
|
|