Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
interfaces/network: workaround Go's need for NETLINK_ROUTE with 'net'. LP: #1689536 #3285
Conversation
Some checks were not successful
continuous-integration/travis-ci/pr
— The Travis CI build could not complete due to an error
jdstrand
added this to the 2.26 milestone
May 9, 2017
zyga
added
the
Critical
label
May 9, 2017
|
Thanks for this! LGTM |
jdstrand
changed the title from
interfaces/network: workaround Go's need for NETLINK_ROUTE on ARM with 'net'. LP: #1689536
to
interfaces/network: workaround Go's need for NETLINK_ROUTE with 'net'. LP: #1689536
May 9, 2017
All checks have passed
chipaca
merged commit e863f0b
into
snapcore:master
May 9, 2017
7 checks passed
artful-amd64
autopkgtest finished (success)
Details
continuous-integration/travis-ci/pr
The Travis CI build passed
Details
xenial-amd64
autopkgtest finished (success)
Details
xenial-i386
autopkgtest finished (success)
Details
xenial-ppc64el
autopkgtest finished (success)
Details
yakkety-amd64
autopkgtest finished (success)
Details
zesty-amd64
autopkgtest finished (success)
Details
jdstrand
deleted the
jdstrand:lp1689536
branch
Jun 21, 2017
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
jdstrand commentedMay 9, 2017
•
Edited 1 time
-
jdstrand
May 9, 2017
https://bugs.launchpad.net/snapd/+bug/1689536
This should be in 2.26 point release.
It looks like with 4.4 kernels, these go calls require NETLINK_ROUTE:
Curiously, NETLINK_ROUTE is not needed for these on 4.10 x86 kernel. Technically, these two calls are in the domain of 'network-observe', 'network-bind' and 'network-control' and not 'network'.
For series 16 I think we should add this to 'network' to not break existing applications on ARM that only plugs 'network', in part because both network and network-bind are autoconnected and there is therefore no appreciable difference security-wise wrt install time interface connections.
For series 18 (or whenever we start having different policy), we can consider removing NETLINK_ROUTE from the 'network' policy since that is more correct.