linux/Documentation
Krister Johansen 4548b683b7 Introduce a sysctl that modifies the value of PROT_SOCK.
Add net.ipv4.ip_unprivileged_port_start, which is a per namespace sysctl
that denotes the first unprivileged inet port in the namespace.  To
disable all privileged ports set this to zero.  It also checks for
overlap with the local port range.  The privileged and local range may
not overlap.

The use case for this change is to allow containerized processes to bind
to priviliged ports, but prevent them from ever being allowed to modify
their container's network configuration.  The latter is accomplished by
ensuring that the network namespace is not a child of the user
namespace.  This modification was needed to allow the container manager
to disable a namespace's priviliged port restrictions without exposing
control of the network namespace to processes in the user namespace.

Signed-off-by: Krister Johansen <kjlx@templeofstupid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-01-24 12:10:51 -05:00
..
ABI Revert "driver core: Add deferred_probe attribute to devices in sysfs" 2017-01-14 14:09:03 +01:00
accounting tools: move accounting tool from Documentation 2016-09-23 13:07:15 -06:00
acpi ACPI material for v4.10-rc1 2016-12-13 11:06:21 -08:00
admin-guide Merge branch 'stable/for-linus-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/swiotlb 2017-01-06 10:53:21 -08:00
aoe
arm ARM: SoC platform updates for v4.10 2016-12-15 15:39:02 -08:00
arm64 arm64 updates for 4.9: 2016-10-03 08:58:35 -07:00
auxdisplay samples: move auxdisplay example code from Documentation 2016-09-23 11:52:32 -06:00
backlight
blackfin samples: move blackfin gptimers-example from Documentation 2016-10-10 07:12:02 -06:00
block block: fix up io_poll documentation 2017-01-03 16:47:13 -07:00
blockdev docs: fix locations of several documents that got moved 2016-10-24 08:12:35 -02:00
bus-devices
cdrom
cgroup-v1 docs: fix locations of several documents that got moved 2016-10-24 08:12:35 -02:00
cma
connector
console
core-api core-api: remove an unexpected unident 2016-12-01 10:46:01 -07:00
cpu-freq Documentation: intel_pstate: Document HWP energy/performance hints 2016-12-08 01:43:05 +01:00
cpuidle
cris
crypto This pull contains one set of changes: a conversion of the crypto DocBook 2016-12-17 16:00:34 -08:00
dev-tools Documentation/sparse: drop __CHECK_ENDIAN__ 2016-12-16 00:13:41 +02:00
device-mapper Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2016-12-14 11:12:25 -08:00
devicetree net: dsa: bcm_sf2: Allow non-IMP ports to have Broadcom tags enabled 2017-01-22 16:58:31 -05:00
dmaengine dmaengine: Documentation: Fix typo in pxa_dma.txt 2016-11-14 08:14:24 +05:30
doc-guide docs-rst: parse-headers.pl: cleanup the documentation 2016-11-30 17:08:09 -07:00
DocBook docs: Fix build failure 2016-12-27 13:05:36 -07:00
driver-api For 4.11, we seem to have more than in the past few releases: 2017-01-14 12:02:15 -05:00
driver-model devres: add devm_alloc_percpu() 2016-11-15 22:34:25 -05:00
early-userspace
EDID
extcon
fault-injection
fb
features 2nd round of ARC udpates for 4.10rc1 2016-12-23 10:22:47 -08:00
filesystems Merge uncontroversial parts of branch 'readlink' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs 2016-12-17 19:16:12 -08:00
firmware_class
fmc
fpga fpga: Clarify how write_init works streaming modes 2016-11-29 15:51:49 -06:00
frv docs: fix locations of several documents that got moved 2016-10-24 08:12:35 -02:00
gpio Bulk GPIO changes for the v4.10 kernel cycle: 2016-12-13 07:54:57 -08:00
gpu Main pull request for drm for 4.10 kernel 2016-12-13 09:35:09 -08:00
hid Documentation: HID: Intel ISH HID document 2016-08-17 11:13:07 +02:00
hwmon hwmon updates for v4.10 2016-12-13 15:43:56 -08:00
i2c Merge branch 'i2c/for-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2016-12-15 12:56:35 -08:00
ia64 selftests: move ia64 tests from Documentation/ia64 2016-09-20 09:58:12 -06:00
ide
iio iio: Documentation: Correct the path used to create triggers. 2016-10-01 00:49:58 -06:00
infiniband IB/hfi1: Document new sysfs entries for hfi1 driver 2016-10-02 08:42:19 -04:00
input Input: ALPS - add V8 protocol documentation 2016-10-04 11:47:02 -07:00
ioctl doc: ioctl: Add some clarifications to botching-up-ioctls 2016-09-06 06:00:22 -06:00
isdn docs: fix locations of several documents that got moved 2016-10-24 08:12:35 -02:00
kbuild Kconfig: Introduce the "imply" keyword 2016-11-16 09:26:33 +01:00
kdump Documentation: kdump: Add description of enable multi-cpus support 2016-09-20 18:02:54 -06:00
laptops platform/x86: thinkpad_acpi: Add support for X1 Yoga (2016) Tablet Mode 2016-12-13 09:29:06 -08:00
leds leds/leds-lp5523.txt: make documentation match reality 2016-11-22 12:07:02 +01:00
livepatch Documentation/livepatch: Fix stale link to gmame 2016-12-09 13:41:46 +01:00
locking locking/lglock: Remove lglock implementation 2016-09-22 15:25:56 +02:00
m68k docs: fix locations of several documents that got moved 2016-10-24 08:12:35 -02:00
media Merge branch 'patchwork' into v4l_for_linus 2016-12-15 08:38:35 -02:00
memory-devices
metag
mic samples: move mic/mpssd example code from Documentation 2016-09-20 12:38:48 -06:00
mips
misc-devices samples: move misc-devices/mei example code from Documentation 2016-09-23 11:51:43 -06:00
mmc mmc: core: Extend sysfs with DSR register 2016-07-25 10:34:51 +02:00
mn10300
mtd
namespaces
netlabel
networking Introduce a sysctl that modifies the value of PROT_SOCK. 2017-01-24 12:10:51 -05:00
nfc
nios2
nvdimm
nvmem
parisc
PCI PCI changes for the v4.9 merge window: 2016-10-07 11:46:37 -07:00
pcmcia tools: move pcmcia crc32hash tool from Documentation 2016-09-23 13:07:27 -06:00
perf perf: xgene: Add APM X-Gene SoC Performance Monitoring Unit driver 2016-09-15 11:20:55 -07:00
phy
platform
power Power management material for v4.10-rc1 2016-12-13 10:41:53 -08:00
powerpc powerpc updates for 4.9 2016-10-07 20:19:31 -07:00
pps
prctl selftests: move prctl tests from Documentation/prctl 2016-09-20 09:09:09 -06:00
process Doc: Correct typo, "Introdution" => "Introduction" 2016-12-01 10:44:08 -07:00
pti
ptp selftests: move ptp tests from Documentation/ptp 2016-09-20 09:54:38 -06:00
rapidio rapidio/documentation/mport_cdev: add missing parameter description 2016-09-01 17:52:02 -07:00
RCU Documentation/RCU: Fix minor typo 2016-11-14 10:39:48 -08:00
s390
scheduler docs/completion.txt: drop dangling reference to completions-design.txt 2016-11-16 16:27:50 -07:00
scsi Merge branch 'misc' into for-linus 2016-12-22 12:32:33 -08:00
security Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2016-12-14 13:57:44 -08:00
serial Documentation: rs485: Do not define manually the ioctl 2016-08-18 11:08:33 -06:00
sh
sound Merge remote-tracking branch 'sound/topic/restize-docs' into sound 2016-11-18 16:19:28 -07:00
sphinx docs: sphinx-extensions: make rstFlatTable work with docutils 0.13 2016-12-18 13:30:29 -07:00
sphinx-static This is the documentation update pull for the 4.9 merge window. 2016-10-04 13:54:07 -07:00
spi Doc: update 00-INDEX files to reflect the runnable code move 2016-10-10 07:12:09 -06:00
sysctl net: dev_weight: TX/RX orthogonality 2016-12-29 15:38:35 -05:00
target
thermal thermal: Add support for hardware-tracked trip points 2016-09-27 14:02:16 +08:00
timers Doc: update 00-INDEX files to reflect the runnable code move 2016-10-10 07:12:09 -06:00
trace This release has a few updates: 2016-12-15 13:49:34 -08:00
translations Documentation/sparse: drop __CHECK_ENDIAN__ 2016-12-16 00:13:41 +02:00
usb
virtual KVM: hyperv: fix locking of struct kvm_hv fields 2016-12-16 17:53:38 +01:00
vm mm: add documentation for page fragment APIs 2017-01-10 18:31:55 -08:00
w1
watchdog docs: fix locations of several documents that got moved 2016-10-24 08:12:35 -02:00
wimax
x86 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-12-23 16:54:46 -08:00
xtensa xtensa: cleanup MMU setup and kernel layout macros 2016-07-24 06:33:58 +03:00
.gitignore
00-INDEX edac: adjust docs location at MAINTAINERS and 00-INDEX 2016-12-15 08:57:16 -02:00
bcache.txt
bt8xxgpio.txt
btmrvl.txt
bus-virt-phys-mapping.txt
cachetlb.txt
cgroup-v2.txt
Changes docs: add back 'Documentation/Changes' file (as symlink) 2016-12-14 16:30:12 -08:00
circular-buffers.txt Documentation: circular-buffers: use READ_ONCE() 2016-11-16 16:17:45 -07:00
clk.txt Documentation: clk: update file names containing referenced structures 2016-08-14 12:12:36 -06:00
CodingStyle doc: re-add CodingStyle and SubmittingPatches 2016-10-24 08:12:35 -02:00
conf.py docs-rst: doc-guide: split the kernel-documentation.rst contents 2016-11-19 10:22:04 -07:00
cpu-hotplug.txt Documentation: cpu-hotplug: Fix typos 2016-10-25 17:07:52 -06:00
cpu-load.txt
cputopology.txt
crc32.txt
dcdbas.txt
debugging-modules.txt
debugging-via-ohci1394.txt
dell_rbu.txt
digsig.txt
DMA-API-HOWTO.txt Documentation: DMA-API-HOWTO: Fix a typo 2016-09-20 17:58:46 -06:00
DMA-API.txt dma-mapping: add dma_{map,unmap}_resource 2016-09-26 22:16:41 +05:30
DMA-attributes.txt dma-mapping: introduce the DMA_ATTR_NO_WARN attribute 2016-10-11 15:06:32 -07:00
dma-buf-sharing.txt
DMA-ISA-LPC.txt
docutils.conf doc-rst: add docutils config file 2016-08-14 11:52:40 -06:00
dontdiff Remove last traces of ikconfig.h 2016-12-14 10:54:28 +01:00
efi-stub.txt
eisa.txt
flexible-arrays.txt
futex-requeue-pi.txt
gcc-plugins.txt
highuid.txt
hw_random.txt
hwspinlock.txt
index.rst crypto: doc - convert crypto API documentation to Sphinx 2016-12-13 16:37:54 -07:00
intel_txt.txt
Intel-IOMMU.txt
io_ordering.txt
io-mapping.txt
iostats.txt
IPMI.txt ipmi: Update documentation 2016-11-07 12:16:06 -06:00
IRQ-affinity.txt
IRQ-domain.txt
IRQ.txt
irqflags-tracing.txt
isa.txt
isapnp.txt
kernel-doc-nano-HOWTO.txt docs-rst: doc-guide: split the kernel-documentation.rst contents 2016-11-19 10:22:04 -07:00
kernel-per-CPU-kthreads.txt docs: fix locations of several documents that got moved 2016-10-24 08:12:35 -02:00
kobject.txt
kprobes.txt Documentation: kprobes: Document jprobes stack copying limitations 2016-08-15 10:19:11 -06:00
kref.txt
kselftest.txt Doc: update kselftest.txt with details on how to run tests after install 2016-11-07 18:04:18 -07:00
ldm.txt
lockup-watchdogs.txt docs: fix locations of several documents that got moved 2016-10-24 08:12:35 -02:00
logo.gif
logo.txt
lzo.txt
mailbox.txt
Makefile samples: move blackfin gptimers-example from Documentation 2016-10-10 07:12:02 -06:00
Makefile.sphinx docs-rst: fix media cleandocs target 2016-11-30 17:08:03 -07:00
md-cluster.txt
memory-barriers.txt locking/Documentation: Fix a typo of example result 2016-08-12 08:24:13 +02:00
memory-hotplug.txt docs: fix locations of several documents that got moved 2016-10-24 08:12:35 -02:00
men-chameleon-bus.txt
nommu-mmap.txt
ntb.txt
numastat.txt
padata.txt
parport-lowlevel.txt
percpu-rw-semaphore.txt
phy.txt
pi-futex.txt
pinctrl.txt
pnp.txt
preempt-locking.txt
printk-formats.txt
pwm.txt
rbtree.txt
remoteproc.txt remoteproc: Split driver and consumer dereferencing 2016-10-02 22:50:21 -07:00
rfkill.txt docs: fix locations of several documents that got moved 2016-10-24 08:12:35 -02:00
robust-futex-ABI.txt
robust-futexes.txt
rpmsg.txt
rtc.txt
SAK.txt
sgi-ioc4.txt
siphash.txt siphash: implement HalfSipHash1-3 for hash tables 2017-01-09 13:58:57 -05:00
SM501.txt
smsc_ece1099.txt
static-keys.txt jump_labels: Allow array initialisers 2016-09-07 09:41:11 +01:00
SubmittingPatches doc: re-add CodingStyle and SubmittingPatches 2016-10-24 08:12:35 -02:00
svga.txt
sync_file.txt dma-buf: Rename struct fence to dma_fence 2016-10-25 14:40:39 +02:00
this_cpu_ops.txt
unaligned-memory-access.txt Documentation/unaligned-memory-access.txt: fix incorrect comparison operator 2016-12-27 13:08:42 -07:00
unshare.txt
vfio-mediated-device.txt vfio-mdev: Make mdev_parent private 2016-12-30 08:13:41 -07:00
vfio.txt
video-output.txt
xillybus.txt
xz.txt
zorro.txt