ipv4: enable route flushing in network namespaces
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Undecided
|
Christian Brauner | ||
Disco |
Fix Released
|
Medium
|
Christian Brauner |
Bug Description
SRU Justification
Impact: Tools such as vpnc try to flush routes when run inside network namespaces by writing 1 into /proc/sys/
currently does not work because flush is not enabled in non-initial network namespaces. Users have complained about this at various times (cf. Link: https:/
Fix: Enable /proc/sys/
Regression Potential: None, since this didn't use to work before. Since routes are per network namespace it is safe to enable /proc/sys/
Test Case: Tested with LXD on a kernel with the patch applied and by running vpnc successfully.
Target Kernels: All LTS kernels starting from 4.15. Kernel 5.3 has the patchset upstream.
CVE References
description: | updated |
Changed in linux (Ubuntu Disco): | |
importance: | Undecided → Medium |
status: | New → Triaged |
Changed in linux (Ubuntu): | |
status: | Confirmed → Fix Released |
Changed in linux (Ubuntu Disco): | |
status: | Triaged → Fix Committed |
tags: |
added: verification-done-disco removed: verification-needed-disco |
Changed in linux (Ubuntu): | |
assignee: | nobody → Christian Brauner (cbrauner) |
Changed in linux (Ubuntu Disco): | |
assignee: | nobody → Christian Brauner (cbrauner) |
Relevant upstream commit is:
https:/ /git.kernel. org/pub/ scm/linux/ kernel/ git/torvalds/ linux.git/ commit/ ?id=5cdda5f1d6a dde02da591ca219 6f20289977dc56