diff options
author | Tyler Hicks <tyhicks@canonical.com> | 2018-07-20 21:56:51 +0000 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2018-07-20 23:44:35 -0700 |
commit | 3033fced2f689d4a870b3ba6a8a676db1261d262 (patch) | |
tree | a34ca7ad544097f8a999ccccde913e9edcc8fedd | |
parent | 9944e894c1266dc8515c82d1ff752d681215526b (diff) |
net-sysfs: require net admin in the init ns for setting tx_maxrate
An upcoming change will allow container root to open some /sys/class/net
files for writing. The tx_maxrate attribute can result in changes
to actual hardware devices so err on the side of caution by requiring
CAP_NET_ADMIN in the init namespace in the corresponding attribute store
operation.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/core/net-sysfs.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/net/core/net-sysfs.c b/net/core/net-sysfs.c index ffa1d18f2c2c..405c41ecb20b 100644 --- a/net/core/net-sysfs.c +++ b/net/core/net-sysfs.c @@ -1087,6 +1087,9 @@ static ssize_t tx_maxrate_store(struct netdev_queue *queue, int err, index = get_netdev_queue_index(queue); u32 rate = 0; + if (!capable(CAP_NET_ADMIN)) + return -EPERM; + err = kstrtou32(buf, 10, &rate); if (err < 0) return err; |