Commit 3033fced authored Jul 20, 2018 by Tyler Hicks Committed by David S. Miller Jul 20, 2018

net-sysfs: require net admin in the init ns for setting tx_maxrate



An upcoming change will allow container root to open some /sys/class/net
files for writing. The tx_maxrate attribute can result in changes
to actual hardware devices so err on the side of caution by requiring
CAP_NET_ADMIN in the init namespace in the corresponding attribute store
operation.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent 9944e894

net/core/net-sysfs.c

+3 −0

Original line number	Original line	Diff line number	Diff line
	@@ -1087,6 +1087,9 @@ static ssize_t tx_maxrate_store(struct netdev_queue *queue,
	int err, index = get_netdev_queue_index(queue);		int err, index = get_netdev_queue_index(queue);
	u32 rate = 0;		u32 rate = 0;

			if (!capable(CAP_NET_ADMIN))
			return -EPERM;

	err = kstrtou32(buf, 10, &rate);		err = kstrtou32(buf, 10, &rate);
	if (err < 0)		if (err < 0)
	return err;		return err;