提交 3033fced 编写于 作者: T Tyler Hicks 提交者: David S. Miller

net-sysfs: require net admin in the init ns for setting tx_maxrate

An upcoming change will allow container root to open some /sys/class/net
files for writing. The tx_maxrate attribute can result in changes
to actual hardware devices so err on the side of caution by requiring
CAP_NET_ADMIN in the init namespace in the corresponding attribute store
operation.
Signed-off-by: NTyler Hicks <tyhicks@canonical.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
上级 9944e894
...@@ -1087,6 +1087,9 @@ static ssize_t tx_maxrate_store(struct netdev_queue *queue, ...@@ -1087,6 +1087,9 @@ static ssize_t tx_maxrate_store(struct netdev_queue *queue,
int err, index = get_netdev_queue_index(queue); int err, index = get_netdev_queue_index(queue);
u32 rate = 0; u32 rate = 0;
if (!capable(CAP_NET_ADMIN))
return -EPERM;
err = kstrtou32(buf, 10, &rate); err = kstrtou32(buf, 10, &rate);
if (err < 0) if (err < 0)
return err; return err;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册