[Devel] [PATCH rh7] net: allow to set txqueuelen via SIOCSIFTXQLEN ioctl

Konstantin Khorenko khorenko at virtuozzo.com
Wed Feb 27 19:07:03 MSK 2019 

JFYI: now difference between stock RHEL7 kernel and Virtuozzo kernel is just

diff --git a/net/core/dev_ioctl.c b/net/core/dev_ioctl.c
index 9cdbfec67c15..fea824c266f4 100644
--- a/net/core/dev_ioctl.c
+++ b/net/core/dev_ioctl.c
@@ -492,21 +492,12 @@ int dev_ioctl(struct net *net, unsigned int cmd, void __user *arg)

         /*
          *      These ioctl calls:
-        *      - require superuser power.
+        *      - require local superuser power.
          *      - require strict serialization.
          *      - do not return a value
          */
         case SIOCSIFMAP:
         case SIOCSIFTXQLEN:
-               if (!capable(CAP_NET_ADMIN))
-                       return -EPERM;
-               /* fall through */
-       /*
-        *      These ioctl calls:
-        *      - require local superuser power.
-        *      - require strict serialization.
-        *      - do not return a value
-        */
         case SIOCSIFFLAGS:
         case SIOCSIFMETRIC:
         case SIOCSIFMTU:

--
Best regards,

Konstantin Khorenko,
Virtuozzo Linux Kernel Team

On 02/27/2019 07:02 PM, Konstantin Khorenko wrote:
> Long time ago we tried to be very kind and decided to
> allow SIOCSIFMAP and SIOCSIFTXQLEN ioctls for local
> superuser (root in a userns).
>
> But instead occasionally removed case SIOCSIFTXQLEN from
> dev_ioctl() thus disabled it completely even for init root.
>
> Fix it.
>
> Fixes: fcb8ed2e1093 ("net: Allow ve several netdev ioctls")
> https://jira.sw.ru/browse/PSBM-92064
>
> Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
> ---
>  net/core/dev_ioctl.c | 15 +++------------
>  1 file changed, 3 insertions(+), 12 deletions(-)
>
> diff --git a/net/core/dev_ioctl.c b/net/core/dev_ioctl.c
> index 808f67b202e4..fea824c266f4 100644
> --- a/net/core/dev_ioctl.c
> +++ b/net/core/dev_ioctl.c
> @@ -295,8 +295,6 @@ static int dev_ifsioc(struct net *net, struct ifreq *ifr, unsigned int cmd)
>  		return dev_mc_del_global(dev, ifr->ifr_hwaddr.sa_data);
>
>  	case SIOCSIFTXQLEN:
> -		if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
> -			return -EPERM;
>  		if (ifr->ifr_qlen < 0)
>  			return -EINVAL;
>  		dev->tx_queue_len = ifr->ifr_qlen;
> @@ -499,18 +497,11 @@ int dev_ioctl(struct net *net, unsigned int cmd, void __user *arg)
>  	 *	- do not return a value
>  	 */
>  	case SIOCSIFMAP:
> -	case SIOCSIFMTU:
> -	case SIOCSIFHWADDR:
> +	case SIOCSIFTXQLEN:
>  	case SIOCSIFFLAGS:
> -		if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
> -			return -EPERM;
> -		dev_load(net, ifr.ifr_name);
> -		rtnl_lock();
> -		ret = dev_ifsioc(net, &ifr, cmd);
> -		rtnl_unlock();
> -		return ret;
> -
>  	case SIOCSIFMETRIC:
> +	case SIOCSIFMTU:
> +	case SIOCSIFHWADDR:
>  	case SIOCSIFSLAVE:
>  	case SIOCADDMULTI:
>  	case SIOCDELMULTI:
>

More information about the Devel mailing list