[Devel] [PATCH RHEL7 COMMIT] Revert "net: Allow ve several netdev ioctls"
Konstantin Khorenko
khorenko at virtuozzo.com
Mon Mar 4 15:50:36 MSK 2019
The commit is pushed to "branch-rh7-3.10.0-957.5.1.vz7.84.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-957.5.1.vz7.84.2
------>
commit 847de236fe8a92daccdd52e30ed1c7d9b82a01a7
Author: Konstantin Khorenko <khorenko at virtuozzo.com>
Date: Mon Mar 4 15:40:04 2019 +0300
Revert "net: Allow ve several netdev ioctls"
This reverts commit 15e75c68a41cf3a3ad176bb284266034d3e9ee80.
A long time ago we tried to allow configuring txqueuelen and some
hardware related options from inside Containers.
Unfortunately it lead to txqueuelen configuration was prohibited at all
(via ioctl), even on host - and nobody complained about that.
This means no one really configure txqueuelen from inside a Container
thus we can safely revert the patch and allow the configuration on the
host only.
Do the same for SIOCSIFMAP ioctl - virtual interfaces don't have
ops->ndo_set_config() function implemented.
https://jira.sw.ru/browse/PSBM-92064
Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
---
net/core/dev_ioctl.c | 26 +++++++++++++-------------
1 file changed, 13 insertions(+), 13 deletions(-)
diff --git a/net/core/dev_ioctl.c b/net/core/dev_ioctl.c
index 808f67b202e4..9cdbfec67c15 100644
--- a/net/core/dev_ioctl.c
+++ b/net/core/dev_ioctl.c
@@ -295,8 +295,6 @@ static int dev_ifsioc(struct net *net, struct ifreq *ifr, unsigned int cmd)
return dev_mc_del_global(dev, ifr->ifr_hwaddr.sa_data);
case SIOCSIFTXQLEN:
- if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
- return -EPERM;
if (ifr->ifr_qlen < 0)
return -EINVAL;
dev->tx_queue_len = ifr->ifr_qlen;
@@ -494,23 +492,25 @@ int dev_ioctl(struct net *net, unsigned int cmd, void __user *arg)
/*
* These ioctl calls:
- * - require local superuser power.
+ * - require superuser power.
* - require strict serialization.
* - do not return a value
*/
case SIOCSIFMAP:
- case SIOCSIFMTU:
- case SIOCSIFHWADDR:
- case SIOCSIFFLAGS:
- if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
+ case SIOCSIFTXQLEN:
+ if (!capable(CAP_NET_ADMIN))
return -EPERM;
- dev_load(net, ifr.ifr_name);
- rtnl_lock();
- ret = dev_ifsioc(net, &ifr, cmd);
- rtnl_unlock();
- return ret;
-
+ /* fall through */
+ /*
+ * These ioctl calls:
+ * - require local superuser power.
+ * - require strict serialization.
+ * - do not return a value
+ */
+ case SIOCSIFFLAGS:
case SIOCSIFMETRIC:
+ case SIOCSIFMTU:
+ case SIOCSIFHWADDR:
case SIOCSIFSLAVE:
case SIOCADDMULTI:
case SIOCDELMULTI:
More information about the Devel
mailing list