[Devel] [PATCH RHEL7 COMMIT] netlink: protect NETLINK_REPAIR2
Vasily Averin
vvs at virtuozzo.com
Thu Oct 29 17:00:53 MSK 2020
The commit is pushed to "branch-rh7-3.10.0-1127.18.2.vz7.163.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1127.18.2.vz7.163.41
------>
commit 6fdae411d87f42d6fab634955697849e7e7bea1f
Author: Andrey Zhadchenko <andrey.zhadchenko at virtuozzo.com>
Date: Thu Oct 29 17:00:53 2020 +0300
netlink: protect NETLINK_REPAIR2
Prevent using netlink repair mode from containers.
Signed-off-by: Andrey Zhadchenko <andrey.zhadchenko at virtuozzo.com>
---
net/netlink/af_netlink.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 7b3de33..6c99bca 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -1529,6 +1529,13 @@ static int netlink_setsockopt(struct socket *sock, int level, int optname,
switch (optname) {
case NETLINK_REPAIR2:
+#ifdef CONFIG_VE
+ {
+ struct ve_struct *ve = get_exec_env();
+ if (!ve_is_super(ve) && !ve->is_pseudosuper)
+ return -ENOPROTOOPT;
+ }
+#endif
if (val)
nlk->flags |= NETLINK_F_REPAIR;
else
More information about the Devel
mailing list