[Devel] [PATCH RHEL8 COMMIT] net/teql: disable "True" (or "trivial") link equalizer inside a CT
Konstantin Khorenko
khorenko at virtuozzo.com
Thu May 6 00:48:17 MSK 2021
The commit is pushed to "branch-rh8-4.18.0-240.1.1.vz8.5.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh8-4.18.0-240.1.1.vz8.5.26
------>
commit 2a119379769a931581b47d83775532ab5ee3d72a
Author: Konstantin Khorenko <khorenko at virtuozzo.com>
Date: Thu May 6 00:48:17 2021 +0300
net/teql: disable "True" (or "trivial") link equalizer inside a CT
>From cvs:
Virtuozzo/kernel-patches/2.4.20/diff-ve-netdev-teql-20041215
Patch from Vlad (vlad@):
This patch limits capability of VPS to manage teql device.
Otherwise the system can be compromised.
rebase to vz8:
- copy info from cvs
- place after ms teql fix ("net: sched: sch_teql: fix null-pointer
dereference")
https://jira.sw.ru/browse/PSBM-127780
(cherry-picked from vz7 commit cc97a9f8f1ca ("net/teql: disable "True" (or
"trivial") link equalizer inside a CT"))
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
---
net/sched/sch_teql.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/sched/sch_teql.c b/net/sched/sch_teql.c
index a8529480811d..4a3a5af149e7 100644
--- a/net/sched/sch_teql.c
+++ b/net/sched/sch_teql.c
@@ -177,6 +177,9 @@ static int teql_qdisc_init(struct Qdisc *sch, struct nlattr *opt,
struct teql_master *m = (struct teql_master *)sch->ops;
struct teql_sched_data *q = qdisc_priv(sch);
+ if (!capable(CAP_NET_ADMIN))
+ return -EPERM;
+
if (dev->hard_header_len > m->dev->hard_header_len)
return -EINVAL;
More information about the Devel
mailing list