[Devel] [PATCH RH9 22/22] net/teql: disable "True" (or "trivial") link equalizer inside a CT
Andrey Zhadchenko
andrey.zhadchenko at virtuozzo.com
Thu Oct 7 13:57:46 MSK 2021
From: Konstantin Khorenko <khorenko at virtuozzo.com>
>From cvs:
Virtuozzo/kernel-patches/2.4.20/diff-ve-netdev-teql-20041215
Patch from Vlad (vlad@):
This patch limits capability of VPS to manage teql device.
Otherwise the system can be compromised.
rebase to vz8:
- copy info from cvs
- place after ms teql fix ("net: sched: sch_teql: fix null-pointer
dereference")
https://jira.sw.ru/browse/PSBM-127780
(cherry-picked from vz7 commit cc97a9f8f1ca ("net/teql: disable "True" (or
"trivial") link equalizer inside a CT"))
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
(cherry picked from vz8 commit 6503463a40b6263dabcc39457bd6081475c05aaf)
Signed-off-by: Andrey Zhadchenko <andrey.zhadchenko at virtuozzo.com>
---
net/sched/sch_teql.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/sched/sch_teql.c b/net/sched/sch_teql.c
index 6af6b95..649f474 100644
--- a/net/sched/sch_teql.c
+++ b/net/sched/sch_teql.c
@@ -173,6 +173,9 @@ static int teql_qdisc_init(struct Qdisc *sch, struct nlattr *opt,
struct teql_master *m = (struct teql_master *)sch->ops;
struct teql_sched_data *q = qdisc_priv(sch);
+ if (!capable(CAP_NET_ADMIN))
+ return -EPERM;
+
if (dev->hard_header_len > m->dev->hard_header_len)
return -EINVAL;
--
1.8.3.1
More information about the Devel
mailing list