[Devel] [PATCH RHEL7 COMMIT] ms/drop_monitor: Require CAP_NET_ADMIN for drop monitor configuration
Konstantin Khorenko
khorenko at virtuozzo.com
Thu Jul 28 22:28:45 MSK 2022
The commit is pushed to "branch-rh7-3.10.0-1160.66.1.vz7.188.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1160.66.1.vz7.188.6
------>
commit 2ccdb0d1c5e955a370303aa6101eb02a2ba8e6bb
Author: Ido Schimmel <idosch at mellanox.com>
Date: Mon Jul 4 21:52:00 2022 +0300
ms/drop_monitor: Require CAP_NET_ADMIN for drop monitor configuration
Currently, the configure command does not do anything but return an
error. Subsequent patches will enable the command to change various
configuration options such as alert mode and packet truncation.
Similar to other netlink-based configuration channels, make sure only
users with the CAP_NET_ADMIN capability set can execute this command.
Signed-off-by: Ido Schimmel <idosch at mellanox.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
(cherry picked from commit c5ab9b1c41f6d89d84fe147e51fe623f90bd026c)
Signed-off-by: Alexander Mikhalitsyn <alexander.mikhalitsyn at virtuozzo.com>
=================
Patchset description:
drop_monitor: Add packet alert mode
Just port and adapt packet alert mode feature for RHEL7 kernel.
https://jira.sw.ru/browse/PSBM-140937
Ported-by: Alexander Mikhalitsyn <alexander.mikhalitsyn at virtuozzo.com>
---
net/core/drop_monitor.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/core/drop_monitor.c b/net/core/drop_monitor.c
index eaa1a0c7a0284..309f525004086 100644
--- a/net/core/drop_monitor.c
+++ b/net/core/drop_monitor.c
@@ -399,6 +399,7 @@ static const struct genl_ops dropmon_ops[] = {
{
.cmd = NET_DM_CMD_CONFIG,
.doit = net_dm_cmd_config,
+ .flags = GENL_ADMIN_PERM,
},
{
.cmd = NET_DM_CMD_START,
More information about the Devel
mailing list