From: Tyler Hicks <tyhicks@canonical.com>
Date: Fri, 20 Jul 2018 21:56:51 +0000
Subject: net-sysfs: require net admin in the init ns for setting tx_maxrate
Patch-mainline: v4.19-rc1
Git-commit: 3033fced2f689d4a870b3ba6a8a676db1261d262
References: bsc#1109837
An upcoming change will allow container root to open some /sys/class/net
files for writing. The tx_maxrate attribute can result in changes
to actual hardware devices so err on the side of caution by requiring
CAP_NET_ADMIN in the init namespace in the corresponding attribute store
operation.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Acked-by: Thomas Bogendoerfer <tbogendoerfer@suse.de>
---
net/core/net-sysfs.c | 3 +++
1 file changed, 3 insertions(+)
--- a/net/core/net-sysfs.c
+++ b/net/core/net-sysfs.c
@@ -1054,6 +1054,9 @@ static ssize_t tx_maxrate_store(struct n
int err, index = get_netdev_queue_index(queue);
u32 rate = 0;
+ if (!capable(CAP_NET_ADMIN))
+ return -EPERM;
+
err = kstrtou32(buf, 10, &rate);
if (err < 0)
return err;