Patchwork Allow group ownership of TUN/TAP devices.

login
register
mail settings
Submitter Michael Tokarev
Date Feb. 2, 2009, 2:44 p.m.
Message ID <498706D2.5070003@msgid.tls.msk.ru>
Download mbox | patch
Permalink /patch/21564/
State Accepted
Delegated to: David Miller
Headers show

Comments

Michael Tokarev - Feb. 2, 2009, 2:44 p.m.
Michael Tokarev wrote:
[]
> 2, and this is the main one: How about supplementary groups?
> 
> Here I have a valid usage case: a group of testers running various
> versions of windows using KVM (kernel virtual machine), 1 at a time,
> to test some software.  kvm is set up to use bridge with a tap device
> (there should be a way to connect to the machine).  Anyone on that group
> has to be able to start/stop the virtual machines.
> 
> My first attempt - pretty obvious when I saw -g option of tunctl - is
> to add group ownership for the tun device and add a supplementary group
> to each user (their primary group should be different).  But that fails,
> since kernel only checks for egid, not any other group ids.
> 
> What's the reasoning to not allow supplementary groups and to only check
> for egid?

Like this.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

Thanks!

/mjt
David Miller - Feb. 3, 2009, 7:35 a.m.
From: Michael Tokarev <mjt@tls.msk.ru>
Date: Mon, 02 Feb 2009 17:44:34 +0300

> Michael Tokarev wrote:
> []
> > 2, and this is the main one: How about supplementary groups?
> > 
> > Here I have a valid usage case: a group of testers running various
> > versions of windows using KVM (kernel virtual machine), 1 at a time,
> > to test some software.  kvm is set up to use bridge with a tap device
> > (there should be a way to connect to the machine).  Anyone on that group
> > has to be able to start/stop the virtual machines.
> > 
> > My first attempt - pretty obvious when I saw -g option of tunctl - is
> > to add group ownership for the tun device and add a supplementary group
> > to each user (their primary group should be different).  But that fails,
> > since kernel only checks for egid, not any other group ids.
> > 
> > What's the reasoning to not allow supplementary groups and to only check
> > for egid?
> 
> Like this.
> 
> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

Seems reasonable, applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

--- linux-2.6.28/drivers/net/tun.c.orig	2008-12-25 02:26:37.000000000 +0300
+++ linux-2.6.28/drivers/net/tun.c	2009-02-02 17:33:02.000000000 +0300
@@ -714,7 +714,7 @@  static int tun_set_iff(struct net *net, 
 		if (((tun->owner != -1 &&
 		      current->euid != tun->owner) ||
 		     (tun->group != -1 &&
-		      current->egid != tun->group)) &&
+		      !in_egroup_p(tun->group))) &&
 		     !capable(CAP_NET_ADMIN))
 			return -EPERM;
 	}