From patchwork Fri Feb 1 02:31:00 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gao feng X-Patchwork-Id: 217335 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 68ABB2C0079 for ; Fri, 1 Feb 2013 13:30:50 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754913Ab3BACar (ORCPT ); Thu, 31 Jan 2013 21:30:47 -0500 Received: from cn.fujitsu.com ([222.73.24.84]:3031 "EHLO song.cn.fujitsu.com" rhost-flags-OK-FAIL-OK-OK) by vger.kernel.org with ESMTP id S1754544Ab3BACap (ORCPT ); Thu, 31 Jan 2013 21:30:45 -0500 X-IronPort-AV: E=Sophos;i="4.84,579,1355068800"; d="scan'208";a="6674004" Received: from unknown (HELO tang.cn.fujitsu.com) ([10.167.250.3]) by song.cn.fujitsu.com with ESMTP; 01 Feb 2013 10:28:29 +0800 Received: from fnstmail02.fnst.cn.fujitsu.com (tang.cn.fujitsu.com [127.0.0.1]) by tang.cn.fujitsu.com (8.14.3/8.13.1) with ESMTP id r112UdHF014530; Fri, 1 Feb 2013 10:30:40 +0800 Received: from Donkey.fnst.cn.fujitsu.com ([10.167.225.206]) by fnstmail02.fnst.cn.fujitsu.com (Lotus Domino Release 8.5.3) with ESMTP id 2013020110292989-216067 ; Fri, 1 Feb 2013 10:29:29 +0800 From: Gao feng To: davem@davemloft.net Cc: netdev@vger.kernel.org, containers@lists.linux-foundation.org, ebiederm@xmission.com, serge@hallyn.com, pablo@netfilter.org, amwang@redhat.com, Gao feng Subject: [PATCH net-next 4/4] netns: bond: allow unprivileged users to control bond device Date: Fri, 1 Feb 2013 10:31:00 +0800 Message-Id: <1359685860-29636-4-git-send-email-gaofeng@cn.fujitsu.com> X-Mailer: git-send-email 1.7.11.7 In-Reply-To: <1359685860-29636-1-git-send-email-gaofeng@cn.fujitsu.com> References: <1359685860-29636-1-git-send-email-gaofeng@cn.fujitsu.com> X-MIMETrack: Itemize by SMTP Server on mailserver/fnst(Release 8.5.3|September 15, 2011) at 2013/02/01 10:29:29, Serialize by Router on mailserver/fnst(Release 8.5.3|September 15, 2011) at 2013/02/01 10:29:31, Serialize complete at 2013/02/01 10:29:31 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org reduce the permission check of bond device's ioctl. allow the userns root to control the bond device. Signed-off-by: Gao feng --- drivers/net/bonding/bond_main.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c index b38c9bf..2239937 100644 --- a/drivers/net/bonding/bond_main.c +++ b/drivers/net/bonding/bond_main.c @@ -3612,6 +3612,7 @@ static int bond_do_ioctl(struct net_device *bond_dev, struct ifreq *ifr, int cmd struct ifslave k_sinfo; struct ifslave __user *u_sinfo = NULL; struct mii_ioctl_data *mii = NULL; + struct net *net; int res = 0; pr_debug("bond_ioctl: master=%s, cmd=%d\n", bond_dev->name, cmd); @@ -3678,10 +3679,12 @@ static int bond_do_ioctl(struct net_device *bond_dev, struct ifreq *ifr, int cmd break; } - if (!capable(CAP_NET_ADMIN)) + net = dev_net(bond_dev); + + if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) return -EPERM; - slave_dev = dev_get_by_name(dev_net(bond_dev), ifr->ifr_slave); + slave_dev = dev_get_by_name(net, ifr->ifr_slave); pr_debug("slave_dev=%p:\n", slave_dev);