diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-08 04:21:42 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-08 04:21:42 +0000 |
commit | 9d537f04b26ad3ac10399b4885f6dcd9112f7973 (patch) | |
tree | 734b519d1bca2065d28c33bce394def4d50c4da5 /net/netlink/genetlink.c | |
parent | Releasing progress-linux version 4.19.289-2progress5u1. (diff) | |
download | linux-9d537f04b26ad3ac10399b4885f6dcd9112f7973.tar.xz linux-9d537f04b26ad3ac10399b4885f6dcd9112f7973.zip |
Merging upstream version 4.19.304.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | net/netlink/genetlink.c | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c index ede73ecfb..f449be93b 100644 --- a/net/netlink/genetlink.c +++ b/net/netlink/genetlink.c @@ -961,11 +961,46 @@ static struct genl_family genl_ctrl __ro_after_init = { .netnsok = true, }; +static int genl_bind(struct net *net, int group) +{ + const struct genl_family *family; + unsigned int id; + int ret = 0; + + genl_lock_all(); + + idr_for_each_entry(&genl_fam_idr, family, id) { + const struct genl_multicast_group *grp; + int i; + + if (family->n_mcgrps == 0) + continue; + + i = group - family->mcgrp_offset; + if (i < 0 || i >= family->n_mcgrps) + continue; + + grp = &family->mcgrps[i]; + if ((grp->flags & GENL_UNS_ADMIN_PERM) && + !ns_capable(net->user_ns, CAP_NET_ADMIN)) + ret = -EPERM; + if (grp->cap_sys_admin && + !ns_capable(net->user_ns, CAP_SYS_ADMIN)) + ret = -EPERM; + + break; + } + + genl_unlock_all(); + return ret; +} + static int __net_init genl_pernet_init(struct net *net) { struct netlink_kernel_cfg cfg = { .input = genl_rcv, .flags = NL_CFG_F_NONROOT_RECV, + .bind = genl_bind, }; /* we'll bump the group number right afterwards */ |