nagai/kernel
3
0
Fork 0
forked from mirrors/linux
Code Pull requests Activity

net: align SO_RCVMARK required privileges with SO_MARK

Browse source 
The commit referenced in the "Fixes" tag added the SO_RCVMARK socket
option for receiving the skb mark in the ancillary data.

Since this is a new capability, and exposes admin configured details
regarding the underlying network setup to sockets, let's align the
needed capabilities with those of SO_MARK.

Fixes: 6fd1d51cfa ("net: SO_RCVMARK socket option for SO_MARK with recvmsg()")
Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
Link: https://lore.kernel.org/r/20220504095459.2663513-1-eyal.birger@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
This commit is contained in:
Eyal Birger 2022-05-04 12:54:59 +03:00 committed by Jakub Kicinski
parent c4a67a21a6
commit 1f86123b97
1 changed files with 6 additions and 0 deletions
repo.diff.show_diff_stats Download patch file Download diff file Expand all files Collapse all files

6
net/core/sock.c
View file

@ -1315,6 +1315,12 @@ int sock_setsockopt(struct socket *sock, int level, int optname,
__sock_set_mark(sk, val); __sock_set_mark(sk, val);
break; break;
case SO_RCVMARK: case SO_RCVMARK:
if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_RAW) &&
!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) {
ret = -EPERM;
break;
}
sock_valbool_flag(sk, SOCK_RCVMARK, valbool); sock_valbool_flag(sk, SOCK_RCVMARK, valbool);
break; break;