git: 43f8c763cdee - main - if_me: Use dedicated network privilege
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 15 Oct 2022 15:22:59 UTC
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=43f8c763cdeea29f95b6f0eebce3ad80dd210c7a
commit 43f8c763cdeea29f95b6f0eebce3ad80dd210c7a
Author: Zhenlei Huang <zlei.huang@gmail.com>
AuthorDate: 2022-10-15 15:05:36 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2022-10-15 15:05:36 +0000
if_me: Use dedicated network privilege
Separate if_me privileges from if_gif.
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D36691
---
sys/kern/kern_jail.c | 1 +
sys/net/if_me.c | 2 +-
sys/sys/priv.h | 1 +
3 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
index 8ec2d89d282e..51210c11bf20 100644
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -3757,6 +3757,7 @@ prison_priv_check(struct ucred *cred, int priv)
case PRIV_NET_SETIFVNET:
case PRIV_NET_SETIFFIB:
case PRIV_NET_OVPN:
+ case PRIV_NET_ME:
/*
* 802.11-related privileges.
diff --git a/sys/net/if_me.c b/sys/net/if_me.c
index e1b932bdb16c..0f8336067116 100644
--- a/sys/net/if_me.c
+++ b/sys/net/if_me.c
@@ -322,7 +322,7 @@ me_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
ifr->ifr_fib = sc->me_fibnum;
break;
case SIOCSTUNFIB:
- if ((error = priv_check(curthread, PRIV_NET_GRE)) != 0)
+ if ((error = priv_check(curthread, PRIV_NET_ME)) != 0)
break;
if (ifr->ifr_fib >= rt_numfibs)
error = EINVAL;
diff --git a/sys/sys/priv.h b/sys/sys/priv.h
index 8f7a2496064a..f07a252295ae 100644
--- a/sys/sys/priv.h
+++ b/sys/sys/priv.h
@@ -349,6 +349,7 @@
#define PRIV_NET_SETLANPCP 421 /* Set LAN priority. */
#define PRIV_NET_SETVLANPCP PRIV_NET_SETLANPCP /* Alias Set VLAN priority */
#define PRIV_NET_OVPN 422 /* Administer OpenVPN DCO. */
+#define PRIV_NET_ME 423 /* Administer ME interface. */
/*
* 802.11-related privileges.