if_me: Use dedicated network privilege

Separate if_me privileges from if_gif.

Reviewed by:		kp
Differential Revision:	https://reviews.freebsd.org/D36691
This commit is contained in:
Zhenlei Huang
2022-10-15 17:05:36 +02:00
committed by Kristof Provost
parent b37707bb39
commit 43f8c763cd
3 changed files with 3 additions and 1 deletions
+1
View File
@@ -3757,6 +3757,7 @@ prison_priv_check(struct ucred *cred, int priv)
case PRIV_NET_SETIFVNET:
case PRIV_NET_SETIFFIB:
case PRIV_NET_OVPN:
case PRIV_NET_ME:
/*
* 802.11-related privileges.
+1 -1
View File
@@ -322,7 +322,7 @@ me_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
ifr->ifr_fib = sc->me_fibnum;
break;
case SIOCSTUNFIB:
if ((error = priv_check(curthread, PRIV_NET_GRE)) != 0)
if ((error = priv_check(curthread, PRIV_NET_ME)) != 0)
break;
if (ifr->ifr_fib >= rt_numfibs)
error = EINVAL;
+1
View File
@@ -349,6 +349,7 @@
#define PRIV_NET_SETLANPCP 421 /* Set LAN priority. */
#define PRIV_NET_SETVLANPCP PRIV_NET_SETLANPCP /* Alias Set VLAN priority */
#define PRIV_NET_OVPN 422 /* Administer OpenVPN DCO. */
#define PRIV_NET_ME 423 /* Administer ME interface. */
/*
* 802.11-related privileges.