if_me: Use dedicated network privilege
Separate if_me privileges from if_gif. Reviewed by: kp Differential Revision: https://reviews.freebsd.org/D36691
This commit is contained in:
committed by
Kristof Provost
parent
b37707bb39
commit
43f8c763cd
@@ -3757,6 +3757,7 @@ prison_priv_check(struct ucred *cred, int priv)
|
||||
case PRIV_NET_SETIFVNET:
|
||||
case PRIV_NET_SETIFFIB:
|
||||
case PRIV_NET_OVPN:
|
||||
case PRIV_NET_ME:
|
||||
|
||||
/*
|
||||
* 802.11-related privileges.
|
||||
|
||||
+1
-1
@@ -322,7 +322,7 @@ me_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
|
||||
ifr->ifr_fib = sc->me_fibnum;
|
||||
break;
|
||||
case SIOCSTUNFIB:
|
||||
if ((error = priv_check(curthread, PRIV_NET_GRE)) != 0)
|
||||
if ((error = priv_check(curthread, PRIV_NET_ME)) != 0)
|
||||
break;
|
||||
if (ifr->ifr_fib >= rt_numfibs)
|
||||
error = EINVAL;
|
||||
|
||||
@@ -349,6 +349,7 @@
|
||||
#define PRIV_NET_SETLANPCP 421 /* Set LAN priority. */
|
||||
#define PRIV_NET_SETVLANPCP PRIV_NET_SETLANPCP /* Alias Set VLAN priority */
|
||||
#define PRIV_NET_OVPN 422 /* Administer OpenVPN DCO. */
|
||||
#define PRIV_NET_ME 423 /* Administer ME interface. */
|
||||
|
||||
/*
|
||||
* 802.11-related privileges.
|
||||
|
||||
Reference in New Issue
Block a user