When we switched to using userns we lost these restriction. According to https://jira.sw.ru/browse/PSBM-36290 if we modify EEPROM, we can modify nic's firmware.
https://jira.sw.ru/browse/PSBM-52504 Signed-off-by: Pavel Tikhomirov <[email protected]> --- net/core/ethtool.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/core/ethtool.c b/net/core/ethtool.c index 6302e8e..d1b6354 100644 --- a/net/core/ethtool.c +++ b/net/core/ethtool.c @@ -2398,10 +2398,10 @@ int dev_ethtool(struct net *net, struct ifreq *ifr) case ETHTOOL_GTUNABLE: break; case ETHTOOL_SEEPROM: - if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) + if (!capable(CAP_NET_ADMIN)) return -EPERM; default: - if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) + if (!ve_capable(CAP_NET_ADMIN)) return -EPERM; } -- 2.9.3 _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
