Skip to content

Commit

Permalink
drop_monitor: Require CAP_NET_ADMIN for drop monitor configuration
Browse files Browse the repository at this point in the history 
Currently, the configure command does not do anything but return an
error. Subsequent patches will enable the command to change various
configuration options such as alert mode and packet truncation.

Similar to other netlink-based configuration channels, make sure only
users with the CAP_NET_ADMIN capability set can execute this command.

Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
Ido Schimmel authored and David S. Miller committed Aug 11, 2019
1 parent 44075f5 commit c5ab9b1
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions net/core/drop_monitor.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -409,6 +409,7 @@ static const struct genl_ops dropmon_ops[] = {
.cmd = NET_DM_CMD_CONFIG,
.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
.doit = net_dm_cmd_config,
.flags = GENL_ADMIN_PERM,
},
{
.cmd = NET_DM_CMD_START,
Expand Down

0 comments on commit c5ab9b1

Please sign in to comment.