drop_monitor: Require CAP_NET_ADMIN for drop monitor configuration

Currently, the configure command does not do anything but return an error. Subsequent patches will enable the command to change various configuration options such as alert mode and packet truncation. Similar to other netlink-based configuration channels, make sure only users with the CAP_NET_ADMIN capability set can execute this command. Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>

drop_monitor: Require CAP_NET_ADMIN for drop monitor configuration
Currently, the configure command does not do anything but return an error. Subsequent patches will enable the command to change various configuration options such as alert mode and packet truncation. Similar to other netlink-based configuration channels, make sure only users with the CAP_NET_ADMIN capability set can execute this command. Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
c5ab9b1c · Ido Schimmel · David S. Miller · 44075f56 · c5ab9b1c
Commit c5ab9b1c authored Aug 11, 2019 by Ido Schimmel Committed by David S. Miller Aug 11, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

net/core/drop_monitor.c net/core/drop_monitor.c +1 -0

No files found.
--- a/net/core/drop_monitor.c
+++ b/net/core/drop_monitor.c
@@ -409,6 +409,7 @@ static const struct genl_ops dropmon_ops[] = {
 		.cmd = NET_DM_CMD_CONFIG,
 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
 		.doit = net_dm_cmd_config,
+		.flags = GENL_ADMIN_PERM,
 	},
 	{
 		.cmd = NET_DM_CMD_START,