if_me: Use dedicated network privilege
Separate if_me privileges from if_gif. Reviewed by: kp Differential Revision: https://reviews.freebsd.org/D36691
This commit is contained in:
parent
b37707bb39
commit
43f8c763cd
@ -3757,6 +3757,7 @@ prison_priv_check(struct ucred *cred, int priv)
|
|||||||
case PRIV_NET_SETIFVNET:
|
case PRIV_NET_SETIFVNET:
|
||||||
case PRIV_NET_SETIFFIB:
|
case PRIV_NET_SETIFFIB:
|
||||||
case PRIV_NET_OVPN:
|
case PRIV_NET_OVPN:
|
||||||
|
case PRIV_NET_ME:
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* 802.11-related privileges.
|
* 802.11-related privileges.
|
||||||
|
@ -322,7 +322,7 @@ me_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
|
|||||||
ifr->ifr_fib = sc->me_fibnum;
|
ifr->ifr_fib = sc->me_fibnum;
|
||||||
break;
|
break;
|
||||||
case SIOCSTUNFIB:
|
case SIOCSTUNFIB:
|
||||||
if ((error = priv_check(curthread, PRIV_NET_GRE)) != 0)
|
if ((error = priv_check(curthread, PRIV_NET_ME)) != 0)
|
||||||
break;
|
break;
|
||||||
if (ifr->ifr_fib >= rt_numfibs)
|
if (ifr->ifr_fib >= rt_numfibs)
|
||||||
error = EINVAL;
|
error = EINVAL;
|
||||||
|
@ -349,6 +349,7 @@
|
|||||||
#define PRIV_NET_SETLANPCP 421 /* Set LAN priority. */
|
#define PRIV_NET_SETLANPCP 421 /* Set LAN priority. */
|
||||||
#define PRIV_NET_SETVLANPCP PRIV_NET_SETLANPCP /* Alias Set VLAN priority */
|
#define PRIV_NET_SETVLANPCP PRIV_NET_SETLANPCP /* Alias Set VLAN priority */
|
||||||
#define PRIV_NET_OVPN 422 /* Administer OpenVPN DCO. */
|
#define PRIV_NET_OVPN 422 /* Administer OpenVPN DCO. */
|
||||||
|
#define PRIV_NET_ME 423 /* Administer ME interface. */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* 802.11-related privileges.
|
* 802.11-related privileges.
|
||||||
|
Loading…
Reference in New Issue
Block a user